From ff5706781271659724270d226e53c928545cc601 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Mon, 3 Jul 2023 04:35:23 -0400 Subject: [PATCH] Add TCP fragmentation --- docs/config/outbounds/freedom.md | 17 ++++++++++++++++- docs/en/config/outbounds/freedom.md | 17 ++++++++++++++++- 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/docs/config/outbounds/freedom.md b/docs/config/outbounds/freedom.md index 153c77f22..6199b85f3 100644 --- a/docs/config/outbounds/freedom.md +++ b/docs/config/outbounds/freedom.md @@ -8,7 +8,12 @@ Freedom 是一个出站协议,可以用来向任意网络发送(正常的) { "domainStrategy": "AsIs", "redirect": "127.0.0.1:3366", - "userLevel": 0 + "userLevel": 0, + "fragment": { + "packets": "tlshello", + "length": "100-200", + "interval": "10-20" // ms + } } ``` @@ -42,3 +47,13 @@ Freedom 会强制将所有数据发送到指定地址(而不是 inbound 指定 用户等级,连接会使用这个用户等级对应的 [本地策略](../policy.md#levelpolicyobject)。 userLevel 的值, 对应 [policy](../policy.md#policyobject) 中 `level` 的值。 如不指定, 默认为 0。 + +> `fragment`: map + +一些键值对配置项,用于控制发出的 TCP 分片,在某些情况下可以欺骗审查系统,比如绕过 SNI 黑名单。 + +`"packets"`:支持两种分片方式 "1-3" 是 TCP 的流切片,"tlshello" 是 TLS 握手包切片 + +`"length"`:分片包长 + +`"interval"`:分片间隔(ms) diff --git a/docs/en/config/outbounds/freedom.md b/docs/en/config/outbounds/freedom.md index 6a728acba..f4f2d5e75 100644 --- a/docs/en/config/outbounds/freedom.md +++ b/docs/en/config/outbounds/freedom.md @@ -8,7 +8,12 @@ Freedom is an outbound protocol that can be used to send (normal) TCP or UDP dat { "domainStrategy": "AsIs", "redirect": "127.0.0.1:3366", - "userLevel": 0 + "userLevel": 0, + "fragment": { + "packets": "tlshello", + "length": "100-200", + "interval": "10-20" // ms + } } ``` @@ -40,3 +45,13 @@ When the address is not specified, such as `":443"`, Freedom will not modify the User level. The connection will use the corresponding [local policy](../policy.md#levelpolicyobject) for this user level. The value of `userLevel` corresponds to the value of `level` in the [policy](../policy.md#policyobject). If not specified, the default value is 0. + +> `fragment`: map + +A key-value map used to control TCP fragmentation,under some circumstances it can cheat the censor syetem, like bypass a SNI blacklist. + +`"packets"`:support two different methods. "1-3" is for segmentation at TCP layer, "tlshello" is for TLS client hello packet fragmentation + +`"length"`: length to make the cut + +`"interval"`: time between fragments(ms)