Merge branch 'dev-next' into dev-next

Signed-off-by: Ali <[email protected]>

common/dialer/default.go

@@ -98,11 +98,13 @@ func NewDefault(router adapter.Router, options option.DialerOptions) (*DefaultDi
 		}
 		setMultiPathTCP(&dialer4)
 	}
-	if options.TLSFragment.Enabled && options.TCPFastOpen {
-		return nil, E.New("TLS Fragmentation is not compatible with TCP Fast Open, set `tcp_fast_open` to `false` in your outbound if you intend to enable TLS fragmentation.")
-	}
-	var tlsFragment TLSFragment
-	if options.TLSFragment.Enabled {
+
+	var tlsFragment *TLSFragment=nil
+	if options.TLSFragment != nil && options.TLSFragment.Enabled {
+		tlsFragment = &TLSFragment{}
+		if options.TCPFastOpen {
+			return nil, E.New("TLS Fragmentation is not compatible with TCP Fast Open, set `tcp_fast_open` to `false` in your outbound if you intend to enable TLS fragmentation.")
+		}
 		tlsFragment.Enabled = true
 
 		sleep, err := option.ParseIntRange(options.TLSFragment.Sleep)

common/dialer/default_go1.20.go

@@ -8,6 +8,6 @@ import (
 
 type tcpDialer = ExtendedTCPDialer
 
-func newTCPDialer(dialer net.Dialer, tfoEnabled bool, tlsFragment TLSFragment) (tcpDialer, error) {
+func newTCPDialer(dialer net.Dialer, tfoEnabled bool, tlsFragment *TLSFragment) (tcpDialer, error) {
 	return tcpDialer{Dialer: dialer, DisableTFO: !tfoEnabled, TLSFragment: tlsFragment}, nil
 }

common/dialer/default_nongo1.20.go

@@ -10,11 +10,11 @@ import (
 
 type tcpDialer = net.Dialer
 
-func newTCPDialer(dialer net.Dialer, tfoEnabled bool, tlsFragment TLSFragment) (tcpDialer, error) {
+func newTCPDialer(dialer net.Dialer, tfoEnabled bool, tlsFragment *TLSFragment) (tcpDialer, error) {
 	if tfoEnabled {
 		return dialer, E.New("TCP Fast Open requires go1.20, please recompile your binary.")
 	}
-	if tlsFragment.Enabled {
+	if tlsFragment != nil && tlsFragment.Enabled {
 		return tcpDialer{Dialer: dialer, DisableTFO: true, TLSFragment: tlsFragment}, nil
 	}
 	return dialer, nil

common/dialer/extended_tcp.go

@@ -15,11 +15,11 @@ import (
 type ExtendedTCPDialer struct {
 	net.Dialer
 	DisableTFO  bool
-	TLSFragment TLSFragment
+	TLSFragment *TLSFragment
 }
 
 func (d *ExtendedTCPDialer) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
-	if (d.DisableTFO && !d.TLSFragment.Enabled) || N.NetworkName(network) != N.NetworkTCP {
+	if (d.DisableTFO && !(d.TLSFragment != nil && d.TLSFragment.Enabled)) || N.NetworkName(network) != N.NetworkTCP {
 		switch N.NetworkName(network) {
 		case N.NetworkTCP, N.NetworkUDP:
 			return d.Dialer.DialContext(ctx, network, destination.String())
@@ -28,10 +28,10 @@ func (d *ExtendedTCPDialer) DialContext(ctx context.Context, network string, des
 		}
 	}
 	// Create a TLS-Fragmented dialer
-	if d.TLSFragment.Enabled {
+	if d.TLSFragment != nil && d.TLSFragment.Enabled {
 		fragmentConn := &fragmentConn{
 			dialer:      d.Dialer,
-			fragment:    d.TLSFragment,
+			fragment:    *d.TLSFragment,
 			network:     network,
 			destination: destination,
 		}

common/dialer/extended_tcp_stub.go

@@ -11,7 +11,7 @@ import (
 )
 
 func (d *ExtendedTCPDialer) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
-	if !d.TLSFragment.Enabled || N.NetworkName(network) != N.NetworkTCP {
+	if d.TLSFragment == nil || !d.TLSFragment.Enabled || N.NetworkName(network) != N.NetworkTCP {
 		switch N.NetworkName(network) {
 		case N.NetworkTCP, N.NetworkUDP:
 			return d.Dialer.DialContext(ctx, network, destination.String())

common/dialer/fragment.go

@@ -51,7 +51,7 @@ func (c *fragmentConn) Write(b []byte) (n int, err error) {
 		return 0, c.err
 	}
 	// Do not fragment if it's not a TLS clientHello packet
-	if len(b) < 5 || b[0] != 22 {
+	if len(b) < 7 || b[0] != 22 {
 		return c.conn.Write(b)
 	}
 

common/tls/ech_client.go

@@ -101,7 +101,7 @@ func NewECHClient(ctx context.Context, serverAddress string, options option.Outb
 	if options.DisableSNI {
 		tlsConfig.ServerName = "127.0.0.1"
 	} else {
-		if options.MixedCaseSNI {
+		if options.TLSTricks != nil && options.TLSTricks.MixedCaseSNI {
 			tlsConfig.ServerName = randomizeCase(tlsConfig.ServerName)
 		} else {
 			tlsConfig.ServerName = serverName

common/tls/std_client.go

@@ -64,7 +64,7 @@ func NewSTDClient(ctx context.Context, serverAddress string, options option.Outb
 	if options.DisableSNI {
 		tlsConfig.ServerName = "127.0.0.1"
 	} else {
-		if options.MixedCaseSNI {
+		if options.TLSTricks != nil && options.TLSTricks.MixedCaseSNI {
 			tlsConfig.ServerName = randomizeCase(tlsConfig.ServerName)
 		} else {
 			tlsConfig.ServerName = serverName

common/tls/utls_client.go

@@ -149,7 +149,7 @@ func NewUTLSClient(ctx context.Context, serverAddress string, options option.Out
 		return nil, E.New("missing server_name or insecure=true")
 	}
 
-	if options.MixedCaseSNI {
+	if options.TLSTricks != nil && options.TLSTricks.MixedCaseSNI {
 		serverName = randomizeCase(serverName)
 	}
 
@@ -216,19 +216,23 @@ func NewUTLSClient(ctx context.Context, serverAddress string, options option.Out
 		return nil, err
 	}
 
-	if options.PaddingSNI != "" {
-		// using smartpadding
-		return &UTLSClientConfig{config: &tlsConfig, paddingSNI: options.PaddingSNI, id: id}, nil
-	}
+	if options.TLSTricks != nil {
+		switch options.TLSTricks.PaddingMode {
+		case "random":
+			padding_size, err := option.ParseIntRange(options.TLSTricks.PaddingSize)
+			if err != nil {
+				return nil, E.Cause(err, "invalid Padding Size supplied")
+			}
+			paddingSize2 := [2]int{int(padding_size[0]), int(padding_size[1])}
 
-	if options.PaddingSize != "" {
-		padding_size, err := option.ParseIntRange(options.PaddingSize)
-		if err != nil {
-			return nil, E.Cause(err, "invalid Padding Size supplied")
-		}
-		paddingSize2 := [2]int{int(padding_size[0]), int(padding_size[1])}
+			return &UTLSClientConfig{config: &tlsConfig, paddingSize: paddingSize2, id: id}, nil
+		case "sni":
 
-		return &UTLSClientConfig{config: &tlsConfig, paddingSize: paddingSize2, id: id}, nil
+		case "hello_client":
+		// TODO
+		default:
+			// TODO
+		}
 	}
 	return &UTLSClientConfig{config: &tlsConfig, id: id}, nil
 }

option/outbound.go

@@ -140,7 +140,7 @@ type DialerOptions struct {
 	ConnectTimeout     Duration           `json:"connect_timeout,omitempty"`
 	TCPFastOpen        bool               `json:"tcp_fast_open,omitempty"`
 	TCPMultiPath       bool               `json:"tcp_multi_path,omitempty"`
-	TLSFragment        TLSFragmentOptions `json:"tls_fragment,omitempty"`
+	TLSFragment        *TLSFragmentOptions `json:"tls_fragment,omitempty"`
 	UDPFragment        *bool              `json:"udp_fragment,omitempty"`
 	UDPFragmentDefault bool               `json:"-"`
 	DomainStrategy     DomainStrategy     `json:"domain_strategy,omitempty"`

option/tls.go

@@ -20,7 +20,6 @@ type InboundTLSOptions struct {
 type OutboundTLSOptions struct {
 	Enabled         bool                    `json:"enabled,omitempty"`
 	DisableSNI      bool                    `json:"disable_sni,omitempty"`
-	MixedCaseSNI    bool                    `json:"mixedcase_sni,omitempty"`
 	ServerName      string                  `json:"server_name,omitempty"`
 	Insecure        bool                    `json:"insecure,omitempty"`
 	PaddingSize     string                  `json:"padding_size,omitempty"` // uses a random bytearray as padding. mutually exclusive with padding_sni
@@ -34,6 +33,7 @@ type OutboundTLSOptions struct {
 	ECH             *OutboundECHOptions     `json:"ech,omitempty"`
 	UTLS            *OutboundUTLSOptions    `json:"utls,omitempty"`
 	Reality         *OutboundRealityOptions `json:"reality,omitempty"`
+	TLSTricks       *TLSTricksOptions      `json:"tls_tricks,omitempty"`
 }
 
 type InboundRealityOptions struct {

option/tls_tricks.go

@@ -0,0 +1,8 @@
+package option
+
+type TLSTricksOptions struct {
+	MixedCaseSNI bool   `json:"mixedcase_sni,omitempty"`
+	PaddingMode  string `json:"padding_mode,omitempty"`
+	PaddingSize  string `json:"padding_size,omitempty"`
+	PaddingSNI   string `json:"padding_sni,omitempty"`
+}