luci-app-ssr-plus: Add Xray `fragment` support.

For specific usage, see: https://xtls.github.io/config/outbounds/freedom.html.

*** Fixed connection failure in 'gfw mode'.

luci-app-ssr-plus/Makefile

@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-ssr-plus
 PKG_VERSION:=188
-PKG_RELEASE:=8
+PKG_RELEASE:=9
 
 PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_NONE_V2RAY \

luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua

@@ -146,4 +146,78 @@ o.datatype = "port"
 o.default = 1080
 o.rmempty = false
 
+-- [[ fragmen Settings ]]--
+if is_finded("xray") then
+s = m:section(TypedSection, "global_xray_fragment", translate("Xray Fragment Settings"))
+s.anonymous = true
+
+o = s:option(Flag, "fragment", translate("Fragment"), translate("TCP fragments, which can deceive the censorship system in some cases, such as bypassing SNI blacklists."))
+o.default = 0
+
+o = s:option(ListValue, "fragment_packets", translate("Fragment Packets"), translate("\"1-3\" is for segmentation at TCP layer, applying to the beginning 1 to 3 data writes by the client. \"tlshello\" is for TLS client hello packet fragmentation."))
+o.default = "tlshello"
+o:value("tlshello", "tlshello")
+o:value("1-2", "1-2")
+o:value("1-3", "1-3")
+o:value("1-5", "1-5")
+o:depends("fragment", true)
+
+o = s:option(Value, "fragment_length", translate("Fragment Length"), translate("Fragmented packet length (byte)"))
+o.default = "100-200"
+o:depends("fragment", true)
+
+o = s:option(Value, "fragment_interval", translate("Fragment Interval"), translate("Fragmentation interval (ms)"))
+o.default = "10-20"
+o:depends("fragment", true)
+
+o = s:option(Flag, "noise", translate("Noise"), translate("UDP noise, Under some circumstances it can bypass some UDP based protocol restrictions."))
+o.default = 0
+
+s = m:section(TypedSection, "xray_noise_packets", translate("Xray Noise Packets"))
+s.description = translate(
+    "<font style='color:red'>" .. translate("To send noise packets, select \"Noise\" in Xray Settings.") .. "</font>" ..
+    "<br/><font><b>" .. translate("For specific usage, see: ") .. "</b></font>" ..
+    "<a href='https://xtls.github.io/config/outbounds/freedom.html' target='_blank'>" ..
+    "<font style='color:green'><b>" .. translate("Click to the page") .. "</b></font></a>")
+s.template = "cbi/tblsection"
+s.sortable = true
+s.anonymous = true
+s.addremove = true
+
+s.remove = function(self, section)
+	for k, v in pairs(self.children) do
+		v.rmempty = true
+		v.validate = nil
+	end
+	TypedSection.remove(self, section)
+end
+
+o = s:option(Flag, "enabled", translate("Enable"))
+o.default = 1
+o.rmempty = false
+
+o = s:option(ListValue, "type", translate("Type"))
+o.default = "base64"
+o:value("rand", "rand")
+o:value("str", "str")
+o:value("base64", "base64")
+
+o = s:option(Value, "domainStrategy", translate("Domain Strategy"))
+o.default = "UseIP"
+o:value("AsIs", "AsIs")
+o:value("UseIP", "UseIP")
+o:value("UseIPv4", "UseIPv4")
+o:value("ForceIP", "ForceIP")
+o:value("ForceIPv4", "ForceIPv4")
+o.rmempty = false
+
+o = s:option(Value, "packet", translate("Packet"))
+o.datatype = "minlength(1)"
+o.rmempty = false
+
+o = s:option(Value, "delay", translate("Delay (ms)"))
+o.datatype = "or(uinteger,portrange)"
+o.rmempty = false
+end
+
 return m

luci-app-ssr-plus/po/zh_Hans/ssr-plus.po

@@ -209,7 +209,6 @@ msgstr "QUIC 连接接收窗口"
 msgid "QUIC stream receive window"
 msgstr "QUIC 流接收窗口"
 
-
 msgid "Lazy Start"
 msgstr "延迟启动"
 
@@ -843,6 +842,63 @@ msgstr "本机服务端"
 msgid "Global SOCKS5 Proxy Server"
 msgstr "SOCKS5 代理服务端（全局）"
 
+msgid "Xray Fragment Settings"
+msgstr "Xray 分片设置"
+
+msgid "Fragment"
+msgstr "分片"
+
+msgid "TCP fragments, which can deceive the censorship system in some cases, such as bypassing SNI blacklists."
+msgstr "TCP 分片，在某些情况下可以欺骗审查系统，比如绕过 SNI 黑名单。"
+
+msgid "Fragment Packets"
+msgstr "分片方式"
+
+msgid "\"1-3\" is for segmentation at TCP layer, applying to the beginning 1 to 3 data writes by the client. \"tlshello\" is for TLS client hello packet fragmentation."
+msgstr "\"1-3\" 是 TCP 的流切片，应用于客户端第 1 至第 3 次写数据。\"tlshello\" 是 TLS 握手包切片。"
+
+msgid "Fragment Length"
+msgstr "分片包长"
+
+msgid "Fragmented packet length (byte)"
+msgstr "分片包长 (byte)"
+
+msgid "Fragment Interval"
+msgstr "分片间隔"
+
+msgid "Fragmentation interval (ms)"
+msgstr "分片间隔（ms）"
+
+msgid "Noise"
+msgstr "噪声"
+
+msgid "UDP noise, Under some circumstances it can bypass some UDP based protocol restrictions."
+msgstr "UDP 噪声，在某些情况下可以绕过一些针对 UDP 协议的限制。"
+
+msgid "To send noise packets, select \"Noise\" in Xray Settings."
+msgstr "在 Xray 设置中勾选 “噪声” 以发送噪声包。"
+
+msgid "For specific usage, see: "
+msgstr "具体使用方法参见："
+
+msgid "Click to the page"
+msgstr "点击前往"
+
+msgid "Xray Noise Packets"
+msgstr "Xray 噪声数据包"
+
+msgid "Type"
+msgstr "类型"
+
+msgid "Domain Strategy"
+msgstr "域名解析策略"
+
+msgid "Packet"
+msgstr "数据包"
+
+msgid "Delay (ms)"
+msgstr "延迟（ms）"
+
 msgid "warning! Please do not reuse the port!"
 msgstr "警告！请不要重复使用端口！"
 

luci-app-ssr-plus/root/etc/init.d/shadowsocksr

@@ -1191,6 +1191,9 @@ reset() {
 		set shadowsocksr.@socks5_proxy[0].local_port='1080'
 		add shadowsocksr server_global
 		set shadowsocksr.@server_global[0].enable_server='0'
+		add shadowsocksr global_xray_fragment
+		set shadowsocksr.@global_xray_fragment[0].fragment='0'
+		set shadowsocksr.@global_xray_fragment[0].noise='0'
 		commit shadowsocksr
 	EOF
 	unset_lock

luci-app-ssr-plus/root/usr/bin/ssr-rules

@@ -103,6 +103,7 @@ ipset_r() {
 		$IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN
 		$IPT -A SS_SPEC_WAN_AC -m set --match-set gfwlist dst -j SS_SPEC_WAN_FW
 		$IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW
+		$IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW
 		;;
 	oversea)
 		ipset -N oversea hash:net 2>/dev/null

luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua

@@ -12,6 +12,8 @@ local chain = arg[5] or "0"
 local chain_local_port = string.split(chain, "/")[2] or "0"
 
 local server = ucursor:get_all("shadowsocksr", server_section)
+local xray_fragment = ucursor:get_all("shadowsocksr", "@global_xray_fragment[0]") or {}
+local xray_noise = ucursor:get_all("shadowsocksr", "@xray_noise_packets[0]") or {}
 local outbound_settings = nil
 
 function vmess_vless()
@@ -128,6 +130,8 @@ local Xray = {
 	-- 初始化 inbounds 表
 	inbounds = {},
 
+	-- 初始化 outbounds 表
+	outbounds = {},
 }
 	-- 传入连接
 	-- 添加 dokodemo-door 配置，如果 local_port 不为 0
@@ -284,7 +288,8 @@ end
 				sockopt = {
 					tcpMptcp = (server.mptcp == "1") and true or false, -- MPTCP
 					tcpNoDelay = (server.mptcp == "1") and true or false, -- MPTCP
-					tcpcongestion = server.custom_tcpcongestion -- 连接服务器节点的 TCP 拥塞控制算法
+					tcpcongestion = server.custom_tcpcongestion, -- 连接服务器节点的 TCP 拥塞控制算法
+					dialerProxy = (xray_fragment.fragment == "1" or xray_fragment.noise == "1") and "dialerproxy" or nil
 				}
 			} or nil,
 			mux = (server.v2ray_protocol ~= "wireguard") and {
@@ -297,6 +302,34 @@ end
 		}
 	}
 
+-- 添加带有 fragment 设置的 dialerproxy 配置
+if xray_fragment.fragment ~= "0" or (xray_fragment.noise ~= "0" and xray_noise.enabled ~= "0") then
+	table.insert(Xray.outbounds, {
+		protocol = "freedom",
+		tag = "dialerproxy",
+		settings = {
+			domainStrategy = (xray_fragment.noise == "1" and xray_noise.enabled == "1") and xray_noise.domainStrategy,
+			fragment = (xray_fragment.fragment == "1") and {
+				packets = (xray_fragment.fragment_packets ~= "") and xray_fragment.fragment_packets or nil,
+				length = (xray_fragment.fragment_length ~= "") and xray_fragment.fragment_length or nil,
+				interval = (xray_fragment.fragment_interval ~= "") and xray_fragment.fragment_interval or nil
+			} or nil,
+			noises = (xray_fragment.noise == "1" and xray_noise.enabled == "1") and {
+				{
+					type = xray_noise.type,
+					packet = xray_noise.packet,
+					delay = xray_noise.delay:find("-") and xray_noise.delay or tonumber(xray_noise.delay)
+				}
+			} or nil
+		},
+		streamSettings = {
+			sockopt = {
+			tcpNoDelay = true
+			}
+		}
+	})
+end
+
 local cipher = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
 local cipher13 = "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384"
 local trojan = {