Add TLS fragment support

2025-04-03 03:47:37 +03:00 · 2025-01-26 09:01:00 +08:00 · 2025-01-26 09:01:00 +08:00 · 297dd632e8
commit 297dd632e8
parent 88aa2e430e
18 changed files with 476 additions and 189 deletions
--- a/route/conn.go
+++ b/route/conn.go
@ -13,6 +13,7 @@ import (

 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/dialer"
+	"github.com/sagernet/sing-box/common/tlsfragment"
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/buf"
@ -78,6 +79,21 @@ func (m *ConnectionManager) NewConnection(ctx context.Context, this N.Dialer, co
 		m.logger.ErrorContext(ctx, err)
 		return
 	}
+	if metadata.TLSFragment {
+		fallbackDelay := metadata.TLSFragmentFallbackDelay
+		if fallbackDelay == 0 {
+			fallbackDelay = C.TLSFragmentFallbackDelay
+		}
+		var newConn *tf.Conn
+		newConn, err = tf.NewConn(remoteConn, ctx, fallbackDelay)
+		if err != nil {
+			conn.Close()
+			remoteConn.Close()
+			m.logger.ErrorContext(ctx, err)
+			return
+		}
+		remoteConn = newConn
+	}
 	m.access.Lock()
 	element := m.connections.PushBack(conn)
 	m.access.Unlock()
--- a/route/route.go
+++ b/route/route.go
@ -454,6 +454,10 @@ match:
 			if routeOptions.UDPTimeout > 0 {
 				metadata.UDPTimeout = routeOptions.UDPTimeout
 			}
+			if routeOptions.TLSFragment {
+				metadata.TLSFragment = true
+				metadata.TLSFragmentFallbackDelay = routeOptions.TLSFragmentFallbackDelay
+			}
 		}
 		switch action := currentRule.Action().(type) {
 		case *rule.RuleActionSniff:
--- a/route/rule/rule_action.go
+++ b/route/rule/rule_action.go
@ -36,6 +36,8 @@ func NewRuleAction(ctx context.Context, logger logger.ContextLogger, action opti
 				FallbackDelay:             time.Duration(action.RouteOptions.FallbackDelay),
 				UDPDisableDomainUnmapping: action.RouteOptions.UDPDisableDomainUnmapping,
 				UDPConnect:                action.RouteOptions.UDPConnect,
+				TLSFragment:               action.RouteOptions.TLSFragment,
+				TLSFragmentFallbackDelay:  time.Duration(action.RouteOptions.TLSFragmentFallbackDelay),
 			},
 		}, nil
 	case C.RuleActionTypeRouteOptions:
@ -47,6 +49,8 @@ func NewRuleAction(ctx context.Context, logger logger.ContextLogger, action opti
 			UDPDisableDomainUnmapping: action.RouteOptionsOptions.UDPDisableDomainUnmapping,
 			UDPConnect:                action.RouteOptionsOptions.UDPConnect,
 			UDPTimeout:                time.Duration(action.RouteOptionsOptions.UDPTimeout),
+			TLSFragment:               action.RouteOptionsOptions.TLSFragment,
+			TLSFragmentFallbackDelay:  time.Duration(action.RouteOptionsOptions.TLSFragmentFallbackDelay),
 		}, nil
 	case C.RuleActionTypeDirect:
 		directDialer, err := dialer.New(ctx, option.DialerOptions(action.DirectOptions), false)
@ -142,6 +146,9 @@ func (r *RuleActionRoute) String() string {
 	if r.UDPConnect {
 		descriptions = append(descriptions, "udp-connect")
 	}
+	if r.TLSFragment {
+		descriptions = append(descriptions, "tls-fragment")
+	}
 	return F.ToString("route(", strings.Join(descriptions, ","), ")")
 }

@ -155,6 +162,8 @@ type RuleActionRouteOptions struct {
 	UDPDisableDomainUnmapping bool
 	UDPConnect                bool
 	UDPTimeout                time.Duration
+	TLSFragment               bool
+	TLSFragmentFallbackDelay  time.Duration
 }

 func (r *RuleActionRouteOptions) Type() string {
@ -187,6 +196,9 @@ func (r *RuleActionRouteOptions) String() string {
 	if r.UDPConnect {
 		descriptions = append(descriptions, "udp-connect")
 	}
+	if r.UDPTimeout > 0 {
+		descriptions = append(descriptions, "udp-timeout")
+	}
 	return F.ToString("route-options(", strings.Join(descriptions, ","), ")")
 }