Add back the Client Hello hack to trick SNI whitelist

Use custom config for other tricks

app/src/main/java/io/nekohasekai/sagernet/Constants.kt

@@ -101,6 +101,11 @@ object Key {
     const val ENABLE_PCAP = "enablePcap"
     const val MTU = "mtu"
 
+    const val ENABLE_FRAGMENT = "enableFragment"
+    const val ENABLE_FRAGMENT_FOR_DIRECT = "enableFragmentForDirect"
+    const val FRAGMENT_LENGTH = "fragmentLength"
+    const val FRAGMENT_INTERVAL = "fragmentInterval"
+
     const val APP_TRAFFIC_STATISTICS = "appTrafficStatistics"
     const val PROFILE_TRAFFIC_STATISTICS = "profileTrafficStatistics"
 

app/src/main/java/io/nekohasekai/sagernet/database/DataStore.kt

@@ -129,6 +129,11 @@ object DataStore : OnPreferenceDataStoreChangeListener {
     var enableLog by configurationStore.boolean(Key.ENABLE_LOG) { BuildConfig.DEBUG }
     var enablePcap by configurationStore.boolean(Key.ENABLE_PCAP)
 
+    var enableFragment by configurationStore.boolean(Key.ENABLE_FRAGMENT)
+    var enableFragmentForDirect by configurationStore.boolean(Key.ENABLE_FRAGMENT_FOR_DIRECT)
+    var fragmentLength by configurationStore.string(Key.FRAGMENT_LENGTH)
+    var fragmentInterval by configurationStore.string(Key.FRAGMENT_INTERVAL)
+
     // hopefully hashCode = mHandle doesn't change, currently this is true from KitKat to Nougat
     private val userIndex by lazy { Binder.getCallingUserHandle().hashCode() }
     var socksPort: Int

app/src/main/java/io/nekohasekai/sagernet/fmt/ConfigBuilder.kt

@@ -867,6 +867,21 @@ fun buildV2RayConfig(
                                             }
                                         }
                                     }
+                                    if (DataStore.enableFragment && bean.canTCPing()
+                                        && (security == "tls" || security == "reality")
+                                        && !(bean is ShadowsocksBean && bean.plugin.isNotEmpty()
+                                        && !(network == "ws" && bean.wsUseBrowserForwarder))
+                                    ) {
+                                        sockopt = StreamSettingsObject.SockoptObject().apply {
+                                            if (DataStore.enableFragment) {
+                                                fragment = StreamSettingsObject.SockoptObject.FragmentObject().apply {
+                                                    packets = "tlshello"
+                                                    length = DataStore.fragmentLength
+                                                    interval = DataStore.fragmentInterval
+                                                }
+                                            }
+                                        }
+                                    }
                                 }
                             } else if (bean is ShadowsocksRBean) {
                                 protocol = "shadowsocks"
@@ -1305,6 +1320,17 @@ fun buildV2RayConfig(
         outbounds.add(OutboundObject().apply {
             tag = TAG_BYPASS
             protocol = "freedom"
+            if (DataStore.enableFragment && DataStore.enableFragmentForDirect) {
+                streamSettings = StreamSettingsObject().apply {
+                    sockopt = StreamSettingsObject.SockoptObject().apply {
+                        fragment = StreamSettingsObject.SockoptObject.FragmentObject().apply {
+                            packets = "tlshello"
+                            length = DataStore.fragmentLength
+                            interval = DataStore.fragmentInterval
+                        }
+                    }
+                }
+            }
             if (DataStore.resolveDestinationForDirect) {
                 settings = LazyOutboundConfigurationObject(this,
                     FreedomOutboundConfigurationObject().apply {

app/src/main/java/io/nekohasekai/sagernet/ui/SettingsPreferenceFragment.kt

@@ -257,6 +257,25 @@ class SettingsPreferenceFragment : PreferenceFragmentCompat() {
             true
         }
 
+        val enableFragment = findPreference<SwitchPreference>(Key.ENABLE_FRAGMENT)!!
+        val enableFragmentForDirect = findPreference<SwitchPreference>(Key.ENABLE_FRAGMENT_FOR_DIRECT)!!
+        val fragmentLength = findPreference<EditTextPreference>(Key.FRAGMENT_LENGTH)!!
+        val fragmentInterval = findPreference<EditTextPreference>(Key.FRAGMENT_INTERVAL)!!
+        enableFragmentForDirect.isVisible = DataStore.enableFragment
+        fragmentLength.isVisible = DataStore.enableFragment
+        fragmentInterval.isVisible = DataStore.enableFragment
+        enableFragment.setOnPreferenceChangeListener { _, newValue ->
+            newValue as Boolean
+            enableFragmentForDirect.isVisible = newValue
+            fragmentLength.isVisible = newValue
+            fragmentInterval.isVisible = newValue
+            needReload()
+            true
+        }
+        enableFragmentForDirect.onPreferenceChangeListener = reloadListener
+        fragmentLength.onPreferenceChangeListener = reloadListener
+        fragmentInterval.onPreferenceChangeListener = reloadListener
+
         speedInterval.onPreferenceChangeListener = reloadListener
         portSocks5.onPreferenceChangeListener = reloadListener
         portHttp.onPreferenceChangeListener = reloadListener

app/src/main/res/values-zh-rCN/strings.xml

@@ -509,13 +509,11 @@
     <string name="hysteria2_plugin_settings_sum">这些选项仅对插件生效。</string>
     <string name="hysteria_enable_port_hopping_experimental">启用 Hysteria 端口跳跃（实验性）</string>
     <string name="hysteria_enable_port_hopping_sum">这需要插件并且与链式代理不兼容。如果禁用，端口跳跃范围内的一个随机端口将会被使用。</string>
-    <string name="enable_fragment">启用分片</string>
-    <string name="enable_fragment_sum">可能有助于规避一些防火墙策略</string>
-    <string name="fragment_packets">分片方式</string>
+    <string name="enable_fragment">启用 TLS Client Hello 分片</string>
+    <string name="enable_fragment_sum">可能有助于规避 SNI 审查。该选项可能在未来被移除。</string>
     <string name="fragment_length">分片长度</string>
     <string name="fragment_interval">分片间隔</string>
-    <string name="enable_fragment_for_direct">直连分片</string>
-    <string name="enable_fragment_for_direct_sum">为直连也启用分片</string>
+    <string name="enable_fragment_for_direct">为直连也启用分片</string>
     <string name="probe_cert">证书探测器</string>
     <string name="probe_cert_summary">探测服务器的 TLS 证书。</string>
     <string name="probe_cert_target_server">目标服务器</string>
@@ -524,10 +522,5 @@
     <string name="landing_proxy">落地代理</string>
     <string name="resolve_destination_for_direct">解析目标地址（直连）</string>
     <string name="edns_client_ip">EDNS 客户端 IP</string>
-    <string name="enable_noise">启用 UDP 噪声</string>
-    <string name="noise_packet">噪声方式</string>
-    <string name="noise_delay">噪声延时</string>
-    <string name="enable_noise_for_direct">直连 UDP 噪声</string>
-    <string name="enable_noise_for_direct_sum">为直连也启用 UDP 噪声</string>
 
 </resources>

app/src/main/res/values/strings.xml

@@ -538,13 +538,11 @@
     <string name="hysteria2_plugin_settings_sum">These options only apply to plugins.</string>
     <string name="hysteria_enable_port_hopping_experimental">Enable Hysteria port hopping (Experimental)</string>
     <string name="hysteria_enable_port_hopping_sum">This requires plugins and is incompatible with chain proxy. If disabled, a random port within the port hopping range will be used.</string>
-    <string name="enable_fragment">Enable fragment</string>
-    <string name="enable_fragment_sum">May help circumvent some firewall policies</string>
-    <string name="fragment_packets">Fragment packets</string>
-    <string name="fragment_length">Fragment length</string>
-    <string name="fragment_interval">Fragment interval</string>
-    <string name="enable_fragment_for_direct">Fragment for direct</string>
-    <string name="enable_fragment_for_direct_sum">Also enable fragment for direct</string>
+    <string name="enable_fragment">Enable TLS Client Hello fragmentation</string>
+    <string name="enable_fragment_sum">May help circumvent SNI censorship. This option may get removed in the future.</string>
+    <string name="fragment_length">Fragmentation length</string>
+    <string name="fragment_interval">Fragmentation interval</string>
+    <string name="enable_fragment_for_direct">Also enable fragmentation for direct</string>
     <string name="probe_cert">Certificate prober</string>
     <string name="probe_cert_summary">Probe the TLS certificate of a server.</string>
     <string name="probe_cert_target_server">Target server</string>
@@ -553,10 +551,5 @@
     <string name="landing_proxy">Landing proxy</string>
     <string name="resolve_destination_for_direct">Resolve destination (direct)</string>
     <string name="edns_client_ip">EDNS client IP</string>
-    <string name="enable_noise">Enable UDP noise</string>
-    <string name="noise_packet">Noise packet</string>
-    <string name="noise_delay">Noise delay</string>
-    <string name="enable_noise_for_direct">UDP noise for direct</string>
-    <string name="enable_noise_for_direct_sum">Also enable UDP noise for direct</string>
 
 </resources>

app/src/main/res/xml/global_preferences.xml

@@ -316,6 +316,21 @@
             app:key="connectionTestURL"
             app:title="@string/connection_test_url"
             app:useSimpleSummaryProvider="true" />
+        <SwitchPreference
+            app:key="enableFragment"
+            app:summary="@string/enable_fragment_sum"
+            app:title="@string/enable_fragment" />
+        <EditTextPreference
+            app:key="fragmentLength"
+            app:title="@string/fragment_length"
+            app:useSimpleSummaryProvider="true" />
+        <EditTextPreference
+            app:key="fragmentInterval"
+            app:title="@string/fragment_interval"
+            app:useSimpleSummaryProvider="true" />
+        <SwitchPreference
+            app:key="enableFragmentForDirect"
+            app:title="@string/enable_fragment_for_direct" />
     </PreferenceCategory>