From 6d05702d005aeab043d71f9dc0fe51f50d10ccf7 Mon Sep 17 00:00:00 2001 From: MHSanaei Date: Mon, 27 Apr 2026 02:29:13 +0200 Subject: [PATCH] TCP Masks --- sub/subService.go | 61 ++- web/assets/js/model/inbound.js | 208 +++++++++- web/assets/js/model/outbound.js | 167 +++++++- web/html/form/outbound.html | 451 ++++++++++++++------ web/html/form/stream/stream_finalmask.html | 456 +++++++++++++++------ 5 files changed, 1069 insertions(+), 274 deletions(-) diff --git a/sub/subService.go b/sub/subService.go index 67b931ce..1ab55039 100644 --- a/sub/subService.go +++ b/sub/subService.go @@ -997,9 +997,14 @@ var validFinalMaskUDPTypes = map[string]struct{}{ "mkcp-original": {}, "xdns": {}, "xicmp": {}, - "header-custom": {}, "noise": {}, - "sudoku": {}, + "header-custom": {}, +} + +var validFinalMaskTCPTypes = map[string]struct{}{ + "header-custom": {}, + "fragment": {}, + "sudoku": {}, } // applyKcpShareParams reconstructs legacy KCP share-link fields from either @@ -1159,11 +1164,59 @@ func marshalFinalMask(finalmask map[string]any) (string, bool) { } func normalizeFinalMask(finalmask map[string]any) map[string]any { + tcpMasks := normalizedFinalMaskTCPMasks(finalmask) udpMasks := normalizedFinalMaskUDPMasks(finalmask) - if len(udpMasks) == 0 { + quicParams, hasQuicParams := finalmask["quicParams"].(map[string]any) + + if len(tcpMasks) == 0 && len(udpMasks) == 0 && !hasQuicParams { return nil } - return map[string]any{"udp": udpMasks} + + result := map[string]any{} + if len(tcpMasks) > 0 { + result["tcp"] = tcpMasks + } + if len(udpMasks) > 0 { + result["udp"] = udpMasks + } + if hasQuicParams && len(quicParams) > 0 { + result["quicParams"] = quicParams + } + return result +} + +func normalizedFinalMaskTCPMasks(value any) []any { + finalmask, _ := value.(map[string]any) + if finalmask == nil { + return nil + } + rawMasks, _ := finalmask["tcp"].([]any) + if len(rawMasks) == 0 { + return nil + } + + normalized := make([]any, 0, len(rawMasks)) + for _, rawMask := range rawMasks { + mask, _ := rawMask.(map[string]any) + if mask == nil { + continue + } + maskType, _ := mask["type"].(string) + if _, ok := validFinalMaskTCPTypes[maskType]; !ok || maskType == "" { + continue + } + + normalizedMask := map[string]any{"type": maskType} + if settings, ok := mask["settings"].(map[string]any); ok && len(settings) > 0 { + normalizedMask["settings"] = settings + } + normalized = append(normalized, normalizedMask) + } + + if len(normalized) == 0 { + return nil + } + return normalized } func normalizedFinalMaskUDPMasks(value any) []any { diff --git a/web/assets/js/model/inbound.js b/web/assets/js/model/inbound.js index b5971a68..e002ac91 100644 --- a/web/assets/js/model/inbound.js +++ b/web/assets/js/model/inbound.js @@ -1094,14 +1094,6 @@ class UdpMask extends XrayCommonClass { reset: settings.reset ?? 0, noise: Array.isArray(settings.noise) ? settings.noise : [], }; - case 'sudoku': - return { - ascii: settings.ascii || '', - customTable: settings.customTable || '', - customTables: settings.customTables ?? [], - paddingMin: settings.paddingMin ?? 0, - paddingMax: settings.paddingMax ?? 0, - }; default: return settings; } @@ -1120,7 +1112,8 @@ class UdpMask extends XrayCommonClass { if (out.type === 'array') { delete out.packet; } else { - out.rand = 0; + delete out.rand; + delete out.randRange; } return out; }; @@ -1143,20 +1136,190 @@ class UdpMask extends XrayCommonClass { } } -class FinalMaskStreamSettings extends XrayCommonClass { - constructor(udp = []) { +class TcpMask extends XrayCommonClass { + constructor(type = 'fragment', settings = {}) { super(); - this.udp = Array.isArray(udp) ? udp.map(u => new UdpMask(u.type, u.settings)) : [new UdpMask(udp.type, udp.settings)]; + this.type = type; + this.settings = this._getDefaultSettings(type, settings); + } + + _getDefaultSettings(type, settings = {}) { + switch (type) { + case 'fragment': + return { + packets: settings.packets ?? 'tlshello', + length: settings.length ?? '', + delay: settings.delay ?? '', + maxSplit: settings.maxSplit ?? '', + }; + case 'sudoku': + return { + password: settings.password ?? '', + ascii: settings.ascii ?? '', + customTable: settings.customTable ?? '', + customTables: Array.isArray(settings.customTables) ? settings.customTables : [], + paddingMin: settings.paddingMin ?? 0, + paddingMax: settings.paddingMax ?? 0, + }; + case 'header-custom': + return { + clients: Array.isArray(settings.clients) ? settings.clients : [], + servers: Array.isArray(settings.servers) ? settings.servers : [], + }; + default: + return settings; + } } static fromJson(json = {}) { - return new FinalMaskStreamSettings(json.udp || []); + return new TcpMask( + json.type || 'fragment', + json.settings || {} + ); } toJson() { - return { - udp: this.udp.map(udp => udp.toJson()) + const cleanItem = item => { + const out = { ...item }; + if (out.type === 'array') { + delete out.packet; + } else { + delete out.rand; + delete out.randRange; + } + return out; }; + + let settings = this.settings; + if (this.type === 'header-custom' && settings) { + const cleanGroup = group => Array.isArray(group) ? group.map(cleanItem) : group; + settings = { + ...settings, + clients: Array.isArray(settings.clients) ? settings.clients.map(cleanGroup) : settings.clients, + servers: Array.isArray(settings.servers) ? settings.servers.map(cleanGroup) : settings.servers, + }; + } + + return { + type: this.type, + settings: (settings && Object.keys(settings).length > 0) ? settings : undefined + }; + } +} + +class QuicParams extends XrayCommonClass { + constructor( + congestion = 'bbr', + debug = false, + brutalUp = '', + brutalDown = '', + udpHop = undefined, + initStreamReceiveWindow = 8388608, + maxStreamReceiveWindow = 8388608, + initConnectionReceiveWindow = 20971520, + maxConnectionReceiveWindow = 20971520, + maxIdleTimeout = 30, + keepAlivePeriod = 0, + disablePathMTUDiscovery = false, + maxIncomingStreams = 1024, + ) { + super(); + this.congestion = congestion; + this.debug = debug; + this.brutalUp = brutalUp; + this.brutalDown = brutalDown; + this.udpHop = udpHop; + this.initStreamReceiveWindow = initStreamReceiveWindow; + this.maxStreamReceiveWindow = maxStreamReceiveWindow; + this.initConnectionReceiveWindow = initConnectionReceiveWindow; + this.maxConnectionReceiveWindow = maxConnectionReceiveWindow; + this.maxIdleTimeout = maxIdleTimeout; + this.keepAlivePeriod = keepAlivePeriod; + this.disablePathMTUDiscovery = disablePathMTUDiscovery; + this.maxIncomingStreams = maxIncomingStreams; + } + + get hasUdpHop() { + return this.udpHop != null; + } + + set hasUdpHop(value) { + this.udpHop = value ? (this.udpHop || { ports: '20000-50000', interval: '5-10' }) : undefined; + } + + static fromJson(json = {}) { + if (!json || Object.keys(json).length === 0) return undefined; + return new QuicParams( + json.congestion, + json.debug, + json.brutalUp, + json.brutalDown, + json.udpHop ? { ports: json.udpHop.ports, interval: json.udpHop.interval } : undefined, + json.initStreamReceiveWindow, + json.maxStreamReceiveWindow, + json.initConnectionReceiveWindow, + json.maxConnectionReceiveWindow, + json.maxIdleTimeout, + json.keepAlivePeriod, + json.disablePathMTUDiscovery, + json.maxIncomingStreams, + ); + } + + toJson() { + const result = { congestion: this.congestion }; + if (this.debug) result.debug = this.debug; + if (this.brutalUp) result.brutalUp = this.brutalUp; + if (this.brutalDown) result.brutalDown = this.brutalDown; + if (this.udpHop) result.udpHop = { ports: this.udpHop.ports, interval: this.udpHop.interval }; + if (this.initStreamReceiveWindow > 0) result.initStreamReceiveWindow = this.initStreamReceiveWindow; + if (this.maxStreamReceiveWindow > 0) result.maxStreamReceiveWindow = this.maxStreamReceiveWindow; + if (this.initConnectionReceiveWindow > 0) result.initConnectionReceiveWindow = this.initConnectionReceiveWindow; + if (this.maxConnectionReceiveWindow > 0) result.maxConnectionReceiveWindow = this.maxConnectionReceiveWindow; + if (this.maxIdleTimeout !== 30 && this.maxIdleTimeout > 0) result.maxIdleTimeout = this.maxIdleTimeout; + if (this.keepAlivePeriod > 0) result.keepAlivePeriod = this.keepAlivePeriod; + if (this.disablePathMTUDiscovery) result.disablePathMTUDiscovery = this.disablePathMTUDiscovery; + if (this.maxIncomingStreams > 0) result.maxIncomingStreams = this.maxIncomingStreams; + return result; + } +} + +class FinalMaskStreamSettings extends XrayCommonClass { + constructor(tcp = [], udp = [], quicParams = undefined) { + super(); + this.tcp = Array.isArray(tcp) ? tcp.map(t => t instanceof TcpMask ? t : new TcpMask(t.type, t.settings)) : []; + this.udp = Array.isArray(udp) ? udp.map(u => new UdpMask(u.type, u.settings)) : [new UdpMask(udp.type, udp.settings)]; + this.quicParams = quicParams instanceof QuicParams ? quicParams : (quicParams ? QuicParams.fromJson(quicParams) : undefined); + } + + get enableQuicParams() { + return this.quicParams != null; + } + + set enableQuicParams(value) { + this.quicParams = value ? (this.quicParams || new QuicParams()) : undefined; + } + + static fromJson(json = {}) { + return new FinalMaskStreamSettings( + json.tcp || [], + json.udp || [], + json.quicParams ? QuicParams.fromJson(json.quicParams) : undefined, + ); + } + + toJson() { + const result = {}; + if (this.tcp && this.tcp.length > 0) { + result.tcp = this.tcp.map(t => t.toJson()); + } + if (this.udp && this.udp.length > 0) { + result.udp = this.udp.map(udp => udp.toJson()); + } + if (this.quicParams) { + result.quicParams = this.quicParams.toJson(); + } + return result; } } @@ -1193,6 +1356,16 @@ class StreamSettings extends XrayCommonClass { this.sockopt = sockopt; } + addTcpMask(type = 'fragment') { + this.finalmask.tcp.push(new TcpMask(type)); + } + + delTcpMask(index) { + if (this.finalmask.tcp) { + this.finalmask.tcp.splice(index, 1); + } + } + addUdpMask(type = 'salamander') { this.finalmask.udp.push(new UdpMask(type)); } @@ -1204,7 +1377,10 @@ class StreamSettings extends XrayCommonClass { } get hasFinalMask() { - return this.finalmask.udp && this.finalmask.udp.length > 0; + const hasTcp = this.finalmask.tcp && this.finalmask.tcp.length > 0; + const hasUdp = this.finalmask.udp && this.finalmask.udp.length > 0; + const hasQuicParams = this.finalmask.quicParams != null; + return hasTcp || hasUdp || hasQuicParams; } get isTls() { diff --git a/web/assets/js/model/outbound.js b/web/assets/js/model/outbound.js index aa90d20d..6be2ec1b 100644 --- a/web/assets/js/model/outbound.js +++ b/web/assets/js/model/outbound.js @@ -690,7 +690,8 @@ class UdpMask extends CommonClass { if (out.type === 'array') { delete out.packet; } else { - out.rand = 0; + delete out.rand; + delete out.randRange; } return out; }; @@ -713,21 +714,158 @@ class UdpMask extends CommonClass { } } -class FinalMaskStreamSettings extends CommonClass { - constructor(udp = []) { +class TcpMask extends CommonClass { + constructor(type = 'fragment', settings = {}) { super(); - this.udp = Array.isArray(udp) ? udp.map(u => new UdpMask(u.type, u.settings)) : [new UdpMask(udp.type, udp.settings)]; + this.type = type; + this.settings = this._getDefaultSettings(type, settings); + } + + _getDefaultSettings(type, settings = {}) { + switch (type) { + case 'fragment': + return { + packets: settings.packets ?? 'tlshello', + length: settings.length ?? '', + delay: settings.delay ?? '', + maxSplit: settings.maxSplit ?? '', + }; + case 'sudoku': + return { + password: settings.password ?? '', + ascii: settings.ascii ?? '', + customTable: settings.customTable ?? '', + customTables: Array.isArray(settings.customTables) ? settings.customTables : [], + paddingMin: settings.paddingMin ?? 0, + paddingMax: settings.paddingMax ?? 0, + }; + case 'header-custom': + return { + clients: Array.isArray(settings.clients) ? settings.clients : [], + servers: Array.isArray(settings.servers) ? settings.servers : [], + }; + default: + return settings; + } } static fromJson(json = {}) { - return new FinalMaskStreamSettings(json.udp || []); + return new TcpMask( + json.type || 'fragment', + json.settings || {} + ); } toJson() { - return { - udp: this.udp.map(udp => udp.toJson()) + const cleanItem = item => { + const out = { ...item }; + if (out.type === 'array') { + delete out.packet; + } else { + delete out.rand; + delete out.randRange; + } + return out; }; + let settings = this.settings; + if (this.type === 'header-custom' && settings) { + const cleanGroup = group => Array.isArray(group) ? group.map(cleanItem) : group; + settings = { + ...settings, + clients: Array.isArray(settings.clients) ? settings.clients.map(cleanGroup) : settings.clients, + servers: Array.isArray(settings.servers) ? settings.servers.map(cleanGroup) : settings.servers, + }; + } + + return { + type: this.type, + settings: (settings && Object.keys(settings).length > 0) ? settings : undefined + }; + } +} + +class QuicParams extends CommonClass { + constructor( + congestion = 'bbr', + debug = false, + brutalUp = '', + brutalDown = '', + udpHop = undefined, + ) { + super(); + this.congestion = congestion; + this.debug = debug; + this.brutalUp = brutalUp; + this.brutalDown = brutalDown; + this.udpHop = udpHop; + } + + get hasUdpHop() { + return this.udpHop != null; + } + + set hasUdpHop(value) { + this.udpHop = value ? (this.udpHop || { ports: '20000-50000', interval: '5-10' }) : undefined; + } + + static fromJson(json = {}) { + if (!json || Object.keys(json).length === 0) return undefined; + return new QuicParams( + json.congestion, + json.debug, + json.brutalUp, + json.brutalDown, + json.udpHop ? { ports: json.udpHop.ports, interval: json.udpHop.interval } : undefined, + ); + } + + toJson() { + const result = { congestion: this.congestion }; + if (this.debug) result.debug = this.debug; + if (this.brutalUp) result.brutalUp = this.brutalUp; + if (this.brutalDown) result.brutalDown = this.brutalDown; + if (this.udpHop) result.udpHop = { ports: this.udpHop.ports, interval: this.udpHop.interval }; + return result; + } +} + +class FinalMaskStreamSettings extends CommonClass { + constructor(tcp = [], udp = [], quicParams = undefined) { + super(); + this.tcp = Array.isArray(tcp) ? tcp.map(t => t instanceof TcpMask ? t : new TcpMask(t.type, t.settings)) : []; + this.udp = Array.isArray(udp) ? udp.map(u => new UdpMask(u.type, u.settings)) : [new UdpMask(udp.type, udp.settings)]; + this.quicParams = quicParams instanceof QuicParams ? quicParams : (quicParams ? QuicParams.fromJson(quicParams) : undefined); + } + + get enableQuicParams() { + return this.quicParams != null; + } + + set enableQuicParams(value) { + this.quicParams = value ? (this.quicParams || new QuicParams()) : undefined; + } + + static fromJson(json = {}) { + return new FinalMaskStreamSettings( + json.tcp || [], + json.udp || [], + json.quicParams ? QuicParams.fromJson(json.quicParams) : undefined, + ); + } + + toJson() { + const result = {}; + if (this.tcp && this.tcp.length > 0) { + result.tcp = this.tcp.map(t => t.toJson()); + } + if (this.udp && this.udp.length > 0) { + result.udp = this.udp.map(udp => udp.toJson()); + } + if (this.quicParams) { + result.quicParams = this.quicParams.toJson(); + } + return result; } } @@ -763,6 +901,16 @@ class StreamSettings extends CommonClass { this.sockopt = sockopt; } + addTcpMask(type = 'fragment') { + this.finalmask.tcp.push(new TcpMask(type)); + } + + delTcpMask(index) { + if (this.finalmask.tcp) { + this.finalmask.tcp.splice(index, 1); + } + } + addUdpMask(type = 'salamander') { this.finalmask.udp.push(new UdpMask(type)); } @@ -774,7 +922,10 @@ class StreamSettings extends CommonClass { } get hasFinalMask() { - return this.finalmask.udp && this.finalmask.udp.length > 0; + const hasTcp = this.finalmask.tcp && this.finalmask.tcp.length > 0; + const hasUdp = this.finalmask.udp && this.finalmask.udp.length > 0; + const hasQuicParams = this.finalmask.quicParams != null; + return hasTcp || hasUdp || hasQuicParams; } get isTls() { diff --git a/web/html/form/outbound.html b/web/html/form/outbound.html index 81b488c7..4f584d5e 100644 --- a/web/html/form/outbound.html +++ b/web/html/form/outbound.html @@ -842,7 +842,7 @@ :max="60" > - + @@ -852,6 +852,176 @@ - - + + + + diff --git a/web/html/form/stream/stream_finalmask.html b/web/html/form/stream/stream_finalmask.html index f0ec87cf..1a8a052d 100644 --- a/web/html/form/stream/stream_finalmask.html +++ b/web/html/form/stream/stream_finalmask.html @@ -3,9 +3,192 @@ :colon="false" :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }" - v-if="inbound.protocol == Protocols.HYSTERIA || inbound.stream.network == 'kcp'" + v-if="inbound.protocol == Protocols.HYSTERIA || ['kcp', 'xhttp', 'raw', 'tcp', 'httpupgrade', 'ws', 'grpc'].includes(inbound.stream.network)" > + + + + + - - + + + - - - - - - + + + + + {{end}}