Add TLS Hello Fragmentation for freedom outbound (#2131)

* Replace TCP Segmentation with TLS Hello Fragmentation * Update infra/conf/freedom.go * Refine proxy/freedom/freedom.go --------- Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>
2025-04-30 09:18:34 +00:00 · 2023-06-18 07:12:42 -07:00 · 2023-06-18 07:12:42 -07:00 · 9122d0f056
commit 9122d0f056
parent def5807c64
2 changed files with 98 additions and 15 deletions
--- a/infra/conf/freedom.go
+++ b/infra/conf/freedom.go
@ -90,7 +90,17 @@ func (c *FreedomConfig) Build() (proto.Message, error) {
 			MaxLength:   int32(maxLength),
 		}

-		if len(c.Fragment.Packets) > 0 {
+		switch strings.ToLower(c.Fragment.Packets) {
+		case "tlshello":
+			// TLS Hello Fragmentation (into multiple handshake messages)
+			config.Fragment.StartPacket = 0
+			config.Fragment.EndPacket = 1
+		case "":
+			// TCP Segmentation (all packets)
+			config.Fragment.StartPacket = 0
+			config.Fragment.EndPacket = 0
+		default:
+			// TCP Segmentation (range)
 			packetRange := strings.Split(c.Fragment.Packets, "-")
 			var startPacket, endPacket int64
 			if len(packetRange) == 2 {
@ -114,9 +124,6 @@ func (c *FreedomConfig) Build() (proto.Message, error) {
 			}
 			config.Fragment.StartPacket = int32(startPacket)
 			config.Fragment.EndPacket = int32(endPacket)
-		} else {
-			config.Fragment.StartPacket = 0
-			config.Fragment.EndPacket = 0
 		}
 	}