[Question/Discussion]: Patches rejected by upstream singbox

[radiumatic]

Hi, There have been a couple of patches used in Iran that can bypass the IR-GFW (?) in many cases (and might be useful in other countries):

1. TLS fragmentation (Implemented in xray-core and hiddify-singbox) It fragments the TLS client-hello packet in random slices and sends the resulting packets with a random delay. Apparently, DPI infrastructure doesn't have enough memory to re-assemble the packets and the SNI won't be checked.
2. Wireguard noise (Implemented in hiddify-singbox and it's own core) This one isn't as good documented as the previous, but it uses the fact that UDP is stateless and sends a custom range of random packets with random sizes and then starts to initiate the handshake process of Wireguard. The firewall relies on the fact that the wireguard fingerprint is present in the first packets of the "flow" (I don't have a better word to describe it) and the packets won't be dropped.

"hiddify-singbox": https://github.com/hiddify/hiddify-core The wireguard core: https://github.com/bepass-org/warp-plus (It supports automatically generated warp configs, hence the name)

Problem is, the upstream singbox rejects these techniques (or their implementations?) for various reasons without much elaboration. Do you think they can be implemented in Nekoray and Nekobox? These are clients widely used.