Is TLS fragment and TCP segament and their combinations available to fight against DPI in China?

[louiesun]

I haven't use GFW-knocker's project successfully since it even can't wrong without fragment. (max fragment size 1000). (I test with a website available in China).

In addition, Cloudflare returns 400 Bad Request.

[mmmray]

this was mainly written for iran, where it still works pretty well as an all-purpose way to "freshen up" existing tunnels without changing the server. I saw that some chinese devs use fragmentation while testing the GFW, but am not aware of it being widely deployed there.

significant parts of this are now merged into xray's freedom outbound and there exist semi-private forks of xray developing it a bit further.

I think max fragment size=1000 is a bit high and unlikely to split up the packets where you need them.

[maoist2009]

this was mainly written for iran, where it still works pretty well as an all-purpose way to "freshen up" existing tunnels without changing the server. I saw that some chinese devs use fragmentation while testing the GFW, but am not aware of it being widely deployed there.

significant parts of this are now merged into xray's freedom outbound and there exist semi-private forks of xray developing it a bit further.

I think max fragment size=1000 is a bit high and unlikely to split up the packets where you need them.

I guess it works for the most places of china. But unluckily, I am in Shanghai. It is said that the GFW of Shanghai, Beijing, Guangzhou will maintain a connection of tcp. So it seems that fragment won't work.

This is my test code:

[ghost]

notice the differences between tls frag and tcp frag! gfw knocker' project jusr use tcp frag and doesn't foe china.

[wkrp]

I'll reopen the issue to preserve the discussion.