[{"data":1,"prerenderedAt":310},["ShallowReactive",2],{"post-diy-sip003-protocol":3},{"id":4,"title":5,"body":6,"cover":300,"date":301,"description":302,"extension":303,"meta":304,"navigation":305,"path":306,"seo":307,"stem":308,"__hash__":309},"posts/posts/diy-sip003-protocol.md","大模型内化的十年开源积累，正在补完 shadowsocks 的原始愿景",{"type":7,"value":8,"toc":292},"minimark",[9,13,17,34,37,44,47,50,53,113,116,120,123,126,132,135,138,142,149,152,201,204,207,214,221,227,240,246,256,259,262,265,268,271,274,289],[10,11,12],"h2",{"id":12},"论点",[14,15,16],"p",{},"shadowsocks 在 2012 年提出时，包含两个并列的设计倡导：",[18,19,20,28],"ul",{},[21,22,23,27],"li",{},[24,25,26],"strong",{},"去中心化部署","：每个使用者拥有自己的服务端，而非依赖少数公共节点",[21,29,30,33],{},[24,31,32],{},"协议层可定制","：通过插件机制允许使用者自行实现传输层伪装，避免单一指纹被特征化",[14,35,36],{},"第一项在过去十年里部分实现，VPS 价格下降与一键脚本的普及让自建对技术用户不再困难，但对非技术用户仍是门槛。第二项几乎没有被普通用户兑现：能独立写出一个生产可用混淆插件的开发者全球不超过千人，结果是绝大多数使用者共享 v2ray、xray、hysteria 等少数项目的协议指纹。",[14,38,39,40,43],{},"2025–2026 年发生的变化是结构性的：",[24,41,42],{},"过去十几年开源社区围绕翻墙工具贡献的全部代码，包括 shadowsocks、v2ray、xray、trojan、hysteria、naive、reality，以及 SIP003、VLESS、Hysteria2 等协议规范，已经被内化进大模型的训练数据","。其直接结果是部署与协议自定义的实现成本同时塌缩。",[14,45,46],{},"本文记录两个实测 case。",[10,48,49],{"id":49},"模型内化了什么",[14,51,52],{},"观察 2026 年主流代码模型在翻墙相关任务上的表现，已被稳定内化的内容如下：",[54,55,56,69],"table",{},[57,58,59],"thead",{},[60,61,62,66],"tr",{},[63,64,65],"th",{},"类别",[63,67,68],{},"内容",[70,71,72,81,89,97,105],"tbody",{},[60,73,74,78],{},[75,76,77],"td",{},"协议规范",[75,79,80],{},"shadowsocks AEAD、SIP003、SIP022、VLESS、VMess、Trojan、Hysteria2、reality、naive",[60,82,83,86],{},[75,84,85],{},"实现细节",[75,87,88],{},"aes-256-gcm/chacha20-poly1305 的盐与 nonce 处理、Trojan 的 TLS 透传、reality 的 ServerHello 重组",[60,90,91,94],{},[75,92,93],{},"部署知识",[75,95,96],{},"systemd 单元、ufw/nftables/firewalld 规则、acme.sh / certbot 自动化、Cloudflare DNS API",[60,98,99,102],{},[75,100,101],{},"工具链",[75,103,104],{},"shadowsocks-rust v1.x、sing-box、xray-core 的 CLI 与配置文件 schema",[60,106,107,110],{},[75,108,109],{},"对抗经验",[75,111,112],{},"TLS-in-TLS 指纹、TCP 时序特征、SNI 白/黑名单的常见破解模式",[14,114,115],{},"对模型而言，\"写一个 SIP003 插件\"与\"写一个 HTTP server\"在难度上已无本质差异，两者的模式都在训练语料里出现过足够多次。",[10,117,119],{"id":118},"case-110-分钟部署","Case 1：10 分钟部署",[14,121,122],{},"最直接的应用场景：手上有一台空 VPS，需要一套可用的服务端 + 客户端。",[14,124,125],{},"实测流程：在 VPS 上运行任意 code agent（Claude Code / opencode / Cursor），给出一条 prompt：",[127,128,129],"blockquote",{},[14,130,131],{},"在这台 VPS 上部署 shadowsocks-rust 服务端，用 SIP003 plugin 做 HTTP/2 混淆。配好 systemd 自动启动，开放 443 端口，生成客户端配置文件给我。",[14,133,134],{},"模型自行完成系统检测、包安装、强随机密码与端口生成、systemd 单元写入、防火墙规则、客户端配置导出，全程对使用者无认知负担。10 分钟内拿到可用链路。",[14,136,137],{},"shadowsocks 第一项愿景（去中心化部署）的最后一段门槛，也就是\"看得懂文档、不怕命令行\"，被填平。",[10,139,141],{"id":140},"case-2用非-sota-模型写一个混淆插件","Case 2：用非 SOTA 模型写一个混淆插件",[14,143,144,145,148],{},"更激进的实测：让一个",[24,146,147],{},"完全免费、非 SOTA"," 的模型从零写一个 SIP003 混淆插件，验证协议自定义的实际成本。",[14,150,151],{},"使用的工具组合：",[18,153,154,168,178,184,189,195],{},[21,155,156,159,160,167],{},[24,157,158],{},"Code agent","：",[161,162,166],"a",{"href":163,"rel":164},"https://opencode.ai",[165],"nofollow","opencode","，开源、CLI 优先",[21,169,170,159,173,177],{},[24,171,172],{},"模型",[174,175,176],"code",{},"deepseek-v4-flash-free","，通过 OpenRouter 免费档接入",[21,179,180,183],{},[24,181,182],{},"Provider 费用","：$0",[21,185,186,183],{},[24,187,188],{},"本地费用",[21,190,191,194],{},[24,192,193],{},"开发时间","：~2.5 小时，含调试与端到端验证",[21,196,197,200],{},[24,198,199],{},"产出代码","：410 行 Go，单文件，1 个非标准依赖",[14,202,203],{},"DeepSeek v4 flash 不是当前最强的代码模型，它的定位是低延迟、低成本的批量生产档位，benchmarks 上明显落后于 Claude Opus 4.7、GPT-5.5。但对这个任务而言，\"够用\"的门槛已经被它跨过了。",[14,205,206],{},"起点是一条中文 prompt：",[14,208,209],{},[210,211],"img",{"alt":212,"src":213},"opencode 会话起点","/assets/2026/diy-sip003/01-prompt.png",[14,215,216,217,220],{},"模型自行决定引入 ",[174,218,219],{},"golang.org/x/net/http2","、构造 HEADERS + DATA 帧、处理 HPACK 编码：",[14,222,223],{},[210,224],{"alt":225,"src":226},"HTTP/2 帧编解码实现","/assets/2026/diy-sip003/03-coding.png",[14,228,229,230,235,236,239],{},"最终产物 ",[161,231,234],{"href":232,"rel":233},"https://github.com/madeye/sip003-http2-obfuscator",[165],"sip003-http2-obfuscator"," 结构如下，端到端通过 ",[174,237,238],{},"shadowsocks-rust"," 集成测试：",[14,241,242],{},[210,243],{"alt":244,"src":245},"项目结构","/assets/2026/diy-sip003/04-overview.png",[247,248,253],"pre",{"className":249,"code":251,"language":252},[250],"language-text","http2-obfuscator/\n├── main.go              # ~410 行\n├── build.sh\n├── test_integration.sh  # 端到端集成测试\n├── go.mod / go.sum\n└── README.md\n","text",[174,254,251],{"__ignoreMap":255},"",[14,257,258],{},"中间模型踩过两个坑，一个是 SIP003 环境变量的方向语义，一个是 HTTP/2 帧的并发写入交错，都在错误日志反馈后自行修正。整个会话期间作者未手写一行 Go 代码。",[14,260,261],{},"更换伪装目标的边际成本极低。HTTP/2 这套架子换成 WebSocket、gRPC、DoH、QUIC，让同一个免费模型再跑一轮，预计时间相当。每位使用者完全有条件维护一份只属于自己的私有变体。",[10,263,264],{"id":264},"总结",[14,266,267],{},"shadowsocks 原始设计中\"协议层可定制\"这一倡导，技术上完全成立，工程上几乎不可执行。SIP003 接口本身从 2017 年起就准备好接收任意第三方插件，但与之匹配的\"任意第三方\"始终没有出现。",[14,269,270],{},"补完这一缺口的不是某个新协议，也不是某个新工具，而是十几年开源贡献在大模型中的累积内化。当 shadowsocks、v2ray、xray 这些项目本身，包括它们的代码、文档、issue 讨论、踩坑记录，都成为模型的隐式知识库，\"实现一个传输层混淆\"从专家工作降级为可委托给 agent 的常规任务。一个免费的、非 SOTA 的 DeepSeek v4 flash 足以在数小时内完成，意味着这一能力对几乎所有使用者是可负担的。",[14,272,273],{},"由此带来的两个结构性结果：",[275,276,277,283],"ol",{},[21,278,279,282],{},[24,280,281],{},"部署的去中心化达到非技术用户层级","：拥有 VPS 与基础英语能力即可完成完整部署",[21,284,285,288],{},[24,286,287],{},"协议多样性首次具备可规模化供给","：单一指纹易被批量阻断，而当每位使用者可零成本生成私有变体时，DPI 的特征工程需要逐一识别每种伪装，规模性失效",[14,290,291],{},"这并不意味着自写的协议在对抗强度上能超过 v2ray、xray、hysteria，后者在性能、抗探测、生态成熟度上仍是更优选择。但\"每个人都能零成本写出能用的混淆\"与\"只有少数项目能写\"是两种结构性不同的局面。shadowsocks 在 2012 年描述的就是前者，2026 年的工具链让这一描述第一次具备工程上的可达性。",{"title":255,"searchDepth":293,"depth":293,"links":294},2,[295,296,297,298,299],{"id":12,"depth":293,"text":12},{"id":49,"depth":293,"text":49},{"id":118,"depth":293,"text":119},{"id":140,"depth":293,"text":141},{"id":264,"depth":293,"text":264},null,"2026-05-19T00:00:00.000Z","shadowsocks 当年倡导的去中心化部署与协议自定义，曾受限于普通用户的实现能力。十年开源贡献已被大模型内化，连非 SOTA 的免费模型都能在数小时内生成可用的混淆插件，这一愿景在工程上首次具备可达性。","md",{},true,"/posts/diy-sip003-protocol",{"title":5,"description":302},"posts/diy-sip003-protocol","Bs3AHfqJNIam0jSzhwpRLVi4--SwGZIeGjNA4X9tW64",1779183339941]