DanielLavrushin/b4 v1.39.1

on GitHub

[1.39.1] - 2026-03-02

• ADDED: MSS Clamping — forces smaller packet sizes at the firewall level so that blocked content (like YouTube on smart TVs) can load correctly. Two options: enable globally for all devices in Settings > Network > Global MSS Clamping, or set a per-device size in the Settings > Device Filtering table (MSS column). Changes apply instantly without restarting.
• ADDED: DPI Detector — a new page in the sidebar that checks whether your ISP is tampering with your internet traffic. It runs three quick tests: DNS spoofing, blocked website detection, and connection dropping. Helps you see what your ISP is actually doing before and after enabling B4.
• ADDED: NAT Masquerade — B4 can now set up NAT masquerade automatically when running inside containers (Docker, LXC, MikroTik CHR). No more manual scripts — just enable NAT Masquerade in Settings > Feature Flags > Firewall Features and optionally pick an output interface. Works with both iptables and nftables. Rules are monitored and auto-restored if they disappear. Also available via CLI: --masquerade and --masquerade-interface.
• FIXED: Custom payloads ignored during Discovery — selecting custom payloads no longer silently falls back to built-in ones like duckduckgo. Your custom payloads are now properly used in the discovered configuration.
• FIXED: Discovery results not working after adding — configurations that passed during Discovery could fail when actually applied. The tested config now matches exactly what gets saved.
• FIXED: TTL detection not working — the optimal TTL search was not actually changing the fake packet's TTL, making all attempts look the same. Now correctly finds the minimum working TTL for your network.
• FIXED: Custom capture payloads lost when adding from Discovery — configurations using captured payload files (e.g., from the Capture feature) would lose the payload reference after being added, causing the bypass to fail. The payload type also didn't show correctly in the set editor until manually reselected. Both are now fixed.
• ADDED: Discovery Cache — Discovery now remembers which bypass strategies worked before. When you run Discovery for a new domain, it tries previously successful configurations first, so you often get a working result quicker.
• ADDED: Multi-Domain Discovery — you can now test multiple domains in a single Discovery run. Add domains or full URLs one by one (they appear as chips for easy management) and B4 will find the best bypass configuration for each one.
• IMPROVED: Smarter Discovery — reworked strategy testing to use real-world technique combinations instead of testing individual tricks in isolation. If Discovery says a strategy works, it should actually work when you add it.
• IMPROVED: Smarter TTL in Discovery — Discovery finds the optimal Fake TTL for Combo configurations automatically by scanning through preset TTL values, and tests all faking strategies (including timestamp) to pick the most reliable one.
• IMPROVED: Fullscreen Discovery Logs — added a button to view Discovery logs in a large popup window, making long log lines much easier to read.
• IMPROVED: Set editor no longer jumps away after saving — clicking "Save" now keeps you on the same tab and scroll position instead of going back to the sets list. This can help to speed up testing specific configurations.
• IMPROVED: Auto-detect config file — the --config flag is no longer required. When omitted, B4 automatically looks for a config file in /etc/b4/ and /opt/etc/b4/. If no config exists yet, B4 picks the best default location and creates one on first run.
• IMPROVED: SOCKS5 updates (thanks @remmody #PR64)
• IMPROVED: Device Discovery — now works on all routers. B4 reads the system ARP table instead of DHCP lease files, so devices show up regardless of your router brand (Keenetic, MikroTik, OpenWrt, Asus, etc.). Device hostnames are still picked up from DHCP when available.
• REMOVED: Decoy SNI Domains setting from Combo strategy — the decoy packet now uses the same fake payload configured in your Faking settings instead of a separate list of domain names.

What's Changed

• feat: add architecture detection and force architecture option for MIPS by @DanielLavrushin in #56
• fix: update Docker tags to use lowercase repository name and add arm/… by @DanielLavrushin in #58
• fix: add platform specification for multi-architecture support in Doc… by @DanielLavrushin in #60
• Fix curl by @DanielLavrushin in #62
• fix: enhance architecture detection for MIPS by adding additional che… by @DanielLavrushin in #63
• update URLs for DustinWin geodata by @krisavdome in #72
• Discovery updates by @DanielLavrushin in #65
• installer --sysinfo kernel modules check by @krisavdome in #71
• fix mikrotik-container by @kakosmakos in #70
• feat: add NAT masquerade support for container setups by @DanielLavrushin in #73
• fix typo in settings.md by @Shiperoid in #75
• feat: implement MSS Clamping feature for TCP traffic management by @DanielLavrushin in #76
• fix installer printing web interface protocol based on detected tls instead of users choice by @krisavdome in #74
• feat: Enhanced SOCKS5 proxy with set matching and timezone support by @remmody in #64
• feat(config): implement automatic config file discovery and update te… by @DanielLavrushin in #77
• feat(targets): add source devices support and implement filtering in … by @DanielLavrushin in #78
• feat(dhcp): rewrite DHCP manager to use ARP table for device discovery by @DanielLavrushin in #80
• refactor: remove Decoy SNI Domains setting and related functionality by @DanielLavrushin in #81

New Contributors

• @kakosmakos made their first contribution in #70

Full Changelog: v1.38.0...v1.39.1