mirror of
https://github.com/Waujito/youtubeUnblock.git
synced 2025-01-01 20:09:56 +00:00
Add option to disable ipv6, document ipv6
This commit is contained in:
parent
a3a497bc82
commit
5a30ac427b
13
README.md
13
README.md
@ -6,6 +6,7 @@
|
|||||||
- [Firewall configuration](#firewall-configuration)
|
- [Firewall configuration](#firewall-configuration)
|
||||||
- [nftables rules](#nftables-rules)
|
- [nftables rules](#nftables-rules)
|
||||||
- [Iptables rules](#iptables-rules)
|
- [Iptables rules](#iptables-rules)
|
||||||
|
- [IPv6](#ipv6)
|
||||||
- [Check it](#check-it)
|
- [Check it](#check-it)
|
||||||
- [Flags](#flags)
|
- [Flags](#flags)
|
||||||
- [Troubleshooting](#troubleshooting)
|
- [Troubleshooting](#troubleshooting)
|
||||||
@ -104,6 +105,16 @@ iptables -t mangle -A FORWARD -p tcp --dport 443 -m connbytes --connbytes-dir or
|
|||||||
iptables -I OUTPUT -m mark --mark 32768/32768 -j ACCEPT
|
iptables -I OUTPUT -m mark --mark 32768/32768 -j ACCEPT
|
||||||
```
|
```
|
||||||
|
|
||||||
|
#### IPv6
|
||||||
|
|
||||||
|
For IPv6 on iptables you need to duplicate rules above for ip6tables:
|
||||||
|
```sh
|
||||||
|
ip6tables -t mangle -A FORWARD -p tcp --dport 443 -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:19 -j NFQUEUE --queue-num 537 --queue-bypass
|
||||||
|
ip6tables -I OUTPUT -m mark --mark 32768/32768 -j ACCEPT
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Note that above rules use *conntrack* to route only first 20 packets from the connection to **youtubeUnblock**.
|
Note that above rules use *conntrack* to route only first 20 packets from the connection to **youtubeUnblock**.
|
||||||
If you got some troubles with it, for example **youtubeUnblock** doesn't detect YouTube, try to delete *connbytes* from the rules. But it is an unlikely behavior and you should probably check your ruleset.
|
If you got some troubles with it, for example **youtubeUnblock** doesn't detect YouTube, try to delete *connbytes* from the rules. But it is an unlikely behavior and you should probably check your ruleset.
|
||||||
|
|
||||||
@ -170,6 +181,8 @@ Available flags:
|
|||||||
|
|
||||||
- `--no-gso` Disables support for Google Chrome fat packets which uses GSO. This feature is well tested now, so this flag probably won't fix anything.
|
- `--no-gso` Disables support for Google Chrome fat packets which uses GSO. This feature is well tested now, so this flag probably won't fix anything.
|
||||||
|
|
||||||
|
- `--no-ipv6` Disables support for ipv6. May be useful if you don't want for ipv6 socket to be opened.
|
||||||
|
|
||||||
- `--threads=<threads number>` Specifies the amount of threads you want to be running for your program. This defaults to **1** and shouldn't be edited for normal use. If you have performance issues, consult [performance chaptr](https://github.com/Waujito/youtubeUnblock?tab=readme-ov-file#performance)
|
- `--threads=<threads number>` Specifies the amount of threads you want to be running for your program. This defaults to **1** and shouldn't be edited for normal use. If you have performance issues, consult [performance chaptr](https://github.com/Waujito/youtubeUnblock?tab=readme-ov-file#performance)
|
||||||
|
|
||||||
## Troubleshooting
|
## Troubleshooting
|
||||||
|
15
args.c
15
args.c
@ -20,6 +20,7 @@ struct config_t config = {
|
|||||||
.fake_sni_seq_len = 1,
|
.fake_sni_seq_len = 1,
|
||||||
.frag_middle_sni = 1,
|
.frag_middle_sni = 1,
|
||||||
.frag_sni_pos = 2,
|
.frag_sni_pos = 2,
|
||||||
|
.use_ipv6 = 1,
|
||||||
|
|
||||||
.sni_detection = SNI_DETECTION_PARSE,
|
.sni_detection = SNI_DETECTION_PARSE,
|
||||||
|
|
||||||
@ -63,13 +64,14 @@ struct config_t config = {
|
|||||||
#define OPT_TRACE 15
|
#define OPT_TRACE 15
|
||||||
#define OPT_QUIC_DROP 16
|
#define OPT_QUIC_DROP 16
|
||||||
#define OPT_SNI_DETECTION 17
|
#define OPT_SNI_DETECTION 17
|
||||||
|
#define OPT_NO_IPV6 20
|
||||||
#define OPT_SEG2DELAY 5
|
#define OPT_SEG2DELAY 5
|
||||||
#define OPT_THREADS 6
|
#define OPT_THREADS 6
|
||||||
#define OPT_SILENT 7
|
#define OPT_SILENT 7
|
||||||
#define OPT_NO_GSO 8
|
#define OPT_NO_GSO 8
|
||||||
#define OPT_QUEUE_NUM 9
|
#define OPT_QUEUE_NUM 9
|
||||||
|
|
||||||
#define OPT_MAX OPT_FRAG_SNI_POS
|
#define OPT_MAX OPT_NO_IPV6
|
||||||
|
|
||||||
static struct option long_opt[] = {
|
static struct option long_opt[] = {
|
||||||
{"help", 0, 0, 'h'},
|
{"help", 0, 0, 'h'},
|
||||||
@ -92,6 +94,7 @@ static struct option long_opt[] = {
|
|||||||
{"silent", 0, 0, OPT_SILENT},
|
{"silent", 0, 0, OPT_SILENT},
|
||||||
{"trace", 0, 0, OPT_TRACE},
|
{"trace", 0, 0, OPT_TRACE},
|
||||||
{"no-gso", 0, 0, OPT_NO_GSO},
|
{"no-gso", 0, 0, OPT_NO_GSO},
|
||||||
|
{"no-ipv6", 0, 0, OPT_NO_IPV6},
|
||||||
{"queue-num", 1, 0, OPT_QUEUE_NUM},
|
{"queue-num", 1, 0, OPT_QUEUE_NUM},
|
||||||
{0,0,0,0}
|
{0,0,0,0}
|
||||||
};
|
};
|
||||||
@ -144,6 +147,7 @@ void print_usage(const char *argv0) {
|
|||||||
printf("\t--silent\n");
|
printf("\t--silent\n");
|
||||||
printf("\t--trace\n");
|
printf("\t--trace\n");
|
||||||
printf("\t--no-gso\n");
|
printf("\t--no-gso\n");
|
||||||
|
printf("\t--no-ipv6\n");
|
||||||
printf("\n");
|
printf("\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -169,6 +173,9 @@ int parse_args(int argc, char *argv[]) {
|
|||||||
case OPT_NO_GSO:
|
case OPT_NO_GSO:
|
||||||
config.use_gso = 0;
|
config.use_gso = 0;
|
||||||
break;
|
break;
|
||||||
|
case OPT_NO_IPV6:
|
||||||
|
config.use_ipv6 = 0;
|
||||||
|
break;
|
||||||
case OPT_QUIC_DROP:
|
case OPT_QUIC_DROP:
|
||||||
config.quic_drop = 1;
|
config.quic_drop = 1;
|
||||||
break;
|
break;
|
||||||
@ -393,6 +400,12 @@ void print_welcome() {
|
|||||||
printf("GSO is enabled\n");
|
printf("GSO is enabled\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (config.use_ipv6) {
|
||||||
|
printf("IPv6 is enabled\n");
|
||||||
|
} else {
|
||||||
|
printf("IPv6 is disabled\n");
|
||||||
|
}
|
||||||
|
|
||||||
if (config.quic_drop) {
|
if (config.quic_drop) {
|
||||||
printf("All QUIC packets will be dropped\n");
|
printf("All QUIC packets will be dropped\n");
|
||||||
}
|
}
|
||||||
|
1
config.h
1
config.h
@ -18,6 +18,7 @@ struct config_t {
|
|||||||
unsigned int queue_start_num;
|
unsigned int queue_start_num;
|
||||||
int threads;
|
int threads;
|
||||||
int use_gso;
|
int use_gso;
|
||||||
|
int use_ipv6;
|
||||||
int fragmentation_strategy;
|
int fragmentation_strategy;
|
||||||
int frag_sni_reverse;
|
int frag_sni_reverse;
|
||||||
int frag_sni_faked;
|
int frag_sni_faked;
|
||||||
|
8
mangle.c
8
mangle.c
@ -35,7 +35,7 @@ int process_packet(const uint8_t *raw_payload, uint32_t raw_payload_len) {
|
|||||||
|
|
||||||
transport_proto = iph ->protocol;
|
transport_proto = iph ->protocol;
|
||||||
|
|
||||||
} else if (ipver == IP6VERSION) {
|
} else if (ipver == IP6VERSION && config.use_ipv6) {
|
||||||
ret = ip6_payload_split((uint8_t *)raw_payload, raw_payload_len,
|
ret = ip6_payload_split((uint8_t *)raw_payload, raw_payload_len,
|
||||||
(struct ip6_hdr **)&ip6h, &iph_len,
|
(struct ip6_hdr **)&ip6h, &iph_len,
|
||||||
(uint8_t **)&ip_payload, &ip_payload_len);
|
(uint8_t **)&ip_payload, &ip_payload_len);
|
||||||
@ -45,11 +45,11 @@ int process_packet(const uint8_t *raw_payload, uint32_t raw_payload_len) {
|
|||||||
|
|
||||||
transport_proto = ip6h->ip6_ctlun.ip6_un1.ip6_un1_nxt;
|
transport_proto = ip6h->ip6_ctlun.ip6_un1.ip6_un1_nxt;
|
||||||
|
|
||||||
|
} else {
|
||||||
|
lgtracemsg("Unknown layer 3 protocol version: %d", ipver);
|
||||||
|
goto accept;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
if (ret < 0)
|
|
||||||
goto accept;
|
|
||||||
|
|
||||||
switch (transport_proto) {
|
switch (transport_proto) {
|
||||||
case IPPROTO_TCP:
|
case IPPROTO_TCP:
|
||||||
|
@ -579,10 +579,12 @@ int main(int argc, char *argv[]) {
|
|||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (open_raw6_socket() < 0) {
|
if (config.use_ipv6) {
|
||||||
perror("Unable to open raw socket for ipv6");
|
if (open_raw6_socket() < 0) {
|
||||||
close_raw_socket();
|
perror("Unable to open raw socket for ipv6");
|
||||||
exit(EXIT_FAILURE);
|
close_raw_socket();
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
struct queue_res *qres = &defqres;
|
struct queue_res *qres = &defqres;
|
||||||
@ -618,7 +620,8 @@ int main(int argc, char *argv[]) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
close_raw_socket();
|
close_raw_socket();
|
||||||
close_raw6_socket();
|
if (config.use_ipv6)
|
||||||
|
close_raw6_socket();
|
||||||
|
|
||||||
return -qres->status;
|
return -qres->status;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user