From 9b5c8a729dd63349d63ef8bd6b0b0258b3dfc670 Mon Sep 17 00:00:00 2001 From: Vadim Vetrov Date: Fri, 6 Dec 2024 18:25:43 +0300 Subject: [PATCH] Allow to disable TLS processing for the section --- README.md | 2 ++ args.c | 20 ++++++++++++++++++-- args.h | 4 ++-- config.h | 3 +++ mangle.c | 3 +++ 5 files changed, 28 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index fa59476..9cf9836 100644 --- a/README.md +++ b/README.md @@ -242,6 +242,8 @@ Available flags: - `--quic-drop` Drop all QUIC packets which goes to youtubeUnblock. Won't affect any other UDP packets. Just an alias for `--udp-filter-quic=all --udp-mode=drop`. +- `--tls={enabled|disabled}` Set it if you want not to process TLS traffic in current section. May be used if you want to set only UDP-based section. (Here section is a unit between `--fbegin` and `--fend` flags). + - `--silent` Disables verbose mode. - `--trace` Maximum verbosity for debugging purposes. diff --git a/args.c b/args.c index 77b3c4d..e19b3e1 100644 --- a/args.c +++ b/args.c @@ -68,6 +68,7 @@ enum { OPT_UDP_FAKING_STRATEGY, OPT_UDP_DPORT_FILTER, OPT_UDP_FILTER_QUIC, + OPT_TLS_ENABLED, }; static struct option long_opt[] = { @@ -78,6 +79,7 @@ static struct option long_opt[] = { {"fake-sni", 1, 0, OPT_FAKE_SNI}, {"synfake", 1, 0, OPT_SYNFAKE}, {"synfake-len", 1, 0, OPT_SYNFAKE_LEN}, + {"tls", 1, 0, OPT_TLS_ENABLED}, {"fake-sni-seq-len", 1, 0, OPT_FAKE_SNI_SEQ_LEN}, {"fake-sni-type", 1, 0, OPT_FAKE_SNI_TYPE}, {"fake-custom-payload", 1, 0, OPT_FAKE_CUSTOM_PAYLOAD}, @@ -132,7 +134,7 @@ static long parse_numeric_option(const char* value) { return result; } -void print_version() { +void print_version(void) { printf("youtubeUnblock" #if defined(PKG_VERSION) " " PKG_VERSION @@ -151,6 +153,7 @@ void print_usage(const char *argv0) { printf("\t--queue-num=\n"); printf("\t--sni-domains=|all\n"); printf("\t--exclude-domains=\n"); + printf("\t--tls={enabled|disabled}\n"); printf("\t--fake-sni={1|0}\n"); printf("\t--fake-sni-seq-len=\n"); printf("\t--fake-sni-type={default|random|custom}\n"); @@ -375,6 +378,16 @@ int parse_args(int argc, char *argv[]) { break; /* section_config_t scoped configs */ + case OPT_TLS_ENABLED: + if (strcmp(optarg, "enabled") == 0) { + sect_config->tls_enabled = 1; + } else if (strcmp(optarg, "disabled") == 0) { + sect_config->tls_enabled = 0; + } else { + goto invalid_opt; + } + + break; case OPT_SNI_DOMAINS: if (!strcmp(optarg, "all")) { sect_config->all_domains = 1; @@ -650,7 +663,7 @@ error: return -errno; } -void print_welcome() { +void print_welcome(void) { if (config.syslog) { printf("Logging to system log\n"); } @@ -671,6 +684,9 @@ void print_welcome() { int section_number = CONFIG_SECTION_NUMBER(section); lginfo("Section #%d\n", section_number); + if (!section->tls_enabled) { + lginfo("TCP TLS is disabled for section!\n"); + } switch (section->fragmentation_strategy) { case FRAG_STRAT_TCP: lginfo("Using TCP segmentation\n"); diff --git a/args.h b/args.h index 98d65cf..102772f 100644 --- a/args.h +++ b/args.h @@ -1,11 +1,11 @@ #ifndef ARGS_H #define ARGS_H -void print_version(); +void print_version(void); void print_usage(const char *argv0); int parse_args(int argc, char *argv[]); /* Prints starting messages */ -void print_welcome(); +void print_welcome(void); #endif /* ARGS_H */ diff --git a/config.h b/config.h index d9ac592..3bebfdb 100644 --- a/config.h +++ b/config.h @@ -30,6 +30,8 @@ struct section_config_t { const char *domains_str; unsigned int domains_strlen; + int tls_enabled; + int fragmentation_strategy; int frag_sni_reverse; int frag_sni_faked; @@ -191,6 +193,7 @@ enum { }; #define default_section_config { \ + .tls_enabled = 1, \ .frag_sni_reverse = 1, \ .frag_sni_faked = 0, \ .fragmentation_strategy = FRAGMENTATION_STRATEGY, \ diff --git a/mangle.c b/mangle.c index e661454..961ec98 100644 --- a/mangle.c +++ b/mangle.c @@ -170,6 +170,9 @@ int process_tcp_packet(const struct section_config_t *section, const uint8_t *ra if (tcph->syn) goto continue_flow; + if (!section->tls_enabled) + goto continue_flow; + struct tls_verdict vrd = analyze_tls_data(section, data, dlen); lgtrace_addp("TLS analyzed");