Allow to disable TLS processing for the section

README.md

@@ -242,6 +242,8 @@ Available flags:
 
 - `--quic-drop` Drop all QUIC packets which goes to youtubeUnblock. Won't affect any other UDP packets. Just an alias for `--udp-filter-quic=all --udp-mode=drop`.
 
+- `--tls={enabled|disabled}` Set it if you want not to process TLS traffic in current section. May be used if you want to set only UDP-based section. (Here section is a unit between `--fbegin` and `--fend` flags).
+
 - `--silent` Disables verbose mode.
 
 - `--trace` Maximum verbosity for debugging purposes.

args.c

@@ -68,6 +68,7 @@ enum {
 	OPT_UDP_FAKING_STRATEGY,
 	OPT_UDP_DPORT_FILTER,
 	OPT_UDP_FILTER_QUIC,
+	OPT_TLS_ENABLED,
 };
 
 static struct option long_opt[] = {
@@ -78,6 +79,7 @@ static struct option long_opt[] = {
 	{"fake-sni",		1, 0, OPT_FAKE_SNI},
 	{"synfake",		1, 0, OPT_SYNFAKE},
 	{"synfake-len",		1, 0, OPT_SYNFAKE_LEN},
+	{"tls",			1, 0, OPT_TLS_ENABLED},
 	{"fake-sni-seq-len",	1, 0, OPT_FAKE_SNI_SEQ_LEN},
 	{"fake-sni-type",	1, 0, OPT_FAKE_SNI_TYPE},
 	{"fake-custom-payload", 1, 0, OPT_FAKE_CUSTOM_PAYLOAD},
@@ -132,7 +134,7 @@ static long parse_numeric_option(const char* value) {
 	return result;
 }
 
-void print_version() {
+void print_version(void) {
   	printf("youtubeUnblock" 
 #if defined(PKG_VERSION)
 	" " PKG_VERSION
@@ -151,6 +153,7 @@ void print_usage(const char *argv0) {
 	printf("\t--queue-num=<number of netfilter queue>\n");
 	printf("\t--sni-domains=<comma separated domain list>|all\n");
 	printf("\t--exclude-domains=<comma separated domain list>\n");
+	printf("\t--tls={enabled|disabled}\n");
 	printf("\t--fake-sni={1|0}\n");
 	printf("\t--fake-sni-seq-len=<length>\n");
 	printf("\t--fake-sni-type={default|random|custom}\n");
@@ -375,6 +378,16 @@ int parse_args(int argc, char *argv[]) {
 			break;
 
 /* section_config_t scoped configs */
+		case OPT_TLS_ENABLED:
+			if (strcmp(optarg, "enabled") == 0) {
+				sect_config->tls_enabled = 1;
+			} else if (strcmp(optarg, "disabled") == 0) {
+				sect_config->tls_enabled = 0;
+			} else {
+				goto invalid_opt;
+			}
+
+			break;
 		case OPT_SNI_DOMAINS:
 			if (!strcmp(optarg, "all")) {
 				sect_config->all_domains = 1;
@@ -650,7 +663,7 @@ error:
 	return -errno;
 }
 
-void print_welcome() {
+void print_welcome(void) {
 	if (config.syslog) {
 		printf("Logging to system log\n");
 	}
@@ -671,6 +684,9 @@ void print_welcome() {
 		int section_number = CONFIG_SECTION_NUMBER(section);
 		lginfo("Section #%d\n", section_number);
 
+		if (!section->tls_enabled) {
+			lginfo("TCP TLS is disabled for section!\n");
+		}
 		switch (section->fragmentation_strategy) {
 			case FRAG_STRAT_TCP:
 				lginfo("Using TCP segmentation\n");

args.h

@@ -1,11 +1,11 @@
 #ifndef ARGS_H
 #define ARGS_H
 
-void print_version();
+void print_version(void);
 void print_usage(const char *argv0);
 int parse_args(int argc, char *argv[]);
 
 /* Prints starting messages */
-void print_welcome();
+void print_welcome(void);
 
 #endif /* ARGS_H */

config.h

@@ -30,6 +30,8 @@ struct section_config_t {
 	const char *domains_str;
 	unsigned int domains_strlen;
 
+	int tls_enabled;
+
 	int fragmentation_strategy;
 	int frag_sni_reverse;
 	int frag_sni_faked;
@@ -191,6 +193,7 @@ enum {
 };
 
 #define default_section_config {				\
+	.tls_enabled = 1,					\
 	.frag_sni_reverse = 1,                                  \
 	.frag_sni_faked = 0,                                    \
 	.fragmentation_strategy = FRAGMENTATION_STRATEGY,       \

mangle.c

@@ -170,6 +170,9 @@ int process_tcp_packet(const struct section_config_t *section, const uint8_t *ra
 
 	if (tcph->syn) goto continue_flow;
 
+	if (!section->tls_enabled)
+		goto continue_flow;
+
 	struct tls_verdict vrd = analyze_tls_data(section, data, dlen);
 	lgtrace_addp("TLS analyzed");