diff --git a/README.md b/README.md index 7753890..cda92d0 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ Bypasses Deep Packet Inspection (DPI) systems that relies on SNI. The package is The program was primarily developed to bypass YouTube Outage in Russia, but it works good with other websites blocked by SNI. Adjust the list of websites via `--sni-domains` flag for the program. -The program is compatible with routers based on OpenWRT, Entware(Keenetic/ASUS) and host machines. The program offers binaries via [Github Actions](https://github.com/Waujito/youtubeUnblock/actions/workflows/build-ci.yml). If you haven't access to Github Actions, the program offers [development pre-release](https://github.com/Waujito/youtubeUnblock/releases/tag/continuous) which follows the latest commit in main branch with binaries included as assets. On OpenWRT you can check the architecture of your device with command `grep ARCH /etc/openwrt_release`. +The program is compatible with routers based on OpenWRT, Entware(Keenetic/ASUS) and host machines. The program offers binaries via Github Actions. The binaries of main branch are published in the [development pre-release](https://github.com/Waujito/youtubeUnblock/releases/tag/continuous). Check out [Github Actions](https://github.com/Waujito/youtubeUnblock/actions/workflows/build-ci.yml) if you want to see all the binaries compiled ever. You should know the arcitecture of your hardware to use binaries. On OpenWRT you can check it with command `grep ARCH /etc/openwrt_release`. On both OpenWRT and Entware install the program with opkg. If you got read-only filesystem error you may unpack the binary manually or specify opkg path `opkg -o `. @@ -126,6 +126,8 @@ curl -o/dev/null -k --connect-to ::google.com -k -L -H Host:\ mirror.gcr.io http ## Flags +Put flags to the **BINARY**, not an init script. If you are on OpenWRT you should put the flags inside the script: open `/etc/init.d/youtubeUnblock` with any text editor, like vi or nano and put your flags after `procd_set_param command /usr/bin/youtubeUnblock` line. + Available flags: - `--sni-domains=|all` List of domains you want to be handled by SNI. Use this string if you want to change default domain list. Defaults is `googlevideo.com,ggpht.com,ytimg.com,youtube.com,play.google.com,youtu.be,googleapis.com,googleusercontent.com,gstatic.com,l.google.com`. You can pass **all** if you want for every *ClientHello* to be handled. diff --git a/config.h b/config.h index beb08f4..5de4260 100644 --- a/config.h +++ b/config.h @@ -87,7 +87,7 @@ extern struct config_t config; #ifndef FAKING_STRATEGY -#define FAKING_STRATEGY FAKE_STRAT_RAND_SEQ +#define FAKING_STRATEGY FAKE_STRAT_PAST_SEQ #endif #if !defined(SILENT) && !defined(KERNEL_SPACE) diff --git a/logging.h b/logging.h index 41a8c28..694f993 100644 --- a/logging.h +++ b/logging.h @@ -25,8 +25,11 @@ #define lgdebugmsg(msg, ...) lgdebug(msg "\n", ##__VA_ARGS__) -#define lgtracemsg(msg, ...) \ -(LOG_LEVEL >= VERBOSE_TRACE ? printf(msg "\n", ##__VA_ARGS__) : 0) + +#define lgtrace(msg, ...) \ +(LOG_LEVEL >= VERBOSE_TRACE ? printf(msg, ##__VA_ARGS__) : 0) + +#define lgtracemsg(msg, ...) lgtrace(msg "\n", __VA_ARGS__) #define lgtrace_start(msg, ...) \ (LOG_LEVEL >= VERBOSE_TRACE ? printf("[TRACE] " msg " ( ", ##__VA_ARGS__) : 0) diff --git a/mangle.c b/mangle.c index b160e0f..cf04378 100644 --- a/mangle.c +++ b/mangle.c @@ -427,6 +427,12 @@ send_fake: } memcpy(fake_pad, frag2, iphfl + tcphfl); memset(fake_pad + iphfl + tcphfl, 0, f2len - iphfl - tcphfl); + struct tcphdr *fakethdr = (void *)(fake_pad + iphfl); + if (config.faking_strategy == FAKE_STRAT_PAST_SEQ) { + lgtrace("frag fake sent with %d -> ", ntohl(fakethdr->seq)); + fakethdr->seq = htonl(ntohl(fakethdr->seq) - dvs); + lgtrace_addp("%d, ", ntohl(fakethdr->seq)); + } ret = fail_packet(fake_pad, f2len); if (ret < 0) { lgerror("Failed to fail packet", ret); @@ -823,7 +829,10 @@ int fail_packet(uint8_t *payload, uint32_t plen) { tcph->ack_seq = random(); #endif } else if (config.faking_strategy == FAKE_STRAT_PAST_SEQ) { + lgtrace("fake sent with %d -> ", ntohl(tcph->seq)); tcph->seq = htonl(ntohl(tcph->seq) - dlen); + lgtrace_addp("%d", ntohl(tcph->seq)); + } else if (config.faking_strategy == FAKE_STRAT_TTL) { uint32_t ipxv = netproto_version(payload, plen); if (ipxv == IP4VERSION) { diff --git a/owrt/537-youtubeUnblock.nft b/owrt/537-youtubeUnblock.nft index 88c6881..eab155a 100644 --- a/owrt/537-youtubeUnblock.nft +++ b/owrt/537-youtubeUnblock.nft @@ -1,5 +1,5 @@ #!/usr/sbin/nft -f # This file install nftables rules for openwrt -insert rule inet fw4 mangle_forward tcp dport 443 ct original packets < 20 counter queue num 537 bypass +add rule inet fw4 mangle_forward tcp dport 443 ct original packets < 20 counter queue num 537 bypass insert rule inet fw4 output mark and 0x8000 == 0x8000 counter accept diff --git a/uspace.mk b/uspace.mk index 127f6f1..db43b15 100644 --- a/uspace.mk +++ b/uspace.mk @@ -1,3 +1,6 @@ +#Check for using system libs +USE_SYS_LIBS := no + #Userspace app makes here BUILD_DIR := $(CURDIR)/build DEPSDIR := $(BUILD_DIR)/deps @@ -5,8 +8,14 @@ DEPSDIR := $(BUILD_DIR)/deps CC:=gcc CCLD:=$(CC) LD:=ld -override CFLAGS += -Wall -Wpedantic -Wno-unused-variable -I$(DEPSDIR)/include -std=gnu11 -override LDFLAGS += -L$(DEPSDIR)/lib + +ifeq ($(USE_SYS_LIBS), no) + override CFLAGS += -Wall -Wpedantic -Wno-unused-variable -I$(DEPSDIR)/include -std=gnu11 + override LDFLAGS += -L$(DEPSDIR)/lib + REQ = $(LIBNETFILTER_QUEUE) $(LIBMNL) $(LIBCRYPTO) +else + override CFLAGS += -Wall -Wpedantic -Wno-unused-variable -std=gnu11 +endif LIBNFNETLINK_CFLAGS := -I$(DEPSDIR)/include LIBNFNETLINK_LIBS := -L$(DEPSDIR)/lib @@ -67,11 +76,11 @@ $(LIBNETFILTER_QUEUE): $(LIBNFNETLINK) $(LIBMNL) $(MAKE) -C deps/libnetfilter_queue $(MAKE) install -C deps/libnetfilter_queue -$(APP): $(OBJS) $(LIBNETFILTER_QUEUE) $(LIBMNL) $(LIBCRYPTO) +$(APP): $(OBJS) $(REQ) @echo 'CCLD $(APP)' $(CCLD) $(OBJS) -o $(APP) $(LDFLAGS) -lmnl -lnetfilter_queue -lpthread -$(BUILD_DIR)/%.o: %.c $(LIBNETFILTER_QUEUE) $(LIBMNL) $(LIBCRYPTO) config.h +$(BUILD_DIR)/%.o: %.c $(REQ) config.h @echo 'CC $@' $(CC) -c $(CFLAGS) $(LDFLAGS) $< -o $@ @@ -93,8 +102,9 @@ clean: distclean: clean rm -rf $(BUILD_DIR) +ifeq ($(USE_SYS_LIBS), no) $(MAKE) distclean -C deps/libnetfilter_queue || true $(MAKE) distclean -C deps/libmnl || true $(MAKE) distclean -C deps/libnfnetlink || true #$(MAKE) distclean -C deps/openssl || true - +endif