From a96d6213b1108785acec960f054f9efde5d77fdc Mon Sep 17 00:00:00 2001 From: Vadim Vetrov Date: Fri, 2 Aug 2024 10:19:04 +0300 Subject: [PATCH] Temporary fix #17 This commit will entirely disable Fake SNI if flag -DNO_FAKE_SNI is set --- Makefile | 2 +- README.md | 2 +- youtubeUnblock.c | 13 ++++++++++--- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 13ac831..43331c9 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ DEPSDIR := $(BUILD_DIR)/deps CC := gcc LD := gcc -CFLAGS:=-Wall -Wpedantic -Wno-unused-variable -I$(DEPSDIR)/include -Os +CFLAGS:=-Wall -Wpedantic -Wno-unused-variable -I$(DEPSDIR)/include -Os LDFLAGS:=-L$(DEPSDIR)/lib -static LIBNFNETLINK_CFLAGS := -I$(DEPSDIR)/include diff --git a/README.md b/README.md index fd094a9..49d9637 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ Also DNS over HTTPS (DOH) is preferred for additional anonimity. If you have any troubles with youtubeUnblock, here are some options to tune. If them don't work in your case, please, open an issue. You can pass these options in make CFLAGS (`make CFLAGS=...`) or edit CFLAGS variable in Makefile. Available flags: - -DUSE_SEG2_DELAY This flag forces youtubeUnblock to wait little bit before send the 2nd part of the split packet. You can tune the amount of time in `#define SEG2_DELAY 100` where 100 stands for milliseconds. -- -DNO_FAKE_SNI This flag forces youtubeUnblock to send at least three packets instead of one with TLS ClientHello: Fake ClientHello, 1st part of original ClientHello, 2nd part of original ClientHello. +- -DNO_FAKE_SNI This flag disables -DFAKE_SNI which forces youtubeUnblock to send at least three packets instead of one with TLS ClientHello: Fake ClientHello, 1st part of original ClientHello, 2nd part of original ClientHello. Use this flag if you got gen_fake_sni error. Track this issue in https://github.com/Waujito/youtubeUnblock/issues/17 - -DNOUSE_GSO This flag disables fix for Google Chrome fat ClientHello. The GSO is well tested now, so this flag probably won't fix anything. ## OpenWRT case diff --git a/youtubeUnblock.c b/youtubeUnblock.c index d899c07..d440795 100644 --- a/youtubeUnblock.c +++ b/youtubeUnblock.c @@ -701,18 +701,18 @@ static int process_packet(const struct packet_data packet) { #ifdef USE_TCP_SEGMENTATION + int ret = 0; +#ifdef FAKE_SNI struct pkt_buff *fake_sni = gen_fake_sni(ip_header, tcph); if (fake_sni == NULL) goto fallback; - int ret = 0; -#ifdef FAKE_SNI ret = send_raw_socket(fake_sni); -#endif if (ret < 0) { perror("send fake sni\n"); pktb_free(fake_sni); goto fallback; } +#endif size_t ipd_offset = vrd.sni_offset; size_t mid_offset = ipd_offset + vrd.sni_len / 2; @@ -725,14 +725,19 @@ static int process_packet(const struct packet_data packet) { if (pktb == NULL) { perror("pktb_alloc of payload"); +#ifdef FAKE_SNI pktb_free(fake_sni); +#endif goto fallback; } if (tcp4_frag(pktb, mid_offset, &frag1, &frag2) < 0) { perror("tcp4_frag"); pktb_free(pktb); +#ifdef FAKE_SNI pktb_free(fake_sni); +#endif + goto fallback; } @@ -764,7 +769,9 @@ static int process_packet(const struct packet_data packet) { err: pktb_free(frag2); pktb_free(pktb); +#ifdef FAKE_SNI pktb_free(fake_sni); +#endif #else // TODO: Implement compute of tcp checksum