Temporary fix #17

This commit will entirely disable Fake SNI if flag -DNO_FAKE_SNI is set
This commit is contained in:
Vadim Vetrov 2024-08-02 10:19:04 +03:00
parent 10006d464f
commit a96d6213b1
No known key found for this signature in database
GPG Key ID: E8A308689D7A73A5
3 changed files with 12 additions and 5 deletions

View File

@ -3,7 +3,7 @@ DEPSDIR := $(BUILD_DIR)/deps
CC := gcc CC := gcc
LD := gcc LD := gcc
CFLAGS:=-Wall -Wpedantic -Wno-unused-variable -I$(DEPSDIR)/include -Os CFLAGS:=-Wall -Wpedantic -Wno-unused-variable -I$(DEPSDIR)/include -Os
LDFLAGS:=-L$(DEPSDIR)/lib -static LDFLAGS:=-L$(DEPSDIR)/lib -static
LIBNFNETLINK_CFLAGS := -I$(DEPSDIR)/include LIBNFNETLINK_CFLAGS := -I$(DEPSDIR)/include

View File

@ -34,7 +34,7 @@ Also DNS over HTTPS (DOH) is preferred for additional anonimity.
If you have any troubles with youtubeUnblock, here are some options to tune. If them don't work in your case, please, open an issue. You can pass these options in make CFLAGS (`make CFLAGS=...`) or edit CFLAGS variable in Makefile. If you have any troubles with youtubeUnblock, here are some options to tune. If them don't work in your case, please, open an issue. You can pass these options in make CFLAGS (`make CFLAGS=...`) or edit CFLAGS variable in Makefile.
Available flags: Available flags:
- -DUSE_SEG2_DELAY This flag forces youtubeUnblock to wait little bit before send the 2nd part of the split packet. You can tune the amount of time in `#define SEG2_DELAY 100` where 100 stands for milliseconds. - -DUSE_SEG2_DELAY This flag forces youtubeUnblock to wait little bit before send the 2nd part of the split packet. You can tune the amount of time in `#define SEG2_DELAY 100` where 100 stands for milliseconds.
- -DNO_FAKE_SNI This flag forces youtubeUnblock to send at least three packets instead of one with TLS ClientHello: Fake ClientHello, 1st part of original ClientHello, 2nd part of original ClientHello. - -DNO_FAKE_SNI This flag disables -DFAKE_SNI which forces youtubeUnblock to send at least three packets instead of one with TLS ClientHello: Fake ClientHello, 1st part of original ClientHello, 2nd part of original ClientHello. Use this flag if you got gen_fake_sni error. Track this issue in https://github.com/Waujito/youtubeUnblock/issues/17
- -DNOUSE_GSO This flag disables fix for Google Chrome fat ClientHello. The GSO is well tested now, so this flag probably won't fix anything. - -DNOUSE_GSO This flag disables fix for Google Chrome fat ClientHello. The GSO is well tested now, so this flag probably won't fix anything.
## OpenWRT case ## OpenWRT case

View File

@ -701,18 +701,18 @@ static int process_packet(const struct packet_data packet) {
#ifdef USE_TCP_SEGMENTATION #ifdef USE_TCP_SEGMENTATION
int ret = 0;
#ifdef FAKE_SNI
struct pkt_buff *fake_sni = gen_fake_sni(ip_header, tcph); struct pkt_buff *fake_sni = gen_fake_sni(ip_header, tcph);
if (fake_sni == NULL) goto fallback; if (fake_sni == NULL) goto fallback;
int ret = 0;
#ifdef FAKE_SNI
ret = send_raw_socket(fake_sni); ret = send_raw_socket(fake_sni);
#endif
if (ret < 0) { if (ret < 0) {
perror("send fake sni\n"); perror("send fake sni\n");
pktb_free(fake_sni); pktb_free(fake_sni);
goto fallback; goto fallback;
} }
#endif
size_t ipd_offset = vrd.sni_offset; size_t ipd_offset = vrd.sni_offset;
size_t mid_offset = ipd_offset + vrd.sni_len / 2; size_t mid_offset = ipd_offset + vrd.sni_len / 2;
@ -725,14 +725,19 @@ static int process_packet(const struct packet_data packet) {
if (pktb == NULL) { if (pktb == NULL) {
perror("pktb_alloc of payload"); perror("pktb_alloc of payload");
#ifdef FAKE_SNI
pktb_free(fake_sni); pktb_free(fake_sni);
#endif
goto fallback; goto fallback;
} }
if (tcp4_frag(pktb, mid_offset, &frag1, &frag2) < 0) { if (tcp4_frag(pktb, mid_offset, &frag1, &frag2) < 0) {
perror("tcp4_frag"); perror("tcp4_frag");
pktb_free(pktb); pktb_free(pktb);
#ifdef FAKE_SNI
pktb_free(fake_sni); pktb_free(fake_sni);
#endif
goto fallback; goto fallback;
} }
@ -764,7 +769,9 @@ static int process_packet(const struct packet_data packet) {
err: err:
pktb_free(frag2); pktb_free(frag2);
pktb_free(pktb); pktb_free(pktb);
#ifdef FAKE_SNI
pktb_free(fake_sni); pktb_free(fake_sni);
#endif
#else #else
// TODO: Implement compute of tcp checksum // TODO: Implement compute of tcp checksum