Merge branch 'main' into kmod

This commit is contained in:
Vadim Vetrov 2024-09-07 15:51:43 +03:00
commit ed6979cbcd
No known key found for this signature in database
GPG Key ID: E8A308689D7A73A5
5 changed files with 61 additions and 8 deletions

View File

@ -137,7 +137,9 @@ Put flags to the **BINARY**, not an init script. If you are on OpenWRT you shoul
Available flags: Available flags:
- `--sni-domains=<comma separated domain list>|all` List of domains you want to be handled by SNI. Use this string if you want to change default domain list. Defaults to `googlevideo.com,ggpht.com,ytimg.com,youtube.com,play.google.com,youtu.be,googleapis.com,googleusercontent.com,gstatic.com,l.google.com`. You can pass **all** if you want for every *ClientHello* to be handled. - `--sni-domains=<comma separated domain list>|all` List of domains you want to be handled by SNI. Use this string if you want to change default domain list. Defaults to `googlevideo.com,ggpht.com,ytimg.com,youtube.com,play.google.com,youtu.be,googleapis.com,googleusercontent.com,gstatic.com,l.google.com`. You can pass **all** if you want for every *ClientHello* to be handled. You can exclude some domains from _all_ with `--exclude-domains` flag.
- `--exclude-domains=<comma separated domain list>` List of domains to be excluded from targetting. Useful if you use `--sni-domains=all` and want for some websites to not be targetted by youtubeUnblock. Also the use case is subdomains (for example if you unblock l.google.com, dl.google.com will be also targetted. You can pass it to this flag and it will be ignored).
- `--queue-num=<number of netfilter queue>` The number of netfilter queue **youtubeUnblock** will be linked to. Defaults to **537**. - `--queue-num=<number of netfilter queue>` The number of netfilter queue **youtubeUnblock** will be linked to. Defaults to **537**.
@ -202,9 +204,7 @@ If your browser is using QUIC it may not work properly. Disable it in Chrome in
Televisions are the biggest headache. Televisions are the biggest headache.
In [this issue](https://github.com/Waujito/youtubeUnblock/issues/59) the problem has been resolved. In [this issue](https://github.com/Waujito/youtubeUnblock/issues/59) the problem has been resolved. And now youtubeUnblock should work with default flags. If not, play around with faking strategies and other flags. Also you might be have to disable QUIC. To do it you may use `--quic-drop` [flag](#flags) with proper firewall configuration (check description of the flag). Note, that this flag won't disable gQUIC and some TVs may relay on it. To disable gQUIC you will need to block the entire 443 port for udp in firewall configuration:
If you have troubles with televisions try `--faking-strategy=ttl` flag and play around with `--faking-ttl=n`. See [#flags](#flags) for more details. Also you might be have to disable QUIC. To do it you may use `--quic-drop` [flag](#flags) with proper firewall configuration (check description of the flag). Note, that this flag won't disable gQUIC and some TVs may relay on it. To disable gQUIC you will need to block the entire 443 port for udp in firewall configuration:
For **nftables** do For **nftables** do
``` ```

12
args.c
View File

@ -49,12 +49,16 @@ struct config_t config = {
.domains_str = defaul_snistr, .domains_str = defaul_snistr,
.domains_strlen = sizeof(defaul_snistr), .domains_strlen = sizeof(defaul_snistr),
.exclude_domains_str = "",
.exclude_domains_strlen = 0,
.queue_start_num = DEFAULT_QUEUE_NUM, .queue_start_num = DEFAULT_QUEUE_NUM,
.fake_sni_pkt = fake_sni_old, .fake_sni_pkt = fake_sni_old,
.fake_sni_pkt_sz = sizeof(fake_sni_old) - 1, // - 1 for null-terminator .fake_sni_pkt_sz = sizeof(fake_sni_old) - 1, // - 1 for null-terminator
}; };
#define OPT_SNI_DOMAINS 1 #define OPT_SNI_DOMAINS 1
#define OPT_EXCLUDE_DOMAINS 25
#define OPT_FAKE_SNI 2 #define OPT_FAKE_SNI 2
#define OPT_FAKING_TTL 3 #define OPT_FAKING_TTL 3
#define OPT_FAKING_STRATEGY 10 #define OPT_FAKING_STRATEGY 10
@ -79,12 +83,13 @@ struct config_t config = {
#define OPT_NO_GSO 8 #define OPT_NO_GSO 8
#define OPT_QUEUE_NUM 9 #define OPT_QUEUE_NUM 9
#define OPT_MAX OPT_SYNFAKE_LEN #define OPT_MAX OPT_SNI_DOMAINS
static struct option long_opt[] = { static struct option long_opt[] = {
{"help", 0, 0, 'h'}, {"help", 0, 0, 'h'},
{"version", 0, 0, 'v'}, {"version", 0, 0, 'v'},
{"sni-domains", 1, 0, OPT_SNI_DOMAINS}, {"sni-domains", 1, 0, OPT_SNI_DOMAINS},
{"exclude-domains", 1, 0, OPT_EXCLUDE_DOMAINS},
{"fake-sni", 1, 0, OPT_FAKE_SNI}, {"fake-sni", 1, 0, OPT_FAKE_SNI},
{"synfake", 1, 0, OPT_SYNFAKE}, {"synfake", 1, 0, OPT_SYNFAKE},
{"synfake-len", 1, 0, OPT_SYNFAKE_LEN}, {"synfake-len", 1, 0, OPT_SYNFAKE_LEN},
@ -142,6 +147,7 @@ void print_usage(const char *argv0) {
printf("Options:\n"); printf("Options:\n");
printf("\t--queue-num=<number of netfilter queue>\n"); printf("\t--queue-num=<number of netfilter queue>\n");
printf("\t--sni-domains=<comma separated domain list>|all\n"); printf("\t--sni-domains=<comma separated domain list>|all\n");
printf("\t--exclude-domains=<comma separated domain list>\n");
printf("\t--fake-sni={1|0}\n"); printf("\t--fake-sni={1|0}\n");
printf("\t--fake-sni-seq-len=<length>\n"); printf("\t--fake-sni-seq-len=<length>\n");
printf("\t--fake-seq-offset=<offset>\n"); printf("\t--fake-seq-offset=<offset>\n");
@ -203,6 +209,10 @@ int parse_args(int argc, char *argv[]) {
config.domains_str = optarg; config.domains_str = optarg;
config.domains_strlen = strlen(config.domains_str); config.domains_strlen = strlen(config.domains_str);
break; break;
case OPT_EXCLUDE_DOMAINS:
config.exclude_domains_str = optarg;
config.exclude_domains_strlen = strlen(config.exclude_domains_str);
break;
case OPT_SNI_DETECTION: case OPT_SNI_DETECTION:
if (strcmp(optarg, "parse") == 0) { if (strcmp(optarg, "parse") == 0) {
config.sni_detection = SNI_DETECTION_PARSE; config.sni_detection = SNI_DETECTION_PARSE;

View File

@ -44,6 +44,8 @@ struct config_t {
unsigned int seg2_delay; unsigned int seg2_delay;
const char *domains_str; const char *domains_str;
unsigned int domains_strlen; unsigned int domains_strlen;
const char *exclude_domains_str;
unsigned int exclude_domains_strlen;
unsigned int all_domains; unsigned int all_domains;
const char *fake_sni_pkt; const char *fake_sni_pkt;
unsigned int fake_sni_pkt_sz; unsigned int fake_sni_pkt_sz;

10
kargs.c
View File

@ -135,12 +135,18 @@ static int exclude_domains_set(const char *val, const struct kernel_param *kp) {
ret = param_set_charp(val, kp); ret = param_set_charp(val, kp);
if (ret < 0) { if (ret < 0) {
config.domains_strlen = 0; config.exclude_domains_strlen = 0;
} else { } else {
config.domains_strlen = len; config.exclude_domains_strlen = len;
} }
return ret; return ret;
} }
static const struct kernel_param_ops exclude_domains_ops = {
.set = exclude_domains_set,
.get = param_get_charp,
};
module_param_cb(exclude_domains, &exclude_domains_ops, &config.exclude_domains_str, 0664);

View File

@ -766,7 +766,7 @@ struct tls_verdict analyze_tls_data(
if (config.all_domains) { if (config.all_domains) {
vrd.target_sni = 1; vrd.target_sni = 1;
goto out; goto check_domain;
} }
@ -788,12 +788,46 @@ struct tls_verdict analyze_tls_data(
domain_startp, domain_startp,
domain_len)) { domain_len)) {
vrd.target_sni = 1; vrd.target_sni = 1;
goto check_domain;
} }
j = i + 1; j = i + 1;
} }
} }
check_domain:
if (vrd.target_sni == 1 && config.exclude_domains_strlen != 0) {
unsigned int j = 0;
for (unsigned int i = 0; i <= config.exclude_domains_strlen; i++) {
if ( i > j &&
(i == config.exclude_domains_strlen ||
config.exclude_domains_str[i] == '\0' ||
config.exclude_domains_str[i] == ',' ||
config.exclude_domains_str[i] == '\n' )) {
unsigned int domain_len = (i - j);
const char *sni_startp = sni_name + sni_len - domain_len;
const char *domain_startp = config.exclude_domains_str + j;
if (sni_len >= domain_len &&
sni_len < 128 &&
!strncmp(sni_startp,
domain_startp,
domain_len)) {
vrd.target_sni = 0;
lgdebugmsg("Excluded SNI: %.*s",
vrd.sni_len, data + vrd.sni_offset);
goto out;
}
j = i + 1;
}
}
}
goto out;
nextExtension: nextExtension:
extensionsPtr += 2 + 2 + extensionLen; extensionsPtr += 2 + 2 + extensionLen;
} }
@ -804,6 +838,7 @@ nextMessage:
out: out:
return vrd; return vrd;
brute: brute:
if (config.all_domains) { if (config.all_domains) {
vrd.target_sni = 1; vrd.target_sni = 1;