mirror of
https://github.com/Waujito/youtubeUnblock.git
synced 2025-01-08 17:48:08 +00:00
Fix #40
This commit is contained in:
parent
22573b7d12
commit
fb47d80543
@ -36,6 +36,7 @@ Also DNS over HTTPS (DOH) is preferred for additional anonimity.
|
|||||||
|
|
||||||
## Flags
|
## Flags
|
||||||
Available flags:
|
Available flags:
|
||||||
|
- `--sni-domains=<comma separated domain list>|all` - List of domains you want to be handled by sni. Use this string if you want to change default domains. Defaults to `googlevideo.com,youtube.com,ggpht.com,ytimg.com`. You can pass all if you want for every Client Hello to be handled.
|
||||||
- `--seg2delay=<delay>` - This flag forces youtubeUnblock to wait little bit before send the 2nd part of the split packet.
|
- `--seg2delay=<delay>` - This flag forces youtubeUnblock to wait little bit before send the 2nd part of the split packet.
|
||||||
- `--fake-sni={ack,ttl, none}` This flag enables fake-sni which forces youtubeUnblock to send at least three packets instead of one with TLS ClientHello: Fake ClientHello, 1st part of original ClientHello, 2nd part of original ClientHello. This flag may be related to some Operation not permitted error messages, so befor open an issue refer to FAQ for EPERMS. Note, that this flag is set to `ack` by default. You may disable fake sni by setting it to `none`. Note, that your ISP may have conntrack drop on invalid state enabled, so this flag won't work. Use `ttl` to escape that.
|
- `--fake-sni={ack,ttl, none}` This flag enables fake-sni which forces youtubeUnblock to send at least three packets instead of one with TLS ClientHello: Fake ClientHello, 1st part of original ClientHello, 2nd part of original ClientHello. This flag may be related to some Operation not permitted error messages, so befor open an issue refer to FAQ for EPERMS. Note, that this flag is set to `ack` by default. You may disable fake sni by setting it to `none`. Note, that your ISP may have conntrack drop on invalid state enabled, so this flag won't work. Use `ttl` to escape that.
|
||||||
- `--fake-sni-ttl=<ttl>` Tunes the time to live of fake sni messages. TTL is specified like that the packet will go through the TSPU and captured by it, but will not reach the destination server. Defaults to 8.
|
- `--fake-sni-ttl=<ttl>` Tunes the time to live of fake sni messages. TTL is specified like that the packet will go through the TSPU and captured by it, but will not reach the destination server. Defaults to 8.
|
||||||
|
5
config.h
5
config.h
@ -9,6 +9,9 @@ struct config_t {
|
|||||||
int fake_sni_strategy;
|
int fake_sni_strategy;
|
||||||
int verbose;
|
int verbose;
|
||||||
unsigned int seg2_delay;
|
unsigned int seg2_delay;
|
||||||
|
const char *domains_str;
|
||||||
|
unsigned int domains_strlen;
|
||||||
|
unsigned int all_domains;
|
||||||
};
|
};
|
||||||
extern struct config_t config;
|
extern struct config_t config;
|
||||||
|
|
||||||
@ -66,3 +69,5 @@ extern struct config_t config;
|
|||||||
// The Maximum Transmission Unit size for rawsocket
|
// The Maximum Transmission Unit size for rawsocket
|
||||||
// Larger packets will be fragmented. Applicable for Chrome's kyber.
|
// Larger packets will be fragmented. Applicable for Chrome's kyber.
|
||||||
#define AVAILABLE_MTU 1384
|
#define AVAILABLE_MTU 1384
|
||||||
|
|
||||||
|
static const char defaul_snistr[] = "googlevideo.com,youtube.com,ggpht.com,ytimg.com";
|
||||||
|
35
mangle.c
35
mangle.c
@ -285,10 +285,6 @@ int tcp4_frag(const __u8 *pkt, __u32 buflen, __u32 payload_offset,
|
|||||||
#define TLS_EXTENSION_SNI 0x0000
|
#define TLS_EXTENSION_SNI 0x0000
|
||||||
#define TLS_EXTENSION_CLIENT_HELLO_ENCRYPTED 0xfe0d
|
#define TLS_EXTENSION_CLIENT_HELLO_ENCRYPTED 0xfe0d
|
||||||
|
|
||||||
const char googlevideo_ending[] = "googlevideo.com";
|
|
||||||
const int googlevideo_len = 15;
|
|
||||||
|
|
||||||
|
|
||||||
typedef __u8 uint8_t;
|
typedef __u8 uint8_t;
|
||||||
typedef __u32 uint32_t;
|
typedef __u32 uint32_t;
|
||||||
typedef __u16 uint16_t;
|
typedef __u16 uint16_t;
|
||||||
@ -401,19 +397,33 @@ struct verdict analyze_tls_data(
|
|||||||
if (sni_ext_ptr + sni_len > sni_ext_end) break;
|
if (sni_ext_ptr + sni_len > sni_ext_end) break;
|
||||||
|
|
||||||
char *sni_name = (char *)sni_ext_ptr;
|
char *sni_name = (char *)sni_ext_ptr;
|
||||||
// sni_len
|
|
||||||
|
|
||||||
vrd.sni_offset = (uint8_t *)sni_name - data;
|
vrd.sni_offset = (uint8_t *)sni_name - data;
|
||||||
vrd.sni_len = sni_len;
|
vrd.sni_len = sni_len;
|
||||||
|
|
||||||
char *gv_startp = sni_name + sni_len - googlevideo_len;
|
if (config.all_domains) {
|
||||||
if (sni_len >= googlevideo_len &&
|
vrd.target_sni = 1;
|
||||||
sni_len < 128 &&
|
goto out;
|
||||||
!strncmp(gv_startp,
|
}
|
||||||
googlevideo_ending,
|
|
||||||
googlevideo_len)) {
|
|
||||||
|
|
||||||
vrd.gvideo_hello = 1;
|
|
||||||
|
unsigned int j = 0;
|
||||||
|
for (unsigned int i = 0; i < config.domains_strlen; i++) {
|
||||||
|
if (config.domains_str[i] == ',' || config.domains_str[i] == '\n') {
|
||||||
|
unsigned int domain_len = (i - j);
|
||||||
|
const char *sni_startp = sni_name + sni_len - domain_len;
|
||||||
|
const char *domain_startp = config.domains_str + j;
|
||||||
|
|
||||||
|
if (sni_len >= domain_len &&
|
||||||
|
sni_len < 128 &&
|
||||||
|
!strncmp(sni_startp,
|
||||||
|
domain_startp,
|
||||||
|
domain_len)) {
|
||||||
|
vrd.target_sni = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
j = i + 1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
nextExtension:
|
nextExtension:
|
||||||
@ -423,6 +433,7 @@ nextMessage:
|
|||||||
i += 5 + message_length;
|
i += 5 + message_length;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
out:
|
||||||
return vrd;
|
return vrd;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
2
mangle.h
2
mangle.h
@ -32,7 +32,7 @@ typedef __u32 uint32_t;
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
struct verdict {
|
struct verdict {
|
||||||
int gvideo_hello; /* google video hello packet */
|
int target_sni; /* google video hello packet */
|
||||||
int sni_offset; /* offset from start of tcp _payload_ */
|
int sni_offset; /* offset from start of tcp _payload_ */
|
||||||
int sni_len;
|
int sni_len;
|
||||||
};
|
};
|
||||||
|
@ -55,6 +55,8 @@ struct config_t config = {
|
|||||||
#else
|
#else
|
||||||
.verbose = false,
|
.verbose = false,
|
||||||
#endif
|
#endif
|
||||||
|
.domains_str = defaul_snistr,
|
||||||
|
.domains_strlen = sizeof(defaul_snistr),
|
||||||
};
|
};
|
||||||
|
|
||||||
const char* get_value(const char *option, const char *prefix)
|
const char* get_value(const char *option, const char *prefix)
|
||||||
@ -111,6 +113,21 @@ int parse_option(const char* option) {
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ((value = get_value(option, "--sni-domains")) != 0) {
|
||||||
|
if (!value) {
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (strcmp(value, "all")) {
|
||||||
|
config.all_domains = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
config.domains_str = value;
|
||||||
|
config.domains_strlen = strlen(value);
|
||||||
|
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
if ((value = get_value(option, "--frag=")) != 0) {
|
if ((value = get_value(option, "--frag=")) != 0) {
|
||||||
if (!value) {
|
if (!value) {
|
||||||
goto err;
|
goto err;
|
||||||
@ -212,6 +229,7 @@ errormsg_help:
|
|||||||
err = errno;
|
err = errno;
|
||||||
printf("Usage: %s <queue_num> [OPTIONS]\n", argv[0]);
|
printf("Usage: %s <queue_num> [OPTIONS]\n", argv[0]);
|
||||||
printf("Options:\n");
|
printf("Options:\n");
|
||||||
|
printf("\t--sni-domains=<comma separated domain list>|all\n");
|
||||||
printf("\t--fake-sni={ack,ttl,none}\n");
|
printf("\t--fake-sni={ack,ttl,none}\n");
|
||||||
printf("\t--fake-sni-ttl=<ttl>\n");
|
printf("\t--fake-sni-ttl=<ttl>\n");
|
||||||
printf("\t--frag={tcp,ip,none}\n");
|
printf("\t--frag={tcp,ip,none}\n");
|
||||||
@ -493,9 +511,9 @@ static int process_packet(const struct packet_data packet, struct queue_data qda
|
|||||||
verdnlh = nfq_nlmsg_put(buf, NFQNL_MSG_VERDICT, qdata.queue_num);
|
verdnlh = nfq_nlmsg_put(buf, NFQNL_MSG_VERDICT, qdata.queue_num);
|
||||||
nfq_nlmsg_verdict_put(verdnlh, packet.id, NF_ACCEPT);
|
nfq_nlmsg_verdict_put(verdnlh, packet.id, NF_ACCEPT);
|
||||||
|
|
||||||
if (vrd.gvideo_hello) {
|
if (vrd.target_sni) {
|
||||||
if (config.verbose)
|
if (config.verbose)
|
||||||
printf("Google video!\n");
|
printf("SNI target detected\n");
|
||||||
|
|
||||||
if (dlen > 1480) {
|
if (dlen > 1480) {
|
||||||
if (config.verbose)
|
if (config.verbose)
|
||||||
|
Loading…
Reference in New Issue
Block a user