Waujito · Waujito · Oct 13, 2024 · Sep 26, 2024 · Sep 28, 2024 · Sep 28, 2024
diff --git a/.github/workflows/build-ci.yml b/.github/workflows/build-ci.yml
@@ -228,6 +228,48 @@ jobs:
           path: /builder/youtubeUnblock*.ipk
           if-no-files-found: error
 
+  build-openwrt-luci:
+    needs: prepare
+    runs-on: ubuntu-latest
+    container:
+      image: openwrt/sdk:x86_64-openwrt-23.05
+      options: --user root
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: 'openwrt'
+
+      - name: Prepare build
+        env:
+          VERSION: ${{ needs.prepare.outputs.version }}
+          SHA: ${{ needs.prepare.outputs.sha }}
+        run: |
+          sed -i "s/PKG_REV:=.*$/PKG_REV:=$SHA/;s/PKG_VERSION:=.*$/PKG_VERSION:=$VERSION-$SHA/" youtubeUnblock/Makefile
+
+      - name: Build packages
+        id: build
+        env:
+          VERSION: ${{ needs.prepare.outputs.version }}
+          SHA: ${{ needs.prepare.outputs.sha }}
+        working-directory: /builder
+        run: |
+          echo "src-link youtubeUnblock $GITHUB_WORKSPACE" >> feeds.conf
+          cat feeds.conf
+          ./scripts/feeds update youtubeUnblock
+          ./scripts/feeds install -a -p youtubeUnblock
+          make defconfig
+          make package/luci-app-youtubeUnblock/compile V=s
+          mv $(find ./bin -type f -name 'luci-app-youtubeUnblock*.ipk') ./luci-app-youtubeUnblock-$VERSION-$SHA.ipk
+
+      - name: Upload packages
+        if: steps.build.outcome == 'success'
+        uses: actions/upload-artifact@v4
+        with:
+          name: luci-app-youtubeUnblock
+          path: /builder/luci-app-youtubeUnblock*.ipk
+          if-no-files-found: error
+
   build-entware:
     needs: prepare
     runs-on: ubuntu-latest
@@ -341,3 +383,4 @@ jobs:
           files: |
             ./**/youtubeUnblock*.ipk
             ./**/youtubeUnblock*.tar.gz
+            ./**/luci-app-youtubeUnblock*.ipk
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,202 @@
+# Tests whether the youtubeUnblock builds properly
+
+name: "youtubeUnblock build test"
+
+on:
+  push:
+    branches: [ "main" ]
+    paths-ignore:
+      - '.editorconfig'
+      - '.gitignore'
+      - 'LICENSE'
+      - 'README.md'
+
+  pull_request:
+    branches: [ "main" ]
+    paths-ignore:
+      - '.editorconfig'
+      - '.gitignore'
+      - 'LICENSE'
+      - 'README.md'
+
+  workflow_dispatch:
+
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.gh.outputs.version }}
+      sha: ${{ steps.gh.outputs.sha }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: 'openwrt'
+
+      - name: GH
+        id: gh
+        env:
+          REPO: ${{ github.repository }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        shell: bash
+        run: |
+          echo "version=$(cat youtubeUnblock/Makefile | grep PKG_VERSION | sed 's/PKG_VERSION:=//')" >> $GITHUB_OUTPUT
+          if [[ "${{ github.event_name }}" != "pull_request" ]]; then
+            echo "sha=$(echo ${GITHUB_SHA::7})" >> $GITHUB_OUTPUT
+          else
+            echo "sha=$(gh api repos/$REPO/commits/main --jq '.sha[:7]')" >> $GITHUB_OUTPUT
+          fi
+
+  build-static:
+    needs: prepare
+    name: build-static ${{ matrix.arch }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        arch: [x86_64]
+        branch: [latest-stable]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build 
+        id: build
+        env:
+          ARCH: ${{ matrix.arch }}
+          VERSION: ${{ needs.prepare.outputs.version }}
+          SHA: ${{ needs.prepare.outputs.sha }}
+        shell: bash
+        run: |
+          make -j$(nproc)
+          strip -s build/youtubeUnblock
+          cp -va build/youtubeUnblock .
+          tar -czvf static-youtubeUnblock-$VERSION-$SHA-$PLATFORM.tar.gz youtubeUnblock youtubeUnblock.service README.md
+
+      - name: Upload artifacts
+        if: steps.build.outcome == 'success'
+        uses: actions/upload-artifact@v4
+        with:
+          name: static-youtubeUnblock-${{ matrix.arch }}
+          path: ./**/static-youtubeUnblock*.tar.gz
+
+  build-kmod:
+    needs: prepare
+    name: build-kmod ${{ matrix.kernel_version }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - kernel_version: "6.6.52"
+            source: "https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.6.52.tar.xz"
+            container_version: "24.04"
+
+          - kernel_version: "5.15.167"
+            source: "https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.167.tar.xz"
+            container_version: "24.04"
+
+          - kernel_version: "5.4.284"
+            source: "https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.4.284.tar.xz"
+            container_version: "24.04"
+
+          - kernel_version: "4.19.322"
+            source: "https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.19.322.tar.xz"
+            container_version: "24.04"
+
+          - kernel_version: "4.4.302"
+            source: "https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.4.302.tar.xz"
+            container_version: "24.04"
+
+          - kernel_version: "3.10.108"
+            source: "https://cdn.kernel.org/pub/linux/kernel/v3.x/linux-3.10.108.tar.xz"
+            container_version: "16.04"
+
+          - kernel_version: "3.0.101"
+            source: "https://cdn.kernel.org/pub/linux/kernel/v3.x/linux-3.0.101.tar.xz"
+            container_version: "14.04"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Restore builder from cache
+        id: cache-restore
+        uses: actions/cache/restore@v4
+        with:
+          path: ~/builder.tar
+          key: builder-${{ matrix.kernel_version }}
+
+      - name: Load builder from cache
+        if: steps.cache-restore.outputs.cache-hit == 'true'
+        run: |
+          docker import - builder < ~/builder.tar
+
+      - name: Prepare build env
+        if: steps.cache-restore.outputs.cache-hit != 'true'
+        run: |
+          mkdir ~/linux
+          pwd
+          ls /
+          ls ~
+
+      - name: Obtain kernel
+        if: steps.cache-restore.outputs.cache-hit != 'true'
+        run: |
+          cd ~/linux
+          wget ${{ matrix.source }} -O kernel.tar.xz -q
+          tar -xf kernel.tar.xz
+          rm -f kernel.tar.xz
+          /bin/bash -c "mv linux-* linux"
+          ls
+          ls linux
+
+      - name: Install docker
+        if: steps.cache-restore.outputs.cache-hit != 'true'
+        run: |
+          cd ~/linux
+          docker pull ubuntu:${{ matrix.container_version }}
+          docker container create --name ubu_builder -w / ubuntu:${{ matrix.container_version }} tail -f /dev/null
+          docker container start ubu_builder
+          docker container exec ubu_builder bash -c "apt update && apt install -y build-essential flex bc bison libelf-dev elfutils libssl-dev"
+          docker cp ./linux ubu_builder:/linux
+
+      - name: Build kernel
+        if: steps.cache-restore.outputs.cache-hit != 'true'
+        run: |
+          cd ~/linux
+          docker container exec -w /linux ubu_builder bash -c 'make defconfig'
+          docker container exec -w /linux ubu_builder bash -c 'make -j $(nproc)'
+
+      - name: Export container
+        if: steps.cache-restore.outputs.cache-hit != 'true'
+        run: |
+          cd ~/linux
+          docker container kill ubu_builder
+          docker container export ubu_builder > ubu_builder.tar
+          docker container rm ubu_builder
+          mv ./ubu_builder.tar ~/builder.tar
+          docker import - builder < ~/builder.tar
+
+      - name: Save kernel image to cache
+        if: steps.cache-restore.outputs.cache-hit != 'true'
+        id: cache-save
+        uses: actions/cache/save@v4
+        with:
+          path: ~/builder.tar
+          key: builder-${{ matrix.kernel_version }}
+
+      - name: Build kernel module
+        id: build
+        env:
+          VERSION: ${{ needs.prepare.outputs.version }}
+          SHA: ${{ needs.prepare.outputs.sha }}
+        shell: bash
+        run: |
+          docker run --rm -v ./:/youtubeUnblock -w /youtubeUnblock builder make kmake KERNEL_BUILDER_MAKEDIR:=/linux
+          tar -czvf kmod-youtubeUnblock-$VERSION-$SHA-linux-${{ matrix.kernel_version }}.tar.gz kyoutubeUnblock.ko
+
+      - name: Upload artifacts
+        if: steps.build.outcome == 'success'
+        uses: actions/upload-artifact@v4
+        with:
+          name: kmod-youtubeUnblock-linux-${{ matrix.kernel_version }}
+          path: ./**/kmod-youtubeUnblock*.tar.gz
+
diff --git a/Kbuild b/Kbuild
@@ -1,3 +1,3 @@
 obj-m := kyoutubeUnblock.o
-kyoutubeUnblock-objs := kytunblock.o mangle.o quic.o utils.o kmod_utils.o kargs.o
+kyoutubeUnblock-objs := kytunblock.o mangle.o quic.o utils.o kargs.o tls.o
 ccflags-y := -std=gnu99 -DKERNEL_SPACE -Wno-error -Wno-declaration-after-statement
diff --git a/README.md b/README.md
@@ -85,7 +85,9 @@ For nftables on OpenWRT rules comes out-of-the-box and stored under `/usr/share/
 
 Now we go to the configuration. For OpenWRT here is configuration via [UCI](https://openwrt.org/docs/guide-user/base-system/uci) and [LuCI](https://openwrt.org/docs/guide-user/luci/start) available (CLI and GUI respectively).
 
-Luci is a configuration interface for your router (which you connect when enter 192.168.1.1 in browser). LuCI configuration lives in **Services->youtubeUnblock** section. It is self descriptive, with description for each flag. Note, that after you push `Save & Apply` button, the configuration is applied automatically and the service is restarted.
+For **LuCI** aka **GUI** aka **web-interface of router** you should install **luci-app-youtubeUnblock** package like you did it with the normal youtubeUnblock package. Note, that lists of official opkg feeds should be loaded (**Do it with Update lists option**).
+
+LuCI configuration lives in **Services->youtubeUnblock** section. It is self descriptive, with description for each flag. Note, that after you push `Save & Apply` button, the configuration is applied automatically and the service is restarted.
 
 UCI configuration is available in /etc/config/youtubeUnblock file, in section `youtubeUnblock.youtubeUnblock`. The configuration is done with [flags](#flags). Note, that names of flags are not the same: you should replace `-` with `_`, you shouldn't use leading `--` for flag. Also you will enable toggle flags (without parameters) with `1`. 
 
@@ -181,6 +183,9 @@ Available flags:
 
 - `--fake-sni-seq-len=<length>` This flag specifies **youtubeUnblock** to build a complicated construction of fake client hello packets. length determines how much fakes will be sent. Defaults to **1**.
 
+- `--fake-sni-type={default|custom|random}` This flag specifies which faking message type should be used for fake packets. For `random`, the message of random length and with random payload will be sent. For `default` the default payload (sni=www.google.com) is used. And for the `custom` option, the payload from `--fake-custom-payload` section utilized. Defaults to `default`.
+- `--fake-custom-payload=<payload>` Useful with `--fake-sni-type=custom`. You should specify the payload for fake message manually. Use hex format: `--fake-custom-payload=0001020304` mean that 5 bytes sequence: `0x00`, `0x01`, `0x02`, `0x03`, `0x04` used as fake.
+
 - `--faking-strategy={randseq|ttl|tcp_check|pastseq|md5sum}` This flag determines the strategy of fake packets invalidation. Defaults to `randseq`
   - `randseq` specifies that random sequence/acknowledgemend random will be set. This option may be handled by provider which uses *conntrack* with drop on invalid *conntrack* state firewall rule enabled. 
   - `ttl` specifies that packet will be invalidated after `--faking-ttl=n` hops. `ttl` is better but may cause issues if unconfigured. 
@@ -226,8 +231,12 @@ Available flags:
 
 - `--packet-mark=<mark>` Use this option if youtubeUnblock conflicts with other systems rely on packet mark. Note that you may want to change accept rule for iptables to follow the mark.
 
+- `--fbegin` and `--fend` flags: youtubeUnblock supports multiple sets of strategies for specific filters. You may want to initiate a new set after the default one, like: `--sni-domains=googlevideo.com --faking-strategy=md5sum --fbegin --sni-domains=youtube.com --faking-strategy=tcp_check --fend --fbegin --sni-domains=l.google.com --faking-strategy=pastseq --fend`. Note, that the priority of these sets goes backwards: last is first, default (one that does not start with --fbegin) is last. If you start the new section, the default settings are implemented just like youtubeUnblock without any parameters. Note that the config above is just an example and won't work for you.
+
 ## Troubleshooting
 
+Check up [this issue](https://github.com/Waujito/youtubeUnblock/issues/148) for useful configs.
+
 If you got troubles with some sites and you sure that they are blocked by SNI (youtube for example), use may play around with [flags](#flags) and their combinations. At first it is recommended to try `--faking-strategy` flag and `--frag-sni-faked=1`.
 If you have troubles with some sites being proxied, you can play with flags values. For example, for someone `--faking-strategy=ttl` works. You should specify proper `--fake-sni-ttl=<ttl value>` where ttl is the amount of hops between you and DPI.
 
@@ -319,7 +328,9 @@ You can configure the module with its flags in insmod:
 insmod kyoutubeUnblock.ko fake_sni=1 exclude_domains=.ru quic_drop=1
 ```
 
-Note that the flags names are different from ones used for the regular youtubeUnblock(right like in UCI configuration for OpenWRT): replace `-` with `_` and no leading `--`. Also to configure togglers you should set them to `1` (`silent=1 quic_drop=1`)
+Note that the flags names are different from ones used for the regular youtubeUnblock(right like in UCI configuration for OpenWRT): replace `-` with `_` and no leading `--`. Also to configure togglers you should set them to `1` (`quic_drop=1`)
+
+Also a good thig to mention is verbosity. The kernel module combines --trace and --silent option to the one parameter `verbosity`. This parameter accepts 3 arguments: `trace`, `debug` and `silent`. I highly don't recommend to enable `trace` mod on router because it may cause huge problems with performance and even freeze your device. 
 
 Also a drop in replacement is supported for all the parameters excluding packet mark. A drop in replacement does not require module restart if you want to change the parameters. You can specify and check the parameters within module's directory inside the sysfs: `/sys/module/kyoutubeUnblock/parameters/`. For example, to set quic_drop to true you may use next command:
 ```sh