Add --no-dport-filter flag

This flag allows to reduce amount of network packet to analyze.

README.md

@@ -278,6 +278,8 @@ Flags that do not scoped to a specific section, used over all the youtubeUnblock
 
 - `--quic-drop` Drop all QUIC packets which goes to youtubeUnblock. Won't affect any other UDP packets. Just an alias for `--udp-filter-quic=all --udp-mode=drop`.
 
+- `--no-dport-filter` By default, youtubeUnblock will filter for TLS and QUIC 443. If you want to disable it, pass this flag. (this does not affect `--udp-dport-filter`)
+
 ## UDP/QUIC
 
 UDP is another communication protocol. Well-known technologies that use it are DNS, QUIC, voice chats. UDP does not provide reliable connection and its header is much simpler than TCP thus fragmentation is limited. The support provided primarily by faking. 

src/args.c

@@ -269,6 +269,7 @@ enum {
 	OPT_PACKET_MARK,
 	OPT_SYNFAKE,
 	OPT_SYNFAKE_LEN,
+	OPT_NO_DPORT_FILTER,
 	OPT_SEG2DELAY,
 	OPT_THREADS,
 	OPT_SILENT,
@@ -318,6 +319,7 @@ static struct option long_opt[] = {
 	{"udp-faking-strategy",	1, 0, OPT_UDP_FAKING_STRATEGY},
 	{"udp-dport-filter",	1, 0, OPT_UDP_DPORT_FILTER},
 	{"udp-filter-quic",	1, 0, OPT_UDP_FILTER_QUIC},
+	{"no-dport-filter",	0, 0, OPT_NO_DPORT_FILTER},
 	{"threads",		1, 0, OPT_THREADS},
 	{"silent",		0, 0, OPT_SILENT},
 	{"trace",		0, 0, OPT_TRACE},
@@ -381,6 +383,7 @@ void print_usage(const char *argv0) {
 	printf("\t--udp-faking-strategy={checksum|ttl|none}\n");
 	printf("\t--udp-dport-filter=<5,6,200-500>\n");
 	printf("\t--udp-filter-quic={disabled|all|parse}\n");
+	printf("\t--no-dport-filter\n");
 	printf("\t--threads=<threads number>\n");
 	printf("\t--packet-mark=<mark>\n");
 	printf("\t--connbytes-limit=<pkts>\n");
@@ -712,6 +715,9 @@ int yparse_args(int argc, char *argv[]) {
 			sect_config->fk_winsize = num;
 			break;
 
+		case OPT_NO_DPORT_FILTER:
+			sect_config->dport_filter = 0;
+			break;
 		case OPT_SEG2DELAY:
 			num = parse_numeric_option(optarg);
 			if (errno != 0 || num < 0) {
@@ -1014,6 +1020,10 @@ static size_t print_config_section(const struct section_config_t *section, char
 		}
 	}
 
+	if (section->dport_filter == 0) {
+		print_cnf_buf("--no-dport-filter");	
+	}
+
 	return buffer_size - buf_sz;
 }
 // Returns written buffer length

src/config.h

@@ -92,6 +92,8 @@ struct section_config_t {
 	unsigned int fk_winsize;
 	int fakeseq_offset;
 
+	int dport_filter;
+
 #define SNI_DETECTION_PARSE 0
 #define SNI_DETECTION_BRUTE 1
 	int sni_detection;
@@ -244,6 +246,7 @@ enum {
 	.synfake = 0,                                           \
 	.synfake_len = 0,                                       \
                                                                 \
+	.dport_filter = 1,	                                \
 	.seg2_delay = 0,                                        \
                                                                 \
 	.sni_detection = SNI_DETECTION_PARSE,                   \

src/mangle.c

@@ -214,6 +214,11 @@ int process_tcp_packet(const struct section_config_t *section, const uint8_t *ra
 		goto accept;
 	}
 
+	// As defined by TLS standard.
+	if (section->dport_filter && ntohs(tcph->dest) != 443) {
+		goto accept;
+	}
+
 	if (tcph->syn && section->synfake) {
 		lgtrace_addp("TCP syn alter");
 

src/quic.c

@@ -431,6 +431,10 @@ int detect_udp_filtered(const struct section_config_t *section,
 	}
 	
 	if (section->udp_filter_quic != UDP_FILTER_QUIC_DISABLED) {
+		if (section->dport_filter && ntohs(udph->dest) != 443)
+			goto match_port;
+
+
 		const struct quic_lhdr *qch;
 		size_t qch_len;
 		struct quic_cids qci;