Fix #40 (finally)

Makefiles correction for destdir/prefix support

Makefile

@@ -3,12 +3,12 @@ KMAKE_TARGETS := kmake kload kunload kreload xmod xtclean
 
 .PHONY: $(USPACE_TARGETS) $(KMAKE_TARGETS) clean
 $(USPACE_TARGETS):
-	@$(MAKE) -f uspace.mk $@
+	@$(MAKE) -ef uspace.mk $@
 
 $(KMAKE_TARGETS):
-	@$(MAKE) -f kmake.mk $@
+	@$(MAKE) -ef kmake.mk $@
 
 clean:
-	-@$(MAKE) -f kmake.mk kclean
-	@$(MAKE) -f uspace.mk clean
+	-@$(MAKE) -ef kmake.mk kclean
+	@$(MAKE) -ef uspace.mk clean
 

README.md

@@ -36,6 +36,7 @@ Also DNS over HTTPS (DOH) is preferred for additional anonimity.
 
 ## Flags
 Available flags:
+- `--sni-domains=<comma separated domain list>|all` - List of domains you want to be handled by sni. Use this string if you want to change default domains. Defaults to `googlevideo.com,youtube.com,ggpht.com,ytimg.com`. You can pass all if you want for every Client Hello to be handled.
 - `--seg2delay=<delay>` - This flag forces youtubeUnblock to wait little bit before send the 2nd part of the split packet.
 - `--fake-sni={ack,ttl, none}` This flag enables fake-sni which forces youtubeUnblock to send at least three packets instead of one with TLS ClientHello: Fake ClientHello, 1st part of original ClientHello, 2nd part of original ClientHello. This flag may be related to some Operation not permitted error messages, so befor open an issue refer to FAQ for EPERMS. Note, that this flag is set to `ack` by default. You may disable fake sni by setting it to `none`. Note, that your ISP may have conntrack drop on invalid state enabled, so this flag won't work. Use `ttl` to escape that.
 - `--fake-sni-ttl=<ttl>` Tunes the time to live of fake sni messages. TTL is specified like that the packet will go through the TSPU and captured by it, but will not reach the destination server. Defaults to 8.
@@ -46,6 +47,8 @@ Available flags:
 
 If you are on Chromium you may have to disable kyber (the feature that makes the TLS ClientHello very fat). I've got the problem with it on router, so to escape possibly errors it is better to just disable it: in chrome://flags search for kyber and switch it to disabled state. 
 
+If your browser is using quic it may not work properly. Disable it in chrome in chrome://flags and in Firefox network.http.http{2,3}.enable(d) in about:config
+
 ### Troubleshooting EPERMS (Operation not permitted)
 EPERM may occur in a lot of places but generally here are two: mnl_cb_run and when sending the packet via rawsocket (raw_frags_send and send fake sni).
 - mnl_cb_run Operation not permitted indicates that another instance of youtubeUnblock is running on the specified queue-num.

config.h

@@ -9,6 +9,9 @@ struct config_t {
 	int  fake_sni_strategy;
 	int verbose;
 	unsigned int seg2_delay;
+	const char *domains_str;
+	unsigned int domains_strlen;
+	unsigned int all_domains;
 };
 extern struct config_t config;
 
@@ -66,3 +69,5 @@ extern struct config_t config;
 // The Maximum Transmission Unit size for rawsocket
 // Larger packets will be fragmented. Applicable for Chrome's kyber.
 #define AVAILABLE_MTU 1384
+
+static const char defaul_snistr[] = "googlevideo.com,ggpht.com,ytimg.com,l.google.com,youtube.com,play.google.com";

mangle.c

@@ -285,10 +285,6 @@ int tcp4_frag(const __u8 *pkt, __u32 buflen, __u32 payload_offset,
 #define TLS_EXTENSION_SNI 0x0000
 #define TLS_EXTENSION_CLIENT_HELLO_ENCRYPTED 0xfe0d
 
-const char googlevideo_ending[] = "googlevideo.com";
-const int googlevideo_len = 15;
-
-
 typedef __u8 uint8_t;
 typedef __u32 uint32_t;
 typedef __u16 uint16_t;
@@ -401,19 +397,33 @@ struct verdict analyze_tls_data(
 			if (sni_ext_ptr + sni_len > sni_ext_end) break;
 
 			char *sni_name = (char *)sni_ext_ptr;
-			// sni_len
 
 			vrd.sni_offset = (uint8_t *)sni_name - data;
 			vrd.sni_len = sni_len;
 
-			char *gv_startp = sni_name + sni_len - googlevideo_len;
-			if (sni_len >= googlevideo_len &&
-				sni_len < 128 && 
-				!strncmp(gv_startp, 
-				googlevideo_ending, 
-				googlevideo_len)) {
+			if (config.all_domains) {
+				vrd.target_sni = 1;
+				goto out;
+			}
 
-				vrd.gvideo_hello = 1;
+
+			unsigned int j = 0;
+			for (unsigned int i = 0; i < config.domains_strlen; i++) {
+				if (config.domains_str[i] == ',' || config.domains_str[i] == '\n') {
+					unsigned int domain_len = (i - j);
+					const char *sni_startp = sni_name + sni_len - domain_len;
+					const char *domain_startp = config.domains_str + j;
+
+					if (sni_len >= domain_len &&
+						sni_len < 128 && 
+						!strncmp(sni_startp, 
+						domain_startp, 
+						domain_len)) {
+							vrd.target_sni = 1;
+					}
+
+					j = i + 1;
+				}
 			}
 
 nextExtension:
@@ -423,6 +433,7 @@ nextMessage:
 		i += 5 + message_length;
 	}
 
+out:
 	return vrd;
 }
 

mangle.h

@@ -32,7 +32,7 @@ typedef __u32 uint32_t;
 #endif
 
 struct verdict {
-	int gvideo_hello; /* google video hello packet */
+	int target_sni; /* google video hello packet */
 	int sni_offset; /* offset from start of tcp _payload_ */
 	int sni_len;
 };

uspace.mk

@@ -16,8 +16,6 @@ LIBMNL_LIBS := -L$(DEPSDIR)/lib
 # PREFIX is environment variable, if not set default to /usr/local
 ifeq ($(PREFIX),)
 	PREFIX := /usr/local
-else
-	PREFIX := $(DESTDIR)
 endif
 
 export CC CCLD LD CFLAGS LDFLAGS LIBNFNETLINK_CFLAGS LIBNFNETLINK_LIBS LIBMNL_CFLAGS LIBMNL_LIBS
@@ -73,16 +71,16 @@ $(BUILD_DIR)/%.o: %.c $(LIBNETFILTER_QUEUE) $(LIBMNL) config.h
 	$(CC) -c $(CFLAGS) $(LDFLAGS) $< -o $@
 
 install: all
-	install -d $(PREFIX)/bin/
-	install -m 755 $(APP) $(PREFIX)/bin/
-	install -d $(PREFIX)/lib/systemd/system/
+	install -d $(DESTDIR)$(PREFIX)/bin/
+	install -m 755 $(APP) $(DESTDIR)$(PREFIX)/bin/
+	install -d $(DESTDIR)$(PREFIX)/lib/systemd/system/
 	@cp youtubeUnblock.service $(BUILD_DIR)
 	@sed -i 's/$$(PREFIX)/$(subst /,\/,$(PREFIX))/g' $(BUILD_DIR)/youtubeUnblock.service
-	install -m 644 $(BUILD_DIR)/youtubeUnblock.service $(PREFIX)/lib/systemd/system/
+	install -m 644 $(BUILD_DIR)/youtubeUnblock.service $(DESTDIR)$(PREFIX)/lib/systemd/system/
 
 uninstall:
-	rm $(PREFIX)/bin/youtubeUnblock
-	rm $(PREFIX)/lib/systemd/system/youtubeUnblock.service
+	rm $(DESTDIR)$(PREFIX)/bin/youtubeUnblock
+	rm $(DESTDIR)$(PREFIX)/lib/systemd/system/youtubeUnblock.service
 	-systemctl disable youtubeUnblock.service
 
 clean:
@@ -91,4 +89,3 @@ clean:
 	$(MAKE) distclean -C deps/libmnl || true
 	$(MAKE) distclean -C deps/libnfnetlink || true
 
-

youtubeUnblock.c

@@ -55,6 +55,8 @@ struct config_t config = {
 #else
 	.verbose = false,
 #endif
+	.domains_str = defaul_snistr,
+	.domains_strlen = sizeof(defaul_snistr),
 };
 
 const char* get_value(const char *option, const char *prefix)
@@ -111,6 +113,21 @@ int parse_option(const char* option) {
 		goto out;
 	}
 
+	if ((value = get_value(option, "--sni-domains")) != 0) {
+		if (!value) {
+			goto err;
+		}
+		
+		if (strcmp(value, "all")) {
+			config.all_domains = 1;
+		}
+
+		config.domains_str = value;
+		config.domains_strlen = strlen(value);
+
+		goto out;
+	}
+
 	if ((value = get_value(option, "--frag=")) != 0) {
 		if (!value) {
 			goto err;
@@ -212,6 +229,7 @@ errormsg_help:
 	err = errno;
 	printf("Usage: %s <queue_num> [OPTIONS]\n", argv[0]);
 	printf("Options:\n");
+	printf("\t--sni-domains=<comma separated domain list>|all\n");
 	printf("\t--fake-sni={ack,ttl,none}\n");
 	printf("\t--fake-sni-ttl=<ttl>\n");
 	printf("\t--frag={tcp,ip,none}\n");
@@ -493,9 +511,9 @@ static int process_packet(const struct packet_data packet, struct queue_data qda
 	verdnlh = nfq_nlmsg_put(buf, NFQNL_MSG_VERDICT, qdata.queue_num);
         nfq_nlmsg_verdict_put(verdnlh, packet.id, NF_ACCEPT);
 
-	if (vrd.gvideo_hello) {
+	if (vrd.target_sni) {
 		if (config.verbose)
-			printf("Google video!\n");
+			printf("SNI target detected\n");
 
 		if (dlen > 1480) {
 			if (config.verbose)
@@ -820,8 +838,7 @@ int main(int argc, const char *argv[]) {
 		};
 
 		qres = init_queue_wrapper(&tconf);
-	}
-	else {
+	} else {
 		printf("%d threads wil be used\n", config.threads);
 
 		struct queue_conf thread_confs[MAX_THREADS];