Bump version

Различные фиксы

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,42 @@
+name: Bug report
+description: Use this issue template when you are pretty sure here is a bug. Make sure the trouble you are experiencing haven't been already reported earlier and haven't been talked about in discussions.
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Use this issue template when you are pretty sure here is a bug. 
+        Make sure the trouble you are experiencing haven't been already reported earlier and haven't been talked about in [discussions](https://github.com/Waujito/youtubeUnblock/discussions).
+
+        Note, that *bugs* are internal program errors: crashes, freezes and other types of undefined behavior. You may also report problems with routers infrastructure here, but **NOT** questions like *My router doesn't work help please*. Your questions and other stuff with custom routers setup should be discussed [here](https://github.com/Waujito/youtubeUnblock/discussions/172)
+
+        Discuss problems like *youtube doesn't unblock* [here](https://github.com/Waujito/youtubeUnblock/discussions/173)
+  - type: textarea
+    id: bug-report
+    attributes:
+      label: Bug description
+    validations:
+      required: true
+
+  - type: input
+    id: linux-distro 
+    attributes:
+      label: Linux distribution
+      description: Pass here your linux distro e.g. OpenWRT, Entware, Merlin, Padavan, Ubuntu, Debian
+    validations:
+      required: false
+
+  - type: textarea
+    id: architecture
+    attributes:
+      label: Device architecture
+      description: Pass here the architecture of your device. (On openwrt do `cat /etc/openwrt_release`, on other systems `lscpu` or `cat /proc/cpuinfo`)
+    validations:
+      required: false
+
+  - type: textarea
+    id: configs
+    attributes:
+      label: Configuration
+      description: Pass here the configuration of youtubeUnblock being used. You may pass output of `cat /etc/config/youtubeUnblock` on OpenWRT or raw flags of youtubeUnblock.
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/feature-request.md

@@ -0,0 +1,10 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+

.github/builder_containers/README.md

@@ -0,0 +1 @@
+This directory contains dockerfiles for large docker containers. This allows not to rebuild binaries every build and not to utilize cache.

.github/builder_containers/entware-aarch64-3.10.Dockerfile

@@ -0,0 +1,6 @@
+FROM waujito/entware_builder
+RUN git clone --depth 1 https://github.com/Entware/Entware.git
+WORKDIR /home/me/Entware
+RUN make package/symlinks
+RUN cp -v configs/aarch64-3.10.config .config
+RUN make -j$(nproc) toolchain/install

.github/builder_containers/entware-armv7-2.6.Dockerfile

@@ -0,0 +1,6 @@
+FROM waujito/entware_builder
+RUN git clone --depth 1 https://github.com/Entware/Entware.git -b k2.6
+WORKDIR /home/me/Entware
+RUN make package/symlinks
+RUN cp -v configs/armv7-2.6.config .config
+RUN make -j$(nproc) toolchain/install

.github/builder_containers/entware-armv7-3.2.Dockerfile

@@ -0,0 +1,6 @@
+FROM waujito/entware_builder
+RUN git clone --depth 1 https://github.com/Entware/Entware.git
+WORKDIR /home/me/Entware
+RUN make package/symlinks
+RUN cp -v configs/armv7-3.2.config .config
+RUN make -j$(nproc) toolchain/install

.github/builder_containers/entware-mips-3.4.Dockerfile

@@ -0,0 +1,6 @@
+FROM waujito/entware_builder
+RUN git clone --depth 1 https://github.com/Entware/Entware.git
+WORKDIR /home/me/Entware
+RUN make package/symlinks
+RUN cp -v configs/mips-3.4.config .config
+RUN make -j$(nproc) toolchain/install

.github/builder_containers/entware-mipsel-3.4.Dockerfile

@@ -0,0 +1,6 @@
+FROM waujito/entware_builder
+RUN git clone --depth 1 https://github.com/Entware/Entware.git
+WORKDIR /home/me/Entware
+RUN make package/symlinks
+RUN cp -v configs/mipsel-3.4.config .config
+RUN make -j$(nproc) toolchain/install

.github/builder_containers/entware-x64-3.2.Dockerfile

@@ -0,0 +1,6 @@
+FROM waujito/entware_builder
+RUN git clone --depth 1 https://github.com/Entware/Entware.git
+WORKDIR /home/me/Entware
+RUN make package/symlinks
+RUN cp -v configs/x64-3.2.config .config
+RUN make -j$(nproc) toolchain/install

.github/builder_containers/entware-x86-2.6.Dockerfile

@@ -0,0 +1,6 @@
+FROM waujito/entware_builder
+RUN git clone --depth 1 https://github.com/Entware/Entware.git -b k2.6
+WORKDIR /home/me/Entware
+RUN make package/symlinks
+RUN cp -v configs/x86-2.6.config .config
+RUN make -j$(nproc) toolchain/install

.github/builder_containers/kernel-3.0.101.Dockerfile

@@ -0,0 +1,12 @@
+FROM ubuntu:14.04
+
+RUN apt update && apt install -y build-essential flex bc bison libelf-dev elfutils libssl-dev wget
+
+RUN wget https://cdn.kernel.org/pub/linux/kernel/v3.x/linux-3.0.101.tar.xz -O kernel.tar.xz
+RUN tar -xf kernel.tar.xz
+RUN rm -f kernel.tar.xz
+RUN /bin/bash -c "mv linux-* linux"
+
+WORKDIR /linux
+RUN make defconfig
+RUN make -j$(nproc)

.github/builder_containers/kernel-3.10.108.Dockerfile

@@ -0,0 +1,12 @@
+FROM ubuntu:16.04
+
+RUN apt update && apt install -y build-essential flex bc bison libelf-dev elfutils libssl-dev wget
+
+RUN wget https://cdn.kernel.org/pub/linux/kernel/v3.x/linux-3.10.108.tar.xz -O kernel.tar.xz
+RUN tar -xf kernel.tar.xz
+RUN rm -f kernel.tar.xz
+RUN /bin/bash -c "mv linux-* linux"
+
+WORKDIR /linux
+RUN make defconfig
+RUN make -j$(nproc)

.github/builder_containers/kernel-4.19.322.Dockerfile

@@ -0,0 +1,12 @@
+FROM ubuntu:24.04
+
+RUN apt update && apt install -y build-essential flex bc bison libelf-dev elfutils libssl-dev wget
+
+RUN wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.19.322.tar.xz -O kernel.tar.xz
+RUN tar -xf kernel.tar.xz
+RUN rm -f kernel.tar.xz
+RUN /bin/bash -c "mv linux-* linux"
+
+WORKDIR /linux
+RUN make defconfig
+RUN make -j$(nproc)

.github/builder_containers/kernel-4.4.302.Dockerfile

@@ -0,0 +1,12 @@
+FROM ubuntu:24.04
+
+RUN apt update && apt install -y build-essential flex bc bison libelf-dev elfutils libssl-dev wget
+
+RUN wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.4.302.tar.xz -O kernel.tar.xz
+RUN tar -xf kernel.tar.xz
+RUN rm -f kernel.tar.xz
+RUN /bin/bash -c "mv linux-* linux"
+
+WORKDIR /linux
+RUN make defconfig
+RUN make -j$(nproc)

.github/builder_containers/kernel-5.15.167.Dockerfile

@@ -0,0 +1,12 @@
+FROM ubuntu:24.04
+
+RUN apt update && apt install -y build-essential flex bc bison libelf-dev elfutils libssl-dev wget
+
+RUN wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.167.tar.xz -O kernel.tar.xz
+RUN tar -xf kernel.tar.xz
+RUN rm -f kernel.tar.xz
+RUN /bin/bash -c "mv linux-* linux"
+
+WORKDIR /linux
+RUN make defconfig
+RUN make -j$(nproc)

.github/builder_containers/kernel-5.4.284.Dockerfile

@@ -0,0 +1,12 @@
+FROM ubuntu:24.04
+
+RUN apt update && apt install -y build-essential flex bc bison libelf-dev elfutils libssl-dev wget
+
+RUN wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.4.284.tar.xz -O kernel.tar.xz
+RUN tar -xf kernel.tar.xz
+RUN rm -f kernel.tar.xz
+RUN /bin/bash -c "mv linux-* linux"
+
+WORKDIR /linux
+RUN make defconfig
+RUN make -j$(nproc)

.github/builder_containers/kernel-6.6.52.Dockerfile

@@ -0,0 +1,12 @@
+FROM ubuntu:24.04
+
+RUN apt update && apt install -y build-essential flex bc bison libelf-dev elfutils libssl-dev wget
+
+RUN wget https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.6.52.tar.xz -O kernel.tar.xz
+RUN tar -xf kernel.tar.xz
+RUN rm -f kernel.tar.xz
+RUN /bin/bash -c "mv linux-* linux"
+
+WORKDIR /linux
+RUN make defconfig
+RUN make -j$(nproc)

.github/workflows/build-ci.yml

@@ -10,18 +10,18 @@ on:
       - 'LICENSE'
       - 'README.md'
   workflow_dispatch:
+  pull_request:
 
 jobs:
   prepare:
     runs-on: ubuntu-latest
     outputs:
       version: ${{ steps.gh.outputs.version }}
+      release: ${{ steps.gh.outputs.release }}
       sha: ${{ steps.gh.outputs.sha }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-        with:
-          ref: 'openwrt'
 
       - name: GH
         id: gh
@@ -30,12 +30,14 @@ jobs:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         shell: bash
         run: |
-          echo "version=$(cat youtubeUnblock/Makefile | grep PKG_VERSION | sed 's/PKG_VERSION:=//')" >> $GITHUB_OUTPUT
-          if [[ "${{ github.event_name }}" != "pull_request" ]]; then
-            echo "sha=$(echo ${GITHUB_SHA::7})" >> $GITHUB_OUTPUT
-          else
-            echo "sha=$(gh api repos/$REPO/commits/main --jq '.sha[:7]')" >> $GITHUB_OUTPUT
+          echo "version=$(cat Makefile | grep "PKG_VERSION :=" | sed 's/PKG_VERSION := //')" >> $GITHUB_OUTPUT
+          echo "release=$(cat Makefile | grep "PKG_RELEASE :=" | sed 's/PKG_RELEASE := //')" >> $GITHUB_OUTPUT
+
+          if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then
+            GITHUB_SHA=$(cat $GITHUB_EVENT_PATH | jq -r .pull_request.head.sha)
           fi
+          echo "sha=$(echo ${GITHUB_SHA::7})" >> $GITHUB_OUTPUT
+          cat $GITHUB_OUTPUT
 
   build-static:
     needs: prepare
@@ -72,6 +74,7 @@ jobs:
           ARCH: ${{ matrix.arch }}
           CCACHE_DIR: ${{ github.workspace }}/.ccache
           VERSION: ${{ needs.prepare.outputs.version }}
+          RELEASE: ${{ needs.prepare.outputs.release }}
           SHA: ${{ needs.prepare.outputs.sha }}
         shell: alpine.sh {0}
         run: |
@@ -85,7 +88,7 @@ jobs:
           make -j$(nproc) CC="ccache gcc -static-libgcc -static" || exit 1
           strip -s build/youtubeUnblock
           cp -va build/youtubeUnblock .
-          tar -czvf youtubeUnblock-$VERSION-$SHA-$PLATFORM-static.tar.gz youtubeUnblock youtubeUnblock.service README.md
+          tar -czvf youtubeUnblock-$VERSION-$RELEASE-$SHA-$PLATFORM-static.tar.gz youtubeUnblock youtubeUnblock.service README.md
           ccache --show-stats
 
       - name: Upload artifacts
@@ -114,6 +117,8 @@ jobs:
             tool: mips-unknown-linux-musl
           - arch: mipssf
             tool: mips-unknown-linux-muslsf
+          - arch: armv7sf
+            tool: armv7-unknown-linux-musleabi
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -126,7 +131,7 @@ jobs:
         run: |
           mkdir -p $HOME/tools
           gh api repos/$REPO/releases/latest --jq '.tag_name' |\
-            xargs -I{} wget -qO- https://github.com/$REPO/releases/download/{}/$TOOL.tgz | tar -C $HOME/tools -xz || exit 1
+            xargs -I{} wget -qO- https://github.com/$REPO/releases/download/{}/$TOOL.tar.xz | tar -C $HOME/tools -xJ || exit 1
           [ -d "$HOME/tools/$TOOL/bin" ] && echo "$HOME/tools/$TOOL/bin" >> $GITHUB_PATH
 
       - name: Build
@@ -135,6 +140,7 @@ jobs:
           ARCH: ${{ matrix.arch }}
           TOOL: ${{ matrix.tool }}
           VERSION: ${{ needs.prepare.outputs.version }}
+          RELEASE: ${{ needs.prepare.outputs.release }}
           SHA: ${{ needs.prepare.outputs.sha }}
         run: |
           make -j$(nproc) \
@@ -146,13 +152,13 @@ jobs:
             CROSS_COMPILE_PLATFORM=$TOOL || exit 1
           $TOOL-strip -s build/youtubeUnblock
           cp -va build/youtubeUnblock .
-          tar -czvf youtubeUnblock-$VERSION-$SHA-$ARCH-static.tar.gz youtubeUnblock youtubeUnblock.service README.md
+          tar -czvf youtubeUnblock-$VERSION-$RELEASE-$SHA-$ARCH-static.tar.gz youtubeUnblock youtubeUnblock.service README.md
 
       - name: Upload artifacts
         if: steps.build.outcome == 'success'
         uses: actions/upload-artifact@v4
         with:
-          name: static-${{ matrix.arch }}
+          name: youtubeUnblock-static-${{ matrix.arch }}
           path: ./**/youtubeUnblock*.tar.gz
 
   build-openwrt:
@@ -201,14 +207,26 @@ jobs:
       - name: Prepare build
         env:
           VERSION: ${{ needs.prepare.outputs.version }}
+          RELEASE: ${{ needs.prepare.outputs.release }}
           SHA: ${{ needs.prepare.outputs.sha }}
         run: |
-          sed -i "s/PKG_REV:=.*$/PKG_REV:=$SHA/;s/PKG_VERSION:=.*$/PKG_VERSION:=$VERSION-$SHA/" youtubeUnblock/Makefile
+          sed -i "s/PKG_REV:=.*$/PKG_REV:=$SHA/;s/PKG_VERSION:=.*$/PKG_VERSION:=$VERSION-$RELEASE-$SHA/" youtubeUnblock/Makefile
+
+      - name: Initilalize SDK
+        id: init_sdk
+        env:
+          VERSION: ${{ needs.prepare.outputs.version }}
+          RELEASE: ${{ needs.prepare.outputs.release }}
+          SHA: ${{ needs.prepare.outputs.sha }}
+        working-directory: /builder
+        run: |
+          HOME=/builder ./setup.sh
 
       - name: Build packages
         id: build
         env:
           VERSION: ${{ needs.prepare.outputs.version }}
+          RELEASE: ${{ needs.prepare.outputs.release }}
           SHA: ${{ needs.prepare.outputs.sha }}
         working-directory: /builder
         run: |
@@ -218,7 +236,7 @@ jobs:
           ./scripts/feeds install -a -p youtubeUnblock
           make defconfig
           make package/youtubeUnblock/compile V=s
-          mv $(find ./bin -type f -name 'youtubeUnblock*.ipk') ./youtubeUnblock-$VERSION-$SHA-${{ matrix.arch }}-${{ matrix.branch }}.ipk
+          mv $(find ./bin -type f -name 'youtubeUnblock*.ipk') ./youtubeUnblock-$VERSION-$RELEASE-$SHA-${{ matrix.arch }}-${{ matrix.branch }}.ipk
 
       - name: Upload packages
         if: steps.build.outcome == 'success'
@@ -243,14 +261,26 @@ jobs:
       - name: Prepare build
         env:
           VERSION: ${{ needs.prepare.outputs.version }}
+          RELEASE: ${{ needs.prepare.outputs.release }}
           SHA: ${{ needs.prepare.outputs.sha }}
         run: |
-          sed -i "s/PKG_REV:=.*$/PKG_REV:=$SHA/;s/PKG_VERSION:=.*$/PKG_VERSION:=$VERSION-$SHA/" youtubeUnblock/Makefile
+          sed -i "s/PKG_REV:=.*$/PKG_REV:=$SHA/;s/PKG_VERSION:=.*$/PKG_VERSION:=$VERSION-$RELEASE-$SHA/" youtubeUnblock/Makefile
+
+      - name: Initilalize SDK
+        id: init_sdk
+        env:
+          VERSION: ${{ needs.prepare.outputs.version }}
+          RELEASE: ${{ needs.prepare.outputs.release }}
+          SHA: ${{ needs.prepare.outputs.sha }}
+        working-directory: /builder
+        run: |
+          HOME=/builder ./setup.sh
 
       - name: Build packages
         id: build
         env:
           VERSION: ${{ needs.prepare.outputs.version }}
+          RELEASE: ${{ needs.prepare.outputs.release }}
           SHA: ${{ needs.prepare.outputs.sha }}
         working-directory: /builder
         run: |
@@ -260,7 +290,7 @@ jobs:
           ./scripts/feeds install -a -p youtubeUnblock
           make defconfig
           make package/luci-app-youtubeUnblock/compile V=s
-          mv $(find ./bin -type f -name 'luci-app-youtubeUnblock*.ipk') ./luci-app-youtubeUnblock-$VERSION-$SHA.ipk
+          mv $(find ./bin -type f -name 'luci-app-youtubeUnblock*.ipk') ./luci-app-youtubeUnblock-$VERSION-$RELEASE-$SHA.ipk
 
       - name: Upload packages
         if: steps.build.outcome == 'success'
@@ -281,90 +311,53 @@ jobs:
           - mips-3.4
           - mipsel-3.4
           - x64-3.2
+          - x86-2.6
+          - armv7-2.6
+    container:
+      image: waujito/entware_builder:${{ matrix.arch }}
+      options: --user root
     steps:
-      - name: Set up Entware docker container
-        run: |
-          git clone --depth 1 https://github.com/Entware/docker.git
-          docker build docker --pull --tag builder
-          docker volume create entware-home
-
-      - name: Restore Entware from cache
-        id: cache-restore
-        uses: actions/cache/restore@v4
-        with:
-          path: ~/entware
-          key: entware-${{ matrix.arch }}
-
-      - name: Load Entware from cache
-        if: steps.cache-restore.outputs.cache-hit == 'true'
-        run: |
-          docker run --rm --mount source=entware-home,target=/backup_vol -v ~/entware:/backup ubuntu tar -xf /backup/entware.tar -C /backup_vol
-          docker run --rm --mount source=entware-home,target=/home/me -w /home/me ubuntu bash -c 'cp -r ./backup_vol/* ./'
-          docker run --rm --mount source=entware-home,target=/home/me -w /home/me ubuntu bash -c 'chown -R 1000:1000 ./* ./'
-
-      - name: Build Entware
-        if: steps.cache-restore.outputs.cache-hit != 'true'
-        run: |
-          docker run --rm -i --mount source=entware-home,target=/home/me -w /home/me --name builder builder git clone --depth 1 https://github.com/Entware/Entware.git
-          docker run --rm -i --mount source=entware-home,target=/home/me -w /home/me/Entware --name builder builder make package/symlinks
-          docker run --rm -i --mount source=entware-home,target=/home/me -w /home/me/Entware --name builder builder cp -v configs/${{ matrix.arch }}.config .config
-          docker run --rm -i --mount source=entware-home,target=/home/me -w /home/me/Entware --name builder builder make -j$(nproc) toolchain/install
-          docker run --rm --mount source=entware-home,target=/backup_vol -v ~/entware:/backup ubuntu tar -cf /backup/entware.tar /backup_vol
-
-      - name: Save Entware to cache
-        if: steps.cache-restore.outputs.cache-hit != 'true'
-        id: cache-save
-        uses: actions/cache/save@v4
-        with:
-          path: ~/entware
-          key: entware-${{ matrix.arch }}
-
       - name: Checkout
         uses: actions/checkout@v4
         with:
-          ref: 'entware'
+          ref: 'openwrt'
 
       - name: Prepare build
         env:
           VERSION: ${{ needs.prepare.outputs.version }}
+          RELEASE: ${{ needs.prepare.outputs.release }}
           SHA: ${{ needs.prepare.outputs.sha }}
         run: |
-          sed -i "s/PKG_REV:=.*$/PKG_REV:=$SHA/;s/PKG_VERSION:=.*$/PKG_VERSION:=$VERSION-$SHA/" youtubeUnblock/Makefile
+          sed -i "s/PKG_REV:=.*$/PKG_REV:=$SHA/;s/PKG_VERSION:=.*$/PKG_VERSION:=$VERSION-$RELEASE-$SHA/" youtubeUnblockEntware/Makefile
 
       - name: Build packages
         id: build
-        run: |
-          echo "src-link youtubeUnblock /youtubeUnblock" | docker run --rm -i --mount source=entware-home,target=/home/me -v $GITHUB_WORKSPACE:/youtubeUnblock -w /home/me/Entware --name builder builder tee -a feeds.conf
-          docker run --rm -i --mount source=entware-home,target=/home/me -v $GITHUB_WORKSPACE:/youtubeUnblock -w /home/me/Entware --name builder builder ./scripts/feeds update youtubeUnblock
-          docker run --rm -i --mount source=entware-home,target=/home/me -v $GITHUB_WORKSPACE:/youtubeUnblock -w /home/me/Entware --name builder builder ./scripts/feeds install -a -p youtubeUnblock
-          echo "CONFIG_PACKAGE_youtubeUnblock=m" | docker run --rm -i --mount source=entware-home,target=/home/me -v $GITHUB_WORKSPACE:/youtubeUnblock -w /home/me/Entware --name builder builder tee -a .config
-          docker run --rm -i --mount source=entware-home,target=/home/me -v $GITHUB_WORKSPACE:/youtubeUnblock -w /home/me/Entware --name builder builder make package/youtubeUnblock/compile V=s
-
-      - name: Extract packages
-        if: steps.build.outcome == 'success'
-        shell: bash
+        working-directory: /home/me/Entware
         env:
           VERSION: ${{ needs.prepare.outputs.version }}
+          RELEASE: ${{ needs.prepare.outputs.release }}
           SHA: ${{ needs.prepare.outputs.sha }}
         run: |
-          mkdir output
-          docker run --rm --user root -i --mount source=entware-home,target=/home/me -v $(pwd):/target -w /home/me/Entware --name builder builder find ./bin -type f -name 'youtubeUnblock*.ipk' -exec cp -v {} /target/output \;
-          rm -rf youtubeUnblock || true
-          mkdir youtubeUnblock
-          bash -c "cp -r ./output/* youtubeUnblock"
-          tar -czvf youtubeUnblock-$VERSION-$SHA-${{ matrix.arch }}-entware.tar.gz youtubeUnblock
+          echo "src-link youtubeUnblock $GITHUB_WORKSPACE" >> feeds.conf
+          cat feeds.conf
+          ./scripts/feeds update youtubeUnblock
+          ./scripts/feeds install -a -p youtubeUnblock
+          echo "CONFIG_PACKAGE_youtubeUnblockEntware=m" | tee -a .config
+          make package/youtubeUnblockEntware/compile V=s
+
+          mv $(find ./bin -type f -name 'youtubeUnblockEntware*.ipk') ./youtubeUnblock-$VERSION-$RELEASE-$SHA-entware-${{ matrix.arch }}.ipk
 
       - name: Upload packages
         if: steps.build.outcome == 'success'
         uses: actions/upload-artifact@v4
         with:
           name: youtubeUnblock-entware-${{ matrix.arch }}
-          path: ./**/youtubeUnblock*-entware.tar.gz
+          path: /home/me/Entware/youtubeUnblock*.ipk
           if-no-files-found: error
 
   pre-release:
     if: github.event_name != 'pull_request' && github.ref_name == 'main'
-    needs: [build-static, build-static-cross, build-openwrt, build-entware]
+    needs: [build-static, build-static-cross, build-openwrt, build-entware, build-openwrt-luci]
     permissions:
       contents: write
     runs-on: ubuntu-latest

.github/workflows/test.yml

@@ -1,25 +1,16 @@
-# Tests whether the youtubeUnblock builds properly
-
 name: "youtubeUnblock build test"
 
 on:
   push:
-    branches: [ "main" ]
+    branches: 
+      - main
     paths-ignore:
       - '.editorconfig'
       - '.gitignore'
       - 'LICENSE'
       - 'README.md'
-
-  pull_request:
-    branches: [ "main" ]
-    paths-ignore:
-      - '.editorconfig'
-      - '.gitignore'
-      - 'LICENSE'
-      - 'README.md'
-
   workflow_dispatch:
+  pull_request:
 
 jobs:
   prepare:
@@ -79,110 +70,47 @@ jobs:
           name: static-youtubeUnblock-${{ matrix.arch }}
           path: ./**/static-youtubeUnblock*.tar.gz
 
+  test:
+    needs: prepare
+    name: test
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        arch: [x86_64]
+        branch: [latest-stable]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build 
+        id: build
+        shell: bash
+        run: |
+          make build_test -j$(nproc)
+
+      - name: Test
+        id: test
+        run:
+          ./build/testYoutubeUnblock
+
   build-kmod:
     needs: prepare
     name: build-kmod ${{ matrix.kernel_version }}
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        include:
-          - kernel_version: "6.6.52"
-            source: "https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.6.52.tar.xz"
-            container_version: "24.04"
-
-          - kernel_version: "5.15.167"
-            source: "https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.167.tar.xz"
-            container_version: "24.04"
-
-          - kernel_version: "5.4.284"
-            source: "https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.4.284.tar.xz"
-            container_version: "24.04"
-
-          - kernel_version: "4.19.322"
-            source: "https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.19.322.tar.xz"
-            container_version: "24.04"
-
-          - kernel_version: "4.4.302"
-            source: "https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.4.302.tar.xz"
-            container_version: "24.04"
-
-          - kernel_version: "3.10.108"
-            source: "https://cdn.kernel.org/pub/linux/kernel/v3.x/linux-3.10.108.tar.xz"
-            container_version: "16.04"
-          
-          - kernel_version: "3.0.101"
-            source: "https://cdn.kernel.org/pub/linux/kernel/v3.x/linux-3.0.101.tar.xz"
-            container_version: "14.04"
+        kernel_version:
+          - 6.6.52
+          - 5.15.167
+          - 5.4.284
+          - 4.19.322
+          - 4.4.302
+          - 3.10.108
+          - 3.0.101
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Restore builder from cache
-        id: cache-restore
-        uses: actions/cache/restore@v4
-        with:
-          path: ~/builder.tar
-          key: builder-${{ matrix.kernel_version }}
-
-      - name: Load builder from cache
-        if: steps.cache-restore.outputs.cache-hit == 'true'
-        run: |
-          docker import - builder < ~/builder.tar
-
-      - name: Prepare build env
-        if: steps.cache-restore.outputs.cache-hit != 'true'
-        run: |
-          mkdir ~/linux
-          pwd
-          ls /
-          ls ~
-
-      - name: Obtain kernel
-        if: steps.cache-restore.outputs.cache-hit != 'true'
-        run: |
-          cd ~/linux
-          wget ${{ matrix.source }} -O kernel.tar.xz -q
-          tar -xf kernel.tar.xz
-          rm -f kernel.tar.xz
-          /bin/bash -c "mv linux-* linux"
-          ls
-          ls linux
-
-      - name: Install docker
-        if: steps.cache-restore.outputs.cache-hit != 'true'
-        run: |
-          cd ~/linux
-          docker pull ubuntu:${{ matrix.container_version }}
-          docker container create --name ubu_builder -w / ubuntu:${{ matrix.container_version }} tail -f /dev/null
-          docker container start ubu_builder
-          docker container exec ubu_builder bash -c "apt update && apt install -y build-essential flex bc bison libelf-dev elfutils libssl-dev"
-          docker cp ./linux ubu_builder:/linux
-
-      - name: Build kernel
-        if: steps.cache-restore.outputs.cache-hit != 'true'
-        run: |
-          cd ~/linux
-          docker container exec -w /linux ubu_builder bash -c 'make defconfig'
-          docker container exec -w /linux ubu_builder bash -c 'make -j $(nproc)'
-
-      - name: Export container
-        if: steps.cache-restore.outputs.cache-hit != 'true'
-        run: |
-          cd ~/linux
-          docker container kill ubu_builder
-          docker container export ubu_builder > ubu_builder.tar
-          docker container rm ubu_builder
-          mv ./ubu_builder.tar ~/builder.tar
-          docker import - builder < ~/builder.tar
-
-      - name: Save kernel image to cache
-        if: steps.cache-restore.outputs.cache-hit != 'true'
-        id: cache-save
-        uses: actions/cache/save@v4
-        with:
-          path: ~/builder.tar
-          key: builder-${{ matrix.kernel_version }}
-
       - name: Build kernel module
         id: build
         env:
@@ -190,7 +118,7 @@ jobs:
           SHA: ${{ needs.prepare.outputs.sha }}
         shell: bash
         run: |
-          docker run --rm -v ./:/youtubeUnblock -w /youtubeUnblock builder make kmake KERNEL_BUILDER_MAKEDIR:=/linux
+          docker run --rm -v ./:/youtubeUnblock -w /youtubeUnblock waujito/kernel-bins:${{ matrix.kernel_version }} make kmake KERNEL_BUILDER_MAKEDIR:=/linux
           tar -czvf kmod-youtubeUnblock-$VERSION-$SHA-linux-${{ matrix.kernel_version }}.tar.gz kyoutubeUnblock.ko
 
       - name: Upload artifacts

.gitignore

@@ -13,5 +13,6 @@ modules.order
 Module.symvers
 *.so
 *.ko
+*.a
 
 !/.github

.gitmodules

@@ -0,0 +1,3 @@
+[submodule ".github/builder_containers/entware_docker"]
+	path = .github/builder_containers/entware_docker
+	url = https://github.com/Entware/docker.git

Kbuild

@@ -1,3 +1,3 @@
 obj-m := kyoutubeUnblock.o
-kyoutubeUnblock-objs := kytunblock.o mangle.o quic.o utils.o kargs.o tls.o
-ccflags-y := -std=gnu99 -DKERNEL_SPACE -Wno-error -Wno-declaration-after-statement
+kyoutubeUnblock-objs := src/kytunblock.o src/mangle.o src/quic.o src/quic_crypto.o src/utils.o src/tls.o src/getopt.o src/inet_ntop.o src/args.o src/trie.o deps/cyclone/aes.o deps/cyclone/cpu_endian.o deps/cyclone/ecb.o deps/cyclone/gcm.o deps/cyclone/hkdf.o deps/cyclone/hmac.o deps/cyclone/sha256.o
+ccflags-y := -std=gnu99 -DKERNEL_SPACE -Wno-error -Wno-declaration-after-statement -I$(src)/src -I$(src)/deps/cyclone/include

Makefile

@@ -1,13 +1,26 @@
 USPACE_TARGETS := default all install uninstall dev run_dev
 KMAKE_TARGETS := kmake kload kunload kreload xmod xtclean
 
-.PHONY: $(USPACE_TARGETS) $(KMAKE_TARGETS) clean
+PKG_VERSION := 1.0.0
+PKG_RELEASE := 10
+
+PKG_FULLVERSION := $(PKG_VERSION)-$(PKG_RELEASE)
+
+export PKG_VERSION PKG_RELEASE PKG_FULLVERSION
+
+.PHONY: $(USPACE_TARGETS) $(KMAKE_TARGETS) test build_test clean distclean kclean
 $(USPACE_TARGETS):
 	@$(MAKE) -f uspace.mk $@
 
 $(KMAKE_TARGETS):
 	@$(MAKE) -f kmake.mk $@
 
+build_test:
+	-@$(MAKE) -f uspace.mk build_test
+
+test:
+	-@$(MAKE) -f uspace.mk test
+
 clean:
 	-@$(MAKE) -f uspace.mk clean
 

Padavan.md

@@ -0,0 +1,30 @@
+## Padavan
+На падаване есть раздел, доступный для записи (/etc/storage), и, докинув нужные модули, можно запустить youtubeUblock на уже установленной прошивке без USB. Установка самого youtubeUblock мало будет отличаться от классичкской установки. Наибольшая сложность заключается в получении модулей ядра специально для вашего роутера. 
+
+**Версия youtubeUblock должна быть не меньше v1.0.0-rc4.**
+
+### Сборка прошивки с модулями
+
+Необходимо собрать ядро с модулями nfqueue. Собирать можно у себя локально, а можно и в github actions (https://github.com/shvchk/padavan-builder-workflow)
+
+Добавить строки ниже в `padavan-ng/trunk/configs/boards/TPLINK/TL_C5-V4/kernel-3.4.x.config` (вместо TPLINK/TL_C5-V4 нужно выбрать свою модель):
+
+```sh
+CONFIG_NETFILTER_NETLINK=m
+CONFIG_NETFILTER_NETLINK_QUEUE=m
+CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
+CONFIG_IP_NF_QUEUE=m
+CONFIG_IP6_NF_QUEUE=m
+```
+
+Сборка
+```sh
+cd padavan-ng/trunk
+cp configs/templates/tplink/tl_c5-v4.config .config
+./build_firmware.sh
+```
+Если финальный размер превышает максимум, то можно отключить что-нибудь в .config, например FTP.
+
+После сборки необходимо установить прошивку на роутер. Подробнее в гитлабе падавана: https://gitlab.com/hadzhioglu/padavan-ng. Как устанавливать: https://4pda.to/forum/index.php?showtopic=975687&st=12980#Spoil-115912586-5
+
+Далее скачать youtubeUnblock, закинуть его на роутер, добавить правила фаервола и запустить. Можно скачивать static бинарник и запускать вручную, а можно загрузить entware на usb или в память, и поставить соответствующую версию youtubeUblock.

README.md

@@ -9,9 +9,12 @@
     - [IPv6](#ipv6)
   - [Check it](#check-it)
   - [Flags](#flags)
+  - [UDP/QUIC/Voice Chats](#udpquicvoice-chats)
   - [Troubleshooting](#troubleshooting)
     - [TV](#tv)
     - [Troubleshooting EPERMS (Operation not permitted)](#troubleshooting-eperms-operation-not-permitted)
+    - [Conntrack](#conntrack-troubleshooting)
+    - [NAT Hardware/Software offloading](#nat-hardwaresoftware-offloading)
   - [Compilation](#compilation)
   - [OpenWRT case](#openwrt-case)
     - [Building OpenWRT .ipk package](#building-openwrt-ipk-package)
@@ -21,6 +24,7 @@
       - [Building on host system](#building-on-host-system)
       - [Building on any kernel](#building-on-any-kernel)
       - [Building with openwrt SDK](#building-with-openwrt-sdk)
+  - [Padavan](#padavan)
 
 
 # youtubeUnblock
@@ -56,6 +60,8 @@ For Windows use [GoodbyeDPI by ValdikSS](https://github.com/ValdikSS/GoodbyeDPI)
 
 When you got the release package, you should install it. Go to your router interface, to *System->Software*, do *Update lists* and install youtubeUnblock via *install_package* button. Then, you should go to *System-Startup* menu and reload the firewall (You may also do it within *Services->youtubeUnblock* menu). 
 
+Since OpenWRT **main** branch switched to apk instead of opkg, but this is not released yet, here is not deploys for apk in **Releases**. But **apk is supported** in PR #196.
+
 To make it work you should register an iptables rule and install required kernel modules. The list of modules depends on the version of OpenWRT and which firewall do you use (iptables or nftables). For most modern versions of OpenWRT (v23.x, v22.x) you should use nftables rules, for older ones it depends, but typically iptables.
 
 The common dependency is
@@ -87,28 +93,40 @@ Now we go to the configuration. For OpenWRT here is configuration via [UCI](http
 
 For **LuCI** aka **GUI** aka **web-interface of router** you should install **luci-app-youtubeUnblock** package like you did it with the normal youtubeUnblock package. Note, that lists of official opkg feeds should be loaded (**Do it with Update lists option**).
 
+If you got ` * pkg_hash_check_unresolved: cannot find dependency luci-lua-runtime for luci-app-youtubeUnblock` error, you are using old openwrt. Install [this dummy package](https://github.com/xiaorouji/openwrt-passwall/files/12605732/luci-lua-runtime_all_fake.zip). [Check this comment](https://github.com/Waujito/youtubeUnblock/issues/168#issuecomment-2449227547) for more details.
+
 LuCI configuration lives in **Services->youtubeUnblock** section. It is self descriptive, with description for each flag. Note, that after you push `Save & Apply` button, the configuration is applied automatically and the service is restarted.
 
-UCI configuration is available in /etc/config/youtubeUnblock file, in section `youtubeUnblock.youtubeUnblock`. The configuration is done with [flags](#flags). Note, that names of flags are not the same: you should replace `-` with `_`, you shouldn't use leading `--` for flag. Also you will enable toggle flags (without parameters) with `1`. 
+UCI configuration is available in /etc/config/youtubeUnblock file, in section `youtubeUnblock.youtubeUnblock`. You may pass any args as a string to parameter `args`, but before it disable interactive flags (You can configurate with it but it is a way harder and I recommend to use it only with `luci-app-youtubeUnblock`):
 
-For example, to enable trace logs you should do
 ```sh
-uci set youtubeUnblock.youtubeUnblock.trace=1
+uci set youtubeUnblock.youtubeUnblock.conf_strat="args"
+uci set youtubeUnblock.youtubeUnblock.args="--queue-num=537 --threads=1"
 ```
 
-You can check the logs in CLI mode with `logread -l 200 | grep youtubeUnblock` command. 
+To save the configs you should do `uci commit` and then `reload_config` to restart youtubeUnblock
 
-For uci, to save the configs you should do `uci commit` and then `reload_config` to restart the youtubeUnblock
+
+You can check the logs in CLI mode with `logread -l 200 | grep youtubeUnblock` command. 
 
 In CLI mode you will use youtubeUnblock as a normal init.d service:
 for example, you can enable it with `/etc/init.d/youtubeUnblock enable`.
 
 ### Entware
 
-For Entware on Keenetic here is an [installation guide (russian)](https://help.keenetic.com/hc/ru/articles/360021214160-%D0%A3%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2%D0%BA%D0%B0-%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D1%8B-%D0%BF%D0%B0%D0%BA%D0%B5%D1%82%D0%BE%D0%B2-%D1%80%D0%B5%D0%BF%D0%BE%D0%B7%D0%B8%D1%82%D0%BE%D1%80%D0%B8%D1%8F-Entware-%D0%BD%D0%B0-USB-%D0%BD%D0%B0%D0%BA%D0%BE%D0%BF%D0%B8%D1%82%D0%B5%D0%BB%D1%8C). Note that if your Entware router is missing netfilter queue kernel modules, here is no way to deal with it since Entware does not offer kernel modules. 
+For Entware on Keenetic here is an [installation guide (russian)](https://help.keenetic.com/hc/ru/articles/360021214160-%D0%A3%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2%D0%BA%D0%B0-%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D1%8B-%D0%BF%D0%B0%D0%BA%D0%B5%D1%82%D0%BE%D0%B2-%D1%80%D0%B5%D0%BF%D0%BE%D0%B7%D0%B8%D1%82%D0%BE%D1%80%D0%B8%D1%8F-Entware-%D0%BD%D0%B0-USB-%D0%BD%D0%B0%D0%BA%D0%BE%D0%BF%D0%B8%D1%82%D0%B5%D0%BB%D1%8C).
 
 Install the binary with `opkg install youtubeUnblock-*.ipk`. After installation, the binary in /opt/bin and the init script in /opt/etc/init.d/S51youtubeUnblock will be available. To run the youtubeUnblock, simply run `/opt/etc/init.d/S51youtubeUnblock start`
 
+### NFNETLINK_QUEUE kernel modules
+
+Note, that you should feed the target kernel with nfnetlink_queue kernel module. The module may be disabled or even not present. Entware S51youtubeUnblock will try to insert kmods any way but if they are not provided by software, you should install them manually. AFAIK on keenetics here is a repository with modules compiled by customer. You can find them somewhere in the web interface of your device. On other routers you may want to do deeper research in that case and find your kmods. If you can't find anything, you may ask the customer for GPL codes of linux kernel (and may be even OpenWRT) and compile kmods manually.
+
+You should insert the module with (this step may be omitted on Entware and OpenWRT):
+```sh
+modprobe nfnetlink_queue
+```
+
 ### PC configuration
 On local host make sure to change **FORWARD** to **OUTPUT** chain in the following Firewall rulesets.
 
@@ -121,7 +139,8 @@ Copy `youtubeUnblock.service` to `/usr/lib/systemd/system` (you should change th
 On nftables you should put next nftables rules:
 ```sh
 nft add chain inet fw4 youtubeUnblock '{ type filter hook postrouting priority mangle - 1; policy accept; }'
-nft add rule inet fw4 youtubeUnblock 'meta l4proto { tcp, udp } th dport 443 ct original packets < 20 counter queue num 537 bypass'
+nft add rule inet fw4 youtubeUnblock 'tcp dport 443 ct original packets < 20 counter queue num 537 bypass'
+nft add rule inet fw4 youtubeUnblock 'meta l4proto udp ct original packets < 9 counter queue num 537 bypass'
 nft insert rule inet fw4 output 'mark and 0x8000 == 0x8000 counter accept'
 ```
 
@@ -131,7 +150,7 @@ On iptables you should put next iptables rules:
 ```sh
 iptables -t mangle -N YOUTUBEUNBLOCK
 iptables -t mangle -A YOUTUBEUNBLOCK -p tcp --dport 443 -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:19 -j NFQUEUE --queue-num 537 --queue-bypass
-iptables -t mangle -A YOUTUBEUNBLOCK -p udp --dport 443 -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:19 -j NFQUEUE --queue-num 537 --queue-bypass
+iptables -t mangle -A YOUTUBEUNBLOCK -p udp -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:8 -j NFQUEUE --queue-num 537 --queue-bypass
 iptables -t mangle -A POSTROUTING -j YOUTUBEUNBLOCK
 iptables -I OUTPUT -m mark --mark 32768/32768 -j ACCEPT
 ```
@@ -142,7 +161,7 @@ For IPv6 on iptables you need to duplicate rules above for ip6tables:
 ```sh
 ip6tables -t mangle -N YOUTUBEUNBLOCK
 ip6tables -t mangle -A YOUTUBEUNBLOCK -p tcp --dport 443 -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:19 -j NFQUEUE --queue-num 537 --queue-bypass
-ip6tables -t mangle -A YOUTUBEUNBLOCK -p udp --dport 443 -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:19 -j NFQUEUE --queue-num 537 --queue-bypass
+ip6tables -t mangle -A YOUTUBEUNBLOCK -p udp -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:8 -j NFQUEUE --queue-num 537 --queue-bypass
 ip6tables -t mangle -A POSTROUTING -j YOUTUBEUNBLOCK
 ip6tables -I OUTPUT -m mark --mark 32768/32768 -j ACCEPT
 ```
@@ -172,22 +191,53 @@ curl -o/dev/null -k --connect-to ::google.com -k -L -H Host:\ mirror.gcr.io http
 Put flags to the **BINARY**, not an init script. If you are on OpenWRT you should put the flags inside the script: open `/etc/init.d/youtubeUnblock` with any text editor, like vi or nano and put your flags after `procd_set_param command /usr/bin/youtubeUnblock` line.
 
 Available flags:
-
-- `--sni-domains=<comma separated domain list>|all` List of domains you want to be handled by SNI. Use this string if you want to change default domain list. Defaults to `googlevideo.com,ggpht.com,ytimg.com,youtube.com,play.google.com,youtu.be,googleapis.com,googleusercontent.com,gstatic.com,l.google.com`. You can pass **all** if you want for every *ClientHello* to be handled. You can exclude some domains with `--exclude-domains` flag.
-
-- `--exclude-domains=<comma separated domain list>` List of domains to be excluded from targetting.
+#### General flags
+Flags that do not scoped to a specific section, used over all the youtubeUnblock
 
 - `--queue-num=<number of netfilter queue>` The number of netfilter queue **youtubeUnblock** will be linked to. Defaults to **537**.
 
+- `--silent` Disables verbose mode.
+
+- `--trace` Maximum verbosity for debugging purposes.
+
+- `--instaflush` Used with tracing. Flushes the buffer instantly, without waiting for explicit new line. Highly useful for debugging crushes.
+
+- `--no-gso` Disables support for TCP fat packets which uses GSO. This feature is well tested now, so this flag probably won't fix anything.
+
+- `--use-conntrack` Enables support for conntrack in youtubeUnblock. Disabled by default. Enabled in kernel module.
+
+- `--no-ipv6` Disables support for ipv6. May be useful if you don't want for ipv6 socket to be opened.
+
+- `--threads=<threads number>` Specifies the amount of threads you want to be running for your program. This defaults to **1** and shouldn't be edited for normal use. But if you really want multiple queue instances of youtubeUnblock, note that you should change --queue-num to --queue balance. For example, with 4 threads, use `--queue-balance 537:540` on iptables and `queue num 537-540` on nftables.
+
+- `--connbytes-limit=<pkts>` **Kernel module only!** Specify how much packets of connection should be processed by kyoutubeUnblock. Pass 0 if you want for each packet to be processed. This flag may be useful for UDP traffic since unlimited youtubeUnblock may lead to traffic flood and unexpected bans. Defaults to 19. In most cases you don't want to change it.
+
+- `--daemonize` Daemonizes the youtubeUnblock (forks and detaches it from the shell). Terminate the program with `killall youtubeUnblock`. If you want to track the logs of youtubeUnblock in logread or journalctl, use **--syslog** flag.
+
+- `--syslog` Redirects logs to the system log. You can read it with `journalctl` or `logread`.
+
+- `--noclose` Usable only with `--daemonize`. Will not redirect io streams to /dev/null.
+
+- `--packet-mark=<mark>` Use this option if youtubeUnblock conflicts with other systems rely on packet mark. Note that you may want to change accept rule for iptables to follow the mark.
+
+#### Section scoped flags
+
+- `--fbegin` and `--fend` flags: youtubeUnblock supports multiple sets of strategies for specific filters. You may want to initiate a new set after the default one, like: `--sni-domains=googlevideo.com --faking-strategy=md5sum --fbegin --sni-domains=youtube.com --faking-strategy=tcp_check --fbegin --sni-domains=l.google.com --faking-strategy=pastseq`. Note, that the priority of these sets goes backwards: last is first, default (one that does not start with --fbegin) is last. If you start the new section, the default settings are implemented just like youtubeUnblock without any parameters. Note that the config above is just an example and won't work for you.
+
+- `--tls={enabled|disabled}` Set it if you want not to process TLS traffic in current section. May be used if you want to set only UDP-based section. (Here section is a unit between `--fbegin` and `--fend` flags).
+
 - `--fake-sni={0|1}` This flag enables fake-sni which forces **youtubeUnblock** to send at least three packets instead of one with TLS *ClientHello*: Fake *ClientHello*, 1st part of original *ClientHello*, 2nd part of original *ClientHello*. This flag may be related to some Operation not permitted error messages, so before open an issue refer to [Troubleshooting for EPERMS](#troubleshooting-eperms-operation-not-permitted). Defaults to **1**.
 
 - `--fake-sni-seq-len=<length>` This flag specifies **youtubeUnblock** to build a complicated construction of fake client hello packets. length determines how much fakes will be sent. Defaults to **1**.
 
 - `--fake-sni-type={default|custom|random}` This flag specifies which faking message type should be used for fake packets. For `random`, the message of random length and with random payload will be sent. For `default` the default payload (sni=www.google.com) is used. And for the `custom` option, the payload from `--fake-custom-payload` section utilized. Defaults to `default`.
+
 - `--fake-custom-payload=<payload>` Useful with `--fake-sni-type=custom`. You should specify the payload for fake message manually. Use hex format: `--fake-custom-payload=0001020304` mean that 5 bytes sequence: `0x00`, `0x01`, `0x02`, `0x03`, `0x04` used as fake.
 
+- `--fake-custom-payload-file=<binary file containing TLS message>` Same as `--fake-custom-payload` but binary file instead of hex. The file should contain raw binary TLS message (TCP payload).
+
 - `--faking-strategy={randseq|ttl|tcp_check|pastseq|md5sum}` This flag determines the strategy of fake packets invalidation. Defaults to `randseq`
-  - `randseq` specifies that random sequence/acknowledgemend random will be set. This option may be handled by provider which uses *conntrack* with drop on invalid *conntrack* state firewall rule enabled. 
+  - `randseq` specifies that random sequence/acknowledgment random will be set. This option may be handled by provider which uses *conntrack* with drop on invalid *conntrack* state firewall rule enabled. 
   - `ttl` specifies that packet will be invalidated after `--faking-ttl=n` hops. `ttl` is better but may cause issues if unconfigured. 
   - `pastseq` is like `randseq` but sequence number is not random but references the packet sent in the past (before current).
   - `tcp_check` will invalidate faking packet with invalid checksum. May be handled and dropped by some providers/TSPUs.
@@ -207,8 +257,6 @@ Available flags:
 
 - `--frag-sni-pos=<pos>` With this option **youtubeUnblock** will split the packet at the position pos. Defaults to 1.
 
-- `--quic-drop` Drop all QUIC packets which goes to youtubeUnblock. Won't affect any other UDP packets. Suitable for some TVs. Note, that for this option to work you should also add proxy udp to youtubeUnblock in firewall. `connbytes` may also be used with udp.
-
 - `--fk-winsize=<winsize>` Specifies window size for the fragmented TCP packet. Applicable if you want for response to be fragmented. May slowdown connection initialization.
 
 - `--synfake={1|0}` If 1, syn payload will be sent before each request. The idea is taken from syndata from zapret project. Syn payload will normally be discarded by endpoint but may be handled by TSPU. This option sends normal fake in that payload. Please note, that the option works for all the sites, so --sni-domains won't change anything.
@@ -219,19 +267,43 @@ Available flags:
 
 - `--seg2delay=<delay>` This flag forces **youtubeUnblock** to wait a little bit before send the 2nd part of the split packet.
 
-- `--silent` Disables verbose mode.
+- `--sni-domains=<comma separated domain list>|all` List of domains you want to be handled by SNI. Use this string if you want to change default domain list. Defaults to `googlevideo.com,ggpht.com,ytimg.com,youtube.com,play.google.com,youtu.be,googleapis.com,googleusercontent.com,gstatic.com,l.google.com`. You can pass **all** if you want for every *ClientHello* to be handled. You can exclude some domains with `--exclude-domains` flag.
 
-- `--trace` Maximum verbosity for debugging purposes.
+- `--exclude-domains=<comma separated domain list>` List of domains to be excluded from targeting.
 
-- `--no-gso` Disables support for Google Chrome fat packets which uses GSO. This feature is well tested now, so this flag probably won't fix anything.
+- `--sni-domains-file=<file contains comma or new-line separated list>` Same as `--sni-domains` but accepts path to container file instead of inline domains list. The format is file may consist of both comma-separated domains list as well as new-line separated list.
 
-- `--no-ipv6` Disables support for ipv6. May be useful if you don't want for ipv6 socket to be opened.
+- `--exclude-domains-file=<file contains comma or new-line separated list>` Same as `--exclude-domains` but accepts path to container file instead of inline domains list. The format is file may consist of both comma-separated domains list as well as new-line separated list.
 
-- `--threads=<threads number>` Specifies the amount of threads you want to be running for your program. This defaults to **1** and shouldn't be edited for normal use. If you have performance issues, consult [performance chaptr](https://github.com/Waujito/youtubeUnblock?tab=readme-ov-file#performance)
+- `--udp-mode={drop|fake}` This flag specifies udp handling strategy. If drop udp packets will be dropped (useful for quic when browser can fallback to tcp), if fake udp will be faked. Defaults to fake.
 
-- `--packet-mark=<mark>` Use this option if youtubeUnblock conflicts with other systems rely on packet mark. Note that you may want to change accept rule for iptables to follow the mark.
+- `--udp-fake-seq-len=<amount of faking packets sent>` Specifies how much faking packets will be sent over the network. Defaults to 6.
 
-- `--fbegin` and `--fend` flags: youtubeUnblock supports multiple sets of strategies for specific filters. You may want to initiate a new set after the default one, like: `--sni-domains=googlevideo.com --faking-strategy=md5sum --fbegin --sni-domains=youtube.com --faking-strategy=tcp_check --fend --fbegin --sni-domains=l.google.com --faking-strategy=pastseq --fend`. Note, that the priority of these sets goes backwards: last is first, default (one that does not start with --fbegin) is last. If you start the new section, the default settings are implemented just like youtubeUnblock without any parameters. Note that the config above is just an example and won't work for you.
+- `--udp-fake-len=<size of udp fake>` Size of udp fake payload (typically payload is zeroes). Defaults to 64.
+
+- `--udp-dport-filter=<5,6,200-500>` Filter the UDP destination ports. Defaults to no ports. Specifie the ports you want to be handled by youtubeUnblock.
+
+- `--udp-faking-strategy={checksum|ttl|none}` Faking strategy for udp. `checksum` will fake UDP checksum, `ttl` won't fake but will make UDP content relatively small, `none` is no faking. Defaults to none.
+
+- `--udp-filter-quic={disabled|all|parse}` Enables QUIC filtering for UDP handler. If disabled, quic won't be processed, if all, all quic initial packets will be handled. `parse` will decrypt and parse QUIC initial message and match it with `--sni-domains`. Defaults to disabled.
+
+- `--quic-drop` Drop all QUIC packets which goes to youtubeUnblock. Won't affect any other UDP packets. Just an alias for `--udp-filter-quic=all --udp-mode=drop`.
+
+- `--no-dport-filter` By default, youtubeUnblock will filter for TLS and QUIC 443. If you want to disable it, pass this flag. (this does not affect `--udp-dport-filter`)
+
+## UDP/QUIC/Voice Chats
+
+UDP is another communication protocol. Well-known technologies that use it are DNS, QUIC, voice chats. UDP does not provide reliable connection and its header is much simpler than TCP thus fragmentation is limited. The support provided primarily by faking. 
+
+**For UDP faking in kernel module** Make sure to decrease `--connbytes-limit` up to 5. This will allow not to process additional packets and prevent network flood.
+
+Right now, QUIC faking may not work well, so use `--udp-mode=drop` option.
+
+QUIC is enabled with `--udp-filter-quic` flag. The flag supports two modes: `all` will handle all the QUIC initial messages and `parse` will decrypt and parse the QUIC initial message, and then compare it with `--sni-domains` flag.
+
+**I recommend to use** `--udp-mode=drop --udp-filter-quic=parse`.
+
+For **other UDP protocols** I recommend to configure UDP support in the separate section from TCP, like `--fbegin --udp-dport-filter=50000-50099 --tls=disabled`. See more in flags related to udp and [tickets tagged with udp label](https://github.com/Waujito/youtubeUnblock/issues?q=label%3Audp+). 
 
 ## Troubleshooting
 
@@ -242,10 +314,16 @@ If you have troubles with some sites being proxied, you can play with flags valu
 
 If you are on Chromium you may have to disable *kyber* (the feature that makes the TLS *ClientHello* very big). I've got the problem with it on router, so to escape possible errors, so it is better to disable it: in `chrome://flags` search for kyber and switch it to disabled state. Alternatively you may set `--sni-detection=brute` and probably adjust `--sni-domains` flag.
 
+*Kyber* on firefox disables with `security.tls.enable_kyber` in `about:config`.
+
 If your browser is using QUIC it may not work properly. Disable it in Chrome in `chrome://flags` and in Firefox `network.http.http{2,3}.enable(d)` in `about:config` option.
 
 It seems like some TSPUs started to block wrongseq packets, so you should play around with faking strategies. I personally recommend to start with `md5sum` faking strategy.
 
+#### youtube with `--sni-domains=all`
+
+I know about this issue but it is **basically not an youtubeUnblock problem**. The problem is behind the large `*.googlevideo.com` domain name. All you want is to create a new configuration section for only youtube. It should go after section for all domains. For plain string arguments just `--fbegin` at the end of args list will work. In luci you can create section interactively.
+
 ### TV
 
 Televisions are the biggest headache. 
@@ -259,7 +337,7 @@ nft insert rule inet fw4 forward ip saddr 192.168.. udp dport 443 counter drop
 
 For **iptables**
 ```
-iptables -I OUTPUT --src 192.168.. -p udp --dport 443 -j DROP
+iptables -I FORWARD --src 192.168.. -p udp --dport 443 -j DROP
 ```
 
 Where you have to replace 192.168.. with ip of your television.
@@ -275,6 +353,29 @@ Where you have to replace 192.168.. with ip of your television.
     * send fake sni EPERM: Fake SNI is out-of-state thing and will likely corrupt the connection (the behavior is expected). conntrack considers it as an invalid packet. By default OpenWRT set up to drop outgoing packets like this one. You may delete nftables/iptables rule that drops packets with invalid conntrack state, but I don't recommend to do this. The step 3 is better solution.
     * Step 3, ultimate solution. Use mark (don't confuse with connmark). The youtubeUnblock uses mark internally to avoid infinity packet loops (when the packet is sent by youtubeUnblock but on next step handled by itself). Currently it uses mark (1 << 15) = 32768. You should put iptables/nftables that ultimately accepts such marks at the very start of the filter OUTPUT chain: `iptables -I OUTPUT -m mark --mark 32768/32768 -j ACCEPT` or `nft insert rule inet fw4 output mark and 0x8000 == 0x8000 counter accept`.
 
+### Conntrack troubleshooting
+
+youtubeUnblock *optionally* depends on conntrack. 
+For kernel module, if conntrack breaks dependencies, compile it with `make kmake EXTRA_CFLAGS="-DNO_CONNTRACK"` to disable it completly. 
+
+If you want to be able to use connbytes in custom stack where conntrack is broken, check #220 and #213 for possible references.
+
+### NAT Hardware/Software offloading
+
+youtubeUnblock will conflict with offloading. But hopefully youtubeUnblock need to process only a bunch of first packets in the connection. So, on some devices it is indeed possible to use youtubeUnblock alongside with offloading, especially on ones driven by nftables (OpenWRT 23+). Note, that this is not tested by me but [reported as a workaround](https://github.com/Waujito/youtubeUnblock/issues/199#issuecomment-2519418553) by users:
+
+Edit `/usr/share/firewall4/templates/ruleset.uc` by replacing
+```
+meta l4proto { tcp, udp } flow offload @ft;
+```
+with
+```
+meta l4proto { tcp, udp } ct original packets ge 30 flow offload @ft;
+```
+
+And restart firewall with `service firewall restart`
+
+
 ## Compilation
 
 Before compilation make sure `gcc`, `make`, `autoconf`, `automake`, `pkg-config` and `libtool` is installed. For Fedora `glibc-static` should be installed as well.
@@ -323,24 +424,26 @@ When compilation is done, the binary file will be in build directory. Copy it to
 
 This section describes the kernel module version of youtubeUnblock. The kernel module operates as a normal module inside the kernel and integrates within the netfilter stack to statelessly mangle the packets sent over the Internet.
 
-You can configure the module with its flags in insmod:
-```
-insmod kyoutubeUnblock.ko fake_sni=1 exclude_domains=.ru quic_drop=1
-```
+You can configure the module with its flags:
 
-Note that the flags names are different from ones used for the regular youtubeUnblock(right like in UCI configuration for OpenWRT): replace `-` with `_` and no leading `--`. Also to configure togglers you should set them to `1` (`quic_drop=1`)
-
-Also a good thig to mention is verbosity. The kernel module combines --trace and --silent option to the one parameter `verbosity`. This parameter accepts 3 arguments: `trace`, `debug` and `silent`. I highly don't recommend to enable `trace` mod on router because it may cause huge problems with performance and even freeze your device. 
-
-Also a drop in replacement is supported for all the parameters excluding packet mark. A drop in replacement does not require module restart if you want to change the parameters. You can specify and check the parameters within module's directory inside the sysfs: `/sys/module/kyoutubeUnblock/parameters/`. For example, to set quic_drop to true you may use next command:
 ```sh
-echo 1 | sudo tee /sys/module/kyoutubeUnblock/parameters/quic_drop
+insmod kyoutubeUnblock.ko 
+echo "--fake_sni=1 --exclude_domains=.ru --quic_drop" | sudo tee /sys/module/kyoutubeUnblock/parameters/parameters
 ```
-and 
+
+You can also do 
+
 ```sh
-cat /sys/module/kyoutubeUnblock/parameters/quic_drop
+cat /sys/module/kyoutubeUnblock/parameters/parameters
+```
+
+and check all the parameters configured.
+
+You can check up the statistics of youtubeUnblock with
+
+```sh
+sudo cat /proc/kyoutubeUnblock
 ```
-to check the parameter.
 
 ### Building kernel module
 
@@ -381,4 +484,11 @@ make package/kyoutubeUnblock/compile V=s
 
 When the commands finish, the module is ready. Find it with `find bin -name "kmod-youtubeUnblock*.ipk"`, copy to your host and install to the router via gui software interface. The module should start immediately. If not, do `modprobe kyoutubeUnblock`.
 
+
+## Padavan
+YoutubeUnblock may also run on Padavan. [Check the manual here\[rus\]](Padavan.md)
+
+
  >If you have any questions/suggestions/problems feel free to open an [issue](https://github.com/Waujito/youtubeUnblock/issues).
+
+

args.c

@@ -1,545 +0,0 @@
-#include "config.h"
-#include <stdbool.h>
-#include <errno.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <getopt.h>
-#include <stdlib.h>
-#include <string.h>
-#include "types.h"
-#include "args.h"
-
-static char custom_fake_buf[MAX_FAKE_SIZE];
-
-struct config_t config = {
-	.threads = THREADS_NUM,
-	.queue_start_num = DEFAULT_QUEUE_NUM,
-	.mark = DEFAULT_RAWSOCKET_MARK,
-	.use_ipv6 = 1,
-
-	.verbose = VERBOSE_DEBUG,
-	.use_gso = true,
-
-	.default_config = default_section_config,
-	.custom_configs_len = 0
-};
-
-#define OPT_SNI_DOMAINS		1
-#define OPT_EXCLUDE_DOMAINS	25
-#define OPT_FAKE_SNI 		2
-#define OPT_FAKING_TTL		3
-#define OPT_FAKING_STRATEGY	10
-#define OPT_FAKE_SNI_SEQ_LEN	11
-#define OPT_FAKE_SNI_TYPE	27
-#define OPT_FAKE_CUSTOM_PAYLOAD	28
-#define OPT_START_SECTION	29
-#define OPT_END_SECTION		30
-#define OPT_FRAG    		4
-#define OPT_FRAG_SNI_REVERSE	12
-#define OPT_FRAG_SNI_FAKED	13
-#define OPT_FRAG_MIDDLE_SNI	18
-#define OPT_FRAG_SNI_POS	19
-#define OPT_FK_WINSIZE		14
-#define OPT_TRACE		15
-#define OPT_QUIC_DROP		16
-#define OPT_SNI_DETECTION	17
-#define OPT_NO_IPV6		20
-#define OPT_FAKE_SEQ_OFFSET	21
-#define OPT_PACKET_MARK 	22
-#define OPT_SYNFAKE	 	23
-#define OPT_SYNFAKE_LEN	 	24
-#define OPT_SEG2DELAY 		5
-#define OPT_THREADS 		6
-#define OPT_SILENT 		7
-#define OPT_NO_GSO 		8
-#define OPT_QUEUE_NUM		9
-
-#define OPT_MAX OPT_END_SECTION
-
-static struct option long_opt[] = {
-	{"help",		0, 0, 'h'},
-	{"version",		0, 0, 'v'},
-	{"sni-domains",		1, 0, OPT_SNI_DOMAINS},
-	{"exclude-domains",	1, 0, OPT_EXCLUDE_DOMAINS},
-	{"fake-sni",		1, 0, OPT_FAKE_SNI},
-	{"synfake",		1, 0, OPT_SYNFAKE},
-	{"synfake-len",		1, 0, OPT_SYNFAKE_LEN},
-	{"fake-sni-seq-len",	1, 0, OPT_FAKE_SNI_SEQ_LEN},
-	{"fake-sni-type",	1, 0, OPT_FAKE_SNI_TYPE},
-	{"fake-custom-payload", 1, 0, OPT_FAKE_CUSTOM_PAYLOAD},
-	{"faking-strategy",	1, 0, OPT_FAKING_STRATEGY},
-	{"fake-seq-offset",	1, 0, OPT_FAKE_SEQ_OFFSET},
-	{"faking-ttl",		1, 0, OPT_FAKING_TTL},
-	{"frag",		1, 0, OPT_FRAG},
-	{"frag-sni-reverse",	1, 0, OPT_FRAG_SNI_REVERSE},
-	{"frag-sni-faked",	1, 0, OPT_FRAG_SNI_FAKED},
-	{"frag-middle-sni",	1, 0, OPT_FRAG_MIDDLE_SNI},
-	{"frag-sni-pos",	1, 0, OPT_FRAG_SNI_POS},
-	{"fk-winsize",		1, 0, OPT_FK_WINSIZE},
-	{"quic-drop",		0, 0, OPT_QUIC_DROP},
-	{"sni-detection",	1, 0, OPT_SNI_DETECTION},
-	{"seg2delay",		1, 0, OPT_SEG2DELAY},
-	{"threads",		1, 0, OPT_THREADS},
-	{"silent",		0, 0, OPT_SILENT},
-	{"trace",		0, 0, OPT_TRACE},
-	{"no-gso",		0, 0, OPT_NO_GSO},
-	{"no-ipv6",		0, 0, OPT_NO_IPV6},
-	{"queue-num",		1, 0, OPT_QUEUE_NUM},
-	{"packet-mark",		1, 0, OPT_PACKET_MARK},
-	{"fbegin",		0, 0, OPT_START_SECTION},
-	{"fend",		0, 0, OPT_END_SECTION},
-	{0,0,0,0}
-};
-
-static long parse_numeric_option(const char* value) {
-	errno = 0;
-
-	if (*value == '\0') {
-		errno = EINVAL;
-		return 0;
-	}
-
-	char* end;
-	long result = strtol(value, &end, 10);
-	if (*end != '\0') {
-		errno = EINVAL;
-		return 0;
-	}
-
-	return result;
-}
-
-void print_version() {
-  	printf("youtubeUnblock\n");	
-	printf("Bypasses deep packet inspection systems that relies on SNI\n");
-	printf("\n");
-}
-
-void print_usage(const char *argv0) {
-	print_version();
-
-	printf("Usage: %s [ OPTIONS ] \n", argv0);
-	printf("Options:\n");
-	printf("\t--queue-num=<number of netfilter queue>\n");
-	printf("\t--sni-domains=<comma separated domain list>|all\n");
-	printf("\t--exclude-domains=<comma separated domain list>\n");
-	printf("\t--fake-sni={1|0}\n");
-	printf("\t--fake-sni-seq-len=<length>\n");
-	printf("\t--fake-sni-type={default|random|custom}\n");
-	printf("\t--fake-custom-payload=<hex payload>\n");
-	printf("\t--fake-seq-offset=<offset>\n");
-	printf("\t--faking-ttl=<ttl>\n");
-	printf("\t--faking-strategy={randseq|ttl|tcp_check|pastseq|md5sum}\n");
-	printf("\t--synfake={1|0}\n");
-	printf("\t--synfake-len=<len>\n");
-	printf("\t--frag={tcp,ip,none}\n");
-	printf("\t--frag-sni-reverse={0|1}\n");
-	printf("\t--frag-sni-faked={0|1}\n");
-	printf("\t--frag-middle-sni={0|1}\n");
-	printf("\t--frag-sni-pos=<pos>\n");
-	printf("\t--fk-winsize=<winsize>\n");
-	printf("\t--quic-drop\n");
-	printf("\t--sni-detection={parse|brute}\n");
-	printf("\t--seg2delay=<delay>\n");
-	printf("\t--threads=<threads number>\n");
-	printf("\t--packet-mark=<mark>\n");
-	printf("\t--silent\n");
-	printf("\t--trace\n");
-	printf("\t--no-gso\n");
-	printf("\t--no-ipv6\n");
-	printf("\t--fbegin\n");
-	printf("\t--fend\n");
-	printf("\n");
-}
-
-int parse_args(int argc, char *argv[]) {
-  	int opt;
-	int optIdx = 0;
-	long num;
-
-	struct section_config_t *sect_config = &config.default_config;
-	
-#define SECT_ITER_DEFAULT	1
-#define SECT_ITER_INSIDE	2
-#define SECT_ITER_OUTSIDE	3
-
-	int section_iter = SECT_ITER_DEFAULT;
-
-	while ((opt = getopt_long(argc, argv, "hv", long_opt, &optIdx)) != -1) {
-		switch (opt) {
-/* config_t scoped configs */
-		case 'h':
-			print_usage(argv[0]);
-			goto stop_exec;
-		case 'v':
-			print_version();
-			goto stop_exec;
-		case OPT_TRACE:
-			if (section_iter != SECT_ITER_DEFAULT)
-				goto invalid_opt;
-			config.verbose = 2;
-			break;
-		case OPT_SILENT:
-			if (section_iter != SECT_ITER_DEFAULT)
-				goto invalid_opt;
-
-			config.verbose = 0;
-			break;
-		case OPT_NO_GSO:
-			if (section_iter != SECT_ITER_DEFAULT)
-				goto invalid_opt;
-
-			config.use_gso = 0;
-			break;
-		case OPT_NO_IPV6:
-			if (section_iter != SECT_ITER_DEFAULT)
-				goto invalid_opt;
-
-			config.use_ipv6 = 0;
-			break;
-		case OPT_THREADS:
-			if (section_iter != SECT_ITER_DEFAULT)
-				goto invalid_opt;
-
-			num = parse_numeric_option(optarg);
-			if (errno != 0 || num < 0 || num > MAX_THREADS) {
-				goto invalid_opt;
-			}
-
-			config.threads = num;
-			break;
-		case OPT_QUEUE_NUM:
-			if (section_iter != SECT_ITER_DEFAULT)
-				goto invalid_opt;
-
-			num = parse_numeric_option(optarg);
-			if (errno != 0 || num < 0) {
-				goto invalid_opt;
-			}
-
-			config.queue_start_num = num;
-			break;
-		case OPT_PACKET_MARK:
-			if (section_iter != SECT_ITER_DEFAULT)
-				goto invalid_opt;
-
-			num = parse_numeric_option(optarg);
-			if (errno != 0 || num < 0) {
-				goto invalid_opt;
-			}
-
-			config.mark = num;
-			break;
-		case OPT_START_SECTION:
-			if (section_iter != SECT_ITER_DEFAULT && section_iter != SECT_ITER_OUTSIDE)
-				goto invalid_opt;
-
-			sect_config = &config.custom_configs[config.custom_configs_len++];
-			*sect_config = (struct section_config_t)default_section_config;
-			section_iter = SECT_ITER_INSIDE;
-
-			break;
-		case OPT_END_SECTION:
-			if (section_iter != SECT_ITER_INSIDE)
-				goto invalid_opt;
-
-			section_iter = SECT_ITER_OUTSIDE;
-			sect_config = &config.default_config;
-			break;
-
-/* section_config_t scoped configs */
-		case OPT_SNI_DOMAINS:
-			if (!strcmp(optarg, "all")) {
-				sect_config->all_domains = 1;
-			}
-
-			sect_config->domains_str = optarg;
-			sect_config->domains_strlen = strlen(sect_config->domains_str);
-			break;
-		case OPT_EXCLUDE_DOMAINS:
-			sect_config->exclude_domains_str = optarg;
-			sect_config->exclude_domains_strlen = strlen(sect_config->exclude_domains_str);
-			break;
-		case OPT_FRAG:
-			if (strcmp(optarg, "tcp") == 0) {
-				sect_config->fragmentation_strategy = FRAG_STRAT_TCP;
-			} else if (strcmp(optarg, "ip") == 0) {
-				sect_config->fragmentation_strategy = FRAG_STRAT_IP;
-			} else if (strcmp(optarg, "none") == 0) {
-				sect_config->fragmentation_strategy = FRAG_STRAT_NONE;
-			} else {
-				goto invalid_opt;
-			}
-
-			break;
-		case OPT_FRAG_SNI_FAKED:
-			if (strcmp(optarg, "1") == 0) {
-				sect_config->frag_sni_faked = 1;
-			} else if (strcmp(optarg, "0") == 0) {
-				sect_config->frag_sni_faked = 0;
-			} else {
-				goto invalid_opt;
-			}
-
-			break;
-		case OPT_FRAG_SNI_REVERSE:
-			if (strcmp(optarg, "1") == 0) {
-				sect_config->frag_sni_reverse = 1;
-			} else if (strcmp(optarg, "0") == 0) {
-				sect_config->frag_sni_reverse = 0;
-			} else {
-				goto invalid_opt;
-			}
-
-			break;
-		case OPT_FRAG_MIDDLE_SNI:
-			if (strcmp(optarg, "1") == 0) {
-				sect_config->frag_middle_sni = 1;
-			} else if (strcmp(optarg, "0") == 0) {
-				sect_config->frag_middle_sni = 0;
-			} else {
-				goto invalid_opt;
-			}
-
-			break;
-		case OPT_FRAG_SNI_POS:
-			num = parse_numeric_option(optarg);
-			if (errno != 0 || num < 0) {
-				goto invalid_opt;
-			}
-
-			sect_config->frag_sni_pos = num;
-			break;
-		case OPT_FAKING_STRATEGY:
-			if (strcmp(optarg, "randseq") == 0) {
-				sect_config->faking_strategy = FAKE_STRAT_RAND_SEQ;
-			} else if (strcmp(optarg, "ttl") == 0) {
-				sect_config->faking_strategy = FAKE_STRAT_TTL;
-			} else if (strcmp(optarg, "tcp_check") == 0) {
-				sect_config->faking_strategy = FAKE_STRAT_TCP_CHECK;
-			} else if (strcmp(optarg, "pastseq") == 0) {
-				sect_config->faking_strategy = FAKE_STRAT_PAST_SEQ;
-			} else if (strcmp(optarg, "md5sum") == 0) {
-				sect_config->faking_strategy = FAKE_STRAT_TCP_MD5SUM;
-			} else {
-				goto invalid_opt;
-			}
-
-			break;
-		case OPT_FAKING_TTL:
-			num = parse_numeric_option(optarg);
-			if (errno != 0 || num < 0 || num > 255) {
-				goto invalid_opt;
-			}
-
-			sect_config->faking_ttl = num;
-			break;
-		case OPT_FAKE_SEQ_OFFSET:
-			num = parse_numeric_option(optarg);
-			if (errno != 0) {
-				goto invalid_opt;
-			}
-
-			sect_config->fakeseq_offset = num;
-			break;
-		case OPT_FAKE_SNI:
-			if (strcmp(optarg, "1") == 0) {
-				sect_config->fake_sni = 1;				
-			} else if (strcmp(optarg, "0") == 0) {
-				sect_config->fake_sni = 0;
-			} else {
-				goto invalid_opt;
-			}
-
-			break;
-		case OPT_FAKE_SNI_SEQ_LEN:
-			num = parse_numeric_option(optarg);
-			if (errno != 0 || num < 0 || num > 255) {
-				goto invalid_opt;
-			}
-
-			sect_config->fake_sni_seq_len = num;
-			break;
-		case OPT_FAKE_SNI_TYPE:
-			if (strcmp(optarg, "default") == 0) {
-				sect_config->fake_sni_type = FAKE_PAYLOAD_DEFAULT;
-			} else if (strcmp(optarg, "random") == 0) {
-				sect_config->fake_sni_type = FAKE_PAYLOAD_RANDOM;
-			} else if (strcmp(optarg, "custom") == 0) {
-				sect_config->fake_sni_type = FAKE_PAYLOAD_CUSTOM;
-			} else {
-				goto invalid_opt;
-			}
-
-			break;
-		case OPT_FAKE_CUSTOM_PAYLOAD: {
-				uint8_t *const custom_buf = (uint8_t *)custom_fake_buf;
-
-				const char *custom_hex_fake = optarg;
-				size_t custom_hlen = strlen(custom_hex_fake);
-				if ((custom_hlen & 1) == 1) {
-					printf("Custom fake hex should be divisible by two\n");
-					goto invalid_opt;
-				}
-
-
-				size_t custom_len = custom_hlen >> 1;
-				if (custom_len > MAX_FAKE_SIZE) {
-					printf("Custom fake is too large\n");
-					goto invalid_opt;
-				}
-
-				for (int i = 0; i < custom_len; i++) {
-					sscanf(custom_hex_fake + (i << 1), "%2hhx", custom_buf + i);
-				}
-
-				sect_config->fake_custom_pkt_sz = custom_len;
-				sect_config->fake_custom_pkt = (char *)custom_buf;
-			}
-			break;
-		case OPT_FK_WINSIZE:
-			num = parse_numeric_option(optarg);
-			if (errno != 0 || num < 0) {
-				goto invalid_opt;
-			}
-
-			sect_config->fk_winsize = num;
-			break;
-
-		case OPT_SEG2DELAY:
-			num = parse_numeric_option(optarg);
-			if (errno != 0 || num < 0) {
-				goto invalid_opt;
-			}
-
-			sect_config->seg2_delay = num;
-			break;
-		case OPT_QUIC_DROP:
-			sect_config->quic_drop = 1;
-			break;
-		case OPT_SNI_DETECTION:
-			if (strcmp(optarg, "parse") == 0) {
-				sect_config->sni_detection = SNI_DETECTION_PARSE;
-			} else if (strcmp(optarg, "brute") == 0) {
-				sect_config->sni_detection = SNI_DETECTION_BRUTE;
-			} else {
-				goto invalid_opt;
-			}
-
-			break;
-		default:
-			goto error;
-		}
-
-	}
-
-
-	errno = 0;
-	return 0;
-stop_exec:
-	errno = 0;
-	return 1;
-
-invalid_opt:
-	printf("Invalid option %s\n", long_opt[optIdx].name);
-error:
-	print_usage(argv[0]);
-	errno = EINVAL;
-	return -1;
-}
-
-void print_welcome() {
-	if (config.use_gso) {
-		printf("GSO is enabled\n");
-	}
-
-	if (config.use_ipv6) {
-		printf("IPv6 is enabled\n");
-	} else {
-		printf("IPv6 is disabled\n");
-	}
-	
-	printf("Detected %d config sections\n", config.custom_configs_len + 1);
-	printf("The sections will be processed in ordred they goes in this output");
-
-	ITER_CONFIG_SECTIONS(section) {
-		int section_number = CONFIG_SECTION_NUMBER(section);
-		printf("Section #%d\n", section_number);
-
-		switch (section->fragmentation_strategy) {
-			case FRAG_STRAT_TCP:
-				printf("Using TCP segmentation\n");
-				break;
-			case FRAG_STRAT_IP:
-				printf("Using IP fragmentation\n");
-				break;
-			default:
-				printf("SNI fragmentation is disabled\n");
-				break;
-		}
-
-		if (section->seg2_delay) {
-			printf("Some outgoing googlevideo request segments will be delayed for %d ms as of seg2_delay define\n", section->seg2_delay);
-		}
-
-		if (section->fake_sni) {
-			printf("Fake SNI will be sent before each target client hello\n");
-		} else {
-			printf("Fake SNI is disabled\n");
-		}
-
-		if (section->frag_sni_reverse) {
-			printf("Fragmentation Client Hello will be reversed\n");
-		}
-
-		if (section->frag_sni_faked) {
-			printf("Fooling packets will be sent near the original Client Hello\n");
-		}
-
-		if (section->fake_sni_seq_len > 1) {
-			printf("Faking sequence of length %d will be built as fake sni\n", section->fake_sni_seq_len);
-		}
-
-		switch (section->faking_strategy) {
-			case FAKE_STRAT_TTL:
-				printf("TTL faking strategy will be used with TTL %d\n", section->faking_ttl);
-				break;
-			case FAKE_STRAT_RAND_SEQ:
-				printf("Random seq faking strategy will be used\n");
-				printf("Fake seq offset set to %u\n", section->fakeseq_offset);
-				break;
-			case FAKE_STRAT_TCP_CHECK:
-				printf("TCP checksum faking strategy will be used\n");
-				break;
-			case FAKE_STRAT_PAST_SEQ:
-				printf("Past seq faking strategy will be used\n");
-				break;
-			case FAKE_STRAT_TCP_MD5SUM:
-				printf("md5sum faking strategy will be used\n");
-				break;
-		}
-
-		if (section->fk_winsize) {
-			printf("Response TCP window will be set to %d with the appropriate scale\n", section->fk_winsize);
-		}
-
-		if (section->synfake) {
-			printf("Fake SYN payload will be sent with each TCP request SYN packet\n");
-		}
-
-		if (section->quic_drop) {
-			printf("All QUIC packets will be dropped\n");
-		}
-
-		if (section->sni_detection == SNI_DETECTION_BRUTE) {
-			printf("Server Name Extension will be parsed in the bruteforce mode\n");
-		}
-
-		if (section->all_domains) {
-			printf("All Client Hello will be targetted by youtubeUnblock!\n");
-		} else {
-			printf("Target sni domains: %s\n", section->domains_str);
-		}
-	}
-}
-

args.h

@@ -1,11 +0,0 @@
-#ifndef ARGS_H
-#define ARGS_H
-
-void print_version();
-void print_usage(const char *argv0);
-int parse_args(int argc, char *argv[]);
-
-/* Prints starting messages */
-void print_welcome();
-
-#endif /* ARGS_H */

config.h

@@ -1,198 +0,0 @@
-#ifndef YTB_CONFIG_H
-#define YTB_CONFIG_H
-
-#ifndef KERNEL_SPACE
-#define USER_SPACE
-#endif
-
-#include "raw_replacements.h"
-
-typedef int (*raw_send_t)(const unsigned char *data, unsigned int data_len);
-/**
- * Sends the packet after delay_ms. The function should schedule send and return immediately
- * (for example, open daemon thread)
- */
-typedef int (*delayed_send_t)(const unsigned char *data, unsigned int data_len, unsigned int delay_ms);
-
-struct instance_config_t {
-	raw_send_t send_raw_packet;
-	delayed_send_t send_delayed_packet;
-};
-extern struct instance_config_t instance_config;
-
-struct section_config_t {
-	const char *domains_str;
-	unsigned int domains_strlen;
-
-	int fragmentation_strategy;
-	int frag_sni_reverse;
-	int frag_sni_faked;
-	int faking_strategy;
-	int frag_middle_sni;
-	int frag_sni_pos;
-	unsigned char faking_ttl;
-	int fake_sni;
-	unsigned int fake_sni_seq_len;
-
-#define FAKE_PAYLOAD_RANDOM	0
-#define FAKE_PAYLOAD_CUSTOM	1
-// In default mode all other options will be skipped.
-#define FAKE_PAYLOAD_DEFAULT	2
-	int fake_sni_type;
-
-	int quic_drop;
-
-	/* In milliseconds */
-	unsigned int seg2_delay;
-	int synfake;
-	unsigned int synfake_len;
-
-	const char *exclude_domains_str;
-	unsigned int exclude_domains_strlen;
-	unsigned int all_domains;
-
-	const char *fake_sni_pkt;
-	unsigned int fake_sni_pkt_sz;
-
-	const char *fake_custom_pkt;
-	unsigned int fake_custom_pkt_sz;
-
-	unsigned int fk_winsize;
-	int fakeseq_offset;
-
-#define SNI_DETECTION_PARSE 0
-#define SNI_DETECTION_BRUTE 1
-	int sni_detection;
-
-
-};
-
-#define MAX_CONFIGLIST_LEN 64
-
-struct config_t {
-	unsigned int queue_start_num;
-	int threads;
-	int use_gso;
-	int use_ipv6;
-	unsigned int mark;
-
-#define VERBOSE_INFO	0
-#define VERBOSE_DEBUG	1
-#define VERBOSE_TRACE	2
-	int verbose;
-
-	struct section_config_t default_config;
-	struct section_config_t custom_configs[MAX_CONFIGLIST_LEN];
-	int custom_configs_len;
-};
-
-extern struct config_t config;
-
-#define ITER_CONFIG_SECTIONS(section) \
-for (struct section_config_t *section = &config.default_config + config.custom_configs_len; section >= &config.default_config; section--)
-
-#define CONFIG_SECTION_NUMBER(section) (int)((section) - &config.default_config)
-
-#define default_section_config {				\
-	.frag_sni_reverse = 1,                                  \
-	.frag_sni_faked = 0,                                    \
-	.fragmentation_strategy = FRAGMENTATION_STRATEGY,       \
-	.faking_strategy = FAKING_STRATEGY,                     \
-	.faking_ttl = FAKE_TTL,                                 \
-	.fake_sni = 1,                                          \
-	.fake_sni_seq_len = 1,                                  \
-	.fake_sni_type = FAKE_PAYLOAD_DEFAULT,                  \
-	.frag_middle_sni = 1,                                   \
-	.frag_sni_pos = 1,                                      \
-	.fakeseq_offset = 10000,                                \
-	.synfake = 0,                                           \
-	.synfake_len = 0,                                       \
-	.quic_drop = 0,                                         \
-                                                                \
-	.seg2_delay = 0,                                        \
-                                                                \
-	.domains_str = defaul_snistr,                           \
-	.domains_strlen = sizeof(defaul_snistr),                \
-                                                                \
-	.exclude_domains_str = "",                              \
-	.exclude_domains_strlen = 0,                            \
-                                                                \
-	.fake_sni_pkt = fake_sni_old,                           \
-	.fake_sni_pkt_sz = sizeof(fake_sni_old) - 1,		\
-	.fake_custom_pkt = custom_fake_buf,                     \
-	.fake_custom_pkt_sz = 0,                                \
-	.sni_detection = SNI_DETECTION_PARSE,                   \
-}
-
-#define MAX_THREADS 16
-
-#ifndef THREADS_NUM
-#define THREADS_NUM 1
-#endif
-
-#if THREADS_NUM > MAX_THREADS
-#error "Too much threads"
-#endif
-
-#ifndef NOUSE_GSO
-#define USE_GSO
-#endif
-
-#define FRAG_STRAT_TCP	0
-#define FRAG_STRAT_IP	1
-#define FRAG_STRAT_NONE	2
-
-#ifndef FRAGMENTATION_STRATEGY
-#define FRAGMENTATION_STRATEGY FRAG_STRAT_TCP
-#endif
-
-#define DEFAULT_RAWSOCKET_MARK (1 << 15)
-
-#ifdef USE_SEG2_DELAY
-#define SEG2_DELAY 100
-#endif
-
-#define FAKE_TTL 8
-
-// Will invalidate fake packets by out-of-ack_seq out-of-seq request
-#define FAKE_STRAT_RAND_SEQ	(1 << 0)
-// Will assume that GGC server is located further than FAKE_TTL
-// Thus, Fake packet will be eliminated automatically.
-#define FAKE_STRAT_TTL		(1 << 1)
-#define FAKE_STRAT_PAST_SEQ	(1 << 2)
-#define FAKE_STRAT_TCP_CHECK	(1 << 3)
-#define FAKE_STRAT_TCP_MD5SUM	(1 << 4)
-
-#define FAKE_STRAT_COUNT	5
-
-/**
- * This macros iterates through all faking strategies and executes code under it.
- * destination strategy will be available under name of `strategy` variable.
- */
-#define ITER_FAKE_STRAT(fake_bitmask, strategy) \
-for (int strategy = 1; strategy <= (1 << FAKE_STRAT_COUNT); strategy <<= 1) \
-if ((fake_bitmask) & strategy) 
-
-#ifndef FAKING_STRATEGY
-#define FAKING_STRATEGY FAKE_STRAT_PAST_SEQ
-#endif
-
-#define MAX_FAKE_SIZE 1300
-
-#if !defined(SILENT) && !defined(KERNEL_SPACE)
-#define DEBUG
-#endif
-
-// The Maximum Transmission Unit size for rawsocket
-// Larger packets will be fragmented. Applicable for Chrome's kyber.
-#define AVAILABLE_MTU 1500
-
-#define DEFAULT_QUEUE_NUM 537
-
-#define MAX_PACKET_SIZE 8192
-
-#define DEFAULT_SNISTR "googlevideo.com,ggpht.com,ytimg.com,youtube.com,play.google.com,youtu.be,googleapis.com,googleusercontent.com,gstatic.com,l.google.com"
-
-static const char defaul_snistr[] = DEFAULT_SNISTR;
-
-#endif /* YTB_CONFIG_H */

deps/cyclone/Makefile

@@ -0,0 +1,24 @@
+SRCS := $(shell find -name "*.c")
+OBJS := $(SRCS:%.c=build/%.o)
+override CFLAGS += -Iinclude -Wno-pedantic
+LIBNAME := libcyclone.a
+CC := gcc
+
+
+run: $(OBJS)
+	@echo "AR $(LIBNAME)"
+	@ar rcs libcyclone.a $(OBJS)
+
+prep_dirs:
+	mkdir -p build
+
+
+build/%.o: %.c prep_dirs
+	$(CC) $(CFLAGS) -c -o $@ $<
+
+clean:
+	@rm $(OBJS) || true
+	@rm libcyclone.a || true
+	@rm -rf build || true
+
+

deps/cyclone/aes.c

@@ -0,0 +1,577 @@
+/**
+ * @file aes.c
+ * @brief AES (Advanced Encryption Standard)
+ *
+ * @section License
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
+ *
+ * This file is part of CycloneCRYPTO Open.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * @section Description
+ *
+ * AES is an encryption standard based on Rijndael algorithm, a symmetric block
+ * cipher that can process data blocks of 128 bits, using cipher keys with
+ * lengths of 128, 192, and 256 bits. Refer to FIPS 197 for more details
+ *
+ * @author Oryx Embedded SARL (www.oryx-embedded.com)
+ * @version 2.4.4
+ **/
+
+//Switch to the appropriate trace level
+#define TRACE_LEVEL CRYPTO_TRACE_LEVEL
+
+//Dependencies
+#include "core/crypto.h"
+#include "cipher/aes.h"
+
+//Check crypto library configuration
+#if (AES_SUPPORT == ENABLED)
+
+//Substitution table used by encryption algorithm (S-box)
+static const uint8_t sbox[256] =
+{
+   0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
+   0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
+   0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
+   0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
+   0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
+   0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
+   0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
+   0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
+   0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
+   0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
+   0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
+   0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
+   0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
+   0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
+   0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
+   0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
+};
+
+//Substitution table used by decryption algorithm (inverse S-box)
+static const uint8_t isbox[256] =
+{
+   0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
+   0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
+   0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
+   0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
+   0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
+   0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
+   0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
+   0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
+   0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
+   0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
+   0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
+   0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
+   0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
+   0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
+   0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
+   0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
+};
+
+//Precalculated table (encryption)
+static const uint32_t te[256] =
+{
+   0xA56363C6, 0x847C7CF8, 0x997777EE, 0x8D7B7BF6, 0x0DF2F2FF, 0xBD6B6BD6, 0xB16F6FDE, 0x54C5C591,
+   0x50303060, 0x03010102, 0xA96767CE, 0x7D2B2B56, 0x19FEFEE7, 0x62D7D7B5, 0xE6ABAB4D, 0x9A7676EC,
+   0x45CACA8F, 0x9D82821F, 0x40C9C989, 0x877D7DFA, 0x15FAFAEF, 0xEB5959B2, 0xC947478E, 0x0BF0F0FB,
+   0xECADAD41, 0x67D4D4B3, 0xFDA2A25F, 0xEAAFAF45, 0xBF9C9C23, 0xF7A4A453, 0x967272E4, 0x5BC0C09B,
+   0xC2B7B775, 0x1CFDFDE1, 0xAE93933D, 0x6A26264C, 0x5A36366C, 0x413F3F7E, 0x02F7F7F5, 0x4FCCCC83,
+   0x5C343468, 0xF4A5A551, 0x34E5E5D1, 0x08F1F1F9, 0x937171E2, 0x73D8D8AB, 0x53313162, 0x3F15152A,
+   0x0C040408, 0x52C7C795, 0x65232346, 0x5EC3C39D, 0x28181830, 0xA1969637, 0x0F05050A, 0xB59A9A2F,
+   0x0907070E, 0x36121224, 0x9B80801B, 0x3DE2E2DF, 0x26EBEBCD, 0x6927274E, 0xCDB2B27F, 0x9F7575EA,
+   0x1B090912, 0x9E83831D, 0x742C2C58, 0x2E1A1A34, 0x2D1B1B36, 0xB26E6EDC, 0xEE5A5AB4, 0xFBA0A05B,
+   0xF65252A4, 0x4D3B3B76, 0x61D6D6B7, 0xCEB3B37D, 0x7B292952, 0x3EE3E3DD, 0x712F2F5E, 0x97848413,
+   0xF55353A6, 0x68D1D1B9, 0x00000000, 0x2CEDEDC1, 0x60202040, 0x1FFCFCE3, 0xC8B1B179, 0xED5B5BB6,
+   0xBE6A6AD4, 0x46CBCB8D, 0xD9BEBE67, 0x4B393972, 0xDE4A4A94, 0xD44C4C98, 0xE85858B0, 0x4ACFCF85,
+   0x6BD0D0BB, 0x2AEFEFC5, 0xE5AAAA4F, 0x16FBFBED, 0xC5434386, 0xD74D4D9A, 0x55333366, 0x94858511,
+   0xCF45458A, 0x10F9F9E9, 0x06020204, 0x817F7FFE, 0xF05050A0, 0x443C3C78, 0xBA9F9F25, 0xE3A8A84B,
+   0xF35151A2, 0xFEA3A35D, 0xC0404080, 0x8A8F8F05, 0xAD92923F, 0xBC9D9D21, 0x48383870, 0x04F5F5F1,
+   0xDFBCBC63, 0xC1B6B677, 0x75DADAAF, 0x63212142, 0x30101020, 0x1AFFFFE5, 0x0EF3F3FD, 0x6DD2D2BF,
+   0x4CCDCD81, 0x140C0C18, 0x35131326, 0x2FECECC3, 0xE15F5FBE, 0xA2979735, 0xCC444488, 0x3917172E,
+   0x57C4C493, 0xF2A7A755, 0x827E7EFC, 0x473D3D7A, 0xAC6464C8, 0xE75D5DBA, 0x2B191932, 0x957373E6,
+   0xA06060C0, 0x98818119, 0xD14F4F9E, 0x7FDCDCA3, 0x66222244, 0x7E2A2A54, 0xAB90903B, 0x8388880B,
+   0xCA46468C, 0x29EEEEC7, 0xD3B8B86B, 0x3C141428, 0x79DEDEA7, 0xE25E5EBC, 0x1D0B0B16, 0x76DBDBAD,
+   0x3BE0E0DB, 0x56323264, 0x4E3A3A74, 0x1E0A0A14, 0xDB494992, 0x0A06060C, 0x6C242448, 0xE45C5CB8,
+   0x5DC2C29F, 0x6ED3D3BD, 0xEFACAC43, 0xA66262C4, 0xA8919139, 0xA4959531, 0x37E4E4D3, 0x8B7979F2,
+   0x32E7E7D5, 0x43C8C88B, 0x5937376E, 0xB76D6DDA, 0x8C8D8D01, 0x64D5D5B1, 0xD24E4E9C, 0xE0A9A949,
+   0xB46C6CD8, 0xFA5656AC, 0x07F4F4F3, 0x25EAEACF, 0xAF6565CA, 0x8E7A7AF4, 0xE9AEAE47, 0x18080810,
+   0xD5BABA6F, 0x887878F0, 0x6F25254A, 0x722E2E5C, 0x241C1C38, 0xF1A6A657, 0xC7B4B473, 0x51C6C697,
+   0x23E8E8CB, 0x7CDDDDA1, 0x9C7474E8, 0x211F1F3E, 0xDD4B4B96, 0xDCBDBD61, 0x868B8B0D, 0x858A8A0F,
+   0x907070E0, 0x423E3E7C, 0xC4B5B571, 0xAA6666CC, 0xD8484890, 0x05030306, 0x01F6F6F7, 0x120E0E1C,
+   0xA36161C2, 0x5F35356A, 0xF95757AE, 0xD0B9B969, 0x91868617, 0x58C1C199, 0x271D1D3A, 0xB99E9E27,
+   0x38E1E1D9, 0x13F8F8EB, 0xB398982B, 0x33111122, 0xBB6969D2, 0x70D9D9A9, 0x898E8E07, 0xA7949433,
+   0xB69B9B2D, 0x221E1E3C, 0x92878715, 0x20E9E9C9, 0x49CECE87, 0xFF5555AA, 0x78282850, 0x7ADFDFA5,
+   0x8F8C8C03, 0xF8A1A159, 0x80898909, 0x170D0D1A, 0xDABFBF65, 0x31E6E6D7, 0xC6424284, 0xB86868D0,
+   0xC3414182, 0xB0999929, 0x772D2D5A, 0x110F0F1E, 0xCBB0B07B, 0xFC5454A8, 0xD6BBBB6D, 0x3A16162C
+};
+
+//Precalculated table (decryption)
+static const uint32_t td[256] =
+{
+   0x50A7F451, 0x5365417E, 0xC3A4171A, 0x965E273A, 0xCB6BAB3B, 0xF1459D1F, 0xAB58FAAC, 0x9303E34B,
+   0x55FA3020, 0xF66D76AD, 0x9176CC88, 0x254C02F5, 0xFCD7E54F, 0xD7CB2AC5, 0x80443526, 0x8FA362B5,
+   0x495AB1DE, 0x671BBA25, 0x980EEA45, 0xE1C0FE5D, 0x02752FC3, 0x12F04C81, 0xA397468D, 0xC6F9D36B,
+   0xE75F8F03, 0x959C9215, 0xEB7A6DBF, 0xDA595295, 0x2D83BED4, 0xD3217458, 0x2969E049, 0x44C8C98E,
+   0x6A89C275, 0x78798EF4, 0x6B3E5899, 0xDD71B927, 0xB64FE1BE, 0x17AD88F0, 0x66AC20C9, 0xB43ACE7D,
+   0x184ADF63, 0x82311AE5, 0x60335197, 0x457F5362, 0xE07764B1, 0x84AE6BBB, 0x1CA081FE, 0x942B08F9,
+   0x58684870, 0x19FD458F, 0x876CDE94, 0xB7F87B52, 0x23D373AB, 0xE2024B72, 0x578F1FE3, 0x2AAB5566,
+   0x0728EBB2, 0x03C2B52F, 0x9A7BC586, 0xA50837D3, 0xF2872830, 0xB2A5BF23, 0xBA6A0302, 0x5C8216ED,
+   0x2B1CCF8A, 0x92B479A7, 0xF0F207F3, 0xA1E2694E, 0xCDF4DA65, 0xD5BE0506, 0x1F6234D1, 0x8AFEA6C4,
+   0x9D532E34, 0xA055F3A2, 0x32E18A05, 0x75EBF6A4, 0x39EC830B, 0xAAEF6040, 0x069F715E, 0x51106EBD,
+   0xF98A213E, 0x3D06DD96, 0xAE053EDD, 0x46BDE64D, 0xB58D5491, 0x055DC471, 0x6FD40604, 0xFF155060,
+   0x24FB9819, 0x97E9BDD6, 0xCC434089, 0x779ED967, 0xBD42E8B0, 0x888B8907, 0x385B19E7, 0xDBEEC879,
+   0x470A7CA1, 0xE90F427C, 0xC91E84F8, 0x00000000, 0x83868009, 0x48ED2B32, 0xAC70111E, 0x4E725A6C,
+   0xFBFF0EFD, 0x5638850F, 0x1ED5AE3D, 0x27392D36, 0x64D90F0A, 0x21A65C68, 0xD1545B9B, 0x3A2E3624,
+   0xB1670A0C, 0x0FE75793, 0xD296EEB4, 0x9E919B1B, 0x4FC5C080, 0xA220DC61, 0x694B775A, 0x161A121C,
+   0x0ABA93E2, 0xE52AA0C0, 0x43E0223C, 0x1D171B12, 0x0B0D090E, 0xADC78BF2, 0xB9A8B62D, 0xC8A91E14,
+   0x8519F157, 0x4C0775AF, 0xBBDD99EE, 0xFD607FA3, 0x9F2601F7, 0xBCF5725C, 0xC53B6644, 0x347EFB5B,
+   0x7629438B, 0xDCC623CB, 0x68FCEDB6, 0x63F1E4B8, 0xCADC31D7, 0x10856342, 0x40229713, 0x2011C684,
+   0x7D244A85, 0xF83DBBD2, 0x1132F9AE, 0x6DA129C7, 0x4B2F9E1D, 0xF330B2DC, 0xEC52860D, 0xD0E3C177,
+   0x6C16B32B, 0x99B970A9, 0xFA489411, 0x2264E947, 0xC48CFCA8, 0x1A3FF0A0, 0xD82C7D56, 0xEF903322,
+   0xC74E4987, 0xC1D138D9, 0xFEA2CA8C, 0x360BD498, 0xCF81F5A6, 0x28DE7AA5, 0x268EB7DA, 0xA4BFAD3F,
+   0xE49D3A2C, 0x0D927850, 0x9BCC5F6A, 0x62467E54, 0xC2138DF6, 0xE8B8D890, 0x5EF7392E, 0xF5AFC382,
+   0xBE805D9F, 0x7C93D069, 0xA92DD56F, 0xB31225CF, 0x3B99ACC8, 0xA77D1810, 0x6E639CE8, 0x7BBB3BDB,
+   0x097826CD, 0xF418596E, 0x01B79AEC, 0xA89A4F83, 0x656E95E6, 0x7EE6FFAA, 0x08CFBC21, 0xE6E815EF,
+   0xD99BE7BA, 0xCE366F4A, 0xD4099FEA, 0xD67CB029, 0xAFB2A431, 0x31233F2A, 0x3094A5C6, 0xC066A235,
+   0x37BC4E74, 0xA6CA82FC, 0xB0D090E0, 0x15D8A733, 0x4A9804F1, 0xF7DAEC41, 0x0E50CD7F, 0x2FF69117,
+   0x8DD64D76, 0x4DB0EF43, 0x544DAACC, 0xDF0496E4, 0xE3B5D19E, 0x1B886A4C, 0xB81F2CC1, 0x7F516546,
+   0x04EA5E9D, 0x5D358C01, 0x737487FA, 0x2E410BFB, 0x5A1D67B3, 0x52D2DB92, 0x335610E9, 0x1347D66D,
+   0x8C61D79A, 0x7A0CA137, 0x8E14F859, 0x893C13EB, 0xEE27A9CE, 0x35C961B7, 0xEDE51CE1, 0x3CB1477A,
+   0x59DFD29C, 0x3F73F255, 0x79CE1418, 0xBF37C773, 0xEACDF753, 0x5BAAFD5F, 0x146F3DDF, 0x86DB4478,
+   0x81F3AFCA, 0x3EC468B9, 0x2C342438, 0x5F40A3C2, 0x72C31D16, 0x0C25E2BC, 0x8B493C28, 0x41950DFF,
+   0x7101A839, 0xDEB30C08, 0x9CE4B4D8, 0x90C15664, 0x6184CB7B, 0x70B632D5, 0x745C6C48, 0x4257B8D0
+};
+
+//Round constant word array
+static const uint32_t rcon[11] =
+{
+   0x00000000,
+   0x00000001,
+   0x00000002,
+   0x00000004,
+   0x00000008,
+   0x00000010,
+   0x00000020,
+   0x00000040,
+   0x00000080,
+   0x0000001B,
+   0x00000036
+};
+
+//AES128-ECB OID (2.16.840.1.101.3.4.1.1)
+const uint8_t AES128_ECB_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x01};
+//AES128-CBC OID (2.16.840.1.101.3.4.1.2)
+const uint8_t AES128_CBC_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x02};
+//AES128-OFB OID (2.16.840.1.101.3.4.1.3)
+const uint8_t AES128_OFB_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x03};
+//AES128-CFB OID (2.16.840.1.101.3.4.1.4)
+const uint8_t AES128_CFB_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x04};
+//AES128-GCM OID (2.16.840.1.101.3.4.1.6)
+const uint8_t AES128_GCM_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x06};
+//AES128-CCM OID (2.16.840.1.101.3.4.1.7)
+const uint8_t AES128_CCM_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x07};
+
+//AES192-ECB OID (2.16.840.1.101.3.4.1.21)
+const uint8_t AES192_ECB_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x15};
+//AES192-CBC OID (2.16.840.1.101.3.4.1.22)
+const uint8_t AES192_CBC_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x16};
+//AES192-OFB OID (2.16.840.1.101.3.4.1.23)
+const uint8_t AES192_OFB_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x17};
+//AES192-CFB OID (2.16.840.1.101.3.4.1.24)
+const uint8_t AES192_CFB_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x18};
+//AES192-GCM OID (2.16.840.1.101.3.4.1.26)
+const uint8_t AES192_GCM_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x1A};
+//AES192-CCM OID (2.16.840.1.101.3.4.1.27)
+const uint8_t AES192_CCM_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x1B};
+
+//AES256-ECB OID (2.16.840.1.101.3.4.1.41)
+const uint8_t AES256_ECB_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x29};
+//AES256-CBC OID (2.16.840.1.101.3.4.1.42)
+const uint8_t AES256_CBC_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2A};
+//AES256-OFB OID (2.16.840.1.101.3.4.1.43)
+const uint8_t AES256_OFB_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2B};
+//AES256-CFB OID (2.16.840.1.101.3.4.1.44)
+const uint8_t AES256_CFB_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2C};
+//AES256-GCM OID (2.16.840.1.101.3.4.1.46)
+const uint8_t AES256_GCM_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2E};
+//AES256-CCM OID (2.16.840.1.101.3.4.1.47)
+const uint8_t AES256_CCM_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2F};
+
+//Common interface for encryption algorithms
+const CipherAlgo aesCipherAlgo =
+{
+   "AES",
+   sizeof(AesContext),
+   CIPHER_ALGO_TYPE_BLOCK,
+   AES_BLOCK_SIZE,
+   (CipherAlgoInit) aesInit,
+   NULL,
+   NULL,
+   (CipherAlgoEncryptBlock) aesEncryptBlock,
+   (CipherAlgoDecryptBlock) aesDecryptBlock,
+   (CipherAlgoDeinit) aesDeinit
+};
+
+
+/**
+ * @brief Key expansion
+ * @param[in] context Pointer to the AES context to initialize
+ * @param[in] key Pointer to the key
+ * @param[in] keyLen Length of the key
+ * @return Error code
+ **/
+
+__weak_func error_t aesInit(AesContext *context, const uint8_t *key,
+   size_t keyLen)
+{
+   uint_t i;
+   uint32_t temp;
+   size_t keyScheduleSize;
+
+   //Check parameters
+   if(context == NULL || key == NULL)
+      return ERROR_INVALID_PARAMETER;
+
+   //Check the length of the key
+   if(keyLen == 16)
+   {
+      //10 rounds are required for 128-bit key
+      context->nr = 10;
+   }
+   else if(keyLen == 24)
+   {
+      //12 rounds are required for 192-bit key
+      context->nr = 12;
+   }
+   else if(keyLen == 32)
+   {
+      //14 rounds are required for 256-bit key
+      context->nr = 14;
+   }
+   else
+   {
+      //Report an error
+      return ERROR_INVALID_KEY_LENGTH;
+   }
+
+   //Determine the number of 32-bit words in the key
+   keyLen /= 4;
+
+   //Copy the original key
+   for(i = 0; i < keyLen; i++)
+   {
+      context->ek[i] = LOAD32LE(key + (i * 4));
+   }
+
+   //The size of the key schedule depends on the number of rounds
+   keyScheduleSize = 4 * (context->nr + 1);
+
+   //Generate the key schedule (encryption)
+   for(i = keyLen; i < keyScheduleSize; i++)
+   {
+      //Save previous word
+      temp = context->ek[i - 1];
+
+      //Apply transformation
+      if((i % keyLen) == 0)
+      {
+         context->ek[i] = sbox[(temp >> 8) & 0xFF];
+         context->ek[i] |= (sbox[(temp >> 16) & 0xFF] << 8);
+         context->ek[i] |= (sbox[(temp >> 24) & 0xFF] << 16);
+         context->ek[i] |= (sbox[temp & 0xFF] << 24);
+         context->ek[i] ^= rcon[i / keyLen];
+      }
+      else if(keyLen > 6 && (i % keyLen) == 4)
+      {
+         context->ek[i] = sbox[temp & 0xFF];
+         context->ek[i] |= (sbox[(temp >> 8) & 0xFF] << 8);
+         context->ek[i] |= (sbox[(temp >> 16) & 0xFF] << 16);
+         context->ek[i] |= (sbox[(temp >> 24) & 0xFF] << 24);
+      }
+      else
+      {
+         context->ek[i] = temp;
+      }
+
+      //Update the key schedule
+      context->ek[i] ^= context->ek[i - keyLen];
+   }
+
+   //Generate the key schedule (decryption)
+   for(i = 0; i < keyScheduleSize; i++)
+   {
+      //Apply the InvMixColumns transformation to all round keys but the first
+      //and the last
+      if(i < 4 || i >= (keyScheduleSize - 4))
+      {
+         context->dk[i] = context->ek[i];
+      }
+      else
+      {
+         context->dk[i] = td[sbox[context->ek[i] & 0xFF]];
+         temp = td[sbox[(context->ek[i] >> 8) & 0xFF]];
+         context->dk[i] ^= ROL32(temp, 8);
+         temp = td[sbox[(context->ek[i] >> 16) & 0xFF]];
+         context->dk[i] ^= ROL32(temp, 16);
+         temp = td[sbox[(context->ek[i] >> 24) & 0xFF]];
+         context->dk[i] ^= ROL32(temp, 24);
+      }
+   }
+
+   //No error to report
+   return NO_ERROR;
+}
+
+
+/**
+ * @brief Encrypt a 16-byte block using AES algorithm
+ * @param[in] context Pointer to the AES context
+ * @param[in] input Plaintext block to encrypt
+ * @param[out] output Ciphertext block resulting from encryption
+ **/
+
+__weak_func void aesEncryptBlock(AesContext *context, const uint8_t *input,
+   uint8_t *output)
+{
+   uint_t i;
+   uint32_t s0;
+   uint32_t s1;
+   uint32_t s2;
+   uint32_t s3;
+   uint32_t t0;
+   uint32_t t1;
+   uint32_t t2;
+   uint32_t t3;
+   uint32_t temp;
+
+   //Copy the plaintext to the state array
+   s0 = LOAD32LE(input + 0);
+   s1 = LOAD32LE(input + 4);
+   s2 = LOAD32LE(input + 8);
+   s3 = LOAD32LE(input + 12);
+
+   //Initial round key addition
+   s0 ^= context->ek[0];
+   s1 ^= context->ek[1];
+   s2 ^= context->ek[2];
+   s3 ^= context->ek[3];
+
+   //The number of rounds depends on the key length
+   for(i = 1; i < context->nr; i++)
+   {
+      //Apply round function
+      t0 = te[s0 & 0xFF];
+      temp = te[(s1 >> 8) & 0xFF];
+      t0 ^= ROL32(temp, 8);
+      temp = te[(s2 >> 16) & 0xFF];
+      t0 ^= ROL32(temp, 16);
+      temp = te[(s3 >> 24) & 0xFF];
+      t0 ^= ROL32(temp, 24);
+
+      t1 = te[s1 & 0xFF];
+      temp = te[(s2 >> 8) & 0xFF];
+      t1 ^= ROL32(temp, 8);
+      temp = te[(s3 >> 16) & 0xFF];
+      t1 ^= ROL32(temp, 16);
+      temp = te[(s0 >> 24) & 0xFF];
+      t1 ^= ROL32(temp, 24);
+
+      t2 = te[s2 & 0xFF];
+      temp = te[(s3 >> 8) & 0xFF];
+      t2 ^= ROL32(temp, 8);
+      temp = te[(s0 >> 16) & 0xFF];
+      t2 ^= ROL32(temp, 16);
+      temp = te[(s1 >> 24) & 0xFF];
+      t2 ^= ROL32(temp, 24);
+
+      t3 = te[s3 & 0xFF];
+      temp = te[(s0 >> 8) & 0xFF];
+      t3 ^= ROL32(temp, 8);
+      temp = te[(s1 >> 16) & 0xFF];
+      t3 ^= ROL32(temp, 16);
+      temp = te[(s2 >> 24) & 0xFF];
+      t3 ^= ROL32(temp, 24);
+
+      //Round key addition
+      s0 = t0 ^ context->ek[i * 4];
+      s1 = t1 ^ context->ek[i * 4 + 1];
+      s2 = t2 ^ context->ek[i * 4 + 2];
+      s3 = t3 ^ context->ek[i * 4 + 3];
+   }
+
+   //The last round differs slightly from the first rounds
+   t0 = sbox[s0 & 0xFF];
+   t0 |= sbox[(s1 >> 8) & 0xFF] << 8;
+   t0 |= sbox[(s2 >> 16) & 0xFF] << 16;
+   t0 |= sbox[(s3 >> 24) & 0xFF] << 24;
+
+   t1 = sbox[s1 & 0xFF];
+   t1 |= sbox[(s2 >> 8) & 0xFF] << 8;
+   t1 |= sbox[(s3 >> 16) & 0xFF] << 16;
+   t1 |= sbox[(s0 >> 24) & 0xFF] << 24;
+
+   t2 = sbox[s2 & 0xFF];
+   t2 |= sbox[(s3 >> 8) & 0xFF] << 8;
+   t2 |= sbox[(s0 >> 16) & 0xFF] << 16;
+   t2 |= sbox[(s1 >> 24) & 0xFF] << 24;
+
+   t3 = sbox[s3 & 0xFF];
+   t3 |= sbox[(s0 >> 8) & 0xFF] << 8;
+   t3 |= sbox[(s1 >> 16) & 0xFF] << 16;
+   t3 |= sbox[(s2 >> 24) & 0xFF] << 24;
+
+   //Last round key addition
+   s0 = t0 ^ context->ek[context->nr * 4];
+   s1 = t1 ^ context->ek[context->nr * 4 + 1];
+   s2 = t2 ^ context->ek[context->nr * 4 + 2];
+   s3 = t3 ^ context->ek[context->nr * 4 + 3];
+
+   //The final state is then copied to the output
+   STORE32LE(s0, output + 0);
+   STORE32LE(s1, output + 4);
+   STORE32LE(s2, output + 8);
+   STORE32LE(s3, output + 12);
+}
+
+
+/**
+ * @brief Decrypt a 16-byte block using AES algorithm
+ * @param[in] context Pointer to the AES context
+ * @param[in] input Ciphertext block to decrypt
+ * @param[out] output Plaintext block resulting from decryption
+ **/
+
+__weak_func void aesDecryptBlock(AesContext *context, const uint8_t *input,
+   uint8_t *output)
+{
+   uint_t i;
+   uint32_t s0;
+   uint32_t s1;
+   uint32_t s2;
+   uint32_t s3;
+   uint32_t t0;
+   uint32_t t1;
+   uint32_t t2;
+   uint32_t t3;
+   uint32_t temp;
+
+   //Copy the ciphertext to the state array
+   s0 = LOAD32LE(input + 0);
+   s1 = LOAD32LE(input + 4);
+   s2 = LOAD32LE(input + 8);
+   s3 = LOAD32LE(input + 12);
+
+   //Initial round key addition
+   s0 ^= context->dk[context->nr * 4];
+   s1 ^= context->dk[context->nr * 4 + 1];
+   s2 ^= context->dk[context->nr * 4 + 2];
+   s3 ^= context->dk[context->nr * 4 + 3];
+
+   //The number of rounds depends on the key length
+   for(i = context->nr - 1; i >= 1; i--)
+   {
+      //Apply round function
+      t0 = td[s0 & 0xFF];
+      temp = td[(s3 >> 8) & 0xFF];
+      t0 ^= ROL32(temp, 8);
+      temp = td[(s2 >> 16) & 0xFF];
+      t0 ^= ROL32(temp, 16);
+      temp = td[(s1 >> 24) & 0xFF];
+      t0 ^= ROL32(temp, 24);
+
+      t1 = td[s1 & 0xFF];
+      temp = td[(s0 >> 8) & 0xFF];
+      t1 ^= ROL32(temp, 8);
+      temp = td[(s3 >> 16) & 0xFF];
+      t1 ^= ROL32(temp, 16);
+      temp = td[(s2 >> 24) & 0xFF];
+      t1 ^= ROL32(temp, 24);
+
+      t2 = td[s2 & 0xFF];
+      temp = td[(s1 >> 8) & 0xFF];
+      t2 ^= ROL32(temp, 8);
+      temp = td[(s0 >> 16) & 0xFF];
+      t2 ^= ROL32(temp, 16);
+      temp = td[(s3 >> 24) & 0xFF];
+      t2 ^= ROL32(temp, 24);
+
+      t3 = td[s3 & 0xFF];
+      temp = td[(s2 >> 8) & 0xFF];
+      t3 ^= ROL32(temp, 8);
+      temp = td[(s1 >> 16) & 0xFF];
+      t3 ^= ROL32(temp, 16);
+      temp = td[(s0 >> 24) & 0xFF];
+      t3 ^= ROL32(temp, 24);
+
+      //Round key addition
+      s0 = t0 ^ context->dk[i * 4];
+      s1 = t1 ^ context->dk[i * 4 + 1];
+      s2 = t2 ^ context->dk[i * 4 + 2];
+      s3 = t3 ^ context->dk[i * 4 + 3];
+   }
+
+   //The last round differs slightly from the first rounds
+   t0 = isbox[s0 & 0xFF];
+   t0 |= isbox[(s3 >> 8) & 0xFF] << 8;
+   t0 |= isbox[(s2 >> 16) & 0xFF] << 16;
+   t0 |= isbox[(s1 >> 24) & 0xFF] << 24;
+
+   t1 = isbox[s1 & 0xFF];
+   t1 |= isbox[(s0 >> 8) & 0xFF] << 8;
+   t1 |= isbox[(s3 >> 16) & 0xFF] << 16;
+   t1 |= isbox[(s2 >> 24) & 0xFF] << 24;
+
+   t2 = isbox[s2 & 0xFF];
+   t2 |= isbox[(s1 >> 8) & 0xFF] << 8;
+   t2 |= isbox[(s0 >> 16) & 0xFF] << 16;
+   t2 |= isbox[(s3 >> 24) & 0xFF] << 24;
+
+   t3 = isbox[s3 & 0xFF];
+   t3 |= isbox[(s2 >> 8) & 0xFF] << 8;
+   t3 |= isbox[(s1 >> 16) & 0xFF] << 16;
+   t3 |= isbox[(s0 >> 24) & 0xFF] << 24;
+
+   //Last round key addition
+   s0 = t0 ^ context->dk[0];
+   s1 = t1 ^ context->dk[1];
+   s2 = t2 ^ context->dk[2];
+   s3 = t3 ^ context->dk[3];
+
+   //The final state is then copied to the output
+   STORE32LE(s0, output + 0);
+   STORE32LE(s1, output + 4);
+   STORE32LE(s2, output + 8);
+   STORE32LE(s3, output + 12);
+}
+
+
+/**
+ * @brief Release AES context
+ * @param[in] context Pointer to the AES context
+ **/
+
+__weak_func void aesDeinit(AesContext *context)
+{
+   //Clear AES context
+   osMemset(context, 0, sizeof(AesContext));
+}
+
+#endif

deps/cyclone/cpu_endian.c

@@ -0,0 +1,151 @@
+/**
+ * @file cpu_endian.c
+ * @brief Byte order conversion
+ *
+ * @section License
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * @author Oryx Embedded SARL (www.oryx-embedded.com)
+ * @version 2.4.4
+ **/
+
+//Dependencies
+#include "cpu_endian.h"
+
+
+/**
+ * @brief Reverse the byte order of a 16-bit word
+ * @param[in] value 16-bit value
+ * @return 16-bit value with byte order swapped
+ **/
+
+uint16_t swapInt16(uint16_t value)
+{
+   return SWAPINT16(value);
+}
+
+
+/**
+ * @brief Reverse the byte order of a 32-bit word
+ * @param[in] value 32-bit value
+ * @return 32-bit value with byte order swapped
+ **/
+
+uint32_t swapInt32(uint32_t value)
+{
+   return SWAPINT32(value);
+}
+
+
+/**
+ * @brief Reverse the byte order of a 64-bit word
+ * @param[in] value 64-bit value
+ * @return 64-bit value with byte order swapped
+ **/
+
+uint64_t swapInt64(uint64_t value)
+{
+   return SWAPINT64(value);
+}
+
+
+/**
+ * @brief Reverse bit order in a 4-bit word
+ * @param[in] value 4-bit value
+ * @return 4-bit value with bit order reversed
+ **/
+
+uint8_t reverseInt4(uint8_t value)
+{
+   value = ((value & 0x0C) >> 2) | ((value & 0x03) << 2);
+   value = ((value & 0x0A) >> 1) | ((value & 0x05) << 1);
+
+   return value;
+}
+
+
+/**
+ * @brief Reverse bit order in a byte
+ * @param[in] value 8-bit value
+ * @return 8-bit value with bit order reversed
+ **/
+
+uint8_t reverseInt8(uint8_t value)
+{
+   value = ((value & 0xF0) >> 4) | ((value & 0x0F) << 4);
+   value = ((value & 0xCC) >> 2) | ((value & 0x33) << 2);
+   value = ((value & 0xAA) >> 1) | ((value & 0x55) << 1);
+
+   return value;
+}
+
+
+/**
+ * @brief Reverse bit order in a 16-bit word
+ * @param[in] value 16-bit value
+ * @return 16-bit value with bit order reversed
+ **/
+
+uint16_t reverseInt16(uint16_t value)
+{
+   value = ((value & 0xFF00) >> 8) | ((value & 0x00FF) << 8);
+   value = ((value & 0xF0F0) >> 4) | ((value & 0x0F0F) << 4);
+   value = ((value & 0xCCCC) >> 2) | ((value & 0x3333) << 2);
+   value = ((value & 0xAAAA) >> 1) | ((value & 0x5555) << 1);
+
+   return value;
+}
+
+
+/**
+ * @brief Reverse bit order in a 32-bit word
+ * @param[in] value 32-bit value
+ * @return 32-bit value with bit order reversed
+ **/
+
+uint32_t reverseInt32(uint32_t value)
+{
+   value = ((value & 0xFFFF0000UL) >> 16) | ((value & 0x0000FFFFUL) << 16);
+   value = ((value & 0xFF00FF00UL) >> 8) | ((value & 0x00FF00FFUL) << 8);
+   value = ((value & 0xF0F0F0F0UL) >> 4) | ((value & 0x0F0F0F0FUL) << 4);
+   value = ((value & 0xCCCCCCCCUL) >> 2) | ((value & 0x33333333UL) << 2);
+   value = ((value & 0xAAAAAAAAUL) >> 1) | ((value & 0x55555555UL) << 1);
+
+   return value;
+}
+
+
+/**
+ * @brief Reverse bit order in a 64-bit word
+ * @param[in] value 64-bit value
+ * @return 64-bit value with bit order reversed
+ **/
+
+uint64_t reverseInt64(uint64_t value)
+{
+   value = ((value & 0xFFFFFFFF00000000ULL) >> 32) | ((value & 0x00000000FFFFFFFFULL) << 32);
+   value = ((value & 0xFFFF0000FFFF0000ULL) >> 16) | ((value & 0x0000FFFF0000FFFFULL) << 16);
+   value = ((value & 0xFF00FF00FF00FF00ULL) >> 8) | ((value & 0x00FF00FF00FF00FFULL) << 8);
+   value = ((value & 0xF0F0F0F0F0F0F0F0ULL) >> 4) | ((value & 0x0F0F0F0F0F0F0F0FULL) << 4);
+   value = ((value & 0xCCCCCCCCCCCCCCCCULL) >> 2) | ((value & 0x3333333333333333ULL) << 2);
+   value = ((value & 0xAAAAAAAAAAAAAAAAULL) >> 1) | ((value & 0x5555555555555555ULL) << 1);
+
+   return value;
+}

deps/cyclone/ecb.c

@@ -0,0 +1,116 @@
+/**
+ * @file ecb.c
+ * @brief Electronic Codebook (ECB) mode
+ *
+ * @section License
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
+ *
+ * This file is part of CycloneCRYPTO Open.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * @section Description
+ *
+ * The Electronic Codebook (ECB) mode is a confidentiality mode that features,
+ * for a given key, the assignment of a fixed ciphertext block to each
+ * plaintext block, analogous to the assignment of code words in a codebook.
+ * Refer to SP 800-38A for more details
+ *
+ * @author Oryx Embedded SARL (www.oryx-embedded.com)
+ * @version 2.4.4
+ **/
+
+//Switch to the appropriate trace level
+#define TRACE_LEVEL CRYPTO_TRACE_LEVEL
+
+//Dependencies
+#include "core/crypto.h"
+#include "cipher_modes/ecb.h"
+
+//Check crypto library configuration
+#if (ECB_SUPPORT == ENABLED)
+
+
+/**
+ * @brief ECB encryption
+ * @param[in] cipher Cipher algorithm
+ * @param[in] context Cipher algorithm context
+ * @param[in] p Plaintext to be encrypted
+ * @param[out] c Ciphertext resulting from the encryption
+ * @param[in] length Total number of data bytes to be encrypted
+ * @return Error code
+ **/
+
+__weak_func error_t ecbEncrypt(const CipherAlgo *cipher, void *context,
+   const uint8_t *p, uint8_t *c, size_t length)
+{
+   //ECB mode operates in a block-by-block fashion
+   while(length >= cipher->blockSize)
+   {
+      //Encrypt current block
+      cipher->encryptBlock(context, p, c);
+
+      //Next block
+      p += cipher->blockSize;
+      c += cipher->blockSize;
+      length -= cipher->blockSize;
+   }
+
+   //The plaintext must be a multiple of the block size
+   if(length != 0)
+      return ERROR_INVALID_LENGTH;
+
+   //Successful encryption
+   return NO_ERROR;
+}
+
+
+/**
+ * @brief ECB decryption
+ * @param[in] cipher Cipher algorithm
+ * @param[in] context Cipher algorithm context
+ * @param[in] c Ciphertext to be decrypted
+ * @param[out] p Plaintext resulting from the decryption
+ * @param[in] length Total number of data bytes to be decrypted
+ * @return Error code
+ **/
+
+__weak_func error_t ecbDecrypt(const CipherAlgo *cipher, void *context,
+   const uint8_t *c, uint8_t *p, size_t length)
+{
+   //ECB mode operates in a block-by-block fashion
+   while(length >= cipher->blockSize)
+   {
+      //Decrypt current block
+      cipher->decryptBlock(context, c, p);
+
+      //Next block
+      c += cipher->blockSize;
+      p += cipher->blockSize;
+      length -= cipher->blockSize;
+   }
+
+   //The ciphertext must be a multiple of the block size
+   if(length != 0)
+      return ERROR_INVALID_LENGTH;
+
+   //Successful encryption
+   return NO_ERROR;
+}
+
+#endif

deps/cyclone/gcm.c

@@ -0,0 +1,629 @@
+/**
+ * @file gcm.c
+ * @brief Galois/Counter Mode (GCM)
+ *
+ * @section License
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
+ *
+ * This file is part of CycloneCRYPTO Open.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * @section Description
+ *
+ * The Galois/Counter Mode (GCM) is an authenticated encryption algorithm
+ * designed to provide both data authenticity (integrity) and confidentiality.
+ * Refer to SP 800-38D for more details
+ *
+ * @author Oryx Embedded SARL (www.oryx-embedded.com)
+ * @version 2.4.4
+ **/
+
+//Switch to the appropriate trace level
+#define TRACE_LEVEL CRYPTO_TRACE_LEVEL
+
+//Dependencies
+#include "core/crypto.h"
+#include "aead/gcm.h"
+
+//Check crypto library configuration
+#if (GCM_SUPPORT == ENABLED)
+
+//Reduction table
+static const uint32_t r[GCM_TABLE_N] =
+{
+#if (GCM_TABLE_W == 4)
+   0x00000000, 0x1C200000, 0x38400000, 0x24600000, 0x70800000, 0x6CA00000, 0x48C00000, 0x54E00000,
+   0xE1000000, 0xFD200000, 0xD9400000, 0xC5600000, 0x91800000, 0x8DA00000, 0xA9C00000, 0xB5E00000
+#else
+   0x00000000, 0x01C20000, 0x03840000, 0x02460000, 0x07080000, 0x06CA0000, 0x048C0000, 0x054E0000,
+   0x0E100000, 0x0FD20000, 0x0D940000, 0x0C560000, 0x09180000, 0x08DA0000, 0x0A9C0000, 0x0B5E0000,
+   0x1C200000, 0x1DE20000, 0x1FA40000, 0x1E660000, 0x1B280000, 0x1AEA0000, 0x18AC0000, 0x196E0000,
+   0x12300000, 0x13F20000, 0x11B40000, 0x10760000, 0x15380000, 0x14FA0000, 0x16BC0000, 0x177E0000,
+   0x38400000, 0x39820000, 0x3BC40000, 0x3A060000, 0x3F480000, 0x3E8A0000, 0x3CCC0000, 0x3D0E0000,
+   0x36500000, 0x37920000, 0x35D40000, 0x34160000, 0x31580000, 0x309A0000, 0x32DC0000, 0x331E0000,
+   0x24600000, 0x25A20000, 0x27E40000, 0x26260000, 0x23680000, 0x22AA0000, 0x20EC0000, 0x212E0000,
+   0x2A700000, 0x2BB20000, 0x29F40000, 0x28360000, 0x2D780000, 0x2CBA0000, 0x2EFC0000, 0x2F3E0000,
+   0x70800000, 0x71420000, 0x73040000, 0x72C60000, 0x77880000, 0x764A0000, 0x740C0000, 0x75CE0000,
+   0x7E900000, 0x7F520000, 0x7D140000, 0x7CD60000, 0x79980000, 0x785A0000, 0x7A1C0000, 0x7BDE0000,
+   0x6CA00000, 0x6D620000, 0x6F240000, 0x6EE60000, 0x6BA80000, 0x6A6A0000, 0x682C0000, 0x69EE0000,
+   0x62B00000, 0x63720000, 0x61340000, 0x60F60000, 0x65B80000, 0x647A0000, 0x663C0000, 0x67FE0000,
+   0x48C00000, 0x49020000, 0x4B440000, 0x4A860000, 0x4FC80000, 0x4E0A0000, 0x4C4C0000, 0x4D8E0000,
+   0x46D00000, 0x47120000, 0x45540000, 0x44960000, 0x41D80000, 0x401A0000, 0x425C0000, 0x439E0000,
+   0x54E00000, 0x55220000, 0x57640000, 0x56A60000, 0x53E80000, 0x522A0000, 0x506C0000, 0x51AE0000,
+   0x5AF00000, 0x5B320000, 0x59740000, 0x58B60000, 0x5DF80000, 0x5C3A0000, 0x5E7C0000, 0x5FBE0000,
+   0xE1000000, 0xE0C20000, 0xE2840000, 0xE3460000, 0xE6080000, 0xE7CA0000, 0xE58C0000, 0xE44E0000,
+   0xEF100000, 0xEED20000, 0xEC940000, 0xED560000, 0xE8180000, 0xE9DA0000, 0xEB9C0000, 0xEA5E0000,
+   0xFD200000, 0xFCE20000, 0xFEA40000, 0xFF660000, 0xFA280000, 0xFBEA0000, 0xF9AC0000, 0xF86E0000,
+   0xF3300000, 0xF2F20000, 0xF0B40000, 0xF1760000, 0xF4380000, 0xF5FA0000, 0xF7BC0000, 0xF67E0000,
+   0xD9400000, 0xD8820000, 0xDAC40000, 0xDB060000, 0xDE480000, 0xDF8A0000, 0xDDCC0000, 0xDC0E0000,
+   0xD7500000, 0xD6920000, 0xD4D40000, 0xD5160000, 0xD0580000, 0xD19A0000, 0xD3DC0000, 0xD21E0000,
+   0xC5600000, 0xC4A20000, 0xC6E40000, 0xC7260000, 0xC2680000, 0xC3AA0000, 0xC1EC0000, 0xC02E0000,
+   0xCB700000, 0xCAB20000, 0xC8F40000, 0xC9360000, 0xCC780000, 0xCDBA0000, 0xCFFC0000, 0xCE3E0000,
+   0x91800000, 0x90420000, 0x92040000, 0x93C60000, 0x96880000, 0x974A0000, 0x950C0000, 0x94CE0000,
+   0x9F900000, 0x9E520000, 0x9C140000, 0x9DD60000, 0x98980000, 0x995A0000, 0x9B1C0000, 0x9ADE0000,
+   0x8DA00000, 0x8C620000, 0x8E240000, 0x8FE60000, 0x8AA80000, 0x8B6A0000, 0x892C0000, 0x88EE0000,
+   0x83B00000, 0x82720000, 0x80340000, 0x81F60000, 0x84B80000, 0x857A0000, 0x873C0000, 0x86FE0000,
+   0xA9C00000, 0xA8020000, 0xAA440000, 0xAB860000, 0xAEC80000, 0xAF0A0000, 0xAD4C0000, 0xAC8E0000,
+   0xA7D00000, 0xA6120000, 0xA4540000, 0xA5960000, 0xA0D80000, 0xA11A0000, 0xA35C0000, 0xA29E0000,
+   0xB5E00000, 0xB4220000, 0xB6640000, 0xB7A60000, 0xB2E80000, 0xB32A0000, 0xB16C0000, 0xB0AE0000,
+   0xBBF00000, 0xBA320000, 0xB8740000, 0xB9B60000, 0xBCF80000, 0xBD3A0000, 0xBF7C0000, 0xBEBE0000
+#endif
+};
+
+
+/**
+ * @brief Initialize GCM context
+ * @param[in] context Pointer to the GCM context
+ * @param[in] cipherAlgo Cipher algorithm
+ * @param[in] cipherContext Pointer to the cipher algorithm context
+ * @return Error code
+ **/
+
+__weak_func error_t gcmInit(GcmContext *context, const CipherAlgo *cipherAlgo,
+   void *cipherContext)
+{
+   uint_t i;
+   uint_t j;
+   uint32_t c;
+   uint32_t h[4];
+
+   //Check parameters
+   if(context == NULL || cipherAlgo == NULL || cipherContext == NULL)
+      return ERROR_INVALID_PARAMETER;
+
+   //GCM supports only symmetric block ciphers whose block size is 128 bits
+   if(cipherAlgo->type != CIPHER_ALGO_TYPE_BLOCK || cipherAlgo->blockSize != 16)
+      return ERROR_INVALID_PARAMETER;
+
+   //Save cipher algorithm context
+   context->cipherAlgo = cipherAlgo;
+   context->cipherContext = cipherContext;
+
+   //Let H = 0
+   h[0] = 0;
+   h[1] = 0;
+   h[2] = 0;
+   h[3] = 0;
+
+   //Generate the hash subkey H
+   context->cipherAlgo->encryptBlock(context->cipherContext, (uint8_t *) h,
+      (uint8_t *) h);
+
+   //Pre-compute M(0) = H * 0
+   j = GCM_REVERSE_BITS(0);
+   context->m[j][0] = 0;
+   context->m[j][1] = 0;
+   context->m[j][2] = 0;
+   context->m[j][3] = 0;
+
+   //Pre-compute M(1) = H * 1
+   j = GCM_REVERSE_BITS(1);
+   context->m[j][0] = betoh32(h[3]);
+   context->m[j][1] = betoh32(h[2]);
+   context->m[j][2] = betoh32(h[1]);
+   context->m[j][3] = betoh32(h[0]);
+
+   //Pre-compute all multiples of H (Shoup's method)
+   for(i = 2; i < GCM_TABLE_N; i++)
+   {
+      //Odd value?
+      if((i & 1) != 0)
+      {
+         //Compute M(i) = M(i - 1) + H
+         j = GCM_REVERSE_BITS(i - 1);
+         h[0] = context->m[j][0];
+         h[1] = context->m[j][1];
+         h[2] = context->m[j][2];
+         h[3] = context->m[j][3];
+
+         //An addition in GF(2^128) is identical to a bitwise exclusive-OR
+         //operation
+         j = GCM_REVERSE_BITS(1);
+         h[0] ^= context->m[j][0];
+         h[1] ^= context->m[j][1];
+         h[2] ^= context->m[j][2];
+         h[3] ^= context->m[j][3];
+      }
+      else
+      {
+         //Compute M(i) = M(i / 2) * x
+         j = GCM_REVERSE_BITS(i / 2);
+         h[0] = context->m[j][0];
+         h[1] = context->m[j][1];
+         h[2] = context->m[j][2];
+         h[3] = context->m[j][3];
+
+         //The multiplication of a polynomial by x in GF(2^128) corresponds
+         //to a shift of indices
+         c = h[0] & 0x01;
+         h[0] = (h[0] >> 1) | (h[1] << 31);
+         h[1] = (h[1] >> 1) | (h[2] << 31);
+         h[2] = (h[2] >> 1) | (h[3] << 31);
+         h[3] >>= 1;
+
+         //If the highest term of the result is equal to one, then perform
+         //reduction
+         h[3] ^= r[GCM_REVERSE_BITS(1)] & ~(c - 1);
+      }
+
+      //Save M(i)
+      j = GCM_REVERSE_BITS(i);
+      context->m[j][0] = h[0];
+      context->m[j][1] = h[1];
+      context->m[j][2] = h[2];
+      context->m[j][3] = h[3];
+   }
+
+   //Successful initialization
+   return NO_ERROR;
+}
+
+
+/**
+ * @brief Authenticated encryption using GCM
+ * @param[in] context Pointer to the GCM context
+ * @param[in] iv Initialization vector
+ * @param[in] ivLen Length of the initialization vector
+ * @param[in] a Additional authenticated data
+ * @param[in] aLen Length of the additional data
+ * @param[in] p Plaintext to be encrypted
+ * @param[out] c Ciphertext resulting from the encryption
+ * @param[in] length Total number of data bytes to be encrypted
+ * @param[out] t Authentication tag
+ * @param[in] tLen Length of the authentication tag
+ * @return Error code
+ **/
+
+__weak_func error_t gcmEncrypt(GcmContext *context, const uint8_t *iv,
+   size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *p,
+   uint8_t *c, size_t length, uint8_t *t, size_t tLen)
+{
+   size_t k;
+   size_t n;
+   uint8_t b[16];
+   uint8_t j[16];
+   uint8_t s[16];
+
+   //Make sure the GCM context is valid
+   if(context == NULL)
+      return ERROR_INVALID_PARAMETER;
+
+   //The length of the IV shall meet SP 800-38D requirements
+   if(ivLen < 1)
+      return ERROR_INVALID_LENGTH;
+
+   //Check the length of the authentication tag
+   if(tLen < 4 || tLen > 16)
+      return ERROR_INVALID_LENGTH;
+
+   //Check whether the length of the IV is 96 bits
+   if(ivLen == 12)
+   {
+      //When the length of the IV is 96 bits, the padding string is appended
+      //to the IV to form the pre-counter block
+      osMemcpy(j, iv, 12);
+      STORE32BE(1, j + 12);
+   }
+   else
+   {
+      //Initialize GHASH calculation
+      osMemset(j, 0, 16);
+
+      //Length of the IV
+      n = ivLen;
+
+      //Process the initialization vector
+      while(n > 0)
+      {
+         //The IV is processed in a block-by-block fashion
+         k = MIN(n, 16);
+
+         //Apply GHASH function
+         gcmXorBlock(j, j, iv, k);
+         gcmMul(context, j);
+
+         //Next block
+         iv += k;
+         n -= k;
+      }
+
+      //The string is appended with 64 additional 0 bits, followed by the
+      //64-bit representation of the length of the IV
+      osMemset(b, 0, 8);
+      STORE64BE(ivLen * 8, b + 8);
+
+      //The GHASH function is applied to the resulting string to form the
+      //pre-counter block
+      gcmXorBlock(j, j, b, 16);
+      gcmMul(context, j);
+   }
+
+   //Compute MSB(CIPH(J(0)))
+   context->cipherAlgo->encryptBlock(context->cipherContext, j, b);
+   osMemcpy(t, b, tLen);
+
+   //Initialize GHASH calculation
+   osMemset(s, 0, 16);
+   //Length of the AAD
+   n = aLen;
+
+   //Process AAD
+   while(n > 0)
+   {
+      //Additional data are processed in a block-by-block fashion
+      k = MIN(n, 16);
+
+      //Apply GHASH function
+      gcmXorBlock(s, s, a, k);
+      gcmMul(context, s);
+
+      //Next block
+      a += k;
+      n -= k;
+   }
+
+   //Length of the plaintext
+   n = length;
+
+   //Process plaintext
+   while(n > 0)
+   {
+      //The encryption operates in a block-by-block fashion
+      k = MIN(n, 16);
+
+      //Increment counter
+      gcmIncCounter(j);
+
+      //Encrypt plaintext
+      context->cipherAlgo->encryptBlock(context->cipherContext, j, b);
+      gcmXorBlock(c, p, b, k);
+
+      //Apply GHASH function
+      gcmXorBlock(s, s, c, k);
+      gcmMul(context, s);
+
+      //Next block
+      p += k;
+      c += k;
+      n -= k;
+   }
+
+   //Append the 64-bit representation of the length of the AAD and the
+   //ciphertext
+   STORE64BE(aLen * 8, b);
+   STORE64BE(length * 8, b + 8);
+
+   //The GHASH function is applied to the result to produce a single output
+   //block S
+   gcmXorBlock(s, s, b, 16);
+   gcmMul(context, s);
+
+   //Let T = MSB(GCTR(J(0), S)
+   gcmXorBlock(t, t, s, tLen);
+
+   //Successful encryption
+   return NO_ERROR;
+}
+
+
+/**
+ * @brief Authenticated decryption using GCM
+ * @param[in] context Pointer to the GCM context
+ * @param[in] iv Initialization vector
+ * @param[in] ivLen Length of the initialization vector
+ * @param[in] a Additional authenticated data
+ * @param[in] aLen Length of the additional data
+ * @param[in] c Ciphertext to be decrypted
+ * @param[out] p Plaintext resulting from the decryption
+ * @param[in] length Total number of data bytes to be decrypted
+ * @param[in] t Authentication tag
+ * @param[in] tLen Length of the authentication tag
+ * @return Error code
+ **/
+
+__weak_func error_t gcmDecrypt(GcmContext *context, const uint8_t *iv,
+   size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *c,
+   uint8_t *p, size_t length, const uint8_t *t, size_t tLen)
+{
+   uint8_t mask;
+   size_t k;
+   size_t n;
+   uint8_t b[16];
+   uint8_t j[16];
+   uint8_t r[16];
+   uint8_t s[16];
+
+   //Make sure the GCM context is valid
+   if(context == NULL)
+      return ERROR_INVALID_PARAMETER;
+
+   //The length of the IV shall meet SP 800-38D requirements
+   if(ivLen < 1)
+      return ERROR_INVALID_LENGTH;
+
+   //Check the length of the authentication tag
+   if(tLen < 4 || tLen > 16)
+      return ERROR_INVALID_LENGTH;
+
+   //Check whether the length of the IV is 96 bits
+   if(ivLen == 12)
+   {
+      //When the length of the IV is 96 bits, the padding string is appended
+      //to the IV to form the pre-counter block
+      osMemcpy(j, iv, 12);
+      STORE32BE(1, j + 12);
+   }
+   else
+   {
+      //Initialize GHASH calculation
+      osMemset(j, 0, 16);
+
+      //Length of the IV
+      n = ivLen;
+
+      //Process the initialization vector
+      while(n > 0)
+      {
+         //The IV is processed in a block-by-block fashion
+         k = MIN(n, 16);
+
+         //Apply GHASH function
+         gcmXorBlock(j, j, iv, k);
+         gcmMul(context, j);
+
+         //Next block
+         iv += k;
+         n -= k;
+      }
+
+      //The string is appended with 64 additional 0 bits, followed by the
+      //64-bit representation of the length of the IV
+      osMemset(b, 0, 8);
+      STORE64BE(ivLen * 8, b + 8);
+
+      //The GHASH function is applied to the resulting string to form the
+      //pre-counter block
+      gcmXorBlock(j, j, b, 16);
+      gcmMul(context, j);
+   }
+
+   //Compute MSB(CIPH(J(0)))
+   context->cipherAlgo->encryptBlock(context->cipherContext, j, b);
+   osMemcpy(r, b, tLen);
+
+   //Initialize GHASH calculation
+   osMemset(s, 0, 16);
+   //Length of the AAD
+   n = aLen;
+
+   //Process AAD
+   while(n > 0)
+   {
+      //Additional data are processed in a block-by-block fashion
+      k = MIN(n, 16);
+
+      //Apply GHASH function
+      gcmXorBlock(s, s, a, k);
+      gcmMul(context, s);
+
+      //Next block
+      a += k;
+      n -= k;
+   }
+
+   //Length of the ciphertext
+   n = length;
+
+   //Process ciphertext
+   while(n > 0)
+   {
+      //The decryption operates in a block-by-block fashion
+      k = MIN(n, 16);
+
+      //Apply GHASH function
+      gcmXorBlock(s, s, c, k);
+      gcmMul(context, s);
+
+      //Increment counter
+      gcmIncCounter(j);
+
+      //Decrypt ciphertext
+      context->cipherAlgo->encryptBlock(context->cipherContext, j, b);
+      gcmXorBlock(p, c, b, k);
+
+      //Next block
+      c += k;
+      p += k;
+      n -= k;
+   }
+
+   //Append the 64-bit representation of the length of the AAD and the
+   //ciphertext
+   STORE64BE(aLen * 8, b);
+   STORE64BE(length * 8, b + 8);
+
+   //The GHASH function is applied to the result to produce a single output
+   //block S
+   gcmXorBlock(s, s, b, 16);
+   gcmMul(context, s);
+
+   //Let R = MSB(GCTR(J(0), S))
+   gcmXorBlock(r, r, s, tLen);
+
+   //The calculated tag is bitwise compared to the received tag. The message
+   //is authenticated if and only if the tags match
+   for(mask = 0, n = 0; n < tLen; n++)
+   {
+      mask |= r[n] ^ t[n];
+   }
+
+   //Return status code
+   return (mask == 0) ? NO_ERROR : ERROR_FAILURE;
+}
+
+
+/**
+ * @brief Multiplication operation in GF(2^128)
+ * @param[in] context Pointer to the GCM context
+ * @param[in, out] x 16-byte block to be multiplied by H
+ **/
+
+__weak_func void gcmMul(GcmContext *context, uint8_t *x)
+{
+   int_t i;
+   uint8_t b;
+   uint8_t c;
+   uint32_t z[4];
+
+   //Let Z = 0
+   z[0] = 0;
+   z[1] = 0;
+   z[2] = 0;
+   z[3] = 0;
+
+   //Fast table-driven implementation (Shoup's method)
+   for(i = 15; i >= 0; i--)
+   {
+#if (GCM_TABLE_W == 4)
+      //Get the lower nibble
+      b = x[i] & 0x0F;
+
+      //Multiply 4 bits at a time
+      c = z[0] & 0x0F;
+      z[0] = (z[0] >> 4) | (z[1] << 28);
+      z[1] = (z[1] >> 4) | (z[2] << 28);
+      z[2] = (z[2] >> 4) | (z[3] << 28);
+      z[3] >>= 4;
+
+      z[0] ^= context->m[b][0];
+      z[1] ^= context->m[b][1];
+      z[2] ^= context->m[b][2];
+      z[3] ^= context->m[b][3];
+
+      //Perform reduction
+      z[3] ^= r[c];
+
+      //Get the upper nibble
+      b = (x[i] >> 4) & 0x0F;
+
+      //Multiply 4 bits at a time
+      c = z[0] & 0x0F;
+      z[0] = (z[0] >> 4) | (z[1] << 28);
+      z[1] = (z[1] >> 4) | (z[2] << 28);
+      z[2] = (z[2] >> 4) | (z[3] << 28);
+      z[3] >>= 4;
+
+      z[0] ^= context->m[b][0];
+      z[1] ^= context->m[b][1];
+      z[2] ^= context->m[b][2];
+      z[3] ^= context->m[b][3];
+
+      //Perform reduction
+      z[3] ^= r[c];
+#else
+      //Get current byte
+      b = x[i];
+
+      //Multiply 8 bits at a time
+      c = z[0] & 0xFF;
+      z[0] = (z[0] >> 8) | (z[1] << 24);
+      z[1] = (z[1] >> 8) | (z[2] << 24);
+      z[2] = (z[2] >> 8) | (z[3] << 24);
+      z[3] >>= 8;
+
+      z[0] ^= context->m[b][0];
+      z[1] ^= context->m[b][1];
+      z[2] ^= context->m[b][2];
+      z[3] ^= context->m[b][3];
+
+      //Perform reduction
+      z[3] ^= r[c];
+#endif
+   }
+
+   //Save the result
+   STORE32BE(z[3], x);
+   STORE32BE(z[2], x + 4);
+   STORE32BE(z[1], x + 8);
+   STORE32BE(z[0], x + 12);
+}
+
+
+/**
+ * @brief XOR operation
+ * @param[out] x Block resulting from the XOR operation
+ * @param[in] a First block
+ * @param[in] b Second block
+ * @param[in] n Size of the block
+ **/
+
+void gcmXorBlock(uint8_t *x, const uint8_t *a, const uint8_t *b, size_t n)
+{
+   size_t i;
+
+   //Perform XOR operation
+   for(i = 0; i < n; i++)
+   {
+      x[i] = a[i] ^ b[i];
+   }
+}
+
+
+/**
+ * @brief Increment counter block
+ * @param[in,out] ctr Pointer to the counter block
+ **/
+
+void gcmIncCounter(uint8_t *ctr)
+{
+   uint16_t temp;
+
+   //The function increments the right-most 32 bits of the block. The remaining
+   //left-most 96 bits remain unchanged
+   temp = ctr[15] + 1;
+   ctr[15] = temp & 0xFF;
+   temp = (temp >> 8) + ctr[14];
+   ctr[14] = temp & 0xFF;
+   temp = (temp >> 8) + ctr[13];
+   ctr[13] = temp & 0xFF;
+   temp = (temp >> 8) + ctr[12];
+   ctr[12] = temp & 0xFF;
+}
+
+#endif

deps/cyclone/hkdf.c

@@ -0,0 +1,226 @@
+/**
+ * @file hkdf.c
+ * @brief HKDF (HMAC-based Key Derivation Function)
+ *
+ * @section License
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
+ *
+ * This file is part of CycloneCRYPTO Open.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * @section Description
+ *
+ * HKDF is a simple HMAC-based key derivation function which can be used as a
+ * building block in various protocols and applications. Refer to RFC 5869 for
+ * more details
+ *
+ * @author Oryx Embedded SARL (www.oryx-embedded.com)
+ * @version 2.4.4
+ **/
+
+//Switch to the appropriate trace level
+#define TRACE_LEVEL CRYPTO_TRACE_LEVEL
+
+//Dependencies
+#include "core/crypto.h"
+#include "kdf/hkdf.h"
+#include "mac/hmac.h"
+
+//Check crypto library configuration
+#if (HKDF_SUPPORT == ENABLED)
+
+
+/**
+ * @brief HKDF key derivation function
+ * @param[in] hash Underlying hash function
+ * @param[in] ikm input keying material
+ * @param[in] ikmLen Length in the input keying material
+ * @param[in] salt Optional salt value (a non-secret random value)
+ * @param[in] saltLen Length of the salt
+ * @param[in] info Optional application specific information
+ * @param[in] infoLen Length of the application specific information
+ * @param[out] okm output keying material
+ * @param[in] okmLen Length of the output keying material
+ * @return Error code
+ **/
+
+error_t hkdf(const HashAlgo *hash, const uint8_t *ikm, size_t ikmLen,
+   const uint8_t *salt, size_t saltLen, const uint8_t *info, size_t infoLen,
+   uint8_t *okm, size_t okmLen)
+{
+   error_t error;
+   uint8_t prk[MAX_HASH_DIGEST_SIZE];
+
+   //Perform HKDF extract step
+   error = hkdfExtract(hash, ikm, ikmLen, salt, saltLen, prk);
+
+   //Check status code
+   if(!error)
+   {
+      //Perform HKDF expand step
+      error = hkdfExpand(hash, prk, hash->digestSize, info, infoLen,
+         okm, okmLen);
+   }
+
+   //Return status code
+   return error;
+}
+
+
+/**
+ * @brief HKDF extract step
+ * @param[in] hash Underlying hash function
+ * @param[in] ikm input keying material
+ * @param[in] ikmLen Length in the input keying material
+ * @param[in] salt Optional salt value (a non-secret random value)
+ * @param[in] saltLen Length of the salt
+ * @param[out] prk Pseudorandom key
+ * @return Error code
+ **/
+
+error_t hkdfExtract(const HashAlgo *hash, const uint8_t *ikm, size_t ikmLen,
+   const uint8_t *salt, size_t saltLen, uint8_t *prk)
+{
+#if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
+   HmacContext *hmacContext;
+#else
+   HmacContext hmacContext[1];
+#endif
+
+   //Check parameters
+   if(hash == NULL || ikm == NULL || prk == NULL)
+      return ERROR_INVALID_PARAMETER;
+
+   //The salt parameter is optional
+   if(salt == NULL && saltLen != 0)
+      return ERROR_INVALID_PARAMETER;
+
+#if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
+   //Allocate a memory buffer to hold the HMAC context
+   hmacContext = cryptoAllocMem(sizeof(HmacContext));
+   //Failed to allocate memory?
+   if(hmacContext == NULL)
+      return ERROR_OUT_OF_MEMORY;
+#endif
+
+   //The salt parameter is optional
+   if(salt == NULL)
+   {
+      //If the salt is not provided, it is set to a string of HashLen zeros
+      osMemset(hmacContext->digest, 0, hash->digestSize);
+      salt = hmacContext->digest;
+      saltLen = hash->digestSize;
+   }
+
+   //Compute PRK = HMAC-Hash(salt, IKM)
+   hmacInit(hmacContext, hash, salt, saltLen);
+   hmacUpdate(hmacContext, ikm, ikmLen);
+   hmacFinal(hmacContext, prk);
+
+#if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
+   //Free previously allocated memory
+   cryptoFreeMem(hmacContext);
+#endif
+
+   //Successful processing
+   return NO_ERROR;
+}
+
+
+/**
+ * @brief HKDF expand step
+ * @param[in] hash Underlying hash function
+ * @param[in] prk Pseudorandom key
+ * @param[in] prkLen Length of the pseudorandom key
+ * @param[in] info Optional application specific information
+ * @param[in] infoLen Length of the application specific information
+ * @param[out] okm output keying material
+ * @param[in] okmLen Length of the output keying material
+ * @return Error code
+ **/
+
+error_t hkdfExpand(const HashAlgo *hash, const uint8_t *prk, size_t prkLen,
+   const uint8_t *info, size_t infoLen, uint8_t *okm, size_t okmLen)
+{
+   uint8_t i;
+   size_t tLen;
+   uint8_t t[MAX_HASH_DIGEST_SIZE];
+#if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
+   HmacContext *hmacContext;
+#else
+   HmacContext hmacContext[1];
+#endif
+
+   //Check parameters
+   if(hash == NULL || prk == NULL || okm == NULL)
+      return ERROR_INVALID_PARAMETER;
+
+   //The application specific information parameter is optional
+   if(info == NULL && infoLen != 0)
+      return ERROR_INVALID_PARAMETER;
+
+   //PRK must be at least HashLen octets
+   if(prkLen < hash->digestSize)
+      return ERROR_INVALID_LENGTH;
+
+   //Check the length of the output keying material
+   if(okmLen > (255 * hash->digestSize))
+      return ERROR_INVALID_LENGTH;
+
+#if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
+   //Allocate a memory buffer to hold the HMAC context
+   hmacContext = cryptoAllocMem(sizeof(HmacContext));
+   //Failed to allocate memory?
+   if(hmacContext == NULL)
+      return ERROR_OUT_OF_MEMORY;
+#endif
+
+   //T(0) is an empty string (zero length)
+   tLen = 0;
+
+   //Iterate as many times as required
+   for(i = 1; okmLen > 0; i++)
+   {
+      //Compute T(i) = HMAC-Hash(PRK, T(i-1) | info | i)
+      hmacInit(hmacContext, hash, prk, prkLen);
+      hmacUpdate(hmacContext, t, tLen);
+      hmacUpdate(hmacContext, info, infoLen);
+      hmacUpdate(hmacContext, &i, sizeof(i));
+      hmacFinal(hmacContext, t);
+
+      //Number of octets in the current block
+      tLen = MIN(okmLen, hash->digestSize);
+      //Save the resulting block
+      osMemcpy(okm, t, tLen);
+
+      //Point to the next block
+      okm += tLen;
+      okmLen -= tLen;
+   }
+
+#if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
+   //Free previously allocated memory
+   cryptoFreeMem(hmacContext);
+#endif
+
+   //Successful processing
+   return NO_ERROR;
+}
+
+#endif

deps/cyclone/hmac.c

@@ -0,0 +1,303 @@
+/**
+ * @file hmac.c
+ * @brief HMAC (Keyed-Hashing for Message Authentication)
+ *
+ * @section License
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
+ *
+ * This file is part of CycloneCRYPTO Open.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * @section Description
+ *
+ * HMAC is a mechanism for message authentication using cryptographic hash
+ * functions. HMAC can be used with any iterative cryptographic hash
+ * function (MD5, SHA-1 or SHA-256) in combination with a secret shared
+ * key. Refer to RFC 2104 for more details
+ *
+ * @author Oryx Embedded SARL (www.oryx-embedded.com)
+ * @version 2.4.4
+ **/
+
+//Switch to the appropriate trace level
+#define TRACE_LEVEL CRYPTO_TRACE_LEVEL
+
+//Dependencies
+#include "core/crypto.h"
+#include "mac/hmac.h"
+
+//Check crypto library configuration
+#if (HMAC_SUPPORT == ENABLED)
+
+//HMAC with MD5 OID (1.3.6.1.5.5.8.1.1)
+const uint8_t HMAC_WITH_MD5_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x08, 0x01, 0x01};
+//HMAC with Tiger OID (1.3.6.1.5.5.8.1.3)
+const uint8_t HMAC_WITH_TIGER_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x08, 0x01, 0x03};
+//HMAC with RIPEMD-160 OID (1.3.6.1.5.5.8.1.4)
+const uint8_t HMAC_WITH_RIPEMD160_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x08, 0x01, 0x04};
+//HMAC with SHA-1 OID (1.2.840.113549.2.7)
+const uint8_t HMAC_WITH_SHA1_OID[8] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x07};
+//HMAC with SHA-224 OID (1.2.840.113549.2.8)
+const uint8_t HMAC_WITH_SHA224_OID[8] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x08};
+//HMAC with SHA-256 OID (1.2.840.113549.2.9)
+const uint8_t HMAC_WITH_SHA256_OID[8] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x09};
+//HMAC with SHA-384 OID (1.2.840.113549.2.10)
+const uint8_t HMAC_WITH_SHA384_OID[8] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x0A};
+//HMAC with SHA-512 OID (1.2.840.113549.2.11)
+const uint8_t HMAC_WITH_SHA512_OID[8] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x0B};
+//HMAC with SHA-512/224 OID (1.2.840.113549.2.12)
+const uint8_t HMAC_WITH_SHA512_224_OID[8] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x0C};
+//HMAC with SHA-512/256 OID (1.2.840.113549.2.13)
+const uint8_t HMAC_WITH_SHA512_256_OID[8] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x0D};
+//HMAC with SHA-3-224 OID (2.16.840.1.101.3.4.2.13)
+const uint8_t HMAC_WITH_SHA3_224_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0D};
+//HMAC with SHA-3-256 OID (2.16.840.1.101.3.4.2.14)
+const uint8_t HMAC_WITH_SHA3_256_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0E};
+//HMAC with SHA-3-384 OID (2.16.840.1.101.3.4.2.15)
+const uint8_t HMAC_WITH_SHA3_384_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0F};
+//HMAC with SHA-3-512 OID (2.16.840.1.101.3.4.2.16)
+const uint8_t HMAC_WITH_SHA3_512_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x10};
+//HMAC with SM3 OID (1.2.156.10197.1.401.3.1)
+const uint8_t HMAC_WITH_SM3_OID[10] = {0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82, 0x91, 0x03, 0x01};
+
+
+/**
+ * @brief Compute HMAC using the specified hash function
+ * @param[in] hash Hash algorithm used to compute HMAC
+ * @param[in] key Key to use in the hash algorithm
+ * @param[in] keyLen Length of the key
+ * @param[in] data The input data for which to compute the hash code
+ * @param[in] dataLen Length of the input data
+ * @param[out] digest The computed HMAC value
+ * @return Error code
+ **/
+
+__weak_func error_t hmacCompute(const HashAlgo *hash, const void *key, size_t keyLen,
+   const void *data, size_t dataLen, uint8_t *digest)
+{
+   error_t error;
+#if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
+   HmacContext *context;
+#else
+   HmacContext context[1];
+#endif
+
+#if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
+   //Allocate a memory buffer to hold the HMAC context
+   context = cryptoAllocMem(sizeof(HmacContext));
+   //Failed to allocate memory?
+   if(context == NULL)
+      return ERROR_OUT_OF_MEMORY;
+#endif
+
+   //Initialize the HMAC context
+   error = hmacInit(context, hash, key, keyLen);
+
+   //Check status code
+   if(!error)
+   {
+      //Digest the message
+      hmacUpdate(context, data, dataLen);
+      //Finalize the HMAC computation
+      hmacFinal(context, digest);
+   }
+
+#if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
+   //Free previously allocated memory
+   cryptoFreeMem(context);
+#endif
+
+   //Return status code
+   return error;
+}
+
+
+/**
+ * @brief Initialize HMAC calculation
+ * @param[in] context Pointer to the HMAC context to initialize
+ * @param[in] hash Hash algorithm used to compute HMAC
+ * @param[in] key Key to use in the hash algorithm
+ * @param[in] keyLen Length of the key
+ * @return Error code
+ **/
+
+__weak_func error_t hmacInit(HmacContext *context, const HashAlgo *hash,
+   const void *key, size_t keyLen)
+{
+   uint_t i;
+
+   //Check parameters
+   if(context == NULL || hash == NULL)
+      return ERROR_INVALID_PARAMETER;
+
+   //Make sure the supplied key is valid
+   if(key == NULL && keyLen != 0)
+      return ERROR_INVALID_PARAMETER;
+
+   //Hash algorithm used to compute HMAC
+   context->hash = hash;
+
+   //The key is longer than the block size?
+   if(keyLen > hash->blockSize)
+   {
+      //Initialize the hash function context
+      hash->init(&context->hashContext);
+      //Digest the original key
+      hash->update(&context->hashContext, key, keyLen);
+      //Finalize the message digest computation
+      hash->final(&context->hashContext, context->key);
+
+      //Key is padded to the right with extra zeros
+      osMemset(context->key + hash->digestSize, 0,
+         hash->blockSize - hash->digestSize);
+   }
+   else
+   {
+      //Copy the key
+      osMemcpy(context->key, key, keyLen);
+      //Key is padded to the right with extra zeros
+      osMemset(context->key + keyLen, 0, hash->blockSize - keyLen);
+   }
+
+   //XOR the resulting key with ipad
+   for(i = 0; i < hash->blockSize; i++)
+   {
+      context->key[i] ^= HMAC_IPAD;
+   }
+
+   //Initialize context for the first pass
+   hash->init(&context->hashContext);
+   //Start with the inner pad
+   hash->update(&context->hashContext, context->key, hash->blockSize);
+
+   //Successful initialization
+   return NO_ERROR;
+}
+
+
+/**
+ * @brief Update the HMAC context with a portion of the message being hashed
+ * @param[in] context Pointer to the HMAC context
+ * @param[in] data Pointer to the buffer being hashed
+ * @param[in] length Length of the buffer
+ **/
+
+__weak_func void hmacUpdate(HmacContext *context, const void *data, size_t length)
+{
+   const HashAlgo *hash;
+
+   //Hash algorithm used to compute HMAC
+   hash = context->hash;
+   //Digest the message (first pass)
+   hash->update(&context->hashContext, data, length);
+}
+
+
+/**
+ * @brief Finish the HMAC calculation
+ * @param[in] context Pointer to the HMAC context
+ * @param[out] digest Calculated HMAC value (optional parameter)
+ **/
+
+__weak_func void hmacFinal(HmacContext *context, uint8_t *digest)
+{
+   uint_t i;
+   const HashAlgo *hash;
+
+   //Hash algorithm used to compute HMAC
+   hash = context->hash;
+   //Finish the first pass
+   hash->final(&context->hashContext, context->digest);
+
+   //XOR the original key with opad
+   for(i = 0; i < hash->blockSize; i++)
+   {
+      context->key[i] ^= HMAC_IPAD ^ HMAC_OPAD;
+   }
+
+   //Initialize context for the second pass
+   hash->init(&context->hashContext);
+   //Start with outer pad
+   hash->update(&context->hashContext, context->key, hash->blockSize);
+   //Then digest the result of the first hash
+   hash->update(&context->hashContext, context->digest, hash->digestSize);
+   //Finish the second pass
+   hash->final(&context->hashContext, context->digest);
+
+   //Copy the resulting HMAC value
+   if(digest != NULL)
+   {
+      osMemcpy(digest, context->digest, hash->digestSize);
+   }
+}
+
+
+/**
+ * @brief Release HMAC context
+ * @param[in] context Pointer to the HMAC context
+ **/
+
+void hmacDeinit(HmacContext *context)
+{
+   //Make sure the HMAC context is valid
+   if(context != NULL)
+   {
+      //Clear HMAC context
+      osMemset(context, 0, sizeof(HmacContext));
+   }
+}
+
+
+/**
+ * @brief Finish the HMAC calculation (no padding added)
+ * @param[in] context Pointer to the HMAC context
+ * @param[out] digest Calculated HMAC value (optional parameter)
+ **/
+
+void hmacFinalRaw(HmacContext *context, uint8_t *digest)
+{
+   uint_t i;
+   const HashAlgo *hash;
+
+   //Hash algorithm used to compute HMAC
+   hash = context->hash;
+
+   //XOR the original key with opad
+   for(i = 0; i < hash->blockSize; i++)
+   {
+      context->key[i] ^= HMAC_IPAD ^ HMAC_OPAD;
+   }
+
+   //Initialize context for the second pass
+   hash->init(&context->hashContext);
+   //Start with outer pad
+   hash->update(&context->hashContext, context->key, hash->blockSize);
+   //Then digest the result of the first hash
+   hash->update(&context->hashContext, context->digest, hash->digestSize);
+   //Finish the second pass
+   hash->final(&context->hashContext, context->digest);
+
+   //Copy the resulting HMAC value
+   if(digest != NULL)
+   {
+      osMemcpy(digest, context->digest, hash->digestSize);
+   }
+}
+
+#endif

deps/cyclone/include/aead/gcm.h

@@ -0,0 +1,92 @@
+/**
+ * @file gcm.h
+ * @brief Galois/Counter Mode (GCM)
+ *
+ * @section License
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
+ *
+ * This file is part of CycloneCRYPTO Open.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * @author Oryx Embedded SARL (www.oryx-embedded.com)
+ * @version 2.4.4
+ **/
+
+#ifndef _GCM_H
+#define _GCM_H
+
+//Dependencies
+#include "core/crypto.h"
+
+//Precalculated table width, in bits
+#ifndef GCM_TABLE_W
+   #define GCM_TABLE_W 4
+#elif (GCM_TABLE_W != 4 && GCM_TABLE_W != 8)
+   #error GCM_TABLE_W parameter is not valid
+#endif
+
+//4-bit or 8-bit precalculated table?
+#if (GCM_TABLE_W == 4)
+   #define GCM_TABLE_N 16
+   #define GCM_REVERSE_BITS(n) reverseInt4(n)
+#else
+   #define GCM_TABLE_N 256
+   #define GCM_REVERSE_BITS(n) reverseInt8(n)
+#endif
+
+//C++ guard
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/**
+ * @brief GCM context
+ **/
+
+typedef struct
+{
+   const CipherAlgo *cipherAlgo; ///<Cipher algorithm
+   void *cipherContext;          ///<Cipher algorithm context
+   uint32_t m[GCM_TABLE_N][4];   ///<Precalculated table
+} GcmContext;
+
+
+//GCM related functions
+error_t gcmInit(GcmContext *context, const CipherAlgo *cipherAlgo,
+   void *cipherContext);
+
+error_t gcmEncrypt(GcmContext *context, const uint8_t *iv,
+   size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *p,
+   uint8_t *c, size_t length, uint8_t *t, size_t tLen);
+
+error_t gcmDecrypt(GcmContext *context, const uint8_t *iv,
+   size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *c,
+   uint8_t *p, size_t length, const uint8_t *t, size_t tLen);
+
+void gcmMul(GcmContext *context, uint8_t *x);
+void gcmXorBlock(uint8_t *x, const uint8_t *a, const uint8_t *b, size_t n);
+void gcmIncCounter(uint8_t *ctr);
+
+//C++ guard
+#ifdef __cplusplus
+}
+#endif
+
+#endif

deps/cyclone/include/cipher/aes.h

@@ -0,0 +1,103 @@
+/**
+ * @file aes.h
+ * @brief AES (Advanced Encryption Standard)
+ *
+ * @section License
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
+ *
+ * This file is part of CycloneCRYPTO Open.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * @author Oryx Embedded SARL (www.oryx-embedded.com)
+ * @version 2.4.4
+ **/
+
+#ifndef _AES_H
+#define _AES_H
+
+//Dependencies
+#include "core/crypto.h"
+
+//Application specific context
+#ifndef AES_PRIVATE_CONTEXT
+   #define AES_PRIVATE_CONTEXT
+#endif
+
+//AES block size
+#define AES_BLOCK_SIZE 16
+//Common interface for encryption algorithms
+#define AES_CIPHER_ALGO (&aesCipherAlgo)
+
+//C++ guard
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/**
+ * @brief AES algorithm context
+ **/
+
+typedef struct
+{
+   uint_t nr;
+   uint32_t ek[60];
+   uint32_t dk[60];
+   AES_PRIVATE_CONTEXT
+} AesContext;
+
+
+//AES related constants
+extern const uint8_t AES128_ECB_OID[9];
+extern const uint8_t AES128_CBC_OID[9];
+extern const uint8_t AES128_OFB_OID[9];
+extern const uint8_t AES128_CFB_OID[9];
+extern const uint8_t AES128_GCM_OID[9];
+extern const uint8_t AES128_CCM_OID[9];
+extern const uint8_t AES192_ECB_OID[9];
+extern const uint8_t AES192_CBC_OID[9];
+extern const uint8_t AES192_OFB_OID[9];
+extern const uint8_t AES192_CFB_OID[9];
+extern const uint8_t AES192_GCM_OID[9];
+extern const uint8_t AES192_CCM_OID[9];
+extern const uint8_t AES256_ECB_OID[9];
+extern const uint8_t AES256_CBC_OID[9];
+extern const uint8_t AES256_OFB_OID[9];
+extern const uint8_t AES256_CFB_OID[9];
+extern const uint8_t AES256_GCM_OID[9];
+extern const uint8_t AES256_CCM_OID[9];
+extern const CipherAlgo aesCipherAlgo;
+
+//AES related functions
+error_t aesInit(AesContext *context, const uint8_t *key, size_t keyLen);
+
+void aesEncryptBlock(AesContext *context, const uint8_t *input,
+   uint8_t *output);
+
+void aesDecryptBlock(AesContext *context, const uint8_t *input,
+   uint8_t *output);
+
+void aesDeinit(AesContext *context);
+
+//C++ guard
+#ifdef __cplusplus
+}
+#endif
+
+#endif

deps/cyclone/include/cipher_modes/ecb.h

@@ -0,0 +1,54 @@
+/**
+ * @file ecb.h
+ * @brief Electronic Codebook (ECB) mode
+ *
+ * @section License
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
+ *
+ * This file is part of CycloneCRYPTO Open.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * @author Oryx Embedded SARL (www.oryx-embedded.com)
+ * @version 2.4.4
+ **/
+
+#ifndef _ECB_H
+#define _ECB_H
+
+//Dependencies
+#include "core/crypto.h"
+
+//C++ guard
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+//ECB encryption and decryption routines
+error_t ecbEncrypt(const CipherAlgo *cipher, void *context,
+   const uint8_t *p, uint8_t *c, size_t length);
+
+error_t ecbDecrypt(const CipherAlgo *cipher, void *context,
+   const uint8_t *c, uint8_t *p, size_t length);
+
+//C++ guard
+#ifdef __cplusplus
+}
+#endif
+
+#endif

deps/cyclone/include/compiler_port.h

@@ -0,0 +1,286 @@
+/**
+ * @file compiler_port.h
+ * @brief Compiler specific definitions
+ *
+ * @section License
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * @author Oryx Embedded SARL (www.oryx-embedded.com)
+ * @version 2.4.4
+ **/
+
+#ifndef _COMPILER_PORT_H
+#define _COMPILER_PORT_H
+
+//Dependencies
+#include "types.h"
+
+//ARM compiler V6?
+#if defined(__ARMCC_VERSION) && (__ARMCC_VERSION >= 6010050)
+   #include <stdarg.h>
+#endif
+
+//C++ guard
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+//Types
+typedef char char_t;
+typedef signed int int_t;
+typedef unsigned int uint_t;
+
+#if !defined(R_TYPEDEFS_H) && !defined(USE_CHIBIOS_2)
+   typedef int bool_t;
+#endif
+
+//ARM compiler?
+#if defined(__CC_ARM)
+   #undef PRIu8
+   #undef PRIu16
+   #define PRIu8 "u"
+   #define PRIu16 "u"
+   #define PRIuSIZE "u"
+   #define PRIXSIZE "X"
+   #define PRIuTIME "lu"
+//Microchip XC32 compiler?
+#elif defined(__XC32)
+   #if defined(__C32_LEGACY_LIBC__)
+      #define PRIuSIZE "lu"
+      #define PRIXSIZE "lX"
+      #define PRIuTIME "lu"
+   #else
+      #define PRIuSIZE "u"
+      #define PRIXSIZE "X"
+      #define PRIuTIME "u"
+   #endif
+//NXP MCUXpresso compiler?
+#elif defined(__MCUXPRESSO)
+   #undef PRIu64
+   #define PRIu64 "llu"
+   #define PRIuSIZE "u"
+   #define PRIXSIZE "X"
+   #define PRIuTIME "lu"
+//NXP CodeWarrior compiler?
+#elif defined(__CWCC__)
+   #define PRIu8 "u"
+   #define PRIu16 "u"
+   #define PRIu32 "u"
+   #define PRIx8 "x"
+   #define PRIx16 "x"
+   #define PRIx32 "x"
+   #define PRIX8 "X"
+   #define PRIX16 "X"
+   #define PRIX32 "X"
+   #define PRIuSIZE "u"
+   #define PRIXSIZE "X"
+   #define PRIuTIME "u"
+//Espressif ESP-IDF compiler?
+#elif defined(IDF_VER)
+   #undef PRIu8
+   #undef PRIu16
+   #undef PRIx8
+   #undef PRIx16
+   #undef PRIX8
+   #undef PRIX16
+   #define PRIu8 "u"
+   #define PRIu16 "u"
+   #define PRIx8 "x"
+   #define PRIx16 "x"
+   #define PRIX8 "X"
+   #define PRIX16 "X"
+   #define PRIuSIZE "u"
+   #define PRIXSIZE "X"
+   #define PRIuTIME "lu"
+//Linux/FreeBSD GCC compiler
+#elif defined(__linux__) || defined(__FreeBSD__)
+   #define PRIuSIZE "zu"
+   #define PRIXSIZE "zX"
+   #define PRIuTIME "lu"
+//Win32 compiler?
+#elif defined(_WIN32)
+   #define PRIuSIZE "Iu"
+   #define PRIXSIZE "IX"
+   #define PRIuTIME "lu"
+//GCC compiler (with newlib-nano runtime library)?
+#elif defined(__GNUC__) && defined(_NANO_FORMATTED_IO) && (_NANO_FORMATTED_IO != 0)
+   #undef PRIu8
+   #undef PRIu16
+   #undef PRIx8
+   #undef PRIx16
+   #undef PRIX8
+   #undef PRIX16
+   #define PRIu8 "u"
+   #define PRIu16 "u"
+   #define PRIx8 "x"
+   #define PRIx16 "x"
+   #define PRIX8 "X"
+   #define PRIX16 "X"
+   #define PRIuSIZE "u"
+   #define PRIXSIZE "X"
+   #define PRIuTIME "u"
+//GCC compiler (with newlib-standard runtime library)?
+#else
+   #define PRIuSIZE "u"
+   #define PRIXSIZE "X"
+   #define PRIuTIME "lu"
+#endif
+
+//ARM compiler V6?
+#if defined(__ARMCC_VERSION) && (__ARMCC_VERSION >= 6010050)
+   int vsnprintf(char *dest, size_t size, const char *format, va_list ap);
+   char *strtok_r(char *s, const char *delim, char **last);
+//GCC compiler (for PowerPC architecture)?
+#elif defined(__GNUC__) && defined(__PPC_EABI__)
+   typedef uint32_t time_t;
+   int strcasecmp(const char *s1, const char *s2);
+   int strncasecmp(const char *s1, const char *s2, size_t n);
+   char *strtok_r(char *s, const char *delim, char **last);
+//GCC compiler?
+#elif defined(__GNUC__)
+   int strcasecmp(const char *s1, const char *s2);
+   int strncasecmp(const char *s1, const char *s2, size_t n);
+#if !(defined(_SVID_SOURCE) || defined(_BSD_SOURCE) || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 1) || defined(_XOPEN_SOURCE) || defined(_POSIX_SOURCE))
+   char *strtok_r(char *s, const char *delim, char **last);
+#endif
+
+//Tasking compiler?
+#elif defined(__TASKING__)
+   char *strtok_r(char *s, const char *delim, char **last);
+//Microchip XC32 compiler?
+#elif defined(__XC32)
+   #define sprintf _sprintf
+   int sprintf(char *str, const char *format, ...);
+   int strcasecmp(const char *s1, const char *s2);
+   int strncasecmp(const char *s1, const char *s2, size_t n);
+   char *strtok_r(char *s, const char *delim, char **last);
+//NXP CodeWarrior compiler?
+#elif defined(__CWCC__)
+   typedef uint32_t time_t;
+   int strcasecmp(const char *s1, const char *s2);
+   int strncasecmp(const char *s1, const char *s2, size_t n);
+   char *strtok_r(char *s, const char *delim, char **last);
+//Renesas CC-RX compiler?
+#elif defined(__CCRX__)
+   int strcasecmp(const char *s1, const char *s2);
+   int strncasecmp(const char *s1, const char *s2, size_t n);
+   char *strtok_r(char *s, const char *delim, char **last);
+//TI ARM compiler?
+#elif defined(__TI_ARM__)
+   int strcasecmp(const char *s1, const char *s2);
+   int strncasecmp(const char *s1, const char *s2, size_t n);
+   char *strtok_r(char *s, const char *delim, char **last);
+#endif
+
+//ARM compiler V6?
+#if defined(__ARMCC_VERSION) && (__ARMCC_VERSION >= 6010050)
+   #undef __packed_struct
+   #define __packed_struct struct __attribute__((packed))
+   #undef __packed_union
+   #define __packed_union union __attribute__((packed))
+//GCC compiler?
+#elif defined(__GNUC__)
+   #undef __packed_struct
+   #define __packed_struct struct __attribute__((__packed__))
+   #undef __packed_union
+   #define __packed_union union __attribute__((__packed__))
+//ARM compiler?
+#elif defined(__CC_ARM)
+   #pragma anon_unions
+   #undef __packed_struct
+   #define __packed_struct __packed struct
+   #undef __packed_union
+   #define __packed_union __packed union
+//IAR compiler?
+#elif defined(__IAR_SYSTEMS_ICC__)
+   #undef __packed_struct
+   #define __packed_struct __packed struct
+   #undef __packed_union
+   #define __packed_union __packed union
+//Tasking compiler?
+#elif defined(__TASKING__)
+   #undef __packed_struct
+   #define __packed_struct struct __packed__
+   #undef __packed_union
+   #define __packed_union union __packed__
+//NXP CodeWarrior compiler?
+#elif defined(__CWCC__)
+   #undef __packed_struct
+   #define __packed_struct struct
+   #undef __packed_union
+   #define __packed_union union
+//Renesas CC-RX compiler?
+#elif defined(__CCRX__)
+   #undef __packed_struct
+   #define __packed_struct struct
+   #undef __packed_union
+   #define __packed_union union
+//TI ARM compiler?
+#elif defined(__TI_ARM__)
+   #undef __packed_struct
+   #define __packed_struct struct __attribute__((__packed__))
+   #undef __packed_union
+   #define __packed_union union __attribute__((__packed__))
+//Win32 compiler?
+#elif defined(_WIN32)
+   #undef interface
+   #undef __packed_struct
+   #define __packed_struct struct
+   #undef __packed_union
+   #define __packed_union union
+#endif
+
+#ifndef __weak_func
+   //ARM compiler V6?
+   #if defined(__ARMCC_VERSION) && (__ARMCC_VERSION >= 6010050)
+      #define __weak_func __attribute__((weak))
+   //GCC compiler?
+   #elif defined(__GNUC__)
+      #define __weak_func __attribute__((weak))
+   //ARM compiler?
+   #elif defined(__CC_ARM)
+      #define __weak_func __weak
+   //IAR compiler?
+   #elif defined(__IAR_SYSTEMS_ICC__)
+      #define __weak_func __weak
+   //Tasking compiler?
+   #elif defined(__TASKING__)
+      #define __weak_func __attribute__((weak))
+   //NXP CodeWarrior compiler?
+   #elif defined(__CWCC__)
+      #define __weak_func
+   //Renesas CC-RX compiler?
+   #elif defined(__CCRX__)
+      #define __weak_func
+   //TI ARM compiler?
+   #elif defined(__TI_ARM__)
+      #define __weak_func __attribute__((weak))
+   //Win32 compiler?
+   #elif defined(_WIN32)
+      #define __weak_func
+   #endif
+#endif
+
+//C++ guard
+#ifdef __cplusplus
+}
+#endif
+
+#endif

deps/cyclone/include/core/crypto_legacy.h

@@ -0,0 +1,68 @@
+/**
+ * @file crypto_legacy.h
+ * @brief Legacy definitions
+ *
+ * @section License
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
+ *
+ * This file is part of CycloneCRYPTO Open.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * @author Oryx Embedded SARL (www.oryx-embedded.com)
+ * @version 2.4.4
+ **/
+
+#ifndef _CRYPTO_LEGACY_H
+#define _CRYPTO_LEGACY_H
+
+//Deprecated functions
+#define mpiReadRaw(r, data, length) mpiImport(r, data, length, MPI_FORMAT_BIG_ENDIAN)
+#define mpiWriteRaw(a, data, length) mpiExport(a, data, length, MPI_FORMAT_BIG_ENDIAN)
+
+#ifdef CURVE25519_SUPPORT
+   #define X25519_SUPPORT CURVE25519_SUPPORT
+#endif
+
+#ifdef CURVE448_SUPPORT
+   #define X448_SUPPORT CURVE448_SUPPORT
+#endif
+
+#define ecdsaGenerateKeyPair ecGenerateKeyPair
+#define ecdsaGeneratePrivateKey ecGeneratePrivateKey
+#define ecdsaGeneratePublicKey ecGeneratePublicKey
+
+#define MAX_HASH_CONTEXT_SIZE sizeof(HashContext)
+#define MAX_CIPHER_CONTEXT_SIZE sizeof(CipherContext)
+
+#ifdef SAMD51_CRYPTO_PUKCC_SUPPORT
+   #define SAMD51_CRYPTO_PKC_SUPPORT SAMD51_CRYPTO_PUKCC_SUPPORT
+#endif
+
+#ifdef SAME54_CRYPTO_PUKCC_SUPPORT
+   #define SAME54_CRYPTO_PKC_SUPPORT SAME54_CRYPTO_PUKCC_SUPPORT
+#endif
+
+#define yarrowRelease yarrowDeinit
+
+#define X509CertificateInfo X509CertInfo
+#define X509SignatureAlgoId X509SignAlgoId
+
+#define EddsaMessageChunk DataChunk
+
+#endif

deps/cyclone/include/cpu_endian.h

@@ -0,0 +1,481 @@
+/**
+ * @file cpu_endian.h
+ * @brief Byte order conversion
+ *
+ * @section License
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * @author Oryx Embedded SARL (www.oryx-embedded.com)
+ * @version 2.4.4
+ **/
+
+#ifndef _CPU_ENDIAN_H
+#define _CPU_ENDIAN_H
+
+//Dependencies
+#include "os_port.h"
+#include "types.h"
+
+//Undefine conflicting definitions
+#ifdef HTONS
+   #undef HTONS
+#endif
+
+#ifdef HTONL
+   #undef HTONL
+#endif
+
+#ifdef HTONLL
+   #undef HTONLL
+#endif
+
+#ifdef htons
+   #undef htons
+#endif
+
+#ifdef htonl
+   #undef htonl
+#endif
+
+#ifdef htonll
+   #undef htonll
+#endif
+
+#ifdef NTOHS
+   #undef NTOHS
+#endif
+
+#ifdef NTOHL
+   #undef NTOHL
+#endif
+
+#ifdef NTOHLL
+   #undef NTOHLL
+#endif
+
+#ifdef ntohs
+   #undef ntohs
+#endif
+
+#ifdef ntohl
+   #undef ntohl
+#endif
+
+#ifdef ntohll
+   #undef ntohll
+#endif
+
+#ifdef HTOLE16
+   #undef HTOLE16
+#endif
+
+#ifdef HTOLE32
+   #undef HTOLE32
+#endif
+
+#ifdef HTOLE64
+   #undef HTOLE64
+#endif
+
+#ifdef htole16
+   #undef htole16
+#endif
+
+#ifdef htole32
+   #undef htole32
+#endif
+
+#ifdef htole64
+   #undef htole64
+#endif
+
+#ifdef LETOH16
+   #undef LETOH16
+#endif
+
+#ifdef LETOH32
+   #undef LETOH32
+#endif
+
+#ifdef LETOH64
+   #undef LETOH64
+#endif
+
+#ifdef letoh16
+   #undef letoh16
+#endif
+
+#ifdef letoh32
+   #undef letoh32
+#endif
+
+#ifdef letoh64
+   #undef letoh64
+#endif
+
+#ifdef HTOBE16
+   #undef HTOBE16
+#endif
+
+#ifdef HTOBE32
+   #undef HTOBE32
+#endif
+
+#ifdef HTOBE64
+   #undef HTOBE64
+#endif
+
+#ifdef htobe16
+   #undef htobe16
+#endif
+
+#ifdef htobe32
+   #undef htobe32
+#endif
+
+#ifdef htobe64
+   #undef htobe64
+#endif
+
+#ifdef BETOH16
+   #undef BETOH16
+#endif
+
+#ifdef BETOH32
+   #undef BETOH32
+#endif
+
+#ifdef BETOH64
+   #undef BETOH64
+#endif
+
+#ifdef betoh16
+   #undef betoh16
+#endif
+
+#ifdef betoh32
+   #undef betoh32
+#endif
+
+#ifdef betoh64
+   #undef betoh64
+#endif
+
+//Load unaligned 16-bit integer (little-endian encoding)
+#define LOAD16LE(p) ( \
+   ((uint16_t)(((uint8_t *)(p))[0]) << 0) | \
+   ((uint16_t)(((uint8_t *)(p))[1]) << 8))
+
+//Load unaligned 16-bit integer (big-endian encoding)
+#define LOAD16BE(p) ( \
+   ((uint16_t)(((uint8_t *)(p))[0]) << 8) | \
+   ((uint16_t)(((uint8_t *)(p))[1]) << 0))
+
+//Load unaligned 24-bit integer (little-endian encoding)
+#define LOAD24LE(p) ( \
+   ((uint32_t)(((uint8_t *)(p))[0]) << 0)| \
+   ((uint32_t)(((uint8_t *)(p))[1]) << 8) | \
+   ((uint32_t)(((uint8_t *)(p))[2]) << 16))
+
+//Load unaligned 24-bit integer (big-endian encoding)
+#define LOAD24BE(p) ( \
+   ((uint32_t)(((uint8_t *)(p))[0]) << 16) | \
+   ((uint32_t)(((uint8_t *)(p))[1]) << 8) | \
+   ((uint32_t)(((uint8_t *)(p))[2]) << 0))
+
+//Load unaligned 32-bit integer (little-endian encoding)
+#define LOAD32LE(p) ( \
+   ((uint32_t)(((uint8_t *)(p))[0]) << 0) | \
+   ((uint32_t)(((uint8_t *)(p))[1]) << 8) | \
+   ((uint32_t)(((uint8_t *)(p))[2]) << 16) | \
+   ((uint32_t)(((uint8_t *)(p))[3]) << 24))
+
+//Load unaligned 32-bit integer (big-endian encoding)
+#define LOAD32BE(p) ( \
+   ((uint32_t)(((uint8_t *)(p))[0]) << 24) | \
+   ((uint32_t)(((uint8_t *)(p))[1]) << 16) | \
+   ((uint32_t)(((uint8_t *)(p))[2]) << 8) | \
+   ((uint32_t)(((uint8_t *)(p))[3]) << 0))
+
+//Load unaligned 48-bit integer (little-endian encoding)
+#define LOAD48LE(p) ( \
+   ((uint64_t)(((uint8_t *)(p))[0]) << 0) | \
+   ((uint64_t)(((uint8_t *)(p))[1]) << 8) | \
+   ((uint64_t)(((uint8_t *)(p))[2]) << 16) | \
+   ((uint64_t)(((uint8_t *)(p))[3]) << 24) | \
+   ((uint64_t)(((uint8_t *)(p))[4]) << 32) | \
+   ((uint64_t)(((uint8_t *)(p))[5]) << 40)
+
+//Load unaligned 48-bit integer (big-endian encoding)
+#define LOAD48BE(p) ( \
+   ((uint64_t)(((uint8_t *)(p))[0]) << 40) | \
+   ((uint64_t)(((uint8_t *)(p))[1]) << 32) | \
+   ((uint64_t)(((uint8_t *)(p))[2]) << 24) | \
+   ((uint64_t)(((uint8_t *)(p))[3]) << 16) | \
+   ((uint64_t)(((uint8_t *)(p))[4]) << 8) | \
+   ((uint64_t)(((uint8_t *)(p))[5]) << 0))
+
+//Load unaligned 64-bit integer (little-endian encoding)
+#define LOAD64LE(p) ( \
+   ((uint64_t)(((uint8_t *)(p))[0]) << 0) | \
+   ((uint64_t)(((uint8_t *)(p))[1]) << 8) | \
+   ((uint64_t)(((uint8_t *)(p))[2]) << 16) | \
+   ((uint64_t)(((uint8_t *)(p))[3]) << 24) | \
+   ((uint64_t)(((uint8_t *)(p))[4]) << 32) | \
+   ((uint64_t)(((uint8_t *)(p))[5]) << 40) | \
+   ((uint64_t)(((uint8_t *)(p))[6]) << 48) | \
+   ((uint64_t)(((uint8_t *)(p))[7]) << 56))
+
+//Load unaligned 64-bit integer (big-endian encoding)
+#define LOAD64BE(p) ( \
+   ((uint64_t)(((uint8_t *)(p))[0]) << 56) | \
+   ((uint64_t)(((uint8_t *)(p))[1]) << 48) | \
+   ((uint64_t)(((uint8_t *)(p))[2]) << 40) | \
+   ((uint64_t)(((uint8_t *)(p))[3]) << 32) | \
+   ((uint64_t)(((uint8_t *)(p))[4]) << 24) | \
+   ((uint64_t)(((uint8_t *)(p))[5]) << 16) | \
+   ((uint64_t)(((uint8_t *)(p))[6]) << 8) | \
+   ((uint64_t)(((uint8_t *)(p))[7]) << 0))
+
+//Store unaligned 16-bit integer (little-endian encoding)
+#define STORE16LE(a, p) \
+   ((uint8_t *)(p))[0] = ((uint16_t)(a) >> 0) & 0xFFU, \
+   ((uint8_t *)(p))[1] = ((uint16_t)(a) >> 8) & 0xFFU
+
+//Store unaligned 16-bit integer (big-endian encoding)
+#define STORE16BE(a, p) \
+   ((uint8_t *)(p))[0] = ((uint16_t)(a) >> 8) & 0xFFU, \
+   ((uint8_t *)(p))[1] = ((uint16_t)(a) >> 0) & 0xFFU
+
+//Store unaligned 24-bit integer (little-endian encoding)
+#define STORE24LE(a, p) \
+   ((uint8_t *)(p))[0] = ((uint32_t)(a) >> 0) & 0xFFU, \
+   ((uint8_t *)(p))[1] = ((uint32_t)(a) >> 8) & 0xFFU, \
+   ((uint8_t *)(p))[2] = ((uint32_t)(a) >> 16) & 0xFFU
+
+//Store unaligned 24-bit integer (big-endian encoding)
+#define STORE24BE(a, p) \
+   ((uint8_t *)(p))[0] = ((uint32_t)(a) >> 16) & 0xFFU, \
+   ((uint8_t *)(p))[1] = ((uint32_t)(a) >> 8) & 0xFFU, \
+   ((uint8_t *)(p))[2] = ((uint32_t)(a) >> 0) & 0xFFU
+
+//Store unaligned 32-bit integer (little-endian encoding)
+#define STORE32LE(a, p) \
+   ((uint8_t *)(p))[0] = ((uint32_t)(a) >> 0) & 0xFFU, \
+   ((uint8_t *)(p))[1] = ((uint32_t)(a) >> 8) & 0xFFU, \
+   ((uint8_t *)(p))[2] = ((uint32_t)(a) >> 16) & 0xFFU, \
+   ((uint8_t *)(p))[3] = ((uint32_t)(a) >> 24) & 0xFFU
+
+//Store unaligned 32-bit integer (big-endian encoding)
+#define STORE32BE(a, p) \
+   ((uint8_t *)(p))[0] = ((uint32_t)(a) >> 24) & 0xFFU, \
+   ((uint8_t *)(p))[1] = ((uint32_t)(a) >> 16) & 0xFFU, \
+   ((uint8_t *)(p))[2] = ((uint32_t)(a) >> 8) & 0xFFU, \
+   ((uint8_t *)(p))[3] = ((uint32_t)(a) >> 0) & 0xFFU
+
+//Store unaligned 48-bit integer (little-endian encoding)
+#define STORE48LE(a, p) \
+   ((uint8_t *)(p))[0] = ((uint64_t)(a) >> 0) & 0xFFU, \
+   ((uint8_t *)(p))[1] = ((uint64_t)(a) >> 8) & 0xFFU, \
+   ((uint8_t *)(p))[2] = ((uint64_t)(a) >> 16) & 0xFFU, \
+   ((uint8_t *)(p))[3] = ((uint64_t)(a) >> 24) & 0xFFU, \
+   ((uint8_t *)(p))[4] = ((uint64_t)(a) >> 32) & 0xFFU, \
+   ((uint8_t *)(p))[5] = ((uint64_t)(a) >> 40) & 0xFFU,
+
+//Store unaligned 48-bit integer (big-endian encoding)
+#define STORE48BE(a, p) \
+   ((uint8_t *)(p))[0] = ((uint64_t)(a) >> 40) & 0xFFU, \
+   ((uint8_t *)(p))[1] = ((uint64_t)(a) >> 32) & 0xFFU, \
+   ((uint8_t *)(p))[2] = ((uint64_t)(a) >> 24) & 0xFFU, \
+   ((uint8_t *)(p))[3] = ((uint64_t)(a) >> 16) & 0xFFU, \
+   ((uint8_t *)(p))[4] = ((uint64_t)(a) >> 8) & 0xFFU, \
+   ((uint8_t *)(p))[5] = ((uint64_t)(a) >> 0) & 0xFFU
+
+//Store unaligned 64-bit integer (little-endian encoding)
+#define STORE64LE(a, p) \
+   ((uint8_t *)(p))[0] = ((uint64_t)(a) >> 0) & 0xFFU, \
+   ((uint8_t *)(p))[1] = ((uint64_t)(a) >> 8) & 0xFFU, \
+   ((uint8_t *)(p))[2] = ((uint64_t)(a) >> 16) & 0xFFU, \
+   ((uint8_t *)(p))[3] = ((uint64_t)(a) >> 24) & 0xFFU, \
+   ((uint8_t *)(p))[4] = ((uint64_t)(a) >> 32) & 0xFFU, \
+   ((uint8_t *)(p))[5] = ((uint64_t)(a) >> 40) & 0xFFU, \
+   ((uint8_t *)(p))[6] = ((uint64_t)(a) >> 48) & 0xFFU, \
+   ((uint8_t *)(p))[7] = ((uint64_t)(a) >> 56) & 0xFFU
+
+//Store unaligned 64-bit integer (big-endian encoding)
+#define STORE64BE(a, p) \
+   ((uint8_t *)(p))[0] = ((uint64_t)(a) >> 56) & 0xFFU, \
+   ((uint8_t *)(p))[1] = ((uint64_t)(a) >> 48) & 0xFFU, \
+   ((uint8_t *)(p))[2] = ((uint64_t)(a) >> 40) & 0xFFU, \
+   ((uint8_t *)(p))[3] = ((uint64_t)(a) >> 32) & 0xFFU, \
+   ((uint8_t *)(p))[4] = ((uint64_t)(a) >> 24) & 0xFFU, \
+   ((uint8_t *)(p))[5] = ((uint64_t)(a) >> 16) & 0xFFU, \
+   ((uint8_t *)(p))[6] = ((uint64_t)(a) >> 8) & 0xFFU, \
+   ((uint8_t *)(p))[7] = ((uint64_t)(a) >> 0) & 0xFFU
+
+//Swap a 16-bit integer
+#define SWAPINT16(x) ( \
+   (((uint16_t)(x) & 0x00FFU) << 8) | \
+   (((uint16_t)(x) & 0xFF00U) >> 8))
+
+//Swap a 32-bit integer
+#define SWAPINT32(x) ( \
+   (((uint32_t)(x) & 0x000000FFUL) << 24) | \
+   (((uint32_t)(x) & 0x0000FF00UL) << 8) | \
+   (((uint32_t)(x) & 0x00FF0000UL) >> 8) | \
+   (((uint32_t)(x) & 0xFF000000UL) >> 24))
+
+//Swap a 64-bit integer
+#define SWAPINT64(x) ( \
+   (((uint64_t)(x) & 0x00000000000000FFULL) << 56) | \
+   (((uint64_t)(x) & 0x000000000000FF00ULL) << 40) | \
+   (((uint64_t)(x) & 0x0000000000FF0000ULL) << 24) | \
+   (((uint64_t)(x) & 0x00000000FF000000ULL) << 8) | \
+   (((uint64_t)(x) & 0x000000FF00000000ULL) >> 8) | \
+   (((uint64_t)(x) & 0x0000FF0000000000ULL) >> 24) | \
+   (((uint64_t)(x) & 0x00FF000000000000ULL) >> 40) | \
+   (((uint64_t)(x) & 0xFF00000000000000ULL) >> 56))
+
+//Big-endian machine?
+#if (__BYTE_ORDER == __BIG_ENDIAN)
+//Host byte order to network byte order
+#define HTONS(value) (value)
+#define HTONL(value) (value)
+#define HTONLL(value) (value)
+#define htons(value) ((uint16_t) (value))
+#define htonl(value) ((uint32_t) (value))
+#define htonll(value) ((uint64_t) (value))
+
+//Network byte order to host byte order
+#define NTOHS(value) (value)
+#define NTOHL(value) (value)
+#define NTOHLL(value) (value)
+#define ntohs(value) ((uint16_t) (value))
+#define ntohl(value) ((uint32_t) (value))
+#define ntohll(value) ((uint64_t) (value))
+
+//Host byte order to little-endian byte order
+#define HTOLE16(value) SWAPINT16(value)
+#define HTOLE32(value) SWAPINT32(value)
+#define HTOLE64(value) SWAPINT64(value)
+#define htole16(value) swapInt16((uint16_t) (value))
+#define htole32(value) swapInt32((uint32_t) (value))
+#define htole64(value) swapInt64((uint64_t) (value))
+
+//Little-endian byte order to host byte order
+#define LETOH16(value) SWAPINT16(value)
+#define LETOH32(value) SWAPINT32(value)
+#define LETOH64(value) SWAPINT64(value)
+#define letoh16(value) swapInt16((uint16_t) (value))
+#define letoh32(value) swapInt32((uint32_t) (value))
+#define letoh64(value) swapInt64((uint64_t) (value))
+
+//Host byte order to big-endian byte order
+#define HTOBE16(value) (value)
+#define HTOBE32(value) (value)
+#define HTOBE64(value) (value)
+#define htobe16(value) ((uint16_t) (value))
+#define htobe32(value) ((uint32_t) (value))
+#define htobe64(value) ((uint64_t) (value))
+
+//Big-endian byte order to host byte order
+#define BETOH16(value) (value)
+#define BETOH32(value) (value)
+#define BETOH64(value) (value)
+#define betoh16(value) ((uint16_t) (value))
+#define betoh32(value) ((uint32_t) (value))
+#define betoh64(value) ((uint64_t) (value))
+
+//Little-endian machine?
+#else
+
+//Host byte order to network byte order
+#define HTONS(value) SWAPINT16(value)
+#define HTONL(value) SWAPINT32(value)
+#define HTONLL(value) SWAPINT64(value)
+#define htons(value) swapInt16((uint16_t) (value))
+#define htonl(value) swapInt32((uint32_t) (value))
+#define htonll(value) swapInt64((uint64_t) (value))
+
+//Network byte order to host byte order
+#define NTOHS(value) SWAPINT16(value)
+#define NTOHL(value) SWAPINT32(value)
+#define NTOHLL(value) SWAPINT64(value)
+#define ntohs(value) swapInt16((uint16_t) (value))
+#define ntohl(value) swapInt32((uint32_t) (value))
+#define ntohll(value) swapInt64((uint64_t) (value))
+
+//Host byte order to little-endian byte order
+#define HTOLE16(value) (value)
+#define HTOLE32(value) (value)
+#define HTOLE64(value) (value)
+#define htole16(value) ((uint16_t) (value))
+#define htole32(value) ((uint32_t) (value))
+#define htole64(value) ((uint64_t) (value))
+
+//Little-endian byte order to host byte order
+#define LETOH16(value) (value)
+#define LETOH32(value) (value)
+#define LETOH64(value) (value)
+#define letoh16(value) ((uint16_t) (value))
+#define letoh32(value) ((uint32_t) (value))
+#define letoh64(value) ((uint64_t) (value))
+
+//Host byte order to big-endian byte order
+#define HTOBE16(value) SWAPINT16(value)
+#define HTOBE32(value) SWAPINT32(value)
+#define HTOBE64(value) SWAPINT64(value)
+#define htobe16(value) swapInt16((uint16_t) (value))
+#define htobe32(value) swapInt32((uint32_t) (value))
+#define htobe64(value) swapInt64((uint64_t) (value))
+
+//Big-endian byte order to host byte order
+#define BETOH16(value) SWAPINT16(value)
+#define BETOH32(value) SWAPINT32(value)
+#define BETOH64(value) SWAPINT64(value)
+#define betoh16(value) swapInt16((uint16_t) (value))
+#define betoh32(value) swapInt32((uint32_t) (value))
+#define betoh64(value) swapInt64((uint64_t) (value))
+
+#endif
+
+//C++ guard
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+//Byte order conversion functions
+uint16_t swapInt16(uint16_t value);
+uint32_t swapInt32(uint32_t value);
+uint64_t swapInt64(uint64_t value);
+
+//Bit reversal functions
+uint8_t reverseInt4(uint8_t value);
+uint8_t reverseInt8(uint8_t value);
+uint16_t reverseInt16(uint16_t value);
+uint32_t reverseInt32(uint32_t value);
+uint64_t reverseInt64(uint64_t value);
+
+//C++ guard
+#ifdef __cplusplus
+}
+#endif
+
+#endif

deps/cyclone/include/crypto_config.h

@@ -0,0 +1,7 @@
+#include "os_port.h"
+
+#define HKDF_SUPPORT ENABLED
+#define SHA256_SUPPORT ENABLED
+#define AES_SUPPORT ENABLED
+#define ECB_SUPPORT ENABLED
+#define GCM_SUPPORT ENABLED

deps/cyclone/include/error.h

@@ -0,0 +1,320 @@
+/**
+ * @file error.h
+ * @brief Error codes description
+ *
+ * @section License
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * @author Oryx Embedded SARL (www.oryx-embedded.com)
+ * @version 2.4.4
+ **/
+
+#ifndef _ERROR_H
+#define _ERROR_H
+
+//C++ guard
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Error codes
+ **/
+
+typedef enum cyc_error_st
+{
+   NO_ERROR = 0,                    ///<Success
+   ERROR_FAILURE = 1,               ///<Generic error code
+
+   ERROR_INVALID_PARAMETER,         ///<Invalid parameter
+   ERROR_PARAMETER_OUT_OF_RANGE,    ///<Specified parameter is out of range
+
+   ERROR_BAD_CRC,
+   ERROR_BAD_BLOCK,
+   ERROR_INVALID_RECIPIENT,         ///<Invalid recipient
+   ERROR_INVALID_INTERFACE,         ///<Invalid interface
+   ERROR_INVALID_ENDPOINT,          ///<Invalid endpoint
+   ERROR_INVALID_ALT_SETTING,       ///<Alternate setting does not exist
+   ERROR_UNSUPPORTED_REQUEST,       ///<Unsupported request
+   ERROR_UNSUPPORTED_CONFIGURATION, ///<Unsupported configuration
+   ERROR_UNSUPPORTED_FEATURE,       ///<Unsupported feature
+   ERROR_ENDPOINT_BUSY,             ///<Endpoint already in use
+   ERROR_USB_RESET,
+   ERROR_ABORTED,
+
+   ERROR_OUT_OF_MEMORY = 100,
+   ERROR_OUT_OF_RESOURCES,
+   ERROR_INVALID_REQUEST,
+   ERROR_NOT_IMPLEMENTED,
+   ERROR_VERSION_NOT_SUPPORTED,
+   ERROR_INVALID_SYNTAX,
+   ERROR_AUTHENTICATION_FAILED,
+   ERROR_UNEXPECTED_RESPONSE,
+   ERROR_INVALID_RESPONSE,
+   ERROR_UNEXPECTED_VALUE,
+   ERROR_WAIT_CANCELED,
+
+   ERROR_OPEN_FAILED = 200,
+   ERROR_CONNECTION_FAILED,
+   ERROR_CONNECTION_REFUSED,
+   ERROR_CONNECTION_CLOSING,
+   ERROR_CONNECTION_RESET,
+   ERROR_NOT_CONNECTED,
+   ERROR_ALREADY_CLOSED,
+   ERROR_ALREADY_CONNECTED,
+   ERROR_INVALID_SOCKET,
+   ERROR_PROTOCOL_UNREACHABLE,
+   ERROR_PORT_UNREACHABLE,
+   ERROR_INVALID_FRAME,
+   ERROR_INVALID_HEADER,
+   ERROR_WRONG_CHECKSUM,
+   ERROR_WRONG_IDENTIFIER,
+   ERROR_WRONG_CLIENT_ID,
+   ERROR_WRONG_SERVER_ID,
+   ERROR_WRONG_COOKIE,
+   ERROR_NO_RESPONSE,
+   ERROR_RECEIVE_QUEUE_FULL,
+   ERROR_TIMEOUT,
+   ERROR_WOULD_BLOCK,
+   ERROR_INVALID_NAME,
+   ERROR_INVALID_OPTION,
+   ERROR_UNEXPECTED_STATE,
+   ERROR_INVALID_COMMAND,
+   ERROR_INVALID_PROTOCOL,
+   ERROR_INVALID_STATUS,
+   ERROR_INVALID_ADDRESS,
+   ERROR_INVALID_PORT,
+   ERROR_INVALID_MESSAGE,
+   ERROR_INVALID_KEY,
+   ERROR_INVALID_KEY_LENGTH,
+   ERROR_INVALID_EPOCH,
+   ERROR_INVALID_SEQUENCE_NUMBER,
+   ERROR_INVALID_CHARACTER,
+   ERROR_INVALID_LENGTH,
+   ERROR_INVALID_PADDING,
+   ERROR_INVALID_MAC,
+   ERROR_INVALID_TAG,
+   ERROR_INVALID_TYPE,
+   ERROR_INVALID_VALUE,
+   ERROR_INVALID_CLASS,
+   ERROR_INVALID_VERSION,
+   ERROR_INVALID_PIN_CODE,
+   ERROR_WRONG_LENGTH,
+   ERROR_WRONG_TYPE,
+   ERROR_WRONG_ENCODING,
+   ERROR_WRONG_VALUE,
+   ERROR_INCONSISTENT_VALUE,
+   ERROR_UNSUPPORTED_TYPE,
+   ERROR_UNSUPPORTED_ALGO,
+   ERROR_UNSUPPORTED_CIPHER_SUITE,
+   ERROR_UNSUPPORTED_CIPHER_MODE,
+   ERROR_UNSUPPORTED_CIPHER_ALGO,
+   ERROR_UNSUPPORTED_HASH_ALGO,
+   ERROR_UNSUPPORTED_KEY_EXCH_ALGO,
+   ERROR_UNSUPPORTED_SIGNATURE_ALGO,
+   ERROR_UNSUPPORTED_ELLIPTIC_CURVE,
+   ERROR_INVALID_SIGNATURE_ALGO,
+   ERROR_CERTIFICATE_REQUIRED,
+   ERROR_MESSAGE_TOO_LONG,
+   ERROR_OUT_OF_RANGE,
+   ERROR_MESSAGE_DISCARDED,
+
+   ERROR_INVALID_PACKET,
+   ERROR_BUFFER_EMPTY,
+   ERROR_BUFFER_OVERFLOW,
+   ERROR_BUFFER_UNDERFLOW,
+
+   ERROR_INVALID_RESOURCE,
+   ERROR_INVALID_PATH,
+   ERROR_NOT_FOUND,
+   ERROR_ACCESS_DENIED,
+   ERROR_NOT_WRITABLE,
+   ERROR_AUTH_REQUIRED,
+
+   ERROR_TRANSMITTER_BUSY,
+   ERROR_NO_RUNNING,
+
+   ERROR_INVALID_FILE = 300,
+   ERROR_FILE_NOT_FOUND,
+   ERROR_FILE_OPENING_FAILED,
+   ERROR_FILE_READING_FAILED,
+   ERROR_END_OF_FILE,
+   ERROR_UNEXPECTED_END_OF_FILE,
+   ERROR_UNKNOWN_FILE_FORMAT,
+
+   ERROR_INVALID_DIRECTORY,
+   ERROR_DIRECTORY_NOT_FOUND,
+
+   ERROR_FILE_SYSTEM_NOT_SUPPORTED = 400,
+   ERROR_UNKNOWN_FILE_SYSTEM,
+   ERROR_INVALID_FILE_SYSTEM,
+   ERROR_INVALID_BOOT_SECTOR_SIGNATURE,
+   ERROR_INVALID_SECTOR_SIZE,
+   ERROR_INVALID_CLUSTER_SIZE,
+   ERROR_INVALID_FILE_RECORD_SIZE,
+   ERROR_INVALID_INDEX_BUFFER_SIZE,
+   ERROR_INVALID_VOLUME_DESCRIPTOR_SIGNATURE,
+   ERROR_INVALID_VOLUME_DESCRIPTOR,
+   ERROR_INVALID_FILE_RECORD,
+   ERROR_INVALID_INDEX_BUFFER,
+   ERROR_INVALID_DATA_RUNS,
+   ERROR_WRONG_TAG_IDENTIFIER,
+   ERROR_WRONG_TAG_CHECKSUM,
+   ERROR_WRONG_MAGIC_NUMBER,
+   ERROR_WRONG_SEQUENCE_NUMBER,
+   ERROR_DESCRIPTOR_NOT_FOUND,
+   ERROR_ATTRIBUTE_NOT_FOUND,
+   ERROR_RESIDENT_ATTRIBUTE,
+   ERROR_NOT_RESIDENT_ATTRIBUTE,
+   ERROR_INVALID_SUPER_BLOCK,
+   ERROR_INVALID_SUPER_BLOCK_SIGNATURE,
+   ERROR_INVALID_BLOCK_SIZE,
+   ERROR_UNSUPPORTED_REVISION_LEVEL,
+   ERROR_INVALID_INODE_SIZE,
+   ERROR_INODE_NOT_FOUND,
+
+   ERROR_UNEXPECTED_MESSAGE = 500,
+
+   ERROR_URL_TOO_LONG,
+   ERROR_QUERY_STRING_TOO_LONG,
+
+   ERROR_NO_ADDRESS,
+   ERROR_NO_BINDING,
+   ERROR_NOT_ON_LINK,
+   ERROR_USE_MULTICAST,
+   ERROR_NAK_RECEIVED,
+   ERROR_EXCEPTION_RECEIVED,
+
+   ERROR_NO_CARRIER,
+
+   ERROR_INVALID_LEVEL,
+   ERROR_WRONG_STATE,
+   ERROR_END_OF_STREAM,
+   ERROR_LINK_DOWN,
+   ERROR_INVALID_OPTION_LENGTH,
+   ERROR_IN_PROGRESS,
+
+   ERROR_NO_ACK,
+   ERROR_INVALID_METADATA,
+   ERROR_NOT_CONFIGURED,
+   ERROR_ALREADY_CONFIGURED,
+   ERROR_NAME_RESOLUTION_FAILED,
+   ERROR_NO_ROUTE,
+
+   ERROR_WRITE_FAILED,
+   ERROR_READ_FAILED,
+   ERROR_UPLOAD_FAILED,
+   ERROR_READ_ONLY_ACCESS,
+
+   ERROR_INVALID_SIGNATURE,
+   ERROR_INVALID_TICKET,
+   ERROR_NO_TICKET,
+
+   ERROR_BAD_RECORD_MAC,
+   ERROR_RECORD_OVERFLOW,
+   ERROR_HANDSHAKE_FAILED,
+   ERROR_NO_CERTIFICATE,
+   ERROR_BAD_CERTIFICATE,
+   ERROR_UNSUPPORTED_CERTIFICATE,
+   ERROR_UNKNOWN_CERTIFICATE,
+   ERROR_CERTIFICATE_EXPIRED,
+   ERROR_CERTIFICATE_REVOKED,
+   ERROR_UNKNOWN_CA,
+   ERROR_DECODING_FAILED,
+   ERROR_DECRYPTION_FAILED,
+   ERROR_ILLEGAL_PARAMETER,
+   ERROR_MISSING_EXTENSION,
+   ERROR_UNSUPPORTED_EXTENSION,
+   ERROR_INAPPROPRIATE_FALLBACK,
+   ERROR_NO_APPLICATION_PROTOCOL,
+
+   ERROR_MORE_DATA_REQUIRED,
+   ERROR_TLS_NOT_SUPPORTED,
+   ERROR_PRNG_NOT_READY,
+   ERROR_SERVICE_CLOSING,
+   ERROR_INVALID_TIMESTAMP,
+   ERROR_NO_DNS_SERVER,
+
+   ERROR_OBJECT_NOT_FOUND,
+   ERROR_INSTANCE_NOT_FOUND,
+   ERROR_ADDRESS_NOT_FOUND,
+
+   ERROR_UNKNOWN_IDENTITY,
+   ERROR_UNKNOWN_ENGINE_ID,
+   ERROR_UNKNOWN_USER_NAME,
+   ERROR_UNKNOWN_CONTEXT,
+   ERROR_UNAVAILABLE_CONTEXT,
+   ERROR_UNSUPPORTED_SECURITY_LEVEL,
+   ERROR_NOT_IN_TIME_WINDOW,
+   ERROR_AUTHORIZATION_FAILED,
+
+   ERROR_INVALID_FUNCTION_CODE,
+   ERROR_DEVICE_BUSY,
+
+   ERROR_REQUEST_REJECTED,
+
+   ERROR_INVALID_CHANNEL,
+   ERROR_INVALID_GROUP,
+   ERROR_UNKNOWN_SERVICE,
+   ERROR_UNKNOWN_REQUEST,
+   ERROR_FLOW_CONTROL,
+
+   ERROR_INVALID_PASSWORD,
+   ERROR_INVALID_HANDLE,
+   ERROR_BAD_NONCE,
+   ERROR_UNEXPECTED_STATUS,
+   ERROR_RESPONSE_TOO_LARGE,
+
+   ERROR_INVALID_SESSION,
+   ERROR_TICKET_EXPIRED,
+
+   ERROR_INVALID_ENTRY,
+   ERROR_TABLE_FULL,
+   ERROR_END_OF_TABLE,
+
+   ERROR_ALREADY_RUNNING,
+   ERROR_UNKOWN_KEY,
+   ERROR_UNKNOWN_TYPE,
+   ERROR_UNSUPPORTED_OPTION,
+   ERROR_INVALID_SPI,
+   ERROR_RETRY,
+   ERROR_POLICY_FAILURE,
+   ERROR_INVALID_PROPOSAL,
+   ERROR_INVALID_SELECTOR,
+
+   ERROR_WRONG_NONCE,
+   ERROR_WRONG_ISSUER,
+   ERROR_RESPONSE_EXPIRED,
+   ERROR_CRL_EXPIRED,
+
+   ERROR_NO_MATCH,
+   ERROR_PARTIAL_MATCH
+} cyc_error_t;
+
+#ifndef error_t
+	#define error_t cyc_error_t
+#endif
+
+//C++ guard
+#ifdef __cplusplus
+}
+#endif
+
+#endif

deps/cyclone/include/hash/hash_algorithms.h

@@ -0,0 +1,62 @@
+/**
+ * @file hash_algorithms.h
+ * @brief Collection of hash algorithms
+ *
+ * @section License
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
+ *
+ * This file is part of CycloneCRYPTO Open.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * @author Oryx Embedded SARL (www.oryx-embedded.com)
+ * @version 2.4.4
+ **/
+
+#ifndef _HASH_ALGORITHMS_H
+#define _HASH_ALGORITHMS_H
+
+//Dependencies
+#include "core/crypto.h"
+#include "hash/sha256.h"
+
+//C++ guard
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define MAX_HASH_DIGEST_SIZE SHA256_DIGEST_SIZE
+#define MAX_HASH_BLOCK_SIZE SHA256_BLOCK_SIZE
+/**
+ * @brief Generic hash algorithm context
+ **/
+
+typedef union
+{
+   uint8_t digest[MAX_HASH_DIGEST_SIZE];
+   Sha256Context sha256Context;
+} HashContext;
+
+
+//C++ guard
+#ifdef __cplusplus
+}
+#endif
+
+#endif

deps/cyclone/include/hash/sha256.h

@@ -0,0 +1,96 @@
+/**
+ * @file sha256.h
+ * @brief SHA-256 (Secure Hash Algorithm 256)
+ *
+ * @section License
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
+ *
+ * This file is part of CycloneCRYPTO Open.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * @author Oryx Embedded SARL (www.oryx-embedded.com)
+ * @version 2.4.4
+ **/
+
+#ifndef _SHA256_H
+#define _SHA256_H
+
+//Dependencies
+#include "core/crypto.h"
+
+//Application specific context
+#ifndef SHA256_PRIVATE_CONTEXT
+   #define SHA256_PRIVATE_CONTEXT
+#endif
+
+//SHA-256 block size
+#define SHA256_BLOCK_SIZE 64
+//SHA-256 digest size
+#define SHA256_DIGEST_SIZE 32
+//Minimum length of the padding string
+#define SHA256_MIN_PAD_SIZE 9
+//Common interface for hash algorithms
+#define SHA256_HASH_ALGO (&sha256HashAlgo)
+
+//C++ guard
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/**
+ * @brief SHA-256 algorithm context
+ **/
+
+typedef struct
+{
+   union
+   {
+      uint32_t h[8];
+      uint8_t digest[32];
+   };
+   union
+   {
+      uint32_t w[16];
+      uint8_t buffer[64];
+   };
+   size_t size;
+   uint64_t totalSize;
+   SHA256_PRIVATE_CONTEXT
+} Sha256Context;
+
+
+//SHA-256 related constants
+extern const uint8_t SHA256_OID[9];
+extern const HashAlgo sha256HashAlgo;
+
+//SHA-256 related functions
+error_t sha256Compute(const void *data, size_t length, uint8_t *digest);
+void sha256Init(Sha256Context *context);
+void sha256Update(Sha256Context *context, const void *data, size_t length);
+void sha256Final(Sha256Context *context, uint8_t *digest);
+void sha256FinalRaw(Sha256Context *context, uint8_t *digest);
+void sha256ProcessBlock(Sha256Context *context);
+
+//C++ guard
+#ifdef __cplusplus
+}
+#endif
+
+#endif

deps/cyclone/include/kdf/hkdf.h

@@ -0,0 +1,58 @@
+/**
+ * @file hkdf.h
+ * @brief HKDF (HMAC-based Key Derivation Function)
+ *
+ * @section License
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
+ *
+ * This file is part of CycloneCRYPTO Open.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * @author Oryx Embedded SARL (www.oryx-embedded.com)
+ * @version 2.4.4
+ **/
+
+#ifndef _HKDF_H
+#define _HKDF_H
+
+//Dependencies
+#include "core/crypto.h"
+
+//C++ guard
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+//HKDF related functions
+error_t hkdf(const HashAlgo *hash, const uint8_t *ikm, size_t ikmLen,
+   const uint8_t *salt, size_t saltLen, const uint8_t *info, size_t infoLen,
+   uint8_t *okm, size_t okmLen);
+
+error_t hkdfExtract(const HashAlgo *hash, const uint8_t *ikm, size_t ikmLen,
+   const uint8_t *salt, size_t saltLen, uint8_t *prk);
+
+error_t hkdfExpand(const HashAlgo *hash, const uint8_t *prk, size_t prkLen,
+   const uint8_t *info, size_t infoLen, uint8_t *okm, size_t okmLen);
+
+//C++ guard
+#ifdef __cplusplus
+}
+#endif
+
+#endif

deps/cyclone/include/mac/hmac.h

@@ -0,0 +1,102 @@
+/**
+ * @file hmac.h
+ * @brief HMAC (Keyed-Hashing for Message Authentication)
+ *
+ * @section License
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
+ *
+ * This file is part of CycloneCRYPTO Open.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * @author Oryx Embedded SARL (www.oryx-embedded.com)
+ * @version 2.4.4
+ **/
+
+#ifndef _HMAC_H
+#define _HMAC_H
+
+//Dependencies
+#include "core/crypto.h"
+#include "hash/hash_algorithms.h"
+
+//Application specific context
+#ifndef HMAC_PRIVATE_CONTEXT
+   #define HMAC_PRIVATE_CONTEXT
+#endif
+
+//Inner padding (ipad)
+#define HMAC_IPAD 0x36
+//Outer padding (opad)
+#define HMAC_OPAD 0x5C
+
+//C++ guard
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/**
+ * @brief HMAC algorithm context
+ **/
+
+typedef struct
+{
+   const HashAlgo *hash;
+   HashContext hashContext;
+   uint8_t key[MAX_HASH_BLOCK_SIZE];
+   uint8_t digest[MAX_HASH_DIGEST_SIZE];
+   HMAC_PRIVATE_CONTEXT
+} HmacContext;
+
+
+//HMAC related constants
+extern const uint8_t HMAC_WITH_MD5_OID[8];
+extern const uint8_t HMAC_WITH_TIGER_OID[8];
+extern const uint8_t HMAC_WITH_RIPEMD160_OID[8];
+extern const uint8_t HMAC_WITH_SHA1_OID[8];
+extern const uint8_t HMAC_WITH_SHA224_OID[8];
+extern const uint8_t HMAC_WITH_SHA256_OID[8];
+extern const uint8_t HMAC_WITH_SHA384_OID[8];
+extern const uint8_t HMAC_WITH_SHA512_OID[8];
+extern const uint8_t HMAC_WITH_SHA512_224_OID[8];
+extern const uint8_t HMAC_WITH_SHA512_256_OID[8];
+extern const uint8_t HMAC_WITH_SHA3_224_OID[9];
+extern const uint8_t HMAC_WITH_SHA3_256_OID[9];
+extern const uint8_t HMAC_WITH_SHA3_384_OID[9];
+extern const uint8_t HMAC_WITH_SHA3_512_OID[9];
+extern const uint8_t HMAC_WITH_SM3_OID[10];
+
+//HMAC related functions
+error_t hmacCompute(const HashAlgo *hash, const void *key, size_t keyLen,
+   const void *data, size_t dataLen, uint8_t *digest);
+
+error_t hmacInit(HmacContext *context, const HashAlgo *hash,
+   const void *key, size_t keyLen);
+
+void hmacUpdate(HmacContext *context, const void *data, size_t length);
+void hmacFinal(HmacContext *context, uint8_t *digest);
+void hmacFinalRaw(HmacContext *context, uint8_t *digest);
+void hmacDeinit(HmacContext *context);
+
+//C++ guard
+#ifdef __cplusplus
+}
+#endif
+
+#endif

deps/cyclone/include/os_port.h

@@ -0,0 +1,110 @@
+/**
+ * @file os_port.h
+ * @brief RTOS abstraction layer
+ *
+ * @section License
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * @author Oryx Embedded SARL (www.oryx-embedded.com)
+ * @version 2.4.4
+ **/
+
+/**
+* Rewrote for youtubeUnblock
+*/
+
+#ifndef _OS_PORT_H
+#define _OS_PORT_H
+
+//Dependencies
+#include "types.h"
+#include "compiler_port.h"
+
+//Compilation flags used to enable/disable features
+#define ENABLED  1
+#define DISABLED 0
+
+#define timeCompare(t1, t2) ((int32_t) ((t1) - (t2)))
+
+//Miscellaneous macros
+#if !defined(__AT32F403A_407_LIBRARY_VERSION) && \
+   !defined(__AT32F435_437_LIBRARY_VERSION)
+  #ifndef FALSE
+     #define FALSE 0
+  #endif
+
+  #ifndef TRUE
+     #define TRUE 1
+  #endif
+#endif
+
+#ifndef LSB
+   #define LSB(x) ((x) & 0xFF)
+#endif
+
+#ifndef MSB
+   #define MSB(x) (((x) >> 8) & 0xFF)
+#endif
+
+#ifndef MIN
+   #define MIN(a, b) ((a) < (b) ? (a) : (b))
+#endif
+
+#ifndef MAX
+   #define MAX(a, b) ((a) > (b) ? (a) : (b))
+#endif
+
+#ifndef arraysize
+   #define arraysize(a) (sizeof(a) / sizeof(a[0]))
+#endif
+
+//Memory management
+#ifndef osAllocMem
+   #define osAllocMem malloc
+#endif
+#ifndef osFreeMem
+   #define osFreeMem free
+#endif
+
+//Fill block of memory
+#ifndef osMemset
+   #define osMemset(p, value, length) (void) memset(p, value, length)
+#endif
+
+//Copy block of memory
+#ifndef osMemcpy
+   #define osMemcpy(dest, src, length) (void) memcpy(dest, src, length)
+#endif
+
+//Move block of memory
+#ifndef osMemmove
+   #define osMemmove(dest, src, length) (void) memmove(dest, src, length)
+#endif
+
+//Compare two blocks of memory
+#ifndef osMemcmp
+   #define osMemcmp(p1, p2, length) memcmp(p1, p2, length)
+#endif
+
+//Search for the first occurrence of a given character
+#ifndef osMemchr
+   #define osMemchr(p, c, length) memchr(p, c, length)
+#endif
+#endif

deps/cyclone/sha256.c

@@ -0,0 +1,361 @@
+/**
+ * @file sha256.c
+ * @brief SHA-256 (Secure Hash Algorithm 256)
+ *
+ * @section License
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
+ *
+ * This file is part of CycloneCRYPTO Open.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * @section Description
+ *
+ * SHA-256 is a secure hash algorithm for computing a condensed representation
+ * of an electronic message. Refer to FIPS 180-4 for more details
+ *
+ * @author Oryx Embedded SARL (www.oryx-embedded.com)
+ * @version 2.4.4
+ **/
+
+//Switch to the appropriate trace level
+#define TRACE_LEVEL CRYPTO_TRACE_LEVEL
+
+//Dependencies
+#include "core/crypto.h"
+#include "hash/sha256.h"
+
+//Check crypto library configuration
+#if (SHA224_SUPPORT == ENABLED || SHA256_SUPPORT == ENABLED)
+
+//Macro to access the workspace as a circular buffer
+#define W(n) w[(n) & 0x0F]
+
+//SHA-256 auxiliary functions
+#define CH(x, y, z) (((x) & (y)) | (~(x) & (z)))
+#define MAJ(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
+#define SIGMA1(x) (ROR32(x, 2) ^ ROR32(x, 13) ^ ROR32(x, 22))
+#define SIGMA2(x) (ROR32(x, 6) ^ ROR32(x, 11) ^ ROR32(x, 25))
+#define SIGMA3(x) (ROR32(x, 7) ^ ROR32(x, 18) ^ SHR32(x, 3))
+#define SIGMA4(x) (ROR32(x, 17) ^ ROR32(x, 19) ^ SHR32(x, 10))
+
+//SHA-256 padding
+static const uint8_t padding[64] =
+{
+   0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+//SHA-256 constants
+static const uint32_t k[64] =
+{
+   0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
+   0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
+   0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC, 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
+   0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
+   0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
+   0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
+   0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
+   0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2
+};
+
+//SHA-256 object identifier (2.16.840.1.101.3.4.2.1)
+const uint8_t SHA256_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01};
+
+//Common interface for hash algorithms
+const HashAlgo sha256HashAlgo =
+{
+   "SHA-256",
+   SHA256_OID,
+   sizeof(SHA256_OID),
+   sizeof(Sha256Context),
+   SHA256_BLOCK_SIZE,
+   SHA256_DIGEST_SIZE,
+   SHA256_MIN_PAD_SIZE,
+   TRUE,
+   (HashAlgoCompute) sha256Compute,
+   (HashAlgoInit) sha256Init,
+   (HashAlgoUpdate) sha256Update,
+   (HashAlgoFinal) sha256Final,
+#if ((defined(MIMXRT1050_CRYPTO_HASH_SUPPORT) && MIMXRT1050_CRYPTO_HASH_SUPPORT == ENABLED) || \
+   (defined(MIMXRT1060_CRYPTO_HASH_SUPPORT) && MIMXRT1060_CRYPTO_HASH_SUPPORT == ENABLED) || \
+   (defined(MIMXRT1160_CRYPTO_HASH_SUPPORT) && MIMXRT1160_CRYPTO_HASH_SUPPORT == ENABLED) || \
+   (defined(MIMXRT1170_CRYPTO_HASH_SUPPORT) && MIMXRT1170_CRYPTO_HASH_SUPPORT == ENABLED))
+   NULL,
+#else
+   (HashAlgoFinalRaw) sha256FinalRaw
+#endif
+};
+
+
+/**
+ * @brief Digest a message using SHA-256
+ * @param[in] data Pointer to the message being hashed
+ * @param[in] length Length of the message
+ * @param[out] digest Pointer to the calculated digest
+ * @return Error code
+ **/
+
+__weak_func error_t sha256Compute(const void *data, size_t length, uint8_t *digest)
+{
+#if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
+   Sha256Context *context;
+#else
+   Sha256Context context[1];
+#endif
+
+   //Check parameters
+   if(data == NULL && length != 0)
+      return ERROR_INVALID_PARAMETER;
+
+   if(digest == NULL)
+      return ERROR_INVALID_PARAMETER;
+
+#if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
+   //Allocate a memory buffer to hold the SHA-256 context
+   context = cryptoAllocMem(sizeof(Sha256Context));
+   //Failed to allocate memory?
+   if(context == NULL)
+      return ERROR_OUT_OF_MEMORY;
+#endif
+
+   //Initialize the SHA-256 context
+   sha256Init(context);
+   //Digest the message
+   sha256Update(context, data, length);
+   //Finalize the SHA-256 message digest
+   sha256Final(context, digest);
+
+#if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
+   //Free previously allocated memory
+   cryptoFreeMem(context);
+#endif
+
+   //Successful processing
+   return NO_ERROR;
+}
+
+
+/**
+ * @brief Initialize SHA-256 message digest context
+ * @param[in] context Pointer to the SHA-256 context to initialize
+ **/
+
+__weak_func void sha256Init(Sha256Context *context)
+{
+   //Set initial hash value
+   context->h[0] = 0x6A09E667;
+   context->h[1] = 0xBB67AE85;
+   context->h[2] = 0x3C6EF372;
+   context->h[3] = 0xA54FF53A;
+   context->h[4] = 0x510E527F;
+   context->h[5] = 0x9B05688C;
+   context->h[6] = 0x1F83D9AB;
+   context->h[7] = 0x5BE0CD19;
+
+   //Number of bytes in the buffer
+   context->size = 0;
+   //Total length of the message
+   context->totalSize = 0;
+}
+
+
+/**
+ * @brief Update the SHA-256 context with a portion of the message being hashed
+ * @param[in] context Pointer to the SHA-256 context
+ * @param[in] data Pointer to the buffer being hashed
+ * @param[in] length Length of the buffer
+ **/
+
+__weak_func void sha256Update(Sha256Context *context, const void *data, size_t length)
+{
+   size_t n;
+
+   //Process the incoming data
+   while(length > 0)
+   {
+      //The buffer can hold at most 64 bytes
+      n = MIN(length, 64 - context->size);
+
+      //Copy the data to the buffer
+      osMemcpy(context->buffer + context->size, data, n);
+
+      //Update the SHA-256 context
+      context->size += n;
+      context->totalSize += n;
+      //Advance the data pointer
+      data = (uint8_t *) data + n;
+      //Remaining bytes to process
+      length -= n;
+
+      //Process message in 16-word blocks
+      if(context->size == 64)
+      {
+         //Transform the 16-word block
+         sha256ProcessBlock(context);
+         //Empty the buffer
+         context->size = 0;
+      }
+   }
+}
+
+
+/**
+ * @brief Finish the SHA-256 message digest
+ * @param[in] context Pointer to the SHA-256 context
+ * @param[out] digest Calculated digest (optional parameter)
+ **/
+
+__weak_func void sha256Final(Sha256Context *context, uint8_t *digest)
+{
+   uint_t i;
+   size_t paddingSize;
+   uint64_t totalSize;
+
+   //Length of the original message (before padding)
+   totalSize = context->totalSize * 8;
+
+   //Pad the message so that its length is congruent to 56 modulo 64
+   if(context->size < 56)
+   {
+      paddingSize = 56 - context->size;
+   }
+   else
+   {
+      paddingSize = 64 + 56 - context->size;
+   }
+
+   //Append padding
+   sha256Update(context, padding, paddingSize);
+
+   //Append the length of the original message
+   context->w[14] = htobe32((uint32_t) (totalSize >> 32));
+   context->w[15] = htobe32((uint32_t) totalSize);
+
+   //Calculate the message digest
+   sha256ProcessBlock(context);
+
+   //Convert from host byte order to big-endian byte order
+   for(i = 0; i < 8; i++)
+   {
+      context->h[i] = htobe32(context->h[i]);
+   }
+
+   //Copy the resulting digest
+   if(digest != NULL)
+   {
+      osMemcpy(digest, context->digest, SHA256_DIGEST_SIZE);
+   }
+}
+
+
+/**
+ * @brief Finish the SHA-256 message digest (no padding added)
+ * @param[in] context Pointer to the SHA-256 context
+ * @param[out] digest Calculated digest
+ **/
+
+__weak_func void sha256FinalRaw(Sha256Context *context, uint8_t *digest)
+{
+   uint_t i;
+
+   //Convert from host byte order to big-endian byte order
+   for(i = 0; i < 8; i++)
+   {
+      context->h[i] = htobe32(context->h[i]);
+   }
+
+   //Copy the resulting digest
+   osMemcpy(digest, context->digest, SHA256_DIGEST_SIZE);
+
+   //Convert from big-endian byte order to host byte order
+   for(i = 0; i < 8; i++)
+   {
+      context->h[i] = betoh32(context->h[i]);
+   }
+}
+
+
+/**
+ * @brief Process message in 16-word blocks
+ * @param[in] context Pointer to the SHA-256 context
+ **/
+
+__weak_func void sha256ProcessBlock(Sha256Context *context)
+{
+   uint_t i;
+   uint32_t temp1;
+   uint32_t temp2;
+
+   //Initialize the 8 working registers
+   uint32_t a = context->h[0];
+   uint32_t b = context->h[1];
+   uint32_t c = context->h[2];
+   uint32_t d = context->h[3];
+   uint32_t e = context->h[4];
+   uint32_t f = context->h[5];
+   uint32_t g = context->h[6];
+   uint32_t h = context->h[7];
+
+   //Process message in 16-word blocks
+   uint32_t *w = context->w;
+
+   //Convert from big-endian byte order to host byte order
+   for(i = 0; i < 16; i++)
+   {
+      w[i] = betoh32(w[i]);
+   }
+
+   //SHA-256 hash computation (alternate method)
+   for(i = 0; i < 64; i++)
+   {
+      //Prepare the message schedule
+      if(i >= 16)
+      {
+         W(i) += SIGMA4(W(i + 14)) + W(i + 9) + SIGMA3(W(i + 1));
+      }
+
+      //Calculate T1 and T2
+      temp1 = h + SIGMA2(e) + CH(e, f, g) + k[i] + W(i);
+      temp2 = SIGMA1(a) + MAJ(a, b, c);
+
+      //Update working registers
+      h = g;
+      g = f;
+      f = e;
+      e = d + temp1;
+      d = c;
+      c = b;
+      b = a;
+      a = temp1 + temp2;
+   }
+
+   //Update the hash value
+   context->h[0] += a;
+   context->h[1] += b;
+   context->h[2] += c;
+   context->h[3] += d;
+   context->h[4] += e;
+   context->h[5] += f;
+   context->h[6] += g;
+   context->h[7] += h;
+}
+
+#endif

kargs.c

@@ -1,481 +0,0 @@
-#include "config.h"
-#include "types.h"
-#include <linux/moduleparam.h>
-#include "types.h"
-
-#define STR_MAXLEN 2048
-
-static char custom_fake_buf[MAX_FAKE_SIZE];
-
-struct config_t config = {
-	.threads = THREADS_NUM,
-	.queue_start_num = DEFAULT_QUEUE_NUM,
-	.mark = DEFAULT_RAWSOCKET_MARK,
-	.use_ipv6 = 1,
-
-	.verbose = VERBOSE_DEBUG,
-	.use_gso = 1,
-
-	.default_config = default_section_config,
-	.custom_configs_len = 0
-};
-
-#define def_section (&config.default_config)
-
-static int unumeric_set(const char *val, const struct kernel_param *kp) {
-	int n = 0, ret;
-	ret = kstrtoint(val, 10, &n);
-	if (ret != 0 || n < 0)
-		return -EINVAL;
-
-
-	return param_set_int(val, kp);
-}
-
-static int boolean_set(const char *val, const struct kernel_param *kp) {
-	int n = 0, ret;
-	ret = kstrtoint(val, 10, &n);
-	if (ret != 0 || (n != 0 && n != 1))
-		return -EINVAL;
-
-	return param_set_int(val, kp);
-}
-
-static int inverse_boolean_set(const char *val, const struct kernel_param *kp) {
-	int n = 0, ret;
-	ret = kstrtoint(val, 10, &n);
-	if (ret != 0 || (n != 0 && n != 1))
-		return -EINVAL;
-
-	n = !n;
-	if (kp->arg == NULL) 
-		return -EINVAL;
-
-	*(int *)kp->arg = n;
-	return 0;
-}
-
-static int inverse_boolean_get(char *buffer, const struct kernel_param *kp) {
-	if (*(int *)kp->arg == 0) {
-		buffer[0] = '1';
-	} else {
-		buffer[0] = '0';
-	}
-	buffer[1] = '\0';
-	return strlen(buffer);
-}
-
-static const struct kernel_param_ops unumeric_parameter_ops = {
-	.set = unumeric_set,
-	.get = param_get_int
-};
-
-static const struct kernel_param_ops boolean_parameter_ops = {
-	.set = boolean_set,
-	.get = param_get_int
-};
-
-static const struct kernel_param_ops inverse_boolean_ops = {
-	.set = inverse_boolean_set,
-	.get = inverse_boolean_get,
-};
-
-module_param_cb(fake_sni, &boolean_parameter_ops, &def_section->fake_sni, 0664);
-module_param_cb(fake_sni_seq_len, &unumeric_parameter_ops, &def_section->fake_sni_seq_len, 0664);
-module_param_cb(faking_ttl, &unumeric_parameter_ops, &def_section->faking_ttl, 0664);
-module_param_cb(fake_seq_offset, &unumeric_parameter_ops, &def_section->fakeseq_offset, 0664);
-module_param_cb(frag_sni_reverse, &unumeric_parameter_ops, &def_section->frag_sni_reverse, 0664);
-module_param_cb(frag_sni_faked, &boolean_parameter_ops, &def_section->frag_sni_faked, 0664);
-module_param_cb(frag_middle_sni, &boolean_parameter_ops, &def_section->frag_middle_sni, 0664);
-module_param_cb(frag_sni_pos, &unumeric_parameter_ops, &def_section->frag_sni_pos, 0664);
-module_param_cb(fk_winsize, &unumeric_parameter_ops, &def_section->fk_winsize, 0664);
-module_param_cb(synfake, &boolean_parameter_ops, &def_section->synfake, 0664);
-module_param_cb(synfake_len, &unumeric_parameter_ops, &def_section->synfake_len, 0664);
-module_param_cb(packet_mark, &unumeric_parameter_ops, &config.mark, 0664);
-// module_param_cb(seg2delay, &unumeric_parameter_ops, &def_section->seg2_delay, 0664);
-
-static int sni_domains_set(const char *val, const struct kernel_param *kp) {
-	size_t len;
-	int ret;
-
-	len = strnlen(val, STR_MAXLEN + 1);
-	if (len == STR_MAXLEN + 1) {
-		pr_err("%s: string parameter too long\n", kp->name);
-		return -ENOSPC;
-	}
-
-	if (len >= 1 && val[len - 1] == '\n') {
-		len--;
-	}
-
-	ret = param_set_charp(val, kp);
-
-	if (ret < 0) {
-		def_section->domains_strlen = 0;
-	} else {
-		def_section->domains_strlen = len;
-		if (len == 3 && !strncmp(val, "all", len)) {
-			def_section->all_domains = 1;
-		} else {
-			def_section->all_domains = 0;
-		}
-	}
-
-
-	return ret;
-}
-
-static const struct kernel_param_ops sni_domains_ops = {
-	.set = sni_domains_set,
-	.get = param_get_charp,
-};
-
-module_param_cb(sni_domains, &sni_domains_ops, &def_section->domains_str, 0664);
-
-static int exclude_domains_set(const char *val, const struct kernel_param *kp) {
-	size_t len;
-	int ret;
-
-	len = strnlen(val, STR_MAXLEN + 1);
-	if (len == STR_MAXLEN + 1) {
-		pr_err("%s: string parameter too long\n", kp->name);
-		return -ENOSPC;
-	}
-
-	ret = param_set_charp(val, kp);
-
-	if (ret < 0) {
-		def_section->exclude_domains_strlen = 0;
-	} else {
-		def_section->exclude_domains_strlen = len;
-	}
-
-	return ret;
-}
-
-static const struct kernel_param_ops exclude_domains_ops = {
-	.set = exclude_domains_set,
-	.get = param_get_charp,
-};
-
-module_param_cb(exclude_domains, &exclude_domains_ops, &def_section->exclude_domains_str, 0664);
-
-module_param_cb(no_ipv6, &inverse_boolean_ops, &config.use_ipv6, 0664);
-module_param_cb(quic_drop, &boolean_parameter_ops, &def_section->quic_drop, 0664);
-
-static int verbosity_set(const char *val, const struct kernel_param *kp) {
-	size_t len;
-
-	len = strnlen(val, STR_MAXLEN + 1);
-	if (len == STR_MAXLEN + 1) {
-		pr_err("%s: string parameter too long\n", kp->name);
-		return -ENOSPC;
-	}
-
-	if (len >= 1 && val[len - 1] == '\n') {
-		len--;
-	}
-
-	if (strncmp(val, "trace", len) == 0) {
-		*(int *)kp->arg = VERBOSE_TRACE;
-	} else if (strncmp(val, "debug", len) == 0) {
-		*(int *)kp->arg = VERBOSE_DEBUG;
-	} else if (strncmp(val, "silent", len) == 0) {
-		*(int *)kp->arg = VERBOSE_INFO;
-	} else {
-		return -EINVAL;
-	}
-
-	return 0;
-}
-
-
-static int verbosity_get(char *buffer, const struct kernel_param *kp) {
-	switch (*(int *)kp->arg) {
-		case VERBOSE_TRACE:
-			strcpy(buffer, "trace\n");
-			break;
-		case VERBOSE_DEBUG:
-			strcpy(buffer, "debug\n");
-			break;
-		case VERBOSE_INFO:
-			strcpy(buffer, "silent\n");
-			break;
-		default:
-			strcpy(buffer, "unknown\n");
-	}
-
-	return strlen(buffer);
-}
-
-static const struct kernel_param_ops verbosity_ops = {
-	.set = verbosity_set,
-	.get = verbosity_get,
-};
-
-module_param_cb(verbosity, &verbosity_ops, &config.verbose, 0664);
-
-static int frag_strat_set(const char *val, const struct kernel_param *kp) {
-	size_t len;
-
-	len = strnlen(val, STR_MAXLEN + 1);
-	if (len == STR_MAXLEN + 1) {
-		pr_err("%s: string parameter too long\n", kp->name);
-		return -ENOSPC;
-	}
-
-	if (len >= 1 && val[len - 1] == '\n') {
-		len--;
-	}
-
-	if (strncmp(val, "tcp", len) == 0) {
-		*(int *)kp->arg = FRAG_STRAT_TCP;
-	} else if (strncmp(val, "ip", len) == 0) {
-		*(int *)kp->arg = FRAG_STRAT_IP;
-	} else if (strncmp(val, "none", len) == 0) {
-		*(int *)kp->arg = FRAG_STRAT_NONE;
-	} else {
-		return -EINVAL;
-	}
-
-	return 0;
-}
-
-static int frag_strat_get(char *buffer, const struct kernel_param *kp) {
-	switch (*(int *)kp->arg) {
-		case FRAG_STRAT_TCP:
-			strcpy(buffer, "tcp\n");
-			break;
-		case FRAG_STRAT_IP:
-			strcpy(buffer, "ip\n");
-			break;
-		case FRAG_STRAT_NONE:
-			strcpy(buffer, "none\n");
-			break;
-		default:
-			strcpy(buffer, "unknown\n");
-	}
-
-	return strlen(buffer);
-}
-
-static const struct kernel_param_ops frag_strat_ops = {
-	.set = frag_strat_set,
-	.get = frag_strat_get,
-};
-
-module_param_cb(fragmentation_strategy, &frag_strat_ops, &def_section->fragmentation_strategy, 0664);
-
-static int fake_strat_set(const char *val, const struct kernel_param *kp) {
-	size_t len;
-
-	len = strnlen(val, STR_MAXLEN + 1);
-	if (len == STR_MAXLEN + 1) {
-		pr_err("%s: string parameter too long\n", kp->name);
-		return -ENOSPC;
-	}
-
-	if (len >= 1 && val[len - 1] == '\n') {
-		len--;
-	}
-
-	if (strncmp(val, "randseq", len) == 0) {
-		*(int *)kp->arg = FAKE_STRAT_RAND_SEQ;
-	} else if (strncmp(val, "ttl", len) == 0) {
-		*(int *)kp->arg = FAKE_STRAT_TTL;
-	} else if (strncmp(val, "tcp_check", len) == 0) {
-		*(int *)kp->arg = FAKE_STRAT_TCP_CHECK;
-	} else if (strncmp(val, "pastseq", len) == 0) {
-		*(int *)kp->arg = FAKE_STRAT_PAST_SEQ;
-	} else if (strncmp(val, "md5sum", len) == 0) {
-		*(int *)kp->arg = FAKE_STRAT_TCP_MD5SUM;
-	} else {
-		return -EINVAL;
-	}
-
-	return 0;
-}
-
-static int fake_strat_get(char *buffer, const struct kernel_param *kp) {
-	switch (*(int *)kp->arg) {
-		case FAKE_STRAT_RAND_SEQ:
-			strcpy(buffer, "randseq\n");
-			break;
-		case FAKE_STRAT_TTL:
-			strcpy(buffer, "ttl\n");
-			break;
-		case FAKE_STRAT_TCP_CHECK:
-			strcpy(buffer, "tcp_check\n");
-			break;
-		case FAKE_STRAT_PAST_SEQ:
-			strcpy(buffer, "pastseq\n");
-			break;
-		case FAKE_STRAT_TCP_MD5SUM:
-			strcpy(buffer, "md5sum\n");
-			break;
-		default:
-			strcpy(buffer, "unknown\n");
-	}
-
-	return strlen(buffer);
-}
-
-static const struct kernel_param_ops fake_strat_ops = {
-	.set = fake_strat_set,
-	.get = fake_strat_get,
-};
-
-module_param_cb(faking_strategy, &fake_strat_ops, &def_section->faking_strategy, 0664);
-
-static int sni_detection_set(const char *val, const struct kernel_param *kp) {
-	size_t len;
-
-	len = strnlen(val, STR_MAXLEN + 1);
-	if (len == STR_MAXLEN + 1) {
-		pr_err("%s: string parameter too long\n", kp->name);
-		return -ENOSPC;
-	}
-
-	if (len >= 1 && val[len - 1] == '\n') {
-		len--;
-	}
-
-	if (strncmp(val, "parse", len) == 0) {
-		*(int *)kp->arg = SNI_DETECTION_PARSE;
-	} else if (strncmp(val, "brute", len) == 0) {
-		*(int *)kp->arg = SNI_DETECTION_BRUTE;
-	} else {
-		return -EINVAL;
-	}
-
-	return 0;
-}
-
-static int sni_detection_get(char *buffer, const struct kernel_param *kp) {
-	switch (*(int *)kp->arg) {
-		case SNI_DETECTION_PARSE:
-			strcpy(buffer, "parse\n");
-			break;
-		case SNI_DETECTION_BRUTE:
-			strcpy(buffer, "brute\n");
-			break;
-		default:
-			strcpy(buffer, "unknown\n");
-	}
-
-	return strlen(buffer);
-}
-
-static const struct kernel_param_ops sni_detection_ops = {
-	.set = sni_detection_set,
-	.get = sni_detection_get,
-};
-
-module_param_cb(sni_detection, &sni_detection_ops, &def_section->sni_detection, 0664);
-
-static int fake_type_set(const char *val, const struct kernel_param *kp) {
-	size_t len;
-
-	len = strnlen(val, STR_MAXLEN + 1);
-	if (len == STR_MAXLEN + 1) {
-		pr_err("%s: string parameter too long\n", kp->name);
-		return -ENOSPC;
-	}
-
-	if (len >= 1 && val[len - 1] == '\n') {
-		len--;
-	}
-
-	if (strncmp(val, "default", len) == 0) {
-		*(int *)kp->arg = FAKE_PAYLOAD_DEFAULT;
-	} else if (strncmp(val, "custom", len) == 0) {
-		*(int *)kp->arg = FAKE_PAYLOAD_CUSTOM;
-	} else if (strncmp(val, "random", len) == 0) {
-		*(int *)kp->arg = FAKE_PAYLOAD_RANDOM;
-	} else {
-		return -EINVAL;
-	}
-
-	return 0;
-}
-
-static int fake_type_get(char *buffer, const struct kernel_param *kp) {
-	switch (*(int *)kp->arg) {
-		case FAKE_PAYLOAD_DEFAULT:
-			strcpy(buffer, "default\n");
-			break;
-		case FAKE_PAYLOAD_RANDOM:
-			strcpy(buffer, "random\n");
-			break;
-		case FAKE_PAYLOAD_CUSTOM:
-			strcpy(buffer, "custom\n");
-			break;
-		default:
-			strcpy(buffer, "unknown\n");
-	}
-
-	return strlen(buffer);
-}
-
-static const struct kernel_param_ops fake_type_ops = {
-	.set = fake_type_set,
-	.get = fake_type_get,
-};
-
-module_param_cb(fake_sni_type, &fake_type_ops, &def_section->fake_sni_type, 0664);
-
-static int fake_custom_pl_set(const char *val, const struct kernel_param *kp) {
-	size_t len;
-
-	len = strnlen(val, STR_MAXLEN + 1);
-	if (len == STR_MAXLEN + 1) {
-		pr_err("%s: string parameter too long\n", kp->name);
-		return -ENOSPC;
-	}
-
-	if (len >= 1 && val[len - 1] == '\n') {
-		len--;
-	}
-
-	uint8_t *const custom_buf = (uint8_t *)custom_fake_buf;
-	const char *custom_hex_fake = val;
-	size_t custom_hlen = len;
-
-	if ((custom_hlen & 1) == 1) {
-		return -EINVAL;
-	}
-
-
-	size_t custom_len = custom_hlen >> 1;
-	if (custom_len > MAX_FAKE_SIZE) {
-		return -EINVAL;
-	}
-
-	for (int i = 0; i < custom_len; i++) {
-		sscanf(custom_hex_fake + (i << 1), "%2hhx", custom_buf + i);
-	}
-
-	def_section->fake_custom_pkt_sz = custom_len;
-	def_section->fake_custom_pkt = (char *)custom_buf;
-
-	return 0;
-}
-
-static int fake_custom_pl_get(char *buffer, const struct kernel_param *kp) {
-	int cflen = def_section->fake_custom_pkt_sz;
-	const uint8_t *cbf_data = def_section->fake_custom_pkt;
-	int bflen = def_section->fake_custom_pkt_sz << 1;
-
-	for (int i = 0; i < cflen; i++) {
-		sprintf(buffer + (i << 1), "%02x", *((unsigned char *)cbf_data + i));
-	}
-
-	return bflen;
-}
-
-static const struct kernel_param_ops fake_custom_pl_ops = {
-	.set = fake_custom_pl_set,
-	.get = fake_custom_pl_get,
-};
-
-module_param_cb(fake_custom_payload, &fake_custom_pl_ops, &def_section->fake_custom_pkt, 0664);

kmake.mk

@@ -9,11 +9,13 @@ LDFLAGS	:=
 
 KERNEL_BUILDER_MAKEDIR:=/lib/modules/$(shell uname -r)/build
 
+override EXTRA_CFLAGS += -DPKG_VERSION=\"$(PKG_FULLVERSION)\"
+
 .PHONY: kmake kload kunload kreload kclean kmclean xclean
 kmake: kmod
 
 kmod:
-	$(MAKE) -C $(KERNEL_BUILDER_MAKEDIR) M=$(PWD) modules
+	$(MAKE) -C $(KERNEL_BUILDER_MAKEDIR) M=$(PWD) EXTRA_CFLAGS='$(EXTRA_CFLAGS)' modules
 
 kload:
 	insmod kyoutubeUnblock.ko

kytunblock.c

@@ -1,414 +0,0 @@
-#ifndef KERNEL_SPACE
-#error "You are trying to compile the kernel module not in the kernel space"
-#endif
-
-// Kernel module for youtubeUnblock.
-// Build with make kmake 
-#include <linux/module.h>
-#include <linux/init.h>
-#include <linux/mutex.h>
-#include <linux/socket.h>
-#include <linux/net.h>
-#include <linux/kernel.h>
-#include <linux/version.h>
-
-#include <linux/netfilter.h>
-#include <linux/netfilter_ipv4.h>
-#include <linux/netfilter_ipv6.h>
-
-#include "mangle.h"
-#include "config.h"
-#include "utils.h"
-#include "logging.h"
-
-MODULE_LICENSE("GPL");
-MODULE_VERSION("0.3.2");
-MODULE_AUTHOR("Vadim Vetrov <vetrovvd@gmail.com>");
-MODULE_DESCRIPTION("Linux kernel module for youtubeUnblock");
-
-static struct socket *rawsocket;
-
-static struct socket *raw6socket;
-
-static int open_raw_socket(void) {
-	int ret = 0;
-	ret = sock_create(AF_INET, SOCK_RAW, IPPROTO_RAW, &rawsocket);
-
-	if (ret < 0) {
-		pr_alert("Unable to create raw socket\n");
-		goto err;
-	}
-
-	// That's funny, but this is how it is done in the kernel
-	// https://elixir.bootlin.com/linux/v3.17.7/source/net/core/sock.c#L916
-	rawsocket->sk->sk_mark=config.mark;
-
-	return 0;
-
-err:
-	return ret;
-}
-
-static void close_raw_socket(void) {
-	sock_release(rawsocket);
-}
-
-static int send_raw_ipv4(const uint8_t *pkt, uint32_t pktlen) {
-	int ret = 0;
-	if (pktlen > AVAILABLE_MTU) return -ENOMEM;
-
-	struct iphdr *iph;
-
-	if ((ret = ip4_payload_split(
-	(uint8_t *)pkt, pktlen, &iph, NULL, NULL, NULL)) < 0) {
-		return ret;
-	}
-
-	struct sockaddr_in daddr = {
-		.sin_family = AF_INET,
-		.sin_port = 0,
-		.sin_addr = {
-			.s_addr = iph->daddr
-		}
-	};
-
-	struct msghdr msg;
-	struct kvec iov;
-
-	memset(&msg, 0, sizeof(msg));
-
-	iov.iov_base = (__u8 *)pkt;
-	iov.iov_len = pktlen;
-
-	msg.msg_flags = 0;
-	msg.msg_name = &daddr;
-	msg.msg_namelen = sizeof(struct sockaddr_in);
-	msg.msg_control = NULL;
-	msg.msg_controllen = 0;
-
-
-	ret = kernel_sendmsg(rawsocket, &msg, &iov, 1, pktlen);
-
-	return ret;
-}
-
-static int open_raw6_socket(void) {
-	int ret = 0;
-	ret = sock_create(AF_INET6, SOCK_RAW, IPPROTO_RAW, &raw6socket);
-
-	if (ret < 0) {
-		pr_alert("Unable to create raw socket\n");
-		goto err;
-	}
-
-	// That's funny, but this is how it is done in the kernel
-	// https://elixir.bootlin.com/linux/v3.17.7/source/net/core/sock.c#L916
-	raw6socket->sk->sk_mark=config.mark;
-
-	return 0;
-
-err:
-	return ret;
-}
-
-static void close_raw6_socket(void) {
-	sock_release(raw6socket);
-}
-
-static int send_raw_ipv6(const uint8_t *pkt, uint32_t pktlen) {
-	int ret = 0;
-	if (pktlen > AVAILABLE_MTU) return -ENOMEM;
-
-	struct ip6_hdr *iph;
-
-	if ((ret = ip6_payload_split(
-	(uint8_t *)pkt, pktlen, &iph, NULL, NULL, NULL)) < 0) {
-		return ret;
-	}
-
-	struct sockaddr_in6 daddr = {
-		.sin6_family = AF_INET6,
-		/* Always 0 for raw socket */
-		.sin6_port = 0,
-		.sin6_addr = iph->ip6_dst
-	};
-
-	struct kvec iov;
-	struct msghdr msg;
-	memset(&msg, 0, sizeof(msg));
-
-	iov.iov_base = (__u8 *)pkt;
-	iov.iov_len = pktlen;
-
-	msg.msg_flags = 0;
-	msg.msg_name = &daddr;
-	msg.msg_namelen = sizeof(struct sockaddr_in6);
-	msg.msg_control = NULL;
-	msg.msg_controllen = 0;
-
-	ret = kernel_sendmsg(raw6socket, &msg, &iov, 1, pktlen);
-
-	return ret;
-}
-
-static int send_raw_socket(const uint8_t *pkt, uint32_t pktlen) {
-	int ret;
-
-	if (pktlen > AVAILABLE_MTU) {
-		lgdebug("The packet is too big and may cause issues!");
-
-		NETBUF_ALLOC(buff1, MAX_PACKET_SIZE);
-		if (!NETBUF_CHECK(buff1)) {
-			lgerror("Allocation error", -ENOMEM);
-			return -ENOMEM;
-		}
-		NETBUF_ALLOC(buff2, MAX_PACKET_SIZE);
-		if (!NETBUF_CHECK(buff2)) {
-			lgerror("Allocation error", -ENOMEM);
-			NETBUF_FREE(buff2);
-			return -ENOMEM;
-		}
-		uint32_t buff1_size = MAX_PACKET_SIZE;
-		uint32_t buff2_size = MAX_PACKET_SIZE;
-
-		if ((ret = tcp_frag(pkt, pktlen, AVAILABLE_MTU-128,
-			buff1, &buff1_size, buff2, &buff2_size)) < 0) {
-
-			goto erret_lc;
-		}
-
-		int sent = 0;
-		ret = send_raw_socket(buff1, buff1_size);
-
-		if (ret >= 0) sent += ret;
-		else {
-			goto erret_lc;
-		}
-
-		ret = send_raw_socket(buff2, buff2_size);
-		if (ret >= 0) sent += ret;
-		else {
-			goto erret_lc;
-		}
-
-		NETBUF_FREE(buff1);
-		NETBUF_FREE(buff2);
-		return sent;
-erret_lc:
-		NETBUF_FREE(buff1);
-		NETBUF_FREE(buff2);
-		return ret;
-	}
-	
-	int ipvx = netproto_version(pkt, pktlen);
-
-	if (ipvx == IP4VERSION) {
-		return send_raw_ipv4(pkt, pktlen);
-	} else if (ipvx == IP6VERSION) {
-		return send_raw_ipv6(pkt, pktlen);
-	} else {
-		printf("proto version %d is unsupported\n", ipvx);
-		return -EINVAL;
-	}
-
-	lgtrace_addp("raw_sock_send: %d", ret);
-	return ret;
-}
-
-static int delay_packet_send(const unsigned char *data, unsigned int data_len, unsigned int delay_ms) {
-	pr_info("delay_packet_send won't work on current youtubeUnblock version");
-	return send_raw_socket(data, data_len);
-}
-
-struct instance_config_t instance_config = {
-	.send_raw_packet = send_raw_socket,
-	.send_delayed_packet = delay_packet_send,
-};
-
-
-/* If this is a Red Hat-based kernel (Red Hat, CentOS, Fedora, etc)... */
-#ifdef RHEL_RELEASE_CODE
-
-#if RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(7, 2)
-#define NF_CALLBACK(name, skb) unsigned int name( \
-		const struct nf_hook_ops *ops, \
-		struct sk_buff *skb, \
-		const struct net_device *in, \
-		const struct net_device *out, \
-		const struct nf_hook_state *state) \
-
-#elif RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(7, 0)
-#define NF_CALLBACK(name, skb) unsigned int name( \
-		const struct nf_hook_ops *ops, \
-		struct sk_buff *skb, \
-		const struct net_device *in, \
-		const struct net_device *out, \
-		int (*okfn)(struct sk_buff *))
-
-#else
-
-#error "Sorry; this version of RHEL is not supported because it's kind of old."
-
-#endif /* RHEL_RELEASE_CODE >= x */
-
-
-/* If this NOT a RedHat-based kernel (Ubuntu, Debian, SuSE, etc)... */
-#else
-
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)
-#define NF_CALLBACK(name, skb) unsigned int name( \
-		void *priv, \
-		struct sk_buff *skb, \
-		const struct nf_hook_state *state)
-
-#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0)
-#define NF_CALLBACK(name, skb) unsigned int name( \
-		const struct nf_hook_ops *ops, \
-		struct sk_buff *skb, \
-		const struct nf_hook_state *state)
-
-#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)
-#define NF_CALLBACK(name, skb) unsigned int name( \
-		const struct nf_hook_ops *ops, \
-		struct sk_buff *skb, \
-		const struct net_device *in, \
-		const struct net_device *out, \
-		int (*okfn)(struct sk_buff *))
-
-#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3, 0, 0)
-#define NF_CALLBACK(name, skb) unsigned int name( \
-		unsigned int hooknum, \
-		struct sk_buff *skb, \
-		const struct net_device *in, \
-		const struct net_device *out, \
-		int (*okfn)(struct sk_buff *))
-
-#else
-#error "Linux < 3.0 isn't supported at all."
-
-#endif /* LINUX_VERSION_CODE > n */
-
-#endif /* RHEL or not RHEL */
-
-
-
-static NF_CALLBACK(ykb_nf_hook, skb) {
-	int ret;
-
-	if ((skb->mark & config.mark) == config.mark) 
-		goto accept;
-	
-	if (skb->head == NULL) 
-		goto accept;
-	
-	if (skb->len > MAX_PACKET_SIZE)
-		goto accept;
-
-	ret = skb_linearize(skb);
-	if (ret < 0) {
-		lgerror("Cannot linearize", ret);
-		goto accept;
-	}
-
-	int vrd = process_packet(skb->data, skb->len);
-
-	switch(vrd) {
-		case PKT_ACCEPT:
-			goto accept;
-		case PKT_DROP:
-			goto drop;
-	}
-
-accept:
-	return NF_ACCEPT;
-drop:
-	kfree_skb(skb);
-	return NF_STOLEN;
-}
-
-
-static struct nf_hook_ops ykb_nf_reg __read_mostly = {
-	.hook		= ykb_nf_hook,
-	.pf		= NFPROTO_IPV4,
-	.hooknum	= NF_INET_POST_ROUTING,
-	.priority	= NF_IP_PRI_MANGLE,
-};
-
-static struct nf_hook_ops ykb6_nf_reg __read_mostly = {
-	.hook		= ykb_nf_hook,
-	.pf		= NFPROTO_IPV6,
-	.hooknum	= NF_INET_POST_ROUTING,
-	.priority	= NF_IP6_PRI_MANGLE,
-};
-
-static int __init ykb_init(void) {
-	int ret = 0;
-
-	ret = open_raw_socket();
-	if (ret < 0) goto err;
-
-
-	if (config.use_ipv6) {
-		ret = open_raw6_socket();
-		if (ret < 0) goto close_rawsocket;
-
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,13,0)
-		struct net *n;
-		for_each_net(n) {
-			ret = nf_register_net_hook(n, &ykb6_nf_reg);
-			if (ret < 0) 
-				lgerror("bad rat",ret);
-		}
-#else
-		nf_register_hook(&ykb6_nf_reg);
-#endif
-	}
-
-
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,13,0)
-	struct net *n;
-
-	for_each_net(n) {
-		ret = nf_register_net_hook(n, &ykb_nf_reg);
-		if (ret < 0) 
-			lgerror("bad rat",ret);
-	}
-#else
-	nf_register_hook(&ykb_nf_reg);
-#endif
-
-	pr_info("youtubeUnblock kernel module started.\n");
-	return 0;
-
-close_rawsocket:
-	close_raw_socket();
-err:
-	return ret;
-}
-
-static void __exit ykb_destroy(void) {
-	if (config.use_ipv6) {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,13,0)
-		struct net *n;
-		for_each_net(n)
-			nf_unregister_net_hook(n, &ykb6_nf_reg);
-#else
-		nf_unregister_hook(&ykb6_nf_reg);
-#endif
-		close_raw6_socket();
-	}
-
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,13,0)
-	struct net *n;
-	for_each_net(n)
-		nf_unregister_net_hook(n, &ykb_nf_reg);
-#else
-	nf_unregister_hook(&ykb_nf_reg);
-#endif
-
-	close_raw_socket();
-	pr_info("youtubeUnblock kernel module destroyed.\n");
-}
-
-module_init(ykb_init);
-module_exit(ykb_destroy);

logging.h

@@ -1,44 +0,0 @@
-#ifndef LOGGING_H
-#define LOGGING_H
-#include "config.h"
-
-#define LOG_LEVEL (config.verbose)
-
-#ifdef KERNEL_SPACE
-#include <linux/kernel.h>
-#include <linux/module.h>
-#define printf pr_info
-#define perror pr_err
-#define lgerror(msg, ret, ...) __extension__ ({		\
-	pr_err(msg ": %d\n", ##__VA_ARGS__, ret);	\
-})
-#else
-#include <stdio.h> // IWYU pragma: export
-#include <errno.h>
-#define lgerror(msg, ret, ...) __extension__ ({			\
-	errno = -(ret);						\
-	printf(msg ": %s\n", ##__VA_ARGS__, strerror(errno));	\
-})
-#endif /* PROGRAM_SPACE */
-
-#define lgdebug(msg, ...) \
-(LOG_LEVEL >= VERBOSE_DEBUG ? printf(msg, ##__VA_ARGS__) : 0)
-
-#define lgdebugmsg(msg, ...) lgdebug(msg "\n", ##__VA_ARGS__)
-
-
-#define lgtrace(msg, ...) \
-(LOG_LEVEL >= VERBOSE_TRACE ? printf(msg, ##__VA_ARGS__) : 0)
-
-#define lgtracemsg(msg, ...) lgtrace(msg "\n", __VA_ARGS__)
-
-#define lgtrace_start(msg, ...) \
-(LOG_LEVEL >= VERBOSE_TRACE ? printf("[TRACE] " msg " ( ", ##__VA_ARGS__) : 0)
-
-#define lgtrace_addp(msg, ...) \
-(LOG_LEVEL >= VERBOSE_TRACE ? printf(msg", ", ##__VA_ARGS__) : 0)
-
-#define lgtrace_end() \
-(LOG_LEVEL >= VERBOSE_TRACE ? printf(") \n") : 0)
-
-#endif /* LOGGING_H */

mangle.c

@@ -1,758 +0,0 @@
-#define _GNU_SOURCE
-#include "types.h" // IWYU pragma: keep
-#include "mangle.h"
-#include "config.h"
-#include "utils.h"
-#include "quic.h"
-#include "logging.h"
-#include "tls.h"
-
-#ifndef KERNEL_SPACE
-#include <stdlib.h>
-#endif
-
-int process_packet(const uint8_t *raw_payload, uint32_t raw_payload_len) {
-	if (raw_payload_len > MAX_PACKET_SIZE) {
-		return PKT_ACCEPT;
-	}
-
-	const struct iphdr *iph;
-	const struct ip6_hdr *ip6h;
-	uint32_t iph_len;
-	const uint8_t *ip_payload;
-	uint32_t ip_payload_len;
-
-	int transport_proto = -1;
-	int ipver = netproto_version(raw_payload, raw_payload_len);
-	int ret;
-
-	lgtrace_start();
-	lgtrace_addp("IPv%d", ipver);
-
-	if (ipver == IP4VERSION) {
-		ret = ip4_payload_split((uint8_t *)raw_payload, raw_payload_len,
-			 (struct iphdr **)&iph, &iph_len, 
-			 (uint8_t **)&ip_payload, &ip_payload_len);
-
-		if (ret < 0)
-			goto accept;
-
-		transport_proto = iph->protocol;
-
-	} else if (ipver == IP6VERSION && config.use_ipv6) {
-		ret = ip6_payload_split((uint8_t *)raw_payload, raw_payload_len,
-			 (struct ip6_hdr **)&ip6h, &iph_len, 
-			 (uint8_t **)&ip_payload, &ip_payload_len);
-
-		if (ret < 0)
-			goto accept;
-
-		transport_proto = ip6h->ip6_nxt;
-
-	} else {
-		lgtracemsg("Unknown layer 3 protocol version: %d", ipver);
-		goto accept;
-	}
-
-	int verdict = PKT_CONTINUE;
-
-	if (transport_proto == IPPROTO_TCP) 
-		lgtrace_addp("TCP");
-	else if (transport_proto == IPPROTO_UDP) 
-		lgtrace_addp("UDP");
-
-	
-	ITER_CONFIG_SECTIONS(section) {
-		lgtrace_addp("Section #%d", CONFIG_SECTION_NUMBER(section));
-
-		switch (transport_proto) {
-		case IPPROTO_TCP:
-			verdict = process_tcp_packet(section, raw_payload, raw_payload_len);
-			break;
-		case IPPROTO_UDP:
-			verdict = process_udp_packet(section, raw_payload, raw_payload_len);
-			break;
-		}
-
-		if (verdict == PKT_CONTINUE)
-			continue;
-
-		lgtrace_end();
-		return verdict;
-	}
-
-accept:	
-	lgtrace_end();
-	return PKT_ACCEPT;
-}
-
-int process_tcp_packet(const struct section_config_t *section, const uint8_t *raw_payload, uint32_t raw_payload_len) {
-	const void *ipxh;
-	uint32_t iph_len;
-	const struct tcphdr *tcph;
-	uint32_t tcph_len;
-	const uint8_t *data;
-	uint32_t dlen;
-
-
-	int ipxv = netproto_version(raw_payload, raw_payload_len);
-
-	int ret = tcp_payload_split((uint8_t *)raw_payload, raw_payload_len,
-			      (void *)&ipxh, &iph_len,
-			      (struct tcphdr **)&tcph, &tcph_len,
-			      (uint8_t **)&data, &dlen);
-
-
-	if (ret < 0) {
-		goto accept;
-	}
-
-	if (tcph->syn && section->synfake) {
-		lgtrace_addp("TCP syn alter");
-
-		NETBUF_ALLOC(payload, MAX_PACKET_SIZE);
-		if (!NETBUF_CHECK(payload)) {
-			lgerror("Allocation error", -ENOMEM);
-			goto accept;
-		}
-
-		memcpy(payload, ipxh, iph_len);
-		memcpy(payload + iph_len, tcph, tcph_len);
-		uint32_t fake_len = section->fake_sni_pkt_sz;
-
-		if (section->synfake_len) 
-			fake_len = min(section->synfake_len, fake_len);
-
-		memcpy(payload + iph_len + tcph_len, section->fake_sni_pkt, fake_len);
-
-
-		struct tcphdr *tcph = (struct tcphdr *)(payload + iph_len);
-		if (ipxv == IP4VERSION) {
-			struct iphdr *iph = (struct iphdr *)payload;
-			iph->tot_len = htons(iph_len + tcph_len + fake_len);
-			set_ip_checksum(payload, iph_len);
-			set_tcp_checksum(tcph, iph, iph_len);
-		} else if (ipxv == IP6VERSION) {
-			struct ip6_hdr *ip6h = (struct ip6_hdr *)payload;
-			ip6h->ip6_plen = ntohs(tcph_len + fake_len);
-			set_ip_checksum(ip6h, iph_len);
-			set_tcp_checksum(tcph, ip6h, iph_len);
-		}
-
-
-		ret = instance_config.send_raw_packet(payload, iph_len + tcph_len + fake_len);
-		if (ret < 0) {
-			lgerror("send_syn_altered", ret);
-
-			NETBUF_FREE(payload);
-			goto accept;
-		}
-
-		NETBUF_FREE(payload);
-		goto drop;
-	}
-
-	if (tcph->syn) goto continue_flow;
-
-	struct tls_verdict vrd = analyze_tls_data(section, data, dlen);
-	lgtrace_addp("TLS analyzed");
-
-	if (vrd.sni_len != 0) {
-		lgtrace_addp("SNI detected: %.*s", vrd.sni_len, data + vrd.sni_offset);
-	}
-
-	if (vrd.target_sni) {
-		lgdebugmsg("Target SNI detected: %.*s", vrd.sni_len, data + vrd.sni_offset);
-
-		uint32_t payload_len = raw_payload_len;
-		NETBUF_ALLOC(payload, MAX_PACKET_SIZE);
-		if (!NETBUF_CHECK(payload)) {
-			lgerror("Allocation error", -ENOMEM);
-			goto accept; 
-		}
-
-		memcpy(payload, raw_payload, raw_payload_len);
-
-		void *iph;
-		uint32_t iph_len;
-		struct tcphdr *tcph;
-		uint32_t tcph_len;
-		uint8_t *data;
-		uint32_t dlen;
-
-		int ret = tcp_payload_split(payload, payload_len,
-				      &iph, &iph_len, &tcph, &tcph_len,
-				      &data, &dlen);
-
-		if (ret < 0) {
-			lgerror("tcp_payload_split in targ_sni", ret);
-			goto accept_lc;
-		}
-
-		if (section->fk_winsize) {
-			tcph->window = htons(section->fk_winsize);
-			set_tcp_checksum(tcph, iph, iph_len);
-		}
-
-		if (0) {
-			int delta = 2;
-			ret = seqovl_packet(payload, &payload_len, delta);
-			int ret = tcp_payload_split(payload, payload_len,
-				      &iph, &iph_len, &tcph, &tcph_len,
-				      &data, &dlen);
-			if (ret < 0) {
-				lgerror("seqovl_packet delta %d", ret, delta);
-			}
-		}
-
-		
-		if (dlen > 1480 && config.verbose) {
-			lgdebugmsg("WARNING! Client Hello packet is too big and may cause issues!");
-		}
-
-		if (section->fake_sni) {
-			post_fake_sni(args_default_fake_type(section), iph, iph_len, tcph, tcph_len);	
-		}
-
-		size_t ipd_offset;
-		size_t mid_offset;
-
-		switch (section->fragmentation_strategy) {
-			case FRAG_STRAT_TCP: {
-				ipd_offset = vrd.sni_target_offset;
-				mid_offset = ipd_offset + vrd.sni_target_len / 2;
-
-				uint32_t poses[2];
-				int cnt = 0;
-
-				if (section->frag_sni_pos && dlen > section->frag_sni_pos) {
-					poses[cnt++] = section->frag_sni_pos;
-				}
-
-				if (section->frag_middle_sni) {
-					poses[cnt++] = mid_offset;
-				}
-
-				if (cnt > 1 && poses[0] > poses[1]) {
-					uint32_t tmp = poses[0];
-					poses[0] = poses[1];
-					poses[1] = tmp;
-				}
-
-				ret = send_tcp_frags(section, payload, payload_len, poses, cnt, 0);
-				if (ret < 0) {
-					lgerror("tcp4 send frags", ret);
-					goto accept_lc;
-				}
-
-				goto drop_lc;
-			}
-			break;
-			case FRAG_STRAT_IP: 
-			if (ipxv == IP4VERSION) {
-				ipd_offset = ((char *)data - (char *)tcph) + vrd.sni_target_offset;
-				mid_offset = ipd_offset + vrd.sni_target_len / 2;
-				mid_offset += 8 - mid_offset % 8;
-
-				uint32_t poses[2];
-				int cnt = 0;
-
-				if (section->frag_sni_pos && dlen > section->frag_sni_pos) {
-					poses[cnt] = section->frag_sni_pos + ((char *)data - (char *)tcph);
-					poses[cnt] += 8 - poses[cnt] % 8;
-					cnt++;
-				}
-
-				if (section->frag_middle_sni) {
-					poses[cnt++] = mid_offset;
-				}
-
-				if (cnt > 1 && poses[0] > poses[1]) {
-					uint32_t tmp = poses[0];
-					poses[0] = poses[1];
-					poses[1] = tmp;
-				}
-
-				ret = send_ip4_frags(section, payload, payload_len, poses, cnt, 0);
-				if (ret < 0) {
-					lgerror("ip4 send frags", ret);
-					goto accept_lc;
-				}
-
-				goto drop_lc;
-			} else {
-				printf("WARNING: IP fragmentation is supported only for IPv4\n");	
-				goto default_send;
-			}
-			default:
-			default_send:
-				ret = instance_config.send_raw_packet(payload, payload_len);
-				if (ret < 0) {
-					lgerror("raw pack send", ret);
-					goto accept_lc;
-				}
-
-				goto drop_lc;
-		}
-
-
-
-		goto drop_lc;
-
-accept_lc:
-		NETBUF_FREE(payload);
-		goto accept;
-drop_lc:
-		NETBUF_FREE(payload);
-		goto drop;
-
-	}
-
-continue_flow:
-	lgtrace_addp("continue_flow");
-	return PKT_CONTINUE;
-accept:
-	lgtrace_addp("accept");
-	return PKT_ACCEPT;
-drop:
-	lgtrace_addp("drop");
-	return PKT_DROP;
-}
-
-int process_udp_packet(const struct section_config_t *section, const uint8_t *pkt, uint32_t pktlen) {
-	const void *iph;
-	uint32_t iph_len;
-	const struct udphdr *udph;
-	const uint8_t *data;
-	uint32_t dlen;
-	int ipver = netproto_version(pkt, pktlen);
-
-	int ret = udp_payload_split((uint8_t *)pkt, pktlen,
-			      (void **)&iph, &iph_len, 
-			      (struct udphdr **)&udph,
-			      (uint8_t **)&data, &dlen);
-
-	
-	if (ret < 0) {
-		lgtrace_addp("undefined");
-		goto accept;
-	}
-
-	if (dlen > 10 && config.verbose >= VERBOSE_TRACE) {
-		printf("UDP payload start: [ ");
-		for (int i = 0; i < 10; i++) {
-			printf("%02x ", data[i]);
-		}
-		printf("], ");
-	}
-
-
-	if (section->quic_drop) {
-		lgtrace_addp("QUIC probe");
-		const struct quic_lhdr *qch;
-		uint32_t qch_len;
-		struct quic_cids qci;
-		uint8_t *quic_raw_payload;
-		uint32_t quic_raw_plen;
-		ret = quic_parse_data((uint8_t *)data, dlen, 
-			 (struct quic_lhdr **)&qch, &qch_len, &qci, 
-			 &quic_raw_payload, &quic_raw_plen);
-
-		if (ret < 0) {
-			lgtrace_addp("undefined type");
-			goto accept_quic;
-		}
-
-		lgtrace_addp("QUIC detected");
-		uint8_t qtype = qch->type;
-
-		goto drop;
-
-		if (qch->version == QUIC_V1)
-			qtype = quic_convtype_v1(qtype);
-		else if (qch->version == QUIC_V2) 
-			qtype = quic_convtype_v2(qtype);
-
-		if (qtype != QUIC_INITIAL_TYPE) {
-			lgtrace_addp("quic message type: %d", qtype);
-			goto accept_quic;
-		}
-		
-		lgtrace_addp("quic initial message");
-	}
-
-/*
-	if (1) {
-		lgtrace_addp("Probe udp");
-		if (ipver == IP4VERSION && ntohs(udph->dest) > 30) {
-			lgtrace_addp("udp fool");
-			const uint8_t *payload;
-			uint32_t payload_len;
-
-			uint32_t poses[10];
-			int cnt = 3;
-
-			poses[0] = 8;
-			for (int i = 1; i < cnt; i++) {
-				poses[i] = poses[i - 1] + 8;
-			}
-
-			ret = send_ip4_frags(pkt, pktlen, poses, cnt, 0);
-			if (ret < 0) {
-				lgerror("ip4 send frags", ret);
-				goto accept;
-			}
-
-			goto drop;
-		} else {
-			printf("WARNING: IP fragmentation is supported only for IPv4\n");	
-			goto accept;
-		}
-	}
-*/
-
-
-continue_flow:
-	lgtrace_addp("continue_flow");
-	return PKT_CONTINUE;
-accept_quic:
-accept:
-	return PKT_ACCEPT;
-drop:
-	return PKT_DROP;
-}
-
-int send_ip4_frags(const struct section_config_t *section, const uint8_t *packet, uint32_t pktlen, const uint32_t *poses, uint32_t poses_sz, uint32_t dvs) {
-	if (poses_sz == 0) {
-		if (section->seg2_delay && ((dvs > 0) ^ section->frag_sni_reverse)) {
-			if (!instance_config.send_delayed_packet) {
-				return -EINVAL;
-			}
-
-			lgtrace_addp("Sent %d delayed for %d", pktlen, section->seg2_delay);
-			instance_config.send_delayed_packet(
-				packet, pktlen, section->seg2_delay);
-
-			return 0;
-		} else {
-			lgtrace_addp("Sent %d bytes", pktlen);
-			return instance_config.send_raw_packet(
-				packet, pktlen);
-		}
-	} else {
-		NETBUF_ALLOC(frag1, MAX_PACKET_SIZE);
-		if (!NETBUF_CHECK(frag1)) {
-			lgerror("Allocation error", -ENOMEM);
-			return -ENOMEM;
-		}
-
-		NETBUF_ALLOC(frag2, MAX_PACKET_SIZE);
-		if (!NETBUF_CHECK(frag2)) {
-			lgerror("Allocation error", -ENOMEM);
-			NETBUF_FREE(frag1);
-			return -ENOMEM;
-		}
-
-		NETBUF_ALLOC(fake_pad, MAX_PACKET_SIZE);
-		if (!NETBUF_CHECK(fake_pad)) {
-			lgerror("Allocation error", -ENOMEM);
-			NETBUF_FREE(frag1);
-			NETBUF_FREE(frag2);
-			return -ENOMEM;
-		}
-
-		uint32_t f1len = MAX_PACKET_SIZE;
-		uint32_t f2len = MAX_PACKET_SIZE;
-		uint32_t fake_pad_len = MAX_PACKET_SIZE;
-
-		int ret;
-
-		if (dvs > poses[0]) {
-			lgerror("send_frags: Recursive dvs(%d) is more than poses0(%d)", -EINVAL, dvs, poses[0]);
-			ret = -EINVAL;
-			goto erret_lc;
-		}
-
-		uint32_t frag_pos = poses[0] - dvs;
-		frag_pos += 8 - frag_pos % 8;
-
-		ret = ip4_frag(packet, pktlen, frag_pos, 
-			frag1, &f1len, frag2, &f2len);
-
-		if (ret < 0) {
-			lgerror("send_frags: frag: with context packet with size %d, position: %d, recursive dvs: %d", ret, pktlen, poses[0], dvs);
-			goto erret_lc;
-		}
-
-		dvs += frag_pos;
-
-		if (section->frag_sni_reverse)
-			goto send_frag2;
-send_frag1:
-		ret = send_ip4_frags(section, frag1, f1len, NULL, 0, 0);
-		if (ret < 0) {
-			goto erret_lc;
-		}
-
-		if (section->frag_sni_reverse)
-			goto out_lc;
-
-send_fake:
-/*
-		if (section->frag_sni_faked) {
-			ITER_FAKE_STRAT(section->faking_strategy, strategy) {
-				uint32_t iphfl;
-				fake_pad_len = f2len;
-				ret = ip4_payload_split(frag2, f2len, NULL, &iphfl, NULL, NULL);
-				if (ret < 0) {
-					lgerror("Invalid frag2", ret);
-					goto erret_lc;
-				}
-				memcpy(fake_pad, frag2, iphfl + sizeof(struct udphdr));
-				memset(fake_pad + iphfl + sizeof(struct udphdr), 0, f2len - iphfl - sizeof(struct udphdr));
-				((struct iphdr *)fake_pad)->tot_len = htons(fake_pad_len);
-				((struct iphdr *)fake_pad)->id = 1;
-				((struct iphdr *)fake_pad)->ttl = 8;
-				((struct iphdr *)fake_pad)->frag_off = 0;
-				ip4_set_checksum((struct iphdr*)fake_pad);
-				// *(struct udphdr *)(fake_pad + iphfl) = *(struct udphdr *)(frag2 + iphfl);
-				ret = send_ip4_frags(fake_pad, fake_pad_len, NULL, 0, 0);
-				if (ret < 0) {
-					goto erret_lc;
-				}
-			}
-		}
-*/
-
-		if (section->frag_sni_reverse)
-			goto send_frag1;
-
-send_frag2:
-		ret = send_ip4_frags(section, frag2, f2len, poses + 1, poses_sz - 1, dvs);
-		if (ret < 0) {
-			goto erret_lc;
-		}
-
-		if (section->frag_sni_reverse)
-			goto send_fake;
-
-out_lc:
-		NETBUF_FREE(frag1);
-		NETBUF_FREE(frag2);
-		NETBUF_FREE(fake_pad);
-		goto out;
-erret_lc:
-		NETBUF_FREE(frag1);
-		NETBUF_FREE(frag2);
-		NETBUF_FREE(fake_pad);
-		return ret;
-	}
-
-out:
-	return 0;
-}
-
-int send_tcp_frags(const struct section_config_t *section, const uint8_t *packet, uint32_t pktlen, const uint32_t *poses, uint32_t poses_sz, uint32_t dvs) {
-	if (poses_sz == 0) {
-		if (section->seg2_delay && ((dvs > 0) ^ section->frag_sni_reverse)) {
-			if (!instance_config.send_delayed_packet) {
-				return -EINVAL;
-			}
-
-			instance_config.send_delayed_packet(
-				packet, pktlen, section->seg2_delay);
-
-			return 0;
-		} else {
-			lgtrace_addp("raw send packet of %d bytes with %d dvs", pktlen, dvs);
-			return instance_config.send_raw_packet(
-				packet, pktlen);
-		}
-	} else {
-		NETBUF_ALLOC(frag1, MAX_PACKET_SIZE);
-		if (!NETBUF_CHECK(frag1)) {
-			lgerror("Allocation error", -ENOMEM);
-			return -ENOMEM;
-		}
-
-		NETBUF_ALLOC(frag2, MAX_PACKET_SIZE);
-		if (!NETBUF_CHECK(frag2)) {
-			lgerror("Allocation error", -ENOMEM);
-			NETBUF_FREE(frag1);
-			return -ENOMEM;
-		}
-
-		uint32_t f1len = MAX_PACKET_SIZE;
-		uint32_t f2len = MAX_PACKET_SIZE;
-
-		int ret;
-
-		if (dvs > poses[0]) {
-			lgerror("send_frags: Recursive dvs(%d) is more than poses0(%d)", -EINVAL, dvs, poses[0]);
-			ret = -EINVAL;
-			goto erret_lc;
-		}
-
-
-		ret = tcp_frag(packet, pktlen, poses[0] - dvs, 
-			frag1, &f1len, frag2, &f2len);
-
-
-		lgtrace_addp("Packet split in %d bytes position of payload start, dvs: %d to two packets of %d and %d lengths", poses[0], dvs, f1len, f2len);
-
-		if (ret < 0) {
-			lgerror("send_frags: tcp_frag: with context packet with size %d, position: %d, recursive dvs: %d", ret, pktlen, poses[0], dvs);
-			goto erret_lc;
-		}
-
-
-		dvs += poses[0];
-
-		if (section->frag_sni_reverse)
-			goto send_frag2;
-		
-send_frag1:
-		{
-			ret = send_tcp_frags(section, frag1, f1len, NULL, 0, 0);
-			if (ret < 0) {
-				goto erret_lc;
-			}
-
-			if (section->frag_sni_reverse) 
-				goto out_lc;
-		}
-
-send_fake:
-		if (section->frag_sni_faked) {
-			uint32_t iphfl, tcphfl;
-			void *iph;
-			struct tcphdr *tcph;
-			ret = tcp_payload_split(frag2, f2len, &iph, &iphfl, &tcph, &tcphfl, NULL, NULL);
-			struct fake_type f_type = args_default_fake_type(section);
-			if ((f_type.strategy.strategy & FAKE_STRAT_PAST_SEQ) == FAKE_STRAT_PAST_SEQ) {
-				f_type.strategy.strategy ^= FAKE_STRAT_PAST_SEQ;
-				f_type.strategy.strategy |= FAKE_STRAT_RAND_SEQ;
-				f_type.strategy.randseq_offset = dvs;
-			}
-
-			f_type.seg2delay = section->seg2_delay;
-
-			post_fake_sni(f_type, iph, iphfl, tcph, tcphfl);	
-		}
-
-		if (section->frag_sni_reverse)
-			goto send_frag1;
-
-send_frag2:
-		{
-			ret = send_tcp_frags(section, frag2, f2len, poses + 1, poses_sz - 1, dvs);
-			if (ret < 0) {
-				goto erret_lc;
-			}
-
-			if (section->frag_sni_reverse)
-				goto send_fake;
-		}
-out_lc:
-		NETBUF_FREE(frag1);
-		NETBUF_FREE(frag2);
-		goto out;
-erret_lc:
-		NETBUF_FREE(frag1);
-		NETBUF_FREE(frag2);
-		return ret;
-	}
-out:
-	return 0;
-}
-
-int post_fake_sni(struct fake_type f_type, 
-		const void *iph, unsigned int iph_len, 
-		const struct tcphdr *tcph, unsigned int tcph_len) {
-
-	uint8_t rfsiph[128];
-	uint8_t rfstcph[60];
-	int ret;
-
-	int ipxv = netproto_version(iph, iph_len);
-
-	memcpy(rfsiph, iph, iph_len);
-	memcpy(rfstcph, tcph, tcph_len);
-
-	void *fsiph = (void *)rfsiph;
-	struct tcphdr *fstcph = (void *)rfstcph;
-
-	ITER_FAKE_STRAT(f_type.strategy.strategy, strategy) {
-		struct fake_type fake_seq_type = f_type;
-		fake_seq_type.strategy.strategy = strategy;
-
-		// one goes for default fake
-		for (int i = 0; i < fake_seq_type.sequence_len; i++) {
-			NETBUF_ALLOC(fake_sni, MAX_PACKET_SIZE);
-			if (!NETBUF_CHECK(fake_sni)) {
-				lgerror("Allocation error", -ENOMEM);
-				return -ENOMEM;
-			}
-			uint32_t fsn_len = MAX_PACKET_SIZE;
-			
-			ret = gen_fake_sni(
-				fake_seq_type,
-				fsiph, iph_len, fstcph, tcph_len, 
-				fake_sni, &fsn_len);
-			if (ret < 0) {
-				lgerror("gen_fake_sni", ret);
-				goto erret_lc;
-			}
-
-			lgtrace_addp("post fake sni #%d", i + 1);
-
-			if (f_type.seg2delay) {
-				ret = instance_config.send_delayed_packet(fake_sni, fsn_len, f_type.seg2delay);
-			} else {
-				ret = instance_config.send_raw_packet(fake_sni, fsn_len);
-			}
-			if (ret < 0) {
-				lgerror("send fake sni", ret);
-				goto erret_lc;
-			}
-			uint32_t iph_len;
-			uint32_t tcph_len;
-			uint32_t plen;
-			ret = tcp_payload_split(
-				fake_sni, fsn_len, 
-				&fsiph, &iph_len,
-				&fstcph, &tcph_len,
-				NULL, &plen);
-
-			if (ret < 0) {
-				lgtrace_addp("continue fake seq");
-				goto erret_lc;
-			}
-
-
-			if (!(strategy == FAKE_STRAT_PAST_SEQ ||
-				strategy == FAKE_STRAT_RAND_SEQ)) {
-				fstcph->seq = htonl(ntohl(fstcph->seq) + plen);
-			}
-
-			if (ipxv == IP4VERSION) {
-				((struct iphdr *)fsiph)->id = htons(ntohs(((struct iphdr *)fsiph)->id) + 1);
-			}
-
-			memcpy(rfsiph, fsiph, iph_len);
-
-			memcpy(rfstcph, fstcph, tcph_len);
-			fsiph = (void *)rfsiph;
-			fstcph = (void *)rfstcph;
-			
-			NETBUF_FREE(fake_sni);
-			continue;
-erret_lc:
-			NETBUF_FREE(fake_sni);
-			return ret;
-		}
-	}
-
-	return 0;
-}
-

mangle.h

@@ -1,58 +0,0 @@
-#ifndef YU_MANGLE_H
-#define YU_MANGLE_H
-
-#include "types.h"
-#include "tls.h"
-
-#define PKT_ACCEPT	0
-#define PKT_DROP	1
-// Used for section config
-#define PKT_CONTINUE	2
-
-/**
- * Processes the packet and returns verdict.
- * This is the primary function that traverses the packet.
- */
-int process_packet(const uint8_t *packet, uint32_t packet_len);
-
-
-/**
- * Processe the TCP packet.
- * Returns verdict.
- */
-int process_tcp_packet(const struct section_config_t *section, const uint8_t *raw_payload, uint32_t raw_payload_len);
-
-
-/**
- * Processes the UDP packet.
- * Returns verdict.
- */
-int process_udp_packet(const struct section_config_t *section, const uint8_t *pkt, uint32_t pktlen);
-
-
-
-/**
- * Sends fake client hello.
- */
-int post_fake_sni(struct fake_type f_type, 
-		const void *iph, unsigned int iph_len, 
-		const struct tcphdr *tcph, unsigned int tcph_len);
-
-/**
- * Splits packet by poses and posts.
- * Poses are relative to start of TCP payload.
- * dvs used internally and should be zero.
- */
-int send_tcp_frags(const struct section_config_t *section,
-	const uint8_t *packet, uint32_t pktlen, 
-	const uint32_t *poses, uint32_t poses_len, uint32_t dvs);
-
-/**
- * Splits packet by poses and posts.
- * Poses are relative to start of TCP payload.
- * dvs used internally and should be zero.
- */
-int send_ip4_frags(const struct section_config_t *section,
-	const uint8_t *packet, uint32_t pktlen, 
-	const uint32_t *poses, uint32_t poses_len, uint32_t dvs);
-#endif /* YU_MANGLE_H */

quic.c

@@ -1,140 +0,0 @@
-#include "quic.h"
-#include "logging.h"
-
-
-/**
- * Packet number.
- */
-struct quic_pnumber {
-	uint8_t d1;
-	uint8_t d2;
-	uint8_t d3;
-	uint8_t d4;
-};
-
-uint64_t quic_parse_varlength(uint8_t *variable, uint64_t *mlen) {
-	if (mlen && *mlen == 0) return 0;
-	uint64_t vr = (*variable & 0x3F);
-	uint8_t len = 1 << (*variable >> 6);
-
-	if (mlen) {
-		if (*mlen < len) return 0;
-		*mlen = len;
-	}
-
-	++variable;
-	for (uint8_t i = 1; i < len; i++) {
-		vr = (vr << 8) + *variable;
-		++variable;
-	}
-
-	return vr;
-}
-
-int quic_parse_data(uint8_t *raw_payload, uint32_t raw_payload_len,
-		struct quic_lhdr **qch, uint32_t *qch_len,
-		struct quic_cids *qci,
-		uint8_t **payload, uint32_t *plen) {
-	if (	raw_payload == NULL || 
-		raw_payload_len < sizeof(struct quic_lhdr)) 
-		goto invalid_packet;
-
-	struct quic_lhdr *nqch = (struct quic_lhdr *)raw_payload;
-	uint32_t left_len = raw_payload_len - sizeof(struct quic_lhdr);
-	uint8_t *cur_rawptr = raw_payload + sizeof(struct quic_lhdr);
-	if (!nqch->fixed) {
-		lgtrace_addp("quic fixed uset");
-		return -EPROTO;
-	}
-
-	uint8_t found = 0;
-	for (uint8_t i = 0; i < 2; i++) {
-		if (ntohl(nqch->version) == supported_versions[i]) {
-			found = 1;
-		}
-	}
-
-	if (!found) {
-		lgtrace_addp("quic version undefined %d", ntohl(nqch->version));
-		return -EPROTO;
-	}
-
-	lgtrace_addp("quic version valid %d", ntohl(nqch->version));
-
-	if (left_len < 2) goto invalid_packet;
-	struct quic_cids nqci = {0};
-
-	nqci.dst_len = *cur_rawptr++;
-	left_len--;
-	if (left_len < nqci.dst_len) goto invalid_packet;
-	nqci.dst_id = cur_rawptr;
-	cur_rawptr += nqci.dst_len;
-	left_len -= nqci.dst_len;
-
-	nqci.src_len = *cur_rawptr++;
-	left_len--;
-	if (left_len < nqci.src_len) goto invalid_packet;
-	nqci.src_id = cur_rawptr;
-	cur_rawptr += nqci.src_len;
-	left_len -= nqci.src_len;
-
-	if (qch) *qch = nqch;
-	if (qch_len) {
-		*qch_len = sizeof(struct quic_lhdr) + 
-			nqci.src_len + nqci.dst_len;
-	}
-	if (qci) *qci = nqci;
-	if (payload) *payload = cur_rawptr;
-	if (plen) *plen = left_len;
-
-	return 0;
-
-invalid_packet:
-	return -EINVAL;
-}
-
-int quic_parse_initial_message(uint8_t *inpayload, uint32_t inplen,
-			const struct quic_lhdr *qch, 
-			struct quici_hdr *qhdr,
-			uint8_t **payload, uint32_t *plen) {
-	if (inplen < 3) goto invalid_packet;
-	struct quici_hdr nqhdr;
-
-	uint8_t *cur_ptr = inpayload;
-	uint32_t left_len = inplen;
-	uint64_t tlen = left_len;
-
-	nqhdr.token_len = quic_parse_varlength(cur_ptr, &tlen);
-	nqhdr.token = cur_ptr + tlen;
-	
-	if (left_len < nqhdr.token_len + tlen) 
-		goto invalid_packet;
-	cur_ptr += tlen + nqhdr.token_len;
-	left_len -= tlen + nqhdr.token_len;
-
-	tlen = left_len;
-	nqhdr.length = quic_parse_varlength(cur_ptr, &tlen);
-
-	if (left_len != nqhdr.length + tlen && 
-		left_len <= qch->number_length + 1)
-		goto invalid_packet;
-
-	uint32_t packet_number = 0;
-
-	for (uint8_t i = 0; i <= qch->number_length; i++) {
-		packet_number = (packet_number << 8) + *cur_ptr++;
-		left_len--;
-	}
-
-	nqhdr.packet_number = packet_number;
-
-	if (qhdr) *qhdr = nqhdr;
-	if (payload) *payload = cur_ptr;
-	if (plen) *plen = left_len;
-
-	return 0;
-
-invalid_packet:
-	lgerror("QUIC invalid Initial packet", -EINVAL);
-	return -EINVAL;
-}

quic.h

@@ -1,128 +0,0 @@
-#ifndef QUIC_H
-#define QUIC_H
-#include "types.h"
-
-
-/**
-* @macro
-*
-* :macro:`NGTCP2_INITIAL_SALT_V1` is a salt value which is used to
-* derive initial secret.  It is used for QUIC v1.
-*/
-#define QUIC_INITIAL_SALT_V1 \
- "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17\x9a\xe6\xa4\xc8\x0c\xad" \
- "\xcc\xbb\x7f\x0a"
-
-/**
-* @macro
-*
-* :macro:`NGTCP2_INITIAL_SALT_V2` is a salt value which is used to
-* derive initial secret.  It is used for QUIC v2.
-*/
-#define QUIC_INITIAL_SALT_V2 \
- "\x0d\xed\xe3\xde\xf7\x00\xa6\xdb\x81\x93\x81\xbe\x6e\x26\x9d\xcb" \
- "\xf9\xbd\x2e\xd9"
-
-#define QUIC_INITIAL_TYPE	0
-#define QUIC_0_RTT_TYPE		1
-#define QUIC_HANDSHAKE_TYPE	2
-#define QUIC_RETRY_TYPE		3
-
-#define QUIC_INITIAL_TYPE_V1	0b00
-#define QUIC_0_RTT_TYPE_V1	0b01
-#define QUIC_HANDSHAKE_TYPE_V1	0b10
-#define QUIC_RETRY_TYPE_V1	0b11
-#define quic_convtype_v1(type) (type)
-
-#define QUIC_INITIAL_TYPE_V2	0b01
-#define QUIC_0_RTT_TYPE_V2	0b10
-#define QUIC_HANDSHAKE_TYPE_V2	0b11
-#define QUIC_RETRY_TYPE_V2	0b00
-#define quic_convtype_v2(type) (((type) + 1) & 0b11)
-
-#define QUIC_V1	1		// RFC 9000
-#define QUIC_V2	0x6b3343cf	// RFC 9369
-
-static const uint32_t supported_versions[] = {
-	QUIC_V1,
-	QUIC_V2,
-};
-
-/**
- * Quic Large Header
- */
-struct quic_lhdr {
-#if __BYTE_ORDER == __LITTLE_ENDIAN
-	uint8_t number_length:2;
-	uint8_t reserved:2;
-	uint8_t type:2;
-	uint8_t fixed:1;
-	uint8_t form:1;
-#elif __BYTE_ORDER == __BIG_ENDIAN
-	uint8_t form:1;
-	uint8_t fixed:1;
-	uint8_t type:2;
-	uint8_t reserved:2;
-	uint8_t number_length:2;
-#else
-#error "Undefined endian"
-#endif
-	uint32_t version;
-}__attribute__((packed));
-
-/**
- * Quic Large Header Ids 
- * (separated from the original header because of varying dst 
- */
-struct quic_cids {
-	uint8_t dst_len;
-	uint8_t *dst_id;
-	uint8_t src_len;
-	uint8_t *src_id;
-};
-
-/**
- * Parses QUIС raw data (UDP payload) to quic large header and 
- * quic payload.
- *
- * \qch_len is sizeof(qch) + qci->dst_len + qci->src_id
- * \payload is Type-Specific payload (#17.2).
- */
-int quic_parse_data(uint8_t *raw_payload, uint32_t raw_payload_len,
-		struct quic_lhdr **qch, uint32_t *qch_len,
-		struct quic_cids *qci,
-		uint8_t **payload, uint32_t *plen);
-		
-
-/**
- * Parses QUIC variable-length integer. (#16)
- * \variable is a pointer to the sequence to be parsed
- * (varlen integer in big endian format)
- *
- * \mlen Used to signal about variable length and validate left length
- * in the buffer.
- */
-uint64_t quic_parse_varlength(uint8_t *variable, uint64_t *mlen);
-
-// quici stands for QUIC Initial
-
-/**
- * This structure should be parsed
- */
-struct quici_hdr {
-	uint64_t token_len;
-	uint8_t *token;
-	uint64_t length;
-	uint32_t packet_number;
-};
-
-/**
- * Parses QUIC initial payload.
- * \inpayload is a raw QUIC payload (payload after quic large header)
- */
-int quic_parse_initial_message(uint8_t *inpayload, uint32_t inplen,
-			const struct quic_lhdr *qch,
-			struct quici_hdr *qhdr,
-			uint8_t **payload, uint32_t *plen);
-
-#endif /* QUIC_H */

src/args.h

@@ -0,0 +1,46 @@
+/*
+  youtubeUnblock - https://github.com/Waujito/youtubeUnblock
+
+  Copyright (C) 2024-2025 Vadim Vetrov <vetrovvd@gmail.com>
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
+#ifndef ARGS_H
+#define ARGS_H
+#include "types.h"
+#include "config.h"
+
+void print_version(void);
+void print_usage(const char *argv0);
+/**
+ * Initializes _config_ and parses args to it.
+ */
+int  yparse_args(struct config_t *config, int argc, char *argv[]);
+size_t print_config(const struct config_t *config, char *buffer, size_t buffer_size);
+void parse_global_lgconf(const struct config_t *config);
+
+// Initializes configuration storage.
+int init_config(struct config_t *config);
+// Allocates and initializes configuration section.
+int init_section_config(struct section_config_t **section, struct section_config_t *prev);
+// Frees configuration section
+void free_config_section(struct section_config_t *config);
+// Frees sections under config
+void free_config(struct config_t *config);
+
+/* Prints starting messages */
+void print_welcome(const struct config_t *config);
+
+#endif /* ARGS_H */

src/config.h

@@ -0,0 +1,345 @@
+/*
+  youtubeUnblock - https://github.com/Waujito/youtubeUnblock
+
+  Copyright (C) 2024-2025 Vadim Vetrov <vetrovvd@gmail.com>
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
+#ifndef YTB_CONFIG_H
+#define YTB_CONFIG_H
+
+#ifndef KERNEL_SPACE
+#define USER_SPACE
+#endif
+
+#include "types.h"
+#include "trie.h"
+
+typedef int (*raw_send_t)(const unsigned char *data, size_t data_len);
+/**
+ * Sends the packet after delay_ms. The function should schedule send and return immediately
+ * (for example, open daemon thread)
+ */
+typedef int (*delayed_send_t)(const unsigned char *data, size_t data_len, unsigned int delay_ms);
+
+struct instance_config_t {
+	raw_send_t send_raw_packet;
+	delayed_send_t send_delayed_packet;
+};
+extern struct instance_config_t instance_config;
+
+
+struct logging_config_t {
+	int verbose;
+	int instaflush;
+	int syslog;
+};
+extern struct logging_config_t logging_conf;
+
+struct udp_dport_range {
+	uint16_t start;
+	uint16_t end;
+};
+
+struct section_config_t {
+	int id;
+	struct section_config_t *next;
+	struct section_config_t *prev;
+
+	struct trie_container sni_domains;
+	struct trie_container exclude_sni_domains;
+	unsigned int all_domains;
+
+	int tls_enabled;
+
+	int fragmentation_strategy;
+	int frag_sni_reverse;
+	int frag_sni_faked;
+	int faking_strategy;
+	int frag_middle_sni;
+	int frag_sni_pos;
+	unsigned char faking_ttl;
+	int fake_sni;
+	unsigned int fake_sni_seq_len;
+
+#define FAKE_PAYLOAD_RANDOM	0
+#define FAKE_PAYLOAD_CUSTOM	1
+// In default mode all other options will be skipped.
+#define FAKE_PAYLOAD_DEFAULT	2
+	int fake_sni_type;
+
+	/* In milliseconds */
+	unsigned int seg2_delay;
+	int synfake;
+	unsigned int synfake_len;
+
+	const char *fake_sni_pkt;
+	unsigned int fake_sni_pkt_sz;
+
+	char *fake_custom_pkt;
+	unsigned int fake_custom_pkt_sz;
+
+	unsigned int fk_winsize;
+	int fakeseq_offset;
+
+	int dport_filter;
+
+#define SNI_DETECTION_PARSE 0
+#define SNI_DETECTION_BRUTE 1
+	int sni_detection;
+
+	int udp_mode;
+	unsigned int udp_fake_seq_len;
+	unsigned int udp_fake_len;
+	int udp_faking_strategy;
+
+	struct udp_dport_range *udp_dport_range;
+	int udp_dport_range_len;
+	int udp_filter_quic;
+};
+
+#define MAX_CONFIGLIST_LEN 64
+
+struct config_t {
+	unsigned int queue_start_num;
+	int threads;
+	int use_gso;
+	int use_ipv6;
+	int use_conntrack;
+	unsigned int mark;
+	int daemonize;
+	// Same as daemon() noclose
+	int noclose;
+	int syslog;
+	int instaflush;
+
+	int connbytes_limit;
+
+#define VERBOSE_INFO	0
+#define VERBOSE_DEBUG	1
+#define VERBOSE_TRACE	2
+	int verbose;
+
+	struct section_config_t *first_section;
+	struct section_config_t *last_section;
+
+#ifdef KERNEL_SPACE
+	struct kref refcount;
+#endif
+};
+
+
+#define ITER_CONFIG_SECTIONS(config, section) \
+for (struct section_config_t *section = (config)->last_section; section != NULL; section = section->prev)
+
+#define CONFIG_SECTION_NUMBER(section) ((section)->id)
+
+#define MAX_THREADS 16
+
+#ifndef THREADS_NUM
+#define THREADS_NUM 1
+#endif
+
+#if THREADS_NUM > MAX_THREADS
+#error "Too much threads"
+#endif
+
+#ifndef NOUSE_GSO
+#define USE_GSO
+#endif
+
+#define FRAG_STRAT_TCP	0
+#define FRAG_STRAT_IP	1
+#define FRAG_STRAT_NONE	2
+
+#ifndef FRAGMENTATION_STRATEGY
+#define FRAGMENTATION_STRATEGY FRAG_STRAT_TCP
+#endif
+
+#define DEFAULT_RAWSOCKET_MARK (1 << 15)
+
+#ifdef USE_SEG2_DELAY
+#define SEG2_DELAY 100
+#endif
+
+#define FAKE_TTL 8
+
+#define FAKE_STRAT_NONE		0
+// Will invalidate fake packets by out-of-ack_seq out-of-seq request
+#define FAKE_STRAT_RAND_SEQ	(1 << 0)
+// Will assume that GGC server is located further than FAKE_TTL
+// Thus, Fake packet will be eliminated automatically.
+#define FAKE_STRAT_TTL		(1 << 1)
+#define FAKE_STRAT_PAST_SEQ	(1 << 2)
+#define FAKE_STRAT_TCP_CHECK	(1 << 3)
+#define FAKE_STRAT_TCP_MD5SUM	(1 << 4)
+#define FAKE_STRAT_UDP_CHECK	(1 << 5)
+
+#define FAKE_STRAT_COUNT	6
+
+/**
+ * This macros iterates through all faking strategies and executes code under it.
+ * destination strategy will be available under name of `strategy` variable.
+ */
+#define ITER_FAKE_STRAT(fake_bitmask, strategy) \
+for (int strategy = 1; strategy <= (1 << FAKE_STRAT_COUNT); strategy <<= 1) \
+if ((fake_bitmask) & strategy) 
+
+#ifndef FAKING_STRATEGY
+#define FAKING_STRATEGY FAKE_STRAT_PAST_SEQ
+#endif
+
+#define MAX_FAKE_SIZE 1300
+
+#if !defined(SILENT) && !defined(KERNEL_SPACE)
+#define DEBUG
+#endif
+
+// The Maximum Transmission Unit size for rawsocket
+// Larger packets will be fragmented. Applicable for Chrome's kyber.
+#define AVAILABLE_MTU 1400
+
+#define DEFAULT_QUEUE_NUM 537
+
+#define MAX_PACKET_SIZE (1 << 16)
+
+#define DEFAULT_SNISTR "googlevideo.com,ggpht.com,ytimg.com,youtube.com,play.google.com,youtu.be,youtubei.googleapis.com,youtube.googleapis.com,youtubeembeddedplayer.googleapis.com,googleusercontent.com,gstatic.com,l.google.com"
+
+static const char default_snistr[] = DEFAULT_SNISTR;
+
+enum {
+	UDP_MODE_DROP,
+	UDP_MODE_FAKE,
+};
+
+enum {
+	UDP_FILTER_QUIC_DISABLED,
+	UDP_FILTER_QUIC_ALL,
+	UDP_FILTER_QUIC_PARSED,
+};
+
+#define default_section_config {				\
+	.sni_domains = {0},					\
+	.exclude_sni_domains = {0},				\
+	.all_domains = 0,					\
+	.tls_enabled = 1,					\
+	.frag_sni_reverse = 1,                                  \
+	.frag_sni_faked = 0,                                    \
+	.fragmentation_strategy = FRAGMENTATION_STRATEGY,       \
+	.faking_strategy = FAKING_STRATEGY,                     \
+	.faking_ttl = FAKE_TTL,                                 \
+	.fake_sni = 1,                                          \
+	.fake_sni_seq_len = 1,                                  \
+	.fake_sni_type = FAKE_PAYLOAD_DEFAULT,                  \
+	.fake_custom_pkt = NULL,				\
+	.fake_custom_pkt_sz = 0,				\
+	.frag_middle_sni = 1,                                   \
+	.frag_sni_pos = 1,                                      \
+	.fakeseq_offset = 10000,                                \
+	.synfake = 0,                                           \
+	.synfake_len = 0,                                       \
+                                                                \
+	.dport_filter = 1,	                                \
+	.seg2_delay = 0,                                        \
+                                                                \
+	.sni_detection = SNI_DETECTION_PARSE,                   \
+								\
+	.udp_mode = UDP_MODE_FAKE,				\
+	.udp_fake_seq_len = 6,					\
+	.udp_fake_len = 64,					\
+	.udp_faking_strategy = FAKE_STRAT_NONE,			\
+	.udp_dport_range = NULL,				\
+	.udp_dport_range_len = 0,				\
+	.udp_filter_quic = UDP_FILTER_QUIC_DISABLED,		\
+								\
+	.prev	= NULL,						\
+	.next	= NULL,						\
+	.id	= 0,						\
+}
+
+#define default_config_set {					\
+	.threads = THREADS_NUM,					\
+	.queue_start_num = DEFAULT_QUEUE_NUM,                   \
+	.mark = DEFAULT_RAWSOCKET_MARK,                         \
+	.use_ipv6 = 1,                                          \
+	.connbytes_limit = 19,                                  \
+                                                                \
+	.verbose = VERBOSE_DEBUG,                               \
+	.use_gso = 1,                                           \
+	.use_conntrack = 0,					\
+                                                                \
+	.first_section = NULL,					\
+	.last_section = NULL,					\
+                                                                \
+	.daemonize = 0,                                         \
+	.noclose = 0,                                           \
+	.syslog = 0,                                            \
+	.instaflush = 0,                                        \
+}
+
+#define default_logging_config_set {				\
+	.verbose = VERBOSE_DEBUG,				\
+	.syslog = 0,						\
+	.instaflush = 0,					\
+}
+
+struct ytb_conntrack {
+	uint32_t mask;
+
+	uint64_t orig_packets;
+	uint64_t repl_packets;
+	uint64_t orig_bytes;
+	uint64_t repl_bytes;
+	uint32_t connmark;
+	uint32_t id;
+};
+
+enum yct_attrs {
+	YCTATTR_ORIG_PACKETS,
+	YCTATTR_REPL_PACKETS,
+	YCTATTR_ORIG_BYTES,
+	YCTATTR_REPL_BYTES,
+	YCTATTR_CONNMARK,
+	YCTATTR_CONNID,
+};
+/* enum yct_attrs attr, struct ytb_conntrack * yct */
+#define yct_set_mask_attr(attr, yct) \
+	((yct)->mask |= (1 << (attr)))
+
+/* enum yct_attrs attr, const struct ytb_conntrack * yct */
+#define yct_is_mask_attr(attr, yct) \
+	(((yct)->mask & (1 << (attr))) == (1 << (attr)))
+
+/* enum yct_attrs attr, struct ytb_conntrack * yct */
+#define yct_del_mask_attr(attr, yct) \
+	(yct)->mask &= ~(1 << (attr))
+
+
+struct packet_data {
+	const uint8_t *payload;
+	size_t payload_len;
+	struct ytb_conntrack yct;
+};
+
+struct statistics_data {
+	unsigned long all_packet_counter;
+	unsigned long packet_counter;
+	unsigned long target_counter;
+	unsigned long sent_counter;
+};
+
+extern struct statistics_data global_stats;
+
+#endif /* YTB_CONFIG_H */

src/getopt.c

@@ -0,0 +1,228 @@
+/*
+  Copyright 2005-2014 Rich Felker, et al.
+  
+  Permission is hereby granted, free of charge, to any person obtaining
+  a copy of this software and associated documentation files (the
+  "Software"), to deal in the Software without restriction, including
+  without limitation the rights to use, copy, modify, merge, publish,
+  distribute, sublicense, and/or sell copies of the Software, and to
+  permit persons to whom the Software is furnished to do so, subject to
+  the following conditions:
+  
+  The above copyright notice and this permission notice shall be
+  included in all copies or substantial portions of the Software.
+  
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+  CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+  TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+  SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+*/
+
+
+#include "types.h"
+#include "logging.h"
+#include "getopt.h"
+
+char *optarg;
+int optind=1, opterr=1, optopt, __optpos, optreset=0;
+
+#define optpos __optpos
+
+static void __getopt_msg(const char *b, const char *c, size_t l)
+{
+	lgerr("%s %.*s", b, (int)l, c);
+}
+
+int getopt(int argc, char * const argv[], const char *optstring)
+{
+	int i, c, d;
+	int k, l;
+	char *optchar;
+
+	if (!optind || optreset) {
+		optreset = 0;
+		__optpos = 0;
+		optind = 1;
+	}
+
+	if (optind >= argc || !argv[optind])
+		return -1;
+
+	if (argv[optind][0] != '-') {
+		if (optstring[0] == '-') {
+			optarg = argv[optind++];
+			return 1;
+		}
+		return -1;
+	}
+
+	if (!argv[optind][1])
+		return -1;
+
+	if (argv[optind][1] == '-' && !argv[optind][2])
+		return optind++, -1;
+
+	if (!optpos) optpos++;
+	c = argv[optind][optpos], k = 1;
+	optchar = argv[optind]+optpos;
+	optopt = c;
+	optpos += k;
+
+	if (!argv[optind][optpos]) {
+		optind++;
+		optpos = 0;
+	}
+
+	if (optstring[0] == '-' || optstring[0] == '+')
+		optstring++;
+
+	i = 0;
+	d = 0;
+	do {
+		d = optstring[i], l = 1;
+		if (l>0) i+=l; else i++;
+	} while (l && d != c);
+
+	if (d != c) {
+		if (optstring[0] != ':' && opterr)
+			__getopt_msg("Unrecognized option: ", optchar, k);
+		return '?';
+	}
+	if (optstring[i] == ':') {
+		if (optstring[i+1] == ':') optarg = 0;
+		else if (optind >= argc) {
+			if (optstring[0] == ':') return ':';
+			if (opterr) __getopt_msg("Option requires an argument: ",
+				optchar, k);
+			return '?';
+		}
+		if (optstring[i+1] != ':' || optpos) {
+			optarg = argv[optind++] + optpos;
+			optpos = 0;
+		}
+	}
+	return c;
+}
+
+static void permute(char *const *argv, int dest, int src)
+{
+	char **av = (char **)argv;
+	char *tmp = av[src];
+	int i;
+	for (i=src; i>dest; i--)
+		av[i] = av[i-1];
+	av[dest] = tmp;
+}
+
+static int __getopt_long_core(int argc, char *const *argv, const char *optstring, const struct option *longopts, int *idx, int longonly)
+{
+	optarg = 0;
+	if (longopts && argv[optind][0] == '-' &&
+		((longonly && argv[optind][1] && argv[optind][1] != '-') ||
+		 (argv[optind][1] == '-' && argv[optind][2])))
+	{
+		int colon = optstring[optstring[0]=='+'||optstring[0]=='-']==':';
+		int i, cnt, match = -1;
+		char *opt;
+		for (cnt=i=0; longopts[i].name; i++) {
+			const char *name = longopts[i].name;
+			opt = argv[optind]+1;
+			if (*opt == '-') opt++;
+			for (; *name && *name == *opt; name++, opt++);
+			if (*opt && *opt != '=') continue;
+			match = i;
+			if (!*name) {
+				cnt = 1;
+				break;
+			}
+			cnt++;
+		}
+		if (cnt==1) {
+			i = match;
+			optind++;
+			optopt = longopts[i].val;
+			if (*opt == '=') {
+				if (!longopts[i].has_arg) {
+					if (colon || !opterr)
+						return '?';
+					__getopt_msg(
+						"Option does not take an argument: ",
+						longopts[i].name,
+						strlen(longopts[i].name));
+					return '?';
+				}
+				optarg = opt+1;
+			} else if (longopts[i].has_arg == required_argument) {
+				if (!(optarg = argv[optind])) {
+					if (colon) return ':';
+					if (!opterr) return '?';
+					__getopt_msg(
+						"Option requires an argument: ",
+						longopts[i].name,
+						strlen(longopts[i].name));
+					return '?';
+				}
+				optind++;
+			}
+			if (idx) *idx = i;
+			if (longopts[i].flag) {
+				*longopts[i].flag = longopts[i].val;
+				return 0;
+			}
+			return longopts[i].val;
+		}
+		if (argv[optind][1] == '-') {
+			if (!colon && opterr)
+				__getopt_msg(cnt ?
+					"Option is ambiguous: " :
+					"Unrecognized option: ",
+					argv[optind]+2,
+					strlen(argv[optind]+2));
+			optind++;
+			return '?';
+		}
+	}
+	return getopt(argc, argv, optstring);
+}
+
+static int __getopt_long(int argc, char *const *argv, const char *optstring, const struct option *longopts, int *idx, int longonly)
+{
+	int ret, skipped, resumed;
+	if (!optind || optreset) {
+		optreset = 0;
+		__optpos = 0;
+		optind = 1;
+	}
+	if (optind >= argc || !argv[optind]) return -1;
+	skipped = optind;
+	if (optstring[0] != '+' && optstring[0] != '-') {
+		int i;
+		for (i=optind; ; i++) {
+			if (i >= argc || !argv[i]) return -1;
+			if (argv[i][0] == '-' && argv[i][1]) break;
+		}
+		optind = i;
+	}
+	resumed = optind;
+	ret = __getopt_long_core(argc, argv, optstring, longopts, idx, longonly);
+	if (resumed > skipped) {
+		int i, cnt = optind-resumed;
+		for (i=0; i<cnt; i++)
+			permute(argv, skipped, optind-1);
+		optind = skipped + cnt;
+	}
+	return ret;
+}
+
+int getopt_long(int argc, char *const *argv, const char *optstring, const struct option *longopts, int *idx)
+{
+	return __getopt_long(argc, argv, optstring, longopts, idx, 0);
+}
+
+int getopt_long_only(int argc, char *const *argv, const char *optstring, const struct option *longopts, int *idx)
+{
+	return __getopt_long(argc, argv, optstring, longopts, idx, 1);
+}

src/getopt.h

@@ -0,0 +1,45 @@
+/*
+  Copyright 2005-2014 Rich Felker, et al.
+  
+  Permission is hereby granted, free of charge, to any person obtaining
+  a copy of this software and associated documentation files (the
+  "Software"), to deal in the Software without restriction, including
+  without limitation the rights to use, copy, modify, merge, publish,
+  distribute, sublicense, and/or sell copies of the Software, and to
+  permit persons to whom the Software is furnished to do so, subject to
+  the following conditions:
+  
+  The above copyright notice and this permission notice shall be
+  included in all copies or substantial portions of the Software.
+  
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+  CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+  TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+  SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+*/
+
+#ifndef _GETOPT_H
+#define _GETOPT_H
+
+int getopt(int, char * const [], const char *);
+extern char *optarg;
+extern int optind, opterr, optopt, optreset;
+
+struct option {
+	const char *name;
+	int has_arg;
+	int *flag;
+	int val;
+};
+
+int getopt_long(int, char *const *, const char *, const struct option *, int *);
+int getopt_long_only(int, char *const *, const char *, const struct option *, int *);
+
+#define no_argument        0
+#define required_argument  1
+#define optional_argument  2
+
+#endif

src/inet_ntop.c

@@ -0,0 +1,78 @@
+/**
+
+    musl libc
+
+musl, pronounced like the word "mussel", is an MIT-licensed
+implementation of the standard C library targetting the Linux syscall
+API, suitable for use in a wide range of deployment environments. musl
+offers efficient static and dynamic linking support, lightweight code
+and low runtime overhead, strong fail-safe guarantees under correct
+usage, and correctness in the sense of standards conformance and
+safety. musl is built on the principle that these goals are best
+achieved through simple code that is easy to understand and maintain.
+
+The 1.1 release series for musl features coverage for all interfaces
+defined in ISO C99 and POSIX 2008 base, along with a number of
+non-standardized interfaces for compatibility with Linux, BSD, and
+glibc functionality.
+
+For basic installation instructions, see the included INSTALL file.
+Information on full musl-targeted compiler toolchains, system
+bootstrapping, and Linux distributions built on musl can be found on
+the project website:
+
+    http://www.musl-libc.org/
+*/
+
+#include "types.h"
+
+// #ifndef KERNEL_SPACE
+// #error "For user space use glibc inet_ntop"
+// #endif
+
+const char *inet_ntop(int af, const void *restrict a0, char *restrict s, socklen_t l)
+{
+	const unsigned char *a = a0;
+	int i, j, max, best;
+	char buf[100];
+
+	switch (af) {
+	case AF_INET:
+		if (snprintf(s, l, "%d.%d.%d.%d", a[0],a[1],a[2],a[3]) < l)
+			return s;
+		break;
+	case AF_INET6:
+		if (memcmp(a, "\0\0\0\0\0\0\0\0\0\0\377\377", 12))
+			snprintf(buf, sizeof buf,
+				"%x:%x:%x:%x:%x:%x:%x:%x",
+				256*a[0]+a[1],256*a[2]+a[3],
+				256*a[4]+a[5],256*a[6]+a[7],
+				256*a[8]+a[9],256*a[10]+a[11],
+				256*a[12]+a[13],256*a[14]+a[15]);
+		else
+			snprintf(buf, sizeof buf,
+				"%x:%x:%x:%x:%x:%x:%d.%d.%d.%d",
+				256*a[0]+a[1],256*a[2]+a[3],
+				256*a[4]+a[5],256*a[6]+a[7],
+				256*a[8]+a[9],256*a[10]+a[11],
+				a[12],a[13],a[14],a[15]);
+		/* Replace longest /(^0|:)[:0]{2,}/ with "::" */
+		for (i=best=0, max=2; buf[i]; i++) {
+			if (i && buf[i] != ':') continue;
+			j = strspn(buf+i, ":0");
+			if (j>max) best=i, max=j;
+		}
+		if (max>3) {
+			buf[best] = buf[best+1] = ':';
+			memmove(buf+best+2, buf+best+max, i-best-max+1);
+		}
+		if (strlen(buf) < l) {
+			strcpy(s, buf);
+			return s;
+		}
+		break;
+	default:
+		return 0;
+	}
+	return 0;
+}

src/kytunblock.c

@@ -0,0 +1,714 @@
+/*
+  youtubeUnblock - https://github.com/Waujito/youtubeUnblock
+
+  Copyright (C) 2024-2025 Vadim Vetrov <vetrovvd@gmail.com>
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
+#ifndef KERNEL_SPACE
+#error "You are trying to compile the kernel module not in the kernel space"
+#endif
+
+// Kernel module for youtubeUnblock.
+// Build with make kmake 
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/mutex.h>
+#include <linux/socket.h>
+#include <linux/net.h>
+#include <linux/kernel.h>
+#include <linux/version.h>
+#include <linux/proc_fs.h>
+
+#include <linux/netfilter.h>
+#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ipv6.h>
+
+#ifdef IS_ENABLED
+#if !(IS_ENABLED(CONFIG_NF_CONNTRACK))
+#define NO_CONNTRACK
+#endif /* IS CONNTRACK ENABLED */
+#endif /* ifdef IS_ENABLED */
+
+#ifndef NO_CONNTRACK
+#include <net/netfilter/nf_conntrack.h>
+#include <net/netfilter/nf_conntrack_acct.h>
+#endif
+
+#include "mangle.h"
+#include "config.h"
+#include "utils.h"
+#include "logging.h"
+#include "args.h"
+
+#if defined(PKG_VERSION)
+MODULE_VERSION(PKG_VERSION);
+#endif
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Vadim Vetrov <vetrovvd@gmail.com>");
+MODULE_DESCRIPTION("Linux kernel module for youtubeUnblock");
+
+static struct socket *rawsocket;
+static struct socket *raw6socket;
+
+#define MAX_ARGC 1024
+static char *argv[MAX_ARGC];
+
+static struct config_t *cur_config;
+
+static void config_release(struct kref *ref)
+{
+	struct config_t *config = container_of(ref, struct config_t, refcount);
+	free_config(config);
+	kfree(config);
+	pr_warn("Config release\n");
+}
+
+static int params_set(const char *cval, const struct kernel_param *kp) {
+	int ret;
+
+	int cv_len = strlen(cval);
+	if (cv_len >= 1 && cval[cv_len - 1] == '\n') {
+		cv_len--;
+	}
+
+	const char *ytb_prefix = "youtubeUnblock ";
+	int ytbp_len = strlen(ytb_prefix);
+	int len = cv_len + ytbp_len; 
+
+	char *val = kmalloc(len + 1, GFP_KERNEL); // 1 for null-terminator
+	strncpy(val, ytb_prefix, ytbp_len);
+	strncpy(val + ytbp_len, cval, cv_len);
+	val[len] = '\0';
+
+	int argc = 0;
+	argv[argc++] = val;
+	
+	for (int i = 0; i < len; i++) {
+		if (val[i] == ' ') {
+			val[i] = '\0';
+
+			// safe because of null-terminator
+			if (val[i + 1] != ' ' && val[i + 1] != '\0') {
+				argv[argc++] = val + i + 1;
+			}
+		}
+	}
+
+
+	struct config_t *config;
+
+	config = kmalloc(sizeof(*config), GFP_KERNEL);
+	if (!config) {
+		ret = -ENOMEM;
+		goto ret_fval;
+	}
+
+	ret = yparse_args(config, argc, argv);
+
+	if (ret < 0) {
+		kfree(config);
+		goto ret_fval;
+	}
+	kref_init(&config->refcount);
+
+	struct config_t *old_config = cur_config;
+	cur_config = config;
+	parse_global_lgconf(cur_config);
+
+	kref_put(&old_config->refcount, config_release);
+	
+ret_fval:
+	kfree(val);
+	return ret;
+}
+
+static int params_get(char *buffer, const struct kernel_param *kp) {
+	size_t len = print_config(cur_config, buffer, 4000);
+	return len;
+}
+
+static const struct kernel_param_ops params_ops = {
+	.set = params_set,
+	.get = params_get,
+};
+
+module_param_cb(parameters, &params_ops, NULL, 0664);
+
+
+static int open_raw_socket(void) {
+	int ret = 0;
+	ret = sock_create(AF_INET, SOCK_RAW, IPPROTO_RAW, &rawsocket);
+
+	if (ret < 0) {
+		lgerror(ret, "Unable to create raw socket\n");
+		goto err;
+	}
+
+	// That's funny, but this is how it is done in the kernel
+	// https://elixir.bootlin.com/linux/v3.17.7/source/net/core/sock.c#L916
+	rawsocket->sk->sk_mark=cur_config->mark;
+
+	return 0;
+
+err:
+	return ret;
+}
+
+static void close_raw_socket(void) {
+	sock_release(rawsocket);
+	rawsocket = NULL;
+}
+
+static int send_raw_ipv4(const uint8_t *pkt, size_t pktlen) {
+	int ret = 0;
+	if (rawsocket == NULL) {
+		return -ENOTSOCK;
+
+	}
+	if (pktlen > AVAILABLE_MTU) return -ENOMEM;
+
+	struct iphdr *iph;
+
+	if ((ret = ip4_payload_split(
+	(uint8_t *)pkt, pktlen, &iph, NULL, NULL, NULL)) < 0) {
+		return ret;
+	}
+
+	struct sockaddr_in daddr = {
+		.sin_family = AF_INET,
+		.sin_port = 0,
+		.sin_addr = {
+			.s_addr = iph->daddr
+		}
+	};
+
+	struct msghdr msg;
+	struct kvec iov;
+
+	memset(&msg, 0, sizeof(msg));
+
+	iov.iov_base = (__u8 *)pkt;
+	iov.iov_len = pktlen;
+
+	msg.msg_flags = MSG_DONTWAIT;
+	msg.msg_name = &daddr;
+	msg.msg_namelen = sizeof(struct sockaddr_in);
+	msg.msg_control = NULL;
+	msg.msg_controllen = 0;
+
+
+	ret = kernel_sendmsg(rawsocket, &msg, &iov, 1, pktlen);
+
+	return ret;
+}
+
+static int open_raw6_socket(void) {
+	int ret = 0;
+	ret = sock_create(AF_INET6, SOCK_RAW, IPPROTO_RAW, &raw6socket);
+
+	if (ret < 0) {
+		lgerror(ret, "Unable to create raw socket\n");
+		goto err;
+	}
+
+	// That's funny, but this is how it is done in the kernel
+	// https://elixir.bootlin.com/linux/v3.17.7/source/net/core/sock.c#L916
+	raw6socket->sk->sk_mark=cur_config->mark;
+
+	return 0;
+
+err:
+	return ret;
+}
+
+static void close_raw6_socket(void) {
+	sock_release(raw6socket);
+	raw6socket = NULL;
+}
+
+static int send_raw_ipv6(const uint8_t *pkt, size_t pktlen) {
+	int ret = 0;
+	if (raw6socket == NULL) {
+		return -ENOTSOCK;
+
+	}
+
+	if (pktlen > AVAILABLE_MTU) return -ENOMEM;
+
+	struct ip6_hdr *iph;
+
+	if ((ret = ip6_payload_split(
+	(uint8_t *)pkt, pktlen, &iph, NULL, NULL, NULL)) < 0) {
+		return ret;
+	}
+
+	struct sockaddr_in6 daddr = {
+		.sin6_family = AF_INET6,
+		/* Always 0 for raw socket */
+		.sin6_port = 0,
+		.sin6_addr = iph->ip6_dst
+	};
+
+	struct kvec iov;
+	struct msghdr msg;
+	memset(&msg, 0, sizeof(msg));
+
+	iov.iov_base = (__u8 *)pkt;
+	iov.iov_len = pktlen;
+
+	msg.msg_flags = MSG_DONTWAIT;
+	msg.msg_name = &daddr;
+	msg.msg_namelen = sizeof(struct sockaddr_in6);
+	msg.msg_control = NULL;
+	msg.msg_controllen = 0;
+
+	ret = kernel_sendmsg(raw6socket, &msg, &iov, 1, pktlen);
+
+	return ret;
+}
+
+static int send_raw_socket(const uint8_t *pkt, size_t pktlen) {
+	int ret;
+
+	if (pktlen > AVAILABLE_MTU) {
+		lgtrace("Split packet!");
+
+		size_t buff1_size = pktlen;
+		uint8_t *buff1 = malloc(buff1_size);
+		if (buff1 == NULL) {
+			lgerror(-ENOMEM, "Allocation error");
+			return -ENOMEM;
+		}
+		size_t buff2_size = pktlen;
+		uint8_t *buff2 = malloc(buff2_size);
+		if (buff2 == NULL) {
+			lgerror(-ENOMEM, "Allocation error");
+			free(buff1);
+			return -ENOMEM;
+		}
+
+		if ((ret = tcp_frag(pkt, pktlen, AVAILABLE_MTU-128,
+			buff1, &buff1_size, buff2, &buff2_size)) < 0) {
+
+			goto erret_lc;
+		}
+
+		int sent = 0;
+		ret = send_raw_socket(buff1, buff1_size);
+
+		if (ret >= 0) sent += ret;
+		else {
+			goto erret_lc;
+		}
+
+		ret = send_raw_socket(buff2, buff2_size);
+		if (ret >= 0) sent += ret;
+		else {
+			goto erret_lc;
+		}
+		 
+		free(buff1);
+		free(buff2);
+		return sent;
+erret_lc:
+		free(buff1);
+		free(buff2);
+		return ret;
+	}
+	
+	++global_stats.sent_counter;
+	
+	int ipvx = netproto_version(pkt, pktlen);
+
+	if (ipvx == IP4VERSION) {
+		ret = send_raw_ipv4(pkt, pktlen);
+	} else if (ipvx == IP6VERSION) {
+		ret = send_raw_ipv6(pkt, pktlen);
+	} else {
+		printf("proto version %d is unsupported\n", ipvx);
+		return -EINVAL;
+	}
+
+	lgtrace_addp("raw_sock_send: %d", ret);
+	return ret;
+}
+
+static int delay_packet_send(const unsigned char *data, size_t data_len, unsigned int delay_ms) {
+	lginfo("delay_packet_send won't work on current youtubeUnblock version");
+	return send_raw_socket(data, data_len);
+}
+
+struct instance_config_t instance_config = {
+	.send_raw_packet = send_raw_socket,
+	.send_delayed_packet = delay_packet_send,
+};
+
+static int conntrack_parse(const struct sk_buff *skb, 
+			  struct ytb_conntrack *yct) {
+#ifndef NO_CONNTRACK
+
+	const struct nf_conn *ct;
+	enum ip_conntrack_info ctinfo;
+	const struct nf_conn_counter *counters;
+
+	ct = nf_ct_get(skb, &ctinfo);
+	if (!ct)
+		return -1;
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)
+	const struct nf_conn_acct *acct;
+	acct = nf_conn_acct_find(ct);
+	if (!acct)
+		return -1;
+	counters = acct->counter;
+#else 
+	counters = nf_conn_acct_find(ct);
+	if (!counters)
+		return -1;
+#endif
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 3, 0)
+	yct->orig_packets = atomic64_read(&counters[IP_CT_DIR_ORIGINAL].packets);
+	yct->orig_bytes = atomic64_read(&counters[IP_CT_DIR_ORIGINAL].bytes);
+	yct->repl_packets = atomic64_read(&counters[IP_CT_DIR_REPLY].packets);
+	yct->repl_bytes = atomic64_read(&counters[IP_CT_DIR_REPLY].bytes);
+#else 
+	yct->orig_packets = counters[IP_CT_DIR_ORIGINAL].packets;
+	yct->orig_bytes = counters[IP_CT_DIR_ORIGINAL].bytes;
+	yct->repl_packets = counters[IP_CT_DIR_REPLY].packets;
+	yct->repl_bytes = counters[IP_CT_DIR_REPLY].bytes;
+#endif
+	yct_set_mask_attr(YCTATTR_ORIG_PACKETS, yct);
+	yct_set_mask_attr(YCTATTR_ORIG_BYTES, yct);
+	yct_set_mask_attr(YCTATTR_REPL_PACKETS, yct);
+	yct_set_mask_attr(YCTATTR_REPL_BYTES, yct);
+
+#if defined(CONFIG_NF_CONNTRACK_MARK)
+	yct->connmark = READ_ONCE(ct->mark);
+	yct_set_mask_attr(YCTATTR_CONNMARK, yct);
+#endif
+
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0)
+	yct->id = nf_ct_get_id(ct);
+	yct_set_mask_attr(YCTATTR_CONNID, yct);
+#endif
+
+#endif /* NO_CONNTRACK */
+
+	return 0;
+}
+
+/* If this is a Red Hat-based kernel (Red Hat, CentOS, Fedora, etc)... */
+#ifdef RHEL_RELEASE_CODE
+
+#if RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(7, 2)
+#define NF_CALLBACK(name, skb) unsigned int name( \
+		const struct nf_hook_ops *ops, \
+		struct sk_buff *skb, \
+		const struct net_device *in, \
+		const struct net_device *out, \
+		const struct nf_hook_state *state) \
+
+#elif RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(7, 0)
+#define NF_CALLBACK(name, skb) unsigned int name( \
+		const struct nf_hook_ops *ops, \
+		struct sk_buff *skb, \
+		const struct net_device *in, \
+		const struct net_device *out, \
+		int (*okfn)(struct sk_buff *))
+
+#else
+
+#error "Sorry; this version of RHEL is not supported because it's kind of old."
+
+#endif /* RHEL_RELEASE_CODE >= x */
+
+
+/* If this NOT a RedHat-based kernel (Ubuntu, Debian, SuSE, etc)... */
+#else
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)
+#define NF_CALLBACK(name, skb) unsigned int name( \
+		void *priv, \
+		struct sk_buff *skb, \
+		const struct nf_hook_state *state)
+
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0)
+#define NF_CALLBACK(name, skb) unsigned int name( \
+		const struct nf_hook_ops *ops, \
+		struct sk_buff *skb, \
+		const struct nf_hook_state *state)
+
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)
+#define NF_CALLBACK(name, skb) unsigned int name( \
+		const struct nf_hook_ops *ops, \
+		struct sk_buff *skb, \
+		const struct net_device *in, \
+		const struct net_device *out, \
+		int (*okfn)(struct sk_buff *))
+
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3, 0, 0)
+#define NF_CALLBACK(name, skb) unsigned int name( \
+		unsigned int hooknum, \
+		struct sk_buff *skb, \
+		const struct net_device *in, \
+		const struct net_device *out, \
+		int (*okfn)(struct sk_buff *))
+
+#else
+#error "Linux < 3.0 isn't supported at all."
+
+#endif /* LINUX_VERSION_CODE > n */
+
+#endif /* RHEL or not RHEL */
+
+static NF_CALLBACK(ykb_nf_hook, skb) {
+	int ret;
+	struct packet_data pd = {0};
+	uint8_t *data_buf = NULL;
+	int nf_verdict = NF_ACCEPT;
+
+	struct config_t *config = cur_config;
+	kref_get(&config->refcount);
+
+	++global_stats.all_packet_counter;
+
+	if ((skb->mark & config->mark) == config->mark)  {
+		goto send_verdict;
+	}
+	
+	if (skb->head == NULL) {
+		goto send_verdict;
+	}
+	
+	if (skb->len >= MAX_PACKET_SIZE) {
+		goto send_verdict;
+	}
+
+	ret = conntrack_parse(skb, &pd.yct);
+	if (ret < 0) {
+		lgtrace("[TRACE] conntrack_parse error code\n");
+	}
+
+	if (config->connbytes_limit != 0 && yct_is_mask_attr(YCTATTR_ORIG_PACKETS, &pd.yct) && pd.yct.orig_packets > config->connbytes_limit)
+		goto send_verdict;
+
+
+	if (skb_is_nonlinear(skb)) {
+		data_buf = kmalloc(skb->len, GFP_KERNEL);
+		if (data_buf == NULL) {
+			lgerror(-ENOMEM, "Cannot allocate packet buffer");
+		}
+		ret = skb_copy_bits(skb, 0, data_buf, skb->len);
+		if (ret) {
+			lgerror(ret, "Cannot copy bits");
+			goto send_verdict;
+		}
+
+		pd.payload = data_buf;	
+	} else {
+		pd.payload = skb->data;
+	}
+
+	pd.payload_len = skb->len;
+
+	int vrd = process_packet(config, &pd);
+	++global_stats.packet_counter;
+
+	switch(vrd) {
+		case PKT_ACCEPT:
+			nf_verdict = NF_ACCEPT;
+			break;
+		case PKT_DROP:
+			++global_stats.target_counter;
+			nf_verdict = NF_STOLEN;
+			kfree_skb(skb);
+			break;
+	}
+
+send_verdict:
+	kfree(data_buf);
+	kref_put(&config->refcount, config_release);
+	return nf_verdict;
+}
+
+static struct nf_hook_ops ykb_hook_ops[] = {
+{
+	.hook		= ykb_nf_hook,
+	.pf		= NFPROTO_IPV4,
+	.hooknum	= NF_INET_POST_ROUTING,
+	.priority	= NF_IP_PRI_MANGLE,
+}
+#ifndef NO_IPV6
+,{
+	.hook		= ykb_nf_hook,
+	.pf		= NFPROTO_IPV6,
+	.hooknum	= NF_INET_POST_ROUTING,
+	.priority	= NF_IP6_PRI_MANGLE,
+}
+#endif
+};
+static const size_t ykb_hooks_sz = sizeof(ykb_hook_ops) / sizeof(struct nf_hook_ops);
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0)
+static int ykb_net_init(struct net *net)
+{
+	int ret;
+	ret = nf_register_net_hooks(net, ykb_hook_ops, ykb_hooks_sz);
+	if (ret < 0)
+		return ret;
+
+	return 0;
+}
+
+static void ykb_net_exit(struct net *net)
+{
+	nf_unregister_net_hooks(net, ykb_hook_ops, ykb_hooks_sz);
+}
+
+static struct pernet_operations ykb_pernet_ops = {
+	.init = ykb_net_init,
+	.exit = ykb_net_exit
+};
+#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0) */
+
+#ifdef CONFIG_PROC_FS
+
+static int proc_stats_show(struct seq_file *s, void *v) {
+	seq_printf(s, "youtubeUnblock stats: \n"
+		"\tCatched: %ld packets\n"
+		"\tProcessed: %ld packets\n"
+		"\tTargetted: %ld packets\n"
+		"\tSent over socket %ld packets\n",
+		global_stats.all_packet_counter, global_stats.packet_counter, 
+		global_stats.target_counter, global_stats.sent_counter);
+	
+	return 0;
+}
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4,18,0)
+
+static int proc_stats_open(struct inode *inode, struct file *file)
+{
+	return single_open(file, proc_stats_show, NULL);
+}
+static const struct file_operations proc_stats_operations = {
+	.open		= proc_stats_open,
+	.read		= seq_read,
+	.llseek		= seq_lseek,
+	.release	= single_release,
+};
+
+#endif /* KERNEL_VERSION */
+
+#endif /* CONFIG_PROC_FS */
+
+static int __init ykb_init(void) {
+	int ret;
+
+#ifdef NO_CONNTRACK
+	lgwarning("Conntrack is disabled.");
+#endif
+#ifdef NO_IPV6
+	lgwarning("IPv6 is disabled.");
+#endif
+	cur_config = kmalloc(sizeof(*cur_config), GFP_KERNEL);
+	if (!cur_config) {
+		return -ENOMEM;
+	}
+	ret = init_config(cur_config);
+	if (ret < 0) {
+		kfree(cur_config);
+		goto err;
+	}
+
+	kref_init(&cur_config->refcount);
+
+	ret = open_raw_socket();
+	if (ret < 0) {
+		lgerror(ret, "ipv4 rawsocket initialization failed!");
+		goto err_config;
+	}
+
+#ifndef NO_IPV6
+	ret = open_raw6_socket();
+	if (ret < 0) {
+		lgerror(ret, "ipv6 rawsocket initialization failed!");
+		goto err_close4_sock;
+	}
+#endif /* NO_IPV6 */
+
+#ifdef CONFIG_PROC_FS
+	if (!
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,18,0)
+		proc_create_single("kyoutubeUnblock", 0, NULL, proc_stats_show)
+#else
+		proc_create("kyoutubeUnblock", 0, NULL, &proc_stats_operations)
+#endif
+	) {
+		lgwarning("kyoutubeUnblock procfs entry creation failed");
+	}
+#endif
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0)
+	ret = register_pernet_subsys(&ykb_pernet_ops);
+#else
+	ret = nf_register_hooks(ykb_hook_ops, ykb_hooks_sz);
+#endif
+
+	if (ret < 0)
+		goto err_close_sock;
+
+
+	lginfo("youtubeUnblock kernel module started.\n");
+	return 0;
+
+err_close_sock:
+#ifndef NO_IPV6
+	close_raw6_socket();
+#endif
+err_close4_sock:
+	close_raw_socket();
+err_config:
+	kref_put(&cur_config->refcount, config_release);
+err:
+	return ret;
+}
+
+static void __exit ykb_destroy(void) {	
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0)
+	unregister_pernet_subsys(&ykb_pernet_ops);
+#else
+	nf_unregister_hooks(ykb_hook_ops, ykb_hooks_sz);
+#endif
+
+#ifndef NO_IPV6
+	close_raw6_socket();
+#endif
+
+#ifdef CONFIG_PROC_FS
+	remove_proc_entry("kyoutubeUnblock", NULL);
+#endif
+
+	close_raw_socket();
+	kref_put(&cur_config->refcount, config_release);
+	lginfo("youtubeUnblock kernel module destroyed.\n");
+}
+
+module_init(ykb_init);
+module_exit(ykb_destroy);

src/logging.h

@@ -0,0 +1,151 @@
+/*
+  youtubeUnblock - https://github.com/Waujito/youtubeUnblock
+
+  Copyright (C) 2024-2025 Vadim Vetrov <vetrovvd@gmail.com>
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
+#ifndef LOGGING_H
+#define LOGGING_H
+#include "config.h"
+
+/**
+ * Defined in args.c
+ */
+#define LOGGING_BUFSIZE 4096
+extern char ylgh_buf[LOGGING_BUFSIZE];
+extern size_t ylgh_leftbuf;
+extern char *ylgh_curptr;
+extern int ylgh_ndnl;
+
+#define LOG_LEVEL (logging_conf.verbose)
+#define DO_INSTAFLUSH (logging_conf.instaflush)
+#define DO_SYSLOG (logging_conf.syslog)
+
+#ifdef KERNEL_SPACE
+#define LOG_ERR KERN_ERR
+#define LOG_INFO KERN_INFO
+#define LOG_WARNING KERN_WARNING
+
+#include <linux/kernel.h>
+#include <linux/module.h>
+#define printf pr_info
+#define perror pr_err
+#define print_message(level, msg, ...) \
+	(printk(level msg, ##__VA_ARGS__))
+
+#else
+#include <stdio.h> // IWYU pragma: export
+#include <errno.h>
+#include <syslog.h> 
+
+#define print_message(level, msg, ...) \
+	(DO_SYSLOG ? (void)(syslog((level), msg, ##__VA_ARGS__)) : (void)(printf(msg, ##__VA_ARGS__) + fflush(stdout)))
+
+#endif /* PROGRAM_SPACE */
+
+/**
+ * For flushing only. Use log_buf_write for writing.
+ */
+#define log_buf_flush(level) __extension__ ({		\
+	if (ylgh_leftbuf != LOGGING_BUFSIZE) {		\
+		print_message(level, "%s", ylgh_buf);\
+		ylgh_curptr = ylgh_buf;		\
+		ylgh_leftbuf = LOGGING_BUFSIZE;		\
+	}						\
+})
+
+#define log_buf(level, msg, ...) __extension__ ({			\
+	int lgrtrt;							\
+	lgrtrt=snprintf(ylgh_curptr, ylgh_leftbuf, msg, ##__VA_ARGS__);	\
+	if (lgrtrt < 0 || lgrtrt >= ylgh_leftbuf) {			\
+		ylgh_leftbuf = 0;					\
+		log_buf_flush(level);					\
+	} else {							\
+		ylgh_leftbuf -= lgrtrt;					\
+		ylgh_curptr += lgrtrt;				\
+	}								\
+})
+
+#define log_buf_write(level) __extension__ ({		\
+	if (ylgh_ndnl) {				\
+		log_buf(level, "\n");			\
+		ylgh_ndnl = 0;				\
+	}						\
+	log_buf_flush(level);				\
+})
+
+#define log_message(level, msg, ...) __extension__ ({			\
+	if (ylgh_leftbuf != LOGGING_BUFSIZE) {				\
+		log_buf_write(LOG_INFO);				\
+		log_buf(level, "[NOTICE] ");				\
+	}								\
+	log_buf(level, msg, ##__VA_ARGS__);				\
+	ylgh_ndnl = 1;							\
+	log_buf_write(level);						\
+})
+
+#ifdef KERNEL_SPACE
+#define lgerror(code, msg, ...) \
+	(log_message(LOG_ERR, msg ": %d", ##__VA_ARGS__, code))
+#else
+#define lgerror(code, msg, ...) \
+	log_message(LOG_ERR, msg ": %s", ##__VA_ARGS__, strerror(-code));
+#endif
+
+
+#define lgerr(msg, ...) \
+(log_message(LOG_ERR, msg, ##__VA_ARGS__))
+
+#define lgwarning(msg, ...) \
+(log_message(LOG_WARNING, msg, ##__VA_ARGS__))
+
+
+#define lginfo(msg, ...) \
+(log_message(LOG_INFO, msg, ##__VA_ARGS__))
+
+#define lgdebug(msg, ...) \
+(LOG_LEVEL >= VERBOSE_DEBUG ? log_message(LOG_INFO, msg, ##__VA_ARGS__) : (void)0)
+
+#define lgtrace(msg, ...) \
+(LOG_LEVEL >= VERBOSE_TRACE ? log_message(LOG_INFO, msg, ##__VA_ARGS__) : (void)0)
+
+#define lgtrace_start() \
+	lgtrace("---[TRACE PACKET START]---")
+
+#define lgtrace_wr(msg, ...)  __extension__ ({			\
+	if (LOG_LEVEL >= VERBOSE_TRACE) {			\
+		ylgh_ndnl = 1;					\
+		log_buf(LOG_INFO, msg, ##__VA_ARGS__);		\
+		if (DO_INSTAFLUSH) {			\
+			log_buf_flush(LOG_INFO);		\
+		}						\
+	}							\
+})
+
+#define lgtrace_addp(msg, ...) \
+	lgtrace_wr(msg ", ", ##__VA_ARGS__)
+
+#define lgtrace_write() \
+	(LOG_LEVEL >= VERBOSE_TRACE ? log_buf_write(LOG_INFO) : (void)0)
+
+#define lgtrace_end() __extension__ ({		\
+	if (LOG_LEVEL >= VERBOSE_TRACE) {	\
+		log_buf_write(LOG_INFO);	\
+		print_message(LOG_INFO, "\n");	\
+	}					\
+})
+
+#endif /* LOGGING_H */

src/mangle.c

@@ -0,0 +1,767 @@
+/*
+  youtubeUnblock - https://github.com/Waujito/youtubeUnblock
+
+  Copyright (C) 2024-2025 Vadim Vetrov <vetrovvd@gmail.com>
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
+#define _GNU_SOURCE
+#include "types.h" // IWYU pragma: keep
+#include "mangle.h"
+#include "config.h"
+#include "utils.h"
+#include "quic.h"
+#include "logging.h"
+#include "tls.h"
+
+#ifndef KERNEL_SPACE
+#include <stdlib.h>
+#else
+#include "linux/inet.h"
+#endif
+
+int process_packet(const struct config_t *config, const struct packet_data *pd) {
+	const uint8_t *raw_payload = pd->payload;
+	uint32_t raw_payload_len = pd->payload_len;
+
+	if (raw_payload_len > MAX_PACKET_SIZE) {
+		return PKT_ACCEPT;
+	}
+
+	const struct iphdr *iph;
+	const struct ip6_hdr *ip6h;
+	size_t iph_len;
+	const uint8_t *ip_payload;
+	size_t ip_payload_len;
+	const char *bpt;
+
+	int transport_proto = -1;
+	int ipver = netproto_version(raw_payload, raw_payload_len);
+	int ret;
+
+	lgtrace_start();
+
+	lgtrace_wr("IPv%d ", ipver);
+
+	if (ipver == IP4VERSION) {
+		ret = ip4_payload_split((uint8_t *)raw_payload, raw_payload_len,
+			 (struct iphdr **)&iph, &iph_len, 
+			 (uint8_t **)&ip_payload, &ip_payload_len);	
+
+		if (ret < 0)
+			goto accept;
+
+		transport_proto = iph->protocol;
+
+	} 
+#ifndef NO_IPV6
+	else if (ipver == IP6VERSION && config->use_ipv6) {
+		ret = ip6_payload_split((uint8_t *)raw_payload, raw_payload_len,
+			 (struct ip6_hdr **)&ip6h, &iph_len, 
+			 (uint8_t **)&ip_payload, &ip_payload_len);
+
+		if (ret < 0)
+			goto accept;
+
+		transport_proto = ip6h->ip6_nxt;
+
+	} 
+#endif
+	else {
+		lgtrace("Unknown layer 3 protocol version: %d", ipver);
+		goto accept;
+	}
+
+	if (LOG_LEVEL >= VERBOSE_TRACE) {
+		bpt = inet_ntop(
+			ipver == IP4VERSION ? AF_INET : AF_INET6, 
+			ipver == IP4VERSION ? (void *)(&iph->saddr) : 
+				(void *)(&ip6h->ip6_src), 
+			ylgh_curptr, ylgh_leftbuf); 
+		if (bpt != NULL) {
+			ret = strnlen(bpt, ylgh_leftbuf);
+			ylgh_leftbuf -= ret;
+			ylgh_curptr += ret;
+		}
+
+		lgtrace_wr(" => ");
+
+		bpt = inet_ntop(
+			ipver == IP4VERSION ? AF_INET : AF_INET6, 
+			ipver == IP4VERSION ? (void *)(&iph->daddr) : 
+				(void *)(&ip6h->ip6_dst),  
+			ylgh_curptr, ylgh_leftbuf); 
+		if (bpt != NULL) {
+			ret = strnlen(bpt, ylgh_leftbuf);
+			ylgh_leftbuf -= ret;
+			ylgh_curptr += ret;
+
+		}
+		
+		lgtrace_wr(" ");
+		const uint8_t *transport_payload = NULL;
+		size_t transport_payload_len = 0;
+		int sport = -1, dport = -1;
+
+		if (transport_proto == IPPROTO_TCP) {
+			lgtrace_wr("TCP ");
+			const struct tcphdr *tcph;
+			ret = tcp_payload_split((uint8_t *)raw_payload, raw_payload_len,
+				      NULL, NULL,
+				      (struct tcphdr **)&tcph, NULL,
+				      (uint8_t **)&transport_payload, &transport_payload_len);
+
+			if (ret == 0) {
+				sport = ntohs(tcph->source);
+				dport = ntohs(tcph->dest);
+			}
+
+		} else if (transport_proto == IPPROTO_UDP) {
+			lgtrace_wr("UDP ");
+			const struct udphdr *udph = ((const struct udphdr *)ip_payload);
+			ret = udp_payload_split((uint8_t *)raw_payload, raw_payload_len,
+				      NULL, NULL,
+				      (struct udphdr **)&udph,
+				      (uint8_t **)&transport_payload, &transport_payload_len);
+
+			if (ret == 0) {
+				sport = ntohs(udph->source);
+				dport = ntohs(udph->dest);
+			}
+		}
+
+		lgtrace_wr("%d => %d ", sport, dport);
+		lgtrace_write();
+
+		lgtrace_wr("Transport payload: [ ");
+		for (int i = 0; i < min((int)16, (int)transport_payload_len); i++) {
+			lgtrace_wr("%02x ", transport_payload[i]);
+		}
+		lgtrace_wr("]");
+		lgtrace_write();
+	}
+
+	int verdict = PKT_CONTINUE;
+
+	ITER_CONFIG_SECTIONS(config, section) {
+		lgtrace_wr("Section #%d: ", CONFIG_SECTION_NUMBER(section));
+
+		switch (transport_proto) {
+		case IPPROTO_TCP:
+			verdict = process_tcp_packet(section, raw_payload, raw_payload_len);
+			break;
+		case IPPROTO_UDP:
+			verdict = process_udp_packet(section, raw_payload, raw_payload_len);
+			break;
+		}
+
+		if (verdict == PKT_CONTINUE) {
+			lgtrace_wr("continue_flow");
+			lgtrace_write();
+			continue;
+		}
+
+		lgtrace_write();
+		goto ret_verdict;
+	}
+
+accept:	
+	verdict = PKT_ACCEPT;
+
+ret_verdict:
+
+	switch (verdict) {
+	case PKT_ACCEPT:
+		lgtrace_wr("accept");
+		break;
+	case PKT_DROP:
+		lgtrace_wr("drop");
+		break;
+	default:
+		lgtrace_wr("unknown verdict: %d", verdict);
+	}
+	lgtrace_end();
+
+	return verdict;
+}
+
+int process_tcp_packet(const struct section_config_t *section, const uint8_t *raw_payload, size_t raw_payload_len) {
+	const void *ipxh;
+	size_t iph_len;
+	const struct tcphdr *tcph;
+	size_t tcph_len;
+	const uint8_t *data;
+	size_t dlen;
+
+
+	int ipxv = netproto_version(raw_payload, raw_payload_len);
+
+	int ret = tcp_payload_split((uint8_t *)raw_payload, raw_payload_len,
+			      (void *)&ipxh, &iph_len,
+			      (struct tcphdr **)&tcph, &tcph_len,
+			      (uint8_t **)&data, &dlen);
+
+
+	if (ret < 0) {
+		return PKT_ACCEPT;
+	}
+
+	// As defined by TLS standard.
+	if (section->dport_filter && ntohs(tcph->dest) != 443) {
+		return PKT_ACCEPT;
+	}
+
+	if (tcph->syn && section->synfake) {
+		lgtrace_addp("TCP syn alter");
+
+		size_t fake_len = section->fake_sni_pkt_sz;
+		if (section->synfake_len) 
+			fake_len = min((int)section->synfake_len, (int)fake_len);
+
+
+		size_t payload_len = iph_len + tcph_len + fake_len;
+		uint8_t *payload = malloc(payload_len);
+		if (payload == NULL) {
+			lgerror(-ENOMEM, "Allocation error");
+			return PKT_ACCEPT;
+		}
+
+		memcpy(payload, ipxh, iph_len);
+		memcpy(payload + iph_len, tcph, tcph_len);	
+		memcpy(payload + iph_len + tcph_len, section->fake_sni_pkt, fake_len);
+
+		struct tcphdr *tcph = (struct tcphdr *)(payload + iph_len);
+		if (ipxv == IP4VERSION) {
+			struct iphdr *iph = (struct iphdr *)payload;
+			iph->tot_len = htons(iph_len + tcph_len + fake_len);
+			set_ip_checksum(payload, iph_len);
+			set_tcp_checksum(tcph, iph, iph_len);
+		} else if (ipxv == IP6VERSION) {
+			struct ip6_hdr *ip6h = (struct ip6_hdr *)payload;
+			ip6h->ip6_plen = ntohs(tcph_len + fake_len);
+			set_ip_checksum(ip6h, iph_len);
+			set_tcp_checksum(tcph, ip6h, iph_len);
+		}
+
+
+		ret = instance_config.send_raw_packet(payload, payload_len);
+		if (ret < 0) {
+			lgerror(ret, "send_syn_altered");
+
+			free(payload);
+			return PKT_ACCEPT;
+		}
+
+		free(payload);
+		return PKT_DROP;
+	}
+
+	if (tcph->syn) 
+		return PKT_CONTINUE;
+
+	if (!section->tls_enabled)
+		return PKT_CONTINUE;
+
+	struct tls_verdict vrd = analyze_tls_data(section, data, dlen);
+	lgtrace_addp("TLS analyzed");
+
+	if (vrd.sni_len != 0) {
+		lgtrace_addp("SNI detected: %.*s", vrd.sni_len, vrd.sni_ptr);
+	}
+
+	if (vrd.target_sni) {
+		lgdebug("Target SNI detected: %.*s", vrd.sni_len, vrd.sni_ptr);
+		size_t target_sni_offset = vrd.target_sni_ptr - data;
+
+
+		size_t payload_len = raw_payload_len;
+		uint8_t *payload = malloc(raw_payload_len);
+		if (payload == NULL) {
+			lgerror(-ENOMEM, "Allocation error");
+			return PKT_ACCEPT;
+		}
+		memcpy(payload, raw_payload, raw_payload_len);
+
+		void *iph;
+		size_t iph_len;
+		struct tcphdr *tcph;
+		size_t tcph_len;
+		uint8_t *data;
+		size_t dlen;
+
+		int ret = tcp_payload_split(payload, payload_len,
+				      &iph, &iph_len, &tcph, &tcph_len,
+				      &data, &dlen);
+
+		if (ret < 0) {
+			lgerror(ret, "tcp_payload_split in targ_sni");
+			goto accept_lc;
+		}
+
+		if (section->fk_winsize) {
+			tcph->window = htons(section->fk_winsize);
+			set_tcp_checksum(tcph, iph, iph_len);
+		}
+
+/*
+		if (0) {
+			int delta = 2;
+			ret = seqovl_packet(payload, &payload_len, delta);
+			int ret = tcp_payload_split(payload, payload_len,
+				      &iph, &iph_len, &tcph, &tcph_len,
+				      &data, &dlen);
+			if (ret < 0) {
+				lgerror(ret, "seqovl_packet delta %d", delta);
+			}
+		}
+*/
+		
+		if (dlen > AVAILABLE_MTU) {
+			lgdebug("WARNING! Client Hello packet is too big and may cause issues!");
+		}
+
+		if (section->fake_sni) {
+			post_fake_sni(args_default_fake_type(section), iph, iph_len, tcph, tcph_len);
+		}
+
+		size_t ipd_offset;
+		size_t mid_offset;
+
+		switch (section->fragmentation_strategy) {
+		case FRAG_STRAT_TCP: 
+		{
+			ipd_offset = target_sni_offset;
+			mid_offset = ipd_offset + vrd.target_sni_len / 2;
+
+			size_t poses[2];
+			int cnt = 0;
+
+			if (section->frag_sni_pos && dlen > section->frag_sni_pos) {
+				poses[cnt++] = section->frag_sni_pos;
+			}
+
+			if (section->frag_middle_sni) {
+				poses[cnt++] = mid_offset;
+			}
+
+			if (cnt > 1 && poses[0] > poses[1]) {
+				size_t tmp = poses[0];
+				poses[0] = poses[1];
+				poses[1] = tmp;
+			}
+
+			ret = send_tcp_frags(section, payload, payload_len, poses, cnt, 0);
+			if (ret < 0) {
+				lgerror(ret, "tcp4 send frags");
+				goto accept_lc;
+			}
+
+			goto drop_lc;
+		}
+		break;
+		case FRAG_STRAT_IP: 
+		if (ipxv == IP4VERSION) {
+			ipd_offset = ((char *)data - (char *)tcph) + target_sni_offset;
+			mid_offset = ipd_offset + vrd.target_sni_len / 2;
+			mid_offset += 8 - mid_offset % 8;
+
+			size_t poses[2];
+			int cnt = 0;
+
+			if (section->frag_sni_pos && dlen > section->frag_sni_pos) {
+				poses[cnt] = section->frag_sni_pos + ((char *)data - (char *)tcph);
+				poses[cnt] += 8 - poses[cnt] % 8;
+				cnt++;
+			}
+
+			if (section->frag_middle_sni) {
+				poses[cnt++] = mid_offset;
+			}
+
+			if (cnt > 1 && poses[0] > poses[1]) {
+				size_t tmp = poses[0];
+				poses[0] = poses[1];
+				poses[1] = tmp;
+			}
+
+			ret = send_ip4_frags(section, payload, payload_len, poses, cnt, 0);
+			if (ret < 0) {
+				lgerror(ret, "ip4 send frags");
+				goto accept_lc;
+			}
+
+			goto drop_lc;
+		} else {
+			lginfo("WARNING: IP fragmentation is supported only for IPv4");	
+			goto default_send;
+		}
+		break;
+		}
+
+default_send:
+		ret = instance_config.send_raw_packet(payload, payload_len);
+		if (ret < 0) {
+			lgerror(ret, "raw pack send");
+			goto accept_lc;
+		}
+
+		goto drop_lc;
+
+accept_lc:
+		free(payload);
+		return PKT_ACCEPT;
+drop_lc:
+		free(payload);
+		return PKT_DROP;
+	}
+
+	return PKT_CONTINUE;
+}
+
+int process_udp_packet(const struct section_config_t *section, const uint8_t *pkt, size_t pktlen) {
+	const void *iph;
+	size_t iph_len;
+	const struct udphdr *udph;
+	const uint8_t *data;
+	size_t dlen;
+
+	int ret = udp_payload_split((uint8_t *)pkt, pktlen,
+			      (void **)&iph, &iph_len, 
+			      (struct udphdr **)&udph,
+			      (uint8_t **)&data, &dlen);
+
+	
+	if (ret < 0) {
+		lgtrace_addp("undefined");
+		goto accept;
+	}
+
+	if (!detect_udp_filtered(section, pkt, pktlen)) 
+		goto continue_flow;
+
+	if (section->udp_mode == UDP_MODE_DROP)
+		goto drop;
+	else if (section->udp_mode == UDP_MODE_FAKE) {
+		for (int i = 0; i < section->udp_fake_seq_len; i++) {
+			uint8_t *fake_udp;
+			size_t fake_udp_len;
+
+			struct udp_fake_type fake_type = {
+				.fake_len = section->udp_fake_len,
+				.strategy = {
+					.strategy = section->udp_faking_strategy,
+					.faking_ttl = section->faking_ttl,
+				},
+			};
+			ret = gen_fake_udp(fake_type, iph, iph_len, udph, &fake_udp, &fake_udp_len);
+			if (ret < 0) {
+				lgerror(ret, "gen_fake_udp");
+				goto erret;
+			}
+
+			lgtrace_addp("post fake udp #%d", i + 1);
+
+			ret = instance_config.send_raw_packet(fake_udp, fake_udp_len);
+			if (ret < 0) {
+				lgerror(ret, "send fake udp");
+				goto erret_lc;
+			}
+						
+			free(fake_udp);
+			continue;
+erret_lc:
+			free(fake_udp);
+erret:
+			goto accept;
+		}
+
+		
+		ret = instance_config.send_raw_packet(pkt, pktlen);
+		goto drop;
+	}
+
+continue_flow:
+	return PKT_CONTINUE;
+accept:
+	return PKT_ACCEPT;
+drop:
+	return PKT_DROP;
+}
+
+int send_ip4_frags(const struct section_config_t *section, const uint8_t *packet, size_t pktlen, const size_t *poses, size_t poses_sz, size_t dvs) {
+	if (poses_sz == 0) {
+		lgtrace_addp("raw send packet of %zu bytes with %zu dvs", pktlen, dvs);
+		if (section->seg2_delay && ((dvs > 0) ^ section->frag_sni_reverse)) {
+			return instance_config.send_delayed_packet(
+				packet, pktlen, section->seg2_delay);
+		} else {
+			return instance_config.send_raw_packet(
+				packet, pktlen);
+		}
+	} else {
+		size_t f1len = pktlen;
+		uint8_t *frag1 = malloc(f1len);
+		if (frag1 == NULL) {
+			lgerror(-ENOMEM, "Allocation error");
+			return -ENOMEM;
+		}
+
+		size_t f2len = pktlen;
+		uint8_t *frag2 = malloc(f2len);
+		if (frag2 == NULL) {
+			lgerror(-ENOMEM, "Allocation error");
+			free(frag1);
+			return -ENOMEM;
+		}
+
+		int ret;
+
+		if (dvs > poses[0]) {
+			lgerror(-EINVAL, "send_frags: Recursive dvs(%zu) is more than poses0(%zu)", dvs, poses[0]);
+			ret = -EINVAL;
+			goto erret_lc;
+		}
+
+		size_t frag_pos = poses[0] - dvs;
+		frag_pos += 8 - frag_pos % 8;
+
+		ret = ip4_frag(packet, pktlen, frag_pos, 
+			frag1, &f1len, frag2, &f2len);
+
+		if (ret < 0) {
+			lgerror(ret, "send_frags: frag: with context packet with size %zu, position: %zu, recursive dvs: %zu", pktlen, poses[0], dvs);
+			goto erret_lc;
+		}
+
+		if (section->frag_sni_reverse)
+			goto send_frag2;
+send_frag1:
+		ret = send_ip4_frags(section, frag1, f1len, NULL, 0, 0);
+		if (ret < 0) {
+			goto erret_lc;
+		}
+
+		if (section->frag_sni_reverse)
+			goto out_lc;
+
+send_frag2:
+		ret = send_ip4_frags(section, frag2, f2len, poses + 1, poses_sz - 1, poses[0]);
+		if (ret < 0) {
+			goto erret_lc;
+		}
+
+		if (section->frag_sni_reverse)
+			goto send_frag1;
+
+out_lc:
+		free(frag1);
+		free(frag2);
+		goto out;
+erret_lc:
+		free(frag1);
+		free(frag2);
+		return ret;
+	}
+
+out:
+	return 0;
+}
+
+int send_tcp_frags(const struct section_config_t *section, const uint8_t *packet, size_t pktlen, const size_t *poses, size_t poses_sz, size_t dvs) {
+	if (poses_sz == 0) {
+		lgtrace_addp("raw send packet of %zu bytes with %zu dvs", pktlen, dvs);
+		if (section->seg2_delay && ((dvs > 0) ^ section->frag_sni_reverse)) {
+			return instance_config.send_delayed_packet(
+				packet, pktlen, section->seg2_delay);
+		} else {
+			return instance_config.send_raw_packet(
+				packet, pktlen);
+		}
+	} else {
+		size_t f1len = pktlen;
+		uint8_t *frag1 = malloc(f1len);
+		if (frag1 == NULL) {
+			lgerror(-ENOMEM, "Allocation error");
+			return -ENOMEM;
+		}
+
+		size_t f2len = pktlen;
+		uint8_t *frag2 = malloc(f2len);
+		if (frag2 == NULL) {
+			lgerror(-ENOMEM, "Allocation error");
+			free(frag1);
+			return -ENOMEM;
+		}
+
+		int ret;
+
+		if (dvs > poses[0]) {
+			lgerror(-EINVAL, "send_frags: Recursive dvs(%zu) is more than poses0(%zu)", dvs, poses[0]);
+			ret = -EINVAL;
+			goto erret_lc;
+		}
+
+		ret = tcp_frag(packet, pktlen, poses[0] - dvs, 
+			frag1, &f1len, frag2, &f2len);
+
+
+		lgtrace_addp("Packet split in %zu bytes position of payload start, dvs: %zu to two packets of %zu and %zu lengths", poses[0], dvs, f1len, f2len);
+
+		if (ret < 0) {
+			lgerror(ret, "send_frags: tcp_frag: with context packet with size %zu, position: %zu", pktlen, poses[0]);
+			goto erret_lc;
+		}
+
+
+		if (section->frag_sni_reverse)
+			goto send_frag2;
+		
+send_frag1:
+		ret = send_tcp_frags(section, frag1, f1len, NULL, 0, 0);
+		if (ret < 0) {
+			goto erret_lc;
+		}
+
+		if (section->frag_sni_reverse) 
+			goto out_lc;
+
+send_fake:
+		if (section->frag_sni_faked) {
+			size_t iphfl, tcphfl;
+			void *iph;
+			struct tcphdr *tcph;
+			ret = tcp_payload_split(frag2, f2len, &iph, &iphfl, &tcph, &tcphfl, NULL, NULL);
+			struct fake_type f_type = args_default_fake_type(section);
+			if ((f_type.strategy.strategy & FAKE_STRAT_PAST_SEQ) == FAKE_STRAT_PAST_SEQ) {
+				f_type.strategy.strategy ^= FAKE_STRAT_PAST_SEQ;
+				f_type.strategy.strategy |= FAKE_STRAT_RAND_SEQ;
+				f_type.strategy.randseq_offset = dvs;
+			}
+
+			f_type.seg2delay = section->seg2_delay;
+
+			post_fake_sni(f_type, iph, iphfl, tcph, tcphfl);	
+		}
+
+		if (section->frag_sni_reverse)
+			goto send_frag1;
+
+send_frag2:
+		ret = send_tcp_frags(section, frag2, f2len, poses + 1, poses_sz - 1, poses[0]);
+		if (ret < 0) {
+			goto erret_lc;
+		}
+
+		if (section->frag_sni_reverse)
+			goto send_fake;
+out_lc:
+		free(frag1);
+		free(frag2);
+		goto out;
+erret_lc:
+		free(frag1);
+		free(frag2);
+		return ret;
+	}
+out:
+	return 0;
+}
+
+int post_fake_sni(struct fake_type f_type, 
+		const void *iph, unsigned int iph_len, 
+		const struct tcphdr *tcph, unsigned int tcph_len) {
+
+	uint8_t rfsiph[128];
+	uint8_t rfstcph[60];
+	int ret;
+
+	int ipxv = netproto_version(iph, iph_len);
+
+	memcpy(rfsiph, iph, iph_len);
+	memcpy(rfstcph, tcph, tcph_len);
+
+	void *fsiph = (void *)rfsiph;
+	struct tcphdr *fstcph = (void *)rfstcph;
+
+	ITER_FAKE_STRAT(f_type.strategy.strategy, strategy) {
+		struct fake_type fake_seq_type = f_type;
+		fake_seq_type.strategy.strategy = strategy;
+
+		// one goes for default fake
+		for (int i = 0; i < fake_seq_type.sequence_len; i++) {
+			uint8_t *fake_sni;
+			size_t fake_sni_len;
+						
+			ret = gen_fake_sni(
+				fake_seq_type,
+				fsiph, iph_len, fstcph, tcph_len, 
+				&fake_sni, &fake_sni_len);
+			if (ret < 0) {
+				lgerror(ret, "gen_fake_sni");
+				return ret;
+			}
+
+			lgtrace_addp("post fake sni #%d", i + 1);
+
+			if (f_type.seg2delay) {
+				ret = instance_config.send_delayed_packet(fake_sni, fake_sni_len, f_type.seg2delay);
+			} else {
+				ret = instance_config.send_raw_packet(fake_sni, fake_sni_len);
+			}
+			if (ret < 0) {
+				lgerror(ret, "send fake sni");
+				goto erret_lc;
+			}
+			size_t iph_len;
+			size_t tcph_len;
+			size_t plen;
+			ret = tcp_payload_split(
+				fake_sni, fake_sni_len, 
+				&fsiph, &iph_len,
+				&fstcph, &tcph_len,
+				NULL, &plen);
+
+			if (ret < 0) {
+				lgtrace_addp("continue fake seq");
+				goto erret_lc;
+			}
+
+
+			if (!(strategy == FAKE_STRAT_PAST_SEQ ||
+				strategy == FAKE_STRAT_RAND_SEQ)) {
+				fstcph->seq = htonl(ntohl(fstcph->seq) + plen);
+			}
+
+			if (ipxv == IP4VERSION) {
+				((struct iphdr *)fsiph)->id = htons(ntohs(((struct iphdr *)fsiph)->id) + 1);
+			}
+
+			memcpy(rfsiph, fsiph, iph_len);
+
+			memcpy(rfstcph, fstcph, tcph_len);
+			fsiph = (void *)rfsiph;
+			fstcph = (void *)rfstcph;
+			
+			free(fake_sni);
+			continue;
+erret_lc:
+			free(fake_sni);
+			return ret;
+		}
+	}
+
+	return 0;
+}
+

src/mangle.h

@@ -0,0 +1,78 @@
+/*
+  youtubeUnblock - https://github.com/Waujito/youtubeUnblock
+
+  Copyright (C) 2024-2025 Vadim Vetrov <vetrovvd@gmail.com>
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
+#ifndef YU_MANGLE_H
+#define YU_MANGLE_H
+
+#include "types.h"
+#include "tls.h"
+#include "config.h"
+
+#define PKT_ACCEPT	0
+#define PKT_DROP	1
+// Used for section config
+#define PKT_CONTINUE	2
+
+/**
+ * Processes the packet and returns verdict.
+ * This is the primary function that traverses the packet.
+ */
+int process_packet(const struct config_t *config, const struct packet_data *pd);
+
+
+/**
+ * Processe the TCP packet.
+ * Returns verdict.
+ */
+int process_tcp_packet(const struct section_config_t *section, const uint8_t *raw_payload, size_t raw_payload_len);
+
+
+/**
+ * Processes the UDP packet.
+ * Returns verdict.
+ */
+int process_udp_packet(const struct section_config_t *section, const uint8_t *pkt, size_t pktlen);
+
+
+
+/**
+ * Sends fake client hello.
+ */
+int post_fake_sni(struct fake_type f_type, 
+		const void *iph, unsigned int iph_len, 
+		const struct tcphdr *tcph, unsigned int tcph_len);
+
+/**
+ * Splits packet by poses and posts.
+ * Poses are relative to start of TCP payload.
+ * dvs used internally and should be zero.
+ */
+int send_tcp_frags(const struct section_config_t *section,
+	const uint8_t *packet, size_t pktlen, 
+	const size_t *poses, size_t poses_len, size_t dvs);
+
+/**
+ * Splits packet by poses and posts.
+ * Poses are relative to start of TCP payload.
+ * dvs used internally and should be zero.
+ */
+int send_ip4_frags(const struct section_config_t *section,
+	const uint8_t *packet, size_t pktlen, 
+	const size_t *poses, size_t poses_len, size_t dvs);
+#endif /* YU_MANGLE_H */

src/quic.c

@@ -0,0 +1,551 @@
+/*
+  youtubeUnblock - https://github.com/Waujito/youtubeUnblock
+
+  Copyright (C) 2024-2025 Vadim Vetrov <vetrovvd@gmail.com>
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
+#include "quic.h"
+#include "tls.h"
+#include "logging.h"
+
+
+/**
+ * Packet number.
+ */
+struct quic_pnumber {
+	uint8_t d1;
+	uint8_t d2;
+	uint8_t d3;
+	uint8_t d4;
+};
+
+uint64_t quic_parse_varlength(const uint8_t *variable, size_t *mlen) {
+	if (mlen && *mlen == 0) return 0;
+	uint64_t vr = (*variable & 0x3F);
+	uint8_t len = 1 << (*variable >> 6);
+
+	if (mlen) {
+		if (*mlen < len) {
+			*mlen = 0;
+			return 0;
+		}
+		*mlen = len;
+	}
+
+	++variable;
+	for (uint8_t i = 1; i < len; i++) {
+		vr = (vr << 8) + *variable;
+		++variable;
+	}
+
+	return vr;
+}
+
+int quic_get_version(uint32_t *version, const struct quic_lhdr *qch) {
+	uint32_t qversion = ntohl(qch->version);
+	*version = qversion;
+
+	switch (qversion) {
+		case QUIC_V1:
+		case QUIC_V2:
+			return 0;
+		default:
+			return -EINVAL;
+	}
+}
+
+int quic_check_is_initial(const struct quic_lhdr *qch) {
+	uint32_t qversion;
+	int ret;
+	ret = quic_get_version(&qversion, qch);
+	if (ret < 0) return 0;
+
+	uint8_t qtype = qch->type;
+
+	switch (qversion) {
+		case QUIC_V1:
+			qtype = quic_convtype_v1(qtype);
+			break;
+		case QUIC_V2:
+			qtype = quic_convtype_v2(qtype);
+			break;
+		default:
+			return 0;
+	}
+
+	if (qtype != QUIC_INITIAL_TYPE) {
+		return 0;
+	}
+
+	return 1;
+}
+
+int quic_parse_data(const uint8_t *raw_payload, size_t raw_payload_len,
+		const struct quic_lhdr **qch, size_t *qch_len,
+		struct quic_cids *qci,
+		const uint8_t **payload, size_t *plen) {
+	if (	raw_payload == NULL || 
+		raw_payload_len < sizeof(struct quic_lhdr)) 
+		goto invalid_packet;
+
+	const struct quic_lhdr *nqch = (const struct quic_lhdr *)raw_payload;
+	size_t left_len = raw_payload_len - sizeof(struct quic_lhdr);
+	const uint8_t *cur_rawptr = raw_payload + sizeof(struct quic_lhdr);
+	int ret;
+	uint32_t qversion;
+
+	if (!nqch->fixed) {
+		lgtrace_addp("quic fixed unset");
+		return -EPROTO;
+	}
+
+	ret = quic_get_version(&qversion, nqch);
+
+	if (ret < 0) {
+		lgtrace_addp("quic version undefined %u", qversion);
+		return -EPROTO;
+	}
+
+	lgtrace_addp("quic version valid %u", qversion);
+
+	if (left_len < 2) goto invalid_packet;
+	struct quic_cids nqci = {0};
+
+	nqci.dst_len = *cur_rawptr++;
+	left_len--;
+	if (left_len < nqci.dst_len) goto invalid_packet;
+	nqci.dst_id = cur_rawptr;
+	cur_rawptr += nqci.dst_len;
+	left_len -= nqci.dst_len;
+
+	nqci.src_len = *cur_rawptr++;
+	left_len--;
+	if (left_len < nqci.src_len) goto invalid_packet;
+	nqci.src_id = cur_rawptr;
+	cur_rawptr += nqci.src_len;
+	left_len -= nqci.src_len;
+
+	if (qch) *qch = nqch;
+	if (qch_len) {
+		*qch_len = sizeof(struct quic_lhdr) + 
+			nqci.src_len + nqci.dst_len;
+	}
+	if (qci) *qci = nqci;
+	if (payload) *payload = cur_rawptr;
+	if (plen) *plen = left_len;
+
+	return 0;
+
+invalid_packet:
+	return -EINVAL;
+}
+
+int quic_parse_initial_header(const uint8_t *inpayload, size_t inplen,
+			struct quici_hdr *qhdr) {
+	if (inplen < 3) goto invalid_packet;
+	struct quici_hdr nqhdr;
+
+	const uint8_t *cur_ptr = inpayload;
+	size_t left_len = inplen;
+	size_t tlen = left_len;
+
+	nqhdr.token_len = quic_parse_varlength(cur_ptr, &tlen);
+	nqhdr.token = cur_ptr + tlen;
+	
+	if (left_len < nqhdr.token_len + tlen) 
+		goto invalid_packet;
+	cur_ptr += tlen + nqhdr.token_len;
+	left_len -= tlen + nqhdr.token_len;
+
+	tlen = left_len;
+	nqhdr.length = quic_parse_varlength(cur_ptr, &tlen);
+
+	if (left_len < nqhdr.length + tlen ||
+		nqhdr.length < QUIC_SAMPLE_SIZE + 
+				QUIC_SAMPLE_OFFSET
+	)
+		goto invalid_packet;
+	cur_ptr += tlen;
+
+	nqhdr.protected_payload = cur_ptr;
+	nqhdr.sample = cur_ptr + QUIC_SAMPLE_OFFSET;
+	nqhdr.sample_length = QUIC_SAMPLE_SIZE;
+
+	if (qhdr) *qhdr = nqhdr;
+
+	return 0;
+
+invalid_packet:
+	lgerror(-EINVAL, "QUIC invalid Initial packet");
+	return -EINVAL;
+}
+
+ssize_t quic_parse_crypto(struct quic_frame_crypto *crypto_frame,
+			  const uint8_t *frame, size_t flen) {
+	const uint8_t *curptr = frame;
+	size_t curptr_len = flen;
+	size_t vln;
+	*crypto_frame = (struct quic_frame_crypto){0};
+
+	if (flen == 0 || *frame != QUIC_FRAME_CRYPTO || 
+		crypto_frame == NULL) 
+		return -EINVAL;
+
+	
+	curptr++, curptr_len--;
+
+	vln = curptr_len;
+	size_t offset = quic_parse_varlength(curptr, &vln);
+	curptr += vln, curptr_len -= vln;
+	if (vln == 0) {
+		return -EINVAL;
+	}
+	
+
+	vln = curptr_len;
+	size_t length = quic_parse_varlength(curptr, &vln);
+	curptr += vln, curptr_len -= vln;
+	if (vln == 0) {
+		return -EINVAL;
+	}
+
+	if (length > curptr_len)
+		return -EINVAL;
+
+	crypto_frame->offset = offset;
+	crypto_frame->payload_length = length;
+	crypto_frame->payload = curptr;
+
+	curptr += length;
+	curptr_len -= length;
+
+	return flen - curptr_len;
+}
+
+int udp_fail_packet(struct udp_failing_strategy strategy, uint8_t *payload, size_t *plen, size_t avail_buflen) {
+	void *iph;
+	size_t iph_len;
+	struct udphdr *udph;
+	uint8_t *data;
+	size_t dlen;
+	int ret;
+
+	ret = udp_payload_split(payload, *plen, 
+			&iph, &iph_len, &udph,
+			&data, &dlen);
+
+	uint32_t ipxv = netproto_version(payload, *plen);
+
+	if (ret < 0) {
+		return ret;
+	}
+
+
+	if (strategy.strategy == FAKE_STRAT_TTL) {
+		lgtrace_addp("Set fake ttl to %d", strategy.faking_ttl);
+
+		if (ipxv == IP4VERSION) {
+			((struct iphdr *)iph)->ttl = strategy.faking_ttl;
+		} else if (ipxv == IP6VERSION) {
+			((struct ip6_hdr *)iph)->ip6_hops = strategy.faking_ttl;
+		} else {
+			lgerror(-EINVAL, "fail_packet: IP version is unsupported");
+			return -EINVAL;
+		}
+	}
+
+	if (ipxv == IP4VERSION) {
+		((struct iphdr *)iph)->frag_off = 0;
+	}
+
+
+	set_ip_checksum(iph, iph_len);
+
+	if (strategy.strategy == FAKE_STRAT_UDP_CHECK) {
+		lgtrace_addp("break fake udp checksum");
+		udph->check += 1;
+	}
+
+	return 0;
+}
+
+int gen_fake_udp(struct udp_fake_type type,
+		const void *ipxh, size_t iph_len, 
+		const struct udphdr *udph,
+		uint8_t **ubuf, size_t *ubuflen) {
+	size_t data_len = type.fake_len;
+	int ret;
+
+	if (!ipxh || !udph || !ubuf || !ubuflen)
+		return -EINVAL;
+
+	int ipxv = netproto_version(ipxh, iph_len);
+	
+	if (ipxv == IP6VERSION) {
+		iph_len = sizeof(struct ip6_hdr);
+	}
+
+	size_t dlen = iph_len + sizeof(struct udphdr) + data_len;
+	size_t buffer_len = dlen + 50;
+	uint8_t *buf = malloc(buffer_len);
+	if (buf == NULL) {
+		return -ENOMEM;
+	}
+
+	if (ipxv == IP4VERSION) {
+		const struct iphdr *iph = ipxh;
+
+		memcpy(buf, iph, iph_len);
+		struct iphdr *niph = (struct iphdr *)buf;
+
+		niph->protocol = IPPROTO_UDP;
+	} else if (ipxv == IP6VERSION) {
+		const struct ip6_hdr *iph = ipxh;
+
+		memcpy(buf, iph, iph_len);
+		struct ip6_hdr *niph = (struct ip6_hdr *)buf;
+
+		niph->ip6_nxt = IPPROTO_UDP;
+	} else {
+		ret = -EINVAL;
+		goto error;
+	}
+
+	memcpy(buf + iph_len, udph, sizeof(struct udphdr));
+	uint8_t *bfdptr = buf + iph_len + sizeof(struct udphdr);
+
+	memset(bfdptr, 0, data_len);
+
+	if (ipxv == IP4VERSION) {
+		struct iphdr *niph = (struct iphdr *)buf;
+		niph->tot_len = htons(dlen);
+		niph->id = randint();
+	} else if (ipxv == IP6VERSION) {
+		struct ip6_hdr *niph = (struct ip6_hdr *)buf;
+		niph->ip6_plen = htons(dlen - iph_len);
+	}
+
+	struct udphdr *nudph = (struct udphdr *)(buf + iph_len);
+	nudph->len = htons(sizeof(struct udphdr) + data_len);
+	
+	set_udp_checksum(nudph, buf, iph_len);
+
+	ret = udp_fail_packet(type.strategy, buf, &dlen, buffer_len);
+	if (ret < 0) {
+		lgerror(ret, "udp_fail_packet");
+		goto error;
+	}
+
+	*ubuflen = dlen;
+	*ubuf = buf;
+	
+	return 0;
+error:
+	free(buf);
+	return ret;
+}
+
+int parse_quic_decrypted(
+	const struct section_config_t *section,
+	const uint8_t *decrypted_message, size_t decrypted_message_len,
+	uint8_t **crypto_message_buf, size_t *crypto_message_buf_len
+) {
+	const uint8_t *curptr = decrypted_message;
+	ssize_t curptr_len = decrypted_message_len;
+	ssize_t fret;
+	struct quic_frame_crypto fr_cr;
+
+	uint8_t *crypto_message = calloc(AVAILABLE_MTU, 1);
+	if (crypto_message == NULL) {
+		lgerror(-ENOMEM, "No memory");
+		return -ENOMEM;
+	}
+
+	int crypto_message_len = AVAILABLE_MTU;
+
+	while (curptr_len > 0) {
+		uint8_t type = curptr[0];
+		switch (type) {
+			case QUIC_FRAME_PING:
+				lgtrace_addp("ping");
+				goto pl_incr;
+			case QUIC_FRAME_PADDING:
+				if (curptr == decrypted_message ||
+					*(curptr - 1) != QUIC_FRAME_PADDING) {
+					lgtrace_addp("padding");
+				}
+pl_incr:
+				curptr++, curptr_len--;
+				break;
+			case QUIC_FRAME_CRYPTO:
+				fret = quic_parse_crypto(&fr_cr, curptr, curptr_len);
+				lgtrace_addp("crypto len=%zu offset=%zu fret=%zd", fr_cr.payload_length, fr_cr.offset, fret);
+				if (fret < 0) {
+					lgtrace_addp("Crypto parse error");
+					goto out;
+				}
+
+				curptr += fret;
+				curptr_len -= fret;
+
+				
+				if (fr_cr.offset <= crypto_message_len && 
+				fr_cr.payload_length <= crypto_message_len &&
+				fr_cr.payload_length + fr_cr.offset <= crypto_message_len
+				) {
+
+					memcpy(crypto_message + fr_cr.offset, 
+					fr_cr.payload, fr_cr.payload_length);
+				}
+				
+				break;
+			default:
+				lgtrace_addp("Frame invalid hash: %02x", type);
+				goto out;
+		}
+	}
+
+out:
+	lgtrace_addp("crypto message parsed");
+	*crypto_message_buf = crypto_message;
+	*crypto_message_buf_len = crypto_message_len;	
+
+	return 0;
+}
+
+int detect_udp_filtered(const struct section_config_t *section,
+			const uint8_t *payload, size_t plen) {
+	const void *iph;
+	size_t iph_len;
+	const struct udphdr *udph;
+	const uint8_t *data;
+	size_t dlen;
+	int ret;
+
+	ret = udp_payload_split((uint8_t *)payload, plen,
+			      (void **)&iph, &iph_len, 
+			      (struct udphdr **)&udph,
+			      (uint8_t **)&data, &dlen);
+	int udp_dport = ntohs(udph->dest);
+	
+	if (ret < 0) {
+		goto skip;
+	}
+	
+	if (section->udp_filter_quic != UDP_FILTER_QUIC_DISABLED) {
+		if (section->dport_filter && ntohs(udph->dest) != 443)
+			goto match_port;
+
+
+		const struct quic_lhdr *qch;
+		size_t qch_len;
+		struct quic_cids qci;
+		const uint8_t *quic_in_payload;
+		size_t quic_in_plen;
+
+		lgtrace_addp("QUIC probe");
+
+		ret = quic_parse_data((uint8_t *)data, dlen, 
+			 &qch, &qch_len, &qci, 
+			 &quic_in_payload, &quic_in_plen);
+
+		if (ret < 0) {
+			lgtrace_addp("QUIC undefined type");
+			goto match_port;
+		}
+
+		lgtrace_addp("QUIC detected");
+
+			
+		if (!quic_check_is_initial(qch)) {
+			lgtrace_addp("QUIC not initial");
+			goto match_port;
+		}
+
+		lgtrace_addp("QUIC initial message");
+
+		if (section->udp_filter_quic == UDP_FILTER_QUIC_ALL) {
+			lgtrace_addp("QUIC early approve");
+			goto approve;
+		}
+
+		uint8_t *decrypted_payload;
+		size_t decrypted_payload_len;
+		const uint8_t *decrypted_message;
+		size_t decrypted_message_len;
+		uint8_t *crypto_message;
+		size_t crypto_message_len;
+		struct tls_verdict tlsv;
+
+		ret = quic_parse_initial_message(
+			data, dlen,
+			&decrypted_payload, &decrypted_payload_len,
+			&decrypted_message, &decrypted_message_len
+		);
+
+		if (ret < 0) {
+			goto match_port;
+		}
+
+		ret = parse_quic_decrypted(section,
+			decrypted_message, decrypted_message_len,
+			&crypto_message, &crypto_message_len
+		);
+		free(decrypted_payload);
+		decrypted_payload = NULL;
+
+		if (ret < 0) {
+			goto match_port;
+		}
+
+		if (section->sni_detection == SNI_DETECTION_BRUTE) {
+			ret = bruteforce_analyze_sni_str(section, crypto_message, crypto_message_len, &tlsv);
+		} else {
+			ret = analyze_tls_message(
+				section, crypto_message, crypto_message_len, &tlsv
+			);
+		}
+
+		if (tlsv.sni_len != 0) {
+			lgtrace_addp("QUIC SNI detected: %.*s", tlsv.sni_len, tlsv.sni_ptr);
+		}
+
+		if (tlsv.target_sni) {
+			lgdebug("QUIC target SNI detected: %.*s", tlsv.sni_len, tlsv.sni_ptr);
+			free(crypto_message);
+			crypto_message = NULL;
+			goto approve;
+		}
+
+		free(crypto_message);
+		crypto_message = NULL;
+	}
+
+match_port:
+
+	for (int i = 0; i < section->udp_dport_range_len; i++) {
+		struct udp_dport_range crange = section->udp_dport_range[i];
+		if (udp_dport >= crange.start && udp_dport <= crange.end) {
+			lgtrace_addp("matched to %d-%d", crange.start, crange.end);
+			goto approve;
+		}
+	}
+
+skip:
+	return 0;
+approve:
+	return 1;
+}

src/quic.h

@@ -0,0 +1,246 @@
+/*
+  youtubeUnblock - https://github.com/Waujito/youtubeUnblock
+
+  Copyright (C) 2024-2025 Vadim Vetrov <vetrovvd@gmail.com>
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
+#ifndef QUIC_H
+#define QUIC_H
+#include "types.h"
+#include "utils.h"
+
+
+/**
+* @macro
+*
+* :macro:`NGTCP2_INITIAL_SALT_V1` is a salt value which is used to
+* derive initial secret.  It is used for QUIC v1.
+*/
+#define QUIC_INITIAL_SALT_V1 \
+ "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17\x9a\xe6\xa4\xc8\x0c\xad" \
+ "\xcc\xbb\x7f\x0a"
+
+/**
+* @macro
+*
+* :macro:`NGTCP2_INITIAL_SALT_V2` is a salt value which is used to
+* derive initial secret.  It is used for QUIC v2.
+*/
+#define QUIC_INITIAL_SALT_V2 \
+ "\x0d\xed\xe3\xde\xf7\x00\xa6\xdb\x81\x93\x81\xbe\x6e\x26\x9d\xcb" \
+ "\xf9\xbd\x2e\xd9"
+
+#define QUIC_INITIAL_TYPE	0
+#define QUIC_0_RTT_TYPE		1
+#define QUIC_HANDSHAKE_TYPE	2
+#define QUIC_RETRY_TYPE		3
+
+#define QUIC_INITIAL_TYPE_V1	0b00
+#define QUIC_0_RTT_TYPE_V1	0b01
+#define QUIC_HANDSHAKE_TYPE_V1	0b10
+#define QUIC_RETRY_TYPE_V1	0b11
+#define quic_convtype_v1(type) (type)
+
+#define QUIC_INITIAL_TYPE_V2	0b01
+#define QUIC_0_RTT_TYPE_V2	0b10
+#define QUIC_HANDSHAKE_TYPE_V2	0b11
+#define QUIC_RETRY_TYPE_V2	0b00
+#define quic_convtype_v2(type) (((type) + 1) & __extension__ 0b11)
+
+#define QUIC_FRAME_CRYPTO	0x06
+#define QUIC_FRAME_PADDING	0x00
+#define QUIC_FRAME_PING		0x01
+
+#define QUIC_V1	1		// RFC 9000
+#define QUIC_V2	0x6b3343cf	// RFC 9369
+
+static const uint32_t supported_versions[] = {
+	QUIC_V1,
+	QUIC_V2,
+};
+
+// In bytes
+#define QUIC_SAMPLE_OFFSET		4
+
+#define QUIC_SAMPLE_SIZE		16
+#define QUIC_INITIAL_SECRET_SIZE	32
+#define QUIC_CLIENT_IN_SIZE		32
+#define QUIC_KEY_SIZE			16
+#define QUIC_IV_SIZE			12
+#define QUIC_HP_SIZE			16
+// Altough tag is not defined, it present in the end of message
+#define QUIC_TAG_SIZE			16
+
+
+/**
+ * Describes type-specific bytes for Initial message
+ */
+struct quici_lhdr_typespec {
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+	uint8_t number_length:2;//protected
+	uint8_t reserved:2;	//protected
+	uint8_t discard:4;
+#elif __BYTE_ORDER == __BIG_ENDIAN
+	uint8_t discard:4;
+	uint8_t reserved:2;	//protected
+	uint8_t number_length:2;//protected
+#else
+#error "Undefined endian"
+#endif
+}__attribute__((packed));
+
+/**
+ * Quic Large Header
+ */
+struct quic_lhdr {
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+	uint8_t type_specific:4;// protected
+	uint8_t type:2;
+	uint8_t fixed:1;
+	uint8_t form:1;
+#elif __BYTE_ORDER == __BIG_ENDIAN
+	uint8_t form:1;
+	uint8_t fixed:1;
+	uint8_t type:2;
+	uint8_t type_specific:4;// protected
+#else
+#error "Undefined endian"
+#endif
+	uint32_t version;
+}__attribute__((packed));
+
+/**
+ * Quic Large Header Ids 
+ * (separated from the original header because of varying dst 
+ */
+struct quic_cids {
+	uint8_t dst_len;
+	const uint8_t *dst_id;
+	uint8_t src_len;
+	const uint8_t *src_id;
+};
+
+/**
+ * Parses QUIС raw data (UDP payload) to quic large header and 
+ * quic payload.
+ *
+ * \qch_len is sizeof(qch) + qci->dst_len + qci->src_id
+ * \payload is Type-Specific payload (#17.2).
+ */
+int quic_parse_data(const uint8_t *raw_payload, size_t raw_payload_len,
+		const struct quic_lhdr **qch, size_t *qch_len,
+		struct quic_cids *qci,
+		const uint8_t **payload, size_t *plen);
+		
+
+/**
+ * Parses QUIC variable-length integer. (#16)
+ * \variable is a pointer to the sequence to be parsed
+ * (varlen integer in big endian format)
+ *
+ * \mlen Used to signal about variable length and validate left length
+ * in the buffer.
+ *
+ * On error/buffer overflow mlen set to 0, otherwise it is higher
+ */
+uint64_t quic_parse_varlength(const uint8_t *variable, size_t *mlen);
+
+// quici stands for QUIC Initial
+
+/**
+ * This structure should be parsed
+ */
+struct quici_hdr {
+	size_t token_len;
+	const uint8_t *token;
+	size_t length;
+
+	const uint8_t *protected_payload; //  with packet number
+
+	// RFC 9001 5.4.2
+	size_t sample_length;
+	const uint8_t *sample;
+};
+
+/**
+ * Checks for quic version and checks if it is supported
+ */
+int quic_get_version(uint32_t *version, const struct quic_lhdr *qch);
+
+/**
+* Checks quic message to be initial according to version. 
+* 0 on false, 1 on true
+*/
+int quic_check_is_initial(const struct quic_lhdr *qch);
+
+struct quic_frame_crypto {
+	size_t offset;
+	size_t payload_length;
+	const uint8_t *payload;
+};
+/**
+ * Parses quic crypto frame
+ * Returns parsed size or -EINVAL on error
+ */
+ssize_t quic_parse_crypto(struct quic_frame_crypto *crypto_frame,
+			  const uint8_t *frame, size_t flen);
+
+
+/**
+ * Parses QUIC initial message header.
+ * \inpayload is a QUIC Initial message payload (payload after quic large header)
+ */
+int quic_parse_initial_header(const uint8_t *inpayload, size_t inplen,
+			struct quici_hdr *qhdr);
+
+/**
+ * Parses and decrypts QUIC Initial Message. 
+ *
+ * \quic_header QUIC payload, the start of UDP payload
+ * \udecrypted_payload QUIC decrypted payload. Contains all the QUIC packet, with all headers
+ * \udecrypted_message QUIC decrypted message, typically TLS Client Hello
+ *
+ */
+int quic_parse_initial_message(
+	const uint8_t *quic_payload, size_t quic_plen,
+	uint8_t **udecrypted_payload, size_t *udecrypted_payload_len,
+	const uint8_t **udecrypted_message, size_t *udecrypted_message_len
+);
+
+/**
+ * CRYPTO frames may be randomly spried in the message.
+ * This function _allocates_ crypto_message_buf and fills it with CRYPTO frames
+ * according to offset and payload_length
+ */
+int parse_quic_decrypted(
+	const struct section_config_t *section,
+	const uint8_t *decrypted_message, size_t decrypted_message_len,
+	uint8_t **crypto_message_buf, size_t *crypto_message_buf_len
+);
+
+// Like fail_packet for TCP
+int udp_fail_packet(struct udp_failing_strategy strategy, uint8_t *payload, size_t *plen, size_t avail_buflen);
+
+// Like gen_fake_sni for TCP, Allocates and generates udp fake
+int gen_fake_udp(struct udp_fake_type type,
+		const void *ipxh, size_t iph_len, 
+		const struct udphdr *udph,
+		uint8_t **buf, size_t *buflen);
+
+int detect_udp_filtered(const struct section_config_t *section,
+			const uint8_t *payload, size_t plen);
+
+#endif /* QUIC_H */

src/quic_crypto.c

@@ -0,0 +1,276 @@
+/*
+  youtubeUnblock - https://github.com/Waujito/youtubeUnblock
+
+  Copyright (C) 2024-2025 Vadim Vetrov <vetrovvd@gmail.com>
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
+#include "quic.h"
+#include "kdf/hkdf.h"
+#include "hash/sha256.h"
+#include "cipher/aes.h"
+#include "cipher_modes/ecb.h"
+#include "aead/gcm.h"
+#include "logging.h"
+
+const uint8_t quic_client_in_info[]	= "\0\x20\x0ftls13 client in\0";
+const uint8_t quic_key_info[]		= "\0\x10\x0etls13 quic key\0";
+const uint8_t quic_iv_info[]		= "\0\x0c\x0dtls13 quic iv\0";
+const uint8_t quic_hp_info[]		= "\0\x10\x0dtls13 quic hp\0";
+const uint8_t quic2_key_info[]		= "\0\x10\x10tls13 quicv2 key\0";
+const uint8_t quic2_iv_info[]		= "\0\x0c\x0ftls13 quicv2 iv\0";
+const uint8_t quic2_hp_info[]		= "\0\x10\x0ftls13 quicv2 hp\0";
+
+int quic_parse_initial_message(
+	const uint8_t *quic_payload, size_t quic_plen,
+	uint8_t **udecrypted_payload, size_t *udecrypted_payload_len,
+	const uint8_t **udecrypted_message, size_t *udecrypted_message_len
+) {
+	int ret;
+	const struct quic_lhdr *qch;
+	size_t qch_len;
+	struct quic_cids qci;
+	const uint8_t *inpayload; 
+	size_t inplen;
+	struct quici_hdr qich;
+
+	size_t quic_header_len;
+	size_t inheader_len;
+	struct quici_lhdr_typespec qich_ltspc;
+	int packet_number_length;
+	const uint8_t *packet_number = NULL;
+	const uint8_t *protected_payload = NULL;
+	size_t protected_payload_length;
+
+	uint8_t initial_secret[QUIC_INITIAL_SECRET_SIZE];
+	uint8_t client_initial_secret[QUIC_CLIENT_IN_SIZE];
+	uint8_t quic_key[QUIC_KEY_SIZE];
+	uint8_t quic_iv[QUIC_IV_SIZE];
+	uint8_t quic_hp[QUIC_HP_SIZE];
+	uint8_t mask[QUIC_SAMPLE_SIZE];
+	uint8_t *decrypted_payload = NULL;
+	size_t decrypted_payload_len;
+	uint8_t *decrypted_packet_number = NULL;
+	uint8_t *dcptr = NULL;
+	// Decrypted plain message without header
+	uint8_t *decrypted_message = NULL;
+	size_t decrypted_message_len;
+	AesContext actx;
+	GcmContext gctx;
+	uint32_t qversion;
+	const uint8_t *iv_info;
+	size_t iv_info_size;
+	const uint8_t *key_info;
+	size_t key_info_size;
+	const uint8_t *hp_info;
+	size_t hp_info_size;
+	const uint8_t *initial_salt;
+	size_t initial_salt_size;
+
+	ret = quic_parse_data(quic_payload, quic_plen,
+			&qch, &qch_len, &qci, &inpayload, &inplen
+	);
+	if (ret < 0) {
+		lgerror(ret, "quic_parse_data");
+		goto error_nfr;
+	}
+
+	ret = quic_get_version(&qversion, qch);
+	if (ret < 0) {
+		return -EINVAL;
+	}
+	if (!quic_check_is_initial(qch)) {
+		return -EINVAL;
+	}
+
+	switch (qversion) {
+		case QUIC_V1:
+			iv_info = quic_iv_info;
+			iv_info_size = sizeof(quic_iv_info) - 1;
+			key_info = quic_key_info;
+			key_info_size = sizeof(quic_key_info) - 1;
+			hp_info = quic_hp_info;
+			hp_info_size = sizeof(quic_hp_info) - 1;
+			initial_salt = (const uint8_t *)QUIC_INITIAL_SALT_V1;
+			initial_salt_size = sizeof(QUIC_INITIAL_SALT_V1) - 1;
+			break;
+		case QUIC_V2:
+			iv_info = quic2_iv_info;
+			iv_info_size = sizeof(quic2_iv_info) - 1;
+			key_info = quic2_key_info;
+			key_info_size = sizeof(quic2_key_info) - 1;
+			hp_info = quic2_hp_info;
+			hp_info_size = sizeof(quic2_hp_info) - 1;
+			initial_salt = (const uint8_t *)QUIC_INITIAL_SALT_V2;
+			initial_salt_size = sizeof(QUIC_INITIAL_SALT_V2) - 1;
+			break;
+		default:
+			return -EINVAL;
+	}
+
+	quic_header_len = inpayload - quic_payload;
+
+	ret = quic_parse_initial_header(inpayload, inplen, &qich);
+	if (ret < 0) {
+		lgerror(ret, "quic_parse_initial_header");
+		goto error_nfr;
+	}
+
+	inheader_len = qich.protected_payload - inpayload;
+
+	decrypted_payload_len = quic_header_len + inplen;
+	decrypted_payload = malloc(decrypted_payload_len);
+	if (decrypted_payload == NULL) {
+		ret = -ENOMEM;
+		goto error_nfr;
+	}
+	dcptr = decrypted_payload;
+	// Copy quic large header
+	memcpy(dcptr, quic_payload, quic_header_len);
+	dcptr += quic_header_len;
+
+	
+	// Copy quic initial large header (until packet number)
+	memcpy(dcptr, inpayload, inheader_len);
+	dcptr += inheader_len;
+	
+
+	ret = hkdfExtract(SHA256_HASH_ALGO, (const unsigned char *)qci.dst_id, qci.dst_len, initial_salt, initial_salt_size, initial_secret);
+	if (ret) {
+		lgerr("hkdfExtract initial_secret: %d", ret);
+		ret = -EINVAL;
+		goto error;
+	}
+
+	ret = hkdfExpand(SHA256_HASH_ALGO, initial_secret, SHA256_DIGEST_SIZE, quic_client_in_info, sizeof(quic_client_in_info) - 1, client_initial_secret, QUIC_CLIENT_IN_SIZE);
+	if (ret) {
+		lgerr("hkdfExpand client_initial_secret: %d", ret);
+		ret = -EINVAL;
+		goto error;
+	}
+
+	ret = hkdfExpand(SHA256_HASH_ALGO, client_initial_secret, SHA256_DIGEST_SIZE, key_info, key_info_size, quic_key, QUIC_KEY_SIZE);	
+	if (ret) {
+		lgerr("hkdfExpand quic_key: %d", ret);
+		ret = -EINVAL;
+		goto error;
+	}
+
+	ret = hkdfExpand(SHA256_HASH_ALGO, client_initial_secret, SHA256_DIGEST_SIZE, iv_info, iv_info_size, quic_iv, QUIC_IV_SIZE);
+	if (ret) {
+		lgerr("hkdfExpand quic_iv: %d", ret);
+		ret = -EINVAL;
+		goto error;
+	}
+
+	ret = hkdfExpand(SHA256_HASH_ALGO, client_initial_secret, SHA256_DIGEST_SIZE, hp_info, hp_info_size, quic_hp, QUIC_HP_SIZE);
+	if (ret) {
+		lgerr("hkdfExpand quic_hp: %d", ret);
+		ret = -EINVAL;
+		goto error;
+	}
+
+	// Decrypt packet number length and packet number
+	ret = aesInit(&actx, quic_hp, QUIC_HP_SIZE);
+	if (ret) {
+		lgerr("aesInit with quic_hp: %d", ret);
+		ret = -EINVAL;
+		goto error;
+	}
+	ret = ecbEncrypt(&aesCipherAlgo, &actx, 
+		  qich.sample, mask, qich.sample_length);
+	if (ret) {
+		lgerr("ecbEncrypt for mask: %d", ret);
+		ret = -EINVAL;
+		goto error;
+	}
+
+	// Update decrypted payload header with decrypted packet_number_length
+	decrypted_payload[0] ^= mask[0] & 0x0f;
+
+	qich_ltspc = (struct quici_lhdr_typespec){decrypted_payload[0]};
+	
+	packet_number_length = qich_ltspc.number_length + 1;
+	if (qich.length < packet_number_length) {
+		ret = -EINVAL;
+		goto error;
+	}
+
+	packet_number = qich.protected_payload;
+	protected_payload = qich.protected_payload + packet_number_length;
+	protected_payload_length = qich.length - packet_number_length;
+
+	decrypted_packet_number = dcptr;
+
+	for (int i = 0; i < packet_number_length; i++) {
+		decrypted_packet_number[i] = packet_number[i] ^ mask[i + 1];
+	}
+	dcptr += packet_number_length;
+
+	for (int i = QUIC_IV_SIZE - packet_number_length, j = 0; 
+		i < QUIC_IV_SIZE; i++, j++) {
+
+		quic_iv[i] ^= decrypted_packet_number[j];
+	}
+	
+	ret = aesInit(&actx, quic_key, QUIC_KEY_SIZE);
+	if (ret) {
+		lgerr("aesInit for quic_key: %d", ret);
+		ret = -EINVAL;
+		goto error;
+	}
+	ret = gcmInit(&gctx, &aesCipherAlgo, &actx);
+	if (ret) {
+		lgerr("gcmInit: %d", ret);
+		ret = -EINVAL;
+		goto error;
+	}
+
+	decrypted_message = dcptr;
+
+	ret = gcmDecrypt(
+		&gctx, quic_iv, QUIC_IV_SIZE, 
+		NULL, 0, 
+		protected_payload, decrypted_message, protected_payload_length, 
+		quic_key, QUIC_KEY_SIZE
+	);
+	if (ret != 0 && ret != ERROR_FAILURE) {
+		lgerr("gcmInit: %d", ret);
+		ret = -EINVAL;
+		goto error;
+	}
+	// TAG is padded in the end of decrypted message
+	decrypted_message_len = protected_payload_length - QUIC_TAG_SIZE;
+
+	if (!udecrypted_payload) {
+		lgerr("decrypted_payload cannot be NULL!");
+		ret = -EINVAL;
+		goto error;
+	}
+
+	*udecrypted_payload = decrypted_payload;
+	if (udecrypted_payload_len) 
+		*udecrypted_payload_len = decrypted_payload_len;
+	if (udecrypted_message) 
+		*udecrypted_message = decrypted_message;
+	if (udecrypted_message_len) 
+		*udecrypted_message_len = decrypted_message_len;
+
+	return 0;
+error:
+	free(decrypted_payload);
+error_nfr:
+	return ret;
+}

src/tls.c

@@ -0,0 +1,380 @@
+/*
+  youtubeUnblock - https://github.com/Waujito/youtubeUnblock
+
+  Copyright (C) 2024-2025 Vadim Vetrov <vetrovvd@gmail.com>
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
+#include "types.h"
+#include "tls.h"
+#include "config.h"
+#include "logging.h"
+#include "utils.h"
+
+#ifndef KERNEL_SPACE
+#include <fcntl.h>
+#include <unistd.h>
+#endif
+
+int bruteforce_analyze_sni_str(
+	const struct section_config_t *section,
+	const uint8_t *data, size_t dlen,
+	struct tls_verdict *vrd
+) {
+	size_t offset, offlen;
+	int ret;
+	*vrd = (struct tls_verdict){0};
+
+	if (dlen <= 1) {
+		return 0;
+	}
+
+	if (section->all_domains) {
+		vrd->target_sni = 1;
+		vrd->sni_len = 0;
+		vrd->sni_ptr = data + dlen / 2;
+		vrd->target_sni_ptr = vrd->sni_ptr;
+		vrd->target_sni_len = vrd->sni_len;
+		return 0;
+	}
+
+	// It is safe for multithreading, so dp mutability is ok
+	ret = trie_process_str((struct trie_container *)&section->sni_domains, data, dlen, 0, &offset, &offlen);
+	if (ret) {
+		vrd->target_sni = 1;
+		vrd->sni_len = offlen;
+		vrd->sni_ptr = data + offset;
+		vrd->target_sni_ptr = vrd->sni_ptr;
+		vrd->target_sni_len = vrd->sni_len;
+	}
+	
+	return 0;
+}
+static int analyze_sni_str(
+	const struct section_config_t *section,
+	const char *sni_name, int sni_len, 
+	struct tls_verdict *vrd
+) {
+	int ret;
+	size_t offset, offlen;
+
+	if (section->all_domains) {
+		vrd->target_sni = 1;
+		goto check_domain;
+	}
+
+	// It is safe for multithreading, so dp mutability is ok
+	ret = trie_process_str((struct trie_container *)&section->sni_domains, 
+			(const uint8_t *)sni_name, sni_len, TRIE_OPT_MAP_TO_END, &offset, &offlen);
+	if (ret) {
+		vrd->target_sni = 1;
+		vrd->target_sni_ptr = (const uint8_t *)sni_name + offset;
+		vrd->target_sni_len = offlen;
+	}
+
+check_domain:
+	if (vrd->target_sni == 1) {
+
+		// It is safe for multithreading, so dp mutability is ok
+		ret = trie_process_str((struct trie_container *)&section->exclude_sni_domains, 
+				(const uint8_t *)sni_name, sni_len, TRIE_OPT_MAP_TO_END, &offset, &offlen);
+		if (ret) {
+			vrd->target_sni = 0;
+			lgdebug("Excluded SNI: %.*s", 
+				vrd->sni_len, vrd->sni_ptr);
+		}
+	}
+
+	return 0;
+}
+
+int analyze_tls_message(
+	const struct section_config_t *section,
+	const uint8_t *message_data, 
+	size_t message_length,
+	struct tls_verdict *tlsv
+) {
+	*tlsv = (struct tls_verdict){0};
+	const uint8_t *handshakeProto = message_data;
+	const uint8_t *data_end = message_data + message_length;
+
+	if (handshakeProto + 1 >= data_end) 
+		goto invalid;
+
+	uint8_t handshakeType = *handshakeProto;
+
+	if (handshakeType != TLS_HANDSHAKE_TYPE_CLIENT_HELLO)
+		goto next;
+
+	const uint8_t *msgPtr = handshakeProto;
+	msgPtr += 1; 
+	msgPtr += 3 + 2 + 32;
+
+	if (msgPtr + 1 >= data_end) 
+		goto invalid;
+	uint8_t sessionIdLength = *msgPtr;
+	msgPtr++;
+	msgPtr += sessionIdLength;
+
+	if (msgPtr + 2 >= data_end)
+		goto invalid;
+	uint16_t ciphersLength = ntohs(*(uint16_t *)msgPtr);
+	msgPtr += 2;
+	msgPtr += ciphersLength;
+
+	if (msgPtr + 1 >= data_end)
+		goto invalid;
+	uint8_t compMethodsLen = *msgPtr;
+	msgPtr++;
+	msgPtr += compMethodsLen;
+
+	if (msgPtr + 2 >= data_end)
+		goto invalid;
+	uint16_t extensionsLen = ntohs(*(uint16_t *)msgPtr);
+	msgPtr += 2;
+
+	const uint8_t *extensionsPtr = msgPtr;
+	const uint8_t *extensions_end = extensionsPtr + extensionsLen;
+	if (extensions_end > data_end) extensions_end = data_end;
+
+	while (extensionsPtr < extensions_end) {
+		const uint8_t *extensionPtr = extensionsPtr;
+		if (extensionPtr + 4 >= extensions_end)
+			goto invalid;
+
+		uint16_t extensionType = 
+			ntohs(*(uint16_t *)extensionPtr);
+		extensionPtr += 2;
+
+		uint16_t extensionLen = 
+			ntohs(*(uint16_t *)extensionPtr);
+		extensionPtr += 2;
+
+
+		if (extensionPtr + extensionLen > extensions_end) 
+			goto invalid;
+
+		if (extensionType != TLS_EXTENSION_SNI) 
+			goto nextExtension;
+
+		const uint8_t *sni_ext_ptr = extensionPtr;
+
+		if (sni_ext_ptr + 2 >= extensions_end)
+			goto invalid;
+		uint16_t sni_ext_dlen = ntohs(*(uint16_t *)sni_ext_ptr);
+
+		sni_ext_ptr += 2;
+
+		const uint8_t *sni_ext_end = sni_ext_ptr + sni_ext_dlen;
+		if (sni_ext_end > extensions_end)
+			goto invalid;
+		
+		if (sni_ext_ptr + 3 >= sni_ext_end)
+			goto invalid;
+		sni_ext_ptr++;
+		uint16_t sni_len = ntohs(*(uint16_t *)sni_ext_ptr);
+		sni_ext_ptr += 2;
+
+		if (sni_ext_ptr + sni_len > sni_ext_end)
+			goto invalid;
+
+		const char *sni_name = (char *)sni_ext_ptr;
+
+		tlsv->sni_ptr = (const uint8_t *)sni_name;
+		tlsv->sni_len = sni_len;
+		tlsv->target_sni_ptr = tlsv->sni_ptr;
+		tlsv->target_sni_len = tlsv->sni_len;
+
+		analyze_sni_str(section, sni_name, sni_len, tlsv);
+		return TLS_MESSAGE_ANALYZE_FOUND;
+
+nextExtension:
+		extensionsPtr += 2 + 2 + extensionLen;
+	}
+
+next:
+	return TLS_MESSAGE_ANALYZE_GOTO_NEXT;
+invalid:
+	return TLS_MESSAGE_ANALYZE_INVALID;
+}
+
+/**
+ * Processes tls payload of the tcp request.
+ * 
+ * data Payload data of TCP.
+ * dlen Length of `data`.
+ */
+struct tls_verdict analyze_tls_data(
+	const struct section_config_t *section,
+	const uint8_t *data, 
+	size_t dlen) 
+{
+	struct tls_verdict vrd = {0};
+
+	const uint8_t *data_end = data + dlen;
+	const uint8_t *message_ptr = data;
+	int ret;
+
+	if (section->sni_detection == SNI_DETECTION_BRUTE) {
+		bruteforce_analyze_sni_str(section, data, dlen, &vrd);
+		goto out;
+	}
+
+	while (message_ptr + 5 < data_end) {
+		uint8_t tls_content_type = *message_ptr;
+		message_ptr++;
+
+		uint8_t tls_vmajor = *message_ptr;
+		if (tls_vmajor != 0x03) break;
+		message_ptr++;
+
+		// uint8_t tls_vminor = *message_ptr;
+		message_ptr++;
+
+		uint16_t message_length = ntohs(*(const uint16_t *)message_ptr);
+		message_ptr += 2;
+
+
+		const uint8_t *tls_message_data = message_ptr;
+		// Since real length may be truncated use minimum of two
+		size_t tls_message_length = min((int)message_length, (int)(data_end - message_ptr));
+
+		if (tls_content_type != TLS_CONTENT_TYPE_HANDSHAKE) 
+			goto nextMessage;
+
+		ret = analyze_tls_message(
+			section,
+			tls_message_data,
+			tls_message_length,
+			&vrd
+		);
+
+		switch (ret) {
+			case TLS_MESSAGE_ANALYZE_GOTO_NEXT:
+				goto nextMessage;
+			case TLS_MESSAGE_ANALYZE_FOUND: 
+			case TLS_MESSAGE_ANALYZE_INVALID: 
+			default:
+				goto out;
+			
+		}
+		
+nextMessage:
+		message_ptr += tls_message_length;
+	}
+
+out:
+	return vrd;
+}
+
+int gen_fake_sni(struct fake_type type,
+		const void *ipxh, size_t iph_len, 
+		const struct tcphdr *tcph, size_t tcph_len,
+		uint8_t **ubuf, size_t *ubuflen) {
+	size_t data_len = type.fake_len;
+	uint8_t *buf = NULL;
+	int ret;
+
+	if (type.type == FAKE_PAYLOAD_RANDOM && data_len == 0) {
+		data_len = (size_t)randint() % 1200;
+	}
+
+	if (!ipxh || !tcph || !ubuf || !ubuflen)
+		return -EINVAL;
+
+	int ipxv = netproto_version(ipxh, iph_len);
+
+	if (ipxv == IP6VERSION) {
+		iph_len = sizeof(struct ip6_hdr);
+	}
+
+	size_t dlen = iph_len + tcph_len + data_len;
+	size_t buffer_len = dlen + 50;
+	buf = malloc(buffer_len);
+	if (buf == NULL) {
+		return -ENOMEM;
+	}
+
+	if (ipxv == IP4VERSION) {
+		const struct iphdr *iph = ipxh;
+
+		memcpy(buf, iph, iph_len);
+		struct iphdr *niph = (struct iphdr *)buf;
+
+		niph->protocol = IPPROTO_TCP;
+	} else if (ipxv == IP6VERSION) {
+		const struct ip6_hdr *iph = ipxh;
+
+		memcpy(buf, iph, iph_len);
+		struct ip6_hdr *niph = (struct ip6_hdr *)buf;
+
+		niph->ip6_nxt = IPPROTO_TCP;
+	} else {
+		ret = -EINVAL;
+		goto error;
+	}
+
+	memcpy(buf + iph_len, tcph, tcph_len);
+	uint8_t *bfdptr = buf + iph_len + tcph_len;
+
+	switch (type.type) {
+		case FAKE_PAYLOAD_DATA:
+			memcpy(bfdptr, type.fake_data, data_len);
+			break;
+		default: // FAKE_PAYLOAD_RANDOM
+#ifdef KERNEL_SPACE
+			get_random_bytes(bfdptr, data_len);
+#else /* KERNEL_SPACE */
+#if _NO_GETRANDOM
+		{
+			int ret = open("/dev/urandom", O_RDONLY);
+			if (ret < 0) {
+				lgerror(ret, "Unable to open /dev/urandom");
+				return ret;
+			}
+			
+			read(ret, bfdptr, data_len);
+			close(ret);
+		}
+#else /* _NO_GETRANDOM */
+			getrandom(bfdptr, data_len, 0);
+#endif /* _NO_GETRANDOM */
+#endif /* KERNEL_SPACE */
+	}
+
+	if (ipxv == IP4VERSION) {
+		struct iphdr *niph = (struct iphdr *)buf;
+		niph->tot_len = htons(dlen);
+	} else if (ipxv == IP6VERSION) {
+		struct ip6_hdr *niph = (struct ip6_hdr *)buf;
+		niph->ip6_plen = htons(dlen - iph_len);
+	}
+
+	ret = fail_packet(type.strategy, buf, &dlen, buffer_len);
+	if (ret < 0) {
+		lgerror(ret, "fail_packet");
+		goto error;
+	}
+
+
+	*ubuflen = dlen;
+	*ubuf = buf;
+	
+	return 0;
+error:
+	free(buf);
+	return ret;
+}
+

src/tls.h

@@ -0,0 +1,85 @@
+/*
+  youtubeUnblock - https://github.com/Waujito/youtubeUnblock
+
+  Copyright (C) 2024-2025 Vadim Vetrov <vetrovvd@gmail.com>
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
+#ifndef TLS_H
+#define TLS_H
+
+#include "types.h"
+#include "utils.h"
+
+
+/**
+ * Result of analyze_tls_data function
+ */
+struct tls_verdict {
+	const uint8_t *sni_ptr;
+	int sni_len;
+
+	int target_sni; /* boolean, 1 if target found */
+	const uint8_t *target_sni_ptr; /* pointer to target domain instead of entire sni */
+	int target_sni_len; /* length of target domain instead of entire sni */
+};
+
+#define TLS_CONTENT_TYPE_HANDSHAKE 0x16
+#define TLS_HANDSHAKE_TYPE_CLIENT_HELLO 0x01
+#define TLS_EXTENSION_SNI 0x0000
+#define TLS_EXTENSION_CLIENT_HELLO_ENCRYPTED 0xfe0d
+
+#define TLS_MESSAGE_ANALYZE_INVALID	-1
+#define TLS_MESSAGE_ANALYZE_FOUND	0
+#define TLS_MESSAGE_ANALYZE_GOTO_NEXT	1
+
+/**
+ * Analyzes each TLS Client Hello message (inside TLS Record or QUIC CRYPTO FRAME)
+ */
+int analyze_tls_message(
+	const struct section_config_t *section,
+	const uint8_t *message_data, 
+	size_t message_length,
+	struct tls_verdict *tlsv
+);
+
+/**
+ * Tries to bruteforce over the packet and match domains as plain text
+ */
+int bruteforce_analyze_sni_str(
+	const struct section_config_t *section,
+	const uint8_t *data, size_t dlen,
+	struct tls_verdict *vrd
+);
+
+
+/**
+ * Processes the packet and finds TLS Client Hello information inside it.
+ * data pointer points to start of TLS Message (TCP Payload)
+ *
+ * Note that all the constant pointers of tls_verdict will be relative to data pointer
+ */
+struct tls_verdict analyze_tls_data(const struct section_config_t *section, const uint8_t *data, size_t dlen);
+
+
+/**
+ * Allocates and generates the fake client hello message
+ */
+int gen_fake_sni(struct fake_type type,
+		const void *iph, size_t iph_len, 
+		const struct tcphdr *tcph, size_t tcph_len, 
+		uint8_t **ubuf, size_t *ubuflen);
+
+#endif /* TLS_H */

src/trie.c

@@ -0,0 +1,197 @@
+/*
+  youtubeUnblock - https://github.com/Waujito/youtubeUnblock
+
+  Copyright (C) 2024-2025 Vadim Vetrov <vetrovvd@gmail.com>
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/**
+ * This is slightly optimized Aho-Corasick implementation 
+ *
+ * Big thanks to e-maxx http://e-maxx.ru/algo/aho_corasick
+ * for the best description and reference code samples
+ */
+
+#include "trie.h"
+
+int trie_init(struct trie_container *trie) {
+	void *vx = malloc(sizeof(struct trie_vertex) * TRIE_STARTSZ);
+	if (vx == NULL) {
+		return -ENOMEM;
+	}
+	trie->vx = vx;
+	trie->arrsz = TRIE_STARTSZ;
+	trie->sz = 1;
+
+	struct trie_vertex *trx = trie->vx;
+	trx->p = trx->link = -1;
+	trx->leaf = 0;
+	trx->depth = 0;
+	trx->pch = 0;
+	memset(trx->go, 0xff, sizeof(trie->vx[0].go));
+
+	return 0;
+}
+
+void trie_destroy(struct trie_container *trie) {
+	trie->arrsz = 0;
+	trie->sz = 0;
+	free(trie->vx);
+	trie->vx = NULL;
+}
+
+/**
+ *
+ * Increases trie vertex container size.
+ * Returns new vertex index or ret < 0 on error
+ *
+ */
+static int trie_push_vertex(struct trie_container *trie) {
+	if (trie->sz == NMAX - 1) {
+		return -EINVAL;
+	}
+
+	if (trie->arrsz == trie->sz) { // realloc
+		void *pt = realloc(trie->vx, 
+		     sizeof(struct trie_vertex) * trie->arrsz * 2);
+		if (pt == NULL) {
+			return -ENOMEM;
+		}
+
+		trie->arrsz *= 2;
+		trie->vx = pt;
+	}
+
+	return trie->sz++;
+}
+
+
+int trie_add_string(struct trie_container *trie, 
+	       const uint8_t *str, size_t strlen) {
+	if (trie == NULL || trie->vx == NULL) {
+		return -EINVAL;
+	}
+
+	int v = 0;
+	int nv;
+
+	for (size_t i = 0; i < strlen; ++i) {
+		uint8_t c = str[i];
+		if (c >= TRIE_ALPHABET) {
+			return -EINVAL;
+		}
+
+		if (trie->vx[v].go[c] == -1) {
+			nv = trie_push_vertex(trie);
+			if (nv < 0) {
+				return nv;
+			}
+			struct trie_vertex *tvx = trie->vx + nv;
+
+			memset(tvx->go, 0xff, sizeof(tvx->go));
+			tvx->link = -1;
+			tvx->p = v;
+			tvx->depth = trie->vx[v].depth + 1;
+			tvx->leaf = 0;
+			tvx->pch = c;
+			trie->vx[v].go[c] = nv;
+		}
+		v = trie->vx[v].go[c];
+	}
+	
+	if (v != 0) {
+		trie->vx[v].leaf = 1;
+	}
+
+	return 0;
+}
+
+static int trie_go(struct trie_container *trie,
+	int v, uint8_t c);
+
+static int trie_get_link(struct trie_container *trie,
+	     int v) {
+	struct trie_vertex *tvx = trie->vx + v;
+
+	if (tvx->link == -1) {
+		if (v == 0 || tvx->p == 0) {
+			tvx->link = 0;
+		} else {
+			tvx->link = trie_go(trie, 
+				trie_get_link(trie, tvx->p), tvx->pch);
+		}
+	}
+
+	return tvx->link;
+}
+
+static int trie_go(struct trie_container *trie, int v, uint8_t c) {
+	struct trie_vertex *tvx = trie->vx + v;
+
+	if (tvx->go[c] == -1) {
+		tvx->go[c] = v == 0 ? 0 : 
+		trie_go(trie, trie_get_link(trie, v), c);
+	}
+
+	return tvx->go[c];
+}
+
+
+int trie_process_str(
+	struct trie_container *trie,
+	const uint8_t *str, size_t strlen,
+	int flags,
+	size_t *offset, size_t *offlen
+) {
+	if (trie == NULL || trie->vx == NULL) {
+		return 0;
+	}
+
+	int v = 0;
+	size_t i = 0;
+	uint8_t c;
+	int len;
+
+	for (; i < strlen; ++i) {
+		c = str[i];
+		if (c >= TRIE_ALPHABET) {
+			v = 0;
+			continue;
+		}
+
+		v = trie->vx[v].go[c] != -1 ? trie->vx[v].go[c] : 
+			trie_go(trie, v, str[i]);
+
+		if (trie->vx[v].leaf && 
+			((flags & TRIE_OPT_MAP_TO_END) != TRIE_OPT_MAP_TO_END ||
+			i == strlen - 1)
+		) {
+			++i;
+			break;
+		}
+	}
+
+	len = trie->vx[v].depth;
+	if (	trie->vx[v].leaf &&
+		i >= len
+	) {
+		size_t sp = i - len;
+		*offset = sp;
+		*offlen = len;
+		return 1;
+	}
+
+	return 0;
+}

src/trie.h

@@ -0,0 +1,92 @@
+/*
+  youtubeUnblock - https://github.com/Waujito/youtubeUnblock
+
+  Copyright (C) 2024-2025 Vadim Vetrov <vetrovvd@gmail.com>
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/**
+ * This is slightly optimized Aho-Corasick implementation 
+ *
+ * Big thanks to e-maxx http://e-maxx.ru/algo/aho_corasick
+ * for the best description and reference code samples
+ *
+ */
+
+/**
+ *
+ * This algorithm allows us to search inside the string
+ * for a list of patterns in the linear time.
+ *
+ * The algorithm will lazily initialize itself while 
+ * youtubeUnblock works. Lazy initializations considered 
+ * safe for multithreading and operate without atomicity 
+ * or synchronization primitives.
+ *
+ */
+
+#ifndef TRIE_H
+#define TRIE_H
+
+#include "types.h"
+
+// ASCII alphabet
+#define TRIE_ALPHABET 128
+// Maximum of vertexes in the trie
+#define NMAX ((1 << 15) - 1)
+
+struct trie_vertex {
+	int leaf; // boolean flag
+	int depth; // depth of tree (length of substring)
+	int p; // parent
+	uint8_t pch; // vertex char
+	int link; // sufflink
+	int16_t go[TRIE_ALPHABET]; // dynamically filled pushes
+};
+ 
+struct trie_container {
+	struct trie_vertex *vx;
+	size_t arrsz;
+	size_t sz;
+};
+
+#define TRIE_STARTSZ 32
+int trie_init(struct trie_container *trie);
+void trie_destroy(struct trie_container *trie);
+
+int trie_add_string(struct trie_container *trie, 
+	       const uint8_t *str, size_t strlen);
+
+/**
+ * Aligns the pattern to the end 
+ */
+#define TRIE_OPT_MAP_TO_END (1 << 1)
+
+/**
+ * Searches the string for the patterns.
+ * flags is TRIE_OPT binary mask with options for search.
+ * offset, offlen are destination variables with 
+ * offset of the given string and length of target.
+ *
+ * returns 1 if target found, 0 otherwise
+ */
+int trie_process_str(
+	struct trie_container *trie,
+	const uint8_t *str, size_t strlen,
+	int flags,
+	size_t *offset, size_t *offlen
+);
+
+#endif

src/types.h

@@ -1,3 +1,22 @@
+/*
+  youtubeUnblock - https://github.com/Waujito/youtubeUnblock
+
+  Copyright (C) 2024-2025 Vadim Vetrov <vetrovvd@gmail.com>
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
 #define _GNU_SOURCE
 #ifndef TYPES_H
 #define TYPES_H
@@ -8,12 +27,25 @@
 #include <linux/string.h> // IWYU pragma: export
 
 #include <linux/types.h>
+
+typedef __u8	uint8_t;
+typedef __u16	uint16_t;
+typedef __u32 	uint32_t;
+typedef __u64 	uint64_t;
+typedef __s8	int8_t;
+typedef __s16	int16_t;
+typedef __s32	int32_t;
+typedef __s64	int64_t;
+
+typedef __s32 int_least32_t;	/* integer of >= 32 bits */
+typedef __s16 int_least16_t;	/* integer of >= 16 bits */
 #else /* USER_SPACE */
 
 #include <errno.h>  // IWYU pragma: export
 #include <stdint.h> // IWYU pragma: export
 #include <string.h> // IWYU pragma: export
 #include <stdlib.h> // IWYU pragma: export
+#include <stdio.h>  // IWYU pragma: export
 
 
 #define _NO_GETRANDOM ((__GLIBC__ <= 2 && __GLIBC_MINOR__ < 25))
@@ -34,6 +66,11 @@
 #include <linux/tcp.h> // IWYU pragma: export
 #include <linux/version.h>
 
+#define free kfree
+#define malloc(size) kmalloc((size), GFP_KERNEL)
+#define realloc(pt, size) krealloc((pt), (size), GFP_KERNEL)
+#define calloc(n, size) kcalloc((n), (size), GFP_KERNEL)
+
 #define ip6_hdr ipv6hdr
 
 /* from <netinet/ip.h> */
@@ -67,6 +104,11 @@
 #include <netinet/udp.h>	// IWYU pragma: export
 #endif
 
+#define SFREE(item) do {	\
+free((item));			\
+(item) = NULL;			\
+} while (0)
+
 #ifndef KERNEL_SPACE
 
 #define max(a,b)__extension__\
@@ -85,38 +127,21 @@
 
 #endif /* not a KERNEL_SPACE */
 
-/**
- * Use NETBUF_ALLOC and NETBUF_FREE as an abstraction of memory allocation.
- * Do not use it within expressions, consider these defines as separate statements.
- *
- * Use NETBUF_CHECK to check that buffer was properly allocated.
- */
-#ifdef KERNEL_SPACE
-#include <linux/gfp.h>
-#define NETBUF_ALLOC(buf, buf_len) __u8* buf = kmalloc(buf_len, GFP_KERNEL);
-#define NETBUF_CHECK(buf) ((buf) != NULL)
-#define NETBUF_FREE(buf) kfree(buf);
-#elif defined(ALLOC_MALLOC)
-#include <stdlib.h>
-#define NETBUF_ALLOC(buf, buf_len) __u8* buf = malloc(buf_len);
-#define NETBUF_CHECK(buf) ((buf) != NULL)
-#define NETBUF_FREE(buf) free(buf);
-#else
-#define NETBUF_ALLOC(buf, buf_len) __u8 buf[buf_len];
-#define NETBUF_CHECK(buf) (1)
-#define NETBUF_FREE(buf) ;
-#endif
-
 static inline int randint(void) {
 	int rnd;
 	
 #ifdef KERNEL_SPACE
-		get_random_bytes(&rnd, sizeof(rnd));
+	get_random_bytes(&rnd, sizeof(rnd));
 #else
-		rnd = random();
+	rnd = random();
 #endif
 
 	return rnd;
 }
 
+#ifdef KERNEL_SPACE
+#define socklen_t size_t
+#endif
+const char *inet_ntop(int af, const void * a0, char * s, socklen_t l);
+
 #endif /* TYPES_H */

src/utils.c

@@ -1,3 +1,22 @@
+/*
+  youtubeUnblock - https://github.com/Waujito/youtubeUnblock
+
+  Copyright (C) 2024-2025 Vadim Vetrov <vetrovvd@gmail.com>
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
 #include "utils.h"
 #include "logging.h"
 #include "types.h"
@@ -7,6 +26,7 @@
 #include <libnetfilter_queue/libnetfilter_queue_ipv4.h>
 #include <libnetfilter_queue/libnetfilter_queue_ipv6.h>
 #include <libnetfilter_queue/libnetfilter_queue_tcp.h>
+#include <libnetfilter_queue/libnetfilter_queue_udp.h>
 #else
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24))
 	#include <net/ip6_checksum.h>
@@ -20,7 +40,7 @@
 void tcp4_set_checksum(struct tcphdr *tcph, struct iphdr *iph) 
 {
 #ifdef KERNEL_SPACE
-	uint32_t tcp_packet_len = ntohs(iph->tot_len) - (iph->ihl << 2);
+	size_t tcp_packet_len = ntohs(iph->tot_len) - (iph->ihl << 2);
 	tcph->check = 0;
 	tcph->check = csum_tcpudp_magic(
 		iph->saddr, iph->daddr, tcp_packet_len,
@@ -31,6 +51,20 @@ void tcp4_set_checksum(struct tcphdr *tcph, struct iphdr *iph)
 #endif
 }
 
+void udp4_set_checksum(struct udphdr *udph, struct iphdr *iph) 
+{
+#ifdef KERNEL_SPACE
+	size_t udp_packet_len = ntohs(iph->tot_len) - (iph->ihl << 2);
+	udph->check = 0;
+	udph->check = csum_tcpudp_magic(
+		iph->saddr, iph->daddr, udp_packet_len,
+		IPPROTO_UDP, 
+		csum_partial(udph, udp_packet_len, 0));
+#else
+	nfq_udp_compute_checksum_ipv4(udph, iph);
+#endif
+}
+
 void ip4_set_checksum(struct iphdr *iph) 
 {
 #ifdef KERNEL_SPACE
@@ -52,7 +86,18 @@ void tcp6_set_checksum(struct tcphdr *tcph, struct ip6_hdr *iph) {
 #endif
 }
 
-int set_ip_checksum(void *iph, uint32_t iphb_len) {
+void udp6_set_checksum(struct udphdr *udph, struct ip6_hdr *iph) {
+#ifdef KERNEL_SPACE
+	udph->check = 0;
+	udph->check = csum_ipv6_magic(&iph->saddr, &iph->daddr, 
+		 ntohs(iph->ip6_plen), IPPROTO_UDP, 
+		 csum_partial(udph, ntohs(iph->ip6_plen), 0));
+#else
+	nfq_udp_compute_checksum_ipv6(udph, iph);
+#endif
+}
+
+int set_ip_checksum(void *iph, size_t iphb_len) {
 	int ipvx = netproto_version(iph, iphb_len);
 
 	if (ipvx == IP4VERSION) {
@@ -64,7 +109,7 @@ int set_ip_checksum(void *iph, uint32_t iphb_len) {
 	return 0;
 }
 
-int set_tcp_checksum(struct tcphdr *tcph, void *iph, uint32_t iphb_len) {
+int set_tcp_checksum(struct tcphdr *tcph, void *iph, size_t iphb_len) {
 	int ipvx = netproto_version(iph, iphb_len);
 
 	if (ipvx == IP4VERSION) {
@@ -77,24 +122,41 @@ int set_tcp_checksum(struct tcphdr *tcph, void *iph, uint32_t iphb_len) {
 	return 0;
 }
 
-int ip4_payload_split(uint8_t *pkt, uint32_t buflen,
-		       struct iphdr **iph, uint32_t *iph_len, 
-		       uint8_t **payload, uint32_t *plen) {
+int set_udp_checksum(struct udphdr *udph, void *iph, size_t iphb_len) {
+	int ipvx = netproto_version(iph, iphb_len);
+
+	if (ipvx == IP4VERSION) {
+		udp4_set_checksum(udph, iph);
+	} else if (ipvx == IP6VERSION) {
+		udp6_set_checksum(udph, iph);
+	} else {
+		return -1;
+	}
+
+	return 0;
+}
+
+
+int ip4_payload_split(uint8_t *pkt, size_t buflen,
+		       struct iphdr **iph, size_t *iph_len, 
+		       uint8_t **payload, size_t *plen) {
 	if (pkt == NULL || buflen < sizeof(struct iphdr)) {
-		lgerror("ip4_payload_split: pkt|buflen", -EINVAL);
+		lgerror(-EINVAL, "ip4_payload_split: pkt|buflen");
 		return -EINVAL;
 	}
 
 	struct iphdr *hdr = (struct iphdr *)pkt;
 	if (netproto_version(pkt, buflen) != IP4VERSION) {
-		lgerror("ip4_payload_split: ipversion", -EINVAL);
+		lgerror(-EINVAL, "ip4_payload_split: ipversion");
 		return -EINVAL;
 	}
 
-	uint32_t hdr_len = hdr->ihl * 4;
-	uint32_t pktlen = ntohs(hdr->tot_len);
+	size_t hdr_len = hdr->ihl * 4;
+	size_t pktlen = ntohs(hdr->tot_len);
 	if (buflen < pktlen || hdr_len > pktlen) {
-		lgerror("ip4_payload_split: buflen cmp pktlen", -EINVAL);
+		lgerror(-EINVAL, "ip4_payload_split: buflen cmp pktlen: "
+			"buflen = %zu pktlen = %zu hdr_len = %zu", 
+			buflen, pktlen, hdr_len);
 		return -EINVAL;
 	}
 
@@ -110,17 +172,17 @@ int ip4_payload_split(uint8_t *pkt, uint32_t buflen,
 	return 0;
 }
 
-int tcp4_payload_split(uint8_t *pkt, uint32_t buflen,
-		       struct iphdr **iph, uint32_t *iph_len,
-		       struct tcphdr **tcph, uint32_t *tcph_len,
-		       uint8_t **payload, uint32_t *plen) {
+int tcp4_payload_split(uint8_t *pkt, size_t buflen,
+		       struct iphdr **iph, size_t *iph_len,
+		       struct tcphdr **tcph, size_t *tcph_len,
+		       uint8_t **payload, size_t *plen) {
 	struct iphdr *hdr;
-	uint32_t hdr_len;
+	size_t hdr_len;
 	struct tcphdr *thdr;
-	uint32_t thdr_len;
+	size_t thdr_len;
 	
 	uint8_t *tcph_pl;
-	uint32_t tcph_plen;
+	size_t tcph_plen;
 
 	if (ip4_payload_split(pkt, buflen, &hdr, &hdr_len, 
 			&tcph_pl, &tcph_plen)){
@@ -152,24 +214,25 @@ int tcp4_payload_split(uint8_t *pkt, uint32_t buflen,
 	return 0;
 }
 
-int ip6_payload_split(uint8_t *pkt, uint32_t buflen,
-		       struct ip6_hdr **iph, uint32_t *iph_len, 
-		       uint8_t **payload, uint32_t *plen) {
+int ip6_payload_split(uint8_t *pkt, size_t buflen,
+		       struct ip6_hdr **iph, size_t *iph_len, 
+		       uint8_t **payload, size_t *plen) {
 	if (pkt == NULL || buflen < sizeof(struct ip6_hdr)) {
-		lgerror("ip6_payload_split: pkt|buflen", -EINVAL);
+		lgerror(-EINVAL, "ip6_payload_split: pkt|buflen");
 		return -EINVAL;
 	}
 
 	struct ip6_hdr *hdr = (struct ip6_hdr *)pkt;
 	if (netproto_version(pkt, buflen) != 6) {
-		lgerror("ip6_payload_split: ip6version", -EINVAL);
+		lgerror(-EINVAL, "ip6_payload_split: ip6version");
 		return -EINVAL;
 	}
 
-	uint32_t hdr_len = sizeof(struct ip6_hdr);
-	uint32_t pktlen = ntohs(hdr->ip6_plen);
+	size_t hdr_len = sizeof(struct ip6_hdr);
+	size_t pktlen = ntohs(hdr->ip6_plen);
 	if (buflen < pktlen) {
-		lgerror("ip6_payload_split: buflen cmp pktlen: %d %d", -EINVAL, buflen, pktlen);
+		lgerror(-EINVAL, "ip6_payload_split: buflen cmp pktlen: "
+			"buflen = %zu pktlen = %zu", buflen, pktlen);
 		return -EINVAL;
 	}
 
@@ -185,17 +248,17 @@ int ip6_payload_split(uint8_t *pkt, uint32_t buflen,
 	return 0;
 }
 
-int tcp6_payload_split(uint8_t *pkt, uint32_t buflen,
-		       struct ip6_hdr **iph, uint32_t *iph_len,
-		       struct tcphdr **tcph, uint32_t *tcph_len,
-		       uint8_t **payload, uint32_t *plen) {
+int tcp6_payload_split(uint8_t *pkt, size_t buflen,
+		       struct ip6_hdr **iph, size_t *iph_len,
+		       struct tcphdr **tcph, size_t *tcph_len,
+		       uint8_t **payload, size_t *plen) {
 	struct ip6_hdr *hdr;
-	uint32_t hdr_len;
+	size_t hdr_len;
 	struct tcphdr *thdr;
-	uint32_t thdr_len;
+	size_t thdr_len;
 	
 	uint8_t *tcph_pl;
-	uint32_t tcph_plen;
+	size_t tcph_plen;
 
 	if (ip6_payload_split(pkt, buflen, &hdr, &hdr_len, 
 			&tcph_pl, &tcph_plen)){
@@ -227,32 +290,32 @@ int tcp6_payload_split(uint8_t *pkt, uint32_t buflen,
 	return 0;
 }
 
-int tcp_payload_split(uint8_t *pkt, uint32_t buflen,
-		      void **iph, uint32_t *iph_len,
-		      struct tcphdr **tcph, uint32_t *tcph_len,
-		      uint8_t **payload, uint32_t *plen) {
+int tcp_payload_split(uint8_t *pkt, size_t buflen,
+		      void **iph, size_t *iph_len,
+		      struct tcphdr **tcph, size_t *tcph_len,
+		      uint8_t **payload, size_t *plen) {
 	int netvers = netproto_version(pkt, buflen);
 	if (netvers == IP4VERSION) {
 		return tcp4_payload_split(pkt, buflen, (struct iphdr **)iph, iph_len, tcph, tcph_len, payload, plen);
 	} else if (netvers == IP6VERSION) {
 		return tcp6_payload_split(pkt, buflen, (struct ip6_hdr **)iph, iph_len, tcph, tcph_len, payload, plen);
 	} else {
-		lgerror("Internet Protocol version is unsupported", -EINVAL);
+		lgerror(-EINVAL, "Internet Protocol version is unsupported");
 		return -EINVAL;
 	}
 }
 
 
-int udp4_payload_split(uint8_t *pkt, uint32_t buflen,
-		       struct iphdr **iph, uint32_t *iph_len,
+int udp4_payload_split(uint8_t *pkt, size_t buflen,
+		       struct iphdr **iph, size_t *iph_len,
 		       struct udphdr **udph,
-		       uint8_t **payload, uint32_t *plen) {
+		       uint8_t **payload, size_t *plen) {
 	struct iphdr *hdr;
-	uint32_t hdr_len;
+	size_t hdr_len;
 	struct udphdr *uhdr;
 	
 	uint8_t *ip_ph;
-	uint32_t ip_phlen;
+	size_t ip_phlen;
 
 	if (ip4_payload_split(pkt, buflen, &hdr, &hdr_len, 
 			&ip_ph, &ip_phlen)){
@@ -281,16 +344,16 @@ int udp4_payload_split(uint8_t *pkt, uint32_t buflen,
 	return 0;
 }
 
-int udp6_payload_split(uint8_t *pkt, uint32_t buflen,
-		       struct ip6_hdr **iph, uint32_t *iph_len,
+int udp6_payload_split(uint8_t *pkt, size_t buflen,
+		       struct ip6_hdr **iph, size_t *iph_len,
 		       struct udphdr **udph,
-		       uint8_t **payload, uint32_t *plen) {
+		       uint8_t **payload, size_t *plen) {
 	struct ip6_hdr *hdr;
-	uint32_t hdr_len;
+	size_t hdr_len;
 	struct udphdr *uhdr;
 	
 	uint8_t *ip_ph;
-	uint32_t ip_phlen;
+	size_t ip_phlen;
 
 	if (ip6_payload_split(pkt, buflen, &hdr, &hdr_len, 
 			&ip_ph, &ip_phlen)){
@@ -319,30 +382,30 @@ int udp6_payload_split(uint8_t *pkt, uint32_t buflen,
 	return 0;
 }
 
-int udp_payload_split(uint8_t *pkt, uint32_t buflen,
-		      void **iph, uint32_t *iph_len,
+int udp_payload_split(uint8_t *pkt, size_t buflen,
+		      void **iph, size_t *iph_len,
 		      struct udphdr **udph,
-		      uint8_t **payload, uint32_t *plen) {
+		      uint8_t **payload, size_t *plen) {
 	int netvers = netproto_version(pkt, buflen);
 	if (netvers == IP4VERSION) {
 		return udp4_payload_split(pkt, buflen, (struct iphdr **)iph, iph_len, udph, payload, plen);
 	} else if (netvers == IP6VERSION) {
 		return udp6_payload_split(pkt, buflen, (struct ip6_hdr **)iph, iph_len, udph, payload, plen);
 	} else {
-		lgerror("Internet Protocol version is unsupported", -EINVAL);
+		lgerror(-EINVAL, "Internet Protocol version is unsupported");
 		return -EINVAL;
 	}
 }
 
 // split packet to two ipv4 fragments.
-int ip4_frag(const uint8_t *pkt, uint32_t buflen, uint32_t payload_offset, 
-			uint8_t *frag1, uint32_t *f1len, 
-			uint8_t *frag2, uint32_t *f2len) {
+int ip4_frag(const uint8_t *pkt, size_t buflen, size_t payload_offset, 
+			uint8_t *frag1, size_t *f1len, 
+			uint8_t *frag2, size_t *f2len) {
 	
 	struct iphdr *hdr;
 	const uint8_t *payload;
-	uint32_t plen;
-	uint32_t hdr_len;
+	size_t plen;
+	size_t hdr_len;
 	int ret;
 
 	if (!frag1 || !f1len || !frag2 || !f2len)
@@ -351,7 +414,7 @@ int ip4_frag(const uint8_t *pkt, uint32_t buflen, uint32_t payload_offset,
 	if ((ret = ip4_payload_split(
 		(uint8_t *)pkt, buflen, 
 		&hdr, &hdr_len, (uint8_t **)&payload, &plen)) < 0) {
-		lgerror("ipv4_frag: TCP Header extract error", ret);
+		lgerror(ret, "ipv4_frag: TCP Header extract error");
 		return -EINVAL;
 	}
 
@@ -360,16 +423,16 @@ int ip4_frag(const uint8_t *pkt, uint32_t buflen, uint32_t payload_offset,
 	}
 
 	if (payload_offset & ((1 << 3) - 1)) {
-		lgerror("ipv4_frag: Payload offset MUST be a multiply of 8!", -EINVAL);
+		lgerror(-EINVAL, "ipv4_frag: Payload offset MUST be a multiply of 8!");
 
 		return -EINVAL;
 	}
 
-	uint32_t f1_plen = payload_offset;
-	uint32_t f1_dlen = f1_plen + hdr_len;
+	size_t f1_plen = payload_offset;
+	size_t f1_dlen = f1_plen + hdr_len;
 
-	uint32_t f2_plen = plen - payload_offset;
-	uint32_t f2_dlen = f2_plen + hdr_len;
+	size_t f2_plen = plen - payload_offset;
+	size_t f2_dlen = f2_plen + hdr_len;
 
 	if (*f1len < f1_dlen || *f2len < f2_dlen) {
 		return -ENOMEM;
@@ -414,15 +477,15 @@ int ip4_frag(const uint8_t *pkt, uint32_t buflen, uint32_t payload_offset,
 }
 
 // split packet to two tcp-on-ipv4 segments.
-int tcp_frag(const uint8_t *pkt, uint32_t buflen, uint32_t payload_offset, 
-			uint8_t *seg1, uint32_t *s1len, 
-			uint8_t *seg2, uint32_t *s2len) {
+int tcp_frag(const uint8_t *pkt, size_t buflen, size_t payload_offset, 
+			uint8_t *seg1, size_t *s1len, 
+			uint8_t *seg2, size_t *s2len) {
 
 	void *hdr;
-	uint32_t hdr_len;
+	size_t hdr_len;
 	struct tcphdr *tcph;
-	uint32_t tcph_len;
-	uint32_t plen;
+	size_t tcph_len;
+	size_t plen;
 	const uint8_t *payload;
 	int ret;
 
@@ -433,7 +496,7 @@ int tcp_frag(const uint8_t *pkt, uint32_t buflen, uint32_t payload_offset,
 				&hdr, &hdr_len,
 				&tcph, &tcph_len,
 				(uint8_t **)&payload, &plen)) < 0) {
-		lgerror("tcp_frag: tcp_payload_split", ret);
+		lgerror(ret, "tcp_frag: tcp_payload_split");
 
 		return -EINVAL;
 	}
@@ -446,9 +509,9 @@ int tcp_frag(const uint8_t *pkt, uint32_t buflen, uint32_t payload_offset,
 		if (
 			ntohs(iphdr->frag_off) & IP_MF || 
 			ntohs(iphdr->frag_off) & IP_OFFMASK) {
-			lgdebugmsg("tcp_frag: ip4: frag value: %d",
+			lgdebug("tcp_frag: ip4: frag value: %d",
 				ntohs(iphdr->frag_off));
-			lgerror("tcp_frag: ip4: ip fragmentation is set", -EINVAL);
+			lgerror(-EINVAL, "tcp_frag: ip4: ip fragmentation is set");
 			return -EINVAL;
 		}
 	}
@@ -458,11 +521,11 @@ int tcp_frag(const uint8_t *pkt, uint32_t buflen, uint32_t payload_offset,
 		return -EINVAL;
 	}
 
-	uint32_t s1_plen = payload_offset;
-	uint32_t s1_dlen = s1_plen + hdr_len + tcph_len;
+	size_t s1_plen = payload_offset;
+	size_t s1_dlen = s1_plen + hdr_len + tcph_len;
 
-	uint32_t s2_plen = plen - payload_offset;
-	uint32_t s2_dlen = s2_plen + hdr_len + tcph_len;
+	size_t s2_plen = plen - payload_offset;
+	size_t s2_dlen = s2_plen + hdr_len + tcph_len;
 
 	if (*s1len < s1_dlen || *s2len < s2_dlen) 
 		return -ENOMEM;
@@ -514,7 +577,9 @@ void z_function(const char *str, int *zbuf, size_t len) {
 	for (int i = 1; i < (int)len; i++) {
 		zbuf[i] = 0;
 		if (i < rh) {
-			zbuf[i] = min(zbuf[i - lh], rh - i);
+			zbuf[i] = zbuf[i - lh];
+			if (rh - i < zbuf[i])
+				zbuf[i] = rh - i;
 		}
 
 		while (i + zbuf[i] < len && str[zbuf[i]] == str[i + zbuf[i]])
@@ -527,7 +592,7 @@ void z_function(const char *str, int *zbuf, size_t len) {
 	}
 }
 
-void shift_data(uint8_t *data, uint32_t dlen, uint32_t delta) {
+void shift_data(uint8_t *data, size_t dlen, size_t delta) {
 	uint8_t *ndptr = data + delta + dlen;
 	uint8_t *dptr = data + dlen;
 	uint8_t *ndlptr = data;
@@ -551,20 +616,20 @@ struct tcp_md5sig_opt {
 // Real length of the option, with NOOP fillers
 #define TCP_MD5SIG_OPT_RLEN 20
 
-int fail_packet(struct failing_strategy strategy, uint8_t *payload, uint32_t *plen, uint32_t avail_buflen) {
+int fail_packet(struct failing_strategy strategy, uint8_t *payload, size_t *plen, size_t avail_buflen) {
 	void *iph;
-	uint32_t iph_len;
+	size_t iph_len;
 	struct tcphdr *tcph;
-	uint32_t tcph_len;
+	size_t tcph_len;
 	uint8_t *data;
-	uint32_t dlen;
+	size_t dlen;
 	int ret;
 
 	ret = tcp_payload_split(payload, *plen, 
 			&iph, &iph_len, &tcph, &tcph_len,
 			&data, &dlen);
 
-	uint32_t ipxv = netproto_version(payload, *plen);
+	int ipxv = netproto_version(payload, *plen);
 
 	if (ret < 0) {
 		return ret;
@@ -572,13 +637,13 @@ int fail_packet(struct failing_strategy strategy, uint8_t *payload, uint32_t *pl
 
 
 	if (strategy.strategy == FAKE_STRAT_RAND_SEQ) {
-		lgtrace("fake seq: %u -> ", ntohl(tcph->seq));
+		lgtrace_wr("fake seq: %u -> ", ntohl(tcph->seq));
 
 		tcph->seq = htonl(ntohl(tcph->seq) - (strategy.randseq_offset + dlen));
 
 		lgtrace_addp("%u", ntohl(tcph->seq));
 	} else if (strategy.strategy == FAKE_STRAT_PAST_SEQ) {
-		lgtrace("fake seq: %u -> ", ntohl(tcph->seq));
+		lgtrace_wr("fake seq: %u -> ", ntohl(tcph->seq));
 		tcph->seq = htonl(ntohl(tcph->seq) - dlen);
 		lgtrace_addp("%u", ntohl(tcph->seq));
 
@@ -590,7 +655,7 @@ int fail_packet(struct failing_strategy strategy, uint8_t *payload, uint32_t *pl
 		} else if (ipxv == IP6VERSION) {
 			((struct ip6_hdr *)iph)->ip6_hops = strategy.faking_ttl;
 		} else {
-			lgerror("fail_packet: IP version is unsupported", -EINVAL);
+			lgerror(-EINVAL, "fail_packet: IP version is unsupported");
 			return -EINVAL;
 		}
 	} else if (strategy.strategy == FAKE_STRAT_TCP_MD5SUM) {
@@ -612,7 +677,7 @@ int fail_packet(struct failing_strategy strategy, uint8_t *payload, uint32_t *pl
 			} else if (ipxv == IP6VERSION) {
 				((struct ip6_hdr *)iph)->ip6_plen = htons(ntohs(((struct ip6_hdr *)iph)->ip6_plen) + delta);
 			} else {
-				lgerror("fail_packet: IP version is unsupported", -EINVAL);
+				lgerror(-EINVAL, "fail_packet: IP version is unsupported");
 				return -EINVAL;
 			}
 			optp_len += delta;
@@ -648,15 +713,15 @@ int fail_packet(struct failing_strategy strategy, uint8_t *payload, uint32_t *pl
 	return 0;
 }
 
-int seqovl_packet(uint8_t *payload, uint32_t *plen, uint32_t seq_delta) {
+int seqovl_packet(uint8_t *payload, size_t *plen, size_t seq_delta) {
 	int ipxv = netproto_version(payload, *plen);
 
 	void *iph;
-	uint32_t iph_len;
+	size_t iph_len;
 	struct tcphdr *tcph;
-	uint32_t tcph_len;
+	size_t tcph_len;
 	uint8_t *data;
-	uint32_t dlen;
+	size_t dlen;
 
 
 	int ret = tcp_payload_split(payload, *plen,

src/utils.h

@@ -1,3 +1,22 @@
+/*
+  youtubeUnblock - https://github.com/Waujito/youtubeUnblock
+
+  Copyright (C) 2024-2025 Vadim Vetrov <vetrovvd@gmail.com>
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
 #ifndef UTILS_H
 #define UTILS_H
 
@@ -12,33 +31,33 @@
  * payload_offset indicates the position relatively to start of IP payload
  * (start of transport header)
  */
-int ip4_frag(const uint8_t *pkt, uint32_t pktlen, 
-			uint32_t payload_offset, 
-			uint8_t *frag1, uint32_t *f1len, 
-			uint8_t *frag2, uint32_t *f2len);
+int ip4_frag(const uint8_t *pkt, size_t pktlen, 
+			size_t payload_offset, 
+			uint8_t *frag1, size_t *f1len, 
+			uint8_t *frag2, size_t *f2len);
 
 /**
  * Splits the packet to two TCP segments on position payload_offset
  * payload_offset indicates the position relatively to start of TCP payload.
  */
-// int tcp4_frag(const uint8_t *pkt, uint32_t pktlen, 
-// 			uint32_t payload_offset, 
-// 			uint8_t *seg1, uint32_t *s1len, 
-// 			uint8_t *seg2, uint32_t *s2len);
-int tcp_frag(const uint8_t *pkt, uint32_t pktlen,
-			uint32_t payload_offset,
-			uint8_t *seg1, uint32_t *s1len, 
-			uint8_t *seg2, uint32_t *s2len);
+// int tcp4_frag(const uint8_t *pkt, size_t pktlen, 
+// 			size_t payload_offset, 
+// 			uint8_t *seg1, size_t *s1len, 
+// 			uint8_t *seg2, size_t *s2len);
+int tcp_frag(const uint8_t *pkt, size_t pktlen,
+			size_t payload_offset,
+			uint8_t *seg1, size_t *s1len, 
+			uint8_t *seg2, size_t *s2len);
 
 
 /**
  * Splits the raw packet payload to ip header and ip payload.
  */
-int ip4_payload_split(uint8_t *pkt, uint32_t buflen,
-		       struct iphdr **iph, uint32_t *iph_len, 
-		       uint8_t **payload, uint32_t *plen);
+int ip4_payload_split(uint8_t *pkt, size_t buflen,
+		       struct iphdr **iph, size_t *iph_len, 
+		       uint8_t **payload, size_t *plen);
 
-static inline int netproto_version(const uint8_t *pkt, uint32_t buflen) {
+static inline int netproto_version(const uint8_t *pkt, size_t buflen) {
 	if (pkt == NULL || buflen == 0)
 		return -1;
 
@@ -49,69 +68,72 @@ static inline int netproto_version(const uint8_t *pkt, uint32_t buflen) {
 /**
  * Splits the raw packet payload to ip header, tcp header and tcp payload.
  */
-int tcp4_payload_split(uint8_t *pkt, uint32_t buflen,
-		       struct iphdr **iph, uint32_t *iph_len,
-		       struct tcphdr **tcph, uint32_t *tcph_len,
-		       uint8_t **payload, uint32_t *plen);
+int tcp4_payload_split(uint8_t *pkt, size_t buflen,
+		       struct iphdr **iph, size_t *iph_len,
+		       struct tcphdr **tcph, size_t *tcph_len,
+		       uint8_t **payload, size_t *plen);
 
 /**
  * Splits the raw packet payload to ip header and ip payload.
  */
-int ip6_payload_split(uint8_t *pkt, uint32_t buflen,
-		       struct ip6_hdr **iph, uint32_t *iph_len, 
-		       uint8_t **payload, uint32_t *plen);
+int ip6_payload_split(uint8_t *pkt, size_t buflen,
+		       struct ip6_hdr **iph, size_t *iph_len, 
+		       uint8_t **payload, size_t *plen);
 
 /**
  * Splits the raw packet payload to ip header, tcp header and tcp payload.
  */
-int tcp6_payload_split(uint8_t *pkt, uint32_t buflen,
-		       struct ip6_hdr **iph, uint32_t *iph_len,
-		       struct tcphdr **tcph, uint32_t *tcph_len,
-		       uint8_t **payload, uint32_t *plen);
+int tcp6_payload_split(uint8_t *pkt, size_t buflen,
+		       struct ip6_hdr **iph, size_t *iph_len,
+		       struct tcphdr **tcph, size_t *tcph_len,
+		       uint8_t **payload, size_t *plen);
 
-int tcp_payload_split(uint8_t *pkt, uint32_t buflen,
-		      void **iph, uint32_t *iph_len,
-		      struct tcphdr **tcph, uint32_t *tcph_len,
-		      uint8_t **payload, uint32_t *plen);
+int tcp_payload_split(uint8_t *pkt, size_t buflen,
+		      void **iph, size_t *iph_len,
+		      struct tcphdr **tcph, size_t *tcph_len,
+		      uint8_t **payload, size_t *plen);
 
 /**
  * Splits the raw packet payload to ip header, udp header and udp payload.
  */
-int udp4_payload_split(uint8_t *pkt, uint32_t buflen,
-		       struct iphdr **iph, uint32_t *iph_len,
+int udp4_payload_split(uint8_t *pkt, size_t buflen,
+		       struct iphdr **iph, size_t *iph_len,
 		       struct udphdr **udph,
-		       uint8_t **payload, uint32_t *plen);
+		       uint8_t **payload, size_t *plen);
 
-int udp6_payload_split(uint8_t *pkt, uint32_t buflen,
-		       struct ip6_hdr **iph, uint32_t *iph_len,
+int udp6_payload_split(uint8_t *pkt, size_t buflen,
+		       struct ip6_hdr **iph, size_t *iph_len,
 		       struct udphdr **udph,
-		       uint8_t **payload, uint32_t *plen);
+		       uint8_t **payload, size_t *plen);
 
-int udp_payload_split(uint8_t *pkt, uint32_t buflen,
-		      void **iph, uint32_t *iph_len,
+int udp_payload_split(uint8_t *pkt, size_t buflen,
+		      void **iph, size_t *iph_len,
 		      struct udphdr **udph,
-		      uint8_t **payload, uint32_t *plen);
+		      uint8_t **payload, size_t *plen);
 
 void tcp4_set_checksum(struct tcphdr *tcph, struct iphdr *iph);
 void ip4_set_checksum(struct iphdr *iph);
 void ip6_set_checksum(struct ip6_hdr *iph);
 void tcp6_set_checksum(struct tcphdr *tcph, struct ip6_hdr *iph);
+void udp4_set_checksum(struct udphdr *udph, struct iphdr *iph);
+void udp6_set_checksum(struct udphdr *udph, struct ip6_hdr *iph);
 
-int  set_ip_checksum(void *iph, uint32_t iphb_len);
-int  set_tcp_checksum(struct tcphdr *tcph, void *iph, uint32_t iphb_len);
+int  set_ip_checksum(void *iph, size_t iphb_len);
+int  set_tcp_checksum(struct tcphdr *tcph, void *iph, size_t iphb_len);
+int  set_udp_checksum(struct udphdr *udph, void *iph, size_t iphb_len);
 
 void z_function(const char *str, int *zbuf, size_t len);
 
 /**
  * Shifts data left delta bytes. Fills delta buffer with zeroes.
  */
-void shift_data(uint8_t *data, uint32_t dlen, uint32_t delta);
+void shift_data(uint8_t *data, size_t dlen, size_t delta);
 
 
 struct failing_strategy {
 	unsigned int strategy;
 	uint8_t faking_ttl;
-	uint32_t randseq_offset;
+	size_t randseq_offset;
 };
 
 
@@ -142,18 +164,32 @@ struct fake_type {
 	struct failing_strategy strategy;
 };
 
+struct udp_failing_strategy {
+	unsigned int strategy;
+	uint8_t faking_ttl;
+};
+
+struct udp_fake_type {
+	uint16_t fake_len;
+
+	// faking strategy of the fake packet.
+	// Does not support bitmask, pass standalone strategy.
+	// Pass 0 if you don't want any faking procedures.
+	struct udp_failing_strategy strategy;
+};
+
 /**
  * Invalidates the raw packet. The function aims to invalid the packet
  * in such way as it will be accepted by DPI, but dropped by target server
  *
  * Does not support bitmask, pass standalone strategy.
  */
-int fail_packet(struct failing_strategy strategy, uint8_t *payload, uint32_t *plen, uint32_t avail_buflen);
+int fail_packet(struct failing_strategy strategy, uint8_t *payload, size_t *plen, size_t avail_buflen);
 
 /**
  * Shifts the payload right and pushes zeroes before it. Useful for TCP TLS faking.
  */
-int seqovl_packet(uint8_t *payload, uint32_t *plen, uint32_t seq_delta);
+int seqovl_packet(uint8_t *payload, size_t *plen, size_t seq_delta);
 
 
 
@@ -161,7 +197,7 @@ static inline struct failing_strategy args_default_failing_strategy(const struct
 	struct failing_strategy fl_strat = {
 		.strategy = (unsigned int)section->faking_strategy,
 		.faking_ttl = section->faking_ttl,
-		.randseq_offset = (uint32_t)section->fakeseq_offset
+		.randseq_offset = (size_t)section->fakeseq_offset
 	};
 	return fl_strat;
 }

src/youtubeUnblock.c

@@ -0,0 +1,990 @@
+/*
+  youtubeUnblock - https://github.com/Waujito/youtubeUnblock
+
+  Copyright (C) 2024-2025 Vadim Vetrov <vetrovvd@gmail.com>
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
+#define _GNU_SOURCE
+#ifndef __linux__
+#error "The package is linux only!"
+#endif
+
+#ifdef KERNEL_SPACE
+#error "The build aims to the kernel, not userspace"
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+
+/* Warning is ok, use this for Entware */
+#include <libnetfilter_queue/linux_nfnetlink_queue.h>
+
+#include <libmnl/libmnl.h>
+#include <libnetfilter_queue/libnetfilter_queue.h>
+#include <libnetfilter_queue/libnetfilter_queue_ipv4.h>
+#include <libnetfilter_queue/libnetfilter_queue_tcp.h>
+#include <libnetfilter_queue/libnetfilter_queue_udp.h>
+#include <libnetfilter_queue/pktbuff.h>
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
+#include <netinet/udp.h>
+
+#include <linux/if_ether.h>
+#include <linux/netfilter.h>
+#include <pthread.h>
+#include <sys/socket.h>
+#include <signal.h>
+
+#include "config.h"
+#include "mangle.h"
+#include "args.h"
+#include "utils.h"
+#include "logging.h"
+
+pthread_mutex_t rawsocket_lock;
+int rawsocket = -2;
+
+pthread_mutex_t raw6socket_lock;
+int raw6socket = -2;
+
+static struct config_t *cur_config = NULL;
+
+static int open_socket(struct mnl_socket **_nl) {
+	struct mnl_socket *nl = NULL;
+	nl = mnl_socket_open(NETLINK_NETFILTER);
+
+	if (nl == NULL) {
+		lgerror(-errno, "mnl_socket_open");
+		return -1;
+	}
+
+	if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) {
+		lgerror(-errno, "mnl_socket_bind");
+		mnl_socket_close(nl);
+		return -1;
+	}
+
+	*_nl = nl;
+
+	return 0;
+}
+
+
+static int close_socket(struct mnl_socket **_nl) {
+	struct mnl_socket *nl = *_nl;
+	if (nl == NULL) return 1;
+	if (mnl_socket_close(nl) < 0) {
+		lgerror(-errno, "mnl_socket_close");
+		return -1;
+	}
+
+	*_nl = NULL;
+
+	return 0;
+}
+
+static int open_raw_socket(void) {
+	if (rawsocket != -2) {
+		errno = EALREADY;
+		lgerror(-errno, "Raw socket is already opened");
+		return -1;
+	}
+	
+	rawsocket = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
+	if (rawsocket == -1) {
+		lgerror(-errno, "Unable to create raw socket");
+		return -1;
+	}
+
+	int mark = cur_config->mark;
+	if (setsockopt(rawsocket, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) < 0)
+	{
+		lgerror(-errno, "setsockopt(SO_MARK, %d) failed", mark);
+		return -1;
+	}
+
+	int mst = pthread_mutex_init(&rawsocket_lock, NULL);
+	if (mst) {
+		lgerror(-errno, "Mutex err: %d", mst);
+		close(rawsocket);
+		errno = mst;
+
+		return -1;
+	}
+
+
+	return rawsocket;
+}
+
+static int close_raw_socket(void) {
+	if (rawsocket < 0) {
+		errno = EALREADY;
+		lgerror(-errno, "Raw socket is not set");
+		return -1;
+	}
+
+	if (close(rawsocket)) {
+		lgerror(-errno, "Unable to close raw socket");
+		pthread_mutex_destroy(&rawsocket_lock);
+		return -1;
+	}
+
+	pthread_mutex_destroy(&rawsocket_lock);
+
+	rawsocket = -2;
+	return 0;
+}
+
+static int open_raw6_socket(void) {
+	if (raw6socket != -2) {
+		errno = EALREADY;
+		lgerror(-errno, "Raw socket is already opened");
+		return -1;
+	}
+	
+	raw6socket = socket(AF_INET6, SOCK_RAW, IPPROTO_RAW);
+	if (rawsocket == -1) {
+		lgerror(-errno, "Unable to create raw socket");
+		return -1;
+	}
+
+	int mark = cur_config->mark;
+	if (setsockopt(raw6socket, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) < 0)
+	{
+		lgerror(-errno, "setsockopt(SO_MARK, %d) failed", mark);
+		return -1;
+	}
+
+	int mst = pthread_mutex_init(&raw6socket_lock, NULL);
+	if (mst) {
+		lgerror(-errno, "Mutex err: %d", mst);
+		close(raw6socket);
+
+		return -1;
+	}
+
+
+	return raw6socket;
+}
+
+static int close_raw6_socket(void) {
+	if (raw6socket < 0) {
+		errno = EALREADY;
+		lgerror(-errno, "Raw socket is not set");
+		return -1;
+	}
+
+	if (close(raw6socket)) {
+		lgerror(-errno, "Unable to close raw socket");
+		pthread_mutex_destroy(&rawsocket_lock);
+		return -1;
+	}
+
+	pthread_mutex_destroy(&raw6socket_lock);
+
+	raw6socket = -2;
+	return 0;
+}
+
+/*
+ * libnetfilter_conntrack
+ * (C) 2005-2012 by Pablo Neira Ayuso <pablo@netfilter.org>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This code has been sponsored by Vyatta Inc. <http://www.vyatta.com>
+ */
+
+enum ctattr_counters {
+	CTA_COUNTERS_UNSPEC,
+	CTA_COUNTERS_PACKETS,		/* 64bit counters */
+	CTA_COUNTERS_BYTES,		/* 64bit counters */
+	CTA_COUNTERS32_PACKETS,		/* old 32bit counters, unused */
+	CTA_COUNTERS32_BYTES,		/* old 32bit counters, unused */
+	CTA_COUNTERS_PAD,
+	__CTA_COUNTERS_MAX
+};
+#define CTA_COUNTERS_MAX (__CTA_COUNTERS_MAX - 1)
+
+enum ctattr_type {
+	CTA_UNSPEC,
+	CTA_TUPLE_ORIG,
+	CTA_TUPLE_REPLY,
+	CTA_STATUS,
+	CTA_PROTOINFO,
+	CTA_HELP,
+	CTA_NAT_SRC,
+#define CTA_NAT	CTA_NAT_SRC	/* backwards compatibility */
+	CTA_TIMEOUT,
+	CTA_MARK,
+	CTA_COUNTERS_ORIG,
+	CTA_COUNTERS_REPLY,
+	CTA_USE,
+	CTA_ID,
+	CTA_NAT_DST,
+	CTA_TUPLE_MASTER,
+	CTA_SEQ_ADJ_ORIG,
+	CTA_NAT_SEQ_ADJ_ORIG	= CTA_SEQ_ADJ_ORIG,
+	CTA_SEQ_ADJ_REPLY,
+	CTA_NAT_SEQ_ADJ_REPLY	= CTA_SEQ_ADJ_REPLY,
+	CTA_SECMARK,		/* obsolete */
+	CTA_ZONE,
+	CTA_SECCTX,
+	CTA_TIMESTAMP,
+	CTA_MARK_MASK,
+	CTA_LABELS,
+	CTA_LABELS_MASK,
+	CTA_SYNPROXY,
+	CTA_FILTER,
+	CTA_STATUS_MASK,
+	__CTA_MAX
+};
+#define CTA_MAX (__CTA_MAX - 1)
+
+enum {
+	__DIR_ORIG,
+	__DIR_REPL
+};
+
+static int 
+yct_parse_counters_attr_cb(const struct nlattr *attr, void *data)
+{
+	const struct nlattr **tb = data;
+	int type = mnl_attr_get_type(attr);
+
+	if (mnl_attr_type_valid(attr, CTA_COUNTERS_MAX) < 0)
+		return MNL_CB_OK;
+
+	switch(type) {
+	case CTA_COUNTERS_PACKETS:
+	case CTA_COUNTERS_BYTES:
+		if (mnl_attr_validate(attr, MNL_TYPE_U64) < 0)
+			return MNL_CB_ERROR;
+		break;
+	case CTA_COUNTERS32_PACKETS:
+	case CTA_COUNTERS32_BYTES:
+		if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
+			return MNL_CB_ERROR;
+		break;
+	}
+	tb[type] = attr;
+	return MNL_CB_OK;
+}
+
+static int
+yct_parse_counters(const struct nlattr *attr, struct ytb_conntrack *yct,
+		   int dir)
+{
+	struct nlattr *tb[CTA_COUNTERS_MAX+1] = {0};
+
+	if (mnl_attr_parse_nested(attr, yct_parse_counters_attr_cb, tb) < 0)
+		return -1;
+
+	if (tb[CTA_COUNTERS_PACKETS] || tb[CTA_COUNTERS32_PACKETS]) {
+		uint64_t packets_counter;
+		if (tb[CTA_COUNTERS32_PACKETS]) {
+			packets_counter =
+			ntohl(mnl_attr_get_u32(tb[CTA_COUNTERS32_PACKETS]));
+		}
+		if (tb[CTA_COUNTERS_PACKETS]) {
+			packets_counter =
+			be64toh(mnl_attr_get_u64(tb[CTA_COUNTERS_PACKETS]));
+		}
+		switch(dir) {
+		case __DIR_ORIG:
+			yct->orig_packets = packets_counter;
+			yct_set_mask_attr(YCTATTR_ORIG_PACKETS, yct);
+			break;
+		case __DIR_REPL:
+			yct->repl_packets = packets_counter;
+			yct_set_mask_attr(YCTATTR_REPL_PACKETS, yct);
+			break;
+		}
+	}
+	if (tb[CTA_COUNTERS_BYTES] || tb[CTA_COUNTERS32_BYTES]) {
+		uint64_t bytes_counter;
+		if (tb[CTA_COUNTERS32_BYTES]) {
+			bytes_counter =
+			ntohl(mnl_attr_get_u32(tb[CTA_COUNTERS32_BYTES]));
+		}
+		if (tb[CTA_COUNTERS_BYTES]) {
+			bytes_counter =
+			be64toh(mnl_attr_get_u64(tb[CTA_COUNTERS_BYTES]));
+		}
+
+		switch(dir) {
+		case __DIR_ORIG:
+			yct->orig_bytes = bytes_counter;
+			yct_set_mask_attr(YCTATTR_ORIG_BYTES, yct);
+			break;
+		case __DIR_REPL:
+			yct->repl_bytes = bytes_counter;
+			yct_set_mask_attr(YCTATTR_REPL_BYTES, yct);
+			break;
+		}
+	}
+
+	return 0;
+}
+
+static int 
+yct_parse_conntrack_attr_cb(const struct nlattr *attr, void *data){
+	const struct nlattr **tb = data;
+	int type = mnl_attr_get_type(attr);
+
+	if (mnl_attr_type_valid(attr, CTA_MAX) < 0)
+		return MNL_CB_OK;
+
+	switch(type) {
+	case CTA_TUPLE_ORIG:
+	case CTA_TUPLE_REPLY:
+	case CTA_TUPLE_MASTER:
+	case CTA_NAT_SEQ_ADJ_ORIG:
+	case CTA_NAT_SEQ_ADJ_REPLY:
+	case CTA_PROTOINFO:
+	case CTA_COUNTERS_ORIG:
+	case CTA_COUNTERS_REPLY:
+	case CTA_HELP:
+	case CTA_SECCTX:
+	case CTA_TIMESTAMP:
+		if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0)
+			return MNL_CB_ERROR;
+		break;
+	case CTA_STATUS:
+	case CTA_TIMEOUT:
+	case CTA_MARK:
+	case CTA_SECMARK:
+	case CTA_USE:
+	case CTA_ID:
+		if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
+			return MNL_CB_ERROR;
+		break;
+	case CTA_ZONE:
+		if (mnl_attr_validate(attr, MNL_TYPE_U16) < 0)
+			return MNL_CB_ERROR;
+		break;
+	case CTA_NAT_SRC:
+	case CTA_NAT_DST:
+		/* deprecated */
+		break;
+	}
+	tb[type] = attr;
+	return MNL_CB_OK;
+}
+
+static int 
+yct_payload_parse(const void *payload, size_t payload_len,
+		   uint16_t l3num, struct ytb_conntrack *yct)
+{
+	struct nlattr *tb[CTA_MAX+1] = {0};
+
+	if (mnl_attr_parse_payload(payload, payload_len,
+				   yct_parse_conntrack_attr_cb, tb) < 0)
+		return -1;
+
+	if (tb[CTA_MARK]) {
+		yct->connmark = ntohl(mnl_attr_get_u32(tb[CTA_MARK]));
+		yct_set_mask_attr(YCTATTR_CONNMARK, yct);
+	}
+
+
+	if (tb[CTA_COUNTERS_ORIG]) {
+		if (yct_parse_counters(tb[CTA_COUNTERS_ORIG],
+					yct, __DIR_ORIG) < 0)
+			return -1;
+	}
+
+	if (tb[CTA_ID]) {
+		yct->id = ntohl(mnl_attr_get_u32(tb[CTA_ID]));
+		yct_set_mask_attr(YCTATTR_CONNID, yct);
+	}
+
+	if (tb[CTA_COUNTERS_REPLY]) {
+		if (yct_parse_counters(tb[CTA_COUNTERS_REPLY],
+					yct, __DIR_REPL) < 0)
+			return -1;
+	}
+
+	return 0;
+}
+
+static int send_raw_ipv4(const uint8_t *pkt, size_t pktlen) {
+	int ret;
+	if (pktlen > AVAILABLE_MTU) return -ENOMEM;
+
+	struct iphdr *iph;
+
+	if ((ret = ip4_payload_split(
+	(uint8_t *)pkt, pktlen, &iph, NULL, NULL, NULL)) < 0) {
+		errno = -ret;
+		return ret;
+	}
+
+	struct sockaddr_in daddr = {
+		.sin_family = AF_INET,
+		/* Always 0 for raw socket */
+		.sin_port = 0,
+		.sin_addr = {
+			.s_addr = iph->daddr
+		}
+	};
+
+	if (cur_config->threads != 1)
+		pthread_mutex_lock(&rawsocket_lock);
+
+	int sent = sendto(rawsocket, 
+	    pkt, pktlen, MSG_DONTWAIT, 
+	    (struct sockaddr *)&daddr, sizeof(daddr));
+
+	if (cur_config->threads != 1)
+		pthread_mutex_unlock(&rawsocket_lock);
+
+	/* The function will return -errno on error as well as errno value set itself */
+	if (sent < 0) sent = -errno;
+
+	return sent;
+}
+
+static int send_raw_ipv6(const uint8_t *pkt, size_t pktlen) {
+	int ret;
+	if (pktlen > AVAILABLE_MTU) return -ENOMEM;
+
+	struct ip6_hdr *iph;
+
+	if ((ret = ip6_payload_split(
+	(uint8_t *)pkt, pktlen, &iph, NULL, NULL, NULL)) < 0) {
+		errno = -ret;
+		return ret;
+	}
+
+	struct sockaddr_in6 daddr = {
+		.sin6_family = AF_INET6,
+		/* Always 0 for raw socket */
+		.sin6_port = 0,
+		.sin6_addr = iph->ip6_dst
+	};
+
+	if (cur_config->threads != 1)
+		pthread_mutex_lock(&rawsocket_lock);
+
+	int sent = sendto(raw6socket, 
+	    pkt, pktlen, MSG_DONTWAIT, 
+	    (struct sockaddr *)&daddr, sizeof(daddr));
+
+	lgtrace_addp("rawsocket sent %d", sent);
+
+	if (cur_config->threads != 1)
+		pthread_mutex_unlock(&rawsocket_lock);
+
+	/* The function will return -errno on error as well as errno value set itself */
+	if (sent < 0) sent = -errno;
+
+	return sent;
+}
+
+static int send_raw_socket(const uint8_t *pkt, size_t pktlen) {
+	int ret;
+
+	if (pktlen > AVAILABLE_MTU) {
+		lgtrace("Split packet!");
+
+		size_t buff1_size = pktlen;
+		uint8_t *buff1 = malloc(buff1_size);
+		if (buff1 == NULL) {
+			lgerror(-ENOMEM, "Allocation error");
+			return -ENOMEM;
+		}
+		size_t buff2_size = pktlen;
+		uint8_t *buff2 = malloc(buff2_size);
+		if (buff2 == NULL) {
+			lgerror(-ENOMEM, "Allocation error");
+			free(buff1);
+			return -ENOMEM;
+		}
+
+		if ((ret = tcp_frag(pkt, pktlen, AVAILABLE_MTU-128,
+			buff1, &buff1_size, buff2, &buff2_size)) < 0) {
+
+			goto erret_lc;
+		}
+
+		int sent = 0;
+		ret = send_raw_socket(buff1, buff1_size);
+
+		if (ret >= 0) sent += ret;
+		else {
+			goto erret_lc;
+		}
+
+		ret = send_raw_socket(buff2, buff2_size);
+		if (ret >= 0) sent += ret;
+		else {
+			goto erret_lc;
+		}
+
+		free(buff1);
+		free(buff2);
+		return sent;
+erret_lc:
+		free(buff1);
+		free(buff2);
+		return ret;
+	}
+	
+	++global_stats.sent_counter;
+	int ipvx = netproto_version(pkt, pktlen);
+
+	if (ipvx == IP4VERSION) {
+		ret = send_raw_ipv4(pkt, pktlen);
+	} else if (ipvx == IP6VERSION) {
+		ret = send_raw_ipv6(pkt, pktlen);
+	} else {
+		printf("proto version %d is unsupported\n", ipvx);
+		return -EINVAL;
+	}
+
+	lgtrace_addp("raw_sock_send: %d", ret);
+	return ret;
+}
+
+
+// Per-queue data. Passed to queue_cb.
+struct queue_data {
+	struct mnl_socket **_nl;
+	int queue_num;
+};
+
+/**
+ * Used to accept unsupported packets (GSOs)
+ */
+static int fallback_accept_packet(uint32_t id, struct queue_data qdata) {
+	char buf[MNL_SOCKET_BUFFER_SIZE];
+	struct nlmsghdr *verdnlh;
+        verdnlh = nfq_nlmsg_put(buf, NFQNL_MSG_VERDICT, qdata.queue_num);
+        nfq_nlmsg_verdict_put(verdnlh, id, NF_ACCEPT);
+
+        if (mnl_socket_sendto(*qdata._nl, verdnlh, verdnlh->nlmsg_len) < 0) {
+                lgerror(-errno, "mnl_socket_send");
+                return MNL_CB_ERROR;
+        }
+
+        return MNL_CB_OK;
+}
+
+
+struct dps_t {
+	uint8_t *pkt;
+	size_t pktlen;
+	// Time for the packet in milliseconds
+	uint32_t timer;
+};
+// Note that the thread will automatically release dps_t and pkt_buff
+void *delay_packet_send_fn(void *data) {
+	struct dps_t *dpdt = data;
+
+	uint8_t *pkt = dpdt->pkt;
+	size_t pktlen = dpdt->pktlen;
+
+	usleep(dpdt->timer * 1000);
+	int ret = send_raw_socket(pkt, pktlen);
+	if (ret < 0) {
+		errno = -ret;
+		lgerror(-errno, "send delayed raw packet");
+	}
+
+	free(pkt);
+	free(dpdt);
+	return NULL;
+}
+
+int delay_packet_send(const unsigned char *data, size_t data_len, unsigned int delay_ms) {
+	int ret;
+
+	struct dps_t *dpdt = malloc(sizeof(struct dps_t));
+	if (dpdt == NULL) {
+		return -ENOMEM;
+	}
+	*dpdt = (struct dps_t){0};
+
+	dpdt->pkt = malloc(data_len);
+	if (dpdt->pkt == NULL) {
+		free(dpdt);
+		return -ENOMEM;
+	}
+	memcpy(dpdt->pkt, data, data_len);
+
+	dpdt->pktlen = data_len;
+	dpdt->timer = delay_ms;
+	pthread_t thr = {0};
+	ret = pthread_create(&thr, NULL, delay_packet_send_fn, dpdt);
+	if (ret != 0) {
+		free(dpdt->pkt);
+		free(dpdt);
+		return -ret;
+	}
+
+	ret = pthread_detach(thr);
+
+	lgtrace_addp("Scheduled packet send after %d ms", delay_ms);
+
+	return 0;
+}
+
+static int queue_cb(const struct nlmsghdr *nlh, void *data) {
+	char buf[MNL_SOCKET_BUFFER_SIZE];
+	
+	struct queue_data *qdata = data;
+
+	struct nfqnl_msg_packet_hdr *ph = NULL;
+        struct nlattr *attr[NFQA_MAX+1] = {0};
+	struct packet_data packet = {0};
+	struct ytb_conntrack *yct = &packet.yct;
+	struct nfgenmsg *nfg;
+	struct nlmsghdr *verdnlh;
+	int ret;
+	uint16_t l3num;	
+	uint32_t id;
+
+	++global_stats.all_packet_counter;
+
+        if (nfq_nlmsg_parse(nlh, attr) < 0) {
+                lgerror(-errno, "Attr parse");
+                return MNL_CB_ERROR;
+        }
+ 
+        if (attr[NFQA_PACKET_HDR] == NULL) {
+		errno = ENODATA;
+                lgerror(-errno, "Metaheader not set");
+                return MNL_CB_ERROR;
+        }
+
+	nfg = mnl_nlmsg_get_payload(nlh);
+	l3num = nfg->nfgen_family;
+
+        ph = mnl_attr_get_payload(attr[NFQA_PACKET_HDR]);
+
+        id = ntohl(ph->packet_id);
+
+        packet.payload_len = mnl_attr_get_payload_len(attr[NFQA_PAYLOAD]);
+        packet.payload = mnl_attr_get_payload(attr[NFQA_PAYLOAD]);
+
+	if (attr[NFQA_CAP_LEN] != NULL && ntohl(mnl_attr_get_u32(attr[NFQA_CAP_LEN])) != packet.payload_len) {
+		lgerr("The packet was truncated! Skip!");
+		return fallback_accept_packet(id, *qdata);
+	}
+
+	if (attr[NFQA_MARK] != NULL) {
+		// Skip packets sent by rawsocket to escape infinity loop.
+		if ((ntohl(mnl_attr_get_u32(attr[NFQA_MARK])) & cur_config->mark) == 
+			cur_config->mark) {
+			return fallback_accept_packet(id, *qdata);
+		}
+	}
+
+	if (attr[NFQA_CT] != NULL) {
+		ret = yct_payload_parse(
+			mnl_attr_get_payload(attr[NFQA_CT]),
+			mnl_attr_get_payload_len(attr[NFQA_CT]),
+			l3num, yct);
+		if (ret < 0) {
+			lgerror(ret, "Cannot parse CT");
+
+			goto ct_out;
+		}
+	
+		lgtrace("[CONNTRACK TRACE] orig_packets=%lu repl_packets=%lu orig_bytes=%lu repl_bytes=%lu connmark=%d id=%ud\n", yct->orig_packets, yct->repl_packets, yct->orig_bytes, yct->repl_bytes, yct->connmark, yct->id);
+
+	}
+
+ct_out:
+	verdnlh = nfq_nlmsg_put(buf, NFQNL_MSG_VERDICT, qdata->queue_num);
+
+	ret = process_packet(cur_config, &packet);
+
+	++global_stats.packet_counter;
+
+	switch (ret) {
+		case PKT_DROP:
+			++global_stats.target_counter;
+			nfq_nlmsg_verdict_put(verdnlh, id, NF_DROP);
+			break;
+		default:
+			nfq_nlmsg_verdict_put(verdnlh, id, NF_ACCEPT);
+			break;
+	}
+
+        if (mnl_socket_sendto(*qdata->_nl, verdnlh, verdnlh->nlmsg_len) < 0) {
+                lgerror(-errno, "mnl_socket_send");
+                return MNL_CB_ERROR;
+        }
+	
+	return MNL_CB_OK;
+}
+
+#define BUF_SIZE (0xffff + (MNL_SOCKET_BUFFER_SIZE / 2))
+
+int init_queue(int queue_num) {
+	struct mnl_socket *nl;
+
+	if (open_socket(&nl)) {
+		lgerror(-errno, "Unable to open socket");
+		return -1;
+	}
+
+	uint32_t portid = mnl_socket_get_portid(nl);
+
+	struct nlmsghdr *nlh;
+	char *buf = malloc(BUF_SIZE);
+	if (buf == NULL) {
+		lgerror(-ENOMEM, "Allocation error");
+		goto die_alloc;
+	}
+
+	/* Support for kernels versions < 3.8 */
+	// Obsolete and ignored in kernel version 3.8
+	// https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0360ae412d09bc6f4864c801effcb20bfd84520e
+
+	nlh = nfq_nlmsg_put(buf, NFQNL_MSG_CONFIG, queue_num);
+	nfq_nlmsg_cfg_put_cmd(nlh, PF_INET, NFQNL_CFG_CMD_PF_UNBIND);
+
+	if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
+		lgerror(-errno, "mnl_socket_send");
+		goto die;
+	}
+
+	nlh = nfq_nlmsg_put(buf, NFQNL_MSG_CONFIG, queue_num);
+	nfq_nlmsg_cfg_put_cmd(nlh, PF_INET, NFQNL_CFG_CMD_PF_BIND);
+
+	if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
+		lgerror(-errno, "mnl_socket_send");
+		goto die;
+	}
+
+	if (cur_config->use_ipv6) {
+		nlh = nfq_nlmsg_put(buf, NFQNL_MSG_CONFIG, queue_num);
+		nfq_nlmsg_cfg_put_cmd(nlh, PF_INET6, NFQNL_CFG_CMD_PF_UNBIND);
+
+		if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
+			lgerror(-errno, "mnl_socket_send");
+			goto die;
+		}
+
+		nlh = nfq_nlmsg_put(buf, NFQNL_MSG_CONFIG, queue_num);
+		nfq_nlmsg_cfg_put_cmd(nlh, PF_INET6, NFQNL_CFG_CMD_PF_BIND);
+
+		if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
+			lgerror(-errno, "mnl_socket_send");
+			goto die;
+		}
+	}
+	/* End of support for kernel versions < 3.8 */
+
+	nlh = nfq_nlmsg_put(buf, NFQNL_MSG_CONFIG, queue_num);
+	nfq_nlmsg_cfg_put_cmd(nlh, AF_INET, NFQNL_CFG_CMD_BIND);
+
+	if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
+		lgerror(-errno, "mnl_socket_send");
+		goto die;
+	}
+
+	nlh = nfq_nlmsg_put(buf, NFQNL_MSG_CONFIG, queue_num);
+	nfq_nlmsg_cfg_put_params(nlh, NFQNL_COPY_PACKET, 0xffff);
+
+	unsigned int cfg_flags = NFQA_CFG_F_GSO | NFQA_CFG_F_CONNTRACK | NFQA_CFG_F_FAIL_OPEN;
+	unsigned int cfg_mask = 0;
+
+	if (cur_config->use_gso) {
+		cfg_mask |= NFQA_CFG_F_GSO;
+	}
+	if (cur_config->use_conntrack) {
+		cfg_mask |= NFQA_CFG_F_CONNTRACK;
+	}
+	cfg_mask |= NFQA_CFG_F_FAIL_OPEN;
+
+	mnl_attr_put_u32(nlh, NFQA_CFG_FLAGS, htonl(cfg_flags));
+	mnl_attr_put_u32(nlh, NFQA_CFG_MASK, htonl(cfg_mask));
+
+
+	if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
+		lgerror(-errno, "mnl_socket_send");
+		goto die;
+	}
+
+
+	/* ENOBUFS is signalled to userspace when packets were lost
+          * on kernel side.  In most cases, userspace isn't interested
+          * in this information, so turn it off.
+          */
+	int ret = 1;
+	mnl_socket_setsockopt(nl, NETLINK_NO_ENOBUFS, &ret, sizeof(int));
+
+	struct queue_data qdata = {
+		._nl = &nl,
+		.queue_num = queue_num
+	};
+
+	lginfo("Queue %d started", qdata.queue_num);
+
+	while (1) {
+		ret = mnl_socket_recvfrom(nl, buf, BUF_SIZE);
+		if (ret == -1) {
+			lgerror(-errno, "mnl_socket_recvfrom");
+			goto die;
+		}
+
+		ret = mnl_cb_run(buf, ret, 0, portid, queue_cb, &qdata);
+		if (ret < 0) {
+			lgerror(ret, "mnl_cb_run");
+			if (ret == -EPERM) {
+				lgerr("Probably another instance of youtubeUnblock with the same queue number is running");
+			} else {
+				lgerr("Make sure the nfnetlink_queue kernel module is loaded");
+			}
+			goto die;
+		}
+	}
+
+
+	free(buf);
+	close_socket(&nl);
+	return 0;
+
+die:
+	free(buf);
+die_alloc:
+	close_socket(&nl);
+	return -1;
+}
+
+// Per-queue config. Used to initialize a queue. Passed to wrapper
+struct queue_conf {
+	uint16_t i;
+	int queue_num;
+};
+
+struct queue_res {
+	int status;
+};
+static struct queue_res defqres = {0};
+
+static struct queue_res threads_reses[MAX_THREADS];
+
+void *init_queue_wrapper(void *qdconf) {
+	struct queue_conf *qconf = qdconf;
+	struct queue_res *thres = threads_reses + qconf->i;
+	
+	thres->status = init_queue(qconf->queue_num);
+
+	lgerror(thres->status, "Thread %d exited with status %d", qconf->i, thres->status);
+
+	return thres;
+}
+
+struct instance_config_t instance_config = {
+	.send_raw_packet = send_raw_socket,
+	.send_delayed_packet = delay_packet_send,
+};
+
+void sigint_handler(int s) {
+	lginfo("youtubeUnblock stats: catched %ld packets, "
+		"processed %ld packets, "
+		"targetted %ld packets, sent over socket %ld packets",
+		global_stats.all_packet_counter, global_stats.packet_counter, 
+		global_stats.target_counter, global_stats.sent_counter);
+
+	exit(EXIT_SUCCESS);
+}
+
+int main(int argc, char *argv[]) {
+	int ret;
+	struct config_t config;
+
+	if ((ret = yparse_args(&config, argc, argv)) != 0) {
+		if (ret < 0) {
+			lgerror(-errno, "Unable to parse args");
+			exit(EXIT_FAILURE);
+		}
+		exit(EXIT_SUCCESS);
+	}
+
+	print_version();
+	print_welcome(&config);
+
+	parse_global_lgconf(&config);
+	cur_config = &config;
+
+	signal(SIGINT, sigint_handler);
+	signal(SIGTERM, sigint_handler);
+
+	if (open_raw_socket() < 0) {
+		lgerror(-errno, "Unable to open raw socket");
+		exit(EXIT_FAILURE);
+	}
+
+	if (config.use_ipv6) {
+		if (open_raw6_socket() < 0) {
+			lgerror(-errno, "Unable to open raw socket for ipv6");
+			close_raw_socket();
+			exit(EXIT_FAILURE);
+		}
+	}
+
+	if (config.daemonize) {
+		daemon(0, config.noclose);
+	}
+
+	struct queue_res *qres = &defqres;
+
+	if (config.threads == 1) {
+		struct queue_conf tconf = {
+			.i = 0,
+			.queue_num = config.queue_start_num
+		};
+
+		qres = init_queue_wrapper(&tconf);
+	} else {
+		lginfo("%d threads wil be used", config.threads);
+
+		struct queue_conf thread_confs[MAX_THREADS];
+		pthread_t threads[MAX_THREADS];
+		for (int i = 0; i < config.threads; i++) {
+			struct queue_conf *tconf = thread_confs + i;
+			pthread_t *thr = threads + i;
+
+			tconf->queue_num = config.queue_start_num + i;
+			tconf->i = i;
+
+			pthread_create(thr, NULL, init_queue_wrapper, tconf);
+		}
+
+		void *res;
+		for (int i = 0; i < config.threads; i++) {
+			pthread_join(threads[i], &res);
+
+			qres = res;
+		}
+	}
+
+	close_raw_socket();
+	if (config.use_ipv6)
+		close_raw6_socket();
+
+	return -qres->status;
+}
+

test/main_fn.c

@@ -0,0 +1,19 @@
+#include "config.h" 
+#include "unity_fixture.h"
+
+struct instance_config_t instance_config = {
+	.send_raw_packet = NULL,
+	.send_delayed_packet = NULL,
+};
+
+static void RunAllTests(void)
+{
+	RUN_TEST_GROUP(TLSTest)
+	RUN_TEST_GROUP(QuicTest);
+	RUN_TEST_GROUP(TrieTest);
+}
+
+int main(int argc, const char * argv[])
+{
+	return UnityMain(argc, argv, RunAllTests);
+}

test/quic.c

@@ -0,0 +1,255 @@
+// RFC 9001 Appendix A.
+static const char quic_testing_payload[] = "\xc0\x00\x00\x00\x01\x08\x83\x94\xc8\xf0\x3e\x51\x57\x08\x00\x00\x44\x9e\x7b\x9a\xec\x34\xd1\xb1\xc9\x8d\xd7\x68\x9f\xb8\xec\x11\xd2\x42\xb1\x23\xdc\x9b\xd8\xba\xb9\x36\xb4\x7d\x92\xec\x35\x6c\x0b\xab\x7d\xf5\x97\x6d\x27\xcd\x44\x9f\x63\x30\x00\x99\xf3\x99\x1c\x26\x0e\xc4\xc6\x0d\x17\xb3\x1f\x84\x29\x15\x7b\xb3\x5a\x12\x82\xa6\x43\xa8\xd2\x26\x2c\xad\x67\x50\x0c\xad\xb8\xe7\x37\x8c\x8e\xb7\x53\x9e\xc4\xd4\x90\x5f\xed\x1b\xee\x1f\xc8\xaa\xfb\xa1\x7c\x75\x0e\x2c\x7a\xce\x01\xe6\x00\x5f\x80\xfc\xb7\xdf\x62\x12\x30\xc8\x37\x11\xb3\x93\x43\xfa\x02\x8c\xea\x7f\x7f\xb5\xff\x89\xea\xc2\x30\x82\x49\xa0\x22\x52\x15\x5e\x23\x47\xb6\x3d\x58\xc5\x45\x7a\xfd\x84\xd0\x5d\xff\xfd\xb2\x03\x92\x84\x4a\xe8\x12\x15\x46\x82\xe9\xcf\x01\x2f\x90\x21\xa6\xf0\xbe\x17\xdd\xd0\xc2\x08\x4d\xce\x25\xff\x9b\x06\xcd\xe5\x35\xd0\xf9\x20\xa2\xdb\x1b\xf3\x62\xc2\x3e\x59\x6d\x11\xa4\xf5\xa6\xcf\x39\x48\x83\x8a\x3a\xec\x4e\x15\xda\xf8\x50\x0a\x6e\xf6\x9e\xc4\xe3\xfe\xb6\xb1\xd9\x8e\x61\x0a\xc8\xb7\xec\x3f\xaf\x6a\xd7\x60\xb7\xba\xd1\xdb\x4b\xa3\x48\x5e\x8a\x94\xdc\x25\x0a\xe3\xfd\xb4\x1e\xd1\x5f\xb6\xa8\xe5\xeb\xa0\xfc\x3d\xd6\x0b\xc8\xe3\x0c\x5c\x42\x87\xe5\x38\x05\xdb\x05\x9a\xe0\x64\x8d\xb2\xf6\x42\x64\xed\x5e\x39\xbe\x2e\x20\xd8\x2d\xf5\x66\xda\x8d\xd5\x99\x8c\xca\xbd\xae\x05\x30\x60\xae\x6c\x7b\x43\x78\xe8\x46\xd2\x9f\x37\xed\x7b\x4e\xa9\xec\x5d\x82\xe7\x96\x1b\x7f\x25\xa9\x32\x38\x51\xf6\x81\xd5\x82\x36\x3a\xa5\xf8\x99\x37\xf5\xa6\x72\x58\xbf\x63\xad\x6f\x1a\x0b\x1d\x96\xdb\xd4\xfa\xdd\xfc\xef\xc5\x26\x6b\xa6\x61\x17\x22\x39\x5c\x90\x65\x56\xbe\x52\xaf\xe3\xf5\x65\x63\x6a\xd1\xb1\x7d\x50\x8b\x73\xd8\x74\x3e\xeb\x52\x4b\xe2\x2b\x3d\xcb\xc2\xc7\x46\x8d\x54\x11\x9c\x74\x68\x44\x9a\x13\xd8\xe3\xb9\x58\x11\xa1\x98\xf3\x49\x1d\xe3\xe7\xfe\x94\x2b\x33\x04\x07\xab\xf8\x2a\x4e\xd7\xc1\xb3\x11\x66\x3a\xc6\x98\x90\xf4\x15\x70\x15\x85\x3d\x91\xe9\x23\x03\x7c\x22\x7a\x33\xcd\xd5\xec\x28\x1c\xa3\xf7\x9c\x44\x54\x6b\x9d\x90\xca\x00\xf0\x64\xc9\x9e\x3d\xd9\x79\x11\xd3\x9f\xe9\xc5\xd0\xb2\x3a\x22\x9a\x23\x4c\xb3\x61\x86\xc4\x81\x9e\x8b\x9c\x59\x27\x72\x66\x32\x29\x1d\x6a\x41\x82\x11\xcc\x29\x62\xe2\x0f\xe4\x7f\xeb\x3e\xdf\x33\x0f\x2c\x60\x3a\x9d\x48\xc0\xfc\xb5\x69\x9d\xbf\xe5\x89\x64\x25\xc5\xba\xc4\xae\xe8\x2e\x57\xa8\x5a\xaf\x4e\x25\x13\xe4\xf0\x57\x96\xb0\x7b\xa2\xee\x47\xd8\x05\x06\xf8\xd2\xc2\x5e\x50\xfd\x14\xde\x71\xe6\xc4\x18\x55\x93\x02\xf9\x39\xb0\xe1\xab\xd5\x76\xf2\x79\xc4\xb2\xe0\xfe\xb8\x5c\x1f\x28\xff\x18\xf5\x88\x91\xff\xef\x13\x2e\xef\x2f\xa0\x93\x46\xae\xe3\x3c\x28\xeb\x13\x0f\xf2\x8f\x5b\x76\x69\x53\x33\x41\x13\x21\x19\x96\xd2\x00\x11\xa1\x98\xe3\xfc\x43\x3f\x9f\x25\x41\x01\x0a\xe1\x7c\x1b\xf2\x02\x58\x0f\x60\x47\x47\x2f\xb3\x68\x57\xfe\x84\x3b\x19\xf5\x98\x40\x09\xdd\xc3\x24\x04\x4e\x84\x7a\x4f\x4a\x0a\xb3\x4f\x71\x95\x95\xde\x37\x25\x2d\x62\x35\x36\x5e\x9b\x84\x39\x2b\x06\x10\x85\x34\x9d\x73\x20\x3a\x4a\x13\xe9\x6f\x54\x32\xec\x0f\xd4\xa1\xee\x65\xac\xcd\xd5\xe3\x90\x4d\xf5\x4c\x1d\xa5\x10\xb0\xff\x20\xdc\xc0\xc7\x7f\xcb\x2c\x0e\x0e\xb6\x05\xcb\x05\x04\xdb\x87\x63\x2c\xf3\xd8\xb4\xda\xe6\xe7\x05\x76\x9d\x1d\xe3\x54\x27\x01\x23\xcb\x11\x45\x0e\xfc\x60\xac\x47\x68\x3d\x7b\x8d\x0f\x81\x13\x65\x56\x5f\xd9\x8c\x4c\x8e\xb9\x36\xbc\xab\x8d\x06\x9f\xc3\x3b\xd8\x01\xb0\x3a\xde\xa2\xe1\xfb\xc5\xaa\x46\x3d\x08\xca\x19\x89\x6d\x2b\xf5\x9a\x07\x1b\x85\x1e\x6c\x23\x90\x52\x17\x2f\x29\x6b\xfb\x5e\x72\x40\x47\x90\xa2\x18\x10\x14\xf3\xb9\x4a\x4e\x97\xd1\x17\xb4\x38\x13\x03\x68\xcc\x39\xdb\xb2\xd1\x98\x06\x5a\xe3\x98\x65\x47\x92\x6c\xd2\x16\x2f\x40\xa2\x9f\x0c\x3c\x87\x45\xc0\xf5\x0f\xba\x38\x52\xe5\x66\xd4\x45\x75\xc2\x9d\x39\xa0\x3f\x0c\xda\x72\x19\x84\xb6\xf4\x40\x59\x1f\x35\x5e\x12\xd4\x39\xff\x15\x0a\xab\x76\x13\x49\x9d\xbd\x49\xad\xab\xc8\x67\x6e\xef\x02\x3b\x15\xb6\x5b\xfc\x5c\xa0\x69\x48\x10\x9f\x23\xf3\x50\xdb\x82\x12\x35\x35\xeb\x8a\x74\x33\xbd\xab\xcb\x90\x92\x71\xa6\xec\xbc\xb5\x8b\x93\x6a\x88\xcd\x4e\x8f\x2e\x6f\xf5\x80\x01\x75\xf1\x13\x25\x3d\x8f\xa9\xca\x88\x85\xc2\xf5\x52\xe6\x57\xdc\x60\x3f\x25\x2e\x1a\x8e\x30\x8f\x76\xf0\xbe\x79\xe2\xfb\x8f\x5d\x5f\xbb\xe2\xe3\x0e\xca\xdd\x22\x07\x23\xc8\xc0\xae\xa8\x07\x8c\xdf\xcb\x38\x68\x26\x3f\xf8\xf0\x94\x00\x54\xda\x48\x78\x18\x93\xa7\xe4\x9a\xd5\xaf\xf4\xaf\x30\x0c\xd8\x04\xa6\xb6\x27\x9a\xb3\xff\x3a\xfb\x64\x49\x1c\x85\x19\x4a\xab\x76\x0d\x58\xa6\x06\x65\x4f\x9f\x44\x00\xe8\xb3\x85\x91\x35\x6f\xbf\x64\x25\xac\xa2\x6d\xc8\x52\x44\x25\x9f\xf2\xb1\x9c\x41\xb9\xf9\x6f\x3c\xa9\xec\x1d\xde\x43\x4d\xa7\xd2\xd3\x92\xb9\x05\xdd\xf3\xd1\xf9\xaf\x93\xd1\xaf\x59\x50\xbd\x49\x3f\x5a\xa7\x31\xb4\x05\x6d\xf3\x1b\xd2\x67\xb6\xb9\x0a\x07\x98\x31\xaa\xf5\x79\xbe\x0a\x39\x01\x31\x37\xaa\xc6\xd4\x04\xf5\x18\xcf\xd4\x68\x40\x64\x7e\x78\xbf\xe7\x06\xca\x4c\xf5\xe9\xc5\x45\x3e\x9f\x7c\xfd\x2b\x8b\x4c\x8d\x16\x9a\x44\xe5\x5c\x88\xd4\xa9\xa7\xf9\x47\x42\x41\xe2\x21\xaf\x44\x86\x00\x18\xab\x08\x56\x97\x2e\x19\x4c\xd9\x34";
+static const char quic_decrypted_header[] = "\xc3\x00\x00\x00\x01\x08\x83\x94\xc8\xf0\x3e\x51\x57\x08\x00\x00\x44\x9e\x00\x00\x00\x02";
+static const char quic_decrypted_crypto[] = "\x06\x00\x40\xf1\x01\x00\x00\xed\x03\x03\xeb\xf8\xfa\x56\xf1\x29\x39\xb9\x58\x4a\x38\x96\x47\x2e\xc4\x0b\xb8\x63\xcf\xd3\xe8\x68\x04\xfe\x3a\x47\xf0\x6a\x2b\x69\x48\x4c\x00\x00\x04\x13\x01\x13\x02\x01\x00\x00\xc0\x00\x00\x00\x10\x00\x0e\x00\x00\x0b\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d\xff\x01\x00\x01\x00\x00\x0a\x00\x08\x00\x06\x00\x1d\x00\x17\x00\x18\x00\x10\x00\x07\x00\x05\x04\x61\x6c\x70\x6e\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\x33\x00\x26\x00\x24\x00\x1d\x00\x20\x93\x70\xb2\xc9\xca\xa4\x7f\xba\xba\xf4\x55\x9f\xed\xba\x75\x3d\xe1\x71\xfa\x71\xf5\x0f\x1c\xe1\x5d\x43\xe9\x94\xec\x74\xd7\x48\x00\x2b\x00\x03\x02\x03\x04\x00\x0d\x00\x10\x00\x0e\x04\x03\x05\x03\x06\x03\x02\x03\x08\x04\x08\x05\x08\x06\x00\x2d\x00\x02\x01\x01\x00\x1c\x00\x02\x40\x01\x00\x39\x00\x32\x04\x08\xff\xff\xff\xff\xff\xff\xff\xff\x05\x04\x80\x00\xff\xff\x07\x04\x80\x00\xff\xff\x08\x01\x10\x01\x04\x80\x00\x75\x30\x09\x01\x10\x0f\x08\x83\x94\xc8\xf0\x3e\x51\x57\x08\x06\x04\x80\x00\xff\xff";
+static const int quic_padding_len = 917;
+
+// Just a QUIC payload but with sparse frames (like ping, padding, ping, crypto 0, padding, ping, ping, padding, ping, crypto 425, padding)
+static const char quic_sparse_payload[] = "\306\000\000\000\001\bB\302\246\317\237]S\226\000\000D\320\372/\3503Ac\222\312\360\355\030\223\231\340\360\022\222e\177$@\270\312\006\205-\267\304\207\036Zq?\246\2072zza\272\337\365'\335_\246\255\2502\347\245r\217>\2556\t\033\347\234w*Q4\003\330\270\037\271\004\346\254B(G\022\356\232\221P\357\305>\301T\331J xv.<\224\344Q\267\v\017b\254\260f\313\232\2213D:F\371\214\177\342C\234\022\301\316\277\342/\027\337X\317\250\200N< 6y\313\r\224\310i\263-\212\372\030\264Z\003#D4\234\315\205H\373\227\026yx\245d\375\211U\223\235\204\236\"T\255i\001\3308)ca%\243\376.mMc\225\b&\276\245n\233V\300\334\261\261\247\266(\334kA\314\250\261\271\353\nC\034\273\276\324\361J\341\017\361N\212\3128\261\233z\267|\344\260d\376\344\342\357\336\255X\366w\313\225C\022\022s\256\202\3568k!\177\025\375K~\224y\216\022\341\376\230\024\346\212l\025\253\300\256\031\360O\200|\331\342\315=I\306dS\030\306\320\212\177\356\350\207\360D7\177\agQ\"\031o6\202\352k\206]\210\370k5k\252\221\254\245\364\333\247\310\207\024\202Q#\314\214\264\341R?UL\340\271\313\213nj\217;\rU\304C\274\361[\327\002\321\372\212LO\325\324\237<\336\361<\205\331w\177`\210\\\276\304\314\220\235\3437\206g\323\275\036\a\033A!\254\217\341\277y6\211\304\031`-d\207wj\037\334MjY'!\327\245\002\255;\b\251\215\tY\310/\366N\224\206\027\037*\311\235\302\236=\377C\264\343o\255\264f\235%\036\026y\353\271(\3160\343*\300>\214&}\177-\363jj\336\204'\266\310\210\312\347\211h)\351\031\325\231\332\177\332#\3552bC\2775)\336\353\271gY\305\315`\212\342\325\376\250\2235y\a\315b\200R\361S\022\333\f\023\r\313\370\267\n\205\314\374\257\376\211\304Y?}.u\244b\315\221\264\211\371\256\224\332C\333@\025\027nb)G\360S\326_\277\362\201\365]\2745\376\253#\251\240\224=\316Y_\233\260\302\260\227.}\260\226\244\241r\320\347_\2273V\237\0262\375^\374F\266!\036k\346\352\204\222\300VuN\027\216\"\2531j\330\222\335\354Uz\367,\376\201\272O\177\376\026\220:?\n\202S\220\373\343\333'+%*rW\n\177Y{\347\211\357+\364(\270\034\207\371\221>\200Ua\026\034\235e\246D\036\352X\202\350\036\303\231\210\351j+\227e\352il\362\273`\360\361\304e\356\206\321\2232\327]\246\325\273\361\233G\336n\212.\335\250\t\177\233$\243\334<\304%\332\000\346\2777\343c\026`|\222\3666\207\021\034\001~\206\221I\f\316\f\006\000\036~\313kH\243L\343B\261Yg\031\362\324\370-\260B\330?e>fd\r\3544\\\312E\231\000\210oZ\033s\207\220\36379f=\017\032\256~\222\377!q\270w\305!\312o\343\035_\003U\313P\356\363^\016o\203,Yf \354\321\0038:\363I\300\215+h\316\305\257\305\002\t\232c\333'~\341\352\3170\362\244A\211\360\272\371\321\371Q\b\237\3076s.\032\322k\202,\345\374\266\233b OS\035\b*\242J\265\215\357\317\325\356\322\031g\2610G]\272i\265\\,\226\237\323\355\351\237\345\032b\364\347\250\227\217\323\353Y\002q[\335\365\034\363$*\312\231\317\302}\2600~\261O\336\265(d\240\323\214zr\371=\027\203\376\330\032w\002,90~{\3677\230\363\250b\320\202I\221\213?\272\227\ncc\343\031Ow\0347s\313\356\037\312t\206\002\006\336\270\203\277\020j\210g\372MU\2758\333\326:\312\262\r\022\210\275[}\314\377\035\241\267s\326\211\300\236;\217\001/\354k\365+?n\230e\350\002z\\K\035\227j\331\031\rj\230<z\272\220\311\036\000\264\017\020\255S\343\001\246\311\021\301\t\006\337\245\3565\2657D{9\b\271s=\a\202\254\326\365T+e\370)7AE\241\217z\276\331xe\n<\320\206\246-\313\330\035\"&\347\201\275\234r\355>\306\306\236\367\021p#\001\203\262\206+kg\313u\205a\004\t2>\322\224\327\001.c\t\225\244=\243M\006\311\347z\262\021Hl\027\202\271\033\345~\334\214\034\202\024m@\372\361Kk@~\374\340Z\260D\245\272'M\232\001$\242wJ:\r\r-\244\363\217\t\261WgS7\272\213\357\314\240\371\374\313\233r\235\017\235\031\230%}Z\345\"";
+
+unsigned char filebr[] = {
+  0x06, 0x16, 0xea, 0x20, 0xf5, 0xb6, 0x09, 0x0e, 0x90, 0x54, 0x17, 0x78,
+  0xaa, 0x9a, 0xd9, 0xe1, 0xb8, 0xdf, 0xdc, 0x8e, 0xf8, 0x3a, 0xdb, 0x59,
+  0xbb, 0x84, 0x60, 0x2b
+};
+
+
+#include "unity.h"
+#include "unity_fixture.h"
+
+#include "quic.h"
+#include "types.h"
+#include <stdio.h>
+#include "tls.h"
+#include "config.h"
+#include "logging.h"
+
+static struct section_config_t sconf = default_section_config;
+
+TEST_GROUP(QuicTest);
+
+TEST_SETUP(QuicTest)
+{
+}
+
+TEST_TEAR_DOWN(QuicTest)
+{
+}
+
+TEST(QuicTest, Test_decrypts)
+{
+	int ret;
+	uint8_t *decrypted_payload;
+	size_t decrypted_payload_len;
+	const uint8_t *decrypted_message;
+	size_t decrypted_message_len;
+
+	ret = quic_parse_initial_message(
+		(const uint8_t *)quic_testing_payload, sizeof(quic_testing_payload) - 1,
+		&decrypted_payload, &decrypted_payload_len,
+		&decrypted_message, &decrypted_message_len
+	);
+
+	TEST_ASSERT_EQUAL(ret, 0);
+
+	TEST_ASSERT_EQUAL(sizeof(quic_testing_payload) - 1, decrypted_payload_len);
+	TEST_ASSERT_EQUAL_MEMORY(quic_decrypted_header, decrypted_payload, sizeof(quic_decrypted_header) - 1);
+	TEST_ASSERT_EQUAL(decrypted_message, decrypted_payload + sizeof(quic_decrypted_header) - 1); 
+	TEST_ASSERT_EQUAL_MEMORY(quic_decrypted_crypto, decrypted_message, sizeof(quic_decrypted_crypto) - 1);
+
+	const uint8_t *curptr = decrypted_message + (sizeof(quic_decrypted_crypto) - 1);
+	ssize_t curptr_len = decrypted_message_len - (sizeof(quic_decrypted_crypto) - 1);
+	TEST_ASSERT_EQUAL(quic_padding_len, curptr_len);
+
+	while (curptr_len-- > 0) {
+		TEST_ASSERT_EQUAL(0x00, *curptr++);
+	}
+	TEST_ASSERT_EQUAL(decrypted_message + decrypted_message_len, curptr);
+
+	// tag is left
+	TEST_ASSERT_EQUAL(16, decrypted_payload + decrypted_payload_len - curptr);
+
+#undef free
+	free(decrypted_payload);
+#define free unity_free
+}
+
+TEST(QuicTest, Test_crypto_parser_valid)
+{
+	ssize_t fret;
+	struct quic_frame_crypto fr_cr;
+
+	fret = quic_parse_crypto(&fr_cr, (const uint8_t *)quic_decrypted_crypto, sizeof(quic_decrypted_crypto));
+	TEST_ASSERT_EQUAL(sizeof(quic_decrypted_crypto) - 1, fret);
+	TEST_ASSERT_EQUAL(0, fr_cr.offset);
+	TEST_ASSERT_EQUAL(241, fr_cr.payload_length);
+	// one for type, one for offset, two for length
+	TEST_ASSERT_EQUAL(quic_decrypted_crypto + 4, fr_cr.payload);
+}
+
+TEST(QuicTest, Test_crypto_parser_tls)
+{
+	ssize_t fret;
+	int ret;
+	struct quic_frame_crypto fr_cr;
+	struct tls_verdict tlsv;
+
+	fret = quic_parse_crypto(&fr_cr, (const uint8_t *)quic_decrypted_crypto, sizeof(quic_decrypted_crypto));
+	TEST_ASSERT_GREATER_OR_EQUAL(0, fret); 
+	ret = analyze_tls_message(&sconf, fr_cr.payload, fr_cr.payload_length, &tlsv);
+	TEST_ASSERT_GREATER_OR_EQUAL(0, ret); 
+	TEST_ASSERT_EQUAL_STRING_LEN("example.com", tlsv.sni_ptr, 11);
+}
+
+TEST(QuicTest, Test_crypto_parser_invalid)
+{
+	ssize_t fret;
+	struct quic_frame_crypto fr_cr;
+
+	fret = quic_parse_crypto(&fr_cr, NULL, 0);
+	TEST_ASSERT_EQUAL(-EINVAL, fret);
+}
+
+TEST(QuicTest, Test_varlength_parser)
+{
+	uint8_t varlv[4];
+	uint64_t mlen, var;
+
+	varlv[0] = 0x00;
+	varlv[1] = 0x00;	
+	varlv[2] = 0x00;	
+	varlv[3] = 0x00;	
+	mlen = 4;
+	var = quic_parse_varlength(varlv, &mlen);
+	TEST_ASSERT_EQUAL(0, var);
+	TEST_ASSERT_EQUAL(1, mlen);
+
+	varlv[0] = 0x40;
+	varlv[1] = 0xf1;	
+	varlv[2] = 0x00;	
+	varlv[3] = 0x00;	
+	mlen = 4;
+	var = quic_parse_varlength(varlv, &mlen);
+	TEST_ASSERT_EQUAL(241, var);
+	TEST_ASSERT_EQUAL(2, mlen);
+
+	mlen = 2;
+	var = quic_parse_varlength(varlv, &mlen);
+	TEST_ASSERT_EQUAL(241, var);
+	TEST_ASSERT_EQUAL(2, mlen);
+
+	// overflow
+	mlen = 1;
+	var = quic_parse_varlength(varlv, &mlen);
+	TEST_ASSERT_EQUAL(0, var);
+	TEST_ASSERT_EQUAL(0, mlen);
+}
+
+TEST(QuicTest, Test_parse_quic_decrypted)
+{
+#undef free
+
+	int ret;
+	uint8_t *decrypted_payload;
+	size_t decrypted_payload_len;
+	const uint8_t *decrypted_message;
+	size_t decrypted_message_len;
+	uint8_t *crypto_message;
+	size_t crypto_message_len;
+	struct tls_verdict tlsv = {0};
+
+	ret = quic_parse_initial_message(
+		(const uint8_t *)quic_testing_payload, sizeof(quic_testing_payload) - 1,
+		&decrypted_payload, &decrypted_payload_len,
+		&decrypted_message, &decrypted_message_len
+	);
+	TEST_ASSERT_EQUAL(0, ret);
+
+	ret = parse_quic_decrypted(
+		&sconf, decrypted_message, decrypted_message_len,
+		&crypto_message, &crypto_message_len);
+	TEST_ASSERT_EQUAL(0, ret);
+	free(decrypted_payload);
+	decrypted_payload = NULL;
+
+	ret = analyze_tls_message(
+		&sconf, crypto_message, crypto_message_len, &tlsv
+	);
+	TEST_ASSERT_EQUAL(11, tlsv.sni_len);
+	TEST_ASSERT_EQUAL_STRING_LEN("example.com", tlsv.sni_ptr, 11);
+	free(crypto_message);
+
+#define free unity_free
+}
+
+TEST(QuicTest, Test_parse_quic_decrypted_on_sparse)
+{
+#undef free
+
+	int ret;
+	uint8_t *decrypted_payload;
+	size_t decrypted_payload_len;
+	const uint8_t *decrypted_message;
+	size_t decrypted_message_len;
+	uint8_t *crypto_message;
+	size_t crypto_message_len;
+	struct tls_verdict tlsv = {0};
+
+	ret = quic_parse_initial_message(
+		(const uint8_t *)quic_sparse_payload, sizeof(quic_sparse_payload) - 1,
+		&decrypted_payload, &decrypted_payload_len,
+		&decrypted_message, &decrypted_message_len
+	);
+	TEST_ASSERT_EQUAL(0, ret);
+
+	ret = parse_quic_decrypted(
+		&sconf, decrypted_message, decrypted_message_len,
+		&crypto_message, &crypto_message_len);
+	TEST_ASSERT_EQUAL(0, ret);
+	free(decrypted_payload);
+	decrypted_payload = NULL;
+
+	ret = analyze_tls_message(
+		&sconf, crypto_message, crypto_message_len, &tlsv
+	);
+	TEST_ASSERT_EQUAL(19, tlsv.sni_len);
+	TEST_ASSERT_EQUAL_STRING_LEN("ipm.adblockplus.dev", tlsv.sni_ptr, 19);
+	free(crypto_message);
+
+#define free unity_free
+}
+
+TEST(QuicTest, Test_parse_quic_decrypted_on_fail)
+{
+#undef free
+
+	int ret;
+	uint8_t *crypto_message;
+	size_t crypto_message_len;
+	struct tls_verdict tlsv = {0};
+
+	ret = parse_quic_decrypted(
+		&sconf, filebr, sizeof(filebr) - 1,
+		&crypto_message, &crypto_message_len);
+	TEST_ASSERT_EQUAL(0, ret);
+
+	ret = analyze_tls_message(
+		&sconf, crypto_message, crypto_message_len, &tlsv
+	);
+	TEST_ASSERT_EQUAL(0, tlsv.sni_len);
+	free(crypto_message);
+
+#define free unity_free
+}
+
+TEST_GROUP_RUNNER(QuicTest)
+{
+	RUN_TEST_CASE(QuicTest, Test_decrypts);
+	RUN_TEST_CASE(QuicTest, Test_crypto_parser_valid);
+	RUN_TEST_CASE(QuicTest, Test_crypto_parser_tls);
+	RUN_TEST_CASE(QuicTest, Test_crypto_parser_invalid);
+	RUN_TEST_CASE(QuicTest, Test_varlength_parser);
+	RUN_TEST_CASE(QuicTest, Test_parse_quic_decrypted)
+	RUN_TEST_CASE(QuicTest, Test_parse_quic_decrypted_on_sparse)
+	RUN_TEST_CASE(QuicTest, Test_parse_quic_decrypted_on_fail)
+}

test/tls.c

@@ -0,0 +1,58 @@
+static const char tls_chlo_message[] = "\001\000\002\000\003\003*{D\360FDTZ\305\231\272\006\240\246oa\365}ut\321\033\354\361}\334\227\342\215\257]\332\000\000\006\023\001\023\002\023\003\001\000\001\321\0009\000_\t\002@g\017\000\005\004\200`\000\000q'\004\200\001\026\210\a\004\200`\000\000\001\004\200\000u0\003\002E\300\006\004\200`\000\000\316E,\310\0160;\306\003g\201k\004\004\200\360\000\000\200\000GR\004\000\000\000\001 \004\200\001\000\000\200\377s\333\f\000\000\000\001\n\212\nJ\000\000\000\001\b\002@d\000\020\000\005\000\003\002h3\000+\000\003\002\003\004\000\n\000\b\000\006\000\035\000\027\000\030\000\033\000\003\002\000\002Di\000\005\000\003\002h3\000\r\000\024\000\022\004\003\b\004\004\001\005\003\b\005\005\001\b\006\006\001\002\001\000-\000\002\001\001\376\r\000\332\000\000\001\000\001|\000 \004\256\340\330}\337lC3\304gv\325}\rT\370O,i^\001\357\323\373?\205@3\023\354{\000\260\247cf\207\3276\312\205G\017\213Y\231\b\301~\225r\v\001X\026\335\254H\231\237\237\263\027b\b\327\0351W\000\177tc\213:^\f\362\340\225_\272\331\351\002\026rds\326\034\345*5!\221\265\206\270\240\375\nw\v\340 \003\340\307\230H\203#\212\371\364\257H\220\230L\230{\243\355\v'\325@\240EZ\306\230a\233;\033|=(\372P\232\216\215\203\374\234\222\375\004\3058l\275+?\f\306\335\342Q\313\"F\377G<2Jqb\033\033,|\302w\337bO\032\276\374\312X\364}\255xq\274\2348\247K\345t\327\345\322M\004\220\376*\344\365\0003\000&\000$\000\035\000 W\356I\271\201\350\263[cn\\H?\376s``\v\230\306?E=2\017u\306\027\nc{c\000\000\000\030\000\026\000\000\023abc.defghijklm.ndev";
+
+static const char tls_bruteforce_message[] = "ahl  qlwer 12oi34j 1l2kjrdosij f982j jfa osdijwoeij rasdjf oiajsqw9erj pqwoijf lasdj foijyoutube.com";
+
+#include "unity.h"
+#include "unity_fixture.h"
+
+#include "types.h"
+#include <stdio.h>
+#include "tls.h"
+#include "config.h"
+#include "logging.h"
+
+static struct section_config_t sconf = default_section_config;
+
+TEST_GROUP(TLSTest);
+
+TEST_SETUP(TLSTest)
+{
+}
+
+TEST_TEAR_DOWN(TLSTest)
+{
+}
+
+TEST(TLSTest, Test_CHLO_message_detect)
+{
+	struct tls_verdict tlsv;
+	int ret;
+	ret = analyze_tls_message(&sconf, (const uint8_t *)tls_chlo_message, sizeof(tls_chlo_message) - 1, &tlsv);
+	TEST_ASSERT_EQUAL(0, ret);
+	TEST_ASSERT_GREATER_OR_EQUAL(19, tlsv.sni_len);
+	TEST_ASSERT_EQUAL_STRING_LEN("abc.defghijklm.ndev", tlsv.sni_ptr, 19);
+}
+
+TEST(TLSTest, Test_Bruteforce_detects)
+{
+	struct tls_verdict tlsv;
+	struct trie_container trie;
+	int ret;
+	ret = trie_init(&trie);
+	ret = trie_add_string(&trie, (uint8_t *)"youtube.com", 11);
+	sconf.sni_domains = trie;
+
+	ret = bruteforce_analyze_sni_str(&sconf, (const uint8_t *)tls_bruteforce_message, sizeof(tls_bruteforce_message) - 1, &tlsv);
+	TEST_ASSERT_EQUAL(0, ret);
+	TEST_ASSERT_EQUAL(11, tlsv.sni_len);
+	TEST_ASSERT_EQUAL_STRING_LEN("youtube.com", tlsv.sni_ptr, 11);
+	TEST_ASSERT_EQUAL_PTR(tls_bruteforce_message + 
+			sizeof(tls_bruteforce_message) - 12, tlsv.sni_ptr);
+	trie_destroy(&trie);
+}
+
+TEST_GROUP_RUNNER(TLSTest)
+{
+	RUN_TEST_CASE(TLSTest, Test_CHLO_message_detect);
+	RUN_TEST_CASE(TLSTest, Test_Bruteforce_detects);
+}

test/trie.c

@@ -0,0 +1,147 @@
+#include "unity.h"
+#include "unity_fixture.h"
+
+#include "trie.h"
+
+TEST_GROUP(TrieTest);
+
+TEST_SETUP(TrieTest)
+{
+}
+
+TEST_TEAR_DOWN(TrieTest)
+{
+}
+
+const char ASTR[] = "abacaba";
+const char BSTR[] = "BABABABA";
+const char CSTR[] = "abracadabra";
+
+const char tstr[] = "aBABABABDADAabacabracadabraabbbabacabaaaaaabacaba";
+
+
+TEST(TrieTest, Trie_string_adds)
+{
+	int ret;
+	size_t offset;
+	size_t offlen;
+	struct trie_container trie;
+
+	ret = trie_init(&trie);
+	TEST_ASSERT_EQUAL(0, ret);
+	ret = trie_add_string(&trie, (uint8_t *)ASTR, sizeof(ASTR) - 1);
+	TEST_ASSERT_EQUAL(0, ret);
+	ret = trie_add_string(&trie, (uint8_t *)BSTR, sizeof(BSTR) - 1);
+	TEST_ASSERT_EQUAL(0, ret);
+	ret = trie_add_string(&trie, (uint8_t *)CSTR, sizeof(CSTR) - 1);
+	TEST_ASSERT_EQUAL(0, ret);
+
+	TEST_ASSERT_EQUAL(25, trie.sz);
+
+	trie_destroy(&trie);
+}
+
+TEST(TrieTest, Trie_string_finds)
+{
+	int ret;
+	size_t offset;
+	size_t offlen;
+	struct trie_container trie;
+
+	ret = trie_init(&trie);
+	ret = trie_add_string(&trie, (uint8_t *)ASTR, sizeof(ASTR) - 1);
+	ret = trie_add_string(&trie, (uint8_t *)BSTR, sizeof(BSTR) - 1);
+	ret = trie_add_string(&trie, (uint8_t *)CSTR, sizeof(CSTR) - 1);
+
+	ret = trie_process_str(&trie, 
+			(uint8_t *)tstr, sizeof(tstr) - 1,
+			0, &offset, &offlen
+	);
+	TEST_ASSERT_EQUAL(1, ret);
+	TEST_ASSERT_EQUAL(11, offlen);
+	TEST_ASSERT_EQUAL_STRING_LEN("abracadabra", tstr + offset, offlen);
+
+	trie_destroy(&trie);
+}
+
+TEST(TrieTest, Trie_string_finds_opt_end)
+{
+	int ret;
+	size_t offset;
+	size_t offlen;
+	struct trie_container trie;
+
+	ret = trie_init(&trie);
+	ret = trie_add_string(&trie, (uint8_t *)ASTR, sizeof(ASTR) - 1);
+	ret = trie_add_string(&trie, (uint8_t *)BSTR, sizeof(BSTR) - 1);
+	ret = trie_add_string(&trie, (uint8_t *)CSTR, sizeof(CSTR) - 1);
+
+	ret = trie_process_str(&trie, 
+			(uint8_t *)tstr, sizeof(tstr) - 1,
+			TRIE_OPT_MAP_TO_END, 
+			&offset, &offlen
+	);
+	TEST_ASSERT_EQUAL(1, ret);
+	TEST_ASSERT_EQUAL(7, offlen);
+	TEST_ASSERT_EQUAL_STRING_LEN("abacaba", tstr + offset, offlen);
+
+	ret = trie_process_str(&trie, 
+			(uint8_t *)tstr, sizeof(tstr),
+			TRIE_OPT_MAP_TO_END, 
+			&offset, &offlen
+	);
+	TEST_ASSERT_EQUAL(0, ret);
+
+	trie_destroy(&trie);
+}
+
+TEST(TrieTest, Trie_single_vertex)
+{
+	int ret;
+	size_t offset;
+	size_t offlen;
+	struct trie_container trie;
+
+	ret = trie_init(&trie);
+
+	ret = trie_process_str(&trie, 
+			(uint8_t *)tstr, sizeof(tstr) - 1,
+			0, 
+			&offset, &offlen
+	);
+	TEST_ASSERT_EQUAL(0, ret);
+
+	trie_destroy(&trie);
+
+}
+
+TEST(TrieTest, Trie_uninitialized)
+{
+	int ret;
+	size_t offset;
+	size_t offlen;
+	struct trie_container trie = {0};
+
+	// ret = trie_init(&trie);
+
+	ret = trie_add_string(&trie, (uint8_t *)ASTR, sizeof(ASTR) - 1);
+	TEST_ASSERT_EQUAL(-EINVAL, ret);
+
+	ret = trie_process_str(&trie, 
+			(uint8_t *)tstr, sizeof(tstr) - 1,
+			0, 
+			&offset, &offlen
+	);
+	TEST_ASSERT_EQUAL(0, ret);
+
+}
+
+
+TEST_GROUP_RUNNER(TrieTest)
+{
+	RUN_TEST_CASE(TrieTest, Trie_string_adds);
+	RUN_TEST_CASE(TrieTest, Trie_string_finds);
+	RUN_TEST_CASE(TrieTest, Trie_string_finds_opt_end);
+	RUN_TEST_CASE(TrieTest, Trie_single_vertex);
+	RUN_TEST_CASE(TrieTest, Trie_uninitialized);
+}

test/unity/unity.h

@@ -0,0 +1,698 @@
+/* =========================================================================
+    Unity - A Test Framework for C
+    ThrowTheSwitch.org
+    Copyright (c) 2007-25 Mike Karlesky, Mark VanderVoord, & Greg Williams
+    SPDX-License-Identifier: MIT
+========================================================================= */
+
+#ifndef UNITY_FRAMEWORK_H
+#define UNITY_FRAMEWORK_H
+#define UNITY
+
+#define UNITY_VERSION_MAJOR    2
+#define UNITY_VERSION_MINOR    6
+#define UNITY_VERSION_BUILD    1
+#define UNITY_VERSION          ((UNITY_VERSION_MAJOR << 16) | (UNITY_VERSION_MINOR << 8) | UNITY_VERSION_BUILD)
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "unity_internals.h"
+
+/*-------------------------------------------------------
+ * Test Setup / Teardown
+ *-------------------------------------------------------*/
+
+/* These functions are intended to be called before and after each test.
+ * If using unity directly, these will need to be provided for each test
+ * executable built. If you are using the test runner generator and/or
+ * Ceedling, these are optional. */
+void setUp(void);
+void tearDown(void);
+
+/* These functions are intended to be called at the beginning and end of an
+ * entire test suite.  suiteTearDown() is passed the number of tests that
+ * failed, and its return value becomes the exit code of main(). If using
+ * Unity directly, you're in charge of calling these if they are desired.
+ * If using Ceedling or the test runner generator, these will be called
+ * automatically if they exist. */
+void suiteSetUp(void);
+int suiteTearDown(int num_failures);
+
+/*-------------------------------------------------------
+ * Test Reset and Verify
+ *-------------------------------------------------------*/
+
+/* These functions are intended to be called before during tests in order
+ * to support complex test loops, etc. Both are NOT built into Unity. Instead
+ * the test runner generator will create them. resetTest will run teardown and
+ * setup again, verifying any end-of-test needs between. verifyTest will only
+ * run the verification. */
+void resetTest(void);
+void verifyTest(void);
+
+/*-------------------------------------------------------
+ * Configuration Options
+ *-------------------------------------------------------
+ * All options described below should be passed as a compiler flag to all files using Unity. If you must add #defines, place them BEFORE the #include above.
+
+ * Integers/longs/pointers
+ *     - Unity attempts to automatically discover your integer sizes
+ *       - define UNITY_EXCLUDE_STDINT_H to stop attempting to look in <stdint.h>
+ *       - define UNITY_EXCLUDE_LIMITS_H to stop attempting to look in <limits.h>
+ *     - If you cannot use the automatic methods above, you can force Unity by using these options:
+ *       - define UNITY_SUPPORT_64
+ *       - set UNITY_INT_WIDTH
+ *       - set UNITY_LONG_WIDTH
+ *       - set UNITY_POINTER_WIDTH
+
+ * Floats
+ *     - define UNITY_EXCLUDE_FLOAT to disallow floating point comparisons
+ *     - define UNITY_FLOAT_PRECISION to specify the precision to use when doing TEST_ASSERT_EQUAL_FLOAT
+ *     - define UNITY_FLOAT_TYPE to specify doubles instead of single precision floats
+ *     - define UNITY_INCLUDE_DOUBLE to allow double floating point comparisons
+ *     - define UNITY_EXCLUDE_DOUBLE to disallow double floating point comparisons (default)
+ *     - define UNITY_DOUBLE_PRECISION to specify the precision to use when doing TEST_ASSERT_EQUAL_DOUBLE
+ *     - define UNITY_DOUBLE_TYPE to specify something other than double
+ *     - define UNITY_EXCLUDE_FLOAT_PRINT to trim binary size, won't print floating point values in errors
+
+ * Output
+ *     - by default, Unity prints to standard out with putchar.  define UNITY_OUTPUT_CHAR(a) with a different function if desired
+ *     - define UNITY_DIFFERENTIATE_FINAL_FAIL to print FAILED (vs. FAIL) at test end summary - for automated search for failure
+
+ * Optimization
+ *     - by default, line numbers are stored in unsigned shorts.  Define UNITY_LINE_TYPE with a different type if your files are huge
+ *     - by default, test and failure counters are unsigned shorts.  Define UNITY_COUNTER_TYPE with a different type if you want to save space or have more than 65535 Tests.
+
+ * Test Cases
+ *     - define UNITY_SUPPORT_TEST_CASES to include the TEST_CASE macro, though really it's mostly about the runner generator script
+
+ * Parameterized Tests
+ *     - you'll want to create a define of TEST_CASE(...), TEST_RANGE(...) and/or TEST_MATRIX(...) which basically evaluates to nothing
+
+ * Tests with Arguments
+ *     - you'll want to define UNITY_USE_COMMAND_LINE_ARGS if you have the test runner passing arguments to Unity
+
+ *-------------------------------------------------------
+ * Basic Fail and Ignore
+ *-------------------------------------------------------*/
+
+#define TEST_FAIL_MESSAGE(message)                                                                 UNITY_TEST_FAIL(__LINE__, (message))
+#define TEST_FAIL()                                                                                UNITY_TEST_FAIL(__LINE__, NULL)
+#define TEST_IGNORE_MESSAGE(message)                                                               UNITY_TEST_IGNORE(__LINE__, (message))
+#define TEST_IGNORE()                                                                              UNITY_TEST_IGNORE(__LINE__, NULL)
+#define TEST_MESSAGE(message)                                                                      UnityMessage((message), __LINE__)
+#define TEST_ONLY()
+#ifdef UNITY_INCLUDE_PRINT_FORMATTED
+#define TEST_PRINTF(message, ...)                                                                  UnityPrintF(__LINE__, (message), ##__VA_ARGS__)
+#endif
+
+/* It is not necessary for you to call PASS. A PASS condition is assumed if nothing fails.
+ * This method allows you to abort a test immediately with a PASS state, ignoring the remainder of the test. */
+#define TEST_PASS()                                                                                TEST_ABORT()
+#define TEST_PASS_MESSAGE(message)                                                                 do { UnityMessage((message), __LINE__); TEST_ABORT(); } while (0)
+
+/*-------------------------------------------------------
+ * Build Directives
+ *-------------------------------------------------------
+
+ * These macros do nothing, but they are useful for additional build context.
+ * Tools (like Ceedling) can scan for these directives and make use of them for 
+ * per-test-executable #include search paths and linking. */
+
+/* Add source files to a test executable's compilation and linking. Ex: TEST_SOURCE_FILE("sandwiches.c") */
+#define TEST_SOURCE_FILE(a)
+
+/* Customize #include search paths for a test executable's compilation. Ex: TEST_INCLUDE_PATH("src/module_a/inc") */
+#define TEST_INCLUDE_PATH(a)
+
+/*-------------------------------------------------------
+ * Test Asserts (simple)
+ *-------------------------------------------------------*/
+
+/* Boolean */
+#define TEST_ASSERT(condition)                                                                     UNITY_TEST_ASSERT(       (condition), __LINE__, " Expression Evaluated To FALSE")
+#define TEST_ASSERT_TRUE(condition)                                                                UNITY_TEST_ASSERT(       (condition), __LINE__, " Expected TRUE Was FALSE")
+#define TEST_ASSERT_UNLESS(condition)                                                              UNITY_TEST_ASSERT(      !(condition), __LINE__, " Expression Evaluated To TRUE")
+#define TEST_ASSERT_FALSE(condition)                                                               UNITY_TEST_ASSERT(      !(condition), __LINE__, " Expected FALSE Was TRUE")
+#define TEST_ASSERT_NULL(pointer)                                                                  UNITY_TEST_ASSERT_NULL(    (pointer), __LINE__, " Expected NULL")
+#define TEST_ASSERT_NOT_NULL(pointer)                                                              UNITY_TEST_ASSERT_NOT_NULL((pointer), __LINE__, " Expected Non-NULL")
+#define TEST_ASSERT_EMPTY(pointer)                                                                 UNITY_TEST_ASSERT_EMPTY(    (pointer), __LINE__, " Expected Empty")
+#define TEST_ASSERT_NOT_EMPTY(pointer)                                                             UNITY_TEST_ASSERT_NOT_EMPTY((pointer), __LINE__, " Expected Non-Empty")
+
+/* Integers (of all sizes) */
+#define TEST_ASSERT_EQUAL_INT(expected, actual)                                                    UNITY_TEST_ASSERT_EQUAL_INT((expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_INT8(expected, actual)                                                   UNITY_TEST_ASSERT_EQUAL_INT8((expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_INT16(expected, actual)                                                  UNITY_TEST_ASSERT_EQUAL_INT16((expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_INT32(expected, actual)                                                  UNITY_TEST_ASSERT_EQUAL_INT32((expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_INT64(expected, actual)                                                  UNITY_TEST_ASSERT_EQUAL_INT64((expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_UINT(expected, actual)                                                   UNITY_TEST_ASSERT_EQUAL_UINT( (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_UINT8(expected, actual)                                                  UNITY_TEST_ASSERT_EQUAL_UINT8( (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_UINT16(expected, actual)                                                 UNITY_TEST_ASSERT_EQUAL_UINT16( (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_UINT32(expected, actual)                                                 UNITY_TEST_ASSERT_EQUAL_UINT32( (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_UINT64(expected, actual)                                                 UNITY_TEST_ASSERT_EQUAL_UINT64( (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_size_t(expected, actual)                                                 UNITY_TEST_ASSERT_EQUAL_UINT((expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_HEX(expected, actual)                                                    UNITY_TEST_ASSERT_EQUAL_HEX32((expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_HEX8(expected, actual)                                                   UNITY_TEST_ASSERT_EQUAL_HEX8( (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_HEX16(expected, actual)                                                  UNITY_TEST_ASSERT_EQUAL_HEX16((expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_HEX32(expected, actual)                                                  UNITY_TEST_ASSERT_EQUAL_HEX32((expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_HEX64(expected, actual)                                                  UNITY_TEST_ASSERT_EQUAL_HEX64((expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_CHAR(expected, actual)                                                   UNITY_TEST_ASSERT_EQUAL_CHAR((expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_BITS(mask, expected, actual)                                                   UNITY_TEST_ASSERT_BITS((mask), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_BITS_HIGH(mask, actual)                                                        UNITY_TEST_ASSERT_BITS((mask), (UNITY_UINT)(-1), (actual), __LINE__, NULL)
+#define TEST_ASSERT_BITS_LOW(mask, actual)                                                         UNITY_TEST_ASSERT_BITS((mask), (UNITY_UINT)(0), (actual), __LINE__, NULL)
+#define TEST_ASSERT_BIT_HIGH(bit, actual)                                                          UNITY_TEST_ASSERT_BITS(((UNITY_UINT)1 << (bit)), (UNITY_UINT)(-1), (actual), __LINE__, NULL)
+#define TEST_ASSERT_BIT_LOW(bit, actual)                                                           UNITY_TEST_ASSERT_BITS(((UNITY_UINT)1 << (bit)), (UNITY_UINT)(0), (actual), __LINE__, NULL)
+
+/* Integer Not Equal To (of all sizes) */
+#define TEST_ASSERT_NOT_EQUAL_INT(threshold, actual)                                               UNITY_TEST_ASSERT_NOT_EQUAL_INT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_NOT_EQUAL_INT8(threshold, actual)                                              UNITY_TEST_ASSERT_NOT_EQUAL_INT8((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_NOT_EQUAL_INT16(threshold, actual)                                             UNITY_TEST_ASSERT_NOT_EQUAL_INT16((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_NOT_EQUAL_INT32(threshold, actual)                                             UNITY_TEST_ASSERT_NOT_EQUAL_INT32((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_NOT_EQUAL_INT64(threshold, actual)                                             UNITY_TEST_ASSERT_NOT_EQUAL_INT64((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_NOT_EQUAL_UINT(threshold, actual)                                              UNITY_TEST_ASSERT_NOT_EQUAL_UINT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_NOT_EQUAL_UINT8(threshold, actual)                                             UNITY_TEST_ASSERT_NOT_EQUAL_UINT8((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_NOT_EQUAL_UINT16(threshold, actual)                                            UNITY_TEST_ASSERT_NOT_EQUAL_UINT16((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_NOT_EQUAL_UINT32(threshold, actual)                                            UNITY_TEST_ASSERT_NOT_EQUAL_UINT32((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_NOT_EQUAL_UINT64(threshold, actual)                                            UNITY_TEST_ASSERT_NOT_EQUAL_UINT64((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_NOT_EQUAL_size_t(threshold, actual)                                            UNITY_TEST_ASSERT_NOT_EQUAL_UINT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_NOT_EQUAL_HEX8(threshold, actual)                                              UNITY_TEST_ASSERT_NOT_EQUAL_HEX8((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_NOT_EQUAL_HEX16(threshold, actual)                                             UNITY_TEST_ASSERT_NOT_EQUAL_HEX16((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_NOT_EQUAL_HEX32(threshold, actual)                                             UNITY_TEST_ASSERT_NOT_EQUAL_HEX32((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_NOT_EQUAL_HEX64(threshold, actual)                                             UNITY_TEST_ASSERT_NOT_EQUAL_HEX64((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_NOT_EQUAL_CHAR(threshold, actual)                                              UNITY_TEST_ASSERT_NOT_EQUAL_CHAR((threshold), (actual), __LINE__, NULL)
+
+/* Integer Greater Than/ Less Than (of all sizes) */
+#define TEST_ASSERT_GREATER_THAN(threshold, actual)                                                UNITY_TEST_ASSERT_GREATER_THAN_INT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_THAN_INT(threshold, actual)                                            UNITY_TEST_ASSERT_GREATER_THAN_INT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_THAN_INT8(threshold, actual)                                           UNITY_TEST_ASSERT_GREATER_THAN_INT8((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_THAN_INT16(threshold, actual)                                          UNITY_TEST_ASSERT_GREATER_THAN_INT16((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_THAN_INT32(threshold, actual)                                          UNITY_TEST_ASSERT_GREATER_THAN_INT32((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_THAN_INT64(threshold, actual)                                          UNITY_TEST_ASSERT_GREATER_THAN_INT64((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_THAN_UINT(threshold, actual)                                           UNITY_TEST_ASSERT_GREATER_THAN_UINT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_THAN_UINT8(threshold, actual)                                          UNITY_TEST_ASSERT_GREATER_THAN_UINT8((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_THAN_UINT16(threshold, actual)                                         UNITY_TEST_ASSERT_GREATER_THAN_UINT16((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_THAN_UINT32(threshold, actual)                                         UNITY_TEST_ASSERT_GREATER_THAN_UINT32((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_THAN_UINT64(threshold, actual)                                         UNITY_TEST_ASSERT_GREATER_THAN_UINT64((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_THAN_size_t(threshold, actual)                                         UNITY_TEST_ASSERT_GREATER_THAN_UINT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_THAN_HEX8(threshold, actual)                                           UNITY_TEST_ASSERT_GREATER_THAN_HEX8((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_THAN_HEX16(threshold, actual)                                          UNITY_TEST_ASSERT_GREATER_THAN_HEX16((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_THAN_HEX32(threshold, actual)                                          UNITY_TEST_ASSERT_GREATER_THAN_HEX32((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_THAN_HEX64(threshold, actual)                                          UNITY_TEST_ASSERT_GREATER_THAN_HEX64((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_THAN_CHAR(threshold, actual)                                           UNITY_TEST_ASSERT_GREATER_THAN_CHAR((threshold), (actual), __LINE__, NULL)
+
+#define TEST_ASSERT_LESS_THAN(threshold, actual)                                                   UNITY_TEST_ASSERT_SMALLER_THAN_INT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_THAN_INT(threshold, actual)                                               UNITY_TEST_ASSERT_SMALLER_THAN_INT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_THAN_INT8(threshold, actual)                                              UNITY_TEST_ASSERT_SMALLER_THAN_INT8((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_THAN_INT16(threshold, actual)                                             UNITY_TEST_ASSERT_SMALLER_THAN_INT16((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_THAN_INT32(threshold, actual)                                             UNITY_TEST_ASSERT_SMALLER_THAN_INT32((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_THAN_INT64(threshold, actual)                                             UNITY_TEST_ASSERT_SMALLER_THAN_INT64((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_THAN_UINT(threshold, actual)                                              UNITY_TEST_ASSERT_SMALLER_THAN_UINT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_THAN_UINT8(threshold, actual)                                             UNITY_TEST_ASSERT_SMALLER_THAN_UINT8((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_THAN_UINT16(threshold, actual)                                            UNITY_TEST_ASSERT_SMALLER_THAN_UINT16((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_THAN_UINT32(threshold, actual)                                            UNITY_TEST_ASSERT_SMALLER_THAN_UINT32((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_THAN_UINT64(threshold, actual)                                            UNITY_TEST_ASSERT_SMALLER_THAN_UINT64((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_THAN_size_t(threshold, actual)                                            UNITY_TEST_ASSERT_SMALLER_THAN_UINT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_THAN_HEX8(threshold, actual)                                              UNITY_TEST_ASSERT_SMALLER_THAN_HEX8((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_THAN_HEX16(threshold, actual)                                             UNITY_TEST_ASSERT_SMALLER_THAN_HEX16((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_THAN_HEX32(threshold, actual)                                             UNITY_TEST_ASSERT_SMALLER_THAN_HEX32((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_THAN_HEX64(threshold, actual)                                             UNITY_TEST_ASSERT_SMALLER_THAN_HEX64((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_THAN_CHAR(threshold, actual)                                              UNITY_TEST_ASSERT_SMALLER_THAN_CHAR((threshold), (actual), __LINE__, NULL)
+
+#define TEST_ASSERT_GREATER_OR_EQUAL(threshold, actual)                                            UNITY_TEST_ASSERT_GREATER_OR_EQUAL_INT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_OR_EQUAL_INT(threshold, actual)                                        UNITY_TEST_ASSERT_GREATER_OR_EQUAL_INT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_OR_EQUAL_INT8(threshold, actual)                                       UNITY_TEST_ASSERT_GREATER_OR_EQUAL_INT8((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_OR_EQUAL_INT16(threshold, actual)                                      UNITY_TEST_ASSERT_GREATER_OR_EQUAL_INT16((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_OR_EQUAL_INT32(threshold, actual)                                      UNITY_TEST_ASSERT_GREATER_OR_EQUAL_INT32((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_OR_EQUAL_INT64(threshold, actual)                                      UNITY_TEST_ASSERT_GREATER_OR_EQUAL_INT64((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_OR_EQUAL_UINT(threshold, actual)                                       UNITY_TEST_ASSERT_GREATER_OR_EQUAL_UINT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_OR_EQUAL_UINT8(threshold, actual)                                      UNITY_TEST_ASSERT_GREATER_OR_EQUAL_UINT8((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_OR_EQUAL_UINT16(threshold, actual)                                     UNITY_TEST_ASSERT_GREATER_OR_EQUAL_UINT16((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_OR_EQUAL_UINT32(threshold, actual)                                     UNITY_TEST_ASSERT_GREATER_OR_EQUAL_UINT32((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_OR_EQUAL_UINT64(threshold, actual)                                     UNITY_TEST_ASSERT_GREATER_OR_EQUAL_UINT64((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_OR_EQUAL_size_t(threshold, actual)                                     UNITY_TEST_ASSERT_GREATER_OR_EQUAL_UINT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_OR_EQUAL_HEX8(threshold, actual)                                       UNITY_TEST_ASSERT_GREATER_OR_EQUAL_HEX8((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_OR_EQUAL_HEX16(threshold, actual)                                      UNITY_TEST_ASSERT_GREATER_OR_EQUAL_HEX16((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_OR_EQUAL_HEX32(threshold, actual)                                      UNITY_TEST_ASSERT_GREATER_OR_EQUAL_HEX32((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_OR_EQUAL_HEX64(threshold, actual)                                      UNITY_TEST_ASSERT_GREATER_OR_EQUAL_HEX64((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_OR_EQUAL_CHAR(threshold, actual)                                       UNITY_TEST_ASSERT_GREATER_OR_EQUAL_CHAR((threshold), (actual), __LINE__, NULL)
+
+#define TEST_ASSERT_LESS_OR_EQUAL(threshold, actual)                                               UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_INT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_OR_EQUAL_INT(threshold, actual)                                           UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_INT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_OR_EQUAL_INT8(threshold, actual)                                          UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_INT8((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_OR_EQUAL_INT16(threshold, actual)                                         UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_INT16((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_OR_EQUAL_INT32(threshold, actual)                                         UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_INT32((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_OR_EQUAL_INT64(threshold, actual)                                         UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_INT64((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_OR_EQUAL_UINT(threshold, actual)                                          UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_UINT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_OR_EQUAL_UINT8(threshold, actual)                                         UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_UINT8((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_OR_EQUAL_UINT16(threshold, actual)                                        UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_UINT16((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_OR_EQUAL_UINT32(threshold, actual)                                        UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_UINT32((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_OR_EQUAL_UINT64(threshold, actual)                                        UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_UINT64((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_OR_EQUAL_size_t(threshold, actual)                                        UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_UINT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_OR_EQUAL_HEX8(threshold, actual)                                          UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_HEX8((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_OR_EQUAL_HEX16(threshold, actual)                                         UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_HEX16((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_OR_EQUAL_HEX32(threshold, actual)                                         UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_HEX32((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_OR_EQUAL_HEX64(threshold, actual)                                         UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_HEX64((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_OR_EQUAL_CHAR(threshold, actual)                                          UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_CHAR((threshold), (actual), __LINE__, NULL)
+
+/* Integer Ranges (of all sizes) */
+#define TEST_ASSERT_INT_WITHIN(delta, expected, actual)                                            UNITY_TEST_ASSERT_INT_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_INT8_WITHIN(delta, expected, actual)                                           UNITY_TEST_ASSERT_INT8_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_INT16_WITHIN(delta, expected, actual)                                          UNITY_TEST_ASSERT_INT16_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_INT32_WITHIN(delta, expected, actual)                                          UNITY_TEST_ASSERT_INT32_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_INT64_WITHIN(delta, expected, actual)                                          UNITY_TEST_ASSERT_INT64_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_UINT_WITHIN(delta, expected, actual)                                           UNITY_TEST_ASSERT_UINT_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_UINT8_WITHIN(delta, expected, actual)                                          UNITY_TEST_ASSERT_UINT8_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_UINT16_WITHIN(delta, expected, actual)                                         UNITY_TEST_ASSERT_UINT16_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_UINT32_WITHIN(delta, expected, actual)                                         UNITY_TEST_ASSERT_UINT32_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_UINT64_WITHIN(delta, expected, actual)                                         UNITY_TEST_ASSERT_UINT64_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_size_t_WITHIN(delta, expected, actual)                                         UNITY_TEST_ASSERT_UINT_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_HEX_WITHIN(delta, expected, actual)                                            UNITY_TEST_ASSERT_HEX32_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_HEX8_WITHIN(delta, expected, actual)                                           UNITY_TEST_ASSERT_HEX8_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_HEX16_WITHIN(delta, expected, actual)                                          UNITY_TEST_ASSERT_HEX16_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_HEX32_WITHIN(delta, expected, actual)                                          UNITY_TEST_ASSERT_HEX32_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_HEX64_WITHIN(delta, expected, actual)                                          UNITY_TEST_ASSERT_HEX64_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_CHAR_WITHIN(delta, expected, actual)                                           UNITY_TEST_ASSERT_CHAR_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+
+/* Integer Array Ranges (of all sizes) */
+#define TEST_ASSERT_INT_ARRAY_WITHIN(delta, expected, actual, num_elements)                        UNITY_TEST_ASSERT_INT_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, NULL)
+#define TEST_ASSERT_INT8_ARRAY_WITHIN(delta, expected, actual, num_elements)                       UNITY_TEST_ASSERT_INT8_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, NULL)
+#define TEST_ASSERT_INT16_ARRAY_WITHIN(delta, expected, actual, num_elements)                      UNITY_TEST_ASSERT_INT16_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, NULL)
+#define TEST_ASSERT_INT32_ARRAY_WITHIN(delta, expected, actual, num_elements)                      UNITY_TEST_ASSERT_INT32_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, NULL)
+#define TEST_ASSERT_INT64_ARRAY_WITHIN(delta, expected, actual, num_elements)                      UNITY_TEST_ASSERT_INT64_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, NULL)
+#define TEST_ASSERT_UINT_ARRAY_WITHIN(delta, expected, actual, num_elements)                       UNITY_TEST_ASSERT_UINT_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, NULL)
+#define TEST_ASSERT_UINT8_ARRAY_WITHIN(delta, expected, actual, num_elements)                      UNITY_TEST_ASSERT_UINT8_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, NULL)
+#define TEST_ASSERT_UINT16_ARRAY_WITHIN(delta, expected, actual, num_elements)                     UNITY_TEST_ASSERT_UINT16_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, NULL)
+#define TEST_ASSERT_UINT32_ARRAY_WITHIN(delta, expected, actual, num_elements)                     UNITY_TEST_ASSERT_UINT32_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, NULL)
+#define TEST_ASSERT_UINT64_ARRAY_WITHIN(delta, expected, actual, num_elements)                     UNITY_TEST_ASSERT_UINT64_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, NULL)
+#define TEST_ASSERT_size_t_ARRAY_WITHIN(delta, expected, actual, num_elements)                     UNITY_TEST_ASSERT_UINT_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, NULL)
+#define TEST_ASSERT_HEX_ARRAY_WITHIN(delta, expected, actual, num_elements)                        UNITY_TEST_ASSERT_HEX32_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, NULL)
+#define TEST_ASSERT_HEX8_ARRAY_WITHIN(delta, expected, actual, num_elements)                       UNITY_TEST_ASSERT_HEX8_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, NULL)
+#define TEST_ASSERT_HEX16_ARRAY_WITHIN(delta, expected, actual, num_elements)                      UNITY_TEST_ASSERT_HEX16_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, NULL)
+#define TEST_ASSERT_HEX32_ARRAY_WITHIN(delta, expected, actual, num_elements)                      UNITY_TEST_ASSERT_HEX32_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, NULL)
+#define TEST_ASSERT_HEX64_ARRAY_WITHIN(delta, expected, actual, num_elements)                      UNITY_TEST_ASSERT_HEX64_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, NULL)
+#define TEST_ASSERT_CHAR_ARRAY_WITHIN(delta, expected, actual, num_elements)                       UNITY_TEST_ASSERT_CHAR_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, NULL)
+
+
+/* Structs and Strings */
+#define TEST_ASSERT_EQUAL_PTR(expected, actual)                                                    UNITY_TEST_ASSERT_EQUAL_PTR((expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_STRING(expected, actual)                                                 UNITY_TEST_ASSERT_EQUAL_STRING((expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_STRING_LEN(expected, actual, len)                                        UNITY_TEST_ASSERT_EQUAL_STRING_LEN((expected), (actual), (len), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_MEMORY(expected, actual, len)                                            UNITY_TEST_ASSERT_EQUAL_MEMORY((expected), (actual), (len), __LINE__, NULL)
+
+/* Arrays */
+#define TEST_ASSERT_EQUAL_INT_ARRAY(expected, actual, num_elements)                                UNITY_TEST_ASSERT_EQUAL_INT_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_INT8_ARRAY(expected, actual, num_elements)                               UNITY_TEST_ASSERT_EQUAL_INT8_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_INT16_ARRAY(expected, actual, num_elements)                              UNITY_TEST_ASSERT_EQUAL_INT16_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_INT32_ARRAY(expected, actual, num_elements)                              UNITY_TEST_ASSERT_EQUAL_INT32_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_INT64_ARRAY(expected, actual, num_elements)                              UNITY_TEST_ASSERT_EQUAL_INT64_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_UINT_ARRAY(expected, actual, num_elements)                               UNITY_TEST_ASSERT_EQUAL_UINT_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_UINT8_ARRAY(expected, actual, num_elements)                              UNITY_TEST_ASSERT_EQUAL_UINT8_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_UINT16_ARRAY(expected, actual, num_elements)                             UNITY_TEST_ASSERT_EQUAL_UINT16_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_UINT32_ARRAY(expected, actual, num_elements)                             UNITY_TEST_ASSERT_EQUAL_UINT32_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_UINT64_ARRAY(expected, actual, num_elements)                             UNITY_TEST_ASSERT_EQUAL_UINT64_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_size_t_ARRAY(expected, actual, num_elements)                             UNITY_TEST_ASSERT_EQUAL_UINT_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_HEX_ARRAY(expected, actual, num_elements)                                UNITY_TEST_ASSERT_EQUAL_HEX32_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_HEX8_ARRAY(expected, actual, num_elements)                               UNITY_TEST_ASSERT_EQUAL_HEX8_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_HEX16_ARRAY(expected, actual, num_elements)                              UNITY_TEST_ASSERT_EQUAL_HEX16_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_HEX32_ARRAY(expected, actual, num_elements)                              UNITY_TEST_ASSERT_EQUAL_HEX32_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_HEX64_ARRAY(expected, actual, num_elements)                              UNITY_TEST_ASSERT_EQUAL_HEX64_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_PTR_ARRAY(expected, actual, num_elements)                                UNITY_TEST_ASSERT_EQUAL_PTR_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_STRING_ARRAY(expected, actual, num_elements)                             UNITY_TEST_ASSERT_EQUAL_STRING_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_MEMORY_ARRAY(expected, actual, len, num_elements)                        UNITY_TEST_ASSERT_EQUAL_MEMORY_ARRAY((expected), (actual), (len), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_CHAR_ARRAY(expected, actual, num_elements)                               UNITY_TEST_ASSERT_EQUAL_CHAR_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+
+/* Arrays Compared To Single Value */
+#define TEST_ASSERT_EACH_EQUAL_INT(expected, actual, num_elements)                                 UNITY_TEST_ASSERT_EACH_EQUAL_INT((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_INT8(expected, actual, num_elements)                                UNITY_TEST_ASSERT_EACH_EQUAL_INT8((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_INT16(expected, actual, num_elements)                               UNITY_TEST_ASSERT_EACH_EQUAL_INT16((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_INT32(expected, actual, num_elements)                               UNITY_TEST_ASSERT_EACH_EQUAL_INT32((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_INT64(expected, actual, num_elements)                               UNITY_TEST_ASSERT_EACH_EQUAL_INT64((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_UINT(expected, actual, num_elements)                                UNITY_TEST_ASSERT_EACH_EQUAL_UINT((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_UINT8(expected, actual, num_elements)                               UNITY_TEST_ASSERT_EACH_EQUAL_UINT8((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_UINT16(expected, actual, num_elements)                              UNITY_TEST_ASSERT_EACH_EQUAL_UINT16((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_UINT32(expected, actual, num_elements)                              UNITY_TEST_ASSERT_EACH_EQUAL_UINT32((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_UINT64(expected, actual, num_elements)                              UNITY_TEST_ASSERT_EACH_EQUAL_UINT64((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_size_t(expected, actual, num_elements)                              UNITY_TEST_ASSERT_EACH_EQUAL_UINT((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_HEX(expected, actual, num_elements)                                 UNITY_TEST_ASSERT_EACH_EQUAL_HEX32((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_HEX8(expected, actual, num_elements)                                UNITY_TEST_ASSERT_EACH_EQUAL_HEX8((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_HEX16(expected, actual, num_elements)                               UNITY_TEST_ASSERT_EACH_EQUAL_HEX16((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_HEX32(expected, actual, num_elements)                               UNITY_TEST_ASSERT_EACH_EQUAL_HEX32((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_HEX64(expected, actual, num_elements)                               UNITY_TEST_ASSERT_EACH_EQUAL_HEX64((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_PTR(expected, actual, num_elements)                                 UNITY_TEST_ASSERT_EACH_EQUAL_PTR((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_STRING(expected, actual, num_elements)                              UNITY_TEST_ASSERT_EACH_EQUAL_STRING((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_MEMORY(expected, actual, len, num_elements)                         UNITY_TEST_ASSERT_EACH_EQUAL_MEMORY((expected), (actual), (len), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_CHAR(expected, actual, num_elements)                                UNITY_TEST_ASSERT_EACH_EQUAL_CHAR((expected), (actual), (num_elements), __LINE__, NULL)
+
+/* Floating Point (If Enabled) */
+#define TEST_ASSERT_FLOAT_WITHIN(delta, expected, actual)                                          UNITY_TEST_ASSERT_FLOAT_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_FLOAT_NOT_WITHIN(delta, expected, actual)                                      UNITY_TEST_ASSERT_FLOAT_NOT_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_FLOAT(expected, actual)                                                  UNITY_TEST_ASSERT_EQUAL_FLOAT((expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_NOT_EQUAL_FLOAT(expected, actual)                                              UNITY_TEST_ASSERT_NOT_EQUAL_FLOAT((expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_FLOAT_ARRAY_WITHIN(delta, expected, actual, num_elements)                      UNITY_TEST_ASSERT_FLOAT_ARRAY_WITHIN((delta), (expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_FLOAT_ARRAY(expected, actual, num_elements)                              UNITY_TEST_ASSERT_EQUAL_FLOAT_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_FLOAT(expected, actual, num_elements)                               UNITY_TEST_ASSERT_EACH_EQUAL_FLOAT((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_THAN_FLOAT(threshold, actual)                                          UNITY_TEST_ASSERT_GREATER_THAN_FLOAT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_OR_EQUAL_FLOAT(threshold, actual)                                      UNITY_TEST_ASSERT_GREATER_OR_EQUAL_FLOAT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_THAN_FLOAT(threshold, actual)                                             UNITY_TEST_ASSERT_LESS_THAN_FLOAT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_OR_EQUAL_FLOAT(threshold, actual)                                         UNITY_TEST_ASSERT_LESS_OR_EQUAL_FLOAT((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_FLOAT_IS_INF(actual)                                                           UNITY_TEST_ASSERT_FLOAT_IS_INF((actual), __LINE__, NULL)
+#define TEST_ASSERT_FLOAT_IS_NEG_INF(actual)                                                       UNITY_TEST_ASSERT_FLOAT_IS_NEG_INF((actual), __LINE__, NULL)
+#define TEST_ASSERT_FLOAT_IS_NAN(actual)                                                           UNITY_TEST_ASSERT_FLOAT_IS_NAN((actual), __LINE__, NULL)
+#define TEST_ASSERT_FLOAT_IS_DETERMINATE(actual)                                                   UNITY_TEST_ASSERT_FLOAT_IS_DETERMINATE((actual), __LINE__, NULL)
+#define TEST_ASSERT_FLOAT_IS_NOT_INF(actual)                                                       UNITY_TEST_ASSERT_FLOAT_IS_NOT_INF((actual), __LINE__, NULL)
+#define TEST_ASSERT_FLOAT_IS_NOT_NEG_INF(actual)                                                   UNITY_TEST_ASSERT_FLOAT_IS_NOT_NEG_INF((actual), __LINE__, NULL)
+#define TEST_ASSERT_FLOAT_IS_NOT_NAN(actual)                                                       UNITY_TEST_ASSERT_FLOAT_IS_NOT_NAN((actual), __LINE__, NULL)
+#define TEST_ASSERT_FLOAT_IS_NOT_DETERMINATE(actual)                                               UNITY_TEST_ASSERT_FLOAT_IS_NOT_DETERMINATE((actual), __LINE__, NULL)
+
+/* Double (If Enabled) */
+#define TEST_ASSERT_DOUBLE_WITHIN(delta, expected, actual)                                         UNITY_TEST_ASSERT_DOUBLE_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_DOUBLE_NOT_WITHIN(delta, expected, actual)                                     UNITY_TEST_ASSERT_DOUBLE_NOT_WITHIN((delta), (expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_DOUBLE(expected, actual)                                                 UNITY_TEST_ASSERT_EQUAL_DOUBLE((expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_NOT_EQUAL_DOUBLE(expected, actual)                                             UNITY_TEST_ASSERT_NOT_EQUAL_DOUBLE((expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_DOUBLE_ARRAY_WITHIN(delta, expected, actual, num_elements)                     UNITY_TEST_ASSERT_DOUBLE_ARRAY_WITHIN((delta), (expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EQUAL_DOUBLE_ARRAY(expected, actual, num_elements)                             UNITY_TEST_ASSERT_EQUAL_DOUBLE_ARRAY((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_EACH_EQUAL_DOUBLE(expected, actual, num_elements)                              UNITY_TEST_ASSERT_EACH_EQUAL_DOUBLE((expected), (actual), (num_elements), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_THAN_DOUBLE(threshold, actual)                                         UNITY_TEST_ASSERT_GREATER_THAN_DOUBLE((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_GREATER_OR_EQUAL_DOUBLE(threshold, actual)                                     UNITY_TEST_ASSERT_GREATER_OR_EQUAL_DOUBLE((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_THAN_DOUBLE(threshold, actual)                                            UNITY_TEST_ASSERT_LESS_THAN_DOUBLE((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_LESS_OR_EQUAL_DOUBLE(threshold, actual)                                        UNITY_TEST_ASSERT_LESS_OR_EQUAL_DOUBLE((threshold), (actual), __LINE__, NULL)
+#define TEST_ASSERT_DOUBLE_IS_INF(actual)                                                          UNITY_TEST_ASSERT_DOUBLE_IS_INF((actual), __LINE__, NULL)
+#define TEST_ASSERT_DOUBLE_IS_NEG_INF(actual)                                                      UNITY_TEST_ASSERT_DOUBLE_IS_NEG_INF((actual), __LINE__, NULL)
+#define TEST_ASSERT_DOUBLE_IS_NAN(actual)                                                          UNITY_TEST_ASSERT_DOUBLE_IS_NAN((actual), __LINE__, NULL)
+#define TEST_ASSERT_DOUBLE_IS_DETERMINATE(actual)                                                  UNITY_TEST_ASSERT_DOUBLE_IS_DETERMINATE((actual), __LINE__, NULL)
+#define TEST_ASSERT_DOUBLE_IS_NOT_INF(actual)                                                      UNITY_TEST_ASSERT_DOUBLE_IS_NOT_INF((actual), __LINE__, NULL)
+#define TEST_ASSERT_DOUBLE_IS_NOT_NEG_INF(actual)                                                  UNITY_TEST_ASSERT_DOUBLE_IS_NOT_NEG_INF((actual), __LINE__, NULL)
+#define TEST_ASSERT_DOUBLE_IS_NOT_NAN(actual)                                                      UNITY_TEST_ASSERT_DOUBLE_IS_NOT_NAN((actual), __LINE__, NULL)
+#define TEST_ASSERT_DOUBLE_IS_NOT_DETERMINATE(actual)                                              UNITY_TEST_ASSERT_DOUBLE_IS_NOT_DETERMINATE((actual), __LINE__, NULL)
+
+/* Shorthand */
+#ifdef UNITY_SHORTHAND_AS_OLD
+#define TEST_ASSERT_EQUAL(expected, actual)                                                        UNITY_TEST_ASSERT_EQUAL_INT((expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_NOT_EQUAL(expected, actual)                                                    UNITY_TEST_ASSERT(((expected) != (actual)), __LINE__, " Expected Not-Equal")
+#endif
+#ifdef UNITY_SHORTHAND_AS_INT
+#define TEST_ASSERT_EQUAL(expected, actual)                                                        UNITY_TEST_ASSERT_EQUAL_INT((expected), (actual), __LINE__, NULL)
+#define TEST_ASSERT_NOT_EQUAL(expected, actual)                                                    UNITY_TEST_FAIL(__LINE__, UnityStrErrShorthand)
+#endif
+#ifdef UNITY_SHORTHAND_AS_MEM
+#define TEST_ASSERT_EQUAL(expected, actual)                                                        UNITY_TEST_ASSERT_EQUAL_MEMORY((&expected), (&actual), sizeof(expected), __LINE__, NULL)
+#define TEST_ASSERT_NOT_EQUAL(expected, actual)                                                    UNITY_TEST_FAIL(__LINE__, UnityStrErrShorthand)
+#endif
+#ifdef UNITY_SHORTHAND_AS_RAW
+#define TEST_ASSERT_EQUAL(expected, actual)                                                        UNITY_TEST_ASSERT(((expected) == (actual)), __LINE__, " Expected Equal")
+#define TEST_ASSERT_NOT_EQUAL(expected, actual)                                                    UNITY_TEST_ASSERT(((expected) != (actual)), __LINE__, " Expected Not-Equal")
+#endif
+#ifdef UNITY_SHORTHAND_AS_NONE
+#define TEST_ASSERT_EQUAL(expected, actual)                                                        UNITY_TEST_FAIL(__LINE__, UnityStrErrShorthand)
+#define TEST_ASSERT_NOT_EQUAL(expected, actual)                                                    UNITY_TEST_FAIL(__LINE__, UnityStrErrShorthand)
+#endif
+
+/*-------------------------------------------------------
+ * Test Asserts (with additional messages)
+ *-------------------------------------------------------*/
+
+/* Boolean */
+#define TEST_ASSERT_MESSAGE(condition, message)                                                    UNITY_TEST_ASSERT(       (condition), __LINE__, (message))
+#define TEST_ASSERT_TRUE_MESSAGE(condition, message)                                               UNITY_TEST_ASSERT(       (condition), __LINE__, (message))
+#define TEST_ASSERT_UNLESS_MESSAGE(condition, message)                                             UNITY_TEST_ASSERT(      !(condition), __LINE__, (message))
+#define TEST_ASSERT_FALSE_MESSAGE(condition, message)                                              UNITY_TEST_ASSERT(      !(condition), __LINE__, (message))
+#define TEST_ASSERT_NULL_MESSAGE(pointer, message)                                                 UNITY_TEST_ASSERT_NULL(    (pointer), __LINE__, (message))
+#define TEST_ASSERT_NOT_NULL_MESSAGE(pointer, message)                                             UNITY_TEST_ASSERT_NOT_NULL((pointer), __LINE__, (message))
+#define TEST_ASSERT_EMPTY_MESSAGE(pointer, message)                                                UNITY_TEST_ASSERT_EMPTY(    (pointer), __LINE__, (message))
+#define TEST_ASSERT_NOT_EMPTY_MESSAGE(pointer, message)                                            UNITY_TEST_ASSERT_NOT_EMPTY((pointer), __LINE__, (message))
+
+/* Integers (of all sizes) */
+#define TEST_ASSERT_EQUAL_INT_MESSAGE(expected, actual, message)                                   UNITY_TEST_ASSERT_EQUAL_INT((expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_INT8_MESSAGE(expected, actual, message)                                  UNITY_TEST_ASSERT_EQUAL_INT8((expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_INT16_MESSAGE(expected, actual, message)                                 UNITY_TEST_ASSERT_EQUAL_INT16((expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_INT32_MESSAGE(expected, actual, message)                                 UNITY_TEST_ASSERT_EQUAL_INT32((expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_INT64_MESSAGE(expected, actual, message)                                 UNITY_TEST_ASSERT_EQUAL_INT64((expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_UINT_MESSAGE(expected, actual, message)                                  UNITY_TEST_ASSERT_EQUAL_UINT( (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_UINT8_MESSAGE(expected, actual, message)                                 UNITY_TEST_ASSERT_EQUAL_UINT8( (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_UINT16_MESSAGE(expected, actual, message)                                UNITY_TEST_ASSERT_EQUAL_UINT16( (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_UINT32_MESSAGE(expected, actual, message)                                UNITY_TEST_ASSERT_EQUAL_UINT32( (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_UINT64_MESSAGE(expected, actual, message)                                UNITY_TEST_ASSERT_EQUAL_UINT64( (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_size_t_MESSAGE(expected, actual, message)                                UNITY_TEST_ASSERT_EQUAL_UINT( (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_HEX_MESSAGE(expected, actual, message)                                   UNITY_TEST_ASSERT_EQUAL_HEX32((expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_HEX8_MESSAGE(expected, actual, message)                                  UNITY_TEST_ASSERT_EQUAL_HEX8( (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_HEX16_MESSAGE(expected, actual, message)                                 UNITY_TEST_ASSERT_EQUAL_HEX16((expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_HEX32_MESSAGE(expected, actual, message)                                 UNITY_TEST_ASSERT_EQUAL_HEX32((expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_HEX64_MESSAGE(expected, actual, message)                                 UNITY_TEST_ASSERT_EQUAL_HEX64((expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_BITS_MESSAGE(mask, expected, actual, message)                                  UNITY_TEST_ASSERT_BITS((mask), (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_BITS_HIGH_MESSAGE(mask, actual, message)                                       UNITY_TEST_ASSERT_BITS((mask), (UNITY_UINT32)(-1), (actual), __LINE__, (message))
+#define TEST_ASSERT_BITS_LOW_MESSAGE(mask, actual, message)                                        UNITY_TEST_ASSERT_BITS((mask), (UNITY_UINT32)(0), (actual), __LINE__, (message))
+#define TEST_ASSERT_BIT_HIGH_MESSAGE(bit, actual, message)                                         UNITY_TEST_ASSERT_BITS(((UNITY_UINT32)1 << (bit)), (UNITY_UINT32)(-1), (actual), __LINE__, (message))
+#define TEST_ASSERT_BIT_LOW_MESSAGE(bit, actual, message)                                          UNITY_TEST_ASSERT_BITS(((UNITY_UINT32)1 << (bit)), (UNITY_UINT32)(0), (actual), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_CHAR_MESSAGE(expected, actual, message)                                  UNITY_TEST_ASSERT_EQUAL_CHAR((expected), (actual), __LINE__, (message))
+
+/* Integer Not Equal To (of all sizes) */
+#define TEST_ASSERT_NOT_EQUAL_INT_MESSAGE(threshold, actual, message)                              UNITY_TEST_ASSERT_NOT_EQUAL_INT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_NOT_EQUAL_INT8_MESSAGE(threshold, actual, message)                             UNITY_TEST_ASSERT_NOT_EQUAL_INT8((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_NOT_EQUAL_INT16_MESSAGE(threshold, actual, message)                            UNITY_TEST_ASSERT_NOT_EQUAL_INT16((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_NOT_EQUAL_INT32_MESSAGE(threshold, actual, message)                            UNITY_TEST_ASSERT_NOT_EQUAL_INT32((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_NOT_EQUAL_INT64_MESSAGE(threshold, actual, message)                            UNITY_TEST_ASSERT_NOT_EQUAL_INT64((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_NOT_EQUAL_UINT_MESSAGE(threshold, actual, message)                             UNITY_TEST_ASSERT_NOT_EQUAL_UINT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_NOT_EQUAL_UINT8_MESSAGE(threshold, actual, message)                            UNITY_TEST_ASSERT_NOT_EQUAL_UINT8((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_NOT_EQUAL_UINT16_MESSAGE(threshold, actual, message)                           UNITY_TEST_ASSERT_NOT_EQUAL_UINT16((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_NOT_EQUAL_UINT32_MESSAGE(threshold, actual, message)                           UNITY_TEST_ASSERT_NOT_EQUAL_UINT32((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_NOT_EQUAL_UINT64_MESSAGE(threshold, actual, message)                           UNITY_TEST_ASSERT_NOT_EQUAL_UINT64((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_NOT_EQUAL_size_t_MESSAGE(threshold, actual, message)                           UNITY_TEST_ASSERT_NOT_EQUAL_UINT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_NOT_EQUAL_HEX8_MESSAGE(threshold, actual, message)                             UNITY_TEST_ASSERT_NOT_EQUAL_HEX8((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_NOT_EQUAL_HEX16_MESSAGE(threshold, actual, message)                            UNITY_TEST_ASSERT_NOT_EQUAL_HEX16((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_NOT_EQUAL_HEX32_MESSAGE(threshold, actual, message)                            UNITY_TEST_ASSERT_NOT_EQUAL_HEX32((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_NOT_EQUAL_HEX64_MESSAGE(threshold, actual, message)                            UNITY_TEST_ASSERT_NOT_EQUAL_HEX64((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_NOT_EQUAL_CHAR_MESSAGE(threshold, actual, message)                             UNITY_TEST_ASSERT_NOT_EQUAL_CHAR((threshold), (actual), __LINE__, (message))
+
+
+/* Integer Greater Than/ Less Than (of all sizes) */
+#define TEST_ASSERT_GREATER_THAN_MESSAGE(threshold, actual, message)                               UNITY_TEST_ASSERT_GREATER_THAN_INT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_THAN_INT_MESSAGE(threshold, actual, message)                           UNITY_TEST_ASSERT_GREATER_THAN_INT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_THAN_INT8_MESSAGE(threshold, actual, message)                          UNITY_TEST_ASSERT_GREATER_THAN_INT8((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_THAN_INT16_MESSAGE(threshold, actual, message)                         UNITY_TEST_ASSERT_GREATER_THAN_INT16((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_THAN_INT32_MESSAGE(threshold, actual, message)                         UNITY_TEST_ASSERT_GREATER_THAN_INT32((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_THAN_INT64_MESSAGE(threshold, actual, message)                         UNITY_TEST_ASSERT_GREATER_THAN_INT64((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_THAN_UINT_MESSAGE(threshold, actual, message)                          UNITY_TEST_ASSERT_GREATER_THAN_UINT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_THAN_UINT8_MESSAGE(threshold, actual, message)                         UNITY_TEST_ASSERT_GREATER_THAN_UINT8((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_THAN_UINT16_MESSAGE(threshold, actual, message)                        UNITY_TEST_ASSERT_GREATER_THAN_UINT16((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_THAN_UINT32_MESSAGE(threshold, actual, message)                        UNITY_TEST_ASSERT_GREATER_THAN_UINT32((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_THAN_UINT64_MESSAGE(threshold, actual, message)                        UNITY_TEST_ASSERT_GREATER_THAN_UINT64((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_THAN_size_t_MESSAGE(threshold, actual, message)                        UNITY_TEST_ASSERT_GREATER_THAN_UINT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_THAN_HEX8_MESSAGE(threshold, actual, message)                          UNITY_TEST_ASSERT_GREATER_THAN_HEX8((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_THAN_HEX16_MESSAGE(threshold, actual, message)                         UNITY_TEST_ASSERT_GREATER_THAN_HEX16((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_THAN_HEX32_MESSAGE(threshold, actual, message)                         UNITY_TEST_ASSERT_GREATER_THAN_HEX32((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_THAN_HEX64_MESSAGE(threshold, actual, message)                         UNITY_TEST_ASSERT_GREATER_THAN_HEX64((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_THAN_CHAR_MESSAGE(threshold, actual, message)                          UNITY_TEST_ASSERT_GREATER_THAN_CHAR((threshold), (actual), __LINE__, (message))
+
+#define TEST_ASSERT_LESS_THAN_MESSAGE(threshold, actual, message)                                  UNITY_TEST_ASSERT_SMALLER_THAN_INT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_THAN_INT_MESSAGE(threshold, actual, message)                              UNITY_TEST_ASSERT_SMALLER_THAN_INT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_THAN_INT8_MESSAGE(threshold, actual, message)                             UNITY_TEST_ASSERT_SMALLER_THAN_INT8((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_THAN_INT16_MESSAGE(threshold, actual, message)                            UNITY_TEST_ASSERT_SMALLER_THAN_INT16((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_THAN_INT32_MESSAGE(threshold, actual, message)                            UNITY_TEST_ASSERT_SMALLER_THAN_INT32((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_THAN_INT64_MESSAGE(threshold, actual, message)                            UNITY_TEST_ASSERT_SMALLER_THAN_INT64((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_THAN_UINT_MESSAGE(threshold, actual, message)                             UNITY_TEST_ASSERT_SMALLER_THAN_UINT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_THAN_UINT8_MESSAGE(threshold, actual, message)                            UNITY_TEST_ASSERT_SMALLER_THAN_UINT8((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_THAN_UINT16_MESSAGE(threshold, actual, message)                           UNITY_TEST_ASSERT_SMALLER_THAN_UINT16((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_THAN_UINT32_MESSAGE(threshold, actual, message)                           UNITY_TEST_ASSERT_SMALLER_THAN_UINT32((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_THAN_UINT64_MESSAGE(threshold, actual, message)                           UNITY_TEST_ASSERT_SMALLER_THAN_UINT64((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_THAN_size_t_MESSAGE(threshold, actual, message)                           UNITY_TEST_ASSERT_SMALLER_THAN_UINT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_THAN_HEX8_MESSAGE(threshold, actual, message)                             UNITY_TEST_ASSERT_SMALLER_THAN_HEX8((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_THAN_HEX16_MESSAGE(threshold, actual, message)                            UNITY_TEST_ASSERT_SMALLER_THAN_HEX16((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_THAN_HEX32_MESSAGE(threshold, actual, message)                            UNITY_TEST_ASSERT_SMALLER_THAN_HEX32((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_THAN_HEX64_MESSAGE(threshold, actual, message)                            UNITY_TEST_ASSERT_SMALLER_THAN_HEX64((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_THAN_CHAR_MESSAGE(threshold, actual, message)                             UNITY_TEST_ASSERT_SMALLER_THAN_CHAR((threshold), (actual), __LINE__, (message))
+
+#define TEST_ASSERT_GREATER_OR_EQUAL_MESSAGE(threshold, actual, message)                           UNITY_TEST_ASSERT_GREATER_OR_EQUAL_INT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_OR_EQUAL_INT_MESSAGE(threshold, actual, message)                       UNITY_TEST_ASSERT_GREATER_OR_EQUAL_INT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_OR_EQUAL_INT8_MESSAGE(threshold, actual, message)                      UNITY_TEST_ASSERT_GREATER_OR_EQUAL_INT8((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_OR_EQUAL_INT16_MESSAGE(threshold, actual, message)                     UNITY_TEST_ASSERT_GREATER_OR_EQUAL_INT16((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_OR_EQUAL_INT32_MESSAGE(threshold, actual, message)                     UNITY_TEST_ASSERT_GREATER_OR_EQUAL_INT32((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_OR_EQUAL_INT64_MESSAGE(threshold, actual, message)                     UNITY_TEST_ASSERT_GREATER_OR_EQUAL_INT64((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_OR_EQUAL_UINT_MESSAGE(threshold, actual, message)                      UNITY_TEST_ASSERT_GREATER_OR_EQUAL_UINT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_OR_EQUAL_UINT8_MESSAGE(threshold, actual, message)                     UNITY_TEST_ASSERT_GREATER_OR_EQUAL_UINT8((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_OR_EQUAL_UINT16_MESSAGE(threshold, actual, message)                    UNITY_TEST_ASSERT_GREATER_OR_EQUAL_UINT16((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_OR_EQUAL_UINT32_MESSAGE(threshold, actual, message)                    UNITY_TEST_ASSERT_GREATER_OR_EQUAL_UINT32((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_OR_EQUAL_UINT64_MESSAGE(threshold, actual, message)                    UNITY_TEST_ASSERT_GREATER_OR_EQUAL_UINT64((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_OR_EQUAL_size_t_MESSAGE(threshold, actual, message)                    UNITY_TEST_ASSERT_GREATER_OR_EQUAL_UINT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_OR_EQUAL_HEX8_MESSAGE(threshold, actual, message)                      UNITY_TEST_ASSERT_GREATER_OR_EQUAL_HEX8((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_OR_EQUAL_HEX16_MESSAGE(threshold, actual, message)                     UNITY_TEST_ASSERT_GREATER_OR_EQUAL_HEX16((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_OR_EQUAL_HEX32_MESSAGE(threshold, actual, message)                     UNITY_TEST_ASSERT_GREATER_OR_EQUAL_HEX32((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_OR_EQUAL_HEX64_MESSAGE(threshold, actual, message)                     UNITY_TEST_ASSERT_GREATER_OR_EQUAL_HEX64((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_OR_EQUAL_CHAR_MESSAGE(threshold, actual, message)                      UNITY_TEST_ASSERT_GREATER_OR_EQUAL_CHAR((threshold), (actual), __LINE__, (message))
+
+#define TEST_ASSERT_LESS_OR_EQUAL_MESSAGE(threshold, actual, message)                              UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_INT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_OR_EQUAL_INT_MESSAGE(threshold, actual, message)                          UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_INT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_OR_EQUAL_INT8_MESSAGE(threshold, actual, message)                         UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_INT8((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_OR_EQUAL_INT16_MESSAGE(threshold, actual, message)                        UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_INT16((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_OR_EQUAL_INT32_MESSAGE(threshold, actual, message)                        UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_INT32((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_OR_EQUAL_INT64_MESSAGE(threshold, actual, message)                        UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_INT64((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_OR_EQUAL_UINT_MESSAGE(threshold, actual, message)                         UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_UINT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_OR_EQUAL_UINT8_MESSAGE(threshold, actual, message)                        UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_UINT8((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_OR_EQUAL_UINT16_MESSAGE(threshold, actual, message)                       UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_UINT16((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_OR_EQUAL_UINT32_MESSAGE(threshold, actual, message)                       UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_UINT32((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_OR_EQUAL_UINT64_MESSAGE(threshold, actual, message)                       UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_UINT64((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_OR_EQUAL_size_t_MESSAGE(threshold, actual, message)                       UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_UINT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_OR_EQUAL_HEX8_MESSAGE(threshold, actual, message)                         UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_HEX8((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_OR_EQUAL_HEX16_MESSAGE(threshold, actual, message)                        UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_HEX16((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_OR_EQUAL_HEX32_MESSAGE(threshold, actual, message)                        UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_HEX32((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_OR_EQUAL_HEX64_MESSAGE(threshold, actual, message)                        UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_HEX64((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_OR_EQUAL_CHAR_MESSAGE(threshold, actual, message)                         UNITY_TEST_ASSERT_SMALLER_OR_EQUAL_CHAR((threshold), (actual), __LINE__, (message))
+
+/* Integer Ranges (of all sizes) */
+#define TEST_ASSERT_INT_WITHIN_MESSAGE(delta, expected, actual, message)                           UNITY_TEST_ASSERT_INT_WITHIN((delta), (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_INT8_WITHIN_MESSAGE(delta, expected, actual, message)                          UNITY_TEST_ASSERT_INT8_WITHIN((delta), (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_INT16_WITHIN_MESSAGE(delta, expected, actual, message)                         UNITY_TEST_ASSERT_INT16_WITHIN((delta), (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_INT32_WITHIN_MESSAGE(delta, expected, actual, message)                         UNITY_TEST_ASSERT_INT32_WITHIN((delta), (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_INT64_WITHIN_MESSAGE(delta, expected, actual, message)                         UNITY_TEST_ASSERT_INT64_WITHIN((delta), (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_UINT_WITHIN_MESSAGE(delta, expected, actual, message)                          UNITY_TEST_ASSERT_UINT_WITHIN((delta), (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_UINT8_WITHIN_MESSAGE(delta, expected, actual, message)                         UNITY_TEST_ASSERT_UINT8_WITHIN((delta), (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_UINT16_WITHIN_MESSAGE(delta, expected, actual, message)                        UNITY_TEST_ASSERT_UINT16_WITHIN((delta), (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_UINT32_WITHIN_MESSAGE(delta, expected, actual, message)                        UNITY_TEST_ASSERT_UINT32_WITHIN((delta), (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_UINT64_WITHIN_MESSAGE(delta, expected, actual, message)                        UNITY_TEST_ASSERT_UINT64_WITHIN((delta), (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_size_t_WITHIN_MESSAGE(delta, expected, actual, message)                        UNITY_TEST_ASSERT_UINT_WITHIN((delta), (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_HEX_WITHIN_MESSAGE(delta, expected, actual, message)                           UNITY_TEST_ASSERT_HEX32_WITHIN((delta), (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_HEX8_WITHIN_MESSAGE(delta, expected, actual, message)                          UNITY_TEST_ASSERT_HEX8_WITHIN((delta), (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_HEX16_WITHIN_MESSAGE(delta, expected, actual, message)                         UNITY_TEST_ASSERT_HEX16_WITHIN((delta), (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_HEX32_WITHIN_MESSAGE(delta, expected, actual, message)                         UNITY_TEST_ASSERT_HEX32_WITHIN((delta), (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_HEX64_WITHIN_MESSAGE(delta, expected, actual, message)                         UNITY_TEST_ASSERT_HEX64_WITHIN((delta), (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_CHAR_WITHIN_MESSAGE(delta, expected, actual, message)                          UNITY_TEST_ASSERT_CHAR_WITHIN((delta), (expected), (actual), __LINE__, (message))
+
+/* Integer Array Ranges (of all sizes) */
+#define TEST_ASSERT_INT_ARRAY_WITHIN_MESSAGE(delta, expected, actual, num_elements, message)       UNITY_TEST_ASSERT_INT_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, (message))
+#define TEST_ASSERT_INT8_ARRAY_WITHIN_MESSAGE(delta, expected, actual, num_elements, message)      UNITY_TEST_ASSERT_INT8_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, (message))
+#define TEST_ASSERT_INT16_ARRAY_WITHIN_MESSAGE(delta, expected, actual, num_elements, message)     UNITY_TEST_ASSERT_INT16_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, (message))
+#define TEST_ASSERT_INT32_ARRAY_WITHIN_MESSAGE(delta, expected, actual, num_elements, message)     UNITY_TEST_ASSERT_INT32_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, (message))
+#define TEST_ASSERT_INT64_ARRAY_WITHIN_MESSAGE(delta, expected, actual, num_elements, message)     UNITY_TEST_ASSERT_INT64_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, (message))
+#define TEST_ASSERT_UINT_ARRAY_WITHIN_MESSAGE(delta, expected, actual, num_elements, message)      UNITY_TEST_ASSERT_UINT_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, (message))
+#define TEST_ASSERT_UINT8_ARRAY_WITHIN_MESSAGE(delta, expected, actual, num_elements, message)     UNITY_TEST_ASSERT_UINT8_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, (message))
+#define TEST_ASSERT_UINT16_ARRAY_WITHIN_MESSAGE(delta, expected, actual, num_elements, message)    UNITY_TEST_ASSERT_UINT16_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, (message))
+#define TEST_ASSERT_UINT32_ARRAY_WITHIN_MESSAGE(delta, expected, actual, num_elements, message)    UNITY_TEST_ASSERT_UINT32_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, (message))
+#define TEST_ASSERT_UINT64_ARRAY_WITHIN_MESSAGE(delta, expected, actual, num_elements, message)    UNITY_TEST_ASSERT_UINT64_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, (message))
+#define TEST_ASSERT_size_t_ARRAY_WITHIN_MESSAGE(delta, expected, actual, num_elements, message)    UNITY_TEST_ASSERT_UINT_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, (message))
+#define TEST_ASSERT_HEX_ARRAY_WITHIN_MESSAGE(delta, expected, actual, num_elements, message)       UNITY_TEST_ASSERT_HEX32_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, (message))
+#define TEST_ASSERT_HEX8_ARRAY_WITHIN_MESSAGE(delta, expected, actual, num_elements, message)      UNITY_TEST_ASSERT_HEX8_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, (message))
+#define TEST_ASSERT_HEX16_ARRAY_WITHIN_MESSAGE(delta, expected, actual, num_elements, message)     UNITY_TEST_ASSERT_HEX16_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, (message))
+#define TEST_ASSERT_HEX32_ARRAY_WITHIN_MESSAGE(delta, expected, actual, num_elements, message)     UNITY_TEST_ASSERT_HEX32_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, (message))
+#define TEST_ASSERT_HEX64_ARRAY_WITHIN_MESSAGE(delta, expected, actual, num_elements, message)     UNITY_TEST_ASSERT_HEX64_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, (message))
+#define TEST_ASSERT_CHAR_ARRAY_WITHIN_MESSAGE(delta, expected, actual, num_elements, message)      UNITY_TEST_ASSERT_CHAR_ARRAY_WITHIN((delta), (expected), (actual), num_elements, __LINE__, (message))
+
+
+/* Structs and Strings */
+#define TEST_ASSERT_EQUAL_PTR_MESSAGE(expected, actual, message)                                   UNITY_TEST_ASSERT_EQUAL_PTR((expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_STRING_MESSAGE(expected, actual, message)                                UNITY_TEST_ASSERT_EQUAL_STRING((expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_STRING_LEN_MESSAGE(expected, actual, len, message)                       UNITY_TEST_ASSERT_EQUAL_STRING_LEN((expected), (actual), (len), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_MEMORY_MESSAGE(expected, actual, len, message)                           UNITY_TEST_ASSERT_EQUAL_MEMORY((expected), (actual), (len), __LINE__, (message))
+
+/* Arrays */
+#define TEST_ASSERT_EQUAL_INT_ARRAY_MESSAGE(expected, actual, num_elements, message)               UNITY_TEST_ASSERT_EQUAL_INT_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_INT8_ARRAY_MESSAGE(expected, actual, num_elements, message)              UNITY_TEST_ASSERT_EQUAL_INT8_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_INT16_ARRAY_MESSAGE(expected, actual, num_elements, message)             UNITY_TEST_ASSERT_EQUAL_INT16_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_INT32_ARRAY_MESSAGE(expected, actual, num_elements, message)             UNITY_TEST_ASSERT_EQUAL_INT32_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_INT64_ARRAY_MESSAGE(expected, actual, num_elements, message)             UNITY_TEST_ASSERT_EQUAL_INT64_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_UINT_ARRAY_MESSAGE(expected, actual, num_elements, message)              UNITY_TEST_ASSERT_EQUAL_UINT_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_UINT8_ARRAY_MESSAGE(expected, actual, num_elements, message)             UNITY_TEST_ASSERT_EQUAL_UINT8_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_UINT16_ARRAY_MESSAGE(expected, actual, num_elements, message)            UNITY_TEST_ASSERT_EQUAL_UINT16_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_UINT32_ARRAY_MESSAGE(expected, actual, num_elements, message)            UNITY_TEST_ASSERT_EQUAL_UINT32_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_UINT64_ARRAY_MESSAGE(expected, actual, num_elements, message)            UNITY_TEST_ASSERT_EQUAL_UINT64_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_size_t_ARRAY_MESSAGE(expected, actual, num_elements, message)            UNITY_TEST_ASSERT_EQUAL_UINT_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_HEX_ARRAY_MESSAGE(expected, actual, num_elements, message)               UNITY_TEST_ASSERT_EQUAL_HEX32_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_HEX8_ARRAY_MESSAGE(expected, actual, num_elements, message)              UNITY_TEST_ASSERT_EQUAL_HEX8_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_HEX16_ARRAY_MESSAGE(expected, actual, num_elements, message)             UNITY_TEST_ASSERT_EQUAL_HEX16_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_HEX32_ARRAY_MESSAGE(expected, actual, num_elements, message)             UNITY_TEST_ASSERT_EQUAL_HEX32_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_HEX64_ARRAY_MESSAGE(expected, actual, num_elements, message)             UNITY_TEST_ASSERT_EQUAL_HEX64_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_PTR_ARRAY_MESSAGE(expected, actual, num_elements, message)               UNITY_TEST_ASSERT_EQUAL_PTR_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_STRING_ARRAY_MESSAGE(expected, actual, num_elements, message)            UNITY_TEST_ASSERT_EQUAL_STRING_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_MEMORY_ARRAY_MESSAGE(expected, actual, len, num_elements, message)       UNITY_TEST_ASSERT_EQUAL_MEMORY_ARRAY((expected), (actual), (len), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_CHAR_ARRAY_MESSAGE(expected, actual, num_elements, message)              UNITY_TEST_ASSERT_EQUAL_CHAR_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+
+/* Arrays Compared To Single Value*/
+#define TEST_ASSERT_EACH_EQUAL_INT_MESSAGE(expected, actual, num_elements, message)                UNITY_TEST_ASSERT_EACH_EQUAL_INT((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_INT8_MESSAGE(expected, actual, num_elements, message)               UNITY_TEST_ASSERT_EACH_EQUAL_INT8((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_INT16_MESSAGE(expected, actual, num_elements, message)              UNITY_TEST_ASSERT_EACH_EQUAL_INT16((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_INT32_MESSAGE(expected, actual, num_elements, message)              UNITY_TEST_ASSERT_EACH_EQUAL_INT32((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_INT64_MESSAGE(expected, actual, num_elements, message)              UNITY_TEST_ASSERT_EACH_EQUAL_INT64((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_UINT_MESSAGE(expected, actual, num_elements, message)               UNITY_TEST_ASSERT_EACH_EQUAL_UINT((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_UINT8_MESSAGE(expected, actual, num_elements, message)              UNITY_TEST_ASSERT_EACH_EQUAL_UINT8((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_UINT16_MESSAGE(expected, actual, num_elements, message)             UNITY_TEST_ASSERT_EACH_EQUAL_UINT16((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_UINT32_MESSAGE(expected, actual, num_elements, message)             UNITY_TEST_ASSERT_EACH_EQUAL_UINT32((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_UINT64_MESSAGE(expected, actual, num_elements, message)             UNITY_TEST_ASSERT_EACH_EQUAL_UINT64((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_size_t_MESSAGE(expected, actual, num_elements, message)             UNITY_TEST_ASSERT_EACH_EQUAL_UINT((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_HEX_MESSAGE(expected, actual, num_elements, message)                UNITY_TEST_ASSERT_EACH_EQUAL_HEX32((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_HEX8_MESSAGE(expected, actual, num_elements, message)               UNITY_TEST_ASSERT_EACH_EQUAL_HEX8((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_HEX16_MESSAGE(expected, actual, num_elements, message)              UNITY_TEST_ASSERT_EACH_EQUAL_HEX16((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_HEX32_MESSAGE(expected, actual, num_elements, message)              UNITY_TEST_ASSERT_EACH_EQUAL_HEX32((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_HEX64_MESSAGE(expected, actual, num_elements, message)              UNITY_TEST_ASSERT_EACH_EQUAL_HEX64((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_PTR_MESSAGE(expected, actual, num_elements, message)                UNITY_TEST_ASSERT_EACH_EQUAL_PTR((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_STRING_MESSAGE(expected, actual, num_elements, message)             UNITY_TEST_ASSERT_EACH_EQUAL_STRING((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_MEMORY_MESSAGE(expected, actual, len, num_elements, message)        UNITY_TEST_ASSERT_EACH_EQUAL_MEMORY((expected), (actual), (len), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_CHAR_MESSAGE(expected, actual, num_elements, message)               UNITY_TEST_ASSERT_EACH_EQUAL_CHAR((expected), (actual), (num_elements), __LINE__, (message))
+
+/* Floating Point (If Enabled) */
+#define TEST_ASSERT_FLOAT_WITHIN_MESSAGE(delta, expected, actual, message)                         UNITY_TEST_ASSERT_FLOAT_WITHIN((delta), (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_FLOAT_MESSAGE(expected, actual, message)                                 UNITY_TEST_ASSERT_EQUAL_FLOAT((expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_NOT_EQUAL_FLOAT_MESSAGE(expected, actual, message)                             UNITY_TEST_ASSERT_NOT_EQUAL_FLOAT((expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_FLOAT_ARRAY_WITHIN_MESSAGE(delta, expected, actual, num_elements, message)     UNITY_TEST_ASSERT_FLOAT_ARRAY_WITHIN((delta), (expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_FLOAT_ARRAY_MESSAGE(expected, actual, num_elements, message)             UNITY_TEST_ASSERT_EQUAL_FLOAT_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_FLOAT_MESSAGE(expected, actual, num_elements, message)              UNITY_TEST_ASSERT_EACH_EQUAL_FLOAT((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_GREATER_THAN_FLOAT_MESSAGE(threshold, actual, message)                         UNITY_TEST_ASSERT_GREATER_THAN_FLOAT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_OR_EQUAL_FLOAT_MESSAGE(threshold, actual, message)                     UNITY_TEST_ASSERT_GREATER_OR_EQUAL_FLOAT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_THAN_FLOAT_MESSAGE(threshold, actual, message)                            UNITY_TEST_ASSERT_LESS_THAN_FLOAT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_OR_EQUAL_FLOAT_MESSAGE(threshold, actual, message)                        UNITY_TEST_ASSERT_LESS_OR_EQUAL_FLOAT((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_FLOAT_IS_INF_MESSAGE(actual, message)                                          UNITY_TEST_ASSERT_FLOAT_IS_INF((actual), __LINE__, (message))
+#define TEST_ASSERT_FLOAT_IS_NEG_INF_MESSAGE(actual, message)                                      UNITY_TEST_ASSERT_FLOAT_IS_NEG_INF((actual), __LINE__, (message))
+#define TEST_ASSERT_FLOAT_IS_NAN_MESSAGE(actual, message)                                          UNITY_TEST_ASSERT_FLOAT_IS_NAN((actual), __LINE__, (message))
+#define TEST_ASSERT_FLOAT_IS_DETERMINATE_MESSAGE(actual, message)                                  UNITY_TEST_ASSERT_FLOAT_IS_DETERMINATE((actual), __LINE__, (message))
+#define TEST_ASSERT_FLOAT_IS_NOT_INF_MESSAGE(actual, message)                                      UNITY_TEST_ASSERT_FLOAT_IS_NOT_INF((actual), __LINE__, (message))
+#define TEST_ASSERT_FLOAT_IS_NOT_NEG_INF_MESSAGE(actual, message)                                  UNITY_TEST_ASSERT_FLOAT_IS_NOT_NEG_INF((actual), __LINE__, (message))
+#define TEST_ASSERT_FLOAT_IS_NOT_NAN_MESSAGE(actual, message)                                      UNITY_TEST_ASSERT_FLOAT_IS_NOT_NAN((actual), __LINE__, (message))
+#define TEST_ASSERT_FLOAT_IS_NOT_DETERMINATE_MESSAGE(actual, message)                              UNITY_TEST_ASSERT_FLOAT_IS_NOT_DETERMINATE((actual), __LINE__, (message))
+
+/* Double (If Enabled) */
+#define TEST_ASSERT_DOUBLE_WITHIN_MESSAGE(delta, expected, actual, message)                        UNITY_TEST_ASSERT_DOUBLE_WITHIN((delta), (expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_DOUBLE_MESSAGE(expected, actual, message)                                UNITY_TEST_ASSERT_EQUAL_DOUBLE((expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_NOT_EQUAL_DOUBLE_MESSAGE(expected, actual, message)                            UNITY_TEST_ASSERT_NOT_EQUAL_DOUBLE((expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_DOUBLE_ARRAY_WITHIN_MESSAGE(delta, expected, actual, num_elements, message)    UNITY_TEST_ASSERT_DOUBLE_ARRAY_WITHIN((delta), (expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EQUAL_DOUBLE_ARRAY_MESSAGE(expected, actual, num_elements, message)            UNITY_TEST_ASSERT_EQUAL_DOUBLE_ARRAY((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_EACH_EQUAL_DOUBLE_MESSAGE(expected, actual, num_elements, message)             UNITY_TEST_ASSERT_EACH_EQUAL_DOUBLE((expected), (actual), (num_elements), __LINE__, (message))
+#define TEST_ASSERT_GREATER_THAN_DOUBLE_MESSAGE(threshold, actual, message)                        UNITY_TEST_ASSERT_GREATER_THAN_DOUBLE((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_GREATER_OR_EQUAL_DOUBLE_MESSAGE(threshold, actual, message)                    UNITY_TEST_ASSERT_GREATER_OR_EQUAL_DOUBLE((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_THAN_DOUBLE_MESSAGE(threshold, actual, message)                           UNITY_TEST_ASSERT_LESS_THAN_DOUBLE((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_LESS_OR_EQUAL_DOUBLE_MESSAGE(threshold, actual, message)                       UNITY_TEST_ASSERT_LESS_OR_EQUAL_DOUBLE((threshold), (actual), __LINE__, (message))
+#define TEST_ASSERT_DOUBLE_IS_INF_MESSAGE(actual, message)                                         UNITY_TEST_ASSERT_DOUBLE_IS_INF((actual), __LINE__, (message))
+#define TEST_ASSERT_DOUBLE_IS_NEG_INF_MESSAGE(actual, message)                                     UNITY_TEST_ASSERT_DOUBLE_IS_NEG_INF((actual), __LINE__, (message))
+#define TEST_ASSERT_DOUBLE_IS_NAN_MESSAGE(actual, message)                                         UNITY_TEST_ASSERT_DOUBLE_IS_NAN((actual), __LINE__, (message))
+#define TEST_ASSERT_DOUBLE_IS_DETERMINATE_MESSAGE(actual, message)                                 UNITY_TEST_ASSERT_DOUBLE_IS_DETERMINATE((actual), __LINE__, (message))
+#define TEST_ASSERT_DOUBLE_IS_NOT_INF_MESSAGE(actual, message)                                     UNITY_TEST_ASSERT_DOUBLE_IS_NOT_INF((actual), __LINE__, (message))
+#define TEST_ASSERT_DOUBLE_IS_NOT_NEG_INF_MESSAGE(actual, message)                                 UNITY_TEST_ASSERT_DOUBLE_IS_NOT_NEG_INF((actual), __LINE__, (message))
+#define TEST_ASSERT_DOUBLE_IS_NOT_NAN_MESSAGE(actual, message)                                     UNITY_TEST_ASSERT_DOUBLE_IS_NOT_NAN((actual), __LINE__, (message))
+#define TEST_ASSERT_DOUBLE_IS_NOT_DETERMINATE_MESSAGE(actual, message)                             UNITY_TEST_ASSERT_DOUBLE_IS_NOT_DETERMINATE((actual), __LINE__, (message))
+
+/* Shorthand */
+#ifdef UNITY_SHORTHAND_AS_OLD
+#define TEST_ASSERT_EQUAL_MESSAGE(expected, actual, message)                                       UNITY_TEST_ASSERT_EQUAL_INT((expected), (actual), __LINE__, (message))
+#define TEST_ASSERT_NOT_EQUAL_MESSAGE(expected, actual, message)                                   UNITY_TEST_ASSERT(((expected) != (actual)), __LINE__, (message))
+#endif
+#ifdef UNITY_SHORTHAND_AS_INT
+#define TEST_ASSERT_EQUAL_MESSAGE(expected, actual, message)                                       UNITY_TEST_ASSERT_EQUAL_INT((expected), (actual), __LINE__, message)
+#define TEST_ASSERT_NOT_EQUAL_MESSAGE(expected, actual, message)                                   UNITY_TEST_FAIL(__LINE__, UnityStrErrShorthand)
+#endif
+#ifdef  UNITY_SHORTHAND_AS_MEM
+#define TEST_ASSERT_EQUAL_MESSAGE(expected, actual, message)                                       UNITY_TEST_ASSERT_EQUAL_MEMORY((&expected), (&actual), sizeof(expected), __LINE__, message)
+#define TEST_ASSERT_NOT_EQUAL_MESSAGE(expected, actual, message)                                   UNITY_TEST_FAIL(__LINE__, UnityStrErrShorthand)
+#endif
+#ifdef  UNITY_SHORTHAND_AS_RAW
+#define TEST_ASSERT_EQUAL_MESSAGE(expected, actual, message)                                       UNITY_TEST_ASSERT(((expected) == (actual)), __LINE__, message)
+#define TEST_ASSERT_NOT_EQUAL_MESSAGE(expected, actual, message)                                   UNITY_TEST_ASSERT(((expected) != (actual)), __LINE__, message)
+#endif
+#ifdef UNITY_SHORTHAND_AS_NONE
+#define TEST_ASSERT_EQUAL_MESSAGE(expected, actual, message)                                       UNITY_TEST_FAIL(__LINE__, UnityStrErrShorthand)
+#define TEST_ASSERT_NOT_EQUAL_MESSAGE(expected, actual, message)                                   UNITY_TEST_FAIL(__LINE__, UnityStrErrShorthand)
+#endif
+
+/* end of UNITY_FRAMEWORK_H */
+#ifdef __cplusplus
+}
+#endif
+#endif

test/unity/unity_fixture.c

@@ -0,0 +1,310 @@
+/* =========================================================================
+    Unity - A Test Framework for C
+    ThrowTheSwitch.org
+    Copyright (c) 2007-25 Mike Karlesky, Mark VanderVoord, & Greg Williams
+    SPDX-License-Identifier: MIT
+========================================================================= */
+
+#include "unity_fixture.h"
+#include "unity_internals.h"
+#include <string.h>
+
+struct UNITY_FIXTURE_T UnityFixture;
+
+/* If you decide to use the function pointer approach.
+ * Build with -D UNITY_OUTPUT_CHAR=outputChar and include <stdio.h>
+ * int (*outputChar)(int) = putchar; */
+
+void setUp(void)    { /*does nothing*/ }
+void tearDown(void) { /*does nothing*/ }
+
+static void announceTestRun(unsigned int runNumber)
+{
+    UnityPrint("Unity test run ");
+    UnityPrintNumberUnsigned(runNumber+1);
+    UnityPrint(" of ");
+    UnityPrintNumberUnsigned(UnityFixture.RepeatCount);
+    UNITY_PRINT_EOL();
+}
+
+int UnityMain(int argc, const char* argv[], void (*runAllTests)(void))
+{
+    int result = UnityGetCommandLineOptions(argc, argv);
+    unsigned int r;
+    if (result != 0)
+        return result;
+
+    for (r = 0; r < UnityFixture.RepeatCount; r++)
+    {
+        UnityBegin(argv[0]);
+        announceTestRun(r);
+        runAllTests();
+        if (!UnityFixture.Verbose) UNITY_PRINT_EOL();
+        UnityEnd();
+    }
+
+    return (int)Unity.TestFailures;
+}
+
+static int selected(const char* filter, const char* name)
+{
+    if (filter == 0)
+        return 1;
+    return strstr(name, filter) ? 1 : 0;
+}
+
+static int testSelected(const char* test)
+{
+    return selected(UnityFixture.NameFilter, test);
+}
+
+static int groupSelected(const char* group)
+{
+    return selected(UnityFixture.GroupFilter, group);
+}
+
+void UnityTestRunner(unityfunction* setup,
+                     unityfunction* testBody,
+                     unityfunction* teardown,
+                     const char* printableName,
+                     const char* group,
+                     const char* name,
+                     const char* file,
+                     unsigned int line)
+{
+    if (testSelected(name) && groupSelected(group))
+    {
+        Unity.TestFile = file;
+        Unity.CurrentTestName = printableName;
+        Unity.CurrentTestLineNumber = line;
+        if (UnityFixture.Verbose)
+        {
+            UnityPrint(printableName);
+        #ifndef UNITY_REPEAT_TEST_NAME
+            Unity.CurrentTestName = NULL;
+        #endif
+        }
+        else if (UnityFixture.Silent)
+        {
+            /* Do Nothing */
+        }
+        else
+        {
+            UNITY_OUTPUT_CHAR('.');
+        }
+
+        Unity.NumberOfTests++;
+        UnityPointer_Init();
+
+        UNITY_EXEC_TIME_START();
+
+        if (TEST_PROTECT())
+        {
+            setup();
+            testBody();
+        }
+        if (TEST_PROTECT())
+        {
+            teardown();
+        }
+        if (TEST_PROTECT())
+        {
+            UnityPointer_UndoAllSets();
+        }
+        UnityConcludeFixtureTest();
+    }
+}
+
+void UnityIgnoreTest(const char* printableName, const char* group, const char* name)
+{
+    if (testSelected(name) && groupSelected(group))
+    {
+        Unity.NumberOfTests++;
+        Unity.TestIgnores++;
+        if (UnityFixture.Verbose)
+        {
+            UnityPrint(printableName);
+            UNITY_PRINT_EOL();
+        }
+        else if (UnityFixture.Silent)
+        {
+            /* Do Nothing */
+        }
+        else
+        {
+            UNITY_OUTPUT_CHAR('!');
+        }
+    }
+}
+
+/*-------------------------------------------------------- */
+/*Automatic pointer restoration functions */
+struct PointerPair
+{
+    void** pointer;
+    void* old_value;
+};
+
+static struct PointerPair pointer_store[UNITY_MAX_POINTERS];
+static int pointer_index = 0;
+
+void UnityPointer_Init(void)
+{
+    pointer_index = 0;
+}
+
+void UnityPointer_Set(void** pointer, void* newValue, UNITY_LINE_TYPE line)
+{
+    if (pointer_index >= UNITY_MAX_POINTERS)
+    {
+        UNITY_TEST_FAIL(line, "Too many pointers set");
+    }
+    else
+    {
+        pointer_store[pointer_index].pointer = pointer;
+        pointer_store[pointer_index].old_value = *pointer;
+        *pointer = newValue;
+        pointer_index++;
+    }
+}
+
+void UnityPointer_UndoAllSets(void)
+{
+    while (pointer_index > 0)
+    {
+        pointer_index--;
+        *(pointer_store[pointer_index].pointer) =
+            pointer_store[pointer_index].old_value;
+    }
+}
+
+int UnityGetCommandLineOptions(int argc, const char* argv[])
+{
+    int i;
+    UnityFixture.Verbose = 0;
+    UnityFixture.Silent = 0;
+    UnityFixture.GroupFilter = 0;
+    UnityFixture.NameFilter = 0;
+    UnityFixture.RepeatCount = 1;
+
+    if (argc == 1)
+        return 0;
+
+    for (i = 1; i < argc; )
+    {
+        if (strcmp(argv[i], "-h") == 0 || strcmp(argv[i], "--help") == 0)
+        {
+            /* Usage */
+            UnityPrint("Runs a series of unit tests.");
+            UNITY_PRINT_EOL();
+            UNITY_PRINT_EOL();
+            UnityPrint("When no flag is specified, all tests are run.");
+            UNITY_PRINT_EOL();
+            UNITY_PRINT_EOL();
+            UnityPrint("Optional flags:");
+            UNITY_PRINT_EOL();
+            UnityPrint("  -v          Verbose output: show all tests executed even if they pass");
+            UNITY_PRINT_EOL();
+            UnityPrint("  -s          Silent mode: minimal output showing only test failures");
+            UNITY_PRINT_EOL();
+            UnityPrint("  -g NAME     Only run tests in groups that contain the string NAME");
+            UNITY_PRINT_EOL();
+            UnityPrint("  -n NAME     Only run tests whose name contains the string NAME");
+            UNITY_PRINT_EOL();
+            UnityPrint("  -r NUMBER   Repeatedly run all tests NUMBER times");
+            UNITY_PRINT_EOL();
+            UnityPrint("  -h, --help  Display this help message");
+            UNITY_PRINT_EOL();
+            UNITY_PRINT_EOL();
+#ifdef UNITY_CUSTOM_HELP_MSG
+            /* User-defined help message, e.g. to point to project-specific documentation */
+            UnityPrint(UNITY_CUSTOM_HELP_MSG);
+            UNITY_PRINT_EOL();
+#else
+            /* Default help suffix if a custom one is not defined */
+            UnityPrint("More information about Unity: https://www.throwtheswitch.org/unity");
+            UNITY_PRINT_EOL();
+#endif
+            return 1;  /* Exit without running the tests */
+        }
+        else if (strcmp(argv[i], "-v") == 0)
+        {
+            UnityFixture.Verbose = 1;
+            i++;
+        }
+        else if (strcmp(argv[i], "-s") == 0)
+        {
+            UnityFixture.Silent = 1;
+            i++;
+        }
+        else if (strcmp(argv[i], "-g") == 0)
+        {
+            i++;
+            if (i >= argc)
+                return 1;
+            UnityFixture.GroupFilter = argv[i];
+            i++;
+        }
+        else if (strcmp(argv[i], "-n") == 0)
+        {
+            i++;
+            if (i >= argc)
+                return 1;
+            UnityFixture.NameFilter = argv[i];
+            i++;
+        }
+        else if (strcmp(argv[i], "-r") == 0)
+        {
+            UnityFixture.RepeatCount = 2;
+            i++;
+            if (i < argc)
+            {
+                if (*(argv[i]) >= '0' && *(argv[i]) <= '9')
+                {
+                    unsigned int digit = 0;
+                    UnityFixture.RepeatCount = 0;
+                    while (argv[i][digit] >= '0' && argv[i][digit] <= '9')
+                    {
+                        UnityFixture.RepeatCount *= 10;
+                        UnityFixture.RepeatCount += (unsigned int)argv[i][digit++] - '0';
+                    }
+                    i++;
+                }
+            }
+        }
+        else
+        {
+            /* ignore unknown parameter */
+            i++;
+        }
+    }
+    return 0;
+}
+
+void UnityConcludeFixtureTest(void)
+{
+    if (Unity.CurrentTestIgnored)
+    {
+        Unity.TestIgnores++;
+        UNITY_PRINT_EOL();
+    }
+    else if (!Unity.CurrentTestFailed)
+    {
+        if (UnityFixture.Verbose)
+        {
+            UnityPrint(" ");
+            UnityPrint(UnityStrPass);
+            UNITY_EXEC_TIME_STOP();
+            UNITY_PRINT_EXEC_TIME();
+            UNITY_PRINT_EOL();
+        }
+    }
+    else /* Unity.CurrentTestFailed */
+    {
+        Unity.TestFailures++;
+        UNITY_PRINT_EOL();
+    }
+
+    Unity.CurrentTestFailed = 0;
+    Unity.CurrentTestIgnored = 0;
+}

test/unity/unity_fixture.h

@@ -0,0 +1,94 @@
+/* =========================================================================
+    Unity - A Test Framework for C
+    ThrowTheSwitch.org
+    Copyright (c) 2007-25 Mike Karlesky, Mark VanderVoord, & Greg Williams
+    SPDX-License-Identifier: MIT
+========================================================================= */
+
+#ifndef UNITY_FIXTURE_H_
+#define UNITY_FIXTURE_H_
+
+#include "unity.h"
+#include "unity_fixture_internals.h"
+
+#ifndef UNITY_FIXTURE_NO_EXTRAS
+#include "unity_memory.h"
+#endif
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "unity_internals.h"
+
+
+int UnityMain(int argc, const char* argv[], void (*runAllTests)(void));
+
+
+#define TEST_GROUP(group)\
+    static const char* TEST_GROUP_##group = #group
+
+#define TEST_SETUP(group) void TEST_##group##_SETUP(void);\
+    void TEST_##group##_SETUP(void)
+
+#define TEST_TEAR_DOWN(group) void TEST_##group##_TEAR_DOWN(void);\
+    void TEST_##group##_TEAR_DOWN(void)
+
+
+#define TEST(group, name) \
+    void TEST_##group##_##name##_(void);\
+    void TEST_##group##_##name##_run(void);\
+    void TEST_##group##_##name##_run(void)\
+    {\
+        UnityTestRunner(TEST_##group##_SETUP,\
+            TEST_##group##_##name##_,\
+            TEST_##group##_TEAR_DOWN,\
+            "TEST(" #group ", " #name ")",\
+            TEST_GROUP_##group, #name,\
+            __FILE__, __LINE__);\
+    }\
+    void  TEST_##group##_##name##_(void)
+
+#define IGNORE_TEST(group, name) \
+    void TEST_##group##_##name##_(void);\
+    void TEST_##group##_##name##_run(void);\
+    void TEST_##group##_##name##_run(void)\
+    {\
+        UnityIgnoreTest("IGNORE_TEST(" #group ", " #name ")", TEST_GROUP_##group, #name);\
+    }\
+    void TEST_##group##_##name##_(void)
+
+/* Call this for each test, insider the group runner */
+#define RUN_TEST_CASE(group, name) \
+    { void TEST_##group##_##name##_run(void);\
+      TEST_##group##_##name##_run(); }
+
+/* This goes at the bottom of each test file or in a separate c file */
+#define TEST_GROUP_RUNNER(group)\
+    void TEST_##group##_GROUP_RUNNER(void);\
+    void TEST_##group##_GROUP_RUNNER(void)
+
+/* Call this from main */
+#define RUN_TEST_GROUP(group)\
+    { void TEST_##group##_GROUP_RUNNER(void);\
+      TEST_##group##_GROUP_RUNNER(); }
+
+/* CppUTest Compatibility Macros */
+#ifndef UNITY_EXCLUDE_CPPUTEST_ASSERTS
+/* Sets a pointer and automatically restores it to its old value after teardown */
+#define UT_PTR_SET(ptr, newPointerValue)               UnityPointer_Set((void**)&(ptr), (void*)(newPointerValue), __LINE__)
+#define TEST_ASSERT_POINTERS_EQUAL(expected, actual)   TEST_ASSERT_EQUAL_PTR((expected), (actual))
+#define TEST_ASSERT_BYTES_EQUAL(expected, actual)      TEST_ASSERT_EQUAL_HEX8(0xff & (expected), 0xff & (actual))
+#define FAIL(message)                                  TEST_FAIL_MESSAGE((message))
+#define CHECK(condition)                               TEST_ASSERT_TRUE((condition))
+#define LONGS_EQUAL(expected, actual)                  TEST_ASSERT_EQUAL_INT((expected), (actual))
+#define STRCMP_EQUAL(expected, actual)                 TEST_ASSERT_EQUAL_STRING((expected), (actual))
+#define DOUBLES_EQUAL(expected, actual, delta)         TEST_ASSERT_DOUBLE_WITHIN((delta), (expected), (actual))
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* UNITY_FIXTURE_H_ */

test/unity/unity_fixture_internals.h

@@ -0,0 +1,50 @@
+/* =========================================================================
+    Unity - A Test Framework for C
+    ThrowTheSwitch.org
+    Copyright (c) 2007-25 Mike Karlesky, Mark VanderVoord, & Greg Williams
+    SPDX-License-Identifier: MIT
+========================================================================= */
+
+#ifndef UNITY_FIXTURE_INTERNALS_H_
+#define UNITY_FIXTURE_INTERNALS_H_
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+struct UNITY_FIXTURE_T
+{
+    int Verbose;
+    int Silent;
+    unsigned int RepeatCount;
+    const char* NameFilter;
+    const char* GroupFilter;
+};
+extern struct UNITY_FIXTURE_T UnityFixture;
+
+typedef void unityfunction(void);
+void UnityTestRunner(unityfunction* setup,
+                     unityfunction* testBody,
+                     unityfunction* teardown,
+                     const char* printableName,
+                     const char* group,
+                     const char* name,
+                     const char* file, unsigned int line);
+
+void UnityIgnoreTest(const char* printableName, const char* group, const char* name);
+int UnityGetCommandLineOptions(int argc, const char* argv[]);
+void UnityConcludeFixtureTest(void);
+
+void UnityPointer_Set(void** pointer, void* newValue, UNITY_LINE_TYPE line);
+void UnityPointer_UndoAllSets(void);
+void UnityPointer_Init(void);
+#ifndef UNITY_MAX_POINTERS
+#define UNITY_MAX_POINTERS 5
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* UNITY_FIXTURE_INTERNALS_H_ */

test/unity/unity_memory.c

@@ -0,0 +1,203 @@
+/* =========================================================================
+    Unity - A Test Framework for C
+    ThrowTheSwitch.org
+    Copyright (c) 2007-25 Mike Karlesky, Mark VanderVoord, & Greg Williams
+    SPDX-License-Identifier: MIT
+========================================================================= */
+
+#include "unity.h"
+#include "unity_memory.h"
+#include <string.h>
+
+#define MALLOC_DONT_FAIL -1
+static int malloc_count;
+static int malloc_fail_countdown = MALLOC_DONT_FAIL;
+
+void UnityMalloc_StartTest(void)
+{
+    malloc_count = 0;
+    malloc_fail_countdown = MALLOC_DONT_FAIL;
+}
+
+void UnityMalloc_EndTest(void)
+{
+    malloc_fail_countdown = MALLOC_DONT_FAIL;
+    if (malloc_count != 0)
+    {
+        UNITY_TEST_FAIL(Unity.CurrentTestLineNumber, "This test leaks!");
+    }
+}
+
+void UnityMalloc_MakeMallocFailAfterCount(int countdown)
+{
+    malloc_fail_countdown = countdown;
+}
+
+/* These definitions are always included from unity_fixture_malloc_overrides.h */
+/* We undef to use them or avoid conflict with <stdlib.h> per the C standard */
+#undef malloc
+#undef free
+#undef calloc
+#undef realloc
+
+#ifdef UNITY_EXCLUDE_STDLIB_MALLOC
+static unsigned char unity_heap[UNITY_INTERNAL_HEAP_SIZE_BYTES];
+static size_t heap_index;
+#else
+#include <stdlib.h>
+#endif
+
+typedef struct GuardBytes
+{
+    size_t size;
+    size_t guard_space;
+} Guard;
+
+#define UNITY_MALLOC_ALIGNMENT (UNITY_POINTER_WIDTH / 8)
+static const char end[] = "END";
+
+static size_t unity_size_round_up(size_t size)
+{
+    size_t rounded_size;
+
+    rounded_size = ((size + UNITY_MALLOC_ALIGNMENT - 1) / UNITY_MALLOC_ALIGNMENT) * UNITY_MALLOC_ALIGNMENT;
+
+    return rounded_size;
+}
+
+void* unity_malloc(size_t size)
+{
+    char* mem;
+    Guard* guard;
+    size_t total_size;
+
+    total_size = sizeof(Guard) + unity_size_round_up(size + sizeof(end));
+
+    if (malloc_fail_countdown != MALLOC_DONT_FAIL)
+    {
+        if (malloc_fail_countdown == 0)
+            return NULL;
+        malloc_fail_countdown--;
+    }
+
+    if (size == 0) return NULL;
+#ifdef UNITY_EXCLUDE_STDLIB_MALLOC
+    if (heap_index + total_size > UNITY_INTERNAL_HEAP_SIZE_BYTES)
+    {
+        guard = NULL;
+    }
+    else
+    {
+        /* We know we can get away with this cast because we aligned memory already */
+        guard = (Guard*)(void*)(&unity_heap[heap_index]);
+        heap_index += total_size;
+    }
+#else
+    guard = (Guard*)UNITY_MALLOC(total_size);
+#endif
+    if (guard == NULL) return NULL;
+    malloc_count++;
+    guard->size = size;
+    guard->guard_space = 0;
+    mem = (char*)&(guard[1]);
+    memcpy(&mem[size], end, sizeof(end));
+
+    return (void*)mem;
+}
+
+static int isOverrun(void* mem)
+{
+    Guard* guard = (Guard*)mem;
+    char* memAsChar = (char*)mem;
+    guard--;
+
+    return guard->guard_space != 0 || strcmp(&memAsChar[guard->size], end) != 0;
+}
+
+static void release_memory(void* mem)
+{
+    Guard* guard = (Guard*)mem;
+    guard--;
+
+    malloc_count--;
+#ifdef UNITY_EXCLUDE_STDLIB_MALLOC
+    {
+        size_t block_size;
+
+        block_size = unity_size_round_up(guard->size + sizeof(end));
+
+        if (mem == unity_heap + heap_index - block_size)
+        {
+            heap_index -= (sizeof(Guard) + block_size);
+        }
+    }
+#else
+    UNITY_FREE(guard);
+#endif
+}
+
+void unity_free(void* mem)
+{
+    int overrun;
+
+    if (mem == NULL)
+    {
+        return;
+    }
+
+    overrun = isOverrun(mem);
+    release_memory(mem);
+    if (overrun)
+    {
+        UNITY_TEST_FAIL(Unity.CurrentTestLineNumber, "Buffer overrun detected during free()");
+    }
+}
+
+void* unity_calloc(size_t num, size_t size)
+{
+    void* mem = unity_malloc(num * size);
+    if (mem == NULL) return NULL;
+    memset(mem, 0, num * size);
+    return mem;
+}
+
+void* unity_realloc(void* oldMem, size_t size)
+{
+    Guard* guard = (Guard*)oldMem;
+    void* newMem;
+
+    if (oldMem == NULL) return unity_malloc(size);
+
+    guard--;
+    if (isOverrun(oldMem))
+    {
+        release_memory(oldMem);
+        UNITY_TEST_FAIL(Unity.CurrentTestLineNumber, "Buffer overrun detected during realloc()");
+    }
+
+    if (size == 0)
+    {
+        release_memory(oldMem);
+        return NULL;
+    }
+
+    if (guard->size >= size) return oldMem;
+
+#ifdef UNITY_EXCLUDE_STDLIB_MALLOC /* Optimization if memory is expandable */
+    {
+        size_t old_total_size = unity_size_round_up(guard->size + sizeof(end));
+
+        if ((oldMem == unity_heap + heap_index - old_total_size) &&
+            ((heap_index - old_total_size + unity_size_round_up(size + sizeof(end))) <= UNITY_INTERNAL_HEAP_SIZE_BYTES))
+        {
+            release_memory(oldMem);    /* Not thread-safe, like unity_heap generally */
+            return unity_malloc(size); /* No memcpy since data is in place */
+        }
+    }
+#endif
+    newMem = unity_malloc(size);
+    if (newMem == NULL) return NULL; /* Do not release old memory */
+    memcpy(newMem, oldMem, guard->size);
+    release_memory(oldMem);
+    return newMem;
+}

test/unity/unity_memory.h

@@ -0,0 +1,61 @@
+/* =========================================================================
+    Unity - A Test Framework for C
+    ThrowTheSwitch.org
+    Copyright (c) 2007-25 Mike Karlesky, Mark VanderVoord, & Greg Williams
+    SPDX-License-Identifier: MIT
+========================================================================= */
+
+#ifndef UNITY_MEMORY_OVERRIDES_H_
+#define UNITY_MEMORY_OVERRIDES_H_
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include <stddef.h>
+
+#ifdef UNITY_EXCLUDE_STDLIB_MALLOC
+/* Define this macro to remove the use of stdlib.h, malloc, and free.
+ * Many embedded systems do not have a heap or malloc/free by default.
+ * This internal unity_malloc() provides allocated memory deterministically from
+ * the end of an array only, unity_free() only releases from end-of-array,
+ * blocks are not coalesced, and memory not freed in LIFO order is stranded. */
+    #ifndef UNITY_INTERNAL_HEAP_SIZE_BYTES
+    #define UNITY_INTERNAL_HEAP_SIZE_BYTES 256
+    #endif
+#endif
+
+/* These functions are used by Unity to allocate and release memory
+ * on the heap and can be overridden with platform-specific implementations.
+ * For example, when using FreeRTOS UNITY_MALLOC becomes pvPortMalloc()
+ * and UNITY_FREE becomes vPortFree(). */
+#if !defined(UNITY_MALLOC) || !defined(UNITY_FREE)
+    #include <stdlib.h>
+    #define UNITY_MALLOC(size) malloc(size)
+    #define UNITY_FREE(ptr)    free(ptr)
+#else
+    extern void* UNITY_MALLOC(size_t size);
+    extern void UNITY_FREE(void* ptr);
+#endif
+
+#define malloc  unity_malloc
+#define calloc  unity_calloc
+#define realloc unity_realloc
+#define free    unity_free
+
+void* unity_malloc(size_t size);
+void* unity_calloc(size_t num, size_t size);
+void* unity_realloc(void * oldMem, size_t size);
+void unity_free(void * mem);
+
+/* You must compile with malloc replacement, as defined in unity_fixture_malloc_overrides.h */
+void UnityMalloc_StartTest(void);
+void UnityMalloc_EndTest(void);
+void UnityMalloc_MakeMallocFailAfterCount(int countdown);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 

tls.c

@@ -1,354 +0,0 @@
-#include "types.h"
-#include "tls.h"
-#include "config.h"
-#include "logging.h"
-#include "utils.h"
-
-#ifndef KERNEL_SPACE
-#include <fcntl.h>
-#include <unistd.h>
-#endif
-
-#define TLS_CONTENT_TYPE_HANDSHAKE 0x16
-#define TLS_HANDSHAKE_TYPE_CLIENT_HELLO 0x01
-#define TLS_EXTENSION_SNI 0x0000
-#define TLS_EXTENSION_CLIENT_HELLO_ENCRYPTED 0xfe0d
-
-/**
- * Processes tls payload of the tcp request.
- * 
- * data Payload data of TCP.
- * dlen Length of `data`.
- */
-struct tls_verdict analyze_tls_data(
-	const struct section_config_t *section,
-	const uint8_t *data, 
-	uint32_t dlen) 
-{
-	struct tls_verdict vrd = {0};
-
-	size_t i = 0;
-	const uint8_t *data_end = data + dlen;
-
-	while (i + 4 < dlen) {
-		const uint8_t *msgData = data + i;
-
-		uint8_t tls_content_type = *msgData;
-		uint8_t tls_vmajor = *(msgData + 1);
-		uint16_t message_length = ntohs(*(uint16_t *)(msgData + 3));
-
-		if (tls_vmajor != 0x03) goto nextMessage;
-
-		if (i + 5 > dlen) break;
-
-		if (tls_content_type != TLS_CONTENT_TYPE_HANDSHAKE) 
-			goto nextMessage;
-
-		if (section->sni_detection == SNI_DETECTION_BRUTE) {
-			goto brute;
-		}
-
-		const uint8_t *handshakeProto = msgData + 5;
-
-		if (handshakeProto + 1 >= data_end) break;
-
-		uint8_t handshakeType = *handshakeProto;
-
-		if (handshakeType != TLS_HANDSHAKE_TYPE_CLIENT_HELLO)
-			goto nextMessage;
-
-		const uint8_t *msgPtr = handshakeProto;
-		msgPtr += 1; 
-		msgPtr += 3 + 2 + 32;
-
-		if (msgPtr + 1 >= data_end) break;
-		uint8_t sessionIdLength = *msgPtr;
-		msgPtr++;
-		msgPtr += sessionIdLength;
-
-		if (msgPtr + 2 >= data_end) break;
-		uint16_t ciphersLength = ntohs(*(uint16_t *)msgPtr);
-		msgPtr += 2;
-		msgPtr += ciphersLength;
-
-		if (msgPtr + 1 >= data_end) break;
-		uint8_t compMethodsLen = *msgPtr;
-		msgPtr++;
-		msgPtr += compMethodsLen;
-
-		if (msgPtr + 2 >= data_end) break;
-		uint16_t extensionsLen = ntohs(*(uint16_t *)msgPtr);
-		msgPtr += 2;
-
-		const uint8_t *extensionsPtr = msgPtr;
-		const uint8_t *extensions_end = extensionsPtr + extensionsLen;
-		if (extensions_end > data_end) extensions_end = data_end;
-
-		while (extensionsPtr < extensions_end) {
-			const uint8_t *extensionPtr = extensionsPtr;
-			if (extensionPtr + 4 >= extensions_end) break;
-
-			uint16_t extensionType = 
-				ntohs(*(uint16_t *)extensionPtr);
-			extensionPtr += 2;
-
-			uint16_t extensionLen = 
-				ntohs(*(uint16_t *)extensionPtr);
-			extensionPtr += 2;
-
-
-			if (extensionPtr + extensionLen > extensions_end) 
-				break;
-
-			if (extensionType != TLS_EXTENSION_SNI) 
-				goto nextExtension;
-
-			const uint8_t *sni_ext_ptr = extensionPtr;
-
-			if (sni_ext_ptr + 2 >= extensions_end) break;
-			uint16_t sni_ext_dlen = ntohs(*(uint16_t *)sni_ext_ptr);
-
-			sni_ext_ptr += 2;
-
-			const uint8_t *sni_ext_end = sni_ext_ptr + sni_ext_dlen;
-			if (sni_ext_end >= extensions_end) break;
-			
-			if (sni_ext_ptr + 3 >= sni_ext_end) break;
-			sni_ext_ptr++;
-			uint16_t sni_len = ntohs(*(uint16_t *)sni_ext_ptr);
-			sni_ext_ptr += 2;
-
-			if (sni_ext_ptr + sni_len > sni_ext_end) break;
-
-			char *sni_name = (char *)sni_ext_ptr;
-
-			vrd.sni_offset = (uint8_t *)sni_name - data;
-			vrd.sni_target_offset = vrd.sni_offset;
-			vrd.sni_len = sni_len;
-			vrd.sni_target_len = vrd.sni_len;
-
-			if (section->all_domains) {
-				vrd.target_sni = 1;
-				goto check_domain;
-			}
-
-			unsigned int j = 0;
-			for (unsigned int i = 0; i <= section->domains_strlen; i++) {
-				if (	i > j &&
-					(i == section->domains_strlen	||	
-					section->domains_str[i] == '\0'	||
-					section->domains_str[i] == ','	|| 
-					section->domains_str[i] == '\n'	)) {
-
-					unsigned int domain_len = (i - j);
-					const char *sni_startp = sni_name + sni_len - domain_len;
-					const char *domain_startp = section->domains_str + j;
-
-					if (sni_len >= domain_len &&
-						sni_len < 128 && 
-						!strncmp(sni_startp, 
-						domain_startp, 
-						domain_len)) {
-							vrd.target_sni = 1;
-							vrd.sni_target_offset = (const uint8_t *)sni_startp - data;
-							vrd.sni_target_len = domain_len;
-							goto check_domain;
-					}
-
-					j = i + 1;
-				}
-			}
-
-check_domain:
-			if (vrd.target_sni == 1 && section->exclude_domains_strlen != 0) {
-				unsigned int j = 0;
-				for (unsigned int i = 0; i <= section->exclude_domains_strlen; i++) {
-					if (	i > j &&
-						(i == section->exclude_domains_strlen	||	
-						section->exclude_domains_str[i] == '\0'	||
-						section->exclude_domains_str[i] == ','	|| 
-						section->exclude_domains_str[i] == '\n'	)) {
-
-						unsigned int domain_len = (i - j);
-						const char *sni_startp = sni_name + sni_len - domain_len;
-						const char *domain_startp = section->exclude_domains_str + j;
-
-						if (sni_len >= domain_len &&
-							sni_len < 128 && 
-							!strncmp(sni_startp, 
-							domain_startp, 
-							domain_len)) {
-
-							vrd.target_sni = 0;
-							lgdebugmsg("Excluded SNI: %.*s", 
-								vrd.sni_len, data + vrd.sni_offset);
-							goto out;
-						}
-
-						j = i + 1;
-					}
-				}
-			}
-
-			goto out;
-
-nextExtension:
-			extensionsPtr += 2 + 2 + extensionLen;
-		}
-nextMessage:
-		i += 5 + message_length;
-	}
-
-out:
-	return vrd;
-
-
-brute:
-	if (section->all_domains) {
-		vrd.target_sni = 1;
-		vrd.sni_len = 0;
-		vrd.sni_offset = dlen / 2;
-		goto out;
-	}
-
-	unsigned int j = 0;
-	for (unsigned int i = 0; i <= section->domains_strlen; i++) {
-		if (	i > j &&
-			(i == section->domains_strlen	||	
-			section->domains_str[i] == '\0'	||
-			section->domains_str[i] == ','	|| 
-			section->domains_str[i] == '\n'	)) {
-
-			unsigned int domain_len = (i - j);
-			const char *domain_startp = section->domains_str + j;
-
-			if (domain_len + dlen + 1> MAX_PACKET_SIZE) { 
-				continue;
-			}
-
-			NETBUF_ALLOC(buf, MAX_PACKET_SIZE);
-			if (!NETBUF_CHECK(buf)) {
-				lgerror("Allocation error", -ENOMEM);
-				goto out;
-			}
-			NETBUF_ALLOC(nzbuf, MAX_PACKET_SIZE * sizeof(int));
-			if (!NETBUF_CHECK(nzbuf)) {
-				lgerror("Allocation error", -ENOMEM);
-				NETBUF_FREE(buf);
-				goto out;
-			}
-
-			int *zbuf = (void *)nzbuf;
-
-			memcpy(buf, domain_startp, domain_len);
-			memcpy(buf + domain_len, "#", 1);
-			memcpy(buf + domain_len + 1, data, dlen);
-
-			z_function((char *)buf, zbuf, domain_len + 1 + dlen);
-
-			for (unsigned int k = 0; k < dlen; k++) {
-				if (zbuf[k] == domain_len) {
-					vrd.target_sni = 1;
-					vrd.sni_len = domain_len;
-					vrd.sni_offset = (k - domain_len - 1);
-					vrd.sni_target_offset = vrd.sni_offset;
-					vrd.sni_target_len = vrd.sni_len;
-					NETBUF_FREE(buf);
-					NETBUF_FREE(nzbuf);
-					goto out;
-				}
-			}
-
-
-			j = i + 1;
-
-			NETBUF_FREE(buf);
-			NETBUF_FREE(nzbuf);
-		}
-	}
-
-	goto out;
-}
-
-int gen_fake_sni(struct fake_type type,
-		const void *ipxh, uint32_t iph_len, 
-		const struct tcphdr *tcph, uint32_t tcph_len,
-		uint8_t *buf, uint32_t *buflen) {
-	uint32_t data_len = type.fake_len;
-	int ret;
-
-	if (type.type == FAKE_PAYLOAD_RANDOM && data_len == 0) {
-		data_len = (uint32_t)randint() % 1200;
-	}
-
-	if (!ipxh || !tcph || !buf || !buflen)
-		return -EINVAL;
-
-	int ipxv = netproto_version(ipxh, iph_len);
-
-	if (ipxv == IP4VERSION) {
-		const struct iphdr *iph = ipxh;
-
-		memcpy(buf, iph, iph_len);
-		struct iphdr *niph = (struct iphdr *)buf;
-
-		niph->protocol = IPPROTO_TCP;
-	} else if (ipxv == IP6VERSION) {
-		const struct ip6_hdr *iph = ipxh;
-
-		iph_len = sizeof(struct ip6_hdr);
-		memcpy(buf, iph, iph_len);
-		struct ip6_hdr *niph = (struct ip6_hdr *)buf;
-
-		niph->ip6_nxt = IPPROTO_TCP;
-	} else {
-		return -EINVAL;
-	}
-
-	uint32_t dlen = iph_len + tcph_len + data_len;
-
-	if (*buflen < dlen) 
-		return -ENOMEM;
-
-	memcpy(buf + iph_len, tcph, tcph_len);
-	uint8_t *bfdptr = buf + iph_len + tcph_len;
-
-	switch (type.type) {
-		case FAKE_PAYLOAD_DATA:
-			memcpy(bfdptr, type.fake_data, data_len);
-			break;
-		default: // FAKE_PAYLOAD_RANDOM
-#ifdef KERNEL_SPACE
-			get_random_bytes(bfdptr, data_len);
-#else /* KERNEL_SPACE */
-#if _NO_GETRANDOM
-			ret = open("/dev/urandom", O_RDONLY);
-			if (ret < 0) {
-				lgerror("Unable to open /dev/urandom", ret);
-				return ret;
-			}
-			
-			read(ret, bfdptr, data_len);
-			close(ret);
-			
-#else /* _NO_GETRANDOM */
-			getrandom(bfdptr, data_len, 0);
-#endif /* _NO_GETRANDOM */
-#endif /* KERNEL_SPACE */
-	}
-
-	if (ipxv == IP4VERSION) {
-		struct iphdr *niph = (struct iphdr *)buf;
-		niph->tot_len = htons(dlen);
-	} else if (ipxv == IP6VERSION) {
-		struct ip6_hdr *niph = (struct ip6_hdr *)buf;
-		niph->ip6_plen = htons(dlen - iph_len);
-	}
-
-	fail_packet(type.strategy, buf, &dlen, *buflen);
-
-	*buflen = dlen;
-	
-	return 0;
-}
-

tls.h

@@ -1,34 +0,0 @@
-#ifndef TLS_H
-#define TLS_H
-
-#include "types.h"
-#include "utils.h"
-
-
-/**
- * Result of analyze_tls_data function
- */
-struct tls_verdict {
-	int target_sni; /* google video hello packet */
-	int sni_offset; /* offset from start of tcp _payload_ */
-	int sni_target_offset; /* offset of target domain instead of entire sni */
-	int sni_target_len; /* offset of target domain instead of entire sni */
-	int sni_len;
-};
-
-/**
- * Processes the packet and finds TLS Client Hello information inside it.
- * data pointer points to start of TLS Message (TCP Payload)
- */
-struct tls_verdict analyze_tls_data(const struct section_config_t *section, const uint8_t *data, uint32_t dlen);
-
-
-/**
- * Generates the fake client hello message
- */
-int gen_fake_sni(struct fake_type type,
-		const void *iph, uint32_t iph_len, 
-		const struct tcphdr *tcph, uint32_t tcph_len, 
-		uint8_t *buf, uint32_t *buflen);
-
-#endif /* TLS_H */

uspace.mk

@@ -4,19 +4,21 @@ USE_SYS_LIBS := no
 #Userspace app makes here
 BUILD_DIR := $(CURDIR)/build
 DEPSDIR := $(BUILD_DIR)/deps
+INCLUDE_DIR := $(CURDIR)/src
+SRC_DIR := $(CURDIR)/src
 
 CC:=gcc
 CCLD:=$(CC)
 LD:=ld
 
 ifeq ($(USE_SYS_LIBS), no)
-	override CFLAGS += -Wall -Wpedantic -Wno-unused-variable -I$(DEPSDIR)/include -std=gnu11
+	override CFLAGS += -I$(DEPSDIR)/include
 	override LDFLAGS += -L$(DEPSDIR)/lib
 	REQ = $(LIBNETFILTER_QUEUE) $(LIBMNL) $(LIBCRYPTO)
-else
-	override CFLAGS += -Wall -Wpedantic -Wno-unused-variable -std=gnu11
 endif
 
+override CFLAGS += -DPKG_VERSION=\"$(PKG_FULLVERSION)\" -I$(INCLUDE_DIR) -Wall -Wpedantic -Wno-unused-variable -std=gnu99 -Ideps/cyclone/include
+
 LIBNFNETLINK_CFLAGS := -I$(DEPSDIR)/include
 LIBNFNETLINK_LIBS := -L$(DEPSDIR)/lib
 LIBMNL_CFLAGS := -I$(DEPSDIR)/include
@@ -30,16 +32,24 @@ endif
 export CC CCLD LD CFLAGS LDFLAGS LIBNFNETLINK_CFLAGS LIBNFNETLINK_LIBS LIBMNL_CFLAGS LIBMNL_LIBS
 
 APP:=$(BUILD_DIR)/youtubeUnblock
+TEST_APP:=$(BUILD_DIR)/testYoutubeUnblock
 
-SRCS := youtubeUnblock.c mangle.c args.c utils.c quic.c tls.c
+SRCS := mangle.c args.c utils.c quic.c tls.c getopt.c quic_crypto.c inet_ntop.c trie.c
 OBJS := $(SRCS:%.c=$(BUILD_DIR)/%.o)
+APP_EXEC := youtubeUnblock.c 
+APP_OBJ := $(APP_EXEC:%.c=$(BUILD_DIR)/%.o)
+
+
+TEST_SRCS := $(shell find test -name "*.c")
+TEST_OBJS := $(TEST_SRCS:%.c=$(BUILD_DIR)/%.o)
+TEST_CFLAGS := -Itest/unity -Itest
 
 LIBNFNETLINK := $(DEPSDIR)/lib/libnfnetlink.la
 LIBMNL := $(DEPSDIR)/lib/libmnl.la
 LIBNETFILTER_QUEUE := $(DEPSDIR)/lib/libnetfilter_queue.la
-#LIBCRYPTO := $(DEPSDIR)/lib64/libcrypto.a
+LIBCYCLONE := $(DEPSDIR)/lib/libcyclone.a
 
-.PHONY: default all dev dev_attrs prepare_dirs
+.PHONY: default all test build_test dev dev_attrs prepare_dirs
 default: all
 
 run_dev: dev
@@ -52,14 +62,21 @@ dev_attrs:
 
 all: prepare_dirs $(APP)
 
+build_test: prepare_dirs $(TEST_APP)
+test: build_test
+	$(TEST_APP)
+
 prepare_dirs:
 	mkdir -p $(BUILD_DIR)
+	mkdir -p $(BUILD_DIR)/crypto
+	mkdir -p $(BUILD_DIR)/test
+	mkdir -p $(BUILD_DIR)/test/unity
 	mkdir -p $(DEPSDIR)
 
-$(LIBCRYPTO):
-	cd deps/openssl && ./Configure --prefix=$(DEPSDIR) $(if $(CROSS_COMPILE_PLATFORM),--cross-compile-prefix=$(CROSS_COMPILE_PLATFORM)-,) --no-shared
-	$(MAKE) -C deps/openssl
-	$(MAKE) install_sw -C deps/openssl
+$(LIBCYCLONE):
+	$(MAKE) -C deps/cyclone CFLAGS="$(CFLAGS)"
+	mkdir -p $(DEPSDIR)/lib
+	cp deps/cyclone/libcyclone.a $(DEPSDIR)/lib/libcyclone.a
 
 $(LIBNFNETLINK):
 	cd deps/libnfnetlink && ./autogen.sh && ./configure --prefix=$(DEPSDIR) $(if $(CROSS_COMPILE_PLATFORM),--host=$(CROSS_COMPILE_PLATFORM),) --enable-static --disable-shared
@@ -76,14 +93,22 @@ $(LIBNETFILTER_QUEUE): $(LIBNFNETLINK) $(LIBMNL)
 	$(MAKE) -C deps/libnetfilter_queue
 	$(MAKE) install -C deps/libnetfilter_queue
 
-$(APP): $(OBJS) $(REQ)
+$(APP): $(OBJS) $(APP_OBJ) $(REQ) $(LIBCYCLONE)
 	@echo 'CCLD $(APP)'
-	$(CCLD) $(OBJS) -o $(APP) $(LDFLAGS) -lmnl -lnetfilter_queue -lpthread
+	$(CCLD) $(OBJS) $(APP_OBJ) -o $(APP) $(LDFLAGS) -lmnl -lnetfilter_queue -lpthread -lcyclone
 
-$(BUILD_DIR)/%.o: %.c $(REQ) config.h
+$(TEST_APP): $(APP) $(TEST_OBJS) $(REQ) $(LIBCYCLONE)
+	@echo 'CCLD $(TEST_APP)'
+	$(CCLD) $(OBJS) $(TEST_OBJS) -o $(TEST_APP) $(LDFLAGS) -lmnl -lnetfilter_queue -lpthread -lcyclone
+
+$(BUILD_DIR)/%.o: src/%.c $(REQ) $(INCLUDE_DIR)/config.h
 	@echo 'CC $@'
 	$(CC) -c $(CFLAGS) $(LDFLAGS) $< -o $@
 
+$(BUILD_DIR)/test/%.o: test/%.c $(REQ) $(INCLUDE_DIR)/config.h
+	@echo 'CC $@'
+	$(CC) -c $(CFLAGS) $(LDFLAGS) $(TEST_CFLAGS) $< -o $@
+
 install: all
 	install -d $(DESTDIR)$(PREFIX)/bin/
 	install -m 755 $(APP) $(DESTDIR)$(PREFIX)/bin/
@@ -106,5 +131,5 @@ ifeq ($(USE_SYS_LIBS), no)
 	$(MAKE) distclean -C deps/libnetfilter_queue || true
 	$(MAKE) distclean -C deps/libmnl || true
 	$(MAKE) distclean -C deps/libnfnetlink || true
-	#$(MAKE) distclean -C deps/openssl || true
 endif
+	$(MAKE) clean -C deps/cyclone || true

youtubeUnblock.c

@@ -1,614 +0,0 @@
-#define _GNU_SOURCE
-#ifndef __linux__
-#error "The package is linux only!"
-#endif
-
-#ifdef KERNEL_SPACE
-#error "The build aims to the kernel, not userspace"
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-
-/* Warning is ok, use this for Entware */
-#include <libnetfilter_queue/linux_nfnetlink_queue.h>
-
-#include <libmnl/libmnl.h>
-#include <libnetfilter_queue/libnetfilter_queue.h>
-#include <libnetfilter_queue/libnetfilter_queue_ipv4.h>
-#include <libnetfilter_queue/libnetfilter_queue_tcp.h>
-#include <libnetfilter_queue/libnetfilter_queue_udp.h>
-#include <libnetfilter_queue/pktbuff.h>
-#include <netinet/ip.h>
-#include <netinet/tcp.h>
-#include <netinet/udp.h>
-
-#include <linux/if_ether.h>
-#include <linux/netfilter.h>
-#include <pthread.h>
-#include <sys/socket.h>
-
-#include "config.h"
-#include "mangle.h"
-#include "args.h"
-#include "utils.h"
-#include "logging.h"
-
-pthread_mutex_t rawsocket_lock;
-int rawsocket = -2;
-
-pthread_mutex_t raw6socket_lock;
-int raw6socket = -2;
-
-static int open_socket(struct mnl_socket **_nl) {
-	struct mnl_socket *nl = NULL;
-	nl = mnl_socket_open(NETLINK_NETFILTER);
-
-	if (nl == NULL) {
-		perror("mnl_socket_open");
-		return -1;
-	}
-
-	if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) {
-		perror("mnl_socket_bind");
-		mnl_socket_close(nl);
-		return -1;
-	}
-
-	*_nl = nl;
-
-	return 0;
-}
-
-
-static int close_socket(struct mnl_socket **_nl) {
-	struct mnl_socket *nl = *_nl;
-	if (nl == NULL) return 1;
-	if (mnl_socket_close(nl) < 0) {
-		perror("mnl_socket_close");
-		return -1;
-	}
-
-	*_nl = NULL;
-
-	return 0;
-}
-
-static int open_raw_socket(void) {
-	if (rawsocket != -2) {
-		errno = EALREADY;
-		perror("Raw socket is already opened");
-		return -1;
-	}
-	
-	rawsocket = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
-	if (rawsocket == -1) {
-		perror("Unable to create raw socket");
-		return -1;
-	}
-
-	int mark = config.mark;
-	if (setsockopt(rawsocket, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) < 0)
-	{
-		fprintf(stderr, "setsockopt(SO_MARK, %d) failed\n", mark);
-		return -1;
-	}
-
-	int mst = pthread_mutex_init(&rawsocket_lock, NULL);
-	if (mst) {
-		fprintf(stderr, "Mutex err: %d\n", mst);
-		close(rawsocket);
-		errno = mst;
-
-		return -1;
-	}
-
-
-	return rawsocket;
-}
-
-static int close_raw_socket(void) {
-	if (rawsocket < 0) {
-		errno = EALREADY;
-		perror("Raw socket is not set");
-		return -1;
-	}
-
-	if (close(rawsocket)) {
-		perror("Unable to close raw socket");
-		pthread_mutex_destroy(&rawsocket_lock);
-		return -1;
-	}
-
-	pthread_mutex_destroy(&rawsocket_lock);
-
-	rawsocket = -2;
-	return 0;
-}
-
-static int open_raw6_socket(void) {
-	if (raw6socket != -2) {
-		errno = EALREADY;
-		perror("Raw socket is already opened");
-		return -1;
-	}
-	
-	raw6socket = socket(AF_INET6, SOCK_RAW, IPPROTO_RAW);
-	if (rawsocket == -1) {
-		perror("Unable to create raw socket");
-		return -1;
-	}
-
-	int mark = config.mark;
-	if (setsockopt(raw6socket, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) < 0)
-	{
-		fprintf(stderr, "setsockopt(SO_MARK, %d) failed\n", mark);
-		return -1;
-	}
-
-	int mst = pthread_mutex_init(&raw6socket_lock, NULL);
-	if (mst) {
-		fprintf(stderr, "Mutex err: %d\n", mst);
-		close(raw6socket);
-		errno = mst;
-
-		return -1;
-	}
-
-
-	return raw6socket;
-}
-
-static int close_raw6_socket(void) {
-	if (raw6socket < 0) {
-		errno = EALREADY;
-		perror("Raw socket is not set");
-		return -1;
-	}
-
-	if (close(raw6socket)) {
-		perror("Unable to close raw socket");
-		pthread_mutex_destroy(&rawsocket_lock);
-		return -1;
-	}
-
-	pthread_mutex_destroy(&raw6socket_lock);
-
-	raw6socket = -2;
-	return 0;
-}
-
-static int send_raw_ipv4(const uint8_t *pkt, uint32_t pktlen) {
-	int ret;
-	if (pktlen > AVAILABLE_MTU) return -ENOMEM;
-
-	struct iphdr *iph;
-
-	if ((ret = ip4_payload_split(
-	(uint8_t *)pkt, pktlen, &iph, NULL, NULL, NULL)) < 0) {
-		errno = -ret;
-		return ret;
-	}
-
-	struct sockaddr_in daddr = {
-		.sin_family = AF_INET,
-		/* Always 0 for raw socket */
-		.sin_port = 0,
-		.sin_addr = {
-			.s_addr = iph->daddr
-		}
-	};
-
-	if (config.threads != 1)
-		pthread_mutex_lock(&rawsocket_lock);
-
-	int sent = sendto(rawsocket, 
-	    pkt, pktlen, 0, 
-	    (struct sockaddr *)&daddr, sizeof(daddr));
-
-	if (config.threads != 1)
-		pthread_mutex_unlock(&rawsocket_lock);
-
-	/* The function will return -errno on error as well as errno value set itself */
-	if (sent < 0) sent = -errno;
-
-	return sent;
-}
-
-static int send_raw_ipv6(const uint8_t *pkt, uint32_t pktlen) {
-	int ret;
-	if (pktlen > AVAILABLE_MTU) return -ENOMEM;
-
-	struct ip6_hdr *iph;
-
-	if ((ret = ip6_payload_split(
-	(uint8_t *)pkt, pktlen, &iph, NULL, NULL, NULL)) < 0) {
-		errno = -ret;
-		return ret;
-	}
-
-	struct sockaddr_in6 daddr = {
-		.sin6_family = AF_INET6,
-		/* Always 0 for raw socket */
-		.sin6_port = 0,
-		.sin6_addr = iph->ip6_dst
-	};
-
-	if (config.threads != 1)
-		pthread_mutex_lock(&rawsocket_lock);
-
-	int sent = sendto(raw6socket, 
-	    pkt, pktlen, 0, 
-	    (struct sockaddr *)&daddr, sizeof(daddr));
-
-	lgtrace_addp("rawsocket sent %d", sent);
-
-	if (config.threads != 1)
-		pthread_mutex_unlock(&rawsocket_lock);
-
-	/* The function will return -errno on error as well as errno value set itself */
-	if (sent < 0) sent = -errno;
-
-	return sent;
-}
-
-static int send_raw_socket(const uint8_t *pkt, uint32_t pktlen) {
-	int ret;
-
-	if (pktlen > AVAILABLE_MTU) {
-		if (config.verbose)
-			printf("Split packet!\n");
-
-		uint8_t buff1[MNL_SOCKET_BUFFER_SIZE];
-		uint32_t buff1_size = MNL_SOCKET_BUFFER_SIZE;
-		uint8_t buff2[MNL_SOCKET_BUFFER_SIZE];
-		uint32_t buff2_size = MNL_SOCKET_BUFFER_SIZE;
-
-		if ((ret = tcp_frag(pkt, pktlen, AVAILABLE_MTU-128,
-			buff1, &buff1_size, buff2, &buff2_size)) < 0) {
-
-			errno = -ret;
-			return ret;
-		}
-
-		int sent = 0;
-		int status = send_raw_socket(buff1, buff1_size);
-
-		if (status >= 0) sent += status;
-		else {
-			return status;
-		}
-
-		status = send_raw_socket(buff2, buff2_size);
-		if (status >= 0) sent += status;
-		else {
-			return status;
-		}
-
-		return sent;
-	}
-	
-	int ipvx = netproto_version(pkt, pktlen);
-
-	if (ipvx == IP4VERSION) {
-		ret = send_raw_ipv4(pkt, pktlen);
-	} else if (ipvx == IP6VERSION) {
-		ret = send_raw_ipv6(pkt, pktlen);
-	} else {
-		printf("proto version %d is unsupported\n", ipvx);
-		return -EINVAL;
-	}
-
-	lgtrace_addp("raw_sock_send: %d", ret);
-	return ret;
-}
-
-struct packet_data {
-	uint32_t id;
-	uint16_t hw_proto;
-	uint8_t hook;
-	
-	void *payload;
-	uint16_t payload_len;
-};
-
-// Per-queue data. Passed to queue_cb.
-struct queue_data {
-	struct mnl_socket **_nl;
-	int queue_num;
-};
-
-/**
- * Used to accept unsupported packets (GSOs)
- */
-static int fallback_accept_packet(uint32_t id, struct queue_data qdata) {
-	char buf[MNL_SOCKET_BUFFER_SIZE];
-	struct nlmsghdr *verdnlh;
-        verdnlh = nfq_nlmsg_put(buf, NFQNL_MSG_VERDICT, qdata.queue_num);
-        nfq_nlmsg_verdict_put(verdnlh, id, NF_ACCEPT);
-
-        if (mnl_socket_sendto(*qdata._nl, verdnlh, verdnlh->nlmsg_len) < 0) {
-                perror("mnl_socket_send");
-                return MNL_CB_ERROR;
-        }
-
-        return MNL_CB_OK;
-}
-
-
-struct dps_t {
-	uint8_t *pkt;
-	uint32_t pktlen;
-	// Time for the packet in milliseconds
-	uint32_t timer;
-};
-// Note that the thread will automatically release dps_t and pkt_buff
-void *delay_packet_send_fn(void *data) {
-	struct dps_t *dpdt = data;
-
-	uint8_t *pkt = dpdt->pkt;
-	uint32_t pktlen = dpdt->pktlen;
-
-	usleep(dpdt->timer * 1000);
-	int ret = send_raw_socket(pkt, pktlen);
-	if (ret < 0) {
-		errno = -ret;
-		perror("send delayed raw packet");
-	}
-
-	free(pkt);
-	free(dpdt);
-	return NULL;
-}
-
-int delay_packet_send(const unsigned char *data, unsigned int data_len, unsigned int delay_ms) {
-	struct dps_t *dpdt = malloc(sizeof(struct dps_t));
-	dpdt->pkt = malloc(data_len);
-	memcpy(dpdt->pkt, data, data_len);
-	dpdt->pktlen = data_len;
-	dpdt->timer = delay_ms;
-	pthread_t thr;
-	pthread_create(&thr, NULL, delay_packet_send_fn, dpdt);
-	pthread_detach(thr);
-	lgtrace_addp("Scheduled packet send after %d ms", delay_ms);
-
-	return 0;
-}
-
-static int queue_cb(const struct nlmsghdr *nlh, void *data) {
-	char buf[MNL_SOCKET_BUFFER_SIZE];
-	
-	struct queue_data *qdata = data;
-
-	struct nfqnl_msg_packet_hdr *ph = NULL;
-        struct nlattr *attr[NFQA_MAX+1] = {0};
-	struct packet_data packet = {0};
-
-        if (nfq_nlmsg_parse(nlh, attr) < 0) {
-                perror("Attr parse");
-                return MNL_CB_ERROR;
-        }
- 
-        if (attr[NFQA_PACKET_HDR] == NULL) {
-		errno = ENODATA;
-                perror("Metaheader not set");
-                return MNL_CB_ERROR;
-        }
-
-        ph = mnl_attr_get_payload(attr[NFQA_PACKET_HDR]);
-
-        packet.id = ntohl(ph->packet_id);
-	packet.hw_proto = ntohs(ph->hw_protocol);
-	packet.hook = ph->hook;
-        packet.payload_len = mnl_attr_get_payload_len(attr[NFQA_PAYLOAD]);
-        packet.payload = mnl_attr_get_payload(attr[NFQA_PAYLOAD]);
-
-	if (attr[NFQA_CAP_LEN] != NULL && ntohl(mnl_attr_get_u32(attr[NFQA_CAP_LEN])) != packet.payload_len) {
-		fprintf(stderr, "The packet was truncated! Skip!\n");
-		return fallback_accept_packet(packet.id, *qdata);
-	}
-
-	if (attr[NFQA_MARK] != NULL) {
-		// Skip packets sent by rawsocket to escape infinity loop.
-		if ((ntohl(mnl_attr_get_u32(attr[NFQA_MARK])) & config.mark) == 
-			config.mark) {
-			return fallback_accept_packet(packet.id, *qdata);
-		}
-	}
-
-
-	struct nlmsghdr *verdnlh;
-	verdnlh = nfq_nlmsg_put(buf, NFQNL_MSG_VERDICT, qdata->queue_num);
-
-	int ret = process_packet(packet.payload, packet.payload_len);
-
-	switch (ret) {
-		case PKT_DROP:
-			nfq_nlmsg_verdict_put(verdnlh, packet.id, NF_DROP);
-			break;
-		default:
-			nfq_nlmsg_verdict_put(verdnlh, packet.id, NF_ACCEPT);
-			break;
-	}
-
-        if (mnl_socket_sendto(*qdata->_nl, verdnlh, verdnlh->nlmsg_len) < 0) {
-                perror("mnl_socket_send");
-                return MNL_CB_ERROR;
-        }
-	
-	return MNL_CB_OK;
-}
-
-#define BUF_SIZE (0xffff + (MNL_SOCKET_BUFFER_SIZE / 2))
-
-int init_queue(int queue_num) {
-	struct mnl_socket *nl;
-
-	if (open_socket(&nl)) {
-		perror("Unable to open socket");
-		return -1;
-	}
-
-	uint32_t portid = mnl_socket_get_portid(nl);
-
-	struct nlmsghdr *nlh;
-	char buf[BUF_SIZE];
-
-	nlh = nfq_nlmsg_put(buf, NFQNL_MSG_CONFIG, queue_num);
-	nfq_nlmsg_cfg_put_cmd(nlh, AF_INET, NFQNL_CFG_CMD_BIND);
-
-	if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
-		perror("mnl_socket_send");
-		goto die;
-	}
-
-	nlh = nfq_nlmsg_put(buf, NFQNL_MSG_CONFIG, queue_num);
-	nfq_nlmsg_cfg_put_params(nlh, NFQNL_COPY_PACKET, 0xffff);
-
-	if (config.use_gso) {
-		mnl_attr_put_u32(nlh, NFQA_CFG_FLAGS, htonl(NFQA_CFG_F_GSO));
-		mnl_attr_put_u32(nlh, NFQA_CFG_MASK, htonl(NFQA_CFG_F_GSO));
-	}
-
-	if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
-		perror("mnl_socket_send");
-		goto die;
-	}
-
-
-	/* ENOBUFS is signalled to userspace when packets were lost
-          * on kernel side.  In most cases, userspace isn't interested
-          * in this information, so turn it off.
-          */
-	int ret = 1;
-	mnl_socket_setsockopt(nl, NETLINK_NO_ENOBUFS, &ret, sizeof(int));
-
-	struct queue_data qdata = {
-		._nl = &nl,
-		.queue_num = queue_num
-	};
-
-	printf("Queue %d started\n", qdata.queue_num);
-
-	while (1) {
-		ret = mnl_socket_recvfrom(nl, buf, BUF_SIZE);
-		if (ret == -1) {
-			perror("mnl_socket_recvfrom");
-			goto die;
-		}
-
-		ret = mnl_cb_run(buf, ret, 0, portid, queue_cb, &qdata);
-		if (ret < 0) {
-			lgerror("mnl_cb_run", -EPERM);
-			if (errno == EPERM) {
-				printf("Probably another instance of youtubeUnblock with the same queue number is running\n");
-			} else {
-				printf("Make sure the nfnetlink_queue kernel module is loaded\n");
-			}
-			goto die;
-		}
-	}
-
-
-	close_socket(&nl);
-	return 0;
-
-die:
-	close_socket(&nl);
-	return -1;
-}
-
-// Per-queue config. Used to initialize a queue. Passed to wrapper
-struct queue_conf {
-	uint16_t i;
-	int queue_num;
-};
-
-struct queue_res {
-	int status;
-};
-static struct queue_res defqres = {0};
-
-static struct queue_res threads_reses[MAX_THREADS];
-
-void *init_queue_wrapper(void *qdconf) {
-	struct queue_conf *qconf = qdconf;
-	struct queue_res *thres = threads_reses + qconf->i;
-	
-	thres->status = init_queue(qconf->queue_num);
-
-	fprintf(stderr, "Thread %d exited with status %d\n", qconf->i, thres->status);
-
-	return thres;
-}
-
-struct instance_config_t instance_config = {
-	.send_raw_packet = send_raw_socket,
-	.send_delayed_packet = delay_packet_send,
-};
-
-int main(int argc, char *argv[]) {
-	int ret;
-	if ((ret = parse_args(argc, argv)) != 0) {
-		if (ret < 0) {
-			perror("Unable to parse args");
-			exit(EXIT_FAILURE);
-		}
-		exit(EXIT_SUCCESS);
-	}
-
-	print_version();
-	print_welcome();
-
-	if (open_raw_socket() < 0) {
-		perror("Unable to open raw socket");
-		exit(EXIT_FAILURE);
-	}
-
-	if (config.use_ipv6) {
-		if (open_raw6_socket() < 0) {
-			perror("Unable to open raw socket for ipv6");
-			close_raw_socket();
-			exit(EXIT_FAILURE);
-		}
-	}
-
-	struct queue_res *qres = &defqres;
-
-	if (config.threads == 1) {
-		struct queue_conf tconf = {
-			.i = 0,
-			.queue_num = config.queue_start_num
-		};
-
-		qres = init_queue_wrapper(&tconf);
-	} else {
-		printf("%d threads wil be used\n", config.threads);
-
-		struct queue_conf thread_confs[MAX_THREADS];
-		pthread_t threads[MAX_THREADS];
-		for (int i = 0; i < config.threads; i++) {
-			struct queue_conf *tconf = thread_confs + i;
-			pthread_t *thr = threads + i;
-
-			tconf->queue_num = config.queue_start_num + i;
-			tconf->i = i;
-
-			pthread_create(thr, NULL, init_queue_wrapper, tconf);
-		}
-
-		void *res;
-		for (int i = 0; i < config.threads; i++) {
-			pthread_join(threads[i], &res);
-
-			qres = res;
-		}
-	}
-
-	close_raw_socket();
-	if (config.use_ipv6)
-		close_raw6_socket();
-
-	return -qres->status;
-}
-