github Waujito/youtubeUnblock v1.0.0-rc5
on GitHub

latest releases: continuous, v1.1.0, v1.0.0...
8 months ago

What's Changed

  • UDP faking support by @Waujito in #200
  • New LUCI interface by @Waujito in #205
  • Huge remaster of internal parameters logic, unification between kernel module and userspace (#200)

Full Changelog: v1.0.0-rc4...v1.0.0-rc5

README difference

Openwrt

LuCI configuration lives in Services->youtubeUnblock section. It is self descriptive, with description for each flag. Note, that after you push Save & Apply button, the configuration is applied automatically and the service is restarted.

UCI configuration is available in /etc/config/youtubeUnblock file, in section youtubeUnblock.youtubeUnblock. You may pass any args as a string to parameter args, but before it disable interactive flags (You can configurate with it but it is a way harder and I recommend to use it only with luci-app-youtubeUnblock): 

uci set youtubeUnblock.youtubeUnblock.conf_strat="args"
uci set youtubeUnblock.youtubeUnblock.args="--queue-num=537 --threads=1"

To save the configs you should do uci commit and then reload_config to restart youtubeUnblock

You can check the logs in CLI mode with logread -l 200 | grep youtubeUnblock command.

In CLI mode you will use youtubeUnblock as a normal init.d service:
for example, you can enable it with /etc/init.d/youtubeUnblock enable.

Firewall

On nftables you should put next nftables rules: 

nft add chain inet fw4 youtubeUnblock '{ type filter hook postrouting priority mangle - 1; policy accept; }'
nft add rule inet fw4 youtubeUnblock 'tcp dport 443 ct original packets < 20 counter queue num 537 bypass'
nft add rule inet fw4 youtubeUnblock 'meta l4proto udp ct original packets < 9 counter queue num 537 bypass'
nft insert rule inet fw4 output 'mark and 0x8000 == 0x8000 counter accept'

On iptables you should put next iptables rules: 

iptables -t mangle -N YOUTUBEUNBLOCK
iptables -t mangle -A YOUTUBEUNBLOCK -p tcp --dport 443 -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:19 -j NFQUEUE --queue-num 537 --queue-bypass
iptables -t mangle -A YOUTUBEUNBLOCK -p udp -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:8 -j NFQUEUE --queue-num 537 --queue-bypass
iptables -t mangle -A POSTROUTING -j YOUTUBEUNBLOCK
iptables -I OUTPUT -m mark --mark 32768/32768 -j ACCEPT

For IPv6 on iptables you need to duplicate rules above for ip6tables: 

ip6tables -t mangle -N YOUTUBEUNBLOCK
ip6tables -t mangle -A YOUTUBEUNBLOCK -p tcp --dport 443 -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:19 -j NFQUEUE --queue-num 537 --queue-bypass
ip6tables -t mangle -A YOUTUBEUNBLOCK -p udp -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:8 -j NFQUEUE --queue-num 537 --queue-bypass
ip6tables -t mangle -A POSTROUTING -j YOUTUBEUNBLOCK
ip6tables -I OUTPUT -m mark --mark 32768/32768 -j ACCEPT

Flags

  • --udp-mode={drop|fake} This flag specifies udp handling strategy. If drop udp packets will be dropped (useful for quic when browser can fallback to tcp), if fake udp will be faked. Defaults to fake.

  • --udp-fake-seq-len=<amount of faking packets sent> Specifies how much faking packets will be sent over the network. Defaults to 6.

  • --udp-fake-len=<size of udp fake> Size of udp fake payload (typically payload is zeroes). Defaults to 64.

  • --udp-dport-filter=<5,6,200-500> Filter the UDP destination ports. Defaults to no ports. Specifie the ports you want to be handled by youtubeUnblock.

  • --udp-filter-quic={disabled|all} Enables QUIC filtering for UDP handler. If disabled, quic won't be processed, if all, all quic initial packets will be handled. Defaults to disabled.

  • --quic-drop Drop all QUIC packets which goes to youtubeUnblock. Won't affect any other UDP packets. Just an alias for --udp-filter-quic=all --udp-mode=drop.

UDP

UDP is another communication protocol. Well-known technologies that use it are DNS, QUIC, voice chats. UDP does not provide reliable connection and its header is much simpler than TCP thus fragmentation is limited. The support provided primarily by faking. For QUIC faking may not work well, so use --quic-drop if you want to drop all quic traffic. For other technologies I recommend to configure UDP support in the separate section from TCP, like --fbegin --udp-dport-filter=50000-50099 --tls=disabled. See more in flags related to udp and issues tagged with udp label.

Kernel module

You can configure the module with its flags: 

insmod kyoutubeUnblock.ko 
echo "--fake_sni=1 --exclude_domains=.ru --quic_drop" | sudo tee /sys/module/kyoutubeUnblock/parameters/parameters

You can also do 

cat /sys/module/kyoutubeUnblock/parameters/parameters

and check all the parameters configured.

Check out latest releases or
releases around Waujito/youtubeUnblock v1.0.0-rc5

Don't miss a new youtubeUnblock release

NewReleases is sending notifications on new releases.

Get notifications