Merge pull request #98 from Waujito/kmod

Kernel module

.github/workflows/build-ci.yml

@@ -93,7 +93,7 @@ jobs:
         if: steps.build.outcome == 'success'
         uses: actions/upload-artifact@v4
         with:
-          name: static-${{ matrix.arch }}
+          name: youtubeUnblock-static-${{ matrix.arch }}
           path: ./**/youtubeUnblock*.tar.gz
 
   build-static-cross:
@@ -225,10 +225,108 @@ jobs:
         if: steps.build.outcome == 'success'
         uses: actions/upload-artifact@v4
         with:
-          name: ${{ matrix.branch }}-${{ matrix.arch }}
+          name: youtubeUnblock-${{ matrix.branch }}-${{ matrix.arch }}
           path: /builder/youtubeUnblock*.ipk
           if-no-files-found: error
 
+
+  build-openwrt-kmod:
+    needs: prepare
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        branch:
+          - openwrt-23.05
+          - openwrt-22.03
+          - openwrt-21.02
+          - openwrt-19.07
+        include:
+          - branch: openwrt-23.05
+            wd_path: /builder
+          - branch: openwrt-22.03
+            wd_path: /builder
+          - branch: openwrt-21.02
+            wd_path: /builder
+          - branch: openwrt-19.07
+            wd_path: /home/build/openwrt
+        arch:
+          - aarch64_cortex-a53
+          - aarch64_cortex-a72
+          - aarch64_generic
+          - arm_arm1176jzf-s_vfp
+          - arm_arm926ej-s
+          - arm_cortex-a15_neon-vfpv4
+          - arm_cortex-a5_vfpv4
+          - arm_cortex-a7
+          - arm_cortex-a7_neon-vfpv4
+          - arm_cortex-a7_vfpv4
+          - arm_cortex-a8_vfpv3
+          - arm_cortex-a9
+          - arm_cortex-a9_neon
+          - arm_cortex-a9_vfpv3-d16
+          - arm_fa526
+          - arm_mpcore
+          - arm_xscale
+          - mips64_octeonplus
+          - mips_24kc
+          - mips_4kec
+          - mips_mips32
+          - mipsel_24kc
+          - mipsel_24kc_24kf
+          - mipsel_74kc
+          - mipsel_mips32
+          - ramips-mt76x8
+          - x86_64
+        exclude:
+          - branch: openwrt-19.07
+            arch: arm_cortex-a7
+          - branch: openwrt-19.07
+            arch: mips_4kec
+          - branch: openwrt-19.07
+            arch: ramips-mt76x8
+          - branch: openwrt-19.07
+            arch: arm_cortex-a7_vfpv4
+          - branch: openwrt-21.02
+            arch: arm_cortex-a7_vfpv4
+
+    container:
+      image: openwrt/sdk:${{ matrix.arch }}-${{ matrix.branch }}
+      options: --user root
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: 'openwrt'
+
+      - name: Prepare build
+        env:
+          VERSION: ${{ needs.prepare.outputs.version }}
+          SHA: ${{ needs.prepare.outputs.sha }}
+        run: |
+          sed -i "s/PKG_REV:=.*$/PKG_REV:=$SHA/;s/PKG_VERSION:=.*$/PKG_VERSION:=$VERSION-$SHA/" kyoutubeUnblock/Makefile
+      - name: Build packages
+        id: build
+        env:
+          VERSION: ${{ needs.prepare.outputs.version }}
+          SHA: ${{ needs.prepare.outputs.sha }}
+        working-directory: ${{ matrix.wd_path }}
+        run: |
+          pwd
+          echo "src-link youtubeUnblock $GITHUB_WORKSPACE" >> feeds.conf
+          cat feeds.conf
+          ./scripts/feeds update youtubeUnblock
+          ./scripts/feeds install -a -p youtubeUnblock
+          make defconfig
+          make package/kyoutubeUnblock/compile V=s
+          cp $(find ./bin -type f -name 'kmod-youtubeUnblock*.ipk') ./
+      - name: Upload packages
+        if: steps.build.outcome == 'success'
+        uses: actions/upload-artifact@v4
+        with:
+          name: kmod-youtubeUnblock-${{ matrix.branch }}-${{ matrix.arch }}
+          path: ${{ matrix.wd_path }}/kmod-youtubeUnblock*.ipk
+          if-no-files-found: error
+
   build-entware:
     needs: prepare
     runs-on: ubuntu-latest
@@ -317,13 +415,13 @@ jobs:
         if: steps.build.outcome == 'success'
         uses: actions/upload-artifact@v4
         with:
-          name: entware-${{ matrix.arch }}
+          name: youtubeUnblock-entware-${{ matrix.arch }}
           path: ./**/youtubeUnblock*-entware.tar.gz
           if-no-files-found: error
 
   pre-release:
     if: github.event_name != 'pull_request' && github.ref_name == 'main'
-    needs: [build-static, build-static-cross, build-openwrt, build-entware]
+    needs: [build-static, build-static-cross, build-openwrt, build-entware, build-openwrt-kmod]
     permissions:
       contents: write
     runs-on: ubuntu-latest
@@ -340,4 +438,5 @@ jobs:
           title: 'Development build'
           files: |
             ./**/youtubeUnblock*.ipk
+            ./**/kmod-youtubeUnblock*.ipk
             ./**/youtubeUnblock*.tar.gz

Kbuild

@@ -1,3 +1,3 @@
-obj-m := ipt_YTUNBLOCK.o
-ipt_YTUNBLOCK-objs := iptk_YTUNBLOCK.o mangle.o
-ccflags-y := -std=gnu11 -Wno-unused-variable -DKERNEL_SPACE -DDEBUG
+obj-m := kyoutubeUnblock.o
+kyoutubeUnblock-objs := kytunblock.o mangle.o quic.o utils.o kmod_utils.o kargs.o
+ccflags-y := -std=gnu99 -DKERNEL_SPACE -Wno-error -Wno-declaration-after-statement

README.md

@@ -16,6 +16,11 @@
   - [OpenWRT case](#openwrt-case)
     - [Building OpenWRT .ipk package](#building-openwrt-ipk-package)
     - [Building with toolchain](#building-with-toolchain)
+  - [Kernel module](#kernel-module)
+    - [Building kernel module](#building-kernel-module)
+      - [Building on host system](#building-on-host-system)
+      - [Building on any kernel](#building-on-any-kernel)
+      - [Building with openwrt SDK](#building-with-openwrt-sdk)
 
 
 # youtubeUnblock
@@ -35,6 +40,10 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
 ```
 
+The program is distributed in two version:
+- A userspace application works on top of nfnetlink queue which requires nfnetlink modules in the kernel and firewall rules. This approach is default and normally should be used but it has some limitations on embedded devices which may have no nfnetlink support. Also this solution may break down the internet speed and CPU load on your device because of jumps between userspace and kernelspace for each packet (this behavior may be fixed with connbytes but it also requires conntrack kernel module).
+- A kernel module which integrates deeply within the netfilter stack and does not interact with the userspace firewall. The module requires only netfilter kernel support but it definetly present on every device connected to the Internet. The only difficulity is how to build it. I cannot provide modules within Github Actions for each single one kernel, even if we talk only about OpenWRT versions. If you want to learn more about the module, jump on [its section in the README](#kernel-module)
+
 The program is compatible with routers based on OpenWRT, Entware(Keenetic/ASUS) and host machines. The program offers binaries via Github Actions. The binaries of main branch are published in the [development pre-release](https://github.com/Waujito/youtubeUnblock/releases/tag/continuous). Check out [Github Actions](https://github.com/Waujito/youtubeUnblock/actions/workflows/build-ci.yml) if you want to see all the binaries compiled ever. You should know the arcitecture of your hardware to use binaries. On OpenWRT you can check it with command `grep ARCH /etc/openwrt_release`.
 
 On both OpenWRT and Entware install the program with opkg. If you got read-only filesystem error you may unpack the binary manually or specify opkg path `opkg -o <destdir>`.
@@ -301,5 +310,64 @@ Take a look at `CROSS_COMPILE_PLATFORM` It is required by autotools but I think
 
 When compilation is done, the binary file will be in build directory. Copy it to your router. Note that a ssh access is likely to be required to proceed. *sshfs* don't work on my model so I injected the application to the router via *Software Upload Package* page. It has given me an error, but also a `/tmp/upload.ipk` file which I copied in root directory, `chmod +x` it and run.
 
+## Kernel module
+
+This section describes the kernel module version of youtubeUnblock. The kernel module operates as a normal module inside the kernel and integrates within the netfilter stack to statelessly mangle the packets sent over the Internet.
+
+You can configure the module with its flags in insmod:
+```
+insmod kyoutubeUnblock.ko fake_sni=1 exclude_domains=.ru quic_drop=1
+```
+
+Note that the flags names are different from ones used for the regular youtubeUnblock(right like in UCI configuration for OpenWRT): replace `-` with `_` and no leading `--`. Also to configure togglers you should set them to `1` (`silent=1 quic_drop=1`)
+
+Also a drop in replacement is supported for all the parameters excluding packet mark. A drop in replacement does not require module restart if you want to change the parameters. You can specify and check the parameters within module's directory inside the sysfs: `/sys/module/kyoutubeUnblock/parameters/`. For example, to set quic_drop to true you may use next command:
+```sh
+echo 1 | sudo tee /sys/module/kyoutubeUnblock/parameters/quic_drop
+```
+and 
+```sh
+cat /sys/module/kyoutubeUnblock/parameters/quic_drop
+```
+to check the parameter.
+
+### Building kernel module
+
+#### Building on host system
+
+To build the kernel module on your host system you should install `linux-headers` which will provide build essential tools and `gcc` compiler suite. On host system you may build the module with 
+```sh
+make kmake
+```
+
+#### Building on any kernel
+
+To build the module for external kernel you should build that kernel locally and point make to it. Use `KERNEL_BUILDER_MAKEDIR=~/linux` flag for make, for example:
+```
+make kmake KERNEL_BUILDER_MAKEDIR=~/linux
+```
+Note, that the kernel should be already configured and built. See linux kernel building manuals for more information about your specific case.
+
+#### Building with openwrt SDK
+
+Building with openwrt SDK is not such a hard thing. The only thing you should do is to obtain the sdk. You can find it by looking to your architecture and version of the openwrt currently used. You should use the exactly your version of openwrt since kernels there change often. You can find the sdk in two ways: by downloading it from their site or by using the openwrt sdk docker container (recommended).
+
+If you decide to download the tar archive, follow next steps:
+For me the archive lives in https://downloads.openwrt.org/releases/23.05.3/targets/ramips/mt76x8/ and called `openwrt-sdk-23.05.3-ramips-mt76x8_gcc-12.3.0_musl.Linux-x86_64`. You will need to [install sdk requirements on your system](https://openwrt.org/docs/guide-developer/toolchain/install-buildsystem) If you have any problems, use docker ubuntu:24.04 image. Make sure to be a non-root user since some makesystem fails with it. Next, untar the SDK and cd into it. 
+
+Or you can obtain the docker image with sdk built-in: [https://hub.docker.com/u/openwrt/sdk](https://hub.docker.com/u/openwrt/sdk). In my case the image has tag `ramips-mt76x8-23.05.3`. A good thing here is that you don't need to install any dependencies inside the docker container. Also docker hub has a perfect search around tags if you don't sure which one corresponds to your device.
+
+When you unpacked/installed the sdk, you is ready to start with building the kernel module.
+
+Do
+```sh
+echo "src-git youtubeUnblock https://github.com/Waujito/youtubeUnblock.git;openwrt" >> feeds.conf
+./scripts/feeds update youtubeUnblock
+./scripts/feeds install -a -p youtubeUnblock
+make defconfig
+make package/kyoutubeUnblock/compile V=s
+```
+
+When the commands finish, the module is ready. Find it with `find bin -name "kmod-youtubeUnblock*.ipk"`, copy to your host and install to the router via gui software interface. The module should start immediately. If not, do `modprobe kyoutubeUnblock`.
 
  >If you have any questions/suggestions/problems feel free to open an [issue](https://github.com/Waujito/youtubeUnblock/issues).

config.h

@@ -1,6 +1,10 @@
 #ifndef YTB_CONFIG_H
 #define YTB_CONFIG_H
 
+#ifndef KERNEL_SPACE
+#define USER_SPACE
+#endif
+
 typedef int (*raw_send_t)(const unsigned char *data, unsigned int data_len);
 /**
  * Sends the packet after delay_ms. The function should schedule send and return immediately
@@ -110,6 +114,8 @@ extern struct config_t config;
 
 #define MAX_PACKET_SIZE 8192
 
-static const char defaul_snistr[] = "googlevideo.com,ggpht.com,ytimg.com,youtube.com,play.google.com,youtu.be,googleapis.com,googleusercontent.com,gstatic.com,l.google.com";
+#define DEFAULT_SNISTR "googlevideo.com,ggpht.com,ytimg.com,youtube.com,play.google.com,youtu.be,googleapis.com,googleusercontent.com,gstatic.com,l.google.com"
+
+static const char defaul_snistr[] = DEFAULT_SNISTR;
 
 #endif /* YTB_CONFIG_H */