getlantern · WendelHime · Aug 5, 2024 · Jun 11, 2024 · Jun 14, 2024 · Jul 10, 2024
diff --git a/config/client_config.go b/config/client_config.go
@@ -3,6 +3,7 @@
 import (
 	"errors"
 
+	"github.com/getlantern/flashlight/v7/geolookup"
 	"github.com/getlantern/fronted"
 )
 
@@ -40,6 +41,7 @@
 	Masquerades         []*fronted.Masquerade
 	Validator           *ValidatorConfig
 	PassthroughPatterns []string
+	FrontingSNIs        map[string]*fronted.SNIConfig
 }
 
 // returns a fronted.ResponseValidator specified by the
@@ -80,15 +82,24 @@
 
 // Builds a list of fronted.Providers to use based on the configuration
 func (c *ClientConfig) FrontedProviders() map[string]*fronted.Provider {
+	sniRegion := geolookup.GetCountry(0)
+	if sniRegion == "" {
+		sniRegion = "default"
+	}
 
 	providers := make(map[string]*fronted.Provider)
 	for pid, p := range c.Fronted.Providers {
+		sniConfig := p.FrontingSNIs[sniRegion]
+		if sniConfig != nil && sniConfig.UseArbitrarySNIs && len(sniConfig.ArbitrarySNIs) == 0 {
+			sniConfig.ArbitrarySNIs = p.FrontingSNIs["default"].ArbitrarySNIs
+		}
 		providers[pid] = fronted.NewProvider(
 			p.HostAliases,
 			p.TestURL,
 			p.Masquerades,
 			p.GetResponseValidator(pid),
 			p.PassthroughPatterns,
+			sniConfig,
 		)
 	}
 	return providers

diff --git a/config/embedded_global_test.go b/config/embedded_global_test.go
@@ -16,6 +16,8 @@ func TestEmbeddedGlobal(t *testing.T) {
 	assert.NoError(t, err)
 
 	gl := global.(*Global)
+	assert.False(t, gl.Client.Fronted.Providers["akamai"].FrontingSNIs["default"].UseArbitrarySNIs)
+	assert.NotEmpty(t, gl.Client.Fronted.Providers["akamai"].FrontingSNIs["default"].ArbitrarySNIs)
 	assert.True(t, len(gl.Client.Fronted.Providers["akamai"].Masquerades) > 20)
 	assert.True(t, len(gl.Client.Fronted.Providers["cloudfront"].Masquerades) > 20)
 	assert.Containsf(t, gl.Client.Fronted.Providers["cloudfront"].HostAliases, "replica-search.lantern.io", "embedded global config does not contain replica-search cloudfront fronted provider")

diff --git a/embeddedconfig/global.yaml b/embeddedconfig/global.yaml
@@ -255,6 +255,18 @@ client:
         testurl: https://fronted-ping.dsa.akamai.getiantem.org/ping
         validator:
           rejectstatus: [403]
+        frontingsnis:
+          default:
+            usearbitrarysnis: false
+            arbitrarysnis:
+            - amazon.com
+            - mercadopago.com
+            - facebook.com
+            - instagram.com
+            - twitter.com
+          ir:
+            usearbitrarysnis: true
+            arbitrarysnis:
         masquerades: 
         - domain: a248.e.akamai.net
           ipaddress: 23.45.112.56

diff --git a/embeddedconfig/global.yaml.tmpl b/embeddedconfig/global.yaml.tmpl
@@ -246,6 +246,10 @@ client:
         testurl: {{$p.TestURL}}{{if $p.Validator}}
         validator:{{if $p.Validator.RejectStatus}}
           rejectstatus: [{{range $i, $e := $p.Validator.RejectStatus}}{{if $i}}, {{end}}{{$e}}{{end}}]{{end}}{{end}}
+        frontingsnis: {{range $key, $cfg := $p.FrontingSNIs}}
+          {{$key}}:
+            usearbitrarysnis: {{$cfg.UseArbitrarySNIs}}
+            arbitrarysnis: [{{range $i, $sni := $cfg.ArbitrarySNIs}}{{if $i}}, {{end}}{{$sni}}{{end}}]{{end}}
         masquerades: {{if eq $pid "cloudfront"}}&cfmasq{{end}}{{range $p.Masquerades}}
         - domain: {{.Domain}}
           ipaddress: {{.IpAddress}}{{end}}{{else}}{}{{end}}