fix: hashing IP addresses and setting SNI to masquerades

getlantern · Jul 26, 2024 · 5ecdafa · 5ecdafa
1 parent 1385d8c
commit 5ecdafa
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 11 deletions.
diff --git a/direct.go b/direct.go
@@ -421,17 +421,11 @@ func (d *direct) dialServerWith(m *Masquerade) (net.Conn, error) {
 	addr := m.IpAddress
 	var sendServerNameExtension bool
 
-	// looking for provider and using SNI if enabled
-	provider := d.findProviderFromMasquerade(m)
-	if provider != nil && provider.SNIConfig != nil && provider.SNIConfig.UseArbitrarySNIs {
+	if m.SNI != "" {
 		sendServerNameExtension = true
 
-		// selecting a random SNI
-		randomSNIIndex := rand.IntN(len(provider.SNIConfig.ArbitrarySNIs))
-		sniDomain := provider.SNIConfig.ArbitrarySNIs[randomSNIIndex]
-
-		op.Set("arbitrary_sni", sniDomain)
-		tlsConfig.ServerName = sniDomain
+		op.Set("arbitrary_sni", m.SNI)
+		tlsConfig.ServerName = m.SNI
 		tlsConfig.InsecureSkipVerify = true
 		tlsConfig.VerifyPeerCertificate = func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
 			log.Tracef("verifying peer certificate for masquerade domain %s", m.Domain)

diff --git a/direct_test.go b/direct_test.go
@@ -145,7 +145,7 @@ func TestLoadCandidates(t *testing.T) {
 	actual := make(map[Masquerade]bool)
 	count := 0
 	for _, m := range d.masquerades {
-		actual[Masquerade{m.Domain, m.IpAddress}] = true
+		actual[Masquerade{Domain: m.Domain, IpAddress: m.IpAddress}] = true
 		count++
 	}
 

diff --git a/masquerade.go b/masquerade.go
@@ -2,6 +2,7 @@ package fronted
 
 import (
 	"fmt"
+	"hash/crc32"
 	"net"
 	"net/http"
 	"sort"
@@ -33,6 +34,9 @@ type Masquerade struct {
 	// IpAddress: pre-resolved ip address to use instead of Domain (if
 	// available)
 	IpAddress string
+
+	// SNI: the SNI to use for this masquerade
+	SNI string
 }
 
 type masquerade struct {
@@ -109,8 +113,14 @@ func NewProvider(hosts map[string]string, testURL string, masquerades []*Masquer
 	for k, v := range hosts {
 		d.HostAliases[strings.ToLower(k)] = v
 	}
+
 	for _, m := range masquerades {
-		d.Masquerades = append(d.Masquerades, &Masquerade{Domain: m.Domain, IpAddress: m.IpAddress})
+		var sni string
+		if d.SNIConfig != nil && d.SNIConfig.UseArbitrarySNIs {
+			crc32Hash := int(crc32.ChecksumIEEE([]byte(m.IpAddress)))
+			sni = d.SNIConfig.ArbitrarySNIs[crc32Hash%len(d.SNIConfig.ArbitrarySNIs)]
+		}
+		d.Masquerades = append(d.Masquerades, &Masquerade{Domain: m.Domain, IpAddress: m.IpAddress, SNI: sni})
 	}
 	d.PassthroughPatterns = append(d.PassthroughPatterns, passthrough...)
 	return d