Lots of updates to use new fronted changes and to initialization sequ…

…ence

chained/broflake_impl.go

@@ -19,11 +19,6 @@ func init() {
 	broflake_common.SetDebugLogger(log.AsDebugLogger())
 }
 
-const (
-	// only wait 10 seconds before failing over to the next masquerade since signaling with Freddie only has a 25 second timeout
-	masqueradeTimeout = 10 * time.Second
-)
-
 type broflakeImpl struct {
 	reportDialCore reportDialCoreFn // TODO: I don't know what this is for yet
 	QUICLayer      *clientcore.QUICLayer
@@ -140,7 +135,7 @@ func makeBroflakeOptions(pc *config.ProxyConfig) (
 	// Broflake's HTTP client isn't currently configurable via PluggableTransportSettings, and so
 	// we just give it this domain fronted client in all cases
 	wo.HttpClient = &http.Client{
-		Transport: proxied.Fronted("broflake_fronted_roundtrip", masqueradeTimeout),
+		Transport: proxied.Fronted("broflake_fronted_roundtrip"),
 		Timeout:   60 * time.Second,
 	}
 

chained/broflake_impl_test.go

@@ -19,6 +19,8 @@ import (
 
 	flconfig "github.com/getlantern/flashlight/v7/config"
 	"github.com/getlantern/flashlight/v7/proxied"
+
+	tls "github.com/refraction-networking/utls"
 )
 
 var fr = newFronted()
@@ -258,9 +260,10 @@ func newFronted() fronted.Fronted {
 		os.Exit(1)
 	}
 	defer os.RemoveAll(tempConfigDir)
-	fronted, err := fronted.NewFronted(certs, cfg.Client.FrontedProviders(), flconfig.DefaultFrontedProviderID, filepath.Join(tempConfigDir, "masquerade_cache"))
+	fronted, err := fronted.NewFronted(filepath.Join(tempConfigDir, "masquerade_cache"), tls.HelloChrome_100, flconfig.DefaultFrontedProviderID)
 	if err != nil {
 		log.Errorf("Unable to configure fronted: %v", err)
 	}
+	fronted.UpdateConfig(certs, cfg.Client.FrontedProviders())
 	return fronted
 }

client/client_test.go

@@ -608,11 +608,11 @@ func (r *response) nested() (*http.Response, error) {
 type testFronted struct {
 }
 
-func (f *testFronted) UpdateConfig(pool *x509.CertPool, providers map[string]*fronted.Provider, defaultProviderID string) {
+func (f *testFronted) UpdateConfig(pool *x509.CertPool, providers map[string]*fronted.Provider) {
 
 }
-func (f *testFronted) NewRoundTripper(time.Duration) (http.RoundTripper, error) {
-	return http.DefaultTransport, nil
+func (f *testFronted) RoundTrip(req *http.Request) (*http.Response, error) {
+	return nil, nil
 }
 
 func (f *testFronted) Close() {

email/email_test.go

@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"github.com/keighl/mandrill"
+	tls "github.com/refraction-networking/utls"
 	"github.com/stretchr/testify/assert"
 
 	"github.com/getlantern/flashlight/v7/config"
@@ -98,9 +99,10 @@ func newFronted() fronted.Fronted {
 		os.Exit(1)
 	}
 	defer os.RemoveAll(tempConfigDir)
-	fronted, err := fronted.NewFronted(certs, cfg.Client.FrontedProviders(), config.DefaultFrontedProviderID, filepath.Join(tempConfigDir, "masquerade_cache"))
+	fronted, err := fronted.NewFronted(filepath.Join(tempConfigDir, "masquerade_cache"), tls.HelloChrome_100, config.DefaultFrontedProviderID)
 	if err != nil {
 		log.Errorf("Unable to configure fronted: %v", err)
 	}
+	fronted.UpdateConfig(certs, cfg.Client.FrontedProviders())
 	return fronted
 }

flashlight.go

@@ -15,6 +15,7 @@ import (
 	"github.com/getlantern/fronted"
 	"github.com/getlantern/golog"
 	"github.com/getlantern/netx"
+	tls "github.com/refraction-networking/utls"
 	"google.golang.org/protobuf/proto"
 
 	"github.com/getlantern/flashlight/v7/apipb"
@@ -183,14 +184,8 @@ func New(
 		f.op.End()
 		return nil, fatalErr
 	}
-	f.global = globalConfig
 
-	certs, err := globalConfig.TrustedCACerts()
-	if err != nil {
-		log.Errorf("Unable to get trusted ca certs, not configuring fronted: %s", err)
-	}
-
-	f.fronted, err = fronted.NewFronted(certs, globalConfig.Client.FrontedProviders(), config.DefaultFrontedProviderID, filepath.Join(configDir, "masquerade_cache"))
+	f.fronted, err = fronted.NewFronted(filepath.Join(configDir, "masquerade_cache"), tls.HelloChrome_102, config.DefaultFrontedProviderID)
 	if err != nil {
 		log.Errorf("Unable to configure fronted: %v", err)
 	}
@@ -280,6 +275,7 @@ func New(
 	}
 
 	f.client = cl
+	f.onGlobalConfig(globalConfig, config.Embedded)
 
 	f.addProxyListener(func(proxies map[string]*commonconfig.ProxyConfig, src config.Source) {
 		log.Debug("Applying proxy config with proxies")
@@ -659,7 +655,7 @@ func (f *Flashlight) applyGlobalConfig(cfg *config.Global) {
 	if err != nil {
 		log.Errorf("Unable to get trusted ca certs, not configuring fronted: %s", err)
 	} else if cfg.Client != nil && cfg.Client.Fronted != nil {
-		f.fronted.UpdateConfig(certs, cfg.Client.FrontedProviders(), config.DefaultFrontedProviderID)
+		f.fronted.UpdateConfig(certs, cfg.Client.FrontedProviders())
 	} else {
 		log.Errorf("Unable to configured fronted (no config)")
 	}

go.mod

@@ -4,8 +4,6 @@ go 1.22.3
 
 toolchain go1.22.8
 
-replace github.com/elazarl/goproxy => github.com/getlantern/goproxy v0.0.0-20220805074304-4a43a9ed4ec6
-
 replace github.com/keighl/mandrill => github.com/getlantern/mandrill v0.0.0-20221004112352-e7c04248adcb
 
 //replace github.com/getlantern/mandrill => /home/soltzen/dev/soltzen/mandrill
@@ -39,7 +37,7 @@ require (
 	github.com/getlantern/event v0.0.0-20210901195647-a7e3145142e6
 	github.com/getlantern/eventual v1.0.0
 	github.com/getlantern/eventual/v2 v2.0.2
-	github.com/getlantern/fronted v0.0.0-20241130211801-12a44503691a
+	github.com/getlantern/fronted v0.0.0-20241203183816-9b577b9a1d74
 	github.com/getlantern/go-socks5 v0.0.0-20171114193258-79d4dd3e2db5
 	github.com/getlantern/golog v0.0.0-20230503153817-8e72de7e0a65
 	github.com/getlantern/hellosplitter v0.1.1

go.sum

@@ -268,8 +268,8 @@ github.com/getlantern/filepersist v0.0.0-20210901195658-ed29a1cb0b7c h1:mcz27xtA
 github.com/getlantern/filepersist v0.0.0-20210901195658-ed29a1cb0b7c/go.mod h1:8DGAx0LNUfXNnEH+fXI0s3OCBA/351kZCiz/8YSK3i8=
 github.com/getlantern/framed v0.0.0-20190601192238-ceb6431eeede h1:yrU6Px3ZkvCsDLPryPGi6FN+2iqFPq+JeCb7EFoDBhw=
 github.com/getlantern/framed v0.0.0-20190601192238-ceb6431eeede/go.mod h1:nhnoiS6DE6zfe+BaCMU4YI01UpsuiXnDqM5S8jxHuuI=
-github.com/getlantern/fronted v0.0.0-20241130211801-12a44503691a h1:LsB4FkqfarBD0OXQoftX6YXNynn5q9VvzwFDRVCSccI=
-github.com/getlantern/fronted v0.0.0-20241130211801-12a44503691a/go.mod h1:NfZDG8pmTL3wvo/s/sflpJFsgIL7etelgwzDRtO4HIM=
+github.com/getlantern/fronted v0.0.0-20241203183816-9b577b9a1d74 h1:BF9ns5oJFA2Y1Vx4xY7jFN0oBOp4qJMANizn+sRL+f4=
+github.com/getlantern/fronted v0.0.0-20241203183816-9b577b9a1d74/go.mod h1:Oo9b4F9ZAuIz+zipULqkFROQoGtJSAMehO6djlab/04=
 github.com/getlantern/geo v0.0.0-20240108161311-50692a1b69a9 h1:mSg57/+t59Q08AqArlhW+3N1AVPn5ox0dTOYonRps6w=
 github.com/getlantern/geo v0.0.0-20240108161311-50692a1b69a9/go.mod h1:RjQ0krF8NTCc5xo2Q1995/vZBnYg33h8svn15do7dLg=
 github.com/getlantern/go-socks5 v0.0.0-20171114193258-79d4dd3e2db5 h1:RBKofGGMt2k6eGBwX8mky9qunjL+KnAp9JdzXjiRkRw=

issue/issue_test.go

@@ -9,6 +9,7 @@ import (
 	"gopkg.in/yaml.v2"
 
 	"github.com/getlantern/fronted"
+	tls "github.com/refraction-networking/utls"
 
 	"github.com/getlantern/flashlight/v7/config"
 	"github.com/getlantern/flashlight/v7/geolookup"
@@ -50,10 +51,11 @@ func newFronted() fronted.Fronted {
 		os.Exit(1)
 	}
 	defer os.RemoveAll(tempConfigDir)
-	fronted, err := fronted.NewFronted(certs, cfg.Client.FrontedProviders(), config.DefaultFrontedProviderID, filepath.Join(tempConfigDir, "masquerade_cache"))
+	fronted, err := fronted.NewFronted(filepath.Join(tempConfigDir, "masquerade_cache"), tls.HelloChrome_100, config.DefaultFrontedProviderID)
 	if err != nil {
 		log.Errorf("Unable to configure fronted: %v", err)
 	}
+	fronted.UpdateConfig(certs, cfg.Client.FrontedProviders())
 	return fronted
 }
 

proxied/fronted.go

@@ -2,31 +2,20 @@ package proxied
 
 import (
 	"net/http"
-	"time"
 
-	"github.com/getlantern/errors"
 	"github.com/getlantern/flashlight/v7/ops"
 )
 
-const DefaultMasqueradeTimeout = 5 * time.Minute
-
 // Fronted creates an http.RoundTripper that proxies request using domain
 // fronting.
-//
-// Leave masqueradeTimeout as 0 to use a default value.
-func Fronted(opName string, masqueradeTimeout time.Duration) http.RoundTripper {
-	if masqueradeTimeout == 0 {
-		masqueradeTimeout = DefaultMasqueradeTimeout
-	}
+func Fronted(opName string) http.RoundTripper {
 	return frontedRoundTripper{
-		masqueradeTimeout: masqueradeTimeout,
-		opName:            opName,
+		opName: opName,
 	}
 }
 
 type frontedRoundTripper struct {
-	masqueradeTimeout time.Duration
-	opName            string
+	opName string
 }
 
 // Use a wrapper for fronted.NewDirect to avoid blocking
@@ -37,10 +26,5 @@ func (f frontedRoundTripper) RoundTrip(req *http.Request) (*http.Response, error
 		op := ops.Begin(f.opName)
 		defer op.End()
 	}
-	rt, err := fronter.NewRoundTripper(f.masqueradeTimeout)
-	if err != nil {
-		return nil, errors.New("Unable to obtain direct fronter")
-	}
-	changeUserAgent(req)
-	return rt.RoundTrip(req)
+	return fronter.RoundTrip(req)
 }

proxied/proxied.go

@@ -140,9 +140,8 @@ func ParallelForIdempotent() http.RoundTripper {
 // requests to both chained and fronted servers either in parallel or not.
 func dual(parallel bool, rootCA string) http.RoundTripper {
 	cf := &chainedAndFronted{
-		parallel:          parallel,
-		masqueradeTimeout: DefaultMasqueradeTimeout,
-		rootCA:            rootCA,
+		parallel: parallel,
+		rootCA:   rootCA,
 	}
 	cf.setFetcher(newDualFetcher(cf))
 	return cf
@@ -247,7 +246,7 @@ func (df *dualFetcher) RoundTrip(req *http.Request) (*http.Response, error) {
 	if err != nil {
 		return nil, errors.Wrap(err).Op("DFCreateChainedClient")
 	}
-	frontedRT := Fronted("dual_fetcher_round_trip", df.masqueradeTimeout)
+	frontedRT := Fronted("dual_fetcher_round_trip")
 	return df.do(req, directRT, frontedRT)
 }
 
@@ -578,7 +577,7 @@ func DirectThenFrontedClient(timeout time.Duration) *http.Client {
 		TLSHandshakeTimeout:   timeout,
 		ResponseHeaderTimeout: timeout,
 	}
-	frt := Fronted("direct_then_fronted", 10*time.Second)
+	frt := Fronted("direct_then_fronted")
 	return &http.Client{
 		Timeout:   timeout * 2,
 		Transport: serialTransport{drt, frt},
@@ -594,7 +593,7 @@ func ChainedThenDirectThenFrontedClient(timeout time.Duration, rootCA string) *h
 		TLSHandshakeTimeout:   10 * time.Second,
 		ResponseHeaderTimeout: 30 * time.Second,
 	}
-	frt := Fronted("", 10*time.Second)
+	frt := Fronted("chained_then_direct_then_fronted")
 	return &http.Client{
 		Timeout:   timeout * 2,
 		Transport: serialTransport{chained, drt, frt},

proxied/proxied_test.go

@@ -15,6 +15,7 @@ import (
 	"testing"
 	"time"
 
+	tls "github.com/refraction-networking/utls"
 	"github.com/vulcand/oxy/forward"
 	"gopkg.in/yaml.v2"
 
@@ -311,9 +312,10 @@ func newFronted() fronted.Fronted {
 		os.Exit(1)
 	}
 	defer os.RemoveAll(tempConfigDir)
-	fronted, err := fronted.NewFronted(certs, cfg.Client.FrontedProviders(), flconfig.DefaultFrontedProviderID, filepath.Join(tempConfigDir, "masquerade_cache"))
+	fronted, err := fronted.NewFronted(filepath.Join(tempConfigDir, "masquerade_cache"), tls.HelloChrome_100, flconfig.DefaultFrontedProviderID)
 	if err != nil {
 		log.Errorf("Unable to configure fronted: %v", err)
 	}
+	fronted.UpdateConfig(certs, cfg.Client.FrontedProviders())
 	return fronted
 }

services/bypass.go

@@ -167,7 +167,7 @@ func newProxy(
 		ProxyConfig:       pc,
 		name:              name,
 		proxyRoundTripper: newProxyRoundTripper(name, pc, userConfig, dialer),
-		dfRoundTripper:    proxied.Fronted("bypass_fronted_roundtrip", 0),
+		dfRoundTripper:    proxied.Fronted("bypass_fronted_roundtrip"),
 		sender:            &sender{},
 		toggle:            atomic.NewBool(mrand.Float32() < 0.5),
 		userConfig:        userConfig,