Add backwards compatibility fallback to firefox

2025-06-08 18:14:39 +01:00 · 2025-06-08 18:14:39 +01:00 · 8af137637e
parent 51ed286f35
commit 8af137637e
3 changed files with 45 additions and 14 deletions
--- a/internal/client/connector.go
+++ b/internal/client/connector.go
@ -21,8 +21,10 @@ func MakeSession(connConfig RemoteConnConfig, authInfo AuthInfo, dialer common.D
 	var wg sync.WaitGroup
 	for i := 0; i < connConfig.NumConn; i++ {
 		wg.Add(1)
+		transportConfig := connConfig.Transport
 		go func() {
 		makeconn:
+			transportConn := transportConfig.CreateTransport()
 			remoteConn, err := dialer.Dial("tcp", connConfig.RemoteAddr)
 			if err != nil {
 				log.Errorf("Failed to establish new connections to remote: %v", err)
@ -31,12 +33,20 @@ func MakeSession(connConfig RemoteConnConfig, authInfo AuthInfo, dialer common.D
 				goto makeconn
 			}

-			transportConn := connConfig.TransportMaker()
 			sk, err := transportConn.Handshake(remoteConn, authInfo)
 			if err != nil {
 				log.Errorf("Failed to prepare connection to remote: %v", err)
 				transportConn.Close()
+
+				// In Cloak v2.11.0, we've updated uTLS version and subsequently increased the first packet size for chrome above 1500
+				// https://github.com/cbeuw/Cloak/pull/306#issuecomment-2862728738. As a backwards compatibility feature, if we fail
+				// to connect using chrome signature, retry with firefox which has a smaller packet size.
+				if transportConfig.mode == "direct" && transportConfig.browser == chrome {
+					transportConfig.browser = firefox
+					log.Warnf("failed to connect with chrome signature, falling back to retry with firefox")
+				}
 				time.Sleep(time.Second * 3)
+
 				goto makeconn
 			}
 			// sessionKey given by each connection should be identical
--- a/internal/client/state.go
+++ b/internal/client/state.go
@ -47,7 +47,7 @@ type RemoteConnConfig struct {
 	NumConn    int
 	KeepAlive  time.Duration
 	RemoteAddr string
-	TransportMaker func() Transport
+	Transport  TransportConfig
 }

 type LocalConnConfig struct {
@ -230,11 +230,10 @@ func (raw *RawConfig) ProcessRawConfig(worldState common.WorldState) (local Loca
 			raw.CDNWsUrlPath = "/"
 		}

-		remote.TransportMaker = func() Transport {
-			return &WSOverTLS{
+		remote.Transport = TransportConfig{
+			mode:  "cdn",
 			wsUrl: "ws://" + cdnDomainPort + raw.CDNWsUrlPath,
 		}
-		}
 	case "direct":
 		fallthrough
 	default:
@ -249,12 +248,11 @@ func (raw *RawConfig) ProcessRawConfig(worldState common.WorldState) (local Loca
 		default:
 			browser = chrome
 		}
-		remote.TransportMaker = func() Transport {
-			return &DirectTLS{
+		remote.Transport = TransportConfig{
+			mode:    "direct",
 			browser: browser,
 		}
 	}
-	}

 	// KeepAlive
 	if raw.KeepAlive <= 0 {
--- a/internal/client/transport.go
+++ b/internal/client/transport.go
@ -8,3 +8,26 @@ type Transport interface {
 	Handshake(rawConn net.Conn, authInfo AuthInfo) (sessionKey [32]byte, err error)
 	net.Conn
 }
+
+type TransportConfig struct {
+	mode string
+
+	wsUrl string
+
+	browser browser
+}
+
+func (t TransportConfig) CreateTransport() Transport {
+	switch t.mode {
+	case "cdn":
+		return &WSOverTLS{
+			wsUrl: t.wsUrl,
+		}
+	case "direct":
+		return &DirectTLS{
+			browser: t.browser,
+		}
+	default:
+		return nil
+	}
+}