bassosimone
commented
2 months ago Nice, thank you for pointing this out! It seems we were working in similar directions, in that we're also doing happy eyeballs and trying different strategies and caching what works. I will take a look at your implementation and see what we can learn from it and whether there's code with can integrate (with attribution!) to improve how we're doing. I'd rather avoid adding external dependencies at this time, since we already have significant issues with finding out the right version of packages for all dependencies. Thanks again!
fortuna
My understanding is that the OONI reporting API has been blocked in China.
It seems like you may have Psiphon or Tor as fallbacks. You can add new alternatives that don't require setting up a tunnel.
For DNS-based blocking, you can use the Outline SDK dns package to create encrypted DNS resolvers and dialers that use Happy Eyeballs. You can easily implement your client.Resolver interface.
For SNI-based blocking, you can use the tlsfrag package to use TLS Record Fragmentation, which works in Russia, China and Iran.
Note that you can combine them. A Dialer can do encrypted DNS and TLS record fragmentation. You may find our FuncStreamDialer useful for creating anonymous StreamDialers that wraps behavior.
In our extensions module, we have a smart dialer, which tries different DNS and TLS strategies to find one that works for a list of domain, usually within 1-2 seconds. Here are example runs in Russia and Iran.
You can probably integrate all of that via the Client.HTTPClient. Our fetch example app illustrates how to do that.
If you'd like to integrate as a local proxy (I see you have a ProxyURL option), you can use our x/httpproxy package.
One great benefit of all of this is that you don't need any infrastructure. However, you also have the options to run Outline Servers and have them as fallback options as well.