Remove RestrictDirectProviderIDs and HoldOffDirectServerEntryRegions

- Rename HoldOffDirectServerEntryProviderRegions as HoldOffDirectTunnelProviderRegions
Psiphon-Labs · Jan 24, 2024 · 877122a · 877122a
1 parent 8e721c1
commit 877122a
Show file tree

Hide file tree

Showing 6 changed files with 40 additions and 111 deletions.
diff --git a/psiphon/common/parameters/parameters.go b/psiphon/common/parameters/parameters.go
@@ -311,18 +311,16 @@ const (
 	HoldOffTunnelProtocols                           = "HoldOffTunnelProtocols"
 	HoldOffTunnelFrontingProviderIDs                 = "HoldOffTunnelFrontingProviderIDs"
 	HoldOffTunnelProbability                         = "HoldOffTunnelProbability"
+	RestrictFrontingProviderIDs                      = "RestrictFrontingProviderIDs"
+	RestrictFrontingProviderIDsServerProbability     = "RestrictFrontingProviderIDsServerProbability"
+	RestrictFrontingProviderIDsClientProbability     = "RestrictFrontingProviderIDsClientProbability"
 	HoldOffDirectTunnelMinDuration                   = "HoldOffDirectTunnelMinDuration"
 	HoldOffDirectTunnelMaxDuration                   = "HoldOffDirectTunnelMaxDuration"
-	HoldOffDirectServerEntryRegions                  = "HoldOffDirectServerEntryRegions"
-	HoldOffDirectServerEntryProviderRegions          = "HoldOffDirectServerEntryProviderRegions"
+	HoldOffDirectTunnelProviderRegions               = "HoldOffDirectTunnelProviderRegions"
 	HoldOffDirectTunnelProbability                   = "HoldOffDirectTunnelProbability"
-	RestrictDirectProviderIDs                        = "RestrictDirectProviderIDs"
 	RestrictDirectProviderRegions                    = "RestrictDirectProviderRegions"
 	RestrictDirectProviderIDsServerProbability       = "RestrictDirectProviderIDsServerProbability"
 	RestrictDirectProviderIDsClientProbability       = "RestrictDirectProviderIDsClientProbability"
-	RestrictFrontingProviderIDs                      = "RestrictFrontingProviderIDs"
-	RestrictFrontingProviderIDsServerProbability     = "RestrictFrontingProviderIDsServerProbability"
-	RestrictFrontingProviderIDsClientProbability     = "RestrictFrontingProviderIDsClientProbability"
 	UpstreamProxyAllowAllServerEntrySources          = "UpstreamProxyAllowAllServerEntrySources"
 	DestinationBytesMetricsASN                       = "DestinationBytesMetricsASN"
 	DNSResolverAttemptsPerServer                     = "DNSResolverAttemptsPerServer"
@@ -711,21 +709,19 @@ var defaultParameters = map[string]struct {
 	HoldOffTunnelFrontingProviderIDs: {value: []string{}},
 	HoldOffTunnelProbability:         {value: 0.0, minimum: 0.0},
 
-	HoldOffDirectTunnelMinDuration:          {value: time.Duration(0), minimum: time.Duration(0)},
-	HoldOffDirectTunnelMaxDuration:          {value: time.Duration(0), minimum: time.Duration(0)},
-	HoldOffDirectServerEntryRegions:         {value: []string{}},
-	HoldOffDirectServerEntryProviderRegions: {value: KeyStrings{}},
-	HoldOffDirectTunnelProbability:          {value: 0.0, minimum: 0.0},
+	RestrictFrontingProviderIDs:                  {value: []string{}},
+	RestrictFrontingProviderIDsServerProbability: {value: 0.0, minimum: 0.0, flags: serverSideOnly},
+	RestrictFrontingProviderIDsClientProbability: {value: 0.0, minimum: 0.0},
+
+	HoldOffDirectTunnelMinDuration:     {value: time.Duration(0), minimum: time.Duration(0)},
+	HoldOffDirectTunnelMaxDuration:     {value: time.Duration(0), minimum: time.Duration(0)},
+	HoldOffDirectTunnelProviderRegions: {value: KeyStrings{}},
+	HoldOffDirectTunnelProbability:     {value: 0.0, minimum: 0.0},
 
-	RestrictDirectProviderIDs:                  {value: []string{}},
 	RestrictDirectProviderRegions:              {value: KeyStrings{}},
 	RestrictDirectProviderIDsServerProbability: {value: 0.0, minimum: 0.0, flags: serverSideOnly},
 	RestrictDirectProviderIDsClientProbability: {value: 0.0, minimum: 0.0},
 
-	RestrictFrontingProviderIDs:                  {value: []string{}},
-	RestrictFrontingProviderIDsServerProbability: {value: 0.0, minimum: 0.0, flags: serverSideOnly},
-	RestrictFrontingProviderIDsClientProbability: {value: 0.0, minimum: 0.0},
-
 	UpstreamProxyAllowAllServerEntrySources: {value: false},
 
 	DestinationBytesMetricsASN: {value: "", flags: serverSideOnly},

diff --git a/psiphon/config.go b/psiphon/config.go
@@ -818,25 +818,23 @@ type Config struct {
 	HoldOffTunnelFrontingProviderIDs     []string
 	HoldOffTunnelProbability             *float64
 
+	// RestrictFrontingProviderIDs and other RestrictFrontingProviderIDs fields
+	// are for testing purposes.
+	RestrictFrontingProviderIDs                  []string
+	RestrictFrontingProviderIDsClientProbability *float64
+
 	// HoldOffDirectTunnelMinDurationMilliseconds and other HoldOffDirect
 	// fields are for testing purposes.
 	HoldOffDirectTunnelMinDurationMilliseconds *int
 	HoldOffDirectTunnelMaxDurationMilliseconds *int
-	HoldOffDirectServerEntryRegions            []string
-	HoldOffDirectServerEntryProviderRegions    map[string][]string
+	HoldOffDirectTunnelProviderRegions         map[string][]string
 	HoldOffDirectTunnelProbability             *float64
 
-	// RestrictDirectProviderIDs and other RestrictDirect fields are for
+	// RestrictDirectProviderRegions and other RestrictDirect fields are for
 	// testing purposes.
-	RestrictDirectProviderIDs                  []string
 	RestrictDirectProviderRegions              map[string][]string
 	RestrictDirectProviderIDsClientProbability *float64
 
-	// RestrictFrontingProviderIDs and other RestrictFrontingProviderIDs fields
-	// are for testing purposes.
-	RestrictFrontingProviderIDs                  []string
-	RestrictFrontingProviderIDsClientProbability *float64
-
 	// UpstreamProxyAllowAllServerEntrySources is for testing purposes.
 	UpstreamProxyAllowAllServerEntrySources *bool
 
@@ -1949,22 +1947,14 @@ func (config *Config) makeConfigParameters() map[string]interface{} {
 		applyParameters[parameters.HoldOffDirectTunnelMaxDuration] = fmt.Sprintf("%dms", *config.HoldOffDirectTunnelMaxDurationMilliseconds)
 	}
 
-	if len(config.HoldOffDirectServerEntryRegions) > 0 {
-		applyParameters[parameters.HoldOffDirectServerEntryRegions] = config.HoldOffDirectServerEntryRegions
-	}
-
-	if len(config.HoldOffDirectServerEntryProviderRegions) > 0 {
-		applyParameters[parameters.HoldOffDirectServerEntryProviderRegions] = parameters.KeyStrings(config.HoldOffDirectServerEntryProviderRegions)
+	if len(config.HoldOffDirectTunnelProviderRegions) > 0 {
+		applyParameters[parameters.HoldOffDirectTunnelProviderRegions] = parameters.KeyStrings(config.HoldOffDirectTunnelProviderRegions)
 	}
 
 	if config.HoldOffDirectTunnelProbability != nil {
 		applyParameters[parameters.HoldOffDirectTunnelProbability] = *config.HoldOffDirectTunnelProbability
 	}
 
-	if len(config.RestrictDirectProviderIDs) > 0 {
-		applyParameters[parameters.RestrictDirectProviderIDs] = config.RestrictDirectProviderIDs
-	}
-
 	if len(config.RestrictDirectProviderRegions) > 0 {
 		applyParameters[parameters.RestrictDirectProviderRegions] = parameters.KeyStrings(config.RestrictDirectProviderRegions)
 	}
@@ -2475,16 +2465,9 @@ func (config *Config) setDialParametersHash() {
 		binary.Write(hash, binary.LittleEndian, int64(*config.HoldOffDirectTunnelMaxDurationMilliseconds))
 	}
 
-	if len(config.HoldOffDirectServerEntryRegions) > 0 {
-		hash.Write([]byte("HoldOffDirectServerEntryRegions"))
-		for _, region := range config.HoldOffDirectServerEntryRegions {
-			hash.Write([]byte(region))
-		}
-	}
-
-	if len(config.HoldOffDirectServerEntryProviderRegions) > 0 {
-		hash.Write([]byte("HoldOffDirectServerEntryProviderRegions"))
-		for providerID, regions := range config.HoldOffDirectServerEntryProviderRegions {
+	if len(config.HoldOffDirectTunnelProviderRegions) > 0 {
+		hash.Write([]byte("HoldOffDirectTunnelProviderRegions"))
+		for providerID, regions := range config.HoldOffDirectTunnelProviderRegions {
 			hash.Write([]byte(providerID))
 			for _, region := range regions {
 				hash.Write([]byte(region))
@@ -2497,13 +2480,6 @@ func (config *Config) setDialParametersHash() {
 		binary.Write(hash, binary.LittleEndian, *config.HoldOffTunnelProbability)
 	}
 
-	if len(config.RestrictDirectProviderIDs) > 0 {
-		hash.Write([]byte("RestrictDirectProviderIDs"))
-		for _, providerID := range config.RestrictDirectProviderIDs {
-			hash.Write([]byte(providerID))
-		}
-	}
-
 	if len(config.RestrictDirectProviderRegions) > 0 {
 		hash.Write([]byte("RestrictDirectProviderRegions"))
 		for providerID, regions := range config.RestrictDirectProviderRegions {

diff --git a/psiphon/dialParameters.go b/psiphon/dialParameters.go
@@ -431,11 +431,8 @@ func MakeDialParameters(
 	// provider ID. See the corresponding server-side enforcement comments in
 	// server.TacticsListener.accept.
 	if protocol.TunnelProtocolIsDirect(dialParams.TunnelProtocol) &&
-		(common.Contains(
-			p.Strings(parameters.RestrictDirectProviderIDs),
-			dialParams.ServerEntry.ProviderID) ||
-			common.ContainsAny(
-				p.KeyStrings(parameters.RestrictDirectProviderRegions, dialParams.ServerEntry.ProviderID), []string{"", serverEntry.Region})) {
+		common.ContainsAny(
+			p.KeyStrings(parameters.RestrictDirectProviderRegions, dialParams.ServerEntry.ProviderID), []string{"", serverEntry.Region}) {
 		if p.WeightedCoinFlip(
 			parameters.RestrictDirectProviderIDsClientProbability) {
 
@@ -889,10 +886,8 @@ func MakeDialParameters(
 		}
 
 		if protocol.TunnelProtocolIsDirect(dialParams.TunnelProtocol) &&
-			(common.Contains(
-				p.Strings(parameters.HoldOffDirectServerEntryRegions), serverEntry.Region) ||
-				common.ContainsAny(
-					p.KeyStrings(parameters.HoldOffDirectServerEntryProviderRegions, dialParams.ServerEntry.ProviderID), []string{"", serverEntry.Region})) {
+			common.ContainsAny(
+				p.KeyStrings(parameters.HoldOffDirectTunnelProviderRegions, dialParams.ServerEntry.ProviderID), []string{"", serverEntry.Region}) {
 
 			if p.WeightedCoinFlip(parameters.HoldOffDirectTunnelProbability) {
 

diff --git a/psiphon/dialParameters_test.go b/psiphon/dialParameters_test.go
@@ -83,14 +83,9 @@ func runDialParametersAndReplay(t *testing.T, tunnelProtocol string) {
 	providerID := prng.HexString(8)
 	frontingProviderID := prng.HexString(8)
 
-	var holdOffDirectServerEntryRegions []string
-	if tunnelProtocol == protocol.TUNNEL_PROTOCOL_TLS_OBFUSCATED_SSH {
-		holdOffDirectServerEntryRegions = []string{"CA"}
-	}
-
-	var holdOffDirectServerEntryProviderRegions parameters.KeyStrings
+	var holdOffDirectTunnelProviderRegions parameters.KeyStrings
 	if tunnelProtocol == protocol.TUNNEL_PROTOCOL_UNFRONTED_MEEK {
-		holdOffDirectServerEntryProviderRegions = map[string][]string{providerID: {""}}
+		holdOffDirectTunnelProviderRegions = map[string][]string{providerID: {""}}
 	}
 
 	applyParameters := make(map[string]interface{})
@@ -103,8 +98,7 @@ func runDialParametersAndReplay(t *testing.T, tunnelProtocol string) {
 	applyParameters[parameters.HoldOffTunnelProbability] = 1.0
 	applyParameters[parameters.HoldOffDirectTunnelMinDuration] = "1ms"
 	applyParameters[parameters.HoldOffDirectTunnelMaxDuration] = "10ms"
-	applyParameters[parameters.HoldOffDirectServerEntryRegions] = holdOffDirectServerEntryRegions
-	applyParameters[parameters.HoldOffDirectServerEntryProviderRegions] = holdOffDirectServerEntryProviderRegions
+	applyParameters[parameters.HoldOffDirectTunnelProviderRegions] = holdOffDirectTunnelProviderRegions
 	applyParameters[parameters.HoldOffDirectTunnelProbability] = 1.0
 	applyParameters[parameters.DNSResolverAlternateServers] = []string{"127.0.0.1", "127.0.0.2", "127.0.0.3"}
 	applyParameters[parameters.DirectHTTPProtocolTransformProbability] = 1.0
@@ -249,13 +243,14 @@ func runDialParametersAndReplay(t *testing.T, tunnelProtocol string) {
 
 	expectHoldOffTunnelProtocols := common.Contains(holdOffTunnelProtocols, tunnelProtocol)
 	expectHoldOffTunnelFrontingProviderIDs := protocol.TunnelProtocolUsesFrontedMeek(tunnelProtocol)
-	expectHoldOffDirectServerEntryRegions := protocol.TunnelProtocolIsDirect(tunnelProtocol) && common.Contains(holdOffDirectServerEntryRegions, dialParams.ServerEntry.Region)
-	expectHoldOffDirectServerEntryProviderRegion := protocol.TunnelProtocolIsDirect(tunnelProtocol) && common.ContainsAny(holdOffDirectServerEntryProviderRegions[dialParams.ServerEntry.ProviderID], []string{"", dialParams.ServerEntry.Region})
+	expectHoldOffDirectTunnelProviderRegion := protocol.TunnelProtocolIsDirect(tunnelProtocol) &&
+		common.ContainsAny(
+			holdOffDirectTunnelProviderRegions[dialParams.ServerEntry.ProviderID],
+			[]string{"", dialParams.ServerEntry.Region})
 
 	if expectHoldOffTunnelProtocols ||
 		expectHoldOffTunnelFrontingProviderIDs ||
-		expectHoldOffDirectServerEntryRegions ||
-		expectHoldOffDirectServerEntryProviderRegion {
+		expectHoldOffDirectTunnelProviderRegion {
 		if dialParams.HoldOffTunnelDuration < 1*time.Millisecond ||
 			dialParams.HoldOffTunnelDuration > 10*time.Millisecond {
 			t.Fatalf("unexpected hold-off duration: %v", dialParams.HoldOffTunnelDuration)
@@ -548,36 +543,6 @@ func runDialParametersAndReplay(t *testing.T, tunnelProtocol string) {
 		t.Fatalf("SetParameters failed: %s", err)
 	}
 
-	// Test: client-side restrict provider ID
-
-	applyParameters[parameters.RestrictDirectProviderIDs] = []string{providerID}
-	applyParameters[parameters.RestrictDirectProviderIDsClientProbability] = 1.0
-	err = clientConfig.SetParameters("tag6", false, applyParameters)
-	if err != nil {
-		t.Fatalf("SetParameters failed: %s", err)
-	}
-
-	dialParams, err = MakeDialParameters(clientConfig, nil, canReplay, selectProtocol, serverEntries[0], false, 0, 0)
-
-	if protocol.TunnelProtocolIsDirect(tunnelProtocol) {
-		if err == nil {
-			if dialParams != nil {
-				t.Fatalf("unexpected MakeDialParameters success")
-			}
-		}
-	} else {
-		if err != nil {
-			t.Fatalf("MakeDialParameters failed: %s", err)
-		}
-	}
-
-	applyParameters[parameters.RestrictDirectProviderIDs] = []string{}
-	applyParameters[parameters.RestrictDirectProviderIDsClientProbability] = 0.0
-	err = clientConfig.SetParameters("tag7", false, applyParameters)
-	if err != nil {
-		t.Fatalf("SetParameters failed: %s", err)
-	}
-
 	// Test: client-side restrict provider ID by region
 
 	applyParameters[parameters.RestrictDirectProviderRegions] = map[string][]string{providerID: {"CA"}}

diff --git a/psiphon/server/listener.go b/psiphon/server/listener.go
@@ -121,11 +121,8 @@ func (listener *TacticsListener) accept() (net.Conn, error) {
 	//
 	// See the comment in server.LoadConfig regarding provider ID limitations.
 	if protocol.TunnelProtocolIsDirect(listener.tunnelProtocol) &&
-		(common.Contains(
-			p.Strings(parameters.RestrictDirectProviderIDs),
-			listener.support.Config.GetProviderID()) ||
-			common.ContainsAny(
-				p.KeyStrings(parameters.RestrictDirectProviderRegions, listener.support.Config.GetProviderID()), []string{"", listener.support.Config.GetRegion()})) {
+		common.ContainsAny(
+			p.KeyStrings(parameters.RestrictDirectProviderRegions, listener.support.Config.GetProviderID()), []string{"", listener.support.Config.GetRegion()}) {
 
 		if p.WeightedCoinFlip(
 			parameters.RestrictDirectProviderIDsServerProbability) {

diff --git a/psiphon/serverApi.go b/psiphon/serverApi.go
@@ -140,8 +140,8 @@ func (serverContext *ServerContext) doHandshakeRequest(
 	// The purpose of this mechanism is to rapidly add provider IDs to the
 	// server entries in client local storage, and to ensure that the client has
 	// a provider ID for its currently connected server as required for the
-	// RestrictDirectProviderIDs, RestrictDirectProviderRegions, and
-	// HoldOffDirectServerEntryProviderRegions tactics.
+	// RestrictDirectProviderRegions, and HoldOffDirectTunnelProviderRegions
+	// tactics.
 	//
 	// The server entry will be included in handshakeResponse.EncodedServerList,
 	// along side discovery servers.