diff --git a/psiphon/common/parameters/parameters.go b/psiphon/common/parameters/parameters.go index 8d9de6160..1e27fe08e 100755 --- a/psiphon/common/parameters/parameters.go +++ b/psiphon/common/parameters/parameters.go @@ -311,18 +311,16 @@ const ( HoldOffTunnelProtocols = "HoldOffTunnelProtocols" HoldOffTunnelFrontingProviderIDs = "HoldOffTunnelFrontingProviderIDs" HoldOffTunnelProbability = "HoldOffTunnelProbability" + RestrictFrontingProviderIDs = "RestrictFrontingProviderIDs" + RestrictFrontingProviderIDsServerProbability = "RestrictFrontingProviderIDsServerProbability" + RestrictFrontingProviderIDsClientProbability = "RestrictFrontingProviderIDsClientProbability" HoldOffDirectTunnelMinDuration = "HoldOffDirectTunnelMinDuration" HoldOffDirectTunnelMaxDuration = "HoldOffDirectTunnelMaxDuration" - HoldOffDirectServerEntryRegions = "HoldOffDirectServerEntryRegions" - HoldOffDirectServerEntryProviderRegions = "HoldOffDirectServerEntryProviderRegions" + HoldOffDirectTunnelProviderRegions = "HoldOffDirectTunnelProviderRegions" HoldOffDirectTunnelProbability = "HoldOffDirectTunnelProbability" - RestrictDirectProviderIDs = "RestrictDirectProviderIDs" RestrictDirectProviderRegions = "RestrictDirectProviderRegions" RestrictDirectProviderIDsServerProbability = "RestrictDirectProviderIDsServerProbability" RestrictDirectProviderIDsClientProbability = "RestrictDirectProviderIDsClientProbability" - RestrictFrontingProviderIDs = "RestrictFrontingProviderIDs" - RestrictFrontingProviderIDsServerProbability = "RestrictFrontingProviderIDsServerProbability" - RestrictFrontingProviderIDsClientProbability = "RestrictFrontingProviderIDsClientProbability" UpstreamProxyAllowAllServerEntrySources = "UpstreamProxyAllowAllServerEntrySources" DestinationBytesMetricsASN = "DestinationBytesMetricsASN" DNSResolverAttemptsPerServer = "DNSResolverAttemptsPerServer" @@ -711,21 +709,19 @@ var defaultParameters = map[string]struct { HoldOffTunnelFrontingProviderIDs: {value: []string{}}, HoldOffTunnelProbability: {value: 0.0, minimum: 0.0}, - HoldOffDirectTunnelMinDuration: {value: time.Duration(0), minimum: time.Duration(0)}, - HoldOffDirectTunnelMaxDuration: {value: time.Duration(0), minimum: time.Duration(0)}, - HoldOffDirectServerEntryRegions: {value: []string{}}, - HoldOffDirectServerEntryProviderRegions: {value: KeyStrings{}}, - HoldOffDirectTunnelProbability: {value: 0.0, minimum: 0.0}, + RestrictFrontingProviderIDs: {value: []string{}}, + RestrictFrontingProviderIDsServerProbability: {value: 0.0, minimum: 0.0, flags: serverSideOnly}, + RestrictFrontingProviderIDsClientProbability: {value: 0.0, minimum: 0.0}, + + HoldOffDirectTunnelMinDuration: {value: time.Duration(0), minimum: time.Duration(0)}, + HoldOffDirectTunnelMaxDuration: {value: time.Duration(0), minimum: time.Duration(0)}, + HoldOffDirectTunnelProviderRegions: {value: KeyStrings{}}, + HoldOffDirectTunnelProbability: {value: 0.0, minimum: 0.0}, - RestrictDirectProviderIDs: {value: []string{}}, RestrictDirectProviderRegions: {value: KeyStrings{}}, RestrictDirectProviderIDsServerProbability: {value: 0.0, minimum: 0.0, flags: serverSideOnly}, RestrictDirectProviderIDsClientProbability: {value: 0.0, minimum: 0.0}, - RestrictFrontingProviderIDs: {value: []string{}}, - RestrictFrontingProviderIDsServerProbability: {value: 0.0, minimum: 0.0, flags: serverSideOnly}, - RestrictFrontingProviderIDsClientProbability: {value: 0.0, minimum: 0.0}, - UpstreamProxyAllowAllServerEntrySources: {value: false}, DestinationBytesMetricsASN: {value: "", flags: serverSideOnly}, diff --git a/psiphon/config.go b/psiphon/config.go index 56244a9dc..6f0b1ff59 100755 --- a/psiphon/config.go +++ b/psiphon/config.go @@ -818,25 +818,23 @@ type Config struct { HoldOffTunnelFrontingProviderIDs []string HoldOffTunnelProbability *float64 + // RestrictFrontingProviderIDs and other RestrictFrontingProviderIDs fields + // are for testing purposes. + RestrictFrontingProviderIDs []string + RestrictFrontingProviderIDsClientProbability *float64 + // HoldOffDirectTunnelMinDurationMilliseconds and other HoldOffDirect // fields are for testing purposes. HoldOffDirectTunnelMinDurationMilliseconds *int HoldOffDirectTunnelMaxDurationMilliseconds *int - HoldOffDirectServerEntryRegions []string - HoldOffDirectServerEntryProviderRegions map[string][]string + HoldOffDirectTunnelProviderRegions map[string][]string HoldOffDirectTunnelProbability *float64 - // RestrictDirectProviderIDs and other RestrictDirect fields are for + // RestrictDirectProviderRegions and other RestrictDirect fields are for // testing purposes. - RestrictDirectProviderIDs []string RestrictDirectProviderRegions map[string][]string RestrictDirectProviderIDsClientProbability *float64 - // RestrictFrontingProviderIDs and other RestrictFrontingProviderIDs fields - // are for testing purposes. - RestrictFrontingProviderIDs []string - RestrictFrontingProviderIDsClientProbability *float64 - // UpstreamProxyAllowAllServerEntrySources is for testing purposes. UpstreamProxyAllowAllServerEntrySources *bool @@ -1949,22 +1947,14 @@ func (config *Config) makeConfigParameters() map[string]interface{} { applyParameters[parameters.HoldOffDirectTunnelMaxDuration] = fmt.Sprintf("%dms", *config.HoldOffDirectTunnelMaxDurationMilliseconds) } - if len(config.HoldOffDirectServerEntryRegions) > 0 { - applyParameters[parameters.HoldOffDirectServerEntryRegions] = config.HoldOffDirectServerEntryRegions - } - - if len(config.HoldOffDirectServerEntryProviderRegions) > 0 { - applyParameters[parameters.HoldOffDirectServerEntryProviderRegions] = parameters.KeyStrings(config.HoldOffDirectServerEntryProviderRegions) + if len(config.HoldOffDirectTunnelProviderRegions) > 0 { + applyParameters[parameters.HoldOffDirectTunnelProviderRegions] = parameters.KeyStrings(config.HoldOffDirectTunnelProviderRegions) } if config.HoldOffDirectTunnelProbability != nil { applyParameters[parameters.HoldOffDirectTunnelProbability] = *config.HoldOffDirectTunnelProbability } - if len(config.RestrictDirectProviderIDs) > 0 { - applyParameters[parameters.RestrictDirectProviderIDs] = config.RestrictDirectProviderIDs - } - if len(config.RestrictDirectProviderRegions) > 0 { applyParameters[parameters.RestrictDirectProviderRegions] = parameters.KeyStrings(config.RestrictDirectProviderRegions) } @@ -2475,16 +2465,9 @@ func (config *Config) setDialParametersHash() { binary.Write(hash, binary.LittleEndian, int64(*config.HoldOffDirectTunnelMaxDurationMilliseconds)) } - if len(config.HoldOffDirectServerEntryRegions) > 0 { - hash.Write([]byte("HoldOffDirectServerEntryRegions")) - for _, region := range config.HoldOffDirectServerEntryRegions { - hash.Write([]byte(region)) - } - } - - if len(config.HoldOffDirectServerEntryProviderRegions) > 0 { - hash.Write([]byte("HoldOffDirectServerEntryProviderRegions")) - for providerID, regions := range config.HoldOffDirectServerEntryProviderRegions { + if len(config.HoldOffDirectTunnelProviderRegions) > 0 { + hash.Write([]byte("HoldOffDirectTunnelProviderRegions")) + for providerID, regions := range config.HoldOffDirectTunnelProviderRegions { hash.Write([]byte(providerID)) for _, region := range regions { hash.Write([]byte(region)) @@ -2497,13 +2480,6 @@ func (config *Config) setDialParametersHash() { binary.Write(hash, binary.LittleEndian, *config.HoldOffTunnelProbability) } - if len(config.RestrictDirectProviderIDs) > 0 { - hash.Write([]byte("RestrictDirectProviderIDs")) - for _, providerID := range config.RestrictDirectProviderIDs { - hash.Write([]byte(providerID)) - } - } - if len(config.RestrictDirectProviderRegions) > 0 { hash.Write([]byte("RestrictDirectProviderRegions")) for providerID, regions := range config.RestrictDirectProviderRegions { diff --git a/psiphon/dialParameters.go b/psiphon/dialParameters.go index e9d9676c2..660880ad9 100644 --- a/psiphon/dialParameters.go +++ b/psiphon/dialParameters.go @@ -431,11 +431,8 @@ func MakeDialParameters( // provider ID. See the corresponding server-side enforcement comments in // server.TacticsListener.accept. if protocol.TunnelProtocolIsDirect(dialParams.TunnelProtocol) && - (common.Contains( - p.Strings(parameters.RestrictDirectProviderIDs), - dialParams.ServerEntry.ProviderID) || - common.ContainsAny( - p.KeyStrings(parameters.RestrictDirectProviderRegions, dialParams.ServerEntry.ProviderID), []string{"", serverEntry.Region})) { + common.ContainsAny( + p.KeyStrings(parameters.RestrictDirectProviderRegions, dialParams.ServerEntry.ProviderID), []string{"", serverEntry.Region}) { if p.WeightedCoinFlip( parameters.RestrictDirectProviderIDsClientProbability) { @@ -889,10 +886,8 @@ func MakeDialParameters( } if protocol.TunnelProtocolIsDirect(dialParams.TunnelProtocol) && - (common.Contains( - p.Strings(parameters.HoldOffDirectServerEntryRegions), serverEntry.Region) || - common.ContainsAny( - p.KeyStrings(parameters.HoldOffDirectServerEntryProviderRegions, dialParams.ServerEntry.ProviderID), []string{"", serverEntry.Region})) { + common.ContainsAny( + p.KeyStrings(parameters.HoldOffDirectTunnelProviderRegions, dialParams.ServerEntry.ProviderID), []string{"", serverEntry.Region}) { if p.WeightedCoinFlip(parameters.HoldOffDirectTunnelProbability) { diff --git a/psiphon/dialParameters_test.go b/psiphon/dialParameters_test.go index 46f88fb13..c28b25b6f 100644 --- a/psiphon/dialParameters_test.go +++ b/psiphon/dialParameters_test.go @@ -83,14 +83,9 @@ func runDialParametersAndReplay(t *testing.T, tunnelProtocol string) { providerID := prng.HexString(8) frontingProviderID := prng.HexString(8) - var holdOffDirectServerEntryRegions []string - if tunnelProtocol == protocol.TUNNEL_PROTOCOL_TLS_OBFUSCATED_SSH { - holdOffDirectServerEntryRegions = []string{"CA"} - } - - var holdOffDirectServerEntryProviderRegions parameters.KeyStrings + var holdOffDirectTunnelProviderRegions parameters.KeyStrings if tunnelProtocol == protocol.TUNNEL_PROTOCOL_UNFRONTED_MEEK { - holdOffDirectServerEntryProviderRegions = map[string][]string{providerID: {""}} + holdOffDirectTunnelProviderRegions = map[string][]string{providerID: {""}} } applyParameters := make(map[string]interface{}) @@ -103,8 +98,7 @@ func runDialParametersAndReplay(t *testing.T, tunnelProtocol string) { applyParameters[parameters.HoldOffTunnelProbability] = 1.0 applyParameters[parameters.HoldOffDirectTunnelMinDuration] = "1ms" applyParameters[parameters.HoldOffDirectTunnelMaxDuration] = "10ms" - applyParameters[parameters.HoldOffDirectServerEntryRegions] = holdOffDirectServerEntryRegions - applyParameters[parameters.HoldOffDirectServerEntryProviderRegions] = holdOffDirectServerEntryProviderRegions + applyParameters[parameters.HoldOffDirectTunnelProviderRegions] = holdOffDirectTunnelProviderRegions applyParameters[parameters.HoldOffDirectTunnelProbability] = 1.0 applyParameters[parameters.DNSResolverAlternateServers] = []string{"127.0.0.1", "127.0.0.2", "127.0.0.3"} applyParameters[parameters.DirectHTTPProtocolTransformProbability] = 1.0 @@ -249,13 +243,14 @@ func runDialParametersAndReplay(t *testing.T, tunnelProtocol string) { expectHoldOffTunnelProtocols := common.Contains(holdOffTunnelProtocols, tunnelProtocol) expectHoldOffTunnelFrontingProviderIDs := protocol.TunnelProtocolUsesFrontedMeek(tunnelProtocol) - expectHoldOffDirectServerEntryRegions := protocol.TunnelProtocolIsDirect(tunnelProtocol) && common.Contains(holdOffDirectServerEntryRegions, dialParams.ServerEntry.Region) - expectHoldOffDirectServerEntryProviderRegion := protocol.TunnelProtocolIsDirect(tunnelProtocol) && common.ContainsAny(holdOffDirectServerEntryProviderRegions[dialParams.ServerEntry.ProviderID], []string{"", dialParams.ServerEntry.Region}) + expectHoldOffDirectTunnelProviderRegion := protocol.TunnelProtocolIsDirect(tunnelProtocol) && + common.ContainsAny( + holdOffDirectTunnelProviderRegions[dialParams.ServerEntry.ProviderID], + []string{"", dialParams.ServerEntry.Region}) if expectHoldOffTunnelProtocols || expectHoldOffTunnelFrontingProviderIDs || - expectHoldOffDirectServerEntryRegions || - expectHoldOffDirectServerEntryProviderRegion { + expectHoldOffDirectTunnelProviderRegion { if dialParams.HoldOffTunnelDuration < 1*time.Millisecond || dialParams.HoldOffTunnelDuration > 10*time.Millisecond { t.Fatalf("unexpected hold-off duration: %v", dialParams.HoldOffTunnelDuration) @@ -548,36 +543,6 @@ func runDialParametersAndReplay(t *testing.T, tunnelProtocol string) { t.Fatalf("SetParameters failed: %s", err) } - // Test: client-side restrict provider ID - - applyParameters[parameters.RestrictDirectProviderIDs] = []string{providerID} - applyParameters[parameters.RestrictDirectProviderIDsClientProbability] = 1.0 - err = clientConfig.SetParameters("tag6", false, applyParameters) - if err != nil { - t.Fatalf("SetParameters failed: %s", err) - } - - dialParams, err = MakeDialParameters(clientConfig, nil, canReplay, selectProtocol, serverEntries[0], false, 0, 0) - - if protocol.TunnelProtocolIsDirect(tunnelProtocol) { - if err == nil { - if dialParams != nil { - t.Fatalf("unexpected MakeDialParameters success") - } - } - } else { - if err != nil { - t.Fatalf("MakeDialParameters failed: %s", err) - } - } - - applyParameters[parameters.RestrictDirectProviderIDs] = []string{} - applyParameters[parameters.RestrictDirectProviderIDsClientProbability] = 0.0 - err = clientConfig.SetParameters("tag7", false, applyParameters) - if err != nil { - t.Fatalf("SetParameters failed: %s", err) - } - // Test: client-side restrict provider ID by region applyParameters[parameters.RestrictDirectProviderRegions] = map[string][]string{providerID: {"CA"}} diff --git a/psiphon/server/listener.go b/psiphon/server/listener.go index 4f77e5abb..e6d01de16 100644 --- a/psiphon/server/listener.go +++ b/psiphon/server/listener.go @@ -121,11 +121,8 @@ func (listener *TacticsListener) accept() (net.Conn, error) { // // See the comment in server.LoadConfig regarding provider ID limitations. if protocol.TunnelProtocolIsDirect(listener.tunnelProtocol) && - (common.Contains( - p.Strings(parameters.RestrictDirectProviderIDs), - listener.support.Config.GetProviderID()) || - common.ContainsAny( - p.KeyStrings(parameters.RestrictDirectProviderRegions, listener.support.Config.GetProviderID()), []string{"", listener.support.Config.GetRegion()})) { + common.ContainsAny( + p.KeyStrings(parameters.RestrictDirectProviderRegions, listener.support.Config.GetProviderID()), []string{"", listener.support.Config.GetRegion()}) { if p.WeightedCoinFlip( parameters.RestrictDirectProviderIDsServerProbability) { diff --git a/psiphon/serverApi.go b/psiphon/serverApi.go index 9304b7d8e..a4c0fe83c 100644 --- a/psiphon/serverApi.go +++ b/psiphon/serverApi.go @@ -140,8 +140,8 @@ func (serverContext *ServerContext) doHandshakeRequest( // The purpose of this mechanism is to rapidly add provider IDs to the // server entries in client local storage, and to ensure that the client has // a provider ID for its currently connected server as required for the - // RestrictDirectProviderIDs, RestrictDirectProviderRegions, and - // HoldOffDirectServerEntryProviderRegions tactics. + // RestrictDirectProviderRegions, and HoldOffDirectTunnelProviderRegions + // tactics. // // The server entry will be included in handshakeResponse.EncodedServerList, // along side discovery servers.