1 год назад · 08c6fae1e0
--- a/psiphon/common/inproxy/session.go
+++ b/psiphon/common/inproxy/session.go
@@ -42,8 +42,8 @@ import (
 
				 )
			
 
				 
			
 
				 const (
			
 
				-	sessionsTTL     = 5 * time.Minute
			
 
				-	sessionsMaxSize = 100000
			
 
				+	sessionsTTL     = 24 * time.Hour
			
 
				+	sessionsMaxSize = 1000000
			
 
				 
			
 
				 	sessionObfuscationPaddingMinSize = 0
			
 
				 	sessionObfuscationPaddingMaxSize = 256
			
@@ -1806,7 +1806,12 @@ func (s *session) nextUnmarshaledHandshakePacket(sessionPacket *SessionPacket) (
 
				 			return false, nil, nil, errors.Tracef("unexpected sessionID")
			
 
				 		}
			
 
				 		if sessionPacket.Nonce != 0 {
			
 
				-			return false, nil, nil, errors.TraceNew("unexpected nonce")
			
 
				+
			
 
				+			// A handshake message was expected, but this packet contains a
			
 
				+			// post-handshake nonce, Flag this as a potential expired session
			
 
				+			// case. See comment below for limitation.
			
 
				+			return false, nil, nil,
			
 
				+				potentialExpiredSessionError{errors.TraceNew("unexpected nonce")}
			
 
				 		}
			
 
				 		in = sessionPacket.Payload
			
 
				 	}
			
--- a/psiphon/common/inproxy/session_test.go
+++ b/psiphon/common/inproxy/session_test.go
@@ -101,6 +101,44 @@ func runTestSessions() error {
 
				 	}
			
 
				 
			
 
				 	// Test: session expires; new one negotiated
			
 
				+	//
			
 
				+	// sessionStateResponder_XK_recv_e_es_send_e_ee case, when Nonce = 0
			
 
				+
			
 
				+	responderSessions.sessions.Flush()
			
 
				+
			
 
				+	request = roundTripper.MakeRequest()
			
 
				+
			
 
				+	response, err = initiatorSessions.RoundTrip(
			
 
				+		context.Background(),
			
 
				+		roundTripper,
			
 
				+		responderPublicKey,
			
 
				+		responderRootObfuscationSecret,
			
 
				+		waitToShareSession,
			
 
				+		request)
			
 
				+	if err != nil {
			
 
				+		return errors.Trace(err)
			
 
				+	}
			
 
				+
			
 
				+	if !bytes.Equal(response, roundTripper.ExpectedResponse(request)) {
			
 
				+		return errors.TraceNew("unexpected response")
			
 
				+	}
			
 
				+
			
 
				+	// Test: session expires; new one negotiated
			
 
				+	//
			
 
				+	// "unexpected nonce" case, when Nonce > 0
			
 
				+
			
 
				+	for i := 0; i < 10; i++ {
			
 
				+		_, err = initiatorSessions.RoundTrip(
			
 
				+			context.Background(),
			
 
				+			roundTripper,
			
 
				+			responderPublicKey,
			
 
				+			responderRootObfuscationSecret,
			
 
				+			waitToShareSession,
			
 
				+			roundTripper.MakeRequest())
			
 
				+		if err != nil {
			
 
				+			return errors.Trace(err)
			
 
				+		}
			
 
				+	}
			
 
				 
			
 
				 	responderSessions.sessions.Flush()