Add more client/proxy-specific in-proxy tactics parameters

psiphon/common/parameters/parameters.go

@@ -418,7 +418,16 @@ const (
 	InproxyDisablePortMapping                          = "InproxyDisablePortMapping"
 	InproxyDisableInboundForMobileNetworks             = "InproxyDisableInboundForMobileNetworks"
 	InproxyDisableIPv6ICECandidates                    = "InproxyDisableIPv6ICECandidates"
-	InproxyDiscoverNATTimeout                          = "InproxyDiscoverNATTimeout"
+	InproxyProxyDisableSTUN                            = "InproxyProxyDisableSTUN"
+	InproxyProxyDisablePortMapping                     = "InproxyProxyDisablePortMapping"
+	InproxyProxyDisableInboundForMobileNetworks        = "InproxyProxyDisableInboundForMobileNetworks"
+	InproxyProxyDisableIPv6ICECandidates               = "InproxyProxyDisableIPv6ICECandidates"
+	InproxyClientDisableSTUN                           = "InproxyClientDisableSTUN"
+	InproxyClientDisablePortMapping                    = "InproxyClientDisablePortMapping"
+	InproxyClientDisableInboundForMobileNetworks       = "InproxyClientDisableInboundForMobileNetworks"
+	InproxyClientDisableIPv6ICECandidates              = "InproxyClientDisableIPv6ICECandidates"
+	InproxyProxyDiscoverNATTimeout                     = "InproxyProxyDiscoverNATTimeout"
+	InproxyClientDiscoverNATTimeout                    = "InproxyClientDiscoverNATTimeout"
 	InproxyWebRTCAnswerTimeout                         = "InproxyWebRTCAnswerTimeout"
 	InproxyProxyWebRTCAwaitDataChannelTimeout          = "InproxyProxyWebRTCAwaitDataChannelTimeout"
 	InproxyClientWebRTCAwaitDataChannelTimeout         = "InproxyClientWebRTCAwaitDataChannelTimeout"
@@ -901,7 +910,16 @@ var defaultParameters = map[string]struct {
 	InproxyDisablePortMapping:                          {value: false},
 	InproxyDisableInboundForMobileNetworks:             {value: false},
 	InproxyDisableIPv6ICECandidates:                    {value: false},
-	InproxyDiscoverNATTimeout:                          {value: 10 * time.Second, minimum: time.Duration(0), flags: useNetworkLatencyMultiplier},
+	InproxyProxyDisableSTUN:                            {value: false},
+	InproxyProxyDisablePortMapping:                     {value: false},
+	InproxyProxyDisableInboundForMobileNetworks:        {value: false},
+	InproxyProxyDisableIPv6ICECandidates:               {value: false},
+	InproxyClientDisableSTUN:                           {value: false},
+	InproxyClientDisablePortMapping:                    {value: false},
+	InproxyClientDisableInboundForMobileNetworks:       {value: false},
+	InproxyClientDisableIPv6ICECandidates:              {value: false},
+	InproxyProxyDiscoverNATTimeout:                     {value: 10 * time.Second, minimum: time.Duration(0), flags: useNetworkLatencyMultiplier},
+	InproxyClientDiscoverNATTimeout:                    {value: 10 * time.Second, minimum: time.Duration(0), flags: useNetworkLatencyMultiplier},
 	InproxyWebRTCAnswerTimeout:                         {value: 20 * time.Second, minimum: time.Duration(0), flags: useNetworkLatencyMultiplier},
 	InproxyProxyWebRTCAwaitDataChannelTimeout:          {value: 30 * time.Second, minimum: time.Duration(0), flags: useNetworkLatencyMultiplier},
 	InproxyClientWebRTCAwaitDataChannelTimeout:         {value: 20 * time.Second, minimum: time.Duration(0), flags: useNetworkLatencyMultiplier},

psiphon/config.go

@@ -1032,7 +1032,16 @@ type Config struct {
 	InproxyDisablePortMapping                              *bool
 	InproxyDisableInboundForMobileNetworks                 *bool
 	InproxyDisableIPv6ICECandidates                        *bool
-	InproxyDiscoverNATTimeoutMilliseconds                  *int
+	InproxyProxyDisableSTUN                                *bool
+	InproxyProxyDisablePortMapping                         *bool
+	InproxyProxyDisableInboundForMobileNetworks            *bool
+	InproxyProxyDisableIPv6ICECandidates                   *bool
+	InproxyClientDisableSTUN                               *bool
+	InproxyClientDisablePortMapping                        *bool
+	InproxyClientDisableInboundForMobileNetworks           *bool
+	InproxyClientDisableIPv6ICECandidates                  *bool
+	InproxyProxyDiscoverNATTimeoutMilliseconds             *int
+	InproxyClientDiscoverNATTimeoutMilliseconds            *int
 	InproxyWebRTCAnswerTimeoutMilliseconds                 *int
 	InproxyProxyWebRTCAwaitDataChannelTimeoutMilliseconds  *int
 	InproxyClientWebRTCAwaitDataChannelTimeoutMilliseconds *int
@@ -2502,8 +2511,44 @@ func (config *Config) makeConfigParameters() map[string]interface{} {
 		applyParameters[parameters.InproxyDisableIPv6ICECandidates] = *config.InproxyDisableIPv6ICECandidates
 	}
 
-	if config.InproxyDiscoverNATTimeoutMilliseconds != nil {
-		applyParameters[parameters.InproxyDiscoverNATTimeout] = fmt.Sprintf("%dms", *config.InproxyDiscoverNATTimeoutMilliseconds)
+	if config.InproxyProxyDisableSTUN != nil {
+		applyParameters[parameters.InproxyProxyDisableSTUN] = *config.InproxyProxyDisableSTUN
+	}
+
+	if config.InproxyProxyDisablePortMapping != nil {
+		applyParameters[parameters.InproxyProxyDisablePortMapping] = *config.InproxyProxyDisablePortMapping
+	}
+
+	if config.InproxyProxyDisableInboundForMobileNetworks != nil {
+		applyParameters[parameters.InproxyProxyDisableInboundForMobileNetworks] = *config.InproxyProxyDisableInboundForMobileNetworks
+	}
+
+	if config.InproxyProxyDisableIPv6ICECandidates != nil {
+		applyParameters[parameters.InproxyProxyDisableIPv6ICECandidates] = *config.InproxyProxyDisableIPv6ICECandidates
+	}
+
+	if config.InproxyClientDisableSTUN != nil {
+		applyParameters[parameters.InproxyClientDisableSTUN] = *config.InproxyClientDisableSTUN
+	}
+
+	if config.InproxyClientDisablePortMapping != nil {
+		applyParameters[parameters.InproxyClientDisablePortMapping] = *config.InproxyClientDisablePortMapping
+	}
+
+	if config.InproxyClientDisableInboundForMobileNetworks != nil {
+		applyParameters[parameters.InproxyClientDisableInboundForMobileNetworks] = *config.InproxyClientDisableInboundForMobileNetworks
+	}
+
+	if config.InproxyClientDisableIPv6ICECandidates != nil {
+		applyParameters[parameters.InproxyClientDisableIPv6ICECandidates] = *config.InproxyClientDisableIPv6ICECandidates
+	}
+
+	if config.InproxyProxyDiscoverNATTimeoutMilliseconds != nil {
+		applyParameters[parameters.InproxyProxyDiscoverNATTimeout] = fmt.Sprintf("%dms", *config.InproxyProxyDiscoverNATTimeoutMilliseconds)
+	}
+
+	if config.InproxyClientDiscoverNATTimeoutMilliseconds != nil {
+		applyParameters[parameters.InproxyClientDiscoverNATTimeout] = fmt.Sprintf("%dms", *config.InproxyClientDiscoverNATTimeoutMilliseconds)
 	}
 
 	if config.InproxyWebRTCAnswerTimeoutMilliseconds != nil {
@@ -3258,9 +3303,45 @@ func (config *Config) setDialParametersHash() {
 		hash.Write([]byte("InproxyDisableIPv6ICECandidates"))
 		binary.Write(hash, binary.LittleEndian, *config.InproxyDisableIPv6ICECandidates)
 	}
-	if config.InproxyDiscoverNATTimeoutMilliseconds != nil {
-		hash.Write([]byte("InproxyDiscoverNATTimeoutMilliseconds"))
-		binary.Write(hash, binary.LittleEndian, int64(*config.InproxyDiscoverNATTimeoutMilliseconds))
+	if config.InproxyProxyDisableSTUN != nil {
+		hash.Write([]byte("InproxyProxyDisableSTUN"))
+		binary.Write(hash, binary.LittleEndian, *config.InproxyProxyDisableSTUN)
+	}
+	if config.InproxyProxyDisablePortMapping != nil {
+		hash.Write([]byte("InproxyProxyDisablePortMapping"))
+		binary.Write(hash, binary.LittleEndian, *config.InproxyProxyDisablePortMapping)
+	}
+	if config.InproxyProxyDisableInboundForMobileNetworks != nil {
+		hash.Write([]byte("InproxyProxyDisableInboundForMobileNetworks"))
+		binary.Write(hash, binary.LittleEndian, *config.InproxyProxyDisableInboundForMobileNetworks)
+	}
+	if config.InproxyProxyDisableIPv6ICECandidates != nil {
+		hash.Write([]byte("InproxyProxyDisableIPv6ICECandidates"))
+		binary.Write(hash, binary.LittleEndian, *config.InproxyProxyDisableIPv6ICECandidates)
+	}
+	if config.InproxyClientDisableSTUN != nil {
+		hash.Write([]byte("InproxyClientDisableSTUN"))
+		binary.Write(hash, binary.LittleEndian, *config.InproxyClientDisableSTUN)
+	}
+	if config.InproxyClientDisablePortMapping != nil {
+		hash.Write([]byte("InproxyClientDisablePortMapping"))
+		binary.Write(hash, binary.LittleEndian, *config.InproxyClientDisablePortMapping)
+	}
+	if config.InproxyClientDisableInboundForMobileNetworks != nil {
+		hash.Write([]byte("InproxyClientDisableInboundForMobileNetworks"))
+		binary.Write(hash, binary.LittleEndian, *config.InproxyClientDisableInboundForMobileNetworks)
+	}
+	if config.InproxyClientDisableIPv6ICECandidates != nil {
+		hash.Write([]byte("InproxyClientDisableIPv6ICECandidates"))
+		binary.Write(hash, binary.LittleEndian, *config.InproxyClientDisableIPv6ICECandidates)
+	}
+	if config.InproxyProxyDiscoverNATTimeoutMilliseconds != nil {
+		hash.Write([]byte("InproxyProxyDiscoverNATTimeoutMilliseconds"))
+		binary.Write(hash, binary.LittleEndian, int64(*config.InproxyProxyDiscoverNATTimeoutMilliseconds))
+	}
+	if config.InproxyClientDiscoverNATTimeoutMilliseconds != nil {
+		hash.Write([]byte("InproxyClientDiscoverNATTimeoutMilliseconds"))
+		binary.Write(hash, binary.LittleEndian, int64(*config.InproxyClientDiscoverNATTimeoutMilliseconds))
 	}
 	if config.InproxyWebRTCAnswerTimeoutMilliseconds != nil {
 		hash.Write([]byte("InproxyWebRTCAnswerTimeoutMilliseconds"))

psiphon/inproxy.go

@@ -1465,10 +1465,43 @@ func NewInproxyWebRTCDialInstance(
 		}
 	}
 
-	var awaitDataChannelTimeout time.Duration
+	disableSTUN := p.Bool(parameters.InproxyDisableSTUN)
+	disablePortMapping := p.Bool(parameters.InproxyDisablePortMapping)
+	disableInboundForMobileNetworks := p.Bool(parameters.InproxyDisableInboundForMobileNetworks)
+	disableIPv6ICECandidates := p.Bool(parameters.InproxyDisableIPv6ICECandidates)
+
+	var discoverNATTimeout, awaitDataChannelTimeout time.Duration
+
 	if isProxy {
+
+		disableSTUN = disableSTUN || p.Bool(parameters.InproxyProxyDisableSTUN)
+
+		disablePortMapping = disablePortMapping || p.Bool(parameters.InproxyProxyDisablePortMapping)
+
+		disableInboundForMobileNetworks = disableInboundForMobileNetworks ||
+			p.Bool(parameters.InproxyProxyDisableInboundForMobileNetworks)
+
+		disableIPv6ICECandidates = disableIPv6ICECandidates ||
+			p.Bool(parameters.InproxyProxyDisableIPv6ICECandidates)
+
+		discoverNATTimeout = p.Duration(parameters.InproxyProxyDiscoverNATTimeout)
+
 		awaitDataChannelTimeout = p.Duration(parameters.InproxyProxyWebRTCAwaitDataChannelTimeout)
+
 	} else {
+
+		disableSTUN = disableSTUN || p.Bool(parameters.InproxyClientDisableSTUN)
+
+		disablePortMapping = disablePortMapping || p.Bool(parameters.InproxyClientDisablePortMapping)
+
+		disableInboundForMobileNetworks = disableInboundForMobileNetworks ||
+			p.Bool(parameters.InproxyClientDisableInboundForMobileNetworks)
+
+		disableIPv6ICECandidates = disableIPv6ICECandidates ||
+			p.Bool(parameters.InproxyClientDisableIPv6ICECandidates)
+
+		discoverNATTimeout = p.Duration(parameters.InproxyClientDiscoverNATTimeout)
+
 		awaitDataChannelTimeout = p.Duration(parameters.InproxyClientWebRTCAwaitDataChannelTimeout)
 	}
 
@@ -1484,12 +1517,16 @@ func NewInproxyWebRTCDialInstance(
 		stunDialParameters:   stunDialParameters,
 		webRTCDialParameters: webRTCDialParameters,
 
+		// discoverNAT is ignored by proxies, which always attempt discovery.
+		// webRTCAnswerTimeout and proxyDestinationDialTimeout are used only
+		// by proxies.
+
 		discoverNAT:                     p.WeightedCoinFlip(parameters.InproxyClientDiscoverNATProbability),
-		disableSTUN:                     p.Bool(parameters.InproxyDisableSTUN),
-		disablePortMapping:              p.Bool(parameters.InproxyDisablePortMapping),
-		disableInboundForMobileNetworks: p.Bool(parameters.InproxyDisableInboundForMobileNetworks),
-		disableIPv6ICECandidates:        p.Bool(parameters.InproxyDisableIPv6ICECandidates),
-		discoverNATTimeout:              p.Duration(parameters.InproxyDiscoverNATTimeout),
+		disableSTUN:                     disableSTUN,
+		disablePortMapping:              disablePortMapping,
+		disableInboundForMobileNetworks: disableInboundForMobileNetworks,
+		disableIPv6ICECandidates:        disableIPv6ICECandidates,
+		discoverNATTimeout:              discoverNATTimeout,
 		webRTCAnswerTimeout:             p.Duration(parameters.InproxyWebRTCAnswerTimeout),
 		awaitDataChannelTimeout:         awaitDataChannelTimeout,
 		proxyDestinationDialTimeout:     p.Duration(parameters.InproxyProxyDestinationDialTimeout),