Merge branch 'master' into packet-tunnel

MobileLibrary/iOS/README.md

@@ -3,19 +3,3 @@
 ## Usage
 
 If you are using the Library in your app, please read the [USAGE.md](USAGE.md) instructions.
-
-## Acknowledgements
-
-Psiphon iOS Library uses:
-* [OpenSSL-for-iPhone](https://github.com/x2on/OpenSSL-for-iPhone)
-
-### OpenSSL-for-iPhone Changes
-
-`build-libssl.sh` rebuilds openssl on every run.  Modifications were made to
-not run unless required, they are:
-
-* Check if `libssl.a` and `libcrypto.a` are built and compare the version strings
-found in files to the `VERSION` variable in `build-libssl.sh`.
-
-* A new variable `FORCE_BUILD` is set to force a build.  Set this to *true* as
-necessary.

MobileLibrary/iOS/USAGE.md

@@ -48,6 +48,10 @@ The following architecture targets are compiled into the Library's framework bin
 
 When run in a simulator, there may be errors shown in the device log. This does not seem to affect the execution of the app (or Library).
 
+## Proxying a web view
+
+`WKWebView` _cannot_ be proxied. `UIWebView` _can_ be. Some [googling](https://www.google.ca/search?q=uiwebview+nsurlprotocol+proxy) should provide many example of how to do this. Here is some extensive information for [Objective-C](https://www.raywenderlich.com/59982/nsurlprotocol-tutorial) and [Swift](https://www.raywenderlich.com/76735/using-nsurlprotocol-swift).
+
 ## Other notes
 
 If you encounter an app crash due to `SIGPIPE`, please let us know. This occurs in the debugger, but it's not clear if it happens in a production app (or is a problem). If you encounter a `SIGPIPE` breakpoint while running under the debugger, follow [these instructions](https://plus.google.com/113241179738681655641/posts/BmMiY8mpsB7) to disable it.

psiphon/LookupIP.go

@@ -95,10 +95,10 @@ func bindLookupIP(host, dnsServer string, config *DialConfig) (addrs []net.IP, e
 	if err != nil {
 		return nil, common.ContextError(err)
 	}
-	defer syscall.Close(socketFd)
 
 	err = config.DeviceBinder.BindToDevice(socketFd)
 	if err != nil {
+		syscall.Close(socketFd)
 		return nil, common.ContextError(fmt.Errorf("BindToDevice failed: %s", err))
 	}
 
@@ -112,23 +112,26 @@ func bindLookupIP(host, dnsServer string, config *DialConfig) (addrs []net.IP, e
 		err = syscall.Connect(socketFd, &sockAddr)
 	}
 	if err != nil {
+		syscall.Close(socketFd)
 		return nil, common.ContextError(err)
 	}
 
 	// Convert the syscall socket to a net.Conn, for use in the dns package
 	file := os.NewFile(uintptr(socketFd), "")
-	defer file.Close()
-	conn, err := net.FileConn(file)
+	netConn, err := net.FileConn(file) // net.FileConn() dups socketFd
+	file.Close()                       // file.Close() closes socketFd
 	if err != nil {
 		return nil, common.ContextError(err)
 	}
 
 	// Set DNS query timeouts, using the ConnectTimeout from the overall Dial
 	if config.ConnectTimeout != 0 {
-		conn.SetReadDeadline(time.Now().Add(config.ConnectTimeout))
-		conn.SetWriteDeadline(time.Now().Add(config.ConnectTimeout))
+		netConn.SetReadDeadline(time.Now().Add(config.ConnectTimeout))
+		netConn.SetWriteDeadline(time.Now().Add(config.ConnectTimeout))
 	}
 
-	addrs, _, err = ResolveIP(host, conn)
-	return
+	addrs, _, err = ResolveIP(host, netConn)
+	netConn.Close()
+
+	return addrs, err
 }

psiphon/TCPConn_bind.go

@@ -165,11 +165,14 @@ func tcpDial(addr string, config *DialConfig) (net.Conn, error) {
 
 		err = goselect.Select(socketFd+1, nil, fdset, nil, timeout)
 		if err != nil {
+			syscall.Close(socketFd)
 			lastErr = common.ContextError(err)
 			continue
 		}
+
 		if !fdset.IsSet(uintptr(socketFd)) {
-			lastErr = common.ContextError(errors.New("file descriptor not set"))
+			syscall.Close(socketFd)
+			lastErr = common.ContextError(errors.New("connect timed out"))
 			continue
 		}
 

psiphon/config.go

@@ -197,8 +197,9 @@ type Config struct {
 
 	// TunnelProtocol indicates which protocol to use. Valid values include:
 	// "SSH", "OSSH", "UNFRONTED-MEEK-OSSH", "UNFRONTED-MEEK-HTTPS-OSSH",
-	// "FRONTED-MEEK-OSSH", "FRONTED-MEEK-HTTP-OSSH". For the default, "",
-	// the best performing protocol is used.
+	// "UNFRONTED-MEEK-SESSION-TICKET-OSSH", "FRONTED-MEEK-OSSH",
+	// "FRONTED-MEEK-HTTP-OSSH".
+	// For the default, "", the best performing protocol is used.
 	TunnelProtocol string
 
 	// EstablishTunnelTimeoutSeconds specifies a time limit after which to halt

psiphon/server/config.go

@@ -123,8 +123,8 @@ type Config struct {
 	// TunnelProtocolPorts specifies which tunnel protocols to run
 	// and which ports to listen on for each protocol. Valid tunnel
 	// protocols include: "SSH", "OSSH", "UNFRONTED-MEEK-OSSH",
-	// "UNFRONTED-MEEK-HTTPS-OSSH", "FRONTED-MEEK-OSSH",
-	// "FRONTED-MEEK-HTTP-OSSH".
+	// "UNFRONTED-MEEK-HTTPS-OSSH", "UNFRONTED-MEEK-SESSION-TICKET-OSSH",
+	// "FRONTED-MEEK-OSSH", "FRONTED-MEEK-HTTP-OSSH".
 	TunnelProtocolPorts map[string]int
 
 	// SSHPrivateKey is the SSH host key. The same key is used for