Make TCP port forward dial timeout a configurable traffic rule

psiphon/server/trafficRules.go

@@ -30,6 +30,7 @@ import (
 const (
 	DEFAULT_IDLE_TCP_PORT_FORWARD_TIMEOUT_MILLISECONDS = 30000
 	DEFAULT_IDLE_UDP_PORT_FORWARD_TIMEOUT_MILLISECONDS = 30000
+	DEFAULT_DIAL_TCP_PORT_FORWARD_TIMEOUT_MILLISECONDS = 10000
 	DEFAULT_MAX_TCP_DIALING_PORT_FORWARD_COUNT         = 64
 	DEFAULT_MAX_TCP_PORT_FORWARD_COUNT                 = 512
 	DEFAULT_MAX_UDP_PORT_FORWARD_COUNT                 = 32
@@ -91,6 +92,12 @@ type TrafficRules struct {
 	// client traffic.
 	RateLimits RateLimits
 
+	// DialTCPPortForwardTimeoutMilliseconds is the timeout period
+	// for dialing TCP port forwards. A value of 0 specifies no timeout.
+	// When omitted in DefaultRules,
+	// DEFAULT_TCP_PORT_FORWARD_DIAL_TIMEOUT_MILLISECONDS is used.
+	DialTCPPortForwardTimeoutMilliseconds *int
+
 	// IdleTCPPortForwardTimeoutMilliseconds is the timeout period
 	// after which idle (no bytes flowing in either direction)
 	// client TCP port forwards are preemptively closed.
@@ -301,6 +308,11 @@ func (set *TrafficRulesSet) GetTrafficRules(
 		return &i
 	}
 
+	if trafficRules.DialTCPPortForwardTimeoutMilliseconds == nil {
+		trafficRules.DialTCPPortForwardTimeoutMilliseconds =
+			intPtr(DEFAULT_DIAL_TCP_PORT_FORWARD_TIMEOUT_MILLISECONDS)
+	}
+
 	if trafficRules.IdleTCPPortForwardTimeoutMilliseconds == nil {
 		trafficRules.IdleTCPPortForwardTimeoutMilliseconds =
 			intPtr(DEFAULT_IDLE_TCP_PORT_FORWARD_TIMEOUT_MILLISECONDS)
@@ -402,6 +414,10 @@ func (set *TrafficRulesSet) GetTrafficRules(
 			trafficRules.RateLimits.CloseAfterExhausted = filteredRules.Rules.RateLimits.CloseAfterExhausted
 		}
 
+		if filteredRules.Rules.DialTCPPortForwardTimeoutMilliseconds != nil {
+			trafficRules.DialTCPPortForwardTimeoutMilliseconds = filteredRules.Rules.DialTCPPortForwardTimeoutMilliseconds
+		}
+
 		if filteredRules.Rules.IdleTCPPortForwardTimeoutMilliseconds != nil {
 			trafficRules.IdleTCPPortForwardTimeoutMilliseconds = filteredRules.Rules.IdleTCPPortForwardTimeoutMilliseconds
 		}

psiphon/server/tunnelServer.go

@@ -43,7 +43,6 @@ import (
 const (
 	SSH_HANDSHAKE_TIMEOUT                 = 30 * time.Second
 	SSH_CONNECTION_READ_DEADLINE          = 5 * time.Minute
-	SSH_TCP_PORT_FORWARD_DIAL_TIMEOUT     = 10 * time.Second
 	SSH_TCP_PORT_FORWARD_COPY_BUFFER_SIZE = 8192
 	SSH_TCP_PORT_FORWARD_QUEUE_SIZE       = 1024
 	SSH_SEND_OSL_INITIAL_RETRY_DELAY      = 30 * time.Second
@@ -1099,7 +1098,9 @@ func (sshClient *sshClient) runTunnel(
 		defer waitGroup.Done()
 		for newPortForward := range newTCPPortForwards {
 
-			remainingDialTimeout := SSH_TCP_PORT_FORWARD_DIAL_TIMEOUT - monotime.Since(newPortForward.enqueueTime)
+			remainingDialTimeout :=
+				time.Duration(sshClient.getDialTCPPortForwardTimeoutMilliseconds())*time.Millisecond -
+					monotime.Since(newPortForward.enqueueTime)
 
 			if remainingDialTimeout <= 0 {
 				sshClient.updateQualityMetricsWithRejectedDialingLimit()
@@ -1597,6 +1598,14 @@ func (sshClient *sshClient) getTCPPortForwardQueueSize() int {
 		*sshClient.trafficRules.MaxTCPDialingPortForwardCount
 }
 
+func (sshClient *sshClient) getDialTCPPortForwardTimeoutMilliseconds() int {
+
+	sshClient.Lock()
+	defer sshClient.Unlock()
+
+	return *sshClient.trafficRules.DialTCPPortForwardTimeoutMilliseconds
+}
+
 func (sshClient *sshClient) dialingTCPPortForward() {
 
 	sshClient.Lock()