Consistently use GetClientParametersSnapshot to access parameter snapshot

psiphon/config.go

@@ -778,7 +778,7 @@ func (config *Config) Commit() error {
 }
 
 // GetClientParameters returns a snapshot of the current client parameters.
-func (config *Config) GetClientParameters() *parameters.ClientParametersSnapshot {
+func (config *Config) GetClientParametersSnapshot() *parameters.ClientParametersSnapshot {
 	return config.clientParameters.Get()
 }
 

psiphon/controller.go

@@ -315,7 +315,7 @@ fetcherLoop:
 		// Skip fetch entirely (i.e., send no request at all, even when ETag would save
 		// on response size) when a recent fetch was successful
 
-		stalePeriod := controller.config.clientParameters.Get().Duration(
+		stalePeriod := controller.config.GetClientParametersSnapshot().Duration(
 			parameters.FetchRemoteServerListStalePeriod)
 
 		if lastFetchTime != 0 &&
@@ -351,7 +351,7 @@ fetcherLoop:
 
 			NoticeAlert("failed to fetch %s remote server list: %s", name, err)
 
-			retryPeriod := controller.config.clientParameters.Get().Duration(
+			retryPeriod := controller.config.GetClientParametersSnapshot().Duration(
 				parameters.FetchRemoteServerListRetryPeriod)
 
 			timer := time.NewTimer(retryPeriod)
@@ -375,7 +375,7 @@ fetcherLoop:
 func (controller *Controller) establishTunnelWatcher() {
 	defer controller.runWaitGroup.Done()
 
-	timeout := controller.config.clientParameters.Get().Duration(
+	timeout := controller.config.GetClientParametersSnapshot().Duration(
 		parameters.EstablishTunnelTimeout)
 
 	if timeout > 0 {
@@ -430,7 +430,7 @@ loop:
 		if reported {
 			duration = 24 * time.Hour
 		} else {
-			duration = controller.config.clientParameters.Get().Duration(
+			duration = controller.config.GetClientParametersSnapshot().Duration(
 				parameters.PsiphonAPIConnectedRequestRetryPeriod)
 		}
 		timer := time.NewTimer(duration)
@@ -503,7 +503,7 @@ downloadLoop:
 			break downloadLoop
 		}
 
-		stalePeriod := controller.config.clientParameters.Get().Duration(
+		stalePeriod := controller.config.GetClientParametersSnapshot().Duration(
 			parameters.FetchUpgradeStalePeriod)
 
 		// Unless handshake is explicitly advertizing a new version, skip
@@ -543,7 +543,7 @@ downloadLoop:
 
 			NoticeAlert("failed to download upgrade: %s", err)
 
-			timeout := controller.config.clientParameters.Get().Duration(
+			timeout := controller.config.GetClientParametersSnapshot().Duration(
 				parameters.FetchUpgradeRetryPeriod)
 
 			timer := time.NewTimer(timeout)
@@ -1173,7 +1173,7 @@ func (controller *Controller) launchEstablishing() {
 
 	if !controller.config.DisableTactics {
 
-		timeout := controller.config.clientParameters.Get().Duration(
+		timeout := controller.config.GetClientParametersSnapshot().Duration(
 			parameters.TacticsWaitPeriod)
 
 		tacticsDone := make(chan struct{})
@@ -1207,7 +1207,7 @@ func (controller *Controller) launchEstablishing() {
 	// establishLimitTunnelProtocolsState field must be read-only after this
 	// point, allowing concurrent reads by establishment workers.
 
-	p := controller.config.clientParameters.Get()
+	p := controller.config.GetClientParametersSnapshot()
 
 	controller.protocolSelectionConstraints = &protocolSelectionConstraints{
 		useUpstreamProxy:                    controller.config.UseUpstreamProxy(),
@@ -1217,7 +1217,7 @@ func (controller *Controller) launchEstablishing() {
 		replayCandidateCount:                p.Int(parameters.ReplayCandidateCount),
 	}
 
-	workerPoolSize := controller.config.clientParameters.Get().Int(
+	workerPoolSize := controller.config.GetClientParametersSnapshot().Int(
 		parameters.ConnectionWorkerPoolSize)
 
 	// When TargetServerEntry is used, override any worker pool size config or
@@ -1424,7 +1424,7 @@ func (controller *Controller) getTactics(done chan struct{}) {
 			// TODO: distinguish network and local errors and abort
 			// on local errors.
 
-			p := controller.config.clientParameters.Get()
+			p := controller.config.GetClientParametersSnapshot()
 			timeout := prng.JitterDuration(
 				p.Duration(parameters.TacticsRetryPeriod),
 				p.Float(parameters.TacticsRetryPeriodJitter))
@@ -1512,7 +1512,7 @@ func (controller *Controller) doFetchTactics(
 	// Using controller.establishCtx will cancel FetchTactics
 	// if tunnel establishment completes first.
 
-	timeout := controller.config.clientParameters.Get().Duration(
+	timeout := controller.config.GetClientParametersSnapshot().Duration(
 		parameters.TacticsTimeout)
 
 	ctx, cancelFunc := context.WithTimeout(
@@ -1681,7 +1681,7 @@ loop:
 				break loop
 			}
 
-			workTime := controller.config.clientParameters.Get().Duration(
+			workTime := controller.config.GetClientParametersSnapshot().Duration(
 				parameters.EstablishTunnelWorkTime)
 
 			if roundStartTime.Add(-roundNetworkWaitDuration).Add(workTime).Before(monotime.Now()) {
@@ -1696,7 +1696,7 @@ loop:
 				// candidate has completed (success or failure) or is still working
 				// and the grace period has elapsed.
 
-				gracePeriod := controller.config.clientParameters.Get().Duration(
+				gracePeriod := controller.config.GetClientParametersSnapshot().Duration(
 					parameters.EstablishTunnelServerAffinityGracePeriod)
 
 				if gracePeriod > 0 {
@@ -1726,7 +1726,7 @@ loop:
 		// in typical conditions (it isn't strictly necessary to wait for this, there will
 		// be more rounds if required).
 
-		p := controller.config.clientParameters.Get()
+		p := controller.config.GetClientParametersSnapshot()
 		timeout := prng.JitterDuration(
 			p.Duration(parameters.EstablishTunnelPausePeriod),
 			p.Float(parameters.EstablishTunnelPausePeriodJitter))
@@ -1777,7 +1777,7 @@ loop:
 		// intensive. In this case, a StaggerConnectionWorkersMilliseconds
 		// delay may still be incurred.
 
-		limitIntensiveConnectionWorkers := controller.config.clientParameters.Get().Int(
+		limitIntensiveConnectionWorkers := controller.config.GetClientParametersSnapshot().Int(
 			parameters.LimitIntensiveConnectionWorkers)
 
 		controller.concurrentEstablishTunnelsMutex.Lock()
@@ -1885,7 +1885,7 @@ loop:
 		// The stagger is applied when establishConnectTunnelCount > 0 -- that
 		// is, for all but the first dial.
 
-		p := controller.config.clientParameters.Get()
+		p := controller.config.GetClientParametersSnapshot()
 		staggerPeriod := p.Duration(parameters.StaggerConnectionWorkersPeriod)
 		staggerJitter := p.Float(parameters.StaggerConnectionWorkersJitter)
 		p = nil

psiphon/dataStore.go

@@ -482,7 +482,7 @@ func newTargetServerEntryIterator(config *Config, isTactics bool) (bool, *Server
 			return false, nil, common.ContextError(errors.New("TargetServerEntry does not support EgressRegion"))
 		}
 
-		limitTunnelProtocols := config.GetClientParameters().TunnelProtocols(parameters.LimitTunnelProtocols)
+		limitTunnelProtocols := config.GetClientParametersSnapshot().TunnelProtocols(parameters.LimitTunnelProtocols)
 		if len(limitTunnelProtocols) > 0 {
 			// At the ServerEntryIterator level, only limitTunnelProtocols is applied;
 			// excludeIntensive is handled higher up.
@@ -588,10 +588,10 @@ func (iterator *ServerEntryIterator) reset(isInitialRound bool) error {
 		// TODO: move only up to parameters.ReplayCandidateCount to front?
 
 		if (isInitialRound ||
-			iterator.config.GetClientParameters().WeightedCoinFlip(
+			iterator.config.GetClientParametersSnapshot().WeightedCoinFlip(
 				parameters.ReplayLaterRoundMoveToFrontProbability)) &&
 
-			iterator.config.GetClientParameters().Int(
+			iterator.config.GetClientParametersSnapshot().Int(
 				parameters.ReplayCandidateCount) != 0 {
 
 			networkID := []byte(iterator.config.GetNetworkID())
@@ -837,7 +837,7 @@ func PruneServerEntry(config *Config, serverEntryTag string) {
 
 func pruneServerEntry(config *Config, serverEntryTag string) error {
 
-	minimumAgeForPruning := config.GetClientParameters().Duration(
+	minimumAgeForPruning := config.GetClientParametersSnapshot().Duration(
 		parameters.ServerEntryMinimumAgeForPruning)
 
 	return datastoreUpdate(func(tx *datastoreTx) error {
@@ -1243,7 +1243,8 @@ func StorePersistentStat(config *Config, statType string, stat []byte) error {
 		return common.ContextError(fmt.Errorf("invalid persistent stat type: %s", statType))
 	}
 
-	maxStoreRecords := config.GetClientParameters().Int(parameters.PersistentStatsMaxStoreRecords)
+	maxStoreRecords := config.GetClientParametersSnapshot().Int(
+		parameters.PersistentStatsMaxStoreRecords)
 
 	err := datastoreUpdate(func(tx *datastoreTx) error {
 		bucket := tx.bucket([]byte(statType))
@@ -1318,7 +1319,8 @@ func TakeOutUnreportedPersistentStats(config *Config) (map[string][][]byte, erro
 
 	stats := make(map[string][][]byte)
 
-	maxSendBytes := config.GetClientParameters().Int(parameters.PersistentStatsMaxSendBytes)
+	maxSendBytes := config.GetClientParametersSnapshot().Int(
+		parameters.PersistentStatsMaxSendBytes)
 
 	err := datastoreUpdate(func(tx *datastoreTx) error {
 

psiphon/dialParameters.go

@@ -139,7 +139,7 @@ func MakeDialParameters(
 
 	networkID := config.GetNetworkID()
 
-	p := config.GetClientParameters()
+	p := config.GetClientParametersSnapshot()
 
 	ttl := p.Duration(parameters.ReplayDialParametersTTL)
 	replaySSH := p.Bool(parameters.ReplaySSH)
@@ -618,7 +618,7 @@ func (dialParams *DialParameters) Failed(config *Config) {
 	// to, e.g., temporary network disruptions or server load limiting.
 
 	if dialParams.IsReplay &&
-		!config.GetClientParameters().WeightedCoinFlip(
+		!config.GetClientParametersSnapshot().WeightedCoinFlip(
 			parameters.ReplayRetainFailedProbability) {
 
 		NoticeInfo("Delete dial parameters for %s", dialParams.ServerEntry.IpAddress)

psiphon/httpProxy.go

@@ -117,11 +117,10 @@ func NewHttpProxy(
 		return tunneler.DirectDial(addr)
 	}
 
-	responseHeaderTimeout := config.clientParameters.Get().Duration(
-		parameters.HTTPProxyOriginServerTimeout)
-
-	maxIdleConnsPerHost := config.clientParameters.Get().Int(
-		parameters.HTTPProxyMaxIdleConnectionsPerHost)
+	p := config.GetClientParametersSnapshot()
+	responseHeaderTimeout := p.Duration(parameters.HTTPProxyOriginServerTimeout)
+	maxIdleConnsPerHost := p.Int(parameters.HTTPProxyMaxIdleConnectionsPerHost)
+	p = nil
 
 	// TODO: could HTTP proxy share a tunneled transport with URL proxy?
 	// For now, keeping them distinct just to be conservative.

psiphon/remoteServerList.go

@@ -52,7 +52,7 @@ func FetchCommonRemoteServerList(
 
 	NoticeInfo("fetching common remote server list")
 
-	p := config.clientParameters.Get()
+	p := config.GetClientParametersSnapshot()
 	publicKey := p.String(parameters.RemoteServerListSignaturePublicKey)
 	urls := p.DownloadURLs(parameters.RemoteServerListURLs)
 	downloadTimeout := p.Duration(parameters.FetchRemoteServerListTimeout)
@@ -135,7 +135,7 @@ func FetchObfuscatedServerLists(
 
 	NoticeInfo("fetching obfuscated remote server lists")
 
-	p := config.clientParameters.Get()
+	p := config.GetClientParametersSnapshot()
 	publicKey := p.String(parameters.RemoteServerListSignaturePublicKey)
 	urls := p.DownloadURLs(parameters.ObfuscatedServerListRootURLs)
 	downloadTimeout := p.Duration(parameters.FetchRemoteServerListTimeout)

psiphon/serverApi.go

@@ -97,7 +97,8 @@ func NewServerContext(tunnel *Tunnel) (*ServerContext, error) {
 		paddingPRNG:        prng.NewPRNGWithSeed(tunnel.dialParams.APIRequestPaddingSeed),
 	}
 
-	ignoreRegexps := tunnel.config.clientParameters.Get().Bool(parameters.IgnoreHandshakeStatsRegexps)
+	ignoreRegexps := tunnel.config.GetClientParametersSnapshot().Bool(
+		parameters.IgnoreHandshakeStatsRegexps)
 
 	err := serverContext.doHandshakeRequest(ignoreRegexps)
 	if err != nil {
@@ -576,7 +577,7 @@ func confirmStatusRequestPayload(payloadInfo *statusRequestPayloadInfo) {
 func RecordRemoteServerListStat(
 	config *Config, url, etag string) error {
 
-	if !config.GetClientParameters().WeightedCoinFlip(
+	if !config.GetClientParametersSnapshot().WeightedCoinFlip(
 		parameters.RecordRemoteServerListPersistentStatsProbability) {
 		return nil
 	}
@@ -618,7 +619,7 @@ var failedTunnelErrStripAddressRegex = regexp.MustCompile(
 func RecordFailedTunnelStat(
 	config *Config, dialParams *DialParameters, tunnelErr error) error {
 
-	if !config.GetClientParameters().WeightedCoinFlip(
+	if !config.GetClientParametersSnapshot().WeightedCoinFlip(
 		parameters.RecordFailedTunnelPersistentStatsProbability) {
 		return nil
 	}
@@ -722,7 +723,7 @@ func (serverContext *ServerContext) getBaseAPIParameters() common.APIParameters
 	// fingerprints. The "pad_response" field instructs the server to pad its
 	// response accordingly.
 
-	p := serverContext.tunnel.config.GetClientParameters()
+	p := serverContext.tunnel.config.GetClientParametersSnapshot()
 	minUpstreamPadding := p.Int(parameters.APIRequestUpstreamPaddingMinBytes)
 	maxUpstreamPadding := p.Int(parameters.APIRequestUpstreamPaddingMaxBytes)
 	minDownstreamPadding := p.Int(parameters.APIRequestDownstreamPaddingMinBytes)
@@ -833,7 +834,8 @@ func getBaseAPIParameters(
 		params["server_entry_timestamp"] = localServerEntryTimestamp
 	}
 
-	params[tactics.APPLIED_TACTICS_TAG_PARAMETER_NAME] = config.clientParameters.Get().Tag()
+	params[tactics.APPLIED_TACTICS_TAG_PARAMETER_NAME] =
+		config.GetClientParametersSnapshot().Tag()
 
 	if dialParams.DialPortNumber != "" {
 		params["dial_port_number"] = dialParams.DialPortNumber

psiphon/tunnel.go

@@ -186,7 +186,7 @@ func (tunnel *Tunnel) Activate(
 		// request. At this point, there is no operateTunnel monitor that will detect
 		// this condition with SSH keep alives.
 
-		timeout := tunnel.config.clientParameters.Get().Duration(
+		timeout := tunnel.config.GetClientParametersSnapshot().Duration(
 			parameters.PsiphonAPIRequestTimeout)
 
 		if timeout > 0 {
@@ -293,7 +293,7 @@ func (tunnel *Tunnel) Close(isDiscarded bool) {
 		// tunnel is closed, which will interrupt any slow final status request.
 
 		if isActivated {
-			timeout := tunnel.config.clientParameters.Get().Duration(
+			timeout := tunnel.config.GetClientParametersSnapshot().Duration(
 				parameters.TunnelOperateShutdownTimeout)
 			afterFunc := time.AfterFunc(
 				timeout,
@@ -372,7 +372,7 @@ func (tunnel *Tunnel) Dial(
 
 	resultChannel := make(chan *tunnelDialResult, 1)
 
-	timeout := tunnel.config.clientParameters.Get().Duration(
+	timeout := tunnel.config.GetClientParametersSnapshot().Duration(
 		parameters.TunnelPortForwardDialTimeout)
 
 	afterFunc := time.AfterFunc(
@@ -530,7 +530,7 @@ func dialTunnel(
 		return nil, common.ContextError(err)
 	}
 
-	p := config.clientParameters.Get()
+	p := config.GetClientParametersSnapshot()
 	timeout := p.Duration(parameters.TunnelConnectTimeout)
 	rateLimits := p.RateLimits(parameters.TunnelRateLimits)
 	obfuscatedSSHMinPadding := p.Int(parameters.ObfuscatedSSHMinPadding)
@@ -1242,7 +1242,7 @@ func (tunnel *Tunnel) sendSshKeepAlive(isFirstKeepAlive bool, timeout time.Durat
 
 	go func() {
 		// Random padding to frustrate fingerprinting.
-		p := tunnel.config.clientParameters.Get()
+		p := tunnel.config.GetClientParametersSnapshot()
 		request := prng.Padding(
 			p.Int(parameters.SSHKeepAlivePaddingMinBytes),
 			p.Int(parameters.SSHKeepAlivePaddingMaxBytes))
@@ -1268,7 +1268,7 @@ func (tunnel *Tunnel) sendSshKeepAlive(isFirstKeepAlive bool, timeout time.Durat
 
 		if err == nil && requestOk &&
 			(isFirstKeepAlive ||
-				tunnel.config.clientParameters.Get().WeightedCoinFlip(
+				tunnel.config.GetClientParametersSnapshot().WeightedCoinFlip(
 					parameters.SSHKeepAliveSpeedTestSampleProbability)) {
 
 			err = tactics.AddSpeedTestSample(

psiphon/upgradeDownload.go

@@ -73,7 +73,7 @@ func DownloadUpgrade(
 		return nil
 	}
 
-	p := config.clientParameters.Get()
+	p := config.GetClientParametersSnapshot()
 	urls := p.DownloadURLs(parameters.UpgradeDownloadURLs)
 	clientVersionHeader := p.String(parameters.UpgradeDownloadClientVersionHeader)
 	downloadTimeout := p.Duration(parameters.FetchUpgradeTimeout)