Use github.com/Psiphon-Labs/quic-go@301924cbe026

go.mod

@@ -40,7 +40,7 @@ require (
 	github.com/Psiphon-Labs/consistent v0.0.0-20240322131436-20aaa4e05737
 	github.com/Psiphon-Labs/goptlib v0.0.0-20200406165125-c0e32a7a3464
 	github.com/Psiphon-Labs/psiphon-tls v0.0.0-20250318183125-2a2fae2db378
-	github.com/Psiphon-Labs/quic-go v0.0.0-20250303214000-94770c5d46a0
+	github.com/Psiphon-Labs/quic-go v0.0.0-20250318213212-301924cbe026
 	github.com/Psiphon-Labs/utls v0.0.0-20250311210446-c1daf1ce55c1
 	github.com/armon/go-proxyproto v0.0.0-20180202201750-5b7edb60ff5f
 	github.com/bifurcation/mint v0.0.0-20180306135233-198357931e61

go.sum

@@ -24,8 +24,8 @@ github.com/Psiphon-Labs/goptlib v0.0.0-20200406165125-c0e32a7a3464 h1:VmnMMMheFX
 github.com/Psiphon-Labs/goptlib v0.0.0-20200406165125-c0e32a7a3464/go.mod h1:Pe5BqN2DdIdChorAXl6bDaQd/wghpCleJfid2NoSli0=
 github.com/Psiphon-Labs/psiphon-tls v0.0.0-20250318183125-2a2fae2db378 h1:LqI8cxnYxgUKLLvv+XZKpxZAQcov6xhEKgC82FdvG/k=
 github.com/Psiphon-Labs/psiphon-tls v0.0.0-20250318183125-2a2fae2db378/go.mod h1:7ZUnPnWT5z8J8hxfsVjKHYK77Zme/Y0If1b/zeziiJs=
-github.com/Psiphon-Labs/quic-go v0.0.0-20250303214000-94770c5d46a0 h1:E1L02sxaIDWp7c7KOmU2iQHodg7On6sB//i2BMWs//w=
-github.com/Psiphon-Labs/quic-go v0.0.0-20250303214000-94770c5d46a0/go.mod h1:rONdWgPMbFjyyBai7gB1IBF4pT9r4l0GyiDst5XR1SY=
+github.com/Psiphon-Labs/quic-go v0.0.0-20250318213212-301924cbe026 h1:HT5a/8JUfI1H2eA9g5LPyOZis1wa+gzFdXMgWYWB88I=
+github.com/Psiphon-Labs/quic-go v0.0.0-20250318213212-301924cbe026/go.mod h1:rONdWgPMbFjyyBai7gB1IBF4pT9r4l0GyiDst5XR1SY=
 github.com/Psiphon-Labs/utls v0.0.0-20250311210446-c1daf1ce55c1 h1:4AoKcLPErKMbqVdhA2MmnEP8kC4/CLlADnIR4rULHfM=
 github.com/Psiphon-Labs/utls v0.0.0-20250311210446-c1daf1ce55c1/go.mod h1:1vv0gVAzq9e2XYkW8HAKrmtuuZrBdDixQFx5H22KAjI=
 github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI=

vendor/github.com/Psiphon-Labs/quic-go/connection.go

@@ -275,12 +275,21 @@ var newConnection = func(
 	)
 	s.preSetup()
 
+	// [Psiphon]
+	initialMaxDatagramSize := protocol.ByteCount(s.config.InitialPacketSize)
+	if conf.ServerMaxPacketSizeAdjustment != nil {
+		maxPacketSizeAdjustment := protocol.ByteCount(conf.ServerMaxPacketSizeAdjustment(s.RemoteAddr()))
+		if initialMaxDatagramSize > maxPacketSizeAdjustment {
+			initialMaxDatagramSize -= maxPacketSizeAdjustment
+		}
+	}
+
 	s.sentPacketHandler, s.receivedPacketHandler = ackhandler.NewAckHandler(
 		0,
 
 		// [Psiphon]
 		// protocol.ByteCount(s.config.InitialPacketSize),
-		s.maxPacketSize(),
+		initialMaxDatagramSize,
 
 		s.rttStats,
 		clientAddressValidated,
@@ -292,7 +301,7 @@ var newConnection = func(
 
 	// [Psiphon]
 	// s.maxPayloadSizeEstimate.Store(uint32(estimateMaxPayloadSize(protocol.ByteCount(s.config.InitialPacketSize))))
-	s.maxPayloadSizeEstimate.Store(uint32(estimateMaxPayloadSize(s.maxPacketSize())))
+	s.maxPayloadSizeEstimate.Store(uint32(estimateMaxPayloadSize(initialMaxDatagramSize)))
 
 	statelessResetToken := statelessResetter.GetStatelessResetToken(srcConnID)
 	params := &wire.TransportParameters{
@@ -395,12 +404,20 @@ var newClientConnection = func(
 	)
 	s.ctx, s.ctxCancel = context.WithCancelCause(ctx)
 	s.preSetup()
+
+	// [Psiphon]
+	initialMaxDatagramSize := protocol.ByteCount(s.config.InitialPacketSize)
+	maxPacketSizeAdjustment := protocol.ByteCount(conf.ClientMaxPacketSizeAdjustment)
+	if initialMaxDatagramSize > maxPacketSizeAdjustment {
+		initialMaxDatagramSize -= maxPacketSizeAdjustment
+	}
+
 	s.sentPacketHandler, s.receivedPacketHandler = ackhandler.NewAckHandler(
 		initialPacketNumber,
 
 		// [Psiphon]
 		// protocol.ByteCount(s.config.InitialPacketSize),
-		s.maxPacketSize(),
+		initialMaxDatagramSize,
 
 		s.rttStats,
 		false, // has no effect
@@ -412,7 +429,7 @@ var newClientConnection = func(
 
 	// [Psiphon]
 	// s.maxPayloadSizeEstimate.Store(uint32(estimateMaxPayloadSize(protocol.ByteCount(s.config.InitialPacketSize))))
-	s.maxPayloadSizeEstimate.Store(uint32(estimateMaxPayloadSize(s.maxPacketSize())))
+	s.maxPayloadSizeEstimate.Store(uint32(estimateMaxPayloadSize(initialMaxDatagramSize)))
 
 	oneRTTStream := newCryptoStream()
 	params := &wire.TransportParameters{
@@ -1862,20 +1879,24 @@ func (s *connection) applyTransportParameters() {
 		maxPacketSize = params.MaxUDPPayloadSize
 	}
 
-	// [Psiphon]
-	// Adjust the max packet size to allow for obfuscation overhead.
-	maxPacketSizeAdjustment := 0
+	// [Psiphon] SECTION BEGIN
+	// Adjust the max packet sizes to allow for obfuscation overhead.
+	maxPacketSizeAdjustment := protocol.ByteCount(0)
 	if s.config.ServerMaxPacketSizeAdjustment != nil {
-		maxPacketSizeAdjustment = s.config.ServerMaxPacketSizeAdjustment(s.conn.RemoteAddr())
+		maxPacketSizeAdjustment = protocol.ByteCount(s.config.ServerMaxPacketSizeAdjustment(s.conn.RemoteAddr()))
 	} else {
-		maxPacketSizeAdjustment = s.config.ClientMaxPacketSizeAdjustment
+		maxPacketSizeAdjustment = protocol.ByteCount(s.config.ClientMaxPacketSizeAdjustment)
 	}
-	if maxPacketSize > protocol.ByteCount(maxPacketSizeAdjustment) {
-		maxPacketSize -= protocol.ByteCount(maxPacketSizeAdjustment)
+
+	if maxPacketSize > maxPacketSizeAdjustment {
+		maxPacketSize -= maxPacketSizeAdjustment
 	}
 
-	// [Psiphon]
-	initialMaxPacketSize := s.maxPacketSize()
+	initialMaxPacketSize := protocol.ByteCount(s.config.InitialPacketSize)
+	if initialMaxPacketSize > maxPacketSizeAdjustment {
+		initialMaxPacketSize -= maxPacketSizeAdjustment
+	}
+	// [Psiphon] SECTION END
 
 	s.mtuDiscoverer = newMTUDiscoverer(
 		s.rttStats,
@@ -2260,29 +2281,36 @@ func (s *connection) sendConnectionClose(e error) ([]byte, error) {
 //		}
 func (s *connection) maxPacketSize() protocol.ByteCount {
 	if s.mtuDiscoverer == nil {
-
-		maxPacketSize := int(s.config.InitialPacketSize)
-		maxPacketSizeAdjustment := 0
-
+		// Use the configured packet size on the client side.
+		// If the server sends a max_udp_payload_size that's smaller than this size, we can ignore this:
+		// Apparently the server still processed the (fully padded) Initial packet anyway.
 		if s.perspective == protocol.PerspectiveClient {
-			maxPacketSizeAdjustment = s.config.ClientMaxPacketSizeAdjustment
-		} else {
-			if s.config.ServerMaxPacketSizeAdjustment != nil {
-				maxPacketSizeAdjustment = s.config.ServerMaxPacketSizeAdjustment(s.conn.RemoteAddr())
+			packetSizeAdjustment := protocol.ByteCount(s.config.ClientMaxPacketSizeAdjustment)
+			initialMaxPacketSize := protocol.ByteCount(s.config.InitialPacketSize)
+
+			if initialMaxPacketSize > packetSizeAdjustment {
+				initialMaxPacketSize -= packetSizeAdjustment
 			}
+
+			return initialMaxPacketSize
 		}
 
-		// Adjust the max packet size to allow for obfuscation overhead. This
-		// is a best-effort operation. In practice, maxPacketSizeAdustment
-		// will be tens of bytes and maxSize is over 1200 bytes; the
-		// condition here is a sanity check guard to prevent negative sizes
-		// and possible panics. We don't expect to need to make the largest
-		// adustment that would be possible when the condition is false.
-		if maxPacketSize > maxPacketSizeAdjustment {
-			maxPacketSize -= maxPacketSizeAdjustment
+		// On the server side, there's no downside to using 1200 bytes until we received the client's transport
+		// parameters:
+		// * If the first packet didn't contain the entire ClientHello, all we can do is ACK that packet. We don't
+		//   need a lot of bytes for that.
+		// * If it did, we will have processed the transport parameters and initialized the MTU discoverer.
+
+		packetSizeAdjustment := protocol.ByteCount(0)
+		if s.config.ServerMaxPacketSizeAdjustment != nil {
+			packetSizeAdjustment = protocol.ByteCount(s.config.ServerMaxPacketSizeAdjustment(s.conn.RemoteAddr()))
 		}
 
-		return protocol.ByteCount(maxPacketSize)
+		initialPacketSize := protocol.ByteCount(protocol.MinInitialPacketSize)
+		if initialPacketSize > packetSizeAdjustment {
+			initialPacketSize -= packetSizeAdjustment
+		}
+		return initialPacketSize
 	}
 
 	return s.mtuDiscoverer.CurrentSize()

vendor/modules.txt

@@ -40,7 +40,7 @@ github.com/Psiphon-Labs/psiphon-tls/byteorder
 github.com/Psiphon-Labs/psiphon-tls/internal/boring
 github.com/Psiphon-Labs/psiphon-tls/internal/hpke
 github.com/Psiphon-Labs/psiphon-tls/internal/mlkem768
-# github.com/Psiphon-Labs/quic-go v0.0.0-20250303214000-94770c5d46a0
+# github.com/Psiphon-Labs/quic-go v0.0.0-20250318213212-301924cbe026
 ## explicit; go 1.23
 github.com/Psiphon-Labs/quic-go
 github.com/Psiphon-Labs/quic-go/http3