Use distinct downstream fragmentor parameters

psiphon/common/parameters/clientParameters.go

@@ -102,6 +102,14 @@ const (
 	FragmentorMaxWriteBytes                    = "FragmentorMaxWriteBytes"
 	FragmentorMinDelay                         = "FragmentorMinDelay"
 	FragmentorMaxDelay                         = "FragmentorMaxDelay"
+	FragmentorDownstreamProbability            = "FragmentorDownstreamProbability"
+	FragmentorDownstreamLimitProtocols         = "FragmentorDownstreamLimitProtocols"
+	FragmentorDownstreamMinTotalBytes          = "FragmentorDownstreamMinTotalBytes"
+	FragmentorDownstreamMaxTotalBytes          = "FragmentorDownstreamMaxTotalBytes"
+	FragmentorDownstreamMinWriteBytes          = "FragmentorDownstreamMinWriteBytes"
+	FragmentorDownstreamMaxWriteBytes          = "FragmentorDownstreamMaxWriteBytes"
+	FragmentorDownstreamMinDelay               = "FragmentorDownstreamMinDelay"
+	FragmentorDownstreamMaxDelay               = "FragmentorDownstreamMaxDelay"
 	ObfuscatedSSHMinPadding                    = "ObfuscatedSSHMinPadding"
 	ObfuscatedSSHMaxPadding                    = "ObfuscatedSSHMaxPadding"
 	TunnelOperateShutdownTimeout               = "TunnelOperateShutdownTimeout"
@@ -233,14 +241,22 @@ var defaultClientParameters = map[string]struct {
 	LimitQUICVersionsProbability: {value: 1.0, minimum: 0.0},
 	LimitQUICVersions:            {value: protocol.QUICVersions{protocol.QUIC_VERSION_GQUIC43}},
 
-	FragmentorProbability:    {value: 0.5, minimum: 0.0},
-	FragmentorLimitProtocols: {value: protocol.TunnelProtocols{}},
-	FragmentorMinTotalBytes:  {value: 0, minimum: 0},
-	FragmentorMaxTotalBytes:  {value: 0, minimum: 0},
-	FragmentorMinWriteBytes:  {value: 1, minimum: 1},
-	FragmentorMaxWriteBytes:  {value: 1500, minimum: 1},
-	FragmentorMinDelay:       {value: time.Duration(0), minimum: time.Duration(0)},
-	FragmentorMaxDelay:       {value: 10 * time.Millisecond, minimum: time.Duration(0)},
+	FragmentorProbability:              {value: 0.5, minimum: 0.0},
+	FragmentorLimitProtocols:           {value: protocol.TunnelProtocols{}},
+	FragmentorMinTotalBytes:            {value: 0, minimum: 0},
+	FragmentorMaxTotalBytes:            {value: 0, minimum: 0},
+	FragmentorMinWriteBytes:            {value: 1, minimum: 1},
+	FragmentorMaxWriteBytes:            {value: 1500, minimum: 1},
+	FragmentorMinDelay:                 {value: time.Duration(0), minimum: time.Duration(0)},
+	FragmentorMaxDelay:                 {value: 10 * time.Millisecond, minimum: time.Duration(0)},
+	FragmentorDownstreamProbability:    {value: 0.5, minimum: 0.0},
+	FragmentorDownstreamLimitProtocols: {value: protocol.TunnelProtocols{}},
+	FragmentorDownstreamMinTotalBytes:  {value: 0, minimum: 0},
+	FragmentorDownstreamMaxTotalBytes:  {value: 0, minimum: 0},
+	FragmentorDownstreamMinWriteBytes:  {value: 1, minimum: 1},
+	FragmentorDownstreamMaxWriteBytes:  {value: 1500, minimum: 1},
+	FragmentorDownstreamMinDelay:       {value: time.Duration(0), minimum: time.Duration(0)},
+	FragmentorDownstreamMaxDelay:       {value: 10 * time.Millisecond, minimum: time.Duration(0)},
 
 	// The Psiphon server will reject obfuscated SSH seed messages with
 	// padding greater than OBFUSCATE_MAX_PADDING.

psiphon/common/tactics/tactics.go

@@ -1155,14 +1155,14 @@ func (listener *Listener) Accept() (net.Conn, error) {
 		// or not fragment all TCP connections for a one meek session, the server
 		// will make a coin flip per connection.
 
-		tunnelProtocols := p.TunnelProtocols(parameters.FragmentorLimitProtocols)
+		tunnelProtocols := p.TunnelProtocols(parameters.FragmentorDownstreamLimitProtocols)
 		if (len(tunnelProtocols) == 0 ||
 			common.Contains(tunnelProtocols, listener.tunnelProtocol)) &&
-			p.WeightedCoinFlip(parameters.FragmentorProbability) {
+			p.WeightedCoinFlip(parameters.FragmentorDownstreamProbability) {
 
 			totalBytes, err := common.MakeSecureRandomRange(
-				p.Int(parameters.FragmentorMinTotalBytes),
-				p.Int(parameters.FragmentorMaxTotalBytes))
+				p.Int(parameters.FragmentorDownstreamMinTotalBytes),
+				p.Int(parameters.FragmentorDownstreamMaxTotalBytes))
 			if err != nil {
 				listener.server.logger.WithContextFields(
 					common.LogFields{"error": err}).Warning("MakeSecureRandomRange failed")
@@ -1172,12 +1172,15 @@ func (listener *Listener) Accept() (net.Conn, error) {
 			if totalBytes > 0 {
 				conn = fragmentor.NewConn(
 					conn,
-					nil,
+					func(message string) {
+						listener.server.logger.WithContextFields(
+							common.LogFields{"message": message}).Debug("Fragmentor")
+					},
 					totalBytes,
-					p.Int(parameters.FragmentorMinWriteBytes),
-					p.Int(parameters.FragmentorMaxWriteBytes),
-					p.Duration(parameters.FragmentorMinDelay),
-					p.Duration(parameters.FragmentorMaxDelay))
+					p.Int(parameters.FragmentorDownstreamMinWriteBytes),
+					p.Int(parameters.FragmentorDownstreamMaxWriteBytes),
+					p.Duration(parameters.FragmentorDownstreamMinDelay),
+					p.Duration(parameters.FragmentorDownstreamMaxDelay))
 			}
 		}
 

psiphon/server/server_test.go

@@ -1278,7 +1278,15 @@ func paveTacticsConfigFile(
           "FragmentorMinWriteBytes" : 1,
           "FragmentorMaxWriteBytes" : 100,
           "FragmentorMinDelay" : "1ms",
-          "FragmentorMaxDelay" : "10ms"
+          "FragmentorMaxDelay" : "10ms",
+          "FragmentorDownstreamLimitProtocols" : ["%s"],
+          "FragmentorDownstreamProbability" : 1.0,
+          "FragmentorDownstreamMinTotalBytes" : 1000,
+          "FragmentorDownstreamMaxTotalBytes" : 2000,
+          "FragmentorDownstreamMinWriteBytes" : 1,
+          "FragmentorDownstreamMaxWriteBytes" : 100,
+          "FragmentorDownstreamMinDelay" : "1ms",
+          "FragmentorDownstreamMaxDelay" : "10ms"
         }
       },
       "FilteredTactics" : [
@@ -1306,6 +1314,7 @@ func paveTacticsConfigFile(
 		tacticsRequestPublicKey, tacticsRequestPrivateKey, tacticsRequestObfuscatedKey,
 		tunnelProtocol,
 		tunnelProtocol,
+		tunnelProtocol,
 		propagationChannelID)
 
 	err := ioutil.WriteFile(tacticsConfigFilename, []byte(tacticsConfigJSON), 0600)