Fall back to InproxyBrokerSpecs if InproxyAllBrokerSpecs is not set

- Workaround for existing servers not accepting unknown tactics parameters

- Provides option for simpler tactics configurations, in some cases

psiphon/common/parameters/parameters.go

@@ -1343,6 +1343,18 @@ func (p *Parameters) Set(
 	}
 	inproxyAllBrokerSpecs, _ := inproxyAllBrokerSpecsValue.(InproxyBrokerSpecsValue)
 
+	// Fall back to InproxyBrokerSpecs if InproxyAllBrokerSpecs is not
+	// configured.
+	if len(inproxyAllBrokerSpecs) == 0 {
+		inproxyBrokerSpecsValue, err := getAppliedValue(
+			InproxyBrokerSpecs, parameters, applyParameters)
+		if err != nil {
+			return nil, errors.Trace(err)
+		}
+		inproxyAllBrokerSpecs, _ = inproxyBrokerSpecsValue.(InproxyBrokerSpecsValue)
+
+	}
+
 	inproxyAllCommonCompartmentIDsValue, err := getAppliedValue(
 		InproxyAllCommonCompartmentIDs, parameters, applyParameters)
 	if err != nil {

psiphon/server/inproxy.go

@@ -59,7 +59,10 @@ func MakeInproxyProxyQualityBrokerRoundTripper(
 		return nil, nil, errors.TraceNew("missing tactics")
 	}
 
-	brokerSpecs := p.InproxyBrokerSpecs(parameters.InproxyAllBrokerSpecs)
+	// Fall back to InproxyBrokerSpecs if InproxyAllBrokerSpecs is not
+	// configured.
+	brokerSpecs := p.InproxyBrokerSpecs(
+		parameters.InproxyAllBrokerSpecs, parameters.InproxyBrokerSpecs)
 
 	// InproxyProxyQualityReporterTrustedCACertificates and
 	// InproxyProxyQualityReporterAdditionalHeaders are intended to support

psiphon/server/tunnelServer.go

@@ -1530,7 +1530,10 @@ func (sshServer *sshServer) reloadTactics() error {
 
 		if !p.IsNil() {
 
-			brokerSpecs := p.InproxyBrokerSpecs(parameters.InproxyAllBrokerSpecs)
+			// Fall back to InproxyBrokerSpecs if InproxyAllBrokerSpecs is not
+			// configured.
+			brokerSpecs := p.InproxyBrokerSpecs(
+				parameters.InproxyAllBrokerSpecs, parameters.InproxyBrokerSpecs)
 
 			var brokerPublicKeys []inproxy.SessionPublicKey
 			var brokerRootObfuscationSecrets []inproxy.ObfuscationSecret
@@ -2189,6 +2192,18 @@ func (t *inproxyProxyQualityTracker) UpdateProgress(
 		handshaked, _ := t.sshClient.getHandshaked()
 		if handshaked {
 
+			// Limitation: reporting proxy quality is currently a
+			// once-per-tunnel operation. Since in-proxy brokers apply a
+			// quality data TTL, InproxyProxyQualityTTL, it's possible that a
+			// proxy that continues to relay only one single tunnel for
+			// longer than that TTL will eventually lose its priority
+			// classification even as the tunnel remains connected and relaying
+			// data.
+			//
+			// As a future enhancement, consider reseting the tracker and
+			// triggering a new quality report after the
+			// InproxyProxyQualityTTL period.
+
 			if !atomic.CompareAndSwapInt32(&t.reportTriggered, 0, 1) {
 				return
 			}
@@ -4539,7 +4554,8 @@ func (sshClient *sshClient) reportProxyQuality() {
 	if len(enabledRegions) > 0 &&
 		!common.Contains(enabledRegions, sshClient.clientGeoIPData.Country) {
 
-		// Quality reporting is restricted to specific regions, and this client's region is not included.
+		// Quality reporting is restricted to specific regions, and this
+		// client's region is not included.
 		return
 	}