1 سال پیش · e8d9657ccf
--- a/ConsoleClient/main.go
+++ b/ConsoleClient/main.go
@@ -262,7 +262,7 @@ func main() {
 
				 			psiphon.NoticeInfo("write profiles")
			
 
				 			profileSampleDurationSeconds := 5
			
 
				 			common.WriteRuntimeProfiles(
			
 
				-				psiphon.NoticeCommonLogger(),
			
 
				+				psiphon.NoticeCommonLogger(false),
			
 
				 				config.DataRootDirectory,
			
 
				 				"",
			
 
				 				profileSampleDurationSeconds,
			
--- a/psiphon/common/tactics/tactics.go
+++ b/psiphon/common/tactics/tactics.go
@@ -1701,7 +1701,10 @@ func applyTacticsPayload(
 
				 		// original tag -- but no tactics payload. In this case, simply fail
			
 
				 		// the apply operation.
			
 
				 
			
 
				-		if payload.Tactics == nil {
			
 
				+		// A nil payload.Tactics, of type json.RawMessage, can be serialized
			
 
				+		// as the JSON "null".
			
 
				+		if payload.Tactics == nil ||
			
 
				+			bytes.Equal(payload.Tactics, []byte("null")) {
			
 
				 			return errors.TraceNew("missing tactics")
			
 
				 		}
			
 
				 
			
--- a/psiphon/config.go
+++ b/psiphon/config.go
@@ -643,16 +643,21 @@ type Config struct {
 
				 	// transfer rate limit for each proxied client. When 0, there is no limit.
			
 
				 	InproxyLimitDownstreamBytesPerSecond int
			
 
				 
			
 
				-	// InproxyPersonalCompartmentIDs specifies the personal compartment IDs
			
 
				-	// used by an in-proxy client or proxy. Personal compartment IDs are
			
 
				+	// InproxyProxyPersonalCompartmentIDs specifies the personal compartment
			
 
				+	// IDs used by an in-proxy proxy. Personal compartment IDs are
			
 
				 	// distributed from proxy operators to client users out-of-band and
			
 
				-	// provide a mechanism to allow only certain clients to use a proxy, or
			
 
				-	// to ensure a client only uses a certain proxy.
			
 
				+	// provide a mechanism to allow only certain clients to use a proxy.
			
 
				+	InproxyProxyPersonalCompartmentIDs []string
			
 
				+
			
 
				+	// InproxyClientPersonalCompartmentIDs specifies the personal compartment
			
 
				+	// IDs used by an in-proxy client. Personal compartment IDs are
			
 
				+	// distributed from proxy operators to client users out-of-band and
			
 
				+	// provide a mechanism to ensure a client only uses a certain proxy.
			
 
				 	//
			
 
				-	// When InproxyPersonalCompartmentIDs is set, the client will use only
			
 
				-	// in-proxy protocols, ensuring that all connections go through the proxy
			
 
				-	// or proxiues with the same personal compartment IDs.
			
 
				-	InproxyPersonalCompartmentIDs []string
			
 
				+	// When InproxyClientPersonalCompartmentIDs is set, the client will use
			
 
				+	// only in-proxy protocols, ensuring that all connections go through the
			
 
				+	// proxy or proxies with the same personal compartment IDs.
			
 
				+	InproxyClientPersonalCompartmentIDs []string
			
 
				 
			
 
				 	//
			
 
				 	// The following parameters are deprecated.
			
@@ -1341,6 +1346,21 @@ func (config *Config) Commit(migrateFromLegacyFields bool) error {
 
				 		}
			
 
				 	}
			
 
				 
			
 
				+	if config.ObfuscatedSSHAlgorithms != nil &&
			
 
				+		len(config.ObfuscatedSSHAlgorithms) != 4 {
			
 
				+		// TODO: validate each algorithm?
			
 
				+		return errors.TraceNew("invalid ObfuscatedSSHAlgorithms")
			
 
				+	}
			
 
				+
			
 
				+	if !config.DisableTunnels && config.InproxyEnableProxy &&
			
 
				+		common.ContainsAny(
			
 
				+			config.InproxyProxyPersonalCompartmentIDs,
			
 
				+			config.InproxyClientPersonalCompartmentIDs) {
			
 
				+
			
 
				+		// Don't allow an in-proxy client and proxy run in the same app to match.
			
 
				+		return errors.TraceNew("invalid overlapping personal compartment IDs")
			
 
				+	}
			
 
				+
			
 
				 	// This constraint is expected by logic in Controller.runTunnels().
			
 
				 
			
 
				 	if config.PacketTunnelTunFileDescriptor > 0 && config.TunnelPoolSize != 1 {
			
@@ -1374,12 +1394,6 @@ func (config *Config) Commit(migrateFromLegacyFields bool) error {
 
				 		return errors.Trace(err)
			
 
				 	}
			
 
				 
			
 
				-	if config.ObfuscatedSSHAlgorithms != nil &&
			
 
				-		len(config.ObfuscatedSSHAlgorithms) != 4 {
			
 
				-		// TODO: validate each algorithm?
			
 
				-		return errors.TraceNew("invalid ObfuscatedSSHAlgorithms")
			
 
				-	}
			
 
				-
			
 
				 	// parametersParameters.Set will validate the config fields applied to
			
 
				 	// parametersParameters.
			
 
				 
			
--- a/psiphon/controller.go
+++ b/psiphon/controller.go
@@ -1746,7 +1746,7 @@ func (controller *Controller) launchEstablishing() {
 
				 	// corresponding personal compartment ID, so non-in-proxy tunnel
			
 
				 	// protocols are disabled.
			
 
				 
			
 
				-	if len(controller.config.InproxyPersonalCompartmentIDs) > 0 {
			
 
				+	if len(controller.config.InproxyClientPersonalCompartmentIDs) > 0 {
			
 
				 
			
 
				 		if len(controller.protocolSelectionConstraints.initialLimitTunnelProtocols) > 0 {
			
 
				 			controller.protocolSelectionConstraints.initialLimitTunnelProtocols =
			
@@ -1758,7 +1758,13 @@ func (controller *Controller) launchEstablishing() {
 
				 			controller.protocolSelectionConstraints.limitTunnelProtocols =
			
 
				 				controller.protocolSelectionConstraints.
			
 
				 					limitTunnelProtocols.OnlyInproxyTunnelProtocols()
			
 
				-		} else {
			
 
				+		}
			
 
				+
			
 
				+		// This covers two cases: if there was no limitTunnelProtocols to
			
 
				+		// start, then limit to any in-proxy tunnel protocol; or, if there
			
 
				+		// was a limit but OnlyInproxyTunnelProtocols evaluates to an empty
			
 
				+		// list, also set the limit to any in-proxy tunnel protocol.
			
 
				+		if len(controller.protocolSelectionConstraints.limitTunnelProtocols) == 0 {
			
 
				 			controller.protocolSelectionConstraints.limitTunnelProtocols =
			
 
				 				protocol.InproxyTunnelProtocols
			
 
				 		}
			
@@ -2295,7 +2301,7 @@ loop:
 
				 			// tuning/limiting in-proxy usage independent of
			
 
				 			// LimitTunnelProtocol targeting.
			
 
				 
			
 
				-			onlyInproxy := len(controller.config.InproxyPersonalCompartmentIDs) > 0
			
 
				+			onlyInproxy := len(controller.config.InproxyClientPersonalCompartmentIDs) > 0
			
 
				 			includeInproxy := onlyInproxy || prng.FlipWeightedCoin(inproxySelectionProbability)
			
 
				 
			
 
				 			return controller.protocolSelectionConstraints.selectProtocol(
			
@@ -2769,7 +2775,7 @@ func (controller *Controller) inproxyHandleTacticsPayload(
 
				 	tacticsRecord, err := tactics.HandleTacticsPayload(
			
 
				 		GetTacticsStorer(controller.config), networkID, payload)
			
 
				 	if err != nil {
			
 
				-		NoticeError("HandleTacticsPayloadfailed: %v", errors.Trace(err))
			
 
				+		NoticeError("HandleTacticsPayload failed: %v", errors.Trace(err))
			
 
				 		return false
			
 
				 	}
			
 
				 
			
--- a/psiphon/inproxy.go
+++ b/psiphon/inproxy.go
@@ -414,7 +414,11 @@ func prepareCompartmentIDs(
 
				 
			
 
				 	maxCompartmentIDListLength := p.Int(parameters.InproxyMaxCompartmentIDListLength)
			
 
				 
			
 
				-	personalCompartmentIDs, err := inproxy.IDsFromStrings(config.InproxyPersonalCompartmentIDs)
			
 
				+	configPersonalCompartmentIDs := config.InproxyProxyPersonalCompartmentIDs
			
 
				+	if !isProxy {
			
 
				+		configPersonalCompartmentIDs = config.InproxyClientPersonalCompartmentIDs
			
 
				+	}
			
 
				+	personalCompartmentIDs, err := inproxy.IDsFromStrings(configPersonalCompartmentIDs)
			
 
				 	if err != nil {
			
 
				 		return nil, nil, errors.Trace(err)
			
 
				 	}
			
--- a/psiphon/server/api.go
+++ b/psiphon/server/api.go
@@ -995,7 +995,9 @@ func getTacticsAPIParameterLogFieldFormatter() common.APIParameterLogFieldFormat
 
				 	}
			
 
				 }
			
 
				 
			
 
				-var inproxyBrokerRequestParams = append([]requestParamSpec(nil), baseSessionParams...)
			
 
				+var inproxyBrokerRequestParams = append(
			
 
				+	append([]requestParamSpec(nil), tacticsParams...),
			
 
				+	baseSessionParams...)
			
 
				 
			
 
				 func getInproxyBrokerAPIParameterValidator(config *Config) common.APIParameterValidator {
			
 
				 	return func(params common.APIParameters) error {
			
--- a/psiphon/server/meek.go
+++ b/psiphon/server/meek.go
@@ -1843,15 +1843,19 @@ func (server *MeekServer) inproxyBrokerGetTactics(
 
				 		return nil, "", errors.Trace(err)
			
 
				 	}
			
 
				 
			
 
				+	var marshaledTacticsPayload []byte
			
 
				 	newTacticsTag := ""
			
 
				-	if tacticsPayload.Tactics != nil {
			
 
				-		newTacticsTag = tacticsPayload.Tag
			
 
				-	}
			
 
				 
			
 
				-	var marshaledTacticsPayload []byte
			
 
				-	marshaledTacticsPayload, err = json.Marshal(tacticsPayload)
			
 
				-	if err != nil {
			
 
				-		return nil, "", errors.Trace(err)
			
 
				+	if tacticsPayload != nil {
			
 
				+
			
 
				+		marshaledTacticsPayload, err = json.Marshal(tacticsPayload)
			
 
				+		if err != nil {
			
 
				+			return nil, "", errors.Trace(err)
			
 
				+		}
			
 
				+
			
 
				+		if len(tacticsPayload.Tactics) > 0 {
			
 
				+			newTacticsTag = tacticsPayload.Tag
			
 
				+		}
			
 
				 	}
			
 
				 
			
 
				 	return marshaledTacticsPayload, newTacticsTag, nil