Add ConjureDTLSEmptyInitialPacketProbability

rod-hynes · Nov 13, 2023 · dd80178 · dd80178
1 parent a9d0f0a
commit dd80178
Show file tree

Hide file tree

Showing 7 changed files with 52 additions and 22 deletions.
diff --git a/psiphon/common/parameters/parameters.go b/psiphon/common/parameters/parameters.go
@@ -302,6 +302,7 @@ const (
 	ConjureLimitTransportsProbability                = "ConjureLimitTransportsProbability"
 	ConjureLimitTransports                           = "ConjureLimitTransports"
 	ConjureSTUNServerAddresses                       = "ConjureSTUNServerAddresses"
+	ConjureDTLSEmptyInitialPacketProbability         = "ConjureDTLSEmptyInitialPacketProbability"
 	CustomHostNameRegexes                            = "CustomHostNameRegexes"
 	CustomHostNameProbability                        = "CustomHostNameProbability"
 	CustomHostNameLimitProtocols                     = "CustomHostNameLimitProtocols"
@@ -674,21 +675,22 @@ var defaultParameters = map[string]struct {
 	ConjureCachedRegistrationTTL: {value: time.Duration(0), minimum: time.Duration(0)},
 	// ConjureAPIRegistrarURL parameter is obsoleted by ConjureAPIRegistrarBidirectionalURL.
 	// TODO: remove once no longer required for older clients.
-	ConjureAPIRegistrarURL:              {value: ""},
-	ConjureAPIRegistrarBidirectionalURL: {value: ""},
-	ConjureAPIRegistrarFrontingSpecs:    {value: FrontingSpecs{}},
-	ConjureAPIRegistrarMinDelay:         {value: time.Duration(0), minimum: time.Duration(0)},
-	ConjureAPIRegistrarMaxDelay:         {value: time.Duration(0), minimum: time.Duration(0)},
-	ConjureDecoyRegistrarProbability:    {value: 0.0, minimum: 0.0},
-	ConjureDecoyRegistrarWidth:          {value: 5, minimum: 0},
-	ConjureDecoyRegistrarMinDelay:       {value: time.Duration(0), minimum: time.Duration(0)},
-	ConjureDecoyRegistrarMaxDelay:       {value: time.Duration(0), minimum: time.Duration(0)},
-	ConjureEnableIPv6Dials:              {value: true},
-	ConjureEnablePortRandomization:      {value: true},
-	ConjureEnableRegistrationOverrides:  {value: false},
-	ConjureLimitTransportsProbability:   {value: 1.0, minimum: 0.0},
-	ConjureLimitTransports:              {value: protocol.ConjureTransports{}},
-	ConjureSTUNServerAddresses:          {value: []string{}},
+	ConjureAPIRegistrarURL:                   {value: ""},
+	ConjureAPIRegistrarBidirectionalURL:      {value: ""},
+	ConjureAPIRegistrarFrontingSpecs:         {value: FrontingSpecs{}},
+	ConjureAPIRegistrarMinDelay:              {value: time.Duration(0), minimum: time.Duration(0)},
+	ConjureAPIRegistrarMaxDelay:              {value: time.Duration(0), minimum: time.Duration(0)},
+	ConjureDecoyRegistrarProbability:         {value: 0.0, minimum: 0.0},
+	ConjureDecoyRegistrarWidth:               {value: 5, minimum: 0},
+	ConjureDecoyRegistrarMinDelay:            {value: time.Duration(0), minimum: time.Duration(0)},
+	ConjureDecoyRegistrarMaxDelay:            {value: time.Duration(0), minimum: time.Duration(0)},
+	ConjureEnableIPv6Dials:                   {value: true},
+	ConjureEnablePortRandomization:           {value: true},
+	ConjureEnableRegistrationOverrides:       {value: false},
+	ConjureLimitTransportsProbability:        {value: 1.0, minimum: 0.0},
+	ConjureLimitTransports:                   {value: protocol.ConjureTransports{}},
+	ConjureSTUNServerAddresses:               {value: []string{}},
+	ConjureDTLSEmptyInitialPacketProbability: {value: 0.0, minimum: 0.0},
 
 	CustomHostNameRegexes:        {value: RegexStrings{}},
 	CustomHostNameProbability:    {value: 0.0, minimum: 0.0},

diff --git a/psiphon/common/refraction/config.go b/psiphon/common/refraction/config.go
@@ -107,6 +107,11 @@ type ConjureConfig struct {
 	// protcol.CONJURE_TRANSPORT_DTLS_OSSH.
 	STUNServerAddress string
 
+	// DTLSEmptyInitialPacket specifies whether to prefix the DTLS flow with
+	// an initial empty packet. Used only for
+	// protcol.CONJURE_TRANSPORT_DTLS_OSSH.
+	DTLSEmptyInitialPacket bool
+
 	// DiagnosticID identifies this dial in diagnostics.
 	DiagnosticID string
 

diff --git a/psiphon/common/refraction/refraction.go b/psiphon/common/refraction/refraction.go
@@ -275,6 +275,7 @@ func dial(
 	conjureMetricTransport := ""
 	conjureMetricPrefix := ""
 	conjureMetricSTUNServerAddress := ""
+	conjureMetricDTLSEmptyInitialPacket := false
 
 	var conjureCachedRegistration *refraction_networking_client.ConjureReg
 	var conjureRecordRegistrar *recordRegistrar
@@ -465,10 +466,12 @@ func dial(
 			}
 			config.SetParams(
 				&refraction_networking_dtls.ClientConfig{
-					STUNServer: conjureConfig.STUNServerAddress,
+					STUNServer:          conjureConfig.STUNServerAddress,
+					DisableIRWorkaround: !conjureConfig.DTLSEmptyInitialPacket,
 				})
 
 			conjureMetricSTUNServerAddress = conjureConfig.STUNServerAddress
+			conjureMetricDTLSEmptyInitialPacket = conjureConfig.DTLSEmptyInitialPacket
 
 			refractionDialer.Transport = transport.ID()
 			refractionDialer.TransportConfig = config
@@ -571,6 +574,7 @@ func dial(
 		refractionConn.conjureMetricTransport = conjureMetricTransport
 		refractionConn.conjureMetricPrefix = conjureMetricPrefix
 		refractionConn.conjureMetricSTUNServerAddress = conjureMetricSTUNServerAddress
+		refractionConn.conjureMetricDTLSEmptyInitialPacket = conjureMetricDTLSEmptyInitialPacket
 	}
 
 	return refractionConn, nil
@@ -988,12 +992,13 @@ type refractionConn struct {
 	manager  *dialManager
 	isClosed int32
 
-	isConjure                      bool
-	conjureMetricCached            bool
-	conjureMetricDelay             time.Duration
-	conjureMetricTransport         string
-	conjureMetricPrefix            string
-	conjureMetricSTUNServerAddress string
+	isConjure                           bool
+	conjureMetricCached                 bool
+	conjureMetricDelay                  time.Duration
+	conjureMetricTransport              string
+	conjureMetricPrefix                 string
+	conjureMetricSTUNServerAddress      string
+	conjureMetricDTLSEmptyInitialPacket bool
 }
 
 func (conn *refractionConn) Write(p []byte) (int, error) {
@@ -1055,6 +1060,14 @@ func (conn *refractionConn) GetMetrics() common.LogFields {
 			logFields["conjure_stun"] = conn.conjureMetricSTUNServerAddress
 		}
 
+		if conn.conjureMetricTransport == protocol.CONJURE_TRANSPORT_DTLS_OSSH {
+			emptyPacket := "0"
+			if conn.conjureMetricDTLSEmptyInitialPacket {
+				emptyPacket = "1"
+			}
+			logFields["conjure_empty_packet"] = emptyPacket
+		}
+
 		host, port, err := net.SplitHostPort(conn.RemoteAddr().String())
 		if err == nil {
 			network := "IPv4"

diff --git a/psiphon/config.go b/psiphon/config.go
@@ -808,6 +808,7 @@ type Config struct {
 	ConjureEnableRegistrationOverrides        *bool
 	ConjureLimitTransports                    protocol.ConjureTransports
 	ConjureSTUNServerAddresses                []string
+	ConjureDTLSEmptyInitialPacketProbability  *float64
 
 	// HoldOffTunnelMinDurationMilliseconds and other HoldOffTunnel fields are
 	// for testing purposes.
@@ -1902,6 +1903,10 @@ func (config *Config) makeConfigParameters() map[string]interface{} {
 		applyParameters[parameters.ConjureSTUNServerAddresses] = config.ConjureSTUNServerAddresses
 	}
 
+	if config.ConjureDTLSEmptyInitialPacketProbability != nil {
+		applyParameters[parameters.ConjureDTLSEmptyInitialPacketProbability] = *config.ConjureDTLSEmptyInitialPacketProbability
+	}
+
 	if config.HoldOffTunnelMinDurationMilliseconds != nil {
 		applyParameters[parameters.HoldOffTunnelMinDuration] = fmt.Sprintf("%dms", *config.HoldOffTunnelMinDurationMilliseconds)
 	}

diff --git a/psiphon/dialParameters.go b/psiphon/dialParameters.go
@@ -140,6 +140,7 @@ type DialParameters struct {
 	ConjureDecoyRegistrarWidth          int
 	ConjureTransport                    string
 	ConjureSTUNServerAddress            string
+	ConjureDTLSEmptyInitialPacket       bool
 
 	LivenessTestSeed *prng.Seed
 
@@ -637,6 +638,8 @@ func MakeDialParameters(
 					"no Conjure STUN servers addresses configured for transport %s", dialParams.ConjureTransport)
 			}
 			dialParams.ConjureSTUNServerAddress = stunServerAddresses[prng.Intn(len(stunServerAddresses))]
+			dialParams.ConjureDTLSEmptyInitialPacket = p.WeightedCoinFlip(
+				parameters.ConjureDTLSEmptyInitialPacketProbability)
 		}
 	}
 

diff --git a/psiphon/server/api.go b/psiphon/server/api.go
@@ -945,6 +945,7 @@ var baseDialParams = []requestParamSpec{
 	{"conjure_transport", isAnyString, requestParamOptional},
 	{"conjure_prefix", isAnyString, requestParamOptional},
 	{"conjure_stun", isAnyString, requestParamOptional},
+	{"conjure_empty_packet", isBooleanFlag, requestParamOptional | requestParamLogFlagAsBool},
 	{"conjure_network", isAnyString, requestParamOptional},
 	{"conjure_port_number", isAnyString, requestParamOptional},
 	{"split_tunnel", isBooleanFlag, requestParamOptional | requestParamLogFlagAsBool},

diff --git a/psiphon/tunnel.go b/psiphon/tunnel.go
@@ -842,6 +842,7 @@ func dialTunnel(
 			EnableRegistrationOverrides: conjureEnableRegistrationOverrides,
 			Transport:                   dialParams.ConjureTransport,
 			STUNServerAddress:           dialParams.ConjureSTUNServerAddress,
+			DTLSEmptyInitialPacket:      dialParams.ConjureDTLSEmptyInitialPacket,
 			DiagnosticID:                diagnosticID,
 			Logger:                      NoticeCommonLogger(),
 		}