Merge pull request #216 from rod-hynes/master

Fix: apply throttling net.Conn layer early enough to take effect
Psiphon-Labs · Jul 20, 2016 · c88f4ea · c88f4ea
2 parents e7588d8 + b3d6ea7
commit c88f4ea
Showing 1 changed file with 17 additions and 13 deletions.
diff --git a/psiphon/tunnel.go b/psiphon/tunnel.go
@@ -124,20 +124,17 @@ func EstablishTunnel(
 	}
 
 	// Build transport layers and establish SSH connection
-	dialConn, sshClient, dialStats, err := dialSsh(
+	conn, sshClient, dialStats, err := dialSsh(
 		config, pendingConns, serverEntry, selectedProtocol, sessionId)
 	if err != nil {
 		return nil, common.ContextError(err)
 	}
 
-	// Apply throttling (if configured)
-	conn := common.NewThrottledConn(dialConn, config.RateLimits)
-
 	// Cleanup on error
 	defer func() {
 		if err != nil {
 			sshClient.Close()
-			dialConn.Close()
+			conn.Close()
 		}
 	}()
 
@@ -178,7 +175,7 @@ func EstablishTunnel(
 	tunnel.startTime = time.Now()
 
 	// Now that network operations are complete, cancel interruptibility
-	pendingConns.Remove(dialConn)
+	pendingConns.Remove(conn)
 
 	// Spawn the operateTunnel goroutine, which monitors the tunnel and handles periodic stats updates.
 	tunnel.operateWaitGroup.Add(1)
@@ -589,32 +586,35 @@ func dialSsh(
 		DeviceRegion:                  config.DeviceRegion,
 		ResolvedIPCallback:            setResolvedIPAddress,
 	}
-	var conn net.Conn
+	var dialConn net.Conn
 	if meekConfig != nil {
-		conn, err = DialMeek(meekConfig, dialConfig)
+		dialConn, err = DialMeek(meekConfig, dialConfig)
 		if err != nil {
 			return nil, nil, nil, common.ContextError(err)
 		}
 	} else {
-		conn, err = DialTCP(directTCPDialAddress, dialConfig)
+		dialConn, err = DialTCP(directTCPDialAddress, dialConfig)
 		if err != nil {
 			return nil, nil, nil, common.ContextError(err)
 		}
 	}
 
-	cleanupConn := conn
+	cleanupConn := dialConn
 	defer func() {
 		// Cleanup on error
 		if cleanupConn != nil {
 			cleanupConn.Close()
 		}
 	}()
 
+	// Apply throttling (if configured)
+	throttledConn := common.NewThrottledConn(dialConn, config.RateLimits)
+
 	// Add obfuscated SSH layer
-	sshConn := conn
+	var sshConn net.Conn = throttledConn
 	if useObfuscatedSsh {
 		sshConn, err = NewObfuscatedSshConn(
-			OBFUSCATION_CONN_MODE_CLIENT, conn, serverEntry.SshObfuscatedKey)
+			OBFUSCATION_CONN_MODE_CLIENT, throttledConn, serverEntry.SshObfuscatedKey)
 		if err != nil {
 			return nil, nil, nil, common.ContextError(err)
 		}
@@ -720,7 +720,11 @@ func dialSsh(
 
 	cleanupConn = nil
 
-	return conn, result.sshClient, dialStats, nil
+	// Note: dialConn may be used to close the underlying network connection
+	// but should not be used to perform I/O as that would interfere with SSH
+	// (and also bypasses throttling).
+
+	return dialConn, result.sshClient, dialStats, nil
 }
 
 func makeRandomPeriod(min, max time.Duration) time.Duration {