Log messages from client NAT check failures are confusing

When CheckIfRestrictedNAT fails with an error, it logs a message like Error: no response from server. But in context, the messages confusingly appear to refer to the broker rendezvous, not the STUN server connection:

Target URL:  snowflake-broker.torproject.net.global.prod.fastly.net
Front URL:   cdn.sstatic.net
Error: no response from server
Error: no response from server
Error: no response from server

In this situation, communication with the broker has succeeded and a proxy has been assigned, but the client is having trouble checking its own NAT type. These log messages should say "STUN" or "NAT" somewhere in them, and ideally also the address of the server that failed (possibly subject to safe-log scrubbing).

Refactoring suggestion: instead of having a log call at every return of isRestrictedMapping, you can use fmt.Errorf("...: %w") to wrap the underlying error with additional context, and just return the error. That way, the logging can be consolidated in updateNATType, which is also where the STUN server address can be added and displayed.

Edited Apr 29, 2022 by David Fifield