meek's reflector should forward the client's IP address/port to the bridge.
|Reported by:||yawning||Owned by:||dcf|
It would be nice to do this so the value passed to the ExtORPort was correct for better metrics. A few ways this could be done, off the top of my head:
- Set X-Forwarded-For. The "standard" layout of this field doesn't include the port, but since it's unofficial, there's nothing stopping us from adding it. This would require us to secure the link between the reflector and the meek-server instance separately, which means TLS.
- Set a custom header (Eg: Meek-Forwarded-For), with a encrypted/encoded IP/Port pair. Less overhead than bringing TLS into the picture. I would use something like a Base64 encoded NaCl crypto_secretbox. Key management here may be an issue, though it depends on who runs the bridge and reflector (The other method has cert management to deal with so this isn't a strict minus IMO).
Change History (20)
comment:7 Changed 17 months ago by dcf
- Severity set to Normal
- Status changed from new to needs_review
Changed 16 months ago by dcf
comment:10 Changed 16 months ago by dcf
- Resolution set to fixed
- Status changed from needs_review to closed