Opened 5 years ago

Last modified 5 years ago

#18077 new defect

meek-server logging client IP addresses in some situations

Reported by: dcf Owned by: dcf
Priority: High Milestone:
Component: Circumvention/meek Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Today a meek-server operator saw new types of error, the text of which includes client IP addresses:

http: TLS handshake error from X.X.X.X:YYYY: EOF
http: TLS handshake error from X.X.X.X:YYYY: read tcp X.X.X.X:YYYY: i/o timeout

Child Tickets

Change History (1)

comment:1 Changed 5 years ago by dcf

It turns out this error message is not coming from meek-server itself. It is being printed by the net/http package, which does its own internal logging:

		if err := tlsConn.Handshake(); err != nil {
			c.server.logf("http: TLS handshake error from %s: %v", c.rwc.RemoteAddr(), err)

We can disable this internal logging by overriding Server.ErrorLog. However these error messages are proving useful in debugging a current issue. An alternative is to replace ErrorLog with a Writer that greps for IP addresses and scrubs them.

Note: See TracTickets for help on using tickets.