Opened 23 months ago

Last modified 23 months ago

#18077 new defect

meek-server logging client IP addresses in some situations

Reported by: dcf Owned by: dcf
Priority: High Milestone:
Component: Obfuscation/meek Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Today a meek-server operator saw new types of error, the text of which includes client IP addresses:

http: TLS handshake error from X.X.X.X:YYYY: EOF
http: TLS handshake error from X.X.X.X:YYYY: read tcp X.X.X.X:YYYY: i/o timeout

Child Tickets

Change History (1)

comment:1 Changed 23 months ago by dcf

It turns out this error message is not coming from meek-server itself. It is being printed by the net/http package, which does its own internal logging:
https://github.com/golang/go/blob/go1.5.2/src/net/http/server.go#L1304

		if err := tlsConn.Handshake(); err != nil {
			c.server.logf("http: TLS handshake error from %s: %v", c.rwc.RemoteAddr(), err)
			return
		}

We can disable this internal logging by overriding Server.ErrorLog. However these error messages are proving useful in debugging a current issue. An alternative is to replace ErrorLog with a Writer that greps for IP addresses and scrubs them.

Note: See TracTickets for help on using tickets.