Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Trac Trac
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • Legacy
  • TracTrac
  • Issues
  • #13171
Closed (moved) (moved)
Open
Created Sep 16, 2014 by Yawning Angel@yawning

meek's reflector should forward the client's IP address/port to the bridge.

It would be nice to do this so the value passed to the ExtORPort was correct for better metrics. A few ways this could be done, off the top of my head:

  • Set X-Forwarded-For. The "standard" layout of this field doesn't include the port, but since it's unofficial, there's nothing stopping us from adding it. This would require us to secure the link between the reflector and the meek-server instance separately, which means TLS.
  • Set a custom header (Eg: Meek-Forwarded-For), with a encrypted/encoded IP/Port pair. Less overhead than bringing TLS into the picture. I would use something like a Base64 encoded NaCl crypto_secretbox. Key management here may be an issue, though it depends on who runs the bridge and reflector (The other method has cert management to deal with so this isn't a strict minus IMO).
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking