[tor-bugs] #13171 [meek]: meek's reflector should forward the client's IP address/port to the bridge.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Sep 16 10:58:54 UTC 2014
#13171: meek's reflector should forward the client's IP address/port to the bridge.
-------------------------+---------------------
Reporter: yawning | Owner: dcf
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: meek | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-------------------------+---------------------
It would be nice to do this so the value passed to the ExtORPort was
correct for better metrics. A few ways this could be done, off the top of
my head:
* Set `X-Forwarded-For`. The "standard" layout of this field doesn't
include the port, but since it's unofficial, there's nothing stopping us
from adding it. This would require us to secure the link between the
reflector and the meek-server instance separately, which means TLS.
* Set a custom header (Eg: `Meek-Forwarded-For`), with a
encrypted/encoded IP/Port pair. Less overhead than bringing TLS into the
picture. I would use something like a Base64 encoded NaCl
crypto_secretbox. Key management here may be an issue, though it depends
on who runs the bridge and reflector (The other method has cert management
to deal with so this isn't a strict minus IMO).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13171>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list