conjure icon indicating copy to clipboard operation
conjure copied to clipboard
verified publisher icon refraction-networking

Allow client to send public IP in bdapi request

Open cohosh opened this issue 7 months ago • 2 comments

This change adds an IP field to bidirectional API registration requests and prioritizes this field, if it exists, over the station-determined remote address. Clients can use STUN to determine their public IP address.

This feature is particularly useful for domain-fronted connections over CDNs that mask the client IP for privacy reasons. Closes https://github.com/refraction-networking/conjure/issues/286

The one thing I wasn't sure about was the purpose of the condition that I removed from regprocessor.go:

c2sPayload.GetRegistrationSource() == regMethod

I assume this is here for some backwards compatability reasons. I couldn't see a reason to not remove it, but I might have missed something.

cohosh avatar May 13 '25 20:05 cohosh

Sorry, just noticed the failing test. I'll get to this in an hour or so.

cohosh avatar May 13 '25 20:05 cohosh

I added two new tests, for the unidirectional and bidirectional API. If there was an original IP specified in the registration, it will not be overwritten by the registration server. If there was not an original IP then it will be overwritten by the registration server.

This does change functionality that was tested for, I'm curious about your thoughts on this change.

cohosh avatar May 14 '25 14:05 cohosh

Thanks for the quick feedback and the edits! I was out of town for a few days and am just catching up now. There's no rush on a deployment but when it does happen let me know and I'll update our client software to use domain fronting again. Thank you!

cohosh avatar May 21 '25 13:05 cohosh

Deployed!

mingyech avatar Jun 03 '25 20:06 mingyech

Thank you, I just tried it out and it works great!

cohosh avatar Jun 04 '25 00:06 cohosh