On a suggestion from @ValdikSS, I have made a branch that adds a new -connect command-line flag to champa-client. The branch is connect-flag, currently at commit b94d1851.
It is a pretty small and simple change. I am asking for review and testing before I merge it into the main branch and make a new release.
The new flag looks like this:
-connect IP-connect IP:port
champa-client normally chooses what address to connect to by resolving the -front domain name. (Or, if the -front flag is not used, from the hostname in the -cache URL; or if the -cache flag is not used, from the actual SERVERURL command-line argument.) The -connect flag lets you override this default automatic process.
This can be useful if you know a working IP address that is different from what the front domain name would normally resolve to. Or perhaps for some exotic proxying or port forwarding setups. The -connect flag does not affect the TLS SNI nor the HTTP Host header; it only controls what address is connected to.
A full command line looks like this. Here I’ve provided an IP address to use instead of the normal IP address of www.google.com:
./champa-client -pubkey-file server.pub -cache https://cdn.ampproject.org/ -front www.google.com -connect 142.251.157.119 https://server.example/ 127.0.0.1:7000
Below is a summary of how the -cache, -front, and -connect flags affect the DNS resolution, TCP connection, TLS SNI, and HTTP Host.
champa-client https://server.example/-
DNS lookup server.example connect to server.example:443 SNI server.example Host server.example champa-client -cache https://cdn.ampproject.org/ https://server.example/-
DNS lookup server-example.cdn.ampproject.org connect to server-example.cdn.ampproject.org:443 SNI server-example.cdn.ampproject.org Host server-example.cdn.ampproject.org champa-client -cache https://cdn.ampproject.org/ -front front.com https://server.example/-
DNS lookup front.com connect to front.com:443 SNI front.com Host server-example.cdn.ampproject.org champa-client -connect 192.0.2.123 https://server.example/-
DNS lookup none connect to 192.0.2.123:443 SNI server.example Host server.example champa-client -connect 192.0.2.123 -cache https://cdn.ampproject.org/ https://server.example/-
DNS lookup none connect to 192.0.2.123:443 SNI server-example.cdn.ampproject.org Host server-example.cdn.ampproject.org champa-client -connect 192.0.2.123 -cache https://cdn.ampproject.org/ -front front.com https://server.example/-
DNS lookup none connect to 192.0.2.123:443 SNI front.com Host server-example.cdn.ampproject.org
-connect can take a port number, or it can be a hostname itself:
champa-client -connect 192.0.2.123:8443 -cache https://cdn.ampproject.org/ -front front.com https://server.example/-
DNS lookup none connect to 192.0.2.123:8443 SNI front.com Host server-example.cdn.ampproject.org champa-client -connect connect.com -cache https://cdn.ampproject.org/ -front front.com https://server.example/-
DNS lookup connect.com connect to connect.com:443 SNI front.com Host server-example.cdn.ampproject.org