Right now there are some things that only tlstunnel is aware of that we'd really like to report to the associated Python process (tlwebaccess/tlwebadm). The prime example is the IP address of the client. The solution to this depends on if we want an ongoing side channel, or just at the start. The simpler case is just at the start and we could solve that by having the first thing transferred being some kind of structure (e.g. JSON). After that the normal data could continue. One advantage to this is that we could get rid of the extra socket used for non-TLS traffic and just have a boolean in the metadata instead.
It's unclear what is missing here and what we need it for. The IP address was resolved when we changed the tlstunnel architecture. We don't know what is needed for anything else. So closing.