romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-06-03 02:34:19 +03:00
Code Issues Projects Releases Packages Wiki Activity
curl/tests/http/conftest.py
Aritra Basu e78b1b3ecc
HTTP/3: add proxy CONNECT and MASQUE CONNECT-UDP support (ngtcp2 QUIC) 
This patch adds two major proxy capabilities to curl (ngtcp2 QUIC):
- HTTP/3 Proxy CONNECT: Tunnel HTTP/1.1 or HTTP/2 traffic through an
  HTTPS proxy that speaks HTTP/3 (QUIC) using the standard CONNECT
  method over an HTTP/3 connection.
- MASQUE CONNECT-UDP: Tunnel HTTP/3 (QUIC) traffic through an HTTP
  proxy (speaking HTTP/1.1, HTTP/2, or HTTP/3) using the extended
  CONNECT method with the CONNECT-UDP protocol (RFC9297 & RFC9298).

Public API additions:
- `CURLPROXY_HTTPS3`: new proxy type constant for HTTP/3 proxy
- `--proxy-http3`: new CLI flag to negotiate HTTP/3 with HTTPS proxy

The implementation adds two new filters:
- `H3-PROXY` - enables negotiating HTTP/3 (QUIC) to the proxy and
  running CONNECT/CONNECT-UDP through that proxy transport.
- `CAPSULE` - dedicated filter inserted between QUIC transport and
  HTTP-PROXY to handle datagram capsule encapsulation/decapsulation.

Here is how the curl filter chaining looks in different scenarios:
- HTTP/3 Proxy CONNECT (tunneling TCP protocols over QUIC proxy):
  conn -> HTTP/1.1 or HTTP/2  -> SSL -> HTTP-PROXY ->
                                 H3-PROXY -> HAPPY-EYEBALLS -> UDP
- MASQUE CONNECT-UDP (tunneling QUIC over any proxy):
  conn -> HTTP/3 -> CAPSULE -> HTTP-PROXY -> H3-PROXY ->
                               HAPPY-EYEBALLS -> UDP
  conn -> HTTP/3 -> CAPSULE -> HTTP-PROXY -> H1-PROXY or H2-PROXY ->
                               SSL -> HAPPY-EYEBALLS -> TCP

- Both features currently require the ngtcp2 QUIC backend.
- Both features are experimental (disabled by default). Enable with
  `--enable-proxy-http3`(autotools) or `-DUSE_PROXY_HTTP3=ON`(CMake).

Tests:
- tests/unit/unit3400.c: Unit tests for capsule protocol encode/decode
- tests/http/test_60_h3_proxy.py: Comprehensive pytest integration suite
- tests/http/testenv/h2o.py: Managing h2o instances with HTTP/1.1, HTTP/2,
  and HTTP/3 (QUIC) listeners, proxy.connect and proxy.connect-udp enabled.

References:
  RFC 9297 - HTTP Datagrams and the Capsule Protocol
  RFC 9298 - Proxying UDP in HTTP
  RFC 9000 §16 — Variable-Length Integer Encoding

Signed-off-by: Aritra Basu <aritrbas+gh@cisco.com>

Closes #21153
2026-05-27 08:49:53 +02:00

191 lines
6 KiB
Python
Raw Blame History

# ***************************************************************************
# _ _ ____ _
# Project ___| | | | _ \| |
# / __| | | | |_) | |
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
# are also available at https://curl.se/docs/copyright.html.
#
# You may opt to use, copy, modify, merge, publish, distribute and/or sell
# copies of the Software, and permit persons to whom the Software is
# furnished to do so, under the terms of the COPYING file.
#
# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
# KIND, either express or implied.
#
# SPDX-License-Identifier: curl
#
###########################################################################
#
import logging
import os
import platform
import sys
from typing import Generator, Union
import pytest
from testenv.env import EnvConfig
sys.path.append(os.path.join(os.path.dirname(__file__), "."))
from testenv import Env, Httpd, Nghttpx, NghttpxFwd, NghttpxQuic, Sshd
from testenv.h2o import H2oProxy, H2oServer
log = logging.getLogger(__name__)
def pytest_report_header(config):
# Env inits its base properties only once, we can report them here
env = Env()
report = [
f"Testing curl {env.curl_version()}",
f" platform: {platform.platform()}",
f" curl: Version: {env.curl_version_string()}",
f" curl: Features: {env.curl_features_string()}",
f" curl: Protocols: {env.curl_protocols_string()}",
f" httpd: {env.httpd_version()}",
f" httpd-proxy: {env.httpd_version()}",
]
if env.have_h3():
report.extend([f" nghttpx: {env.nghttpx_version()}"])
if env.have_h2o():
report.extend([f" h2o: {env.h2o_version()}"])
if env.has_caddy():
report.extend([f" Caddy: {env.caddy_version()}"])
if env.has_vsftpd():
report.extend([f" VsFTPD: {env.vsftpd_version()}"])
buildinfo_fn = os.path.join(env.build_dir, "buildinfo.txt")
if os.path.exists(buildinfo_fn):
with open(buildinfo_fn, "r") as file_in:
for line in file_in:
line = line.strip()
if line and not line.startswith("#"):
report.extend([line])
return "\n".join(report)
@pytest.fixture(scope="session")
def env_config(pytestconfig, testrun_uid, worker_id) -> EnvConfig:
return EnvConfig(
pytestconfig=pytestconfig, testrun_uid=testrun_uid, worker_id=worker_id
)
@pytest.fixture(scope="session", autouse=True)
def env(pytestconfig, env_config) -> Env:
env = Env(pytestconfig=pytestconfig, env_config=env_config)
level = logging.DEBUG if env.verbose > 0 else logging.INFO
logging.getLogger("").setLevel(level=level)
if not env.curl_has_protocol("http"):
pytest.skip("curl built without HTTP support")
if not env.curl_has_protocol("https"):
pytest.skip("curl built without HTTPS support")
if env.setup_incomplete():
pytest.skip(env.incomplete_reason())
env.setup()
return env
@pytest.fixture(scope="session")
def httpd(env) -> Generator[Httpd, None, None]:
httpd = Httpd(env=env)
if not httpd.exists():
pytest.skip(f"httpd not found: {env.httpd}")
httpd.clear_logs()
assert httpd.initial_start()
yield httpd
httpd.stop()
@pytest.fixture(scope="session")
def nghttpx(env, httpd) -> Generator[Union[Nghttpx, bool], None, None]:
nghttpx = NghttpxQuic(env=env)
if nghttpx.exists():
if not nghttpx.supports_h3() and env.have_h3_curl():
log.warning("nghttpx does not support QUIC, but curl does")
nghttpx.clear_logs()
assert nghttpx.initial_start()
yield nghttpx
nghttpx.stop()
else:
yield False
@pytest.fixture(scope="session")
def nghttpx_fwd(env, httpd) -> Generator[Union[Nghttpx, bool], None, None]:
nghttpx = NghttpxFwd(env=env)
if nghttpx.exists():
nghttpx.clear_logs()
assert nghttpx.initial_start()
yield nghttpx
nghttpx.stop()
else:
yield False
@pytest.fixture(scope="session")
def sshd(env: Env) -> Generator[Union[Sshd, bool], None, None]:
if env.has_sshd():
sshd = Sshd(env=env)
assert sshd.initial_start(), f"{sshd.dump_log()}"
yield sshd
sshd.stop()
else:
yield False
@pytest.fixture(scope="session")
def configures_httpd(env, httpd) -> Generator[bool, None, None]:
# include this fixture as test parameter if the test configures httpd itself
yield True
@pytest.fixture(scope="session")
def configures_nghttpx(env, httpd) -> Generator[bool, None, None]:
# include this fixture as test parameter if the test configures nghttpx itself
yield True
@pytest.fixture(autouse=True, scope="function")
def server_reset(request, env, httpd, nghttpx):
# make sure httpd is in default configuration when a test starts
if "configures_httpd" not in request.node._fixtureinfo.argnames:
httpd.reset_config()
httpd.reload_if_config_changed()
if (
env.have_h3()
and "nghttpx" in request.node._fixtureinfo.argnames
and "configures_nghttpx" not in request.node._fixtureinfo.argnames
):
nghttpx.reset_config()
nghttpx.reload_if_config_changed()
@pytest.fixture(scope="session")
def h2o_server(env) -> Generator[Union[H2oServer, bool], None, None]:
h2o = H2oServer(env=env)
if env.have_h2o():
h2o.clear_logs()
assert h2o.initial_start()
yield h2o
h2o.stop()
else:
yield False
@pytest.fixture(scope="session")
def h2o_proxy(env) -> Generator[Union[H2oProxy, bool], None, None]:
h2o = H2oProxy(env=env)
if env.have_h2o():
h2o.clear_logs()
assert h2o.initial_start()
yield h2o
h2o.stop()
else:
yield False
Reference in a new issue View git blame Copy permalink