mirror of
https://github.com/curl/curl.git
synced 2026-06-02 12:44:16 +03:00
e78b1b3ecc
This patch adds two major proxy capabilities to curl (ngtcp2 QUIC):
- HTTP/3 Proxy CONNECT: Tunnel HTTP/1.1 or HTTP/2 traffic through an
HTTPS proxy that speaks HTTP/3 (QUIC) using the standard CONNECT
method over an HTTP/3 connection.
- MASQUE CONNECT-UDP: Tunnel HTTP/3 (QUIC) traffic through an HTTP
proxy (speaking HTTP/1.1, HTTP/2, or HTTP/3) using the extended
CONNECT method with the CONNECT-UDP protocol (RFC9297 & RFC9298).
Public API additions:
- `CURLPROXY_HTTPS3`: new proxy type constant for HTTP/3 proxy
- `--proxy-http3`: new CLI flag to negotiate HTTP/3 with HTTPS proxy
The implementation adds two new filters:
- `H3-PROXY` - enables negotiating HTTP/3 (QUIC) to the proxy and
running CONNECT/CONNECT-UDP through that proxy transport.
- `CAPSULE` - dedicated filter inserted between QUIC transport and
HTTP-PROXY to handle datagram capsule encapsulation/decapsulation.
Here is how the curl filter chaining looks in different scenarios:
- HTTP/3 Proxy CONNECT (tunneling TCP protocols over QUIC proxy):
conn -> HTTP/1.1 or HTTP/2 -> SSL -> HTTP-PROXY ->
H3-PROXY -> HAPPY-EYEBALLS -> UDP
- MASQUE CONNECT-UDP (tunneling QUIC over any proxy):
conn -> HTTP/3 -> CAPSULE -> HTTP-PROXY -> H3-PROXY ->
HAPPY-EYEBALLS -> UDP
conn -> HTTP/3 -> CAPSULE -> HTTP-PROXY -> H1-PROXY or H2-PROXY ->
SSL -> HAPPY-EYEBALLS -> TCP
- Both features currently require the ngtcp2 QUIC backend.
- Both features are experimental (disabled by default). Enable with
`--enable-proxy-http3`(autotools) or `-DUSE_PROXY_HTTP3=ON`(CMake).
Tests:
- tests/unit/unit3400.c: Unit tests for capsule protocol encode/decode
- tests/http/test_60_h3_proxy.py: Comprehensive pytest integration suite
- tests/http/testenv/h2o.py: Managing h2o instances with HTTP/1.1, HTTP/2,
and HTTP/3 (QUIC) listeners, proxy.connect and proxy.connect-udp enabled.
References:
RFC 9297 - HTTP Datagrams and the Capsule Protocol
RFC 9298 - Proxying UDP in HTTP
RFC 9000 §16 — Variable-Length Integer Encoding
Signed-off-by: Aritra Basu <aritrbas+gh@cisco.com>
Closes #21153
|
||
|---|---|---|
| .. | ||
| cmdline-opts | ||
| examples | ||
| internals | ||
| libcurl | ||
| tests | ||
| .gitignore | ||
| ALTSVC.md | ||
| BINDINGS.md | ||
| BUG-BOUNTY.md | ||
| BUGS.md | ||
| CIPHERS-TLS12.md | ||
| CIPHERS.md | ||
| CMakeLists.txt | ||
| CODE_OF_CONDUCT.md | ||
| CODE_REVIEW.md | ||
| CONTRIBUTE.md | ||
| curl-config.md | ||
| CURL-DISABLE.md | ||
| CURLDOWN.md | ||
| DEPRECATE.md | ||
| DISTROS.md | ||
| EARLY-RELEASE.md | ||
| ECH.md | ||
| EXPERIMENTAL.md | ||
| FAQ.md | ||
| FEATURES.md | ||
| GOVERNANCE.md | ||
| HELP-US.md | ||
| HISTORY.md | ||
| HSTS.md | ||
| HTTP-COOKIES.md | ||
| HTTP3.md | ||
| HTTPSRR.md | ||
| INFRASTRUCTURE.md | ||
| INSTALL | ||
| INSTALL-CMAKE.md | ||
| INSTALL.md | ||
| INTERNALS.md | ||
| IPFS.md | ||
| KNOWN_BUGS.md | ||
| KNOWN_RISKS.md | ||
| MAIL-ETIQUETTE.md | ||
| Makefile.am | ||
| MANUAL.md | ||
| mk-ca-bundle.md | ||
| options-in-versions | ||
| README.md | ||
| RELEASE-PROCEDURE.md | ||
| ROADMAP.md | ||
| runtests.md | ||
| RUSTLS.md | ||
| SECURITY-ADVISORY.md | ||
| SPONSORS.md | ||
| SSL-PROBLEMS.md | ||
| SSLCERTS.md | ||
| testcurl.md | ||
| THANKS | ||
| THANKS-filter | ||
| TheArtOfHttpScripting.md | ||
| TODO.md | ||
| URL-SYNTAX.md | ||
| VERIFY.md | ||
| VERSIONS.md | ||
| VULN-DISCLOSURE-POLICY.md | ||
| wcurl.md | ||
Documentation
You find a mix of various documentation in this directory and subdirectories, using several different formats. Some of them are not ideal for reading directly in your browser.
If you would rather see the rendered version of the documentation, check out the curl website's documentation section for general curl stuff or the libcurl section for libcurl related documentation.