e78b1b3ecc
This patch adds two major proxy capabilities to curl (ngtcp2 QUIC):
- HTTP/3 Proxy CONNECT: Tunnel HTTP/1.1 or HTTP/2 traffic through an
HTTPS proxy that speaks HTTP/3 (QUIC) using the standard CONNECT
method over an HTTP/3 connection.
- MASQUE CONNECT-UDP: Tunnel HTTP/3 (QUIC) traffic through an HTTP
proxy (speaking HTTP/1.1, HTTP/2, or HTTP/3) using the extended
CONNECT method with the CONNECT-UDP protocol (RFC9297 & RFC9298).
Public API additions:
- `CURLPROXY_HTTPS3`: new proxy type constant for HTTP/3 proxy
- `--proxy-http3`: new CLI flag to negotiate HTTP/3 with HTTPS proxy
The implementation adds two new filters:
- `H3-PROXY` - enables negotiating HTTP/3 (QUIC) to the proxy and
running CONNECT/CONNECT-UDP through that proxy transport.
- `CAPSULE` - dedicated filter inserted between QUIC transport and
HTTP-PROXY to handle datagram capsule encapsulation/decapsulation.
Here is how the curl filter chaining looks in different scenarios:
- HTTP/3 Proxy CONNECT (tunneling TCP protocols over QUIC proxy):
conn -> HTTP/1.1 or HTTP/2 -> SSL -> HTTP-PROXY ->
H3-PROXY -> HAPPY-EYEBALLS -> UDP
- MASQUE CONNECT-UDP (tunneling QUIC over any proxy):
conn -> HTTP/3 -> CAPSULE -> HTTP-PROXY -> H3-PROXY ->
HAPPY-EYEBALLS -> UDP
conn -> HTTP/3 -> CAPSULE -> HTTP-PROXY -> H1-PROXY or H2-PROXY ->
SSL -> HAPPY-EYEBALLS -> TCP
- Both features currently require the ngtcp2 QUIC backend.
- Both features are experimental (disabled by default). Enable with
`--enable-proxy-http3`(autotools) or `-DUSE_PROXY_HTTP3=ON`(CMake).
Tests:
- tests/unit/unit3400.c: Unit tests for capsule protocol encode/decode
- tests/http/test_60_h3_proxy.py: Comprehensive pytest integration suite
- tests/http/testenv/h2o.py: Managing h2o instances with HTTP/1.1, HTTP/2,
and HTTP/3 (QUIC) listeners, proxy.connect and proxy.connect-udp enabled.
References:
RFC 9297 - HTTP Datagrams and the Capsule Protocol
RFC 9298 - Proxying UDP in HTTP
RFC 9000 §16 — Variable-Length Integer Encoding
Signed-off-by: Aritra Basu <aritrbas+gh@cisco.com>
Closes #21153
|
||
|---|---|---|
| .. | ||
| .gitignore | ||
| CMakeLists.txt | ||
| Makefile.am | ||
| Makefile.inc | ||
| README.md | ||
| unit1300.c | ||
| unit1302.c | ||
| unit1303.c | ||
| unit1304.c | ||
| unit1305.c | ||
| unit1307.c | ||
| unit1309.c | ||
| unit1323.c | ||
| unit1330.c | ||
| unit1395.c | ||
| unit1396.c | ||
| unit1397.c | ||
| unit1398.c | ||
| unit1399.c | ||
| unit1600.c | ||
| unit1601.c | ||
| unit1602.c | ||
| unit1603.c | ||
| unit1605.c | ||
| unit1606.c | ||
| unit1607.c | ||
| unit1608.c | ||
| unit1609.c | ||
| unit1610.c | ||
| unit1611.c | ||
| unit1612.c | ||
| unit1614.c | ||
| unit1615.c | ||
| unit1616.c | ||
| unit1620.c | ||
| unit1625.c | ||
| unit1626.c | ||
| unit1627.c | ||
| unit1636.c | ||
| unit1650.c | ||
| unit1651.c | ||
| unit1652.c | ||
| unit1653.c | ||
| unit1654.c | ||
| unit1655.c | ||
| unit1656.c | ||
| unit1657.c | ||
| unit1658.c | ||
| unit1660.c | ||
| unit1661.c | ||
| unit1663.c | ||
| unit1664.c | ||
| unit1666.c | ||
| unit1667.c | ||
| unit1668.c | ||
| unit1669.c | ||
| unit1674.c | ||
| unit1675.c | ||
| unit1676.c | ||
| unit1979.c | ||
| unit1980.c | ||
| unit2600.c | ||
| unit2601.c | ||
| unit2602.c | ||
| unit2603.c | ||
| unit2604.c | ||
| unit2605.c | ||
| unit3200.c | ||
| unit3205.c | ||
| unit3211.c | ||
| unit3212.c | ||
| unit3213.c | ||
| unit3214.c | ||
| unit3216.c | ||
| unit3219.c | ||
| unit3300.c | ||
| unit3301.c | ||
| unit3302.c | ||
| unit3303.c | ||
| unit3304.c | ||
| unit3400.c | ||
Unit tests
The goal is to add tests for all functions in libcurl. If functions are too big and complicated, we should split them into smaller and testable ones.
Build Unit Tests
./configure --enable-debug is required for the unit tests to build. To
enable unit tests, there is a separate static libcurl built that is used
exclusively for linking unit test programs. Build everything as normal, and
then you can run the unit test cases as well.
Run Unit Tests
Unit tests are run as part of the regular test suite. If you have built
everything to run unit tests, to can do 'make test' at the root level. Or you
can cd tests and make and then invoke individual unit tests with
./runtests.pl NNNN where NNNN is the specific test number.
Debug Unit Tests
If a specific test fails you get told. The test case then has output left in
the %LOGDIR subdirectory, but most importantly you can re-run the test again
using gdb by doing ./runtests.pl -g NNNN. That is, add a -g to make it
start up gdb and run the same case using that.
Write Unit Tests
We put tests that focus on an area or a specific function into a single C
source file. The source file should be named unitNNNN.c where NNNN is a
previously unused number.
Add your test to tests/unit/Makefile.inc (if it is a unit test). Add your
test data filename to tests/data/Makefile.am
You also need a separate file called tests/data/testNNNN (using the same
number) that describes your test case. See the test1300 file for inspiration
and the tests/FILEFORMAT.md documentation.
For the actual C file, here's a simple example:
#include "unitcheck.h"
#include "a libcurl header.h" /* from the lib directory */
static CURLcode test_unit9998(const char *arg)
{
UNITTEST_BEGIN_SIMPLE
/* here you start doing things and checking that the results are good */
fail_unless( size == 0 , "initial size should be zero" );
fail_if( head == NULL , "head should not be initiated to NULL" );
/* you end the test code like this: */
UNITTEST_END_SIMPLE
}
Here's an example using optional initialization and cleanup:
#include "unitcheck.h"
#include "a libcurl header.h" /* from the lib directory */
static CURLcode t9999_setup(void)
{
/* whatever you want done first */
return CURLE_OK;
}
static void t9999_stop(void)
{
/* done before shutting down and exiting */
}
static CURLcode test_unit9999(const char *arg)
{
UNITTEST_BEGIN(t9999_setup())
/* here you start doing things and checking that the results are good */
fail_unless( size == 0 , "initial size should be zero" );
fail_if( head == NULL , "head should not be initiated to NULL" );
/* you end the test code like this: */
UNITTEST_END(t9999_stop())
}
Testing static functions
Lots of internal functions are made static, and they should be static if they are private within a single source file.
The curl build system provides a way to write unit tests that let us properly test these functions while keeping them static in release builds.
A function that is static in the build but should be provided for unit testing
needs to replace its static keyword with UNITTEST and it needs to have a
prototype provided immediately above it.
An example add_two_integers() function for unit testing:
UNITTEST int add_two_integers(int a, int b);
UNITTEST int add_two_integers(int a, int b)
{
return a + b;
}
Since the function is static and is private for this source file, it should not have its prototype in any header file.
When building unit tests, the build system automatically generates the
lib/unitprotos.h header file with all the prototypes for UNITTEST
functions provided in any libcurl C source code files. (This is done by the
scripts/extract-unit-protos script.)