Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

how to proxy quic #149

Closed
New2Niu opened this issue Sep 14, 2023 · 4 comments
Closed

how to proxy quic #149

New2Niu opened this issue Sep 14, 2023 · 4 comments

Comments

@New2Niu
Copy link

New2Niu commented Sep 14, 2023
edited
Loading

tcp proxy

{
   "apps": {
      "layer4": {
         "servers": {
            "srv0": {
               "listen": [":443"],
               "routes": [{
                  "match": [{
                     "tls": {
                     }
                  }],
                  "handle": [{
                     "handler": "proxy",
                     "upstreams": [{
                        "dial": ["{l4.tls.server_name}:443"]
                     }]
                  }]
               }]
            },
            "srv1": {
               "listen": [":80"],
               "routes": [{
                  "match": [{
                     "http": []
                  }],
                  "handle": [{
                     "handler": "proxy",
                     "upstreams": [{
                        "dial": ["{l4.http.host}:80"]
                     }]
                  }]
               }]
            }
         }
      }
   },
   "logging": {
      "logs": {
         "default": {
            "encoder": {
               "format": "json",
               "time_format": "wall",
               "time_local": true
            },
            "exclude": [],
            "writer": {
               "filename": "proxy.event.log",
               "output": "file",
               "roll": false
            }
         }
      }
   }
}

How to proxy quic by sni?
udp proxy not work:

 "srv11": {
     "listen": ["udp/:443"],
     "routes": [{
        "match": [{
           "tls": {
           }
        }],
        "handle": [{
           "handler": "proxy",
           "upstreams": [{
              "dial": ["{l4.tls.server_name}:443"]
           }]
        }]
     }]
  },
@francoismichel
Copy link

It does not seem doable right now. However, that might be quite "easily" achievable using quic-go's
EarlyListener mechanism: we could setup an EarlyListener and feed it UDP packets. When it accepts a new conn, we could extract the SNI from its TLS context (simply access the ConnetionState's TLS context that contains the SNI, everything seems correctly exposed by quic-go. It feels a bit hackish though.

Any thoughts on that ?

@mholt
Copy link
Owner

mholt commented Jan 19, 2024

I don't know enough about the details of the QUIC protocol, but it sounds plausible -- I'd be open to an experiment/PR!

@lxhao61
Copy link

lxhao61 commented May 26, 2024
edited
Loading

How to proxy quic by sni? udp proxy not work:

 "srv11": {
     "listen": ["udp/:443"],
     "routes": [{
        "match": [{
           "tls": {
           }
        }],
        "handle": [{
           "handler": "proxy",
           "upstreams": [{
              "dial": ["{l4.tls.server_name}:443"]
           }]
        }]
     }]
  },

This PR can achieve your needs, but it is not merged.

@mholt
Copy link
Owner

mholt commented May 29, 2024

The linked PR has been merged. Please try it out! (It may not have been 100% complete but should work.)

@mholt mholt closed this as completed May 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mholt @francoismichel @New2Niu @lxhao61