Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

QUIC matcher #262

Merged
merged 1 commit into from
Oct 31, 2024
Merged

QUIC matcher #262

merged 1 commit into from
Oct 31, 2024

Conversation

vnxme
Copy link
Collaborator

@vnxme vnxme commented Oct 31, 2024

Summary

This PR introduces a quic matcher that enables Caddy to multiplex QUIC with anything else like OpenVPN and Wireguard on a single UDP port. This matcher supports all the currently existing tls matchers, including alpn, sni, local_ip, and remote_ip. Besides, it exposes the following placeholders: {l4.quic.tls.server_name}, {l4.quic.tls.version}, and {l4.quic.version}.

Syntax

{
	layer4 {
		udp/:8443 {
			@q1 quic sni one.com two.com
        		route @q1 {
        			proxy udp/{l4.quic.tls.server_name}:443
        		}
			@q2 quic {
				alpn custom
				sni example.com
			}
        		route @q2 {
        			proxy udp/localhost:6543
        		}
		}
	}
}

Discussion / Further steps

  • I can see 3 major places where it would be great to implement QUIC support consistent with what we have now for TLS:
    1/ a quic handler, i.e. an intermediary unwrapper to handle incoming QUIC connections;
    2/ QUIC support in the proxy handler, i.e. an intermediary wrapper to handle outgoing QUIC connections;
    3/ QUIC, and generally UDP, wrapper in the mainline code, i.e. a listener_wrappers alternative for net.PacketConn connections.
  • As far as the first 2 steps are concerned, I've found an example of QUIC proxy. However, as of now I don't fully understand how to make it work correctly within the existing caddy-l4 architecture. Any help would be appreciated.

Copy link
Owner

@mholt mholt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Legend.

This is great 😄

To implement a QUIC proxy like that, it looks like the listener itself needs to be modified... but QUIC is just UDP. I'd be curious if we can "drop a layer" lower in the QUIC library to be able to use a plain UDP listener, and sprinkle QUIC on top.

@mholt mholt merged commit 6e8e058 into mholt:master Oct 31, 2024
6 checks passed
@vnxme
Copy link
Collaborator Author

vnxme commented Nov 1, 2024

I’ve identified an issue of the matcher not working correctly with curl (though it works fine with quicreach in my tests). I’m investigating it and will likely have to fix something.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants