]> Google LLC

1600 Amphitheatre Parkway Mountain View CA 94043 United States of America dschinazi.ietf@gmail.com

Transport MASQUE quic http datagram udp proxy tunnels quic in quic turtles all the way down masque http-ng listen The mechanism to proxy UDP in HTTP only allows each proxying request to transmit to a specific host and port. This is well suited for UDP client-server protocols such as HTTP/3, but is not sufficient for some UDP peer-to-peer protocols like WebRTC. This document proposes an extension to UDP Proxying in HTTP that enables those use-cases. About This Document The latest revision of this draft can be found at . Status information for this document may be found at . Discussion of this document takes place on the MASQUE Working Group mailing list (), which is archived at . Source for this draft and an issue tracker can be found at .

Introduction The mechanism to proxy UDP in HTTP allows proxying UDP payloads to a fixed host and port. Combined with the HTTP CONNECT method (see ), it allows proxying the majority of a Web Browser's HTTP traffic. However WebRTC relies on ICE to provide connectivity between two Web browsers, and that in turn relies on the ability to send and receive UDP packets to multiple hosts. While it would be possible in theory to accomplish this by using multiple UDP proxying HTTP requests, HTTP semantics do not guarantee that those distinct requests will be handled by the same server, which can lead to the UDP packets being sent from distinct IP addresses, which in turn prevents ICE from operating correctly. Because of this, UDP Proxying requests cannot enable WebRTC connectivity between peers. This document describes an extension to UDP Proxying in HTTP that allows sending and receiving UDP payloads to multiple hosts within the scope of a single UDP proxying HTTP request.

Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. This document uses terminology from and notational conventions from .

Proxied UDP Listener Mechanism In unextended UDP Proxying requests, the target host is encoded in the HTTP request path or query. For listener UDP proxying, it is instead conveyed in each HTTP Datagram, see . When performing URI Template Exansion of the UDP proxying template (see ), the client sets both the target_host and the target_port variables to the '*' character (ASCII character 0x2A). Before sending its UDP Proxying request to the proxy, the client allocates an even-numbered context ID, see . The client then adds the "connect-udp-listen" header field to its proxying request, with the value equal to the context ID it has allocated, see .

HTTP Datagram Payload Format When HTTP Datagrams associated with this listener UDP proxying request use the context ID sent with the connect-udp-listen header field, their Payload field (as defined in ) has the format defined in :

Listener UDP Proxying HTTP Datagram Format

IP Version:

The IP Version of the following IP Address field. MUST be 4 or 6.

IP Address:

The IP Address of this proxied UDP packet. When sent from client to proxy, this is target host that the proxy will send this UDP payload to. When sent from proxy to client, this represents the source IP address of the UDP packet received by the proxy. This field has length 32 bits when the previous IP Version field value is 4, and 128 when the IP Version is 6.

UDP Port:

The UDP Port of this proxied UDP packet. When sent from client to proxy, this is target port that the proxy will send this UDP payload to. When sent from proxy to client, this represents the source UDP port of the UDP packet received by the proxy.

UDP Payload:

The unmodified UDP Payload of this proxied UDP packet (referred to as "data octets" in ).

The connect-udp-listen Header Field The "connect-udp-listen" header field is an Item Structured Field, see ; its value MUST be an Integer; any other value type MUST be handled as if the field were not present by recipients (for example, if this field is included multiple times, its type will become a List and the field will therefore be ignored). This document does not define any parameters for the connect-udp-listen header field value, but future documents might define parameters. Receivers MUST ignore unknown parameters.

Security Considerations The security considerations described in also apply here.

IANA Considerations This document will request IANA to register the following entry in the "HTTP Field Name" registry maintained at <>:

Field Name:

connect-udp-listen

Template:

None

Status:

provisional (permanent if this document is approved)

Reference:

This document

Comments:

None

References Normative References Google LLC This document describes how to proxy UDP in HTTP, similar to how the HTTP CONNECT method allows proxying TCP in HTTP. More specifically, this document defines a protocol that allows an HTTP client to create a tunnel for UDP communications through an HTTP server that acts as a proxy. The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document describes the overall architecture of HTTP, establishes common terminology, and defines aspects of the protocol that are shared by all versions. In this definition are core protocol elements, extensibility mechanisms, and the "http" and "https" Uniform Resource Identifier (URI) schemes. This document updates RFC 3864 and obsoletes RFCs 2818, 7231, 7232, 7233, 7235, 7538, 7615, 7694, and portions of 7230. In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. This document defines the core of the QUIC transport protocol. QUIC provides applications with flow-controlled streams for structured communication, low-latency connection establishment, and network path migration. QUIC includes security measures that ensure confidentiality, integrity, and availability in a range of deployment circumstances. Accompanying documents describe the integration of TLS for key negotiation, loss detection, and an exemplary congestion control algorithm. Google LLC Cloudflare This document describes HTTP Datagrams, a convention for conveying multiplexed, potentially unreliable datagrams inside an HTTP connection. In HTTP/3, HTTP Datagrams can be sent unreliably using the QUIC DATAGRAM extension. When the QUIC DATAGRAM frame is unavailable or undesirable, they can be sent using the Capsule Protocol, a more general convention for conveying data in HTTP connections. HTTP Datagrams and the Capsule Protocol are intended for use by HTTP extensions, not applications. This document describes a set of data types and associated algorithms that are intended to make it easier and safer to define and handle HTTP header and trailer fields, known as "Structured Fields", "Structured Headers", or "Structured Trailers". It is intended for use by specifications of new HTTP fields that wish to use a common syntax that is more restrictive than traditional HTTP field values. Informative References This document describes a protocol for Network Address Translator (NAT) traversal for UDP-based communication. This protocol is called Interactive Connectivity Establishment (ICE). ICE makes use of the Session Traversal Utilities for NAT (STUN) protocol and its extension, Traversal Using Relay NAT (TURN). This document obsoletes RFC 5245. Apple Inc. Google LLC Google LLC Ericsson Ericsson This document describes a method of proxying IP packets over HTTP. This protocol is similar to CONNECT-UDP, but allows transmitting arbitrary IP packets, without being limited to just TCP like CONNECT or UDP like CONNECT-UDP.

Example In the example below, the client is configured with URI Template "https://example.org/.well-known/masque/udp/{target_host}/{target_port}/" and wishes to use WebRTC to another browser over a listener UDP proxying tunnel. It then contacts a STUN server at 192.0.2.42. The STUN server then sends the proxy's IP address to the other browser at 203.0.113.33 leading that other browser to send a UDP packet to the proxy, and that packets gets proxied over HTTP back to the client. :method = CONNECT :protocol = connect-udp :scheme = https :path = /.well-known/masque/udp/*/*/ :authority = proxy.example.org connect-udp-listen = 2 capsule-protocol = ?1 DATAGRAM --------> Quarter Stream ID = 11 Context ID = 2 IP Version = 4 IP Address = 192.0.2.42 UDP Port = 1234 UDP Payload = Encapsulated UDP Payload <-------- STREAM(44): HEADERS :status = 200 capsule-protocol = ?1 /* Wait for STUN server to respond to UDP packet. */ <-------- DATAGRAM Quarter Stream ID = 11 Context ID = 2 IP Version = 4 IP Address = 192.0.2.42 UDP Port = 1234 UDP Payload = Encapsulated UDP Payload /* Wait for the STUN server to send the proxy's IP and */ /* port to the other browser and for the other browser */ /* to send a UDP packet to the proxy. */ <-------- DATAGRAM Quarter Stream ID = 11 Context ID = 2 IP Version = 4 IP Address = 203.0.113.33 UDP Port = 4321 UDP Payload = Encapsulated UDP Payload ]]>

Comparison with CONNECT-IP While the use-cases described in could be solved using IP Proxying in HTTP , that would require that every HTTP Datagram carry a complete IP header. This would not only cause inefficiencies in the wire encoding, it would additionally reduce the available Maximum Transmission Unit (MTU). Furthermore, it would require that Web browsers implement IPv4 and IPv6 header generation and parsing, alongside with validation and error handling.

Acknowledgments This proposal is the result of many conversations with MASQUE working group participants.