connectip

package module

v0.1.0 Latest Latest Go to latest Published: Jun 30, 2025 License: MIT Imports: 21 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/quic-go/connect-ip-go

Links

Open Source Insights

README ¶

Proxying IP over HTTP

connect-ip-go is an implementation of the CONNECT-IP protocol RFC 9484, allowing the proxying of IP packets in HTTP/3.

It is based on quic-go, and provides both a client and a proxy implementation.

At this point, it supports the following use cases:

Remote Access VPN, see Section 8.1 of RFC 9484
Site-to-Site VPN, see Section 8.2 of RFC 9484

Release Policy

connect-ip-go always aims to support the latest two Go releases.

Contributing

We are always happy to welcome new contributors! If you have any questions, please feel free to reach out by opening an issue or leaving a comment.

Documentation ¶

Index ¶

type AssignedAddress
type CloseError
- func (e *CloseError) Error() string
- func (e *CloseError) Is(target error) bool
type Conn
- func Dial(ctx context.Context, conn *http3.ClientConn, template *uritemplate.Template) (*Conn, *http.Response, error)
type IPRoute
- func (r IPRoute) Prefixes() []netip.Prefix
type Proxy
- func (s *Proxy) Proxy(w http.ResponseWriter, _ *Request) (*Conn, error)
type Request
- func ParseRequest(r *http.Request, template *uritemplate.Template) (*Request, error)
type RequestParseError
- func (e *RequestParseError) Error() string
- func (e *RequestParseError) Unwrap() error
type RequestedAddress

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AssignedAddress ¶

type AssignedAddress struct {
	RequestID uint64
	IPPrefix  netip.Prefix
}

AssignedAddress represents an Assigned Address within an ADDRESS_ASSIGN capsule

type CloseError ¶

type CloseError struct {
	Remote bool
}

func (*CloseError) Error ¶

func (e *CloseError) Error() string

func (*CloseError) Is ¶

func (e *CloseError) Is(target error) bool

type Conn ¶

type Conn struct {
	// contains filtered or unexported fields
}

Conn is a connection that proxies IP packets over HTTP/3.

func Dial ¶

func Dial(ctx context.Context, conn *http3.ClientConn, template *uritemplate.Template) (*Conn, *http.Response, error)

Dial dials a proxied connection to a target server.

func (*Conn) AdvertiseRoute ¶

func (c *Conn) AdvertiseRoute(ctx context.Context, routes []IPRoute) error

AdvertiseRoute informs the peer about available routes. This function can be called multiple times, but only the routes from the most recent call will be active. Previous route advertisements are overwritten by each new call to this function.

func (*Conn) AssignAddresses ¶

func (c *Conn) AssignAddresses(ctx context.Context, prefixes []netip.Prefix) error

AssignAddresses assigned address prefixes to the peer. This function can be called multiple times, but only the addresses from the most recent call will be active. Previous address assignments are overwritten by each new call to this function.

func (*Conn) Close ¶

func (c *Conn) Close() error

func (*Conn) LocalPrefixes ¶

func (c *Conn) LocalPrefixes(ctx context.Context) ([]netip.Prefix, error)

LocalPrefixes returns the prefixes that the peer currently assigned. Note that at any point during the connection, the peer can change the assignment. It is therefore recommended to call this function in a loop.

func (*Conn) ReadPacket ¶

func (c *Conn) ReadPacket(b []byte) (n int, err error)

func (*Conn) Routes ¶

func (c *Conn) Routes(ctx context.Context) ([]IPRoute, error)

Routes returns the routes that the peer currently advertised. Note that at any point during the connection, the peer can change the advertised routes. It is therefore recommended to call this function in a loop.

func (*Conn) WritePacket ¶

func (c *Conn) WritePacket(b []byte) (icmp []byte, err error)

WritePacket writes an IP packet to the stream. If sending the packet fails, it might return an ICMP packet. It is the caller's responsibility to send the ICMP packet to the sender.

type IPRoute ¶

type IPRoute struct {
	StartIP netip.Addr
	EndIP   netip.Addr
	// IPProtocol is the Internet Protocol Number for traffic that can be sent to this range.
	// If the value is 0, all protocols are allowed.
	IPProtocol uint8
}

IPRoute represents an IP Address Range

func (IPRoute) Prefixes ¶

func (r IPRoute) Prefixes() []netip.Prefix

Prefixes returns the prefixes that this IP address range covers. Note that depending on the start and end addresses, this conversion can result in a large number of prefixes.

type Proxy ¶

type Proxy struct{}

func (*Proxy) Proxy ¶

func (s *Proxy) Proxy(w http.ResponseWriter, _ *Request) (*Conn, error)

type Request ¶

type Request struct{}

Request is the parsed CONNECT-IP request returned from ParseRequest. It currently doesn't have any fields, since masque-go doesn't support IP flow forwarding.

func ParseRequest ¶

func ParseRequest(r *http.Request, template *uritemplate.Template) (*Request, error)

ParseRequest parses a CONNECT-IP request. The template is the URI template that clients will use to configure this proxy.

type RequestParseError ¶

type RequestParseError struct {
	HTTPStatus int
	Err        error
}

RequestParseError is returned from ParseRequest if parsing the CONNECT-UDP request fails. It is recommended that the request is rejected with the corresponding HTTP status code.

func (*RequestParseError) Error ¶

func (e *RequestParseError) Error() string

func (*RequestParseError) Unwrap ¶

func (e *RequestParseError) Unwrap() error

type RequestedAddress ¶

type RequestedAddress struct {
	RequestID uint64
	IPPrefix  netip.Prefix
}

RequestedAddress represents an Requested Address within an ADDRESS_REQUEST capsule

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
integration module

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL