| commit | 6bd18921c4491e236501481bc73ba12b2d23e84c | [log] [tgz] |
|---|---|---|
| author | QUICHE team <quiche-dev@google.com> | Mon Nov 03 16:04:00 2025 -0800 |
| committer | Copybara-Service <copybara-worker@google.com> | Mon Nov 03 16:05:09 2025 -0800 |
| tree | d751301ca88fe418a9e9546fbcfa84209e5ddd09 | |
| parent | bbc217f65c7c7ecbbba626c45ed9acc2d6ce8762 [diff] |
Add proxy logging and code counts for methods that are invalid tokens RFC 9110 specifies that a `method` is a `token` but Balsa does not do proper token validation of the method that it parses. We utilize a newly added `IsValidToken` function that properly enforces this grammar. We exhaustively cover the valid range of US-ASCII input and beyond. There are four primary cases: 1. Graphical characters: currently, Balsa allows 17 characters from this range which it should not, they will all be logged. 2. Control characters (without whitespace): when control characters are found, Balsa properly strips them and does not return them with the method. 3. Extended ASCII characters (i.e. 128 and higher): Balsa currently allows methods with these characters but it should not. These will all be logged as well. 4. Whitespace control characters: all whitespace characters are technically invalid tokens but since their presence changes the flow of parsing, Balsa does not include them with the method so they will not be logged. Relevant grammar: ``` tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA token = 1*tchar method = token ``` Protected by logging only. PiperOrigin-RevId: 827685964
QUICHE stands for QUIC, Http, Etc. It is Google‘s production-ready implementation of QUIC, HTTP/2, HTTP/3, and related protocols and tools. It powers Google’s servers, Chromium, Envoy, and other projects. It is actively developed and maintained.
There are two public QUICHE repositories. Either one may be used by embedders, as they are automatically kept in sync:
To embed QUICHE in your project, platform APIs need to be implemented and build files need to be created. Note that it is on the QUICHE team's roadmap to include default implementation for all platform APIs and to open-source build files. In the meanwhile, take a look at open source embedders like Chromium and Envoy to get started:
To contribute to QUICHE, follow instructions at CONTRIBUTING.md.
QUICHE is only supported on little-endian platforms.
QUICHE has binaries that can run on Linux platforms.
Follow the instructions to install Bazel.
sudo apt install libicu-dev clang lld cd <directory that will be the root of your quiche implmentation> git clone https://github.com/google/quiche.git cd quiche CC=clang bazel build -c opt //... ./bazel-bin/quiche/<target_name> <arguments>
There are several targets that can be built and then run. Full usage instructions are available using the --helpfull flag on any binary.
Usage: quic_packet_printer server|client <hex dump of packet>
Usage: crypto_message_printer_bin <hex of message>
Usage: quic_client <URL>
quic_server: listens forever on --port (default 6121) until halted via ctrl-c.
masque_client: tunnels to a URL via an identified proxy (See RFC 9298).
Usage: masque_client [options] <proxy-url> <urls>
Usage: masque_server
web_transport_test_server: a server that clients can connect to via WebTransport.
moqt_relay: a relay for the Media Over QUIC transport for publishers and subscribers can connect to.
Usage: moqt_relay