Google Git
Sign in
quiche/quiche/f5ed68857457193ed41107ba0d0415dda3edef32
commit
f5ed68857457193ed41107ba0d0415dda3edef32
[log] [tgz]
author
reubent <reubent@google.com>
Tue Feb 24 15:14:48 2026 -0800
committer
Copybara-Service <copybara-worker@google.com>
Tue Feb 24 15:15:27 2026 -0800
tree
92620031f8a2d9ae4bff161dff93f208b5865ab3
parent
f17e47352571020af97b0fbf1bdf1e00a549d794 [diff]
Add HttpValidationPolicy controlling semicolon delimitation of chunk-exts

Balsa currently accepts requests where `chunk-size` contains illegal whitespace (SP or HTAB). For example, Balsa parses an `1 A` chunk-size as `1` and the chunk extension as ` A`. This is slightly incorrect.

There are two primary cases to consider:

1. `chunk-size` followed by `chunk-ext` + `CRLF` framing
2. `chunk-size` followed only by `CRLF` framing

For `chunk-size` without a `chunk-ext`, any trailing `SP/HTAB` is always illegal.

For `chunk-size` with a `chunk-ext`, there actually is a case where it’s valid to have whitespace after `chunk-size`. If that `chunk-ext` begins with `BWS`, it is perfectly legal to have `SP` or `HTAB` following the `chunk-size`. However, that is legal if and only if, the `BWS` is part of a `chunk-ext` and not superfluous before a `CRLF`.

Unfortunately, Balsa does not have any enforcement that `chunk-ext` contain a `;` which makes it difficult to differentiate between the `SP` / `HTAB` being `BWS` in a chunk-ext or erroneous trailing whitespace so we add enforcement that the `chunk-ext` contains a `;` and, if it is present, it is only preceded by `SP` or `HTAB`.

Protected by unused http validation policy.

PiperOrigin-RevId: 874812254
4 files changed
tree: 92620031f8a2d9ae4bff161dff93f208b5865ab3
  1. build/
  2. depstool/
  3. quiche/
  4. .bazelrc
  5. .bazelversion
  6. BUILD.bazel
  7. CONTRIBUTING.md
  8. LICENSE
  9. MODULE.bazel
  10. MODULE.bazel.lock
  11. README.md
  12. WHITESPACE
README.md

QUICHE

QUICHE stands for QUIC, Http, Etc. It is Google‘s production-ready implementation of QUIC, HTTP/2, HTTP/3, and related protocols and tools. It powers Google’s servers, Chromium, Envoy, and other projects. It is actively developed and maintained.

There are two public QUICHE repositories. Either one may be used by embedders, as they are automatically kept in sync:

To embed QUICHE in your project, platform APIs need to be implemented and build files need to be created. Note that it is on the QUICHE team's roadmap to include default implementation for all platform APIs and to open-source build files. In the meanwhile, take a look at open source embedders like Chromium and Envoy to get started:

To contribute to QUICHE, follow instructions at CONTRIBUTING.md.

QUICHE is only supported on little-endian platforms.

Build and run standalone QUICHE

QUICHE has binaries that can run on Linux platforms.

Follow the instructions to install Bazel.

sudo apt install libicu-dev clang lld
cd <directory that will be the root of your quiche implmentation>
git clone https://github.com/google/quiche.git
cd quiche
CC=clang bazel build -c opt //...
./bazel-bin/quiche/<target_name> <arguments>

There are several targets that can be built and then run. Full usage instructions are available using the --helpfull flag on any binary.

  • quic_packet_printer: from a provided packet, parses and prints out the contents that are accessible without decryption.

Usage: quic_packet_printer server|client <hex dump of packet>

  • crypto_message_printer: dumps the contents of a QUIC crypto handshake message in a human readable format.

Usage: crypto_message_printer_bin <hex of message>

  • quic_client: connects to a host using QUIC and HTTP/3, sends a request to the provided URL, and displays the response.

Usage: quic_client <URL>

  • quic_server: listens forever on --port (default 6121) until halted via ctrl-c.

  • masque_client: tunnels to a URL via an identified proxy (See RFC 9298).

Usage: masque_client [options] <proxy-url> <urls>

  • masque_server: a MASQUE tunnel proxy that defaults to port 9661.

Usage: masque_server

  • web_transport_test_server: a server that clients can connect to via WebTransport.

  • moqt_relay: a relay for the Media Over QUIC transport for publishers and subscribers can connect to.

Usage: moqt_relay