tunnel: http/2 support #464

calebdoxsey · 2024-11-05T14:48:10Z

Currently the Pomerium CLI only supports tunneling TCP connections over HTTP/1 via the CONNECT protocol. There's a variant of the CONNECT protocol described in RFC8441 (Extended CONNECT). We should add support for this.

We will need to detect if the server supports HTTP/2 and that the SETTINGS_ENABLE_CONNECT_PROTOCOL is set. This will likely mean using the x/net/http2 package instead of the http package. If the server does not support Extended CONNECT we should fallback to the existing HTTP/1 solution.

The text was updated successfully, but these errors were encountered:

calebdoxsey · 2024-12-09T21:22:47Z

HTTP/2 support for TCP tunneling is implemented, but not via Extended Connect, rather standard Connect was used (and envoy handled it fine). Unfortunately HTTP/2 support for UDP tunneling requires full Extended Connect support, which is (I believe) blocked on golang/go#53208.

This was referenced Nov 5, 2024

tunnel: http/3 support #465

Closed

tunnel: udp support #466

Closed

calebdoxsey mentioned this issue Dec 3, 2024

move tcp tunnel code to separate file #471

Closed

4 tasks

calebdoxsey self-assigned this Dec 3, 2024

calebdoxsey mentioned this issue Dec 3, 2024

http2 connect support #472

Closed

4 tasks

calebdoxsey removed their assignment Dec 9, 2024

calebdoxsey added the blocked PR/ISSUE is blocked by third party label Dec 9, 2024

calebdoxsey closed this as not planned Won't fix, can't repro, duplicate, stale Dec 16, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

tunnel: http/2 support #464

tunnel: http/2 support #464

calebdoxsey commented Nov 5, 2024

calebdoxsey commented Dec 9, 2024

Uh oh!

tunnel: http/2 support #464

tunnel: http/2 support #464

Comments

calebdoxsey commented Nov 5, 2024

calebdoxsey commented Dec 9, 2024

Uh oh!