MASQUE D. Schinazi Internet-Draft Google LLC Intended status: Standards Track 7 July 2022 Expires: 8 January 2023 Proxying Listener UDP in HTTP draft-schinazi-connect-udp-listen-00 Abstract The mechanism to proxy UDP in HTTP only allows each proxying request to transmit to a specific host and port. This is well suited for UDP client-server protocols such as HTTP/3, but is not sufficient for some UDP peer-to-peer protocols like WebRTC. This document proposes an extension to UDP Proxying in HTTP that enables those use-cases. About This Document This note is to be removed before publishing as an RFC. The latest revision of this draft can be found at https://DavidSchinazi.github.io/draft-schinazi-connect-udp-listen/ draft-schinazi-connect-udp-listen.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft- schinazi-connect-udp-listen/. Discussion of this document takes place on the MASQUE Working Group mailing list (mailto:masque@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/masque/. Source for this draft and an issue tracker can be found at https://github.com/DavidSchinazi/draft-schinazi-connect-udp-listen. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." Schinazi Expires 8 January 2023 [Page 1] Internet-Draft CONNECT-UDP Listen July 2022 This Internet-Draft will expire on 8 January 2023. Copyright Notice Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Conventions and Definitions . . . . . . . . . . . . . . . 3 2. Proxied UDP Listener Mechanism . . . . . . . . . . . . . . . 3 2.1. HTTP Datagram Payload Format . . . . . . . . . . . . . . 3 2.2. The connect-udp-listen Header Field . . . . . . . . . . . 4 3. Security Considerations . . . . . . . . . . . . . . . . . . . 4 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 5.1. Normative References . . . . . . . . . . . . . . . . . . 5 5.2. Informative References . . . . . . . . . . . . . . . . . 5 Appendix A. Example . . . . . . . . . . . . . . . . . . . . . . 6 Appendix B. Comparison with CONNECT-IP . . . . . . . . . . . . . 8 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 8 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8 1. Introduction The mechanism to proxy UDP in HTTP [CONNECT-UDP] allows proxying UDP payloads [UDP] to a fixed host and port. Combined with the HTTP CONNECT method (see Section 9.3.6 of [HTTP]), it allows proxying the majority of a Web Browser's HTTP traffic. However WebRTC [WebRTC] relies on ICE [ICE] to provide connectivity between two Web browsers, and that in turn relies on the ability to send and receive UDP packets to multiple hosts. While it would be possible in theory to accomplish this by using multiple UDP proxying HTTP requests, HTTP semantics [HTTP] do not guarantee that those distinct requests will be handled by the same server, which can lead to the UDP packets being sent from distinct IP addresses, which in turn prevents ICE from operating correctly. Because of this, UDP Proxying requests cannot enable WebRTC connectivity between peers. Schinazi Expires 8 January 2023 [Page 2] Internet-Draft CONNECT-UDP Listen July 2022 This document describes an extension to UDP Proxying in HTTP that allows sending and receiving UDP payloads to multiple hosts within the scope of a single UDP proxying HTTP request. 1.1. Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. This document uses terminology from [CONNECT-UDP] and notational conventions from [QUIC]. 2. Proxied UDP Listener Mechanism In unextended UDP Proxying requests, the target host is encoded in the HTTP request path or query. For listener UDP proxying, it is instead conveyed in each HTTP Datagram, see Section 2.1. When performing URI Template Exansion of the UDP proxying template (see Section 3 of [CONNECT-UDP]), the client sets both the target_host and the target_port variables to the '*' character (ASCII character 0x2A). Before sending its UDP Proxying request to the proxy, the client allocates an even-numbered context ID, see Section 4 of [CONNECT-UDP]. The client then adds the "connect-udp-listen" header field to its proxying request, with the value equal to the context ID it has allocated, see Section 2.2. 2.1. HTTP Datagram Payload Format When HTTP Datagrams [HTTP-DGRAM] associated with this listener UDP proxying request use the context ID sent with the connect-udp-listen header field, their Payload field (as defined in Section 5 of [CONNECT-UDP]) has the format defined in Figure 1: Listener UDP Proxying HTTP Datagram Payload { IP Version (8), IP Address (32..128), UDP Port (16), UDP Payload (..), } Figure 1: Listener UDP Proxying HTTP Datagram Format Schinazi Expires 8 January 2023 [Page 3] Internet-Draft CONNECT-UDP Listen July 2022 IP Version: The IP Version of the following IP Address field. MUST be 4 or 6. IP Address: The IP Address of this proxied UDP packet. When sent from client to proxy, this is target host that the proxy will send this UDP payload to. When sent from proxy to client, this represents the source IP address of the UDP packet received by the proxy. This field has length 32 bits when the previous IP Version field value is 4, and 128 when the IP Version is 6. UDP Port: The UDP Port of this proxied UDP packet. When sent from client to proxy, this is target port that the proxy will send this UDP payload to. When sent from proxy to client, this represents the source UDP port of the UDP packet received by the proxy. UDP Payload: The unmodified UDP Payload of this proxied UDP packet (referred to as "data octets" in [UDP]). 2.2. The connect-udp-listen Header Field The "connect-udp-listen" header field is an Item Structured Field, see Section 3.3 of [STRUCT-FIELD]; its value MUST be an Integer; any other value type MUST be handled as if the field were not present by recipients (for example, if this field is included multiple times, its type will become a List and the field will therefore be ignored). This document does not define any parameters for the connect-udp- listen header field value, but future documents might define parameters. Receivers MUST ignore unknown parameters. 3. Security Considerations The security considerations described in Section 7 of [CONNECT-UDP] also apply here. 4. IANA Considerations This document will request IANA to register the following entry in the "HTTP Field Name" registry maintained at : Field Name: connect-udp-listen Template: None Status: provisional (permanent if this document is approved) Reference: This document Comments: None 5. References Schinazi Expires 8 January 2023 [Page 4] Internet-Draft CONNECT-UDP Listen July 2022 5.1. Normative References [CONNECT-UDP] Schinazi, D., "Proxying UDP in HTTP", Work in Progress, Internet-Draft, draft-ietf-masque-connect-udp-15, 17 June 2022, . [HTTP] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, Ed., "HTTP Semantics", STD 97, RFC 9110, DOI 10.17487/RFC9110, June 2022, . [HTTP-DGRAM] Schinazi, D. and L. Pardue, "HTTP Datagrams and the Capsule Protocol", Work in Progress, Internet-Draft, draft-ietf-masque-h3-datagram-11, 17 June 2022, . [QUIC] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based Multiplexed and Secure Transport", RFC 9000, DOI 10.17487/RFC9000, May 2021, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [STRUCT-FIELD] Nottingham, M. and P-H. Kamp, "Structured Field Values for HTTP", RFC 8941, DOI 10.17487/RFC8941, February 2021, . [UDP] Postel, J., "User Datagram Protocol", STD 6, RFC 768, DOI 10.17487/RFC0768, August 1980, . 5.2. Informative References [CONNECT-IP] Pauly, T., Schinazi, D., Chernyakhovsky, A., Kuehlewind, M., and M. Westerlund, "IP Proxying Support for HTTP", Schinazi Expires 8 January 2023 [Page 5] Internet-Draft CONNECT-UDP Listen July 2022 Work in Progress, Internet-Draft, draft-ietf-masque- connect-ip-01, 4 March 2022, . [ICE] Keranen, A., Holmberg, C., and J. Rosenberg, "Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal", RFC 8445, DOI 10.17487/RFC8445, July 2018, . [WebRTC] "WebRTC", W3C Recommendation, 26 January 2021, . Appendix A. Example In the example below, the client is configured with URI Template "https://example.org/.well-known/masque/ udp/{target_host}/{target_port}/" and wishes to use WebRTC to another browser over a listener UDP proxying tunnel. It then contacts a STUN server at 192.0.2.42. The STUN server then sends the proxy's IP address to the other browser at 203.0.113.33 leading that other browser to send a UDP packet to the proxy, and that packets gets proxied over HTTP back to the client. Schinazi Expires 8 January 2023 [Page 6] Internet-Draft CONNECT-UDP Listen July 2022 Client Server STREAM(44): HEADERS --------> :method = CONNECT :protocol = connect-udp :scheme = https :path = /.well-known/masque/udp/*/*/ :authority = proxy.example.org connect-udp-listen = 2 capsule-protocol = ?1 DATAGRAM --------> Quarter Stream ID = 11 Context ID = 2 IP Version = 4 IP Address = 192.0.2.42 UDP Port = 1234 UDP Payload = Encapsulated UDP Payload <-------- STREAM(44): HEADERS :status = 200 capsule-protocol = ?1 /* Wait for STUN server to respond to UDP packet. */ <-------- DATAGRAM Quarter Stream ID = 11 Context ID = 2 IP Version = 4 IP Address = 192.0.2.42 UDP Port = 1234 UDP Payload = Encapsulated UDP Payload /* Wait for the STUN server to send the proxy's IP and */ /* port to the other browser and for the other browser */ /* to send a UDP packet to the proxy. */ <-------- DATAGRAM Quarter Stream ID = 11 Context ID = 2 IP Version = 4 IP Address = 203.0.113.33 UDP Port = 4321 UDP Payload = Encapsulated UDP Payload Schinazi Expires 8 January 2023 [Page 7] Internet-Draft CONNECT-UDP Listen July 2022 Appendix B. Comparison with CONNECT-IP While the use-cases described in Section 1 could be solved using IP Proxying in HTTP [CONNECT-IP], that would require that every HTTP Datagram carry a complete IP header. This would not only cause inefficiencies in the wire encoding, it would additionally reduce the available Maximum Transmission Unit (MTU). Furthermore, it would require that Web browsers implement IPv4 and IPv6 header generation and parsing, alongside with validation and error handling. Acknowledgments This proposal is the result of many conversations with MASQUE working group participants. Author's Address David Schinazi Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043 United States of America Email: dschinazi.ietf@gmail.com Schinazi Expires 8 January 2023 [Page 8]