Module proxy 

Per-request HTTP/1.1 proxy: bridge an inbound capnp-framed stream from the edge to the local TCP listener the caller wants to expose at https://<sub>.trycloudflare.com.

Wire flow on the edge → tunnel side:

1. Edge writes the data-stream preamble + ConnectRequest (parsed by stream::read_connect_request).
2. We connect a TCP socket to 127.0.0.1:<local_port> and write a re-synthesised HTTP/1.1 request line + Host + every HttpHeader:<Name> the edge forwarded + an empty line. Body bytes (if any) follow from the QUIC stream.
3. We parse the HTTP/1.1 response status + headers off the TCP socket, write them back as a ConnectResponse (status in HttpStatus, each header in HttpHeader:<Name>), and finally byte-pump the response body from TCP to QUIC.

Mirrors cloudflared/connection/quic_connection.go (buildHTTPRequest + httpResponseAdapter).

Structs

StreamCounters

Byte counters the supervisor accumulates across all streams. Cheap atomics so the proxy task can update without coordination.

Constants

LOCAL_CONNECT_TIMEOUT

How long we wait for the local TCP listener to accept the first byte. Quick tunnels are usually pointed at a process that just finished booting; 5s is generous without making real failures drag out.

Functions

handle_inbound_stream

Drive one inbound request stream to completion. Reads the ConnectRequest off recv, runs the matching proxy strategy, writes the ConnectResponse back, and pumps the body bytes.