Skip to main content

iroh_proxy_utils/
lib.rs

1//! HTTP proxy utilities for [iroh](https://github.com/n0-computer/iroh) connections.
2//!
3//! This crate provides building blocks for HTTP proxies that bridge TCP traffic over
4//! iroh's peer-to-peer QUIC connections. It supports both forward and reverse proxy
5//! modes, with pluggable request routing and authorization.
6//!
7//! # Architecture
8//!
9//! The proxy operates in two layers:
10//!
11//! - **Downstream proxy** ([`downstream::DownstreamProxy`]): Accepts TCP connections from
12//!   clients and forwards them over iroh to an upstream proxy.
13//! - **Upstream proxy** ([`upstream::UpstreamProxy`]): Receives proxied streams from iroh
14//!   and forwards them to origin TCP servers.
15//!
16//! # Protocol
17//!
18//! Communication between downstream and upstream uses HTTP/1.1 over QUIC bidirectional
19//! streams. The protocol supports:
20//!
21//! - **CONNECT tunneling** (RFC 9110 §9.3.6): For opaque TCP tunnels
22//! - **Absolute-form requests** (RFC 9110 §7.1): For HTTP forward proxying
23//!
24//! # Example
25//!
26//! See the `examples/` directory for complete usage examples.
27
28/// Downstream proxying from TCP clients to iroh endpoints.
29pub mod downstream;
30mod parse;
31/// Upstream proxying from iroh streams to TCP origins.
32pub mod upstream;
33mod util;
34
35pub use parse::{
36    Authority, HttpProxyRequest, HttpProxyRequestKind, HttpRequest, HttpRequestKind, HttpResponse,
37};
38
39/// Maximum bytes to buffer when reading HTTP header sections.
40///
41/// Requests or responses with header sections exceeding this limit are rejected
42/// to prevent memory exhaustion attacks.
43pub(crate) const HEADER_SECTION_MAX_LENGTH: usize = 8192;
44
45/// HTTP header for routing requests to specific iroh endpoints.
46///
47/// When using dynamic routing, downstream proxies can read this header to
48/// determine which upstream endpoint should handle the request.
49pub const IROH_DESTINATION_HEADER: &str = "Iroh-Destination";
50
51/// ALPN protocol identifier for iroh HTTP proxy connections.
52///
53/// Both downstream and upstream proxies must use this ALPN to establish
54/// compatible QUIC connections.
55pub const ALPN: &[u8] = b"iroh-http-proxy/1";
56
57#[cfg(test)]
58mod tests;