PoneyClairDeLune
commented
2 years ago Will HTTP/3 implementations in browsers use UDP ASSOCIATE? And is WireProxy going to support FullCone (endpoint independent NAT mapping and filtering, RFC 4787)?
Open pufferffish opened 2 years ago
PoneyClairDeLune
commented
2 years ago Will HTTP/3 implementations in browsers use UDP ASSOCIATE? And is WireProxy going to support FullCone (endpoint independent NAT mapping and filtering, RFC 4787)?
pufferffish
commented
2 years ago Will HTTP/3 implementations in browsers use UDP ASSOCIATE?
This depends on what browser or what proxy plugin you're using on your browser. I haven't investigated this so I'll have to give it a look.
And is WireProxy going to support FullCone (endpoint independent NAT mapping and filtering, RFC 4787)?
Part of the challenge in supporting UDP proxying is picking a proper NAT mapping. Full-cone NAT is the easiest to implement so I might pick this one, but at the same time it can quickly exhaust ports if there are a lot of proxied UDP traffic from different ports. I think I'll implement full cone NAT first, see how it works out, and implement other NAT types if it proves to be insufficient.
PoneyClairDeLune
commented
2 years ago Will HTTP/3 implementations in browsers use UDP ASSOCIATE?
This depends on what browser or what proxy plugin you're using on your browser. I haven't investigated this so I'll have to give it a look.
And is WireProxy going to support FullCone (endpoint independent NAT mapping and filtering, RFC 4787)?
Part of the challenge in supporting UDP proxying is picking a proper NAT mapping. Full-cone NAT is the easiest to implement so I might pick this one, but at the same time it can quickly exhaust ports if there are a lot of proxied UDP traffic from different ports. I think I'll implement full cone NAT first, see how it works out, and implement other NAT types if it proves to be insufficient.
And... When will UDP support arrive?
JJRcop
commented
1 year ago A mainstream program qBitTorrent supports µTP, which is a UDP based torrent protocol. You can set it to only accept µTP connections through connection settings, and try downloading something popular like Ubuntu.
Right now with wireproxy, setting it to µTP only with the SOCKS5 proxy set up stalls all torrents forever, it's a great way to test.
JJRcop
commented
1 year ago Related: #37
Currently wireproxy doesn't have UDP support at all. There is no support for UDP Associate in SOCKS5, and UDP tunnels have not been implemented.
Challenges:
While a lot of existing socks5 server implementation supports UDP ASSOCIATE, actual applications that uses UDP ASSOCIATE is extremely rare. Without an established application that uses UDP ASSOCIATE, I cannot confidently test the feature in wireproxy.
UDP tunnels need to be implemented carefully. UDP itself is stateless so we would need to keep state of which UDP addresses correlate to which UDP connection. Measures also have to be taken to prevent exhausting UDP sockets file descriptors in case of a flood of incoming UDP packets from different IPs.