Merge pull request #310 from ryanfowler/http3

ryanfowler · web-flow · commit a66ebe7d58e4 · 2025-09-11T19:29:36.000-07:00
Add support for HTTP/3
diff --git a/docs/CONFIG.md b/docs/CONFIG.md
@@ -249,8 +249,7 @@ redirects = 10
 
 #### `http`
 **Type**: String
-**Values**: `1`, `2`
-**Default**: `2`
+**Values**: `1`, `2`, `3`
 
 Specify the highest allowed HTTP version.
 
diff --git a/docs/USAGE.md b/docs/USAGE.md
@@ -241,7 +241,7 @@ fetch --tls 1.3 example.com
 
 **Flag**: `--http VERSION`
 
-Specify the exact HTTP version to use. Must be `1` or `2`.
+Specify the exact HTTP version to use. Must be `1`, `2`, or `3`.
 By default, HTTP/2 is preferred but will fallback to using HTTP/1.1.
 
 ```sh
diff --git a/go.mod b/go.mod
@@ -4,6 +4,7 @@ go 1.25.1
 
 require (
 	github.com/klauspost/compress v1.18.0
+	github.com/quic-go/quic-go v0.54.0
 	github.com/tinylib/msgp v1.4.0
 	golang.org/x/image v0.31.0
 	golang.org/x/net v0.44.0
@@ -12,5 +13,11 @@ require (
 
 require (
 	github.com/philhofer/fwd v1.2.0 // indirect
+	github.com/quic-go/qpack v0.5.1 // indirect
+	go.uber.org/mock v0.5.0 // indirect
+	golang.org/x/crypto v0.42.0 // indirect
+	golang.org/x/mod v0.27.0 // indirect
+	golang.org/x/sync v0.17.0 // indirect
 	golang.org/x/text v0.29.0 // indirect
+	golang.org/x/tools v0.36.0 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -1,14 +1,38 @@
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
 github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
 github.com/philhofer/fwd v1.2.0 h1:e6DnBTl7vGY+Gz322/ASL4Gyp1FspeMvx1RNDoToZuM=
 github.com/philhofer/fwd v1.2.0/go.mod h1:RqIHx9QI14HlwKwm98g9Re5prTQ6LdeRQn+gXJFxsJM=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
+github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
+github.com/quic-go/quic-go v0.54.0 h1:6s1YB9QotYI6Ospeiguknbp2Znb/jZYjZLRXn9kMQBg=
+github.com/quic-go/quic-go v0.54.0/go.mod h1:e68ZEaCdyviluZmy44P6Iey98v/Wfz6HCjQEm+l8zTY=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/tinylib/msgp v1.4.0 h1:SYOeDRiydzOw9kSiwdYp9UcBgPFtLU2WDHaJXyHruf8=
 github.com/tinylib/msgp v1.4.0/go.mod h1:cvjFkb4RiC8qSBOPMGPSzSAx47nAsfhLVTCZZNuHv5o=
+go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
+go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
+golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
+golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
 golang.org/x/image v0.31.0 h1:mLChjE2MV6g1S7oqbXC0/UcKijjm5fnJLUYKIYrLESA=
 golang.org/x/image v0.31.0/go.mod h1:R9ec5Lcp96v9FTF+ajwaH3uGxPH4fKfHHAVbUILxghA=
+golang.org/x/mod v0.27.0 h1:kb+q2PyFnEADO2IEF935ehFUXlWiNjJWtRNgBLSfbxQ=
+golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc=
 golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
 golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
+golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
+golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
 golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
 golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
+golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg=
+golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/internal/cli/app.go b/internal/cli/app.go
@@ -413,6 +413,10 @@ func (a *App) CLI() *CLI {
 						Key: "2",
 						Val: "HTTP/2.0",
 					},
+					{
+						Key: "3",
+						Val: "HTTP/3.0",
+					},
 				},
 				IsSet: func() bool {
 					return a.Cfg.HTTP != core.HTTPDefault
diff --git a/internal/client/client.go b/internal/client/client.go
@@ -8,6 +8,7 @@ import (
 	"io"
 	"net"
 	"net/http"
+	"net/http/httptrace"
 	"net/url"
 	"os"
 	"strings"
@@ -19,6 +20,8 @@ import (
 
 	"github.com/klauspost/compress/gzip"
 	"github.com/klauspost/compress/zstd"
+	"github.com/quic-go/quic-go"
+	"github.com/quic-go/quic-go/http3"
 	"golang.org/x/net/http2"
 )
 
@@ -92,42 +95,9 @@ func NewClient(cfg ClientConfig) *Client {
 	var transport http.RoundTripper
 	switch cfg.HTTP {
 	case core.HTTP2:
-		rt := &http2.Transport{
-			AllowHTTP: false, // Disable h2c, for now.
-			DialTLSContext: func(ctx context.Context, network string, addr string, cfg *tls.Config) (net.Conn, error) {
-				dial := baseDial
-				if dial == nil {
-					var dialer net.Dialer
-					dial = dialer.DialContext
-				}
-
-				// Dial a connection and perform the TLS handshake.
-				conn, err := dial(ctx, network, addr)
-				if err != nil {
-					return nil, err
-				}
-
-				if cfg.ServerName == "" {
-					c := cfg.Clone()
-					host, _, err := net.SplitHostPort(addr)
-					if err != nil {
-						host = addr
-					}
-					c.ServerName = host
-					cfg = c
-				}
-
-				tlsConn := tls.Client(conn, cfg)
-				if err := tlsConn.HandshakeContext(ctx); err != nil {
-					conn.Close()
-					return nil, err
-				}
-				return tlsConn, nil
-			},
-			DisableCompression: true,
-			TLSClientConfig:    &tlsConfig,
-		}
-		transport = rt
+		transport = getHTTP2Transport(baseDial, &tlsConfig)
+	case core.HTTP3:
+		transport = getHTTP3Transport(cfg.DNSServer, &tlsConfig)
 	default:
 		rt := &http.Transport{
 			DialContext:        baseDial,
@@ -160,6 +130,114 @@ func NewClient(cfg ClientConfig) *Client {
 	return &Client{c: client}
 }
 
+func getHTTP2Transport(baseDial func(context.Context, string, string) (net.Conn, error), tlsConfig *tls.Config) http.RoundTripper {
+	return &http2.Transport{
+		AllowHTTP: false, // Disable h2c, for now.
+		DialTLSContext: func(ctx context.Context, network string, addr string, cfg *tls.Config) (net.Conn, error) {
+			dial := baseDial
+			if dial == nil {
+				var dialer net.Dialer
+				dial = dialer.DialContext
+			}
+
+			// Dial a connection and perform the TLS handshake.
+			conn, err := dial(ctx, network, addr)
+			if err != nil {
+				return nil, err
+			}
+
+			if cfg.ServerName == "" {
+				c := cfg.Clone()
+				host, _, err := net.SplitHostPort(addr)
+				if err != nil {
+					host = addr
+				}
+				c.ServerName = host
+				cfg = c
+			}
+
+			tlsConn := tls.Client(conn, cfg)
+			if err := tlsConn.HandshakeContext(ctx); err != nil {
+				conn.Close()
+				return nil, err
+			}
+			return tlsConn, nil
+		},
+		DisableCompression: true,
+		TLSClientConfig:    tlsConfig,
+	}
+}
+
+func getHTTP3Transport(dnsServer *url.URL, tlsConfig *tls.Config) http.RoundTripper {
+	rt := &http3.Transport{
+		DisableCompression: true,
+		TLSClientConfig:    tlsConfig,
+	}
+	if dnsServer != nil {
+		rt.Dial = func(ctx context.Context, addr string, tlsCfg *tls.Config, qcfg *quic.Config) (*quic.Conn, error) {
+			// Resolve the address to IPs.
+			var ips []net.IPAddr
+			var portStr string
+			var err error
+			if dnsServer.Scheme == "" {
+				var host string
+				host, portStr, err = net.SplitHostPort(addr)
+				if err != nil {
+					return nil, err
+				}
+				resolver := udpResolver(dnsServer.Host)
+				ips, err = resolver.LookupIPAddr(ctx, host)
+			} else {
+				ips, portStr, err = resolveDOH(ctx, dnsServer, addr)
+			}
+			if err != nil {
+				return nil, err
+			}
+			if len(ips) == 0 {
+				return nil, fmt.Errorf("lookup %s: no addresses found", addr)
+			}
+
+			port, err := net.LookupPort("udp", portStr)
+			if err != nil {
+				return nil, err
+			}
+
+			// Establish quic connection.
+			trace := httptrace.ContextClientTrace(ctx)
+			for _, ip := range ips {
+				udpAddr := &net.UDPAddr{IP: ip.IP, Port: port}
+				var lc net.ListenConfig
+				var packetConn net.PacketConn
+				packetConn, err = lc.ListenPacket(ctx, "udp", ":0")
+				if err != nil {
+					continue
+				}
+
+				if trace != nil && trace.TLSHandshakeStart != nil {
+					trace.TLSHandshakeStart()
+				}
+
+				var conn *quic.Conn
+				conn, err = quic.DialEarly(ctx, packetConn, udpAddr, tlsCfg, qcfg)
+				if trace != nil && trace.TLSHandshakeDone != nil {
+					var state tls.ConnectionState
+					if conn != nil {
+						state = conn.ConnectionState().TLS
+					}
+					trace.TLSHandshakeDone(state, err)
+				}
+				if err != nil {
+					continue
+				}
+				return conn, nil
+			}
+
+			return nil, err
+		}
+	}
+	return rt
+}
+
 // RequestConfig represents the configuration for creating an HTTP request.
 type RequestConfig struct {
 	AWSSigV4    *aws.Config
diff --git a/internal/client/dns.go b/internal/client/dns.go
@@ -17,57 +17,33 @@ import (
 // dialContextUDP returns a DialContext function that performs a DNS lookup
 // using the provided DNS server address and port.
 func dialContextUDP(serverAddr string) func(ctx context.Context, network, address string) (net.Conn, error) {
-	dialer := net.Dialer{
-		Resolver: &net.Resolver{
-			PreferGo: true,
-			Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
-				var d net.Dialer
-				return d.DialContext(ctx, network, serverAddr)
-			},
+	dialer := net.Dialer{Resolver: udpResolver(serverAddr)}
+	return dialer.DialContext
+}
+
+func udpResolver(serverAddr string) *net.Resolver {
+	return &net.Resolver{
+		PreferGo: true,
+		Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
+			var d net.Dialer
+			return d.DialContext(ctx, network, serverAddr)
 		},
 	}
-	return dialer.DialContext
 }
 
 // dialContextDOH returns a DialContext function that performs a DoH lookup
 // using the provided DoH server address.
 func dialContextDOH(serverURL *url.URL) func(ctx context.Context, network, address string) (net.Conn, error) {
 	return func(ctx context.Context, network, address string) (net.Conn, error) {
-		host, port, err := net.SplitHostPort(address)
+		ips, port, err := resolveDOH(ctx, serverURL, address)
 		if err != nil {
 			return nil, err
 		}
 
-		trace := httptrace.ContextClientTrace(ctx)
-		if trace != nil && trace.DNSStart != nil {
-			trace.DNSStart(httptrace.DNSStartInfo{Host: host})
-		}
-
-		// Lookup A record first, fallback to AAAA.
-		ips, err := lookupDOH(ctx, serverURL, host, "A")
-		if err != nil {
-			ips, err = lookupDOH(ctx, serverURL, host, "AAAA")
-		}
-
-		if trace != nil && trace.DNSDone != nil {
-			info := httptrace.DNSDoneInfo{Err: err}
-			if err == nil {
-				for _, ip := range ips {
-					addr := net.IPAddr{IP: net.ParseIP(ip)}
-					info.Addrs = append(info.Addrs, addr)
-				}
-			}
-			trace.DNSDone(info)
-		}
-
-		if err != nil {
-			return nil, fmt.Errorf("lookup %s: %w", host, err)
-		}
-
 		var d net.Dialer
 		for _, ip := range ips {
 			var conn net.Conn
-			conn, err = d.DialContext(ctx, network, net.JoinHostPort(ip, port))
+			conn, err = d.DialContext(ctx, network, net.JoinHostPort(ip.IP.String(), port))
 			if err == nil {
 				return conn, nil
 			}
@@ -76,6 +52,43 @@ func dialContextDOH(serverURL *url.URL) func(ctx context.Context, network, addre
 	}
 }
 
+func resolveDOH(ctx context.Context, serverURL *url.URL, address string) ([]net.IPAddr, string, error) {
+	host, port, err := net.SplitHostPort(address)
+	if err != nil {
+		return nil, "", err
+	}
+
+	trace := httptrace.ContextClientTrace(ctx)
+	if trace != nil && trace.DNSStart != nil {
+		trace.DNSStart(httptrace.DNSStartInfo{Host: host})
+	}
+
+	// Lookup A record first, fallback to AAAA.
+	ipStrs, err := lookupDOH(ctx, serverURL, host, "A")
+	if err != nil {
+		ipStrs, err = lookupDOH(ctx, serverURL, host, "AAAA")
+	}
+
+	ips := make([]net.IPAddr, 0, len(ipStrs))
+	for _, ip := range ipStrs {
+		ips = append(ips, net.IPAddr{IP: net.ParseIP(ip)})
+	}
+
+	if trace != nil && trace.DNSDone != nil {
+		info := httptrace.DNSDoneInfo{Err: err}
+		if err == nil {
+			info.Addrs = append(info.Addrs, ips...)
+		}
+		trace.DNSDone(info)
+	}
+
+	if err != nil {
+		return nil, "", fmt.Errorf("lookup %s: %w", host, err)
+	}
+
+	return ips, port, nil
+}
+
 // lookupDOH performs a DNS lookup via DoH with the provided DoH server URL,
 // host to lookup, and DNS type.
 func lookupDOH(ctx context.Context, serverURL *url.URL, host, dnsType string) ([]string, error) {
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -277,8 +277,10 @@ func (c *Config) ParseHTTP(value string) error {
 		c.HTTP = core.HTTP1
 	case "2":
 		c.HTTP = core.HTTP2
+	case "3":
+		c.HTTP = core.HTTP3
 	default:
-		const usage = "must be one of [1, 2]"
+		const usage = "must be one of [1, 2, 3]"
 		return core.NewValueError("http", value, usage, c.isFile)
 	}
 	return nil
diff --git a/internal/core/core.go b/internal/core/core.go
diff --git a/main.go b/main.go
