Enabling HTTP/3.0 detection for Prober Extender (QUIC)

[sebastianfeliciano]

Summary

Fixes: #1418

We need monitoring capabilities to validate QUIC endpoints and H3.
We use quic-go library

Preview:

Monitor HTTP/3 endpoints with the same reliability as HTTP/1.x and HTTP/2.

No fallback to h2 if h3 is not found

Testing

local host

Revert Plan

revert

[sebastianfeliciano]

@electron0zero

[zhengxiongzhao]

When the certificate expires
handler.go:194 Error for HTTP request CRYPTO_ERROR 0x12a (local): tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2025-06-23T11:32:17+08:00 is after 2025-06-22T02:06:45Z

[sebastianfeliciano]

When the certificate expires handler.go:194 Error for HTTP request CRYPTO_ERROR 0x12a (local): tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2025-06-23T11:32:17+08:00 is after 2025-06-22T02:06:45Z

@zhengxiongzhao in the Go crypto/tls package, tls.Config.ServerName must not be empty, Based on this issue, I've moved logic to handle this. Please note this does not have a fallback method where h3 goes to h2. If there's something else please let me know.

[sebastianfeliciano]

@bwplotka could I get a review?

[zhengxiongzhao]

When the certificate expires handler.go:194 Error for HTTP request CRYPTO_ERROR 0x12a (local): tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2025-06-23T11:32:17+08:00 is after 2025-06-22T02:06:45Z

@zhengxiongzhao in the Go crypto/tls package, tls.Config.ServerName must not be empty, Based on this issue, I've moved logic to handle this. Please note this does not have a fallback method where h3 goes to h2. If there's something else please let me know.

ok. thank you for your answer. I will give it a try

[sebastianfeliciano]

@SuperQ can I get a review?

[jesusvazquez]

The code is looking great. Left a small nit about a logline that perhaps was a leftover?

I think we're missing some tests to gain a bit of confidence with this.

• TestValidHTTPVersion should now perhaps include HTTP/3
• We need a test for probing against an endpoint using the new code.

[sebastianfeliciano]

The code is looking great. Left a small nit about a logline that perhaps was a leftover?

• TestValidHTTPVersion should now perhaps include HTTP/3

So TestValidHTTPVersion uses a H1.1 and H2 server over TCP. The structure of the test is starting with the server with 1.1, it can connect to 2. Without 1.1 it cannot connect to H2 because it is an H1.1 server.

With that being said, this is done over TCP so TestValidHTTP should not work for H3, I've added a false case, but added a whole new ValidHTTPVersionsQUIC since this is over UDP and does not fallback using TCP.

[sebastianfeliciano]

@electron0zero, thank you for your help! Just to note, Ive added config checking within the ValidHTTPVersions in additon to config.go, so that others do not get confused on why HTTP3 should not work for the TCP Version (With 1.1 and 2.0) and vice-versa. This is because the Test is called on probe and in main it Reloads a config first, i added the validation inside of the tests, and referenced the file.

[jesusvazquez]

This is now looking good to me, awesome work 💪 .

Waiting for @electron0zero's review before merge

[electron0zero]

lgtm, great work 👏🏼

[electron0zero]

I am giving time to other maintainers to review before we merge, if there's nothing in a week, I will hit merge.

feel free to remind me if I don't get to it after a week.

[sebastianfeliciano]

@electron0zero, looks like there are no answers after a week 😮