[HTTP/3] Optimize IPv6 fallback and enforce HTTPS scheme #2911 (#3006)

lyuzichong · web-flow · commit 5d5bf355744b · 2026-04-10T14:32:51.000-04:00
* optimize connection fallback and validate scheme

* reformat

* reformat

* local_addr fix

* loacl_add fixed
diff --git a/src/async_impl/h3_client/connect.rs b/src/async_impl/h3_client/connect.rs
@@ -59,6 +59,7 @@ pub(crate) struct H3Connector {
     resolver: DynResolver,
     endpoint: Endpoint,
     client_config: H3ClientConfig,
+    bound_addr: IpAddr,
 }
 
 impl H3Connector {
@@ -74,6 +75,7 @@ impl H3Connector {
         // FIXME: Replace this when there is a setter.
         config.transport_config(Arc::new(transport_config));
 
+        // Pipe the local address through to the endpoint creation
         let socket_addr = match local_addr {
             Some(ip) => SocketAddr::new(ip, 0),
             None => "[::]:0".parse::<SocketAddr>().unwrap(),
@@ -82,10 +84,14 @@ impl H3Connector {
         let mut endpoint = Endpoint::client(socket_addr)?;
         endpoint.set_default_client_config(config);
 
+        // Get the actual bound address from the endpoint
+        let bound_addr = endpoint.local_addr()?.ip();
+
         Ok(Self {
             resolver,
             endpoint,
             client_config,
+            bound_addr,
         })
     }
 
@@ -117,28 +123,83 @@ impl H3Connector {
         addrs: Vec<SocketAddr>,
         server_name: &str,
     ) -> Result<H3Connection, BoxError> {
-        let mut err = None;
+        if addrs.is_empty() {
+            return Err("no addresses to connect to".into());
+        }
+
+        let (mut ipv6_addrs, mut ipv4_addrs): (Vec<SocketAddr>, Vec<SocketAddr>) =
+            addrs.into_iter().partition(|addr| addr.is_ipv6());
+
+        if self.bound_addr.is_ipv6() {
+            ipv4_addrs.clear();
+        } else {
+            ipv6_addrs.clear();
+        }
+
+        if ipv6_addrs.is_empty() {
+            return Self::try_addresses_static(
+                &self.endpoint,
+                &ipv4_addrs,
+                server_name,
+                &self.client_config,
+            )
+            .await;
+        }
+        if ipv4_addrs.is_empty() {
+            return Self::try_addresses_static(
+                &self.endpoint,
+                &ipv6_addrs,
+                server_name,
+                &self.client_config,
+            )
+            .await;
+        }
+
+        let endpoint = self.endpoint.clone();
+        let client_config = self.client_config.clone();
+
+        match Self::try_addresses_static(&endpoint, &ipv6_addrs, server_name, &client_config).await
+        {
+            Ok(conn) => Ok(conn),
+            Err(_) => {
+                Self::try_addresses_static(&endpoint, &ipv4_addrs, server_name, &client_config)
+                    .await
+            }
+        }
+    }
+
+    async fn try_addresses_static(
+        endpoint: &Endpoint,
+        addrs: &[SocketAddr],
+        server_name: &str,
+        client_config: &H3ClientConfig,
+    ) -> Result<H3Connection, BoxError> {
+        let mut last_err: Option<BoxError> = None;
+
         for addr in addrs {
-            match self.endpoint.connect(addr, server_name)?.await {
-                Ok(new_conn) => {
-                    let quinn_conn = Connection::new(new_conn);
-                    let mut h3_client_builder = h3::client::builder();
-                    if let Some(max_field_section_size) = self.client_config.max_field_section_size
-                    {
-                        h3_client_builder.max_field_section_size(max_field_section_size);
+            match endpoint.connect(*addr, server_name) {
+                Ok(connecting) => match connecting.await {
+                    Ok(new_conn) => {
+                        let quinn_conn = Connection::new(new_conn);
+                        let mut h3_client_builder = h3::client::builder();
+                        if let Some(max_field_section_size) = client_config.max_field_section_size {
+                            h3_client_builder.max_field_section_size(max_field_section_size);
+                        }
+                        if let Some(send_grease) = client_config.send_grease {
+                            h3_client_builder.send_grease(send_grease);
+                        }
+                        return Ok(h3_client_builder.build(quinn_conn).await?);
                     }
-                    if let Some(send_grease) = self.client_config.send_grease {
-                        h3_client_builder.send_grease(send_grease);
+                    Err(e) => {
+                        last_err = Some(Box::new(e) as BoxError);
                     }
-                    return Ok(h3_client_builder.build(quinn_conn).await?);
+                },
+                Err(e) => {
+                    last_err = Some(Box::new(e) as BoxError);
                 }
-                Err(e) => err = Some(e),
             }
         }
 
-        match err {
-            Some(e) => Err(Box::new(e) as BoxError),
-            None => Err("failed to establish connection for HTTP/3 request".into()),
-        }
+        Err(last_err.unwrap_or_else(|| "no addresses available".into()))
     }
 }
diff --git a/src/async_impl/h3_client/pool.rs b/src/async_impl/h3_client/pool.rs
@@ -364,7 +364,22 @@ where
 pub(crate) fn extract_domain(uri: &mut Uri) -> Result<Key, Error> {
     let uri_clone = uri.clone();
     match (uri_clone.scheme(), uri_clone.authority()) {
-        (Some(scheme), Some(auth)) => Ok((scheme.clone(), auth.clone())),
+        (Some(scheme), Some(auth)) => {
+            let scheme_str = scheme.as_str();
+            if scheme_str != "https" && scheme_str != "h3" {
+                return Err(Error::new(
+                    Kind::Request,
+                    Some(Box::new(std::io::Error::new(
+                        std::io::ErrorKind::InvalidInput,
+                        format!(
+                            "HTTP/3 only supports 'https' or 'h3' schemes, got: {}",
+                            scheme_str
+                        ),
+                    ))),
+                ));
+            }
+            Ok((scheme.clone(), auth.clone()))
+        }
         _ => Err(Error::new(Kind::Request, None::<Error>)),
     }
 }
