It was a friday night when I saw that someone had commented on an issue saying that the site was down. I created udpquiz back in 2022, and it seemed like a good time to give it a fresh coat of paint.
For the update, I thought it'd be pretty interesting if it were only available over udp (fits the theme, amirite?). The solution to this is to serve the site over HTTP/3 which uses the QUIC transport layer that uses udp.
Enabling the site to use just HTTP/3 was as simple as adding
protocols h3
to the Caddyfile.
That's not enough though - the browser needs some way to figure out that the server actually offers HTTP/3 support. This is accomplished in two ways.
Alt-Svc header when a client
requests the page over HTTP/1.1 or HTTP/2. Since we aren't offering
the page via these protocols, this isn't an option for us.
no-default-alpn alpn="h3" ipv4hint="SERVER_IP".
However, with just the h3 protocol enabled, caddy struggles with automatic certificate provisioning. I didn't spend much time debugging this, instead opting to use dns-01 challenge.
The last step is to modify the eBPF filter to pass quic packets to caddy unmodified. QUIC v1 has a fixed bit 6 in every packet header we could check, but RFC 9287 introduced later allows greasing this bit to be any value. In the end, I decided to simply pass any incoming udp packet on port 443 to caddy and add a note to the home page.
Testing this in various browsers: Works fine on Firefox on Linux, Android. Safari on MacOS worked some of the time(?). I could not get Google Chrome to load the site at all. Taking a quick look at wireshark, it's clear that Google Chrome isn't sending an HTTPS DNS request at all and just tries TCP.