Initial support for the PROXY protocol header

Depend on Ranch master for now since it isn't in any release yet.

Makefile

@@ -16,7 +16,7 @@ LOCAL_DEPS = crypto
 
 DEPS = cowlib ranch
 dep_cowlib = git https://github.com/ninenines/cowlib master
-dep_ranch = git https://github.com/ninenines/ranch 1.6.2
+dep_ranch = git https://github.com/ninenines/ranch master
 
 DOC_DEPS = asciideck
 

rebar.config

@@ -1,4 +1,4 @@
 {deps, [
-{cowlib,".*",{git,"https://github.com/ninenines/cowlib","master"}},{ranch,".*",{git,"https://github.com/ninenines/ranch","1.6.2"}}
+{cowlib,".*",{git,"https://github.com/ninenines/cowlib","master"}},{ranch,".*",{git,"https://github.com/ninenines/ranch","master"}}
 ]}.
 {erl_opts, [debug_info,warn_export_vars,warn_shadow_vars,warn_obsolete_guard,warn_missing_spec,warn_untyped_record]}.

src/cowboy_clear.erl

@@ -16,22 +16,29 @@
 -behavior(ranch_protocol).
 
 -export([start_link/4]).
--export([connection_process/5]).
+-export([connection_process/4]).
 
 -spec start_link(ranch:ref(), inet:socket(), module(), cowboy:opts()) -> {ok, pid()}.
-start_link(Ref, Socket, Transport, Opts) ->
+start_link(Ref, _Socket, Transport, Opts) ->
 	Pid = proc_lib:spawn_link(?MODULE, connection_process,
-		[self(), Ref, Socket, Transport, Opts]),
+		[self(), Ref, Transport, Opts]),
 	{ok, Pid}.
 
--spec connection_process(pid(), ranch:ref(), inet:socket(), module(), cowboy:opts()) -> ok.
-connection_process(Parent, Ref, Socket, Transport, Opts) ->
-	ok = ranch:accept_ack(Ref),
-	init(Parent, Ref, Socket, Transport, Opts, cowboy_http).
+-spec connection_process(pid(), ranch:ref(), module(), cowboy:opts()) -> ok.
+connection_process(Parent, Ref, Transport, Opts) ->
+	ProxyInfo = case maps:get(proxy_header, Opts, false) of
+		true ->
+			{ok, ProxyInfo0} = ranch:recv_proxy_header(Ref, 1000),
+			ProxyInfo0;
+		false ->
+			undefined
+	end,
+	{ok, Socket} = ranch:handshake(Ref),
+	init(Parent, Ref, Socket, Transport, ProxyInfo, Opts, cowboy_http).
 
-init(Parent, Ref, Socket, Transport, Opts, Protocol) ->
+init(Parent, Ref, Socket, Transport, ProxyInfo, Opts, Protocol) ->
 	_ = case maps:get(connection_type, Opts, supervisor) of
 		worker -> ok;
 		supervisor -> process_flag(trap_exit, true)
 	end,
-	Protocol:init(Parent, Ref, Socket, Transport, Opts).
+	Protocol:init(Parent, Ref, Socket, Transport, ProxyInfo, Opts).

src/cowboy_http.erl

@@ -18,7 +18,7 @@
 -compile({nowarn_deprecated_function, [{erlang, get_stacktrace, 0}]}).
 -endif.
 
--export([init/5]).
+-export([init/6]).
 
 -export([system_continue/3]).
 -export([system_terminate/4]).
@@ -98,6 +98,7 @@
 	ref :: ranch:ref(),
 	socket :: inet:socket(),
 	transport :: module(),
+	proxy_header :: undefined | ranch_proxy_header:proxy_info(),
 	opts = #{} :: map(),
 
 	%% Remote address and port for the connection.
@@ -137,8 +138,9 @@
 -include_lib("cowlib/include/cow_inline.hrl").
 -include_lib("cowlib/include/cow_parse.hrl").
 
--spec init(pid(), ranch:ref(), inet:socket(), module(), cowboy:opts()) -> ok.
-init(Parent, Ref, Socket, Transport, Opts) ->
+-spec init(pid(), ranch:ref(), inet:socket(), module(),
+	ranch_proxy_header:proxy_info(), cowboy:opts()) -> ok.
+init(Parent, Ref, Socket, Transport, ProxyHeader, Opts) ->
 	Peer0 = Transport:peername(Socket),
 	Sock0 = Transport:sockname(Socket),
 	Cert1 = case Transport:name() of
@@ -157,7 +159,7 @@ init(Parent, Ref, Socket, Transport, Opts) ->
 			LastStreamID = maps:get(max_keepalive, Opts, 100),
 			before_loop(set_timeout(#state{
 				parent=Parent, ref=Ref, socket=Socket,
-				transport=Transport, opts=Opts,
+				transport=Transport, proxy_header=ProxyHeader, opts=Opts,
 				peer=Peer, sock=Sock, cert=Cert,
 				last_streamid=LastStreamID}), <<>>);
 		{{error, Reason}, _, _} ->
@@ -655,7 +657,7 @@ default_port(_) -> 80.
 %% End of request parsing.
 
 request(Buffer, State0=#state{ref=Ref, transport=Transport, peer=Peer, sock=Sock, cert=Cert,
-		in_streamid=StreamID, in_state=
+		proxy_header=ProxyHeader, in_streamid=StreamID, in_state=
 			PS=#ps_header{method=Method, path=Path, qs=Qs, version=Version}},
 		Headers0, Host, Port) ->
 	Scheme = case Transport:secure() of
@@ -691,7 +693,7 @@ request(Buffer, State0=#state{ref=Ref, transport=Transport, peer=Peer, sock=Sock
 		_ ->
 			{Headers0, false, 0, undefined, undefined}
 	end,
-	Req = #{
+	Req0 = #{
 		ref => Ref,
 		pid => self(),
 		streamid => StreamID,
@@ -711,6 +713,11 @@ request(Buffer, State0=#state{ref=Ref, transport=Transport, peer=Peer, sock=Sock
 		has_body => HasBody,
 		body_length => BodyLength
 	},
+	%% We add the PROXY header information if any.
+	Req = case ProxyHeader of
+		undefined -> Req0;
+		_ -> Req0#{proxy_header => ProxyHeader}
+	end,
 	case is_http2_upgrade(Headers, Version) of
 		false ->
 			State = case HasBody of
@@ -754,12 +761,12 @@ is_http2_upgrade(_, _) ->
 
 %% Prior knowledge upgrade, without an HTTP/1.1 request.
 http2_upgrade(State=#state{parent=Parent, ref=Ref, socket=Socket, transport=Transport,
-		opts=Opts, peer=Peer, sock=Sock, cert=Cert}, Buffer) ->
+		proxy_header=ProxyHeader, opts=Opts, peer=Peer, sock=Sock, cert=Cert}, Buffer) ->
 	case Transport:secure() of
 		false ->
 			_ = cancel_timeout(State),
-			cowboy_http2:init(Parent, Ref, Socket, Transport, Opts,
-				Peer, Sock, Cert, Buffer);
+			cowboy_http2:init(Parent, Ref, Socket, Transport,
+				ProxyHeader, Opts, Peer, Sock, Cert, Buffer);
 		true ->
 			error_terminate(400, State, {connection_error, protocol_error,
 				'Clients that support HTTP/2 over TLS MUST use ALPN. (RFC7540 3.4)'})
@@ -767,7 +774,8 @@ http2_upgrade(State=#state{parent=Parent, ref=Ref, socket=Socket, transport=Tran
 
 %% Upgrade via an HTTP/1.1 request.
 http2_upgrade(State=#state{parent=Parent, ref=Ref, socket=Socket, transport=Transport,
-		opts=Opts, peer=Peer, sock=Sock, cert=Cert}, Buffer, HTTP2Settings, Req) ->
+		proxy_header=ProxyHeader, opts=Opts, peer=Peer, sock=Sock, cert=Cert},
+		Buffer, HTTP2Settings, Req) ->
 	%% @todo
 	%% However if the client sent a body, we need to read the body in full
 	%% and if we can't do that, return a 413 response. Some options are in order.
@@ -775,8 +783,8 @@ http2_upgrade(State=#state{parent=Parent, ref=Ref, socket=Socket, transport=Tran
 	try cow_http_hd:parse_http2_settings(HTTP2Settings) of
 		Settings ->
 			_ = cancel_timeout(State),
-			cowboy_http2:init(Parent, Ref, Socket, Transport, Opts,
-				Peer, Sock, Cert, Buffer, Settings, Req)
+			cowboy_http2:init(Parent, Ref, Socket, Transport,
+				ProxyHeader, Opts, Peer, Sock, Cert, Buffer, Settings, Req)
 	catch _:_ ->
 		error_terminate(400, State, {connection_error, protocol_error,
 			'The HTTP2-Settings header must contain a base64 SETTINGS payload. (RFC7540 3.2, RFC7540 3.2.1)'})

src/cowboy_http2.erl

@@ -18,9 +18,9 @@
 -compile({nowarn_deprecated_function, [{erlang, get_stacktrace, 0}]}).
 -endif.
 
--export([init/5]).
--export([init/9]).
--export([init/11]).
+-export([init/6]).
+-export([init/10]).
+-export([init/12]).
 
 -export([system_continue/3]).
 -export([system_terminate/4]).
@@ -52,6 +52,7 @@
 	ref :: ranch:ref(),
 	socket = undefined :: inet:socket(),
 	transport :: module(),
+	proxy_header :: undefined | ranch_proxy_header:proxy_info(),
 	opts = #{} :: opts(),
 
 	%% Remote address and port for the connection.
@@ -76,8 +77,9 @@
 	children = cowboy_children:init() :: cowboy_children:children()
 }).
 
--spec init(pid(), ranch:ref(), inet:socket(), module(), cowboy:opts()) -> ok.
-init(Parent, Ref, Socket, Transport, Opts) ->
+-spec init(pid(), ranch:ref(), inet:socket(), module(),
+	ranch_proxy_header:proxy_info(), cowboy:opts()) -> ok.
+init(Parent, Ref, Socket, Transport, ProxyHeader, Opts) ->
 	Peer0 = Transport:peername(Socket),
 	Sock0 = Transport:sockname(Socket),
 	Cert1 = case Transport:name() of
@@ -93,7 +95,7 @@ init(Parent, Ref, Socket, Transport, Opts) ->
 	end,
 	case {Peer0, Sock0, Cert1} of
 		{{ok, Peer}, {ok, Sock}, {ok, Cert}} ->
-			init(Parent, Ref, Socket, Transport, Opts, Peer, Sock, Cert, <<>>);
+			init(Parent, Ref, Socket, Transport, ProxyHeader, Opts, Peer, Sock, Cert, <<>>);
 		{{error, Reason}, _, _} ->
 			terminate(undefined, {socket_error, Reason,
 				'A socket error occurred when retrieving the peer name.'});
@@ -105,13 +107,15 @@ init(Parent, Ref, Socket, Transport, Opts) ->
 				'A socket error occurred when retrieving the client TLS certificate.'})
 	end.
 
--spec init(pid(), ranch:ref(), inet:socket(), module(), cowboy:opts(),
+-spec init(pid(), ranch:ref(), inet:socket(), module(),
+	ranch_proxy_header:proxy_info(), cowboy:opts(),
 	{inet:ip_address(), inet:port_number()}, {inet:ip_address(), inet:port_number()},
 	binary() | undefined, binary()) -> ok.
-init(Parent, Ref, Socket, Transport, Opts, Peer, Sock, Cert, Buffer) ->
+init(Parent, Ref, Socket, Transport, ProxyHeader, Opts, Peer, Sock, Cert, Buffer) ->
 	{ok, Preface, HTTP2Machine} = cow_http2_machine:init(server, Opts),
 	State = #state{parent=Parent, ref=Ref, socket=Socket,
-		transport=Transport, opts=Opts, peer=Peer, sock=Sock, cert=Cert,
+		transport=Transport, proxy_header=ProxyHeader,
+		opts=Opts, peer=Peer, sock=Sock, cert=Cert,
 		http2_init=sequence, http2_machine=HTTP2Machine},
 	Transport:send(Socket, Preface),
 	case Buffer of
@@ -120,16 +124,18 @@ init(Parent, Ref, Socket, Transport, Opts, Peer, Sock, Cert, Buffer) ->
 	end.
 
 %% @todo Add an argument for the request body.
--spec init(pid(), ranch:ref(), inet:socket(), module(), cowboy:opts(),
+-spec init(pid(), ranch:ref(), inet:socket(), module(),
+	ranch_proxy_header:proxy_info(), cowboy:opts(),
 	{inet:ip_address(), inet:port_number()}, {inet:ip_address(), inet:port_number()},
 	binary() | undefined, binary(), map() | undefined, cowboy_req:req()) -> ok.
-init(Parent, Ref, Socket, Transport, Opts, Peer, Sock, Cert, Buffer,
+init(Parent, Ref, Socket, Transport, ProxyHeader, Opts, Peer, Sock, Cert, Buffer,
 		_Settings, Req=#{method := Method}) ->
 	{ok, Preface, HTTP2Machine0} = cow_http2_machine:init(server, Opts),
 	{ok, StreamID, HTTP2Machine}
 		= cow_http2_machine:init_upgrade_stream(Method, HTTP2Machine0),
 	State0 = #state{parent=Parent, ref=Ref, socket=Socket,
-		transport=Transport, opts=Opts, peer=Peer, sock=Sock, cert=Cert,
+		transport=Transport, proxy_header=ProxyHeader,
+		opts=Opts, peer=Peer, sock=Sock, cert=Cert,
 		http2_init=upgrade, http2_machine=HTTP2Machine},
 	State1 = headers_frame(State0#state{
 		http2_machine=HTTP2Machine}, StreamID, Req),
@@ -285,7 +291,7 @@ headers_frame(State, StreamID, IsFin, Headers,
 		PseudoHeaders=#{method := <<"TRACE">>}, _) ->
 	early_error(State, StreamID, IsFin, Headers, PseudoHeaders, 501,
 		'The TRACE method is currently not implemented. (RFC7231 4.3.8)');
-headers_frame(State=#state{ref=Ref, peer=Peer, sock=Sock, cert=Cert},
+headers_frame(State=#state{ref=Ref, peer=Peer, sock=Sock, cert=Cert, proxy_header=ProxyHeader},
 		StreamID, IsFin, Headers, PseudoHeaders=#{method := Method, scheme := Scheme,
 			authority := Authority, path := PathWithQs}, BodyLen) ->
 	try cow_http_hd:parse_host(Authority) of
@@ -314,12 +320,15 @@ headers_frame(State=#state{ref=Ref, peer=Peer, sock=Sock, cert=Cert},
 						has_body => IsFin =:= nofin,
 						body_length => BodyLen
 					},
+					%% We add the PROXY header information if any.
+					Req1 = case ProxyHeader of
+						undefined -> Req0;
+						_ -> Req0#{proxy_header => ProxyHeader}
+					end,
 					%% We add the protocol information for extended CONNECTs.
 					Req = case PseudoHeaders of
-						#{protocol := Protocol} ->
-							Req0#{protocol => Protocol};
-						_ ->
-							Req0
+						#{protocol := Protocol} -> Req1#{protocol => Protocol};
+						_ -> Req1
 					end,
 					headers_frame(State, StreamID, Req)
 			catch _:_ ->

src/cowboy_req.erl

@@ -126,6 +126,7 @@
 %	pid := pid(),
 %	streamid := cowboy_stream:streamid(),
 %	peer := {inet:ip_address(), inet:port_number()},
+%	proxy_header => ...
 %
 %	method := binary(), %% case sensitive
 %	version := cowboy:http_version() | atom(),

src/cowboy_tls.erl

@@ -26,17 +26,24 @@ start_link(Ref, Socket, Transport, Opts) ->
 
 -spec connection_process(pid(), ranch:ref(), ssl:sslsocket(), module(), cowboy:opts()) -> ok.
 connection_process(Parent, Ref, Socket, Transport, Opts) ->
-	ok = ranch:accept_ack(Ref),
+	ProxyInfo = case maps:get(proxy_header, Opts, false) of
+		true ->
+			{ok, ProxyInfo0} = ranch:recv_proxy_header(Ref, 1000),
+			ProxyInfo0;
+		false ->
+			undefined
+	end,
+	{ok, Socket} = ranch:handshake(Ref),
 	case ssl:negotiated_protocol(Socket) of
 		{ok, <<"h2">>} ->
-			init(Parent, Ref, Socket, Transport, Opts, cowboy_http2);
+			init(Parent, Ref, Socket, Transport, ProxyInfo, Opts, cowboy_http2);
 		_ -> %% http/1.1 or no protocol negotiated.
-			init(Parent, Ref, Socket, Transport, Opts, cowboy_http)
+			init(Parent, Ref, Socket, Transport, ProxyInfo, Opts, cowboy_http)
 	end.
 
-init(Parent, Ref, Socket, Transport, Opts, Protocol) ->
+init(Parent, Ref, Socket, Transport, ProxyInfo, Opts, Protocol) ->
 	_ = case maps:get(connection_type, Opts, supervisor) of
 		worker -> ok;
 		supervisor -> process_flag(trap_exit, true)
 	end,
-	Protocol:init(Parent, Ref, Socket, Transport, Opts).
+	Protocol:init(Parent, Ref, Socket, Transport, ProxyInfo, Opts).

test/proxy_header_SUITE.erl

@@ -0,0 +1,244 @@
+%% Copyright (c) 2018, Loïc Hoguin <essen@ninenines.eu>
+%%
+%% Permission to use, copy, modify, and/or distribute this software for any
+%% purpose with or without fee is hereby granted, provided that the above
+%% copyright notice and this permission notice appear in all copies.
+%%
+%% THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+%% WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+%% MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+%% ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+%% WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+%% ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+%% OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+-module(proxy_header_SUITE).
+-compile(export_all).
+-compile(nowarn_export_all).
+
+-import(ct_helper, [config/2]).
+-import(ct_helper, [doc/1]).
+-import(cowboy_test, [raw_send/2]).
+-import(cowboy_test, [raw_recv_head/1]).
+-import(cowboy_test, [raw_recv/3]).
+
+%% ct.
+
+all() ->
+	[
+		{group, http},
+		{group, https},
+		{group, h2},
+		{group, h2c},
+		{group, h2c_upgrade}
+	].
+
+groups() ->
+	Tests = ct_helper:all(?MODULE),
+	[{h2c_upgrade, [parallel], Tests}|cowboy_test:common_groups(Tests)].
+
+init_per_group(Name=http, Config) ->
+	cowboy_test:init_http(Name, #{
+		env => #{dispatch => init_dispatch()},
+		proxy_header => true
+	}, Config);
+init_per_group(Name=https, Config) ->
+	cowboy_test:init_https(Name, #{
+		env => #{dispatch => init_dispatch()},
+		proxy_header => true
+	}, Config);
+init_per_group(Name=h2, Config) ->
+	cowboy_test:init_http2(Name, #{
+		env => #{dispatch => init_dispatch()},
+		proxy_header => true
+	}, Config);
+init_per_group(Name=h2c, Config) ->
+	Config1 = cowboy_test:init_http(Name, #{
+		env => #{dispatch => init_dispatch()},
+		proxy_header => true
+	}, Config),
+	lists:keyreplace(protocol, 1, Config1, {protocol, http2});
+init_per_group(Name=h2c_upgrade, Config) ->
+	Config1 = cowboy_test:init_http(h2c, #{
+		env => #{dispatch => init_dispatch()},
+		proxy_header => true
+	}, Config),
+	Config2 = lists:keyreplace(protocol, 1, Config1, {protocol, http2}),
+	lists:keyreplace(ref, 1, Config2, {ref, Name}).
+
+end_per_group(Name, _) ->
+	cowboy:stop_listener(Name).
+
+%% Routes.
+
+init_dispatch() ->
+	cowboy_router:compile([{"[...]", [
+		{"/direct/:key/[...]", echo_h, []}
+	]}]).
+
+%% Tests.
+
+v1_proxy_header(Config) ->
+	doc("Confirm we can read the proxy header at the start of the connection."),
+	ProxyInfo = #{
+		version => 1,
+		command => proxy,
+		transport_family => ipv4,
+		transport_protocol => stream,
+		src_address => {127, 0, 0, 1},
+		src_port => 444,
+		dest_address => {192, 168, 0, 1},
+		dest_port => 443
+	},
+	do_proxy_header(Config, ProxyInfo).
+
+v2_proxy_header(Config) ->
+	doc("Confirm we can read the proxy header at the start of the connection."),
+	ProxyInfo = #{
+		version => 2,
+		command => proxy,
+		transport_family => ipv4,
+		transport_protocol => stream,
+		src_address => {127, 0, 0, 1},
+		src_port => 444,
+		dest_address => {192, 168, 0, 1},
+		dest_port => 443
+	},
+	do_proxy_header(Config, ProxyInfo).
+
+v2_local_header(Config) ->
+	doc("Confirm we can read the proxy header at the start of the connection."),
+	ProxyInfo = #{
+		version => 2,
+		command => local
+	},
+	do_proxy_header(Config, ProxyInfo).
+
+do_proxy_header(Config, ProxyInfo) ->
+	case config(ref, Config) of
+		http -> do_proxy_header_http(Config, ProxyInfo);
+		https -> do_proxy_header_https(Config, ProxyInfo);
+		h2 -> do_proxy_header_h2(Config, ProxyInfo);
+		h2c -> do_proxy_header_h2c(Config, ProxyInfo);
+		h2c_upgrade -> do_proxy_header_h2c_upgrade(Config, ProxyInfo)
+	end.
+
+do_proxy_header_http(Config, ProxyInfo) ->
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config),
+		[binary, {active, false}, {packet, raw}]),
+	ok = gen_tcp:send(Socket, ranch_proxy_header:header(ProxyInfo)),
+	do_proxy_header_http_common({raw_client, Socket, gen_tcp}, ProxyInfo).
+
+do_proxy_header_https(Config, ProxyInfo) ->
+	{ok, Socket0} = gen_tcp:connect("localhost", config(port, Config),
+		[binary, {active, false}, {packet, raw}]),
+	ok = gen_tcp:send(Socket0, ranch_proxy_header:header(ProxyInfo)),
+	{ok, Socket} = ssl:connect(Socket0, [], 1000),
+	do_proxy_header_http_common({raw_client, Socket, ssl}, ProxyInfo).
+
+do_proxy_header_http_common(Client, ProxyInfo) ->
+	ok = raw_send(Client,
+		"GET /direct/proxy_header HTTP/1.1\r\n"
+		"Host: localhost\r\n"
+		"\r\n"),
+	{_, 200, _, Rest0} = cow_http:parse_status_line(raw_recv_head(Client)),
+	{Headers, Body0} = cow_http:parse_headers(Rest0),
+	{_, LenBin} = lists:keyfind(<<"content-length">>, 1, Headers),
+	Len = binary_to_integer(LenBin),
+	Body = if
+		byte_size(Body0) =:= Len -> Body0;
+		true ->
+			{ok, Body1} = raw_recv(Client, Len - byte_size(Body0), 5000),
+			<<Body0/bits, Body1/bits>>
+	end,
+	ProxyInfo = do_parse_term(Body),
+	ok.
+
+do_proxy_header_h2(Config, ProxyInfo) ->
+	{ok, Socket0} = gen_tcp:connect("localhost", config(port, Config),
+		[binary, {active, false}, {packet, raw}]),
+	ok = gen_tcp:send(Socket0, ranch_proxy_header:header(ProxyInfo)),
+	{ok, Socket} = ssl:connect(Socket0, [{alpn_advertised_protocols, [<<"h2">>]}], 1000),
+	do_proxy_header_h2_common({raw_client, Socket, ssl}, ProxyInfo).
+
+do_proxy_header_h2c(Config, ProxyInfo) ->
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config),
+		[binary, {active, false}, {packet, raw}]),
+	ok = gen_tcp:send(Socket, ranch_proxy_header:header(ProxyInfo)),
+	do_proxy_header_h2_common({raw_client, Socket, gen_tcp}, ProxyInfo).
+
+do_proxy_header_h2c_upgrade(Config, ProxyInfo) ->
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config),
+		[binary, {active, false}, {packet, raw}]),
+	ok = gen_tcp:send(Socket, ranch_proxy_header:header(ProxyInfo)),
+	Client = {raw_client, Socket, gen_tcp},
+	ok = raw_send(Client, [
+		"GET /direct/proxy_header HTTP/1.1\r\n"
+		"Host: localhost\r\n"
+		"Connection: Upgrade, HTTP2-Settings\r\n"
+		"Upgrade: h2c\r\n"
+		"HTTP2-Settings: ", base64:encode(iolist_to_binary(cow_http2:settings_payload(#{}))), "\r\n"
+		"\r\n"]),
+	ok = do_recv_101(Client),
+	%% Receive the server preface.
+	{ok, <<PrefaceLen:24>>} = raw_recv(Client, 3, 1000),
+	{ok, <<4:8, 0:40, _:PrefaceLen/binary>>} = raw_recv(Client, 6 + PrefaceLen, 1000),
+	do_proxy_header_h2_response_common(Client, ProxyInfo),
+	ok.
+
+do_proxy_header_h2_common(Client, ProxyInfo) ->
+	%% Send a valid preface.
+	ok = raw_send(Client, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
+	%% Receive the server preface.
+	{ok, <<PrefaceLen:24>>} = raw_recv(Client, 3, 1000),
+	{ok, <<4:8, 0:40, _:PrefaceLen/binary>>} = raw_recv(Client, 6 + PrefaceLen, 1000),
+	%% Send the SETTINGS ack.
+	ok = raw_send(Client, cow_http2:settings_ack()),
+	%% Receive the SETTINGS ack.
+	{ok, <<0:24, 4:8, 1:8, 0:32>>} = raw_recv(Client, 9, 1000),
+	%% Send a GET request.
+	{HeadersBlock, _} = cow_hpack:encode([
+		{<<":method">>, <<"GET">>},
+		{<<":scheme">>, <<"http">>},
+		{<<":authority">>, <<"localhost">>}, %% @todo Correct port number.
+		{<<":path">>, <<"/direct/proxy_header">>}
+	]),
+	Len = iolist_size(HeadersBlock),
+	ok = raw_send(Client, [
+		<<Len:24, 1:8,
+			0:2, %% Undefined.
+			0:1, %% PRIORITY.
+			0:1, %% Undefined.
+			0:1, %% PADDED.
+			1:1, %% END_HEADERS.
+			0:1, %% Undefined.
+			1:1, %% END_STREAM.
+			0:1, 1:31>>,
+		HeadersBlock
+	]),
+	do_proxy_header_h2_response_common(Client, ProxyInfo).
+
+do_proxy_header_h2_response_common(Client, ProxyInfo) ->
+	%% Receive a response with the proxy header data.
+	{ok, <<SkipLen:24, 1:8, _:8, 1:32>>} = raw_recv(Client, 9, 1000),
+	{ok, _} = raw_recv(Client, SkipLen, 1000),
+	{ok, <<BodyLen:24, 0:8, 1:8, 1:32>>} = raw_recv(Client, 9, 1000),
+	{ok, Body} = raw_recv(Client, BodyLen, 1000),
+	ProxyInfo = do_parse_term(Body),
+	ok.
+
+do_parse_term(Body) ->
+	{ok, Tokens, _} = erl_scan:string(binary_to_list(Body) ++ "."),
+	{ok, Exprs} = erl_parse:parse_exprs(Tokens),
+	{value, Term, _} = erl_eval:exprs(Exprs, erl_eval:new_bindings()),
+	Term.
+
+%% Match directly for now.
+do_recv_101(Client) ->
+	{ok, <<
+		"HTTP/1.1 101 Switching Protocols\r\n"
+		"connection: Upgrade\r\n"
+		"upgrade: h2c\r\n"
+		"\r\n"
+	>>} = raw_recv(Client, 71, 1000),
+	ok.