Protocols

RelayCore is an L7 proxy: it parses, inspects, and rewrites application-layer protocols. Lower-layer transport is TCP (for HTTP/HTTPS/WebSocket); UDP is supported only in the transparent proxy path.

HTTP/1.1

Fully supported. Request/response headers, chunked encoding, Transfer-Encoding, bidirectional keep-alive, and streaming bodies are all parsed. Rules and scripts apply uniformly to headers and bodies.

HTTP/2

Fully supported. The client ↔ RelayCore leg can be HTTP/1.1 or HTTP/2 depending on the client and ALPN negotiation. RelayCore ↔ upstream uses the same protocol version. Header compression (HPACK) is fully decompressed internally — rules operate on decoded pseudo-headers (:method, :path, :scheme, :authority).

HTTPS / TLS

MITM interception is performed for all HTTP-over-TLS traffic using dynamically-issued certificates (see Certificates). Upstream certificates are validated by default; in the replay endpoint you can pass ?accept_invalid_certs=true to skip verification (debug only).

WebSocket

Fully supported. RFC 6455. RelayCore parses the handshake, registers a Layer::WebSocket flow, and provides per-message inspection and modification:

  • Each message records direction (incoming / outgoing), opcode (text / binary / ping / pong / close / continuation), and content (encoding, size, base64 body).
  • Rules can use MockWebSocketMessage and DropWebSocketMessage.
  • The script hook onWebSocketMessage can read and rewrite every message.
  • The TUI's Messages detail tab displays the message log in real time.
  • Large messages may trigger a ws-message-budget-exceeded event to bound memory usage.

QUIC / HTTP/3

QUIC runs over UDP; modern browsers prefer it when available. RelayCore controls this via ProxyPolicy.quic_mode:

ModeDescription
Downgrade (default)Sends Alt-Svc clearing responses with Clear-Site-Data to force the client to fall back to HTTP/2 or HTTP/1.1. Set quic_downgrade_clear_cache=true to also clear the cache.
PassthroughNo intervention; QUIC traffic is forwarded as-is (invisible and immutable).
ExperimentalMitmExperimental HTTP/3 MITM. Requires the quic_mitm_experimental feature flag; not yet production-ready.

QUIC modes do not produce visible flow records except Downgrade, where requests that triggered Alt-Svc clearing are recorded as normal flows with has_error=false.

TCP / UDP (transparent proxy)

  • TCP: redirected traffic is parsed as HTTP/1.1. Raw TCP (non-HTTP) connections are rejected and recorded as errors.
  • UDP: forwarded via --udp-tproxy-port (Linux only, requires IP_TRANSPARENT). No parsing, just forwarding.

Unsupported protocols

  • Custom protocols over raw TCP (non-HTTP): RelayCore does not parse them. In transparent mode such connections will fail.
  • gRPC over HTTP/2: transparent at the HTTP/2 layer, but gRPC protobuf payloads are opaque — your scripts can read the bytes but won't decode them.
  • SSE (Server-Sent Events): long-lived HTTP/1.1. RelayCore uses SSE on its own GET /api/v1/events endpoint; external SSE traffic is recorded as plain HTTP without per-event boundaries.