golang
diff --git a/‎internal/http3/http3.go
+86 b/‎internal/http3/http3.go
+86
diff --git a/‎internal/http3/quic_test.go
+235 b/‎internal/http3/quic_test.go
+235
@@ -0,0 +1,86 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.24
+
+package http3
+
+import "fmt"
+
+// Stream types.
+//
+// For unidirectional streams, the value is the stream type sent over the wire.
+//
+// For bidirectional streams (which are always request streams),
+// the value is arbitrary and never sent on the wire.
+type streamType int64
+
+const (
+	// Bidirectional request stream.
+	// All bidirectional streams are request streams.
+	// This stream type is never sent over the wire.
+	//
+	// https://www.rfc-editor.org/rfc/rfc9114.html#section-6.1
+	streamTypeRequest = streamType(-1)
+
+	// https://www.rfc-editor.org/rfc/rfc9114.html#section-6.2
+	streamTypeControl = streamType(0x00)
+	streamTypePush    = streamType(0x01)
+
+	// https://www.rfc-editor.org/rfc/rfc9204.html#section-4.2
+	streamTypeEncoder = streamType(0x02)
+	streamTypeDecoder = streamType(0x03)
+)
+
+func (stype streamType) String() string {
+	switch stype {
+	case streamTypeRequest:
+		return "request"
+	case streamTypeControl:
+		return "control"
+	case streamTypePush:
+		return "push"
+	case streamTypeEncoder:
+		return "encoder"
+	case streamTypeDecoder:
+		return "decoder"
+	default:
+		return "unknown"
+	}
+}
+
+// Frame types.
+type frameType int64
+
+const (
+	// https://www.rfc-editor.org/rfc/rfc9114.html#section-7.2
+	frameTypeData        = frameType(0x00)
+	frameTypeHeaders     = frameType(0x01)
+	frameTypeCancelPush  = frameType(0x03)
+	frameTypeSettings    = frameType(0x04)
+	frameTypePushPromise = frameType(0x05)
+	frameTypeGoaway      = frameType(0x07)
+	frameTypeMaxPushID   = frameType(0x0d)
+)
+
+func (ftype frameType) String() string {
+	switch ftype {
+	case frameTypeData:
+		return "DATA"
+	case frameTypeHeaders:
+		return "HEADERS"
+	case frameTypeCancelPush:
+		return "CANCEL_PUSH"
+	case frameTypeSettings:
+		return "SETTINGS"
+	case frameTypePushPromise:
+		return "PUSH_PROMISE"
+	case frameTypeGoaway:
+		return "GOAWAY"
+	case frameTypeMaxPushID:
+		return "MAX_PUSH_ID"
+	default:
+		return fmt.Sprintf("UNKNOWN_%d", int64(ftype))
+	}
+}
@@ -0,0 +1,235 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.24
+
+package http3
+
+import (
+	"bytes"
+	"context"
+	"crypto/tls"
+	"net"
+	"net/netip"
+	"runtime"
+	"sync"
+	"testing"
+	"time"
+
+	"golang.org/x/net/internal/gate"
+	"golang.org/x/net/internal/testcert"
+	"golang.org/x/net/quic"
+)
+
+// newLocalQUICEndpoint returns a QUIC Endpoint listening on localhost.
+func newLocalQUICEndpoint(t *testing.T) *quic.Endpoint {
+	t.Helper()
+	switch runtime.GOOS {
+	case "plan9":
+		t.Skipf("ReadMsgUDP not supported on %s", runtime.GOOS)
+	}
+	conf := &quic.Config{
+		TLSConfig: testTLSConfig,
+	}
+	e, err := quic.Listen("udp", "127.0.0.1:0", conf)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(func() {
+		e.Close(context.Background())
+	})
+	return e
+}
+
+// newQUICEndpointPair returns two QUIC endpoints on the same test network.
+func newQUICEndpointPair(t testing.TB) (e1, e2 *quic.Endpoint) {
+	config := &quic.Config{
+		TLSConfig: testTLSConfig,
+	}
+	tn := &testNet{}
+	pc1 := tn.newPacketConn()
+	e1, err := quic.NewEndpoint(pc1, config)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(func() {
+		e1.Close(t.Context())
+	})
+	pc2 := tn.newPacketConn()
+	e2, err = quic.NewEndpoint(pc2, config)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(func() {
+		e2.Close(t.Context())
+	})
+	return e1, e2
+}
+
+// newQUICStreamPair returns the two sides of a bidirectional QUIC stream.
+func newQUICStreamPair(t testing.TB) (s1, s2 *quic.Stream) {
+	t.Helper()
+	config := &quic.Config{
+		TLSConfig: testTLSConfig,
+	}
+	e1, e2 := newQUICEndpointPair(t)
+	c1, err := e1.Dial(context.Background(), "udp", e2.LocalAddr().String(), config)
+	if err != nil {
+		t.Fatal(err)
+	}
+	c2, err := e2.Accept(context.Background())
+	if err != nil {
+		t.Fatal(err)
+	}
+	s1, err = c1.NewStream(context.Background())
+	if err != nil {
+		t.Fatal(err)
+	}
+	s1.Flush()
+	s2, err = c2.AcceptStream(context.Background())
+	if err != nil {
+		t.Fatal(err)
+	}
+	return s1, s2
+}
+
+// A testNet is a fake network of net.PacketConns.
+type testNet struct {
+	mu    sync.Mutex
+	conns map[netip.AddrPort]*testPacketConn
+}
+
+// newPacketConn returns a new PacketConn with a unique source address.
+func (tn *testNet) newPacketConn() *testPacketConn {
+	tn.mu.Lock()
+	defer tn.mu.Unlock()
+	if tn.conns == nil {
+		tn.conns = make(map[netip.AddrPort]*testPacketConn)
+	}
+	localAddr := netip.AddrPortFrom(
+		netip.AddrFrom4([4]byte{
+			127, 0, 0, byte(len(tn.conns)),
+		}),
+		443)
+	tc := &testPacketConn{
+		tn:        tn,
+		localAddr: localAddr,
+		gate:      gate.New(false),
+	}
+	tn.conns[localAddr] = tc
+	return tc
+}
+
+// connForAddr returns the conn with the given source address.
+func (tn *testNet) connForAddr(srcAddr netip.AddrPort) *testPacketConn {
+	tn.mu.Lock()
+	defer tn.mu.Unlock()
+	return tn.conns[srcAddr]
+}
+
+// A testPacketConn is a net.PacketConn on a testNet fake network.
+type testPacketConn struct {
+	tn        *testNet
+	localAddr netip.AddrPort
+
+	gate   gate.Gate
+	queue  []testPacket
+	closed bool
+}
+
+type testPacket struct {
+	b   []byte
+	src netip.AddrPort
+}
+
+func (tc *testPacketConn) unlock() {
+	tc.gate.Unlock(tc.closed || len(tc.queue) > 0)
+}
+
+func (tc *testPacketConn) ReadFrom(p []byte) (n int, srcAddr net.Addr, err error) {
+	if err := tc.gate.WaitAndLock(context.Background()); err != nil {
+		return 0, nil, err
+	}
+	defer tc.unlock()
+	if tc.closed {
+		return 0, nil, net.ErrClosed
+	}
+	n = copy(p, tc.queue[0].b)
+	srcAddr = net.UDPAddrFromAddrPort(tc.queue[0].src)
+	tc.queue = tc.queue[1:]
+	return n, srcAddr, nil
+}
+
+func (tc *testPacketConn) WriteTo(p []byte, dstAddr net.Addr) (n int, err error) {
+	tc.gate.Lock()
+	closed := tc.closed
+	tc.unlock()
+	if closed {
+		return 0, net.ErrClosed
+	}
+
+	ap, err := addrPortFromAddr(dstAddr)
+	if err != nil {
+		return 0, err
+	}
+	dst := tc.tn.connForAddr(ap)
+	if dst == nil {
+		return len(p), nil // sent into the void
+	}
+	dst.gate.Lock()
+	defer dst.unlock()
+	dst.queue = append(dst.queue, testPacket{
+		b:   bytes.Clone(p),
+		src: tc.localAddr,
+	})
+	return len(p), nil
+}
+
+func (tc *testPacketConn) Close() error {
+	tc.tn.mu.Lock()
+	tc.tn.conns[tc.localAddr] = nil
+	tc.tn.mu.Unlock()
+
+	tc.gate.Lock()
+	defer tc.unlock()
+	tc.closed = true
+	tc.queue = nil
+	return nil
+}
+
+func (tc *testPacketConn) LocalAddr() net.Addr {
+	return net.UDPAddrFromAddrPort(tc.localAddr)
+}
+
+func (tc *testPacketConn) SetDeadline(time.Time) error      { panic("unimplemented") }
+func (tc *testPacketConn) SetReadDeadline(time.Time) error  { panic("unimplemented") }
+func (tc *testPacketConn) SetWriteDeadline(time.Time) error { panic("unimplemented") }
+
+func addrPortFromAddr(addr net.Addr) (netip.AddrPort, error) {
+	switch a := addr.(type) {
+	case *net.UDPAddr:
+		return a.AddrPort(), nil
+	}
+	return netip.ParseAddrPort(addr.String())
+}
+
+var testTLSConfig = &tls.Config{
+	InsecureSkipVerify: true,
+	CipherSuites: []uint16{
+		tls.TLS_AES_128_GCM_SHA256,
+		tls.TLS_AES_256_GCM_SHA384,
+		tls.TLS_CHACHA20_POLY1305_SHA256,
+	},
+	MinVersion:   tls.VersionTLS13,
+	Certificates: []tls.Certificate{testCert},
+	NextProtos:   []string{"h3"},
+}
+
+var testCert = func() tls.Certificate {
+	cert, err := tls.X509KeyPair(testcert.LocalhostCert, testcert.LocalhostKey)
+	if err != nil {
+		panic(err)
+	}
+	return cert
+}()