MINOR: quic: ignore address migration during handshake

QUIC protocol support address migration which allows to maintain the
connection even if client has changed its network address. This is done
through address migration.

RFC 9000 stipulates that address migration is forbidden before handshake
has been completed. Add a check for this : drop silently every datagram
if client network address has changed until handshake completion.

This commit is one of the first steps towards QUIC connection migration
support.

This should be backported up to 2.7.

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 17f31ebc7a4befe58bb261412a0dfa104c71cbc0..5a011eb5f8f18c44f2359a7d957011c13fa8d4e5 100644 (file)
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -6323,6 +6323,18 @@ static int qc_handle_conn_migration(struct quic_conn *qc,
 {
        TRACE_ENTER(QUIC_EV_CONN_LPKT, qc);
 
+       /* RFC 9000 9. Connection Migration
+        *
+        * The design of QUIC relies on endpoints retaining a stable address for
+        * the duration of the handshake.  An endpoint MUST NOT initiate
+        * connection migration before the handshake is confirmed, as defined in
+        * Section 4.1.2 of [QUIC-TLS].
+        */
+       if (qc->state < QUIC_HS_ST_COMPLETE) {
+               TRACE_STATE("Connection migration during handshake rejected", QUIC_EV_CONN_LPKT, qc);
+               goto err;
+       }
+
        /* RFC 9000 9. Connection Migration
         *
         * TODO