As specified by RFC 9000, reject NEW_TOKEN frames emitted by clients.
Close the connection with error code PROTOCOL_VIOLATION.
This must be backported up to 2.6.
break;
case QUIC_FT_NEW_TOKEN:
- /* TODO */
+ if (qc_is_listener(qc)) {
+ TRACE_ERROR("reject NEW_TOKEN frame emitted by client",
+ QUIC_EV_CONN_PRSHPKT, qc);
+
+ /* RFC 9000 19.7. NEW_TOKEN Frames
+ * Clients MUST NOT send NEW_TOKEN frames. A server MUST treat receipt
+ * of a NEW_TOKEN frame as a connection error of type
+ * PROTOCOL_VIOLATION.
+ */
+ quic_set_connection_close(qc, quic_err_transport(QC_ERR_PROTOCOL_VIOLATION));
+ goto err;
+ }
+ else {
+ /* TODO */
+ }
break;
case QUIC_FT_STREAM_8 ... QUIC_FT_STREAM_F:
{
projects / thirdparty / haproxy.git / commitdiff
