MINOR: quic: Disable the active connection migrations

Set "disable_active_migration" transport parameter to inform the peer
haproxy listeners does not the connection migration feature.
Also drop all received datagrams with a modified source address.

Must be backported to 2.7.

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 72b8439cd4a4661a852f78955c9b802d2703975a..018ccfd2165f11b14bc0a112e1ff2261dd7b6fbe 100644 (file)
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -6360,6 +6360,19 @@ static int qc_handle_conn_migration(struct quic_conn *qc,
 {
        TRACE_ENTER(QUIC_EV_CONN_LPKT, qc);
 
+       /* RFC 9000. Connection Migration
+        *
+        * If the peer sent the disable_active_migration transport parameter,
+        * an endpoint also MUST NOT send packets (including probing packets;
+        * see Section 9.1) from a different local address to the address the peer
+        * used during the handshake, unless the endpoint has acted on a
+        * preferred_address transport parameter from the peer.
+        */
+       if (qc->li->bind_conf->quic_params.disable_active_migration) {
+               TRACE_ERROR("Active migration was disabled, datagram dropped", QUIC_EV_CONN_LPKT, qc);
+               goto err;
+       }
+
        /* RFC 9000 9. Connection Migration
         *
         * The design of QUIC relies on endpoints retaining a stable address for

diff --git a/src/quic_tp.c b/src/quic_tp.c
index 78c456ae48c0d1a4381b587b5002ca869999a378..31111f2ca1fdcef0014aa85146f4e052b35d1202 100644 (file)
--- a/src/quic_tp.c
+++ b/src/quic_tp.c
@@ -70,8 +70,10 @@ void quic_transport_params_init(struct quic_transport_params *p, int server)
        p->initial_max_stream_data_uni         = ncb_size;
        p->initial_max_data = (max_streams_bidi + max_streams_uni) * ncb_size;
 
-       if (server)
+       if (server) {
                p->with_stateless_reset_token  = 1;
+               p->disable_active_migration    = 1;
+       }
 
        p->active_connection_id_limit          = 8;