From 08cc37a55406a5dde9f7392315d28d523fa34af3 Mon Sep 17 00:00:00 2001
From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Mon, 30 Mar 2026 09:38:13 +0200
Subject: [PATCH] BUG/MINOR: quic: close conn on packet reception with
 incompatible frame

RFC 9000 lists each supported frames and the type of packets in which it
can be present.

Prior to this patch, a packet with an incompatible frame is dropped.
However, QUIC specification mandates that the connection is immediately
closed with PROTOCOL_VIOLATION error code. This patch completes
qc_parse_frm() to add such connection closure.

This must be backported up to 2.6.
---
 src/quic_frame.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/quic_frame.c b/src/quic_frame.c
index 963cf5728..d92e1d661 100644
--- a/src/quic_frame.c
+++ b/src/quic_frame.c
@@ -1185,7 +1185,14 @@ int qc_parse_frm(struct quic_frame *frm, struct quic_rx_packet *pkt,
 
 	parser = qf_parser(frm->type);
 	if (!(parser->mask & (1U << pkt->type))) {
+		/* RFC 9000 12.4. Frames and Frame Types
+		 *
+		 * An endpoint MUST treat
+		 * receipt of a frame in a packet type that is not permitted as a
+		 * connection error of type PROTOCOL_VIOLATION.
+		 */
 		TRACE_DEVEL("unauthorized frame", QUIC_EV_CONN_PRSFRM, qc, frm);
+		quic_set_connection_close(qc, quic_err_transport(QC_ERR_PROTOCOL_VIOLATION));
 		goto leave;
 	}