MINOR: quic: add BUG_ON() on half_open_conn counter access from BE

half_open_conn is a proxy counter used to account for quic_conn in
half-open state : this represents a connection whose address is not yet
validated (handshake successful, or via token validation).

This counter only has sense for the frontend side. Currently, code is
safe as access is only performed if quic_conn is not yet flagged with
QUIC_FL_CONN_PEER_VALIDATED_ADDR, which is always set for backend
connections.

To better reflect this, add a BUG_ON() when half_open_conn is
incremented/decremented to ensure this never occurs for backend
connections.

src/quic_conn.c

@@ -1665,7 +1665,8 @@ int quic_conn_release(struct quic_conn *qc)
 
 	/* Connection released before peer address validated. */
 	if (unlikely(!(qc->flags & QUIC_FL_CONN_PEER_VALIDATED_ADDR))) {
-		BUG_ON(!qc->prx_counters->half_open_conn);
+		/* half_open_conn counter must not be manipulated by BE conns. */
+		BUG_ON(qc_is_back(qc) || !qc->prx_counters->half_open_conn);
 		HA_ATOMIC_DEC(&qc->prx_counters->half_open_conn);
 	}
 

src/quic_rx.c

@@ -1357,7 +1357,8 @@ int qc_treat_rx_pkts(struct quic_conn *qc)
 						TRACE_STATE("validate peer address on handshake packet",
 						            QUIC_EV_CONN_RXPKT, qc, pkt);
 						qc->flags |= QUIC_FL_CONN_PEER_VALIDATED_ADDR;
-						BUG_ON(!qc->prx_counters->half_open_conn);
+						/* half_open_conn counter must not be manipulated by BE conns. */
+						BUG_ON(qc_is_back(qc) || !qc->prx_counters->half_open_conn);
 						HA_ATOMIC_DEC(&qc->prx_counters->half_open_conn);
 					}