From 6fc86974cf18a54f5832cc85a1edb3392dfc5e05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Thu, 12 Jan 2023 08:29:23 +0100 Subject: [PATCH] MINOR: quic: Disable the active connection migrations Set "disable_active_migration" transport parameter to inform the peer haproxy listeners does not the connection migration feature. Also drop all received datagrams with a modified source address. Must be backported to 2.7. --- src/quic_conn.c | 13 +++++++++++++ src/quic_tp.c | 4 +++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/src/quic_conn.c b/src/quic_conn.c index 72b8439cd..018ccfd21 100644 --- a/src/quic_conn.c +++ b/src/quic_conn.c @@ -6360,6 +6360,19 @@ static int qc_handle_conn_migration(struct quic_conn *qc, { TRACE_ENTER(QUIC_EV_CONN_LPKT, qc); + /* RFC 9000. Connection Migration + * + * If the peer sent the disable_active_migration transport parameter, + * an endpoint also MUST NOT send packets (including probing packets; + * see Section 9.1) from a different local address to the address the peer + * used during the handshake, unless the endpoint has acted on a + * preferred_address transport parameter from the peer. + */ + if (qc->li->bind_conf->quic_params.disable_active_migration) { + TRACE_ERROR("Active migration was disabled, datagram dropped", QUIC_EV_CONN_LPKT, qc); + goto err; + } + /* RFC 9000 9. Connection Migration * * The design of QUIC relies on endpoints retaining a stable address for diff --git a/src/quic_tp.c b/src/quic_tp.c index 78c456ae4..31111f2ca 100644 --- a/src/quic_tp.c +++ b/src/quic_tp.c @@ -70,8 +70,10 @@ void quic_transport_params_init(struct quic_transport_params *p, int server) p->initial_max_stream_data_uni = ncb_size; p->initial_max_data = (max_streams_bidi + max_streams_uni) * ncb_size; - if (server) + if (server) { p->with_stateless_reset_token = 1; + p->disable_active_migration = 1; + } p->active_connection_id_limit = 8;