From eb6be98a65c1ab2e89b60fef5fea2f2a2a5e9b82 Mon Sep 17 00:00:00 2001
From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Mon, 21 Nov 2022 11:14:45 +0100
Subject: [PATCH] MINOR: quic: ignore address migration during handshake

QUIC protocol support address migration which allows to maintain the
connection even if client has changed its network address. This is done
through address migration.

RFC 9000 stipulates that address migration is forbidden before handshake
has been completed. Add a check for this : drop silently every datagram
if client network address has changed until handshake completion.

This commit is one of the first steps towards QUIC connection migration
support.

This should be backported up to 2.7.
---
 src/quic_conn.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 17f31ebc7..5a011eb5f 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -6323,6 +6323,18 @@ static int qc_handle_conn_migration(struct quic_conn *qc,
 {
 	TRACE_ENTER(QUIC_EV_CONN_LPKT, qc);
 
+	/* RFC 9000 9. Connection Migration
+	 *
+	 * The design of QUIC relies on endpoints retaining a stable address for
+	 * the duration of the handshake.  An endpoint MUST NOT initiate
+	 * connection migration before the handshake is confirmed, as defined in
+	 * Section 4.1.2 of [QUIC-TLS].
+	 */
+	if (qc->state < QUIC_HS_ST_COMPLETE) {
+		TRACE_STATE("Connection migration during handshake rejected", QUIC_EV_CONN_LPKT, qc);
+		goto err;
+	}
+
 	/* RFC 9000 9. Connection Migration
 	 *
 	 * TODO