MINOR: quic: Disable the active connection migrations
Set "disable_active_migration" transport parameter to inform the peer
haproxy listeners does not the connection migration feature.
Also drop all received datagrams with a modified source address.
Must be backported to 2.7.
diff --git a/src/quic_conn.c b/src/quic_conn.c
index 72b8439..018ccfd 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -6360,6 +6360,19 @@
{
TRACE_ENTER(QUIC_EV_CONN_LPKT, qc);
+ /* RFC 9000. Connection Migration
+ *
+ * If the peer sent the disable_active_migration transport parameter,
+ * an endpoint also MUST NOT send packets (including probing packets;
+ * see Section 9.1) from a different local address to the address the peer
+ * used during the handshake, unless the endpoint has acted on a
+ * preferred_address transport parameter from the peer.
+ */
+ if (qc->li->bind_conf->quic_params.disable_active_migration) {
+ TRACE_ERROR("Active migration was disabled, datagram dropped", QUIC_EV_CONN_LPKT, qc);
+ goto err;
+ }
+
/* RFC 9000 9. Connection Migration
*
* The design of QUIC relies on endpoints retaining a stable address for
diff --git a/src/quic_tp.c b/src/quic_tp.c
index 78c456a..31111f2 100644
--- a/src/quic_tp.c
+++ b/src/quic_tp.c
@@ -70,8 +70,10 @@
p->initial_max_stream_data_uni = ncb_size;
p->initial_max_data = (max_streams_bidi + max_streams_uni) * ncb_size;
- if (server)
+ if (server) {
p->with_stateless_reset_token = 1;
+ p->disable_active_migration = 1;
+ }
p->active_connection_id_limit = 8;