MINOR: quic: ignore address migration during handshake
QUIC protocol support address migration which allows to maintain the
connection even if client has changed its network address. This is done
through address migration.
RFC 9000 stipulates that address migration is forbidden before handshake
has been completed. Add a check for this : drop silently every datagram
if client network address has changed until handshake completion.
This commit is one of the first steps towards QUIC connection migration
support.
This should be backported up to 2.7.
diff --git a/src/quic_conn.c b/src/quic_conn.c
index 17f31eb..5a011eb 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -6325,6 +6325,18 @@
/* RFC 9000 9. Connection Migration
*
+ * The design of QUIC relies on endpoints retaining a stable address for
+ * the duration of the handshake. An endpoint MUST NOT initiate
+ * connection migration before the handshake is confirmed, as defined in
+ * Section 4.1.2 of [QUIC-TLS].
+ */
+ if (qc->state < QUIC_HS_ST_COMPLETE) {
+ TRACE_STATE("Connection migration during handshake rejected", QUIC_EV_CONN_LPKT, qc);
+ goto err;
+ }
+
+ /* RFC 9000 9. Connection Migration
+ *
* TODO
* An endpoint MUST
* perform path validation (Section 8.2) if it detects any change to a