MINOR: quic: detect connection migration Detect connection migration attempted by the client. This is done by comparing addresses stored in quic-conn with src/dest addresses of the UDP datagram. A new function qc_handle_conn_migration() has been added. For the moment, no operation is conducted and the function will be completed during connection migration implementation. The only notable things is the increment of a new counter "quic_conn_migration_done". This should be backported up to 2.7.

commit: eec0b3c1bdba757f427c5924ebd383633597300f [log] [tgz]
author: Amaury Denoyelle <adenoyelle@haproxy.com> Fri Dec 02 09:57:32 2022 +0100
committer: Amaury Denoyelle <adenoyelle@haproxy.com> Fri Dec 02 14:45:43 2022 +0100
tree: 5dab8d729bb353794402b7f4c62b00c2903d56d3
parent: 21e611dc894550293250cbacebc8e301ae90b124 [diff]
diff --git a/include/haproxy/quic_stats-t.h b/include/haproxy/quic_stats-t.h
index 95d0af9..56961e0 100644
--- a/include/haproxy/quic_stats-t.h
+++ b/include/haproxy/quic_stats-t.h

@@ -24,6 +24,8 @@
 	QUIC_ST_HALF_OPEN_CONN,
 	QUIC_ST_HDSHK_FAIL,
 	QUIC_ST_STATELESS_RESET_SENT,
+	/* Special events of interest */
+	QUIC_ST_CONN_MIGRATION_DONE,
 	/* Transport errors */
 	QUIC_ST_TRANSP_ERR_NO_ERROR,
 	QUIC_ST_TRANSP_ERR_INTERNAL_ERROR,
@@ -68,6 +70,8 @@
 	long long half_open_conn;    /* total number of half open connections */
 	long long hdshk_fail;        /* total number of handshake failures */
 	long long stateless_reset_sent; /* total number of handshake failures */
+	/* Special events of interest */
+	long long conn_migration_done; /* total number of connection migration handled */
 	/* Transport errors */
 	long long quic_transp_err_no_error; /* total number of NO_ERROR connection errors */
 	long long quic_transp_err_internal_error; /* total number of INTERNAL_ERROR connection errors */

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 2dd21b9..17f31eb 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c

@@ -6312,6 +6312,37 @@
 	return 1;
 }
 
+/* React to a connection migration initiated on <qc> by a client with the new
+ * path addresses <peer_addr>/<local_addr>.
+ *
+ * Returns 0 on success else non-zero.
+ */
+static int qc_handle_conn_migration(struct quic_conn *qc,
+                                    const struct sockaddr_storage *peer_addr,
+                                    const struct sockaddr_storage *local_addr)
+{
+	TRACE_ENTER(QUIC_EV_CONN_LPKT, qc);
+
+	/* RFC 9000 9. Connection Migration
+	 *
+	 * TODO
+	 * An endpoint MUST
+	 * perform path validation (Section 8.2) if it detects any change to a
+	 * peer's address, unless it has previously validated that address.
+	 */
+
+	qc->local_addr = *local_addr;
+	qc->peer_addr = *peer_addr;
+	HA_ATOMIC_INC(&qc->prx_counters->conn_migration_done);
+
+	TRACE_LEAVE(QUIC_EV_CONN_LPKT, qc);
+	return 0;
+
+ err:
+	TRACE_LEAVE(QUIC_EV_CONN_LPKT, qc);
+	return 1;
+}
+
 /* Handle a parsed packet <pkt> by the connection <qc>. Data will be copied
  * into <qc> receive buffer after header protection removal procedure.
  *
@@ -7315,6 +7346,17 @@
 			goto next;
 		}
 
+		/* Detect QUIC connection migration. */
+		if (ipcmp(&qc->peer_addr, &dgram->saddr, 1) ||
+		    ipcmp(&qc->local_addr, &dgram->daddr, 1)) {
+			if (qc_handle_conn_migration(qc, &dgram->saddr, &dgram->daddr)) {
+				/* Skip the entire datagram. */
+				TRACE_ERROR("error during connection migration, datagram dropped", QUIC_EV_CONN_LPKT, qc);
+				pkt->len = end - pos;
+				goto next;
+			}
+		}
+
 		qc_rx_pkt_handle(qc, pkt, dgram, pos, &tasklist_head);
 
  next:

diff --git a/src/quic_stats.c b/src/quic_stats.c
index 71820d2..7f1f2cd 100644
--- a/src/quic_stats.c
+++ b/src/quic_stats.c

@@ -33,6 +33,9 @@
 	                                  .desc = "Total number of handshake failures" },
 	[QUIC_ST_STATELESS_RESET_SENT] = { .name = "quic_stless_rst_sent",
 	                                  .desc = "Total number of stateless reset packet sent" },
+	/* Special events of interest */
+	[QUIC_ST_CONN_MIGRATION_DONE] = { .name = "quic_conn_migration_done",
+	                                  .desc = "Total number of connection migration proceeded" },
 	/* Transport errors */
 	[QUIC_ST_TRANSP_ERR_NO_ERROR] = { .name = "quic_transp_err_no_error",
 	                                  .desc = "Total number of NO_ERROR errors received" },
@@ -104,6 +107,8 @@
 	stats[QUIC_ST_HALF_OPEN_CONN]    = mkf_u64(FN_GAUGE, counters->half_open_conn);
 	stats[QUIC_ST_HDSHK_FAIL]        = mkf_u64(FN_COUNTER, counters->hdshk_fail);
 	stats[QUIC_ST_STATELESS_RESET_SENT] = mkf_u64(FN_COUNTER, counters->stateless_reset_sent);
+	/* Special events of interest */
+	stats[QUIC_ST_CONN_MIGRATION_DONE] = mkf_u64(FN_COUNTER, counters->conn_migration_done);
 	/* Transport errors */
 	stats[QUIC_ST_TRANSP_ERR_NO_ERROR]           = mkf_u64(FN_COUNTER, counters->quic_transp_err_no_error);
 	stats[QUIC_ST_TRANSP_ERR_INTERNAL_ERROR]     = mkf_u64(FN_COUNTER, counters->quic_transp_err_internal_error);
commit	eec0b3c1bdba757f427c5924ebd383633597300f	[log] [tgz]
author	Amaury Denoyelle <adenoyelle@haproxy.com>	Fri Dec 02 09:57:32 2022 +0100
committer	Amaury Denoyelle <adenoyelle@haproxy.com>	Fri Dec 02 14:45:43 2022 +0100
tree	5dab8d729bb353794402b7f4c62b00c2903d56d3
parent	21e611dc894550293250cbacebc8e301ae90b124 [diff]