MINOR: quic: ignore address migration during handshake

QUIC protocol support address migration which allows to maintain the connection even if client has changed its network address. This is done through address migration. RFC 9000 stipulates that address migration is forbidden before handshake has been completed. Add a check for this : drop silently every datagram if client network address has changed until handshake completion. This commit is one of the first steps towards QUIC connection migration support. This should be backported up to 2.7.
2025-01-02 02:02:03 +00:00 · 2022-11-21 11:14:45 +01:00 · 2022-11-21 11:14:45 +01:00 · eb6be98a65
commit eb6be98a65
parent eec0b3c1bd
1 changed files with 12 additions and 0 deletions
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@ -6323,6 +6323,18 @@ static int qc_handle_conn_migration(struct quic_conn *qc,
 {
 	TRACE_ENTER(QUIC_EV_CONN_LPKT, qc);

+	/* RFC 9000 9. Connection Migration
+	 *
+	 * The design of QUIC relies on endpoints retaining a stable address for
+	 * the duration of the handshake.  An endpoint MUST NOT initiate
+	 * connection migration before the handshake is confirmed, as defined in
+	 * Section 4.1.2 of [QUIC-TLS].
+	 */
+	if (qc->state < QUIC_HS_ST_COMPLETE) {
+		TRACE_STATE("Connection migration during handshake rejected", QUIC_EV_CONN_LPKT, qc);
+		goto err;
+	}
+
 	/* RFC 9000 9. Connection Migration
 	 *
 	 * TODO