Detailed Description of the Problem

What happens:

1. At ~1s, the NAT simulator rebinds the client's external port from 54912 → 57607
2. HAProxy uses a connected UDP socket (connect(2)) locked to 193.167.0.100:54912. The kernel silently drops packets from port 57607 on that socket; they land on the listener socket instead
3. HAProxy's listener socket receives the DCID-matched packets from port 57607, but never updates the connection's peer_addr — it remains 193.167.0.100:54912 for the entire duration
4. HAProxy keeps sending all STREAM data to the old port 54912. The simulator drops every one ("unknown binding for destination 193.167.0.100:54912")
5. neqo fires PTO probes at 3.9s, 7.5s, 14.8s, 29.2s, then the 30s idle timeout kills the connection

The RFC violation: RFC 9000 Section 18.2 states that even when a server sets disable_active_migration (which HAProxy does via no_act_migr), it "can still respond to packets from a new peer address." The disable_active_migration parameter only prohibits initiating migration — it does not excuse ignoring NAT rebinding. HAProxy appears to be treating the parameter too broadly, suppressing all address-change handling.

Expected Behavior

I would have expected a port rebinding to not break the connection.

Steps to Reproduce the Behavior

quic-interop-runner

Do you have any idea what may have caused this?

No response

Do you have an idea how to solve the issue?

No response

What is your configuration?

quic-interop-runner

Output of haproxy -vv

No idea, whatever is in quic-interop-runner.

Last Outputs and Backtraces

Additional Information

No response