HTTP/3 input validation and connection abort (#29665)

* Connection error for invalid HTTP/3 frame on request stream

* Update src/Servers/Kestrel/Core/src/CoreStrings.resx

* Write frame types and errors codes in logs as per spec

* Clean up

* Add HTTP/3 connection exception with code

* Connection abort

* More abort connection stuff

* More test

* More tests

* PR feedback

Author: JamesNK

src/Servers/Kestrel/Core/src/CoreStrings.resx

@@ -654,9 +654,30 @@ For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?l
     <value>An error occurred after the response headers were sent, a reset is being sent.</value>
   </data>
   <data name="Http3StreamErrorDataReceivedBeforeHeaders" xml:space="preserve">
-    <value>The client sent a DATA frame before the HEADERS frame.</value>
+    <value>The client sent a DATA frame to a request stream before the HEADERS frame.</value>
   </data>
   <data name="Http3StreamErrorFrameReceivedAfterTrailers" xml:space="preserve">
     <value>The client sent a {frameType} frame after trailing HEADERS.</value>
   </data>
-</root>
+  <data name="Http3ErrorUnsupportedFrameOnRequestStream" xml:space="preserve">
+    <value>The client sent a {frameType} frame to a request stream which isn't supported.</value>
+  </data>
+  <data name="Http3ErrorUnsupportedFrameOnServer" xml:space="preserve">
+    <value>The client sent a {frameType} frame to the server which isn't supported.</value>
+  </data>
+  <data name="Http3ErrorUnsupportedFrameOnControlStream" xml:space="preserve">
+    <value>The client sent a {frameType} frame to a control stream which isn't supported.</value>
+  </data>
+  <data name="Http3ErrorControlStreamMultipleSettingsFrames" xml:space="preserve">
+    <value>The client sent a SETTINGS frame to a control stream that already has settings.</value>
+  </data>
+  <data name="Http3ErrorControlStreamFrameReceivedBeforeSettings" xml:space="preserve">
+    <value>The client sent a {frameType} frame to a control stream before the SETTINGS frame.</value>
+  </data>
+  <data name="Http3ErrorControlStreamReservedSetting" xml:space="preserve">
+    <value>The client sent a reserved setting identifier: {identifier}</value>
+  </data>
+  <data name="Http3ControlStreamErrorMultipleInboundStreams" xml:space="preserve">
+    <value>The client created multiple inbound {streamType} streams for the connection.</value>
+  </data>
+</root>

src/Servers/Kestrel/Core/src/Internal/Http3/Frames/Http3RawFrame.cs

@@ -1,6 +1,8 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http3;
+
 namespace System.Net.Http
 {
     internal partial class Http3RawFrame
@@ -9,9 +11,11 @@ internal partial class Http3RawFrame
 
         public Http3FrameType Type { get; internal set; }
 
+        public string FormattedType => Http3Formatting.ToFormattedType(Type);
+
         public override string ToString()
         {
-            return $"{Type} Length: {Length}";
+            return $"{FormattedType} Length: {Length}";
         }
     }
 }

src/Servers/Kestrel/Core/src/Internal/Http3/Http3Connection.cs

@@ -39,7 +39,7 @@ internal class Http3Connection : ITimeoutHandler
 
         private readonly Http3PeerSettings _serverSettings = new Http3PeerSettings();
         private readonly StreamCloseAwaitable _streamCompletionAwaitable = new StreamCloseAwaitable();
-
+        private readonly IProtocolErrorCodeFeature _errorCodeFeature;
 
         public Http3Connection(Http3ConnectionContext context)
         {
@@ -49,6 +49,8 @@ public Http3Connection(Http3ConnectionContext context)
             _timeoutControl = new TimeoutControl(this);
             _context.TimeoutControl ??= _timeoutControl;
 
+            _errorCodeFeature = context.ConnectionFeatures.Get<IProtocolErrorCodeFeature>()!;
+
             var httpLimits = context.ServiceContext.ServerOptions.Limits;
 
             _serverSettings.HeaderTableSize = (uint)httpLimits.Http3.HeaderTableSize;
@@ -76,6 +78,7 @@ internal long HighestStreamId
         public Http3ControlStream? ControlStream { get; set; }
         public Http3ControlStream? EncoderStream { get; set; }
         public Http3ControlStream? DecoderStream { get; set; }
+        public string ConnectionId => _context.ConnectionId;
 
         public async Task ProcessStreamsAsync<TContext>(IHttpApplication<TContext> httpApplication) where TContext : notnull
         {
@@ -163,7 +166,7 @@ private bool TryClose()
             return false;
         }
 
-        public void Abort(ConnectionAbortedException ex)
+        public void Abort(ConnectionAbortedException ex, Http3ErrorCode errorCode)
         {
             bool previousState;
 
@@ -180,6 +183,7 @@ public void Abort(ConnectionAbortedException ex)
                     SendGoAway(_highestOpenedStreamId);
                 }
 
+                _errorCodeFeature.Error = (long)errorCode;
                 _multiplexedContext.Abort(ex);
             }
         }
@@ -326,9 +330,8 @@ internal async Task InnerProcessStreamsAsync<TContext>(IHttpApplication<TContext
                 Log.RequestProcessingError(_context.ConnectionId, ex);
                 error = ex;
             }
-            catch (Http3ConnectionException ex)
+            catch (Http3ConnectionErrorException ex)
             {
-                // TODO Connection error code?
                 Log.Http3ConnectionError(_context.ConnectionId, ex);
                 error = ex;
             }
@@ -352,7 +355,7 @@ internal async Task InnerProcessStreamsAsync<TContext>(IHttpApplication<TContext
 
                     foreach (var stream in _streams.Values)
                     {
-                        stream.Abort(connectionError);
+                        stream.Abort(connectionError, (Http3ErrorCode)_errorCodeFeature.Error);
                     }
 
                     while (_activeRequestCount > 0)
@@ -364,7 +367,7 @@ internal async Task InnerProcessStreamsAsync<TContext>(IHttpApplication<TContext
                 }
                 catch
                 {
-                    Abort(connectionError);
+                    Abort(connectionError, Http3ErrorCode.NoError);
                     throw;
                 }
             }

src/Servers/Kestrel/Core/src/Internal/Http3/Http3ConnectionErrorException.cs

@@ -0,0 +1,19 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Net.Http;
+
+namespace Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http3
+{
+    internal class Http3ConnectionErrorException : Exception
+    {
+        public Http3ConnectionErrorException(string message, Http3ErrorCode errorCode)
+            : base($"HTTP/3 connection error ({errorCode}): {message}")
+        {
+            ErrorCode = errorCode;
+        }
+
+        public Http3ErrorCode ErrorCode { get; }
+    }
+}