gitee.com/ks-custle/core-gm@v0.0.0-20230922171213-b83bdd97b62c/gmhttp/h2_bundle.go (about) 1 //go:build !nethttpomithttp2 2 // +build !nethttpomithttp2 3 4 // Code generated by golang.org/x/tools/cmd/bundle. DO NOT EDIT. 5 // $ bundle -o=h2_bundle.go -prefix=http2 -tags=!nethttpomithttp2 golang.org/x/net/http2 6 7 // Package http2 implements the HTTP/2 protocol. 8 // 9 // This package is low-level and intended to be used directly by very 10 // few people. Most users will use it indirectly through the automatic 11 // use by the net/http package (from Go 1.6 and later). 12 // For use in earlier Go versions see ConfigureServer. (Transport support 13 // requires Go 1.6 or later) 14 // 15 // See https://http2.github.io/ for more information on HTTP/2. 16 // 17 // See https://http2.golang.org/ for a test server running this code. 18 // 19 20 package gmhttp 21 22 import ( 23 "bufio" 24 "bytes" 25 "compress/gzip" 26 "context" 27 "crypto/rand" 28 "encoding/binary" 29 "errors" 30 "fmt" 31 "io" 32 "io/ioutil" 33 "log" 34 "math" 35 mathrand "math/rand" 36 "net" 37 "gitee.com/ks-custle/core-gm/gmhttp/httptrace" 38 "net/textproto" 39 "net/url" 40 "os" 41 "reflect" 42 "runtime" 43 "sort" 44 "strconv" 45 "strings" 46 "sync" 47 "sync/atomic" 48 "time" 49 tls "gitee.com/ks-custle/core-gm/gmtls" 50 "golang.org/x/net/http/httpguts" 51 "golang.org/x/net/http2/hpack" 52 "golang.org/x/net/idna" 53 ) 54 55 // asciiEqualFold is strings.EqualFold, ASCII only. It reports whether s and t 56 // are equal, ASCII-case-insensitively. 57 func http2asciiEqualFold(s, t string) bool { 58 if len(s) != len(t) { 59 return false 60 } 61 for i := 0; i < len(s); i++ { 62 if http2lower(s[i]) != http2lower(t[i]) { 63 return false 64 } 65 } 66 return true 67 } 68 69 // lower returns the ASCII lowercase version of b. 70 func http2lower(b byte) byte { 71 if 'A' <= b && b <= 'Z' { 72 return b + ('a' - 'A') 73 } 74 return b 75 } 76 77 // isASCIIPrint returns whether s is ASCII and printable according to 78 // https://tools.ietf.org/html/rfc20#section-4.2. 79 func http2isASCIIPrint(s string) bool { 80 for i := 0; i < len(s); i++ { 81 if s[i] < ' ' || s[i] > '~' { 82 return false 83 } 84 } 85 return true 86 } 87 88 // asciiToLower returns the lowercase version of s if s is ASCII and printable, 89 // and whether or not it was. 90 func http2asciiToLower(s string) (lower string, ok bool) { 91 if !http2isASCIIPrint(s) { 92 return "", false 93 } 94 return strings.ToLower(s), true 95 } 96 97 // A list of the possible cipher suite ids. Taken from 98 // https://www.iana.org/assignments/tls-parameters/tls-parameters.txt 99 100 const ( 101 http2cipher_TLS_NULL_WITH_NULL_NULL uint16 = 0x0000 102 http2cipher_TLS_RSA_WITH_NULL_MD5 uint16 = 0x0001 103 http2cipher_TLS_RSA_WITH_NULL_SHA uint16 = 0x0002 104 http2cipher_TLS_RSA_EXPORT_WITH_RC4_40_MD5 uint16 = 0x0003 105 http2cipher_TLS_RSA_WITH_RC4_128_MD5 uint16 = 0x0004 106 http2cipher_TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005 107 http2cipher_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 uint16 = 0x0006 108 http2cipher_TLS_RSA_WITH_IDEA_CBC_SHA uint16 = 0x0007 109 http2cipher_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0008 110 http2cipher_TLS_RSA_WITH_DES_CBC_SHA uint16 = 0x0009 111 http2cipher_TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000A 112 http2cipher_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x000B 113 http2cipher_TLS_DH_DSS_WITH_DES_CBC_SHA uint16 = 0x000C 114 http2cipher_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0x000D 115 http2cipher_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x000E 116 http2cipher_TLS_DH_RSA_WITH_DES_CBC_SHA uint16 = 0x000F 117 http2cipher_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x0010 118 http2cipher_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0011 119 http2cipher_TLS_DHE_DSS_WITH_DES_CBC_SHA uint16 = 0x0012 120 http2cipher_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0x0013 121 http2cipher_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0014 122 http2cipher_TLS_DHE_RSA_WITH_DES_CBC_SHA uint16 = 0x0015 123 http2cipher_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x0016 124 http2cipher_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 uint16 = 0x0017 125 http2cipher_TLS_DH_anon_WITH_RC4_128_MD5 uint16 = 0x0018 126 http2cipher_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0019 127 http2cipher_TLS_DH_anon_WITH_DES_CBC_SHA uint16 = 0x001A 128 http2cipher_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA uint16 = 0x001B 129 // Reserved uint16 = 0x001C-1D 130 http2cipher_TLS_KRB5_WITH_DES_CBC_SHA uint16 = 0x001E 131 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_SHA uint16 = 0x001F 132 http2cipher_TLS_KRB5_WITH_RC4_128_SHA uint16 = 0x0020 133 http2cipher_TLS_KRB5_WITH_IDEA_CBC_SHA uint16 = 0x0021 134 http2cipher_TLS_KRB5_WITH_DES_CBC_MD5 uint16 = 0x0022 135 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_MD5 uint16 = 0x0023 136 http2cipher_TLS_KRB5_WITH_RC4_128_MD5 uint16 = 0x0024 137 http2cipher_TLS_KRB5_WITH_IDEA_CBC_MD5 uint16 = 0x0025 138 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA uint16 = 0x0026 139 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA uint16 = 0x0027 140 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_SHA uint16 = 0x0028 141 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 uint16 = 0x0029 142 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 uint16 = 0x002A 143 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_MD5 uint16 = 0x002B 144 http2cipher_TLS_PSK_WITH_NULL_SHA uint16 = 0x002C 145 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA uint16 = 0x002D 146 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA uint16 = 0x002E 147 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002F 148 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA uint16 = 0x0030 149 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA uint16 = 0x0031 150 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA uint16 = 0x0032 151 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0x0033 152 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA uint16 = 0x0034 153 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035 154 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA uint16 = 0x0036 155 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0037 156 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA uint16 = 0x0038 157 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0039 158 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA uint16 = 0x003A 159 http2cipher_TLS_RSA_WITH_NULL_SHA256 uint16 = 0x003B 160 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003C 161 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x003D 162 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA256 uint16 = 0x003E 163 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003F 164 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 uint16 = 0x0040 165 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0041 166 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0042 167 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0043 168 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0044 169 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0045 170 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0046 171 // Reserved uint16 = 0x0047-4F 172 // Reserved uint16 = 0x0050-58 173 // Reserved uint16 = 0x0059-5C 174 // Unassigned uint16 = 0x005D-5F 175 // Reserved uint16 = 0x0060-66 176 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x0067 177 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA256 uint16 = 0x0068 178 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x0069 179 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 uint16 = 0x006A 180 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x006B 181 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA256 uint16 = 0x006C 182 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA256 uint16 = 0x006D 183 // Unassigned uint16 = 0x006E-83 184 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0084 185 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0085 186 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0086 187 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0087 188 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0088 189 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0089 190 http2cipher_TLS_PSK_WITH_RC4_128_SHA uint16 = 0x008A 191 http2cipher_TLS_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x008B 192 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA uint16 = 0x008C 193 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA uint16 = 0x008D 194 http2cipher_TLS_DHE_PSK_WITH_RC4_128_SHA uint16 = 0x008E 195 http2cipher_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x008F 196 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA uint16 = 0x0090 197 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA uint16 = 0x0091 198 http2cipher_TLS_RSA_PSK_WITH_RC4_128_SHA uint16 = 0x0092 199 http2cipher_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x0093 200 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA uint16 = 0x0094 201 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA uint16 = 0x0095 202 http2cipher_TLS_RSA_WITH_SEED_CBC_SHA uint16 = 0x0096 203 http2cipher_TLS_DH_DSS_WITH_SEED_CBC_SHA uint16 = 0x0097 204 http2cipher_TLS_DH_RSA_WITH_SEED_CBC_SHA uint16 = 0x0098 205 http2cipher_TLS_DHE_DSS_WITH_SEED_CBC_SHA uint16 = 0x0099 206 http2cipher_TLS_DHE_RSA_WITH_SEED_CBC_SHA uint16 = 0x009A 207 http2cipher_TLS_DH_anon_WITH_SEED_CBC_SHA uint16 = 0x009B 208 http2cipher_TLS_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009C 209 http2cipher_TLS_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009D 210 http2cipher_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009E 211 http2cipher_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009F 212 http2cipher_TLS_DH_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x00A0 213 http2cipher_TLS_DH_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x00A1 214 http2cipher_TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 uint16 = 0x00A2 215 http2cipher_TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 uint16 = 0x00A3 216 http2cipher_TLS_DH_DSS_WITH_AES_128_GCM_SHA256 uint16 = 0x00A4 217 http2cipher_TLS_DH_DSS_WITH_AES_256_GCM_SHA384 uint16 = 0x00A5 218 http2cipher_TLS_DH_anon_WITH_AES_128_GCM_SHA256 uint16 = 0x00A6 219 http2cipher_TLS_DH_anon_WITH_AES_256_GCM_SHA384 uint16 = 0x00A7 220 http2cipher_TLS_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00A8 221 http2cipher_TLS_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00A9 222 http2cipher_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00AA 223 http2cipher_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00AB 224 http2cipher_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00AC 225 http2cipher_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00AD 226 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00AE 227 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00AF 228 http2cipher_TLS_PSK_WITH_NULL_SHA256 uint16 = 0x00B0 229 http2cipher_TLS_PSK_WITH_NULL_SHA384 uint16 = 0x00B1 230 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00B2 231 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00B3 232 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA256 uint16 = 0x00B4 233 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA384 uint16 = 0x00B5 234 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00B6 235 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00B7 236 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA256 uint16 = 0x00B8 237 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA384 uint16 = 0x00B9 238 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BA 239 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BB 240 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BC 241 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BD 242 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BE 243 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BF 244 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C0 245 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C1 246 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C2 247 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C3 248 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C4 249 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C5 250 // Unassigned uint16 = 0x00C6-FE 251 http2cipher_TLS_EMPTY_RENEGOTIATION_INFO_SCSV uint16 = 0x00FF 252 // Unassigned uint16 = 0x01-55,* 253 http2cipher_TLS_FALLBACK_SCSV uint16 = 0x5600 254 // Unassigned uint16 = 0x5601 - 0xC000 255 http2cipher_TLS_ECDH_ECDSA_WITH_NULL_SHA uint16 = 0xC001 256 http2cipher_TLS_ECDH_ECDSA_WITH_RC4_128_SHA uint16 = 0xC002 257 http2cipher_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC003 258 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xC004 259 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xC005 260 http2cipher_TLS_ECDHE_ECDSA_WITH_NULL_SHA uint16 = 0xC006 261 http2cipher_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xC007 262 http2cipher_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC008 263 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xC009 264 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xC00A 265 http2cipher_TLS_ECDH_RSA_WITH_NULL_SHA uint16 = 0xC00B 266 http2cipher_TLS_ECDH_RSA_WITH_RC4_128_SHA uint16 = 0xC00C 267 http2cipher_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC00D 268 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC00E 269 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC00F 270 http2cipher_TLS_ECDHE_RSA_WITH_NULL_SHA uint16 = 0xC010 271 http2cipher_TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xC011 272 http2cipher_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC012 273 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC013 274 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC014 275 http2cipher_TLS_ECDH_anon_WITH_NULL_SHA uint16 = 0xC015 276 http2cipher_TLS_ECDH_anon_WITH_RC4_128_SHA uint16 = 0xC016 277 http2cipher_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA uint16 = 0xC017 278 http2cipher_TLS_ECDH_anon_WITH_AES_128_CBC_SHA uint16 = 0xC018 279 http2cipher_TLS_ECDH_anon_WITH_AES_256_CBC_SHA uint16 = 0xC019 280 http2cipher_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01A 281 http2cipher_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01B 282 http2cipher_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01C 283 http2cipher_TLS_SRP_SHA_WITH_AES_128_CBC_SHA uint16 = 0xC01D 284 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC01E 285 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA uint16 = 0xC01F 286 http2cipher_TLS_SRP_SHA_WITH_AES_256_CBC_SHA uint16 = 0xC020 287 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC021 288 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA uint16 = 0xC022 289 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC023 290 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC024 291 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC025 292 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC026 293 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC027 294 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC028 295 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC029 296 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC02A 297 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02B 298 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC02C 299 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02D 300 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC02E 301 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02F 302 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC030 303 http2cipher_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC031 304 http2cipher_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC032 305 http2cipher_TLS_ECDHE_PSK_WITH_RC4_128_SHA uint16 = 0xC033 306 http2cipher_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0xC034 307 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA uint16 = 0xC035 308 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA uint16 = 0xC036 309 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0xC037 310 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0xC038 311 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA uint16 = 0xC039 312 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA256 uint16 = 0xC03A 313 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA384 uint16 = 0xC03B 314 http2cipher_TLS_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC03C 315 http2cipher_TLS_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC03D 316 http2cipher_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC03E 317 http2cipher_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC03F 318 http2cipher_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC040 319 http2cipher_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC041 320 http2cipher_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC042 321 http2cipher_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC043 322 http2cipher_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC044 323 http2cipher_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC045 324 http2cipher_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC046 325 http2cipher_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC047 326 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC048 327 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC049 328 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04A 329 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04B 330 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04C 331 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04D 332 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04E 333 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04F 334 http2cipher_TLS_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC050 335 http2cipher_TLS_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC051 336 http2cipher_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC052 337 http2cipher_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC053 338 http2cipher_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC054 339 http2cipher_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC055 340 http2cipher_TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC056 341 http2cipher_TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC057 342 http2cipher_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC058 343 http2cipher_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC059 344 http2cipher_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05A 345 http2cipher_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05B 346 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05C 347 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05D 348 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05E 349 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05F 350 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC060 351 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC061 352 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC062 353 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC063 354 http2cipher_TLS_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC064 355 http2cipher_TLS_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC065 356 http2cipher_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC066 357 http2cipher_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC067 358 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC068 359 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC069 360 http2cipher_TLS_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06A 361 http2cipher_TLS_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06B 362 http2cipher_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06C 363 http2cipher_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06D 364 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06E 365 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06F 366 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC070 367 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC071 368 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC072 369 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC073 370 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC074 371 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC075 372 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC076 373 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC077 374 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC078 375 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC079 376 http2cipher_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07A 377 http2cipher_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07B 378 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07C 379 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07D 380 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07E 381 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07F 382 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC080 383 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC081 384 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC082 385 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC083 386 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC084 387 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC085 388 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC086 389 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC087 390 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC088 391 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC089 392 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08A 393 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08B 394 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08C 395 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08D 396 http2cipher_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08E 397 http2cipher_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08F 398 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC090 399 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC091 400 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC092 401 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC093 402 http2cipher_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC094 403 http2cipher_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC095 404 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC096 405 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC097 406 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC098 407 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC099 408 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC09A 409 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC09B 410 http2cipher_TLS_RSA_WITH_AES_128_CCM uint16 = 0xC09C 411 http2cipher_TLS_RSA_WITH_AES_256_CCM uint16 = 0xC09D 412 http2cipher_TLS_DHE_RSA_WITH_AES_128_CCM uint16 = 0xC09E 413 http2cipher_TLS_DHE_RSA_WITH_AES_256_CCM uint16 = 0xC09F 414 http2cipher_TLS_RSA_WITH_AES_128_CCM_8 uint16 = 0xC0A0 415 http2cipher_TLS_RSA_WITH_AES_256_CCM_8 uint16 = 0xC0A1 416 http2cipher_TLS_DHE_RSA_WITH_AES_128_CCM_8 uint16 = 0xC0A2 417 http2cipher_TLS_DHE_RSA_WITH_AES_256_CCM_8 uint16 = 0xC0A3 418 http2cipher_TLS_PSK_WITH_AES_128_CCM uint16 = 0xC0A4 419 http2cipher_TLS_PSK_WITH_AES_256_CCM uint16 = 0xC0A5 420 http2cipher_TLS_DHE_PSK_WITH_AES_128_CCM uint16 = 0xC0A6 421 http2cipher_TLS_DHE_PSK_WITH_AES_256_CCM uint16 = 0xC0A7 422 http2cipher_TLS_PSK_WITH_AES_128_CCM_8 uint16 = 0xC0A8 423 http2cipher_TLS_PSK_WITH_AES_256_CCM_8 uint16 = 0xC0A9 424 http2cipher_TLS_PSK_DHE_WITH_AES_128_CCM_8 uint16 = 0xC0AA 425 http2cipher_TLS_PSK_DHE_WITH_AES_256_CCM_8 uint16 = 0xC0AB 426 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CCM uint16 = 0xC0AC 427 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CCM uint16 = 0xC0AD 428 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 uint16 = 0xC0AE 429 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 uint16 = 0xC0AF 430 // Unassigned uint16 = 0xC0B0-FF 431 // Unassigned uint16 = 0xC1-CB,* 432 // Unassigned uint16 = 0xCC00-A7 433 http2cipher_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCA8 434 http2cipher_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCA9 435 http2cipher_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAA 436 http2cipher_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAB 437 http2cipher_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAC 438 http2cipher_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAD 439 http2cipher_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAE 440 ) 441 442 // isBadCipher reports whether the cipher is blacklisted by the HTTP/2 spec. 443 // References: 444 // https://tools.ietf.org/html/rfc7540#appendix-A 445 // Reject cipher suites from Appendix A. 446 // "This list includes those cipher suites that do not 447 // offer an ephemeral key exchange and those that are 448 // based on the TLS null, stream or block cipher type" 449 func http2isBadCipher(cipher uint16) bool { 450 switch cipher { 451 case http2cipher_TLS_NULL_WITH_NULL_NULL, 452 http2cipher_TLS_RSA_WITH_NULL_MD5, 453 http2cipher_TLS_RSA_WITH_NULL_SHA, 454 http2cipher_TLS_RSA_EXPORT_WITH_RC4_40_MD5, 455 http2cipher_TLS_RSA_WITH_RC4_128_MD5, 456 http2cipher_TLS_RSA_WITH_RC4_128_SHA, 457 http2cipher_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, 458 http2cipher_TLS_RSA_WITH_IDEA_CBC_SHA, 459 http2cipher_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, 460 http2cipher_TLS_RSA_WITH_DES_CBC_SHA, 461 http2cipher_TLS_RSA_WITH_3DES_EDE_CBC_SHA, 462 http2cipher_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, 463 http2cipher_TLS_DH_DSS_WITH_DES_CBC_SHA, 464 http2cipher_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, 465 http2cipher_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, 466 http2cipher_TLS_DH_RSA_WITH_DES_CBC_SHA, 467 http2cipher_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, 468 http2cipher_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, 469 http2cipher_TLS_DHE_DSS_WITH_DES_CBC_SHA, 470 http2cipher_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 471 http2cipher_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, 472 http2cipher_TLS_DHE_RSA_WITH_DES_CBC_SHA, 473 http2cipher_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 474 http2cipher_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5, 475 http2cipher_TLS_DH_anon_WITH_RC4_128_MD5, 476 http2cipher_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, 477 http2cipher_TLS_DH_anon_WITH_DES_CBC_SHA, 478 http2cipher_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, 479 http2cipher_TLS_KRB5_WITH_DES_CBC_SHA, 480 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_SHA, 481 http2cipher_TLS_KRB5_WITH_RC4_128_SHA, 482 http2cipher_TLS_KRB5_WITH_IDEA_CBC_SHA, 483 http2cipher_TLS_KRB5_WITH_DES_CBC_MD5, 484 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_MD5, 485 http2cipher_TLS_KRB5_WITH_RC4_128_MD5, 486 http2cipher_TLS_KRB5_WITH_IDEA_CBC_MD5, 487 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, 488 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, 489 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_SHA, 490 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, 491 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, 492 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_MD5, 493 http2cipher_TLS_PSK_WITH_NULL_SHA, 494 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA, 495 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA, 496 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA, 497 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA, 498 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA, 499 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 500 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 501 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA, 502 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA, 503 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA, 504 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA, 505 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 506 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 507 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA, 508 http2cipher_TLS_RSA_WITH_NULL_SHA256, 509 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA256, 510 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA256, 511 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA256, 512 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA256, 513 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 514 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, 515 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 516 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 517 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 518 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 519 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA, 520 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 521 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA256, 522 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA256, 523 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 524 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 525 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA256, 526 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA256, 527 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, 528 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 529 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 530 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 531 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 532 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA, 533 http2cipher_TLS_PSK_WITH_RC4_128_SHA, 534 http2cipher_TLS_PSK_WITH_3DES_EDE_CBC_SHA, 535 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA, 536 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA, 537 http2cipher_TLS_DHE_PSK_WITH_RC4_128_SHA, 538 http2cipher_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, 539 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, 540 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, 541 http2cipher_TLS_RSA_PSK_WITH_RC4_128_SHA, 542 http2cipher_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, 543 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, 544 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, 545 http2cipher_TLS_RSA_WITH_SEED_CBC_SHA, 546 http2cipher_TLS_DH_DSS_WITH_SEED_CBC_SHA, 547 http2cipher_TLS_DH_RSA_WITH_SEED_CBC_SHA, 548 http2cipher_TLS_DHE_DSS_WITH_SEED_CBC_SHA, 549 http2cipher_TLS_DHE_RSA_WITH_SEED_CBC_SHA, 550 http2cipher_TLS_DH_anon_WITH_SEED_CBC_SHA, 551 http2cipher_TLS_RSA_WITH_AES_128_GCM_SHA256, 552 http2cipher_TLS_RSA_WITH_AES_256_GCM_SHA384, 553 http2cipher_TLS_DH_RSA_WITH_AES_128_GCM_SHA256, 554 http2cipher_TLS_DH_RSA_WITH_AES_256_GCM_SHA384, 555 http2cipher_TLS_DH_DSS_WITH_AES_128_GCM_SHA256, 556 http2cipher_TLS_DH_DSS_WITH_AES_256_GCM_SHA384, 557 http2cipher_TLS_DH_anon_WITH_AES_128_GCM_SHA256, 558 http2cipher_TLS_DH_anon_WITH_AES_256_GCM_SHA384, 559 http2cipher_TLS_PSK_WITH_AES_128_GCM_SHA256, 560 http2cipher_TLS_PSK_WITH_AES_256_GCM_SHA384, 561 http2cipher_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, 562 http2cipher_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, 563 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA256, 564 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA384, 565 http2cipher_TLS_PSK_WITH_NULL_SHA256, 566 http2cipher_TLS_PSK_WITH_NULL_SHA384, 567 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, 568 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, 569 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA256, 570 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA384, 571 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, 572 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, 573 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA256, 574 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA384, 575 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, 576 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256, 577 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 578 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, 579 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 580 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256, 581 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, 582 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256, 583 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256, 584 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, 585 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 586 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256, 587 http2cipher_TLS_EMPTY_RENEGOTIATION_INFO_SCSV, 588 http2cipher_TLS_ECDH_ECDSA_WITH_NULL_SHA, 589 http2cipher_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 590 http2cipher_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 591 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 592 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 593 http2cipher_TLS_ECDHE_ECDSA_WITH_NULL_SHA, 594 http2cipher_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 595 http2cipher_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 596 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 597 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 598 http2cipher_TLS_ECDH_RSA_WITH_NULL_SHA, 599 http2cipher_TLS_ECDH_RSA_WITH_RC4_128_SHA, 600 http2cipher_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 601 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 602 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 603 http2cipher_TLS_ECDHE_RSA_WITH_NULL_SHA, 604 http2cipher_TLS_ECDHE_RSA_WITH_RC4_128_SHA, 605 http2cipher_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 606 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 607 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 608 http2cipher_TLS_ECDH_anon_WITH_NULL_SHA, 609 http2cipher_TLS_ECDH_anon_WITH_RC4_128_SHA, 610 http2cipher_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, 611 http2cipher_TLS_ECDH_anon_WITH_AES_128_CBC_SHA, 612 http2cipher_TLS_ECDH_anon_WITH_AES_256_CBC_SHA, 613 http2cipher_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 614 http2cipher_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 615 http2cipher_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 616 http2cipher_TLS_SRP_SHA_WITH_AES_128_CBC_SHA, 617 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 618 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 619 http2cipher_TLS_SRP_SHA_WITH_AES_256_CBC_SHA, 620 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 621 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 622 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 623 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 624 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, 625 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, 626 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 627 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 628 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 629 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 630 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 631 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 632 http2cipher_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, 633 http2cipher_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, 634 http2cipher_TLS_ECDHE_PSK_WITH_RC4_128_SHA, 635 http2cipher_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, 636 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, 637 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, 638 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 639 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, 640 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA, 641 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA256, 642 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA384, 643 http2cipher_TLS_RSA_WITH_ARIA_128_CBC_SHA256, 644 http2cipher_TLS_RSA_WITH_ARIA_256_CBC_SHA384, 645 http2cipher_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256, 646 http2cipher_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384, 647 http2cipher_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256, 648 http2cipher_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384, 649 http2cipher_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256, 650 http2cipher_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384, 651 http2cipher_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, 652 http2cipher_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, 653 http2cipher_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256, 654 http2cipher_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384, 655 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, 656 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, 657 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, 658 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, 659 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, 660 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, 661 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, 662 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, 663 http2cipher_TLS_RSA_WITH_ARIA_128_GCM_SHA256, 664 http2cipher_TLS_RSA_WITH_ARIA_256_GCM_SHA384, 665 http2cipher_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256, 666 http2cipher_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384, 667 http2cipher_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256, 668 http2cipher_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384, 669 http2cipher_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256, 670 http2cipher_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384, 671 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, 672 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, 673 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, 674 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, 675 http2cipher_TLS_PSK_WITH_ARIA_128_CBC_SHA256, 676 http2cipher_TLS_PSK_WITH_ARIA_256_CBC_SHA384, 677 http2cipher_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, 678 http2cipher_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, 679 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, 680 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, 681 http2cipher_TLS_PSK_WITH_ARIA_128_GCM_SHA256, 682 http2cipher_TLS_PSK_WITH_ARIA_256_GCM_SHA384, 683 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, 684 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, 685 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, 686 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, 687 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 688 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 689 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 690 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 691 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 692 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, 693 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 694 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, 695 http2cipher_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, 696 http2cipher_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, 697 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 698 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 699 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256, 700 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384, 701 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256, 702 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384, 703 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 704 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 705 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 706 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 707 http2cipher_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, 708 http2cipher_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, 709 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, 710 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, 711 http2cipher_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, 712 http2cipher_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, 713 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 714 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 715 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, 716 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, 717 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 718 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 719 http2cipher_TLS_RSA_WITH_AES_128_CCM, 720 http2cipher_TLS_RSA_WITH_AES_256_CCM, 721 http2cipher_TLS_RSA_WITH_AES_128_CCM_8, 722 http2cipher_TLS_RSA_WITH_AES_256_CCM_8, 723 http2cipher_TLS_PSK_WITH_AES_128_CCM, 724 http2cipher_TLS_PSK_WITH_AES_256_CCM, 725 http2cipher_TLS_PSK_WITH_AES_128_CCM_8, 726 http2cipher_TLS_PSK_WITH_AES_256_CCM_8: 727 return true 728 default: 729 return false 730 } 731 } 732 733 // ClientConnPool manages a pool of HTTP/2 client connections. 734 type http2ClientConnPool interface { 735 // GetClientConn returns a specific HTTP/2 connection (usually 736 // a TLS-TCP connection) to an HTTP/2 server. On success, the 737 // returned ClientConn accounts for the upcoming RoundTrip 738 // call, so the caller should not omit it. If the caller needs 739 // to, ClientConn.RoundTrip can be called with a bogus 740 // new(http.Request) to release the stream reservation. 741 GetClientConn(req *Request, addr string) (*http2ClientConn, error) 742 MarkDead(*http2ClientConn) 743 } 744 745 // clientConnPoolIdleCloser is the interface implemented by ClientConnPool 746 // implementations which can close their idle connections. 747 type http2clientConnPoolIdleCloser interface { 748 http2ClientConnPool 749 closeIdleConnections() 750 } 751 752 var ( 753 _ http2clientConnPoolIdleCloser = (*http2clientConnPool)(nil) 754 _ http2clientConnPoolIdleCloser = http2noDialClientConnPool{} 755 ) 756 757 // TODO: use singleflight for dialing and addConnCalls? 758 type http2clientConnPool struct { 759 t *http2Transport 760 761 mu sync.Mutex // TODO: maybe switch to RWMutex 762 // TODO: add support for sharing conns based on cert names 763 // (e.g. share conn for googleapis.com and appspot.com) 764 conns map[string][]*http2ClientConn // key is host:port 765 dialing map[string]*http2dialCall // currently in-flight dials 766 keys map[*http2ClientConn][]string 767 addConnCalls map[string]*http2addConnCall // in-flight addConnIfNeeded calls 768 } 769 770 func (p *http2clientConnPool) GetClientConn(req *Request, addr string) (*http2ClientConn, error) { 771 return p.getClientConn(req, addr, http2dialOnMiss) 772 } 773 774 const ( 775 http2dialOnMiss = true 776 http2noDialOnMiss = false 777 ) 778 779 func (p *http2clientConnPool) getClientConn(req *Request, addr string, dialOnMiss bool) (*http2ClientConn, error) { 780 // TODO(dneil): Dial a new connection when t.DisableKeepAlives is set? 781 if http2isConnectionCloseRequest(req) && dialOnMiss { 782 // It gets its own connection. 783 http2traceGetConn(req, addr) 784 const singleUse = true 785 cc, err := p.t.dialClientConn(req.Context(), addr, singleUse) 786 if err != nil { 787 return nil, err 788 } 789 return cc, nil 790 } 791 for { 792 p.mu.Lock() 793 for _, cc := range p.conns[addr] { 794 if cc.ReserveNewRequest() { 795 // When a connection is presented to us by the net/http package, 796 // the GetConn hook has already been called. 797 // Don't call it a second time here. 798 if !cc.getConnCalled { 799 http2traceGetConn(req, addr) 800 } 801 cc.getConnCalled = false 802 p.mu.Unlock() 803 return cc, nil 804 } 805 } 806 if !dialOnMiss { 807 p.mu.Unlock() 808 return nil, http2ErrNoCachedConn 809 } 810 http2traceGetConn(req, addr) 811 call := p.getStartDialLocked(req.Context(), addr) 812 p.mu.Unlock() 813 <-call.done 814 if http2shouldRetryDial(call, req) { 815 continue 816 } 817 cc, err := call.res, call.err 818 if err != nil { 819 return nil, err 820 } 821 if cc.ReserveNewRequest() { 822 return cc, nil 823 } 824 } 825 } 826 827 // dialCall is an in-flight Transport dial call to a host. 828 type http2dialCall struct { 829 _ http2incomparable 830 p *http2clientConnPool 831 // the context associated with the request 832 // that created this dialCall 833 ctx context.Context 834 done chan struct{} // closed when done 835 res *http2ClientConn // valid after done is closed 836 err error // valid after done is closed 837 } 838 839 // requires p.mu is held. 840 func (p *http2clientConnPool) getStartDialLocked(ctx context.Context, addr string) *http2dialCall { 841 if call, ok := p.dialing[addr]; ok { 842 // A dial is already in-flight. Don't start another. 843 return call 844 } 845 call := &http2dialCall{p: p, done: make(chan struct{}), ctx: ctx} 846 if p.dialing == nil { 847 p.dialing = make(map[string]*http2dialCall) 848 } 849 p.dialing[addr] = call 850 go call.dial(call.ctx, addr) 851 return call 852 } 853 854 // run in its own goroutine. 855 func (c *http2dialCall) dial(ctx context.Context, addr string) { 856 const singleUse = false // shared conn 857 c.res, c.err = c.p.t.dialClientConn(ctx, addr, singleUse) 858 close(c.done) 859 860 c.p.mu.Lock() 861 delete(c.p.dialing, addr) 862 if c.err == nil { 863 c.p.addConnLocked(addr, c.res) 864 } 865 c.p.mu.Unlock() 866 } 867 868 // addConnIfNeeded makes a NewClientConn out of c if a connection for key doesn't 869 // already exist. It coalesces concurrent calls with the same key. 870 // This is used by the http1 Transport code when it creates a new connection. Because 871 // the http1 Transport doesn't de-dup TCP dials to outbound hosts (because it doesn't know 872 // the protocol), it can get into a situation where it has multiple TLS connections. 873 // This code decides which ones live or die. 874 // The return value used is whether c was used. 875 // c is never closed. 876 func (p *http2clientConnPool) addConnIfNeeded(key string, t *http2Transport, c *tls.Conn) (used bool, err error) { 877 p.mu.Lock() 878 for _, cc := range p.conns[key] { 879 if cc.CanTakeNewRequest() { 880 p.mu.Unlock() 881 return false, nil 882 } 883 } 884 call, dup := p.addConnCalls[key] 885 if !dup { 886 if p.addConnCalls == nil { 887 p.addConnCalls = make(map[string]*http2addConnCall) 888 } 889 call = &http2addConnCall{ 890 p: p, 891 done: make(chan struct{}), 892 } 893 p.addConnCalls[key] = call 894 go call.run(t, key, c) 895 } 896 p.mu.Unlock() 897 898 <-call.done 899 if call.err != nil { 900 return false, call.err 901 } 902 return !dup, nil 903 } 904 905 type http2addConnCall struct { 906 _ http2incomparable 907 p *http2clientConnPool 908 done chan struct{} // closed when done 909 err error 910 } 911 912 func (c *http2addConnCall) run(t *http2Transport, key string, tc *tls.Conn) { 913 cc, err := t.NewClientConn(tc) 914 915 p := c.p 916 p.mu.Lock() 917 if err != nil { 918 c.err = err 919 } else { 920 cc.getConnCalled = true // already called by the net/http package 921 p.addConnLocked(key, cc) 922 } 923 delete(p.addConnCalls, key) 924 p.mu.Unlock() 925 close(c.done) 926 } 927 928 // p.mu must be held 929 func (p *http2clientConnPool) addConnLocked(key string, cc *http2ClientConn) { 930 for _, v := range p.conns[key] { 931 if v == cc { 932 return 933 } 934 } 935 if p.conns == nil { 936 p.conns = make(map[string][]*http2ClientConn) 937 } 938 if p.keys == nil { 939 p.keys = make(map[*http2ClientConn][]string) 940 } 941 p.conns[key] = append(p.conns[key], cc) 942 p.keys[cc] = append(p.keys[cc], key) 943 } 944 945 func (p *http2clientConnPool) MarkDead(cc *http2ClientConn) { 946 p.mu.Lock() 947 defer p.mu.Unlock() 948 for _, key := range p.keys[cc] { 949 vv, ok := p.conns[key] 950 if !ok { 951 continue 952 } 953 newList := http2filterOutClientConn(vv, cc) 954 if len(newList) > 0 { 955 p.conns[key] = newList 956 } else { 957 delete(p.conns, key) 958 } 959 } 960 delete(p.keys, cc) 961 } 962 963 func (p *http2clientConnPool) closeIdleConnections() { 964 p.mu.Lock() 965 defer p.mu.Unlock() 966 // TODO: don't close a cc if it was just added to the pool 967 // milliseconds ago and has never been used. There's currently 968 // a small race window with the HTTP/1 Transport's integration 969 // where it can add an idle conn just before using it, and 970 // somebody else can concurrently call CloseIdleConns and 971 // break some caller's RoundTrip. 972 for _, vv := range p.conns { 973 for _, cc := range vv { 974 cc.closeIfIdle() 975 } 976 } 977 } 978 979 func http2filterOutClientConn(in []*http2ClientConn, exclude *http2ClientConn) []*http2ClientConn { 980 out := in[:0] 981 for _, v := range in { 982 if v != exclude { 983 out = append(out, v) 984 } 985 } 986 // If we filtered it out, zero out the last item to prevent 987 // the GC from seeing it. 988 if len(in) != len(out) { 989 in[len(in)-1] = nil 990 } 991 return out 992 } 993 994 // noDialClientConnPool is an implementation of http2.ClientConnPool 995 // which never dials. We let the HTTP/1.1 client dial and use its TLS 996 // connection instead. 997 type http2noDialClientConnPool struct{ *http2clientConnPool } 998 999 func (p http2noDialClientConnPool) GetClientConn(req *Request, addr string) (*http2ClientConn, error) { 1000 return p.getClientConn(req, addr, http2noDialOnMiss) 1001 } 1002 1003 // shouldRetryDial reports whether the current request should 1004 // retry dialing after the call finished unsuccessfully, for example 1005 // if the dial was canceled because of a context cancellation or 1006 // deadline expiry. 1007 func http2shouldRetryDial(call *http2dialCall, req *Request) bool { 1008 if call.err == nil { 1009 // No error, no need to retry 1010 return false 1011 } 1012 if call.ctx == req.Context() { 1013 // If the call has the same context as the request, the dial 1014 // should not be retried, since any cancellation will have come 1015 // from this request. 1016 return false 1017 } 1018 if !errors.Is(call.err, context.Canceled) && !errors.Is(call.err, context.DeadlineExceeded) { 1019 // If the call error is not because of a context cancellation or a deadline expiry, 1020 // the dial should not be retried. 1021 return false 1022 } 1023 // Only retry if the error is a context cancellation error or deadline expiry 1024 // and the context associated with the call was canceled or expired. 1025 return call.ctx.Err() != nil 1026 } 1027 1028 // Buffer chunks are allocated from a pool to reduce pressure on GC. 1029 // The maximum wasted space per dataBuffer is 2x the largest size class, 1030 // which happens when the dataBuffer has multiple chunks and there is 1031 // one unread byte in both the first and last chunks. We use a few size 1032 // classes to minimize overheads for servers that typically receive very 1033 // small request bodies. 1034 // 1035 // TODO: Benchmark to determine if the pools are necessary. The GC may have 1036 // improved enough that we can instead allocate chunks like this: 1037 // make([]byte, max(16<<10, expectedBytesRemaining)) 1038 var ( 1039 http2dataChunkSizeClasses = []int{ 1040 1 << 10, 1041 2 << 10, 1042 4 << 10, 1043 8 << 10, 1044 16 << 10, 1045 } 1046 http2dataChunkPools = [...]sync.Pool{ 1047 {New: func() interface{} { return make([]byte, 1<<10) }}, 1048 {New: func() interface{} { return make([]byte, 2<<10) }}, 1049 {New: func() interface{} { return make([]byte, 4<<10) }}, 1050 {New: func() interface{} { return make([]byte, 8<<10) }}, 1051 {New: func() interface{} { return make([]byte, 16<<10) }}, 1052 } 1053 ) 1054 1055 func http2getDataBufferChunk(size int64) []byte { 1056 i := 0 1057 for ; i < len(http2dataChunkSizeClasses)-1; i++ { 1058 if size <= int64(http2dataChunkSizeClasses[i]) { 1059 break 1060 } 1061 } 1062 return http2dataChunkPools[i].Get().([]byte) 1063 } 1064 1065 func http2putDataBufferChunk(p []byte) { 1066 for i, n := range http2dataChunkSizeClasses { 1067 if len(p) == n { 1068 http2dataChunkPools[i].Put(p) 1069 return 1070 } 1071 } 1072 panic(fmt.Sprintf("unexpected buffer len=%v", len(p))) 1073 } 1074 1075 // dataBuffer is an io.ReadWriter backed by a list of data chunks. 1076 // Each dataBuffer is used to read DATA frames on a single stream. 1077 // The buffer is divided into chunks so the server can limit the 1078 // total memory used by a single connection without limiting the 1079 // request body size on any single stream. 1080 type http2dataBuffer struct { 1081 chunks [][]byte 1082 r int // next byte to read is chunks[0][r] 1083 w int // next byte to write is chunks[len(chunks)-1][w] 1084 size int // total buffered bytes 1085 expected int64 // we expect at least this many bytes in future Write calls (ignored if <= 0) 1086 } 1087 1088 var http2errReadEmpty = errors.New("read from empty dataBuffer") 1089 1090 // Read copies bytes from the buffer into p. 1091 // It is an error to read when no data is available. 1092 func (b *http2dataBuffer) Read(p []byte) (int, error) { 1093 if b.size == 0 { 1094 return 0, http2errReadEmpty 1095 } 1096 var ntotal int 1097 for len(p) > 0 && b.size > 0 { 1098 readFrom := b.bytesFromFirstChunk() 1099 n := copy(p, readFrom) 1100 p = p[n:] 1101 ntotal += n 1102 b.r += n 1103 b.size -= n 1104 // If the first chunk has been consumed, advance to the next chunk. 1105 if b.r == len(b.chunks[0]) { 1106 http2putDataBufferChunk(b.chunks[0]) 1107 end := len(b.chunks) - 1 1108 copy(b.chunks[:end], b.chunks[1:]) 1109 b.chunks[end] = nil 1110 b.chunks = b.chunks[:end] 1111 b.r = 0 1112 } 1113 } 1114 return ntotal, nil 1115 } 1116 1117 func (b *http2dataBuffer) bytesFromFirstChunk() []byte { 1118 if len(b.chunks) == 1 { 1119 return b.chunks[0][b.r:b.w] 1120 } 1121 return b.chunks[0][b.r:] 1122 } 1123 1124 // Len returns the number of bytes of the unread portion of the buffer. 1125 func (b *http2dataBuffer) Len() int { 1126 return b.size 1127 } 1128 1129 // Write appends p to the buffer. 1130 func (b *http2dataBuffer) Write(p []byte) (int, error) { 1131 ntotal := len(p) 1132 for len(p) > 0 { 1133 // If the last chunk is empty, allocate a new chunk. Try to allocate 1134 // enough to fully copy p plus any additional bytes we expect to 1135 // receive. However, this may allocate less than len(p). 1136 want := int64(len(p)) 1137 if b.expected > want { 1138 want = b.expected 1139 } 1140 chunk := b.lastChunkOrAlloc(want) 1141 n := copy(chunk[b.w:], p) 1142 p = p[n:] 1143 b.w += n 1144 b.size += n 1145 b.expected -= int64(n) 1146 } 1147 return ntotal, nil 1148 } 1149 1150 func (b *http2dataBuffer) lastChunkOrAlloc(want int64) []byte { 1151 if len(b.chunks) != 0 { 1152 last := b.chunks[len(b.chunks)-1] 1153 if b.w < len(last) { 1154 return last 1155 } 1156 } 1157 chunk := http2getDataBufferChunk(want) 1158 b.chunks = append(b.chunks, chunk) 1159 b.w = 0 1160 return chunk 1161 } 1162 1163 // An ErrCode is an unsigned 32-bit error code as defined in the HTTP/2 spec. 1164 type http2ErrCode uint32 1165 1166 const ( 1167 http2ErrCodeNo http2ErrCode = 0x0 1168 http2ErrCodeProtocol http2ErrCode = 0x1 1169 http2ErrCodeInternal http2ErrCode = 0x2 1170 http2ErrCodeFlowControl http2ErrCode = 0x3 1171 http2ErrCodeSettingsTimeout http2ErrCode = 0x4 1172 http2ErrCodeStreamClosed http2ErrCode = 0x5 1173 http2ErrCodeFrameSize http2ErrCode = 0x6 1174 http2ErrCodeRefusedStream http2ErrCode = 0x7 1175 http2ErrCodeCancel http2ErrCode = 0x8 1176 http2ErrCodeCompression http2ErrCode = 0x9 1177 http2ErrCodeConnect http2ErrCode = 0xa 1178 http2ErrCodeEnhanceYourCalm http2ErrCode = 0xb 1179 http2ErrCodeInadequateSecurity http2ErrCode = 0xc 1180 http2ErrCodeHTTP11Required http2ErrCode = 0xd 1181 ) 1182 1183 var http2errCodeName = map[http2ErrCode]string{ 1184 http2ErrCodeNo: "NO_ERROR", 1185 http2ErrCodeProtocol: "PROTOCOL_ERROR", 1186 http2ErrCodeInternal: "INTERNAL_ERROR", 1187 http2ErrCodeFlowControl: "FLOW_CONTROL_ERROR", 1188 http2ErrCodeSettingsTimeout: "SETTINGS_TIMEOUT", 1189 http2ErrCodeStreamClosed: "STREAM_CLOSED", 1190 http2ErrCodeFrameSize: "FRAME_SIZE_ERROR", 1191 http2ErrCodeRefusedStream: "REFUSED_STREAM", 1192 http2ErrCodeCancel: "CANCEL", 1193 http2ErrCodeCompression: "COMPRESSION_ERROR", 1194 http2ErrCodeConnect: "CONNECT_ERROR", 1195 http2ErrCodeEnhanceYourCalm: "ENHANCE_YOUR_CALM", 1196 http2ErrCodeInadequateSecurity: "INADEQUATE_SECURITY", 1197 http2ErrCodeHTTP11Required: "HTTP_1_1_REQUIRED", 1198 } 1199 1200 func (e http2ErrCode) String() string { 1201 if s, ok := http2errCodeName[e]; ok { 1202 return s 1203 } 1204 return fmt.Sprintf("unknown error code 0x%x", uint32(e)) 1205 } 1206 1207 // ConnectionError is an error that results in the termination of the 1208 // entire connection. 1209 type http2ConnectionError http2ErrCode 1210 1211 func (e http2ConnectionError) Error() string { 1212 return fmt.Sprintf("connection error: %s", http2ErrCode(e)) 1213 } 1214 1215 // StreamError is an error that only affects one stream within an 1216 // HTTP/2 connection. 1217 type http2StreamError struct { 1218 StreamID uint32 1219 Code http2ErrCode 1220 Cause error // optional additional detail 1221 } 1222 1223 // errFromPeer is a sentinel error value for StreamError.Cause to 1224 // indicate that the StreamError was sent from the peer over the wire 1225 // and wasn't locally generated in the Transport. 1226 var http2errFromPeer = errors.New("received from peer") 1227 1228 func http2streamError(id uint32, code http2ErrCode) http2StreamError { 1229 return http2StreamError{StreamID: id, Code: code} 1230 } 1231 1232 func (e http2StreamError) Error() string { 1233 if e.Cause != nil { 1234 return fmt.Sprintf("stream error: stream ID %d; %v; %v", e.StreamID, e.Code, e.Cause) 1235 } 1236 return fmt.Sprintf("stream error: stream ID %d; %v", e.StreamID, e.Code) 1237 } 1238 1239 // 6.9.1 The Flow Control Window 1240 // "If a sender receives a WINDOW_UPDATE that causes a flow control 1241 // window to exceed this maximum it MUST terminate either the stream 1242 // or the connection, as appropriate. For streams, [...]; for the 1243 // connection, a GOAWAY frame with a FLOW_CONTROL_ERROR code." 1244 type http2goAwayFlowError struct{} 1245 1246 func (http2goAwayFlowError) Error() string { return "connection exceeded flow control window size" } 1247 1248 // connError represents an HTTP/2 ConnectionError error code, along 1249 // with a string (for debugging) explaining why. 1250 // 1251 // Errors of this type are only returned by the frame parser functions 1252 // and converted into ConnectionError(Code), after stashing away 1253 // the Reason into the Framer's errDetail field, accessible via 1254 // the (*Framer).ErrorDetail method. 1255 type http2connError struct { 1256 Code http2ErrCode // the ConnectionError error code 1257 Reason string // additional reason 1258 } 1259 1260 func (e http2connError) Error() string { 1261 return fmt.Sprintf("http2: connection error: %v: %v", e.Code, e.Reason) 1262 } 1263 1264 type http2pseudoHeaderError string 1265 1266 func (e http2pseudoHeaderError) Error() string { 1267 return fmt.Sprintf("invalid pseudo-header %q", string(e)) 1268 } 1269 1270 type http2duplicatePseudoHeaderError string 1271 1272 func (e http2duplicatePseudoHeaderError) Error() string { 1273 return fmt.Sprintf("duplicate pseudo-header %q", string(e)) 1274 } 1275 1276 type http2headerFieldNameError string 1277 1278 func (e http2headerFieldNameError) Error() string { 1279 return fmt.Sprintf("invalid header field name %q", string(e)) 1280 } 1281 1282 type http2headerFieldValueError string 1283 1284 func (e http2headerFieldValueError) Error() string { 1285 return fmt.Sprintf("invalid header field value %q", string(e)) 1286 } 1287 1288 var ( 1289 http2errMixPseudoHeaderTypes = errors.New("mix of request and response pseudo headers") 1290 http2errPseudoAfterRegular = errors.New("pseudo header field after regular") 1291 ) 1292 1293 // flow is the flow control window's size. 1294 type http2flow struct { 1295 _ http2incomparable 1296 1297 // n is the number of DATA bytes we're allowed to send. 1298 // A flow is kept both on a conn and a per-stream. 1299 n int32 1300 1301 // conn points to the shared connection-level flow that is 1302 // shared by all streams on that conn. It is nil for the flow 1303 // that's on the conn directly. 1304 conn *http2flow 1305 } 1306 1307 func (f *http2flow) setConnFlow(cf *http2flow) { f.conn = cf } 1308 1309 func (f *http2flow) available() int32 { 1310 n := f.n 1311 if f.conn != nil && f.conn.n < n { 1312 n = f.conn.n 1313 } 1314 return n 1315 } 1316 1317 func (f *http2flow) take(n int32) { 1318 if n > f.available() { 1319 panic("internal error: took too much") 1320 } 1321 f.n -= n 1322 if f.conn != nil { 1323 f.conn.n -= n 1324 } 1325 } 1326 1327 // add adds n bytes (positive or negative) to the flow control window. 1328 // It returns false if the sum would exceed 2^31-1. 1329 func (f *http2flow) add(n int32) bool { 1330 sum := f.n + n 1331 if (sum > n) == (f.n > 0) { 1332 f.n = sum 1333 return true 1334 } 1335 return false 1336 } 1337 1338 const http2frameHeaderLen = 9 1339 1340 var http2padZeros = make([]byte, 255) // zeros for padding 1341 1342 // A FrameType is a registered frame type as defined in 1343 // http://http2.github.io/http2-spec/#rfc.section.11.2 1344 type http2FrameType uint8 1345 1346 const ( 1347 http2FrameData http2FrameType = 0x0 1348 http2FrameHeaders http2FrameType = 0x1 1349 http2FramePriority http2FrameType = 0x2 1350 http2FrameRSTStream http2FrameType = 0x3 1351 http2FrameSettings http2FrameType = 0x4 1352 http2FramePushPromise http2FrameType = 0x5 1353 http2FramePing http2FrameType = 0x6 1354 http2FrameGoAway http2FrameType = 0x7 1355 http2FrameWindowUpdate http2FrameType = 0x8 1356 http2FrameContinuation http2FrameType = 0x9 1357 ) 1358 1359 var http2frameName = map[http2FrameType]string{ 1360 http2FrameData: "DATA", 1361 http2FrameHeaders: "HEADERS", 1362 http2FramePriority: "PRIORITY", 1363 http2FrameRSTStream: "RST_STREAM", 1364 http2FrameSettings: "SETTINGS", 1365 http2FramePushPromise: "PUSH_PROMISE", 1366 http2FramePing: "PING", 1367 http2FrameGoAway: "GOAWAY", 1368 http2FrameWindowUpdate: "WINDOW_UPDATE", 1369 http2FrameContinuation: "CONTINUATION", 1370 } 1371 1372 func (t http2FrameType) String() string { 1373 if s, ok := http2frameName[t]; ok { 1374 return s 1375 } 1376 return fmt.Sprintf("UNKNOWN_FRAME_TYPE_%d", uint8(t)) 1377 } 1378 1379 // Flags is a bitmask of HTTP/2 flags. 1380 // The meaning of flags varies depending on the frame type. 1381 type http2Flags uint8 1382 1383 // Has reports whether f contains all (0 or more) flags in v. 1384 func (f http2Flags) Has(v http2Flags) bool { 1385 return (f & v) == v 1386 } 1387 1388 // Frame-specific FrameHeader flag bits. 1389 const ( 1390 // Data Frame 1391 http2FlagDataEndStream http2Flags = 0x1 1392 http2FlagDataPadded http2Flags = 0x8 1393 1394 // Headers Frame 1395 http2FlagHeadersEndStream http2Flags = 0x1 1396 http2FlagHeadersEndHeaders http2Flags = 0x4 1397 http2FlagHeadersPadded http2Flags = 0x8 1398 http2FlagHeadersPriority http2Flags = 0x20 1399 1400 // Settings Frame 1401 http2FlagSettingsAck http2Flags = 0x1 1402 1403 // Ping Frame 1404 http2FlagPingAck http2Flags = 0x1 1405 1406 // Continuation Frame 1407 http2FlagContinuationEndHeaders http2Flags = 0x4 1408 1409 http2FlagPushPromiseEndHeaders http2Flags = 0x4 1410 http2FlagPushPromisePadded http2Flags = 0x8 1411 ) 1412 1413 var http2flagName = map[http2FrameType]map[http2Flags]string{ 1414 http2FrameData: { 1415 http2FlagDataEndStream: "END_STREAM", 1416 http2FlagDataPadded: "PADDED", 1417 }, 1418 http2FrameHeaders: { 1419 http2FlagHeadersEndStream: "END_STREAM", 1420 http2FlagHeadersEndHeaders: "END_HEADERS", 1421 http2FlagHeadersPadded: "PADDED", 1422 http2FlagHeadersPriority: "PRIORITY", 1423 }, 1424 http2FrameSettings: { 1425 http2FlagSettingsAck: "ACK", 1426 }, 1427 http2FramePing: { 1428 http2FlagPingAck: "ACK", 1429 }, 1430 http2FrameContinuation: { 1431 http2FlagContinuationEndHeaders: "END_HEADERS", 1432 }, 1433 http2FramePushPromise: { 1434 http2FlagPushPromiseEndHeaders: "END_HEADERS", 1435 http2FlagPushPromisePadded: "PADDED", 1436 }, 1437 } 1438 1439 // a frameParser parses a frame given its FrameHeader and payload 1440 // bytes. The length of payload will always equal fh.Length (which 1441 // might be 0). 1442 type http2frameParser func(fc *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) 1443 1444 var http2frameParsers = map[http2FrameType]http2frameParser{ 1445 http2FrameData: http2parseDataFrame, 1446 http2FrameHeaders: http2parseHeadersFrame, 1447 http2FramePriority: http2parsePriorityFrame, 1448 http2FrameRSTStream: http2parseRSTStreamFrame, 1449 http2FrameSettings: http2parseSettingsFrame, 1450 http2FramePushPromise: http2parsePushPromise, 1451 http2FramePing: http2parsePingFrame, 1452 http2FrameGoAway: http2parseGoAwayFrame, 1453 http2FrameWindowUpdate: http2parseWindowUpdateFrame, 1454 http2FrameContinuation: http2parseContinuationFrame, 1455 } 1456 1457 func http2typeFrameParser(t http2FrameType) http2frameParser { 1458 if f := http2frameParsers[t]; f != nil { 1459 return f 1460 } 1461 return http2parseUnknownFrame 1462 } 1463 1464 // A FrameHeader is the 9 byte header of all HTTP/2 frames. 1465 // 1466 // See http://http2.github.io/http2-spec/#FrameHeader 1467 type http2FrameHeader struct { 1468 valid bool // caller can access []byte fields in the Frame 1469 1470 // Type is the 1 byte frame type. There are ten standard frame 1471 // types, but extension frame types may be written by WriteRawFrame 1472 // and will be returned by ReadFrame (as UnknownFrame). 1473 Type http2FrameType 1474 1475 // Flags are the 1 byte of 8 potential bit flags per frame. 1476 // They are specific to the frame type. 1477 Flags http2Flags 1478 1479 // Length is the length of the frame, not including the 9 byte header. 1480 // The maximum size is one byte less than 16MB (uint24), but only 1481 // frames up to 16KB are allowed without peer agreement. 1482 Length uint32 1483 1484 // StreamID is which stream this frame is for. Certain frames 1485 // are not stream-specific, in which case this field is 0. 1486 StreamID uint32 1487 } 1488 1489 // Header returns h. It exists so FrameHeaders can be embedded in other 1490 // specific frame types and implement the Frame interface. 1491 func (h http2FrameHeader) Header() http2FrameHeader { return h } 1492 1493 func (h http2FrameHeader) String() string { 1494 var buf bytes.Buffer 1495 buf.WriteString("[FrameHeader ") 1496 h.writeDebug(&buf) 1497 buf.WriteByte(']') 1498 return buf.String() 1499 } 1500 1501 func (h http2FrameHeader) writeDebug(buf *bytes.Buffer) { 1502 buf.WriteString(h.Type.String()) 1503 if h.Flags != 0 { 1504 buf.WriteString(" flags=") 1505 set := 0 1506 for i := uint8(0); i < 8; i++ { 1507 if h.Flags&(1<<i) == 0 { 1508 continue 1509 } 1510 set++ 1511 if set > 1 { 1512 buf.WriteByte('|') 1513 } 1514 name := http2flagName[h.Type][http2Flags(1<<i)] 1515 if name != "" { 1516 buf.WriteString(name) 1517 } else { 1518 fmt.Fprintf(buf, "0x%x", 1<<i) 1519 } 1520 } 1521 } 1522 if h.StreamID != 0 { 1523 fmt.Fprintf(buf, " stream=%d", h.StreamID) 1524 } 1525 fmt.Fprintf(buf, " len=%d", h.Length) 1526 } 1527 1528 func (h *http2FrameHeader) checkValid() { 1529 if !h.valid { 1530 panic("Frame accessor called on non-owned Frame") 1531 } 1532 } 1533 1534 func (h *http2FrameHeader) invalidate() { h.valid = false } 1535 1536 // frame header bytes. 1537 // Used only by ReadFrameHeader. 1538 var http2fhBytes = sync.Pool{ 1539 New: func() interface{} { 1540 buf := make([]byte, http2frameHeaderLen) 1541 return &buf 1542 }, 1543 } 1544 1545 // ReadFrameHeader reads 9 bytes from r and returns a FrameHeader. 1546 // Most users should use Framer.ReadFrame instead. 1547 func http2ReadFrameHeader(r io.Reader) (http2FrameHeader, error) { 1548 bufp := http2fhBytes.Get().(*[]byte) 1549 defer http2fhBytes.Put(bufp) 1550 return http2readFrameHeader(*bufp, r) 1551 } 1552 1553 func http2readFrameHeader(buf []byte, r io.Reader) (http2FrameHeader, error) { 1554 _, err := io.ReadFull(r, buf[:http2frameHeaderLen]) 1555 if err != nil { 1556 return http2FrameHeader{}, err 1557 } 1558 return http2FrameHeader{ 1559 Length: (uint32(buf[0])<<16 | uint32(buf[1])<<8 | uint32(buf[2])), 1560 Type: http2FrameType(buf[3]), 1561 Flags: http2Flags(buf[4]), 1562 StreamID: binary.BigEndian.Uint32(buf[5:]) & (1<<31 - 1), 1563 valid: true, 1564 }, nil 1565 } 1566 1567 // A Frame is the base interface implemented by all frame types. 1568 // Callers will generally type-assert the specific frame type: 1569 // *HeadersFrame, *SettingsFrame, *WindowUpdateFrame, etc. 1570 // 1571 // Frames are only valid until the next call to Framer.ReadFrame. 1572 type http2Frame interface { 1573 Header() http2FrameHeader 1574 1575 // invalidate is called by Framer.ReadFrame to make this 1576 // frame's buffers as being invalid, since the subsequent 1577 // frame will reuse them. 1578 invalidate() 1579 } 1580 1581 // A Framer reads and writes Frames. 1582 type http2Framer struct { 1583 r io.Reader 1584 lastFrame http2Frame 1585 errDetail error 1586 1587 // lastHeaderStream is non-zero if the last frame was an 1588 // unfinished HEADERS/CONTINUATION. 1589 lastHeaderStream uint32 1590 1591 maxReadSize uint32 1592 headerBuf [http2frameHeaderLen]byte 1593 1594 // TODO: let getReadBuf be configurable, and use a less memory-pinning 1595 // allocator in server.go to minimize memory pinned for many idle conns. 1596 // Will probably also need to make frame invalidation have a hook too. 1597 getReadBuf func(size uint32) []byte 1598 readBuf []byte // cache for default getReadBuf 1599 1600 maxWriteSize uint32 // zero means unlimited; TODO: implement 1601 1602 w io.Writer 1603 wbuf []byte 1604 1605 // AllowIllegalWrites permits the Framer's Write methods to 1606 // write frames that do not conform to the HTTP/2 spec. This 1607 // permits using the Framer to test other HTTP/2 1608 // implementations' conformance to the spec. 1609 // If false, the Write methods will prefer to return an error 1610 // rather than comply. 1611 AllowIllegalWrites bool 1612 1613 // AllowIllegalReads permits the Framer's ReadFrame method 1614 // to return non-compliant frames or frame orders. 1615 // This is for testing and permits using the Framer to test 1616 // other HTTP/2 implementations' conformance to the spec. 1617 // It is not compatible with ReadMetaHeaders. 1618 AllowIllegalReads bool 1619 1620 // ReadMetaHeaders if non-nil causes ReadFrame to merge 1621 // HEADERS and CONTINUATION frames together and return 1622 // MetaHeadersFrame instead. 1623 ReadMetaHeaders *hpack.Decoder 1624 1625 // MaxHeaderListSize is the http2 MAX_HEADER_LIST_SIZE. 1626 // It's used only if ReadMetaHeaders is set; 0 means a sane default 1627 // (currently 16MB) 1628 // If the limit is hit, MetaHeadersFrame.Truncated is set true. 1629 MaxHeaderListSize uint32 1630 1631 // TODO: track which type of frame & with which flags was sent 1632 // last. Then return an error (unless AllowIllegalWrites) if 1633 // we're in the middle of a header block and a 1634 // non-Continuation or Continuation on a different stream is 1635 // attempted to be written. 1636 1637 logReads, logWrites bool 1638 1639 debugFramer *http2Framer // only use for logging written writes 1640 debugFramerBuf *bytes.Buffer 1641 debugReadLoggerf func(string, ...interface{}) 1642 debugWriteLoggerf func(string, ...interface{}) 1643 1644 frameCache *http2frameCache // nil if frames aren't reused (default) 1645 } 1646 1647 func (fr *http2Framer) maxHeaderListSize() uint32 { 1648 if fr.MaxHeaderListSize == 0 { 1649 return 16 << 20 // sane default, per docs 1650 } 1651 return fr.MaxHeaderListSize 1652 } 1653 1654 func (f *http2Framer) startWrite(ftype http2FrameType, flags http2Flags, streamID uint32) { 1655 // Write the FrameHeader. 1656 f.wbuf = append(f.wbuf[:0], 1657 0, // 3 bytes of length, filled in in endWrite 1658 0, 1659 0, 1660 byte(ftype), 1661 byte(flags), 1662 byte(streamID>>24), 1663 byte(streamID>>16), 1664 byte(streamID>>8), 1665 byte(streamID)) 1666 } 1667 1668 func (f *http2Framer) endWrite() error { 1669 // Now that we know the final size, fill in the FrameHeader in 1670 // the space previously reserved for it. Abuse append. 1671 length := len(f.wbuf) - http2frameHeaderLen 1672 if length >= (1 << 24) { 1673 return http2ErrFrameTooLarge 1674 } 1675 _ = append(f.wbuf[:0], 1676 byte(length>>16), 1677 byte(length>>8), 1678 byte(length)) 1679 if f.logWrites { 1680 f.logWrite() 1681 } 1682 1683 n, err := f.w.Write(f.wbuf) 1684 if err == nil && n != len(f.wbuf) { 1685 err = io.ErrShortWrite 1686 } 1687 return err 1688 } 1689 1690 func (f *http2Framer) logWrite() { 1691 if f.debugFramer == nil { 1692 f.debugFramerBuf = new(bytes.Buffer) 1693 f.debugFramer = http2NewFramer(nil, f.debugFramerBuf) 1694 f.debugFramer.logReads = false // we log it ourselves, saying "wrote" below 1695 // Let us read anything, even if we accidentally wrote it 1696 // in the wrong order: 1697 f.debugFramer.AllowIllegalReads = true 1698 } 1699 f.debugFramerBuf.Write(f.wbuf) 1700 fr, err := f.debugFramer.ReadFrame() 1701 if err != nil { 1702 f.debugWriteLoggerf("http2: Framer %p: failed to decode just-written frame", f) 1703 return 1704 } 1705 f.debugWriteLoggerf("http2: Framer %p: wrote %v", f, http2summarizeFrame(fr)) 1706 } 1707 1708 func (f *http2Framer) writeByte(v byte) { f.wbuf = append(f.wbuf, v) } 1709 1710 func (f *http2Framer) writeBytes(v []byte) { f.wbuf = append(f.wbuf, v...) } 1711 1712 func (f *http2Framer) writeUint16(v uint16) { f.wbuf = append(f.wbuf, byte(v>>8), byte(v)) } 1713 1714 func (f *http2Framer) writeUint32(v uint32) { 1715 f.wbuf = append(f.wbuf, byte(v>>24), byte(v>>16), byte(v>>8), byte(v)) 1716 } 1717 1718 const ( 1719 http2minMaxFrameSize = 1 << 14 1720 http2maxFrameSize = 1<<24 - 1 1721 ) 1722 1723 // SetReuseFrames allows the Framer to reuse Frames. 1724 // If called on a Framer, Frames returned by calls to ReadFrame are only 1725 // valid until the next call to ReadFrame. 1726 func (fr *http2Framer) SetReuseFrames() { 1727 if fr.frameCache != nil { 1728 return 1729 } 1730 fr.frameCache = &http2frameCache{} 1731 } 1732 1733 type http2frameCache struct { 1734 dataFrame http2DataFrame 1735 } 1736 1737 func (fc *http2frameCache) getDataFrame() *http2DataFrame { 1738 if fc == nil { 1739 return &http2DataFrame{} 1740 } 1741 return &fc.dataFrame 1742 } 1743 1744 // NewFramer returns a Framer that writes frames to w and reads them from r. 1745 func http2NewFramer(w io.Writer, r io.Reader) *http2Framer { 1746 fr := &http2Framer{ 1747 w: w, 1748 r: r, 1749 logReads: http2logFrameReads, 1750 logWrites: http2logFrameWrites, 1751 debugReadLoggerf: log.Printf, 1752 debugWriteLoggerf: log.Printf, 1753 } 1754 fr.getReadBuf = func(size uint32) []byte { 1755 if cap(fr.readBuf) >= int(size) { 1756 return fr.readBuf[:size] 1757 } 1758 fr.readBuf = make([]byte, size) 1759 return fr.readBuf 1760 } 1761 fr.SetMaxReadFrameSize(http2maxFrameSize) 1762 return fr 1763 } 1764 1765 // SetMaxReadFrameSize sets the maximum size of a frame 1766 // that will be read by a subsequent call to ReadFrame. 1767 // It is the caller's responsibility to advertise this 1768 // limit with a SETTINGS frame. 1769 func (fr *http2Framer) SetMaxReadFrameSize(v uint32) { 1770 if v > http2maxFrameSize { 1771 v = http2maxFrameSize 1772 } 1773 fr.maxReadSize = v 1774 } 1775 1776 // ErrorDetail returns a more detailed error of the last error 1777 // returned by Framer.ReadFrame. For instance, if ReadFrame 1778 // returns a StreamError with code PROTOCOL_ERROR, ErrorDetail 1779 // will say exactly what was invalid. ErrorDetail is not guaranteed 1780 // to return a non-nil value and like the rest of the http2 package, 1781 // its return value is not protected by an API compatibility promise. 1782 // ErrorDetail is reset after the next call to ReadFrame. 1783 func (fr *http2Framer) ErrorDetail() error { 1784 return fr.errDetail 1785 } 1786 1787 // ErrFrameTooLarge is returned from Framer.ReadFrame when the peer 1788 // sends a frame that is larger than declared with SetMaxReadFrameSize. 1789 var http2ErrFrameTooLarge = errors.New("http2: frame too large") 1790 1791 // terminalReadFrameError reports whether err is an unrecoverable 1792 // error from ReadFrame and no other frames should be read. 1793 func http2terminalReadFrameError(err error) bool { 1794 if _, ok := err.(http2StreamError); ok { 1795 return false 1796 } 1797 return err != nil 1798 } 1799 1800 // ReadFrame reads a single frame. The returned Frame is only valid 1801 // until the next call to ReadFrame. 1802 // 1803 // If the frame is larger than previously set with SetMaxReadFrameSize, the 1804 // returned error is ErrFrameTooLarge. Other errors may be of type 1805 // ConnectionError, StreamError, or anything else from the underlying 1806 // reader. 1807 func (fr *http2Framer) ReadFrame() (http2Frame, error) { 1808 fr.errDetail = nil 1809 if fr.lastFrame != nil { 1810 fr.lastFrame.invalidate() 1811 } 1812 fh, err := http2readFrameHeader(fr.headerBuf[:], fr.r) 1813 if err != nil { 1814 return nil, err 1815 } 1816 if fh.Length > fr.maxReadSize { 1817 return nil, http2ErrFrameTooLarge 1818 } 1819 payload := fr.getReadBuf(fh.Length) 1820 if _, err := io.ReadFull(fr.r, payload); err != nil { 1821 return nil, err 1822 } 1823 f, err := http2typeFrameParser(fh.Type)(fr.frameCache, fh, payload) 1824 if err != nil { 1825 if ce, ok := err.(http2connError); ok { 1826 return nil, fr.connError(ce.Code, ce.Reason) 1827 } 1828 return nil, err 1829 } 1830 if err := fr.checkFrameOrder(f); err != nil { 1831 return nil, err 1832 } 1833 if fr.logReads { 1834 fr.debugReadLoggerf("http2: Framer %p: read %v", fr, http2summarizeFrame(f)) 1835 } 1836 if fh.Type == http2FrameHeaders && fr.ReadMetaHeaders != nil { 1837 return fr.readMetaFrame(f.(*http2HeadersFrame)) 1838 } 1839 return f, nil 1840 } 1841 1842 // connError returns ConnectionError(code) but first 1843 // stashes away a public reason to the caller can optionally relay it 1844 // to the peer before hanging up on them. This might help others debug 1845 // their implementations. 1846 func (fr *http2Framer) connError(code http2ErrCode, reason string) error { 1847 fr.errDetail = errors.New(reason) 1848 return http2ConnectionError(code) 1849 } 1850 1851 // checkFrameOrder reports an error if f is an invalid frame to return 1852 // next from ReadFrame. Mostly it checks whether HEADERS and 1853 // CONTINUATION frames are contiguous. 1854 func (fr *http2Framer) checkFrameOrder(f http2Frame) error { 1855 last := fr.lastFrame 1856 fr.lastFrame = f 1857 if fr.AllowIllegalReads { 1858 return nil 1859 } 1860 1861 fh := f.Header() 1862 if fr.lastHeaderStream != 0 { 1863 if fh.Type != http2FrameContinuation { 1864 return fr.connError(http2ErrCodeProtocol, 1865 fmt.Sprintf("got %s for stream %d; expected CONTINUATION following %s for stream %d", 1866 fh.Type, fh.StreamID, 1867 last.Header().Type, fr.lastHeaderStream)) 1868 } 1869 if fh.StreamID != fr.lastHeaderStream { 1870 return fr.connError(http2ErrCodeProtocol, 1871 fmt.Sprintf("got CONTINUATION for stream %d; expected stream %d", 1872 fh.StreamID, fr.lastHeaderStream)) 1873 } 1874 } else if fh.Type == http2FrameContinuation { 1875 return fr.connError(http2ErrCodeProtocol, fmt.Sprintf("unexpected CONTINUATION for stream %d", fh.StreamID)) 1876 } 1877 1878 switch fh.Type { 1879 case http2FrameHeaders, http2FrameContinuation: 1880 if fh.Flags.Has(http2FlagHeadersEndHeaders) { 1881 fr.lastHeaderStream = 0 1882 } else { 1883 fr.lastHeaderStream = fh.StreamID 1884 } 1885 } 1886 1887 return nil 1888 } 1889 1890 // A DataFrame conveys arbitrary, variable-length sequences of octets 1891 // associated with a stream. 1892 // See http://http2.github.io/http2-spec/#rfc.section.6.1 1893 type http2DataFrame struct { 1894 http2FrameHeader 1895 data []byte 1896 } 1897 1898 func (f *http2DataFrame) StreamEnded() bool { 1899 return f.http2FrameHeader.Flags.Has(http2FlagDataEndStream) 1900 } 1901 1902 // Data returns the frame's data octets, not including any padding 1903 // size byte or padding suffix bytes. 1904 // The caller must not retain the returned memory past the next 1905 // call to ReadFrame. 1906 func (f *http2DataFrame) Data() []byte { 1907 f.checkValid() 1908 return f.data 1909 } 1910 1911 func http2parseDataFrame(fc *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) { 1912 if fh.StreamID == 0 { 1913 // DATA frames MUST be associated with a stream. If a 1914 // DATA frame is received whose stream identifier 1915 // field is 0x0, the recipient MUST respond with a 1916 // connection error (Section 5.4.1) of type 1917 // PROTOCOL_ERROR. 1918 return nil, http2connError{http2ErrCodeProtocol, "DATA frame with stream ID 0"} 1919 } 1920 f := fc.getDataFrame() 1921 f.http2FrameHeader = fh 1922 1923 var padSize byte 1924 if fh.Flags.Has(http2FlagDataPadded) { 1925 var err error 1926 payload, padSize, err = http2readByte(payload) 1927 if err != nil { 1928 return nil, err 1929 } 1930 } 1931 if int(padSize) > len(payload) { 1932 // If the length of the padding is greater than the 1933 // length of the frame payload, the recipient MUST 1934 // treat this as a connection error. 1935 // Filed: https://github.com/http2/http2-spec/issues/610 1936 return nil, http2connError{http2ErrCodeProtocol, "pad size larger than data payload"} 1937 } 1938 f.data = payload[:len(payload)-int(padSize)] 1939 return f, nil 1940 } 1941 1942 var ( 1943 http2errStreamID = errors.New("invalid stream ID") 1944 http2errDepStreamID = errors.New("invalid dependent stream ID") 1945 http2errPadLength = errors.New("pad length too large") 1946 http2errPadBytes = errors.New("padding bytes must all be zeros unless AllowIllegalWrites is enabled") 1947 ) 1948 1949 func http2validStreamIDOrZero(streamID uint32) bool { 1950 return streamID&(1<<31) == 0 1951 } 1952 1953 func http2validStreamID(streamID uint32) bool { 1954 return streamID != 0 && streamID&(1<<31) == 0 1955 } 1956 1957 // WriteData writes a DATA frame. 1958 // 1959 // It will perform exactly one Write to the underlying Writer. 1960 // It is the caller's responsibility not to violate the maximum frame size 1961 // and to not call other Write methods concurrently. 1962 func (f *http2Framer) WriteData(streamID uint32, endStream bool, data []byte) error { 1963 return f.WriteDataPadded(streamID, endStream, data, nil) 1964 } 1965 1966 // WriteDataPadded writes a DATA frame with optional padding. 1967 // 1968 // If pad is nil, the padding bit is not sent. 1969 // The length of pad must not exceed 255 bytes. 1970 // The bytes of pad must all be zero, unless f.AllowIllegalWrites is set. 1971 // 1972 // It will perform exactly one Write to the underlying Writer. 1973 // It is the caller's responsibility not to violate the maximum frame size 1974 // and to not call other Write methods concurrently. 1975 func (f *http2Framer) WriteDataPadded(streamID uint32, endStream bool, data, pad []byte) error { 1976 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 1977 return http2errStreamID 1978 } 1979 if len(pad) > 0 { 1980 if len(pad) > 255 { 1981 return http2errPadLength 1982 } 1983 if !f.AllowIllegalWrites { 1984 for _, b := range pad { 1985 if b != 0 { 1986 // "Padding octets MUST be set to zero when sending." 1987 return http2errPadBytes 1988 } 1989 } 1990 } 1991 } 1992 var flags http2Flags 1993 if endStream { 1994 flags |= http2FlagDataEndStream 1995 } 1996 if pad != nil { 1997 flags |= http2FlagDataPadded 1998 } 1999 f.startWrite(http2FrameData, flags, streamID) 2000 if pad != nil { 2001 f.wbuf = append(f.wbuf, byte(len(pad))) 2002 } 2003 f.wbuf = append(f.wbuf, data...) 2004 f.wbuf = append(f.wbuf, pad...) 2005 return f.endWrite() 2006 } 2007 2008 // A SettingsFrame conveys configuration parameters that affect how 2009 // endpoints communicate, such as preferences and constraints on peer 2010 // behavior. 2011 // 2012 // See http://http2.github.io/http2-spec/#SETTINGS 2013 type http2SettingsFrame struct { 2014 http2FrameHeader 2015 p []byte 2016 } 2017 2018 func http2parseSettingsFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2019 if fh.Flags.Has(http2FlagSettingsAck) && fh.Length > 0 { 2020 // When this (ACK 0x1) bit is set, the payload of the 2021 // SETTINGS frame MUST be empty. Receipt of a 2022 // SETTINGS frame with the ACK flag set and a length 2023 // field value other than 0 MUST be treated as a 2024 // connection error (Section 5.4.1) of type 2025 // FRAME_SIZE_ERROR. 2026 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2027 } 2028 if fh.StreamID != 0 { 2029 // SETTINGS frames always apply to a connection, 2030 // never a single stream. The stream identifier for a 2031 // SETTINGS frame MUST be zero (0x0). If an endpoint 2032 // receives a SETTINGS frame whose stream identifier 2033 // field is anything other than 0x0, the endpoint MUST 2034 // respond with a connection error (Section 5.4.1) of 2035 // type PROTOCOL_ERROR. 2036 return nil, http2ConnectionError(http2ErrCodeProtocol) 2037 } 2038 if len(p)%6 != 0 { 2039 // Expecting even number of 6 byte settings. 2040 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2041 } 2042 f := &http2SettingsFrame{http2FrameHeader: fh, p: p} 2043 if v, ok := f.Value(http2SettingInitialWindowSize); ok && v > (1<<31)-1 { 2044 // Values above the maximum flow control window size of 2^31 - 1 MUST 2045 // be treated as a connection error (Section 5.4.1) of type 2046 // FLOW_CONTROL_ERROR. 2047 return nil, http2ConnectionError(http2ErrCodeFlowControl) 2048 } 2049 return f, nil 2050 } 2051 2052 func (f *http2SettingsFrame) IsAck() bool { 2053 return f.http2FrameHeader.Flags.Has(http2FlagSettingsAck) 2054 } 2055 2056 func (f *http2SettingsFrame) Value(id http2SettingID) (v uint32, ok bool) { 2057 f.checkValid() 2058 for i := 0; i < f.NumSettings(); i++ { 2059 if s := f.Setting(i); s.ID == id { 2060 return s.Val, true 2061 } 2062 } 2063 return 0, false 2064 } 2065 2066 // Setting returns the setting from the frame at the given 0-based index. 2067 // The index must be >= 0 and less than f.NumSettings(). 2068 func (f *http2SettingsFrame) Setting(i int) http2Setting { 2069 buf := f.p 2070 return http2Setting{ 2071 ID: http2SettingID(binary.BigEndian.Uint16(buf[i*6 : i*6+2])), 2072 Val: binary.BigEndian.Uint32(buf[i*6+2 : i*6+6]), 2073 } 2074 } 2075 2076 func (f *http2SettingsFrame) NumSettings() int { return len(f.p) / 6 } 2077 2078 // HasDuplicates reports whether f contains any duplicate setting IDs. 2079 func (f *http2SettingsFrame) HasDuplicates() bool { 2080 num := f.NumSettings() 2081 if num == 0 { 2082 return false 2083 } 2084 // If it's small enough (the common case), just do the n^2 2085 // thing and avoid a map allocation. 2086 if num < 10 { 2087 for i := 0; i < num; i++ { 2088 idi := f.Setting(i).ID 2089 for j := i + 1; j < num; j++ { 2090 idj := f.Setting(j).ID 2091 if idi == idj { 2092 return true 2093 } 2094 } 2095 } 2096 return false 2097 } 2098 seen := map[http2SettingID]bool{} 2099 for i := 0; i < num; i++ { 2100 id := f.Setting(i).ID 2101 if seen[id] { 2102 return true 2103 } 2104 seen[id] = true 2105 } 2106 return false 2107 } 2108 2109 // ForeachSetting runs fn for each setting. 2110 // It stops and returns the first error. 2111 func (f *http2SettingsFrame) ForeachSetting(fn func(http2Setting) error) error { 2112 f.checkValid() 2113 for i := 0; i < f.NumSettings(); i++ { 2114 if err := fn(f.Setting(i)); err != nil { 2115 return err 2116 } 2117 } 2118 return nil 2119 } 2120 2121 // WriteSettings writes a SETTINGS frame with zero or more settings 2122 // specified and the ACK bit not set. 2123 // 2124 // It will perform exactly one Write to the underlying Writer. 2125 // It is the caller's responsibility to not call other Write methods concurrently. 2126 func (f *http2Framer) WriteSettings(settings ...http2Setting) error { 2127 f.startWrite(http2FrameSettings, 0, 0) 2128 for _, s := range settings { 2129 f.writeUint16(uint16(s.ID)) 2130 f.writeUint32(s.Val) 2131 } 2132 return f.endWrite() 2133 } 2134 2135 // WriteSettingsAck writes an empty SETTINGS frame with the ACK bit set. 2136 // 2137 // It will perform exactly one Write to the underlying Writer. 2138 // It is the caller's responsibility to not call other Write methods concurrently. 2139 func (f *http2Framer) WriteSettingsAck() error { 2140 f.startWrite(http2FrameSettings, http2FlagSettingsAck, 0) 2141 return f.endWrite() 2142 } 2143 2144 // A PingFrame is a mechanism for measuring a minimal round trip time 2145 // from the sender, as well as determining whether an idle connection 2146 // is still functional. 2147 // See http://http2.github.io/http2-spec/#rfc.section.6.7 2148 type http2PingFrame struct { 2149 http2FrameHeader 2150 Data [8]byte 2151 } 2152 2153 func (f *http2PingFrame) IsAck() bool { return f.Flags.Has(http2FlagPingAck) } 2154 2155 func http2parsePingFrame(_ *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) { 2156 if len(payload) != 8 { 2157 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2158 } 2159 if fh.StreamID != 0 { 2160 return nil, http2ConnectionError(http2ErrCodeProtocol) 2161 } 2162 f := &http2PingFrame{http2FrameHeader: fh} 2163 copy(f.Data[:], payload) 2164 return f, nil 2165 } 2166 2167 func (f *http2Framer) WritePing(ack bool, data [8]byte) error { 2168 var flags http2Flags 2169 if ack { 2170 flags = http2FlagPingAck 2171 } 2172 f.startWrite(http2FramePing, flags, 0) 2173 f.writeBytes(data[:]) 2174 return f.endWrite() 2175 } 2176 2177 // A GoAwayFrame informs the remote peer to stop creating streams on this connection. 2178 // See http://http2.github.io/http2-spec/#rfc.section.6.8 2179 type http2GoAwayFrame struct { 2180 http2FrameHeader 2181 LastStreamID uint32 2182 ErrCode http2ErrCode 2183 debugData []byte 2184 } 2185 2186 // DebugData returns any debug data in the GOAWAY frame. Its contents 2187 // are not defined. 2188 // The caller must not retain the returned memory past the next 2189 // call to ReadFrame. 2190 func (f *http2GoAwayFrame) DebugData() []byte { 2191 f.checkValid() 2192 return f.debugData 2193 } 2194 2195 func http2parseGoAwayFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2196 if fh.StreamID != 0 { 2197 return nil, http2ConnectionError(http2ErrCodeProtocol) 2198 } 2199 if len(p) < 8 { 2200 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2201 } 2202 return &http2GoAwayFrame{ 2203 http2FrameHeader: fh, 2204 LastStreamID: binary.BigEndian.Uint32(p[:4]) & (1<<31 - 1), 2205 ErrCode: http2ErrCode(binary.BigEndian.Uint32(p[4:8])), 2206 debugData: p[8:], 2207 }, nil 2208 } 2209 2210 func (f *http2Framer) WriteGoAway(maxStreamID uint32, code http2ErrCode, debugData []byte) error { 2211 f.startWrite(http2FrameGoAway, 0, 0) 2212 f.writeUint32(maxStreamID & (1<<31 - 1)) 2213 f.writeUint32(uint32(code)) 2214 f.writeBytes(debugData) 2215 return f.endWrite() 2216 } 2217 2218 // An UnknownFrame is the frame type returned when the frame type is unknown 2219 // or no specific frame type parser exists. 2220 type http2UnknownFrame struct { 2221 http2FrameHeader 2222 p []byte 2223 } 2224 2225 // Payload returns the frame's payload (after the header). It is not 2226 // valid to call this method after a subsequent call to 2227 // Framer.ReadFrame, nor is it valid to retain the returned slice. 2228 // The memory is owned by the Framer and is invalidated when the next 2229 // frame is read. 2230 func (f *http2UnknownFrame) Payload() []byte { 2231 f.checkValid() 2232 return f.p 2233 } 2234 2235 func http2parseUnknownFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2236 return &http2UnknownFrame{fh, p}, nil 2237 } 2238 2239 // A WindowUpdateFrame is used to implement flow control. 2240 // See http://http2.github.io/http2-spec/#rfc.section.6.9 2241 type http2WindowUpdateFrame struct { 2242 http2FrameHeader 2243 Increment uint32 // never read with high bit set 2244 } 2245 2246 func http2parseWindowUpdateFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2247 if len(p) != 4 { 2248 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2249 } 2250 inc := binary.BigEndian.Uint32(p[:4]) & 0x7fffffff // mask off high reserved bit 2251 if inc == 0 { 2252 // A receiver MUST treat the receipt of a 2253 // WINDOW_UPDATE frame with an flow control window 2254 // increment of 0 as a stream error (Section 5.4.2) of 2255 // type PROTOCOL_ERROR; errors on the connection flow 2256 // control window MUST be treated as a connection 2257 // error (Section 5.4.1). 2258 if fh.StreamID == 0 { 2259 return nil, http2ConnectionError(http2ErrCodeProtocol) 2260 } 2261 return nil, http2streamError(fh.StreamID, http2ErrCodeProtocol) 2262 } 2263 return &http2WindowUpdateFrame{ 2264 http2FrameHeader: fh, 2265 Increment: inc, 2266 }, nil 2267 } 2268 2269 // WriteWindowUpdate writes a WINDOW_UPDATE frame. 2270 // The increment value must be between 1 and 2,147,483,647, inclusive. 2271 // If the Stream ID is zero, the window update applies to the 2272 // connection as a whole. 2273 func (f *http2Framer) WriteWindowUpdate(streamID, incr uint32) error { 2274 // "The legal range for the increment to the flow control window is 1 to 2^31-1 (2,147,483,647) octets." 2275 if (incr < 1 || incr > 2147483647) && !f.AllowIllegalWrites { 2276 return errors.New("illegal window increment value") 2277 } 2278 f.startWrite(http2FrameWindowUpdate, 0, streamID) 2279 f.writeUint32(incr) 2280 return f.endWrite() 2281 } 2282 2283 // A HeadersFrame is used to open a stream and additionally carries a 2284 // header block fragment. 2285 type http2HeadersFrame struct { 2286 http2FrameHeader 2287 2288 // Priority is set if FlagHeadersPriority is set in the FrameHeader. 2289 Priority http2PriorityParam 2290 2291 headerFragBuf []byte // not owned 2292 } 2293 2294 func (f *http2HeadersFrame) HeaderBlockFragment() []byte { 2295 f.checkValid() 2296 return f.headerFragBuf 2297 } 2298 2299 func (f *http2HeadersFrame) HeadersEnded() bool { 2300 return f.http2FrameHeader.Flags.Has(http2FlagHeadersEndHeaders) 2301 } 2302 2303 func (f *http2HeadersFrame) StreamEnded() bool { 2304 return f.http2FrameHeader.Flags.Has(http2FlagHeadersEndStream) 2305 } 2306 2307 func (f *http2HeadersFrame) HasPriority() bool { 2308 return f.http2FrameHeader.Flags.Has(http2FlagHeadersPriority) 2309 } 2310 2311 func http2parseHeadersFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (_ http2Frame, err error) { 2312 hf := &http2HeadersFrame{ 2313 http2FrameHeader: fh, 2314 } 2315 if fh.StreamID == 0 { 2316 // HEADERS frames MUST be associated with a stream. If a HEADERS frame 2317 // is received whose stream identifier field is 0x0, the recipient MUST 2318 // respond with a connection error (Section 5.4.1) of type 2319 // PROTOCOL_ERROR. 2320 return nil, http2connError{http2ErrCodeProtocol, "HEADERS frame with stream ID 0"} 2321 } 2322 var padLength uint8 2323 if fh.Flags.Has(http2FlagHeadersPadded) { 2324 if p, padLength, err = http2readByte(p); err != nil { 2325 return 2326 } 2327 } 2328 if fh.Flags.Has(http2FlagHeadersPriority) { 2329 var v uint32 2330 p, v, err = http2readUint32(p) 2331 if err != nil { 2332 return nil, err 2333 } 2334 hf.Priority.StreamDep = v & 0x7fffffff 2335 hf.Priority.Exclusive = (v != hf.Priority.StreamDep) // high bit was set 2336 p, hf.Priority.Weight, err = http2readByte(p) 2337 if err != nil { 2338 return nil, err 2339 } 2340 } 2341 if len(p)-int(padLength) < 0 { 2342 return nil, http2streamError(fh.StreamID, http2ErrCodeProtocol) 2343 } 2344 hf.headerFragBuf = p[:len(p)-int(padLength)] 2345 return hf, nil 2346 } 2347 2348 // HeadersFrameParam are the parameters for writing a HEADERS frame. 2349 type http2HeadersFrameParam struct { 2350 // StreamID is the required Stream ID to initiate. 2351 StreamID uint32 2352 // BlockFragment is part (or all) of a Header Block. 2353 BlockFragment []byte 2354 2355 // EndStream indicates that the header block is the last that 2356 // the endpoint will send for the identified stream. Setting 2357 // this flag causes the stream to enter one of "half closed" 2358 // states. 2359 EndStream bool 2360 2361 // EndHeaders indicates that this frame contains an entire 2362 // header block and is not followed by any 2363 // CONTINUATION frames. 2364 EndHeaders bool 2365 2366 // PadLength is the optional number of bytes of zeros to add 2367 // to this frame. 2368 PadLength uint8 2369 2370 // Priority, if non-zero, includes stream priority information 2371 // in the HEADER frame. 2372 Priority http2PriorityParam 2373 } 2374 2375 // WriteHeaders writes a single HEADERS frame. 2376 // 2377 // This is a low-level header writing method. Encoding headers and 2378 // splitting them into any necessary CONTINUATION frames is handled 2379 // elsewhere. 2380 // 2381 // It will perform exactly one Write to the underlying Writer. 2382 // It is the caller's responsibility to not call other Write methods concurrently. 2383 func (f *http2Framer) WriteHeaders(p http2HeadersFrameParam) error { 2384 if !http2validStreamID(p.StreamID) && !f.AllowIllegalWrites { 2385 return http2errStreamID 2386 } 2387 var flags http2Flags 2388 if p.PadLength != 0 { 2389 flags |= http2FlagHeadersPadded 2390 } 2391 if p.EndStream { 2392 flags |= http2FlagHeadersEndStream 2393 } 2394 if p.EndHeaders { 2395 flags |= http2FlagHeadersEndHeaders 2396 } 2397 if !p.Priority.IsZero() { 2398 flags |= http2FlagHeadersPriority 2399 } 2400 f.startWrite(http2FrameHeaders, flags, p.StreamID) 2401 if p.PadLength != 0 { 2402 f.writeByte(p.PadLength) 2403 } 2404 if !p.Priority.IsZero() { 2405 v := p.Priority.StreamDep 2406 if !http2validStreamIDOrZero(v) && !f.AllowIllegalWrites { 2407 return http2errDepStreamID 2408 } 2409 if p.Priority.Exclusive { 2410 v |= 1 << 31 2411 } 2412 f.writeUint32(v) 2413 f.writeByte(p.Priority.Weight) 2414 } 2415 f.wbuf = append(f.wbuf, p.BlockFragment...) 2416 f.wbuf = append(f.wbuf, http2padZeros[:p.PadLength]...) 2417 return f.endWrite() 2418 } 2419 2420 // A PriorityFrame specifies the sender-advised priority of a stream. 2421 // See http://http2.github.io/http2-spec/#rfc.section.6.3 2422 type http2PriorityFrame struct { 2423 http2FrameHeader 2424 http2PriorityParam 2425 } 2426 2427 // PriorityParam are the stream prioritzation parameters. 2428 type http2PriorityParam struct { 2429 // StreamDep is a 31-bit stream identifier for the 2430 // stream that this stream depends on. Zero means no 2431 // dependency. 2432 StreamDep uint32 2433 2434 // Exclusive is whether the dependency is exclusive. 2435 Exclusive bool 2436 2437 // Weight is the stream's zero-indexed weight. It should be 2438 // set together with StreamDep, or neither should be set. Per 2439 // the spec, "Add one to the value to obtain a weight between 2440 // 1 and 256." 2441 Weight uint8 2442 } 2443 2444 func (p http2PriorityParam) IsZero() bool { 2445 return p == http2PriorityParam{} 2446 } 2447 2448 func http2parsePriorityFrame(_ *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) { 2449 if fh.StreamID == 0 { 2450 return nil, http2connError{http2ErrCodeProtocol, "PRIORITY frame with stream ID 0"} 2451 } 2452 if len(payload) != 5 { 2453 return nil, http2connError{http2ErrCodeFrameSize, fmt.Sprintf("PRIORITY frame payload size was %d; want 5", len(payload))} 2454 } 2455 v := binary.BigEndian.Uint32(payload[:4]) 2456 streamID := v & 0x7fffffff // mask off high bit 2457 return &http2PriorityFrame{ 2458 http2FrameHeader: fh, 2459 http2PriorityParam: http2PriorityParam{ 2460 Weight: payload[4], 2461 StreamDep: streamID, 2462 Exclusive: streamID != v, // was high bit set? 2463 }, 2464 }, nil 2465 } 2466 2467 // WritePriority writes a PRIORITY frame. 2468 // 2469 // It will perform exactly one Write to the underlying Writer. 2470 // It is the caller's responsibility to not call other Write methods concurrently. 2471 func (f *http2Framer) WritePriority(streamID uint32, p http2PriorityParam) error { 2472 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 2473 return http2errStreamID 2474 } 2475 if !http2validStreamIDOrZero(p.StreamDep) { 2476 return http2errDepStreamID 2477 } 2478 f.startWrite(http2FramePriority, 0, streamID) 2479 v := p.StreamDep 2480 if p.Exclusive { 2481 v |= 1 << 31 2482 } 2483 f.writeUint32(v) 2484 f.writeByte(p.Weight) 2485 return f.endWrite() 2486 } 2487 2488 // A RSTStreamFrame allows for abnormal termination of a stream. 2489 // See http://http2.github.io/http2-spec/#rfc.section.6.4 2490 type http2RSTStreamFrame struct { 2491 http2FrameHeader 2492 ErrCode http2ErrCode 2493 } 2494 2495 func http2parseRSTStreamFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2496 if len(p) != 4 { 2497 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2498 } 2499 if fh.StreamID == 0 { 2500 return nil, http2ConnectionError(http2ErrCodeProtocol) 2501 } 2502 return &http2RSTStreamFrame{fh, http2ErrCode(binary.BigEndian.Uint32(p[:4]))}, nil 2503 } 2504 2505 // WriteRSTStream writes a RST_STREAM frame. 2506 // 2507 // It will perform exactly one Write to the underlying Writer. 2508 // It is the caller's responsibility to not call other Write methods concurrently. 2509 func (f *http2Framer) WriteRSTStream(streamID uint32, code http2ErrCode) error { 2510 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 2511 return http2errStreamID 2512 } 2513 f.startWrite(http2FrameRSTStream, 0, streamID) 2514 f.writeUint32(uint32(code)) 2515 return f.endWrite() 2516 } 2517 2518 // A ContinuationFrame is used to continue a sequence of header block fragments. 2519 // See http://http2.github.io/http2-spec/#rfc.section.6.10 2520 type http2ContinuationFrame struct { 2521 http2FrameHeader 2522 headerFragBuf []byte 2523 } 2524 2525 func http2parseContinuationFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2526 if fh.StreamID == 0 { 2527 return nil, http2connError{http2ErrCodeProtocol, "CONTINUATION frame with stream ID 0"} 2528 } 2529 return &http2ContinuationFrame{fh, p}, nil 2530 } 2531 2532 func (f *http2ContinuationFrame) HeaderBlockFragment() []byte { 2533 f.checkValid() 2534 return f.headerFragBuf 2535 } 2536 2537 func (f *http2ContinuationFrame) HeadersEnded() bool { 2538 return f.http2FrameHeader.Flags.Has(http2FlagContinuationEndHeaders) 2539 } 2540 2541 // WriteContinuation writes a CONTINUATION frame. 2542 // 2543 // It will perform exactly one Write to the underlying Writer. 2544 // It is the caller's responsibility to not call other Write methods concurrently. 2545 func (f *http2Framer) WriteContinuation(streamID uint32, endHeaders bool, headerBlockFragment []byte) error { 2546 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 2547 return http2errStreamID 2548 } 2549 var flags http2Flags 2550 if endHeaders { 2551 flags |= http2FlagContinuationEndHeaders 2552 } 2553 f.startWrite(http2FrameContinuation, flags, streamID) 2554 f.wbuf = append(f.wbuf, headerBlockFragment...) 2555 return f.endWrite() 2556 } 2557 2558 // A PushPromiseFrame is used to initiate a server stream. 2559 // See http://http2.github.io/http2-spec/#rfc.section.6.6 2560 type http2PushPromiseFrame struct { 2561 http2FrameHeader 2562 PromiseID uint32 2563 headerFragBuf []byte // not owned 2564 } 2565 2566 func (f *http2PushPromiseFrame) HeaderBlockFragment() []byte { 2567 f.checkValid() 2568 return f.headerFragBuf 2569 } 2570 2571 func (f *http2PushPromiseFrame) HeadersEnded() bool { 2572 return f.http2FrameHeader.Flags.Has(http2FlagPushPromiseEndHeaders) 2573 } 2574 2575 func http2parsePushPromise(_ *http2frameCache, fh http2FrameHeader, p []byte) (_ http2Frame, err error) { 2576 pp := &http2PushPromiseFrame{ 2577 http2FrameHeader: fh, 2578 } 2579 if pp.StreamID == 0 { 2580 // PUSH_PROMISE frames MUST be associated with an existing, 2581 // peer-initiated stream. The stream identifier of a 2582 // PUSH_PROMISE frame indicates the stream it is associated 2583 // with. If the stream identifier field specifies the value 2584 // 0x0, a recipient MUST respond with a connection error 2585 // (Section 5.4.1) of type PROTOCOL_ERROR. 2586 return nil, http2ConnectionError(http2ErrCodeProtocol) 2587 } 2588 // The PUSH_PROMISE frame includes optional padding. 2589 // Padding fields and flags are identical to those defined for DATA frames 2590 var padLength uint8 2591 if fh.Flags.Has(http2FlagPushPromisePadded) { 2592 if p, padLength, err = http2readByte(p); err != nil { 2593 return 2594 } 2595 } 2596 2597 p, pp.PromiseID, err = http2readUint32(p) 2598 if err != nil { 2599 return 2600 } 2601 pp.PromiseID = pp.PromiseID & (1<<31 - 1) 2602 2603 if int(padLength) > len(p) { 2604 // like the DATA frame, error out if padding is longer than the body. 2605 return nil, http2ConnectionError(http2ErrCodeProtocol) 2606 } 2607 pp.headerFragBuf = p[:len(p)-int(padLength)] 2608 return pp, nil 2609 } 2610 2611 // PushPromiseParam are the parameters for writing a PUSH_PROMISE frame. 2612 type http2PushPromiseParam struct { 2613 // StreamID is the required Stream ID to initiate. 2614 StreamID uint32 2615 2616 // PromiseID is the required Stream ID which this 2617 // Push Promises 2618 PromiseID uint32 2619 2620 // BlockFragment is part (or all) of a Header Block. 2621 BlockFragment []byte 2622 2623 // EndHeaders indicates that this frame contains an entire 2624 // header block and is not followed by any 2625 // CONTINUATION frames. 2626 EndHeaders bool 2627 2628 // PadLength is the optional number of bytes of zeros to add 2629 // to this frame. 2630 PadLength uint8 2631 } 2632 2633 // WritePushPromise writes a single PushPromise Frame. 2634 // 2635 // As with Header Frames, This is the low level call for writing 2636 // individual frames. Continuation frames are handled elsewhere. 2637 // 2638 // It will perform exactly one Write to the underlying Writer. 2639 // It is the caller's responsibility to not call other Write methods concurrently. 2640 func (f *http2Framer) WritePushPromise(p http2PushPromiseParam) error { 2641 if !http2validStreamID(p.StreamID) && !f.AllowIllegalWrites { 2642 return http2errStreamID 2643 } 2644 var flags http2Flags 2645 if p.PadLength != 0 { 2646 flags |= http2FlagPushPromisePadded 2647 } 2648 if p.EndHeaders { 2649 flags |= http2FlagPushPromiseEndHeaders 2650 } 2651 f.startWrite(http2FramePushPromise, flags, p.StreamID) 2652 if p.PadLength != 0 { 2653 f.writeByte(p.PadLength) 2654 } 2655 if !http2validStreamID(p.PromiseID) && !f.AllowIllegalWrites { 2656 return http2errStreamID 2657 } 2658 f.writeUint32(p.PromiseID) 2659 f.wbuf = append(f.wbuf, p.BlockFragment...) 2660 f.wbuf = append(f.wbuf, http2padZeros[:p.PadLength]...) 2661 return f.endWrite() 2662 } 2663 2664 // WriteRawFrame writes a raw frame. This can be used to write 2665 // extension frames unknown to this package. 2666 func (f *http2Framer) WriteRawFrame(t http2FrameType, flags http2Flags, streamID uint32, payload []byte) error { 2667 f.startWrite(t, flags, streamID) 2668 f.writeBytes(payload) 2669 return f.endWrite() 2670 } 2671 2672 func http2readByte(p []byte) (remain []byte, b byte, err error) { 2673 if len(p) == 0 { 2674 return nil, 0, io.ErrUnexpectedEOF 2675 } 2676 return p[1:], p[0], nil 2677 } 2678 2679 func http2readUint32(p []byte) (remain []byte, v uint32, err error) { 2680 if len(p) < 4 { 2681 return nil, 0, io.ErrUnexpectedEOF 2682 } 2683 return p[4:], binary.BigEndian.Uint32(p[:4]), nil 2684 } 2685 2686 type http2streamEnder interface { 2687 StreamEnded() bool 2688 } 2689 2690 type http2headersEnder interface { 2691 HeadersEnded() bool 2692 } 2693 2694 type http2headersOrContinuation interface { 2695 http2headersEnder 2696 HeaderBlockFragment() []byte 2697 } 2698 2699 // A MetaHeadersFrame is the representation of one HEADERS frame and 2700 // zero or more contiguous CONTINUATION frames and the decoding of 2701 // their HPACK-encoded contents. 2702 // 2703 // This type of frame does not appear on the wire and is only returned 2704 // by the Framer when Framer.ReadMetaHeaders is set. 2705 type http2MetaHeadersFrame struct { 2706 *http2HeadersFrame 2707 2708 // Fields are the fields contained in the HEADERS and 2709 // CONTINUATION frames. The underlying slice is owned by the 2710 // Framer and must not be retained after the next call to 2711 // ReadFrame. 2712 // 2713 // Fields are guaranteed to be in the correct http2 order and 2714 // not have unknown pseudo header fields or invalid header 2715 // field names or values. Required pseudo header fields may be 2716 // missing, however. Use the MetaHeadersFrame.Pseudo accessor 2717 // method access pseudo headers. 2718 Fields []hpack.HeaderField 2719 2720 // Truncated is whether the max header list size limit was hit 2721 // and Fields is incomplete. The hpack decoder state is still 2722 // valid, however. 2723 Truncated bool 2724 } 2725 2726 // PseudoValue returns the given pseudo header field's value. 2727 // The provided pseudo field should not contain the leading colon. 2728 func (mh *http2MetaHeadersFrame) PseudoValue(pseudo string) string { 2729 for _, hf := range mh.Fields { 2730 if !hf.IsPseudo() { 2731 return "" 2732 } 2733 if hf.Name[1:] == pseudo { 2734 return hf.Value 2735 } 2736 } 2737 return "" 2738 } 2739 2740 // RegularFields returns the regular (non-pseudo) header fields of mh. 2741 // The caller does not own the returned slice. 2742 func (mh *http2MetaHeadersFrame) RegularFields() []hpack.HeaderField { 2743 for i, hf := range mh.Fields { 2744 if !hf.IsPseudo() { 2745 return mh.Fields[i:] 2746 } 2747 } 2748 return nil 2749 } 2750 2751 // PseudoFields returns the pseudo header fields of mh. 2752 // The caller does not own the returned slice. 2753 func (mh *http2MetaHeadersFrame) PseudoFields() []hpack.HeaderField { 2754 for i, hf := range mh.Fields { 2755 if !hf.IsPseudo() { 2756 return mh.Fields[:i] 2757 } 2758 } 2759 return mh.Fields 2760 } 2761 2762 func (mh *http2MetaHeadersFrame) checkPseudos() error { 2763 var isRequest, isResponse bool 2764 pf := mh.PseudoFields() 2765 for i, hf := range pf { 2766 switch hf.Name { 2767 case ":method", ":path", ":scheme", ":authority": 2768 isRequest = true 2769 case ":status": 2770 isResponse = true 2771 default: 2772 return http2pseudoHeaderError(hf.Name) 2773 } 2774 // Check for duplicates. 2775 // This would be a bad algorithm, but N is 4. 2776 // And this doesn't allocate. 2777 for _, hf2 := range pf[:i] { 2778 if hf.Name == hf2.Name { 2779 return http2duplicatePseudoHeaderError(hf.Name) 2780 } 2781 } 2782 } 2783 if isRequest && isResponse { 2784 return http2errMixPseudoHeaderTypes 2785 } 2786 return nil 2787 } 2788 2789 func (fr *http2Framer) maxHeaderStringLen() int { 2790 v := fr.maxHeaderListSize() 2791 if uint32(int(v)) == v { 2792 return int(v) 2793 } 2794 // They had a crazy big number for MaxHeaderBytes anyway, 2795 // so give them unlimited header lengths: 2796 return 0 2797 } 2798 2799 // readMetaFrame returns 0 or more CONTINUATION frames from fr and 2800 // merge them into the provided hf and returns a MetaHeadersFrame 2801 // with the decoded hpack values. 2802 func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFrame, error) { 2803 if fr.AllowIllegalReads { 2804 return nil, errors.New("illegal use of AllowIllegalReads with ReadMetaHeaders") 2805 } 2806 mh := &http2MetaHeadersFrame{ 2807 http2HeadersFrame: hf, 2808 } 2809 var remainSize = fr.maxHeaderListSize() 2810 var sawRegular bool 2811 2812 var invalid error // pseudo header field errors 2813 hdec := fr.ReadMetaHeaders 2814 hdec.SetEmitEnabled(true) 2815 hdec.SetMaxStringLength(fr.maxHeaderStringLen()) 2816 hdec.SetEmitFunc(func(hf hpack.HeaderField) { 2817 if http2VerboseLogs && fr.logReads { 2818 fr.debugReadLoggerf("http2: decoded hpack field %+v", hf) 2819 } 2820 if !httpguts.ValidHeaderFieldValue(hf.Value) { 2821 invalid = http2headerFieldValueError(hf.Value) 2822 } 2823 isPseudo := strings.HasPrefix(hf.Name, ":") 2824 if isPseudo { 2825 if sawRegular { 2826 invalid = http2errPseudoAfterRegular 2827 } 2828 } else { 2829 sawRegular = true 2830 if !http2validWireHeaderFieldName(hf.Name) { 2831 invalid = http2headerFieldNameError(hf.Name) 2832 } 2833 } 2834 2835 if invalid != nil { 2836 hdec.SetEmitEnabled(false) 2837 return 2838 } 2839 2840 size := hf.Size() 2841 if size > remainSize { 2842 hdec.SetEmitEnabled(false) 2843 mh.Truncated = true 2844 return 2845 } 2846 remainSize -= size 2847 2848 mh.Fields = append(mh.Fields, hf) 2849 }) 2850 // Lose reference to MetaHeadersFrame: 2851 defer hdec.SetEmitFunc(func(hf hpack.HeaderField) {}) 2852 2853 var hc http2headersOrContinuation = hf 2854 for { 2855 frag := hc.HeaderBlockFragment() 2856 if _, err := hdec.Write(frag); err != nil { 2857 return nil, http2ConnectionError(http2ErrCodeCompression) 2858 } 2859 2860 if hc.HeadersEnded() { 2861 break 2862 } 2863 if f, err := fr.ReadFrame(); err != nil { 2864 return nil, err 2865 } else { 2866 hc = f.(*http2ContinuationFrame) // guaranteed by checkFrameOrder 2867 } 2868 } 2869 2870 mh.http2HeadersFrame.headerFragBuf = nil 2871 mh.http2HeadersFrame.invalidate() 2872 2873 if err := hdec.Close(); err != nil { 2874 return nil, http2ConnectionError(http2ErrCodeCompression) 2875 } 2876 if invalid != nil { 2877 fr.errDetail = invalid 2878 if http2VerboseLogs { 2879 log.Printf("http2: invalid header: %v", invalid) 2880 } 2881 return nil, http2StreamError{mh.StreamID, http2ErrCodeProtocol, invalid} 2882 } 2883 if err := mh.checkPseudos(); err != nil { 2884 fr.errDetail = err 2885 if http2VerboseLogs { 2886 log.Printf("http2: invalid pseudo headers: %v", err) 2887 } 2888 return nil, http2StreamError{mh.StreamID, http2ErrCodeProtocol, err} 2889 } 2890 return mh, nil 2891 } 2892 2893 func http2summarizeFrame(f http2Frame) string { 2894 var buf bytes.Buffer 2895 f.Header().writeDebug(&buf) 2896 switch f := f.(type) { 2897 case *http2SettingsFrame: 2898 n := 0 2899 f.ForeachSetting(func(s http2Setting) error { 2900 n++ 2901 if n == 1 { 2902 buf.WriteString(", settings:") 2903 } 2904 fmt.Fprintf(&buf, " %v=%v,", s.ID, s.Val) 2905 return nil 2906 }) 2907 if n > 0 { 2908 buf.Truncate(buf.Len() - 1) // remove trailing comma 2909 } 2910 case *http2DataFrame: 2911 data := f.Data() 2912 const max = 256 2913 if len(data) > max { 2914 data = data[:max] 2915 } 2916 fmt.Fprintf(&buf, " data=%q", data) 2917 if len(f.Data()) > max { 2918 fmt.Fprintf(&buf, " (%d bytes omitted)", len(f.Data())-max) 2919 } 2920 case *http2WindowUpdateFrame: 2921 if f.StreamID == 0 { 2922 buf.WriteString(" (conn)") 2923 } 2924 fmt.Fprintf(&buf, " incr=%v", f.Increment) 2925 case *http2PingFrame: 2926 fmt.Fprintf(&buf, " ping=%q", f.Data[:]) 2927 case *http2GoAwayFrame: 2928 fmt.Fprintf(&buf, " LastStreamID=%v ErrCode=%v Debug=%q", 2929 f.LastStreamID, f.ErrCode, f.debugData) 2930 case *http2RSTStreamFrame: 2931 fmt.Fprintf(&buf, " ErrCode=%v", f.ErrCode) 2932 } 2933 return buf.String() 2934 } 2935 2936 func http2traceHasWroteHeaderField(trace *httptrace.ClientTrace) bool { 2937 return trace != nil && trace.WroteHeaderField != nil 2938 } 2939 2940 func http2traceWroteHeaderField(trace *httptrace.ClientTrace, k, v string) { 2941 if trace != nil && trace.WroteHeaderField != nil { 2942 trace.WroteHeaderField(k, []string{v}) 2943 } 2944 } 2945 2946 func http2traceGot1xxResponseFunc(trace *httptrace.ClientTrace) func(int, textproto.MIMEHeader) error { 2947 if trace != nil { 2948 return trace.Got1xxResponse 2949 } 2950 return nil 2951 } 2952 2953 // dialTLSWithContext uses tls.Dialer, added in Go 1.15, to open a TLS 2954 // connection. 2955 func (t *http2Transport) dialTLSWithContext(ctx context.Context, network, addr string, cfg *tls.Config) (*tls.Conn, error) { 2956 dialer := &tls.Dialer{ 2957 Config: cfg, 2958 } 2959 cn, err := dialer.DialContext(ctx, network, addr) 2960 if err != nil { 2961 return nil, err 2962 } 2963 tlsCn := cn.(*tls.Conn) // DialContext comment promises this will always succeed 2964 return tlsCn, nil 2965 } 2966 2967 var http2DebugGoroutines = os.Getenv("DEBUG_HTTP2_GOROUTINES") == "1" 2968 2969 type http2goroutineLock uint64 2970 2971 func http2newGoroutineLock() http2goroutineLock { 2972 if !http2DebugGoroutines { 2973 return 0 2974 } 2975 return http2goroutineLock(http2curGoroutineID()) 2976 } 2977 2978 func (g http2goroutineLock) check() { 2979 if !http2DebugGoroutines { 2980 return 2981 } 2982 if http2curGoroutineID() != uint64(g) { 2983 panic("running on the wrong goroutine") 2984 } 2985 } 2986 2987 func (g http2goroutineLock) checkNotOn() { 2988 if !http2DebugGoroutines { 2989 return 2990 } 2991 if http2curGoroutineID() == uint64(g) { 2992 panic("running on the wrong goroutine") 2993 } 2994 } 2995 2996 var http2goroutineSpace = []byte("goroutine ") 2997 2998 func http2curGoroutineID() uint64 { 2999 bp := http2littleBuf.Get().(*[]byte) 3000 defer http2littleBuf.Put(bp) 3001 b := *bp 3002 b = b[:runtime.Stack(b, false)] 3003 // Parse the 4707 out of "goroutine 4707 [" 3004 b = bytes.TrimPrefix(b, http2goroutineSpace) 3005 i := bytes.IndexByte(b, ' ') 3006 if i < 0 { 3007 panic(fmt.Sprintf("No space found in %q", b)) 3008 } 3009 b = b[:i] 3010 n, err := http2parseUintBytes(b, 10, 64) 3011 if err != nil { 3012 panic(fmt.Sprintf("Failed to parse goroutine ID out of %q: %v", b, err)) 3013 } 3014 return n 3015 } 3016 3017 var http2littleBuf = sync.Pool{ 3018 New: func() interface{} { 3019 buf := make([]byte, 64) 3020 return &buf 3021 }, 3022 } 3023 3024 // parseUintBytes is like strconv.ParseUint, but using a []byte. 3025 func http2parseUintBytes(s []byte, base int, bitSize int) (n uint64, err error) { 3026 var cutoff, maxVal uint64 3027 3028 if bitSize == 0 { 3029 bitSize = int(strconv.IntSize) 3030 } 3031 3032 s0 := s 3033 switch { 3034 case len(s) < 1: 3035 err = strconv.ErrSyntax 3036 goto Error 3037 3038 case 2 <= base && base <= 36: 3039 // valid base; nothing to do 3040 3041 case base == 0: 3042 // Look for octal, hex prefix. 3043 switch { 3044 case s[0] == '0' && len(s) > 1 && (s[1] == 'x' || s[1] == 'X'): 3045 base = 16 3046 s = s[2:] 3047 if len(s) < 1 { 3048 err = strconv.ErrSyntax 3049 goto Error 3050 } 3051 case s[0] == '0': 3052 base = 8 3053 default: 3054 base = 10 3055 } 3056 3057 default: 3058 err = errors.New("invalid base " + strconv.Itoa(base)) 3059 goto Error 3060 } 3061 3062 n = 0 3063 cutoff = http2cutoff64(base) 3064 maxVal = 1<<uint(bitSize) - 1 3065 3066 for i := 0; i < len(s); i++ { 3067 var v byte 3068 d := s[i] 3069 switch { 3070 case '0' <= d && d <= '9': 3071 v = d - '0' 3072 case 'a' <= d && d <= 'z': 3073 v = d - 'a' + 10 3074 case 'A' <= d && d <= 'Z': 3075 v = d - 'A' + 10 3076 default: 3077 n = 0 3078 err = strconv.ErrSyntax 3079 goto Error 3080 } 3081 if int(v) >= base { 3082 n = 0 3083 err = strconv.ErrSyntax 3084 goto Error 3085 } 3086 3087 if n >= cutoff { 3088 // n*base overflows 3089 n = 1<<64 - 1 3090 err = strconv.ErrRange 3091 goto Error 3092 } 3093 n *= uint64(base) 3094 3095 n1 := n + uint64(v) 3096 if n1 < n || n1 > maxVal { 3097 // n+v overflows 3098 n = 1<<64 - 1 3099 err = strconv.ErrRange 3100 goto Error 3101 } 3102 n = n1 3103 } 3104 3105 return n, nil 3106 3107 Error: 3108 return n, &strconv.NumError{Func: "ParseUint", Num: string(s0), Err: err} 3109 } 3110 3111 // Return the first number n such that n*base >= 1<<64. 3112 func http2cutoff64(base int) uint64 { 3113 if base < 2 { 3114 return 0 3115 } 3116 return (1<<64-1)/uint64(base) + 1 3117 } 3118 3119 var ( 3120 http2commonBuildOnce sync.Once 3121 http2commonLowerHeader map[string]string // Go-Canonical-Case -> lower-case 3122 http2commonCanonHeader map[string]string // lower-case -> Go-Canonical-Case 3123 ) 3124 3125 func http2buildCommonHeaderMapsOnce() { 3126 http2commonBuildOnce.Do(http2buildCommonHeaderMaps) 3127 } 3128 3129 func http2buildCommonHeaderMaps() { 3130 common := []string{ 3131 "accept", 3132 "accept-charset", 3133 "accept-encoding", 3134 "accept-language", 3135 "accept-ranges", 3136 "age", 3137 "access-control-allow-origin", 3138 "allow", 3139 "authorization", 3140 "cache-control", 3141 "content-disposition", 3142 "content-encoding", 3143 "content-language", 3144 "content-length", 3145 "content-location", 3146 "content-range", 3147 "content-type", 3148 "cookie", 3149 "date", 3150 "etag", 3151 "expect", 3152 "expires", 3153 "from", 3154 "host", 3155 "if-match", 3156 "if-modified-since", 3157 "if-none-match", 3158 "if-unmodified-since", 3159 "last-modified", 3160 "link", 3161 "location", 3162 "max-forwards", 3163 "proxy-authenticate", 3164 "proxy-authorization", 3165 "range", 3166 "referer", 3167 "refresh", 3168 "retry-after", 3169 "server", 3170 "set-cookie", 3171 "strict-transport-security", 3172 "trailer", 3173 "transfer-encoding", 3174 "user-agent", 3175 "vary", 3176 "via", 3177 "www-authenticate", 3178 } 3179 http2commonLowerHeader = make(map[string]string, len(common)) 3180 http2commonCanonHeader = make(map[string]string, len(common)) 3181 for _, v := range common { 3182 chk := CanonicalHeaderKey(v) 3183 http2commonLowerHeader[chk] = v 3184 http2commonCanonHeader[v] = chk 3185 } 3186 } 3187 3188 func http2lowerHeader(v string) (lower string, ascii bool) { 3189 http2buildCommonHeaderMapsOnce() 3190 if s, ok := http2commonLowerHeader[v]; ok { 3191 return s, true 3192 } 3193 return http2asciiToLower(v) 3194 } 3195 3196 var ( 3197 http2VerboseLogs bool 3198 http2logFrameWrites bool 3199 http2logFrameReads bool 3200 http2inTests bool 3201 ) 3202 3203 func init() { 3204 e := os.Getenv("GODEBUG") 3205 if strings.Contains(e, "http2debug=1") { 3206 http2VerboseLogs = true 3207 } 3208 if strings.Contains(e, "http2debug=2") { 3209 http2VerboseLogs = true 3210 http2logFrameWrites = true 3211 http2logFrameReads = true 3212 } 3213 } 3214 3215 const ( 3216 // ClientPreface is the string that must be sent by new 3217 // connections from clients. 3218 http2ClientPreface = "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n" 3219 3220 // SETTINGS_MAX_FRAME_SIZE default 3221 // http://http2.github.io/http2-spec/#rfc.section.6.5.2 3222 http2initialMaxFrameSize = 16384 3223 3224 // NextProtoTLS is the NPN/ALPN protocol negotiated during 3225 // HTTP/2's TLS setup. 3226 http2NextProtoTLS = "h2" 3227 3228 // http://http2.github.io/http2-spec/#SettingValues 3229 http2initialHeaderTableSize = 4096 3230 3231 http2initialWindowSize = 65535 // 6.9.2 Initial Flow Control Window Size 3232 3233 http2defaultMaxReadFrameSize = 1 << 20 3234 ) 3235 3236 var ( 3237 http2clientPreface = []byte(http2ClientPreface) 3238 ) 3239 3240 type http2streamState int 3241 3242 // HTTP/2 stream states. 3243 // 3244 // See http://tools.ietf.org/html/rfc7540#section-5.1. 3245 // 3246 // For simplicity, the server code merges "reserved (local)" into 3247 // "half-closed (remote)". This is one less state transition to track. 3248 // The only downside is that we send PUSH_PROMISEs slightly less 3249 // liberally than allowable. More discussion here: 3250 // https://lists.w3.org/Archives/Public/ietf-http-wg/2016JulSep/0599.html 3251 // 3252 // "reserved (remote)" is omitted since the client code does not 3253 // support server push. 3254 const ( 3255 http2stateIdle http2streamState = iota 3256 http2stateOpen 3257 http2stateHalfClosedLocal 3258 http2stateHalfClosedRemote 3259 http2stateClosed 3260 ) 3261 3262 var http2stateName = [...]string{ 3263 http2stateIdle: "Idle", 3264 http2stateOpen: "Open", 3265 http2stateHalfClosedLocal: "HalfClosedLocal", 3266 http2stateHalfClosedRemote: "HalfClosedRemote", 3267 http2stateClosed: "Closed", 3268 } 3269 3270 func (st http2streamState) String() string { 3271 return http2stateName[st] 3272 } 3273 3274 // Setting is a setting parameter: which setting it is, and its value. 3275 type http2Setting struct { 3276 // ID is which setting is being set. 3277 // See http://http2.github.io/http2-spec/#SettingValues 3278 ID http2SettingID 3279 3280 // Val is the value. 3281 Val uint32 3282 } 3283 3284 func (s http2Setting) String() string { 3285 return fmt.Sprintf("[%v = %d]", s.ID, s.Val) 3286 } 3287 3288 // Valid reports whether the setting is valid. 3289 func (s http2Setting) Valid() error { 3290 // Limits and error codes from 6.5.2 Defined SETTINGS Parameters 3291 switch s.ID { 3292 case http2SettingEnablePush: 3293 if s.Val != 1 && s.Val != 0 { 3294 return http2ConnectionError(http2ErrCodeProtocol) 3295 } 3296 case http2SettingInitialWindowSize: 3297 if s.Val > 1<<31-1 { 3298 return http2ConnectionError(http2ErrCodeFlowControl) 3299 } 3300 case http2SettingMaxFrameSize: 3301 if s.Val < 16384 || s.Val > 1<<24-1 { 3302 return http2ConnectionError(http2ErrCodeProtocol) 3303 } 3304 } 3305 return nil 3306 } 3307 3308 // A SettingID is an HTTP/2 setting as defined in 3309 // http://http2.github.io/http2-spec/#iana-settings 3310 type http2SettingID uint16 3311 3312 const ( 3313 http2SettingHeaderTableSize http2SettingID = 0x1 3314 http2SettingEnablePush http2SettingID = 0x2 3315 http2SettingMaxConcurrentStreams http2SettingID = 0x3 3316 http2SettingInitialWindowSize http2SettingID = 0x4 3317 http2SettingMaxFrameSize http2SettingID = 0x5 3318 http2SettingMaxHeaderListSize http2SettingID = 0x6 3319 ) 3320 3321 var http2settingName = map[http2SettingID]string{ 3322 http2SettingHeaderTableSize: "HEADER_TABLE_SIZE", 3323 http2SettingEnablePush: "ENABLE_PUSH", 3324 http2SettingMaxConcurrentStreams: "MAX_CONCURRENT_STREAMS", 3325 http2SettingInitialWindowSize: "INITIAL_WINDOW_SIZE", 3326 http2SettingMaxFrameSize: "MAX_FRAME_SIZE", 3327 http2SettingMaxHeaderListSize: "MAX_HEADER_LIST_SIZE", 3328 } 3329 3330 func (s http2SettingID) String() string { 3331 if v, ok := http2settingName[s]; ok { 3332 return v 3333 } 3334 return fmt.Sprintf("UNKNOWN_SETTING_%d", uint16(s)) 3335 } 3336 3337 // validWireHeaderFieldName reports whether v is a valid header field 3338 // name (key). See httpguts.ValidHeaderName for the base rules. 3339 // 3340 // Further, http2 says: 3341 // "Just as in HTTP/1.x, header field names are strings of ASCII 3342 // characters that are compared in a case-insensitive 3343 // fashion. However, header field names MUST be converted to 3344 // lowercase prior to their encoding in HTTP/2. " 3345 func http2validWireHeaderFieldName(v string) bool { 3346 if len(v) == 0 { 3347 return false 3348 } 3349 for _, r := range v { 3350 if !httpguts.IsTokenRune(r) { 3351 return false 3352 } 3353 if 'A' <= r && r <= 'Z' { 3354 return false 3355 } 3356 } 3357 return true 3358 } 3359 3360 func http2httpCodeString(code int) string { 3361 switch code { 3362 case 200: 3363 return "200" 3364 case 404: 3365 return "404" 3366 } 3367 return strconv.Itoa(code) 3368 } 3369 3370 // from pkg io 3371 type http2stringWriter interface { 3372 WriteString(s string) (n int, err error) 3373 } 3374 3375 // A gate lets two goroutines coordinate their activities. 3376 type http2gate chan struct{} 3377 3378 func (g http2gate) Done() { g <- struct{}{} } 3379 3380 func (g http2gate) Wait() { <-g } 3381 3382 // A closeWaiter is like a sync.WaitGroup but only goes 1 to 0 (open to closed). 3383 type http2closeWaiter chan struct{} 3384 3385 // Init makes a closeWaiter usable. 3386 // It exists because so a closeWaiter value can be placed inside a 3387 // larger struct and have the Mutex and Cond's memory in the same 3388 // allocation. 3389 func (cw *http2closeWaiter) Init() { 3390 *cw = make(chan struct{}) 3391 } 3392 3393 // Close marks the closeWaiter as closed and unblocks any waiters. 3394 func (cw http2closeWaiter) Close() { 3395 close(cw) 3396 } 3397 3398 // Wait waits for the closeWaiter to become closed. 3399 func (cw http2closeWaiter) Wait() { 3400 <-cw 3401 } 3402 3403 // bufferedWriter is a buffered writer that writes to w. 3404 // Its buffered writer is lazily allocated as needed, to minimize 3405 // idle memory usage with many connections. 3406 type http2bufferedWriter struct { 3407 _ http2incomparable 3408 w io.Writer // immutable 3409 bw *bufio.Writer // non-nil when data is buffered 3410 } 3411 3412 func http2newBufferedWriter(w io.Writer) *http2bufferedWriter { 3413 return &http2bufferedWriter{w: w} 3414 } 3415 3416 // bufWriterPoolBufferSize is the size of bufio.Writer's 3417 // buffers created using bufWriterPool. 3418 // 3419 // TODO: pick a less arbitrary value? this is a bit under 3420 // (3 x typical 1500 byte MTU) at least. Other than that, 3421 // not much thought went into it. 3422 const http2bufWriterPoolBufferSize = 4 << 10 3423 3424 var http2bufWriterPool = sync.Pool{ 3425 New: func() interface{} { 3426 return bufio.NewWriterSize(nil, http2bufWriterPoolBufferSize) 3427 }, 3428 } 3429 3430 func (w *http2bufferedWriter) Available() int { 3431 if w.bw == nil { 3432 return http2bufWriterPoolBufferSize 3433 } 3434 return w.bw.Available() 3435 } 3436 3437 func (w *http2bufferedWriter) Write(p []byte) (n int, err error) { 3438 if w.bw == nil { 3439 bw := http2bufWriterPool.Get().(*bufio.Writer) 3440 bw.Reset(w.w) 3441 w.bw = bw 3442 } 3443 return w.bw.Write(p) 3444 } 3445 3446 func (w *http2bufferedWriter) Flush() error { 3447 bw := w.bw 3448 if bw == nil { 3449 return nil 3450 } 3451 err := bw.Flush() 3452 bw.Reset(nil) 3453 http2bufWriterPool.Put(bw) 3454 w.bw = nil 3455 return err 3456 } 3457 3458 func http2mustUint31(v int32) uint32 { 3459 if v < 0 || v > 2147483647 { 3460 panic("out of range") 3461 } 3462 return uint32(v) 3463 } 3464 3465 // bodyAllowedForStatus reports whether a given response status code 3466 // permits a body. See RFC 7230, section 3.3. 3467 func http2bodyAllowedForStatus(status int) bool { 3468 switch { 3469 case status >= 100 && status <= 199: 3470 return false 3471 case status == 204: 3472 return false 3473 case status == 304: 3474 return false 3475 } 3476 return true 3477 } 3478 3479 type http2httpError struct { 3480 _ http2incomparable 3481 msg string 3482 timeout bool 3483 } 3484 3485 func (e *http2httpError) Error() string { return e.msg } 3486 3487 func (e *http2httpError) Timeout() bool { return e.timeout } 3488 3489 func (e *http2httpError) Temporary() bool { return true } 3490 3491 var http2errTimeout error = &http2httpError{msg: "http2: timeout awaiting response headers", timeout: true} 3492 3493 type http2connectionStater interface { 3494 ConnectionState() tls.ConnectionState 3495 } 3496 3497 var http2sorterPool = sync.Pool{New: func() interface{} { return new(http2sorter) }} 3498 3499 type http2sorter struct { 3500 v []string // owned by sorter 3501 } 3502 3503 func (s *http2sorter) Len() int { return len(s.v) } 3504 3505 func (s *http2sorter) Swap(i, j int) { s.v[i], s.v[j] = s.v[j], s.v[i] } 3506 3507 func (s *http2sorter) Less(i, j int) bool { return s.v[i] < s.v[j] } 3508 3509 // Keys returns the sorted keys of h. 3510 // 3511 // The returned slice is only valid until s used again or returned to 3512 // its pool. 3513 func (s *http2sorter) Keys(h Header) []string { 3514 keys := s.v[:0] 3515 for k := range h { 3516 keys = append(keys, k) 3517 } 3518 s.v = keys 3519 sort.Sort(s) 3520 return keys 3521 } 3522 3523 func (s *http2sorter) SortStrings(ss []string) { 3524 // Our sorter works on s.v, which sorter owns, so 3525 // stash it away while we sort the user's buffer. 3526 save := s.v 3527 s.v = ss 3528 sort.Sort(s) 3529 s.v = save 3530 } 3531 3532 // validPseudoPath reports whether v is a valid :path pseudo-header 3533 // value. It must be either: 3534 // 3535 // *) a non-empty string starting with '/' 3536 // *) the string '*', for OPTIONS requests. 3537 // 3538 // For now this is only used a quick check for deciding when to clean 3539 // up Opaque URLs before sending requests from the Transport. 3540 // See golang.org/issue/16847 3541 // 3542 // We used to enforce that the path also didn't start with "//", but 3543 // Google's GFE accepts such paths and Chrome sends them, so ignore 3544 // that part of the spec. See golang.org/issue/19103. 3545 func http2validPseudoPath(v string) bool { 3546 return (len(v) > 0 && v[0] == '/') || v == "*" 3547 } 3548 3549 // incomparable is a zero-width, non-comparable type. Adding it to a struct 3550 // makes that struct also non-comparable, and generally doesn't add 3551 // any size (as long as it's first). 3552 type http2incomparable [0]func() 3553 3554 // pipe is a goroutine-safe io.Reader/io.Writer pair. It's like 3555 // io.Pipe except there are no PipeReader/PipeWriter halves, and the 3556 // underlying buffer is an interface. (io.Pipe is always unbuffered) 3557 type http2pipe struct { 3558 mu sync.Mutex 3559 c sync.Cond // c.L lazily initialized to &p.mu 3560 b http2pipeBuffer // nil when done reading 3561 unread int // bytes unread when done 3562 err error // read error once empty. non-nil means closed. 3563 breakErr error // immediate read error (caller doesn't see rest of b) 3564 donec chan struct{} // closed on error 3565 readFn func() // optional code to run in Read before error 3566 } 3567 3568 type http2pipeBuffer interface { 3569 Len() int 3570 io.Writer 3571 io.Reader 3572 } 3573 3574 // setBuffer initializes the pipe buffer. 3575 // It has no effect if the pipe is already closed. 3576 func (p *http2pipe) setBuffer(b http2pipeBuffer) { 3577 p.mu.Lock() 3578 defer p.mu.Unlock() 3579 if p.err != nil || p.breakErr != nil { 3580 return 3581 } 3582 p.b = b 3583 } 3584 3585 func (p *http2pipe) Len() int { 3586 p.mu.Lock() 3587 defer p.mu.Unlock() 3588 if p.b == nil { 3589 return p.unread 3590 } 3591 return p.b.Len() 3592 } 3593 3594 // Read waits until data is available and copies bytes 3595 // from the buffer into p. 3596 func (p *http2pipe) Read(d []byte) (n int, err error) { 3597 p.mu.Lock() 3598 defer p.mu.Unlock() 3599 if p.c.L == nil { 3600 p.c.L = &p.mu 3601 } 3602 for { 3603 if p.breakErr != nil { 3604 return 0, p.breakErr 3605 } 3606 if p.b != nil && p.b.Len() > 0 { 3607 return p.b.Read(d) 3608 } 3609 if p.err != nil { 3610 if p.readFn != nil { 3611 p.readFn() // e.g. copy trailers 3612 p.readFn = nil // not sticky like p.err 3613 } 3614 p.b = nil 3615 return 0, p.err 3616 } 3617 p.c.Wait() 3618 } 3619 } 3620 3621 var http2errClosedPipeWrite = errors.New("write on closed buffer") 3622 3623 // Write copies bytes from p into the buffer and wakes a reader. 3624 // It is an error to write more data than the buffer can hold. 3625 func (p *http2pipe) Write(d []byte) (n int, err error) { 3626 p.mu.Lock() 3627 defer p.mu.Unlock() 3628 if p.c.L == nil { 3629 p.c.L = &p.mu 3630 } 3631 defer p.c.Signal() 3632 if p.err != nil { 3633 return 0, http2errClosedPipeWrite 3634 } 3635 if p.breakErr != nil { 3636 p.unread += len(d) 3637 return len(d), nil // discard when there is no reader 3638 } 3639 return p.b.Write(d) 3640 } 3641 3642 // CloseWithError causes the next Read (waking up a current blocked 3643 // Read if needed) to return the provided err after all data has been 3644 // read. 3645 // 3646 // The error must be non-nil. 3647 func (p *http2pipe) CloseWithError(err error) { p.closeWithError(&p.err, err, nil) } 3648 3649 // BreakWithError causes the next Read (waking up a current blocked 3650 // Read if needed) to return the provided err immediately, without 3651 // waiting for unread data. 3652 func (p *http2pipe) BreakWithError(err error) { p.closeWithError(&p.breakErr, err, nil) } 3653 3654 // closeWithErrorAndCode is like CloseWithError but also sets some code to run 3655 // in the caller's goroutine before returning the error. 3656 func (p *http2pipe) closeWithErrorAndCode(err error, fn func()) { p.closeWithError(&p.err, err, fn) } 3657 3658 func (p *http2pipe) closeWithError(dst *error, err error, fn func()) { 3659 if err == nil { 3660 panic("err must be non-nil") 3661 } 3662 p.mu.Lock() 3663 defer p.mu.Unlock() 3664 if p.c.L == nil { 3665 p.c.L = &p.mu 3666 } 3667 defer p.c.Signal() 3668 if *dst != nil { 3669 // Already been done. 3670 return 3671 } 3672 p.readFn = fn 3673 if dst == &p.breakErr { 3674 if p.b != nil { 3675 p.unread += p.b.Len() 3676 } 3677 p.b = nil 3678 } 3679 *dst = err 3680 p.closeDoneLocked() 3681 } 3682 3683 // requires p.mu be held. 3684 func (p *http2pipe) closeDoneLocked() { 3685 if p.donec == nil { 3686 return 3687 } 3688 // Close if unclosed. This isn't racy since we always 3689 // hold p.mu while closing. 3690 select { 3691 case <-p.donec: 3692 default: 3693 close(p.donec) 3694 } 3695 } 3696 3697 // Err returns the error (if any) first set by BreakWithError or CloseWithError. 3698 func (p *http2pipe) Err() error { 3699 p.mu.Lock() 3700 defer p.mu.Unlock() 3701 if p.breakErr != nil { 3702 return p.breakErr 3703 } 3704 return p.err 3705 } 3706 3707 // Done returns a channel which is closed if and when this pipe is closed 3708 // with CloseWithError. 3709 func (p *http2pipe) Done() <-chan struct{} { 3710 p.mu.Lock() 3711 defer p.mu.Unlock() 3712 if p.donec == nil { 3713 p.donec = make(chan struct{}) 3714 if p.err != nil || p.breakErr != nil { 3715 // Already hit an error. 3716 p.closeDoneLocked() 3717 } 3718 } 3719 return p.donec 3720 } 3721 3722 const ( 3723 http2prefaceTimeout = 10 * time.Second 3724 http2firstSettingsTimeout = 2 * time.Second // should be in-flight with preface anyway 3725 http2handlerChunkWriteSize = 4 << 10 3726 http2defaultMaxStreams = 250 // TODO: make this 100 as the GFE seems to? 3727 http2maxQueuedControlFrames = 10000 3728 ) 3729 3730 var ( 3731 http2errClientDisconnected = errors.New("client disconnected") 3732 http2errClosedBody = errors.New("body closed by handler") 3733 http2errHandlerComplete = errors.New("http2: request body closed due to handler exiting") 3734 http2errStreamClosed = errors.New("http2: stream closed") 3735 ) 3736 3737 var http2responseWriterStatePool = sync.Pool{ 3738 New: func() interface{} { 3739 rws := &http2responseWriterState{} 3740 rws.bw = bufio.NewWriterSize(http2chunkWriter{rws}, http2handlerChunkWriteSize) 3741 return rws 3742 }, 3743 } 3744 3745 // Test hooks. 3746 var ( 3747 http2testHookOnConn func() 3748 http2testHookGetServerConn func(*http2serverConn) 3749 http2testHookOnPanicMu *sync.Mutex // nil except in tests 3750 http2testHookOnPanic func(sc *http2serverConn, panicVal interface{}) (rePanic bool) 3751 ) 3752 3753 // Server is an HTTP/2 server. 3754 type http2Server struct { 3755 // MaxHandlers limits the number of http.Handler ServeHTTP goroutines 3756 // which may run at a time over all connections. 3757 // Negative or zero no limit. 3758 // TODO: implement 3759 MaxHandlers int 3760 3761 // MaxConcurrentStreams optionally specifies the number of 3762 // concurrent streams that each client may have open at a 3763 // time. This is unrelated to the number of http.Handler goroutines 3764 // which may be active globally, which is MaxHandlers. 3765 // If zero, MaxConcurrentStreams defaults to at least 100, per 3766 // the HTTP/2 spec's recommendations. 3767 MaxConcurrentStreams uint32 3768 3769 // MaxReadFrameSize optionally specifies the largest frame 3770 // this server is willing to read. A valid value is between 3771 // 16k and 16M, inclusive. If zero or otherwise invalid, a 3772 // default value is used. 3773 MaxReadFrameSize uint32 3774 3775 // PermitProhibitedCipherSuites, if true, permits the use of 3776 // cipher suites prohibited by the HTTP/2 spec. 3777 PermitProhibitedCipherSuites bool 3778 3779 // IdleTimeout specifies how long until idle clients should be 3780 // closed with a GOAWAY frame. PING frames are not considered 3781 // activity for the purposes of IdleTimeout. 3782 IdleTimeout time.Duration 3783 3784 // MaxUploadBufferPerConnection is the size of the initial flow 3785 // control window for each connections. The HTTP/2 spec does not 3786 // allow this to be smaller than 65535 or larger than 2^32-1. 3787 // If the value is outside this range, a default value will be 3788 // used instead. 3789 MaxUploadBufferPerConnection int32 3790 3791 // MaxUploadBufferPerStream is the size of the initial flow control 3792 // window for each stream. The HTTP/2 spec does not allow this to 3793 // be larger than 2^32-1. If the value is zero or larger than the 3794 // maximum, a default value will be used instead. 3795 MaxUploadBufferPerStream int32 3796 3797 // NewWriteScheduler constructs a write scheduler for a connection. 3798 // If nil, a default scheduler is chosen. 3799 NewWriteScheduler func() http2WriteScheduler 3800 3801 // Internal state. This is a pointer (rather than embedded directly) 3802 // so that we don't embed a Mutex in this struct, which will make the 3803 // struct non-copyable, which might break some callers. 3804 state *http2serverInternalState 3805 } 3806 3807 func (s *http2Server) initialConnRecvWindowSize() int32 { 3808 if s.MaxUploadBufferPerConnection > http2initialWindowSize { 3809 return s.MaxUploadBufferPerConnection 3810 } 3811 return 1 << 20 3812 } 3813 3814 func (s *http2Server) initialStreamRecvWindowSize() int32 { 3815 if s.MaxUploadBufferPerStream > 0 { 3816 return s.MaxUploadBufferPerStream 3817 } 3818 return 1 << 20 3819 } 3820 3821 func (s *http2Server) maxReadFrameSize() uint32 { 3822 if v := s.MaxReadFrameSize; v >= http2minMaxFrameSize && v <= http2maxFrameSize { 3823 return v 3824 } 3825 return http2defaultMaxReadFrameSize 3826 } 3827 3828 func (s *http2Server) maxConcurrentStreams() uint32 { 3829 if v := s.MaxConcurrentStreams; v > 0 { 3830 return v 3831 } 3832 return http2defaultMaxStreams 3833 } 3834 3835 // maxQueuedControlFrames is the maximum number of control frames like 3836 // SETTINGS, PING and RST_STREAM that will be queued for writing before 3837 // the connection is closed to prevent memory exhaustion attacks. 3838 func (s *http2Server) maxQueuedControlFrames() int { 3839 // TODO: if anybody asks, add a Server field, and remember to define the 3840 // behavior of negative values. 3841 return http2maxQueuedControlFrames 3842 } 3843 3844 type http2serverInternalState struct { 3845 mu sync.Mutex 3846 activeConns map[*http2serverConn]struct{} 3847 } 3848 3849 func (s *http2serverInternalState) registerConn(sc *http2serverConn) { 3850 if s == nil { 3851 return // if the Server was used without calling ConfigureServer 3852 } 3853 s.mu.Lock() 3854 s.activeConns[sc] = struct{}{} 3855 s.mu.Unlock() 3856 } 3857 3858 func (s *http2serverInternalState) unregisterConn(sc *http2serverConn) { 3859 if s == nil { 3860 return // if the Server was used without calling ConfigureServer 3861 } 3862 s.mu.Lock() 3863 delete(s.activeConns, sc) 3864 s.mu.Unlock() 3865 } 3866 3867 func (s *http2serverInternalState) startGracefulShutdown() { 3868 if s == nil { 3869 return // if the Server was used without calling ConfigureServer 3870 } 3871 s.mu.Lock() 3872 for sc := range s.activeConns { 3873 sc.startGracefulShutdown() 3874 } 3875 s.mu.Unlock() 3876 } 3877 3878 // ConfigureServer adds HTTP/2 support to a net/http Server. 3879 // 3880 // The configuration conf may be nil. 3881 // 3882 // ConfigureServer must be called before s begins serving. 3883 func http2ConfigureServer(s *Server, conf *http2Server) error { 3884 if s == nil { 3885 panic("nil *http.Server") 3886 } 3887 if conf == nil { 3888 conf = new(http2Server) 3889 } 3890 conf.state = &http2serverInternalState{activeConns: make(map[*http2serverConn]struct{})} 3891 if h1, h2 := s, conf; h2.IdleTimeout == 0 { 3892 if h1.IdleTimeout != 0 { 3893 h2.IdleTimeout = h1.IdleTimeout 3894 } else { 3895 h2.IdleTimeout = h1.ReadTimeout 3896 } 3897 } 3898 s.RegisterOnShutdown(conf.state.startGracefulShutdown) 3899 3900 if s.TLSConfig == nil { 3901 s.TLSConfig = new(tls.Config) 3902 } else if s.TLSConfig.CipherSuites != nil && s.TLSConfig.MinVersion < tls.VersionTLS12 { 3903 // If they already provided a TLS 1.0–1.2 CipherSuite list, return an 3904 // error if it is missing ECDHE_RSA_WITH_AES_128_GCM_SHA256 or 3905 // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256. 3906 haveRequired := false 3907 for _, cs := range s.TLSConfig.CipherSuites { 3908 switch cs { 3909 case tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 3910 // Alternative MTI cipher to not discourage ECDSA-only servers. 3911 // See http://golang.org/cl/30721 for further information. 3912 tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: 3913 haveRequired = true 3914 } 3915 } 3916 if !haveRequired { 3917 return fmt.Errorf("http2: TLSConfig.CipherSuites is missing an HTTP/2-required AES_128_GCM_SHA256 cipher (need at least one of TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 or TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)") 3918 } 3919 } 3920 3921 // Note: not setting MinVersion to tls.VersionTLS12, 3922 // as we don't want to interfere with HTTP/1.1 traffic 3923 // on the user's server. We enforce TLS 1.2 later once 3924 // we accept a connection. Ideally this should be done 3925 // during next-proto selection, but using TLS <1.2 with 3926 // HTTP/2 is still the client's bug. 3927 3928 s.TLSConfig.PreferServerCipherSuites = true 3929 3930 if !http2strSliceContains(s.TLSConfig.NextProtos, http2NextProtoTLS) { 3931 s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, http2NextProtoTLS) 3932 } 3933 if !http2strSliceContains(s.TLSConfig.NextProtos, "http/1.1") { 3934 s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, "http/1.1") 3935 } 3936 3937 if s.TLSNextProto == nil { 3938 s.TLSNextProto = map[string]func(*Server, *tls.Conn, Handler){} 3939 } 3940 protoHandler := func(hs *Server, c *tls.Conn, h Handler) { 3941 if http2testHookOnConn != nil { 3942 http2testHookOnConn() 3943 } 3944 // The TLSNextProto interface predates contexts, so 3945 // the net/http package passes down its per-connection 3946 // base context via an exported but unadvertised 3947 // method on the Handler. This is for internal 3948 // net/http<=>http2 use only. 3949 var ctx context.Context 3950 type baseContexter interface { 3951 BaseContext() context.Context 3952 } 3953 if bc, ok := h.(baseContexter); ok { 3954 ctx = bc.BaseContext() 3955 } 3956 conf.ServeConn(c, &http2ServeConnOpts{ 3957 Context: ctx, 3958 Handler: h, 3959 BaseConfig: hs, 3960 }) 3961 } 3962 s.TLSNextProto[http2NextProtoTLS] = protoHandler 3963 return nil 3964 } 3965 3966 // ServeConnOpts are options for the Server.ServeConn method. 3967 type http2ServeConnOpts struct { 3968 // Context is the base context to use. 3969 // If nil, context.Background is used. 3970 Context context.Context 3971 3972 // BaseConfig optionally sets the base configuration 3973 // for values. If nil, defaults are used. 3974 BaseConfig *Server 3975 3976 // Handler specifies which handler to use for processing 3977 // requests. If nil, BaseConfig.Handler is used. If BaseConfig 3978 // or BaseConfig.Handler is nil, http.DefaultServeMux is used. 3979 Handler Handler 3980 } 3981 3982 func (o *http2ServeConnOpts) context() context.Context { 3983 if o != nil && o.Context != nil { 3984 return o.Context 3985 } 3986 return context.Background() 3987 } 3988 3989 func (o *http2ServeConnOpts) baseConfig() *Server { 3990 if o != nil && o.BaseConfig != nil { 3991 return o.BaseConfig 3992 } 3993 return new(Server) 3994 } 3995 3996 func (o *http2ServeConnOpts) handler() Handler { 3997 if o != nil { 3998 if o.Handler != nil { 3999 return o.Handler 4000 } 4001 if o.BaseConfig != nil && o.BaseConfig.Handler != nil { 4002 return o.BaseConfig.Handler 4003 } 4004 } 4005 return DefaultServeMux 4006 } 4007 4008 // ServeConn serves HTTP/2 requests on the provided connection and 4009 // blocks until the connection is no longer readable. 4010 // 4011 // ServeConn starts speaking HTTP/2 assuming that c has not had any 4012 // reads or writes. It writes its initial settings frame and expects 4013 // to be able to read the preface and settings frame from the 4014 // client. If c has a ConnectionState method like a *tls.Conn, the 4015 // ConnectionState is used to verify the TLS ciphersuite and to set 4016 // the Request.TLS field in Handlers. 4017 // 4018 // ServeConn does not support h2c by itself. Any h2c support must be 4019 // implemented in terms of providing a suitably-behaving net.Conn. 4020 // 4021 // The opts parameter is optional. If nil, default values are used. 4022 func (s *http2Server) ServeConn(c net.Conn, opts *http2ServeConnOpts) { 4023 baseCtx, cancel := http2serverConnBaseContext(c, opts) 4024 defer cancel() 4025 4026 sc := &http2serverConn{ 4027 srv: s, 4028 hs: opts.baseConfig(), 4029 conn: c, 4030 baseCtx: baseCtx, 4031 remoteAddrStr: c.RemoteAddr().String(), 4032 bw: http2newBufferedWriter(c), 4033 handler: opts.handler(), 4034 streams: make(map[uint32]*http2stream), 4035 readFrameCh: make(chan http2readFrameResult), 4036 wantWriteFrameCh: make(chan http2FrameWriteRequest, 8), 4037 serveMsgCh: make(chan interface{}, 8), 4038 wroteFrameCh: make(chan http2frameWriteResult, 1), // buffered; one send in writeFrameAsync 4039 bodyReadCh: make(chan http2bodyReadMsg), // buffering doesn't matter either way 4040 doneServing: make(chan struct{}), 4041 clientMaxStreams: math.MaxUint32, // Section 6.5.2: "Initially, there is no limit to this value" 4042 advMaxStreams: s.maxConcurrentStreams(), 4043 initialStreamSendWindowSize: http2initialWindowSize, 4044 maxFrameSize: http2initialMaxFrameSize, 4045 headerTableSize: http2initialHeaderTableSize, 4046 serveG: http2newGoroutineLock(), 4047 pushEnabled: true, 4048 } 4049 4050 s.state.registerConn(sc) 4051 defer s.state.unregisterConn(sc) 4052 4053 // The net/http package sets the write deadline from the 4054 // http.Server.WriteTimeout during the TLS handshake, but then 4055 // passes the connection off to us with the deadline already set. 4056 // Write deadlines are set per stream in serverConn.newStream. 4057 // Disarm the net.Conn write deadline here. 4058 if sc.hs.WriteTimeout != 0 { 4059 sc.conn.SetWriteDeadline(time.Time{}) 4060 } 4061 4062 if s.NewWriteScheduler != nil { 4063 sc.writeSched = s.NewWriteScheduler() 4064 } else { 4065 sc.writeSched = http2NewRandomWriteScheduler() 4066 } 4067 4068 // These start at the RFC-specified defaults. If there is a higher 4069 // configured value for inflow, that will be updated when we send a 4070 // WINDOW_UPDATE shortly after sending SETTINGS. 4071 sc.flow.add(http2initialWindowSize) 4072 sc.inflow.add(http2initialWindowSize) 4073 sc.hpackEncoder = hpack.NewEncoder(&sc.headerWriteBuf) 4074 4075 fr := http2NewFramer(sc.bw, c) 4076 fr.ReadMetaHeaders = hpack.NewDecoder(http2initialHeaderTableSize, nil) 4077 fr.MaxHeaderListSize = sc.maxHeaderListSize() 4078 fr.SetMaxReadFrameSize(s.maxReadFrameSize()) 4079 sc.framer = fr 4080 4081 if tc, ok := c.(http2connectionStater); ok { 4082 sc.tlsState = new(tls.ConnectionState) 4083 *sc.tlsState = tc.ConnectionState() 4084 // 9.2 Use of TLS Features 4085 // An implementation of HTTP/2 over TLS MUST use TLS 4086 // 1.2 or higher with the restrictions on feature set 4087 // and cipher suite described in this section. Due to 4088 // implementation limitations, it might not be 4089 // possible to fail TLS negotiation. An endpoint MUST 4090 // immediately terminate an HTTP/2 connection that 4091 // does not meet the TLS requirements described in 4092 // this section with a connection error (Section 4093 // 5.4.1) of type INADEQUATE_SECURITY. 4094 if sc.tlsState.Version < tls.VersionTLS12 { 4095 sc.rejectConn(http2ErrCodeInadequateSecurity, "TLS version too low") 4096 return 4097 } 4098 4099 if sc.tlsState.ServerName == "" { 4100 // Client must use SNI, but we don't enforce that anymore, 4101 // since it was causing problems when connecting to bare IP 4102 // addresses during development. 4103 // 4104 // TODO: optionally enforce? Or enforce at the time we receive 4105 // a new request, and verify the ServerName matches the :authority? 4106 // But that precludes proxy situations, perhaps. 4107 // 4108 // So for now, do nothing here again. 4109 } 4110 4111 if !s.PermitProhibitedCipherSuites && http2isBadCipher(sc.tlsState.CipherSuite) { 4112 // "Endpoints MAY choose to generate a connection error 4113 // (Section 5.4.1) of type INADEQUATE_SECURITY if one of 4114 // the prohibited cipher suites are negotiated." 4115 // 4116 // We choose that. In my opinion, the spec is weak 4117 // here. It also says both parties must support at least 4118 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 so there's no 4119 // excuses here. If we really must, we could allow an 4120 // "AllowInsecureWeakCiphers" option on the server later. 4121 // Let's see how it plays out first. 4122 sc.rejectConn(http2ErrCodeInadequateSecurity, fmt.Sprintf("Prohibited TLS 1.2 Cipher Suite: %x", sc.tlsState.CipherSuite)) 4123 return 4124 } 4125 } 4126 4127 if hook := http2testHookGetServerConn; hook != nil { 4128 hook(sc) 4129 } 4130 sc.serve() 4131 } 4132 4133 func http2serverConnBaseContext(c net.Conn, opts *http2ServeConnOpts) (ctx context.Context, cancel func()) { 4134 ctx, cancel = context.WithCancel(opts.context()) 4135 ctx = context.WithValue(ctx, LocalAddrContextKey, c.LocalAddr()) 4136 if hs := opts.baseConfig(); hs != nil { 4137 ctx = context.WithValue(ctx, ServerContextKey, hs) 4138 } 4139 return 4140 } 4141 4142 func (sc *http2serverConn) rejectConn(err http2ErrCode, debug string) { 4143 sc.vlogf("http2: server rejecting conn: %v, %s", err, debug) 4144 // ignoring errors. hanging up anyway. 4145 sc.framer.WriteGoAway(0, err, []byte(debug)) 4146 sc.bw.Flush() 4147 sc.conn.Close() 4148 } 4149 4150 type http2serverConn struct { 4151 // Immutable: 4152 srv *http2Server 4153 hs *Server 4154 conn net.Conn 4155 bw *http2bufferedWriter // writing to conn 4156 handler Handler 4157 baseCtx context.Context 4158 framer *http2Framer 4159 doneServing chan struct{} // closed when serverConn.serve ends 4160 readFrameCh chan http2readFrameResult // written by serverConn.readFrames 4161 wantWriteFrameCh chan http2FrameWriteRequest // from handlers -> serve 4162 wroteFrameCh chan http2frameWriteResult // from writeFrameAsync -> serve, tickles more frame writes 4163 bodyReadCh chan http2bodyReadMsg // from handlers -> serve 4164 serveMsgCh chan interface{} // misc messages & code to send to / run on the serve loop 4165 flow http2flow // conn-wide (not stream-specific) outbound flow control 4166 inflow http2flow // conn-wide inbound flow control 4167 tlsState *tls.ConnectionState // shared by all handlers, like net/http 4168 remoteAddrStr string 4169 writeSched http2WriteScheduler 4170 4171 // Everything following is owned by the serve loop; use serveG.check(): 4172 serveG http2goroutineLock // used to verify funcs are on serve() 4173 pushEnabled bool 4174 sawFirstSettings bool // got the initial SETTINGS frame after the preface 4175 needToSendSettingsAck bool 4176 unackedSettings int // how many SETTINGS have we sent without ACKs? 4177 queuedControlFrames int // control frames in the writeSched queue 4178 clientMaxStreams uint32 // SETTINGS_MAX_CONCURRENT_STREAMS from client (our PUSH_PROMISE limit) 4179 advMaxStreams uint32 // our SETTINGS_MAX_CONCURRENT_STREAMS advertised the client 4180 curClientStreams uint32 // number of open streams initiated by the client 4181 curPushedStreams uint32 // number of open streams initiated by server push 4182 maxClientStreamID uint32 // max ever seen from client (odd), or 0 if there have been no client requests 4183 maxPushPromiseID uint32 // ID of the last push promise (even), or 0 if there have been no pushes 4184 streams map[uint32]*http2stream 4185 initialStreamSendWindowSize int32 4186 maxFrameSize int32 4187 headerTableSize uint32 4188 peerMaxHeaderListSize uint32 // zero means unknown (default) 4189 canonHeader map[string]string // http2-lower-case -> Go-Canonical-Case 4190 writingFrame bool // started writing a frame (on serve goroutine or separate) 4191 writingFrameAsync bool // started a frame on its own goroutine but haven't heard back on wroteFrameCh 4192 needsFrameFlush bool // last frame write wasn't a flush 4193 inGoAway bool // we've started to or sent GOAWAY 4194 inFrameScheduleLoop bool // whether we're in the scheduleFrameWrite loop 4195 needToSendGoAway bool // we need to schedule a GOAWAY frame write 4196 goAwayCode http2ErrCode 4197 shutdownTimer *time.Timer // nil until used 4198 idleTimer *time.Timer // nil if unused 4199 4200 // Owned by the writeFrameAsync goroutine: 4201 headerWriteBuf bytes.Buffer 4202 hpackEncoder *hpack.Encoder 4203 4204 // Used by startGracefulShutdown. 4205 shutdownOnce sync.Once 4206 } 4207 4208 func (sc *http2serverConn) maxHeaderListSize() uint32 { 4209 n := sc.hs.MaxHeaderBytes 4210 if n <= 0 { 4211 n = DefaultMaxHeaderBytes 4212 } 4213 // http2's count is in a slightly different unit and includes 32 bytes per pair. 4214 // So, take the net/http.Server value and pad it up a bit, assuming 10 headers. 4215 const perFieldOverhead = 32 // per http2 spec 4216 const typicalHeaders = 10 // conservative 4217 return uint32(n + typicalHeaders*perFieldOverhead) 4218 } 4219 4220 func (sc *http2serverConn) curOpenStreams() uint32 { 4221 sc.serveG.check() 4222 return sc.curClientStreams + sc.curPushedStreams 4223 } 4224 4225 // stream represents a stream. This is the minimal metadata needed by 4226 // the serve goroutine. Most of the actual stream state is owned by 4227 // the http.Handler's goroutine in the responseWriter. Because the 4228 // responseWriter's responseWriterState is recycled at the end of a 4229 // handler, this struct intentionally has no pointer to the 4230 // *responseWriter{,State} itself, as the Handler ending nils out the 4231 // responseWriter's state field. 4232 type http2stream struct { 4233 // immutable: 4234 sc *http2serverConn 4235 id uint32 4236 body *http2pipe // non-nil if expecting DATA frames 4237 cw http2closeWaiter // closed wait stream transitions to closed state 4238 ctx context.Context 4239 cancelCtx func() 4240 4241 // owned by serverConn's serve loop: 4242 bodyBytes int64 // body bytes seen so far 4243 declBodyBytes int64 // or -1 if undeclared 4244 flow http2flow // limits writing from Handler to client 4245 inflow http2flow // what the client is allowed to POST/etc to us 4246 state http2streamState 4247 resetQueued bool // RST_STREAM queued for write; set by sc.resetStream 4248 gotTrailerHeader bool // HEADER frame for trailers was seen 4249 wroteHeaders bool // whether we wrote headers (not status 100) 4250 writeDeadline *time.Timer // nil if unused 4251 4252 trailer Header // accumulated trailers 4253 reqTrailer Header // handler's Request.Trailer 4254 } 4255 4256 func (sc *http2serverConn) Framer() *http2Framer { return sc.framer } 4257 4258 func (sc *http2serverConn) CloseConn() error { return sc.conn.Close() } 4259 4260 func (sc *http2serverConn) Flush() error { return sc.bw.Flush() } 4261 4262 func (sc *http2serverConn) HeaderEncoder() (*hpack.Encoder, *bytes.Buffer) { 4263 return sc.hpackEncoder, &sc.headerWriteBuf 4264 } 4265 4266 func (sc *http2serverConn) state(streamID uint32) (http2streamState, *http2stream) { 4267 sc.serveG.check() 4268 // http://tools.ietf.org/html/rfc7540#section-5.1 4269 if st, ok := sc.streams[streamID]; ok { 4270 return st.state, st 4271 } 4272 // "The first use of a new stream identifier implicitly closes all 4273 // streams in the "idle" state that might have been initiated by 4274 // that peer with a lower-valued stream identifier. For example, if 4275 // a client sends a HEADERS frame on stream 7 without ever sending a 4276 // frame on stream 5, then stream 5 transitions to the "closed" 4277 // state when the first frame for stream 7 is sent or received." 4278 if streamID%2 == 1 { 4279 if streamID <= sc.maxClientStreamID { 4280 return http2stateClosed, nil 4281 } 4282 } else { 4283 if streamID <= sc.maxPushPromiseID { 4284 return http2stateClosed, nil 4285 } 4286 } 4287 return http2stateIdle, nil 4288 } 4289 4290 // setConnState calls the net/http ConnState hook for this connection, if configured. 4291 // Note that the net/http package does StateNew and StateClosed for us. 4292 // There is currently no plan for StateHijacked or hijacking HTTP/2 connections. 4293 func (sc *http2serverConn) setConnState(state ConnState) { 4294 if sc.hs.ConnState != nil { 4295 sc.hs.ConnState(sc.conn, state) 4296 } 4297 } 4298 4299 func (sc *http2serverConn) vlogf(format string, args ...interface{}) { 4300 if http2VerboseLogs { 4301 sc.logf(format, args...) 4302 } 4303 } 4304 4305 func (sc *http2serverConn) logf(format string, args ...interface{}) { 4306 if lg := sc.hs.ErrorLog; lg != nil { 4307 lg.Printf(format, args...) 4308 } else { 4309 log.Printf(format, args...) 4310 } 4311 } 4312 4313 // errno returns v's underlying uintptr, else 0. 4314 // 4315 // TODO: remove this helper function once http2 can use build 4316 // tags. See comment in isClosedConnError. 4317 func http2errno(v error) uintptr { 4318 if rv := reflect.ValueOf(v); rv.Kind() == reflect.Uintptr { 4319 return uintptr(rv.Uint()) 4320 } 4321 return 0 4322 } 4323 4324 // isClosedConnError reports whether err is an error from use of a closed 4325 // network connection. 4326 func http2isClosedConnError(err error) bool { 4327 if err == nil { 4328 return false 4329 } 4330 4331 // TODO: remove this string search and be more like the Windows 4332 // case below. That might involve modifying the standard library 4333 // to return better error types. 4334 str := err.Error() 4335 if strings.Contains(str, "use of closed network connection") { 4336 return true 4337 } 4338 4339 // TODO(bradfitz): x/tools/cmd/bundle doesn't really support 4340 // build tags, so I can't make an http2_windows.go file with 4341 // Windows-specific stuff. Fix that and move this, once we 4342 // have a way to bundle this into std's net/http somehow. 4343 if runtime.GOOS == "windows" { 4344 if oe, ok := err.(*net.OpError); ok && oe.Op == "read" { 4345 if se, ok := oe.Err.(*os.SyscallError); ok && se.Syscall == "wsarecv" { 4346 const WSAECONNABORTED = 10053 4347 const WSAECONNRESET = 10054 4348 if n := http2errno(se.Err); n == WSAECONNRESET || n == WSAECONNABORTED { 4349 return true 4350 } 4351 } 4352 } 4353 } 4354 return false 4355 } 4356 4357 func (sc *http2serverConn) condlogf(err error, format string, args ...interface{}) { 4358 if err == nil { 4359 return 4360 } 4361 if err == io.EOF || err == io.ErrUnexpectedEOF || http2isClosedConnError(err) || err == http2errPrefaceTimeout { 4362 // Boring, expected errors. 4363 sc.vlogf(format, args...) 4364 } else { 4365 sc.logf(format, args...) 4366 } 4367 } 4368 4369 func (sc *http2serverConn) canonicalHeader(v string) string { 4370 sc.serveG.check() 4371 http2buildCommonHeaderMapsOnce() 4372 cv, ok := http2commonCanonHeader[v] 4373 if ok { 4374 return cv 4375 } 4376 cv, ok = sc.canonHeader[v] 4377 if ok { 4378 return cv 4379 } 4380 if sc.canonHeader == nil { 4381 sc.canonHeader = make(map[string]string) 4382 } 4383 cv = CanonicalHeaderKey(v) 4384 // maxCachedCanonicalHeaders is an arbitrarily-chosen limit on the number of 4385 // entries in the canonHeader cache. This should be larger than the number 4386 // of unique, uncommon header keys likely to be sent by the peer, while not 4387 // so high as to permit unreaasonable memory usage if the peer sends an unbounded 4388 // number of unique header keys. 4389 const maxCachedCanonicalHeaders = 32 4390 if len(sc.canonHeader) < maxCachedCanonicalHeaders { 4391 sc.canonHeader[v] = cv 4392 } 4393 return cv 4394 } 4395 4396 type http2readFrameResult struct { 4397 f http2Frame // valid until readMore is called 4398 err error 4399 4400 // readMore should be called once the consumer no longer needs or 4401 // retains f. After readMore, f is invalid and more frames can be 4402 // read. 4403 readMore func() 4404 } 4405 4406 // readFrames is the loop that reads incoming frames. 4407 // It takes care to only read one frame at a time, blocking until the 4408 // consumer is done with the frame. 4409 // It's run on its own goroutine. 4410 func (sc *http2serverConn) readFrames() { 4411 gate := make(http2gate) 4412 gateDone := gate.Done 4413 for { 4414 f, err := sc.framer.ReadFrame() 4415 select { 4416 case sc.readFrameCh <- http2readFrameResult{f, err, gateDone}: 4417 case <-sc.doneServing: 4418 return 4419 } 4420 select { 4421 case <-gate: 4422 case <-sc.doneServing: 4423 return 4424 } 4425 if http2terminalReadFrameError(err) { 4426 return 4427 } 4428 } 4429 } 4430 4431 // frameWriteResult is the message passed from writeFrameAsync to the serve goroutine. 4432 type http2frameWriteResult struct { 4433 _ http2incomparable 4434 wr http2FrameWriteRequest // what was written (or attempted) 4435 err error // result of the writeFrame call 4436 } 4437 4438 // writeFrameAsync runs in its own goroutine and writes a single frame 4439 // and then reports when it's done. 4440 // At most one goroutine can be running writeFrameAsync at a time per 4441 // serverConn. 4442 func (sc *http2serverConn) writeFrameAsync(wr http2FrameWriteRequest) { 4443 err := wr.write.writeFrame(sc) 4444 sc.wroteFrameCh <- http2frameWriteResult{wr: wr, err: err} 4445 } 4446 4447 func (sc *http2serverConn) closeAllStreamsOnConnClose() { 4448 sc.serveG.check() 4449 for _, st := range sc.streams { 4450 sc.closeStream(st, http2errClientDisconnected) 4451 } 4452 } 4453 4454 func (sc *http2serverConn) stopShutdownTimer() { 4455 sc.serveG.check() 4456 if t := sc.shutdownTimer; t != nil { 4457 t.Stop() 4458 } 4459 } 4460 4461 func (sc *http2serverConn) notePanic() { 4462 // Note: this is for serverConn.serve panicking, not http.Handler code. 4463 if http2testHookOnPanicMu != nil { 4464 http2testHookOnPanicMu.Lock() 4465 defer http2testHookOnPanicMu.Unlock() 4466 } 4467 if http2testHookOnPanic != nil { 4468 if e := recover(); e != nil { 4469 if http2testHookOnPanic(sc, e) { 4470 panic(e) 4471 } 4472 } 4473 } 4474 } 4475 4476 func (sc *http2serverConn) serve() { 4477 sc.serveG.check() 4478 defer sc.notePanic() 4479 defer sc.conn.Close() 4480 defer sc.closeAllStreamsOnConnClose() 4481 defer sc.stopShutdownTimer() 4482 defer close(sc.doneServing) // unblocks handlers trying to send 4483 4484 if http2VerboseLogs { 4485 sc.vlogf("http2: server connection from %v on %p", sc.conn.RemoteAddr(), sc.hs) 4486 } 4487 4488 sc.writeFrame(http2FrameWriteRequest{ 4489 write: http2writeSettings{ 4490 {http2SettingMaxFrameSize, sc.srv.maxReadFrameSize()}, 4491 {http2SettingMaxConcurrentStreams, sc.advMaxStreams}, 4492 {http2SettingMaxHeaderListSize, sc.maxHeaderListSize()}, 4493 {http2SettingInitialWindowSize, uint32(sc.srv.initialStreamRecvWindowSize())}, 4494 }, 4495 }) 4496 sc.unackedSettings++ 4497 4498 // Each connection starts with intialWindowSize inflow tokens. 4499 // If a higher value is configured, we add more tokens. 4500 if diff := sc.srv.initialConnRecvWindowSize() - http2initialWindowSize; diff > 0 { 4501 sc.sendWindowUpdate(nil, int(diff)) 4502 } 4503 4504 if err := sc.readPreface(); err != nil { 4505 sc.condlogf(err, "http2: server: error reading preface from client %v: %v", sc.conn.RemoteAddr(), err) 4506 return 4507 } 4508 // Now that we've got the preface, get us out of the 4509 // "StateNew" state. We can't go directly to idle, though. 4510 // Active means we read some data and anticipate a request. We'll 4511 // do another Active when we get a HEADERS frame. 4512 sc.setConnState(StateActive) 4513 sc.setConnState(StateIdle) 4514 4515 if sc.srv.IdleTimeout != 0 { 4516 sc.idleTimer = time.AfterFunc(sc.srv.IdleTimeout, sc.onIdleTimer) 4517 defer sc.idleTimer.Stop() 4518 } 4519 4520 go sc.readFrames() // closed by defer sc.conn.Close above 4521 4522 settingsTimer := time.AfterFunc(http2firstSettingsTimeout, sc.onSettingsTimer) 4523 defer settingsTimer.Stop() 4524 4525 loopNum := 0 4526 for { 4527 loopNum++ 4528 select { 4529 case wr := <-sc.wantWriteFrameCh: 4530 if se, ok := wr.write.(http2StreamError); ok { 4531 sc.resetStream(se) 4532 break 4533 } 4534 sc.writeFrame(wr) 4535 case res := <-sc.wroteFrameCh: 4536 sc.wroteFrame(res) 4537 case res := <-sc.readFrameCh: 4538 // Process any written frames before reading new frames from the client since a 4539 // written frame could have triggered a new stream to be started. 4540 if sc.writingFrameAsync { 4541 select { 4542 case wroteRes := <-sc.wroteFrameCh: 4543 sc.wroteFrame(wroteRes) 4544 default: 4545 } 4546 } 4547 if !sc.processFrameFromReader(res) { 4548 return 4549 } 4550 res.readMore() 4551 if settingsTimer != nil { 4552 settingsTimer.Stop() 4553 settingsTimer = nil 4554 } 4555 case m := <-sc.bodyReadCh: 4556 sc.noteBodyRead(m.st, m.n) 4557 case msg := <-sc.serveMsgCh: 4558 switch v := msg.(type) { 4559 case func(int): 4560 v(loopNum) // for testing 4561 case *http2serverMessage: 4562 switch v { 4563 case http2settingsTimerMsg: 4564 sc.logf("timeout waiting for SETTINGS frames from %v", sc.conn.RemoteAddr()) 4565 return 4566 case http2idleTimerMsg: 4567 sc.vlogf("connection is idle") 4568 sc.goAway(http2ErrCodeNo) 4569 case http2shutdownTimerMsg: 4570 sc.vlogf("GOAWAY close timer fired; closing conn from %v", sc.conn.RemoteAddr()) 4571 return 4572 case http2gracefulShutdownMsg: 4573 sc.startGracefulShutdownInternal() 4574 default: 4575 panic("unknown timer") 4576 } 4577 case *http2startPushRequest: 4578 sc.startPush(v) 4579 default: 4580 panic(fmt.Sprintf("unexpected type %T", v)) 4581 } 4582 } 4583 4584 // If the peer is causing us to generate a lot of control frames, 4585 // but not reading them from us, assume they are trying to make us 4586 // run out of memory. 4587 if sc.queuedControlFrames > sc.srv.maxQueuedControlFrames() { 4588 sc.vlogf("http2: too many control frames in send queue, closing connection") 4589 return 4590 } 4591 4592 // Start the shutdown timer after sending a GOAWAY. When sending GOAWAY 4593 // with no error code (graceful shutdown), don't start the timer until 4594 // all open streams have been completed. 4595 sentGoAway := sc.inGoAway && !sc.needToSendGoAway && !sc.writingFrame 4596 gracefulShutdownComplete := sc.goAwayCode == http2ErrCodeNo && sc.curOpenStreams() == 0 4597 if sentGoAway && sc.shutdownTimer == nil && (sc.goAwayCode != http2ErrCodeNo || gracefulShutdownComplete) { 4598 sc.shutDownIn(http2goAwayTimeout) 4599 } 4600 } 4601 } 4602 4603 func (sc *http2serverConn) awaitGracefulShutdown(sharedCh <-chan struct{}, privateCh chan struct{}) { 4604 select { 4605 case <-sc.doneServing: 4606 case <-sharedCh: 4607 close(privateCh) 4608 } 4609 } 4610 4611 type http2serverMessage int 4612 4613 // Message values sent to serveMsgCh. 4614 var ( 4615 http2settingsTimerMsg = new(http2serverMessage) 4616 http2idleTimerMsg = new(http2serverMessage) 4617 http2shutdownTimerMsg = new(http2serverMessage) 4618 http2gracefulShutdownMsg = new(http2serverMessage) 4619 ) 4620 4621 func (sc *http2serverConn) onSettingsTimer() { sc.sendServeMsg(http2settingsTimerMsg) } 4622 4623 func (sc *http2serverConn) onIdleTimer() { sc.sendServeMsg(http2idleTimerMsg) } 4624 4625 func (sc *http2serverConn) onShutdownTimer() { sc.sendServeMsg(http2shutdownTimerMsg) } 4626 4627 func (sc *http2serverConn) sendServeMsg(msg interface{}) { 4628 sc.serveG.checkNotOn() // NOT 4629 select { 4630 case sc.serveMsgCh <- msg: 4631 case <-sc.doneServing: 4632 } 4633 } 4634 4635 var http2errPrefaceTimeout = errors.New("timeout waiting for client preface") 4636 4637 // readPreface reads the ClientPreface greeting from the peer or 4638 // returns errPrefaceTimeout on timeout, or an error if the greeting 4639 // is invalid. 4640 func (sc *http2serverConn) readPreface() error { 4641 errc := make(chan error, 1) 4642 go func() { 4643 // Read the client preface 4644 buf := make([]byte, len(http2ClientPreface)) 4645 if _, err := io.ReadFull(sc.conn, buf); err != nil { 4646 errc <- err 4647 } else if !bytes.Equal(buf, http2clientPreface) { 4648 errc <- fmt.Errorf("bogus greeting %q", buf) 4649 } else { 4650 errc <- nil 4651 } 4652 }() 4653 timer := time.NewTimer(http2prefaceTimeout) // TODO: configurable on *Server? 4654 defer timer.Stop() 4655 select { 4656 case <-timer.C: 4657 return http2errPrefaceTimeout 4658 case err := <-errc: 4659 if err == nil { 4660 if http2VerboseLogs { 4661 sc.vlogf("http2: server: client %v said hello", sc.conn.RemoteAddr()) 4662 } 4663 } 4664 return err 4665 } 4666 } 4667 4668 var http2errChanPool = sync.Pool{ 4669 New: func() interface{} { return make(chan error, 1) }, 4670 } 4671 4672 var http2writeDataPool = sync.Pool{ 4673 New: func() interface{} { return new(http2writeData) }, 4674 } 4675 4676 // writeDataFromHandler writes DATA response frames from a handler on 4677 // the given stream. 4678 func (sc *http2serverConn) writeDataFromHandler(stream *http2stream, data []byte, endStream bool) error { 4679 ch := http2errChanPool.Get().(chan error) 4680 writeArg := http2writeDataPool.Get().(*http2writeData) 4681 *writeArg = http2writeData{stream.id, data, endStream} 4682 err := sc.writeFrameFromHandler(http2FrameWriteRequest{ 4683 write: writeArg, 4684 stream: stream, 4685 done: ch, 4686 }) 4687 if err != nil { 4688 return err 4689 } 4690 var frameWriteDone bool // the frame write is done (successfully or not) 4691 select { 4692 case err = <-ch: 4693 frameWriteDone = true 4694 case <-sc.doneServing: 4695 return http2errClientDisconnected 4696 case <-stream.cw: 4697 // If both ch and stream.cw were ready (as might 4698 // happen on the final Write after an http.Handler 4699 // ends), prefer the write result. Otherwise this 4700 // might just be us successfully closing the stream. 4701 // The writeFrameAsync and serve goroutines guarantee 4702 // that the ch send will happen before the stream.cw 4703 // close. 4704 select { 4705 case err = <-ch: 4706 frameWriteDone = true 4707 default: 4708 return http2errStreamClosed 4709 } 4710 } 4711 http2errChanPool.Put(ch) 4712 if frameWriteDone { 4713 http2writeDataPool.Put(writeArg) 4714 } 4715 return err 4716 } 4717 4718 // writeFrameFromHandler sends wr to sc.wantWriteFrameCh, but aborts 4719 // if the connection has gone away. 4720 // 4721 // This must not be run from the serve goroutine itself, else it might 4722 // deadlock writing to sc.wantWriteFrameCh (which is only mildly 4723 // buffered and is read by serve itself). If you're on the serve 4724 // goroutine, call writeFrame instead. 4725 func (sc *http2serverConn) writeFrameFromHandler(wr http2FrameWriteRequest) error { 4726 sc.serveG.checkNotOn() // NOT 4727 select { 4728 case sc.wantWriteFrameCh <- wr: 4729 return nil 4730 case <-sc.doneServing: 4731 // Serve loop is gone. 4732 // Client has closed their connection to the server. 4733 return http2errClientDisconnected 4734 } 4735 } 4736 4737 // writeFrame schedules a frame to write and sends it if there's nothing 4738 // already being written. 4739 // 4740 // There is no pushback here (the serve goroutine never blocks). It's 4741 // the http.Handlers that block, waiting for their previous frames to 4742 // make it onto the wire 4743 // 4744 // If you're not on the serve goroutine, use writeFrameFromHandler instead. 4745 func (sc *http2serverConn) writeFrame(wr http2FrameWriteRequest) { 4746 sc.serveG.check() 4747 4748 // If true, wr will not be written and wr.done will not be signaled. 4749 var ignoreWrite bool 4750 4751 // We are not allowed to write frames on closed streams. RFC 7540 Section 4752 // 5.1.1 says: "An endpoint MUST NOT send frames other than PRIORITY on 4753 // a closed stream." Our server never sends PRIORITY, so that exception 4754 // does not apply. 4755 // 4756 // The serverConn might close an open stream while the stream's handler 4757 // is still running. For example, the server might close a stream when it 4758 // receives bad data from the client. If this happens, the handler might 4759 // attempt to write a frame after the stream has been closed (since the 4760 // handler hasn't yet been notified of the close). In this case, we simply 4761 // ignore the frame. The handler will notice that the stream is closed when 4762 // it waits for the frame to be written. 4763 // 4764 // As an exception to this rule, we allow sending RST_STREAM after close. 4765 // This allows us to immediately reject new streams without tracking any 4766 // state for those streams (except for the queued RST_STREAM frame). This 4767 // may result in duplicate RST_STREAMs in some cases, but the client should 4768 // ignore those. 4769 if wr.StreamID() != 0 { 4770 _, isReset := wr.write.(http2StreamError) 4771 if state, _ := sc.state(wr.StreamID()); state == http2stateClosed && !isReset { 4772 ignoreWrite = true 4773 } 4774 } 4775 4776 // Don't send a 100-continue response if we've already sent headers. 4777 // See golang.org/issue/14030. 4778 switch wr.write.(type) { 4779 case *http2writeResHeaders: 4780 wr.stream.wroteHeaders = true 4781 case http2write100ContinueHeadersFrame: 4782 if wr.stream.wroteHeaders { 4783 // We do not need to notify wr.done because this frame is 4784 // never written with wr.done != nil. 4785 if wr.done != nil { 4786 panic("wr.done != nil for write100ContinueHeadersFrame") 4787 } 4788 ignoreWrite = true 4789 } 4790 } 4791 4792 if !ignoreWrite { 4793 if wr.isControl() { 4794 sc.queuedControlFrames++ 4795 // For extra safety, detect wraparounds, which should not happen, 4796 // and pull the plug. 4797 if sc.queuedControlFrames < 0 { 4798 sc.conn.Close() 4799 } 4800 } 4801 sc.writeSched.Push(wr) 4802 } 4803 sc.scheduleFrameWrite() 4804 } 4805 4806 // startFrameWrite starts a goroutine to write wr (in a separate 4807 // goroutine since that might block on the network), and updates the 4808 // serve goroutine's state about the world, updated from info in wr. 4809 func (sc *http2serverConn) startFrameWrite(wr http2FrameWriteRequest) { 4810 sc.serveG.check() 4811 if sc.writingFrame { 4812 panic("internal error: can only be writing one frame at a time") 4813 } 4814 4815 st := wr.stream 4816 if st != nil { 4817 switch st.state { 4818 case http2stateHalfClosedLocal: 4819 switch wr.write.(type) { 4820 case http2StreamError, http2handlerPanicRST, http2writeWindowUpdate: 4821 // RFC 7540 Section 5.1 allows sending RST_STREAM, PRIORITY, and WINDOW_UPDATE 4822 // in this state. (We never send PRIORITY from the server, so that is not checked.) 4823 default: 4824 panic(fmt.Sprintf("internal error: attempt to send frame on a half-closed-local stream: %v", wr)) 4825 } 4826 case http2stateClosed: 4827 panic(fmt.Sprintf("internal error: attempt to send frame on a closed stream: %v", wr)) 4828 } 4829 } 4830 if wpp, ok := wr.write.(*http2writePushPromise); ok { 4831 var err error 4832 wpp.promisedID, err = wpp.allocatePromisedID() 4833 if err != nil { 4834 sc.writingFrameAsync = false 4835 wr.replyToWriter(err) 4836 return 4837 } 4838 } 4839 4840 sc.writingFrame = true 4841 sc.needsFrameFlush = true 4842 if wr.write.staysWithinBuffer(sc.bw.Available()) { 4843 sc.writingFrameAsync = false 4844 err := wr.write.writeFrame(sc) 4845 sc.wroteFrame(http2frameWriteResult{wr: wr, err: err}) 4846 } else { 4847 sc.writingFrameAsync = true 4848 go sc.writeFrameAsync(wr) 4849 } 4850 } 4851 4852 // errHandlerPanicked is the error given to any callers blocked in a read from 4853 // Request.Body when the main goroutine panics. Since most handlers read in the 4854 // main ServeHTTP goroutine, this will show up rarely. 4855 var http2errHandlerPanicked = errors.New("http2: handler panicked") 4856 4857 // wroteFrame is called on the serve goroutine with the result of 4858 // whatever happened on writeFrameAsync. 4859 func (sc *http2serverConn) wroteFrame(res http2frameWriteResult) { 4860 sc.serveG.check() 4861 if !sc.writingFrame { 4862 panic("internal error: expected to be already writing a frame") 4863 } 4864 sc.writingFrame = false 4865 sc.writingFrameAsync = false 4866 4867 wr := res.wr 4868 4869 if http2writeEndsStream(wr.write) { 4870 st := wr.stream 4871 if st == nil { 4872 panic("internal error: expecting non-nil stream") 4873 } 4874 switch st.state { 4875 case http2stateOpen: 4876 // Here we would go to stateHalfClosedLocal in 4877 // theory, but since our handler is done and 4878 // the net/http package provides no mechanism 4879 // for closing a ResponseWriter while still 4880 // reading data (see possible TODO at top of 4881 // this file), we go into closed state here 4882 // anyway, after telling the peer we're 4883 // hanging up on them. We'll transition to 4884 // stateClosed after the RST_STREAM frame is 4885 // written. 4886 st.state = http2stateHalfClosedLocal 4887 // Section 8.1: a server MAY request that the client abort 4888 // transmission of a request without error by sending a 4889 // RST_STREAM with an error code of NO_ERROR after sending 4890 // a complete response. 4891 sc.resetStream(http2streamError(st.id, http2ErrCodeNo)) 4892 case http2stateHalfClosedRemote: 4893 sc.closeStream(st, http2errHandlerComplete) 4894 } 4895 } else { 4896 switch v := wr.write.(type) { 4897 case http2StreamError: 4898 // st may be unknown if the RST_STREAM was generated to reject bad input. 4899 if st, ok := sc.streams[v.StreamID]; ok { 4900 sc.closeStream(st, v) 4901 } 4902 case http2handlerPanicRST: 4903 sc.closeStream(wr.stream, http2errHandlerPanicked) 4904 } 4905 } 4906 4907 // Reply (if requested) to unblock the ServeHTTP goroutine. 4908 wr.replyToWriter(res.err) 4909 4910 sc.scheduleFrameWrite() 4911 } 4912 4913 // scheduleFrameWrite tickles the frame writing scheduler. 4914 // 4915 // If a frame is already being written, nothing happens. This will be called again 4916 // when the frame is done being written. 4917 // 4918 // If a frame isn't being written and we need to send one, the best frame 4919 // to send is selected by writeSched. 4920 // 4921 // If a frame isn't being written and there's nothing else to send, we 4922 // flush the write buffer. 4923 func (sc *http2serverConn) scheduleFrameWrite() { 4924 sc.serveG.check() 4925 if sc.writingFrame || sc.inFrameScheduleLoop { 4926 return 4927 } 4928 sc.inFrameScheduleLoop = true 4929 for !sc.writingFrameAsync { 4930 if sc.needToSendGoAway { 4931 sc.needToSendGoAway = false 4932 sc.startFrameWrite(http2FrameWriteRequest{ 4933 write: &http2writeGoAway{ 4934 maxStreamID: sc.maxClientStreamID, 4935 code: sc.goAwayCode, 4936 }, 4937 }) 4938 continue 4939 } 4940 if sc.needToSendSettingsAck { 4941 sc.needToSendSettingsAck = false 4942 sc.startFrameWrite(http2FrameWriteRequest{write: http2writeSettingsAck{}}) 4943 continue 4944 } 4945 if !sc.inGoAway || sc.goAwayCode == http2ErrCodeNo { 4946 if wr, ok := sc.writeSched.Pop(); ok { 4947 if wr.isControl() { 4948 sc.queuedControlFrames-- 4949 } 4950 sc.startFrameWrite(wr) 4951 continue 4952 } 4953 } 4954 if sc.needsFrameFlush { 4955 sc.startFrameWrite(http2FrameWriteRequest{write: http2flushFrameWriter{}}) 4956 sc.needsFrameFlush = false // after startFrameWrite, since it sets this true 4957 continue 4958 } 4959 break 4960 } 4961 sc.inFrameScheduleLoop = false 4962 } 4963 4964 // startGracefulShutdown gracefully shuts down a connection. This 4965 // sends GOAWAY with ErrCodeNo to tell the client we're gracefully 4966 // shutting down. The connection isn't closed until all current 4967 // streams are done. 4968 // 4969 // startGracefulShutdown returns immediately; it does not wait until 4970 // the connection has shut down. 4971 func (sc *http2serverConn) startGracefulShutdown() { 4972 sc.serveG.checkNotOn() // NOT 4973 sc.shutdownOnce.Do(func() { sc.sendServeMsg(http2gracefulShutdownMsg) }) 4974 } 4975 4976 // After sending GOAWAY with an error code (non-graceful shutdown), the 4977 // connection will close after goAwayTimeout. 4978 // 4979 // If we close the connection immediately after sending GOAWAY, there may 4980 // be unsent data in our kernel receive buffer, which will cause the kernel 4981 // to send a TCP RST on close() instead of a FIN. This RST will abort the 4982 // connection immediately, whether or not the client had received the GOAWAY. 4983 // 4984 // Ideally we should delay for at least 1 RTT + epsilon so the client has 4985 // a chance to read the GOAWAY and stop sending messages. Measuring RTT 4986 // is hard, so we approximate with 1 second. See golang.org/issue/18701. 4987 // 4988 // This is a var so it can be shorter in tests, where all requests uses the 4989 // loopback interface making the expected RTT very small. 4990 // 4991 // TODO: configurable? 4992 var http2goAwayTimeout = 1 * time.Second 4993 4994 func (sc *http2serverConn) startGracefulShutdownInternal() { 4995 sc.goAway(http2ErrCodeNo) 4996 } 4997 4998 func (sc *http2serverConn) goAway(code http2ErrCode) { 4999 sc.serveG.check() 5000 if sc.inGoAway { 5001 return 5002 } 5003 sc.inGoAway = true 5004 sc.needToSendGoAway = true 5005 sc.goAwayCode = code 5006 sc.scheduleFrameWrite() 5007 } 5008 5009 func (sc *http2serverConn) shutDownIn(d time.Duration) { 5010 sc.serveG.check() 5011 sc.shutdownTimer = time.AfterFunc(d, sc.onShutdownTimer) 5012 } 5013 5014 func (sc *http2serverConn) resetStream(se http2StreamError) { 5015 sc.serveG.check() 5016 sc.writeFrame(http2FrameWriteRequest{write: se}) 5017 if st, ok := sc.streams[se.StreamID]; ok { 5018 st.resetQueued = true 5019 } 5020 } 5021 5022 // processFrameFromReader processes the serve loop's read from readFrameCh from the 5023 // frame-reading goroutine. 5024 // processFrameFromReader returns whether the connection should be kept open. 5025 func (sc *http2serverConn) processFrameFromReader(res http2readFrameResult) bool { 5026 sc.serveG.check() 5027 err := res.err 5028 if err != nil { 5029 if err == http2ErrFrameTooLarge { 5030 sc.goAway(http2ErrCodeFrameSize) 5031 return true // goAway will close the loop 5032 } 5033 clientGone := err == io.EOF || err == io.ErrUnexpectedEOF || http2isClosedConnError(err) 5034 if clientGone { 5035 // TODO: could we also get into this state if 5036 // the peer does a half close 5037 // (e.g. CloseWrite) because they're done 5038 // sending frames but they're still wanting 5039 // our open replies? Investigate. 5040 // TODO: add CloseWrite to crypto/tls.Conn first 5041 // so we have a way to test this? I suppose 5042 // just for testing we could have a non-TLS mode. 5043 return false 5044 } 5045 } else { 5046 f := res.f 5047 if http2VerboseLogs { 5048 sc.vlogf("http2: server read frame %v", http2summarizeFrame(f)) 5049 } 5050 err = sc.processFrame(f) 5051 if err == nil { 5052 return true 5053 } 5054 } 5055 5056 switch ev := err.(type) { 5057 case http2StreamError: 5058 sc.resetStream(ev) 5059 return true 5060 case http2goAwayFlowError: 5061 sc.goAway(http2ErrCodeFlowControl) 5062 return true 5063 case http2ConnectionError: 5064 sc.logf("http2: server connection error from %v: %v", sc.conn.RemoteAddr(), ev) 5065 sc.goAway(http2ErrCode(ev)) 5066 return true // goAway will handle shutdown 5067 default: 5068 if res.err != nil { 5069 sc.vlogf("http2: server closing client connection; error reading frame from client %s: %v", sc.conn.RemoteAddr(), err) 5070 } else { 5071 sc.logf("http2: server closing client connection: %v", err) 5072 } 5073 return false 5074 } 5075 } 5076 5077 func (sc *http2serverConn) processFrame(f http2Frame) error { 5078 sc.serveG.check() 5079 5080 // First frame received must be SETTINGS. 5081 if !sc.sawFirstSettings { 5082 if _, ok := f.(*http2SettingsFrame); !ok { 5083 return http2ConnectionError(http2ErrCodeProtocol) 5084 } 5085 sc.sawFirstSettings = true 5086 } 5087 5088 switch f := f.(type) { 5089 case *http2SettingsFrame: 5090 return sc.processSettings(f) 5091 case *http2MetaHeadersFrame: 5092 return sc.processHeaders(f) 5093 case *http2WindowUpdateFrame: 5094 return sc.processWindowUpdate(f) 5095 case *http2PingFrame: 5096 return sc.processPing(f) 5097 case *http2DataFrame: 5098 return sc.processData(f) 5099 case *http2RSTStreamFrame: 5100 return sc.processResetStream(f) 5101 case *http2PriorityFrame: 5102 return sc.processPriority(f) 5103 case *http2GoAwayFrame: 5104 return sc.processGoAway(f) 5105 case *http2PushPromiseFrame: 5106 // A client cannot push. Thus, servers MUST treat the receipt of a PUSH_PROMISE 5107 // frame as a connection error (Section 5.4.1) of type PROTOCOL_ERROR. 5108 return http2ConnectionError(http2ErrCodeProtocol) 5109 default: 5110 sc.vlogf("http2: server ignoring frame: %v", f.Header()) 5111 return nil 5112 } 5113 } 5114 5115 func (sc *http2serverConn) processPing(f *http2PingFrame) error { 5116 sc.serveG.check() 5117 if f.IsAck() { 5118 // 6.7 PING: " An endpoint MUST NOT respond to PING frames 5119 // containing this flag." 5120 return nil 5121 } 5122 if f.StreamID != 0 { 5123 // "PING frames are not associated with any individual 5124 // stream. If a PING frame is received with a stream 5125 // identifier field value other than 0x0, the recipient MUST 5126 // respond with a connection error (Section 5.4.1) of type 5127 // PROTOCOL_ERROR." 5128 return http2ConnectionError(http2ErrCodeProtocol) 5129 } 5130 if sc.inGoAway && sc.goAwayCode != http2ErrCodeNo { 5131 return nil 5132 } 5133 sc.writeFrame(http2FrameWriteRequest{write: http2writePingAck{f}}) 5134 return nil 5135 } 5136 5137 func (sc *http2serverConn) processWindowUpdate(f *http2WindowUpdateFrame) error { 5138 sc.serveG.check() 5139 switch { 5140 case f.StreamID != 0: // stream-level flow control 5141 state, st := sc.state(f.StreamID) 5142 if state == http2stateIdle { 5143 // Section 5.1: "Receiving any frame other than HEADERS 5144 // or PRIORITY on a stream in this state MUST be 5145 // treated as a connection error (Section 5.4.1) of 5146 // type PROTOCOL_ERROR." 5147 return http2ConnectionError(http2ErrCodeProtocol) 5148 } 5149 if st == nil { 5150 // "WINDOW_UPDATE can be sent by a peer that has sent a 5151 // frame bearing the END_STREAM flag. This means that a 5152 // receiver could receive a WINDOW_UPDATE frame on a "half 5153 // closed (remote)" or "closed" stream. A receiver MUST 5154 // NOT treat this as an error, see Section 5.1." 5155 return nil 5156 } 5157 if !st.flow.add(int32(f.Increment)) { 5158 return http2streamError(f.StreamID, http2ErrCodeFlowControl) 5159 } 5160 default: // connection-level flow control 5161 if !sc.flow.add(int32(f.Increment)) { 5162 return http2goAwayFlowError{} 5163 } 5164 } 5165 sc.scheduleFrameWrite() 5166 return nil 5167 } 5168 5169 func (sc *http2serverConn) processResetStream(f *http2RSTStreamFrame) error { 5170 sc.serveG.check() 5171 5172 state, st := sc.state(f.StreamID) 5173 if state == http2stateIdle { 5174 // 6.4 "RST_STREAM frames MUST NOT be sent for a 5175 // stream in the "idle" state. If a RST_STREAM frame 5176 // identifying an idle stream is received, the 5177 // recipient MUST treat this as a connection error 5178 // (Section 5.4.1) of type PROTOCOL_ERROR. 5179 return http2ConnectionError(http2ErrCodeProtocol) 5180 } 5181 if st != nil { 5182 st.cancelCtx() 5183 sc.closeStream(st, http2streamError(f.StreamID, f.ErrCode)) 5184 } 5185 return nil 5186 } 5187 5188 func (sc *http2serverConn) closeStream(st *http2stream, err error) { 5189 sc.serveG.check() 5190 if st.state == http2stateIdle || st.state == http2stateClosed { 5191 panic(fmt.Sprintf("invariant; can't close stream in state %v", st.state)) 5192 } 5193 st.state = http2stateClosed 5194 if st.writeDeadline != nil { 5195 st.writeDeadline.Stop() 5196 } 5197 if st.isPushed() { 5198 sc.curPushedStreams-- 5199 } else { 5200 sc.curClientStreams-- 5201 } 5202 delete(sc.streams, st.id) 5203 if len(sc.streams) == 0 { 5204 sc.setConnState(StateIdle) 5205 if sc.srv.IdleTimeout != 0 { 5206 sc.idleTimer.Reset(sc.srv.IdleTimeout) 5207 } 5208 if http2h1ServerKeepAlivesDisabled(sc.hs) { 5209 sc.startGracefulShutdownInternal() 5210 } 5211 } 5212 if p := st.body; p != nil { 5213 // Return any buffered unread bytes worth of conn-level flow control. 5214 // See golang.org/issue/16481 5215 sc.sendWindowUpdate(nil, p.Len()) 5216 5217 p.CloseWithError(err) 5218 } 5219 st.cw.Close() // signals Handler's CloseNotifier, unblocks writes, etc 5220 sc.writeSched.CloseStream(st.id) 5221 } 5222 5223 func (sc *http2serverConn) processSettings(f *http2SettingsFrame) error { 5224 sc.serveG.check() 5225 if f.IsAck() { 5226 sc.unackedSettings-- 5227 if sc.unackedSettings < 0 { 5228 // Why is the peer ACKing settings we never sent? 5229 // The spec doesn't mention this case, but 5230 // hang up on them anyway. 5231 return http2ConnectionError(http2ErrCodeProtocol) 5232 } 5233 return nil 5234 } 5235 if f.NumSettings() > 100 || f.HasDuplicates() { 5236 // This isn't actually in the spec, but hang up on 5237 // suspiciously large settings frames or those with 5238 // duplicate entries. 5239 return http2ConnectionError(http2ErrCodeProtocol) 5240 } 5241 if err := f.ForeachSetting(sc.processSetting); err != nil { 5242 return err 5243 } 5244 // TODO: judging by RFC 7540, Section 6.5.3 each SETTINGS frame should be 5245 // acknowledged individually, even if multiple are received before the ACK. 5246 sc.needToSendSettingsAck = true 5247 sc.scheduleFrameWrite() 5248 return nil 5249 } 5250 5251 func (sc *http2serverConn) processSetting(s http2Setting) error { 5252 sc.serveG.check() 5253 if err := s.Valid(); err != nil { 5254 return err 5255 } 5256 if http2VerboseLogs { 5257 sc.vlogf("http2: server processing setting %v", s) 5258 } 5259 switch s.ID { 5260 case http2SettingHeaderTableSize: 5261 sc.headerTableSize = s.Val 5262 sc.hpackEncoder.SetMaxDynamicTableSize(s.Val) 5263 case http2SettingEnablePush: 5264 sc.pushEnabled = s.Val != 0 5265 case http2SettingMaxConcurrentStreams: 5266 sc.clientMaxStreams = s.Val 5267 case http2SettingInitialWindowSize: 5268 return sc.processSettingInitialWindowSize(s.Val) 5269 case http2SettingMaxFrameSize: 5270 sc.maxFrameSize = int32(s.Val) // the maximum valid s.Val is < 2^31 5271 case http2SettingMaxHeaderListSize: 5272 sc.peerMaxHeaderListSize = s.Val 5273 default: 5274 // Unknown setting: "An endpoint that receives a SETTINGS 5275 // frame with any unknown or unsupported identifier MUST 5276 // ignore that setting." 5277 if http2VerboseLogs { 5278 sc.vlogf("http2: server ignoring unknown setting %v", s) 5279 } 5280 } 5281 return nil 5282 } 5283 5284 func (sc *http2serverConn) processSettingInitialWindowSize(val uint32) error { 5285 sc.serveG.check() 5286 // Note: val already validated to be within range by 5287 // processSetting's Valid call. 5288 5289 // "A SETTINGS frame can alter the initial flow control window 5290 // size for all current streams. When the value of 5291 // SETTINGS_INITIAL_WINDOW_SIZE changes, a receiver MUST 5292 // adjust the size of all stream flow control windows that it 5293 // maintains by the difference between the new value and the 5294 // old value." 5295 old := sc.initialStreamSendWindowSize 5296 sc.initialStreamSendWindowSize = int32(val) 5297 growth := int32(val) - old // may be negative 5298 for _, st := range sc.streams { 5299 if !st.flow.add(growth) { 5300 // 6.9.2 Initial Flow Control Window Size 5301 // "An endpoint MUST treat a change to 5302 // SETTINGS_INITIAL_WINDOW_SIZE that causes any flow 5303 // control window to exceed the maximum size as a 5304 // connection error (Section 5.4.1) of type 5305 // FLOW_CONTROL_ERROR." 5306 return http2ConnectionError(http2ErrCodeFlowControl) 5307 } 5308 } 5309 return nil 5310 } 5311 5312 func (sc *http2serverConn) processData(f *http2DataFrame) error { 5313 sc.serveG.check() 5314 id := f.Header().StreamID 5315 if sc.inGoAway && (sc.goAwayCode != http2ErrCodeNo || id > sc.maxClientStreamID) { 5316 // Discard all DATA frames if the GOAWAY is due to an 5317 // error, or: 5318 // 5319 // Section 6.8: After sending a GOAWAY frame, the sender 5320 // can discard frames for streams initiated by the 5321 // receiver with identifiers higher than the identified 5322 // last stream. 5323 return nil 5324 } 5325 5326 data := f.Data() 5327 state, st := sc.state(id) 5328 if id == 0 || state == http2stateIdle { 5329 // Section 6.1: "DATA frames MUST be associated with a 5330 // stream. If a DATA frame is received whose stream 5331 // identifier field is 0x0, the recipient MUST respond 5332 // with a connection error (Section 5.4.1) of type 5333 // PROTOCOL_ERROR." 5334 // 5335 // Section 5.1: "Receiving any frame other than HEADERS 5336 // or PRIORITY on a stream in this state MUST be 5337 // treated as a connection error (Section 5.4.1) of 5338 // type PROTOCOL_ERROR." 5339 return http2ConnectionError(http2ErrCodeProtocol) 5340 } 5341 5342 // "If a DATA frame is received whose stream is not in "open" 5343 // or "half closed (local)" state, the recipient MUST respond 5344 // with a stream error (Section 5.4.2) of type STREAM_CLOSED." 5345 if st == nil || state != http2stateOpen || st.gotTrailerHeader || st.resetQueued { 5346 // This includes sending a RST_STREAM if the stream is 5347 // in stateHalfClosedLocal (which currently means that 5348 // the http.Handler returned, so it's done reading & 5349 // done writing). Try to stop the client from sending 5350 // more DATA. 5351 5352 // But still enforce their connection-level flow control, 5353 // and return any flow control bytes since we're not going 5354 // to consume them. 5355 if sc.inflow.available() < int32(f.Length) { 5356 return http2streamError(id, http2ErrCodeFlowControl) 5357 } 5358 // Deduct the flow control from inflow, since we're 5359 // going to immediately add it back in 5360 // sendWindowUpdate, which also schedules sending the 5361 // frames. 5362 sc.inflow.take(int32(f.Length)) 5363 sc.sendWindowUpdate(nil, int(f.Length)) // conn-level 5364 5365 if st != nil && st.resetQueued { 5366 // Already have a stream error in flight. Don't send another. 5367 return nil 5368 } 5369 return http2streamError(id, http2ErrCodeStreamClosed) 5370 } 5371 if st.body == nil { 5372 panic("internal error: should have a body in this state") 5373 } 5374 5375 // Sender sending more than they'd declared? 5376 if st.declBodyBytes != -1 && st.bodyBytes+int64(len(data)) > st.declBodyBytes { 5377 st.body.CloseWithError(fmt.Errorf("sender tried to send more than declared Content-Length of %d bytes", st.declBodyBytes)) 5378 // RFC 7540, sec 8.1.2.6: A request or response is also malformed if the 5379 // value of a content-length header field does not equal the sum of the 5380 // DATA frame payload lengths that form the body. 5381 return http2streamError(id, http2ErrCodeProtocol) 5382 } 5383 if f.Length > 0 { 5384 // Check whether the client has flow control quota. 5385 if st.inflow.available() < int32(f.Length) { 5386 return http2streamError(id, http2ErrCodeFlowControl) 5387 } 5388 st.inflow.take(int32(f.Length)) 5389 5390 if len(data) > 0 { 5391 wrote, err := st.body.Write(data) 5392 if err != nil { 5393 sc.sendWindowUpdate(nil, int(f.Length)-wrote) 5394 return http2streamError(id, http2ErrCodeStreamClosed) 5395 } 5396 if wrote != len(data) { 5397 panic("internal error: bad Writer") 5398 } 5399 st.bodyBytes += int64(len(data)) 5400 } 5401 5402 // Return any padded flow control now, since we won't 5403 // refund it later on body reads. 5404 if pad := int32(f.Length) - int32(len(data)); pad > 0 { 5405 sc.sendWindowUpdate32(nil, pad) 5406 sc.sendWindowUpdate32(st, pad) 5407 } 5408 } 5409 if f.StreamEnded() { 5410 st.endStream() 5411 } 5412 return nil 5413 } 5414 5415 func (sc *http2serverConn) processGoAway(f *http2GoAwayFrame) error { 5416 sc.serveG.check() 5417 if f.ErrCode != http2ErrCodeNo { 5418 sc.logf("http2: received GOAWAY %+v, starting graceful shutdown", f) 5419 } else { 5420 sc.vlogf("http2: received GOAWAY %+v, starting graceful shutdown", f) 5421 } 5422 sc.startGracefulShutdownInternal() 5423 // http://tools.ietf.org/html/rfc7540#section-6.8 5424 // We should not create any new streams, which means we should disable push. 5425 sc.pushEnabled = false 5426 return nil 5427 } 5428 5429 // isPushed reports whether the stream is server-initiated. 5430 func (st *http2stream) isPushed() bool { 5431 return st.id%2 == 0 5432 } 5433 5434 // endStream closes a Request.Body's pipe. It is called when a DATA 5435 // frame says a request body is over (or after trailers). 5436 func (st *http2stream) endStream() { 5437 sc := st.sc 5438 sc.serveG.check() 5439 5440 if st.declBodyBytes != -1 && st.declBodyBytes != st.bodyBytes { 5441 st.body.CloseWithError(fmt.Errorf("request declared a Content-Length of %d but only wrote %d bytes", 5442 st.declBodyBytes, st.bodyBytes)) 5443 } else { 5444 st.body.closeWithErrorAndCode(io.EOF, st.copyTrailersToHandlerRequest) 5445 st.body.CloseWithError(io.EOF) 5446 } 5447 st.state = http2stateHalfClosedRemote 5448 } 5449 5450 // copyTrailersToHandlerRequest is run in the Handler's goroutine in 5451 // its Request.Body.Read just before it gets io.EOF. 5452 func (st *http2stream) copyTrailersToHandlerRequest() { 5453 for k, vv := range st.trailer { 5454 if _, ok := st.reqTrailer[k]; ok { 5455 // Only copy it over it was pre-declared. 5456 st.reqTrailer[k] = vv 5457 } 5458 } 5459 } 5460 5461 // onWriteTimeout is run on its own goroutine (from time.AfterFunc) 5462 // when the stream's WriteTimeout has fired. 5463 func (st *http2stream) onWriteTimeout() { 5464 st.sc.writeFrameFromHandler(http2FrameWriteRequest{write: http2streamError(st.id, http2ErrCodeInternal)}) 5465 } 5466 5467 func (sc *http2serverConn) processHeaders(f *http2MetaHeadersFrame) error { 5468 sc.serveG.check() 5469 id := f.StreamID 5470 if sc.inGoAway { 5471 // Ignore. 5472 return nil 5473 } 5474 // http://tools.ietf.org/html/rfc7540#section-5.1.1 5475 // Streams initiated by a client MUST use odd-numbered stream 5476 // identifiers. [...] An endpoint that receives an unexpected 5477 // stream identifier MUST respond with a connection error 5478 // (Section 5.4.1) of type PROTOCOL_ERROR. 5479 if id%2 != 1 { 5480 return http2ConnectionError(http2ErrCodeProtocol) 5481 } 5482 // A HEADERS frame can be used to create a new stream or 5483 // send a trailer for an open one. If we already have a stream 5484 // open, let it process its own HEADERS frame (trailers at this 5485 // point, if it's valid). 5486 if st := sc.streams[f.StreamID]; st != nil { 5487 if st.resetQueued { 5488 // We're sending RST_STREAM to close the stream, so don't bother 5489 // processing this frame. 5490 return nil 5491 } 5492 // RFC 7540, sec 5.1: If an endpoint receives additional frames, other than 5493 // WINDOW_UPDATE, PRIORITY, or RST_STREAM, for a stream that is in 5494 // this state, it MUST respond with a stream error (Section 5.4.2) of 5495 // type STREAM_CLOSED. 5496 if st.state == http2stateHalfClosedRemote { 5497 return http2streamError(id, http2ErrCodeStreamClosed) 5498 } 5499 return st.processTrailerHeaders(f) 5500 } 5501 5502 // [...] The identifier of a newly established stream MUST be 5503 // numerically greater than all streams that the initiating 5504 // endpoint has opened or reserved. [...] An endpoint that 5505 // receives an unexpected stream identifier MUST respond with 5506 // a connection error (Section 5.4.1) of type PROTOCOL_ERROR. 5507 if id <= sc.maxClientStreamID { 5508 return http2ConnectionError(http2ErrCodeProtocol) 5509 } 5510 sc.maxClientStreamID = id 5511 5512 if sc.idleTimer != nil { 5513 sc.idleTimer.Stop() 5514 } 5515 5516 // http://tools.ietf.org/html/rfc7540#section-5.1.2 5517 // [...] Endpoints MUST NOT exceed the limit set by their peer. An 5518 // endpoint that receives a HEADERS frame that causes their 5519 // advertised concurrent stream limit to be exceeded MUST treat 5520 // this as a stream error (Section 5.4.2) of type PROTOCOL_ERROR 5521 // or REFUSED_STREAM. 5522 if sc.curClientStreams+1 > sc.advMaxStreams { 5523 if sc.unackedSettings == 0 { 5524 // They should know better. 5525 return http2streamError(id, http2ErrCodeProtocol) 5526 } 5527 // Assume it's a network race, where they just haven't 5528 // received our last SETTINGS update. But actually 5529 // this can't happen yet, because we don't yet provide 5530 // a way for users to adjust server parameters at 5531 // runtime. 5532 return http2streamError(id, http2ErrCodeRefusedStream) 5533 } 5534 5535 initialState := http2stateOpen 5536 if f.StreamEnded() { 5537 initialState = http2stateHalfClosedRemote 5538 } 5539 st := sc.newStream(id, 0, initialState) 5540 5541 if f.HasPriority() { 5542 if err := http2checkPriority(f.StreamID, f.Priority); err != nil { 5543 return err 5544 } 5545 sc.writeSched.AdjustStream(st.id, f.Priority) 5546 } 5547 5548 rw, req, err := sc.newWriterAndRequest(st, f) 5549 if err != nil { 5550 return err 5551 } 5552 st.reqTrailer = req.Trailer 5553 if st.reqTrailer != nil { 5554 st.trailer = make(Header) 5555 } 5556 st.body = req.Body.(*http2requestBody).pipe // may be nil 5557 st.declBodyBytes = req.ContentLength 5558 5559 handler := sc.handler.ServeHTTP 5560 if f.Truncated { 5561 // Their header list was too long. Send a 431 error. 5562 handler = http2handleHeaderListTooLong 5563 } else if err := http2checkValidHTTP2RequestHeaders(req.Header); err != nil { 5564 handler = http2new400Handler(err) 5565 } 5566 5567 // The net/http package sets the read deadline from the 5568 // http.Server.ReadTimeout during the TLS handshake, but then 5569 // passes the connection off to us with the deadline already 5570 // set. Disarm it here after the request headers are read, 5571 // similar to how the http1 server works. Here it's 5572 // technically more like the http1 Server's ReadHeaderTimeout 5573 // (in Go 1.8), though. That's a more sane option anyway. 5574 if sc.hs.ReadTimeout != 0 { 5575 sc.conn.SetReadDeadline(time.Time{}) 5576 } 5577 5578 go sc.runHandler(rw, req, handler) 5579 return nil 5580 } 5581 5582 func (st *http2stream) processTrailerHeaders(f *http2MetaHeadersFrame) error { 5583 sc := st.sc 5584 sc.serveG.check() 5585 if st.gotTrailerHeader { 5586 return http2ConnectionError(http2ErrCodeProtocol) 5587 } 5588 st.gotTrailerHeader = true 5589 if !f.StreamEnded() { 5590 return http2streamError(st.id, http2ErrCodeProtocol) 5591 } 5592 5593 if len(f.PseudoFields()) > 0 { 5594 return http2streamError(st.id, http2ErrCodeProtocol) 5595 } 5596 if st.trailer != nil { 5597 for _, hf := range f.RegularFields() { 5598 key := sc.canonicalHeader(hf.Name) 5599 if !httpguts.ValidTrailerHeader(key) { 5600 // TODO: send more details to the peer somehow. But http2 has 5601 // no way to send debug data at a stream level. Discuss with 5602 // HTTP folk. 5603 return http2streamError(st.id, http2ErrCodeProtocol) 5604 } 5605 st.trailer[key] = append(st.trailer[key], hf.Value) 5606 } 5607 } 5608 st.endStream() 5609 return nil 5610 } 5611 5612 func http2checkPriority(streamID uint32, p http2PriorityParam) error { 5613 if streamID == p.StreamDep { 5614 // Section 5.3.1: "A stream cannot depend on itself. An endpoint MUST treat 5615 // this as a stream error (Section 5.4.2) of type PROTOCOL_ERROR." 5616 // Section 5.3.3 says that a stream can depend on one of its dependencies, 5617 // so it's only self-dependencies that are forbidden. 5618 return http2streamError(streamID, http2ErrCodeProtocol) 5619 } 5620 return nil 5621 } 5622 5623 func (sc *http2serverConn) processPriority(f *http2PriorityFrame) error { 5624 if sc.inGoAway { 5625 return nil 5626 } 5627 if err := http2checkPriority(f.StreamID, f.http2PriorityParam); err != nil { 5628 return err 5629 } 5630 sc.writeSched.AdjustStream(f.StreamID, f.http2PriorityParam) 5631 return nil 5632 } 5633 5634 func (sc *http2serverConn) newStream(id, pusherID uint32, state http2streamState) *http2stream { 5635 sc.serveG.check() 5636 if id == 0 { 5637 panic("internal error: cannot create stream with id 0") 5638 } 5639 5640 ctx, cancelCtx := context.WithCancel(sc.baseCtx) 5641 st := &http2stream{ 5642 sc: sc, 5643 id: id, 5644 state: state, 5645 ctx: ctx, 5646 cancelCtx: cancelCtx, 5647 } 5648 st.cw.Init() 5649 st.flow.conn = &sc.flow // link to conn-level counter 5650 st.flow.add(sc.initialStreamSendWindowSize) 5651 st.inflow.conn = &sc.inflow // link to conn-level counter 5652 st.inflow.add(sc.srv.initialStreamRecvWindowSize()) 5653 if sc.hs.WriteTimeout != 0 { 5654 st.writeDeadline = time.AfterFunc(sc.hs.WriteTimeout, st.onWriteTimeout) 5655 } 5656 5657 sc.streams[id] = st 5658 sc.writeSched.OpenStream(st.id, http2OpenStreamOptions{PusherID: pusherID}) 5659 if st.isPushed() { 5660 sc.curPushedStreams++ 5661 } else { 5662 sc.curClientStreams++ 5663 } 5664 if sc.curOpenStreams() == 1 { 5665 sc.setConnState(StateActive) 5666 } 5667 5668 return st 5669 } 5670 5671 func (sc *http2serverConn) newWriterAndRequest(st *http2stream, f *http2MetaHeadersFrame) (*http2responseWriter, *Request, error) { 5672 sc.serveG.check() 5673 5674 rp := http2requestParam{ 5675 method: f.PseudoValue("method"), 5676 scheme: f.PseudoValue("scheme"), 5677 authority: f.PseudoValue("authority"), 5678 path: f.PseudoValue("path"), 5679 } 5680 5681 isConnect := rp.method == "CONNECT" 5682 if isConnect { 5683 if rp.path != "" || rp.scheme != "" || rp.authority == "" { 5684 return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol) 5685 } 5686 } else if rp.method == "" || rp.path == "" || (rp.scheme != "https" && rp.scheme != "http") { 5687 // See 8.1.2.6 Malformed Requests and Responses: 5688 // 5689 // Malformed requests or responses that are detected 5690 // MUST be treated as a stream error (Section 5.4.2) 5691 // of type PROTOCOL_ERROR." 5692 // 5693 // 8.1.2.3 Request Pseudo-Header Fields 5694 // "All HTTP/2 requests MUST include exactly one valid 5695 // value for the :method, :scheme, and :path 5696 // pseudo-header fields" 5697 return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol) 5698 } 5699 5700 bodyOpen := !f.StreamEnded() 5701 if rp.method == "HEAD" && bodyOpen { 5702 // HEAD requests can't have bodies 5703 return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol) 5704 } 5705 5706 rp.header = make(Header) 5707 for _, hf := range f.RegularFields() { 5708 rp.header.Add(sc.canonicalHeader(hf.Name), hf.Value) 5709 } 5710 if rp.authority == "" { 5711 rp.authority = rp.header.Get("Host") 5712 } 5713 5714 rw, req, err := sc.newWriterAndRequestNoBody(st, rp) 5715 if err != nil { 5716 return nil, nil, err 5717 } 5718 if bodyOpen { 5719 if vv, ok := rp.header["Content-Length"]; ok { 5720 if cl, err := strconv.ParseUint(vv[0], 10, 63); err == nil { 5721 req.ContentLength = int64(cl) 5722 } else { 5723 req.ContentLength = 0 5724 } 5725 } else { 5726 req.ContentLength = -1 5727 } 5728 req.Body.(*http2requestBody).pipe = &http2pipe{ 5729 b: &http2dataBuffer{expected: req.ContentLength}, 5730 } 5731 } 5732 return rw, req, nil 5733 } 5734 5735 type http2requestParam struct { 5736 method string 5737 scheme, authority, path string 5738 header Header 5739 } 5740 5741 func (sc *http2serverConn) newWriterAndRequestNoBody(st *http2stream, rp http2requestParam) (*http2responseWriter, *Request, error) { 5742 sc.serveG.check() 5743 5744 var tlsState *tls.ConnectionState // nil if not scheme https 5745 if rp.scheme == "https" { 5746 tlsState = sc.tlsState 5747 } 5748 5749 needsContinue := rp.header.Get("Expect") == "100-continue" 5750 if needsContinue { 5751 rp.header.Del("Expect") 5752 } 5753 // Merge Cookie headers into one "; "-delimited value. 5754 if cookies := rp.header["Cookie"]; len(cookies) > 1 { 5755 rp.header.Set("Cookie", strings.Join(cookies, "; ")) 5756 } 5757 5758 // Setup Trailers 5759 var trailer Header 5760 for _, v := range rp.header["Trailer"] { 5761 for _, key := range strings.Split(v, ",") { 5762 key = CanonicalHeaderKey(textproto.TrimString(key)) 5763 switch key { 5764 case "Transfer-Encoding", "Trailer", "Content-Length": 5765 // Bogus. (copy of http1 rules) 5766 // Ignore. 5767 default: 5768 if trailer == nil { 5769 trailer = make(Header) 5770 } 5771 trailer[key] = nil 5772 } 5773 } 5774 } 5775 delete(rp.header, "Trailer") 5776 5777 var url_ *url.URL 5778 var requestURI string 5779 if rp.method == "CONNECT" { 5780 url_ = &url.URL{Host: rp.authority} 5781 requestURI = rp.authority // mimic HTTP/1 server behavior 5782 } else { 5783 var err error 5784 url_, err = url.ParseRequestURI(rp.path) 5785 if err != nil { 5786 return nil, nil, http2streamError(st.id, http2ErrCodeProtocol) 5787 } 5788 requestURI = rp.path 5789 } 5790 5791 body := &http2requestBody{ 5792 conn: sc, 5793 stream: st, 5794 needsContinue: needsContinue, 5795 } 5796 req := &Request{ 5797 Method: rp.method, 5798 URL: url_, 5799 RemoteAddr: sc.remoteAddrStr, 5800 Header: rp.header, 5801 RequestURI: requestURI, 5802 Proto: "HTTP/2.0", 5803 ProtoMajor: 2, 5804 ProtoMinor: 0, 5805 TLS: tlsState, 5806 Host: rp.authority, 5807 Body: body, 5808 Trailer: trailer, 5809 } 5810 req = req.WithContext(st.ctx) 5811 5812 rws := http2responseWriterStatePool.Get().(*http2responseWriterState) 5813 bwSave := rws.bw 5814 *rws = http2responseWriterState{} // zero all the fields 5815 rws.conn = sc 5816 rws.bw = bwSave 5817 rws.bw.Reset(http2chunkWriter{rws}) 5818 rws.stream = st 5819 rws.req = req 5820 rws.body = body 5821 5822 rw := &http2responseWriter{rws: rws} 5823 return rw, req, nil 5824 } 5825 5826 // Run on its own goroutine. 5827 func (sc *http2serverConn) runHandler(rw *http2responseWriter, req *Request, handler func(ResponseWriter, *Request)) { 5828 didPanic := true 5829 defer func() { 5830 rw.rws.stream.cancelCtx() 5831 if didPanic { 5832 e := recover() 5833 sc.writeFrameFromHandler(http2FrameWriteRequest{ 5834 write: http2handlerPanicRST{rw.rws.stream.id}, 5835 stream: rw.rws.stream, 5836 }) 5837 // Same as net/http: 5838 if e != nil && e != ErrAbortHandler { 5839 const size = 64 << 10 5840 buf := make([]byte, size) 5841 buf = buf[:runtime.Stack(buf, false)] 5842 sc.logf("http2: panic serving %v: %v\n%s", sc.conn.RemoteAddr(), e, buf) 5843 } 5844 return 5845 } 5846 rw.handlerDone() 5847 }() 5848 handler(rw, req) 5849 didPanic = false 5850 } 5851 5852 func http2handleHeaderListTooLong(w ResponseWriter, r *Request) { 5853 // 10.5.1 Limits on Header Block Size: 5854 // .. "A server that receives a larger header block than it is 5855 // willing to handle can send an HTTP 431 (Request Header Fields Too 5856 // Large) status code" 5857 const statusRequestHeaderFieldsTooLarge = 431 // only in Go 1.6+ 5858 w.WriteHeader(statusRequestHeaderFieldsTooLarge) 5859 io.WriteString(w, "<h1>HTTP Error 431</h1><p>Request Header Field(s) Too Large</p>") 5860 } 5861 5862 // called from handler goroutines. 5863 // h may be nil. 5864 func (sc *http2serverConn) writeHeaders(st *http2stream, headerData *http2writeResHeaders) error { 5865 sc.serveG.checkNotOn() // NOT on 5866 var errc chan error 5867 if headerData.h != nil { 5868 // If there's a header map (which we don't own), so we have to block on 5869 // waiting for this frame to be written, so an http.Flush mid-handler 5870 // writes out the correct value of keys, before a handler later potentially 5871 // mutates it. 5872 errc = http2errChanPool.Get().(chan error) 5873 } 5874 if err := sc.writeFrameFromHandler(http2FrameWriteRequest{ 5875 write: headerData, 5876 stream: st, 5877 done: errc, 5878 }); err != nil { 5879 return err 5880 } 5881 if errc != nil { 5882 select { 5883 case err := <-errc: 5884 http2errChanPool.Put(errc) 5885 return err 5886 case <-sc.doneServing: 5887 return http2errClientDisconnected 5888 case <-st.cw: 5889 return http2errStreamClosed 5890 } 5891 } 5892 return nil 5893 } 5894 5895 // called from handler goroutines. 5896 func (sc *http2serverConn) write100ContinueHeaders(st *http2stream) { 5897 sc.writeFrameFromHandler(http2FrameWriteRequest{ 5898 write: http2write100ContinueHeadersFrame{st.id}, 5899 stream: st, 5900 }) 5901 } 5902 5903 // A bodyReadMsg tells the server loop that the http.Handler read n 5904 // bytes of the DATA from the client on the given stream. 5905 type http2bodyReadMsg struct { 5906 st *http2stream 5907 n int 5908 } 5909 5910 // called from handler goroutines. 5911 // Notes that the handler for the given stream ID read n bytes of its body 5912 // and schedules flow control tokens to be sent. 5913 func (sc *http2serverConn) noteBodyReadFromHandler(st *http2stream, n int, err error) { 5914 sc.serveG.checkNotOn() // NOT on 5915 if n > 0 { 5916 select { 5917 case sc.bodyReadCh <- http2bodyReadMsg{st, n}: 5918 case <-sc.doneServing: 5919 } 5920 } 5921 } 5922 5923 func (sc *http2serverConn) noteBodyRead(st *http2stream, n int) { 5924 sc.serveG.check() 5925 sc.sendWindowUpdate(nil, n) // conn-level 5926 if st.state != http2stateHalfClosedRemote && st.state != http2stateClosed { 5927 // Don't send this WINDOW_UPDATE if the stream is closed 5928 // remotely. 5929 sc.sendWindowUpdate(st, n) 5930 } 5931 } 5932 5933 // st may be nil for conn-level 5934 func (sc *http2serverConn) sendWindowUpdate(st *http2stream, n int) { 5935 sc.serveG.check() 5936 // "The legal range for the increment to the flow control 5937 // window is 1 to 2^31-1 (2,147,483,647) octets." 5938 // A Go Read call on 64-bit machines could in theory read 5939 // a larger Read than this. Very unlikely, but we handle it here 5940 // rather than elsewhere for now. 5941 const maxUint31 = 1<<31 - 1 5942 for n >= maxUint31 { 5943 sc.sendWindowUpdate32(st, maxUint31) 5944 n -= maxUint31 5945 } 5946 sc.sendWindowUpdate32(st, int32(n)) 5947 } 5948 5949 // st may be nil for conn-level 5950 func (sc *http2serverConn) sendWindowUpdate32(st *http2stream, n int32) { 5951 sc.serveG.check() 5952 if n == 0 { 5953 return 5954 } 5955 if n < 0 { 5956 panic("negative update") 5957 } 5958 var streamID uint32 5959 if st != nil { 5960 streamID = st.id 5961 } 5962 sc.writeFrame(http2FrameWriteRequest{ 5963 write: http2writeWindowUpdate{streamID: streamID, n: uint32(n)}, 5964 stream: st, 5965 }) 5966 var ok bool 5967 if st == nil { 5968 ok = sc.inflow.add(n) 5969 } else { 5970 ok = st.inflow.add(n) 5971 } 5972 if !ok { 5973 panic("internal error; sent too many window updates without decrements?") 5974 } 5975 } 5976 5977 // requestBody is the Handler's Request.Body type. 5978 // Read and Close may be called concurrently. 5979 type http2requestBody struct { 5980 _ http2incomparable 5981 stream *http2stream 5982 conn *http2serverConn 5983 closed bool // for use by Close only 5984 sawEOF bool // for use by Read only 5985 pipe *http2pipe // non-nil if we have a HTTP entity message body 5986 needsContinue bool // need to send a 100-continue 5987 } 5988 5989 func (b *http2requestBody) Close() error { 5990 if b.pipe != nil && !b.closed { 5991 b.pipe.BreakWithError(http2errClosedBody) 5992 } 5993 b.closed = true 5994 return nil 5995 } 5996 5997 func (b *http2requestBody) Read(p []byte) (n int, err error) { 5998 if b.needsContinue { 5999 b.needsContinue = false 6000 b.conn.write100ContinueHeaders(b.stream) 6001 } 6002 if b.pipe == nil || b.sawEOF { 6003 return 0, io.EOF 6004 } 6005 n, err = b.pipe.Read(p) 6006 if err == io.EOF { 6007 b.sawEOF = true 6008 } 6009 if b.conn == nil && http2inTests { 6010 return 6011 } 6012 b.conn.noteBodyReadFromHandler(b.stream, n, err) 6013 return 6014 } 6015 6016 // responseWriter is the http.ResponseWriter implementation. It's 6017 // intentionally small (1 pointer wide) to minimize garbage. The 6018 // responseWriterState pointer inside is zeroed at the end of a 6019 // request (in handlerDone) and calls on the responseWriter thereafter 6020 // simply crash (caller's mistake), but the much larger responseWriterState 6021 // and buffers are reused between multiple requests. 6022 type http2responseWriter struct { 6023 rws *http2responseWriterState 6024 } 6025 6026 // Optional http.ResponseWriter interfaces implemented. 6027 var ( 6028 _ CloseNotifier = (*http2responseWriter)(nil) 6029 _ Flusher = (*http2responseWriter)(nil) 6030 _ http2stringWriter = (*http2responseWriter)(nil) 6031 ) 6032 6033 type http2responseWriterState struct { 6034 // immutable within a request: 6035 stream *http2stream 6036 req *Request 6037 body *http2requestBody // to close at end of request, if DATA frames didn't 6038 conn *http2serverConn 6039 6040 // TODO: adjust buffer writing sizes based on server config, frame size updates from peer, etc 6041 bw *bufio.Writer // writing to a chunkWriter{this *responseWriterState} 6042 6043 // mutated by http.Handler goroutine: 6044 handlerHeader Header // nil until called 6045 snapHeader Header // snapshot of handlerHeader at WriteHeader time 6046 trailers []string // set in writeChunk 6047 status int // status code passed to WriteHeader 6048 wroteHeader bool // WriteHeader called (explicitly or implicitly). Not necessarily sent to user yet. 6049 sentHeader bool // have we sent the header frame? 6050 handlerDone bool // handler has finished 6051 dirty bool // a Write failed; don't reuse this responseWriterState 6052 6053 sentContentLen int64 // non-zero if handler set a Content-Length header 6054 wroteBytes int64 6055 6056 closeNotifierMu sync.Mutex // guards closeNotifierCh 6057 closeNotifierCh chan bool // nil until first used 6058 } 6059 6060 type http2chunkWriter struct{ rws *http2responseWriterState } 6061 6062 func (cw http2chunkWriter) Write(p []byte) (n int, err error) { return cw.rws.writeChunk(p) } 6063 6064 func (rws *http2responseWriterState) hasTrailers() bool { return len(rws.trailers) > 0 } 6065 6066 func (rws *http2responseWriterState) hasNonemptyTrailers() bool { 6067 for _, trailer := range rws.trailers { 6068 if _, ok := rws.handlerHeader[trailer]; ok { 6069 return true 6070 } 6071 } 6072 return false 6073 } 6074 6075 // declareTrailer is called for each Trailer header when the 6076 // response header is written. It notes that a header will need to be 6077 // written in the trailers at the end of the response. 6078 func (rws *http2responseWriterState) declareTrailer(k string) { 6079 k = CanonicalHeaderKey(k) 6080 if !httpguts.ValidTrailerHeader(k) { 6081 // Forbidden by RFC 7230, section 4.1.2. 6082 rws.conn.logf("ignoring invalid trailer %q", k) 6083 return 6084 } 6085 if !http2strSliceContains(rws.trailers, k) { 6086 rws.trailers = append(rws.trailers, k) 6087 } 6088 } 6089 6090 // writeChunk writes chunks from the bufio.Writer. But because 6091 // bufio.Writer may bypass its chunking, sometimes p may be 6092 // arbitrarily large. 6093 // 6094 // writeChunk is also responsible (on the first chunk) for sending the 6095 // HEADER response. 6096 func (rws *http2responseWriterState) writeChunk(p []byte) (n int, err error) { 6097 if !rws.wroteHeader { 6098 rws.writeHeader(200) 6099 } 6100 6101 isHeadResp := rws.req.Method == "HEAD" 6102 if !rws.sentHeader { 6103 rws.sentHeader = true 6104 var ctype, clen string 6105 if clen = rws.snapHeader.Get("Content-Length"); clen != "" { 6106 rws.snapHeader.Del("Content-Length") 6107 if cl, err := strconv.ParseUint(clen, 10, 63); err == nil { 6108 rws.sentContentLen = int64(cl) 6109 } else { 6110 clen = "" 6111 } 6112 } 6113 if clen == "" && rws.handlerDone && http2bodyAllowedForStatus(rws.status) && (len(p) > 0 || !isHeadResp) { 6114 clen = strconv.Itoa(len(p)) 6115 } 6116 _, hasContentType := rws.snapHeader["Content-Type"] 6117 // If the Content-Encoding is non-blank, we shouldn't 6118 // sniff the body. See Issue golang.org/issue/31753. 6119 ce := rws.snapHeader.Get("Content-Encoding") 6120 hasCE := len(ce) > 0 6121 if !hasCE && !hasContentType && http2bodyAllowedForStatus(rws.status) && len(p) > 0 { 6122 ctype = DetectContentType(p) 6123 } 6124 var date string 6125 if _, ok := rws.snapHeader["Date"]; !ok { 6126 // TODO(bradfitz): be faster here, like net/http? measure. 6127 date = time.Now().UTC().Format(TimeFormat) 6128 } 6129 6130 for _, v := range rws.snapHeader["Trailer"] { 6131 http2foreachHeaderElement(v, rws.declareTrailer) 6132 } 6133 6134 // "Connection" headers aren't allowed in HTTP/2 (RFC 7540, 8.1.2.2), 6135 // but respect "Connection" == "close" to mean sending a GOAWAY and tearing 6136 // down the TCP connection when idle, like we do for HTTP/1. 6137 // TODO: remove more Connection-specific header fields here, in addition 6138 // to "Connection". 6139 if _, ok := rws.snapHeader["Connection"]; ok { 6140 v := rws.snapHeader.Get("Connection") 6141 delete(rws.snapHeader, "Connection") 6142 if v == "close" { 6143 rws.conn.startGracefulShutdown() 6144 } 6145 } 6146 6147 endStream := (rws.handlerDone && !rws.hasTrailers() && len(p) == 0) || isHeadResp 6148 err = rws.conn.writeHeaders(rws.stream, &http2writeResHeaders{ 6149 streamID: rws.stream.id, 6150 httpResCode: rws.status, 6151 h: rws.snapHeader, 6152 endStream: endStream, 6153 contentType: ctype, 6154 contentLength: clen, 6155 date: date, 6156 }) 6157 if err != nil { 6158 rws.dirty = true 6159 return 0, err 6160 } 6161 if endStream { 6162 return 0, nil 6163 } 6164 } 6165 if isHeadResp { 6166 return len(p), nil 6167 } 6168 if len(p) == 0 && !rws.handlerDone { 6169 return 0, nil 6170 } 6171 6172 if rws.handlerDone { 6173 rws.promoteUndeclaredTrailers() 6174 } 6175 6176 // only send trailers if they have actually been defined by the 6177 // server handler. 6178 hasNonemptyTrailers := rws.hasNonemptyTrailers() 6179 endStream := rws.handlerDone && !hasNonemptyTrailers 6180 if len(p) > 0 || endStream { 6181 // only send a 0 byte DATA frame if we're ending the stream. 6182 if err := rws.conn.writeDataFromHandler(rws.stream, p, endStream); err != nil { 6183 rws.dirty = true 6184 return 0, err 6185 } 6186 } 6187 6188 if rws.handlerDone && hasNonemptyTrailers { 6189 err = rws.conn.writeHeaders(rws.stream, &http2writeResHeaders{ 6190 streamID: rws.stream.id, 6191 h: rws.handlerHeader, 6192 trailers: rws.trailers, 6193 endStream: true, 6194 }) 6195 if err != nil { 6196 rws.dirty = true 6197 } 6198 return len(p), err 6199 } 6200 return len(p), nil 6201 } 6202 6203 // TrailerPrefix is a magic prefix for ResponseWriter.Header map keys 6204 // that, if present, signals that the map entry is actually for 6205 // the response trailers, and not the response headers. The prefix 6206 // is stripped after the ServeHTTP call finishes and the values are 6207 // sent in the trailers. 6208 // 6209 // This mechanism is intended only for trailers that are not known 6210 // prior to the headers being written. If the set of trailers is fixed 6211 // or known before the header is written, the normal Go trailers mechanism 6212 // is preferred: 6213 // https://golang.org/pkg/net/http/#ResponseWriter 6214 // https://golang.org/pkg/net/http/#example_ResponseWriter_trailers 6215 const http2TrailerPrefix = "Trailer:" 6216 6217 // promoteUndeclaredTrailers permits http.Handlers to set trailers 6218 // after the header has already been flushed. Because the Go 6219 // ResponseWriter interface has no way to set Trailers (only the 6220 // Header), and because we didn't want to expand the ResponseWriter 6221 // interface, and because nobody used trailers, and because RFC 7230 6222 // says you SHOULD (but not must) predeclare any trailers in the 6223 // header, the official ResponseWriter rules said trailers in Go must 6224 // be predeclared, and then we reuse the same ResponseWriter.Header() 6225 // map to mean both Headers and Trailers. When it's time to write the 6226 // Trailers, we pick out the fields of Headers that were declared as 6227 // trailers. That worked for a while, until we found the first major 6228 // user of Trailers in the wild: gRPC (using them only over http2), 6229 // and gRPC libraries permit setting trailers mid-stream without 6230 // predeclaring them. So: change of plans. We still permit the old 6231 // way, but we also permit this hack: if a Header() key begins with 6232 // "Trailer:", the suffix of that key is a Trailer. Because ':' is an 6233 // invalid token byte anyway, there is no ambiguity. (And it's already 6234 // filtered out) It's mildly hacky, but not terrible. 6235 // 6236 // This method runs after the Handler is done and promotes any Header 6237 // fields to be trailers. 6238 func (rws *http2responseWriterState) promoteUndeclaredTrailers() { 6239 for k, vv := range rws.handlerHeader { 6240 if !strings.HasPrefix(k, http2TrailerPrefix) { 6241 continue 6242 } 6243 trailerKey := strings.TrimPrefix(k, http2TrailerPrefix) 6244 rws.declareTrailer(trailerKey) 6245 rws.handlerHeader[CanonicalHeaderKey(trailerKey)] = vv 6246 } 6247 6248 if len(rws.trailers) > 1 { 6249 sorter := http2sorterPool.Get().(*http2sorter) 6250 sorter.SortStrings(rws.trailers) 6251 http2sorterPool.Put(sorter) 6252 } 6253 } 6254 6255 func (w *http2responseWriter) Flush() { 6256 rws := w.rws 6257 if rws == nil { 6258 panic("Header called after Handler finished") 6259 } 6260 if rws.bw.Buffered() > 0 { 6261 if err := rws.bw.Flush(); err != nil { 6262 // Ignore the error. The frame writer already knows. 6263 return 6264 } 6265 } else { 6266 // The bufio.Writer won't call chunkWriter.Write 6267 // (writeChunk with zero bytes, so we have to do it 6268 // ourselves to force the HTTP response header and/or 6269 // final DATA frame (with END_STREAM) to be sent. 6270 rws.writeChunk(nil) 6271 } 6272 } 6273 6274 func (w *http2responseWriter) CloseNotify() <-chan bool { 6275 rws := w.rws 6276 if rws == nil { 6277 panic("CloseNotify called after Handler finished") 6278 } 6279 rws.closeNotifierMu.Lock() 6280 ch := rws.closeNotifierCh 6281 if ch == nil { 6282 ch = make(chan bool, 1) 6283 rws.closeNotifierCh = ch 6284 cw := rws.stream.cw 6285 go func() { 6286 cw.Wait() // wait for close 6287 ch <- true 6288 }() 6289 } 6290 rws.closeNotifierMu.Unlock() 6291 return ch 6292 } 6293 6294 func (w *http2responseWriter) Header() Header { 6295 rws := w.rws 6296 if rws == nil { 6297 panic("Header called after Handler finished") 6298 } 6299 if rws.handlerHeader == nil { 6300 rws.handlerHeader = make(Header) 6301 } 6302 return rws.handlerHeader 6303 } 6304 6305 // checkWriteHeaderCode is a copy of net/http's checkWriteHeaderCode. 6306 func http2checkWriteHeaderCode(code int) { 6307 // Issue 22880: require valid WriteHeader status codes. 6308 // For now we only enforce that it's three digits. 6309 // In the future we might block things over 599 (600 and above aren't defined 6310 // at http://httpwg.org/specs/rfc7231.html#status.codes) 6311 // and we might block under 200 (once we have more mature 1xx support). 6312 // But for now any three digits. 6313 // 6314 // We used to send "HTTP/1.1 000 0" on the wire in responses but there's 6315 // no equivalent bogus thing we can realistically send in HTTP/2, 6316 // so we'll consistently panic instead and help people find their bugs 6317 // early. (We can't return an error from WriteHeader even if we wanted to.) 6318 if code < 100 || code > 999 { 6319 panic(fmt.Sprintf("invalid WriteHeader code %v", code)) 6320 } 6321 } 6322 6323 func (w *http2responseWriter) WriteHeader(code int) { 6324 rws := w.rws 6325 if rws == nil { 6326 panic("WriteHeader called after Handler finished") 6327 } 6328 rws.writeHeader(code) 6329 } 6330 6331 func (rws *http2responseWriterState) writeHeader(code int) { 6332 if !rws.wroteHeader { 6333 http2checkWriteHeaderCode(code) 6334 rws.wroteHeader = true 6335 rws.status = code 6336 if len(rws.handlerHeader) > 0 { 6337 rws.snapHeader = http2cloneHeader(rws.handlerHeader) 6338 } 6339 } 6340 } 6341 6342 func http2cloneHeader(h Header) Header { 6343 h2 := make(Header, len(h)) 6344 for k, vv := range h { 6345 vv2 := make([]string, len(vv)) 6346 copy(vv2, vv) 6347 h2[k] = vv2 6348 } 6349 return h2 6350 } 6351 6352 // The Life Of A Write is like this: 6353 // 6354 // * Handler calls w.Write or w.WriteString -> 6355 // * -> rws.bw (*bufio.Writer) -> 6356 // * (Handler might call Flush) 6357 // * -> chunkWriter{rws} 6358 // * -> responseWriterState.writeChunk(p []byte) 6359 // * -> responseWriterState.writeChunk (most of the magic; see comment there) 6360 func (w *http2responseWriter) Write(p []byte) (n int, err error) { 6361 return w.write(len(p), p, "") 6362 } 6363 6364 func (w *http2responseWriter) WriteString(s string) (n int, err error) { 6365 return w.write(len(s), nil, s) 6366 } 6367 6368 // either dataB or dataS is non-zero. 6369 func (w *http2responseWriter) write(lenData int, dataB []byte, dataS string) (n int, err error) { 6370 rws := w.rws 6371 if rws == nil { 6372 panic("Write called after Handler finished") 6373 } 6374 if !rws.wroteHeader { 6375 w.WriteHeader(200) 6376 } 6377 if !http2bodyAllowedForStatus(rws.status) { 6378 return 0, ErrBodyNotAllowed 6379 } 6380 rws.wroteBytes += int64(len(dataB)) + int64(len(dataS)) // only one can be set 6381 if rws.sentContentLen != 0 && rws.wroteBytes > rws.sentContentLen { 6382 // TODO: send a RST_STREAM 6383 return 0, errors.New("http2: handler wrote more than declared Content-Length") 6384 } 6385 6386 if dataB != nil { 6387 return rws.bw.Write(dataB) 6388 } else { 6389 return rws.bw.WriteString(dataS) 6390 } 6391 } 6392 6393 func (w *http2responseWriter) handlerDone() { 6394 rws := w.rws 6395 dirty := rws.dirty 6396 rws.handlerDone = true 6397 w.Flush() 6398 w.rws = nil 6399 if !dirty { 6400 // Only recycle the pool if all prior Write calls to 6401 // the serverConn goroutine completed successfully. If 6402 // they returned earlier due to resets from the peer 6403 // there might still be write goroutines outstanding 6404 // from the serverConn referencing the rws memory. See 6405 // issue 20704. 6406 http2responseWriterStatePool.Put(rws) 6407 } 6408 } 6409 6410 // Push errors. 6411 var ( 6412 http2ErrRecursivePush = errors.New("http2: recursive push not allowed") 6413 http2ErrPushLimitReached = errors.New("http2: push would exceed peer's SETTINGS_MAX_CONCURRENT_STREAMS") 6414 ) 6415 6416 var _ Pusher = (*http2responseWriter)(nil) 6417 6418 func (w *http2responseWriter) Push(target string, opts *PushOptions) error { 6419 st := w.rws.stream 6420 sc := st.sc 6421 sc.serveG.checkNotOn() 6422 6423 // No recursive pushes: "PUSH_PROMISE frames MUST only be sent on a peer-initiated stream." 6424 // http://tools.ietf.org/html/rfc7540#section-6.6 6425 if st.isPushed() { 6426 return http2ErrRecursivePush 6427 } 6428 6429 if opts == nil { 6430 opts = new(PushOptions) 6431 } 6432 6433 // Default options. 6434 if opts.Method == "" { 6435 opts.Method = "GET" 6436 } 6437 if opts.Header == nil { 6438 opts.Header = Header{} 6439 } 6440 wantScheme := "http" 6441 if w.rws.req.TLS != nil { 6442 wantScheme = "https" 6443 } 6444 6445 // Validate the request. 6446 u, err := url.Parse(target) 6447 if err != nil { 6448 return err 6449 } 6450 if u.Scheme == "" { 6451 if !strings.HasPrefix(target, "/") { 6452 return fmt.Errorf("target must be an absolute URL or an absolute path: %q", target) 6453 } 6454 u.Scheme = wantScheme 6455 u.Host = w.rws.req.Host 6456 } else { 6457 if u.Scheme != wantScheme { 6458 return fmt.Errorf("cannot push URL with scheme %q from request with scheme %q", u.Scheme, wantScheme) 6459 } 6460 if u.Host == "" { 6461 return errors.New("URL must have a host") 6462 } 6463 } 6464 for k := range opts.Header { 6465 if strings.HasPrefix(k, ":") { 6466 return fmt.Errorf("promised request headers cannot include pseudo header %q", k) 6467 } 6468 // These headers are meaningful only if the request has a body, 6469 // but PUSH_PROMISE requests cannot have a body. 6470 // http://tools.ietf.org/html/rfc7540#section-8.2 6471 // Also disallow Host, since the promised URL must be absolute. 6472 if http2asciiEqualFold(k, "content-length") || 6473 http2asciiEqualFold(k, "content-encoding") || 6474 http2asciiEqualFold(k, "trailer") || 6475 http2asciiEqualFold(k, "te") || 6476 http2asciiEqualFold(k, "expect") || 6477 http2asciiEqualFold(k, "host") { 6478 return fmt.Errorf("promised request headers cannot include %q", k) 6479 } 6480 } 6481 if err := http2checkValidHTTP2RequestHeaders(opts.Header); err != nil { 6482 return err 6483 } 6484 6485 // The RFC effectively limits promised requests to GET and HEAD: 6486 // "Promised requests MUST be cacheable [GET, HEAD, or POST], and MUST be safe [GET or HEAD]" 6487 // http://tools.ietf.org/html/rfc7540#section-8.2 6488 if opts.Method != "GET" && opts.Method != "HEAD" { 6489 return fmt.Errorf("method %q must be GET or HEAD", opts.Method) 6490 } 6491 6492 msg := &http2startPushRequest{ 6493 parent: st, 6494 method: opts.Method, 6495 url: u, 6496 header: http2cloneHeader(opts.Header), 6497 done: http2errChanPool.Get().(chan error), 6498 } 6499 6500 select { 6501 case <-sc.doneServing: 6502 return http2errClientDisconnected 6503 case <-st.cw: 6504 return http2errStreamClosed 6505 case sc.serveMsgCh <- msg: 6506 } 6507 6508 select { 6509 case <-sc.doneServing: 6510 return http2errClientDisconnected 6511 case <-st.cw: 6512 return http2errStreamClosed 6513 case err := <-msg.done: 6514 http2errChanPool.Put(msg.done) 6515 return err 6516 } 6517 } 6518 6519 type http2startPushRequest struct { 6520 parent *http2stream 6521 method string 6522 url *url.URL 6523 header Header 6524 done chan error 6525 } 6526 6527 func (sc *http2serverConn) startPush(msg *http2startPushRequest) { 6528 sc.serveG.check() 6529 6530 // http://tools.ietf.org/html/rfc7540#section-6.6. 6531 // PUSH_PROMISE frames MUST only be sent on a peer-initiated stream that 6532 // is in either the "open" or "half-closed (remote)" state. 6533 if msg.parent.state != http2stateOpen && msg.parent.state != http2stateHalfClosedRemote { 6534 // responseWriter.Push checks that the stream is peer-initiated. 6535 msg.done <- http2errStreamClosed 6536 return 6537 } 6538 6539 // http://tools.ietf.org/html/rfc7540#section-6.6. 6540 if !sc.pushEnabled { 6541 msg.done <- ErrNotSupported 6542 return 6543 } 6544 6545 // PUSH_PROMISE frames must be sent in increasing order by stream ID, so 6546 // we allocate an ID for the promised stream lazily, when the PUSH_PROMISE 6547 // is written. Once the ID is allocated, we start the request handler. 6548 allocatePromisedID := func() (uint32, error) { 6549 sc.serveG.check() 6550 6551 // Check this again, just in case. Technically, we might have received 6552 // an updated SETTINGS by the time we got around to writing this frame. 6553 if !sc.pushEnabled { 6554 return 0, ErrNotSupported 6555 } 6556 // http://tools.ietf.org/html/rfc7540#section-6.5.2. 6557 if sc.curPushedStreams+1 > sc.clientMaxStreams { 6558 return 0, http2ErrPushLimitReached 6559 } 6560 6561 // http://tools.ietf.org/html/rfc7540#section-5.1.1. 6562 // Streams initiated by the server MUST use even-numbered identifiers. 6563 // A server that is unable to establish a new stream identifier can send a GOAWAY 6564 // frame so that the client is forced to open a new connection for new streams. 6565 if sc.maxPushPromiseID+2 >= 1<<31 { 6566 sc.startGracefulShutdownInternal() 6567 return 0, http2ErrPushLimitReached 6568 } 6569 sc.maxPushPromiseID += 2 6570 promisedID := sc.maxPushPromiseID 6571 6572 // http://tools.ietf.org/html/rfc7540#section-8.2. 6573 // Strictly speaking, the new stream should start in "reserved (local)", then 6574 // transition to "half closed (remote)" after sending the initial HEADERS, but 6575 // we start in "half closed (remote)" for simplicity. 6576 // See further comments at the definition of stateHalfClosedRemote. 6577 promised := sc.newStream(promisedID, msg.parent.id, http2stateHalfClosedRemote) 6578 rw, req, err := sc.newWriterAndRequestNoBody(promised, http2requestParam{ 6579 method: msg.method, 6580 scheme: msg.url.Scheme, 6581 authority: msg.url.Host, 6582 path: msg.url.RequestURI(), 6583 header: http2cloneHeader(msg.header), // clone since handler runs concurrently with writing the PUSH_PROMISE 6584 }) 6585 if err != nil { 6586 // Should not happen, since we've already validated msg.url. 6587 panic(fmt.Sprintf("newWriterAndRequestNoBody(%+v): %v", msg.url, err)) 6588 } 6589 6590 go sc.runHandler(rw, req, sc.handler.ServeHTTP) 6591 return promisedID, nil 6592 } 6593 6594 sc.writeFrame(http2FrameWriteRequest{ 6595 write: &http2writePushPromise{ 6596 streamID: msg.parent.id, 6597 method: msg.method, 6598 url: msg.url, 6599 h: msg.header, 6600 allocatePromisedID: allocatePromisedID, 6601 }, 6602 stream: msg.parent, 6603 done: msg.done, 6604 }) 6605 } 6606 6607 // foreachHeaderElement splits v according to the "#rule" construction 6608 // in RFC 7230 section 7 and calls fn for each non-empty element. 6609 func http2foreachHeaderElement(v string, fn func(string)) { 6610 v = textproto.TrimString(v) 6611 if v == "" { 6612 return 6613 } 6614 if !strings.Contains(v, ",") { 6615 fn(v) 6616 return 6617 } 6618 for _, f := range strings.Split(v, ",") { 6619 if f = textproto.TrimString(f); f != "" { 6620 fn(f) 6621 } 6622 } 6623 } 6624 6625 // From http://httpwg.org/specs/rfc7540.html#rfc.section.8.1.2.2 6626 var http2connHeaders = []string{ 6627 "Connection", 6628 "Keep-Alive", 6629 "Proxy-Connection", 6630 "Transfer-Encoding", 6631 "Upgrade", 6632 } 6633 6634 // checkValidHTTP2RequestHeaders checks whether h is a valid HTTP/2 request, 6635 // per RFC 7540 Section 8.1.2.2. 6636 // The returned error is reported to users. 6637 func http2checkValidHTTP2RequestHeaders(h Header) error { 6638 for _, k := range http2connHeaders { 6639 if _, ok := h[k]; ok { 6640 return fmt.Errorf("request header %q is not valid in HTTP/2", k) 6641 } 6642 } 6643 te := h["Te"] 6644 if len(te) > 0 && (len(te) > 1 || (te[0] != "trailers" && te[0] != "")) { 6645 return errors.New(`request header "TE" may only be "trailers" in HTTP/2`) 6646 } 6647 return nil 6648 } 6649 6650 func http2new400Handler(err error) HandlerFunc { 6651 return func(w ResponseWriter, r *Request) { 6652 Error(w, err.Error(), StatusBadRequest) 6653 } 6654 } 6655 6656 // h1ServerKeepAlivesDisabled reports whether hs has its keep-alives 6657 // disabled. See comments on h1ServerShutdownChan above for why 6658 // the code is written this way. 6659 func http2h1ServerKeepAlivesDisabled(hs *Server) bool { 6660 var x interface{} = hs 6661 type I interface { 6662 doKeepAlives() bool 6663 } 6664 if hs, ok := x.(I); ok { 6665 return !hs.doKeepAlives() 6666 } 6667 return false 6668 } 6669 6670 const ( 6671 // transportDefaultConnFlow is how many connection-level flow control 6672 // tokens we give the server at start-up, past the default 64k. 6673 http2transportDefaultConnFlow = 1 << 30 6674 6675 // transportDefaultStreamFlow is how many stream-level flow 6676 // control tokens we announce to the peer, and how many bytes 6677 // we buffer per stream. 6678 http2transportDefaultStreamFlow = 4 << 20 6679 6680 // transportDefaultStreamMinRefresh is the minimum number of bytes we'll send 6681 // a stream-level WINDOW_UPDATE for at a time. 6682 http2transportDefaultStreamMinRefresh = 4 << 10 6683 6684 http2defaultUserAgent = "Go-http-client/2.0" 6685 6686 // initialMaxConcurrentStreams is a connections maxConcurrentStreams until 6687 // it's received servers initial SETTINGS frame, which corresponds with the 6688 // spec's minimum recommended value. 6689 http2initialMaxConcurrentStreams = 100 6690 6691 // defaultMaxConcurrentStreams is a connections default maxConcurrentStreams 6692 // if the server doesn't include one in its initial SETTINGS frame. 6693 http2defaultMaxConcurrentStreams = 1000 6694 ) 6695 6696 // Transport is an HTTP/2 Transport. 6697 // 6698 // A Transport internally caches connections to servers. It is safe 6699 // for concurrent use by multiple goroutines. 6700 type http2Transport struct { 6701 // DialTLS specifies an optional dial function for creating 6702 // TLS connections for requests. 6703 // 6704 // If DialTLS is nil, tls.Dial is used. 6705 // 6706 // If the returned net.Conn has a ConnectionState method like tls.Conn, 6707 // it will be used to set http.Response.TLS. 6708 DialTLS func(network, addr string, cfg *tls.Config) (net.Conn, error) 6709 6710 // TLSClientConfig specifies the TLS configuration to use with 6711 // tls.Client. If nil, the default configuration is used. 6712 TLSClientConfig *tls.Config 6713 6714 // ConnPool optionally specifies an alternate connection pool to use. 6715 // If nil, the default is used. 6716 ConnPool http2ClientConnPool 6717 6718 // DisableCompression, if true, prevents the Transport from 6719 // requesting compression with an "Accept-Encoding: gzip" 6720 // request header when the Request contains no existing 6721 // Accept-Encoding value. If the Transport requests gzip on 6722 // its own and gets a gzipped response, it's transparently 6723 // decoded in the Response.Body. However, if the user 6724 // explicitly requested gzip it is not automatically 6725 // uncompressed. 6726 DisableCompression bool 6727 6728 // AllowHTTP, if true, permits HTTP/2 requests using the insecure, 6729 // plain-text "http" scheme. Note that this does not enable h2c support. 6730 AllowHTTP bool 6731 6732 // MaxHeaderListSize is the http2 SETTINGS_MAX_HEADER_LIST_SIZE to 6733 // send in the initial settings frame. It is how many bytes 6734 // of response headers are allowed. Unlike the http2 spec, zero here 6735 // means to use a default limit (currently 10MB). If you actually 6736 // want to advertise an unlimited value to the peer, Transport 6737 // interprets the highest possible value here (0xffffffff or 1<<32-1) 6738 // to mean no limit. 6739 MaxHeaderListSize uint32 6740 6741 // StrictMaxConcurrentStreams controls whether the server's 6742 // SETTINGS_MAX_CONCURRENT_STREAMS should be respected 6743 // globally. If false, new TCP connections are created to the 6744 // server as needed to keep each under the per-connection 6745 // SETTINGS_MAX_CONCURRENT_STREAMS limit. If true, the 6746 // server's SETTINGS_MAX_CONCURRENT_STREAMS is interpreted as 6747 // a global limit and callers of RoundTrip block when needed, 6748 // waiting for their turn. 6749 StrictMaxConcurrentStreams bool 6750 6751 // ReadIdleTimeout is the timeout after which a health check using ping 6752 // frame will be carried out if no frame is received on the connection. 6753 // Note that a ping response will is considered a received frame, so if 6754 // there is no other traffic on the connection, the health check will 6755 // be performed every ReadIdleTimeout interval. 6756 // If zero, no health check is performed. 6757 ReadIdleTimeout time.Duration 6758 6759 // PingTimeout is the timeout after which the connection will be closed 6760 // if a response to Ping is not received. 6761 // Defaults to 15s. 6762 PingTimeout time.Duration 6763 6764 // t1, if non-nil, is the standard library Transport using 6765 // this transport. Its settings are used (but not its 6766 // RoundTrip method, etc). 6767 t1 *Transport 6768 6769 connPoolOnce sync.Once 6770 connPoolOrDef http2ClientConnPool // non-nil version of ConnPool 6771 } 6772 6773 func (t *http2Transport) maxHeaderListSize() uint32 { 6774 if t.MaxHeaderListSize == 0 { 6775 return 10 << 20 6776 } 6777 if t.MaxHeaderListSize == 0xffffffff { 6778 return 0 6779 } 6780 return t.MaxHeaderListSize 6781 } 6782 6783 func (t *http2Transport) disableCompression() bool { 6784 return t.DisableCompression || (t.t1 != nil && t.t1.DisableCompression) 6785 } 6786 6787 func (t *http2Transport) pingTimeout() time.Duration { 6788 if t.PingTimeout == 0 { 6789 return 15 * time.Second 6790 } 6791 return t.PingTimeout 6792 6793 } 6794 6795 // ConfigureTransport configures a net/http HTTP/1 Transport to use HTTP/2. 6796 // It returns an error if t1 has already been HTTP/2-enabled. 6797 // 6798 // Use ConfigureTransports instead to configure the HTTP/2 Transport. 6799 func http2ConfigureTransport(t1 *Transport) error { 6800 _, err := http2ConfigureTransports(t1) 6801 return err 6802 } 6803 6804 // ConfigureTransports configures a net/http HTTP/1 Transport to use HTTP/2. 6805 // It returns a new HTTP/2 Transport for further configuration. 6806 // It returns an error if t1 has already been HTTP/2-enabled. 6807 func http2ConfigureTransports(t1 *Transport) (*http2Transport, error) { 6808 return http2configureTransports(t1) 6809 } 6810 6811 func http2configureTransports(t1 *Transport) (*http2Transport, error) { 6812 connPool := new(http2clientConnPool) 6813 t2 := &http2Transport{ 6814 ConnPool: http2noDialClientConnPool{connPool}, 6815 t1: t1, 6816 } 6817 connPool.t = t2 6818 if err := http2registerHTTPSProtocol(t1, http2noDialH2RoundTripper{t2}); err != nil { 6819 return nil, err 6820 } 6821 if t1.TLSClientConfig == nil { 6822 t1.TLSClientConfig = new(tls.Config) 6823 } 6824 if !http2strSliceContains(t1.TLSClientConfig.NextProtos, "h2") { 6825 t1.TLSClientConfig.NextProtos = append([]string{"h2"}, t1.TLSClientConfig.NextProtos...) 6826 } 6827 if !http2strSliceContains(t1.TLSClientConfig.NextProtos, "http/1.1") { 6828 t1.TLSClientConfig.NextProtos = append(t1.TLSClientConfig.NextProtos, "http/1.1") 6829 } 6830 upgradeFn := func(authority string, c *tls.Conn) RoundTripper { 6831 addr := http2authorityAddr("https", authority) 6832 if used, err := connPool.addConnIfNeeded(addr, t2, c); err != nil { 6833 go c.Close() 6834 return http2erringRoundTripper{err} 6835 } else if !used { 6836 // Turns out we don't need this c. 6837 // For example, two goroutines made requests to the same host 6838 // at the same time, both kicking off TCP dials. (since protocol 6839 // was unknown) 6840 go c.Close() 6841 } 6842 return t2 6843 } 6844 if m := t1.TLSNextProto; len(m) == 0 { 6845 t1.TLSNextProto = map[string]func(string, *tls.Conn) RoundTripper{ 6846 "h2": upgradeFn, 6847 } 6848 } else { 6849 m["h2"] = upgradeFn 6850 } 6851 return t2, nil 6852 } 6853 6854 func (t *http2Transport) connPool() http2ClientConnPool { 6855 t.connPoolOnce.Do(t.initConnPool) 6856 return t.connPoolOrDef 6857 } 6858 6859 func (t *http2Transport) initConnPool() { 6860 if t.ConnPool != nil { 6861 t.connPoolOrDef = t.ConnPool 6862 } else { 6863 t.connPoolOrDef = &http2clientConnPool{t: t} 6864 } 6865 } 6866 6867 // ClientConn is the state of a single HTTP/2 client connection to an 6868 // HTTP/2 server. 6869 type http2ClientConn struct { 6870 t *http2Transport 6871 tconn net.Conn // usually *tls.Conn, except specialized impls 6872 tlsState *tls.ConnectionState // nil only for specialized impls 6873 reused uint32 // whether conn is being reused; atomic 6874 singleUse bool // whether being used for a single http.Request 6875 getConnCalled bool // used by clientConnPool 6876 6877 // readLoop goroutine fields: 6878 readerDone chan struct{} // closed on error 6879 readerErr error // set before readerDone is closed 6880 6881 idleTimeout time.Duration // or 0 for never 6882 idleTimer *time.Timer 6883 6884 mu sync.Mutex // guards following 6885 cond *sync.Cond // hold mu; broadcast on flow/closed changes 6886 flow http2flow // our conn-level flow control quota (cs.flow is per stream) 6887 inflow http2flow // peer's conn-level flow control 6888 doNotReuse bool // whether conn is marked to not be reused for any future requests 6889 closing bool 6890 closed bool 6891 seenSettings bool // true if we've seen a settings frame, false otherwise 6892 wantSettingsAck bool // we sent a SETTINGS frame and haven't heard back 6893 goAway *http2GoAwayFrame // if non-nil, the GoAwayFrame we received 6894 goAwayDebug string // goAway frame's debug data, retained as a string 6895 streams map[uint32]*http2clientStream // client-initiated 6896 streamsReserved int // incr by ReserveNewRequest; decr on RoundTrip 6897 nextStreamID uint32 6898 pendingRequests int // requests blocked and waiting to be sent because len(streams) == maxConcurrentStreams 6899 pings map[[8]byte]chan struct{} // in flight ping data to notification channel 6900 br *bufio.Reader 6901 lastActive time.Time 6902 lastIdle time.Time // time last idle 6903 // Settings from peer: (also guarded by wmu) 6904 maxFrameSize uint32 6905 maxConcurrentStreams uint32 6906 peerMaxHeaderListSize uint64 6907 initialWindowSize uint32 6908 6909 // reqHeaderMu is a 1-element semaphore channel controlling access to sending new requests. 6910 // Write to reqHeaderMu to lock it, read from it to unlock. 6911 // Lock reqmu BEFORE mu or wmu. 6912 reqHeaderMu chan struct{} 6913 6914 // wmu is held while writing. 6915 // Acquire BEFORE mu when holding both, to avoid blocking mu on network writes. 6916 // Only acquire both at the same time when changing peer settings. 6917 wmu sync.Mutex 6918 bw *bufio.Writer 6919 fr *http2Framer 6920 werr error // first write error that has occurred 6921 hbuf bytes.Buffer // HPACK encoder writes into this 6922 henc *hpack.Encoder 6923 } 6924 6925 // clientStream is the state for a single HTTP/2 stream. One of these 6926 // is created for each Transport.RoundTrip call. 6927 type http2clientStream struct { 6928 cc *http2ClientConn 6929 6930 // Fields of Request that we may access even after the response body is closed. 6931 ctx context.Context 6932 reqCancel <-chan struct{} 6933 6934 trace *httptrace.ClientTrace // or nil 6935 ID uint32 6936 bufPipe http2pipe // buffered pipe with the flow-controlled response payload 6937 requestedGzip bool 6938 isHead bool 6939 6940 abortOnce sync.Once 6941 abort chan struct{} // closed to signal stream should end immediately 6942 abortErr error // set if abort is closed 6943 6944 peerClosed chan struct{} // closed when the peer sends an END_STREAM flag 6945 donec chan struct{} // closed after the stream is in the closed state 6946 on100 chan struct{} // buffered; written to if a 100 is received 6947 6948 respHeaderRecv chan struct{} // closed when headers are received 6949 res *Response // set if respHeaderRecv is closed 6950 6951 flow http2flow // guarded by cc.mu 6952 inflow http2flow // guarded by cc.mu 6953 bytesRemain int64 // -1 means unknown; owned by transportResponseBody.Read 6954 readErr error // sticky read error; owned by transportResponseBody.Read 6955 6956 reqBody io.ReadCloser 6957 reqBodyContentLength int64 // -1 means unknown 6958 reqBodyClosed bool // body has been closed; guarded by cc.mu 6959 6960 // owned by writeRequest: 6961 sentEndStream bool // sent an END_STREAM flag to the peer 6962 sentHeaders bool 6963 6964 // owned by clientConnReadLoop: 6965 firstByte bool // got the first response byte 6966 pastHeaders bool // got first MetaHeadersFrame (actual headers) 6967 pastTrailers bool // got optional second MetaHeadersFrame (trailers) 6968 num1xx uint8 // number of 1xx responses seen 6969 readClosed bool // peer sent an END_STREAM flag 6970 readAborted bool // read loop reset the stream 6971 6972 trailer Header // accumulated trailers 6973 resTrailer *Header // client's Response.Trailer 6974 } 6975 6976 var http2got1xxFuncForTests func(int, textproto.MIMEHeader) error 6977 6978 // get1xxTraceFunc returns the value of request's httptrace.ClientTrace.Got1xxResponse func, 6979 // if any. It returns nil if not set or if the Go version is too old. 6980 func (cs *http2clientStream) get1xxTraceFunc() func(int, textproto.MIMEHeader) error { 6981 if fn := http2got1xxFuncForTests; fn != nil { 6982 return fn 6983 } 6984 return http2traceGot1xxResponseFunc(cs.trace) 6985 } 6986 6987 func (cs *http2clientStream) abortStream(err error) { 6988 cs.cc.mu.Lock() 6989 defer cs.cc.mu.Unlock() 6990 cs.abortStreamLocked(err) 6991 } 6992 6993 func (cs *http2clientStream) abortStreamLocked(err error) { 6994 cs.abortOnce.Do(func() { 6995 cs.abortErr = err 6996 close(cs.abort) 6997 }) 6998 if cs.reqBody != nil && !cs.reqBodyClosed { 6999 cs.reqBody.Close() 7000 cs.reqBodyClosed = true 7001 } 7002 // TODO(dneil): Clean up tests where cs.cc.cond is nil. 7003 if cs.cc.cond != nil { 7004 // Wake up writeRequestBody if it is waiting on flow control. 7005 cs.cc.cond.Broadcast() 7006 } 7007 } 7008 7009 func (cs *http2clientStream) abortRequestBodyWrite() { 7010 cc := cs.cc 7011 cc.mu.Lock() 7012 defer cc.mu.Unlock() 7013 if cs.reqBody != nil && !cs.reqBodyClosed { 7014 cs.reqBody.Close() 7015 cs.reqBodyClosed = true 7016 cc.cond.Broadcast() 7017 } 7018 } 7019 7020 type http2stickyErrWriter struct { 7021 w io.Writer 7022 err *error 7023 } 7024 7025 func (sew http2stickyErrWriter) Write(p []byte) (n int, err error) { 7026 if *sew.err != nil { 7027 return 0, *sew.err 7028 } 7029 n, err = sew.w.Write(p) 7030 *sew.err = err 7031 return 7032 } 7033 7034 // noCachedConnError is the concrete type of ErrNoCachedConn, which 7035 // needs to be detected by net/http regardless of whether it's its 7036 // bundled version (in h2_bundle.go with a rewritten type name) or 7037 // from a user's x/net/http2. As such, as it has a unique method name 7038 // (IsHTTP2NoCachedConnError) that net/http sniffs for via func 7039 // isNoCachedConnError. 7040 type http2noCachedConnError struct{} 7041 7042 func (http2noCachedConnError) IsHTTP2NoCachedConnError() {} 7043 7044 func (http2noCachedConnError) Error() string { return "http2: no cached connection was available" } 7045 7046 // isNoCachedConnError reports whether err is of type noCachedConnError 7047 // or its equivalent renamed type in net/http2's h2_bundle.go. Both types 7048 // may coexist in the same running program. 7049 func http2isNoCachedConnError(err error) bool { 7050 _, ok := err.(interface{ IsHTTP2NoCachedConnError() }) 7051 return ok 7052 } 7053 7054 var http2ErrNoCachedConn error = http2noCachedConnError{} 7055 7056 // RoundTripOpt are options for the Transport.RoundTripOpt method. 7057 type http2RoundTripOpt struct { 7058 // OnlyCachedConn controls whether RoundTripOpt may 7059 // create a new TCP connection. If set true and 7060 // no cached connection is available, RoundTripOpt 7061 // will return ErrNoCachedConn. 7062 OnlyCachedConn bool 7063 } 7064 7065 func (t *http2Transport) RoundTrip(req *Request) (*Response, error) { 7066 return t.RoundTripOpt(req, http2RoundTripOpt{}) 7067 } 7068 7069 // authorityAddr returns a given authority (a host/IP, or host:port / ip:port) 7070 // and returns a host:port. The port 443 is added if needed. 7071 func http2authorityAddr(scheme string, authority string) (addr string) { 7072 host, port, err := net.SplitHostPort(authority) 7073 if err != nil { // authority didn't have a port 7074 port = "443" 7075 if scheme == "http" { 7076 port = "80" 7077 } 7078 host = authority 7079 } 7080 if a, err := idna.ToASCII(host); err == nil { 7081 host = a 7082 } 7083 // IPv6 address literal, without a port: 7084 if strings.HasPrefix(host, "[") && strings.HasSuffix(host, "]") { 7085 return host + ":" + port 7086 } 7087 return net.JoinHostPort(host, port) 7088 } 7089 7090 // RoundTripOpt is like RoundTrip, but takes options. 7091 func (t *http2Transport) RoundTripOpt(req *Request, opt http2RoundTripOpt) (*Response, error) { 7092 if !(req.URL.Scheme == "https" || (req.URL.Scheme == "http" && t.AllowHTTP)) { 7093 return nil, errors.New("http2: unsupported scheme") 7094 } 7095 7096 addr := http2authorityAddr(req.URL.Scheme, req.URL.Host) 7097 for retry := 0; ; retry++ { 7098 cc, err := t.connPool().GetClientConn(req, addr) 7099 if err != nil { 7100 t.vlogf("http2: Transport failed to get client conn for %s: %v", addr, err) 7101 return nil, err 7102 } 7103 reused := !atomic.CompareAndSwapUint32(&cc.reused, 0, 1) 7104 http2traceGotConn(req, cc, reused) 7105 res, err := cc.RoundTrip(req) 7106 if err != nil && retry <= 6 { 7107 if req, err = http2shouldRetryRequest(req, err); err == nil { 7108 // After the first retry, do exponential backoff with 10% jitter. 7109 if retry == 0 { 7110 continue 7111 } 7112 backoff := float64(uint(1) << (uint(retry) - 1)) 7113 backoff += backoff * (0.1 * mathrand.Float64()) 7114 select { 7115 case <-time.After(time.Second * time.Duration(backoff)): 7116 continue 7117 case <-req.Context().Done(): 7118 err = req.Context().Err() 7119 } 7120 } 7121 } 7122 if err != nil { 7123 t.vlogf("RoundTrip failure: %v", err) 7124 return nil, err 7125 } 7126 return res, nil 7127 } 7128 } 7129 7130 // CloseIdleConnections closes any connections which were previously 7131 // connected from previous requests but are now sitting idle. 7132 // It does not interrupt any connections currently in use. 7133 func (t *http2Transport) CloseIdleConnections() { 7134 if cp, ok := t.connPool().(http2clientConnPoolIdleCloser); ok { 7135 cp.closeIdleConnections() 7136 } 7137 } 7138 7139 var ( 7140 http2errClientConnClosed = errors.New("http2: client conn is closed") 7141 http2errClientConnUnusable = errors.New("http2: client conn not usable") 7142 http2errClientConnGotGoAway = errors.New("http2: Transport received Server's graceful shutdown GOAWAY") 7143 ) 7144 7145 // shouldRetryRequest is called by RoundTrip when a request fails to get 7146 // response headers. It is always called with a non-nil error. 7147 // It returns either a request to retry (either the same request, or a 7148 // modified clone), or an error if the request can't be replayed. 7149 func http2shouldRetryRequest(req *Request, err error) (*Request, error) { 7150 if !http2canRetryError(err) { 7151 return nil, err 7152 } 7153 // If the Body is nil (or http.NoBody), it's safe to reuse 7154 // this request and its Body. 7155 if req.Body == nil || req.Body == NoBody { 7156 return req, nil 7157 } 7158 7159 // If the request body can be reset back to its original 7160 // state via the optional req.GetBody, do that. 7161 if req.GetBody != nil { 7162 body, err := req.GetBody() 7163 if err != nil { 7164 return nil, err 7165 } 7166 newReq := *req 7167 newReq.Body = body 7168 return &newReq, nil 7169 } 7170 7171 // The Request.Body can't reset back to the beginning, but we 7172 // don't seem to have started to read from it yet, so reuse 7173 // the request directly. 7174 if err == http2errClientConnUnusable { 7175 return req, nil 7176 } 7177 7178 return nil, fmt.Errorf("http2: Transport: cannot retry err [%v] after Request.Body was written; define Request.GetBody to avoid this error", err) 7179 } 7180 7181 func http2canRetryError(err error) bool { 7182 if err == http2errClientConnUnusable || err == http2errClientConnGotGoAway { 7183 return true 7184 } 7185 if se, ok := err.(http2StreamError); ok { 7186 if se.Code == http2ErrCodeProtocol && se.Cause == http2errFromPeer { 7187 // See golang/go#47635, golang/go#42777 7188 return true 7189 } 7190 return se.Code == http2ErrCodeRefusedStream 7191 } 7192 return false 7193 } 7194 7195 func (t *http2Transport) dialClientConn(ctx context.Context, addr string, singleUse bool) (*http2ClientConn, error) { 7196 host, _, err := net.SplitHostPort(addr) 7197 if err != nil { 7198 return nil, err 7199 } 7200 tconn, err := t.dialTLS(ctx)("tcp", addr, t.newTLSConfig(host)) 7201 if err != nil { 7202 return nil, err 7203 } 7204 return t.newClientConn(tconn, singleUse) 7205 } 7206 7207 func (t *http2Transport) newTLSConfig(host string) *tls.Config { 7208 cfg := new(tls.Config) 7209 if t.TLSClientConfig != nil { 7210 *cfg = *t.TLSClientConfig.Clone() 7211 } 7212 if !http2strSliceContains(cfg.NextProtos, http2NextProtoTLS) { 7213 cfg.NextProtos = append([]string{http2NextProtoTLS}, cfg.NextProtos...) 7214 } 7215 if cfg.ServerName == "" { 7216 cfg.ServerName = host 7217 } 7218 return cfg 7219 } 7220 7221 func (t *http2Transport) dialTLS(ctx context.Context) func(string, string, *tls.Config) (net.Conn, error) { 7222 if t.DialTLS != nil { 7223 return t.DialTLS 7224 } 7225 return func(network, addr string, cfg *tls.Config) (net.Conn, error) { 7226 tlsCn, err := t.dialTLSWithContext(ctx, network, addr, cfg) 7227 if err != nil { 7228 return nil, err 7229 } 7230 state := tlsCn.ConnectionState() 7231 if p := state.NegotiatedProtocol; p != http2NextProtoTLS { 7232 return nil, fmt.Errorf("http2: unexpected ALPN protocol %q; want %q", p, http2NextProtoTLS) 7233 } 7234 if !state.NegotiatedProtocolIsMutual { 7235 return nil, errors.New("http2: could not negotiate protocol mutually") 7236 } 7237 return tlsCn, nil 7238 } 7239 } 7240 7241 // disableKeepAlives reports whether connections should be closed as 7242 // soon as possible after handling the first request. 7243 func (t *http2Transport) disableKeepAlives() bool { 7244 return t.t1 != nil && t.t1.DisableKeepAlives 7245 } 7246 7247 func (t *http2Transport) expectContinueTimeout() time.Duration { 7248 if t.t1 == nil { 7249 return 0 7250 } 7251 return t.t1.ExpectContinueTimeout 7252 } 7253 7254 func (t *http2Transport) NewClientConn(c net.Conn) (*http2ClientConn, error) { 7255 return t.newClientConn(c, t.disableKeepAlives()) 7256 } 7257 7258 func (t *http2Transport) newClientConn(c net.Conn, singleUse bool) (*http2ClientConn, error) { 7259 cc := &http2ClientConn{ 7260 t: t, 7261 tconn: c, 7262 readerDone: make(chan struct{}), 7263 nextStreamID: 1, 7264 maxFrameSize: 16 << 10, // spec default 7265 initialWindowSize: 65535, // spec default 7266 maxConcurrentStreams: http2initialMaxConcurrentStreams, // "infinite", per spec. Use a smaller value until we have received server settings. 7267 peerMaxHeaderListSize: 0xffffffffffffffff, // "infinite", per spec. Use 2^64-1 instead. 7268 streams: make(map[uint32]*http2clientStream), 7269 singleUse: singleUse, 7270 wantSettingsAck: true, 7271 pings: make(map[[8]byte]chan struct{}), 7272 reqHeaderMu: make(chan struct{}, 1), 7273 } 7274 if d := t.idleConnTimeout(); d != 0 { 7275 cc.idleTimeout = d 7276 cc.idleTimer = time.AfterFunc(d, cc.onIdleTimeout) 7277 } 7278 if http2VerboseLogs { 7279 t.vlogf("http2: Transport creating client conn %p to %v", cc, c.RemoteAddr()) 7280 } 7281 7282 cc.cond = sync.NewCond(&cc.mu) 7283 cc.flow.add(int32(http2initialWindowSize)) 7284 7285 // TODO: adjust this writer size to account for frame size + 7286 // MTU + crypto/tls record padding. 7287 cc.bw = bufio.NewWriter(http2stickyErrWriter{c, &cc.werr}) 7288 cc.br = bufio.NewReader(c) 7289 cc.fr = http2NewFramer(cc.bw, cc.br) 7290 cc.fr.ReadMetaHeaders = hpack.NewDecoder(http2initialHeaderTableSize, nil) 7291 cc.fr.MaxHeaderListSize = t.maxHeaderListSize() 7292 7293 // TODO: SetMaxDynamicTableSize, SetMaxDynamicTableSizeLimit on 7294 // henc in response to SETTINGS frames? 7295 cc.henc = hpack.NewEncoder(&cc.hbuf) 7296 7297 if t.AllowHTTP { 7298 cc.nextStreamID = 3 7299 } 7300 7301 if cs, ok := c.(http2connectionStater); ok { 7302 state := cs.ConnectionState() 7303 cc.tlsState = &state 7304 } 7305 7306 initialSettings := []http2Setting{ 7307 {ID: http2SettingEnablePush, Val: 0}, 7308 {ID: http2SettingInitialWindowSize, Val: http2transportDefaultStreamFlow}, 7309 } 7310 if max := t.maxHeaderListSize(); max != 0 { 7311 initialSettings = append(initialSettings, http2Setting{ID: http2SettingMaxHeaderListSize, Val: max}) 7312 } 7313 7314 cc.bw.Write(http2clientPreface) 7315 cc.fr.WriteSettings(initialSettings...) 7316 cc.fr.WriteWindowUpdate(0, http2transportDefaultConnFlow) 7317 cc.inflow.add(http2transportDefaultConnFlow + http2initialWindowSize) 7318 cc.bw.Flush() 7319 if cc.werr != nil { 7320 cc.Close() 7321 return nil, cc.werr 7322 } 7323 7324 go cc.readLoop() 7325 return cc, nil 7326 } 7327 7328 func (cc *http2ClientConn) healthCheck() { 7329 pingTimeout := cc.t.pingTimeout() 7330 // We don't need to periodically ping in the health check, because the readLoop of ClientConn will 7331 // trigger the healthCheck again if there is no frame received. 7332 ctx, cancel := context.WithTimeout(context.Background(), pingTimeout) 7333 defer cancel() 7334 err := cc.Ping(ctx) 7335 if err != nil { 7336 cc.closeForLostPing() 7337 cc.t.connPool().MarkDead(cc) 7338 return 7339 } 7340 } 7341 7342 // SetDoNotReuse marks cc as not reusable for future HTTP requests. 7343 func (cc *http2ClientConn) SetDoNotReuse() { 7344 cc.mu.Lock() 7345 defer cc.mu.Unlock() 7346 cc.doNotReuse = true 7347 } 7348 7349 func (cc *http2ClientConn) setGoAway(f *http2GoAwayFrame) { 7350 cc.mu.Lock() 7351 defer cc.mu.Unlock() 7352 7353 old := cc.goAway 7354 cc.goAway = f 7355 7356 // Merge the previous and current GoAway error frames. 7357 if cc.goAwayDebug == "" { 7358 cc.goAwayDebug = string(f.DebugData()) 7359 } 7360 if old != nil && old.ErrCode != http2ErrCodeNo { 7361 cc.goAway.ErrCode = old.ErrCode 7362 } 7363 last := f.LastStreamID 7364 for streamID, cs := range cc.streams { 7365 if streamID > last { 7366 cs.abortStreamLocked(http2errClientConnGotGoAway) 7367 } 7368 } 7369 } 7370 7371 // CanTakeNewRequest reports whether the connection can take a new request, 7372 // meaning it has not been closed or received or sent a GOAWAY. 7373 // 7374 // If the caller is going to immediately make a new request on this 7375 // connection, use ReserveNewRequest instead. 7376 func (cc *http2ClientConn) CanTakeNewRequest() bool { 7377 cc.mu.Lock() 7378 defer cc.mu.Unlock() 7379 return cc.canTakeNewRequestLocked() 7380 } 7381 7382 // ReserveNewRequest is like CanTakeNewRequest but also reserves a 7383 // concurrent stream in cc. The reservation is decremented on the 7384 // next call to RoundTrip. 7385 func (cc *http2ClientConn) ReserveNewRequest() bool { 7386 cc.mu.Lock() 7387 defer cc.mu.Unlock() 7388 if st := cc.idleStateLocked(); !st.canTakeNewRequest { 7389 return false 7390 } 7391 cc.streamsReserved++ 7392 return true 7393 } 7394 7395 // clientConnIdleState describes the suitability of a client 7396 // connection to initiate a new RoundTrip request. 7397 type http2clientConnIdleState struct { 7398 canTakeNewRequest bool 7399 } 7400 7401 func (cc *http2ClientConn) idleState() http2clientConnIdleState { 7402 cc.mu.Lock() 7403 defer cc.mu.Unlock() 7404 return cc.idleStateLocked() 7405 } 7406 7407 func (cc *http2ClientConn) idleStateLocked() (st http2clientConnIdleState) { 7408 if cc.singleUse && cc.nextStreamID > 1 { 7409 return 7410 } 7411 var maxConcurrentOkay bool 7412 if cc.t.StrictMaxConcurrentStreams { 7413 // We'll tell the caller we can take a new request to 7414 // prevent the caller from dialing a new TCP 7415 // connection, but then we'll block later before 7416 // writing it. 7417 maxConcurrentOkay = true 7418 } else { 7419 maxConcurrentOkay = int64(len(cc.streams)+cc.streamsReserved+1) <= int64(cc.maxConcurrentStreams) 7420 } 7421 7422 st.canTakeNewRequest = cc.goAway == nil && !cc.closed && !cc.closing && maxConcurrentOkay && 7423 !cc.doNotReuse && 7424 int64(cc.nextStreamID)+2*int64(cc.pendingRequests) < math.MaxInt32 && 7425 !cc.tooIdleLocked() 7426 return 7427 } 7428 7429 func (cc *http2ClientConn) canTakeNewRequestLocked() bool { 7430 st := cc.idleStateLocked() 7431 return st.canTakeNewRequest 7432 } 7433 7434 // tooIdleLocked reports whether this connection has been been sitting idle 7435 // for too much wall time. 7436 func (cc *http2ClientConn) tooIdleLocked() bool { 7437 // The Round(0) strips the monontonic clock reading so the 7438 // times are compared based on their wall time. We don't want 7439 // to reuse a connection that's been sitting idle during 7440 // VM/laptop suspend if monotonic time was also frozen. 7441 return cc.idleTimeout != 0 && !cc.lastIdle.IsZero() && time.Since(cc.lastIdle.Round(0)) > cc.idleTimeout 7442 } 7443 7444 // onIdleTimeout is called from a time.AfterFunc goroutine. It will 7445 // only be called when we're idle, but because we're coming from a new 7446 // goroutine, there could be a new request coming in at the same time, 7447 // so this simply calls the synchronized closeIfIdle to shut down this 7448 // connection. The timer could just call closeIfIdle, but this is more 7449 // clear. 7450 func (cc *http2ClientConn) onIdleTimeout() { 7451 cc.closeIfIdle() 7452 } 7453 7454 func (cc *http2ClientConn) closeIfIdle() { 7455 cc.mu.Lock() 7456 if len(cc.streams) > 0 || cc.streamsReserved > 0 { 7457 cc.mu.Unlock() 7458 return 7459 } 7460 cc.closed = true 7461 nextID := cc.nextStreamID 7462 // TODO: do clients send GOAWAY too? maybe? Just Close: 7463 cc.mu.Unlock() 7464 7465 if http2VerboseLogs { 7466 cc.vlogf("http2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)", cc, cc.singleUse, nextID-2) 7467 } 7468 cc.tconn.Close() 7469 } 7470 7471 func (cc *http2ClientConn) isDoNotReuseAndIdle() bool { 7472 cc.mu.Lock() 7473 defer cc.mu.Unlock() 7474 return cc.doNotReuse && len(cc.streams) == 0 7475 } 7476 7477 var http2shutdownEnterWaitStateHook = func() {} 7478 7479 // Shutdown gracefully closes the client connection, waiting for running streams to complete. 7480 func (cc *http2ClientConn) Shutdown(ctx context.Context) error { 7481 if err := cc.sendGoAway(); err != nil { 7482 return err 7483 } 7484 // Wait for all in-flight streams to complete or connection to close 7485 done := make(chan error, 1) 7486 cancelled := false // guarded by cc.mu 7487 go func() { 7488 cc.mu.Lock() 7489 defer cc.mu.Unlock() 7490 for { 7491 if len(cc.streams) == 0 || cc.closed { 7492 cc.closed = true 7493 done <- cc.tconn.Close() 7494 break 7495 } 7496 if cancelled { 7497 break 7498 } 7499 cc.cond.Wait() 7500 } 7501 }() 7502 http2shutdownEnterWaitStateHook() 7503 select { 7504 case err := <-done: 7505 return err 7506 case <-ctx.Done(): 7507 cc.mu.Lock() 7508 // Free the goroutine above 7509 cancelled = true 7510 cc.cond.Broadcast() 7511 cc.mu.Unlock() 7512 return ctx.Err() 7513 } 7514 } 7515 7516 func (cc *http2ClientConn) sendGoAway() error { 7517 cc.mu.Lock() 7518 closing := cc.closing 7519 cc.closing = true 7520 maxStreamID := cc.nextStreamID 7521 cc.mu.Unlock() 7522 if closing { 7523 // GOAWAY sent already 7524 return nil 7525 } 7526 7527 cc.wmu.Lock() 7528 defer cc.wmu.Unlock() 7529 // Send a graceful shutdown frame to server 7530 if err := cc.fr.WriteGoAway(maxStreamID, http2ErrCodeNo, nil); err != nil { 7531 return err 7532 } 7533 if err := cc.bw.Flush(); err != nil { 7534 return err 7535 } 7536 // Prevent new requests 7537 return nil 7538 } 7539 7540 // closes the client connection immediately. In-flight requests are interrupted. 7541 // err is sent to streams. 7542 func (cc *http2ClientConn) closeForError(err error) error { 7543 cc.mu.Lock() 7544 cc.closed = true 7545 for _, cs := range cc.streams { 7546 cs.abortStreamLocked(err) 7547 } 7548 defer cc.cond.Broadcast() 7549 defer cc.mu.Unlock() 7550 return cc.tconn.Close() 7551 } 7552 7553 // Close closes the client connection immediately. 7554 // 7555 // In-flight requests are interrupted. For a graceful shutdown, use Shutdown instead. 7556 func (cc *http2ClientConn) Close() error { 7557 err := errors.New("http2: client connection force closed via ClientConn.Close") 7558 return cc.closeForError(err) 7559 } 7560 7561 // closes the client connection immediately. In-flight requests are interrupted. 7562 func (cc *http2ClientConn) closeForLostPing() error { 7563 err := errors.New("http2: client connection lost") 7564 return cc.closeForError(err) 7565 } 7566 7567 // errRequestCanceled is a copy of net/http's errRequestCanceled because it's not 7568 // exported. At least they'll be DeepEqual for h1-vs-h2 comparisons tests. 7569 var http2errRequestCanceled = errors.New("gitee.com/ks-custle/core-gm/gmhttp: request canceled") 7570 7571 func http2commaSeparatedTrailers(req *Request) (string, error) { 7572 keys := make([]string, 0, len(req.Trailer)) 7573 for k := range req.Trailer { 7574 k = CanonicalHeaderKey(k) 7575 switch k { 7576 case "Transfer-Encoding", "Trailer", "Content-Length": 7577 return "", fmt.Errorf("invalid Trailer key %q", k) 7578 } 7579 keys = append(keys, k) 7580 } 7581 if len(keys) > 0 { 7582 sort.Strings(keys) 7583 return strings.Join(keys, ","), nil 7584 } 7585 return "", nil 7586 } 7587 7588 func (cc *http2ClientConn) responseHeaderTimeout() time.Duration { 7589 if cc.t.t1 != nil { 7590 return cc.t.t1.ResponseHeaderTimeout 7591 } 7592 // No way to do this (yet?) with just an http2.Transport. Probably 7593 // no need. Request.Cancel this is the new way. We only need to support 7594 // this for compatibility with the old http.Transport fields when 7595 // we're doing transparent http2. 7596 return 0 7597 } 7598 7599 // checkConnHeaders checks whether req has any invalid connection-level headers. 7600 // per RFC 7540 section 8.1.2.2: Connection-Specific Header Fields. 7601 // Certain headers are special-cased as okay but not transmitted later. 7602 func http2checkConnHeaders(req *Request) error { 7603 if v := req.Header.Get("Upgrade"); v != "" { 7604 return fmt.Errorf("http2: invalid Upgrade request header: %q", req.Header["Upgrade"]) 7605 } 7606 if vv := req.Header["Transfer-Encoding"]; len(vv) > 0 && (len(vv) > 1 || vv[0] != "" && vv[0] != "chunked") { 7607 return fmt.Errorf("http2: invalid Transfer-Encoding request header: %q", vv) 7608 } 7609 if vv := req.Header["Connection"]; len(vv) > 0 && (len(vv) > 1 || vv[0] != "" && !http2asciiEqualFold(vv[0], "close") && !http2asciiEqualFold(vv[0], "keep-alive")) { 7610 return fmt.Errorf("http2: invalid Connection request header: %q", vv) 7611 } 7612 return nil 7613 } 7614 7615 // actualContentLength returns a sanitized version of 7616 // req.ContentLength, where 0 actually means zero (not unknown) and -1 7617 // means unknown. 7618 func http2actualContentLength(req *Request) int64 { 7619 if req.Body == nil || req.Body == NoBody { 7620 return 0 7621 } 7622 if req.ContentLength != 0 { 7623 return req.ContentLength 7624 } 7625 return -1 7626 } 7627 7628 func (cc *http2ClientConn) decrStreamReservations() { 7629 cc.mu.Lock() 7630 defer cc.mu.Unlock() 7631 cc.decrStreamReservationsLocked() 7632 } 7633 7634 func (cc *http2ClientConn) decrStreamReservationsLocked() { 7635 if cc.streamsReserved > 0 { 7636 cc.streamsReserved-- 7637 } 7638 } 7639 7640 func (cc *http2ClientConn) RoundTrip(req *Request) (*Response, error) { 7641 ctx := req.Context() 7642 cs := &http2clientStream{ 7643 cc: cc, 7644 ctx: ctx, 7645 reqCancel: req.Cancel, 7646 isHead: req.Method == "HEAD", 7647 reqBody: req.Body, 7648 reqBodyContentLength: http2actualContentLength(req), 7649 trace: httptrace.ContextClientTrace(ctx), 7650 peerClosed: make(chan struct{}), 7651 abort: make(chan struct{}), 7652 respHeaderRecv: make(chan struct{}), 7653 donec: make(chan struct{}), 7654 } 7655 go cs.doRequest(req) 7656 7657 waitDone := func() error { 7658 select { 7659 case <-cs.donec: 7660 return nil 7661 case <-ctx.Done(): 7662 return ctx.Err() 7663 case <-cs.reqCancel: 7664 return http2errRequestCanceled 7665 } 7666 } 7667 7668 handleResponseHeaders := func() (*Response, error) { 7669 res := cs.res 7670 if res.StatusCode > 299 { 7671 // On error or status code 3xx, 4xx, 5xx, etc abort any 7672 // ongoing write, assuming that the server doesn't care 7673 // about our request body. If the server replied with 1xx or 7674 // 2xx, however, then assume the server DOES potentially 7675 // want our body (e.g. full-duplex streaming: 7676 // golang.org/issue/13444). If it turns out the server 7677 // doesn't, they'll RST_STREAM us soon enough. This is a 7678 // heuristic to avoid adding knobs to Transport. Hopefully 7679 // we can keep it. 7680 cs.abortRequestBodyWrite() 7681 } 7682 res.Request = req 7683 res.TLS = cc.tlsState 7684 if res.Body == http2noBody && http2actualContentLength(req) == 0 { 7685 // If there isn't a request or response body still being 7686 // written, then wait for the stream to be closed before 7687 // RoundTrip returns. 7688 if err := waitDone(); err != nil { 7689 return nil, err 7690 } 7691 } 7692 return res, nil 7693 } 7694 7695 for { 7696 select { 7697 case <-cs.respHeaderRecv: 7698 return handleResponseHeaders() 7699 case <-cs.abort: 7700 select { 7701 case <-cs.respHeaderRecv: 7702 // If both cs.respHeaderRecv and cs.abort are signaling, 7703 // pick respHeaderRecv. The server probably wrote the 7704 // response and immediately reset the stream. 7705 // golang.org/issue/49645 7706 return handleResponseHeaders() 7707 default: 7708 waitDone() 7709 return nil, cs.abortErr 7710 } 7711 case <-ctx.Done(): 7712 err := ctx.Err() 7713 cs.abortStream(err) 7714 return nil, err 7715 case <-cs.reqCancel: 7716 cs.abortStream(http2errRequestCanceled) 7717 return nil, http2errRequestCanceled 7718 } 7719 } 7720 } 7721 7722 // writeRequest runs for the duration of the request lifetime. 7723 // 7724 // It sends the request and performs post-request cleanup (closing Request.Body, etc.). 7725 func (cs *http2clientStream) doRequest(req *Request) { 7726 err := cs.writeRequest(req) 7727 cs.cleanupWriteRequest(err) 7728 } 7729 7730 // writeRequest sends a request. 7731 // 7732 // It returns nil after the request is written, the response read, 7733 // and the request stream is half-closed by the peer. 7734 // 7735 // It returns non-nil if the request ends otherwise. 7736 // If the returned error is StreamError, the error Code may be used in resetting the stream. 7737 func (cs *http2clientStream) writeRequest(req *Request) (err error) { 7738 cc := cs.cc 7739 ctx := cs.ctx 7740 7741 if err := http2checkConnHeaders(req); err != nil { 7742 return err 7743 } 7744 7745 // Acquire the new-request lock by writing to reqHeaderMu. 7746 // This lock guards the critical section covering allocating a new stream ID 7747 // (requires mu) and creating the stream (requires wmu). 7748 if cc.reqHeaderMu == nil { 7749 panic("RoundTrip on uninitialized ClientConn") // for tests 7750 } 7751 select { 7752 case cc.reqHeaderMu <- struct{}{}: 7753 case <-cs.reqCancel: 7754 return http2errRequestCanceled 7755 case <-ctx.Done(): 7756 return ctx.Err() 7757 } 7758 7759 cc.mu.Lock() 7760 if cc.idleTimer != nil { 7761 cc.idleTimer.Stop() 7762 } 7763 cc.decrStreamReservationsLocked() 7764 if err := cc.awaitOpenSlotForStreamLocked(cs); err != nil { 7765 cc.mu.Unlock() 7766 <-cc.reqHeaderMu 7767 return err 7768 } 7769 cc.addStreamLocked(cs) // assigns stream ID 7770 if http2isConnectionCloseRequest(req) { 7771 cc.doNotReuse = true 7772 } 7773 cc.mu.Unlock() 7774 7775 // TODO(bradfitz): this is a copy of the logic in net/http. Unify somewhere? 7776 if !cc.t.disableCompression() && 7777 req.Header.Get("Accept-Encoding") == "" && 7778 req.Header.Get("Range") == "" && 7779 !cs.isHead { 7780 // Request gzip only, not deflate. Deflate is ambiguous and 7781 // not as universally supported anyway. 7782 // See: https://zlib.net/zlib_faq.html#faq39 7783 // 7784 // Note that we don't request this for HEAD requests, 7785 // due to a bug in nginx: 7786 // http://trac.nginx.org/nginx/ticket/358 7787 // https://golang.org/issue/5522 7788 // 7789 // We don't request gzip if the request is for a range, since 7790 // auto-decoding a portion of a gzipped document will just fail 7791 // anyway. See https://golang.org/issue/8923 7792 cs.requestedGzip = true 7793 } 7794 7795 continueTimeout := cc.t.expectContinueTimeout() 7796 if continueTimeout != 0 { 7797 if !httpguts.HeaderValuesContainsToken(req.Header["Expect"], "100-continue") { 7798 continueTimeout = 0 7799 } else { 7800 cs.on100 = make(chan struct{}, 1) 7801 } 7802 } 7803 7804 // Past this point (where we send request headers), it is possible for 7805 // RoundTrip to return successfully. Since the RoundTrip contract permits 7806 // the caller to "mutate or reuse" the Request after closing the Response's Body, 7807 // we must take care when referencing the Request from here on. 7808 err = cs.encodeAndWriteHeaders(req) 7809 <-cc.reqHeaderMu 7810 if err != nil { 7811 return err 7812 } 7813 7814 hasBody := cs.reqBodyContentLength != 0 7815 if !hasBody { 7816 cs.sentEndStream = true 7817 } else { 7818 if continueTimeout != 0 { 7819 http2traceWait100Continue(cs.trace) 7820 timer := time.NewTimer(continueTimeout) 7821 select { 7822 case <-timer.C: 7823 err = nil 7824 case <-cs.on100: 7825 err = nil 7826 case <-cs.abort: 7827 err = cs.abortErr 7828 case <-ctx.Done(): 7829 err = ctx.Err() 7830 case <-cs.reqCancel: 7831 err = http2errRequestCanceled 7832 } 7833 timer.Stop() 7834 if err != nil { 7835 http2traceWroteRequest(cs.trace, err) 7836 return err 7837 } 7838 } 7839 7840 if err = cs.writeRequestBody(req); err != nil { 7841 if err != http2errStopReqBodyWrite { 7842 http2traceWroteRequest(cs.trace, err) 7843 return err 7844 } 7845 } else { 7846 cs.sentEndStream = true 7847 } 7848 } 7849 7850 http2traceWroteRequest(cs.trace, err) 7851 7852 var respHeaderTimer <-chan time.Time 7853 var respHeaderRecv chan struct{} 7854 if d := cc.responseHeaderTimeout(); d != 0 { 7855 timer := time.NewTimer(d) 7856 defer timer.Stop() 7857 respHeaderTimer = timer.C 7858 respHeaderRecv = cs.respHeaderRecv 7859 } 7860 // Wait until the peer half-closes its end of the stream, 7861 // or until the request is aborted (via context, error, or otherwise), 7862 // whichever comes first. 7863 for { 7864 select { 7865 case <-cs.peerClosed: 7866 return nil 7867 case <-respHeaderTimer: 7868 return http2errTimeout 7869 case <-respHeaderRecv: 7870 respHeaderRecv = nil 7871 respHeaderTimer = nil // keep waiting for END_STREAM 7872 case <-cs.abort: 7873 return cs.abortErr 7874 case <-ctx.Done(): 7875 return ctx.Err() 7876 case <-cs.reqCancel: 7877 return http2errRequestCanceled 7878 } 7879 } 7880 } 7881 7882 func (cs *http2clientStream) encodeAndWriteHeaders(req *Request) error { 7883 cc := cs.cc 7884 ctx := cs.ctx 7885 7886 cc.wmu.Lock() 7887 defer cc.wmu.Unlock() 7888 7889 // If the request was canceled while waiting for cc.mu, just quit. 7890 select { 7891 case <-cs.abort: 7892 return cs.abortErr 7893 case <-ctx.Done(): 7894 return ctx.Err() 7895 case <-cs.reqCancel: 7896 return http2errRequestCanceled 7897 default: 7898 } 7899 7900 // Encode headers. 7901 // 7902 // we send: HEADERS{1}, CONTINUATION{0,} + DATA{0,} (DATA is 7903 // sent by writeRequestBody below, along with any Trailers, 7904 // again in form HEADERS{1}, CONTINUATION{0,}) 7905 trailers, err := http2commaSeparatedTrailers(req) 7906 if err != nil { 7907 return err 7908 } 7909 hasTrailers := trailers != "" 7910 contentLen := http2actualContentLength(req) 7911 hasBody := contentLen != 0 7912 hdrs, err := cc.encodeHeaders(req, cs.requestedGzip, trailers, contentLen) 7913 if err != nil { 7914 return err 7915 } 7916 7917 // Write the request. 7918 endStream := !hasBody && !hasTrailers 7919 cs.sentHeaders = true 7920 err = cc.writeHeaders(cs.ID, endStream, int(cc.maxFrameSize), hdrs) 7921 http2traceWroteHeaders(cs.trace) 7922 return err 7923 } 7924 7925 // cleanupWriteRequest performs post-request tasks. 7926 // 7927 // If err (the result of writeRequest) is non-nil and the stream is not closed, 7928 // cleanupWriteRequest will send a reset to the peer. 7929 func (cs *http2clientStream) cleanupWriteRequest(err error) { 7930 cc := cs.cc 7931 7932 if cs.ID == 0 { 7933 // We were canceled before creating the stream, so return our reservation. 7934 cc.decrStreamReservations() 7935 } 7936 7937 // TODO: write h12Compare test showing whether 7938 // Request.Body is closed by the Transport, 7939 // and in multiple cases: server replies <=299 and >299 7940 // while still writing request body 7941 cc.mu.Lock() 7942 bodyClosed := cs.reqBodyClosed 7943 cs.reqBodyClosed = true 7944 cc.mu.Unlock() 7945 if !bodyClosed && cs.reqBody != nil { 7946 cs.reqBody.Close() 7947 } 7948 7949 if err != nil && cs.sentEndStream { 7950 // If the connection is closed immediately after the response is read, 7951 // we may be aborted before finishing up here. If the stream was closed 7952 // cleanly on both sides, there is no error. 7953 select { 7954 case <-cs.peerClosed: 7955 err = nil 7956 default: 7957 } 7958 } 7959 if err != nil { 7960 cs.abortStream(err) // possibly redundant, but harmless 7961 if cs.sentHeaders { 7962 if se, ok := err.(http2StreamError); ok { 7963 if se.Cause != http2errFromPeer { 7964 cc.writeStreamReset(cs.ID, se.Code, err) 7965 } 7966 } else { 7967 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, err) 7968 } 7969 } 7970 cs.bufPipe.CloseWithError(err) // no-op if already closed 7971 } else { 7972 if cs.sentHeaders && !cs.sentEndStream { 7973 cc.writeStreamReset(cs.ID, http2ErrCodeNo, nil) 7974 } 7975 cs.bufPipe.CloseWithError(http2errRequestCanceled) 7976 } 7977 if cs.ID != 0 { 7978 cc.forgetStreamID(cs.ID) 7979 } 7980 7981 cc.wmu.Lock() 7982 werr := cc.werr 7983 cc.wmu.Unlock() 7984 if werr != nil { 7985 cc.Close() 7986 } 7987 7988 close(cs.donec) 7989 } 7990 7991 // awaitOpenSlotForStream waits until len(streams) < maxConcurrentStreams. 7992 // Must hold cc.mu. 7993 func (cc *http2ClientConn) awaitOpenSlotForStreamLocked(cs *http2clientStream) error { 7994 for { 7995 cc.lastActive = time.Now() 7996 if cc.closed || !cc.canTakeNewRequestLocked() { 7997 return http2errClientConnUnusable 7998 } 7999 cc.lastIdle = time.Time{} 8000 if int64(len(cc.streams)) < int64(cc.maxConcurrentStreams) { 8001 return nil 8002 } 8003 cc.pendingRequests++ 8004 cc.cond.Wait() 8005 cc.pendingRequests-- 8006 select { 8007 case <-cs.abort: 8008 return cs.abortErr 8009 default: 8010 } 8011 } 8012 } 8013 8014 // requires cc.wmu be held 8015 func (cc *http2ClientConn) writeHeaders(streamID uint32, endStream bool, maxFrameSize int, hdrs []byte) error { 8016 first := true // first frame written (HEADERS is first, then CONTINUATION) 8017 for len(hdrs) > 0 && cc.werr == nil { 8018 chunk := hdrs 8019 if len(chunk) > maxFrameSize { 8020 chunk = chunk[:maxFrameSize] 8021 } 8022 hdrs = hdrs[len(chunk):] 8023 endHeaders := len(hdrs) == 0 8024 if first { 8025 cc.fr.WriteHeaders(http2HeadersFrameParam{ 8026 StreamID: streamID, 8027 BlockFragment: chunk, 8028 EndStream: endStream, 8029 EndHeaders: endHeaders, 8030 }) 8031 first = false 8032 } else { 8033 cc.fr.WriteContinuation(streamID, endHeaders, chunk) 8034 } 8035 } 8036 cc.bw.Flush() 8037 return cc.werr 8038 } 8039 8040 // internal error values; they don't escape to callers 8041 var ( 8042 // abort request body write; don't send cancel 8043 http2errStopReqBodyWrite = errors.New("http2: aborting request body write") 8044 8045 // abort request body write, but send stream reset of cancel. 8046 http2errStopReqBodyWriteAndCancel = errors.New("http2: canceling request") 8047 8048 http2errReqBodyTooLong = errors.New("http2: request body larger than specified content length") 8049 ) 8050 8051 // frameScratchBufferLen returns the length of a buffer to use for 8052 // outgoing request bodies to read/write to/from. 8053 // 8054 // It returns max(1, min(peer's advertised max frame size, 8055 // Request.ContentLength+1, 512KB)). 8056 func (cs *http2clientStream) frameScratchBufferLen(maxFrameSize int) int { 8057 const max = 512 << 10 8058 n := int64(maxFrameSize) 8059 if n > max { 8060 n = max 8061 } 8062 if cl := cs.reqBodyContentLength; cl != -1 && cl+1 < n { 8063 // Add an extra byte past the declared content-length to 8064 // give the caller's Request.Body io.Reader a chance to 8065 // give us more bytes than they declared, so we can catch it 8066 // early. 8067 n = cl + 1 8068 } 8069 if n < 1 { 8070 return 1 8071 } 8072 return int(n) // doesn't truncate; max is 512K 8073 } 8074 8075 var http2bufPool sync.Pool // of *[]byte 8076 8077 func (cs *http2clientStream) writeRequestBody(req *Request) (err error) { 8078 cc := cs.cc 8079 body := cs.reqBody 8080 sentEnd := false // whether we sent the final DATA frame w/ END_STREAM 8081 8082 hasTrailers := req.Trailer != nil 8083 remainLen := cs.reqBodyContentLength 8084 hasContentLen := remainLen != -1 8085 8086 cc.mu.Lock() 8087 maxFrameSize := int(cc.maxFrameSize) 8088 cc.mu.Unlock() 8089 8090 // Scratch buffer for reading into & writing from. 8091 scratchLen := cs.frameScratchBufferLen(maxFrameSize) 8092 var buf []byte 8093 if bp, ok := http2bufPool.Get().(*[]byte); ok && len(*bp) >= scratchLen { 8094 defer http2bufPool.Put(bp) 8095 buf = *bp 8096 } else { 8097 buf = make([]byte, scratchLen) 8098 defer http2bufPool.Put(&buf) 8099 } 8100 8101 var sawEOF bool 8102 for !sawEOF { 8103 n, err := body.Read(buf[:len(buf)]) 8104 if hasContentLen { 8105 remainLen -= int64(n) 8106 if remainLen == 0 && err == nil { 8107 // The request body's Content-Length was predeclared and 8108 // we just finished reading it all, but the underlying io.Reader 8109 // returned the final chunk with a nil error (which is one of 8110 // the two valid things a Reader can do at EOF). Because we'd prefer 8111 // to send the END_STREAM bit early, double-check that we're actually 8112 // at EOF. Subsequent reads should return (0, EOF) at this point. 8113 // If either value is different, we return an error in one of two ways below. 8114 var scratch [1]byte 8115 var n1 int 8116 n1, err = body.Read(scratch[:]) 8117 remainLen -= int64(n1) 8118 } 8119 if remainLen < 0 { 8120 err = http2errReqBodyTooLong 8121 return err 8122 } 8123 } 8124 if err == io.EOF { 8125 sawEOF = true 8126 err = nil 8127 } else if err != nil { 8128 return err 8129 } 8130 8131 remain := buf[:n] 8132 for len(remain) > 0 && err == nil { 8133 var allowed int32 8134 allowed, err = cs.awaitFlowControl(len(remain)) 8135 if err != nil { 8136 return err 8137 } 8138 cc.wmu.Lock() 8139 data := remain[:allowed] 8140 remain = remain[allowed:] 8141 sentEnd = sawEOF && len(remain) == 0 && !hasTrailers 8142 err = cc.fr.WriteData(cs.ID, sentEnd, data) 8143 if err == nil { 8144 // TODO(bradfitz): this flush is for latency, not bandwidth. 8145 // Most requests won't need this. Make this opt-in or 8146 // opt-out? Use some heuristic on the body type? Nagel-like 8147 // timers? Based on 'n'? Only last chunk of this for loop, 8148 // unless flow control tokens are low? For now, always. 8149 // If we change this, see comment below. 8150 err = cc.bw.Flush() 8151 } 8152 cc.wmu.Unlock() 8153 } 8154 if err != nil { 8155 return err 8156 } 8157 } 8158 8159 if sentEnd { 8160 // Already sent END_STREAM (which implies we have no 8161 // trailers) and flushed, because currently all 8162 // WriteData frames above get a flush. So we're done. 8163 return nil 8164 } 8165 8166 // Since the RoundTrip contract permits the caller to "mutate or reuse" 8167 // a request after the Response's Body is closed, verify that this hasn't 8168 // happened before accessing the trailers. 8169 cc.mu.Lock() 8170 trailer := req.Trailer 8171 err = cs.abortErr 8172 cc.mu.Unlock() 8173 if err != nil { 8174 return err 8175 } 8176 8177 cc.wmu.Lock() 8178 defer cc.wmu.Unlock() 8179 var trls []byte 8180 if len(trailer) > 0 { 8181 trls, err = cc.encodeTrailers(trailer) 8182 if err != nil { 8183 return err 8184 } 8185 } 8186 8187 // Two ways to send END_STREAM: either with trailers, or 8188 // with an empty DATA frame. 8189 if len(trls) > 0 { 8190 err = cc.writeHeaders(cs.ID, true, maxFrameSize, trls) 8191 } else { 8192 err = cc.fr.WriteData(cs.ID, true, nil) 8193 } 8194 if ferr := cc.bw.Flush(); ferr != nil && err == nil { 8195 err = ferr 8196 } 8197 return err 8198 } 8199 8200 // awaitFlowControl waits for [1, min(maxBytes, cc.cs.maxFrameSize)] flow 8201 // control tokens from the server. 8202 // It returns either the non-zero number of tokens taken or an error 8203 // if the stream is dead. 8204 func (cs *http2clientStream) awaitFlowControl(maxBytes int) (taken int32, err error) { 8205 cc := cs.cc 8206 ctx := cs.ctx 8207 cc.mu.Lock() 8208 defer cc.mu.Unlock() 8209 for { 8210 if cc.closed { 8211 return 0, http2errClientConnClosed 8212 } 8213 if cs.reqBodyClosed { 8214 return 0, http2errStopReqBodyWrite 8215 } 8216 select { 8217 case <-cs.abort: 8218 return 0, cs.abortErr 8219 case <-ctx.Done(): 8220 return 0, ctx.Err() 8221 case <-cs.reqCancel: 8222 return 0, http2errRequestCanceled 8223 default: 8224 } 8225 if a := cs.flow.available(); a > 0 { 8226 take := a 8227 if int(take) > maxBytes { 8228 8229 take = int32(maxBytes) // can't truncate int; take is int32 8230 } 8231 if take > int32(cc.maxFrameSize) { 8232 take = int32(cc.maxFrameSize) 8233 } 8234 cs.flow.take(take) 8235 return take, nil 8236 } 8237 cc.cond.Wait() 8238 } 8239 } 8240 8241 var http2errNilRequestURL = errors.New("http2: Request.URI is nil") 8242 8243 // requires cc.wmu be held. 8244 func (cc *http2ClientConn) encodeHeaders(req *Request, addGzipHeader bool, trailers string, contentLength int64) ([]byte, error) { 8245 cc.hbuf.Reset() 8246 if req.URL == nil { 8247 return nil, http2errNilRequestURL 8248 } 8249 8250 host := req.Host 8251 if host == "" { 8252 host = req.URL.Host 8253 } 8254 host, err := httpguts.PunycodeHostPort(host) 8255 if err != nil { 8256 return nil, err 8257 } 8258 8259 var path string 8260 if req.Method != "CONNECT" { 8261 path = req.URL.RequestURI() 8262 if !http2validPseudoPath(path) { 8263 orig := path 8264 path = strings.TrimPrefix(path, req.URL.Scheme+"://"+host) 8265 if !http2validPseudoPath(path) { 8266 if req.URL.Opaque != "" { 8267 return nil, fmt.Errorf("invalid request :path %q from URL.Opaque = %q", orig, req.URL.Opaque) 8268 } else { 8269 return nil, fmt.Errorf("invalid request :path %q", orig) 8270 } 8271 } 8272 } 8273 } 8274 8275 // Check for any invalid headers and return an error before we 8276 // potentially pollute our hpack state. (We want to be able to 8277 // continue to reuse the hpack encoder for future requests) 8278 for k, vv := range req.Header { 8279 if !httpguts.ValidHeaderFieldName(k) { 8280 return nil, fmt.Errorf("invalid HTTP header name %q", k) 8281 } 8282 for _, v := range vv { 8283 if !httpguts.ValidHeaderFieldValue(v) { 8284 return nil, fmt.Errorf("invalid HTTP header value %q for header %q", v, k) 8285 } 8286 } 8287 } 8288 8289 enumerateHeaders := func(f func(name, value string)) { 8290 // 8.1.2.3 Request Pseudo-Header Fields 8291 // The :path pseudo-header field includes the path and query parts of the 8292 // target URI (the path-absolute production and optionally a '?' character 8293 // followed by the query production (see Sections 3.3 and 3.4 of 8294 // [RFC3986]). 8295 f(":authority", host) 8296 m := req.Method 8297 if m == "" { 8298 m = MethodGet 8299 } 8300 f(":method", m) 8301 if req.Method != "CONNECT" { 8302 f(":path", path) 8303 f(":scheme", req.URL.Scheme) 8304 } 8305 if trailers != "" { 8306 f("trailer", trailers) 8307 } 8308 8309 var didUA bool 8310 for k, vv := range req.Header { 8311 if http2asciiEqualFold(k, "host") || http2asciiEqualFold(k, "content-length") { 8312 // Host is :authority, already sent. 8313 // Content-Length is automatic, set below. 8314 continue 8315 } else if http2asciiEqualFold(k, "connection") || 8316 http2asciiEqualFold(k, "proxy-connection") || 8317 http2asciiEqualFold(k, "transfer-encoding") || 8318 http2asciiEqualFold(k, "upgrade") || 8319 http2asciiEqualFold(k, "keep-alive") { 8320 // Per 8.1.2.2 Connection-Specific Header 8321 // Fields, don't send connection-specific 8322 // fields. We have already checked if any 8323 // are error-worthy so just ignore the rest. 8324 continue 8325 } else if http2asciiEqualFold(k, "user-agent") { 8326 // Match Go's http1 behavior: at most one 8327 // User-Agent. If set to nil or empty string, 8328 // then omit it. Otherwise if not mentioned, 8329 // include the default (below). 8330 didUA = true 8331 if len(vv) < 1 { 8332 continue 8333 } 8334 vv = vv[:1] 8335 if vv[0] == "" { 8336 continue 8337 } 8338 } else if http2asciiEqualFold(k, "cookie") { 8339 // Per 8.1.2.5 To allow for better compression efficiency, the 8340 // Cookie header field MAY be split into separate header fields, 8341 // each with one or more cookie-pairs. 8342 for _, v := range vv { 8343 for { 8344 p := strings.IndexByte(v, ';') 8345 if p < 0 { 8346 break 8347 } 8348 f("cookie", v[:p]) 8349 p++ 8350 // strip space after semicolon if any. 8351 for p+1 <= len(v) && v[p] == ' ' { 8352 p++ 8353 } 8354 v = v[p:] 8355 } 8356 if len(v) > 0 { 8357 f("cookie", v) 8358 } 8359 } 8360 continue 8361 } 8362 8363 for _, v := range vv { 8364 f(k, v) 8365 } 8366 } 8367 if http2shouldSendReqContentLength(req.Method, contentLength) { 8368 f("content-length", strconv.FormatInt(contentLength, 10)) 8369 } 8370 if addGzipHeader { 8371 f("accept-encoding", "gzip") 8372 } 8373 if !didUA { 8374 f("user-agent", http2defaultUserAgent) 8375 } 8376 } 8377 8378 // Do a first pass over the headers counting bytes to ensure 8379 // we don't exceed cc.peerMaxHeaderListSize. This is done as a 8380 // separate pass before encoding the headers to prevent 8381 // modifying the hpack state. 8382 hlSize := uint64(0) 8383 enumerateHeaders(func(name, value string) { 8384 hf := hpack.HeaderField{Name: name, Value: value} 8385 hlSize += uint64(hf.Size()) 8386 }) 8387 8388 if hlSize > cc.peerMaxHeaderListSize { 8389 return nil, http2errRequestHeaderListSize 8390 } 8391 8392 trace := httptrace.ContextClientTrace(req.Context()) 8393 traceHeaders := http2traceHasWroteHeaderField(trace) 8394 8395 // Header list size is ok. Write the headers. 8396 enumerateHeaders(func(name, value string) { 8397 name, ascii := http2asciiToLower(name) 8398 if !ascii { 8399 // Skip writing invalid headers. Per RFC 7540, Section 8.1.2, header 8400 // field names have to be ASCII characters (just as in HTTP/1.x). 8401 return 8402 } 8403 cc.writeHeader(name, value) 8404 if traceHeaders { 8405 http2traceWroteHeaderField(trace, name, value) 8406 } 8407 }) 8408 8409 return cc.hbuf.Bytes(), nil 8410 } 8411 8412 // shouldSendReqContentLength reports whether the http2.Transport should send 8413 // a "content-length" request header. This logic is basically a copy of the net/http 8414 // transferWriter.shouldSendContentLength. 8415 // The contentLength is the corrected contentLength (so 0 means actually 0, not unknown). 8416 // -1 means unknown. 8417 func http2shouldSendReqContentLength(method string, contentLength int64) bool { 8418 if contentLength > 0 { 8419 return true 8420 } 8421 if contentLength < 0 { 8422 return false 8423 } 8424 // For zero bodies, whether we send a content-length depends on the method. 8425 // It also kinda doesn't matter for http2 either way, with END_STREAM. 8426 switch method { 8427 case "POST", "PUT", "PATCH": 8428 return true 8429 default: 8430 return false 8431 } 8432 } 8433 8434 // requires cc.wmu be held. 8435 func (cc *http2ClientConn) encodeTrailers(trailer Header) ([]byte, error) { 8436 cc.hbuf.Reset() 8437 8438 hlSize := uint64(0) 8439 for k, vv := range trailer { 8440 for _, v := range vv { 8441 hf := hpack.HeaderField{Name: k, Value: v} 8442 hlSize += uint64(hf.Size()) 8443 } 8444 } 8445 if hlSize > cc.peerMaxHeaderListSize { 8446 return nil, http2errRequestHeaderListSize 8447 } 8448 8449 for k, vv := range trailer { 8450 lowKey, ascii := http2asciiToLower(k) 8451 if !ascii { 8452 // Skip writing invalid headers. Per RFC 7540, Section 8.1.2, header 8453 // field names have to be ASCII characters (just as in HTTP/1.x). 8454 continue 8455 } 8456 // Transfer-Encoding, etc.. have already been filtered at the 8457 // start of RoundTrip 8458 for _, v := range vv { 8459 cc.writeHeader(lowKey, v) 8460 } 8461 } 8462 return cc.hbuf.Bytes(), nil 8463 } 8464 8465 func (cc *http2ClientConn) writeHeader(name, value string) { 8466 if http2VerboseLogs { 8467 log.Printf("http2: Transport encoding header %q = %q", name, value) 8468 } 8469 cc.henc.WriteField(hpack.HeaderField{Name: name, Value: value}) 8470 } 8471 8472 type http2resAndError struct { 8473 _ http2incomparable 8474 res *Response 8475 err error 8476 } 8477 8478 // requires cc.mu be held. 8479 func (cc *http2ClientConn) addStreamLocked(cs *http2clientStream) { 8480 cs.flow.add(int32(cc.initialWindowSize)) 8481 cs.flow.setConnFlow(&cc.flow) 8482 cs.inflow.add(http2transportDefaultStreamFlow) 8483 cs.inflow.setConnFlow(&cc.inflow) 8484 cs.ID = cc.nextStreamID 8485 cc.nextStreamID += 2 8486 cc.streams[cs.ID] = cs 8487 if cs.ID == 0 { 8488 panic("assigned stream ID 0") 8489 } 8490 } 8491 8492 func (cc *http2ClientConn) forgetStreamID(id uint32) { 8493 cc.mu.Lock() 8494 slen := len(cc.streams) 8495 delete(cc.streams, id) 8496 if len(cc.streams) != slen-1 { 8497 panic("forgetting unknown stream id") 8498 } 8499 cc.lastActive = time.Now() 8500 if len(cc.streams) == 0 && cc.idleTimer != nil { 8501 cc.idleTimer.Reset(cc.idleTimeout) 8502 cc.lastIdle = time.Now() 8503 } 8504 // Wake up writeRequestBody via clientStream.awaitFlowControl and 8505 // wake up RoundTrip if there is a pending request. 8506 cc.cond.Broadcast() 8507 8508 closeOnIdle := cc.singleUse || cc.doNotReuse || cc.t.disableKeepAlives() 8509 if closeOnIdle && cc.streamsReserved == 0 && len(cc.streams) == 0 { 8510 if http2VerboseLogs { 8511 cc.vlogf("http2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)", cc, cc.singleUse, cc.nextStreamID-2) 8512 } 8513 cc.closed = true 8514 defer cc.tconn.Close() 8515 } 8516 8517 cc.mu.Unlock() 8518 } 8519 8520 // clientConnReadLoop is the state owned by the clientConn's frame-reading readLoop. 8521 type http2clientConnReadLoop struct { 8522 _ http2incomparable 8523 cc *http2ClientConn 8524 } 8525 8526 // readLoop runs in its own goroutine and reads and dispatches frames. 8527 func (cc *http2ClientConn) readLoop() { 8528 rl := &http2clientConnReadLoop{cc: cc} 8529 defer rl.cleanup() 8530 cc.readerErr = rl.run() 8531 if ce, ok := cc.readerErr.(http2ConnectionError); ok { 8532 cc.wmu.Lock() 8533 cc.fr.WriteGoAway(0, http2ErrCode(ce), nil) 8534 cc.wmu.Unlock() 8535 } 8536 } 8537 8538 // GoAwayError is returned by the Transport when the server closes the 8539 // TCP connection after sending a GOAWAY frame. 8540 type http2GoAwayError struct { 8541 LastStreamID uint32 8542 ErrCode http2ErrCode 8543 DebugData string 8544 } 8545 8546 func (e http2GoAwayError) Error() string { 8547 return fmt.Sprintf("http2: server sent GOAWAY and closed the connection; LastStreamID=%v, ErrCode=%v, debug=%q", 8548 e.LastStreamID, e.ErrCode, e.DebugData) 8549 } 8550 8551 func http2isEOFOrNetReadError(err error) bool { 8552 if err == io.EOF { 8553 return true 8554 } 8555 ne, ok := err.(*net.OpError) 8556 return ok && ne.Op == "read" 8557 } 8558 8559 func (rl *http2clientConnReadLoop) cleanup() { 8560 cc := rl.cc 8561 defer cc.tconn.Close() 8562 defer cc.t.connPool().MarkDead(cc) 8563 defer close(cc.readerDone) 8564 8565 if cc.idleTimer != nil { 8566 cc.idleTimer.Stop() 8567 } 8568 8569 // Close any response bodies if the server closes prematurely. 8570 // TODO: also do this if we've written the headers but not 8571 // gotten a response yet. 8572 err := cc.readerErr 8573 cc.mu.Lock() 8574 if cc.goAway != nil && http2isEOFOrNetReadError(err) { 8575 err = http2GoAwayError{ 8576 LastStreamID: cc.goAway.LastStreamID, 8577 ErrCode: cc.goAway.ErrCode, 8578 DebugData: cc.goAwayDebug, 8579 } 8580 } else if err == io.EOF { 8581 err = io.ErrUnexpectedEOF 8582 } 8583 cc.closed = true 8584 for _, cs := range cc.streams { 8585 select { 8586 case <-cs.peerClosed: 8587 // The server closed the stream before closing the conn, 8588 // so no need to interrupt it. 8589 default: 8590 cs.abortStreamLocked(err) 8591 } 8592 } 8593 cc.cond.Broadcast() 8594 cc.mu.Unlock() 8595 } 8596 8597 func (rl *http2clientConnReadLoop) run() error { 8598 cc := rl.cc 8599 gotSettings := false 8600 readIdleTimeout := cc.t.ReadIdleTimeout 8601 var t *time.Timer 8602 if readIdleTimeout != 0 { 8603 t = time.AfterFunc(readIdleTimeout, cc.healthCheck) 8604 defer t.Stop() 8605 } 8606 for { 8607 f, err := cc.fr.ReadFrame() 8608 if t != nil { 8609 t.Reset(readIdleTimeout) 8610 } 8611 if err != nil { 8612 cc.vlogf("http2: Transport readFrame error on conn %p: (%T) %v", cc, err, err) 8613 } 8614 if se, ok := err.(http2StreamError); ok { 8615 if cs := rl.streamByID(se.StreamID); cs != nil { 8616 if se.Cause == nil { 8617 se.Cause = cc.fr.errDetail 8618 } 8619 rl.endStreamError(cs, se) 8620 } 8621 continue 8622 } else if err != nil { 8623 return err 8624 } 8625 if http2VerboseLogs { 8626 cc.vlogf("http2: Transport received %s", http2summarizeFrame(f)) 8627 } 8628 if !gotSettings { 8629 if _, ok := f.(*http2SettingsFrame); !ok { 8630 cc.logf("protocol error: received %T before a SETTINGS frame", f) 8631 return http2ConnectionError(http2ErrCodeProtocol) 8632 } 8633 gotSettings = true 8634 } 8635 8636 switch f := f.(type) { 8637 case *http2MetaHeadersFrame: 8638 err = rl.processHeaders(f) 8639 case *http2DataFrame: 8640 err = rl.processData(f) 8641 case *http2GoAwayFrame: 8642 err = rl.processGoAway(f) 8643 case *http2RSTStreamFrame: 8644 err = rl.processResetStream(f) 8645 case *http2SettingsFrame: 8646 err = rl.processSettings(f) 8647 case *http2PushPromiseFrame: 8648 err = rl.processPushPromise(f) 8649 case *http2WindowUpdateFrame: 8650 err = rl.processWindowUpdate(f) 8651 case *http2PingFrame: 8652 err = rl.processPing(f) 8653 default: 8654 cc.logf("Transport: unhandled response frame type %T", f) 8655 } 8656 if err != nil { 8657 if http2VerboseLogs { 8658 cc.vlogf("http2: Transport conn %p received error from processing frame %v: %v", cc, http2summarizeFrame(f), err) 8659 } 8660 return err 8661 } 8662 } 8663 } 8664 8665 func (rl *http2clientConnReadLoop) processHeaders(f *http2MetaHeadersFrame) error { 8666 cs := rl.streamByID(f.StreamID) 8667 if cs == nil { 8668 // We'd get here if we canceled a request while the 8669 // server had its response still in flight. So if this 8670 // was just something we canceled, ignore it. 8671 return nil 8672 } 8673 if cs.readClosed { 8674 rl.endStreamError(cs, http2StreamError{ 8675 StreamID: f.StreamID, 8676 Code: http2ErrCodeProtocol, 8677 Cause: errors.New("protocol error: headers after END_STREAM"), 8678 }) 8679 return nil 8680 } 8681 if !cs.firstByte { 8682 if cs.trace != nil { 8683 // TODO(bradfitz): move first response byte earlier, 8684 // when we first read the 9 byte header, not waiting 8685 // until all the HEADERS+CONTINUATION frames have been 8686 // merged. This works for now. 8687 http2traceFirstResponseByte(cs.trace) 8688 } 8689 cs.firstByte = true 8690 } 8691 if !cs.pastHeaders { 8692 cs.pastHeaders = true 8693 } else { 8694 return rl.processTrailers(cs, f) 8695 } 8696 8697 res, err := rl.handleResponse(cs, f) 8698 if err != nil { 8699 if _, ok := err.(http2ConnectionError); ok { 8700 return err 8701 } 8702 // Any other error type is a stream error. 8703 rl.endStreamError(cs, http2StreamError{ 8704 StreamID: f.StreamID, 8705 Code: http2ErrCodeProtocol, 8706 Cause: err, 8707 }) 8708 return nil // return nil from process* funcs to keep conn alive 8709 } 8710 if res == nil { 8711 // (nil, nil) special case. See handleResponse docs. 8712 return nil 8713 } 8714 cs.resTrailer = &res.Trailer 8715 cs.res = res 8716 close(cs.respHeaderRecv) 8717 if f.StreamEnded() { 8718 rl.endStream(cs) 8719 } 8720 return nil 8721 } 8722 8723 // may return error types nil, or ConnectionError. Any other error value 8724 // is a StreamError of type ErrCodeProtocol. The returned error in that case 8725 // is the detail. 8726 // 8727 // As a special case, handleResponse may return (nil, nil) to skip the 8728 // frame (currently only used for 1xx responses). 8729 func (rl *http2clientConnReadLoop) handleResponse(cs *http2clientStream, f *http2MetaHeadersFrame) (*Response, error) { 8730 if f.Truncated { 8731 return nil, http2errResponseHeaderListSize 8732 } 8733 8734 status := f.PseudoValue("status") 8735 if status == "" { 8736 return nil, errors.New("malformed response from server: missing status pseudo header") 8737 } 8738 statusCode, err := strconv.Atoi(status) 8739 if err != nil { 8740 return nil, errors.New("malformed response from server: malformed non-numeric status pseudo header") 8741 } 8742 8743 regularFields := f.RegularFields() 8744 strs := make([]string, len(regularFields)) 8745 header := make(Header, len(regularFields)) 8746 res := &Response{ 8747 Proto: "HTTP/2.0", 8748 ProtoMajor: 2, 8749 Header: header, 8750 StatusCode: statusCode, 8751 Status: status + " " + StatusText(statusCode), 8752 } 8753 for _, hf := range regularFields { 8754 key := CanonicalHeaderKey(hf.Name) 8755 if key == "Trailer" { 8756 t := res.Trailer 8757 if t == nil { 8758 t = make(Header) 8759 res.Trailer = t 8760 } 8761 http2foreachHeaderElement(hf.Value, func(v string) { 8762 t[CanonicalHeaderKey(v)] = nil 8763 }) 8764 } else { 8765 vv := header[key] 8766 if vv == nil && len(strs) > 0 { 8767 // More than likely this will be a single-element key. 8768 // Most headers aren't multi-valued. 8769 // Set the capacity on strs[0] to 1, so any future append 8770 // won't extend the slice into the other strings. 8771 vv, strs = strs[:1:1], strs[1:] 8772 vv[0] = hf.Value 8773 header[key] = vv 8774 } else { 8775 header[key] = append(vv, hf.Value) 8776 } 8777 } 8778 } 8779 8780 if statusCode >= 100 && statusCode <= 199 { 8781 if f.StreamEnded() { 8782 return nil, errors.New("1xx informational response with END_STREAM flag") 8783 } 8784 cs.num1xx++ 8785 const max1xxResponses = 5 // arbitrary bound on number of informational responses, same as net/http 8786 if cs.num1xx > max1xxResponses { 8787 return nil, errors.New("http2: too many 1xx informational responses") 8788 } 8789 if fn := cs.get1xxTraceFunc(); fn != nil { 8790 if err := fn(statusCode, textproto.MIMEHeader(header)); err != nil { 8791 return nil, err 8792 } 8793 } 8794 if statusCode == 100 { 8795 http2traceGot100Continue(cs.trace) 8796 select { 8797 case cs.on100 <- struct{}{}: 8798 default: 8799 } 8800 } 8801 cs.pastHeaders = false // do it all again 8802 return nil, nil 8803 } 8804 8805 res.ContentLength = -1 8806 if clens := res.Header["Content-Length"]; len(clens) == 1 { 8807 if cl, err := strconv.ParseUint(clens[0], 10, 63); err == nil { 8808 res.ContentLength = int64(cl) 8809 } else { 8810 // TODO: care? unlike http/1, it won't mess up our framing, so it's 8811 // more safe smuggling-wise to ignore. 8812 } 8813 } else if len(clens) > 1 { 8814 // TODO: care? unlike http/1, it won't mess up our framing, so it's 8815 // more safe smuggling-wise to ignore. 8816 } else if f.StreamEnded() && !cs.isHead { 8817 res.ContentLength = 0 8818 } 8819 8820 if cs.isHead { 8821 res.Body = http2noBody 8822 return res, nil 8823 } 8824 8825 if f.StreamEnded() { 8826 if res.ContentLength > 0 { 8827 res.Body = http2missingBody{} 8828 } else { 8829 res.Body = http2noBody 8830 } 8831 return res, nil 8832 } 8833 8834 cs.bufPipe.setBuffer(&http2dataBuffer{expected: res.ContentLength}) 8835 cs.bytesRemain = res.ContentLength 8836 res.Body = http2transportResponseBody{cs} 8837 8838 if cs.requestedGzip && res.Header.Get("Content-Encoding") == "gzip" { 8839 res.Header.Del("Content-Encoding") 8840 res.Header.Del("Content-Length") 8841 res.ContentLength = -1 8842 res.Body = &http2gzipReader{body: res.Body} 8843 res.Uncompressed = true 8844 } 8845 return res, nil 8846 } 8847 8848 func (rl *http2clientConnReadLoop) processTrailers(cs *http2clientStream, f *http2MetaHeadersFrame) error { 8849 if cs.pastTrailers { 8850 // Too many HEADERS frames for this stream. 8851 return http2ConnectionError(http2ErrCodeProtocol) 8852 } 8853 cs.pastTrailers = true 8854 if !f.StreamEnded() { 8855 // We expect that any headers for trailers also 8856 // has END_STREAM. 8857 return http2ConnectionError(http2ErrCodeProtocol) 8858 } 8859 if len(f.PseudoFields()) > 0 { 8860 // No pseudo header fields are defined for trailers. 8861 // TODO: ConnectionError might be overly harsh? Check. 8862 return http2ConnectionError(http2ErrCodeProtocol) 8863 } 8864 8865 trailer := make(Header) 8866 for _, hf := range f.RegularFields() { 8867 key := CanonicalHeaderKey(hf.Name) 8868 trailer[key] = append(trailer[key], hf.Value) 8869 } 8870 cs.trailer = trailer 8871 8872 rl.endStream(cs) 8873 return nil 8874 } 8875 8876 // transportResponseBody is the concrete type of Transport.RoundTrip's 8877 // Response.Body. It is an io.ReadCloser. 8878 type http2transportResponseBody struct { 8879 cs *http2clientStream 8880 } 8881 8882 func (b http2transportResponseBody) Read(p []byte) (n int, err error) { 8883 cs := b.cs 8884 cc := cs.cc 8885 8886 if cs.readErr != nil { 8887 return 0, cs.readErr 8888 } 8889 n, err = b.cs.bufPipe.Read(p) 8890 if cs.bytesRemain != -1 { 8891 if int64(n) > cs.bytesRemain { 8892 n = int(cs.bytesRemain) 8893 if err == nil { 8894 err = errors.New("gitee.com/ks-custle/core-gm/gmhttp: server replied with more than declared Content-Length; truncated") 8895 cs.abortStream(err) 8896 } 8897 cs.readErr = err 8898 return int(cs.bytesRemain), err 8899 } 8900 cs.bytesRemain -= int64(n) 8901 if err == io.EOF && cs.bytesRemain > 0 { 8902 err = io.ErrUnexpectedEOF 8903 cs.readErr = err 8904 return n, err 8905 } 8906 } 8907 if n == 0 { 8908 // No flow control tokens to send back. 8909 return 8910 } 8911 8912 cc.mu.Lock() 8913 var connAdd, streamAdd int32 8914 // Check the conn-level first, before the stream-level. 8915 if v := cc.inflow.available(); v < http2transportDefaultConnFlow/2 { 8916 connAdd = http2transportDefaultConnFlow - v 8917 cc.inflow.add(connAdd) 8918 } 8919 if err == nil { // No need to refresh if the stream is over or failed. 8920 // Consider any buffered body data (read from the conn but not 8921 // consumed by the client) when computing flow control for this 8922 // stream. 8923 v := int(cs.inflow.available()) + cs.bufPipe.Len() 8924 if v < http2transportDefaultStreamFlow-http2transportDefaultStreamMinRefresh { 8925 streamAdd = int32(http2transportDefaultStreamFlow - v) 8926 cs.inflow.add(streamAdd) 8927 } 8928 } 8929 cc.mu.Unlock() 8930 8931 if connAdd != 0 || streamAdd != 0 { 8932 cc.wmu.Lock() 8933 defer cc.wmu.Unlock() 8934 if connAdd != 0 { 8935 cc.fr.WriteWindowUpdate(0, http2mustUint31(connAdd)) 8936 } 8937 if streamAdd != 0 { 8938 cc.fr.WriteWindowUpdate(cs.ID, http2mustUint31(streamAdd)) 8939 } 8940 cc.bw.Flush() 8941 } 8942 return 8943 } 8944 8945 var http2errClosedResponseBody = errors.New("http2: response body closed") 8946 8947 func (b http2transportResponseBody) Close() error { 8948 cs := b.cs 8949 cc := cs.cc 8950 8951 unread := cs.bufPipe.Len() 8952 if unread > 0 { 8953 cc.mu.Lock() 8954 // Return connection-level flow control. 8955 if unread > 0 { 8956 cc.inflow.add(int32(unread)) 8957 } 8958 cc.mu.Unlock() 8959 8960 // TODO(dneil): Acquiring this mutex can block indefinitely. 8961 // Move flow control return to a goroutine? 8962 cc.wmu.Lock() 8963 // Return connection-level flow control. 8964 if unread > 0 { 8965 cc.fr.WriteWindowUpdate(0, uint32(unread)) 8966 } 8967 cc.bw.Flush() 8968 cc.wmu.Unlock() 8969 } 8970 8971 cs.bufPipe.BreakWithError(http2errClosedResponseBody) 8972 cs.abortStream(http2errClosedResponseBody) 8973 8974 select { 8975 case <-cs.donec: 8976 case <-cs.ctx.Done(): 8977 return cs.ctx.Err() 8978 case <-cs.reqCancel: 8979 return http2errRequestCanceled 8980 } 8981 return nil 8982 } 8983 8984 func (rl *http2clientConnReadLoop) processData(f *http2DataFrame) error { 8985 cc := rl.cc 8986 cs := rl.streamByID(f.StreamID) 8987 data := f.Data() 8988 if cs == nil { 8989 cc.mu.Lock() 8990 neverSent := cc.nextStreamID 8991 cc.mu.Unlock() 8992 if f.StreamID >= neverSent { 8993 // We never asked for this. 8994 cc.logf("http2: Transport received unsolicited DATA frame; closing connection") 8995 return http2ConnectionError(http2ErrCodeProtocol) 8996 } 8997 // We probably did ask for this, but canceled. Just ignore it. 8998 // TODO: be stricter here? only silently ignore things which 8999 // we canceled, but not things which were closed normally 9000 // by the peer? Tough without accumulating too much state. 9001 9002 // But at least return their flow control: 9003 if f.Length > 0 { 9004 cc.mu.Lock() 9005 cc.inflow.add(int32(f.Length)) 9006 cc.mu.Unlock() 9007 9008 cc.wmu.Lock() 9009 cc.fr.WriteWindowUpdate(0, uint32(f.Length)) 9010 cc.bw.Flush() 9011 cc.wmu.Unlock() 9012 } 9013 return nil 9014 } 9015 if cs.readClosed { 9016 cc.logf("protocol error: received DATA after END_STREAM") 9017 rl.endStreamError(cs, http2StreamError{ 9018 StreamID: f.StreamID, 9019 Code: http2ErrCodeProtocol, 9020 }) 9021 return nil 9022 } 9023 if !cs.firstByte { 9024 cc.logf("protocol error: received DATA before a HEADERS frame") 9025 rl.endStreamError(cs, http2StreamError{ 9026 StreamID: f.StreamID, 9027 Code: http2ErrCodeProtocol, 9028 }) 9029 return nil 9030 } 9031 if f.Length > 0 { 9032 if cs.isHead && len(data) > 0 { 9033 cc.logf("protocol error: received DATA on a HEAD request") 9034 rl.endStreamError(cs, http2StreamError{ 9035 StreamID: f.StreamID, 9036 Code: http2ErrCodeProtocol, 9037 }) 9038 return nil 9039 } 9040 // Check connection-level flow control. 9041 cc.mu.Lock() 9042 if cs.inflow.available() >= int32(f.Length) { 9043 cs.inflow.take(int32(f.Length)) 9044 } else { 9045 cc.mu.Unlock() 9046 return http2ConnectionError(http2ErrCodeFlowControl) 9047 } 9048 // Return any padded flow control now, since we won't 9049 // refund it later on body reads. 9050 var refund int 9051 if pad := int(f.Length) - len(data); pad > 0 { 9052 refund += pad 9053 } 9054 9055 didReset := false 9056 var err error 9057 if len(data) > 0 { 9058 if _, err = cs.bufPipe.Write(data); err != nil { 9059 // Return len(data) now if the stream is already closed, 9060 // since data will never be read. 9061 didReset = true 9062 refund += len(data) 9063 } 9064 } 9065 9066 if refund > 0 { 9067 cc.inflow.add(int32(refund)) 9068 if !didReset { 9069 cs.inflow.add(int32(refund)) 9070 } 9071 } 9072 cc.mu.Unlock() 9073 9074 if refund > 0 { 9075 cc.wmu.Lock() 9076 cc.fr.WriteWindowUpdate(0, uint32(refund)) 9077 if !didReset { 9078 cc.fr.WriteWindowUpdate(cs.ID, uint32(refund)) 9079 } 9080 cc.bw.Flush() 9081 cc.wmu.Unlock() 9082 } 9083 9084 if err != nil { 9085 rl.endStreamError(cs, err) 9086 return nil 9087 } 9088 } 9089 9090 if f.StreamEnded() { 9091 rl.endStream(cs) 9092 } 9093 return nil 9094 } 9095 9096 func (rl *http2clientConnReadLoop) endStream(cs *http2clientStream) { 9097 // TODO: check that any declared content-length matches, like 9098 // server.go's (*stream).endStream method. 9099 if !cs.readClosed { 9100 cs.readClosed = true 9101 cs.bufPipe.closeWithErrorAndCode(io.EOF, cs.copyTrailers) 9102 close(cs.peerClosed) 9103 } 9104 } 9105 9106 func (rl *http2clientConnReadLoop) endStreamError(cs *http2clientStream, err error) { 9107 cs.readAborted = true 9108 cs.abortStream(err) 9109 } 9110 9111 func (rl *http2clientConnReadLoop) streamByID(id uint32) *http2clientStream { 9112 rl.cc.mu.Lock() 9113 defer rl.cc.mu.Unlock() 9114 cs := rl.cc.streams[id] 9115 if cs != nil && !cs.readAborted { 9116 return cs 9117 } 9118 return nil 9119 } 9120 9121 func (cs *http2clientStream) copyTrailers() { 9122 for k, vv := range cs.trailer { 9123 t := cs.resTrailer 9124 if *t == nil { 9125 *t = make(Header) 9126 } 9127 (*t)[k] = vv 9128 } 9129 } 9130 9131 func (rl *http2clientConnReadLoop) processGoAway(f *http2GoAwayFrame) error { 9132 cc := rl.cc 9133 cc.t.connPool().MarkDead(cc) 9134 if f.ErrCode != 0 { 9135 // TODO: deal with GOAWAY more. particularly the error code 9136 cc.vlogf("transport got GOAWAY with error code = %v", f.ErrCode) 9137 } 9138 cc.setGoAway(f) 9139 return nil 9140 } 9141 9142 func (rl *http2clientConnReadLoop) processSettings(f *http2SettingsFrame) error { 9143 cc := rl.cc 9144 // Locking both mu and wmu here allows frame encoding to read settings with only wmu held. 9145 // Acquiring wmu when f.IsAck() is unnecessary, but convenient and mostly harmless. 9146 cc.wmu.Lock() 9147 defer cc.wmu.Unlock() 9148 9149 if err := rl.processSettingsNoWrite(f); err != nil { 9150 return err 9151 } 9152 if !f.IsAck() { 9153 cc.fr.WriteSettingsAck() 9154 cc.bw.Flush() 9155 } 9156 return nil 9157 } 9158 9159 func (rl *http2clientConnReadLoop) processSettingsNoWrite(f *http2SettingsFrame) error { 9160 cc := rl.cc 9161 cc.mu.Lock() 9162 defer cc.mu.Unlock() 9163 9164 if f.IsAck() { 9165 if cc.wantSettingsAck { 9166 cc.wantSettingsAck = false 9167 return nil 9168 } 9169 return http2ConnectionError(http2ErrCodeProtocol) 9170 } 9171 9172 var seenMaxConcurrentStreams bool 9173 err := f.ForeachSetting(func(s http2Setting) error { 9174 switch s.ID { 9175 case http2SettingMaxFrameSize: 9176 cc.maxFrameSize = s.Val 9177 case http2SettingMaxConcurrentStreams: 9178 cc.maxConcurrentStreams = s.Val 9179 seenMaxConcurrentStreams = true 9180 case http2SettingMaxHeaderListSize: 9181 cc.peerMaxHeaderListSize = uint64(s.Val) 9182 case http2SettingInitialWindowSize: 9183 // Values above the maximum flow-control 9184 // window size of 2^31-1 MUST be treated as a 9185 // connection error (Section 5.4.1) of type 9186 // FLOW_CONTROL_ERROR. 9187 if s.Val > math.MaxInt32 { 9188 return http2ConnectionError(http2ErrCodeFlowControl) 9189 } 9190 9191 // Adjust flow control of currently-open 9192 // frames by the difference of the old initial 9193 // window size and this one. 9194 delta := int32(s.Val) - int32(cc.initialWindowSize) 9195 for _, cs := range cc.streams { 9196 cs.flow.add(delta) 9197 } 9198 cc.cond.Broadcast() 9199 9200 cc.initialWindowSize = s.Val 9201 default: 9202 // TODO(bradfitz): handle more settings? SETTINGS_HEADER_TABLE_SIZE probably. 9203 cc.vlogf("Unhandled Setting: %v", s) 9204 } 9205 return nil 9206 }) 9207 if err != nil { 9208 return err 9209 } 9210 9211 if !cc.seenSettings { 9212 if !seenMaxConcurrentStreams { 9213 // This was the servers initial SETTINGS frame and it 9214 // didn't contain a MAX_CONCURRENT_STREAMS field so 9215 // increase the number of concurrent streams this 9216 // connection can establish to our default. 9217 cc.maxConcurrentStreams = http2defaultMaxConcurrentStreams 9218 } 9219 cc.seenSettings = true 9220 } 9221 9222 return nil 9223 } 9224 9225 func (rl *http2clientConnReadLoop) processWindowUpdate(f *http2WindowUpdateFrame) error { 9226 cc := rl.cc 9227 cs := rl.streamByID(f.StreamID) 9228 if f.StreamID != 0 && cs == nil { 9229 return nil 9230 } 9231 9232 cc.mu.Lock() 9233 defer cc.mu.Unlock() 9234 9235 fl := &cc.flow 9236 if cs != nil { 9237 fl = &cs.flow 9238 } 9239 if !fl.add(int32(f.Increment)) { 9240 return http2ConnectionError(http2ErrCodeFlowControl) 9241 } 9242 cc.cond.Broadcast() 9243 return nil 9244 } 9245 9246 func (rl *http2clientConnReadLoop) processResetStream(f *http2RSTStreamFrame) error { 9247 cs := rl.streamByID(f.StreamID) 9248 if cs == nil { 9249 // TODO: return error if server tries to RST_STEAM an idle stream 9250 return nil 9251 } 9252 serr := http2streamError(cs.ID, f.ErrCode) 9253 serr.Cause = http2errFromPeer 9254 if f.ErrCode == http2ErrCodeProtocol { 9255 rl.cc.SetDoNotReuse() 9256 } 9257 cs.abortStream(serr) 9258 9259 cs.bufPipe.CloseWithError(serr) 9260 return nil 9261 } 9262 9263 // Ping sends a PING frame to the server and waits for the ack. 9264 func (cc *http2ClientConn) Ping(ctx context.Context) error { 9265 c := make(chan struct{}) 9266 // Generate a random payload 9267 var p [8]byte 9268 for { 9269 if _, err := rand.Read(p[:]); err != nil { 9270 return err 9271 } 9272 cc.mu.Lock() 9273 // check for dup before insert 9274 if _, found := cc.pings[p]; !found { 9275 cc.pings[p] = c 9276 cc.mu.Unlock() 9277 break 9278 } 9279 cc.mu.Unlock() 9280 } 9281 errc := make(chan error, 1) 9282 go func() { 9283 cc.wmu.Lock() 9284 defer cc.wmu.Unlock() 9285 if err := cc.fr.WritePing(false, p); err != nil { 9286 errc <- err 9287 return 9288 } 9289 if err := cc.bw.Flush(); err != nil { 9290 errc <- err 9291 return 9292 } 9293 }() 9294 select { 9295 case <-c: 9296 return nil 9297 case err := <-errc: 9298 return err 9299 case <-ctx.Done(): 9300 return ctx.Err() 9301 case <-cc.readerDone: 9302 // connection closed 9303 return cc.readerErr 9304 } 9305 } 9306 9307 func (rl *http2clientConnReadLoop) processPing(f *http2PingFrame) error { 9308 if f.IsAck() { 9309 cc := rl.cc 9310 cc.mu.Lock() 9311 defer cc.mu.Unlock() 9312 // If ack, notify listener if any 9313 if c, ok := cc.pings[f.Data]; ok { 9314 close(c) 9315 delete(cc.pings, f.Data) 9316 } 9317 return nil 9318 } 9319 cc := rl.cc 9320 cc.wmu.Lock() 9321 defer cc.wmu.Unlock() 9322 if err := cc.fr.WritePing(true, f.Data); err != nil { 9323 return err 9324 } 9325 return cc.bw.Flush() 9326 } 9327 9328 func (rl *http2clientConnReadLoop) processPushPromise(f *http2PushPromiseFrame) error { 9329 // We told the peer we don't want them. 9330 // Spec says: 9331 // "PUSH_PROMISE MUST NOT be sent if the SETTINGS_ENABLE_PUSH 9332 // setting of the peer endpoint is set to 0. An endpoint that 9333 // has set this setting and has received acknowledgement MUST 9334 // treat the receipt of a PUSH_PROMISE frame as a connection 9335 // error (Section 5.4.1) of type PROTOCOL_ERROR." 9336 return http2ConnectionError(http2ErrCodeProtocol) 9337 } 9338 9339 func (cc *http2ClientConn) writeStreamReset(streamID uint32, code http2ErrCode, err error) { 9340 // TODO: map err to more interesting error codes, once the 9341 // HTTP community comes up with some. But currently for 9342 // RST_STREAM there's no equivalent to GOAWAY frame's debug 9343 // data, and the error codes are all pretty vague ("cancel"). 9344 cc.wmu.Lock() 9345 cc.fr.WriteRSTStream(streamID, code) 9346 cc.bw.Flush() 9347 cc.wmu.Unlock() 9348 } 9349 9350 var ( 9351 http2errResponseHeaderListSize = errors.New("http2: response header list larger than advertised limit") 9352 http2errRequestHeaderListSize = errors.New("http2: request header list larger than peer's advertised limit") 9353 ) 9354 9355 func (cc *http2ClientConn) logf(format string, args ...interface{}) { 9356 cc.t.logf(format, args...) 9357 } 9358 9359 func (cc *http2ClientConn) vlogf(format string, args ...interface{}) { 9360 cc.t.vlogf(format, args...) 9361 } 9362 9363 func (t *http2Transport) vlogf(format string, args ...interface{}) { 9364 if http2VerboseLogs { 9365 t.logf(format, args...) 9366 } 9367 } 9368 9369 func (t *http2Transport) logf(format string, args ...interface{}) { 9370 log.Printf(format, args...) 9371 } 9372 9373 var http2noBody io.ReadCloser = ioutil.NopCloser(bytes.NewReader(nil)) 9374 9375 type http2missingBody struct{} 9376 9377 func (http2missingBody) Close() error { return nil } 9378 9379 func (http2missingBody) Read([]byte) (int, error) { return 0, io.ErrUnexpectedEOF } 9380 9381 func http2strSliceContains(ss []string, s string) bool { 9382 for _, v := range ss { 9383 if v == s { 9384 return true 9385 } 9386 } 9387 return false 9388 } 9389 9390 type http2erringRoundTripper struct{ err error } 9391 9392 func (rt http2erringRoundTripper) RoundTripErr() error { return rt.err } 9393 9394 func (rt http2erringRoundTripper) RoundTrip(*Request) (*Response, error) { return nil, rt.err } 9395 9396 // gzipReader wraps a response body so it can lazily 9397 // call gzip.NewReader on the first call to Read 9398 type http2gzipReader struct { 9399 _ http2incomparable 9400 body io.ReadCloser // underlying Response.Body 9401 zr *gzip.Reader // lazily-initialized gzip reader 9402 zerr error // sticky error 9403 } 9404 9405 func (gz *http2gzipReader) Read(p []byte) (n int, err error) { 9406 if gz.zerr != nil { 9407 return 0, gz.zerr 9408 } 9409 if gz.zr == nil { 9410 gz.zr, err = gzip.NewReader(gz.body) 9411 if err != nil { 9412 gz.zerr = err 9413 return 0, err 9414 } 9415 } 9416 return gz.zr.Read(p) 9417 } 9418 9419 func (gz *http2gzipReader) Close() error { 9420 return gz.body.Close() 9421 } 9422 9423 type http2errorReader struct{ err error } 9424 9425 func (r http2errorReader) Read(p []byte) (int, error) { return 0, r.err } 9426 9427 // isConnectionCloseRequest reports whether req should use its own 9428 // connection for a single request and then close the connection. 9429 func http2isConnectionCloseRequest(req *Request) bool { 9430 return req.Close || httpguts.HeaderValuesContainsToken(req.Header["Connection"], "close") 9431 } 9432 9433 // registerHTTPSProtocol calls Transport.RegisterProtocol but 9434 // converting panics into errors. 9435 func http2registerHTTPSProtocol(t *Transport, rt http2noDialH2RoundTripper) (err error) { 9436 defer func() { 9437 if e := recover(); e != nil { 9438 err = fmt.Errorf("%v", e) 9439 } 9440 }() 9441 t.RegisterProtocol("https", rt) 9442 return nil 9443 } 9444 9445 // noDialH2RoundTripper is a RoundTripper which only tries to complete the request 9446 // if there's already has a cached connection to the host. 9447 // (The field is exported so it can be accessed via reflect from net/http; tested 9448 // by TestNoDialH2RoundTripperType) 9449 type http2noDialH2RoundTripper struct{ *http2Transport } 9450 9451 func (rt http2noDialH2RoundTripper) RoundTrip(req *Request) (*Response, error) { 9452 res, err := rt.http2Transport.RoundTrip(req) 9453 if http2isNoCachedConnError(err) { 9454 return nil, ErrSkipAltProtocol 9455 } 9456 return res, err 9457 } 9458 9459 func (t *http2Transport) idleConnTimeout() time.Duration { 9460 if t.t1 != nil { 9461 return t.t1.IdleConnTimeout 9462 } 9463 return 0 9464 } 9465 9466 func http2traceGetConn(req *Request, hostPort string) { 9467 trace := httptrace.ContextClientTrace(req.Context()) 9468 if trace == nil || trace.GetConn == nil { 9469 return 9470 } 9471 trace.GetConn(hostPort) 9472 } 9473 9474 func http2traceGotConn(req *Request, cc *http2ClientConn, reused bool) { 9475 trace := httptrace.ContextClientTrace(req.Context()) 9476 if trace == nil || trace.GotConn == nil { 9477 return 9478 } 9479 ci := httptrace.GotConnInfo{Conn: cc.tconn} 9480 ci.Reused = reused 9481 cc.mu.Lock() 9482 ci.WasIdle = len(cc.streams) == 0 && reused 9483 if ci.WasIdle && !cc.lastActive.IsZero() { 9484 ci.IdleTime = time.Now().Sub(cc.lastActive) 9485 } 9486 cc.mu.Unlock() 9487 9488 trace.GotConn(ci) 9489 } 9490 9491 func http2traceWroteHeaders(trace *httptrace.ClientTrace) { 9492 if trace != nil && trace.WroteHeaders != nil { 9493 trace.WroteHeaders() 9494 } 9495 } 9496 9497 func http2traceGot100Continue(trace *httptrace.ClientTrace) { 9498 if trace != nil && trace.Got100Continue != nil { 9499 trace.Got100Continue() 9500 } 9501 } 9502 9503 func http2traceWait100Continue(trace *httptrace.ClientTrace) { 9504 if trace != nil && trace.Wait100Continue != nil { 9505 trace.Wait100Continue() 9506 } 9507 } 9508 9509 func http2traceWroteRequest(trace *httptrace.ClientTrace, err error) { 9510 if trace != nil && trace.WroteRequest != nil { 9511 trace.WroteRequest(httptrace.WroteRequestInfo{Err: err}) 9512 } 9513 } 9514 9515 func http2traceFirstResponseByte(trace *httptrace.ClientTrace) { 9516 if trace != nil && trace.GotFirstResponseByte != nil { 9517 trace.GotFirstResponseByte() 9518 } 9519 } 9520 9521 // writeFramer is implemented by any type that is used to write frames. 9522 type http2writeFramer interface { 9523 writeFrame(http2writeContext) error 9524 9525 // staysWithinBuffer reports whether this writer promises that 9526 // it will only write less than or equal to size bytes, and it 9527 // won't Flush the write context. 9528 staysWithinBuffer(size int) bool 9529 } 9530 9531 // writeContext is the interface needed by the various frame writer 9532 // types below. All the writeFrame methods below are scheduled via the 9533 // frame writing scheduler (see writeScheduler in writesched.go). 9534 // 9535 // This interface is implemented by *serverConn. 9536 // 9537 // TODO: decide whether to a) use this in the client code (which didn't 9538 // end up using this yet, because it has a simpler design, not 9539 // currently implementing priorities), or b) delete this and 9540 // make the server code a bit more concrete. 9541 type http2writeContext interface { 9542 Framer() *http2Framer 9543 Flush() error 9544 CloseConn() error 9545 // HeaderEncoder returns an HPACK encoder that writes to the 9546 // returned buffer. 9547 HeaderEncoder() (*hpack.Encoder, *bytes.Buffer) 9548 } 9549 9550 // writeEndsStream reports whether w writes a frame that will transition 9551 // the stream to a half-closed local state. This returns false for RST_STREAM, 9552 // which closes the entire stream (not just the local half). 9553 func http2writeEndsStream(w http2writeFramer) bool { 9554 switch v := w.(type) { 9555 case *http2writeData: 9556 return v.endStream 9557 case *http2writeResHeaders: 9558 return v.endStream 9559 case nil: 9560 // This can only happen if the caller reuses w after it's 9561 // been intentionally nil'ed out to prevent use. Keep this 9562 // here to catch future refactoring breaking it. 9563 panic("writeEndsStream called on nil writeFramer") 9564 } 9565 return false 9566 } 9567 9568 type http2flushFrameWriter struct{} 9569 9570 func (http2flushFrameWriter) writeFrame(ctx http2writeContext) error { 9571 return ctx.Flush() 9572 } 9573 9574 func (http2flushFrameWriter) staysWithinBuffer(max int) bool { return false } 9575 9576 type http2writeSettings []http2Setting 9577 9578 func (s http2writeSettings) staysWithinBuffer(max int) bool { 9579 const settingSize = 6 // uint16 + uint32 9580 return http2frameHeaderLen+settingSize*len(s) <= max 9581 9582 } 9583 9584 func (s http2writeSettings) writeFrame(ctx http2writeContext) error { 9585 return ctx.Framer().WriteSettings([]http2Setting(s)...) 9586 } 9587 9588 type http2writeGoAway struct { 9589 maxStreamID uint32 9590 code http2ErrCode 9591 } 9592 9593 func (p *http2writeGoAway) writeFrame(ctx http2writeContext) error { 9594 err := ctx.Framer().WriteGoAway(p.maxStreamID, p.code, nil) 9595 ctx.Flush() // ignore error: we're hanging up on them anyway 9596 return err 9597 } 9598 9599 func (*http2writeGoAway) staysWithinBuffer(max int) bool { return false } // flushes 9600 9601 type http2writeData struct { 9602 streamID uint32 9603 p []byte 9604 endStream bool 9605 } 9606 9607 func (w *http2writeData) String() string { 9608 return fmt.Sprintf("writeData(stream=%d, p=%d, endStream=%v)", w.streamID, len(w.p), w.endStream) 9609 } 9610 9611 func (w *http2writeData) writeFrame(ctx http2writeContext) error { 9612 return ctx.Framer().WriteData(w.streamID, w.endStream, w.p) 9613 } 9614 9615 func (w *http2writeData) staysWithinBuffer(max int) bool { 9616 return http2frameHeaderLen+len(w.p) <= max 9617 } 9618 9619 // handlerPanicRST is the message sent from handler goroutines when 9620 // the handler panics. 9621 type http2handlerPanicRST struct { 9622 StreamID uint32 9623 } 9624 9625 func (hp http2handlerPanicRST) writeFrame(ctx http2writeContext) error { 9626 return ctx.Framer().WriteRSTStream(hp.StreamID, http2ErrCodeInternal) 9627 } 9628 9629 func (hp http2handlerPanicRST) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max } 9630 9631 func (se http2StreamError) writeFrame(ctx http2writeContext) error { 9632 return ctx.Framer().WriteRSTStream(se.StreamID, se.Code) 9633 } 9634 9635 func (se http2StreamError) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max } 9636 9637 type http2writePingAck struct{ pf *http2PingFrame } 9638 9639 func (w http2writePingAck) writeFrame(ctx http2writeContext) error { 9640 return ctx.Framer().WritePing(true, w.pf.Data) 9641 } 9642 9643 func (w http2writePingAck) staysWithinBuffer(max int) bool { 9644 return http2frameHeaderLen+len(w.pf.Data) <= max 9645 } 9646 9647 type http2writeSettingsAck struct{} 9648 9649 func (http2writeSettingsAck) writeFrame(ctx http2writeContext) error { 9650 return ctx.Framer().WriteSettingsAck() 9651 } 9652 9653 func (http2writeSettingsAck) staysWithinBuffer(max int) bool { return http2frameHeaderLen <= max } 9654 9655 // splitHeaderBlock splits headerBlock into fragments so that each fragment fits 9656 // in a single frame, then calls fn for each fragment. firstFrag/lastFrag are true 9657 // for the first/last fragment, respectively. 9658 func http2splitHeaderBlock(ctx http2writeContext, headerBlock []byte, fn func(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error) error { 9659 // For now we're lazy and just pick the minimum MAX_FRAME_SIZE 9660 // that all peers must support (16KB). Later we could care 9661 // more and send larger frames if the peer advertised it, but 9662 // there's little point. Most headers are small anyway (so we 9663 // generally won't have CONTINUATION frames), and extra frames 9664 // only waste 9 bytes anyway. 9665 const maxFrameSize = 16384 9666 9667 first := true 9668 for len(headerBlock) > 0 { 9669 frag := headerBlock 9670 if len(frag) > maxFrameSize { 9671 frag = frag[:maxFrameSize] 9672 } 9673 headerBlock = headerBlock[len(frag):] 9674 if err := fn(ctx, frag, first, len(headerBlock) == 0); err != nil { 9675 return err 9676 } 9677 first = false 9678 } 9679 return nil 9680 } 9681 9682 // writeResHeaders is a request to write a HEADERS and 0+ CONTINUATION frames 9683 // for HTTP response headers or trailers from a server handler. 9684 type http2writeResHeaders struct { 9685 streamID uint32 9686 httpResCode int // 0 means no ":status" line 9687 h Header // may be nil 9688 trailers []string // if non-nil, which keys of h to write. nil means all. 9689 endStream bool 9690 9691 date string 9692 contentType string 9693 contentLength string 9694 } 9695 9696 func http2encKV(enc *hpack.Encoder, k, v string) { 9697 if http2VerboseLogs { 9698 log.Printf("http2: server encoding header %q = %q", k, v) 9699 } 9700 enc.WriteField(hpack.HeaderField{Name: k, Value: v}) 9701 } 9702 9703 func (w *http2writeResHeaders) staysWithinBuffer(max int) bool { 9704 // TODO: this is a common one. It'd be nice to return true 9705 // here and get into the fast path if we could be clever and 9706 // calculate the size fast enough, or at least a conservative 9707 // upper bound that usually fires. (Maybe if w.h and 9708 // w.trailers are nil, so we don't need to enumerate it.) 9709 // Otherwise I'm afraid that just calculating the length to 9710 // answer this question would be slower than the ~2µs benefit. 9711 return false 9712 } 9713 9714 func (w *http2writeResHeaders) writeFrame(ctx http2writeContext) error { 9715 enc, buf := ctx.HeaderEncoder() 9716 buf.Reset() 9717 9718 if w.httpResCode != 0 { 9719 http2encKV(enc, ":status", http2httpCodeString(w.httpResCode)) 9720 } 9721 9722 http2encodeHeaders(enc, w.h, w.trailers) 9723 9724 if w.contentType != "" { 9725 http2encKV(enc, "content-type", w.contentType) 9726 } 9727 if w.contentLength != "" { 9728 http2encKV(enc, "content-length", w.contentLength) 9729 } 9730 if w.date != "" { 9731 http2encKV(enc, "date", w.date) 9732 } 9733 9734 headerBlock := buf.Bytes() 9735 if len(headerBlock) == 0 && w.trailers == nil { 9736 panic("unexpected empty hpack") 9737 } 9738 9739 return http2splitHeaderBlock(ctx, headerBlock, w.writeHeaderBlock) 9740 } 9741 9742 func (w *http2writeResHeaders) writeHeaderBlock(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error { 9743 if firstFrag { 9744 return ctx.Framer().WriteHeaders(http2HeadersFrameParam{ 9745 StreamID: w.streamID, 9746 BlockFragment: frag, 9747 EndStream: w.endStream, 9748 EndHeaders: lastFrag, 9749 }) 9750 } else { 9751 return ctx.Framer().WriteContinuation(w.streamID, lastFrag, frag) 9752 } 9753 } 9754 9755 // writePushPromise is a request to write a PUSH_PROMISE and 0+ CONTINUATION frames. 9756 type http2writePushPromise struct { 9757 streamID uint32 // pusher stream 9758 method string // for :method 9759 url *url.URL // for :scheme, :authority, :path 9760 h Header 9761 9762 // Creates an ID for a pushed stream. This runs on serveG just before 9763 // the frame is written. The returned ID is copied to promisedID. 9764 allocatePromisedID func() (uint32, error) 9765 promisedID uint32 9766 } 9767 9768 func (w *http2writePushPromise) staysWithinBuffer(max int) bool { 9769 // TODO: see writeResHeaders.staysWithinBuffer 9770 return false 9771 } 9772 9773 func (w *http2writePushPromise) writeFrame(ctx http2writeContext) error { 9774 enc, buf := ctx.HeaderEncoder() 9775 buf.Reset() 9776 9777 http2encKV(enc, ":method", w.method) 9778 http2encKV(enc, ":scheme", w.url.Scheme) 9779 http2encKV(enc, ":authority", w.url.Host) 9780 http2encKV(enc, ":path", w.url.RequestURI()) 9781 http2encodeHeaders(enc, w.h, nil) 9782 9783 headerBlock := buf.Bytes() 9784 if len(headerBlock) == 0 { 9785 panic("unexpected empty hpack") 9786 } 9787 9788 return http2splitHeaderBlock(ctx, headerBlock, w.writeHeaderBlock) 9789 } 9790 9791 func (w *http2writePushPromise) writeHeaderBlock(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error { 9792 if firstFrag { 9793 return ctx.Framer().WritePushPromise(http2PushPromiseParam{ 9794 StreamID: w.streamID, 9795 PromiseID: w.promisedID, 9796 BlockFragment: frag, 9797 EndHeaders: lastFrag, 9798 }) 9799 } else { 9800 return ctx.Framer().WriteContinuation(w.streamID, lastFrag, frag) 9801 } 9802 } 9803 9804 type http2write100ContinueHeadersFrame struct { 9805 streamID uint32 9806 } 9807 9808 func (w http2write100ContinueHeadersFrame) writeFrame(ctx http2writeContext) error { 9809 enc, buf := ctx.HeaderEncoder() 9810 buf.Reset() 9811 http2encKV(enc, ":status", "100") 9812 return ctx.Framer().WriteHeaders(http2HeadersFrameParam{ 9813 StreamID: w.streamID, 9814 BlockFragment: buf.Bytes(), 9815 EndStream: false, 9816 EndHeaders: true, 9817 }) 9818 } 9819 9820 func (w http2write100ContinueHeadersFrame) staysWithinBuffer(max int) bool { 9821 // Sloppy but conservative: 9822 return 9+2*(len(":status")+len("100")) <= max 9823 } 9824 9825 type http2writeWindowUpdate struct { 9826 streamID uint32 // or 0 for conn-level 9827 n uint32 9828 } 9829 9830 func (wu http2writeWindowUpdate) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max } 9831 9832 func (wu http2writeWindowUpdate) writeFrame(ctx http2writeContext) error { 9833 return ctx.Framer().WriteWindowUpdate(wu.streamID, wu.n) 9834 } 9835 9836 // encodeHeaders encodes an http.Header. If keys is not nil, then (k, h[k]) 9837 // is encoded only if k is in keys. 9838 func http2encodeHeaders(enc *hpack.Encoder, h Header, keys []string) { 9839 if keys == nil { 9840 sorter := http2sorterPool.Get().(*http2sorter) 9841 // Using defer here, since the returned keys from the 9842 // sorter.Keys method is only valid until the sorter 9843 // is returned: 9844 defer http2sorterPool.Put(sorter) 9845 keys = sorter.Keys(h) 9846 } 9847 for _, k := range keys { 9848 vv := h[k] 9849 k, ascii := http2lowerHeader(k) 9850 if !ascii { 9851 // Skip writing invalid headers. Per RFC 7540, Section 8.1.2, header 9852 // field names have to be ASCII characters (just as in HTTP/1.x). 9853 continue 9854 } 9855 if !http2validWireHeaderFieldName(k) { 9856 // Skip it as backup paranoia. Per 9857 // golang.org/issue/14048, these should 9858 // already be rejected at a higher level. 9859 continue 9860 } 9861 isTE := k == "transfer-encoding" 9862 for _, v := range vv { 9863 if !httpguts.ValidHeaderFieldValue(v) { 9864 // TODO: return an error? golang.org/issue/14048 9865 // For now just omit it. 9866 continue 9867 } 9868 // TODO: more of "8.1.2.2 Connection-Specific Header Fields" 9869 if isTE && v != "trailers" { 9870 continue 9871 } 9872 http2encKV(enc, k, v) 9873 } 9874 } 9875 } 9876 9877 // WriteScheduler is the interface implemented by HTTP/2 write schedulers. 9878 // Methods are never called concurrently. 9879 type http2WriteScheduler interface { 9880 // OpenStream opens a new stream in the write scheduler. 9881 // It is illegal to call this with streamID=0 or with a streamID that is 9882 // already open -- the call may panic. 9883 OpenStream(streamID uint32, options http2OpenStreamOptions) 9884 9885 // CloseStream closes a stream in the write scheduler. Any frames queued on 9886 // this stream should be discarded. It is illegal to call this on a stream 9887 // that is not open -- the call may panic. 9888 CloseStream(streamID uint32) 9889 9890 // AdjustStream adjusts the priority of the given stream. This may be called 9891 // on a stream that has not yet been opened or has been closed. Note that 9892 // RFC 7540 allows PRIORITY frames to be sent on streams in any state. See: 9893 // https://tools.ietf.org/html/rfc7540#section-5.1 9894 AdjustStream(streamID uint32, priority http2PriorityParam) 9895 9896 // Push queues a frame in the scheduler. In most cases, this will not be 9897 // called with wr.StreamID()!=0 unless that stream is currently open. The one 9898 // exception is RST_STREAM frames, which may be sent on idle or closed streams. 9899 Push(wr http2FrameWriteRequest) 9900 9901 // Pop dequeues the next frame to write. Returns false if no frames can 9902 // be written. Frames with a given wr.StreamID() are Pop'd in the same 9903 // order they are Push'd. No frames should be discarded except by CloseStream. 9904 Pop() (wr http2FrameWriteRequest, ok bool) 9905 } 9906 9907 // OpenStreamOptions specifies extra options for WriteScheduler.OpenStream. 9908 type http2OpenStreamOptions struct { 9909 // PusherID is zero if the stream was initiated by the client. Otherwise, 9910 // PusherID names the stream that pushed the newly opened stream. 9911 PusherID uint32 9912 } 9913 9914 // FrameWriteRequest is a request to write a frame. 9915 type http2FrameWriteRequest struct { 9916 // write is the interface value that does the writing, once the 9917 // WriteScheduler has selected this frame to write. The write 9918 // functions are all defined in write.go. 9919 write http2writeFramer 9920 9921 // stream is the stream on which this frame will be written. 9922 // nil for non-stream frames like PING and SETTINGS. 9923 stream *http2stream 9924 9925 // done, if non-nil, must be a buffered channel with space for 9926 // 1 message and is sent the return value from write (or an 9927 // earlier error) when the frame has been written. 9928 done chan error 9929 } 9930 9931 // StreamID returns the id of the stream this frame will be written to. 9932 // 0 is used for non-stream frames such as PING and SETTINGS. 9933 func (wr http2FrameWriteRequest) StreamID() uint32 { 9934 if wr.stream == nil { 9935 if se, ok := wr.write.(http2StreamError); ok { 9936 // (*serverConn).resetStream doesn't set 9937 // stream because it doesn't necessarily have 9938 // one. So special case this type of write 9939 // message. 9940 return se.StreamID 9941 } 9942 return 0 9943 } 9944 return wr.stream.id 9945 } 9946 9947 // isControl reports whether wr is a control frame for MaxQueuedControlFrames 9948 // purposes. That includes non-stream frames and RST_STREAM frames. 9949 func (wr http2FrameWriteRequest) isControl() bool { 9950 return wr.stream == nil 9951 } 9952 9953 // DataSize returns the number of flow control bytes that must be consumed 9954 // to write this entire frame. This is 0 for non-DATA frames. 9955 func (wr http2FrameWriteRequest) DataSize() int { 9956 if wd, ok := wr.write.(*http2writeData); ok { 9957 return len(wd.p) 9958 } 9959 return 0 9960 } 9961 9962 // Consume consumes min(n, available) bytes from this frame, where available 9963 // is the number of flow control bytes available on the stream. Consume returns 9964 // 0, 1, or 2 frames, where the integer return value gives the number of frames 9965 // returned. 9966 // 9967 // If flow control prevents consuming any bytes, this returns (_, _, 0). If 9968 // the entire frame was consumed, this returns (wr, _, 1). Otherwise, this 9969 // returns (consumed, rest, 2), where 'consumed' contains the consumed bytes and 9970 // 'rest' contains the remaining bytes. The consumed bytes are deducted from the 9971 // underlying stream's flow control budget. 9972 func (wr http2FrameWriteRequest) Consume(n int32) (http2FrameWriteRequest, http2FrameWriteRequest, int) { 9973 var empty http2FrameWriteRequest 9974 9975 // Non-DATA frames are always consumed whole. 9976 wd, ok := wr.write.(*http2writeData) 9977 if !ok || len(wd.p) == 0 { 9978 return wr, empty, 1 9979 } 9980 9981 // Might need to split after applying limits. 9982 allowed := wr.stream.flow.available() 9983 if n < allowed { 9984 allowed = n 9985 } 9986 if wr.stream.sc.maxFrameSize < allowed { 9987 allowed = wr.stream.sc.maxFrameSize 9988 } 9989 if allowed <= 0 { 9990 return empty, empty, 0 9991 } 9992 if len(wd.p) > int(allowed) { 9993 wr.stream.flow.take(allowed) 9994 consumed := http2FrameWriteRequest{ 9995 stream: wr.stream, 9996 write: &http2writeData{ 9997 streamID: wd.streamID, 9998 p: wd.p[:allowed], 9999 // Even if the original had endStream set, there 10000 // are bytes remaining because len(wd.p) > allowed, 10001 // so we know endStream is false. 10002 endStream: false, 10003 }, 10004 // Our caller is blocking on the final DATA frame, not 10005 // this intermediate frame, so no need to wait. 10006 done: nil, 10007 } 10008 rest := http2FrameWriteRequest{ 10009 stream: wr.stream, 10010 write: &http2writeData{ 10011 streamID: wd.streamID, 10012 p: wd.p[allowed:], 10013 endStream: wd.endStream, 10014 }, 10015 done: wr.done, 10016 } 10017 return consumed, rest, 2 10018 } 10019 10020 // The frame is consumed whole. 10021 // NB: This cast cannot overflow because allowed is <= math.MaxInt32. 10022 wr.stream.flow.take(int32(len(wd.p))) 10023 return wr, empty, 1 10024 } 10025 10026 // String is for debugging only. 10027 func (wr http2FrameWriteRequest) String() string { 10028 var des string 10029 if s, ok := wr.write.(fmt.Stringer); ok { 10030 des = s.String() 10031 } else { 10032 des = fmt.Sprintf("%T", wr.write) 10033 } 10034 return fmt.Sprintf("[FrameWriteRequest stream=%d, ch=%v, writer=%v]", wr.StreamID(), wr.done != nil, des) 10035 } 10036 10037 // replyToWriter sends err to wr.done and panics if the send must block 10038 // This does nothing if wr.done is nil. 10039 func (wr *http2FrameWriteRequest) replyToWriter(err error) { 10040 if wr.done == nil { 10041 return 10042 } 10043 select { 10044 case wr.done <- err: 10045 default: 10046 panic(fmt.Sprintf("unbuffered done channel passed in for type %T", wr.write)) 10047 } 10048 wr.write = nil // prevent use (assume it's tainted after wr.done send) 10049 } 10050 10051 // writeQueue is used by implementations of WriteScheduler. 10052 type http2writeQueue struct { 10053 s []http2FrameWriteRequest 10054 } 10055 10056 func (q *http2writeQueue) empty() bool { return len(q.s) == 0 } 10057 10058 func (q *http2writeQueue) push(wr http2FrameWriteRequest) { 10059 q.s = append(q.s, wr) 10060 } 10061 10062 func (q *http2writeQueue) shift() http2FrameWriteRequest { 10063 if len(q.s) == 0 { 10064 panic("invalid use of queue") 10065 } 10066 wr := q.s[0] 10067 // TODO: less copy-happy queue. 10068 copy(q.s, q.s[1:]) 10069 q.s[len(q.s)-1] = http2FrameWriteRequest{} 10070 q.s = q.s[:len(q.s)-1] 10071 return wr 10072 } 10073 10074 // consume consumes up to n bytes from q.s[0]. If the frame is 10075 // entirely consumed, it is removed from the queue. If the frame 10076 // is partially consumed, the frame is kept with the consumed 10077 // bytes removed. Returns true iff any bytes were consumed. 10078 func (q *http2writeQueue) consume(n int32) (http2FrameWriteRequest, bool) { 10079 if len(q.s) == 0 { 10080 return http2FrameWriteRequest{}, false 10081 } 10082 consumed, rest, numresult := q.s[0].Consume(n) 10083 switch numresult { 10084 case 0: 10085 return http2FrameWriteRequest{}, false 10086 case 1: 10087 q.shift() 10088 case 2: 10089 q.s[0] = rest 10090 } 10091 return consumed, true 10092 } 10093 10094 type http2writeQueuePool []*http2writeQueue 10095 10096 // put inserts an unused writeQueue into the pool. 10097 10098 // put inserts an unused writeQueue into the pool. 10099 func (p *http2writeQueuePool) put(q *http2writeQueue) { 10100 for i := range q.s { 10101 q.s[i] = http2FrameWriteRequest{} 10102 } 10103 q.s = q.s[:0] 10104 *p = append(*p, q) 10105 } 10106 10107 // get returns an empty writeQueue. 10108 func (p *http2writeQueuePool) get() *http2writeQueue { 10109 ln := len(*p) 10110 if ln == 0 { 10111 return new(http2writeQueue) 10112 } 10113 x := ln - 1 10114 q := (*p)[x] 10115 (*p)[x] = nil 10116 *p = (*p)[:x] 10117 return q 10118 } 10119 10120 // RFC 7540, Section 5.3.5: the default weight is 16. 10121 const http2priorityDefaultWeight = 15 // 16 = 15 + 1 10122 10123 // PriorityWriteSchedulerConfig configures a priorityWriteScheduler. 10124 type http2PriorityWriteSchedulerConfig struct { 10125 // MaxClosedNodesInTree controls the maximum number of closed streams to 10126 // retain in the priority tree. Setting this to zero saves a small amount 10127 // of memory at the cost of performance. 10128 // 10129 // See RFC 7540, Section 5.3.4: 10130 // "It is possible for a stream to become closed while prioritization 10131 // information ... is in transit. ... This potentially creates suboptimal 10132 // prioritization, since the stream could be given a priority that is 10133 // different from what is intended. To avoid these problems, an endpoint 10134 // SHOULD retain stream prioritization state for a period after streams 10135 // become closed. The longer state is retained, the lower the chance that 10136 // streams are assigned incorrect or default priority values." 10137 MaxClosedNodesInTree int 10138 10139 // MaxIdleNodesInTree controls the maximum number of idle streams to 10140 // retain in the priority tree. Setting this to zero saves a small amount 10141 // of memory at the cost of performance. 10142 // 10143 // See RFC 7540, Section 5.3.4: 10144 // Similarly, streams that are in the "idle" state can be assigned 10145 // priority or become a parent of other streams. This allows for the 10146 // creation of a grouping node in the dependency tree, which enables 10147 // more flexible expressions of priority. Idle streams begin with a 10148 // default priority (Section 5.3.5). 10149 MaxIdleNodesInTree int 10150 10151 // ThrottleOutOfOrderWrites enables write throttling to help ensure that 10152 // data is delivered in priority order. This works around a race where 10153 // stream B depends on stream A and both streams are about to call Write 10154 // to queue DATA frames. If B wins the race, a naive scheduler would eagerly 10155 // write as much data from B as possible, but this is suboptimal because A 10156 // is a higher-priority stream. With throttling enabled, we write a small 10157 // amount of data from B to minimize the amount of bandwidth that B can 10158 // steal from A. 10159 ThrottleOutOfOrderWrites bool 10160 } 10161 10162 // NewPriorityWriteScheduler constructs a WriteScheduler that schedules 10163 // frames by following HTTP/2 priorities as described in RFC 7540 Section 5.3. 10164 // If cfg is nil, default options are used. 10165 func http2NewPriorityWriteScheduler(cfg *http2PriorityWriteSchedulerConfig) http2WriteScheduler { 10166 if cfg == nil { 10167 // For justification of these defaults, see: 10168 // https://docs.google.com/document/d/1oLhNg1skaWD4_DtaoCxdSRN5erEXrH-KnLrMwEpOtFY 10169 cfg = &http2PriorityWriteSchedulerConfig{ 10170 MaxClosedNodesInTree: 10, 10171 MaxIdleNodesInTree: 10, 10172 ThrottleOutOfOrderWrites: false, 10173 } 10174 } 10175 10176 ws := &http2priorityWriteScheduler{ 10177 nodes: make(map[uint32]*http2priorityNode), 10178 maxClosedNodesInTree: cfg.MaxClosedNodesInTree, 10179 maxIdleNodesInTree: cfg.MaxIdleNodesInTree, 10180 enableWriteThrottle: cfg.ThrottleOutOfOrderWrites, 10181 } 10182 ws.nodes[0] = &ws.root 10183 if cfg.ThrottleOutOfOrderWrites { 10184 ws.writeThrottleLimit = 1024 10185 } else { 10186 ws.writeThrottleLimit = math.MaxInt32 10187 } 10188 return ws 10189 } 10190 10191 type http2priorityNodeState int 10192 10193 const ( 10194 http2priorityNodeOpen http2priorityNodeState = iota 10195 http2priorityNodeClosed 10196 http2priorityNodeIdle 10197 ) 10198 10199 // priorityNode is a node in an HTTP/2 priority tree. 10200 // Each node is associated with a single stream ID. 10201 // See RFC 7540, Section 5.3. 10202 type http2priorityNode struct { 10203 q http2writeQueue // queue of pending frames to write 10204 id uint32 // id of the stream, or 0 for the root of the tree 10205 weight uint8 // the actual weight is weight+1, so the value is in [1,256] 10206 state http2priorityNodeState // open | closed | idle 10207 bytes int64 // number of bytes written by this node, or 0 if closed 10208 subtreeBytes int64 // sum(node.bytes) of all nodes in this subtree 10209 10210 // These links form the priority tree. 10211 parent *http2priorityNode 10212 kids *http2priorityNode // start of the kids list 10213 prev, next *http2priorityNode // doubly-linked list of siblings 10214 } 10215 10216 func (n *http2priorityNode) setParent(parent *http2priorityNode) { 10217 if n == parent { 10218 panic("setParent to self") 10219 } 10220 if n.parent == parent { 10221 return 10222 } 10223 // Unlink from current parent. 10224 if parent := n.parent; parent != nil { 10225 if n.prev == nil { 10226 parent.kids = n.next 10227 } else { 10228 n.prev.next = n.next 10229 } 10230 if n.next != nil { 10231 n.next.prev = n.prev 10232 } 10233 } 10234 // Link to new parent. 10235 // If parent=nil, remove n from the tree. 10236 // Always insert at the head of parent.kids (this is assumed by walkReadyInOrder). 10237 n.parent = parent 10238 if parent == nil { 10239 n.next = nil 10240 n.prev = nil 10241 } else { 10242 n.next = parent.kids 10243 n.prev = nil 10244 if n.next != nil { 10245 n.next.prev = n 10246 } 10247 parent.kids = n 10248 } 10249 } 10250 10251 func (n *http2priorityNode) addBytes(b int64) { 10252 n.bytes += b 10253 for ; n != nil; n = n.parent { 10254 n.subtreeBytes += b 10255 } 10256 } 10257 10258 // walkReadyInOrder iterates over the tree in priority order, calling f for each node 10259 // with a non-empty write queue. When f returns true, this function returns true and the 10260 // walk halts. tmp is used as scratch space for sorting. 10261 // 10262 // f(n, openParent) takes two arguments: the node to visit, n, and a bool that is true 10263 // if any ancestor p of n is still open (ignoring the root node). 10264 func (n *http2priorityNode) walkReadyInOrder(openParent bool, tmp *[]*http2priorityNode, f func(*http2priorityNode, bool) bool) bool { 10265 if !n.q.empty() && f(n, openParent) { 10266 return true 10267 } 10268 if n.kids == nil { 10269 return false 10270 } 10271 10272 // Don't consider the root "open" when updating openParent since 10273 // we can't send data frames on the root stream (only control frames). 10274 if n.id != 0 { 10275 openParent = openParent || (n.state == http2priorityNodeOpen) 10276 } 10277 10278 // Common case: only one kid or all kids have the same weight. 10279 // Some clients don't use weights; other clients (like web browsers) 10280 // use mostly-linear priority trees. 10281 w := n.kids.weight 10282 needSort := false 10283 for k := n.kids.next; k != nil; k = k.next { 10284 if k.weight != w { 10285 needSort = true 10286 break 10287 } 10288 } 10289 if !needSort { 10290 for k := n.kids; k != nil; k = k.next { 10291 if k.walkReadyInOrder(openParent, tmp, f) { 10292 return true 10293 } 10294 } 10295 return false 10296 } 10297 10298 // Uncommon case: sort the child nodes. We remove the kids from the parent, 10299 // then re-insert after sorting so we can reuse tmp for future sort calls. 10300 *tmp = (*tmp)[:0] 10301 for n.kids != nil { 10302 *tmp = append(*tmp, n.kids) 10303 n.kids.setParent(nil) 10304 } 10305 sort.Sort(http2sortPriorityNodeSiblings(*tmp)) 10306 for i := len(*tmp) - 1; i >= 0; i-- { 10307 (*tmp)[i].setParent(n) // setParent inserts at the head of n.kids 10308 } 10309 for k := n.kids; k != nil; k = k.next { 10310 if k.walkReadyInOrder(openParent, tmp, f) { 10311 return true 10312 } 10313 } 10314 return false 10315 } 10316 10317 type http2sortPriorityNodeSiblings []*http2priorityNode 10318 10319 func (z http2sortPriorityNodeSiblings) Len() int { return len(z) } 10320 10321 func (z http2sortPriorityNodeSiblings) Swap(i, k int) { z[i], z[k] = z[k], z[i] } 10322 10323 func (z http2sortPriorityNodeSiblings) Less(i, k int) bool { 10324 // Prefer the subtree that has sent fewer bytes relative to its weight. 10325 // See sections 5.3.2 and 5.3.4. 10326 wi, bi := float64(z[i].weight+1), float64(z[i].subtreeBytes) 10327 wk, bk := float64(z[k].weight+1), float64(z[k].subtreeBytes) 10328 if bi == 0 && bk == 0 { 10329 return wi >= wk 10330 } 10331 if bk == 0 { 10332 return false 10333 } 10334 return bi/bk <= wi/wk 10335 } 10336 10337 type http2priorityWriteScheduler struct { 10338 // root is the root of the priority tree, where root.id = 0. 10339 // The root queues control frames that are not associated with any stream. 10340 root http2priorityNode 10341 10342 // nodes maps stream ids to priority tree nodes. 10343 nodes map[uint32]*http2priorityNode 10344 10345 // maxID is the maximum stream id in nodes. 10346 maxID uint32 10347 10348 // lists of nodes that have been closed or are idle, but are kept in 10349 // the tree for improved prioritization. When the lengths exceed either 10350 // maxClosedNodesInTree or maxIdleNodesInTree, old nodes are discarded. 10351 closedNodes, idleNodes []*http2priorityNode 10352 10353 // From the config. 10354 maxClosedNodesInTree int 10355 maxIdleNodesInTree int 10356 writeThrottleLimit int32 10357 enableWriteThrottle bool 10358 10359 // tmp is scratch space for priorityNode.walkReadyInOrder to reduce allocations. 10360 tmp []*http2priorityNode 10361 10362 // pool of empty queues for reuse. 10363 queuePool http2writeQueuePool 10364 } 10365 10366 func (ws *http2priorityWriteScheduler) OpenStream(streamID uint32, options http2OpenStreamOptions) { 10367 // The stream may be currently idle but cannot be opened or closed. 10368 if curr := ws.nodes[streamID]; curr != nil { 10369 if curr.state != http2priorityNodeIdle { 10370 panic(fmt.Sprintf("stream %d already opened", streamID)) 10371 } 10372 curr.state = http2priorityNodeOpen 10373 return 10374 } 10375 10376 // RFC 7540, Section 5.3.5: 10377 // "All streams are initially assigned a non-exclusive dependency on stream 0x0. 10378 // Pushed streams initially depend on their associated stream. In both cases, 10379 // streams are assigned a default weight of 16." 10380 parent := ws.nodes[options.PusherID] 10381 if parent == nil { 10382 parent = &ws.root 10383 } 10384 n := &http2priorityNode{ 10385 q: *ws.queuePool.get(), 10386 id: streamID, 10387 weight: http2priorityDefaultWeight, 10388 state: http2priorityNodeOpen, 10389 } 10390 n.setParent(parent) 10391 ws.nodes[streamID] = n 10392 if streamID > ws.maxID { 10393 ws.maxID = streamID 10394 } 10395 } 10396 10397 func (ws *http2priorityWriteScheduler) CloseStream(streamID uint32) { 10398 if streamID == 0 { 10399 panic("violation of WriteScheduler interface: cannot close stream 0") 10400 } 10401 if ws.nodes[streamID] == nil { 10402 panic(fmt.Sprintf("violation of WriteScheduler interface: unknown stream %d", streamID)) 10403 } 10404 if ws.nodes[streamID].state != http2priorityNodeOpen { 10405 panic(fmt.Sprintf("violation of WriteScheduler interface: stream %d already closed", streamID)) 10406 } 10407 10408 n := ws.nodes[streamID] 10409 n.state = http2priorityNodeClosed 10410 n.addBytes(-n.bytes) 10411 10412 q := n.q 10413 ws.queuePool.put(&q) 10414 n.q.s = nil 10415 if ws.maxClosedNodesInTree > 0 { 10416 ws.addClosedOrIdleNode(&ws.closedNodes, ws.maxClosedNodesInTree, n) 10417 } else { 10418 ws.removeNode(n) 10419 } 10420 } 10421 10422 func (ws *http2priorityWriteScheduler) AdjustStream(streamID uint32, priority http2PriorityParam) { 10423 if streamID == 0 { 10424 panic("adjustPriority on root") 10425 } 10426 10427 // If streamID does not exist, there are two cases: 10428 // - A closed stream that has been removed (this will have ID <= maxID) 10429 // - An idle stream that is being used for "grouping" (this will have ID > maxID) 10430 n := ws.nodes[streamID] 10431 if n == nil { 10432 if streamID <= ws.maxID || ws.maxIdleNodesInTree == 0 { 10433 return 10434 } 10435 ws.maxID = streamID 10436 n = &http2priorityNode{ 10437 q: *ws.queuePool.get(), 10438 id: streamID, 10439 weight: http2priorityDefaultWeight, 10440 state: http2priorityNodeIdle, 10441 } 10442 n.setParent(&ws.root) 10443 ws.nodes[streamID] = n 10444 ws.addClosedOrIdleNode(&ws.idleNodes, ws.maxIdleNodesInTree, n) 10445 } 10446 10447 // Section 5.3.1: A dependency on a stream that is not currently in the tree 10448 // results in that stream being given a default priority (Section 5.3.5). 10449 parent := ws.nodes[priority.StreamDep] 10450 if parent == nil { 10451 n.setParent(&ws.root) 10452 n.weight = http2priorityDefaultWeight 10453 return 10454 } 10455 10456 // Ignore if the client tries to make a node its own parent. 10457 if n == parent { 10458 return 10459 } 10460 10461 // Section 5.3.3: 10462 // "If a stream is made dependent on one of its own dependencies, the 10463 // formerly dependent stream is first moved to be dependent on the 10464 // reprioritized stream's previous parent. The moved dependency retains 10465 // its weight." 10466 // 10467 // That is: if parent depends on n, move parent to depend on n.parent. 10468 for x := parent.parent; x != nil; x = x.parent { 10469 if x == n { 10470 parent.setParent(n.parent) 10471 break 10472 } 10473 } 10474 10475 // Section 5.3.3: The exclusive flag causes the stream to become the sole 10476 // dependency of its parent stream, causing other dependencies to become 10477 // dependent on the exclusive stream. 10478 if priority.Exclusive { 10479 k := parent.kids 10480 for k != nil { 10481 next := k.next 10482 if k != n { 10483 k.setParent(n) 10484 } 10485 k = next 10486 } 10487 } 10488 10489 n.setParent(parent) 10490 n.weight = priority.Weight 10491 } 10492 10493 func (ws *http2priorityWriteScheduler) Push(wr http2FrameWriteRequest) { 10494 var n *http2priorityNode 10495 if id := wr.StreamID(); id == 0 { 10496 n = &ws.root 10497 } else { 10498 n = ws.nodes[id] 10499 if n == nil { 10500 // id is an idle or closed stream. wr should not be a HEADERS or 10501 // DATA frame. However, wr can be a RST_STREAM. In this case, we 10502 // push wr onto the root, rather than creating a new priorityNode, 10503 // since RST_STREAM is tiny and the stream's priority is unknown 10504 // anyway. See issue #17919. 10505 if wr.DataSize() > 0 { 10506 panic("add DATA on non-open stream") 10507 } 10508 n = &ws.root 10509 } 10510 } 10511 n.q.push(wr) 10512 } 10513 10514 func (ws *http2priorityWriteScheduler) Pop() (wr http2FrameWriteRequest, ok bool) { 10515 ws.root.walkReadyInOrder(false, &ws.tmp, func(n *http2priorityNode, openParent bool) bool { 10516 limit := int32(math.MaxInt32) 10517 if openParent { 10518 limit = ws.writeThrottleLimit 10519 } 10520 wr, ok = n.q.consume(limit) 10521 if !ok { 10522 return false 10523 } 10524 n.addBytes(int64(wr.DataSize())) 10525 // If B depends on A and B continuously has data available but A 10526 // does not, gradually increase the throttling limit to allow B to 10527 // steal more and more bandwidth from A. 10528 if openParent { 10529 ws.writeThrottleLimit += 1024 10530 if ws.writeThrottleLimit < 0 { 10531 ws.writeThrottleLimit = math.MaxInt32 10532 } 10533 } else if ws.enableWriteThrottle { 10534 ws.writeThrottleLimit = 1024 10535 } 10536 return true 10537 }) 10538 return wr, ok 10539 } 10540 10541 func (ws *http2priorityWriteScheduler) addClosedOrIdleNode(list *[]*http2priorityNode, maxSize int, n *http2priorityNode) { 10542 if maxSize == 0 { 10543 return 10544 } 10545 if len(*list) == maxSize { 10546 // Remove the oldest node, then shift left. 10547 ws.removeNode((*list)[0]) 10548 x := (*list)[1:] 10549 copy(*list, x) 10550 *list = (*list)[:len(x)] 10551 } 10552 *list = append(*list, n) 10553 } 10554 10555 func (ws *http2priorityWriteScheduler) removeNode(n *http2priorityNode) { 10556 for k := n.kids; k != nil; k = k.next { 10557 k.setParent(n.parent) 10558 } 10559 n.setParent(nil) 10560 delete(ws.nodes, n.id) 10561 } 10562 10563 // NewRandomWriteScheduler constructs a WriteScheduler that ignores HTTP/2 10564 // priorities. Control frames like SETTINGS and PING are written before DATA 10565 // frames, but if no control frames are queued and multiple streams have queued 10566 // HEADERS or DATA frames, Pop selects a ready stream arbitrarily. 10567 func http2NewRandomWriteScheduler() http2WriteScheduler { 10568 return &http2randomWriteScheduler{sq: make(map[uint32]*http2writeQueue)} 10569 } 10570 10571 type http2randomWriteScheduler struct { 10572 // zero are frames not associated with a specific stream. 10573 zero http2writeQueue 10574 10575 // sq contains the stream-specific queues, keyed by stream ID. 10576 // When a stream is idle, closed, or emptied, it's deleted 10577 // from the map. 10578 sq map[uint32]*http2writeQueue 10579 10580 // pool of empty queues for reuse. 10581 queuePool http2writeQueuePool 10582 } 10583 10584 func (ws *http2randomWriteScheduler) OpenStream(streamID uint32, options http2OpenStreamOptions) { 10585 // no-op: idle streams are not tracked 10586 } 10587 10588 func (ws *http2randomWriteScheduler) CloseStream(streamID uint32) { 10589 q, ok := ws.sq[streamID] 10590 if !ok { 10591 return 10592 } 10593 delete(ws.sq, streamID) 10594 ws.queuePool.put(q) 10595 } 10596 10597 func (ws *http2randomWriteScheduler) AdjustStream(streamID uint32, priority http2PriorityParam) { 10598 // no-op: priorities are ignored 10599 } 10600 10601 func (ws *http2randomWriteScheduler) Push(wr http2FrameWriteRequest) { 10602 id := wr.StreamID() 10603 if id == 0 { 10604 ws.zero.push(wr) 10605 return 10606 } 10607 q, ok := ws.sq[id] 10608 if !ok { 10609 q = ws.queuePool.get() 10610 ws.sq[id] = q 10611 } 10612 q.push(wr) 10613 } 10614 10615 func (ws *http2randomWriteScheduler) Pop() (http2FrameWriteRequest, bool) { 10616 // Control frames first. 10617 if !ws.zero.empty() { 10618 return ws.zero.shift(), true 10619 } 10620 // Iterate over all non-idle streams until finding one that can be consumed. 10621 for streamID, q := range ws.sq { 10622 if wr, ok := q.consume(math.MaxInt32); ok { 10623 if q.empty() { 10624 delete(ws.sq, streamID) 10625 ws.queuePool.put(q) 10626 } 10627 return wr, true 10628 } 10629 } 10630 return http2FrameWriteRequest{}, false 10631 }