github.com/megatontech/mynoteforgo@v0.0.0-20200507084910-5d0c6ea6e890/源码/net/http/h2_bundle.go (about) 1 // Code generated by golang.org/x/tools/cmd/bundle. DO NOT EDIT. 2 //go:generate bundle -o h2_bundle.go -prefix http2 -underscore golang.org/x/net/http2 3 4 // Package http2 implements the HTTP/2 protocol. 5 // 6 // This package is low-level and intended to be used directly by very 7 // few people. Most users will use it indirectly through the automatic 8 // use by the net/http package (from Go 1.6 and later). 9 // For use in earlier Go versions see ConfigureServer. (Transport support 10 // requires Go 1.6 or later) 11 // 12 // See https://http2.github.io/ for more information on HTTP/2. 13 // 14 // See https://http2.golang.org/ for a test server running this code. 15 // 16 17 package http 18 19 import ( 20 "bufio" 21 "bytes" 22 "compress/gzip" 23 "context" 24 "crypto/rand" 25 "crypto/tls" 26 "encoding/binary" 27 "errors" 28 "fmt" 29 "io" 30 "io/ioutil" 31 "log" 32 "math" 33 mathrand "math/rand" 34 "net" 35 "net/http/httptrace" 36 "net/textproto" 37 "net/url" 38 "os" 39 "reflect" 40 "runtime" 41 "sort" 42 "strconv" 43 "strings" 44 "sync" 45 "time" 46 47 "internal/x/net/http/httpguts" 48 "internal/x/net/http2/hpack" 49 "internal/x/net/idna" 50 ) 51 52 // A list of the possible cipher suite ids. Taken from 53 // https://www.iana.org/assignments/tls-parameters/tls-parameters.txt 54 55 const ( 56 http2cipher_TLS_NULL_WITH_NULL_NULL uint16 = 0x0000 57 http2cipher_TLS_RSA_WITH_NULL_MD5 uint16 = 0x0001 58 http2cipher_TLS_RSA_WITH_NULL_SHA uint16 = 0x0002 59 http2cipher_TLS_RSA_EXPORT_WITH_RC4_40_MD5 uint16 = 0x0003 60 http2cipher_TLS_RSA_WITH_RC4_128_MD5 uint16 = 0x0004 61 http2cipher_TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005 62 http2cipher_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 uint16 = 0x0006 63 http2cipher_TLS_RSA_WITH_IDEA_CBC_SHA uint16 = 0x0007 64 http2cipher_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0008 65 http2cipher_TLS_RSA_WITH_DES_CBC_SHA uint16 = 0x0009 66 http2cipher_TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000A 67 http2cipher_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x000B 68 http2cipher_TLS_DH_DSS_WITH_DES_CBC_SHA uint16 = 0x000C 69 http2cipher_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0x000D 70 http2cipher_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x000E 71 http2cipher_TLS_DH_RSA_WITH_DES_CBC_SHA uint16 = 0x000F 72 http2cipher_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x0010 73 http2cipher_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0011 74 http2cipher_TLS_DHE_DSS_WITH_DES_CBC_SHA uint16 = 0x0012 75 http2cipher_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0x0013 76 http2cipher_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0014 77 http2cipher_TLS_DHE_RSA_WITH_DES_CBC_SHA uint16 = 0x0015 78 http2cipher_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x0016 79 http2cipher_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 uint16 = 0x0017 80 http2cipher_TLS_DH_anon_WITH_RC4_128_MD5 uint16 = 0x0018 81 http2cipher_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0019 82 http2cipher_TLS_DH_anon_WITH_DES_CBC_SHA uint16 = 0x001A 83 http2cipher_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA uint16 = 0x001B 84 // Reserved uint16 = 0x001C-1D 85 http2cipher_TLS_KRB5_WITH_DES_CBC_SHA uint16 = 0x001E 86 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_SHA uint16 = 0x001F 87 http2cipher_TLS_KRB5_WITH_RC4_128_SHA uint16 = 0x0020 88 http2cipher_TLS_KRB5_WITH_IDEA_CBC_SHA uint16 = 0x0021 89 http2cipher_TLS_KRB5_WITH_DES_CBC_MD5 uint16 = 0x0022 90 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_MD5 uint16 = 0x0023 91 http2cipher_TLS_KRB5_WITH_RC4_128_MD5 uint16 = 0x0024 92 http2cipher_TLS_KRB5_WITH_IDEA_CBC_MD5 uint16 = 0x0025 93 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA uint16 = 0x0026 94 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA uint16 = 0x0027 95 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_SHA uint16 = 0x0028 96 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 uint16 = 0x0029 97 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 uint16 = 0x002A 98 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_MD5 uint16 = 0x002B 99 http2cipher_TLS_PSK_WITH_NULL_SHA uint16 = 0x002C 100 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA uint16 = 0x002D 101 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA uint16 = 0x002E 102 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002F 103 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA uint16 = 0x0030 104 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA uint16 = 0x0031 105 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA uint16 = 0x0032 106 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0x0033 107 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA uint16 = 0x0034 108 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035 109 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA uint16 = 0x0036 110 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0037 111 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA uint16 = 0x0038 112 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0039 113 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA uint16 = 0x003A 114 http2cipher_TLS_RSA_WITH_NULL_SHA256 uint16 = 0x003B 115 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003C 116 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x003D 117 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA256 uint16 = 0x003E 118 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003F 119 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 uint16 = 0x0040 120 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0041 121 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0042 122 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0043 123 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0044 124 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0045 125 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0046 126 // Reserved uint16 = 0x0047-4F 127 // Reserved uint16 = 0x0050-58 128 // Reserved uint16 = 0x0059-5C 129 // Unassigned uint16 = 0x005D-5F 130 // Reserved uint16 = 0x0060-66 131 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x0067 132 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA256 uint16 = 0x0068 133 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x0069 134 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 uint16 = 0x006A 135 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x006B 136 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA256 uint16 = 0x006C 137 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA256 uint16 = 0x006D 138 // Unassigned uint16 = 0x006E-83 139 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0084 140 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0085 141 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0086 142 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0087 143 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0088 144 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0089 145 http2cipher_TLS_PSK_WITH_RC4_128_SHA uint16 = 0x008A 146 http2cipher_TLS_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x008B 147 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA uint16 = 0x008C 148 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA uint16 = 0x008D 149 http2cipher_TLS_DHE_PSK_WITH_RC4_128_SHA uint16 = 0x008E 150 http2cipher_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x008F 151 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA uint16 = 0x0090 152 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA uint16 = 0x0091 153 http2cipher_TLS_RSA_PSK_WITH_RC4_128_SHA uint16 = 0x0092 154 http2cipher_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x0093 155 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA uint16 = 0x0094 156 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA uint16 = 0x0095 157 http2cipher_TLS_RSA_WITH_SEED_CBC_SHA uint16 = 0x0096 158 http2cipher_TLS_DH_DSS_WITH_SEED_CBC_SHA uint16 = 0x0097 159 http2cipher_TLS_DH_RSA_WITH_SEED_CBC_SHA uint16 = 0x0098 160 http2cipher_TLS_DHE_DSS_WITH_SEED_CBC_SHA uint16 = 0x0099 161 http2cipher_TLS_DHE_RSA_WITH_SEED_CBC_SHA uint16 = 0x009A 162 http2cipher_TLS_DH_anon_WITH_SEED_CBC_SHA uint16 = 0x009B 163 http2cipher_TLS_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009C 164 http2cipher_TLS_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009D 165 http2cipher_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009E 166 http2cipher_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009F 167 http2cipher_TLS_DH_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x00A0 168 http2cipher_TLS_DH_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x00A1 169 http2cipher_TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 uint16 = 0x00A2 170 http2cipher_TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 uint16 = 0x00A3 171 http2cipher_TLS_DH_DSS_WITH_AES_128_GCM_SHA256 uint16 = 0x00A4 172 http2cipher_TLS_DH_DSS_WITH_AES_256_GCM_SHA384 uint16 = 0x00A5 173 http2cipher_TLS_DH_anon_WITH_AES_128_GCM_SHA256 uint16 = 0x00A6 174 http2cipher_TLS_DH_anon_WITH_AES_256_GCM_SHA384 uint16 = 0x00A7 175 http2cipher_TLS_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00A8 176 http2cipher_TLS_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00A9 177 http2cipher_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00AA 178 http2cipher_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00AB 179 http2cipher_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00AC 180 http2cipher_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00AD 181 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00AE 182 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00AF 183 http2cipher_TLS_PSK_WITH_NULL_SHA256 uint16 = 0x00B0 184 http2cipher_TLS_PSK_WITH_NULL_SHA384 uint16 = 0x00B1 185 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00B2 186 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00B3 187 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA256 uint16 = 0x00B4 188 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA384 uint16 = 0x00B5 189 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00B6 190 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00B7 191 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA256 uint16 = 0x00B8 192 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA384 uint16 = 0x00B9 193 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BA 194 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BB 195 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BC 196 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BD 197 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BE 198 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BF 199 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C0 200 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C1 201 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C2 202 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C3 203 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C4 204 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C5 205 // Unassigned uint16 = 0x00C6-FE 206 http2cipher_TLS_EMPTY_RENEGOTIATION_INFO_SCSV uint16 = 0x00FF 207 // Unassigned uint16 = 0x01-55,* 208 http2cipher_TLS_FALLBACK_SCSV uint16 = 0x5600 209 // Unassigned uint16 = 0x5601 - 0xC000 210 http2cipher_TLS_ECDH_ECDSA_WITH_NULL_SHA uint16 = 0xC001 211 http2cipher_TLS_ECDH_ECDSA_WITH_RC4_128_SHA uint16 = 0xC002 212 http2cipher_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC003 213 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xC004 214 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xC005 215 http2cipher_TLS_ECDHE_ECDSA_WITH_NULL_SHA uint16 = 0xC006 216 http2cipher_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xC007 217 http2cipher_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC008 218 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xC009 219 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xC00A 220 http2cipher_TLS_ECDH_RSA_WITH_NULL_SHA uint16 = 0xC00B 221 http2cipher_TLS_ECDH_RSA_WITH_RC4_128_SHA uint16 = 0xC00C 222 http2cipher_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC00D 223 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC00E 224 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC00F 225 http2cipher_TLS_ECDHE_RSA_WITH_NULL_SHA uint16 = 0xC010 226 http2cipher_TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xC011 227 http2cipher_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC012 228 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC013 229 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC014 230 http2cipher_TLS_ECDH_anon_WITH_NULL_SHA uint16 = 0xC015 231 http2cipher_TLS_ECDH_anon_WITH_RC4_128_SHA uint16 = 0xC016 232 http2cipher_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA uint16 = 0xC017 233 http2cipher_TLS_ECDH_anon_WITH_AES_128_CBC_SHA uint16 = 0xC018 234 http2cipher_TLS_ECDH_anon_WITH_AES_256_CBC_SHA uint16 = 0xC019 235 http2cipher_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01A 236 http2cipher_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01B 237 http2cipher_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01C 238 http2cipher_TLS_SRP_SHA_WITH_AES_128_CBC_SHA uint16 = 0xC01D 239 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC01E 240 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA uint16 = 0xC01F 241 http2cipher_TLS_SRP_SHA_WITH_AES_256_CBC_SHA uint16 = 0xC020 242 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC021 243 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA uint16 = 0xC022 244 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC023 245 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC024 246 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC025 247 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC026 248 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC027 249 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC028 250 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC029 251 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC02A 252 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02B 253 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC02C 254 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02D 255 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC02E 256 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02F 257 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC030 258 http2cipher_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC031 259 http2cipher_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC032 260 http2cipher_TLS_ECDHE_PSK_WITH_RC4_128_SHA uint16 = 0xC033 261 http2cipher_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0xC034 262 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA uint16 = 0xC035 263 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA uint16 = 0xC036 264 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0xC037 265 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0xC038 266 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA uint16 = 0xC039 267 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA256 uint16 = 0xC03A 268 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA384 uint16 = 0xC03B 269 http2cipher_TLS_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC03C 270 http2cipher_TLS_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC03D 271 http2cipher_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC03E 272 http2cipher_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC03F 273 http2cipher_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC040 274 http2cipher_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC041 275 http2cipher_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC042 276 http2cipher_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC043 277 http2cipher_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC044 278 http2cipher_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC045 279 http2cipher_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC046 280 http2cipher_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC047 281 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC048 282 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC049 283 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04A 284 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04B 285 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04C 286 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04D 287 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04E 288 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04F 289 http2cipher_TLS_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC050 290 http2cipher_TLS_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC051 291 http2cipher_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC052 292 http2cipher_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC053 293 http2cipher_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC054 294 http2cipher_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC055 295 http2cipher_TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC056 296 http2cipher_TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC057 297 http2cipher_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC058 298 http2cipher_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC059 299 http2cipher_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05A 300 http2cipher_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05B 301 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05C 302 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05D 303 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05E 304 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05F 305 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC060 306 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC061 307 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC062 308 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC063 309 http2cipher_TLS_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC064 310 http2cipher_TLS_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC065 311 http2cipher_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC066 312 http2cipher_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC067 313 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC068 314 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC069 315 http2cipher_TLS_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06A 316 http2cipher_TLS_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06B 317 http2cipher_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06C 318 http2cipher_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06D 319 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06E 320 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06F 321 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC070 322 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC071 323 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC072 324 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC073 325 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC074 326 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC075 327 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC076 328 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC077 329 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC078 330 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC079 331 http2cipher_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07A 332 http2cipher_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07B 333 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07C 334 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07D 335 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07E 336 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07F 337 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC080 338 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC081 339 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC082 340 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC083 341 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC084 342 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC085 343 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC086 344 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC087 345 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC088 346 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC089 347 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08A 348 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08B 349 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08C 350 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08D 351 http2cipher_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08E 352 http2cipher_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08F 353 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC090 354 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC091 355 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC092 356 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC093 357 http2cipher_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC094 358 http2cipher_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC095 359 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC096 360 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC097 361 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC098 362 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC099 363 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC09A 364 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC09B 365 http2cipher_TLS_RSA_WITH_AES_128_CCM uint16 = 0xC09C 366 http2cipher_TLS_RSA_WITH_AES_256_CCM uint16 = 0xC09D 367 http2cipher_TLS_DHE_RSA_WITH_AES_128_CCM uint16 = 0xC09E 368 http2cipher_TLS_DHE_RSA_WITH_AES_256_CCM uint16 = 0xC09F 369 http2cipher_TLS_RSA_WITH_AES_128_CCM_8 uint16 = 0xC0A0 370 http2cipher_TLS_RSA_WITH_AES_256_CCM_8 uint16 = 0xC0A1 371 http2cipher_TLS_DHE_RSA_WITH_AES_128_CCM_8 uint16 = 0xC0A2 372 http2cipher_TLS_DHE_RSA_WITH_AES_256_CCM_8 uint16 = 0xC0A3 373 http2cipher_TLS_PSK_WITH_AES_128_CCM uint16 = 0xC0A4 374 http2cipher_TLS_PSK_WITH_AES_256_CCM uint16 = 0xC0A5 375 http2cipher_TLS_DHE_PSK_WITH_AES_128_CCM uint16 = 0xC0A6 376 http2cipher_TLS_DHE_PSK_WITH_AES_256_CCM uint16 = 0xC0A7 377 http2cipher_TLS_PSK_WITH_AES_128_CCM_8 uint16 = 0xC0A8 378 http2cipher_TLS_PSK_WITH_AES_256_CCM_8 uint16 = 0xC0A9 379 http2cipher_TLS_PSK_DHE_WITH_AES_128_CCM_8 uint16 = 0xC0AA 380 http2cipher_TLS_PSK_DHE_WITH_AES_256_CCM_8 uint16 = 0xC0AB 381 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CCM uint16 = 0xC0AC 382 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CCM uint16 = 0xC0AD 383 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 uint16 = 0xC0AE 384 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 uint16 = 0xC0AF 385 // Unassigned uint16 = 0xC0B0-FF 386 // Unassigned uint16 = 0xC1-CB,* 387 // Unassigned uint16 = 0xCC00-A7 388 http2cipher_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCA8 389 http2cipher_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCA9 390 http2cipher_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAA 391 http2cipher_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAB 392 http2cipher_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAC 393 http2cipher_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAD 394 http2cipher_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAE 395 ) 396 397 // isBadCipher reports whether the cipher is blacklisted by the HTTP/2 spec. 398 // References: 399 // https://tools.ietf.org/html/rfc7540#appendix-A 400 // Reject cipher suites from Appendix A. 401 // "This list includes those cipher suites that do not 402 // offer an ephemeral key exchange and those that are 403 // based on the TLS null, stream or block cipher type" 404 func http2isBadCipher(cipher uint16) bool { 405 switch cipher { 406 case http2cipher_TLS_NULL_WITH_NULL_NULL, 407 http2cipher_TLS_RSA_WITH_NULL_MD5, 408 http2cipher_TLS_RSA_WITH_NULL_SHA, 409 http2cipher_TLS_RSA_EXPORT_WITH_RC4_40_MD5, 410 http2cipher_TLS_RSA_WITH_RC4_128_MD5, 411 http2cipher_TLS_RSA_WITH_RC4_128_SHA, 412 http2cipher_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, 413 http2cipher_TLS_RSA_WITH_IDEA_CBC_SHA, 414 http2cipher_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, 415 http2cipher_TLS_RSA_WITH_DES_CBC_SHA, 416 http2cipher_TLS_RSA_WITH_3DES_EDE_CBC_SHA, 417 http2cipher_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, 418 http2cipher_TLS_DH_DSS_WITH_DES_CBC_SHA, 419 http2cipher_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, 420 http2cipher_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, 421 http2cipher_TLS_DH_RSA_WITH_DES_CBC_SHA, 422 http2cipher_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, 423 http2cipher_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, 424 http2cipher_TLS_DHE_DSS_WITH_DES_CBC_SHA, 425 http2cipher_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 426 http2cipher_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, 427 http2cipher_TLS_DHE_RSA_WITH_DES_CBC_SHA, 428 http2cipher_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 429 http2cipher_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5, 430 http2cipher_TLS_DH_anon_WITH_RC4_128_MD5, 431 http2cipher_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, 432 http2cipher_TLS_DH_anon_WITH_DES_CBC_SHA, 433 http2cipher_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, 434 http2cipher_TLS_KRB5_WITH_DES_CBC_SHA, 435 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_SHA, 436 http2cipher_TLS_KRB5_WITH_RC4_128_SHA, 437 http2cipher_TLS_KRB5_WITH_IDEA_CBC_SHA, 438 http2cipher_TLS_KRB5_WITH_DES_CBC_MD5, 439 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_MD5, 440 http2cipher_TLS_KRB5_WITH_RC4_128_MD5, 441 http2cipher_TLS_KRB5_WITH_IDEA_CBC_MD5, 442 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, 443 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, 444 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_SHA, 445 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, 446 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, 447 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_MD5, 448 http2cipher_TLS_PSK_WITH_NULL_SHA, 449 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA, 450 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA, 451 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA, 452 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA, 453 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA, 454 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 455 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 456 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA, 457 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA, 458 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA, 459 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA, 460 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 461 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 462 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA, 463 http2cipher_TLS_RSA_WITH_NULL_SHA256, 464 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA256, 465 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA256, 466 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA256, 467 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA256, 468 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 469 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, 470 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 471 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 472 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 473 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 474 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA, 475 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 476 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA256, 477 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA256, 478 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 479 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 480 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA256, 481 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA256, 482 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, 483 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 484 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 485 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 486 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 487 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA, 488 http2cipher_TLS_PSK_WITH_RC4_128_SHA, 489 http2cipher_TLS_PSK_WITH_3DES_EDE_CBC_SHA, 490 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA, 491 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA, 492 http2cipher_TLS_DHE_PSK_WITH_RC4_128_SHA, 493 http2cipher_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, 494 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, 495 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, 496 http2cipher_TLS_RSA_PSK_WITH_RC4_128_SHA, 497 http2cipher_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, 498 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, 499 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, 500 http2cipher_TLS_RSA_WITH_SEED_CBC_SHA, 501 http2cipher_TLS_DH_DSS_WITH_SEED_CBC_SHA, 502 http2cipher_TLS_DH_RSA_WITH_SEED_CBC_SHA, 503 http2cipher_TLS_DHE_DSS_WITH_SEED_CBC_SHA, 504 http2cipher_TLS_DHE_RSA_WITH_SEED_CBC_SHA, 505 http2cipher_TLS_DH_anon_WITH_SEED_CBC_SHA, 506 http2cipher_TLS_RSA_WITH_AES_128_GCM_SHA256, 507 http2cipher_TLS_RSA_WITH_AES_256_GCM_SHA384, 508 http2cipher_TLS_DH_RSA_WITH_AES_128_GCM_SHA256, 509 http2cipher_TLS_DH_RSA_WITH_AES_256_GCM_SHA384, 510 http2cipher_TLS_DH_DSS_WITH_AES_128_GCM_SHA256, 511 http2cipher_TLS_DH_DSS_WITH_AES_256_GCM_SHA384, 512 http2cipher_TLS_DH_anon_WITH_AES_128_GCM_SHA256, 513 http2cipher_TLS_DH_anon_WITH_AES_256_GCM_SHA384, 514 http2cipher_TLS_PSK_WITH_AES_128_GCM_SHA256, 515 http2cipher_TLS_PSK_WITH_AES_256_GCM_SHA384, 516 http2cipher_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, 517 http2cipher_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, 518 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA256, 519 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA384, 520 http2cipher_TLS_PSK_WITH_NULL_SHA256, 521 http2cipher_TLS_PSK_WITH_NULL_SHA384, 522 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, 523 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, 524 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA256, 525 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA384, 526 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, 527 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, 528 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA256, 529 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA384, 530 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, 531 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256, 532 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 533 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, 534 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 535 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256, 536 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, 537 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256, 538 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256, 539 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, 540 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 541 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256, 542 http2cipher_TLS_EMPTY_RENEGOTIATION_INFO_SCSV, 543 http2cipher_TLS_ECDH_ECDSA_WITH_NULL_SHA, 544 http2cipher_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 545 http2cipher_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 546 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 547 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 548 http2cipher_TLS_ECDHE_ECDSA_WITH_NULL_SHA, 549 http2cipher_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 550 http2cipher_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 551 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 552 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 553 http2cipher_TLS_ECDH_RSA_WITH_NULL_SHA, 554 http2cipher_TLS_ECDH_RSA_WITH_RC4_128_SHA, 555 http2cipher_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 556 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 557 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 558 http2cipher_TLS_ECDHE_RSA_WITH_NULL_SHA, 559 http2cipher_TLS_ECDHE_RSA_WITH_RC4_128_SHA, 560 http2cipher_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 561 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 562 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 563 http2cipher_TLS_ECDH_anon_WITH_NULL_SHA, 564 http2cipher_TLS_ECDH_anon_WITH_RC4_128_SHA, 565 http2cipher_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, 566 http2cipher_TLS_ECDH_anon_WITH_AES_128_CBC_SHA, 567 http2cipher_TLS_ECDH_anon_WITH_AES_256_CBC_SHA, 568 http2cipher_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 569 http2cipher_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 570 http2cipher_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 571 http2cipher_TLS_SRP_SHA_WITH_AES_128_CBC_SHA, 572 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 573 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 574 http2cipher_TLS_SRP_SHA_WITH_AES_256_CBC_SHA, 575 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 576 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 577 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 578 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 579 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, 580 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, 581 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 582 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 583 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 584 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 585 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 586 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 587 http2cipher_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, 588 http2cipher_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, 589 http2cipher_TLS_ECDHE_PSK_WITH_RC4_128_SHA, 590 http2cipher_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, 591 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, 592 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, 593 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 594 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, 595 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA, 596 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA256, 597 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA384, 598 http2cipher_TLS_RSA_WITH_ARIA_128_CBC_SHA256, 599 http2cipher_TLS_RSA_WITH_ARIA_256_CBC_SHA384, 600 http2cipher_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256, 601 http2cipher_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384, 602 http2cipher_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256, 603 http2cipher_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384, 604 http2cipher_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256, 605 http2cipher_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384, 606 http2cipher_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, 607 http2cipher_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, 608 http2cipher_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256, 609 http2cipher_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384, 610 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, 611 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, 612 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, 613 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, 614 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, 615 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, 616 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, 617 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, 618 http2cipher_TLS_RSA_WITH_ARIA_128_GCM_SHA256, 619 http2cipher_TLS_RSA_WITH_ARIA_256_GCM_SHA384, 620 http2cipher_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256, 621 http2cipher_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384, 622 http2cipher_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256, 623 http2cipher_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384, 624 http2cipher_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256, 625 http2cipher_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384, 626 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, 627 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, 628 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, 629 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, 630 http2cipher_TLS_PSK_WITH_ARIA_128_CBC_SHA256, 631 http2cipher_TLS_PSK_WITH_ARIA_256_CBC_SHA384, 632 http2cipher_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, 633 http2cipher_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, 634 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, 635 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, 636 http2cipher_TLS_PSK_WITH_ARIA_128_GCM_SHA256, 637 http2cipher_TLS_PSK_WITH_ARIA_256_GCM_SHA384, 638 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, 639 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, 640 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, 641 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, 642 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 643 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 644 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 645 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 646 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 647 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, 648 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 649 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, 650 http2cipher_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, 651 http2cipher_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, 652 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 653 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 654 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256, 655 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384, 656 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256, 657 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384, 658 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 659 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 660 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 661 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 662 http2cipher_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, 663 http2cipher_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, 664 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, 665 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, 666 http2cipher_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, 667 http2cipher_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, 668 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 669 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 670 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, 671 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, 672 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 673 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 674 http2cipher_TLS_RSA_WITH_AES_128_CCM, 675 http2cipher_TLS_RSA_WITH_AES_256_CCM, 676 http2cipher_TLS_RSA_WITH_AES_128_CCM_8, 677 http2cipher_TLS_RSA_WITH_AES_256_CCM_8, 678 http2cipher_TLS_PSK_WITH_AES_128_CCM, 679 http2cipher_TLS_PSK_WITH_AES_256_CCM, 680 http2cipher_TLS_PSK_WITH_AES_128_CCM_8, 681 http2cipher_TLS_PSK_WITH_AES_256_CCM_8: 682 return true 683 default: 684 return false 685 } 686 } 687 688 // ClientConnPool manages a pool of HTTP/2 client connections. 689 type http2ClientConnPool interface { 690 GetClientConn(req *Request, addr string) (*http2ClientConn, error) 691 MarkDead(*http2ClientConn) 692 } 693 694 // clientConnPoolIdleCloser is the interface implemented by ClientConnPool 695 // implementations which can close their idle connections. 696 type http2clientConnPoolIdleCloser interface { 697 http2ClientConnPool 698 closeIdleConnections() 699 } 700 701 var ( 702 _ http2clientConnPoolIdleCloser = (*http2clientConnPool)(nil) 703 _ http2clientConnPoolIdleCloser = http2noDialClientConnPool{} 704 ) 705 706 // TODO: use singleflight for dialing and addConnCalls? 707 type http2clientConnPool struct { 708 t *http2Transport 709 710 mu sync.Mutex // TODO: maybe switch to RWMutex 711 // TODO: add support for sharing conns based on cert names 712 // (e.g. share conn for googleapis.com and appspot.com) 713 conns map[string][]*http2ClientConn // key is host:port 714 dialing map[string]*http2dialCall // currently in-flight dials 715 keys map[*http2ClientConn][]string 716 addConnCalls map[string]*http2addConnCall // in-flight addConnIfNeede calls 717 } 718 719 func (p *http2clientConnPool) GetClientConn(req *Request, addr string) (*http2ClientConn, error) { 720 return p.getClientConn(req, addr, http2dialOnMiss) 721 } 722 723 const ( 724 http2dialOnMiss = true 725 http2noDialOnMiss = false 726 ) 727 728 // shouldTraceGetConn reports whether getClientConn should call any 729 // ClientTrace.GetConn hook associated with the http.Request. 730 // 731 // This complexity is needed to avoid double calls of the GetConn hook 732 // during the back-and-forth between net/http and x/net/http2 (when the 733 // net/http.Transport is upgraded to also speak http2), as well as support 734 // the case where x/net/http2 is being used directly. 735 func (p *http2clientConnPool) shouldTraceGetConn(st http2clientConnIdleState) bool { 736 // If our Transport wasn't made via ConfigureTransport, always 737 // trace the GetConn hook if provided, because that means the 738 // http2 package is being used directly and it's the one 739 // dialing, as opposed to net/http. 740 if _, ok := p.t.ConnPool.(http2noDialClientConnPool); !ok { 741 return true 742 } 743 // Otherwise, only use the GetConn hook if this connection has 744 // been used previously for other requests. For fresh 745 // connections, the net/http package does the dialing. 746 return !st.freshConn 747 } 748 749 func (p *http2clientConnPool) getClientConn(req *Request, addr string, dialOnMiss bool) (*http2ClientConn, error) { 750 if http2isConnectionCloseRequest(req) && dialOnMiss { 751 // It gets its own connection. 752 http2traceGetConn(req, addr) 753 const singleUse = true 754 cc, err := p.t.dialClientConn(addr, singleUse) 755 if err != nil { 756 return nil, err 757 } 758 return cc, nil 759 } 760 p.mu.Lock() 761 for _, cc := range p.conns[addr] { 762 if st := cc.idleState(); st.canTakeNewRequest { 763 if p.shouldTraceGetConn(st) { 764 http2traceGetConn(req, addr) 765 } 766 p.mu.Unlock() 767 return cc, nil 768 } 769 } 770 if !dialOnMiss { 771 p.mu.Unlock() 772 return nil, http2ErrNoCachedConn 773 } 774 http2traceGetConn(req, addr) 775 call := p.getStartDialLocked(addr) 776 p.mu.Unlock() 777 <-call.done 778 return call.res, call.err 779 } 780 781 // dialCall is an in-flight Transport dial call to a host. 782 type http2dialCall struct { 783 p *http2clientConnPool 784 done chan struct{} // closed when done 785 res *http2ClientConn // valid after done is closed 786 err error // valid after done is closed 787 } 788 789 // requires p.mu is held. 790 func (p *http2clientConnPool) getStartDialLocked(addr string) *http2dialCall { 791 if call, ok := p.dialing[addr]; ok { 792 // A dial is already in-flight. Don't start another. 793 return call 794 } 795 call := &http2dialCall{p: p, done: make(chan struct{})} 796 if p.dialing == nil { 797 p.dialing = make(map[string]*http2dialCall) 798 } 799 p.dialing[addr] = call 800 go call.dial(addr) 801 return call 802 } 803 804 // run in its own goroutine. 805 func (c *http2dialCall) dial(addr string) { 806 const singleUse = false // shared conn 807 c.res, c.err = c.p.t.dialClientConn(addr, singleUse) 808 close(c.done) 809 810 c.p.mu.Lock() 811 delete(c.p.dialing, addr) 812 if c.err == nil { 813 c.p.addConnLocked(addr, c.res) 814 } 815 c.p.mu.Unlock() 816 } 817 818 // addConnIfNeeded makes a NewClientConn out of c if a connection for key doesn't 819 // already exist. It coalesces concurrent calls with the same key. 820 // This is used by the http1 Transport code when it creates a new connection. Because 821 // the http1 Transport doesn't de-dup TCP dials to outbound hosts (because it doesn't know 822 // the protocol), it can get into a situation where it has multiple TLS connections. 823 // This code decides which ones live or die. 824 // The return value used is whether c was used. 825 // c is never closed. 826 func (p *http2clientConnPool) addConnIfNeeded(key string, t *http2Transport, c *tls.Conn) (used bool, err error) { 827 p.mu.Lock() 828 for _, cc := range p.conns[key] { 829 if cc.CanTakeNewRequest() { 830 p.mu.Unlock() 831 return false, nil 832 } 833 } 834 call, dup := p.addConnCalls[key] 835 if !dup { 836 if p.addConnCalls == nil { 837 p.addConnCalls = make(map[string]*http2addConnCall) 838 } 839 call = &http2addConnCall{ 840 p: p, 841 done: make(chan struct{}), 842 } 843 p.addConnCalls[key] = call 844 go call.run(t, key, c) 845 } 846 p.mu.Unlock() 847 848 <-call.done 849 if call.err != nil { 850 return false, call.err 851 } 852 return !dup, nil 853 } 854 855 type http2addConnCall struct { 856 p *http2clientConnPool 857 done chan struct{} // closed when done 858 err error 859 } 860 861 func (c *http2addConnCall) run(t *http2Transport, key string, tc *tls.Conn) { 862 cc, err := t.NewClientConn(tc) 863 864 p := c.p 865 p.mu.Lock() 866 if err != nil { 867 c.err = err 868 } else { 869 p.addConnLocked(key, cc) 870 } 871 delete(p.addConnCalls, key) 872 p.mu.Unlock() 873 close(c.done) 874 } 875 876 func (p *http2clientConnPool) addConn(key string, cc *http2ClientConn) { 877 p.mu.Lock() 878 p.addConnLocked(key, cc) 879 p.mu.Unlock() 880 } 881 882 // p.mu must be held 883 func (p *http2clientConnPool) addConnLocked(key string, cc *http2ClientConn) { 884 for _, v := range p.conns[key] { 885 if v == cc { 886 return 887 } 888 } 889 if p.conns == nil { 890 p.conns = make(map[string][]*http2ClientConn) 891 } 892 if p.keys == nil { 893 p.keys = make(map[*http2ClientConn][]string) 894 } 895 p.conns[key] = append(p.conns[key], cc) 896 p.keys[cc] = append(p.keys[cc], key) 897 } 898 899 func (p *http2clientConnPool) MarkDead(cc *http2ClientConn) { 900 p.mu.Lock() 901 defer p.mu.Unlock() 902 for _, key := range p.keys[cc] { 903 vv, ok := p.conns[key] 904 if !ok { 905 continue 906 } 907 newList := http2filterOutClientConn(vv, cc) 908 if len(newList) > 0 { 909 p.conns[key] = newList 910 } else { 911 delete(p.conns, key) 912 } 913 } 914 delete(p.keys, cc) 915 } 916 917 func (p *http2clientConnPool) closeIdleConnections() { 918 p.mu.Lock() 919 defer p.mu.Unlock() 920 // TODO: don't close a cc if it was just added to the pool 921 // milliseconds ago and has never been used. There's currently 922 // a small race window with the HTTP/1 Transport's integration 923 // where it can add an idle conn just before using it, and 924 // somebody else can concurrently call CloseIdleConns and 925 // break some caller's RoundTrip. 926 for _, vv := range p.conns { 927 for _, cc := range vv { 928 cc.closeIfIdle() 929 } 930 } 931 } 932 933 func http2filterOutClientConn(in []*http2ClientConn, exclude *http2ClientConn) []*http2ClientConn { 934 out := in[:0] 935 for _, v := range in { 936 if v != exclude { 937 out = append(out, v) 938 } 939 } 940 // If we filtered it out, zero out the last item to prevent 941 // the GC from seeing it. 942 if len(in) != len(out) { 943 in[len(in)-1] = nil 944 } 945 return out 946 } 947 948 // noDialClientConnPool is an implementation of http2.ClientConnPool 949 // which never dials. We let the HTTP/1.1 client dial and use its TLS 950 // connection instead. 951 type http2noDialClientConnPool struct{ *http2clientConnPool } 952 953 func (p http2noDialClientConnPool) GetClientConn(req *Request, addr string) (*http2ClientConn, error) { 954 return p.getClientConn(req, addr, http2noDialOnMiss) 955 } 956 957 // Buffer chunks are allocated from a pool to reduce pressure on GC. 958 // The maximum wasted space per dataBuffer is 2x the largest size class, 959 // which happens when the dataBuffer has multiple chunks and there is 960 // one unread byte in both the first and last chunks. We use a few size 961 // classes to minimize overheads for servers that typically receive very 962 // small request bodies. 963 // 964 // TODO: Benchmark to determine if the pools are necessary. The GC may have 965 // improved enough that we can instead allocate chunks like this: 966 // make([]byte, max(16<<10, expectedBytesRemaining)) 967 var ( 968 http2dataChunkSizeClasses = []int{ 969 1 << 10, 970 2 << 10, 971 4 << 10, 972 8 << 10, 973 16 << 10, 974 } 975 http2dataChunkPools = [...]sync.Pool{ 976 {New: func() interface{} { return make([]byte, 1<<10) }}, 977 {New: func() interface{} { return make([]byte, 2<<10) }}, 978 {New: func() interface{} { return make([]byte, 4<<10) }}, 979 {New: func() interface{} { return make([]byte, 8<<10) }}, 980 {New: func() interface{} { return make([]byte, 16<<10) }}, 981 } 982 ) 983 984 func http2getDataBufferChunk(size int64) []byte { 985 i := 0 986 for ; i < len(http2dataChunkSizeClasses)-1; i++ { 987 if size <= int64(http2dataChunkSizeClasses[i]) { 988 break 989 } 990 } 991 return http2dataChunkPools[i].Get().([]byte) 992 } 993 994 func http2putDataBufferChunk(p []byte) { 995 for i, n := range http2dataChunkSizeClasses { 996 if len(p) == n { 997 http2dataChunkPools[i].Put(p) 998 return 999 } 1000 } 1001 panic(fmt.Sprintf("unexpected buffer len=%v", len(p))) 1002 } 1003 1004 // dataBuffer is an io.ReadWriter backed by a list of data chunks. 1005 // Each dataBuffer is used to read DATA frames on a single stream. 1006 // The buffer is divided into chunks so the server can limit the 1007 // total memory used by a single connection without limiting the 1008 // request body size on any single stream. 1009 type http2dataBuffer struct { 1010 chunks [][]byte 1011 r int // next byte to read is chunks[0][r] 1012 w int // next byte to write is chunks[len(chunks)-1][w] 1013 size int // total buffered bytes 1014 expected int64 // we expect at least this many bytes in future Write calls (ignored if <= 0) 1015 } 1016 1017 var http2errReadEmpty = errors.New("read from empty dataBuffer") 1018 1019 // Read copies bytes from the buffer into p. 1020 // It is an error to read when no data is available. 1021 func (b *http2dataBuffer) Read(p []byte) (int, error) { 1022 if b.size == 0 { 1023 return 0, http2errReadEmpty 1024 } 1025 var ntotal int 1026 for len(p) > 0 && b.size > 0 { 1027 readFrom := b.bytesFromFirstChunk() 1028 n := copy(p, readFrom) 1029 p = p[n:] 1030 ntotal += n 1031 b.r += n 1032 b.size -= n 1033 // If the first chunk has been consumed, advance to the next chunk. 1034 if b.r == len(b.chunks[0]) { 1035 http2putDataBufferChunk(b.chunks[0]) 1036 end := len(b.chunks) - 1 1037 copy(b.chunks[:end], b.chunks[1:]) 1038 b.chunks[end] = nil 1039 b.chunks = b.chunks[:end] 1040 b.r = 0 1041 } 1042 } 1043 return ntotal, nil 1044 } 1045 1046 func (b *http2dataBuffer) bytesFromFirstChunk() []byte { 1047 if len(b.chunks) == 1 { 1048 return b.chunks[0][b.r:b.w] 1049 } 1050 return b.chunks[0][b.r:] 1051 } 1052 1053 // Len returns the number of bytes of the unread portion of the buffer. 1054 func (b *http2dataBuffer) Len() int { 1055 return b.size 1056 } 1057 1058 // Write appends p to the buffer. 1059 func (b *http2dataBuffer) Write(p []byte) (int, error) { 1060 ntotal := len(p) 1061 for len(p) > 0 { 1062 // If the last chunk is empty, allocate a new chunk. Try to allocate 1063 // enough to fully copy p plus any additional bytes we expect to 1064 // receive. However, this may allocate less than len(p). 1065 want := int64(len(p)) 1066 if b.expected > want { 1067 want = b.expected 1068 } 1069 chunk := b.lastChunkOrAlloc(want) 1070 n := copy(chunk[b.w:], p) 1071 p = p[n:] 1072 b.w += n 1073 b.size += n 1074 b.expected -= int64(n) 1075 } 1076 return ntotal, nil 1077 } 1078 1079 func (b *http2dataBuffer) lastChunkOrAlloc(want int64) []byte { 1080 if len(b.chunks) != 0 { 1081 last := b.chunks[len(b.chunks)-1] 1082 if b.w < len(last) { 1083 return last 1084 } 1085 } 1086 chunk := http2getDataBufferChunk(want) 1087 b.chunks = append(b.chunks, chunk) 1088 b.w = 0 1089 return chunk 1090 } 1091 1092 // An ErrCode is an unsigned 32-bit error code as defined in the HTTP/2 spec. 1093 type http2ErrCode uint32 1094 1095 const ( 1096 http2ErrCodeNo http2ErrCode = 0x0 1097 http2ErrCodeProtocol http2ErrCode = 0x1 1098 http2ErrCodeInternal http2ErrCode = 0x2 1099 http2ErrCodeFlowControl http2ErrCode = 0x3 1100 http2ErrCodeSettingsTimeout http2ErrCode = 0x4 1101 http2ErrCodeStreamClosed http2ErrCode = 0x5 1102 http2ErrCodeFrameSize http2ErrCode = 0x6 1103 http2ErrCodeRefusedStream http2ErrCode = 0x7 1104 http2ErrCodeCancel http2ErrCode = 0x8 1105 http2ErrCodeCompression http2ErrCode = 0x9 1106 http2ErrCodeConnect http2ErrCode = 0xa 1107 http2ErrCodeEnhanceYourCalm http2ErrCode = 0xb 1108 http2ErrCodeInadequateSecurity http2ErrCode = 0xc 1109 http2ErrCodeHTTP11Required http2ErrCode = 0xd 1110 ) 1111 1112 var http2errCodeName = map[http2ErrCode]string{ 1113 http2ErrCodeNo: "NO_ERROR", 1114 http2ErrCodeProtocol: "PROTOCOL_ERROR", 1115 http2ErrCodeInternal: "INTERNAL_ERROR", 1116 http2ErrCodeFlowControl: "FLOW_CONTROL_ERROR", 1117 http2ErrCodeSettingsTimeout: "SETTINGS_TIMEOUT", 1118 http2ErrCodeStreamClosed: "STREAM_CLOSED", 1119 http2ErrCodeFrameSize: "FRAME_SIZE_ERROR", 1120 http2ErrCodeRefusedStream: "REFUSED_STREAM", 1121 http2ErrCodeCancel: "CANCEL", 1122 http2ErrCodeCompression: "COMPRESSION_ERROR", 1123 http2ErrCodeConnect: "CONNECT_ERROR", 1124 http2ErrCodeEnhanceYourCalm: "ENHANCE_YOUR_CALM", 1125 http2ErrCodeInadequateSecurity: "INADEQUATE_SECURITY", 1126 http2ErrCodeHTTP11Required: "HTTP_1_1_REQUIRED", 1127 } 1128 1129 func (e http2ErrCode) String() string { 1130 if s, ok := http2errCodeName[e]; ok { 1131 return s 1132 } 1133 return fmt.Sprintf("unknown error code 0x%x", uint32(e)) 1134 } 1135 1136 // ConnectionError is an error that results in the termination of the 1137 // entire connection. 1138 type http2ConnectionError http2ErrCode 1139 1140 func (e http2ConnectionError) Error() string { 1141 return fmt.Sprintf("connection error: %s", http2ErrCode(e)) 1142 } 1143 1144 // StreamError is an error that only affects one stream within an 1145 // HTTP/2 connection. 1146 type http2StreamError struct { 1147 StreamID uint32 1148 Code http2ErrCode 1149 Cause error // optional additional detail 1150 } 1151 1152 func http2streamError(id uint32, code http2ErrCode) http2StreamError { 1153 return http2StreamError{StreamID: id, Code: code} 1154 } 1155 1156 func (e http2StreamError) Error() string { 1157 if e.Cause != nil { 1158 return fmt.Sprintf("stream error: stream ID %d; %v; %v", e.StreamID, e.Code, e.Cause) 1159 } 1160 return fmt.Sprintf("stream error: stream ID %d; %v", e.StreamID, e.Code) 1161 } 1162 1163 // 6.9.1 The Flow Control Window 1164 // "If a sender receives a WINDOW_UPDATE that causes a flow control 1165 // window to exceed this maximum it MUST terminate either the stream 1166 // or the connection, as appropriate. For streams, [...]; for the 1167 // connection, a GOAWAY frame with a FLOW_CONTROL_ERROR code." 1168 type http2goAwayFlowError struct{} 1169 1170 func (http2goAwayFlowError) Error() string { return "connection exceeded flow control window size" } 1171 1172 // connError represents an HTTP/2 ConnectionError error code, along 1173 // with a string (for debugging) explaining why. 1174 // 1175 // Errors of this type are only returned by the frame parser functions 1176 // and converted into ConnectionError(Code), after stashing away 1177 // the Reason into the Framer's errDetail field, accessible via 1178 // the (*Framer).ErrorDetail method. 1179 type http2connError struct { 1180 Code http2ErrCode // the ConnectionError error code 1181 Reason string // additional reason 1182 } 1183 1184 func (e http2connError) Error() string { 1185 return fmt.Sprintf("http2: connection error: %v: %v", e.Code, e.Reason) 1186 } 1187 1188 type http2pseudoHeaderError string 1189 1190 func (e http2pseudoHeaderError) Error() string { 1191 return fmt.Sprintf("invalid pseudo-header %q", string(e)) 1192 } 1193 1194 type http2duplicatePseudoHeaderError string 1195 1196 func (e http2duplicatePseudoHeaderError) Error() string { 1197 return fmt.Sprintf("duplicate pseudo-header %q", string(e)) 1198 } 1199 1200 type http2headerFieldNameError string 1201 1202 func (e http2headerFieldNameError) Error() string { 1203 return fmt.Sprintf("invalid header field name %q", string(e)) 1204 } 1205 1206 type http2headerFieldValueError string 1207 1208 func (e http2headerFieldValueError) Error() string { 1209 return fmt.Sprintf("invalid header field value %q", string(e)) 1210 } 1211 1212 var ( 1213 http2errMixPseudoHeaderTypes = errors.New("mix of request and response pseudo headers") 1214 http2errPseudoAfterRegular = errors.New("pseudo header field after regular") 1215 ) 1216 1217 // flow is the flow control window's size. 1218 type http2flow struct { 1219 // n is the number of DATA bytes we're allowed to send. 1220 // A flow is kept both on a conn and a per-stream. 1221 n int32 1222 1223 // conn points to the shared connection-level flow that is 1224 // shared by all streams on that conn. It is nil for the flow 1225 // that's on the conn directly. 1226 conn *http2flow 1227 } 1228 1229 func (f *http2flow) setConnFlow(cf *http2flow) { f.conn = cf } 1230 1231 func (f *http2flow) available() int32 { 1232 n := f.n 1233 if f.conn != nil && f.conn.n < n { 1234 n = f.conn.n 1235 } 1236 return n 1237 } 1238 1239 func (f *http2flow) take(n int32) { 1240 if n > f.available() { 1241 panic("internal error: took too much") 1242 } 1243 f.n -= n 1244 if f.conn != nil { 1245 f.conn.n -= n 1246 } 1247 } 1248 1249 // add adds n bytes (positive or negative) to the flow control window. 1250 // It returns false if the sum would exceed 2^31-1. 1251 func (f *http2flow) add(n int32) bool { 1252 sum := f.n + n 1253 if (sum > n) == (f.n > 0) { 1254 f.n = sum 1255 return true 1256 } 1257 return false 1258 } 1259 1260 const http2frameHeaderLen = 9 1261 1262 var http2padZeros = make([]byte, 255) // zeros for padding 1263 1264 // A FrameType is a registered frame type as defined in 1265 // http://http2.github.io/http2-spec/#rfc.section.11.2 1266 type http2FrameType uint8 1267 1268 const ( 1269 http2FrameData http2FrameType = 0x0 1270 http2FrameHeaders http2FrameType = 0x1 1271 http2FramePriority http2FrameType = 0x2 1272 http2FrameRSTStream http2FrameType = 0x3 1273 http2FrameSettings http2FrameType = 0x4 1274 http2FramePushPromise http2FrameType = 0x5 1275 http2FramePing http2FrameType = 0x6 1276 http2FrameGoAway http2FrameType = 0x7 1277 http2FrameWindowUpdate http2FrameType = 0x8 1278 http2FrameContinuation http2FrameType = 0x9 1279 ) 1280 1281 var http2frameName = map[http2FrameType]string{ 1282 http2FrameData: "DATA", 1283 http2FrameHeaders: "HEADERS", 1284 http2FramePriority: "PRIORITY", 1285 http2FrameRSTStream: "RST_STREAM", 1286 http2FrameSettings: "SETTINGS", 1287 http2FramePushPromise: "PUSH_PROMISE", 1288 http2FramePing: "PING", 1289 http2FrameGoAway: "GOAWAY", 1290 http2FrameWindowUpdate: "WINDOW_UPDATE", 1291 http2FrameContinuation: "CONTINUATION", 1292 } 1293 1294 func (t http2FrameType) String() string { 1295 if s, ok := http2frameName[t]; ok { 1296 return s 1297 } 1298 return fmt.Sprintf("UNKNOWN_FRAME_TYPE_%d", uint8(t)) 1299 } 1300 1301 // Flags is a bitmask of HTTP/2 flags. 1302 // The meaning of flags varies depending on the frame type. 1303 type http2Flags uint8 1304 1305 // Has reports whether f contains all (0 or more) flags in v. 1306 func (f http2Flags) Has(v http2Flags) bool { 1307 return (f & v) == v 1308 } 1309 1310 // Frame-specific FrameHeader flag bits. 1311 const ( 1312 // Data Frame 1313 http2FlagDataEndStream http2Flags = 0x1 1314 http2FlagDataPadded http2Flags = 0x8 1315 1316 // Headers Frame 1317 http2FlagHeadersEndStream http2Flags = 0x1 1318 http2FlagHeadersEndHeaders http2Flags = 0x4 1319 http2FlagHeadersPadded http2Flags = 0x8 1320 http2FlagHeadersPriority http2Flags = 0x20 1321 1322 // Settings Frame 1323 http2FlagSettingsAck http2Flags = 0x1 1324 1325 // Ping Frame 1326 http2FlagPingAck http2Flags = 0x1 1327 1328 // Continuation Frame 1329 http2FlagContinuationEndHeaders http2Flags = 0x4 1330 1331 http2FlagPushPromiseEndHeaders http2Flags = 0x4 1332 http2FlagPushPromisePadded http2Flags = 0x8 1333 ) 1334 1335 var http2flagName = map[http2FrameType]map[http2Flags]string{ 1336 http2FrameData: { 1337 http2FlagDataEndStream: "END_STREAM", 1338 http2FlagDataPadded: "PADDED", 1339 }, 1340 http2FrameHeaders: { 1341 http2FlagHeadersEndStream: "END_STREAM", 1342 http2FlagHeadersEndHeaders: "END_HEADERS", 1343 http2FlagHeadersPadded: "PADDED", 1344 http2FlagHeadersPriority: "PRIORITY", 1345 }, 1346 http2FrameSettings: { 1347 http2FlagSettingsAck: "ACK", 1348 }, 1349 http2FramePing: { 1350 http2FlagPingAck: "ACK", 1351 }, 1352 http2FrameContinuation: { 1353 http2FlagContinuationEndHeaders: "END_HEADERS", 1354 }, 1355 http2FramePushPromise: { 1356 http2FlagPushPromiseEndHeaders: "END_HEADERS", 1357 http2FlagPushPromisePadded: "PADDED", 1358 }, 1359 } 1360 1361 // a frameParser parses a frame given its FrameHeader and payload 1362 // bytes. The length of payload will always equal fh.Length (which 1363 // might be 0). 1364 type http2frameParser func(fc *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) 1365 1366 var http2frameParsers = map[http2FrameType]http2frameParser{ 1367 http2FrameData: http2parseDataFrame, 1368 http2FrameHeaders: http2parseHeadersFrame, 1369 http2FramePriority: http2parsePriorityFrame, 1370 http2FrameRSTStream: http2parseRSTStreamFrame, 1371 http2FrameSettings: http2parseSettingsFrame, 1372 http2FramePushPromise: http2parsePushPromise, 1373 http2FramePing: http2parsePingFrame, 1374 http2FrameGoAway: http2parseGoAwayFrame, 1375 http2FrameWindowUpdate: http2parseWindowUpdateFrame, 1376 http2FrameContinuation: http2parseContinuationFrame, 1377 } 1378 1379 func http2typeFrameParser(t http2FrameType) http2frameParser { 1380 if f := http2frameParsers[t]; f != nil { 1381 return f 1382 } 1383 return http2parseUnknownFrame 1384 } 1385 1386 // A FrameHeader is the 9 byte header of all HTTP/2 frames. 1387 // 1388 // See http://http2.github.io/http2-spec/#FrameHeader 1389 type http2FrameHeader struct { 1390 valid bool // caller can access []byte fields in the Frame 1391 1392 // Type is the 1 byte frame type. There are ten standard frame 1393 // types, but extension frame types may be written by WriteRawFrame 1394 // and will be returned by ReadFrame (as UnknownFrame). 1395 Type http2FrameType 1396 1397 // Flags are the 1 byte of 8 potential bit flags per frame. 1398 // They are specific to the frame type. 1399 Flags http2Flags 1400 1401 // Length is the length of the frame, not including the 9 byte header. 1402 // The maximum size is one byte less than 16MB (uint24), but only 1403 // frames up to 16KB are allowed without peer agreement. 1404 Length uint32 1405 1406 // StreamID is which stream this frame is for. Certain frames 1407 // are not stream-specific, in which case this field is 0. 1408 StreamID uint32 1409 } 1410 1411 // Header returns h. It exists so FrameHeaders can be embedded in other 1412 // specific frame types and implement the Frame interface. 1413 func (h http2FrameHeader) Header() http2FrameHeader { return h } 1414 1415 func (h http2FrameHeader) String() string { 1416 var buf bytes.Buffer 1417 buf.WriteString("[FrameHeader ") 1418 h.writeDebug(&buf) 1419 buf.WriteByte(']') 1420 return buf.String() 1421 } 1422 1423 func (h http2FrameHeader) writeDebug(buf *bytes.Buffer) { 1424 buf.WriteString(h.Type.String()) 1425 if h.Flags != 0 { 1426 buf.WriteString(" flags=") 1427 set := 0 1428 for i := uint8(0); i < 8; i++ { 1429 if h.Flags&(1<<i) == 0 { 1430 continue 1431 } 1432 set++ 1433 if set > 1 { 1434 buf.WriteByte('|') 1435 } 1436 name := http2flagName[h.Type][http2Flags(1<<i)] 1437 if name != "" { 1438 buf.WriteString(name) 1439 } else { 1440 fmt.Fprintf(buf, "0x%x", 1<<i) 1441 } 1442 } 1443 } 1444 if h.StreamID != 0 { 1445 fmt.Fprintf(buf, " stream=%d", h.StreamID) 1446 } 1447 fmt.Fprintf(buf, " len=%d", h.Length) 1448 } 1449 1450 func (h *http2FrameHeader) checkValid() { 1451 if !h.valid { 1452 panic("Frame accessor called on non-owned Frame") 1453 } 1454 } 1455 1456 func (h *http2FrameHeader) invalidate() { h.valid = false } 1457 1458 // frame header bytes. 1459 // Used only by ReadFrameHeader. 1460 var http2fhBytes = sync.Pool{ 1461 New: func() interface{} { 1462 buf := make([]byte, http2frameHeaderLen) 1463 return &buf 1464 }, 1465 } 1466 1467 // ReadFrameHeader reads 9 bytes from r and returns a FrameHeader. 1468 // Most users should use Framer.ReadFrame instead. 1469 func http2ReadFrameHeader(r io.Reader) (http2FrameHeader, error) { 1470 bufp := http2fhBytes.Get().(*[]byte) 1471 defer http2fhBytes.Put(bufp) 1472 return http2readFrameHeader(*bufp, r) 1473 } 1474 1475 func http2readFrameHeader(buf []byte, r io.Reader) (http2FrameHeader, error) { 1476 _, err := io.ReadFull(r, buf[:http2frameHeaderLen]) 1477 if err != nil { 1478 return http2FrameHeader{}, err 1479 } 1480 return http2FrameHeader{ 1481 Length: (uint32(buf[0])<<16 | uint32(buf[1])<<8 | uint32(buf[2])), 1482 Type: http2FrameType(buf[3]), 1483 Flags: http2Flags(buf[4]), 1484 StreamID: binary.BigEndian.Uint32(buf[5:]) & (1<<31 - 1), 1485 valid: true, 1486 }, nil 1487 } 1488 1489 // A Frame is the base interface implemented by all frame types. 1490 // Callers will generally type-assert the specific frame type: 1491 // *HeadersFrame, *SettingsFrame, *WindowUpdateFrame, etc. 1492 // 1493 // Frames are only valid until the next call to Framer.ReadFrame. 1494 type http2Frame interface { 1495 Header() http2FrameHeader 1496 1497 // invalidate is called by Framer.ReadFrame to make this 1498 // frame's buffers as being invalid, since the subsequent 1499 // frame will reuse them. 1500 invalidate() 1501 } 1502 1503 // A Framer reads and writes Frames. 1504 type http2Framer struct { 1505 r io.Reader 1506 lastFrame http2Frame 1507 errDetail error 1508 1509 // lastHeaderStream is non-zero if the last frame was an 1510 // unfinished HEADERS/CONTINUATION. 1511 lastHeaderStream uint32 1512 1513 maxReadSize uint32 1514 headerBuf [http2frameHeaderLen]byte 1515 1516 // TODO: let getReadBuf be configurable, and use a less memory-pinning 1517 // allocator in server.go to minimize memory pinned for many idle conns. 1518 // Will probably also need to make frame invalidation have a hook too. 1519 getReadBuf func(size uint32) []byte 1520 readBuf []byte // cache for default getReadBuf 1521 1522 maxWriteSize uint32 // zero means unlimited; TODO: implement 1523 1524 w io.Writer 1525 wbuf []byte 1526 1527 // AllowIllegalWrites permits the Framer's Write methods to 1528 // write frames that do not conform to the HTTP/2 spec. This 1529 // permits using the Framer to test other HTTP/2 1530 // implementations' conformance to the spec. 1531 // If false, the Write methods will prefer to return an error 1532 // rather than comply. 1533 AllowIllegalWrites bool 1534 1535 // AllowIllegalReads permits the Framer's ReadFrame method 1536 // to return non-compliant frames or frame orders. 1537 // This is for testing and permits using the Framer to test 1538 // other HTTP/2 implementations' conformance to the spec. 1539 // It is not compatible with ReadMetaHeaders. 1540 AllowIllegalReads bool 1541 1542 // ReadMetaHeaders if non-nil causes ReadFrame to merge 1543 // HEADERS and CONTINUATION frames together and return 1544 // MetaHeadersFrame instead. 1545 ReadMetaHeaders *hpack.Decoder 1546 1547 // MaxHeaderListSize is the http2 MAX_HEADER_LIST_SIZE. 1548 // It's used only if ReadMetaHeaders is set; 0 means a sane default 1549 // (currently 16MB) 1550 // If the limit is hit, MetaHeadersFrame.Truncated is set true. 1551 MaxHeaderListSize uint32 1552 1553 // TODO: track which type of frame & with which flags was sent 1554 // last. Then return an error (unless AllowIllegalWrites) if 1555 // we're in the middle of a header block and a 1556 // non-Continuation or Continuation on a different stream is 1557 // attempted to be written. 1558 1559 logReads, logWrites bool 1560 1561 debugFramer *http2Framer // only use for logging written writes 1562 debugFramerBuf *bytes.Buffer 1563 debugReadLoggerf func(string, ...interface{}) 1564 debugWriteLoggerf func(string, ...interface{}) 1565 1566 frameCache *http2frameCache // nil if frames aren't reused (default) 1567 } 1568 1569 func (fr *http2Framer) maxHeaderListSize() uint32 { 1570 if fr.MaxHeaderListSize == 0 { 1571 return 16 << 20 // sane default, per docs 1572 } 1573 return fr.MaxHeaderListSize 1574 } 1575 1576 func (f *http2Framer) startWrite(ftype http2FrameType, flags http2Flags, streamID uint32) { 1577 // Write the FrameHeader. 1578 f.wbuf = append(f.wbuf[:0], 1579 0, // 3 bytes of length, filled in in endWrite 1580 0, 1581 0, 1582 byte(ftype), 1583 byte(flags), 1584 byte(streamID>>24), 1585 byte(streamID>>16), 1586 byte(streamID>>8), 1587 byte(streamID)) 1588 } 1589 1590 func (f *http2Framer) endWrite() error { 1591 // Now that we know the final size, fill in the FrameHeader in 1592 // the space previously reserved for it. Abuse append. 1593 length := len(f.wbuf) - http2frameHeaderLen 1594 if length >= (1 << 24) { 1595 return http2ErrFrameTooLarge 1596 } 1597 _ = append(f.wbuf[:0], 1598 byte(length>>16), 1599 byte(length>>8), 1600 byte(length)) 1601 if f.logWrites { 1602 f.logWrite() 1603 } 1604 1605 n, err := f.w.Write(f.wbuf) 1606 if err == nil && n != len(f.wbuf) { 1607 err = io.ErrShortWrite 1608 } 1609 return err 1610 } 1611 1612 func (f *http2Framer) logWrite() { 1613 if f.debugFramer == nil { 1614 f.debugFramerBuf = new(bytes.Buffer) 1615 f.debugFramer = http2NewFramer(nil, f.debugFramerBuf) 1616 f.debugFramer.logReads = false // we log it ourselves, saying "wrote" below 1617 // Let us read anything, even if we accidentally wrote it 1618 // in the wrong order: 1619 f.debugFramer.AllowIllegalReads = true 1620 } 1621 f.debugFramerBuf.Write(f.wbuf) 1622 fr, err := f.debugFramer.ReadFrame() 1623 if err != nil { 1624 f.debugWriteLoggerf("http2: Framer %p: failed to decode just-written frame", f) 1625 return 1626 } 1627 f.debugWriteLoggerf("http2: Framer %p: wrote %v", f, http2summarizeFrame(fr)) 1628 } 1629 1630 func (f *http2Framer) writeByte(v byte) { f.wbuf = append(f.wbuf, v) } 1631 1632 func (f *http2Framer) writeBytes(v []byte) { f.wbuf = append(f.wbuf, v...) } 1633 1634 func (f *http2Framer) writeUint16(v uint16) { f.wbuf = append(f.wbuf, byte(v>>8), byte(v)) } 1635 1636 func (f *http2Framer) writeUint32(v uint32) { 1637 f.wbuf = append(f.wbuf, byte(v>>24), byte(v>>16), byte(v>>8), byte(v)) 1638 } 1639 1640 const ( 1641 http2minMaxFrameSize = 1 << 14 1642 http2maxFrameSize = 1<<24 - 1 1643 ) 1644 1645 // SetReuseFrames allows the Framer to reuse Frames. 1646 // If called on a Framer, Frames returned by calls to ReadFrame are only 1647 // valid until the next call to ReadFrame. 1648 func (fr *http2Framer) SetReuseFrames() { 1649 if fr.frameCache != nil { 1650 return 1651 } 1652 fr.frameCache = &http2frameCache{} 1653 } 1654 1655 type http2frameCache struct { 1656 dataFrame http2DataFrame 1657 } 1658 1659 func (fc *http2frameCache) getDataFrame() *http2DataFrame { 1660 if fc == nil { 1661 return &http2DataFrame{} 1662 } 1663 return &fc.dataFrame 1664 } 1665 1666 // NewFramer returns a Framer that writes frames to w and reads them from r. 1667 func http2NewFramer(w io.Writer, r io.Reader) *http2Framer { 1668 fr := &http2Framer{ 1669 w: w, 1670 r: r, 1671 logReads: http2logFrameReads, 1672 logWrites: http2logFrameWrites, 1673 debugReadLoggerf: log.Printf, 1674 debugWriteLoggerf: log.Printf, 1675 } 1676 fr.getReadBuf = func(size uint32) []byte { 1677 if cap(fr.readBuf) >= int(size) { 1678 return fr.readBuf[:size] 1679 } 1680 fr.readBuf = make([]byte, size) 1681 return fr.readBuf 1682 } 1683 fr.SetMaxReadFrameSize(http2maxFrameSize) 1684 return fr 1685 } 1686 1687 // SetMaxReadFrameSize sets the maximum size of a frame 1688 // that will be read by a subsequent call to ReadFrame. 1689 // It is the caller's responsibility to advertise this 1690 // limit with a SETTINGS frame. 1691 func (fr *http2Framer) SetMaxReadFrameSize(v uint32) { 1692 if v > http2maxFrameSize { 1693 v = http2maxFrameSize 1694 } 1695 fr.maxReadSize = v 1696 } 1697 1698 // ErrorDetail returns a more detailed error of the last error 1699 // returned by Framer.ReadFrame. For instance, if ReadFrame 1700 // returns a StreamError with code PROTOCOL_ERROR, ErrorDetail 1701 // will say exactly what was invalid. ErrorDetail is not guaranteed 1702 // to return a non-nil value and like the rest of the http2 package, 1703 // its return value is not protected by an API compatibility promise. 1704 // ErrorDetail is reset after the next call to ReadFrame. 1705 func (fr *http2Framer) ErrorDetail() error { 1706 return fr.errDetail 1707 } 1708 1709 // ErrFrameTooLarge is returned from Framer.ReadFrame when the peer 1710 // sends a frame that is larger than declared with SetMaxReadFrameSize. 1711 var http2ErrFrameTooLarge = errors.New("http2: frame too large") 1712 1713 // terminalReadFrameError reports whether err is an unrecoverable 1714 // error from ReadFrame and no other frames should be read. 1715 func http2terminalReadFrameError(err error) bool { 1716 if _, ok := err.(http2StreamError); ok { 1717 return false 1718 } 1719 return err != nil 1720 } 1721 1722 // ReadFrame reads a single frame. The returned Frame is only valid 1723 // until the next call to ReadFrame. 1724 // 1725 // If the frame is larger than previously set with SetMaxReadFrameSize, the 1726 // returned error is ErrFrameTooLarge. Other errors may be of type 1727 // ConnectionError, StreamError, or anything else from the underlying 1728 // reader. 1729 func (fr *http2Framer) ReadFrame() (http2Frame, error) { 1730 fr.errDetail = nil 1731 if fr.lastFrame != nil { 1732 fr.lastFrame.invalidate() 1733 } 1734 fh, err := http2readFrameHeader(fr.headerBuf[:], fr.r) 1735 if err != nil { 1736 return nil, err 1737 } 1738 if fh.Length > fr.maxReadSize { 1739 return nil, http2ErrFrameTooLarge 1740 } 1741 payload := fr.getReadBuf(fh.Length) 1742 if _, err := io.ReadFull(fr.r, payload); err != nil { 1743 return nil, err 1744 } 1745 f, err := http2typeFrameParser(fh.Type)(fr.frameCache, fh, payload) 1746 if err != nil { 1747 if ce, ok := err.(http2connError); ok { 1748 return nil, fr.connError(ce.Code, ce.Reason) 1749 } 1750 return nil, err 1751 } 1752 if err := fr.checkFrameOrder(f); err != nil { 1753 return nil, err 1754 } 1755 if fr.logReads { 1756 fr.debugReadLoggerf("http2: Framer %p: read %v", fr, http2summarizeFrame(f)) 1757 } 1758 if fh.Type == http2FrameHeaders && fr.ReadMetaHeaders != nil { 1759 return fr.readMetaFrame(f.(*http2HeadersFrame)) 1760 } 1761 return f, nil 1762 } 1763 1764 // connError returns ConnectionError(code) but first 1765 // stashes away a public reason to the caller can optionally relay it 1766 // to the peer before hanging up on them. This might help others debug 1767 // their implementations. 1768 func (fr *http2Framer) connError(code http2ErrCode, reason string) error { 1769 fr.errDetail = errors.New(reason) 1770 return http2ConnectionError(code) 1771 } 1772 1773 // checkFrameOrder reports an error if f is an invalid frame to return 1774 // next from ReadFrame. Mostly it checks whether HEADERS and 1775 // CONTINUATION frames are contiguous. 1776 func (fr *http2Framer) checkFrameOrder(f http2Frame) error { 1777 last := fr.lastFrame 1778 fr.lastFrame = f 1779 if fr.AllowIllegalReads { 1780 return nil 1781 } 1782 1783 fh := f.Header() 1784 if fr.lastHeaderStream != 0 { 1785 if fh.Type != http2FrameContinuation { 1786 return fr.connError(http2ErrCodeProtocol, 1787 fmt.Sprintf("got %s for stream %d; expected CONTINUATION following %s for stream %d", 1788 fh.Type, fh.StreamID, 1789 last.Header().Type, fr.lastHeaderStream)) 1790 } 1791 if fh.StreamID != fr.lastHeaderStream { 1792 return fr.connError(http2ErrCodeProtocol, 1793 fmt.Sprintf("got CONTINUATION for stream %d; expected stream %d", 1794 fh.StreamID, fr.lastHeaderStream)) 1795 } 1796 } else if fh.Type == http2FrameContinuation { 1797 return fr.connError(http2ErrCodeProtocol, fmt.Sprintf("unexpected CONTINUATION for stream %d", fh.StreamID)) 1798 } 1799 1800 switch fh.Type { 1801 case http2FrameHeaders, http2FrameContinuation: 1802 if fh.Flags.Has(http2FlagHeadersEndHeaders) { 1803 fr.lastHeaderStream = 0 1804 } else { 1805 fr.lastHeaderStream = fh.StreamID 1806 } 1807 } 1808 1809 return nil 1810 } 1811 1812 // A DataFrame conveys arbitrary, variable-length sequences of octets 1813 // associated with a stream. 1814 // See http://http2.github.io/http2-spec/#rfc.section.6.1 1815 type http2DataFrame struct { 1816 http2FrameHeader 1817 data []byte 1818 } 1819 1820 func (f *http2DataFrame) StreamEnded() bool { 1821 return f.http2FrameHeader.Flags.Has(http2FlagDataEndStream) 1822 } 1823 1824 // Data returns the frame's data octets, not including any padding 1825 // size byte or padding suffix bytes. 1826 // The caller must not retain the returned memory past the next 1827 // call to ReadFrame. 1828 func (f *http2DataFrame) Data() []byte { 1829 f.checkValid() 1830 return f.data 1831 } 1832 1833 func http2parseDataFrame(fc *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) { 1834 if fh.StreamID == 0 { 1835 // DATA frames MUST be associated with a stream. If a 1836 // DATA frame is received whose stream identifier 1837 // field is 0x0, the recipient MUST respond with a 1838 // connection error (Section 5.4.1) of type 1839 // PROTOCOL_ERROR. 1840 return nil, http2connError{http2ErrCodeProtocol, "DATA frame with stream ID 0"} 1841 } 1842 f := fc.getDataFrame() 1843 f.http2FrameHeader = fh 1844 1845 var padSize byte 1846 if fh.Flags.Has(http2FlagDataPadded) { 1847 var err error 1848 payload, padSize, err = http2readByte(payload) 1849 if err != nil { 1850 return nil, err 1851 } 1852 } 1853 if int(padSize) > len(payload) { 1854 // If the length of the padding is greater than the 1855 // length of the frame payload, the recipient MUST 1856 // treat this as a connection error. 1857 // Filed: https://github.com/http2/http2-spec/issues/610 1858 return nil, http2connError{http2ErrCodeProtocol, "pad size larger than data payload"} 1859 } 1860 f.data = payload[:len(payload)-int(padSize)] 1861 return f, nil 1862 } 1863 1864 var ( 1865 http2errStreamID = errors.New("invalid stream ID") 1866 http2errDepStreamID = errors.New("invalid dependent stream ID") 1867 http2errPadLength = errors.New("pad length too large") 1868 http2errPadBytes = errors.New("padding bytes must all be zeros unless AllowIllegalWrites is enabled") 1869 ) 1870 1871 func http2validStreamIDOrZero(streamID uint32) bool { 1872 return streamID&(1<<31) == 0 1873 } 1874 1875 func http2validStreamID(streamID uint32) bool { 1876 return streamID != 0 && streamID&(1<<31) == 0 1877 } 1878 1879 // WriteData writes a DATA frame. 1880 // 1881 // It will perform exactly one Write to the underlying Writer. 1882 // It is the caller's responsibility not to violate the maximum frame size 1883 // and to not call other Write methods concurrently. 1884 func (f *http2Framer) WriteData(streamID uint32, endStream bool, data []byte) error { 1885 return f.WriteDataPadded(streamID, endStream, data, nil) 1886 } 1887 1888 // WriteData writes a DATA frame with optional padding. 1889 // 1890 // If pad is nil, the padding bit is not sent. 1891 // The length of pad must not exceed 255 bytes. 1892 // The bytes of pad must all be zero, unless f.AllowIllegalWrites is set. 1893 // 1894 // It will perform exactly one Write to the underlying Writer. 1895 // It is the caller's responsibility not to violate the maximum frame size 1896 // and to not call other Write methods concurrently. 1897 func (f *http2Framer) WriteDataPadded(streamID uint32, endStream bool, data, pad []byte) error { 1898 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 1899 return http2errStreamID 1900 } 1901 if len(pad) > 0 { 1902 if len(pad) > 255 { 1903 return http2errPadLength 1904 } 1905 if !f.AllowIllegalWrites { 1906 for _, b := range pad { 1907 if b != 0 { 1908 // "Padding octets MUST be set to zero when sending." 1909 return http2errPadBytes 1910 } 1911 } 1912 } 1913 } 1914 var flags http2Flags 1915 if endStream { 1916 flags |= http2FlagDataEndStream 1917 } 1918 if pad != nil { 1919 flags |= http2FlagDataPadded 1920 } 1921 f.startWrite(http2FrameData, flags, streamID) 1922 if pad != nil { 1923 f.wbuf = append(f.wbuf, byte(len(pad))) 1924 } 1925 f.wbuf = append(f.wbuf, data...) 1926 f.wbuf = append(f.wbuf, pad...) 1927 return f.endWrite() 1928 } 1929 1930 // A SettingsFrame conveys configuration parameters that affect how 1931 // endpoints communicate, such as preferences and constraints on peer 1932 // behavior. 1933 // 1934 // See http://http2.github.io/http2-spec/#SETTINGS 1935 type http2SettingsFrame struct { 1936 http2FrameHeader 1937 p []byte 1938 } 1939 1940 func http2parseSettingsFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 1941 if fh.Flags.Has(http2FlagSettingsAck) && fh.Length > 0 { 1942 // When this (ACK 0x1) bit is set, the payload of the 1943 // SETTINGS frame MUST be empty. Receipt of a 1944 // SETTINGS frame with the ACK flag set and a length 1945 // field value other than 0 MUST be treated as a 1946 // connection error (Section 5.4.1) of type 1947 // FRAME_SIZE_ERROR. 1948 return nil, http2ConnectionError(http2ErrCodeFrameSize) 1949 } 1950 if fh.StreamID != 0 { 1951 // SETTINGS frames always apply to a connection, 1952 // never a single stream. The stream identifier for a 1953 // SETTINGS frame MUST be zero (0x0). If an endpoint 1954 // receives a SETTINGS frame whose stream identifier 1955 // field is anything other than 0x0, the endpoint MUST 1956 // respond with a connection error (Section 5.4.1) of 1957 // type PROTOCOL_ERROR. 1958 return nil, http2ConnectionError(http2ErrCodeProtocol) 1959 } 1960 if len(p)%6 != 0 { 1961 // Expecting even number of 6 byte settings. 1962 return nil, http2ConnectionError(http2ErrCodeFrameSize) 1963 } 1964 f := &http2SettingsFrame{http2FrameHeader: fh, p: p} 1965 if v, ok := f.Value(http2SettingInitialWindowSize); ok && v > (1<<31)-1 { 1966 // Values above the maximum flow control window size of 2^31 - 1 MUST 1967 // be treated as a connection error (Section 5.4.1) of type 1968 // FLOW_CONTROL_ERROR. 1969 return nil, http2ConnectionError(http2ErrCodeFlowControl) 1970 } 1971 return f, nil 1972 } 1973 1974 func (f *http2SettingsFrame) IsAck() bool { 1975 return f.http2FrameHeader.Flags.Has(http2FlagSettingsAck) 1976 } 1977 1978 func (f *http2SettingsFrame) Value(id http2SettingID) (v uint32, ok bool) { 1979 f.checkValid() 1980 for i := 0; i < f.NumSettings(); i++ { 1981 if s := f.Setting(i); s.ID == id { 1982 return s.Val, true 1983 } 1984 } 1985 return 0, false 1986 } 1987 1988 // Setting returns the setting from the frame at the given 0-based index. 1989 // The index must be >= 0 and less than f.NumSettings(). 1990 func (f *http2SettingsFrame) Setting(i int) http2Setting { 1991 buf := f.p 1992 return http2Setting{ 1993 ID: http2SettingID(binary.BigEndian.Uint16(buf[i*6 : i*6+2])), 1994 Val: binary.BigEndian.Uint32(buf[i*6+2 : i*6+6]), 1995 } 1996 } 1997 1998 func (f *http2SettingsFrame) NumSettings() int { return len(f.p) / 6 } 1999 2000 // HasDuplicates reports whether f contains any duplicate setting IDs. 2001 func (f *http2SettingsFrame) HasDuplicates() bool { 2002 num := f.NumSettings() 2003 if num == 0 { 2004 return false 2005 } 2006 // If it's small enough (the common case), just do the n^2 2007 // thing and avoid a map allocation. 2008 if num < 10 { 2009 for i := 0; i < num; i++ { 2010 idi := f.Setting(i).ID 2011 for j := i + 1; j < num; j++ { 2012 idj := f.Setting(j).ID 2013 if idi == idj { 2014 return true 2015 } 2016 } 2017 } 2018 return false 2019 } 2020 seen := map[http2SettingID]bool{} 2021 for i := 0; i < num; i++ { 2022 id := f.Setting(i).ID 2023 if seen[id] { 2024 return true 2025 } 2026 seen[id] = true 2027 } 2028 return false 2029 } 2030 2031 // ForeachSetting runs fn for each setting. 2032 // It stops and returns the first error. 2033 func (f *http2SettingsFrame) ForeachSetting(fn func(http2Setting) error) error { 2034 f.checkValid() 2035 for i := 0; i < f.NumSettings(); i++ { 2036 if err := fn(f.Setting(i)); err != nil { 2037 return err 2038 } 2039 } 2040 return nil 2041 } 2042 2043 // WriteSettings writes a SETTINGS frame with zero or more settings 2044 // specified and the ACK bit not set. 2045 // 2046 // It will perform exactly one Write to the underlying Writer. 2047 // It is the caller's responsibility to not call other Write methods concurrently. 2048 func (f *http2Framer) WriteSettings(settings ...http2Setting) error { 2049 f.startWrite(http2FrameSettings, 0, 0) 2050 for _, s := range settings { 2051 f.writeUint16(uint16(s.ID)) 2052 f.writeUint32(s.Val) 2053 } 2054 return f.endWrite() 2055 } 2056 2057 // WriteSettingsAck writes an empty SETTINGS frame with the ACK bit set. 2058 // 2059 // It will perform exactly one Write to the underlying Writer. 2060 // It is the caller's responsibility to not call other Write methods concurrently. 2061 func (f *http2Framer) WriteSettingsAck() error { 2062 f.startWrite(http2FrameSettings, http2FlagSettingsAck, 0) 2063 return f.endWrite() 2064 } 2065 2066 // A PingFrame is a mechanism for measuring a minimal round trip time 2067 // from the sender, as well as determining whether an idle connection 2068 // is still functional. 2069 // See http://http2.github.io/http2-spec/#rfc.section.6.7 2070 type http2PingFrame struct { 2071 http2FrameHeader 2072 Data [8]byte 2073 } 2074 2075 func (f *http2PingFrame) IsAck() bool { return f.Flags.Has(http2FlagPingAck) } 2076 2077 func http2parsePingFrame(_ *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) { 2078 if len(payload) != 8 { 2079 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2080 } 2081 if fh.StreamID != 0 { 2082 return nil, http2ConnectionError(http2ErrCodeProtocol) 2083 } 2084 f := &http2PingFrame{http2FrameHeader: fh} 2085 copy(f.Data[:], payload) 2086 return f, nil 2087 } 2088 2089 func (f *http2Framer) WritePing(ack bool, data [8]byte) error { 2090 var flags http2Flags 2091 if ack { 2092 flags = http2FlagPingAck 2093 } 2094 f.startWrite(http2FramePing, flags, 0) 2095 f.writeBytes(data[:]) 2096 return f.endWrite() 2097 } 2098 2099 // A GoAwayFrame informs the remote peer to stop creating streams on this connection. 2100 // See http://http2.github.io/http2-spec/#rfc.section.6.8 2101 type http2GoAwayFrame struct { 2102 http2FrameHeader 2103 LastStreamID uint32 2104 ErrCode http2ErrCode 2105 debugData []byte 2106 } 2107 2108 // DebugData returns any debug data in the GOAWAY frame. Its contents 2109 // are not defined. 2110 // The caller must not retain the returned memory past the next 2111 // call to ReadFrame. 2112 func (f *http2GoAwayFrame) DebugData() []byte { 2113 f.checkValid() 2114 return f.debugData 2115 } 2116 2117 func http2parseGoAwayFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2118 if fh.StreamID != 0 { 2119 return nil, http2ConnectionError(http2ErrCodeProtocol) 2120 } 2121 if len(p) < 8 { 2122 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2123 } 2124 return &http2GoAwayFrame{ 2125 http2FrameHeader: fh, 2126 LastStreamID: binary.BigEndian.Uint32(p[:4]) & (1<<31 - 1), 2127 ErrCode: http2ErrCode(binary.BigEndian.Uint32(p[4:8])), 2128 debugData: p[8:], 2129 }, nil 2130 } 2131 2132 func (f *http2Framer) WriteGoAway(maxStreamID uint32, code http2ErrCode, debugData []byte) error { 2133 f.startWrite(http2FrameGoAway, 0, 0) 2134 f.writeUint32(maxStreamID & (1<<31 - 1)) 2135 f.writeUint32(uint32(code)) 2136 f.writeBytes(debugData) 2137 return f.endWrite() 2138 } 2139 2140 // An UnknownFrame is the frame type returned when the frame type is unknown 2141 // or no specific frame type parser exists. 2142 type http2UnknownFrame struct { 2143 http2FrameHeader 2144 p []byte 2145 } 2146 2147 // Payload returns the frame's payload (after the header). It is not 2148 // valid to call this method after a subsequent call to 2149 // Framer.ReadFrame, nor is it valid to retain the returned slice. 2150 // The memory is owned by the Framer and is invalidated when the next 2151 // frame is read. 2152 func (f *http2UnknownFrame) Payload() []byte { 2153 f.checkValid() 2154 return f.p 2155 } 2156 2157 func http2parseUnknownFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2158 return &http2UnknownFrame{fh, p}, nil 2159 } 2160 2161 // A WindowUpdateFrame is used to implement flow control. 2162 // See http://http2.github.io/http2-spec/#rfc.section.6.9 2163 type http2WindowUpdateFrame struct { 2164 http2FrameHeader 2165 Increment uint32 // never read with high bit set 2166 } 2167 2168 func http2parseWindowUpdateFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2169 if len(p) != 4 { 2170 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2171 } 2172 inc := binary.BigEndian.Uint32(p[:4]) & 0x7fffffff // mask off high reserved bit 2173 if inc == 0 { 2174 // A receiver MUST treat the receipt of a 2175 // WINDOW_UPDATE frame with an flow control window 2176 // increment of 0 as a stream error (Section 5.4.2) of 2177 // type PROTOCOL_ERROR; errors on the connection flow 2178 // control window MUST be treated as a connection 2179 // error (Section 5.4.1). 2180 if fh.StreamID == 0 { 2181 return nil, http2ConnectionError(http2ErrCodeProtocol) 2182 } 2183 return nil, http2streamError(fh.StreamID, http2ErrCodeProtocol) 2184 } 2185 return &http2WindowUpdateFrame{ 2186 http2FrameHeader: fh, 2187 Increment: inc, 2188 }, nil 2189 } 2190 2191 // WriteWindowUpdate writes a WINDOW_UPDATE frame. 2192 // The increment value must be between 1 and 2,147,483,647, inclusive. 2193 // If the Stream ID is zero, the window update applies to the 2194 // connection as a whole. 2195 func (f *http2Framer) WriteWindowUpdate(streamID, incr uint32) error { 2196 // "The legal range for the increment to the flow control window is 1 to 2^31-1 (2,147,483,647) octets." 2197 if (incr < 1 || incr > 2147483647) && !f.AllowIllegalWrites { 2198 return errors.New("illegal window increment value") 2199 } 2200 f.startWrite(http2FrameWindowUpdate, 0, streamID) 2201 f.writeUint32(incr) 2202 return f.endWrite() 2203 } 2204 2205 // A HeadersFrame is used to open a stream and additionally carries a 2206 // header block fragment. 2207 type http2HeadersFrame struct { 2208 http2FrameHeader 2209 2210 // Priority is set if FlagHeadersPriority is set in the FrameHeader. 2211 Priority http2PriorityParam 2212 2213 headerFragBuf []byte // not owned 2214 } 2215 2216 func (f *http2HeadersFrame) HeaderBlockFragment() []byte { 2217 f.checkValid() 2218 return f.headerFragBuf 2219 } 2220 2221 func (f *http2HeadersFrame) HeadersEnded() bool { 2222 return f.http2FrameHeader.Flags.Has(http2FlagHeadersEndHeaders) 2223 } 2224 2225 func (f *http2HeadersFrame) StreamEnded() bool { 2226 return f.http2FrameHeader.Flags.Has(http2FlagHeadersEndStream) 2227 } 2228 2229 func (f *http2HeadersFrame) HasPriority() bool { 2230 return f.http2FrameHeader.Flags.Has(http2FlagHeadersPriority) 2231 } 2232 2233 func http2parseHeadersFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (_ http2Frame, err error) { 2234 hf := &http2HeadersFrame{ 2235 http2FrameHeader: fh, 2236 } 2237 if fh.StreamID == 0 { 2238 // HEADERS frames MUST be associated with a stream. If a HEADERS frame 2239 // is received whose stream identifier field is 0x0, the recipient MUST 2240 // respond with a connection error (Section 5.4.1) of type 2241 // PROTOCOL_ERROR. 2242 return nil, http2connError{http2ErrCodeProtocol, "HEADERS frame with stream ID 0"} 2243 } 2244 var padLength uint8 2245 if fh.Flags.Has(http2FlagHeadersPadded) { 2246 if p, padLength, err = http2readByte(p); err != nil { 2247 return 2248 } 2249 } 2250 if fh.Flags.Has(http2FlagHeadersPriority) { 2251 var v uint32 2252 p, v, err = http2readUint32(p) 2253 if err != nil { 2254 return nil, err 2255 } 2256 hf.Priority.StreamDep = v & 0x7fffffff 2257 hf.Priority.Exclusive = (v != hf.Priority.StreamDep) // high bit was set 2258 p, hf.Priority.Weight, err = http2readByte(p) 2259 if err != nil { 2260 return nil, err 2261 } 2262 } 2263 if len(p)-int(padLength) <= 0 { 2264 return nil, http2streamError(fh.StreamID, http2ErrCodeProtocol) 2265 } 2266 hf.headerFragBuf = p[:len(p)-int(padLength)] 2267 return hf, nil 2268 } 2269 2270 // HeadersFrameParam are the parameters for writing a HEADERS frame. 2271 type http2HeadersFrameParam struct { 2272 // StreamID is the required Stream ID to initiate. 2273 StreamID uint32 2274 // BlockFragment is part (or all) of a Header Block. 2275 BlockFragment []byte 2276 2277 // EndStream indicates that the header block is the last that 2278 // the endpoint will send for the identified stream. Setting 2279 // this flag causes the stream to enter one of "half closed" 2280 // states. 2281 EndStream bool 2282 2283 // EndHeaders indicates that this frame contains an entire 2284 // header block and is not followed by any 2285 // CONTINUATION frames. 2286 EndHeaders bool 2287 2288 // PadLength is the optional number of bytes of zeros to add 2289 // to this frame. 2290 PadLength uint8 2291 2292 // Priority, if non-zero, includes stream priority information 2293 // in the HEADER frame. 2294 Priority http2PriorityParam 2295 } 2296 2297 // WriteHeaders writes a single HEADERS frame. 2298 // 2299 // This is a low-level header writing method. Encoding headers and 2300 // splitting them into any necessary CONTINUATION frames is handled 2301 // elsewhere. 2302 // 2303 // It will perform exactly one Write to the underlying Writer. 2304 // It is the caller's responsibility to not call other Write methods concurrently. 2305 func (f *http2Framer) WriteHeaders(p http2HeadersFrameParam) error { 2306 if !http2validStreamID(p.StreamID) && !f.AllowIllegalWrites { 2307 return http2errStreamID 2308 } 2309 var flags http2Flags 2310 if p.PadLength != 0 { 2311 flags |= http2FlagHeadersPadded 2312 } 2313 if p.EndStream { 2314 flags |= http2FlagHeadersEndStream 2315 } 2316 if p.EndHeaders { 2317 flags |= http2FlagHeadersEndHeaders 2318 } 2319 if !p.Priority.IsZero() { 2320 flags |= http2FlagHeadersPriority 2321 } 2322 f.startWrite(http2FrameHeaders, flags, p.StreamID) 2323 if p.PadLength != 0 { 2324 f.writeByte(p.PadLength) 2325 } 2326 if !p.Priority.IsZero() { 2327 v := p.Priority.StreamDep 2328 if !http2validStreamIDOrZero(v) && !f.AllowIllegalWrites { 2329 return http2errDepStreamID 2330 } 2331 if p.Priority.Exclusive { 2332 v |= 1 << 31 2333 } 2334 f.writeUint32(v) 2335 f.writeByte(p.Priority.Weight) 2336 } 2337 f.wbuf = append(f.wbuf, p.BlockFragment...) 2338 f.wbuf = append(f.wbuf, http2padZeros[:p.PadLength]...) 2339 return f.endWrite() 2340 } 2341 2342 // A PriorityFrame specifies the sender-advised priority of a stream. 2343 // See http://http2.github.io/http2-spec/#rfc.section.6.3 2344 type http2PriorityFrame struct { 2345 http2FrameHeader 2346 http2PriorityParam 2347 } 2348 2349 // PriorityParam are the stream prioritzation parameters. 2350 type http2PriorityParam struct { 2351 // StreamDep is a 31-bit stream identifier for the 2352 // stream that this stream depends on. Zero means no 2353 // dependency. 2354 StreamDep uint32 2355 2356 // Exclusive is whether the dependency is exclusive. 2357 Exclusive bool 2358 2359 // Weight is the stream's zero-indexed weight. It should be 2360 // set together with StreamDep, or neither should be set. Per 2361 // the spec, "Add one to the value to obtain a weight between 2362 // 1 and 256." 2363 Weight uint8 2364 } 2365 2366 func (p http2PriorityParam) IsZero() bool { 2367 return p == http2PriorityParam{} 2368 } 2369 2370 func http2parsePriorityFrame(_ *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) { 2371 if fh.StreamID == 0 { 2372 return nil, http2connError{http2ErrCodeProtocol, "PRIORITY frame with stream ID 0"} 2373 } 2374 if len(payload) != 5 { 2375 return nil, http2connError{http2ErrCodeFrameSize, fmt.Sprintf("PRIORITY frame payload size was %d; want 5", len(payload))} 2376 } 2377 v := binary.BigEndian.Uint32(payload[:4]) 2378 streamID := v & 0x7fffffff // mask off high bit 2379 return &http2PriorityFrame{ 2380 http2FrameHeader: fh, 2381 http2PriorityParam: http2PriorityParam{ 2382 Weight: payload[4], 2383 StreamDep: streamID, 2384 Exclusive: streamID != v, // was high bit set? 2385 }, 2386 }, nil 2387 } 2388 2389 // WritePriority writes a PRIORITY frame. 2390 // 2391 // It will perform exactly one Write to the underlying Writer. 2392 // It is the caller's responsibility to not call other Write methods concurrently. 2393 func (f *http2Framer) WritePriority(streamID uint32, p http2PriorityParam) error { 2394 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 2395 return http2errStreamID 2396 } 2397 if !http2validStreamIDOrZero(p.StreamDep) { 2398 return http2errDepStreamID 2399 } 2400 f.startWrite(http2FramePriority, 0, streamID) 2401 v := p.StreamDep 2402 if p.Exclusive { 2403 v |= 1 << 31 2404 } 2405 f.writeUint32(v) 2406 f.writeByte(p.Weight) 2407 return f.endWrite() 2408 } 2409 2410 // A RSTStreamFrame allows for abnormal termination of a stream. 2411 // See http://http2.github.io/http2-spec/#rfc.section.6.4 2412 type http2RSTStreamFrame struct { 2413 http2FrameHeader 2414 ErrCode http2ErrCode 2415 } 2416 2417 func http2parseRSTStreamFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2418 if len(p) != 4 { 2419 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2420 } 2421 if fh.StreamID == 0 { 2422 return nil, http2ConnectionError(http2ErrCodeProtocol) 2423 } 2424 return &http2RSTStreamFrame{fh, http2ErrCode(binary.BigEndian.Uint32(p[:4]))}, nil 2425 } 2426 2427 // WriteRSTStream writes a RST_STREAM frame. 2428 // 2429 // It will perform exactly one Write to the underlying Writer. 2430 // It is the caller's responsibility to not call other Write methods concurrently. 2431 func (f *http2Framer) WriteRSTStream(streamID uint32, code http2ErrCode) error { 2432 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 2433 return http2errStreamID 2434 } 2435 f.startWrite(http2FrameRSTStream, 0, streamID) 2436 f.writeUint32(uint32(code)) 2437 return f.endWrite() 2438 } 2439 2440 // A ContinuationFrame is used to continue a sequence of header block fragments. 2441 // See http://http2.github.io/http2-spec/#rfc.section.6.10 2442 type http2ContinuationFrame struct { 2443 http2FrameHeader 2444 headerFragBuf []byte 2445 } 2446 2447 func http2parseContinuationFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2448 if fh.StreamID == 0 { 2449 return nil, http2connError{http2ErrCodeProtocol, "CONTINUATION frame with stream ID 0"} 2450 } 2451 return &http2ContinuationFrame{fh, p}, nil 2452 } 2453 2454 func (f *http2ContinuationFrame) HeaderBlockFragment() []byte { 2455 f.checkValid() 2456 return f.headerFragBuf 2457 } 2458 2459 func (f *http2ContinuationFrame) HeadersEnded() bool { 2460 return f.http2FrameHeader.Flags.Has(http2FlagContinuationEndHeaders) 2461 } 2462 2463 // WriteContinuation writes a CONTINUATION frame. 2464 // 2465 // It will perform exactly one Write to the underlying Writer. 2466 // It is the caller's responsibility to not call other Write methods concurrently. 2467 func (f *http2Framer) WriteContinuation(streamID uint32, endHeaders bool, headerBlockFragment []byte) error { 2468 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 2469 return http2errStreamID 2470 } 2471 var flags http2Flags 2472 if endHeaders { 2473 flags |= http2FlagContinuationEndHeaders 2474 } 2475 f.startWrite(http2FrameContinuation, flags, streamID) 2476 f.wbuf = append(f.wbuf, headerBlockFragment...) 2477 return f.endWrite() 2478 } 2479 2480 // A PushPromiseFrame is used to initiate a server stream. 2481 // See http://http2.github.io/http2-spec/#rfc.section.6.6 2482 type http2PushPromiseFrame struct { 2483 http2FrameHeader 2484 PromiseID uint32 2485 headerFragBuf []byte // not owned 2486 } 2487 2488 func (f *http2PushPromiseFrame) HeaderBlockFragment() []byte { 2489 f.checkValid() 2490 return f.headerFragBuf 2491 } 2492 2493 func (f *http2PushPromiseFrame) HeadersEnded() bool { 2494 return f.http2FrameHeader.Flags.Has(http2FlagPushPromiseEndHeaders) 2495 } 2496 2497 func http2parsePushPromise(_ *http2frameCache, fh http2FrameHeader, p []byte) (_ http2Frame, err error) { 2498 pp := &http2PushPromiseFrame{ 2499 http2FrameHeader: fh, 2500 } 2501 if pp.StreamID == 0 { 2502 // PUSH_PROMISE frames MUST be associated with an existing, 2503 // peer-initiated stream. The stream identifier of a 2504 // PUSH_PROMISE frame indicates the stream it is associated 2505 // with. If the stream identifier field specifies the value 2506 // 0x0, a recipient MUST respond with a connection error 2507 // (Section 5.4.1) of type PROTOCOL_ERROR. 2508 return nil, http2ConnectionError(http2ErrCodeProtocol) 2509 } 2510 // The PUSH_PROMISE frame includes optional padding. 2511 // Padding fields and flags are identical to those defined for DATA frames 2512 var padLength uint8 2513 if fh.Flags.Has(http2FlagPushPromisePadded) { 2514 if p, padLength, err = http2readByte(p); err != nil { 2515 return 2516 } 2517 } 2518 2519 p, pp.PromiseID, err = http2readUint32(p) 2520 if err != nil { 2521 return 2522 } 2523 pp.PromiseID = pp.PromiseID & (1<<31 - 1) 2524 2525 if int(padLength) > len(p) { 2526 // like the DATA frame, error out if padding is longer than the body. 2527 return nil, http2ConnectionError(http2ErrCodeProtocol) 2528 } 2529 pp.headerFragBuf = p[:len(p)-int(padLength)] 2530 return pp, nil 2531 } 2532 2533 // PushPromiseParam are the parameters for writing a PUSH_PROMISE frame. 2534 type http2PushPromiseParam struct { 2535 // StreamID is the required Stream ID to initiate. 2536 StreamID uint32 2537 2538 // PromiseID is the required Stream ID which this 2539 // Push Promises 2540 PromiseID uint32 2541 2542 // BlockFragment is part (or all) of a Header Block. 2543 BlockFragment []byte 2544 2545 // EndHeaders indicates that this frame contains an entire 2546 // header block and is not followed by any 2547 // CONTINUATION frames. 2548 EndHeaders bool 2549 2550 // PadLength is the optional number of bytes of zeros to add 2551 // to this frame. 2552 PadLength uint8 2553 } 2554 2555 // WritePushPromise writes a single PushPromise Frame. 2556 // 2557 // As with Header Frames, This is the low level call for writing 2558 // individual frames. Continuation frames are handled elsewhere. 2559 // 2560 // It will perform exactly one Write to the underlying Writer. 2561 // It is the caller's responsibility to not call other Write methods concurrently. 2562 func (f *http2Framer) WritePushPromise(p http2PushPromiseParam) error { 2563 if !http2validStreamID(p.StreamID) && !f.AllowIllegalWrites { 2564 return http2errStreamID 2565 } 2566 var flags http2Flags 2567 if p.PadLength != 0 { 2568 flags |= http2FlagPushPromisePadded 2569 } 2570 if p.EndHeaders { 2571 flags |= http2FlagPushPromiseEndHeaders 2572 } 2573 f.startWrite(http2FramePushPromise, flags, p.StreamID) 2574 if p.PadLength != 0 { 2575 f.writeByte(p.PadLength) 2576 } 2577 if !http2validStreamID(p.PromiseID) && !f.AllowIllegalWrites { 2578 return http2errStreamID 2579 } 2580 f.writeUint32(p.PromiseID) 2581 f.wbuf = append(f.wbuf, p.BlockFragment...) 2582 f.wbuf = append(f.wbuf, http2padZeros[:p.PadLength]...) 2583 return f.endWrite() 2584 } 2585 2586 // WriteRawFrame writes a raw frame. This can be used to write 2587 // extension frames unknown to this package. 2588 func (f *http2Framer) WriteRawFrame(t http2FrameType, flags http2Flags, streamID uint32, payload []byte) error { 2589 f.startWrite(t, flags, streamID) 2590 f.writeBytes(payload) 2591 return f.endWrite() 2592 } 2593 2594 func http2readByte(p []byte) (remain []byte, b byte, err error) { 2595 if len(p) == 0 { 2596 return nil, 0, io.ErrUnexpectedEOF 2597 } 2598 return p[1:], p[0], nil 2599 } 2600 2601 func http2readUint32(p []byte) (remain []byte, v uint32, err error) { 2602 if len(p) < 4 { 2603 return nil, 0, io.ErrUnexpectedEOF 2604 } 2605 return p[4:], binary.BigEndian.Uint32(p[:4]), nil 2606 } 2607 2608 type http2streamEnder interface { 2609 StreamEnded() bool 2610 } 2611 2612 type http2headersEnder interface { 2613 HeadersEnded() bool 2614 } 2615 2616 type http2headersOrContinuation interface { 2617 http2headersEnder 2618 HeaderBlockFragment() []byte 2619 } 2620 2621 // A MetaHeadersFrame is the representation of one HEADERS frame and 2622 // zero or more contiguous CONTINUATION frames and the decoding of 2623 // their HPACK-encoded contents. 2624 // 2625 // This type of frame does not appear on the wire and is only returned 2626 // by the Framer when Framer.ReadMetaHeaders is set. 2627 type http2MetaHeadersFrame struct { 2628 *http2HeadersFrame 2629 2630 // Fields are the fields contained in the HEADERS and 2631 // CONTINUATION frames. The underlying slice is owned by the 2632 // Framer and must not be retained after the next call to 2633 // ReadFrame. 2634 // 2635 // Fields are guaranteed to be in the correct http2 order and 2636 // not have unknown pseudo header fields or invalid header 2637 // field names or values. Required pseudo header fields may be 2638 // missing, however. Use the MetaHeadersFrame.Pseudo accessor 2639 // method access pseudo headers. 2640 Fields []hpack.HeaderField 2641 2642 // Truncated is whether the max header list size limit was hit 2643 // and Fields is incomplete. The hpack decoder state is still 2644 // valid, however. 2645 Truncated bool 2646 } 2647 2648 // PseudoValue returns the given pseudo header field's value. 2649 // The provided pseudo field should not contain the leading colon. 2650 func (mh *http2MetaHeadersFrame) PseudoValue(pseudo string) string { 2651 for _, hf := range mh.Fields { 2652 if !hf.IsPseudo() { 2653 return "" 2654 } 2655 if hf.Name[1:] == pseudo { 2656 return hf.Value 2657 } 2658 } 2659 return "" 2660 } 2661 2662 // RegularFields returns the regular (non-pseudo) header fields of mh. 2663 // The caller does not own the returned slice. 2664 func (mh *http2MetaHeadersFrame) RegularFields() []hpack.HeaderField { 2665 for i, hf := range mh.Fields { 2666 if !hf.IsPseudo() { 2667 return mh.Fields[i:] 2668 } 2669 } 2670 return nil 2671 } 2672 2673 // PseudoFields returns the pseudo header fields of mh. 2674 // The caller does not own the returned slice. 2675 func (mh *http2MetaHeadersFrame) PseudoFields() []hpack.HeaderField { 2676 for i, hf := range mh.Fields { 2677 if !hf.IsPseudo() { 2678 return mh.Fields[:i] 2679 } 2680 } 2681 return mh.Fields 2682 } 2683 2684 func (mh *http2MetaHeadersFrame) checkPseudos() error { 2685 var isRequest, isResponse bool 2686 pf := mh.PseudoFields() 2687 for i, hf := range pf { 2688 switch hf.Name { 2689 case ":method", ":path", ":scheme", ":authority": 2690 isRequest = true 2691 case ":status": 2692 isResponse = true 2693 default: 2694 return http2pseudoHeaderError(hf.Name) 2695 } 2696 // Check for duplicates. 2697 // This would be a bad algorithm, but N is 4. 2698 // And this doesn't allocate. 2699 for _, hf2 := range pf[:i] { 2700 if hf.Name == hf2.Name { 2701 return http2duplicatePseudoHeaderError(hf.Name) 2702 } 2703 } 2704 } 2705 if isRequest && isResponse { 2706 return http2errMixPseudoHeaderTypes 2707 } 2708 return nil 2709 } 2710 2711 func (fr *http2Framer) maxHeaderStringLen() int { 2712 v := fr.maxHeaderListSize() 2713 if uint32(int(v)) == v { 2714 return int(v) 2715 } 2716 // They had a crazy big number for MaxHeaderBytes anyway, 2717 // so give them unlimited header lengths: 2718 return 0 2719 } 2720 2721 // readMetaFrame returns 0 or more CONTINUATION frames from fr and 2722 // merge them into the provided hf and returns a MetaHeadersFrame 2723 // with the decoded hpack values. 2724 func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFrame, error) { 2725 if fr.AllowIllegalReads { 2726 return nil, errors.New("illegal use of AllowIllegalReads with ReadMetaHeaders") 2727 } 2728 mh := &http2MetaHeadersFrame{ 2729 http2HeadersFrame: hf, 2730 } 2731 var remainSize = fr.maxHeaderListSize() 2732 var sawRegular bool 2733 2734 var invalid error // pseudo header field errors 2735 hdec := fr.ReadMetaHeaders 2736 hdec.SetEmitEnabled(true) 2737 hdec.SetMaxStringLength(fr.maxHeaderStringLen()) 2738 hdec.SetEmitFunc(func(hf hpack.HeaderField) { 2739 if http2VerboseLogs && fr.logReads { 2740 fr.debugReadLoggerf("http2: decoded hpack field %+v", hf) 2741 } 2742 if !httpguts.ValidHeaderFieldValue(hf.Value) { 2743 invalid = http2headerFieldValueError(hf.Value) 2744 } 2745 isPseudo := strings.HasPrefix(hf.Name, ":") 2746 if isPseudo { 2747 if sawRegular { 2748 invalid = http2errPseudoAfterRegular 2749 } 2750 } else { 2751 sawRegular = true 2752 if !http2validWireHeaderFieldName(hf.Name) { 2753 invalid = http2headerFieldNameError(hf.Name) 2754 } 2755 } 2756 2757 if invalid != nil { 2758 hdec.SetEmitEnabled(false) 2759 return 2760 } 2761 2762 size := hf.Size() 2763 if size > remainSize { 2764 hdec.SetEmitEnabled(false) 2765 mh.Truncated = true 2766 return 2767 } 2768 remainSize -= size 2769 2770 mh.Fields = append(mh.Fields, hf) 2771 }) 2772 // Lose reference to MetaHeadersFrame: 2773 defer hdec.SetEmitFunc(func(hf hpack.HeaderField) {}) 2774 2775 var hc http2headersOrContinuation = hf 2776 for { 2777 frag := hc.HeaderBlockFragment() 2778 if _, err := hdec.Write(frag); err != nil { 2779 return nil, http2ConnectionError(http2ErrCodeCompression) 2780 } 2781 2782 if hc.HeadersEnded() { 2783 break 2784 } 2785 if f, err := fr.ReadFrame(); err != nil { 2786 return nil, err 2787 } else { 2788 hc = f.(*http2ContinuationFrame) // guaranteed by checkFrameOrder 2789 } 2790 } 2791 2792 mh.http2HeadersFrame.headerFragBuf = nil 2793 mh.http2HeadersFrame.invalidate() 2794 2795 if err := hdec.Close(); err != nil { 2796 return nil, http2ConnectionError(http2ErrCodeCompression) 2797 } 2798 if invalid != nil { 2799 fr.errDetail = invalid 2800 if http2VerboseLogs { 2801 log.Printf("http2: invalid header: %v", invalid) 2802 } 2803 return nil, http2StreamError{mh.StreamID, http2ErrCodeProtocol, invalid} 2804 } 2805 if err := mh.checkPseudos(); err != nil { 2806 fr.errDetail = err 2807 if http2VerboseLogs { 2808 log.Printf("http2: invalid pseudo headers: %v", err) 2809 } 2810 return nil, http2StreamError{mh.StreamID, http2ErrCodeProtocol, err} 2811 } 2812 return mh, nil 2813 } 2814 2815 func http2summarizeFrame(f http2Frame) string { 2816 var buf bytes.Buffer 2817 f.Header().writeDebug(&buf) 2818 switch f := f.(type) { 2819 case *http2SettingsFrame: 2820 n := 0 2821 f.ForeachSetting(func(s http2Setting) error { 2822 n++ 2823 if n == 1 { 2824 buf.WriteString(", settings:") 2825 } 2826 fmt.Fprintf(&buf, " %v=%v,", s.ID, s.Val) 2827 return nil 2828 }) 2829 if n > 0 { 2830 buf.Truncate(buf.Len() - 1) // remove trailing comma 2831 } 2832 case *http2DataFrame: 2833 data := f.Data() 2834 const max = 256 2835 if len(data) > max { 2836 data = data[:max] 2837 } 2838 fmt.Fprintf(&buf, " data=%q", data) 2839 if len(f.Data()) > max { 2840 fmt.Fprintf(&buf, " (%d bytes omitted)", len(f.Data())-max) 2841 } 2842 case *http2WindowUpdateFrame: 2843 if f.StreamID == 0 { 2844 buf.WriteString(" (conn)") 2845 } 2846 fmt.Fprintf(&buf, " incr=%v", f.Increment) 2847 case *http2PingFrame: 2848 fmt.Fprintf(&buf, " ping=%q", f.Data[:]) 2849 case *http2GoAwayFrame: 2850 fmt.Fprintf(&buf, " LastStreamID=%v ErrCode=%v Debug=%q", 2851 f.LastStreamID, f.ErrCode, f.debugData) 2852 case *http2RSTStreamFrame: 2853 fmt.Fprintf(&buf, " ErrCode=%v", f.ErrCode) 2854 } 2855 return buf.String() 2856 } 2857 2858 func http2traceHasWroteHeaderField(trace *httptrace.ClientTrace) bool { 2859 return trace != nil && trace.WroteHeaderField != nil 2860 } 2861 2862 func http2traceWroteHeaderField(trace *httptrace.ClientTrace, k, v string) { 2863 if trace != nil && trace.WroteHeaderField != nil { 2864 trace.WroteHeaderField(k, []string{v}) 2865 } 2866 } 2867 2868 func http2traceGot1xxResponseFunc(trace *httptrace.ClientTrace) func(int, textproto.MIMEHeader) error { 2869 if trace != nil { 2870 return trace.Got1xxResponse 2871 } 2872 return nil 2873 } 2874 2875 var http2DebugGoroutines = os.Getenv("DEBUG_HTTP2_GOROUTINES") == "1" 2876 2877 type http2goroutineLock uint64 2878 2879 func http2newGoroutineLock() http2goroutineLock { 2880 if !http2DebugGoroutines { 2881 return 0 2882 } 2883 return http2goroutineLock(http2curGoroutineID()) 2884 } 2885 2886 func (g http2goroutineLock) check() { 2887 if !http2DebugGoroutines { 2888 return 2889 } 2890 if http2curGoroutineID() != uint64(g) { 2891 panic("running on the wrong goroutine") 2892 } 2893 } 2894 2895 func (g http2goroutineLock) checkNotOn() { 2896 if !http2DebugGoroutines { 2897 return 2898 } 2899 if http2curGoroutineID() == uint64(g) { 2900 panic("running on the wrong goroutine") 2901 } 2902 } 2903 2904 var http2goroutineSpace = []byte("goroutine ") 2905 2906 func http2curGoroutineID() uint64 { 2907 bp := http2littleBuf.Get().(*[]byte) 2908 defer http2littleBuf.Put(bp) 2909 b := *bp 2910 b = b[:runtime.Stack(b, false)] 2911 // Parse the 4707 out of "goroutine 4707 [" 2912 b = bytes.TrimPrefix(b, http2goroutineSpace) 2913 i := bytes.IndexByte(b, ' ') 2914 if i < 0 { 2915 panic(fmt.Sprintf("No space found in %q", b)) 2916 } 2917 b = b[:i] 2918 n, err := http2parseUintBytes(b, 10, 64) 2919 if err != nil { 2920 panic(fmt.Sprintf("Failed to parse goroutine ID out of %q: %v", b, err)) 2921 } 2922 return n 2923 } 2924 2925 var http2littleBuf = sync.Pool{ 2926 New: func() interface{} { 2927 buf := make([]byte, 64) 2928 return &buf 2929 }, 2930 } 2931 2932 // parseUintBytes is like strconv.ParseUint, but using a []byte. 2933 func http2parseUintBytes(s []byte, base int, bitSize int) (n uint64, err error) { 2934 var cutoff, maxVal uint64 2935 2936 if bitSize == 0 { 2937 bitSize = int(strconv.IntSize) 2938 } 2939 2940 s0 := s 2941 switch { 2942 case len(s) < 1: 2943 err = strconv.ErrSyntax 2944 goto Error 2945 2946 case 2 <= base && base <= 36: 2947 // valid base; nothing to do 2948 2949 case base == 0: 2950 // Look for octal, hex prefix. 2951 switch { 2952 case s[0] == '0' && len(s) > 1 && (s[1] == 'x' || s[1] == 'X'): 2953 base = 16 2954 s = s[2:] 2955 if len(s) < 1 { 2956 err = strconv.ErrSyntax 2957 goto Error 2958 } 2959 case s[0] == '0': 2960 base = 8 2961 default: 2962 base = 10 2963 } 2964 2965 default: 2966 err = errors.New("invalid base " + strconv.Itoa(base)) 2967 goto Error 2968 } 2969 2970 n = 0 2971 cutoff = http2cutoff64(base) 2972 maxVal = 1<<uint(bitSize) - 1 2973 2974 for i := 0; i < len(s); i++ { 2975 var v byte 2976 d := s[i] 2977 switch { 2978 case '0' <= d && d <= '9': 2979 v = d - '0' 2980 case 'a' <= d && d <= 'z': 2981 v = d - 'a' + 10 2982 case 'A' <= d && d <= 'Z': 2983 v = d - 'A' + 10 2984 default: 2985 n = 0 2986 err = strconv.ErrSyntax 2987 goto Error 2988 } 2989 if int(v) >= base { 2990 n = 0 2991 err = strconv.ErrSyntax 2992 goto Error 2993 } 2994 2995 if n >= cutoff { 2996 // n*base overflows 2997 n = 1<<64 - 1 2998 err = strconv.ErrRange 2999 goto Error 3000 } 3001 n *= uint64(base) 3002 3003 n1 := n + uint64(v) 3004 if n1 < n || n1 > maxVal { 3005 // n+v overflows 3006 n = 1<<64 - 1 3007 err = strconv.ErrRange 3008 goto Error 3009 } 3010 n = n1 3011 } 3012 3013 return n, nil 3014 3015 Error: 3016 return n, &strconv.NumError{Func: "ParseUint", Num: string(s0), Err: err} 3017 } 3018 3019 // Return the first number n such that n*base >= 1<<64. 3020 func http2cutoff64(base int) uint64 { 3021 if base < 2 { 3022 return 0 3023 } 3024 return (1<<64-1)/uint64(base) + 1 3025 } 3026 3027 var ( 3028 http2commonBuildOnce sync.Once 3029 http2commonLowerHeader map[string]string // Go-Canonical-Case -> lower-case 3030 http2commonCanonHeader map[string]string // lower-case -> Go-Canonical-Case 3031 ) 3032 3033 func http2buildCommonHeaderMapsOnce() { 3034 http2commonBuildOnce.Do(http2buildCommonHeaderMaps) 3035 } 3036 3037 func http2buildCommonHeaderMaps() { 3038 common := []string{ 3039 "accept", 3040 "accept-charset", 3041 "accept-encoding", 3042 "accept-language", 3043 "accept-ranges", 3044 "age", 3045 "access-control-allow-origin", 3046 "allow", 3047 "authorization", 3048 "cache-control", 3049 "content-disposition", 3050 "content-encoding", 3051 "content-language", 3052 "content-length", 3053 "content-location", 3054 "content-range", 3055 "content-type", 3056 "cookie", 3057 "date", 3058 "etag", 3059 "expect", 3060 "expires", 3061 "from", 3062 "host", 3063 "if-match", 3064 "if-modified-since", 3065 "if-none-match", 3066 "if-unmodified-since", 3067 "last-modified", 3068 "link", 3069 "location", 3070 "max-forwards", 3071 "proxy-authenticate", 3072 "proxy-authorization", 3073 "range", 3074 "referer", 3075 "refresh", 3076 "retry-after", 3077 "server", 3078 "set-cookie", 3079 "strict-transport-security", 3080 "trailer", 3081 "transfer-encoding", 3082 "user-agent", 3083 "vary", 3084 "via", 3085 "www-authenticate", 3086 } 3087 http2commonLowerHeader = make(map[string]string, len(common)) 3088 http2commonCanonHeader = make(map[string]string, len(common)) 3089 for _, v := range common { 3090 chk := CanonicalHeaderKey(v) 3091 http2commonLowerHeader[chk] = v 3092 http2commonCanonHeader[v] = chk 3093 } 3094 } 3095 3096 func http2lowerHeader(v string) string { 3097 http2buildCommonHeaderMapsOnce() 3098 if s, ok := http2commonLowerHeader[v]; ok { 3099 return s 3100 } 3101 return strings.ToLower(v) 3102 } 3103 3104 var ( 3105 http2VerboseLogs bool 3106 http2logFrameWrites bool 3107 http2logFrameReads bool 3108 http2inTests bool 3109 ) 3110 3111 func init() { 3112 e := os.Getenv("GODEBUG") 3113 if strings.Contains(e, "http2debug=1") { 3114 http2VerboseLogs = true 3115 } 3116 if strings.Contains(e, "http2debug=2") { 3117 http2VerboseLogs = true 3118 http2logFrameWrites = true 3119 http2logFrameReads = true 3120 } 3121 } 3122 3123 const ( 3124 // ClientPreface is the string that must be sent by new 3125 // connections from clients. 3126 http2ClientPreface = "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n" 3127 3128 // SETTINGS_MAX_FRAME_SIZE default 3129 // http://http2.github.io/http2-spec/#rfc.section.6.5.2 3130 http2initialMaxFrameSize = 16384 3131 3132 // NextProtoTLS is the NPN/ALPN protocol negotiated during 3133 // HTTP/2's TLS setup. 3134 http2NextProtoTLS = "h2" 3135 3136 // http://http2.github.io/http2-spec/#SettingValues 3137 http2initialHeaderTableSize = 4096 3138 3139 http2initialWindowSize = 65535 // 6.9.2 Initial Flow Control Window Size 3140 3141 http2defaultMaxReadFrameSize = 1 << 20 3142 ) 3143 3144 var ( 3145 http2clientPreface = []byte(http2ClientPreface) 3146 ) 3147 3148 type http2streamState int 3149 3150 // HTTP/2 stream states. 3151 // 3152 // See http://tools.ietf.org/html/rfc7540#section-5.1. 3153 // 3154 // For simplicity, the server code merges "reserved (local)" into 3155 // "half-closed (remote)". This is one less state transition to track. 3156 // The only downside is that we send PUSH_PROMISEs slightly less 3157 // liberally than allowable. More discussion here: 3158 // https://lists.w3.org/Archives/Public/ietf-http-wg/2016JulSep/0599.html 3159 // 3160 // "reserved (remote)" is omitted since the client code does not 3161 // support server push. 3162 const ( 3163 http2stateIdle http2streamState = iota 3164 http2stateOpen 3165 http2stateHalfClosedLocal 3166 http2stateHalfClosedRemote 3167 http2stateClosed 3168 ) 3169 3170 var http2stateName = [...]string{ 3171 http2stateIdle: "Idle", 3172 http2stateOpen: "Open", 3173 http2stateHalfClosedLocal: "HalfClosedLocal", 3174 http2stateHalfClosedRemote: "HalfClosedRemote", 3175 http2stateClosed: "Closed", 3176 } 3177 3178 func (st http2streamState) String() string { 3179 return http2stateName[st] 3180 } 3181 3182 // Setting is a setting parameter: which setting it is, and its value. 3183 type http2Setting struct { 3184 // ID is which setting is being set. 3185 // See http://http2.github.io/http2-spec/#SettingValues 3186 ID http2SettingID 3187 3188 // Val is the value. 3189 Val uint32 3190 } 3191 3192 func (s http2Setting) String() string { 3193 return fmt.Sprintf("[%v = %d]", s.ID, s.Val) 3194 } 3195 3196 // Valid reports whether the setting is valid. 3197 func (s http2Setting) Valid() error { 3198 // Limits and error codes from 6.5.2 Defined SETTINGS Parameters 3199 switch s.ID { 3200 case http2SettingEnablePush: 3201 if s.Val != 1 && s.Val != 0 { 3202 return http2ConnectionError(http2ErrCodeProtocol) 3203 } 3204 case http2SettingInitialWindowSize: 3205 if s.Val > 1<<31-1 { 3206 return http2ConnectionError(http2ErrCodeFlowControl) 3207 } 3208 case http2SettingMaxFrameSize: 3209 if s.Val < 16384 || s.Val > 1<<24-1 { 3210 return http2ConnectionError(http2ErrCodeProtocol) 3211 } 3212 } 3213 return nil 3214 } 3215 3216 // A SettingID is an HTTP/2 setting as defined in 3217 // http://http2.github.io/http2-spec/#iana-settings 3218 type http2SettingID uint16 3219 3220 const ( 3221 http2SettingHeaderTableSize http2SettingID = 0x1 3222 http2SettingEnablePush http2SettingID = 0x2 3223 http2SettingMaxConcurrentStreams http2SettingID = 0x3 3224 http2SettingInitialWindowSize http2SettingID = 0x4 3225 http2SettingMaxFrameSize http2SettingID = 0x5 3226 http2SettingMaxHeaderListSize http2SettingID = 0x6 3227 ) 3228 3229 var http2settingName = map[http2SettingID]string{ 3230 http2SettingHeaderTableSize: "HEADER_TABLE_SIZE", 3231 http2SettingEnablePush: "ENABLE_PUSH", 3232 http2SettingMaxConcurrentStreams: "MAX_CONCURRENT_STREAMS", 3233 http2SettingInitialWindowSize: "INITIAL_WINDOW_SIZE", 3234 http2SettingMaxFrameSize: "MAX_FRAME_SIZE", 3235 http2SettingMaxHeaderListSize: "MAX_HEADER_LIST_SIZE", 3236 } 3237 3238 func (s http2SettingID) String() string { 3239 if v, ok := http2settingName[s]; ok { 3240 return v 3241 } 3242 return fmt.Sprintf("UNKNOWN_SETTING_%d", uint16(s)) 3243 } 3244 3245 var ( 3246 http2errInvalidHeaderFieldName = errors.New("http2: invalid header field name") 3247 http2errInvalidHeaderFieldValue = errors.New("http2: invalid header field value") 3248 ) 3249 3250 // validWireHeaderFieldName reports whether v is a valid header field 3251 // name (key). See httpguts.ValidHeaderName for the base rules. 3252 // 3253 // Further, http2 says: 3254 // "Just as in HTTP/1.x, header field names are strings of ASCII 3255 // characters that are compared in a case-insensitive 3256 // fashion. However, header field names MUST be converted to 3257 // lowercase prior to their encoding in HTTP/2. " 3258 func http2validWireHeaderFieldName(v string) bool { 3259 if len(v) == 0 { 3260 return false 3261 } 3262 for _, r := range v { 3263 if !httpguts.IsTokenRune(r) { 3264 return false 3265 } 3266 if 'A' <= r && r <= 'Z' { 3267 return false 3268 } 3269 } 3270 return true 3271 } 3272 3273 func http2httpCodeString(code int) string { 3274 switch code { 3275 case 200: 3276 return "200" 3277 case 404: 3278 return "404" 3279 } 3280 return strconv.Itoa(code) 3281 } 3282 3283 // from pkg io 3284 type http2stringWriter interface { 3285 WriteString(s string) (n int, err error) 3286 } 3287 3288 // A gate lets two goroutines coordinate their activities. 3289 type http2gate chan struct{} 3290 3291 func (g http2gate) Done() { g <- struct{}{} } 3292 3293 func (g http2gate) Wait() { <-g } 3294 3295 // A closeWaiter is like a sync.WaitGroup but only goes 1 to 0 (open to closed). 3296 type http2closeWaiter chan struct{} 3297 3298 // Init makes a closeWaiter usable. 3299 // It exists because so a closeWaiter value can be placed inside a 3300 // larger struct and have the Mutex and Cond's memory in the same 3301 // allocation. 3302 func (cw *http2closeWaiter) Init() { 3303 *cw = make(chan struct{}) 3304 } 3305 3306 // Close marks the closeWaiter as closed and unblocks any waiters. 3307 func (cw http2closeWaiter) Close() { 3308 close(cw) 3309 } 3310 3311 // Wait waits for the closeWaiter to become closed. 3312 func (cw http2closeWaiter) Wait() { 3313 <-cw 3314 } 3315 3316 // bufferedWriter is a buffered writer that writes to w. 3317 // Its buffered writer is lazily allocated as needed, to minimize 3318 // idle memory usage with many connections. 3319 type http2bufferedWriter struct { 3320 w io.Writer // immutable 3321 bw *bufio.Writer // non-nil when data is buffered 3322 } 3323 3324 func http2newBufferedWriter(w io.Writer) *http2bufferedWriter { 3325 return &http2bufferedWriter{w: w} 3326 } 3327 3328 // bufWriterPoolBufferSize is the size of bufio.Writer's 3329 // buffers created using bufWriterPool. 3330 // 3331 // TODO: pick a less arbitrary value? this is a bit under 3332 // (3 x typical 1500 byte MTU) at least. Other than that, 3333 // not much thought went into it. 3334 const http2bufWriterPoolBufferSize = 4 << 10 3335 3336 var http2bufWriterPool = sync.Pool{ 3337 New: func() interface{} { 3338 return bufio.NewWriterSize(nil, http2bufWriterPoolBufferSize) 3339 }, 3340 } 3341 3342 func (w *http2bufferedWriter) Available() int { 3343 if w.bw == nil { 3344 return http2bufWriterPoolBufferSize 3345 } 3346 return w.bw.Available() 3347 } 3348 3349 func (w *http2bufferedWriter) Write(p []byte) (n int, err error) { 3350 if w.bw == nil { 3351 bw := http2bufWriterPool.Get().(*bufio.Writer) 3352 bw.Reset(w.w) 3353 w.bw = bw 3354 } 3355 return w.bw.Write(p) 3356 } 3357 3358 func (w *http2bufferedWriter) Flush() error { 3359 bw := w.bw 3360 if bw == nil { 3361 return nil 3362 } 3363 err := bw.Flush() 3364 bw.Reset(nil) 3365 http2bufWriterPool.Put(bw) 3366 w.bw = nil 3367 return err 3368 } 3369 3370 func http2mustUint31(v int32) uint32 { 3371 if v < 0 || v > 2147483647 { 3372 panic("out of range") 3373 } 3374 return uint32(v) 3375 } 3376 3377 // bodyAllowedForStatus reports whether a given response status code 3378 // permits a body. See RFC 7230, section 3.3. 3379 func http2bodyAllowedForStatus(status int) bool { 3380 switch { 3381 case status >= 100 && status <= 199: 3382 return false 3383 case status == 204: 3384 return false 3385 case status == 304: 3386 return false 3387 } 3388 return true 3389 } 3390 3391 type http2httpError struct { 3392 msg string 3393 timeout bool 3394 } 3395 3396 func (e *http2httpError) Error() string { return e.msg } 3397 3398 func (e *http2httpError) Timeout() bool { return e.timeout } 3399 3400 func (e *http2httpError) Temporary() bool { return true } 3401 3402 var http2errTimeout error = &http2httpError{msg: "http2: timeout awaiting response headers", timeout: true} 3403 3404 type http2connectionStater interface { 3405 ConnectionState() tls.ConnectionState 3406 } 3407 3408 var http2sorterPool = sync.Pool{New: func() interface{} { return new(http2sorter) }} 3409 3410 type http2sorter struct { 3411 v []string // owned by sorter 3412 } 3413 3414 func (s *http2sorter) Len() int { return len(s.v) } 3415 3416 func (s *http2sorter) Swap(i, j int) { s.v[i], s.v[j] = s.v[j], s.v[i] } 3417 3418 func (s *http2sorter) Less(i, j int) bool { return s.v[i] < s.v[j] } 3419 3420 // Keys returns the sorted keys of h. 3421 // 3422 // The returned slice is only valid until s used again or returned to 3423 // its pool. 3424 func (s *http2sorter) Keys(h Header) []string { 3425 keys := s.v[:0] 3426 for k := range h { 3427 keys = append(keys, k) 3428 } 3429 s.v = keys 3430 sort.Sort(s) 3431 return keys 3432 } 3433 3434 func (s *http2sorter) SortStrings(ss []string) { 3435 // Our sorter works on s.v, which sorter owns, so 3436 // stash it away while we sort the user's buffer. 3437 save := s.v 3438 s.v = ss 3439 sort.Sort(s) 3440 s.v = save 3441 } 3442 3443 // validPseudoPath reports whether v is a valid :path pseudo-header 3444 // value. It must be either: 3445 // 3446 // *) a non-empty string starting with '/' 3447 // *) the string '*', for OPTIONS requests. 3448 // 3449 // For now this is only used a quick check for deciding when to clean 3450 // up Opaque URLs before sending requests from the Transport. 3451 // See golang.org/issue/16847 3452 // 3453 // We used to enforce that the path also didn't start with "//", but 3454 // Google's GFE accepts such paths and Chrome sends them, so ignore 3455 // that part of the spec. See golang.org/issue/19103. 3456 func http2validPseudoPath(v string) bool { 3457 return (len(v) > 0 && v[0] == '/') || v == "*" 3458 } 3459 3460 // pipe is a goroutine-safe io.Reader/io.Writer pair. It's like 3461 // io.Pipe except there are no PipeReader/PipeWriter halves, and the 3462 // underlying buffer is an interface. (io.Pipe is always unbuffered) 3463 type http2pipe struct { 3464 mu sync.Mutex 3465 c sync.Cond // c.L lazily initialized to &p.mu 3466 b http2pipeBuffer // nil when done reading 3467 err error // read error once empty. non-nil means closed. 3468 breakErr error // immediate read error (caller doesn't see rest of b) 3469 donec chan struct{} // closed on error 3470 readFn func() // optional code to run in Read before error 3471 } 3472 3473 type http2pipeBuffer interface { 3474 Len() int 3475 io.Writer 3476 io.Reader 3477 } 3478 3479 func (p *http2pipe) Len() int { 3480 p.mu.Lock() 3481 defer p.mu.Unlock() 3482 if p.b == nil { 3483 return 0 3484 } 3485 return p.b.Len() 3486 } 3487 3488 // Read waits until data is available and copies bytes 3489 // from the buffer into p. 3490 func (p *http2pipe) Read(d []byte) (n int, err error) { 3491 p.mu.Lock() 3492 defer p.mu.Unlock() 3493 if p.c.L == nil { 3494 p.c.L = &p.mu 3495 } 3496 for { 3497 if p.breakErr != nil { 3498 return 0, p.breakErr 3499 } 3500 if p.b != nil && p.b.Len() > 0 { 3501 return p.b.Read(d) 3502 } 3503 if p.err != nil { 3504 if p.readFn != nil { 3505 p.readFn() // e.g. copy trailers 3506 p.readFn = nil // not sticky like p.err 3507 } 3508 p.b = nil 3509 return 0, p.err 3510 } 3511 p.c.Wait() 3512 } 3513 } 3514 3515 var http2errClosedPipeWrite = errors.New("write on closed buffer") 3516 3517 // Write copies bytes from p into the buffer and wakes a reader. 3518 // It is an error to write more data than the buffer can hold. 3519 func (p *http2pipe) Write(d []byte) (n int, err error) { 3520 p.mu.Lock() 3521 defer p.mu.Unlock() 3522 if p.c.L == nil { 3523 p.c.L = &p.mu 3524 } 3525 defer p.c.Signal() 3526 if p.err != nil { 3527 return 0, http2errClosedPipeWrite 3528 } 3529 if p.breakErr != nil { 3530 return len(d), nil // discard when there is no reader 3531 } 3532 return p.b.Write(d) 3533 } 3534 3535 // CloseWithError causes the next Read (waking up a current blocked 3536 // Read if needed) to return the provided err after all data has been 3537 // read. 3538 // 3539 // The error must be non-nil. 3540 func (p *http2pipe) CloseWithError(err error) { p.closeWithError(&p.err, err, nil) } 3541 3542 // BreakWithError causes the next Read (waking up a current blocked 3543 // Read if needed) to return the provided err immediately, without 3544 // waiting for unread data. 3545 func (p *http2pipe) BreakWithError(err error) { p.closeWithError(&p.breakErr, err, nil) } 3546 3547 // closeWithErrorAndCode is like CloseWithError but also sets some code to run 3548 // in the caller's goroutine before returning the error. 3549 func (p *http2pipe) closeWithErrorAndCode(err error, fn func()) { p.closeWithError(&p.err, err, fn) } 3550 3551 func (p *http2pipe) closeWithError(dst *error, err error, fn func()) { 3552 if err == nil { 3553 panic("err must be non-nil") 3554 } 3555 p.mu.Lock() 3556 defer p.mu.Unlock() 3557 if p.c.L == nil { 3558 p.c.L = &p.mu 3559 } 3560 defer p.c.Signal() 3561 if *dst != nil { 3562 // Already been done. 3563 return 3564 } 3565 p.readFn = fn 3566 if dst == &p.breakErr { 3567 p.b = nil 3568 } 3569 *dst = err 3570 p.closeDoneLocked() 3571 } 3572 3573 // requires p.mu be held. 3574 func (p *http2pipe) closeDoneLocked() { 3575 if p.donec == nil { 3576 return 3577 } 3578 // Close if unclosed. This isn't racy since we always 3579 // hold p.mu while closing. 3580 select { 3581 case <-p.donec: 3582 default: 3583 close(p.donec) 3584 } 3585 } 3586 3587 // Err returns the error (if any) first set by BreakWithError or CloseWithError. 3588 func (p *http2pipe) Err() error { 3589 p.mu.Lock() 3590 defer p.mu.Unlock() 3591 if p.breakErr != nil { 3592 return p.breakErr 3593 } 3594 return p.err 3595 } 3596 3597 // Done returns a channel which is closed if and when this pipe is closed 3598 // with CloseWithError. 3599 func (p *http2pipe) Done() <-chan struct{} { 3600 p.mu.Lock() 3601 defer p.mu.Unlock() 3602 if p.donec == nil { 3603 p.donec = make(chan struct{}) 3604 if p.err != nil || p.breakErr != nil { 3605 // Already hit an error. 3606 p.closeDoneLocked() 3607 } 3608 } 3609 return p.donec 3610 } 3611 3612 const ( 3613 http2prefaceTimeout = 10 * time.Second 3614 http2firstSettingsTimeout = 2 * time.Second // should be in-flight with preface anyway 3615 http2handlerChunkWriteSize = 4 << 10 3616 http2defaultMaxStreams = 250 // TODO: make this 100 as the GFE seems to? 3617 ) 3618 3619 var ( 3620 http2errClientDisconnected = errors.New("client disconnected") 3621 http2errClosedBody = errors.New("body closed by handler") 3622 http2errHandlerComplete = errors.New("http2: request body closed due to handler exiting") 3623 http2errStreamClosed = errors.New("http2: stream closed") 3624 ) 3625 3626 var http2responseWriterStatePool = sync.Pool{ 3627 New: func() interface{} { 3628 rws := &http2responseWriterState{} 3629 rws.bw = bufio.NewWriterSize(http2chunkWriter{rws}, http2handlerChunkWriteSize) 3630 return rws 3631 }, 3632 } 3633 3634 // Test hooks. 3635 var ( 3636 http2testHookOnConn func() 3637 http2testHookGetServerConn func(*http2serverConn) 3638 http2testHookOnPanicMu *sync.Mutex // nil except in tests 3639 http2testHookOnPanic func(sc *http2serverConn, panicVal interface{}) (rePanic bool) 3640 ) 3641 3642 // Server is an HTTP/2 server. 3643 type http2Server struct { 3644 // MaxHandlers limits the number of http.Handler ServeHTTP goroutines 3645 // which may run at a time over all connections. 3646 // Negative or zero no limit. 3647 // TODO: implement 3648 MaxHandlers int 3649 3650 // MaxConcurrentStreams optionally specifies the number of 3651 // concurrent streams that each client may have open at a 3652 // time. This is unrelated to the number of http.Handler goroutines 3653 // which may be active globally, which is MaxHandlers. 3654 // If zero, MaxConcurrentStreams defaults to at least 100, per 3655 // the HTTP/2 spec's recommendations. 3656 MaxConcurrentStreams uint32 3657 3658 // MaxReadFrameSize optionally specifies the largest frame 3659 // this server is willing to read. A valid value is between 3660 // 16k and 16M, inclusive. If zero or otherwise invalid, a 3661 // default value is used. 3662 MaxReadFrameSize uint32 3663 3664 // PermitProhibitedCipherSuites, if true, permits the use of 3665 // cipher suites prohibited by the HTTP/2 spec. 3666 PermitProhibitedCipherSuites bool 3667 3668 // IdleTimeout specifies how long until idle clients should be 3669 // closed with a GOAWAY frame. PING frames are not considered 3670 // activity for the purposes of IdleTimeout. 3671 IdleTimeout time.Duration 3672 3673 // MaxUploadBufferPerConnection is the size of the initial flow 3674 // control window for each connections. The HTTP/2 spec does not 3675 // allow this to be smaller than 65535 or larger than 2^32-1. 3676 // If the value is outside this range, a default value will be 3677 // used instead. 3678 MaxUploadBufferPerConnection int32 3679 3680 // MaxUploadBufferPerStream is the size of the initial flow control 3681 // window for each stream. The HTTP/2 spec does not allow this to 3682 // be larger than 2^32-1. If the value is zero or larger than the 3683 // maximum, a default value will be used instead. 3684 MaxUploadBufferPerStream int32 3685 3686 // NewWriteScheduler constructs a write scheduler for a connection. 3687 // If nil, a default scheduler is chosen. 3688 NewWriteScheduler func() http2WriteScheduler 3689 3690 // Internal state. This is a pointer (rather than embedded directly) 3691 // so that we don't embed a Mutex in this struct, which will make the 3692 // struct non-copyable, which might break some callers. 3693 state *http2serverInternalState 3694 } 3695 3696 func (s *http2Server) initialConnRecvWindowSize() int32 { 3697 if s.MaxUploadBufferPerConnection > http2initialWindowSize { 3698 return s.MaxUploadBufferPerConnection 3699 } 3700 return 1 << 20 3701 } 3702 3703 func (s *http2Server) initialStreamRecvWindowSize() int32 { 3704 if s.MaxUploadBufferPerStream > 0 { 3705 return s.MaxUploadBufferPerStream 3706 } 3707 return 1 << 20 3708 } 3709 3710 func (s *http2Server) maxReadFrameSize() uint32 { 3711 if v := s.MaxReadFrameSize; v >= http2minMaxFrameSize && v <= http2maxFrameSize { 3712 return v 3713 } 3714 return http2defaultMaxReadFrameSize 3715 } 3716 3717 func (s *http2Server) maxConcurrentStreams() uint32 { 3718 if v := s.MaxConcurrentStreams; v > 0 { 3719 return v 3720 } 3721 return http2defaultMaxStreams 3722 } 3723 3724 type http2serverInternalState struct { 3725 mu sync.Mutex 3726 activeConns map[*http2serverConn]struct{} 3727 } 3728 3729 func (s *http2serverInternalState) registerConn(sc *http2serverConn) { 3730 if s == nil { 3731 return // if the Server was used without calling ConfigureServer 3732 } 3733 s.mu.Lock() 3734 s.activeConns[sc] = struct{}{} 3735 s.mu.Unlock() 3736 } 3737 3738 func (s *http2serverInternalState) unregisterConn(sc *http2serverConn) { 3739 if s == nil { 3740 return // if the Server was used without calling ConfigureServer 3741 } 3742 s.mu.Lock() 3743 delete(s.activeConns, sc) 3744 s.mu.Unlock() 3745 } 3746 3747 func (s *http2serverInternalState) startGracefulShutdown() { 3748 if s == nil { 3749 return // if the Server was used without calling ConfigureServer 3750 } 3751 s.mu.Lock() 3752 for sc := range s.activeConns { 3753 sc.startGracefulShutdown() 3754 } 3755 s.mu.Unlock() 3756 } 3757 3758 // ConfigureServer adds HTTP/2 support to a net/http Server. 3759 // 3760 // The configuration conf may be nil. 3761 // 3762 // ConfigureServer must be called before s begins serving. 3763 func http2ConfigureServer(s *Server, conf *http2Server) error { 3764 if s == nil { 3765 panic("nil *http.Server") 3766 } 3767 if conf == nil { 3768 conf = new(http2Server) 3769 } 3770 conf.state = &http2serverInternalState{activeConns: make(map[*http2serverConn]struct{})} 3771 if h1, h2 := s, conf; h2.IdleTimeout == 0 { 3772 if h1.IdleTimeout != 0 { 3773 h2.IdleTimeout = h1.IdleTimeout 3774 } else { 3775 h2.IdleTimeout = h1.ReadTimeout 3776 } 3777 } 3778 s.RegisterOnShutdown(conf.state.startGracefulShutdown) 3779 3780 if s.TLSConfig == nil { 3781 s.TLSConfig = new(tls.Config) 3782 } else if s.TLSConfig.CipherSuites != nil { 3783 // If they already provided a CipherSuite list, return 3784 // an error if it has a bad order or is missing 3785 // ECDHE_RSA_WITH_AES_128_GCM_SHA256 or ECDHE_ECDSA_WITH_AES_128_GCM_SHA256. 3786 haveRequired := false 3787 sawBad := false 3788 for i, cs := range s.TLSConfig.CipherSuites { 3789 switch cs { 3790 case tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 3791 // Alternative MTI cipher to not discourage ECDSA-only servers. 3792 // See http://golang.org/cl/30721 for further information. 3793 tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: 3794 haveRequired = true 3795 } 3796 if http2isBadCipher(cs) { 3797 sawBad = true 3798 } else if sawBad { 3799 return fmt.Errorf("http2: TLSConfig.CipherSuites index %d contains an HTTP/2-approved cipher suite (%#04x), but it comes after unapproved cipher suites. With this configuration, clients that don't support previous, approved cipher suites may be given an unapproved one and reject the connection.", i, cs) 3800 } 3801 } 3802 if !haveRequired { 3803 return fmt.Errorf("http2: TLSConfig.CipherSuites is missing an HTTP/2-required AES_128_GCM_SHA256 cipher.") 3804 } 3805 } 3806 3807 // Note: not setting MinVersion to tls.VersionTLS12, 3808 // as we don't want to interfere with HTTP/1.1 traffic 3809 // on the user's server. We enforce TLS 1.2 later once 3810 // we accept a connection. Ideally this should be done 3811 // during next-proto selection, but using TLS <1.2 with 3812 // HTTP/2 is still the client's bug. 3813 3814 s.TLSConfig.PreferServerCipherSuites = true 3815 3816 haveNPN := false 3817 for _, p := range s.TLSConfig.NextProtos { 3818 if p == http2NextProtoTLS { 3819 haveNPN = true 3820 break 3821 } 3822 } 3823 if !haveNPN { 3824 s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, http2NextProtoTLS) 3825 } 3826 3827 if s.TLSNextProto == nil { 3828 s.TLSNextProto = map[string]func(*Server, *tls.Conn, Handler){} 3829 } 3830 protoHandler := func(hs *Server, c *tls.Conn, h Handler) { 3831 if http2testHookOnConn != nil { 3832 http2testHookOnConn() 3833 } 3834 conf.ServeConn(c, &http2ServeConnOpts{ 3835 Handler: h, 3836 BaseConfig: hs, 3837 }) 3838 } 3839 s.TLSNextProto[http2NextProtoTLS] = protoHandler 3840 return nil 3841 } 3842 3843 // ServeConnOpts are options for the Server.ServeConn method. 3844 type http2ServeConnOpts struct { 3845 // BaseConfig optionally sets the base configuration 3846 // for values. If nil, defaults are used. 3847 BaseConfig *Server 3848 3849 // Handler specifies which handler to use for processing 3850 // requests. If nil, BaseConfig.Handler is used. If BaseConfig 3851 // or BaseConfig.Handler is nil, http.DefaultServeMux is used. 3852 Handler Handler 3853 } 3854 3855 func (o *http2ServeConnOpts) baseConfig() *Server { 3856 if o != nil && o.BaseConfig != nil { 3857 return o.BaseConfig 3858 } 3859 return new(Server) 3860 } 3861 3862 func (o *http2ServeConnOpts) handler() Handler { 3863 if o != nil { 3864 if o.Handler != nil { 3865 return o.Handler 3866 } 3867 if o.BaseConfig != nil && o.BaseConfig.Handler != nil { 3868 return o.BaseConfig.Handler 3869 } 3870 } 3871 return DefaultServeMux 3872 } 3873 3874 // ServeConn serves HTTP/2 requests on the provided connection and 3875 // blocks until the connection is no longer readable. 3876 // 3877 // ServeConn starts speaking HTTP/2 assuming that c has not had any 3878 // reads or writes. It writes its initial settings frame and expects 3879 // to be able to read the preface and settings frame from the 3880 // client. If c has a ConnectionState method like a *tls.Conn, the 3881 // ConnectionState is used to verify the TLS ciphersuite and to set 3882 // the Request.TLS field in Handlers. 3883 // 3884 // ServeConn does not support h2c by itself. Any h2c support must be 3885 // implemented in terms of providing a suitably-behaving net.Conn. 3886 // 3887 // The opts parameter is optional. If nil, default values are used. 3888 func (s *http2Server) ServeConn(c net.Conn, opts *http2ServeConnOpts) { 3889 baseCtx, cancel := http2serverConnBaseContext(c, opts) 3890 defer cancel() 3891 3892 sc := &http2serverConn{ 3893 srv: s, 3894 hs: opts.baseConfig(), 3895 conn: c, 3896 baseCtx: baseCtx, 3897 remoteAddrStr: c.RemoteAddr().String(), 3898 bw: http2newBufferedWriter(c), 3899 handler: opts.handler(), 3900 streams: make(map[uint32]*http2stream), 3901 readFrameCh: make(chan http2readFrameResult), 3902 wantWriteFrameCh: make(chan http2FrameWriteRequest, 8), 3903 serveMsgCh: make(chan interface{}, 8), 3904 wroteFrameCh: make(chan http2frameWriteResult, 1), // buffered; one send in writeFrameAsync 3905 bodyReadCh: make(chan http2bodyReadMsg), // buffering doesn't matter either way 3906 doneServing: make(chan struct{}), 3907 clientMaxStreams: math.MaxUint32, // Section 6.5.2: "Initially, there is no limit to this value" 3908 advMaxStreams: s.maxConcurrentStreams(), 3909 initialStreamSendWindowSize: http2initialWindowSize, 3910 maxFrameSize: http2initialMaxFrameSize, 3911 headerTableSize: http2initialHeaderTableSize, 3912 serveG: http2newGoroutineLock(), 3913 pushEnabled: true, 3914 } 3915 3916 s.state.registerConn(sc) 3917 defer s.state.unregisterConn(sc) 3918 3919 // The net/http package sets the write deadline from the 3920 // http.Server.WriteTimeout during the TLS handshake, but then 3921 // passes the connection off to us with the deadline already set. 3922 // Write deadlines are set per stream in serverConn.newStream. 3923 // Disarm the net.Conn write deadline here. 3924 if sc.hs.WriteTimeout != 0 { 3925 sc.conn.SetWriteDeadline(time.Time{}) 3926 } 3927 3928 if s.NewWriteScheduler != nil { 3929 sc.writeSched = s.NewWriteScheduler() 3930 } else { 3931 sc.writeSched = http2NewRandomWriteScheduler() 3932 } 3933 3934 // These start at the RFC-specified defaults. If there is a higher 3935 // configured value for inflow, that will be updated when we send a 3936 // WINDOW_UPDATE shortly after sending SETTINGS. 3937 sc.flow.add(http2initialWindowSize) 3938 sc.inflow.add(http2initialWindowSize) 3939 sc.hpackEncoder = hpack.NewEncoder(&sc.headerWriteBuf) 3940 3941 fr := http2NewFramer(sc.bw, c) 3942 fr.ReadMetaHeaders = hpack.NewDecoder(http2initialHeaderTableSize, nil) 3943 fr.MaxHeaderListSize = sc.maxHeaderListSize() 3944 fr.SetMaxReadFrameSize(s.maxReadFrameSize()) 3945 sc.framer = fr 3946 3947 if tc, ok := c.(http2connectionStater); ok { 3948 sc.tlsState = new(tls.ConnectionState) 3949 *sc.tlsState = tc.ConnectionState() 3950 // 9.2 Use of TLS Features 3951 // An implementation of HTTP/2 over TLS MUST use TLS 3952 // 1.2 or higher with the restrictions on feature set 3953 // and cipher suite described in this section. Due to 3954 // implementation limitations, it might not be 3955 // possible to fail TLS negotiation. An endpoint MUST 3956 // immediately terminate an HTTP/2 connection that 3957 // does not meet the TLS requirements described in 3958 // this section with a connection error (Section 3959 // 5.4.1) of type INADEQUATE_SECURITY. 3960 if sc.tlsState.Version < tls.VersionTLS12 { 3961 sc.rejectConn(http2ErrCodeInadequateSecurity, "TLS version too low") 3962 return 3963 } 3964 3965 if sc.tlsState.ServerName == "" { 3966 // Client must use SNI, but we don't enforce that anymore, 3967 // since it was causing problems when connecting to bare IP 3968 // addresses during development. 3969 // 3970 // TODO: optionally enforce? Or enforce at the time we receive 3971 // a new request, and verify the ServerName matches the :authority? 3972 // But that precludes proxy situations, perhaps. 3973 // 3974 // So for now, do nothing here again. 3975 } 3976 3977 if !s.PermitProhibitedCipherSuites && http2isBadCipher(sc.tlsState.CipherSuite) { 3978 // "Endpoints MAY choose to generate a connection error 3979 // (Section 5.4.1) of type INADEQUATE_SECURITY if one of 3980 // the prohibited cipher suites are negotiated." 3981 // 3982 // We choose that. In my opinion, the spec is weak 3983 // here. It also says both parties must support at least 3984 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 so there's no 3985 // excuses here. If we really must, we could allow an 3986 // "AllowInsecureWeakCiphers" option on the server later. 3987 // Let's see how it plays out first. 3988 sc.rejectConn(http2ErrCodeInadequateSecurity, fmt.Sprintf("Prohibited TLS 1.2 Cipher Suite: %x", sc.tlsState.CipherSuite)) 3989 return 3990 } 3991 } 3992 3993 if hook := http2testHookGetServerConn; hook != nil { 3994 hook(sc) 3995 } 3996 sc.serve() 3997 } 3998 3999 func http2serverConnBaseContext(c net.Conn, opts *http2ServeConnOpts) (ctx context.Context, cancel func()) { 4000 ctx, cancel = context.WithCancel(context.Background()) 4001 ctx = context.WithValue(ctx, LocalAddrContextKey, c.LocalAddr()) 4002 if hs := opts.baseConfig(); hs != nil { 4003 ctx = context.WithValue(ctx, ServerContextKey, hs) 4004 } 4005 return 4006 } 4007 4008 func (sc *http2serverConn) rejectConn(err http2ErrCode, debug string) { 4009 sc.vlogf("http2: server rejecting conn: %v, %s", err, debug) 4010 // ignoring errors. hanging up anyway. 4011 sc.framer.WriteGoAway(0, err, []byte(debug)) 4012 sc.bw.Flush() 4013 sc.conn.Close() 4014 } 4015 4016 type http2serverConn struct { 4017 // Immutable: 4018 srv *http2Server 4019 hs *Server 4020 conn net.Conn 4021 bw *http2bufferedWriter // writing to conn 4022 handler Handler 4023 baseCtx context.Context 4024 framer *http2Framer 4025 doneServing chan struct{} // closed when serverConn.serve ends 4026 readFrameCh chan http2readFrameResult // written by serverConn.readFrames 4027 wantWriteFrameCh chan http2FrameWriteRequest // from handlers -> serve 4028 wroteFrameCh chan http2frameWriteResult // from writeFrameAsync -> serve, tickles more frame writes 4029 bodyReadCh chan http2bodyReadMsg // from handlers -> serve 4030 serveMsgCh chan interface{} // misc messages & code to send to / run on the serve loop 4031 flow http2flow // conn-wide (not stream-specific) outbound flow control 4032 inflow http2flow // conn-wide inbound flow control 4033 tlsState *tls.ConnectionState // shared by all handlers, like net/http 4034 remoteAddrStr string 4035 writeSched http2WriteScheduler 4036 4037 // Everything following is owned by the serve loop; use serveG.check(): 4038 serveG http2goroutineLock // used to verify funcs are on serve() 4039 pushEnabled bool 4040 sawFirstSettings bool // got the initial SETTINGS frame after the preface 4041 needToSendSettingsAck bool 4042 unackedSettings int // how many SETTINGS have we sent without ACKs? 4043 clientMaxStreams uint32 // SETTINGS_MAX_CONCURRENT_STREAMS from client (our PUSH_PROMISE limit) 4044 advMaxStreams uint32 // our SETTINGS_MAX_CONCURRENT_STREAMS advertised the client 4045 curClientStreams uint32 // number of open streams initiated by the client 4046 curPushedStreams uint32 // number of open streams initiated by server push 4047 maxClientStreamID uint32 // max ever seen from client (odd), or 0 if there have been no client requests 4048 maxPushPromiseID uint32 // ID of the last push promise (even), or 0 if there have been no pushes 4049 streams map[uint32]*http2stream 4050 initialStreamSendWindowSize int32 4051 maxFrameSize int32 4052 headerTableSize uint32 4053 peerMaxHeaderListSize uint32 // zero means unknown (default) 4054 canonHeader map[string]string // http2-lower-case -> Go-Canonical-Case 4055 writingFrame bool // started writing a frame (on serve goroutine or separate) 4056 writingFrameAsync bool // started a frame on its own goroutine but haven't heard back on wroteFrameCh 4057 needsFrameFlush bool // last frame write wasn't a flush 4058 inGoAway bool // we've started to or sent GOAWAY 4059 inFrameScheduleLoop bool // whether we're in the scheduleFrameWrite loop 4060 needToSendGoAway bool // we need to schedule a GOAWAY frame write 4061 goAwayCode http2ErrCode 4062 shutdownTimer *time.Timer // nil until used 4063 idleTimer *time.Timer // nil if unused 4064 4065 // Owned by the writeFrameAsync goroutine: 4066 headerWriteBuf bytes.Buffer 4067 hpackEncoder *hpack.Encoder 4068 4069 // Used by startGracefulShutdown. 4070 shutdownOnce sync.Once 4071 } 4072 4073 func (sc *http2serverConn) maxHeaderListSize() uint32 { 4074 n := sc.hs.MaxHeaderBytes 4075 if n <= 0 { 4076 n = DefaultMaxHeaderBytes 4077 } 4078 // http2's count is in a slightly different unit and includes 32 bytes per pair. 4079 // So, take the net/http.Server value and pad it up a bit, assuming 10 headers. 4080 const perFieldOverhead = 32 // per http2 spec 4081 const typicalHeaders = 10 // conservative 4082 return uint32(n + typicalHeaders*perFieldOverhead) 4083 } 4084 4085 func (sc *http2serverConn) curOpenStreams() uint32 { 4086 sc.serveG.check() 4087 return sc.curClientStreams + sc.curPushedStreams 4088 } 4089 4090 // stream represents a stream. This is the minimal metadata needed by 4091 // the serve goroutine. Most of the actual stream state is owned by 4092 // the http.Handler's goroutine in the responseWriter. Because the 4093 // responseWriter's responseWriterState is recycled at the end of a 4094 // handler, this struct intentionally has no pointer to the 4095 // *responseWriter{,State} itself, as the Handler ending nils out the 4096 // responseWriter's state field. 4097 type http2stream struct { 4098 // immutable: 4099 sc *http2serverConn 4100 id uint32 4101 body *http2pipe // non-nil if expecting DATA frames 4102 cw http2closeWaiter // closed wait stream transitions to closed state 4103 ctx context.Context 4104 cancelCtx func() 4105 4106 // owned by serverConn's serve loop: 4107 bodyBytes int64 // body bytes seen so far 4108 declBodyBytes int64 // or -1 if undeclared 4109 flow http2flow // limits writing from Handler to client 4110 inflow http2flow // what the client is allowed to POST/etc to us 4111 parent *http2stream // or nil 4112 numTrailerValues int64 4113 weight uint8 4114 state http2streamState 4115 resetQueued bool // RST_STREAM queued for write; set by sc.resetStream 4116 gotTrailerHeader bool // HEADER frame for trailers was seen 4117 wroteHeaders bool // whether we wrote headers (not status 100) 4118 writeDeadline *time.Timer // nil if unused 4119 4120 trailer Header // accumulated trailers 4121 reqTrailer Header // handler's Request.Trailer 4122 } 4123 4124 func (sc *http2serverConn) Framer() *http2Framer { return sc.framer } 4125 4126 func (sc *http2serverConn) CloseConn() error { return sc.conn.Close() } 4127 4128 func (sc *http2serverConn) Flush() error { return sc.bw.Flush() } 4129 4130 func (sc *http2serverConn) HeaderEncoder() (*hpack.Encoder, *bytes.Buffer) { 4131 return sc.hpackEncoder, &sc.headerWriteBuf 4132 } 4133 4134 func (sc *http2serverConn) state(streamID uint32) (http2streamState, *http2stream) { 4135 sc.serveG.check() 4136 // http://tools.ietf.org/html/rfc7540#section-5.1 4137 if st, ok := sc.streams[streamID]; ok { 4138 return st.state, st 4139 } 4140 // "The first use of a new stream identifier implicitly closes all 4141 // streams in the "idle" state that might have been initiated by 4142 // that peer with a lower-valued stream identifier. For example, if 4143 // a client sends a HEADERS frame on stream 7 without ever sending a 4144 // frame on stream 5, then stream 5 transitions to the "closed" 4145 // state when the first frame for stream 7 is sent or received." 4146 if streamID%2 == 1 { 4147 if streamID <= sc.maxClientStreamID { 4148 return http2stateClosed, nil 4149 } 4150 } else { 4151 if streamID <= sc.maxPushPromiseID { 4152 return http2stateClosed, nil 4153 } 4154 } 4155 return http2stateIdle, nil 4156 } 4157 4158 // setConnState calls the net/http ConnState hook for this connection, if configured. 4159 // Note that the net/http package does StateNew and StateClosed for us. 4160 // There is currently no plan for StateHijacked or hijacking HTTP/2 connections. 4161 func (sc *http2serverConn) setConnState(state ConnState) { 4162 if sc.hs.ConnState != nil { 4163 sc.hs.ConnState(sc.conn, state) 4164 } 4165 } 4166 4167 func (sc *http2serverConn) vlogf(format string, args ...interface{}) { 4168 if http2VerboseLogs { 4169 sc.logf(format, args...) 4170 } 4171 } 4172 4173 func (sc *http2serverConn) logf(format string, args ...interface{}) { 4174 if lg := sc.hs.ErrorLog; lg != nil { 4175 lg.Printf(format, args...) 4176 } else { 4177 log.Printf(format, args...) 4178 } 4179 } 4180 4181 // errno returns v's underlying uintptr, else 0. 4182 // 4183 // TODO: remove this helper function once http2 can use build 4184 // tags. See comment in isClosedConnError. 4185 func http2errno(v error) uintptr { 4186 if rv := reflect.ValueOf(v); rv.Kind() == reflect.Uintptr { 4187 return uintptr(rv.Uint()) 4188 } 4189 return 0 4190 } 4191 4192 // isClosedConnError reports whether err is an error from use of a closed 4193 // network connection. 4194 func http2isClosedConnError(err error) bool { 4195 if err == nil { 4196 return false 4197 } 4198 4199 // TODO: remove this string search and be more like the Windows 4200 // case below. That might involve modifying the standard library 4201 // to return better error types. 4202 str := err.Error() 4203 if strings.Contains(str, "use of closed network connection") { 4204 return true 4205 } 4206 4207 // TODO(bradfitz): x/tools/cmd/bundle doesn't really support 4208 // build tags, so I can't make an http2_windows.go file with 4209 // Windows-specific stuff. Fix that and move this, once we 4210 // have a way to bundle this into std's net/http somehow. 4211 if runtime.GOOS == "windows" { 4212 if oe, ok := err.(*net.OpError); ok && oe.Op == "read" { 4213 if se, ok := oe.Err.(*os.SyscallError); ok && se.Syscall == "wsarecv" { 4214 const WSAECONNABORTED = 10053 4215 const WSAECONNRESET = 10054 4216 if n := http2errno(se.Err); n == WSAECONNRESET || n == WSAECONNABORTED { 4217 return true 4218 } 4219 } 4220 } 4221 } 4222 return false 4223 } 4224 4225 func (sc *http2serverConn) condlogf(err error, format string, args ...interface{}) { 4226 if err == nil { 4227 return 4228 } 4229 if err == io.EOF || err == io.ErrUnexpectedEOF || http2isClosedConnError(err) || err == http2errPrefaceTimeout { 4230 // Boring, expected errors. 4231 sc.vlogf(format, args...) 4232 } else { 4233 sc.logf(format, args...) 4234 } 4235 } 4236 4237 func (sc *http2serverConn) canonicalHeader(v string) string { 4238 sc.serveG.check() 4239 http2buildCommonHeaderMapsOnce() 4240 cv, ok := http2commonCanonHeader[v] 4241 if ok { 4242 return cv 4243 } 4244 cv, ok = sc.canonHeader[v] 4245 if ok { 4246 return cv 4247 } 4248 if sc.canonHeader == nil { 4249 sc.canonHeader = make(map[string]string) 4250 } 4251 cv = CanonicalHeaderKey(v) 4252 sc.canonHeader[v] = cv 4253 return cv 4254 } 4255 4256 type http2readFrameResult struct { 4257 f http2Frame // valid until readMore is called 4258 err error 4259 4260 // readMore should be called once the consumer no longer needs or 4261 // retains f. After readMore, f is invalid and more frames can be 4262 // read. 4263 readMore func() 4264 } 4265 4266 // readFrames is the loop that reads incoming frames. 4267 // It takes care to only read one frame at a time, blocking until the 4268 // consumer is done with the frame. 4269 // It's run on its own goroutine. 4270 func (sc *http2serverConn) readFrames() { 4271 gate := make(http2gate) 4272 gateDone := gate.Done 4273 for { 4274 f, err := sc.framer.ReadFrame() 4275 select { 4276 case sc.readFrameCh <- http2readFrameResult{f, err, gateDone}: 4277 case <-sc.doneServing: 4278 return 4279 } 4280 select { 4281 case <-gate: 4282 case <-sc.doneServing: 4283 return 4284 } 4285 if http2terminalReadFrameError(err) { 4286 return 4287 } 4288 } 4289 } 4290 4291 // frameWriteResult is the message passed from writeFrameAsync to the serve goroutine. 4292 type http2frameWriteResult struct { 4293 wr http2FrameWriteRequest // what was written (or attempted) 4294 err error // result of the writeFrame call 4295 } 4296 4297 // writeFrameAsync runs in its own goroutine and writes a single frame 4298 // and then reports when it's done. 4299 // At most one goroutine can be running writeFrameAsync at a time per 4300 // serverConn. 4301 func (sc *http2serverConn) writeFrameAsync(wr http2FrameWriteRequest) { 4302 err := wr.write.writeFrame(sc) 4303 sc.wroteFrameCh <- http2frameWriteResult{wr, err} 4304 } 4305 4306 func (sc *http2serverConn) closeAllStreamsOnConnClose() { 4307 sc.serveG.check() 4308 for _, st := range sc.streams { 4309 sc.closeStream(st, http2errClientDisconnected) 4310 } 4311 } 4312 4313 func (sc *http2serverConn) stopShutdownTimer() { 4314 sc.serveG.check() 4315 if t := sc.shutdownTimer; t != nil { 4316 t.Stop() 4317 } 4318 } 4319 4320 func (sc *http2serverConn) notePanic() { 4321 // Note: this is for serverConn.serve panicking, not http.Handler code. 4322 if http2testHookOnPanicMu != nil { 4323 http2testHookOnPanicMu.Lock() 4324 defer http2testHookOnPanicMu.Unlock() 4325 } 4326 if http2testHookOnPanic != nil { 4327 if e := recover(); e != nil { 4328 if http2testHookOnPanic(sc, e) { 4329 panic(e) 4330 } 4331 } 4332 } 4333 } 4334 4335 func (sc *http2serverConn) serve() { 4336 sc.serveG.check() 4337 defer sc.notePanic() 4338 defer sc.conn.Close() 4339 defer sc.closeAllStreamsOnConnClose() 4340 defer sc.stopShutdownTimer() 4341 defer close(sc.doneServing) // unblocks handlers trying to send 4342 4343 if http2VerboseLogs { 4344 sc.vlogf("http2: server connection from %v on %p", sc.conn.RemoteAddr(), sc.hs) 4345 } 4346 4347 sc.writeFrame(http2FrameWriteRequest{ 4348 write: http2writeSettings{ 4349 {http2SettingMaxFrameSize, sc.srv.maxReadFrameSize()}, 4350 {http2SettingMaxConcurrentStreams, sc.advMaxStreams}, 4351 {http2SettingMaxHeaderListSize, sc.maxHeaderListSize()}, 4352 {http2SettingInitialWindowSize, uint32(sc.srv.initialStreamRecvWindowSize())}, 4353 }, 4354 }) 4355 sc.unackedSettings++ 4356 4357 // Each connection starts with intialWindowSize inflow tokens. 4358 // If a higher value is configured, we add more tokens. 4359 if diff := sc.srv.initialConnRecvWindowSize() - http2initialWindowSize; diff > 0 { 4360 sc.sendWindowUpdate(nil, int(diff)) 4361 } 4362 4363 if err := sc.readPreface(); err != nil { 4364 sc.condlogf(err, "http2: server: error reading preface from client %v: %v", sc.conn.RemoteAddr(), err) 4365 return 4366 } 4367 // Now that we've got the preface, get us out of the 4368 // "StateNew" state. We can't go directly to idle, though. 4369 // Active means we read some data and anticipate a request. We'll 4370 // do another Active when we get a HEADERS frame. 4371 sc.setConnState(StateActive) 4372 sc.setConnState(StateIdle) 4373 4374 if sc.srv.IdleTimeout != 0 { 4375 sc.idleTimer = time.AfterFunc(sc.srv.IdleTimeout, sc.onIdleTimer) 4376 defer sc.idleTimer.Stop() 4377 } 4378 4379 go sc.readFrames() // closed by defer sc.conn.Close above 4380 4381 settingsTimer := time.AfterFunc(http2firstSettingsTimeout, sc.onSettingsTimer) 4382 defer settingsTimer.Stop() 4383 4384 loopNum := 0 4385 for { 4386 loopNum++ 4387 select { 4388 case wr := <-sc.wantWriteFrameCh: 4389 if se, ok := wr.write.(http2StreamError); ok { 4390 sc.resetStream(se) 4391 break 4392 } 4393 sc.writeFrame(wr) 4394 case res := <-sc.wroteFrameCh: 4395 sc.wroteFrame(res) 4396 case res := <-sc.readFrameCh: 4397 if !sc.processFrameFromReader(res) { 4398 return 4399 } 4400 res.readMore() 4401 if settingsTimer != nil { 4402 settingsTimer.Stop() 4403 settingsTimer = nil 4404 } 4405 case m := <-sc.bodyReadCh: 4406 sc.noteBodyRead(m.st, m.n) 4407 case msg := <-sc.serveMsgCh: 4408 switch v := msg.(type) { 4409 case func(int): 4410 v(loopNum) // for testing 4411 case *http2serverMessage: 4412 switch v { 4413 case http2settingsTimerMsg: 4414 sc.logf("timeout waiting for SETTINGS frames from %v", sc.conn.RemoteAddr()) 4415 return 4416 case http2idleTimerMsg: 4417 sc.vlogf("connection is idle") 4418 sc.goAway(http2ErrCodeNo) 4419 case http2shutdownTimerMsg: 4420 sc.vlogf("GOAWAY close timer fired; closing conn from %v", sc.conn.RemoteAddr()) 4421 return 4422 case http2gracefulShutdownMsg: 4423 sc.startGracefulShutdownInternal() 4424 default: 4425 panic("unknown timer") 4426 } 4427 case *http2startPushRequest: 4428 sc.startPush(v) 4429 default: 4430 panic(fmt.Sprintf("unexpected type %T", v)) 4431 } 4432 } 4433 4434 // Start the shutdown timer after sending a GOAWAY. When sending GOAWAY 4435 // with no error code (graceful shutdown), don't start the timer until 4436 // all open streams have been completed. 4437 sentGoAway := sc.inGoAway && !sc.needToSendGoAway && !sc.writingFrame 4438 gracefulShutdownComplete := sc.goAwayCode == http2ErrCodeNo && sc.curOpenStreams() == 0 4439 if sentGoAway && sc.shutdownTimer == nil && (sc.goAwayCode != http2ErrCodeNo || gracefulShutdownComplete) { 4440 sc.shutDownIn(http2goAwayTimeout) 4441 } 4442 } 4443 } 4444 4445 func (sc *http2serverConn) awaitGracefulShutdown(sharedCh <-chan struct{}, privateCh chan struct{}) { 4446 select { 4447 case <-sc.doneServing: 4448 case <-sharedCh: 4449 close(privateCh) 4450 } 4451 } 4452 4453 type http2serverMessage int 4454 4455 // Message values sent to serveMsgCh. 4456 var ( 4457 http2settingsTimerMsg = new(http2serverMessage) 4458 http2idleTimerMsg = new(http2serverMessage) 4459 http2shutdownTimerMsg = new(http2serverMessage) 4460 http2gracefulShutdownMsg = new(http2serverMessage) 4461 ) 4462 4463 func (sc *http2serverConn) onSettingsTimer() { sc.sendServeMsg(http2settingsTimerMsg) } 4464 4465 func (sc *http2serverConn) onIdleTimer() { sc.sendServeMsg(http2idleTimerMsg) } 4466 4467 func (sc *http2serverConn) onShutdownTimer() { sc.sendServeMsg(http2shutdownTimerMsg) } 4468 4469 func (sc *http2serverConn) sendServeMsg(msg interface{}) { 4470 sc.serveG.checkNotOn() // NOT 4471 select { 4472 case sc.serveMsgCh <- msg: 4473 case <-sc.doneServing: 4474 } 4475 } 4476 4477 var http2errPrefaceTimeout = errors.New("timeout waiting for client preface") 4478 4479 // readPreface reads the ClientPreface greeting from the peer or 4480 // returns errPrefaceTimeout on timeout, or an error if the greeting 4481 // is invalid. 4482 func (sc *http2serverConn) readPreface() error { 4483 errc := make(chan error, 1) 4484 go func() { 4485 // Read the client preface 4486 buf := make([]byte, len(http2ClientPreface)) 4487 if _, err := io.ReadFull(sc.conn, buf); err != nil { 4488 errc <- err 4489 } else if !bytes.Equal(buf, http2clientPreface) { 4490 errc <- fmt.Errorf("bogus greeting %q", buf) 4491 } else { 4492 errc <- nil 4493 } 4494 }() 4495 timer := time.NewTimer(http2prefaceTimeout) // TODO: configurable on *Server? 4496 defer timer.Stop() 4497 select { 4498 case <-timer.C: 4499 return http2errPrefaceTimeout 4500 case err := <-errc: 4501 if err == nil { 4502 if http2VerboseLogs { 4503 sc.vlogf("http2: server: client %v said hello", sc.conn.RemoteAddr()) 4504 } 4505 } 4506 return err 4507 } 4508 } 4509 4510 var http2errChanPool = sync.Pool{ 4511 New: func() interface{} { return make(chan error, 1) }, 4512 } 4513 4514 var http2writeDataPool = sync.Pool{ 4515 New: func() interface{} { return new(http2writeData) }, 4516 } 4517 4518 // writeDataFromHandler writes DATA response frames from a handler on 4519 // the given stream. 4520 func (sc *http2serverConn) writeDataFromHandler(stream *http2stream, data []byte, endStream bool) error { 4521 ch := http2errChanPool.Get().(chan error) 4522 writeArg := http2writeDataPool.Get().(*http2writeData) 4523 *writeArg = http2writeData{stream.id, data, endStream} 4524 err := sc.writeFrameFromHandler(http2FrameWriteRequest{ 4525 write: writeArg, 4526 stream: stream, 4527 done: ch, 4528 }) 4529 if err != nil { 4530 return err 4531 } 4532 var frameWriteDone bool // the frame write is done (successfully or not) 4533 select { 4534 case err = <-ch: 4535 frameWriteDone = true 4536 case <-sc.doneServing: 4537 return http2errClientDisconnected 4538 case <-stream.cw: 4539 // If both ch and stream.cw were ready (as might 4540 // happen on the final Write after an http.Handler 4541 // ends), prefer the write result. Otherwise this 4542 // might just be us successfully closing the stream. 4543 // The writeFrameAsync and serve goroutines guarantee 4544 // that the ch send will happen before the stream.cw 4545 // close. 4546 select { 4547 case err = <-ch: 4548 frameWriteDone = true 4549 default: 4550 return http2errStreamClosed 4551 } 4552 } 4553 http2errChanPool.Put(ch) 4554 if frameWriteDone { 4555 http2writeDataPool.Put(writeArg) 4556 } 4557 return err 4558 } 4559 4560 // writeFrameFromHandler sends wr to sc.wantWriteFrameCh, but aborts 4561 // if the connection has gone away. 4562 // 4563 // This must not be run from the serve goroutine itself, else it might 4564 // deadlock writing to sc.wantWriteFrameCh (which is only mildly 4565 // buffered and is read by serve itself). If you're on the serve 4566 // goroutine, call writeFrame instead. 4567 func (sc *http2serverConn) writeFrameFromHandler(wr http2FrameWriteRequest) error { 4568 sc.serveG.checkNotOn() // NOT 4569 select { 4570 case sc.wantWriteFrameCh <- wr: 4571 return nil 4572 case <-sc.doneServing: 4573 // Serve loop is gone. 4574 // Client has closed their connection to the server. 4575 return http2errClientDisconnected 4576 } 4577 } 4578 4579 // writeFrame schedules a frame to write and sends it if there's nothing 4580 // already being written. 4581 // 4582 // There is no pushback here (the serve goroutine never blocks). It's 4583 // the http.Handlers that block, waiting for their previous frames to 4584 // make it onto the wire 4585 // 4586 // If you're not on the serve goroutine, use writeFrameFromHandler instead. 4587 func (sc *http2serverConn) writeFrame(wr http2FrameWriteRequest) { 4588 sc.serveG.check() 4589 4590 // If true, wr will not be written and wr.done will not be signaled. 4591 var ignoreWrite bool 4592 4593 // We are not allowed to write frames on closed streams. RFC 7540 Section 4594 // 5.1.1 says: "An endpoint MUST NOT send frames other than PRIORITY on 4595 // a closed stream." Our server never sends PRIORITY, so that exception 4596 // does not apply. 4597 // 4598 // The serverConn might close an open stream while the stream's handler 4599 // is still running. For example, the server might close a stream when it 4600 // receives bad data from the client. If this happens, the handler might 4601 // attempt to write a frame after the stream has been closed (since the 4602 // handler hasn't yet been notified of the close). In this case, we simply 4603 // ignore the frame. The handler will notice that the stream is closed when 4604 // it waits for the frame to be written. 4605 // 4606 // As an exception to this rule, we allow sending RST_STREAM after close. 4607 // This allows us to immediately reject new streams without tracking any 4608 // state for those streams (except for the queued RST_STREAM frame). This 4609 // may result in duplicate RST_STREAMs in some cases, but the client should 4610 // ignore those. 4611 if wr.StreamID() != 0 { 4612 _, isReset := wr.write.(http2StreamError) 4613 if state, _ := sc.state(wr.StreamID()); state == http2stateClosed && !isReset { 4614 ignoreWrite = true 4615 } 4616 } 4617 4618 // Don't send a 100-continue response if we've already sent headers. 4619 // See golang.org/issue/14030. 4620 switch wr.write.(type) { 4621 case *http2writeResHeaders: 4622 wr.stream.wroteHeaders = true 4623 case http2write100ContinueHeadersFrame: 4624 if wr.stream.wroteHeaders { 4625 // We do not need to notify wr.done because this frame is 4626 // never written with wr.done != nil. 4627 if wr.done != nil { 4628 panic("wr.done != nil for write100ContinueHeadersFrame") 4629 } 4630 ignoreWrite = true 4631 } 4632 } 4633 4634 if !ignoreWrite { 4635 sc.writeSched.Push(wr) 4636 } 4637 sc.scheduleFrameWrite() 4638 } 4639 4640 // startFrameWrite starts a goroutine to write wr (in a separate 4641 // goroutine since that might block on the network), and updates the 4642 // serve goroutine's state about the world, updated from info in wr. 4643 func (sc *http2serverConn) startFrameWrite(wr http2FrameWriteRequest) { 4644 sc.serveG.check() 4645 if sc.writingFrame { 4646 panic("internal error: can only be writing one frame at a time") 4647 } 4648 4649 st := wr.stream 4650 if st != nil { 4651 switch st.state { 4652 case http2stateHalfClosedLocal: 4653 switch wr.write.(type) { 4654 case http2StreamError, http2handlerPanicRST, http2writeWindowUpdate: 4655 // RFC 7540 Section 5.1 allows sending RST_STREAM, PRIORITY, and WINDOW_UPDATE 4656 // in this state. (We never send PRIORITY from the server, so that is not checked.) 4657 default: 4658 panic(fmt.Sprintf("internal error: attempt to send frame on a half-closed-local stream: %v", wr)) 4659 } 4660 case http2stateClosed: 4661 panic(fmt.Sprintf("internal error: attempt to send frame on a closed stream: %v", wr)) 4662 } 4663 } 4664 if wpp, ok := wr.write.(*http2writePushPromise); ok { 4665 var err error 4666 wpp.promisedID, err = wpp.allocatePromisedID() 4667 if err != nil { 4668 sc.writingFrameAsync = false 4669 wr.replyToWriter(err) 4670 return 4671 } 4672 } 4673 4674 sc.writingFrame = true 4675 sc.needsFrameFlush = true 4676 if wr.write.staysWithinBuffer(sc.bw.Available()) { 4677 sc.writingFrameAsync = false 4678 err := wr.write.writeFrame(sc) 4679 sc.wroteFrame(http2frameWriteResult{wr, err}) 4680 } else { 4681 sc.writingFrameAsync = true 4682 go sc.writeFrameAsync(wr) 4683 } 4684 } 4685 4686 // errHandlerPanicked is the error given to any callers blocked in a read from 4687 // Request.Body when the main goroutine panics. Since most handlers read in the 4688 // main ServeHTTP goroutine, this will show up rarely. 4689 var http2errHandlerPanicked = errors.New("http2: handler panicked") 4690 4691 // wroteFrame is called on the serve goroutine with the result of 4692 // whatever happened on writeFrameAsync. 4693 func (sc *http2serverConn) wroteFrame(res http2frameWriteResult) { 4694 sc.serveG.check() 4695 if !sc.writingFrame { 4696 panic("internal error: expected to be already writing a frame") 4697 } 4698 sc.writingFrame = false 4699 sc.writingFrameAsync = false 4700 4701 wr := res.wr 4702 4703 if http2writeEndsStream(wr.write) { 4704 st := wr.stream 4705 if st == nil { 4706 panic("internal error: expecting non-nil stream") 4707 } 4708 switch st.state { 4709 case http2stateOpen: 4710 // Here we would go to stateHalfClosedLocal in 4711 // theory, but since our handler is done and 4712 // the net/http package provides no mechanism 4713 // for closing a ResponseWriter while still 4714 // reading data (see possible TODO at top of 4715 // this file), we go into closed state here 4716 // anyway, after telling the peer we're 4717 // hanging up on them. We'll transition to 4718 // stateClosed after the RST_STREAM frame is 4719 // written. 4720 st.state = http2stateHalfClosedLocal 4721 // Section 8.1: a server MAY request that the client abort 4722 // transmission of a request without error by sending a 4723 // RST_STREAM with an error code of NO_ERROR after sending 4724 // a complete response. 4725 sc.resetStream(http2streamError(st.id, http2ErrCodeNo)) 4726 case http2stateHalfClosedRemote: 4727 sc.closeStream(st, http2errHandlerComplete) 4728 } 4729 } else { 4730 switch v := wr.write.(type) { 4731 case http2StreamError: 4732 // st may be unknown if the RST_STREAM was generated to reject bad input. 4733 if st, ok := sc.streams[v.StreamID]; ok { 4734 sc.closeStream(st, v) 4735 } 4736 case http2handlerPanicRST: 4737 sc.closeStream(wr.stream, http2errHandlerPanicked) 4738 } 4739 } 4740 4741 // Reply (if requested) to unblock the ServeHTTP goroutine. 4742 wr.replyToWriter(res.err) 4743 4744 sc.scheduleFrameWrite() 4745 } 4746 4747 // scheduleFrameWrite tickles the frame writing scheduler. 4748 // 4749 // If a frame is already being written, nothing happens. This will be called again 4750 // when the frame is done being written. 4751 // 4752 // If a frame isn't being written we need to send one, the best frame 4753 // to send is selected, preferring first things that aren't 4754 // stream-specific (e.g. ACKing settings), and then finding the 4755 // highest priority stream. 4756 // 4757 // If a frame isn't being written and there's nothing else to send, we 4758 // flush the write buffer. 4759 func (sc *http2serverConn) scheduleFrameWrite() { 4760 sc.serveG.check() 4761 if sc.writingFrame || sc.inFrameScheduleLoop { 4762 return 4763 } 4764 sc.inFrameScheduleLoop = true 4765 for !sc.writingFrameAsync { 4766 if sc.needToSendGoAway { 4767 sc.needToSendGoAway = false 4768 sc.startFrameWrite(http2FrameWriteRequest{ 4769 write: &http2writeGoAway{ 4770 maxStreamID: sc.maxClientStreamID, 4771 code: sc.goAwayCode, 4772 }, 4773 }) 4774 continue 4775 } 4776 if sc.needToSendSettingsAck { 4777 sc.needToSendSettingsAck = false 4778 sc.startFrameWrite(http2FrameWriteRequest{write: http2writeSettingsAck{}}) 4779 continue 4780 } 4781 if !sc.inGoAway || sc.goAwayCode == http2ErrCodeNo { 4782 if wr, ok := sc.writeSched.Pop(); ok { 4783 sc.startFrameWrite(wr) 4784 continue 4785 } 4786 } 4787 if sc.needsFrameFlush { 4788 sc.startFrameWrite(http2FrameWriteRequest{write: http2flushFrameWriter{}}) 4789 sc.needsFrameFlush = false // after startFrameWrite, since it sets this true 4790 continue 4791 } 4792 break 4793 } 4794 sc.inFrameScheduleLoop = false 4795 } 4796 4797 // startGracefulShutdown gracefully shuts down a connection. This 4798 // sends GOAWAY with ErrCodeNo to tell the client we're gracefully 4799 // shutting down. The connection isn't closed until all current 4800 // streams are done. 4801 // 4802 // startGracefulShutdown returns immediately; it does not wait until 4803 // the connection has shut down. 4804 func (sc *http2serverConn) startGracefulShutdown() { 4805 sc.serveG.checkNotOn() // NOT 4806 sc.shutdownOnce.Do(func() { sc.sendServeMsg(http2gracefulShutdownMsg) }) 4807 } 4808 4809 // After sending GOAWAY, the connection will close after goAwayTimeout. 4810 // If we close the connection immediately after sending GOAWAY, there may 4811 // be unsent data in our kernel receive buffer, which will cause the kernel 4812 // to send a TCP RST on close() instead of a FIN. This RST will abort the 4813 // connection immediately, whether or not the client had received the GOAWAY. 4814 // 4815 // Ideally we should delay for at least 1 RTT + epsilon so the client has 4816 // a chance to read the GOAWAY and stop sending messages. Measuring RTT 4817 // is hard, so we approximate with 1 second. See golang.org/issue/18701. 4818 // 4819 // This is a var so it can be shorter in tests, where all requests uses the 4820 // loopback interface making the expected RTT very small. 4821 // 4822 // TODO: configurable? 4823 var http2goAwayTimeout = 1 * time.Second 4824 4825 func (sc *http2serverConn) startGracefulShutdownInternal() { 4826 sc.goAway(http2ErrCodeNo) 4827 } 4828 4829 func (sc *http2serverConn) goAway(code http2ErrCode) { 4830 sc.serveG.check() 4831 if sc.inGoAway { 4832 return 4833 } 4834 sc.inGoAway = true 4835 sc.needToSendGoAway = true 4836 sc.goAwayCode = code 4837 sc.scheduleFrameWrite() 4838 } 4839 4840 func (sc *http2serverConn) shutDownIn(d time.Duration) { 4841 sc.serveG.check() 4842 sc.shutdownTimer = time.AfterFunc(d, sc.onShutdownTimer) 4843 } 4844 4845 func (sc *http2serverConn) resetStream(se http2StreamError) { 4846 sc.serveG.check() 4847 sc.writeFrame(http2FrameWriteRequest{write: se}) 4848 if st, ok := sc.streams[se.StreamID]; ok { 4849 st.resetQueued = true 4850 } 4851 } 4852 4853 // processFrameFromReader processes the serve loop's read from readFrameCh from the 4854 // frame-reading goroutine. 4855 // processFrameFromReader returns whether the connection should be kept open. 4856 func (sc *http2serverConn) processFrameFromReader(res http2readFrameResult) bool { 4857 sc.serveG.check() 4858 err := res.err 4859 if err != nil { 4860 if err == http2ErrFrameTooLarge { 4861 sc.goAway(http2ErrCodeFrameSize) 4862 return true // goAway will close the loop 4863 } 4864 clientGone := err == io.EOF || err == io.ErrUnexpectedEOF || http2isClosedConnError(err) 4865 if clientGone { 4866 // TODO: could we also get into this state if 4867 // the peer does a half close 4868 // (e.g. CloseWrite) because they're done 4869 // sending frames but they're still wanting 4870 // our open replies? Investigate. 4871 // TODO: add CloseWrite to crypto/tls.Conn first 4872 // so we have a way to test this? I suppose 4873 // just for testing we could have a non-TLS mode. 4874 return false 4875 } 4876 } else { 4877 f := res.f 4878 if http2VerboseLogs { 4879 sc.vlogf("http2: server read frame %v", http2summarizeFrame(f)) 4880 } 4881 err = sc.processFrame(f) 4882 if err == nil { 4883 return true 4884 } 4885 } 4886 4887 switch ev := err.(type) { 4888 case http2StreamError: 4889 sc.resetStream(ev) 4890 return true 4891 case http2goAwayFlowError: 4892 sc.goAway(http2ErrCodeFlowControl) 4893 return true 4894 case http2ConnectionError: 4895 sc.logf("http2: server connection error from %v: %v", sc.conn.RemoteAddr(), ev) 4896 sc.goAway(http2ErrCode(ev)) 4897 return true // goAway will handle shutdown 4898 default: 4899 if res.err != nil { 4900 sc.vlogf("http2: server closing client connection; error reading frame from client %s: %v", sc.conn.RemoteAddr(), err) 4901 } else { 4902 sc.logf("http2: server closing client connection: %v", err) 4903 } 4904 return false 4905 } 4906 } 4907 4908 func (sc *http2serverConn) processFrame(f http2Frame) error { 4909 sc.serveG.check() 4910 4911 // First frame received must be SETTINGS. 4912 if !sc.sawFirstSettings { 4913 if _, ok := f.(*http2SettingsFrame); !ok { 4914 return http2ConnectionError(http2ErrCodeProtocol) 4915 } 4916 sc.sawFirstSettings = true 4917 } 4918 4919 switch f := f.(type) { 4920 case *http2SettingsFrame: 4921 return sc.processSettings(f) 4922 case *http2MetaHeadersFrame: 4923 return sc.processHeaders(f) 4924 case *http2WindowUpdateFrame: 4925 return sc.processWindowUpdate(f) 4926 case *http2PingFrame: 4927 return sc.processPing(f) 4928 case *http2DataFrame: 4929 return sc.processData(f) 4930 case *http2RSTStreamFrame: 4931 return sc.processResetStream(f) 4932 case *http2PriorityFrame: 4933 return sc.processPriority(f) 4934 case *http2GoAwayFrame: 4935 return sc.processGoAway(f) 4936 case *http2PushPromiseFrame: 4937 // A client cannot push. Thus, servers MUST treat the receipt of a PUSH_PROMISE 4938 // frame as a connection error (Section 5.4.1) of type PROTOCOL_ERROR. 4939 return http2ConnectionError(http2ErrCodeProtocol) 4940 default: 4941 sc.vlogf("http2: server ignoring frame: %v", f.Header()) 4942 return nil 4943 } 4944 } 4945 4946 func (sc *http2serverConn) processPing(f *http2PingFrame) error { 4947 sc.serveG.check() 4948 if f.IsAck() { 4949 // 6.7 PING: " An endpoint MUST NOT respond to PING frames 4950 // containing this flag." 4951 return nil 4952 } 4953 if f.StreamID != 0 { 4954 // "PING frames are not associated with any individual 4955 // stream. If a PING frame is received with a stream 4956 // identifier field value other than 0x0, the recipient MUST 4957 // respond with a connection error (Section 5.4.1) of type 4958 // PROTOCOL_ERROR." 4959 return http2ConnectionError(http2ErrCodeProtocol) 4960 } 4961 if sc.inGoAway && sc.goAwayCode != http2ErrCodeNo { 4962 return nil 4963 } 4964 sc.writeFrame(http2FrameWriteRequest{write: http2writePingAck{f}}) 4965 return nil 4966 } 4967 4968 func (sc *http2serverConn) processWindowUpdate(f *http2WindowUpdateFrame) error { 4969 sc.serveG.check() 4970 switch { 4971 case f.StreamID != 0: // stream-level flow control 4972 state, st := sc.state(f.StreamID) 4973 if state == http2stateIdle { 4974 // Section 5.1: "Receiving any frame other than HEADERS 4975 // or PRIORITY on a stream in this state MUST be 4976 // treated as a connection error (Section 5.4.1) of 4977 // type PROTOCOL_ERROR." 4978 return http2ConnectionError(http2ErrCodeProtocol) 4979 } 4980 if st == nil { 4981 // "WINDOW_UPDATE can be sent by a peer that has sent a 4982 // frame bearing the END_STREAM flag. This means that a 4983 // receiver could receive a WINDOW_UPDATE frame on a "half 4984 // closed (remote)" or "closed" stream. A receiver MUST 4985 // NOT treat this as an error, see Section 5.1." 4986 return nil 4987 } 4988 if !st.flow.add(int32(f.Increment)) { 4989 return http2streamError(f.StreamID, http2ErrCodeFlowControl) 4990 } 4991 default: // connection-level flow control 4992 if !sc.flow.add(int32(f.Increment)) { 4993 return http2goAwayFlowError{} 4994 } 4995 } 4996 sc.scheduleFrameWrite() 4997 return nil 4998 } 4999 5000 func (sc *http2serverConn) processResetStream(f *http2RSTStreamFrame) error { 5001 sc.serveG.check() 5002 5003 state, st := sc.state(f.StreamID) 5004 if state == http2stateIdle { 5005 // 6.4 "RST_STREAM frames MUST NOT be sent for a 5006 // stream in the "idle" state. If a RST_STREAM frame 5007 // identifying an idle stream is received, the 5008 // recipient MUST treat this as a connection error 5009 // (Section 5.4.1) of type PROTOCOL_ERROR. 5010 return http2ConnectionError(http2ErrCodeProtocol) 5011 } 5012 if st != nil { 5013 st.cancelCtx() 5014 sc.closeStream(st, http2streamError(f.StreamID, f.ErrCode)) 5015 } 5016 return nil 5017 } 5018 5019 func (sc *http2serverConn) closeStream(st *http2stream, err error) { 5020 sc.serveG.check() 5021 if st.state == http2stateIdle || st.state == http2stateClosed { 5022 panic(fmt.Sprintf("invariant; can't close stream in state %v", st.state)) 5023 } 5024 st.state = http2stateClosed 5025 if st.writeDeadline != nil { 5026 st.writeDeadline.Stop() 5027 } 5028 if st.isPushed() { 5029 sc.curPushedStreams-- 5030 } else { 5031 sc.curClientStreams-- 5032 } 5033 delete(sc.streams, st.id) 5034 if len(sc.streams) == 0 { 5035 sc.setConnState(StateIdle) 5036 if sc.srv.IdleTimeout != 0 { 5037 sc.idleTimer.Reset(sc.srv.IdleTimeout) 5038 } 5039 if http2h1ServerKeepAlivesDisabled(sc.hs) { 5040 sc.startGracefulShutdownInternal() 5041 } 5042 } 5043 if p := st.body; p != nil { 5044 // Return any buffered unread bytes worth of conn-level flow control. 5045 // See golang.org/issue/16481 5046 sc.sendWindowUpdate(nil, p.Len()) 5047 5048 p.CloseWithError(err) 5049 } 5050 st.cw.Close() // signals Handler's CloseNotifier, unblocks writes, etc 5051 sc.writeSched.CloseStream(st.id) 5052 } 5053 5054 func (sc *http2serverConn) processSettings(f *http2SettingsFrame) error { 5055 sc.serveG.check() 5056 if f.IsAck() { 5057 sc.unackedSettings-- 5058 if sc.unackedSettings < 0 { 5059 // Why is the peer ACKing settings we never sent? 5060 // The spec doesn't mention this case, but 5061 // hang up on them anyway. 5062 return http2ConnectionError(http2ErrCodeProtocol) 5063 } 5064 return nil 5065 } 5066 if f.NumSettings() > 100 || f.HasDuplicates() { 5067 // This isn't actually in the spec, but hang up on 5068 // suspiciously large settings frames or those with 5069 // duplicate entries. 5070 return http2ConnectionError(http2ErrCodeProtocol) 5071 } 5072 if err := f.ForeachSetting(sc.processSetting); err != nil { 5073 return err 5074 } 5075 sc.needToSendSettingsAck = true 5076 sc.scheduleFrameWrite() 5077 return nil 5078 } 5079 5080 func (sc *http2serverConn) processSetting(s http2Setting) error { 5081 sc.serveG.check() 5082 if err := s.Valid(); err != nil { 5083 return err 5084 } 5085 if http2VerboseLogs { 5086 sc.vlogf("http2: server processing setting %v", s) 5087 } 5088 switch s.ID { 5089 case http2SettingHeaderTableSize: 5090 sc.headerTableSize = s.Val 5091 sc.hpackEncoder.SetMaxDynamicTableSize(s.Val) 5092 case http2SettingEnablePush: 5093 sc.pushEnabled = s.Val != 0 5094 case http2SettingMaxConcurrentStreams: 5095 sc.clientMaxStreams = s.Val 5096 case http2SettingInitialWindowSize: 5097 return sc.processSettingInitialWindowSize(s.Val) 5098 case http2SettingMaxFrameSize: 5099 sc.maxFrameSize = int32(s.Val) // the maximum valid s.Val is < 2^31 5100 case http2SettingMaxHeaderListSize: 5101 sc.peerMaxHeaderListSize = s.Val 5102 default: 5103 // Unknown setting: "An endpoint that receives a SETTINGS 5104 // frame with any unknown or unsupported identifier MUST 5105 // ignore that setting." 5106 if http2VerboseLogs { 5107 sc.vlogf("http2: server ignoring unknown setting %v", s) 5108 } 5109 } 5110 return nil 5111 } 5112 5113 func (sc *http2serverConn) processSettingInitialWindowSize(val uint32) error { 5114 sc.serveG.check() 5115 // Note: val already validated to be within range by 5116 // processSetting's Valid call. 5117 5118 // "A SETTINGS frame can alter the initial flow control window 5119 // size for all current streams. When the value of 5120 // SETTINGS_INITIAL_WINDOW_SIZE changes, a receiver MUST 5121 // adjust the size of all stream flow control windows that it 5122 // maintains by the difference between the new value and the 5123 // old value." 5124 old := sc.initialStreamSendWindowSize 5125 sc.initialStreamSendWindowSize = int32(val) 5126 growth := int32(val) - old // may be negative 5127 for _, st := range sc.streams { 5128 if !st.flow.add(growth) { 5129 // 6.9.2 Initial Flow Control Window Size 5130 // "An endpoint MUST treat a change to 5131 // SETTINGS_INITIAL_WINDOW_SIZE that causes any flow 5132 // control window to exceed the maximum size as a 5133 // connection error (Section 5.4.1) of type 5134 // FLOW_CONTROL_ERROR." 5135 return http2ConnectionError(http2ErrCodeFlowControl) 5136 } 5137 } 5138 return nil 5139 } 5140 5141 func (sc *http2serverConn) processData(f *http2DataFrame) error { 5142 sc.serveG.check() 5143 if sc.inGoAway && sc.goAwayCode != http2ErrCodeNo { 5144 return nil 5145 } 5146 data := f.Data() 5147 5148 // "If a DATA frame is received whose stream is not in "open" 5149 // or "half closed (local)" state, the recipient MUST respond 5150 // with a stream error (Section 5.4.2) of type STREAM_CLOSED." 5151 id := f.Header().StreamID 5152 state, st := sc.state(id) 5153 if id == 0 || state == http2stateIdle { 5154 // Section 5.1: "Receiving any frame other than HEADERS 5155 // or PRIORITY on a stream in this state MUST be 5156 // treated as a connection error (Section 5.4.1) of 5157 // type PROTOCOL_ERROR." 5158 return http2ConnectionError(http2ErrCodeProtocol) 5159 } 5160 if st == nil || state != http2stateOpen || st.gotTrailerHeader || st.resetQueued { 5161 // This includes sending a RST_STREAM if the stream is 5162 // in stateHalfClosedLocal (which currently means that 5163 // the http.Handler returned, so it's done reading & 5164 // done writing). Try to stop the client from sending 5165 // more DATA. 5166 5167 // But still enforce their connection-level flow control, 5168 // and return any flow control bytes since we're not going 5169 // to consume them. 5170 if sc.inflow.available() < int32(f.Length) { 5171 return http2streamError(id, http2ErrCodeFlowControl) 5172 } 5173 // Deduct the flow control from inflow, since we're 5174 // going to immediately add it back in 5175 // sendWindowUpdate, which also schedules sending the 5176 // frames. 5177 sc.inflow.take(int32(f.Length)) 5178 sc.sendWindowUpdate(nil, int(f.Length)) // conn-level 5179 5180 if st != nil && st.resetQueued { 5181 // Already have a stream error in flight. Don't send another. 5182 return nil 5183 } 5184 return http2streamError(id, http2ErrCodeStreamClosed) 5185 } 5186 if st.body == nil { 5187 panic("internal error: should have a body in this state") 5188 } 5189 5190 // Sender sending more than they'd declared? 5191 if st.declBodyBytes != -1 && st.bodyBytes+int64(len(data)) > st.declBodyBytes { 5192 st.body.CloseWithError(fmt.Errorf("sender tried to send more than declared Content-Length of %d bytes", st.declBodyBytes)) 5193 // RFC 7540, sec 8.1.2.6: A request or response is also malformed if the 5194 // value of a content-length header field does not equal the sum of the 5195 // DATA frame payload lengths that form the body. 5196 return http2streamError(id, http2ErrCodeProtocol) 5197 } 5198 if f.Length > 0 { 5199 // Check whether the client has flow control quota. 5200 if st.inflow.available() < int32(f.Length) { 5201 return http2streamError(id, http2ErrCodeFlowControl) 5202 } 5203 st.inflow.take(int32(f.Length)) 5204 5205 if len(data) > 0 { 5206 wrote, err := st.body.Write(data) 5207 if err != nil { 5208 return http2streamError(id, http2ErrCodeStreamClosed) 5209 } 5210 if wrote != len(data) { 5211 panic("internal error: bad Writer") 5212 } 5213 st.bodyBytes += int64(len(data)) 5214 } 5215 5216 // Return any padded flow control now, since we won't 5217 // refund it later on body reads. 5218 if pad := int32(f.Length) - int32(len(data)); pad > 0 { 5219 sc.sendWindowUpdate32(nil, pad) 5220 sc.sendWindowUpdate32(st, pad) 5221 } 5222 } 5223 if f.StreamEnded() { 5224 st.endStream() 5225 } 5226 return nil 5227 } 5228 5229 func (sc *http2serverConn) processGoAway(f *http2GoAwayFrame) error { 5230 sc.serveG.check() 5231 if f.ErrCode != http2ErrCodeNo { 5232 sc.logf("http2: received GOAWAY %+v, starting graceful shutdown", f) 5233 } else { 5234 sc.vlogf("http2: received GOAWAY %+v, starting graceful shutdown", f) 5235 } 5236 sc.startGracefulShutdownInternal() 5237 // http://tools.ietf.org/html/rfc7540#section-6.8 5238 // We should not create any new streams, which means we should disable push. 5239 sc.pushEnabled = false 5240 return nil 5241 } 5242 5243 // isPushed reports whether the stream is server-initiated. 5244 func (st *http2stream) isPushed() bool { 5245 return st.id%2 == 0 5246 } 5247 5248 // endStream closes a Request.Body's pipe. It is called when a DATA 5249 // frame says a request body is over (or after trailers). 5250 func (st *http2stream) endStream() { 5251 sc := st.sc 5252 sc.serveG.check() 5253 5254 if st.declBodyBytes != -1 && st.declBodyBytes != st.bodyBytes { 5255 st.body.CloseWithError(fmt.Errorf("request declared a Content-Length of %d but only wrote %d bytes", 5256 st.declBodyBytes, st.bodyBytes)) 5257 } else { 5258 st.body.closeWithErrorAndCode(io.EOF, st.copyTrailersToHandlerRequest) 5259 st.body.CloseWithError(io.EOF) 5260 } 5261 st.state = http2stateHalfClosedRemote 5262 } 5263 5264 // copyTrailersToHandlerRequest is run in the Handler's goroutine in 5265 // its Request.Body.Read just before it gets io.EOF. 5266 func (st *http2stream) copyTrailersToHandlerRequest() { 5267 for k, vv := range st.trailer { 5268 if _, ok := st.reqTrailer[k]; ok { 5269 // Only copy it over it was pre-declared. 5270 st.reqTrailer[k] = vv 5271 } 5272 } 5273 } 5274 5275 // onWriteTimeout is run on its own goroutine (from time.AfterFunc) 5276 // when the stream's WriteTimeout has fired. 5277 func (st *http2stream) onWriteTimeout() { 5278 st.sc.writeFrameFromHandler(http2FrameWriteRequest{write: http2streamError(st.id, http2ErrCodeInternal)}) 5279 } 5280 5281 func (sc *http2serverConn) processHeaders(f *http2MetaHeadersFrame) error { 5282 sc.serveG.check() 5283 id := f.StreamID 5284 if sc.inGoAway { 5285 // Ignore. 5286 return nil 5287 } 5288 // http://tools.ietf.org/html/rfc7540#section-5.1.1 5289 // Streams initiated by a client MUST use odd-numbered stream 5290 // identifiers. [...] An endpoint that receives an unexpected 5291 // stream identifier MUST respond with a connection error 5292 // (Section 5.4.1) of type PROTOCOL_ERROR. 5293 if id%2 != 1 { 5294 return http2ConnectionError(http2ErrCodeProtocol) 5295 } 5296 // A HEADERS frame can be used to create a new stream or 5297 // send a trailer for an open one. If we already have a stream 5298 // open, let it process its own HEADERS frame (trailers at this 5299 // point, if it's valid). 5300 if st := sc.streams[f.StreamID]; st != nil { 5301 if st.resetQueued { 5302 // We're sending RST_STREAM to close the stream, so don't bother 5303 // processing this frame. 5304 return nil 5305 } 5306 // RFC 7540, sec 5.1: If an endpoint receives additional frames, other than 5307 // WINDOW_UPDATE, PRIORITY, or RST_STREAM, for a stream that is in 5308 // this state, it MUST respond with a stream error (Section 5.4.2) of 5309 // type STREAM_CLOSED. 5310 if st.state == http2stateHalfClosedRemote { 5311 return http2streamError(id, http2ErrCodeStreamClosed) 5312 } 5313 return st.processTrailerHeaders(f) 5314 } 5315 5316 // [...] The identifier of a newly established stream MUST be 5317 // numerically greater than all streams that the initiating 5318 // endpoint has opened or reserved. [...] An endpoint that 5319 // receives an unexpected stream identifier MUST respond with 5320 // a connection error (Section 5.4.1) of type PROTOCOL_ERROR. 5321 if id <= sc.maxClientStreamID { 5322 return http2ConnectionError(http2ErrCodeProtocol) 5323 } 5324 sc.maxClientStreamID = id 5325 5326 if sc.idleTimer != nil { 5327 sc.idleTimer.Stop() 5328 } 5329 5330 // http://tools.ietf.org/html/rfc7540#section-5.1.2 5331 // [...] Endpoints MUST NOT exceed the limit set by their peer. An 5332 // endpoint that receives a HEADERS frame that causes their 5333 // advertised concurrent stream limit to be exceeded MUST treat 5334 // this as a stream error (Section 5.4.2) of type PROTOCOL_ERROR 5335 // or REFUSED_STREAM. 5336 if sc.curClientStreams+1 > sc.advMaxStreams { 5337 if sc.unackedSettings == 0 { 5338 // They should know better. 5339 return http2streamError(id, http2ErrCodeProtocol) 5340 } 5341 // Assume it's a network race, where they just haven't 5342 // received our last SETTINGS update. But actually 5343 // this can't happen yet, because we don't yet provide 5344 // a way for users to adjust server parameters at 5345 // runtime. 5346 return http2streamError(id, http2ErrCodeRefusedStream) 5347 } 5348 5349 initialState := http2stateOpen 5350 if f.StreamEnded() { 5351 initialState = http2stateHalfClosedRemote 5352 } 5353 st := sc.newStream(id, 0, initialState) 5354 5355 if f.HasPriority() { 5356 if err := http2checkPriority(f.StreamID, f.Priority); err != nil { 5357 return err 5358 } 5359 sc.writeSched.AdjustStream(st.id, f.Priority) 5360 } 5361 5362 rw, req, err := sc.newWriterAndRequest(st, f) 5363 if err != nil { 5364 return err 5365 } 5366 st.reqTrailer = req.Trailer 5367 if st.reqTrailer != nil { 5368 st.trailer = make(Header) 5369 } 5370 st.body = req.Body.(*http2requestBody).pipe // may be nil 5371 st.declBodyBytes = req.ContentLength 5372 5373 handler := sc.handler.ServeHTTP 5374 if f.Truncated { 5375 // Their header list was too long. Send a 431 error. 5376 handler = http2handleHeaderListTooLong 5377 } else if err := http2checkValidHTTP2RequestHeaders(req.Header); err != nil { 5378 handler = http2new400Handler(err) 5379 } 5380 5381 // The net/http package sets the read deadline from the 5382 // http.Server.ReadTimeout during the TLS handshake, but then 5383 // passes the connection off to us with the deadline already 5384 // set. Disarm it here after the request headers are read, 5385 // similar to how the http1 server works. Here it's 5386 // technically more like the http1 Server's ReadHeaderTimeout 5387 // (in Go 1.8), though. That's a more sane option anyway. 5388 if sc.hs.ReadTimeout != 0 { 5389 sc.conn.SetReadDeadline(time.Time{}) 5390 } 5391 5392 go sc.runHandler(rw, req, handler) 5393 return nil 5394 } 5395 5396 func (st *http2stream) processTrailerHeaders(f *http2MetaHeadersFrame) error { 5397 sc := st.sc 5398 sc.serveG.check() 5399 if st.gotTrailerHeader { 5400 return http2ConnectionError(http2ErrCodeProtocol) 5401 } 5402 st.gotTrailerHeader = true 5403 if !f.StreamEnded() { 5404 return http2streamError(st.id, http2ErrCodeProtocol) 5405 } 5406 5407 if len(f.PseudoFields()) > 0 { 5408 return http2streamError(st.id, http2ErrCodeProtocol) 5409 } 5410 if st.trailer != nil { 5411 for _, hf := range f.RegularFields() { 5412 key := sc.canonicalHeader(hf.Name) 5413 if !httpguts.ValidTrailerHeader(key) { 5414 // TODO: send more details to the peer somehow. But http2 has 5415 // no way to send debug data at a stream level. Discuss with 5416 // HTTP folk. 5417 return http2streamError(st.id, http2ErrCodeProtocol) 5418 } 5419 st.trailer[key] = append(st.trailer[key], hf.Value) 5420 } 5421 } 5422 st.endStream() 5423 return nil 5424 } 5425 5426 func http2checkPriority(streamID uint32, p http2PriorityParam) error { 5427 if streamID == p.StreamDep { 5428 // Section 5.3.1: "A stream cannot depend on itself. An endpoint MUST treat 5429 // this as a stream error (Section 5.4.2) of type PROTOCOL_ERROR." 5430 // Section 5.3.3 says that a stream can depend on one of its dependencies, 5431 // so it's only self-dependencies that are forbidden. 5432 return http2streamError(streamID, http2ErrCodeProtocol) 5433 } 5434 return nil 5435 } 5436 5437 func (sc *http2serverConn) processPriority(f *http2PriorityFrame) error { 5438 if sc.inGoAway { 5439 return nil 5440 } 5441 if err := http2checkPriority(f.StreamID, f.http2PriorityParam); err != nil { 5442 return err 5443 } 5444 sc.writeSched.AdjustStream(f.StreamID, f.http2PriorityParam) 5445 return nil 5446 } 5447 5448 func (sc *http2serverConn) newStream(id, pusherID uint32, state http2streamState) *http2stream { 5449 sc.serveG.check() 5450 if id == 0 { 5451 panic("internal error: cannot create stream with id 0") 5452 } 5453 5454 ctx, cancelCtx := context.WithCancel(sc.baseCtx) 5455 st := &http2stream{ 5456 sc: sc, 5457 id: id, 5458 state: state, 5459 ctx: ctx, 5460 cancelCtx: cancelCtx, 5461 } 5462 st.cw.Init() 5463 st.flow.conn = &sc.flow // link to conn-level counter 5464 st.flow.add(sc.initialStreamSendWindowSize) 5465 st.inflow.conn = &sc.inflow // link to conn-level counter 5466 st.inflow.add(sc.srv.initialStreamRecvWindowSize()) 5467 if sc.hs.WriteTimeout != 0 { 5468 st.writeDeadline = time.AfterFunc(sc.hs.WriteTimeout, st.onWriteTimeout) 5469 } 5470 5471 sc.streams[id] = st 5472 sc.writeSched.OpenStream(st.id, http2OpenStreamOptions{PusherID: pusherID}) 5473 if st.isPushed() { 5474 sc.curPushedStreams++ 5475 } else { 5476 sc.curClientStreams++ 5477 } 5478 if sc.curOpenStreams() == 1 { 5479 sc.setConnState(StateActive) 5480 } 5481 5482 return st 5483 } 5484 5485 func (sc *http2serverConn) newWriterAndRequest(st *http2stream, f *http2MetaHeadersFrame) (*http2responseWriter, *Request, error) { 5486 sc.serveG.check() 5487 5488 rp := http2requestParam{ 5489 method: f.PseudoValue("method"), 5490 scheme: f.PseudoValue("scheme"), 5491 authority: f.PseudoValue("authority"), 5492 path: f.PseudoValue("path"), 5493 } 5494 5495 isConnect := rp.method == "CONNECT" 5496 if isConnect { 5497 if rp.path != "" || rp.scheme != "" || rp.authority == "" { 5498 return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol) 5499 } 5500 } else if rp.method == "" || rp.path == "" || (rp.scheme != "https" && rp.scheme != "http") { 5501 // See 8.1.2.6 Malformed Requests and Responses: 5502 // 5503 // Malformed requests or responses that are detected 5504 // MUST be treated as a stream error (Section 5.4.2) 5505 // of type PROTOCOL_ERROR." 5506 // 5507 // 8.1.2.3 Request Pseudo-Header Fields 5508 // "All HTTP/2 requests MUST include exactly one valid 5509 // value for the :method, :scheme, and :path 5510 // pseudo-header fields" 5511 return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol) 5512 } 5513 5514 bodyOpen := !f.StreamEnded() 5515 if rp.method == "HEAD" && bodyOpen { 5516 // HEAD requests can't have bodies 5517 return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol) 5518 } 5519 5520 rp.header = make(Header) 5521 for _, hf := range f.RegularFields() { 5522 rp.header.Add(sc.canonicalHeader(hf.Name), hf.Value) 5523 } 5524 if rp.authority == "" { 5525 rp.authority = rp.header.Get("Host") 5526 } 5527 5528 rw, req, err := sc.newWriterAndRequestNoBody(st, rp) 5529 if err != nil { 5530 return nil, nil, err 5531 } 5532 if bodyOpen { 5533 if vv, ok := rp.header["Content-Length"]; ok { 5534 req.ContentLength, _ = strconv.ParseInt(vv[0], 10, 64) 5535 } else { 5536 req.ContentLength = -1 5537 } 5538 req.Body.(*http2requestBody).pipe = &http2pipe{ 5539 b: &http2dataBuffer{expected: req.ContentLength}, 5540 } 5541 } 5542 return rw, req, nil 5543 } 5544 5545 type http2requestParam struct { 5546 method string 5547 scheme, authority, path string 5548 header Header 5549 } 5550 5551 func (sc *http2serverConn) newWriterAndRequestNoBody(st *http2stream, rp http2requestParam) (*http2responseWriter, *Request, error) { 5552 sc.serveG.check() 5553 5554 var tlsState *tls.ConnectionState // nil if not scheme https 5555 if rp.scheme == "https" { 5556 tlsState = sc.tlsState 5557 } 5558 5559 needsContinue := rp.header.Get("Expect") == "100-continue" 5560 if needsContinue { 5561 rp.header.Del("Expect") 5562 } 5563 // Merge Cookie headers into one "; "-delimited value. 5564 if cookies := rp.header["Cookie"]; len(cookies) > 1 { 5565 rp.header.Set("Cookie", strings.Join(cookies, "; ")) 5566 } 5567 5568 // Setup Trailers 5569 var trailer Header 5570 for _, v := range rp.header["Trailer"] { 5571 for _, key := range strings.Split(v, ",") { 5572 key = CanonicalHeaderKey(strings.TrimSpace(key)) 5573 switch key { 5574 case "Transfer-Encoding", "Trailer", "Content-Length": 5575 // Bogus. (copy of http1 rules) 5576 // Ignore. 5577 default: 5578 if trailer == nil { 5579 trailer = make(Header) 5580 } 5581 trailer[key] = nil 5582 } 5583 } 5584 } 5585 delete(rp.header, "Trailer") 5586 5587 var url_ *url.URL 5588 var requestURI string 5589 if rp.method == "CONNECT" { 5590 url_ = &url.URL{Host: rp.authority} 5591 requestURI = rp.authority // mimic HTTP/1 server behavior 5592 } else { 5593 var err error 5594 url_, err = url.ParseRequestURI(rp.path) 5595 if err != nil { 5596 return nil, nil, http2streamError(st.id, http2ErrCodeProtocol) 5597 } 5598 requestURI = rp.path 5599 } 5600 5601 body := &http2requestBody{ 5602 conn: sc, 5603 stream: st, 5604 needsContinue: needsContinue, 5605 } 5606 req := &Request{ 5607 Method: rp.method, 5608 URL: url_, 5609 RemoteAddr: sc.remoteAddrStr, 5610 Header: rp.header, 5611 RequestURI: requestURI, 5612 Proto: "HTTP/2.0", 5613 ProtoMajor: 2, 5614 ProtoMinor: 0, 5615 TLS: tlsState, 5616 Host: rp.authority, 5617 Body: body, 5618 Trailer: trailer, 5619 } 5620 req = req.WithContext(st.ctx) 5621 5622 rws := http2responseWriterStatePool.Get().(*http2responseWriterState) 5623 bwSave := rws.bw 5624 *rws = http2responseWriterState{} // zero all the fields 5625 rws.conn = sc 5626 rws.bw = bwSave 5627 rws.bw.Reset(http2chunkWriter{rws}) 5628 rws.stream = st 5629 rws.req = req 5630 rws.body = body 5631 5632 rw := &http2responseWriter{rws: rws} 5633 return rw, req, nil 5634 } 5635 5636 // Run on its own goroutine. 5637 func (sc *http2serverConn) runHandler(rw *http2responseWriter, req *Request, handler func(ResponseWriter, *Request)) { 5638 didPanic := true 5639 defer func() { 5640 rw.rws.stream.cancelCtx() 5641 if didPanic { 5642 e := recover() 5643 sc.writeFrameFromHandler(http2FrameWriteRequest{ 5644 write: http2handlerPanicRST{rw.rws.stream.id}, 5645 stream: rw.rws.stream, 5646 }) 5647 // Same as net/http: 5648 if e != nil && e != ErrAbortHandler { 5649 const size = 64 << 10 5650 buf := make([]byte, size) 5651 buf = buf[:runtime.Stack(buf, false)] 5652 sc.logf("http2: panic serving %v: %v\n%s", sc.conn.RemoteAddr(), e, buf) 5653 } 5654 return 5655 } 5656 rw.handlerDone() 5657 }() 5658 handler(rw, req) 5659 didPanic = false 5660 } 5661 5662 func http2handleHeaderListTooLong(w ResponseWriter, r *Request) { 5663 // 10.5.1 Limits on Header Block Size: 5664 // .. "A server that receives a larger header block than it is 5665 // willing to handle can send an HTTP 431 (Request Header Fields Too 5666 // Large) status code" 5667 const statusRequestHeaderFieldsTooLarge = 431 // only in Go 1.6+ 5668 w.WriteHeader(statusRequestHeaderFieldsTooLarge) 5669 io.WriteString(w, "<h1>HTTP Error 431</h1><p>Request Header Field(s) Too Large</p>") 5670 } 5671 5672 // called from handler goroutines. 5673 // h may be nil. 5674 func (sc *http2serverConn) writeHeaders(st *http2stream, headerData *http2writeResHeaders) error { 5675 sc.serveG.checkNotOn() // NOT on 5676 var errc chan error 5677 if headerData.h != nil { 5678 // If there's a header map (which we don't own), so we have to block on 5679 // waiting for this frame to be written, so an http.Flush mid-handler 5680 // writes out the correct value of keys, before a handler later potentially 5681 // mutates it. 5682 errc = http2errChanPool.Get().(chan error) 5683 } 5684 if err := sc.writeFrameFromHandler(http2FrameWriteRequest{ 5685 write: headerData, 5686 stream: st, 5687 done: errc, 5688 }); err != nil { 5689 return err 5690 } 5691 if errc != nil { 5692 select { 5693 case err := <-errc: 5694 http2errChanPool.Put(errc) 5695 return err 5696 case <-sc.doneServing: 5697 return http2errClientDisconnected 5698 case <-st.cw: 5699 return http2errStreamClosed 5700 } 5701 } 5702 return nil 5703 } 5704 5705 // called from handler goroutines. 5706 func (sc *http2serverConn) write100ContinueHeaders(st *http2stream) { 5707 sc.writeFrameFromHandler(http2FrameWriteRequest{ 5708 write: http2write100ContinueHeadersFrame{st.id}, 5709 stream: st, 5710 }) 5711 } 5712 5713 // A bodyReadMsg tells the server loop that the http.Handler read n 5714 // bytes of the DATA from the client on the given stream. 5715 type http2bodyReadMsg struct { 5716 st *http2stream 5717 n int 5718 } 5719 5720 // called from handler goroutines. 5721 // Notes that the handler for the given stream ID read n bytes of its body 5722 // and schedules flow control tokens to be sent. 5723 func (sc *http2serverConn) noteBodyReadFromHandler(st *http2stream, n int, err error) { 5724 sc.serveG.checkNotOn() // NOT on 5725 if n > 0 { 5726 select { 5727 case sc.bodyReadCh <- http2bodyReadMsg{st, n}: 5728 case <-sc.doneServing: 5729 } 5730 } 5731 } 5732 5733 func (sc *http2serverConn) noteBodyRead(st *http2stream, n int) { 5734 sc.serveG.check() 5735 sc.sendWindowUpdate(nil, n) // conn-level 5736 if st.state != http2stateHalfClosedRemote && st.state != http2stateClosed { 5737 // Don't send this WINDOW_UPDATE if the stream is closed 5738 // remotely. 5739 sc.sendWindowUpdate(st, n) 5740 } 5741 } 5742 5743 // st may be nil for conn-level 5744 func (sc *http2serverConn) sendWindowUpdate(st *http2stream, n int) { 5745 sc.serveG.check() 5746 // "The legal range for the increment to the flow control 5747 // window is 1 to 2^31-1 (2,147,483,647) octets." 5748 // A Go Read call on 64-bit machines could in theory read 5749 // a larger Read than this. Very unlikely, but we handle it here 5750 // rather than elsewhere for now. 5751 const maxUint31 = 1<<31 - 1 5752 for n >= maxUint31 { 5753 sc.sendWindowUpdate32(st, maxUint31) 5754 n -= maxUint31 5755 } 5756 sc.sendWindowUpdate32(st, int32(n)) 5757 } 5758 5759 // st may be nil for conn-level 5760 func (sc *http2serverConn) sendWindowUpdate32(st *http2stream, n int32) { 5761 sc.serveG.check() 5762 if n == 0 { 5763 return 5764 } 5765 if n < 0 { 5766 panic("negative update") 5767 } 5768 var streamID uint32 5769 if st != nil { 5770 streamID = st.id 5771 } 5772 sc.writeFrame(http2FrameWriteRequest{ 5773 write: http2writeWindowUpdate{streamID: streamID, n: uint32(n)}, 5774 stream: st, 5775 }) 5776 var ok bool 5777 if st == nil { 5778 ok = sc.inflow.add(n) 5779 } else { 5780 ok = st.inflow.add(n) 5781 } 5782 if !ok { 5783 panic("internal error; sent too many window updates without decrements?") 5784 } 5785 } 5786 5787 // requestBody is the Handler's Request.Body type. 5788 // Read and Close may be called concurrently. 5789 type http2requestBody struct { 5790 stream *http2stream 5791 conn *http2serverConn 5792 closed bool // for use by Close only 5793 sawEOF bool // for use by Read only 5794 pipe *http2pipe // non-nil if we have a HTTP entity message body 5795 needsContinue bool // need to send a 100-continue 5796 } 5797 5798 func (b *http2requestBody) Close() error { 5799 if b.pipe != nil && !b.closed { 5800 b.pipe.BreakWithError(http2errClosedBody) 5801 } 5802 b.closed = true 5803 return nil 5804 } 5805 5806 func (b *http2requestBody) Read(p []byte) (n int, err error) { 5807 if b.needsContinue { 5808 b.needsContinue = false 5809 b.conn.write100ContinueHeaders(b.stream) 5810 } 5811 if b.pipe == nil || b.sawEOF { 5812 return 0, io.EOF 5813 } 5814 n, err = b.pipe.Read(p) 5815 if err == io.EOF { 5816 b.sawEOF = true 5817 } 5818 if b.conn == nil && http2inTests { 5819 return 5820 } 5821 b.conn.noteBodyReadFromHandler(b.stream, n, err) 5822 return 5823 } 5824 5825 // responseWriter is the http.ResponseWriter implementation. It's 5826 // intentionally small (1 pointer wide) to minimize garbage. The 5827 // responseWriterState pointer inside is zeroed at the end of a 5828 // request (in handlerDone) and calls on the responseWriter thereafter 5829 // simply crash (caller's mistake), but the much larger responseWriterState 5830 // and buffers are reused between multiple requests. 5831 type http2responseWriter struct { 5832 rws *http2responseWriterState 5833 } 5834 5835 // Optional http.ResponseWriter interfaces implemented. 5836 var ( 5837 _ CloseNotifier = (*http2responseWriter)(nil) 5838 _ Flusher = (*http2responseWriter)(nil) 5839 _ http2stringWriter = (*http2responseWriter)(nil) 5840 ) 5841 5842 type http2responseWriterState struct { 5843 // immutable within a request: 5844 stream *http2stream 5845 req *Request 5846 body *http2requestBody // to close at end of request, if DATA frames didn't 5847 conn *http2serverConn 5848 5849 // TODO: adjust buffer writing sizes based on server config, frame size updates from peer, etc 5850 bw *bufio.Writer // writing to a chunkWriter{this *responseWriterState} 5851 5852 // mutated by http.Handler goroutine: 5853 handlerHeader Header // nil until called 5854 snapHeader Header // snapshot of handlerHeader at WriteHeader time 5855 trailers []string // set in writeChunk 5856 status int // status code passed to WriteHeader 5857 wroteHeader bool // WriteHeader called (explicitly or implicitly). Not necessarily sent to user yet. 5858 sentHeader bool // have we sent the header frame? 5859 handlerDone bool // handler has finished 5860 dirty bool // a Write failed; don't reuse this responseWriterState 5861 5862 sentContentLen int64 // non-zero if handler set a Content-Length header 5863 wroteBytes int64 5864 5865 closeNotifierMu sync.Mutex // guards closeNotifierCh 5866 closeNotifierCh chan bool // nil until first used 5867 } 5868 5869 type http2chunkWriter struct{ rws *http2responseWriterState } 5870 5871 func (cw http2chunkWriter) Write(p []byte) (n int, err error) { return cw.rws.writeChunk(p) } 5872 5873 func (rws *http2responseWriterState) hasTrailers() bool { return len(rws.trailers) != 0 } 5874 5875 // declareTrailer is called for each Trailer header when the 5876 // response header is written. It notes that a header will need to be 5877 // written in the trailers at the end of the response. 5878 func (rws *http2responseWriterState) declareTrailer(k string) { 5879 k = CanonicalHeaderKey(k) 5880 if !httpguts.ValidTrailerHeader(k) { 5881 // Forbidden by RFC 7230, section 4.1.2. 5882 rws.conn.logf("ignoring invalid trailer %q", k) 5883 return 5884 } 5885 if !http2strSliceContains(rws.trailers, k) { 5886 rws.trailers = append(rws.trailers, k) 5887 } 5888 } 5889 5890 // writeChunk writes chunks from the bufio.Writer. But because 5891 // bufio.Writer may bypass its chunking, sometimes p may be 5892 // arbitrarily large. 5893 // 5894 // writeChunk is also responsible (on the first chunk) for sending the 5895 // HEADER response. 5896 func (rws *http2responseWriterState) writeChunk(p []byte) (n int, err error) { 5897 if !rws.wroteHeader { 5898 rws.writeHeader(200) 5899 } 5900 5901 isHeadResp := rws.req.Method == "HEAD" 5902 if !rws.sentHeader { 5903 rws.sentHeader = true 5904 var ctype, clen string 5905 if clen = rws.snapHeader.Get("Content-Length"); clen != "" { 5906 rws.snapHeader.Del("Content-Length") 5907 clen64, err := strconv.ParseInt(clen, 10, 64) 5908 if err == nil && clen64 >= 0 { 5909 rws.sentContentLen = clen64 5910 } else { 5911 clen = "" 5912 } 5913 } 5914 if clen == "" && rws.handlerDone && http2bodyAllowedForStatus(rws.status) && (len(p) > 0 || !isHeadResp) { 5915 clen = strconv.Itoa(len(p)) 5916 } 5917 _, hasContentType := rws.snapHeader["Content-Type"] 5918 if !hasContentType && http2bodyAllowedForStatus(rws.status) && len(p) > 0 { 5919 ctype = DetectContentType(p) 5920 } 5921 var date string 5922 if _, ok := rws.snapHeader["Date"]; !ok { 5923 // TODO(bradfitz): be faster here, like net/http? measure. 5924 date = time.Now().UTC().Format(TimeFormat) 5925 } 5926 5927 for _, v := range rws.snapHeader["Trailer"] { 5928 http2foreachHeaderElement(v, rws.declareTrailer) 5929 } 5930 5931 // "Connection" headers aren't allowed in HTTP/2 (RFC 7540, 8.1.2.2), 5932 // but respect "Connection" == "close" to mean sending a GOAWAY and tearing 5933 // down the TCP connection when idle, like we do for HTTP/1. 5934 // TODO: remove more Connection-specific header fields here, in addition 5935 // to "Connection". 5936 if _, ok := rws.snapHeader["Connection"]; ok { 5937 v := rws.snapHeader.Get("Connection") 5938 delete(rws.snapHeader, "Connection") 5939 if v == "close" { 5940 rws.conn.startGracefulShutdown() 5941 } 5942 } 5943 5944 endStream := (rws.handlerDone && !rws.hasTrailers() && len(p) == 0) || isHeadResp 5945 err = rws.conn.writeHeaders(rws.stream, &http2writeResHeaders{ 5946 streamID: rws.stream.id, 5947 httpResCode: rws.status, 5948 h: rws.snapHeader, 5949 endStream: endStream, 5950 contentType: ctype, 5951 contentLength: clen, 5952 date: date, 5953 }) 5954 if err != nil { 5955 rws.dirty = true 5956 return 0, err 5957 } 5958 if endStream { 5959 return 0, nil 5960 } 5961 } 5962 if isHeadResp { 5963 return len(p), nil 5964 } 5965 if len(p) == 0 && !rws.handlerDone { 5966 return 0, nil 5967 } 5968 5969 if rws.handlerDone { 5970 rws.promoteUndeclaredTrailers() 5971 } 5972 5973 endStream := rws.handlerDone && !rws.hasTrailers() 5974 if len(p) > 0 || endStream { 5975 // only send a 0 byte DATA frame if we're ending the stream. 5976 if err := rws.conn.writeDataFromHandler(rws.stream, p, endStream); err != nil { 5977 rws.dirty = true 5978 return 0, err 5979 } 5980 } 5981 5982 if rws.handlerDone && rws.hasTrailers() { 5983 err = rws.conn.writeHeaders(rws.stream, &http2writeResHeaders{ 5984 streamID: rws.stream.id, 5985 h: rws.handlerHeader, 5986 trailers: rws.trailers, 5987 endStream: true, 5988 }) 5989 if err != nil { 5990 rws.dirty = true 5991 } 5992 return len(p), err 5993 } 5994 return len(p), nil 5995 } 5996 5997 // TrailerPrefix is a magic prefix for ResponseWriter.Header map keys 5998 // that, if present, signals that the map entry is actually for 5999 // the response trailers, and not the response headers. The prefix 6000 // is stripped after the ServeHTTP call finishes and the values are 6001 // sent in the trailers. 6002 // 6003 // This mechanism is intended only for trailers that are not known 6004 // prior to the headers being written. If the set of trailers is fixed 6005 // or known before the header is written, the normal Go trailers mechanism 6006 // is preferred: 6007 // https://golang.org/pkg/net/http/#ResponseWriter 6008 // https://golang.org/pkg/net/http/#example_ResponseWriter_trailers 6009 const http2TrailerPrefix = "Trailer:" 6010 6011 // promoteUndeclaredTrailers permits http.Handlers to set trailers 6012 // after the header has already been flushed. Because the Go 6013 // ResponseWriter interface has no way to set Trailers (only the 6014 // Header), and because we didn't want to expand the ResponseWriter 6015 // interface, and because nobody used trailers, and because RFC 7230 6016 // says you SHOULD (but not must) predeclare any trailers in the 6017 // header, the official ResponseWriter rules said trailers in Go must 6018 // be predeclared, and then we reuse the same ResponseWriter.Header() 6019 // map to mean both Headers and Trailers. When it's time to write the 6020 // Trailers, we pick out the fields of Headers that were declared as 6021 // trailers. That worked for a while, until we found the first major 6022 // user of Trailers in the wild: gRPC (using them only over http2), 6023 // and gRPC libraries permit setting trailers mid-stream without 6024 // predeclarnig them. So: change of plans. We still permit the old 6025 // way, but we also permit this hack: if a Header() key begins with 6026 // "Trailer:", the suffix of that key is a Trailer. Because ':' is an 6027 // invalid token byte anyway, there is no ambiguity. (And it's already 6028 // filtered out) It's mildly hacky, but not terrible. 6029 // 6030 // This method runs after the Handler is done and promotes any Header 6031 // fields to be trailers. 6032 func (rws *http2responseWriterState) promoteUndeclaredTrailers() { 6033 for k, vv := range rws.handlerHeader { 6034 if !strings.HasPrefix(k, http2TrailerPrefix) { 6035 continue 6036 } 6037 trailerKey := strings.TrimPrefix(k, http2TrailerPrefix) 6038 rws.declareTrailer(trailerKey) 6039 rws.handlerHeader[CanonicalHeaderKey(trailerKey)] = vv 6040 } 6041 6042 if len(rws.trailers) > 1 { 6043 sorter := http2sorterPool.Get().(*http2sorter) 6044 sorter.SortStrings(rws.trailers) 6045 http2sorterPool.Put(sorter) 6046 } 6047 } 6048 6049 func (w *http2responseWriter) Flush() { 6050 rws := w.rws 6051 if rws == nil { 6052 panic("Header called after Handler finished") 6053 } 6054 if rws.bw.Buffered() > 0 { 6055 if err := rws.bw.Flush(); err != nil { 6056 // Ignore the error. The frame writer already knows. 6057 return 6058 } 6059 } else { 6060 // The bufio.Writer won't call chunkWriter.Write 6061 // (writeChunk with zero bytes, so we have to do it 6062 // ourselves to force the HTTP response header and/or 6063 // final DATA frame (with END_STREAM) to be sent. 6064 rws.writeChunk(nil) 6065 } 6066 } 6067 6068 func (w *http2responseWriter) CloseNotify() <-chan bool { 6069 rws := w.rws 6070 if rws == nil { 6071 panic("CloseNotify called after Handler finished") 6072 } 6073 rws.closeNotifierMu.Lock() 6074 ch := rws.closeNotifierCh 6075 if ch == nil { 6076 ch = make(chan bool, 1) 6077 rws.closeNotifierCh = ch 6078 cw := rws.stream.cw 6079 go func() { 6080 cw.Wait() // wait for close 6081 ch <- true 6082 }() 6083 } 6084 rws.closeNotifierMu.Unlock() 6085 return ch 6086 } 6087 6088 func (w *http2responseWriter) Header() Header { 6089 rws := w.rws 6090 if rws == nil { 6091 panic("Header called after Handler finished") 6092 } 6093 if rws.handlerHeader == nil { 6094 rws.handlerHeader = make(Header) 6095 } 6096 return rws.handlerHeader 6097 } 6098 6099 // checkWriteHeaderCode is a copy of net/http's checkWriteHeaderCode. 6100 func http2checkWriteHeaderCode(code int) { 6101 // Issue 22880: require valid WriteHeader status codes. 6102 // For now we only enforce that it's three digits. 6103 // In the future we might block things over 599 (600 and above aren't defined 6104 // at http://httpwg.org/specs/rfc7231.html#status.codes) 6105 // and we might block under 200 (once we have more mature 1xx support). 6106 // But for now any three digits. 6107 // 6108 // We used to send "HTTP/1.1 000 0" on the wire in responses but there's 6109 // no equivalent bogus thing we can realistically send in HTTP/2, 6110 // so we'll consistently panic instead and help people find their bugs 6111 // early. (We can't return an error from WriteHeader even if we wanted to.) 6112 if code < 100 || code > 999 { 6113 panic(fmt.Sprintf("invalid WriteHeader code %v", code)) 6114 } 6115 } 6116 6117 func (w *http2responseWriter) WriteHeader(code int) { 6118 rws := w.rws 6119 if rws == nil { 6120 panic("WriteHeader called after Handler finished") 6121 } 6122 rws.writeHeader(code) 6123 } 6124 6125 func (rws *http2responseWriterState) writeHeader(code int) { 6126 if !rws.wroteHeader { 6127 http2checkWriteHeaderCode(code) 6128 rws.wroteHeader = true 6129 rws.status = code 6130 if len(rws.handlerHeader) > 0 { 6131 rws.snapHeader = http2cloneHeader(rws.handlerHeader) 6132 } 6133 } 6134 } 6135 6136 func http2cloneHeader(h Header) Header { 6137 h2 := make(Header, len(h)) 6138 for k, vv := range h { 6139 vv2 := make([]string, len(vv)) 6140 copy(vv2, vv) 6141 h2[k] = vv2 6142 } 6143 return h2 6144 } 6145 6146 // The Life Of A Write is like this: 6147 // 6148 // * Handler calls w.Write or w.WriteString -> 6149 // * -> rws.bw (*bufio.Writer) -> 6150 // * (Handler might call Flush) 6151 // * -> chunkWriter{rws} 6152 // * -> responseWriterState.writeChunk(p []byte) 6153 // * -> responseWriterState.writeChunk (most of the magic; see comment there) 6154 func (w *http2responseWriter) Write(p []byte) (n int, err error) { 6155 return w.write(len(p), p, "") 6156 } 6157 6158 func (w *http2responseWriter) WriteString(s string) (n int, err error) { 6159 return w.write(len(s), nil, s) 6160 } 6161 6162 // either dataB or dataS is non-zero. 6163 func (w *http2responseWriter) write(lenData int, dataB []byte, dataS string) (n int, err error) { 6164 rws := w.rws 6165 if rws == nil { 6166 panic("Write called after Handler finished") 6167 } 6168 if !rws.wroteHeader { 6169 w.WriteHeader(200) 6170 } 6171 if !http2bodyAllowedForStatus(rws.status) { 6172 return 0, ErrBodyNotAllowed 6173 } 6174 rws.wroteBytes += int64(len(dataB)) + int64(len(dataS)) // only one can be set 6175 if rws.sentContentLen != 0 && rws.wroteBytes > rws.sentContentLen { 6176 // TODO: send a RST_STREAM 6177 return 0, errors.New("http2: handler wrote more than declared Content-Length") 6178 } 6179 6180 if dataB != nil { 6181 return rws.bw.Write(dataB) 6182 } else { 6183 return rws.bw.WriteString(dataS) 6184 } 6185 } 6186 6187 func (w *http2responseWriter) handlerDone() { 6188 rws := w.rws 6189 dirty := rws.dirty 6190 rws.handlerDone = true 6191 w.Flush() 6192 w.rws = nil 6193 if !dirty { 6194 // Only recycle the pool if all prior Write calls to 6195 // the serverConn goroutine completed successfully. If 6196 // they returned earlier due to resets from the peer 6197 // there might still be write goroutines outstanding 6198 // from the serverConn referencing the rws memory. See 6199 // issue 20704. 6200 http2responseWriterStatePool.Put(rws) 6201 } 6202 } 6203 6204 // Push errors. 6205 var ( 6206 http2ErrRecursivePush = errors.New("http2: recursive push not allowed") 6207 http2ErrPushLimitReached = errors.New("http2: push would exceed peer's SETTINGS_MAX_CONCURRENT_STREAMS") 6208 ) 6209 6210 var _ Pusher = (*http2responseWriter)(nil) 6211 6212 func (w *http2responseWriter) Push(target string, opts *PushOptions) error { 6213 st := w.rws.stream 6214 sc := st.sc 6215 sc.serveG.checkNotOn() 6216 6217 // No recursive pushes: "PUSH_PROMISE frames MUST only be sent on a peer-initiated stream." 6218 // http://tools.ietf.org/html/rfc7540#section-6.6 6219 if st.isPushed() { 6220 return http2ErrRecursivePush 6221 } 6222 6223 if opts == nil { 6224 opts = new(PushOptions) 6225 } 6226 6227 // Default options. 6228 if opts.Method == "" { 6229 opts.Method = "GET" 6230 } 6231 if opts.Header == nil { 6232 opts.Header = Header{} 6233 } 6234 wantScheme := "http" 6235 if w.rws.req.TLS != nil { 6236 wantScheme = "https" 6237 } 6238 6239 // Validate the request. 6240 u, err := url.Parse(target) 6241 if err != nil { 6242 return err 6243 } 6244 if u.Scheme == "" { 6245 if !strings.HasPrefix(target, "/") { 6246 return fmt.Errorf("target must be an absolute URL or an absolute path: %q", target) 6247 } 6248 u.Scheme = wantScheme 6249 u.Host = w.rws.req.Host 6250 } else { 6251 if u.Scheme != wantScheme { 6252 return fmt.Errorf("cannot push URL with scheme %q from request with scheme %q", u.Scheme, wantScheme) 6253 } 6254 if u.Host == "" { 6255 return errors.New("URL must have a host") 6256 } 6257 } 6258 for k := range opts.Header { 6259 if strings.HasPrefix(k, ":") { 6260 return fmt.Errorf("promised request headers cannot include pseudo header %q", k) 6261 } 6262 // These headers are meaningful only if the request has a body, 6263 // but PUSH_PROMISE requests cannot have a body. 6264 // http://tools.ietf.org/html/rfc7540#section-8.2 6265 // Also disallow Host, since the promised URL must be absolute. 6266 switch strings.ToLower(k) { 6267 case "content-length", "content-encoding", "trailer", "te", "expect", "host": 6268 return fmt.Errorf("promised request headers cannot include %q", k) 6269 } 6270 } 6271 if err := http2checkValidHTTP2RequestHeaders(opts.Header); err != nil { 6272 return err 6273 } 6274 6275 // The RFC effectively limits promised requests to GET and HEAD: 6276 // "Promised requests MUST be cacheable [GET, HEAD, or POST], and MUST be safe [GET or HEAD]" 6277 // http://tools.ietf.org/html/rfc7540#section-8.2 6278 if opts.Method != "GET" && opts.Method != "HEAD" { 6279 return fmt.Errorf("method %q must be GET or HEAD", opts.Method) 6280 } 6281 6282 msg := &http2startPushRequest{ 6283 parent: st, 6284 method: opts.Method, 6285 url: u, 6286 header: http2cloneHeader(opts.Header), 6287 done: http2errChanPool.Get().(chan error), 6288 } 6289 6290 select { 6291 case <-sc.doneServing: 6292 return http2errClientDisconnected 6293 case <-st.cw: 6294 return http2errStreamClosed 6295 case sc.serveMsgCh <- msg: 6296 } 6297 6298 select { 6299 case <-sc.doneServing: 6300 return http2errClientDisconnected 6301 case <-st.cw: 6302 return http2errStreamClosed 6303 case err := <-msg.done: 6304 http2errChanPool.Put(msg.done) 6305 return err 6306 } 6307 } 6308 6309 type http2startPushRequest struct { 6310 parent *http2stream 6311 method string 6312 url *url.URL 6313 header Header 6314 done chan error 6315 } 6316 6317 func (sc *http2serverConn) startPush(msg *http2startPushRequest) { 6318 sc.serveG.check() 6319 6320 // http://tools.ietf.org/html/rfc7540#section-6.6. 6321 // PUSH_PROMISE frames MUST only be sent on a peer-initiated stream that 6322 // is in either the "open" or "half-closed (remote)" state. 6323 if msg.parent.state != http2stateOpen && msg.parent.state != http2stateHalfClosedRemote { 6324 // responseWriter.Push checks that the stream is peer-initiaed. 6325 msg.done <- http2errStreamClosed 6326 return 6327 } 6328 6329 // http://tools.ietf.org/html/rfc7540#section-6.6. 6330 if !sc.pushEnabled { 6331 msg.done <- ErrNotSupported 6332 return 6333 } 6334 6335 // PUSH_PROMISE frames must be sent in increasing order by stream ID, so 6336 // we allocate an ID for the promised stream lazily, when the PUSH_PROMISE 6337 // is written. Once the ID is allocated, we start the request handler. 6338 allocatePromisedID := func() (uint32, error) { 6339 sc.serveG.check() 6340 6341 // Check this again, just in case. Technically, we might have received 6342 // an updated SETTINGS by the time we got around to writing this frame. 6343 if !sc.pushEnabled { 6344 return 0, ErrNotSupported 6345 } 6346 // http://tools.ietf.org/html/rfc7540#section-6.5.2. 6347 if sc.curPushedStreams+1 > sc.clientMaxStreams { 6348 return 0, http2ErrPushLimitReached 6349 } 6350 6351 // http://tools.ietf.org/html/rfc7540#section-5.1.1. 6352 // Streams initiated by the server MUST use even-numbered identifiers. 6353 // A server that is unable to establish a new stream identifier can send a GOAWAY 6354 // frame so that the client is forced to open a new connection for new streams. 6355 if sc.maxPushPromiseID+2 >= 1<<31 { 6356 sc.startGracefulShutdownInternal() 6357 return 0, http2ErrPushLimitReached 6358 } 6359 sc.maxPushPromiseID += 2 6360 promisedID := sc.maxPushPromiseID 6361 6362 // http://tools.ietf.org/html/rfc7540#section-8.2. 6363 // Strictly speaking, the new stream should start in "reserved (local)", then 6364 // transition to "half closed (remote)" after sending the initial HEADERS, but 6365 // we start in "half closed (remote)" for simplicity. 6366 // See further comments at the definition of stateHalfClosedRemote. 6367 promised := sc.newStream(promisedID, msg.parent.id, http2stateHalfClosedRemote) 6368 rw, req, err := sc.newWriterAndRequestNoBody(promised, http2requestParam{ 6369 method: msg.method, 6370 scheme: msg.url.Scheme, 6371 authority: msg.url.Host, 6372 path: msg.url.RequestURI(), 6373 header: http2cloneHeader(msg.header), // clone since handler runs concurrently with writing the PUSH_PROMISE 6374 }) 6375 if err != nil { 6376 // Should not happen, since we've already validated msg.url. 6377 panic(fmt.Sprintf("newWriterAndRequestNoBody(%+v): %v", msg.url, err)) 6378 } 6379 6380 go sc.runHandler(rw, req, sc.handler.ServeHTTP) 6381 return promisedID, nil 6382 } 6383 6384 sc.writeFrame(http2FrameWriteRequest{ 6385 write: &http2writePushPromise{ 6386 streamID: msg.parent.id, 6387 method: msg.method, 6388 url: msg.url, 6389 h: msg.header, 6390 allocatePromisedID: allocatePromisedID, 6391 }, 6392 stream: msg.parent, 6393 done: msg.done, 6394 }) 6395 } 6396 6397 // foreachHeaderElement splits v according to the "#rule" construction 6398 // in RFC 7230 section 7 and calls fn for each non-empty element. 6399 func http2foreachHeaderElement(v string, fn func(string)) { 6400 v = textproto.TrimString(v) 6401 if v == "" { 6402 return 6403 } 6404 if !strings.Contains(v, ",") { 6405 fn(v) 6406 return 6407 } 6408 for _, f := range strings.Split(v, ",") { 6409 if f = textproto.TrimString(f); f != "" { 6410 fn(f) 6411 } 6412 } 6413 } 6414 6415 // From http://httpwg.org/specs/rfc7540.html#rfc.section.8.1.2.2 6416 var http2connHeaders = []string{ 6417 "Connection", 6418 "Keep-Alive", 6419 "Proxy-Connection", 6420 "Transfer-Encoding", 6421 "Upgrade", 6422 } 6423 6424 // checkValidHTTP2RequestHeaders checks whether h is a valid HTTP/2 request, 6425 // per RFC 7540 Section 8.1.2.2. 6426 // The returned error is reported to users. 6427 func http2checkValidHTTP2RequestHeaders(h Header) error { 6428 for _, k := range http2connHeaders { 6429 if _, ok := h[k]; ok { 6430 return fmt.Errorf("request header %q is not valid in HTTP/2", k) 6431 } 6432 } 6433 te := h["Te"] 6434 if len(te) > 0 && (len(te) > 1 || (te[0] != "trailers" && te[0] != "")) { 6435 return errors.New(`request header "TE" may only be "trailers" in HTTP/2`) 6436 } 6437 return nil 6438 } 6439 6440 func http2new400Handler(err error) HandlerFunc { 6441 return func(w ResponseWriter, r *Request) { 6442 Error(w, err.Error(), StatusBadRequest) 6443 } 6444 } 6445 6446 // h1ServerKeepAlivesDisabled reports whether hs has its keep-alives 6447 // disabled. See comments on h1ServerShutdownChan above for why 6448 // the code is written this way. 6449 func http2h1ServerKeepAlivesDisabled(hs *Server) bool { 6450 var x interface{} = hs 6451 type I interface { 6452 doKeepAlives() bool 6453 } 6454 if hs, ok := x.(I); ok { 6455 return !hs.doKeepAlives() 6456 } 6457 return false 6458 } 6459 6460 const ( 6461 // transportDefaultConnFlow is how many connection-level flow control 6462 // tokens we give the server at start-up, past the default 64k. 6463 http2transportDefaultConnFlow = 1 << 30 6464 6465 // transportDefaultStreamFlow is how many stream-level flow 6466 // control tokens we announce to the peer, and how many bytes 6467 // we buffer per stream. 6468 http2transportDefaultStreamFlow = 4 << 20 6469 6470 // transportDefaultStreamMinRefresh is the minimum number of bytes we'll send 6471 // a stream-level WINDOW_UPDATE for at a time. 6472 http2transportDefaultStreamMinRefresh = 4 << 10 6473 6474 http2defaultUserAgent = "Go-http-client/2.0" 6475 ) 6476 6477 // Transport is an HTTP/2 Transport. 6478 // 6479 // A Transport internally caches connections to servers. It is safe 6480 // for concurrent use by multiple goroutines. 6481 type http2Transport struct { 6482 // DialTLS specifies an optional dial function for creating 6483 // TLS connections for requests. 6484 // 6485 // If DialTLS is nil, tls.Dial is used. 6486 // 6487 // If the returned net.Conn has a ConnectionState method like tls.Conn, 6488 // it will be used to set http.Response.TLS. 6489 DialTLS func(network, addr string, cfg *tls.Config) (net.Conn, error) 6490 6491 // TLSClientConfig specifies the TLS configuration to use with 6492 // tls.Client. If nil, the default configuration is used. 6493 TLSClientConfig *tls.Config 6494 6495 // ConnPool optionally specifies an alternate connection pool to use. 6496 // If nil, the default is used. 6497 ConnPool http2ClientConnPool 6498 6499 // DisableCompression, if true, prevents the Transport from 6500 // requesting compression with an "Accept-Encoding: gzip" 6501 // request header when the Request contains no existing 6502 // Accept-Encoding value. If the Transport requests gzip on 6503 // its own and gets a gzipped response, it's transparently 6504 // decoded in the Response.Body. However, if the user 6505 // explicitly requested gzip it is not automatically 6506 // uncompressed. 6507 DisableCompression bool 6508 6509 // AllowHTTP, if true, permits HTTP/2 requests using the insecure, 6510 // plain-text "http" scheme. Note that this does not enable h2c support. 6511 AllowHTTP bool 6512 6513 // MaxHeaderListSize is the http2 SETTINGS_MAX_HEADER_LIST_SIZE to 6514 // send in the initial settings frame. It is how many bytes 6515 // of response headers are allowed. Unlike the http2 spec, zero here 6516 // means to use a default limit (currently 10MB). If you actually 6517 // want to advertise an ulimited value to the peer, Transport 6518 // interprets the highest possible value here (0xffffffff or 1<<32-1) 6519 // to mean no limit. 6520 MaxHeaderListSize uint32 6521 6522 // StrictMaxConcurrentStreams controls whether the server's 6523 // SETTINGS_MAX_CONCURRENT_STREAMS should be respected 6524 // globally. If false, new TCP connections are created to the 6525 // server as needed to keep each under the per-connection 6526 // SETTINGS_MAX_CONCURRENT_STREAMS limit. If true, the 6527 // server's SETTINGS_MAX_CONCURRENT_STREAMS is interpreted as 6528 // a global limit and callers of RoundTrip block when needed, 6529 // waiting for their turn. 6530 StrictMaxConcurrentStreams bool 6531 6532 // t1, if non-nil, is the standard library Transport using 6533 // this transport. Its settings are used (but not its 6534 // RoundTrip method, etc). 6535 t1 *Transport 6536 6537 connPoolOnce sync.Once 6538 connPoolOrDef http2ClientConnPool // non-nil version of ConnPool 6539 } 6540 6541 func (t *http2Transport) maxHeaderListSize() uint32 { 6542 if t.MaxHeaderListSize == 0 { 6543 return 10 << 20 6544 } 6545 if t.MaxHeaderListSize == 0xffffffff { 6546 return 0 6547 } 6548 return t.MaxHeaderListSize 6549 } 6550 6551 func (t *http2Transport) disableCompression() bool { 6552 return t.DisableCompression || (t.t1 != nil && t.t1.DisableCompression) 6553 } 6554 6555 // ConfigureTransport configures a net/http HTTP/1 Transport to use HTTP/2. 6556 // It returns an error if t1 has already been HTTP/2-enabled. 6557 func http2ConfigureTransport(t1 *Transport) error { 6558 _, err := http2configureTransport(t1) 6559 return err 6560 } 6561 6562 func http2configureTransport(t1 *Transport) (*http2Transport, error) { 6563 connPool := new(http2clientConnPool) 6564 t2 := &http2Transport{ 6565 ConnPool: http2noDialClientConnPool{connPool}, 6566 t1: t1, 6567 } 6568 connPool.t = t2 6569 if err := http2registerHTTPSProtocol(t1, http2noDialH2RoundTripper{t2}); err != nil { 6570 return nil, err 6571 } 6572 if t1.TLSClientConfig == nil { 6573 t1.TLSClientConfig = new(tls.Config) 6574 } 6575 if !http2strSliceContains(t1.TLSClientConfig.NextProtos, "h2") { 6576 t1.TLSClientConfig.NextProtos = append([]string{"h2"}, t1.TLSClientConfig.NextProtos...) 6577 } 6578 if !http2strSliceContains(t1.TLSClientConfig.NextProtos, "http/1.1") { 6579 t1.TLSClientConfig.NextProtos = append(t1.TLSClientConfig.NextProtos, "http/1.1") 6580 } 6581 upgradeFn := func(authority string, c *tls.Conn) RoundTripper { 6582 addr := http2authorityAddr("https", authority) 6583 if used, err := connPool.addConnIfNeeded(addr, t2, c); err != nil { 6584 go c.Close() 6585 return http2erringRoundTripper{err} 6586 } else if !used { 6587 // Turns out we don't need this c. 6588 // For example, two goroutines made requests to the same host 6589 // at the same time, both kicking off TCP dials. (since protocol 6590 // was unknown) 6591 go c.Close() 6592 } 6593 return t2 6594 } 6595 if m := t1.TLSNextProto; len(m) == 0 { 6596 t1.TLSNextProto = map[string]func(string, *tls.Conn) RoundTripper{ 6597 "h2": upgradeFn, 6598 } 6599 } else { 6600 m["h2"] = upgradeFn 6601 } 6602 return t2, nil 6603 } 6604 6605 func (t *http2Transport) connPool() http2ClientConnPool { 6606 t.connPoolOnce.Do(t.initConnPool) 6607 return t.connPoolOrDef 6608 } 6609 6610 func (t *http2Transport) initConnPool() { 6611 if t.ConnPool != nil { 6612 t.connPoolOrDef = t.ConnPool 6613 } else { 6614 t.connPoolOrDef = &http2clientConnPool{t: t} 6615 } 6616 } 6617 6618 // ClientConn is the state of a single HTTP/2 client connection to an 6619 // HTTP/2 server. 6620 type http2ClientConn struct { 6621 t *http2Transport 6622 tconn net.Conn // usually *tls.Conn, except specialized impls 6623 tlsState *tls.ConnectionState // nil only for specialized impls 6624 singleUse bool // whether being used for a single http.Request 6625 6626 // readLoop goroutine fields: 6627 readerDone chan struct{} // closed on error 6628 readerErr error // set before readerDone is closed 6629 6630 idleTimeout time.Duration // or 0 for never 6631 idleTimer *time.Timer 6632 6633 mu sync.Mutex // guards following 6634 cond *sync.Cond // hold mu; broadcast on flow/closed changes 6635 flow http2flow // our conn-level flow control quota (cs.flow is per stream) 6636 inflow http2flow // peer's conn-level flow control 6637 closing bool 6638 closed bool 6639 wantSettingsAck bool // we sent a SETTINGS frame and haven't heard back 6640 goAway *http2GoAwayFrame // if non-nil, the GoAwayFrame we received 6641 goAwayDebug string // goAway frame's debug data, retained as a string 6642 streams map[uint32]*http2clientStream // client-initiated 6643 nextStreamID uint32 6644 pendingRequests int // requests blocked and waiting to be sent because len(streams) == maxConcurrentStreams 6645 pings map[[8]byte]chan struct{} // in flight ping data to notification channel 6646 bw *bufio.Writer 6647 br *bufio.Reader 6648 fr *http2Framer 6649 lastActive time.Time 6650 // Settings from peer: (also guarded by mu) 6651 maxFrameSize uint32 6652 maxConcurrentStreams uint32 6653 peerMaxHeaderListSize uint64 6654 initialWindowSize uint32 6655 6656 hbuf bytes.Buffer // HPACK encoder writes into this 6657 henc *hpack.Encoder 6658 freeBuf [][]byte 6659 6660 wmu sync.Mutex // held while writing; acquire AFTER mu if holding both 6661 werr error // first write error that has occurred 6662 } 6663 6664 // clientStream is the state for a single HTTP/2 stream. One of these 6665 // is created for each Transport.RoundTrip call. 6666 type http2clientStream struct { 6667 cc *http2ClientConn 6668 req *Request 6669 trace *httptrace.ClientTrace // or nil 6670 ID uint32 6671 resc chan http2resAndError 6672 bufPipe http2pipe // buffered pipe with the flow-controlled response payload 6673 startedWrite bool // started request body write; guarded by cc.mu 6674 requestedGzip bool 6675 on100 func() // optional code to run if get a 100 continue response 6676 6677 flow http2flow // guarded by cc.mu 6678 inflow http2flow // guarded by cc.mu 6679 bytesRemain int64 // -1 means unknown; owned by transportResponseBody.Read 6680 readErr error // sticky read error; owned by transportResponseBody.Read 6681 stopReqBody error // if non-nil, stop writing req body; guarded by cc.mu 6682 didReset bool // whether we sent a RST_STREAM to the server; guarded by cc.mu 6683 6684 peerReset chan struct{} // closed on peer reset 6685 resetErr error // populated before peerReset is closed 6686 6687 done chan struct{} // closed when stream remove from cc.streams map; close calls guarded by cc.mu 6688 6689 // owned by clientConnReadLoop: 6690 firstByte bool // got the first response byte 6691 pastHeaders bool // got first MetaHeadersFrame (actual headers) 6692 pastTrailers bool // got optional second MetaHeadersFrame (trailers) 6693 num1xx uint8 // number of 1xx responses seen 6694 6695 trailer Header // accumulated trailers 6696 resTrailer *Header // client's Response.Trailer 6697 } 6698 6699 // awaitRequestCancel waits for the user to cancel a request or for the done 6700 // channel to be signaled. A non-nil error is returned only if the request was 6701 // canceled. 6702 func http2awaitRequestCancel(req *Request, done <-chan struct{}) error { 6703 ctx := req.Context() 6704 if req.Cancel == nil && ctx.Done() == nil { 6705 return nil 6706 } 6707 select { 6708 case <-req.Cancel: 6709 return http2errRequestCanceled 6710 case <-ctx.Done(): 6711 return ctx.Err() 6712 case <-done: 6713 return nil 6714 } 6715 } 6716 6717 var http2got1xxFuncForTests func(int, textproto.MIMEHeader) error 6718 6719 // get1xxTraceFunc returns the value of request's httptrace.ClientTrace.Got1xxResponse func, 6720 // if any. It returns nil if not set or if the Go version is too old. 6721 func (cs *http2clientStream) get1xxTraceFunc() func(int, textproto.MIMEHeader) error { 6722 if fn := http2got1xxFuncForTests; fn != nil { 6723 return fn 6724 } 6725 return http2traceGot1xxResponseFunc(cs.trace) 6726 } 6727 6728 // awaitRequestCancel waits for the user to cancel a request, its context to 6729 // expire, or for the request to be done (any way it might be removed from the 6730 // cc.streams map: peer reset, successful completion, TCP connection breakage, 6731 // etc). If the request is canceled, then cs will be canceled and closed. 6732 func (cs *http2clientStream) awaitRequestCancel(req *Request) { 6733 if err := http2awaitRequestCancel(req, cs.done); err != nil { 6734 cs.cancelStream() 6735 cs.bufPipe.CloseWithError(err) 6736 } 6737 } 6738 6739 func (cs *http2clientStream) cancelStream() { 6740 cc := cs.cc 6741 cc.mu.Lock() 6742 didReset := cs.didReset 6743 cs.didReset = true 6744 cc.mu.Unlock() 6745 6746 if !didReset { 6747 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 6748 cc.forgetStreamID(cs.ID) 6749 } 6750 } 6751 6752 // checkResetOrDone reports any error sent in a RST_STREAM frame by the 6753 // server, or errStreamClosed if the stream is complete. 6754 func (cs *http2clientStream) checkResetOrDone() error { 6755 select { 6756 case <-cs.peerReset: 6757 return cs.resetErr 6758 case <-cs.done: 6759 return http2errStreamClosed 6760 default: 6761 return nil 6762 } 6763 } 6764 6765 func (cs *http2clientStream) getStartedWrite() bool { 6766 cc := cs.cc 6767 cc.mu.Lock() 6768 defer cc.mu.Unlock() 6769 return cs.startedWrite 6770 } 6771 6772 func (cs *http2clientStream) abortRequestBodyWrite(err error) { 6773 if err == nil { 6774 panic("nil error") 6775 } 6776 cc := cs.cc 6777 cc.mu.Lock() 6778 cs.stopReqBody = err 6779 cc.cond.Broadcast() 6780 cc.mu.Unlock() 6781 } 6782 6783 type http2stickyErrWriter struct { 6784 w io.Writer 6785 err *error 6786 } 6787 6788 func (sew http2stickyErrWriter) Write(p []byte) (n int, err error) { 6789 if *sew.err != nil { 6790 return 0, *sew.err 6791 } 6792 n, err = sew.w.Write(p) 6793 *sew.err = err 6794 return 6795 } 6796 6797 // noCachedConnError is the concrete type of ErrNoCachedConn, which 6798 // needs to be detected by net/http regardless of whether it's its 6799 // bundled version (in h2_bundle.go with a rewritten type name) or 6800 // from a user's x/net/http2. As such, as it has a unique method name 6801 // (IsHTTP2NoCachedConnError) that net/http sniffs for via func 6802 // isNoCachedConnError. 6803 type http2noCachedConnError struct{} 6804 6805 func (http2noCachedConnError) IsHTTP2NoCachedConnError() {} 6806 6807 func (http2noCachedConnError) Error() string { return "http2: no cached connection was available" } 6808 6809 // isNoCachedConnError reports whether err is of type noCachedConnError 6810 // or its equivalent renamed type in net/http2's h2_bundle.go. Both types 6811 // may coexist in the same running program. 6812 func http2isNoCachedConnError(err error) bool { 6813 _, ok := err.(interface{ IsHTTP2NoCachedConnError() }) 6814 return ok 6815 } 6816 6817 var http2ErrNoCachedConn error = http2noCachedConnError{} 6818 6819 // RoundTripOpt are options for the Transport.RoundTripOpt method. 6820 type http2RoundTripOpt struct { 6821 // OnlyCachedConn controls whether RoundTripOpt may 6822 // create a new TCP connection. If set true and 6823 // no cached connection is available, RoundTripOpt 6824 // will return ErrNoCachedConn. 6825 OnlyCachedConn bool 6826 } 6827 6828 func (t *http2Transport) RoundTrip(req *Request) (*Response, error) { 6829 return t.RoundTripOpt(req, http2RoundTripOpt{}) 6830 } 6831 6832 // authorityAddr returns a given authority (a host/IP, or host:port / ip:port) 6833 // and returns a host:port. The port 443 is added if needed. 6834 func http2authorityAddr(scheme string, authority string) (addr string) { 6835 host, port, err := net.SplitHostPort(authority) 6836 if err != nil { // authority didn't have a port 6837 port = "443" 6838 if scheme == "http" { 6839 port = "80" 6840 } 6841 host = authority 6842 } 6843 if a, err := idna.ToASCII(host); err == nil { 6844 host = a 6845 } 6846 // IPv6 address literal, without a port: 6847 if strings.HasPrefix(host, "[") && strings.HasSuffix(host, "]") { 6848 return host + ":" + port 6849 } 6850 return net.JoinHostPort(host, port) 6851 } 6852 6853 // RoundTripOpt is like RoundTrip, but takes options. 6854 func (t *http2Transport) RoundTripOpt(req *Request, opt http2RoundTripOpt) (*Response, error) { 6855 if !(req.URL.Scheme == "https" || (req.URL.Scheme == "http" && t.AllowHTTP)) { 6856 return nil, errors.New("http2: unsupported scheme") 6857 } 6858 6859 addr := http2authorityAddr(req.URL.Scheme, req.URL.Host) 6860 for retry := 0; ; retry++ { 6861 cc, err := t.connPool().GetClientConn(req, addr) 6862 if err != nil { 6863 t.vlogf("http2: Transport failed to get client conn for %s: %v", addr, err) 6864 return nil, err 6865 } 6866 http2traceGotConn(req, cc) 6867 res, gotErrAfterReqBodyWrite, err := cc.roundTrip(req) 6868 if err != nil && retry <= 6 { 6869 if req, err = http2shouldRetryRequest(req, err, gotErrAfterReqBodyWrite); err == nil { 6870 // After the first retry, do exponential backoff with 10% jitter. 6871 if retry == 0 { 6872 continue 6873 } 6874 backoff := float64(uint(1) << (uint(retry) - 1)) 6875 backoff += backoff * (0.1 * mathrand.Float64()) 6876 select { 6877 case <-time.After(time.Second * time.Duration(backoff)): 6878 continue 6879 case <-req.Context().Done(): 6880 return nil, req.Context().Err() 6881 } 6882 } 6883 } 6884 if err != nil { 6885 t.vlogf("RoundTrip failure: %v", err) 6886 return nil, err 6887 } 6888 return res, nil 6889 } 6890 } 6891 6892 // CloseIdleConnections closes any connections which were previously 6893 // connected from previous requests but are now sitting idle. 6894 // It does not interrupt any connections currently in use. 6895 func (t *http2Transport) CloseIdleConnections() { 6896 if cp, ok := t.connPool().(http2clientConnPoolIdleCloser); ok { 6897 cp.closeIdleConnections() 6898 } 6899 } 6900 6901 var ( 6902 http2errClientConnClosed = errors.New("http2: client conn is closed") 6903 http2errClientConnUnusable = errors.New("http2: client conn not usable") 6904 http2errClientConnGotGoAway = errors.New("http2: Transport received Server's graceful shutdown GOAWAY") 6905 ) 6906 6907 // shouldRetryRequest is called by RoundTrip when a request fails to get 6908 // response headers. It is always called with a non-nil error. 6909 // It returns either a request to retry (either the same request, or a 6910 // modified clone), or an error if the request can't be replayed. 6911 func http2shouldRetryRequest(req *Request, err error, afterBodyWrite bool) (*Request, error) { 6912 if !http2canRetryError(err) { 6913 return nil, err 6914 } 6915 // If the Body is nil (or http.NoBody), it's safe to reuse 6916 // this request and its Body. 6917 if req.Body == nil || req.Body == NoBody { 6918 return req, nil 6919 } 6920 6921 // If the request body can be reset back to its original 6922 // state via the optional req.GetBody, do that. 6923 if req.GetBody != nil { 6924 // TODO: consider a req.Body.Close here? or audit that all caller paths do? 6925 body, err := req.GetBody() 6926 if err != nil { 6927 return nil, err 6928 } 6929 newReq := *req 6930 newReq.Body = body 6931 return &newReq, nil 6932 } 6933 6934 // The Request.Body can't reset back to the beginning, but we 6935 // don't seem to have started to read from it yet, so reuse 6936 // the request directly. The "afterBodyWrite" means the 6937 // bodyWrite process has started, which becomes true before 6938 // the first Read. 6939 if !afterBodyWrite { 6940 return req, nil 6941 } 6942 6943 return nil, fmt.Errorf("http2: Transport: cannot retry err [%v] after Request.Body was written; define Request.GetBody to avoid this error", err) 6944 } 6945 6946 func http2canRetryError(err error) bool { 6947 if err == http2errClientConnUnusable || err == http2errClientConnGotGoAway { 6948 return true 6949 } 6950 if se, ok := err.(http2StreamError); ok { 6951 return se.Code == http2ErrCodeRefusedStream 6952 } 6953 return false 6954 } 6955 6956 func (t *http2Transport) dialClientConn(addr string, singleUse bool) (*http2ClientConn, error) { 6957 host, _, err := net.SplitHostPort(addr) 6958 if err != nil { 6959 return nil, err 6960 } 6961 tconn, err := t.dialTLS()("tcp", addr, t.newTLSConfig(host)) 6962 if err != nil { 6963 return nil, err 6964 } 6965 return t.newClientConn(tconn, singleUse) 6966 } 6967 6968 func (t *http2Transport) newTLSConfig(host string) *tls.Config { 6969 cfg := new(tls.Config) 6970 if t.TLSClientConfig != nil { 6971 *cfg = *t.TLSClientConfig.Clone() 6972 } 6973 if !http2strSliceContains(cfg.NextProtos, http2NextProtoTLS) { 6974 cfg.NextProtos = append([]string{http2NextProtoTLS}, cfg.NextProtos...) 6975 } 6976 if cfg.ServerName == "" { 6977 cfg.ServerName = host 6978 } 6979 return cfg 6980 } 6981 6982 func (t *http2Transport) dialTLS() func(string, string, *tls.Config) (net.Conn, error) { 6983 if t.DialTLS != nil { 6984 return t.DialTLS 6985 } 6986 return t.dialTLSDefault 6987 } 6988 6989 func (t *http2Transport) dialTLSDefault(network, addr string, cfg *tls.Config) (net.Conn, error) { 6990 cn, err := tls.Dial(network, addr, cfg) 6991 if err != nil { 6992 return nil, err 6993 } 6994 if err := cn.Handshake(); err != nil { 6995 return nil, err 6996 } 6997 if !cfg.InsecureSkipVerify { 6998 if err := cn.VerifyHostname(cfg.ServerName); err != nil { 6999 return nil, err 7000 } 7001 } 7002 state := cn.ConnectionState() 7003 if p := state.NegotiatedProtocol; p != http2NextProtoTLS { 7004 return nil, fmt.Errorf("http2: unexpected ALPN protocol %q; want %q", p, http2NextProtoTLS) 7005 } 7006 if !state.NegotiatedProtocolIsMutual { 7007 return nil, errors.New("http2: could not negotiate protocol mutually") 7008 } 7009 return cn, nil 7010 } 7011 7012 // disableKeepAlives reports whether connections should be closed as 7013 // soon as possible after handling the first request. 7014 func (t *http2Transport) disableKeepAlives() bool { 7015 return t.t1 != nil && t.t1.DisableKeepAlives 7016 } 7017 7018 func (t *http2Transport) expectContinueTimeout() time.Duration { 7019 if t.t1 == nil { 7020 return 0 7021 } 7022 return t.t1.ExpectContinueTimeout 7023 } 7024 7025 func (t *http2Transport) NewClientConn(c net.Conn) (*http2ClientConn, error) { 7026 return t.newClientConn(c, false) 7027 } 7028 7029 func (t *http2Transport) newClientConn(c net.Conn, singleUse bool) (*http2ClientConn, error) { 7030 cc := &http2ClientConn{ 7031 t: t, 7032 tconn: c, 7033 readerDone: make(chan struct{}), 7034 nextStreamID: 1, 7035 maxFrameSize: 16 << 10, // spec default 7036 initialWindowSize: 65535, // spec default 7037 maxConcurrentStreams: 1000, // "infinite", per spec. 1000 seems good enough. 7038 peerMaxHeaderListSize: 0xffffffffffffffff, // "infinite", per spec. Use 2^64-1 instead. 7039 streams: make(map[uint32]*http2clientStream), 7040 singleUse: singleUse, 7041 wantSettingsAck: true, 7042 pings: make(map[[8]byte]chan struct{}), 7043 } 7044 if d := t.idleConnTimeout(); d != 0 { 7045 cc.idleTimeout = d 7046 cc.idleTimer = time.AfterFunc(d, cc.onIdleTimeout) 7047 } 7048 if http2VerboseLogs { 7049 t.vlogf("http2: Transport creating client conn %p to %v", cc, c.RemoteAddr()) 7050 } 7051 7052 cc.cond = sync.NewCond(&cc.mu) 7053 cc.flow.add(int32(http2initialWindowSize)) 7054 7055 // TODO: adjust this writer size to account for frame size + 7056 // MTU + crypto/tls record padding. 7057 cc.bw = bufio.NewWriter(http2stickyErrWriter{c, &cc.werr}) 7058 cc.br = bufio.NewReader(c) 7059 cc.fr = http2NewFramer(cc.bw, cc.br) 7060 cc.fr.ReadMetaHeaders = hpack.NewDecoder(http2initialHeaderTableSize, nil) 7061 cc.fr.MaxHeaderListSize = t.maxHeaderListSize() 7062 7063 // TODO: SetMaxDynamicTableSize, SetMaxDynamicTableSizeLimit on 7064 // henc in response to SETTINGS frames? 7065 cc.henc = hpack.NewEncoder(&cc.hbuf) 7066 7067 if t.AllowHTTP { 7068 cc.nextStreamID = 3 7069 } 7070 7071 if cs, ok := c.(http2connectionStater); ok { 7072 state := cs.ConnectionState() 7073 cc.tlsState = &state 7074 } 7075 7076 initialSettings := []http2Setting{ 7077 {ID: http2SettingEnablePush, Val: 0}, 7078 {ID: http2SettingInitialWindowSize, Val: http2transportDefaultStreamFlow}, 7079 } 7080 if max := t.maxHeaderListSize(); max != 0 { 7081 initialSettings = append(initialSettings, http2Setting{ID: http2SettingMaxHeaderListSize, Val: max}) 7082 } 7083 7084 cc.bw.Write(http2clientPreface) 7085 cc.fr.WriteSettings(initialSettings...) 7086 cc.fr.WriteWindowUpdate(0, http2transportDefaultConnFlow) 7087 cc.inflow.add(http2transportDefaultConnFlow + http2initialWindowSize) 7088 cc.bw.Flush() 7089 if cc.werr != nil { 7090 return nil, cc.werr 7091 } 7092 7093 go cc.readLoop() 7094 return cc, nil 7095 } 7096 7097 func (cc *http2ClientConn) setGoAway(f *http2GoAwayFrame) { 7098 cc.mu.Lock() 7099 defer cc.mu.Unlock() 7100 7101 old := cc.goAway 7102 cc.goAway = f 7103 7104 // Merge the previous and current GoAway error frames. 7105 if cc.goAwayDebug == "" { 7106 cc.goAwayDebug = string(f.DebugData()) 7107 } 7108 if old != nil && old.ErrCode != http2ErrCodeNo { 7109 cc.goAway.ErrCode = old.ErrCode 7110 } 7111 last := f.LastStreamID 7112 for streamID, cs := range cc.streams { 7113 if streamID > last { 7114 select { 7115 case cs.resc <- http2resAndError{err: http2errClientConnGotGoAway}: 7116 default: 7117 } 7118 } 7119 } 7120 } 7121 7122 // CanTakeNewRequest reports whether the connection can take a new request, 7123 // meaning it has not been closed or received or sent a GOAWAY. 7124 func (cc *http2ClientConn) CanTakeNewRequest() bool { 7125 cc.mu.Lock() 7126 defer cc.mu.Unlock() 7127 return cc.canTakeNewRequestLocked() 7128 } 7129 7130 // clientConnIdleState describes the suitability of a client 7131 // connection to initiate a new RoundTrip request. 7132 type http2clientConnIdleState struct { 7133 canTakeNewRequest bool 7134 freshConn bool // whether it's unused by any previous request 7135 } 7136 7137 func (cc *http2ClientConn) idleState() http2clientConnIdleState { 7138 cc.mu.Lock() 7139 defer cc.mu.Unlock() 7140 return cc.idleStateLocked() 7141 } 7142 7143 func (cc *http2ClientConn) idleStateLocked() (st http2clientConnIdleState) { 7144 if cc.singleUse && cc.nextStreamID > 1 { 7145 return 7146 } 7147 var maxConcurrentOkay bool 7148 if cc.t.StrictMaxConcurrentStreams { 7149 // We'll tell the caller we can take a new request to 7150 // prevent the caller from dialing a new TCP 7151 // connection, but then we'll block later before 7152 // writing it. 7153 maxConcurrentOkay = true 7154 } else { 7155 maxConcurrentOkay = int64(len(cc.streams)+1) < int64(cc.maxConcurrentStreams) 7156 } 7157 7158 st.canTakeNewRequest = cc.goAway == nil && !cc.closed && !cc.closing && maxConcurrentOkay && 7159 int64(cc.nextStreamID)+2*int64(cc.pendingRequests) < math.MaxInt32 7160 st.freshConn = cc.nextStreamID == 1 && st.canTakeNewRequest 7161 return 7162 } 7163 7164 func (cc *http2ClientConn) canTakeNewRequestLocked() bool { 7165 st := cc.idleStateLocked() 7166 return st.canTakeNewRequest 7167 } 7168 7169 // onIdleTimeout is called from a time.AfterFunc goroutine. It will 7170 // only be called when we're idle, but because we're coming from a new 7171 // goroutine, there could be a new request coming in at the same time, 7172 // so this simply calls the synchronized closeIfIdle to shut down this 7173 // connection. The timer could just call closeIfIdle, but this is more 7174 // clear. 7175 func (cc *http2ClientConn) onIdleTimeout() { 7176 cc.closeIfIdle() 7177 } 7178 7179 func (cc *http2ClientConn) closeIfIdle() { 7180 cc.mu.Lock() 7181 if len(cc.streams) > 0 { 7182 cc.mu.Unlock() 7183 return 7184 } 7185 cc.closed = true 7186 nextID := cc.nextStreamID 7187 // TODO: do clients send GOAWAY too? maybe? Just Close: 7188 cc.mu.Unlock() 7189 7190 if http2VerboseLogs { 7191 cc.vlogf("http2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)", cc, cc.singleUse, nextID-2) 7192 } 7193 cc.tconn.Close() 7194 } 7195 7196 var http2shutdownEnterWaitStateHook = func() {} 7197 7198 // Shutdown gracefully close the client connection, waiting for running streams to complete. 7199 func (cc *http2ClientConn) Shutdown(ctx context.Context) error { 7200 if err := cc.sendGoAway(); err != nil { 7201 return err 7202 } 7203 // Wait for all in-flight streams to complete or connection to close 7204 done := make(chan error, 1) 7205 cancelled := false // guarded by cc.mu 7206 go func() { 7207 cc.mu.Lock() 7208 defer cc.mu.Unlock() 7209 for { 7210 if len(cc.streams) == 0 || cc.closed { 7211 cc.closed = true 7212 done <- cc.tconn.Close() 7213 break 7214 } 7215 if cancelled { 7216 break 7217 } 7218 cc.cond.Wait() 7219 } 7220 }() 7221 http2shutdownEnterWaitStateHook() 7222 select { 7223 case err := <-done: 7224 return err 7225 case <-ctx.Done(): 7226 cc.mu.Lock() 7227 // Free the goroutine above 7228 cancelled = true 7229 cc.cond.Broadcast() 7230 cc.mu.Unlock() 7231 return ctx.Err() 7232 } 7233 } 7234 7235 func (cc *http2ClientConn) sendGoAway() error { 7236 cc.mu.Lock() 7237 defer cc.mu.Unlock() 7238 cc.wmu.Lock() 7239 defer cc.wmu.Unlock() 7240 if cc.closing { 7241 // GOAWAY sent already 7242 return nil 7243 } 7244 // Send a graceful shutdown frame to server 7245 maxStreamID := cc.nextStreamID 7246 if err := cc.fr.WriteGoAway(maxStreamID, http2ErrCodeNo, nil); err != nil { 7247 return err 7248 } 7249 if err := cc.bw.Flush(); err != nil { 7250 return err 7251 } 7252 // Prevent new requests 7253 cc.closing = true 7254 return nil 7255 } 7256 7257 // Close closes the client connection immediately. 7258 // 7259 // In-flight requests are interrupted. For a graceful shutdown, use Shutdown instead. 7260 func (cc *http2ClientConn) Close() error { 7261 cc.mu.Lock() 7262 defer cc.cond.Broadcast() 7263 defer cc.mu.Unlock() 7264 err := errors.New("http2: client connection force closed via ClientConn.Close") 7265 for id, cs := range cc.streams { 7266 select { 7267 case cs.resc <- http2resAndError{err: err}: 7268 default: 7269 } 7270 cs.bufPipe.CloseWithError(err) 7271 delete(cc.streams, id) 7272 } 7273 cc.closed = true 7274 return cc.tconn.Close() 7275 } 7276 7277 const http2maxAllocFrameSize = 512 << 10 7278 7279 // frameBuffer returns a scratch buffer suitable for writing DATA frames. 7280 // They're capped at the min of the peer's max frame size or 512KB 7281 // (kinda arbitrarily), but definitely capped so we don't allocate 4GB 7282 // bufers. 7283 func (cc *http2ClientConn) frameScratchBuffer() []byte { 7284 cc.mu.Lock() 7285 size := cc.maxFrameSize 7286 if size > http2maxAllocFrameSize { 7287 size = http2maxAllocFrameSize 7288 } 7289 for i, buf := range cc.freeBuf { 7290 if len(buf) >= int(size) { 7291 cc.freeBuf[i] = nil 7292 cc.mu.Unlock() 7293 return buf[:size] 7294 } 7295 } 7296 cc.mu.Unlock() 7297 return make([]byte, size) 7298 } 7299 7300 func (cc *http2ClientConn) putFrameScratchBuffer(buf []byte) { 7301 cc.mu.Lock() 7302 defer cc.mu.Unlock() 7303 const maxBufs = 4 // arbitrary; 4 concurrent requests per conn? investigate. 7304 if len(cc.freeBuf) < maxBufs { 7305 cc.freeBuf = append(cc.freeBuf, buf) 7306 return 7307 } 7308 for i, old := range cc.freeBuf { 7309 if old == nil { 7310 cc.freeBuf[i] = buf 7311 return 7312 } 7313 } 7314 // forget about it. 7315 } 7316 7317 // errRequestCanceled is a copy of net/http's errRequestCanceled because it's not 7318 // exported. At least they'll be DeepEqual for h1-vs-h2 comparisons tests. 7319 var http2errRequestCanceled = errors.New("net/http: request canceled") 7320 7321 func http2commaSeparatedTrailers(req *Request) (string, error) { 7322 keys := make([]string, 0, len(req.Trailer)) 7323 for k := range req.Trailer { 7324 k = CanonicalHeaderKey(k) 7325 switch k { 7326 case "Transfer-Encoding", "Trailer", "Content-Length": 7327 return "", &http2badStringError{"invalid Trailer key", k} 7328 } 7329 keys = append(keys, k) 7330 } 7331 if len(keys) > 0 { 7332 sort.Strings(keys) 7333 return strings.Join(keys, ","), nil 7334 } 7335 return "", nil 7336 } 7337 7338 func (cc *http2ClientConn) responseHeaderTimeout() time.Duration { 7339 if cc.t.t1 != nil { 7340 return cc.t.t1.ResponseHeaderTimeout 7341 } 7342 // No way to do this (yet?) with just an http2.Transport. Probably 7343 // no need. Request.Cancel this is the new way. We only need to support 7344 // this for compatibility with the old http.Transport fields when 7345 // we're doing transparent http2. 7346 return 0 7347 } 7348 7349 // checkConnHeaders checks whether req has any invalid connection-level headers. 7350 // per RFC 7540 section 8.1.2.2: Connection-Specific Header Fields. 7351 // Certain headers are special-cased as okay but not transmitted later. 7352 func http2checkConnHeaders(req *Request) error { 7353 if v := req.Header.Get("Upgrade"); v != "" { 7354 return fmt.Errorf("http2: invalid Upgrade request header: %q", req.Header["Upgrade"]) 7355 } 7356 if vv := req.Header["Transfer-Encoding"]; len(vv) > 0 && (len(vv) > 1 || vv[0] != "" && vv[0] != "chunked") { 7357 return fmt.Errorf("http2: invalid Transfer-Encoding request header: %q", vv) 7358 } 7359 if vv := req.Header["Connection"]; len(vv) > 0 && (len(vv) > 1 || vv[0] != "" && !strings.EqualFold(vv[0], "close") && !strings.EqualFold(vv[0], "keep-alive")) { 7360 return fmt.Errorf("http2: invalid Connection request header: %q", vv) 7361 } 7362 return nil 7363 } 7364 7365 // actualContentLength returns a sanitized version of 7366 // req.ContentLength, where 0 actually means zero (not unknown) and -1 7367 // means unknown. 7368 func http2actualContentLength(req *Request) int64 { 7369 if req.Body == nil || req.Body == NoBody { 7370 return 0 7371 } 7372 if req.ContentLength != 0 { 7373 return req.ContentLength 7374 } 7375 return -1 7376 } 7377 7378 func (cc *http2ClientConn) RoundTrip(req *Request) (*Response, error) { 7379 resp, _, err := cc.roundTrip(req) 7380 return resp, err 7381 } 7382 7383 func (cc *http2ClientConn) roundTrip(req *Request) (res *Response, gotErrAfterReqBodyWrite bool, err error) { 7384 if err := http2checkConnHeaders(req); err != nil { 7385 return nil, false, err 7386 } 7387 if cc.idleTimer != nil { 7388 cc.idleTimer.Stop() 7389 } 7390 7391 trailers, err := http2commaSeparatedTrailers(req) 7392 if err != nil { 7393 return nil, false, err 7394 } 7395 hasTrailers := trailers != "" 7396 7397 cc.mu.Lock() 7398 if err := cc.awaitOpenSlotForRequest(req); err != nil { 7399 cc.mu.Unlock() 7400 return nil, false, err 7401 } 7402 7403 body := req.Body 7404 contentLen := http2actualContentLength(req) 7405 hasBody := contentLen != 0 7406 7407 // TODO(bradfitz): this is a copy of the logic in net/http. Unify somewhere? 7408 var requestedGzip bool 7409 if !cc.t.disableCompression() && 7410 req.Header.Get("Accept-Encoding") == "" && 7411 req.Header.Get("Range") == "" && 7412 req.Method != "HEAD" { 7413 // Request gzip only, not deflate. Deflate is ambiguous and 7414 // not as universally supported anyway. 7415 // See: http://www.gzip.org/zlib/zlib_faq.html#faq38 7416 // 7417 // Note that we don't request this for HEAD requests, 7418 // due to a bug in nginx: 7419 // http://trac.nginx.org/nginx/ticket/358 7420 // https://golang.org/issue/5522 7421 // 7422 // We don't request gzip if the request is for a range, since 7423 // auto-decoding a portion of a gzipped document will just fail 7424 // anyway. See https://golang.org/issue/8923 7425 requestedGzip = true 7426 } 7427 7428 // we send: HEADERS{1}, CONTINUATION{0,} + DATA{0,} (DATA is 7429 // sent by writeRequestBody below, along with any Trailers, 7430 // again in form HEADERS{1}, CONTINUATION{0,}) 7431 hdrs, err := cc.encodeHeaders(req, requestedGzip, trailers, contentLen) 7432 if err != nil { 7433 cc.mu.Unlock() 7434 return nil, false, err 7435 } 7436 7437 cs := cc.newStream() 7438 cs.req = req 7439 cs.trace = httptrace.ContextClientTrace(req.Context()) 7440 cs.requestedGzip = requestedGzip 7441 bodyWriter := cc.t.getBodyWriterState(cs, body) 7442 cs.on100 = bodyWriter.on100 7443 7444 cc.wmu.Lock() 7445 endStream := !hasBody && !hasTrailers 7446 werr := cc.writeHeaders(cs.ID, endStream, int(cc.maxFrameSize), hdrs) 7447 cc.wmu.Unlock() 7448 http2traceWroteHeaders(cs.trace) 7449 cc.mu.Unlock() 7450 7451 if werr != nil { 7452 if hasBody { 7453 req.Body.Close() // per RoundTripper contract 7454 bodyWriter.cancel() 7455 } 7456 cc.forgetStreamID(cs.ID) 7457 // Don't bother sending a RST_STREAM (our write already failed; 7458 // no need to keep writing) 7459 http2traceWroteRequest(cs.trace, werr) 7460 return nil, false, werr 7461 } 7462 7463 var respHeaderTimer <-chan time.Time 7464 if hasBody { 7465 bodyWriter.scheduleBodyWrite() 7466 } else { 7467 http2traceWroteRequest(cs.trace, nil) 7468 if d := cc.responseHeaderTimeout(); d != 0 { 7469 timer := time.NewTimer(d) 7470 defer timer.Stop() 7471 respHeaderTimer = timer.C 7472 } 7473 } 7474 7475 readLoopResCh := cs.resc 7476 bodyWritten := false 7477 ctx := req.Context() 7478 7479 handleReadLoopResponse := func(re http2resAndError) (*Response, bool, error) { 7480 res := re.res 7481 if re.err != nil || res.StatusCode > 299 { 7482 // On error or status code 3xx, 4xx, 5xx, etc abort any 7483 // ongoing write, assuming that the server doesn't care 7484 // about our request body. If the server replied with 1xx or 7485 // 2xx, however, then assume the server DOES potentially 7486 // want our body (e.g. full-duplex streaming: 7487 // golang.org/issue/13444). If it turns out the server 7488 // doesn't, they'll RST_STREAM us soon enough. This is a 7489 // heuristic to avoid adding knobs to Transport. Hopefully 7490 // we can keep it. 7491 bodyWriter.cancel() 7492 cs.abortRequestBodyWrite(http2errStopReqBodyWrite) 7493 } 7494 if re.err != nil { 7495 cc.forgetStreamID(cs.ID) 7496 return nil, cs.getStartedWrite(), re.err 7497 } 7498 res.Request = req 7499 res.TLS = cc.tlsState 7500 return res, false, nil 7501 } 7502 7503 for { 7504 select { 7505 case re := <-readLoopResCh: 7506 return handleReadLoopResponse(re) 7507 case <-respHeaderTimer: 7508 if !hasBody || bodyWritten { 7509 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 7510 } else { 7511 bodyWriter.cancel() 7512 cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel) 7513 } 7514 cc.forgetStreamID(cs.ID) 7515 return nil, cs.getStartedWrite(), http2errTimeout 7516 case <-ctx.Done(): 7517 if !hasBody || bodyWritten { 7518 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 7519 } else { 7520 bodyWriter.cancel() 7521 cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel) 7522 } 7523 cc.forgetStreamID(cs.ID) 7524 return nil, cs.getStartedWrite(), ctx.Err() 7525 case <-req.Cancel: 7526 if !hasBody || bodyWritten { 7527 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 7528 } else { 7529 bodyWriter.cancel() 7530 cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel) 7531 } 7532 cc.forgetStreamID(cs.ID) 7533 return nil, cs.getStartedWrite(), http2errRequestCanceled 7534 case <-cs.peerReset: 7535 // processResetStream already removed the 7536 // stream from the streams map; no need for 7537 // forgetStreamID. 7538 return nil, cs.getStartedWrite(), cs.resetErr 7539 case err := <-bodyWriter.resc: 7540 // Prefer the read loop's response, if available. Issue 16102. 7541 select { 7542 case re := <-readLoopResCh: 7543 return handleReadLoopResponse(re) 7544 default: 7545 } 7546 if err != nil { 7547 cc.forgetStreamID(cs.ID) 7548 return nil, cs.getStartedWrite(), err 7549 } 7550 bodyWritten = true 7551 if d := cc.responseHeaderTimeout(); d != 0 { 7552 timer := time.NewTimer(d) 7553 defer timer.Stop() 7554 respHeaderTimer = timer.C 7555 } 7556 } 7557 } 7558 } 7559 7560 // awaitOpenSlotForRequest waits until len(streams) < maxConcurrentStreams. 7561 // Must hold cc.mu. 7562 func (cc *http2ClientConn) awaitOpenSlotForRequest(req *Request) error { 7563 var waitingForConn chan struct{} 7564 var waitingForConnErr error // guarded by cc.mu 7565 for { 7566 cc.lastActive = time.Now() 7567 if cc.closed || !cc.canTakeNewRequestLocked() { 7568 if waitingForConn != nil { 7569 close(waitingForConn) 7570 } 7571 return http2errClientConnUnusable 7572 } 7573 if int64(len(cc.streams))+1 <= int64(cc.maxConcurrentStreams) { 7574 if waitingForConn != nil { 7575 close(waitingForConn) 7576 } 7577 return nil 7578 } 7579 // Unfortunately, we cannot wait on a condition variable and channel at 7580 // the same time, so instead, we spin up a goroutine to check if the 7581 // request is canceled while we wait for a slot to open in the connection. 7582 if waitingForConn == nil { 7583 waitingForConn = make(chan struct{}) 7584 go func() { 7585 if err := http2awaitRequestCancel(req, waitingForConn); err != nil { 7586 cc.mu.Lock() 7587 waitingForConnErr = err 7588 cc.cond.Broadcast() 7589 cc.mu.Unlock() 7590 } 7591 }() 7592 } 7593 cc.pendingRequests++ 7594 cc.cond.Wait() 7595 cc.pendingRequests-- 7596 if waitingForConnErr != nil { 7597 return waitingForConnErr 7598 } 7599 } 7600 } 7601 7602 // requires cc.wmu be held 7603 func (cc *http2ClientConn) writeHeaders(streamID uint32, endStream bool, maxFrameSize int, hdrs []byte) error { 7604 first := true // first frame written (HEADERS is first, then CONTINUATION) 7605 for len(hdrs) > 0 && cc.werr == nil { 7606 chunk := hdrs 7607 if len(chunk) > maxFrameSize { 7608 chunk = chunk[:maxFrameSize] 7609 } 7610 hdrs = hdrs[len(chunk):] 7611 endHeaders := len(hdrs) == 0 7612 if first { 7613 cc.fr.WriteHeaders(http2HeadersFrameParam{ 7614 StreamID: streamID, 7615 BlockFragment: chunk, 7616 EndStream: endStream, 7617 EndHeaders: endHeaders, 7618 }) 7619 first = false 7620 } else { 7621 cc.fr.WriteContinuation(streamID, endHeaders, chunk) 7622 } 7623 } 7624 // TODO(bradfitz): this Flush could potentially block (as 7625 // could the WriteHeaders call(s) above), which means they 7626 // wouldn't respond to Request.Cancel being readable. That's 7627 // rare, but this should probably be in a goroutine. 7628 cc.bw.Flush() 7629 return cc.werr 7630 } 7631 7632 // internal error values; they don't escape to callers 7633 var ( 7634 // abort request body write; don't send cancel 7635 http2errStopReqBodyWrite = errors.New("http2: aborting request body write") 7636 7637 // abort request body write, but send stream reset of cancel. 7638 http2errStopReqBodyWriteAndCancel = errors.New("http2: canceling request") 7639 ) 7640 7641 func (cs *http2clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) (err error) { 7642 cc := cs.cc 7643 sentEnd := false // whether we sent the final DATA frame w/ END_STREAM 7644 buf := cc.frameScratchBuffer() 7645 defer cc.putFrameScratchBuffer(buf) 7646 7647 defer func() { 7648 http2traceWroteRequest(cs.trace, err) 7649 // TODO: write h12Compare test showing whether 7650 // Request.Body is closed by the Transport, 7651 // and in multiple cases: server replies <=299 and >299 7652 // while still writing request body 7653 cerr := bodyCloser.Close() 7654 if err == nil { 7655 err = cerr 7656 } 7657 }() 7658 7659 req := cs.req 7660 hasTrailers := req.Trailer != nil 7661 7662 var sawEOF bool 7663 for !sawEOF { 7664 n, err := body.Read(buf) 7665 if err == io.EOF { 7666 sawEOF = true 7667 err = nil 7668 } else if err != nil { 7669 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, err) 7670 return err 7671 } 7672 7673 remain := buf[:n] 7674 for len(remain) > 0 && err == nil { 7675 var allowed int32 7676 allowed, err = cs.awaitFlowControl(len(remain)) 7677 switch { 7678 case err == http2errStopReqBodyWrite: 7679 return err 7680 case err == http2errStopReqBodyWriteAndCancel: 7681 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 7682 return err 7683 case err != nil: 7684 return err 7685 } 7686 cc.wmu.Lock() 7687 data := remain[:allowed] 7688 remain = remain[allowed:] 7689 sentEnd = sawEOF && len(remain) == 0 && !hasTrailers 7690 err = cc.fr.WriteData(cs.ID, sentEnd, data) 7691 if err == nil { 7692 // TODO(bradfitz): this flush is for latency, not bandwidth. 7693 // Most requests won't need this. Make this opt-in or 7694 // opt-out? Use some heuristic on the body type? Nagel-like 7695 // timers? Based on 'n'? Only last chunk of this for loop, 7696 // unless flow control tokens are low? For now, always. 7697 // If we change this, see comment below. 7698 err = cc.bw.Flush() 7699 } 7700 cc.wmu.Unlock() 7701 } 7702 if err != nil { 7703 return err 7704 } 7705 } 7706 7707 if sentEnd { 7708 // Already sent END_STREAM (which implies we have no 7709 // trailers) and flushed, because currently all 7710 // WriteData frames above get a flush. So we're done. 7711 return nil 7712 } 7713 7714 var trls []byte 7715 if hasTrailers { 7716 cc.mu.Lock() 7717 trls, err = cc.encodeTrailers(req) 7718 cc.mu.Unlock() 7719 if err != nil { 7720 cc.writeStreamReset(cs.ID, http2ErrCodeInternal, err) 7721 cc.forgetStreamID(cs.ID) 7722 return err 7723 } 7724 } 7725 7726 cc.mu.Lock() 7727 maxFrameSize := int(cc.maxFrameSize) 7728 cc.mu.Unlock() 7729 7730 cc.wmu.Lock() 7731 defer cc.wmu.Unlock() 7732 7733 // Two ways to send END_STREAM: either with trailers, or 7734 // with an empty DATA frame. 7735 if len(trls) > 0 { 7736 err = cc.writeHeaders(cs.ID, true, maxFrameSize, trls) 7737 } else { 7738 err = cc.fr.WriteData(cs.ID, true, nil) 7739 } 7740 if ferr := cc.bw.Flush(); ferr != nil && err == nil { 7741 err = ferr 7742 } 7743 return err 7744 } 7745 7746 // awaitFlowControl waits for [1, min(maxBytes, cc.cs.maxFrameSize)] flow 7747 // control tokens from the server. 7748 // It returns either the non-zero number of tokens taken or an error 7749 // if the stream is dead. 7750 func (cs *http2clientStream) awaitFlowControl(maxBytes int) (taken int32, err error) { 7751 cc := cs.cc 7752 cc.mu.Lock() 7753 defer cc.mu.Unlock() 7754 for { 7755 if cc.closed { 7756 return 0, http2errClientConnClosed 7757 } 7758 if cs.stopReqBody != nil { 7759 return 0, cs.stopReqBody 7760 } 7761 if err := cs.checkResetOrDone(); err != nil { 7762 return 0, err 7763 } 7764 if a := cs.flow.available(); a > 0 { 7765 take := a 7766 if int(take) > maxBytes { 7767 7768 take = int32(maxBytes) // can't truncate int; take is int32 7769 } 7770 if take > int32(cc.maxFrameSize) { 7771 take = int32(cc.maxFrameSize) 7772 } 7773 cs.flow.take(take) 7774 return take, nil 7775 } 7776 cc.cond.Wait() 7777 } 7778 } 7779 7780 type http2badStringError struct { 7781 what string 7782 str string 7783 } 7784 7785 func (e *http2badStringError) Error() string { return fmt.Sprintf("%s %q", e.what, e.str) } 7786 7787 // requires cc.mu be held. 7788 func (cc *http2ClientConn) encodeHeaders(req *Request, addGzipHeader bool, trailers string, contentLength int64) ([]byte, error) { 7789 cc.hbuf.Reset() 7790 7791 host := req.Host 7792 if host == "" { 7793 host = req.URL.Host 7794 } 7795 host, err := httpguts.PunycodeHostPort(host) 7796 if err != nil { 7797 return nil, err 7798 } 7799 7800 var path string 7801 if req.Method != "CONNECT" { 7802 path = req.URL.RequestURI() 7803 if !http2validPseudoPath(path) { 7804 orig := path 7805 path = strings.TrimPrefix(path, req.URL.Scheme+"://"+host) 7806 if !http2validPseudoPath(path) { 7807 if req.URL.Opaque != "" { 7808 return nil, fmt.Errorf("invalid request :path %q from URL.Opaque = %q", orig, req.URL.Opaque) 7809 } else { 7810 return nil, fmt.Errorf("invalid request :path %q", orig) 7811 } 7812 } 7813 } 7814 } 7815 7816 // Check for any invalid headers and return an error before we 7817 // potentially pollute our hpack state. (We want to be able to 7818 // continue to reuse the hpack encoder for future requests) 7819 for k, vv := range req.Header { 7820 if !httpguts.ValidHeaderFieldName(k) { 7821 return nil, fmt.Errorf("invalid HTTP header name %q", k) 7822 } 7823 for _, v := range vv { 7824 if !httpguts.ValidHeaderFieldValue(v) { 7825 return nil, fmt.Errorf("invalid HTTP header value %q for header %q", v, k) 7826 } 7827 } 7828 } 7829 7830 enumerateHeaders := func(f func(name, value string)) { 7831 // 8.1.2.3 Request Pseudo-Header Fields 7832 // The :path pseudo-header field includes the path and query parts of the 7833 // target URI (the path-absolute production and optionally a '?' character 7834 // followed by the query production (see Sections 3.3 and 3.4 of 7835 // [RFC3986]). 7836 f(":authority", host) 7837 f(":method", req.Method) 7838 if req.Method != "CONNECT" { 7839 f(":path", path) 7840 f(":scheme", req.URL.Scheme) 7841 } 7842 if trailers != "" { 7843 f("trailer", trailers) 7844 } 7845 7846 var didUA bool 7847 for k, vv := range req.Header { 7848 if strings.EqualFold(k, "host") || strings.EqualFold(k, "content-length") { 7849 // Host is :authority, already sent. 7850 // Content-Length is automatic, set below. 7851 continue 7852 } else if strings.EqualFold(k, "connection") || strings.EqualFold(k, "proxy-connection") || 7853 strings.EqualFold(k, "transfer-encoding") || strings.EqualFold(k, "upgrade") || 7854 strings.EqualFold(k, "keep-alive") { 7855 // Per 8.1.2.2 Connection-Specific Header 7856 // Fields, don't send connection-specific 7857 // fields. We have already checked if any 7858 // are error-worthy so just ignore the rest. 7859 continue 7860 } else if strings.EqualFold(k, "user-agent") { 7861 // Match Go's http1 behavior: at most one 7862 // User-Agent. If set to nil or empty string, 7863 // then omit it. Otherwise if not mentioned, 7864 // include the default (below). 7865 didUA = true 7866 if len(vv) < 1 { 7867 continue 7868 } 7869 vv = vv[:1] 7870 if vv[0] == "" { 7871 continue 7872 } 7873 7874 } 7875 7876 for _, v := range vv { 7877 f(k, v) 7878 } 7879 } 7880 if http2shouldSendReqContentLength(req.Method, contentLength) { 7881 f("content-length", strconv.FormatInt(contentLength, 10)) 7882 } 7883 if addGzipHeader { 7884 f("accept-encoding", "gzip") 7885 } 7886 if !didUA { 7887 f("user-agent", http2defaultUserAgent) 7888 } 7889 } 7890 7891 // Do a first pass over the headers counting bytes to ensure 7892 // we don't exceed cc.peerMaxHeaderListSize. This is done as a 7893 // separate pass before encoding the headers to prevent 7894 // modifying the hpack state. 7895 hlSize := uint64(0) 7896 enumerateHeaders(func(name, value string) { 7897 hf := hpack.HeaderField{Name: name, Value: value} 7898 hlSize += uint64(hf.Size()) 7899 }) 7900 7901 if hlSize > cc.peerMaxHeaderListSize { 7902 return nil, http2errRequestHeaderListSize 7903 } 7904 7905 trace := httptrace.ContextClientTrace(req.Context()) 7906 traceHeaders := http2traceHasWroteHeaderField(trace) 7907 7908 // Header list size is ok. Write the headers. 7909 enumerateHeaders(func(name, value string) { 7910 name = strings.ToLower(name) 7911 cc.writeHeader(name, value) 7912 if traceHeaders { 7913 http2traceWroteHeaderField(trace, name, value) 7914 } 7915 }) 7916 7917 return cc.hbuf.Bytes(), nil 7918 } 7919 7920 // shouldSendReqContentLength reports whether the http2.Transport should send 7921 // a "content-length" request header. This logic is basically a copy of the net/http 7922 // transferWriter.shouldSendContentLength. 7923 // The contentLength is the corrected contentLength (so 0 means actually 0, not unknown). 7924 // -1 means unknown. 7925 func http2shouldSendReqContentLength(method string, contentLength int64) bool { 7926 if contentLength > 0 { 7927 return true 7928 } 7929 if contentLength < 0 { 7930 return false 7931 } 7932 // For zero bodies, whether we send a content-length depends on the method. 7933 // It also kinda doesn't matter for http2 either way, with END_STREAM. 7934 switch method { 7935 case "POST", "PUT", "PATCH": 7936 return true 7937 default: 7938 return false 7939 } 7940 } 7941 7942 // requires cc.mu be held. 7943 func (cc *http2ClientConn) encodeTrailers(req *Request) ([]byte, error) { 7944 cc.hbuf.Reset() 7945 7946 hlSize := uint64(0) 7947 for k, vv := range req.Trailer { 7948 for _, v := range vv { 7949 hf := hpack.HeaderField{Name: k, Value: v} 7950 hlSize += uint64(hf.Size()) 7951 } 7952 } 7953 if hlSize > cc.peerMaxHeaderListSize { 7954 return nil, http2errRequestHeaderListSize 7955 } 7956 7957 for k, vv := range req.Trailer { 7958 // Transfer-Encoding, etc.. have already been filtered at the 7959 // start of RoundTrip 7960 lowKey := strings.ToLower(k) 7961 for _, v := range vv { 7962 cc.writeHeader(lowKey, v) 7963 } 7964 } 7965 return cc.hbuf.Bytes(), nil 7966 } 7967 7968 func (cc *http2ClientConn) writeHeader(name, value string) { 7969 if http2VerboseLogs { 7970 log.Printf("http2: Transport encoding header %q = %q", name, value) 7971 } 7972 cc.henc.WriteField(hpack.HeaderField{Name: name, Value: value}) 7973 } 7974 7975 type http2resAndError struct { 7976 res *Response 7977 err error 7978 } 7979 7980 // requires cc.mu be held. 7981 func (cc *http2ClientConn) newStream() *http2clientStream { 7982 cs := &http2clientStream{ 7983 cc: cc, 7984 ID: cc.nextStreamID, 7985 resc: make(chan http2resAndError, 1), 7986 peerReset: make(chan struct{}), 7987 done: make(chan struct{}), 7988 } 7989 cs.flow.add(int32(cc.initialWindowSize)) 7990 cs.flow.setConnFlow(&cc.flow) 7991 cs.inflow.add(http2transportDefaultStreamFlow) 7992 cs.inflow.setConnFlow(&cc.inflow) 7993 cc.nextStreamID += 2 7994 cc.streams[cs.ID] = cs 7995 return cs 7996 } 7997 7998 func (cc *http2ClientConn) forgetStreamID(id uint32) { 7999 cc.streamByID(id, true) 8000 } 8001 8002 func (cc *http2ClientConn) streamByID(id uint32, andRemove bool) *http2clientStream { 8003 cc.mu.Lock() 8004 defer cc.mu.Unlock() 8005 cs := cc.streams[id] 8006 if andRemove && cs != nil && !cc.closed { 8007 cc.lastActive = time.Now() 8008 delete(cc.streams, id) 8009 if len(cc.streams) == 0 && cc.idleTimer != nil { 8010 cc.idleTimer.Reset(cc.idleTimeout) 8011 } 8012 close(cs.done) 8013 // Wake up checkResetOrDone via clientStream.awaitFlowControl and 8014 // wake up RoundTrip if there is a pending request. 8015 cc.cond.Broadcast() 8016 } 8017 return cs 8018 } 8019 8020 // clientConnReadLoop is the state owned by the clientConn's frame-reading readLoop. 8021 type http2clientConnReadLoop struct { 8022 cc *http2ClientConn 8023 closeWhenIdle bool 8024 } 8025 8026 // readLoop runs in its own goroutine and reads and dispatches frames. 8027 func (cc *http2ClientConn) readLoop() { 8028 rl := &http2clientConnReadLoop{cc: cc} 8029 defer rl.cleanup() 8030 cc.readerErr = rl.run() 8031 if ce, ok := cc.readerErr.(http2ConnectionError); ok { 8032 cc.wmu.Lock() 8033 cc.fr.WriteGoAway(0, http2ErrCode(ce), nil) 8034 cc.wmu.Unlock() 8035 } 8036 } 8037 8038 // GoAwayError is returned by the Transport when the server closes the 8039 // TCP connection after sending a GOAWAY frame. 8040 type http2GoAwayError struct { 8041 LastStreamID uint32 8042 ErrCode http2ErrCode 8043 DebugData string 8044 } 8045 8046 func (e http2GoAwayError) Error() string { 8047 return fmt.Sprintf("http2: server sent GOAWAY and closed the connection; LastStreamID=%v, ErrCode=%v, debug=%q", 8048 e.LastStreamID, e.ErrCode, e.DebugData) 8049 } 8050 8051 func http2isEOFOrNetReadError(err error) bool { 8052 if err == io.EOF { 8053 return true 8054 } 8055 ne, ok := err.(*net.OpError) 8056 return ok && ne.Op == "read" 8057 } 8058 8059 func (rl *http2clientConnReadLoop) cleanup() { 8060 cc := rl.cc 8061 defer cc.tconn.Close() 8062 defer cc.t.connPool().MarkDead(cc) 8063 defer close(cc.readerDone) 8064 8065 if cc.idleTimer != nil { 8066 cc.idleTimer.Stop() 8067 } 8068 8069 // Close any response bodies if the server closes prematurely. 8070 // TODO: also do this if we've written the headers but not 8071 // gotten a response yet. 8072 err := cc.readerErr 8073 cc.mu.Lock() 8074 if cc.goAway != nil && http2isEOFOrNetReadError(err) { 8075 err = http2GoAwayError{ 8076 LastStreamID: cc.goAway.LastStreamID, 8077 ErrCode: cc.goAway.ErrCode, 8078 DebugData: cc.goAwayDebug, 8079 } 8080 } else if err == io.EOF { 8081 err = io.ErrUnexpectedEOF 8082 } 8083 for _, cs := range cc.streams { 8084 cs.bufPipe.CloseWithError(err) // no-op if already closed 8085 select { 8086 case cs.resc <- http2resAndError{err: err}: 8087 default: 8088 } 8089 close(cs.done) 8090 } 8091 cc.closed = true 8092 cc.cond.Broadcast() 8093 cc.mu.Unlock() 8094 } 8095 8096 func (rl *http2clientConnReadLoop) run() error { 8097 cc := rl.cc 8098 rl.closeWhenIdle = cc.t.disableKeepAlives() || cc.singleUse 8099 gotReply := false // ever saw a HEADERS reply 8100 gotSettings := false 8101 for { 8102 f, err := cc.fr.ReadFrame() 8103 if err != nil { 8104 cc.vlogf("http2: Transport readFrame error on conn %p: (%T) %v", cc, err, err) 8105 } 8106 if se, ok := err.(http2StreamError); ok { 8107 if cs := cc.streamByID(se.StreamID, false); cs != nil { 8108 cs.cc.writeStreamReset(cs.ID, se.Code, err) 8109 cs.cc.forgetStreamID(cs.ID) 8110 if se.Cause == nil { 8111 se.Cause = cc.fr.errDetail 8112 } 8113 rl.endStreamError(cs, se) 8114 } 8115 continue 8116 } else if err != nil { 8117 return err 8118 } 8119 if http2VerboseLogs { 8120 cc.vlogf("http2: Transport received %s", http2summarizeFrame(f)) 8121 } 8122 if !gotSettings { 8123 if _, ok := f.(*http2SettingsFrame); !ok { 8124 cc.logf("protocol error: received %T before a SETTINGS frame", f) 8125 return http2ConnectionError(http2ErrCodeProtocol) 8126 } 8127 gotSettings = true 8128 } 8129 maybeIdle := false // whether frame might transition us to idle 8130 8131 switch f := f.(type) { 8132 case *http2MetaHeadersFrame: 8133 err = rl.processHeaders(f) 8134 maybeIdle = true 8135 gotReply = true 8136 case *http2DataFrame: 8137 err = rl.processData(f) 8138 maybeIdle = true 8139 case *http2GoAwayFrame: 8140 err = rl.processGoAway(f) 8141 maybeIdle = true 8142 case *http2RSTStreamFrame: 8143 err = rl.processResetStream(f) 8144 maybeIdle = true 8145 case *http2SettingsFrame: 8146 err = rl.processSettings(f) 8147 case *http2PushPromiseFrame: 8148 err = rl.processPushPromise(f) 8149 case *http2WindowUpdateFrame: 8150 err = rl.processWindowUpdate(f) 8151 case *http2PingFrame: 8152 err = rl.processPing(f) 8153 default: 8154 cc.logf("Transport: unhandled response frame type %T", f) 8155 } 8156 if err != nil { 8157 if http2VerboseLogs { 8158 cc.vlogf("http2: Transport conn %p received error from processing frame %v: %v", cc, http2summarizeFrame(f), err) 8159 } 8160 return err 8161 } 8162 if rl.closeWhenIdle && gotReply && maybeIdle { 8163 cc.closeIfIdle() 8164 } 8165 } 8166 } 8167 8168 func (rl *http2clientConnReadLoop) processHeaders(f *http2MetaHeadersFrame) error { 8169 cc := rl.cc 8170 cs := cc.streamByID(f.StreamID, false) 8171 if cs == nil { 8172 // We'd get here if we canceled a request while the 8173 // server had its response still in flight. So if this 8174 // was just something we canceled, ignore it. 8175 return nil 8176 } 8177 if f.StreamEnded() { 8178 // Issue 20521: If the stream has ended, streamByID() causes 8179 // clientStream.done to be closed, which causes the request's bodyWriter 8180 // to be closed with an errStreamClosed, which may be received by 8181 // clientConn.RoundTrip before the result of processing these headers. 8182 // Deferring stream closure allows the header processing to occur first. 8183 // clientConn.RoundTrip may still receive the bodyWriter error first, but 8184 // the fix for issue 16102 prioritises any response. 8185 // 8186 // Issue 22413: If there is no request body, we should close the 8187 // stream before writing to cs.resc so that the stream is closed 8188 // immediately once RoundTrip returns. 8189 if cs.req.Body != nil { 8190 defer cc.forgetStreamID(f.StreamID) 8191 } else { 8192 cc.forgetStreamID(f.StreamID) 8193 } 8194 } 8195 if !cs.firstByte { 8196 if cs.trace != nil { 8197 // TODO(bradfitz): move first response byte earlier, 8198 // when we first read the 9 byte header, not waiting 8199 // until all the HEADERS+CONTINUATION frames have been 8200 // merged. This works for now. 8201 http2traceFirstResponseByte(cs.trace) 8202 } 8203 cs.firstByte = true 8204 } 8205 if !cs.pastHeaders { 8206 cs.pastHeaders = true 8207 } else { 8208 return rl.processTrailers(cs, f) 8209 } 8210 8211 res, err := rl.handleResponse(cs, f) 8212 if err != nil { 8213 if _, ok := err.(http2ConnectionError); ok { 8214 return err 8215 } 8216 // Any other error type is a stream error. 8217 cs.cc.writeStreamReset(f.StreamID, http2ErrCodeProtocol, err) 8218 cc.forgetStreamID(cs.ID) 8219 cs.resc <- http2resAndError{err: err} 8220 return nil // return nil from process* funcs to keep conn alive 8221 } 8222 if res == nil { 8223 // (nil, nil) special case. See handleResponse docs. 8224 return nil 8225 } 8226 cs.resTrailer = &res.Trailer 8227 cs.resc <- http2resAndError{res: res} 8228 return nil 8229 } 8230 8231 // may return error types nil, or ConnectionError. Any other error value 8232 // is a StreamError of type ErrCodeProtocol. The returned error in that case 8233 // is the detail. 8234 // 8235 // As a special case, handleResponse may return (nil, nil) to skip the 8236 // frame (currently only used for 1xx responses). 8237 func (rl *http2clientConnReadLoop) handleResponse(cs *http2clientStream, f *http2MetaHeadersFrame) (*Response, error) { 8238 if f.Truncated { 8239 return nil, http2errResponseHeaderListSize 8240 } 8241 8242 status := f.PseudoValue("status") 8243 if status == "" { 8244 return nil, errors.New("malformed response from server: missing status pseudo header") 8245 } 8246 statusCode, err := strconv.Atoi(status) 8247 if err != nil { 8248 return nil, errors.New("malformed response from server: malformed non-numeric status pseudo header") 8249 } 8250 8251 header := make(Header) 8252 res := &Response{ 8253 Proto: "HTTP/2.0", 8254 ProtoMajor: 2, 8255 Header: header, 8256 StatusCode: statusCode, 8257 Status: status + " " + StatusText(statusCode), 8258 } 8259 for _, hf := range f.RegularFields() { 8260 key := CanonicalHeaderKey(hf.Name) 8261 if key == "Trailer" { 8262 t := res.Trailer 8263 if t == nil { 8264 t = make(Header) 8265 res.Trailer = t 8266 } 8267 http2foreachHeaderElement(hf.Value, func(v string) { 8268 t[CanonicalHeaderKey(v)] = nil 8269 }) 8270 } else { 8271 header[key] = append(header[key], hf.Value) 8272 } 8273 } 8274 8275 if statusCode >= 100 && statusCode <= 199 { 8276 cs.num1xx++ 8277 const max1xxResponses = 5 // arbitrary bound on number of informational responses, same as net/http 8278 if cs.num1xx > max1xxResponses { 8279 return nil, errors.New("http2: too many 1xx informational responses") 8280 } 8281 if fn := cs.get1xxTraceFunc(); fn != nil { 8282 if err := fn(statusCode, textproto.MIMEHeader(header)); err != nil { 8283 return nil, err 8284 } 8285 } 8286 if statusCode == 100 { 8287 http2traceGot100Continue(cs.trace) 8288 if cs.on100 != nil { 8289 cs.on100() // forces any write delay timer to fire 8290 } 8291 } 8292 cs.pastHeaders = false // do it all again 8293 return nil, nil 8294 } 8295 8296 streamEnded := f.StreamEnded() 8297 isHead := cs.req.Method == "HEAD" 8298 if !streamEnded || isHead { 8299 res.ContentLength = -1 8300 if clens := res.Header["Content-Length"]; len(clens) == 1 { 8301 if clen64, err := strconv.ParseInt(clens[0], 10, 64); err == nil { 8302 res.ContentLength = clen64 8303 } else { 8304 // TODO: care? unlike http/1, it won't mess up our framing, so it's 8305 // more safe smuggling-wise to ignore. 8306 } 8307 } else if len(clens) > 1 { 8308 // TODO: care? unlike http/1, it won't mess up our framing, so it's 8309 // more safe smuggling-wise to ignore. 8310 } 8311 } 8312 8313 if streamEnded || isHead { 8314 res.Body = http2noBody 8315 return res, nil 8316 } 8317 8318 cs.bufPipe = http2pipe{b: &http2dataBuffer{expected: res.ContentLength}} 8319 cs.bytesRemain = res.ContentLength 8320 res.Body = http2transportResponseBody{cs} 8321 go cs.awaitRequestCancel(cs.req) 8322 8323 if cs.requestedGzip && res.Header.Get("Content-Encoding") == "gzip" { 8324 res.Header.Del("Content-Encoding") 8325 res.Header.Del("Content-Length") 8326 res.ContentLength = -1 8327 res.Body = &http2gzipReader{body: res.Body} 8328 res.Uncompressed = true 8329 } 8330 return res, nil 8331 } 8332 8333 func (rl *http2clientConnReadLoop) processTrailers(cs *http2clientStream, f *http2MetaHeadersFrame) error { 8334 if cs.pastTrailers { 8335 // Too many HEADERS frames for this stream. 8336 return http2ConnectionError(http2ErrCodeProtocol) 8337 } 8338 cs.pastTrailers = true 8339 if !f.StreamEnded() { 8340 // We expect that any headers for trailers also 8341 // has END_STREAM. 8342 return http2ConnectionError(http2ErrCodeProtocol) 8343 } 8344 if len(f.PseudoFields()) > 0 { 8345 // No pseudo header fields are defined for trailers. 8346 // TODO: ConnectionError might be overly harsh? Check. 8347 return http2ConnectionError(http2ErrCodeProtocol) 8348 } 8349 8350 trailer := make(Header) 8351 for _, hf := range f.RegularFields() { 8352 key := CanonicalHeaderKey(hf.Name) 8353 trailer[key] = append(trailer[key], hf.Value) 8354 } 8355 cs.trailer = trailer 8356 8357 rl.endStream(cs) 8358 return nil 8359 } 8360 8361 // transportResponseBody is the concrete type of Transport.RoundTrip's 8362 // Response.Body. It is an io.ReadCloser. On Read, it reads from cs.body. 8363 // On Close it sends RST_STREAM if EOF wasn't already seen. 8364 type http2transportResponseBody struct { 8365 cs *http2clientStream 8366 } 8367 8368 func (b http2transportResponseBody) Read(p []byte) (n int, err error) { 8369 cs := b.cs 8370 cc := cs.cc 8371 8372 if cs.readErr != nil { 8373 return 0, cs.readErr 8374 } 8375 n, err = b.cs.bufPipe.Read(p) 8376 if cs.bytesRemain != -1 { 8377 if int64(n) > cs.bytesRemain { 8378 n = int(cs.bytesRemain) 8379 if err == nil { 8380 err = errors.New("net/http: server replied with more than declared Content-Length; truncated") 8381 cc.writeStreamReset(cs.ID, http2ErrCodeProtocol, err) 8382 } 8383 cs.readErr = err 8384 return int(cs.bytesRemain), err 8385 } 8386 cs.bytesRemain -= int64(n) 8387 if err == io.EOF && cs.bytesRemain > 0 { 8388 err = io.ErrUnexpectedEOF 8389 cs.readErr = err 8390 return n, err 8391 } 8392 } 8393 if n == 0 { 8394 // No flow control tokens to send back. 8395 return 8396 } 8397 8398 cc.mu.Lock() 8399 defer cc.mu.Unlock() 8400 8401 var connAdd, streamAdd int32 8402 // Check the conn-level first, before the stream-level. 8403 if v := cc.inflow.available(); v < http2transportDefaultConnFlow/2 { 8404 connAdd = http2transportDefaultConnFlow - v 8405 cc.inflow.add(connAdd) 8406 } 8407 if err == nil { // No need to refresh if the stream is over or failed. 8408 // Consider any buffered body data (read from the conn but not 8409 // consumed by the client) when computing flow control for this 8410 // stream. 8411 v := int(cs.inflow.available()) + cs.bufPipe.Len() 8412 if v < http2transportDefaultStreamFlow-http2transportDefaultStreamMinRefresh { 8413 streamAdd = int32(http2transportDefaultStreamFlow - v) 8414 cs.inflow.add(streamAdd) 8415 } 8416 } 8417 if connAdd != 0 || streamAdd != 0 { 8418 cc.wmu.Lock() 8419 defer cc.wmu.Unlock() 8420 if connAdd != 0 { 8421 cc.fr.WriteWindowUpdate(0, http2mustUint31(connAdd)) 8422 } 8423 if streamAdd != 0 { 8424 cc.fr.WriteWindowUpdate(cs.ID, http2mustUint31(streamAdd)) 8425 } 8426 cc.bw.Flush() 8427 } 8428 return 8429 } 8430 8431 var http2errClosedResponseBody = errors.New("http2: response body closed") 8432 8433 func (b http2transportResponseBody) Close() error { 8434 cs := b.cs 8435 cc := cs.cc 8436 8437 serverSentStreamEnd := cs.bufPipe.Err() == io.EOF 8438 unread := cs.bufPipe.Len() 8439 8440 if unread > 0 || !serverSentStreamEnd { 8441 cc.mu.Lock() 8442 cc.wmu.Lock() 8443 if !serverSentStreamEnd { 8444 cc.fr.WriteRSTStream(cs.ID, http2ErrCodeCancel) 8445 cs.didReset = true 8446 } 8447 // Return connection-level flow control. 8448 if unread > 0 { 8449 cc.inflow.add(int32(unread)) 8450 cc.fr.WriteWindowUpdate(0, uint32(unread)) 8451 } 8452 cc.bw.Flush() 8453 cc.wmu.Unlock() 8454 cc.mu.Unlock() 8455 } 8456 8457 cs.bufPipe.BreakWithError(http2errClosedResponseBody) 8458 cc.forgetStreamID(cs.ID) 8459 return nil 8460 } 8461 8462 func (rl *http2clientConnReadLoop) processData(f *http2DataFrame) error { 8463 cc := rl.cc 8464 cs := cc.streamByID(f.StreamID, f.StreamEnded()) 8465 data := f.Data() 8466 if cs == nil { 8467 cc.mu.Lock() 8468 neverSent := cc.nextStreamID 8469 cc.mu.Unlock() 8470 if f.StreamID >= neverSent { 8471 // We never asked for this. 8472 cc.logf("http2: Transport received unsolicited DATA frame; closing connection") 8473 return http2ConnectionError(http2ErrCodeProtocol) 8474 } 8475 // We probably did ask for this, but canceled. Just ignore it. 8476 // TODO: be stricter here? only silently ignore things which 8477 // we canceled, but not things which were closed normally 8478 // by the peer? Tough without accumulating too much state. 8479 8480 // But at least return their flow control: 8481 if f.Length > 0 { 8482 cc.mu.Lock() 8483 cc.inflow.add(int32(f.Length)) 8484 cc.mu.Unlock() 8485 8486 cc.wmu.Lock() 8487 cc.fr.WriteWindowUpdate(0, uint32(f.Length)) 8488 cc.bw.Flush() 8489 cc.wmu.Unlock() 8490 } 8491 return nil 8492 } 8493 if !cs.firstByte { 8494 cc.logf("protocol error: received DATA before a HEADERS frame") 8495 rl.endStreamError(cs, http2StreamError{ 8496 StreamID: f.StreamID, 8497 Code: http2ErrCodeProtocol, 8498 }) 8499 return nil 8500 } 8501 if f.Length > 0 { 8502 if cs.req.Method == "HEAD" && len(data) > 0 { 8503 cc.logf("protocol error: received DATA on a HEAD request") 8504 rl.endStreamError(cs, http2StreamError{ 8505 StreamID: f.StreamID, 8506 Code: http2ErrCodeProtocol, 8507 }) 8508 return nil 8509 } 8510 // Check connection-level flow control. 8511 cc.mu.Lock() 8512 if cs.inflow.available() >= int32(f.Length) { 8513 cs.inflow.take(int32(f.Length)) 8514 } else { 8515 cc.mu.Unlock() 8516 return http2ConnectionError(http2ErrCodeFlowControl) 8517 } 8518 // Return any padded flow control now, since we won't 8519 // refund it later on body reads. 8520 var refund int 8521 if pad := int(f.Length) - len(data); pad > 0 { 8522 refund += pad 8523 } 8524 // Return len(data) now if the stream is already closed, 8525 // since data will never be read. 8526 didReset := cs.didReset 8527 if didReset { 8528 refund += len(data) 8529 } 8530 if refund > 0 { 8531 cc.inflow.add(int32(refund)) 8532 cc.wmu.Lock() 8533 cc.fr.WriteWindowUpdate(0, uint32(refund)) 8534 if !didReset { 8535 cs.inflow.add(int32(refund)) 8536 cc.fr.WriteWindowUpdate(cs.ID, uint32(refund)) 8537 } 8538 cc.bw.Flush() 8539 cc.wmu.Unlock() 8540 } 8541 cc.mu.Unlock() 8542 8543 if len(data) > 0 && !didReset { 8544 if _, err := cs.bufPipe.Write(data); err != nil { 8545 rl.endStreamError(cs, err) 8546 return err 8547 } 8548 } 8549 } 8550 8551 if f.StreamEnded() { 8552 rl.endStream(cs) 8553 } 8554 return nil 8555 } 8556 8557 var http2errInvalidTrailers = errors.New("http2: invalid trailers") 8558 8559 func (rl *http2clientConnReadLoop) endStream(cs *http2clientStream) { 8560 // TODO: check that any declared content-length matches, like 8561 // server.go's (*stream).endStream method. 8562 rl.endStreamError(cs, nil) 8563 } 8564 8565 func (rl *http2clientConnReadLoop) endStreamError(cs *http2clientStream, err error) { 8566 var code func() 8567 if err == nil { 8568 err = io.EOF 8569 code = cs.copyTrailers 8570 } 8571 if http2isConnectionCloseRequest(cs.req) { 8572 rl.closeWhenIdle = true 8573 } 8574 cs.bufPipe.closeWithErrorAndCode(err, code) 8575 8576 select { 8577 case cs.resc <- http2resAndError{err: err}: 8578 default: 8579 } 8580 } 8581 8582 func (cs *http2clientStream) copyTrailers() { 8583 for k, vv := range cs.trailer { 8584 t := cs.resTrailer 8585 if *t == nil { 8586 *t = make(Header) 8587 } 8588 (*t)[k] = vv 8589 } 8590 } 8591 8592 func (rl *http2clientConnReadLoop) processGoAway(f *http2GoAwayFrame) error { 8593 cc := rl.cc 8594 cc.t.connPool().MarkDead(cc) 8595 if f.ErrCode != 0 { 8596 // TODO: deal with GOAWAY more. particularly the error code 8597 cc.vlogf("transport got GOAWAY with error code = %v", f.ErrCode) 8598 } 8599 cc.setGoAway(f) 8600 return nil 8601 } 8602 8603 func (rl *http2clientConnReadLoop) processSettings(f *http2SettingsFrame) error { 8604 cc := rl.cc 8605 cc.mu.Lock() 8606 defer cc.mu.Unlock() 8607 8608 if f.IsAck() { 8609 if cc.wantSettingsAck { 8610 cc.wantSettingsAck = false 8611 return nil 8612 } 8613 return http2ConnectionError(http2ErrCodeProtocol) 8614 } 8615 8616 err := f.ForeachSetting(func(s http2Setting) error { 8617 switch s.ID { 8618 case http2SettingMaxFrameSize: 8619 cc.maxFrameSize = s.Val 8620 case http2SettingMaxConcurrentStreams: 8621 cc.maxConcurrentStreams = s.Val 8622 case http2SettingMaxHeaderListSize: 8623 cc.peerMaxHeaderListSize = uint64(s.Val) 8624 case http2SettingInitialWindowSize: 8625 // Values above the maximum flow-control 8626 // window size of 2^31-1 MUST be treated as a 8627 // connection error (Section 5.4.1) of type 8628 // FLOW_CONTROL_ERROR. 8629 if s.Val > math.MaxInt32 { 8630 return http2ConnectionError(http2ErrCodeFlowControl) 8631 } 8632 8633 // Adjust flow control of currently-open 8634 // frames by the difference of the old initial 8635 // window size and this one. 8636 delta := int32(s.Val) - int32(cc.initialWindowSize) 8637 for _, cs := range cc.streams { 8638 cs.flow.add(delta) 8639 } 8640 cc.cond.Broadcast() 8641 8642 cc.initialWindowSize = s.Val 8643 default: 8644 // TODO(bradfitz): handle more settings? SETTINGS_HEADER_TABLE_SIZE probably. 8645 cc.vlogf("Unhandled Setting: %v", s) 8646 } 8647 return nil 8648 }) 8649 if err != nil { 8650 return err 8651 } 8652 8653 cc.wmu.Lock() 8654 defer cc.wmu.Unlock() 8655 8656 cc.fr.WriteSettingsAck() 8657 cc.bw.Flush() 8658 return cc.werr 8659 } 8660 8661 func (rl *http2clientConnReadLoop) processWindowUpdate(f *http2WindowUpdateFrame) error { 8662 cc := rl.cc 8663 cs := cc.streamByID(f.StreamID, false) 8664 if f.StreamID != 0 && cs == nil { 8665 return nil 8666 } 8667 8668 cc.mu.Lock() 8669 defer cc.mu.Unlock() 8670 8671 fl := &cc.flow 8672 if cs != nil { 8673 fl = &cs.flow 8674 } 8675 if !fl.add(int32(f.Increment)) { 8676 return http2ConnectionError(http2ErrCodeFlowControl) 8677 } 8678 cc.cond.Broadcast() 8679 return nil 8680 } 8681 8682 func (rl *http2clientConnReadLoop) processResetStream(f *http2RSTStreamFrame) error { 8683 cs := rl.cc.streamByID(f.StreamID, true) 8684 if cs == nil { 8685 // TODO: return error if server tries to RST_STEAM an idle stream 8686 return nil 8687 } 8688 select { 8689 case <-cs.peerReset: 8690 // Already reset. 8691 // This is the only goroutine 8692 // which closes this, so there 8693 // isn't a race. 8694 default: 8695 err := http2streamError(cs.ID, f.ErrCode) 8696 cs.resetErr = err 8697 close(cs.peerReset) 8698 cs.bufPipe.CloseWithError(err) 8699 cs.cc.cond.Broadcast() // wake up checkResetOrDone via clientStream.awaitFlowControl 8700 } 8701 return nil 8702 } 8703 8704 // Ping sends a PING frame to the server and waits for the ack. 8705 func (cc *http2ClientConn) Ping(ctx context.Context) error { 8706 c := make(chan struct{}) 8707 // Generate a random payload 8708 var p [8]byte 8709 for { 8710 if _, err := rand.Read(p[:]); err != nil { 8711 return err 8712 } 8713 cc.mu.Lock() 8714 // check for dup before insert 8715 if _, found := cc.pings[p]; !found { 8716 cc.pings[p] = c 8717 cc.mu.Unlock() 8718 break 8719 } 8720 cc.mu.Unlock() 8721 } 8722 cc.wmu.Lock() 8723 if err := cc.fr.WritePing(false, p); err != nil { 8724 cc.wmu.Unlock() 8725 return err 8726 } 8727 if err := cc.bw.Flush(); err != nil { 8728 cc.wmu.Unlock() 8729 return err 8730 } 8731 cc.wmu.Unlock() 8732 select { 8733 case <-c: 8734 return nil 8735 case <-ctx.Done(): 8736 return ctx.Err() 8737 case <-cc.readerDone: 8738 // connection closed 8739 return cc.readerErr 8740 } 8741 } 8742 8743 func (rl *http2clientConnReadLoop) processPing(f *http2PingFrame) error { 8744 if f.IsAck() { 8745 cc := rl.cc 8746 cc.mu.Lock() 8747 defer cc.mu.Unlock() 8748 // If ack, notify listener if any 8749 if c, ok := cc.pings[f.Data]; ok { 8750 close(c) 8751 delete(cc.pings, f.Data) 8752 } 8753 return nil 8754 } 8755 cc := rl.cc 8756 cc.wmu.Lock() 8757 defer cc.wmu.Unlock() 8758 if err := cc.fr.WritePing(true, f.Data); err != nil { 8759 return err 8760 } 8761 return cc.bw.Flush() 8762 } 8763 8764 func (rl *http2clientConnReadLoop) processPushPromise(f *http2PushPromiseFrame) error { 8765 // We told the peer we don't want them. 8766 // Spec says: 8767 // "PUSH_PROMISE MUST NOT be sent if the SETTINGS_ENABLE_PUSH 8768 // setting of the peer endpoint is set to 0. An endpoint that 8769 // has set this setting and has received acknowledgement MUST 8770 // treat the receipt of a PUSH_PROMISE frame as a connection 8771 // error (Section 5.4.1) of type PROTOCOL_ERROR." 8772 return http2ConnectionError(http2ErrCodeProtocol) 8773 } 8774 8775 func (cc *http2ClientConn) writeStreamReset(streamID uint32, code http2ErrCode, err error) { 8776 // TODO: map err to more interesting error codes, once the 8777 // HTTP community comes up with some. But currently for 8778 // RST_STREAM there's no equivalent to GOAWAY frame's debug 8779 // data, and the error codes are all pretty vague ("cancel"). 8780 cc.wmu.Lock() 8781 cc.fr.WriteRSTStream(streamID, code) 8782 cc.bw.Flush() 8783 cc.wmu.Unlock() 8784 } 8785 8786 var ( 8787 http2errResponseHeaderListSize = errors.New("http2: response header list larger than advertised limit") 8788 http2errRequestHeaderListSize = errors.New("http2: request header list larger than peer's advertised limit") 8789 http2errPseudoTrailers = errors.New("http2: invalid pseudo header in trailers") 8790 ) 8791 8792 func (cc *http2ClientConn) logf(format string, args ...interface{}) { 8793 cc.t.logf(format, args...) 8794 } 8795 8796 func (cc *http2ClientConn) vlogf(format string, args ...interface{}) { 8797 cc.t.vlogf(format, args...) 8798 } 8799 8800 func (t *http2Transport) vlogf(format string, args ...interface{}) { 8801 if http2VerboseLogs { 8802 t.logf(format, args...) 8803 } 8804 } 8805 8806 func (t *http2Transport) logf(format string, args ...interface{}) { 8807 log.Printf(format, args...) 8808 } 8809 8810 var http2noBody io.ReadCloser = ioutil.NopCloser(bytes.NewReader(nil)) 8811 8812 func http2strSliceContains(ss []string, s string) bool { 8813 for _, v := range ss { 8814 if v == s { 8815 return true 8816 } 8817 } 8818 return false 8819 } 8820 8821 type http2erringRoundTripper struct{ err error } 8822 8823 func (rt http2erringRoundTripper) RoundTrip(*Request) (*Response, error) { return nil, rt.err } 8824 8825 // gzipReader wraps a response body so it can lazily 8826 // call gzip.NewReader on the first call to Read 8827 type http2gzipReader struct { 8828 body io.ReadCloser // underlying Response.Body 8829 zr *gzip.Reader // lazily-initialized gzip reader 8830 zerr error // sticky error 8831 } 8832 8833 func (gz *http2gzipReader) Read(p []byte) (n int, err error) { 8834 if gz.zerr != nil { 8835 return 0, gz.zerr 8836 } 8837 if gz.zr == nil { 8838 gz.zr, err = gzip.NewReader(gz.body) 8839 if err != nil { 8840 gz.zerr = err 8841 return 0, err 8842 } 8843 } 8844 return gz.zr.Read(p) 8845 } 8846 8847 func (gz *http2gzipReader) Close() error { 8848 return gz.body.Close() 8849 } 8850 8851 type http2errorReader struct{ err error } 8852 8853 func (r http2errorReader) Read(p []byte) (int, error) { return 0, r.err } 8854 8855 // bodyWriterState encapsulates various state around the Transport's writing 8856 // of the request body, particularly regarding doing delayed writes of the body 8857 // when the request contains "Expect: 100-continue". 8858 type http2bodyWriterState struct { 8859 cs *http2clientStream 8860 timer *time.Timer // if non-nil, we're doing a delayed write 8861 fnonce *sync.Once // to call fn with 8862 fn func() // the code to run in the goroutine, writing the body 8863 resc chan error // result of fn's execution 8864 delay time.Duration // how long we should delay a delayed write for 8865 } 8866 8867 func (t *http2Transport) getBodyWriterState(cs *http2clientStream, body io.Reader) (s http2bodyWriterState) { 8868 s.cs = cs 8869 if body == nil { 8870 return 8871 } 8872 resc := make(chan error, 1) 8873 s.resc = resc 8874 s.fn = func() { 8875 cs.cc.mu.Lock() 8876 cs.startedWrite = true 8877 cs.cc.mu.Unlock() 8878 resc <- cs.writeRequestBody(body, cs.req.Body) 8879 } 8880 s.delay = t.expectContinueTimeout() 8881 if s.delay == 0 || 8882 !httpguts.HeaderValuesContainsToken( 8883 cs.req.Header["Expect"], 8884 "100-continue") { 8885 return 8886 } 8887 s.fnonce = new(sync.Once) 8888 8889 // Arm the timer with a very large duration, which we'll 8890 // intentionally lower later. It has to be large now because 8891 // we need a handle to it before writing the headers, but the 8892 // s.delay value is defined to not start until after the 8893 // request headers were written. 8894 const hugeDuration = 365 * 24 * time.Hour 8895 s.timer = time.AfterFunc(hugeDuration, func() { 8896 s.fnonce.Do(s.fn) 8897 }) 8898 return 8899 } 8900 8901 func (s http2bodyWriterState) cancel() { 8902 if s.timer != nil { 8903 s.timer.Stop() 8904 } 8905 } 8906 8907 func (s http2bodyWriterState) on100() { 8908 if s.timer == nil { 8909 // If we didn't do a delayed write, ignore the server's 8910 // bogus 100 continue response. 8911 return 8912 } 8913 s.timer.Stop() 8914 go func() { s.fnonce.Do(s.fn) }() 8915 } 8916 8917 // scheduleBodyWrite starts writing the body, either immediately (in 8918 // the common case) or after the delay timeout. It should not be 8919 // called until after the headers have been written. 8920 func (s http2bodyWriterState) scheduleBodyWrite() { 8921 if s.timer == nil { 8922 // We're not doing a delayed write (see 8923 // getBodyWriterState), so just start the writing 8924 // goroutine immediately. 8925 go s.fn() 8926 return 8927 } 8928 http2traceWait100Continue(s.cs.trace) 8929 if s.timer.Stop() { 8930 s.timer.Reset(s.delay) 8931 } 8932 } 8933 8934 // isConnectionCloseRequest reports whether req should use its own 8935 // connection for a single request and then close the connection. 8936 func http2isConnectionCloseRequest(req *Request) bool { 8937 return req.Close || httpguts.HeaderValuesContainsToken(req.Header["Connection"], "close") 8938 } 8939 8940 // registerHTTPSProtocol calls Transport.RegisterProtocol but 8941 // converting panics into errors. 8942 func http2registerHTTPSProtocol(t *Transport, rt http2noDialH2RoundTripper) (err error) { 8943 defer func() { 8944 if e := recover(); e != nil { 8945 err = fmt.Errorf("%v", e) 8946 } 8947 }() 8948 t.RegisterProtocol("https", rt) 8949 return nil 8950 } 8951 8952 // noDialH2RoundTripper is a RoundTripper which only tries to complete the request 8953 // if there's already has a cached connection to the host. 8954 // (The field is exported so it can be accessed via reflect from net/http; tested 8955 // by TestNoDialH2RoundTripperType) 8956 type http2noDialH2RoundTripper struct{ *http2Transport } 8957 8958 func (rt http2noDialH2RoundTripper) RoundTrip(req *Request) (*Response, error) { 8959 res, err := rt.http2Transport.RoundTrip(req) 8960 if http2isNoCachedConnError(err) { 8961 return nil, ErrSkipAltProtocol 8962 } 8963 return res, err 8964 } 8965 8966 func (t *http2Transport) idleConnTimeout() time.Duration { 8967 if t.t1 != nil { 8968 return t.t1.IdleConnTimeout 8969 } 8970 return 0 8971 } 8972 8973 func http2traceGetConn(req *Request, hostPort string) { 8974 trace := httptrace.ContextClientTrace(req.Context()) 8975 if trace == nil || trace.GetConn == nil { 8976 return 8977 } 8978 trace.GetConn(hostPort) 8979 } 8980 8981 func http2traceGotConn(req *Request, cc *http2ClientConn) { 8982 trace := httptrace.ContextClientTrace(req.Context()) 8983 if trace == nil || trace.GotConn == nil { 8984 return 8985 } 8986 ci := httptrace.GotConnInfo{Conn: cc.tconn} 8987 cc.mu.Lock() 8988 ci.Reused = cc.nextStreamID > 1 8989 ci.WasIdle = len(cc.streams) == 0 && ci.Reused 8990 if ci.WasIdle && !cc.lastActive.IsZero() { 8991 ci.IdleTime = time.Now().Sub(cc.lastActive) 8992 } 8993 cc.mu.Unlock() 8994 8995 trace.GotConn(ci) 8996 } 8997 8998 func http2traceWroteHeaders(trace *httptrace.ClientTrace) { 8999 if trace != nil && trace.WroteHeaders != nil { 9000 trace.WroteHeaders() 9001 } 9002 } 9003 9004 func http2traceGot100Continue(trace *httptrace.ClientTrace) { 9005 if trace != nil && trace.Got100Continue != nil { 9006 trace.Got100Continue() 9007 } 9008 } 9009 9010 func http2traceWait100Continue(trace *httptrace.ClientTrace) { 9011 if trace != nil && trace.Wait100Continue != nil { 9012 trace.Wait100Continue() 9013 } 9014 } 9015 9016 func http2traceWroteRequest(trace *httptrace.ClientTrace, err error) { 9017 if trace != nil && trace.WroteRequest != nil { 9018 trace.WroteRequest(httptrace.WroteRequestInfo{Err: err}) 9019 } 9020 } 9021 9022 func http2traceFirstResponseByte(trace *httptrace.ClientTrace) { 9023 if trace != nil && trace.GotFirstResponseByte != nil { 9024 trace.GotFirstResponseByte() 9025 } 9026 } 9027 9028 // writeFramer is implemented by any type that is used to write frames. 9029 type http2writeFramer interface { 9030 writeFrame(http2writeContext) error 9031 9032 // staysWithinBuffer reports whether this writer promises that 9033 // it will only write less than or equal to size bytes, and it 9034 // won't Flush the write context. 9035 staysWithinBuffer(size int) bool 9036 } 9037 9038 // writeContext is the interface needed by the various frame writer 9039 // types below. All the writeFrame methods below are scheduled via the 9040 // frame writing scheduler (see writeScheduler in writesched.go). 9041 // 9042 // This interface is implemented by *serverConn. 9043 // 9044 // TODO: decide whether to a) use this in the client code (which didn't 9045 // end up using this yet, because it has a simpler design, not 9046 // currently implementing priorities), or b) delete this and 9047 // make the server code a bit more concrete. 9048 type http2writeContext interface { 9049 Framer() *http2Framer 9050 Flush() error 9051 CloseConn() error 9052 // HeaderEncoder returns an HPACK encoder that writes to the 9053 // returned buffer. 9054 HeaderEncoder() (*hpack.Encoder, *bytes.Buffer) 9055 } 9056 9057 // writeEndsStream reports whether w writes a frame that will transition 9058 // the stream to a half-closed local state. This returns false for RST_STREAM, 9059 // which closes the entire stream (not just the local half). 9060 func http2writeEndsStream(w http2writeFramer) bool { 9061 switch v := w.(type) { 9062 case *http2writeData: 9063 return v.endStream 9064 case *http2writeResHeaders: 9065 return v.endStream 9066 case nil: 9067 // This can only happen if the caller reuses w after it's 9068 // been intentionally nil'ed out to prevent use. Keep this 9069 // here to catch future refactoring breaking it. 9070 panic("writeEndsStream called on nil writeFramer") 9071 } 9072 return false 9073 } 9074 9075 type http2flushFrameWriter struct{} 9076 9077 func (http2flushFrameWriter) writeFrame(ctx http2writeContext) error { 9078 return ctx.Flush() 9079 } 9080 9081 func (http2flushFrameWriter) staysWithinBuffer(max int) bool { return false } 9082 9083 type http2writeSettings []http2Setting 9084 9085 func (s http2writeSettings) staysWithinBuffer(max int) bool { 9086 const settingSize = 6 // uint16 + uint32 9087 return http2frameHeaderLen+settingSize*len(s) <= max 9088 9089 } 9090 9091 func (s http2writeSettings) writeFrame(ctx http2writeContext) error { 9092 return ctx.Framer().WriteSettings([]http2Setting(s)...) 9093 } 9094 9095 type http2writeGoAway struct { 9096 maxStreamID uint32 9097 code http2ErrCode 9098 } 9099 9100 func (p *http2writeGoAway) writeFrame(ctx http2writeContext) error { 9101 err := ctx.Framer().WriteGoAway(p.maxStreamID, p.code, nil) 9102 ctx.Flush() // ignore error: we're hanging up on them anyway 9103 return err 9104 } 9105 9106 func (*http2writeGoAway) staysWithinBuffer(max int) bool { return false } // flushes 9107 9108 type http2writeData struct { 9109 streamID uint32 9110 p []byte 9111 endStream bool 9112 } 9113 9114 func (w *http2writeData) String() string { 9115 return fmt.Sprintf("writeData(stream=%d, p=%d, endStream=%v)", w.streamID, len(w.p), w.endStream) 9116 } 9117 9118 func (w *http2writeData) writeFrame(ctx http2writeContext) error { 9119 return ctx.Framer().WriteData(w.streamID, w.endStream, w.p) 9120 } 9121 9122 func (w *http2writeData) staysWithinBuffer(max int) bool { 9123 return http2frameHeaderLen+len(w.p) <= max 9124 } 9125 9126 // handlerPanicRST is the message sent from handler goroutines when 9127 // the handler panics. 9128 type http2handlerPanicRST struct { 9129 StreamID uint32 9130 } 9131 9132 func (hp http2handlerPanicRST) writeFrame(ctx http2writeContext) error { 9133 return ctx.Framer().WriteRSTStream(hp.StreamID, http2ErrCodeInternal) 9134 } 9135 9136 func (hp http2handlerPanicRST) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max } 9137 9138 func (se http2StreamError) writeFrame(ctx http2writeContext) error { 9139 return ctx.Framer().WriteRSTStream(se.StreamID, se.Code) 9140 } 9141 9142 func (se http2StreamError) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max } 9143 9144 type http2writePingAck struct{ pf *http2PingFrame } 9145 9146 func (w http2writePingAck) writeFrame(ctx http2writeContext) error { 9147 return ctx.Framer().WritePing(true, w.pf.Data) 9148 } 9149 9150 func (w http2writePingAck) staysWithinBuffer(max int) bool { 9151 return http2frameHeaderLen+len(w.pf.Data) <= max 9152 } 9153 9154 type http2writeSettingsAck struct{} 9155 9156 func (http2writeSettingsAck) writeFrame(ctx http2writeContext) error { 9157 return ctx.Framer().WriteSettingsAck() 9158 } 9159 9160 func (http2writeSettingsAck) staysWithinBuffer(max int) bool { return http2frameHeaderLen <= max } 9161 9162 // splitHeaderBlock splits headerBlock into fragments so that each fragment fits 9163 // in a single frame, then calls fn for each fragment. firstFrag/lastFrag are true 9164 // for the first/last fragment, respectively. 9165 func http2splitHeaderBlock(ctx http2writeContext, headerBlock []byte, fn func(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error) error { 9166 // For now we're lazy and just pick the minimum MAX_FRAME_SIZE 9167 // that all peers must support (16KB). Later we could care 9168 // more and send larger frames if the peer advertised it, but 9169 // there's little point. Most headers are small anyway (so we 9170 // generally won't have CONTINUATION frames), and extra frames 9171 // only waste 9 bytes anyway. 9172 const maxFrameSize = 16384 9173 9174 first := true 9175 for len(headerBlock) > 0 { 9176 frag := headerBlock 9177 if len(frag) > maxFrameSize { 9178 frag = frag[:maxFrameSize] 9179 } 9180 headerBlock = headerBlock[len(frag):] 9181 if err := fn(ctx, frag, first, len(headerBlock) == 0); err != nil { 9182 return err 9183 } 9184 first = false 9185 } 9186 return nil 9187 } 9188 9189 // writeResHeaders is a request to write a HEADERS and 0+ CONTINUATION frames 9190 // for HTTP response headers or trailers from a server handler. 9191 type http2writeResHeaders struct { 9192 streamID uint32 9193 httpResCode int // 0 means no ":status" line 9194 h Header // may be nil 9195 trailers []string // if non-nil, which keys of h to write. nil means all. 9196 endStream bool 9197 9198 date string 9199 contentType string 9200 contentLength string 9201 } 9202 9203 func http2encKV(enc *hpack.Encoder, k, v string) { 9204 if http2VerboseLogs { 9205 log.Printf("http2: server encoding header %q = %q", k, v) 9206 } 9207 enc.WriteField(hpack.HeaderField{Name: k, Value: v}) 9208 } 9209 9210 func (w *http2writeResHeaders) staysWithinBuffer(max int) bool { 9211 // TODO: this is a common one. It'd be nice to return true 9212 // here and get into the fast path if we could be clever and 9213 // calculate the size fast enough, or at least a conservative 9214 // upper bound that usually fires. (Maybe if w.h and 9215 // w.trailers are nil, so we don't need to enumerate it.) 9216 // Otherwise I'm afraid that just calculating the length to 9217 // answer this question would be slower than the ~2µs benefit. 9218 return false 9219 } 9220 9221 func (w *http2writeResHeaders) writeFrame(ctx http2writeContext) error { 9222 enc, buf := ctx.HeaderEncoder() 9223 buf.Reset() 9224 9225 if w.httpResCode != 0 { 9226 http2encKV(enc, ":status", http2httpCodeString(w.httpResCode)) 9227 } 9228 9229 http2encodeHeaders(enc, w.h, w.trailers) 9230 9231 if w.contentType != "" { 9232 http2encKV(enc, "content-type", w.contentType) 9233 } 9234 if w.contentLength != "" { 9235 http2encKV(enc, "content-length", w.contentLength) 9236 } 9237 if w.date != "" { 9238 http2encKV(enc, "date", w.date) 9239 } 9240 9241 headerBlock := buf.Bytes() 9242 if len(headerBlock) == 0 && w.trailers == nil { 9243 panic("unexpected empty hpack") 9244 } 9245 9246 return http2splitHeaderBlock(ctx, headerBlock, w.writeHeaderBlock) 9247 } 9248 9249 func (w *http2writeResHeaders) writeHeaderBlock(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error { 9250 if firstFrag { 9251 return ctx.Framer().WriteHeaders(http2HeadersFrameParam{ 9252 StreamID: w.streamID, 9253 BlockFragment: frag, 9254 EndStream: w.endStream, 9255 EndHeaders: lastFrag, 9256 }) 9257 } else { 9258 return ctx.Framer().WriteContinuation(w.streamID, lastFrag, frag) 9259 } 9260 } 9261 9262 // writePushPromise is a request to write a PUSH_PROMISE and 0+ CONTINUATION frames. 9263 type http2writePushPromise struct { 9264 streamID uint32 // pusher stream 9265 method string // for :method 9266 url *url.URL // for :scheme, :authority, :path 9267 h Header 9268 9269 // Creates an ID for a pushed stream. This runs on serveG just before 9270 // the frame is written. The returned ID is copied to promisedID. 9271 allocatePromisedID func() (uint32, error) 9272 promisedID uint32 9273 } 9274 9275 func (w *http2writePushPromise) staysWithinBuffer(max int) bool { 9276 // TODO: see writeResHeaders.staysWithinBuffer 9277 return false 9278 } 9279 9280 func (w *http2writePushPromise) writeFrame(ctx http2writeContext) error { 9281 enc, buf := ctx.HeaderEncoder() 9282 buf.Reset() 9283 9284 http2encKV(enc, ":method", w.method) 9285 http2encKV(enc, ":scheme", w.url.Scheme) 9286 http2encKV(enc, ":authority", w.url.Host) 9287 http2encKV(enc, ":path", w.url.RequestURI()) 9288 http2encodeHeaders(enc, w.h, nil) 9289 9290 headerBlock := buf.Bytes() 9291 if len(headerBlock) == 0 { 9292 panic("unexpected empty hpack") 9293 } 9294 9295 return http2splitHeaderBlock(ctx, headerBlock, w.writeHeaderBlock) 9296 } 9297 9298 func (w *http2writePushPromise) writeHeaderBlock(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error { 9299 if firstFrag { 9300 return ctx.Framer().WritePushPromise(http2PushPromiseParam{ 9301 StreamID: w.streamID, 9302 PromiseID: w.promisedID, 9303 BlockFragment: frag, 9304 EndHeaders: lastFrag, 9305 }) 9306 } else { 9307 return ctx.Framer().WriteContinuation(w.streamID, lastFrag, frag) 9308 } 9309 } 9310 9311 type http2write100ContinueHeadersFrame struct { 9312 streamID uint32 9313 } 9314 9315 func (w http2write100ContinueHeadersFrame) writeFrame(ctx http2writeContext) error { 9316 enc, buf := ctx.HeaderEncoder() 9317 buf.Reset() 9318 http2encKV(enc, ":status", "100") 9319 return ctx.Framer().WriteHeaders(http2HeadersFrameParam{ 9320 StreamID: w.streamID, 9321 BlockFragment: buf.Bytes(), 9322 EndStream: false, 9323 EndHeaders: true, 9324 }) 9325 } 9326 9327 func (w http2write100ContinueHeadersFrame) staysWithinBuffer(max int) bool { 9328 // Sloppy but conservative: 9329 return 9+2*(len(":status")+len("100")) <= max 9330 } 9331 9332 type http2writeWindowUpdate struct { 9333 streamID uint32 // or 0 for conn-level 9334 n uint32 9335 } 9336 9337 func (wu http2writeWindowUpdate) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max } 9338 9339 func (wu http2writeWindowUpdate) writeFrame(ctx http2writeContext) error { 9340 return ctx.Framer().WriteWindowUpdate(wu.streamID, wu.n) 9341 } 9342 9343 // encodeHeaders encodes an http.Header. If keys is not nil, then (k, h[k]) 9344 // is encoded only if k is in keys. 9345 func http2encodeHeaders(enc *hpack.Encoder, h Header, keys []string) { 9346 if keys == nil { 9347 sorter := http2sorterPool.Get().(*http2sorter) 9348 // Using defer here, since the returned keys from the 9349 // sorter.Keys method is only valid until the sorter 9350 // is returned: 9351 defer http2sorterPool.Put(sorter) 9352 keys = sorter.Keys(h) 9353 } 9354 for _, k := range keys { 9355 vv := h[k] 9356 k = http2lowerHeader(k) 9357 if !http2validWireHeaderFieldName(k) { 9358 // Skip it as backup paranoia. Per 9359 // golang.org/issue/14048, these should 9360 // already be rejected at a higher level. 9361 continue 9362 } 9363 isTE := k == "transfer-encoding" 9364 for _, v := range vv { 9365 if !httpguts.ValidHeaderFieldValue(v) { 9366 // TODO: return an error? golang.org/issue/14048 9367 // For now just omit it. 9368 continue 9369 } 9370 // TODO: more of "8.1.2.2 Connection-Specific Header Fields" 9371 if isTE && v != "trailers" { 9372 continue 9373 } 9374 http2encKV(enc, k, v) 9375 } 9376 } 9377 } 9378 9379 // WriteScheduler is the interface implemented by HTTP/2 write schedulers. 9380 // Methods are never called concurrently. 9381 type http2WriteScheduler interface { 9382 // OpenStream opens a new stream in the write scheduler. 9383 // It is illegal to call this with streamID=0 or with a streamID that is 9384 // already open -- the call may panic. 9385 OpenStream(streamID uint32, options http2OpenStreamOptions) 9386 9387 // CloseStream closes a stream in the write scheduler. Any frames queued on 9388 // this stream should be discarded. It is illegal to call this on a stream 9389 // that is not open -- the call may panic. 9390 CloseStream(streamID uint32) 9391 9392 // AdjustStream adjusts the priority of the given stream. This may be called 9393 // on a stream that has not yet been opened or has been closed. Note that 9394 // RFC 7540 allows PRIORITY frames to be sent on streams in any state. See: 9395 // https://tools.ietf.org/html/rfc7540#section-5.1 9396 AdjustStream(streamID uint32, priority http2PriorityParam) 9397 9398 // Push queues a frame in the scheduler. In most cases, this will not be 9399 // called with wr.StreamID()!=0 unless that stream is currently open. The one 9400 // exception is RST_STREAM frames, which may be sent on idle or closed streams. 9401 Push(wr http2FrameWriteRequest) 9402 9403 // Pop dequeues the next frame to write. Returns false if no frames can 9404 // be written. Frames with a given wr.StreamID() are Pop'd in the same 9405 // order they are Push'd. 9406 Pop() (wr http2FrameWriteRequest, ok bool) 9407 } 9408 9409 // OpenStreamOptions specifies extra options for WriteScheduler.OpenStream. 9410 type http2OpenStreamOptions struct { 9411 // PusherID is zero if the stream was initiated by the client. Otherwise, 9412 // PusherID names the stream that pushed the newly opened stream. 9413 PusherID uint32 9414 } 9415 9416 // FrameWriteRequest is a request to write a frame. 9417 type http2FrameWriteRequest struct { 9418 // write is the interface value that does the writing, once the 9419 // WriteScheduler has selected this frame to write. The write 9420 // functions are all defined in write.go. 9421 write http2writeFramer 9422 9423 // stream is the stream on which this frame will be written. 9424 // nil for non-stream frames like PING and SETTINGS. 9425 stream *http2stream 9426 9427 // done, if non-nil, must be a buffered channel with space for 9428 // 1 message and is sent the return value from write (or an 9429 // earlier error) when the frame has been written. 9430 done chan error 9431 } 9432 9433 // StreamID returns the id of the stream this frame will be written to. 9434 // 0 is used for non-stream frames such as PING and SETTINGS. 9435 func (wr http2FrameWriteRequest) StreamID() uint32 { 9436 if wr.stream == nil { 9437 if se, ok := wr.write.(http2StreamError); ok { 9438 // (*serverConn).resetStream doesn't set 9439 // stream because it doesn't necessarily have 9440 // one. So special case this type of write 9441 // message. 9442 return se.StreamID 9443 } 9444 return 0 9445 } 9446 return wr.stream.id 9447 } 9448 9449 // DataSize returns the number of flow control bytes that must be consumed 9450 // to write this entire frame. This is 0 for non-DATA frames. 9451 func (wr http2FrameWriteRequest) DataSize() int { 9452 if wd, ok := wr.write.(*http2writeData); ok { 9453 return len(wd.p) 9454 } 9455 return 0 9456 } 9457 9458 // Consume consumes min(n, available) bytes from this frame, where available 9459 // is the number of flow control bytes available on the stream. Consume returns 9460 // 0, 1, or 2 frames, where the integer return value gives the number of frames 9461 // returned. 9462 // 9463 // If flow control prevents consuming any bytes, this returns (_, _, 0). If 9464 // the entire frame was consumed, this returns (wr, _, 1). Otherwise, this 9465 // returns (consumed, rest, 2), where 'consumed' contains the consumed bytes and 9466 // 'rest' contains the remaining bytes. The consumed bytes are deducted from the 9467 // underlying stream's flow control budget. 9468 func (wr http2FrameWriteRequest) Consume(n int32) (http2FrameWriteRequest, http2FrameWriteRequest, int) { 9469 var empty http2FrameWriteRequest 9470 9471 // Non-DATA frames are always consumed whole. 9472 wd, ok := wr.write.(*http2writeData) 9473 if !ok || len(wd.p) == 0 { 9474 return wr, empty, 1 9475 } 9476 9477 // Might need to split after applying limits. 9478 allowed := wr.stream.flow.available() 9479 if n < allowed { 9480 allowed = n 9481 } 9482 if wr.stream.sc.maxFrameSize < allowed { 9483 allowed = wr.stream.sc.maxFrameSize 9484 } 9485 if allowed <= 0 { 9486 return empty, empty, 0 9487 } 9488 if len(wd.p) > int(allowed) { 9489 wr.stream.flow.take(allowed) 9490 consumed := http2FrameWriteRequest{ 9491 stream: wr.stream, 9492 write: &http2writeData{ 9493 streamID: wd.streamID, 9494 p: wd.p[:allowed], 9495 // Even if the original had endStream set, there 9496 // are bytes remaining because len(wd.p) > allowed, 9497 // so we know endStream is false. 9498 endStream: false, 9499 }, 9500 // Our caller is blocking on the final DATA frame, not 9501 // this intermediate frame, so no need to wait. 9502 done: nil, 9503 } 9504 rest := http2FrameWriteRequest{ 9505 stream: wr.stream, 9506 write: &http2writeData{ 9507 streamID: wd.streamID, 9508 p: wd.p[allowed:], 9509 endStream: wd.endStream, 9510 }, 9511 done: wr.done, 9512 } 9513 return consumed, rest, 2 9514 } 9515 9516 // The frame is consumed whole. 9517 // NB: This cast cannot overflow because allowed is <= math.MaxInt32. 9518 wr.stream.flow.take(int32(len(wd.p))) 9519 return wr, empty, 1 9520 } 9521 9522 // String is for debugging only. 9523 func (wr http2FrameWriteRequest) String() string { 9524 var des string 9525 if s, ok := wr.write.(fmt.Stringer); ok { 9526 des = s.String() 9527 } else { 9528 des = fmt.Sprintf("%T", wr.write) 9529 } 9530 return fmt.Sprintf("[FrameWriteRequest stream=%d, ch=%v, writer=%v]", wr.StreamID(), wr.done != nil, des) 9531 } 9532 9533 // replyToWriter sends err to wr.done and panics if the send must block 9534 // This does nothing if wr.done is nil. 9535 func (wr *http2FrameWriteRequest) replyToWriter(err error) { 9536 if wr.done == nil { 9537 return 9538 } 9539 select { 9540 case wr.done <- err: 9541 default: 9542 panic(fmt.Sprintf("unbuffered done channel passed in for type %T", wr.write)) 9543 } 9544 wr.write = nil // prevent use (assume it's tainted after wr.done send) 9545 } 9546 9547 // writeQueue is used by implementations of WriteScheduler. 9548 type http2writeQueue struct { 9549 s []http2FrameWriteRequest 9550 } 9551 9552 func (q *http2writeQueue) empty() bool { return len(q.s) == 0 } 9553 9554 func (q *http2writeQueue) push(wr http2FrameWriteRequest) { 9555 q.s = append(q.s, wr) 9556 } 9557 9558 func (q *http2writeQueue) shift() http2FrameWriteRequest { 9559 if len(q.s) == 0 { 9560 panic("invalid use of queue") 9561 } 9562 wr := q.s[0] 9563 // TODO: less copy-happy queue. 9564 copy(q.s, q.s[1:]) 9565 q.s[len(q.s)-1] = http2FrameWriteRequest{} 9566 q.s = q.s[:len(q.s)-1] 9567 return wr 9568 } 9569 9570 // consume consumes up to n bytes from q.s[0]. If the frame is 9571 // entirely consumed, it is removed from the queue. If the frame 9572 // is partially consumed, the frame is kept with the consumed 9573 // bytes removed. Returns true iff any bytes were consumed. 9574 func (q *http2writeQueue) consume(n int32) (http2FrameWriteRequest, bool) { 9575 if len(q.s) == 0 { 9576 return http2FrameWriteRequest{}, false 9577 } 9578 consumed, rest, numresult := q.s[0].Consume(n) 9579 switch numresult { 9580 case 0: 9581 return http2FrameWriteRequest{}, false 9582 case 1: 9583 q.shift() 9584 case 2: 9585 q.s[0] = rest 9586 } 9587 return consumed, true 9588 } 9589 9590 type http2writeQueuePool []*http2writeQueue 9591 9592 // put inserts an unused writeQueue into the pool. 9593 9594 // put inserts an unused writeQueue into the pool. 9595 func (p *http2writeQueuePool) put(q *http2writeQueue) { 9596 for i := range q.s { 9597 q.s[i] = http2FrameWriteRequest{} 9598 } 9599 q.s = q.s[:0] 9600 *p = append(*p, q) 9601 } 9602 9603 // get returns an empty writeQueue. 9604 func (p *http2writeQueuePool) get() *http2writeQueue { 9605 ln := len(*p) 9606 if ln == 0 { 9607 return new(http2writeQueue) 9608 } 9609 x := ln - 1 9610 q := (*p)[x] 9611 (*p)[x] = nil 9612 *p = (*p)[:x] 9613 return q 9614 } 9615 9616 // RFC 7540, Section 5.3.5: the default weight is 16. 9617 const http2priorityDefaultWeight = 15 // 16 = 15 + 1 9618 9619 // PriorityWriteSchedulerConfig configures a priorityWriteScheduler. 9620 type http2PriorityWriteSchedulerConfig struct { 9621 // MaxClosedNodesInTree controls the maximum number of closed streams to 9622 // retain in the priority tree. Setting this to zero saves a small amount 9623 // of memory at the cost of performance. 9624 // 9625 // See RFC 7540, Section 5.3.4: 9626 // "It is possible for a stream to become closed while prioritization 9627 // information ... is in transit. ... This potentially creates suboptimal 9628 // prioritization, since the stream could be given a priority that is 9629 // different from what is intended. To avoid these problems, an endpoint 9630 // SHOULD retain stream prioritization state for a period after streams 9631 // become closed. The longer state is retained, the lower the chance that 9632 // streams are assigned incorrect or default priority values." 9633 MaxClosedNodesInTree int 9634 9635 // MaxIdleNodesInTree controls the maximum number of idle streams to 9636 // retain in the priority tree. Setting this to zero saves a small amount 9637 // of memory at the cost of performance. 9638 // 9639 // See RFC 7540, Section 5.3.4: 9640 // Similarly, streams that are in the "idle" state can be assigned 9641 // priority or become a parent of other streams. This allows for the 9642 // creation of a grouping node in the dependency tree, which enables 9643 // more flexible expressions of priority. Idle streams begin with a 9644 // default priority (Section 5.3.5). 9645 MaxIdleNodesInTree int 9646 9647 // ThrottleOutOfOrderWrites enables write throttling to help ensure that 9648 // data is delivered in priority order. This works around a race where 9649 // stream B depends on stream A and both streams are about to call Write 9650 // to queue DATA frames. If B wins the race, a naive scheduler would eagerly 9651 // write as much data from B as possible, but this is suboptimal because A 9652 // is a higher-priority stream. With throttling enabled, we write a small 9653 // amount of data from B to minimize the amount of bandwidth that B can 9654 // steal from A. 9655 ThrottleOutOfOrderWrites bool 9656 } 9657 9658 // NewPriorityWriteScheduler constructs a WriteScheduler that schedules 9659 // frames by following HTTP/2 priorities as described in RFC 7540 Section 5.3. 9660 // If cfg is nil, default options are used. 9661 func http2NewPriorityWriteScheduler(cfg *http2PriorityWriteSchedulerConfig) http2WriteScheduler { 9662 if cfg == nil { 9663 // For justification of these defaults, see: 9664 // https://docs.google.com/document/d/1oLhNg1skaWD4_DtaoCxdSRN5erEXrH-KnLrMwEpOtFY 9665 cfg = &http2PriorityWriteSchedulerConfig{ 9666 MaxClosedNodesInTree: 10, 9667 MaxIdleNodesInTree: 10, 9668 ThrottleOutOfOrderWrites: false, 9669 } 9670 } 9671 9672 ws := &http2priorityWriteScheduler{ 9673 nodes: make(map[uint32]*http2priorityNode), 9674 maxClosedNodesInTree: cfg.MaxClosedNodesInTree, 9675 maxIdleNodesInTree: cfg.MaxIdleNodesInTree, 9676 enableWriteThrottle: cfg.ThrottleOutOfOrderWrites, 9677 } 9678 ws.nodes[0] = &ws.root 9679 if cfg.ThrottleOutOfOrderWrites { 9680 ws.writeThrottleLimit = 1024 9681 } else { 9682 ws.writeThrottleLimit = math.MaxInt32 9683 } 9684 return ws 9685 } 9686 9687 type http2priorityNodeState int 9688 9689 const ( 9690 http2priorityNodeOpen http2priorityNodeState = iota 9691 http2priorityNodeClosed 9692 http2priorityNodeIdle 9693 ) 9694 9695 // priorityNode is a node in an HTTP/2 priority tree. 9696 // Each node is associated with a single stream ID. 9697 // See RFC 7540, Section 5.3. 9698 type http2priorityNode struct { 9699 q http2writeQueue // queue of pending frames to write 9700 id uint32 // id of the stream, or 0 for the root of the tree 9701 weight uint8 // the actual weight is weight+1, so the value is in [1,256] 9702 state http2priorityNodeState // open | closed | idle 9703 bytes int64 // number of bytes written by this node, or 0 if closed 9704 subtreeBytes int64 // sum(node.bytes) of all nodes in this subtree 9705 9706 // These links form the priority tree. 9707 parent *http2priorityNode 9708 kids *http2priorityNode // start of the kids list 9709 prev, next *http2priorityNode // doubly-linked list of siblings 9710 } 9711 9712 func (n *http2priorityNode) setParent(parent *http2priorityNode) { 9713 if n == parent { 9714 panic("setParent to self") 9715 } 9716 if n.parent == parent { 9717 return 9718 } 9719 // Unlink from current parent. 9720 if parent := n.parent; parent != nil { 9721 if n.prev == nil { 9722 parent.kids = n.next 9723 } else { 9724 n.prev.next = n.next 9725 } 9726 if n.next != nil { 9727 n.next.prev = n.prev 9728 } 9729 } 9730 // Link to new parent. 9731 // If parent=nil, remove n from the tree. 9732 // Always insert at the head of parent.kids (this is assumed by walkReadyInOrder). 9733 n.parent = parent 9734 if parent == nil { 9735 n.next = nil 9736 n.prev = nil 9737 } else { 9738 n.next = parent.kids 9739 n.prev = nil 9740 if n.next != nil { 9741 n.next.prev = n 9742 } 9743 parent.kids = n 9744 } 9745 } 9746 9747 func (n *http2priorityNode) addBytes(b int64) { 9748 n.bytes += b 9749 for ; n != nil; n = n.parent { 9750 n.subtreeBytes += b 9751 } 9752 } 9753 9754 // walkReadyInOrder iterates over the tree in priority order, calling f for each node 9755 // with a non-empty write queue. When f returns true, this funcion returns true and the 9756 // walk halts. tmp is used as scratch space for sorting. 9757 // 9758 // f(n, openParent) takes two arguments: the node to visit, n, and a bool that is true 9759 // if any ancestor p of n is still open (ignoring the root node). 9760 func (n *http2priorityNode) walkReadyInOrder(openParent bool, tmp *[]*http2priorityNode, f func(*http2priorityNode, bool) bool) bool { 9761 if !n.q.empty() && f(n, openParent) { 9762 return true 9763 } 9764 if n.kids == nil { 9765 return false 9766 } 9767 9768 // Don't consider the root "open" when updating openParent since 9769 // we can't send data frames on the root stream (only control frames). 9770 if n.id != 0 { 9771 openParent = openParent || (n.state == http2priorityNodeOpen) 9772 } 9773 9774 // Common case: only one kid or all kids have the same weight. 9775 // Some clients don't use weights; other clients (like web browsers) 9776 // use mostly-linear priority trees. 9777 w := n.kids.weight 9778 needSort := false 9779 for k := n.kids.next; k != nil; k = k.next { 9780 if k.weight != w { 9781 needSort = true 9782 break 9783 } 9784 } 9785 if !needSort { 9786 for k := n.kids; k != nil; k = k.next { 9787 if k.walkReadyInOrder(openParent, tmp, f) { 9788 return true 9789 } 9790 } 9791 return false 9792 } 9793 9794 // Uncommon case: sort the child nodes. We remove the kids from the parent, 9795 // then re-insert after sorting so we can reuse tmp for future sort calls. 9796 *tmp = (*tmp)[:0] 9797 for n.kids != nil { 9798 *tmp = append(*tmp, n.kids) 9799 n.kids.setParent(nil) 9800 } 9801 sort.Sort(http2sortPriorityNodeSiblings(*tmp)) 9802 for i := len(*tmp) - 1; i >= 0; i-- { 9803 (*tmp)[i].setParent(n) // setParent inserts at the head of n.kids 9804 } 9805 for k := n.kids; k != nil; k = k.next { 9806 if k.walkReadyInOrder(openParent, tmp, f) { 9807 return true 9808 } 9809 } 9810 return false 9811 } 9812 9813 type http2sortPriorityNodeSiblings []*http2priorityNode 9814 9815 func (z http2sortPriorityNodeSiblings) Len() int { return len(z) } 9816 9817 func (z http2sortPriorityNodeSiblings) Swap(i, k int) { z[i], z[k] = z[k], z[i] } 9818 9819 func (z http2sortPriorityNodeSiblings) Less(i, k int) bool { 9820 // Prefer the subtree that has sent fewer bytes relative to its weight. 9821 // See sections 5.3.2 and 5.3.4. 9822 wi, bi := float64(z[i].weight+1), float64(z[i].subtreeBytes) 9823 wk, bk := float64(z[k].weight+1), float64(z[k].subtreeBytes) 9824 if bi == 0 && bk == 0 { 9825 return wi >= wk 9826 } 9827 if bk == 0 { 9828 return false 9829 } 9830 return bi/bk <= wi/wk 9831 } 9832 9833 type http2priorityWriteScheduler struct { 9834 // root is the root of the priority tree, where root.id = 0. 9835 // The root queues control frames that are not associated with any stream. 9836 root http2priorityNode 9837 9838 // nodes maps stream ids to priority tree nodes. 9839 nodes map[uint32]*http2priorityNode 9840 9841 // maxID is the maximum stream id in nodes. 9842 maxID uint32 9843 9844 // lists of nodes that have been closed or are idle, but are kept in 9845 // the tree for improved prioritization. When the lengths exceed either 9846 // maxClosedNodesInTree or maxIdleNodesInTree, old nodes are discarded. 9847 closedNodes, idleNodes []*http2priorityNode 9848 9849 // From the config. 9850 maxClosedNodesInTree int 9851 maxIdleNodesInTree int 9852 writeThrottleLimit int32 9853 enableWriteThrottle bool 9854 9855 // tmp is scratch space for priorityNode.walkReadyInOrder to reduce allocations. 9856 tmp []*http2priorityNode 9857 9858 // pool of empty queues for reuse. 9859 queuePool http2writeQueuePool 9860 } 9861 9862 func (ws *http2priorityWriteScheduler) OpenStream(streamID uint32, options http2OpenStreamOptions) { 9863 // The stream may be currently idle but cannot be opened or closed. 9864 if curr := ws.nodes[streamID]; curr != nil { 9865 if curr.state != http2priorityNodeIdle { 9866 panic(fmt.Sprintf("stream %d already opened", streamID)) 9867 } 9868 curr.state = http2priorityNodeOpen 9869 return 9870 } 9871 9872 // RFC 7540, Section 5.3.5: 9873 // "All streams are initially assigned a non-exclusive dependency on stream 0x0. 9874 // Pushed streams initially depend on their associated stream. In both cases, 9875 // streams are assigned a default weight of 16." 9876 parent := ws.nodes[options.PusherID] 9877 if parent == nil { 9878 parent = &ws.root 9879 } 9880 n := &http2priorityNode{ 9881 q: *ws.queuePool.get(), 9882 id: streamID, 9883 weight: http2priorityDefaultWeight, 9884 state: http2priorityNodeOpen, 9885 } 9886 n.setParent(parent) 9887 ws.nodes[streamID] = n 9888 if streamID > ws.maxID { 9889 ws.maxID = streamID 9890 } 9891 } 9892 9893 func (ws *http2priorityWriteScheduler) CloseStream(streamID uint32) { 9894 if streamID == 0 { 9895 panic("violation of WriteScheduler interface: cannot close stream 0") 9896 } 9897 if ws.nodes[streamID] == nil { 9898 panic(fmt.Sprintf("violation of WriteScheduler interface: unknown stream %d", streamID)) 9899 } 9900 if ws.nodes[streamID].state != http2priorityNodeOpen { 9901 panic(fmt.Sprintf("violation of WriteScheduler interface: stream %d already closed", streamID)) 9902 } 9903 9904 n := ws.nodes[streamID] 9905 n.state = http2priorityNodeClosed 9906 n.addBytes(-n.bytes) 9907 9908 q := n.q 9909 ws.queuePool.put(&q) 9910 n.q.s = nil 9911 if ws.maxClosedNodesInTree > 0 { 9912 ws.addClosedOrIdleNode(&ws.closedNodes, ws.maxClosedNodesInTree, n) 9913 } else { 9914 ws.removeNode(n) 9915 } 9916 } 9917 9918 func (ws *http2priorityWriteScheduler) AdjustStream(streamID uint32, priority http2PriorityParam) { 9919 if streamID == 0 { 9920 panic("adjustPriority on root") 9921 } 9922 9923 // If streamID does not exist, there are two cases: 9924 // - A closed stream that has been removed (this will have ID <= maxID) 9925 // - An idle stream that is being used for "grouping" (this will have ID > maxID) 9926 n := ws.nodes[streamID] 9927 if n == nil { 9928 if streamID <= ws.maxID || ws.maxIdleNodesInTree == 0 { 9929 return 9930 } 9931 ws.maxID = streamID 9932 n = &http2priorityNode{ 9933 q: *ws.queuePool.get(), 9934 id: streamID, 9935 weight: http2priorityDefaultWeight, 9936 state: http2priorityNodeIdle, 9937 } 9938 n.setParent(&ws.root) 9939 ws.nodes[streamID] = n 9940 ws.addClosedOrIdleNode(&ws.idleNodes, ws.maxIdleNodesInTree, n) 9941 } 9942 9943 // Section 5.3.1: A dependency on a stream that is not currently in the tree 9944 // results in that stream being given a default priority (Section 5.3.5). 9945 parent := ws.nodes[priority.StreamDep] 9946 if parent == nil { 9947 n.setParent(&ws.root) 9948 n.weight = http2priorityDefaultWeight 9949 return 9950 } 9951 9952 // Ignore if the client tries to make a node its own parent. 9953 if n == parent { 9954 return 9955 } 9956 9957 // Section 5.3.3: 9958 // "If a stream is made dependent on one of its own dependencies, the 9959 // formerly dependent stream is first moved to be dependent on the 9960 // reprioritized stream's previous parent. The moved dependency retains 9961 // its weight." 9962 // 9963 // That is: if parent depends on n, move parent to depend on n.parent. 9964 for x := parent.parent; x != nil; x = x.parent { 9965 if x == n { 9966 parent.setParent(n.parent) 9967 break 9968 } 9969 } 9970 9971 // Section 5.3.3: The exclusive flag causes the stream to become the sole 9972 // dependency of its parent stream, causing other dependencies to become 9973 // dependent on the exclusive stream. 9974 if priority.Exclusive { 9975 k := parent.kids 9976 for k != nil { 9977 next := k.next 9978 if k != n { 9979 k.setParent(n) 9980 } 9981 k = next 9982 } 9983 } 9984 9985 n.setParent(parent) 9986 n.weight = priority.Weight 9987 } 9988 9989 func (ws *http2priorityWriteScheduler) Push(wr http2FrameWriteRequest) { 9990 var n *http2priorityNode 9991 if id := wr.StreamID(); id == 0 { 9992 n = &ws.root 9993 } else { 9994 n = ws.nodes[id] 9995 if n == nil { 9996 // id is an idle or closed stream. wr should not be a HEADERS or 9997 // DATA frame. However, wr can be a RST_STREAM. In this case, we 9998 // push wr onto the root, rather than creating a new priorityNode, 9999 // since RST_STREAM is tiny and the stream's priority is unknown 10000 // anyway. See issue #17919. 10001 if wr.DataSize() > 0 { 10002 panic("add DATA on non-open stream") 10003 } 10004 n = &ws.root 10005 } 10006 } 10007 n.q.push(wr) 10008 } 10009 10010 func (ws *http2priorityWriteScheduler) Pop() (wr http2FrameWriteRequest, ok bool) { 10011 ws.root.walkReadyInOrder(false, &ws.tmp, func(n *http2priorityNode, openParent bool) bool { 10012 limit := int32(math.MaxInt32) 10013 if openParent { 10014 limit = ws.writeThrottleLimit 10015 } 10016 wr, ok = n.q.consume(limit) 10017 if !ok { 10018 return false 10019 } 10020 n.addBytes(int64(wr.DataSize())) 10021 // If B depends on A and B continuously has data available but A 10022 // does not, gradually increase the throttling limit to allow B to 10023 // steal more and more bandwidth from A. 10024 if openParent { 10025 ws.writeThrottleLimit += 1024 10026 if ws.writeThrottleLimit < 0 { 10027 ws.writeThrottleLimit = math.MaxInt32 10028 } 10029 } else if ws.enableWriteThrottle { 10030 ws.writeThrottleLimit = 1024 10031 } 10032 return true 10033 }) 10034 return wr, ok 10035 } 10036 10037 func (ws *http2priorityWriteScheduler) addClosedOrIdleNode(list *[]*http2priorityNode, maxSize int, n *http2priorityNode) { 10038 if maxSize == 0 { 10039 return 10040 } 10041 if len(*list) == maxSize { 10042 // Remove the oldest node, then shift left. 10043 ws.removeNode((*list)[0]) 10044 x := (*list)[1:] 10045 copy(*list, x) 10046 *list = (*list)[:len(x)] 10047 } 10048 *list = append(*list, n) 10049 } 10050 10051 func (ws *http2priorityWriteScheduler) removeNode(n *http2priorityNode) { 10052 for k := n.kids; k != nil; k = k.next { 10053 k.setParent(n.parent) 10054 } 10055 n.setParent(nil) 10056 delete(ws.nodes, n.id) 10057 } 10058 10059 // NewRandomWriteScheduler constructs a WriteScheduler that ignores HTTP/2 10060 // priorities. Control frames like SETTINGS and PING are written before DATA 10061 // frames, but if no control frames are queued and multiple streams have queued 10062 // HEADERS or DATA frames, Pop selects a ready stream arbitrarily. 10063 func http2NewRandomWriteScheduler() http2WriteScheduler { 10064 return &http2randomWriteScheduler{sq: make(map[uint32]*http2writeQueue)} 10065 } 10066 10067 type http2randomWriteScheduler struct { 10068 // zero are frames not associated with a specific stream. 10069 zero http2writeQueue 10070 10071 // sq contains the stream-specific queues, keyed by stream ID. 10072 // When a stream is idle or closed, it's deleted from the map. 10073 sq map[uint32]*http2writeQueue 10074 10075 // pool of empty queues for reuse. 10076 queuePool http2writeQueuePool 10077 } 10078 10079 func (ws *http2randomWriteScheduler) OpenStream(streamID uint32, options http2OpenStreamOptions) { 10080 // no-op: idle streams are not tracked 10081 } 10082 10083 func (ws *http2randomWriteScheduler) CloseStream(streamID uint32) { 10084 q, ok := ws.sq[streamID] 10085 if !ok { 10086 return 10087 } 10088 delete(ws.sq, streamID) 10089 ws.queuePool.put(q) 10090 } 10091 10092 func (ws *http2randomWriteScheduler) AdjustStream(streamID uint32, priority http2PriorityParam) { 10093 // no-op: priorities are ignored 10094 } 10095 10096 func (ws *http2randomWriteScheduler) Push(wr http2FrameWriteRequest) { 10097 id := wr.StreamID() 10098 if id == 0 { 10099 ws.zero.push(wr) 10100 return 10101 } 10102 q, ok := ws.sq[id] 10103 if !ok { 10104 q = ws.queuePool.get() 10105 ws.sq[id] = q 10106 } 10107 q.push(wr) 10108 } 10109 10110 func (ws *http2randomWriteScheduler) Pop() (http2FrameWriteRequest, bool) { 10111 // Control frames first. 10112 if !ws.zero.empty() { 10113 return ws.zero.shift(), true 10114 } 10115 // Iterate over all non-idle streams until finding one that can be consumed. 10116 for _, q := range ws.sq { 10117 if wr, ok := q.consume(math.MaxInt32); ok { 10118 return wr, true 10119 } 10120 } 10121 return http2FrameWriteRequest{}, false 10122 }