...
Run Format

Source file src/net/http/transport.go

     1	// Copyright 2011 The Go Authors. All rights reserved.
     2	// Use of this source code is governed by a BSD-style
     3	// license that can be found in the LICENSE file.
     4	
     5	// HTTP client implementation. See RFC 2616.
     6	//
     7	// This is the low-level Transport implementation of RoundTripper.
     8	// The high-level interface is in client.go.
     9	
    10	package http
    11	
    12	import (
    13		"bufio"
    14		"compress/gzip"
    15		"crypto/tls"
    16		"errors"
    17		"fmt"
    18		"io"
    19		"log"
    20		"net"
    21		"net/url"
    22		"os"
    23		"strings"
    24		"sync"
    25		"time"
    26	)
    27	
    28	// DefaultTransport is the default implementation of Transport and is
    29	// used by DefaultClient. It establishes network connections as needed
    30	// and caches them for reuse by subsequent calls. It uses HTTP proxies
    31	// as directed by the $HTTP_PROXY and $NO_PROXY (or $http_proxy and
    32	// $no_proxy) environment variables.
    33	var DefaultTransport RoundTripper = &Transport{
    34		Proxy: ProxyFromEnvironment,
    35		Dial: (&net.Dialer{
    36			Timeout:   30 * time.Second,
    37			KeepAlive: 30 * time.Second,
    38		}).Dial,
    39		TLSHandshakeTimeout: 10 * time.Second,
    40	}
    41	
    42	// DefaultMaxIdleConnsPerHost is the default value of Transport's
    43	// MaxIdleConnsPerHost.
    44	const DefaultMaxIdleConnsPerHost = 2
    45	
    46	// Transport is an implementation of RoundTripper that supports HTTP,
    47	// HTTPS, and HTTP proxies (for either HTTP or HTTPS with CONNECT).
    48	// Transport can also cache connections for future re-use.
    49	type Transport struct {
    50		idleMu     sync.Mutex
    51		wantIdle   bool // user has requested to close all idle conns
    52		idleConn   map[connectMethodKey][]*persistConn
    53		idleConnCh map[connectMethodKey]chan *persistConn
    54	
    55		reqMu       sync.Mutex
    56		reqCanceler map[*Request]func()
    57	
    58		altMu    sync.RWMutex
    59		altProto map[string]RoundTripper // nil or map of URI scheme => RoundTripper
    60	
    61		// Proxy specifies a function to return a proxy for a given
    62		// Request. If the function returns a non-nil error, the
    63		// request is aborted with the provided error.
    64		// If Proxy is nil or returns a nil *URL, no proxy is used.
    65		Proxy func(*Request) (*url.URL, error)
    66	
    67		// Dial specifies the dial function for creating unencrypted
    68		// TCP connections.
    69		// If Dial is nil, net.Dial is used.
    70		Dial func(network, addr string) (net.Conn, error)
    71	
    72		// DialTLS specifies an optional dial function for creating
    73		// TLS connections for non-proxied HTTPS requests.
    74		//
    75		// If DialTLS is nil, Dial and TLSClientConfig are used.
    76		//
    77		// If DialTLS is set, the Dial hook is not used for HTTPS
    78		// requests and the TLSClientConfig and TLSHandshakeTimeout
    79		// are ignored. The returned net.Conn is assumed to already be
    80		// past the TLS handshake.
    81		DialTLS func(network, addr string) (net.Conn, error)
    82	
    83		// TLSClientConfig specifies the TLS configuration to use with
    84		// tls.Client. If nil, the default configuration is used.
    85		TLSClientConfig *tls.Config
    86	
    87		// TLSHandshakeTimeout specifies the maximum amount of time waiting to
    88		// wait for a TLS handshake. Zero means no timeout.
    89		TLSHandshakeTimeout time.Duration
    90	
    91		// DisableKeepAlives, if true, prevents re-use of TCP connections
    92		// between different HTTP requests.
    93		DisableKeepAlives bool
    94	
    95		// DisableCompression, if true, prevents the Transport from
    96		// requesting compression with an "Accept-Encoding: gzip"
    97		// request header when the Request contains no existing
    98		// Accept-Encoding value. If the Transport requests gzip on
    99		// its own and gets a gzipped response, it's transparently
   100		// decoded in the Response.Body. However, if the user
   101		// explicitly requested gzip it is not automatically
   102		// uncompressed.
   103		DisableCompression bool
   104	
   105		// MaxIdleConnsPerHost, if non-zero, controls the maximum idle
   106		// (keep-alive) to keep per-host.  If zero,
   107		// DefaultMaxIdleConnsPerHost is used.
   108		MaxIdleConnsPerHost int
   109	
   110		// ResponseHeaderTimeout, if non-zero, specifies the amount of
   111		// time to wait for a server's response headers after fully
   112		// writing the request (including its body, if any). This
   113		// time does not include the time to read the response body.
   114		ResponseHeaderTimeout time.Duration
   115	
   116		// TODO: tunable on global max cached connections
   117		// TODO: tunable on timeout on cached connections
   118	}
   119	
   120	// ProxyFromEnvironment returns the URL of the proxy to use for a
   121	// given request, as indicated by the environment variables
   122	// HTTP_PROXY, HTTPS_PROXY and NO_PROXY (or the lowercase versions
   123	// thereof). HTTPS_PROXY takes precedence over HTTP_PROXY for https
   124	// requests.
   125	//
   126	// The environment values may be either a complete URL or a
   127	// "host[:port]", in which case the "http" scheme is assumed.
   128	// An error is returned if the value is a different form.
   129	//
   130	// A nil URL and nil error are returned if no proxy is defined in the
   131	// environment, or a proxy should not be used for the given request,
   132	// as defined by NO_PROXY.
   133	//
   134	// As a special case, if req.URL.Host is "localhost" (with or without
   135	// a port number), then a nil URL and nil error will be returned.
   136	func ProxyFromEnvironment(req *Request) (*url.URL, error) {
   137		var proxy string
   138		if req.URL.Scheme == "https" {
   139			proxy = httpsProxyEnv.Get()
   140		}
   141		if proxy == "" {
   142			proxy = httpProxyEnv.Get()
   143		}
   144		if proxy == "" {
   145			return nil, nil
   146		}
   147		if !useProxy(canonicalAddr(req.URL)) {
   148			return nil, nil
   149		}
   150		proxyURL, err := url.Parse(proxy)
   151		if err != nil || !strings.HasPrefix(proxyURL.Scheme, "http") {
   152			// proxy was bogus. Try prepending "http://" to it and
   153			// see if that parses correctly. If not, we fall
   154			// through and complain about the original one.
   155			if proxyURL, err := url.Parse("http://" + proxy); err == nil {
   156				return proxyURL, nil
   157			}
   158		}
   159		if err != nil {
   160			return nil, fmt.Errorf("invalid proxy address %q: %v", proxy, err)
   161		}
   162		return proxyURL, nil
   163	}
   164	
   165	// ProxyURL returns a proxy function (for use in a Transport)
   166	// that always returns the same URL.
   167	func ProxyURL(fixedURL *url.URL) func(*Request) (*url.URL, error) {
   168		return func(*Request) (*url.URL, error) {
   169			return fixedURL, nil
   170		}
   171	}
   172	
   173	// transportRequest is a wrapper around a *Request that adds
   174	// optional extra headers to write.
   175	type transportRequest struct {
   176		*Request        // original request, not to be mutated
   177		extra    Header // extra headers to write, or nil
   178	}
   179	
   180	func (tr *transportRequest) extraHeaders() Header {
   181		if tr.extra == nil {
   182			tr.extra = make(Header)
   183		}
   184		return tr.extra
   185	}
   186	
   187	// RoundTrip implements the RoundTripper interface.
   188	//
   189	// For higher-level HTTP client support (such as handling of cookies
   190	// and redirects), see Get, Post, and the Client type.
   191	func (t *Transport) RoundTrip(req *Request) (resp *Response, err error) {
   192		if req.URL == nil {
   193			req.closeBody()
   194			return nil, errors.New("http: nil Request.URL")
   195		}
   196		if req.Header == nil {
   197			req.closeBody()
   198			return nil, errors.New("http: nil Request.Header")
   199		}
   200		if req.URL.Scheme != "http" && req.URL.Scheme != "https" {
   201			t.altMu.RLock()
   202			var rt RoundTripper
   203			if t.altProto != nil {
   204				rt = t.altProto[req.URL.Scheme]
   205			}
   206			t.altMu.RUnlock()
   207			if rt == nil {
   208				req.closeBody()
   209				return nil, &badStringError{"unsupported protocol scheme", req.URL.Scheme}
   210			}
   211			return rt.RoundTrip(req)
   212		}
   213		if req.URL.Host == "" {
   214			req.closeBody()
   215			return nil, errors.New("http: no Host in request URL")
   216		}
   217		treq := &transportRequest{Request: req}
   218		cm, err := t.connectMethodForRequest(treq)
   219		if err != nil {
   220			req.closeBody()
   221			return nil, err
   222		}
   223	
   224		// Get the cached or newly-created connection to either the
   225		// host (for http or https), the http proxy, or the http proxy
   226		// pre-CONNECTed to https server.  In any case, we'll be ready
   227		// to send it requests.
   228		pconn, err := t.getConn(req, cm)
   229		if err != nil {
   230			t.setReqCanceler(req, nil)
   231			req.closeBody()
   232			return nil, err
   233		}
   234	
   235		return pconn.roundTrip(treq)
   236	}
   237	
   238	// RegisterProtocol registers a new protocol with scheme.
   239	// The Transport will pass requests using the given scheme to rt.
   240	// It is rt's responsibility to simulate HTTP request semantics.
   241	//
   242	// RegisterProtocol can be used by other packages to provide
   243	// implementations of protocol schemes like "ftp" or "file".
   244	func (t *Transport) RegisterProtocol(scheme string, rt RoundTripper) {
   245		if scheme == "http" || scheme == "https" {
   246			panic("protocol " + scheme + " already registered")
   247		}
   248		t.altMu.Lock()
   249		defer t.altMu.Unlock()
   250		if t.altProto == nil {
   251			t.altProto = make(map[string]RoundTripper)
   252		}
   253		if _, exists := t.altProto[scheme]; exists {
   254			panic("protocol " + scheme + " already registered")
   255		}
   256		t.altProto[scheme] = rt
   257	}
   258	
   259	// CloseIdleConnections closes any connections which were previously
   260	// connected from previous requests but are now sitting idle in
   261	// a "keep-alive" state. It does not interrupt any connections currently
   262	// in use.
   263	func (t *Transport) CloseIdleConnections() {
   264		t.idleMu.Lock()
   265		m := t.idleConn
   266		t.idleConn = nil
   267		t.idleConnCh = nil
   268		t.wantIdle = true
   269		t.idleMu.Unlock()
   270		for _, conns := range m {
   271			for _, pconn := range conns {
   272				pconn.close()
   273			}
   274		}
   275	}
   276	
   277	// CancelRequest cancels an in-flight request by closing its connection.
   278	// CancelRequest should only be called after RoundTrip has returned.
   279	func (t *Transport) CancelRequest(req *Request) {
   280		t.reqMu.Lock()
   281		cancel := t.reqCanceler[req]
   282		delete(t.reqCanceler, req)
   283		t.reqMu.Unlock()
   284		if cancel != nil {
   285			cancel()
   286		}
   287	}
   288	
   289	//
   290	// Private implementation past this point.
   291	//
   292	
   293	var (
   294		httpProxyEnv = &envOnce{
   295			names: []string{"HTTP_PROXY", "http_proxy"},
   296		}
   297		httpsProxyEnv = &envOnce{
   298			names: []string{"HTTPS_PROXY", "https_proxy"},
   299		}
   300		noProxyEnv = &envOnce{
   301			names: []string{"NO_PROXY", "no_proxy"},
   302		}
   303	)
   304	
   305	// envOnce looks up an environment variable (optionally by multiple
   306	// names) once. It mitigates expensive lookups on some platforms
   307	// (e.g. Windows).
   308	type envOnce struct {
   309		names []string
   310		once  sync.Once
   311		val   string
   312	}
   313	
   314	func (e *envOnce) Get() string {
   315		e.once.Do(e.init)
   316		return e.val
   317	}
   318	
   319	func (e *envOnce) init() {
   320		for _, n := range e.names {
   321			e.val = os.Getenv(n)
   322			if e.val != "" {
   323				return
   324			}
   325		}
   326	}
   327	
   328	// reset is used by tests
   329	func (e *envOnce) reset() {
   330		e.once = sync.Once{}
   331		e.val = ""
   332	}
   333	
   334	func (t *Transport) connectMethodForRequest(treq *transportRequest) (cm connectMethod, err error) {
   335		cm.targetScheme = treq.URL.Scheme
   336		cm.targetAddr = canonicalAddr(treq.URL)
   337		if t.Proxy != nil {
   338			cm.proxyURL, err = t.Proxy(treq.Request)
   339		}
   340		return cm, err
   341	}
   342	
   343	// proxyAuth returns the Proxy-Authorization header to set
   344	// on requests, if applicable.
   345	func (cm *connectMethod) proxyAuth() string {
   346		if cm.proxyURL == nil {
   347			return ""
   348		}
   349		if u := cm.proxyURL.User; u != nil {
   350			username := u.Username()
   351			password, _ := u.Password()
   352			return "Basic " + basicAuth(username, password)
   353		}
   354		return ""
   355	}
   356	
   357	// putIdleConn adds pconn to the list of idle persistent connections awaiting
   358	// a new request.
   359	// If pconn is no longer needed or not in a good state, putIdleConn
   360	// returns false.
   361	func (t *Transport) putIdleConn(pconn *persistConn) bool {
   362		if t.DisableKeepAlives || t.MaxIdleConnsPerHost < 0 {
   363			pconn.close()
   364			return false
   365		}
   366		if pconn.isBroken() {
   367			return false
   368		}
   369		key := pconn.cacheKey
   370		max := t.MaxIdleConnsPerHost
   371		if max == 0 {
   372			max = DefaultMaxIdleConnsPerHost
   373		}
   374		t.idleMu.Lock()
   375	
   376		waitingDialer := t.idleConnCh[key]
   377		select {
   378		case waitingDialer <- pconn:
   379			// We're done with this pconn and somebody else is
   380			// currently waiting for a conn of this type (they're
   381			// actively dialing, but this conn is ready
   382			// first). Chrome calls this socket late binding.  See
   383			// https://insouciant.org/tech/connection-management-in-chromium/
   384			t.idleMu.Unlock()
   385			return true
   386		default:
   387			if waitingDialer != nil {
   388				// They had populated this, but their dial won
   389				// first, so we can clean up this map entry.
   390				delete(t.idleConnCh, key)
   391			}
   392		}
   393		if t.wantIdle {
   394			t.idleMu.Unlock()
   395			pconn.close()
   396			return false
   397		}
   398		if t.idleConn == nil {
   399			t.idleConn = make(map[connectMethodKey][]*persistConn)
   400		}
   401		if len(t.idleConn[key]) >= max {
   402			t.idleMu.Unlock()
   403			pconn.close()
   404			return false
   405		}
   406		for _, exist := range t.idleConn[key] {
   407			if exist == pconn {
   408				log.Fatalf("dup idle pconn %p in freelist", pconn)
   409			}
   410		}
   411		t.idleConn[key] = append(t.idleConn[key], pconn)
   412		t.idleMu.Unlock()
   413		return true
   414	}
   415	
   416	// getIdleConnCh returns a channel to receive and return idle
   417	// persistent connection for the given connectMethod.
   418	// It may return nil, if persistent connections are not being used.
   419	func (t *Transport) getIdleConnCh(cm connectMethod) chan *persistConn {
   420		if t.DisableKeepAlives {
   421			return nil
   422		}
   423		key := cm.key()
   424		t.idleMu.Lock()
   425		defer t.idleMu.Unlock()
   426		t.wantIdle = false
   427		if t.idleConnCh == nil {
   428			t.idleConnCh = make(map[connectMethodKey]chan *persistConn)
   429		}
   430		ch, ok := t.idleConnCh[key]
   431		if !ok {
   432			ch = make(chan *persistConn)
   433			t.idleConnCh[key] = ch
   434		}
   435		return ch
   436	}
   437	
   438	func (t *Transport) getIdleConn(cm connectMethod) (pconn *persistConn) {
   439		key := cm.key()
   440		t.idleMu.Lock()
   441		defer t.idleMu.Unlock()
   442		if t.idleConn == nil {
   443			return nil
   444		}
   445		for {
   446			pconns, ok := t.idleConn[key]
   447			if !ok {
   448				return nil
   449			}
   450			if len(pconns) == 1 {
   451				pconn = pconns[0]
   452				delete(t.idleConn, key)
   453			} else {
   454				// 2 or more cached connections; pop last
   455				// TODO: queue?
   456				pconn = pconns[len(pconns)-1]
   457				t.idleConn[key] = pconns[:len(pconns)-1]
   458			}
   459			if !pconn.isBroken() {
   460				return
   461			}
   462		}
   463	}
   464	
   465	func (t *Transport) setReqCanceler(r *Request, fn func()) {
   466		t.reqMu.Lock()
   467		defer t.reqMu.Unlock()
   468		if t.reqCanceler == nil {
   469			t.reqCanceler = make(map[*Request]func())
   470		}
   471		if fn != nil {
   472			t.reqCanceler[r] = fn
   473		} else {
   474			delete(t.reqCanceler, r)
   475		}
   476	}
   477	
   478	// replaceReqCanceler replaces an existing cancel function. If there is no cancel function
   479	// for the request, we don't set the function and return false.
   480	// Since CancelRequest will clear the canceler, we can use the return value to detect if
   481	// the request was canceled since the last setReqCancel call.
   482	func (t *Transport) replaceReqCanceler(r *Request, fn func()) bool {
   483		t.reqMu.Lock()
   484		defer t.reqMu.Unlock()
   485		_, ok := t.reqCanceler[r]
   486		if !ok {
   487			return false
   488		}
   489		if fn != nil {
   490			t.reqCanceler[r] = fn
   491		} else {
   492			delete(t.reqCanceler, r)
   493		}
   494		return true
   495	}
   496	
   497	func (t *Transport) dial(network, addr string) (c net.Conn, err error) {
   498		if t.Dial != nil {
   499			return t.Dial(network, addr)
   500		}
   501		return net.Dial(network, addr)
   502	}
   503	
   504	// Testing hooks:
   505	var prePendingDial, postPendingDial func()
   506	
   507	// getConn dials and creates a new persistConn to the target as
   508	// specified in the connectMethod.  This includes doing a proxy CONNECT
   509	// and/or setting up TLS.  If this doesn't return an error, the persistConn
   510	// is ready to write requests to.
   511	func (t *Transport) getConn(req *Request, cm connectMethod) (*persistConn, error) {
   512		if pc := t.getIdleConn(cm); pc != nil {
   513			// set request canceler to some non-nil function so we
   514			// can detect whether it was cleared between now and when
   515			// we enter roundTrip
   516			t.setReqCanceler(req, func() {})
   517			return pc, nil
   518		}
   519	
   520		type dialRes struct {
   521			pc  *persistConn
   522			err error
   523		}
   524		dialc := make(chan dialRes)
   525	
   526		// Copy these hooks so we don't race on the postPendingDial in
   527		// the goroutine we launch. Issue 11136.
   528		prePendingDial := prePendingDial
   529		postPendingDial := postPendingDial
   530	
   531		handlePendingDial := func() {
   532			if prePendingDial != nil {
   533				prePendingDial()
   534			}
   535			go func() {
   536				if v := <-dialc; v.err == nil {
   537					t.putIdleConn(v.pc)
   538				}
   539				if postPendingDial != nil {
   540					postPendingDial()
   541				}
   542			}()
   543		}
   544	
   545		cancelc := make(chan struct{})
   546		t.setReqCanceler(req, func() { close(cancelc) })
   547	
   548		go func() {
   549			pc, err := t.dialConn(cm)
   550			dialc <- dialRes{pc, err}
   551		}()
   552	
   553		idleConnCh := t.getIdleConnCh(cm)
   554		select {
   555		case v := <-dialc:
   556			// Our dial finished.
   557			return v.pc, v.err
   558		case pc := <-idleConnCh:
   559			// Another request finished first and its net.Conn
   560			// became available before our dial. Or somebody
   561			// else's dial that they didn't use.
   562			// But our dial is still going, so give it away
   563			// when it finishes:
   564			handlePendingDial()
   565			return pc, nil
   566		case <-req.Cancel:
   567			handlePendingDial()
   568			return nil, errors.New("net/http: request canceled while waiting for connection")
   569		case <-cancelc:
   570			handlePendingDial()
   571			return nil, errors.New("net/http: request canceled while waiting for connection")
   572		}
   573	}
   574	
   575	func (t *Transport) dialConn(cm connectMethod) (*persistConn, error) {
   576		pconn := &persistConn{
   577			t:          t,
   578			cacheKey:   cm.key(),
   579			reqch:      make(chan requestAndChan, 1),
   580			writech:    make(chan writeRequest, 1),
   581			closech:    make(chan struct{}),
   582			writeErrCh: make(chan error, 1),
   583		}
   584		tlsDial := t.DialTLS != nil && cm.targetScheme == "https" && cm.proxyURL == nil
   585		if tlsDial {
   586			var err error
   587			pconn.conn, err = t.DialTLS("tcp", cm.addr())
   588			if err != nil {
   589				return nil, err
   590			}
   591			if tc, ok := pconn.conn.(*tls.Conn); ok {
   592				cs := tc.ConnectionState()
   593				pconn.tlsState = &cs
   594			}
   595		} else {
   596			conn, err := t.dial("tcp", cm.addr())
   597			if err != nil {
   598				if cm.proxyURL != nil {
   599					err = fmt.Errorf("http: error connecting to proxy %s: %v", cm.proxyURL, err)
   600				}
   601				return nil, err
   602			}
   603			pconn.conn = conn
   604		}
   605	
   606		// Proxy setup.
   607		switch {
   608		case cm.proxyURL == nil:
   609			// Do nothing. Not using a proxy.
   610		case cm.targetScheme == "http":
   611			pconn.isProxy = true
   612			if pa := cm.proxyAuth(); pa != "" {
   613				pconn.mutateHeaderFunc = func(h Header) {
   614					h.Set("Proxy-Authorization", pa)
   615				}
   616			}
   617		case cm.targetScheme == "https":
   618			conn := pconn.conn
   619			connectReq := &Request{
   620				Method: "CONNECT",
   621				URL:    &url.URL{Opaque: cm.targetAddr},
   622				Host:   cm.targetAddr,
   623				Header: make(Header),
   624			}
   625			if pa := cm.proxyAuth(); pa != "" {
   626				connectReq.Header.Set("Proxy-Authorization", pa)
   627			}
   628			connectReq.Write(conn)
   629	
   630			// Read response.
   631			// Okay to use and discard buffered reader here, because
   632			// TLS server will not speak until spoken to.
   633			br := bufio.NewReader(conn)
   634			resp, err := ReadResponse(br, connectReq)
   635			if err != nil {
   636				conn.Close()
   637				return nil, err
   638			}
   639			if resp.StatusCode != 200 {
   640				f := strings.SplitN(resp.Status, " ", 2)
   641				conn.Close()
   642				return nil, errors.New(f[1])
   643			}
   644		}
   645	
   646		if cm.targetScheme == "https" && !tlsDial {
   647			// Initiate TLS and check remote host name against certificate.
   648			cfg := cloneTLSClientConfig(t.TLSClientConfig)
   649			if cfg.ServerName == "" {
   650				cfg.ServerName = cm.tlsHost()
   651			}
   652			plainConn := pconn.conn
   653			tlsConn := tls.Client(plainConn, cfg)
   654			errc := make(chan error, 2)
   655			var timer *time.Timer // for canceling TLS handshake
   656			if d := t.TLSHandshakeTimeout; d != 0 {
   657				timer = time.AfterFunc(d, func() {
   658					errc <- tlsHandshakeTimeoutError{}
   659				})
   660			}
   661			go func() {
   662				err := tlsConn.Handshake()
   663				if timer != nil {
   664					timer.Stop()
   665				}
   666				errc <- err
   667			}()
   668			if err := <-errc; err != nil {
   669				plainConn.Close()
   670				return nil, err
   671			}
   672			if !cfg.InsecureSkipVerify {
   673				if err := tlsConn.VerifyHostname(cfg.ServerName); err != nil {
   674					plainConn.Close()
   675					return nil, err
   676				}
   677			}
   678			cs := tlsConn.ConnectionState()
   679			pconn.tlsState = &cs
   680			pconn.conn = tlsConn
   681		}
   682	
   683		pconn.br = bufio.NewReader(noteEOFReader{pconn.conn, &pconn.sawEOF})
   684		pconn.bw = bufio.NewWriter(pconn.conn)
   685		go pconn.readLoop()
   686		go pconn.writeLoop()
   687		return pconn, nil
   688	}
   689	
   690	// useProxy reports whether requests to addr should use a proxy,
   691	// according to the NO_PROXY or no_proxy environment variable.
   692	// addr is always a canonicalAddr with a host and port.
   693	func useProxy(addr string) bool {
   694		if len(addr) == 0 {
   695			return true
   696		}
   697		host, _, err := net.SplitHostPort(addr)
   698		if err != nil {
   699			return false
   700		}
   701		if host == "localhost" {
   702			return false
   703		}
   704		if ip := net.ParseIP(host); ip != nil {
   705			if ip.IsLoopback() {
   706				return false
   707			}
   708		}
   709	
   710		no_proxy := noProxyEnv.Get()
   711		if no_proxy == "*" {
   712			return false
   713		}
   714	
   715		addr = strings.ToLower(strings.TrimSpace(addr))
   716		if hasPort(addr) {
   717			addr = addr[:strings.LastIndex(addr, ":")]
   718		}
   719	
   720		for _, p := range strings.Split(no_proxy, ",") {
   721			p = strings.ToLower(strings.TrimSpace(p))
   722			if len(p) == 0 {
   723				continue
   724			}
   725			if hasPort(p) {
   726				p = p[:strings.LastIndex(p, ":")]
   727			}
   728			if addr == p {
   729				return false
   730			}
   731			if p[0] == '.' && (strings.HasSuffix(addr, p) || addr == p[1:]) {
   732				// no_proxy ".foo.com" matches "bar.foo.com" or "foo.com"
   733				return false
   734			}
   735			if p[0] != '.' && strings.HasSuffix(addr, p) && addr[len(addr)-len(p)-1] == '.' {
   736				// no_proxy "foo.com" matches "bar.foo.com"
   737				return false
   738			}
   739		}
   740		return true
   741	}
   742	
   743	// connectMethod is the map key (in its String form) for keeping persistent
   744	// TCP connections alive for subsequent HTTP requests.
   745	//
   746	// A connect method may be of the following types:
   747	//
   748	// Cache key form                Description
   749	// -----------------             -------------------------
   750	// |http|foo.com                 http directly to server, no proxy
   751	// |https|foo.com                https directly to server, no proxy
   752	// http://proxy.com|https|foo.com  http to proxy, then CONNECT to foo.com
   753	// http://proxy.com|http           http to proxy, http to anywhere after that
   754	//
   755	// Note: no support to https to the proxy yet.
   756	//
   757	type connectMethod struct {
   758		proxyURL     *url.URL // nil for no proxy, else full proxy URL
   759		targetScheme string   // "http" or "https"
   760		targetAddr   string   // Not used if proxy + http targetScheme (4th example in table)
   761	}
   762	
   763	func (cm *connectMethod) key() connectMethodKey {
   764		proxyStr := ""
   765		targetAddr := cm.targetAddr
   766		if cm.proxyURL != nil {
   767			proxyStr = cm.proxyURL.String()
   768			if cm.targetScheme == "http" {
   769				targetAddr = ""
   770			}
   771		}
   772		return connectMethodKey{
   773			proxy:  proxyStr,
   774			scheme: cm.targetScheme,
   775			addr:   targetAddr,
   776		}
   777	}
   778	
   779	// addr returns the first hop "host:port" to which we need to TCP connect.
   780	func (cm *connectMethod) addr() string {
   781		if cm.proxyURL != nil {
   782			return canonicalAddr(cm.proxyURL)
   783		}
   784		return cm.targetAddr
   785	}
   786	
   787	// tlsHost returns the host name to match against the peer's
   788	// TLS certificate.
   789	func (cm *connectMethod) tlsHost() string {
   790		h := cm.targetAddr
   791		if hasPort(h) {
   792			h = h[:strings.LastIndex(h, ":")]
   793		}
   794		return h
   795	}
   796	
   797	// connectMethodKey is the map key version of connectMethod, with a
   798	// stringified proxy URL (or the empty string) instead of a pointer to
   799	// a URL.
   800	type connectMethodKey struct {
   801		proxy, scheme, addr string
   802	}
   803	
   804	func (k connectMethodKey) String() string {
   805		// Only used by tests.
   806		return fmt.Sprintf("%s|%s|%s", k.proxy, k.scheme, k.addr)
   807	}
   808	
   809	// persistConn wraps a connection, usually a persistent one
   810	// (but may be used for non-keep-alive requests as well)
   811	type persistConn struct {
   812		t        *Transport
   813		cacheKey connectMethodKey
   814		conn     net.Conn
   815		tlsState *tls.ConnectionState
   816		br       *bufio.Reader       // from conn
   817		sawEOF   bool                // whether we've seen EOF from conn; owned by readLoop
   818		bw       *bufio.Writer       // to conn
   819		reqch    chan requestAndChan // written by roundTrip; read by readLoop
   820		writech  chan writeRequest   // written by roundTrip; read by writeLoop
   821		closech  chan struct{}       // closed when conn closed
   822		isProxy  bool
   823		// writeErrCh passes the request write error (usually nil)
   824		// from the writeLoop goroutine to the readLoop which passes
   825		// it off to the res.Body reader, which then uses it to decide
   826		// whether or not a connection can be reused. Issue 7569.
   827		writeErrCh chan error
   828	
   829		lk                   sync.Mutex // guards following fields
   830		numExpectedResponses int
   831		closed               bool // whether conn has been closed
   832		broken               bool // an error has happened on this connection; marked broken so it's not reused.
   833		canceled             bool // whether this conn was broken due a CancelRequest
   834		// mutateHeaderFunc is an optional func to modify extra
   835		// headers on each outbound request before it's written. (the
   836		// original Request given to RoundTrip is not modified)
   837		mutateHeaderFunc func(Header)
   838	}
   839	
   840	// isBroken reports whether this connection is in a known broken state.
   841	func (pc *persistConn) isBroken() bool {
   842		pc.lk.Lock()
   843		b := pc.broken
   844		pc.lk.Unlock()
   845		return b
   846	}
   847	
   848	// isCanceled reports whether this connection was closed due to CancelRequest.
   849	func (pc *persistConn) isCanceled() bool {
   850		pc.lk.Lock()
   851		defer pc.lk.Unlock()
   852		return pc.canceled
   853	}
   854	
   855	func (pc *persistConn) cancelRequest() {
   856		pc.lk.Lock()
   857		defer pc.lk.Unlock()
   858		pc.canceled = true
   859		pc.closeLocked()
   860	}
   861	
   862	func (pc *persistConn) readLoop() {
   863		// eofc is used to block http.Handler goroutines reading from Response.Body
   864		// at EOF until this goroutines has (potentially) added the connection
   865		// back to the idle pool.
   866		eofc := make(chan struct{})
   867		defer close(eofc) // unblock reader on errors
   868	
   869		// Read this once, before loop starts. (to avoid races in tests)
   870		testHookMu.Lock()
   871		testHookReadLoopBeforeNextRead := testHookReadLoopBeforeNextRead
   872		testHookMu.Unlock()
   873	
   874		alive := true
   875		for alive {
   876			pb, err := pc.br.Peek(1)
   877	
   878			pc.lk.Lock()
   879			if pc.numExpectedResponses == 0 {
   880				if !pc.closed {
   881					pc.closeLocked()
   882					if len(pb) > 0 {
   883						log.Printf("Unsolicited response received on idle HTTP channel starting with %q; err=%v",
   884							string(pb), err)
   885					}
   886				}
   887				pc.lk.Unlock()
   888				return
   889			}
   890			pc.lk.Unlock()
   891	
   892			rc := <-pc.reqch
   893	
   894			var resp *Response
   895			if err == nil {
   896				resp, err = ReadResponse(pc.br, rc.req)
   897				if err == nil && resp.StatusCode == 100 {
   898					// Skip any 100-continue for now.
   899					// TODO(bradfitz): if rc.req had "Expect: 100-continue",
   900					// actually block the request body write and signal the
   901					// writeLoop now to begin sending it. (Issue 2184) For now we
   902					// eat it, since we're never expecting one.
   903					resp, err = ReadResponse(pc.br, rc.req)
   904				}
   905			}
   906	
   907			if resp != nil {
   908				resp.TLS = pc.tlsState
   909			}
   910	
   911			hasBody := resp != nil && rc.req.Method != "HEAD" && resp.ContentLength != 0
   912	
   913			if err != nil {
   914				pc.close()
   915			} else {
   916				if rc.addedGzip && hasBody && resp.Header.Get("Content-Encoding") == "gzip" {
   917					resp.Header.Del("Content-Encoding")
   918					resp.Header.Del("Content-Length")
   919					resp.ContentLength = -1
   920					resp.Body = &gzipReader{body: resp.Body}
   921				}
   922				resp.Body = &bodyEOFSignal{body: resp.Body}
   923			}
   924	
   925			if err != nil || resp.Close || rc.req.Close || resp.StatusCode <= 199 {
   926				// Don't do keep-alive on error if either party requested a close
   927				// or we get an unexpected informational (1xx) response.
   928				// StatusCode 100 is already handled above.
   929				alive = false
   930			}
   931	
   932			var waitForBodyRead chan bool // channel is nil when there's no body
   933			if hasBody {
   934				waitForBodyRead = make(chan bool, 2)
   935				resp.Body.(*bodyEOFSignal).earlyCloseFn = func() error {
   936					waitForBodyRead <- false
   937					return nil
   938				}
   939				resp.Body.(*bodyEOFSignal).fn = func(err error) error {
   940					isEOF := err == io.EOF
   941					waitForBodyRead <- isEOF
   942					if isEOF {
   943						<-eofc // see comment at top
   944					} else if err != nil && pc.isCanceled() {
   945						return errRequestCanceled
   946					}
   947					return err
   948				}
   949			} else {
   950				// Before send on rc.ch, as client might re-use the
   951				// same *Request pointer, and we don't want to set this
   952				// on t from this persistConn while the Transport
   953				// potentially spins up a different persistConn for the
   954				// caller's subsequent request.
   955				pc.t.setReqCanceler(rc.req, nil)
   956			}
   957	
   958			pc.lk.Lock()
   959			pc.numExpectedResponses--
   960			pc.lk.Unlock()
   961	
   962			// The connection might be going away when we put the
   963			// idleConn below. When that happens, we close the response channel to signal
   964			// to roundTrip that the connection is gone. roundTrip waits for
   965			// both closing and a response in a select, so it might choose
   966			// the close channel, rather than the response.
   967			// We send the response first so that roundTrip can check
   968			// if there is a pending one with a non-blocking select
   969			// on the response channel before erroring out.
   970			rc.ch <- responseAndError{resp, err}
   971	
   972			if hasBody {
   973				// To avoid a race, wait for the just-returned
   974				// response body to be fully consumed before peek on
   975				// the underlying bufio reader.
   976				select {
   977				case <-rc.req.Cancel:
   978					alive = false
   979					pc.t.CancelRequest(rc.req)
   980				case bodyEOF := <-waitForBodyRead:
   981					pc.t.setReqCanceler(rc.req, nil) // before pc might return to idle pool
   982					alive = alive &&
   983						bodyEOF &&
   984						!pc.sawEOF &&
   985						pc.wroteRequest() &&
   986						pc.t.putIdleConn(pc)
   987					if bodyEOF {
   988						eofc <- struct{}{}
   989					}
   990				case <-pc.closech:
   991					alive = false
   992				}
   993			} else {
   994				alive = alive &&
   995					!pc.sawEOF &&
   996					pc.wroteRequest() &&
   997					pc.t.putIdleConn(pc)
   998			}
   999	
  1000			if hook := testHookReadLoopBeforeNextRead; hook != nil {
  1001				hook()
  1002			}
  1003		}
  1004		pc.close()
  1005	}
  1006	
  1007	func (pc *persistConn) writeLoop() {
  1008		for {
  1009			select {
  1010			case wr := <-pc.writech:
  1011				if pc.isBroken() {
  1012					wr.ch <- errors.New("http: can't write HTTP request on broken connection")
  1013					continue
  1014				}
  1015				err := wr.req.Request.write(pc.bw, pc.isProxy, wr.req.extra)
  1016				if err == nil {
  1017					err = pc.bw.Flush()
  1018				}
  1019				if err != nil {
  1020					pc.markBroken()
  1021					wr.req.Request.closeBody()
  1022				}
  1023				pc.writeErrCh <- err // to the body reader, which might recycle us
  1024				wr.ch <- err         // to the roundTrip function
  1025			case <-pc.closech:
  1026				return
  1027			}
  1028		}
  1029	}
  1030	
  1031	// wroteRequest is a check before recycling a connection that the previous write
  1032	// (from writeLoop above) happened and was successful.
  1033	func (pc *persistConn) wroteRequest() bool {
  1034		select {
  1035		case err := <-pc.writeErrCh:
  1036			// Common case: the write happened well before the response, so
  1037			// avoid creating a timer.
  1038			return err == nil
  1039		default:
  1040			// Rare case: the request was written in writeLoop above but
  1041			// before it could send to pc.writeErrCh, the reader read it
  1042			// all, processed it, and called us here. In this case, give the
  1043			// write goroutine a bit of time to finish its send.
  1044			//
  1045			// Less rare case: We also get here in the legitimate case of
  1046			// Issue 7569, where the writer is still writing (or stalled),
  1047			// but the server has already replied. In this case, we don't
  1048			// want to wait too long, and we want to return false so this
  1049			// connection isn't re-used.
  1050			select {
  1051			case err := <-pc.writeErrCh:
  1052				return err == nil
  1053			case <-time.After(50 * time.Millisecond):
  1054				return false
  1055			}
  1056		}
  1057	}
  1058	
  1059	type responseAndError struct {
  1060		res *Response
  1061		err error
  1062	}
  1063	
  1064	type requestAndChan struct {
  1065		req *Request
  1066		ch  chan responseAndError
  1067	
  1068		// did the Transport (as opposed to the client code) add an
  1069		// Accept-Encoding gzip header? only if it we set it do
  1070		// we transparently decode the gzip.
  1071		addedGzip bool
  1072	}
  1073	
  1074	// A writeRequest is sent by the readLoop's goroutine to the
  1075	// writeLoop's goroutine to write a request while the read loop
  1076	// concurrently waits on both the write response and the server's
  1077	// reply.
  1078	type writeRequest struct {
  1079		req *transportRequest
  1080		ch  chan<- error
  1081	}
  1082	
  1083	type httpError struct {
  1084		err     string
  1085		timeout bool
  1086	}
  1087	
  1088	func (e *httpError) Error() string   { return e.err }
  1089	func (e *httpError) Timeout() bool   { return e.timeout }
  1090	func (e *httpError) Temporary() bool { return true }
  1091	
  1092	var errTimeout error = &httpError{err: "net/http: timeout awaiting response headers", timeout: true}
  1093	var errClosed error = &httpError{err: "net/http: transport closed before response was received"}
  1094	var errRequestCanceled = errors.New("net/http: request canceled")
  1095	
  1096	// nil except for tests
  1097	var (
  1098		testHookPersistConnClosedGotRes func()
  1099		testHookEnterRoundTrip          func()
  1100		testHookMu                      sync.Locker = fakeLocker{} // guards following
  1101		testHookReadLoopBeforeNextRead  func()
  1102	)
  1103	
  1104	func (pc *persistConn) roundTrip(req *transportRequest) (resp *Response, err error) {
  1105		if hook := testHookEnterRoundTrip; hook != nil {
  1106			hook()
  1107		}
  1108		if !pc.t.replaceReqCanceler(req.Request, pc.cancelRequest) {
  1109			pc.t.putIdleConn(pc)
  1110			return nil, errRequestCanceled
  1111		}
  1112		pc.lk.Lock()
  1113		pc.numExpectedResponses++
  1114		headerFn := pc.mutateHeaderFunc
  1115		pc.lk.Unlock()
  1116	
  1117		if headerFn != nil {
  1118			headerFn(req.extraHeaders())
  1119		}
  1120	
  1121		// Ask for a compressed version if the caller didn't set their
  1122		// own value for Accept-Encoding. We only attempt to
  1123		// uncompress the gzip stream if we were the layer that
  1124		// requested it.
  1125		requestedGzip := false
  1126		if !pc.t.DisableCompression &&
  1127			req.Header.Get("Accept-Encoding") == "" &&
  1128			req.Header.Get("Range") == "" &&
  1129			req.Method != "HEAD" {
  1130			// Request gzip only, not deflate. Deflate is ambiguous and
  1131			// not as universally supported anyway.
  1132			// See: http://www.gzip.org/zlib/zlib_faq.html#faq38
  1133			//
  1134			// Note that we don't request this for HEAD requests,
  1135			// due to a bug in nginx:
  1136			//   http://trac.nginx.org/nginx/ticket/358
  1137			//   https://golang.org/issue/5522
  1138			//
  1139			// We don't request gzip if the request is for a range, since
  1140			// auto-decoding a portion of a gzipped document will just fail
  1141			// anyway. See https://golang.org/issue/8923
  1142			requestedGzip = true
  1143			req.extraHeaders().Set("Accept-Encoding", "gzip")
  1144		}
  1145	
  1146		if pc.t.DisableKeepAlives {
  1147			req.extraHeaders().Set("Connection", "close")
  1148		}
  1149	
  1150		// Write the request concurrently with waiting for a response,
  1151		// in case the server decides to reply before reading our full
  1152		// request body.
  1153		writeErrCh := make(chan error, 1)
  1154		pc.writech <- writeRequest{req, writeErrCh}
  1155	
  1156		resc := make(chan responseAndError, 1)
  1157		pc.reqch <- requestAndChan{req.Request, resc, requestedGzip}
  1158	
  1159		var re responseAndError
  1160		var respHeaderTimer <-chan time.Time
  1161		cancelChan := req.Request.Cancel
  1162	WaitResponse:
  1163		for {
  1164			select {
  1165			case err := <-writeErrCh:
  1166				if isNetWriteError(err) {
  1167					// Issue 11745. If we failed to write the request
  1168					// body, it's possible the server just heard enough
  1169					// and already wrote to us. Prioritize the server's
  1170					// response over returning a body write error.
  1171					select {
  1172					case re = <-resc:
  1173						pc.close()
  1174						break WaitResponse
  1175					case <-time.After(50 * time.Millisecond):
  1176						// Fall through.
  1177					}
  1178				}
  1179				if err != nil {
  1180					re = responseAndError{nil, err}
  1181					pc.close()
  1182					break WaitResponse
  1183				}
  1184				if d := pc.t.ResponseHeaderTimeout; d > 0 {
  1185					timer := time.NewTimer(d)
  1186					defer timer.Stop() // prevent leaks
  1187					respHeaderTimer = timer.C
  1188				}
  1189			case <-pc.closech:
  1190				// The persist connection is dead. This shouldn't
  1191				// usually happen (only with Connection: close responses
  1192				// with no response bodies), but if it does happen it
  1193				// means either a) the remote server hung up on us
  1194				// prematurely, or b) the readLoop sent us a response &
  1195				// closed its closech at roughly the same time, and we
  1196				// selected this case first. If we got a response, readLoop makes sure
  1197				// to send it before it puts the conn and closes the channel.
  1198				// That way, we can fetch the response, if there is one,
  1199				// with a non-blocking receive.
  1200				select {
  1201				case re = <-resc:
  1202					if fn := testHookPersistConnClosedGotRes; fn != nil {
  1203						fn()
  1204					}
  1205				default:
  1206					re = responseAndError{err: errClosed}
  1207					if pc.isCanceled() {
  1208						re = responseAndError{err: errRequestCanceled}
  1209					}
  1210				}
  1211				break WaitResponse
  1212			case <-respHeaderTimer:
  1213				pc.close()
  1214				re = responseAndError{err: errTimeout}
  1215				break WaitResponse
  1216			case re = <-resc:
  1217				break WaitResponse
  1218			case <-cancelChan:
  1219				pc.t.CancelRequest(req.Request)
  1220				cancelChan = nil
  1221			}
  1222		}
  1223	
  1224		if re.err != nil {
  1225			pc.t.setReqCanceler(req.Request, nil)
  1226		}
  1227		return re.res, re.err
  1228	}
  1229	
  1230	// markBroken marks a connection as broken (so it's not reused).
  1231	// It differs from close in that it doesn't close the underlying
  1232	// connection for use when it's still being read.
  1233	func (pc *persistConn) markBroken() {
  1234		pc.lk.Lock()
  1235		defer pc.lk.Unlock()
  1236		pc.broken = true
  1237	}
  1238	
  1239	func (pc *persistConn) close() {
  1240		pc.lk.Lock()
  1241		defer pc.lk.Unlock()
  1242		pc.closeLocked()
  1243	}
  1244	
  1245	func (pc *persistConn) closeLocked() {
  1246		pc.broken = true
  1247		if !pc.closed {
  1248			pc.conn.Close()
  1249			pc.closed = true
  1250			close(pc.closech)
  1251		}
  1252		pc.mutateHeaderFunc = nil
  1253	}
  1254	
  1255	var portMap = map[string]string{
  1256		"http":  "80",
  1257		"https": "443",
  1258	}
  1259	
  1260	// canonicalAddr returns url.Host but always with a ":port" suffix
  1261	func canonicalAddr(url *url.URL) string {
  1262		addr := url.Host
  1263		if !hasPort(addr) {
  1264			return addr + ":" + portMap[url.Scheme]
  1265		}
  1266		return addr
  1267	}
  1268	
  1269	// bodyEOFSignal wraps a ReadCloser but runs fn (if non-nil) at most
  1270	// once, right before its final (error-producing) Read or Close call
  1271	// returns. fn should return the new error to return from Read or Close.
  1272	//
  1273	// If earlyCloseFn is non-nil and Close is called before io.EOF is
  1274	// seen, earlyCloseFn is called instead of fn, and its return value is
  1275	// the return value from Close.
  1276	type bodyEOFSignal struct {
  1277		body         io.ReadCloser
  1278		mu           sync.Mutex        // guards following 4 fields
  1279		closed       bool              // whether Close has been called
  1280		rerr         error             // sticky Read error
  1281		fn           func(error) error // err will be nil on Read io.EOF
  1282		earlyCloseFn func() error      // optional alt Close func used if io.EOF not seen
  1283	}
  1284	
  1285	func (es *bodyEOFSignal) Read(p []byte) (n int, err error) {
  1286		es.mu.Lock()
  1287		closed, rerr := es.closed, es.rerr
  1288		es.mu.Unlock()
  1289		if closed {
  1290			return 0, errors.New("http: read on closed response body")
  1291		}
  1292		if rerr != nil {
  1293			return 0, rerr
  1294		}
  1295	
  1296		n, err = es.body.Read(p)
  1297		if err != nil {
  1298			es.mu.Lock()
  1299			defer es.mu.Unlock()
  1300			if es.rerr == nil {
  1301				es.rerr = err
  1302			}
  1303			err = es.condfn(err)
  1304		}
  1305		return
  1306	}
  1307	
  1308	func (es *bodyEOFSignal) Close() error {
  1309		es.mu.Lock()
  1310		defer es.mu.Unlock()
  1311		if es.closed {
  1312			return nil
  1313		}
  1314		es.closed = true
  1315		if es.earlyCloseFn != nil && es.rerr != io.EOF {
  1316			return es.earlyCloseFn()
  1317		}
  1318		err := es.body.Close()
  1319		return es.condfn(err)
  1320	}
  1321	
  1322	// caller must hold es.mu.
  1323	func (es *bodyEOFSignal) condfn(err error) error {
  1324		if es.fn == nil {
  1325			return err
  1326		}
  1327		err = es.fn(err)
  1328		es.fn = nil
  1329		return err
  1330	}
  1331	
  1332	// gzipReader wraps a response body so it can lazily
  1333	// call gzip.NewReader on the first call to Read
  1334	type gzipReader struct {
  1335		body io.ReadCloser // underlying Response.Body
  1336		zr   io.Reader     // lazily-initialized gzip reader
  1337	}
  1338	
  1339	func (gz *gzipReader) Read(p []byte) (n int, err error) {
  1340		if gz.zr == nil {
  1341			gz.zr, err = gzip.NewReader(gz.body)
  1342			if err != nil {
  1343				return 0, err
  1344			}
  1345		}
  1346		return gz.zr.Read(p)
  1347	}
  1348	
  1349	func (gz *gzipReader) Close() error {
  1350		return gz.body.Close()
  1351	}
  1352	
  1353	type readerAndCloser struct {
  1354		io.Reader
  1355		io.Closer
  1356	}
  1357	
  1358	type tlsHandshakeTimeoutError struct{}
  1359	
  1360	func (tlsHandshakeTimeoutError) Timeout() bool   { return true }
  1361	func (tlsHandshakeTimeoutError) Temporary() bool { return true }
  1362	func (tlsHandshakeTimeoutError) Error() string   { return "net/http: TLS handshake timeout" }
  1363	
  1364	type noteEOFReader struct {
  1365		r      io.Reader
  1366		sawEOF *bool
  1367	}
  1368	
  1369	func (nr noteEOFReader) Read(p []byte) (n int, err error) {
  1370		n, err = nr.r.Read(p)
  1371		if err == io.EOF {
  1372			*nr.sawEOF = true
  1373		}
  1374		return
  1375	}
  1376	
  1377	// fakeLocker is a sync.Locker which does nothing. It's used to guard
  1378	// test-only fields when not under test, to avoid runtime atomic
  1379	// overhead.
  1380	type fakeLocker struct{}
  1381	
  1382	func (fakeLocker) Lock()   {}
  1383	func (fakeLocker) Unlock() {}
  1384	
  1385	func isNetWriteError(err error) bool {
  1386		switch e := err.(type) {
  1387		case *url.Error:
  1388			return isNetWriteError(e.Err)
  1389		case *net.OpError:
  1390			return e.Op == "write"
  1391		default:
  1392			return false
  1393		}
  1394	}
  1395	
  1396	// cloneTLSConfig returns a shallow clone of the exported
  1397	// fields of cfg, ignoring the unexported sync.Once, which
  1398	// contains a mutex and must not be copied.
  1399	//
  1400	// The cfg must not be in active use by tls.Server, or else
  1401	// there can still be a race with tls.Server updating SessionTicketKey
  1402	// and our copying it, and also a race with the server setting
  1403	// SessionTicketsDisabled=false on failure to set the random
  1404	// ticket key.
  1405	//
  1406	// If cfg is nil, a new zero tls.Config is returned.
  1407	func cloneTLSConfig(cfg *tls.Config) *tls.Config {
  1408		if cfg == nil {
  1409			return &tls.Config{}
  1410		}
  1411		return &tls.Config{
  1412			Rand:                     cfg.Rand,
  1413			Time:                     cfg.Time,
  1414			Certificates:             cfg.Certificates,
  1415			NameToCertificate:        cfg.NameToCertificate,
  1416			GetCertificate:           cfg.GetCertificate,
  1417			RootCAs:                  cfg.RootCAs,
  1418			NextProtos:               cfg.NextProtos,
  1419			ServerName:               cfg.ServerName,
  1420			ClientAuth:               cfg.ClientAuth,
  1421			ClientCAs:                cfg.ClientCAs,
  1422			InsecureSkipVerify:       cfg.InsecureSkipVerify,
  1423			CipherSuites:             cfg.CipherSuites,
  1424			PreferServerCipherSuites: cfg.PreferServerCipherSuites,
  1425			SessionTicketsDisabled:   cfg.SessionTicketsDisabled,
  1426			SessionTicketKey:         cfg.SessionTicketKey,
  1427			ClientSessionCache:       cfg.ClientSessionCache,
  1428			MinVersion:               cfg.MinVersion,
  1429			MaxVersion:               cfg.MaxVersion,
  1430			CurvePreferences:         cfg.CurvePreferences,
  1431		}
  1432	}
  1433	
  1434	// cloneTLSClientConfig is like cloneTLSConfig but omits
  1435	// the fields SessionTicketsDisabled and SessionTicketKey.
  1436	// This makes it safe to call cloneTLSClientConfig on a config
  1437	// in active use by a server.
  1438	func cloneTLSClientConfig(cfg *tls.Config) *tls.Config {
  1439		if cfg == nil {
  1440			return &tls.Config{}
  1441		}
  1442		return &tls.Config{
  1443			Rand:                     cfg.Rand,
  1444			Time:                     cfg.Time,
  1445			Certificates:             cfg.Certificates,
  1446			NameToCertificate:        cfg.NameToCertificate,
  1447			GetCertificate:           cfg.GetCertificate,
  1448			RootCAs:                  cfg.RootCAs,
  1449			NextProtos:               cfg.NextProtos,
  1450			ServerName:               cfg.ServerName,
  1451			ClientAuth:               cfg.ClientAuth,
  1452			ClientCAs:                cfg.ClientCAs,
  1453			InsecureSkipVerify:       cfg.InsecureSkipVerify,
  1454			CipherSuites:             cfg.CipherSuites,
  1455			PreferServerCipherSuites: cfg.PreferServerCipherSuites,
  1456			ClientSessionCache:       cfg.ClientSessionCache,
  1457			MinVersion:               cfg.MinVersion,
  1458			MaxVersion:               cfg.MaxVersion,
  1459			CurvePreferences:         cfg.CurvePreferences,
  1460		}
  1461	}
  1462	

View as plain text