...
Run Format

Source file src/net/http/h2_bundle.go

Documentation: net/http

     1  // Code generated by golang.org/x/tools/cmd/bundle. DO NOT EDIT.
     2  //go:generate bundle -o h2_bundle.go -prefix http2 -underscore golang.org/x/net/http2
     3  
     4  // Package http2 implements the HTTP/2 protocol.
     5  //
     6  // This package is low-level and intended to be used directly by very
     7  // few people. Most users will use it indirectly through the automatic
     8  // use by the net/http package (from Go 1.6 and later).
     9  // For use in earlier Go versions see ConfigureServer. (Transport support
    10  // requires Go 1.6 or later)
    11  //
    12  // See https://http2.github.io/ for more information on HTTP/2.
    13  //
    14  // See https://http2.golang.org/ for a test server running this code.
    15  //
    16  
    17  package http
    18  
    19  import (
    20  	"bufio"
    21  	"bytes"
    22  	"compress/gzip"
    23  	"context"
    24  	"crypto/rand"
    25  	"crypto/tls"
    26  	"encoding/binary"
    27  	"errors"
    28  	"fmt"
    29  	"io"
    30  	"io/ioutil"
    31  	"log"
    32  	"math"
    33  	mathrand "math/rand"
    34  	"net"
    35  	"net/http/httptrace"
    36  	"net/textproto"
    37  	"net/url"
    38  	"os"
    39  	"reflect"
    40  	"runtime"
    41  	"sort"
    42  	"strconv"
    43  	"strings"
    44  	"sync"
    45  	"time"
    46  
    47  	"golang_org/x/net/http2/hpack"
    48  	"golang_org/x/net/idna"
    49  	"golang_org/x/net/lex/httplex"
    50  )
    51  
    52  // A list of the possible cipher suite ids. Taken from
    53  // http://www.iana.org/assignments/tls-parameters/tls-parameters.txt
    54  
    55  const (
    56  	http2cipher_TLS_NULL_WITH_NULL_NULL               uint16 = 0x0000
    57  	http2cipher_TLS_RSA_WITH_NULL_MD5                 uint16 = 0x0001
    58  	http2cipher_TLS_RSA_WITH_NULL_SHA                 uint16 = 0x0002
    59  	http2cipher_TLS_RSA_EXPORT_WITH_RC4_40_MD5        uint16 = 0x0003
    60  	http2cipher_TLS_RSA_WITH_RC4_128_MD5              uint16 = 0x0004
    61  	http2cipher_TLS_RSA_WITH_RC4_128_SHA              uint16 = 0x0005
    62  	http2cipher_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5    uint16 = 0x0006
    63  	http2cipher_TLS_RSA_WITH_IDEA_CBC_SHA             uint16 = 0x0007
    64  	http2cipher_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA     uint16 = 0x0008
    65  	http2cipher_TLS_RSA_WITH_DES_CBC_SHA              uint16 = 0x0009
    66  	http2cipher_TLS_RSA_WITH_3DES_EDE_CBC_SHA         uint16 = 0x000A
    67  	http2cipher_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA  uint16 = 0x000B
    68  	http2cipher_TLS_DH_DSS_WITH_DES_CBC_SHA           uint16 = 0x000C
    69  	http2cipher_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA      uint16 = 0x000D
    70  	http2cipher_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA  uint16 = 0x000E
    71  	http2cipher_TLS_DH_RSA_WITH_DES_CBC_SHA           uint16 = 0x000F
    72  	http2cipher_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA      uint16 = 0x0010
    73  	http2cipher_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0011
    74  	http2cipher_TLS_DHE_DSS_WITH_DES_CBC_SHA          uint16 = 0x0012
    75  	http2cipher_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA     uint16 = 0x0013
    76  	http2cipher_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0014
    77  	http2cipher_TLS_DHE_RSA_WITH_DES_CBC_SHA          uint16 = 0x0015
    78  	http2cipher_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA     uint16 = 0x0016
    79  	http2cipher_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5    uint16 = 0x0017
    80  	http2cipher_TLS_DH_anon_WITH_RC4_128_MD5          uint16 = 0x0018
    81  	http2cipher_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0019
    82  	http2cipher_TLS_DH_anon_WITH_DES_CBC_SHA          uint16 = 0x001A
    83  	http2cipher_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA     uint16 = 0x001B
    84  	// Reserved uint16 =  0x001C-1D
    85  	http2cipher_TLS_KRB5_WITH_DES_CBC_SHA             uint16 = 0x001E
    86  	http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_SHA        uint16 = 0x001F
    87  	http2cipher_TLS_KRB5_WITH_RC4_128_SHA             uint16 = 0x0020
    88  	http2cipher_TLS_KRB5_WITH_IDEA_CBC_SHA            uint16 = 0x0021
    89  	http2cipher_TLS_KRB5_WITH_DES_CBC_MD5             uint16 = 0x0022
    90  	http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_MD5        uint16 = 0x0023
    91  	http2cipher_TLS_KRB5_WITH_RC4_128_MD5             uint16 = 0x0024
    92  	http2cipher_TLS_KRB5_WITH_IDEA_CBC_MD5            uint16 = 0x0025
    93  	http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA   uint16 = 0x0026
    94  	http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA   uint16 = 0x0027
    95  	http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_SHA       uint16 = 0x0028
    96  	http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5   uint16 = 0x0029
    97  	http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5   uint16 = 0x002A
    98  	http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_MD5       uint16 = 0x002B
    99  	http2cipher_TLS_PSK_WITH_NULL_SHA                 uint16 = 0x002C
   100  	http2cipher_TLS_DHE_PSK_WITH_NULL_SHA             uint16 = 0x002D
   101  	http2cipher_TLS_RSA_PSK_WITH_NULL_SHA             uint16 = 0x002E
   102  	http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA          uint16 = 0x002F
   103  	http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA       uint16 = 0x0030
   104  	http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA       uint16 = 0x0031
   105  	http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA      uint16 = 0x0032
   106  	http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA      uint16 = 0x0033
   107  	http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA      uint16 = 0x0034
   108  	http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA          uint16 = 0x0035
   109  	http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA       uint16 = 0x0036
   110  	http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA       uint16 = 0x0037
   111  	http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA      uint16 = 0x0038
   112  	http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA      uint16 = 0x0039
   113  	http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA      uint16 = 0x003A
   114  	http2cipher_TLS_RSA_WITH_NULL_SHA256              uint16 = 0x003B
   115  	http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA256       uint16 = 0x003C
   116  	http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA256       uint16 = 0x003D
   117  	http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA256    uint16 = 0x003E
   118  	http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA256    uint16 = 0x003F
   119  	http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256   uint16 = 0x0040
   120  	http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA     uint16 = 0x0041
   121  	http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA  uint16 = 0x0042
   122  	http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA  uint16 = 0x0043
   123  	http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0044
   124  	http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0045
   125  	http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0046
   126  	// Reserved uint16 =  0x0047-4F
   127  	// Reserved uint16 =  0x0050-58
   128  	// Reserved uint16 =  0x0059-5C
   129  	// Unassigned uint16 =  0x005D-5F
   130  	// Reserved uint16 =  0x0060-66
   131  	http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x0067
   132  	http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA256  uint16 = 0x0068
   133  	http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA256  uint16 = 0x0069
   134  	http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 uint16 = 0x006A
   135  	http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x006B
   136  	http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA256 uint16 = 0x006C
   137  	http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA256 uint16 = 0x006D
   138  	// Unassigned uint16 =  0x006E-83
   139  	http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA        uint16 = 0x0084
   140  	http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA     uint16 = 0x0085
   141  	http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA     uint16 = 0x0086
   142  	http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA    uint16 = 0x0087
   143  	http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA    uint16 = 0x0088
   144  	http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA    uint16 = 0x0089
   145  	http2cipher_TLS_PSK_WITH_RC4_128_SHA                 uint16 = 0x008A
   146  	http2cipher_TLS_PSK_WITH_3DES_EDE_CBC_SHA            uint16 = 0x008B
   147  	http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA             uint16 = 0x008C
   148  	http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA             uint16 = 0x008D
   149  	http2cipher_TLS_DHE_PSK_WITH_RC4_128_SHA             uint16 = 0x008E
   150  	http2cipher_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA        uint16 = 0x008F
   151  	http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA         uint16 = 0x0090
   152  	http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA         uint16 = 0x0091
   153  	http2cipher_TLS_RSA_PSK_WITH_RC4_128_SHA             uint16 = 0x0092
   154  	http2cipher_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA        uint16 = 0x0093
   155  	http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA         uint16 = 0x0094
   156  	http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA         uint16 = 0x0095
   157  	http2cipher_TLS_RSA_WITH_SEED_CBC_SHA                uint16 = 0x0096
   158  	http2cipher_TLS_DH_DSS_WITH_SEED_CBC_SHA             uint16 = 0x0097
   159  	http2cipher_TLS_DH_RSA_WITH_SEED_CBC_SHA             uint16 = 0x0098
   160  	http2cipher_TLS_DHE_DSS_WITH_SEED_CBC_SHA            uint16 = 0x0099
   161  	http2cipher_TLS_DHE_RSA_WITH_SEED_CBC_SHA            uint16 = 0x009A
   162  	http2cipher_TLS_DH_anon_WITH_SEED_CBC_SHA            uint16 = 0x009B
   163  	http2cipher_TLS_RSA_WITH_AES_128_GCM_SHA256          uint16 = 0x009C
   164  	http2cipher_TLS_RSA_WITH_AES_256_GCM_SHA384          uint16 = 0x009D
   165  	http2cipher_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256      uint16 = 0x009E
   166  	http2cipher_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384      uint16 = 0x009F
   167  	http2cipher_TLS_DH_RSA_WITH_AES_128_GCM_SHA256       uint16 = 0x00A0
   168  	http2cipher_TLS_DH_RSA_WITH_AES_256_GCM_SHA384       uint16 = 0x00A1
   169  	http2cipher_TLS_DHE_DSS_WITH_AES_128_GCM_SHA256      uint16 = 0x00A2
   170  	http2cipher_TLS_DHE_DSS_WITH_AES_256_GCM_SHA384      uint16 = 0x00A3
   171  	http2cipher_TLS_DH_DSS_WITH_AES_128_GCM_SHA256       uint16 = 0x00A4
   172  	http2cipher_TLS_DH_DSS_WITH_AES_256_GCM_SHA384       uint16 = 0x00A5
   173  	http2cipher_TLS_DH_anon_WITH_AES_128_GCM_SHA256      uint16 = 0x00A6
   174  	http2cipher_TLS_DH_anon_WITH_AES_256_GCM_SHA384      uint16 = 0x00A7
   175  	http2cipher_TLS_PSK_WITH_AES_128_GCM_SHA256          uint16 = 0x00A8
   176  	http2cipher_TLS_PSK_WITH_AES_256_GCM_SHA384          uint16 = 0x00A9
   177  	http2cipher_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256      uint16 = 0x00AA
   178  	http2cipher_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384      uint16 = 0x00AB
   179  	http2cipher_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256      uint16 = 0x00AC
   180  	http2cipher_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384      uint16 = 0x00AD
   181  	http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA256          uint16 = 0x00AE
   182  	http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA384          uint16 = 0x00AF
   183  	http2cipher_TLS_PSK_WITH_NULL_SHA256                 uint16 = 0x00B0
   184  	http2cipher_TLS_PSK_WITH_NULL_SHA384                 uint16 = 0x00B1
   185  	http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256      uint16 = 0x00B2
   186  	http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384      uint16 = 0x00B3
   187  	http2cipher_TLS_DHE_PSK_WITH_NULL_SHA256             uint16 = 0x00B4
   188  	http2cipher_TLS_DHE_PSK_WITH_NULL_SHA384             uint16 = 0x00B5
   189  	http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256      uint16 = 0x00B6
   190  	http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384      uint16 = 0x00B7
   191  	http2cipher_TLS_RSA_PSK_WITH_NULL_SHA256             uint16 = 0x00B8
   192  	http2cipher_TLS_RSA_PSK_WITH_NULL_SHA384             uint16 = 0x00B9
   193  	http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256     uint16 = 0x00BA
   194  	http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256  uint16 = 0x00BB
   195  	http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256  uint16 = 0x00BC
   196  	http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BD
   197  	http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BE
   198  	http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BF
   199  	http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256     uint16 = 0x00C0
   200  	http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256  uint16 = 0x00C1
   201  	http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256  uint16 = 0x00C2
   202  	http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C3
   203  	http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C4
   204  	http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C5
   205  	// Unassigned uint16 =  0x00C6-FE
   206  	http2cipher_TLS_EMPTY_RENEGOTIATION_INFO_SCSV uint16 = 0x00FF
   207  	// Unassigned uint16 =  0x01-55,*
   208  	http2cipher_TLS_FALLBACK_SCSV uint16 = 0x5600
   209  	// Unassigned                                   uint16 = 0x5601 - 0xC000
   210  	http2cipher_TLS_ECDH_ECDSA_WITH_NULL_SHA                 uint16 = 0xC001
   211  	http2cipher_TLS_ECDH_ECDSA_WITH_RC4_128_SHA              uint16 = 0xC002
   212  	http2cipher_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA         uint16 = 0xC003
   213  	http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA          uint16 = 0xC004
   214  	http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA          uint16 = 0xC005
   215  	http2cipher_TLS_ECDHE_ECDSA_WITH_NULL_SHA                uint16 = 0xC006
   216  	http2cipher_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA             uint16 = 0xC007
   217  	http2cipher_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA        uint16 = 0xC008
   218  	http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA         uint16 = 0xC009
   219  	http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA         uint16 = 0xC00A
   220  	http2cipher_TLS_ECDH_RSA_WITH_NULL_SHA                   uint16 = 0xC00B
   221  	http2cipher_TLS_ECDH_RSA_WITH_RC4_128_SHA                uint16 = 0xC00C
   222  	http2cipher_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA           uint16 = 0xC00D
   223  	http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA            uint16 = 0xC00E
   224  	http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA            uint16 = 0xC00F
   225  	http2cipher_TLS_ECDHE_RSA_WITH_NULL_SHA                  uint16 = 0xC010
   226  	http2cipher_TLS_ECDHE_RSA_WITH_RC4_128_SHA               uint16 = 0xC011
   227  	http2cipher_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA          uint16 = 0xC012
   228  	http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA           uint16 = 0xC013
   229  	http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA           uint16 = 0xC014
   230  	http2cipher_TLS_ECDH_anon_WITH_NULL_SHA                  uint16 = 0xC015
   231  	http2cipher_TLS_ECDH_anon_WITH_RC4_128_SHA               uint16 = 0xC016
   232  	http2cipher_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA          uint16 = 0xC017
   233  	http2cipher_TLS_ECDH_anon_WITH_AES_128_CBC_SHA           uint16 = 0xC018
   234  	http2cipher_TLS_ECDH_anon_WITH_AES_256_CBC_SHA           uint16 = 0xC019
   235  	http2cipher_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA            uint16 = 0xC01A
   236  	http2cipher_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA        uint16 = 0xC01B
   237  	http2cipher_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA        uint16 = 0xC01C
   238  	http2cipher_TLS_SRP_SHA_WITH_AES_128_CBC_SHA             uint16 = 0xC01D
   239  	http2cipher_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA         uint16 = 0xC01E
   240  	http2cipher_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA         uint16 = 0xC01F
   241  	http2cipher_TLS_SRP_SHA_WITH_AES_256_CBC_SHA             uint16 = 0xC020
   242  	http2cipher_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA         uint16 = 0xC021
   243  	http2cipher_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA         uint16 = 0xC022
   244  	http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256      uint16 = 0xC023
   245  	http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384      uint16 = 0xC024
   246  	http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256       uint16 = 0xC025
   247  	http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384       uint16 = 0xC026
   248  	http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256        uint16 = 0xC027
   249  	http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384        uint16 = 0xC028
   250  	http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256         uint16 = 0xC029
   251  	http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384         uint16 = 0xC02A
   252  	http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256      uint16 = 0xC02B
   253  	http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384      uint16 = 0xC02C
   254  	http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256       uint16 = 0xC02D
   255  	http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384       uint16 = 0xC02E
   256  	http2cipher_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256        uint16 = 0xC02F
   257  	http2cipher_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384        uint16 = 0xC030
   258  	http2cipher_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256         uint16 = 0xC031
   259  	http2cipher_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384         uint16 = 0xC032
   260  	http2cipher_TLS_ECDHE_PSK_WITH_RC4_128_SHA               uint16 = 0xC033
   261  	http2cipher_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA          uint16 = 0xC034
   262  	http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA           uint16 = 0xC035
   263  	http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA           uint16 = 0xC036
   264  	http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256        uint16 = 0xC037
   265  	http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384        uint16 = 0xC038
   266  	http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA                  uint16 = 0xC039
   267  	http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA256               uint16 = 0xC03A
   268  	http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA384               uint16 = 0xC03B
   269  	http2cipher_TLS_RSA_WITH_ARIA_128_CBC_SHA256             uint16 = 0xC03C
   270  	http2cipher_TLS_RSA_WITH_ARIA_256_CBC_SHA384             uint16 = 0xC03D
   271  	http2cipher_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256          uint16 = 0xC03E
   272  	http2cipher_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384          uint16 = 0xC03F
   273  	http2cipher_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256          uint16 = 0xC040
   274  	http2cipher_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384          uint16 = 0xC041
   275  	http2cipher_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256         uint16 = 0xC042
   276  	http2cipher_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384         uint16 = 0xC043
   277  	http2cipher_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256         uint16 = 0xC044
   278  	http2cipher_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384         uint16 = 0xC045
   279  	http2cipher_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256         uint16 = 0xC046
   280  	http2cipher_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384         uint16 = 0xC047
   281  	http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256     uint16 = 0xC048
   282  	http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384     uint16 = 0xC049
   283  	http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256      uint16 = 0xC04A
   284  	http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384      uint16 = 0xC04B
   285  	http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256       uint16 = 0xC04C
   286  	http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384       uint16 = 0xC04D
   287  	http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256        uint16 = 0xC04E
   288  	http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384        uint16 = 0xC04F
   289  	http2cipher_TLS_RSA_WITH_ARIA_128_GCM_SHA256             uint16 = 0xC050
   290  	http2cipher_TLS_RSA_WITH_ARIA_256_GCM_SHA384             uint16 = 0xC051
   291  	http2cipher_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256         uint16 = 0xC052
   292  	http2cipher_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384         uint16 = 0xC053
   293  	http2cipher_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256          uint16 = 0xC054
   294  	http2cipher_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384          uint16 = 0xC055
   295  	http2cipher_TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256         uint16 = 0xC056
   296  	http2cipher_TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384         uint16 = 0xC057
   297  	http2cipher_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256          uint16 = 0xC058
   298  	http2cipher_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384          uint16 = 0xC059
   299  	http2cipher_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256         uint16 = 0xC05A
   300  	http2cipher_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384         uint16 = 0xC05B
   301  	http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256     uint16 = 0xC05C
   302  	http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384     uint16 = 0xC05D
   303  	http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256      uint16 = 0xC05E
   304  	http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384      uint16 = 0xC05F
   305  	http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256       uint16 = 0xC060
   306  	http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384       uint16 = 0xC061
   307  	http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256        uint16 = 0xC062
   308  	http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384        uint16 = 0xC063
   309  	http2cipher_TLS_PSK_WITH_ARIA_128_CBC_SHA256             uint16 = 0xC064
   310  	http2cipher_TLS_PSK_WITH_ARIA_256_CBC_SHA384             uint16 = 0xC065
   311  	http2cipher_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256         uint16 = 0xC066
   312  	http2cipher_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384         uint16 = 0xC067
   313  	http2cipher_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256         uint16 = 0xC068
   314  	http2cipher_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384         uint16 = 0xC069
   315  	http2cipher_TLS_PSK_WITH_ARIA_128_GCM_SHA256             uint16 = 0xC06A
   316  	http2cipher_TLS_PSK_WITH_ARIA_256_GCM_SHA384             uint16 = 0xC06B
   317  	http2cipher_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256         uint16 = 0xC06C
   318  	http2cipher_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384         uint16 = 0xC06D
   319  	http2cipher_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256         uint16 = 0xC06E
   320  	http2cipher_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384         uint16 = 0xC06F
   321  	http2cipher_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256       uint16 = 0xC070
   322  	http2cipher_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384       uint16 = 0xC071
   323  	http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC072
   324  	http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC073
   325  	http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  uint16 = 0xC074
   326  	http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  uint16 = 0xC075
   327  	http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   uint16 = 0xC076
   328  	http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   uint16 = 0xC077
   329  	http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    uint16 = 0xC078
   330  	http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    uint16 = 0xC079
   331  	http2cipher_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256         uint16 = 0xC07A
   332  	http2cipher_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384         uint16 = 0xC07B
   333  	http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256     uint16 = 0xC07C
   334  	http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384     uint16 = 0xC07D
   335  	http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256      uint16 = 0xC07E
   336  	http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384      uint16 = 0xC07F
   337  	http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256     uint16 = 0xC080
   338  	http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384     uint16 = 0xC081
   339  	http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256      uint16 = 0xC082
   340  	http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384      uint16 = 0xC083
   341  	http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256     uint16 = 0xC084
   342  	http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384     uint16 = 0xC085
   343  	http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC086
   344  	http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC087
   345  	http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256  uint16 = 0xC088
   346  	http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384  uint16 = 0xC089
   347  	http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256   uint16 = 0xC08A
   348  	http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384   uint16 = 0xC08B
   349  	http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256    uint16 = 0xC08C
   350  	http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384    uint16 = 0xC08D
   351  	http2cipher_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256         uint16 = 0xC08E
   352  	http2cipher_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384         uint16 = 0xC08F
   353  	http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256     uint16 = 0xC090
   354  	http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384     uint16 = 0xC091
   355  	http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256     uint16 = 0xC092
   356  	http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384     uint16 = 0xC093
   357  	http2cipher_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256         uint16 = 0xC094
   358  	http2cipher_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384         uint16 = 0xC095
   359  	http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256     uint16 = 0xC096
   360  	http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384     uint16 = 0xC097
   361  	http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256     uint16 = 0xC098
   362  	http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384     uint16 = 0xC099
   363  	http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   uint16 = 0xC09A
   364  	http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   uint16 = 0xC09B
   365  	http2cipher_TLS_RSA_WITH_AES_128_CCM                     uint16 = 0xC09C
   366  	http2cipher_TLS_RSA_WITH_AES_256_CCM                     uint16 = 0xC09D
   367  	http2cipher_TLS_DHE_RSA_WITH_AES_128_CCM                 uint16 = 0xC09E
   368  	http2cipher_TLS_DHE_RSA_WITH_AES_256_CCM                 uint16 = 0xC09F
   369  	http2cipher_TLS_RSA_WITH_AES_128_CCM_8                   uint16 = 0xC0A0
   370  	http2cipher_TLS_RSA_WITH_AES_256_CCM_8                   uint16 = 0xC0A1
   371  	http2cipher_TLS_DHE_RSA_WITH_AES_128_CCM_8               uint16 = 0xC0A2
   372  	http2cipher_TLS_DHE_RSA_WITH_AES_256_CCM_8               uint16 = 0xC0A3
   373  	http2cipher_TLS_PSK_WITH_AES_128_CCM                     uint16 = 0xC0A4
   374  	http2cipher_TLS_PSK_WITH_AES_256_CCM                     uint16 = 0xC0A5
   375  	http2cipher_TLS_DHE_PSK_WITH_AES_128_CCM                 uint16 = 0xC0A6
   376  	http2cipher_TLS_DHE_PSK_WITH_AES_256_CCM                 uint16 = 0xC0A7
   377  	http2cipher_TLS_PSK_WITH_AES_128_CCM_8                   uint16 = 0xC0A8
   378  	http2cipher_TLS_PSK_WITH_AES_256_CCM_8                   uint16 = 0xC0A9
   379  	http2cipher_TLS_PSK_DHE_WITH_AES_128_CCM_8               uint16 = 0xC0AA
   380  	http2cipher_TLS_PSK_DHE_WITH_AES_256_CCM_8               uint16 = 0xC0AB
   381  	http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CCM             uint16 = 0xC0AC
   382  	http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CCM             uint16 = 0xC0AD
   383  	http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8           uint16 = 0xC0AE
   384  	http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8           uint16 = 0xC0AF
   385  	// Unassigned uint16 =  0xC0B0-FF
   386  	// Unassigned uint16 =  0xC1-CB,*
   387  	// Unassigned uint16 =  0xCC00-A7
   388  	http2cipher_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   uint16 = 0xCCA8
   389  	http2cipher_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCA9
   390  	http2cipher_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256     uint16 = 0xCCAA
   391  	http2cipher_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256         uint16 = 0xCCAB
   392  	http2cipher_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256   uint16 = 0xCCAC
   393  	http2cipher_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256     uint16 = 0xCCAD
   394  	http2cipher_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256     uint16 = 0xCCAE
   395  )
   396  
   397  // isBadCipher reports whether the cipher is blacklisted by the HTTP/2 spec.
   398  // References:
   399  // https://tools.ietf.org/html/rfc7540#appendix-A
   400  // Reject cipher suites from Appendix A.
   401  // "This list includes those cipher suites that do not
   402  // offer an ephemeral key exchange and those that are
   403  // based on the TLS null, stream or block cipher type"
   404  func http2isBadCipher(cipher uint16) bool {
   405  	switch cipher {
   406  	case http2cipher_TLS_NULL_WITH_NULL_NULL,
   407  		http2cipher_TLS_RSA_WITH_NULL_MD5,
   408  		http2cipher_TLS_RSA_WITH_NULL_SHA,
   409  		http2cipher_TLS_RSA_EXPORT_WITH_RC4_40_MD5,
   410  		http2cipher_TLS_RSA_WITH_RC4_128_MD5,
   411  		http2cipher_TLS_RSA_WITH_RC4_128_SHA,
   412  		http2cipher_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
   413  		http2cipher_TLS_RSA_WITH_IDEA_CBC_SHA,
   414  		http2cipher_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
   415  		http2cipher_TLS_RSA_WITH_DES_CBC_SHA,
   416  		http2cipher_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
   417  		http2cipher_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
   418  		http2cipher_TLS_DH_DSS_WITH_DES_CBC_SHA,
   419  		http2cipher_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,
   420  		http2cipher_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
   421  		http2cipher_TLS_DH_RSA_WITH_DES_CBC_SHA,
   422  		http2cipher_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,
   423  		http2cipher_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
   424  		http2cipher_TLS_DHE_DSS_WITH_DES_CBC_SHA,
   425  		http2cipher_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
   426  		http2cipher_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
   427  		http2cipher_TLS_DHE_RSA_WITH_DES_CBC_SHA,
   428  		http2cipher_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
   429  		http2cipher_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,
   430  		http2cipher_TLS_DH_anon_WITH_RC4_128_MD5,
   431  		http2cipher_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
   432  		http2cipher_TLS_DH_anon_WITH_DES_CBC_SHA,
   433  		http2cipher_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,
   434  		http2cipher_TLS_KRB5_WITH_DES_CBC_SHA,
   435  		http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_SHA,
   436  		http2cipher_TLS_KRB5_WITH_RC4_128_SHA,
   437  		http2cipher_TLS_KRB5_WITH_IDEA_CBC_SHA,
   438  		http2cipher_TLS_KRB5_WITH_DES_CBC_MD5,
   439  		http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_MD5,
   440  		http2cipher_TLS_KRB5_WITH_RC4_128_MD5,
   441  		http2cipher_TLS_KRB5_WITH_IDEA_CBC_MD5,
   442  		http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
   443  		http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA,
   444  		http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_SHA,
   445  		http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5,
   446  		http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5,
   447  		http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_MD5,
   448  		http2cipher_TLS_PSK_WITH_NULL_SHA,
   449  		http2cipher_TLS_DHE_PSK_WITH_NULL_SHA,
   450  		http2cipher_TLS_RSA_PSK_WITH_NULL_SHA,
   451  		http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA,
   452  		http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA,
   453  		http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA,
   454  		http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
   455  		http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
   456  		http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA,
   457  		http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA,
   458  		http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA,
   459  		http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA,
   460  		http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
   461  		http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
   462  		http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA,
   463  		http2cipher_TLS_RSA_WITH_NULL_SHA256,
   464  		http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA256,
   465  		http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA256,
   466  		http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA256,
   467  		http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA256,
   468  		http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
   469  		http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
   470  		http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
   471  		http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
   472  		http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
   473  		http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
   474  		http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,
   475  		http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
   476  		http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA256,
   477  		http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA256,
   478  		http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
   479  		http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
   480  		http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA256,
   481  		http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA256,
   482  		http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
   483  		http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
   484  		http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
   485  		http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
   486  		http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
   487  		http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA,
   488  		http2cipher_TLS_PSK_WITH_RC4_128_SHA,
   489  		http2cipher_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
   490  		http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA,
   491  		http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA,
   492  		http2cipher_TLS_DHE_PSK_WITH_RC4_128_SHA,
   493  		http2cipher_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
   494  		http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
   495  		http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
   496  		http2cipher_TLS_RSA_PSK_WITH_RC4_128_SHA,
   497  		http2cipher_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
   498  		http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
   499  		http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
   500  		http2cipher_TLS_RSA_WITH_SEED_CBC_SHA,
   501  		http2cipher_TLS_DH_DSS_WITH_SEED_CBC_SHA,
   502  		http2cipher_TLS_DH_RSA_WITH_SEED_CBC_SHA,
   503  		http2cipher_TLS_DHE_DSS_WITH_SEED_CBC_SHA,
   504  		http2cipher_TLS_DHE_RSA_WITH_SEED_CBC_SHA,
   505  		http2cipher_TLS_DH_anon_WITH_SEED_CBC_SHA,
   506  		http2cipher_TLS_RSA_WITH_AES_128_GCM_SHA256,
   507  		http2cipher_TLS_RSA_WITH_AES_256_GCM_SHA384,
   508  		http2cipher_TLS_DH_RSA_WITH_AES_128_GCM_SHA256,
   509  		http2cipher_TLS_DH_RSA_WITH_AES_256_GCM_SHA384,
   510  		http2cipher_TLS_DH_DSS_WITH_AES_128_GCM_SHA256,
   511  		http2cipher_TLS_DH_DSS_WITH_AES_256_GCM_SHA384,
   512  		http2cipher_TLS_DH_anon_WITH_AES_128_GCM_SHA256,
   513  		http2cipher_TLS_DH_anon_WITH_AES_256_GCM_SHA384,
   514  		http2cipher_TLS_PSK_WITH_AES_128_GCM_SHA256,
   515  		http2cipher_TLS_PSK_WITH_AES_256_GCM_SHA384,
   516  		http2cipher_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
   517  		http2cipher_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
   518  		http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA256,
   519  		http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA384,
   520  		http2cipher_TLS_PSK_WITH_NULL_SHA256,
   521  		http2cipher_TLS_PSK_WITH_NULL_SHA384,
   522  		http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
   523  		http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
   524  		http2cipher_TLS_DHE_PSK_WITH_NULL_SHA256,
   525  		http2cipher_TLS_DHE_PSK_WITH_NULL_SHA384,
   526  		http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
   527  		http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
   528  		http2cipher_TLS_RSA_PSK_WITH_NULL_SHA256,
   529  		http2cipher_TLS_RSA_PSK_WITH_NULL_SHA384,
   530  		http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
   531  		http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256,
   532  		http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
   533  		http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
   534  		http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
   535  		http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256,
   536  		http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
   537  		http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256,
   538  		http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256,
   539  		http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
   540  		http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
   541  		http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256,
   542  		http2cipher_TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
   543  		http2cipher_TLS_ECDH_ECDSA_WITH_NULL_SHA,
   544  		http2cipher_TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
   545  		http2cipher_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
   546  		http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
   547  		http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
   548  		http2cipher_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
   549  		http2cipher_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
   550  		http2cipher_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
   551  		http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
   552  		http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
   553  		http2cipher_TLS_ECDH_RSA_WITH_NULL_SHA,
   554  		http2cipher_TLS_ECDH_RSA_WITH_RC4_128_SHA,
   555  		http2cipher_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
   556  		http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
   557  		http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
   558  		http2cipher_TLS_ECDHE_RSA_WITH_NULL_SHA,
   559  		http2cipher_TLS_ECDHE_RSA_WITH_RC4_128_SHA,
   560  		http2cipher_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
   561  		http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
   562  		http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
   563  		http2cipher_TLS_ECDH_anon_WITH_NULL_SHA,
   564  		http2cipher_TLS_ECDH_anon_WITH_RC4_128_SHA,
   565  		http2cipher_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,
   566  		http2cipher_TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
   567  		http2cipher_TLS_ECDH_anon_WITH_AES_256_CBC_SHA,
   568  		http2cipher_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
   569  		http2cipher_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
   570  		http2cipher_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
   571  		http2cipher_TLS_SRP_SHA_WITH_AES_128_CBC_SHA,
   572  		http2cipher_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
   573  		http2cipher_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
   574  		http2cipher_TLS_SRP_SHA_WITH_AES_256_CBC_SHA,
   575  		http2cipher_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
   576  		http2cipher_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
   577  		http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
   578  		http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
   579  		http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
   580  		http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
   581  		http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
   582  		http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
   583  		http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
   584  		http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
   585  		http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
   586  		http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
   587  		http2cipher_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
   588  		http2cipher_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
   589  		http2cipher_TLS_ECDHE_PSK_WITH_RC4_128_SHA,
   590  		http2cipher_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
   591  		http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
   592  		http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
   593  		http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
   594  		http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
   595  		http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA,
   596  		http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA256,
   597  		http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA384,
   598  		http2cipher_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
   599  		http2cipher_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
   600  		http2cipher_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256,
   601  		http2cipher_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384,
   602  		http2cipher_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256,
   603  		http2cipher_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384,
   604  		http2cipher_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256,
   605  		http2cipher_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384,
   606  		http2cipher_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
   607  		http2cipher_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
   608  		http2cipher_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256,
   609  		http2cipher_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384,
   610  		http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
   611  		http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
   612  		http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
   613  		http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
   614  		http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
   615  		http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
   616  		http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
   617  		http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
   618  		http2cipher_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
   619  		http2cipher_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
   620  		http2cipher_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256,
   621  		http2cipher_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384,
   622  		http2cipher_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256,
   623  		http2cipher_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384,
   624  		http2cipher_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256,
   625  		http2cipher_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384,
   626  		http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
   627  		http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
   628  		http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
   629  		http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
   630  		http2cipher_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
   631  		http2cipher_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
   632  		http2cipher_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
   633  		http2cipher_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
   634  		http2cipher_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
   635  		http2cipher_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
   636  		http2cipher_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
   637  		http2cipher_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
   638  		http2cipher_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
   639  		http2cipher_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
   640  		http2cipher_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
   641  		http2cipher_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
   642  		http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
   643  		http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
   644  		http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
   645  		http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
   646  		http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
   647  		http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
   648  		http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
   649  		http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
   650  		http2cipher_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
   651  		http2cipher_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
   652  		http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
   653  		http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
   654  		http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256,
   655  		http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384,
   656  		http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256,
   657  		http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384,
   658  		http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
   659  		http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
   660  		http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
   661  		http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
   662  		http2cipher_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
   663  		http2cipher_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
   664  		http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
   665  		http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
   666  		http2cipher_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
   667  		http2cipher_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
   668  		http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
   669  		http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
   670  		http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
   671  		http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
   672  		http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
   673  		http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
   674  		http2cipher_TLS_RSA_WITH_AES_128_CCM,
   675  		http2cipher_TLS_RSA_WITH_AES_256_CCM,
   676  		http2cipher_TLS_RSA_WITH_AES_128_CCM_8,
   677  		http2cipher_TLS_RSA_WITH_AES_256_CCM_8,
   678  		http2cipher_TLS_PSK_WITH_AES_128_CCM,
   679  		http2cipher_TLS_PSK_WITH_AES_256_CCM,
   680  		http2cipher_TLS_PSK_WITH_AES_128_CCM_8,
   681  		http2cipher_TLS_PSK_WITH_AES_256_CCM_8:
   682  		return true
   683  	default:
   684  		return false
   685  	}
   686  }
   687  
   688  // ClientConnPool manages a pool of HTTP/2 client connections.
   689  type http2ClientConnPool interface {
   690  	GetClientConn(req *Request, addr string) (*http2ClientConn, error)
   691  	MarkDead(*http2ClientConn)
   692  }
   693  
   694  // clientConnPoolIdleCloser is the interface implemented by ClientConnPool
   695  // implementations which can close their idle connections.
   696  type http2clientConnPoolIdleCloser interface {
   697  	http2ClientConnPool
   698  	closeIdleConnections()
   699  }
   700  
   701  var (
   702  	_ http2clientConnPoolIdleCloser = (*http2clientConnPool)(nil)
   703  	_ http2clientConnPoolIdleCloser = http2noDialClientConnPool{}
   704  )
   705  
   706  // TODO: use singleflight for dialing and addConnCalls?
   707  type http2clientConnPool struct {
   708  	t *http2Transport
   709  
   710  	mu sync.Mutex // TODO: maybe switch to RWMutex
   711  	// TODO: add support for sharing conns based on cert names
   712  	// (e.g. share conn for googleapis.com and appspot.com)
   713  	conns        map[string][]*http2ClientConn // key is host:port
   714  	dialing      map[string]*http2dialCall     // currently in-flight dials
   715  	keys         map[*http2ClientConn][]string
   716  	addConnCalls map[string]*http2addConnCall // in-flight addConnIfNeede calls
   717  }
   718  
   719  func (p *http2clientConnPool) GetClientConn(req *Request, addr string) (*http2ClientConn, error) {
   720  	return p.getClientConn(req, addr, http2dialOnMiss)
   721  }
   722  
   723  const (
   724  	http2dialOnMiss   = true
   725  	http2noDialOnMiss = false
   726  )
   727  
   728  func (p *http2clientConnPool) getClientConn(req *Request, addr string, dialOnMiss bool) (*http2ClientConn, error) {
   729  	if http2isConnectionCloseRequest(req) && dialOnMiss {
   730  		// It gets its own connection.
   731  		const singleUse = true
   732  		cc, err := p.t.dialClientConn(addr, singleUse)
   733  		if err != nil {
   734  			return nil, err
   735  		}
   736  		return cc, nil
   737  	}
   738  	p.mu.Lock()
   739  	for _, cc := range p.conns[addr] {
   740  		if cc.CanTakeNewRequest() {
   741  			p.mu.Unlock()
   742  			return cc, nil
   743  		}
   744  	}
   745  	if !dialOnMiss {
   746  		p.mu.Unlock()
   747  		return nil, http2ErrNoCachedConn
   748  	}
   749  	call := p.getStartDialLocked(addr)
   750  	p.mu.Unlock()
   751  	<-call.done
   752  	return call.res, call.err
   753  }
   754  
   755  // dialCall is an in-flight Transport dial call to a host.
   756  type http2dialCall struct {
   757  	p    *http2clientConnPool
   758  	done chan struct{}    // closed when done
   759  	res  *http2ClientConn // valid after done is closed
   760  	err  error            // valid after done is closed
   761  }
   762  
   763  // requires p.mu is held.
   764  func (p *http2clientConnPool) getStartDialLocked(addr string) *http2dialCall {
   765  	if call, ok := p.dialing[addr]; ok {
   766  		// A dial is already in-flight. Don't start another.
   767  		return call
   768  	}
   769  	call := &http2dialCall{p: p, done: make(chan struct{})}
   770  	if p.dialing == nil {
   771  		p.dialing = make(map[string]*http2dialCall)
   772  	}
   773  	p.dialing[addr] = call
   774  	go call.dial(addr)
   775  	return call
   776  }
   777  
   778  // run in its own goroutine.
   779  func (c *http2dialCall) dial(addr string) {
   780  	const singleUse = false // shared conn
   781  	c.res, c.err = c.p.t.dialClientConn(addr, singleUse)
   782  	close(c.done)
   783  
   784  	c.p.mu.Lock()
   785  	delete(c.p.dialing, addr)
   786  	if c.err == nil {
   787  		c.p.addConnLocked(addr, c.res)
   788  	}
   789  	c.p.mu.Unlock()
   790  }
   791  
   792  // addConnIfNeeded makes a NewClientConn out of c if a connection for key doesn't
   793  // already exist. It coalesces concurrent calls with the same key.
   794  // This is used by the http1 Transport code when it creates a new connection. Because
   795  // the http1 Transport doesn't de-dup TCP dials to outbound hosts (because it doesn't know
   796  // the protocol), it can get into a situation where it has multiple TLS connections.
   797  // This code decides which ones live or die.
   798  // The return value used is whether c was used.
   799  // c is never closed.
   800  func (p *http2clientConnPool) addConnIfNeeded(key string, t *http2Transport, c *tls.Conn) (used bool, err error) {
   801  	p.mu.Lock()
   802  	for _, cc := range p.conns[key] {
   803  		if cc.CanTakeNewRequest() {
   804  			p.mu.Unlock()
   805  			return false, nil
   806  		}
   807  	}
   808  	call, dup := p.addConnCalls[key]
   809  	if !dup {
   810  		if p.addConnCalls == nil {
   811  			p.addConnCalls = make(map[string]*http2addConnCall)
   812  		}
   813  		call = &http2addConnCall{
   814  			p:    p,
   815  			done: make(chan struct{}),
   816  		}
   817  		p.addConnCalls[key] = call
   818  		go call.run(t, key, c)
   819  	}
   820  	p.mu.Unlock()
   821  
   822  	<-call.done
   823  	if call.err != nil {
   824  		return false, call.err
   825  	}
   826  	return !dup, nil
   827  }
   828  
   829  type http2addConnCall struct {
   830  	p    *http2clientConnPool
   831  	done chan struct{} // closed when done
   832  	err  error
   833  }
   834  
   835  func (c *http2addConnCall) run(t *http2Transport, key string, tc *tls.Conn) {
   836  	cc, err := t.NewClientConn(tc)
   837  
   838  	p := c.p
   839  	p.mu.Lock()
   840  	if err != nil {
   841  		c.err = err
   842  	} else {
   843  		p.addConnLocked(key, cc)
   844  	}
   845  	delete(p.addConnCalls, key)
   846  	p.mu.Unlock()
   847  	close(c.done)
   848  }
   849  
   850  func (p *http2clientConnPool) addConn(key string, cc *http2ClientConn) {
   851  	p.mu.Lock()
   852  	p.addConnLocked(key, cc)
   853  	p.mu.Unlock()
   854  }
   855  
   856  // p.mu must be held
   857  func (p *http2clientConnPool) addConnLocked(key string, cc *http2ClientConn) {
   858  	for _, v := range p.conns[key] {
   859  		if v == cc {
   860  			return
   861  		}
   862  	}
   863  	if p.conns == nil {
   864  		p.conns = make(map[string][]*http2ClientConn)
   865  	}
   866  	if p.keys == nil {
   867  		p.keys = make(map[*http2ClientConn][]string)
   868  	}
   869  	p.conns[key] = append(p.conns[key], cc)
   870  	p.keys[cc] = append(p.keys[cc], key)
   871  }
   872  
   873  func (p *http2clientConnPool) MarkDead(cc *http2ClientConn) {
   874  	p.mu.Lock()
   875  	defer p.mu.Unlock()
   876  	for _, key := range p.keys[cc] {
   877  		vv, ok := p.conns[key]
   878  		if !ok {
   879  			continue
   880  		}
   881  		newList := http2filterOutClientConn(vv, cc)
   882  		if len(newList) > 0 {
   883  			p.conns[key] = newList
   884  		} else {
   885  			delete(p.conns, key)
   886  		}
   887  	}
   888  	delete(p.keys, cc)
   889  }
   890  
   891  func (p *http2clientConnPool) closeIdleConnections() {
   892  	p.mu.Lock()
   893  	defer p.mu.Unlock()
   894  	// TODO: don't close a cc if it was just added to the pool
   895  	// milliseconds ago and has never been used. There's currently
   896  	// a small race window with the HTTP/1 Transport's integration
   897  	// where it can add an idle conn just before using it, and
   898  	// somebody else can concurrently call CloseIdleConns and
   899  	// break some caller's RoundTrip.
   900  	for _, vv := range p.conns {
   901  		for _, cc := range vv {
   902  			cc.closeIfIdle()
   903  		}
   904  	}
   905  }
   906  
   907  func http2filterOutClientConn(in []*http2ClientConn, exclude *http2ClientConn) []*http2ClientConn {
   908  	out := in[:0]
   909  	for _, v := range in {
   910  		if v != exclude {
   911  			out = append(out, v)
   912  		}
   913  	}
   914  	// If we filtered it out, zero out the last item to prevent
   915  	// the GC from seeing it.
   916  	if len(in) != len(out) {
   917  		in[len(in)-1] = nil
   918  	}
   919  	return out
   920  }
   921  
   922  // noDialClientConnPool is an implementation of http2.ClientConnPool
   923  // which never dials. We let the HTTP/1.1 client dial and use its TLS
   924  // connection instead.
   925  type http2noDialClientConnPool struct{ *http2clientConnPool }
   926  
   927  func (p http2noDialClientConnPool) GetClientConn(req *Request, addr string) (*http2ClientConn, error) {
   928  	return p.getClientConn(req, addr, http2noDialOnMiss)
   929  }
   930  
   931  func http2configureTransport(t1 *Transport) (*http2Transport, error) {
   932  	connPool := new(http2clientConnPool)
   933  	t2 := &http2Transport{
   934  		ConnPool: http2noDialClientConnPool{connPool},
   935  		t1:       t1,
   936  	}
   937  	connPool.t = t2
   938  	if err := http2registerHTTPSProtocol(t1, http2noDialH2RoundTripper{t2}); err != nil {
   939  		return nil, err
   940  	}
   941  	if t1.TLSClientConfig == nil {
   942  		t1.TLSClientConfig = new(tls.Config)
   943  	}
   944  	if !http2strSliceContains(t1.TLSClientConfig.NextProtos, "h2") {
   945  		t1.TLSClientConfig.NextProtos = append([]string{"h2"}, t1.TLSClientConfig.NextProtos...)
   946  	}
   947  	if !http2strSliceContains(t1.TLSClientConfig.NextProtos, "http/1.1") {
   948  		t1.TLSClientConfig.NextProtos = append(t1.TLSClientConfig.NextProtos, "http/1.1")
   949  	}
   950  	upgradeFn := func(authority string, c *tls.Conn) RoundTripper {
   951  		addr := http2authorityAddr("https", authority)
   952  		if used, err := connPool.addConnIfNeeded(addr, t2, c); err != nil {
   953  			go c.Close()
   954  			return http2erringRoundTripper{err}
   955  		} else if !used {
   956  			// Turns out we don't need this c.
   957  			// For example, two goroutines made requests to the same host
   958  			// at the same time, both kicking off TCP dials. (since protocol
   959  			// was unknown)
   960  			go c.Close()
   961  		}
   962  		return t2
   963  	}
   964  	if m := t1.TLSNextProto; len(m) == 0 {
   965  		t1.TLSNextProto = map[string]func(string, *tls.Conn) RoundTripper{
   966  			"h2": upgradeFn,
   967  		}
   968  	} else {
   969  		m["h2"] = upgradeFn
   970  	}
   971  	return t2, nil
   972  }
   973  
   974  // registerHTTPSProtocol calls Transport.RegisterProtocol but
   975  // converting panics into errors.
   976  func http2registerHTTPSProtocol(t *Transport, rt RoundTripper) (err error) {
   977  	defer func() {
   978  		if e := recover(); e != nil {
   979  			err = fmt.Errorf("%v", e)
   980  		}
   981  	}()
   982  	t.RegisterProtocol("https", rt)
   983  	return nil
   984  }
   985  
   986  // noDialH2RoundTripper is a RoundTripper which only tries to complete the request
   987  // if there's already has a cached connection to the host.
   988  type http2noDialH2RoundTripper struct{ t *http2Transport }
   989  
   990  func (rt http2noDialH2RoundTripper) RoundTrip(req *Request) (*Response, error) {
   991  	res, err := rt.t.RoundTrip(req)
   992  	if http2isNoCachedConnError(err) {
   993  		return nil, ErrSkipAltProtocol
   994  	}
   995  	return res, err
   996  }
   997  
   998  // Buffer chunks are allocated from a pool to reduce pressure on GC.
   999  // The maximum wasted space per dataBuffer is 2x the largest size class,
  1000  // which happens when the dataBuffer has multiple chunks and there is
  1001  // one unread byte in both the first and last chunks. We use a few size
  1002  // classes to minimize overheads for servers that typically receive very
  1003  // small request bodies.
  1004  //
  1005  // TODO: Benchmark to determine if the pools are necessary. The GC may have
  1006  // improved enough that we can instead allocate chunks like this:
  1007  // make([]byte, max(16<<10, expectedBytesRemaining))
  1008  var (
  1009  	http2dataChunkSizeClasses = []int{
  1010  		1 << 10,
  1011  		2 << 10,
  1012  		4 << 10,
  1013  		8 << 10,
  1014  		16 << 10,
  1015  	}
  1016  	http2dataChunkPools = [...]sync.Pool{
  1017  		{New: func() interface{} { return make([]byte, 1<<10) }},
  1018  		{New: func() interface{} { return make([]byte, 2<<10) }},
  1019  		{New: func() interface{} { return make([]byte, 4<<10) }},
  1020  		{New: func() interface{} { return make([]byte, 8<<10) }},
  1021  		{New: func() interface{} { return make([]byte, 16<<10) }},
  1022  	}
  1023  )
  1024  
  1025  func http2getDataBufferChunk(size int64) []byte {
  1026  	i := 0
  1027  	for ; i < len(http2dataChunkSizeClasses)-1; i++ {
  1028  		if size <= int64(http2dataChunkSizeClasses[i]) {
  1029  			break
  1030  		}
  1031  	}
  1032  	return http2dataChunkPools[i].Get().([]byte)
  1033  }
  1034  
  1035  func http2putDataBufferChunk(p []byte) {
  1036  	for i, n := range http2dataChunkSizeClasses {
  1037  		if len(p) == n {
  1038  			http2dataChunkPools[i].Put(p)
  1039  			return
  1040  		}
  1041  	}
  1042  	panic(fmt.Sprintf("unexpected buffer len=%v", len(p)))
  1043  }
  1044  
  1045  // dataBuffer is an io.ReadWriter backed by a list of data chunks.
  1046  // Each dataBuffer is used to read DATA frames on a single stream.
  1047  // The buffer is divided into chunks so the server can limit the
  1048  // total memory used by a single connection without limiting the
  1049  // request body size on any single stream.
  1050  type http2dataBuffer struct {
  1051  	chunks   [][]byte
  1052  	r        int   // next byte to read is chunks[0][r]
  1053  	w        int   // next byte to write is chunks[len(chunks)-1][w]
  1054  	size     int   // total buffered bytes
  1055  	expected int64 // we expect at least this many bytes in future Write calls (ignored if <= 0)
  1056  }
  1057  
  1058  var http2errReadEmpty = errors.New("read from empty dataBuffer")
  1059  
  1060  // Read copies bytes from the buffer into p.
  1061  // It is an error to read when no data is available.
  1062  func (b *http2dataBuffer) Read(p []byte) (int, error) {
  1063  	if b.size == 0 {
  1064  		return 0, http2errReadEmpty
  1065  	}
  1066  	var ntotal int
  1067  	for len(p) > 0 && b.size > 0 {
  1068  		readFrom := b.bytesFromFirstChunk()
  1069  		n := copy(p, readFrom)
  1070  		p = p[n:]
  1071  		ntotal += n
  1072  		b.r += n
  1073  		b.size -= n
  1074  		// If the first chunk has been consumed, advance to the next chunk.
  1075  		if b.r == len(b.chunks[0]) {
  1076  			http2putDataBufferChunk(b.chunks[0])
  1077  			end := len(b.chunks) - 1
  1078  			copy(b.chunks[:end], b.chunks[1:])
  1079  			b.chunks[end] = nil
  1080  			b.chunks = b.chunks[:end]
  1081  			b.r = 0
  1082  		}
  1083  	}
  1084  	return ntotal, nil
  1085  }
  1086  
  1087  func (b *http2dataBuffer) bytesFromFirstChunk() []byte {
  1088  	if len(b.chunks) == 1 {
  1089  		return b.chunks[0][b.r:b.w]
  1090  	}
  1091  	return b.chunks[0][b.r:]
  1092  }
  1093  
  1094  // Len returns the number of bytes of the unread portion of the buffer.
  1095  func (b *http2dataBuffer) Len() int {
  1096  	return b.size
  1097  }
  1098  
  1099  // Write appends p to the buffer.
  1100  func (b *http2dataBuffer) Write(p []byte) (int, error) {
  1101  	ntotal := len(p)
  1102  	for len(p) > 0 {
  1103  		// If the last chunk is empty, allocate a new chunk. Try to allocate
  1104  		// enough to fully copy p plus any additional bytes we expect to
  1105  		// receive. However, this may allocate less than len(p).
  1106  		want := int64(len(p))
  1107  		if b.expected > want {
  1108  			want = b.expected
  1109  		}
  1110  		chunk := b.lastChunkOrAlloc(want)
  1111  		n := copy(chunk[b.w:], p)
  1112  		p = p[n:]
  1113  		b.w += n
  1114  		b.size += n
  1115  		b.expected -= int64(n)
  1116  	}
  1117  	return ntotal, nil
  1118  }
  1119  
  1120  func (b *http2dataBuffer) lastChunkOrAlloc(want int64) []byte {
  1121  	if len(b.chunks) != 0 {
  1122  		last := b.chunks[len(b.chunks)-1]
  1123  		if b.w < len(last) {
  1124  			return last
  1125  		}
  1126  	}
  1127  	chunk := http2getDataBufferChunk(want)
  1128  	b.chunks = append(b.chunks, chunk)
  1129  	b.w = 0
  1130  	return chunk
  1131  }
  1132  
  1133  // An ErrCode is an unsigned 32-bit error code as defined in the HTTP/2 spec.
  1134  type http2ErrCode uint32
  1135  
  1136  const (
  1137  	http2ErrCodeNo                 http2ErrCode = 0x0
  1138  	http2ErrCodeProtocol           http2ErrCode = 0x1
  1139  	http2ErrCodeInternal           http2ErrCode = 0x2
  1140  	http2ErrCodeFlowControl        http2ErrCode = 0x3
  1141  	http2ErrCodeSettingsTimeout    http2ErrCode = 0x4
  1142  	http2ErrCodeStreamClosed       http2ErrCode = 0x5
  1143  	http2ErrCodeFrameSize          http2ErrCode = 0x6
  1144  	http2ErrCodeRefusedStream      http2ErrCode = 0x7
  1145  	http2ErrCodeCancel             http2ErrCode = 0x8
  1146  	http2ErrCodeCompression        http2ErrCode = 0x9
  1147  	http2ErrCodeConnect            http2ErrCode = 0xa
  1148  	http2ErrCodeEnhanceYourCalm    http2ErrCode = 0xb
  1149  	http2ErrCodeInadequateSecurity http2ErrCode = 0xc
  1150  	http2ErrCodeHTTP11Required     http2ErrCode = 0xd
  1151  )
  1152  
  1153  var http2errCodeName = map[http2ErrCode]string{
  1154  	http2ErrCodeNo:                 "NO_ERROR",
  1155  	http2ErrCodeProtocol:           "PROTOCOL_ERROR",
  1156  	http2ErrCodeInternal:           "INTERNAL_ERROR",
  1157  	http2ErrCodeFlowControl:        "FLOW_CONTROL_ERROR",
  1158  	http2ErrCodeSettingsTimeout:    "SETTINGS_TIMEOUT",
  1159  	http2ErrCodeStreamClosed:       "STREAM_CLOSED",
  1160  	http2ErrCodeFrameSize:          "FRAME_SIZE_ERROR",
  1161  	http2ErrCodeRefusedStream:      "REFUSED_STREAM",
  1162  	http2ErrCodeCancel:             "CANCEL",
  1163  	http2ErrCodeCompression:        "COMPRESSION_ERROR",
  1164  	http2ErrCodeConnect:            "CONNECT_ERROR",
  1165  	http2ErrCodeEnhanceYourCalm:    "ENHANCE_YOUR_CALM",
  1166  	http2ErrCodeInadequateSecurity: "INADEQUATE_SECURITY",
  1167  	http2ErrCodeHTTP11Required:     "HTTP_1_1_REQUIRED",
  1168  }
  1169  
  1170  func (e http2ErrCode) String() string {
  1171  	if s, ok := http2errCodeName[e]; ok {
  1172  		return s
  1173  	}
  1174  	return fmt.Sprintf("unknown error code 0x%x", uint32(e))
  1175  }
  1176  
  1177  // ConnectionError is an error that results in the termination of the
  1178  // entire connection.
  1179  type http2ConnectionError http2ErrCode
  1180  
  1181  func (e http2ConnectionError) Error() string {
  1182  	return fmt.Sprintf("connection error: %s", http2ErrCode(e))
  1183  }
  1184  
  1185  // StreamError is an error that only affects one stream within an
  1186  // HTTP/2 connection.
  1187  type http2StreamError struct {
  1188  	StreamID uint32
  1189  	Code     http2ErrCode
  1190  	Cause    error // optional additional detail
  1191  }
  1192  
  1193  func http2streamError(id uint32, code http2ErrCode) http2StreamError {
  1194  	return http2StreamError{StreamID: id, Code: code}
  1195  }
  1196  
  1197  func (e http2StreamError) Error() string {
  1198  	if e.Cause != nil {
  1199  		return fmt.Sprintf("stream error: stream ID %d; %v; %v", e.StreamID, e.Code, e.Cause)
  1200  	}
  1201  	return fmt.Sprintf("stream error: stream ID %d; %v", e.StreamID, e.Code)
  1202  }
  1203  
  1204  // 6.9.1 The Flow Control Window
  1205  // "If a sender receives a WINDOW_UPDATE that causes a flow control
  1206  // window to exceed this maximum it MUST terminate either the stream
  1207  // or the connection, as appropriate. For streams, [...]; for the
  1208  // connection, a GOAWAY frame with a FLOW_CONTROL_ERROR code."
  1209  type http2goAwayFlowError struct{}
  1210  
  1211  func (http2goAwayFlowError) Error() string { return "connection exceeded flow control window size" }
  1212  
  1213  // connError represents an HTTP/2 ConnectionError error code, along
  1214  // with a string (for debugging) explaining why.
  1215  //
  1216  // Errors of this type are only returned by the frame parser functions
  1217  // and converted into ConnectionError(Code), after stashing away
  1218  // the Reason into the Framer's errDetail field, accessible via
  1219  // the (*Framer).ErrorDetail method.
  1220  type http2connError struct {
  1221  	Code   http2ErrCode // the ConnectionError error code
  1222  	Reason string       // additional reason
  1223  }
  1224  
  1225  func (e http2connError) Error() string {
  1226  	return fmt.Sprintf("http2: connection error: %v: %v", e.Code, e.Reason)
  1227  }
  1228  
  1229  type http2pseudoHeaderError string
  1230  
  1231  func (e http2pseudoHeaderError) Error() string {
  1232  	return fmt.Sprintf("invalid pseudo-header %q", string(e))
  1233  }
  1234  
  1235  type http2duplicatePseudoHeaderError string
  1236  
  1237  func (e http2duplicatePseudoHeaderError) Error() string {
  1238  	return fmt.Sprintf("duplicate pseudo-header %q", string(e))
  1239  }
  1240  
  1241  type http2headerFieldNameError string
  1242  
  1243  func (e http2headerFieldNameError) Error() string {
  1244  	return fmt.Sprintf("invalid header field name %q", string(e))
  1245  }
  1246  
  1247  type http2headerFieldValueError string
  1248  
  1249  func (e http2headerFieldValueError) Error() string {
  1250  	return fmt.Sprintf("invalid header field value %q", string(e))
  1251  }
  1252  
  1253  var (
  1254  	http2errMixPseudoHeaderTypes = errors.New("mix of request and response pseudo headers")
  1255  	http2errPseudoAfterRegular   = errors.New("pseudo header field after regular")
  1256  )
  1257  
  1258  // flow is the flow control window's size.
  1259  type http2flow struct {
  1260  	// n is the number of DATA bytes we're allowed to send.
  1261  	// A flow is kept both on a conn and a per-stream.
  1262  	n int32
  1263  
  1264  	// conn points to the shared connection-level flow that is
  1265  	// shared by all streams on that conn. It is nil for the flow
  1266  	// that's on the conn directly.
  1267  	conn *http2flow
  1268  }
  1269  
  1270  func (f *http2flow) setConnFlow(cf *http2flow) { f.conn = cf }
  1271  
  1272  func (f *http2flow) available() int32 {
  1273  	n := f.n
  1274  	if f.conn != nil && f.conn.n < n {
  1275  		n = f.conn.n
  1276  	}
  1277  	return n
  1278  }
  1279  
  1280  func (f *http2flow) take(n int32) {
  1281  	if n > f.available() {
  1282  		panic("internal error: took too much")
  1283  	}
  1284  	f.n -= n
  1285  	if f.conn != nil {
  1286  		f.conn.n -= n
  1287  	}
  1288  }
  1289  
  1290  // add adds n bytes (positive or negative) to the flow control window.
  1291  // It returns false if the sum would exceed 2^31-1.
  1292  func (f *http2flow) add(n int32) bool {
  1293  	remain := (1<<31 - 1) - f.n
  1294  	if n > remain {
  1295  		return false
  1296  	}
  1297  	f.n += n
  1298  	return true
  1299  }
  1300  
  1301  const http2frameHeaderLen = 9
  1302  
  1303  var http2padZeros = make([]byte, 255) // zeros for padding
  1304  
  1305  // A FrameType is a registered frame type as defined in
  1306  // http://http2.github.io/http2-spec/#rfc.section.11.2
  1307  type http2FrameType uint8
  1308  
  1309  const (
  1310  	http2FrameData         http2FrameType = 0x0
  1311  	http2FrameHeaders      http2FrameType = 0x1
  1312  	http2FramePriority     http2FrameType = 0x2
  1313  	http2FrameRSTStream    http2FrameType = 0x3
  1314  	http2FrameSettings     http2FrameType = 0x4
  1315  	http2FramePushPromise  http2FrameType = 0x5
  1316  	http2FramePing         http2FrameType = 0x6
  1317  	http2FrameGoAway       http2FrameType = 0x7
  1318  	http2FrameWindowUpdate http2FrameType = 0x8
  1319  	http2FrameContinuation http2FrameType = 0x9
  1320  )
  1321  
  1322  var http2frameName = map[http2FrameType]string{
  1323  	http2FrameData:         "DATA",
  1324  	http2FrameHeaders:      "HEADERS",
  1325  	http2FramePriority:     "PRIORITY",
  1326  	http2FrameRSTStream:    "RST_STREAM",
  1327  	http2FrameSettings:     "SETTINGS",
  1328  	http2FramePushPromise:  "PUSH_PROMISE",
  1329  	http2FramePing:         "PING",
  1330  	http2FrameGoAway:       "GOAWAY",
  1331  	http2FrameWindowUpdate: "WINDOW_UPDATE",
  1332  	http2FrameContinuation: "CONTINUATION",
  1333  }
  1334  
  1335  func (t http2FrameType) String() string {
  1336  	if s, ok := http2frameName[t]; ok {
  1337  		return s
  1338  	}
  1339  	return fmt.Sprintf("UNKNOWN_FRAME_TYPE_%d", uint8(t))
  1340  }
  1341  
  1342  // Flags is a bitmask of HTTP/2 flags.
  1343  // The meaning of flags varies depending on the frame type.
  1344  type http2Flags uint8
  1345  
  1346  // Has reports whether f contains all (0 or more) flags in v.
  1347  func (f http2Flags) Has(v http2Flags) bool {
  1348  	return (f & v) == v
  1349  }
  1350  
  1351  // Frame-specific FrameHeader flag bits.
  1352  const (
  1353  	// Data Frame
  1354  	http2FlagDataEndStream http2Flags = 0x1
  1355  	http2FlagDataPadded    http2Flags = 0x8
  1356  
  1357  	// Headers Frame
  1358  	http2FlagHeadersEndStream  http2Flags = 0x1
  1359  	http2FlagHeadersEndHeaders http2Flags = 0x4
  1360  	http2FlagHeadersPadded     http2Flags = 0x8
  1361  	http2FlagHeadersPriority   http2Flags = 0x20
  1362  
  1363  	// Settings Frame
  1364  	http2FlagSettingsAck http2Flags = 0x1
  1365  
  1366  	// Ping Frame
  1367  	http2FlagPingAck http2Flags = 0x1
  1368  
  1369  	// Continuation Frame
  1370  	http2FlagContinuationEndHeaders http2Flags = 0x4
  1371  
  1372  	http2FlagPushPromiseEndHeaders http2Flags = 0x4
  1373  	http2FlagPushPromisePadded     http2Flags = 0x8
  1374  )
  1375  
  1376  var http2flagName = map[http2FrameType]map[http2Flags]string{
  1377  	http2FrameData: {
  1378  		http2FlagDataEndStream: "END_STREAM",
  1379  		http2FlagDataPadded:    "PADDED",
  1380  	},
  1381  	http2FrameHeaders: {
  1382  		http2FlagHeadersEndStream:  "END_STREAM",
  1383  		http2FlagHeadersEndHeaders: "END_HEADERS",
  1384  		http2FlagHeadersPadded:     "PADDED",
  1385  		http2FlagHeadersPriority:   "PRIORITY",
  1386  	},
  1387  	http2FrameSettings: {
  1388  		http2FlagSettingsAck: "ACK",
  1389  	},
  1390  	http2FramePing: {
  1391  		http2FlagPingAck: "ACK",
  1392  	},
  1393  	http2FrameContinuation: {
  1394  		http2FlagContinuationEndHeaders: "END_HEADERS",
  1395  	},
  1396  	http2FramePushPromise: {
  1397  		http2FlagPushPromiseEndHeaders: "END_HEADERS",
  1398  		http2FlagPushPromisePadded:     "PADDED",
  1399  	},
  1400  }
  1401  
  1402  // a frameParser parses a frame given its FrameHeader and payload
  1403  // bytes. The length of payload will always equal fh.Length (which
  1404  // might be 0).
  1405  type http2frameParser func(fc *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error)
  1406  
  1407  var http2frameParsers = map[http2FrameType]http2frameParser{
  1408  	http2FrameData:         http2parseDataFrame,
  1409  	http2FrameHeaders:      http2parseHeadersFrame,
  1410  	http2FramePriority:     http2parsePriorityFrame,
  1411  	http2FrameRSTStream:    http2parseRSTStreamFrame,
  1412  	http2FrameSettings:     http2parseSettingsFrame,
  1413  	http2FramePushPromise:  http2parsePushPromise,
  1414  	http2FramePing:         http2parsePingFrame,
  1415  	http2FrameGoAway:       http2parseGoAwayFrame,
  1416  	http2FrameWindowUpdate: http2parseWindowUpdateFrame,
  1417  	http2FrameContinuation: http2parseContinuationFrame,
  1418  }
  1419  
  1420  func http2typeFrameParser(t http2FrameType) http2frameParser {
  1421  	if f := http2frameParsers[t]; f != nil {
  1422  		return f
  1423  	}
  1424  	return http2parseUnknownFrame
  1425  }
  1426  
  1427  // A FrameHeader is the 9 byte header of all HTTP/2 frames.
  1428  //
  1429  // See http://http2.github.io/http2-spec/#FrameHeader
  1430  type http2FrameHeader struct {
  1431  	valid bool // caller can access []byte fields in the Frame
  1432  
  1433  	// Type is the 1 byte frame type. There are ten standard frame
  1434  	// types, but extension frame types may be written by WriteRawFrame
  1435  	// and will be returned by ReadFrame (as UnknownFrame).
  1436  	Type http2FrameType
  1437  
  1438  	// Flags are the 1 byte of 8 potential bit flags per frame.
  1439  	// They are specific to the frame type.
  1440  	Flags http2Flags
  1441  
  1442  	// Length is the length of the frame, not including the 9 byte header.
  1443  	// The maximum size is one byte less than 16MB (uint24), but only
  1444  	// frames up to 16KB are allowed without peer agreement.
  1445  	Length uint32
  1446  
  1447  	// StreamID is which stream this frame is for. Certain frames
  1448  	// are not stream-specific, in which case this field is 0.
  1449  	StreamID uint32
  1450  }
  1451  
  1452  // Header returns h. It exists so FrameHeaders can be embedded in other
  1453  // specific frame types and implement the Frame interface.
  1454  func (h http2FrameHeader) Header() http2FrameHeader { return h }
  1455  
  1456  func (h http2FrameHeader) String() string {
  1457  	var buf bytes.Buffer
  1458  	buf.WriteString("[FrameHeader ")
  1459  	h.writeDebug(&buf)
  1460  	buf.WriteByte(']')
  1461  	return buf.String()
  1462  }
  1463  
  1464  func (h http2FrameHeader) writeDebug(buf *bytes.Buffer) {
  1465  	buf.WriteString(h.Type.String())
  1466  	if h.Flags != 0 {
  1467  		buf.WriteString(" flags=")
  1468  		set := 0
  1469  		for i := uint8(0); i < 8; i++ {
  1470  			if h.Flags&(1<<i) == 0 {
  1471  				continue
  1472  			}
  1473  			set++
  1474  			if set > 1 {
  1475  				buf.WriteByte('|')
  1476  			}
  1477  			name := http2flagName[h.Type][http2Flags(1<<i)]
  1478  			if name != "" {
  1479  				buf.WriteString(name)
  1480  			} else {
  1481  				fmt.Fprintf(buf, "0x%x", 1<<i)
  1482  			}
  1483  		}
  1484  	}
  1485  	if h.StreamID != 0 {
  1486  		fmt.Fprintf(buf, " stream=%d", h.StreamID)
  1487  	}
  1488  	fmt.Fprintf(buf, " len=%d", h.Length)
  1489  }
  1490  
  1491  func (h *http2FrameHeader) checkValid() {
  1492  	if !h.valid {
  1493  		panic("Frame accessor called on non-owned Frame")
  1494  	}
  1495  }
  1496  
  1497  func (h *http2FrameHeader) invalidate() { h.valid = false }
  1498  
  1499  // frame header bytes.
  1500  // Used only by ReadFrameHeader.
  1501  var http2fhBytes = sync.Pool{
  1502  	New: func() interface{} {
  1503  		buf := make([]byte, http2frameHeaderLen)
  1504  		return &buf
  1505  	},
  1506  }
  1507  
  1508  // ReadFrameHeader reads 9 bytes from r and returns a FrameHeader.
  1509  // Most users should use Framer.ReadFrame instead.
  1510  func http2ReadFrameHeader(r io.Reader) (http2FrameHeader, error) {
  1511  	bufp := http2fhBytes.Get().(*[]byte)
  1512  	defer http2fhBytes.Put(bufp)
  1513  	return http2readFrameHeader(*bufp, r)
  1514  }
  1515  
  1516  func http2readFrameHeader(buf []byte, r io.Reader) (http2FrameHeader, error) {
  1517  	_, err := io.ReadFull(r, buf[:http2frameHeaderLen])
  1518  	if err != nil {
  1519  		return http2FrameHeader{}, err
  1520  	}
  1521  	return http2FrameHeader{
  1522  		Length:   (uint32(buf[0])<<16 | uint32(buf[1])<<8 | uint32(buf[2])),
  1523  		Type:     http2FrameType(buf[3]),
  1524  		Flags:    http2Flags(buf[4]),
  1525  		StreamID: binary.BigEndian.Uint32(buf[5:]) & (1<<31 - 1),
  1526  		valid:    true,
  1527  	}, nil
  1528  }
  1529  
  1530  // A Frame is the base interface implemented by all frame types.
  1531  // Callers will generally type-assert the specific frame type:
  1532  // *HeadersFrame, *SettingsFrame, *WindowUpdateFrame, etc.
  1533  //
  1534  // Frames are only valid until the next call to Framer.ReadFrame.
  1535  type http2Frame interface {
  1536  	Header() http2FrameHeader
  1537  
  1538  	// invalidate is called by Framer.ReadFrame to make this
  1539  	// frame's buffers as being invalid, since the subsequent
  1540  	// frame will reuse them.
  1541  	invalidate()
  1542  }
  1543  
  1544  // A Framer reads and writes Frames.
  1545  type http2Framer struct {
  1546  	r         io.Reader
  1547  	lastFrame http2Frame
  1548  	errDetail error
  1549  
  1550  	// lastHeaderStream is non-zero if the last frame was an
  1551  	// unfinished HEADERS/CONTINUATION.
  1552  	lastHeaderStream uint32
  1553  
  1554  	maxReadSize uint32
  1555  	headerBuf   [http2frameHeaderLen]byte
  1556  
  1557  	// TODO: let getReadBuf be configurable, and use a less memory-pinning
  1558  	// allocator in server.go to minimize memory pinned for many idle conns.
  1559  	// Will probably also need to make frame invalidation have a hook too.
  1560  	getReadBuf func(size uint32) []byte
  1561  	readBuf    []byte // cache for default getReadBuf
  1562  
  1563  	maxWriteSize uint32 // zero means unlimited; TODO: implement
  1564  
  1565  	w    io.Writer
  1566  	wbuf []byte
  1567  
  1568  	// AllowIllegalWrites permits the Framer's Write methods to
  1569  	// write frames that do not conform to the HTTP/2 spec. This
  1570  	// permits using the Framer to test other HTTP/2
  1571  	// implementations' conformance to the spec.
  1572  	// If false, the Write methods will prefer to return an error
  1573  	// rather than comply.
  1574  	AllowIllegalWrites bool
  1575  
  1576  	// AllowIllegalReads permits the Framer's ReadFrame method
  1577  	// to return non-compliant frames or frame orders.
  1578  	// This is for testing and permits using the Framer to test
  1579  	// other HTTP/2 implementations' conformance to the spec.
  1580  	// It is not compatible with ReadMetaHeaders.
  1581  	AllowIllegalReads bool
  1582  
  1583  	// ReadMetaHeaders if non-nil causes ReadFrame to merge
  1584  	// HEADERS and CONTINUATION frames together and return
  1585  	// MetaHeadersFrame instead.
  1586  	ReadMetaHeaders *hpack.Decoder
  1587  
  1588  	// MaxHeaderListSize is the http2 MAX_HEADER_LIST_SIZE.
  1589  	// It's used only if ReadMetaHeaders is set; 0 means a sane default
  1590  	// (currently 16MB)
  1591  	// If the limit is hit, MetaHeadersFrame.Truncated is set true.
  1592  	MaxHeaderListSize uint32
  1593  
  1594  	// TODO: track which type of frame & with which flags was sent
  1595  	// last. Then return an error (unless AllowIllegalWrites) if
  1596  	// we're in the middle of a header block and a
  1597  	// non-Continuation or Continuation on a different stream is
  1598  	// attempted to be written.
  1599  
  1600  	logReads, logWrites bool
  1601  
  1602  	debugFramer       *http2Framer // only use for logging written writes
  1603  	debugFramerBuf    *bytes.Buffer
  1604  	debugReadLoggerf  func(string, ...interface{})
  1605  	debugWriteLoggerf func(string, ...interface{})
  1606  
  1607  	frameCache *http2frameCache // nil if frames aren't reused (default)
  1608  }
  1609  
  1610  func (fr *http2Framer) maxHeaderListSize() uint32 {
  1611  	if fr.MaxHeaderListSize == 0 {
  1612  		return 16 << 20 // sane default, per docs
  1613  	}
  1614  	return fr.MaxHeaderListSize
  1615  }
  1616  
  1617  func (f *http2Framer) startWrite(ftype http2FrameType, flags http2Flags, streamID uint32) {
  1618  	// Write the FrameHeader.
  1619  	f.wbuf = append(f.wbuf[:0],
  1620  		0, // 3 bytes of length, filled in in endWrite
  1621  		0,
  1622  		0,
  1623  		byte(ftype),
  1624  		byte(flags),
  1625  		byte(streamID>>24),
  1626  		byte(streamID>>16),
  1627  		byte(streamID>>8),
  1628  		byte(streamID))
  1629  }
  1630  
  1631  func (f *http2Framer) endWrite() error {
  1632  	// Now that we know the final size, fill in the FrameHeader in
  1633  	// the space previously reserved for it. Abuse append.
  1634  	length := len(f.wbuf) - http2frameHeaderLen
  1635  	if length >= (1 << 24) {
  1636  		return http2ErrFrameTooLarge
  1637  	}
  1638  	_ = append(f.wbuf[:0],
  1639  		byte(length>>16),
  1640  		byte(length>>8),
  1641  		byte(length))
  1642  	if f.logWrites {
  1643  		f.logWrite()
  1644  	}
  1645  
  1646  	n, err := f.w.Write(f.wbuf)
  1647  	if err == nil && n != len(f.wbuf) {
  1648  		err = io.ErrShortWrite
  1649  	}
  1650  	return err
  1651  }
  1652  
  1653  func (f *http2Framer) logWrite() {
  1654  	if f.debugFramer == nil {
  1655  		f.debugFramerBuf = new(bytes.Buffer)
  1656  		f.debugFramer = http2NewFramer(nil, f.debugFramerBuf)
  1657  		f.debugFramer.logReads = false // we log it ourselves, saying "wrote" below
  1658  		// Let us read anything, even if we accidentally wrote it
  1659  		// in the wrong order:
  1660  		f.debugFramer.AllowIllegalReads = true
  1661  	}
  1662  	f.debugFramerBuf.Write(f.wbuf)
  1663  	fr, err := f.debugFramer.ReadFrame()
  1664  	if err != nil {
  1665  		f.debugWriteLoggerf("http2: Framer %p: failed to decode just-written frame", f)
  1666  		return
  1667  	}
  1668  	f.debugWriteLoggerf("http2: Framer %p: wrote %v", f, http2summarizeFrame(fr))
  1669  }
  1670  
  1671  func (f *http2Framer) writeByte(v byte) { f.wbuf = append(f.wbuf, v) }
  1672  
  1673  func (f *http2Framer) writeBytes(v []byte) { f.wbuf = append(f.wbuf, v...) }
  1674  
  1675  func (f *http2Framer) writeUint16(v uint16) { f.wbuf = append(f.wbuf, byte(v>>8), byte(v)) }
  1676  
  1677  func (f *http2Framer) writeUint32(v uint32) {
  1678  	f.wbuf = append(f.wbuf, byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
  1679  }
  1680  
  1681  const (
  1682  	http2minMaxFrameSize = 1 << 14
  1683  	http2maxFrameSize    = 1<<24 - 1
  1684  )
  1685  
  1686  // SetReuseFrames allows the Framer to reuse Frames.
  1687  // If called on a Framer, Frames returned by calls to ReadFrame are only
  1688  // valid until the next call to ReadFrame.
  1689  func (fr *http2Framer) SetReuseFrames() {
  1690  	if fr.frameCache != nil {
  1691  		return
  1692  	}
  1693  	fr.frameCache = &http2frameCache{}
  1694  }
  1695  
  1696  type http2frameCache struct {
  1697  	dataFrame http2DataFrame
  1698  }
  1699  
  1700  func (fc *http2frameCache) getDataFrame() *http2DataFrame {
  1701  	if fc == nil {
  1702  		return &http2DataFrame{}
  1703  	}
  1704  	return &fc.dataFrame
  1705  }
  1706  
  1707  // NewFramer returns a Framer that writes frames to w and reads them from r.
  1708  func http2NewFramer(w io.Writer, r io.Reader) *http2Framer {
  1709  	fr := &http2Framer{
  1710  		w:                 w,
  1711  		r:                 r,
  1712  		logReads:          http2logFrameReads,
  1713  		logWrites:         http2logFrameWrites,
  1714  		debugReadLoggerf:  log.Printf,
  1715  		debugWriteLoggerf: log.Printf,
  1716  	}
  1717  	fr.getReadBuf = func(size uint32) []byte {
  1718  		if cap(fr.readBuf) >= int(size) {
  1719  			return fr.readBuf[:size]
  1720  		}
  1721  		fr.readBuf = make([]byte, size)
  1722  		return fr.readBuf
  1723  	}
  1724  	fr.SetMaxReadFrameSize(http2maxFrameSize)
  1725  	return fr
  1726  }
  1727  
  1728  // SetMaxReadFrameSize sets the maximum size of a frame
  1729  // that will be read by a subsequent call to ReadFrame.
  1730  // It is the caller's responsibility to advertise this
  1731  // limit with a SETTINGS frame.
  1732  func (fr *http2Framer) SetMaxReadFrameSize(v uint32) {
  1733  	if v > http2maxFrameSize {
  1734  		v = http2maxFrameSize
  1735  	}
  1736  	fr.maxReadSize = v
  1737  }
  1738  
  1739  // ErrorDetail returns a more detailed error of the last error
  1740  // returned by Framer.ReadFrame. For instance, if ReadFrame
  1741  // returns a StreamError with code PROTOCOL_ERROR, ErrorDetail
  1742  // will say exactly what was invalid. ErrorDetail is not guaranteed
  1743  // to return a non-nil value and like the rest of the http2 package,
  1744  // its return value is not protected by an API compatibility promise.
  1745  // ErrorDetail is reset after the next call to ReadFrame.
  1746  func (fr *http2Framer) ErrorDetail() error {
  1747  	return fr.errDetail
  1748  }
  1749  
  1750  // ErrFrameTooLarge is returned from Framer.ReadFrame when the peer
  1751  // sends a frame that is larger than declared with SetMaxReadFrameSize.
  1752  var http2ErrFrameTooLarge = errors.New("http2: frame too large")
  1753  
  1754  // terminalReadFrameError reports whether err is an unrecoverable
  1755  // error from ReadFrame and no other frames should be read.
  1756  func http2terminalReadFrameError(err error) bool {
  1757  	if _, ok := err.(http2StreamError); ok {
  1758  		return false
  1759  	}
  1760  	return err != nil
  1761  }
  1762  
  1763  // ReadFrame reads a single frame. The returned Frame is only valid
  1764  // until the next call to ReadFrame.
  1765  //
  1766  // If the frame is larger than previously set with SetMaxReadFrameSize, the
  1767  // returned error is ErrFrameTooLarge. Other errors may be of type
  1768  // ConnectionError, StreamError, or anything else from the underlying
  1769  // reader.
  1770  func (fr *http2Framer) ReadFrame() (http2Frame, error) {
  1771  	fr.errDetail = nil
  1772  	if fr.lastFrame != nil {
  1773  		fr.lastFrame.invalidate()
  1774  	}
  1775  	fh, err := http2readFrameHeader(fr.headerBuf[:], fr.r)
  1776  	if err != nil {
  1777  		return nil, err
  1778  	}
  1779  	if fh.Length > fr.maxReadSize {
  1780  		return nil, http2ErrFrameTooLarge
  1781  	}
  1782  	payload := fr.getReadBuf(fh.Length)
  1783  	if _, err := io.ReadFull(fr.r, payload); err != nil {
  1784  		return nil, err
  1785  	}
  1786  	f, err := http2typeFrameParser(fh.Type)(fr.frameCache, fh, payload)
  1787  	if err != nil {
  1788  		if ce, ok := err.(http2connError); ok {
  1789  			return nil, fr.connError(ce.Code, ce.Reason)
  1790  		}
  1791  		return nil, err
  1792  	}
  1793  	if err := fr.checkFrameOrder(f); err != nil {
  1794  		return nil, err
  1795  	}
  1796  	if fr.logReads {
  1797  		fr.debugReadLoggerf("http2: Framer %p: read %v", fr, http2summarizeFrame(f))
  1798  	}
  1799  	if fh.Type == http2FrameHeaders && fr.ReadMetaHeaders != nil {
  1800  		return fr.readMetaFrame(f.(*http2HeadersFrame))
  1801  	}
  1802  	return f, nil
  1803  }
  1804  
  1805  // connError returns ConnectionError(code) but first
  1806  // stashes away a public reason to the caller can optionally relay it
  1807  // to the peer before hanging up on them. This might help others debug
  1808  // their implementations.
  1809  func (fr *http2Framer) connError(code http2ErrCode, reason string) error {
  1810  	fr.errDetail = errors.New(reason)
  1811  	return http2ConnectionError(code)
  1812  }
  1813  
  1814  // checkFrameOrder reports an error if f is an invalid frame to return
  1815  // next from ReadFrame. Mostly it checks whether HEADERS and
  1816  // CONTINUATION frames are contiguous.
  1817  func (fr *http2Framer) checkFrameOrder(f http2Frame) error {
  1818  	last := fr.lastFrame
  1819  	fr.lastFrame = f
  1820  	if fr.AllowIllegalReads {
  1821  		return nil
  1822  	}
  1823  
  1824  	fh := f.Header()
  1825  	if fr.lastHeaderStream != 0 {
  1826  		if fh.Type != http2FrameContinuation {
  1827  			return fr.connError(http2ErrCodeProtocol,
  1828  				fmt.Sprintf("got %s for stream %d; expected CONTINUATION following %s for stream %d",
  1829  					fh.Type, fh.StreamID,
  1830  					last.Header().Type, fr.lastHeaderStream))
  1831  		}
  1832  		if fh.StreamID != fr.lastHeaderStream {
  1833  			return fr.connError(http2ErrCodeProtocol,
  1834  				fmt.Sprintf("got CONTINUATION for stream %d; expected stream %d",
  1835  					fh.StreamID, fr.lastHeaderStream))
  1836  		}
  1837  	} else if fh.Type == http2FrameContinuation {
  1838  		return fr.connError(http2ErrCodeProtocol, fmt.Sprintf("unexpected CONTINUATION for stream %d", fh.StreamID))
  1839  	}
  1840  
  1841  	switch fh.Type {
  1842  	case http2FrameHeaders, http2FrameContinuation:
  1843  		if fh.Flags.Has(http2FlagHeadersEndHeaders) {
  1844  			fr.lastHeaderStream = 0
  1845  		} else {
  1846  			fr.lastHeaderStream = fh.StreamID
  1847  		}
  1848  	}
  1849  
  1850  	return nil
  1851  }
  1852  
  1853  // A DataFrame conveys arbitrary, variable-length sequences of octets
  1854  // associated with a stream.
  1855  // See http://http2.github.io/http2-spec/#rfc.section.6.1
  1856  type http2DataFrame struct {
  1857  	http2FrameHeader
  1858  	data []byte
  1859  }
  1860  
  1861  func (f *http2DataFrame) StreamEnded() bool {
  1862  	return f.http2FrameHeader.Flags.Has(http2FlagDataEndStream)
  1863  }
  1864  
  1865  // Data returns the frame's data octets, not including any padding
  1866  // size byte or padding suffix bytes.
  1867  // The caller must not retain the returned memory past the next
  1868  // call to ReadFrame.
  1869  func (f *http2DataFrame) Data() []byte {
  1870  	f.checkValid()
  1871  	return f.data
  1872  }
  1873  
  1874  func http2parseDataFrame(fc *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) {
  1875  	if fh.StreamID == 0 {
  1876  		// DATA frames MUST be associated with a stream. If a
  1877  		// DATA frame is received whose stream identifier
  1878  		// field is 0x0, the recipient MUST respond with a
  1879  		// connection error (Section 5.4.1) of type
  1880  		// PROTOCOL_ERROR.
  1881  		return nil, http2connError{http2ErrCodeProtocol, "DATA frame with stream ID 0"}
  1882  	}
  1883  	f := fc.getDataFrame()
  1884  	f.http2FrameHeader = fh
  1885  
  1886  	var padSize byte
  1887  	if fh.Flags.Has(http2FlagDataPadded) {
  1888  		var err error
  1889  		payload, padSize, err = http2readByte(payload)
  1890  		if err != nil {
  1891  			return nil, err
  1892  		}
  1893  	}
  1894  	if int(padSize) > len(payload) {
  1895  		// If the length of the padding is greater than the
  1896  		// length of the frame payload, the recipient MUST
  1897  		// treat this as a connection error.
  1898  		// Filed: https://github.com/http2/http2-spec/issues/610
  1899  		return nil, http2connError{http2ErrCodeProtocol, "pad size larger than data payload"}
  1900  	}
  1901  	f.data = payload[:len(payload)-int(padSize)]
  1902  	return f, nil
  1903  }
  1904  
  1905  var (
  1906  	http2errStreamID    = errors.New("invalid stream ID")
  1907  	http2errDepStreamID = errors.New("invalid dependent stream ID")
  1908  	http2errPadLength   = errors.New("pad length too large")
  1909  	http2errPadBytes    = errors.New("padding bytes must all be zeros unless AllowIllegalWrites is enabled")
  1910  )
  1911  
  1912  func http2validStreamIDOrZero(streamID uint32) bool {
  1913  	return streamID&(1<<31) == 0
  1914  }
  1915  
  1916  func http2validStreamID(streamID uint32) bool {
  1917  	return streamID != 0 && streamID&(1<<31) == 0
  1918  }
  1919  
  1920  // WriteData writes a DATA frame.
  1921  //
  1922  // It will perform exactly one Write to the underlying Writer.
  1923  // It is the caller's responsibility not to violate the maximum frame size
  1924  // and to not call other Write methods concurrently.
  1925  func (f *http2Framer) WriteData(streamID uint32, endStream bool, data []byte) error {
  1926  	return f.WriteDataPadded(streamID, endStream, data, nil)
  1927  }
  1928  
  1929  // WriteData writes a DATA frame with optional padding.
  1930  //
  1931  // If pad is nil, the padding bit is not sent.
  1932  // The length of pad must not exceed 255 bytes.
  1933  // The bytes of pad must all be zero, unless f.AllowIllegalWrites is set.
  1934  //
  1935  // It will perform exactly one Write to the underlying Writer.
  1936  // It is the caller's responsibility not to violate the maximum frame size
  1937  // and to not call other Write methods concurrently.
  1938  func (f *http2Framer) WriteDataPadded(streamID uint32, endStream bool, data, pad []byte) error {
  1939  	if !http2validStreamID(streamID) && !f.AllowIllegalWrites {
  1940  		return http2errStreamID
  1941  	}
  1942  	if len(pad) > 0 {
  1943  		if len(pad) > 255 {
  1944  			return http2errPadLength
  1945  		}
  1946  		if !f.AllowIllegalWrites {
  1947  			for _, b := range pad {
  1948  				if b != 0 {
  1949  					// "Padding octets MUST be set to zero when sending."
  1950  					return http2errPadBytes
  1951  				}
  1952  			}
  1953  		}
  1954  	}
  1955  	var flags http2Flags
  1956  	if endStream {
  1957  		flags |= http2FlagDataEndStream
  1958  	}
  1959  	if pad != nil {
  1960  		flags |= http2FlagDataPadded
  1961  	}
  1962  	f.startWrite(http2FrameData, flags, streamID)
  1963  	if pad != nil {
  1964  		f.wbuf = append(f.wbuf, byte(len(pad)))
  1965  	}
  1966  	f.wbuf = append(f.wbuf, data...)
  1967  	f.wbuf = append(f.wbuf, pad...)
  1968  	return f.endWrite()
  1969  }
  1970  
  1971  // A SettingsFrame conveys configuration parameters that affect how
  1972  // endpoints communicate, such as preferences and constraints on peer
  1973  // behavior.
  1974  //
  1975  // See http://http2.github.io/http2-spec/#SETTINGS
  1976  type http2SettingsFrame struct {
  1977  	http2FrameHeader
  1978  	p []byte
  1979  }
  1980  
  1981  func http2parseSettingsFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) {
  1982  	if fh.Flags.Has(http2FlagSettingsAck) && fh.Length > 0 {
  1983  		// When this (ACK 0x1) bit is set, the payload of the
  1984  		// SETTINGS frame MUST be empty. Receipt of a
  1985  		// SETTINGS frame with the ACK flag set and a length
  1986  		// field value other than 0 MUST be treated as a
  1987  		// connection error (Section 5.4.1) of type
  1988  		// FRAME_SIZE_ERROR.
  1989  		return nil, http2ConnectionError(http2ErrCodeFrameSize)
  1990  	}
  1991  	if fh.StreamID != 0 {
  1992  		// SETTINGS frames always apply to a connection,
  1993  		// never a single stream. The stream identifier for a
  1994  		// SETTINGS frame MUST be zero (0x0).  If an endpoint
  1995  		// receives a SETTINGS frame whose stream identifier
  1996  		// field is anything other than 0x0, the endpoint MUST
  1997  		// respond with a connection error (Section 5.4.1) of
  1998  		// type PROTOCOL_ERROR.
  1999  		return nil, http2ConnectionError(http2ErrCodeProtocol)
  2000  	}
  2001  	if len(p)%6 != 0 {
  2002  		// Expecting even number of 6 byte settings.
  2003  		return nil, http2ConnectionError(http2ErrCodeFrameSize)
  2004  	}
  2005  	f := &http2SettingsFrame{http2FrameHeader: fh, p: p}
  2006  	if v, ok := f.Value(http2SettingInitialWindowSize); ok && v > (1<<31)-1 {
  2007  		// Values above the maximum flow control window size of 2^31 - 1 MUST
  2008  		// be treated as a connection error (Section 5.4.1) of type
  2009  		// FLOW_CONTROL_ERROR.
  2010  		return nil, http2ConnectionError(http2ErrCodeFlowControl)
  2011  	}
  2012  	return f, nil
  2013  }
  2014  
  2015  func (f *http2SettingsFrame) IsAck() bool {
  2016  	return f.http2FrameHeader.Flags.Has(http2FlagSettingsAck)
  2017  }
  2018  
  2019  func (f *http2SettingsFrame) Value(s http2SettingID) (v uint32, ok bool) {
  2020  	f.checkValid()
  2021  	buf := f.p
  2022  	for len(buf) > 0 {
  2023  		settingID := http2SettingID(binary.BigEndian.Uint16(buf[:2]))
  2024  		if settingID == s {
  2025  			return binary.BigEndian.Uint32(buf[2:6]), true
  2026  		}
  2027  		buf = buf[6:]
  2028  	}
  2029  	return 0, false
  2030  }
  2031  
  2032  // ForeachSetting runs fn for each setting.
  2033  // It stops and returns the first error.
  2034  func (f *http2SettingsFrame) ForeachSetting(fn func(http2Setting) error) error {
  2035  	f.checkValid()
  2036  	buf := f.p
  2037  	for len(buf) > 0 {
  2038  		if err := fn(http2Setting{
  2039  			http2SettingID(binary.BigEndian.Uint16(buf[:2])),
  2040  			binary.BigEndian.Uint32(buf[2:6]),
  2041  		}); err != nil {
  2042  			return err
  2043  		}
  2044  		buf = buf[6:]
  2045  	}
  2046  	return nil
  2047  }
  2048  
  2049  // WriteSettings writes a SETTINGS frame with zero or more settings
  2050  // specified and the ACK bit not set.
  2051  //
  2052  // It will perform exactly one Write to the underlying Writer.
  2053  // It is the caller's responsibility to not call other Write methods concurrently.
  2054  func (f *http2Framer) WriteSettings(settings ...http2Setting) error {
  2055  	f.startWrite(http2FrameSettings, 0, 0)
  2056  	for _, s := range settings {
  2057  		f.writeUint16(uint16(s.ID))
  2058  		f.writeUint32(s.Val)
  2059  	}
  2060  	return f.endWrite()
  2061  }
  2062  
  2063  // WriteSettingsAck writes an empty SETTINGS frame with the ACK bit set.
  2064  //
  2065  // It will perform exactly one Write to the underlying Writer.
  2066  // It is the caller's responsibility to not call other Write methods concurrently.
  2067  func (f *http2Framer) WriteSettingsAck() error {
  2068  	f.startWrite(http2FrameSettings, http2FlagSettingsAck, 0)
  2069  	return f.endWrite()
  2070  }
  2071  
  2072  // A PingFrame is a mechanism for measuring a minimal round trip time
  2073  // from the sender, as well as determining whether an idle connection
  2074  // is still functional.
  2075  // See http://http2.github.io/http2-spec/#rfc.section.6.7
  2076  type http2PingFrame struct {
  2077  	http2FrameHeader
  2078  	Data [8]byte
  2079  }
  2080  
  2081  func (f *http2PingFrame) IsAck() bool { return f.Flags.Has(http2FlagPingAck) }
  2082  
  2083  func http2parsePingFrame(_ *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) {
  2084  	if len(payload) != 8 {
  2085  		return nil, http2ConnectionError(http2ErrCodeFrameSize)
  2086  	}
  2087  	if fh.StreamID != 0 {
  2088  		return nil, http2ConnectionError(http2ErrCodeProtocol)
  2089  	}
  2090  	f := &http2PingFrame{http2FrameHeader: fh}
  2091  	copy(f.Data[:], payload)
  2092  	return f, nil
  2093  }
  2094  
  2095  func (f *http2Framer) WritePing(ack bool, data [8]byte) error {
  2096  	var flags http2Flags
  2097  	if ack {
  2098  		flags = http2FlagPingAck
  2099  	}
  2100  	f.startWrite(http2FramePing, flags, 0)
  2101  	f.writeBytes(data[:])
  2102  	return f.endWrite()
  2103  }
  2104  
  2105  // A GoAwayFrame informs the remote peer to stop creating streams on this connection.
  2106  // See http://http2.github.io/http2-spec/#rfc.section.6.8
  2107  type http2GoAwayFrame struct {
  2108  	http2FrameHeader
  2109  	LastStreamID uint32
  2110  	ErrCode      http2ErrCode
  2111  	debugData    []byte
  2112  }
  2113  
  2114  // DebugData returns any debug data in the GOAWAY frame. Its contents
  2115  // are not defined.
  2116  // The caller must not retain the returned memory past the next
  2117  // call to ReadFrame.
  2118  func (f *http2GoAwayFrame) DebugData() []byte {
  2119  	f.checkValid()
  2120  	return f.debugData
  2121  }
  2122  
  2123  func http2parseGoAwayFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) {
  2124  	if fh.StreamID != 0 {
  2125  		return nil, http2ConnectionError(http2ErrCodeProtocol)
  2126  	}
  2127  	if len(p) < 8 {
  2128  		return nil, http2ConnectionError(http2ErrCodeFrameSize)
  2129  	}
  2130  	return &http2GoAwayFrame{
  2131  		http2FrameHeader: fh,
  2132  		LastStreamID:     binary.BigEndian.Uint32(p[:4]) & (1<<31 - 1),
  2133  		ErrCode:          http2ErrCode(binary.BigEndian.Uint32(p[4:8])),
  2134  		debugData:        p[8:],
  2135  	}, nil
  2136  }
  2137  
  2138  func (f *http2Framer) WriteGoAway(maxStreamID uint32, code http2ErrCode, debugData []byte) error {
  2139  	f.startWrite(http2FrameGoAway, 0, 0)
  2140  	f.writeUint32(maxStreamID & (1<<31 - 1))
  2141  	f.writeUint32(uint32(code))
  2142  	f.writeBytes(debugData)
  2143  	return f.endWrite()
  2144  }
  2145  
  2146  // An UnknownFrame is the frame type returned when the frame type is unknown
  2147  // or no specific frame type parser exists.
  2148  type http2UnknownFrame struct {
  2149  	http2FrameHeader
  2150  	p []byte
  2151  }
  2152  
  2153  // Payload returns the frame's payload (after the header).  It is not
  2154  // valid to call this method after a subsequent call to
  2155  // Framer.ReadFrame, nor is it valid to retain the returned slice.
  2156  // The memory is owned by the Framer and is invalidated when the next
  2157  // frame is read.
  2158  func (f *http2UnknownFrame) Payload() []byte {
  2159  	f.checkValid()
  2160  	return f.p
  2161  }
  2162  
  2163  func http2parseUnknownFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) {
  2164  	return &http2UnknownFrame{fh, p}, nil
  2165  }
  2166  
  2167  // A WindowUpdateFrame is used to implement flow control.
  2168  // See http://http2.github.io/http2-spec/#rfc.section.6.9
  2169  type http2WindowUpdateFrame struct {
  2170  	http2FrameHeader
  2171  	Increment uint32 // never read with high bit set
  2172  }
  2173  
  2174  func http2parseWindowUpdateFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) {
  2175  	if len(p) != 4 {
  2176  		return nil, http2ConnectionError(http2ErrCodeFrameSize)
  2177  	}
  2178  	inc := binary.BigEndian.Uint32(p[:4]) & 0x7fffffff // mask off high reserved bit
  2179  	if inc == 0 {
  2180  		// A receiver MUST treat the receipt of a
  2181  		// WINDOW_UPDATE frame with an flow control window
  2182  		// increment of 0 as a stream error (Section 5.4.2) of
  2183  		// type PROTOCOL_ERROR; errors on the connection flow
  2184  		// control window MUST be treated as a connection
  2185  		// error (Section 5.4.1).
  2186  		if fh.StreamID == 0 {
  2187  			return nil, http2ConnectionError(http2ErrCodeProtocol)
  2188  		}
  2189  		return nil, http2streamError(fh.StreamID, http2ErrCodeProtocol)
  2190  	}
  2191  	return &http2WindowUpdateFrame{
  2192  		http2FrameHeader: fh,
  2193  		Increment:        inc,
  2194  	}, nil
  2195  }
  2196  
  2197  // WriteWindowUpdate writes a WINDOW_UPDATE frame.
  2198  // The increment value must be between 1 and 2,147,483,647, inclusive.
  2199  // If the Stream ID is zero, the window update applies to the
  2200  // connection as a whole.
  2201  func (f *http2Framer) WriteWindowUpdate(streamID, incr uint32) error {
  2202  	// "The legal range for the increment to the flow control window is 1 to 2^31-1 (2,147,483,647) octets."
  2203  	if (incr < 1 || incr > 2147483647) && !f.AllowIllegalWrites {
  2204  		return errors.New("illegal window increment value")
  2205  	}
  2206  	f.startWrite(http2FrameWindowUpdate, 0, streamID)
  2207  	f.writeUint32(incr)
  2208  	return f.endWrite()
  2209  }
  2210  
  2211  // A HeadersFrame is used to open a stream and additionally carries a
  2212  // header block fragment.
  2213  type http2HeadersFrame struct {
  2214  	http2FrameHeader
  2215  
  2216  	// Priority is set if FlagHeadersPriority is set in the FrameHeader.
  2217  	Priority http2PriorityParam
  2218  
  2219  	headerFragBuf []byte // not owned
  2220  }
  2221  
  2222  func (f *http2HeadersFrame) HeaderBlockFragment() []byte {
  2223  	f.checkValid()
  2224  	return f.headerFragBuf
  2225  }
  2226  
  2227  func (f *http2HeadersFrame) HeadersEnded() bool {
  2228  	return f.http2FrameHeader.Flags.Has(http2FlagHeadersEndHeaders)
  2229  }
  2230  
  2231  func (f *http2HeadersFrame) StreamEnded() bool {
  2232  	return f.http2FrameHeader.Flags.Has(http2FlagHeadersEndStream)
  2233  }
  2234  
  2235  func (f *http2HeadersFrame) HasPriority() bool {
  2236  	return f.http2FrameHeader.Flags.Has(http2FlagHeadersPriority)
  2237  }
  2238  
  2239  func http2parseHeadersFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (_ http2Frame, err error) {
  2240  	hf := &http2HeadersFrame{
  2241  		http2FrameHeader: fh,
  2242  	}
  2243  	if fh.StreamID == 0 {
  2244  		// HEADERS frames MUST be associated with a stream. If a HEADERS frame
  2245  		// is received whose stream identifier field is 0x0, the recipient MUST
  2246  		// respond with a connection error (Section 5.4.1) of type
  2247  		// PROTOCOL_ERROR.
  2248  		return nil, http2connError{http2ErrCodeProtocol, "HEADERS frame with stream ID 0"}
  2249  	}
  2250  	var padLength uint8
  2251  	if fh.Flags.Has(http2FlagHeadersPadded) {
  2252  		if p, padLength, err = http2readByte(p); err != nil {
  2253  			return
  2254  		}
  2255  	}
  2256  	if fh.Flags.Has(http2FlagHeadersPriority) {
  2257  		var v uint32
  2258  		p, v, err = http2readUint32(p)
  2259  		if err != nil {
  2260  			return nil, err
  2261  		}
  2262  		hf.Priority.StreamDep = v & 0x7fffffff
  2263  		hf.Priority.Exclusive = (v != hf.Priority.StreamDep) // high bit was set
  2264  		p, hf.Priority.Weight, err = http2readByte(p)
  2265  		if err != nil {
  2266  			return nil, err
  2267  		}
  2268  	}
  2269  	if len(p)-int(padLength) <= 0 {
  2270  		return nil, http2streamError(fh.StreamID, http2ErrCodeProtocol)
  2271  	}
  2272  	hf.headerFragBuf = p[:len(p)-int(padLength)]
  2273  	return hf, nil
  2274  }
  2275  
  2276  // HeadersFrameParam are the parameters for writing a HEADERS frame.
  2277  type http2HeadersFrameParam struct {
  2278  	// StreamID is the required Stream ID to initiate.
  2279  	StreamID uint32
  2280  	// BlockFragment is part (or all) of a Header Block.
  2281  	BlockFragment []byte
  2282  
  2283  	// EndStream indicates that the header block is the last that
  2284  	// the endpoint will send for the identified stream. Setting
  2285  	// this flag causes the stream to enter one of "half closed"
  2286  	// states.
  2287  	EndStream bool
  2288  
  2289  	// EndHeaders indicates that this frame contains an entire
  2290  	// header block and is not followed by any
  2291  	// CONTINUATION frames.
  2292  	EndHeaders bool
  2293  
  2294  	// PadLength is the optional number of bytes of zeros to add
  2295  	// to this frame.
  2296  	PadLength uint8
  2297  
  2298  	// Priority, if non-zero, includes stream priority information
  2299  	// in the HEADER frame.
  2300  	Priority http2PriorityParam
  2301  }
  2302  
  2303  // WriteHeaders writes a single HEADERS frame.
  2304  //
  2305  // This is a low-level header writing method. Encoding headers and
  2306  // splitting them into any necessary CONTINUATION frames is handled
  2307  // elsewhere.
  2308  //
  2309  // It will perform exactly one Write to the underlying Writer.
  2310  // It is the caller's responsibility to not call other Write methods concurrently.
  2311  func (f *http2Framer) WriteHeaders(p http2HeadersFrameParam) error {
  2312  	if !http2validStreamID(p.StreamID) && !f.AllowIllegalWrites {
  2313  		return http2errStreamID
  2314  	}
  2315  	var flags http2Flags
  2316  	if p.PadLength != 0 {
  2317  		flags |= http2FlagHeadersPadded
  2318  	}
  2319  	if p.EndStream {
  2320  		flags |= http2FlagHeadersEndStream
  2321  	}
  2322  	if p.EndHeaders {
  2323  		flags |= http2FlagHeadersEndHeaders
  2324  	}
  2325  	if !p.Priority.IsZero() {
  2326  		flags |= http2FlagHeadersPriority
  2327  	}
  2328  	f.startWrite(http2FrameHeaders, flags, p.StreamID)
  2329  	if p.PadLength != 0 {
  2330  		f.writeByte(p.PadLength)
  2331  	}
  2332  	if !p.Priority.IsZero() {
  2333  		v := p.Priority.StreamDep
  2334  		if !http2validStreamIDOrZero(v) && !f.AllowIllegalWrites {
  2335  			return http2errDepStreamID
  2336  		}
  2337  		if p.Priority.Exclusive {
  2338  			v |= 1 << 31
  2339  		}
  2340  		f.writeUint32(v)
  2341  		f.writeByte(p.Priority.Weight)
  2342  	}
  2343  	f.wbuf = append(f.wbuf, p.BlockFragment...)
  2344  	f.wbuf = append(f.wbuf, http2padZeros[:p.PadLength]...)
  2345  	return f.endWrite()
  2346  }
  2347  
  2348  // A PriorityFrame specifies the sender-advised priority of a stream.
  2349  // See http://http2.github.io/http2-spec/#rfc.section.6.3
  2350  type http2PriorityFrame struct {
  2351  	http2FrameHeader
  2352  	http2PriorityParam
  2353  }
  2354  
  2355  // PriorityParam are the stream prioritzation parameters.
  2356  type http2PriorityParam struct {
  2357  	// StreamDep is a 31-bit stream identifier for the
  2358  	// stream that this stream depends on. Zero means no
  2359  	// dependency.
  2360  	StreamDep uint32
  2361  
  2362  	// Exclusive is whether the dependency is exclusive.
  2363  	Exclusive bool
  2364  
  2365  	// Weight is the stream's zero-indexed weight. It should be
  2366  	// set together with StreamDep, or neither should be set. Per
  2367  	// the spec, "Add one to the value to obtain a weight between
  2368  	// 1 and 256."
  2369  	Weight uint8
  2370  }
  2371  
  2372  func (p http2PriorityParam) IsZero() bool {
  2373  	return p == http2PriorityParam{}
  2374  }
  2375  
  2376  func http2parsePriorityFrame(_ *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) {
  2377  	if fh.StreamID == 0 {
  2378  		return nil, http2connError{http2ErrCodeProtocol, "PRIORITY frame with stream ID 0"}
  2379  	}
  2380  	if len(payload) != 5 {
  2381  		return nil, http2connError{http2ErrCodeFrameSize, fmt.Sprintf("PRIORITY frame payload size was %d; want 5", len(payload))}
  2382  	}
  2383  	v := binary.BigEndian.Uint32(payload[:4])
  2384  	streamID := v & 0x7fffffff // mask off high bit
  2385  	return &http2PriorityFrame{
  2386  		http2FrameHeader: fh,
  2387  		http2PriorityParam: http2PriorityParam{
  2388  			Weight:    payload[4],
  2389  			StreamDep: streamID,
  2390  			Exclusive: streamID != v, // was high bit set?
  2391  		},
  2392  	}, nil
  2393  }
  2394  
  2395  // WritePriority writes a PRIORITY frame.
  2396  //
  2397  // It will perform exactly one Write to the underlying Writer.
  2398  // It is the caller's responsibility to not call other Write methods concurrently.
  2399  func (f *http2Framer) WritePriority(streamID uint32, p http2PriorityParam) error {
  2400  	if !http2validStreamID(streamID) && !f.AllowIllegalWrites {
  2401  		return http2errStreamID
  2402  	}
  2403  	if !http2validStreamIDOrZero(p.StreamDep) {
  2404  		return http2errDepStreamID
  2405  	}
  2406  	f.startWrite(http2FramePriority, 0, streamID)
  2407  	v := p.StreamDep
  2408  	if p.Exclusive {
  2409  		v |= 1 << 31
  2410  	}
  2411  	f.writeUint32(v)
  2412  	f.writeByte(p.Weight)
  2413  	return f.endWrite()
  2414  }
  2415  
  2416  // A RSTStreamFrame allows for abnormal termination of a stream.
  2417  // See http://http2.github.io/http2-spec/#rfc.section.6.4
  2418  type http2RSTStreamFrame struct {
  2419  	http2FrameHeader
  2420  	ErrCode http2ErrCode
  2421  }
  2422  
  2423  func http2parseRSTStreamFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) {
  2424  	if len(p) != 4 {
  2425  		return nil, http2ConnectionError(http2ErrCodeFrameSize)
  2426  	}
  2427  	if fh.StreamID == 0 {
  2428  		return nil, http2ConnectionError(http2ErrCodeProtocol)
  2429  	}
  2430  	return &http2RSTStreamFrame{fh, http2ErrCode(binary.BigEndian.Uint32(p[:4]))}, nil
  2431  }
  2432  
  2433  // WriteRSTStream writes a RST_STREAM frame.
  2434  //
  2435  // It will perform exactly one Write to the underlying Writer.
  2436  // It is the caller's responsibility to not call other Write methods concurrently.
  2437  func (f *http2Framer) WriteRSTStream(streamID uint32, code http2ErrCode) error {
  2438  	if !http2validStreamID(streamID) && !f.AllowIllegalWrites {
  2439  		return http2errStreamID
  2440  	}
  2441  	f.startWrite(http2FrameRSTStream, 0, streamID)
  2442  	f.writeUint32(uint32(code))
  2443  	return f.endWrite()
  2444  }
  2445  
  2446  // A ContinuationFrame is used to continue a sequence of header block fragments.
  2447  // See http://http2.github.io/http2-spec/#rfc.section.6.10
  2448  type http2ContinuationFrame struct {
  2449  	http2FrameHeader
  2450  	headerFragBuf []byte
  2451  }
  2452  
  2453  func http2parseContinuationFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) {
  2454  	if fh.StreamID == 0 {
  2455  		return nil, http2connError{http2ErrCodeProtocol, "CONTINUATION frame with stream ID 0"}
  2456  	}
  2457  	return &http2ContinuationFrame{fh, p}, nil
  2458  }
  2459  
  2460  func (f *http2ContinuationFrame) HeaderBlockFragment() []byte {
  2461  	f.checkValid()
  2462  	return f.headerFragBuf
  2463  }
  2464  
  2465  func (f *http2ContinuationFrame) HeadersEnded() bool {
  2466  	return f.http2FrameHeader.Flags.Has(http2FlagContinuationEndHeaders)
  2467  }
  2468  
  2469  // WriteContinuation writes a CONTINUATION frame.
  2470  //
  2471  // It will perform exactly one Write to the underlying Writer.
  2472  // It is the caller's responsibility to not call other Write methods concurrently.
  2473  func (f *http2Framer) WriteContinuation(streamID uint32, endHeaders bool, headerBlockFragment []byte) error {
  2474  	if !http2validStreamID(streamID) && !f.AllowIllegalWrites {
  2475  		return http2errStreamID
  2476  	}
  2477  	var flags http2Flags
  2478  	if endHeaders {
  2479  		flags |= http2FlagContinuationEndHeaders
  2480  	}
  2481  	f.startWrite(http2FrameContinuation, flags, streamID)
  2482  	f.wbuf = append(f.wbuf, headerBlockFragment...)
  2483  	return f.endWrite()
  2484  }
  2485  
  2486  // A PushPromiseFrame is used to initiate a server stream.
  2487  // See http://http2.github.io/http2-spec/#rfc.section.6.6
  2488  type http2PushPromiseFrame struct {
  2489  	http2FrameHeader
  2490  	PromiseID     uint32
  2491  	headerFragBuf []byte // not owned
  2492  }
  2493  
  2494  func (f *http2PushPromiseFrame) HeaderBlockFragment() []byte {
  2495  	f.checkValid()
  2496  	return f.headerFragBuf
  2497  }
  2498  
  2499  func (f *http2PushPromiseFrame) HeadersEnded() bool {
  2500  	return f.http2FrameHeader.Flags.Has(http2FlagPushPromiseEndHeaders)
  2501  }
  2502  
  2503  func http2parsePushPromise(_ *http2frameCache, fh http2FrameHeader, p []byte) (_ http2Frame, err error) {
  2504  	pp := &http2PushPromiseFrame{
  2505  		http2FrameHeader: fh,
  2506  	}
  2507  	if pp.StreamID == 0 {
  2508  		// PUSH_PROMISE frames MUST be associated with an existing,
  2509  		// peer-initiated stream. The stream identifier of a
  2510  		// PUSH_PROMISE frame indicates the stream it is associated
  2511  		// with. If the stream identifier field specifies the value
  2512  		// 0x0, a recipient MUST respond with a connection error
  2513  		// (Section 5.4.1) of type PROTOCOL_ERROR.
  2514  		return nil, http2ConnectionError(http2ErrCodeProtocol)
  2515  	}
  2516  	// The PUSH_PROMISE frame includes optional padding.
  2517  	// Padding fields and flags are identical to those defined for DATA frames
  2518  	var padLength uint8
  2519  	if fh.Flags.Has(http2FlagPushPromisePadded) {
  2520  		if p, padLength, err = http2readByte(p); err != nil {
  2521  			return
  2522  		}
  2523  	}
  2524  
  2525  	p, pp.PromiseID, err = http2readUint32(p)
  2526  	if err != nil {
  2527  		return
  2528  	}
  2529  	pp.PromiseID = pp.PromiseID & (1<<31 - 1)
  2530  
  2531  	if int(padLength) > len(p) {
  2532  		// like the DATA frame, error out if padding is longer than the body.
  2533  		return nil, http2ConnectionError(http2ErrCodeProtocol)
  2534  	}
  2535  	pp.headerFragBuf = p[:len(p)-int(padLength)]
  2536  	return pp, nil
  2537  }
  2538  
  2539  // PushPromiseParam are the parameters for writing a PUSH_PROMISE frame.
  2540  type http2PushPromiseParam struct {
  2541  	// StreamID is the required Stream ID to initiate.
  2542  	StreamID uint32
  2543  
  2544  	// PromiseID is the required Stream ID which this
  2545  	// Push Promises
  2546  	PromiseID uint32
  2547  
  2548  	// BlockFragment is part (or all) of a Header Block.
  2549  	BlockFragment []byte
  2550  
  2551  	// EndHeaders indicates that this frame contains an entire
  2552  	// header block and is not followed by any
  2553  	// CONTINUATION frames.
  2554  	EndHeaders bool
  2555  
  2556  	// PadLength is the optional number of bytes of zeros to add
  2557  	// to this frame.
  2558  	PadLength uint8
  2559  }
  2560  
  2561  // WritePushPromise writes a single PushPromise Frame.
  2562  //
  2563  // As with Header Frames, This is the low level call for writing
  2564  // individual frames. Continuation frames are handled elsewhere.
  2565  //
  2566  // It will perform exactly one Write to the underlying Writer.
  2567  // It is the caller's responsibility to not call other Write methods concurrently.
  2568  func (f *http2Framer) WritePushPromise(p http2PushPromiseParam) error {
  2569  	if !http2validStreamID(p.StreamID) && !f.AllowIllegalWrites {
  2570  		return http2errStreamID
  2571  	}
  2572  	var flags http2Flags
  2573  	if p.PadLength != 0 {
  2574  		flags |= http2FlagPushPromisePadded
  2575  	}
  2576  	if p.EndHeaders {
  2577  		flags |= http2FlagPushPromiseEndHeaders
  2578  	}
  2579  	f.startWrite(http2FramePushPromise, flags, p.StreamID)
  2580  	if p.PadLength != 0 {
  2581  		f.writeByte(p.PadLength)
  2582  	}
  2583  	if !http2validStreamID(p.PromiseID) && !f.AllowIllegalWrites {
  2584  		return http2errStreamID
  2585  	}
  2586  	f.writeUint32(p.PromiseID)
  2587  	f.wbuf = append(f.wbuf, p.BlockFragment...)
  2588  	f.wbuf = append(f.wbuf, http2padZeros[:p.PadLength]...)
  2589  	return f.endWrite()
  2590  }
  2591  
  2592  // WriteRawFrame writes a raw frame. This can be used to write
  2593  // extension frames unknown to this package.
  2594  func (f *http2Framer) WriteRawFrame(t http2FrameType, flags http2Flags, streamID uint32, payload []byte) error {
  2595  	f.startWrite(t, flags, streamID)
  2596  	f.writeBytes(payload)
  2597  	return f.endWrite()
  2598  }
  2599  
  2600  func http2readByte(p []byte) (remain []byte, b byte, err error) {
  2601  	if len(p) == 0 {
  2602  		return nil, 0, io.ErrUnexpectedEOF
  2603  	}
  2604  	return p[1:], p[0], nil
  2605  }
  2606  
  2607  func http2readUint32(p []byte) (remain []byte, v uint32, err error) {
  2608  	if len(p) < 4 {
  2609  		return nil, 0, io.ErrUnexpectedEOF
  2610  	}
  2611  	return p[4:], binary.BigEndian.Uint32(p[:4]), nil
  2612  }
  2613  
  2614  type http2streamEnder interface {
  2615  	StreamEnded() bool
  2616  }
  2617  
  2618  type http2headersEnder interface {
  2619  	HeadersEnded() bool
  2620  }
  2621  
  2622  type http2headersOrContinuation interface {
  2623  	http2headersEnder
  2624  	HeaderBlockFragment() []byte
  2625  }
  2626  
  2627  // A MetaHeadersFrame is the representation of one HEADERS frame and
  2628  // zero or more contiguous CONTINUATION frames and the decoding of
  2629  // their HPACK-encoded contents.
  2630  //
  2631  // This type of frame does not appear on the wire and is only returned
  2632  // by the Framer when Framer.ReadMetaHeaders is set.
  2633  type http2MetaHeadersFrame struct {
  2634  	*http2HeadersFrame
  2635  
  2636  	// Fields are the fields contained in the HEADERS and
  2637  	// CONTINUATION frames. The underlying slice is owned by the
  2638  	// Framer and must not be retained after the next call to
  2639  	// ReadFrame.
  2640  	//
  2641  	// Fields are guaranteed to be in the correct http2 order and
  2642  	// not have unknown pseudo header fields or invalid header
  2643  	// field names or values. Required pseudo header fields may be
  2644  	// missing, however. Use the MetaHeadersFrame.Pseudo accessor
  2645  	// method access pseudo headers.
  2646  	Fields []hpack.HeaderField
  2647  
  2648  	// Truncated is whether the max header list size limit was hit
  2649  	// and Fields is incomplete. The hpack decoder state is still
  2650  	// valid, however.
  2651  	Truncated bool
  2652  }
  2653  
  2654  // PseudoValue returns the given pseudo header field's value.
  2655  // The provided pseudo field should not contain the leading colon.
  2656  func (mh *http2MetaHeadersFrame) PseudoValue(pseudo string) string {
  2657  	for _, hf := range mh.Fields {
  2658  		if !hf.IsPseudo() {
  2659  			return ""
  2660  		}
  2661  		if hf.Name[1:] == pseudo {
  2662  			return hf.Value
  2663  		}
  2664  	}
  2665  	return ""
  2666  }
  2667  
  2668  // RegularFields returns the regular (non-pseudo) header fields of mh.
  2669  // The caller does not own the returned slice.
  2670  func (mh *http2MetaHeadersFrame) RegularFields() []hpack.HeaderField {
  2671  	for i, hf := range mh.Fields {
  2672  		if !hf.IsPseudo() {
  2673  			return mh.Fields[i:]
  2674  		}
  2675  	}
  2676  	return nil
  2677  }
  2678  
  2679  // PseudoFields returns the pseudo header fields of mh.
  2680  // The caller does not own the returned slice.
  2681  func (mh *http2MetaHeadersFrame) PseudoFields() []hpack.HeaderField {
  2682  	for i, hf := range mh.Fields {
  2683  		if !hf.IsPseudo() {
  2684  			return mh.Fields[:i]
  2685  		}
  2686  	}
  2687  	return mh.Fields
  2688  }
  2689  
  2690  func (mh *http2MetaHeadersFrame) checkPseudos() error {
  2691  	var isRequest, isResponse bool
  2692  	pf := mh.PseudoFields()
  2693  	for i, hf := range pf {
  2694  		switch hf.Name {
  2695  		case ":method", ":path", ":scheme", ":authority":
  2696  			isRequest = true
  2697  		case ":status":
  2698  			isResponse = true
  2699  		default:
  2700  			return http2pseudoHeaderError(hf.Name)
  2701  		}
  2702  		// Check for duplicates.
  2703  		// This would be a bad algorithm, but N is 4.
  2704  		// And this doesn't allocate.
  2705  		for _, hf2 := range pf[:i] {
  2706  			if hf.Name == hf2.Name {
  2707  				return http2duplicatePseudoHeaderError(hf.Name)
  2708  			}
  2709  		}
  2710  	}
  2711  	if isRequest && isResponse {
  2712  		return http2errMixPseudoHeaderTypes
  2713  	}
  2714  	return nil
  2715  }
  2716  
  2717  func (fr *http2Framer) maxHeaderStringLen() int {
  2718  	v := fr.maxHeaderListSize()
  2719  	if uint32(int(v)) == v {
  2720  		return int(v)
  2721  	}
  2722  	// They had a crazy big number for MaxHeaderBytes anyway,
  2723  	// so give them unlimited header lengths:
  2724  	return 0
  2725  }
  2726  
  2727  // readMetaFrame returns 0 or more CONTINUATION frames from fr and
  2728  // merge them into into the provided hf and returns a MetaHeadersFrame
  2729  // with the decoded hpack values.
  2730  func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFrame, error) {
  2731  	if fr.AllowIllegalReads {
  2732  		return nil, errors.New("illegal use of AllowIllegalReads with ReadMetaHeaders")
  2733  	}
  2734  	mh := &http2MetaHeadersFrame{
  2735  		http2HeadersFrame: hf,
  2736  	}
  2737  	var remainSize = fr.maxHeaderListSize()
  2738  	var sawRegular bool
  2739  
  2740  	var invalid error // pseudo header field errors
  2741  	hdec := fr.ReadMetaHeaders
  2742  	hdec.SetEmitEnabled(true)
  2743  	hdec.SetMaxStringLength(fr.maxHeaderStringLen())
  2744  	hdec.SetEmitFunc(func(hf hpack.HeaderField) {
  2745  		if http2VerboseLogs && fr.logReads {
  2746  			fr.debugReadLoggerf("http2: decoded hpack field %+v", hf)
  2747  		}
  2748  		if !httplex.ValidHeaderFieldValue(hf.Value) {
  2749  			invalid = http2headerFieldValueError(hf.Value)
  2750  		}
  2751  		isPseudo := strings.HasPrefix(hf.Name, ":")
  2752  		if isPseudo {
  2753  			if sawRegular {
  2754  				invalid = http2errPseudoAfterRegular
  2755  			}
  2756  		} else {
  2757  			sawRegular = true
  2758  			if !http2validWireHeaderFieldName(hf.Name) {
  2759  				invalid = http2headerFieldNameError(hf.Name)
  2760  			}
  2761  		}
  2762  
  2763  		if invalid != nil {
  2764  			hdec.SetEmitEnabled(false)
  2765  			return
  2766  		}
  2767  
  2768  		size := hf.Size()
  2769  		if size > remainSize {
  2770  			hdec.SetEmitEnabled(false)
  2771  			mh.Truncated = true
  2772  			return
  2773  		}
  2774  		remainSize -= size
  2775  
  2776  		mh.Fields = append(mh.Fields, hf)
  2777  	})
  2778  	// Lose reference to MetaHeadersFrame:
  2779  	defer hdec.SetEmitFunc(func(hf hpack.HeaderField) {})
  2780  
  2781  	var hc http2headersOrContinuation = hf
  2782  	for {
  2783  		frag := hc.HeaderBlockFragment()
  2784  		if _, err := hdec.Write(frag); err != nil {
  2785  			return nil, http2ConnectionError(http2ErrCodeCompression)
  2786  		}
  2787  
  2788  		if hc.HeadersEnded() {
  2789  			break
  2790  		}
  2791  		if f, err := fr.ReadFrame(); err != nil {
  2792  			return nil, err
  2793  		} else {
  2794  			hc = f.(*http2ContinuationFrame) // guaranteed by checkFrameOrder
  2795  		}
  2796  	}
  2797  
  2798  	mh.http2HeadersFrame.headerFragBuf = nil
  2799  	mh.http2HeadersFrame.invalidate()
  2800  
  2801  	if err := hdec.Close(); err != nil {
  2802  		return nil, http2ConnectionError(http2ErrCodeCompression)
  2803  	}
  2804  	if invalid != nil {
  2805  		fr.errDetail = invalid
  2806  		if http2VerboseLogs {
  2807  			log.Printf("http2: invalid header: %v", invalid)
  2808  		}
  2809  		return nil, http2StreamError{mh.StreamID, http2ErrCodeProtocol, invalid}
  2810  	}
  2811  	if err := mh.checkPseudos(); err != nil {
  2812  		fr.errDetail = err
  2813  		if http2VerboseLogs {
  2814  			log.Printf("http2: invalid pseudo headers: %v", err)
  2815  		}
  2816  		return nil, http2StreamError{mh.StreamID, http2ErrCodeProtocol, err}
  2817  	}
  2818  	return mh, nil
  2819  }
  2820  
  2821  func http2summarizeFrame(f http2Frame) string {
  2822  	var buf bytes.Buffer
  2823  	f.Header().writeDebug(&buf)
  2824  	switch f := f.(type) {
  2825  	case *http2SettingsFrame:
  2826  		n := 0
  2827  		f.ForeachSetting(func(s http2Setting) error {
  2828  			n++
  2829  			if n == 1 {
  2830  				buf.WriteString(", settings:")
  2831  			}
  2832  			fmt.Fprintf(&buf, " %v=%v,", s.ID, s.Val)
  2833  			return nil
  2834  		})
  2835  		if n > 0 {
  2836  			buf.Truncate(buf.Len() - 1) // remove trailing comma
  2837  		}
  2838  	case *http2DataFrame:
  2839  		data := f.Data()
  2840  		const max = 256
  2841  		if len(data) > max {
  2842  			data = data[:max]
  2843  		}
  2844  		fmt.Fprintf(&buf, " data=%q", data)
  2845  		if len(f.Data()) > max {
  2846  			fmt.Fprintf(&buf, " (%d bytes omitted)", len(f.Data())-max)
  2847  		}
  2848  	case *http2WindowUpdateFrame:
  2849  		if f.StreamID == 0 {
  2850  			buf.WriteString(" (conn)")
  2851  		}
  2852  		fmt.Fprintf(&buf, " incr=%v", f.Increment)
  2853  	case *http2PingFrame:
  2854  		fmt.Fprintf(&buf, " ping=%q", f.Data[:])
  2855  	case *http2GoAwayFrame:
  2856  		fmt.Fprintf(&buf, " LastStreamID=%v ErrCode=%v Debug=%q",
  2857  			f.LastStreamID, f.ErrCode, f.debugData)
  2858  	case *http2RSTStreamFrame:
  2859  		fmt.Fprintf(&buf, " ErrCode=%v", f.ErrCode)
  2860  	}
  2861  	return buf.String()
  2862  }
  2863  
  2864  func http2transportExpectContinueTimeout(t1 *Transport) time.Duration {
  2865  	return t1.ExpectContinueTimeout
  2866  }
  2867  
  2868  type http2contextContext interface {
  2869  	context.Context
  2870  }
  2871  
  2872  func http2serverConnBaseContext(c net.Conn, opts *http2ServeConnOpts) (ctx http2contextContext, cancel func()) {
  2873  	ctx, cancel = context.WithCancel(context.Background())
  2874  	ctx = context.WithValue(ctx, LocalAddrContextKey, c.LocalAddr())
  2875  	if hs := opts.baseConfig(); hs != nil {
  2876  		ctx = context.WithValue(ctx, ServerContextKey, hs)
  2877  	}
  2878  	return
  2879  }
  2880  
  2881  func http2contextWithCancel(ctx http2contextContext) (_ http2contextContext, cancel func()) {
  2882  	return context.WithCancel(ctx)
  2883  }
  2884  
  2885  func http2requestWithContext(req *Request, ctx http2contextContext) *Request {
  2886  	return req.WithContext(ctx)
  2887  }
  2888  
  2889  type http2clientTrace httptrace.ClientTrace
  2890  
  2891  func http2reqContext(r *Request) context.Context { return r.Context() }
  2892  
  2893  func (t *http2Transport) idleConnTimeout() time.Duration {
  2894  	if t.t1 != nil {
  2895  		return t.t1.IdleConnTimeout
  2896  	}
  2897  	return 0
  2898  }
  2899  
  2900  func http2setResponseUncompressed(res *Response) { res.Uncompressed = true }
  2901  
  2902  func http2traceGotConn(req *Request, cc *http2ClientConn) {
  2903  	trace := httptrace.ContextClientTrace(req.Context())
  2904  	if trace == nil || trace.GotConn == nil {
  2905  		return
  2906  	}
  2907  	ci := httptrace.GotConnInfo{Conn: cc.tconn}
  2908  	cc.mu.Lock()
  2909  	ci.Reused = cc.nextStreamID > 1
  2910  	ci.WasIdle = len(cc.streams) == 0 && ci.Reused
  2911  	if ci.WasIdle && !cc.lastActive.IsZero() {
  2912  		ci.IdleTime = time.Now().Sub(cc.lastActive)
  2913  	}
  2914  	cc.mu.Unlock()
  2915  
  2916  	trace.GotConn(ci)
  2917  }
  2918  
  2919  func http2traceWroteHeaders(trace *http2clientTrace) {
  2920  	if trace != nil && trace.WroteHeaders != nil {
  2921  		trace.WroteHeaders()
  2922  	}
  2923  }
  2924  
  2925  func http2traceGot100Continue(trace *http2clientTrace) {
  2926  	if trace != nil && trace.Got100Continue != nil {
  2927  		trace.Got100Continue()
  2928  	}
  2929  }
  2930  
  2931  func http2traceWait100Continue(trace *http2clientTrace) {
  2932  	if trace != nil && trace.Wait100Continue != nil {
  2933  		trace.Wait100Continue()
  2934  	}
  2935  }
  2936  
  2937  func http2traceWroteRequest(trace *http2clientTrace, err error) {
  2938  	if trace != nil && trace.WroteRequest != nil {
  2939  		trace.WroteRequest(httptrace.WroteRequestInfo{Err: err})
  2940  	}
  2941  }
  2942  
  2943  func http2traceFirstResponseByte(trace *http2clientTrace) {
  2944  	if trace != nil && trace.GotFirstResponseByte != nil {
  2945  		trace.GotFirstResponseByte()
  2946  	}
  2947  }
  2948  
  2949  func http2requestTrace(req *Request) *http2clientTrace {
  2950  	trace := httptrace.ContextClientTrace(req.Context())
  2951  	return (*http2clientTrace)(trace)
  2952  }
  2953  
  2954  // Ping sends a PING frame to the server and waits for the ack.
  2955  func (cc *http2ClientConn) Ping(ctx context.Context) error {
  2956  	return cc.ping(ctx)
  2957  }
  2958  
  2959  func http2cloneTLSConfig(c *tls.Config) *tls.Config {
  2960  	c2 := c.Clone()
  2961  	c2.GetClientCertificate = c.GetClientCertificate // golang.org/issue/19264
  2962  	return c2
  2963  }
  2964  
  2965  var _ Pusher = (*http2responseWriter)(nil)
  2966  
  2967  // Push implements http.Pusher.
  2968  func (w *http2responseWriter) Push(target string, opts *PushOptions) error {
  2969  	internalOpts := http2pushOptions{}
  2970  	if opts != nil {
  2971  		internalOpts.Method = opts.Method
  2972  		internalOpts.Header = opts.Header
  2973  	}
  2974  	return w.push(target, internalOpts)
  2975  }
  2976  
  2977  func http2configureServer18(h1 *Server, h2 *http2Server) error {
  2978  	if h2.IdleTimeout == 0 {
  2979  		if h1.IdleTimeout != 0 {
  2980  			h2.IdleTimeout = h1.IdleTimeout
  2981  		} else {
  2982  			h2.IdleTimeout = h1.ReadTimeout
  2983  		}
  2984  	}
  2985  	return nil
  2986  }
  2987  
  2988  func http2shouldLogPanic(panicValue interface{}) bool {
  2989  	return panicValue != nil && panicValue != ErrAbortHandler
  2990  }
  2991  
  2992  func http2reqGetBody(req *Request) func() (io.ReadCloser, error) {
  2993  	return req.GetBody
  2994  }
  2995  
  2996  func http2reqBodyIsNoBody(body io.ReadCloser) bool {
  2997  	return body == NoBody
  2998  }
  2999  
  3000  func http2go18httpNoBody() io.ReadCloser { return NoBody } // for tests only
  3001  
  3002  func http2configureServer19(s *Server, conf *http2Server) error {
  3003  	s.RegisterOnShutdown(conf.state.startGracefulShutdown)
  3004  	return nil
  3005  }
  3006  
  3007  var http2DebugGoroutines = os.Getenv("DEBUG_HTTP2_GOROUTINES") == "1"
  3008  
  3009  type http2goroutineLock uint64
  3010  
  3011  func http2newGoroutineLock() http2goroutineLock {
  3012  	if !http2DebugGoroutines {
  3013  		return 0
  3014  	}
  3015  	return http2goroutineLock(http2curGoroutineID())
  3016  }
  3017  
  3018  func (g http2goroutineLock) check() {
  3019  	if !http2DebugGoroutines {
  3020  		return
  3021  	}
  3022  	if http2curGoroutineID() != uint64(g) {
  3023  		panic("running on the wrong goroutine")
  3024  	}
  3025  }
  3026  
  3027  func (g http2goroutineLock) checkNotOn() {
  3028  	if !http2DebugGoroutines {
  3029  		return
  3030  	}
  3031  	if http2curGoroutineID() == uint64(g) {
  3032  		panic("running on the wrong goroutine")
  3033  	}
  3034  }
  3035  
  3036  var http2goroutineSpace = []byte("goroutine ")
  3037  
  3038  func http2curGoroutineID() uint64 {
  3039  	bp := http2littleBuf.Get().(*[]byte)
  3040  	defer http2littleBuf.Put(bp)
  3041  	b := *bp
  3042  	b = b[:runtime.Stack(b, false)]
  3043  	// Parse the 4707 out of "goroutine 4707 ["
  3044  	b = bytes.TrimPrefix(b, http2goroutineSpace)
  3045  	i := bytes.IndexByte(b, ' ')
  3046  	if i < 0 {
  3047  		panic(fmt.Sprintf("No space found in %q", b))
  3048  	}
  3049  	b = b[:i]
  3050  	n, err := http2parseUintBytes(b, 10, 64)
  3051  	if err != nil {
  3052  		panic(fmt.Sprintf("Failed to parse goroutine ID out of %q: %v", b, err))
  3053  	}
  3054  	return n
  3055  }
  3056  
  3057  var http2littleBuf = sync.Pool{
  3058  	New: func() interface{} {
  3059  		buf := make([]byte, 64)
  3060  		return &buf
  3061  	},
  3062  }
  3063  
  3064  // parseUintBytes is like strconv.ParseUint, but using a []byte.
  3065  func http2parseUintBytes(s []byte, base int, bitSize int) (n uint64, err error) {
  3066  	var cutoff, maxVal uint64
  3067  
  3068  	if bitSize == 0 {
  3069  		bitSize = int(strconv.IntSize)
  3070  	}
  3071  
  3072  	s0 := s
  3073  	switch {
  3074  	case len(s) < 1:
  3075  		err = strconv.ErrSyntax
  3076  		goto Error
  3077  
  3078  	case 2 <= base && base <= 36:
  3079  		// valid base; nothing to do
  3080  
  3081  	case base == 0:
  3082  		// Look for octal, hex prefix.
  3083  		switch {
  3084  		case s[0] == '0' && len(s) > 1 && (s[1] == 'x' || s[1] == 'X'):
  3085  			base = 16
  3086  			s = s[2:]
  3087  			if len(s) < 1 {
  3088  				err = strconv.ErrSyntax
  3089  				goto Error
  3090  			}
  3091  		case s[0] == '0':
  3092  			base = 8
  3093  		default:
  3094  			base = 10
  3095  		}
  3096  
  3097  	default:
  3098  		err = errors.New("invalid base " + strconv.Itoa(base))
  3099  		goto Error
  3100  	}
  3101  
  3102  	n = 0
  3103  	cutoff = http2cutoff64(base)
  3104  	maxVal = 1<<uint(bitSize) - 1
  3105  
  3106  	for i := 0; i < len(s); i++ {
  3107  		var v byte
  3108  		d := s[i]
  3109  		switch {
  3110  		case '0' <= d && d <= '9':
  3111  			v = d - '0'
  3112  		case 'a' <= d && d <= 'z':
  3113  			v = d - 'a' + 10
  3114  		case 'A' <= d && d <= 'Z':
  3115  			v = d - 'A' + 10
  3116  		default:
  3117  			n = 0
  3118  			err = strconv.ErrSyntax
  3119  			goto Error
  3120  		}
  3121  		if int(v) >= base {
  3122  			n = 0
  3123  			err = strconv.ErrSyntax
  3124  			goto Error
  3125  		}
  3126  
  3127  		if n >= cutoff {
  3128  			// n*base overflows
  3129  			n = 1<<64 - 1
  3130  			err = strconv.ErrRange
  3131  			goto Error
  3132  		}
  3133  		n *= uint64(base)
  3134  
  3135  		n1 := n + uint64(v)
  3136  		if n1 < n || n1 > maxVal {
  3137  			// n+v overflows
  3138  			n = 1<<64 - 1
  3139  			err = strconv.ErrRange
  3140  			goto Error
  3141  		}
  3142  		n = n1
  3143  	}
  3144  
  3145  	return n, nil
  3146  
  3147  Error:
  3148  	return n, &strconv.NumError{Func: "ParseUint", Num: string(s0), Err: err}
  3149  }
  3150  
  3151  // Return the first number n such that n*base >= 1<<64.
  3152  func http2cutoff64(base int) uint64 {
  3153  	if base < 2 {
  3154  		return 0
  3155  	}
  3156  	return (1<<64-1)/uint64(base) + 1
  3157  }
  3158  
  3159  var (
  3160  	http2commonLowerHeader = map[string]string{} // Go-Canonical-Case -> lower-case
  3161  	http2commonCanonHeader = map[string]string{} // lower-case -> Go-Canonical-Case
  3162  )
  3163  
  3164  func init() {
  3165  	for _, v := range []string{
  3166  		"accept",
  3167  		"accept-charset",
  3168  		"accept-encoding",
  3169  		"accept-language",
  3170  		"accept-ranges",
  3171  		"age",
  3172  		"access-control-allow-origin",
  3173  		"allow",
  3174  		"authorization",
  3175  		"cache-control",
  3176  		"content-disposition",
  3177  		"content-encoding",
  3178  		"content-language",
  3179  		"content-length",
  3180  		"content-location",
  3181  		"content-range",
  3182  		"content-type",
  3183  		"cookie",
  3184  		"date",
  3185  		"etag",
  3186  		"expect",
  3187  		"expires",
  3188  		"from",
  3189  		"host",
  3190  		"if-match",
  3191  		"if-modified-since",
  3192  		"if-none-match",
  3193  		"if-unmodified-since",
  3194  		"last-modified",
  3195  		"link",
  3196  		"location",
  3197  		"max-forwards",
  3198  		"proxy-authenticate",
  3199  		"proxy-authorization",
  3200  		"range",
  3201  		"referer",
  3202  		"refresh",
  3203  		"retry-after",
  3204  		"server",
  3205  		"set-cookie",
  3206  		"strict-transport-security",
  3207  		"trailer",
  3208  		"transfer-encoding",
  3209  		"user-agent",
  3210  		"vary",
  3211  		"via",
  3212  		"www-authenticate",
  3213  	} {
  3214  		chk := CanonicalHeaderKey(v)
  3215  		http2commonLowerHeader[chk] = v
  3216  		http2commonCanonHeader[v] = chk
  3217  	}
  3218  }
  3219  
  3220  func http2lowerHeader(v string) string {
  3221  	if s, ok := http2commonLowerHeader[v]; ok {
  3222  		return s
  3223  	}
  3224  	return strings.ToLower(v)
  3225  }
  3226  
  3227  var (
  3228  	http2VerboseLogs    bool
  3229  	http2logFrameWrites bool
  3230  	http2logFrameReads  bool
  3231  	http2inTests        bool
  3232  )
  3233  
  3234  func init() {
  3235  	e := os.Getenv("GODEBUG")
  3236  	if strings.Contains(e, "http2debug=1") {
  3237  		http2VerboseLogs = true
  3238  	}
  3239  	if strings.Contains(e, "http2debug=2") {
  3240  		http2VerboseLogs = true
  3241  		http2logFrameWrites = true
  3242  		http2logFrameReads = true
  3243  	}
  3244  }
  3245  
  3246  const (
  3247  	// ClientPreface is the string that must be sent by new
  3248  	// connections from clients.
  3249  	http2ClientPreface = "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n"
  3250  
  3251  	// SETTINGS_MAX_FRAME_SIZE default
  3252  	// http://http2.github.io/http2-spec/#rfc.section.6.5.2
  3253  	http2initialMaxFrameSize = 16384
  3254  
  3255  	// NextProtoTLS is the NPN/ALPN protocol negotiated during
  3256  	// HTTP/2's TLS setup.
  3257  	http2NextProtoTLS = "h2"
  3258  
  3259  	// http://http2.github.io/http2-spec/#SettingValues
  3260  	http2initialHeaderTableSize = 4096
  3261  
  3262  	http2initialWindowSize = 65535 // 6.9.2 Initial Flow Control Window Size
  3263  
  3264  	http2defaultMaxReadFrameSize = 1 << 20
  3265  )
  3266  
  3267  var (
  3268  	http2clientPreface = []byte(http2ClientPreface)
  3269  )
  3270  
  3271  type http2streamState int
  3272  
  3273  // HTTP/2 stream states.
  3274  //
  3275  // See http://tools.ietf.org/html/rfc7540#section-5.1.
  3276  //
  3277  // For simplicity, the server code merges "reserved (local)" into
  3278  // "half-closed (remote)". This is one less state transition to track.
  3279  // The only downside is that we send PUSH_PROMISEs slightly less
  3280  // liberally than allowable. More discussion here:
  3281  // https://lists.w3.org/Archives/Public/ietf-http-wg/2016JulSep/0599.html
  3282  //
  3283  // "reserved (remote)" is omitted since the client code does not
  3284  // support server push.
  3285  const (
  3286  	http2stateIdle http2streamState = iota
  3287  	http2stateOpen
  3288  	http2stateHalfClosedLocal
  3289  	http2stateHalfClosedRemote
  3290  	http2stateClosed
  3291  )
  3292  
  3293  var http2stateName = [...]string{
  3294  	http2stateIdle:             "Idle",
  3295  	http2stateOpen:             "Open",
  3296  	http2stateHalfClosedLocal:  "HalfClosedLocal",
  3297  	http2stateHalfClosedRemote: "HalfClosedRemote",
  3298  	http2stateClosed:           "Closed",
  3299  }
  3300  
  3301  func (st http2streamState) String() string {
  3302  	return http2stateName[st]
  3303  }
  3304  
  3305  // Setting is a setting parameter: which setting it is, and its value.
  3306  type http2Setting struct {
  3307  	// ID is which setting is being set.
  3308  	// See http://http2.github.io/http2-spec/#SettingValues
  3309  	ID http2SettingID
  3310  
  3311  	// Val is the value.
  3312  	Val uint32
  3313  }
  3314  
  3315  func (s http2Setting) String() string {
  3316  	return fmt.Sprintf("[%v = %d]", s.ID, s.Val)
  3317  }
  3318  
  3319  // Valid reports whether the setting is valid.
  3320  func (s http2Setting) Valid() error {
  3321  	// Limits and error codes from 6.5.2 Defined SETTINGS Parameters
  3322  	switch s.ID {
  3323  	case http2SettingEnablePush:
  3324  		if s.Val != 1 && s.Val != 0 {
  3325  			return http2ConnectionError(http2ErrCodeProtocol)
  3326  		}
  3327  	case http2SettingInitialWindowSize:
  3328  		if s.Val > 1<<31-1 {
  3329  			return http2ConnectionError(http2ErrCodeFlowControl)
  3330  		}
  3331  	case http2SettingMaxFrameSize:
  3332  		if s.Val < 16384 || s.Val > 1<<24-1 {
  3333  			return http2ConnectionError(http2ErrCodeProtocol)
  3334  		}
  3335  	}
  3336  	return nil
  3337  }
  3338  
  3339  // A SettingID is an HTTP/2 setting as defined in
  3340  // http://http2.github.io/http2-spec/#iana-settings
  3341  type http2SettingID uint16
  3342  
  3343  const (
  3344  	http2SettingHeaderTableSize      http2SettingID = 0x1
  3345  	http2SettingEnablePush           http2SettingID = 0x2
  3346  	http2SettingMaxConcurrentStreams http2SettingID = 0x3
  3347  	http2SettingInitialWindowSize    http2SettingID = 0x4
  3348  	http2SettingMaxFrameSize         http2SettingID = 0x5
  3349  	http2SettingMaxHeaderListSize    http2SettingID = 0x6
  3350  )
  3351  
  3352  var http2settingName = map[http2SettingID]string{
  3353  	http2SettingHeaderTableSize:      "HEADER_TABLE_SIZE",
  3354  	http2SettingEnablePush:           "ENABLE_PUSH",
  3355  	http2SettingMaxConcurrentStreams: "MAX_CONCURRENT_STREAMS",
  3356  	http2SettingInitialWindowSize:    "INITIAL_WINDOW_SIZE",
  3357  	http2SettingMaxFrameSize:         "MAX_FRAME_SIZE",
  3358  	http2SettingMaxHeaderListSize:    "MAX_HEADER_LIST_SIZE",
  3359  }
  3360  
  3361  func (s http2SettingID) String() string {
  3362  	if v, ok := http2settingName[s]; ok {
  3363  		return v
  3364  	}
  3365  	return fmt.Sprintf("UNKNOWN_SETTING_%d", uint16(s))
  3366  }
  3367  
  3368  var (
  3369  	http2errInvalidHeaderFieldName  = errors.New("http2: invalid header field name")
  3370  	http2errInvalidHeaderFieldValue = errors.New("http2: invalid header field value")
  3371  )
  3372  
  3373  // validWireHeaderFieldName reports whether v is a valid header field
  3374  // name (key). See httplex.ValidHeaderName for the base rules.
  3375  //
  3376  // Further, http2 says:
  3377  //   "Just as in HTTP/1.x, header field names are strings of ASCII
  3378  //   characters that are compared in a case-insensitive
  3379  //   fashion. However, header field names MUST be converted to
  3380  //   lowercase prior to their encoding in HTTP/2. "
  3381  func http2validWireHeaderFieldName(v string) bool {
  3382  	if len(v) == 0 {
  3383  		return false
  3384  	}
  3385  	for _, r := range v {
  3386  		if !httplex.IsTokenRune(r) {
  3387  			return false
  3388  		}
  3389  		if 'A' <= r && r <= 'Z' {
  3390  			return false
  3391  		}
  3392  	}
  3393  	return true
  3394  }
  3395  
  3396  var http2httpCodeStringCommon = map[int]string{} // n -> strconv.Itoa(n)
  3397  
  3398  func init() {
  3399  	for i := 100; i <= 999; i++ {
  3400  		if v := StatusText(i); v != "" {
  3401  			http2httpCodeStringCommon[i] = strconv.Itoa(i)
  3402  		}
  3403  	}
  3404  }
  3405  
  3406  func http2httpCodeString(code int) string {
  3407  	if s, ok := http2httpCodeStringCommon[code]; ok {
  3408  		return s
  3409  	}
  3410  	return strconv.Itoa(code)
  3411  }
  3412  
  3413  // from pkg io
  3414  type http2stringWriter interface {
  3415  	WriteString(s string) (n int, err error)
  3416  }
  3417  
  3418  // A gate lets two goroutines coordinate their activities.
  3419  type http2gate chan struct{}
  3420  
  3421  func (g http2gate) Done() { g <- struct{}{} }
  3422  
  3423  func (g http2gate) Wait() { <-g }
  3424  
  3425  // A closeWaiter is like a sync.WaitGroup but only goes 1 to 0 (open to closed).
  3426  type http2closeWaiter chan struct{}
  3427  
  3428  // Init makes a closeWaiter usable.
  3429  // It exists because so a closeWaiter value can be placed inside a
  3430  // larger struct and have the Mutex and Cond's memory in the same
  3431  // allocation.
  3432  func (cw *http2closeWaiter) Init() {
  3433  	*cw = make(chan struct{})
  3434  }
  3435  
  3436  // Close marks the closeWaiter as closed and unblocks any waiters.
  3437  func (cw http2closeWaiter) Close() {
  3438  	close(cw)
  3439  }
  3440  
  3441  // Wait waits for the closeWaiter to become closed.
  3442  func (cw http2closeWaiter) Wait() {
  3443  	<-cw
  3444  }
  3445  
  3446  // bufferedWriter is a buffered writer that writes to w.
  3447  // Its buffered writer is lazily allocated as needed, to minimize
  3448  // idle memory usage with many connections.
  3449  type http2bufferedWriter struct {
  3450  	w  io.Writer     // immutable
  3451  	bw *bufio.Writer // non-nil when data is buffered
  3452  }
  3453  
  3454  func http2newBufferedWriter(w io.Writer) *http2bufferedWriter {
  3455  	return &http2bufferedWriter{w: w}
  3456  }
  3457  
  3458  // bufWriterPoolBufferSize is the size of bufio.Writer's
  3459  // buffers created using bufWriterPool.
  3460  //
  3461  // TODO: pick a less arbitrary value? this is a bit under
  3462  // (3 x typical 1500 byte MTU) at least. Other than that,
  3463  // not much thought went into it.
  3464  const http2bufWriterPoolBufferSize = 4 << 10
  3465  
  3466  var http2bufWriterPool = sync.Pool{
  3467  	New: func() interface{} {
  3468  		return bufio.NewWriterSize(nil, http2bufWriterPoolBufferSize)
  3469  	},
  3470  }
  3471  
  3472  func (w *http2bufferedWriter) Available() int {
  3473  	if w.bw == nil {
  3474  		return http2bufWriterPoolBufferSize
  3475  	}
  3476  	return w.bw.Available()
  3477  }
  3478  
  3479  func (w *http2bufferedWriter) Write(p []byte) (n int, err error) {
  3480  	if w.bw == nil {
  3481  		bw := http2bufWriterPool.Get().(*bufio.Writer)
  3482  		bw.Reset(w.w)
  3483  		w.bw = bw
  3484  	}
  3485  	return w.bw.Write(p)
  3486  }
  3487  
  3488  func (w *http2bufferedWriter) Flush() error {
  3489  	bw := w.bw
  3490  	if bw == nil {
  3491  		return nil
  3492  	}
  3493  	err := bw.Flush()
  3494  	bw.Reset(nil)
  3495  	http2bufWriterPool.Put(bw)
  3496  	w.bw = nil
  3497  	return err
  3498  }
  3499  
  3500  func http2mustUint31(v int32) uint32 {
  3501  	if v < 0 || v > 2147483647 {
  3502  		panic("out of range")
  3503  	}
  3504  	return uint32(v)
  3505  }
  3506  
  3507  // bodyAllowedForStatus reports whether a given response status code
  3508  // permits a body. See RFC 2616, section 4.4.
  3509  func http2bodyAllowedForStatus(status int) bool {
  3510  	switch {
  3511  	case status >= 100 && status <= 199:
  3512  		return false
  3513  	case status == 204:
  3514  		return false
  3515  	case status == 304:
  3516  		return false
  3517  	}
  3518  	return true
  3519  }
  3520  
  3521  type http2httpError struct {
  3522  	msg     string
  3523  	timeout bool
  3524  }
  3525  
  3526  func (e *http2httpError) Error() string { return e.msg }
  3527  
  3528  func (e *http2httpError) Timeout() bool { return e.timeout }
  3529  
  3530  func (e *http2httpError) Temporary() bool { return true }
  3531  
  3532  var http2errTimeout error = &http2httpError{msg: "http2: timeout awaiting response headers", timeout: true}
  3533  
  3534  type http2connectionStater interface {
  3535  	ConnectionState() tls.ConnectionState
  3536  }
  3537  
  3538  var http2sorterPool = sync.Pool{New: func() interface{} { return new(http2sorter) }}
  3539  
  3540  type http2sorter struct {
  3541  	v []string // owned by sorter
  3542  }
  3543  
  3544  func (s *http2sorter) Len() int { return len(s.v) }
  3545  
  3546  func (s *http2sorter) Swap(i, j int) { s.v[i], s.v[j] = s.v[j], s.v[i] }
  3547  
  3548  func (s *http2sorter) Less(i, j int) bool { return s.v[i] < s.v[j] }
  3549  
  3550  // Keys returns the sorted keys of h.
  3551  //
  3552  // The returned slice is only valid until s used again or returned to
  3553  // its pool.
  3554  func (s *http2sorter) Keys(h Header) []string {
  3555  	keys := s.v[:0]
  3556  	for k := range h {
  3557  		keys = append(keys, k)
  3558  	}
  3559  	s.v = keys
  3560  	sort.Sort(s)
  3561  	return keys
  3562  }
  3563  
  3564  func (s *http2sorter) SortStrings(ss []string) {
  3565  	// Our sorter works on s.v, which sorter owns, so
  3566  	// stash it away while we sort the user's buffer.
  3567  	save := s.v
  3568  	s.v = ss
  3569  	sort.Sort(s)
  3570  	s.v = save
  3571  }
  3572  
  3573  // validPseudoPath reports whether v is a valid :path pseudo-header
  3574  // value. It must be either:
  3575  //
  3576  //     *) a non-empty string starting with '/'
  3577  //     *) the string '*', for OPTIONS requests.
  3578  //
  3579  // For now this is only used a quick check for deciding when to clean
  3580  // up Opaque URLs before sending requests from the Transport.
  3581  // See golang.org/issue/16847
  3582  //
  3583  // We used to enforce that the path also didn't start with "//", but
  3584  // Google's GFE accepts such paths and Chrome sends them, so ignore
  3585  // that part of the spec. See golang.org/issue/19103.
  3586  func http2validPseudoPath(v string) bool {
  3587  	return (len(v) > 0 && v[0] == '/') || v == "*"
  3588  }
  3589  
  3590  // pipe is a goroutine-safe io.Reader/io.Writer pair. It's like
  3591  // io.Pipe except there are no PipeReader/PipeWriter halves, and the
  3592  // underlying buffer is an interface. (io.Pipe is always unbuffered)
  3593  type http2pipe struct {
  3594  	mu       sync.Mutex
  3595  	c        sync.Cond       // c.L lazily initialized to &p.mu
  3596  	b        http2pipeBuffer // nil when done reading
  3597  	err      error           // read error once empty. non-nil means closed.
  3598  	breakErr error           // immediate read error (caller doesn't see rest of b)
  3599  	donec    chan struct{}   // closed on error
  3600  	readFn   func()          // optional code to run in Read before error
  3601  }
  3602  
  3603  type http2pipeBuffer interface {
  3604  	Len() int
  3605  	io.Writer
  3606  	io.Reader
  3607  }
  3608  
  3609  func (p *http2pipe) Len() int {
  3610  	p.mu.Lock()
  3611  	defer p.mu.Unlock()
  3612  	if p.b == nil {
  3613  		return 0
  3614  	}
  3615  	return p.b.Len()
  3616  }
  3617  
  3618  // Read waits until data is available and copies bytes
  3619  // from the buffer into p.
  3620  func (p *http2pipe) Read(d []byte) (n int, err error) {
  3621  	p.mu.Lock()
  3622  	defer p.mu.Unlock()
  3623  	if p.c.L == nil {
  3624  		p.c.L = &p.mu
  3625  	}
  3626  	for {
  3627  		if p.breakErr != nil {
  3628  			return 0, p.breakErr
  3629  		}
  3630  		if p.b != nil && p.b.Len() > 0 {
  3631  			return p.b.Read(d)
  3632  		}
  3633  		if p.err != nil {
  3634  			if p.readFn != nil {
  3635  				p.readFn()     // e.g. copy trailers
  3636  				p.readFn = nil // not sticky like p.err
  3637  			}
  3638  			p.b = nil
  3639  			return 0, p.err
  3640  		}
  3641  		p.c.Wait()
  3642  	}
  3643  }
  3644  
  3645  var http2errClosedPipeWrite = errors.New("write on closed buffer")
  3646  
  3647  // Write copies bytes from p into the buffer and wakes a reader.
  3648  // It is an error to write more data than the buffer can hold.
  3649  func (p *http2pipe) Write(d []byte) (n int, err error) {
  3650  	p.mu.Lock()
  3651  	defer p.mu.Unlock()
  3652  	if p.c.L == nil {
  3653  		p.c.L = &p.mu
  3654  	}
  3655  	defer p.c.Signal()
  3656  	if p.err != nil {
  3657  		return 0, http2errClosedPipeWrite
  3658  	}
  3659  	if p.breakErr != nil {
  3660  		return len(d), nil // discard when there is no reader
  3661  	}
  3662  	return p.b.Write(d)
  3663  }
  3664  
  3665  // CloseWithError causes the next Read (waking up a current blocked
  3666  // Read if needed) to return the provided err after all data has been
  3667  // read.
  3668  //
  3669  // The error must be non-nil.
  3670  func (p *http2pipe) CloseWithError(err error) { p.closeWithError(&p.err, err, nil) }
  3671  
  3672  // BreakWithError causes the next Read (waking up a current blocked
  3673  // Read if needed) to return the provided err immediately, without
  3674  // waiting for unread data.
  3675  func (p *http2pipe) BreakWithError(err error) { p.closeWithError(&p.breakErr, err, nil) }
  3676  
  3677  // closeWithErrorAndCode is like CloseWithError but also sets some code to run
  3678  // in the caller's goroutine before returning the error.
  3679  func (p *http2pipe) closeWithErrorAndCode(err error, fn func()) { p.closeWithError(&p.err, err, fn) }
  3680  
  3681  func (p *http2pipe) closeWithError(dst *error, err error, fn func()) {
  3682  	if err == nil {
  3683  		panic("err must be non-nil")
  3684  	}
  3685  	p.mu.Lock()
  3686  	defer p.mu.Unlock()
  3687  	if p.c.L == nil {
  3688  		p.c.L = &p.mu
  3689  	}
  3690  	defer p.c.Signal()
  3691  	if *dst != nil {
  3692  		// Already been done.
  3693  		return
  3694  	}
  3695  	p.readFn = fn
  3696  	if dst == &p.breakErr {
  3697  		p.b = nil
  3698  	}
  3699  	*dst = err
  3700  	p.closeDoneLocked()
  3701  }
  3702  
  3703  // requires p.mu be held.
  3704  func (p *http2pipe) closeDoneLocked() {
  3705  	if p.donec == nil {
  3706  		return
  3707  	}
  3708  	// Close if unclosed. This isn't racy since we always
  3709  	// hold p.mu while closing.
  3710  	select {
  3711  	case <-p.donec:
  3712  	default:
  3713  		close(p.donec)
  3714  	}
  3715  }
  3716  
  3717  // Err returns the error (if any) first set by BreakWithError or CloseWithError.
  3718  func (p *http2pipe) Err() error {
  3719  	p.mu.Lock()
  3720  	defer p.mu.Unlock()
  3721  	if p.breakErr != nil {
  3722  		return p.breakErr
  3723  	}
  3724  	return p.err
  3725  }
  3726  
  3727  // Done returns a channel which is closed if and when this pipe is closed
  3728  // with CloseWithError.
  3729  func (p *http2pipe) Done() <-chan struct{} {
  3730  	p.mu.Lock()
  3731  	defer p.mu.Unlock()
  3732  	if p.donec == nil {
  3733  		p.donec = make(chan struct{})
  3734  		if p.err != nil || p.breakErr != nil {
  3735  			// Already hit an error.
  3736  			p.closeDoneLocked()
  3737  		}
  3738  	}
  3739  	return p.donec
  3740  }
  3741  
  3742  const (
  3743  	http2prefaceTimeout        = 10 * time.Second
  3744  	http2firstSettingsTimeout  = 2 * time.Second // should be in-flight with preface anyway
  3745  	http2handlerChunkWriteSize = 4 << 10
  3746  	http2defaultMaxStreams     = 250 // TODO: make this 100 as the GFE seems to?
  3747  )
  3748  
  3749  var (
  3750  	http2errClientDisconnected = errors.New("client disconnected")
  3751  	http2errClosedBody         = errors.New("body closed by handler")
  3752  	http2errHandlerComplete    = errors.New("http2: request body closed due to handler exiting")
  3753  	http2errStreamClosed       = errors.New("http2: stream closed")
  3754  )
  3755  
  3756  var http2responseWriterStatePool = sync.Pool{
  3757  	New: func() interface{} {
  3758  		rws := &http2responseWriterState{}
  3759  		rws.bw = bufio.NewWriterSize(http2chunkWriter{rws}, http2handlerChunkWriteSize)
  3760  		return rws
  3761  	},
  3762  }
  3763  
  3764  // Test hooks.
  3765  var (
  3766  	http2testHookOnConn        func()
  3767  	http2testHookGetServerConn func(*http2serverConn)
  3768  	http2testHookOnPanicMu     *sync.Mutex // nil except in tests
  3769  	http2testHookOnPanic       func(sc *http2serverConn, panicVal interface{}) (rePanic bool)
  3770  )
  3771  
  3772  // Server is an HTTP/2 server.
  3773  type http2Server struct {
  3774  	// MaxHandlers limits the number of http.Handler ServeHTTP goroutines
  3775  	// which may run at a time over all connections.
  3776  	// Negative or zero no limit.
  3777  	// TODO: implement
  3778  	MaxHandlers int
  3779  
  3780  	// MaxConcurrentStreams optionally specifies the number of
  3781  	// concurrent streams that each client may have open at a
  3782  	// time. This is unrelated to the number of http.Handler goroutines
  3783  	// which may be active globally, which is MaxHandlers.
  3784  	// If zero, MaxConcurrentStreams defaults to at least 100, per
  3785  	// the HTTP/2 spec's recommendations.
  3786  	MaxConcurrentStreams uint32
  3787  
  3788  	// MaxReadFrameSize optionally specifies the largest frame
  3789  	// this server is willing to read. A valid value is between
  3790  	// 16k and 16M, inclusive. If zero or otherwise invalid, a
  3791  	// default value is used.
  3792  	MaxReadFrameSize uint32
  3793  
  3794  	// PermitProhibitedCipherSuites, if true, permits the use of
  3795  	// cipher suites prohibited by the HTTP/2 spec.
  3796  	PermitProhibitedCipherSuites bool
  3797  
  3798  	// IdleTimeout specifies how long until idle clients should be
  3799  	// closed with a GOAWAY frame. PING frames are not considered
  3800  	// activity for the purposes of IdleTimeout.
  3801  	IdleTimeout time.Duration
  3802  
  3803  	// MaxUploadBufferPerConnection is the size of the initial flow
  3804  	// control window for each connections. The HTTP/2 spec does not
  3805  	// allow this to be smaller than 65535 or larger than 2^32-1.
  3806  	// If the value is outside this range, a default value will be
  3807  	// used instead.
  3808  	MaxUploadBufferPerConnection int32
  3809  
  3810  	// MaxUploadBufferPerStream is the size of the initial flow control
  3811  	// window for each stream. The HTTP/2 spec does not allow this to
  3812  	// be larger than 2^32-1. If the value is zero or larger than the
  3813  	// maximum, a default value will be used instead.
  3814  	MaxUploadBufferPerStream int32
  3815  
  3816  	// NewWriteScheduler constructs a write scheduler for a connection.
  3817  	// If nil, a default scheduler is chosen.
  3818  	NewWriteScheduler func() http2WriteScheduler
  3819  
  3820  	// Internal state. This is a pointer (rather than embedded directly)
  3821  	// so that we don't embed a Mutex in this struct, which will make the
  3822  	// struct non-copyable, which might break some callers.
  3823  	state *http2serverInternalState
  3824  }
  3825  
  3826  func (s *http2Server) initialConnRecvWindowSize() int32 {
  3827  	if s.MaxUploadBufferPerConnection > http2initialWindowSize {
  3828  		return s.MaxUploadBufferPerConnection
  3829  	}
  3830  	return 1 << 20
  3831  }
  3832  
  3833  func (s *http2Server) initialStreamRecvWindowSize() int32 {
  3834  	if s.MaxUploadBufferPerStream > 0 {
  3835  		return s.MaxUploadBufferPerStream
  3836  	}
  3837  	return 1 << 20
  3838  }
  3839  
  3840  func (s *http2Server) maxReadFrameSize() uint32 {
  3841  	if v := s.MaxReadFrameSize; v >= http2minMaxFrameSize && v <= http2maxFrameSize {
  3842  		return v
  3843  	}
  3844  	return http2defaultMaxReadFrameSize
  3845  }
  3846  
  3847  func (s *http2Server) maxConcurrentStreams() uint32 {
  3848  	if v := s.MaxConcurrentStreams; v > 0 {
  3849  		return v
  3850  	}
  3851  	return http2defaultMaxStreams
  3852  }
  3853  
  3854  type http2serverInternalState struct {
  3855  	mu          sync.Mutex
  3856  	activeConns map[*http2serverConn]struct{}
  3857  }
  3858  
  3859  func (s *http2serverInternalState) registerConn(sc *http2serverConn) {
  3860  	if s == nil {
  3861  		return // if the Server was used without calling ConfigureServer
  3862  	}
  3863  	s.mu.Lock()
  3864  	s.activeConns[sc] = struct{}{}
  3865  	s.mu.Unlock()
  3866  }
  3867  
  3868  func (s *http2serverInternalState) unregisterConn(sc *http2serverConn) {
  3869  	if s == nil {
  3870  		return // if the Server was used without calling ConfigureServer
  3871  	}
  3872  	s.mu.Lock()
  3873  	delete(s.activeConns, sc)
  3874  	s.mu.Unlock()
  3875  }
  3876  
  3877  func (s *http2serverInternalState) startGracefulShutdown() {
  3878  	if s == nil {
  3879  		return // if the Server was used without calling ConfigureServer
  3880  	}
  3881  	s.mu.Lock()
  3882  	for sc := range s.activeConns {
  3883  		sc.startGracefulShutdown()
  3884  	}
  3885  	s.mu.Unlock()
  3886  }
  3887  
  3888  // ConfigureServer adds HTTP/2 support to a net/http Server.
  3889  //
  3890  // The configuration conf may be nil.
  3891  //
  3892  // ConfigureServer must be called before s begins serving.
  3893  func http2ConfigureServer(s *Server, conf *http2Server) error {
  3894  	if s == nil {
  3895  		panic("nil *http.Server")
  3896  	}
  3897  	if conf == nil {
  3898  		conf = new(http2Server)
  3899  	}
  3900  	conf.state = &http2serverInternalState{activeConns: make(map[*http2serverConn]struct{})}
  3901  	if err := http2configureServer18(s, conf); err != nil {
  3902  		return err
  3903  	}
  3904  	if err := http2configureServer19(s, conf); err != nil {
  3905  		return err
  3906  	}
  3907  
  3908  	if s.TLSConfig == nil {
  3909  		s.TLSConfig = new(tls.Config)
  3910  	} else if s.TLSConfig.CipherSuites != nil {
  3911  		// If they already provided a CipherSuite list, return
  3912  		// an error if it has a bad order or is missing
  3913  		// ECDHE_RSA_WITH_AES_128_GCM_SHA256 or ECDHE_ECDSA_WITH_AES_128_GCM_SHA256.
  3914  		haveRequired := false
  3915  		sawBad := false
  3916  		for i, cs := range s.TLSConfig.CipherSuites {
  3917  			switch cs {
  3918  			case tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
  3919  				// Alternative MTI cipher to not discourage ECDSA-only servers.
  3920  				// See http://golang.org/cl/30721 for further information.
  3921  				tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
  3922  				haveRequired = true
  3923  			}
  3924  			if http2isBadCipher(cs) {
  3925  				sawBad = true
  3926  			} else if sawBad {
  3927  				return fmt.Errorf("http2: TLSConfig.CipherSuites index %d contains an HTTP/2-approved cipher suite (%#04x), but it comes after unapproved cipher suites. With this configuration, clients that don't support previous, approved cipher suites may be given an unapproved one and reject the connection.", i, cs)
  3928  			}
  3929  		}
  3930  		if !haveRequired {
  3931  			return fmt.Errorf("http2: TLSConfig.CipherSuites is missing an HTTP/2-required AES_128_GCM_SHA256 cipher.")
  3932  		}
  3933  	}
  3934  
  3935  	// Note: not setting MinVersion to tls.VersionTLS12,
  3936  	// as we don't want to interfere with HTTP/1.1 traffic
  3937  	// on the user's server. We enforce TLS 1.2 later once
  3938  	// we accept a connection. Ideally this should be done
  3939  	// during next-proto selection, but using TLS <1.2 with
  3940  	// HTTP/2 is still the client's bug.
  3941  
  3942  	s.TLSConfig.PreferServerCipherSuites = true
  3943  
  3944  	haveNPN := false
  3945  	for _, p := range s.TLSConfig.NextProtos {
  3946  		if p == http2NextProtoTLS {
  3947  			haveNPN = true
  3948  			break
  3949  		}
  3950  	}
  3951  	if !haveNPN {
  3952  		s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, http2NextProtoTLS)
  3953  	}
  3954  
  3955  	if s.TLSNextProto == nil {
  3956  		s.TLSNextProto = map[string]func(*Server, *tls.Conn, Handler){}
  3957  	}
  3958  	protoHandler := func(hs *Server, c *tls.Conn, h Handler) {
  3959  		if http2testHookOnConn != nil {
  3960  			http2testHookOnConn()
  3961  		}
  3962  		conf.ServeConn(c, &http2ServeConnOpts{
  3963  			Handler:    h,
  3964  			BaseConfig: hs,
  3965  		})
  3966  	}
  3967  	s.TLSNextProto[http2NextProtoTLS] = protoHandler
  3968  	return nil
  3969  }
  3970  
  3971  // ServeConnOpts are options for the Server.ServeConn method.
  3972  type http2ServeConnOpts struct {
  3973  	// BaseConfig optionally sets the base configuration
  3974  	// for values. If nil, defaults are used.
  3975  	BaseConfig *Server
  3976  
  3977  	// Handler specifies which handler to use for processing
  3978  	// requests. If nil, BaseConfig.Handler is used. If BaseConfig
  3979  	// or BaseConfig.Handler is nil, http.DefaultServeMux is used.
  3980  	Handler Handler
  3981  }
  3982  
  3983  func (o *http2ServeConnOpts) baseConfig() *Server {
  3984  	if o != nil && o.BaseConfig != nil {
  3985  		return o.BaseConfig
  3986  	}
  3987  	return new(Server)
  3988  }
  3989  
  3990  func (o *http2ServeConnOpts) handler() Handler {
  3991  	if o != nil {
  3992  		if o.Handler != nil {
  3993  			return o.Handler
  3994  		}
  3995  		if o.BaseConfig != nil && o.BaseConfig.Handler != nil {
  3996  			return o.BaseConfig.Handler
  3997  		}
  3998  	}
  3999  	return DefaultServeMux
  4000  }
  4001  
  4002  // ServeConn serves HTTP/2 requests on the provided connection and
  4003  // blocks until the connection is no longer readable.
  4004  //
  4005  // ServeConn starts speaking HTTP/2 assuming that c has not had any
  4006  // reads or writes. It writes its initial settings frame and expects
  4007  // to be able to read the preface and settings frame from the
  4008  // client. If c has a ConnectionState method like a *tls.Conn, the
  4009  // ConnectionState is used to verify the TLS ciphersuite and to set
  4010  // the Request.TLS field in Handlers.
  4011  //
  4012  // ServeConn does not support h2c by itself. Any h2c support must be
  4013  // implemented in terms of providing a suitably-behaving net.Conn.
  4014  //
  4015  // The opts parameter is optional. If nil, default values are used.
  4016  func (s *http2Server) ServeConn(c net.Conn, opts *http2ServeConnOpts) {
  4017  	baseCtx, cancel := http2serverConnBaseContext(c, opts)
  4018  	defer cancel()
  4019  
  4020  	sc := &http2serverConn{
  4021  		srv:                         s,
  4022  		hs:                          opts.baseConfig(),
  4023  		conn:                        c,
  4024  		baseCtx:                     baseCtx,
  4025  		remoteAddrStr:               c.RemoteAddr().String(),
  4026  		bw:                          http2newBufferedWriter(c),
  4027  		handler:                     opts.handler(),
  4028  		streams:                     make(map[uint32]*http2stream),
  4029  		readFrameCh:                 make(chan http2readFrameResult),
  4030  		wantWriteFrameCh:            make(chan http2FrameWriteRequest, 8),
  4031  		serveMsgCh:                  make(chan interface{}, 8),
  4032  		wroteFrameCh:                make(chan http2frameWriteResult, 1), // buffered; one send in writeFrameAsync
  4033  		bodyReadCh:                  make(chan http2bodyReadMsg),         // buffering doesn't matter either way
  4034  		doneServing:                 make(chan struct{}),
  4035  		clientMaxStreams:            math.MaxUint32, // Section 6.5.2: "Initially, there is no limit to this value"
  4036  		advMaxStreams:               s.maxConcurrentStreams(),
  4037  		initialStreamSendWindowSize: http2initialWindowSize,
  4038  		maxFrameSize:                http2initialMaxFrameSize,
  4039  		headerTableSize:             http2initialHeaderTableSize,
  4040  		serveG:                      http2newGoroutineLock(),
  4041  		pushEnabled:                 true,
  4042  	}
  4043  
  4044  	s.state.registerConn(sc)
  4045  	defer s.state.unregisterConn(sc)
  4046  
  4047  	// The net/http package sets the write deadline from the
  4048  	// http.Server.WriteTimeout during the TLS handshake, but then
  4049  	// passes the connection off to us with the deadline already set.
  4050  	// Write deadlines are set per stream in serverConn.newStream.
  4051  	// Disarm the net.Conn write deadline here.
  4052  	if sc.hs.WriteTimeout != 0 {
  4053  		sc.conn.SetWriteDeadline(time.Time{})
  4054  	}
  4055  
  4056  	if s.NewWriteScheduler != nil {
  4057  		sc.writeSched = s.NewWriteScheduler()
  4058  	} else {
  4059  		sc.writeSched = http2NewRandomWriteScheduler()
  4060  	}
  4061  
  4062  	// These start at the RFC-specified defaults. If there is a higher
  4063  	// configured value for inflow, that will be updated when we send a
  4064  	// WINDOW_UPDATE shortly after sending SETTINGS.
  4065  	sc.flow.add(http2initialWindowSize)
  4066  	sc.inflow.add(http2initialWindowSize)
  4067  	sc.hpackEncoder = hpack.NewEncoder(&sc.headerWriteBuf)
  4068  
  4069  	fr := http2NewFramer(sc.bw, c)
  4070  	fr.ReadMetaHeaders = hpack.NewDecoder(http2initialHeaderTableSize, nil)
  4071  	fr.MaxHeaderListSize = sc.maxHeaderListSize()
  4072  	fr.SetMaxReadFrameSize(s.maxReadFrameSize())
  4073  	sc.framer = fr
  4074  
  4075  	if tc, ok := c.(http2connectionStater); ok {
  4076  		sc.tlsState = new(tls.ConnectionState)
  4077  		*sc.tlsState = tc.ConnectionState()
  4078  		// 9.2 Use of TLS Features
  4079  		// An implementation of HTTP/2 over TLS MUST use TLS
  4080  		// 1.2 or higher with the restrictions on feature set
  4081  		// and cipher suite described in this section. Due to
  4082  		// implementation limitations, it might not be
  4083  		// possible to fail TLS negotiation. An endpoint MUST
  4084  		// immediately terminate an HTTP/2 connection that
  4085  		// does not meet the TLS requirements described in
  4086  		// this section with a connection error (Section
  4087  		// 5.4.1) of type INADEQUATE_SECURITY.
  4088  		if sc.tlsState.Version < tls.VersionTLS12 {
  4089  			sc.rejectConn(http2ErrCodeInadequateSecurity, "TLS version too low")
  4090  			return
  4091  		}
  4092  
  4093  		if sc.tlsState.ServerName == "" {
  4094  			// Client must use SNI, but we don't enforce that anymore,
  4095  			// since it was causing problems when connecting to bare IP
  4096  			// addresses during development.
  4097  			//
  4098  			// TODO: optionally enforce? Or enforce at the time we receive
  4099  			// a new request, and verify the the ServerName matches the :authority?
  4100  			// But that precludes proxy situations, perhaps.
  4101  			//
  4102  			// So for now, do nothing here again.
  4103  		}
  4104  
  4105  		if !s.PermitProhibitedCipherSuites && http2isBadCipher(sc.tlsState.CipherSuite) {
  4106  			// "Endpoints MAY choose to generate a connection error
  4107  			// (Section 5.4.1) of type INADEQUATE_SECURITY if one of
  4108  			// the prohibited cipher suites are negotiated."
  4109  			//
  4110  			// We choose that. In my opinion, the spec is weak
  4111  			// here. It also says both parties must support at least
  4112  			// TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 so there's no
  4113  			// excuses here. If we really must, we could allow an
  4114  			// "AllowInsecureWeakCiphers" option on the server later.
  4115  			// Let's see how it plays out first.
  4116  			sc.rejectConn(http2ErrCodeInadequateSecurity, fmt.Sprintf("Prohibited TLS 1.2 Cipher Suite: %x", sc.tlsState.CipherSuite))
  4117  			return
  4118  		}
  4119  	}
  4120  
  4121  	if hook := http2testHookGetServerConn; hook != nil {
  4122  		hook(sc)
  4123  	}
  4124  	sc.serve()
  4125  }
  4126  
  4127  func (sc *http2serverConn) rejectConn(err http2ErrCode, debug string) {
  4128  	sc.vlogf("http2: server rejecting conn: %v, %s", err, debug)
  4129  	// ignoring errors. hanging up anyway.
  4130  	sc.framer.WriteGoAway(0, err, []byte(debug))
  4131  	sc.bw.Flush()
  4132  	sc.conn.Close()
  4133  }
  4134  
  4135  type http2serverConn struct {
  4136  	// Immutable:
  4137  	srv              *http2Server
  4138  	hs               *Server
  4139  	conn             net.Conn
  4140  	bw               *http2bufferedWriter // writing to conn
  4141  	handler          Handler
  4142  	baseCtx          http2contextContext
  4143  	framer           *http2Framer
  4144  	doneServing      chan struct{}               // closed when serverConn.serve ends
  4145  	readFrameCh      chan http2readFrameResult   // written by serverConn.readFrames
  4146  	wantWriteFrameCh chan http2FrameWriteRequest // from handlers -> serve
  4147  	wroteFrameCh     chan http2frameWriteResult  // from writeFrameAsync -> serve, tickles more frame writes
  4148  	bodyReadCh       chan http2bodyReadMsg       // from handlers -> serve
  4149  	serveMsgCh       chan interface{}            // misc messages & code to send to / run on the serve loop
  4150  	flow             http2flow                   // conn-wide (not stream-specific) outbound flow control
  4151  	inflow           http2flow                   // conn-wide inbound flow control
  4152  	tlsState         *tls.ConnectionState        // shared by all handlers, like net/http
  4153  	remoteAddrStr    string
  4154  	writeSched       http2WriteScheduler
  4155  
  4156  	// Everything following is owned by the serve loop; use serveG.check():
  4157  	serveG                      http2goroutineLock // used to verify funcs are on serve()
  4158  	pushEnabled                 bool
  4159  	sawFirstSettings            bool // got the initial SETTINGS frame after the preface
  4160  	needToSendSettingsAck       bool
  4161  	unackedSettings             int    // how many SETTINGS have we sent without ACKs?
  4162  	clientMaxStreams            uint32 // SETTINGS_MAX_CONCURRENT_STREAMS from client (our PUSH_PROMISE limit)
  4163  	advMaxStreams               uint32 // our SETTINGS_MAX_CONCURRENT_STREAMS advertised the client
  4164  	curClientStreams            uint32 // number of open streams initiated by the client
  4165  	curPushedStreams            uint32 // number of open streams initiated by server push
  4166  	maxClientStreamID           uint32 // max ever seen from client (odd), or 0 if there have been no client requests
  4167  	maxPushPromiseID            uint32 // ID of the last push promise (even), or 0 if there have been no pushes
  4168  	streams                     map[uint32]*http2stream
  4169  	initialStreamSendWindowSize int32
  4170  	maxFrameSize                int32
  4171  	headerTableSize             uint32
  4172  	peerMaxHeaderListSize       uint32            // zero means unknown (default)
  4173  	canonHeader                 map[string]string // http2-lower-case -> Go-Canonical-Case
  4174  	writingFrame                bool              // started writing a frame (on serve goroutine or separate)
  4175  	writingFrameAsync           bool              // started a frame on its own goroutine but haven't heard back on wroteFrameCh
  4176  	needsFrameFlush             bool              // last frame write wasn't a flush
  4177  	inGoAway                    bool              // we've started to or sent GOAWAY
  4178  	inFrameScheduleLoop         bool              // whether we're in the scheduleFrameWrite loop
  4179  	needToSendGoAway            bool              // we need to schedule a GOAWAY frame write
  4180  	goAwayCode                  http2ErrCode
  4181  	shutdownTimer               *time.Timer // nil until used
  4182  	idleTimer                   *time.Timer // nil if unused
  4183  
  4184  	// Owned by the writeFrameAsync goroutine:
  4185  	headerWriteBuf bytes.Buffer
  4186  	hpackEncoder   *hpack.Encoder
  4187  
  4188  	// Used by startGracefulShutdown.
  4189  	shutdownOnce sync.Once
  4190  }
  4191  
  4192  func (sc *http2serverConn) maxHeaderListSize() uint32 {
  4193  	n := sc.hs.MaxHeaderBytes
  4194  	if n <= 0 {
  4195  		n = DefaultMaxHeaderBytes
  4196  	}
  4197  	// http2's count is in a slightly different unit and includes 32 bytes per pair.
  4198  	// So, take the net/http.Server value and pad it up a bit, assuming 10 headers.
  4199  	const perFieldOverhead = 32 // per http2 spec
  4200  	const typicalHeaders = 10   // conservative
  4201  	return uint32(n + typicalHeaders*perFieldOverhead)
  4202  }
  4203  
  4204  func (sc *http2serverConn) curOpenStreams() uint32 {
  4205  	sc.serveG.check()
  4206  	return sc.curClientStreams + sc.curPushedStreams
  4207  }
  4208  
  4209  // stream represents a stream. This is the minimal metadata needed by
  4210  // the serve goroutine. Most of the actual stream state is owned by
  4211  // the http.Handler's goroutine in the responseWriter. Because the
  4212  // responseWriter's responseWriterState is recycled at the end of a
  4213  // handler, this struct intentionally has no pointer to the
  4214  // *responseWriter{,State} itself, as the Handler ending nils out the
  4215  // responseWriter's state field.
  4216  type http2stream struct {
  4217  	// immutable:
  4218  	sc        *http2serverConn
  4219  	id        uint32
  4220  	body      *http2pipe       // non-nil if expecting DATA frames
  4221  	cw        http2closeWaiter // closed wait stream transitions to closed state
  4222  	ctx       http2contextContext
  4223  	cancelCtx func()
  4224  
  4225  	// owned by serverConn's serve loop:
  4226  	bodyBytes        int64        // body bytes seen so far
  4227  	declBodyBytes    int64        // or -1 if undeclared
  4228  	flow             http2flow    // limits writing from Handler to client
  4229  	inflow           http2flow    // what the client is allowed to POST/etc to us
  4230  	parent           *http2stream // or nil
  4231  	numTrailerValues int64
  4232  	weight           uint8
  4233  	state            http2streamState
  4234  	resetQueued      bool        // RST_STREAM queued for write; set by sc.resetStream
  4235  	gotTrailerHeader bool        // HEADER frame for trailers was seen
  4236  	wroteHeaders     bool        // whether we wrote headers (not status 100)
  4237  	writeDeadline    *time.Timer // nil if unused
  4238  
  4239  	trailer    Header // accumulated trailers
  4240  	reqTrailer Header // handler's Request.Trailer
  4241  }
  4242  
  4243  func (sc *http2serverConn) Framer() *http2Framer { return sc.framer }
  4244  
  4245  func (sc *http2serverConn) CloseConn() error { return sc.conn.Close() }
  4246  
  4247  func (sc *http2serverConn) Flush() error { return sc.bw.Flush() }
  4248  
  4249  func (sc *http2serverConn) HeaderEncoder() (*hpack.Encoder, *bytes.Buffer) {
  4250  	return sc.hpackEncoder, &sc.headerWriteBuf
  4251  }
  4252  
  4253  func (sc *http2serverConn) state(streamID uint32) (http2streamState, *http2stream) {
  4254  	sc.serveG.check()
  4255  	// http://tools.ietf.org/html/rfc7540#section-5.1
  4256  	if st, ok := sc.streams[streamID]; ok {
  4257  		return st.state, st
  4258  	}
  4259  	// "The first use of a new stream identifier implicitly closes all
  4260  	// streams in the "idle" state that might have been initiated by
  4261  	// that peer with a lower-valued stream identifier. For example, if
  4262  	// a client sends a HEADERS frame on stream 7 without ever sending a
  4263  	// frame on stream 5, then stream 5 transitions to the "closed"
  4264  	// state when the first frame for stream 7 is sent or received."
  4265  	if streamID%2 == 1 {
  4266  		if streamID <= sc.maxClientStreamID {
  4267  			return http2stateClosed, nil
  4268  		}
  4269  	} else {
  4270  		if streamID <= sc.maxPushPromiseID {
  4271  			return http2stateClosed, nil
  4272  		}
  4273  	}
  4274  	return http2stateIdle, nil
  4275  }
  4276  
  4277  // setConnState calls the net/http ConnState hook for this connection, if configured.
  4278  // Note that the net/http package does StateNew and StateClosed for us.
  4279  // There is currently no plan for StateHijacked or hijacking HTTP/2 connections.
  4280  func (sc *http2serverConn) setConnState(state ConnState) {
  4281  	if sc.hs.ConnState != nil {
  4282  		sc.hs.ConnState(sc.conn, state)
  4283  	}
  4284  }
  4285  
  4286  func (sc *http2serverConn) vlogf(format string, args ...interface{}) {
  4287  	if http2VerboseLogs {
  4288  		sc.logf(format, args...)
  4289  	}
  4290  }
  4291  
  4292  func (sc *http2serverConn) logf(format string, args ...interface{}) {
  4293  	if lg := sc.hs.ErrorLog; lg != nil {
  4294  		lg.Printf(format, args...)
  4295  	} else {
  4296  		log.Printf(format, args...)
  4297  	}
  4298  }
  4299  
  4300  // errno returns v's underlying uintptr, else 0.
  4301  //
  4302  // TODO: remove this helper function once http2 can use build
  4303  // tags. See comment in isClosedConnError.
  4304  func http2errno(v error) uintptr {
  4305  	if rv := reflect.ValueOf(v); rv.Kind() == reflect.Uintptr {
  4306  		return uintptr(rv.Uint())
  4307  	}
  4308  	return 0
  4309  }
  4310  
  4311  // isClosedConnError reports whether err is an error from use of a closed
  4312  // network connection.
  4313  func http2isClosedConnError(err error) bool {
  4314  	if err == nil {
  4315  		return false
  4316  	}
  4317  
  4318  	// TODO: remove this string search and be more like the Windows
  4319  	// case below. That might involve modifying the standard library
  4320  	// to return better error types.
  4321  	str := err.Error()
  4322  	if strings.Contains(str, "use of closed network connection") {
  4323  		return true
  4324  	}
  4325  
  4326  	// TODO(bradfitz): x/tools/cmd/bundle doesn't really support
  4327  	// build tags, so I can't make an http2_windows.go file with
  4328  	// Windows-specific stuff. Fix that and move this, once we
  4329  	// have a way to bundle this into std's net/http somehow.
  4330  	if runtime.GOOS == "windows" {
  4331  		if oe, ok := err.(*net.OpError); ok && oe.Op == "read" {
  4332  			if se, ok := oe.Err.(*os.SyscallError); ok && se.Syscall == "wsarecv" {
  4333  				const WSAECONNABORTED = 10053
  4334  				const WSAECONNRESET = 10054
  4335  				if n := http2errno(se.Err); n == WSAECONNRESET || n == WSAECONNABORTED {
  4336  					return true
  4337  				}
  4338  			}
  4339  		}
  4340  	}
  4341  	return false
  4342  }
  4343  
  4344  func (sc *http2serverConn) condlogf(err error, format string, args ...interface{}) {
  4345  	if err == nil {
  4346  		return
  4347  	}
  4348  	if err == io.EOF || err == io.ErrUnexpectedEOF || http2isClosedConnError(err) || err == http2errPrefaceTimeout {
  4349  		// Boring, expected errors.
  4350  		sc.vlogf(format, args...)
  4351  	} else {
  4352  		sc.logf(format, args...)
  4353  	}
  4354  }
  4355  
  4356  func (sc *http2serverConn) canonicalHeader(v string) string {
  4357  	sc.serveG.check()
  4358  	cv, ok := http2commonCanonHeader[v]
  4359  	if ok {
  4360  		return cv
  4361  	}
  4362  	cv, ok = sc.canonHeader[v]
  4363  	if ok {
  4364  		return cv
  4365  	}
  4366  	if sc.canonHeader == nil {
  4367  		sc.canonHeader = make(map[string]string)
  4368  	}
  4369  	cv = CanonicalHeaderKey(v)
  4370  	sc.canonHeader[v] = cv
  4371  	return cv
  4372  }
  4373  
  4374  type http2readFrameResult struct {
  4375  	f   http2Frame // valid until readMore is called
  4376  	err error
  4377  
  4378  	// readMore should be called once the consumer no longer needs or
  4379  	// retains f. After readMore, f is invalid and more frames can be
  4380  	// read.
  4381  	readMore func()
  4382  }
  4383  
  4384  // readFrames is the loop that reads incoming frames.
  4385  // It takes care to only read one frame at a time, blocking until the
  4386  // consumer is done with the frame.
  4387  // It's run on its own goroutine.
  4388  func (sc *http2serverConn) readFrames() {
  4389  	gate := make(http2gate)
  4390  	gateDone := gate.Done
  4391  	for {
  4392  		f, err := sc.framer.ReadFrame()
  4393  		select {
  4394  		case sc.readFrameCh <- http2readFrameResult{f, err, gateDone}:
  4395  		case <-sc.doneServing:
  4396  			return
  4397  		}
  4398  		select {
  4399  		case <-gate:
  4400  		case <-sc.doneServing:
  4401  			return
  4402  		}
  4403  		if http2terminalReadFrameError(err) {
  4404  			return
  4405  		}
  4406  	}
  4407  }
  4408  
  4409  // frameWriteResult is the message passed from writeFrameAsync to the serve goroutine.
  4410  type http2frameWriteResult struct {
  4411  	wr  http2FrameWriteRequest // what was written (or attempted)
  4412  	err error                  // result of the writeFrame call
  4413  }
  4414  
  4415  // writeFrameAsync runs in its own goroutine and writes a single frame
  4416  // and then reports when it's done.
  4417  // At most one goroutine can be running writeFrameAsync at a time per
  4418  // serverConn.
  4419  func (sc *http2serverConn) writeFrameAsync(wr http2FrameWriteRequest) {
  4420  	err := wr.write.writeFrame(sc)
  4421  	sc.wroteFrameCh <- http2frameWriteResult{wr, err}
  4422  }
  4423  
  4424  func (sc *http2serverConn) closeAllStreamsOnConnClose() {
  4425  	sc.serveG.check()
  4426  	for _, st := range sc.streams {
  4427  		sc.closeStream(st, http2errClientDisconnected)
  4428  	}
  4429  }
  4430  
  4431  func (sc *http2serverConn) stopShutdownTimer() {
  4432  	sc.serveG.check()
  4433  	if t := sc.shutdownTimer; t != nil {
  4434  		t.Stop()
  4435  	}
  4436  }
  4437  
  4438  func (sc *http2serverConn) notePanic() {
  4439  	// Note: this is for serverConn.serve panicking, not http.Handler code.
  4440  	if http2testHookOnPanicMu != nil {
  4441  		http2testHookOnPanicMu.Lock()
  4442  		defer http2testHookOnPanicMu.Unlock()
  4443  	}
  4444  	if http2testHookOnPanic != nil {
  4445  		if e := recover(); e != nil {
  4446  			if http2testHookOnPanic(sc, e) {
  4447  				panic(e)
  4448  			}
  4449  		}
  4450  	}
  4451  }
  4452  
  4453  func (sc *http2serverConn) serve() {
  4454  	sc.serveG.check()
  4455  	defer sc.notePanic()
  4456  	defer sc.conn.Close()
  4457  	defer sc.closeAllStreamsOnConnClose()
  4458  	defer sc.stopShutdownTimer()
  4459  	defer close(sc.doneServing) // unblocks handlers trying to send
  4460  
  4461  	if http2VerboseLogs {
  4462  		sc.vlogf("http2: server connection from %v on %p", sc.conn.RemoteAddr(), sc.hs)
  4463  	}
  4464  
  4465  	sc.writeFrame(http2FrameWriteRequest{
  4466  		write: http2writeSettings{
  4467  			{http2SettingMaxFrameSize, sc.srv.maxReadFrameSize()},
  4468  			{http2SettingMaxConcurrentStreams, sc.advMaxStreams},
  4469  			{http2SettingMaxHeaderListSize, sc.maxHeaderListSize()},
  4470  			{http2SettingInitialWindowSize, uint32(sc.srv.initialStreamRecvWindowSize())},
  4471  		},
  4472  	})
  4473  	sc.unackedSettings++
  4474  
  4475  	// Each connection starts with intialWindowSize inflow tokens.
  4476  	// If a higher value is configured, we add more tokens.
  4477  	if diff := sc.srv.initialConnRecvWindowSize() - http2initialWindowSize; diff > 0 {
  4478  		sc.sendWindowUpdate(nil, int(diff))
  4479  	}
  4480  
  4481  	if err := sc.readPreface(); err != nil {
  4482  		sc.condlogf(err, "http2: server: error reading preface from client %v: %v", sc.conn.RemoteAddr(), err)
  4483  		return
  4484  	}
  4485  	// Now that we've got the preface, get us out of the
  4486  	// "StateNew" state. We can't go directly to idle, though.
  4487  	// Active means we read some data and anticipate a request. We'll
  4488  	// do another Active when we get a HEADERS frame.
  4489  	sc.setConnState(StateActive)
  4490  	sc.setConnState(StateIdle)
  4491  
  4492  	if sc.srv.IdleTimeout != 0 {
  4493  		sc.idleTimer = time.AfterFunc(sc.srv.IdleTimeout, sc.onIdleTimer)
  4494  		defer sc.idleTimer.Stop()
  4495  	}
  4496  
  4497  	go sc.readFrames() // closed by defer sc.conn.Close above
  4498  
  4499  	settingsTimer := time.AfterFunc(http2firstSettingsTimeout, sc.onSettingsTimer)
  4500  	defer settingsTimer.Stop()
  4501  
  4502  	loopNum := 0
  4503  	for {
  4504  		loopNum++
  4505  		select {
  4506  		case wr := <-sc.wantWriteFrameCh:
  4507  			if se, ok := wr.write.(http2StreamError); ok {
  4508  				sc.resetStream(se)
  4509  				break
  4510  			}
  4511  			sc.writeFrame(wr)
  4512  		case res := <-sc.wroteFrameCh:
  4513  			sc.wroteFrame(res)
  4514  		case res := <-sc.readFrameCh:
  4515  			if !sc.processFrameFromReader(res) {
  4516  				return
  4517  			}
  4518  			res.readMore()
  4519  			if settingsTimer != nil {
  4520  				settingsTimer.Stop()
  4521  				settingsTimer = nil
  4522  			}
  4523  		case m := <-sc.bodyReadCh:
  4524  			sc.noteBodyRead(m.st, m.n)
  4525  		case msg := <-sc.serveMsgCh:
  4526  			switch v := msg.(type) {
  4527  			case func(int):
  4528  				v(loopNum) // for testing
  4529  			case *http2serverMessage:
  4530  				switch v {
  4531  				case http2settingsTimerMsg:
  4532  					sc.logf("timeout waiting for SETTINGS frames from %v", sc.conn.RemoteAddr())
  4533  					return
  4534  				case http2idleTimerMsg:
  4535  					sc.vlogf("connection is idle")
  4536  					sc.goAway(http2ErrCodeNo)
  4537  				case http2shutdownTimerMsg:
  4538  					sc.vlogf("GOAWAY close timer fired; closing conn from %v", sc.conn.RemoteAddr())
  4539  					return
  4540  				case http2gracefulShutdownMsg:
  4541  					sc.startGracefulShutdownInternal()
  4542  				default:
  4543  					panic("unknown timer")
  4544  				}
  4545  			case *http2startPushRequest:
  4546  				sc.startPush(v)
  4547  			default:
  4548  				panic(fmt.Sprintf("unexpected type %T", v))
  4549  			}
  4550  		}
  4551  
  4552  		// Start the shutdown timer after sending a GOAWAY. When sending GOAWAY
  4553  		// with no error code (graceful shutdown), don't start the timer until
  4554  		// all open streams have been completed.
  4555  		sentGoAway := sc.inGoAway && !sc.needToSendGoAway && !sc.writingFrame
  4556  		gracefulShutdownComplete := sc.goAwayCode == http2ErrCodeNo && sc.curOpenStreams() == 0
  4557  		if sentGoAway && sc.shutdownTimer == nil && (sc.goAwayCode != http2ErrCodeNo || gracefulShutdownComplete) {
  4558  			sc.shutDownIn(http2goAwayTimeout)
  4559  		}
  4560  	}
  4561  }
  4562  
  4563  func (sc *http2serverConn) awaitGracefulShutdown(sharedCh <-chan struct{}, privateCh chan struct{}) {
  4564  	select {
  4565  	case <-sc.doneServing:
  4566  	case <-sharedCh:
  4567  		close(privateCh)
  4568  	}
  4569  }
  4570  
  4571  type http2serverMessage int
  4572  
  4573  // Message values sent to serveMsgCh.
  4574  var (
  4575  	http2settingsTimerMsg    = new(http2serverMessage)
  4576  	http2idleTimerMsg        = new(http2serverMessage)
  4577  	http2shutdownTimerMsg    = new(http2serverMessage)
  4578  	http2gracefulShutdownMsg = new(http2serverMessage)
  4579  )
  4580  
  4581  func (sc *http2serverConn) onSettingsTimer() { sc.sendServeMsg(http2settingsTimerMsg) }
  4582  
  4583  func (sc *http2serverConn) onIdleTimer() { sc.sendServeMsg(http2idleTimerMsg) }
  4584  
  4585  func (sc *http2serverConn) onShutdownTimer() { sc.sendServeMsg(http2shutdownTimerMsg) }
  4586  
  4587  func (sc *http2serverConn) sendServeMsg(msg interface{}) {
  4588  	sc.serveG.checkNotOn() // NOT
  4589  	select {
  4590  	case sc.serveMsgCh <- msg:
  4591  	case <-sc.doneServing:
  4592  	}
  4593  }
  4594  
  4595  var http2errPrefaceTimeout = errors.New("timeout waiting for client preface")
  4596  
  4597  // readPreface reads the ClientPreface greeting from the peer or
  4598  // returns errPrefaceTimeout on timeout, or an error if the greeting
  4599  // is invalid.
  4600  func (sc *http2serverConn) readPreface() error {
  4601  	errc := make(chan error, 1)
  4602  	go func() {
  4603  		// Read the client preface
  4604  		buf := make([]byte, len(http2ClientPreface))
  4605  		if _, err := io.ReadFull(sc.conn, buf); err != nil {
  4606  			errc <- err
  4607  		} else if !bytes.Equal(buf, http2clientPreface) {
  4608  			errc <- fmt.Errorf("bogus greeting %q", buf)
  4609  		} else {
  4610  			errc <- nil
  4611  		}
  4612  	}()
  4613  	timer := time.NewTimer(http2prefaceTimeout) // TODO: configurable on *Server?
  4614  	defer timer.Stop()
  4615  	select {
  4616  	case <-timer.C:
  4617  		return http2errPrefaceTimeout
  4618  	case err := <-errc:
  4619  		if err == nil {
  4620  			if http2VerboseLogs {
  4621  				sc.vlogf("http2: server: client %v said hello", sc.conn.RemoteAddr())
  4622  			}
  4623  		}
  4624  		return err
  4625  	}
  4626  }
  4627  
  4628  var http2errChanPool = sync.Pool{
  4629  	New: func() interface{} { return make(chan error, 1) },
  4630  }
  4631  
  4632  var http2writeDataPool = sync.Pool{
  4633  	New: func() interface{} { return new(http2writeData) },
  4634  }
  4635  
  4636  // writeDataFromHandler writes DATA response frames from a handler on
  4637  // the given stream.
  4638  func (sc *http2serverConn) writeDataFromHandler(stream *http2stream, data []byte, endStream bool) error {
  4639  	ch := http2errChanPool.Get().(chan error)
  4640  	writeArg := http2writeDataPool.Get().(*http2writeData)
  4641  	*writeArg = http2writeData{stream.id, data, endStream}
  4642  	err := sc.writeFrameFromHandler(http2FrameWriteRequest{
  4643  		write:  writeArg,
  4644  		stream: stream,
  4645  		done:   ch,
  4646  	})
  4647  	if err != nil {
  4648  		return err
  4649  	}
  4650  	var frameWriteDone bool // the frame write is done (successfully or not)
  4651  	select {
  4652  	case err = <-ch:
  4653  		frameWriteDone = true
  4654  	case <-sc.doneServing:
  4655  		return http2errClientDisconnected
  4656  	case <-stream.cw:
  4657  		// If both ch and stream.cw were ready (as might
  4658  		// happen on the final Write after an http.Handler
  4659  		// ends), prefer the write result. Otherwise this
  4660  		// might just be us successfully closing the stream.
  4661  		// The writeFrameAsync and serve goroutines guarantee
  4662  		// that the ch send will happen before the stream.cw
  4663  		// close.
  4664  		select {
  4665  		case err = <-ch:
  4666  			frameWriteDone = true
  4667  		default:
  4668  			return http2errStreamClosed
  4669  		}
  4670  	}
  4671  	http2errChanPool.Put(ch)
  4672  	if frameWriteDone {
  4673  		http2writeDataPool.Put(writeArg)
  4674  	}
  4675  	return err
  4676  }
  4677  
  4678  // writeFrameFromHandler sends wr to sc.wantWriteFrameCh, but aborts
  4679  // if the connection has gone away.
  4680  //
  4681  // This must not be run from the serve goroutine itself, else it might
  4682  // deadlock writing to sc.wantWriteFrameCh (which is only mildly
  4683  // buffered and is read by serve itself). If you're on the serve
  4684  // goroutine, call writeFrame instead.
  4685  func (sc *http2serverConn) writeFrameFromHandler(wr http2FrameWriteRequest) error {
  4686  	sc.serveG.checkNotOn() // NOT
  4687  	select {
  4688  	case sc.wantWriteFrameCh <- wr:
  4689  		return nil
  4690  	case <-sc.doneServing:
  4691  		// Serve loop is gone.
  4692  		// Client has closed their connection to the server.
  4693  		return http2errClientDisconnected
  4694  	}
  4695  }
  4696  
  4697  // writeFrame schedules a frame to write and sends it if there's nothing
  4698  // already being written.
  4699  //
  4700  // There is no pushback here (the serve goroutine never blocks). It's
  4701  // the http.Handlers that block, waiting for their previous frames to
  4702  // make it onto the wire
  4703  //
  4704  // If you're not on the serve goroutine, use writeFrameFromHandler instead.
  4705  func (sc *http2serverConn) writeFrame(wr http2FrameWriteRequest) {
  4706  	sc.serveG.check()
  4707  
  4708  	// If true, wr will not be written and wr.done will not be signaled.
  4709  	var ignoreWrite bool
  4710  
  4711  	// We are not allowed to write frames on closed streams. RFC 7540 Section
  4712  	// 5.1.1 says: "An endpoint MUST NOT send frames other than PRIORITY on
  4713  	// a closed stream." Our server never sends PRIORITY, so that exception
  4714  	// does not apply.
  4715  	//
  4716  	// The serverConn might close an open stream while the stream's handler
  4717  	// is still running. For example, the server might close a stream when it
  4718  	// receives bad data from the client. If this happens, the handler might
  4719  	// attempt to write a frame after the stream has been closed (since the
  4720  	// handler hasn't yet been notified of the close). In this case, we simply
  4721  	// ignore the frame. The handler will notice that the stream is closed when
  4722  	// it waits for the frame to be written.
  4723  	//
  4724  	// As an exception to this rule, we allow sending RST_STREAM after close.
  4725  	// This allows us to immediately reject new streams without tracking any
  4726  	// state for those streams (except for the queued RST_STREAM frame). This
  4727  	// may result in duplicate RST_STREAMs in some cases, but the client should
  4728  	// ignore those.
  4729  	if wr.StreamID() != 0 {
  4730  		_, isReset := wr.write.(http2StreamError)
  4731  		if state, _ := sc.state(wr.StreamID()); state == http2stateClosed && !isReset {
  4732  			ignoreWrite = true
  4733  		}
  4734  	}
  4735  
  4736  	// Don't send a 100-continue response if we've already sent headers.
  4737  	// See golang.org/issue/14030.
  4738  	switch wr.write.(type) {
  4739  	case *http2writeResHeaders:
  4740  		wr.stream.wroteHeaders = true
  4741  	case http2write100ContinueHeadersFrame:
  4742  		if wr.stream.wroteHeaders {
  4743  			// We do not need to notify wr.done because this frame is
  4744  			// never written with wr.done != nil.
  4745  			if wr.done != nil {
  4746  				panic("wr.done != nil for write100ContinueHeadersFrame")
  4747  			}
  4748  			ignoreWrite = true
  4749  		}
  4750  	}
  4751  
  4752  	if !ignoreWrite {
  4753  		sc.writeSched.Push(wr)
  4754  	}
  4755  	sc.scheduleFrameWrite()
  4756  }
  4757  
  4758  // startFrameWrite starts a goroutine to write wr (in a separate
  4759  // goroutine since that might block on the network), and updates the
  4760  // serve goroutine's state about the world, updated from info in wr.
  4761  func (sc *http2serverConn) startFrameWrite(wr http2FrameWriteRequest) {
  4762  	sc.serveG.check()
  4763  	if sc.writingFrame {
  4764  		panic("internal error: can only be writing one frame at a time")
  4765  	}
  4766  
  4767  	st := wr.stream
  4768  	if st != nil {
  4769  		switch st.state {
  4770  		case http2stateHalfClosedLocal:
  4771  			switch wr.write.(type) {
  4772  			case http2StreamError, http2handlerPanicRST, http2writeWindowUpdate:
  4773  				// RFC 7540 Section 5.1 allows sending RST_STREAM, PRIORITY, and WINDOW_UPDATE
  4774  				// in this state. (We never send PRIORITY from the server, so that is not checked.)
  4775  			default:
  4776  				panic(fmt.Sprintf("internal error: attempt to send frame on a half-closed-local stream: %v", wr))
  4777  			}
  4778  		case http2stateClosed:
  4779  			panic(fmt.Sprintf("internal error: attempt to send frame on a closed stream: %v", wr))
  4780  		}
  4781  	}
  4782  	if wpp, ok := wr.write.(*http2writePushPromise); ok {
  4783  		var err error
  4784  		wpp.promisedID, err = wpp.allocatePromisedID()
  4785  		if err != nil {
  4786  			sc.writingFrameAsync = false
  4787  			wr.replyToWriter(err)
  4788  			return
  4789  		}
  4790  	}
  4791  
  4792  	sc.writingFrame = true
  4793  	sc.needsFrameFlush = true
  4794  	if wr.write.staysWithinBuffer(sc.bw.Available()) {
  4795  		sc.writingFrameAsync = false
  4796  		err := wr.write.writeFrame(sc)
  4797  		sc.wroteFrame(http2frameWriteResult{wr, err})
  4798  	} else {
  4799  		sc.writingFrameAsync = true
  4800  		go sc.writeFrameAsync(wr)
  4801  	}
  4802  }
  4803  
  4804  // errHandlerPanicked is the error given to any callers blocked in a read from
  4805  // Request.Body when the main goroutine panics. Since most handlers read in the
  4806  // the main ServeHTTP goroutine, this will show up rarely.
  4807  var http2errHandlerPanicked = errors.New("http2: handler panicked")
  4808  
  4809  // wroteFrame is called on the serve goroutine with the result of
  4810  // whatever happened on writeFrameAsync.
  4811  func (sc *http2serverConn) wroteFrame(res http2frameWriteResult) {
  4812  	sc.serveG.check()
  4813  	if !sc.writingFrame {
  4814  		panic("internal error: expected to be already writing a frame")
  4815  	}
  4816  	sc.writingFrame = false
  4817  	sc.writingFrameAsync = false
  4818  
  4819  	wr := res.wr
  4820  
  4821  	if http2writeEndsStream(wr.write) {
  4822  		st := wr.stream
  4823  		if st == nil {
  4824  			panic("internal error: expecting non-nil stream")
  4825  		}
  4826  		switch st.state {
  4827  		case http2stateOpen:
  4828  			// Here we would go to stateHalfClosedLocal in
  4829  			// theory, but since our handler is done and
  4830  			// the net/http package provides no mechanism
  4831  			// for closing a ResponseWriter while still
  4832  			// reading data (see possible TODO at top of
  4833  			// this file), we go into closed state here
  4834  			// anyway, after telling the peer we're
  4835  			// hanging up on them. We'll transition to
  4836  			// stateClosed after the RST_STREAM frame is
  4837  			// written.
  4838  			st.state = http2stateHalfClosedLocal
  4839  			// Section 8.1: a server MAY request that the client abort
  4840  			// transmission of a request without error by sending a
  4841  			// RST_STREAM with an error code of NO_ERROR after sending
  4842  			// a complete response.
  4843  			sc.resetStream(http2streamError(st.id, http2ErrCodeNo))
  4844  		case http2stateHalfClosedRemote:
  4845  			sc.closeStream(st, http2errHandlerComplete)
  4846  		}
  4847  	} else {
  4848  		switch v := wr.write.(type) {
  4849  		case http2StreamError:
  4850  			// st may be unknown if the RST_STREAM was generated to reject bad input.
  4851  			if st, ok := sc.streams[v.StreamID]; ok {
  4852  				sc.closeStream(st, v)
  4853  			}
  4854  		case http2handlerPanicRST:
  4855  			sc.closeStream(wr.stream, http2errHandlerPanicked)
  4856  		}
  4857  	}
  4858  
  4859  	// Reply (if requested) to unblock the ServeHTTP goroutine.
  4860  	wr.replyToWriter(res.err)
  4861  
  4862  	sc.scheduleFrameWrite()
  4863  }
  4864  
  4865  // scheduleFrameWrite tickles the frame writing scheduler.
  4866  //
  4867  // If a frame is already being written, nothing happens. This will be called again
  4868  // when the frame is done being written.
  4869  //
  4870  // If a frame isn't being written we need to send one, the best frame
  4871  // to send is selected, preferring first things that aren't
  4872  // stream-specific (e.g. ACKing settings), and then finding the
  4873  // highest priority stream.
  4874  //
  4875  // If a frame isn't being written and there's nothing else to send, we
  4876  // flush the write buffer.
  4877  func (sc *http2serverConn) scheduleFrameWrite() {
  4878  	sc.serveG.check()
  4879  	if sc.writingFrame || sc.inFrameScheduleLoop {
  4880  		return
  4881  	}
  4882  	sc.inFrameScheduleLoop = true
  4883  	for !sc.writingFrameAsync {
  4884  		if sc.needToSendGoAway {
  4885  			sc.needToSendGoAway = false
  4886  			sc.startFrameWrite(http2FrameWriteRequest{
  4887  				write: &http2writeGoAway{
  4888  					maxStreamID: sc.maxClientStreamID,
  4889  					code:        sc.goAwayCode,
  4890  				},
  4891  			})
  4892  			continue
  4893  		}
  4894  		if sc.needToSendSettingsAck {
  4895  			sc.needToSendSettingsAck = false
  4896  			sc.startFrameWrite(http2FrameWriteRequest{write: http2writeSettingsAck{}})
  4897  			continue
  4898  		}
  4899  		if !sc.inGoAway || sc.goAwayCode == http2ErrCodeNo {
  4900  			if wr, ok := sc.writeSched.Pop(); ok {
  4901  				sc.startFrameWrite(wr)
  4902  				continue
  4903  			}
  4904  		}
  4905  		if sc.needsFrameFlush {
  4906  			sc.startFrameWrite(http2FrameWriteRequest{write: http2flushFrameWriter{}})
  4907  			sc.needsFrameFlush = false // after startFrameWrite, since it sets this true
  4908  			continue
  4909  		}
  4910  		break
  4911  	}
  4912  	sc.inFrameScheduleLoop = false
  4913  }
  4914  
  4915  // startGracefulShutdown gracefully shuts down a connection. This
  4916  // sends GOAWAY with ErrCodeNo to tell the client we're gracefully
  4917  // shutting down. The connection isn't closed until all current
  4918  // streams are done.
  4919  //
  4920  // startGracefulShutdown returns immediately; it does not wait until
  4921  // the connection has shut down.
  4922  func (sc *http2serverConn) startGracefulShutdown() {
  4923  	sc.serveG.checkNotOn() // NOT
  4924  	sc.shutdownOnce.Do(func() { sc.sendServeMsg(http2gracefulShutdownMsg) })
  4925  }
  4926  
  4927  // After sending GOAWAY, the connection will close after goAwayTimeout.
  4928  // If we close the connection immediately after sending GOAWAY, there may
  4929  // be unsent data in our kernel receive buffer, which will cause the kernel
  4930  // to send a TCP RST on close() instead of a FIN. This RST will abort the
  4931  // connection immediately, whether or not the client had received the GOAWAY.
  4932  //
  4933  // Ideally we should delay for at least 1 RTT + epsilon so the client has
  4934  // a chance to read the GOAWAY and stop sending messages. Measuring RTT
  4935  // is hard, so we approximate with 1 second. See golang.org/issue/18701.
  4936  //
  4937  // This is a var so it can be shorter in tests, where all requests uses the
  4938  // loopback interface making the expected RTT very small.
  4939  //
  4940  // TODO: configurable?
  4941  var http2goAwayTimeout = 1 * time.Second
  4942  
  4943  func (sc *http2serverConn) startGracefulShutdownInternal() {
  4944  	sc.goAway(http2ErrCodeNo)
  4945  }
  4946  
  4947  func (sc *http2serverConn) goAway(code http2ErrCode) {
  4948  	sc.serveG.check()
  4949  	if sc.inGoAway {
  4950  		return
  4951  	}
  4952  	sc.inGoAway = true
  4953  	sc.needToSendGoAway = true
  4954  	sc.goAwayCode = code
  4955  	sc.scheduleFrameWrite()
  4956  }
  4957  
  4958  func (sc *http2serverConn) shutDownIn(d time.Duration) {
  4959  	sc.serveG.check()
  4960  	sc.shutdownTimer = time.AfterFunc(d, sc.onShutdownTimer)
  4961  }
  4962  
  4963  func (sc *http2serverConn) resetStream(se http2StreamError) {
  4964  	sc.serveG.check()
  4965  	sc.writeFrame(http2FrameWriteRequest{write: se})
  4966  	if st, ok := sc.streams[se.StreamID]; ok {
  4967  		st.resetQueued = true
  4968  	}
  4969  }
  4970  
  4971  // processFrameFromReader processes the serve loop's read from readFrameCh from the
  4972  // frame-reading goroutine.
  4973  // processFrameFromReader returns whether the connection should be kept open.
  4974  func (sc *http2serverConn) processFrameFromReader(res http2readFrameResult) bool {
  4975  	sc.serveG.check()
  4976  	err := res.err
  4977  	if err != nil {
  4978  		if err == http2ErrFrameTooLarge {
  4979  			sc.goAway(http2ErrCodeFrameSize)
  4980  			return true // goAway will close the loop
  4981  		}
  4982  		clientGone := err == io.EOF || err == io.ErrUnexpectedEOF || http2isClosedConnError(err)
  4983  		if clientGone {
  4984  			// TODO: could we also get into this state if
  4985  			// the peer does a half close
  4986  			// (e.g. CloseWrite) because they're done
  4987  			// sending frames but they're still wanting
  4988  			// our open replies?  Investigate.
  4989  			// TODO: add CloseWrite to crypto/tls.Conn first
  4990  			// so we have a way to test this? I suppose
  4991  			// just for testing we could have a non-TLS mode.
  4992  			return false
  4993  		}
  4994  	} else {
  4995  		f := res.f
  4996  		if http2VerboseLogs {
  4997  			sc.vlogf("http2: server read frame %v", http2summarizeFrame(f))
  4998  		}
  4999  		err = sc.processFrame(f)
  5000  		if err == nil {
  5001  			return true
  5002  		}
  5003  	}
  5004  
  5005  	switch ev := err.(type) {
  5006  	case http2StreamError:
  5007  		sc.resetStream(ev)
  5008  		return true
  5009  	case http2goAwayFlowError:
  5010  		sc.goAway(http2ErrCodeFlowControl)
  5011  		return true
  5012  	case http2ConnectionError:
  5013  		sc.logf("http2: server connection error from %v: %v", sc.conn.RemoteAddr(), ev)
  5014  		sc.goAway(http2ErrCode(ev))
  5015  		return true // goAway will handle shutdown
  5016  	default:
  5017  		if res.err != nil {
  5018  			sc.vlogf("http2: server closing client connection; error reading frame from client %s: %v", sc.conn.RemoteAddr(), err)
  5019  		} else {
  5020  			sc.logf("http2: server closing client connection: %v", err)
  5021  		}
  5022  		return false
  5023  	}
  5024  }
  5025  
  5026  func (sc *http2serverConn) processFrame(f http2Frame) error {
  5027  	sc.serveG.check()
  5028  
  5029  	// First frame received must be SETTINGS.
  5030  	if !sc.sawFirstSettings {
  5031  		if _, ok := f.(*http2SettingsFrame); !ok {
  5032  			return http2ConnectionError(http2ErrCodeProtocol)
  5033  		}
  5034  		sc.sawFirstSettings = true
  5035  	}
  5036  
  5037  	switch f := f.(type) {
  5038  	case *http2SettingsFrame:
  5039  		return sc.processSettings(f)
  5040  	case *http2MetaHeadersFrame:
  5041  		return sc.processHeaders(f)
  5042  	case *http2WindowUpdateFrame:
  5043  		return sc.processWindowUpdate(f)
  5044  	case *http2PingFrame:
  5045  		return sc.processPing(f)
  5046  	case *http2DataFrame:
  5047  		return sc.processData(f)
  5048  	case *http2RSTStreamFrame:
  5049  		return sc.processResetStream(f)
  5050  	case *http2PriorityFrame:
  5051  		return sc.processPriority(f)
  5052  	case *http2GoAwayFrame:
  5053  		return sc.processGoAway(f)
  5054  	case *http2PushPromiseFrame:
  5055  		// A client cannot push. Thus, servers MUST treat the receipt of a PUSH_PROMISE
  5056  		// frame as a connection error (Section 5.4.1) of type PROTOCOL_ERROR.
  5057  		return http2ConnectionError(http2ErrCodeProtocol)
  5058  	default:
  5059  		sc.vlogf("http2: server ignoring frame: %v", f.Header())
  5060  		return nil
  5061  	}
  5062  }
  5063  
  5064  func (sc *http2serverConn) processPing(f *http2PingFrame) error {
  5065  	sc.serveG.check()
  5066  	if f.IsAck() {
  5067  		// 6.7 PING: " An endpoint MUST NOT respond to PING frames
  5068  		// containing this flag."
  5069  		return nil
  5070  	}
  5071  	if f.StreamID != 0 {
  5072  		// "PING frames are not associated with any individual
  5073  		// stream. If a PING frame is received with a stream
  5074  		// identifier field value other than 0x0, the recipient MUST
  5075  		// respond with a connection error (Section 5.4.1) of type
  5076  		// PROTOCOL_ERROR."
  5077  		return http2ConnectionError(http2ErrCodeProtocol)
  5078  	}
  5079  	if sc.inGoAway && sc.goAwayCode != http2ErrCodeNo {
  5080  		return nil
  5081  	}
  5082  	sc.writeFrame(http2FrameWriteRequest{write: http2writePingAck{f}})
  5083  	return nil
  5084  }
  5085  
  5086  func (sc *http2serverConn) processWindowUpdate(f *http2WindowUpdateFrame) error {
  5087  	sc.serveG.check()
  5088  	switch {
  5089  	case f.StreamID != 0: // stream-level flow control
  5090  		state, st := sc.state(f.StreamID)
  5091  		if state == http2stateIdle {
  5092  			// Section 5.1: "Receiving any frame other than HEADERS
  5093  			// or PRIORITY on a stream in this state MUST be
  5094  			// treated as a connection error (Section 5.4.1) of
  5095  			// type PROTOCOL_ERROR."
  5096  			return http2ConnectionError(http2ErrCodeProtocol)
  5097  		}
  5098  		if st == nil {
  5099  			// "WINDOW_UPDATE can be sent by a peer that has sent a
  5100  			// frame bearing the END_STREAM flag. This means that a
  5101  			// receiver could receive a WINDOW_UPDATE frame on a "half
  5102  			// closed (remote)" or "closed" stream. A receiver MUST
  5103  			// NOT treat this as an error, see Section 5.1."
  5104  			return nil
  5105  		}
  5106  		if !st.flow.add(int32(f.Increment)) {
  5107  			return http2streamError(f.StreamID, http2ErrCodeFlowControl)
  5108  		}
  5109  	default: // connection-level flow control
  5110  		if !sc.flow.add(int32(f.Increment)) {
  5111  			return http2goAwayFlowError{}
  5112  		}
  5113  	}
  5114  	sc.scheduleFrameWrite()
  5115  	return nil
  5116  }
  5117  
  5118  func (sc *http2serverConn) processResetStream(f *http2RSTStreamFrame) error {
  5119  	sc.serveG.check()
  5120  
  5121  	state, st := sc.state(f.StreamID)
  5122  	if state == http2stateIdle {
  5123  		// 6.4 "RST_STREAM frames MUST NOT be sent for a
  5124  		// stream in the "idle" state. If a RST_STREAM frame
  5125  		// identifying an idle stream is received, the
  5126  		// recipient MUST treat this as a connection error
  5127  		// (Section 5.4.1) of type PROTOCOL_ERROR.
  5128  		return http2ConnectionError(http2ErrCodeProtocol)
  5129  	}
  5130  	if st != nil {
  5131  		st.cancelCtx()
  5132  		sc.closeStream(st, http2streamError(f.StreamID, f.ErrCode))
  5133  	}
  5134  	return nil
  5135  }
  5136  
  5137  func (sc *http2serverConn) closeStream(st *http2stream, err error) {
  5138  	sc.serveG.check()
  5139  	if st.state == http2stateIdle || st.state == http2stateClosed {
  5140  		panic(fmt.Sprintf("invariant; can't close stream in state %v", st.state))
  5141  	}
  5142  	st.state = http2stateClosed
  5143  	if st.writeDeadline != nil {
  5144  		st.writeDeadline.Stop()
  5145  	}
  5146  	if st.isPushed() {
  5147  		sc.curPushedStreams--
  5148  	} else {
  5149  		sc.curClientStreams--
  5150  	}
  5151  	delete(sc.streams, st.id)
  5152  	if len(sc.streams) == 0 {
  5153  		sc.setConnState(StateIdle)
  5154  		if sc.srv.IdleTimeout != 0 {
  5155  			sc.idleTimer.Reset(sc.srv.IdleTimeout)
  5156  		}
  5157  		if http2h1ServerKeepAlivesDisabled(sc.hs) {
  5158  			sc.startGracefulShutdownInternal()
  5159  		}
  5160  	}
  5161  	if p := st.body; p != nil {
  5162  		// Return any buffered unread bytes worth of conn-level flow control.
  5163  		// See golang.org/issue/16481
  5164  		sc.sendWindowUpdate(nil, p.Len())
  5165  
  5166  		p.CloseWithError(err)
  5167  	}
  5168  	st.cw.Close() // signals Handler's CloseNotifier, unblocks writes, etc
  5169  	sc.writeSched.CloseStream(st.id)
  5170  }
  5171  
  5172  func (sc *http2serverConn) processSettings(f *http2SettingsFrame) error {
  5173  	sc.serveG.check()
  5174  	if f.IsAck() {
  5175  		sc.unackedSettings--
  5176  		if sc.unackedSettings < 0 {
  5177  			// Why is the peer ACKing settings we never sent?
  5178  			// The spec doesn't mention this case, but
  5179  			// hang up on them anyway.
  5180  			return http2ConnectionError(http2ErrCodeProtocol)
  5181  		}
  5182  		return nil
  5183  	}
  5184  	if err := f.ForeachSetting(sc.processSetting); err != nil {
  5185  		return err
  5186  	}
  5187  	sc.needToSendSettingsAck = true
  5188  	sc.scheduleFrameWrite()
  5189  	return nil
  5190  }
  5191  
  5192  func (sc *http2serverConn) processSetting(s http2Setting) error {
  5193  	sc.serveG.check()
  5194  	if err := s.Valid(); err != nil {
  5195  		return err
  5196  	}
  5197  	if http2VerboseLogs {
  5198  		sc.vlogf("http2: server processing setting %v", s)
  5199  	}
  5200  	switch s.ID {
  5201  	case http2SettingHeaderTableSize:
  5202  		sc.headerTableSize = s.Val
  5203  		sc.hpackEncoder.SetMaxDynamicTableSize(s.Val)
  5204  	case http2SettingEnablePush:
  5205  		sc.pushEnabled = s.Val != 0
  5206  	case http2SettingMaxConcurrentStreams:
  5207  		sc.clientMaxStreams = s.Val
  5208  	case http2SettingInitialWindowSize:
  5209  		return sc.processSettingInitialWindowSize(s.Val)
  5210  	case http2SettingMaxFrameSize:
  5211  		sc.maxFrameSize = int32(s.Val) // the maximum valid s.Val is < 2^31
  5212  	case http2SettingMaxHeaderListSize:
  5213  		sc.peerMaxHeaderListSize = s.Val
  5214  	default:
  5215  		// Unknown setting: "An endpoint that receives a SETTINGS
  5216  		// frame with any unknown or unsupported identifier MUST
  5217  		// ignore that setting."
  5218  		if http2VerboseLogs {
  5219  			sc.vlogf("http2: server ignoring unknown setting %v", s)
  5220  		}
  5221  	}
  5222  	return nil
  5223  }
  5224  
  5225  func (sc *http2serverConn) processSettingInitialWindowSize(val uint32) error {
  5226  	sc.serveG.check()
  5227  	// Note: val already validated to be within range by
  5228  	// processSetting's Valid call.
  5229  
  5230  	// "A SETTINGS frame can alter the initial flow control window
  5231  	// size for all current streams. When the value of
  5232  	// SETTINGS_INITIAL_WINDOW_SIZE changes, a receiver MUST
  5233  	// adjust the size of all stream flow control windows that it
  5234  	// maintains by the difference between the new value and the
  5235  	// old value."
  5236  	old := sc.initialStreamSendWindowSize
  5237  	sc.initialStreamSendWindowSize = int32(val)
  5238  	growth := int32(val) - old // may be negative
  5239  	for _, st := range sc.streams {
  5240  		if !st.flow.add(growth) {
  5241  			// 6.9.2 Initial Flow Control Window Size
  5242  			// "An endpoint MUST treat a change to
  5243  			// SETTINGS_INITIAL_WINDOW_SIZE that causes any flow
  5244  			// control window to exceed the maximum size as a
  5245  			// connection error (Section 5.4.1) of type
  5246  			// FLOW_CONTROL_ERROR."
  5247  			return http2ConnectionError(http2ErrCodeFlowControl)
  5248  		}
  5249  	}
  5250  	return nil
  5251  }
  5252  
  5253  func (sc *http2serverConn) processData(f *http2DataFrame) error {
  5254  	sc.serveG.check()
  5255  	if sc.inGoAway && sc.goAwayCode != http2ErrCodeNo {
  5256  		return nil
  5257  	}
  5258  	data := f.Data()
  5259  
  5260  	// "If a DATA frame is received whose stream is not in "open"
  5261  	// or "half closed (local)" state, the recipient MUST respond
  5262  	// with a stream error (Section 5.4.2) of type STREAM_CLOSED."
  5263  	id := f.Header().StreamID
  5264  	state, st := sc.state(id)
  5265  	if id == 0 || state == http2stateIdle {
  5266  		// Section 5.1: "Receiving any frame other than HEADERS
  5267  		// or PRIORITY on a stream in this state MUST be
  5268  		// treated as a connection error (Section 5.4.1) of
  5269  		// type PROTOCOL_ERROR."
  5270  		return http2ConnectionError(http2ErrCodeProtocol)
  5271  	}
  5272  	if st == nil || state != http2stateOpen || st.gotTrailerHeader || st.resetQueued {
  5273  		// This includes sending a RST_STREAM if the stream is
  5274  		// in stateHalfClosedLocal (which currently means that
  5275  		// the http.Handler returned, so it's done reading &
  5276  		// done writing). Try to stop the client from sending
  5277  		// more DATA.
  5278  
  5279  		// But still enforce their connection-level flow control,
  5280  		// and return any flow control bytes since we're not going
  5281  		// to consume them.
  5282  		if sc.inflow.available() < int32(f.Length) {
  5283  			return http2streamError(id, http2ErrCodeFlowControl)
  5284  		}
  5285  		// Deduct the flow control from inflow, since we're
  5286  		// going to immediately add it back in
  5287  		// sendWindowUpdate, which also schedules sending the
  5288  		// frames.
  5289  		sc.inflow.take(int32(f.Length))
  5290  		sc.sendWindowUpdate(nil, int(f.Length)) // conn-level
  5291  
  5292  		if st != nil && st.resetQueued {
  5293  			// Already have a stream error in flight. Don't send another.
  5294  			return nil
  5295  		}
  5296  		return http2streamError(id, http2ErrCodeStreamClosed)
  5297  	}
  5298  	if st.body == nil {
  5299  		panic("internal error: should have a body in this state")
  5300  	}
  5301  
  5302  	// Sender sending more than they'd declared?
  5303  	if st.declBodyBytes != -1 && st.bodyBytes+int64(len(data)) > st.declBodyBytes {
  5304  		st.body.CloseWithError(fmt.Errorf("sender tried to send more than declared Content-Length of %d bytes", st.declBodyBytes))
  5305  		return http2streamError(id, http2ErrCodeStreamClosed)
  5306  	}
  5307  	if f.Length > 0 {
  5308  		// Check whether the client has flow control quota.
  5309  		if st.inflow.available() < int32(f.Length) {
  5310  			return http2streamError(id, http2ErrCodeFlowControl)
  5311  		}
  5312  		st.inflow.take(int32(f.Length))
  5313  
  5314  		if len(data) > 0 {
  5315  			wrote, err := st.body.Write(data)
  5316  			if err != nil {
  5317  				return http2streamError(id, http2ErrCodeStreamClosed)
  5318  			}
  5319  			if wrote != len(data) {
  5320  				panic("internal error: bad Writer")
  5321  			}
  5322  			st.bodyBytes += int64(len(data))
  5323  		}
  5324  
  5325  		// Return any padded flow control now, since we won't
  5326  		// refund it later on body reads.
  5327  		if pad := int32(f.Length) - int32(len(data)); pad > 0 {
  5328  			sc.sendWindowUpdate32(nil, pad)
  5329  			sc.sendWindowUpdate32(st, pad)
  5330  		}
  5331  	}
  5332  	if f.StreamEnded() {
  5333  		st.endStream()
  5334  	}
  5335  	return nil
  5336  }
  5337  
  5338  func (sc *http2serverConn) processGoAway(f *http2GoAwayFrame) error {
  5339  	sc.serveG.check()
  5340  	if f.ErrCode != http2ErrCodeNo {
  5341  		sc.logf("http2: received GOAWAY %+v, starting graceful shutdown", f)
  5342  	} else {
  5343  		sc.vlogf("http2: received GOAWAY %+v, starting graceful shutdown", f)
  5344  	}
  5345  	sc.startGracefulShutdownInternal()
  5346  	// http://tools.ietf.org/html/rfc7540#section-6.8
  5347  	// We should not create any new streams, which means we should disable push.
  5348  	sc.pushEnabled = false
  5349  	return nil
  5350  }
  5351  
  5352  // isPushed reports whether the stream is server-initiated.
  5353  func (st *http2stream) isPushed() bool {
  5354  	return st.id%2 == 0
  5355  }
  5356  
  5357  // endStream closes a Request.Body's pipe. It is called when a DATA
  5358  // frame says a request body is over (or after trailers).
  5359  func (st *http2stream) endStream() {
  5360  	sc := st.sc
  5361  	sc.serveG.check()
  5362  
  5363  	if st.declBodyBytes != -1 && st.declBodyBytes != st.bodyBytes {
  5364  		st.body.CloseWithError(fmt.Errorf("request declared a Content-Length of %d but only wrote %d bytes",
  5365  			st.declBodyBytes, st.bodyBytes))
  5366  	} else {
  5367  		st.body.closeWithErrorAndCode(io.EOF, st.copyTrailersToHandlerRequest)
  5368  		st.body.CloseWithError(io.EOF)
  5369  	}
  5370  	st.state = http2stateHalfClosedRemote
  5371  }
  5372  
  5373  // copyTrailersToHandlerRequest is run in the Handler's goroutine in
  5374  // its Request.Body.Read just before it gets io.EOF.
  5375  func (st *http2stream) copyTrailersToHandlerRequest() {
  5376  	for k, vv := range st.trailer {
  5377  		if _, ok := st.reqTrailer[k]; ok {
  5378  			// Only copy it over it was pre-declared.
  5379  			st.reqTrailer[k] = vv
  5380  		}
  5381  	}
  5382  }
  5383  
  5384  // onWriteTimeout is run on its own goroutine (from time.AfterFunc)
  5385  // when the stream's WriteTimeout has fired.
  5386  func (st *http2stream) onWriteTimeout() {
  5387  	st.sc.writeFrameFromHandler(http2FrameWriteRequest{write: http2streamError(st.id, http2ErrCodeInternal)})
  5388  }
  5389  
  5390  func (sc *http2serverConn) processHeaders(f *http2MetaHeadersFrame) error {
  5391  	sc.serveG.check()
  5392  	id := f.StreamID
  5393  	if sc.inGoAway {
  5394  		// Ignore.
  5395  		return nil
  5396  	}
  5397  	// http://tools.ietf.org/html/rfc7540#section-5.1.1
  5398  	// Streams initiated by a client MUST use odd-numbered stream
  5399  	// identifiers. [...] An endpoint that receives an unexpected
  5400  	// stream identifier MUST respond with a connection error
  5401  	// (Section 5.4.1) of type PROTOCOL_ERROR.
  5402  	if id%2 != 1 {
  5403  		return http2ConnectionError(http2ErrCodeProtocol)
  5404  	}
  5405  	// A HEADERS frame can be used to create a new stream or
  5406  	// send a trailer for an open one. If we already have a stream
  5407  	// open, let it process its own HEADERS frame (trailers at this
  5408  	// point, if it's valid).
  5409  	if st := sc.streams[f.StreamID]; st != nil {
  5410  		if st.resetQueued {
  5411  			// We're sending RST_STREAM to close the stream, so don't bother
  5412  			// processing this frame.
  5413  			return nil
  5414  		}
  5415  		return st.processTrailerHeaders(f)
  5416  	}
  5417  
  5418  	// [...] The identifier of a newly established stream MUST be
  5419  	// numerically greater than all streams that the initiating
  5420  	// endpoint has opened or reserved. [...]  An endpoint that
  5421  	// receives an unexpected stream identifier MUST respond with
  5422  	// a connection error (Section 5.4.1) of type PROTOCOL_ERROR.
  5423  	if id <= sc.maxClientStreamID {
  5424  		return http2ConnectionError(http2ErrCodeProtocol)
  5425  	}
  5426  	sc.maxClientStreamID = id
  5427  
  5428  	if sc.idleTimer != nil {
  5429  		sc.idleTimer.Stop()
  5430  	}
  5431  
  5432  	// http://tools.ietf.org/html/rfc7540#section-5.1.2
  5433  	// [...] Endpoints MUST NOT exceed the limit set by their peer. An
  5434  	// endpoint that receives a HEADERS frame that causes their
  5435  	// advertised concurrent stream limit to be exceeded MUST treat
  5436  	// this as a stream error (Section 5.4.2) of type PROTOCOL_ERROR
  5437  	// or REFUSED_STREAM.
  5438  	if sc.curClientStreams+1 > sc.advMaxStreams {
  5439  		if sc.unackedSettings == 0 {
  5440  			// They should know better.
  5441  			return http2streamError(id, http2ErrCodeProtocol)
  5442  		}
  5443  		// Assume it's a network race, where they just haven't
  5444  		// received our last SETTINGS update. But actually
  5445  		// this can't happen yet, because we don't yet provide
  5446  		// a way for users to adjust server parameters at
  5447  		// runtime.
  5448  		return http2streamError(id, http2ErrCodeRefusedStream)
  5449  	}
  5450  
  5451  	initialState := http2stateOpen
  5452  	if f.StreamEnded() {
  5453  		initialState = http2stateHalfClosedRemote
  5454  	}
  5455  	st := sc.newStream(id, 0, initialState)
  5456  
  5457  	if f.HasPriority() {
  5458  		if err := http2checkPriority(f.StreamID, f.Priority); err != nil {
  5459  			return err
  5460  		}
  5461  		sc.writeSched.AdjustStream(st.id, f.Priority)
  5462  	}
  5463  
  5464  	rw, req, err := sc.newWriterAndRequest(st, f)
  5465  	if err != nil {
  5466  		return err
  5467  	}
  5468  	st.reqTrailer = req.Trailer
  5469  	if st.reqTrailer != nil {
  5470  		st.trailer = make(Header)
  5471  	}
  5472  	st.body = req.Body.(*http2requestBody).pipe // may be nil
  5473  	st.declBodyBytes = req.ContentLength
  5474  
  5475  	handler := sc.handler.ServeHTTP
  5476  	if f.Truncated {
  5477  		// Their header list was too long. Send a 431 error.
  5478  		handler = http2handleHeaderListTooLong
  5479  	} else if err := http2checkValidHTTP2RequestHeaders(req.Header); err != nil {
  5480  		handler = http2new400Handler(err)
  5481  	}
  5482  
  5483  	// The net/http package sets the read deadline from the
  5484  	// http.Server.ReadTimeout during the TLS handshake, but then
  5485  	// passes the connection off to us with the deadline already
  5486  	// set. Disarm it here after the request headers are read,
  5487  	// similar to how the http1 server works. Here it's
  5488  	// technically more like the http1 Server's ReadHeaderTimeout
  5489  	// (in Go 1.8), though. That's a more sane option anyway.
  5490  	if sc.hs.ReadTimeout != 0 {
  5491  		sc.conn.SetReadDeadline(time.Time{})
  5492  	}
  5493  
  5494  	go sc.runHandler(rw, req, handler)
  5495  	return nil
  5496  }
  5497  
  5498  func (st *http2stream) processTrailerHeaders(f *http2MetaHeadersFrame) error {
  5499  	sc := st.sc
  5500  	sc.serveG.check()
  5501  	if st.gotTrailerHeader {
  5502  		return http2ConnectionError(http2ErrCodeProtocol)
  5503  	}
  5504  	st.gotTrailerHeader = true
  5505  	if !f.StreamEnded() {
  5506  		return http2streamError(st.id, http2ErrCodeProtocol)
  5507  	}
  5508  
  5509  	if len(f.PseudoFields()) > 0 {
  5510  		return http2streamError(st.id, http2ErrCodeProtocol)
  5511  	}
  5512  	if st.trailer != nil {
  5513  		for _, hf := range f.RegularFields() {
  5514  			key := sc.canonicalHeader(hf.Name)
  5515  			if !http2ValidTrailerHeader(key) {
  5516  				// TODO: send more details to the peer somehow. But http2 has
  5517  				// no way to send debug data at a stream level. Discuss with
  5518  				// HTTP folk.
  5519  				return http2streamError(st.id, http2ErrCodeProtocol)
  5520  			}
  5521  			st.trailer[key] = append(st.trailer[key], hf.Value)
  5522  		}
  5523  	}
  5524  	st.endStream()
  5525  	return nil
  5526  }
  5527  
  5528  func http2checkPriority(streamID uint32, p http2PriorityParam) error {
  5529  	if streamID == p.StreamDep {
  5530  		// Section 5.3.1: "A stream cannot depend on itself. An endpoint MUST treat
  5531  		// this as a stream error (Section 5.4.2) of type PROTOCOL_ERROR."
  5532  		// Section 5.3.3 says that a stream can depend on one of its dependencies,
  5533  		// so it's only self-dependencies that are forbidden.
  5534  		return http2streamError(streamID, http2ErrCodeProtocol)
  5535  	}
  5536  	return nil
  5537  }
  5538  
  5539  func (sc *http2serverConn) processPriority(f *http2PriorityFrame) error {
  5540  	if sc.inGoAway {
  5541  		return nil
  5542  	}
  5543  	if err := http2checkPriority(f.StreamID, f.http2PriorityParam); err != nil {
  5544  		return err
  5545  	}
  5546  	sc.writeSched.AdjustStream(f.StreamID, f.http2PriorityParam)
  5547  	return nil
  5548  }
  5549  
  5550  func (sc *http2serverConn) newStream(id, pusherID uint32, state http2streamState) *http2stream {
  5551  	sc.serveG.check()
  5552  	if id == 0 {
  5553  		panic("internal error: cannot create stream with id 0")
  5554  	}
  5555  
  5556  	ctx, cancelCtx := http2contextWithCancel(sc.baseCtx)
  5557  	st := &http2stream{
  5558  		sc:        sc,
  5559  		id:        id,
  5560  		state:     state,
  5561  		ctx:       ctx,
  5562  		cancelCtx: cancelCtx,
  5563  	}
  5564  	st.cw.Init()
  5565  	st.flow.conn = &sc.flow // link to conn-level counter
  5566  	st.flow.add(sc.initialStreamSendWindowSize)
  5567  	st.inflow.conn = &sc.inflow // link to conn-level counter
  5568  	st.inflow.add(sc.srv.initialStreamRecvWindowSize())
  5569  	if sc.hs.WriteTimeout != 0 {
  5570  		st.writeDeadline = time.AfterFunc(sc.hs.WriteTimeout, st.onWriteTimeout)
  5571  	}
  5572  
  5573  	sc.streams[id] = st
  5574  	sc.writeSched.OpenStream(st.id, http2OpenStreamOptions{PusherID: pusherID})
  5575  	if st.isPushed() {
  5576  		sc.curPushedStreams++
  5577  	} else {
  5578  		sc.curClientStreams++
  5579  	}
  5580  	if sc.curOpenStreams() == 1 {
  5581  		sc.setConnState(StateActive)
  5582  	}
  5583  
  5584  	return st
  5585  }
  5586  
  5587  func (sc *http2serverConn) newWriterAndRequest(st *http2stream, f *http2MetaHeadersFrame) (*http2responseWriter, *Request, error) {
  5588  	sc.serveG.check()
  5589  
  5590  	rp := http2requestParam{
  5591  		method:    f.PseudoValue("method"),
  5592  		scheme:    f.PseudoValue("scheme"),
  5593  		authority: f.PseudoValue("authority"),
  5594  		path:      f.PseudoValue("path"),
  5595  	}
  5596  
  5597  	isConnect := rp.method == "CONNECT"
  5598  	if isConnect {
  5599  		if rp.path != "" || rp.scheme != "" || rp.authority == "" {
  5600  			return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol)
  5601  		}
  5602  	} else if rp.method == "" || rp.path == "" || (rp.scheme != "https" && rp.scheme != "http") {
  5603  		// See 8.1.2.6 Malformed Requests and Responses:
  5604  		//
  5605  		// Malformed requests or responses that are detected
  5606  		// MUST be treated as a stream error (Section 5.4.2)
  5607  		// of type PROTOCOL_ERROR."
  5608  		//
  5609  		// 8.1.2.3 Request Pseudo-Header Fields
  5610  		// "All HTTP/2 requests MUST include exactly one valid
  5611  		// value for the :method, :scheme, and :path
  5612  		// pseudo-header fields"
  5613  		return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol)
  5614  	}
  5615  
  5616  	bodyOpen := !f.StreamEnded()
  5617  	if rp.method == "HEAD" && bodyOpen {
  5618  		// HEAD requests can't have bodies
  5619  		return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol)
  5620  	}
  5621  
  5622  	rp.header = make(Header)
  5623  	for _, hf := range f.RegularFields() {
  5624  		rp.header.Add(sc.canonicalHeader(hf.Name), hf.Value)
  5625  	}
  5626  	if rp.authority == "" {
  5627  		rp.authority = rp.header.Get("Host")
  5628  	}
  5629  
  5630  	rw, req, err := sc.newWriterAndRequestNoBody(st, rp)
  5631  	if err != nil {
  5632  		return nil, nil, err
  5633  	}
  5634  	if bodyOpen {
  5635  		if vv, ok := rp.header["Content-Length"]; ok {
  5636  			req.ContentLength, _ = strconv.ParseInt(vv[0], 10, 64)
  5637  		} else {
  5638  			req.ContentLength = -1
  5639  		}
  5640  		req.Body.(*http2requestBody).pipe = &http2pipe{
  5641  			b: &http2dataBuffer{expected: req.ContentLength},
  5642  		}
  5643  	}
  5644  	return rw, req, nil
  5645  }
  5646  
  5647  type http2requestParam struct {
  5648  	method                  string
  5649  	scheme, authority, path string
  5650  	header                  Header
  5651  }
  5652  
  5653  func (sc *http2serverConn) newWriterAndRequestNoBody(st *http2stream, rp http2requestParam) (*http2responseWriter, *Request, error) {
  5654  	sc.serveG.check()
  5655  
  5656  	var tlsState *tls.ConnectionState // nil if not scheme https
  5657  	if rp.scheme == "https" {
  5658  		tlsState = sc.tlsState
  5659  	}
  5660  
  5661  	needsContinue := rp.header.Get("Expect") == "100-continue"
  5662  	if needsContinue {
  5663  		rp.header.Del("Expect")
  5664  	}
  5665  	// Merge Cookie headers into one "; "-delimited value.
  5666  	if cookies := rp.header["Cookie"]; len(cookies) > 1 {
  5667  		rp.header.Set("Cookie", strings.Join(cookies, "; "))
  5668  	}
  5669  
  5670  	// Setup Trailers
  5671  	var trailer Header
  5672  	for _, v := range rp.header["Trailer"] {
  5673  		for _, key := range strings.Split(v, ",") {
  5674  			key = CanonicalHeaderKey(strings.TrimSpace(key))
  5675  			switch key {
  5676  			case "Transfer-Encoding", "Trailer", "Content-Length":
  5677  				// Bogus. (copy of http1 rules)
  5678  				// Ignore.
  5679  			default:
  5680  				if trailer == nil {
  5681  					trailer = make(Header)
  5682  				}
  5683  				trailer[key] = nil
  5684  			}
  5685  		}
  5686  	}
  5687  	delete(rp.header, "Trailer")
  5688  
  5689  	var url_ *url.URL
  5690  	var requestURI string
  5691  	if rp.method == "CONNECT" {
  5692  		url_ = &url.URL{Host: rp.authority}
  5693  		requestURI = rp.authority // mimic HTTP/1 server behavior
  5694  	} else {
  5695  		var err error
  5696  		url_, err = url.ParseRequestURI(rp.path)
  5697  		if err != nil {
  5698  			return nil, nil, http2streamError(st.id, http2ErrCodeProtocol)
  5699  		}
  5700  		requestURI = rp.path
  5701  	}
  5702  
  5703  	body := &http2requestBody{
  5704  		conn:          sc,
  5705  		stream:        st,
  5706  		needsContinue: needsContinue,
  5707  	}
  5708  	req := &Request{
  5709  		Method:     rp.method,
  5710  		URL:        url_,
  5711  		RemoteAddr: sc.remoteAddrStr,
  5712  		Header:     rp.header,
  5713  		RequestURI: requestURI,
  5714  		Proto:      "HTTP/2.0",
  5715  		ProtoMajor: 2,
  5716  		ProtoMinor: 0,
  5717  		TLS:        tlsState,
  5718  		Host:       rp.authority,
  5719  		Body:       body,
  5720  		Trailer:    trailer,
  5721  	}
  5722  	req = http2requestWithContext(req, st.ctx)
  5723  
  5724  	rws := http2responseWriterStatePool.Get().(*http2responseWriterState)
  5725  	bwSave := rws.bw
  5726  	*rws = http2responseWriterState{} // zero all the fields
  5727  	rws.conn = sc
  5728  	rws.bw = bwSave
  5729  	rws.bw.Reset(http2chunkWriter{rws})
  5730  	rws.stream = st
  5731  	rws.req = req
  5732  	rws.body = body
  5733  
  5734  	rw := &http2responseWriter{rws: rws}
  5735  	return rw, req, nil
  5736  }
  5737  
  5738  // Run on its own goroutine.
  5739  func (sc *http2serverConn) runHandler(rw *http2responseWriter, req *Request, handler func(ResponseWriter, *Request)) {
  5740  	didPanic := true
  5741  	defer func() {
  5742  		rw.rws.stream.cancelCtx()
  5743  		if didPanic {
  5744  			e := recover()
  5745  			sc.writeFrameFromHandler(http2FrameWriteRequest{
  5746  				write:  http2handlerPanicRST{rw.rws.stream.id},
  5747  				stream: rw.rws.stream,
  5748  			})
  5749  			// Same as net/http:
  5750  			if http2shouldLogPanic(e) {
  5751  				const size = 64 << 10
  5752  				buf := make([]byte, size)
  5753  				buf = buf[:runtime.Stack(buf, false)]
  5754  				sc.logf("http2: panic serving %v: %v\n%s", sc.conn.RemoteAddr(), e, buf)
  5755  			}
  5756  			return
  5757  		}
  5758  		rw.handlerDone()
  5759  	}()
  5760  	handler(rw, req)
  5761  	didPanic = false
  5762  }
  5763  
  5764  func http2handleHeaderListTooLong(w ResponseWriter, r *Request) {
  5765  	// 10.5.1 Limits on Header Block Size:
  5766  	// .. "A server that receives a larger header block than it is
  5767  	// willing to handle can send an HTTP 431 (Request Header Fields Too
  5768  	// Large) status code"
  5769  	const statusRequestHeaderFieldsTooLarge = 431 // only in Go 1.6+
  5770  	w.WriteHeader(statusRequestHeaderFieldsTooLarge)
  5771  	io.WriteString(w, "<h1>HTTP Error 431</h1><p>Request Header Field(s) Too Large</p>")
  5772  }
  5773  
  5774  // called from handler goroutines.
  5775  // h may be nil.
  5776  func (sc *http2serverConn) writeHeaders(st *http2stream, headerData *http2writeResHeaders) error {
  5777  	sc.serveG.checkNotOn() // NOT on
  5778  	var errc chan error
  5779  	if headerData.h != nil {
  5780  		// If there's a header map (which we don't own), so we have to block on
  5781  		// waiting for this frame to be written, so an http.Flush mid-handler
  5782  		// writes out the correct value of keys, before a handler later potentially
  5783  		// mutates it.
  5784  		errc = http2errChanPool.Get().(chan error)
  5785  	}
  5786  	if err := sc.writeFrameFromHandler(http2FrameWriteRequest{
  5787  		write:  headerData,
  5788  		stream: st,
  5789  		done:   errc,
  5790  	}); err != nil {
  5791  		return err
  5792  	}
  5793  	if errc != nil {
  5794  		select {
  5795  		case err := <-errc:
  5796  			http2errChanPool.Put(errc)
  5797  			return err
  5798  		case <-sc.doneServing:
  5799  			return http2errClientDisconnected
  5800  		case <-st.cw:
  5801  			return http2errStreamClosed
  5802  		}
  5803  	}
  5804  	return nil
  5805  }
  5806  
  5807  // called from handler goroutines.
  5808  func (sc *http2serverConn) write100ContinueHeaders(st *http2stream) {
  5809  	sc.writeFrameFromHandler(http2FrameWriteRequest{
  5810  		write:  http2write100ContinueHeadersFrame{st.id},
  5811  		stream: st,
  5812  	})
  5813  }
  5814  
  5815  // A bodyReadMsg tells the server loop that the http.Handler read n
  5816  // bytes of the DATA from the client on the given stream.
  5817  type http2bodyReadMsg struct {
  5818  	st *http2stream
  5819  	n  int
  5820  }
  5821  
  5822  // called from handler goroutines.
  5823  // Notes that the handler for the given stream ID read n bytes of its body
  5824  // and schedules flow control tokens to be sent.
  5825  func (sc *http2serverConn) noteBodyReadFromHandler(st *http2stream, n int, err error) {
  5826  	sc.serveG.checkNotOn() // NOT on
  5827  	if n > 0 {
  5828  		select {
  5829  		case sc.bodyReadCh <- http2bodyReadMsg{st, n}:
  5830  		case <-sc.doneServing:
  5831  		}
  5832  	}
  5833  }
  5834  
  5835  func (sc *http2serverConn) noteBodyRead(st *http2stream, n int) {
  5836  	sc.serveG.check()
  5837  	sc.sendWindowUpdate(nil, n) // conn-level
  5838  	if st.state != http2stateHalfClosedRemote && st.state != http2stateClosed {
  5839  		// Don't send this WINDOW_UPDATE if the stream is closed
  5840  		// remotely.
  5841  		sc.sendWindowUpdate(st, n)
  5842  	}
  5843  }
  5844  
  5845  // st may be nil for conn-level
  5846  func (sc *http2serverConn) sendWindowUpdate(st *http2stream, n int) {
  5847  	sc.serveG.check()
  5848  	// "The legal range for the increment to the flow control
  5849  	// window is 1 to 2^31-1 (2,147,483,647) octets."
  5850  	// A Go Read call on 64-bit machines could in theory read
  5851  	// a larger Read than this. Very unlikely, but we handle it here
  5852  	// rather than elsewhere for now.
  5853  	const maxUint31 = 1<<31 - 1
  5854  	for n >= maxUint31 {
  5855  		sc.sendWindowUpdate32(st, maxUint31)
  5856  		n -= maxUint31
  5857  	}
  5858  	sc.sendWindowUpdate32(st, int32(n))
  5859  }
  5860  
  5861  // st may be nil for conn-level
  5862  func (sc *http2serverConn) sendWindowUpdate32(st *http2stream, n int32) {
  5863  	sc.serveG.check()
  5864  	if n == 0 {
  5865  		return
  5866  	}
  5867  	if n < 0 {
  5868  		panic("negative update")
  5869  	}
  5870  	var streamID uint32
  5871  	if st != nil {
  5872  		streamID = st.id
  5873  	}
  5874  	sc.writeFrame(http2FrameWriteRequest{
  5875  		write:  http2writeWindowUpdate{streamID: streamID, n: uint32(n)},
  5876  		stream: st,
  5877  	})
  5878  	var ok bool
  5879  	if st == nil {
  5880  		ok = sc.inflow.add(n)
  5881  	} else {
  5882  		ok = st.inflow.add(n)
  5883  	}
  5884  	if !ok {
  5885  		panic("internal error; sent too many window updates without decrements?")
  5886  	}
  5887  }
  5888  
  5889  // requestBody is the Handler's Request.Body type.
  5890  // Read and Close may be called concurrently.
  5891  type http2requestBody struct {
  5892  	stream        *http2stream
  5893  	conn          *http2serverConn
  5894  	closed        bool       // for use by Close only
  5895  	sawEOF        bool       // for use by Read only
  5896  	pipe          *http2pipe // non-nil if we have a HTTP entity message body
  5897  	needsContinue bool       // need to send a 100-continue
  5898  }
  5899  
  5900  func (b *http2requestBody) Close() error {
  5901  	if b.pipe != nil && !b.closed {
  5902  		b.pipe.BreakWithError(http2errClosedBody)
  5903  	}
  5904  	b.closed = true
  5905  	return nil
  5906  }
  5907  
  5908  func (b *http2requestBody) Read(p []byte) (n int, err error) {
  5909  	if b.needsContinue {
  5910  		b.needsContinue = false
  5911  		b.conn.write100ContinueHeaders(b.stream)
  5912  	}
  5913  	if b.pipe == nil || b.sawEOF {
  5914  		return 0, io.EOF
  5915  	}
  5916  	n, err = b.pipe.Read(p)
  5917  	if err == io.EOF {
  5918  		b.sawEOF = true
  5919  	}
  5920  	if b.conn == nil && http2inTests {
  5921  		return
  5922  	}
  5923  	b.conn.noteBodyReadFromHandler(b.stream, n, err)
  5924  	return
  5925  }
  5926  
  5927  // responseWriter is the http.ResponseWriter implementation. It's
  5928  // intentionally small (1 pointer wide) to minimize garbage. The
  5929  // responseWriterState pointer inside is zeroed at the end of a
  5930  // request (in handlerDone) and calls on the responseWriter thereafter
  5931  // simply crash (caller's mistake), but the much larger responseWriterState
  5932  // and buffers are reused between multiple requests.
  5933  type http2responseWriter struct {
  5934  	rws *http2responseWriterState
  5935  }
  5936  
  5937  // Optional http.ResponseWriter interfaces implemented.
  5938  var (
  5939  	_ CloseNotifier     = (*http2responseWriter)(nil)
  5940  	_ Flusher           = (*http2responseWriter)(nil)
  5941  	_ http2stringWriter = (*http2responseWriter)(nil)
  5942  )
  5943  
  5944  type http2responseWriterState struct {
  5945  	// immutable within a request:
  5946  	stream *http2stream
  5947  	req    *Request
  5948  	body   *http2requestBody // to close at end of request, if DATA frames didn't
  5949  	conn   *http2serverConn
  5950  
  5951  	// TODO: adjust buffer writing sizes based on server config, frame size updates from peer, etc
  5952  	bw *bufio.Writer // writing to a chunkWriter{this *responseWriterState}
  5953  
  5954  	// mutated by http.Handler goroutine:
  5955  	handlerHeader Header   // nil until called
  5956  	snapHeader    Header   // snapshot of handlerHeader at WriteHeader time
  5957  	trailers      []string // set in writeChunk
  5958  	status        int      // status code passed to WriteHeader
  5959  	wroteHeader   bool     // WriteHeader called (explicitly or implicitly). Not necessarily sent to user yet.
  5960  	sentHeader    bool     // have we sent the header frame?
  5961  	handlerDone   bool     // handler has finished
  5962  	dirty         bool     // a Write failed; don't reuse this responseWriterState
  5963  
  5964  	sentContentLen int64 // non-zero if handler set a Content-Length header
  5965  	wroteBytes     int64
  5966  
  5967  	closeNotifierMu sync.Mutex // guards closeNotifierCh
  5968  	closeNotifierCh chan bool  // nil until first used
  5969  }
  5970  
  5971  type http2chunkWriter struct{ rws *http2responseWriterState }
  5972  
  5973  func (cw http2chunkWriter) Write(p []byte) (n int, err error) { return cw.rws.writeChunk(p) }
  5974  
  5975  func (rws *http2responseWriterState) hasTrailers() bool { return len(rws.trailers) != 0 }
  5976  
  5977  // declareTrailer is called for each Trailer header when the
  5978  // response header is written. It notes that a header will need to be
  5979  // written in the trailers at the end of the response.
  5980  func (rws *http2responseWriterState) declareTrailer(k string) {
  5981  	k = CanonicalHeaderKey(k)
  5982  	if !http2ValidTrailerHeader(k) {
  5983  		// Forbidden by RFC 2616 14.40.
  5984  		rws.conn.logf("ignoring invalid trailer %q", k)
  5985  		return
  5986  	}
  5987  	if !http2strSliceContains(rws.trailers, k) {
  5988  		rws.trailers = append(rws.trailers, k)
  5989  	}
  5990  }
  5991  
  5992  // writeChunk writes chunks from the bufio.Writer. But because
  5993  // bufio.Writer may bypass its chunking, sometimes p may be
  5994  // arbitrarily large.
  5995  //
  5996  // writeChunk is also responsible (on the first chunk) for sending the
  5997  // HEADER response.
  5998  func (rws *http2responseWriterState) writeChunk(p []byte) (n int, err error) {
  5999  	if !rws.wroteHeader {
  6000  		rws.writeHeader(200)
  6001  	}
  6002  
  6003  	isHeadResp := rws.req.Method == "HEAD"
  6004  	if !rws.sentHeader {
  6005  		rws.sentHeader = true
  6006  		var ctype, clen string
  6007  		if clen = rws.snapHeader.Get("Content-Length"); clen != "" {
  6008  			rws.snapHeader.Del("Content-Length")
  6009  			clen64, err := strconv.ParseInt(clen, 10, 64)
  6010  			if err == nil && clen64 >= 0 {
  6011  				rws.sentContentLen = clen64
  6012  			} else {
  6013  				clen = ""
  6014  			}
  6015  		}
  6016  		if clen == "" && rws.handlerDone && http2bodyAllowedForStatus(rws.status) && (len(p) > 0 || !isHeadResp) {
  6017  			clen = strconv.Itoa(len(p))
  6018  		}
  6019  		_, hasContentType := rws.snapHeader["Content-Type"]
  6020  		if !hasContentType && http2bodyAllowedForStatus(rws.status) && len(p) > 0 {
  6021  			ctype = DetectContentType(p)
  6022  		}
  6023  		var date string
  6024  		if _, ok := rws.snapHeader["Date"]; !ok {
  6025  			// TODO(bradfitz): be faster here, like net/http? measure.
  6026  			date = time.Now().UTC().Format(TimeFormat)
  6027  		}
  6028  
  6029  		for _, v := range rws.snapHeader["Trailer"] {
  6030  			http2foreachHeaderElement(v, rws.declareTrailer)
  6031  		}
  6032  
  6033  		endStream := (rws.handlerDone && !rws.hasTrailers() && len(p) == 0) || isHeadResp
  6034  		err = rws.conn.writeHeaders(rws.stream, &http2writeResHeaders{
  6035  			streamID:      rws.stream.id,
  6036  			httpResCode:   rws.status,
  6037  			h:             rws.snapHeader,
  6038  			endStream:     endStream,
  6039  			contentType:   ctype,
  6040  			contentLength: clen,
  6041  			date:          date,
  6042  		})
  6043  		if err != nil {
  6044  			rws.dirty = true
  6045  			return 0, err
  6046  		}
  6047  		if endStream {
  6048  			return 0, nil
  6049  		}
  6050  	}
  6051  	if isHeadResp {
  6052  		return len(p), nil
  6053  	}
  6054  	if len(p) == 0 && !rws.handlerDone {
  6055  		return 0, nil
  6056  	}
  6057  
  6058  	if rws.handlerDone {
  6059  		rws.promoteUndeclaredTrailers()
  6060  	}
  6061  
  6062  	endStream := rws.handlerDone && !rws.hasTrailers()
  6063  	if len(p) > 0 || endStream {
  6064  		// only send a 0 byte DATA frame if we're ending the stream.
  6065  		if err := rws.conn.writeDataFromHandler(rws.stream, p, endStream); err != nil {
  6066  			rws.dirty = true
  6067  			return 0, err
  6068  		}
  6069  	}
  6070  
  6071  	if rws.handlerDone && rws.hasTrailers() {
  6072  		err = rws.conn.writeHeaders(rws.stream, &http2writeResHeaders{
  6073  			streamID:  rws.stream.id,
  6074  			h:         rws.handlerHeader,
  6075  			trailers:  rws.trailers,
  6076  			endStream: true,
  6077  		})
  6078  		if err != nil {
  6079  			rws.dirty = true
  6080  		}
  6081  		return len(p), err
  6082  	}
  6083  	return len(p), nil
  6084  }
  6085  
  6086  // TrailerPrefix is a magic prefix for ResponseWriter.Header map keys
  6087  // that, if present, signals that the map entry is actually for
  6088  // the response trailers, and not the response headers. The prefix
  6089  // is stripped after the ServeHTTP call finishes and the values are
  6090  // sent in the trailers.
  6091  //
  6092  // This mechanism is intended only for trailers that are not known
  6093  // prior to the headers being written. If the set of trailers is fixed
  6094  // or known before the header is written, the normal Go trailers mechanism
  6095  // is preferred:
  6096  //    https://golang.org/pkg/net/http/#ResponseWriter
  6097  //    https://golang.org/pkg/net/http/#example_ResponseWriter_trailers
  6098  const http2TrailerPrefix = "Trailer:"
  6099  
  6100  // promoteUndeclaredTrailers permits http.Handlers to set trailers
  6101  // after the header has already been flushed. Because the Go
  6102  // ResponseWriter interface has no way to set Trailers (only the
  6103  // Header), and because we didn't want to expand the ResponseWriter
  6104  // interface, and because nobody used trailers, and because RFC 2616
  6105  // says you SHOULD (but not must) predeclare any trailers in the
  6106  // header, the official ResponseWriter rules said trailers in Go must
  6107  // be predeclared, and then we reuse the same ResponseWriter.Header()
  6108  // map to mean both Headers and Trailers. When it's time to write the
  6109  // Trailers, we pick out the fields of Headers that were declared as
  6110  // trailers. That worked for a while, until we found the first major
  6111  // user of Trailers in the wild: gRPC (using them only over http2),
  6112  // and gRPC libraries permit setting trailers mid-stream without
  6113  // predeclarnig them. So: change of plans. We still permit the old
  6114  // way, but we also permit this hack: if a Header() key begins with
  6115  // "Trailer:", the suffix of that key is a Trailer. Because ':' is an
  6116  // invalid token byte anyway, there is no ambiguity. (And it's already
  6117  // filtered out) It's mildly hacky, but not terrible.
  6118  //
  6119  // This method runs after the Handler is done and promotes any Header
  6120  // fields to be trailers.
  6121  func (rws *http2responseWriterState) promoteUndeclaredTrailers() {
  6122  	for k, vv := range rws.handlerHeader {
  6123  		if !strings.HasPrefix(k, http2TrailerPrefix) {
  6124  			continue
  6125  		}
  6126  		trailerKey := strings.TrimPrefix(k, http2TrailerPrefix)
  6127  		rws.declareTrailer(trailerKey)
  6128  		rws.handlerHeader[CanonicalHeaderKey(trailerKey)] = vv
  6129  	}
  6130  
  6131  	if len(rws.trailers) > 1 {
  6132  		sorter := http2sorterPool.Get().(*http2sorter)
  6133  		sorter.SortStrings(rws.trailers)
  6134  		http2sorterPool.Put(sorter)
  6135  	}
  6136  }
  6137  
  6138  func (w *http2responseWriter) Flush() {
  6139  	rws := w.rws
  6140  	if rws == nil {
  6141  		panic("Header called after Handler finished")
  6142  	}
  6143  	if rws.bw.Buffered() > 0 {
  6144  		if err := rws.bw.Flush(); err != nil {
  6145  			// Ignore the error. The frame writer already knows.
  6146  			return
  6147  		}
  6148  	} else {
  6149  		// The bufio.Writer won't call chunkWriter.Write
  6150  		// (writeChunk with zero bytes, so we have to do it
  6151  		// ourselves to force the HTTP response header and/or
  6152  		// final DATA frame (with END_STREAM) to be sent.
  6153  		rws.writeChunk(nil)
  6154  	}
  6155  }
  6156  
  6157  func (w *http2responseWriter) CloseNotify() <-chan bool {
  6158  	rws := w.rws
  6159  	if rws == nil {
  6160  		panic("CloseNotify called after Handler finished")
  6161  	}
  6162  	rws.closeNotifierMu.Lock()
  6163  	ch := rws.closeNotifierCh
  6164  	if ch == nil {
  6165  		ch = make(chan bool, 1)
  6166  		rws.closeNotifierCh = ch
  6167  		cw := rws.stream.cw
  6168  		go func() {
  6169  			cw.Wait() // wait for close
  6170  			ch <- true
  6171  		}()
  6172  	}
  6173  	rws.closeNotifierMu.Unlock()
  6174  	return ch
  6175  }
  6176  
  6177  func (w *http2responseWriter) Header() Header {
  6178  	rws := w.rws
  6179  	if rws == nil {
  6180  		panic("Header called after Handler finished")
  6181  	}
  6182  	if rws.handlerHeader == nil {
  6183  		rws.handlerHeader = make(Header)
  6184  	}
  6185  	return rws.handlerHeader
  6186  }
  6187  
  6188  // checkWriteHeaderCode is a copy of net/http's checkWriteHeaderCode.
  6189  func http2checkWriteHeaderCode(code int) {
  6190  	// Issue 22880: require valid WriteHeader status codes.
  6191  	// For now we only enforce that it's three digits.
  6192  	// In the future we might block things over 599 (600 and above aren't defined
  6193  	// at http://httpwg.org/specs/rfc7231.html#status.codes)
  6194  	// and we might block under 200 (once we have more mature 1xx support).
  6195  	// But for now any three digits.
  6196  	//
  6197  	// We used to send "HTTP/1.1 000 0" on the wire in responses but there's
  6198  	// no equivalent bogus thing we can realistically send in HTTP/2,
  6199  	// so we'll consistently panic instead and help people find their bugs
  6200  	// early. (We can't return an error from WriteHeader even if we wanted to.)
  6201  	if code < 100 || code > 999 {
  6202  		panic(fmt.Sprintf("invalid WriteHeader code %v", code))
  6203  	}
  6204  }
  6205  
  6206  func (w *http2responseWriter) WriteHeader(code int) {
  6207  	rws := w.rws
  6208  	if rws == nil {
  6209  		panic("WriteHeader called after Handler finished")
  6210  	}
  6211  	rws.writeHeader(code)
  6212  }
  6213  
  6214  func (rws *http2responseWriterState) writeHeader(code int) {
  6215  	if !rws.wroteHeader {
  6216  		http2checkWriteHeaderCode(code)
  6217  		rws.wroteHeader = true
  6218  		rws.status = code
  6219  		if len(rws.handlerHeader) > 0 {
  6220  			rws.snapHeader = http2cloneHeader(rws.handlerHeader)
  6221  		}
  6222  	}
  6223  }
  6224  
  6225  func http2cloneHeader(h Header) Header {
  6226  	h2 := make(Header, len(h))
  6227  	for k, vv := range h {
  6228  		vv2 := make([]string, len(vv))
  6229  		copy(vv2, vv)
  6230  		h2[k] = vv2
  6231  	}
  6232  	return h2
  6233  }
  6234  
  6235  // The Life Of A Write is like this:
  6236  //
  6237  // * Handler calls w.Write or w.WriteString ->
  6238  // * -> rws.bw (*bufio.Writer) ->
  6239  // * (Handler might call Flush)
  6240  // * -> chunkWriter{rws}
  6241  // * -> responseWriterState.writeChunk(p []byte)
  6242  // * -> responseWriterState.writeChunk (most of the magic; see comment there)
  6243  func (w *http2responseWriter) Write(p []byte) (n int, err error) {
  6244  	return w.write(len(p), p, "")
  6245  }
  6246  
  6247  func (w *http2responseWriter) WriteString(s string) (n int, err error) {
  6248  	return w.write(len(s), nil, s)
  6249  }
  6250  
  6251  // either dataB or dataS is non-zero.
  6252  func (w *http2responseWriter) write(lenData int, dataB []byte, dataS string) (n int, err error) {
  6253  	rws := w.rws
  6254  	if rws == nil {
  6255  		panic("Write called after Handler finished")
  6256  	}
  6257  	if !rws.wroteHeader {
  6258  		w.WriteHeader(200)
  6259  	}
  6260  	if !http2bodyAllowedForStatus(rws.status) {
  6261  		return 0, ErrBodyNotAllowed
  6262  	}
  6263  	rws.wroteBytes += int64(len(dataB)) + int64(len(dataS)) // only one can be set
  6264  	if rws.sentContentLen != 0 && rws.wroteBytes > rws.sentContentLen {
  6265  		// TODO: send a RST_STREAM
  6266  		return 0, errors.New("http2: handler wrote more than declared Content-Length")
  6267  	}
  6268  
  6269  	if dataB != nil {
  6270  		return rws.bw.Write(dataB)
  6271  	} else {
  6272  		return rws.bw.WriteString(dataS)
  6273  	}
  6274  }
  6275  
  6276  func (w *http2responseWriter) handlerDone() {
  6277  	rws := w.rws
  6278  	dirty := rws.dirty
  6279  	rws.handlerDone = true
  6280  	w.Flush()
  6281  	w.rws = nil
  6282  	if !dirty {
  6283  		// Only recycle the pool if all prior Write calls to
  6284  		// the serverConn goroutine completed successfully. If
  6285  		// they returned earlier due to resets from the peer
  6286  		// there might still be write goroutines outstanding
  6287  		// from the serverConn referencing the rws memory. See
  6288  		// issue 20704.
  6289  		http2responseWriterStatePool.Put(rws)
  6290  	}
  6291  }
  6292  
  6293  // Push errors.
  6294  var (
  6295  	http2ErrRecursivePush    = errors.New("http2: recursive push not allowed")
  6296  	http2ErrPushLimitReached = errors.New("http2: push would exceed peer's SETTINGS_MAX_CONCURRENT_STREAMS")
  6297  )
  6298  
  6299  // pushOptions is the internal version of http.PushOptions, which we
  6300  // cannot include here because it's only defined in Go 1.8 and later.
  6301  type http2pushOptions struct {
  6302  	Method string
  6303  	Header Header
  6304  }
  6305  
  6306  func (w *http2responseWriter) push(target string, opts http2pushOptions) error {
  6307  	st := w.rws.stream
  6308  	sc := st.sc
  6309  	sc.serveG.checkNotOn()
  6310  
  6311  	// No recursive pushes: "PUSH_PROMISE frames MUST only be sent on a peer-initiated stream."
  6312  	// http://tools.ietf.org/html/rfc7540#section-6.6
  6313  	if st.isPushed() {
  6314  		return http2ErrRecursivePush
  6315  	}
  6316  
  6317  	// Default options.
  6318  	if opts.Method == "" {
  6319  		opts.Method = "GET"
  6320  	}
  6321  	if opts.Header == nil {
  6322  		opts.Header = Header{}
  6323  	}
  6324  	wantScheme := "http"
  6325  	if w.rws.req.TLS != nil {
  6326  		wantScheme = "https"
  6327  	}
  6328  
  6329  	// Validate the request.
  6330  	u, err := url.Parse(target)
  6331  	if err != nil {
  6332  		return err
  6333  	}
  6334  	if u.Scheme == "" {
  6335  		if !strings.HasPrefix(target, "/") {
  6336  			return fmt.Errorf("target must be an absolute URL or an absolute path: %q", target)
  6337  		}
  6338  		u.Scheme = wantScheme
  6339  		u.Host = w.rws.req.Host
  6340  	} else {
  6341  		if u.Scheme != wantScheme {
  6342  			return fmt.Errorf("cannot push URL with scheme %q from request with scheme %q", u.Scheme, wantScheme)
  6343  		}
  6344  		if u.Host == "" {
  6345  			return errors.New("URL must have a host")
  6346  		}
  6347  	}
  6348  	for k := range opts.Header {
  6349  		if strings.HasPrefix(k, ":") {
  6350  			return fmt.Errorf("promised request headers cannot include pseudo header %q", k)
  6351  		}
  6352  		// These headers are meaningful only if the request has a body,
  6353  		// but PUSH_PROMISE requests cannot have a body.
  6354  		// http://tools.ietf.org/html/rfc7540#section-8.2
  6355  		// Also disallow Host, since the promised URL must be absolute.
  6356  		switch strings.ToLower(k) {
  6357  		case "content-length", "content-encoding", "trailer", "te", "expect", "host":
  6358  			return fmt.Errorf("promised request headers cannot include %q", k)
  6359  		}
  6360  	}
  6361  	if err := http2checkValidHTTP2RequestHeaders(opts.Header); err != nil {
  6362  		return err
  6363  	}
  6364  
  6365  	// The RFC effectively limits promised requests to GET and HEAD:
  6366  	// "Promised requests MUST be cacheable [GET, HEAD, or POST], and MUST be safe [GET or HEAD]"
  6367  	// http://tools.ietf.org/html/rfc7540#section-8.2
  6368  	if opts.Method != "GET" && opts.Method != "HEAD" {
  6369  		return fmt.Errorf("method %q must be GET or HEAD", opts.Method)
  6370  	}
  6371  
  6372  	msg := &http2startPushRequest{
  6373  		parent: st,
  6374  		method: opts.Method,
  6375  		url:    u,
  6376  		header: http2cloneHeader(opts.Header),
  6377  		done:   http2errChanPool.Get().(chan error),
  6378  	}
  6379  
  6380  	select {
  6381  	case <-sc.doneServing:
  6382  		return http2errClientDisconnected
  6383  	case <-st.cw:
  6384  		return http2errStreamClosed
  6385  	case sc.serveMsgCh <- msg:
  6386  	}
  6387  
  6388  	select {
  6389  	case <-sc.doneServing:
  6390  		return http2errClientDisconnected
  6391  	case <-st.cw:
  6392  		return http2errStreamClosed
  6393  	case err := <-msg.done:
  6394  		http2errChanPool.Put(msg.done)
  6395  		return err
  6396  	}
  6397  }
  6398  
  6399  type http2startPushRequest struct {
  6400  	parent *http2stream
  6401  	method string
  6402  	url    *url.URL
  6403  	header Header
  6404  	done   chan error
  6405  }
  6406  
  6407  func (sc *http2serverConn) startPush(msg *http2startPushRequest) {
  6408  	sc.serveG.check()
  6409  
  6410  	// http://tools.ietf.org/html/rfc7540#section-6.6.
  6411  	// PUSH_PROMISE frames MUST only be sent on a peer-initiated stream that
  6412  	// is in either the "open" or "half-closed (remote)" state.
  6413  	if msg.parent.state != http2stateOpen && msg.parent.state != http2stateHalfClosedRemote {
  6414  		// responseWriter.Push checks that the stream is peer-initiaed.
  6415  		msg.done <- http2errStreamClosed
  6416  		return
  6417  	}
  6418  
  6419  	// http://tools.ietf.org/html/rfc7540#section-6.6.
  6420  	if !sc.pushEnabled {
  6421  		msg.done <- ErrNotSupported
  6422  		return
  6423  	}
  6424  
  6425  	// PUSH_PROMISE frames must be sent in increasing order by stream ID, so
  6426  	// we allocate an ID for the promised stream lazily, when the PUSH_PROMISE
  6427  	// is written. Once the ID is allocated, we start the request handler.
  6428  	allocatePromisedID := func() (uint32, error) {
  6429  		sc.serveG.check()
  6430  
  6431  		// Check this again, just in case. Technically, we might have received
  6432  		// an updated SETTINGS by the time we got around to writing this frame.
  6433  		if !sc.pushEnabled {
  6434  			return 0, ErrNotSupported
  6435  		}
  6436  		// http://tools.ietf.org/html/rfc7540#section-6.5.2.
  6437  		if sc.curPushedStreams+1 > sc.clientMaxStreams {
  6438  			return 0, http2ErrPushLimitReached
  6439  		}
  6440  
  6441  		// http://tools.ietf.org/html/rfc7540#section-5.1.1.
  6442  		// Streams initiated by the server MUST use even-numbered identifiers.
  6443  		// A server that is unable to establish a new stream identifier can send a GOAWAY
  6444  		// frame so that the client is forced to open a new connection for new streams.
  6445  		if sc.maxPushPromiseID+2 >= 1<<31 {
  6446  			sc.startGracefulShutdownInternal()
  6447  			return 0, http2ErrPushLimitReached
  6448  		}
  6449  		sc.maxPushPromiseID += 2
  6450  		promisedID := sc.maxPushPromiseID
  6451  
  6452  		// http://tools.ietf.org/html/rfc7540#section-8.2.
  6453  		// Strictly speaking, the new stream should start in "reserved (local)", then
  6454  		// transition to "half closed (remote)" after sending the initial HEADERS, but
  6455  		// we start in "half closed (remote)" for simplicity.
  6456  		// See further comments at the definition of stateHalfClosedRemote.
  6457  		promised := sc.newStream(promisedID, msg.parent.id, http2stateHalfClosedRemote)
  6458  		rw, req, err := sc.newWriterAndRequestNoBody(promised, http2requestParam{
  6459  			method:    msg.method,
  6460  			scheme:    msg.url.Scheme,
  6461  			authority: msg.url.Host,
  6462  			path:      msg.url.RequestURI(),
  6463  			header:    http2cloneHeader(msg.header), // clone since handler runs concurrently with writing the PUSH_PROMISE
  6464  		})
  6465  		if err != nil {
  6466  			// Should not happen, since we've already validated msg.url.
  6467  			panic(fmt.Sprintf("newWriterAndRequestNoBody(%+v): %v", msg.url, err))
  6468  		}
  6469  
  6470  		go sc.runHandler(rw, req, sc.handler.ServeHTTP)
  6471  		return promisedID, nil
  6472  	}
  6473  
  6474  	sc.writeFrame(http2FrameWriteRequest{
  6475  		write: &http2writePushPromise{
  6476  			streamID:           msg.parent.id,
  6477  			method:             msg.method,
  6478  			url:                msg.url,
  6479  			h:                  msg.header,
  6480  			allocatePromisedID: allocatePromisedID,
  6481  		},
  6482  		stream: msg.parent,
  6483  		done:   msg.done,
  6484  	})
  6485  }
  6486  
  6487  // foreachHeaderElement splits v according to the "#rule" construction
  6488  // in RFC 2616 section 2.1 and calls fn for each non-empty element.
  6489  func http2foreachHeaderElement(v string, fn func(string)) {
  6490  	v = textproto.TrimString(v)
  6491  	if v == "" {
  6492  		return
  6493  	}
  6494  	if !strings.Contains(v, ",") {
  6495  		fn(v)
  6496  		return
  6497  	}
  6498  	for _, f := range strings.Split(v, ",") {
  6499  		if f = textproto.TrimString(f); f != "" {
  6500  			fn(f)
  6501  		}
  6502  	}
  6503  }
  6504  
  6505  // From http://httpwg.org/specs/rfc7540.html#rfc.section.8.1.2.2
  6506  var http2connHeaders = []string{
  6507  	"Connection",
  6508  	"Keep-Alive",
  6509  	"Proxy-Connection",
  6510  	"Transfer-Encoding",
  6511  	"Upgrade",
  6512  }
  6513  
  6514  // checkValidHTTP2RequestHeaders checks whether h is a valid HTTP/2 request,
  6515  // per RFC 7540 Section 8.1.2.2.
  6516  // The returned error is reported to users.
  6517  func http2checkValidHTTP2RequestHeaders(h Header) error {
  6518  	for _, k := range http2connHeaders {
  6519  		if _, ok := h[k]; ok {
  6520  			return fmt.Errorf("request header %q is not valid in HTTP/2", k)
  6521  		}
  6522  	}
  6523  	te := h["Te"]
  6524  	if len(te) > 0 && (len(te) > 1 || (te[0] != "trailers" && te[0] != "")) {
  6525  		return errors.New(`request header "TE" may only be "trailers" in HTTP/2`)
  6526  	}
  6527  	return nil
  6528  }
  6529  
  6530  func http2new400Handler(err error) HandlerFunc {
  6531  	return func(w ResponseWriter, r *Request) {
  6532  		Error(w, err.Error(), StatusBadRequest)
  6533  	}
  6534  }
  6535  
  6536  // ValidTrailerHeader reports whether name is a valid header field name to appear
  6537  // in trailers.
  6538  // See: http://tools.ietf.org/html/rfc7230#section-4.1.2
  6539  func http2ValidTrailerHeader(name string) bool {
  6540  	name = CanonicalHeaderKey(name)
  6541  	if strings.HasPrefix(name, "If-") || http2badTrailer[name] {
  6542  		return false
  6543  	}
  6544  	return true
  6545  }
  6546  
  6547  var http2badTrailer = map[string]bool{
  6548  	"Authorization":       true,
  6549  	"Cache-Control":       true,
  6550  	"Connection":          true,
  6551  	"Content-Encoding":    true,
  6552  	"Content-Length":      true,
  6553  	"Content-Range":       true,
  6554  	"Content-Type":        true,
  6555  	"Expect":              true,
  6556  	"Host":                true,
  6557  	"Keep-Alive":          true,
  6558  	"Max-Forwards":        true,
  6559  	"Pragma":              true,
  6560  	"Proxy-Authenticate":  true,
  6561  	"Proxy-Authorization": true,
  6562  	"Proxy-Connection":    true,
  6563  	"Range":               true,
  6564  	"Realm":               true,
  6565  	"Te":                  true,
  6566  	"Trailer":             true,
  6567  	"Transfer-Encoding":   true,
  6568  	"Www-Authenticate":    true,
  6569  }
  6570  
  6571  // h1ServerKeepAlivesDisabled reports whether hs has its keep-alives
  6572  // disabled. See comments on h1ServerShutdownChan above for why
  6573  // the code is written this way.
  6574  func http2h1ServerKeepAlivesDisabled(hs *Server) bool {
  6575  	var x interface{} = hs
  6576  	type I interface {
  6577  		doKeepAlives() bool
  6578  	}
  6579  	if hs, ok := x.(I); ok {
  6580  		return !hs.doKeepAlives()
  6581  	}
  6582  	return false
  6583  }
  6584  
  6585  const (
  6586  	// transportDefaultConnFlow is how many connection-level flow control
  6587  	// tokens we give the server at start-up, past the default 64k.
  6588  	http2transportDefaultConnFlow = 1 << 30
  6589  
  6590  	// transportDefaultStreamFlow is how many stream-level flow
  6591  	// control tokens we announce to the peer, and how many bytes
  6592  	// we buffer per stream.
  6593  	http2transportDefaultStreamFlow = 4 << 20
  6594  
  6595  	// transportDefaultStreamMinRefresh is the minimum number of bytes we'll send
  6596  	// a stream-level WINDOW_UPDATE for at a time.
  6597  	http2transportDefaultStreamMinRefresh = 4 << 10
  6598  
  6599  	http2defaultUserAgent = "Go-http-client/2.0"
  6600  )
  6601  
  6602  // Transport is an HTTP/2 Transport.
  6603  //
  6604  // A Transport internally caches connections to servers. It is safe
  6605  // for concurrent use by multiple goroutines.
  6606  type http2Transport struct {
  6607  	// DialTLS specifies an optional dial function for creating
  6608  	// TLS connections for requests.
  6609  	//
  6610  	// If DialTLS is nil, tls.Dial is used.
  6611  	//
  6612  	// If the returned net.Conn has a ConnectionState method like tls.Conn,
  6613  	// it will be used to set http.Response.TLS.
  6614  	DialTLS func(network, addr string, cfg *tls.Config) (net.Conn, error)
  6615  
  6616  	// TLSClientConfig specifies the TLS configuration to use with
  6617  	// tls.Client. If nil, the default configuration is used.
  6618  	TLSClientConfig *tls.Config
  6619  
  6620  	// ConnPool optionally specifies an alternate connection pool to use.
  6621  	// If nil, the default is used.
  6622  	ConnPool http2ClientConnPool
  6623  
  6624  	// DisableCompression, if true, prevents the Transport from
  6625  	// requesting compression with an "Accept-Encoding: gzip"
  6626  	// request header when the Request contains no existing
  6627  	// Accept-Encoding value. If the Transport requests gzip on
  6628  	// its own and gets a gzipped response, it's transparently
  6629  	// decoded in the Response.Body. However, if the user
  6630  	// explicitly requested gzip it is not automatically
  6631  	// uncompressed.
  6632  	DisableCompression bool
  6633  
  6634  	// AllowHTTP, if true, permits HTTP/2 requests using the insecure,
  6635  	// plain-text "http" scheme. Note that this does not enable h2c support.
  6636  	AllowHTTP bool
  6637  
  6638  	// MaxHeaderListSize is the http2 SETTINGS_MAX_HEADER_LIST_SIZE to
  6639  	// send in the initial settings frame. It is how many bytes
  6640  	// of response headers are allowed. Unlike the http2 spec, zero here
  6641  	// means to use a default limit (currently 10MB). If you actually
  6642  	// want to advertise an ulimited value to the peer, Transport
  6643  	// interprets the highest possible value here (0xffffffff or 1<<32-1)
  6644  	// to mean no limit.
  6645  	MaxHeaderListSize uint32
  6646  
  6647  	// t1, if non-nil, is the standard library Transport using
  6648  	// this transport. Its settings are used (but not its
  6649  	// RoundTrip method, etc).
  6650  	t1 *Transport
  6651  
  6652  	connPoolOnce  sync.Once
  6653  	connPoolOrDef http2ClientConnPool // non-nil version of ConnPool
  6654  }
  6655  
  6656  func (t *http2Transport) maxHeaderListSize() uint32 {
  6657  	if t.MaxHeaderListSize == 0 {
  6658  		return 10 << 20
  6659  	}
  6660  	if t.MaxHeaderListSize == 0xffffffff {
  6661  		return 0
  6662  	}
  6663  	return t.MaxHeaderListSize
  6664  }
  6665  
  6666  func (t *http2Transport) disableCompression() bool {
  6667  	return t.DisableCompression || (t.t1 != nil && t.t1.DisableCompression)
  6668  }
  6669  
  6670  var http2errTransportVersion = errors.New("http2: ConfigureTransport is only supported starting at Go 1.6")
  6671  
  6672  // ConfigureTransport configures a net/http HTTP/1 Transport to use HTTP/2.
  6673  // It requires Go 1.6 or later and returns an error if the net/http package is too old
  6674  // or if t1 has already been HTTP/2-enabled.
  6675  func http2ConfigureTransport(t1 *Transport) error {
  6676  	_, err := http2configureTransport(t1) // in configure_transport.go (go1.6) or not_go16.go
  6677  	return err
  6678  }
  6679  
  6680  func (t *http2Transport) connPool() http2ClientConnPool {
  6681  	t.connPoolOnce.Do(t.initConnPool)
  6682  	return t.connPoolOrDef
  6683  }
  6684  
  6685  func (t *http2Transport) initConnPool() {
  6686  	if t.ConnPool != nil {
  6687  		t.connPoolOrDef = t.ConnPool
  6688  	} else {
  6689  		t.connPoolOrDef = &http2clientConnPool{t: t}
  6690  	}
  6691  }
  6692  
  6693  // ClientConn is the state of a single HTTP/2 client connection to an
  6694  // HTTP/2 server.
  6695  type http2ClientConn struct {
  6696  	t         *http2Transport
  6697  	tconn     net.Conn             // usually *tls.Conn, except specialized impls
  6698  	tlsState  *tls.ConnectionState // nil only for specialized impls
  6699  	singleUse bool                 // whether being used for a single http.Request
  6700  
  6701  	// readLoop goroutine fields:
  6702  	readerDone chan struct{} // closed on error
  6703  	readerErr  error         // set before readerDone is closed
  6704  
  6705  	idleTimeout time.Duration // or 0 for never
  6706  	idleTimer   *time.Timer
  6707  
  6708  	mu              sync.Mutex // guards following
  6709  	cond            *sync.Cond // hold mu; broadcast on flow/closed changes
  6710  	flow            http2flow  // our conn-level flow control quota (cs.flow is per stream)
  6711  	inflow          http2flow  // peer's conn-level flow control
  6712  	closed          bool
  6713  	wantSettingsAck bool                          // we sent a SETTINGS frame and haven't heard back
  6714  	goAway          *http2GoAwayFrame             // if non-nil, the GoAwayFrame we received
  6715  	goAwayDebug     string                        // goAway frame's debug data, retained as a string
  6716  	streams         map[uint32]*http2clientStream // client-initiated
  6717  	nextStreamID    uint32
  6718  	pendingRequests int                       // requests blocked and waiting to be sent because len(streams) == maxConcurrentStreams
  6719  	pings           map[[8]byte]chan struct{} // in flight ping data to notification channel
  6720  	bw              *bufio.Writer
  6721  	br              *bufio.Reader
  6722  	fr              *http2Framer
  6723  	lastActive      time.Time
  6724  	// Settings from peer: (also guarded by mu)
  6725  	maxFrameSize          uint32
  6726  	maxConcurrentStreams  uint32
  6727  	peerMaxHeaderListSize uint64
  6728  	initialWindowSize     uint32
  6729  
  6730  	hbuf    bytes.Buffer // HPACK encoder writes into this
  6731  	henc    *hpack.Encoder
  6732  	freeBuf [][]byte
  6733  
  6734  	wmu  sync.Mutex // held while writing; acquire AFTER mu if holding both
  6735  	werr error      // first write error that has occurred
  6736  }
  6737  
  6738  // clientStream is the state for a single HTTP/2 stream. One of these
  6739  // is created for each Transport.RoundTrip call.
  6740  type http2clientStream struct {
  6741  	cc            *http2ClientConn
  6742  	req           *Request
  6743  	trace         *http2clientTrace // or nil
  6744  	ID            uint32
  6745  	resc          chan http2resAndError
  6746  	bufPipe       http2pipe // buffered pipe with the flow-controlled response payload
  6747  	startedWrite  bool      // started request body write; guarded by cc.mu
  6748  	requestedGzip bool
  6749  	on100         func() // optional code to run if get a 100 continue response
  6750  
  6751  	flow        http2flow // guarded by cc.mu
  6752  	inflow      http2flow // guarded by cc.mu
  6753  	bytesRemain int64     // -1 means unknown; owned by transportResponseBody.Read
  6754  	readErr     error     // sticky read error; owned by transportResponseBody.Read
  6755  	stopReqBody error     // if non-nil, stop writing req body; guarded by cc.mu
  6756  	didReset    bool      // whether we sent a RST_STREAM to the server; guarded by cc.mu
  6757  
  6758  	peerReset chan struct{} // closed on peer reset
  6759  	resetErr  error         // populated before peerReset is closed
  6760  
  6761  	done chan struct{} // closed when stream remove from cc.streams map; close calls guarded by cc.mu
  6762  
  6763  	// owned by clientConnReadLoop:
  6764  	firstByte    bool // got the first response byte
  6765  	pastHeaders  bool // got first MetaHeadersFrame (actual headers)
  6766  	pastTrailers bool // got optional second MetaHeadersFrame (trailers)
  6767  
  6768  	trailer    Header  // accumulated trailers
  6769  	resTrailer *Header // client's Response.Trailer
  6770  }
  6771  
  6772  // awaitRequestCancel waits for the user to cancel a request or for the done
  6773  // channel to be signaled. A non-nil error is returned only if the request was
  6774  // canceled.
  6775  func http2awaitRequestCancel(req *Request, done <-chan struct{}) error {
  6776  	ctx := http2reqContext(req)
  6777  	if req.Cancel == nil && ctx.Done() == nil {
  6778  		return nil
  6779  	}
  6780  	select {
  6781  	case <-req.Cancel:
  6782  		return http2errRequestCanceled
  6783  	case <-ctx.Done():
  6784  		return ctx.Err()
  6785  	case <-done:
  6786  		return nil
  6787  	}
  6788  }
  6789  
  6790  // awaitRequestCancel waits for the user to cancel a request, its context to
  6791  // expire, or for the request to be done (any way it might be removed from the
  6792  // cc.streams map: peer reset, successful completion, TCP connection breakage,
  6793  // etc). If the request is canceled, then cs will be canceled and closed.
  6794  func (cs *http2clientStream) awaitRequestCancel(req *Request) {
  6795  	if err := http2awaitRequestCancel(req, cs.done); err != nil {
  6796  		cs.cancelStream()
  6797  		cs.bufPipe.CloseWithError(err)
  6798  	}
  6799  }
  6800  
  6801  func (cs *http2clientStream) cancelStream() {
  6802  	cc := cs.cc
  6803  	cc.mu.Lock()
  6804  	didReset := cs.didReset
  6805  	cs.didReset = true
  6806  	cc.mu.Unlock()
  6807  
  6808  	if !didReset {
  6809  		cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil)
  6810  		cc.forgetStreamID(cs.ID)
  6811  	}
  6812  }
  6813  
  6814  // checkResetOrDone reports any error sent in a RST_STREAM frame by the
  6815  // server, or errStreamClosed if the stream is complete.
  6816  func (cs *http2clientStream) checkResetOrDone() error {
  6817  	select {
  6818  	case <-cs.peerReset:
  6819  		return cs.resetErr
  6820  	case <-cs.done:
  6821  		return http2errStreamClosed
  6822  	default:
  6823  		return nil
  6824  	}
  6825  }
  6826  
  6827  func (cs *http2clientStream) getStartedWrite() bool {
  6828  	cc := cs.cc
  6829  	cc.mu.Lock()
  6830  	defer cc.mu.Unlock()
  6831  	return cs.startedWrite
  6832  }
  6833  
  6834  func (cs *http2clientStream) abortRequestBodyWrite(err error) {
  6835  	if err == nil {
  6836  		panic("nil error")
  6837  	}
  6838  	cc := cs.cc
  6839  	cc.mu.Lock()
  6840  	cs.stopReqBody = err
  6841  	cc.cond.Broadcast()
  6842  	cc.mu.Unlock()
  6843  }
  6844  
  6845  type http2stickyErrWriter struct {
  6846  	w   io.Writer
  6847  	err *error
  6848  }
  6849  
  6850  func (sew http2stickyErrWriter) Write(p []byte) (n int, err error) {
  6851  	if *sew.err != nil {
  6852  		return 0, *sew.err
  6853  	}
  6854  	n, err = sew.w.Write(p)
  6855  	*sew.err = err
  6856  	return
  6857  }
  6858  
  6859  // noCachedConnError is the concrete type of ErrNoCachedConn, needs to be detected
  6860  // by net/http regardless of whether it's its bundled version (in h2_bundle.go with a rewritten type name)
  6861  // or from a user's x/net/http2. As such, as it has a unique method name (IsHTTP2NoCachedConnError) that
  6862  // net/http sniffs for via func isNoCachedConnError.
  6863  type http2noCachedConnError struct{}
  6864  
  6865  func (http2noCachedConnError) IsHTTP2NoCachedConnError() {}
  6866  
  6867  func (http2noCachedConnError) Error() string { return "http2: no cached connection was available" }
  6868  
  6869  // isNoCachedConnError reports whether err is of type noCachedConnError
  6870  // or its equivalent renamed type in net/http2's h2_bundle.go. Both types
  6871  // may coexist in the same running program.
  6872  func http2isNoCachedConnError(err error) bool {
  6873  	_, ok := err.(interface {
  6874  		IsHTTP2NoCachedConnError()
  6875  	})
  6876  	return ok
  6877  }
  6878  
  6879  var http2ErrNoCachedConn error = http2noCachedConnError{}
  6880  
  6881  // RoundTripOpt are options for the Transport.RoundTripOpt method.
  6882  type http2RoundTripOpt struct {
  6883  	// OnlyCachedConn controls whether RoundTripOpt may
  6884  	// create a new TCP connection. If set true and
  6885  	// no cached connection is available, RoundTripOpt
  6886  	// will return ErrNoCachedConn.
  6887  	OnlyCachedConn bool
  6888  }
  6889  
  6890  func (t *http2Transport) RoundTrip(req *Request) (*Response, error) {
  6891  	return t.RoundTripOpt(req, http2RoundTripOpt{})
  6892  }
  6893  
  6894  // authorityAddr returns a given authority (a host/IP, or host:port / ip:port)
  6895  // and returns a host:port. The port 443 is added if needed.
  6896  func http2authorityAddr(scheme string, authority string) (addr string) {
  6897  	host, port, err := net.SplitHostPort(authority)
  6898  	if err != nil { // authority didn't have a port
  6899  		port = "443"
  6900  		if scheme == "http" {
  6901  			port = "80"
  6902  		}
  6903  		host = authority
  6904  	}
  6905  	if a, err := idna.ToASCII(host); err == nil {
  6906  		host = a
  6907  	}
  6908  	// IPv6 address literal, without a port:
  6909  	if strings.HasPrefix(host, "[") && strings.HasSuffix(host, "]") {
  6910  		return host + ":" + port
  6911  	}
  6912  	return net.JoinHostPort(host, port)
  6913  }
  6914  
  6915  // RoundTripOpt is like RoundTrip, but takes options.
  6916  func (t *http2Transport) RoundTripOpt(req *Request, opt http2RoundTripOpt) (*Response, error) {
  6917  	if !(req.URL.Scheme == "https" || (req.URL.Scheme == "http" && t.AllowHTTP)) {
  6918  		return nil, errors.New("http2: unsupported scheme")
  6919  	}
  6920  
  6921  	addr := http2authorityAddr(req.URL.Scheme, req.URL.Host)
  6922  	for retry := 0; ; retry++ {
  6923  		cc, err := t.connPool().GetClientConn(req, addr)
  6924  		if err != nil {
  6925  			t.vlogf("http2: Transport failed to get client conn for %s: %v", addr, err)
  6926  			return nil, err
  6927  		}
  6928  		http2traceGotConn(req, cc)
  6929  		res, gotErrAfterReqBodyWrite, err := cc.roundTrip(req)
  6930  		if err != nil && retry <= 6 {
  6931  			if req, err = http2shouldRetryRequest(req, err, gotErrAfterReqBodyWrite); err == nil {
  6932  				// After the first retry, do exponential backoff with 10% jitter.
  6933  				if retry == 0 {
  6934  					continue
  6935  				}
  6936  				backoff := float64(uint(1) << (uint(retry) - 1))
  6937  				backoff += backoff * (0.1 * mathrand.Float64())
  6938  				select {
  6939  				case <-time.After(time.Second * time.Duration(backoff)):
  6940  					continue
  6941  				case <-http2reqContext(req).Done():
  6942  					return nil, http2reqContext(req).Err()
  6943  				}
  6944  			}
  6945  		}
  6946  		if err != nil {
  6947  			t.vlogf("RoundTrip failure: %v", err)
  6948  			return nil, err
  6949  		}
  6950  		return res, nil
  6951  	}
  6952  }
  6953  
  6954  // CloseIdleConnections closes any connections which were previously
  6955  // connected from previous requests but are now sitting idle.
  6956  // It does not interrupt any connections currently in use.
  6957  func (t *http2Transport) CloseIdleConnections() {
  6958  	if cp, ok := t.connPool().(http2clientConnPoolIdleCloser); ok {
  6959  		cp.closeIdleConnections()
  6960  	}
  6961  }
  6962  
  6963  var (
  6964  	http2errClientConnClosed    = errors.New("http2: client conn is closed")
  6965  	http2errClientConnUnusable  = errors.New("http2: client conn not usable")
  6966  	http2errClientConnGotGoAway = errors.New("http2: Transport received Server's graceful shutdown GOAWAY")
  6967  )
  6968  
  6969  // shouldRetryRequest is called by RoundTrip when a request fails to get
  6970  // response headers. It is always called with a non-nil error.
  6971  // It returns either a request to retry (either the same request, or a
  6972  // modified clone), or an error if the request can't be replayed.
  6973  func http2shouldRetryRequest(req *Request, err error, afterBodyWrite bool) (*Request, error) {
  6974  	if !http2canRetryError(err) {
  6975  		return nil, err
  6976  	}
  6977  	if !afterBodyWrite {
  6978  		return req, nil
  6979  	}
  6980  	// If the Body is nil (or http.NoBody), it's safe to reuse
  6981  	// this request and its Body.
  6982  	if req.Body == nil || http2reqBodyIsNoBody(req.Body) {
  6983  		return req, nil
  6984  	}
  6985  	// Otherwise we depend on the Request having its GetBody
  6986  	// func defined.
  6987  	getBody := http2reqGetBody(req) // Go 1.8: getBody = req.GetBody
  6988  	if getBody == nil {
  6989  		return nil, fmt.Errorf("http2: Transport: cannot retry err [%v] after Request.Body was written; define Request.GetBody to avoid this error", err)
  6990  	}
  6991  	body, err := getBody()
  6992  	if err != nil {
  6993  		return nil, err
  6994  	}
  6995  	newReq := *req
  6996  	newReq.Body = body
  6997  	return &newReq, nil
  6998  }
  6999  
  7000  func http2canRetryError(err error) bool {
  7001  	if err == http2errClientConnUnusable || err == http2errClientConnGotGoAway {
  7002  		return true
  7003  	}
  7004  	if se, ok := err.(http2StreamError); ok {
  7005  		return se.Code == http2ErrCodeRefusedStream
  7006  	}
  7007  	return false
  7008  }
  7009  
  7010  func (t *http2Transport) dialClientConn(addr string, singleUse bool) (*http2ClientConn, error) {
  7011  	host, _, err := net.SplitHostPort(addr)
  7012  	if err != nil {
  7013  		return nil, err
  7014  	}
  7015  	tconn, err := t.dialTLS()("tcp", addr, t.newTLSConfig(host))
  7016  	if err != nil {
  7017  		return nil, err
  7018  	}
  7019  	return t.newClientConn(tconn, singleUse)
  7020  }
  7021  
  7022  func (t *http2Transport) newTLSConfig(host string) *tls.Config {
  7023  	cfg := new(tls.Config)
  7024  	if t.TLSClientConfig != nil {
  7025  		*cfg = *http2cloneTLSConfig(t.TLSClientConfig)
  7026  	}
  7027  	if !http2strSliceContains(cfg.NextProtos, http2NextProtoTLS) {
  7028  		cfg.NextProtos = append([]string{http2NextProtoTLS}, cfg.NextProtos...)
  7029  	}
  7030  	if cfg.ServerName == "" {
  7031  		cfg.ServerName = host
  7032  	}
  7033  	return cfg
  7034  }
  7035  
  7036  func (t *http2Transport) dialTLS() func(string, string, *tls.Config) (net.Conn, error) {
  7037  	if t.DialTLS != nil {
  7038  		return t.DialTLS
  7039  	}
  7040  	return t.dialTLSDefault
  7041  }
  7042  
  7043  func (t *http2Transport) dialTLSDefault(network, addr string, cfg *tls.Config) (net.Conn, error) {
  7044  	cn, err := tls.Dial(network, addr, cfg)
  7045  	if err != nil {
  7046  		return nil, err
  7047  	}
  7048  	if err := cn.Handshake(); err != nil {
  7049  		return nil, err
  7050  	}
  7051  	if !cfg.InsecureSkipVerify {
  7052  		if err := cn.VerifyHostname(cfg.ServerName); err != nil {
  7053  			return nil, err
  7054  		}
  7055  	}
  7056  	state := cn.ConnectionState()
  7057  	if p := state.NegotiatedProtocol; p != http2NextProtoTLS {
  7058  		return nil, fmt.Errorf("http2: unexpected ALPN protocol %q; want %q", p, http2NextProtoTLS)
  7059  	}
  7060  	if !state.NegotiatedProtocolIsMutual {
  7061  		return nil, errors.New("http2: could not negotiate protocol mutually")
  7062  	}
  7063  	return cn, nil
  7064  }
  7065  
  7066  // disableKeepAlives reports whether connections should be closed as
  7067  // soon as possible after handling the first request.
  7068  func (t *http2Transport) disableKeepAlives() bool {
  7069  	return t.t1 != nil && t.t1.DisableKeepAlives
  7070  }
  7071  
  7072  func (t *http2Transport) expectContinueTimeout() time.Duration {
  7073  	if t.t1 == nil {
  7074  		return 0
  7075  	}
  7076  	return http2transportExpectContinueTimeout(t.t1)
  7077  }
  7078  
  7079  func (t *http2Transport) NewClientConn(c net.Conn) (*http2ClientConn, error) {
  7080  	return t.newClientConn(c, false)
  7081  }
  7082  
  7083  func (t *http2Transport) newClientConn(c net.Conn, singleUse bool) (*http2ClientConn, error) {
  7084  	cc := &http2ClientConn{
  7085  		t:                     t,
  7086  		tconn:                 c,
  7087  		readerDone:            make(chan struct{}),
  7088  		nextStreamID:          1,
  7089  		maxFrameSize:          16 << 10,           // spec default
  7090  		initialWindowSize:     65535,              // spec default
  7091  		maxConcurrentStreams:  1000,               // "infinite", per spec. 1000 seems good enough.
  7092  		peerMaxHeaderListSize: 0xffffffffffffffff, // "infinite", per spec. Use 2^64-1 instead.
  7093  		streams:               make(map[uint32]*http2clientStream),
  7094  		singleUse:             singleUse,
  7095  		wantSettingsAck:       true,
  7096  		pings:                 make(map[[8]byte]chan struct{}),
  7097  	}
  7098  	if d := t.idleConnTimeout(); d != 0 {
  7099  		cc.idleTimeout = d
  7100  		cc.idleTimer = time.AfterFunc(d, cc.onIdleTimeout)
  7101  	}
  7102  	if http2VerboseLogs {
  7103  		t.vlogf("http2: Transport creating client conn %p to %v", cc, c.RemoteAddr())
  7104  	}
  7105  
  7106  	cc.cond = sync.NewCond(&cc.mu)
  7107  	cc.flow.add(int32(http2initialWindowSize))
  7108  
  7109  	// TODO: adjust this writer size to account for frame size +
  7110  	// MTU + crypto/tls record padding.
  7111  	cc.bw = bufio.NewWriter(http2stickyErrWriter{c, &cc.werr})
  7112  	cc.br = bufio.NewReader(c)
  7113  	cc.fr = http2NewFramer(cc.bw, cc.br)
  7114  	cc.fr.ReadMetaHeaders = hpack.NewDecoder(http2initialHeaderTableSize, nil)
  7115  	cc.fr.MaxHeaderListSize = t.maxHeaderListSize()
  7116  
  7117  	// TODO: SetMaxDynamicTableSize, SetMaxDynamicTableSizeLimit on
  7118  	// henc in response to SETTINGS frames?
  7119  	cc.henc = hpack.NewEncoder(&cc.hbuf)
  7120  
  7121  	if cs, ok := c.(http2connectionStater); ok {
  7122  		state := cs.ConnectionState()
  7123  		cc.tlsState = &state
  7124  	}
  7125  
  7126  	initialSettings := []http2Setting{
  7127  		{ID: http2SettingEnablePush, Val: 0},
  7128  		{ID: http2SettingInitialWindowSize, Val: http2transportDefaultStreamFlow},
  7129  	}
  7130  	if max := t.maxHeaderListSize(); max != 0 {
  7131  		initialSettings = append(initialSettings, http2Setting{ID: http2SettingMaxHeaderListSize, Val: max})
  7132  	}
  7133  
  7134  	cc.bw.Write(http2clientPreface)
  7135  	cc.fr.WriteSettings(initialSettings...)
  7136  	cc.fr.WriteWindowUpdate(0, http2transportDefaultConnFlow)
  7137  	cc.inflow.add(http2transportDefaultConnFlow + http2initialWindowSize)
  7138  	cc.bw.Flush()
  7139  	if cc.werr != nil {
  7140  		return nil, cc.werr
  7141  	}
  7142  
  7143  	go cc.readLoop()
  7144  	return cc, nil
  7145  }
  7146  
  7147  func (cc *http2ClientConn) setGoAway(f *http2GoAwayFrame) {
  7148  	cc.mu.Lock()
  7149  	defer cc.mu.Unlock()
  7150  
  7151  	old := cc.goAway
  7152  	cc.goAway = f
  7153  
  7154  	// Merge the previous and current GoAway error frames.
  7155  	if cc.goAwayDebug == "" {
  7156  		cc.goAwayDebug = string(f.DebugData())
  7157  	}
  7158  	if old != nil && old.ErrCode != http2ErrCodeNo {
  7159  		cc.goAway.ErrCode = old.ErrCode
  7160  	}
  7161  	last := f.LastStreamID
  7162  	for streamID, cs := range cc.streams {
  7163  		if streamID > last {
  7164  			select {
  7165  			case cs.resc <- http2resAndError{err: http2errClientConnGotGoAway}:
  7166  			default:
  7167  			}
  7168  		}
  7169  	}
  7170  }
  7171  
  7172  // CanTakeNewRequest reports whether the connection can take a new request,
  7173  // meaning it has not been closed or received or sent a GOAWAY.
  7174  func (cc *http2ClientConn) CanTakeNewRequest() bool {
  7175  	cc.mu.Lock()
  7176  	defer cc.mu.Unlock()
  7177  	return cc.canTakeNewRequestLocked()
  7178  }
  7179  
  7180  func (cc *http2ClientConn) canTakeNewRequestLocked() bool {
  7181  	if cc.singleUse && cc.nextStreamID > 1 {
  7182  		return false
  7183  	}
  7184  	return cc.goAway == nil && !cc.closed &&
  7185  		int64(cc.nextStreamID)+int64(cc.pendingRequests) < math.MaxInt32
  7186  }
  7187  
  7188  // onIdleTimeout is called from a time.AfterFunc goroutine. It will
  7189  // only be called when we're idle, but because we're coming from a new
  7190  // goroutine, there could be a new request coming in at the same time,
  7191  // so this simply calls the synchronized closeIfIdle to shut down this
  7192  // connection. The timer could just call closeIfIdle, but this is more
  7193  // clear.
  7194  func (cc *http2ClientConn) onIdleTimeout() {
  7195  	cc.closeIfIdle()
  7196  }
  7197  
  7198  func (cc *http2ClientConn) closeIfIdle() {
  7199  	cc.mu.Lock()
  7200  	if len(cc.streams) > 0 {
  7201  		cc.mu.Unlock()
  7202  		return
  7203  	}
  7204  	cc.closed = true
  7205  	nextID := cc.nextStreamID
  7206  	// TODO: do clients send GOAWAY too? maybe? Just Close:
  7207  	cc.mu.Unlock()
  7208  
  7209  	if http2VerboseLogs {
  7210  		cc.vlogf("http2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)", cc, cc.singleUse, nextID-2)
  7211  	}
  7212  	cc.tconn.Close()
  7213  }
  7214  
  7215  const http2maxAllocFrameSize = 512 << 10
  7216  
  7217  // frameBuffer returns a scratch buffer suitable for writing DATA frames.
  7218  // They're capped at the min of the peer's max frame size or 512KB
  7219  // (kinda arbitrarily), but definitely capped so we don't allocate 4GB
  7220  // bufers.
  7221  func (cc *http2ClientConn) frameScratchBuffer() []byte {
  7222  	cc.mu.Lock()
  7223  	size := cc.maxFrameSize
  7224  	if size > http2maxAllocFrameSize {
  7225  		size = http2maxAllocFrameSize
  7226  	}
  7227  	for i, buf := range cc.freeBuf {
  7228  		if len(buf) >= int(size) {
  7229  			cc.freeBuf[i] = nil
  7230  			cc.mu.Unlock()
  7231  			return buf[:size]
  7232  		}
  7233  	}
  7234  	cc.mu.Unlock()
  7235  	return make([]byte, size)
  7236  }
  7237  
  7238  func (cc *http2ClientConn) putFrameScratchBuffer(buf []byte) {
  7239  	cc.mu.Lock()
  7240  	defer cc.mu.Unlock()
  7241  	const maxBufs = 4 // arbitrary; 4 concurrent requests per conn? investigate.
  7242  	if len(cc.freeBuf) < maxBufs {
  7243  		cc.freeBuf = append(cc.freeBuf, buf)
  7244  		return
  7245  	}
  7246  	for i, old := range cc.freeBuf {
  7247  		if old == nil {
  7248  			cc.freeBuf[i] = buf
  7249  			return
  7250  		}
  7251  	}
  7252  	// forget about it.
  7253  }
  7254  
  7255  // errRequestCanceled is a copy of net/http's errRequestCanceled because it's not
  7256  // exported. At least they'll be DeepEqual for h1-vs-h2 comparisons tests.
  7257  var http2errRequestCanceled = errors.New("net/http: request canceled")
  7258  
  7259  func http2commaSeparatedTrailers(req *Request) (string, error) {
  7260  	keys := make([]string, 0, len(req.Trailer))
  7261  	for k := range req.Trailer {
  7262  		k = CanonicalHeaderKey(k)
  7263  		switch k {
  7264  		case "Transfer-Encoding", "Trailer", "Content-Length":
  7265  			return "", &http2badStringError{"invalid Trailer key", k}
  7266  		}
  7267  		keys = append(keys, k)
  7268  	}
  7269  	if len(keys) > 0 {
  7270  		sort.Strings(keys)
  7271  		return strings.Join(keys, ","), nil
  7272  	}
  7273  	return "", nil
  7274  }
  7275  
  7276  func (cc *http2ClientConn) responseHeaderTimeout() time.Duration {
  7277  	if cc.t.t1 != nil {
  7278  		return cc.t.t1.ResponseHeaderTimeout
  7279  	}
  7280  	// No way to do this (yet?) with just an http2.Transport. Probably
  7281  	// no need. Request.Cancel this is the new way. We only need to support
  7282  	// this for compatibility with the old http.Transport fields when
  7283  	// we're doing transparent http2.
  7284  	return 0
  7285  }
  7286  
  7287  // checkConnHeaders checks whether req has any invalid connection-level headers.
  7288  // per RFC 7540 section 8.1.2.2: Connection-Specific Header Fields.
  7289  // Certain headers are special-cased as okay but not transmitted later.
  7290  func http2checkConnHeaders(req *Request) error {
  7291  	if v := req.Header.Get("Upgrade"); v != "" {
  7292  		return fmt.Errorf("http2: invalid Upgrade request header: %q", req.Header["Upgrade"])
  7293  	}
  7294  	if vv := req.Header["Transfer-Encoding"]; len(vv) > 0 && (len(vv) > 1 || vv[0] != "" && vv[0] != "chunked") {
  7295  		return fmt.Errorf("http2: invalid Transfer-Encoding request header: %q", vv)
  7296  	}
  7297  	if vv := req.Header["Connection"]; len(vv) > 0 && (len(vv) > 1 || vv[0] != "" && vv[0] != "close" && vv[0] != "keep-alive") {
  7298  		return fmt.Errorf("http2: invalid Connection request header: %q", vv)
  7299  	}
  7300  	return nil
  7301  }
  7302  
  7303  // actualContentLength returns a sanitized version of
  7304  // req.ContentLength, where 0 actually means zero (not unknown) and -1
  7305  // means unknown.
  7306  func http2actualContentLength(req *Request) int64 {
  7307  	if req.Body == nil || http2reqBodyIsNoBody(req.Body) {
  7308  		return 0
  7309  	}
  7310  	if req.ContentLength != 0 {
  7311  		return req.ContentLength
  7312  	}
  7313  	return -1
  7314  }
  7315  
  7316  func (cc *http2ClientConn) RoundTrip(req *Request) (*Response, error) {
  7317  	resp, _, err := cc.roundTrip(req)
  7318  	return resp, err
  7319  }
  7320  
  7321  func (cc *http2ClientConn) roundTrip(req *Request) (res *Response, gotErrAfterReqBodyWrite bool, err error) {
  7322  	if err := http2checkConnHeaders(req); err != nil {
  7323  		return nil, false, err
  7324  	}
  7325  	if cc.idleTimer != nil {
  7326  		cc.idleTimer.Stop()
  7327  	}
  7328  
  7329  	trailers, err := http2commaSeparatedTrailers(req)
  7330  	if err != nil {
  7331  		return nil, false, err
  7332  	}
  7333  	hasTrailers := trailers != ""
  7334  
  7335  	cc.mu.Lock()
  7336  	if err := cc.awaitOpenSlotForRequest(req); err != nil {
  7337  		cc.mu.Unlock()
  7338  		return nil, false, err
  7339  	}
  7340  
  7341  	body := req.Body
  7342  	contentLen := http2actualContentLength(req)
  7343  	hasBody := contentLen != 0
  7344  
  7345  	// TODO(bradfitz): this is a copy of the logic in net/http. Unify somewhere?
  7346  	var requestedGzip bool
  7347  	if !cc.t.disableCompression() &&
  7348  		req.Header.Get("Accept-Encoding") == "" &&
  7349  		req.Header.Get("Range") == "" &&
  7350  		req.Method != "HEAD" {
  7351  		// Request gzip only, not deflate. Deflate is ambiguous and
  7352  		// not as universally supported anyway.
  7353  		// See: http://www.gzip.org/zlib/zlib_faq.html#faq38
  7354  		//
  7355  		// Note that we don't request this for HEAD requests,
  7356  		// due to a bug in nginx:
  7357  		//   http://trac.nginx.org/nginx/ticket/358
  7358  		//   https://golang.org/issue/5522
  7359  		//
  7360  		// We don't request gzip if the request is for a range, since
  7361  		// auto-decoding a portion of a gzipped document will just fail
  7362  		// anyway. See https://golang.org/issue/8923
  7363  		requestedGzip = true
  7364  	}
  7365  
  7366  	// we send: HEADERS{1}, CONTINUATION{0,} + DATA{0,} (DATA is
  7367  	// sent by writeRequestBody below, along with any Trailers,
  7368  	// again in form HEADERS{1}, CONTINUATION{0,})
  7369  	hdrs, err := cc.encodeHeaders(req, requestedGzip, trailers, contentLen)
  7370  	if err != nil {
  7371  		cc.mu.Unlock()
  7372  		return nil, false, err
  7373  	}
  7374  
  7375  	cs := cc.newStream()
  7376  	cs.req = req
  7377  	cs.trace = http2requestTrace(req)
  7378  	cs.requestedGzip = requestedGzip
  7379  	bodyWriter := cc.t.getBodyWriterState(cs, body)
  7380  	cs.on100 = bodyWriter.on100
  7381  
  7382  	cc.wmu.Lock()
  7383  	endStream := !hasBody && !hasTrailers
  7384  	werr := cc.writeHeaders(cs.ID, endStream, int(cc.maxFrameSize), hdrs)
  7385  	cc.wmu.Unlock()
  7386  	http2traceWroteHeaders(cs.trace)
  7387  	cc.mu.Unlock()
  7388  
  7389  	if werr != nil {
  7390  		if hasBody {
  7391  			req.Body.Close() // per RoundTripper contract
  7392  			bodyWriter.cancel()
  7393  		}
  7394  		cc.forgetStreamID(cs.ID)
  7395  		// Don't bother sending a RST_STREAM (our write already failed;
  7396  		// no need to keep writing)
  7397  		http2traceWroteRequest(cs.trace, werr)
  7398  		return nil, false, werr
  7399  	}
  7400  
  7401  	var respHeaderTimer <-chan time.Time
  7402  	if hasBody {
  7403  		bodyWriter.scheduleBodyWrite()
  7404  	} else {
  7405  		http2traceWroteRequest(cs.trace, nil)
  7406  		if d := cc.responseHeaderTimeout(); d != 0 {
  7407  			timer := time.NewTimer(d)
  7408  			defer timer.Stop()
  7409  			respHeaderTimer = timer.C
  7410  		}
  7411  	}
  7412  
  7413  	readLoopResCh := cs.resc
  7414  	bodyWritten := false
  7415  	ctx := http2reqContext(req)
  7416  
  7417  	handleReadLoopResponse := func(re http2resAndError) (*Response, bool, error) {
  7418  		res := re.res
  7419  		if re.err != nil || res.StatusCode > 299 {
  7420  			// On error or status code 3xx, 4xx, 5xx, etc abort any
  7421  			// ongoing write, assuming that the server doesn't care
  7422  			// about our request body. If the server replied with 1xx or
  7423  			// 2xx, however, then assume the server DOES potentially
  7424  			// want our body (e.g. full-duplex streaming:
  7425  			// golang.org/issue/13444). If it turns out the server
  7426  			// doesn't, they'll RST_STREAM us soon enough. This is a
  7427  			// heuristic to avoid adding knobs to Transport. Hopefully
  7428  			// we can keep it.
  7429  			bodyWriter.cancel()
  7430  			cs.abortRequestBodyWrite(http2errStopReqBodyWrite)
  7431  		}
  7432  		if re.err != nil {
  7433  			cc.forgetStreamID(cs.ID)
  7434  			return nil, cs.getStartedWrite(), re.err
  7435  		}
  7436  		res.Request = req
  7437  		res.TLS = cc.tlsState
  7438  		return res, false, nil
  7439  	}
  7440  
  7441  	for {
  7442  		select {
  7443  		case re := <-readLoopResCh:
  7444  			return handleReadLoopResponse(re)
  7445  		case <-respHeaderTimer:
  7446  			if !hasBody || bodyWritten {
  7447  				cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil)
  7448  			} else {
  7449  				bodyWriter.cancel()
  7450  				cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel)
  7451  			}
  7452  			cc.forgetStreamID(cs.ID)
  7453  			return nil, cs.getStartedWrite(), http2errTimeout
  7454  		case <-ctx.Done():
  7455  			if !hasBody || bodyWritten {
  7456  				cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil)
  7457  			} else {
  7458  				bodyWriter.cancel()
  7459  				cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel)
  7460  			}
  7461  			cc.forgetStreamID(cs.ID)
  7462  			return nil, cs.getStartedWrite(), ctx.Err()
  7463  		case <-req.Cancel:
  7464  			if !hasBody || bodyWritten {
  7465  				cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil)
  7466  			} else {
  7467  				bodyWriter.cancel()
  7468  				cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel)
  7469  			}
  7470  			cc.forgetStreamID(cs.ID)
  7471  			return nil, cs.getStartedWrite(), http2errRequestCanceled
  7472  		case <-cs.peerReset:
  7473  			// processResetStream already removed the
  7474  			// stream from the streams map; no need for
  7475  			// forgetStreamID.
  7476  			return nil, cs.getStartedWrite(), cs.resetErr
  7477  		case err := <-bodyWriter.resc:
  7478  			// Prefer the read loop's response, if available. Issue 16102.
  7479  			select {
  7480  			case re := <-readLoopResCh:
  7481  				return handleReadLoopResponse(re)
  7482  			default:
  7483  			}
  7484  			if err != nil {
  7485  				return nil, cs.getStartedWrite(), err
  7486  			}
  7487  			bodyWritten = true
  7488  			if d := cc.responseHeaderTimeout(); d != 0 {
  7489  				timer := time.NewTimer(d)
  7490  				defer timer.Stop()
  7491  				respHeaderTimer = timer.C
  7492  			}
  7493  		}
  7494  	}
  7495  }
  7496  
  7497  // awaitOpenSlotForRequest waits until len(streams) < maxConcurrentStreams.
  7498  // Must hold cc.mu.
  7499  func (cc *http2ClientConn) awaitOpenSlotForRequest(req *Request) error {
  7500  	var waitingForConn chan struct{}
  7501  	var waitingForConnErr error // guarded by cc.mu
  7502  	for {
  7503  		cc.lastActive = time.Now()
  7504  		if cc.closed || !cc.canTakeNewRequestLocked() {
  7505  			return http2errClientConnUnusable
  7506  		}
  7507  		if int64(len(cc.streams))+1 <= int64(cc.maxConcurrentStreams) {
  7508  			if waitingForConn != nil {
  7509  				close(waitingForConn)
  7510  			}
  7511  			return nil
  7512  		}
  7513  		// Unfortunately, we cannot wait on a condition variable and channel at
  7514  		// the same time, so instead, we spin up a goroutine to check if the
  7515  		// request is canceled while we wait for a slot to open in the connection.
  7516  		if waitingForConn == nil {
  7517  			waitingForConn = make(chan struct{})
  7518  			go func() {
  7519  				if err := http2awaitRequestCancel(req, waitingForConn); err != nil {
  7520  					cc.mu.Lock()
  7521  					waitingForConnErr = err
  7522  					cc.cond.Broadcast()
  7523  					cc.mu.Unlock()
  7524  				}
  7525  			}()
  7526  		}
  7527  		cc.pendingRequests++
  7528  		cc.cond.Wait()
  7529  		cc.pendingRequests--
  7530  		if waitingForConnErr != nil {
  7531  			return waitingForConnErr
  7532  		}
  7533  	}
  7534  }
  7535  
  7536  // requires cc.wmu be held
  7537  func (cc *http2ClientConn) writeHeaders(streamID uint32, endStream bool, maxFrameSize int, hdrs []byte) error {
  7538  	first := true // first frame written (HEADERS is first, then CONTINUATION)
  7539  	for len(hdrs) > 0 && cc.werr == nil {
  7540  		chunk := hdrs
  7541  		if len(chunk) > maxFrameSize {
  7542  			chunk = chunk[:maxFrameSize]
  7543  		}
  7544  		hdrs = hdrs[len(chunk):]
  7545  		endHeaders := len(hdrs) == 0
  7546  		if first {
  7547  			cc.fr.WriteHeaders(http2HeadersFrameParam{
  7548  				StreamID:      streamID,
  7549  				BlockFragment: chunk,
  7550  				EndStream:     endStream,
  7551  				EndHeaders:    endHeaders,
  7552  			})
  7553  			first = false
  7554  		} else {
  7555  			cc.fr.WriteContinuation(streamID, endHeaders, chunk)
  7556  		}
  7557  	}
  7558  	// TODO(bradfitz): this Flush could potentially block (as
  7559  	// could the WriteHeaders call(s) above), which means they
  7560  	// wouldn't respond to Request.Cancel being readable. That's
  7561  	// rare, but this should probably be in a goroutine.
  7562  	cc.bw.Flush()
  7563  	return cc.werr
  7564  }
  7565  
  7566  // internal error values; they don't escape to callers
  7567  var (
  7568  	// abort request body write; don't send cancel
  7569  	http2errStopReqBodyWrite = errors.New("http2: aborting request body write")
  7570  
  7571  	// abort request body write, but send stream reset of cancel.
  7572  	http2errStopReqBodyWriteAndCancel = errors.New("http2: canceling request")
  7573  )
  7574  
  7575  func (cs *http2clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) (err error) {
  7576  	cc := cs.cc
  7577  	sentEnd := false // whether we sent the final DATA frame w/ END_STREAM
  7578  	buf := cc.frameScratchBuffer()
  7579  	defer cc.putFrameScratchBuffer(buf)
  7580  
  7581  	defer func() {
  7582  		http2traceWroteRequest(cs.trace, err)
  7583  		// TODO: write h12Compare test showing whether
  7584  		// Request.Body is closed by the Transport,
  7585  		// and in multiple cases: server replies <=299 and >299
  7586  		// while still writing request body
  7587  		cerr := bodyCloser.Close()
  7588  		if err == nil {
  7589  			err = cerr
  7590  		}
  7591  	}()
  7592  
  7593  	req := cs.req
  7594  	hasTrailers := req.Trailer != nil
  7595  
  7596  	var sawEOF bool
  7597  	for !sawEOF {
  7598  		n, err := body.Read(buf)
  7599  		if err == io.EOF {
  7600  			sawEOF = true
  7601  			err = nil
  7602  		} else if err != nil {
  7603  			return err
  7604  		}
  7605  
  7606  		remain := buf[:n]
  7607  		for len(remain) > 0 && err == nil {
  7608  			var allowed int32
  7609  			allowed, err = cs.awaitFlowControl(len(remain))
  7610  			switch {
  7611  			case err == http2errStopReqBodyWrite:
  7612  				return err
  7613  			case err == http2errStopReqBodyWriteAndCancel:
  7614  				cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil)
  7615  				return err
  7616  			case err != nil:
  7617  				return err
  7618  			}
  7619  			cc.wmu.Lock()
  7620  			data := remain[:allowed]
  7621  			remain = remain[allowed:]
  7622  			sentEnd = sawEOF && len(remain) == 0 && !hasTrailers
  7623  			err = cc.fr.WriteData(cs.ID, sentEnd, data)
  7624  			if err == nil {
  7625  				// TODO(bradfitz): this flush is for latency, not bandwidth.
  7626  				// Most requests won't need this. Make this opt-in or
  7627  				// opt-out?  Use some heuristic on the body type? Nagel-like
  7628  				// timers?  Based on 'n'? Only last chunk of this for loop,
  7629  				// unless flow control tokens are low? For now, always.
  7630  				// If we change this, see comment below.
  7631  				err = cc.bw.Flush()
  7632  			}
  7633  			cc.wmu.Unlock()
  7634  		}
  7635  		if err != nil {
  7636  			return err
  7637  		}
  7638  	}
  7639  
  7640  	if sentEnd {
  7641  		// Already sent END_STREAM (which implies we have no
  7642  		// trailers) and flushed, because currently all
  7643  		// WriteData frames above get a flush. So we're done.
  7644  		return nil
  7645  	}
  7646  
  7647  	var trls []byte
  7648  	if hasTrailers {
  7649  		cc.mu.Lock()
  7650  		trls, err = cc.encodeTrailers(req)
  7651  		cc.mu.Unlock()
  7652  		if err != nil {
  7653  			cc.writeStreamReset(cs.ID, http2ErrCodeInternal, err)
  7654  			cc.forgetStreamID(cs.ID)
  7655  			return err
  7656  		}
  7657  	}
  7658  
  7659  	cc.mu.Lock()
  7660  	maxFrameSize := int(cc.maxFrameSize)
  7661  	cc.mu.Unlock()
  7662  
  7663  	cc.wmu.Lock()
  7664  	defer cc.wmu.Unlock()
  7665  
  7666  	// Two ways to send END_STREAM: either with trailers, or
  7667  	// with an empty DATA frame.
  7668  	if len(trls) > 0 {
  7669  		err = cc.writeHeaders(cs.ID, true, maxFrameSize, trls)
  7670  	} else {
  7671  		err = cc.fr.WriteData(cs.ID, true, nil)
  7672  	}
  7673  	if ferr := cc.bw.Flush(); ferr != nil && err == nil {
  7674  		err = ferr
  7675  	}
  7676  	return err
  7677  }
  7678  
  7679  // awaitFlowControl waits for [1, min(maxBytes, cc.cs.maxFrameSize)] flow
  7680  // control tokens from the server.
  7681  // It returns either the non-zero number of tokens taken or an error
  7682  // if the stream is dead.
  7683  func (cs *http2clientStream) awaitFlowControl(maxBytes int) (taken int32, err error) {
  7684  	cc := cs.cc
  7685  	cc.mu.Lock()
  7686  	defer cc.mu.Unlock()
  7687  	for {
  7688  		if cc.closed {
  7689  			return 0, http2errClientConnClosed
  7690  		}
  7691  		if cs.stopReqBody != nil {
  7692  			return 0, cs.stopReqBody
  7693  		}
  7694  		if err := cs.checkResetOrDone(); err != nil {
  7695  			return 0, err
  7696  		}
  7697  		if a := cs.flow.available(); a > 0 {
  7698  			take := a
  7699  			if int(take) > maxBytes {
  7700  
  7701  				take = int32(maxBytes) // can't truncate int; take is int32
  7702  			}
  7703  			if take > int32(cc.maxFrameSize) {
  7704  				take = int32(cc.maxFrameSize)
  7705  			}
  7706  			cs.flow.take(take)
  7707  			return take, nil
  7708  		}
  7709  		cc.cond.Wait()
  7710  	}
  7711  }
  7712  
  7713  type http2badStringError struct {
  7714  	what string
  7715  	str  string
  7716  }
  7717  
  7718  func (e *http2badStringError) Error() string { return fmt.Sprintf("%s %q", e.what, e.str) }
  7719  
  7720  // requires cc.mu be held.
  7721  func (cc *http2ClientConn) encodeHeaders(req *Request, addGzipHeader bool, trailers string, contentLength int64) ([]byte, error) {
  7722  	cc.hbuf.Reset()
  7723  
  7724  	host := req.Host
  7725  	if host == "" {
  7726  		host = req.URL.Host
  7727  	}
  7728  	host, err := httplex.PunycodeHostPort(host)
  7729  	if err != nil {
  7730  		return nil, err
  7731  	}
  7732  
  7733  	var path string
  7734  	if req.Method != "CONNECT" {
  7735  		path = req.URL.RequestURI()
  7736  		if !http2validPseudoPath(path) {
  7737  			orig := path
  7738  			path = strings.TrimPrefix(path, req.URL.Scheme+"://"+host)
  7739  			if !http2validPseudoPath(path) {
  7740  				if req.URL.Opaque != "" {
  7741  					return nil, fmt.Errorf("invalid request :path %q from URL.Opaque = %q", orig, req.URL.Opaque)
  7742  				} else {
  7743  					return nil, fmt.Errorf("invalid request :path %q", orig)
  7744  				}
  7745  			}
  7746  		}
  7747  	}
  7748  
  7749  	// Check for any invalid headers and return an error before we
  7750  	// potentially pollute our hpack state. (We want to be able to
  7751  	// continue to reuse the hpack encoder for future requests)
  7752  	for k, vv := range req.Header {
  7753  		if !httplex.ValidHeaderFieldName(k) {
  7754  			return nil, fmt.Errorf("invalid HTTP header name %q", k)
  7755  		}
  7756  		for _, v := range vv {
  7757  			if !httplex.ValidHeaderFieldValue(v) {
  7758  				return nil, fmt.Errorf("invalid HTTP header value %q for header %q", v, k)
  7759  			}
  7760  		}
  7761  	}
  7762  
  7763  	enumerateHeaders := func(f func(name, value string)) {
  7764  		// 8.1.2.3 Request Pseudo-Header Fields
  7765  		// The :path pseudo-header field includes the path and query parts of the
  7766  		// target URI (the path-absolute production and optionally a '?' character
  7767  		// followed by the query production (see Sections 3.3 and 3.4 of
  7768  		// [RFC3986]).
  7769  		f(":authority", host)
  7770  		f(":method", req.Method)
  7771  		if req.Method != "CONNECT" {
  7772  			f(":path", path)
  7773  			f(":scheme", req.URL.Scheme)
  7774  		}
  7775  		if trailers != "" {
  7776  			f("trailer", trailers)
  7777  		}
  7778  
  7779  		var didUA bool
  7780  		for k, vv := range req.Header {
  7781  			if strings.EqualFold(k, "host") || strings.EqualFold(k, "content-length") {
  7782  				// Host is :authority, already sent.
  7783  				// Content-Length is automatic, set below.
  7784  				continue
  7785  			} else if strings.EqualFold(k, "connection") || strings.EqualFold(k, "proxy-connection") ||
  7786  				strings.EqualFold(k, "transfer-encoding") || strings.EqualFold(k, "upgrade") ||
  7787  				strings.EqualFold(k, "keep-alive") {
  7788  				// Per 8.1.2.2 Connection-Specific Header
  7789  				// Fields, don't send connection-specific
  7790  				// fields. We have already checked if any
  7791  				// are error-worthy so just ignore the rest.
  7792  				continue
  7793  			} else if strings.EqualFold(k, "user-agent") {
  7794  				// Match Go's http1 behavior: at most one
  7795  				// User-Agent. If set to nil or empty string,
  7796  				// then omit it. Otherwise if not mentioned,
  7797  				// include the default (below).
  7798  				didUA = true
  7799  				if len(vv) < 1 {
  7800  					continue
  7801  				}
  7802  				vv = vv[:1]
  7803  				if vv[0] == "" {
  7804  					continue
  7805  				}
  7806  
  7807  			}
  7808  
  7809  			for _, v := range vv {
  7810  				f(k, v)
  7811  			}
  7812  		}
  7813  		if http2shouldSendReqContentLength(req.Method, contentLength) {
  7814  			f("content-length", strconv.FormatInt(contentLength, 10))
  7815  		}
  7816  		if addGzipHeader {
  7817  			f("accept-encoding", "gzip")
  7818  		}
  7819  		if !didUA {
  7820  			f("user-agent", http2defaultUserAgent)
  7821  		}
  7822  	}
  7823  
  7824  	// Do a first pass over the headers counting bytes to ensure
  7825  	// we don't exceed cc.peerMaxHeaderListSize. This is done as a
  7826  	// separate pass before encoding the headers to prevent
  7827  	// modifying the hpack state.
  7828  	hlSize := uint64(0)
  7829  	enumerateHeaders(func(name, value string) {
  7830  		hf := hpack.HeaderField{Name: name, Value: value}
  7831  		hlSize += uint64(hf.Size())
  7832  	})
  7833  
  7834  	if hlSize > cc.peerMaxHeaderListSize {
  7835  		return nil, http2errRequestHeaderListSize
  7836  	}
  7837  
  7838  	// Header list size is ok. Write the headers.
  7839  	enumerateHeaders(func(name, value string) {
  7840  		cc.writeHeader(strings.ToLower(name), value)
  7841  	})
  7842  
  7843  	return cc.hbuf.Bytes(), nil
  7844  }
  7845  
  7846  // shouldSendReqContentLength reports whether the http2.Transport should send
  7847  // a "content-length" request header. This logic is basically a copy of the net/http
  7848  // transferWriter.shouldSendContentLength.
  7849  // The contentLength is the corrected contentLength (so 0 means actually 0, not unknown).
  7850  // -1 means unknown.
  7851  func http2shouldSendReqContentLength(method string, contentLength int64) bool {
  7852  	if contentLength > 0 {
  7853  		return true
  7854  	}
  7855  	if contentLength < 0 {
  7856  		return false
  7857  	}
  7858  	// For zero bodies, whether we send a content-length depends on the method.
  7859  	// It also kinda doesn't matter for http2 either way, with END_STREAM.
  7860  	switch method {
  7861  	case "POST", "PUT", "PATCH":
  7862  		return true
  7863  	default:
  7864  		return false
  7865  	}
  7866  }
  7867  
  7868  // requires cc.mu be held.
  7869  func (cc *http2ClientConn) encodeTrailers(req *Request) ([]byte, error) {
  7870  	cc.hbuf.Reset()
  7871  
  7872  	hlSize := uint64(0)
  7873  	for k, vv := range req.Trailer {
  7874  		for _, v := range vv {
  7875  			hf := hpack.HeaderField{Name: k, Value: v}
  7876  			hlSize += uint64(hf.Size())
  7877  		}
  7878  	}
  7879  	if hlSize > cc.peerMaxHeaderListSize {
  7880  		return nil, http2errRequestHeaderListSize
  7881  	}
  7882  
  7883  	for k, vv := range req.Trailer {
  7884  		// Transfer-Encoding, etc.. have already been filtered at the
  7885  		// start of RoundTrip
  7886  		lowKey := strings.ToLower(k)
  7887  		for _, v := range vv {
  7888  			cc.writeHeader(lowKey, v)
  7889  		}
  7890  	}
  7891  	return cc.hbuf.Bytes(), nil
  7892  }
  7893  
  7894  func (cc *http2ClientConn) writeHeader(name, value string) {
  7895  	if http2VerboseLogs {
  7896  		log.Printf("http2: Transport encoding header %q = %q", name, value)
  7897  	}
  7898  	cc.henc.WriteField(hpack.HeaderField{Name: name, Value: value})
  7899  }
  7900  
  7901  type http2resAndError struct {
  7902  	res *Response
  7903  	err error
  7904  }
  7905  
  7906  // requires cc.mu be held.
  7907  func (cc *http2ClientConn) newStream() *http2clientStream {
  7908  	cs := &http2clientStream{
  7909  		cc:        cc,
  7910  		ID:        cc.nextStreamID,
  7911  		resc:      make(chan http2resAndError, 1),
  7912  		peerReset: make(chan struct{}),
  7913  		done:      make(chan struct{}),
  7914  	}
  7915  	cs.flow.add(int32(cc.initialWindowSize))
  7916  	cs.flow.setConnFlow(&cc.flow)
  7917  	cs.inflow.add(http2transportDefaultStreamFlow)
  7918  	cs.inflow.setConnFlow(&cc.inflow)
  7919  	cc.nextStreamID += 2
  7920  	cc.streams[cs.ID] = cs
  7921  	return cs
  7922  }
  7923  
  7924  func (cc *http2ClientConn) forgetStreamID(id uint32) {
  7925  	cc.streamByID(id, true)
  7926  }
  7927  
  7928  func (cc *http2ClientConn) streamByID(id uint32, andRemove bool) *http2clientStream {
  7929  	cc.mu.Lock()
  7930  	defer cc.mu.Unlock()
  7931  	cs := cc.streams[id]
  7932  	if andRemove && cs != nil && !cc.closed {
  7933  		cc.lastActive = time.Now()
  7934  		delete(cc.streams, id)
  7935  		if len(cc.streams) == 0 && cc.idleTimer != nil {
  7936  			cc.idleTimer.Reset(cc.idleTimeout)
  7937  		}
  7938  		close(cs.done)
  7939  		// Wake up checkResetOrDone via clientStream.awaitFlowControl and
  7940  		// wake up RoundTrip if there is a pending request.
  7941  		cc.cond.Broadcast()
  7942  	}
  7943  	return cs
  7944  }
  7945  
  7946  // clientConnReadLoop is the state owned by the clientConn's frame-reading readLoop.
  7947  type http2clientConnReadLoop struct {
  7948  	cc            *http2ClientConn
  7949  	closeWhenIdle bool
  7950  }
  7951  
  7952  // readLoop runs in its own goroutine and reads and dispatches frames.
  7953  func (cc *http2ClientConn) readLoop() {
  7954  	rl := &http2clientConnReadLoop{cc: cc}
  7955  	defer rl.cleanup()
  7956  	cc.readerErr = rl.run()
  7957  	if ce, ok := cc.readerErr.(http2ConnectionError); ok {
  7958  		cc.wmu.Lock()
  7959  		cc.fr.WriteGoAway(0, http2ErrCode(ce), nil)
  7960  		cc.wmu.Unlock()
  7961  	}
  7962  }
  7963  
  7964  // GoAwayError is returned by the Transport when the server closes the
  7965  // TCP connection after sending a GOAWAY frame.
  7966  type http2GoAwayError struct {
  7967  	LastStreamID uint32
  7968  	ErrCode      http2ErrCode
  7969  	DebugData    string
  7970  }
  7971  
  7972  func (e http2GoAwayError) Error() string {
  7973  	return fmt.Sprintf("http2: server sent GOAWAY and closed the connection; LastStreamID=%v, ErrCode=%v, debug=%q",
  7974  		e.LastStreamID, e.ErrCode, e.DebugData)
  7975  }
  7976  
  7977  func http2isEOFOrNetReadError(err error) bool {
  7978  	if err == io.EOF {
  7979  		return true
  7980  	}
  7981  	ne, ok := err.(*net.OpError)
  7982  	return ok && ne.Op == "read"
  7983  }
  7984  
  7985  func (rl *http2clientConnReadLoop) cleanup() {
  7986  	cc := rl.cc
  7987  	defer cc.tconn.Close()
  7988  	defer cc.t.connPool().MarkDead(cc)
  7989  	defer close(cc.readerDone)
  7990  
  7991  	if cc.idleTimer != nil {
  7992  		cc.idleTimer.Stop()
  7993  	}
  7994  
  7995  	// Close any response bodies if the server closes prematurely.
  7996  	// TODO: also do this if we've written the headers but not
  7997  	// gotten a response yet.
  7998  	err := cc.readerErr
  7999  	cc.mu.Lock()
  8000  	if cc.goAway != nil && http2isEOFOrNetReadError(err) {
  8001  		err = http2GoAwayError{
  8002  			LastStreamID: cc.goAway.LastStreamID,
  8003  			ErrCode:      cc.goAway.ErrCode,
  8004  			DebugData:    cc.goAwayDebug,
  8005  		}
  8006  	} else if err == io.EOF {
  8007  		err = io.ErrUnexpectedEOF
  8008  	}
  8009  	for _, cs := range cc.streams {
  8010  		cs.bufPipe.CloseWithError(err) // no-op if already closed
  8011  		select {
  8012  		case cs.resc <- http2resAndError{err: err}:
  8013  		default:
  8014  		}
  8015  		close(cs.done)
  8016  	}
  8017  	cc.closed = true
  8018  	cc.cond.Broadcast()
  8019  	cc.mu.Unlock()
  8020  }
  8021  
  8022  func (rl *http2clientConnReadLoop) run() error {
  8023  	cc := rl.cc
  8024  	rl.closeWhenIdle = cc.t.disableKeepAlives() || cc.singleUse
  8025  	gotReply := false // ever saw a HEADERS reply
  8026  	gotSettings := false
  8027  	for {
  8028  		f, err := cc.fr.ReadFrame()
  8029  		if err != nil {
  8030  			cc.vlogf("http2: Transport readFrame error on conn %p: (%T) %v", cc, err, err)
  8031  		}
  8032  		if se, ok := err.(http2StreamError); ok {
  8033  			if cs := cc.streamByID(se.StreamID, false); cs != nil {
  8034  				cs.cc.writeStreamReset(cs.ID, se.Code, err)
  8035  				cs.cc.forgetStreamID(cs.ID)
  8036  				if se.Cause == nil {
  8037  					se.Cause = cc.fr.errDetail
  8038  				}
  8039  				rl.endStreamError(cs, se)
  8040  			}
  8041  			continue
  8042  		} else if err != nil {
  8043  			return err
  8044  		}
  8045  		if http2VerboseLogs {
  8046  			cc.vlogf("http2: Transport received %s", http2summarizeFrame(f))
  8047  		}
  8048  		if !gotSettings {
  8049  			if _, ok := f.(*http2SettingsFrame); !ok {
  8050  				cc.logf("protocol error: received %T before a SETTINGS frame", f)
  8051  				return http2ConnectionError(http2ErrCodeProtocol)
  8052  			}
  8053  			gotSettings = true
  8054  		}
  8055  		maybeIdle := false // whether frame might transition us to idle
  8056  
  8057  		switch f := f.(type) {
  8058  		case *http2MetaHeadersFrame:
  8059  			err = rl.processHeaders(f)
  8060  			maybeIdle = true
  8061  			gotReply = true
  8062  		case *http2DataFrame:
  8063  			err = rl.processData(f)
  8064  			maybeIdle = true
  8065  		case *http2GoAwayFrame:
  8066  			err = rl.processGoAway(f)
  8067  			maybeIdle = true
  8068  		case *http2RSTStreamFrame:
  8069  			err = rl.processResetStream(f)
  8070  			maybeIdle = true
  8071  		case *http2SettingsFrame:
  8072  			err = rl.processSettings(f)
  8073  		case *http2PushPromiseFrame:
  8074  			err = rl.processPushPromise(f)
  8075  		case *http2WindowUpdateFrame:
  8076  			err = rl.processWindowUpdate(f)
  8077  		case *http2PingFrame:
  8078  			err = rl.processPing(f)
  8079  		default:
  8080  			cc.logf("Transport: unhandled response frame type %T", f)
  8081  		}
  8082  		if err != nil {
  8083  			if http2VerboseLogs {
  8084  				cc.vlogf("http2: Transport conn %p received error from processing frame %v: %v", cc, http2summarizeFrame(f), err)
  8085  			}
  8086  			return err
  8087  		}
  8088  		if rl.closeWhenIdle && gotReply && maybeIdle {
  8089  			cc.closeIfIdle()
  8090  		}
  8091  	}
  8092  }
  8093  
  8094  func (rl *http2clientConnReadLoop) processHeaders(f *http2MetaHeadersFrame) error {
  8095  	cc := rl.cc
  8096  	cs := cc.streamByID(f.StreamID, false)
  8097  	if cs == nil {
  8098  		// We'd get here if we canceled a request while the
  8099  		// server had its response still in flight. So if this
  8100  		// was just something we canceled, ignore it.
  8101  		return nil
  8102  	}
  8103  	if f.StreamEnded() {
  8104  		// Issue 20521: If the stream has ended, streamByID() causes
  8105  		// clientStream.done to be closed, which causes the request's bodyWriter
  8106  		// to be closed with an errStreamClosed, which may be received by
  8107  		// clientConn.RoundTrip before the result of processing these headers.
  8108  		// Deferring stream closure allows the header processing to occur first.
  8109  		// clientConn.RoundTrip may still receive the bodyWriter error first, but
  8110  		// the fix for issue 16102 prioritises any response.
  8111  		//
  8112  		// Issue 22413: If there is no request body, we should close the
  8113  		// stream before writing to cs.resc so that the stream is closed
  8114  		// immediately once RoundTrip returns.
  8115  		if cs.req.Body != nil {
  8116  			defer cc.forgetStreamID(f.StreamID)
  8117  		} else {
  8118  			cc.forgetStreamID(f.StreamID)
  8119  		}
  8120  	}
  8121  	if !cs.firstByte {
  8122  		if cs.trace != nil {
  8123  			// TODO(bradfitz): move first response byte earlier,
  8124  			// when we first read the 9 byte header, not waiting
  8125  			// until all the HEADERS+CONTINUATION frames have been
  8126  			// merged. This works for now.
  8127  			http2traceFirstResponseByte(cs.trace)
  8128  		}
  8129  		cs.firstByte = true
  8130  	}
  8131  	if !cs.pastHeaders {
  8132  		cs.pastHeaders = true
  8133  	} else {
  8134  		return rl.processTrailers(cs, f)
  8135  	}
  8136  
  8137  	res, err := rl.handleResponse(cs, f)
  8138  	if err != nil {
  8139  		if _, ok := err.(http2ConnectionError); ok {
  8140  			return err
  8141  		}
  8142  		// Any other error type is a stream error.
  8143  		cs.cc.writeStreamReset(f.StreamID, http2ErrCodeProtocol, err)
  8144  		cc.forgetStreamID(cs.ID)
  8145  		cs.resc <- http2resAndError{err: err}
  8146  		return nil // return nil from process* funcs to keep conn alive
  8147  	}
  8148  	if res == nil {
  8149  		// (nil, nil) special case. See handleResponse docs.
  8150  		return nil
  8151  	}
  8152  	cs.resTrailer = &res.Trailer
  8153  	cs.resc <- http2resAndError{res: res}
  8154  	return nil
  8155  }
  8156  
  8157  // may return error types nil, or ConnectionError. Any other error value
  8158  // is a StreamError of type ErrCodeProtocol. The returned error in that case
  8159  // is the detail.
  8160  //
  8161  // As a special case, handleResponse may return (nil, nil) to skip the
  8162  // frame (currently only used for 100 expect continue). This special
  8163  // case is going away after Issue 13851 is fixed.
  8164  func (rl *http2clientConnReadLoop) handleResponse(cs *http2clientStream, f *http2MetaHeadersFrame) (*Response, error) {
  8165  	if f.Truncated {
  8166  		return nil, http2errResponseHeaderListSize
  8167  	}
  8168  
  8169  	status := f.PseudoValue("status")
  8170  	if status == "" {
  8171  		return nil, errors.New("malformed response from server: missing status pseudo header")
  8172  	}
  8173  	statusCode, err := strconv.Atoi(status)
  8174  	if err != nil {
  8175  		return nil, errors.New("malformed response from server: malformed non-numeric status pseudo header")
  8176  	}
  8177  
  8178  	if statusCode == 100 {
  8179  		http2traceGot100Continue(cs.trace)
  8180  		if cs.on100 != nil {
  8181  			cs.on100() // forces any write delay timer to fire
  8182  		}
  8183  		cs.pastHeaders = false // do it all again
  8184  		return nil, nil
  8185  	}
  8186  
  8187  	header := make(Header)
  8188  	res := &Response{
  8189  		Proto:      "HTTP/2.0",
  8190  		ProtoMajor: 2,
  8191  		Header:     header,
  8192  		StatusCode: statusCode,
  8193  		Status:     status + " " + StatusText(statusCode),
  8194  	}
  8195  	for _, hf := range f.RegularFields() {
  8196  		key := CanonicalHeaderKey(hf.Name)
  8197  		if key == "Trailer" {
  8198  			t := res.Trailer
  8199  			if t == nil {
  8200  				t = make(Header)
  8201  				res.Trailer = t
  8202  			}
  8203  			http2foreachHeaderElement(hf.Value, func(v string) {
  8204  				t[CanonicalHeaderKey(v)] = nil
  8205  			})
  8206  		} else {
  8207  			header[key] = append(header[key], hf.Value)
  8208  		}
  8209  	}
  8210  
  8211  	streamEnded := f.StreamEnded()
  8212  	isHead := cs.req.Method == "HEAD"
  8213  	if !streamEnded || isHead {
  8214  		res.ContentLength = -1
  8215  		if clens := res.Header["Content-Length"]; len(clens) == 1 {
  8216  			if clen64, err := strconv.ParseInt(clens[0], 10, 64); err == nil {
  8217  				res.ContentLength = clen64
  8218  			} else {
  8219  				// TODO: care? unlike http/1, it won't mess up our framing, so it's
  8220  				// more safe smuggling-wise to ignore.
  8221  			}
  8222  		} else if len(clens) > 1 {
  8223  			// TODO: care? unlike http/1, it won't mess up our framing, so it's
  8224  			// more safe smuggling-wise to ignore.
  8225  		}
  8226  	}
  8227  
  8228  	if streamEnded || isHead {
  8229  		res.Body = http2noBody
  8230  		return res, nil
  8231  	}
  8232  
  8233  	cs.bufPipe = http2pipe{b: &http2dataBuffer{expected: res.ContentLength}}
  8234  	cs.bytesRemain = res.ContentLength
  8235  	res.Body = http2transportResponseBody{cs}
  8236  	go cs.awaitRequestCancel(cs.req)
  8237  
  8238  	if cs.requestedGzip && res.Header.Get("Content-Encoding") == "gzip" {
  8239  		res.Header.Del("Content-Encoding")
  8240  		res.Header.Del("Content-Length")
  8241  		res.ContentLength = -1
  8242  		res.Body = &http2gzipReader{body: res.Body}
  8243  		http2setResponseUncompressed(res)
  8244  	}
  8245  	return res, nil
  8246  }
  8247  
  8248  func (rl *http2clientConnReadLoop) processTrailers(cs *http2clientStream, f *http2MetaHeadersFrame) error {
  8249  	if cs.pastTrailers {
  8250  		// Too many HEADERS frames for this stream.
  8251  		return http2ConnectionError(http2ErrCodeProtocol)
  8252  	}
  8253  	cs.pastTrailers = true
  8254  	if !f.StreamEnded() {
  8255  		// We expect that any headers for trailers also
  8256  		// has END_STREAM.
  8257  		return http2ConnectionError(http2ErrCodeProtocol)
  8258  	}
  8259  	if len(f.PseudoFields()) > 0 {
  8260  		// No pseudo header fields are defined for trailers.
  8261  		// TODO: ConnectionError might be overly harsh? Check.
  8262  		return http2ConnectionError(http2ErrCodeProtocol)
  8263  	}
  8264  
  8265  	trailer := make(Header)
  8266  	for _, hf := range f.RegularFields() {
  8267  		key := CanonicalHeaderKey(hf.Name)
  8268  		trailer[key] = append(trailer[key], hf.Value)
  8269  	}
  8270  	cs.trailer = trailer
  8271  
  8272  	rl.endStream(cs)
  8273  	return nil
  8274  }
  8275  
  8276  // transportResponseBody is the concrete type of Transport.RoundTrip's
  8277  // Response.Body. It is an io.ReadCloser. On Read, it reads from cs.body.
  8278  // On Close it sends RST_STREAM if EOF wasn't already seen.
  8279  type http2transportResponseBody struct {
  8280  	cs *http2clientStream
  8281  }
  8282  
  8283  func (b http2transportResponseBody) Read(p []byte) (n int, err error) {
  8284  	cs := b.cs
  8285  	cc := cs.cc
  8286  
  8287  	if cs.readErr != nil {
  8288  		return 0, cs.readErr
  8289  	}
  8290  	n, err = b.cs.bufPipe.Read(p)
  8291  	if cs.bytesRemain != -1 {
  8292  		if int64(n) > cs.bytesRemain {
  8293  			n = int(cs.bytesRemain)
  8294  			if err == nil {
  8295  				err = errors.New("net/http: server replied with more than declared Content-Length; truncated")
  8296  				cc.writeStreamReset(cs.ID, http2ErrCodeProtocol, err)
  8297  			}
  8298  			cs.readErr = err
  8299  			return int(cs.bytesRemain), err
  8300  		}
  8301  		cs.bytesRemain -= int64(n)
  8302  		if err == io.EOF && cs.bytesRemain > 0 {
  8303  			err = io.ErrUnexpectedEOF
  8304  			cs.readErr = err
  8305  			return n, err
  8306  		}
  8307  	}
  8308  	if n == 0 {
  8309  		// No flow control tokens to send back.
  8310  		return
  8311  	}
  8312  
  8313  	cc.mu.Lock()
  8314  	defer cc.mu.Unlock()
  8315  
  8316  	var connAdd, streamAdd int32
  8317  	// Check the conn-level first, before the stream-level.
  8318  	if v := cc.inflow.available(); v < http2transportDefaultConnFlow/2 {
  8319  		connAdd = http2transportDefaultConnFlow - v
  8320  		cc.inflow.add(connAdd)
  8321  	}
  8322  	if err == nil { // No need to refresh if the stream is over or failed.
  8323  		// Consider any buffered body data (read from the conn but not
  8324  		// consumed by the client) when computing flow control for this
  8325  		// stream.
  8326  		v := int(cs.inflow.available()) + cs.bufPipe.Len()
  8327  		if v < http2transportDefaultStreamFlow-http2transportDefaultStreamMinRefresh {
  8328  			streamAdd = int32(http2transportDefaultStreamFlow - v)
  8329  			cs.inflow.add(streamAdd)
  8330  		}
  8331  	}
  8332  	if connAdd != 0 || streamAdd != 0 {
  8333  		cc.wmu.Lock()
  8334  		defer cc.wmu.Unlock()
  8335  		if connAdd != 0 {
  8336  			cc.fr.WriteWindowUpdate(0, http2mustUint31(connAdd))
  8337  		}
  8338  		if streamAdd != 0 {
  8339  			cc.fr.WriteWindowUpdate(cs.ID, http2mustUint31(streamAdd))
  8340  		}
  8341  		cc.bw.Flush()
  8342  	}
  8343  	return
  8344  }
  8345  
  8346  var http2errClosedResponseBody = errors.New("http2: response body closed")
  8347  
  8348  func (b http2transportResponseBody) Close() error {
  8349  	cs := b.cs
  8350  	cc := cs.cc
  8351  
  8352  	serverSentStreamEnd := cs.bufPipe.Err() == io.EOF
  8353  	unread := cs.bufPipe.Len()
  8354  
  8355  	if unread > 0 || !serverSentStreamEnd {
  8356  		cc.mu.Lock()
  8357  		cc.wmu.Lock()
  8358  		if !serverSentStreamEnd {
  8359  			cc.fr.WriteRSTStream(cs.ID, http2ErrCodeCancel)
  8360  			cs.didReset = true
  8361  		}
  8362  		// Return connection-level flow control.
  8363  		if unread > 0 {
  8364  			cc.inflow.add(int32(unread))
  8365  			cc.fr.WriteWindowUpdate(0, uint32(unread))
  8366  		}
  8367  		cc.bw.Flush()
  8368  		cc.wmu.Unlock()
  8369  		cc.mu.Unlock()
  8370  	}
  8371  
  8372  	cs.bufPipe.BreakWithError(http2errClosedResponseBody)
  8373  	cc.forgetStreamID(cs.ID)
  8374  	return nil
  8375  }
  8376  
  8377  func (rl *http2clientConnReadLoop) processData(f *http2DataFrame) error {
  8378  	cc := rl.cc
  8379  	cs := cc.streamByID(f.StreamID, f.StreamEnded())
  8380  	data := f.Data()
  8381  	if cs == nil {
  8382  		cc.mu.Lock()
  8383  		neverSent := cc.nextStreamID
  8384  		cc.mu.Unlock()
  8385  		if f.StreamID >= neverSent {
  8386  			// We never asked for this.
  8387  			cc.logf("http2: Transport received unsolicited DATA frame; closing connection")
  8388  			return http2ConnectionError(http2ErrCodeProtocol)
  8389  		}
  8390  		// We probably did ask for this, but canceled. Just ignore it.
  8391  		// TODO: be stricter here? only silently ignore things which
  8392  		// we canceled, but not things which were closed normally
  8393  		// by the peer? Tough without accumulating too much state.
  8394  
  8395  		// But at least return their flow control:
  8396  		if f.Length > 0 {
  8397  			cc.mu.Lock()
  8398  			cc.inflow.add(int32(f.Length))
  8399  			cc.mu.Unlock()
  8400  
  8401  			cc.wmu.Lock()
  8402  			cc.fr.WriteWindowUpdate(0, uint32(f.Length))
  8403  			cc.bw.Flush()
  8404  			cc.wmu.Unlock()
  8405  		}
  8406  		return nil
  8407  	}
  8408  	if !cs.firstByte {
  8409  		cc.logf("protocol error: received DATA before a HEADERS frame")
  8410  		rl.endStreamError(cs, http2StreamError{
  8411  			StreamID: f.StreamID,
  8412  			Code:     http2ErrCodeProtocol,
  8413  		})
  8414  		return nil
  8415  	}
  8416  	if f.Length > 0 {
  8417  		if cs.req.Method == "HEAD" && len(data) > 0 {
  8418  			cc.logf("protocol error: received DATA on a HEAD request")
  8419  			rl.endStreamError(cs, http2StreamError{
  8420  				StreamID: f.StreamID,
  8421  				Code:     http2ErrCodeProtocol,
  8422  			})
  8423  			return nil
  8424  		}
  8425  		// Check connection-level flow control.
  8426  		cc.mu.Lock()
  8427  		if cs.inflow.available() >= int32(f.Length) {
  8428  			cs.inflow.take(int32(f.Length))
  8429  		} else {
  8430  			cc.mu.Unlock()
  8431  			return http2ConnectionError(http2ErrCodeFlowControl)
  8432  		}
  8433  		// Return any padded flow control now, since we won't
  8434  		// refund it later on body reads.
  8435  		var refund int
  8436  		if pad := int(f.Length) - len(data); pad > 0 {
  8437  			refund += pad
  8438  		}
  8439  		// Return len(data) now if the stream is already closed,
  8440  		// since data will never be read.
  8441  		didReset := cs.didReset
  8442  		if didReset {
  8443  			refund += len(data)
  8444  		}
  8445  		if refund > 0 {
  8446  			cc.inflow.add(int32(refund))
  8447  			cc.wmu.Lock()
  8448  			cc.fr.WriteWindowUpdate(0, uint32(refund))
  8449  			if !didReset {
  8450  				cs.inflow.add(int32(refund))
  8451  				cc.fr.WriteWindowUpdate(cs.ID, uint32(refund))
  8452  			}
  8453  			cc.bw.Flush()
  8454  			cc.wmu.Unlock()
  8455  		}
  8456  		cc.mu.Unlock()
  8457  
  8458  		if len(data) > 0 && !didReset {
  8459  			if _, err := cs.bufPipe.Write(data); err != nil {
  8460  				rl.endStreamError(cs, err)
  8461  				return err
  8462  			}
  8463  		}
  8464  	}
  8465  
  8466  	if f.StreamEnded() {
  8467  		rl.endStream(cs)
  8468  	}
  8469  	return nil
  8470  }
  8471  
  8472  var http2errInvalidTrailers = errors.New("http2: invalid trailers")
  8473  
  8474  func (rl *http2clientConnReadLoop) endStream(cs *http2clientStream) {
  8475  	// TODO: check that any declared content-length matches, like
  8476  	// server.go's (*stream).endStream method.
  8477  	rl.endStreamError(cs, nil)
  8478  }
  8479  
  8480  func (rl *http2clientConnReadLoop) endStreamError(cs *http2clientStream, err error) {
  8481  	var code func()
  8482  	if err == nil {
  8483  		err = io.EOF
  8484  		code = cs.copyTrailers
  8485  	}
  8486  	if http2isConnectionCloseRequest(cs.req) {
  8487  		rl.closeWhenIdle = true
  8488  	}
  8489  	cs.bufPipe.closeWithErrorAndCode(err, code)
  8490  
  8491  	select {
  8492  	case cs.resc <- http2resAndError{err: err}:
  8493  	default:
  8494  	}
  8495  }
  8496  
  8497  func (cs *http2clientStream) copyTrailers() {
  8498  	for k, vv := range cs.trailer {
  8499  		t := cs.resTrailer
  8500  		if *t == nil {
  8501  			*t = make(Header)
  8502  		}
  8503  		(*t)[k] = vv
  8504  	}
  8505  }
  8506  
  8507  func (rl *http2clientConnReadLoop) processGoAway(f *http2GoAwayFrame) error {
  8508  	cc := rl.cc
  8509  	cc.t.connPool().MarkDead(cc)
  8510  	if f.ErrCode != 0 {
  8511  		// TODO: deal with GOAWAY more. particularly the error code
  8512  		cc.vlogf("transport got GOAWAY with error code = %v", f.ErrCode)
  8513  	}
  8514  	cc.setGoAway(f)
  8515  	return nil
  8516  }
  8517  
  8518  func (rl *http2clientConnReadLoop) processSettings(f *http2SettingsFrame) error {
  8519  	cc := rl.cc
  8520  	cc.mu.Lock()
  8521  	defer cc.mu.Unlock()
  8522  
  8523  	if f.IsAck() {
  8524  		if cc.wantSettingsAck {
  8525  			cc.wantSettingsAck = false
  8526  			return nil
  8527  		}
  8528  		return http2ConnectionError(http2ErrCodeProtocol)
  8529  	}
  8530  
  8531  	err := f.ForeachSetting(func(s http2Setting) error {
  8532  		switch s.ID {
  8533  		case http2SettingMaxFrameSize:
  8534  			cc.maxFrameSize = s.Val
  8535  		case http2SettingMaxConcurrentStreams:
  8536  			cc.maxConcurrentStreams = s.Val
  8537  		case http2SettingMaxHeaderListSize:
  8538  			cc.peerMaxHeaderListSize = uint64(s.Val)
  8539  		case http2SettingInitialWindowSize:
  8540  			// Values above the maximum flow-control
  8541  			// window size of 2^31-1 MUST be treated as a
  8542  			// connection error (Section 5.4.1) of type
  8543  			// FLOW_CONTROL_ERROR.
  8544  			if s.Val > math.MaxInt32 {
  8545  				return http2ConnectionError(http2ErrCodeFlowControl)
  8546  			}
  8547  
  8548  			// Adjust flow control of currently-open
  8549  			// frames by the difference of the old initial
  8550  			// window size and this one.
  8551  			delta := int32(s.Val) - int32(cc.initialWindowSize)
  8552  			for _, cs := range cc.streams {
  8553  				cs.flow.add(delta)
  8554  			}
  8555  			cc.cond.Broadcast()
  8556  
  8557  			cc.initialWindowSize = s.Val
  8558  		default:
  8559  			// TODO(bradfitz): handle more settings? SETTINGS_HEADER_TABLE_SIZE probably.
  8560  			cc.vlogf("Unhandled Setting: %v", s)
  8561  		}
  8562  		return nil
  8563  	})
  8564  	if err != nil {
  8565  		return err
  8566  	}
  8567  
  8568  	cc.wmu.Lock()
  8569  	defer cc.wmu.Unlock()
  8570  
  8571  	cc.fr.WriteSettingsAck()
  8572  	cc.bw.Flush()
  8573  	return cc.werr
  8574  }
  8575  
  8576  func (rl *http2clientConnReadLoop) processWindowUpdate(f *http2WindowUpdateFrame) error {
  8577  	cc := rl.cc
  8578  	cs := cc.streamByID(f.StreamID, false)
  8579  	if f.StreamID != 0 && cs == nil {
  8580  		return nil
  8581  	}
  8582  
  8583  	cc.mu.Lock()
  8584  	defer cc.mu.Unlock()
  8585  
  8586  	fl := &cc.flow
  8587  	if cs != nil {
  8588  		fl = &cs.flow
  8589  	}
  8590  	if !fl.add(int32(f.Increment)) {
  8591  		return http2ConnectionError(http2ErrCodeFlowControl)
  8592  	}
  8593  	cc.cond.Broadcast()
  8594  	return nil
  8595  }
  8596  
  8597  func (rl *http2clientConnReadLoop) processResetStream(f *http2RSTStreamFrame) error {
  8598  	cs := rl.cc.streamByID(f.StreamID, true)
  8599  	if cs == nil {
  8600  		// TODO: return error if server tries to RST_STEAM an idle stream
  8601  		return nil
  8602  	}
  8603  	select {
  8604  	case <-cs.peerReset:
  8605  		// Already reset.
  8606  		// This is the only goroutine
  8607  		// which closes this, so there
  8608  		// isn't a race.
  8609  	default:
  8610  		err := http2streamError(cs.ID, f.ErrCode)
  8611  		cs.resetErr = err
  8612  		close(cs.peerReset)
  8613  		cs.bufPipe.CloseWithError(err)
  8614  		cs.cc.cond.Broadcast() // wake up checkResetOrDone via clientStream.awaitFlowControl
  8615  	}
  8616  	return nil
  8617  }
  8618  
  8619  // Ping sends a PING frame to the server and waits for the ack.
  8620  // Public implementation is in go17.go and not_go17.go
  8621  func (cc *http2ClientConn) ping(ctx http2contextContext) error {
  8622  	c := make(chan struct{})
  8623  	// Generate a random payload
  8624  	var p [8]byte
  8625  	for {
  8626  		if _, err := rand.Read(p[:]); err != nil {
  8627  			return err
  8628  		}
  8629  		cc.mu.Lock()
  8630  		// check for dup before insert
  8631  		if _, found := cc.pings[p]; !found {
  8632  			cc.pings[p] = c
  8633  			cc.mu.Unlock()
  8634  			break
  8635  		}
  8636  		cc.mu.Unlock()
  8637  	}
  8638  	cc.wmu.Lock()
  8639  	if err := cc.fr.WritePing(false, p); err != nil {
  8640  		cc.wmu.Unlock()
  8641  		return err
  8642  	}
  8643  	if err := cc.bw.Flush(); err != nil {
  8644  		cc.wmu.Unlock()
  8645  		return err
  8646  	}
  8647  	cc.wmu.Unlock()
  8648  	select {
  8649  	case <-c:
  8650  		return nil
  8651  	case <-ctx.Done():
  8652  		return ctx.Err()
  8653  	case <-cc.readerDone:
  8654  		// connection closed
  8655  		return cc.readerErr
  8656  	}
  8657  }
  8658  
  8659  func (rl *http2clientConnReadLoop) processPing(f *http2PingFrame) error {
  8660  	if f.IsAck() {
  8661  		cc := rl.cc
  8662  		cc.mu.Lock()
  8663  		defer cc.mu.Unlock()
  8664  		// If ack, notify listener if any
  8665  		if c, ok := cc.pings[f.Data]; ok {
  8666  			close(c)
  8667  			delete(cc.pings, f.Data)
  8668  		}
  8669  		return nil
  8670  	}
  8671  	cc := rl.cc
  8672  	cc.wmu.Lock()
  8673  	defer cc.wmu.Unlock()
  8674  	if err := cc.fr.WritePing(true, f.Data); err != nil {
  8675  		return err
  8676  	}
  8677  	return cc.bw.Flush()
  8678  }
  8679  
  8680  func (rl *http2clientConnReadLoop) processPushPromise(f *http2PushPromiseFrame) error {
  8681  	// We told the peer we don't want them.
  8682  	// Spec says:
  8683  	// "PUSH_PROMISE MUST NOT be sent if the SETTINGS_ENABLE_PUSH
  8684  	// setting of the peer endpoint is set to 0. An endpoint that
  8685  	// has set this setting and has received acknowledgement MUST
  8686  	// treat the receipt of a PUSH_PROMISE frame as a connection
  8687  	// error (Section 5.4.1) of type PROTOCOL_ERROR."
  8688  	return http2ConnectionError(http2ErrCodeProtocol)
  8689  }
  8690  
  8691  func (cc *http2ClientConn) writeStreamReset(streamID uint32, code http2ErrCode, err error) {
  8692  	// TODO: map err to more interesting error codes, once the
  8693  	// HTTP community comes up with some. But currently for
  8694  	// RST_STREAM there's no equivalent to GOAWAY frame's debug
  8695  	// data, and the error codes are all pretty vague ("cancel").
  8696  	cc.wmu.Lock()
  8697  	cc.fr.WriteRSTStream(streamID, code)
  8698  	cc.bw.Flush()
  8699  	cc.wmu.Unlock()
  8700  }
  8701  
  8702  var (
  8703  	http2errResponseHeaderListSize = errors.New("http2: response header list larger than advertised limit")
  8704  	http2errRequestHeaderListSize  = errors.New("http2: request header list larger than peer's advertised limit")
  8705  	http2errPseudoTrailers         = errors.New("http2: invalid pseudo header in trailers")
  8706  )
  8707  
  8708  func (cc *http2ClientConn) logf(format string, args ...interface{}) {
  8709  	cc.t.logf(format, args...)
  8710  }
  8711  
  8712  func (cc *http2ClientConn) vlogf(format string, args ...interface{}) {
  8713  	cc.t.vlogf(format, args...)
  8714  }
  8715  
  8716  func (t *http2Transport) vlogf(format string, args ...interface{}) {
  8717  	if http2VerboseLogs {
  8718  		t.logf(format, args...)
  8719  	}
  8720  }
  8721  
  8722  func (t *http2Transport) logf(format string, args ...interface{}) {
  8723  	log.Printf(format, args...)
  8724  }
  8725  
  8726  var http2noBody io.ReadCloser = ioutil.NopCloser(bytes.NewReader(nil))
  8727  
  8728  func http2strSliceContains(ss []string, s string) bool {
  8729  	for _, v := range ss {
  8730  		if v == s {
  8731  			return true
  8732  		}
  8733  	}
  8734  	return false
  8735  }
  8736  
  8737  type http2erringRoundTripper struct{ err error }
  8738  
  8739  func (rt http2erringRoundTripper) RoundTrip(*Request) (*Response, error) { return nil, rt.err }
  8740  
  8741  // gzipReader wraps a response body so it can lazily
  8742  // call gzip.NewReader on the first call to Read
  8743  type http2gzipReader struct {
  8744  	body io.ReadCloser // underlying Response.Body
  8745  	zr   *gzip.Reader  // lazily-initialized gzip reader
  8746  	zerr error         // sticky error
  8747  }
  8748  
  8749  func (gz *http2gzipReader) Read(p []byte) (n int, err error) {
  8750  	if gz.zerr != nil {
  8751  		return 0, gz.zerr
  8752  	}
  8753  	if gz.zr == nil {
  8754  		gz.zr, err = gzip.NewReader(gz.body)
  8755  		if err != nil {
  8756  			gz.zerr = err
  8757  			return 0, err
  8758  		}
  8759  	}
  8760  	return gz.zr.Read(p)
  8761  }
  8762  
  8763  func (gz *http2gzipReader) Close() error {
  8764  	return gz.body.Close()
  8765  }
  8766  
  8767  type http2errorReader struct{ err error }
  8768  
  8769  func (r http2errorReader) Read(p []byte) (int, error) { return 0, r.err }
  8770  
  8771  // bodyWriterState encapsulates various state around the Transport's writing
  8772  // of the request body, particularly regarding doing delayed writes of the body
  8773  // when the request contains "Expect: 100-continue".
  8774  type http2bodyWriterState struct {
  8775  	cs     *http2clientStream
  8776  	timer  *time.Timer   // if non-nil, we're doing a delayed write
  8777  	fnonce *sync.Once    // to call fn with
  8778  	fn     func()        // the code to run in the goroutine, writing the body
  8779  	resc   chan error    // result of fn's execution
  8780  	delay  time.Duration // how long we should delay a delayed write for
  8781  }
  8782  
  8783  func (t *http2Transport) getBodyWriterState(cs *http2clientStream, body io.Reader) (s http2bodyWriterState) {
  8784  	s.cs = cs
  8785  	if body == nil {
  8786  		return
  8787  	}
  8788  	resc := make(chan error, 1)
  8789  	s.resc = resc
  8790  	s.fn = func() {
  8791  		cs.cc.mu.Lock()
  8792  		cs.startedWrite = true
  8793  		cs.cc.mu.Unlock()
  8794  		resc <- cs.writeRequestBody(body, cs.req.Body)
  8795  	}
  8796  	s.delay = t.expectContinueTimeout()
  8797  	if s.delay == 0 ||
  8798  		!httplex.HeaderValuesContainsToken(
  8799  			cs.req.Header["Expect"],
  8800  			"100-continue") {
  8801  		return
  8802  	}
  8803  	s.fnonce = new(sync.Once)
  8804  
  8805  	// Arm the timer with a very large duration, which we'll
  8806  	// intentionally lower later. It has to be large now because
  8807  	// we need a handle to it before writing the headers, but the
  8808  	// s.delay value is defined to not start until after the
  8809  	// request headers were written.
  8810  	const hugeDuration = 365 * 24 * time.Hour
  8811  	s.timer = time.AfterFunc(hugeDuration, func() {
  8812  		s.fnonce.Do(s.fn)
  8813  	})
  8814  	return
  8815  }
  8816  
  8817  func (s http2bodyWriterState) cancel() {
  8818  	if s.timer != nil {
  8819  		s.timer.Stop()
  8820  	}
  8821  }
  8822  
  8823  func (s http2bodyWriterState) on100() {
  8824  	if s.timer == nil {
  8825  		// If we didn't do a delayed write, ignore the server's
  8826  		// bogus 100 continue response.
  8827  		return
  8828  	}
  8829  	s.timer.Stop()
  8830  	go func() { s.fnonce.Do(s.fn) }()
  8831  }
  8832  
  8833  // scheduleBodyWrite starts writing the body, either immediately (in
  8834  // the common case) or after the delay timeout. It should not be
  8835  // called until after the headers have been written.
  8836  func (s http2bodyWriterState) scheduleBodyWrite() {
  8837  	if s.timer == nil {
  8838  		// We're not doing a delayed write (see
  8839  		// getBodyWriterState), so just start the writing
  8840  		// goroutine immediately.
  8841  		go s.fn()
  8842  		return
  8843  	}
  8844  	http2traceWait100Continue(s.cs.trace)
  8845  	if s.timer.Stop() {
  8846  		s.timer.Reset(s.delay)
  8847  	}
  8848  }
  8849  
  8850  // isConnectionCloseRequest reports whether req should use its own
  8851  // connection for a single request and then close the connection.
  8852  func http2isConnectionCloseRequest(req *Request) bool {
  8853  	return req.Close || httplex.HeaderValuesContainsToken(req.Header["Connection"], "close")
  8854  }
  8855  
  8856  // writeFramer is implemented by any type that is used to write frames.
  8857  type http2writeFramer interface {
  8858  	writeFrame(http2writeContext) error
  8859  
  8860  	// staysWithinBuffer reports whether this writer promises that
  8861  	// it will only write less than or equal to size bytes, and it
  8862  	// won't Flush the write context.
  8863  	staysWithinBuffer(size int) bool
  8864  }
  8865  
  8866  // writeContext is the interface needed by the various frame writer
  8867  // types below. All the writeFrame methods below are scheduled via the
  8868  // frame writing scheduler (see writeScheduler in writesched.go).
  8869  //
  8870  // This interface is implemented by *serverConn.
  8871  //
  8872  // TODO: decide whether to a) use this in the client code (which didn't
  8873  // end up using this yet, because it has a simpler design, not
  8874  // currently implementing priorities), or b) delete this and
  8875  // make the server code a bit more concrete.
  8876  type http2writeContext interface {
  8877  	Framer() *http2Framer
  8878  	Flush() error
  8879  	CloseConn() error
  8880  	// HeaderEncoder returns an HPACK encoder that writes to the
  8881  	// returned buffer.
  8882  	HeaderEncoder() (*hpack.Encoder, *bytes.Buffer)
  8883  }
  8884  
  8885  // writeEndsStream reports whether w writes a frame that will transition
  8886  // the stream to a half-closed local state. This returns false for RST_STREAM,
  8887  // which closes the entire stream (not just the local half).
  8888  func http2writeEndsStream(w http2writeFramer) bool {
  8889  	switch v := w.(type) {
  8890  	case *http2writeData:
  8891  		return v.endStream
  8892  	case *http2writeResHeaders:
  8893  		return v.endStream
  8894  	case nil:
  8895  		// This can only happen if the caller reuses w after it's
  8896  		// been intentionally nil'ed out to prevent use. Keep this
  8897  		// here to catch future refactoring breaking it.
  8898  		panic("writeEndsStream called on nil writeFramer")
  8899  	}
  8900  	return false
  8901  }
  8902  
  8903  type http2flushFrameWriter struct{}
  8904  
  8905  func (http2flushFrameWriter) writeFrame(ctx http2writeContext) error {
  8906  	return ctx.Flush()
  8907  }
  8908  
  8909  func (http2flushFrameWriter) staysWithinBuffer(max int) bool { return false }
  8910  
  8911  type http2writeSettings []http2Setting
  8912  
  8913  func (s http2writeSettings) staysWithinBuffer(max int) bool {
  8914  	const settingSize = 6 // uint16 + uint32
  8915  	return http2frameHeaderLen+settingSize*len(s) <= max
  8916  
  8917  }
  8918  
  8919  func (s http2writeSettings) writeFrame(ctx http2writeContext) error {
  8920  	return ctx.Framer().WriteSettings([]http2Setting(s)...)
  8921  }
  8922  
  8923  type http2writeGoAway struct {
  8924  	maxStreamID uint32
  8925  	code        http2ErrCode
  8926  }
  8927  
  8928  func (p *http2writeGoAway) writeFrame(ctx http2writeContext) error {
  8929  	err := ctx.Framer().WriteGoAway(p.maxStreamID, p.code, nil)
  8930  	ctx.Flush() // ignore error: we're hanging up on them anyway
  8931  	return err
  8932  }
  8933  
  8934  func (*http2writeGoAway) staysWithinBuffer(max int) bool { return false } // flushes
  8935  
  8936  type http2writeData struct {
  8937  	streamID  uint32
  8938  	p         []byte
  8939  	endStream bool
  8940  }
  8941  
  8942  func (w *http2writeData) String() string {
  8943  	return fmt.Sprintf("writeData(stream=%d, p=%d, endStream=%v)", w.streamID, len(w.p), w.endStream)
  8944  }
  8945  
  8946  func (w *http2writeData) writeFrame(ctx http2writeContext) error {
  8947  	return ctx.Framer().WriteData(w.streamID, w.endStream, w.p)
  8948  }
  8949  
  8950  func (w *http2writeData) staysWithinBuffer(max int) bool {
  8951  	return http2frameHeaderLen+len(w.p) <= max
  8952  }
  8953  
  8954  // handlerPanicRST is the message sent from handler goroutines when
  8955  // the handler panics.
  8956  type http2handlerPanicRST struct {
  8957  	StreamID uint32
  8958  }
  8959  
  8960  func (hp http2handlerPanicRST) writeFrame(ctx http2writeContext) error {
  8961  	return ctx.Framer().WriteRSTStream(hp.StreamID, http2ErrCodeInternal)
  8962  }
  8963  
  8964  func (hp http2handlerPanicRST) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max }
  8965  
  8966  func (se http2StreamError) writeFrame(ctx http2writeContext) error {
  8967  	return ctx.Framer().WriteRSTStream(se.StreamID, se.Code)
  8968  }
  8969  
  8970  func (se http2StreamError) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max }
  8971  
  8972  type http2writePingAck struct{ pf *http2PingFrame }
  8973  
  8974  func (w http2writePingAck) writeFrame(ctx http2writeContext) error {
  8975  	return ctx.Framer().WritePing(true, w.pf.Data)
  8976  }
  8977  
  8978  func (w http2writePingAck) staysWithinBuffer(max int) bool {
  8979  	return http2frameHeaderLen+len(w.pf.Data) <= max
  8980  }
  8981  
  8982  type http2writeSettingsAck struct{}
  8983  
  8984  func (http2writeSettingsAck) writeFrame(ctx http2writeContext) error {
  8985  	return ctx.Framer().WriteSettingsAck()
  8986  }
  8987  
  8988  func (http2writeSettingsAck) staysWithinBuffer(max int) bool { return http2frameHeaderLen <= max }
  8989  
  8990  // splitHeaderBlock splits headerBlock into fragments so that each fragment fits
  8991  // in a single frame, then calls fn for each fragment. firstFrag/lastFrag are true
  8992  // for the first/last fragment, respectively.
  8993  func http2splitHeaderBlock(ctx http2writeContext, headerBlock []byte, fn func(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error) error {
  8994  	// For now we're lazy and just pick the minimum MAX_FRAME_SIZE
  8995  	// that all peers must support (16KB). Later we could care
  8996  	// more and send larger frames if the peer advertised it, but
  8997  	// there's little point. Most headers are small anyway (so we
  8998  	// generally won't have CONTINUATION frames), and extra frames
  8999  	// only waste 9 bytes anyway.
  9000  	const maxFrameSize = 16384
  9001  
  9002  	first := true
  9003  	for len(headerBlock) > 0 {
  9004  		frag := headerBlock
  9005  		if len(frag) > maxFrameSize {
  9006  			frag = frag[:maxFrameSize]
  9007  		}
  9008  		headerBlock = headerBlock[len(frag):]
  9009  		if err := fn(ctx, frag, first, len(headerBlock) == 0); err != nil {
  9010  			return err
  9011  		}
  9012  		first = false
  9013  	}
  9014  	return nil
  9015  }
  9016  
  9017  // writeResHeaders is a request to write a HEADERS and 0+ CONTINUATION frames
  9018  // for HTTP response headers or trailers from a server handler.
  9019  type http2writeResHeaders struct {
  9020  	streamID    uint32
  9021  	httpResCode int      // 0 means no ":status" line
  9022  	h           Header   // may be nil
  9023  	trailers    []string // if non-nil, which keys of h to write. nil means all.
  9024  	endStream   bool
  9025  
  9026  	date          string
  9027  	contentType   string
  9028  	contentLength string
  9029  }
  9030  
  9031  func http2encKV(enc *hpack.Encoder, k, v string) {
  9032  	if http2VerboseLogs {
  9033  		log.Printf("http2: server encoding header %q = %q", k, v)
  9034  	}
  9035  	enc.WriteField(hpack.HeaderField{Name: k, Value: v})
  9036  }
  9037  
  9038  func (w *http2writeResHeaders) staysWithinBuffer(max int) bool {
  9039  	// TODO: this is a common one. It'd be nice to return true
  9040  	// here and get into the fast path if we could be clever and
  9041  	// calculate the size fast enough, or at least a conservative
  9042  	// uppper bound that usually fires. (Maybe if w.h and
  9043  	// w.trailers are nil, so we don't need to enumerate it.)
  9044  	// Otherwise I'm afraid that just calculating the length to
  9045  	// answer this question would be slower than the ~2µs benefit.
  9046  	return false
  9047  }
  9048  
  9049  func (w *http2writeResHeaders) writeFrame(ctx http2writeContext) error {
  9050  	enc, buf := ctx.HeaderEncoder()
  9051  	buf.Reset()
  9052  
  9053  	if w.httpResCode != 0 {
  9054  		http2encKV(enc, ":status", http2httpCodeString(w.httpResCode))
  9055  	}
  9056  
  9057  	http2encodeHeaders(enc, w.h, w.trailers)
  9058  
  9059  	if w.contentType != "" {
  9060  		http2encKV(enc, "content-type", w.contentType)
  9061  	}
  9062  	if w.contentLength != "" {
  9063  		http2encKV(enc, "content-length", w.contentLength)
  9064  	}
  9065  	if w.date != "" {
  9066  		http2encKV(enc, "date", w.date)
  9067  	}
  9068  
  9069  	headerBlock := buf.Bytes()
  9070  	if len(headerBlock) == 0 && w.trailers == nil {
  9071  		panic("unexpected empty hpack")
  9072  	}
  9073  
  9074  	return http2splitHeaderBlock(ctx, headerBlock, w.writeHeaderBlock)
  9075  }
  9076  
  9077  func (w *http2writeResHeaders) writeHeaderBlock(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error {
  9078  	if firstFrag {
  9079  		return ctx.Framer().WriteHeaders(http2HeadersFrameParam{
  9080  			StreamID:      w.streamID,
  9081  			BlockFragment: frag,
  9082  			EndStream:     w.endStream,
  9083  			EndHeaders:    lastFrag,
  9084  		})
  9085  	} else {
  9086  		return ctx.Framer().WriteContinuation(w.streamID, lastFrag, frag)
  9087  	}
  9088  }
  9089  
  9090  // writePushPromise is a request to write a PUSH_PROMISE and 0+ CONTINUATION frames.
  9091  type http2writePushPromise struct {
  9092  	streamID uint32   // pusher stream
  9093  	method   string   // for :method
  9094  	url      *url.URL // for :scheme, :authority, :path
  9095  	h        Header
  9096  
  9097  	// Creates an ID for a pushed stream. This runs on serveG just before
  9098  	// the frame is written. The returned ID is copied to promisedID.
  9099  	allocatePromisedID func() (uint32, error)
  9100  	promisedID         uint32
  9101  }
  9102  
  9103  func (w *http2writePushPromise) staysWithinBuffer(max int) bool {
  9104  	// TODO: see writeResHeaders.staysWithinBuffer
  9105  	return false
  9106  }
  9107  
  9108  func (w *http2writePushPromise) writeFrame(ctx http2writeContext) error {
  9109  	enc, buf := ctx.HeaderEncoder()
  9110  	buf.Reset()
  9111  
  9112  	http2encKV(enc, ":method", w.method)
  9113  	http2encKV(enc, ":scheme", w.url.Scheme)
  9114  	http2encKV(enc, ":authority", w.url.Host)
  9115  	http2encKV(enc, ":path", w.url.RequestURI())
  9116  	http2encodeHeaders(enc, w.h, nil)
  9117  
  9118  	headerBlock := buf.Bytes()
  9119  	if len(headerBlock) == 0 {
  9120  		panic("unexpected empty hpack")
  9121  	}
  9122  
  9123  	return http2splitHeaderBlock(ctx, headerBlock, w.writeHeaderBlock)
  9124  }
  9125  
  9126  func (w *http2writePushPromise) writeHeaderBlock(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error {
  9127  	if firstFrag {
  9128  		return ctx.Framer().WritePushPromise(http2PushPromiseParam{
  9129  			StreamID:      w.streamID,
  9130  			PromiseID:     w.promisedID,
  9131  			BlockFragment: frag,
  9132  			EndHeaders:    lastFrag,
  9133  		})
  9134  	} else {
  9135  		return ctx.Framer().WriteContinuation(w.streamID, lastFrag, frag)
  9136  	}
  9137  }
  9138  
  9139  type http2write100ContinueHeadersFrame struct {
  9140  	streamID uint32
  9141  }
  9142  
  9143  func (w http2write100ContinueHeadersFrame) writeFrame(ctx http2writeContext) error {
  9144  	enc, buf := ctx.HeaderEncoder()
  9145  	buf.Reset()
  9146  	http2encKV(enc, ":status", "100")
  9147  	return ctx.Framer().WriteHeaders(http2HeadersFrameParam{
  9148  		StreamID:      w.streamID,
  9149  		BlockFragment: buf.Bytes(),
  9150  		EndStream:     false,
  9151  		EndHeaders:    true,
  9152  	})
  9153  }
  9154  
  9155  func (w http2write100ContinueHeadersFrame) staysWithinBuffer(max int) bool {
  9156  	// Sloppy but conservative:
  9157  	return 9+2*(len(":status")+len("100")) <= max
  9158  }
  9159  
  9160  type http2writeWindowUpdate struct {
  9161  	streamID uint32 // or 0 for conn-level
  9162  	n        uint32
  9163  }
  9164  
  9165  func (wu http2writeWindowUpdate) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max }
  9166  
  9167  func (wu http2writeWindowUpdate) writeFrame(ctx http2writeContext) error {
  9168  	return ctx.Framer().WriteWindowUpdate(wu.streamID, wu.n)
  9169  }
  9170  
  9171  // encodeHeaders encodes an http.Header. If keys is not nil, then (k, h[k])
  9172  // is encoded only only if k is in keys.
  9173  func http2encodeHeaders(enc *hpack.Encoder, h Header, keys []string) {
  9174  	if keys == nil {
  9175  		sorter := http2sorterPool.Get().(*http2sorter)
  9176  		// Using defer here, since the returned keys from the
  9177  		// sorter.Keys method is only valid until the sorter
  9178  		// is returned:
  9179  		defer http2sorterPool.Put(sorter)
  9180  		keys = sorter.Keys(h)
  9181  	}
  9182  	for _, k := range keys {
  9183  		vv := h[k]
  9184  		k = http2lowerHeader(k)
  9185  		if !http2validWireHeaderFieldName(k) {
  9186  			// Skip it as backup paranoia. Per
  9187  			// golang.org/issue/14048, these should
  9188  			// already be rejected at a higher level.
  9189  			continue
  9190  		}
  9191  		isTE := k == "transfer-encoding"
  9192  		for _, v := range vv {
  9193  			if !httplex.ValidHeaderFieldValue(v) {
  9194  				// TODO: return an error? golang.org/issue/14048
  9195  				// For now just omit it.
  9196  				continue
  9197  			}
  9198  			// TODO: more of "8.1.2.2 Connection-Specific Header Fields"
  9199  			if isTE && v != "trailers" {
  9200  				continue
  9201  			}
  9202  			http2encKV(enc, k, v)
  9203  		}
  9204  	}
  9205  }
  9206  
  9207  // WriteScheduler is the interface implemented by HTTP/2 write schedulers.
  9208  // Methods are never called concurrently.
  9209  type http2WriteScheduler interface {
  9210  	// OpenStream opens a new stream in the write scheduler.
  9211  	// It is illegal to call this with streamID=0 or with a streamID that is
  9212  	// already open -- the call may panic.
  9213  	OpenStream(streamID uint32, options http2OpenStreamOptions)
  9214  
  9215  	// CloseStream closes a stream in the write scheduler. Any frames queued on
  9216  	// this stream should be discarded. It is illegal to call this on a stream
  9217  	// that is not open -- the call may panic.
  9218  	CloseStream(streamID uint32)
  9219  
  9220  	// AdjustStream adjusts the priority of the given stream. This may be called
  9221  	// on a stream that has not yet been opened or has been closed. Note that
  9222  	// RFC 7540 allows PRIORITY frames to be sent on streams in any state. See:
  9223  	// https://tools.ietf.org/html/rfc7540#section-5.1
  9224  	AdjustStream(streamID uint32, priority http2PriorityParam)
  9225  
  9226  	// Push queues a frame in the scheduler. In most cases, this will not be
  9227  	// called with wr.StreamID()!=0 unless that stream is currently open. The one
  9228  	// exception is RST_STREAM frames, which may be sent on idle or closed streams.
  9229  	Push(wr http2FrameWriteRequest)
  9230  
  9231  	// Pop dequeues the next frame to write. Returns false if no frames can
  9232  	// be written. Frames with a given wr.StreamID() are Pop'd in the same
  9233  	// order they are Push'd.
  9234  	Pop() (wr http2FrameWriteRequest, ok bool)
  9235  }
  9236  
  9237  // OpenStreamOptions specifies extra options for WriteScheduler.OpenStream.
  9238  type http2OpenStreamOptions struct {
  9239  	// PusherID is zero if the stream was initiated by the client. Otherwise,
  9240  	// PusherID names the stream that pushed the newly opened stream.
  9241  	PusherID uint32
  9242  }
  9243  
  9244  // FrameWriteRequest is a request to write a frame.
  9245  type http2FrameWriteRequest struct {
  9246  	// write is the interface value that does the writing, once the
  9247  	// WriteScheduler has selected this frame to write. The write
  9248  	// functions are all defined in write.go.
  9249  	write http2writeFramer
  9250  
  9251  	// stream is the stream on which this frame will be written.
  9252  	// nil for non-stream frames like PING and SETTINGS.
  9253  	stream *http2stream
  9254  
  9255  	// done, if non-nil, must be a buffered channel with space for
  9256  	// 1 message and is sent the return value from write (or an
  9257  	// earlier error) when the frame has been written.
  9258  	done chan error
  9259  }
  9260  
  9261  // StreamID returns the id of the stream this frame will be written to.
  9262  // 0 is used for non-stream frames such as PING and SETTINGS.
  9263  func (wr http2FrameWriteRequest) StreamID() uint32 {
  9264  	if wr.stream == nil {
  9265  		if se, ok := wr.write.(http2StreamError); ok {
  9266  			// (*serverConn).resetStream doesn't set
  9267  			// stream because it doesn't necessarily have
  9268  			// one. So special case this type of write
  9269  			// message.
  9270  			return se.StreamID
  9271  		}
  9272  		return 0
  9273  	}
  9274  	return wr.stream.id
  9275  }
  9276  
  9277  // DataSize returns the number of flow control bytes that must be consumed
  9278  // to write this entire frame. This is 0 for non-DATA frames.
  9279  func (wr http2FrameWriteRequest) DataSize() int {
  9280  	if wd, ok := wr.write.(*http2writeData); ok {
  9281  		return len(wd.p)
  9282  	}
  9283  	return 0
  9284  }
  9285  
  9286  // Consume consumes min(n, available) bytes from this frame, where available
  9287  // is the number of flow control bytes available on the stream. Consume returns
  9288  // 0, 1, or 2 frames, where the integer return value gives the number of frames
  9289  // returned.
  9290  //
  9291  // If flow control prevents consuming any bytes, this returns (_, _, 0). If
  9292  // the entire frame was consumed, this returns (wr, _, 1). Otherwise, this
  9293  // returns (consumed, rest, 2), where 'consumed' contains the consumed bytes and
  9294  // 'rest' contains the remaining bytes. The consumed bytes are deducted from the
  9295  // underlying stream's flow control budget.
  9296  func (wr http2FrameWriteRequest) Consume(n int32) (http2FrameWriteRequest, http2FrameWriteRequest, int) {
  9297  	var empty http2FrameWriteRequest
  9298  
  9299  	// Non-DATA frames are always consumed whole.
  9300  	wd, ok := wr.write.(*http2writeData)
  9301  	if !ok || len(wd.p) == 0 {
  9302  		return wr, empty, 1
  9303  	}
  9304  
  9305  	// Might need to split after applying limits.
  9306  	allowed := wr.stream.flow.available()
  9307  	if n < allowed {
  9308  		allowed = n
  9309  	}
  9310  	if wr.stream.sc.maxFrameSize < allowed {
  9311  		allowed = wr.stream.sc.maxFrameSize
  9312  	}
  9313  	if allowed <= 0 {
  9314  		return empty, empty, 0
  9315  	}
  9316  	if len(wd.p) > int(allowed) {
  9317  		wr.stream.flow.take(allowed)
  9318  		consumed := http2FrameWriteRequest{
  9319  			stream: wr.stream,
  9320  			write: &http2writeData{
  9321  				streamID: wd.streamID,
  9322  				p:        wd.p[:allowed],
  9323  				// Even if the original had endStream set, there
  9324  				// are bytes remaining because len(wd.p) > allowed,
  9325  				// so we know endStream is false.
  9326  				endStream: false,
  9327  			},
  9328  			// Our caller is blocking on the final DATA frame, not
  9329  			// this intermediate frame, so no need to wait.
  9330  			done: nil,
  9331  		}
  9332  		rest := http2FrameWriteRequest{
  9333  			stream: wr.stream,
  9334  			write: &http2writeData{
  9335  				streamID:  wd.streamID,
  9336  				p:         wd.p[allowed:],
  9337  				endStream: wd.endStream,
  9338  			},
  9339  			done: wr.done,
  9340  		}
  9341  		return consumed, rest, 2
  9342  	}
  9343  
  9344  	// The frame is consumed whole.
  9345  	// NB: This cast cannot overflow because allowed is <= math.MaxInt32.
  9346  	wr.stream.flow.take(int32(len(wd.p)))
  9347  	return wr, empty, 1
  9348  }
  9349  
  9350  // String is for debugging only.
  9351  func (wr http2FrameWriteRequest) String() string {
  9352  	var des string
  9353  	if s, ok := wr.write.(fmt.Stringer); ok {
  9354  		des = s.String()
  9355  	} else {
  9356  		des = fmt.Sprintf("%T", wr.write)
  9357  	}
  9358  	return fmt.Sprintf("[FrameWriteRequest stream=%d, ch=%v, writer=%v]", wr.StreamID(), wr.done != nil, des)
  9359  }
  9360  
  9361  // replyToWriter sends err to wr.done and panics if the send must block
  9362  // This does nothing if wr.done is nil.
  9363  func (wr *http2FrameWriteRequest) replyToWriter(err error) {
  9364  	if wr.done == nil {
  9365  		return
  9366  	}
  9367  	select {
  9368  	case wr.done <- err:
  9369  	default:
  9370  		panic(fmt.Sprintf("unbuffered done channel passed in for type %T", wr.write))
  9371  	}
  9372  	wr.write = nil // prevent use (assume it's tainted after wr.done send)
  9373  }
  9374  
  9375  // writeQueue is used by implementations of WriteScheduler.
  9376  type http2writeQueue struct {
  9377  	s []http2FrameWriteRequest
  9378  }
  9379  
  9380  func (q *http2writeQueue) empty() bool { return len(q.s) == 0 }
  9381  
  9382  func (q *http2writeQueue) push(wr http2FrameWriteRequest) {
  9383  	q.s = append(q.s, wr)
  9384  }
  9385  
  9386  func (q *http2writeQueue) shift() http2FrameWriteRequest {
  9387  	if len(q.s) == 0 {
  9388  		panic("invalid use of queue")
  9389  	}
  9390  	wr := q.s[0]
  9391  	// TODO: less copy-happy queue.
  9392  	copy(q.s, q.s[1:])
  9393  	q.s[len(q.s)-1] = http2FrameWriteRequest{}
  9394  	q.s = q.s[:len(q.s)-1]
  9395  	return wr
  9396  }
  9397  
  9398  // consume consumes up to n bytes from q.s[0]. If the frame is
  9399  // entirely consumed, it is removed from the queue. If the frame
  9400  // is partially consumed, the frame is kept with the consumed
  9401  // bytes removed. Returns true iff any bytes were consumed.
  9402  func (q *http2writeQueue) consume(n int32) (http2FrameWriteRequest, bool) {
  9403  	if len(q.s) == 0 {
  9404  		return http2FrameWriteRequest{}, false
  9405  	}
  9406  	consumed, rest, numresult := q.s[0].Consume(n)
  9407  	switch numresult {
  9408  	case 0:
  9409  		return http2FrameWriteRequest{}, false
  9410  	case 1:
  9411  		q.shift()
  9412  	case 2:
  9413  		q.s[0] = rest
  9414  	}
  9415  	return consumed, true
  9416  }
  9417  
  9418  type http2writeQueuePool []*http2writeQueue
  9419  
  9420  // put inserts an unused writeQueue into the pool.
  9421  
  9422  // put inserts an unused writeQueue into the pool.
  9423  func (p *http2writeQueuePool) put(q *http2writeQueue) {
  9424  	for i := range q.s {
  9425  		q.s[i] = http2FrameWriteRequest{}
  9426  	}
  9427  	q.s = q.s[:0]
  9428  	*p = append(*p, q)
  9429  }
  9430  
  9431  // get returns an empty writeQueue.
  9432  func (p *http2writeQueuePool) get() *http2writeQueue {
  9433  	ln := len(*p)
  9434  	if ln == 0 {
  9435  		return new(http2writeQueue)
  9436  	}
  9437  	x := ln - 1
  9438  	q := (*p)[x]
  9439  	(*p)[x] = nil
  9440  	*p = (*p)[:x]
  9441  	return q
  9442  }
  9443  
  9444  // RFC 7540, Section 5.3.5: the default weight is 16.
  9445  const http2priorityDefaultWeight = 15 // 16 = 15 + 1
  9446  
  9447  // PriorityWriteSchedulerConfig configures a priorityWriteScheduler.
  9448  type http2PriorityWriteSchedulerConfig struct {
  9449  	// MaxClosedNodesInTree controls the maximum number of closed streams to
  9450  	// retain in the priority tree. Setting this to zero saves a small amount
  9451  	// of memory at the cost of performance.
  9452  	//
  9453  	// See RFC 7540, Section 5.3.4:
  9454  	//   "It is possible for a stream to become closed while prioritization
  9455  	//   information ... is in transit. ... This potentially creates suboptimal
  9456  	//   prioritization, since the stream could be given a priority that is
  9457  	//   different from what is intended. To avoid these problems, an endpoint
  9458  	//   SHOULD retain stream prioritization state for a period after streams
  9459  	//   become closed. The longer state is retained, the lower the chance that
  9460  	//   streams are assigned incorrect or default priority values."
  9461  	MaxClosedNodesInTree int
  9462  
  9463  	// MaxIdleNodesInTree controls the maximum number of idle streams to
  9464  	// retain in the priority tree. Setting this to zero saves a small amount
  9465  	// of memory at the cost of performance.
  9466  	//
  9467  	// See RFC 7540, Section 5.3.4:
  9468  	//   Similarly, streams that are in the "idle" state can be assigned
  9469  	//   priority or become a parent of other streams. This allows for the
  9470  	//   creation of a grouping node in the dependency tree, which enables
  9471  	//   more flexible expressions of priority. Idle streams begin with a
  9472  	//   default priority (Section 5.3.5).
  9473  	MaxIdleNodesInTree int
  9474  
  9475  	// ThrottleOutOfOrderWrites enables write throttling to help ensure that
  9476  	// data is delivered in priority order. This works around a race where
  9477  	// stream B depends on stream A and both streams are about to call Write
  9478  	// to queue DATA frames. If B wins the race, a naive scheduler would eagerly
  9479  	// write as much data from B as possible, but this is suboptimal because A
  9480  	// is a higher-priority stream. With throttling enabled, we write a small
  9481  	// amount of data from B to minimize the amount of bandwidth that B can
  9482  	// steal from A.
  9483  	ThrottleOutOfOrderWrites bool
  9484  }
  9485  
  9486  // NewPriorityWriteScheduler constructs a WriteScheduler that schedules
  9487  // frames by following HTTP/2 priorities as described in RFC 7540 Section 5.3.
  9488  // If cfg is nil, default options are used.
  9489  func http2NewPriorityWriteScheduler(cfg *http2PriorityWriteSchedulerConfig) http2WriteScheduler {
  9490  	if cfg == nil {
  9491  		// For justification of these defaults, see:
  9492  		// https://docs.google.com/document/d/1oLhNg1skaWD4_DtaoCxdSRN5erEXrH-KnLrMwEpOtFY
  9493  		cfg = &http2PriorityWriteSchedulerConfig{
  9494  			MaxClosedNodesInTree:     10,
  9495  			MaxIdleNodesInTree:       10,
  9496  			ThrottleOutOfOrderWrites: false,
  9497  		}
  9498  	}
  9499  
  9500  	ws := &http2priorityWriteScheduler{
  9501  		nodes:                make(map[uint32]*http2priorityNode),
  9502  		maxClosedNodesInTree: cfg.MaxClosedNodesInTree,
  9503  		maxIdleNodesInTree:   cfg.MaxIdleNodesInTree,
  9504  		enableWriteThrottle:  cfg.ThrottleOutOfOrderWrites,
  9505  	}
  9506  	ws.nodes[0] = &ws.root
  9507  	if cfg.ThrottleOutOfOrderWrites {
  9508  		ws.writeThrottleLimit = 1024
  9509  	} else {
  9510  		ws.writeThrottleLimit = math.MaxInt32
  9511  	}
  9512  	return ws
  9513  }
  9514  
  9515  type http2priorityNodeState int
  9516  
  9517  const (
  9518  	http2priorityNodeOpen http2priorityNodeState = iota
  9519  	http2priorityNodeClosed
  9520  	http2priorityNodeIdle
  9521  )
  9522  
  9523  // priorityNode is a node in an HTTP/2 priority tree.
  9524  // Each node is associated with a single stream ID.
  9525  // See RFC 7540, Section 5.3.
  9526  type http2priorityNode struct {
  9527  	q            http2writeQueue        // queue of pending frames to write
  9528  	id           uint32                 // id of the stream, or 0 for the root of the tree
  9529  	weight       uint8                  // the actual weight is weight+1, so the value is in [1,256]
  9530  	state        http2priorityNodeState // open | closed | idle
  9531  	bytes        int64                  // number of bytes written by this node, or 0 if closed
  9532  	subtreeBytes int64                  // sum(node.bytes) of all nodes in this subtree
  9533  
  9534  	// These links form the priority tree.
  9535  	parent     *http2priorityNode
  9536  	kids       *http2priorityNode // start of the kids list
  9537  	prev, next *http2priorityNode // doubly-linked list of siblings
  9538  }
  9539  
  9540  func (n *http2priorityNode) setParent(parent *http2priorityNode) {
  9541  	if n == parent {
  9542  		panic("setParent to self")
  9543  	}
  9544  	if n.parent == parent {
  9545  		return
  9546  	}
  9547  	// Unlink from current parent.
  9548  	if parent := n.parent; parent != nil {
  9549  		if n.prev == nil {
  9550  			parent.kids = n.next
  9551  		} else {
  9552  			n.prev.next = n.next
  9553  		}
  9554  		if n.next != nil {
  9555  			n.next.prev = n.prev
  9556  		}
  9557  	}
  9558  	// Link to new parent.
  9559  	// If parent=nil, remove n from the tree.
  9560  	// Always insert at the head of parent.kids (this is assumed by walkReadyInOrder).
  9561  	n.parent = parent
  9562  	if parent == nil {
  9563  		n.next = nil
  9564  		n.prev = nil
  9565  	} else {
  9566  		n.next = parent.kids
  9567  		n.prev = nil
  9568  		if n.next != nil {
  9569  			n.next.prev = n
  9570  		}
  9571  		parent.kids = n
  9572  	}
  9573  }
  9574  
  9575  func (n *http2priorityNode) addBytes(b int64) {
  9576  	n.bytes += b
  9577  	for ; n != nil; n = n.parent {
  9578  		n.subtreeBytes += b
  9579  	}
  9580  }
  9581  
  9582  // walkReadyInOrder iterates over the tree in priority order, calling f for each node
  9583  // with a non-empty write queue. When f returns true, this funcion returns true and the
  9584  // walk halts. tmp is used as scratch space for sorting.
  9585  //
  9586  // f(n, openParent) takes two arguments: the node to visit, n, and a bool that is true
  9587  // if any ancestor p of n is still open (ignoring the root node).
  9588  func (n *http2priorityNode) walkReadyInOrder(openParent bool, tmp *[]*http2priorityNode, f func(*http2priorityNode, bool) bool) bool {
  9589  	if !n.q.empty() && f(n, openParent) {
  9590  		return true
  9591  	}
  9592  	if n.kids == nil {
  9593  		return false
  9594  	}
  9595  
  9596  	// Don't consider the root "open" when updating openParent since
  9597  	// we can't send data frames on the root stream (only control frames).
  9598  	if n.id != 0 {
  9599  		openParent = openParent || (n.state == http2priorityNodeOpen)
  9600  	}
  9601  
  9602  	// Common case: only one kid or all kids have the same weight.
  9603  	// Some clients don't use weights; other clients (like web browsers)
  9604  	// use mostly-linear priority trees.
  9605  	w := n.kids.weight
  9606  	needSort := false
  9607  	for k := n.kids.next; k != nil; k = k.next {
  9608  		if k.weight != w {
  9609  			needSort = true
  9610  			break
  9611  		}
  9612  	}
  9613  	if !needSort {
  9614  		for k := n.kids; k != nil; k = k.next {
  9615  			if k.walkReadyInOrder(openParent, tmp, f) {
  9616  				return true
  9617  			}
  9618  		}
  9619  		return false
  9620  	}
  9621  
  9622  	// Uncommon case: sort the child nodes. We remove the kids from the parent,
  9623  	// then re-insert after sorting so we can reuse tmp for future sort calls.
  9624  	*tmp = (*tmp)[:0]
  9625  	for n.kids != nil {
  9626  		*tmp = append(*tmp, n.kids)
  9627  		n.kids.setParent(nil)
  9628  	}
  9629  	sort.Sort(http2sortPriorityNodeSiblings(*tmp))
  9630  	for i := len(*tmp) - 1; i >= 0; i-- {
  9631  		(*tmp)[i].setParent(n) // setParent inserts at the head of n.kids
  9632  	}
  9633  	for k := n.kids; k != nil; k = k.next {
  9634  		if k.walkReadyInOrder(openParent, tmp, f) {
  9635  			return true
  9636  		}
  9637  	}
  9638  	return false
  9639  }
  9640  
  9641  type http2sortPriorityNodeSiblings []*http2priorityNode
  9642  
  9643  func (z http2sortPriorityNodeSiblings) Len() int { return len(z) }
  9644  
  9645  func (z http2sortPriorityNodeSiblings) Swap(i, k int) { z[i], z[k] = z[k], z[i] }
  9646  
  9647  func (z http2sortPriorityNodeSiblings) Less(i, k int) bool {
  9648  	// Prefer the subtree that has sent fewer bytes relative to its weight.
  9649  	// See sections 5.3.2 and 5.3.4.
  9650  	wi, bi := float64(z[i].weight+1), float64(z[i].subtreeBytes)
  9651  	wk, bk := float64(z[k].weight+1), float64(z[k].subtreeBytes)
  9652  	if bi == 0 && bk == 0 {
  9653  		return wi >= wk
  9654  	}
  9655  	if bk == 0 {
  9656  		return false
  9657  	}
  9658  	return bi/bk <= wi/wk
  9659  }
  9660  
  9661  type http2priorityWriteScheduler struct {
  9662  	// root is the root of the priority tree, where root.id = 0.
  9663  	// The root queues control frames that are not associated with any stream.
  9664  	root http2priorityNode
  9665  
  9666  	// nodes maps stream ids to priority tree nodes.
  9667  	nodes map[uint32]*http2priorityNode
  9668  
  9669  	// maxID is the maximum stream id in nodes.
  9670  	maxID uint32
  9671  
  9672  	// lists of nodes that have been closed or are idle, but are kept in
  9673  	// the tree for improved prioritization. When the lengths exceed either
  9674  	// maxClosedNodesInTree or maxIdleNodesInTree, old nodes are discarded.
  9675  	closedNodes, idleNodes []*http2priorityNode
  9676  
  9677  	// From the config.
  9678  	maxClosedNodesInTree int
  9679  	maxIdleNodesInTree   int
  9680  	writeThrottleLimit   int32
  9681  	enableWriteThrottle  bool
  9682  
  9683  	// tmp is scratch space for priorityNode.walkReadyInOrder to reduce allocations.
  9684  	tmp []*http2priorityNode
  9685  
  9686  	// pool of empty queues for reuse.
  9687  	queuePool http2writeQueuePool
  9688  }
  9689  
  9690  func (ws *http2priorityWriteScheduler) OpenStream(streamID uint32, options http2OpenStreamOptions) {
  9691  	// The stream may be currently idle but cannot be opened or closed.
  9692  	if curr := ws.nodes[streamID]; curr != nil {
  9693  		if curr.state != http2priorityNodeIdle {
  9694  			panic(fmt.Sprintf("stream %d already opened", streamID))
  9695  		}
  9696  		curr.state = http2priorityNodeOpen
  9697  		return
  9698  	}
  9699  
  9700  	// RFC 7540, Section 5.3.5:
  9701  	//  "All streams are initially assigned a non-exclusive dependency on stream 0x0.
  9702  	//  Pushed streams initially depend on their associated stream. In both cases,
  9703  	//  streams are assigned a default weight of 16."
  9704  	parent := ws.nodes[options.PusherID]
  9705  	if parent == nil {
  9706  		parent = &ws.root
  9707  	}
  9708  	n := &http2priorityNode{
  9709  		q:      *ws.queuePool.get(),
  9710  		id:     streamID,
  9711  		weight: http2priorityDefaultWeight,
  9712  		state:  http2priorityNodeOpen,
  9713  	}
  9714  	n.setParent(parent)
  9715  	ws.nodes[streamID] = n
  9716  	if streamID > ws.maxID {
  9717  		ws.maxID = streamID
  9718  	}
  9719  }
  9720  
  9721  func (ws *http2priorityWriteScheduler) CloseStream(streamID uint32) {
  9722  	if streamID == 0 {
  9723  		panic("violation of WriteScheduler interface: cannot close stream 0")
  9724  	}
  9725  	if ws.nodes[streamID] == nil {
  9726  		panic(fmt.Sprintf("violation of WriteScheduler interface: unknown stream %d", streamID))
  9727  	}
  9728  	if ws.nodes[streamID].state != http2priorityNodeOpen {
  9729  		panic(fmt.Sprintf("violation of WriteScheduler interface: stream %d already closed", streamID))
  9730  	}
  9731  
  9732  	n := ws.nodes[streamID]
  9733  	n.state = http2priorityNodeClosed
  9734  	n.addBytes(-n.bytes)
  9735  
  9736  	q := n.q
  9737  	ws.queuePool.put(&q)
  9738  	n.q.s = nil
  9739  	if ws.maxClosedNodesInTree > 0 {
  9740  		ws.addClosedOrIdleNode(&ws.closedNodes, ws.maxClosedNodesInTree, n)
  9741  	} else {
  9742  		ws.removeNode(n)
  9743  	}
  9744  }
  9745  
  9746  func (ws *http2priorityWriteScheduler) AdjustStream(streamID uint32, priority http2PriorityParam) {
  9747  	if streamID == 0 {
  9748  		panic("adjustPriority on root")
  9749  	}
  9750  
  9751  	// If streamID does not exist, there are two cases:
  9752  	// - A closed stream that has been removed (this will have ID <= maxID)
  9753  	// - An idle stream that is being used for "grouping" (this will have ID > maxID)
  9754  	n := ws.nodes[streamID]
  9755  	if n == nil {
  9756  		if streamID <= ws.maxID || ws.maxIdleNodesInTree == 0 {
  9757  			return
  9758  		}
  9759  		ws.maxID = streamID
  9760  		n = &http2priorityNode{
  9761  			q:      *ws.queuePool.get(),
  9762  			id:     streamID,
  9763  			weight: http2priorityDefaultWeight,
  9764  			state:  http2priorityNodeIdle,
  9765  		}
  9766  		n.setParent(&ws.root)
  9767  		ws.nodes[streamID] = n
  9768  		ws.addClosedOrIdleNode(&ws.idleNodes, ws.maxIdleNodesInTree, n)
  9769  	}
  9770  
  9771  	// Section 5.3.1: A dependency on a stream that is not currently in the tree
  9772  	// results in that stream being given a default priority (Section 5.3.5).
  9773  	parent := ws.nodes[priority.StreamDep]
  9774  	if parent == nil {
  9775  		n.setParent(&ws.root)
  9776  		n.weight = http2priorityDefaultWeight
  9777  		return
  9778  	}
  9779  
  9780  	// Ignore if the client tries to make a node its own parent.
  9781  	if n == parent {
  9782  		return
  9783  	}
  9784  
  9785  	// Section 5.3.3:
  9786  	//   "If a stream is made dependent on one of its own dependencies, the
  9787  	//   formerly dependent stream is first moved to be dependent on the
  9788  	//   reprioritized stream's previous parent. The moved dependency retains
  9789  	//   its weight."
  9790  	//
  9791  	// That is: if parent depends on n, move parent to depend on n.parent.
  9792  	for x := parent.parent; x != nil; x = x.parent {
  9793  		if x == n {
  9794  			parent.setParent(n.parent)
  9795  			break
  9796  		}
  9797  	}
  9798  
  9799  	// Section 5.3.3: The exclusive flag causes the stream to become the sole
  9800  	// dependency of its parent stream, causing other dependencies to become
  9801  	// dependent on the exclusive stream.
  9802  	if priority.Exclusive {
  9803  		k := parent.kids
  9804  		for k != nil {
  9805  			next := k.next
  9806  			if k != n {
  9807  				k.setParent(n)
  9808  			}
  9809  			k = next
  9810  		}
  9811  	}
  9812  
  9813  	n.setParent(parent)
  9814  	n.weight = priority.Weight
  9815  }
  9816  
  9817  func (ws *http2priorityWriteScheduler) Push(wr http2FrameWriteRequest) {
  9818  	var n *http2priorityNode
  9819  	if id := wr.StreamID(); id == 0 {
  9820  		n = &ws.root
  9821  	} else {
  9822  		n = ws.nodes[id]
  9823  		if n == nil {
  9824  			// id is an idle or closed stream. wr should not be a HEADERS or
  9825  			// DATA frame. However, wr can be a RST_STREAM. In this case, we
  9826  			// push wr onto the root, rather than creating a new priorityNode,
  9827  			// since RST_STREAM is tiny and the stream's priority is unknown
  9828  			// anyway. See issue #17919.
  9829  			if wr.DataSize() > 0 {
  9830  				panic("add DATA on non-open stream")
  9831  			}
  9832  			n = &ws.root
  9833  		}
  9834  	}
  9835  	n.q.push(wr)
  9836  }
  9837  
  9838  func (ws *http2priorityWriteScheduler) Pop() (wr http2FrameWriteRequest, ok bool) {
  9839  	ws.root.walkReadyInOrder(false, &ws.tmp, func(n *http2priorityNode, openParent bool) bool {
  9840  		limit := int32(math.MaxInt32)
  9841  		if openParent {
  9842  			limit = ws.writeThrottleLimit
  9843  		}
  9844  		wr, ok = n.q.consume(limit)
  9845  		if !ok {
  9846  			return false
  9847  		}
  9848  		n.addBytes(int64(wr.DataSize()))
  9849  		// If B depends on A and B continuously has data available but A
  9850  		// does not, gradually increase the throttling limit to allow B to
  9851  		// steal more and more bandwidth from A.
  9852  		if openParent {
  9853  			ws.writeThrottleLimit += 1024
  9854  			if ws.writeThrottleLimit < 0 {
  9855  				ws.writeThrottleLimit = math.MaxInt32
  9856  			}
  9857  		} else if ws.enableWriteThrottle {
  9858  			ws.writeThrottleLimit = 1024
  9859  		}
  9860  		return true
  9861  	})
  9862  	return wr, ok
  9863  }
  9864  
  9865  func (ws *http2priorityWriteScheduler) addClosedOrIdleNode(list *[]*http2priorityNode, maxSize int, n *http2priorityNode) {
  9866  	if maxSize == 0 {
  9867  		return
  9868  	}
  9869  	if len(*list) == maxSize {
  9870  		// Remove the oldest node, then shift left.
  9871  		ws.removeNode((*list)[0])
  9872  		x := (*list)[1:]
  9873  		copy(*list, x)
  9874  		*list = (*list)[:len(x)]
  9875  	}
  9876  	*list = append(*list, n)
  9877  }
  9878  
  9879  func (ws *http2priorityWriteScheduler) removeNode(n *http2priorityNode) {
  9880  	for k := n.kids; k != nil; k = k.next {
  9881  		k.setParent(n.parent)
  9882  	}
  9883  	n.setParent(nil)
  9884  	delete(ws.nodes, n.id)
  9885  }
  9886  
  9887  // NewRandomWriteScheduler constructs a WriteScheduler that ignores HTTP/2
  9888  // priorities. Control frames like SETTINGS and PING are written before DATA
  9889  // frames, but if no control frames are queued and multiple streams have queued
  9890  // HEADERS or DATA frames, Pop selects a ready stream arbitrarily.
  9891  func http2NewRandomWriteScheduler() http2WriteScheduler {
  9892  	return &http2randomWriteScheduler{sq: make(map[uint32]*http2writeQueue)}
  9893  }
  9894  
  9895  type http2randomWriteScheduler struct {
  9896  	// zero are frames not associated with a specific stream.
  9897  	zero http2writeQueue
  9898  
  9899  	// sq contains the stream-specific queues, keyed by stream ID.
  9900  	// When a stream is idle or closed, it's deleted from the map.
  9901  	sq map[uint32]*http2writeQueue
  9902  
  9903  	// pool of empty queues for reuse.
  9904  	queuePool http2writeQueuePool
  9905  }
  9906  
  9907  func (ws *http2randomWriteScheduler) OpenStream(streamID uint32, options http2OpenStreamOptions) {
  9908  	// no-op: idle streams are not tracked
  9909  }
  9910  
  9911  func (ws *http2randomWriteScheduler) CloseStream(streamID uint32) {
  9912  	q, ok := ws.sq[streamID]
  9913  	if !ok {
  9914  		return
  9915  	}
  9916  	delete(ws.sq, streamID)
  9917  	ws.queuePool.put(q)
  9918  }
  9919  
  9920  func (ws *http2randomWriteScheduler) AdjustStream(streamID uint32, priority http2PriorityParam) {
  9921  	// no-op: priorities are ignored
  9922  }
  9923  
  9924  func (ws *http2randomWriteScheduler) Push(wr http2FrameWriteRequest) {
  9925  	id := wr.StreamID()
  9926  	if id == 0 {
  9927  		ws.zero.push(wr)
  9928  		return
  9929  	}
  9930  	q, ok := ws.sq[id]
  9931  	if !ok {
  9932  		q = ws.queuePool.get()
  9933  		ws.sq[id] = q
  9934  	}
  9935  	q.push(wr)
  9936  }
  9937  
  9938  func (ws *http2randomWriteScheduler) Pop() (http2FrameWriteRequest, bool) {
  9939  	// Control frames first.
  9940  	if !ws.zero.empty() {
  9941  		return ws.zero.shift(), true
  9942  	}
  9943  	// Iterate over all non-idle streams until finding one that can be consumed.
  9944  	for _, q := range ws.sq {
  9945  		if wr, ok := q.consume(math.MaxInt32); ok {
  9946  			return wr, true
  9947  		}
  9948  	}
  9949  	return http2FrameWriteRequest{}, false
  9950  }
  9951  

View as plain text