1 // Code generated by golang.org/x/tools/cmd/bundle. DO NOT EDIT. 2 //go:generate bundle -o h2_bundle.go -prefix http2 golang.org/x/net/http2 3 4 // Package http2 implements the HTTP/2 protocol. 5 // 6 // This package is low-level and intended to be used directly by very 7 // few people. Most users will use it indirectly through the automatic 8 // use by the net/http package (from Go 1.6 and later). 9 // For use in earlier Go versions see ConfigureServer. (Transport support 10 // requires Go 1.6 or later) 11 // 12 // See https://http2.github.io/ for more information on HTTP/2. 13 // 14 // See https://http2.golang.org/ for a test server running this code. 15 // 16 17 package http 18 19 import ( 20 "bufio" 21 "bytes" 22 "compress/gzip" 23 "context" 24 "crypto/rand" 25 "crypto/tls" 26 "encoding/binary" 27 "errors" 28 "fmt" 29 "io" 30 "io/ioutil" 31 "log" 32 "math" 33 mathrand "math/rand" 34 "net" 35 "net/http/httptrace" 36 "net/textproto" 37 "net/url" 38 "os" 39 "reflect" 40 "runtime" 41 "sort" 42 "strconv" 43 "strings" 44 "sync" 45 "sync/atomic" 46 "time" 47 48 "golang.org/x/net/http/httpguts" 49 "golang.org/x/net/http2/hpack" 50 "golang.org/x/net/idna" 51 ) 52 53 // A list of the possible cipher suite ids. Taken from 54 // https://www.iana.org/assignments/tls-parameters/tls-parameters.txt 55 56 const ( 57 http2cipher_TLS_NULL_WITH_NULL_NULL uint16 = 0x0000 58 http2cipher_TLS_RSA_WITH_NULL_MD5 uint16 = 0x0001 59 http2cipher_TLS_RSA_WITH_NULL_SHA uint16 = 0x0002 60 http2cipher_TLS_RSA_EXPORT_WITH_RC4_40_MD5 uint16 = 0x0003 61 http2cipher_TLS_RSA_WITH_RC4_128_MD5 uint16 = 0x0004 62 http2cipher_TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005 63 http2cipher_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 uint16 = 0x0006 64 http2cipher_TLS_RSA_WITH_IDEA_CBC_SHA uint16 = 0x0007 65 http2cipher_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0008 66 http2cipher_TLS_RSA_WITH_DES_CBC_SHA uint16 = 0x0009 67 http2cipher_TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000A 68 http2cipher_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x000B 69 http2cipher_TLS_DH_DSS_WITH_DES_CBC_SHA uint16 = 0x000C 70 http2cipher_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0x000D 71 http2cipher_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x000E 72 http2cipher_TLS_DH_RSA_WITH_DES_CBC_SHA uint16 = 0x000F 73 http2cipher_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x0010 74 http2cipher_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0011 75 http2cipher_TLS_DHE_DSS_WITH_DES_CBC_SHA uint16 = 0x0012 76 http2cipher_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0x0013 77 http2cipher_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0014 78 http2cipher_TLS_DHE_RSA_WITH_DES_CBC_SHA uint16 = 0x0015 79 http2cipher_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x0016 80 http2cipher_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 uint16 = 0x0017 81 http2cipher_TLS_DH_anon_WITH_RC4_128_MD5 uint16 = 0x0018 82 http2cipher_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0019 83 http2cipher_TLS_DH_anon_WITH_DES_CBC_SHA uint16 = 0x001A 84 http2cipher_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA uint16 = 0x001B 85 // Reserved uint16 = 0x001C-1D 86 http2cipher_TLS_KRB5_WITH_DES_CBC_SHA uint16 = 0x001E 87 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_SHA uint16 = 0x001F 88 http2cipher_TLS_KRB5_WITH_RC4_128_SHA uint16 = 0x0020 89 http2cipher_TLS_KRB5_WITH_IDEA_CBC_SHA uint16 = 0x0021 90 http2cipher_TLS_KRB5_WITH_DES_CBC_MD5 uint16 = 0x0022 91 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_MD5 uint16 = 0x0023 92 http2cipher_TLS_KRB5_WITH_RC4_128_MD5 uint16 = 0x0024 93 http2cipher_TLS_KRB5_WITH_IDEA_CBC_MD5 uint16 = 0x0025 94 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA uint16 = 0x0026 95 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA uint16 = 0x0027 96 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_SHA uint16 = 0x0028 97 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 uint16 = 0x0029 98 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 uint16 = 0x002A 99 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_MD5 uint16 = 0x002B 100 http2cipher_TLS_PSK_WITH_NULL_SHA uint16 = 0x002C 101 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA uint16 = 0x002D 102 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA uint16 = 0x002E 103 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002F 104 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA uint16 = 0x0030 105 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA uint16 = 0x0031 106 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA uint16 = 0x0032 107 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0x0033 108 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA uint16 = 0x0034 109 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035 110 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA uint16 = 0x0036 111 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0037 112 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA uint16 = 0x0038 113 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0039 114 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA uint16 = 0x003A 115 http2cipher_TLS_RSA_WITH_NULL_SHA256 uint16 = 0x003B 116 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003C 117 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x003D 118 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA256 uint16 = 0x003E 119 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003F 120 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 uint16 = 0x0040 121 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0041 122 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0042 123 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0043 124 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0044 125 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0045 126 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0046 127 // Reserved uint16 = 0x0047-4F 128 // Reserved uint16 = 0x0050-58 129 // Reserved uint16 = 0x0059-5C 130 // Unassigned uint16 = 0x005D-5F 131 // Reserved uint16 = 0x0060-66 132 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x0067 133 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA256 uint16 = 0x0068 134 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x0069 135 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 uint16 = 0x006A 136 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x006B 137 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA256 uint16 = 0x006C 138 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA256 uint16 = 0x006D 139 // Unassigned uint16 = 0x006E-83 140 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0084 141 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0085 142 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0086 143 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0087 144 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0088 145 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0089 146 http2cipher_TLS_PSK_WITH_RC4_128_SHA uint16 = 0x008A 147 http2cipher_TLS_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x008B 148 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA uint16 = 0x008C 149 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA uint16 = 0x008D 150 http2cipher_TLS_DHE_PSK_WITH_RC4_128_SHA uint16 = 0x008E 151 http2cipher_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x008F 152 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA uint16 = 0x0090 153 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA uint16 = 0x0091 154 http2cipher_TLS_RSA_PSK_WITH_RC4_128_SHA uint16 = 0x0092 155 http2cipher_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x0093 156 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA uint16 = 0x0094 157 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA uint16 = 0x0095 158 http2cipher_TLS_RSA_WITH_SEED_CBC_SHA uint16 = 0x0096 159 http2cipher_TLS_DH_DSS_WITH_SEED_CBC_SHA uint16 = 0x0097 160 http2cipher_TLS_DH_RSA_WITH_SEED_CBC_SHA uint16 = 0x0098 161 http2cipher_TLS_DHE_DSS_WITH_SEED_CBC_SHA uint16 = 0x0099 162 http2cipher_TLS_DHE_RSA_WITH_SEED_CBC_SHA uint16 = 0x009A 163 http2cipher_TLS_DH_anon_WITH_SEED_CBC_SHA uint16 = 0x009B 164 http2cipher_TLS_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009C 165 http2cipher_TLS_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009D 166 http2cipher_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009E 167 http2cipher_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009F 168 http2cipher_TLS_DH_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x00A0 169 http2cipher_TLS_DH_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x00A1 170 http2cipher_TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 uint16 = 0x00A2 171 http2cipher_TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 uint16 = 0x00A3 172 http2cipher_TLS_DH_DSS_WITH_AES_128_GCM_SHA256 uint16 = 0x00A4 173 http2cipher_TLS_DH_DSS_WITH_AES_256_GCM_SHA384 uint16 = 0x00A5 174 http2cipher_TLS_DH_anon_WITH_AES_128_GCM_SHA256 uint16 = 0x00A6 175 http2cipher_TLS_DH_anon_WITH_AES_256_GCM_SHA384 uint16 = 0x00A7 176 http2cipher_TLS_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00A8 177 http2cipher_TLS_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00A9 178 http2cipher_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00AA 179 http2cipher_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00AB 180 http2cipher_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00AC 181 http2cipher_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00AD 182 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00AE 183 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00AF 184 http2cipher_TLS_PSK_WITH_NULL_SHA256 uint16 = 0x00B0 185 http2cipher_TLS_PSK_WITH_NULL_SHA384 uint16 = 0x00B1 186 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00B2 187 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00B3 188 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA256 uint16 = 0x00B4 189 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA384 uint16 = 0x00B5 190 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00B6 191 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00B7 192 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA256 uint16 = 0x00B8 193 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA384 uint16 = 0x00B9 194 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BA 195 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BB 196 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BC 197 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BD 198 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BE 199 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BF 200 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C0 201 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C1 202 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C2 203 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C3 204 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C4 205 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C5 206 // Unassigned uint16 = 0x00C6-FE 207 http2cipher_TLS_EMPTY_RENEGOTIATION_INFO_SCSV uint16 = 0x00FF 208 // Unassigned uint16 = 0x01-55,* 209 http2cipher_TLS_FALLBACK_SCSV uint16 = 0x5600 210 // Unassigned uint16 = 0x5601 - 0xC000 211 http2cipher_TLS_ECDH_ECDSA_WITH_NULL_SHA uint16 = 0xC001 212 http2cipher_TLS_ECDH_ECDSA_WITH_RC4_128_SHA uint16 = 0xC002 213 http2cipher_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC003 214 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xC004 215 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xC005 216 http2cipher_TLS_ECDHE_ECDSA_WITH_NULL_SHA uint16 = 0xC006 217 http2cipher_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xC007 218 http2cipher_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC008 219 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xC009 220 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xC00A 221 http2cipher_TLS_ECDH_RSA_WITH_NULL_SHA uint16 = 0xC00B 222 http2cipher_TLS_ECDH_RSA_WITH_RC4_128_SHA uint16 = 0xC00C 223 http2cipher_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC00D 224 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC00E 225 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC00F 226 http2cipher_TLS_ECDHE_RSA_WITH_NULL_SHA uint16 = 0xC010 227 http2cipher_TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xC011 228 http2cipher_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC012 229 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC013 230 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC014 231 http2cipher_TLS_ECDH_anon_WITH_NULL_SHA uint16 = 0xC015 232 http2cipher_TLS_ECDH_anon_WITH_RC4_128_SHA uint16 = 0xC016 233 http2cipher_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA uint16 = 0xC017 234 http2cipher_TLS_ECDH_anon_WITH_AES_128_CBC_SHA uint16 = 0xC018 235 http2cipher_TLS_ECDH_anon_WITH_AES_256_CBC_SHA uint16 = 0xC019 236 http2cipher_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01A 237 http2cipher_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01B 238 http2cipher_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01C 239 http2cipher_TLS_SRP_SHA_WITH_AES_128_CBC_SHA uint16 = 0xC01D 240 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC01E 241 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA uint16 = 0xC01F 242 http2cipher_TLS_SRP_SHA_WITH_AES_256_CBC_SHA uint16 = 0xC020 243 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC021 244 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA uint16 = 0xC022 245 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC023 246 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC024 247 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC025 248 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC026 249 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC027 250 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC028 251 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC029 252 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC02A 253 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02B 254 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC02C 255 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02D 256 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC02E 257 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02F 258 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC030 259 http2cipher_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC031 260 http2cipher_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC032 261 http2cipher_TLS_ECDHE_PSK_WITH_RC4_128_SHA uint16 = 0xC033 262 http2cipher_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0xC034 263 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA uint16 = 0xC035 264 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA uint16 = 0xC036 265 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0xC037 266 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0xC038 267 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA uint16 = 0xC039 268 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA256 uint16 = 0xC03A 269 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA384 uint16 = 0xC03B 270 http2cipher_TLS_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC03C 271 http2cipher_TLS_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC03D 272 http2cipher_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC03E 273 http2cipher_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC03F 274 http2cipher_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC040 275 http2cipher_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC041 276 http2cipher_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC042 277 http2cipher_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC043 278 http2cipher_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC044 279 http2cipher_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC045 280 http2cipher_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC046 281 http2cipher_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC047 282 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC048 283 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC049 284 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04A 285 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04B 286 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04C 287 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04D 288 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04E 289 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04F 290 http2cipher_TLS_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC050 291 http2cipher_TLS_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC051 292 http2cipher_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC052 293 http2cipher_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC053 294 http2cipher_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC054 295 http2cipher_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC055 296 http2cipher_TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC056 297 http2cipher_TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC057 298 http2cipher_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC058 299 http2cipher_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC059 300 http2cipher_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05A 301 http2cipher_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05B 302 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05C 303 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05D 304 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05E 305 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05F 306 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC060 307 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC061 308 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC062 309 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC063 310 http2cipher_TLS_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC064 311 http2cipher_TLS_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC065 312 http2cipher_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC066 313 http2cipher_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC067 314 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC068 315 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC069 316 http2cipher_TLS_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06A 317 http2cipher_TLS_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06B 318 http2cipher_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06C 319 http2cipher_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06D 320 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06E 321 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06F 322 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC070 323 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC071 324 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC072 325 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC073 326 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC074 327 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC075 328 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC076 329 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC077 330 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC078 331 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC079 332 http2cipher_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07A 333 http2cipher_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07B 334 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07C 335 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07D 336 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07E 337 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07F 338 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC080 339 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC081 340 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC082 341 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC083 342 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC084 343 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC085 344 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC086 345 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC087 346 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC088 347 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC089 348 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08A 349 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08B 350 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08C 351 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08D 352 http2cipher_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08E 353 http2cipher_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08F 354 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC090 355 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC091 356 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC092 357 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC093 358 http2cipher_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC094 359 http2cipher_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC095 360 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC096 361 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC097 362 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC098 363 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC099 364 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC09A 365 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC09B 366 http2cipher_TLS_RSA_WITH_AES_128_CCM uint16 = 0xC09C 367 http2cipher_TLS_RSA_WITH_AES_256_CCM uint16 = 0xC09D 368 http2cipher_TLS_DHE_RSA_WITH_AES_128_CCM uint16 = 0xC09E 369 http2cipher_TLS_DHE_RSA_WITH_AES_256_CCM uint16 = 0xC09F 370 http2cipher_TLS_RSA_WITH_AES_128_CCM_8 uint16 = 0xC0A0 371 http2cipher_TLS_RSA_WITH_AES_256_CCM_8 uint16 = 0xC0A1 372 http2cipher_TLS_DHE_RSA_WITH_AES_128_CCM_8 uint16 = 0xC0A2 373 http2cipher_TLS_DHE_RSA_WITH_AES_256_CCM_8 uint16 = 0xC0A3 374 http2cipher_TLS_PSK_WITH_AES_128_CCM uint16 = 0xC0A4 375 http2cipher_TLS_PSK_WITH_AES_256_CCM uint16 = 0xC0A5 376 http2cipher_TLS_DHE_PSK_WITH_AES_128_CCM uint16 = 0xC0A6 377 http2cipher_TLS_DHE_PSK_WITH_AES_256_CCM uint16 = 0xC0A7 378 http2cipher_TLS_PSK_WITH_AES_128_CCM_8 uint16 = 0xC0A8 379 http2cipher_TLS_PSK_WITH_AES_256_CCM_8 uint16 = 0xC0A9 380 http2cipher_TLS_PSK_DHE_WITH_AES_128_CCM_8 uint16 = 0xC0AA 381 http2cipher_TLS_PSK_DHE_WITH_AES_256_CCM_8 uint16 = 0xC0AB 382 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CCM uint16 = 0xC0AC 383 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CCM uint16 = 0xC0AD 384 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 uint16 = 0xC0AE 385 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 uint16 = 0xC0AF 386 // Unassigned uint16 = 0xC0B0-FF 387 // Unassigned uint16 = 0xC1-CB,* 388 // Unassigned uint16 = 0xCC00-A7 389 http2cipher_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCA8 390 http2cipher_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCA9 391 http2cipher_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAA 392 http2cipher_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAB 393 http2cipher_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAC 394 http2cipher_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAD 395 http2cipher_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAE 396 ) 397 398 // isBadCipher reports whether the cipher is blacklisted by the HTTP/2 spec. 399 // References: 400 // https://tools.ietf.org/html/rfc7540#appendix-A 401 // Reject cipher suites from Appendix A. 402 // "This list includes those cipher suites that do not 403 // offer an ephemeral key exchange and those that are 404 // based on the TLS null, stream or block cipher type" 405 func http2isBadCipher(cipher uint16) bool { 406 switch cipher { 407 case http2cipher_TLS_NULL_WITH_NULL_NULL, 408 http2cipher_TLS_RSA_WITH_NULL_MD5, 409 http2cipher_TLS_RSA_WITH_NULL_SHA, 410 http2cipher_TLS_RSA_EXPORT_WITH_RC4_40_MD5, 411 http2cipher_TLS_RSA_WITH_RC4_128_MD5, 412 http2cipher_TLS_RSA_WITH_RC4_128_SHA, 413 http2cipher_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, 414 http2cipher_TLS_RSA_WITH_IDEA_CBC_SHA, 415 http2cipher_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, 416 http2cipher_TLS_RSA_WITH_DES_CBC_SHA, 417 http2cipher_TLS_RSA_WITH_3DES_EDE_CBC_SHA, 418 http2cipher_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, 419 http2cipher_TLS_DH_DSS_WITH_DES_CBC_SHA, 420 http2cipher_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, 421 http2cipher_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, 422 http2cipher_TLS_DH_RSA_WITH_DES_CBC_SHA, 423 http2cipher_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, 424 http2cipher_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, 425 http2cipher_TLS_DHE_DSS_WITH_DES_CBC_SHA, 426 http2cipher_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 427 http2cipher_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, 428 http2cipher_TLS_DHE_RSA_WITH_DES_CBC_SHA, 429 http2cipher_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 430 http2cipher_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5, 431 http2cipher_TLS_DH_anon_WITH_RC4_128_MD5, 432 http2cipher_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, 433 http2cipher_TLS_DH_anon_WITH_DES_CBC_SHA, 434 http2cipher_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, 435 http2cipher_TLS_KRB5_WITH_DES_CBC_SHA, 436 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_SHA, 437 http2cipher_TLS_KRB5_WITH_RC4_128_SHA, 438 http2cipher_TLS_KRB5_WITH_IDEA_CBC_SHA, 439 http2cipher_TLS_KRB5_WITH_DES_CBC_MD5, 440 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_MD5, 441 http2cipher_TLS_KRB5_WITH_RC4_128_MD5, 442 http2cipher_TLS_KRB5_WITH_IDEA_CBC_MD5, 443 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, 444 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, 445 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_SHA, 446 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, 447 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, 448 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_MD5, 449 http2cipher_TLS_PSK_WITH_NULL_SHA, 450 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA, 451 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA, 452 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA, 453 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA, 454 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA, 455 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 456 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 457 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA, 458 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA, 459 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA, 460 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA, 461 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 462 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 463 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA, 464 http2cipher_TLS_RSA_WITH_NULL_SHA256, 465 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA256, 466 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA256, 467 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA256, 468 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA256, 469 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 470 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, 471 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 472 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 473 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 474 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 475 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA, 476 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 477 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA256, 478 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA256, 479 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 480 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 481 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA256, 482 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA256, 483 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, 484 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 485 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 486 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 487 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 488 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA, 489 http2cipher_TLS_PSK_WITH_RC4_128_SHA, 490 http2cipher_TLS_PSK_WITH_3DES_EDE_CBC_SHA, 491 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA, 492 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA, 493 http2cipher_TLS_DHE_PSK_WITH_RC4_128_SHA, 494 http2cipher_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, 495 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, 496 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, 497 http2cipher_TLS_RSA_PSK_WITH_RC4_128_SHA, 498 http2cipher_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, 499 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, 500 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, 501 http2cipher_TLS_RSA_WITH_SEED_CBC_SHA, 502 http2cipher_TLS_DH_DSS_WITH_SEED_CBC_SHA, 503 http2cipher_TLS_DH_RSA_WITH_SEED_CBC_SHA, 504 http2cipher_TLS_DHE_DSS_WITH_SEED_CBC_SHA, 505 http2cipher_TLS_DHE_RSA_WITH_SEED_CBC_SHA, 506 http2cipher_TLS_DH_anon_WITH_SEED_CBC_SHA, 507 http2cipher_TLS_RSA_WITH_AES_128_GCM_SHA256, 508 http2cipher_TLS_RSA_WITH_AES_256_GCM_SHA384, 509 http2cipher_TLS_DH_RSA_WITH_AES_128_GCM_SHA256, 510 http2cipher_TLS_DH_RSA_WITH_AES_256_GCM_SHA384, 511 http2cipher_TLS_DH_DSS_WITH_AES_128_GCM_SHA256, 512 http2cipher_TLS_DH_DSS_WITH_AES_256_GCM_SHA384, 513 http2cipher_TLS_DH_anon_WITH_AES_128_GCM_SHA256, 514 http2cipher_TLS_DH_anon_WITH_AES_256_GCM_SHA384, 515 http2cipher_TLS_PSK_WITH_AES_128_GCM_SHA256, 516 http2cipher_TLS_PSK_WITH_AES_256_GCM_SHA384, 517 http2cipher_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, 518 http2cipher_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, 519 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA256, 520 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA384, 521 http2cipher_TLS_PSK_WITH_NULL_SHA256, 522 http2cipher_TLS_PSK_WITH_NULL_SHA384, 523 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, 524 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, 525 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA256, 526 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA384, 527 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, 528 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, 529 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA256, 530 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA384, 531 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, 532 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256, 533 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 534 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, 535 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 536 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256, 537 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, 538 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256, 539 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256, 540 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, 541 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 542 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256, 543 http2cipher_TLS_EMPTY_RENEGOTIATION_INFO_SCSV, 544 http2cipher_TLS_ECDH_ECDSA_WITH_NULL_SHA, 545 http2cipher_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 546 http2cipher_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 547 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 548 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 549 http2cipher_TLS_ECDHE_ECDSA_WITH_NULL_SHA, 550 http2cipher_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 551 http2cipher_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 552 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 553 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 554 http2cipher_TLS_ECDH_RSA_WITH_NULL_SHA, 555 http2cipher_TLS_ECDH_RSA_WITH_RC4_128_SHA, 556 http2cipher_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 557 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 558 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 559 http2cipher_TLS_ECDHE_RSA_WITH_NULL_SHA, 560 http2cipher_TLS_ECDHE_RSA_WITH_RC4_128_SHA, 561 http2cipher_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 562 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 563 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 564 http2cipher_TLS_ECDH_anon_WITH_NULL_SHA, 565 http2cipher_TLS_ECDH_anon_WITH_RC4_128_SHA, 566 http2cipher_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, 567 http2cipher_TLS_ECDH_anon_WITH_AES_128_CBC_SHA, 568 http2cipher_TLS_ECDH_anon_WITH_AES_256_CBC_SHA, 569 http2cipher_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 570 http2cipher_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 571 http2cipher_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 572 http2cipher_TLS_SRP_SHA_WITH_AES_128_CBC_SHA, 573 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 574 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 575 http2cipher_TLS_SRP_SHA_WITH_AES_256_CBC_SHA, 576 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 577 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 578 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 579 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 580 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, 581 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, 582 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 583 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 584 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 585 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 586 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 587 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 588 http2cipher_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, 589 http2cipher_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, 590 http2cipher_TLS_ECDHE_PSK_WITH_RC4_128_SHA, 591 http2cipher_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, 592 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, 593 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, 594 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 595 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, 596 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA, 597 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA256, 598 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA384, 599 http2cipher_TLS_RSA_WITH_ARIA_128_CBC_SHA256, 600 http2cipher_TLS_RSA_WITH_ARIA_256_CBC_SHA384, 601 http2cipher_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256, 602 http2cipher_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384, 603 http2cipher_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256, 604 http2cipher_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384, 605 http2cipher_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256, 606 http2cipher_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384, 607 http2cipher_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, 608 http2cipher_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, 609 http2cipher_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256, 610 http2cipher_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384, 611 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, 612 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, 613 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, 614 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, 615 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, 616 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, 617 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, 618 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, 619 http2cipher_TLS_RSA_WITH_ARIA_128_GCM_SHA256, 620 http2cipher_TLS_RSA_WITH_ARIA_256_GCM_SHA384, 621 http2cipher_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256, 622 http2cipher_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384, 623 http2cipher_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256, 624 http2cipher_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384, 625 http2cipher_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256, 626 http2cipher_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384, 627 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, 628 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, 629 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, 630 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, 631 http2cipher_TLS_PSK_WITH_ARIA_128_CBC_SHA256, 632 http2cipher_TLS_PSK_WITH_ARIA_256_CBC_SHA384, 633 http2cipher_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, 634 http2cipher_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, 635 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, 636 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, 637 http2cipher_TLS_PSK_WITH_ARIA_128_GCM_SHA256, 638 http2cipher_TLS_PSK_WITH_ARIA_256_GCM_SHA384, 639 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, 640 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, 641 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, 642 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, 643 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 644 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 645 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 646 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 647 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 648 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, 649 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 650 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, 651 http2cipher_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, 652 http2cipher_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, 653 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 654 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 655 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256, 656 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384, 657 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256, 658 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384, 659 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 660 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 661 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 662 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 663 http2cipher_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, 664 http2cipher_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, 665 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, 666 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, 667 http2cipher_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, 668 http2cipher_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, 669 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 670 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 671 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, 672 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, 673 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 674 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 675 http2cipher_TLS_RSA_WITH_AES_128_CCM, 676 http2cipher_TLS_RSA_WITH_AES_256_CCM, 677 http2cipher_TLS_RSA_WITH_AES_128_CCM_8, 678 http2cipher_TLS_RSA_WITH_AES_256_CCM_8, 679 http2cipher_TLS_PSK_WITH_AES_128_CCM, 680 http2cipher_TLS_PSK_WITH_AES_256_CCM, 681 http2cipher_TLS_PSK_WITH_AES_128_CCM_8, 682 http2cipher_TLS_PSK_WITH_AES_256_CCM_8: 683 return true 684 default: 685 return false 686 } 687 } 688 689 // ClientConnPool manages a pool of HTTP/2 client connections. 690 type http2ClientConnPool interface { 691 GetClientConn(req *Request, addr string) (*http2ClientConn, error) 692 MarkDead(*http2ClientConn) 693 } 694 695 // clientConnPoolIdleCloser is the interface implemented by ClientConnPool 696 // implementations which can close their idle connections. 697 type http2clientConnPoolIdleCloser interface { 698 http2ClientConnPool 699 closeIdleConnections() 700 } 701 702 var ( 703 _ http2clientConnPoolIdleCloser = (*http2clientConnPool)(nil) 704 _ http2clientConnPoolIdleCloser = http2noDialClientConnPool{} 705 ) 706 707 // TODO: use singleflight for dialing and addConnCalls? 708 type http2clientConnPool struct { 709 t *http2Transport 710 711 mu sync.Mutex // TODO: maybe switch to RWMutex 712 // TODO: add support for sharing conns based on cert names 713 // (e.g. share conn for googleapis.com and appspot.com) 714 conns map[string][]*http2ClientConn // key is host:port 715 dialing map[string]*http2dialCall // currently in-flight dials 716 keys map[*http2ClientConn][]string 717 addConnCalls map[string]*http2addConnCall // in-flight addConnIfNeede calls 718 } 719 720 func (p *http2clientConnPool) GetClientConn(req *Request, addr string) (*http2ClientConn, error) { 721 return p.getClientConn(req, addr, http2dialOnMiss) 722 } 723 724 const ( 725 http2dialOnMiss = true 726 http2noDialOnMiss = false 727 ) 728 729 // shouldTraceGetConn reports whether getClientConn should call any 730 // ClientTrace.GetConn hook associated with the http.Request. 731 // 732 // This complexity is needed to avoid double calls of the GetConn hook 733 // during the back-and-forth between net/http and x/net/http2 (when the 734 // net/http.Transport is upgraded to also speak http2), as well as support 735 // the case where x/net/http2 is being used directly. 736 func (p *http2clientConnPool) shouldTraceGetConn(st http2clientConnIdleState) bool { 737 // If our Transport wasn't made via ConfigureTransport, always 738 // trace the GetConn hook if provided, because that means the 739 // http2 package is being used directly and it's the one 740 // dialing, as opposed to net/http. 741 if _, ok := p.t.ConnPool.(http2noDialClientConnPool); !ok { 742 return true 743 } 744 // Otherwise, only use the GetConn hook if this connection has 745 // been used previously for other requests. For fresh 746 // connections, the net/http package does the dialing. 747 return !st.freshConn 748 } 749 750 func (p *http2clientConnPool) getClientConn(req *Request, addr string, dialOnMiss bool) (*http2ClientConn, error) { 751 if http2isConnectionCloseRequest(req) && dialOnMiss { 752 // It gets its own connection. 753 http2traceGetConn(req, addr) 754 const singleUse = true 755 cc, err := p.t.dialClientConn(addr, singleUse) 756 if err != nil { 757 return nil, err 758 } 759 return cc, nil 760 } 761 p.mu.Lock() 762 for _, cc := range p.conns[addr] { 763 if st := cc.idleState(); st.canTakeNewRequest { 764 if p.shouldTraceGetConn(st) { 765 http2traceGetConn(req, addr) 766 } 767 p.mu.Unlock() 768 return cc, nil 769 } 770 } 771 if !dialOnMiss { 772 p.mu.Unlock() 773 return nil, http2ErrNoCachedConn 774 } 775 http2traceGetConn(req, addr) 776 call := p.getStartDialLocked(addr) 777 p.mu.Unlock() 778 <-call.done 779 return call.res, call.err 780 } 781 782 // dialCall is an in-flight Transport dial call to a host. 783 type http2dialCall struct { 784 p *http2clientConnPool 785 done chan struct{} // closed when done 786 res *http2ClientConn // valid after done is closed 787 err error // valid after done is closed 788 } 789 790 // requires p.mu is held. 791 func (p *http2clientConnPool) getStartDialLocked(addr string) *http2dialCall { 792 if call, ok := p.dialing[addr]; ok { 793 // A dial is already in-flight. Don't start another. 794 return call 795 } 796 call := &http2dialCall{p: p, done: make(chan struct{})} 797 if p.dialing == nil { 798 p.dialing = make(map[string]*http2dialCall) 799 } 800 p.dialing[addr] = call 801 go call.dial(addr) 802 return call 803 } 804 805 // run in its own goroutine. 806 func (c *http2dialCall) dial(addr string) { 807 const singleUse = false // shared conn 808 c.res, c.err = c.p.t.dialClientConn(addr, singleUse) 809 close(c.done) 810 811 c.p.mu.Lock() 812 delete(c.p.dialing, addr) 813 if c.err == nil { 814 c.p.addConnLocked(addr, c.res) 815 } 816 c.p.mu.Unlock() 817 } 818 819 // addConnIfNeeded makes a NewClientConn out of c if a connection for key doesn't 820 // already exist. It coalesces concurrent calls with the same key. 821 // This is used by the http1 Transport code when it creates a new connection. Because 822 // the http1 Transport doesn't de-dup TCP dials to outbound hosts (because it doesn't know 823 // the protocol), it can get into a situation where it has multiple TLS connections. 824 // This code decides which ones live or die. 825 // The return value used is whether c was used. 826 // c is never closed. 827 func (p *http2clientConnPool) addConnIfNeeded(key string, t *http2Transport, c *tls.Conn) (used bool, err error) { 828 p.mu.Lock() 829 for _, cc := range p.conns[key] { 830 if cc.CanTakeNewRequest() { 831 p.mu.Unlock() 832 return false, nil 833 } 834 } 835 call, dup := p.addConnCalls[key] 836 if !dup { 837 if p.addConnCalls == nil { 838 p.addConnCalls = make(map[string]*http2addConnCall) 839 } 840 call = &http2addConnCall{ 841 p: p, 842 done: make(chan struct{}), 843 } 844 p.addConnCalls[key] = call 845 go call.run(t, key, c) 846 } 847 p.mu.Unlock() 848 849 <-call.done 850 if call.err != nil { 851 return false, call.err 852 } 853 return !dup, nil 854 } 855 856 type http2addConnCall struct { 857 p *http2clientConnPool 858 done chan struct{} // closed when done 859 err error 860 } 861 862 func (c *http2addConnCall) run(t *http2Transport, key string, tc *tls.Conn) { 863 cc, err := t.NewClientConn(tc) 864 865 p := c.p 866 p.mu.Lock() 867 if err != nil { 868 c.err = err 869 } else { 870 p.addConnLocked(key, cc) 871 } 872 delete(p.addConnCalls, key) 873 p.mu.Unlock() 874 close(c.done) 875 } 876 877 func (p *http2clientConnPool) addConn(key string, cc *http2ClientConn) { 878 p.mu.Lock() 879 p.addConnLocked(key, cc) 880 p.mu.Unlock() 881 } 882 883 // p.mu must be held 884 func (p *http2clientConnPool) addConnLocked(key string, cc *http2ClientConn) { 885 for _, v := range p.conns[key] { 886 if v == cc { 887 return 888 } 889 } 890 if p.conns == nil { 891 p.conns = make(map[string][]*http2ClientConn) 892 } 893 if p.keys == nil { 894 p.keys = make(map[*http2ClientConn][]string) 895 } 896 p.conns[key] = append(p.conns[key], cc) 897 p.keys[cc] = append(p.keys[cc], key) 898 } 899 900 func (p *http2clientConnPool) MarkDead(cc *http2ClientConn) { 901 p.mu.Lock() 902 defer p.mu.Unlock() 903 for _, key := range p.keys[cc] { 904 vv, ok := p.conns[key] 905 if !ok { 906 continue 907 } 908 newList := http2filterOutClientConn(vv, cc) 909 if len(newList) > 0 { 910 p.conns[key] = newList 911 } else { 912 delete(p.conns, key) 913 } 914 } 915 delete(p.keys, cc) 916 } 917 918 func (p *http2clientConnPool) closeIdleConnections() { 919 p.mu.Lock() 920 defer p.mu.Unlock() 921 // TODO: don't close a cc if it was just added to the pool 922 // milliseconds ago and has never been used. There's currently 923 // a small race window with the HTTP/1 Transport's integration 924 // where it can add an idle conn just before using it, and 925 // somebody else can concurrently call CloseIdleConns and 926 // break some caller's RoundTrip. 927 for _, vv := range p.conns { 928 for _, cc := range vv { 929 cc.closeIfIdle() 930 } 931 } 932 } 933 934 func http2filterOutClientConn(in []*http2ClientConn, exclude *http2ClientConn) []*http2ClientConn { 935 out := in[:0] 936 for _, v := range in { 937 if v != exclude { 938 out = append(out, v) 939 } 940 } 941 // If we filtered it out, zero out the last item to prevent 942 // the GC from seeing it. 943 if len(in) != len(out) { 944 in[len(in)-1] = nil 945 } 946 return out 947 } 948 949 // noDialClientConnPool is an implementation of http2.ClientConnPool 950 // which never dials. We let the HTTP/1.1 client dial and use its TLS 951 // connection instead. 952 type http2noDialClientConnPool struct{ *http2clientConnPool } 953 954 func (p http2noDialClientConnPool) GetClientConn(req *Request, addr string) (*http2ClientConn, error) { 955 return p.getClientConn(req, addr, http2noDialOnMiss) 956 } 957 958 // Buffer chunks are allocated from a pool to reduce pressure on GC. 959 // The maximum wasted space per dataBuffer is 2x the largest size class, 960 // which happens when the dataBuffer has multiple chunks and there is 961 // one unread byte in both the first and last chunks. We use a few size 962 // classes to minimize overheads for servers that typically receive very 963 // small request bodies. 964 // 965 // TODO: Benchmark to determine if the pools are necessary. The GC may have 966 // improved enough that we can instead allocate chunks like this: 967 // make([]byte, max(16<<10, expectedBytesRemaining)) 968 var ( 969 http2dataChunkSizeClasses = []int{ 970 1 << 10, 971 2 << 10, 972 4 << 10, 973 8 << 10, 974 16 << 10, 975 } 976 http2dataChunkPools = [...]sync.Pool{ 977 {New: func() interface{} { return make([]byte, 1<<10) }}, 978 {New: func() interface{} { return make([]byte, 2<<10) }}, 979 {New: func() interface{} { return make([]byte, 4<<10) }}, 980 {New: func() interface{} { return make([]byte, 8<<10) }}, 981 {New: func() interface{} { return make([]byte, 16<<10) }}, 982 } 983 ) 984 985 func http2getDataBufferChunk(size int64) []byte { 986 i := 0 987 for ; i < len(http2dataChunkSizeClasses)-1; i++ { 988 if size <= int64(http2dataChunkSizeClasses[i]) { 989 break 990 } 991 } 992 return http2dataChunkPools[i].Get().([]byte) 993 } 994 995 func http2putDataBufferChunk(p []byte) { 996 for i, n := range http2dataChunkSizeClasses { 997 if len(p) == n { 998 http2dataChunkPools[i].Put(p) 999 return 1000 } 1001 } 1002 panic(fmt.Sprintf("unexpected buffer len=%v", len(p))) 1003 } 1004 1005 // dataBuffer is an io.ReadWriter backed by a list of data chunks. 1006 // Each dataBuffer is used to read DATA frames on a single stream. 1007 // The buffer is divided into chunks so the server can limit the 1008 // total memory used by a single connection without limiting the 1009 // request body size on any single stream. 1010 type http2dataBuffer struct { 1011 chunks [][]byte 1012 r int // next byte to read is chunks[0][r] 1013 w int // next byte to write is chunks[len(chunks)-1][w] 1014 size int // total buffered bytes 1015 expected int64 // we expect at least this many bytes in future Write calls (ignored if <= 0) 1016 } 1017 1018 var http2errReadEmpty = errors.New("read from empty dataBuffer") 1019 1020 // Read copies bytes from the buffer into p. 1021 // It is an error to read when no data is available. 1022 func (b *http2dataBuffer) Read(p []byte) (int, error) { 1023 if b.size == 0 { 1024 return 0, http2errReadEmpty 1025 } 1026 var ntotal int 1027 for len(p) > 0 && b.size > 0 { 1028 readFrom := b.bytesFromFirstChunk() 1029 n := copy(p, readFrom) 1030 p = p[n:] 1031 ntotal += n 1032 b.r += n 1033 b.size -= n 1034 // If the first chunk has been consumed, advance to the next chunk. 1035 if b.r == len(b.chunks[0]) { 1036 http2putDataBufferChunk(b.chunks[0]) 1037 end := len(b.chunks) - 1 1038 copy(b.chunks[:end], b.chunks[1:]) 1039 b.chunks[end] = nil 1040 b.chunks = b.chunks[:end] 1041 b.r = 0 1042 } 1043 } 1044 return ntotal, nil 1045 } 1046 1047 func (b *http2dataBuffer) bytesFromFirstChunk() []byte { 1048 if len(b.chunks) == 1 { 1049 return b.chunks[0][b.r:b.w] 1050 } 1051 return b.chunks[0][b.r:] 1052 } 1053 1054 // Len returns the number of bytes of the unread portion of the buffer. 1055 func (b *http2dataBuffer) Len() int { 1056 return b.size 1057 } 1058 1059 // Write appends p to the buffer. 1060 func (b *http2dataBuffer) Write(p []byte) (int, error) { 1061 ntotal := len(p) 1062 for len(p) > 0 { 1063 // If the last chunk is empty, allocate a new chunk. Try to allocate 1064 // enough to fully copy p plus any additional bytes we expect to 1065 // receive. However, this may allocate less than len(p). 1066 want := int64(len(p)) 1067 if b.expected > want { 1068 want = b.expected 1069 } 1070 chunk := b.lastChunkOrAlloc(want) 1071 n := copy(chunk[b.w:], p) 1072 p = p[n:] 1073 b.w += n 1074 b.size += n 1075 b.expected -= int64(n) 1076 } 1077 return ntotal, nil 1078 } 1079 1080 func (b *http2dataBuffer) lastChunkOrAlloc(want int64) []byte { 1081 if len(b.chunks) != 0 { 1082 last := b.chunks[len(b.chunks)-1] 1083 if b.w < len(last) { 1084 return last 1085 } 1086 } 1087 chunk := http2getDataBufferChunk(want) 1088 b.chunks = append(b.chunks, chunk) 1089 b.w = 0 1090 return chunk 1091 } 1092 1093 // An ErrCode is an unsigned 32-bit error code as defined in the HTTP/2 spec. 1094 type http2ErrCode uint32 1095 1096 const ( 1097 http2ErrCodeNo http2ErrCode = 0x0 1098 http2ErrCodeProtocol http2ErrCode = 0x1 1099 http2ErrCodeInternal http2ErrCode = 0x2 1100 http2ErrCodeFlowControl http2ErrCode = 0x3 1101 http2ErrCodeSettingsTimeout http2ErrCode = 0x4 1102 http2ErrCodeStreamClosed http2ErrCode = 0x5 1103 http2ErrCodeFrameSize http2ErrCode = 0x6 1104 http2ErrCodeRefusedStream http2ErrCode = 0x7 1105 http2ErrCodeCancel http2ErrCode = 0x8 1106 http2ErrCodeCompression http2ErrCode = 0x9 1107 http2ErrCodeConnect http2ErrCode = 0xa 1108 http2ErrCodeEnhanceYourCalm http2ErrCode = 0xb 1109 http2ErrCodeInadequateSecurity http2ErrCode = 0xc 1110 http2ErrCodeHTTP11Required http2ErrCode = 0xd 1111 ) 1112 1113 var http2errCodeName = map[http2ErrCode]string{ 1114 http2ErrCodeNo: "NO_ERROR", 1115 http2ErrCodeProtocol: "PROTOCOL_ERROR", 1116 http2ErrCodeInternal: "INTERNAL_ERROR", 1117 http2ErrCodeFlowControl: "FLOW_CONTROL_ERROR", 1118 http2ErrCodeSettingsTimeout: "SETTINGS_TIMEOUT", 1119 http2ErrCodeStreamClosed: "STREAM_CLOSED", 1120 http2ErrCodeFrameSize: "FRAME_SIZE_ERROR", 1121 http2ErrCodeRefusedStream: "REFUSED_STREAM", 1122 http2ErrCodeCancel: "CANCEL", 1123 http2ErrCodeCompression: "COMPRESSION_ERROR", 1124 http2ErrCodeConnect: "CONNECT_ERROR", 1125 http2ErrCodeEnhanceYourCalm: "ENHANCE_YOUR_CALM", 1126 http2ErrCodeInadequateSecurity: "INADEQUATE_SECURITY", 1127 http2ErrCodeHTTP11Required: "HTTP_1_1_REQUIRED", 1128 } 1129 1130 func (e http2ErrCode) String() string { 1131 if s, ok := http2errCodeName[e]; ok { 1132 return s 1133 } 1134 return fmt.Sprintf("unknown error code 0x%x", uint32(e)) 1135 } 1136 1137 // ConnectionError is an error that results in the termination of the 1138 // entire connection. 1139 type http2ConnectionError http2ErrCode 1140 1141 func (e http2ConnectionError) Error() string { 1142 return fmt.Sprintf("connection error: %s", http2ErrCode(e)) 1143 } 1144 1145 // StreamError is an error that only affects one stream within an 1146 // HTTP/2 connection. 1147 type http2StreamError struct { 1148 StreamID uint32 1149 Code http2ErrCode 1150 Cause error // optional additional detail 1151 } 1152 1153 func http2streamError(id uint32, code http2ErrCode) http2StreamError { 1154 return http2StreamError{StreamID: id, Code: code} 1155 } 1156 1157 func (e http2StreamError) Error() string { 1158 if e.Cause != nil { 1159 return fmt.Sprintf("stream error: stream ID %d; %v; %v", e.StreamID, e.Code, e.Cause) 1160 } 1161 return fmt.Sprintf("stream error: stream ID %d; %v", e.StreamID, e.Code) 1162 } 1163 1164 // 6.9.1 The Flow Control Window 1165 // "If a sender receives a WINDOW_UPDATE that causes a flow control 1166 // window to exceed this maximum it MUST terminate either the stream 1167 // or the connection, as appropriate. For streams, [...]; for the 1168 // connection, a GOAWAY frame with a FLOW_CONTROL_ERROR code." 1169 type http2goAwayFlowError struct{} 1170 1171 func (http2goAwayFlowError) Error() string { return "connection exceeded flow control window size" } 1172 1173 // connError represents an HTTP/2 ConnectionError error code, along 1174 // with a string (for debugging) explaining why. 1175 // 1176 // Errors of this type are only returned by the frame parser functions 1177 // and converted into ConnectionError(Code), after stashing away 1178 // the Reason into the Framer's errDetail field, accessible via 1179 // the (*Framer).ErrorDetail method. 1180 type http2connError struct { 1181 Code http2ErrCode // the ConnectionError error code 1182 Reason string // additional reason 1183 } 1184 1185 func (e http2connError) Error() string { 1186 return fmt.Sprintf("http2: connection error: %v: %v", e.Code, e.Reason) 1187 } 1188 1189 type http2pseudoHeaderError string 1190 1191 func (e http2pseudoHeaderError) Error() string { 1192 return fmt.Sprintf("invalid pseudo-header %q", string(e)) 1193 } 1194 1195 type http2duplicatePseudoHeaderError string 1196 1197 func (e http2duplicatePseudoHeaderError) Error() string { 1198 return fmt.Sprintf("duplicate pseudo-header %q", string(e)) 1199 } 1200 1201 type http2headerFieldNameError string 1202 1203 func (e http2headerFieldNameError) Error() string { 1204 return fmt.Sprintf("invalid header field name %q", string(e)) 1205 } 1206 1207 type http2headerFieldValueError string 1208 1209 func (e http2headerFieldValueError) Error() string { 1210 return fmt.Sprintf("invalid header field value %q", string(e)) 1211 } 1212 1213 var ( 1214 http2errMixPseudoHeaderTypes = errors.New("mix of request and response pseudo headers") 1215 http2errPseudoAfterRegular = errors.New("pseudo header field after regular") 1216 ) 1217 1218 // flow is the flow control window's size. 1219 type http2flow struct { 1220 // n is the number of DATA bytes we're allowed to send. 1221 // A flow is kept both on a conn and a per-stream. 1222 n int32 1223 1224 // conn points to the shared connection-level flow that is 1225 // shared by all streams on that conn. It is nil for the flow 1226 // that's on the conn directly. 1227 conn *http2flow 1228 } 1229 1230 func (f *http2flow) setConnFlow(cf *http2flow) { f.conn = cf } 1231 1232 func (f *http2flow) available() int32 { 1233 n := f.n 1234 if f.conn != nil && f.conn.n < n { 1235 n = f.conn.n 1236 } 1237 return n 1238 } 1239 1240 func (f *http2flow) take(n int32) { 1241 if n > f.available() { 1242 panic("internal error: took too much") 1243 } 1244 f.n -= n 1245 if f.conn != nil { 1246 f.conn.n -= n 1247 } 1248 } 1249 1250 // add adds n bytes (positive or negative) to the flow control window. 1251 // It returns false if the sum would exceed 2^31-1. 1252 func (f *http2flow) add(n int32) bool { 1253 sum := f.n + n 1254 if (sum > n) == (f.n > 0) { 1255 f.n = sum 1256 return true 1257 } 1258 return false 1259 } 1260 1261 const http2frameHeaderLen = 9 1262 1263 var http2padZeros = make([]byte, 255) // zeros for padding 1264 1265 // A FrameType is a registered frame type as defined in 1266 // http://http2.github.io/http2-spec/#rfc.section.11.2 1267 type http2FrameType uint8 1268 1269 const ( 1270 http2FrameData http2FrameType = 0x0 1271 http2FrameHeaders http2FrameType = 0x1 1272 http2FramePriority http2FrameType = 0x2 1273 http2FrameRSTStream http2FrameType = 0x3 1274 http2FrameSettings http2FrameType = 0x4 1275 http2FramePushPromise http2FrameType = 0x5 1276 http2FramePing http2FrameType = 0x6 1277 http2FrameGoAway http2FrameType = 0x7 1278 http2FrameWindowUpdate http2FrameType = 0x8 1279 http2FrameContinuation http2FrameType = 0x9 1280 ) 1281 1282 var http2frameName = map[http2FrameType]string{ 1283 http2FrameData: "DATA", 1284 http2FrameHeaders: "HEADERS", 1285 http2FramePriority: "PRIORITY", 1286 http2FrameRSTStream: "RST_STREAM", 1287 http2FrameSettings: "SETTINGS", 1288 http2FramePushPromise: "PUSH_PROMISE", 1289 http2FramePing: "PING", 1290 http2FrameGoAway: "GOAWAY", 1291 http2FrameWindowUpdate: "WINDOW_UPDATE", 1292 http2FrameContinuation: "CONTINUATION", 1293 } 1294 1295 func (t http2FrameType) String() string { 1296 if s, ok := http2frameName[t]; ok { 1297 return s 1298 } 1299 return fmt.Sprintf("UNKNOWN_FRAME_TYPE_%d", uint8(t)) 1300 } 1301 1302 // Flags is a bitmask of HTTP/2 flags. 1303 // The meaning of flags varies depending on the frame type. 1304 type http2Flags uint8 1305 1306 // Has reports whether f contains all (0 or more) flags in v. 1307 func (f http2Flags) Has(v http2Flags) bool { 1308 return (f & v) == v 1309 } 1310 1311 // Frame-specific FrameHeader flag bits. 1312 const ( 1313 // Data Frame 1314 http2FlagDataEndStream http2Flags = 0x1 1315 http2FlagDataPadded http2Flags = 0x8 1316 1317 // Headers Frame 1318 http2FlagHeadersEndStream http2Flags = 0x1 1319 http2FlagHeadersEndHeaders http2Flags = 0x4 1320 http2FlagHeadersPadded http2Flags = 0x8 1321 http2FlagHeadersPriority http2Flags = 0x20 1322 1323 // Settings Frame 1324 http2FlagSettingsAck http2Flags = 0x1 1325 1326 // Ping Frame 1327 http2FlagPingAck http2Flags = 0x1 1328 1329 // Continuation Frame 1330 http2FlagContinuationEndHeaders http2Flags = 0x4 1331 1332 http2FlagPushPromiseEndHeaders http2Flags = 0x4 1333 http2FlagPushPromisePadded http2Flags = 0x8 1334 ) 1335 1336 var http2flagName = map[http2FrameType]map[http2Flags]string{ 1337 http2FrameData: { 1338 http2FlagDataEndStream: "END_STREAM", 1339 http2FlagDataPadded: "PADDED", 1340 }, 1341 http2FrameHeaders: { 1342 http2FlagHeadersEndStream: "END_STREAM", 1343 http2FlagHeadersEndHeaders: "END_HEADERS", 1344 http2FlagHeadersPadded: "PADDED", 1345 http2FlagHeadersPriority: "PRIORITY", 1346 }, 1347 http2FrameSettings: { 1348 http2FlagSettingsAck: "ACK", 1349 }, 1350 http2FramePing: { 1351 http2FlagPingAck: "ACK", 1352 }, 1353 http2FrameContinuation: { 1354 http2FlagContinuationEndHeaders: "END_HEADERS", 1355 }, 1356 http2FramePushPromise: { 1357 http2FlagPushPromiseEndHeaders: "END_HEADERS", 1358 http2FlagPushPromisePadded: "PADDED", 1359 }, 1360 } 1361 1362 // a frameParser parses a frame given its FrameHeader and payload 1363 // bytes. The length of payload will always equal fh.Length (which 1364 // might be 0). 1365 type http2frameParser func(fc *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) 1366 1367 var http2frameParsers = map[http2FrameType]http2frameParser{ 1368 http2FrameData: http2parseDataFrame, 1369 http2FrameHeaders: http2parseHeadersFrame, 1370 http2FramePriority: http2parsePriorityFrame, 1371 http2FrameRSTStream: http2parseRSTStreamFrame, 1372 http2FrameSettings: http2parseSettingsFrame, 1373 http2FramePushPromise: http2parsePushPromise, 1374 http2FramePing: http2parsePingFrame, 1375 http2FrameGoAway: http2parseGoAwayFrame, 1376 http2FrameWindowUpdate: http2parseWindowUpdateFrame, 1377 http2FrameContinuation: http2parseContinuationFrame, 1378 } 1379 1380 func http2typeFrameParser(t http2FrameType) http2frameParser { 1381 if f := http2frameParsers[t]; f != nil { 1382 return f 1383 } 1384 return http2parseUnknownFrame 1385 } 1386 1387 // A FrameHeader is the 9 byte header of all HTTP/2 frames. 1388 // 1389 // See http://http2.github.io/http2-spec/#FrameHeader 1390 type http2FrameHeader struct { 1391 valid bool // caller can access []byte fields in the Frame 1392 1393 // Type is the 1 byte frame type. There are ten standard frame 1394 // types, but extension frame types may be written by WriteRawFrame 1395 // and will be returned by ReadFrame (as UnknownFrame). 1396 Type http2FrameType 1397 1398 // Flags are the 1 byte of 8 potential bit flags per frame. 1399 // They are specific to the frame type. 1400 Flags http2Flags 1401 1402 // Length is the length of the frame, not including the 9 byte header. 1403 // The maximum size is one byte less than 16MB (uint24), but only 1404 // frames up to 16KB are allowed without peer agreement. 1405 Length uint32 1406 1407 // StreamID is which stream this frame is for. Certain frames 1408 // are not stream-specific, in which case this field is 0. 1409 StreamID uint32 1410 } 1411 1412 // Header returns h. It exists so FrameHeaders can be embedded in other 1413 // specific frame types and implement the Frame interface. 1414 func (h http2FrameHeader) Header() http2FrameHeader { return h } 1415 1416 func (h http2FrameHeader) String() string { 1417 var buf bytes.Buffer 1418 buf.WriteString("[FrameHeader ") 1419 h.writeDebug(&buf) 1420 buf.WriteByte(']') 1421 return buf.String() 1422 } 1423 1424 func (h http2FrameHeader) writeDebug(buf *bytes.Buffer) { 1425 buf.WriteString(h.Type.String()) 1426 if h.Flags != 0 { 1427 buf.WriteString(" flags=") 1428 set := 0 1429 for i := uint8(0); i < 8; i++ { 1430 if h.Flags&(1<<i) == 0 { 1431 continue 1432 } 1433 set++ 1434 if set > 1 { 1435 buf.WriteByte('|') 1436 } 1437 name := http2flagName[h.Type][http2Flags(1<<i)] 1438 if name != "" { 1439 buf.WriteString(name) 1440 } else { 1441 fmt.Fprintf(buf, "0x%x", 1<<i) 1442 } 1443 } 1444 } 1445 if h.StreamID != 0 { 1446 fmt.Fprintf(buf, " stream=%d", h.StreamID) 1447 } 1448 fmt.Fprintf(buf, " len=%d", h.Length) 1449 } 1450 1451 func (h *http2FrameHeader) checkValid() { 1452 if !h.valid { 1453 panic("Frame accessor called on non-owned Frame") 1454 } 1455 } 1456 1457 func (h *http2FrameHeader) invalidate() { h.valid = false } 1458 1459 // frame header bytes. 1460 // Used only by ReadFrameHeader. 1461 var http2fhBytes = sync.Pool{ 1462 New: func() interface{} { 1463 buf := make([]byte, http2frameHeaderLen) 1464 return &buf 1465 }, 1466 } 1467 1468 // ReadFrameHeader reads 9 bytes from r and returns a FrameHeader. 1469 // Most users should use Framer.ReadFrame instead. 1470 func http2ReadFrameHeader(r io.Reader) (http2FrameHeader, error) { 1471 bufp := http2fhBytes.Get().(*[]byte) 1472 defer http2fhBytes.Put(bufp) 1473 return http2readFrameHeader(*bufp, r) 1474 } 1475 1476 func http2readFrameHeader(buf []byte, r io.Reader) (http2FrameHeader, error) { 1477 _, err := io.ReadFull(r, buf[:http2frameHeaderLen]) 1478 if err != nil { 1479 return http2FrameHeader{}, err 1480 } 1481 return http2FrameHeader{ 1482 Length: (uint32(buf[0])<<16 | uint32(buf[1])<<8 | uint32(buf[2])), 1483 Type: http2FrameType(buf[3]), 1484 Flags: http2Flags(buf[4]), 1485 StreamID: binary.BigEndian.Uint32(buf[5:]) & (1<<31 - 1), 1486 valid: true, 1487 }, nil 1488 } 1489 1490 // A Frame is the base interface implemented by all frame types. 1491 // Callers will generally type-assert the specific frame type: 1492 // *HeadersFrame, *SettingsFrame, *WindowUpdateFrame, etc. 1493 // 1494 // Frames are only valid until the next call to Framer.ReadFrame. 1495 type http2Frame interface { 1496 Header() http2FrameHeader 1497 1498 // invalidate is called by Framer.ReadFrame to make this 1499 // frame's buffers as being invalid, since the subsequent 1500 // frame will reuse them. 1501 invalidate() 1502 } 1503 1504 // A Framer reads and writes Frames. 1505 type http2Framer struct { 1506 r io.Reader 1507 lastFrame http2Frame 1508 errDetail error 1509 1510 // lastHeaderStream is non-zero if the last frame was an 1511 // unfinished HEADERS/CONTINUATION. 1512 lastHeaderStream uint32 1513 1514 maxReadSize uint32 1515 headerBuf [http2frameHeaderLen]byte 1516 1517 // TODO: let getReadBuf be configurable, and use a less memory-pinning 1518 // allocator in server.go to minimize memory pinned for many idle conns. 1519 // Will probably also need to make frame invalidation have a hook too. 1520 getReadBuf func(size uint32) []byte 1521 readBuf []byte // cache for default getReadBuf 1522 1523 maxWriteSize uint32 // zero means unlimited; TODO: implement 1524 1525 w io.Writer 1526 wbuf []byte 1527 1528 // AllowIllegalWrites permits the Framer's Write methods to 1529 // write frames that do not conform to the HTTP/2 spec. This 1530 // permits using the Framer to test other HTTP/2 1531 // implementations' conformance to the spec. 1532 // If false, the Write methods will prefer to return an error 1533 // rather than comply. 1534 AllowIllegalWrites bool 1535 1536 // AllowIllegalReads permits the Framer's ReadFrame method 1537 // to return non-compliant frames or frame orders. 1538 // This is for testing and permits using the Framer to test 1539 // other HTTP/2 implementations' conformance to the spec. 1540 // It is not compatible with ReadMetaHeaders. 1541 AllowIllegalReads bool 1542 1543 // ReadMetaHeaders if non-nil causes ReadFrame to merge 1544 // HEADERS and CONTINUATION frames together and return 1545 // MetaHeadersFrame instead. 1546 ReadMetaHeaders *hpack.Decoder 1547 1548 // MaxHeaderListSize is the http2 MAX_HEADER_LIST_SIZE. 1549 // It's used only if ReadMetaHeaders is set; 0 means a sane default 1550 // (currently 16MB) 1551 // If the limit is hit, MetaHeadersFrame.Truncated is set true. 1552 MaxHeaderListSize uint32 1553 1554 // TODO: track which type of frame & with which flags was sent 1555 // last. Then return an error (unless AllowIllegalWrites) if 1556 // we're in the middle of a header block and a 1557 // non-Continuation or Continuation on a different stream is 1558 // attempted to be written. 1559 1560 logReads, logWrites bool 1561 1562 debugFramer *http2Framer // only use for logging written writes 1563 debugFramerBuf *bytes.Buffer 1564 debugReadLoggerf func(string, ...interface{}) 1565 debugWriteLoggerf func(string, ...interface{}) 1566 1567 frameCache *http2frameCache // nil if frames aren't reused (default) 1568 } 1569 1570 func (fr *http2Framer) maxHeaderListSize() uint32 { 1571 if fr.MaxHeaderListSize == 0 { 1572 return 16 << 20 // sane default, per docs 1573 } 1574 return fr.MaxHeaderListSize 1575 } 1576 1577 func (f *http2Framer) startWrite(ftype http2FrameType, flags http2Flags, streamID uint32) { 1578 // Write the FrameHeader. 1579 f.wbuf = append(f.wbuf[:0], 1580 0, // 3 bytes of length, filled in in endWrite 1581 0, 1582 0, 1583 byte(ftype), 1584 byte(flags), 1585 byte(streamID>>24), 1586 byte(streamID>>16), 1587 byte(streamID>>8), 1588 byte(streamID)) 1589 } 1590 1591 func (f *http2Framer) endWrite() error { 1592 // Now that we know the final size, fill in the FrameHeader in 1593 // the space previously reserved for it. Abuse append. 1594 length := len(f.wbuf) - http2frameHeaderLen 1595 if length >= (1 << 24) { 1596 return http2ErrFrameTooLarge 1597 } 1598 _ = append(f.wbuf[:0], 1599 byte(length>>16), 1600 byte(length>>8), 1601 byte(length)) 1602 if f.logWrites { 1603 f.logWrite() 1604 } 1605 1606 n, err := f.w.Write(f.wbuf) 1607 if err == nil && n != len(f.wbuf) { 1608 err = io.ErrShortWrite 1609 } 1610 return err 1611 } 1612 1613 func (f *http2Framer) logWrite() { 1614 if f.debugFramer == nil { 1615 f.debugFramerBuf = new(bytes.Buffer) 1616 f.debugFramer = http2NewFramer(nil, f.debugFramerBuf) 1617 f.debugFramer.logReads = false // we log it ourselves, saying "wrote" below 1618 // Let us read anything, even if we accidentally wrote it 1619 // in the wrong order: 1620 f.debugFramer.AllowIllegalReads = true 1621 } 1622 f.debugFramerBuf.Write(f.wbuf) 1623 fr, err := f.debugFramer.ReadFrame() 1624 if err != nil { 1625 f.debugWriteLoggerf("http2: Framer %p: failed to decode just-written frame", f) 1626 return 1627 } 1628 f.debugWriteLoggerf("http2: Framer %p: wrote %v", f, http2summarizeFrame(fr)) 1629 } 1630 1631 func (f *http2Framer) writeByte(v byte) { f.wbuf = append(f.wbuf, v) } 1632 1633 func (f *http2Framer) writeBytes(v []byte) { f.wbuf = append(f.wbuf, v...) } 1634 1635 func (f *http2Framer) writeUint16(v uint16) { f.wbuf = append(f.wbuf, byte(v>>8), byte(v)) } 1636 1637 func (f *http2Framer) writeUint32(v uint32) { 1638 f.wbuf = append(f.wbuf, byte(v>>24), byte(v>>16), byte(v>>8), byte(v)) 1639 } 1640 1641 const ( 1642 http2minMaxFrameSize = 1 << 14 1643 http2maxFrameSize = 1<<24 - 1 1644 ) 1645 1646 // SetReuseFrames allows the Framer to reuse Frames. 1647 // If called on a Framer, Frames returned by calls to ReadFrame are only 1648 // valid until the next call to ReadFrame. 1649 func (fr *http2Framer) SetReuseFrames() { 1650 if fr.frameCache != nil { 1651 return 1652 } 1653 fr.frameCache = &http2frameCache{} 1654 } 1655 1656 type http2frameCache struct { 1657 dataFrame http2DataFrame 1658 } 1659 1660 func (fc *http2frameCache) getDataFrame() *http2DataFrame { 1661 if fc == nil { 1662 return &http2DataFrame{} 1663 } 1664 return &fc.dataFrame 1665 } 1666 1667 // NewFramer returns a Framer that writes frames to w and reads them from r. 1668 func http2NewFramer(w io.Writer, r io.Reader) *http2Framer { 1669 fr := &http2Framer{ 1670 w: w, 1671 r: r, 1672 logReads: http2logFrameReads, 1673 logWrites: http2logFrameWrites, 1674 debugReadLoggerf: log.Printf, 1675 debugWriteLoggerf: log.Printf, 1676 } 1677 fr.getReadBuf = func(size uint32) []byte { 1678 if cap(fr.readBuf) >= int(size) { 1679 return fr.readBuf[:size] 1680 } 1681 fr.readBuf = make([]byte, size) 1682 return fr.readBuf 1683 } 1684 fr.SetMaxReadFrameSize(http2maxFrameSize) 1685 return fr 1686 } 1687 1688 // SetMaxReadFrameSize sets the maximum size of a frame 1689 // that will be read by a subsequent call to ReadFrame. 1690 // It is the caller's responsibility to advertise this 1691 // limit with a SETTINGS frame. 1692 func (fr *http2Framer) SetMaxReadFrameSize(v uint32) { 1693 if v > http2maxFrameSize { 1694 v = http2maxFrameSize 1695 } 1696 fr.maxReadSize = v 1697 } 1698 1699 // ErrorDetail returns a more detailed error of the last error 1700 // returned by Framer.ReadFrame. For instance, if ReadFrame 1701 // returns a StreamError with code PROTOCOL_ERROR, ErrorDetail 1702 // will say exactly what was invalid. ErrorDetail is not guaranteed 1703 // to return a non-nil value and like the rest of the http2 package, 1704 // its return value is not protected by an API compatibility promise. 1705 // ErrorDetail is reset after the next call to ReadFrame. 1706 func (fr *http2Framer) ErrorDetail() error { 1707 return fr.errDetail 1708 } 1709 1710 // ErrFrameTooLarge is returned from Framer.ReadFrame when the peer 1711 // sends a frame that is larger than declared with SetMaxReadFrameSize. 1712 var http2ErrFrameTooLarge = errors.New("http2: frame too large") 1713 1714 // terminalReadFrameError reports whether err is an unrecoverable 1715 // error from ReadFrame and no other frames should be read. 1716 func http2terminalReadFrameError(err error) bool { 1717 if _, ok := err.(http2StreamError); ok { 1718 return false 1719 } 1720 return err != nil 1721 } 1722 1723 // ReadFrame reads a single frame. The returned Frame is only valid 1724 // until the next call to ReadFrame. 1725 // 1726 // If the frame is larger than previously set with SetMaxReadFrameSize, the 1727 // returned error is ErrFrameTooLarge. Other errors may be of type 1728 // ConnectionError, StreamError, or anything else from the underlying 1729 // reader. 1730 func (fr *http2Framer) ReadFrame() (http2Frame, error) { 1731 fr.errDetail = nil 1732 if fr.lastFrame != nil { 1733 fr.lastFrame.invalidate() 1734 } 1735 fh, err := http2readFrameHeader(fr.headerBuf[:], fr.r) 1736 if err != nil { 1737 return nil, err 1738 } 1739 if fh.Length > fr.maxReadSize { 1740 return nil, http2ErrFrameTooLarge 1741 } 1742 payload := fr.getReadBuf(fh.Length) 1743 if _, err := io.ReadFull(fr.r, payload); err != nil { 1744 return nil, err 1745 } 1746 f, err := http2typeFrameParser(fh.Type)(fr.frameCache, fh, payload) 1747 if err != nil { 1748 if ce, ok := err.(http2connError); ok { 1749 return nil, fr.connError(ce.Code, ce.Reason) 1750 } 1751 return nil, err 1752 } 1753 if err := fr.checkFrameOrder(f); err != nil { 1754 return nil, err 1755 } 1756 if fr.logReads { 1757 fr.debugReadLoggerf("http2: Framer %p: read %v", fr, http2summarizeFrame(f)) 1758 } 1759 if fh.Type == http2FrameHeaders && fr.ReadMetaHeaders != nil { 1760 return fr.readMetaFrame(f.(*http2HeadersFrame)) 1761 } 1762 return f, nil 1763 } 1764 1765 // connError returns ConnectionError(code) but first 1766 // stashes away a public reason to the caller can optionally relay it 1767 // to the peer before hanging up on them. This might help others debug 1768 // their implementations. 1769 func (fr *http2Framer) connError(code http2ErrCode, reason string) error { 1770 fr.errDetail = errors.New(reason) 1771 return http2ConnectionError(code) 1772 } 1773 1774 // checkFrameOrder reports an error if f is an invalid frame to return 1775 // next from ReadFrame. Mostly it checks whether HEADERS and 1776 // CONTINUATION frames are contiguous. 1777 func (fr *http2Framer) checkFrameOrder(f http2Frame) error { 1778 last := fr.lastFrame 1779 fr.lastFrame = f 1780 if fr.AllowIllegalReads { 1781 return nil 1782 } 1783 1784 fh := f.Header() 1785 if fr.lastHeaderStream != 0 { 1786 if fh.Type != http2FrameContinuation { 1787 return fr.connError(http2ErrCodeProtocol, 1788 fmt.Sprintf("got %s for stream %d; expected CONTINUATION following %s for stream %d", 1789 fh.Type, fh.StreamID, 1790 last.Header().Type, fr.lastHeaderStream)) 1791 } 1792 if fh.StreamID != fr.lastHeaderStream { 1793 return fr.connError(http2ErrCodeProtocol, 1794 fmt.Sprintf("got CONTINUATION for stream %d; expected stream %d", 1795 fh.StreamID, fr.lastHeaderStream)) 1796 } 1797 } else if fh.Type == http2FrameContinuation { 1798 return fr.connError(http2ErrCodeProtocol, fmt.Sprintf("unexpected CONTINUATION for stream %d", fh.StreamID)) 1799 } 1800 1801 switch fh.Type { 1802 case http2FrameHeaders, http2FrameContinuation: 1803 if fh.Flags.Has(http2FlagHeadersEndHeaders) { 1804 fr.lastHeaderStream = 0 1805 } else { 1806 fr.lastHeaderStream = fh.StreamID 1807 } 1808 } 1809 1810 return nil 1811 } 1812 1813 // A DataFrame conveys arbitrary, variable-length sequences of octets 1814 // associated with a stream. 1815 // See http://http2.github.io/http2-spec/#rfc.section.6.1 1816 type http2DataFrame struct { 1817 http2FrameHeader 1818 data []byte 1819 } 1820 1821 func (f *http2DataFrame) StreamEnded() bool { 1822 return f.http2FrameHeader.Flags.Has(http2FlagDataEndStream) 1823 } 1824 1825 // Data returns the frame's data octets, not including any padding 1826 // size byte or padding suffix bytes. 1827 // The caller must not retain the returned memory past the next 1828 // call to ReadFrame. 1829 func (f *http2DataFrame) Data() []byte { 1830 f.checkValid() 1831 return f.data 1832 } 1833 1834 func http2parseDataFrame(fc *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) { 1835 if fh.StreamID == 0 { 1836 // DATA frames MUST be associated with a stream. If a 1837 // DATA frame is received whose stream identifier 1838 // field is 0x0, the recipient MUST respond with a 1839 // connection error (Section 5.4.1) of type 1840 // PROTOCOL_ERROR. 1841 return nil, http2connError{http2ErrCodeProtocol, "DATA frame with stream ID 0"} 1842 } 1843 f := fc.getDataFrame() 1844 f.http2FrameHeader = fh 1845 1846 var padSize byte 1847 if fh.Flags.Has(http2FlagDataPadded) { 1848 var err error 1849 payload, padSize, err = http2readByte(payload) 1850 if err != nil { 1851 return nil, err 1852 } 1853 } 1854 if int(padSize) > len(payload) { 1855 // If the length of the padding is greater than the 1856 // length of the frame payload, the recipient MUST 1857 // treat this as a connection error. 1858 // Filed: https://github.com/http2/http2-spec/issues/610 1859 return nil, http2connError{http2ErrCodeProtocol, "pad size larger than data payload"} 1860 } 1861 f.data = payload[:len(payload)-int(padSize)] 1862 return f, nil 1863 } 1864 1865 var ( 1866 http2errStreamID = errors.New("invalid stream ID") 1867 http2errDepStreamID = errors.New("invalid dependent stream ID") 1868 http2errPadLength = errors.New("pad length too large") 1869 http2errPadBytes = errors.New("padding bytes must all be zeros unless AllowIllegalWrites is enabled") 1870 ) 1871 1872 func http2validStreamIDOrZero(streamID uint32) bool { 1873 return streamID&(1<<31) == 0 1874 } 1875 1876 func http2validStreamID(streamID uint32) bool { 1877 return streamID != 0 && streamID&(1<<31) == 0 1878 } 1879 1880 // WriteData writes a DATA frame. 1881 // 1882 // It will perform exactly one Write to the underlying Writer. 1883 // It is the caller's responsibility not to violate the maximum frame size 1884 // and to not call other Write methods concurrently. 1885 func (f *http2Framer) WriteData(streamID uint32, endStream bool, data []byte) error { 1886 return f.WriteDataPadded(streamID, endStream, data, nil) 1887 } 1888 1889 // WriteDataPadded writes a DATA frame with optional padding. 1890 // 1891 // If pad is nil, the padding bit is not sent. 1892 // The length of pad must not exceed 255 bytes. 1893 // The bytes of pad must all be zero, unless f.AllowIllegalWrites is set. 1894 // 1895 // It will perform exactly one Write to the underlying Writer. 1896 // It is the caller's responsibility not to violate the maximum frame size 1897 // and to not call other Write methods concurrently. 1898 func (f *http2Framer) WriteDataPadded(streamID uint32, endStream bool, data, pad []byte) error { 1899 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 1900 return http2errStreamID 1901 } 1902 if len(pad) > 0 { 1903 if len(pad) > 255 { 1904 return http2errPadLength 1905 } 1906 if !f.AllowIllegalWrites { 1907 for _, b := range pad { 1908 if b != 0 { 1909 // "Padding octets MUST be set to zero when sending." 1910 return http2errPadBytes 1911 } 1912 } 1913 } 1914 } 1915 var flags http2Flags 1916 if endStream { 1917 flags |= http2FlagDataEndStream 1918 } 1919 if pad != nil { 1920 flags |= http2FlagDataPadded 1921 } 1922 f.startWrite(http2FrameData, flags, streamID) 1923 if pad != nil { 1924 f.wbuf = append(f.wbuf, byte(len(pad))) 1925 } 1926 f.wbuf = append(f.wbuf, data...) 1927 f.wbuf = append(f.wbuf, pad...) 1928 return f.endWrite() 1929 } 1930 1931 // A SettingsFrame conveys configuration parameters that affect how 1932 // endpoints communicate, such as preferences and constraints on peer 1933 // behavior. 1934 // 1935 // See http://http2.github.io/http2-spec/#SETTINGS 1936 type http2SettingsFrame struct { 1937 http2FrameHeader 1938 p []byte 1939 } 1940 1941 func http2parseSettingsFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 1942 if fh.Flags.Has(http2FlagSettingsAck) && fh.Length > 0 { 1943 // When this (ACK 0x1) bit is set, the payload of the 1944 // SETTINGS frame MUST be empty. Receipt of a 1945 // SETTINGS frame with the ACK flag set and a length 1946 // field value other than 0 MUST be treated as a 1947 // connection error (Section 5.4.1) of type 1948 // FRAME_SIZE_ERROR. 1949 return nil, http2ConnectionError(http2ErrCodeFrameSize) 1950 } 1951 if fh.StreamID != 0 { 1952 // SETTINGS frames always apply to a connection, 1953 // never a single stream. The stream identifier for a 1954 // SETTINGS frame MUST be zero (0x0). If an endpoint 1955 // receives a SETTINGS frame whose stream identifier 1956 // field is anything other than 0x0, the endpoint MUST 1957 // respond with a connection error (Section 5.4.1) of 1958 // type PROTOCOL_ERROR. 1959 return nil, http2ConnectionError(http2ErrCodeProtocol) 1960 } 1961 if len(p)%6 != 0 { 1962 // Expecting even number of 6 byte settings. 1963 return nil, http2ConnectionError(http2ErrCodeFrameSize) 1964 } 1965 f := &http2SettingsFrame{http2FrameHeader: fh, p: p} 1966 if v, ok := f.Value(http2SettingInitialWindowSize); ok && v > (1<<31)-1 { 1967 // Values above the maximum flow control window size of 2^31 - 1 MUST 1968 // be treated as a connection error (Section 5.4.1) of type 1969 // FLOW_CONTROL_ERROR. 1970 return nil, http2ConnectionError(http2ErrCodeFlowControl) 1971 } 1972 return f, nil 1973 } 1974 1975 func (f *http2SettingsFrame) IsAck() bool { 1976 return f.http2FrameHeader.Flags.Has(http2FlagSettingsAck) 1977 } 1978 1979 func (f *http2SettingsFrame) Value(id http2SettingID) (v uint32, ok bool) { 1980 f.checkValid() 1981 for i := 0; i < f.NumSettings(); i++ { 1982 if s := f.Setting(i); s.ID == id { 1983 return s.Val, true 1984 } 1985 } 1986 return 0, false 1987 } 1988 1989 // Setting returns the setting from the frame at the given 0-based index. 1990 // The index must be >= 0 and less than f.NumSettings(). 1991 func (f *http2SettingsFrame) Setting(i int) http2Setting { 1992 buf := f.p 1993 return http2Setting{ 1994 ID: http2SettingID(binary.BigEndian.Uint16(buf[i*6 : i*6+2])), 1995 Val: binary.BigEndian.Uint32(buf[i*6+2 : i*6+6]), 1996 } 1997 } 1998 1999 func (f *http2SettingsFrame) NumSettings() int { return len(f.p) / 6 } 2000 2001 // HasDuplicates reports whether f contains any duplicate setting IDs. 2002 func (f *http2SettingsFrame) HasDuplicates() bool { 2003 num := f.NumSettings() 2004 if num == 0 { 2005 return false 2006 } 2007 // If it's small enough (the common case), just do the n^2 2008 // thing and avoid a map allocation. 2009 if num < 10 { 2010 for i := 0; i < num; i++ { 2011 idi := f.Setting(i).ID 2012 for j := i + 1; j < num; j++ { 2013 idj := f.Setting(j).ID 2014 if idi == idj { 2015 return true 2016 } 2017 } 2018 } 2019 return false 2020 } 2021 seen := map[http2SettingID]bool{} 2022 for i := 0; i < num; i++ { 2023 id := f.Setting(i).ID 2024 if seen[id] { 2025 return true 2026 } 2027 seen[id] = true 2028 } 2029 return false 2030 } 2031 2032 // ForeachSetting runs fn for each setting. 2033 // It stops and returns the first error. 2034 func (f *http2SettingsFrame) ForeachSetting(fn func(http2Setting) error) error { 2035 f.checkValid() 2036 for i := 0; i < f.NumSettings(); i++ { 2037 if err := fn(f.Setting(i)); err != nil { 2038 return err 2039 } 2040 } 2041 return nil 2042 } 2043 2044 // WriteSettings writes a SETTINGS frame with zero or more settings 2045 // specified and the ACK bit not set. 2046 // 2047 // It will perform exactly one Write to the underlying Writer. 2048 // It is the caller's responsibility to not call other Write methods concurrently. 2049 func (f *http2Framer) WriteSettings(settings ...http2Setting) error { 2050 f.startWrite(http2FrameSettings, 0, 0) 2051 for _, s := range settings { 2052 f.writeUint16(uint16(s.ID)) 2053 f.writeUint32(s.Val) 2054 } 2055 return f.endWrite() 2056 } 2057 2058 // WriteSettingsAck writes an empty SETTINGS frame with the ACK bit set. 2059 // 2060 // It will perform exactly one Write to the underlying Writer. 2061 // It is the caller's responsibility to not call other Write methods concurrently. 2062 func (f *http2Framer) WriteSettingsAck() error { 2063 f.startWrite(http2FrameSettings, http2FlagSettingsAck, 0) 2064 return f.endWrite() 2065 } 2066 2067 // A PingFrame is a mechanism for measuring a minimal round trip time 2068 // from the sender, as well as determining whether an idle connection 2069 // is still functional. 2070 // See http://http2.github.io/http2-spec/#rfc.section.6.7 2071 type http2PingFrame struct { 2072 http2FrameHeader 2073 Data [8]byte 2074 } 2075 2076 func (f *http2PingFrame) IsAck() bool { return f.Flags.Has(http2FlagPingAck) } 2077 2078 func http2parsePingFrame(_ *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) { 2079 if len(payload) != 8 { 2080 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2081 } 2082 if fh.StreamID != 0 { 2083 return nil, http2ConnectionError(http2ErrCodeProtocol) 2084 } 2085 f := &http2PingFrame{http2FrameHeader: fh} 2086 copy(f.Data[:], payload) 2087 return f, nil 2088 } 2089 2090 func (f *http2Framer) WritePing(ack bool, data [8]byte) error { 2091 var flags http2Flags 2092 if ack { 2093 flags = http2FlagPingAck 2094 } 2095 f.startWrite(http2FramePing, flags, 0) 2096 f.writeBytes(data[:]) 2097 return f.endWrite() 2098 } 2099 2100 // A GoAwayFrame informs the remote peer to stop creating streams on this connection. 2101 // See http://http2.github.io/http2-spec/#rfc.section.6.8 2102 type http2GoAwayFrame struct { 2103 http2FrameHeader 2104 LastStreamID uint32 2105 ErrCode http2ErrCode 2106 debugData []byte 2107 } 2108 2109 // DebugData returns any debug data in the GOAWAY frame. Its contents 2110 // are not defined. 2111 // The caller must not retain the returned memory past the next 2112 // call to ReadFrame. 2113 func (f *http2GoAwayFrame) DebugData() []byte { 2114 f.checkValid() 2115 return f.debugData 2116 } 2117 2118 func http2parseGoAwayFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2119 if fh.StreamID != 0 { 2120 return nil, http2ConnectionError(http2ErrCodeProtocol) 2121 } 2122 if len(p) < 8 { 2123 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2124 } 2125 return &http2GoAwayFrame{ 2126 http2FrameHeader: fh, 2127 LastStreamID: binary.BigEndian.Uint32(p[:4]) & (1<<31 - 1), 2128 ErrCode: http2ErrCode(binary.BigEndian.Uint32(p[4:8])), 2129 debugData: p[8:], 2130 }, nil 2131 } 2132 2133 func (f *http2Framer) WriteGoAway(maxStreamID uint32, code http2ErrCode, debugData []byte) error { 2134 f.startWrite(http2FrameGoAway, 0, 0) 2135 f.writeUint32(maxStreamID & (1<<31 - 1)) 2136 f.writeUint32(uint32(code)) 2137 f.writeBytes(debugData) 2138 return f.endWrite() 2139 } 2140 2141 // An UnknownFrame is the frame type returned when the frame type is unknown 2142 // or no specific frame type parser exists. 2143 type http2UnknownFrame struct { 2144 http2FrameHeader 2145 p []byte 2146 } 2147 2148 // Payload returns the frame's payload (after the header). It is not 2149 // valid to call this method after a subsequent call to 2150 // Framer.ReadFrame, nor is it valid to retain the returned slice. 2151 // The memory is owned by the Framer and is invalidated when the next 2152 // frame is read. 2153 func (f *http2UnknownFrame) Payload() []byte { 2154 f.checkValid() 2155 return f.p 2156 } 2157 2158 func http2parseUnknownFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2159 return &http2UnknownFrame{fh, p}, nil 2160 } 2161 2162 // A WindowUpdateFrame is used to implement flow control. 2163 // See http://http2.github.io/http2-spec/#rfc.section.6.9 2164 type http2WindowUpdateFrame struct { 2165 http2FrameHeader 2166 Increment uint32 // never read with high bit set 2167 } 2168 2169 func http2parseWindowUpdateFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2170 if len(p) != 4 { 2171 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2172 } 2173 inc := binary.BigEndian.Uint32(p[:4]) & 0x7fffffff // mask off high reserved bit 2174 if inc == 0 { 2175 // A receiver MUST treat the receipt of a 2176 // WINDOW_UPDATE frame with an flow control window 2177 // increment of 0 as a stream error (Section 5.4.2) of 2178 // type PROTOCOL_ERROR; errors on the connection flow 2179 // control window MUST be treated as a connection 2180 // error (Section 5.4.1). 2181 if fh.StreamID == 0 { 2182 return nil, http2ConnectionError(http2ErrCodeProtocol) 2183 } 2184 return nil, http2streamError(fh.StreamID, http2ErrCodeProtocol) 2185 } 2186 return &http2WindowUpdateFrame{ 2187 http2FrameHeader: fh, 2188 Increment: inc, 2189 }, nil 2190 } 2191 2192 // WriteWindowUpdate writes a WINDOW_UPDATE frame. 2193 // The increment value must be between 1 and 2,147,483,647, inclusive. 2194 // If the Stream ID is zero, the window update applies to the 2195 // connection as a whole. 2196 func (f *http2Framer) WriteWindowUpdate(streamID, incr uint32) error { 2197 // "The legal range for the increment to the flow control window is 1 to 2^31-1 (2,147,483,647) octets." 2198 if (incr < 1 || incr > 2147483647) && !f.AllowIllegalWrites { 2199 return errors.New("illegal window increment value") 2200 } 2201 f.startWrite(http2FrameWindowUpdate, 0, streamID) 2202 f.writeUint32(incr) 2203 return f.endWrite() 2204 } 2205 2206 // A HeadersFrame is used to open a stream and additionally carries a 2207 // header block fragment. 2208 type http2HeadersFrame struct { 2209 http2FrameHeader 2210 2211 // Priority is set if FlagHeadersPriority is set in the FrameHeader. 2212 Priority http2PriorityParam 2213 2214 headerFragBuf []byte // not owned 2215 } 2216 2217 func (f *http2HeadersFrame) HeaderBlockFragment() []byte { 2218 f.checkValid() 2219 return f.headerFragBuf 2220 } 2221 2222 func (f *http2HeadersFrame) HeadersEnded() bool { 2223 return f.http2FrameHeader.Flags.Has(http2FlagHeadersEndHeaders) 2224 } 2225 2226 func (f *http2HeadersFrame) StreamEnded() bool { 2227 return f.http2FrameHeader.Flags.Has(http2FlagHeadersEndStream) 2228 } 2229 2230 func (f *http2HeadersFrame) HasPriority() bool { 2231 return f.http2FrameHeader.Flags.Has(http2FlagHeadersPriority) 2232 } 2233 2234 func http2parseHeadersFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (_ http2Frame, err error) { 2235 hf := &http2HeadersFrame{ 2236 http2FrameHeader: fh, 2237 } 2238 if fh.StreamID == 0 { 2239 // HEADERS frames MUST be associated with a stream. If a HEADERS frame 2240 // is received whose stream identifier field is 0x0, the recipient MUST 2241 // respond with a connection error (Section 5.4.1) of type 2242 // PROTOCOL_ERROR. 2243 return nil, http2connError{http2ErrCodeProtocol, "HEADERS frame with stream ID 0"} 2244 } 2245 var padLength uint8 2246 if fh.Flags.Has(http2FlagHeadersPadded) { 2247 if p, padLength, err = http2readByte(p); err != nil { 2248 return 2249 } 2250 } 2251 if fh.Flags.Has(http2FlagHeadersPriority) { 2252 var v uint32 2253 p, v, err = http2readUint32(p) 2254 if err != nil { 2255 return nil, err 2256 } 2257 hf.Priority.StreamDep = v & 0x7fffffff 2258 hf.Priority.Exclusive = (v != hf.Priority.StreamDep) // high bit was set 2259 p, hf.Priority.Weight, err = http2readByte(p) 2260 if err != nil { 2261 return nil, err 2262 } 2263 } 2264 if len(p)-int(padLength) <= 0 { 2265 return nil, http2streamError(fh.StreamID, http2ErrCodeProtocol) 2266 } 2267 hf.headerFragBuf = p[:len(p)-int(padLength)] 2268 return hf, nil 2269 } 2270 2271 // HeadersFrameParam are the parameters for writing a HEADERS frame. 2272 type http2HeadersFrameParam struct { 2273 // StreamID is the required Stream ID to initiate. 2274 StreamID uint32 2275 // BlockFragment is part (or all) of a Header Block. 2276 BlockFragment []byte 2277 2278 // EndStream indicates that the header block is the last that 2279 // the endpoint will send for the identified stream. Setting 2280 // this flag causes the stream to enter one of "half closed" 2281 // states. 2282 EndStream bool 2283 2284 // EndHeaders indicates that this frame contains an entire 2285 // header block and is not followed by any 2286 // CONTINUATION frames. 2287 EndHeaders bool 2288 2289 // PadLength is the optional number of bytes of zeros to add 2290 // to this frame. 2291 PadLength uint8 2292 2293 // Priority, if non-zero, includes stream priority information 2294 // in the HEADER frame. 2295 Priority http2PriorityParam 2296 } 2297 2298 // WriteHeaders writes a single HEADERS frame. 2299 // 2300 // This is a low-level header writing method. Encoding headers and 2301 // splitting them into any necessary CONTINUATION frames is handled 2302 // elsewhere. 2303 // 2304 // It will perform exactly one Write to the underlying Writer. 2305 // It is the caller's responsibility to not call other Write methods concurrently. 2306 func (f *http2Framer) WriteHeaders(p http2HeadersFrameParam) error { 2307 if !http2validStreamID(p.StreamID) && !f.AllowIllegalWrites { 2308 return http2errStreamID 2309 } 2310 var flags http2Flags 2311 if p.PadLength != 0 { 2312 flags |= http2FlagHeadersPadded 2313 } 2314 if p.EndStream { 2315 flags |= http2FlagHeadersEndStream 2316 } 2317 if p.EndHeaders { 2318 flags |= http2FlagHeadersEndHeaders 2319 } 2320 if !p.Priority.IsZero() { 2321 flags |= http2FlagHeadersPriority 2322 } 2323 f.startWrite(http2FrameHeaders, flags, p.StreamID) 2324 if p.PadLength != 0 { 2325 f.writeByte(p.PadLength) 2326 } 2327 if !p.Priority.IsZero() { 2328 v := p.Priority.StreamDep 2329 if !http2validStreamIDOrZero(v) && !f.AllowIllegalWrites { 2330 return http2errDepStreamID 2331 } 2332 if p.Priority.Exclusive { 2333 v |= 1 << 31 2334 } 2335 f.writeUint32(v) 2336 f.writeByte(p.Priority.Weight) 2337 } 2338 f.wbuf = append(f.wbuf, p.BlockFragment...) 2339 f.wbuf = append(f.wbuf, http2padZeros[:p.PadLength]...) 2340 return f.endWrite() 2341 } 2342 2343 // A PriorityFrame specifies the sender-advised priority of a stream. 2344 // See http://http2.github.io/http2-spec/#rfc.section.6.3 2345 type http2PriorityFrame struct { 2346 http2FrameHeader 2347 http2PriorityParam 2348 } 2349 2350 // PriorityParam are the stream prioritzation parameters. 2351 type http2PriorityParam struct { 2352 // StreamDep is a 31-bit stream identifier for the 2353 // stream that this stream depends on. Zero means no 2354 // dependency. 2355 StreamDep uint32 2356 2357 // Exclusive is whether the dependency is exclusive. 2358 Exclusive bool 2359 2360 // Weight is the stream's zero-indexed weight. It should be 2361 // set together with StreamDep, or neither should be set. Per 2362 // the spec, "Add one to the value to obtain a weight between 2363 // 1 and 256." 2364 Weight uint8 2365 } 2366 2367 func (p http2PriorityParam) IsZero() bool { 2368 return p == http2PriorityParam{} 2369 } 2370 2371 func http2parsePriorityFrame(_ *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) { 2372 if fh.StreamID == 0 { 2373 return nil, http2connError{http2ErrCodeProtocol, "PRIORITY frame with stream ID 0"} 2374 } 2375 if len(payload) != 5 { 2376 return nil, http2connError{http2ErrCodeFrameSize, fmt.Sprintf("PRIORITY frame payload size was %d; want 5", len(payload))} 2377 } 2378 v := binary.BigEndian.Uint32(payload[:4]) 2379 streamID := v & 0x7fffffff // mask off high bit 2380 return &http2PriorityFrame{ 2381 http2FrameHeader: fh, 2382 http2PriorityParam: http2PriorityParam{ 2383 Weight: payload[4], 2384 StreamDep: streamID, 2385 Exclusive: streamID != v, // was high bit set? 2386 }, 2387 }, nil 2388 } 2389 2390 // WritePriority writes a PRIORITY frame. 2391 // 2392 // It will perform exactly one Write to the underlying Writer. 2393 // It is the caller's responsibility to not call other Write methods concurrently. 2394 func (f *http2Framer) WritePriority(streamID uint32, p http2PriorityParam) error { 2395 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 2396 return http2errStreamID 2397 } 2398 if !http2validStreamIDOrZero(p.StreamDep) { 2399 return http2errDepStreamID 2400 } 2401 f.startWrite(http2FramePriority, 0, streamID) 2402 v := p.StreamDep 2403 if p.Exclusive { 2404 v |= 1 << 31 2405 } 2406 f.writeUint32(v) 2407 f.writeByte(p.Weight) 2408 return f.endWrite() 2409 } 2410 2411 // A RSTStreamFrame allows for abnormal termination of a stream. 2412 // See http://http2.github.io/http2-spec/#rfc.section.6.4 2413 type http2RSTStreamFrame struct { 2414 http2FrameHeader 2415 ErrCode http2ErrCode 2416 } 2417 2418 func http2parseRSTStreamFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2419 if len(p) != 4 { 2420 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2421 } 2422 if fh.StreamID == 0 { 2423 return nil, http2ConnectionError(http2ErrCodeProtocol) 2424 } 2425 return &http2RSTStreamFrame{fh, http2ErrCode(binary.BigEndian.Uint32(p[:4]))}, nil 2426 } 2427 2428 // WriteRSTStream writes a RST_STREAM frame. 2429 // 2430 // It will perform exactly one Write to the underlying Writer. 2431 // It is the caller's responsibility to not call other Write methods concurrently. 2432 func (f *http2Framer) WriteRSTStream(streamID uint32, code http2ErrCode) error { 2433 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 2434 return http2errStreamID 2435 } 2436 f.startWrite(http2FrameRSTStream, 0, streamID) 2437 f.writeUint32(uint32(code)) 2438 return f.endWrite() 2439 } 2440 2441 // A ContinuationFrame is used to continue a sequence of header block fragments. 2442 // See http://http2.github.io/http2-spec/#rfc.section.6.10 2443 type http2ContinuationFrame struct { 2444 http2FrameHeader 2445 headerFragBuf []byte 2446 } 2447 2448 func http2parseContinuationFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2449 if fh.StreamID == 0 { 2450 return nil, http2connError{http2ErrCodeProtocol, "CONTINUATION frame with stream ID 0"} 2451 } 2452 return &http2ContinuationFrame{fh, p}, nil 2453 } 2454 2455 func (f *http2ContinuationFrame) HeaderBlockFragment() []byte { 2456 f.checkValid() 2457 return f.headerFragBuf 2458 } 2459 2460 func (f *http2ContinuationFrame) HeadersEnded() bool { 2461 return f.http2FrameHeader.Flags.Has(http2FlagContinuationEndHeaders) 2462 } 2463 2464 // WriteContinuation writes a CONTINUATION frame. 2465 // 2466 // It will perform exactly one Write to the underlying Writer. 2467 // It is the caller's responsibility to not call other Write methods concurrently. 2468 func (f *http2Framer) WriteContinuation(streamID uint32, endHeaders bool, headerBlockFragment []byte) error { 2469 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 2470 return http2errStreamID 2471 } 2472 var flags http2Flags 2473 if endHeaders { 2474 flags |= http2FlagContinuationEndHeaders 2475 } 2476 f.startWrite(http2FrameContinuation, flags, streamID) 2477 f.wbuf = append(f.wbuf, headerBlockFragment...) 2478 return f.endWrite() 2479 } 2480 2481 // A PushPromiseFrame is used to initiate a server stream. 2482 // See http://http2.github.io/http2-spec/#rfc.section.6.6 2483 type http2PushPromiseFrame struct { 2484 http2FrameHeader 2485 PromiseID uint32 2486 headerFragBuf []byte // not owned 2487 } 2488 2489 func (f *http2PushPromiseFrame) HeaderBlockFragment() []byte { 2490 f.checkValid() 2491 return f.headerFragBuf 2492 } 2493 2494 func (f *http2PushPromiseFrame) HeadersEnded() bool { 2495 return f.http2FrameHeader.Flags.Has(http2FlagPushPromiseEndHeaders) 2496 } 2497 2498 func http2parsePushPromise(_ *http2frameCache, fh http2FrameHeader, p []byte) (_ http2Frame, err error) { 2499 pp := &http2PushPromiseFrame{ 2500 http2FrameHeader: fh, 2501 } 2502 if pp.StreamID == 0 { 2503 // PUSH_PROMISE frames MUST be associated with an existing, 2504 // peer-initiated stream. The stream identifier of a 2505 // PUSH_PROMISE frame indicates the stream it is associated 2506 // with. If the stream identifier field specifies the value 2507 // 0x0, a recipient MUST respond with a connection error 2508 // (Section 5.4.1) of type PROTOCOL_ERROR. 2509 return nil, http2ConnectionError(http2ErrCodeProtocol) 2510 } 2511 // The PUSH_PROMISE frame includes optional padding. 2512 // Padding fields and flags are identical to those defined for DATA frames 2513 var padLength uint8 2514 if fh.Flags.Has(http2FlagPushPromisePadded) { 2515 if p, padLength, err = http2readByte(p); err != nil { 2516 return 2517 } 2518 } 2519 2520 p, pp.PromiseID, err = http2readUint32(p) 2521 if err != nil { 2522 return 2523 } 2524 pp.PromiseID = pp.PromiseID & (1<<31 - 1) 2525 2526 if int(padLength) > len(p) { 2527 // like the DATA frame, error out if padding is longer than the body. 2528 return nil, http2ConnectionError(http2ErrCodeProtocol) 2529 } 2530 pp.headerFragBuf = p[:len(p)-int(padLength)] 2531 return pp, nil 2532 } 2533 2534 // PushPromiseParam are the parameters for writing a PUSH_PROMISE frame. 2535 type http2PushPromiseParam struct { 2536 // StreamID is the required Stream ID to initiate. 2537 StreamID uint32 2538 2539 // PromiseID is the required Stream ID which this 2540 // Push Promises 2541 PromiseID uint32 2542 2543 // BlockFragment is part (or all) of a Header Block. 2544 BlockFragment []byte 2545 2546 // EndHeaders indicates that this frame contains an entire 2547 // header block and is not followed by any 2548 // CONTINUATION frames. 2549 EndHeaders bool 2550 2551 // PadLength is the optional number of bytes of zeros to add 2552 // to this frame. 2553 PadLength uint8 2554 } 2555 2556 // WritePushPromise writes a single PushPromise Frame. 2557 // 2558 // As with Header Frames, This is the low level call for writing 2559 // individual frames. Continuation frames are handled elsewhere. 2560 // 2561 // It will perform exactly one Write to the underlying Writer. 2562 // It is the caller's responsibility to not call other Write methods concurrently. 2563 func (f *http2Framer) WritePushPromise(p http2PushPromiseParam) error { 2564 if !http2validStreamID(p.StreamID) && !f.AllowIllegalWrites { 2565 return http2errStreamID 2566 } 2567 var flags http2Flags 2568 if p.PadLength != 0 { 2569 flags |= http2FlagPushPromisePadded 2570 } 2571 if p.EndHeaders { 2572 flags |= http2FlagPushPromiseEndHeaders 2573 } 2574 f.startWrite(http2FramePushPromise, flags, p.StreamID) 2575 if p.PadLength != 0 { 2576 f.writeByte(p.PadLength) 2577 } 2578 if !http2validStreamID(p.PromiseID) && !f.AllowIllegalWrites { 2579 return http2errStreamID 2580 } 2581 f.writeUint32(p.PromiseID) 2582 f.wbuf = append(f.wbuf, p.BlockFragment...) 2583 f.wbuf = append(f.wbuf, http2padZeros[:p.PadLength]...) 2584 return f.endWrite() 2585 } 2586 2587 // WriteRawFrame writes a raw frame. This can be used to write 2588 // extension frames unknown to this package. 2589 func (f *http2Framer) WriteRawFrame(t http2FrameType, flags http2Flags, streamID uint32, payload []byte) error { 2590 f.startWrite(t, flags, streamID) 2591 f.writeBytes(payload) 2592 return f.endWrite() 2593 } 2594 2595 func http2readByte(p []byte) (remain []byte, b byte, err error) { 2596 if len(p) == 0 { 2597 return nil, 0, io.ErrUnexpectedEOF 2598 } 2599 return p[1:], p[0], nil 2600 } 2601 2602 func http2readUint32(p []byte) (remain []byte, v uint32, err error) { 2603 if len(p) < 4 { 2604 return nil, 0, io.ErrUnexpectedEOF 2605 } 2606 return p[4:], binary.BigEndian.Uint32(p[:4]), nil 2607 } 2608 2609 type http2streamEnder interface { 2610 StreamEnded() bool 2611 } 2612 2613 type http2headersEnder interface { 2614 HeadersEnded() bool 2615 } 2616 2617 type http2headersOrContinuation interface { 2618 http2headersEnder 2619 HeaderBlockFragment() []byte 2620 } 2621 2622 // A MetaHeadersFrame is the representation of one HEADERS frame and 2623 // zero or more contiguous CONTINUATION frames and the decoding of 2624 // their HPACK-encoded contents. 2625 // 2626 // This type of frame does not appear on the wire and is only returned 2627 // by the Framer when Framer.ReadMetaHeaders is set. 2628 type http2MetaHeadersFrame struct { 2629 *http2HeadersFrame 2630 2631 // Fields are the fields contained in the HEADERS and 2632 // CONTINUATION frames. The underlying slice is owned by the 2633 // Framer and must not be retained after the next call to 2634 // ReadFrame. 2635 // 2636 // Fields are guaranteed to be in the correct http2 order and 2637 // not have unknown pseudo header fields or invalid header 2638 // field names or values. Required pseudo header fields may be 2639 // missing, however. Use the MetaHeadersFrame.Pseudo accessor 2640 // method access pseudo headers. 2641 Fields []hpack.HeaderField 2642 2643 // Truncated is whether the max header list size limit was hit 2644 // and Fields is incomplete. The hpack decoder state is still 2645 // valid, however. 2646 Truncated bool 2647 } 2648 2649 // PseudoValue returns the given pseudo header field's value. 2650 // The provided pseudo field should not contain the leading colon. 2651 func (mh *http2MetaHeadersFrame) PseudoValue(pseudo string) string { 2652 for _, hf := range mh.Fields { 2653 if !hf.IsPseudo() { 2654 return "" 2655 } 2656 if hf.Name[1:] == pseudo { 2657 return hf.Value 2658 } 2659 } 2660 return "" 2661 } 2662 2663 // RegularFields returns the regular (non-pseudo) header fields of mh. 2664 // The caller does not own the returned slice. 2665 func (mh *http2MetaHeadersFrame) RegularFields() []hpack.HeaderField { 2666 for i, hf := range mh.Fields { 2667 if !hf.IsPseudo() { 2668 return mh.Fields[i:] 2669 } 2670 } 2671 return nil 2672 } 2673 2674 // PseudoFields returns the pseudo header fields of mh. 2675 // The caller does not own the returned slice. 2676 func (mh *http2MetaHeadersFrame) PseudoFields() []hpack.HeaderField { 2677 for i, hf := range mh.Fields { 2678 if !hf.IsPseudo() { 2679 return mh.Fields[:i] 2680 } 2681 } 2682 return mh.Fields 2683 } 2684 2685 func (mh *http2MetaHeadersFrame) checkPseudos() error { 2686 var isRequest, isResponse bool 2687 pf := mh.PseudoFields() 2688 for i, hf := range pf { 2689 switch hf.Name { 2690 case ":method", ":path", ":scheme", ":authority": 2691 isRequest = true 2692 case ":status": 2693 isResponse = true 2694 default: 2695 return http2pseudoHeaderError(hf.Name) 2696 } 2697 // Check for duplicates. 2698 // This would be a bad algorithm, but N is 4. 2699 // And this doesn't allocate. 2700 for _, hf2 := range pf[:i] { 2701 if hf.Name == hf2.Name { 2702 return http2duplicatePseudoHeaderError(hf.Name) 2703 } 2704 } 2705 } 2706 if isRequest && isResponse { 2707 return http2errMixPseudoHeaderTypes 2708 } 2709 return nil 2710 } 2711 2712 func (fr *http2Framer) maxHeaderStringLen() int { 2713 v := fr.maxHeaderListSize() 2714 if uint32(int(v)) == v { 2715 return int(v) 2716 } 2717 // They had a crazy big number for MaxHeaderBytes anyway, 2718 // so give them unlimited header lengths: 2719 return 0 2720 } 2721 2722 // readMetaFrame returns 0 or more CONTINUATION frames from fr and 2723 // merge them into the provided hf and returns a MetaHeadersFrame 2724 // with the decoded hpack values. 2725 func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFrame, error) { 2726 if fr.AllowIllegalReads { 2727 return nil, errors.New("illegal use of AllowIllegalReads with ReadMetaHeaders") 2728 } 2729 mh := &http2MetaHeadersFrame{ 2730 http2HeadersFrame: hf, 2731 } 2732 var remainSize = fr.maxHeaderListSize() 2733 var sawRegular bool 2734 2735 var invalid error // pseudo header field errors 2736 hdec := fr.ReadMetaHeaders 2737 hdec.SetEmitEnabled(true) 2738 hdec.SetMaxStringLength(fr.maxHeaderStringLen()) 2739 hdec.SetEmitFunc(func(hf hpack.HeaderField) { 2740 if http2VerboseLogs && fr.logReads { 2741 fr.debugReadLoggerf("http2: decoded hpack field %+v", hf) 2742 } 2743 if !httpguts.ValidHeaderFieldValue(hf.Value) { 2744 invalid = http2headerFieldValueError(hf.Value) 2745 } 2746 isPseudo := strings.HasPrefix(hf.Name, ":") 2747 if isPseudo { 2748 if sawRegular { 2749 invalid = http2errPseudoAfterRegular 2750 } 2751 } else { 2752 sawRegular = true 2753 if !http2validWireHeaderFieldName(hf.Name) { 2754 invalid = http2headerFieldNameError(hf.Name) 2755 } 2756 } 2757 2758 if invalid != nil { 2759 hdec.SetEmitEnabled(false) 2760 return 2761 } 2762 2763 size := hf.Size() 2764 if size > remainSize { 2765 hdec.SetEmitEnabled(false) 2766 mh.Truncated = true 2767 return 2768 } 2769 remainSize -= size 2770 2771 mh.Fields = append(mh.Fields, hf) 2772 }) 2773 // Lose reference to MetaHeadersFrame: 2774 defer hdec.SetEmitFunc(func(hf hpack.HeaderField) {}) 2775 2776 var hc http2headersOrContinuation = hf 2777 for { 2778 frag := hc.HeaderBlockFragment() 2779 if _, err := hdec.Write(frag); err != nil { 2780 return nil, http2ConnectionError(http2ErrCodeCompression) 2781 } 2782 2783 if hc.HeadersEnded() { 2784 break 2785 } 2786 if f, err := fr.ReadFrame(); err != nil { 2787 return nil, err 2788 } else { 2789 hc = f.(*http2ContinuationFrame) // guaranteed by checkFrameOrder 2790 } 2791 } 2792 2793 mh.http2HeadersFrame.headerFragBuf = nil 2794 mh.http2HeadersFrame.invalidate() 2795 2796 if err := hdec.Close(); err != nil { 2797 return nil, http2ConnectionError(http2ErrCodeCompression) 2798 } 2799 if invalid != nil { 2800 fr.errDetail = invalid 2801 if http2VerboseLogs { 2802 log.Printf("http2: invalid header: %v", invalid) 2803 } 2804 return nil, http2StreamError{mh.StreamID, http2ErrCodeProtocol, invalid} 2805 } 2806 if err := mh.checkPseudos(); err != nil { 2807 fr.errDetail = err 2808 if http2VerboseLogs { 2809 log.Printf("http2: invalid pseudo headers: %v", err) 2810 } 2811 return nil, http2StreamError{mh.StreamID, http2ErrCodeProtocol, err} 2812 } 2813 return mh, nil 2814 } 2815 2816 func http2summarizeFrame(f http2Frame) string { 2817 var buf bytes.Buffer 2818 f.Header().writeDebug(&buf) 2819 switch f := f.(type) { 2820 case *http2SettingsFrame: 2821 n := 0 2822 f.ForeachSetting(func(s http2Setting) error { 2823 n++ 2824 if n == 1 { 2825 buf.WriteString(", settings:") 2826 } 2827 fmt.Fprintf(&buf, " %v=%v,", s.ID, s.Val) 2828 return nil 2829 }) 2830 if n > 0 { 2831 buf.Truncate(buf.Len() - 1) // remove trailing comma 2832 } 2833 case *http2DataFrame: 2834 data := f.Data() 2835 const max = 256 2836 if len(data) > max { 2837 data = data[:max] 2838 } 2839 fmt.Fprintf(&buf, " data=%q", data) 2840 if len(f.Data()) > max { 2841 fmt.Fprintf(&buf, " (%d bytes omitted)", len(f.Data())-max) 2842 } 2843 case *http2WindowUpdateFrame: 2844 if f.StreamID == 0 { 2845 buf.WriteString(" (conn)") 2846 } 2847 fmt.Fprintf(&buf, " incr=%v", f.Increment) 2848 case *http2PingFrame: 2849 fmt.Fprintf(&buf, " ping=%q", f.Data[:]) 2850 case *http2GoAwayFrame: 2851 fmt.Fprintf(&buf, " LastStreamID=%v ErrCode=%v Debug=%q", 2852 f.LastStreamID, f.ErrCode, f.debugData) 2853 case *http2RSTStreamFrame: 2854 fmt.Fprintf(&buf, " ErrCode=%v", f.ErrCode) 2855 } 2856 return buf.String() 2857 } 2858 2859 func http2traceHasWroteHeaderField(trace *httptrace.ClientTrace) bool { 2860 return trace != nil && trace.WroteHeaderField != nil 2861 } 2862 2863 func http2traceWroteHeaderField(trace *httptrace.ClientTrace, k, v string) { 2864 if trace != nil && trace.WroteHeaderField != nil { 2865 trace.WroteHeaderField(k, []string{v}) 2866 } 2867 } 2868 2869 func http2traceGot1xxResponseFunc(trace *httptrace.ClientTrace) func(int, textproto.MIMEHeader) error { 2870 if trace != nil { 2871 return trace.Got1xxResponse 2872 } 2873 return nil 2874 } 2875 2876 var http2DebugGoroutines = os.Getenv("DEBUG_HTTP2_GOROUTINES") == "1" 2877 2878 type http2goroutineLock uint64 2879 2880 func http2newGoroutineLock() http2goroutineLock { 2881 if !http2DebugGoroutines { 2882 return 0 2883 } 2884 return http2goroutineLock(http2curGoroutineID()) 2885 } 2886 2887 func (g http2goroutineLock) check() { 2888 if !http2DebugGoroutines { 2889 return 2890 } 2891 if http2curGoroutineID() != uint64(g) { 2892 panic("running on the wrong goroutine") 2893 } 2894 } 2895 2896 func (g http2goroutineLock) checkNotOn() { 2897 if !http2DebugGoroutines { 2898 return 2899 } 2900 if http2curGoroutineID() == uint64(g) { 2901 panic("running on the wrong goroutine") 2902 } 2903 } 2904 2905 var http2goroutineSpace = []byte("goroutine ") 2906 2907 func http2curGoroutineID() uint64 { 2908 bp := http2littleBuf.Get().(*[]byte) 2909 defer http2littleBuf.Put(bp) 2910 b := *bp 2911 b = b[:runtime.Stack(b, false)] 2912 // Parse the 4707 out of "goroutine 4707 [" 2913 b = bytes.TrimPrefix(b, http2goroutineSpace) 2914 i := bytes.IndexByte(b, ' ') 2915 if i < 0 { 2916 panic(fmt.Sprintf("No space found in %q", b)) 2917 } 2918 b = b[:i] 2919 n, err := http2parseUintBytes(b, 10, 64) 2920 if err != nil { 2921 panic(fmt.Sprintf("Failed to parse goroutine ID out of %q: %v", b, err)) 2922 } 2923 return n 2924 } 2925 2926 var http2littleBuf = sync.Pool{ 2927 New: func() interface{} { 2928 buf := make([]byte, 64) 2929 return &buf 2930 }, 2931 } 2932 2933 // parseUintBytes is like strconv.ParseUint, but using a []byte. 2934 func http2parseUintBytes(s []byte, base int, bitSize int) (n uint64, err error) { 2935 var cutoff, maxVal uint64 2936 2937 if bitSize == 0 { 2938 bitSize = int(strconv.IntSize) 2939 } 2940 2941 s0 := s 2942 switch { 2943 case len(s) < 1: 2944 err = strconv.ErrSyntax 2945 goto Error 2946 2947 case 2 <= base && base <= 36: 2948 // valid base; nothing to do 2949 2950 case base == 0: 2951 // Look for octal, hex prefix. 2952 switch { 2953 case s[0] == '0' && len(s) > 1 && (s[1] == 'x' || s[1] == 'X'): 2954 base = 16 2955 s = s[2:] 2956 if len(s) < 1 { 2957 err = strconv.ErrSyntax 2958 goto Error 2959 } 2960 case s[0] == '0': 2961 base = 8 2962 default: 2963 base = 10 2964 } 2965 2966 default: 2967 err = errors.New("invalid base " + strconv.Itoa(base)) 2968 goto Error 2969 } 2970 2971 n = 0 2972 cutoff = http2cutoff64(base) 2973 maxVal = 1<<uint(bitSize) - 1 2974 2975 for i := 0; i < len(s); i++ { 2976 var v byte 2977 d := s[i] 2978 switch { 2979 case '0' <= d && d <= '9': 2980 v = d - '0' 2981 case 'a' <= d && d <= 'z': 2982 v = d - 'a' + 10 2983 case 'A' <= d && d <= 'Z': 2984 v = d - 'A' + 10 2985 default: 2986 n = 0 2987 err = strconv.ErrSyntax 2988 goto Error 2989 } 2990 if int(v) >= base { 2991 n = 0 2992 err = strconv.ErrSyntax 2993 goto Error 2994 } 2995 2996 if n >= cutoff { 2997 // n*base overflows 2998 n = 1<<64 - 1 2999 err = strconv.ErrRange 3000 goto Error 3001 } 3002 n *= uint64(base) 3003 3004 n1 := n + uint64(v) 3005 if n1 < n || n1 > maxVal { 3006 // n+v overflows 3007 n = 1<<64 - 1 3008 err = strconv.ErrRange 3009 goto Error 3010 } 3011 n = n1 3012 } 3013 3014 return n, nil 3015 3016 Error: 3017 return n, &strconv.NumError{Func: "ParseUint", Num: string(s0), Err: err} 3018 } 3019 3020 // Return the first number n such that n*base >= 1<<64. 3021 func http2cutoff64(base int) uint64 { 3022 if base < 2 { 3023 return 0 3024 } 3025 return (1<<64-1)/uint64(base) + 1 3026 } 3027 3028 var ( 3029 http2commonBuildOnce sync.Once 3030 http2commonLowerHeader map[string]string // Go-Canonical-Case -> lower-case 3031 http2commonCanonHeader map[string]string // lower-case -> Go-Canonical-Case 3032 ) 3033 3034 func http2buildCommonHeaderMapsOnce() { 3035 http2commonBuildOnce.Do(http2buildCommonHeaderMaps) 3036 } 3037 3038 func http2buildCommonHeaderMaps() { 3039 common := []string{ 3040 "accept", 3041 "accept-charset", 3042 "accept-encoding", 3043 "accept-language", 3044 "accept-ranges", 3045 "age", 3046 "access-control-allow-origin", 3047 "allow", 3048 "authorization", 3049 "cache-control", 3050 "content-disposition", 3051 "content-encoding", 3052 "content-language", 3053 "content-length", 3054 "content-location", 3055 "content-range", 3056 "content-type", 3057 "cookie", 3058 "date", 3059 "etag", 3060 "expect", 3061 "expires", 3062 "from", 3063 "host", 3064 "if-match", 3065 "if-modified-since", 3066 "if-none-match", 3067 "if-unmodified-since", 3068 "last-modified", 3069 "link", 3070 "location", 3071 "max-forwards", 3072 "proxy-authenticate", 3073 "proxy-authorization", 3074 "range", 3075 "referer", 3076 "refresh", 3077 "retry-after", 3078 "server", 3079 "set-cookie", 3080 "strict-transport-security", 3081 "trailer", 3082 "transfer-encoding", 3083 "user-agent", 3084 "vary", 3085 "via", 3086 "www-authenticate", 3087 } 3088 http2commonLowerHeader = make(map[string]string, len(common)) 3089 http2commonCanonHeader = make(map[string]string, len(common)) 3090 for _, v := range common { 3091 chk := CanonicalHeaderKey(v) 3092 http2commonLowerHeader[chk] = v 3093 http2commonCanonHeader[v] = chk 3094 } 3095 } 3096 3097 func http2lowerHeader(v string) string { 3098 http2buildCommonHeaderMapsOnce() 3099 if s, ok := http2commonLowerHeader[v]; ok { 3100 return s 3101 } 3102 return strings.ToLower(v) 3103 } 3104 3105 var ( 3106 http2VerboseLogs bool 3107 http2logFrameWrites bool 3108 http2logFrameReads bool 3109 http2inTests bool 3110 ) 3111 3112 func init() { 3113 e := os.Getenv("GODEBUG") 3114 if strings.Contains(e, "http2debug=1") { 3115 http2VerboseLogs = true 3116 } 3117 if strings.Contains(e, "http2debug=2") { 3118 http2VerboseLogs = true 3119 http2logFrameWrites = true 3120 http2logFrameReads = true 3121 } 3122 } 3123 3124 const ( 3125 // ClientPreface is the string that must be sent by new 3126 // connections from clients. 3127 http2ClientPreface = "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n" 3128 3129 // SETTINGS_MAX_FRAME_SIZE default 3130 // http://http2.github.io/http2-spec/#rfc.section.6.5.2 3131 http2initialMaxFrameSize = 16384 3132 3133 // NextProtoTLS is the NPN/ALPN protocol negotiated during 3134 // HTTP/2's TLS setup. 3135 http2NextProtoTLS = "h2" 3136 3137 // http://http2.github.io/http2-spec/#SettingValues 3138 http2initialHeaderTableSize = 4096 3139 3140 http2initialWindowSize = 65535 // 6.9.2 Initial Flow Control Window Size 3141 3142 http2defaultMaxReadFrameSize = 1 << 20 3143 ) 3144 3145 var ( 3146 http2clientPreface = []byte(http2ClientPreface) 3147 ) 3148 3149 type http2streamState int 3150 3151 // HTTP/2 stream states. 3152 // 3153 // See http://tools.ietf.org/html/rfc7540#section-5.1. 3154 // 3155 // For simplicity, the server code merges "reserved (local)" into 3156 // "half-closed (remote)". This is one less state transition to track. 3157 // The only downside is that we send PUSH_PROMISEs slightly less 3158 // liberally than allowable. More discussion here: 3159 // https://lists.w3.org/Archives/Public/ietf-http-wg/2016JulSep/0599.html 3160 // 3161 // "reserved (remote)" is omitted since the client code does not 3162 // support server push. 3163 const ( 3164 http2stateIdle http2streamState = iota 3165 http2stateOpen 3166 http2stateHalfClosedLocal 3167 http2stateHalfClosedRemote 3168 http2stateClosed 3169 ) 3170 3171 var http2stateName = [...]string{ 3172 http2stateIdle: "Idle", 3173 http2stateOpen: "Open", 3174 http2stateHalfClosedLocal: "HalfClosedLocal", 3175 http2stateHalfClosedRemote: "HalfClosedRemote", 3176 http2stateClosed: "Closed", 3177 } 3178 3179 func (st http2streamState) String() string { 3180 return http2stateName[st] 3181 } 3182 3183 // Setting is a setting parameter: which setting it is, and its value. 3184 type http2Setting struct { 3185 // ID is which setting is being set. 3186 // See http://http2.github.io/http2-spec/#SettingValues 3187 ID http2SettingID 3188 3189 // Val is the value. 3190 Val uint32 3191 } 3192 3193 func (s http2Setting) String() string { 3194 return fmt.Sprintf("[%v = %d]", s.ID, s.Val) 3195 } 3196 3197 // Valid reports whether the setting is valid. 3198 func (s http2Setting) Valid() error { 3199 // Limits and error codes from 6.5.2 Defined SETTINGS Parameters 3200 switch s.ID { 3201 case http2SettingEnablePush: 3202 if s.Val != 1 && s.Val != 0 { 3203 return http2ConnectionError(http2ErrCodeProtocol) 3204 } 3205 case http2SettingInitialWindowSize: 3206 if s.Val > 1<<31-1 { 3207 return http2ConnectionError(http2ErrCodeFlowControl) 3208 } 3209 case http2SettingMaxFrameSize: 3210 if s.Val < 16384 || s.Val > 1<<24-1 { 3211 return http2ConnectionError(http2ErrCodeProtocol) 3212 } 3213 } 3214 return nil 3215 } 3216 3217 // A SettingID is an HTTP/2 setting as defined in 3218 // http://http2.github.io/http2-spec/#iana-settings 3219 type http2SettingID uint16 3220 3221 const ( 3222 http2SettingHeaderTableSize http2SettingID = 0x1 3223 http2SettingEnablePush http2SettingID = 0x2 3224 http2SettingMaxConcurrentStreams http2SettingID = 0x3 3225 http2SettingInitialWindowSize http2SettingID = 0x4 3226 http2SettingMaxFrameSize http2SettingID = 0x5 3227 http2SettingMaxHeaderListSize http2SettingID = 0x6 3228 ) 3229 3230 var http2settingName = map[http2SettingID]string{ 3231 http2SettingHeaderTableSize: "HEADER_TABLE_SIZE", 3232 http2SettingEnablePush: "ENABLE_PUSH", 3233 http2SettingMaxConcurrentStreams: "MAX_CONCURRENT_STREAMS", 3234 http2SettingInitialWindowSize: "INITIAL_WINDOW_SIZE", 3235 http2SettingMaxFrameSize: "MAX_FRAME_SIZE", 3236 http2SettingMaxHeaderListSize: "MAX_HEADER_LIST_SIZE", 3237 } 3238 3239 func (s http2SettingID) String() string { 3240 if v, ok := http2settingName[s]; ok { 3241 return v 3242 } 3243 return fmt.Sprintf("UNKNOWN_SETTING_%d", uint16(s)) 3244 } 3245 3246 var ( 3247 http2errInvalidHeaderFieldName = errors.New("http2: invalid header field name") 3248 http2errInvalidHeaderFieldValue = errors.New("http2: invalid header field value") 3249 ) 3250 3251 // validWireHeaderFieldName reports whether v is a valid header field 3252 // name (key). See httpguts.ValidHeaderName for the base rules. 3253 // 3254 // Further, http2 says: 3255 // "Just as in HTTP/1.x, header field names are strings of ASCII 3256 // characters that are compared in a case-insensitive 3257 // fashion. However, header field names MUST be converted to 3258 // lowercase prior to their encoding in HTTP/2. " 3259 func http2validWireHeaderFieldName(v string) bool { 3260 if len(v) == 0 { 3261 return false 3262 } 3263 for _, r := range v { 3264 if !httpguts.IsTokenRune(r) { 3265 return false 3266 } 3267 if 'A' <= r && r <= 'Z' { 3268 return false 3269 } 3270 } 3271 return true 3272 } 3273 3274 func http2httpCodeString(code int) string { 3275 switch code { 3276 case 200: 3277 return "200" 3278 case 404: 3279 return "404" 3280 } 3281 return strconv.Itoa(code) 3282 } 3283 3284 // from pkg io 3285 type http2stringWriter interface { 3286 WriteString(s string) (n int, err error) 3287 } 3288 3289 // A gate lets two goroutines coordinate their activities. 3290 type http2gate chan struct{} 3291 3292 func (g http2gate) Done() { g <- struct{}{} } 3293 3294 func (g http2gate) Wait() { <-g } 3295 3296 // A closeWaiter is like a sync.WaitGroup but only goes 1 to 0 (open to closed). 3297 type http2closeWaiter chan struct{} 3298 3299 // Init makes a closeWaiter usable. 3300 // It exists because so a closeWaiter value can be placed inside a 3301 // larger struct and have the Mutex and Cond's memory in the same 3302 // allocation. 3303 func (cw *http2closeWaiter) Init() { 3304 *cw = make(chan struct{}) 3305 } 3306 3307 // Close marks the closeWaiter as closed and unblocks any waiters. 3308 func (cw http2closeWaiter) Close() { 3309 close(cw) 3310 } 3311 3312 // Wait waits for the closeWaiter to become closed. 3313 func (cw http2closeWaiter) Wait() { 3314 <-cw 3315 } 3316 3317 // bufferedWriter is a buffered writer that writes to w. 3318 // Its buffered writer is lazily allocated as needed, to minimize 3319 // idle memory usage with many connections. 3320 type http2bufferedWriter struct { 3321 w io.Writer // immutable 3322 bw *bufio.Writer // non-nil when data is buffered 3323 } 3324 3325 func http2newBufferedWriter(w io.Writer) *http2bufferedWriter { 3326 return &http2bufferedWriter{w: w} 3327 } 3328 3329 // bufWriterPoolBufferSize is the size of bufio.Writer's 3330 // buffers created using bufWriterPool. 3331 // 3332 // TODO: pick a less arbitrary value? this is a bit under 3333 // (3 x typical 1500 byte MTU) at least. Other than that, 3334 // not much thought went into it. 3335 const http2bufWriterPoolBufferSize = 4 << 10 3336 3337 var http2bufWriterPool = sync.Pool{ 3338 New: func() interface{} { 3339 return bufio.NewWriterSize(nil, http2bufWriterPoolBufferSize) 3340 }, 3341 } 3342 3343 func (w *http2bufferedWriter) Available() int { 3344 if w.bw == nil { 3345 return http2bufWriterPoolBufferSize 3346 } 3347 return w.bw.Available() 3348 } 3349 3350 func (w *http2bufferedWriter) Write(p []byte) (n int, err error) { 3351 if w.bw == nil { 3352 bw := http2bufWriterPool.Get().(*bufio.Writer) 3353 bw.Reset(w.w) 3354 w.bw = bw 3355 } 3356 return w.bw.Write(p) 3357 } 3358 3359 func (w *http2bufferedWriter) Flush() error { 3360 bw := w.bw 3361 if bw == nil { 3362 return nil 3363 } 3364 err := bw.Flush() 3365 bw.Reset(nil) 3366 http2bufWriterPool.Put(bw) 3367 w.bw = nil 3368 return err 3369 } 3370 3371 func http2mustUint31(v int32) uint32 { 3372 if v < 0 || v > 2147483647 { 3373 panic("out of range") 3374 } 3375 return uint32(v) 3376 } 3377 3378 // bodyAllowedForStatus reports whether a given response status code 3379 // permits a body. See RFC 7230, section 3.3. 3380 func http2bodyAllowedForStatus(status int) bool { 3381 switch { 3382 case status >= 100 && status <= 199: 3383 return false 3384 case status == 204: 3385 return false 3386 case status == 304: 3387 return false 3388 } 3389 return true 3390 } 3391 3392 type http2httpError struct { 3393 msg string 3394 timeout bool 3395 } 3396 3397 func (e *http2httpError) Error() string { return e.msg } 3398 3399 func (e *http2httpError) Timeout() bool { return e.timeout } 3400 3401 func (e *http2httpError) Temporary() bool { return true } 3402 3403 var http2errTimeout error = &http2httpError{msg: "http2: timeout awaiting response headers", timeout: true} 3404 3405 type http2connectionStater interface { 3406 ConnectionState() tls.ConnectionState 3407 } 3408 3409 var http2sorterPool = sync.Pool{New: func() interface{} { return new(http2sorter) }} 3410 3411 type http2sorter struct { 3412 v []string // owned by sorter 3413 } 3414 3415 func (s *http2sorter) Len() int { return len(s.v) } 3416 3417 func (s *http2sorter) Swap(i, j int) { s.v[i], s.v[j] = s.v[j], s.v[i] } 3418 3419 func (s *http2sorter) Less(i, j int) bool { return s.v[i] < s.v[j] } 3420 3421 // Keys returns the sorted keys of h. 3422 // 3423 // The returned slice is only valid until s used again or returned to 3424 // its pool. 3425 func (s *http2sorter) Keys(h Header) []string { 3426 keys := s.v[:0] 3427 for k := range h { 3428 keys = append(keys, k) 3429 } 3430 s.v = keys 3431 sort.Sort(s) 3432 return keys 3433 } 3434 3435 func (s *http2sorter) SortStrings(ss []string) { 3436 // Our sorter works on s.v, which sorter owns, so 3437 // stash it away while we sort the user's buffer. 3438 save := s.v 3439 s.v = ss 3440 sort.Sort(s) 3441 s.v = save 3442 } 3443 3444 // validPseudoPath reports whether v is a valid :path pseudo-header 3445 // value. It must be either: 3446 // 3447 // *) a non-empty string starting with '/' 3448 // *) the string '*', for OPTIONS requests. 3449 // 3450 // For now this is only used a quick check for deciding when to clean 3451 // up Opaque URLs before sending requests from the Transport. 3452 // See golang.org/issue/16847 3453 // 3454 // We used to enforce that the path also didn't start with "//", but 3455 // Google's GFE accepts such paths and Chrome sends them, so ignore 3456 // that part of the spec. See golang.org/issue/19103. 3457 func http2validPseudoPath(v string) bool { 3458 return (len(v) > 0 && v[0] == '/') || v == "*" 3459 } 3460 3461 // pipe is a goroutine-safe io.Reader/io.Writer pair. It's like 3462 // io.Pipe except there are no PipeReader/PipeWriter halves, and the 3463 // underlying buffer is an interface. (io.Pipe is always unbuffered) 3464 type http2pipe struct { 3465 mu sync.Mutex 3466 c sync.Cond // c.L lazily initialized to &p.mu 3467 b http2pipeBuffer // nil when done reading 3468 err error // read error once empty. non-nil means closed. 3469 breakErr error // immediate read error (caller doesn't see rest of b) 3470 donec chan struct{} // closed on error 3471 readFn func() // optional code to run in Read before error 3472 } 3473 3474 type http2pipeBuffer interface { 3475 Len() int 3476 io.Writer 3477 io.Reader 3478 } 3479 3480 func (p *http2pipe) Len() int { 3481 p.mu.Lock() 3482 defer p.mu.Unlock() 3483 if p.b == nil { 3484 return 0 3485 } 3486 return p.b.Len() 3487 } 3488 3489 // Read waits until data is available and copies bytes 3490 // from the buffer into p. 3491 func (p *http2pipe) Read(d []byte) (n int, err error) { 3492 p.mu.Lock() 3493 defer p.mu.Unlock() 3494 if p.c.L == nil { 3495 p.c.L = &p.mu 3496 } 3497 for { 3498 if p.breakErr != nil { 3499 return 0, p.breakErr 3500 } 3501 if p.b != nil && p.b.Len() > 0 { 3502 return p.b.Read(d) 3503 } 3504 if p.err != nil { 3505 if p.readFn != nil { 3506 p.readFn() // e.g. copy trailers 3507 p.readFn = nil // not sticky like p.err 3508 } 3509 p.b = nil 3510 return 0, p.err 3511 } 3512 p.c.Wait() 3513 } 3514 } 3515 3516 var http2errClosedPipeWrite = errors.New("write on closed buffer") 3517 3518 // Write copies bytes from p into the buffer and wakes a reader. 3519 // It is an error to write more data than the buffer can hold. 3520 func (p *http2pipe) Write(d []byte) (n int, err error) { 3521 p.mu.Lock() 3522 defer p.mu.Unlock() 3523 if p.c.L == nil { 3524 p.c.L = &p.mu 3525 } 3526 defer p.c.Signal() 3527 if p.err != nil { 3528 return 0, http2errClosedPipeWrite 3529 } 3530 if p.breakErr != nil { 3531 return len(d), nil // discard when there is no reader 3532 } 3533 return p.b.Write(d) 3534 } 3535 3536 // CloseWithError causes the next Read (waking up a current blocked 3537 // Read if needed) to return the provided err after all data has been 3538 // read. 3539 // 3540 // The error must be non-nil. 3541 func (p *http2pipe) CloseWithError(err error) { p.closeWithError(&p.err, err, nil) } 3542 3543 // BreakWithError causes the next Read (waking up a current blocked 3544 // Read if needed) to return the provided err immediately, without 3545 // waiting for unread data. 3546 func (p *http2pipe) BreakWithError(err error) { p.closeWithError(&p.breakErr, err, nil) } 3547 3548 // closeWithErrorAndCode is like CloseWithError but also sets some code to run 3549 // in the caller's goroutine before returning the error. 3550 func (p *http2pipe) closeWithErrorAndCode(err error, fn func()) { p.closeWithError(&p.err, err, fn) } 3551 3552 func (p *http2pipe) closeWithError(dst *error, err error, fn func()) { 3553 if err == nil { 3554 panic("err must be non-nil") 3555 } 3556 p.mu.Lock() 3557 defer p.mu.Unlock() 3558 if p.c.L == nil { 3559 p.c.L = &p.mu 3560 } 3561 defer p.c.Signal() 3562 if *dst != nil { 3563 // Already been done. 3564 return 3565 } 3566 p.readFn = fn 3567 if dst == &p.breakErr { 3568 p.b = nil 3569 } 3570 *dst = err 3571 p.closeDoneLocked() 3572 } 3573 3574 // requires p.mu be held. 3575 func (p *http2pipe) closeDoneLocked() { 3576 if p.donec == nil { 3577 return 3578 } 3579 // Close if unclosed. This isn't racy since we always 3580 // hold p.mu while closing. 3581 select { 3582 case <-p.donec: 3583 default: 3584 close(p.donec) 3585 } 3586 } 3587 3588 // Err returns the error (if any) first set by BreakWithError or CloseWithError. 3589 func (p *http2pipe) Err() error { 3590 p.mu.Lock() 3591 defer p.mu.Unlock() 3592 if p.breakErr != nil { 3593 return p.breakErr 3594 } 3595 return p.err 3596 } 3597 3598 // Done returns a channel which is closed if and when this pipe is closed 3599 // with CloseWithError. 3600 func (p *http2pipe) Done() <-chan struct{} { 3601 p.mu.Lock() 3602 defer p.mu.Unlock() 3603 if p.donec == nil { 3604 p.donec = make(chan struct{}) 3605 if p.err != nil || p.breakErr != nil { 3606 // Already hit an error. 3607 p.closeDoneLocked() 3608 } 3609 } 3610 return p.donec 3611 } 3612 3613 const ( 3614 http2prefaceTimeout = 10 * time.Second 3615 http2firstSettingsTimeout = 2 * time.Second // should be in-flight with preface anyway 3616 http2handlerChunkWriteSize = 4 << 10 3617 http2defaultMaxStreams = 250 // TODO: make this 100 as the GFE seems to? 3618 http2maxQueuedControlFrames = 10000 3619 ) 3620 3621 var ( 3622 http2errClientDisconnected = errors.New("client disconnected") 3623 http2errClosedBody = errors.New("body closed by handler") 3624 http2errHandlerComplete = errors.New("http2: request body closed due to handler exiting") 3625 http2errStreamClosed = errors.New("http2: stream closed") 3626 ) 3627 3628 var http2responseWriterStatePool = sync.Pool{ 3629 New: func() interface{} { 3630 rws := &http2responseWriterState{} 3631 rws.bw = bufio.NewWriterSize(http2chunkWriter{rws}, http2handlerChunkWriteSize) 3632 return rws 3633 }, 3634 } 3635 3636 // Test hooks. 3637 var ( 3638 http2testHookOnConn func() 3639 http2testHookGetServerConn func(*http2serverConn) 3640 http2testHookOnPanicMu *sync.Mutex // nil except in tests 3641 http2testHookOnPanic func(sc *http2serverConn, panicVal interface{}) (rePanic bool) 3642 ) 3643 3644 // Server is an HTTP/2 server. 3645 type http2Server struct { 3646 // MaxHandlers limits the number of http.Handler ServeHTTP goroutines 3647 // which may run at a time over all connections. 3648 // Negative or zero no limit. 3649 // TODO: implement 3650 MaxHandlers int 3651 3652 // MaxConcurrentStreams optionally specifies the number of 3653 // concurrent streams that each client may have open at a 3654 // time. This is unrelated to the number of http.Handler goroutines 3655 // which may be active globally, which is MaxHandlers. 3656 // If zero, MaxConcurrentStreams defaults to at least 100, per 3657 // the HTTP/2 spec's recommendations. 3658 MaxConcurrentStreams uint32 3659 3660 // MaxReadFrameSize optionally specifies the largest frame 3661 // this server is willing to read. A valid value is between 3662 // 16k and 16M, inclusive. If zero or otherwise invalid, a 3663 // default value is used. 3664 MaxReadFrameSize uint32 3665 3666 // PermitProhibitedCipherSuites, if true, permits the use of 3667 // cipher suites prohibited by the HTTP/2 spec. 3668 PermitProhibitedCipherSuites bool 3669 3670 // IdleTimeout specifies how long until idle clients should be 3671 // closed with a GOAWAY frame. PING frames are not considered 3672 // activity for the purposes of IdleTimeout. 3673 IdleTimeout time.Duration 3674 3675 // MaxUploadBufferPerConnection is the size of the initial flow 3676 // control window for each connections. The HTTP/2 spec does not 3677 // allow this to be smaller than 65535 or larger than 2^32-1. 3678 // If the value is outside this range, a default value will be 3679 // used instead. 3680 MaxUploadBufferPerConnection int32 3681 3682 // MaxUploadBufferPerStream is the size of the initial flow control 3683 // window for each stream. The HTTP/2 spec does not allow this to 3684 // be larger than 2^32-1. If the value is zero or larger than the 3685 // maximum, a default value will be used instead. 3686 MaxUploadBufferPerStream int32 3687 3688 // NewWriteScheduler constructs a write scheduler for a connection. 3689 // If nil, a default scheduler is chosen. 3690 NewWriteScheduler func() http2WriteScheduler 3691 3692 // Internal state. This is a pointer (rather than embedded directly) 3693 // so that we don't embed a Mutex in this struct, which will make the 3694 // struct non-copyable, which might break some callers. 3695 state *http2serverInternalState 3696 } 3697 3698 func (s *http2Server) initialConnRecvWindowSize() int32 { 3699 if s.MaxUploadBufferPerConnection > http2initialWindowSize { 3700 return s.MaxUploadBufferPerConnection 3701 } 3702 return 1 << 20 3703 } 3704 3705 func (s *http2Server) initialStreamRecvWindowSize() int32 { 3706 if s.MaxUploadBufferPerStream > 0 { 3707 return s.MaxUploadBufferPerStream 3708 } 3709 return 1 << 20 3710 } 3711 3712 func (s *http2Server) maxReadFrameSize() uint32 { 3713 if v := s.MaxReadFrameSize; v >= http2minMaxFrameSize && v <= http2maxFrameSize { 3714 return v 3715 } 3716 return http2defaultMaxReadFrameSize 3717 } 3718 3719 func (s *http2Server) maxConcurrentStreams() uint32 { 3720 if v := s.MaxConcurrentStreams; v > 0 { 3721 return v 3722 } 3723 return http2defaultMaxStreams 3724 } 3725 3726 // maxQueuedControlFrames is the maximum number of control frames like 3727 // SETTINGS, PING and RST_STREAM that will be queued for writing before 3728 // the connection is closed to prevent memory exhaustion attacks. 3729 func (s *http2Server) maxQueuedControlFrames() int { 3730 // TODO: if anybody asks, add a Server field, and remember to define the 3731 // behavior of negative values. 3732 return http2maxQueuedControlFrames 3733 } 3734 3735 type http2serverInternalState struct { 3736 mu sync.Mutex 3737 activeConns map[*http2serverConn]struct{} 3738 } 3739 3740 func (s *http2serverInternalState) registerConn(sc *http2serverConn) { 3741 if s == nil { 3742 return // if the Server was used without calling ConfigureServer 3743 } 3744 s.mu.Lock() 3745 s.activeConns[sc] = struct{}{} 3746 s.mu.Unlock() 3747 } 3748 3749 func (s *http2serverInternalState) unregisterConn(sc *http2serverConn) { 3750 if s == nil { 3751 return // if the Server was used without calling ConfigureServer 3752 } 3753 s.mu.Lock() 3754 delete(s.activeConns, sc) 3755 s.mu.Unlock() 3756 } 3757 3758 func (s *http2serverInternalState) startGracefulShutdown() { 3759 if s == nil { 3760 return // if the Server was used without calling ConfigureServer 3761 } 3762 s.mu.Lock() 3763 for sc := range s.activeConns { 3764 sc.startGracefulShutdown() 3765 } 3766 s.mu.Unlock() 3767 } 3768 3769 // ConfigureServer adds HTTP/2 support to a net/http Server. 3770 // 3771 // The configuration conf may be nil. 3772 // 3773 // ConfigureServer must be called before s begins serving. 3774 func http2ConfigureServer(s *Server, conf *http2Server) error { 3775 if s == nil { 3776 panic("nil *http.Server") 3777 } 3778 if conf == nil { 3779 conf = new(http2Server) 3780 } 3781 conf.state = &http2serverInternalState{activeConns: make(map[*http2serverConn]struct{})} 3782 if h1, h2 := s, conf; h2.IdleTimeout == 0 { 3783 if h1.IdleTimeout != 0 { 3784 h2.IdleTimeout = h1.IdleTimeout 3785 } else { 3786 h2.IdleTimeout = h1.ReadTimeout 3787 } 3788 } 3789 s.RegisterOnShutdown(conf.state.startGracefulShutdown) 3790 3791 if s.TLSConfig == nil { 3792 s.TLSConfig = new(tls.Config) 3793 } else if s.TLSConfig.CipherSuites != nil { 3794 // If they already provided a CipherSuite list, return 3795 // an error if it has a bad order or is missing 3796 // ECDHE_RSA_WITH_AES_128_GCM_SHA256 or ECDHE_ECDSA_WITH_AES_128_GCM_SHA256. 3797 haveRequired := false 3798 sawBad := false 3799 for i, cs := range s.TLSConfig.CipherSuites { 3800 switch cs { 3801 case tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 3802 // Alternative MTI cipher to not discourage ECDSA-only servers. 3803 // See http://golang.org/cl/30721 for further information. 3804 tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: 3805 haveRequired = true 3806 } 3807 if http2isBadCipher(cs) { 3808 sawBad = true 3809 } else if sawBad { 3810 return fmt.Errorf("http2: TLSConfig.CipherSuites index %d contains an HTTP/2-approved cipher suite (%#04x), but it comes after unapproved cipher suites. With this configuration, clients that don't support previous, approved cipher suites may be given an unapproved one and reject the connection.", i, cs) 3811 } 3812 } 3813 if !haveRequired { 3814 return fmt.Errorf("http2: TLSConfig.CipherSuites is missing an HTTP/2-required AES_128_GCM_SHA256 cipher.") 3815 } 3816 } 3817 3818 // Note: not setting MinVersion to tls.VersionTLS12, 3819 // as we don't want to interfere with HTTP/1.1 traffic 3820 // on the user's server. We enforce TLS 1.2 later once 3821 // we accept a connection. Ideally this should be done 3822 // during next-proto selection, but using TLS <1.2 with 3823 // HTTP/2 is still the client's bug. 3824 3825 s.TLSConfig.PreferServerCipherSuites = true 3826 3827 haveNPN := false 3828 for _, p := range s.TLSConfig.NextProtos { 3829 if p == http2NextProtoTLS { 3830 haveNPN = true 3831 break 3832 } 3833 } 3834 if !haveNPN { 3835 s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, http2NextProtoTLS) 3836 } 3837 3838 if s.TLSNextProto == nil { 3839 s.TLSNextProto = map[string]func(*Server, *tls.Conn, Handler){} 3840 } 3841 protoHandler := func(hs *Server, c *tls.Conn, h Handler) { 3842 if http2testHookOnConn != nil { 3843 http2testHookOnConn() 3844 } 3845 // The TLSNextProto interface predates contexts, so 3846 // the net/http package passes down its per-connection 3847 // base context via an exported but unadvertised 3848 // method on the Handler. This is for internal 3849 // net/http<=>http2 use only. 3850 var ctx context.Context 3851 type baseContexter interface { 3852 BaseContext() context.Context 3853 } 3854 if bc, ok := h.(baseContexter); ok { 3855 ctx = bc.BaseContext() 3856 } 3857 conf.ServeConn(c, &http2ServeConnOpts{ 3858 Context: ctx, 3859 Handler: h, 3860 BaseConfig: hs, 3861 }) 3862 } 3863 s.TLSNextProto[http2NextProtoTLS] = protoHandler 3864 return nil 3865 } 3866 3867 // ServeConnOpts are options for the Server.ServeConn method. 3868 type http2ServeConnOpts struct { 3869 // Context is the base context to use. 3870 // If nil, context.Background is used. 3871 Context context.Context 3872 3873 // BaseConfig optionally sets the base configuration 3874 // for values. If nil, defaults are used. 3875 BaseConfig *Server 3876 3877 // Handler specifies which handler to use for processing 3878 // requests. If nil, BaseConfig.Handler is used. If BaseConfig 3879 // or BaseConfig.Handler is nil, http.DefaultServeMux is used. 3880 Handler Handler 3881 } 3882 3883 func (o *http2ServeConnOpts) context() context.Context { 3884 if o.Context != nil { 3885 return o.Context 3886 } 3887 return context.Background() 3888 } 3889 3890 func (o *http2ServeConnOpts) baseConfig() *Server { 3891 if o != nil && o.BaseConfig != nil { 3892 return o.BaseConfig 3893 } 3894 return new(Server) 3895 } 3896 3897 func (o *http2ServeConnOpts) handler() Handler { 3898 if o != nil { 3899 if o.Handler != nil { 3900 return o.Handler 3901 } 3902 if o.BaseConfig != nil && o.BaseConfig.Handler != nil { 3903 return o.BaseConfig.Handler 3904 } 3905 } 3906 return DefaultServeMux 3907 } 3908 3909 // ServeConn serves HTTP/2 requests on the provided connection and 3910 // blocks until the connection is no longer readable. 3911 // 3912 // ServeConn starts speaking HTTP/2 assuming that c has not had any 3913 // reads or writes. It writes its initial settings frame and expects 3914 // to be able to read the preface and settings frame from the 3915 // client. If c has a ConnectionState method like a *tls.Conn, the 3916 // ConnectionState is used to verify the TLS ciphersuite and to set 3917 // the Request.TLS field in Handlers. 3918 // 3919 // ServeConn does not support h2c by itself. Any h2c support must be 3920 // implemented in terms of providing a suitably-behaving net.Conn. 3921 // 3922 // The opts parameter is optional. If nil, default values are used. 3923 func (s *http2Server) ServeConn(c net.Conn, opts *http2ServeConnOpts) { 3924 baseCtx, cancel := http2serverConnBaseContext(c, opts) 3925 defer cancel() 3926 3927 sc := &http2serverConn{ 3928 srv: s, 3929 hs: opts.baseConfig(), 3930 conn: c, 3931 baseCtx: baseCtx, 3932 remoteAddrStr: c.RemoteAddr().String(), 3933 bw: http2newBufferedWriter(c), 3934 handler: opts.handler(), 3935 streams: make(map[uint32]*http2stream), 3936 readFrameCh: make(chan http2readFrameResult), 3937 wantWriteFrameCh: make(chan http2FrameWriteRequest, 8), 3938 serveMsgCh: make(chan interface{}, 8), 3939 wroteFrameCh: make(chan http2frameWriteResult, 1), // buffered; one send in writeFrameAsync 3940 bodyReadCh: make(chan http2bodyReadMsg), // buffering doesn't matter either way 3941 doneServing: make(chan struct{}), 3942 clientMaxStreams: math.MaxUint32, // Section 6.5.2: "Initially, there is no limit to this value" 3943 advMaxStreams: s.maxConcurrentStreams(), 3944 initialStreamSendWindowSize: http2initialWindowSize, 3945 maxFrameSize: http2initialMaxFrameSize, 3946 headerTableSize: http2initialHeaderTableSize, 3947 serveG: http2newGoroutineLock(), 3948 pushEnabled: true, 3949 } 3950 3951 s.state.registerConn(sc) 3952 defer s.state.unregisterConn(sc) 3953 3954 // The net/http package sets the write deadline from the 3955 // http.Server.WriteTimeout during the TLS handshake, but then 3956 // passes the connection off to us with the deadline already set. 3957 // Write deadlines are set per stream in serverConn.newStream. 3958 // Disarm the net.Conn write deadline here. 3959 if sc.hs.WriteTimeout != 0 { 3960 sc.conn.SetWriteDeadline(time.Time{}) 3961 } 3962 3963 if s.NewWriteScheduler != nil { 3964 sc.writeSched = s.NewWriteScheduler() 3965 } else { 3966 sc.writeSched = http2NewRandomWriteScheduler() 3967 } 3968 3969 // These start at the RFC-specified defaults. If there is a higher 3970 // configured value for inflow, that will be updated when we send a 3971 // WINDOW_UPDATE shortly after sending SETTINGS. 3972 sc.flow.add(http2initialWindowSize) 3973 sc.inflow.add(http2initialWindowSize) 3974 sc.hpackEncoder = hpack.NewEncoder(&sc.headerWriteBuf) 3975 3976 fr := http2NewFramer(sc.bw, c) 3977 fr.ReadMetaHeaders = hpack.NewDecoder(http2initialHeaderTableSize, nil) 3978 fr.MaxHeaderListSize = sc.maxHeaderListSize() 3979 fr.SetMaxReadFrameSize(s.maxReadFrameSize()) 3980 sc.framer = fr 3981 3982 if tc, ok := c.(http2connectionStater); ok { 3983 sc.tlsState = new(tls.ConnectionState) 3984 *sc.tlsState = tc.ConnectionState() 3985 // 9.2 Use of TLS Features 3986 // An implementation of HTTP/2 over TLS MUST use TLS 3987 // 1.2 or higher with the restrictions on feature set 3988 // and cipher suite described in this section. Due to 3989 // implementation limitations, it might not be 3990 // possible to fail TLS negotiation. An endpoint MUST 3991 // immediately terminate an HTTP/2 connection that 3992 // does not meet the TLS requirements described in 3993 // this section with a connection error (Section 3994 // 5.4.1) of type INADEQUATE_SECURITY. 3995 if sc.tlsState.Version < tls.VersionTLS12 { 3996 sc.rejectConn(http2ErrCodeInadequateSecurity, "TLS version too low") 3997 return 3998 } 3999 4000 if sc.tlsState.ServerName == "" { 4001 // Client must use SNI, but we don't enforce that anymore, 4002 // since it was causing problems when connecting to bare IP 4003 // addresses during development. 4004 // 4005 // TODO: optionally enforce? Or enforce at the time we receive 4006 // a new request, and verify the ServerName matches the :authority? 4007 // But that precludes proxy situations, perhaps. 4008 // 4009 // So for now, do nothing here again. 4010 } 4011 4012 if !s.PermitProhibitedCipherSuites && http2isBadCipher(sc.tlsState.CipherSuite) { 4013 // "Endpoints MAY choose to generate a connection error 4014 // (Section 5.4.1) of type INADEQUATE_SECURITY if one of 4015 // the prohibited cipher suites are negotiated." 4016 // 4017 // We choose that. In my opinion, the spec is weak 4018 // here. It also says both parties must support at least 4019 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 so there's no 4020 // excuses here. If we really must, we could allow an 4021 // "AllowInsecureWeakCiphers" option on the server later. 4022 // Let's see how it plays out first. 4023 sc.rejectConn(http2ErrCodeInadequateSecurity, fmt.Sprintf("Prohibited TLS 1.2 Cipher Suite: %x", sc.tlsState.CipherSuite)) 4024 return 4025 } 4026 } 4027 4028 if hook := http2testHookGetServerConn; hook != nil { 4029 hook(sc) 4030 } 4031 sc.serve() 4032 } 4033 4034 func http2serverConnBaseContext(c net.Conn, opts *http2ServeConnOpts) (ctx context.Context, cancel func()) { 4035 ctx, cancel = context.WithCancel(opts.context()) 4036 ctx = context.WithValue(ctx, LocalAddrContextKey, c.LocalAddr()) 4037 if hs := opts.baseConfig(); hs != nil { 4038 ctx = context.WithValue(ctx, ServerContextKey, hs) 4039 } 4040 return 4041 } 4042 4043 func (sc *http2serverConn) rejectConn(err http2ErrCode, debug string) { 4044 sc.vlogf("http2: server rejecting conn: %v, %s", err, debug) 4045 // ignoring errors. hanging up anyway. 4046 sc.framer.WriteGoAway(0, err, []byte(debug)) 4047 sc.bw.Flush() 4048 sc.conn.Close() 4049 } 4050 4051 type http2serverConn struct { 4052 // Immutable: 4053 srv *http2Server 4054 hs *Server 4055 conn net.Conn 4056 bw *http2bufferedWriter // writing to conn 4057 handler Handler 4058 baseCtx context.Context 4059 framer *http2Framer 4060 doneServing chan struct{} // closed when serverConn.serve ends 4061 readFrameCh chan http2readFrameResult // written by serverConn.readFrames 4062 wantWriteFrameCh chan http2FrameWriteRequest // from handlers -> serve 4063 wroteFrameCh chan http2frameWriteResult // from writeFrameAsync -> serve, tickles more frame writes 4064 bodyReadCh chan http2bodyReadMsg // from handlers -> serve 4065 serveMsgCh chan interface{} // misc messages & code to send to / run on the serve loop 4066 flow http2flow // conn-wide (not stream-specific) outbound flow control 4067 inflow http2flow // conn-wide inbound flow control 4068 tlsState *tls.ConnectionState // shared by all handlers, like net/http 4069 remoteAddrStr string 4070 writeSched http2WriteScheduler 4071 4072 // Everything following is owned by the serve loop; use serveG.check(): 4073 serveG http2goroutineLock // used to verify funcs are on serve() 4074 pushEnabled bool 4075 sawFirstSettings bool // got the initial SETTINGS frame after the preface 4076 needToSendSettingsAck bool 4077 unackedSettings int // how many SETTINGS have we sent without ACKs? 4078 queuedControlFrames int // control frames in the writeSched queue 4079 clientMaxStreams uint32 // SETTINGS_MAX_CONCURRENT_STREAMS from client (our PUSH_PROMISE limit) 4080 advMaxStreams uint32 // our SETTINGS_MAX_CONCURRENT_STREAMS advertised the client 4081 curClientStreams uint32 // number of open streams initiated by the client 4082 curPushedStreams uint32 // number of open streams initiated by server push 4083 maxClientStreamID uint32 // max ever seen from client (odd), or 0 if there have been no client requests 4084 maxPushPromiseID uint32 // ID of the last push promise (even), or 0 if there have been no pushes 4085 streams map[uint32]*http2stream 4086 initialStreamSendWindowSize int32 4087 maxFrameSize int32 4088 headerTableSize uint32 4089 peerMaxHeaderListSize uint32 // zero means unknown (default) 4090 canonHeader map[string]string // http2-lower-case -> Go-Canonical-Case 4091 writingFrame bool // started writing a frame (on serve goroutine or separate) 4092 writingFrameAsync bool // started a frame on its own goroutine but haven't heard back on wroteFrameCh 4093 needsFrameFlush bool // last frame write wasn't a flush 4094 inGoAway bool // we've started to or sent GOAWAY 4095 inFrameScheduleLoop bool // whether we're in the scheduleFrameWrite loop 4096 needToSendGoAway bool // we need to schedule a GOAWAY frame write 4097 goAwayCode http2ErrCode 4098 shutdownTimer *time.Timer // nil until used 4099 idleTimer *time.Timer // nil if unused 4100 4101 // Owned by the writeFrameAsync goroutine: 4102 headerWriteBuf bytes.Buffer 4103 hpackEncoder *hpack.Encoder 4104 4105 // Used by startGracefulShutdown. 4106 shutdownOnce sync.Once 4107 } 4108 4109 func (sc *http2serverConn) maxHeaderListSize() uint32 { 4110 n := sc.hs.MaxHeaderBytes 4111 if n <= 0 { 4112 n = DefaultMaxHeaderBytes 4113 } 4114 // http2's count is in a slightly different unit and includes 32 bytes per pair. 4115 // So, take the net/http.Server value and pad it up a bit, assuming 10 headers. 4116 const perFieldOverhead = 32 // per http2 spec 4117 const typicalHeaders = 10 // conservative 4118 return uint32(n + typicalHeaders*perFieldOverhead) 4119 } 4120 4121 func (sc *http2serverConn) curOpenStreams() uint32 { 4122 sc.serveG.check() 4123 return sc.curClientStreams + sc.curPushedStreams 4124 } 4125 4126 // stream represents a stream. This is the minimal metadata needed by 4127 // the serve goroutine. Most of the actual stream state is owned by 4128 // the http.Handler's goroutine in the responseWriter. Because the 4129 // responseWriter's responseWriterState is recycled at the end of a 4130 // handler, this struct intentionally has no pointer to the 4131 // *responseWriter{,State} itself, as the Handler ending nils out the 4132 // responseWriter's state field. 4133 type http2stream struct { 4134 // immutable: 4135 sc *http2serverConn 4136 id uint32 4137 body *http2pipe // non-nil if expecting DATA frames 4138 cw http2closeWaiter // closed wait stream transitions to closed state 4139 ctx context.Context 4140 cancelCtx func() 4141 4142 // owned by serverConn's serve loop: 4143 bodyBytes int64 // body bytes seen so far 4144 declBodyBytes int64 // or -1 if undeclared 4145 flow http2flow // limits writing from Handler to client 4146 inflow http2flow // what the client is allowed to POST/etc to us 4147 parent *http2stream // or nil 4148 numTrailerValues int64 4149 weight uint8 4150 state http2streamState 4151 resetQueued bool // RST_STREAM queued for write; set by sc.resetStream 4152 gotTrailerHeader bool // HEADER frame for trailers was seen 4153 wroteHeaders bool // whether we wrote headers (not status 100) 4154 writeDeadline *time.Timer // nil if unused 4155 4156 trailer Header // accumulated trailers 4157 reqTrailer Header // handler's Request.Trailer 4158 } 4159 4160 func (sc *http2serverConn) Framer() *http2Framer { return sc.framer } 4161 4162 func (sc *http2serverConn) CloseConn() error { return sc.conn.Close() } 4163 4164 func (sc *http2serverConn) Flush() error { return sc.bw.Flush() } 4165 4166 func (sc *http2serverConn) HeaderEncoder() (*hpack.Encoder, *bytes.Buffer) { 4167 return sc.hpackEncoder, &sc.headerWriteBuf 4168 } 4169 4170 func (sc *http2serverConn) state(streamID uint32) (http2streamState, *http2stream) { 4171 sc.serveG.check() 4172 // http://tools.ietf.org/html/rfc7540#section-5.1 4173 if st, ok := sc.streams[streamID]; ok { 4174 return st.state, st 4175 } 4176 // "The first use of a new stream identifier implicitly closes all 4177 // streams in the "idle" state that might have been initiated by 4178 // that peer with a lower-valued stream identifier. For example, if 4179 // a client sends a HEADERS frame on stream 7 without ever sending a 4180 // frame on stream 5, then stream 5 transitions to the "closed" 4181 // state when the first frame for stream 7 is sent or received." 4182 if streamID%2 == 1 { 4183 if streamID <= sc.maxClientStreamID { 4184 return http2stateClosed, nil 4185 } 4186 } else { 4187 if streamID <= sc.maxPushPromiseID { 4188 return http2stateClosed, nil 4189 } 4190 } 4191 return http2stateIdle, nil 4192 } 4193 4194 // setConnState calls the net/http ConnState hook for this connection, if configured. 4195 // Note that the net/http package does StateNew and StateClosed for us. 4196 // There is currently no plan for StateHijacked or hijacking HTTP/2 connections. 4197 func (sc *http2serverConn) setConnState(state ConnState) { 4198 if sc.hs.ConnState != nil { 4199 sc.hs.ConnState(sc.conn, state) 4200 } 4201 } 4202 4203 func (sc *http2serverConn) vlogf(format string, args ...interface{}) { 4204 if http2VerboseLogs { 4205 sc.logf(format, args...) 4206 } 4207 } 4208 4209 func (sc *http2serverConn) logf(format string, args ...interface{}) { 4210 if lg := sc.hs.ErrorLog; lg != nil { 4211 lg.Printf(format, args...) 4212 } else { 4213 log.Printf(format, args...) 4214 } 4215 } 4216 4217 // errno returns v's underlying uintptr, else 0. 4218 // 4219 // TODO: remove this helper function once http2 can use build 4220 // tags. See comment in isClosedConnError. 4221 func http2errno(v error) uintptr { 4222 if rv := reflect.ValueOf(v); rv.Kind() == reflect.Uintptr { 4223 return uintptr(rv.Uint()) 4224 } 4225 return 0 4226 } 4227 4228 // isClosedConnError reports whether err is an error from use of a closed 4229 // network connection. 4230 func http2isClosedConnError(err error) bool { 4231 if err == nil { 4232 return false 4233 } 4234 4235 // TODO: remove this string search and be more like the Windows 4236 // case below. That might involve modifying the standard library 4237 // to return better error types. 4238 str := err.Error() 4239 if strings.Contains(str, "use of closed network connection") { 4240 return true 4241 } 4242 4243 // TODO(bradfitz): x/tools/cmd/bundle doesn't really support 4244 // build tags, so I can't make an http2_windows.go file with 4245 // Windows-specific stuff. Fix that and move this, once we 4246 // have a way to bundle this into std's net/http somehow. 4247 if runtime.GOOS == "windows" { 4248 if oe, ok := err.(*net.OpError); ok && oe.Op == "read" { 4249 if se, ok := oe.Err.(*os.SyscallError); ok && se.Syscall == "wsarecv" { 4250 const WSAECONNABORTED = 10053 4251 const WSAECONNRESET = 10054 4252 if n := http2errno(se.Err); n == WSAECONNRESET || n == WSAECONNABORTED { 4253 return true 4254 } 4255 } 4256 } 4257 } 4258 return false 4259 } 4260 4261 func (sc *http2serverConn) condlogf(err error, format string, args ...interface{}) { 4262 if err == nil { 4263 return 4264 } 4265 if err == io.EOF || err == io.ErrUnexpectedEOF || http2isClosedConnError(err) || err == http2errPrefaceTimeout { 4266 // Boring, expected errors. 4267 sc.vlogf(format, args...) 4268 } else { 4269 sc.logf(format, args...) 4270 } 4271 } 4272 4273 func (sc *http2serverConn) canonicalHeader(v string) string { 4274 sc.serveG.check() 4275 http2buildCommonHeaderMapsOnce() 4276 cv, ok := http2commonCanonHeader[v] 4277 if ok { 4278 return cv 4279 } 4280 cv, ok = sc.canonHeader[v] 4281 if ok { 4282 return cv 4283 } 4284 if sc.canonHeader == nil { 4285 sc.canonHeader = make(map[string]string) 4286 } 4287 cv = CanonicalHeaderKey(v) 4288 sc.canonHeader[v] = cv 4289 return cv 4290 } 4291 4292 type http2readFrameResult struct { 4293 f http2Frame // valid until readMore is called 4294 err error 4295 4296 // readMore should be called once the consumer no longer needs or 4297 // retains f. After readMore, f is invalid and more frames can be 4298 // read. 4299 readMore func() 4300 } 4301 4302 // readFrames is the loop that reads incoming frames. 4303 // It takes care to only read one frame at a time, blocking until the 4304 // consumer is done with the frame. 4305 // It's run on its own goroutine. 4306 func (sc *http2serverConn) readFrames() { 4307 gate := make(http2gate) 4308 gateDone := gate.Done 4309 for { 4310 f, err := sc.framer.ReadFrame() 4311 select { 4312 case sc.readFrameCh <- http2readFrameResult{f, err, gateDone}: 4313 case <-sc.doneServing: 4314 return 4315 } 4316 select { 4317 case <-gate: 4318 case <-sc.doneServing: 4319 return 4320 } 4321 if http2terminalReadFrameError(err) { 4322 return 4323 } 4324 } 4325 } 4326 4327 // frameWriteResult is the message passed from writeFrameAsync to the serve goroutine. 4328 type http2frameWriteResult struct { 4329 wr http2FrameWriteRequest // what was written (or attempted) 4330 err error // result of the writeFrame call 4331 } 4332 4333 // writeFrameAsync runs in its own goroutine and writes a single frame 4334 // and then reports when it's done. 4335 // At most one goroutine can be running writeFrameAsync at a time per 4336 // serverConn. 4337 func (sc *http2serverConn) writeFrameAsync(wr http2FrameWriteRequest) { 4338 err := wr.write.writeFrame(sc) 4339 sc.wroteFrameCh <- http2frameWriteResult{wr, err} 4340 } 4341 4342 func (sc *http2serverConn) closeAllStreamsOnConnClose() { 4343 sc.serveG.check() 4344 for _, st := range sc.streams { 4345 sc.closeStream(st, http2errClientDisconnected) 4346 } 4347 } 4348 4349 func (sc *http2serverConn) stopShutdownTimer() { 4350 sc.serveG.check() 4351 if t := sc.shutdownTimer; t != nil { 4352 t.Stop() 4353 } 4354 } 4355 4356 func (sc *http2serverConn) notePanic() { 4357 // Note: this is for serverConn.serve panicking, not http.Handler code. 4358 if http2testHookOnPanicMu != nil { 4359 http2testHookOnPanicMu.Lock() 4360 defer http2testHookOnPanicMu.Unlock() 4361 } 4362 if http2testHookOnPanic != nil { 4363 if e := recover(); e != nil { 4364 if http2testHookOnPanic(sc, e) { 4365 panic(e) 4366 } 4367 } 4368 } 4369 } 4370 4371 func (sc *http2serverConn) serve() { 4372 sc.serveG.check() 4373 defer sc.notePanic() 4374 defer sc.conn.Close() 4375 defer sc.closeAllStreamsOnConnClose() 4376 defer sc.stopShutdownTimer() 4377 defer close(sc.doneServing) // unblocks handlers trying to send 4378 4379 if http2VerboseLogs { 4380 sc.vlogf("http2: server connection from %v on %p", sc.conn.RemoteAddr(), sc.hs) 4381 } 4382 4383 sc.writeFrame(http2FrameWriteRequest{ 4384 write: http2writeSettings{ 4385 {http2SettingMaxFrameSize, sc.srv.maxReadFrameSize()}, 4386 {http2SettingMaxConcurrentStreams, sc.advMaxStreams}, 4387 {http2SettingMaxHeaderListSize, sc.maxHeaderListSize()}, 4388 {http2SettingInitialWindowSize, uint32(sc.srv.initialStreamRecvWindowSize())}, 4389 }, 4390 }) 4391 sc.unackedSettings++ 4392 4393 // Each connection starts with intialWindowSize inflow tokens. 4394 // If a higher value is configured, we add more tokens. 4395 if diff := sc.srv.initialConnRecvWindowSize() - http2initialWindowSize; diff > 0 { 4396 sc.sendWindowUpdate(nil, int(diff)) 4397 } 4398 4399 if err := sc.readPreface(); err != nil { 4400 sc.condlogf(err, "http2: server: error reading preface from client %v: %v", sc.conn.RemoteAddr(), err) 4401 return 4402 } 4403 // Now that we've got the preface, get us out of the 4404 // "StateNew" state. We can't go directly to idle, though. 4405 // Active means we read some data and anticipate a request. We'll 4406 // do another Active when we get a HEADERS frame. 4407 sc.setConnState(StateActive) 4408 sc.setConnState(StateIdle) 4409 4410 if sc.srv.IdleTimeout != 0 { 4411 sc.idleTimer = time.AfterFunc(sc.srv.IdleTimeout, sc.onIdleTimer) 4412 defer sc.idleTimer.Stop() 4413 } 4414 4415 go sc.readFrames() // closed by defer sc.conn.Close above 4416 4417 settingsTimer := time.AfterFunc(http2firstSettingsTimeout, sc.onSettingsTimer) 4418 defer settingsTimer.Stop() 4419 4420 loopNum := 0 4421 for { 4422 loopNum++ 4423 select { 4424 case wr := <-sc.wantWriteFrameCh: 4425 if se, ok := wr.write.(http2StreamError); ok { 4426 sc.resetStream(se) 4427 break 4428 } 4429 sc.writeFrame(wr) 4430 case res := <-sc.wroteFrameCh: 4431 sc.wroteFrame(res) 4432 case res := <-sc.readFrameCh: 4433 if !sc.processFrameFromReader(res) { 4434 return 4435 } 4436 res.readMore() 4437 if settingsTimer != nil { 4438 settingsTimer.Stop() 4439 settingsTimer = nil 4440 } 4441 case m := <-sc.bodyReadCh: 4442 sc.noteBodyRead(m.st, m.n) 4443 case msg := <-sc.serveMsgCh: 4444 switch v := msg.(type) { 4445 case func(int): 4446 v(loopNum) // for testing 4447 case *http2serverMessage: 4448 switch v { 4449 case http2settingsTimerMsg: 4450 sc.logf("timeout waiting for SETTINGS frames from %v", sc.conn.RemoteAddr()) 4451 return 4452 case http2idleTimerMsg: 4453 sc.vlogf("connection is idle") 4454 sc.goAway(http2ErrCodeNo) 4455 case http2shutdownTimerMsg: 4456 sc.vlogf("GOAWAY close timer fired; closing conn from %v", sc.conn.RemoteAddr()) 4457 return 4458 case http2gracefulShutdownMsg: 4459 sc.startGracefulShutdownInternal() 4460 default: 4461 panic("unknown timer") 4462 } 4463 case *http2startPushRequest: 4464 sc.startPush(v) 4465 default: 4466 panic(fmt.Sprintf("unexpected type %T", v)) 4467 } 4468 } 4469 4470 // If the peer is causing us to generate a lot of control frames, 4471 // but not reading them from us, assume they are trying to make us 4472 // run out of memory. 4473 if sc.queuedControlFrames > sc.srv.maxQueuedControlFrames() { 4474 sc.vlogf("http2: too many control frames in send queue, closing connection") 4475 return 4476 } 4477 4478 // Start the shutdown timer after sending a GOAWAY. When sending GOAWAY 4479 // with no error code (graceful shutdown), don't start the timer until 4480 // all open streams have been completed. 4481 sentGoAway := sc.inGoAway && !sc.needToSendGoAway && !sc.writingFrame 4482 gracefulShutdownComplete := sc.goAwayCode == http2ErrCodeNo && sc.curOpenStreams() == 0 4483 if sentGoAway && sc.shutdownTimer == nil && (sc.goAwayCode != http2ErrCodeNo || gracefulShutdownComplete) { 4484 sc.shutDownIn(http2goAwayTimeout) 4485 } 4486 } 4487 } 4488 4489 func (sc *http2serverConn) awaitGracefulShutdown(sharedCh <-chan struct{}, privateCh chan struct{}) { 4490 select { 4491 case <-sc.doneServing: 4492 case <-sharedCh: 4493 close(privateCh) 4494 } 4495 } 4496 4497 type http2serverMessage int 4498 4499 // Message values sent to serveMsgCh. 4500 var ( 4501 http2settingsTimerMsg = new(http2serverMessage) 4502 http2idleTimerMsg = new(http2serverMessage) 4503 http2shutdownTimerMsg = new(http2serverMessage) 4504 http2gracefulShutdownMsg = new(http2serverMessage) 4505 ) 4506 4507 func (sc *http2serverConn) onSettingsTimer() { sc.sendServeMsg(http2settingsTimerMsg) } 4508 4509 func (sc *http2serverConn) onIdleTimer() { sc.sendServeMsg(http2idleTimerMsg) } 4510 4511 func (sc *http2serverConn) onShutdownTimer() { sc.sendServeMsg(http2shutdownTimerMsg) } 4512 4513 func (sc *http2serverConn) sendServeMsg(msg interface{}) { 4514 sc.serveG.checkNotOn() // NOT 4515 select { 4516 case sc.serveMsgCh <- msg: 4517 case <-sc.doneServing: 4518 } 4519 } 4520 4521 var http2errPrefaceTimeout = errors.New("timeout waiting for client preface") 4522 4523 // readPreface reads the ClientPreface greeting from the peer or 4524 // returns errPrefaceTimeout on timeout, or an error if the greeting 4525 // is invalid. 4526 func (sc *http2serverConn) readPreface() error { 4527 errc := make(chan error, 1) 4528 go func() { 4529 // Read the client preface 4530 buf := make([]byte, len(http2ClientPreface)) 4531 if _, err := io.ReadFull(sc.conn, buf); err != nil { 4532 errc <- err 4533 } else if !bytes.Equal(buf, http2clientPreface) { 4534 errc <- fmt.Errorf("bogus greeting %q", buf) 4535 } else { 4536 errc <- nil 4537 } 4538 }() 4539 timer := time.NewTimer(http2prefaceTimeout) // TODO: configurable on *Server? 4540 defer timer.Stop() 4541 select { 4542 case <-timer.C: 4543 return http2errPrefaceTimeout 4544 case err := <-errc: 4545 if err == nil { 4546 if http2VerboseLogs { 4547 sc.vlogf("http2: server: client %v said hello", sc.conn.RemoteAddr()) 4548 } 4549 } 4550 return err 4551 } 4552 } 4553 4554 var http2errChanPool = sync.Pool{ 4555 New: func() interface{} { return make(chan error, 1) }, 4556 } 4557 4558 var http2writeDataPool = sync.Pool{ 4559 New: func() interface{} { return new(http2writeData) }, 4560 } 4561 4562 // writeDataFromHandler writes DATA response frames from a handler on 4563 // the given stream. 4564 func (sc *http2serverConn) writeDataFromHandler(stream *http2stream, data []byte, endStream bool) error { 4565 ch := http2errChanPool.Get().(chan error) 4566 writeArg := http2writeDataPool.Get().(*http2writeData) 4567 *writeArg = http2writeData{stream.id, data, endStream} 4568 err := sc.writeFrameFromHandler(http2FrameWriteRequest{ 4569 write: writeArg, 4570 stream: stream, 4571 done: ch, 4572 }) 4573 if err != nil { 4574 return err 4575 } 4576 var frameWriteDone bool // the frame write is done (successfully or not) 4577 select { 4578 case err = <-ch: 4579 frameWriteDone = true 4580 case <-sc.doneServing: 4581 return http2errClientDisconnected 4582 case <-stream.cw: 4583 // If both ch and stream.cw were ready (as might 4584 // happen on the final Write after an http.Handler 4585 // ends), prefer the write result. Otherwise this 4586 // might just be us successfully closing the stream. 4587 // The writeFrameAsync and serve goroutines guarantee 4588 // that the ch send will happen before the stream.cw 4589 // close. 4590 select { 4591 case err = <-ch: 4592 frameWriteDone = true 4593 default: 4594 return http2errStreamClosed 4595 } 4596 } 4597 http2errChanPool.Put(ch) 4598 if frameWriteDone { 4599 http2writeDataPool.Put(writeArg) 4600 } 4601 return err 4602 } 4603 4604 // writeFrameFromHandler sends wr to sc.wantWriteFrameCh, but aborts 4605 // if the connection has gone away. 4606 // 4607 // This must not be run from the serve goroutine itself, else it might 4608 // deadlock writing to sc.wantWriteFrameCh (which is only mildly 4609 // buffered and is read by serve itself). If you're on the serve 4610 // goroutine, call writeFrame instead. 4611 func (sc *http2serverConn) writeFrameFromHandler(wr http2FrameWriteRequest) error { 4612 sc.serveG.checkNotOn() // NOT 4613 select { 4614 case sc.wantWriteFrameCh <- wr: 4615 return nil 4616 case <-sc.doneServing: 4617 // Serve loop is gone. 4618 // Client has closed their connection to the server. 4619 return http2errClientDisconnected 4620 } 4621 } 4622 4623 // writeFrame schedules a frame to write and sends it if there's nothing 4624 // already being written. 4625 // 4626 // There is no pushback here (the serve goroutine never blocks). It's 4627 // the http.Handlers that block, waiting for their previous frames to 4628 // make it onto the wire 4629 // 4630 // If you're not on the serve goroutine, use writeFrameFromHandler instead. 4631 func (sc *http2serverConn) writeFrame(wr http2FrameWriteRequest) { 4632 sc.serveG.check() 4633 4634 // If true, wr will not be written and wr.done will not be signaled. 4635 var ignoreWrite bool 4636 4637 // We are not allowed to write frames on closed streams. RFC 7540 Section 4638 // 5.1.1 says: "An endpoint MUST NOT send frames other than PRIORITY on 4639 // a closed stream." Our server never sends PRIORITY, so that exception 4640 // does not apply. 4641 // 4642 // The serverConn might close an open stream while the stream's handler 4643 // is still running. For example, the server might close a stream when it 4644 // receives bad data from the client. If this happens, the handler might 4645 // attempt to write a frame after the stream has been closed (since the 4646 // handler hasn't yet been notified of the close). In this case, we simply 4647 // ignore the frame. The handler will notice that the stream is closed when 4648 // it waits for the frame to be written. 4649 // 4650 // As an exception to this rule, we allow sending RST_STREAM after close. 4651 // This allows us to immediately reject new streams without tracking any 4652 // state for those streams (except for the queued RST_STREAM frame). This 4653 // may result in duplicate RST_STREAMs in some cases, but the client should 4654 // ignore those. 4655 if wr.StreamID() != 0 { 4656 _, isReset := wr.write.(http2StreamError) 4657 if state, _ := sc.state(wr.StreamID()); state == http2stateClosed && !isReset { 4658 ignoreWrite = true 4659 } 4660 } 4661 4662 // Don't send a 100-continue response if we've already sent headers. 4663 // See golang.org/issue/14030. 4664 switch wr.write.(type) { 4665 case *http2writeResHeaders: 4666 wr.stream.wroteHeaders = true 4667 case http2write100ContinueHeadersFrame: 4668 if wr.stream.wroteHeaders { 4669 // We do not need to notify wr.done because this frame is 4670 // never written with wr.done != nil. 4671 if wr.done != nil { 4672 panic("wr.done != nil for write100ContinueHeadersFrame") 4673 } 4674 ignoreWrite = true 4675 } 4676 } 4677 4678 if !ignoreWrite { 4679 if wr.isControl() { 4680 sc.queuedControlFrames++ 4681 // For extra safety, detect wraparounds, which should not happen, 4682 // and pull the plug. 4683 if sc.queuedControlFrames < 0 { 4684 sc.conn.Close() 4685 } 4686 } 4687 sc.writeSched.Push(wr) 4688 } 4689 sc.scheduleFrameWrite() 4690 } 4691 4692 // startFrameWrite starts a goroutine to write wr (in a separate 4693 // goroutine since that might block on the network), and updates the 4694 // serve goroutine's state about the world, updated from info in wr. 4695 func (sc *http2serverConn) startFrameWrite(wr http2FrameWriteRequest) { 4696 sc.serveG.check() 4697 if sc.writingFrame { 4698 panic("internal error: can only be writing one frame at a time") 4699 } 4700 4701 st := wr.stream 4702 if st != nil { 4703 switch st.state { 4704 case http2stateHalfClosedLocal: 4705 switch wr.write.(type) { 4706 case http2StreamError, http2handlerPanicRST, http2writeWindowUpdate: 4707 // RFC 7540 Section 5.1 allows sending RST_STREAM, PRIORITY, and WINDOW_UPDATE 4708 // in this state. (We never send PRIORITY from the server, so that is not checked.) 4709 default: 4710 panic(fmt.Sprintf("internal error: attempt to send frame on a half-closed-local stream: %v", wr)) 4711 } 4712 case http2stateClosed: 4713 panic(fmt.Sprintf("internal error: attempt to send frame on a closed stream: %v", wr)) 4714 } 4715 } 4716 if wpp, ok := wr.write.(*http2writePushPromise); ok { 4717 var err error 4718 wpp.promisedID, err = wpp.allocatePromisedID() 4719 if err != nil { 4720 sc.writingFrameAsync = false 4721 wr.replyToWriter(err) 4722 return 4723 } 4724 } 4725 4726 sc.writingFrame = true 4727 sc.needsFrameFlush = true 4728 if wr.write.staysWithinBuffer(sc.bw.Available()) { 4729 sc.writingFrameAsync = false 4730 err := wr.write.writeFrame(sc) 4731 sc.wroteFrame(http2frameWriteResult{wr, err}) 4732 } else { 4733 sc.writingFrameAsync = true 4734 go sc.writeFrameAsync(wr) 4735 } 4736 } 4737 4738 // errHandlerPanicked is the error given to any callers blocked in a read from 4739 // Request.Body when the main goroutine panics. Since most handlers read in the 4740 // main ServeHTTP goroutine, this will show up rarely. 4741 var http2errHandlerPanicked = errors.New("http2: handler panicked") 4742 4743 // wroteFrame is called on the serve goroutine with the result of 4744 // whatever happened on writeFrameAsync. 4745 func (sc *http2serverConn) wroteFrame(res http2frameWriteResult) { 4746 sc.serveG.check() 4747 if !sc.writingFrame { 4748 panic("internal error: expected to be already writing a frame") 4749 } 4750 sc.writingFrame = false 4751 sc.writingFrameAsync = false 4752 4753 wr := res.wr 4754 4755 if http2writeEndsStream(wr.write) { 4756 st := wr.stream 4757 if st == nil { 4758 panic("internal error: expecting non-nil stream") 4759 } 4760 switch st.state { 4761 case http2stateOpen: 4762 // Here we would go to stateHalfClosedLocal in 4763 // theory, but since our handler is done and 4764 // the net/http package provides no mechanism 4765 // for closing a ResponseWriter while still 4766 // reading data (see possible TODO at top of 4767 // this file), we go into closed state here 4768 // anyway, after telling the peer we're 4769 // hanging up on them. We'll transition to 4770 // stateClosed after the RST_STREAM frame is 4771 // written. 4772 st.state = http2stateHalfClosedLocal 4773 // Section 8.1: a server MAY request that the client abort 4774 // transmission of a request without error by sending a 4775 // RST_STREAM with an error code of NO_ERROR after sending 4776 // a complete response. 4777 sc.resetStream(http2streamError(st.id, http2ErrCodeNo)) 4778 case http2stateHalfClosedRemote: 4779 sc.closeStream(st, http2errHandlerComplete) 4780 } 4781 } else { 4782 switch v := wr.write.(type) { 4783 case http2StreamError: 4784 // st may be unknown if the RST_STREAM was generated to reject bad input. 4785 if st, ok := sc.streams[v.StreamID]; ok { 4786 sc.closeStream(st, v) 4787 } 4788 case http2handlerPanicRST: 4789 sc.closeStream(wr.stream, http2errHandlerPanicked) 4790 } 4791 } 4792 4793 // Reply (if requested) to unblock the ServeHTTP goroutine. 4794 wr.replyToWriter(res.err) 4795 4796 sc.scheduleFrameWrite() 4797 } 4798 4799 // scheduleFrameWrite tickles the frame writing scheduler. 4800 // 4801 // If a frame is already being written, nothing happens. This will be called again 4802 // when the frame is done being written. 4803 // 4804 // If a frame isn't being written and we need to send one, the best frame 4805 // to send is selected by writeSched. 4806 // 4807 // If a frame isn't being written and there's nothing else to send, we 4808 // flush the write buffer. 4809 func (sc *http2serverConn) scheduleFrameWrite() { 4810 sc.serveG.check() 4811 if sc.writingFrame || sc.inFrameScheduleLoop { 4812 return 4813 } 4814 sc.inFrameScheduleLoop = true 4815 for !sc.writingFrameAsync { 4816 if sc.needToSendGoAway { 4817 sc.needToSendGoAway = false 4818 sc.startFrameWrite(http2FrameWriteRequest{ 4819 write: &http2writeGoAway{ 4820 maxStreamID: sc.maxClientStreamID, 4821 code: sc.goAwayCode, 4822 }, 4823 }) 4824 continue 4825 } 4826 if sc.needToSendSettingsAck { 4827 sc.needToSendSettingsAck = false 4828 sc.startFrameWrite(http2FrameWriteRequest{write: http2writeSettingsAck{}}) 4829 continue 4830 } 4831 if !sc.inGoAway || sc.goAwayCode == http2ErrCodeNo { 4832 if wr, ok := sc.writeSched.Pop(); ok { 4833 if wr.isControl() { 4834 sc.queuedControlFrames-- 4835 } 4836 sc.startFrameWrite(wr) 4837 continue 4838 } 4839 } 4840 if sc.needsFrameFlush { 4841 sc.startFrameWrite(http2FrameWriteRequest{write: http2flushFrameWriter{}}) 4842 sc.needsFrameFlush = false // after startFrameWrite, since it sets this true 4843 continue 4844 } 4845 break 4846 } 4847 sc.inFrameScheduleLoop = false 4848 } 4849 4850 // startGracefulShutdown gracefully shuts down a connection. This 4851 // sends GOAWAY with ErrCodeNo to tell the client we're gracefully 4852 // shutting down. The connection isn't closed until all current 4853 // streams are done. 4854 // 4855 // startGracefulShutdown returns immediately; it does not wait until 4856 // the connection has shut down. 4857 func (sc *http2serverConn) startGracefulShutdown() { 4858 sc.serveG.checkNotOn() // NOT 4859 sc.shutdownOnce.Do(func() { sc.sendServeMsg(http2gracefulShutdownMsg) }) 4860 } 4861 4862 // After sending GOAWAY, the connection will close after goAwayTimeout. 4863 // If we close the connection immediately after sending GOAWAY, there may 4864 // be unsent data in our kernel receive buffer, which will cause the kernel 4865 // to send a TCP RST on close() instead of a FIN. This RST will abort the 4866 // connection immediately, whether or not the client had received the GOAWAY. 4867 // 4868 // Ideally we should delay for at least 1 RTT + epsilon so the client has 4869 // a chance to read the GOAWAY and stop sending messages. Measuring RTT 4870 // is hard, so we approximate with 1 second. See golang.org/issue/18701. 4871 // 4872 // This is a var so it can be shorter in tests, where all requests uses the 4873 // loopback interface making the expected RTT very small. 4874 // 4875 // TODO: configurable? 4876 var http2goAwayTimeout = 1 * time.Second 4877 4878 func (sc *http2serverConn) startGracefulShutdownInternal() { 4879 sc.goAway(http2ErrCodeNo) 4880 } 4881 4882 func (sc *http2serverConn) goAway(code http2ErrCode) { 4883 sc.serveG.check() 4884 if sc.inGoAway { 4885 return 4886 } 4887 sc.inGoAway = true 4888 sc.needToSendGoAway = true 4889 sc.goAwayCode = code 4890 sc.scheduleFrameWrite() 4891 } 4892 4893 func (sc *http2serverConn) shutDownIn(d time.Duration) { 4894 sc.serveG.check() 4895 sc.shutdownTimer = time.AfterFunc(d, sc.onShutdownTimer) 4896 } 4897 4898 func (sc *http2serverConn) resetStream(se http2StreamError) { 4899 sc.serveG.check() 4900 sc.writeFrame(http2FrameWriteRequest{write: se}) 4901 if st, ok := sc.streams[se.StreamID]; ok { 4902 st.resetQueued = true 4903 } 4904 } 4905 4906 // processFrameFromReader processes the serve loop's read from readFrameCh from the 4907 // frame-reading goroutine. 4908 // processFrameFromReader returns whether the connection should be kept open. 4909 func (sc *http2serverConn) processFrameFromReader(res http2readFrameResult) bool { 4910 sc.serveG.check() 4911 err := res.err 4912 if err != nil { 4913 if err == http2ErrFrameTooLarge { 4914 sc.goAway(http2ErrCodeFrameSize) 4915 return true // goAway will close the loop 4916 } 4917 clientGone := err == io.EOF || err == io.ErrUnexpectedEOF || http2isClosedConnError(err) 4918 if clientGone { 4919 // TODO: could we also get into this state if 4920 // the peer does a half close 4921 // (e.g. CloseWrite) because they're done 4922 // sending frames but they're still wanting 4923 // our open replies? Investigate. 4924 // TODO: add CloseWrite to crypto/tls.Conn first 4925 // so we have a way to test this? I suppose 4926 // just for testing we could have a non-TLS mode. 4927 return false 4928 } 4929 } else { 4930 f := res.f 4931 if http2VerboseLogs { 4932 sc.vlogf("http2: server read frame %v", http2summarizeFrame(f)) 4933 } 4934 err = sc.processFrame(f) 4935 if err == nil { 4936 return true 4937 } 4938 } 4939 4940 switch ev := err.(type) { 4941 case http2StreamError: 4942 sc.resetStream(ev) 4943 return true 4944 case http2goAwayFlowError: 4945 sc.goAway(http2ErrCodeFlowControl) 4946 return true 4947 case http2ConnectionError: 4948 sc.logf("http2: server connection error from %v: %v", sc.conn.RemoteAddr(), ev) 4949 sc.goAway(http2ErrCode(ev)) 4950 return true // goAway will handle shutdown 4951 default: 4952 if res.err != nil { 4953 sc.vlogf("http2: server closing client connection; error reading frame from client %s: %v", sc.conn.RemoteAddr(), err) 4954 } else { 4955 sc.logf("http2: server closing client connection: %v", err) 4956 } 4957 return false 4958 } 4959 } 4960 4961 func (sc *http2serverConn) processFrame(f http2Frame) error { 4962 sc.serveG.check() 4963 4964 // First frame received must be SETTINGS. 4965 if !sc.sawFirstSettings { 4966 if _, ok := f.(*http2SettingsFrame); !ok { 4967 return http2ConnectionError(http2ErrCodeProtocol) 4968 } 4969 sc.sawFirstSettings = true 4970 } 4971 4972 switch f := f.(type) { 4973 case *http2SettingsFrame: 4974 return sc.processSettings(f) 4975 case *http2MetaHeadersFrame: 4976 return sc.processHeaders(f) 4977 case *http2WindowUpdateFrame: 4978 return sc.processWindowUpdate(f) 4979 case *http2PingFrame: 4980 return sc.processPing(f) 4981 case *http2DataFrame: 4982 return sc.processData(f) 4983 case *http2RSTStreamFrame: 4984 return sc.processResetStream(f) 4985 case *http2PriorityFrame: 4986 return sc.processPriority(f) 4987 case *http2GoAwayFrame: 4988 return sc.processGoAway(f) 4989 case *http2PushPromiseFrame: 4990 // A client cannot push. Thus, servers MUST treat the receipt of a PUSH_PROMISE 4991 // frame as a connection error (Section 5.4.1) of type PROTOCOL_ERROR. 4992 return http2ConnectionError(http2ErrCodeProtocol) 4993 default: 4994 sc.vlogf("http2: server ignoring frame: %v", f.Header()) 4995 return nil 4996 } 4997 } 4998 4999 func (sc *http2serverConn) processPing(f *http2PingFrame) error { 5000 sc.serveG.check() 5001 if f.IsAck() { 5002 // 6.7 PING: " An endpoint MUST NOT respond to PING frames 5003 // containing this flag." 5004 return nil 5005 } 5006 if f.StreamID != 0 { 5007 // "PING frames are not associated with any individual 5008 // stream. If a PING frame is received with a stream 5009 // identifier field value other than 0x0, the recipient MUST 5010 // respond with a connection error (Section 5.4.1) of type 5011 // PROTOCOL_ERROR." 5012 return http2ConnectionError(http2ErrCodeProtocol) 5013 } 5014 if sc.inGoAway && sc.goAwayCode != http2ErrCodeNo { 5015 return nil 5016 } 5017 sc.writeFrame(http2FrameWriteRequest{write: http2writePingAck{f}}) 5018 return nil 5019 } 5020 5021 func (sc *http2serverConn) processWindowUpdate(f *http2WindowUpdateFrame) error { 5022 sc.serveG.check() 5023 switch { 5024 case f.StreamID != 0: // stream-level flow control 5025 state, st := sc.state(f.StreamID) 5026 if state == http2stateIdle { 5027 // Section 5.1: "Receiving any frame other than HEADERS 5028 // or PRIORITY on a stream in this state MUST be 5029 // treated as a connection error (Section 5.4.1) of 5030 // type PROTOCOL_ERROR." 5031 return http2ConnectionError(http2ErrCodeProtocol) 5032 } 5033 if st == nil { 5034 // "WINDOW_UPDATE can be sent by a peer that has sent a 5035 // frame bearing the END_STREAM flag. This means that a 5036 // receiver could receive a WINDOW_UPDATE frame on a "half 5037 // closed (remote)" or "closed" stream. A receiver MUST 5038 // NOT treat this as an error, see Section 5.1." 5039 return nil 5040 } 5041 if !st.flow.add(int32(f.Increment)) { 5042 return http2streamError(f.StreamID, http2ErrCodeFlowControl) 5043 } 5044 default: // connection-level flow control 5045 if !sc.flow.add(int32(f.Increment)) { 5046 return http2goAwayFlowError{} 5047 } 5048 } 5049 sc.scheduleFrameWrite() 5050 return nil 5051 } 5052 5053 func (sc *http2serverConn) processResetStream(f *http2RSTStreamFrame) error { 5054 sc.serveG.check() 5055 5056 state, st := sc.state(f.StreamID) 5057 if state == http2stateIdle { 5058 // 6.4 "RST_STREAM frames MUST NOT be sent for a 5059 // stream in the "idle" state. If a RST_STREAM frame 5060 // identifying an idle stream is received, the 5061 // recipient MUST treat this as a connection error 5062 // (Section 5.4.1) of type PROTOCOL_ERROR. 5063 return http2ConnectionError(http2ErrCodeProtocol) 5064 } 5065 if st != nil { 5066 st.cancelCtx() 5067 sc.closeStream(st, http2streamError(f.StreamID, f.ErrCode)) 5068 } 5069 return nil 5070 } 5071 5072 func (sc *http2serverConn) closeStream(st *http2stream, err error) { 5073 sc.serveG.check() 5074 if st.state == http2stateIdle || st.state == http2stateClosed { 5075 panic(fmt.Sprintf("invariant; can't close stream in state %v", st.state)) 5076 } 5077 st.state = http2stateClosed 5078 if st.writeDeadline != nil { 5079 st.writeDeadline.Stop() 5080 } 5081 if st.isPushed() { 5082 sc.curPushedStreams-- 5083 } else { 5084 sc.curClientStreams-- 5085 } 5086 delete(sc.streams, st.id) 5087 if len(sc.streams) == 0 { 5088 sc.setConnState(StateIdle) 5089 if sc.srv.IdleTimeout != 0 { 5090 sc.idleTimer.Reset(sc.srv.IdleTimeout) 5091 } 5092 if http2h1ServerKeepAlivesDisabled(sc.hs) { 5093 sc.startGracefulShutdownInternal() 5094 } 5095 } 5096 if p := st.body; p != nil { 5097 // Return any buffered unread bytes worth of conn-level flow control. 5098 // See golang.org/issue/16481 5099 sc.sendWindowUpdate(nil, p.Len()) 5100 5101 p.CloseWithError(err) 5102 } 5103 st.cw.Close() // signals Handler's CloseNotifier, unblocks writes, etc 5104 sc.writeSched.CloseStream(st.id) 5105 } 5106 5107 func (sc *http2serverConn) processSettings(f *http2SettingsFrame) error { 5108 sc.serveG.check() 5109 if f.IsAck() { 5110 sc.unackedSettings-- 5111 if sc.unackedSettings < 0 { 5112 // Why is the peer ACKing settings we never sent? 5113 // The spec doesn't mention this case, but 5114 // hang up on them anyway. 5115 return http2ConnectionError(http2ErrCodeProtocol) 5116 } 5117 return nil 5118 } 5119 if f.NumSettings() > 100 || f.HasDuplicates() { 5120 // This isn't actually in the spec, but hang up on 5121 // suspiciously large settings frames or those with 5122 // duplicate entries. 5123 return http2ConnectionError(http2ErrCodeProtocol) 5124 } 5125 if err := f.ForeachSetting(sc.processSetting); err != nil { 5126 return err 5127 } 5128 // TODO: judging by RFC 7540, Section 6.5.3 each SETTINGS frame should be 5129 // acknowledged individually, even if multiple are received before the ACK. 5130 sc.needToSendSettingsAck = true 5131 sc.scheduleFrameWrite() 5132 return nil 5133 } 5134 5135 func (sc *http2serverConn) processSetting(s http2Setting) error { 5136 sc.serveG.check() 5137 if err := s.Valid(); err != nil { 5138 return err 5139 } 5140 if http2VerboseLogs { 5141 sc.vlogf("http2: server processing setting %v", s) 5142 } 5143 switch s.ID { 5144 case http2SettingHeaderTableSize: 5145 sc.headerTableSize = s.Val 5146 sc.hpackEncoder.SetMaxDynamicTableSize(s.Val) 5147 case http2SettingEnablePush: 5148 sc.pushEnabled = s.Val != 0 5149 case http2SettingMaxConcurrentStreams: 5150 sc.clientMaxStreams = s.Val 5151 case http2SettingInitialWindowSize: 5152 return sc.processSettingInitialWindowSize(s.Val) 5153 case http2SettingMaxFrameSize: 5154 sc.maxFrameSize = int32(s.Val) // the maximum valid s.Val is < 2^31 5155 case http2SettingMaxHeaderListSize: 5156 sc.peerMaxHeaderListSize = s.Val 5157 default: 5158 // Unknown setting: "An endpoint that receives a SETTINGS 5159 // frame with any unknown or unsupported identifier MUST 5160 // ignore that setting." 5161 if http2VerboseLogs { 5162 sc.vlogf("http2: server ignoring unknown setting %v", s) 5163 } 5164 } 5165 return nil 5166 } 5167 5168 func (sc *http2serverConn) processSettingInitialWindowSize(val uint32) error { 5169 sc.serveG.check() 5170 // Note: val already validated to be within range by 5171 // processSetting's Valid call. 5172 5173 // "A SETTINGS frame can alter the initial flow control window 5174 // size for all current streams. When the value of 5175 // SETTINGS_INITIAL_WINDOW_SIZE changes, a receiver MUST 5176 // adjust the size of all stream flow control windows that it 5177 // maintains by the difference between the new value and the 5178 // old value." 5179 old := sc.initialStreamSendWindowSize 5180 sc.initialStreamSendWindowSize = int32(val) 5181 growth := int32(val) - old // may be negative 5182 for _, st := range sc.streams { 5183 if !st.flow.add(growth) { 5184 // 6.9.2 Initial Flow Control Window Size 5185 // "An endpoint MUST treat a change to 5186 // SETTINGS_INITIAL_WINDOW_SIZE that causes any flow 5187 // control window to exceed the maximum size as a 5188 // connection error (Section 5.4.1) of type 5189 // FLOW_CONTROL_ERROR." 5190 return http2ConnectionError(http2ErrCodeFlowControl) 5191 } 5192 } 5193 return nil 5194 } 5195 5196 func (sc *http2serverConn) processData(f *http2DataFrame) error { 5197 sc.serveG.check() 5198 if sc.inGoAway && sc.goAwayCode != http2ErrCodeNo { 5199 return nil 5200 } 5201 data := f.Data() 5202 5203 // "If a DATA frame is received whose stream is not in "open" 5204 // or "half closed (local)" state, the recipient MUST respond 5205 // with a stream error (Section 5.4.2) of type STREAM_CLOSED." 5206 id := f.Header().StreamID 5207 state, st := sc.state(id) 5208 if id == 0 || state == http2stateIdle { 5209 // Section 5.1: "Receiving any frame other than HEADERS 5210 // or PRIORITY on a stream in this state MUST be 5211 // treated as a connection error (Section 5.4.1) of 5212 // type PROTOCOL_ERROR." 5213 return http2ConnectionError(http2ErrCodeProtocol) 5214 } 5215 if st == nil || state != http2stateOpen || st.gotTrailerHeader || st.resetQueued { 5216 // This includes sending a RST_STREAM if the stream is 5217 // in stateHalfClosedLocal (which currently means that 5218 // the http.Handler returned, so it's done reading & 5219 // done writing). Try to stop the client from sending 5220 // more DATA. 5221 5222 // But still enforce their connection-level flow control, 5223 // and return any flow control bytes since we're not going 5224 // to consume them. 5225 if sc.inflow.available() < int32(f.Length) { 5226 return http2streamError(id, http2ErrCodeFlowControl) 5227 } 5228 // Deduct the flow control from inflow, since we're 5229 // going to immediately add it back in 5230 // sendWindowUpdate, which also schedules sending the 5231 // frames. 5232 sc.inflow.take(int32(f.Length)) 5233 sc.sendWindowUpdate(nil, int(f.Length)) // conn-level 5234 5235 if st != nil && st.resetQueued { 5236 // Already have a stream error in flight. Don't send another. 5237 return nil 5238 } 5239 return http2streamError(id, http2ErrCodeStreamClosed) 5240 } 5241 if st.body == nil { 5242 panic("internal error: should have a body in this state") 5243 } 5244 5245 // Sender sending more than they'd declared? 5246 if st.declBodyBytes != -1 && st.bodyBytes+int64(len(data)) > st.declBodyBytes { 5247 st.body.CloseWithError(fmt.Errorf("sender tried to send more than declared Content-Length of %d bytes", st.declBodyBytes)) 5248 // RFC 7540, sec 8.1.2.6: A request or response is also malformed if the 5249 // value of a content-length header field does not equal the sum of the 5250 // DATA frame payload lengths that form the body. 5251 return http2streamError(id, http2ErrCodeProtocol) 5252 } 5253 if f.Length > 0 { 5254 // Check whether the client has flow control quota. 5255 if st.inflow.available() < int32(f.Length) { 5256 return http2streamError(id, http2ErrCodeFlowControl) 5257 } 5258 st.inflow.take(int32(f.Length)) 5259 5260 if len(data) > 0 { 5261 wrote, err := st.body.Write(data) 5262 if err != nil { 5263 return http2streamError(id, http2ErrCodeStreamClosed) 5264 } 5265 if wrote != len(data) { 5266 panic("internal error: bad Writer") 5267 } 5268 st.bodyBytes += int64(len(data)) 5269 } 5270 5271 // Return any padded flow control now, since we won't 5272 // refund it later on body reads. 5273 if pad := int32(f.Length) - int32(len(data)); pad > 0 { 5274 sc.sendWindowUpdate32(nil, pad) 5275 sc.sendWindowUpdate32(st, pad) 5276 } 5277 } 5278 if f.StreamEnded() { 5279 st.endStream() 5280 } 5281 return nil 5282 } 5283 5284 func (sc *http2serverConn) processGoAway(f *http2GoAwayFrame) error { 5285 sc.serveG.check() 5286 if f.ErrCode != http2ErrCodeNo { 5287 sc.logf("http2: received GOAWAY %+v, starting graceful shutdown", f) 5288 } else { 5289 sc.vlogf("http2: received GOAWAY %+v, starting graceful shutdown", f) 5290 } 5291 sc.startGracefulShutdownInternal() 5292 // http://tools.ietf.org/html/rfc7540#section-6.8 5293 // We should not create any new streams, which means we should disable push. 5294 sc.pushEnabled = false 5295 return nil 5296 } 5297 5298 // isPushed reports whether the stream is server-initiated. 5299 func (st *http2stream) isPushed() bool { 5300 return st.id%2 == 0 5301 } 5302 5303 // endStream closes a Request.Body's pipe. It is called when a DATA 5304 // frame says a request body is over (or after trailers). 5305 func (st *http2stream) endStream() { 5306 sc := st.sc 5307 sc.serveG.check() 5308 5309 if st.declBodyBytes != -1 && st.declBodyBytes != st.bodyBytes { 5310 st.body.CloseWithError(fmt.Errorf("request declared a Content-Length of %d but only wrote %d bytes", 5311 st.declBodyBytes, st.bodyBytes)) 5312 } else { 5313 st.body.closeWithErrorAndCode(io.EOF, st.copyTrailersToHandlerRequest) 5314 st.body.CloseWithError(io.EOF) 5315 } 5316 st.state = http2stateHalfClosedRemote 5317 } 5318 5319 // copyTrailersToHandlerRequest is run in the Handler's goroutine in 5320 // its Request.Body.Read just before it gets io.EOF. 5321 func (st *http2stream) copyTrailersToHandlerRequest() { 5322 for k, vv := range st.trailer { 5323 if _, ok := st.reqTrailer[k]; ok { 5324 // Only copy it over it was pre-declared. 5325 st.reqTrailer[k] = vv 5326 } 5327 } 5328 } 5329 5330 // onWriteTimeout is run on its own goroutine (from time.AfterFunc) 5331 // when the stream's WriteTimeout has fired. 5332 func (st *http2stream) onWriteTimeout() { 5333 st.sc.writeFrameFromHandler(http2FrameWriteRequest{write: http2streamError(st.id, http2ErrCodeInternal)}) 5334 } 5335 5336 func (sc *http2serverConn) processHeaders(f *http2MetaHeadersFrame) error { 5337 sc.serveG.check() 5338 id := f.StreamID 5339 if sc.inGoAway { 5340 // Ignore. 5341 return nil 5342 } 5343 // http://tools.ietf.org/html/rfc7540#section-5.1.1 5344 // Streams initiated by a client MUST use odd-numbered stream 5345 // identifiers. [...] An endpoint that receives an unexpected 5346 // stream identifier MUST respond with a connection error 5347 // (Section 5.4.1) of type PROTOCOL_ERROR. 5348 if id%2 != 1 { 5349 return http2ConnectionError(http2ErrCodeProtocol) 5350 } 5351 // A HEADERS frame can be used to create a new stream or 5352 // send a trailer for an open one. If we already have a stream 5353 // open, let it process its own HEADERS frame (trailers at this 5354 // point, if it's valid). 5355 if st := sc.streams[f.StreamID]; st != nil { 5356 if st.resetQueued { 5357 // We're sending RST_STREAM to close the stream, so don't bother 5358 // processing this frame. 5359 return nil 5360 } 5361 // RFC 7540, sec 5.1: If an endpoint receives additional frames, other than 5362 // WINDOW_UPDATE, PRIORITY, or RST_STREAM, for a stream that is in 5363 // this state, it MUST respond with a stream error (Section 5.4.2) of 5364 // type STREAM_CLOSED. 5365 if st.state == http2stateHalfClosedRemote { 5366 return http2streamError(id, http2ErrCodeStreamClosed) 5367 } 5368 return st.processTrailerHeaders(f) 5369 } 5370 5371 // [...] The identifier of a newly established stream MUST be 5372 // numerically greater than all streams that the initiating 5373 // endpoint has opened or reserved. [...] An endpoint that 5374 // receives an unexpected stream identifier MUST respond with 5375 // a connection error (Section 5.4.1) of type PROTOCOL_ERROR. 5376 if id <= sc.maxClientStreamID { 5377 return http2ConnectionError(http2ErrCodeProtocol) 5378 } 5379 sc.maxClientStreamID = id 5380 5381 if sc.idleTimer != nil { 5382 sc.idleTimer.Stop() 5383 } 5384 5385 // http://tools.ietf.org/html/rfc7540#section-5.1.2 5386 // [...] Endpoints MUST NOT exceed the limit set by their peer. An 5387 // endpoint that receives a HEADERS frame that causes their 5388 // advertised concurrent stream limit to be exceeded MUST treat 5389 // this as a stream error (Section 5.4.2) of type PROTOCOL_ERROR 5390 // or REFUSED_STREAM. 5391 if sc.curClientStreams+1 > sc.advMaxStreams { 5392 if sc.unackedSettings == 0 { 5393 // They should know better. 5394 return http2streamError(id, http2ErrCodeProtocol) 5395 } 5396 // Assume it's a network race, where they just haven't 5397 // received our last SETTINGS update. But actually 5398 // this can't happen yet, because we don't yet provide 5399 // a way for users to adjust server parameters at 5400 // runtime. 5401 return http2streamError(id, http2ErrCodeRefusedStream) 5402 } 5403 5404 initialState := http2stateOpen 5405 if f.StreamEnded() { 5406 initialState = http2stateHalfClosedRemote 5407 } 5408 st := sc.newStream(id, 0, initialState) 5409 5410 if f.HasPriority() { 5411 if err := http2checkPriority(f.StreamID, f.Priority); err != nil { 5412 return err 5413 } 5414 sc.writeSched.AdjustStream(st.id, f.Priority) 5415 } 5416 5417 rw, req, err := sc.newWriterAndRequest(st, f) 5418 if err != nil { 5419 return err 5420 } 5421 st.reqTrailer = req.Trailer 5422 if st.reqTrailer != nil { 5423 st.trailer = make(Header) 5424 } 5425 st.body = req.Body.(*http2requestBody).pipe // may be nil 5426 st.declBodyBytes = req.ContentLength 5427 5428 handler := sc.handler.ServeHTTP 5429 if f.Truncated { 5430 // Their header list was too long. Send a 431 error. 5431 handler = http2handleHeaderListTooLong 5432 } else if err := http2checkValidHTTP2RequestHeaders(req.Header); err != nil { 5433 handler = http2new400Handler(err) 5434 } 5435 5436 // The net/http package sets the read deadline from the 5437 // http.Server.ReadTimeout during the TLS handshake, but then 5438 // passes the connection off to us with the deadline already 5439 // set. Disarm it here after the request headers are read, 5440 // similar to how the http1 server works. Here it's 5441 // technically more like the http1 Server's ReadHeaderTimeout 5442 // (in Go 1.8), though. That's a more sane option anyway. 5443 if sc.hs.ReadTimeout != 0 { 5444 sc.conn.SetReadDeadline(time.Time{}) 5445 } 5446 5447 go sc.runHandler(rw, req, handler) 5448 return nil 5449 } 5450 5451 func (st *http2stream) processTrailerHeaders(f *http2MetaHeadersFrame) error { 5452 sc := st.sc 5453 sc.serveG.check() 5454 if st.gotTrailerHeader { 5455 return http2ConnectionError(http2ErrCodeProtocol) 5456 } 5457 st.gotTrailerHeader = true 5458 if !f.StreamEnded() { 5459 return http2streamError(st.id, http2ErrCodeProtocol) 5460 } 5461 5462 if len(f.PseudoFields()) > 0 { 5463 return http2streamError(st.id, http2ErrCodeProtocol) 5464 } 5465 if st.trailer != nil { 5466 for _, hf := range f.RegularFields() { 5467 key := sc.canonicalHeader(hf.Name) 5468 if !httpguts.ValidTrailerHeader(key) { 5469 // TODO: send more details to the peer somehow. But http2 has 5470 // no way to send debug data at a stream level. Discuss with 5471 // HTTP folk. 5472 return http2streamError(st.id, http2ErrCodeProtocol) 5473 } 5474 st.trailer[key] = append(st.trailer[key], hf.Value) 5475 } 5476 } 5477 st.endStream() 5478 return nil 5479 } 5480 5481 func http2checkPriority(streamID uint32, p http2PriorityParam) error { 5482 if streamID == p.StreamDep { 5483 // Section 5.3.1: "A stream cannot depend on itself. An endpoint MUST treat 5484 // this as a stream error (Section 5.4.2) of type PROTOCOL_ERROR." 5485 // Section 5.3.3 says that a stream can depend on one of its dependencies, 5486 // so it's only self-dependencies that are forbidden. 5487 return http2streamError(streamID, http2ErrCodeProtocol) 5488 } 5489 return nil 5490 } 5491 5492 func (sc *http2serverConn) processPriority(f *http2PriorityFrame) error { 5493 if sc.inGoAway { 5494 return nil 5495 } 5496 if err := http2checkPriority(f.StreamID, f.http2PriorityParam); err != nil { 5497 return err 5498 } 5499 sc.writeSched.AdjustStream(f.StreamID, f.http2PriorityParam) 5500 return nil 5501 } 5502 5503 func (sc *http2serverConn) newStream(id, pusherID uint32, state http2streamState) *http2stream { 5504 sc.serveG.check() 5505 if id == 0 { 5506 panic("internal error: cannot create stream with id 0") 5507 } 5508 5509 ctx, cancelCtx := context.WithCancel(sc.baseCtx) 5510 st := &http2stream{ 5511 sc: sc, 5512 id: id, 5513 state: state, 5514 ctx: ctx, 5515 cancelCtx: cancelCtx, 5516 } 5517 st.cw.Init() 5518 st.flow.conn = &sc.flow // link to conn-level counter 5519 st.flow.add(sc.initialStreamSendWindowSize) 5520 st.inflow.conn = &sc.inflow // link to conn-level counter 5521 st.inflow.add(sc.srv.initialStreamRecvWindowSize()) 5522 if sc.hs.WriteTimeout != 0 { 5523 st.writeDeadline = time.AfterFunc(sc.hs.WriteTimeout, st.onWriteTimeout) 5524 } 5525 5526 sc.streams[id] = st 5527 sc.writeSched.OpenStream(st.id, http2OpenStreamOptions{PusherID: pusherID}) 5528 if st.isPushed() { 5529 sc.curPushedStreams++ 5530 } else { 5531 sc.curClientStreams++ 5532 } 5533 if sc.curOpenStreams() == 1 { 5534 sc.setConnState(StateActive) 5535 } 5536 5537 return st 5538 } 5539 5540 func (sc *http2serverConn) newWriterAndRequest(st *http2stream, f *http2MetaHeadersFrame) (*http2responseWriter, *Request, error) { 5541 sc.serveG.check() 5542 5543 rp := http2requestParam{ 5544 method: f.PseudoValue("method"), 5545 scheme: f.PseudoValue("scheme"), 5546 authority: f.PseudoValue("authority"), 5547 path: f.PseudoValue("path"), 5548 } 5549 5550 isConnect := rp.method == "CONNECT" 5551 if isConnect { 5552 if rp.path != "" || rp.scheme != "" || rp.authority == "" { 5553 return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol) 5554 } 5555 } else if rp.method == "" || rp.path == "" || (rp.scheme != "https" && rp.scheme != "http") { 5556 // See 8.1.2.6 Malformed Requests and Responses: 5557 // 5558 // Malformed requests or responses that are detected 5559 // MUST be treated as a stream error (Section 5.4.2) 5560 // of type PROTOCOL_ERROR." 5561 // 5562 // 8.1.2.3 Request Pseudo-Header Fields 5563 // "All HTTP/2 requests MUST include exactly one valid 5564 // value for the :method, :scheme, and :path 5565 // pseudo-header fields" 5566 return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol) 5567 } 5568 5569 bodyOpen := !f.StreamEnded() 5570 if rp.method == "HEAD" && bodyOpen { 5571 // HEAD requests can't have bodies 5572 return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol) 5573 } 5574 5575 rp.header = make(Header) 5576 for _, hf := range f.RegularFields() { 5577 rp.header.Add(sc.canonicalHeader(hf.Name), hf.Value) 5578 } 5579 if rp.authority == "" { 5580 rp.authority = rp.header.Get("Host") 5581 } 5582 5583 rw, req, err := sc.newWriterAndRequestNoBody(st, rp) 5584 if err != nil { 5585 return nil, nil, err 5586 } 5587 if bodyOpen { 5588 if vv, ok := rp.header["Content-Length"]; ok { 5589 req.ContentLength, _ = strconv.ParseInt(vv[0], 10, 64) 5590 } else { 5591 req.ContentLength = -1 5592 } 5593 req.Body.(*http2requestBody).pipe = &http2pipe{ 5594 b: &http2dataBuffer{expected: req.ContentLength}, 5595 } 5596 } 5597 return rw, req, nil 5598 } 5599 5600 type http2requestParam struct { 5601 method string 5602 scheme, authority, path string 5603 header Header 5604 } 5605 5606 func (sc *http2serverConn) newWriterAndRequestNoBody(st *http2stream, rp http2requestParam) (*http2responseWriter, *Request, error) { 5607 sc.serveG.check() 5608 5609 var tlsState *tls.ConnectionState // nil if not scheme https 5610 if rp.scheme == "https" { 5611 tlsState = sc.tlsState 5612 } 5613 5614 needsContinue := rp.header.Get("Expect") == "100-continue" 5615 if needsContinue { 5616 rp.header.Del("Expect") 5617 } 5618 // Merge Cookie headers into one "; "-delimited value. 5619 if cookies := rp.header["Cookie"]; len(cookies) > 1 { 5620 rp.header.Set("Cookie", strings.Join(cookies, "; ")) 5621 } 5622 5623 // Setup Trailers 5624 var trailer Header 5625 for _, v := range rp.header["Trailer"] { 5626 for _, key := range strings.Split(v, ",") { 5627 key = CanonicalHeaderKey(strings.TrimSpace(key)) 5628 switch key { 5629 case "Transfer-Encoding", "Trailer", "Content-Length": 5630 // Bogus. (copy of http1 rules) 5631 // Ignore. 5632 default: 5633 if trailer == nil { 5634 trailer = make(Header) 5635 } 5636 trailer[key] = nil 5637 } 5638 } 5639 } 5640 delete(rp.header, "Trailer") 5641 5642 var url_ *url.URL 5643 var requestURI string 5644 if rp.method == "CONNECT" { 5645 url_ = &url.URL{Host: rp.authority} 5646 requestURI = rp.authority // mimic HTTP/1 server behavior 5647 } else { 5648 var err error 5649 url_, err = url.ParseRequestURI(rp.path) 5650 if err != nil { 5651 return nil, nil, http2streamError(st.id, http2ErrCodeProtocol) 5652 } 5653 requestURI = rp.path 5654 } 5655 5656 body := &http2requestBody{ 5657 conn: sc, 5658 stream: st, 5659 needsContinue: needsContinue, 5660 } 5661 req := &Request{ 5662 Method: rp.method, 5663 URL: url_, 5664 RemoteAddr: sc.remoteAddrStr, 5665 Header: rp.header, 5666 RequestURI: requestURI, 5667 Proto: "HTTP/2.0", 5668 ProtoMajor: 2, 5669 ProtoMinor: 0, 5670 TLS: tlsState, 5671 Host: rp.authority, 5672 Body: body, 5673 Trailer: trailer, 5674 } 5675 req = req.WithContext(st.ctx) 5676 5677 rws := http2responseWriterStatePool.Get().(*http2responseWriterState) 5678 bwSave := rws.bw 5679 *rws = http2responseWriterState{} // zero all the fields 5680 rws.conn = sc 5681 rws.bw = bwSave 5682 rws.bw.Reset(http2chunkWriter{rws}) 5683 rws.stream = st 5684 rws.req = req 5685 rws.body = body 5686 5687 rw := &http2responseWriter{rws: rws} 5688 return rw, req, nil 5689 } 5690 5691 // Run on its own goroutine. 5692 func (sc *http2serverConn) runHandler(rw *http2responseWriter, req *Request, handler func(ResponseWriter, *Request)) { 5693 didPanic := true 5694 defer func() { 5695 rw.rws.stream.cancelCtx() 5696 if didPanic { 5697 e := recover() 5698 sc.writeFrameFromHandler(http2FrameWriteRequest{ 5699 write: http2handlerPanicRST{rw.rws.stream.id}, 5700 stream: rw.rws.stream, 5701 }) 5702 // Same as net/http: 5703 if e != nil && e != ErrAbortHandler { 5704 const size = 64 << 10 5705 buf := make([]byte, size) 5706 buf = buf[:runtime.Stack(buf, false)] 5707 sc.logf("http2: panic serving %v: %v\n%s", sc.conn.RemoteAddr(), e, buf) 5708 } 5709 return 5710 } 5711 rw.handlerDone() 5712 }() 5713 handler(rw, req) 5714 didPanic = false 5715 } 5716 5717 func http2handleHeaderListTooLong(w ResponseWriter, r *Request) { 5718 // 10.5.1 Limits on Header Block Size: 5719 // .. "A server that receives a larger header block than it is 5720 // willing to handle can send an HTTP 431 (Request Header Fields Too 5721 // Large) status code" 5722 const statusRequestHeaderFieldsTooLarge = 431 // only in Go 1.6+ 5723 w.WriteHeader(statusRequestHeaderFieldsTooLarge) 5724 io.WriteString(w, "<h1>HTTP Error 431</h1><p>Request Header Field(s) Too Large</p>") 5725 } 5726 5727 // called from handler goroutines. 5728 // h may be nil. 5729 func (sc *http2serverConn) writeHeaders(st *http2stream, headerData *http2writeResHeaders) error { 5730 sc.serveG.checkNotOn() // NOT on 5731 var errc chan error 5732 if headerData.h != nil { 5733 // If there's a header map (which we don't own), so we have to block on 5734 // waiting for this frame to be written, so an http.Flush mid-handler 5735 // writes out the correct value of keys, before a handler later potentially 5736 // mutates it. 5737 errc = http2errChanPool.Get().(chan error) 5738 } 5739 if err := sc.writeFrameFromHandler(http2FrameWriteRequest{ 5740 write: headerData, 5741 stream: st, 5742 done: errc, 5743 }); err != nil { 5744 return err 5745 } 5746 if errc != nil { 5747 select { 5748 case err := <-errc: 5749 http2errChanPool.Put(errc) 5750 return err 5751 case <-sc.doneServing: 5752 return http2errClientDisconnected 5753 case <-st.cw: 5754 return http2errStreamClosed 5755 } 5756 } 5757 return nil 5758 } 5759 5760 // called from handler goroutines. 5761 func (sc *http2serverConn) write100ContinueHeaders(st *http2stream) { 5762 sc.writeFrameFromHandler(http2FrameWriteRequest{ 5763 write: http2write100ContinueHeadersFrame{st.id}, 5764 stream: st, 5765 }) 5766 } 5767 5768 // A bodyReadMsg tells the server loop that the http.Handler read n 5769 // bytes of the DATA from the client on the given stream. 5770 type http2bodyReadMsg struct { 5771 st *http2stream 5772 n int 5773 } 5774 5775 // called from handler goroutines. 5776 // Notes that the handler for the given stream ID read n bytes of its body 5777 // and schedules flow control tokens to be sent. 5778 func (sc *http2serverConn) noteBodyReadFromHandler(st *http2stream, n int, err error) { 5779 sc.serveG.checkNotOn() // NOT on 5780 if n > 0 { 5781 select { 5782 case sc.bodyReadCh <- http2bodyReadMsg{st, n}: 5783 case <-sc.doneServing: 5784 } 5785 } 5786 } 5787 5788 func (sc *http2serverConn) noteBodyRead(st *http2stream, n int) { 5789 sc.serveG.check() 5790 sc.sendWindowUpdate(nil, n) // conn-level 5791 if st.state != http2stateHalfClosedRemote && st.state != http2stateClosed { 5792 // Don't send this WINDOW_UPDATE if the stream is closed 5793 // remotely. 5794 sc.sendWindowUpdate(st, n) 5795 } 5796 } 5797 5798 // st may be nil for conn-level 5799 func (sc *http2serverConn) sendWindowUpdate(st *http2stream, n int) { 5800 sc.serveG.check() 5801 // "The legal range for the increment to the flow control 5802 // window is 1 to 2^31-1 (2,147,483,647) octets." 5803 // A Go Read call on 64-bit machines could in theory read 5804 // a larger Read than this. Very unlikely, but we handle it here 5805 // rather than elsewhere for now. 5806 const maxUint31 = 1<<31 - 1 5807 for n >= maxUint31 { 5808 sc.sendWindowUpdate32(st, maxUint31) 5809 n -= maxUint31 5810 } 5811 sc.sendWindowUpdate32(st, int32(n)) 5812 } 5813 5814 // st may be nil for conn-level 5815 func (sc *http2serverConn) sendWindowUpdate32(st *http2stream, n int32) { 5816 sc.serveG.check() 5817 if n == 0 { 5818 return 5819 } 5820 if n < 0 { 5821 panic("negative update") 5822 } 5823 var streamID uint32 5824 if st != nil { 5825 streamID = st.id 5826 } 5827 sc.writeFrame(http2FrameWriteRequest{ 5828 write: http2writeWindowUpdate{streamID: streamID, n: uint32(n)}, 5829 stream: st, 5830 }) 5831 var ok bool 5832 if st == nil { 5833 ok = sc.inflow.add(n) 5834 } else { 5835 ok = st.inflow.add(n) 5836 } 5837 if !ok { 5838 panic("internal error; sent too many window updates without decrements?") 5839 } 5840 } 5841 5842 // requestBody is the Handler's Request.Body type. 5843 // Read and Close may be called concurrently. 5844 type http2requestBody struct { 5845 stream *http2stream 5846 conn *http2serverConn 5847 closed bool // for use by Close only 5848 sawEOF bool // for use by Read only 5849 pipe *http2pipe // non-nil if we have a HTTP entity message body 5850 needsContinue bool // need to send a 100-continue 5851 } 5852 5853 func (b *http2requestBody) Close() error { 5854 if b.pipe != nil && !b.closed { 5855 b.pipe.BreakWithError(http2errClosedBody) 5856 } 5857 b.closed = true 5858 return nil 5859 } 5860 5861 func (b *http2requestBody) Read(p []byte) (n int, err error) { 5862 if b.needsContinue { 5863 b.needsContinue = false 5864 b.conn.write100ContinueHeaders(b.stream) 5865 } 5866 if b.pipe == nil || b.sawEOF { 5867 return 0, io.EOF 5868 } 5869 n, err = b.pipe.Read(p) 5870 if err == io.EOF { 5871 b.sawEOF = true 5872 } 5873 if b.conn == nil && http2inTests { 5874 return 5875 } 5876 b.conn.noteBodyReadFromHandler(b.stream, n, err) 5877 return 5878 } 5879 5880 // responseWriter is the http.ResponseWriter implementation. It's 5881 // intentionally small (1 pointer wide) to minimize garbage. The 5882 // responseWriterState pointer inside is zeroed at the end of a 5883 // request (in handlerDone) and calls on the responseWriter thereafter 5884 // simply crash (caller's mistake), but the much larger responseWriterState 5885 // and buffers are reused between multiple requests. 5886 type http2responseWriter struct { 5887 rws *http2responseWriterState 5888 } 5889 5890 // Optional http.ResponseWriter interfaces implemented. 5891 var ( 5892 _ CloseNotifier = (*http2responseWriter)(nil) 5893 _ Flusher = (*http2responseWriter)(nil) 5894 _ http2stringWriter = (*http2responseWriter)(nil) 5895 ) 5896 5897 type http2responseWriterState struct { 5898 // immutable within a request: 5899 stream *http2stream 5900 req *Request 5901 body *http2requestBody // to close at end of request, if DATA frames didn't 5902 conn *http2serverConn 5903 5904 // TODO: adjust buffer writing sizes based on server config, frame size updates from peer, etc 5905 bw *bufio.Writer // writing to a chunkWriter{this *responseWriterState} 5906 5907 // mutated by http.Handler goroutine: 5908 handlerHeader Header // nil until called 5909 snapHeader Header // snapshot of handlerHeader at WriteHeader time 5910 trailers []string // set in writeChunk 5911 status int // status code passed to WriteHeader 5912 wroteHeader bool // WriteHeader called (explicitly or implicitly). Not necessarily sent to user yet. 5913 sentHeader bool // have we sent the header frame? 5914 handlerDone bool // handler has finished 5915 dirty bool // a Write failed; don't reuse this responseWriterState 5916 5917 sentContentLen int64 // non-zero if handler set a Content-Length header 5918 wroteBytes int64 5919 5920 closeNotifierMu sync.Mutex // guards closeNotifierCh 5921 closeNotifierCh chan bool // nil until first used 5922 } 5923 5924 type http2chunkWriter struct{ rws *http2responseWriterState } 5925 5926 func (cw http2chunkWriter) Write(p []byte) (n int, err error) { return cw.rws.writeChunk(p) } 5927 5928 func (rws *http2responseWriterState) hasTrailers() bool { return len(rws.trailers) > 0 } 5929 5930 func (rws *http2responseWriterState) hasNonemptyTrailers() bool { 5931 for _, trailer := range rws.trailers { 5932 if _, ok := rws.handlerHeader[trailer]; ok { 5933 return true 5934 } 5935 } 5936 return false 5937 } 5938 5939 // declareTrailer is called for each Trailer header when the 5940 // response header is written. It notes that a header will need to be 5941 // written in the trailers at the end of the response. 5942 func (rws *http2responseWriterState) declareTrailer(k string) { 5943 k = CanonicalHeaderKey(k) 5944 if !httpguts.ValidTrailerHeader(k) { 5945 // Forbidden by RFC 7230, section 4.1.2. 5946 rws.conn.logf("ignoring invalid trailer %q", k) 5947 return 5948 } 5949 if !http2strSliceContains(rws.trailers, k) { 5950 rws.trailers = append(rws.trailers, k) 5951 } 5952 } 5953 5954 // writeChunk writes chunks from the bufio.Writer. But because 5955 // bufio.Writer may bypass its chunking, sometimes p may be 5956 // arbitrarily large. 5957 // 5958 // writeChunk is also responsible (on the first chunk) for sending the 5959 // HEADER response. 5960 func (rws *http2responseWriterState) writeChunk(p []byte) (n int, err error) { 5961 if !rws.wroteHeader { 5962 rws.writeHeader(200) 5963 } 5964 5965 isHeadResp := rws.req.Method == "HEAD" 5966 if !rws.sentHeader { 5967 rws.sentHeader = true 5968 var ctype, clen string 5969 if clen = rws.snapHeader.Get("Content-Length"); clen != "" { 5970 rws.snapHeader.Del("Content-Length") 5971 clen64, err := strconv.ParseInt(clen, 10, 64) 5972 if err == nil && clen64 >= 0 { 5973 rws.sentContentLen = clen64 5974 } else { 5975 clen = "" 5976 } 5977 } 5978 if clen == "" && rws.handlerDone && http2bodyAllowedForStatus(rws.status) && (len(p) > 0 || !isHeadResp) { 5979 clen = strconv.Itoa(len(p)) 5980 } 5981 _, hasContentType := rws.snapHeader["Content-Type"] 5982 if !hasContentType && http2bodyAllowedForStatus(rws.status) && len(p) > 0 { 5983 ctype = DetectContentType(p) 5984 } 5985 var date string 5986 if _, ok := rws.snapHeader["Date"]; !ok { 5987 // TODO(bradfitz): be faster here, like net/http? measure. 5988 date = time.Now().UTC().Format(TimeFormat) 5989 } 5990 5991 for _, v := range rws.snapHeader["Trailer"] { 5992 http2foreachHeaderElement(v, rws.declareTrailer) 5993 } 5994 5995 // "Connection" headers aren't allowed in HTTP/2 (RFC 7540, 8.1.2.2), 5996 // but respect "Connection" == "close" to mean sending a GOAWAY and tearing 5997 // down the TCP connection when idle, like we do for HTTP/1. 5998 // TODO: remove more Connection-specific header fields here, in addition 5999 // to "Connection". 6000 if _, ok := rws.snapHeader["Connection"]; ok { 6001 v := rws.snapHeader.Get("Connection") 6002 delete(rws.snapHeader, "Connection") 6003 if v == "close" { 6004 rws.conn.startGracefulShutdown() 6005 } 6006 } 6007 6008 endStream := (rws.handlerDone && !rws.hasTrailers() && len(p) == 0) || isHeadResp 6009 err = rws.conn.writeHeaders(rws.stream, &http2writeResHeaders{ 6010 streamID: rws.stream.id, 6011 httpResCode: rws.status, 6012 h: rws.snapHeader, 6013 endStream: endStream, 6014 contentType: ctype, 6015 contentLength: clen, 6016 date: date, 6017 }) 6018 if err != nil { 6019 rws.dirty = true 6020 return 0, err 6021 } 6022 if endStream { 6023 return 0, nil 6024 } 6025 } 6026 if isHeadResp { 6027 return len(p), nil 6028 } 6029 if len(p) == 0 && !rws.handlerDone { 6030 return 0, nil 6031 } 6032 6033 if rws.handlerDone { 6034 rws.promoteUndeclaredTrailers() 6035 } 6036 6037 // only send trailers if they have actually been defined by the 6038 // server handler. 6039 hasNonemptyTrailers := rws.hasNonemptyTrailers() 6040 endStream := rws.handlerDone && !hasNonemptyTrailers 6041 if len(p) > 0 || endStream { 6042 // only send a 0 byte DATA frame if we're ending the stream. 6043 if err := rws.conn.writeDataFromHandler(rws.stream, p, endStream); err != nil { 6044 rws.dirty = true 6045 return 0, err 6046 } 6047 } 6048 6049 if rws.handlerDone && hasNonemptyTrailers { 6050 err = rws.conn.writeHeaders(rws.stream, &http2writeResHeaders{ 6051 streamID: rws.stream.id, 6052 h: rws.handlerHeader, 6053 trailers: rws.trailers, 6054 endStream: true, 6055 }) 6056 if err != nil { 6057 rws.dirty = true 6058 } 6059 return len(p), err 6060 } 6061 return len(p), nil 6062 } 6063 6064 // TrailerPrefix is a magic prefix for ResponseWriter.Header map keys 6065 // that, if present, signals that the map entry is actually for 6066 // the response trailers, and not the response headers. The prefix 6067 // is stripped after the ServeHTTP call finishes and the values are 6068 // sent in the trailers. 6069 // 6070 // This mechanism is intended only for trailers that are not known 6071 // prior to the headers being written. If the set of trailers is fixed 6072 // or known before the header is written, the normal Go trailers mechanism 6073 // is preferred: 6074 // https://golang.org/pkg/net/http/#ResponseWriter 6075 // https://golang.org/pkg/net/http/#example_ResponseWriter_trailers 6076 const http2TrailerPrefix = "Trailer:" 6077 6078 // promoteUndeclaredTrailers permits http.Handlers to set trailers 6079 // after the header has already been flushed. Because the Go 6080 // ResponseWriter interface has no way to set Trailers (only the 6081 // Header), and because we didn't want to expand the ResponseWriter 6082 // interface, and because nobody used trailers, and because RFC 7230 6083 // says you SHOULD (but not must) predeclare any trailers in the 6084 // header, the official ResponseWriter rules said trailers in Go must 6085 // be predeclared, and then we reuse the same ResponseWriter.Header() 6086 // map to mean both Headers and Trailers. When it's time to write the 6087 // Trailers, we pick out the fields of Headers that were declared as 6088 // trailers. That worked for a while, until we found the first major 6089 // user of Trailers in the wild: gRPC (using them only over http2), 6090 // and gRPC libraries permit setting trailers mid-stream without 6091 // predeclarnig them. So: change of plans. We still permit the old 6092 // way, but we also permit this hack: if a Header() key begins with 6093 // "Trailer:", the suffix of that key is a Trailer. Because ':' is an 6094 // invalid token byte anyway, there is no ambiguity. (And it's already 6095 // filtered out) It's mildly hacky, but not terrible. 6096 // 6097 // This method runs after the Handler is done and promotes any Header 6098 // fields to be trailers. 6099 func (rws *http2responseWriterState) promoteUndeclaredTrailers() { 6100 for k, vv := range rws.handlerHeader { 6101 if !strings.HasPrefix(k, http2TrailerPrefix) { 6102 continue 6103 } 6104 trailerKey := strings.TrimPrefix(k, http2TrailerPrefix) 6105 rws.declareTrailer(trailerKey) 6106 rws.handlerHeader[CanonicalHeaderKey(trailerKey)] = vv 6107 } 6108 6109 if len(rws.trailers) > 1 { 6110 sorter := http2sorterPool.Get().(*http2sorter) 6111 sorter.SortStrings(rws.trailers) 6112 http2sorterPool.Put(sorter) 6113 } 6114 } 6115 6116 func (w *http2responseWriter) Flush() { 6117 rws := w.rws 6118 if rws == nil { 6119 panic("Header called after Handler finished") 6120 } 6121 if rws.bw.Buffered() > 0 { 6122 if err := rws.bw.Flush(); err != nil { 6123 // Ignore the error. The frame writer already knows. 6124 return 6125 } 6126 } else { 6127 // The bufio.Writer won't call chunkWriter.Write 6128 // (writeChunk with zero bytes, so we have to do it 6129 // ourselves to force the HTTP response header and/or 6130 // final DATA frame (with END_STREAM) to be sent. 6131 rws.writeChunk(nil) 6132 } 6133 } 6134 6135 func (w *http2responseWriter) CloseNotify() <-chan bool { 6136 rws := w.rws 6137 if rws == nil { 6138 panic("CloseNotify called after Handler finished") 6139 } 6140 rws.closeNotifierMu.Lock() 6141 ch := rws.closeNotifierCh 6142 if ch == nil { 6143 ch = make(chan bool, 1) 6144 rws.closeNotifierCh = ch 6145 cw := rws.stream.cw 6146 go func() { 6147 cw.Wait() // wait for close 6148 ch <- true 6149 }() 6150 } 6151 rws.closeNotifierMu.Unlock() 6152 return ch 6153 } 6154 6155 func (w *http2responseWriter) Header() Header { 6156 rws := w.rws 6157 if rws == nil { 6158 panic("Header called after Handler finished") 6159 } 6160 if rws.handlerHeader == nil { 6161 rws.handlerHeader = make(Header) 6162 } 6163 return rws.handlerHeader 6164 } 6165 6166 // checkWriteHeaderCode is a copy of net/http's checkWriteHeaderCode. 6167 func http2checkWriteHeaderCode(code int) { 6168 // Issue 22880: require valid WriteHeader status codes. 6169 // For now we only enforce that it's three digits. 6170 // In the future we might block things over 599 (600 and above aren't defined 6171 // at http://httpwg.org/specs/rfc7231.html#status.codes) 6172 // and we might block under 200 (once we have more mature 1xx support). 6173 // But for now any three digits. 6174 // 6175 // We used to send "HTTP/1.1 000 0" on the wire in responses but there's 6176 // no equivalent bogus thing we can realistically send in HTTP/2, 6177 // so we'll consistently panic instead and help people find their bugs 6178 // early. (We can't return an error from WriteHeader even if we wanted to.) 6179 if code < 100 || code > 999 { 6180 panic(fmt.Sprintf("invalid WriteHeader code %v", code)) 6181 } 6182 } 6183 6184 func (w *http2responseWriter) WriteHeader(code int) { 6185 rws := w.rws 6186 if rws == nil { 6187 panic("WriteHeader called after Handler finished") 6188 } 6189 rws.writeHeader(code) 6190 } 6191 6192 func (rws *http2responseWriterState) writeHeader(code int) { 6193 if !rws.wroteHeader { 6194 http2checkWriteHeaderCode(code) 6195 rws.wroteHeader = true 6196 rws.status = code 6197 if len(rws.handlerHeader) > 0 { 6198 rws.snapHeader = http2cloneHeader(rws.handlerHeader) 6199 } 6200 } 6201 } 6202 6203 func http2cloneHeader(h Header) Header { 6204 h2 := make(Header, len(h)) 6205 for k, vv := range h { 6206 vv2 := make([]string, len(vv)) 6207 copy(vv2, vv) 6208 h2[k] = vv2 6209 } 6210 return h2 6211 } 6212 6213 // The Life Of A Write is like this: 6214 // 6215 // * Handler calls w.Write or w.WriteString -> 6216 // * -> rws.bw (*bufio.Writer) -> 6217 // * (Handler might call Flush) 6218 // * -> chunkWriter{rws} 6219 // * -> responseWriterState.writeChunk(p []byte) 6220 // * -> responseWriterState.writeChunk (most of the magic; see comment there) 6221 func (w *http2responseWriter) Write(p []byte) (n int, err error) { 6222 return w.write(len(p), p, "") 6223 } 6224 6225 func (w *http2responseWriter) WriteString(s string) (n int, err error) { 6226 return w.write(len(s), nil, s) 6227 } 6228 6229 // either dataB or dataS is non-zero. 6230 func (w *http2responseWriter) write(lenData int, dataB []byte, dataS string) (n int, err error) { 6231 rws := w.rws 6232 if rws == nil { 6233 panic("Write called after Handler finished") 6234 } 6235 if !rws.wroteHeader { 6236 w.WriteHeader(200) 6237 } 6238 if !http2bodyAllowedForStatus(rws.status) { 6239 return 0, ErrBodyNotAllowed 6240 } 6241 rws.wroteBytes += int64(len(dataB)) + int64(len(dataS)) // only one can be set 6242 if rws.sentContentLen != 0 && rws.wroteBytes > rws.sentContentLen { 6243 // TODO: send a RST_STREAM 6244 return 0, errors.New("http2: handler wrote more than declared Content-Length") 6245 } 6246 6247 if dataB != nil { 6248 return rws.bw.Write(dataB) 6249 } else { 6250 return rws.bw.WriteString(dataS) 6251 } 6252 } 6253 6254 func (w *http2responseWriter) handlerDone() { 6255 rws := w.rws 6256 dirty := rws.dirty 6257 rws.handlerDone = true 6258 w.Flush() 6259 w.rws = nil 6260 if !dirty { 6261 // Only recycle the pool if all prior Write calls to 6262 // the serverConn goroutine completed successfully. If 6263 // they returned earlier due to resets from the peer 6264 // there might still be write goroutines outstanding 6265 // from the serverConn referencing the rws memory. See 6266 // issue 20704. 6267 http2responseWriterStatePool.Put(rws) 6268 } 6269 } 6270 6271 // Push errors. 6272 var ( 6273 http2ErrRecursivePush = errors.New("http2: recursive push not allowed") 6274 http2ErrPushLimitReached = errors.New("http2: push would exceed peer's SETTINGS_MAX_CONCURRENT_STREAMS") 6275 ) 6276 6277 var _ Pusher = (*http2responseWriter)(nil) 6278 6279 func (w *http2responseWriter) Push(target string, opts *PushOptions) error { 6280 st := w.rws.stream 6281 sc := st.sc 6282 sc.serveG.checkNotOn() 6283 6284 // No recursive pushes: "PUSH_PROMISE frames MUST only be sent on a peer-initiated stream." 6285 // http://tools.ietf.org/html/rfc7540#section-6.6 6286 if st.isPushed() { 6287 return http2ErrRecursivePush 6288 } 6289 6290 if opts == nil { 6291 opts = new(PushOptions) 6292 } 6293 6294 // Default options. 6295 if opts.Method == "" { 6296 opts.Method = "GET" 6297 } 6298 if opts.Header == nil { 6299 opts.Header = Header{} 6300 } 6301 wantScheme := "http" 6302 if w.rws.req.TLS != nil { 6303 wantScheme = "https" 6304 } 6305 6306 // Validate the request. 6307 u, err := url.Parse(target) 6308 if err != nil { 6309 return err 6310 } 6311 if u.Scheme == "" { 6312 if !strings.HasPrefix(target, "/") { 6313 return fmt.Errorf("target must be an absolute URL or an absolute path: %q", target) 6314 } 6315 u.Scheme = wantScheme 6316 u.Host = w.rws.req.Host 6317 } else { 6318 if u.Scheme != wantScheme { 6319 return fmt.Errorf("cannot push URL with scheme %q from request with scheme %q", u.Scheme, wantScheme) 6320 } 6321 if u.Host == "" { 6322 return errors.New("URL must have a host") 6323 } 6324 } 6325 for k := range opts.Header { 6326 if strings.HasPrefix(k, ":") { 6327 return fmt.Errorf("promised request headers cannot include pseudo header %q", k) 6328 } 6329 // These headers are meaningful only if the request has a body, 6330 // but PUSH_PROMISE requests cannot have a body. 6331 // http://tools.ietf.org/html/rfc7540#section-8.2 6332 // Also disallow Host, since the promised URL must be absolute. 6333 switch strings.ToLower(k) { 6334 case "content-length", "content-encoding", "trailer", "te", "expect", "host": 6335 return fmt.Errorf("promised request headers cannot include %q", k) 6336 } 6337 } 6338 if err := http2checkValidHTTP2RequestHeaders(opts.Header); err != nil { 6339 return err 6340 } 6341 6342 // The RFC effectively limits promised requests to GET and HEAD: 6343 // "Promised requests MUST be cacheable [GET, HEAD, or POST], and MUST be safe [GET or HEAD]" 6344 // http://tools.ietf.org/html/rfc7540#section-8.2 6345 if opts.Method != "GET" && opts.Method != "HEAD" { 6346 return fmt.Errorf("method %q must be GET or HEAD", opts.Method) 6347 } 6348 6349 msg := &http2startPushRequest{ 6350 parent: st, 6351 method: opts.Method, 6352 url: u, 6353 header: http2cloneHeader(opts.Header), 6354 done: http2errChanPool.Get().(chan error), 6355 } 6356 6357 select { 6358 case <-sc.doneServing: 6359 return http2errClientDisconnected 6360 case <-st.cw: 6361 return http2errStreamClosed 6362 case sc.serveMsgCh <- msg: 6363 } 6364 6365 select { 6366 case <-sc.doneServing: 6367 return http2errClientDisconnected 6368 case <-st.cw: 6369 return http2errStreamClosed 6370 case err := <-msg.done: 6371 http2errChanPool.Put(msg.done) 6372 return err 6373 } 6374 } 6375 6376 type http2startPushRequest struct { 6377 parent *http2stream 6378 method string 6379 url *url.URL 6380 header Header 6381 done chan error 6382 } 6383 6384 func (sc *http2serverConn) startPush(msg *http2startPushRequest) { 6385 sc.serveG.check() 6386 6387 // http://tools.ietf.org/html/rfc7540#section-6.6. 6388 // PUSH_PROMISE frames MUST only be sent on a peer-initiated stream that 6389 // is in either the "open" or "half-closed (remote)" state. 6390 if msg.parent.state != http2stateOpen && msg.parent.state != http2stateHalfClosedRemote { 6391 // responseWriter.Push checks that the stream is peer-initiaed. 6392 msg.done <- http2errStreamClosed 6393 return 6394 } 6395 6396 // http://tools.ietf.org/html/rfc7540#section-6.6. 6397 if !sc.pushEnabled { 6398 msg.done <- ErrNotSupported 6399 return 6400 } 6401 6402 // PUSH_PROMISE frames must be sent in increasing order by stream ID, so 6403 // we allocate an ID for the promised stream lazily, when the PUSH_PROMISE 6404 // is written. Once the ID is allocated, we start the request handler. 6405 allocatePromisedID := func() (uint32, error) { 6406 sc.serveG.check() 6407 6408 // Check this again, just in case. Technically, we might have received 6409 // an updated SETTINGS by the time we got around to writing this frame. 6410 if !sc.pushEnabled { 6411 return 0, ErrNotSupported 6412 } 6413 // http://tools.ietf.org/html/rfc7540#section-6.5.2. 6414 if sc.curPushedStreams+1 > sc.clientMaxStreams { 6415 return 0, http2ErrPushLimitReached 6416 } 6417 6418 // http://tools.ietf.org/html/rfc7540#section-5.1.1. 6419 // Streams initiated by the server MUST use even-numbered identifiers. 6420 // A server that is unable to establish a new stream identifier can send a GOAWAY 6421 // frame so that the client is forced to open a new connection for new streams. 6422 if sc.maxPushPromiseID+2 >= 1<<31 { 6423 sc.startGracefulShutdownInternal() 6424 return 0, http2ErrPushLimitReached 6425 } 6426 sc.maxPushPromiseID += 2 6427 promisedID := sc.maxPushPromiseID 6428 6429 // http://tools.ietf.org/html/rfc7540#section-8.2. 6430 // Strictly speaking, the new stream should start in "reserved (local)", then 6431 // transition to "half closed (remote)" after sending the initial HEADERS, but 6432 // we start in "half closed (remote)" for simplicity. 6433 // See further comments at the definition of stateHalfClosedRemote. 6434 promised := sc.newStream(promisedID, msg.parent.id, http2stateHalfClosedRemote) 6435 rw, req, err := sc.newWriterAndRequestNoBody(promised, http2requestParam{ 6436 method: msg.method, 6437 scheme: msg.url.Scheme, 6438 authority: msg.url.Host, 6439 path: msg.url.RequestURI(), 6440 header: http2cloneHeader(msg.header), // clone since handler runs concurrently with writing the PUSH_PROMISE 6441 }) 6442 if err != nil { 6443 // Should not happen, since we've already validated msg.url. 6444 panic(fmt.Sprintf("newWriterAndRequestNoBody(%+v): %v", msg.url, err)) 6445 } 6446 6447 go sc.runHandler(rw, req, sc.handler.ServeHTTP) 6448 return promisedID, nil 6449 } 6450 6451 sc.writeFrame(http2FrameWriteRequest{ 6452 write: &http2writePushPromise{ 6453 streamID: msg.parent.id, 6454 method: msg.method, 6455 url: msg.url, 6456 h: msg.header, 6457 allocatePromisedID: allocatePromisedID, 6458 }, 6459 stream: msg.parent, 6460 done: msg.done, 6461 }) 6462 } 6463 6464 // foreachHeaderElement splits v according to the "#rule" construction 6465 // in RFC 7230 section 7 and calls fn for each non-empty element. 6466 func http2foreachHeaderElement(v string, fn func(string)) { 6467 v = textproto.TrimString(v) 6468 if v == "" { 6469 return 6470 } 6471 if !strings.Contains(v, ",") { 6472 fn(v) 6473 return 6474 } 6475 for _, f := range strings.Split(v, ",") { 6476 if f = textproto.TrimString(f); f != "" { 6477 fn(f) 6478 } 6479 } 6480 } 6481 6482 // From http://httpwg.org/specs/rfc7540.html#rfc.section.8.1.2.2 6483 var http2connHeaders = []string{ 6484 "Connection", 6485 "Keep-Alive", 6486 "Proxy-Connection", 6487 "Transfer-Encoding", 6488 "Upgrade", 6489 } 6490 6491 // checkValidHTTP2RequestHeaders checks whether h is a valid HTTP/2 request, 6492 // per RFC 7540 Section 8.1.2.2. 6493 // The returned error is reported to users. 6494 func http2checkValidHTTP2RequestHeaders(h Header) error { 6495 for _, k := range http2connHeaders { 6496 if _, ok := h[k]; ok { 6497 return fmt.Errorf("request header %q is not valid in HTTP/2", k) 6498 } 6499 } 6500 te := h["Te"] 6501 if len(te) > 0 && (len(te) > 1 || (te[0] != "trailers" && te[0] != "")) { 6502 return errors.New(`request header "TE" may only be "trailers" in HTTP/2`) 6503 } 6504 return nil 6505 } 6506 6507 func http2new400Handler(err error) HandlerFunc { 6508 return func(w ResponseWriter, r *Request) { 6509 Error(w, err.Error(), StatusBadRequest) 6510 } 6511 } 6512 6513 // h1ServerKeepAlivesDisabled reports whether hs has its keep-alives 6514 // disabled. See comments on h1ServerShutdownChan above for why 6515 // the code is written this way. 6516 func http2h1ServerKeepAlivesDisabled(hs *Server) bool { 6517 var x interface{} = hs 6518 type I interface { 6519 doKeepAlives() bool 6520 } 6521 if hs, ok := x.(I); ok { 6522 return !hs.doKeepAlives() 6523 } 6524 return false 6525 } 6526 6527 const ( 6528 // transportDefaultConnFlow is how many connection-level flow control 6529 // tokens we give the server at start-up, past the default 64k. 6530 http2transportDefaultConnFlow = 1 << 30 6531 6532 // transportDefaultStreamFlow is how many stream-level flow 6533 // control tokens we announce to the peer, and how many bytes 6534 // we buffer per stream. 6535 http2transportDefaultStreamFlow = 4 << 20 6536 6537 // transportDefaultStreamMinRefresh is the minimum number of bytes we'll send 6538 // a stream-level WINDOW_UPDATE for at a time. 6539 http2transportDefaultStreamMinRefresh = 4 << 10 6540 6541 http2defaultUserAgent = "Go-http-client/2.0" 6542 ) 6543 6544 // Transport is an HTTP/2 Transport. 6545 // 6546 // A Transport internally caches connections to servers. It is safe 6547 // for concurrent use by multiple goroutines. 6548 type http2Transport struct { 6549 // DialTLS specifies an optional dial function for creating 6550 // TLS connections for requests. 6551 // 6552 // If DialTLS is nil, tls.Dial is used. 6553 // 6554 // If the returned net.Conn has a ConnectionState method like tls.Conn, 6555 // it will be used to set http.Response.TLS. 6556 DialTLS func(network, addr string, cfg *tls.Config) (net.Conn, error) 6557 6558 // TLSClientConfig specifies the TLS configuration to use with 6559 // tls.Client. If nil, the default configuration is used. 6560 TLSClientConfig *tls.Config 6561 6562 // ConnPool optionally specifies an alternate connection pool to use. 6563 // If nil, the default is used. 6564 ConnPool http2ClientConnPool 6565 6566 // DisableCompression, if true, prevents the Transport from 6567 // requesting compression with an "Accept-Encoding: gzip" 6568 // request header when the Request contains no existing 6569 // Accept-Encoding value. If the Transport requests gzip on 6570 // its own and gets a gzipped response, it's transparently 6571 // decoded in the Response.Body. However, if the user 6572 // explicitly requested gzip it is not automatically 6573 // uncompressed. 6574 DisableCompression bool 6575 6576 // AllowHTTP, if true, permits HTTP/2 requests using the insecure, 6577 // plain-text "http" scheme. Note that this does not enable h2c support. 6578 AllowHTTP bool 6579 6580 // MaxHeaderListSize is the http2 SETTINGS_MAX_HEADER_LIST_SIZE to 6581 // send in the initial settings frame. It is how many bytes 6582 // of response headers are allowed. Unlike the http2 spec, zero here 6583 // means to use a default limit (currently 10MB). If you actually 6584 // want to advertise an ulimited value to the peer, Transport 6585 // interprets the highest possible value here (0xffffffff or 1<<32-1) 6586 // to mean no limit. 6587 MaxHeaderListSize uint32 6588 6589 // StrictMaxConcurrentStreams controls whether the server's 6590 // SETTINGS_MAX_CONCURRENT_STREAMS should be respected 6591 // globally. If false, new TCP connections are created to the 6592 // server as needed to keep each under the per-connection 6593 // SETTINGS_MAX_CONCURRENT_STREAMS limit. If true, the 6594 // server's SETTINGS_MAX_CONCURRENT_STREAMS is interpreted as 6595 // a global limit and callers of RoundTrip block when needed, 6596 // waiting for their turn. 6597 StrictMaxConcurrentStreams bool 6598 6599 // t1, if non-nil, is the standard library Transport using 6600 // this transport. Its settings are used (but not its 6601 // RoundTrip method, etc). 6602 t1 *Transport 6603 6604 connPoolOnce sync.Once 6605 connPoolOrDef http2ClientConnPool // non-nil version of ConnPool 6606 } 6607 6608 func (t *http2Transport) maxHeaderListSize() uint32 { 6609 if t.MaxHeaderListSize == 0 { 6610 return 10 << 20 6611 } 6612 if t.MaxHeaderListSize == 0xffffffff { 6613 return 0 6614 } 6615 return t.MaxHeaderListSize 6616 } 6617 6618 func (t *http2Transport) disableCompression() bool { 6619 return t.DisableCompression || (t.t1 != nil && t.t1.DisableCompression) 6620 } 6621 6622 // ConfigureTransport configures a net/http HTTP/1 Transport to use HTTP/2. 6623 // It returns an error if t1 has already been HTTP/2-enabled. 6624 func http2ConfigureTransport(t1 *Transport) error { 6625 _, err := http2configureTransport(t1) 6626 return err 6627 } 6628 6629 func http2configureTransport(t1 *Transport) (*http2Transport, error) { 6630 connPool := new(http2clientConnPool) 6631 t2 := &http2Transport{ 6632 ConnPool: http2noDialClientConnPool{connPool}, 6633 t1: t1, 6634 } 6635 connPool.t = t2 6636 if err := http2registerHTTPSProtocol(t1, http2noDialH2RoundTripper{t2}); err != nil { 6637 return nil, err 6638 } 6639 if t1.TLSClientConfig == nil { 6640 t1.TLSClientConfig = new(tls.Config) 6641 } 6642 if !http2strSliceContains(t1.TLSClientConfig.NextProtos, "h2") { 6643 t1.TLSClientConfig.NextProtos = append([]string{"h2"}, t1.TLSClientConfig.NextProtos...) 6644 } 6645 if !http2strSliceContains(t1.TLSClientConfig.NextProtos, "http/1.1") { 6646 t1.TLSClientConfig.NextProtos = append(t1.TLSClientConfig.NextProtos, "http/1.1") 6647 } 6648 upgradeFn := func(authority string, c *tls.Conn) RoundTripper { 6649 addr := http2authorityAddr("https", authority) 6650 if used, err := connPool.addConnIfNeeded(addr, t2, c); err != nil { 6651 go c.Close() 6652 return http2erringRoundTripper{err} 6653 } else if !used { 6654 // Turns out we don't need this c. 6655 // For example, two goroutines made requests to the same host 6656 // at the same time, both kicking off TCP dials. (since protocol 6657 // was unknown) 6658 go c.Close() 6659 } 6660 return t2 6661 } 6662 if m := t1.TLSNextProto; len(m) == 0 { 6663 t1.TLSNextProto = map[string]func(string, *tls.Conn) RoundTripper{ 6664 "h2": upgradeFn, 6665 } 6666 } else { 6667 m["h2"] = upgradeFn 6668 } 6669 return t2, nil 6670 } 6671 6672 func (t *http2Transport) connPool() http2ClientConnPool { 6673 t.connPoolOnce.Do(t.initConnPool) 6674 return t.connPoolOrDef 6675 } 6676 6677 func (t *http2Transport) initConnPool() { 6678 if t.ConnPool != nil { 6679 t.connPoolOrDef = t.ConnPool 6680 } else { 6681 t.connPoolOrDef = &http2clientConnPool{t: t} 6682 } 6683 } 6684 6685 // ClientConn is the state of a single HTTP/2 client connection to an 6686 // HTTP/2 server. 6687 type http2ClientConn struct { 6688 t *http2Transport 6689 tconn net.Conn // usually *tls.Conn, except specialized impls 6690 tlsState *tls.ConnectionState // nil only for specialized impls 6691 reused uint32 // whether conn is being reused; atomic 6692 singleUse bool // whether being used for a single http.Request 6693 6694 // readLoop goroutine fields: 6695 readerDone chan struct{} // closed on error 6696 readerErr error // set before readerDone is closed 6697 6698 idleTimeout time.Duration // or 0 for never 6699 idleTimer *time.Timer 6700 6701 mu sync.Mutex // guards following 6702 cond *sync.Cond // hold mu; broadcast on flow/closed changes 6703 flow http2flow // our conn-level flow control quota (cs.flow is per stream) 6704 inflow http2flow // peer's conn-level flow control 6705 closing bool 6706 closed bool 6707 wantSettingsAck bool // we sent a SETTINGS frame and haven't heard back 6708 goAway *http2GoAwayFrame // if non-nil, the GoAwayFrame we received 6709 goAwayDebug string // goAway frame's debug data, retained as a string 6710 streams map[uint32]*http2clientStream // client-initiated 6711 nextStreamID uint32 6712 pendingRequests int // requests blocked and waiting to be sent because len(streams) == maxConcurrentStreams 6713 pings map[[8]byte]chan struct{} // in flight ping data to notification channel 6714 bw *bufio.Writer 6715 br *bufio.Reader 6716 fr *http2Framer 6717 lastActive time.Time 6718 // Settings from peer: (also guarded by mu) 6719 maxFrameSize uint32 6720 maxConcurrentStreams uint32 6721 peerMaxHeaderListSize uint64 6722 initialWindowSize uint32 6723 6724 hbuf bytes.Buffer // HPACK encoder writes into this 6725 henc *hpack.Encoder 6726 freeBuf [][]byte 6727 6728 wmu sync.Mutex // held while writing; acquire AFTER mu if holding both 6729 werr error // first write error that has occurred 6730 } 6731 6732 // clientStream is the state for a single HTTP/2 stream. One of these 6733 // is created for each Transport.RoundTrip call. 6734 type http2clientStream struct { 6735 cc *http2ClientConn 6736 req *Request 6737 trace *httptrace.ClientTrace // or nil 6738 ID uint32 6739 resc chan http2resAndError 6740 bufPipe http2pipe // buffered pipe with the flow-controlled response payload 6741 startedWrite bool // started request body write; guarded by cc.mu 6742 requestedGzip bool 6743 on100 func() // optional code to run if get a 100 continue response 6744 6745 flow http2flow // guarded by cc.mu 6746 inflow http2flow // guarded by cc.mu 6747 bytesRemain int64 // -1 means unknown; owned by transportResponseBody.Read 6748 readErr error // sticky read error; owned by transportResponseBody.Read 6749 stopReqBody error // if non-nil, stop writing req body; guarded by cc.mu 6750 didReset bool // whether we sent a RST_STREAM to the server; guarded by cc.mu 6751 6752 peerReset chan struct{} // closed on peer reset 6753 resetErr error // populated before peerReset is closed 6754 6755 done chan struct{} // closed when stream remove from cc.streams map; close calls guarded by cc.mu 6756 6757 // owned by clientConnReadLoop: 6758 firstByte bool // got the first response byte 6759 pastHeaders bool // got first MetaHeadersFrame (actual headers) 6760 pastTrailers bool // got optional second MetaHeadersFrame (trailers) 6761 num1xx uint8 // number of 1xx responses seen 6762 6763 trailer Header // accumulated trailers 6764 resTrailer *Header // client's Response.Trailer 6765 } 6766 6767 // awaitRequestCancel waits for the user to cancel a request or for the done 6768 // channel to be signaled. A non-nil error is returned only if the request was 6769 // canceled. 6770 func http2awaitRequestCancel(req *Request, done <-chan struct{}) error { 6771 ctx := req.Context() 6772 if req.Cancel == nil && ctx.Done() == nil { 6773 return nil 6774 } 6775 select { 6776 case <-req.Cancel: 6777 return http2errRequestCanceled 6778 case <-ctx.Done(): 6779 return ctx.Err() 6780 case <-done: 6781 return nil 6782 } 6783 } 6784 6785 var http2got1xxFuncForTests func(int, textproto.MIMEHeader) error 6786 6787 // get1xxTraceFunc returns the value of request's httptrace.ClientTrace.Got1xxResponse func, 6788 // if any. It returns nil if not set or if the Go version is too old. 6789 func (cs *http2clientStream) get1xxTraceFunc() func(int, textproto.MIMEHeader) error { 6790 if fn := http2got1xxFuncForTests; fn != nil { 6791 return fn 6792 } 6793 return http2traceGot1xxResponseFunc(cs.trace) 6794 } 6795 6796 // awaitRequestCancel waits for the user to cancel a request, its context to 6797 // expire, or for the request to be done (any way it might be removed from the 6798 // cc.streams map: peer reset, successful completion, TCP connection breakage, 6799 // etc). If the request is canceled, then cs will be canceled and closed. 6800 func (cs *http2clientStream) awaitRequestCancel(req *Request) { 6801 if err := http2awaitRequestCancel(req, cs.done); err != nil { 6802 cs.cancelStream() 6803 cs.bufPipe.CloseWithError(err) 6804 } 6805 } 6806 6807 func (cs *http2clientStream) cancelStream() { 6808 cc := cs.cc 6809 cc.mu.Lock() 6810 didReset := cs.didReset 6811 cs.didReset = true 6812 cc.mu.Unlock() 6813 6814 if !didReset { 6815 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 6816 cc.forgetStreamID(cs.ID) 6817 } 6818 } 6819 6820 // checkResetOrDone reports any error sent in a RST_STREAM frame by the 6821 // server, or errStreamClosed if the stream is complete. 6822 func (cs *http2clientStream) checkResetOrDone() error { 6823 select { 6824 case <-cs.peerReset: 6825 return cs.resetErr 6826 case <-cs.done: 6827 return http2errStreamClosed 6828 default: 6829 return nil 6830 } 6831 } 6832 6833 func (cs *http2clientStream) getStartedWrite() bool { 6834 cc := cs.cc 6835 cc.mu.Lock() 6836 defer cc.mu.Unlock() 6837 return cs.startedWrite 6838 } 6839 6840 func (cs *http2clientStream) abortRequestBodyWrite(err error) { 6841 if err == nil { 6842 panic("nil error") 6843 } 6844 cc := cs.cc 6845 cc.mu.Lock() 6846 cs.stopReqBody = err 6847 cc.cond.Broadcast() 6848 cc.mu.Unlock() 6849 } 6850 6851 type http2stickyErrWriter struct { 6852 w io.Writer 6853 err *error 6854 } 6855 6856 func (sew http2stickyErrWriter) Write(p []byte) (n int, err error) { 6857 if *sew.err != nil { 6858 return 0, *sew.err 6859 } 6860 n, err = sew.w.Write(p) 6861 *sew.err = err 6862 return 6863 } 6864 6865 // noCachedConnError is the concrete type of ErrNoCachedConn, which 6866 // needs to be detected by net/http regardless of whether it's its 6867 // bundled version (in h2_bundle.go with a rewritten type name) or 6868 // from a user's x/net/http2. As such, as it has a unique method name 6869 // (IsHTTP2NoCachedConnError) that net/http sniffs for via func 6870 // isNoCachedConnError. 6871 type http2noCachedConnError struct{} 6872 6873 func (http2noCachedConnError) IsHTTP2NoCachedConnError() {} 6874 6875 func (http2noCachedConnError) Error() string { return "http2: no cached connection was available" } 6876 6877 // isNoCachedConnError reports whether err is of type noCachedConnError 6878 // or its equivalent renamed type in net/http2's h2_bundle.go. Both types 6879 // may coexist in the same running program. 6880 func http2isNoCachedConnError(err error) bool { 6881 _, ok := err.(interface{ IsHTTP2NoCachedConnError() }) 6882 return ok 6883 } 6884 6885 var http2ErrNoCachedConn error = http2noCachedConnError{} 6886 6887 // RoundTripOpt are options for the Transport.RoundTripOpt method. 6888 type http2RoundTripOpt struct { 6889 // OnlyCachedConn controls whether RoundTripOpt may 6890 // create a new TCP connection. If set true and 6891 // no cached connection is available, RoundTripOpt 6892 // will return ErrNoCachedConn. 6893 OnlyCachedConn bool 6894 } 6895 6896 func (t *http2Transport) RoundTrip(req *Request) (*Response, error) { 6897 return t.RoundTripOpt(req, http2RoundTripOpt{}) 6898 } 6899 6900 // authorityAddr returns a given authority (a host/IP, or host:port / ip:port) 6901 // and returns a host:port. The port 443 is added if needed. 6902 func http2authorityAddr(scheme string, authority string) (addr string) { 6903 host, port, err := net.SplitHostPort(authority) 6904 if err != nil { // authority didn't have a port 6905 port = "443" 6906 if scheme == "http" { 6907 port = "80" 6908 } 6909 host = authority 6910 } 6911 if a, err := idna.ToASCII(host); err == nil { 6912 host = a 6913 } 6914 // IPv6 address literal, without a port: 6915 if strings.HasPrefix(host, "[") && strings.HasSuffix(host, "]") { 6916 return host + ":" + port 6917 } 6918 return net.JoinHostPort(host, port) 6919 } 6920 6921 // RoundTripOpt is like RoundTrip, but takes options. 6922 func (t *http2Transport) RoundTripOpt(req *Request, opt http2RoundTripOpt) (*Response, error) { 6923 if !(req.URL.Scheme == "https" || (req.URL.Scheme == "http" && t.AllowHTTP)) { 6924 return nil, errors.New("http2: unsupported scheme") 6925 } 6926 6927 addr := http2authorityAddr(req.URL.Scheme, req.URL.Host) 6928 for retry := 0; ; retry++ { 6929 cc, err := t.connPool().GetClientConn(req, addr) 6930 if err != nil { 6931 t.vlogf("http2: Transport failed to get client conn for %s: %v", addr, err) 6932 return nil, err 6933 } 6934 reused := !atomic.CompareAndSwapUint32(&cc.reused, 0, 1) 6935 http2traceGotConn(req, cc, reused) 6936 res, gotErrAfterReqBodyWrite, err := cc.roundTrip(req) 6937 if err != nil && retry <= 6 { 6938 if req, err = http2shouldRetryRequest(req, err, gotErrAfterReqBodyWrite); err == nil { 6939 // After the first retry, do exponential backoff with 10% jitter. 6940 if retry == 0 { 6941 continue 6942 } 6943 backoff := float64(uint(1) << (uint(retry) - 1)) 6944 backoff += backoff * (0.1 * mathrand.Float64()) 6945 select { 6946 case <-time.After(time.Second * time.Duration(backoff)): 6947 continue 6948 case <-req.Context().Done(): 6949 return nil, req.Context().Err() 6950 } 6951 } 6952 } 6953 if err != nil { 6954 t.vlogf("RoundTrip failure: %v", err) 6955 return nil, err 6956 } 6957 return res, nil 6958 } 6959 } 6960 6961 // CloseIdleConnections closes any connections which were previously 6962 // connected from previous requests but are now sitting idle. 6963 // It does not interrupt any connections currently in use. 6964 func (t *http2Transport) CloseIdleConnections() { 6965 if cp, ok := t.connPool().(http2clientConnPoolIdleCloser); ok { 6966 cp.closeIdleConnections() 6967 } 6968 } 6969 6970 var ( 6971 http2errClientConnClosed = errors.New("http2: client conn is closed") 6972 http2errClientConnUnusable = errors.New("http2: client conn not usable") 6973 http2errClientConnGotGoAway = errors.New("http2: Transport received Server's graceful shutdown GOAWAY") 6974 ) 6975 6976 // shouldRetryRequest is called by RoundTrip when a request fails to get 6977 // response headers. It is always called with a non-nil error. 6978 // It returns either a request to retry (either the same request, or a 6979 // modified clone), or an error if the request can't be replayed. 6980 func http2shouldRetryRequest(req *Request, err error, afterBodyWrite bool) (*Request, error) { 6981 if !http2canRetryError(err) { 6982 return nil, err 6983 } 6984 // If the Body is nil (or http.NoBody), it's safe to reuse 6985 // this request and its Body. 6986 if req.Body == nil || req.Body == NoBody { 6987 return req, nil 6988 } 6989 6990 // If the request body can be reset back to its original 6991 // state via the optional req.GetBody, do that. 6992 if req.GetBody != nil { 6993 // TODO: consider a req.Body.Close here? or audit that all caller paths do? 6994 body, err := req.GetBody() 6995 if err != nil { 6996 return nil, err 6997 } 6998 newReq := *req 6999 newReq.Body = body 7000 return &newReq, nil 7001 } 7002 7003 // The Request.Body can't reset back to the beginning, but we 7004 // don't seem to have started to read from it yet, so reuse 7005 // the request directly. The "afterBodyWrite" means the 7006 // bodyWrite process has started, which becomes true before 7007 // the first Read. 7008 if !afterBodyWrite { 7009 return req, nil 7010 } 7011 7012 return nil, fmt.Errorf("http2: Transport: cannot retry err [%v] after Request.Body was written; define Request.GetBody to avoid this error", err) 7013 } 7014 7015 func http2canRetryError(err error) bool { 7016 if err == http2errClientConnUnusable || err == http2errClientConnGotGoAway { 7017 return true 7018 } 7019 if se, ok := err.(http2StreamError); ok { 7020 return se.Code == http2ErrCodeRefusedStream 7021 } 7022 return false 7023 } 7024 7025 func (t *http2Transport) dialClientConn(addr string, singleUse bool) (*http2ClientConn, error) { 7026 host, _, err := net.SplitHostPort(addr) 7027 if err != nil { 7028 return nil, err 7029 } 7030 tconn, err := t.dialTLS()("tcp", addr, t.newTLSConfig(host)) 7031 if err != nil { 7032 return nil, err 7033 } 7034 return t.newClientConn(tconn, singleUse) 7035 } 7036 7037 func (t *http2Transport) newTLSConfig(host string) *tls.Config { 7038 cfg := new(tls.Config) 7039 if t.TLSClientConfig != nil { 7040 *cfg = *t.TLSClientConfig.Clone() 7041 } 7042 if !http2strSliceContains(cfg.NextProtos, http2NextProtoTLS) { 7043 cfg.NextProtos = append([]string{http2NextProtoTLS}, cfg.NextProtos...) 7044 } 7045 if cfg.ServerName == "" { 7046 cfg.ServerName = host 7047 } 7048 return cfg 7049 } 7050 7051 func (t *http2Transport) dialTLS() func(string, string, *tls.Config) (net.Conn, error) { 7052 if t.DialTLS != nil { 7053 return t.DialTLS 7054 } 7055 return t.dialTLSDefault 7056 } 7057 7058 func (t *http2Transport) dialTLSDefault(network, addr string, cfg *tls.Config) (net.Conn, error) { 7059 cn, err := tls.Dial(network, addr, cfg) 7060 if err != nil { 7061 return nil, err 7062 } 7063 if err := cn.Handshake(); err != nil { 7064 return nil, err 7065 } 7066 if !cfg.InsecureSkipVerify { 7067 if err := cn.VerifyHostname(cfg.ServerName); err != nil { 7068 return nil, err 7069 } 7070 } 7071 state := cn.ConnectionState() 7072 if p := state.NegotiatedProtocol; p != http2NextProtoTLS { 7073 return nil, fmt.Errorf("http2: unexpected ALPN protocol %q; want %q", p, http2NextProtoTLS) 7074 } 7075 if !state.NegotiatedProtocolIsMutual { 7076 return nil, errors.New("http2: could not negotiate protocol mutually") 7077 } 7078 return cn, nil 7079 } 7080 7081 // disableKeepAlives reports whether connections should be closed as 7082 // soon as possible after handling the first request. 7083 func (t *http2Transport) disableKeepAlives() bool { 7084 return t.t1 != nil && t.t1.DisableKeepAlives 7085 } 7086 7087 func (t *http2Transport) expectContinueTimeout() time.Duration { 7088 if t.t1 == nil { 7089 return 0 7090 } 7091 return t.t1.ExpectContinueTimeout 7092 } 7093 7094 func (t *http2Transport) NewClientConn(c net.Conn) (*http2ClientConn, error) { 7095 return t.newClientConn(c, false) 7096 } 7097 7098 func (t *http2Transport) newClientConn(c net.Conn, singleUse bool) (*http2ClientConn, error) { 7099 cc := &http2ClientConn{ 7100 t: t, 7101 tconn: c, 7102 readerDone: make(chan struct{}), 7103 nextStreamID: 1, 7104 maxFrameSize: 16 << 10, // spec default 7105 initialWindowSize: 65535, // spec default 7106 maxConcurrentStreams: 1000, // "infinite", per spec. 1000 seems good enough. 7107 peerMaxHeaderListSize: 0xffffffffffffffff, // "infinite", per spec. Use 2^64-1 instead. 7108 streams: make(map[uint32]*http2clientStream), 7109 singleUse: singleUse, 7110 wantSettingsAck: true, 7111 pings: make(map[[8]byte]chan struct{}), 7112 } 7113 if d := t.idleConnTimeout(); d != 0 { 7114 cc.idleTimeout = d 7115 cc.idleTimer = time.AfterFunc(d, cc.onIdleTimeout) 7116 } 7117 if http2VerboseLogs { 7118 t.vlogf("http2: Transport creating client conn %p to %v", cc, c.RemoteAddr()) 7119 } 7120 7121 cc.cond = sync.NewCond(&cc.mu) 7122 cc.flow.add(int32(http2initialWindowSize)) 7123 7124 // TODO: adjust this writer size to account for frame size + 7125 // MTU + crypto/tls record padding. 7126 cc.bw = bufio.NewWriter(http2stickyErrWriter{c, &cc.werr}) 7127 cc.br = bufio.NewReader(c) 7128 cc.fr = http2NewFramer(cc.bw, cc.br) 7129 cc.fr.ReadMetaHeaders = hpack.NewDecoder(http2initialHeaderTableSize, nil) 7130 cc.fr.MaxHeaderListSize = t.maxHeaderListSize() 7131 7132 // TODO: SetMaxDynamicTableSize, SetMaxDynamicTableSizeLimit on 7133 // henc in response to SETTINGS frames? 7134 cc.henc = hpack.NewEncoder(&cc.hbuf) 7135 7136 if t.AllowHTTP { 7137 cc.nextStreamID = 3 7138 } 7139 7140 if cs, ok := c.(http2connectionStater); ok { 7141 state := cs.ConnectionState() 7142 cc.tlsState = &state 7143 } 7144 7145 initialSettings := []http2Setting{ 7146 {ID: http2SettingEnablePush, Val: 0}, 7147 {ID: http2SettingInitialWindowSize, Val: http2transportDefaultStreamFlow}, 7148 } 7149 if max := t.maxHeaderListSize(); max != 0 { 7150 initialSettings = append(initialSettings, http2Setting{ID: http2SettingMaxHeaderListSize, Val: max}) 7151 } 7152 7153 cc.bw.Write(http2clientPreface) 7154 cc.fr.WriteSettings(initialSettings...) 7155 cc.fr.WriteWindowUpdate(0, http2transportDefaultConnFlow) 7156 cc.inflow.add(http2transportDefaultConnFlow + http2initialWindowSize) 7157 cc.bw.Flush() 7158 if cc.werr != nil { 7159 return nil, cc.werr 7160 } 7161 7162 go cc.readLoop() 7163 return cc, nil 7164 } 7165 7166 func (cc *http2ClientConn) setGoAway(f *http2GoAwayFrame) { 7167 cc.mu.Lock() 7168 defer cc.mu.Unlock() 7169 7170 old := cc.goAway 7171 cc.goAway = f 7172 7173 // Merge the previous and current GoAway error frames. 7174 if cc.goAwayDebug == "" { 7175 cc.goAwayDebug = string(f.DebugData()) 7176 } 7177 if old != nil && old.ErrCode != http2ErrCodeNo { 7178 cc.goAway.ErrCode = old.ErrCode 7179 } 7180 last := f.LastStreamID 7181 for streamID, cs := range cc.streams { 7182 if streamID > last { 7183 select { 7184 case cs.resc <- http2resAndError{err: http2errClientConnGotGoAway}: 7185 default: 7186 } 7187 } 7188 } 7189 } 7190 7191 // CanTakeNewRequest reports whether the connection can take a new request, 7192 // meaning it has not been closed or received or sent a GOAWAY. 7193 func (cc *http2ClientConn) CanTakeNewRequest() bool { 7194 cc.mu.Lock() 7195 defer cc.mu.Unlock() 7196 return cc.canTakeNewRequestLocked() 7197 } 7198 7199 // clientConnIdleState describes the suitability of a client 7200 // connection to initiate a new RoundTrip request. 7201 type http2clientConnIdleState struct { 7202 canTakeNewRequest bool 7203 freshConn bool // whether it's unused by any previous request 7204 } 7205 7206 func (cc *http2ClientConn) idleState() http2clientConnIdleState { 7207 cc.mu.Lock() 7208 defer cc.mu.Unlock() 7209 return cc.idleStateLocked() 7210 } 7211 7212 func (cc *http2ClientConn) idleStateLocked() (st http2clientConnIdleState) { 7213 if cc.singleUse && cc.nextStreamID > 1 { 7214 return 7215 } 7216 var maxConcurrentOkay bool 7217 if cc.t.StrictMaxConcurrentStreams { 7218 // We'll tell the caller we can take a new request to 7219 // prevent the caller from dialing a new TCP 7220 // connection, but then we'll block later before 7221 // writing it. 7222 maxConcurrentOkay = true 7223 } else { 7224 maxConcurrentOkay = int64(len(cc.streams)+1) < int64(cc.maxConcurrentStreams) 7225 } 7226 7227 st.canTakeNewRequest = cc.goAway == nil && !cc.closed && !cc.closing && maxConcurrentOkay && 7228 int64(cc.nextStreamID)+2*int64(cc.pendingRequests) < math.MaxInt32 7229 st.freshConn = cc.nextStreamID == 1 && st.canTakeNewRequest 7230 return 7231 } 7232 7233 func (cc *http2ClientConn) canTakeNewRequestLocked() bool { 7234 st := cc.idleStateLocked() 7235 return st.canTakeNewRequest 7236 } 7237 7238 // onIdleTimeout is called from a time.AfterFunc goroutine. It will 7239 // only be called when we're idle, but because we're coming from a new 7240 // goroutine, there could be a new request coming in at the same time, 7241 // so this simply calls the synchronized closeIfIdle to shut down this 7242 // connection. The timer could just call closeIfIdle, but this is more 7243 // clear. 7244 func (cc *http2ClientConn) onIdleTimeout() { 7245 cc.closeIfIdle() 7246 } 7247 7248 func (cc *http2ClientConn) closeIfIdle() { 7249 cc.mu.Lock() 7250 if len(cc.streams) > 0 { 7251 cc.mu.Unlock() 7252 return 7253 } 7254 cc.closed = true 7255 nextID := cc.nextStreamID 7256 // TODO: do clients send GOAWAY too? maybe? Just Close: 7257 cc.mu.Unlock() 7258 7259 if http2VerboseLogs { 7260 cc.vlogf("http2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)", cc, cc.singleUse, nextID-2) 7261 } 7262 cc.tconn.Close() 7263 } 7264 7265 var http2shutdownEnterWaitStateHook = func() {} 7266 7267 // Shutdown gracefully close the client connection, waiting for running streams to complete. 7268 func (cc *http2ClientConn) Shutdown(ctx context.Context) error { 7269 if err := cc.sendGoAway(); err != nil { 7270 return err 7271 } 7272 // Wait for all in-flight streams to complete or connection to close 7273 done := make(chan error, 1) 7274 cancelled := false // guarded by cc.mu 7275 go func() { 7276 cc.mu.Lock() 7277 defer cc.mu.Unlock() 7278 for { 7279 if len(cc.streams) == 0 || cc.closed { 7280 cc.closed = true 7281 done <- cc.tconn.Close() 7282 break 7283 } 7284 if cancelled { 7285 break 7286 } 7287 cc.cond.Wait() 7288 } 7289 }() 7290 http2shutdownEnterWaitStateHook() 7291 select { 7292 case err := <-done: 7293 return err 7294 case <-ctx.Done(): 7295 cc.mu.Lock() 7296 // Free the goroutine above 7297 cancelled = true 7298 cc.cond.Broadcast() 7299 cc.mu.Unlock() 7300 return ctx.Err() 7301 } 7302 } 7303 7304 func (cc *http2ClientConn) sendGoAway() error { 7305 cc.mu.Lock() 7306 defer cc.mu.Unlock() 7307 cc.wmu.Lock() 7308 defer cc.wmu.Unlock() 7309 if cc.closing { 7310 // GOAWAY sent already 7311 return nil 7312 } 7313 // Send a graceful shutdown frame to server 7314 maxStreamID := cc.nextStreamID 7315 if err := cc.fr.WriteGoAway(maxStreamID, http2ErrCodeNo, nil); err != nil { 7316 return err 7317 } 7318 if err := cc.bw.Flush(); err != nil { 7319 return err 7320 } 7321 // Prevent new requests 7322 cc.closing = true 7323 return nil 7324 } 7325 7326 // Close closes the client connection immediately. 7327 // 7328 // In-flight requests are interrupted. For a graceful shutdown, use Shutdown instead. 7329 func (cc *http2ClientConn) Close() error { 7330 cc.mu.Lock() 7331 defer cc.cond.Broadcast() 7332 defer cc.mu.Unlock() 7333 err := errors.New("http2: client connection force closed via ClientConn.Close") 7334 for id, cs := range cc.streams { 7335 select { 7336 case cs.resc <- http2resAndError{err: err}: 7337 default: 7338 } 7339 cs.bufPipe.CloseWithError(err) 7340 delete(cc.streams, id) 7341 } 7342 cc.closed = true 7343 return cc.tconn.Close() 7344 } 7345 7346 const http2maxAllocFrameSize = 512 << 10 7347 7348 // frameBuffer returns a scratch buffer suitable for writing DATA frames. 7349 // They're capped at the min of the peer's max frame size or 512KB 7350 // (kinda arbitrarily), but definitely capped so we don't allocate 4GB 7351 // bufers. 7352 func (cc *http2ClientConn) frameScratchBuffer() []byte { 7353 cc.mu.Lock() 7354 size := cc.maxFrameSize 7355 if size > http2maxAllocFrameSize { 7356 size = http2maxAllocFrameSize 7357 } 7358 for i, buf := range cc.freeBuf { 7359 if len(buf) >= int(size) { 7360 cc.freeBuf[i] = nil 7361 cc.mu.Unlock() 7362 return buf[:size] 7363 } 7364 } 7365 cc.mu.Unlock() 7366 return make([]byte, size) 7367 } 7368 7369 func (cc *http2ClientConn) putFrameScratchBuffer(buf []byte) { 7370 cc.mu.Lock() 7371 defer cc.mu.Unlock() 7372 const maxBufs = 4 // arbitrary; 4 concurrent requests per conn? investigate. 7373 if len(cc.freeBuf) < maxBufs { 7374 cc.freeBuf = append(cc.freeBuf, buf) 7375 return 7376 } 7377 for i, old := range cc.freeBuf { 7378 if old == nil { 7379 cc.freeBuf[i] = buf 7380 return 7381 } 7382 } 7383 // forget about it. 7384 } 7385 7386 // errRequestCanceled is a copy of net/http's errRequestCanceled because it's not 7387 // exported. At least they'll be DeepEqual for h1-vs-h2 comparisons tests. 7388 var http2errRequestCanceled = errors.New("net/http: request canceled") 7389 7390 func http2commaSeparatedTrailers(req *Request) (string, error) { 7391 keys := make([]string, 0, len(req.Trailer)) 7392 for k := range req.Trailer { 7393 k = CanonicalHeaderKey(k) 7394 switch k { 7395 case "Transfer-Encoding", "Trailer", "Content-Length": 7396 return "", &http2badStringError{"invalid Trailer key", k} 7397 } 7398 keys = append(keys, k) 7399 } 7400 if len(keys) > 0 { 7401 sort.Strings(keys) 7402 return strings.Join(keys, ","), nil 7403 } 7404 return "", nil 7405 } 7406 7407 func (cc *http2ClientConn) responseHeaderTimeout() time.Duration { 7408 if cc.t.t1 != nil { 7409 return cc.t.t1.ResponseHeaderTimeout 7410 } 7411 // No way to do this (yet?) with just an http2.Transport. Probably 7412 // no need. Request.Cancel this is the new way. We only need to support 7413 // this for compatibility with the old http.Transport fields when 7414 // we're doing transparent http2. 7415 return 0 7416 } 7417 7418 // checkConnHeaders checks whether req has any invalid connection-level headers. 7419 // per RFC 7540 section 8.1.2.2: Connection-Specific Header Fields. 7420 // Certain headers are special-cased as okay but not transmitted later. 7421 func http2checkConnHeaders(req *Request) error { 7422 if v := req.Header.Get("Upgrade"); v != "" { 7423 return fmt.Errorf("http2: invalid Upgrade request header: %q", req.Header["Upgrade"]) 7424 } 7425 if vv := req.Header["Transfer-Encoding"]; len(vv) > 0 && (len(vv) > 1 || vv[0] != "" && vv[0] != "chunked") { 7426 return fmt.Errorf("http2: invalid Transfer-Encoding request header: %q", vv) 7427 } 7428 if vv := req.Header["Connection"]; len(vv) > 0 && (len(vv) > 1 || vv[0] != "" && !strings.EqualFold(vv[0], "close") && !strings.EqualFold(vv[0], "keep-alive")) { 7429 return fmt.Errorf("http2: invalid Connection request header: %q", vv) 7430 } 7431 return nil 7432 } 7433 7434 // actualContentLength returns a sanitized version of 7435 // req.ContentLength, where 0 actually means zero (not unknown) and -1 7436 // means unknown. 7437 func http2actualContentLength(req *Request) int64 { 7438 if req.Body == nil || req.Body == NoBody { 7439 return 0 7440 } 7441 if req.ContentLength != 0 { 7442 return req.ContentLength 7443 } 7444 return -1 7445 } 7446 7447 func (cc *http2ClientConn) RoundTrip(req *Request) (*Response, error) { 7448 resp, _, err := cc.roundTrip(req) 7449 return resp, err 7450 } 7451 7452 func (cc *http2ClientConn) roundTrip(req *Request) (res *Response, gotErrAfterReqBodyWrite bool, err error) { 7453 if err := http2checkConnHeaders(req); err != nil { 7454 return nil, false, err 7455 } 7456 if cc.idleTimer != nil { 7457 cc.idleTimer.Stop() 7458 } 7459 7460 trailers, err := http2commaSeparatedTrailers(req) 7461 if err != nil { 7462 return nil, false, err 7463 } 7464 hasTrailers := trailers != "" 7465 7466 cc.mu.Lock() 7467 if err := cc.awaitOpenSlotForRequest(req); err != nil { 7468 cc.mu.Unlock() 7469 return nil, false, err 7470 } 7471 7472 body := req.Body 7473 contentLen := http2actualContentLength(req) 7474 hasBody := contentLen != 0 7475 7476 // TODO(bradfitz): this is a copy of the logic in net/http. Unify somewhere? 7477 var requestedGzip bool 7478 if !cc.t.disableCompression() && 7479 req.Header.Get("Accept-Encoding") == "" && 7480 req.Header.Get("Range") == "" && 7481 req.Method != "HEAD" { 7482 // Request gzip only, not deflate. Deflate is ambiguous and 7483 // not as universally supported anyway. 7484 // See: https://zlib.net/zlib_faq.html#faq39 7485 // 7486 // Note that we don't request this for HEAD requests, 7487 // due to a bug in nginx: 7488 // http://trac.nginx.org/nginx/ticket/358 7489 // https://golang.org/issue/5522 7490 // 7491 // We don't request gzip if the request is for a range, since 7492 // auto-decoding a portion of a gzipped document will just fail 7493 // anyway. See https://golang.org/issue/8923 7494 requestedGzip = true 7495 } 7496 7497 // we send: HEADERS{1}, CONTINUATION{0,} + DATA{0,} (DATA is 7498 // sent by writeRequestBody below, along with any Trailers, 7499 // again in form HEADERS{1}, CONTINUATION{0,}) 7500 hdrs, err := cc.encodeHeaders(req, requestedGzip, trailers, contentLen) 7501 if err != nil { 7502 cc.mu.Unlock() 7503 return nil, false, err 7504 } 7505 7506 cs := cc.newStream() 7507 cs.req = req 7508 cs.trace = httptrace.ContextClientTrace(req.Context()) 7509 cs.requestedGzip = requestedGzip 7510 bodyWriter := cc.t.getBodyWriterState(cs, body) 7511 cs.on100 = bodyWriter.on100 7512 7513 cc.wmu.Lock() 7514 endStream := !hasBody && !hasTrailers 7515 werr := cc.writeHeaders(cs.ID, endStream, int(cc.maxFrameSize), hdrs) 7516 cc.wmu.Unlock() 7517 http2traceWroteHeaders(cs.trace) 7518 cc.mu.Unlock() 7519 7520 if werr != nil { 7521 if hasBody { 7522 req.Body.Close() // per RoundTripper contract 7523 bodyWriter.cancel() 7524 } 7525 cc.forgetStreamID(cs.ID) 7526 // Don't bother sending a RST_STREAM (our write already failed; 7527 // no need to keep writing) 7528 http2traceWroteRequest(cs.trace, werr) 7529 return nil, false, werr 7530 } 7531 7532 var respHeaderTimer <-chan time.Time 7533 if hasBody { 7534 bodyWriter.scheduleBodyWrite() 7535 } else { 7536 http2traceWroteRequest(cs.trace, nil) 7537 if d := cc.responseHeaderTimeout(); d != 0 { 7538 timer := time.NewTimer(d) 7539 defer timer.Stop() 7540 respHeaderTimer = timer.C 7541 } 7542 } 7543 7544 readLoopResCh := cs.resc 7545 bodyWritten := false 7546 ctx := req.Context() 7547 7548 handleReadLoopResponse := func(re http2resAndError) (*Response, bool, error) { 7549 res := re.res 7550 if re.err != nil || res.StatusCode > 299 { 7551 // On error or status code 3xx, 4xx, 5xx, etc abort any 7552 // ongoing write, assuming that the server doesn't care 7553 // about our request body. If the server replied with 1xx or 7554 // 2xx, however, then assume the server DOES potentially 7555 // want our body (e.g. full-duplex streaming: 7556 // golang.org/issue/13444). If it turns out the server 7557 // doesn't, they'll RST_STREAM us soon enough. This is a 7558 // heuristic to avoid adding knobs to Transport. Hopefully 7559 // we can keep it. 7560 bodyWriter.cancel() 7561 cs.abortRequestBodyWrite(http2errStopReqBodyWrite) 7562 } 7563 if re.err != nil { 7564 cc.forgetStreamID(cs.ID) 7565 return nil, cs.getStartedWrite(), re.err 7566 } 7567 res.Request = req 7568 res.TLS = cc.tlsState 7569 return res, false, nil 7570 } 7571 7572 for { 7573 select { 7574 case re := <-readLoopResCh: 7575 return handleReadLoopResponse(re) 7576 case <-respHeaderTimer: 7577 if !hasBody || bodyWritten { 7578 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 7579 } else { 7580 bodyWriter.cancel() 7581 cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel) 7582 } 7583 cc.forgetStreamID(cs.ID) 7584 return nil, cs.getStartedWrite(), http2errTimeout 7585 case <-ctx.Done(): 7586 if !hasBody || bodyWritten { 7587 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 7588 } else { 7589 bodyWriter.cancel() 7590 cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel) 7591 } 7592 cc.forgetStreamID(cs.ID) 7593 return nil, cs.getStartedWrite(), ctx.Err() 7594 case <-req.Cancel: 7595 if !hasBody || bodyWritten { 7596 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 7597 } else { 7598 bodyWriter.cancel() 7599 cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel) 7600 } 7601 cc.forgetStreamID(cs.ID) 7602 return nil, cs.getStartedWrite(), http2errRequestCanceled 7603 case <-cs.peerReset: 7604 // processResetStream already removed the 7605 // stream from the streams map; no need for 7606 // forgetStreamID. 7607 return nil, cs.getStartedWrite(), cs.resetErr 7608 case err := <-bodyWriter.resc: 7609 // Prefer the read loop's response, if available. Issue 16102. 7610 select { 7611 case re := <-readLoopResCh: 7612 return handleReadLoopResponse(re) 7613 default: 7614 } 7615 if err != nil { 7616 cc.forgetStreamID(cs.ID) 7617 return nil, cs.getStartedWrite(), err 7618 } 7619 bodyWritten = true 7620 if d := cc.responseHeaderTimeout(); d != 0 { 7621 timer := time.NewTimer(d) 7622 defer timer.Stop() 7623 respHeaderTimer = timer.C 7624 } 7625 } 7626 } 7627 } 7628 7629 // awaitOpenSlotForRequest waits until len(streams) < maxConcurrentStreams. 7630 // Must hold cc.mu. 7631 func (cc *http2ClientConn) awaitOpenSlotForRequest(req *Request) error { 7632 var waitingForConn chan struct{} 7633 var waitingForConnErr error // guarded by cc.mu 7634 for { 7635 cc.lastActive = time.Now() 7636 if cc.closed || !cc.canTakeNewRequestLocked() { 7637 if waitingForConn != nil { 7638 close(waitingForConn) 7639 } 7640 return http2errClientConnUnusable 7641 } 7642 if int64(len(cc.streams))+1 <= int64(cc.maxConcurrentStreams) { 7643 if waitingForConn != nil { 7644 close(waitingForConn) 7645 } 7646 return nil 7647 } 7648 // Unfortunately, we cannot wait on a condition variable and channel at 7649 // the same time, so instead, we spin up a goroutine to check if the 7650 // request is canceled while we wait for a slot to open in the connection. 7651 if waitingForConn == nil { 7652 waitingForConn = make(chan struct{}) 7653 go func() { 7654 if err := http2awaitRequestCancel(req, waitingForConn); err != nil { 7655 cc.mu.Lock() 7656 waitingForConnErr = err 7657 cc.cond.Broadcast() 7658 cc.mu.Unlock() 7659 } 7660 }() 7661 } 7662 cc.pendingRequests++ 7663 cc.cond.Wait() 7664 cc.pendingRequests-- 7665 if waitingForConnErr != nil { 7666 return waitingForConnErr 7667 } 7668 } 7669 } 7670 7671 // requires cc.wmu be held 7672 func (cc *http2ClientConn) writeHeaders(streamID uint32, endStream bool, maxFrameSize int, hdrs []byte) error { 7673 first := true // first frame written (HEADERS is first, then CONTINUATION) 7674 for len(hdrs) > 0 && cc.werr == nil { 7675 chunk := hdrs 7676 if len(chunk) > maxFrameSize { 7677 chunk = chunk[:maxFrameSize] 7678 } 7679 hdrs = hdrs[len(chunk):] 7680 endHeaders := len(hdrs) == 0 7681 if first { 7682 cc.fr.WriteHeaders(http2HeadersFrameParam{ 7683 StreamID: streamID, 7684 BlockFragment: chunk, 7685 EndStream: endStream, 7686 EndHeaders: endHeaders, 7687 }) 7688 first = false 7689 } else { 7690 cc.fr.WriteContinuation(streamID, endHeaders, chunk) 7691 } 7692 } 7693 // TODO(bradfitz): this Flush could potentially block (as 7694 // could the WriteHeaders call(s) above), which means they 7695 // wouldn't respond to Request.Cancel being readable. That's 7696 // rare, but this should probably be in a goroutine. 7697 cc.bw.Flush() 7698 return cc.werr 7699 } 7700 7701 // internal error values; they don't escape to callers 7702 var ( 7703 // abort request body write; don't send cancel 7704 http2errStopReqBodyWrite = errors.New("http2: aborting request body write") 7705 7706 // abort request body write, but send stream reset of cancel. 7707 http2errStopReqBodyWriteAndCancel = errors.New("http2: canceling request") 7708 ) 7709 7710 func (cs *http2clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) (err error) { 7711 cc := cs.cc 7712 sentEnd := false // whether we sent the final DATA frame w/ END_STREAM 7713 buf := cc.frameScratchBuffer() 7714 defer cc.putFrameScratchBuffer(buf) 7715 7716 defer func() { 7717 http2traceWroteRequest(cs.trace, err) 7718 // TODO: write h12Compare test showing whether 7719 // Request.Body is closed by the Transport, 7720 // and in multiple cases: server replies <=299 and >299 7721 // while still writing request body 7722 cerr := bodyCloser.Close() 7723 if err == nil { 7724 err = cerr 7725 } 7726 }() 7727 7728 req := cs.req 7729 hasTrailers := req.Trailer != nil 7730 7731 var sawEOF bool 7732 for !sawEOF { 7733 n, err := body.Read(buf) 7734 if err == io.EOF { 7735 sawEOF = true 7736 err = nil 7737 } else if err != nil { 7738 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, err) 7739 return err 7740 } 7741 7742 remain := buf[:n] 7743 for len(remain) > 0 && err == nil { 7744 var allowed int32 7745 allowed, err = cs.awaitFlowControl(len(remain)) 7746 switch { 7747 case err == http2errStopReqBodyWrite: 7748 return err 7749 case err == http2errStopReqBodyWriteAndCancel: 7750 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 7751 return err 7752 case err != nil: 7753 return err 7754 } 7755 cc.wmu.Lock() 7756 data := remain[:allowed] 7757 remain = remain[allowed:] 7758 sentEnd = sawEOF && len(remain) == 0 && !hasTrailers 7759 err = cc.fr.WriteData(cs.ID, sentEnd, data) 7760 if err == nil { 7761 // TODO(bradfitz): this flush is for latency, not bandwidth. 7762 // Most requests won't need this. Make this opt-in or 7763 // opt-out? Use some heuristic on the body type? Nagel-like 7764 // timers? Based on 'n'? Only last chunk of this for loop, 7765 // unless flow control tokens are low? For now, always. 7766 // If we change this, see comment below. 7767 err = cc.bw.Flush() 7768 } 7769 cc.wmu.Unlock() 7770 } 7771 if err != nil { 7772 return err 7773 } 7774 } 7775 7776 if sentEnd { 7777 // Already sent END_STREAM (which implies we have no 7778 // trailers) and flushed, because currently all 7779 // WriteData frames above get a flush. So we're done. 7780 return nil 7781 } 7782 7783 var trls []byte 7784 if hasTrailers { 7785 cc.mu.Lock() 7786 trls, err = cc.encodeTrailers(req) 7787 cc.mu.Unlock() 7788 if err != nil { 7789 cc.writeStreamReset(cs.ID, http2ErrCodeInternal, err) 7790 cc.forgetStreamID(cs.ID) 7791 return err 7792 } 7793 } 7794 7795 cc.mu.Lock() 7796 maxFrameSize := int(cc.maxFrameSize) 7797 cc.mu.Unlock() 7798 7799 cc.wmu.Lock() 7800 defer cc.wmu.Unlock() 7801 7802 // Two ways to send END_STREAM: either with trailers, or 7803 // with an empty DATA frame. 7804 if len(trls) > 0 { 7805 err = cc.writeHeaders(cs.ID, true, maxFrameSize, trls) 7806 } else { 7807 err = cc.fr.WriteData(cs.ID, true, nil) 7808 } 7809 if ferr := cc.bw.Flush(); ferr != nil && err == nil { 7810 err = ferr 7811 } 7812 return err 7813 } 7814 7815 // awaitFlowControl waits for [1, min(maxBytes, cc.cs.maxFrameSize)] flow 7816 // control tokens from the server. 7817 // It returns either the non-zero number of tokens taken or an error 7818 // if the stream is dead. 7819 func (cs *http2clientStream) awaitFlowControl(maxBytes int) (taken int32, err error) { 7820 cc := cs.cc 7821 cc.mu.Lock() 7822 defer cc.mu.Unlock() 7823 for { 7824 if cc.closed { 7825 return 0, http2errClientConnClosed 7826 } 7827 if cs.stopReqBody != nil { 7828 return 0, cs.stopReqBody 7829 } 7830 if err := cs.checkResetOrDone(); err != nil { 7831 return 0, err 7832 } 7833 if a := cs.flow.available(); a > 0 { 7834 take := a 7835 if int(take) > maxBytes { 7836 7837 take = int32(maxBytes) // can't truncate int; take is int32 7838 } 7839 if take > int32(cc.maxFrameSize) { 7840 take = int32(cc.maxFrameSize) 7841 } 7842 cs.flow.take(take) 7843 return take, nil 7844 } 7845 cc.cond.Wait() 7846 } 7847 } 7848 7849 type http2badStringError struct { 7850 what string 7851 str string 7852 } 7853 7854 func (e *http2badStringError) Error() string { return fmt.Sprintf("%s %q", e.what, e.str) } 7855 7856 // requires cc.mu be held. 7857 func (cc *http2ClientConn) encodeHeaders(req *Request, addGzipHeader bool, trailers string, contentLength int64) ([]byte, error) { 7858 cc.hbuf.Reset() 7859 7860 host := req.Host 7861 if host == "" { 7862 host = req.URL.Host 7863 } 7864 host, err := httpguts.PunycodeHostPort(host) 7865 if err != nil { 7866 return nil, err 7867 } 7868 7869 var path string 7870 if req.Method != "CONNECT" { 7871 path = req.URL.RequestURI() 7872 if !http2validPseudoPath(path) { 7873 orig := path 7874 path = strings.TrimPrefix(path, req.URL.Scheme+"://"+host) 7875 if !http2validPseudoPath(path) { 7876 if req.URL.Opaque != "" { 7877 return nil, fmt.Errorf("invalid request :path %q from URL.Opaque = %q", orig, req.URL.Opaque) 7878 } else { 7879 return nil, fmt.Errorf("invalid request :path %q", orig) 7880 } 7881 } 7882 } 7883 } 7884 7885 // Check for any invalid headers and return an error before we 7886 // potentially pollute our hpack state. (We want to be able to 7887 // continue to reuse the hpack encoder for future requests) 7888 for k, vv := range req.Header { 7889 if !httpguts.ValidHeaderFieldName(k) { 7890 return nil, fmt.Errorf("invalid HTTP header name %q", k) 7891 } 7892 for _, v := range vv { 7893 if !httpguts.ValidHeaderFieldValue(v) { 7894 return nil, fmt.Errorf("invalid HTTP header value %q for header %q", v, k) 7895 } 7896 } 7897 } 7898 7899 enumerateHeaders := func(f func(name, value string)) { 7900 // 8.1.2.3 Request Pseudo-Header Fields 7901 // The :path pseudo-header field includes the path and query parts of the 7902 // target URI (the path-absolute production and optionally a '?' character 7903 // followed by the query production (see Sections 3.3 and 3.4 of 7904 // [RFC3986]). 7905 f(":authority", host) 7906 m := req.Method 7907 if m == "" { 7908 m = MethodGet 7909 } 7910 f(":method", m) 7911 if req.Method != "CONNECT" { 7912 f(":path", path) 7913 f(":scheme", req.URL.Scheme) 7914 } 7915 if trailers != "" { 7916 f("trailer", trailers) 7917 } 7918 7919 var didUA bool 7920 for k, vv := range req.Header { 7921 if strings.EqualFold(k, "host") || strings.EqualFold(k, "content-length") { 7922 // Host is :authority, already sent. 7923 // Content-Length is automatic, set below. 7924 continue 7925 } else if strings.EqualFold(k, "connection") || strings.EqualFold(k, "proxy-connection") || 7926 strings.EqualFold(k, "transfer-encoding") || strings.EqualFold(k, "upgrade") || 7927 strings.EqualFold(k, "keep-alive") { 7928 // Per 8.1.2.2 Connection-Specific Header 7929 // Fields, don't send connection-specific 7930 // fields. We have already checked if any 7931 // are error-worthy so just ignore the rest. 7932 continue 7933 } else if strings.EqualFold(k, "user-agent") { 7934 // Match Go's http1 behavior: at most one 7935 // User-Agent. If set to nil or empty string, 7936 // then omit it. Otherwise if not mentioned, 7937 // include the default (below). 7938 didUA = true 7939 if len(vv) < 1 { 7940 continue 7941 } 7942 vv = vv[:1] 7943 if vv[0] == "" { 7944 continue 7945 } 7946 7947 } 7948 7949 for _, v := range vv { 7950 f(k, v) 7951 } 7952 } 7953 if http2shouldSendReqContentLength(req.Method, contentLength) { 7954 f("content-length", strconv.FormatInt(contentLength, 10)) 7955 } 7956 if addGzipHeader { 7957 f("accept-encoding", "gzip") 7958 } 7959 if !didUA { 7960 f("user-agent", http2defaultUserAgent) 7961 } 7962 } 7963 7964 // Do a first pass over the headers counting bytes to ensure 7965 // we don't exceed cc.peerMaxHeaderListSize. This is done as a 7966 // separate pass before encoding the headers to prevent 7967 // modifying the hpack state. 7968 hlSize := uint64(0) 7969 enumerateHeaders(func(name, value string) { 7970 hf := hpack.HeaderField{Name: name, Value: value} 7971 hlSize += uint64(hf.Size()) 7972 }) 7973 7974 if hlSize > cc.peerMaxHeaderListSize { 7975 return nil, http2errRequestHeaderListSize 7976 } 7977 7978 trace := httptrace.ContextClientTrace(req.Context()) 7979 traceHeaders := http2traceHasWroteHeaderField(trace) 7980 7981 // Header list size is ok. Write the headers. 7982 enumerateHeaders(func(name, value string) { 7983 name = strings.ToLower(name) 7984 cc.writeHeader(name, value) 7985 if traceHeaders { 7986 http2traceWroteHeaderField(trace, name, value) 7987 } 7988 }) 7989 7990 return cc.hbuf.Bytes(), nil 7991 } 7992 7993 // shouldSendReqContentLength reports whether the http2.Transport should send 7994 // a "content-length" request header. This logic is basically a copy of the net/http 7995 // transferWriter.shouldSendContentLength. 7996 // The contentLength is the corrected contentLength (so 0 means actually 0, not unknown). 7997 // -1 means unknown. 7998 func http2shouldSendReqContentLength(method string, contentLength int64) bool { 7999 if contentLength > 0 { 8000 return true 8001 } 8002 if contentLength < 0 { 8003 return false 8004 } 8005 // For zero bodies, whether we send a content-length depends on the method. 8006 // It also kinda doesn't matter for http2 either way, with END_STREAM. 8007 switch method { 8008 case "POST", "PUT", "PATCH": 8009 return true 8010 default: 8011 return false 8012 } 8013 } 8014 8015 // requires cc.mu be held. 8016 func (cc *http2ClientConn) encodeTrailers(req *Request) ([]byte, error) { 8017 cc.hbuf.Reset() 8018 8019 hlSize := uint64(0) 8020 for k, vv := range req.Trailer { 8021 for _, v := range vv { 8022 hf := hpack.HeaderField{Name: k, Value: v} 8023 hlSize += uint64(hf.Size()) 8024 } 8025 } 8026 if hlSize > cc.peerMaxHeaderListSize { 8027 return nil, http2errRequestHeaderListSize 8028 } 8029 8030 for k, vv := range req.Trailer { 8031 // Transfer-Encoding, etc.. have already been filtered at the 8032 // start of RoundTrip 8033 lowKey := strings.ToLower(k) 8034 for _, v := range vv { 8035 cc.writeHeader(lowKey, v) 8036 } 8037 } 8038 return cc.hbuf.Bytes(), nil 8039 } 8040 8041 func (cc *http2ClientConn) writeHeader(name, value string) { 8042 if http2VerboseLogs { 8043 log.Printf("http2: Transport encoding header %q = %q", name, value) 8044 } 8045 cc.henc.WriteField(hpack.HeaderField{Name: name, Value: value}) 8046 } 8047 8048 type http2resAndError struct { 8049 res *Response 8050 err error 8051 } 8052 8053 // requires cc.mu be held. 8054 func (cc *http2ClientConn) newStream() *http2clientStream { 8055 cs := &http2clientStream{ 8056 cc: cc, 8057 ID: cc.nextStreamID, 8058 resc: make(chan http2resAndError, 1), 8059 peerReset: make(chan struct{}), 8060 done: make(chan struct{}), 8061 } 8062 cs.flow.add(int32(cc.initialWindowSize)) 8063 cs.flow.setConnFlow(&cc.flow) 8064 cs.inflow.add(http2transportDefaultStreamFlow) 8065 cs.inflow.setConnFlow(&cc.inflow) 8066 cc.nextStreamID += 2 8067 cc.streams[cs.ID] = cs 8068 return cs 8069 } 8070 8071 func (cc *http2ClientConn) forgetStreamID(id uint32) { 8072 cc.streamByID(id, true) 8073 } 8074 8075 func (cc *http2ClientConn) streamByID(id uint32, andRemove bool) *http2clientStream { 8076 cc.mu.Lock() 8077 defer cc.mu.Unlock() 8078 cs := cc.streams[id] 8079 if andRemove && cs != nil && !cc.closed { 8080 cc.lastActive = time.Now() 8081 delete(cc.streams, id) 8082 if len(cc.streams) == 0 && cc.idleTimer != nil { 8083 cc.idleTimer.Reset(cc.idleTimeout) 8084 } 8085 close(cs.done) 8086 // Wake up checkResetOrDone via clientStream.awaitFlowControl and 8087 // wake up RoundTrip if there is a pending request. 8088 cc.cond.Broadcast() 8089 } 8090 return cs 8091 } 8092 8093 // clientConnReadLoop is the state owned by the clientConn's frame-reading readLoop. 8094 type http2clientConnReadLoop struct { 8095 cc *http2ClientConn 8096 closeWhenIdle bool 8097 } 8098 8099 // readLoop runs in its own goroutine and reads and dispatches frames. 8100 func (cc *http2ClientConn) readLoop() { 8101 rl := &http2clientConnReadLoop{cc: cc} 8102 defer rl.cleanup() 8103 cc.readerErr = rl.run() 8104 if ce, ok := cc.readerErr.(http2ConnectionError); ok { 8105 cc.wmu.Lock() 8106 cc.fr.WriteGoAway(0, http2ErrCode(ce), nil) 8107 cc.wmu.Unlock() 8108 } 8109 } 8110 8111 // GoAwayError is returned by the Transport when the server closes the 8112 // TCP connection after sending a GOAWAY frame. 8113 type http2GoAwayError struct { 8114 LastStreamID uint32 8115 ErrCode http2ErrCode 8116 DebugData string 8117 } 8118 8119 func (e http2GoAwayError) Error() string { 8120 return fmt.Sprintf("http2: server sent GOAWAY and closed the connection; LastStreamID=%v, ErrCode=%v, debug=%q", 8121 e.LastStreamID, e.ErrCode, e.DebugData) 8122 } 8123 8124 func http2isEOFOrNetReadError(err error) bool { 8125 if err == io.EOF { 8126 return true 8127 } 8128 ne, ok := err.(*net.OpError) 8129 return ok && ne.Op == "read" 8130 } 8131 8132 func (rl *http2clientConnReadLoop) cleanup() { 8133 cc := rl.cc 8134 defer cc.tconn.Close() 8135 defer cc.t.connPool().MarkDead(cc) 8136 defer close(cc.readerDone) 8137 8138 if cc.idleTimer != nil { 8139 cc.idleTimer.Stop() 8140 } 8141 8142 // Close any response bodies if the server closes prematurely. 8143 // TODO: also do this if we've written the headers but not 8144 // gotten a response yet. 8145 err := cc.readerErr 8146 cc.mu.Lock() 8147 if cc.goAway != nil && http2isEOFOrNetReadError(err) { 8148 err = http2GoAwayError{ 8149 LastStreamID: cc.goAway.LastStreamID, 8150 ErrCode: cc.goAway.ErrCode, 8151 DebugData: cc.goAwayDebug, 8152 } 8153 } else if err == io.EOF { 8154 err = io.ErrUnexpectedEOF 8155 } 8156 for _, cs := range cc.streams { 8157 cs.bufPipe.CloseWithError(err) // no-op if already closed 8158 select { 8159 case cs.resc <- http2resAndError{err: err}: 8160 default: 8161 } 8162 close(cs.done) 8163 } 8164 cc.closed = true 8165 cc.cond.Broadcast() 8166 cc.mu.Unlock() 8167 } 8168 8169 func (rl *http2clientConnReadLoop) run() error { 8170 cc := rl.cc 8171 rl.closeWhenIdle = cc.t.disableKeepAlives() || cc.singleUse 8172 gotReply := false // ever saw a HEADERS reply 8173 gotSettings := false 8174 for { 8175 f, err := cc.fr.ReadFrame() 8176 if err != nil { 8177 cc.vlogf("http2: Transport readFrame error on conn %p: (%T) %v", cc, err, err) 8178 } 8179 if se, ok := err.(http2StreamError); ok { 8180 if cs := cc.streamByID(se.StreamID, false); cs != nil { 8181 cs.cc.writeStreamReset(cs.ID, se.Code, err) 8182 cs.cc.forgetStreamID(cs.ID) 8183 if se.Cause == nil { 8184 se.Cause = cc.fr.errDetail 8185 } 8186 rl.endStreamError(cs, se) 8187 } 8188 continue 8189 } else if err != nil { 8190 return err 8191 } 8192 if http2VerboseLogs { 8193 cc.vlogf("http2: Transport received %s", http2summarizeFrame(f)) 8194 } 8195 if !gotSettings { 8196 if _, ok := f.(*http2SettingsFrame); !ok { 8197 cc.logf("protocol error: received %T before a SETTINGS frame", f) 8198 return http2ConnectionError(http2ErrCodeProtocol) 8199 } 8200 gotSettings = true 8201 } 8202 maybeIdle := false // whether frame might transition us to idle 8203 8204 switch f := f.(type) { 8205 case *http2MetaHeadersFrame: 8206 err = rl.processHeaders(f) 8207 maybeIdle = true 8208 gotReply = true 8209 case *http2DataFrame: 8210 err = rl.processData(f) 8211 maybeIdle = true 8212 case *http2GoAwayFrame: 8213 err = rl.processGoAway(f) 8214 maybeIdle = true 8215 case *http2RSTStreamFrame: 8216 err = rl.processResetStream(f) 8217 maybeIdle = true 8218 case *http2SettingsFrame: 8219 err = rl.processSettings(f) 8220 case *http2PushPromiseFrame: 8221 err = rl.processPushPromise(f) 8222 case *http2WindowUpdateFrame: 8223 err = rl.processWindowUpdate(f) 8224 case *http2PingFrame: 8225 err = rl.processPing(f) 8226 default: 8227 cc.logf("Transport: unhandled response frame type %T", f) 8228 } 8229 if err != nil { 8230 if http2VerboseLogs { 8231 cc.vlogf("http2: Transport conn %p received error from processing frame %v: %v", cc, http2summarizeFrame(f), err) 8232 } 8233 return err 8234 } 8235 if rl.closeWhenIdle && gotReply && maybeIdle { 8236 cc.closeIfIdle() 8237 } 8238 } 8239 } 8240 8241 func (rl *http2clientConnReadLoop) processHeaders(f *http2MetaHeadersFrame) error { 8242 cc := rl.cc 8243 cs := cc.streamByID(f.StreamID, false) 8244 if cs == nil { 8245 // We'd get here if we canceled a request while the 8246 // server had its response still in flight. So if this 8247 // was just something we canceled, ignore it. 8248 return nil 8249 } 8250 if f.StreamEnded() { 8251 // Issue 20521: If the stream has ended, streamByID() causes 8252 // clientStream.done to be closed, which causes the request's bodyWriter 8253 // to be closed with an errStreamClosed, which may be received by 8254 // clientConn.RoundTrip before the result of processing these headers. 8255 // Deferring stream closure allows the header processing to occur first. 8256 // clientConn.RoundTrip may still receive the bodyWriter error first, but 8257 // the fix for issue 16102 prioritises any response. 8258 // 8259 // Issue 22413: If there is no request body, we should close the 8260 // stream before writing to cs.resc so that the stream is closed 8261 // immediately once RoundTrip returns. 8262 if cs.req.Body != nil { 8263 defer cc.forgetStreamID(f.StreamID) 8264 } else { 8265 cc.forgetStreamID(f.StreamID) 8266 } 8267 } 8268 if !cs.firstByte { 8269 if cs.trace != nil { 8270 // TODO(bradfitz): move first response byte earlier, 8271 // when we first read the 9 byte header, not waiting 8272 // until all the HEADERS+CONTINUATION frames have been 8273 // merged. This works for now. 8274 http2traceFirstResponseByte(cs.trace) 8275 } 8276 cs.firstByte = true 8277 } 8278 if !cs.pastHeaders { 8279 cs.pastHeaders = true 8280 } else { 8281 return rl.processTrailers(cs, f) 8282 } 8283 8284 res, err := rl.handleResponse(cs, f) 8285 if err != nil { 8286 if _, ok := err.(http2ConnectionError); ok { 8287 return err 8288 } 8289 // Any other error type is a stream error. 8290 cs.cc.writeStreamReset(f.StreamID, http2ErrCodeProtocol, err) 8291 cc.forgetStreamID(cs.ID) 8292 cs.resc <- http2resAndError{err: err} 8293 return nil // return nil from process* funcs to keep conn alive 8294 } 8295 if res == nil { 8296 // (nil, nil) special case. See handleResponse docs. 8297 return nil 8298 } 8299 cs.resTrailer = &res.Trailer 8300 cs.resc <- http2resAndError{res: res} 8301 return nil 8302 } 8303 8304 // may return error types nil, or ConnectionError. Any other error value 8305 // is a StreamError of type ErrCodeProtocol. The returned error in that case 8306 // is the detail. 8307 // 8308 // As a special case, handleResponse may return (nil, nil) to skip the 8309 // frame (currently only used for 1xx responses). 8310 func (rl *http2clientConnReadLoop) handleResponse(cs *http2clientStream, f *http2MetaHeadersFrame) (*Response, error) { 8311 if f.Truncated { 8312 return nil, http2errResponseHeaderListSize 8313 } 8314 8315 status := f.PseudoValue("status") 8316 if status == "" { 8317 return nil, errors.New("malformed response from server: missing status pseudo header") 8318 } 8319 statusCode, err := strconv.Atoi(status) 8320 if err != nil { 8321 return nil, errors.New("malformed response from server: malformed non-numeric status pseudo header") 8322 } 8323 8324 header := make(Header) 8325 res := &Response{ 8326 Proto: "HTTP/2.0", 8327 ProtoMajor: 2, 8328 Header: header, 8329 StatusCode: statusCode, 8330 Status: status + " " + StatusText(statusCode), 8331 } 8332 for _, hf := range f.RegularFields() { 8333 key := CanonicalHeaderKey(hf.Name) 8334 if key == "Trailer" { 8335 t := res.Trailer 8336 if t == nil { 8337 t = make(Header) 8338 res.Trailer = t 8339 } 8340 http2foreachHeaderElement(hf.Value, func(v string) { 8341 t[CanonicalHeaderKey(v)] = nil 8342 }) 8343 } else { 8344 header[key] = append(header[key], hf.Value) 8345 } 8346 } 8347 8348 if statusCode >= 100 && statusCode <= 199 { 8349 cs.num1xx++ 8350 const max1xxResponses = 5 // arbitrary bound on number of informational responses, same as net/http 8351 if cs.num1xx > max1xxResponses { 8352 return nil, errors.New("http2: too many 1xx informational responses") 8353 } 8354 if fn := cs.get1xxTraceFunc(); fn != nil { 8355 if err := fn(statusCode, textproto.MIMEHeader(header)); err != nil { 8356 return nil, err 8357 } 8358 } 8359 if statusCode == 100 { 8360 http2traceGot100Continue(cs.trace) 8361 if cs.on100 != nil { 8362 cs.on100() // forces any write delay timer to fire 8363 } 8364 } 8365 cs.pastHeaders = false // do it all again 8366 return nil, nil 8367 } 8368 8369 streamEnded := f.StreamEnded() 8370 isHead := cs.req.Method == "HEAD" 8371 if !streamEnded || isHead { 8372 res.ContentLength = -1 8373 if clens := res.Header["Content-Length"]; len(clens) == 1 { 8374 if clen64, err := strconv.ParseInt(clens[0], 10, 64); err == nil { 8375 res.ContentLength = clen64 8376 } else { 8377 // TODO: care? unlike http/1, it won't mess up our framing, so it's 8378 // more safe smuggling-wise to ignore. 8379 } 8380 } else if len(clens) > 1 { 8381 // TODO: care? unlike http/1, it won't mess up our framing, so it's 8382 // more safe smuggling-wise to ignore. 8383 } 8384 } 8385 8386 if streamEnded || isHead { 8387 res.Body = http2noBody 8388 return res, nil 8389 } 8390 8391 cs.bufPipe = http2pipe{b: &http2dataBuffer{expected: res.ContentLength}} 8392 cs.bytesRemain = res.ContentLength 8393 res.Body = http2transportResponseBody{cs} 8394 go cs.awaitRequestCancel(cs.req) 8395 8396 if cs.requestedGzip && res.Header.Get("Content-Encoding") == "gzip" { 8397 res.Header.Del("Content-Encoding") 8398 res.Header.Del("Content-Length") 8399 res.ContentLength = -1 8400 res.Body = &http2gzipReader{body: res.Body} 8401 res.Uncompressed = true 8402 } 8403 return res, nil 8404 } 8405 8406 func (rl *http2clientConnReadLoop) processTrailers(cs *http2clientStream, f *http2MetaHeadersFrame) error { 8407 if cs.pastTrailers { 8408 // Too many HEADERS frames for this stream. 8409 return http2ConnectionError(http2ErrCodeProtocol) 8410 } 8411 cs.pastTrailers = true 8412 if !f.StreamEnded() { 8413 // We expect that any headers for trailers also 8414 // has END_STREAM. 8415 return http2ConnectionError(http2ErrCodeProtocol) 8416 } 8417 if len(f.PseudoFields()) > 0 { 8418 // No pseudo header fields are defined for trailers. 8419 // TODO: ConnectionError might be overly harsh? Check. 8420 return http2ConnectionError(http2ErrCodeProtocol) 8421 } 8422 8423 trailer := make(Header) 8424 for _, hf := range f.RegularFields() { 8425 key := CanonicalHeaderKey(hf.Name) 8426 trailer[key] = append(trailer[key], hf.Value) 8427 } 8428 cs.trailer = trailer 8429 8430 rl.endStream(cs) 8431 return nil 8432 } 8433 8434 // transportResponseBody is the concrete type of Transport.RoundTrip's 8435 // Response.Body. It is an io.ReadCloser. On Read, it reads from cs.body. 8436 // On Close it sends RST_STREAM if EOF wasn't already seen. 8437 type http2transportResponseBody struct { 8438 cs *http2clientStream 8439 } 8440 8441 func (b http2transportResponseBody) Read(p []byte) (n int, err error) { 8442 cs := b.cs 8443 cc := cs.cc 8444 8445 if cs.readErr != nil { 8446 return 0, cs.readErr 8447 } 8448 n, err = b.cs.bufPipe.Read(p) 8449 if cs.bytesRemain != -1 { 8450 if int64(n) > cs.bytesRemain { 8451 n = int(cs.bytesRemain) 8452 if err == nil { 8453 err = errors.New("net/http: server replied with more than declared Content-Length; truncated") 8454 cc.writeStreamReset(cs.ID, http2ErrCodeProtocol, err) 8455 } 8456 cs.readErr = err 8457 return int(cs.bytesRemain), err 8458 } 8459 cs.bytesRemain -= int64(n) 8460 if err == io.EOF && cs.bytesRemain > 0 { 8461 err = io.ErrUnexpectedEOF 8462 cs.readErr = err 8463 return n, err 8464 } 8465 } 8466 if n == 0 { 8467 // No flow control tokens to send back. 8468 return 8469 } 8470 8471 cc.mu.Lock() 8472 defer cc.mu.Unlock() 8473 8474 var connAdd, streamAdd int32 8475 // Check the conn-level first, before the stream-level. 8476 if v := cc.inflow.available(); v < http2transportDefaultConnFlow/2 { 8477 connAdd = http2transportDefaultConnFlow - v 8478 cc.inflow.add(connAdd) 8479 } 8480 if err == nil { // No need to refresh if the stream is over or failed. 8481 // Consider any buffered body data (read from the conn but not 8482 // consumed by the client) when computing flow control for this 8483 // stream. 8484 v := int(cs.inflow.available()) + cs.bufPipe.Len() 8485 if v < http2transportDefaultStreamFlow-http2transportDefaultStreamMinRefresh { 8486 streamAdd = int32(http2transportDefaultStreamFlow - v) 8487 cs.inflow.add(streamAdd) 8488 } 8489 } 8490 if connAdd != 0 || streamAdd != 0 { 8491 cc.wmu.Lock() 8492 defer cc.wmu.Unlock() 8493 if connAdd != 0 { 8494 cc.fr.WriteWindowUpdate(0, http2mustUint31(connAdd)) 8495 } 8496 if streamAdd != 0 { 8497 cc.fr.WriteWindowUpdate(cs.ID, http2mustUint31(streamAdd)) 8498 } 8499 cc.bw.Flush() 8500 } 8501 return 8502 } 8503 8504 var http2errClosedResponseBody = errors.New("http2: response body closed") 8505 8506 func (b http2transportResponseBody) Close() error { 8507 cs := b.cs 8508 cc := cs.cc 8509 8510 serverSentStreamEnd := cs.bufPipe.Err() == io.EOF 8511 unread := cs.bufPipe.Len() 8512 8513 if unread > 0 || !serverSentStreamEnd { 8514 cc.mu.Lock() 8515 cc.wmu.Lock() 8516 if !serverSentStreamEnd { 8517 cc.fr.WriteRSTStream(cs.ID, http2ErrCodeCancel) 8518 cs.didReset = true 8519 } 8520 // Return connection-level flow control. 8521 if unread > 0 { 8522 cc.inflow.add(int32(unread)) 8523 cc.fr.WriteWindowUpdate(0, uint32(unread)) 8524 } 8525 cc.bw.Flush() 8526 cc.wmu.Unlock() 8527 cc.mu.Unlock() 8528 } 8529 8530 cs.bufPipe.BreakWithError(http2errClosedResponseBody) 8531 cc.forgetStreamID(cs.ID) 8532 return nil 8533 } 8534 8535 func (rl *http2clientConnReadLoop) processData(f *http2DataFrame) error { 8536 cc := rl.cc 8537 cs := cc.streamByID(f.StreamID, f.StreamEnded()) 8538 data := f.Data() 8539 if cs == nil { 8540 cc.mu.Lock() 8541 neverSent := cc.nextStreamID 8542 cc.mu.Unlock() 8543 if f.StreamID >= neverSent { 8544 // We never asked for this. 8545 cc.logf("http2: Transport received unsolicited DATA frame; closing connection") 8546 return http2ConnectionError(http2ErrCodeProtocol) 8547 } 8548 // We probably did ask for this, but canceled. Just ignore it. 8549 // TODO: be stricter here? only silently ignore things which 8550 // we canceled, but not things which were closed normally 8551 // by the peer? Tough without accumulating too much state. 8552 8553 // But at least return their flow control: 8554 if f.Length > 0 { 8555 cc.mu.Lock() 8556 cc.inflow.add(int32(f.Length)) 8557 cc.mu.Unlock() 8558 8559 cc.wmu.Lock() 8560 cc.fr.WriteWindowUpdate(0, uint32(f.Length)) 8561 cc.bw.Flush() 8562 cc.wmu.Unlock() 8563 } 8564 return nil 8565 } 8566 if !cs.firstByte { 8567 cc.logf("protocol error: received DATA before a HEADERS frame") 8568 rl.endStreamError(cs, http2StreamError{ 8569 StreamID: f.StreamID, 8570 Code: http2ErrCodeProtocol, 8571 }) 8572 return nil 8573 } 8574 if f.Length > 0 { 8575 if cs.req.Method == "HEAD" && len(data) > 0 { 8576 cc.logf("protocol error: received DATA on a HEAD request") 8577 rl.endStreamError(cs, http2StreamError{ 8578 StreamID: f.StreamID, 8579 Code: http2ErrCodeProtocol, 8580 }) 8581 return nil 8582 } 8583 // Check connection-level flow control. 8584 cc.mu.Lock() 8585 if cs.inflow.available() >= int32(f.Length) { 8586 cs.inflow.take(int32(f.Length)) 8587 } else { 8588 cc.mu.Unlock() 8589 return http2ConnectionError(http2ErrCodeFlowControl) 8590 } 8591 // Return any padded flow control now, since we won't 8592 // refund it later on body reads. 8593 var refund int 8594 if pad := int(f.Length) - len(data); pad > 0 { 8595 refund += pad 8596 } 8597 // Return len(data) now if the stream is already closed, 8598 // since data will never be read. 8599 didReset := cs.didReset 8600 if didReset { 8601 refund += len(data) 8602 } 8603 if refund > 0 { 8604 cc.inflow.add(int32(refund)) 8605 cc.wmu.Lock() 8606 cc.fr.WriteWindowUpdate(0, uint32(refund)) 8607 if !didReset { 8608 cs.inflow.add(int32(refund)) 8609 cc.fr.WriteWindowUpdate(cs.ID, uint32(refund)) 8610 } 8611 cc.bw.Flush() 8612 cc.wmu.Unlock() 8613 } 8614 cc.mu.Unlock() 8615 8616 if len(data) > 0 && !didReset { 8617 if _, err := cs.bufPipe.Write(data); err != nil { 8618 rl.endStreamError(cs, err) 8619 return err 8620 } 8621 } 8622 } 8623 8624 if f.StreamEnded() { 8625 rl.endStream(cs) 8626 } 8627 return nil 8628 } 8629 8630 var http2errInvalidTrailers = errors.New("http2: invalid trailers") 8631 8632 func (rl *http2clientConnReadLoop) endStream(cs *http2clientStream) { 8633 // TODO: check that any declared content-length matches, like 8634 // server.go's (*stream).endStream method. 8635 rl.endStreamError(cs, nil) 8636 } 8637 8638 func (rl *http2clientConnReadLoop) endStreamError(cs *http2clientStream, err error) { 8639 var code func() 8640 if err == nil { 8641 err = io.EOF 8642 code = cs.copyTrailers 8643 } 8644 if http2isConnectionCloseRequest(cs.req) { 8645 rl.closeWhenIdle = true 8646 } 8647 cs.bufPipe.closeWithErrorAndCode(err, code) 8648 8649 select { 8650 case cs.resc <- http2resAndError{err: err}: 8651 default: 8652 } 8653 } 8654 8655 func (cs *http2clientStream) copyTrailers() { 8656 for k, vv := range cs.trailer { 8657 t := cs.resTrailer 8658 if *t == nil { 8659 *t = make(Header) 8660 } 8661 (*t)[k] = vv 8662 } 8663 } 8664 8665 func (rl *http2clientConnReadLoop) processGoAway(f *http2GoAwayFrame) error { 8666 cc := rl.cc 8667 cc.t.connPool().MarkDead(cc) 8668 if f.ErrCode != 0 { 8669 // TODO: deal with GOAWAY more. particularly the error code 8670 cc.vlogf("transport got GOAWAY with error code = %v", f.ErrCode) 8671 } 8672 cc.setGoAway(f) 8673 return nil 8674 } 8675 8676 func (rl *http2clientConnReadLoop) processSettings(f *http2SettingsFrame) error { 8677 cc := rl.cc 8678 cc.mu.Lock() 8679 defer cc.mu.Unlock() 8680 8681 if f.IsAck() { 8682 if cc.wantSettingsAck { 8683 cc.wantSettingsAck = false 8684 return nil 8685 } 8686 return http2ConnectionError(http2ErrCodeProtocol) 8687 } 8688 8689 err := f.ForeachSetting(func(s http2Setting) error { 8690 switch s.ID { 8691 case http2SettingMaxFrameSize: 8692 cc.maxFrameSize = s.Val 8693 case http2SettingMaxConcurrentStreams: 8694 cc.maxConcurrentStreams = s.Val 8695 case http2SettingMaxHeaderListSize: 8696 cc.peerMaxHeaderListSize = uint64(s.Val) 8697 case http2SettingInitialWindowSize: 8698 // Values above the maximum flow-control 8699 // window size of 2^31-1 MUST be treated as a 8700 // connection error (Section 5.4.1) of type 8701 // FLOW_CONTROL_ERROR. 8702 if s.Val > math.MaxInt32 { 8703 return http2ConnectionError(http2ErrCodeFlowControl) 8704 } 8705 8706 // Adjust flow control of currently-open 8707 // frames by the difference of the old initial 8708 // window size and this one. 8709 delta := int32(s.Val) - int32(cc.initialWindowSize) 8710 for _, cs := range cc.streams { 8711 cs.flow.add(delta) 8712 } 8713 cc.cond.Broadcast() 8714 8715 cc.initialWindowSize = s.Val 8716 default: 8717 // TODO(bradfitz): handle more settings? SETTINGS_HEADER_TABLE_SIZE probably. 8718 cc.vlogf("Unhandled Setting: %v", s) 8719 } 8720 return nil 8721 }) 8722 if err != nil { 8723 return err 8724 } 8725 8726 cc.wmu.Lock() 8727 defer cc.wmu.Unlock() 8728 8729 cc.fr.WriteSettingsAck() 8730 cc.bw.Flush() 8731 return cc.werr 8732 } 8733 8734 func (rl *http2clientConnReadLoop) processWindowUpdate(f *http2WindowUpdateFrame) error { 8735 cc := rl.cc 8736 cs := cc.streamByID(f.StreamID, false) 8737 if f.StreamID != 0 && cs == nil { 8738 return nil 8739 } 8740 8741 cc.mu.Lock() 8742 defer cc.mu.Unlock() 8743 8744 fl := &cc.flow 8745 if cs != nil { 8746 fl = &cs.flow 8747 } 8748 if !fl.add(int32(f.Increment)) { 8749 return http2ConnectionError(http2ErrCodeFlowControl) 8750 } 8751 cc.cond.Broadcast() 8752 return nil 8753 } 8754 8755 func (rl *http2clientConnReadLoop) processResetStream(f *http2RSTStreamFrame) error { 8756 cs := rl.cc.streamByID(f.StreamID, true) 8757 if cs == nil { 8758 // TODO: return error if server tries to RST_STEAM an idle stream 8759 return nil 8760 } 8761 select { 8762 case <-cs.peerReset: 8763 // Already reset. 8764 // This is the only goroutine 8765 // which closes this, so there 8766 // isn't a race. 8767 default: 8768 err := http2streamError(cs.ID, f.ErrCode) 8769 cs.resetErr = err 8770 close(cs.peerReset) 8771 cs.bufPipe.CloseWithError(err) 8772 cs.cc.cond.Broadcast() // wake up checkResetOrDone via clientStream.awaitFlowControl 8773 } 8774 return nil 8775 } 8776 8777 // Ping sends a PING frame to the server and waits for the ack. 8778 func (cc *http2ClientConn) Ping(ctx context.Context) error { 8779 c := make(chan struct{}) 8780 // Generate a random payload 8781 var p [8]byte 8782 for { 8783 if _, err := rand.Read(p[:]); err != nil { 8784 return err 8785 } 8786 cc.mu.Lock() 8787 // check for dup before insert 8788 if _, found := cc.pings[p]; !found { 8789 cc.pings[p] = c 8790 cc.mu.Unlock() 8791 break 8792 } 8793 cc.mu.Unlock() 8794 } 8795 cc.wmu.Lock() 8796 if err := cc.fr.WritePing(false, p); err != nil { 8797 cc.wmu.Unlock() 8798 return err 8799 } 8800 if err := cc.bw.Flush(); err != nil { 8801 cc.wmu.Unlock() 8802 return err 8803 } 8804 cc.wmu.Unlock() 8805 select { 8806 case <-c: 8807 return nil 8808 case <-ctx.Done(): 8809 return ctx.Err() 8810 case <-cc.readerDone: 8811 // connection closed 8812 return cc.readerErr 8813 } 8814 } 8815 8816 func (rl *http2clientConnReadLoop) processPing(f *http2PingFrame) error { 8817 if f.IsAck() { 8818 cc := rl.cc 8819 cc.mu.Lock() 8820 defer cc.mu.Unlock() 8821 // If ack, notify listener if any 8822 if c, ok := cc.pings[f.Data]; ok { 8823 close(c) 8824 delete(cc.pings, f.Data) 8825 } 8826 return nil 8827 } 8828 cc := rl.cc 8829 cc.wmu.Lock() 8830 defer cc.wmu.Unlock() 8831 if err := cc.fr.WritePing(true, f.Data); err != nil { 8832 return err 8833 } 8834 return cc.bw.Flush() 8835 } 8836 8837 func (rl *http2clientConnReadLoop) processPushPromise(f *http2PushPromiseFrame) error { 8838 // We told the peer we don't want them. 8839 // Spec says: 8840 // "PUSH_PROMISE MUST NOT be sent if the SETTINGS_ENABLE_PUSH 8841 // setting of the peer endpoint is set to 0. An endpoint that 8842 // has set this setting and has received acknowledgement MUST 8843 // treat the receipt of a PUSH_PROMISE frame as a connection 8844 // error (Section 5.4.1) of type PROTOCOL_ERROR." 8845 return http2ConnectionError(http2ErrCodeProtocol) 8846 } 8847 8848 func (cc *http2ClientConn) writeStreamReset(streamID uint32, code http2ErrCode, err error) { 8849 // TODO: map err to more interesting error codes, once the 8850 // HTTP community comes up with some. But currently for 8851 // RST_STREAM there's no equivalent to GOAWAY frame's debug 8852 // data, and the error codes are all pretty vague ("cancel"). 8853 cc.wmu.Lock() 8854 cc.fr.WriteRSTStream(streamID, code) 8855 cc.bw.Flush() 8856 cc.wmu.Unlock() 8857 } 8858 8859 var ( 8860 http2errResponseHeaderListSize = errors.New("http2: response header list larger than advertised limit") 8861 http2errRequestHeaderListSize = errors.New("http2: request header list larger than peer's advertised limit") 8862 http2errPseudoTrailers = errors.New("http2: invalid pseudo header in trailers") 8863 ) 8864 8865 func (cc *http2ClientConn) logf(format string, args ...interface{}) { 8866 cc.t.logf(format, args...) 8867 } 8868 8869 func (cc *http2ClientConn) vlogf(format string, args ...interface{}) { 8870 cc.t.vlogf(format, args...) 8871 } 8872 8873 func (t *http2Transport) vlogf(format string, args ...interface{}) { 8874 if http2VerboseLogs { 8875 t.logf(format, args...) 8876 } 8877 } 8878 8879 func (t *http2Transport) logf(format string, args ...interface{}) { 8880 log.Printf(format, args...) 8881 } 8882 8883 var http2noBody io.ReadCloser = ioutil.NopCloser(bytes.NewReader(nil)) 8884 8885 func http2strSliceContains(ss []string, s string) bool { 8886 for _, v := range ss { 8887 if v == s { 8888 return true 8889 } 8890 } 8891 return false 8892 } 8893 8894 type http2erringRoundTripper struct{ err error } 8895 8896 func (rt http2erringRoundTripper) RoundTrip(*Request) (*Response, error) { return nil, rt.err } 8897 8898 // gzipReader wraps a response body so it can lazily 8899 // call gzip.NewReader on the first call to Read 8900 type http2gzipReader struct { 8901 body io.ReadCloser // underlying Response.Body 8902 zr *gzip.Reader // lazily-initialized gzip reader 8903 zerr error // sticky error 8904 } 8905 8906 func (gz *http2gzipReader) Read(p []byte) (n int, err error) { 8907 if gz.zerr != nil { 8908 return 0, gz.zerr 8909 } 8910 if gz.zr == nil { 8911 gz.zr, err = gzip.NewReader(gz.body) 8912 if err != nil { 8913 gz.zerr = err 8914 return 0, err 8915 } 8916 } 8917 return gz.zr.Read(p) 8918 } 8919 8920 func (gz *http2gzipReader) Close() error { 8921 return gz.body.Close() 8922 } 8923 8924 type http2errorReader struct{ err error } 8925 8926 func (r http2errorReader) Read(p []byte) (int, error) { return 0, r.err } 8927 8928 // bodyWriterState encapsulates various state around the Transport's writing 8929 // of the request body, particularly regarding doing delayed writes of the body 8930 // when the request contains "Expect: 100-continue". 8931 type http2bodyWriterState struct { 8932 cs *http2clientStream 8933 timer *time.Timer // if non-nil, we're doing a delayed write 8934 fnonce *sync.Once // to call fn with 8935 fn func() // the code to run in the goroutine, writing the body 8936 resc chan error // result of fn's execution 8937 delay time.Duration // how long we should delay a delayed write for 8938 } 8939 8940 func (t *http2Transport) getBodyWriterState(cs *http2clientStream, body io.Reader) (s http2bodyWriterState) { 8941 s.cs = cs 8942 if body == nil { 8943 return 8944 } 8945 resc := make(chan error, 1) 8946 s.resc = resc 8947 s.fn = func() { 8948 cs.cc.mu.Lock() 8949 cs.startedWrite = true 8950 cs.cc.mu.Unlock() 8951 resc <- cs.writeRequestBody(body, cs.req.Body) 8952 } 8953 s.delay = t.expectContinueTimeout() 8954 if s.delay == 0 || 8955 !httpguts.HeaderValuesContainsToken( 8956 cs.req.Header["Expect"], 8957 "100-continue") { 8958 return 8959 } 8960 s.fnonce = new(sync.Once) 8961 8962 // Arm the timer with a very large duration, which we'll 8963 // intentionally lower later. It has to be large now because 8964 // we need a handle to it before writing the headers, but the 8965 // s.delay value is defined to not start until after the 8966 // request headers were written. 8967 const hugeDuration = 365 * 24 * time.Hour 8968 s.timer = time.AfterFunc(hugeDuration, func() { 8969 s.fnonce.Do(s.fn) 8970 }) 8971 return 8972 } 8973 8974 func (s http2bodyWriterState) cancel() { 8975 if s.timer != nil { 8976 s.timer.Stop() 8977 } 8978 } 8979 8980 func (s http2bodyWriterState) on100() { 8981 if s.timer == nil { 8982 // If we didn't do a delayed write, ignore the server's 8983 // bogus 100 continue response. 8984 return 8985 } 8986 s.timer.Stop() 8987 go func() { s.fnonce.Do(s.fn) }() 8988 } 8989 8990 // scheduleBodyWrite starts writing the body, either immediately (in 8991 // the common case) or after the delay timeout. It should not be 8992 // called until after the headers have been written. 8993 func (s http2bodyWriterState) scheduleBodyWrite() { 8994 if s.timer == nil { 8995 // We're not doing a delayed write (see 8996 // getBodyWriterState), so just start the writing 8997 // goroutine immediately. 8998 go s.fn() 8999 return 9000 } 9001 http2traceWait100Continue(s.cs.trace) 9002 if s.timer.Stop() { 9003 s.timer.Reset(s.delay) 9004 } 9005 } 9006 9007 // isConnectionCloseRequest reports whether req should use its own 9008 // connection for a single request and then close the connection. 9009 func http2isConnectionCloseRequest(req *Request) bool { 9010 return req.Close || httpguts.HeaderValuesContainsToken(req.Header["Connection"], "close") 9011 } 9012 9013 // registerHTTPSProtocol calls Transport.RegisterProtocol but 9014 // converting panics into errors. 9015 func http2registerHTTPSProtocol(t *Transport, rt http2noDialH2RoundTripper) (err error) { 9016 defer func() { 9017 if e := recover(); e != nil { 9018 err = fmt.Errorf("%v", e) 9019 } 9020 }() 9021 t.RegisterProtocol("https", rt) 9022 return nil 9023 } 9024 9025 // noDialH2RoundTripper is a RoundTripper which only tries to complete the request 9026 // if there's already has a cached connection to the host. 9027 // (The field is exported so it can be accessed via reflect from net/http; tested 9028 // by TestNoDialH2RoundTripperType) 9029 type http2noDialH2RoundTripper struct{ *http2Transport } 9030 9031 func (rt http2noDialH2RoundTripper) RoundTrip(req *Request) (*Response, error) { 9032 res, err := rt.http2Transport.RoundTrip(req) 9033 if http2isNoCachedConnError(err) { 9034 return nil, ErrSkipAltProtocol 9035 } 9036 return res, err 9037 } 9038 9039 func (t *http2Transport) idleConnTimeout() time.Duration { 9040 if t.t1 != nil { 9041 return t.t1.IdleConnTimeout 9042 } 9043 return 0 9044 } 9045 9046 func http2traceGetConn(req *Request, hostPort string) { 9047 trace := httptrace.ContextClientTrace(req.Context()) 9048 if trace == nil || trace.GetConn == nil { 9049 return 9050 } 9051 trace.GetConn(hostPort) 9052 } 9053 9054 func http2traceGotConn(req *Request, cc *http2ClientConn, reused bool) { 9055 trace := httptrace.ContextClientTrace(req.Context()) 9056 if trace == nil || trace.GotConn == nil { 9057 return 9058 } 9059 ci := httptrace.GotConnInfo{Conn: cc.tconn} 9060 ci.Reused = reused 9061 cc.mu.Lock() 9062 ci.WasIdle = len(cc.streams) == 0 && reused 9063 if ci.WasIdle && !cc.lastActive.IsZero() { 9064 ci.IdleTime = time.Now().Sub(cc.lastActive) 9065 } 9066 cc.mu.Unlock() 9067 9068 trace.GotConn(ci) 9069 } 9070 9071 func http2traceWroteHeaders(trace *httptrace.ClientTrace) { 9072 if trace != nil && trace.WroteHeaders != nil { 9073 trace.WroteHeaders() 9074 } 9075 } 9076 9077 func http2traceGot100Continue(trace *httptrace.ClientTrace) { 9078 if trace != nil && trace.Got100Continue != nil { 9079 trace.Got100Continue() 9080 } 9081 } 9082 9083 func http2traceWait100Continue(trace *httptrace.ClientTrace) { 9084 if trace != nil && trace.Wait100Continue != nil { 9085 trace.Wait100Continue() 9086 } 9087 } 9088 9089 func http2traceWroteRequest(trace *httptrace.ClientTrace, err error) { 9090 if trace != nil && trace.WroteRequest != nil { 9091 trace.WroteRequest(httptrace.WroteRequestInfo{Err: err}) 9092 } 9093 } 9094 9095 func http2traceFirstResponseByte(trace *httptrace.ClientTrace) { 9096 if trace != nil && trace.GotFirstResponseByte != nil { 9097 trace.GotFirstResponseByte() 9098 } 9099 } 9100 9101 // writeFramer is implemented by any type that is used to write frames. 9102 type http2writeFramer interface { 9103 writeFrame(http2writeContext) error 9104 9105 // staysWithinBuffer reports whether this writer promises that 9106 // it will only write less than or equal to size bytes, and it 9107 // won't Flush the write context. 9108 staysWithinBuffer(size int) bool 9109 } 9110 9111 // writeContext is the interface needed by the various frame writer 9112 // types below. All the writeFrame methods below are scheduled via the 9113 // frame writing scheduler (see writeScheduler in writesched.go). 9114 // 9115 // This interface is implemented by *serverConn. 9116 // 9117 // TODO: decide whether to a) use this in the client code (which didn't 9118 // end up using this yet, because it has a simpler design, not 9119 // currently implementing priorities), or b) delete this and 9120 // make the server code a bit more concrete. 9121 type http2writeContext interface { 9122 Framer() *http2Framer 9123 Flush() error 9124 CloseConn() error 9125 // HeaderEncoder returns an HPACK encoder that writes to the 9126 // returned buffer. 9127 HeaderEncoder() (*hpack.Encoder, *bytes.Buffer) 9128 } 9129 9130 // writeEndsStream reports whether w writes a frame that will transition 9131 // the stream to a half-closed local state. This returns false for RST_STREAM, 9132 // which closes the entire stream (not just the local half). 9133 func http2writeEndsStream(w http2writeFramer) bool { 9134 switch v := w.(type) { 9135 case *http2writeData: 9136 return v.endStream 9137 case *http2writeResHeaders: 9138 return v.endStream 9139 case nil: 9140 // This can only happen if the caller reuses w after it's 9141 // been intentionally nil'ed out to prevent use. Keep this 9142 // here to catch future refactoring breaking it. 9143 panic("writeEndsStream called on nil writeFramer") 9144 } 9145 return false 9146 } 9147 9148 type http2flushFrameWriter struct{} 9149 9150 func (http2flushFrameWriter) writeFrame(ctx http2writeContext) error { 9151 return ctx.Flush() 9152 } 9153 9154 func (http2flushFrameWriter) staysWithinBuffer(max int) bool { return false } 9155 9156 type http2writeSettings []http2Setting 9157 9158 func (s http2writeSettings) staysWithinBuffer(max int) bool { 9159 const settingSize = 6 // uint16 + uint32 9160 return http2frameHeaderLen+settingSize*len(s) <= max 9161 9162 } 9163 9164 func (s http2writeSettings) writeFrame(ctx http2writeContext) error { 9165 return ctx.Framer().WriteSettings([]http2Setting(s)...) 9166 } 9167 9168 type http2writeGoAway struct { 9169 maxStreamID uint32 9170 code http2ErrCode 9171 } 9172 9173 func (p *http2writeGoAway) writeFrame(ctx http2writeContext) error { 9174 err := ctx.Framer().WriteGoAway(p.maxStreamID, p.code, nil) 9175 ctx.Flush() // ignore error: we're hanging up on them anyway 9176 return err 9177 } 9178 9179 func (*http2writeGoAway) staysWithinBuffer(max int) bool { return false } // flushes 9180 9181 type http2writeData struct { 9182 streamID uint32 9183 p []byte 9184 endStream bool 9185 } 9186 9187 func (w *http2writeData) String() string { 9188 return fmt.Sprintf("writeData(stream=%d, p=%d, endStream=%v)", w.streamID, len(w.p), w.endStream) 9189 } 9190 9191 func (w *http2writeData) writeFrame(ctx http2writeContext) error { 9192 return ctx.Framer().WriteData(w.streamID, w.endStream, w.p) 9193 } 9194 9195 func (w *http2writeData) staysWithinBuffer(max int) bool { 9196 return http2frameHeaderLen+len(w.p) <= max 9197 } 9198 9199 // handlerPanicRST is the message sent from handler goroutines when 9200 // the handler panics. 9201 type http2handlerPanicRST struct { 9202 StreamID uint32 9203 } 9204 9205 func (hp http2handlerPanicRST) writeFrame(ctx http2writeContext) error { 9206 return ctx.Framer().WriteRSTStream(hp.StreamID, http2ErrCodeInternal) 9207 } 9208 9209 func (hp http2handlerPanicRST) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max } 9210 9211 func (se http2StreamError) writeFrame(ctx http2writeContext) error { 9212 return ctx.Framer().WriteRSTStream(se.StreamID, se.Code) 9213 } 9214 9215 func (se http2StreamError) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max } 9216 9217 type http2writePingAck struct{ pf *http2PingFrame } 9218 9219 func (w http2writePingAck) writeFrame(ctx http2writeContext) error { 9220 return ctx.Framer().WritePing(true, w.pf.Data) 9221 } 9222 9223 func (w http2writePingAck) staysWithinBuffer(max int) bool { 9224 return http2frameHeaderLen+len(w.pf.Data) <= max 9225 } 9226 9227 type http2writeSettingsAck struct{} 9228 9229 func (http2writeSettingsAck) writeFrame(ctx http2writeContext) error { 9230 return ctx.Framer().WriteSettingsAck() 9231 } 9232 9233 func (http2writeSettingsAck) staysWithinBuffer(max int) bool { return http2frameHeaderLen <= max } 9234 9235 // splitHeaderBlock splits headerBlock into fragments so that each fragment fits 9236 // in a single frame, then calls fn for each fragment. firstFrag/lastFrag are true 9237 // for the first/last fragment, respectively. 9238 func http2splitHeaderBlock(ctx http2writeContext, headerBlock []byte, fn func(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error) error { 9239 // For now we're lazy and just pick the minimum MAX_FRAME_SIZE 9240 // that all peers must support (16KB). Later we could care 9241 // more and send larger frames if the peer advertised it, but 9242 // there's little point. Most headers are small anyway (so we 9243 // generally won't have CONTINUATION frames), and extra frames 9244 // only waste 9 bytes anyway. 9245 const maxFrameSize = 16384 9246 9247 first := true 9248 for len(headerBlock) > 0 { 9249 frag := headerBlock 9250 if len(frag) > maxFrameSize { 9251 frag = frag[:maxFrameSize] 9252 } 9253 headerBlock = headerBlock[len(frag):] 9254 if err := fn(ctx, frag, first, len(headerBlock) == 0); err != nil { 9255 return err 9256 } 9257 first = false 9258 } 9259 return nil 9260 } 9261 9262 // writeResHeaders is a request to write a HEADERS and 0+ CONTINUATION frames 9263 // for HTTP response headers or trailers from a server handler. 9264 type http2writeResHeaders struct { 9265 streamID uint32 9266 httpResCode int // 0 means no ":status" line 9267 h Header // may be nil 9268 trailers []string // if non-nil, which keys of h to write. nil means all. 9269 endStream bool 9270 9271 date string 9272 contentType string 9273 contentLength string 9274 } 9275 9276 func http2encKV(enc *hpack.Encoder, k, v string) { 9277 if http2VerboseLogs { 9278 log.Printf("http2: server encoding header %q = %q", k, v) 9279 } 9280 enc.WriteField(hpack.HeaderField{Name: k, Value: v}) 9281 } 9282 9283 func (w *http2writeResHeaders) staysWithinBuffer(max int) bool { 9284 // TODO: this is a common one. It'd be nice to return true 9285 // here and get into the fast path if we could be clever and 9286 // calculate the size fast enough, or at least a conservative 9287 // upper bound that usually fires. (Maybe if w.h and 9288 // w.trailers are nil, so we don't need to enumerate it.) 9289 // Otherwise I'm afraid that just calculating the length to 9290 // answer this question would be slower than the ~2µs benefit. 9291 return false 9292 } 9293 9294 func (w *http2writeResHeaders) writeFrame(ctx http2writeContext) error { 9295 enc, buf := ctx.HeaderEncoder() 9296 buf.Reset() 9297 9298 if w.httpResCode != 0 { 9299 http2encKV(enc, ":status", http2httpCodeString(w.httpResCode)) 9300 } 9301 9302 http2encodeHeaders(enc, w.h, w.trailers) 9303 9304 if w.contentType != "" { 9305 http2encKV(enc, "content-type", w.contentType) 9306 } 9307 if w.contentLength != "" { 9308 http2encKV(enc, "content-length", w.contentLength) 9309 } 9310 if w.date != "" { 9311 http2encKV(enc, "date", w.date) 9312 } 9313 9314 headerBlock := buf.Bytes() 9315 if len(headerBlock) == 0 && w.trailers == nil { 9316 panic("unexpected empty hpack") 9317 } 9318 9319 return http2splitHeaderBlock(ctx, headerBlock, w.writeHeaderBlock) 9320 } 9321 9322 func (w *http2writeResHeaders) writeHeaderBlock(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error { 9323 if firstFrag { 9324 return ctx.Framer().WriteHeaders(http2HeadersFrameParam{ 9325 StreamID: w.streamID, 9326 BlockFragment: frag, 9327 EndStream: w.endStream, 9328 EndHeaders: lastFrag, 9329 }) 9330 } else { 9331 return ctx.Framer().WriteContinuation(w.streamID, lastFrag, frag) 9332 } 9333 } 9334 9335 // writePushPromise is a request to write a PUSH_PROMISE and 0+ CONTINUATION frames. 9336 type http2writePushPromise struct { 9337 streamID uint32 // pusher stream 9338 method string // for :method 9339 url *url.URL // for :scheme, :authority, :path 9340 h Header 9341 9342 // Creates an ID for a pushed stream. This runs on serveG just before 9343 // the frame is written. The returned ID is copied to promisedID. 9344 allocatePromisedID func() (uint32, error) 9345 promisedID uint32 9346 } 9347 9348 func (w *http2writePushPromise) staysWithinBuffer(max int) bool { 9349 // TODO: see writeResHeaders.staysWithinBuffer 9350 return false 9351 } 9352 9353 func (w *http2writePushPromise) writeFrame(ctx http2writeContext) error { 9354 enc, buf := ctx.HeaderEncoder() 9355 buf.Reset() 9356 9357 http2encKV(enc, ":method", w.method) 9358 http2encKV(enc, ":scheme", w.url.Scheme) 9359 http2encKV(enc, ":authority", w.url.Host) 9360 http2encKV(enc, ":path", w.url.RequestURI()) 9361 http2encodeHeaders(enc, w.h, nil) 9362 9363 headerBlock := buf.Bytes() 9364 if len(headerBlock) == 0 { 9365 panic("unexpected empty hpack") 9366 } 9367 9368 return http2splitHeaderBlock(ctx, headerBlock, w.writeHeaderBlock) 9369 } 9370 9371 func (w *http2writePushPromise) writeHeaderBlock(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error { 9372 if firstFrag { 9373 return ctx.Framer().WritePushPromise(http2PushPromiseParam{ 9374 StreamID: w.streamID, 9375 PromiseID: w.promisedID, 9376 BlockFragment: frag, 9377 EndHeaders: lastFrag, 9378 }) 9379 } else { 9380 return ctx.Framer().WriteContinuation(w.streamID, lastFrag, frag) 9381 } 9382 } 9383 9384 type http2write100ContinueHeadersFrame struct { 9385 streamID uint32 9386 } 9387 9388 func (w http2write100ContinueHeadersFrame) writeFrame(ctx http2writeContext) error { 9389 enc, buf := ctx.HeaderEncoder() 9390 buf.Reset() 9391 http2encKV(enc, ":status", "100") 9392 return ctx.Framer().WriteHeaders(http2HeadersFrameParam{ 9393 StreamID: w.streamID, 9394 BlockFragment: buf.Bytes(), 9395 EndStream: false, 9396 EndHeaders: true, 9397 }) 9398 } 9399 9400 func (w http2write100ContinueHeadersFrame) staysWithinBuffer(max int) bool { 9401 // Sloppy but conservative: 9402 return 9+2*(len(":status")+len("100")) <= max 9403 } 9404 9405 type http2writeWindowUpdate struct { 9406 streamID uint32 // or 0 for conn-level 9407 n uint32 9408 } 9409 9410 func (wu http2writeWindowUpdate) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max } 9411 9412 func (wu http2writeWindowUpdate) writeFrame(ctx http2writeContext) error { 9413 return ctx.Framer().WriteWindowUpdate(wu.streamID, wu.n) 9414 } 9415 9416 // encodeHeaders encodes an http.Header. If keys is not nil, then (k, h[k]) 9417 // is encoded only if k is in keys. 9418 func http2encodeHeaders(enc *hpack.Encoder, h Header, keys []string) { 9419 if keys == nil { 9420 sorter := http2sorterPool.Get().(*http2sorter) 9421 // Using defer here, since the returned keys from the 9422 // sorter.Keys method is only valid until the sorter 9423 // is returned: 9424 defer http2sorterPool.Put(sorter) 9425 keys = sorter.Keys(h) 9426 } 9427 for _, k := range keys { 9428 vv := h[k] 9429 k = http2lowerHeader(k) 9430 if !http2validWireHeaderFieldName(k) { 9431 // Skip it as backup paranoia. Per 9432 // golang.org/issue/14048, these should 9433 // already be rejected at a higher level. 9434 continue 9435 } 9436 isTE := k == "transfer-encoding" 9437 for _, v := range vv { 9438 if !httpguts.ValidHeaderFieldValue(v) { 9439 // TODO: return an error? golang.org/issue/14048 9440 // For now just omit it. 9441 continue 9442 } 9443 // TODO: more of "8.1.2.2 Connection-Specific Header Fields" 9444 if isTE && v != "trailers" { 9445 continue 9446 } 9447 http2encKV(enc, k, v) 9448 } 9449 } 9450 } 9451 9452 // WriteScheduler is the interface implemented by HTTP/2 write schedulers. 9453 // Methods are never called concurrently. 9454 type http2WriteScheduler interface { 9455 // OpenStream opens a new stream in the write scheduler. 9456 // It is illegal to call this with streamID=0 or with a streamID that is 9457 // already open -- the call may panic. 9458 OpenStream(streamID uint32, options http2OpenStreamOptions) 9459 9460 // CloseStream closes a stream in the write scheduler. Any frames queued on 9461 // this stream should be discarded. It is illegal to call this on a stream 9462 // that is not open -- the call may panic. 9463 CloseStream(streamID uint32) 9464 9465 // AdjustStream adjusts the priority of the given stream. This may be called 9466 // on a stream that has not yet been opened or has been closed. Note that 9467 // RFC 7540 allows PRIORITY frames to be sent on streams in any state. See: 9468 // https://tools.ietf.org/html/rfc7540#section-5.1 9469 AdjustStream(streamID uint32, priority http2PriorityParam) 9470 9471 // Push queues a frame in the scheduler. In most cases, this will not be 9472 // called with wr.StreamID()!=0 unless that stream is currently open. The one 9473 // exception is RST_STREAM frames, which may be sent on idle or closed streams. 9474 Push(wr http2FrameWriteRequest) 9475 9476 // Pop dequeues the next frame to write. Returns false if no frames can 9477 // be written. Frames with a given wr.StreamID() are Pop'd in the same 9478 // order they are Push'd. No frames should be discarded except by CloseStream. 9479 Pop() (wr http2FrameWriteRequest, ok bool) 9480 } 9481 9482 // OpenStreamOptions specifies extra options for WriteScheduler.OpenStream. 9483 type http2OpenStreamOptions struct { 9484 // PusherID is zero if the stream was initiated by the client. Otherwise, 9485 // PusherID names the stream that pushed the newly opened stream. 9486 PusherID uint32 9487 } 9488 9489 // FrameWriteRequest is a request to write a frame. 9490 type http2FrameWriteRequest struct { 9491 // write is the interface value that does the writing, once the 9492 // WriteScheduler has selected this frame to write. The write 9493 // functions are all defined in write.go. 9494 write http2writeFramer 9495 9496 // stream is the stream on which this frame will be written. 9497 // nil for non-stream frames like PING and SETTINGS. 9498 stream *http2stream 9499 9500 // done, if non-nil, must be a buffered channel with space for 9501 // 1 message and is sent the return value from write (or an 9502 // earlier error) when the frame has been written. 9503 done chan error 9504 } 9505 9506 // StreamID returns the id of the stream this frame will be written to. 9507 // 0 is used for non-stream frames such as PING and SETTINGS. 9508 func (wr http2FrameWriteRequest) StreamID() uint32 { 9509 if wr.stream == nil { 9510 if se, ok := wr.write.(http2StreamError); ok { 9511 // (*serverConn).resetStream doesn't set 9512 // stream because it doesn't necessarily have 9513 // one. So special case this type of write 9514 // message. 9515 return se.StreamID 9516 } 9517 return 0 9518 } 9519 return wr.stream.id 9520 } 9521 9522 // isControl reports whether wr is a control frame for MaxQueuedControlFrames 9523 // purposes. That includes non-stream frames and RST_STREAM frames. 9524 func (wr http2FrameWriteRequest) isControl() bool { 9525 return wr.stream == nil 9526 } 9527 9528 // DataSize returns the number of flow control bytes that must be consumed 9529 // to write this entire frame. This is 0 for non-DATA frames. 9530 func (wr http2FrameWriteRequest) DataSize() int { 9531 if wd, ok := wr.write.(*http2writeData); ok { 9532 return len(wd.p) 9533 } 9534 return 0 9535 } 9536 9537 // Consume consumes min(n, available) bytes from this frame, where available 9538 // is the number of flow control bytes available on the stream. Consume returns 9539 // 0, 1, or 2 frames, where the integer return value gives the number of frames 9540 // returned. 9541 // 9542 // If flow control prevents consuming any bytes, this returns (_, _, 0). If 9543 // the entire frame was consumed, this returns (wr, _, 1). Otherwise, this 9544 // returns (consumed, rest, 2), where 'consumed' contains the consumed bytes and 9545 // 'rest' contains the remaining bytes. The consumed bytes are deducted from the 9546 // underlying stream's flow control budget. 9547 func (wr http2FrameWriteRequest) Consume(n int32) (http2FrameWriteRequest, http2FrameWriteRequest, int) { 9548 var empty http2FrameWriteRequest 9549 9550 // Non-DATA frames are always consumed whole. 9551 wd, ok := wr.write.(*http2writeData) 9552 if !ok || len(wd.p) == 0 { 9553 return wr, empty, 1 9554 } 9555 9556 // Might need to split after applying limits. 9557 allowed := wr.stream.flow.available() 9558 if n < allowed { 9559 allowed = n 9560 } 9561 if wr.stream.sc.maxFrameSize < allowed { 9562 allowed = wr.stream.sc.maxFrameSize 9563 } 9564 if allowed <= 0 { 9565 return empty, empty, 0 9566 } 9567 if len(wd.p) > int(allowed) { 9568 wr.stream.flow.take(allowed) 9569 consumed := http2FrameWriteRequest{ 9570 stream: wr.stream, 9571 write: &http2writeData{ 9572 streamID: wd.streamID, 9573 p: wd.p[:allowed], 9574 // Even if the original had endStream set, there 9575 // are bytes remaining because len(wd.p) > allowed, 9576 // so we know endStream is false. 9577 endStream: false, 9578 }, 9579 // Our caller is blocking on the final DATA frame, not 9580 // this intermediate frame, so no need to wait. 9581 done: nil, 9582 } 9583 rest := http2FrameWriteRequest{ 9584 stream: wr.stream, 9585 write: &http2writeData{ 9586 streamID: wd.streamID, 9587 p: wd.p[allowed:], 9588 endStream: wd.endStream, 9589 }, 9590 done: wr.done, 9591 } 9592 return consumed, rest, 2 9593 } 9594 9595 // The frame is consumed whole. 9596 // NB: This cast cannot overflow because allowed is <= math.MaxInt32. 9597 wr.stream.flow.take(int32(len(wd.p))) 9598 return wr, empty, 1 9599 } 9600 9601 // String is for debugging only. 9602 func (wr http2FrameWriteRequest) String() string { 9603 var des string 9604 if s, ok := wr.write.(fmt.Stringer); ok { 9605 des = s.String() 9606 } else { 9607 des = fmt.Sprintf("%T", wr.write) 9608 } 9609 return fmt.Sprintf("[FrameWriteRequest stream=%d, ch=%v, writer=%v]", wr.StreamID(), wr.done != nil, des) 9610 } 9611 9612 // replyToWriter sends err to wr.done and panics if the send must block 9613 // This does nothing if wr.done is nil. 9614 func (wr *http2FrameWriteRequest) replyToWriter(err error) { 9615 if wr.done == nil { 9616 return 9617 } 9618 select { 9619 case wr.done <- err: 9620 default: 9621 panic(fmt.Sprintf("unbuffered done channel passed in for type %T", wr.write)) 9622 } 9623 wr.write = nil // prevent use (assume it's tainted after wr.done send) 9624 } 9625 9626 // writeQueue is used by implementations of WriteScheduler. 9627 type http2writeQueue struct { 9628 s []http2FrameWriteRequest 9629 } 9630 9631 func (q *http2writeQueue) empty() bool { return len(q.s) == 0 } 9632 9633 func (q *http2writeQueue) push(wr http2FrameWriteRequest) { 9634 q.s = append(q.s, wr) 9635 } 9636 9637 func (q *http2writeQueue) shift() http2FrameWriteRequest { 9638 if len(q.s) == 0 { 9639 panic("invalid use of queue") 9640 } 9641 wr := q.s[0] 9642 // TODO: less copy-happy queue. 9643 copy(q.s, q.s[1:]) 9644 q.s[len(q.s)-1] = http2FrameWriteRequest{} 9645 q.s = q.s[:len(q.s)-1] 9646 return wr 9647 } 9648 9649 // consume consumes up to n bytes from q.s[0]. If the frame is 9650 // entirely consumed, it is removed from the queue. If the frame 9651 // is partially consumed, the frame is kept with the consumed 9652 // bytes removed. Returns true iff any bytes were consumed. 9653 func (q *http2writeQueue) consume(n int32) (http2FrameWriteRequest, bool) { 9654 if len(q.s) == 0 { 9655 return http2FrameWriteRequest{}, false 9656 } 9657 consumed, rest, numresult := q.s[0].Consume(n) 9658 switch numresult { 9659 case 0: 9660 return http2FrameWriteRequest{}, false 9661 case 1: 9662 q.shift() 9663 case 2: 9664 q.s[0] = rest 9665 } 9666 return consumed, true 9667 } 9668 9669 type http2writeQueuePool []*http2writeQueue 9670 9671 // put inserts an unused writeQueue into the pool. 9672 9673 // put inserts an unused writeQueue into the pool. 9674 func (p *http2writeQueuePool) put(q *http2writeQueue) { 9675 for i := range q.s { 9676 q.s[i] = http2FrameWriteRequest{} 9677 } 9678 q.s = q.s[:0] 9679 *p = append(*p, q) 9680 } 9681 9682 // get returns an empty writeQueue. 9683 func (p *http2writeQueuePool) get() *http2writeQueue { 9684 ln := len(*p) 9685 if ln == 0 { 9686 return new(http2writeQueue) 9687 } 9688 x := ln - 1 9689 q := (*p)[x] 9690 (*p)[x] = nil 9691 *p = (*p)[:x] 9692 return q 9693 } 9694 9695 // RFC 7540, Section 5.3.5: the default weight is 16. 9696 const http2priorityDefaultWeight = 15 // 16 = 15 + 1 9697 9698 // PriorityWriteSchedulerConfig configures a priorityWriteScheduler. 9699 type http2PriorityWriteSchedulerConfig struct { 9700 // MaxClosedNodesInTree controls the maximum number of closed streams to 9701 // retain in the priority tree. Setting this to zero saves a small amount 9702 // of memory at the cost of performance. 9703 // 9704 // See RFC 7540, Section 5.3.4: 9705 // "It is possible for a stream to become closed while prioritization 9706 // information ... is in transit. ... This potentially creates suboptimal 9707 // prioritization, since the stream could be given a priority that is 9708 // different from what is intended. To avoid these problems, an endpoint 9709 // SHOULD retain stream prioritization state for a period after streams 9710 // become closed. The longer state is retained, the lower the chance that 9711 // streams are assigned incorrect or default priority values." 9712 MaxClosedNodesInTree int 9713 9714 // MaxIdleNodesInTree controls the maximum number of idle streams to 9715 // retain in the priority tree. Setting this to zero saves a small amount 9716 // of memory at the cost of performance. 9717 // 9718 // See RFC 7540, Section 5.3.4: 9719 // Similarly, streams that are in the "idle" state can be assigned 9720 // priority or become a parent of other streams. This allows for the 9721 // creation of a grouping node in the dependency tree, which enables 9722 // more flexible expressions of priority. Idle streams begin with a 9723 // default priority (Section 5.3.5). 9724 MaxIdleNodesInTree int 9725 9726 // ThrottleOutOfOrderWrites enables write throttling to help ensure that 9727 // data is delivered in priority order. This works around a race where 9728 // stream B depends on stream A and both streams are about to call Write 9729 // to queue DATA frames. If B wins the race, a naive scheduler would eagerly 9730 // write as much data from B as possible, but this is suboptimal because A 9731 // is a higher-priority stream. With throttling enabled, we write a small 9732 // amount of data from B to minimize the amount of bandwidth that B can 9733 // steal from A. 9734 ThrottleOutOfOrderWrites bool 9735 } 9736 9737 // NewPriorityWriteScheduler constructs a WriteScheduler that schedules 9738 // frames by following HTTP/2 priorities as described in RFC 7540 Section 5.3. 9739 // If cfg is nil, default options are used. 9740 func http2NewPriorityWriteScheduler(cfg *http2PriorityWriteSchedulerConfig) http2WriteScheduler { 9741 if cfg == nil { 9742 // For justification of these defaults, see: 9743 // https://docs.google.com/document/d/1oLhNg1skaWD4_DtaoCxdSRN5erEXrH-KnLrMwEpOtFY 9744 cfg = &http2PriorityWriteSchedulerConfig{ 9745 MaxClosedNodesInTree: 10, 9746 MaxIdleNodesInTree: 10, 9747 ThrottleOutOfOrderWrites: false, 9748 } 9749 } 9750 9751 ws := &http2priorityWriteScheduler{ 9752 nodes: make(map[uint32]*http2priorityNode), 9753 maxClosedNodesInTree: cfg.MaxClosedNodesInTree, 9754 maxIdleNodesInTree: cfg.MaxIdleNodesInTree, 9755 enableWriteThrottle: cfg.ThrottleOutOfOrderWrites, 9756 } 9757 ws.nodes[0] = &ws.root 9758 if cfg.ThrottleOutOfOrderWrites { 9759 ws.writeThrottleLimit = 1024 9760 } else { 9761 ws.writeThrottleLimit = math.MaxInt32 9762 } 9763 return ws 9764 } 9765 9766 type http2priorityNodeState int 9767 9768 const ( 9769 http2priorityNodeOpen http2priorityNodeState = iota 9770 http2priorityNodeClosed 9771 http2priorityNodeIdle 9772 ) 9773 9774 // priorityNode is a node in an HTTP/2 priority tree. 9775 // Each node is associated with a single stream ID. 9776 // See RFC 7540, Section 5.3. 9777 type http2priorityNode struct { 9778 q http2writeQueue // queue of pending frames to write 9779 id uint32 // id of the stream, or 0 for the root of the tree 9780 weight uint8 // the actual weight is weight+1, so the value is in [1,256] 9781 state http2priorityNodeState // open | closed | idle 9782 bytes int64 // number of bytes written by this node, or 0 if closed 9783 subtreeBytes int64 // sum(node.bytes) of all nodes in this subtree 9784 9785 // These links form the priority tree. 9786 parent *http2priorityNode 9787 kids *http2priorityNode // start of the kids list 9788 prev, next *http2priorityNode // doubly-linked list of siblings 9789 } 9790 9791 func (n *http2priorityNode) setParent(parent *http2priorityNode) { 9792 if n == parent { 9793 panic("setParent to self") 9794 } 9795 if n.parent == parent { 9796 return 9797 } 9798 // Unlink from current parent. 9799 if parent := n.parent; parent != nil { 9800 if n.prev == nil { 9801 parent.kids = n.next 9802 } else { 9803 n.prev.next = n.next 9804 } 9805 if n.next != nil { 9806 n.next.prev = n.prev 9807 } 9808 } 9809 // Link to new parent. 9810 // If parent=nil, remove n from the tree. 9811 // Always insert at the head of parent.kids (this is assumed by walkReadyInOrder). 9812 n.parent = parent 9813 if parent == nil { 9814 n.next = nil 9815 n.prev = nil 9816 } else { 9817 n.next = parent.kids 9818 n.prev = nil 9819 if n.next != nil { 9820 n.next.prev = n 9821 } 9822 parent.kids = n 9823 } 9824 } 9825 9826 func (n *http2priorityNode) addBytes(b int64) { 9827 n.bytes += b 9828 for ; n != nil; n = n.parent { 9829 n.subtreeBytes += b 9830 } 9831 } 9832 9833 // walkReadyInOrder iterates over the tree in priority order, calling f for each node 9834 // with a non-empty write queue. When f returns true, this funcion returns true and the 9835 // walk halts. tmp is used as scratch space for sorting. 9836 // 9837 // f(n, openParent) takes two arguments: the node to visit, n, and a bool that is true 9838 // if any ancestor p of n is still open (ignoring the root node). 9839 func (n *http2priorityNode) walkReadyInOrder(openParent bool, tmp *[]*http2priorityNode, f func(*http2priorityNode, bool) bool) bool { 9840 if !n.q.empty() && f(n, openParent) { 9841 return true 9842 } 9843 if n.kids == nil { 9844 return false 9845 } 9846 9847 // Don't consider the root "open" when updating openParent since 9848 // we can't send data frames on the root stream (only control frames). 9849 if n.id != 0 { 9850 openParent = openParent || (n.state == http2priorityNodeOpen) 9851 } 9852 9853 // Common case: only one kid or all kids have the same weight. 9854 // Some clients don't use weights; other clients (like web browsers) 9855 // use mostly-linear priority trees. 9856 w := n.kids.weight 9857 needSort := false 9858 for k := n.kids.next; k != nil; k = k.next { 9859 if k.weight != w { 9860 needSort = true 9861 break 9862 } 9863 } 9864 if !needSort { 9865 for k := n.kids; k != nil; k = k.next { 9866 if k.walkReadyInOrder(openParent, tmp, f) { 9867 return true 9868 } 9869 } 9870 return false 9871 } 9872 9873 // Uncommon case: sort the child nodes. We remove the kids from the parent, 9874 // then re-insert after sorting so we can reuse tmp for future sort calls. 9875 *tmp = (*tmp)[:0] 9876 for n.kids != nil { 9877 *tmp = append(*tmp, n.kids) 9878 n.kids.setParent(nil) 9879 } 9880 sort.Sort(http2sortPriorityNodeSiblings(*tmp)) 9881 for i := len(*tmp) - 1; i >= 0; i-- { 9882 (*tmp)[i].setParent(n) // setParent inserts at the head of n.kids 9883 } 9884 for k := n.kids; k != nil; k = k.next { 9885 if k.walkReadyInOrder(openParent, tmp, f) { 9886 return true 9887 } 9888 } 9889 return false 9890 } 9891 9892 type http2sortPriorityNodeSiblings []*http2priorityNode 9893 9894 func (z http2sortPriorityNodeSiblings) Len() int { return len(z) } 9895 9896 func (z http2sortPriorityNodeSiblings) Swap(i, k int) { z[i], z[k] = z[k], z[i] } 9897 9898 func (z http2sortPriorityNodeSiblings) Less(i, k int) bool { 9899 // Prefer the subtree that has sent fewer bytes relative to its weight. 9900 // See sections 5.3.2 and 5.3.4. 9901 wi, bi := float64(z[i].weight+1), float64(z[i].subtreeBytes) 9902 wk, bk := float64(z[k].weight+1), float64(z[k].subtreeBytes) 9903 if bi == 0 && bk == 0 { 9904 return wi >= wk 9905 } 9906 if bk == 0 { 9907 return false 9908 } 9909 return bi/bk <= wi/wk 9910 } 9911 9912 type http2priorityWriteScheduler struct { 9913 // root is the root of the priority tree, where root.id = 0. 9914 // The root queues control frames that are not associated with any stream. 9915 root http2priorityNode 9916 9917 // nodes maps stream ids to priority tree nodes. 9918 nodes map[uint32]*http2priorityNode 9919 9920 // maxID is the maximum stream id in nodes. 9921 maxID uint32 9922 9923 // lists of nodes that have been closed or are idle, but are kept in 9924 // the tree for improved prioritization. When the lengths exceed either 9925 // maxClosedNodesInTree or maxIdleNodesInTree, old nodes are discarded. 9926 closedNodes, idleNodes []*http2priorityNode 9927 9928 // From the config. 9929 maxClosedNodesInTree int 9930 maxIdleNodesInTree int 9931 writeThrottleLimit int32 9932 enableWriteThrottle bool 9933 9934 // tmp is scratch space for priorityNode.walkReadyInOrder to reduce allocations. 9935 tmp []*http2priorityNode 9936 9937 // pool of empty queues for reuse. 9938 queuePool http2writeQueuePool 9939 } 9940 9941 func (ws *http2priorityWriteScheduler) OpenStream(streamID uint32, options http2OpenStreamOptions) { 9942 // The stream may be currently idle but cannot be opened or closed. 9943 if curr := ws.nodes[streamID]; curr != nil { 9944 if curr.state != http2priorityNodeIdle { 9945 panic(fmt.Sprintf("stream %d already opened", streamID)) 9946 } 9947 curr.state = http2priorityNodeOpen 9948 return 9949 } 9950 9951 // RFC 7540, Section 5.3.5: 9952 // "All streams are initially assigned a non-exclusive dependency on stream 0x0. 9953 // Pushed streams initially depend on their associated stream. In both cases, 9954 // streams are assigned a default weight of 16." 9955 parent := ws.nodes[options.PusherID] 9956 if parent == nil { 9957 parent = &ws.root 9958 } 9959 n := &http2priorityNode{ 9960 q: *ws.queuePool.get(), 9961 id: streamID, 9962 weight: http2priorityDefaultWeight, 9963 state: http2priorityNodeOpen, 9964 } 9965 n.setParent(parent) 9966 ws.nodes[streamID] = n 9967 if streamID > ws.maxID { 9968 ws.maxID = streamID 9969 } 9970 } 9971 9972 func (ws *http2priorityWriteScheduler) CloseStream(streamID uint32) { 9973 if streamID == 0 { 9974 panic("violation of WriteScheduler interface: cannot close stream 0") 9975 } 9976 if ws.nodes[streamID] == nil { 9977 panic(fmt.Sprintf("violation of WriteScheduler interface: unknown stream %d", streamID)) 9978 } 9979 if ws.nodes[streamID].state != http2priorityNodeOpen { 9980 panic(fmt.Sprintf("violation of WriteScheduler interface: stream %d already closed", streamID)) 9981 } 9982 9983 n := ws.nodes[streamID] 9984 n.state = http2priorityNodeClosed 9985 n.addBytes(-n.bytes) 9986 9987 q := n.q 9988 ws.queuePool.put(&q) 9989 n.q.s = nil 9990 if ws.maxClosedNodesInTree > 0 { 9991 ws.addClosedOrIdleNode(&ws.closedNodes, ws.maxClosedNodesInTree, n) 9992 } else { 9993 ws.removeNode(n) 9994 } 9995 } 9996 9997 func (ws *http2priorityWriteScheduler) AdjustStream(streamID uint32, priority http2PriorityParam) { 9998 if streamID == 0 { 9999 panic("adjustPriority on root") 10000 } 10001 10002 // If streamID does not exist, there are two cases: 10003 // - A closed stream that has been removed (this will have ID <= maxID) 10004 // - An idle stream that is being used for "grouping" (this will have ID > maxID) 10005 n := ws.nodes[streamID] 10006 if n == nil { 10007 if streamID <= ws.maxID || ws.maxIdleNodesInTree == 0 { 10008 return 10009 } 10010 ws.maxID = streamID 10011 n = &http2priorityNode{ 10012 q: *ws.queuePool.get(), 10013 id: streamID, 10014 weight: http2priorityDefaultWeight, 10015 state: http2priorityNodeIdle, 10016 } 10017 n.setParent(&ws.root) 10018 ws.nodes[streamID] = n 10019 ws.addClosedOrIdleNode(&ws.idleNodes, ws.maxIdleNodesInTree, n) 10020 } 10021 10022 // Section 5.3.1: A dependency on a stream that is not currently in the tree 10023 // results in that stream being given a default priority (Section 5.3.5). 10024 parent := ws.nodes[priority.StreamDep] 10025 if parent == nil { 10026 n.setParent(&ws.root) 10027 n.weight = http2priorityDefaultWeight 10028 return 10029 } 10030 10031 // Ignore if the client tries to make a node its own parent. 10032 if n == parent { 10033 return 10034 } 10035 10036 // Section 5.3.3: 10037 // "If a stream is made dependent on one of its own dependencies, the 10038 // formerly dependent stream is first moved to be dependent on the 10039 // reprioritized stream's previous parent. The moved dependency retains 10040 // its weight." 10041 // 10042 // That is: if parent depends on n, move parent to depend on n.parent. 10043 for x := parent.parent; x != nil; x = x.parent { 10044 if x == n { 10045 parent.setParent(n.parent) 10046 break 10047 } 10048 } 10049 10050 // Section 5.3.3: The exclusive flag causes the stream to become the sole 10051 // dependency of its parent stream, causing other dependencies to become 10052 // dependent on the exclusive stream. 10053 if priority.Exclusive { 10054 k := parent.kids 10055 for k != nil { 10056 next := k.next 10057 if k != n { 10058 k.setParent(n) 10059 } 10060 k = next 10061 } 10062 } 10063 10064 n.setParent(parent) 10065 n.weight = priority.Weight 10066 } 10067 10068 func (ws *http2priorityWriteScheduler) Push(wr http2FrameWriteRequest) { 10069 var n *http2priorityNode 10070 if id := wr.StreamID(); id == 0 { 10071 n = &ws.root 10072 } else { 10073 n = ws.nodes[id] 10074 if n == nil { 10075 // id is an idle or closed stream. wr should not be a HEADERS or 10076 // DATA frame. However, wr can be a RST_STREAM. In this case, we 10077 // push wr onto the root, rather than creating a new priorityNode, 10078 // since RST_STREAM is tiny and the stream's priority is unknown 10079 // anyway. See issue #17919. 10080 if wr.DataSize() > 0 { 10081 panic("add DATA on non-open stream") 10082 } 10083 n = &ws.root 10084 } 10085 } 10086 n.q.push(wr) 10087 } 10088 10089 func (ws *http2priorityWriteScheduler) Pop() (wr http2FrameWriteRequest, ok bool) { 10090 ws.root.walkReadyInOrder(false, &ws.tmp, func(n *http2priorityNode, openParent bool) bool { 10091 limit := int32(math.MaxInt32) 10092 if openParent { 10093 limit = ws.writeThrottleLimit 10094 } 10095 wr, ok = n.q.consume(limit) 10096 if !ok { 10097 return false 10098 } 10099 n.addBytes(int64(wr.DataSize())) 10100 // If B depends on A and B continuously has data available but A 10101 // does not, gradually increase the throttling limit to allow B to 10102 // steal more and more bandwidth from A. 10103 if openParent { 10104 ws.writeThrottleLimit += 1024 10105 if ws.writeThrottleLimit < 0 { 10106 ws.writeThrottleLimit = math.MaxInt32 10107 } 10108 } else if ws.enableWriteThrottle { 10109 ws.writeThrottleLimit = 1024 10110 } 10111 return true 10112 }) 10113 return wr, ok 10114 } 10115 10116 func (ws *http2priorityWriteScheduler) addClosedOrIdleNode(list *[]*http2priorityNode, maxSize int, n *http2priorityNode) { 10117 if maxSize == 0 { 10118 return 10119 } 10120 if len(*list) == maxSize { 10121 // Remove the oldest node, then shift left. 10122 ws.removeNode((*list)[0]) 10123 x := (*list)[1:] 10124 copy(*list, x) 10125 *list = (*list)[:len(x)] 10126 } 10127 *list = append(*list, n) 10128 } 10129 10130 func (ws *http2priorityWriteScheduler) removeNode(n *http2priorityNode) { 10131 for k := n.kids; k != nil; k = k.next { 10132 k.setParent(n.parent) 10133 } 10134 n.setParent(nil) 10135 delete(ws.nodes, n.id) 10136 } 10137 10138 // NewRandomWriteScheduler constructs a WriteScheduler that ignores HTTP/2 10139 // priorities. Control frames like SETTINGS and PING are written before DATA 10140 // frames, but if no control frames are queued and multiple streams have queued 10141 // HEADERS or DATA frames, Pop selects a ready stream arbitrarily. 10142 func http2NewRandomWriteScheduler() http2WriteScheduler { 10143 return &http2randomWriteScheduler{sq: make(map[uint32]*http2writeQueue)} 10144 } 10145 10146 type http2randomWriteScheduler struct { 10147 // zero are frames not associated with a specific stream. 10148 zero http2writeQueue 10149 10150 // sq contains the stream-specific queues, keyed by stream ID. 10151 // When a stream is idle, closed, or emptied, it's deleted 10152 // from the map. 10153 sq map[uint32]*http2writeQueue 10154 10155 // pool of empty queues for reuse. 10156 queuePool http2writeQueuePool 10157 } 10158 10159 func (ws *http2randomWriteScheduler) OpenStream(streamID uint32, options http2OpenStreamOptions) { 10160 // no-op: idle streams are not tracked 10161 } 10162 10163 func (ws *http2randomWriteScheduler) CloseStream(streamID uint32) { 10164 q, ok := ws.sq[streamID] 10165 if !ok { 10166 return 10167 } 10168 delete(ws.sq, streamID) 10169 ws.queuePool.put(q) 10170 } 10171 10172 func (ws *http2randomWriteScheduler) AdjustStream(streamID uint32, priority http2PriorityParam) { 10173 // no-op: priorities are ignored 10174 } 10175 10176 func (ws *http2randomWriteScheduler) Push(wr http2FrameWriteRequest) { 10177 id := wr.StreamID() 10178 if id == 0 { 10179 ws.zero.push(wr) 10180 return 10181 } 10182 q, ok := ws.sq[id] 10183 if !ok { 10184 q = ws.queuePool.get() 10185 ws.sq[id] = q 10186 } 10187 q.push(wr) 10188 } 10189 10190 func (ws *http2randomWriteScheduler) Pop() (http2FrameWriteRequest, bool) { 10191 // Control frames first. 10192 if !ws.zero.empty() { 10193 return ws.zero.shift(), true 10194 } 10195 // Iterate over all non-idle streams until finding one that can be consumed. 10196 for streamID, q := range ws.sq { 10197 if wr, ok := q.consume(math.MaxInt32); ok { 10198 if q.empty() { 10199 delete(ws.sq, streamID) 10200 ws.queuePool.put(q) 10201 } 10202 return wr, true 10203 } 10204 } 10205 return http2FrameWriteRequest{}, false 10206 } 10207
View as plain text