1 // Code generated by golang.org/x/tools/cmd/bundle. DO NOT EDIT. 2 //go:generate bundle -o h2_bundle.go -prefix http2 -underscore golang.org/x/net/http2 3 4 // Package http2 implements the HTTP/2 protocol. 5 // 6 // This package is low-level and intended to be used directly by very 7 // few people. Most users will use it indirectly through the automatic 8 // use by the net/http package (from Go 1.6 and later). 9 // For use in earlier Go versions see ConfigureServer. (Transport support 10 // requires Go 1.6 or later) 11 // 12 // See https://http2.github.io/ for more information on HTTP/2. 13 // 14 // See https://http2.golang.org/ for a test server running this code. 15 // 16 17 package http 18 19 import ( 20 "bufio" 21 "bytes" 22 "compress/gzip" 23 "context" 24 "crypto/rand" 25 "crypto/tls" 26 "encoding/binary" 27 "errors" 28 "fmt" 29 "io" 30 "io/ioutil" 31 "log" 32 "math" 33 mathrand "math/rand" 34 "net" 35 "net/http/httptrace" 36 "net/textproto" 37 "net/url" 38 "os" 39 "reflect" 40 "runtime" 41 "sort" 42 "strconv" 43 "strings" 44 "sync" 45 "time" 46 47 "internal/x/net/http/httpguts" 48 "internal/x/net/http2/hpack" 49 "internal/x/net/idna" 50 ) 51 52 // A list of the possible cipher suite ids. Taken from 53 // https://www.iana.org/assignments/tls-parameters/tls-parameters.txt 54 55 const ( 56 http2cipher_TLS_NULL_WITH_NULL_NULL uint16 = 0x0000 57 http2cipher_TLS_RSA_WITH_NULL_MD5 uint16 = 0x0001 58 http2cipher_TLS_RSA_WITH_NULL_SHA uint16 = 0x0002 59 http2cipher_TLS_RSA_EXPORT_WITH_RC4_40_MD5 uint16 = 0x0003 60 http2cipher_TLS_RSA_WITH_RC4_128_MD5 uint16 = 0x0004 61 http2cipher_TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005 62 http2cipher_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 uint16 = 0x0006 63 http2cipher_TLS_RSA_WITH_IDEA_CBC_SHA uint16 = 0x0007 64 http2cipher_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0008 65 http2cipher_TLS_RSA_WITH_DES_CBC_SHA uint16 = 0x0009 66 http2cipher_TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000A 67 http2cipher_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x000B 68 http2cipher_TLS_DH_DSS_WITH_DES_CBC_SHA uint16 = 0x000C 69 http2cipher_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0x000D 70 http2cipher_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x000E 71 http2cipher_TLS_DH_RSA_WITH_DES_CBC_SHA uint16 = 0x000F 72 http2cipher_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x0010 73 http2cipher_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0011 74 http2cipher_TLS_DHE_DSS_WITH_DES_CBC_SHA uint16 = 0x0012 75 http2cipher_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0x0013 76 http2cipher_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0014 77 http2cipher_TLS_DHE_RSA_WITH_DES_CBC_SHA uint16 = 0x0015 78 http2cipher_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x0016 79 http2cipher_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 uint16 = 0x0017 80 http2cipher_TLS_DH_anon_WITH_RC4_128_MD5 uint16 = 0x0018 81 http2cipher_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0019 82 http2cipher_TLS_DH_anon_WITH_DES_CBC_SHA uint16 = 0x001A 83 http2cipher_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA uint16 = 0x001B 84 // Reserved uint16 = 0x001C-1D 85 http2cipher_TLS_KRB5_WITH_DES_CBC_SHA uint16 = 0x001E 86 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_SHA uint16 = 0x001F 87 http2cipher_TLS_KRB5_WITH_RC4_128_SHA uint16 = 0x0020 88 http2cipher_TLS_KRB5_WITH_IDEA_CBC_SHA uint16 = 0x0021 89 http2cipher_TLS_KRB5_WITH_DES_CBC_MD5 uint16 = 0x0022 90 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_MD5 uint16 = 0x0023 91 http2cipher_TLS_KRB5_WITH_RC4_128_MD5 uint16 = 0x0024 92 http2cipher_TLS_KRB5_WITH_IDEA_CBC_MD5 uint16 = 0x0025 93 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA uint16 = 0x0026 94 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA uint16 = 0x0027 95 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_SHA uint16 = 0x0028 96 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 uint16 = 0x0029 97 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 uint16 = 0x002A 98 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_MD5 uint16 = 0x002B 99 http2cipher_TLS_PSK_WITH_NULL_SHA uint16 = 0x002C 100 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA uint16 = 0x002D 101 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA uint16 = 0x002E 102 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002F 103 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA uint16 = 0x0030 104 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA uint16 = 0x0031 105 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA uint16 = 0x0032 106 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0x0033 107 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA uint16 = 0x0034 108 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035 109 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA uint16 = 0x0036 110 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0037 111 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA uint16 = 0x0038 112 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0039 113 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA uint16 = 0x003A 114 http2cipher_TLS_RSA_WITH_NULL_SHA256 uint16 = 0x003B 115 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003C 116 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x003D 117 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA256 uint16 = 0x003E 118 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003F 119 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 uint16 = 0x0040 120 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0041 121 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0042 122 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0043 123 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0044 124 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0045 125 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0046 126 // Reserved uint16 = 0x0047-4F 127 // Reserved uint16 = 0x0050-58 128 // Reserved uint16 = 0x0059-5C 129 // Unassigned uint16 = 0x005D-5F 130 // Reserved uint16 = 0x0060-66 131 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x0067 132 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA256 uint16 = 0x0068 133 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x0069 134 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 uint16 = 0x006A 135 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x006B 136 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA256 uint16 = 0x006C 137 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA256 uint16 = 0x006D 138 // Unassigned uint16 = 0x006E-83 139 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0084 140 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0085 141 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0086 142 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0087 143 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0088 144 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0089 145 http2cipher_TLS_PSK_WITH_RC4_128_SHA uint16 = 0x008A 146 http2cipher_TLS_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x008B 147 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA uint16 = 0x008C 148 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA uint16 = 0x008D 149 http2cipher_TLS_DHE_PSK_WITH_RC4_128_SHA uint16 = 0x008E 150 http2cipher_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x008F 151 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA uint16 = 0x0090 152 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA uint16 = 0x0091 153 http2cipher_TLS_RSA_PSK_WITH_RC4_128_SHA uint16 = 0x0092 154 http2cipher_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x0093 155 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA uint16 = 0x0094 156 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA uint16 = 0x0095 157 http2cipher_TLS_RSA_WITH_SEED_CBC_SHA uint16 = 0x0096 158 http2cipher_TLS_DH_DSS_WITH_SEED_CBC_SHA uint16 = 0x0097 159 http2cipher_TLS_DH_RSA_WITH_SEED_CBC_SHA uint16 = 0x0098 160 http2cipher_TLS_DHE_DSS_WITH_SEED_CBC_SHA uint16 = 0x0099 161 http2cipher_TLS_DHE_RSA_WITH_SEED_CBC_SHA uint16 = 0x009A 162 http2cipher_TLS_DH_anon_WITH_SEED_CBC_SHA uint16 = 0x009B 163 http2cipher_TLS_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009C 164 http2cipher_TLS_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009D 165 http2cipher_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009E 166 http2cipher_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009F 167 http2cipher_TLS_DH_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x00A0 168 http2cipher_TLS_DH_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x00A1 169 http2cipher_TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 uint16 = 0x00A2 170 http2cipher_TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 uint16 = 0x00A3 171 http2cipher_TLS_DH_DSS_WITH_AES_128_GCM_SHA256 uint16 = 0x00A4 172 http2cipher_TLS_DH_DSS_WITH_AES_256_GCM_SHA384 uint16 = 0x00A5 173 http2cipher_TLS_DH_anon_WITH_AES_128_GCM_SHA256 uint16 = 0x00A6 174 http2cipher_TLS_DH_anon_WITH_AES_256_GCM_SHA384 uint16 = 0x00A7 175 http2cipher_TLS_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00A8 176 http2cipher_TLS_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00A9 177 http2cipher_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00AA 178 http2cipher_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00AB 179 http2cipher_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00AC 180 http2cipher_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00AD 181 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00AE 182 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00AF 183 http2cipher_TLS_PSK_WITH_NULL_SHA256 uint16 = 0x00B0 184 http2cipher_TLS_PSK_WITH_NULL_SHA384 uint16 = 0x00B1 185 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00B2 186 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00B3 187 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA256 uint16 = 0x00B4 188 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA384 uint16 = 0x00B5 189 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00B6 190 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00B7 191 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA256 uint16 = 0x00B8 192 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA384 uint16 = 0x00B9 193 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BA 194 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BB 195 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BC 196 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BD 197 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BE 198 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BF 199 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C0 200 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C1 201 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C2 202 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C3 203 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C4 204 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C5 205 // Unassigned uint16 = 0x00C6-FE 206 http2cipher_TLS_EMPTY_RENEGOTIATION_INFO_SCSV uint16 = 0x00FF 207 // Unassigned uint16 = 0x01-55,* 208 http2cipher_TLS_FALLBACK_SCSV uint16 = 0x5600 209 // Unassigned uint16 = 0x5601 - 0xC000 210 http2cipher_TLS_ECDH_ECDSA_WITH_NULL_SHA uint16 = 0xC001 211 http2cipher_TLS_ECDH_ECDSA_WITH_RC4_128_SHA uint16 = 0xC002 212 http2cipher_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC003 213 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xC004 214 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xC005 215 http2cipher_TLS_ECDHE_ECDSA_WITH_NULL_SHA uint16 = 0xC006 216 http2cipher_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xC007 217 http2cipher_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC008 218 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xC009 219 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xC00A 220 http2cipher_TLS_ECDH_RSA_WITH_NULL_SHA uint16 = 0xC00B 221 http2cipher_TLS_ECDH_RSA_WITH_RC4_128_SHA uint16 = 0xC00C 222 http2cipher_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC00D 223 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC00E 224 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC00F 225 http2cipher_TLS_ECDHE_RSA_WITH_NULL_SHA uint16 = 0xC010 226 http2cipher_TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xC011 227 http2cipher_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC012 228 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC013 229 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC014 230 http2cipher_TLS_ECDH_anon_WITH_NULL_SHA uint16 = 0xC015 231 http2cipher_TLS_ECDH_anon_WITH_RC4_128_SHA uint16 = 0xC016 232 http2cipher_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA uint16 = 0xC017 233 http2cipher_TLS_ECDH_anon_WITH_AES_128_CBC_SHA uint16 = 0xC018 234 http2cipher_TLS_ECDH_anon_WITH_AES_256_CBC_SHA uint16 = 0xC019 235 http2cipher_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01A 236 http2cipher_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01B 237 http2cipher_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01C 238 http2cipher_TLS_SRP_SHA_WITH_AES_128_CBC_SHA uint16 = 0xC01D 239 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC01E 240 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA uint16 = 0xC01F 241 http2cipher_TLS_SRP_SHA_WITH_AES_256_CBC_SHA uint16 = 0xC020 242 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC021 243 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA uint16 = 0xC022 244 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC023 245 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC024 246 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC025 247 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC026 248 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC027 249 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC028 250 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC029 251 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC02A 252 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02B 253 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC02C 254 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02D 255 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC02E 256 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02F 257 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC030 258 http2cipher_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC031 259 http2cipher_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC032 260 http2cipher_TLS_ECDHE_PSK_WITH_RC4_128_SHA uint16 = 0xC033 261 http2cipher_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0xC034 262 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA uint16 = 0xC035 263 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA uint16 = 0xC036 264 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0xC037 265 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0xC038 266 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA uint16 = 0xC039 267 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA256 uint16 = 0xC03A 268 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA384 uint16 = 0xC03B 269 http2cipher_TLS_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC03C 270 http2cipher_TLS_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC03D 271 http2cipher_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC03E 272 http2cipher_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC03F 273 http2cipher_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC040 274 http2cipher_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC041 275 http2cipher_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC042 276 http2cipher_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC043 277 http2cipher_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC044 278 http2cipher_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC045 279 http2cipher_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC046 280 http2cipher_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC047 281 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC048 282 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC049 283 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04A 284 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04B 285 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04C 286 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04D 287 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04E 288 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04F 289 http2cipher_TLS_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC050 290 http2cipher_TLS_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC051 291 http2cipher_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC052 292 http2cipher_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC053 293 http2cipher_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC054 294 http2cipher_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC055 295 http2cipher_TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC056 296 http2cipher_TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC057 297 http2cipher_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC058 298 http2cipher_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC059 299 http2cipher_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05A 300 http2cipher_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05B 301 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05C 302 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05D 303 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05E 304 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05F 305 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC060 306 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC061 307 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC062 308 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC063 309 http2cipher_TLS_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC064 310 http2cipher_TLS_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC065 311 http2cipher_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC066 312 http2cipher_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC067 313 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC068 314 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC069 315 http2cipher_TLS_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06A 316 http2cipher_TLS_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06B 317 http2cipher_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06C 318 http2cipher_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06D 319 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06E 320 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06F 321 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC070 322 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC071 323 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC072 324 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC073 325 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC074 326 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC075 327 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC076 328 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC077 329 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC078 330 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC079 331 http2cipher_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07A 332 http2cipher_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07B 333 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07C 334 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07D 335 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07E 336 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07F 337 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC080 338 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC081 339 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC082 340 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC083 341 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC084 342 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC085 343 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC086 344 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC087 345 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC088 346 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC089 347 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08A 348 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08B 349 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08C 350 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08D 351 http2cipher_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08E 352 http2cipher_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08F 353 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC090 354 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC091 355 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC092 356 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC093 357 http2cipher_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC094 358 http2cipher_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC095 359 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC096 360 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC097 361 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC098 362 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC099 363 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC09A 364 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC09B 365 http2cipher_TLS_RSA_WITH_AES_128_CCM uint16 = 0xC09C 366 http2cipher_TLS_RSA_WITH_AES_256_CCM uint16 = 0xC09D 367 http2cipher_TLS_DHE_RSA_WITH_AES_128_CCM uint16 = 0xC09E 368 http2cipher_TLS_DHE_RSA_WITH_AES_256_CCM uint16 = 0xC09F 369 http2cipher_TLS_RSA_WITH_AES_128_CCM_8 uint16 = 0xC0A0 370 http2cipher_TLS_RSA_WITH_AES_256_CCM_8 uint16 = 0xC0A1 371 http2cipher_TLS_DHE_RSA_WITH_AES_128_CCM_8 uint16 = 0xC0A2 372 http2cipher_TLS_DHE_RSA_WITH_AES_256_CCM_8 uint16 = 0xC0A3 373 http2cipher_TLS_PSK_WITH_AES_128_CCM uint16 = 0xC0A4 374 http2cipher_TLS_PSK_WITH_AES_256_CCM uint16 = 0xC0A5 375 http2cipher_TLS_DHE_PSK_WITH_AES_128_CCM uint16 = 0xC0A6 376 http2cipher_TLS_DHE_PSK_WITH_AES_256_CCM uint16 = 0xC0A7 377 http2cipher_TLS_PSK_WITH_AES_128_CCM_8 uint16 = 0xC0A8 378 http2cipher_TLS_PSK_WITH_AES_256_CCM_8 uint16 = 0xC0A9 379 http2cipher_TLS_PSK_DHE_WITH_AES_128_CCM_8 uint16 = 0xC0AA 380 http2cipher_TLS_PSK_DHE_WITH_AES_256_CCM_8 uint16 = 0xC0AB 381 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CCM uint16 = 0xC0AC 382 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CCM uint16 = 0xC0AD 383 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 uint16 = 0xC0AE 384 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 uint16 = 0xC0AF 385 // Unassigned uint16 = 0xC0B0-FF 386 // Unassigned uint16 = 0xC1-CB,* 387 // Unassigned uint16 = 0xCC00-A7 388 http2cipher_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCA8 389 http2cipher_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCA9 390 http2cipher_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAA 391 http2cipher_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAB 392 http2cipher_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAC 393 http2cipher_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAD 394 http2cipher_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAE 395 ) 396 397 // isBadCipher reports whether the cipher is blacklisted by the HTTP/2 spec. 398 // References: 399 // https://tools.ietf.org/html/rfc7540#appendix-A 400 // Reject cipher suites from Appendix A. 401 // "This list includes those cipher suites that do not 402 // offer an ephemeral key exchange and those that are 403 // based on the TLS null, stream or block cipher type" 404 func http2isBadCipher(cipher uint16) bool { 405 switch cipher { 406 case http2cipher_TLS_NULL_WITH_NULL_NULL, 407 http2cipher_TLS_RSA_WITH_NULL_MD5, 408 http2cipher_TLS_RSA_WITH_NULL_SHA, 409 http2cipher_TLS_RSA_EXPORT_WITH_RC4_40_MD5, 410 http2cipher_TLS_RSA_WITH_RC4_128_MD5, 411 http2cipher_TLS_RSA_WITH_RC4_128_SHA, 412 http2cipher_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, 413 http2cipher_TLS_RSA_WITH_IDEA_CBC_SHA, 414 http2cipher_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, 415 http2cipher_TLS_RSA_WITH_DES_CBC_SHA, 416 http2cipher_TLS_RSA_WITH_3DES_EDE_CBC_SHA, 417 http2cipher_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, 418 http2cipher_TLS_DH_DSS_WITH_DES_CBC_SHA, 419 http2cipher_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, 420 http2cipher_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, 421 http2cipher_TLS_DH_RSA_WITH_DES_CBC_SHA, 422 http2cipher_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, 423 http2cipher_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, 424 http2cipher_TLS_DHE_DSS_WITH_DES_CBC_SHA, 425 http2cipher_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 426 http2cipher_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, 427 http2cipher_TLS_DHE_RSA_WITH_DES_CBC_SHA, 428 http2cipher_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 429 http2cipher_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5, 430 http2cipher_TLS_DH_anon_WITH_RC4_128_MD5, 431 http2cipher_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, 432 http2cipher_TLS_DH_anon_WITH_DES_CBC_SHA, 433 http2cipher_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, 434 http2cipher_TLS_KRB5_WITH_DES_CBC_SHA, 435 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_SHA, 436 http2cipher_TLS_KRB5_WITH_RC4_128_SHA, 437 http2cipher_TLS_KRB5_WITH_IDEA_CBC_SHA, 438 http2cipher_TLS_KRB5_WITH_DES_CBC_MD5, 439 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_MD5, 440 http2cipher_TLS_KRB5_WITH_RC4_128_MD5, 441 http2cipher_TLS_KRB5_WITH_IDEA_CBC_MD5, 442 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, 443 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, 444 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_SHA, 445 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, 446 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, 447 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_MD5, 448 http2cipher_TLS_PSK_WITH_NULL_SHA, 449 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA, 450 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA, 451 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA, 452 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA, 453 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA, 454 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 455 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 456 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA, 457 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA, 458 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA, 459 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA, 460 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 461 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 462 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA, 463 http2cipher_TLS_RSA_WITH_NULL_SHA256, 464 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA256, 465 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA256, 466 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA256, 467 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA256, 468 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 469 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, 470 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 471 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 472 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 473 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 474 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA, 475 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 476 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA256, 477 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA256, 478 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 479 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 480 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA256, 481 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA256, 482 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, 483 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 484 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 485 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 486 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 487 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA, 488 http2cipher_TLS_PSK_WITH_RC4_128_SHA, 489 http2cipher_TLS_PSK_WITH_3DES_EDE_CBC_SHA, 490 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA, 491 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA, 492 http2cipher_TLS_DHE_PSK_WITH_RC4_128_SHA, 493 http2cipher_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, 494 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, 495 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, 496 http2cipher_TLS_RSA_PSK_WITH_RC4_128_SHA, 497 http2cipher_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, 498 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, 499 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, 500 http2cipher_TLS_RSA_WITH_SEED_CBC_SHA, 501 http2cipher_TLS_DH_DSS_WITH_SEED_CBC_SHA, 502 http2cipher_TLS_DH_RSA_WITH_SEED_CBC_SHA, 503 http2cipher_TLS_DHE_DSS_WITH_SEED_CBC_SHA, 504 http2cipher_TLS_DHE_RSA_WITH_SEED_CBC_SHA, 505 http2cipher_TLS_DH_anon_WITH_SEED_CBC_SHA, 506 http2cipher_TLS_RSA_WITH_AES_128_GCM_SHA256, 507 http2cipher_TLS_RSA_WITH_AES_256_GCM_SHA384, 508 http2cipher_TLS_DH_RSA_WITH_AES_128_GCM_SHA256, 509 http2cipher_TLS_DH_RSA_WITH_AES_256_GCM_SHA384, 510 http2cipher_TLS_DH_DSS_WITH_AES_128_GCM_SHA256, 511 http2cipher_TLS_DH_DSS_WITH_AES_256_GCM_SHA384, 512 http2cipher_TLS_DH_anon_WITH_AES_128_GCM_SHA256, 513 http2cipher_TLS_DH_anon_WITH_AES_256_GCM_SHA384, 514 http2cipher_TLS_PSK_WITH_AES_128_GCM_SHA256, 515 http2cipher_TLS_PSK_WITH_AES_256_GCM_SHA384, 516 http2cipher_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, 517 http2cipher_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, 518 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA256, 519 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA384, 520 http2cipher_TLS_PSK_WITH_NULL_SHA256, 521 http2cipher_TLS_PSK_WITH_NULL_SHA384, 522 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, 523 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, 524 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA256, 525 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA384, 526 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, 527 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, 528 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA256, 529 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA384, 530 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, 531 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256, 532 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 533 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, 534 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 535 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256, 536 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, 537 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256, 538 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256, 539 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, 540 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 541 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256, 542 http2cipher_TLS_EMPTY_RENEGOTIATION_INFO_SCSV, 543 http2cipher_TLS_ECDH_ECDSA_WITH_NULL_SHA, 544 http2cipher_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 545 http2cipher_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 546 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 547 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 548 http2cipher_TLS_ECDHE_ECDSA_WITH_NULL_SHA, 549 http2cipher_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 550 http2cipher_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 551 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 552 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 553 http2cipher_TLS_ECDH_RSA_WITH_NULL_SHA, 554 http2cipher_TLS_ECDH_RSA_WITH_RC4_128_SHA, 555 http2cipher_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 556 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 557 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 558 http2cipher_TLS_ECDHE_RSA_WITH_NULL_SHA, 559 http2cipher_TLS_ECDHE_RSA_WITH_RC4_128_SHA, 560 http2cipher_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 561 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 562 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 563 http2cipher_TLS_ECDH_anon_WITH_NULL_SHA, 564 http2cipher_TLS_ECDH_anon_WITH_RC4_128_SHA, 565 http2cipher_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, 566 http2cipher_TLS_ECDH_anon_WITH_AES_128_CBC_SHA, 567 http2cipher_TLS_ECDH_anon_WITH_AES_256_CBC_SHA, 568 http2cipher_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 569 http2cipher_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 570 http2cipher_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 571 http2cipher_TLS_SRP_SHA_WITH_AES_128_CBC_SHA, 572 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 573 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 574 http2cipher_TLS_SRP_SHA_WITH_AES_256_CBC_SHA, 575 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 576 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 577 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 578 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 579 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, 580 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, 581 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 582 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 583 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 584 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 585 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 586 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 587 http2cipher_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, 588 http2cipher_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, 589 http2cipher_TLS_ECDHE_PSK_WITH_RC4_128_SHA, 590 http2cipher_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, 591 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, 592 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, 593 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 594 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, 595 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA, 596 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA256, 597 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA384, 598 http2cipher_TLS_RSA_WITH_ARIA_128_CBC_SHA256, 599 http2cipher_TLS_RSA_WITH_ARIA_256_CBC_SHA384, 600 http2cipher_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256, 601 http2cipher_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384, 602 http2cipher_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256, 603 http2cipher_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384, 604 http2cipher_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256, 605 http2cipher_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384, 606 http2cipher_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, 607 http2cipher_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, 608 http2cipher_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256, 609 http2cipher_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384, 610 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, 611 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, 612 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, 613 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, 614 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, 615 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, 616 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, 617 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, 618 http2cipher_TLS_RSA_WITH_ARIA_128_GCM_SHA256, 619 http2cipher_TLS_RSA_WITH_ARIA_256_GCM_SHA384, 620 http2cipher_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256, 621 http2cipher_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384, 622 http2cipher_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256, 623 http2cipher_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384, 624 http2cipher_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256, 625 http2cipher_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384, 626 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, 627 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, 628 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, 629 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, 630 http2cipher_TLS_PSK_WITH_ARIA_128_CBC_SHA256, 631 http2cipher_TLS_PSK_WITH_ARIA_256_CBC_SHA384, 632 http2cipher_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, 633 http2cipher_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, 634 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, 635 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, 636 http2cipher_TLS_PSK_WITH_ARIA_128_GCM_SHA256, 637 http2cipher_TLS_PSK_WITH_ARIA_256_GCM_SHA384, 638 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, 639 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, 640 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, 641 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, 642 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 643 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 644 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 645 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 646 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 647 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, 648 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 649 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, 650 http2cipher_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, 651 http2cipher_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, 652 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 653 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 654 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256, 655 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384, 656 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256, 657 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384, 658 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 659 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 660 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 661 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 662 http2cipher_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, 663 http2cipher_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, 664 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, 665 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, 666 http2cipher_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, 667 http2cipher_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, 668 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 669 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 670 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, 671 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, 672 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 673 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 674 http2cipher_TLS_RSA_WITH_AES_128_CCM, 675 http2cipher_TLS_RSA_WITH_AES_256_CCM, 676 http2cipher_TLS_RSA_WITH_AES_128_CCM_8, 677 http2cipher_TLS_RSA_WITH_AES_256_CCM_8, 678 http2cipher_TLS_PSK_WITH_AES_128_CCM, 679 http2cipher_TLS_PSK_WITH_AES_256_CCM, 680 http2cipher_TLS_PSK_WITH_AES_128_CCM_8, 681 http2cipher_TLS_PSK_WITH_AES_256_CCM_8: 682 return true 683 default: 684 return false 685 } 686 } 687 688 // ClientConnPool manages a pool of HTTP/2 client connections. 689 type http2ClientConnPool interface { 690 GetClientConn(req *Request, addr string) (*http2ClientConn, error) 691 MarkDead(*http2ClientConn) 692 } 693 694 // clientConnPoolIdleCloser is the interface implemented by ClientConnPool 695 // implementations which can close their idle connections. 696 type http2clientConnPoolIdleCloser interface { 697 http2ClientConnPool 698 closeIdleConnections() 699 } 700 701 var ( 702 _ http2clientConnPoolIdleCloser = (*http2clientConnPool)(nil) 703 _ http2clientConnPoolIdleCloser = http2noDialClientConnPool{} 704 ) 705 706 // TODO: use singleflight for dialing and addConnCalls? 707 type http2clientConnPool struct { 708 t *http2Transport 709 710 mu sync.Mutex // TODO: maybe switch to RWMutex 711 // TODO: add support for sharing conns based on cert names 712 // (e.g. share conn for googleapis.com and appspot.com) 713 conns map[string][]*http2ClientConn // key is host:port 714 dialing map[string]*http2dialCall // currently in-flight dials 715 keys map[*http2ClientConn][]string 716 addConnCalls map[string]*http2addConnCall // in-flight addConnIfNeede calls 717 } 718 719 func (p *http2clientConnPool) GetClientConn(req *Request, addr string) (*http2ClientConn, error) { 720 return p.getClientConn(req, addr, http2dialOnMiss) 721 } 722 723 const ( 724 http2dialOnMiss = true 725 http2noDialOnMiss = false 726 ) 727 728 // shouldTraceGetConn reports whether getClientConn should call any 729 // ClientTrace.GetConn hook associated with the http.Request. 730 // 731 // This complexity is needed to avoid double calls of the GetConn hook 732 // during the back-and-forth between net/http and x/net/http2 (when the 733 // net/http.Transport is upgraded to also speak http2), as well as support 734 // the case where x/net/http2 is being used directly. 735 func (p *http2clientConnPool) shouldTraceGetConn(st http2clientConnIdleState) bool { 736 // If our Transport wasn't made via ConfigureTransport, always 737 // trace the GetConn hook if provided, because that means the 738 // http2 package is being used directly and it's the one 739 // dialing, as opposed to net/http. 740 if _, ok := p.t.ConnPool.(http2noDialClientConnPool); !ok { 741 return true 742 } 743 // Otherwise, only use the GetConn hook if this connection has 744 // been used previously for other requests. For fresh 745 // connections, the net/http package does the dialing. 746 return !st.freshConn 747 } 748 749 func (p *http2clientConnPool) getClientConn(req *Request, addr string, dialOnMiss bool) (*http2ClientConn, error) { 750 if http2isConnectionCloseRequest(req) && dialOnMiss { 751 // It gets its own connection. 752 http2traceGetConn(req, addr) 753 const singleUse = true 754 cc, err := p.t.dialClientConn(addr, singleUse) 755 if err != nil { 756 return nil, err 757 } 758 return cc, nil 759 } 760 p.mu.Lock() 761 for _, cc := range p.conns[addr] { 762 if st := cc.idleState(); st.canTakeNewRequest { 763 if p.shouldTraceGetConn(st) { 764 http2traceGetConn(req, addr) 765 } 766 p.mu.Unlock() 767 return cc, nil 768 } 769 } 770 if !dialOnMiss { 771 p.mu.Unlock() 772 return nil, http2ErrNoCachedConn 773 } 774 http2traceGetConn(req, addr) 775 call := p.getStartDialLocked(addr) 776 p.mu.Unlock() 777 <-call.done 778 return call.res, call.err 779 } 780 781 // dialCall is an in-flight Transport dial call to a host. 782 type http2dialCall struct { 783 p *http2clientConnPool 784 done chan struct{} // closed when done 785 res *http2ClientConn // valid after done is closed 786 err error // valid after done is closed 787 } 788 789 // requires p.mu is held. 790 func (p *http2clientConnPool) getStartDialLocked(addr string) *http2dialCall { 791 if call, ok := p.dialing[addr]; ok { 792 // A dial is already in-flight. Don't start another. 793 return call 794 } 795 call := &http2dialCall{p: p, done: make(chan struct{})} 796 if p.dialing == nil { 797 p.dialing = make(map[string]*http2dialCall) 798 } 799 p.dialing[addr] = call 800 go call.dial(addr) 801 return call 802 } 803 804 // run in its own goroutine. 805 func (c *http2dialCall) dial(addr string) { 806 const singleUse = false // shared conn 807 c.res, c.err = c.p.t.dialClientConn(addr, singleUse) 808 close(c.done) 809 810 c.p.mu.Lock() 811 delete(c.p.dialing, addr) 812 if c.err == nil { 813 c.p.addConnLocked(addr, c.res) 814 } 815 c.p.mu.Unlock() 816 } 817 818 // addConnIfNeeded makes a NewClientConn out of c if a connection for key doesn't 819 // already exist. It coalesces concurrent calls with the same key. 820 // This is used by the http1 Transport code when it creates a new connection. Because 821 // the http1 Transport doesn't de-dup TCP dials to outbound hosts (because it doesn't know 822 // the protocol), it can get into a situation where it has multiple TLS connections. 823 // This code decides which ones live or die. 824 // The return value used is whether c was used. 825 // c is never closed. 826 func (p *http2clientConnPool) addConnIfNeeded(key string, t *http2Transport, c *tls.Conn) (used bool, err error) { 827 p.mu.Lock() 828 for _, cc := range p.conns[key] { 829 if cc.CanTakeNewRequest() { 830 p.mu.Unlock() 831 return false, nil 832 } 833 } 834 call, dup := p.addConnCalls[key] 835 if !dup { 836 if p.addConnCalls == nil { 837 p.addConnCalls = make(map[string]*http2addConnCall) 838 } 839 call = &http2addConnCall{ 840 p: p, 841 done: make(chan struct{}), 842 } 843 p.addConnCalls[key] = call 844 go call.run(t, key, c) 845 } 846 p.mu.Unlock() 847 848 <-call.done 849 if call.err != nil { 850 return false, call.err 851 } 852 return !dup, nil 853 } 854 855 type http2addConnCall struct { 856 p *http2clientConnPool 857 done chan struct{} // closed when done 858 err error 859 } 860 861 func (c *http2addConnCall) run(t *http2Transport, key string, tc *tls.Conn) { 862 cc, err := t.NewClientConn(tc) 863 864 p := c.p 865 p.mu.Lock() 866 if err != nil { 867 c.err = err 868 } else { 869 p.addConnLocked(key, cc) 870 } 871 delete(p.addConnCalls, key) 872 p.mu.Unlock() 873 close(c.done) 874 } 875 876 func (p *http2clientConnPool) addConn(key string, cc *http2ClientConn) { 877 p.mu.Lock() 878 p.addConnLocked(key, cc) 879 p.mu.Unlock() 880 } 881 882 // p.mu must be held 883 func (p *http2clientConnPool) addConnLocked(key string, cc *http2ClientConn) { 884 for _, v := range p.conns[key] { 885 if v == cc { 886 return 887 } 888 } 889 if p.conns == nil { 890 p.conns = make(map[string][]*http2ClientConn) 891 } 892 if p.keys == nil { 893 p.keys = make(map[*http2ClientConn][]string) 894 } 895 p.conns[key] = append(p.conns[key], cc) 896 p.keys[cc] = append(p.keys[cc], key) 897 } 898 899 func (p *http2clientConnPool) MarkDead(cc *http2ClientConn) { 900 p.mu.Lock() 901 defer p.mu.Unlock() 902 for _, key := range p.keys[cc] { 903 vv, ok := p.conns[key] 904 if !ok { 905 continue 906 } 907 newList := http2filterOutClientConn(vv, cc) 908 if len(newList) > 0 { 909 p.conns[key] = newList 910 } else { 911 delete(p.conns, key) 912 } 913 } 914 delete(p.keys, cc) 915 } 916 917 func (p *http2clientConnPool) closeIdleConnections() { 918 p.mu.Lock() 919 defer p.mu.Unlock() 920 // TODO: don't close a cc if it was just added to the pool 921 // milliseconds ago and has never been used. There's currently 922 // a small race window with the HTTP/1 Transport's integration 923 // where it can add an idle conn just before using it, and 924 // somebody else can concurrently call CloseIdleConns and 925 // break some caller's RoundTrip. 926 for _, vv := range p.conns { 927 for _, cc := range vv { 928 cc.closeIfIdle() 929 } 930 } 931 } 932 933 func http2filterOutClientConn(in []*http2ClientConn, exclude *http2ClientConn) []*http2ClientConn { 934 out := in[:0] 935 for _, v := range in { 936 if v != exclude { 937 out = append(out, v) 938 } 939 } 940 // If we filtered it out, zero out the last item to prevent 941 // the GC from seeing it. 942 if len(in) != len(out) { 943 in[len(in)-1] = nil 944 } 945 return out 946 } 947 948 // noDialClientConnPool is an implementation of http2.ClientConnPool 949 // which never dials. We let the HTTP/1.1 client dial and use its TLS 950 // connection instead. 951 type http2noDialClientConnPool struct{ *http2clientConnPool } 952 953 func (p http2noDialClientConnPool) GetClientConn(req *Request, addr string) (*http2ClientConn, error) { 954 return p.getClientConn(req, addr, http2noDialOnMiss) 955 } 956 957 // Buffer chunks are allocated from a pool to reduce pressure on GC. 958 // The maximum wasted space per dataBuffer is 2x the largest size class, 959 // which happens when the dataBuffer has multiple chunks and there is 960 // one unread byte in both the first and last chunks. We use a few size 961 // classes to minimize overheads for servers that typically receive very 962 // small request bodies. 963 // 964 // TODO: Benchmark to determine if the pools are necessary. The GC may have 965 // improved enough that we can instead allocate chunks like this: 966 // make([]byte, max(16<<10, expectedBytesRemaining)) 967 var ( 968 http2dataChunkSizeClasses = []int{ 969 1 << 10, 970 2 << 10, 971 4 << 10, 972 8 << 10, 973 16 << 10, 974 } 975 http2dataChunkPools = [...]sync.Pool{ 976 {New: func() interface{} { return make([]byte, 1<<10) }}, 977 {New: func() interface{} { return make([]byte, 2<<10) }}, 978 {New: func() interface{} { return make([]byte, 4<<10) }}, 979 {New: func() interface{} { return make([]byte, 8<<10) }}, 980 {New: func() interface{} { return make([]byte, 16<<10) }}, 981 } 982 ) 983 984 func http2getDataBufferChunk(size int64) []byte { 985 i := 0 986 for ; i < len(http2dataChunkSizeClasses)-1; i++ { 987 if size <= int64(http2dataChunkSizeClasses[i]) { 988 break 989 } 990 } 991 return http2dataChunkPools[i].Get().([]byte) 992 } 993 994 func http2putDataBufferChunk(p []byte) { 995 for i, n := range http2dataChunkSizeClasses { 996 if len(p) == n { 997 http2dataChunkPools[i].Put(p) 998 return 999 } 1000 } 1001 panic(fmt.Sprintf("unexpected buffer len=%v", len(p))) 1002 } 1003 1004 // dataBuffer is an io.ReadWriter backed by a list of data chunks. 1005 // Each dataBuffer is used to read DATA frames on a single stream. 1006 // The buffer is divided into chunks so the server can limit the 1007 // total memory used by a single connection without limiting the 1008 // request body size on any single stream. 1009 type http2dataBuffer struct { 1010 chunks [][]byte 1011 r int // next byte to read is chunks[0][r] 1012 w int // next byte to write is chunks[len(chunks)-1][w] 1013 size int // total buffered bytes 1014 expected int64 // we expect at least this many bytes in future Write calls (ignored if <= 0) 1015 } 1016 1017 var http2errReadEmpty = errors.New("read from empty dataBuffer") 1018 1019 // Read copies bytes from the buffer into p. 1020 // It is an error to read when no data is available. 1021 func (b *http2dataBuffer) Read(p []byte) (int, error) { 1022 if b.size == 0 { 1023 return 0, http2errReadEmpty 1024 } 1025 var ntotal int 1026 for len(p) > 0 && b.size > 0 { 1027 readFrom := b.bytesFromFirstChunk() 1028 n := copy(p, readFrom) 1029 p = p[n:] 1030 ntotal += n 1031 b.r += n 1032 b.size -= n 1033 // If the first chunk has been consumed, advance to the next chunk. 1034 if b.r == len(b.chunks[0]) { 1035 http2putDataBufferChunk(b.chunks[0]) 1036 end := len(b.chunks) - 1 1037 copy(b.chunks[:end], b.chunks[1:]) 1038 b.chunks[end] = nil 1039 b.chunks = b.chunks[:end] 1040 b.r = 0 1041 } 1042 } 1043 return ntotal, nil 1044 } 1045 1046 func (b *http2dataBuffer) bytesFromFirstChunk() []byte { 1047 if len(b.chunks) == 1 { 1048 return b.chunks[0][b.r:b.w] 1049 } 1050 return b.chunks[0][b.r:] 1051 } 1052 1053 // Len returns the number of bytes of the unread portion of the buffer. 1054 func (b *http2dataBuffer) Len() int { 1055 return b.size 1056 } 1057 1058 // Write appends p to the buffer. 1059 func (b *http2dataBuffer) Write(p []byte) (int, error) { 1060 ntotal := len(p) 1061 for len(p) > 0 { 1062 // If the last chunk is empty, allocate a new chunk. Try to allocate 1063 // enough to fully copy p plus any additional bytes we expect to 1064 // receive. However, this may allocate less than len(p). 1065 want := int64(len(p)) 1066 if b.expected > want { 1067 want = b.expected 1068 } 1069 chunk := b.lastChunkOrAlloc(want) 1070 n := copy(chunk[b.w:], p) 1071 p = p[n:] 1072 b.w += n 1073 b.size += n 1074 b.expected -= int64(n) 1075 } 1076 return ntotal, nil 1077 } 1078 1079 func (b *http2dataBuffer) lastChunkOrAlloc(want int64) []byte { 1080 if len(b.chunks) != 0 { 1081 last := b.chunks[len(b.chunks)-1] 1082 if b.w < len(last) { 1083 return last 1084 } 1085 } 1086 chunk := http2getDataBufferChunk(want) 1087 b.chunks = append(b.chunks, chunk) 1088 b.w = 0 1089 return chunk 1090 } 1091 1092 // An ErrCode is an unsigned 32-bit error code as defined in the HTTP/2 spec. 1093 type http2ErrCode uint32 1094 1095 const ( 1096 http2ErrCodeNo http2ErrCode = 0x0 1097 http2ErrCodeProtocol http2ErrCode = 0x1 1098 http2ErrCodeInternal http2ErrCode = 0x2 1099 http2ErrCodeFlowControl http2ErrCode = 0x3 1100 http2ErrCodeSettingsTimeout http2ErrCode = 0x4 1101 http2ErrCodeStreamClosed http2ErrCode = 0x5 1102 http2ErrCodeFrameSize http2ErrCode = 0x6 1103 http2ErrCodeRefusedStream http2ErrCode = 0x7 1104 http2ErrCodeCancel http2ErrCode = 0x8 1105 http2ErrCodeCompression http2ErrCode = 0x9 1106 http2ErrCodeConnect http2ErrCode = 0xa 1107 http2ErrCodeEnhanceYourCalm http2ErrCode = 0xb 1108 http2ErrCodeInadequateSecurity http2ErrCode = 0xc 1109 http2ErrCodeHTTP11Required http2ErrCode = 0xd 1110 ) 1111 1112 var http2errCodeName = map[http2ErrCode]string{ 1113 http2ErrCodeNo: "NO_ERROR", 1114 http2ErrCodeProtocol: "PROTOCOL_ERROR", 1115 http2ErrCodeInternal: "INTERNAL_ERROR", 1116 http2ErrCodeFlowControl: "FLOW_CONTROL_ERROR", 1117 http2ErrCodeSettingsTimeout: "SETTINGS_TIMEOUT", 1118 http2ErrCodeStreamClosed: "STREAM_CLOSED", 1119 http2ErrCodeFrameSize: "FRAME_SIZE_ERROR", 1120 http2ErrCodeRefusedStream: "REFUSED_STREAM", 1121 http2ErrCodeCancel: "CANCEL", 1122 http2ErrCodeCompression: "COMPRESSION_ERROR", 1123 http2ErrCodeConnect: "CONNECT_ERROR", 1124 http2ErrCodeEnhanceYourCalm: "ENHANCE_YOUR_CALM", 1125 http2ErrCodeInadequateSecurity: "INADEQUATE_SECURITY", 1126 http2ErrCodeHTTP11Required: "HTTP_1_1_REQUIRED", 1127 } 1128 1129 func (e http2ErrCode) String() string { 1130 if s, ok := http2errCodeName[e]; ok { 1131 return s 1132 } 1133 return fmt.Sprintf("unknown error code 0x%x", uint32(e)) 1134 } 1135 1136 // ConnectionError is an error that results in the termination of the 1137 // entire connection. 1138 type http2ConnectionError http2ErrCode 1139 1140 func (e http2ConnectionError) Error() string { 1141 return fmt.Sprintf("connection error: %s", http2ErrCode(e)) 1142 } 1143 1144 // StreamError is an error that only affects one stream within an 1145 // HTTP/2 connection. 1146 type http2StreamError struct { 1147 StreamID uint32 1148 Code http2ErrCode 1149 Cause error // optional additional detail 1150 } 1151 1152 func http2streamError(id uint32, code http2ErrCode) http2StreamError { 1153 return http2StreamError{StreamID: id, Code: code} 1154 } 1155 1156 func (e http2StreamError) Error() string { 1157 if e.Cause != nil { 1158 return fmt.Sprintf("stream error: stream ID %d; %v; %v", e.StreamID, e.Code, e.Cause) 1159 } 1160 return fmt.Sprintf("stream error: stream ID %d; %v", e.StreamID, e.Code) 1161 } 1162 1163 // 6.9.1 The Flow Control Window 1164 // "If a sender receives a WINDOW_UPDATE that causes a flow control 1165 // window to exceed this maximum it MUST terminate either the stream 1166 // or the connection, as appropriate. For streams, [...]; for the 1167 // connection, a GOAWAY frame with a FLOW_CONTROL_ERROR code." 1168 type http2goAwayFlowError struct{} 1169 1170 func (http2goAwayFlowError) Error() string { return "connection exceeded flow control window size" } 1171 1172 // connError represents an HTTP/2 ConnectionError error code, along 1173 // with a string (for debugging) explaining why. 1174 // 1175 // Errors of this type are only returned by the frame parser functions 1176 // and converted into ConnectionError(Code), after stashing away 1177 // the Reason into the Framer's errDetail field, accessible via 1178 // the (*Framer).ErrorDetail method. 1179 type http2connError struct { 1180 Code http2ErrCode // the ConnectionError error code 1181 Reason string // additional reason 1182 } 1183 1184 func (e http2connError) Error() string { 1185 return fmt.Sprintf("http2: connection error: %v: %v", e.Code, e.Reason) 1186 } 1187 1188 type http2pseudoHeaderError string 1189 1190 func (e http2pseudoHeaderError) Error() string { 1191 return fmt.Sprintf("invalid pseudo-header %q", string(e)) 1192 } 1193 1194 type http2duplicatePseudoHeaderError string 1195 1196 func (e http2duplicatePseudoHeaderError) Error() string { 1197 return fmt.Sprintf("duplicate pseudo-header %q", string(e)) 1198 } 1199 1200 type http2headerFieldNameError string 1201 1202 func (e http2headerFieldNameError) Error() string { 1203 return fmt.Sprintf("invalid header field name %q", string(e)) 1204 } 1205 1206 type http2headerFieldValueError string 1207 1208 func (e http2headerFieldValueError) Error() string { 1209 return fmt.Sprintf("invalid header field value %q", string(e)) 1210 } 1211 1212 var ( 1213 http2errMixPseudoHeaderTypes = errors.New("mix of request and response pseudo headers") 1214 http2errPseudoAfterRegular = errors.New("pseudo header field after regular") 1215 ) 1216 1217 // flow is the flow control window's size. 1218 type http2flow struct { 1219 // n is the number of DATA bytes we're allowed to send. 1220 // A flow is kept both on a conn and a per-stream. 1221 n int32 1222 1223 // conn points to the shared connection-level flow that is 1224 // shared by all streams on that conn. It is nil for the flow 1225 // that's on the conn directly. 1226 conn *http2flow 1227 } 1228 1229 func (f *http2flow) setConnFlow(cf *http2flow) { f.conn = cf } 1230 1231 func (f *http2flow) available() int32 { 1232 n := f.n 1233 if f.conn != nil && f.conn.n < n { 1234 n = f.conn.n 1235 } 1236 return n 1237 } 1238 1239 func (f *http2flow) take(n int32) { 1240 if n > f.available() { 1241 panic("internal error: took too much") 1242 } 1243 f.n -= n 1244 if f.conn != nil { 1245 f.conn.n -= n 1246 } 1247 } 1248 1249 // add adds n bytes (positive or negative) to the flow control window. 1250 // It returns false if the sum would exceed 2^31-1. 1251 func (f *http2flow) add(n int32) bool { 1252 sum := f.n + n 1253 if (sum > n) == (f.n > 0) { 1254 f.n = sum 1255 return true 1256 } 1257 return false 1258 } 1259 1260 const http2frameHeaderLen = 9 1261 1262 var http2padZeros = make([]byte, 255) // zeros for padding 1263 1264 // A FrameType is a registered frame type as defined in 1265 // http://http2.github.io/http2-spec/#rfc.section.11.2 1266 type http2FrameType uint8 1267 1268 const ( 1269 http2FrameData http2FrameType = 0x0 1270 http2FrameHeaders http2FrameType = 0x1 1271 http2FramePriority http2FrameType = 0x2 1272 http2FrameRSTStream http2FrameType = 0x3 1273 http2FrameSettings http2FrameType = 0x4 1274 http2FramePushPromise http2FrameType = 0x5 1275 http2FramePing http2FrameType = 0x6 1276 http2FrameGoAway http2FrameType = 0x7 1277 http2FrameWindowUpdate http2FrameType = 0x8 1278 http2FrameContinuation http2FrameType = 0x9 1279 ) 1280 1281 var http2frameName = map[http2FrameType]string{ 1282 http2FrameData: "DATA", 1283 http2FrameHeaders: "HEADERS", 1284 http2FramePriority: "PRIORITY", 1285 http2FrameRSTStream: "RST_STREAM", 1286 http2FrameSettings: "SETTINGS", 1287 http2FramePushPromise: "PUSH_PROMISE", 1288 http2FramePing: "PING", 1289 http2FrameGoAway: "GOAWAY", 1290 http2FrameWindowUpdate: "WINDOW_UPDATE", 1291 http2FrameContinuation: "CONTINUATION", 1292 } 1293 1294 func (t http2FrameType) String() string { 1295 if s, ok := http2frameName[t]; ok { 1296 return s 1297 } 1298 return fmt.Sprintf("UNKNOWN_FRAME_TYPE_%d", uint8(t)) 1299 } 1300 1301 // Flags is a bitmask of HTTP/2 flags. 1302 // The meaning of flags varies depending on the frame type. 1303 type http2Flags uint8 1304 1305 // Has reports whether f contains all (0 or more) flags in v. 1306 func (f http2Flags) Has(v http2Flags) bool { 1307 return (f & v) == v 1308 } 1309 1310 // Frame-specific FrameHeader flag bits. 1311 const ( 1312 // Data Frame 1313 http2FlagDataEndStream http2Flags = 0x1 1314 http2FlagDataPadded http2Flags = 0x8 1315 1316 // Headers Frame 1317 http2FlagHeadersEndStream http2Flags = 0x1 1318 http2FlagHeadersEndHeaders http2Flags = 0x4 1319 http2FlagHeadersPadded http2Flags = 0x8 1320 http2FlagHeadersPriority http2Flags = 0x20 1321 1322 // Settings Frame 1323 http2FlagSettingsAck http2Flags = 0x1 1324 1325 // Ping Frame 1326 http2FlagPingAck http2Flags = 0x1 1327 1328 // Continuation Frame 1329 http2FlagContinuationEndHeaders http2Flags = 0x4 1330 1331 http2FlagPushPromiseEndHeaders http2Flags = 0x4 1332 http2FlagPushPromisePadded http2Flags = 0x8 1333 ) 1334 1335 var http2flagName = map[http2FrameType]map[http2Flags]string{ 1336 http2FrameData: { 1337 http2FlagDataEndStream: "END_STREAM", 1338 http2FlagDataPadded: "PADDED", 1339 }, 1340 http2FrameHeaders: { 1341 http2FlagHeadersEndStream: "END_STREAM", 1342 http2FlagHeadersEndHeaders: "END_HEADERS", 1343 http2FlagHeadersPadded: "PADDED", 1344 http2FlagHeadersPriority: "PRIORITY", 1345 }, 1346 http2FrameSettings: { 1347 http2FlagSettingsAck: "ACK", 1348 }, 1349 http2FramePing: { 1350 http2FlagPingAck: "ACK", 1351 }, 1352 http2FrameContinuation: { 1353 http2FlagContinuationEndHeaders: "END_HEADERS", 1354 }, 1355 http2FramePushPromise: { 1356 http2FlagPushPromiseEndHeaders: "END_HEADERS", 1357 http2FlagPushPromisePadded: "PADDED", 1358 }, 1359 } 1360 1361 // a frameParser parses a frame given its FrameHeader and payload 1362 // bytes. The length of payload will always equal fh.Length (which 1363 // might be 0). 1364 type http2frameParser func(fc *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) 1365 1366 var http2frameParsers = map[http2FrameType]http2frameParser{ 1367 http2FrameData: http2parseDataFrame, 1368 http2FrameHeaders: http2parseHeadersFrame, 1369 http2FramePriority: http2parsePriorityFrame, 1370 http2FrameRSTStream: http2parseRSTStreamFrame, 1371 http2FrameSettings: http2parseSettingsFrame, 1372 http2FramePushPromise: http2parsePushPromise, 1373 http2FramePing: http2parsePingFrame, 1374 http2FrameGoAway: http2parseGoAwayFrame, 1375 http2FrameWindowUpdate: http2parseWindowUpdateFrame, 1376 http2FrameContinuation: http2parseContinuationFrame, 1377 } 1378 1379 func http2typeFrameParser(t http2FrameType) http2frameParser { 1380 if f := http2frameParsers[t]; f != nil { 1381 return f 1382 } 1383 return http2parseUnknownFrame 1384 } 1385 1386 // A FrameHeader is the 9 byte header of all HTTP/2 frames. 1387 // 1388 // See http://http2.github.io/http2-spec/#FrameHeader 1389 type http2FrameHeader struct { 1390 valid bool // caller can access []byte fields in the Frame 1391 1392 // Type is the 1 byte frame type. There are ten standard frame 1393 // types, but extension frame types may be written by WriteRawFrame 1394 // and will be returned by ReadFrame (as UnknownFrame). 1395 Type http2FrameType 1396 1397 // Flags are the 1 byte of 8 potential bit flags per frame. 1398 // They are specific to the frame type. 1399 Flags http2Flags 1400 1401 // Length is the length of the frame, not including the 9 byte header. 1402 // The maximum size is one byte less than 16MB (uint24), but only 1403 // frames up to 16KB are allowed without peer agreement. 1404 Length uint32 1405 1406 // StreamID is which stream this frame is for. Certain frames 1407 // are not stream-specific, in which case this field is 0. 1408 StreamID uint32 1409 } 1410 1411 // Header returns h. It exists so FrameHeaders can be embedded in other 1412 // specific frame types and implement the Frame interface. 1413 func (h http2FrameHeader) Header() http2FrameHeader { return h } 1414 1415 func (h http2FrameHeader) String() string { 1416 var buf bytes.Buffer 1417 buf.WriteString("[FrameHeader ") 1418 h.writeDebug(&buf) 1419 buf.WriteByte(']') 1420 return buf.String() 1421 } 1422 1423 func (h http2FrameHeader) writeDebug(buf *bytes.Buffer) { 1424 buf.WriteString(h.Type.String()) 1425 if h.Flags != 0 { 1426 buf.WriteString(" flags=") 1427 set := 0 1428 for i := uint8(0); i < 8; i++ { 1429 if h.Flags&(1<<i) == 0 { 1430 continue 1431 } 1432 set++ 1433 if set > 1 { 1434 buf.WriteByte('|') 1435 } 1436 name := http2flagName[h.Type][http2Flags(1<<i)] 1437 if name != "" { 1438 buf.WriteString(name) 1439 } else { 1440 fmt.Fprintf(buf, "0x%x", 1<<i) 1441 } 1442 } 1443 } 1444 if h.StreamID != 0 { 1445 fmt.Fprintf(buf, " stream=%d", h.StreamID) 1446 } 1447 fmt.Fprintf(buf, " len=%d", h.Length) 1448 } 1449 1450 func (h *http2FrameHeader) checkValid() { 1451 if !h.valid { 1452 panic("Frame accessor called on non-owned Frame") 1453 } 1454 } 1455 1456 func (h *http2FrameHeader) invalidate() { h.valid = false } 1457 1458 // frame header bytes. 1459 // Used only by ReadFrameHeader. 1460 var http2fhBytes = sync.Pool{ 1461 New: func() interface{} { 1462 buf := make([]byte, http2frameHeaderLen) 1463 return &buf 1464 }, 1465 } 1466 1467 // ReadFrameHeader reads 9 bytes from r and returns a FrameHeader. 1468 // Most users should use Framer.ReadFrame instead. 1469 func http2ReadFrameHeader(r io.Reader) (http2FrameHeader, error) { 1470 bufp := http2fhBytes.Get().(*[]byte) 1471 defer http2fhBytes.Put(bufp) 1472 return http2readFrameHeader(*bufp, r) 1473 } 1474 1475 func http2readFrameHeader(buf []byte, r io.Reader) (http2FrameHeader, error) { 1476 _, err := io.ReadFull(r, buf[:http2frameHeaderLen]) 1477 if err != nil { 1478 return http2FrameHeader{}, err 1479 } 1480 return http2FrameHeader{ 1481 Length: (uint32(buf[0])<<16 | uint32(buf[1])<<8 | uint32(buf[2])), 1482 Type: http2FrameType(buf[3]), 1483 Flags: http2Flags(buf[4]), 1484 StreamID: binary.BigEndian.Uint32(buf[5:]) & (1<<31 - 1), 1485 valid: true, 1486 }, nil 1487 } 1488 1489 // A Frame is the base interface implemented by all frame types. 1490 // Callers will generally type-assert the specific frame type: 1491 // *HeadersFrame, *SettingsFrame, *WindowUpdateFrame, etc. 1492 // 1493 // Frames are only valid until the next call to Framer.ReadFrame. 1494 type http2Frame interface { 1495 Header() http2FrameHeader 1496 1497 // invalidate is called by Framer.ReadFrame to make this 1498 // frame's buffers as being invalid, since the subsequent 1499 // frame will reuse them. 1500 invalidate() 1501 } 1502 1503 // A Framer reads and writes Frames. 1504 type http2Framer struct { 1505 r io.Reader 1506 lastFrame http2Frame 1507 errDetail error 1508 1509 // lastHeaderStream is non-zero if the last frame was an 1510 // unfinished HEADERS/CONTINUATION. 1511 lastHeaderStream uint32 1512 1513 maxReadSize uint32 1514 headerBuf [http2frameHeaderLen]byte 1515 1516 // TODO: let getReadBuf be configurable, and use a less memory-pinning 1517 // allocator in server.go to minimize memory pinned for many idle conns. 1518 // Will probably also need to make frame invalidation have a hook too. 1519 getReadBuf func(size uint32) []byte 1520 readBuf []byte // cache for default getReadBuf 1521 1522 maxWriteSize uint32 // zero means unlimited; TODO: implement 1523 1524 w io.Writer 1525 wbuf []byte 1526 1527 // AllowIllegalWrites permits the Framer's Write methods to 1528 // write frames that do not conform to the HTTP/2 spec. This 1529 // permits using the Framer to test other HTTP/2 1530 // implementations' conformance to the spec. 1531 // If false, the Write methods will prefer to return an error 1532 // rather than comply. 1533 AllowIllegalWrites bool 1534 1535 // AllowIllegalReads permits the Framer's ReadFrame method 1536 // to return non-compliant frames or frame orders. 1537 // This is for testing and permits using the Framer to test 1538 // other HTTP/2 implementations' conformance to the spec. 1539 // It is not compatible with ReadMetaHeaders. 1540 AllowIllegalReads bool 1541 1542 // ReadMetaHeaders if non-nil causes ReadFrame to merge 1543 // HEADERS and CONTINUATION frames together and return 1544 // MetaHeadersFrame instead. 1545 ReadMetaHeaders *hpack.Decoder 1546 1547 // MaxHeaderListSize is the http2 MAX_HEADER_LIST_SIZE. 1548 // It's used only if ReadMetaHeaders is set; 0 means a sane default 1549 // (currently 16MB) 1550 // If the limit is hit, MetaHeadersFrame.Truncated is set true. 1551 MaxHeaderListSize uint32 1552 1553 // TODO: track which type of frame & with which flags was sent 1554 // last. Then return an error (unless AllowIllegalWrites) if 1555 // we're in the middle of a header block and a 1556 // non-Continuation or Continuation on a different stream is 1557 // attempted to be written. 1558 1559 logReads, logWrites bool 1560 1561 debugFramer *http2Framer // only use for logging written writes 1562 debugFramerBuf *bytes.Buffer 1563 debugReadLoggerf func(string, ...interface{}) 1564 debugWriteLoggerf func(string, ...interface{}) 1565 1566 frameCache *http2frameCache // nil if frames aren't reused (default) 1567 } 1568 1569 func (fr *http2Framer) maxHeaderListSize() uint32 { 1570 if fr.MaxHeaderListSize == 0 { 1571 return 16 << 20 // sane default, per docs 1572 } 1573 return fr.MaxHeaderListSize 1574 } 1575 1576 func (f *http2Framer) startWrite(ftype http2FrameType, flags http2Flags, streamID uint32) { 1577 // Write the FrameHeader. 1578 f.wbuf = append(f.wbuf[:0], 1579 0, // 3 bytes of length, filled in in endWrite 1580 0, 1581 0, 1582 byte(ftype), 1583 byte(flags), 1584 byte(streamID>>24), 1585 byte(streamID>>16), 1586 byte(streamID>>8), 1587 byte(streamID)) 1588 } 1589 1590 func (f *http2Framer) endWrite() error { 1591 // Now that we know the final size, fill in the FrameHeader in 1592 // the space previously reserved for it. Abuse append. 1593 length := len(f.wbuf) - http2frameHeaderLen 1594 if length >= (1 << 24) { 1595 return http2ErrFrameTooLarge 1596 } 1597 _ = append(f.wbuf[:0], 1598 byte(length>>16), 1599 byte(length>>8), 1600 byte(length)) 1601 if f.logWrites { 1602 f.logWrite() 1603 } 1604 1605 n, err := f.w.Write(f.wbuf) 1606 if err == nil && n != len(f.wbuf) { 1607 err = io.ErrShortWrite 1608 } 1609 return err 1610 } 1611 1612 func (f *http2Framer) logWrite() { 1613 if f.debugFramer == nil { 1614 f.debugFramerBuf = new(bytes.Buffer) 1615 f.debugFramer = http2NewFramer(nil, f.debugFramerBuf) 1616 f.debugFramer.logReads = false // we log it ourselves, saying "wrote" below 1617 // Let us read anything, even if we accidentally wrote it 1618 // in the wrong order: 1619 f.debugFramer.AllowIllegalReads = true 1620 } 1621 f.debugFramerBuf.Write(f.wbuf) 1622 fr, err := f.debugFramer.ReadFrame() 1623 if err != nil { 1624 f.debugWriteLoggerf("http2: Framer %p: failed to decode just-written frame", f) 1625 return 1626 } 1627 f.debugWriteLoggerf("http2: Framer %p: wrote %v", f, http2summarizeFrame(fr)) 1628 } 1629 1630 func (f *http2Framer) writeByte(v byte) { f.wbuf = append(f.wbuf, v) } 1631 1632 func (f *http2Framer) writeBytes(v []byte) { f.wbuf = append(f.wbuf, v...) } 1633 1634 func (f *http2Framer) writeUint16(v uint16) { f.wbuf = append(f.wbuf, byte(v>>8), byte(v)) } 1635 1636 func (f *http2Framer) writeUint32(v uint32) { 1637 f.wbuf = append(f.wbuf, byte(v>>24), byte(v>>16), byte(v>>8), byte(v)) 1638 } 1639 1640 const ( 1641 http2minMaxFrameSize = 1 << 14 1642 http2maxFrameSize = 1<<24 - 1 1643 ) 1644 1645 // SetReuseFrames allows the Framer to reuse Frames. 1646 // If called on a Framer, Frames returned by calls to ReadFrame are only 1647 // valid until the next call to ReadFrame. 1648 func (fr *http2Framer) SetReuseFrames() { 1649 if fr.frameCache != nil { 1650 return 1651 } 1652 fr.frameCache = &http2frameCache{} 1653 } 1654 1655 type http2frameCache struct { 1656 dataFrame http2DataFrame 1657 } 1658 1659 func (fc *http2frameCache) getDataFrame() *http2DataFrame { 1660 if fc == nil { 1661 return &http2DataFrame{} 1662 } 1663 return &fc.dataFrame 1664 } 1665 1666 // NewFramer returns a Framer that writes frames to w and reads them from r. 1667 func http2NewFramer(w io.Writer, r io.Reader) *http2Framer { 1668 fr := &http2Framer{ 1669 w: w, 1670 r: r, 1671 logReads: http2logFrameReads, 1672 logWrites: http2logFrameWrites, 1673 debugReadLoggerf: log.Printf, 1674 debugWriteLoggerf: log.Printf, 1675 } 1676 fr.getReadBuf = func(size uint32) []byte { 1677 if cap(fr.readBuf) >= int(size) { 1678 return fr.readBuf[:size] 1679 } 1680 fr.readBuf = make([]byte, size) 1681 return fr.readBuf 1682 } 1683 fr.SetMaxReadFrameSize(http2maxFrameSize) 1684 return fr 1685 } 1686 1687 // SetMaxReadFrameSize sets the maximum size of a frame 1688 // that will be read by a subsequent call to ReadFrame. 1689 // It is the caller's responsibility to advertise this 1690 // limit with a SETTINGS frame. 1691 func (fr *http2Framer) SetMaxReadFrameSize(v uint32) { 1692 if v > http2maxFrameSize { 1693 v = http2maxFrameSize 1694 } 1695 fr.maxReadSize = v 1696 } 1697 1698 // ErrorDetail returns a more detailed error of the last error 1699 // returned by Framer.ReadFrame. For instance, if ReadFrame 1700 // returns a StreamError with code PROTOCOL_ERROR, ErrorDetail 1701 // will say exactly what was invalid. ErrorDetail is not guaranteed 1702 // to return a non-nil value and like the rest of the http2 package, 1703 // its return value is not protected by an API compatibility promise. 1704 // ErrorDetail is reset after the next call to ReadFrame. 1705 func (fr *http2Framer) ErrorDetail() error { 1706 return fr.errDetail 1707 } 1708 1709 // ErrFrameTooLarge is returned from Framer.ReadFrame when the peer 1710 // sends a frame that is larger than declared with SetMaxReadFrameSize. 1711 var http2ErrFrameTooLarge = errors.New("http2: frame too large") 1712 1713 // terminalReadFrameError reports whether err is an unrecoverable 1714 // error from ReadFrame and no other frames should be read. 1715 func http2terminalReadFrameError(err error) bool { 1716 if _, ok := err.(http2StreamError); ok { 1717 return false 1718 } 1719 return err != nil 1720 } 1721 1722 // ReadFrame reads a single frame. The returned Frame is only valid 1723 // until the next call to ReadFrame. 1724 // 1725 // If the frame is larger than previously set with SetMaxReadFrameSize, the 1726 // returned error is ErrFrameTooLarge. Other errors may be of type 1727 // ConnectionError, StreamError, or anything else from the underlying 1728 // reader. 1729 func (fr *http2Framer) ReadFrame() (http2Frame, error) { 1730 fr.errDetail = nil 1731 if fr.lastFrame != nil { 1732 fr.lastFrame.invalidate() 1733 } 1734 fh, err := http2readFrameHeader(fr.headerBuf[:], fr.r) 1735 if err != nil { 1736 return nil, err 1737 } 1738 if fh.Length > fr.maxReadSize { 1739 return nil, http2ErrFrameTooLarge 1740 } 1741 payload := fr.getReadBuf(fh.Length) 1742 if _, err := io.ReadFull(fr.r, payload); err != nil { 1743 return nil, err 1744 } 1745 f, err := http2typeFrameParser(fh.Type)(fr.frameCache, fh, payload) 1746 if err != nil { 1747 if ce, ok := err.(http2connError); ok { 1748 return nil, fr.connError(ce.Code, ce.Reason) 1749 } 1750 return nil, err 1751 } 1752 if err := fr.checkFrameOrder(f); err != nil { 1753 return nil, err 1754 } 1755 if fr.logReads { 1756 fr.debugReadLoggerf("http2: Framer %p: read %v", fr, http2summarizeFrame(f)) 1757 } 1758 if fh.Type == http2FrameHeaders && fr.ReadMetaHeaders != nil { 1759 return fr.readMetaFrame(f.(*http2HeadersFrame)) 1760 } 1761 return f, nil 1762 } 1763 1764 // connError returns ConnectionError(code) but first 1765 // stashes away a public reason to the caller can optionally relay it 1766 // to the peer before hanging up on them. This might help others debug 1767 // their implementations. 1768 func (fr *http2Framer) connError(code http2ErrCode, reason string) error { 1769 fr.errDetail = errors.New(reason) 1770 return http2ConnectionError(code) 1771 } 1772 1773 // checkFrameOrder reports an error if f is an invalid frame to return 1774 // next from ReadFrame. Mostly it checks whether HEADERS and 1775 // CONTINUATION frames are contiguous. 1776 func (fr *http2Framer) checkFrameOrder(f http2Frame) error { 1777 last := fr.lastFrame 1778 fr.lastFrame = f 1779 if fr.AllowIllegalReads { 1780 return nil 1781 } 1782 1783 fh := f.Header() 1784 if fr.lastHeaderStream != 0 { 1785 if fh.Type != http2FrameContinuation { 1786 return fr.connError(http2ErrCodeProtocol, 1787 fmt.Sprintf("got %s for stream %d; expected CONTINUATION following %s for stream %d", 1788 fh.Type, fh.StreamID, 1789 last.Header().Type, fr.lastHeaderStream)) 1790 } 1791 if fh.StreamID != fr.lastHeaderStream { 1792 return fr.connError(http2ErrCodeProtocol, 1793 fmt.Sprintf("got CONTINUATION for stream %d; expected stream %d", 1794 fh.StreamID, fr.lastHeaderStream)) 1795 } 1796 } else if fh.Type == http2FrameContinuation { 1797 return fr.connError(http2ErrCodeProtocol, fmt.Sprintf("unexpected CONTINUATION for stream %d", fh.StreamID)) 1798 } 1799 1800 switch fh.Type { 1801 case http2FrameHeaders, http2FrameContinuation: 1802 if fh.Flags.Has(http2FlagHeadersEndHeaders) { 1803 fr.lastHeaderStream = 0 1804 } else { 1805 fr.lastHeaderStream = fh.StreamID 1806 } 1807 } 1808 1809 return nil 1810 } 1811 1812 // A DataFrame conveys arbitrary, variable-length sequences of octets 1813 // associated with a stream. 1814 // See http://http2.github.io/http2-spec/#rfc.section.6.1 1815 type http2DataFrame struct { 1816 http2FrameHeader 1817 data []byte 1818 } 1819 1820 func (f *http2DataFrame) StreamEnded() bool { 1821 return f.http2FrameHeader.Flags.Has(http2FlagDataEndStream) 1822 } 1823 1824 // Data returns the frame's data octets, not including any padding 1825 // size byte or padding suffix bytes. 1826 // The caller must not retain the returned memory past the next 1827 // call to ReadFrame. 1828 func (f *http2DataFrame) Data() []byte { 1829 f.checkValid() 1830 return f.data 1831 } 1832 1833 func http2parseDataFrame(fc *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) { 1834 if fh.StreamID == 0 { 1835 // DATA frames MUST be associated with a stream. If a 1836 // DATA frame is received whose stream identifier 1837 // field is 0x0, the recipient MUST respond with a 1838 // connection error (Section 5.4.1) of type 1839 // PROTOCOL_ERROR. 1840 return nil, http2connError{http2ErrCodeProtocol, "DATA frame with stream ID 0"} 1841 } 1842 f := fc.getDataFrame() 1843 f.http2FrameHeader = fh 1844 1845 var padSize byte 1846 if fh.Flags.Has(http2FlagDataPadded) { 1847 var err error 1848 payload, padSize, err = http2readByte(payload) 1849 if err != nil { 1850 return nil, err 1851 } 1852 } 1853 if int(padSize) > len(payload) { 1854 // If the length of the padding is greater than the 1855 // length of the frame payload, the recipient MUST 1856 // treat this as a connection error. 1857 // Filed: https://github.com/http2/http2-spec/issues/610 1858 return nil, http2connError{http2ErrCodeProtocol, "pad size larger than data payload"} 1859 } 1860 f.data = payload[:len(payload)-int(padSize)] 1861 return f, nil 1862 } 1863 1864 var ( 1865 http2errStreamID = errors.New("invalid stream ID") 1866 http2errDepStreamID = errors.New("invalid dependent stream ID") 1867 http2errPadLength = errors.New("pad length too large") 1868 http2errPadBytes = errors.New("padding bytes must all be zeros unless AllowIllegalWrites is enabled") 1869 ) 1870 1871 func http2validStreamIDOrZero(streamID uint32) bool { 1872 return streamID&(1<<31) == 0 1873 } 1874 1875 func http2validStreamID(streamID uint32) bool { 1876 return streamID != 0 && streamID&(1<<31) == 0 1877 } 1878 1879 // WriteData writes a DATA frame. 1880 // 1881 // It will perform exactly one Write to the underlying Writer. 1882 // It is the caller's responsibility not to violate the maximum frame size 1883 // and to not call other Write methods concurrently. 1884 func (f *http2Framer) WriteData(streamID uint32, endStream bool, data []byte) error { 1885 return f.WriteDataPadded(streamID, endStream, data, nil) 1886 } 1887 1888 // WriteData writes a DATA frame with optional padding. 1889 // 1890 // If pad is nil, the padding bit is not sent. 1891 // The length of pad must not exceed 255 bytes. 1892 // The bytes of pad must all be zero, unless f.AllowIllegalWrites is set. 1893 // 1894 // It will perform exactly one Write to the underlying Writer. 1895 // It is the caller's responsibility not to violate the maximum frame size 1896 // and to not call other Write methods concurrently. 1897 func (f *http2Framer) WriteDataPadded(streamID uint32, endStream bool, data, pad []byte) error { 1898 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 1899 return http2errStreamID 1900 } 1901 if len(pad) > 0 { 1902 if len(pad) > 255 { 1903 return http2errPadLength 1904 } 1905 if !f.AllowIllegalWrites { 1906 for _, b := range pad { 1907 if b != 0 { 1908 // "Padding octets MUST be set to zero when sending." 1909 return http2errPadBytes 1910 } 1911 } 1912 } 1913 } 1914 var flags http2Flags 1915 if endStream { 1916 flags |= http2FlagDataEndStream 1917 } 1918 if pad != nil { 1919 flags |= http2FlagDataPadded 1920 } 1921 f.startWrite(http2FrameData, flags, streamID) 1922 if pad != nil { 1923 f.wbuf = append(f.wbuf, byte(len(pad))) 1924 } 1925 f.wbuf = append(f.wbuf, data...) 1926 f.wbuf = append(f.wbuf, pad...) 1927 return f.endWrite() 1928 } 1929 1930 // A SettingsFrame conveys configuration parameters that affect how 1931 // endpoints communicate, such as preferences and constraints on peer 1932 // behavior. 1933 // 1934 // See http://http2.github.io/http2-spec/#SETTINGS 1935 type http2SettingsFrame struct { 1936 http2FrameHeader 1937 p []byte 1938 } 1939 1940 func http2parseSettingsFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 1941 if fh.Flags.Has(http2FlagSettingsAck) && fh.Length > 0 { 1942 // When this (ACK 0x1) bit is set, the payload of the 1943 // SETTINGS frame MUST be empty. Receipt of a 1944 // SETTINGS frame with the ACK flag set and a length 1945 // field value other than 0 MUST be treated as a 1946 // connection error (Section 5.4.1) of type 1947 // FRAME_SIZE_ERROR. 1948 return nil, http2ConnectionError(http2ErrCodeFrameSize) 1949 } 1950 if fh.StreamID != 0 { 1951 // SETTINGS frames always apply to a connection, 1952 // never a single stream. The stream identifier for a 1953 // SETTINGS frame MUST be zero (0x0). If an endpoint 1954 // receives a SETTINGS frame whose stream identifier 1955 // field is anything other than 0x0, the endpoint MUST 1956 // respond with a connection error (Section 5.4.1) of 1957 // type PROTOCOL_ERROR. 1958 return nil, http2ConnectionError(http2ErrCodeProtocol) 1959 } 1960 if len(p)%6 != 0 { 1961 // Expecting even number of 6 byte settings. 1962 return nil, http2ConnectionError(http2ErrCodeFrameSize) 1963 } 1964 f := &http2SettingsFrame{http2FrameHeader: fh, p: p} 1965 if v, ok := f.Value(http2SettingInitialWindowSize); ok && v > (1<<31)-1 { 1966 // Values above the maximum flow control window size of 2^31 - 1 MUST 1967 // be treated as a connection error (Section 5.4.1) of type 1968 // FLOW_CONTROL_ERROR. 1969 return nil, http2ConnectionError(http2ErrCodeFlowControl) 1970 } 1971 return f, nil 1972 } 1973 1974 func (f *http2SettingsFrame) IsAck() bool { 1975 return f.http2FrameHeader.Flags.Has(http2FlagSettingsAck) 1976 } 1977 1978 func (f *http2SettingsFrame) Value(id http2SettingID) (v uint32, ok bool) { 1979 f.checkValid() 1980 for i := 0; i < f.NumSettings(); i++ { 1981 if s := f.Setting(i); s.ID == id { 1982 return s.Val, true 1983 } 1984 } 1985 return 0, false 1986 } 1987 1988 // Setting returns the setting from the frame at the given 0-based index. 1989 // The index must be >= 0 and less than f.NumSettings(). 1990 func (f *http2SettingsFrame) Setting(i int) http2Setting { 1991 buf := f.p 1992 return http2Setting{ 1993 ID: http2SettingID(binary.BigEndian.Uint16(buf[i*6 : i*6+2])), 1994 Val: binary.BigEndian.Uint32(buf[i*6+2 : i*6+6]), 1995 } 1996 } 1997 1998 func (f *http2SettingsFrame) NumSettings() int { return len(f.p) / 6 } 1999 2000 // HasDuplicates reports whether f contains any duplicate setting IDs. 2001 func (f *http2SettingsFrame) HasDuplicates() bool { 2002 num := f.NumSettings() 2003 if num == 0 { 2004 return false 2005 } 2006 // If it's small enough (the common case), just do the n^2 2007 // thing and avoid a map allocation. 2008 if num < 10 { 2009 for i := 0; i < num; i++ { 2010 idi := f.Setting(i).ID 2011 for j := i + 1; j < num; j++ { 2012 idj := f.Setting(j).ID 2013 if idi == idj { 2014 return true 2015 } 2016 } 2017 } 2018 return false 2019 } 2020 seen := map[http2SettingID]bool{} 2021 for i := 0; i < num; i++ { 2022 id := f.Setting(i).ID 2023 if seen[id] { 2024 return true 2025 } 2026 seen[id] = true 2027 } 2028 return false 2029 } 2030 2031 // ForeachSetting runs fn for each setting. 2032 // It stops and returns the first error. 2033 func (f *http2SettingsFrame) ForeachSetting(fn func(http2Setting) error) error { 2034 f.checkValid() 2035 for i := 0; i < f.NumSettings(); i++ { 2036 if err := fn(f.Setting(i)); err != nil { 2037 return err 2038 } 2039 } 2040 return nil 2041 } 2042 2043 // WriteSettings writes a SETTINGS frame with zero or more settings 2044 // specified and the ACK bit not set. 2045 // 2046 // It will perform exactly one Write to the underlying Writer. 2047 // It is the caller's responsibility to not call other Write methods concurrently. 2048 func (f *http2Framer) WriteSettings(settings ...http2Setting) error { 2049 f.startWrite(http2FrameSettings, 0, 0) 2050 for _, s := range settings { 2051 f.writeUint16(uint16(s.ID)) 2052 f.writeUint32(s.Val) 2053 } 2054 return f.endWrite() 2055 } 2056 2057 // WriteSettingsAck writes an empty SETTINGS frame with the ACK bit set. 2058 // 2059 // It will perform exactly one Write to the underlying Writer. 2060 // It is the caller's responsibility to not call other Write methods concurrently. 2061 func (f *http2Framer) WriteSettingsAck() error { 2062 f.startWrite(http2FrameSettings, http2FlagSettingsAck, 0) 2063 return f.endWrite() 2064 } 2065 2066 // A PingFrame is a mechanism for measuring a minimal round trip time 2067 // from the sender, as well as determining whether an idle connection 2068 // is still functional. 2069 // See http://http2.github.io/http2-spec/#rfc.section.6.7 2070 type http2PingFrame struct { 2071 http2FrameHeader 2072 Data [8]byte 2073 } 2074 2075 func (f *http2PingFrame) IsAck() bool { return f.Flags.Has(http2FlagPingAck) } 2076 2077 func http2parsePingFrame(_ *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) { 2078 if len(payload) != 8 { 2079 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2080 } 2081 if fh.StreamID != 0 { 2082 return nil, http2ConnectionError(http2ErrCodeProtocol) 2083 } 2084 f := &http2PingFrame{http2FrameHeader: fh} 2085 copy(f.Data[:], payload) 2086 return f, nil 2087 } 2088 2089 func (f *http2Framer) WritePing(ack bool, data [8]byte) error { 2090 var flags http2Flags 2091 if ack { 2092 flags = http2FlagPingAck 2093 } 2094 f.startWrite(http2FramePing, flags, 0) 2095 f.writeBytes(data[:]) 2096 return f.endWrite() 2097 } 2098 2099 // A GoAwayFrame informs the remote peer to stop creating streams on this connection. 2100 // See http://http2.github.io/http2-spec/#rfc.section.6.8 2101 type http2GoAwayFrame struct { 2102 http2FrameHeader 2103 LastStreamID uint32 2104 ErrCode http2ErrCode 2105 debugData []byte 2106 } 2107 2108 // DebugData returns any debug data in the GOAWAY frame. Its contents 2109 // are not defined. 2110 // The caller must not retain the returned memory past the next 2111 // call to ReadFrame. 2112 func (f *http2GoAwayFrame) DebugData() []byte { 2113 f.checkValid() 2114 return f.debugData 2115 } 2116 2117 func http2parseGoAwayFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2118 if fh.StreamID != 0 { 2119 return nil, http2ConnectionError(http2ErrCodeProtocol) 2120 } 2121 if len(p) < 8 { 2122 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2123 } 2124 return &http2GoAwayFrame{ 2125 http2FrameHeader: fh, 2126 LastStreamID: binary.BigEndian.Uint32(p[:4]) & (1<<31 - 1), 2127 ErrCode: http2ErrCode(binary.BigEndian.Uint32(p[4:8])), 2128 debugData: p[8:], 2129 }, nil 2130 } 2131 2132 func (f *http2Framer) WriteGoAway(maxStreamID uint32, code http2ErrCode, debugData []byte) error { 2133 f.startWrite(http2FrameGoAway, 0, 0) 2134 f.writeUint32(maxStreamID & (1<<31 - 1)) 2135 f.writeUint32(uint32(code)) 2136 f.writeBytes(debugData) 2137 return f.endWrite() 2138 } 2139 2140 // An UnknownFrame is the frame type returned when the frame type is unknown 2141 // or no specific frame type parser exists. 2142 type http2UnknownFrame struct { 2143 http2FrameHeader 2144 p []byte 2145 } 2146 2147 // Payload returns the frame's payload (after the header). It is not 2148 // valid to call this method after a subsequent call to 2149 // Framer.ReadFrame, nor is it valid to retain the returned slice. 2150 // The memory is owned by the Framer and is invalidated when the next 2151 // frame is read. 2152 func (f *http2UnknownFrame) Payload() []byte { 2153 f.checkValid() 2154 return f.p 2155 } 2156 2157 func http2parseUnknownFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2158 return &http2UnknownFrame{fh, p}, nil 2159 } 2160 2161 // A WindowUpdateFrame is used to implement flow control. 2162 // See http://http2.github.io/http2-spec/#rfc.section.6.9 2163 type http2WindowUpdateFrame struct { 2164 http2FrameHeader 2165 Increment uint32 // never read with high bit set 2166 } 2167 2168 func http2parseWindowUpdateFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2169 if len(p) != 4 { 2170 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2171 } 2172 inc := binary.BigEndian.Uint32(p[:4]) & 0x7fffffff // mask off high reserved bit 2173 if inc == 0 { 2174 // A receiver MUST treat the receipt of a 2175 // WINDOW_UPDATE frame with an flow control window 2176 // increment of 0 as a stream error (Section 5.4.2) of 2177 // type PROTOCOL_ERROR; errors on the connection flow 2178 // control window MUST be treated as a connection 2179 // error (Section 5.4.1). 2180 if fh.StreamID == 0 { 2181 return nil, http2ConnectionError(http2ErrCodeProtocol) 2182 } 2183 return nil, http2streamError(fh.StreamID, http2ErrCodeProtocol) 2184 } 2185 return &http2WindowUpdateFrame{ 2186 http2FrameHeader: fh, 2187 Increment: inc, 2188 }, nil 2189 } 2190 2191 // WriteWindowUpdate writes a WINDOW_UPDATE frame. 2192 // The increment value must be between 1 and 2,147,483,647, inclusive. 2193 // If the Stream ID is zero, the window update applies to the 2194 // connection as a whole. 2195 func (f *http2Framer) WriteWindowUpdate(streamID, incr uint32) error { 2196 // "The legal range for the increment to the flow control window is 1 to 2^31-1 (2,147,483,647) octets." 2197 if (incr < 1 || incr > 2147483647) && !f.AllowIllegalWrites { 2198 return errors.New("illegal window increment value") 2199 } 2200 f.startWrite(http2FrameWindowUpdate, 0, streamID) 2201 f.writeUint32(incr) 2202 return f.endWrite() 2203 } 2204 2205 // A HeadersFrame is used to open a stream and additionally carries a 2206 // header block fragment. 2207 type http2HeadersFrame struct { 2208 http2FrameHeader 2209 2210 // Priority is set if FlagHeadersPriority is set in the FrameHeader. 2211 Priority http2PriorityParam 2212 2213 headerFragBuf []byte // not owned 2214 } 2215 2216 func (f *http2HeadersFrame) HeaderBlockFragment() []byte { 2217 f.checkValid() 2218 return f.headerFragBuf 2219 } 2220 2221 func (f *http2HeadersFrame) HeadersEnded() bool { 2222 return f.http2FrameHeader.Flags.Has(http2FlagHeadersEndHeaders) 2223 } 2224 2225 func (f *http2HeadersFrame) StreamEnded() bool { 2226 return f.http2FrameHeader.Flags.Has(http2FlagHeadersEndStream) 2227 } 2228 2229 func (f *http2HeadersFrame) HasPriority() bool { 2230 return f.http2FrameHeader.Flags.Has(http2FlagHeadersPriority) 2231 } 2232 2233 func http2parseHeadersFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (_ http2Frame, err error) { 2234 hf := &http2HeadersFrame{ 2235 http2FrameHeader: fh, 2236 } 2237 if fh.StreamID == 0 { 2238 // HEADERS frames MUST be associated with a stream. If a HEADERS frame 2239 // is received whose stream identifier field is 0x0, the recipient MUST 2240 // respond with a connection error (Section 5.4.1) of type 2241 // PROTOCOL_ERROR. 2242 return nil, http2connError{http2ErrCodeProtocol, "HEADERS frame with stream ID 0"} 2243 } 2244 var padLength uint8 2245 if fh.Flags.Has(http2FlagHeadersPadded) { 2246 if p, padLength, err = http2readByte(p); err != nil { 2247 return 2248 } 2249 } 2250 if fh.Flags.Has(http2FlagHeadersPriority) { 2251 var v uint32 2252 p, v, err = http2readUint32(p) 2253 if err != nil { 2254 return nil, err 2255 } 2256 hf.Priority.StreamDep = v & 0x7fffffff 2257 hf.Priority.Exclusive = (v != hf.Priority.StreamDep) // high bit was set 2258 p, hf.Priority.Weight, err = http2readByte(p) 2259 if err != nil { 2260 return nil, err 2261 } 2262 } 2263 if len(p)-int(padLength) <= 0 { 2264 return nil, http2streamError(fh.StreamID, http2ErrCodeProtocol) 2265 } 2266 hf.headerFragBuf = p[:len(p)-int(padLength)] 2267 return hf, nil 2268 } 2269 2270 // HeadersFrameParam are the parameters for writing a HEADERS frame. 2271 type http2HeadersFrameParam struct { 2272 // StreamID is the required Stream ID to initiate. 2273 StreamID uint32 2274 // BlockFragment is part (or all) of a Header Block. 2275 BlockFragment []byte 2276 2277 // EndStream indicates that the header block is the last that 2278 // the endpoint will send for the identified stream. Setting 2279 // this flag causes the stream to enter one of "half closed" 2280 // states. 2281 EndStream bool 2282 2283 // EndHeaders indicates that this frame contains an entire 2284 // header block and is not followed by any 2285 // CONTINUATION frames. 2286 EndHeaders bool 2287 2288 // PadLength is the optional number of bytes of zeros to add 2289 // to this frame. 2290 PadLength uint8 2291 2292 // Priority, if non-zero, includes stream priority information 2293 // in the HEADER frame. 2294 Priority http2PriorityParam 2295 } 2296 2297 // WriteHeaders writes a single HEADERS frame. 2298 // 2299 // This is a low-level header writing method. Encoding headers and 2300 // splitting them into any necessary CONTINUATION frames is handled 2301 // elsewhere. 2302 // 2303 // It will perform exactly one Write to the underlying Writer. 2304 // It is the caller's responsibility to not call other Write methods concurrently. 2305 func (f *http2Framer) WriteHeaders(p http2HeadersFrameParam) error { 2306 if !http2validStreamID(p.StreamID) && !f.AllowIllegalWrites { 2307 return http2errStreamID 2308 } 2309 var flags http2Flags 2310 if p.PadLength != 0 { 2311 flags |= http2FlagHeadersPadded 2312 } 2313 if p.EndStream { 2314 flags |= http2FlagHeadersEndStream 2315 } 2316 if p.EndHeaders { 2317 flags |= http2FlagHeadersEndHeaders 2318 } 2319 if !p.Priority.IsZero() { 2320 flags |= http2FlagHeadersPriority 2321 } 2322 f.startWrite(http2FrameHeaders, flags, p.StreamID) 2323 if p.PadLength != 0 { 2324 f.writeByte(p.PadLength) 2325 } 2326 if !p.Priority.IsZero() { 2327 v := p.Priority.StreamDep 2328 if !http2validStreamIDOrZero(v) && !f.AllowIllegalWrites { 2329 return http2errDepStreamID 2330 } 2331 if p.Priority.Exclusive { 2332 v |= 1 << 31 2333 } 2334 f.writeUint32(v) 2335 f.writeByte(p.Priority.Weight) 2336 } 2337 f.wbuf = append(f.wbuf, p.BlockFragment...) 2338 f.wbuf = append(f.wbuf, http2padZeros[:p.PadLength]...) 2339 return f.endWrite() 2340 } 2341 2342 // A PriorityFrame specifies the sender-advised priority of a stream. 2343 // See http://http2.github.io/http2-spec/#rfc.section.6.3 2344 type http2PriorityFrame struct { 2345 http2FrameHeader 2346 http2PriorityParam 2347 } 2348 2349 // PriorityParam are the stream prioritzation parameters. 2350 type http2PriorityParam struct { 2351 // StreamDep is a 31-bit stream identifier for the 2352 // stream that this stream depends on. Zero means no 2353 // dependency. 2354 StreamDep uint32 2355 2356 // Exclusive is whether the dependency is exclusive. 2357 Exclusive bool 2358 2359 // Weight is the stream's zero-indexed weight. It should be 2360 // set together with StreamDep, or neither should be set. Per 2361 // the spec, "Add one to the value to obtain a weight between 2362 // 1 and 256." 2363 Weight uint8 2364 } 2365 2366 func (p http2PriorityParam) IsZero() bool { 2367 return p == http2PriorityParam{} 2368 } 2369 2370 func http2parsePriorityFrame(_ *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) { 2371 if fh.StreamID == 0 { 2372 return nil, http2connError{http2ErrCodeProtocol, "PRIORITY frame with stream ID 0"} 2373 } 2374 if len(payload) != 5 { 2375 return nil, http2connError{http2ErrCodeFrameSize, fmt.Sprintf("PRIORITY frame payload size was %d; want 5", len(payload))} 2376 } 2377 v := binary.BigEndian.Uint32(payload[:4]) 2378 streamID := v & 0x7fffffff // mask off high bit 2379 return &http2PriorityFrame{ 2380 http2FrameHeader: fh, 2381 http2PriorityParam: http2PriorityParam{ 2382 Weight: payload[4], 2383 StreamDep: streamID, 2384 Exclusive: streamID != v, // was high bit set? 2385 }, 2386 }, nil 2387 } 2388 2389 // WritePriority writes a PRIORITY frame. 2390 // 2391 // It will perform exactly one Write to the underlying Writer. 2392 // It is the caller's responsibility to not call other Write methods concurrently. 2393 func (f *http2Framer) WritePriority(streamID uint32, p http2PriorityParam) error { 2394 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 2395 return http2errStreamID 2396 } 2397 if !http2validStreamIDOrZero(p.StreamDep) { 2398 return http2errDepStreamID 2399 } 2400 f.startWrite(http2FramePriority, 0, streamID) 2401 v := p.StreamDep 2402 if p.Exclusive { 2403 v |= 1 << 31 2404 } 2405 f.writeUint32(v) 2406 f.writeByte(p.Weight) 2407 return f.endWrite() 2408 } 2409 2410 // A RSTStreamFrame allows for abnormal termination of a stream. 2411 // See http://http2.github.io/http2-spec/#rfc.section.6.4 2412 type http2RSTStreamFrame struct { 2413 http2FrameHeader 2414 ErrCode http2ErrCode 2415 } 2416 2417 func http2parseRSTStreamFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2418 if len(p) != 4 { 2419 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2420 } 2421 if fh.StreamID == 0 { 2422 return nil, http2ConnectionError(http2ErrCodeProtocol) 2423 } 2424 return &http2RSTStreamFrame{fh, http2ErrCode(binary.BigEndian.Uint32(p[:4]))}, nil 2425 } 2426 2427 // WriteRSTStream writes a RST_STREAM frame. 2428 // 2429 // It will perform exactly one Write to the underlying Writer. 2430 // It is the caller's responsibility to not call other Write methods concurrently. 2431 func (f *http2Framer) WriteRSTStream(streamID uint32, code http2ErrCode) error { 2432 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 2433 return http2errStreamID 2434 } 2435 f.startWrite(http2FrameRSTStream, 0, streamID) 2436 f.writeUint32(uint32(code)) 2437 return f.endWrite() 2438 } 2439 2440 // A ContinuationFrame is used to continue a sequence of header block fragments. 2441 // See http://http2.github.io/http2-spec/#rfc.section.6.10 2442 type http2ContinuationFrame struct { 2443 http2FrameHeader 2444 headerFragBuf []byte 2445 } 2446 2447 func http2parseContinuationFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2448 if fh.StreamID == 0 { 2449 return nil, http2connError{http2ErrCodeProtocol, "CONTINUATION frame with stream ID 0"} 2450 } 2451 return &http2ContinuationFrame{fh, p}, nil 2452 } 2453 2454 func (f *http2ContinuationFrame) HeaderBlockFragment() []byte { 2455 f.checkValid() 2456 return f.headerFragBuf 2457 } 2458 2459 func (f *http2ContinuationFrame) HeadersEnded() bool { 2460 return f.http2FrameHeader.Flags.Has(http2FlagContinuationEndHeaders) 2461 } 2462 2463 // WriteContinuation writes a CONTINUATION frame. 2464 // 2465 // It will perform exactly one Write to the underlying Writer. 2466 // It is the caller's responsibility to not call other Write methods concurrently. 2467 func (f *http2Framer) WriteContinuation(streamID uint32, endHeaders bool, headerBlockFragment []byte) error { 2468 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 2469 return http2errStreamID 2470 } 2471 var flags http2Flags 2472 if endHeaders { 2473 flags |= http2FlagContinuationEndHeaders 2474 } 2475 f.startWrite(http2FrameContinuation, flags, streamID) 2476 f.wbuf = append(f.wbuf, headerBlockFragment...) 2477 return f.endWrite() 2478 } 2479 2480 // A PushPromiseFrame is used to initiate a server stream. 2481 // See http://http2.github.io/http2-spec/#rfc.section.6.6 2482 type http2PushPromiseFrame struct { 2483 http2FrameHeader 2484 PromiseID uint32 2485 headerFragBuf []byte // not owned 2486 } 2487 2488 func (f *http2PushPromiseFrame) HeaderBlockFragment() []byte { 2489 f.checkValid() 2490 return f.headerFragBuf 2491 } 2492 2493 func (f *http2PushPromiseFrame) HeadersEnded() bool { 2494 return f.http2FrameHeader.Flags.Has(http2FlagPushPromiseEndHeaders) 2495 } 2496 2497 func http2parsePushPromise(_ *http2frameCache, fh http2FrameHeader, p []byte) (_ http2Frame, err error) { 2498 pp := &http2PushPromiseFrame{ 2499 http2FrameHeader: fh, 2500 } 2501 if pp.StreamID == 0 { 2502 // PUSH_PROMISE frames MUST be associated with an existing, 2503 // peer-initiated stream. The stream identifier of a 2504 // PUSH_PROMISE frame indicates the stream it is associated 2505 // with. If the stream identifier field specifies the value 2506 // 0x0, a recipient MUST respond with a connection error 2507 // (Section 5.4.1) of type PROTOCOL_ERROR. 2508 return nil, http2ConnectionError(http2ErrCodeProtocol) 2509 } 2510 // The PUSH_PROMISE frame includes optional padding. 2511 // Padding fields and flags are identical to those defined for DATA frames 2512 var padLength uint8 2513 if fh.Flags.Has(http2FlagPushPromisePadded) { 2514 if p, padLength, err = http2readByte(p); err != nil { 2515 return 2516 } 2517 } 2518 2519 p, pp.PromiseID, err = http2readUint32(p) 2520 if err != nil { 2521 return 2522 } 2523 pp.PromiseID = pp.PromiseID & (1<<31 - 1) 2524 2525 if int(padLength) > len(p) { 2526 // like the DATA frame, error out if padding is longer than the body. 2527 return nil, http2ConnectionError(http2ErrCodeProtocol) 2528 } 2529 pp.headerFragBuf = p[:len(p)-int(padLength)] 2530 return pp, nil 2531 } 2532 2533 // PushPromiseParam are the parameters for writing a PUSH_PROMISE frame. 2534 type http2PushPromiseParam struct { 2535 // StreamID is the required Stream ID to initiate. 2536 StreamID uint32 2537 2538 // PromiseID is the required Stream ID which this 2539 // Push Promises 2540 PromiseID uint32 2541 2542 // BlockFragment is part (or all) of a Header Block. 2543 BlockFragment []byte 2544 2545 // EndHeaders indicates that this frame contains an entire 2546 // header block and is not followed by any 2547 // CONTINUATION frames. 2548 EndHeaders bool 2549 2550 // PadLength is the optional number of bytes of zeros to add 2551 // to this frame. 2552 PadLength uint8 2553 } 2554 2555 // WritePushPromise writes a single PushPromise Frame. 2556 // 2557 // As with Header Frames, This is the low level call for writing 2558 // individual frames. Continuation frames are handled elsewhere. 2559 // 2560 // It will perform exactly one Write to the underlying Writer. 2561 // It is the caller's responsibility to not call other Write methods concurrently. 2562 func (f *http2Framer) WritePushPromise(p http2PushPromiseParam) error { 2563 if !http2validStreamID(p.StreamID) && !f.AllowIllegalWrites { 2564 return http2errStreamID 2565 } 2566 var flags http2Flags 2567 if p.PadLength != 0 { 2568 flags |= http2FlagPushPromisePadded 2569 } 2570 if p.EndHeaders { 2571 flags |= http2FlagPushPromiseEndHeaders 2572 } 2573 f.startWrite(http2FramePushPromise, flags, p.StreamID) 2574 if p.PadLength != 0 { 2575 f.writeByte(p.PadLength) 2576 } 2577 if !http2validStreamID(p.PromiseID) && !f.AllowIllegalWrites { 2578 return http2errStreamID 2579 } 2580 f.writeUint32(p.PromiseID) 2581 f.wbuf = append(f.wbuf, p.BlockFragment...) 2582 f.wbuf = append(f.wbuf, http2padZeros[:p.PadLength]...) 2583 return f.endWrite() 2584 } 2585 2586 // WriteRawFrame writes a raw frame. This can be used to write 2587 // extension frames unknown to this package. 2588 func (f *http2Framer) WriteRawFrame(t http2FrameType, flags http2Flags, streamID uint32, payload []byte) error { 2589 f.startWrite(t, flags, streamID) 2590 f.writeBytes(payload) 2591 return f.endWrite() 2592 } 2593 2594 func http2readByte(p []byte) (remain []byte, b byte, err error) { 2595 if len(p) == 0 { 2596 return nil, 0, io.ErrUnexpectedEOF 2597 } 2598 return p[1:], p[0], nil 2599 } 2600 2601 func http2readUint32(p []byte) (remain []byte, v uint32, err error) { 2602 if len(p) < 4 { 2603 return nil, 0, io.ErrUnexpectedEOF 2604 } 2605 return p[4:], binary.BigEndian.Uint32(p[:4]), nil 2606 } 2607 2608 type http2streamEnder interface { 2609 StreamEnded() bool 2610 } 2611 2612 type http2headersEnder interface { 2613 HeadersEnded() bool 2614 } 2615 2616 type http2headersOrContinuation interface { 2617 http2headersEnder 2618 HeaderBlockFragment() []byte 2619 } 2620 2621 // A MetaHeadersFrame is the representation of one HEADERS frame and 2622 // zero or more contiguous CONTINUATION frames and the decoding of 2623 // their HPACK-encoded contents. 2624 // 2625 // This type of frame does not appear on the wire and is only returned 2626 // by the Framer when Framer.ReadMetaHeaders is set. 2627 type http2MetaHeadersFrame struct { 2628 *http2HeadersFrame 2629 2630 // Fields are the fields contained in the HEADERS and 2631 // CONTINUATION frames. The underlying slice is owned by the 2632 // Framer and must not be retained after the next call to 2633 // ReadFrame. 2634 // 2635 // Fields are guaranteed to be in the correct http2 order and 2636 // not have unknown pseudo header fields or invalid header 2637 // field names or values. Required pseudo header fields may be 2638 // missing, however. Use the MetaHeadersFrame.Pseudo accessor 2639 // method access pseudo headers. 2640 Fields []hpack.HeaderField 2641 2642 // Truncated is whether the max header list size limit was hit 2643 // and Fields is incomplete. The hpack decoder state is still 2644 // valid, however. 2645 Truncated bool 2646 } 2647 2648 // PseudoValue returns the given pseudo header field's value. 2649 // The provided pseudo field should not contain the leading colon. 2650 func (mh *http2MetaHeadersFrame) PseudoValue(pseudo string) string { 2651 for _, hf := range mh.Fields { 2652 if !hf.IsPseudo() { 2653 return "" 2654 } 2655 if hf.Name[1:] == pseudo { 2656 return hf.Value 2657 } 2658 } 2659 return "" 2660 } 2661 2662 // RegularFields returns the regular (non-pseudo) header fields of mh. 2663 // The caller does not own the returned slice. 2664 func (mh *http2MetaHeadersFrame) RegularFields() []hpack.HeaderField { 2665 for i, hf := range mh.Fields { 2666 if !hf.IsPseudo() { 2667 return mh.Fields[i:] 2668 } 2669 } 2670 return nil 2671 } 2672 2673 // PseudoFields returns the pseudo header fields of mh. 2674 // The caller does not own the returned slice. 2675 func (mh *http2MetaHeadersFrame) PseudoFields() []hpack.HeaderField { 2676 for i, hf := range mh.Fields { 2677 if !hf.IsPseudo() { 2678 return mh.Fields[:i] 2679 } 2680 } 2681 return mh.Fields 2682 } 2683 2684 func (mh *http2MetaHeadersFrame) checkPseudos() error { 2685 var isRequest, isResponse bool 2686 pf := mh.PseudoFields() 2687 for i, hf := range pf { 2688 switch hf.Name { 2689 case ":method", ":path", ":scheme", ":authority": 2690 isRequest = true 2691 case ":status": 2692 isResponse = true 2693 default: 2694 return http2pseudoHeaderError(hf.Name) 2695 } 2696 // Check for duplicates. 2697 // This would be a bad algorithm, but N is 4. 2698 // And this doesn't allocate. 2699 for _, hf2 := range pf[:i] { 2700 if hf.Name == hf2.Name { 2701 return http2duplicatePseudoHeaderError(hf.Name) 2702 } 2703 } 2704 } 2705 if isRequest && isResponse { 2706 return http2errMixPseudoHeaderTypes 2707 } 2708 return nil 2709 } 2710 2711 func (fr *http2Framer) maxHeaderStringLen() int { 2712 v := fr.maxHeaderListSize() 2713 if uint32(int(v)) == v { 2714 return int(v) 2715 } 2716 // They had a crazy big number for MaxHeaderBytes anyway, 2717 // so give them unlimited header lengths: 2718 return 0 2719 } 2720 2721 // readMetaFrame returns 0 or more CONTINUATION frames from fr and 2722 // merge them into the provided hf and returns a MetaHeadersFrame 2723 // with the decoded hpack values. 2724 func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFrame, error) { 2725 if fr.AllowIllegalReads { 2726 return nil, errors.New("illegal use of AllowIllegalReads with ReadMetaHeaders") 2727 } 2728 mh := &http2MetaHeadersFrame{ 2729 http2HeadersFrame: hf, 2730 } 2731 var remainSize = fr.maxHeaderListSize() 2732 var sawRegular bool 2733 2734 var invalid error // pseudo header field errors 2735 hdec := fr.ReadMetaHeaders 2736 hdec.SetEmitEnabled(true) 2737 hdec.SetMaxStringLength(fr.maxHeaderStringLen()) 2738 hdec.SetEmitFunc(func(hf hpack.HeaderField) { 2739 if http2VerboseLogs && fr.logReads { 2740 fr.debugReadLoggerf("http2: decoded hpack field %+v", hf) 2741 } 2742 if !httpguts.ValidHeaderFieldValue(hf.Value) { 2743 invalid = http2headerFieldValueError(hf.Value) 2744 } 2745 isPseudo := strings.HasPrefix(hf.Name, ":") 2746 if isPseudo { 2747 if sawRegular { 2748 invalid = http2errPseudoAfterRegular 2749 } 2750 } else { 2751 sawRegular = true 2752 if !http2validWireHeaderFieldName(hf.Name) { 2753 invalid = http2headerFieldNameError(hf.Name) 2754 } 2755 } 2756 2757 if invalid != nil { 2758 hdec.SetEmitEnabled(false) 2759 return 2760 } 2761 2762 size := hf.Size() 2763 if size > remainSize { 2764 hdec.SetEmitEnabled(false) 2765 mh.Truncated = true 2766 return 2767 } 2768 remainSize -= size 2769 2770 mh.Fields = append(mh.Fields, hf) 2771 }) 2772 // Lose reference to MetaHeadersFrame: 2773 defer hdec.SetEmitFunc(func(hf hpack.HeaderField) {}) 2774 2775 var hc http2headersOrContinuation = hf 2776 for { 2777 frag := hc.HeaderBlockFragment() 2778 if _, err := hdec.Write(frag); err != nil { 2779 return nil, http2ConnectionError(http2ErrCodeCompression) 2780 } 2781 2782 if hc.HeadersEnded() { 2783 break 2784 } 2785 if f, err := fr.ReadFrame(); err != nil { 2786 return nil, err 2787 } else { 2788 hc = f.(*http2ContinuationFrame) // guaranteed by checkFrameOrder 2789 } 2790 } 2791 2792 mh.http2HeadersFrame.headerFragBuf = nil 2793 mh.http2HeadersFrame.invalidate() 2794 2795 if err := hdec.Close(); err != nil { 2796 return nil, http2ConnectionError(http2ErrCodeCompression) 2797 } 2798 if invalid != nil { 2799 fr.errDetail = invalid 2800 if http2VerboseLogs { 2801 log.Printf("http2: invalid header: %v", invalid) 2802 } 2803 return nil, http2StreamError{mh.StreamID, http2ErrCodeProtocol, invalid} 2804 } 2805 if err := mh.checkPseudos(); err != nil { 2806 fr.errDetail = err 2807 if http2VerboseLogs { 2808 log.Printf("http2: invalid pseudo headers: %v", err) 2809 } 2810 return nil, http2StreamError{mh.StreamID, http2ErrCodeProtocol, err} 2811 } 2812 return mh, nil 2813 } 2814 2815 func http2summarizeFrame(f http2Frame) string { 2816 var buf bytes.Buffer 2817 f.Header().writeDebug(&buf) 2818 switch f := f.(type) { 2819 case *http2SettingsFrame: 2820 n := 0 2821 f.ForeachSetting(func(s http2Setting) error { 2822 n++ 2823 if n == 1 { 2824 buf.WriteString(", settings:") 2825 } 2826 fmt.Fprintf(&buf, " %v=%v,", s.ID, s.Val) 2827 return nil 2828 }) 2829 if n > 0 { 2830 buf.Truncate(buf.Len() - 1) // remove trailing comma 2831 } 2832 case *http2DataFrame: 2833 data := f.Data() 2834 const max = 256 2835 if len(data) > max { 2836 data = data[:max] 2837 } 2838 fmt.Fprintf(&buf, " data=%q", data) 2839 if len(f.Data()) > max { 2840 fmt.Fprintf(&buf, " (%d bytes omitted)", len(f.Data())-max) 2841 } 2842 case *http2WindowUpdateFrame: 2843 if f.StreamID == 0 { 2844 buf.WriteString(" (conn)") 2845 } 2846 fmt.Fprintf(&buf, " incr=%v", f.Increment) 2847 case *http2PingFrame: 2848 fmt.Fprintf(&buf, " ping=%q", f.Data[:]) 2849 case *http2GoAwayFrame: 2850 fmt.Fprintf(&buf, " LastStreamID=%v ErrCode=%v Debug=%q", 2851 f.LastStreamID, f.ErrCode, f.debugData) 2852 case *http2RSTStreamFrame: 2853 fmt.Fprintf(&buf, " ErrCode=%v", f.ErrCode) 2854 } 2855 return buf.String() 2856 } 2857 2858 func http2traceHasWroteHeaderField(trace *httptrace.ClientTrace) bool { 2859 return trace != nil && trace.WroteHeaderField != nil 2860 } 2861 2862 func http2traceWroteHeaderField(trace *httptrace.ClientTrace, k, v string) { 2863 if trace != nil && trace.WroteHeaderField != nil { 2864 trace.WroteHeaderField(k, []string{v}) 2865 } 2866 } 2867 2868 func http2traceGot1xxResponseFunc(trace *httptrace.ClientTrace) func(int, textproto.MIMEHeader) error { 2869 if trace != nil { 2870 return trace.Got1xxResponse 2871 } 2872 return nil 2873 } 2874 2875 var http2DebugGoroutines = os.Getenv("DEBUG_HTTP2_GOROUTINES") == "1" 2876 2877 type http2goroutineLock uint64 2878 2879 func http2newGoroutineLock() http2goroutineLock { 2880 if !http2DebugGoroutines { 2881 return 0 2882 } 2883 return http2goroutineLock(http2curGoroutineID()) 2884 } 2885 2886 func (g http2goroutineLock) check() { 2887 if !http2DebugGoroutines { 2888 return 2889 } 2890 if http2curGoroutineID() != uint64(g) { 2891 panic("running on the wrong goroutine") 2892 } 2893 } 2894 2895 func (g http2goroutineLock) checkNotOn() { 2896 if !http2DebugGoroutines { 2897 return 2898 } 2899 if http2curGoroutineID() == uint64(g) { 2900 panic("running on the wrong goroutine") 2901 } 2902 } 2903 2904 var http2goroutineSpace = []byte("goroutine ") 2905 2906 func http2curGoroutineID() uint64 { 2907 bp := http2littleBuf.Get().(*[]byte) 2908 defer http2littleBuf.Put(bp) 2909 b := *bp 2910 b = b[:runtime.Stack(b, false)] 2911 // Parse the 4707 out of "goroutine 4707 [" 2912 b = bytes.TrimPrefix(b, http2goroutineSpace) 2913 i := bytes.IndexByte(b, ' ') 2914 if i < 0 { 2915 panic(fmt.Sprintf("No space found in %q", b)) 2916 } 2917 b = b[:i] 2918 n, err := http2parseUintBytes(b, 10, 64) 2919 if err != nil { 2920 panic(fmt.Sprintf("Failed to parse goroutine ID out of %q: %v", b, err)) 2921 } 2922 return n 2923 } 2924 2925 var http2littleBuf = sync.Pool{ 2926 New: func() interface{} { 2927 buf := make([]byte, 64) 2928 return &buf 2929 }, 2930 } 2931 2932 // parseUintBytes is like strconv.ParseUint, but using a []byte. 2933 func http2parseUintBytes(s []byte, base int, bitSize int) (n uint64, err error) { 2934 var cutoff, maxVal uint64 2935 2936 if bitSize == 0 { 2937 bitSize = int(strconv.IntSize) 2938 } 2939 2940 s0 := s 2941 switch { 2942 case len(s) < 1: 2943 err = strconv.ErrSyntax 2944 goto Error 2945 2946 case 2 <= base && base <= 36: 2947 // valid base; nothing to do 2948 2949 case base == 0: 2950 // Look for octal, hex prefix. 2951 switch { 2952 case s[0] == '0' && len(s) > 1 && (s[1] == 'x' || s[1] == 'X'): 2953 base = 16 2954 s = s[2:] 2955 if len(s) < 1 { 2956 err = strconv.ErrSyntax 2957 goto Error 2958 } 2959 case s[0] == '0': 2960 base = 8 2961 default: 2962 base = 10 2963 } 2964 2965 default: 2966 err = errors.New("invalid base " + strconv.Itoa(base)) 2967 goto Error 2968 } 2969 2970 n = 0 2971 cutoff = http2cutoff64(base) 2972 maxVal = 1<<uint(bitSize) - 1 2973 2974 for i := 0; i < len(s); i++ { 2975 var v byte 2976 d := s[i] 2977 switch { 2978 case '0' <= d && d <= '9': 2979 v = d - '0' 2980 case 'a' <= d && d <= 'z': 2981 v = d - 'a' + 10 2982 case 'A' <= d && d <= 'Z': 2983 v = d - 'A' + 10 2984 default: 2985 n = 0 2986 err = strconv.ErrSyntax 2987 goto Error 2988 } 2989 if int(v) >= base { 2990 n = 0 2991 err = strconv.ErrSyntax 2992 goto Error 2993 } 2994 2995 if n >= cutoff { 2996 // n*base overflows 2997 n = 1<<64 - 1 2998 err = strconv.ErrRange 2999 goto Error 3000 } 3001 n *= uint64(base) 3002 3003 n1 := n + uint64(v) 3004 if n1 < n || n1 > maxVal { 3005 // n+v overflows 3006 n = 1<<64 - 1 3007 err = strconv.ErrRange 3008 goto Error 3009 } 3010 n = n1 3011 } 3012 3013 return n, nil 3014 3015 Error: 3016 return n, &strconv.NumError{Func: "ParseUint", Num: string(s0), Err: err} 3017 } 3018 3019 // Return the first number n such that n*base >= 1<<64. 3020 func http2cutoff64(base int) uint64 { 3021 if base < 2 { 3022 return 0 3023 } 3024 return (1<<64-1)/uint64(base) + 1 3025 } 3026 3027 var ( 3028 http2commonBuildOnce sync.Once 3029 http2commonLowerHeader map[string]string // Go-Canonical-Case -> lower-case 3030 http2commonCanonHeader map[string]string // lower-case -> Go-Canonical-Case 3031 ) 3032 3033 func http2buildCommonHeaderMapsOnce() { 3034 http2commonBuildOnce.Do(http2buildCommonHeaderMaps) 3035 } 3036 3037 func http2buildCommonHeaderMaps() { 3038 common := []string{ 3039 "accept", 3040 "accept-charset", 3041 "accept-encoding", 3042 "accept-language", 3043 "accept-ranges", 3044 "age", 3045 "access-control-allow-origin", 3046 "allow", 3047 "authorization", 3048 "cache-control", 3049 "content-disposition", 3050 "content-encoding", 3051 "content-language", 3052 "content-length", 3053 "content-location", 3054 "content-range", 3055 "content-type", 3056 "cookie", 3057 "date", 3058 "etag", 3059 "expect", 3060 "expires", 3061 "from", 3062 "host", 3063 "if-match", 3064 "if-modified-since", 3065 "if-none-match", 3066 "if-unmodified-since", 3067 "last-modified", 3068 "link", 3069 "location", 3070 "max-forwards", 3071 "proxy-authenticate", 3072 "proxy-authorization", 3073 "range", 3074 "referer", 3075 "refresh", 3076 "retry-after", 3077 "server", 3078 "set-cookie", 3079 "strict-transport-security", 3080 "trailer", 3081 "transfer-encoding", 3082 "user-agent", 3083 "vary", 3084 "via", 3085 "www-authenticate", 3086 } 3087 http2commonLowerHeader = make(map[string]string, len(common)) 3088 http2commonCanonHeader = make(map[string]string, len(common)) 3089 for _, v := range common { 3090 chk := CanonicalHeaderKey(v) 3091 http2commonLowerHeader[chk] = v 3092 http2commonCanonHeader[v] = chk 3093 } 3094 } 3095 3096 func http2lowerHeader(v string) string { 3097 http2buildCommonHeaderMapsOnce() 3098 if s, ok := http2commonLowerHeader[v]; ok { 3099 return s 3100 } 3101 return strings.ToLower(v) 3102 } 3103 3104 var ( 3105 http2VerboseLogs bool 3106 http2logFrameWrites bool 3107 http2logFrameReads bool 3108 http2inTests bool 3109 ) 3110 3111 func init() { 3112 e := os.Getenv("GODEBUG") 3113 if strings.Contains(e, "http2debug=1") { 3114 http2VerboseLogs = true 3115 } 3116 if strings.Contains(e, "http2debug=2") { 3117 http2VerboseLogs = true 3118 http2logFrameWrites = true 3119 http2logFrameReads = true 3120 } 3121 } 3122 3123 const ( 3124 // ClientPreface is the string that must be sent by new 3125 // connections from clients. 3126 http2ClientPreface = "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n" 3127 3128 // SETTINGS_MAX_FRAME_SIZE default 3129 // http://http2.github.io/http2-spec/#rfc.section.6.5.2 3130 http2initialMaxFrameSize = 16384 3131 3132 // NextProtoTLS is the NPN/ALPN protocol negotiated during 3133 // HTTP/2's TLS setup. 3134 http2NextProtoTLS = "h2" 3135 3136 // http://http2.github.io/http2-spec/#SettingValues 3137 http2initialHeaderTableSize = 4096 3138 3139 http2initialWindowSize = 65535 // 6.9.2 Initial Flow Control Window Size 3140 3141 http2defaultMaxReadFrameSize = 1 << 20 3142 ) 3143 3144 var ( 3145 http2clientPreface = []byte(http2ClientPreface) 3146 ) 3147 3148 type http2streamState int 3149 3150 // HTTP/2 stream states. 3151 // 3152 // See http://tools.ietf.org/html/rfc7540#section-5.1. 3153 // 3154 // For simplicity, the server code merges "reserved (local)" into 3155 // "half-closed (remote)". This is one less state transition to track. 3156 // The only downside is that we send PUSH_PROMISEs slightly less 3157 // liberally than allowable. More discussion here: 3158 // https://lists.w3.org/Archives/Public/ietf-http-wg/2016JulSep/0599.html 3159 // 3160 // "reserved (remote)" is omitted since the client code does not 3161 // support server push. 3162 const ( 3163 http2stateIdle http2streamState = iota 3164 http2stateOpen 3165 http2stateHalfClosedLocal 3166 http2stateHalfClosedRemote 3167 http2stateClosed 3168 ) 3169 3170 var http2stateName = [...]string{ 3171 http2stateIdle: "Idle", 3172 http2stateOpen: "Open", 3173 http2stateHalfClosedLocal: "HalfClosedLocal", 3174 http2stateHalfClosedRemote: "HalfClosedRemote", 3175 http2stateClosed: "Closed", 3176 } 3177 3178 func (st http2streamState) String() string { 3179 return http2stateName[st] 3180 } 3181 3182 // Setting is a setting parameter: which setting it is, and its value. 3183 type http2Setting struct { 3184 // ID is which setting is being set. 3185 // See http://http2.github.io/http2-spec/#SettingValues 3186 ID http2SettingID 3187 3188 // Val is the value. 3189 Val uint32 3190 } 3191 3192 func (s http2Setting) String() string { 3193 return fmt.Sprintf("[%v = %d]", s.ID, s.Val) 3194 } 3195 3196 // Valid reports whether the setting is valid. 3197 func (s http2Setting) Valid() error { 3198 // Limits and error codes from 6.5.2 Defined SETTINGS Parameters 3199 switch s.ID { 3200 case http2SettingEnablePush: 3201 if s.Val != 1 && s.Val != 0 { 3202 return http2ConnectionError(http2ErrCodeProtocol) 3203 } 3204 case http2SettingInitialWindowSize: 3205 if s.Val > 1<<31-1 { 3206 return http2ConnectionError(http2ErrCodeFlowControl) 3207 } 3208 case http2SettingMaxFrameSize: 3209 if s.Val < 16384 || s.Val > 1<<24-1 { 3210 return http2ConnectionError(http2ErrCodeProtocol) 3211 } 3212 } 3213 return nil 3214 } 3215 3216 // A SettingID is an HTTP/2 setting as defined in 3217 // http://http2.github.io/http2-spec/#iana-settings 3218 type http2SettingID uint16 3219 3220 const ( 3221 http2SettingHeaderTableSize http2SettingID = 0x1 3222 http2SettingEnablePush http2SettingID = 0x2 3223 http2SettingMaxConcurrentStreams http2SettingID = 0x3 3224 http2SettingInitialWindowSize http2SettingID = 0x4 3225 http2SettingMaxFrameSize http2SettingID = 0x5 3226 http2SettingMaxHeaderListSize http2SettingID = 0x6 3227 ) 3228 3229 var http2settingName = map[http2SettingID]string{ 3230 http2SettingHeaderTableSize: "HEADER_TABLE_SIZE", 3231 http2SettingEnablePush: "ENABLE_PUSH", 3232 http2SettingMaxConcurrentStreams: "MAX_CONCURRENT_STREAMS", 3233 http2SettingInitialWindowSize: "INITIAL_WINDOW_SIZE", 3234 http2SettingMaxFrameSize: "MAX_FRAME_SIZE", 3235 http2SettingMaxHeaderListSize: "MAX_HEADER_LIST_SIZE", 3236 } 3237 3238 func (s http2SettingID) String() string { 3239 if v, ok := http2settingName[s]; ok { 3240 return v 3241 } 3242 return fmt.Sprintf("UNKNOWN_SETTING_%d", uint16(s)) 3243 } 3244 3245 var ( 3246 http2errInvalidHeaderFieldName = errors.New("http2: invalid header field name") 3247 http2errInvalidHeaderFieldValue = errors.New("http2: invalid header field value") 3248 ) 3249 3250 // validWireHeaderFieldName reports whether v is a valid header field 3251 // name (key). See httpguts.ValidHeaderName for the base rules. 3252 // 3253 // Further, http2 says: 3254 // "Just as in HTTP/1.x, header field names are strings of ASCII 3255 // characters that are compared in a case-insensitive 3256 // fashion. However, header field names MUST be converted to 3257 // lowercase prior to their encoding in HTTP/2. " 3258 func http2validWireHeaderFieldName(v string) bool { 3259 if len(v) == 0 { 3260 return false 3261 } 3262 for _, r := range v { 3263 if !httpguts.IsTokenRune(r) { 3264 return false 3265 } 3266 if 'A' <= r && r <= 'Z' { 3267 return false 3268 } 3269 } 3270 return true 3271 } 3272 3273 func http2httpCodeString(code int) string { 3274 switch code { 3275 case 200: 3276 return "200" 3277 case 404: 3278 return "404" 3279 } 3280 return strconv.Itoa(code) 3281 } 3282 3283 // from pkg io 3284 type http2stringWriter interface { 3285 WriteString(s string) (n int, err error) 3286 } 3287 3288 // A gate lets two goroutines coordinate their activities. 3289 type http2gate chan struct{} 3290 3291 func (g http2gate) Done() { g <- struct{}{} } 3292 3293 func (g http2gate) Wait() { <-g } 3294 3295 // A closeWaiter is like a sync.WaitGroup but only goes 1 to 0 (open to closed). 3296 type http2closeWaiter chan struct{} 3297 3298 // Init makes a closeWaiter usable. 3299 // It exists because so a closeWaiter value can be placed inside a 3300 // larger struct and have the Mutex and Cond's memory in the same 3301 // allocation. 3302 func (cw *http2closeWaiter) Init() { 3303 *cw = make(chan struct{}) 3304 } 3305 3306 // Close marks the closeWaiter as closed and unblocks any waiters. 3307 func (cw http2closeWaiter) Close() { 3308 close(cw) 3309 } 3310 3311 // Wait waits for the closeWaiter to become closed. 3312 func (cw http2closeWaiter) Wait() { 3313 <-cw 3314 } 3315 3316 // bufferedWriter is a buffered writer that writes to w. 3317 // Its buffered writer is lazily allocated as needed, to minimize 3318 // idle memory usage with many connections. 3319 type http2bufferedWriter struct { 3320 w io.Writer // immutable 3321 bw *bufio.Writer // non-nil when data is buffered 3322 } 3323 3324 func http2newBufferedWriter(w io.Writer) *http2bufferedWriter { 3325 return &http2bufferedWriter{w: w} 3326 } 3327 3328 // bufWriterPoolBufferSize is the size of bufio.Writer's 3329 // buffers created using bufWriterPool. 3330 // 3331 // TODO: pick a less arbitrary value? this is a bit under 3332 // (3 x typical 1500 byte MTU) at least. Other than that, 3333 // not much thought went into it. 3334 const http2bufWriterPoolBufferSize = 4 << 10 3335 3336 var http2bufWriterPool = sync.Pool{ 3337 New: func() interface{} { 3338 return bufio.NewWriterSize(nil, http2bufWriterPoolBufferSize) 3339 }, 3340 } 3341 3342 func (w *http2bufferedWriter) Available() int { 3343 if w.bw == nil { 3344 return http2bufWriterPoolBufferSize 3345 } 3346 return w.bw.Available() 3347 } 3348 3349 func (w *http2bufferedWriter) Write(p []byte) (n int, err error) { 3350 if w.bw == nil { 3351 bw := http2bufWriterPool.Get().(*bufio.Writer) 3352 bw.Reset(w.w) 3353 w.bw = bw 3354 } 3355 return w.bw.Write(p) 3356 } 3357 3358 func (w *http2bufferedWriter) Flush() error { 3359 bw := w.bw 3360 if bw == nil { 3361 return nil 3362 } 3363 err := bw.Flush() 3364 bw.Reset(nil) 3365 http2bufWriterPool.Put(bw) 3366 w.bw = nil 3367 return err 3368 } 3369 3370 func http2mustUint31(v int32) uint32 { 3371 if v < 0 || v > 2147483647 { 3372 panic("out of range") 3373 } 3374 return uint32(v) 3375 } 3376 3377 // bodyAllowedForStatus reports whether a given response status code 3378 // permits a body. See RFC 7230, section 3.3. 3379 func http2bodyAllowedForStatus(status int) bool { 3380 switch { 3381 case status >= 100 && status <= 199: 3382 return false 3383 case status == 204: 3384 return false 3385 case status == 304: 3386 return false 3387 } 3388 return true 3389 } 3390 3391 type http2httpError struct { 3392 msg string 3393 timeout bool 3394 } 3395 3396 func (e *http2httpError) Error() string { return e.msg } 3397 3398 func (e *http2httpError) Timeout() bool { return e.timeout } 3399 3400 func (e *http2httpError) Temporary() bool { return true } 3401 3402 var http2errTimeout error = &http2httpError{msg: "http2: timeout awaiting response headers", timeout: true} 3403 3404 type http2connectionStater interface { 3405 ConnectionState() tls.ConnectionState 3406 } 3407 3408 var http2sorterPool = sync.Pool{New: func() interface{} { return new(http2sorter) }} 3409 3410 type http2sorter struct { 3411 v []string // owned by sorter 3412 } 3413 3414 func (s *http2sorter) Len() int { return len(s.v) } 3415 3416 func (s *http2sorter) Swap(i, j int) { s.v[i], s.v[j] = s.v[j], s.v[i] } 3417 3418 func (s *http2sorter) Less(i, j int) bool { return s.v[i] < s.v[j] } 3419 3420 // Keys returns the sorted keys of h. 3421 // 3422 // The returned slice is only valid until s used again or returned to 3423 // its pool. 3424 func (s *http2sorter) Keys(h Header) []string { 3425 keys := s.v[:0] 3426 for k := range h { 3427 keys = append(keys, k) 3428 } 3429 s.v = keys 3430 sort.Sort(s) 3431 return keys 3432 } 3433 3434 func (s *http2sorter) SortStrings(ss []string) { 3435 // Our sorter works on s.v, which sorter owns, so 3436 // stash it away while we sort the user's buffer. 3437 save := s.v 3438 s.v = ss 3439 sort.Sort(s) 3440 s.v = save 3441 } 3442 3443 // validPseudoPath reports whether v is a valid :path pseudo-header 3444 // value. It must be either: 3445 // 3446 // *) a non-empty string starting with '/' 3447 // *) the string '*', for OPTIONS requests. 3448 // 3449 // For now this is only used a quick check for deciding when to clean 3450 // up Opaque URLs before sending requests from the Transport. 3451 // See golang.org/issue/16847 3452 // 3453 // We used to enforce that the path also didn't start with "//", but 3454 // Google's GFE accepts such paths and Chrome sends them, so ignore 3455 // that part of the spec. See golang.org/issue/19103. 3456 func http2validPseudoPath(v string) bool { 3457 return (len(v) > 0 && v[0] == '/') || v == "*" 3458 } 3459 3460 // pipe is a goroutine-safe io.Reader/io.Writer pair. It's like 3461 // io.Pipe except there are no PipeReader/PipeWriter halves, and the 3462 // underlying buffer is an interface. (io.Pipe is always unbuffered) 3463 type http2pipe struct { 3464 mu sync.Mutex 3465 c sync.Cond // c.L lazily initialized to &p.mu 3466 b http2pipeBuffer // nil when done reading 3467 err error // read error once empty. non-nil means closed. 3468 breakErr error // immediate read error (caller doesn't see rest of b) 3469 donec chan struct{} // closed on error 3470 readFn func() // optional code to run in Read before error 3471 } 3472 3473 type http2pipeBuffer interface { 3474 Len() int 3475 io.Writer 3476 io.Reader 3477 } 3478 3479 func (p *http2pipe) Len() int { 3480 p.mu.Lock() 3481 defer p.mu.Unlock() 3482 if p.b == nil { 3483 return 0 3484 } 3485 return p.b.Len() 3486 } 3487 3488 // Read waits until data is available and copies bytes 3489 // from the buffer into p. 3490 func (p *http2pipe) Read(d []byte) (n int, err error) { 3491 p.mu.Lock() 3492 defer p.mu.Unlock() 3493 if p.c.L == nil { 3494 p.c.L = &p.mu 3495 } 3496 for { 3497 if p.breakErr != nil { 3498 return 0, p.breakErr 3499 } 3500 if p.b != nil && p.b.Len() > 0 { 3501 return p.b.Read(d) 3502 } 3503 if p.err != nil { 3504 if p.readFn != nil { 3505 p.readFn() // e.g. copy trailers 3506 p.readFn = nil // not sticky like p.err 3507 } 3508 p.b = nil 3509 return 0, p.err 3510 } 3511 p.c.Wait() 3512 } 3513 } 3514 3515 var http2errClosedPipeWrite = errors.New("write on closed buffer") 3516 3517 // Write copies bytes from p into the buffer and wakes a reader. 3518 // It is an error to write more data than the buffer can hold. 3519 func (p *http2pipe) Write(d []byte) (n int, err error) { 3520 p.mu.Lock() 3521 defer p.mu.Unlock() 3522 if p.c.L == nil { 3523 p.c.L = &p.mu 3524 } 3525 defer p.c.Signal() 3526 if p.err != nil { 3527 return 0, http2errClosedPipeWrite 3528 } 3529 if p.breakErr != nil { 3530 return len(d), nil // discard when there is no reader 3531 } 3532 return p.b.Write(d) 3533 } 3534 3535 // CloseWithError causes the next Read (waking up a current blocked 3536 // Read if needed) to return the provided err after all data has been 3537 // read. 3538 // 3539 // The error must be non-nil. 3540 func (p *http2pipe) CloseWithError(err error) { p.closeWithError(&p.err, err, nil) } 3541 3542 // BreakWithError causes the next Read (waking up a current blocked 3543 // Read if needed) to return the provided err immediately, without 3544 // waiting for unread data. 3545 func (p *http2pipe) BreakWithError(err error) { p.closeWithError(&p.breakErr, err, nil) } 3546 3547 // closeWithErrorAndCode is like CloseWithError but also sets some code to run 3548 // in the caller's goroutine before returning the error. 3549 func (p *http2pipe) closeWithErrorAndCode(err error, fn func()) { p.closeWithError(&p.err, err, fn) } 3550 3551 func (p *http2pipe) closeWithError(dst *error, err error, fn func()) { 3552 if err == nil { 3553 panic("err must be non-nil") 3554 } 3555 p.mu.Lock() 3556 defer p.mu.Unlock() 3557 if p.c.L == nil { 3558 p.c.L = &p.mu 3559 } 3560 defer p.c.Signal() 3561 if *dst != nil { 3562 // Already been done. 3563 return 3564 } 3565 p.readFn = fn 3566 if dst == &p.breakErr { 3567 p.b = nil 3568 } 3569 *dst = err 3570 p.closeDoneLocked() 3571 } 3572 3573 // requires p.mu be held. 3574 func (p *http2pipe) closeDoneLocked() { 3575 if p.donec == nil { 3576 return 3577 } 3578 // Close if unclosed. This isn't racy since we always 3579 // hold p.mu while closing. 3580 select { 3581 case <-p.donec: 3582 default: 3583 close(p.donec) 3584 } 3585 } 3586 3587 // Err returns the error (if any) first set by BreakWithError or CloseWithError. 3588 func (p *http2pipe) Err() error { 3589 p.mu.Lock() 3590 defer p.mu.Unlock() 3591 if p.breakErr != nil { 3592 return p.breakErr 3593 } 3594 return p.err 3595 } 3596 3597 // Done returns a channel which is closed if and when this pipe is closed 3598 // with CloseWithError. 3599 func (p *http2pipe) Done() <-chan struct{} { 3600 p.mu.Lock() 3601 defer p.mu.Unlock() 3602 if p.donec == nil { 3603 p.donec = make(chan struct{}) 3604 if p.err != nil || p.breakErr != nil { 3605 // Already hit an error. 3606 p.closeDoneLocked() 3607 } 3608 } 3609 return p.donec 3610 } 3611 3612 const ( 3613 http2prefaceTimeout = 10 * time.Second 3614 http2firstSettingsTimeout = 2 * time.Second // should be in-flight with preface anyway 3615 http2handlerChunkWriteSize = 4 << 10 3616 http2defaultMaxStreams = 250 // TODO: make this 100 as the GFE seems to? 3617 http2maxQueuedControlFrames = 10000 3618 ) 3619 3620 var ( 3621 http2errClientDisconnected = errors.New("client disconnected") 3622 http2errClosedBody = errors.New("body closed by handler") 3623 http2errHandlerComplete = errors.New("http2: request body closed due to handler exiting") 3624 http2errStreamClosed = errors.New("http2: stream closed") 3625 ) 3626 3627 var http2responseWriterStatePool = sync.Pool{ 3628 New: func() interface{} { 3629 rws := &http2responseWriterState{} 3630 rws.bw = bufio.NewWriterSize(http2chunkWriter{rws}, http2handlerChunkWriteSize) 3631 return rws 3632 }, 3633 } 3634 3635 // Test hooks. 3636 var ( 3637 http2testHookOnConn func() 3638 http2testHookGetServerConn func(*http2serverConn) 3639 http2testHookOnPanicMu *sync.Mutex // nil except in tests 3640 http2testHookOnPanic func(sc *http2serverConn, panicVal interface{}) (rePanic bool) 3641 ) 3642 3643 // Server is an HTTP/2 server. 3644 type http2Server struct { 3645 // MaxHandlers limits the number of http.Handler ServeHTTP goroutines 3646 // which may run at a time over all connections. 3647 // Negative or zero no limit. 3648 // TODO: implement 3649 MaxHandlers int 3650 3651 // MaxConcurrentStreams optionally specifies the number of 3652 // concurrent streams that each client may have open at a 3653 // time. This is unrelated to the number of http.Handler goroutines 3654 // which may be active globally, which is MaxHandlers. 3655 // If zero, MaxConcurrentStreams defaults to at least 100, per 3656 // the HTTP/2 spec's recommendations. 3657 MaxConcurrentStreams uint32 3658 3659 // MaxReadFrameSize optionally specifies the largest frame 3660 // this server is willing to read. A valid value is between 3661 // 16k and 16M, inclusive. If zero or otherwise invalid, a 3662 // default value is used. 3663 MaxReadFrameSize uint32 3664 3665 // PermitProhibitedCipherSuites, if true, permits the use of 3666 // cipher suites prohibited by the HTTP/2 spec. 3667 PermitProhibitedCipherSuites bool 3668 3669 // IdleTimeout specifies how long until idle clients should be 3670 // closed with a GOAWAY frame. PING frames are not considered 3671 // activity for the purposes of IdleTimeout. 3672 IdleTimeout time.Duration 3673 3674 // MaxUploadBufferPerConnection is the size of the initial flow 3675 // control window for each connections. The HTTP/2 spec does not 3676 // allow this to be smaller than 65535 or larger than 2^32-1. 3677 // If the value is outside this range, a default value will be 3678 // used instead. 3679 MaxUploadBufferPerConnection int32 3680 3681 // MaxUploadBufferPerStream is the size of the initial flow control 3682 // window for each stream. The HTTP/2 spec does not allow this to 3683 // be larger than 2^32-1. If the value is zero or larger than the 3684 // maximum, a default value will be used instead. 3685 MaxUploadBufferPerStream int32 3686 3687 // NewWriteScheduler constructs a write scheduler for a connection. 3688 // If nil, a default scheduler is chosen. 3689 NewWriteScheduler func() http2WriteScheduler 3690 3691 // Internal state. This is a pointer (rather than embedded directly) 3692 // so that we don't embed a Mutex in this struct, which will make the 3693 // struct non-copyable, which might break some callers. 3694 state *http2serverInternalState 3695 } 3696 3697 func (s *http2Server) initialConnRecvWindowSize() int32 { 3698 if s.MaxUploadBufferPerConnection > http2initialWindowSize { 3699 return s.MaxUploadBufferPerConnection 3700 } 3701 return 1 << 20 3702 } 3703 3704 func (s *http2Server) initialStreamRecvWindowSize() int32 { 3705 if s.MaxUploadBufferPerStream > 0 { 3706 return s.MaxUploadBufferPerStream 3707 } 3708 return 1 << 20 3709 } 3710 3711 func (s *http2Server) maxReadFrameSize() uint32 { 3712 if v := s.MaxReadFrameSize; v >= http2minMaxFrameSize && v <= http2maxFrameSize { 3713 return v 3714 } 3715 return http2defaultMaxReadFrameSize 3716 } 3717 3718 func (s *http2Server) maxConcurrentStreams() uint32 { 3719 if v := s.MaxConcurrentStreams; v > 0 { 3720 return v 3721 } 3722 return http2defaultMaxStreams 3723 } 3724 3725 // maxQueuedControlFrames is the maximum number of control frames like 3726 // SETTINGS, PING and RST_STREAM that will be queued for writing before 3727 // the connection is closed to prevent memory exhaustion attacks. 3728 func (s *http2Server) maxQueuedControlFrames() int { 3729 // TODO: if anybody asks, add a Server field, and remember to define the 3730 // behavior of negative values. 3731 return http2maxQueuedControlFrames 3732 } 3733 3734 type http2serverInternalState struct { 3735 mu sync.Mutex 3736 activeConns map[*http2serverConn]struct{} 3737 } 3738 3739 func (s *http2serverInternalState) registerConn(sc *http2serverConn) { 3740 if s == nil { 3741 return // if the Server was used without calling ConfigureServer 3742 } 3743 s.mu.Lock() 3744 s.activeConns[sc] = struct{}{} 3745 s.mu.Unlock() 3746 } 3747 3748 func (s *http2serverInternalState) unregisterConn(sc *http2serverConn) { 3749 if s == nil { 3750 return // if the Server was used without calling ConfigureServer 3751 } 3752 s.mu.Lock() 3753 delete(s.activeConns, sc) 3754 s.mu.Unlock() 3755 } 3756 3757 func (s *http2serverInternalState) startGracefulShutdown() { 3758 if s == nil { 3759 return // if the Server was used without calling ConfigureServer 3760 } 3761 s.mu.Lock() 3762 for sc := range s.activeConns { 3763 sc.startGracefulShutdown() 3764 } 3765 s.mu.Unlock() 3766 } 3767 3768 // ConfigureServer adds HTTP/2 support to a net/http Server. 3769 // 3770 // The configuration conf may be nil. 3771 // 3772 // ConfigureServer must be called before s begins serving. 3773 func http2ConfigureServer(s *Server, conf *http2Server) error { 3774 if s == nil { 3775 panic("nil *http.Server") 3776 } 3777 if conf == nil { 3778 conf = new(http2Server) 3779 } 3780 conf.state = &http2serverInternalState{activeConns: make(map[*http2serverConn]struct{})} 3781 if h1, h2 := s, conf; h2.IdleTimeout == 0 { 3782 if h1.IdleTimeout != 0 { 3783 h2.IdleTimeout = h1.IdleTimeout 3784 } else { 3785 h2.IdleTimeout = h1.ReadTimeout 3786 } 3787 } 3788 s.RegisterOnShutdown(conf.state.startGracefulShutdown) 3789 3790 if s.TLSConfig == nil { 3791 s.TLSConfig = new(tls.Config) 3792 } else if s.TLSConfig.CipherSuites != nil { 3793 // If they already provided a CipherSuite list, return 3794 // an error if it has a bad order or is missing 3795 // ECDHE_RSA_WITH_AES_128_GCM_SHA256 or ECDHE_ECDSA_WITH_AES_128_GCM_SHA256. 3796 haveRequired := false 3797 sawBad := false 3798 for i, cs := range s.TLSConfig.CipherSuites { 3799 switch cs { 3800 case tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 3801 // Alternative MTI cipher to not discourage ECDSA-only servers. 3802 // See http://golang.org/cl/30721 for further information. 3803 tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: 3804 haveRequired = true 3805 } 3806 if http2isBadCipher(cs) { 3807 sawBad = true 3808 } else if sawBad { 3809 return fmt.Errorf("http2: TLSConfig.CipherSuites index %d contains an HTTP/2-approved cipher suite (%#04x), but it comes after unapproved cipher suites. With this configuration, clients that don't support previous, approved cipher suites may be given an unapproved one and reject the connection.", i, cs) 3810 } 3811 } 3812 if !haveRequired { 3813 return fmt.Errorf("http2: TLSConfig.CipherSuites is missing an HTTP/2-required AES_128_GCM_SHA256 cipher.") 3814 } 3815 } 3816 3817 // Note: not setting MinVersion to tls.VersionTLS12, 3818 // as we don't want to interfere with HTTP/1.1 traffic 3819 // on the user's server. We enforce TLS 1.2 later once 3820 // we accept a connection. Ideally this should be done 3821 // during next-proto selection, but using TLS <1.2 with 3822 // HTTP/2 is still the client's bug. 3823 3824 s.TLSConfig.PreferServerCipherSuites = true 3825 3826 haveNPN := false 3827 for _, p := range s.TLSConfig.NextProtos { 3828 if p == http2NextProtoTLS { 3829 haveNPN = true 3830 break 3831 } 3832 } 3833 if !haveNPN { 3834 s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, http2NextProtoTLS) 3835 } 3836 3837 if s.TLSNextProto == nil { 3838 s.TLSNextProto = map[string]func(*Server, *tls.Conn, Handler){} 3839 } 3840 protoHandler := func(hs *Server, c *tls.Conn, h Handler) { 3841 if http2testHookOnConn != nil { 3842 http2testHookOnConn() 3843 } 3844 conf.ServeConn(c, &http2ServeConnOpts{ 3845 Handler: h, 3846 BaseConfig: hs, 3847 }) 3848 } 3849 s.TLSNextProto[http2NextProtoTLS] = protoHandler 3850 return nil 3851 } 3852 3853 // ServeConnOpts are options for the Server.ServeConn method. 3854 type http2ServeConnOpts struct { 3855 // BaseConfig optionally sets the base configuration 3856 // for values. If nil, defaults are used. 3857 BaseConfig *Server 3858 3859 // Handler specifies which handler to use for processing 3860 // requests. If nil, BaseConfig.Handler is used. If BaseConfig 3861 // or BaseConfig.Handler is nil, http.DefaultServeMux is used. 3862 Handler Handler 3863 } 3864 3865 func (o *http2ServeConnOpts) baseConfig() *Server { 3866 if o != nil && o.BaseConfig != nil { 3867 return o.BaseConfig 3868 } 3869 return new(Server) 3870 } 3871 3872 func (o *http2ServeConnOpts) handler() Handler { 3873 if o != nil { 3874 if o.Handler != nil { 3875 return o.Handler 3876 } 3877 if o.BaseConfig != nil && o.BaseConfig.Handler != nil { 3878 return o.BaseConfig.Handler 3879 } 3880 } 3881 return DefaultServeMux 3882 } 3883 3884 // ServeConn serves HTTP/2 requests on the provided connection and 3885 // blocks until the connection is no longer readable. 3886 // 3887 // ServeConn starts speaking HTTP/2 assuming that c has not had any 3888 // reads or writes. It writes its initial settings frame and expects 3889 // to be able to read the preface and settings frame from the 3890 // client. If c has a ConnectionState method like a *tls.Conn, the 3891 // ConnectionState is used to verify the TLS ciphersuite and to set 3892 // the Request.TLS field in Handlers. 3893 // 3894 // ServeConn does not support h2c by itself. Any h2c support must be 3895 // implemented in terms of providing a suitably-behaving net.Conn. 3896 // 3897 // The opts parameter is optional. If nil, default values are used. 3898 func (s *http2Server) ServeConn(c net.Conn, opts *http2ServeConnOpts) { 3899 baseCtx, cancel := http2serverConnBaseContext(c, opts) 3900 defer cancel() 3901 3902 sc := &http2serverConn{ 3903 srv: s, 3904 hs: opts.baseConfig(), 3905 conn: c, 3906 baseCtx: baseCtx, 3907 remoteAddrStr: c.RemoteAddr().String(), 3908 bw: http2newBufferedWriter(c), 3909 handler: opts.handler(), 3910 streams: make(map[uint32]*http2stream), 3911 readFrameCh: make(chan http2readFrameResult), 3912 wantWriteFrameCh: make(chan http2FrameWriteRequest, 8), 3913 serveMsgCh: make(chan interface{}, 8), 3914 wroteFrameCh: make(chan http2frameWriteResult, 1), // buffered; one send in writeFrameAsync 3915 bodyReadCh: make(chan http2bodyReadMsg), // buffering doesn't matter either way 3916 doneServing: make(chan struct{}), 3917 clientMaxStreams: math.MaxUint32, // Section 6.5.2: "Initially, there is no limit to this value" 3918 advMaxStreams: s.maxConcurrentStreams(), 3919 initialStreamSendWindowSize: http2initialWindowSize, 3920 maxFrameSize: http2initialMaxFrameSize, 3921 headerTableSize: http2initialHeaderTableSize, 3922 serveG: http2newGoroutineLock(), 3923 pushEnabled: true, 3924 } 3925 3926 s.state.registerConn(sc) 3927 defer s.state.unregisterConn(sc) 3928 3929 // The net/http package sets the write deadline from the 3930 // http.Server.WriteTimeout during the TLS handshake, but then 3931 // passes the connection off to us with the deadline already set. 3932 // Write deadlines are set per stream in serverConn.newStream. 3933 // Disarm the net.Conn write deadline here. 3934 if sc.hs.WriteTimeout != 0 { 3935 sc.conn.SetWriteDeadline(time.Time{}) 3936 } 3937 3938 if s.NewWriteScheduler != nil { 3939 sc.writeSched = s.NewWriteScheduler() 3940 } else { 3941 sc.writeSched = http2NewRandomWriteScheduler() 3942 } 3943 3944 // These start at the RFC-specified defaults. If there is a higher 3945 // configured value for inflow, that will be updated when we send a 3946 // WINDOW_UPDATE shortly after sending SETTINGS. 3947 sc.flow.add(http2initialWindowSize) 3948 sc.inflow.add(http2initialWindowSize) 3949 sc.hpackEncoder = hpack.NewEncoder(&sc.headerWriteBuf) 3950 3951 fr := http2NewFramer(sc.bw, c) 3952 fr.ReadMetaHeaders = hpack.NewDecoder(http2initialHeaderTableSize, nil) 3953 fr.MaxHeaderListSize = sc.maxHeaderListSize() 3954 fr.SetMaxReadFrameSize(s.maxReadFrameSize()) 3955 sc.framer = fr 3956 3957 if tc, ok := c.(http2connectionStater); ok { 3958 sc.tlsState = new(tls.ConnectionState) 3959 *sc.tlsState = tc.ConnectionState() 3960 // 9.2 Use of TLS Features 3961 // An implementation of HTTP/2 over TLS MUST use TLS 3962 // 1.2 or higher with the restrictions on feature set 3963 // and cipher suite described in this section. Due to 3964 // implementation limitations, it might not be 3965 // possible to fail TLS negotiation. An endpoint MUST 3966 // immediately terminate an HTTP/2 connection that 3967 // does not meet the TLS requirements described in 3968 // this section with a connection error (Section 3969 // 5.4.1) of type INADEQUATE_SECURITY. 3970 if sc.tlsState.Version < tls.VersionTLS12 { 3971 sc.rejectConn(http2ErrCodeInadequateSecurity, "TLS version too low") 3972 return 3973 } 3974 3975 if sc.tlsState.ServerName == "" { 3976 // Client must use SNI, but we don't enforce that anymore, 3977 // since it was causing problems when connecting to bare IP 3978 // addresses during development. 3979 // 3980 // TODO: optionally enforce? Or enforce at the time we receive 3981 // a new request, and verify the ServerName matches the :authority? 3982 // But that precludes proxy situations, perhaps. 3983 // 3984 // So for now, do nothing here again. 3985 } 3986 3987 if !s.PermitProhibitedCipherSuites && http2isBadCipher(sc.tlsState.CipherSuite) { 3988 // "Endpoints MAY choose to generate a connection error 3989 // (Section 5.4.1) of type INADEQUATE_SECURITY if one of 3990 // the prohibited cipher suites are negotiated." 3991 // 3992 // We choose that. In my opinion, the spec is weak 3993 // here. It also says both parties must support at least 3994 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 so there's no 3995 // excuses here. If we really must, we could allow an 3996 // "AllowInsecureWeakCiphers" option on the server later. 3997 // Let's see how it plays out first. 3998 sc.rejectConn(http2ErrCodeInadequateSecurity, fmt.Sprintf("Prohibited TLS 1.2 Cipher Suite: %x", sc.tlsState.CipherSuite)) 3999 return 4000 } 4001 } 4002 4003 if hook := http2testHookGetServerConn; hook != nil { 4004 hook(sc) 4005 } 4006 sc.serve() 4007 } 4008 4009 func http2serverConnBaseContext(c net.Conn, opts *http2ServeConnOpts) (ctx context.Context, cancel func()) { 4010 ctx, cancel = context.WithCancel(context.Background()) 4011 ctx = context.WithValue(ctx, LocalAddrContextKey, c.LocalAddr()) 4012 if hs := opts.baseConfig(); hs != nil { 4013 ctx = context.WithValue(ctx, ServerContextKey, hs) 4014 } 4015 return 4016 } 4017 4018 func (sc *http2serverConn) rejectConn(err http2ErrCode, debug string) { 4019 sc.vlogf("http2: server rejecting conn: %v, %s", err, debug) 4020 // ignoring errors. hanging up anyway. 4021 sc.framer.WriteGoAway(0, err, []byte(debug)) 4022 sc.bw.Flush() 4023 sc.conn.Close() 4024 } 4025 4026 type http2serverConn struct { 4027 // Immutable: 4028 srv *http2Server 4029 hs *Server 4030 conn net.Conn 4031 bw *http2bufferedWriter // writing to conn 4032 handler Handler 4033 baseCtx context.Context 4034 framer *http2Framer 4035 doneServing chan struct{} // closed when serverConn.serve ends 4036 readFrameCh chan http2readFrameResult // written by serverConn.readFrames 4037 wantWriteFrameCh chan http2FrameWriteRequest // from handlers -> serve 4038 wroteFrameCh chan http2frameWriteResult // from writeFrameAsync -> serve, tickles more frame writes 4039 bodyReadCh chan http2bodyReadMsg // from handlers -> serve 4040 serveMsgCh chan interface{} // misc messages & code to send to / run on the serve loop 4041 flow http2flow // conn-wide (not stream-specific) outbound flow control 4042 inflow http2flow // conn-wide inbound flow control 4043 tlsState *tls.ConnectionState // shared by all handlers, like net/http 4044 remoteAddrStr string 4045 writeSched http2WriteScheduler 4046 4047 // Everything following is owned by the serve loop; use serveG.check(): 4048 serveG http2goroutineLock // used to verify funcs are on serve() 4049 pushEnabled bool 4050 sawFirstSettings bool // got the initial SETTINGS frame after the preface 4051 needToSendSettingsAck bool 4052 unackedSettings int // how many SETTINGS have we sent without ACKs? 4053 queuedControlFrames int // control frames in the writeSched queue 4054 clientMaxStreams uint32 // SETTINGS_MAX_CONCURRENT_STREAMS from client (our PUSH_PROMISE limit) 4055 advMaxStreams uint32 // our SETTINGS_MAX_CONCURRENT_STREAMS advertised the client 4056 curClientStreams uint32 // number of open streams initiated by the client 4057 curPushedStreams uint32 // number of open streams initiated by server push 4058 maxClientStreamID uint32 // max ever seen from client (odd), or 0 if there have been no client requests 4059 maxPushPromiseID uint32 // ID of the last push promise (even), or 0 if there have been no pushes 4060 streams map[uint32]*http2stream 4061 initialStreamSendWindowSize int32 4062 maxFrameSize int32 4063 headerTableSize uint32 4064 peerMaxHeaderListSize uint32 // zero means unknown (default) 4065 canonHeader map[string]string // http2-lower-case -> Go-Canonical-Case 4066 writingFrame bool // started writing a frame (on serve goroutine or separate) 4067 writingFrameAsync bool // started a frame on its own goroutine but haven't heard back on wroteFrameCh 4068 needsFrameFlush bool // last frame write wasn't a flush 4069 inGoAway bool // we've started to or sent GOAWAY 4070 inFrameScheduleLoop bool // whether we're in the scheduleFrameWrite loop 4071 needToSendGoAway bool // we need to schedule a GOAWAY frame write 4072 goAwayCode http2ErrCode 4073 shutdownTimer *time.Timer // nil until used 4074 idleTimer *time.Timer // nil if unused 4075 4076 // Owned by the writeFrameAsync goroutine: 4077 headerWriteBuf bytes.Buffer 4078 hpackEncoder *hpack.Encoder 4079 4080 // Used by startGracefulShutdown. 4081 shutdownOnce sync.Once 4082 } 4083 4084 func (sc *http2serverConn) maxHeaderListSize() uint32 { 4085 n := sc.hs.MaxHeaderBytes 4086 if n <= 0 { 4087 n = DefaultMaxHeaderBytes 4088 } 4089 // http2's count is in a slightly different unit and includes 32 bytes per pair. 4090 // So, take the net/http.Server value and pad it up a bit, assuming 10 headers. 4091 const perFieldOverhead = 32 // per http2 spec 4092 const typicalHeaders = 10 // conservative 4093 return uint32(n + typicalHeaders*perFieldOverhead) 4094 } 4095 4096 func (sc *http2serverConn) curOpenStreams() uint32 { 4097 sc.serveG.check() 4098 return sc.curClientStreams + sc.curPushedStreams 4099 } 4100 4101 // stream represents a stream. This is the minimal metadata needed by 4102 // the serve goroutine. Most of the actual stream state is owned by 4103 // the http.Handler's goroutine in the responseWriter. Because the 4104 // responseWriter's responseWriterState is recycled at the end of a 4105 // handler, this struct intentionally has no pointer to the 4106 // *responseWriter{,State} itself, as the Handler ending nils out the 4107 // responseWriter's state field. 4108 type http2stream struct { 4109 // immutable: 4110 sc *http2serverConn 4111 id uint32 4112 body *http2pipe // non-nil if expecting DATA frames 4113 cw http2closeWaiter // closed wait stream transitions to closed state 4114 ctx context.Context 4115 cancelCtx func() 4116 4117 // owned by serverConn's serve loop: 4118 bodyBytes int64 // body bytes seen so far 4119 declBodyBytes int64 // or -1 if undeclared 4120 flow http2flow // limits writing from Handler to client 4121 inflow http2flow // what the client is allowed to POST/etc to us 4122 parent *http2stream // or nil 4123 numTrailerValues int64 4124 weight uint8 4125 state http2streamState 4126 resetQueued bool // RST_STREAM queued for write; set by sc.resetStream 4127 gotTrailerHeader bool // HEADER frame for trailers was seen 4128 wroteHeaders bool // whether we wrote headers (not status 100) 4129 writeDeadline *time.Timer // nil if unused 4130 4131 trailer Header // accumulated trailers 4132 reqTrailer Header // handler's Request.Trailer 4133 } 4134 4135 func (sc *http2serverConn) Framer() *http2Framer { return sc.framer } 4136 4137 func (sc *http2serverConn) CloseConn() error { return sc.conn.Close() } 4138 4139 func (sc *http2serverConn) Flush() error { return sc.bw.Flush() } 4140 4141 func (sc *http2serverConn) HeaderEncoder() (*hpack.Encoder, *bytes.Buffer) { 4142 return sc.hpackEncoder, &sc.headerWriteBuf 4143 } 4144 4145 func (sc *http2serverConn) state(streamID uint32) (http2streamState, *http2stream) { 4146 sc.serveG.check() 4147 // http://tools.ietf.org/html/rfc7540#section-5.1 4148 if st, ok := sc.streams[streamID]; ok { 4149 return st.state, st 4150 } 4151 // "The first use of a new stream identifier implicitly closes all 4152 // streams in the "idle" state that might have been initiated by 4153 // that peer with a lower-valued stream identifier. For example, if 4154 // a client sends a HEADERS frame on stream 7 without ever sending a 4155 // frame on stream 5, then stream 5 transitions to the "closed" 4156 // state when the first frame for stream 7 is sent or received." 4157 if streamID%2 == 1 { 4158 if streamID <= sc.maxClientStreamID { 4159 return http2stateClosed, nil 4160 } 4161 } else { 4162 if streamID <= sc.maxPushPromiseID { 4163 return http2stateClosed, nil 4164 } 4165 } 4166 return http2stateIdle, nil 4167 } 4168 4169 // setConnState calls the net/http ConnState hook for this connection, if configured. 4170 // Note that the net/http package does StateNew and StateClosed for us. 4171 // There is currently no plan for StateHijacked or hijacking HTTP/2 connections. 4172 func (sc *http2serverConn) setConnState(state ConnState) { 4173 if sc.hs.ConnState != nil { 4174 sc.hs.ConnState(sc.conn, state) 4175 } 4176 } 4177 4178 func (sc *http2serverConn) vlogf(format string, args ...interface{}) { 4179 if http2VerboseLogs { 4180 sc.logf(format, args...) 4181 } 4182 } 4183 4184 func (sc *http2serverConn) logf(format string, args ...interface{}) { 4185 if lg := sc.hs.ErrorLog; lg != nil { 4186 lg.Printf(format, args...) 4187 } else { 4188 log.Printf(format, args...) 4189 } 4190 } 4191 4192 // errno returns v's underlying uintptr, else 0. 4193 // 4194 // TODO: remove this helper function once http2 can use build 4195 // tags. See comment in isClosedConnError. 4196 func http2errno(v error) uintptr { 4197 if rv := reflect.ValueOf(v); rv.Kind() == reflect.Uintptr { 4198 return uintptr(rv.Uint()) 4199 } 4200 return 0 4201 } 4202 4203 // isClosedConnError reports whether err is an error from use of a closed 4204 // network connection. 4205 func http2isClosedConnError(err error) bool { 4206 if err == nil { 4207 return false 4208 } 4209 4210 // TODO: remove this string search and be more like the Windows 4211 // case below. That might involve modifying the standard library 4212 // to return better error types. 4213 str := err.Error() 4214 if strings.Contains(str, "use of closed network connection") { 4215 return true 4216 } 4217 4218 // TODO(bradfitz): x/tools/cmd/bundle doesn't really support 4219 // build tags, so I can't make an http2_windows.go file with 4220 // Windows-specific stuff. Fix that and move this, once we 4221 // have a way to bundle this into std's net/http somehow. 4222 if runtime.GOOS == "windows" { 4223 if oe, ok := err.(*net.OpError); ok && oe.Op == "read" { 4224 if se, ok := oe.Err.(*os.SyscallError); ok && se.Syscall == "wsarecv" { 4225 const WSAECONNABORTED = 10053 4226 const WSAECONNRESET = 10054 4227 if n := http2errno(se.Err); n == WSAECONNRESET || n == WSAECONNABORTED { 4228 return true 4229 } 4230 } 4231 } 4232 } 4233 return false 4234 } 4235 4236 func (sc *http2serverConn) condlogf(err error, format string, args ...interface{}) { 4237 if err == nil { 4238 return 4239 } 4240 if err == io.EOF || err == io.ErrUnexpectedEOF || http2isClosedConnError(err) || err == http2errPrefaceTimeout { 4241 // Boring, expected errors. 4242 sc.vlogf(format, args...) 4243 } else { 4244 sc.logf(format, args...) 4245 } 4246 } 4247 4248 func (sc *http2serverConn) canonicalHeader(v string) string { 4249 sc.serveG.check() 4250 http2buildCommonHeaderMapsOnce() 4251 cv, ok := http2commonCanonHeader[v] 4252 if ok { 4253 return cv 4254 } 4255 cv, ok = sc.canonHeader[v] 4256 if ok { 4257 return cv 4258 } 4259 if sc.canonHeader == nil { 4260 sc.canonHeader = make(map[string]string) 4261 } 4262 cv = CanonicalHeaderKey(v) 4263 sc.canonHeader[v] = cv 4264 return cv 4265 } 4266 4267 type http2readFrameResult struct { 4268 f http2Frame // valid until readMore is called 4269 err error 4270 4271 // readMore should be called once the consumer no longer needs or 4272 // retains f. After readMore, f is invalid and more frames can be 4273 // read. 4274 readMore func() 4275 } 4276 4277 // readFrames is the loop that reads incoming frames. 4278 // It takes care to only read one frame at a time, blocking until the 4279 // consumer is done with the frame. 4280 // It's run on its own goroutine. 4281 func (sc *http2serverConn) readFrames() { 4282 gate := make(http2gate) 4283 gateDone := gate.Done 4284 for { 4285 f, err := sc.framer.ReadFrame() 4286 select { 4287 case sc.readFrameCh <- http2readFrameResult{f, err, gateDone}: 4288 case <-sc.doneServing: 4289 return 4290 } 4291 select { 4292 case <-gate: 4293 case <-sc.doneServing: 4294 return 4295 } 4296 if http2terminalReadFrameError(err) { 4297 return 4298 } 4299 } 4300 } 4301 4302 // frameWriteResult is the message passed from writeFrameAsync to the serve goroutine. 4303 type http2frameWriteResult struct { 4304 wr http2FrameWriteRequest // what was written (or attempted) 4305 err error // result of the writeFrame call 4306 } 4307 4308 // writeFrameAsync runs in its own goroutine and writes a single frame 4309 // and then reports when it's done. 4310 // At most one goroutine can be running writeFrameAsync at a time per 4311 // serverConn. 4312 func (sc *http2serverConn) writeFrameAsync(wr http2FrameWriteRequest) { 4313 err := wr.write.writeFrame(sc) 4314 sc.wroteFrameCh <- http2frameWriteResult{wr, err} 4315 } 4316 4317 func (sc *http2serverConn) closeAllStreamsOnConnClose() { 4318 sc.serveG.check() 4319 for _, st := range sc.streams { 4320 sc.closeStream(st, http2errClientDisconnected) 4321 } 4322 } 4323 4324 func (sc *http2serverConn) stopShutdownTimer() { 4325 sc.serveG.check() 4326 if t := sc.shutdownTimer; t != nil { 4327 t.Stop() 4328 } 4329 } 4330 4331 func (sc *http2serverConn) notePanic() { 4332 // Note: this is for serverConn.serve panicking, not http.Handler code. 4333 if http2testHookOnPanicMu != nil { 4334 http2testHookOnPanicMu.Lock() 4335 defer http2testHookOnPanicMu.Unlock() 4336 } 4337 if http2testHookOnPanic != nil { 4338 if e := recover(); e != nil { 4339 if http2testHookOnPanic(sc, e) { 4340 panic(e) 4341 } 4342 } 4343 } 4344 } 4345 4346 func (sc *http2serverConn) serve() { 4347 sc.serveG.check() 4348 defer sc.notePanic() 4349 defer sc.conn.Close() 4350 defer sc.closeAllStreamsOnConnClose() 4351 defer sc.stopShutdownTimer() 4352 defer close(sc.doneServing) // unblocks handlers trying to send 4353 4354 if http2VerboseLogs { 4355 sc.vlogf("http2: server connection from %v on %p", sc.conn.RemoteAddr(), sc.hs) 4356 } 4357 4358 sc.writeFrame(http2FrameWriteRequest{ 4359 write: http2writeSettings{ 4360 {http2SettingMaxFrameSize, sc.srv.maxReadFrameSize()}, 4361 {http2SettingMaxConcurrentStreams, sc.advMaxStreams}, 4362 {http2SettingMaxHeaderListSize, sc.maxHeaderListSize()}, 4363 {http2SettingInitialWindowSize, uint32(sc.srv.initialStreamRecvWindowSize())}, 4364 }, 4365 }) 4366 sc.unackedSettings++ 4367 4368 // Each connection starts with intialWindowSize inflow tokens. 4369 // If a higher value is configured, we add more tokens. 4370 if diff := sc.srv.initialConnRecvWindowSize() - http2initialWindowSize; diff > 0 { 4371 sc.sendWindowUpdate(nil, int(diff)) 4372 } 4373 4374 if err := sc.readPreface(); err != nil { 4375 sc.condlogf(err, "http2: server: error reading preface from client %v: %v", sc.conn.RemoteAddr(), err) 4376 return 4377 } 4378 // Now that we've got the preface, get us out of the 4379 // "StateNew" state. We can't go directly to idle, though. 4380 // Active means we read some data and anticipate a request. We'll 4381 // do another Active when we get a HEADERS frame. 4382 sc.setConnState(StateActive) 4383 sc.setConnState(StateIdle) 4384 4385 if sc.srv.IdleTimeout != 0 { 4386 sc.idleTimer = time.AfterFunc(sc.srv.IdleTimeout, sc.onIdleTimer) 4387 defer sc.idleTimer.Stop() 4388 } 4389 4390 go sc.readFrames() // closed by defer sc.conn.Close above 4391 4392 settingsTimer := time.AfterFunc(http2firstSettingsTimeout, sc.onSettingsTimer) 4393 defer settingsTimer.Stop() 4394 4395 loopNum := 0 4396 for { 4397 loopNum++ 4398 select { 4399 case wr := <-sc.wantWriteFrameCh: 4400 if se, ok := wr.write.(http2StreamError); ok { 4401 sc.resetStream(se) 4402 break 4403 } 4404 sc.writeFrame(wr) 4405 case res := <-sc.wroteFrameCh: 4406 sc.wroteFrame(res) 4407 case res := <-sc.readFrameCh: 4408 if !sc.processFrameFromReader(res) { 4409 return 4410 } 4411 res.readMore() 4412 if settingsTimer != nil { 4413 settingsTimer.Stop() 4414 settingsTimer = nil 4415 } 4416 case m := <-sc.bodyReadCh: 4417 sc.noteBodyRead(m.st, m.n) 4418 case msg := <-sc.serveMsgCh: 4419 switch v := msg.(type) { 4420 case func(int): 4421 v(loopNum) // for testing 4422 case *http2serverMessage: 4423 switch v { 4424 case http2settingsTimerMsg: 4425 sc.logf("timeout waiting for SETTINGS frames from %v", sc.conn.RemoteAddr()) 4426 return 4427 case http2idleTimerMsg: 4428 sc.vlogf("connection is idle") 4429 sc.goAway(http2ErrCodeNo) 4430 case http2shutdownTimerMsg: 4431 sc.vlogf("GOAWAY close timer fired; closing conn from %v", sc.conn.RemoteAddr()) 4432 return 4433 case http2gracefulShutdownMsg: 4434 sc.startGracefulShutdownInternal() 4435 default: 4436 panic("unknown timer") 4437 } 4438 case *http2startPushRequest: 4439 sc.startPush(v) 4440 default: 4441 panic(fmt.Sprintf("unexpected type %T", v)) 4442 } 4443 } 4444 4445 // If the peer is causing us to generate a lot of control frames, 4446 // but not reading them from us, assume they are trying to make us 4447 // run out of memory. 4448 if sc.queuedControlFrames > sc.srv.maxQueuedControlFrames() { 4449 sc.vlogf("http2: too many control frames in send queue, closing connection") 4450 return 4451 } 4452 4453 // Start the shutdown timer after sending a GOAWAY. When sending GOAWAY 4454 // with no error code (graceful shutdown), don't start the timer until 4455 // all open streams have been completed. 4456 sentGoAway := sc.inGoAway && !sc.needToSendGoAway && !sc.writingFrame 4457 gracefulShutdownComplete := sc.goAwayCode == http2ErrCodeNo && sc.curOpenStreams() == 0 4458 if sentGoAway && sc.shutdownTimer == nil && (sc.goAwayCode != http2ErrCodeNo || gracefulShutdownComplete) { 4459 sc.shutDownIn(http2goAwayTimeout) 4460 } 4461 } 4462 } 4463 4464 func (sc *http2serverConn) awaitGracefulShutdown(sharedCh <-chan struct{}, privateCh chan struct{}) { 4465 select { 4466 case <-sc.doneServing: 4467 case <-sharedCh: 4468 close(privateCh) 4469 } 4470 } 4471 4472 type http2serverMessage int 4473 4474 // Message values sent to serveMsgCh. 4475 var ( 4476 http2settingsTimerMsg = new(http2serverMessage) 4477 http2idleTimerMsg = new(http2serverMessage) 4478 http2shutdownTimerMsg = new(http2serverMessage) 4479 http2gracefulShutdownMsg = new(http2serverMessage) 4480 ) 4481 4482 func (sc *http2serverConn) onSettingsTimer() { sc.sendServeMsg(http2settingsTimerMsg) } 4483 4484 func (sc *http2serverConn) onIdleTimer() { sc.sendServeMsg(http2idleTimerMsg) } 4485 4486 func (sc *http2serverConn) onShutdownTimer() { sc.sendServeMsg(http2shutdownTimerMsg) } 4487 4488 func (sc *http2serverConn) sendServeMsg(msg interface{}) { 4489 sc.serveG.checkNotOn() // NOT 4490 select { 4491 case sc.serveMsgCh <- msg: 4492 case <-sc.doneServing: 4493 } 4494 } 4495 4496 var http2errPrefaceTimeout = errors.New("timeout waiting for client preface") 4497 4498 // readPreface reads the ClientPreface greeting from the peer or 4499 // returns errPrefaceTimeout on timeout, or an error if the greeting 4500 // is invalid. 4501 func (sc *http2serverConn) readPreface() error { 4502 errc := make(chan error, 1) 4503 go func() { 4504 // Read the client preface 4505 buf := make([]byte, len(http2ClientPreface)) 4506 if _, err := io.ReadFull(sc.conn, buf); err != nil { 4507 errc <- err 4508 } else if !bytes.Equal(buf, http2clientPreface) { 4509 errc <- fmt.Errorf("bogus greeting %q", buf) 4510 } else { 4511 errc <- nil 4512 } 4513 }() 4514 timer := time.NewTimer(http2prefaceTimeout) // TODO: configurable on *Server? 4515 defer timer.Stop() 4516 select { 4517 case <-timer.C: 4518 return http2errPrefaceTimeout 4519 case err := <-errc: 4520 if err == nil { 4521 if http2VerboseLogs { 4522 sc.vlogf("http2: server: client %v said hello", sc.conn.RemoteAddr()) 4523 } 4524 } 4525 return err 4526 } 4527 } 4528 4529 var http2errChanPool = sync.Pool{ 4530 New: func() interface{} { return make(chan error, 1) }, 4531 } 4532 4533 var http2writeDataPool = sync.Pool{ 4534 New: func() interface{} { return new(http2writeData) }, 4535 } 4536 4537 // writeDataFromHandler writes DATA response frames from a handler on 4538 // the given stream. 4539 func (sc *http2serverConn) writeDataFromHandler(stream *http2stream, data []byte, endStream bool) error { 4540 ch := http2errChanPool.Get().(chan error) 4541 writeArg := http2writeDataPool.Get().(*http2writeData) 4542 *writeArg = http2writeData{stream.id, data, endStream} 4543 err := sc.writeFrameFromHandler(http2FrameWriteRequest{ 4544 write: writeArg, 4545 stream: stream, 4546 done: ch, 4547 }) 4548 if err != nil { 4549 return err 4550 } 4551 var frameWriteDone bool // the frame write is done (successfully or not) 4552 select { 4553 case err = <-ch: 4554 frameWriteDone = true 4555 case <-sc.doneServing: 4556 return http2errClientDisconnected 4557 case <-stream.cw: 4558 // If both ch and stream.cw were ready (as might 4559 // happen on the final Write after an http.Handler 4560 // ends), prefer the write result. Otherwise this 4561 // might just be us successfully closing the stream. 4562 // The writeFrameAsync and serve goroutines guarantee 4563 // that the ch send will happen before the stream.cw 4564 // close. 4565 select { 4566 case err = <-ch: 4567 frameWriteDone = true 4568 default: 4569 return http2errStreamClosed 4570 } 4571 } 4572 http2errChanPool.Put(ch) 4573 if frameWriteDone { 4574 http2writeDataPool.Put(writeArg) 4575 } 4576 return err 4577 } 4578 4579 // writeFrameFromHandler sends wr to sc.wantWriteFrameCh, but aborts 4580 // if the connection has gone away. 4581 // 4582 // This must not be run from the serve goroutine itself, else it might 4583 // deadlock writing to sc.wantWriteFrameCh (which is only mildly 4584 // buffered and is read by serve itself). If you're on the serve 4585 // goroutine, call writeFrame instead. 4586 func (sc *http2serverConn) writeFrameFromHandler(wr http2FrameWriteRequest) error { 4587 sc.serveG.checkNotOn() // NOT 4588 select { 4589 case sc.wantWriteFrameCh <- wr: 4590 return nil 4591 case <-sc.doneServing: 4592 // Serve loop is gone. 4593 // Client has closed their connection to the server. 4594 return http2errClientDisconnected 4595 } 4596 } 4597 4598 // writeFrame schedules a frame to write and sends it if there's nothing 4599 // already being written. 4600 // 4601 // There is no pushback here (the serve goroutine never blocks). It's 4602 // the http.Handlers that block, waiting for their previous frames to 4603 // make it onto the wire 4604 // 4605 // If you're not on the serve goroutine, use writeFrameFromHandler instead. 4606 func (sc *http2serverConn) writeFrame(wr http2FrameWriteRequest) { 4607 sc.serveG.check() 4608 4609 // If true, wr will not be written and wr.done will not be signaled. 4610 var ignoreWrite bool 4611 4612 // We are not allowed to write frames on closed streams. RFC 7540 Section 4613 // 5.1.1 says: "An endpoint MUST NOT send frames other than PRIORITY on 4614 // a closed stream." Our server never sends PRIORITY, so that exception 4615 // does not apply. 4616 // 4617 // The serverConn might close an open stream while the stream's handler 4618 // is still running. For example, the server might close a stream when it 4619 // receives bad data from the client. If this happens, the handler might 4620 // attempt to write a frame after the stream has been closed (since the 4621 // handler hasn't yet been notified of the close). In this case, we simply 4622 // ignore the frame. The handler will notice that the stream is closed when 4623 // it waits for the frame to be written. 4624 // 4625 // As an exception to this rule, we allow sending RST_STREAM after close. 4626 // This allows us to immediately reject new streams without tracking any 4627 // state for those streams (except for the queued RST_STREAM frame). This 4628 // may result in duplicate RST_STREAMs in some cases, but the client should 4629 // ignore those. 4630 if wr.StreamID() != 0 { 4631 _, isReset := wr.write.(http2StreamError) 4632 if state, _ := sc.state(wr.StreamID()); state == http2stateClosed && !isReset { 4633 ignoreWrite = true 4634 } 4635 } 4636 4637 // Don't send a 100-continue response if we've already sent headers. 4638 // See golang.org/issue/14030. 4639 switch wr.write.(type) { 4640 case *http2writeResHeaders: 4641 wr.stream.wroteHeaders = true 4642 case http2write100ContinueHeadersFrame: 4643 if wr.stream.wroteHeaders { 4644 // We do not need to notify wr.done because this frame is 4645 // never written with wr.done != nil. 4646 if wr.done != nil { 4647 panic("wr.done != nil for write100ContinueHeadersFrame") 4648 } 4649 ignoreWrite = true 4650 } 4651 } 4652 4653 if !ignoreWrite { 4654 if wr.isControl() { 4655 sc.queuedControlFrames++ 4656 // For extra safety, detect wraparounds, which should not happen, 4657 // and pull the plug. 4658 if sc.queuedControlFrames < 0 { 4659 sc.conn.Close() 4660 } 4661 } 4662 sc.writeSched.Push(wr) 4663 } 4664 sc.scheduleFrameWrite() 4665 } 4666 4667 // startFrameWrite starts a goroutine to write wr (in a separate 4668 // goroutine since that might block on the network), and updates the 4669 // serve goroutine's state about the world, updated from info in wr. 4670 func (sc *http2serverConn) startFrameWrite(wr http2FrameWriteRequest) { 4671 sc.serveG.check() 4672 if sc.writingFrame { 4673 panic("internal error: can only be writing one frame at a time") 4674 } 4675 4676 st := wr.stream 4677 if st != nil { 4678 switch st.state { 4679 case http2stateHalfClosedLocal: 4680 switch wr.write.(type) { 4681 case http2StreamError, http2handlerPanicRST, http2writeWindowUpdate: 4682 // RFC 7540 Section 5.1 allows sending RST_STREAM, PRIORITY, and WINDOW_UPDATE 4683 // in this state. (We never send PRIORITY from the server, so that is not checked.) 4684 default: 4685 panic(fmt.Sprintf("internal error: attempt to send frame on a half-closed-local stream: %v", wr)) 4686 } 4687 case http2stateClosed: 4688 panic(fmt.Sprintf("internal error: attempt to send frame on a closed stream: %v", wr)) 4689 } 4690 } 4691 if wpp, ok := wr.write.(*http2writePushPromise); ok { 4692 var err error 4693 wpp.promisedID, err = wpp.allocatePromisedID() 4694 if err != nil { 4695 sc.writingFrameAsync = false 4696 wr.replyToWriter(err) 4697 return 4698 } 4699 } 4700 4701 sc.writingFrame = true 4702 sc.needsFrameFlush = true 4703 if wr.write.staysWithinBuffer(sc.bw.Available()) { 4704 sc.writingFrameAsync = false 4705 err := wr.write.writeFrame(sc) 4706 sc.wroteFrame(http2frameWriteResult{wr, err}) 4707 } else { 4708 sc.writingFrameAsync = true 4709 go sc.writeFrameAsync(wr) 4710 } 4711 } 4712 4713 // errHandlerPanicked is the error given to any callers blocked in a read from 4714 // Request.Body when the main goroutine panics. Since most handlers read in the 4715 // main ServeHTTP goroutine, this will show up rarely. 4716 var http2errHandlerPanicked = errors.New("http2: handler panicked") 4717 4718 // wroteFrame is called on the serve goroutine with the result of 4719 // whatever happened on writeFrameAsync. 4720 func (sc *http2serverConn) wroteFrame(res http2frameWriteResult) { 4721 sc.serveG.check() 4722 if !sc.writingFrame { 4723 panic("internal error: expected to be already writing a frame") 4724 } 4725 sc.writingFrame = false 4726 sc.writingFrameAsync = false 4727 4728 wr := res.wr 4729 4730 if http2writeEndsStream(wr.write) { 4731 st := wr.stream 4732 if st == nil { 4733 panic("internal error: expecting non-nil stream") 4734 } 4735 switch st.state { 4736 case http2stateOpen: 4737 // Here we would go to stateHalfClosedLocal in 4738 // theory, but since our handler is done and 4739 // the net/http package provides no mechanism 4740 // for closing a ResponseWriter while still 4741 // reading data (see possible TODO at top of 4742 // this file), we go into closed state here 4743 // anyway, after telling the peer we're 4744 // hanging up on them. We'll transition to 4745 // stateClosed after the RST_STREAM frame is 4746 // written. 4747 st.state = http2stateHalfClosedLocal 4748 // Section 8.1: a server MAY request that the client abort 4749 // transmission of a request without error by sending a 4750 // RST_STREAM with an error code of NO_ERROR after sending 4751 // a complete response. 4752 sc.resetStream(http2streamError(st.id, http2ErrCodeNo)) 4753 case http2stateHalfClosedRemote: 4754 sc.closeStream(st, http2errHandlerComplete) 4755 } 4756 } else { 4757 switch v := wr.write.(type) { 4758 case http2StreamError: 4759 // st may be unknown if the RST_STREAM was generated to reject bad input. 4760 if st, ok := sc.streams[v.StreamID]; ok { 4761 sc.closeStream(st, v) 4762 } 4763 case http2handlerPanicRST: 4764 sc.closeStream(wr.stream, http2errHandlerPanicked) 4765 } 4766 } 4767 4768 // Reply (if requested) to unblock the ServeHTTP goroutine. 4769 wr.replyToWriter(res.err) 4770 4771 sc.scheduleFrameWrite() 4772 } 4773 4774 // scheduleFrameWrite tickles the frame writing scheduler. 4775 // 4776 // If a frame is already being written, nothing happens. This will be called again 4777 // when the frame is done being written. 4778 // 4779 // If a frame isn't being written and we need to send one, the best frame 4780 // to send is selected by writeSched. 4781 // 4782 // If a frame isn't being written and there's nothing else to send, we 4783 // flush the write buffer. 4784 func (sc *http2serverConn) scheduleFrameWrite() { 4785 sc.serveG.check() 4786 if sc.writingFrame || sc.inFrameScheduleLoop { 4787 return 4788 } 4789 sc.inFrameScheduleLoop = true 4790 for !sc.writingFrameAsync { 4791 if sc.needToSendGoAway { 4792 sc.needToSendGoAway = false 4793 sc.startFrameWrite(http2FrameWriteRequest{ 4794 write: &http2writeGoAway{ 4795 maxStreamID: sc.maxClientStreamID, 4796 code: sc.goAwayCode, 4797 }, 4798 }) 4799 continue 4800 } 4801 if sc.needToSendSettingsAck { 4802 sc.needToSendSettingsAck = false 4803 sc.startFrameWrite(http2FrameWriteRequest{write: http2writeSettingsAck{}}) 4804 continue 4805 } 4806 if !sc.inGoAway || sc.goAwayCode == http2ErrCodeNo { 4807 if wr, ok := sc.writeSched.Pop(); ok { 4808 if wr.isControl() { 4809 sc.queuedControlFrames-- 4810 } 4811 sc.startFrameWrite(wr) 4812 continue 4813 } 4814 } 4815 if sc.needsFrameFlush { 4816 sc.startFrameWrite(http2FrameWriteRequest{write: http2flushFrameWriter{}}) 4817 sc.needsFrameFlush = false // after startFrameWrite, since it sets this true 4818 continue 4819 } 4820 break 4821 } 4822 sc.inFrameScheduleLoop = false 4823 } 4824 4825 // startGracefulShutdown gracefully shuts down a connection. This 4826 // sends GOAWAY with ErrCodeNo to tell the client we're gracefully 4827 // shutting down. The connection isn't closed until all current 4828 // streams are done. 4829 // 4830 // startGracefulShutdown returns immediately; it does not wait until 4831 // the connection has shut down. 4832 func (sc *http2serverConn) startGracefulShutdown() { 4833 sc.serveG.checkNotOn() // NOT 4834 sc.shutdownOnce.Do(func() { sc.sendServeMsg(http2gracefulShutdownMsg) }) 4835 } 4836 4837 // After sending GOAWAY, the connection will close after goAwayTimeout. 4838 // If we close the connection immediately after sending GOAWAY, there may 4839 // be unsent data in our kernel receive buffer, which will cause the kernel 4840 // to send a TCP RST on close() instead of a FIN. This RST will abort the 4841 // connection immediately, whether or not the client had received the GOAWAY. 4842 // 4843 // Ideally we should delay for at least 1 RTT + epsilon so the client has 4844 // a chance to read the GOAWAY and stop sending messages. Measuring RTT 4845 // is hard, so we approximate with 1 second. See golang.org/issue/18701. 4846 // 4847 // This is a var so it can be shorter in tests, where all requests uses the 4848 // loopback interface making the expected RTT very small. 4849 // 4850 // TODO: configurable? 4851 var http2goAwayTimeout = 1 * time.Second 4852 4853 func (sc *http2serverConn) startGracefulShutdownInternal() { 4854 sc.goAway(http2ErrCodeNo) 4855 } 4856 4857 func (sc *http2serverConn) goAway(code http2ErrCode) { 4858 sc.serveG.check() 4859 if sc.inGoAway { 4860 return 4861 } 4862 sc.inGoAway = true 4863 sc.needToSendGoAway = true 4864 sc.goAwayCode = code 4865 sc.scheduleFrameWrite() 4866 } 4867 4868 func (sc *http2serverConn) shutDownIn(d time.Duration) { 4869 sc.serveG.check() 4870 sc.shutdownTimer = time.AfterFunc(d, sc.onShutdownTimer) 4871 } 4872 4873 func (sc *http2serverConn) resetStream(se http2StreamError) { 4874 sc.serveG.check() 4875 sc.writeFrame(http2FrameWriteRequest{write: se}) 4876 if st, ok := sc.streams[se.StreamID]; ok { 4877 st.resetQueued = true 4878 } 4879 } 4880 4881 // processFrameFromReader processes the serve loop's read from readFrameCh from the 4882 // frame-reading goroutine. 4883 // processFrameFromReader returns whether the connection should be kept open. 4884 func (sc *http2serverConn) processFrameFromReader(res http2readFrameResult) bool { 4885 sc.serveG.check() 4886 err := res.err 4887 if err != nil { 4888 if err == http2ErrFrameTooLarge { 4889 sc.goAway(http2ErrCodeFrameSize) 4890 return true // goAway will close the loop 4891 } 4892 clientGone := err == io.EOF || err == io.ErrUnexpectedEOF || http2isClosedConnError(err) 4893 if clientGone { 4894 // TODO: could we also get into this state if 4895 // the peer does a half close 4896 // (e.g. CloseWrite) because they're done 4897 // sending frames but they're still wanting 4898 // our open replies? Investigate. 4899 // TODO: add CloseWrite to crypto/tls.Conn first 4900 // so we have a way to test this? I suppose 4901 // just for testing we could have a non-TLS mode. 4902 return false 4903 } 4904 } else { 4905 f := res.f 4906 if http2VerboseLogs { 4907 sc.vlogf("http2: server read frame %v", http2summarizeFrame(f)) 4908 } 4909 err = sc.processFrame(f) 4910 if err == nil { 4911 return true 4912 } 4913 } 4914 4915 switch ev := err.(type) { 4916 case http2StreamError: 4917 sc.resetStream(ev) 4918 return true 4919 case http2goAwayFlowError: 4920 sc.goAway(http2ErrCodeFlowControl) 4921 return true 4922 case http2ConnectionError: 4923 sc.logf("http2: server connection error from %v: %v", sc.conn.RemoteAddr(), ev) 4924 sc.goAway(http2ErrCode(ev)) 4925 return true // goAway will handle shutdown 4926 default: 4927 if res.err != nil { 4928 sc.vlogf("http2: server closing client connection; error reading frame from client %s: %v", sc.conn.RemoteAddr(), err) 4929 } else { 4930 sc.logf("http2: server closing client connection: %v", err) 4931 } 4932 return false 4933 } 4934 } 4935 4936 func (sc *http2serverConn) processFrame(f http2Frame) error { 4937 sc.serveG.check() 4938 4939 // First frame received must be SETTINGS. 4940 if !sc.sawFirstSettings { 4941 if _, ok := f.(*http2SettingsFrame); !ok { 4942 return http2ConnectionError(http2ErrCodeProtocol) 4943 } 4944 sc.sawFirstSettings = true 4945 } 4946 4947 switch f := f.(type) { 4948 case *http2SettingsFrame: 4949 return sc.processSettings(f) 4950 case *http2MetaHeadersFrame: 4951 return sc.processHeaders(f) 4952 case *http2WindowUpdateFrame: 4953 return sc.processWindowUpdate(f) 4954 case *http2PingFrame: 4955 return sc.processPing(f) 4956 case *http2DataFrame: 4957 return sc.processData(f) 4958 case *http2RSTStreamFrame: 4959 return sc.processResetStream(f) 4960 case *http2PriorityFrame: 4961 return sc.processPriority(f) 4962 case *http2GoAwayFrame: 4963 return sc.processGoAway(f) 4964 case *http2PushPromiseFrame: 4965 // A client cannot push. Thus, servers MUST treat the receipt of a PUSH_PROMISE 4966 // frame as a connection error (Section 5.4.1) of type PROTOCOL_ERROR. 4967 return http2ConnectionError(http2ErrCodeProtocol) 4968 default: 4969 sc.vlogf("http2: server ignoring frame: %v", f.Header()) 4970 return nil 4971 } 4972 } 4973 4974 func (sc *http2serverConn) processPing(f *http2PingFrame) error { 4975 sc.serveG.check() 4976 if f.IsAck() { 4977 // 6.7 PING: " An endpoint MUST NOT respond to PING frames 4978 // containing this flag." 4979 return nil 4980 } 4981 if f.StreamID != 0 { 4982 // "PING frames are not associated with any individual 4983 // stream. If a PING frame is received with a stream 4984 // identifier field value other than 0x0, the recipient MUST 4985 // respond with a connection error (Section 5.4.1) of type 4986 // PROTOCOL_ERROR." 4987 return http2ConnectionError(http2ErrCodeProtocol) 4988 } 4989 if sc.inGoAway && sc.goAwayCode != http2ErrCodeNo { 4990 return nil 4991 } 4992 sc.writeFrame(http2FrameWriteRequest{write: http2writePingAck{f}}) 4993 return nil 4994 } 4995 4996 func (sc *http2serverConn) processWindowUpdate(f *http2WindowUpdateFrame) error { 4997 sc.serveG.check() 4998 switch { 4999 case f.StreamID != 0: // stream-level flow control 5000 state, st := sc.state(f.StreamID) 5001 if state == http2stateIdle { 5002 // Section 5.1: "Receiving any frame other than HEADERS 5003 // or PRIORITY on a stream in this state MUST be 5004 // treated as a connection error (Section 5.4.1) of 5005 // type PROTOCOL_ERROR." 5006 return http2ConnectionError(http2ErrCodeProtocol) 5007 } 5008 if st == nil { 5009 // "WINDOW_UPDATE can be sent by a peer that has sent a 5010 // frame bearing the END_STREAM flag. This means that a 5011 // receiver could receive a WINDOW_UPDATE frame on a "half 5012 // closed (remote)" or "closed" stream. A receiver MUST 5013 // NOT treat this as an error, see Section 5.1." 5014 return nil 5015 } 5016 if !st.flow.add(int32(f.Increment)) { 5017 return http2streamError(f.StreamID, http2ErrCodeFlowControl) 5018 } 5019 default: // connection-level flow control 5020 if !sc.flow.add(int32(f.Increment)) { 5021 return http2goAwayFlowError{} 5022 } 5023 } 5024 sc.scheduleFrameWrite() 5025 return nil 5026 } 5027 5028 func (sc *http2serverConn) processResetStream(f *http2RSTStreamFrame) error { 5029 sc.serveG.check() 5030 5031 state, st := sc.state(f.StreamID) 5032 if state == http2stateIdle { 5033 // 6.4 "RST_STREAM frames MUST NOT be sent for a 5034 // stream in the "idle" state. If a RST_STREAM frame 5035 // identifying an idle stream is received, the 5036 // recipient MUST treat this as a connection error 5037 // (Section 5.4.1) of type PROTOCOL_ERROR. 5038 return http2ConnectionError(http2ErrCodeProtocol) 5039 } 5040 if st != nil { 5041 st.cancelCtx() 5042 sc.closeStream(st, http2streamError(f.StreamID, f.ErrCode)) 5043 } 5044 return nil 5045 } 5046 5047 func (sc *http2serverConn) closeStream(st *http2stream, err error) { 5048 sc.serveG.check() 5049 if st.state == http2stateIdle || st.state == http2stateClosed { 5050 panic(fmt.Sprintf("invariant; can't close stream in state %v", st.state)) 5051 } 5052 st.state = http2stateClosed 5053 if st.writeDeadline != nil { 5054 st.writeDeadline.Stop() 5055 } 5056 if st.isPushed() { 5057 sc.curPushedStreams-- 5058 } else { 5059 sc.curClientStreams-- 5060 } 5061 delete(sc.streams, st.id) 5062 if len(sc.streams) == 0 { 5063 sc.setConnState(StateIdle) 5064 if sc.srv.IdleTimeout != 0 { 5065 sc.idleTimer.Reset(sc.srv.IdleTimeout) 5066 } 5067 if http2h1ServerKeepAlivesDisabled(sc.hs) { 5068 sc.startGracefulShutdownInternal() 5069 } 5070 } 5071 if p := st.body; p != nil { 5072 // Return any buffered unread bytes worth of conn-level flow control. 5073 // See golang.org/issue/16481 5074 sc.sendWindowUpdate(nil, p.Len()) 5075 5076 p.CloseWithError(err) 5077 } 5078 st.cw.Close() // signals Handler's CloseNotifier, unblocks writes, etc 5079 sc.writeSched.CloseStream(st.id) 5080 } 5081 5082 func (sc *http2serverConn) processSettings(f *http2SettingsFrame) error { 5083 sc.serveG.check() 5084 if f.IsAck() { 5085 sc.unackedSettings-- 5086 if sc.unackedSettings < 0 { 5087 // Why is the peer ACKing settings we never sent? 5088 // The spec doesn't mention this case, but 5089 // hang up on them anyway. 5090 return http2ConnectionError(http2ErrCodeProtocol) 5091 } 5092 return nil 5093 } 5094 if f.NumSettings() > 100 || f.HasDuplicates() { 5095 // This isn't actually in the spec, but hang up on 5096 // suspiciously large settings frames or those with 5097 // duplicate entries. 5098 return http2ConnectionError(http2ErrCodeProtocol) 5099 } 5100 if err := f.ForeachSetting(sc.processSetting); err != nil { 5101 return err 5102 } 5103 // TODO: judging by RFC 7540, Section 6.5.3 each SETTINGS frame should be 5104 // acknowledged individually, even if multiple are received before the ACK. 5105 sc.needToSendSettingsAck = true 5106 sc.scheduleFrameWrite() 5107 return nil 5108 } 5109 5110 func (sc *http2serverConn) processSetting(s http2Setting) error { 5111 sc.serveG.check() 5112 if err := s.Valid(); err != nil { 5113 return err 5114 } 5115 if http2VerboseLogs { 5116 sc.vlogf("http2: server processing setting %v", s) 5117 } 5118 switch s.ID { 5119 case http2SettingHeaderTableSize: 5120 sc.headerTableSize = s.Val 5121 sc.hpackEncoder.SetMaxDynamicTableSize(s.Val) 5122 case http2SettingEnablePush: 5123 sc.pushEnabled = s.Val != 0 5124 case http2SettingMaxConcurrentStreams: 5125 sc.clientMaxStreams = s.Val 5126 case http2SettingInitialWindowSize: 5127 return sc.processSettingInitialWindowSize(s.Val) 5128 case http2SettingMaxFrameSize: 5129 sc.maxFrameSize = int32(s.Val) // the maximum valid s.Val is < 2^31 5130 case http2SettingMaxHeaderListSize: 5131 sc.peerMaxHeaderListSize = s.Val 5132 default: 5133 // Unknown setting: "An endpoint that receives a SETTINGS 5134 // frame with any unknown or unsupported identifier MUST 5135 // ignore that setting." 5136 if http2VerboseLogs { 5137 sc.vlogf("http2: server ignoring unknown setting %v", s) 5138 } 5139 } 5140 return nil 5141 } 5142 5143 func (sc *http2serverConn) processSettingInitialWindowSize(val uint32) error { 5144 sc.serveG.check() 5145 // Note: val already validated to be within range by 5146 // processSetting's Valid call. 5147 5148 // "A SETTINGS frame can alter the initial flow control window 5149 // size for all current streams. When the value of 5150 // SETTINGS_INITIAL_WINDOW_SIZE changes, a receiver MUST 5151 // adjust the size of all stream flow control windows that it 5152 // maintains by the difference between the new value and the 5153 // old value." 5154 old := sc.initialStreamSendWindowSize 5155 sc.initialStreamSendWindowSize = int32(val) 5156 growth := int32(val) - old // may be negative 5157 for _, st := range sc.streams { 5158 if !st.flow.add(growth) { 5159 // 6.9.2 Initial Flow Control Window Size 5160 // "An endpoint MUST treat a change to 5161 // SETTINGS_INITIAL_WINDOW_SIZE that causes any flow 5162 // control window to exceed the maximum size as a 5163 // connection error (Section 5.4.1) of type 5164 // FLOW_CONTROL_ERROR." 5165 return http2ConnectionError(http2ErrCodeFlowControl) 5166 } 5167 } 5168 return nil 5169 } 5170 5171 func (sc *http2serverConn) processData(f *http2DataFrame) error { 5172 sc.serveG.check() 5173 if sc.inGoAway && sc.goAwayCode != http2ErrCodeNo { 5174 return nil 5175 } 5176 data := f.Data() 5177 5178 // "If a DATA frame is received whose stream is not in "open" 5179 // or "half closed (local)" state, the recipient MUST respond 5180 // with a stream error (Section 5.4.2) of type STREAM_CLOSED." 5181 id := f.Header().StreamID 5182 state, st := sc.state(id) 5183 if id == 0 || state == http2stateIdle { 5184 // Section 5.1: "Receiving any frame other than HEADERS 5185 // or PRIORITY on a stream in this state MUST be 5186 // treated as a connection error (Section 5.4.1) of 5187 // type PROTOCOL_ERROR." 5188 return http2ConnectionError(http2ErrCodeProtocol) 5189 } 5190 if st == nil || state != http2stateOpen || st.gotTrailerHeader || st.resetQueued { 5191 // This includes sending a RST_STREAM if the stream is 5192 // in stateHalfClosedLocal (which currently means that 5193 // the http.Handler returned, so it's done reading & 5194 // done writing). Try to stop the client from sending 5195 // more DATA. 5196 5197 // But still enforce their connection-level flow control, 5198 // and return any flow control bytes since we're not going 5199 // to consume them. 5200 if sc.inflow.available() < int32(f.Length) { 5201 return http2streamError(id, http2ErrCodeFlowControl) 5202 } 5203 // Deduct the flow control from inflow, since we're 5204 // going to immediately add it back in 5205 // sendWindowUpdate, which also schedules sending the 5206 // frames. 5207 sc.inflow.take(int32(f.Length)) 5208 sc.sendWindowUpdate(nil, int(f.Length)) // conn-level 5209 5210 if st != nil && st.resetQueued { 5211 // Already have a stream error in flight. Don't send another. 5212 return nil 5213 } 5214 return http2streamError(id, http2ErrCodeStreamClosed) 5215 } 5216 if st.body == nil { 5217 panic("internal error: should have a body in this state") 5218 } 5219 5220 // Sender sending more than they'd declared? 5221 if st.declBodyBytes != -1 && st.bodyBytes+int64(len(data)) > st.declBodyBytes { 5222 st.body.CloseWithError(fmt.Errorf("sender tried to send more than declared Content-Length of %d bytes", st.declBodyBytes)) 5223 // RFC 7540, sec 8.1.2.6: A request or response is also malformed if the 5224 // value of a content-length header field does not equal the sum of the 5225 // DATA frame payload lengths that form the body. 5226 return http2streamError(id, http2ErrCodeProtocol) 5227 } 5228 if f.Length > 0 { 5229 // Check whether the client has flow control quota. 5230 if st.inflow.available() < int32(f.Length) { 5231 return http2streamError(id, http2ErrCodeFlowControl) 5232 } 5233 st.inflow.take(int32(f.Length)) 5234 5235 if len(data) > 0 { 5236 wrote, err := st.body.Write(data) 5237 if err != nil { 5238 return http2streamError(id, http2ErrCodeStreamClosed) 5239 } 5240 if wrote != len(data) { 5241 panic("internal error: bad Writer") 5242 } 5243 st.bodyBytes += int64(len(data)) 5244 } 5245 5246 // Return any padded flow control now, since we won't 5247 // refund it later on body reads. 5248 if pad := int32(f.Length) - int32(len(data)); pad > 0 { 5249 sc.sendWindowUpdate32(nil, pad) 5250 sc.sendWindowUpdate32(st, pad) 5251 } 5252 } 5253 if f.StreamEnded() { 5254 st.endStream() 5255 } 5256 return nil 5257 } 5258 5259 func (sc *http2serverConn) processGoAway(f *http2GoAwayFrame) error { 5260 sc.serveG.check() 5261 if f.ErrCode != http2ErrCodeNo { 5262 sc.logf("http2: received GOAWAY %+v, starting graceful shutdown", f) 5263 } else { 5264 sc.vlogf("http2: received GOAWAY %+v, starting graceful shutdown", f) 5265 } 5266 sc.startGracefulShutdownInternal() 5267 // http://tools.ietf.org/html/rfc7540#section-6.8 5268 // We should not create any new streams, which means we should disable push. 5269 sc.pushEnabled = false 5270 return nil 5271 } 5272 5273 // isPushed reports whether the stream is server-initiated. 5274 func (st *http2stream) isPushed() bool { 5275 return st.id%2 == 0 5276 } 5277 5278 // endStream closes a Request.Body's pipe. It is called when a DATA 5279 // frame says a request body is over (or after trailers). 5280 func (st *http2stream) endStream() { 5281 sc := st.sc 5282 sc.serveG.check() 5283 5284 if st.declBodyBytes != -1 && st.declBodyBytes != st.bodyBytes { 5285 st.body.CloseWithError(fmt.Errorf("request declared a Content-Length of %d but only wrote %d bytes", 5286 st.declBodyBytes, st.bodyBytes)) 5287 } else { 5288 st.body.closeWithErrorAndCode(io.EOF, st.copyTrailersToHandlerRequest) 5289 st.body.CloseWithError(io.EOF) 5290 } 5291 st.state = http2stateHalfClosedRemote 5292 } 5293 5294 // copyTrailersToHandlerRequest is run in the Handler's goroutine in 5295 // its Request.Body.Read just before it gets io.EOF. 5296 func (st *http2stream) copyTrailersToHandlerRequest() { 5297 for k, vv := range st.trailer { 5298 if _, ok := st.reqTrailer[k]; ok { 5299 // Only copy it over it was pre-declared. 5300 st.reqTrailer[k] = vv 5301 } 5302 } 5303 } 5304 5305 // onWriteTimeout is run on its own goroutine (from time.AfterFunc) 5306 // when the stream's WriteTimeout has fired. 5307 func (st *http2stream) onWriteTimeout() { 5308 st.sc.writeFrameFromHandler(http2FrameWriteRequest{write: http2streamError(st.id, http2ErrCodeInternal)}) 5309 } 5310 5311 func (sc *http2serverConn) processHeaders(f *http2MetaHeadersFrame) error { 5312 sc.serveG.check() 5313 id := f.StreamID 5314 if sc.inGoAway { 5315 // Ignore. 5316 return nil 5317 } 5318 // http://tools.ietf.org/html/rfc7540#section-5.1.1 5319 // Streams initiated by a client MUST use odd-numbered stream 5320 // identifiers. [...] An endpoint that receives an unexpected 5321 // stream identifier MUST respond with a connection error 5322 // (Section 5.4.1) of type PROTOCOL_ERROR. 5323 if id%2 != 1 { 5324 return http2ConnectionError(http2ErrCodeProtocol) 5325 } 5326 // A HEADERS frame can be used to create a new stream or 5327 // send a trailer for an open one. If we already have a stream 5328 // open, let it process its own HEADERS frame (trailers at this 5329 // point, if it's valid). 5330 if st := sc.streams[f.StreamID]; st != nil { 5331 if st.resetQueued { 5332 // We're sending RST_STREAM to close the stream, so don't bother 5333 // processing this frame. 5334 return nil 5335 } 5336 // RFC 7540, sec 5.1: If an endpoint receives additional frames, other than 5337 // WINDOW_UPDATE, PRIORITY, or RST_STREAM, for a stream that is in 5338 // this state, it MUST respond with a stream error (Section 5.4.2) of 5339 // type STREAM_CLOSED. 5340 if st.state == http2stateHalfClosedRemote { 5341 return http2streamError(id, http2ErrCodeStreamClosed) 5342 } 5343 return st.processTrailerHeaders(f) 5344 } 5345 5346 // [...] The identifier of a newly established stream MUST be 5347 // numerically greater than all streams that the initiating 5348 // endpoint has opened or reserved. [...] An endpoint that 5349 // receives an unexpected stream identifier MUST respond with 5350 // a connection error (Section 5.4.1) of type PROTOCOL_ERROR. 5351 if id <= sc.maxClientStreamID { 5352 return http2ConnectionError(http2ErrCodeProtocol) 5353 } 5354 sc.maxClientStreamID = id 5355 5356 if sc.idleTimer != nil { 5357 sc.idleTimer.Stop() 5358 } 5359 5360 // http://tools.ietf.org/html/rfc7540#section-5.1.2 5361 // [...] Endpoints MUST NOT exceed the limit set by their peer. An 5362 // endpoint that receives a HEADERS frame that causes their 5363 // advertised concurrent stream limit to be exceeded MUST treat 5364 // this as a stream error (Section 5.4.2) of type PROTOCOL_ERROR 5365 // or REFUSED_STREAM. 5366 if sc.curClientStreams+1 > sc.advMaxStreams { 5367 if sc.unackedSettings == 0 { 5368 // They should know better. 5369 return http2streamError(id, http2ErrCodeProtocol) 5370 } 5371 // Assume it's a network race, where they just haven't 5372 // received our last SETTINGS update. But actually 5373 // this can't happen yet, because we don't yet provide 5374 // a way for users to adjust server parameters at 5375 // runtime. 5376 return http2streamError(id, http2ErrCodeRefusedStream) 5377 } 5378 5379 initialState := http2stateOpen 5380 if f.StreamEnded() { 5381 initialState = http2stateHalfClosedRemote 5382 } 5383 st := sc.newStream(id, 0, initialState) 5384 5385 if f.HasPriority() { 5386 if err := http2checkPriority(f.StreamID, f.Priority); err != nil { 5387 return err 5388 } 5389 sc.writeSched.AdjustStream(st.id, f.Priority) 5390 } 5391 5392 rw, req, err := sc.newWriterAndRequest(st, f) 5393 if err != nil { 5394 return err 5395 } 5396 st.reqTrailer = req.Trailer 5397 if st.reqTrailer != nil { 5398 st.trailer = make(Header) 5399 } 5400 st.body = req.Body.(*http2requestBody).pipe // may be nil 5401 st.declBodyBytes = req.ContentLength 5402 5403 handler := sc.handler.ServeHTTP 5404 if f.Truncated { 5405 // Their header list was too long. Send a 431 error. 5406 handler = http2handleHeaderListTooLong 5407 } else if err := http2checkValidHTTP2RequestHeaders(req.Header); err != nil { 5408 handler = http2new400Handler(err) 5409 } 5410 5411 // The net/http package sets the read deadline from the 5412 // http.Server.ReadTimeout during the TLS handshake, but then 5413 // passes the connection off to us with the deadline already 5414 // set. Disarm it here after the request headers are read, 5415 // similar to how the http1 server works. Here it's 5416 // technically more like the http1 Server's ReadHeaderTimeout 5417 // (in Go 1.8), though. That's a more sane option anyway. 5418 if sc.hs.ReadTimeout != 0 { 5419 sc.conn.SetReadDeadline(time.Time{}) 5420 } 5421 5422 go sc.runHandler(rw, req, handler) 5423 return nil 5424 } 5425 5426 func (st *http2stream) processTrailerHeaders(f *http2MetaHeadersFrame) error { 5427 sc := st.sc 5428 sc.serveG.check() 5429 if st.gotTrailerHeader { 5430 return http2ConnectionError(http2ErrCodeProtocol) 5431 } 5432 st.gotTrailerHeader = true 5433 if !f.StreamEnded() { 5434 return http2streamError(st.id, http2ErrCodeProtocol) 5435 } 5436 5437 if len(f.PseudoFields()) > 0 { 5438 return http2streamError(st.id, http2ErrCodeProtocol) 5439 } 5440 if st.trailer != nil { 5441 for _, hf := range f.RegularFields() { 5442 key := sc.canonicalHeader(hf.Name) 5443 if !httpguts.ValidTrailerHeader(key) { 5444 // TODO: send more details to the peer somehow. But http2 has 5445 // no way to send debug data at a stream level. Discuss with 5446 // HTTP folk. 5447 return http2streamError(st.id, http2ErrCodeProtocol) 5448 } 5449 st.trailer[key] = append(st.trailer[key], hf.Value) 5450 } 5451 } 5452 st.endStream() 5453 return nil 5454 } 5455 5456 func http2checkPriority(streamID uint32, p http2PriorityParam) error { 5457 if streamID == p.StreamDep { 5458 // Section 5.3.1: "A stream cannot depend on itself. An endpoint MUST treat 5459 // this as a stream error (Section 5.4.2) of type PROTOCOL_ERROR." 5460 // Section 5.3.3 says that a stream can depend on one of its dependencies, 5461 // so it's only self-dependencies that are forbidden. 5462 return http2streamError(streamID, http2ErrCodeProtocol) 5463 } 5464 return nil 5465 } 5466 5467 func (sc *http2serverConn) processPriority(f *http2PriorityFrame) error { 5468 if sc.inGoAway { 5469 return nil 5470 } 5471 if err := http2checkPriority(f.StreamID, f.http2PriorityParam); err != nil { 5472 return err 5473 } 5474 sc.writeSched.AdjustStream(f.StreamID, f.http2PriorityParam) 5475 return nil 5476 } 5477 5478 func (sc *http2serverConn) newStream(id, pusherID uint32, state http2streamState) *http2stream { 5479 sc.serveG.check() 5480 if id == 0 { 5481 panic("internal error: cannot create stream with id 0") 5482 } 5483 5484 ctx, cancelCtx := context.WithCancel(sc.baseCtx) 5485 st := &http2stream{ 5486 sc: sc, 5487 id: id, 5488 state: state, 5489 ctx: ctx, 5490 cancelCtx: cancelCtx, 5491 } 5492 st.cw.Init() 5493 st.flow.conn = &sc.flow // link to conn-level counter 5494 st.flow.add(sc.initialStreamSendWindowSize) 5495 st.inflow.conn = &sc.inflow // link to conn-level counter 5496 st.inflow.add(sc.srv.initialStreamRecvWindowSize()) 5497 if sc.hs.WriteTimeout != 0 { 5498 st.writeDeadline = time.AfterFunc(sc.hs.WriteTimeout, st.onWriteTimeout) 5499 } 5500 5501 sc.streams[id] = st 5502 sc.writeSched.OpenStream(st.id, http2OpenStreamOptions{PusherID: pusherID}) 5503 if st.isPushed() { 5504 sc.curPushedStreams++ 5505 } else { 5506 sc.curClientStreams++ 5507 } 5508 if sc.curOpenStreams() == 1 { 5509 sc.setConnState(StateActive) 5510 } 5511 5512 return st 5513 } 5514 5515 func (sc *http2serverConn) newWriterAndRequest(st *http2stream, f *http2MetaHeadersFrame) (*http2responseWriter, *Request, error) { 5516 sc.serveG.check() 5517 5518 rp := http2requestParam{ 5519 method: f.PseudoValue("method"), 5520 scheme: f.PseudoValue("scheme"), 5521 authority: f.PseudoValue("authority"), 5522 path: f.PseudoValue("path"), 5523 } 5524 5525 isConnect := rp.method == "CONNECT" 5526 if isConnect { 5527 if rp.path != "" || rp.scheme != "" || rp.authority == "" { 5528 return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol) 5529 } 5530 } else if rp.method == "" || rp.path == "" || (rp.scheme != "https" && rp.scheme != "http") { 5531 // See 8.1.2.6 Malformed Requests and Responses: 5532 // 5533 // Malformed requests or responses that are detected 5534 // MUST be treated as a stream error (Section 5.4.2) 5535 // of type PROTOCOL_ERROR." 5536 // 5537 // 8.1.2.3 Request Pseudo-Header Fields 5538 // "All HTTP/2 requests MUST include exactly one valid 5539 // value for the :method, :scheme, and :path 5540 // pseudo-header fields" 5541 return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol) 5542 } 5543 5544 bodyOpen := !f.StreamEnded() 5545 if rp.method == "HEAD" && bodyOpen { 5546 // HEAD requests can't have bodies 5547 return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol) 5548 } 5549 5550 rp.header = make(Header) 5551 for _, hf := range f.RegularFields() { 5552 rp.header.Add(sc.canonicalHeader(hf.Name), hf.Value) 5553 } 5554 if rp.authority == "" { 5555 rp.authority = rp.header.Get("Host") 5556 } 5557 5558 rw, req, err := sc.newWriterAndRequestNoBody(st, rp) 5559 if err != nil { 5560 return nil, nil, err 5561 } 5562 if bodyOpen { 5563 if vv, ok := rp.header["Content-Length"]; ok { 5564 req.ContentLength, _ = strconv.ParseInt(vv[0], 10, 64) 5565 } else { 5566 req.ContentLength = -1 5567 } 5568 req.Body.(*http2requestBody).pipe = &http2pipe{ 5569 b: &http2dataBuffer{expected: req.ContentLength}, 5570 } 5571 } 5572 return rw, req, nil 5573 } 5574 5575 type http2requestParam struct { 5576 method string 5577 scheme, authority, path string 5578 header Header 5579 } 5580 5581 func (sc *http2serverConn) newWriterAndRequestNoBody(st *http2stream, rp http2requestParam) (*http2responseWriter, *Request, error) { 5582 sc.serveG.check() 5583 5584 var tlsState *tls.ConnectionState // nil if not scheme https 5585 if rp.scheme == "https" { 5586 tlsState = sc.tlsState 5587 } 5588 5589 needsContinue := rp.header.Get("Expect") == "100-continue" 5590 if needsContinue { 5591 rp.header.Del("Expect") 5592 } 5593 // Merge Cookie headers into one "; "-delimited value. 5594 if cookies := rp.header["Cookie"]; len(cookies) > 1 { 5595 rp.header.Set("Cookie", strings.Join(cookies, "; ")) 5596 } 5597 5598 // Setup Trailers 5599 var trailer Header 5600 for _, v := range rp.header["Trailer"] { 5601 for _, key := range strings.Split(v, ",") { 5602 key = CanonicalHeaderKey(strings.TrimSpace(key)) 5603 switch key { 5604 case "Transfer-Encoding", "Trailer", "Content-Length": 5605 // Bogus. (copy of http1 rules) 5606 // Ignore. 5607 default: 5608 if trailer == nil { 5609 trailer = make(Header) 5610 } 5611 trailer[key] = nil 5612 } 5613 } 5614 } 5615 delete(rp.header, "Trailer") 5616 5617 var url_ *url.URL 5618 var requestURI string 5619 if rp.method == "CONNECT" { 5620 url_ = &url.URL{Host: rp.authority} 5621 requestURI = rp.authority // mimic HTTP/1 server behavior 5622 } else { 5623 var err error 5624 url_, err = url.ParseRequestURI(rp.path) 5625 if err != nil { 5626 return nil, nil, http2streamError(st.id, http2ErrCodeProtocol) 5627 } 5628 requestURI = rp.path 5629 } 5630 5631 body := &http2requestBody{ 5632 conn: sc, 5633 stream: st, 5634 needsContinue: needsContinue, 5635 } 5636 req := &Request{ 5637 Method: rp.method, 5638 URL: url_, 5639 RemoteAddr: sc.remoteAddrStr, 5640 Header: rp.header, 5641 RequestURI: requestURI, 5642 Proto: "HTTP/2.0", 5643 ProtoMajor: 2, 5644 ProtoMinor: 0, 5645 TLS: tlsState, 5646 Host: rp.authority, 5647 Body: body, 5648 Trailer: trailer, 5649 } 5650 req = req.WithContext(st.ctx) 5651 5652 rws := http2responseWriterStatePool.Get().(*http2responseWriterState) 5653 bwSave := rws.bw 5654 *rws = http2responseWriterState{} // zero all the fields 5655 rws.conn = sc 5656 rws.bw = bwSave 5657 rws.bw.Reset(http2chunkWriter{rws}) 5658 rws.stream = st 5659 rws.req = req 5660 rws.body = body 5661 5662 rw := &http2responseWriter{rws: rws} 5663 return rw, req, nil 5664 } 5665 5666 // Run on its own goroutine. 5667 func (sc *http2serverConn) runHandler(rw *http2responseWriter, req *Request, handler func(ResponseWriter, *Request)) { 5668 didPanic := true 5669 defer func() { 5670 rw.rws.stream.cancelCtx() 5671 if didPanic { 5672 e := recover() 5673 sc.writeFrameFromHandler(http2FrameWriteRequest{ 5674 write: http2handlerPanicRST{rw.rws.stream.id}, 5675 stream: rw.rws.stream, 5676 }) 5677 // Same as net/http: 5678 if e != nil && e != ErrAbortHandler { 5679 const size = 64 << 10 5680 buf := make([]byte, size) 5681 buf = buf[:runtime.Stack(buf, false)] 5682 sc.logf("http2: panic serving %v: %v\n%s", sc.conn.RemoteAddr(), e, buf) 5683 } 5684 return 5685 } 5686 rw.handlerDone() 5687 }() 5688 handler(rw, req) 5689 didPanic = false 5690 } 5691 5692 func http2handleHeaderListTooLong(w ResponseWriter, r *Request) { 5693 // 10.5.1 Limits on Header Block Size: 5694 // .. "A server that receives a larger header block than it is 5695 // willing to handle can send an HTTP 431 (Request Header Fields Too 5696 // Large) status code" 5697 const statusRequestHeaderFieldsTooLarge = 431 // only in Go 1.6+ 5698 w.WriteHeader(statusRequestHeaderFieldsTooLarge) 5699 io.WriteString(w, "<h1>HTTP Error 431</h1><p>Request Header Field(s) Too Large</p>") 5700 } 5701 5702 // called from handler goroutines. 5703 // h may be nil. 5704 func (sc *http2serverConn) writeHeaders(st *http2stream, headerData *http2writeResHeaders) error { 5705 sc.serveG.checkNotOn() // NOT on 5706 var errc chan error 5707 if headerData.h != nil { 5708 // If there's a header map (which we don't own), so we have to block on 5709 // waiting for this frame to be written, so an http.Flush mid-handler 5710 // writes out the correct value of keys, before a handler later potentially 5711 // mutates it. 5712 errc = http2errChanPool.Get().(chan error) 5713 } 5714 if err := sc.writeFrameFromHandler(http2FrameWriteRequest{ 5715 write: headerData, 5716 stream: st, 5717 done: errc, 5718 }); err != nil { 5719 return err 5720 } 5721 if errc != nil { 5722 select { 5723 case err := <-errc: 5724 http2errChanPool.Put(errc) 5725 return err 5726 case <-sc.doneServing: 5727 return http2errClientDisconnected 5728 case <-st.cw: 5729 return http2errStreamClosed 5730 } 5731 } 5732 return nil 5733 } 5734 5735 // called from handler goroutines. 5736 func (sc *http2serverConn) write100ContinueHeaders(st *http2stream) { 5737 sc.writeFrameFromHandler(http2FrameWriteRequest{ 5738 write: http2write100ContinueHeadersFrame{st.id}, 5739 stream: st, 5740 }) 5741 } 5742 5743 // A bodyReadMsg tells the server loop that the http.Handler read n 5744 // bytes of the DATA from the client on the given stream. 5745 type http2bodyReadMsg struct { 5746 st *http2stream 5747 n int 5748 } 5749 5750 // called from handler goroutines. 5751 // Notes that the handler for the given stream ID read n bytes of its body 5752 // and schedules flow control tokens to be sent. 5753 func (sc *http2serverConn) noteBodyReadFromHandler(st *http2stream, n int, err error) { 5754 sc.serveG.checkNotOn() // NOT on 5755 if n > 0 { 5756 select { 5757 case sc.bodyReadCh <- http2bodyReadMsg{st, n}: 5758 case <-sc.doneServing: 5759 } 5760 } 5761 } 5762 5763 func (sc *http2serverConn) noteBodyRead(st *http2stream, n int) { 5764 sc.serveG.check() 5765 sc.sendWindowUpdate(nil, n) // conn-level 5766 if st.state != http2stateHalfClosedRemote && st.state != http2stateClosed { 5767 // Don't send this WINDOW_UPDATE if the stream is closed 5768 // remotely. 5769 sc.sendWindowUpdate(st, n) 5770 } 5771 } 5772 5773 // st may be nil for conn-level 5774 func (sc *http2serverConn) sendWindowUpdate(st *http2stream, n int) { 5775 sc.serveG.check() 5776 // "The legal range for the increment to the flow control 5777 // window is 1 to 2^31-1 (2,147,483,647) octets." 5778 // A Go Read call on 64-bit machines could in theory read 5779 // a larger Read than this. Very unlikely, but we handle it here 5780 // rather than elsewhere for now. 5781 const maxUint31 = 1<<31 - 1 5782 for n >= maxUint31 { 5783 sc.sendWindowUpdate32(st, maxUint31) 5784 n -= maxUint31 5785 } 5786 sc.sendWindowUpdate32(st, int32(n)) 5787 } 5788 5789 // st may be nil for conn-level 5790 func (sc *http2serverConn) sendWindowUpdate32(st *http2stream, n int32) { 5791 sc.serveG.check() 5792 if n == 0 { 5793 return 5794 } 5795 if n < 0 { 5796 panic("negative update") 5797 } 5798 var streamID uint32 5799 if st != nil { 5800 streamID = st.id 5801 } 5802 sc.writeFrame(http2FrameWriteRequest{ 5803 write: http2writeWindowUpdate{streamID: streamID, n: uint32(n)}, 5804 stream: st, 5805 }) 5806 var ok bool 5807 if st == nil { 5808 ok = sc.inflow.add(n) 5809 } else { 5810 ok = st.inflow.add(n) 5811 } 5812 if !ok { 5813 panic("internal error; sent too many window updates without decrements?") 5814 } 5815 } 5816 5817 // requestBody is the Handler's Request.Body type. 5818 // Read and Close may be called concurrently. 5819 type http2requestBody struct { 5820 stream *http2stream 5821 conn *http2serverConn 5822 closed bool // for use by Close only 5823 sawEOF bool // for use by Read only 5824 pipe *http2pipe // non-nil if we have a HTTP entity message body 5825 needsContinue bool // need to send a 100-continue 5826 } 5827 5828 func (b *http2requestBody) Close() error { 5829 if b.pipe != nil && !b.closed { 5830 b.pipe.BreakWithError(http2errClosedBody) 5831 } 5832 b.closed = true 5833 return nil 5834 } 5835 5836 func (b *http2requestBody) Read(p []byte) (n int, err error) { 5837 if b.needsContinue { 5838 b.needsContinue = false 5839 b.conn.write100ContinueHeaders(b.stream) 5840 } 5841 if b.pipe == nil || b.sawEOF { 5842 return 0, io.EOF 5843 } 5844 n, err = b.pipe.Read(p) 5845 if err == io.EOF { 5846 b.sawEOF = true 5847 } 5848 if b.conn == nil && http2inTests { 5849 return 5850 } 5851 b.conn.noteBodyReadFromHandler(b.stream, n, err) 5852 return 5853 } 5854 5855 // responseWriter is the http.ResponseWriter implementation. It's 5856 // intentionally small (1 pointer wide) to minimize garbage. The 5857 // responseWriterState pointer inside is zeroed at the end of a 5858 // request (in handlerDone) and calls on the responseWriter thereafter 5859 // simply crash (caller's mistake), but the much larger responseWriterState 5860 // and buffers are reused between multiple requests. 5861 type http2responseWriter struct { 5862 rws *http2responseWriterState 5863 } 5864 5865 // Optional http.ResponseWriter interfaces implemented. 5866 var ( 5867 _ CloseNotifier = (*http2responseWriter)(nil) 5868 _ Flusher = (*http2responseWriter)(nil) 5869 _ http2stringWriter = (*http2responseWriter)(nil) 5870 ) 5871 5872 type http2responseWriterState struct { 5873 // immutable within a request: 5874 stream *http2stream 5875 req *Request 5876 body *http2requestBody // to close at end of request, if DATA frames didn't 5877 conn *http2serverConn 5878 5879 // TODO: adjust buffer writing sizes based on server config, frame size updates from peer, etc 5880 bw *bufio.Writer // writing to a chunkWriter{this *responseWriterState} 5881 5882 // mutated by http.Handler goroutine: 5883 handlerHeader Header // nil until called 5884 snapHeader Header // snapshot of handlerHeader at WriteHeader time 5885 trailers []string // set in writeChunk 5886 status int // status code passed to WriteHeader 5887 wroteHeader bool // WriteHeader called (explicitly or implicitly). Not necessarily sent to user yet. 5888 sentHeader bool // have we sent the header frame? 5889 handlerDone bool // handler has finished 5890 dirty bool // a Write failed; don't reuse this responseWriterState 5891 5892 sentContentLen int64 // non-zero if handler set a Content-Length header 5893 wroteBytes int64 5894 5895 closeNotifierMu sync.Mutex // guards closeNotifierCh 5896 closeNotifierCh chan bool // nil until first used 5897 } 5898 5899 type http2chunkWriter struct{ rws *http2responseWriterState } 5900 5901 func (cw http2chunkWriter) Write(p []byte) (n int, err error) { return cw.rws.writeChunk(p) } 5902 5903 func (rws *http2responseWriterState) hasTrailers() bool { return len(rws.trailers) != 0 } 5904 5905 // declareTrailer is called for each Trailer header when the 5906 // response header is written. It notes that a header will need to be 5907 // written in the trailers at the end of the response. 5908 func (rws *http2responseWriterState) declareTrailer(k string) { 5909 k = CanonicalHeaderKey(k) 5910 if !httpguts.ValidTrailerHeader(k) { 5911 // Forbidden by RFC 7230, section 4.1.2. 5912 rws.conn.logf("ignoring invalid trailer %q", k) 5913 return 5914 } 5915 if !http2strSliceContains(rws.trailers, k) { 5916 rws.trailers = append(rws.trailers, k) 5917 } 5918 } 5919 5920 // writeChunk writes chunks from the bufio.Writer. But because 5921 // bufio.Writer may bypass its chunking, sometimes p may be 5922 // arbitrarily large. 5923 // 5924 // writeChunk is also responsible (on the first chunk) for sending the 5925 // HEADER response. 5926 func (rws *http2responseWriterState) writeChunk(p []byte) (n int, err error) { 5927 if !rws.wroteHeader { 5928 rws.writeHeader(200) 5929 } 5930 5931 isHeadResp := rws.req.Method == "HEAD" 5932 if !rws.sentHeader { 5933 rws.sentHeader = true 5934 var ctype, clen string 5935 if clen = rws.snapHeader.Get("Content-Length"); clen != "" { 5936 rws.snapHeader.Del("Content-Length") 5937 clen64, err := strconv.ParseInt(clen, 10, 64) 5938 if err == nil && clen64 >= 0 { 5939 rws.sentContentLen = clen64 5940 } else { 5941 clen = "" 5942 } 5943 } 5944 if clen == "" && rws.handlerDone && http2bodyAllowedForStatus(rws.status) && (len(p) > 0 || !isHeadResp) { 5945 clen = strconv.Itoa(len(p)) 5946 } 5947 _, hasContentType := rws.snapHeader["Content-Type"] 5948 if !hasContentType && http2bodyAllowedForStatus(rws.status) && len(p) > 0 { 5949 ctype = DetectContentType(p) 5950 } 5951 var date string 5952 if _, ok := rws.snapHeader["Date"]; !ok { 5953 // TODO(bradfitz): be faster here, like net/http? measure. 5954 date = time.Now().UTC().Format(TimeFormat) 5955 } 5956 5957 for _, v := range rws.snapHeader["Trailer"] { 5958 http2foreachHeaderElement(v, rws.declareTrailer) 5959 } 5960 5961 // "Connection" headers aren't allowed in HTTP/2 (RFC 7540, 8.1.2.2), 5962 // but respect "Connection" == "close" to mean sending a GOAWAY and tearing 5963 // down the TCP connection when idle, like we do for HTTP/1. 5964 // TODO: remove more Connection-specific header fields here, in addition 5965 // to "Connection". 5966 if _, ok := rws.snapHeader["Connection"]; ok { 5967 v := rws.snapHeader.Get("Connection") 5968 delete(rws.snapHeader, "Connection") 5969 if v == "close" { 5970 rws.conn.startGracefulShutdown() 5971 } 5972 } 5973 5974 endStream := (rws.handlerDone && !rws.hasTrailers() && len(p) == 0) || isHeadResp 5975 err = rws.conn.writeHeaders(rws.stream, &http2writeResHeaders{ 5976 streamID: rws.stream.id, 5977 httpResCode: rws.status, 5978 h: rws.snapHeader, 5979 endStream: endStream, 5980 contentType: ctype, 5981 contentLength: clen, 5982 date: date, 5983 }) 5984 if err != nil { 5985 rws.dirty = true 5986 return 0, err 5987 } 5988 if endStream { 5989 return 0, nil 5990 } 5991 } 5992 if isHeadResp { 5993 return len(p), nil 5994 } 5995 if len(p) == 0 && !rws.handlerDone { 5996 return 0, nil 5997 } 5998 5999 if rws.handlerDone { 6000 rws.promoteUndeclaredTrailers() 6001 } 6002 6003 endStream := rws.handlerDone && !rws.hasTrailers() 6004 if len(p) > 0 || endStream { 6005 // only send a 0 byte DATA frame if we're ending the stream. 6006 if err := rws.conn.writeDataFromHandler(rws.stream, p, endStream); err != nil { 6007 rws.dirty = true 6008 return 0, err 6009 } 6010 } 6011 6012 if rws.handlerDone && rws.hasTrailers() { 6013 err = rws.conn.writeHeaders(rws.stream, &http2writeResHeaders{ 6014 streamID: rws.stream.id, 6015 h: rws.handlerHeader, 6016 trailers: rws.trailers, 6017 endStream: true, 6018 }) 6019 if err != nil { 6020 rws.dirty = true 6021 } 6022 return len(p), err 6023 } 6024 return len(p), nil 6025 } 6026 6027 // TrailerPrefix is a magic prefix for ResponseWriter.Header map keys 6028 // that, if present, signals that the map entry is actually for 6029 // the response trailers, and not the response headers. The prefix 6030 // is stripped after the ServeHTTP call finishes and the values are 6031 // sent in the trailers. 6032 // 6033 // This mechanism is intended only for trailers that are not known 6034 // prior to the headers being written. If the set of trailers is fixed 6035 // or known before the header is written, the normal Go trailers mechanism 6036 // is preferred: 6037 // https://golang.org/pkg/net/http/#ResponseWriter 6038 // https://golang.org/pkg/net/http/#example_ResponseWriter_trailers 6039 const http2TrailerPrefix = "Trailer:" 6040 6041 // promoteUndeclaredTrailers permits http.Handlers to set trailers 6042 // after the header has already been flushed. Because the Go 6043 // ResponseWriter interface has no way to set Trailers (only the 6044 // Header), and because we didn't want to expand the ResponseWriter 6045 // interface, and because nobody used trailers, and because RFC 7230 6046 // says you SHOULD (but not must) predeclare any trailers in the 6047 // header, the official ResponseWriter rules said trailers in Go must 6048 // be predeclared, and then we reuse the same ResponseWriter.Header() 6049 // map to mean both Headers and Trailers. When it's time to write the 6050 // Trailers, we pick out the fields of Headers that were declared as 6051 // trailers. That worked for a while, until we found the first major 6052 // user of Trailers in the wild: gRPC (using them only over http2), 6053 // and gRPC libraries permit setting trailers mid-stream without 6054 // predeclarnig them. So: change of plans. We still permit the old 6055 // way, but we also permit this hack: if a Header() key begins with 6056 // "Trailer:", the suffix of that key is a Trailer. Because ':' is an 6057 // invalid token byte anyway, there is no ambiguity. (And it's already 6058 // filtered out) It's mildly hacky, but not terrible. 6059 // 6060 // This method runs after the Handler is done and promotes any Header 6061 // fields to be trailers. 6062 func (rws *http2responseWriterState) promoteUndeclaredTrailers() { 6063 for k, vv := range rws.handlerHeader { 6064 if !strings.HasPrefix(k, http2TrailerPrefix) { 6065 continue 6066 } 6067 trailerKey := strings.TrimPrefix(k, http2TrailerPrefix) 6068 rws.declareTrailer(trailerKey) 6069 rws.handlerHeader[CanonicalHeaderKey(trailerKey)] = vv 6070 } 6071 6072 if len(rws.trailers) > 1 { 6073 sorter := http2sorterPool.Get().(*http2sorter) 6074 sorter.SortStrings(rws.trailers) 6075 http2sorterPool.Put(sorter) 6076 } 6077 } 6078 6079 func (w *http2responseWriter) Flush() { 6080 rws := w.rws 6081 if rws == nil { 6082 panic("Header called after Handler finished") 6083 } 6084 if rws.bw.Buffered() > 0 { 6085 if err := rws.bw.Flush(); err != nil { 6086 // Ignore the error. The frame writer already knows. 6087 return 6088 } 6089 } else { 6090 // The bufio.Writer won't call chunkWriter.Write 6091 // (writeChunk with zero bytes, so we have to do it 6092 // ourselves to force the HTTP response header and/or 6093 // final DATA frame (with END_STREAM) to be sent. 6094 rws.writeChunk(nil) 6095 } 6096 } 6097 6098 func (w *http2responseWriter) CloseNotify() <-chan bool { 6099 rws := w.rws 6100 if rws == nil { 6101 panic("CloseNotify called after Handler finished") 6102 } 6103 rws.closeNotifierMu.Lock() 6104 ch := rws.closeNotifierCh 6105 if ch == nil { 6106 ch = make(chan bool, 1) 6107 rws.closeNotifierCh = ch 6108 cw := rws.stream.cw 6109 go func() { 6110 cw.Wait() // wait for close 6111 ch <- true 6112 }() 6113 } 6114 rws.closeNotifierMu.Unlock() 6115 return ch 6116 } 6117 6118 func (w *http2responseWriter) Header() Header { 6119 rws := w.rws 6120 if rws == nil { 6121 panic("Header called after Handler finished") 6122 } 6123 if rws.handlerHeader == nil { 6124 rws.handlerHeader = make(Header) 6125 } 6126 return rws.handlerHeader 6127 } 6128 6129 // checkWriteHeaderCode is a copy of net/http's checkWriteHeaderCode. 6130 func http2checkWriteHeaderCode(code int) { 6131 // Issue 22880: require valid WriteHeader status codes. 6132 // For now we only enforce that it's three digits. 6133 // In the future we might block things over 599 (600 and above aren't defined 6134 // at http://httpwg.org/specs/rfc7231.html#status.codes) 6135 // and we might block under 200 (once we have more mature 1xx support). 6136 // But for now any three digits. 6137 // 6138 // We used to send "HTTP/1.1 000 0" on the wire in responses but there's 6139 // no equivalent bogus thing we can realistically send in HTTP/2, 6140 // so we'll consistently panic instead and help people find their bugs 6141 // early. (We can't return an error from WriteHeader even if we wanted to.) 6142 if code < 100 || code > 999 { 6143 panic(fmt.Sprintf("invalid WriteHeader code %v", code)) 6144 } 6145 } 6146 6147 func (w *http2responseWriter) WriteHeader(code int) { 6148 rws := w.rws 6149 if rws == nil { 6150 panic("WriteHeader called after Handler finished") 6151 } 6152 rws.writeHeader(code) 6153 } 6154 6155 func (rws *http2responseWriterState) writeHeader(code int) { 6156 if !rws.wroteHeader { 6157 http2checkWriteHeaderCode(code) 6158 rws.wroteHeader = true 6159 rws.status = code 6160 if len(rws.handlerHeader) > 0 { 6161 rws.snapHeader = http2cloneHeader(rws.handlerHeader) 6162 } 6163 } 6164 } 6165 6166 func http2cloneHeader(h Header) Header { 6167 h2 := make(Header, len(h)) 6168 for k, vv := range h { 6169 vv2 := make([]string, len(vv)) 6170 copy(vv2, vv) 6171 h2[k] = vv2 6172 } 6173 return h2 6174 } 6175 6176 // The Life Of A Write is like this: 6177 // 6178 // * Handler calls w.Write or w.WriteString -> 6179 // * -> rws.bw (*bufio.Writer) -> 6180 // * (Handler might call Flush) 6181 // * -> chunkWriter{rws} 6182 // * -> responseWriterState.writeChunk(p []byte) 6183 // * -> responseWriterState.writeChunk (most of the magic; see comment there) 6184 func (w *http2responseWriter) Write(p []byte) (n int, err error) { 6185 return w.write(len(p), p, "") 6186 } 6187 6188 func (w *http2responseWriter) WriteString(s string) (n int, err error) { 6189 return w.write(len(s), nil, s) 6190 } 6191 6192 // either dataB or dataS is non-zero. 6193 func (w *http2responseWriter) write(lenData int, dataB []byte, dataS string) (n int, err error) { 6194 rws := w.rws 6195 if rws == nil { 6196 panic("Write called after Handler finished") 6197 } 6198 if !rws.wroteHeader { 6199 w.WriteHeader(200) 6200 } 6201 if !http2bodyAllowedForStatus(rws.status) { 6202 return 0, ErrBodyNotAllowed 6203 } 6204 rws.wroteBytes += int64(len(dataB)) + int64(len(dataS)) // only one can be set 6205 if rws.sentContentLen != 0 && rws.wroteBytes > rws.sentContentLen { 6206 // TODO: send a RST_STREAM 6207 return 0, errors.New("http2: handler wrote more than declared Content-Length") 6208 } 6209 6210 if dataB != nil { 6211 return rws.bw.Write(dataB) 6212 } else { 6213 return rws.bw.WriteString(dataS) 6214 } 6215 } 6216 6217 func (w *http2responseWriter) handlerDone() { 6218 rws := w.rws 6219 dirty := rws.dirty 6220 rws.handlerDone = true 6221 w.Flush() 6222 w.rws = nil 6223 if !dirty { 6224 // Only recycle the pool if all prior Write calls to 6225 // the serverConn goroutine completed successfully. If 6226 // they returned earlier due to resets from the peer 6227 // there might still be write goroutines outstanding 6228 // from the serverConn referencing the rws memory. See 6229 // issue 20704. 6230 http2responseWriterStatePool.Put(rws) 6231 } 6232 } 6233 6234 // Push errors. 6235 var ( 6236 http2ErrRecursivePush = errors.New("http2: recursive push not allowed") 6237 http2ErrPushLimitReached = errors.New("http2: push would exceed peer's SETTINGS_MAX_CONCURRENT_STREAMS") 6238 ) 6239 6240 var _ Pusher = (*http2responseWriter)(nil) 6241 6242 func (w *http2responseWriter) Push(target string, opts *PushOptions) error { 6243 st := w.rws.stream 6244 sc := st.sc 6245 sc.serveG.checkNotOn() 6246 6247 // No recursive pushes: "PUSH_PROMISE frames MUST only be sent on a peer-initiated stream." 6248 // http://tools.ietf.org/html/rfc7540#section-6.6 6249 if st.isPushed() { 6250 return http2ErrRecursivePush 6251 } 6252 6253 if opts == nil { 6254 opts = new(PushOptions) 6255 } 6256 6257 // Default options. 6258 if opts.Method == "" { 6259 opts.Method = "GET" 6260 } 6261 if opts.Header == nil { 6262 opts.Header = Header{} 6263 } 6264 wantScheme := "http" 6265 if w.rws.req.TLS != nil { 6266 wantScheme = "https" 6267 } 6268 6269 // Validate the request. 6270 u, err := url.Parse(target) 6271 if err != nil { 6272 return err 6273 } 6274 if u.Scheme == "" { 6275 if !strings.HasPrefix(target, "/") { 6276 return fmt.Errorf("target must be an absolute URL or an absolute path: %q", target) 6277 } 6278 u.Scheme = wantScheme 6279 u.Host = w.rws.req.Host 6280 } else { 6281 if u.Scheme != wantScheme { 6282 return fmt.Errorf("cannot push URL with scheme %q from request with scheme %q", u.Scheme, wantScheme) 6283 } 6284 if u.Host == "" { 6285 return errors.New("URL must have a host") 6286 } 6287 } 6288 for k := range opts.Header { 6289 if strings.HasPrefix(k, ":") { 6290 return fmt.Errorf("promised request headers cannot include pseudo header %q", k) 6291 } 6292 // These headers are meaningful only if the request has a body, 6293 // but PUSH_PROMISE requests cannot have a body. 6294 // http://tools.ietf.org/html/rfc7540#section-8.2 6295 // Also disallow Host, since the promised URL must be absolute. 6296 switch strings.ToLower(k) { 6297 case "content-length", "content-encoding", "trailer", "te", "expect", "host": 6298 return fmt.Errorf("promised request headers cannot include %q", k) 6299 } 6300 } 6301 if err := http2checkValidHTTP2RequestHeaders(opts.Header); err != nil { 6302 return err 6303 } 6304 6305 // The RFC effectively limits promised requests to GET and HEAD: 6306 // "Promised requests MUST be cacheable [GET, HEAD, or POST], and MUST be safe [GET or HEAD]" 6307 // http://tools.ietf.org/html/rfc7540#section-8.2 6308 if opts.Method != "GET" && opts.Method != "HEAD" { 6309 return fmt.Errorf("method %q must be GET or HEAD", opts.Method) 6310 } 6311 6312 msg := &http2startPushRequest{ 6313 parent: st, 6314 method: opts.Method, 6315 url: u, 6316 header: http2cloneHeader(opts.Header), 6317 done: http2errChanPool.Get().(chan error), 6318 } 6319 6320 select { 6321 case <-sc.doneServing: 6322 return http2errClientDisconnected 6323 case <-st.cw: 6324 return http2errStreamClosed 6325 case sc.serveMsgCh <- msg: 6326 } 6327 6328 select { 6329 case <-sc.doneServing: 6330 return http2errClientDisconnected 6331 case <-st.cw: 6332 return http2errStreamClosed 6333 case err := <-msg.done: 6334 http2errChanPool.Put(msg.done) 6335 return err 6336 } 6337 } 6338 6339 type http2startPushRequest struct { 6340 parent *http2stream 6341 method string 6342 url *url.URL 6343 header Header 6344 done chan error 6345 } 6346 6347 func (sc *http2serverConn) startPush(msg *http2startPushRequest) { 6348 sc.serveG.check() 6349 6350 // http://tools.ietf.org/html/rfc7540#section-6.6. 6351 // PUSH_PROMISE frames MUST only be sent on a peer-initiated stream that 6352 // is in either the "open" or "half-closed (remote)" state. 6353 if msg.parent.state != http2stateOpen && msg.parent.state != http2stateHalfClosedRemote { 6354 // responseWriter.Push checks that the stream is peer-initiaed. 6355 msg.done <- http2errStreamClosed 6356 return 6357 } 6358 6359 // http://tools.ietf.org/html/rfc7540#section-6.6. 6360 if !sc.pushEnabled { 6361 msg.done <- ErrNotSupported 6362 return 6363 } 6364 6365 // PUSH_PROMISE frames must be sent in increasing order by stream ID, so 6366 // we allocate an ID for the promised stream lazily, when the PUSH_PROMISE 6367 // is written. Once the ID is allocated, we start the request handler. 6368 allocatePromisedID := func() (uint32, error) { 6369 sc.serveG.check() 6370 6371 // Check this again, just in case. Technically, we might have received 6372 // an updated SETTINGS by the time we got around to writing this frame. 6373 if !sc.pushEnabled { 6374 return 0, ErrNotSupported 6375 } 6376 // http://tools.ietf.org/html/rfc7540#section-6.5.2. 6377 if sc.curPushedStreams+1 > sc.clientMaxStreams { 6378 return 0, http2ErrPushLimitReached 6379 } 6380 6381 // http://tools.ietf.org/html/rfc7540#section-5.1.1. 6382 // Streams initiated by the server MUST use even-numbered identifiers. 6383 // A server that is unable to establish a new stream identifier can send a GOAWAY 6384 // frame so that the client is forced to open a new connection for new streams. 6385 if sc.maxPushPromiseID+2 >= 1<<31 { 6386 sc.startGracefulShutdownInternal() 6387 return 0, http2ErrPushLimitReached 6388 } 6389 sc.maxPushPromiseID += 2 6390 promisedID := sc.maxPushPromiseID 6391 6392 // http://tools.ietf.org/html/rfc7540#section-8.2. 6393 // Strictly speaking, the new stream should start in "reserved (local)", then 6394 // transition to "half closed (remote)" after sending the initial HEADERS, but 6395 // we start in "half closed (remote)" for simplicity. 6396 // See further comments at the definition of stateHalfClosedRemote. 6397 promised := sc.newStream(promisedID, msg.parent.id, http2stateHalfClosedRemote) 6398 rw, req, err := sc.newWriterAndRequestNoBody(promised, http2requestParam{ 6399 method: msg.method, 6400 scheme: msg.url.Scheme, 6401 authority: msg.url.Host, 6402 path: msg.url.RequestURI(), 6403 header: http2cloneHeader(msg.header), // clone since handler runs concurrently with writing the PUSH_PROMISE 6404 }) 6405 if err != nil { 6406 // Should not happen, since we've already validated msg.url. 6407 panic(fmt.Sprintf("newWriterAndRequestNoBody(%+v): %v", msg.url, err)) 6408 } 6409 6410 go sc.runHandler(rw, req, sc.handler.ServeHTTP) 6411 return promisedID, nil 6412 } 6413 6414 sc.writeFrame(http2FrameWriteRequest{ 6415 write: &http2writePushPromise{ 6416 streamID: msg.parent.id, 6417 method: msg.method, 6418 url: msg.url, 6419 h: msg.header, 6420 allocatePromisedID: allocatePromisedID, 6421 }, 6422 stream: msg.parent, 6423 done: msg.done, 6424 }) 6425 } 6426 6427 // foreachHeaderElement splits v according to the "#rule" construction 6428 // in RFC 7230 section 7 and calls fn for each non-empty element. 6429 func http2foreachHeaderElement(v string, fn func(string)) { 6430 v = textproto.TrimString(v) 6431 if v == "" { 6432 return 6433 } 6434 if !strings.Contains(v, ",") { 6435 fn(v) 6436 return 6437 } 6438 for _, f := range strings.Split(v, ",") { 6439 if f = textproto.TrimString(f); f != "" { 6440 fn(f) 6441 } 6442 } 6443 } 6444 6445 // From http://httpwg.org/specs/rfc7540.html#rfc.section.8.1.2.2 6446 var http2connHeaders = []string{ 6447 "Connection", 6448 "Keep-Alive", 6449 "Proxy-Connection", 6450 "Transfer-Encoding", 6451 "Upgrade", 6452 } 6453 6454 // checkValidHTTP2RequestHeaders checks whether h is a valid HTTP/2 request, 6455 // per RFC 7540 Section 8.1.2.2. 6456 // The returned error is reported to users. 6457 func http2checkValidHTTP2RequestHeaders(h Header) error { 6458 for _, k := range http2connHeaders { 6459 if _, ok := h[k]; ok { 6460 return fmt.Errorf("request header %q is not valid in HTTP/2", k) 6461 } 6462 } 6463 te := h["Te"] 6464 if len(te) > 0 && (len(te) > 1 || (te[0] != "trailers" && te[0] != "")) { 6465 return errors.New(`request header "TE" may only be "trailers" in HTTP/2`) 6466 } 6467 return nil 6468 } 6469 6470 func http2new400Handler(err error) HandlerFunc { 6471 return func(w ResponseWriter, r *Request) { 6472 Error(w, err.Error(), StatusBadRequest) 6473 } 6474 } 6475 6476 // h1ServerKeepAlivesDisabled reports whether hs has its keep-alives 6477 // disabled. See comments on h1ServerShutdownChan above for why 6478 // the code is written this way. 6479 func http2h1ServerKeepAlivesDisabled(hs *Server) bool { 6480 var x interface{} = hs 6481 type I interface { 6482 doKeepAlives() bool 6483 } 6484 if hs, ok := x.(I); ok { 6485 return !hs.doKeepAlives() 6486 } 6487 return false 6488 } 6489 6490 const ( 6491 // transportDefaultConnFlow is how many connection-level flow control 6492 // tokens we give the server at start-up, past the default 64k. 6493 http2transportDefaultConnFlow = 1 << 30 6494 6495 // transportDefaultStreamFlow is how many stream-level flow 6496 // control tokens we announce to the peer, and how many bytes 6497 // we buffer per stream. 6498 http2transportDefaultStreamFlow = 4 << 20 6499 6500 // transportDefaultStreamMinRefresh is the minimum number of bytes we'll send 6501 // a stream-level WINDOW_UPDATE for at a time. 6502 http2transportDefaultStreamMinRefresh = 4 << 10 6503 6504 http2defaultUserAgent = "Go-http-client/2.0" 6505 ) 6506 6507 // Transport is an HTTP/2 Transport. 6508 // 6509 // A Transport internally caches connections to servers. It is safe 6510 // for concurrent use by multiple goroutines. 6511 type http2Transport struct { 6512 // DialTLS specifies an optional dial function for creating 6513 // TLS connections for requests. 6514 // 6515 // If DialTLS is nil, tls.Dial is used. 6516 // 6517 // If the returned net.Conn has a ConnectionState method like tls.Conn, 6518 // it will be used to set http.Response.TLS. 6519 DialTLS func(network, addr string, cfg *tls.Config) (net.Conn, error) 6520 6521 // TLSClientConfig specifies the TLS configuration to use with 6522 // tls.Client. If nil, the default configuration is used. 6523 TLSClientConfig *tls.Config 6524 6525 // ConnPool optionally specifies an alternate connection pool to use. 6526 // If nil, the default is used. 6527 ConnPool http2ClientConnPool 6528 6529 // DisableCompression, if true, prevents the Transport from 6530 // requesting compression with an "Accept-Encoding: gzip" 6531 // request header when the Request contains no existing 6532 // Accept-Encoding value. If the Transport requests gzip on 6533 // its own and gets a gzipped response, it's transparently 6534 // decoded in the Response.Body. However, if the user 6535 // explicitly requested gzip it is not automatically 6536 // uncompressed. 6537 DisableCompression bool 6538 6539 // AllowHTTP, if true, permits HTTP/2 requests using the insecure, 6540 // plain-text "http" scheme. Note that this does not enable h2c support. 6541 AllowHTTP bool 6542 6543 // MaxHeaderListSize is the http2 SETTINGS_MAX_HEADER_LIST_SIZE to 6544 // send in the initial settings frame. It is how many bytes 6545 // of response headers are allowed. Unlike the http2 spec, zero here 6546 // means to use a default limit (currently 10MB). If you actually 6547 // want to advertise an ulimited value to the peer, Transport 6548 // interprets the highest possible value here (0xffffffff or 1<<32-1) 6549 // to mean no limit. 6550 MaxHeaderListSize uint32 6551 6552 // StrictMaxConcurrentStreams controls whether the server's 6553 // SETTINGS_MAX_CONCURRENT_STREAMS should be respected 6554 // globally. If false, new TCP connections are created to the 6555 // server as needed to keep each under the per-connection 6556 // SETTINGS_MAX_CONCURRENT_STREAMS limit. If true, the 6557 // server's SETTINGS_MAX_CONCURRENT_STREAMS is interpreted as 6558 // a global limit and callers of RoundTrip block when needed, 6559 // waiting for their turn. 6560 StrictMaxConcurrentStreams bool 6561 6562 // t1, if non-nil, is the standard library Transport using 6563 // this transport. Its settings are used (but not its 6564 // RoundTrip method, etc). 6565 t1 *Transport 6566 6567 connPoolOnce sync.Once 6568 connPoolOrDef http2ClientConnPool // non-nil version of ConnPool 6569 } 6570 6571 func (t *http2Transport) maxHeaderListSize() uint32 { 6572 if t.MaxHeaderListSize == 0 { 6573 return 10 << 20 6574 } 6575 if t.MaxHeaderListSize == 0xffffffff { 6576 return 0 6577 } 6578 return t.MaxHeaderListSize 6579 } 6580 6581 func (t *http2Transport) disableCompression() bool { 6582 return t.DisableCompression || (t.t1 != nil && t.t1.DisableCompression) 6583 } 6584 6585 // ConfigureTransport configures a net/http HTTP/1 Transport to use HTTP/2. 6586 // It returns an error if t1 has already been HTTP/2-enabled. 6587 func http2ConfigureTransport(t1 *Transport) error { 6588 _, err := http2configureTransport(t1) 6589 return err 6590 } 6591 6592 func http2configureTransport(t1 *Transport) (*http2Transport, error) { 6593 connPool := new(http2clientConnPool) 6594 t2 := &http2Transport{ 6595 ConnPool: http2noDialClientConnPool{connPool}, 6596 t1: t1, 6597 } 6598 connPool.t = t2 6599 if err := http2registerHTTPSProtocol(t1, http2noDialH2RoundTripper{t2}); err != nil { 6600 return nil, err 6601 } 6602 if t1.TLSClientConfig == nil { 6603 t1.TLSClientConfig = new(tls.Config) 6604 } 6605 if !http2strSliceContains(t1.TLSClientConfig.NextProtos, "h2") { 6606 t1.TLSClientConfig.NextProtos = append([]string{"h2"}, t1.TLSClientConfig.NextProtos...) 6607 } 6608 if !http2strSliceContains(t1.TLSClientConfig.NextProtos, "http/1.1") { 6609 t1.TLSClientConfig.NextProtos = append(t1.TLSClientConfig.NextProtos, "http/1.1") 6610 } 6611 upgradeFn := func(authority string, c *tls.Conn) RoundTripper { 6612 addr := http2authorityAddr("https", authority) 6613 if used, err := connPool.addConnIfNeeded(addr, t2, c); err != nil { 6614 go c.Close() 6615 return http2erringRoundTripper{err} 6616 } else if !used { 6617 // Turns out we don't need this c. 6618 // For example, two goroutines made requests to the same host 6619 // at the same time, both kicking off TCP dials. (since protocol 6620 // was unknown) 6621 go c.Close() 6622 } 6623 return t2 6624 } 6625 if m := t1.TLSNextProto; len(m) == 0 { 6626 t1.TLSNextProto = map[string]func(string, *tls.Conn) RoundTripper{ 6627 "h2": upgradeFn, 6628 } 6629 } else { 6630 m["h2"] = upgradeFn 6631 } 6632 return t2, nil 6633 } 6634 6635 func (t *http2Transport) connPool() http2ClientConnPool { 6636 t.connPoolOnce.Do(t.initConnPool) 6637 return t.connPoolOrDef 6638 } 6639 6640 func (t *http2Transport) initConnPool() { 6641 if t.ConnPool != nil { 6642 t.connPoolOrDef = t.ConnPool 6643 } else { 6644 t.connPoolOrDef = &http2clientConnPool{t: t} 6645 } 6646 } 6647 6648 // ClientConn is the state of a single HTTP/2 client connection to an 6649 // HTTP/2 server. 6650 type http2ClientConn struct { 6651 t *http2Transport 6652 tconn net.Conn // usually *tls.Conn, except specialized impls 6653 tlsState *tls.ConnectionState // nil only for specialized impls 6654 singleUse bool // whether being used for a single http.Request 6655 6656 // readLoop goroutine fields: 6657 readerDone chan struct{} // closed on error 6658 readerErr error // set before readerDone is closed 6659 6660 idleTimeout time.Duration // or 0 for never 6661 idleTimer *time.Timer 6662 6663 mu sync.Mutex // guards following 6664 cond *sync.Cond // hold mu; broadcast on flow/closed changes 6665 flow http2flow // our conn-level flow control quota (cs.flow is per stream) 6666 inflow http2flow // peer's conn-level flow control 6667 closing bool 6668 closed bool 6669 wantSettingsAck bool // we sent a SETTINGS frame and haven't heard back 6670 goAway *http2GoAwayFrame // if non-nil, the GoAwayFrame we received 6671 goAwayDebug string // goAway frame's debug data, retained as a string 6672 streams map[uint32]*http2clientStream // client-initiated 6673 nextStreamID uint32 6674 pendingRequests int // requests blocked and waiting to be sent because len(streams) == maxConcurrentStreams 6675 pings map[[8]byte]chan struct{} // in flight ping data to notification channel 6676 bw *bufio.Writer 6677 br *bufio.Reader 6678 fr *http2Framer 6679 lastActive time.Time 6680 // Settings from peer: (also guarded by mu) 6681 maxFrameSize uint32 6682 maxConcurrentStreams uint32 6683 peerMaxHeaderListSize uint64 6684 initialWindowSize uint32 6685 6686 hbuf bytes.Buffer // HPACK encoder writes into this 6687 henc *hpack.Encoder 6688 freeBuf [][]byte 6689 6690 wmu sync.Mutex // held while writing; acquire AFTER mu if holding both 6691 werr error // first write error that has occurred 6692 } 6693 6694 // clientStream is the state for a single HTTP/2 stream. One of these 6695 // is created for each Transport.RoundTrip call. 6696 type http2clientStream struct { 6697 cc *http2ClientConn 6698 req *Request 6699 trace *httptrace.ClientTrace // or nil 6700 ID uint32 6701 resc chan http2resAndError 6702 bufPipe http2pipe // buffered pipe with the flow-controlled response payload 6703 startedWrite bool // started request body write; guarded by cc.mu 6704 requestedGzip bool 6705 on100 func() // optional code to run if get a 100 continue response 6706 6707 flow http2flow // guarded by cc.mu 6708 inflow http2flow // guarded by cc.mu 6709 bytesRemain int64 // -1 means unknown; owned by transportResponseBody.Read 6710 readErr error // sticky read error; owned by transportResponseBody.Read 6711 stopReqBody error // if non-nil, stop writing req body; guarded by cc.mu 6712 didReset bool // whether we sent a RST_STREAM to the server; guarded by cc.mu 6713 6714 peerReset chan struct{} // closed on peer reset 6715 resetErr error // populated before peerReset is closed 6716 6717 done chan struct{} // closed when stream remove from cc.streams map; close calls guarded by cc.mu 6718 6719 // owned by clientConnReadLoop: 6720 firstByte bool // got the first response byte 6721 pastHeaders bool // got first MetaHeadersFrame (actual headers) 6722 pastTrailers bool // got optional second MetaHeadersFrame (trailers) 6723 num1xx uint8 // number of 1xx responses seen 6724 6725 trailer Header // accumulated trailers 6726 resTrailer *Header // client's Response.Trailer 6727 } 6728 6729 // awaitRequestCancel waits for the user to cancel a request or for the done 6730 // channel to be signaled. A non-nil error is returned only if the request was 6731 // canceled. 6732 func http2awaitRequestCancel(req *Request, done <-chan struct{}) error { 6733 ctx := req.Context() 6734 if req.Cancel == nil && ctx.Done() == nil { 6735 return nil 6736 } 6737 select { 6738 case <-req.Cancel: 6739 return http2errRequestCanceled 6740 case <-ctx.Done(): 6741 return ctx.Err() 6742 case <-done: 6743 return nil 6744 } 6745 } 6746 6747 var http2got1xxFuncForTests func(int, textproto.MIMEHeader) error 6748 6749 // get1xxTraceFunc returns the value of request's httptrace.ClientTrace.Got1xxResponse func, 6750 // if any. It returns nil if not set or if the Go version is too old. 6751 func (cs *http2clientStream) get1xxTraceFunc() func(int, textproto.MIMEHeader) error { 6752 if fn := http2got1xxFuncForTests; fn != nil { 6753 return fn 6754 } 6755 return http2traceGot1xxResponseFunc(cs.trace) 6756 } 6757 6758 // awaitRequestCancel waits for the user to cancel a request, its context to 6759 // expire, or for the request to be done (any way it might be removed from the 6760 // cc.streams map: peer reset, successful completion, TCP connection breakage, 6761 // etc). If the request is canceled, then cs will be canceled and closed. 6762 func (cs *http2clientStream) awaitRequestCancel(req *Request) { 6763 if err := http2awaitRequestCancel(req, cs.done); err != nil { 6764 cs.cancelStream() 6765 cs.bufPipe.CloseWithError(err) 6766 } 6767 } 6768 6769 func (cs *http2clientStream) cancelStream() { 6770 cc := cs.cc 6771 cc.mu.Lock() 6772 didReset := cs.didReset 6773 cs.didReset = true 6774 cc.mu.Unlock() 6775 6776 if !didReset { 6777 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 6778 cc.forgetStreamID(cs.ID) 6779 } 6780 } 6781 6782 // checkResetOrDone reports any error sent in a RST_STREAM frame by the 6783 // server, or errStreamClosed if the stream is complete. 6784 func (cs *http2clientStream) checkResetOrDone() error { 6785 select { 6786 case <-cs.peerReset: 6787 return cs.resetErr 6788 case <-cs.done: 6789 return http2errStreamClosed 6790 default: 6791 return nil 6792 } 6793 } 6794 6795 func (cs *http2clientStream) getStartedWrite() bool { 6796 cc := cs.cc 6797 cc.mu.Lock() 6798 defer cc.mu.Unlock() 6799 return cs.startedWrite 6800 } 6801 6802 func (cs *http2clientStream) abortRequestBodyWrite(err error) { 6803 if err == nil { 6804 panic("nil error") 6805 } 6806 cc := cs.cc 6807 cc.mu.Lock() 6808 cs.stopReqBody = err 6809 cc.cond.Broadcast() 6810 cc.mu.Unlock() 6811 } 6812 6813 type http2stickyErrWriter struct { 6814 w io.Writer 6815 err *error 6816 } 6817 6818 func (sew http2stickyErrWriter) Write(p []byte) (n int, err error) { 6819 if *sew.err != nil { 6820 return 0, *sew.err 6821 } 6822 n, err = sew.w.Write(p) 6823 *sew.err = err 6824 return 6825 } 6826 6827 // noCachedConnError is the concrete type of ErrNoCachedConn, which 6828 // needs to be detected by net/http regardless of whether it's its 6829 // bundled version (in h2_bundle.go with a rewritten type name) or 6830 // from a user's x/net/http2. As such, as it has a unique method name 6831 // (IsHTTP2NoCachedConnError) that net/http sniffs for via func 6832 // isNoCachedConnError. 6833 type http2noCachedConnError struct{} 6834 6835 func (http2noCachedConnError) IsHTTP2NoCachedConnError() {} 6836 6837 func (http2noCachedConnError) Error() string { return "http2: no cached connection was available" } 6838 6839 // isNoCachedConnError reports whether err is of type noCachedConnError 6840 // or its equivalent renamed type in net/http2's h2_bundle.go. Both types 6841 // may coexist in the same running program. 6842 func http2isNoCachedConnError(err error) bool { 6843 _, ok := err.(interface{ IsHTTP2NoCachedConnError() }) 6844 return ok 6845 } 6846 6847 var http2ErrNoCachedConn error = http2noCachedConnError{} 6848 6849 // RoundTripOpt are options for the Transport.RoundTripOpt method. 6850 type http2RoundTripOpt struct { 6851 // OnlyCachedConn controls whether RoundTripOpt may 6852 // create a new TCP connection. If set true and 6853 // no cached connection is available, RoundTripOpt 6854 // will return ErrNoCachedConn. 6855 OnlyCachedConn bool 6856 } 6857 6858 func (t *http2Transport) RoundTrip(req *Request) (*Response, error) { 6859 return t.RoundTripOpt(req, http2RoundTripOpt{}) 6860 } 6861 6862 // authorityAddr returns a given authority (a host/IP, or host:port / ip:port) 6863 // and returns a host:port. The port 443 is added if needed. 6864 func http2authorityAddr(scheme string, authority string) (addr string) { 6865 host, port, err := net.SplitHostPort(authority) 6866 if err != nil { // authority didn't have a port 6867 port = "443" 6868 if scheme == "http" { 6869 port = "80" 6870 } 6871 host = authority 6872 } 6873 if a, err := idna.ToASCII(host); err == nil { 6874 host = a 6875 } 6876 // IPv6 address literal, without a port: 6877 if strings.HasPrefix(host, "[") && strings.HasSuffix(host, "]") { 6878 return host + ":" + port 6879 } 6880 return net.JoinHostPort(host, port) 6881 } 6882 6883 // RoundTripOpt is like RoundTrip, but takes options. 6884 func (t *http2Transport) RoundTripOpt(req *Request, opt http2RoundTripOpt) (*Response, error) { 6885 if !(req.URL.Scheme == "https" || (req.URL.Scheme == "http" && t.AllowHTTP)) { 6886 return nil, errors.New("http2: unsupported scheme") 6887 } 6888 6889 addr := http2authorityAddr(req.URL.Scheme, req.URL.Host) 6890 for retry := 0; ; retry++ { 6891 cc, err := t.connPool().GetClientConn(req, addr) 6892 if err != nil { 6893 t.vlogf("http2: Transport failed to get client conn for %s: %v", addr, err) 6894 return nil, err 6895 } 6896 http2traceGotConn(req, cc) 6897 res, gotErrAfterReqBodyWrite, err := cc.roundTrip(req) 6898 if err != nil && retry <= 6 { 6899 if req, err = http2shouldRetryRequest(req, err, gotErrAfterReqBodyWrite); err == nil { 6900 // After the first retry, do exponential backoff with 10% jitter. 6901 if retry == 0 { 6902 continue 6903 } 6904 backoff := float64(uint(1) << (uint(retry) - 1)) 6905 backoff += backoff * (0.1 * mathrand.Float64()) 6906 select { 6907 case <-time.After(time.Second * time.Duration(backoff)): 6908 continue 6909 case <-req.Context().Done(): 6910 return nil, req.Context().Err() 6911 } 6912 } 6913 } 6914 if err != nil { 6915 t.vlogf("RoundTrip failure: %v", err) 6916 return nil, err 6917 } 6918 return res, nil 6919 } 6920 } 6921 6922 // CloseIdleConnections closes any connections which were previously 6923 // connected from previous requests but are now sitting idle. 6924 // It does not interrupt any connections currently in use. 6925 func (t *http2Transport) CloseIdleConnections() { 6926 if cp, ok := t.connPool().(http2clientConnPoolIdleCloser); ok { 6927 cp.closeIdleConnections() 6928 } 6929 } 6930 6931 var ( 6932 http2errClientConnClosed = errors.New("http2: client conn is closed") 6933 http2errClientConnUnusable = errors.New("http2: client conn not usable") 6934 http2errClientConnGotGoAway = errors.New("http2: Transport received Server's graceful shutdown GOAWAY") 6935 ) 6936 6937 // shouldRetryRequest is called by RoundTrip when a request fails to get 6938 // response headers. It is always called with a non-nil error. 6939 // It returns either a request to retry (either the same request, or a 6940 // modified clone), or an error if the request can't be replayed. 6941 func http2shouldRetryRequest(req *Request, err error, afterBodyWrite bool) (*Request, error) { 6942 if !http2canRetryError(err) { 6943 return nil, err 6944 } 6945 // If the Body is nil (or http.NoBody), it's safe to reuse 6946 // this request and its Body. 6947 if req.Body == nil || req.Body == NoBody { 6948 return req, nil 6949 } 6950 6951 // If the request body can be reset back to its original 6952 // state via the optional req.GetBody, do that. 6953 if req.GetBody != nil { 6954 // TODO: consider a req.Body.Close here? or audit that all caller paths do? 6955 body, err := req.GetBody() 6956 if err != nil { 6957 return nil, err 6958 } 6959 newReq := *req 6960 newReq.Body = body 6961 return &newReq, nil 6962 } 6963 6964 // The Request.Body can't reset back to the beginning, but we 6965 // don't seem to have started to read from it yet, so reuse 6966 // the request directly. The "afterBodyWrite" means the 6967 // bodyWrite process has started, which becomes true before 6968 // the first Read. 6969 if !afterBodyWrite { 6970 return req, nil 6971 } 6972 6973 return nil, fmt.Errorf("http2: Transport: cannot retry err [%v] after Request.Body was written; define Request.GetBody to avoid this error", err) 6974 } 6975 6976 func http2canRetryError(err error) bool { 6977 if err == http2errClientConnUnusable || err == http2errClientConnGotGoAway { 6978 return true 6979 } 6980 if se, ok := err.(http2StreamError); ok { 6981 return se.Code == http2ErrCodeRefusedStream 6982 } 6983 return false 6984 } 6985 6986 func (t *http2Transport) dialClientConn(addr string, singleUse bool) (*http2ClientConn, error) { 6987 host, _, err := net.SplitHostPort(addr) 6988 if err != nil { 6989 return nil, err 6990 } 6991 tconn, err := t.dialTLS()("tcp", addr, t.newTLSConfig(host)) 6992 if err != nil { 6993 return nil, err 6994 } 6995 return t.newClientConn(tconn, singleUse) 6996 } 6997 6998 func (t *http2Transport) newTLSConfig(host string) *tls.Config { 6999 cfg := new(tls.Config) 7000 if t.TLSClientConfig != nil { 7001 *cfg = *t.TLSClientConfig.Clone() 7002 } 7003 if !http2strSliceContains(cfg.NextProtos, http2NextProtoTLS) { 7004 cfg.NextProtos = append([]string{http2NextProtoTLS}, cfg.NextProtos...) 7005 } 7006 if cfg.ServerName == "" { 7007 cfg.ServerName = host 7008 } 7009 return cfg 7010 } 7011 7012 func (t *http2Transport) dialTLS() func(string, string, *tls.Config) (net.Conn, error) { 7013 if t.DialTLS != nil { 7014 return t.DialTLS 7015 } 7016 return t.dialTLSDefault 7017 } 7018 7019 func (t *http2Transport) dialTLSDefault(network, addr string, cfg *tls.Config) (net.Conn, error) { 7020 cn, err := tls.Dial(network, addr, cfg) 7021 if err != nil { 7022 return nil, err 7023 } 7024 if err := cn.Handshake(); err != nil { 7025 return nil, err 7026 } 7027 if !cfg.InsecureSkipVerify { 7028 if err := cn.VerifyHostname(cfg.ServerName); err != nil { 7029 return nil, err 7030 } 7031 } 7032 state := cn.ConnectionState() 7033 if p := state.NegotiatedProtocol; p != http2NextProtoTLS { 7034 return nil, fmt.Errorf("http2: unexpected ALPN protocol %q; want %q", p, http2NextProtoTLS) 7035 } 7036 if !state.NegotiatedProtocolIsMutual { 7037 return nil, errors.New("http2: could not negotiate protocol mutually") 7038 } 7039 return cn, nil 7040 } 7041 7042 // disableKeepAlives reports whether connections should be closed as 7043 // soon as possible after handling the first request. 7044 func (t *http2Transport) disableKeepAlives() bool { 7045 return t.t1 != nil && t.t1.DisableKeepAlives 7046 } 7047 7048 func (t *http2Transport) expectContinueTimeout() time.Duration { 7049 if t.t1 == nil { 7050 return 0 7051 } 7052 return t.t1.ExpectContinueTimeout 7053 } 7054 7055 func (t *http2Transport) NewClientConn(c net.Conn) (*http2ClientConn, error) { 7056 return t.newClientConn(c, false) 7057 } 7058 7059 func (t *http2Transport) newClientConn(c net.Conn, singleUse bool) (*http2ClientConn, error) { 7060 cc := &http2ClientConn{ 7061 t: t, 7062 tconn: c, 7063 readerDone: make(chan struct{}), 7064 nextStreamID: 1, 7065 maxFrameSize: 16 << 10, // spec default 7066 initialWindowSize: 65535, // spec default 7067 maxConcurrentStreams: 1000, // "infinite", per spec. 1000 seems good enough. 7068 peerMaxHeaderListSize: 0xffffffffffffffff, // "infinite", per spec. Use 2^64-1 instead. 7069 streams: make(map[uint32]*http2clientStream), 7070 singleUse: singleUse, 7071 wantSettingsAck: true, 7072 pings: make(map[[8]byte]chan struct{}), 7073 } 7074 if d := t.idleConnTimeout(); d != 0 { 7075 cc.idleTimeout = d 7076 cc.idleTimer = time.AfterFunc(d, cc.onIdleTimeout) 7077 } 7078 if http2VerboseLogs { 7079 t.vlogf("http2: Transport creating client conn %p to %v", cc, c.RemoteAddr()) 7080 } 7081 7082 cc.cond = sync.NewCond(&cc.mu) 7083 cc.flow.add(int32(http2initialWindowSize)) 7084 7085 // TODO: adjust this writer size to account for frame size + 7086 // MTU + crypto/tls record padding. 7087 cc.bw = bufio.NewWriter(http2stickyErrWriter{c, &cc.werr}) 7088 cc.br = bufio.NewReader(c) 7089 cc.fr = http2NewFramer(cc.bw, cc.br) 7090 cc.fr.ReadMetaHeaders = hpack.NewDecoder(http2initialHeaderTableSize, nil) 7091 cc.fr.MaxHeaderListSize = t.maxHeaderListSize() 7092 7093 // TODO: SetMaxDynamicTableSize, SetMaxDynamicTableSizeLimit on 7094 // henc in response to SETTINGS frames? 7095 cc.henc = hpack.NewEncoder(&cc.hbuf) 7096 7097 if t.AllowHTTP { 7098 cc.nextStreamID = 3 7099 } 7100 7101 if cs, ok := c.(http2connectionStater); ok { 7102 state := cs.ConnectionState() 7103 cc.tlsState = &state 7104 } 7105 7106 initialSettings := []http2Setting{ 7107 {ID: http2SettingEnablePush, Val: 0}, 7108 {ID: http2SettingInitialWindowSize, Val: http2transportDefaultStreamFlow}, 7109 } 7110 if max := t.maxHeaderListSize(); max != 0 { 7111 initialSettings = append(initialSettings, http2Setting{ID: http2SettingMaxHeaderListSize, Val: max}) 7112 } 7113 7114 cc.bw.Write(http2clientPreface) 7115 cc.fr.WriteSettings(initialSettings...) 7116 cc.fr.WriteWindowUpdate(0, http2transportDefaultConnFlow) 7117 cc.inflow.add(http2transportDefaultConnFlow + http2initialWindowSize) 7118 cc.bw.Flush() 7119 if cc.werr != nil { 7120 return nil, cc.werr 7121 } 7122 7123 go cc.readLoop() 7124 return cc, nil 7125 } 7126 7127 func (cc *http2ClientConn) setGoAway(f *http2GoAwayFrame) { 7128 cc.mu.Lock() 7129 defer cc.mu.Unlock() 7130 7131 old := cc.goAway 7132 cc.goAway = f 7133 7134 // Merge the previous and current GoAway error frames. 7135 if cc.goAwayDebug == "" { 7136 cc.goAwayDebug = string(f.DebugData()) 7137 } 7138 if old != nil && old.ErrCode != http2ErrCodeNo { 7139 cc.goAway.ErrCode = old.ErrCode 7140 } 7141 last := f.LastStreamID 7142 for streamID, cs := range cc.streams { 7143 if streamID > last { 7144 select { 7145 case cs.resc <- http2resAndError{err: http2errClientConnGotGoAway}: 7146 default: 7147 } 7148 } 7149 } 7150 } 7151 7152 // CanTakeNewRequest reports whether the connection can take a new request, 7153 // meaning it has not been closed or received or sent a GOAWAY. 7154 func (cc *http2ClientConn) CanTakeNewRequest() bool { 7155 cc.mu.Lock() 7156 defer cc.mu.Unlock() 7157 return cc.canTakeNewRequestLocked() 7158 } 7159 7160 // clientConnIdleState describes the suitability of a client 7161 // connection to initiate a new RoundTrip request. 7162 type http2clientConnIdleState struct { 7163 canTakeNewRequest bool 7164 freshConn bool // whether it's unused by any previous request 7165 } 7166 7167 func (cc *http2ClientConn) idleState() http2clientConnIdleState { 7168 cc.mu.Lock() 7169 defer cc.mu.Unlock() 7170 return cc.idleStateLocked() 7171 } 7172 7173 func (cc *http2ClientConn) idleStateLocked() (st http2clientConnIdleState) { 7174 if cc.singleUse && cc.nextStreamID > 1 { 7175 return 7176 } 7177 var maxConcurrentOkay bool 7178 if cc.t.StrictMaxConcurrentStreams { 7179 // We'll tell the caller we can take a new request to 7180 // prevent the caller from dialing a new TCP 7181 // connection, but then we'll block later before 7182 // writing it. 7183 maxConcurrentOkay = true 7184 } else { 7185 maxConcurrentOkay = int64(len(cc.streams)+1) < int64(cc.maxConcurrentStreams) 7186 } 7187 7188 st.canTakeNewRequest = cc.goAway == nil && !cc.closed && !cc.closing && maxConcurrentOkay && 7189 int64(cc.nextStreamID)+2*int64(cc.pendingRequests) < math.MaxInt32 7190 st.freshConn = cc.nextStreamID == 1 && st.canTakeNewRequest 7191 return 7192 } 7193 7194 func (cc *http2ClientConn) canTakeNewRequestLocked() bool { 7195 st := cc.idleStateLocked() 7196 return st.canTakeNewRequest 7197 } 7198 7199 // onIdleTimeout is called from a time.AfterFunc goroutine. It will 7200 // only be called when we're idle, but because we're coming from a new 7201 // goroutine, there could be a new request coming in at the same time, 7202 // so this simply calls the synchronized closeIfIdle to shut down this 7203 // connection. The timer could just call closeIfIdle, but this is more 7204 // clear. 7205 func (cc *http2ClientConn) onIdleTimeout() { 7206 cc.closeIfIdle() 7207 } 7208 7209 func (cc *http2ClientConn) closeIfIdle() { 7210 cc.mu.Lock() 7211 if len(cc.streams) > 0 { 7212 cc.mu.Unlock() 7213 return 7214 } 7215 cc.closed = true 7216 nextID := cc.nextStreamID 7217 // TODO: do clients send GOAWAY too? maybe? Just Close: 7218 cc.mu.Unlock() 7219 7220 if http2VerboseLogs { 7221 cc.vlogf("http2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)", cc, cc.singleUse, nextID-2) 7222 } 7223 cc.tconn.Close() 7224 } 7225 7226 var http2shutdownEnterWaitStateHook = func() {} 7227 7228 // Shutdown gracefully close the client connection, waiting for running streams to complete. 7229 func (cc *http2ClientConn) Shutdown(ctx context.Context) error { 7230 if err := cc.sendGoAway(); err != nil { 7231 return err 7232 } 7233 // Wait for all in-flight streams to complete or connection to close 7234 done := make(chan error, 1) 7235 cancelled := false // guarded by cc.mu 7236 go func() { 7237 cc.mu.Lock() 7238 defer cc.mu.Unlock() 7239 for { 7240 if len(cc.streams) == 0 || cc.closed { 7241 cc.closed = true 7242 done <- cc.tconn.Close() 7243 break 7244 } 7245 if cancelled { 7246 break 7247 } 7248 cc.cond.Wait() 7249 } 7250 }() 7251 http2shutdownEnterWaitStateHook() 7252 select { 7253 case err := <-done: 7254 return err 7255 case <-ctx.Done(): 7256 cc.mu.Lock() 7257 // Free the goroutine above 7258 cancelled = true 7259 cc.cond.Broadcast() 7260 cc.mu.Unlock() 7261 return ctx.Err() 7262 } 7263 } 7264 7265 func (cc *http2ClientConn) sendGoAway() error { 7266 cc.mu.Lock() 7267 defer cc.mu.Unlock() 7268 cc.wmu.Lock() 7269 defer cc.wmu.Unlock() 7270 if cc.closing { 7271 // GOAWAY sent already 7272 return nil 7273 } 7274 // Send a graceful shutdown frame to server 7275 maxStreamID := cc.nextStreamID 7276 if err := cc.fr.WriteGoAway(maxStreamID, http2ErrCodeNo, nil); err != nil { 7277 return err 7278 } 7279 if err := cc.bw.Flush(); err != nil { 7280 return err 7281 } 7282 // Prevent new requests 7283 cc.closing = true 7284 return nil 7285 } 7286 7287 // Close closes the client connection immediately. 7288 // 7289 // In-flight requests are interrupted. For a graceful shutdown, use Shutdown instead. 7290 func (cc *http2ClientConn) Close() error { 7291 cc.mu.Lock() 7292 defer cc.cond.Broadcast() 7293 defer cc.mu.Unlock() 7294 err := errors.New("http2: client connection force closed via ClientConn.Close") 7295 for id, cs := range cc.streams { 7296 select { 7297 case cs.resc <- http2resAndError{err: err}: 7298 default: 7299 } 7300 cs.bufPipe.CloseWithError(err) 7301 delete(cc.streams, id) 7302 } 7303 cc.closed = true 7304 return cc.tconn.Close() 7305 } 7306 7307 const http2maxAllocFrameSize = 512 << 10 7308 7309 // frameBuffer returns a scratch buffer suitable for writing DATA frames. 7310 // They're capped at the min of the peer's max frame size or 512KB 7311 // (kinda arbitrarily), but definitely capped so we don't allocate 4GB 7312 // bufers. 7313 func (cc *http2ClientConn) frameScratchBuffer() []byte { 7314 cc.mu.Lock() 7315 size := cc.maxFrameSize 7316 if size > http2maxAllocFrameSize { 7317 size = http2maxAllocFrameSize 7318 } 7319 for i, buf := range cc.freeBuf { 7320 if len(buf) >= int(size) { 7321 cc.freeBuf[i] = nil 7322 cc.mu.Unlock() 7323 return buf[:size] 7324 } 7325 } 7326 cc.mu.Unlock() 7327 return make([]byte, size) 7328 } 7329 7330 func (cc *http2ClientConn) putFrameScratchBuffer(buf []byte) { 7331 cc.mu.Lock() 7332 defer cc.mu.Unlock() 7333 const maxBufs = 4 // arbitrary; 4 concurrent requests per conn? investigate. 7334 if len(cc.freeBuf) < maxBufs { 7335 cc.freeBuf = append(cc.freeBuf, buf) 7336 return 7337 } 7338 for i, old := range cc.freeBuf { 7339 if old == nil { 7340 cc.freeBuf[i] = buf 7341 return 7342 } 7343 } 7344 // forget about it. 7345 } 7346 7347 // errRequestCanceled is a copy of net/http's errRequestCanceled because it's not 7348 // exported. At least they'll be DeepEqual for h1-vs-h2 comparisons tests. 7349 var http2errRequestCanceled = errors.New("net/http: request canceled") 7350 7351 func http2commaSeparatedTrailers(req *Request) (string, error) { 7352 keys := make([]string, 0, len(req.Trailer)) 7353 for k := range req.Trailer { 7354 k = CanonicalHeaderKey(k) 7355 switch k { 7356 case "Transfer-Encoding", "Trailer", "Content-Length": 7357 return "", &http2badStringError{"invalid Trailer key", k} 7358 } 7359 keys = append(keys, k) 7360 } 7361 if len(keys) > 0 { 7362 sort.Strings(keys) 7363 return strings.Join(keys, ","), nil 7364 } 7365 return "", nil 7366 } 7367 7368 func (cc *http2ClientConn) responseHeaderTimeout() time.Duration { 7369 if cc.t.t1 != nil { 7370 return cc.t.t1.ResponseHeaderTimeout 7371 } 7372 // No way to do this (yet?) with just an http2.Transport. Probably 7373 // no need. Request.Cancel this is the new way. We only need to support 7374 // this for compatibility with the old http.Transport fields when 7375 // we're doing transparent http2. 7376 return 0 7377 } 7378 7379 // checkConnHeaders checks whether req has any invalid connection-level headers. 7380 // per RFC 7540 section 8.1.2.2: Connection-Specific Header Fields. 7381 // Certain headers are special-cased as okay but not transmitted later. 7382 func http2checkConnHeaders(req *Request) error { 7383 if v := req.Header.Get("Upgrade"); v != "" { 7384 return fmt.Errorf("http2: invalid Upgrade request header: %q", req.Header["Upgrade"]) 7385 } 7386 if vv := req.Header["Transfer-Encoding"]; len(vv) > 0 && (len(vv) > 1 || vv[0] != "" && vv[0] != "chunked") { 7387 return fmt.Errorf("http2: invalid Transfer-Encoding request header: %q", vv) 7388 } 7389 if vv := req.Header["Connection"]; len(vv) > 0 && (len(vv) > 1 || vv[0] != "" && !strings.EqualFold(vv[0], "close") && !strings.EqualFold(vv[0], "keep-alive")) { 7390 return fmt.Errorf("http2: invalid Connection request header: %q", vv) 7391 } 7392 return nil 7393 } 7394 7395 // actualContentLength returns a sanitized version of 7396 // req.ContentLength, where 0 actually means zero (not unknown) and -1 7397 // means unknown. 7398 func http2actualContentLength(req *Request) int64 { 7399 if req.Body == nil || req.Body == NoBody { 7400 return 0 7401 } 7402 if req.ContentLength != 0 { 7403 return req.ContentLength 7404 } 7405 return -1 7406 } 7407 7408 func (cc *http2ClientConn) RoundTrip(req *Request) (*Response, error) { 7409 resp, _, err := cc.roundTrip(req) 7410 return resp, err 7411 } 7412 7413 func (cc *http2ClientConn) roundTrip(req *Request) (res *Response, gotErrAfterReqBodyWrite bool, err error) { 7414 if err := http2checkConnHeaders(req); err != nil { 7415 return nil, false, err 7416 } 7417 if cc.idleTimer != nil { 7418 cc.idleTimer.Stop() 7419 } 7420 7421 trailers, err := http2commaSeparatedTrailers(req) 7422 if err != nil { 7423 return nil, false, err 7424 } 7425 hasTrailers := trailers != "" 7426 7427 cc.mu.Lock() 7428 if err := cc.awaitOpenSlotForRequest(req); err != nil { 7429 cc.mu.Unlock() 7430 return nil, false, err 7431 } 7432 7433 body := req.Body 7434 contentLen := http2actualContentLength(req) 7435 hasBody := contentLen != 0 7436 7437 // TODO(bradfitz): this is a copy of the logic in net/http. Unify somewhere? 7438 var requestedGzip bool 7439 if !cc.t.disableCompression() && 7440 req.Header.Get("Accept-Encoding") == "" && 7441 req.Header.Get("Range") == "" && 7442 req.Method != "HEAD" { 7443 // Request gzip only, not deflate. Deflate is ambiguous and 7444 // not as universally supported anyway. 7445 // See: http://www.gzip.org/zlib/zlib_faq.html#faq38 7446 // 7447 // Note that we don't request this for HEAD requests, 7448 // due to a bug in nginx: 7449 // http://trac.nginx.org/nginx/ticket/358 7450 // https://golang.org/issue/5522 7451 // 7452 // We don't request gzip if the request is for a range, since 7453 // auto-decoding a portion of a gzipped document will just fail 7454 // anyway. See https://golang.org/issue/8923 7455 requestedGzip = true 7456 } 7457 7458 // we send: HEADERS{1}, CONTINUATION{0,} + DATA{0,} (DATA is 7459 // sent by writeRequestBody below, along with any Trailers, 7460 // again in form HEADERS{1}, CONTINUATION{0,}) 7461 hdrs, err := cc.encodeHeaders(req, requestedGzip, trailers, contentLen) 7462 if err != nil { 7463 cc.mu.Unlock() 7464 return nil, false, err 7465 } 7466 7467 cs := cc.newStream() 7468 cs.req = req 7469 cs.trace = httptrace.ContextClientTrace(req.Context()) 7470 cs.requestedGzip = requestedGzip 7471 bodyWriter := cc.t.getBodyWriterState(cs, body) 7472 cs.on100 = bodyWriter.on100 7473 7474 cc.wmu.Lock() 7475 endStream := !hasBody && !hasTrailers 7476 werr := cc.writeHeaders(cs.ID, endStream, int(cc.maxFrameSize), hdrs) 7477 cc.wmu.Unlock() 7478 http2traceWroteHeaders(cs.trace) 7479 cc.mu.Unlock() 7480 7481 if werr != nil { 7482 if hasBody { 7483 req.Body.Close() // per RoundTripper contract 7484 bodyWriter.cancel() 7485 } 7486 cc.forgetStreamID(cs.ID) 7487 // Don't bother sending a RST_STREAM (our write already failed; 7488 // no need to keep writing) 7489 http2traceWroteRequest(cs.trace, werr) 7490 return nil, false, werr 7491 } 7492 7493 var respHeaderTimer <-chan time.Time 7494 if hasBody { 7495 bodyWriter.scheduleBodyWrite() 7496 } else { 7497 http2traceWroteRequest(cs.trace, nil) 7498 if d := cc.responseHeaderTimeout(); d != 0 { 7499 timer := time.NewTimer(d) 7500 defer timer.Stop() 7501 respHeaderTimer = timer.C 7502 } 7503 } 7504 7505 readLoopResCh := cs.resc 7506 bodyWritten := false 7507 ctx := req.Context() 7508 7509 handleReadLoopResponse := func(re http2resAndError) (*Response, bool, error) { 7510 res := re.res 7511 if re.err != nil || res.StatusCode > 299 { 7512 // On error or status code 3xx, 4xx, 5xx, etc abort any 7513 // ongoing write, assuming that the server doesn't care 7514 // about our request body. If the server replied with 1xx or 7515 // 2xx, however, then assume the server DOES potentially 7516 // want our body (e.g. full-duplex streaming: 7517 // golang.org/issue/13444). If it turns out the server 7518 // doesn't, they'll RST_STREAM us soon enough. This is a 7519 // heuristic to avoid adding knobs to Transport. Hopefully 7520 // we can keep it. 7521 bodyWriter.cancel() 7522 cs.abortRequestBodyWrite(http2errStopReqBodyWrite) 7523 } 7524 if re.err != nil { 7525 cc.forgetStreamID(cs.ID) 7526 return nil, cs.getStartedWrite(), re.err 7527 } 7528 res.Request = req 7529 res.TLS = cc.tlsState 7530 return res, false, nil 7531 } 7532 7533 for { 7534 select { 7535 case re := <-readLoopResCh: 7536 return handleReadLoopResponse(re) 7537 case <-respHeaderTimer: 7538 if !hasBody || bodyWritten { 7539 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 7540 } else { 7541 bodyWriter.cancel() 7542 cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel) 7543 } 7544 cc.forgetStreamID(cs.ID) 7545 return nil, cs.getStartedWrite(), http2errTimeout 7546 case <-ctx.Done(): 7547 if !hasBody || bodyWritten { 7548 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 7549 } else { 7550 bodyWriter.cancel() 7551 cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel) 7552 } 7553 cc.forgetStreamID(cs.ID) 7554 return nil, cs.getStartedWrite(), ctx.Err() 7555 case <-req.Cancel: 7556 if !hasBody || bodyWritten { 7557 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 7558 } else { 7559 bodyWriter.cancel() 7560 cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel) 7561 } 7562 cc.forgetStreamID(cs.ID) 7563 return nil, cs.getStartedWrite(), http2errRequestCanceled 7564 case <-cs.peerReset: 7565 // processResetStream already removed the 7566 // stream from the streams map; no need for 7567 // forgetStreamID. 7568 return nil, cs.getStartedWrite(), cs.resetErr 7569 case err := <-bodyWriter.resc: 7570 // Prefer the read loop's response, if available. Issue 16102. 7571 select { 7572 case re := <-readLoopResCh: 7573 return handleReadLoopResponse(re) 7574 default: 7575 } 7576 if err != nil { 7577 cc.forgetStreamID(cs.ID) 7578 return nil, cs.getStartedWrite(), err 7579 } 7580 bodyWritten = true 7581 if d := cc.responseHeaderTimeout(); d != 0 { 7582 timer := time.NewTimer(d) 7583 defer timer.Stop() 7584 respHeaderTimer = timer.C 7585 } 7586 } 7587 } 7588 } 7589 7590 // awaitOpenSlotForRequest waits until len(streams) < maxConcurrentStreams. 7591 // Must hold cc.mu. 7592 func (cc *http2ClientConn) awaitOpenSlotForRequest(req *Request) error { 7593 var waitingForConn chan struct{} 7594 var waitingForConnErr error // guarded by cc.mu 7595 for { 7596 cc.lastActive = time.Now() 7597 if cc.closed || !cc.canTakeNewRequestLocked() { 7598 if waitingForConn != nil { 7599 close(waitingForConn) 7600 } 7601 return http2errClientConnUnusable 7602 } 7603 if int64(len(cc.streams))+1 <= int64(cc.maxConcurrentStreams) { 7604 if waitingForConn != nil { 7605 close(waitingForConn) 7606 } 7607 return nil 7608 } 7609 // Unfortunately, we cannot wait on a condition variable and channel at 7610 // the same time, so instead, we spin up a goroutine to check if the 7611 // request is canceled while we wait for a slot to open in the connection. 7612 if waitingForConn == nil { 7613 waitingForConn = make(chan struct{}) 7614 go func() { 7615 if err := http2awaitRequestCancel(req, waitingForConn); err != nil { 7616 cc.mu.Lock() 7617 waitingForConnErr = err 7618 cc.cond.Broadcast() 7619 cc.mu.Unlock() 7620 } 7621 }() 7622 } 7623 cc.pendingRequests++ 7624 cc.cond.Wait() 7625 cc.pendingRequests-- 7626 if waitingForConnErr != nil { 7627 return waitingForConnErr 7628 } 7629 } 7630 } 7631 7632 // requires cc.wmu be held 7633 func (cc *http2ClientConn) writeHeaders(streamID uint32, endStream bool, maxFrameSize int, hdrs []byte) error { 7634 first := true // first frame written (HEADERS is first, then CONTINUATION) 7635 for len(hdrs) > 0 && cc.werr == nil { 7636 chunk := hdrs 7637 if len(chunk) > maxFrameSize { 7638 chunk = chunk[:maxFrameSize] 7639 } 7640 hdrs = hdrs[len(chunk):] 7641 endHeaders := len(hdrs) == 0 7642 if first { 7643 cc.fr.WriteHeaders(http2HeadersFrameParam{ 7644 StreamID: streamID, 7645 BlockFragment: chunk, 7646 EndStream: endStream, 7647 EndHeaders: endHeaders, 7648 }) 7649 first = false 7650 } else { 7651 cc.fr.WriteContinuation(streamID, endHeaders, chunk) 7652 } 7653 } 7654 // TODO(bradfitz): this Flush could potentially block (as 7655 // could the WriteHeaders call(s) above), which means they 7656 // wouldn't respond to Request.Cancel being readable. That's 7657 // rare, but this should probably be in a goroutine. 7658 cc.bw.Flush() 7659 return cc.werr 7660 } 7661 7662 // internal error values; they don't escape to callers 7663 var ( 7664 // abort request body write; don't send cancel 7665 http2errStopReqBodyWrite = errors.New("http2: aborting request body write") 7666 7667 // abort request body write, but send stream reset of cancel. 7668 http2errStopReqBodyWriteAndCancel = errors.New("http2: canceling request") 7669 ) 7670 7671 func (cs *http2clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) (err error) { 7672 cc := cs.cc 7673 sentEnd := false // whether we sent the final DATA frame w/ END_STREAM 7674 buf := cc.frameScratchBuffer() 7675 defer cc.putFrameScratchBuffer(buf) 7676 7677 defer func() { 7678 http2traceWroteRequest(cs.trace, err) 7679 // TODO: write h12Compare test showing whether 7680 // Request.Body is closed by the Transport, 7681 // and in multiple cases: server replies <=299 and >299 7682 // while still writing request body 7683 cerr := bodyCloser.Close() 7684 if err == nil { 7685 err = cerr 7686 } 7687 }() 7688 7689 req := cs.req 7690 hasTrailers := req.Trailer != nil 7691 7692 var sawEOF bool 7693 for !sawEOF { 7694 n, err := body.Read(buf) 7695 if err == io.EOF { 7696 sawEOF = true 7697 err = nil 7698 } else if err != nil { 7699 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, err) 7700 return err 7701 } 7702 7703 remain := buf[:n] 7704 for len(remain) > 0 && err == nil { 7705 var allowed int32 7706 allowed, err = cs.awaitFlowControl(len(remain)) 7707 switch { 7708 case err == http2errStopReqBodyWrite: 7709 return err 7710 case err == http2errStopReqBodyWriteAndCancel: 7711 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 7712 return err 7713 case err != nil: 7714 return err 7715 } 7716 cc.wmu.Lock() 7717 data := remain[:allowed] 7718 remain = remain[allowed:] 7719 sentEnd = sawEOF && len(remain) == 0 && !hasTrailers 7720 err = cc.fr.WriteData(cs.ID, sentEnd, data) 7721 if err == nil { 7722 // TODO(bradfitz): this flush is for latency, not bandwidth. 7723 // Most requests won't need this. Make this opt-in or 7724 // opt-out? Use some heuristic on the body type? Nagel-like 7725 // timers? Based on 'n'? Only last chunk of this for loop, 7726 // unless flow control tokens are low? For now, always. 7727 // If we change this, see comment below. 7728 err = cc.bw.Flush() 7729 } 7730 cc.wmu.Unlock() 7731 } 7732 if err != nil { 7733 return err 7734 } 7735 } 7736 7737 if sentEnd { 7738 // Already sent END_STREAM (which implies we have no 7739 // trailers) and flushed, because currently all 7740 // WriteData frames above get a flush. So we're done. 7741 return nil 7742 } 7743 7744 var trls []byte 7745 if hasTrailers { 7746 cc.mu.Lock() 7747 trls, err = cc.encodeTrailers(req) 7748 cc.mu.Unlock() 7749 if err != nil { 7750 cc.writeStreamReset(cs.ID, http2ErrCodeInternal, err) 7751 cc.forgetStreamID(cs.ID) 7752 return err 7753 } 7754 } 7755 7756 cc.mu.Lock() 7757 maxFrameSize := int(cc.maxFrameSize) 7758 cc.mu.Unlock() 7759 7760 cc.wmu.Lock() 7761 defer cc.wmu.Unlock() 7762 7763 // Two ways to send END_STREAM: either with trailers, or 7764 // with an empty DATA frame. 7765 if len(trls) > 0 { 7766 err = cc.writeHeaders(cs.ID, true, maxFrameSize, trls) 7767 } else { 7768 err = cc.fr.WriteData(cs.ID, true, nil) 7769 } 7770 if ferr := cc.bw.Flush(); ferr != nil && err == nil { 7771 err = ferr 7772 } 7773 return err 7774 } 7775 7776 // awaitFlowControl waits for [1, min(maxBytes, cc.cs.maxFrameSize)] flow 7777 // control tokens from the server. 7778 // It returns either the non-zero number of tokens taken or an error 7779 // if the stream is dead. 7780 func (cs *http2clientStream) awaitFlowControl(maxBytes int) (taken int32, err error) { 7781 cc := cs.cc 7782 cc.mu.Lock() 7783 defer cc.mu.Unlock() 7784 for { 7785 if cc.closed { 7786 return 0, http2errClientConnClosed 7787 } 7788 if cs.stopReqBody != nil { 7789 return 0, cs.stopReqBody 7790 } 7791 if err := cs.checkResetOrDone(); err != nil { 7792 return 0, err 7793 } 7794 if a := cs.flow.available(); a > 0 { 7795 take := a 7796 if int(take) > maxBytes { 7797 7798 take = int32(maxBytes) // can't truncate int; take is int32 7799 } 7800 if take > int32(cc.maxFrameSize) { 7801 take = int32(cc.maxFrameSize) 7802 } 7803 cs.flow.take(take) 7804 return take, nil 7805 } 7806 cc.cond.Wait() 7807 } 7808 } 7809 7810 type http2badStringError struct { 7811 what string 7812 str string 7813 } 7814 7815 func (e *http2badStringError) Error() string { return fmt.Sprintf("%s %q", e.what, e.str) } 7816 7817 // requires cc.mu be held. 7818 func (cc *http2ClientConn) encodeHeaders(req *Request, addGzipHeader bool, trailers string, contentLength int64) ([]byte, error) { 7819 cc.hbuf.Reset() 7820 7821 host := req.Host 7822 if host == "" { 7823 host = req.URL.Host 7824 } 7825 host, err := httpguts.PunycodeHostPort(host) 7826 if err != nil { 7827 return nil, err 7828 } 7829 7830 var path string 7831 if req.Method != "CONNECT" { 7832 path = req.URL.RequestURI() 7833 if !http2validPseudoPath(path) { 7834 orig := path 7835 path = strings.TrimPrefix(path, req.URL.Scheme+"://"+host) 7836 if !http2validPseudoPath(path) { 7837 if req.URL.Opaque != "" { 7838 return nil, fmt.Errorf("invalid request :path %q from URL.Opaque = %q", orig, req.URL.Opaque) 7839 } else { 7840 return nil, fmt.Errorf("invalid request :path %q", orig) 7841 } 7842 } 7843 } 7844 } 7845 7846 // Check for any invalid headers and return an error before we 7847 // potentially pollute our hpack state. (We want to be able to 7848 // continue to reuse the hpack encoder for future requests) 7849 for k, vv := range req.Header { 7850 if !httpguts.ValidHeaderFieldName(k) { 7851 return nil, fmt.Errorf("invalid HTTP header name %q", k) 7852 } 7853 for _, v := range vv { 7854 if !httpguts.ValidHeaderFieldValue(v) { 7855 return nil, fmt.Errorf("invalid HTTP header value %q for header %q", v, k) 7856 } 7857 } 7858 } 7859 7860 enumerateHeaders := func(f func(name, value string)) { 7861 // 8.1.2.3 Request Pseudo-Header Fields 7862 // The :path pseudo-header field includes the path and query parts of the 7863 // target URI (the path-absolute production and optionally a '?' character 7864 // followed by the query production (see Sections 3.3 and 3.4 of 7865 // [RFC3986]). 7866 f(":authority", host) 7867 f(":method", req.Method) 7868 if req.Method != "CONNECT" { 7869 f(":path", path) 7870 f(":scheme", req.URL.Scheme) 7871 } 7872 if trailers != "" { 7873 f("trailer", trailers) 7874 } 7875 7876 var didUA bool 7877 for k, vv := range req.Header { 7878 if strings.EqualFold(k, "host") || strings.EqualFold(k, "content-length") { 7879 // Host is :authority, already sent. 7880 // Content-Length is automatic, set below. 7881 continue 7882 } else if strings.EqualFold(k, "connection") || strings.EqualFold(k, "proxy-connection") || 7883 strings.EqualFold(k, "transfer-encoding") || strings.EqualFold(k, "upgrade") || 7884 strings.EqualFold(k, "keep-alive") { 7885 // Per 8.1.2.2 Connection-Specific Header 7886 // Fields, don't send connection-specific 7887 // fields. We have already checked if any 7888 // are error-worthy so just ignore the rest. 7889 continue 7890 } else if strings.EqualFold(k, "user-agent") { 7891 // Match Go's http1 behavior: at most one 7892 // User-Agent. If set to nil or empty string, 7893 // then omit it. Otherwise if not mentioned, 7894 // include the default (below). 7895 didUA = true 7896 if len(vv) < 1 { 7897 continue 7898 } 7899 vv = vv[:1] 7900 if vv[0] == "" { 7901 continue 7902 } 7903 7904 } 7905 7906 for _, v := range vv { 7907 f(k, v) 7908 } 7909 } 7910 if http2shouldSendReqContentLength(req.Method, contentLength) { 7911 f("content-length", strconv.FormatInt(contentLength, 10)) 7912 } 7913 if addGzipHeader { 7914 f("accept-encoding", "gzip") 7915 } 7916 if !didUA { 7917 f("user-agent", http2defaultUserAgent) 7918 } 7919 } 7920 7921 // Do a first pass over the headers counting bytes to ensure 7922 // we don't exceed cc.peerMaxHeaderListSize. This is done as a 7923 // separate pass before encoding the headers to prevent 7924 // modifying the hpack state. 7925 hlSize := uint64(0) 7926 enumerateHeaders(func(name, value string) { 7927 hf := hpack.HeaderField{Name: name, Value: value} 7928 hlSize += uint64(hf.Size()) 7929 }) 7930 7931 if hlSize > cc.peerMaxHeaderListSize { 7932 return nil, http2errRequestHeaderListSize 7933 } 7934 7935 trace := httptrace.ContextClientTrace(req.Context()) 7936 traceHeaders := http2traceHasWroteHeaderField(trace) 7937 7938 // Header list size is ok. Write the headers. 7939 enumerateHeaders(func(name, value string) { 7940 name = strings.ToLower(name) 7941 cc.writeHeader(name, value) 7942 if traceHeaders { 7943 http2traceWroteHeaderField(trace, name, value) 7944 } 7945 }) 7946 7947 return cc.hbuf.Bytes(), nil 7948 } 7949 7950 // shouldSendReqContentLength reports whether the http2.Transport should send 7951 // a "content-length" request header. This logic is basically a copy of the net/http 7952 // transferWriter.shouldSendContentLength. 7953 // The contentLength is the corrected contentLength (so 0 means actually 0, not unknown). 7954 // -1 means unknown. 7955 func http2shouldSendReqContentLength(method string, contentLength int64) bool { 7956 if contentLength > 0 { 7957 return true 7958 } 7959 if contentLength < 0 { 7960 return false 7961 } 7962 // For zero bodies, whether we send a content-length depends on the method. 7963 // It also kinda doesn't matter for http2 either way, with END_STREAM. 7964 switch method { 7965 case "POST", "PUT", "PATCH": 7966 return true 7967 default: 7968 return false 7969 } 7970 } 7971 7972 // requires cc.mu be held. 7973 func (cc *http2ClientConn) encodeTrailers(req *Request) ([]byte, error) { 7974 cc.hbuf.Reset() 7975 7976 hlSize := uint64(0) 7977 for k, vv := range req.Trailer { 7978 for _, v := range vv { 7979 hf := hpack.HeaderField{Name: k, Value: v} 7980 hlSize += uint64(hf.Size()) 7981 } 7982 } 7983 if hlSize > cc.peerMaxHeaderListSize { 7984 return nil, http2errRequestHeaderListSize 7985 } 7986 7987 for k, vv := range req.Trailer { 7988 // Transfer-Encoding, etc.. have already been filtered at the 7989 // start of RoundTrip 7990 lowKey := strings.ToLower(k) 7991 for _, v := range vv { 7992 cc.writeHeader(lowKey, v) 7993 } 7994 } 7995 return cc.hbuf.Bytes(), nil 7996 } 7997 7998 func (cc *http2ClientConn) writeHeader(name, value string) { 7999 if http2VerboseLogs { 8000 log.Printf("http2: Transport encoding header %q = %q", name, value) 8001 } 8002 cc.henc.WriteField(hpack.HeaderField{Name: name, Value: value}) 8003 } 8004 8005 type http2resAndError struct { 8006 res *Response 8007 err error 8008 } 8009 8010 // requires cc.mu be held. 8011 func (cc *http2ClientConn) newStream() *http2clientStream { 8012 cs := &http2clientStream{ 8013 cc: cc, 8014 ID: cc.nextStreamID, 8015 resc: make(chan http2resAndError, 1), 8016 peerReset: make(chan struct{}), 8017 done: make(chan struct{}), 8018 } 8019 cs.flow.add(int32(cc.initialWindowSize)) 8020 cs.flow.setConnFlow(&cc.flow) 8021 cs.inflow.add(http2transportDefaultStreamFlow) 8022 cs.inflow.setConnFlow(&cc.inflow) 8023 cc.nextStreamID += 2 8024 cc.streams[cs.ID] = cs 8025 return cs 8026 } 8027 8028 func (cc *http2ClientConn) forgetStreamID(id uint32) { 8029 cc.streamByID(id, true) 8030 } 8031 8032 func (cc *http2ClientConn) streamByID(id uint32, andRemove bool) *http2clientStream { 8033 cc.mu.Lock() 8034 defer cc.mu.Unlock() 8035 cs := cc.streams[id] 8036 if andRemove && cs != nil && !cc.closed { 8037 cc.lastActive = time.Now() 8038 delete(cc.streams, id) 8039 if len(cc.streams) == 0 && cc.idleTimer != nil { 8040 cc.idleTimer.Reset(cc.idleTimeout) 8041 } 8042 close(cs.done) 8043 // Wake up checkResetOrDone via clientStream.awaitFlowControl and 8044 // wake up RoundTrip if there is a pending request. 8045 cc.cond.Broadcast() 8046 } 8047 return cs 8048 } 8049 8050 // clientConnReadLoop is the state owned by the clientConn's frame-reading readLoop. 8051 type http2clientConnReadLoop struct { 8052 cc *http2ClientConn 8053 closeWhenIdle bool 8054 } 8055 8056 // readLoop runs in its own goroutine and reads and dispatches frames. 8057 func (cc *http2ClientConn) readLoop() { 8058 rl := &http2clientConnReadLoop{cc: cc} 8059 defer rl.cleanup() 8060 cc.readerErr = rl.run() 8061 if ce, ok := cc.readerErr.(http2ConnectionError); ok { 8062 cc.wmu.Lock() 8063 cc.fr.WriteGoAway(0, http2ErrCode(ce), nil) 8064 cc.wmu.Unlock() 8065 } 8066 } 8067 8068 // GoAwayError is returned by the Transport when the server closes the 8069 // TCP connection after sending a GOAWAY frame. 8070 type http2GoAwayError struct { 8071 LastStreamID uint32 8072 ErrCode http2ErrCode 8073 DebugData string 8074 } 8075 8076 func (e http2GoAwayError) Error() string { 8077 return fmt.Sprintf("http2: server sent GOAWAY and closed the connection; LastStreamID=%v, ErrCode=%v, debug=%q", 8078 e.LastStreamID, e.ErrCode, e.DebugData) 8079 } 8080 8081 func http2isEOFOrNetReadError(err error) bool { 8082 if err == io.EOF { 8083 return true 8084 } 8085 ne, ok := err.(*net.OpError) 8086 return ok && ne.Op == "read" 8087 } 8088 8089 func (rl *http2clientConnReadLoop) cleanup() { 8090 cc := rl.cc 8091 defer cc.tconn.Close() 8092 defer cc.t.connPool().MarkDead(cc) 8093 defer close(cc.readerDone) 8094 8095 if cc.idleTimer != nil { 8096 cc.idleTimer.Stop() 8097 } 8098 8099 // Close any response bodies if the server closes prematurely. 8100 // TODO: also do this if we've written the headers but not 8101 // gotten a response yet. 8102 err := cc.readerErr 8103 cc.mu.Lock() 8104 if cc.goAway != nil && http2isEOFOrNetReadError(err) { 8105 err = http2GoAwayError{ 8106 LastStreamID: cc.goAway.LastStreamID, 8107 ErrCode: cc.goAway.ErrCode, 8108 DebugData: cc.goAwayDebug, 8109 } 8110 } else if err == io.EOF { 8111 err = io.ErrUnexpectedEOF 8112 } 8113 for _, cs := range cc.streams { 8114 cs.bufPipe.CloseWithError(err) // no-op if already closed 8115 select { 8116 case cs.resc <- http2resAndError{err: err}: 8117 default: 8118 } 8119 close(cs.done) 8120 } 8121 cc.closed = true 8122 cc.cond.Broadcast() 8123 cc.mu.Unlock() 8124 } 8125 8126 func (rl *http2clientConnReadLoop) run() error { 8127 cc := rl.cc 8128 rl.closeWhenIdle = cc.t.disableKeepAlives() || cc.singleUse 8129 gotReply := false // ever saw a HEADERS reply 8130 gotSettings := false 8131 for { 8132 f, err := cc.fr.ReadFrame() 8133 if err != nil { 8134 cc.vlogf("http2: Transport readFrame error on conn %p: (%T) %v", cc, err, err) 8135 } 8136 if se, ok := err.(http2StreamError); ok { 8137 if cs := cc.streamByID(se.StreamID, false); cs != nil { 8138 cs.cc.writeStreamReset(cs.ID, se.Code, err) 8139 cs.cc.forgetStreamID(cs.ID) 8140 if se.Cause == nil { 8141 se.Cause = cc.fr.errDetail 8142 } 8143 rl.endStreamError(cs, se) 8144 } 8145 continue 8146 } else if err != nil { 8147 return err 8148 } 8149 if http2VerboseLogs { 8150 cc.vlogf("http2: Transport received %s", http2summarizeFrame(f)) 8151 } 8152 if !gotSettings { 8153 if _, ok := f.(*http2SettingsFrame); !ok { 8154 cc.logf("protocol error: received %T before a SETTINGS frame", f) 8155 return http2ConnectionError(http2ErrCodeProtocol) 8156 } 8157 gotSettings = true 8158 } 8159 maybeIdle := false // whether frame might transition us to idle 8160 8161 switch f := f.(type) { 8162 case *http2MetaHeadersFrame: 8163 err = rl.processHeaders(f) 8164 maybeIdle = true 8165 gotReply = true 8166 case *http2DataFrame: 8167 err = rl.processData(f) 8168 maybeIdle = true 8169 case *http2GoAwayFrame: 8170 err = rl.processGoAway(f) 8171 maybeIdle = true 8172 case *http2RSTStreamFrame: 8173 err = rl.processResetStream(f) 8174 maybeIdle = true 8175 case *http2SettingsFrame: 8176 err = rl.processSettings(f) 8177 case *http2PushPromiseFrame: 8178 err = rl.processPushPromise(f) 8179 case *http2WindowUpdateFrame: 8180 err = rl.processWindowUpdate(f) 8181 case *http2PingFrame: 8182 err = rl.processPing(f) 8183 default: 8184 cc.logf("Transport: unhandled response frame type %T", f) 8185 } 8186 if err != nil { 8187 if http2VerboseLogs { 8188 cc.vlogf("http2: Transport conn %p received error from processing frame %v: %v", cc, http2summarizeFrame(f), err) 8189 } 8190 return err 8191 } 8192 if rl.closeWhenIdle && gotReply && maybeIdle { 8193 cc.closeIfIdle() 8194 } 8195 } 8196 } 8197 8198 func (rl *http2clientConnReadLoop) processHeaders(f *http2MetaHeadersFrame) error { 8199 cc := rl.cc 8200 cs := cc.streamByID(f.StreamID, false) 8201 if cs == nil { 8202 // We'd get here if we canceled a request while the 8203 // server had its response still in flight. So if this 8204 // was just something we canceled, ignore it. 8205 return nil 8206 } 8207 if f.StreamEnded() { 8208 // Issue 20521: If the stream has ended, streamByID() causes 8209 // clientStream.done to be closed, which causes the request's bodyWriter 8210 // to be closed with an errStreamClosed, which may be received by 8211 // clientConn.RoundTrip before the result of processing these headers. 8212 // Deferring stream closure allows the header processing to occur first. 8213 // clientConn.RoundTrip may still receive the bodyWriter error first, but 8214 // the fix for issue 16102 prioritises any response. 8215 // 8216 // Issue 22413: If there is no request body, we should close the 8217 // stream before writing to cs.resc so that the stream is closed 8218 // immediately once RoundTrip returns. 8219 if cs.req.Body != nil { 8220 defer cc.forgetStreamID(f.StreamID) 8221 } else { 8222 cc.forgetStreamID(f.StreamID) 8223 } 8224 } 8225 if !cs.firstByte { 8226 if cs.trace != nil { 8227 // TODO(bradfitz): move first response byte earlier, 8228 // when we first read the 9 byte header, not waiting 8229 // until all the HEADERS+CONTINUATION frames have been 8230 // merged. This works for now. 8231 http2traceFirstResponseByte(cs.trace) 8232 } 8233 cs.firstByte = true 8234 } 8235 if !cs.pastHeaders { 8236 cs.pastHeaders = true 8237 } else { 8238 return rl.processTrailers(cs, f) 8239 } 8240 8241 res, err := rl.handleResponse(cs, f) 8242 if err != nil { 8243 if _, ok := err.(http2ConnectionError); ok { 8244 return err 8245 } 8246 // Any other error type is a stream error. 8247 cs.cc.writeStreamReset(f.StreamID, http2ErrCodeProtocol, err) 8248 cc.forgetStreamID(cs.ID) 8249 cs.resc <- http2resAndError{err: err} 8250 return nil // return nil from process* funcs to keep conn alive 8251 } 8252 if res == nil { 8253 // (nil, nil) special case. See handleResponse docs. 8254 return nil 8255 } 8256 cs.resTrailer = &res.Trailer 8257 cs.resc <- http2resAndError{res: res} 8258 return nil 8259 } 8260 8261 // may return error types nil, or ConnectionError. Any other error value 8262 // is a StreamError of type ErrCodeProtocol. The returned error in that case 8263 // is the detail. 8264 // 8265 // As a special case, handleResponse may return (nil, nil) to skip the 8266 // frame (currently only used for 1xx responses). 8267 func (rl *http2clientConnReadLoop) handleResponse(cs *http2clientStream, f *http2MetaHeadersFrame) (*Response, error) { 8268 if f.Truncated { 8269 return nil, http2errResponseHeaderListSize 8270 } 8271 8272 status := f.PseudoValue("status") 8273 if status == "" { 8274 return nil, errors.New("malformed response from server: missing status pseudo header") 8275 } 8276 statusCode, err := strconv.Atoi(status) 8277 if err != nil { 8278 return nil, errors.New("malformed response from server: malformed non-numeric status pseudo header") 8279 } 8280 8281 header := make(Header) 8282 res := &Response{ 8283 Proto: "HTTP/2.0", 8284 ProtoMajor: 2, 8285 Header: header, 8286 StatusCode: statusCode, 8287 Status: status + " " + StatusText(statusCode), 8288 } 8289 for _, hf := range f.RegularFields() { 8290 key := CanonicalHeaderKey(hf.Name) 8291 if key == "Trailer" { 8292 t := res.Trailer 8293 if t == nil { 8294 t = make(Header) 8295 res.Trailer = t 8296 } 8297 http2foreachHeaderElement(hf.Value, func(v string) { 8298 t[CanonicalHeaderKey(v)] = nil 8299 }) 8300 } else { 8301 header[key] = append(header[key], hf.Value) 8302 } 8303 } 8304 8305 if statusCode >= 100 && statusCode <= 199 { 8306 cs.num1xx++ 8307 const max1xxResponses = 5 // arbitrary bound on number of informational responses, same as net/http 8308 if cs.num1xx > max1xxResponses { 8309 return nil, errors.New("http2: too many 1xx informational responses") 8310 } 8311 if fn := cs.get1xxTraceFunc(); fn != nil { 8312 if err := fn(statusCode, textproto.MIMEHeader(header)); err != nil { 8313 return nil, err 8314 } 8315 } 8316 if statusCode == 100 { 8317 http2traceGot100Continue(cs.trace) 8318 if cs.on100 != nil { 8319 cs.on100() // forces any write delay timer to fire 8320 } 8321 } 8322 cs.pastHeaders = false // do it all again 8323 return nil, nil 8324 } 8325 8326 streamEnded := f.StreamEnded() 8327 isHead := cs.req.Method == "HEAD" 8328 if !streamEnded || isHead { 8329 res.ContentLength = -1 8330 if clens := res.Header["Content-Length"]; len(clens) == 1 { 8331 if clen64, err := strconv.ParseInt(clens[0], 10, 64); err == nil { 8332 res.ContentLength = clen64 8333 } else { 8334 // TODO: care? unlike http/1, it won't mess up our framing, so it's 8335 // more safe smuggling-wise to ignore. 8336 } 8337 } else if len(clens) > 1 { 8338 // TODO: care? unlike http/1, it won't mess up our framing, so it's 8339 // more safe smuggling-wise to ignore. 8340 } 8341 } 8342 8343 if streamEnded || isHead { 8344 res.Body = http2noBody 8345 return res, nil 8346 } 8347 8348 cs.bufPipe = http2pipe{b: &http2dataBuffer{expected: res.ContentLength}} 8349 cs.bytesRemain = res.ContentLength 8350 res.Body = http2transportResponseBody{cs} 8351 go cs.awaitRequestCancel(cs.req) 8352 8353 if cs.requestedGzip && res.Header.Get("Content-Encoding") == "gzip" { 8354 res.Header.Del("Content-Encoding") 8355 res.Header.Del("Content-Length") 8356 res.ContentLength = -1 8357 res.Body = &http2gzipReader{body: res.Body} 8358 res.Uncompressed = true 8359 } 8360 return res, nil 8361 } 8362 8363 func (rl *http2clientConnReadLoop) processTrailers(cs *http2clientStream, f *http2MetaHeadersFrame) error { 8364 if cs.pastTrailers { 8365 // Too many HEADERS frames for this stream. 8366 return http2ConnectionError(http2ErrCodeProtocol) 8367 } 8368 cs.pastTrailers = true 8369 if !f.StreamEnded() { 8370 // We expect that any headers for trailers also 8371 // has END_STREAM. 8372 return http2ConnectionError(http2ErrCodeProtocol) 8373 } 8374 if len(f.PseudoFields()) > 0 { 8375 // No pseudo header fields are defined for trailers. 8376 // TODO: ConnectionError might be overly harsh? Check. 8377 return http2ConnectionError(http2ErrCodeProtocol) 8378 } 8379 8380 trailer := make(Header) 8381 for _, hf := range f.RegularFields() { 8382 key := CanonicalHeaderKey(hf.Name) 8383 trailer[key] = append(trailer[key], hf.Value) 8384 } 8385 cs.trailer = trailer 8386 8387 rl.endStream(cs) 8388 return nil 8389 } 8390 8391 // transportResponseBody is the concrete type of Transport.RoundTrip's 8392 // Response.Body. It is an io.ReadCloser. On Read, it reads from cs.body. 8393 // On Close it sends RST_STREAM if EOF wasn't already seen. 8394 type http2transportResponseBody struct { 8395 cs *http2clientStream 8396 } 8397 8398 func (b http2transportResponseBody) Read(p []byte) (n int, err error) { 8399 cs := b.cs 8400 cc := cs.cc 8401 8402 if cs.readErr != nil { 8403 return 0, cs.readErr 8404 } 8405 n, err = b.cs.bufPipe.Read(p) 8406 if cs.bytesRemain != -1 { 8407 if int64(n) > cs.bytesRemain { 8408 n = int(cs.bytesRemain) 8409 if err == nil { 8410 err = errors.New("net/http: server replied with more than declared Content-Length; truncated") 8411 cc.writeStreamReset(cs.ID, http2ErrCodeProtocol, err) 8412 } 8413 cs.readErr = err 8414 return int(cs.bytesRemain), err 8415 } 8416 cs.bytesRemain -= int64(n) 8417 if err == io.EOF && cs.bytesRemain > 0 { 8418 err = io.ErrUnexpectedEOF 8419 cs.readErr = err 8420 return n, err 8421 } 8422 } 8423 if n == 0 { 8424 // No flow control tokens to send back. 8425 return 8426 } 8427 8428 cc.mu.Lock() 8429 defer cc.mu.Unlock() 8430 8431 var connAdd, streamAdd int32 8432 // Check the conn-level first, before the stream-level. 8433 if v := cc.inflow.available(); v < http2transportDefaultConnFlow/2 { 8434 connAdd = http2transportDefaultConnFlow - v 8435 cc.inflow.add(connAdd) 8436 } 8437 if err == nil { // No need to refresh if the stream is over or failed. 8438 // Consider any buffered body data (read from the conn but not 8439 // consumed by the client) when computing flow control for this 8440 // stream. 8441 v := int(cs.inflow.available()) + cs.bufPipe.Len() 8442 if v < http2transportDefaultStreamFlow-http2transportDefaultStreamMinRefresh { 8443 streamAdd = int32(http2transportDefaultStreamFlow - v) 8444 cs.inflow.add(streamAdd) 8445 } 8446 } 8447 if connAdd != 0 || streamAdd != 0 { 8448 cc.wmu.Lock() 8449 defer cc.wmu.Unlock() 8450 if connAdd != 0 { 8451 cc.fr.WriteWindowUpdate(0, http2mustUint31(connAdd)) 8452 } 8453 if streamAdd != 0 { 8454 cc.fr.WriteWindowUpdate(cs.ID, http2mustUint31(streamAdd)) 8455 } 8456 cc.bw.Flush() 8457 } 8458 return 8459 } 8460 8461 var http2errClosedResponseBody = errors.New("http2: response body closed") 8462 8463 func (b http2transportResponseBody) Close() error { 8464 cs := b.cs 8465 cc := cs.cc 8466 8467 serverSentStreamEnd := cs.bufPipe.Err() == io.EOF 8468 unread := cs.bufPipe.Len() 8469 8470 if unread > 0 || !serverSentStreamEnd { 8471 cc.mu.Lock() 8472 cc.wmu.Lock() 8473 if !serverSentStreamEnd { 8474 cc.fr.WriteRSTStream(cs.ID, http2ErrCodeCancel) 8475 cs.didReset = true 8476 } 8477 // Return connection-level flow control. 8478 if unread > 0 { 8479 cc.inflow.add(int32(unread)) 8480 cc.fr.WriteWindowUpdate(0, uint32(unread)) 8481 } 8482 cc.bw.Flush() 8483 cc.wmu.Unlock() 8484 cc.mu.Unlock() 8485 } 8486 8487 cs.bufPipe.BreakWithError(http2errClosedResponseBody) 8488 cc.forgetStreamID(cs.ID) 8489 return nil 8490 } 8491 8492 func (rl *http2clientConnReadLoop) processData(f *http2DataFrame) error { 8493 cc := rl.cc 8494 cs := cc.streamByID(f.StreamID, f.StreamEnded()) 8495 data := f.Data() 8496 if cs == nil { 8497 cc.mu.Lock() 8498 neverSent := cc.nextStreamID 8499 cc.mu.Unlock() 8500 if f.StreamID >= neverSent { 8501 // We never asked for this. 8502 cc.logf("http2: Transport received unsolicited DATA frame; closing connection") 8503 return http2ConnectionError(http2ErrCodeProtocol) 8504 } 8505 // We probably did ask for this, but canceled. Just ignore it. 8506 // TODO: be stricter here? only silently ignore things which 8507 // we canceled, but not things which were closed normally 8508 // by the peer? Tough without accumulating too much state. 8509 8510 // But at least return their flow control: 8511 if f.Length > 0 { 8512 cc.mu.Lock() 8513 cc.inflow.add(int32(f.Length)) 8514 cc.mu.Unlock() 8515 8516 cc.wmu.Lock() 8517 cc.fr.WriteWindowUpdate(0, uint32(f.Length)) 8518 cc.bw.Flush() 8519 cc.wmu.Unlock() 8520 } 8521 return nil 8522 } 8523 if !cs.firstByte { 8524 cc.logf("protocol error: received DATA before a HEADERS frame") 8525 rl.endStreamError(cs, http2StreamError{ 8526 StreamID: f.StreamID, 8527 Code: http2ErrCodeProtocol, 8528 }) 8529 return nil 8530 } 8531 if f.Length > 0 { 8532 if cs.req.Method == "HEAD" && len(data) > 0 { 8533 cc.logf("protocol error: received DATA on a HEAD request") 8534 rl.endStreamError(cs, http2StreamError{ 8535 StreamID: f.StreamID, 8536 Code: http2ErrCodeProtocol, 8537 }) 8538 return nil 8539 } 8540 // Check connection-level flow control. 8541 cc.mu.Lock() 8542 if cs.inflow.available() >= int32(f.Length) { 8543 cs.inflow.take(int32(f.Length)) 8544 } else { 8545 cc.mu.Unlock() 8546 return http2ConnectionError(http2ErrCodeFlowControl) 8547 } 8548 // Return any padded flow control now, since we won't 8549 // refund it later on body reads. 8550 var refund int 8551 if pad := int(f.Length) - len(data); pad > 0 { 8552 refund += pad 8553 } 8554 // Return len(data) now if the stream is already closed, 8555 // since data will never be read. 8556 didReset := cs.didReset 8557 if didReset { 8558 refund += len(data) 8559 } 8560 if refund > 0 { 8561 cc.inflow.add(int32(refund)) 8562 cc.wmu.Lock() 8563 cc.fr.WriteWindowUpdate(0, uint32(refund)) 8564 if !didReset { 8565 cs.inflow.add(int32(refund)) 8566 cc.fr.WriteWindowUpdate(cs.ID, uint32(refund)) 8567 } 8568 cc.bw.Flush() 8569 cc.wmu.Unlock() 8570 } 8571 cc.mu.Unlock() 8572 8573 if len(data) > 0 && !didReset { 8574 if _, err := cs.bufPipe.Write(data); err != nil { 8575 rl.endStreamError(cs, err) 8576 return err 8577 } 8578 } 8579 } 8580 8581 if f.StreamEnded() { 8582 rl.endStream(cs) 8583 } 8584 return nil 8585 } 8586 8587 var http2errInvalidTrailers = errors.New("http2: invalid trailers") 8588 8589 func (rl *http2clientConnReadLoop) endStream(cs *http2clientStream) { 8590 // TODO: check that any declared content-length matches, like 8591 // server.go's (*stream).endStream method. 8592 rl.endStreamError(cs, nil) 8593 } 8594 8595 func (rl *http2clientConnReadLoop) endStreamError(cs *http2clientStream, err error) { 8596 var code func() 8597 if err == nil { 8598 err = io.EOF 8599 code = cs.copyTrailers 8600 } 8601 if http2isConnectionCloseRequest(cs.req) { 8602 rl.closeWhenIdle = true 8603 } 8604 cs.bufPipe.closeWithErrorAndCode(err, code) 8605 8606 select { 8607 case cs.resc <- http2resAndError{err: err}: 8608 default: 8609 } 8610 } 8611 8612 func (cs *http2clientStream) copyTrailers() { 8613 for k, vv := range cs.trailer { 8614 t := cs.resTrailer 8615 if *t == nil { 8616 *t = make(Header) 8617 } 8618 (*t)[k] = vv 8619 } 8620 } 8621 8622 func (rl *http2clientConnReadLoop) processGoAway(f *http2GoAwayFrame) error { 8623 cc := rl.cc 8624 cc.t.connPool().MarkDead(cc) 8625 if f.ErrCode != 0 { 8626 // TODO: deal with GOAWAY more. particularly the error code 8627 cc.vlogf("transport got GOAWAY with error code = %v", f.ErrCode) 8628 } 8629 cc.setGoAway(f) 8630 return nil 8631 } 8632 8633 func (rl *http2clientConnReadLoop) processSettings(f *http2SettingsFrame) error { 8634 cc := rl.cc 8635 cc.mu.Lock() 8636 defer cc.mu.Unlock() 8637 8638 if f.IsAck() { 8639 if cc.wantSettingsAck { 8640 cc.wantSettingsAck = false 8641 return nil 8642 } 8643 return http2ConnectionError(http2ErrCodeProtocol) 8644 } 8645 8646 err := f.ForeachSetting(func(s http2Setting) error { 8647 switch s.ID { 8648 case http2SettingMaxFrameSize: 8649 cc.maxFrameSize = s.Val 8650 case http2SettingMaxConcurrentStreams: 8651 cc.maxConcurrentStreams = s.Val 8652 case http2SettingMaxHeaderListSize: 8653 cc.peerMaxHeaderListSize = uint64(s.Val) 8654 case http2SettingInitialWindowSize: 8655 // Values above the maximum flow-control 8656 // window size of 2^31-1 MUST be treated as a 8657 // connection error (Section 5.4.1) of type 8658 // FLOW_CONTROL_ERROR. 8659 if s.Val > math.MaxInt32 { 8660 return http2ConnectionError(http2ErrCodeFlowControl) 8661 } 8662 8663 // Adjust flow control of currently-open 8664 // frames by the difference of the old initial 8665 // window size and this one. 8666 delta := int32(s.Val) - int32(cc.initialWindowSize) 8667 for _, cs := range cc.streams { 8668 cs.flow.add(delta) 8669 } 8670 cc.cond.Broadcast() 8671 8672 cc.initialWindowSize = s.Val 8673 default: 8674 // TODO(bradfitz): handle more settings? SETTINGS_HEADER_TABLE_SIZE probably. 8675 cc.vlogf("Unhandled Setting: %v", s) 8676 } 8677 return nil 8678 }) 8679 if err != nil { 8680 return err 8681 } 8682 8683 cc.wmu.Lock() 8684 defer cc.wmu.Unlock() 8685 8686 cc.fr.WriteSettingsAck() 8687 cc.bw.Flush() 8688 return cc.werr 8689 } 8690 8691 func (rl *http2clientConnReadLoop) processWindowUpdate(f *http2WindowUpdateFrame) error { 8692 cc := rl.cc 8693 cs := cc.streamByID(f.StreamID, false) 8694 if f.StreamID != 0 && cs == nil { 8695 return nil 8696 } 8697 8698 cc.mu.Lock() 8699 defer cc.mu.Unlock() 8700 8701 fl := &cc.flow 8702 if cs != nil { 8703 fl = &cs.flow 8704 } 8705 if !fl.add(int32(f.Increment)) { 8706 return http2ConnectionError(http2ErrCodeFlowControl) 8707 } 8708 cc.cond.Broadcast() 8709 return nil 8710 } 8711 8712 func (rl *http2clientConnReadLoop) processResetStream(f *http2RSTStreamFrame) error { 8713 cs := rl.cc.streamByID(f.StreamID, true) 8714 if cs == nil { 8715 // TODO: return error if server tries to RST_STEAM an idle stream 8716 return nil 8717 } 8718 select { 8719 case <-cs.peerReset: 8720 // Already reset. 8721 // This is the only goroutine 8722 // which closes this, so there 8723 // isn't a race. 8724 default: 8725 err := http2streamError(cs.ID, f.ErrCode) 8726 cs.resetErr = err 8727 close(cs.peerReset) 8728 cs.bufPipe.CloseWithError(err) 8729 cs.cc.cond.Broadcast() // wake up checkResetOrDone via clientStream.awaitFlowControl 8730 } 8731 return nil 8732 } 8733 8734 // Ping sends a PING frame to the server and waits for the ack. 8735 func (cc *http2ClientConn) Ping(ctx context.Context) error { 8736 c := make(chan struct{}) 8737 // Generate a random payload 8738 var p [8]byte 8739 for { 8740 if _, err := rand.Read(p[:]); err != nil { 8741 return err 8742 } 8743 cc.mu.Lock() 8744 // check for dup before insert 8745 if _, found := cc.pings[p]; !found { 8746 cc.pings[p] = c 8747 cc.mu.Unlock() 8748 break 8749 } 8750 cc.mu.Unlock() 8751 } 8752 cc.wmu.Lock() 8753 if err := cc.fr.WritePing(false, p); err != nil { 8754 cc.wmu.Unlock() 8755 return err 8756 } 8757 if err := cc.bw.Flush(); err != nil { 8758 cc.wmu.Unlock() 8759 return err 8760 } 8761 cc.wmu.Unlock() 8762 select { 8763 case <-c: 8764 return nil 8765 case <-ctx.Done(): 8766 return ctx.Err() 8767 case <-cc.readerDone: 8768 // connection closed 8769 return cc.readerErr 8770 } 8771 } 8772 8773 func (rl *http2clientConnReadLoop) processPing(f *http2PingFrame) error { 8774 if f.IsAck() { 8775 cc := rl.cc 8776 cc.mu.Lock() 8777 defer cc.mu.Unlock() 8778 // If ack, notify listener if any 8779 if c, ok := cc.pings[f.Data]; ok { 8780 close(c) 8781 delete(cc.pings, f.Data) 8782 } 8783 return nil 8784 } 8785 cc := rl.cc 8786 cc.wmu.Lock() 8787 defer cc.wmu.Unlock() 8788 if err := cc.fr.WritePing(true, f.Data); err != nil { 8789 return err 8790 } 8791 return cc.bw.Flush() 8792 } 8793 8794 func (rl *http2clientConnReadLoop) processPushPromise(f *http2PushPromiseFrame) error { 8795 // We told the peer we don't want them. 8796 // Spec says: 8797 // "PUSH_PROMISE MUST NOT be sent if the SETTINGS_ENABLE_PUSH 8798 // setting of the peer endpoint is set to 0. An endpoint that 8799 // has set this setting and has received acknowledgement MUST 8800 // treat the receipt of a PUSH_PROMISE frame as a connection 8801 // error (Section 5.4.1) of type PROTOCOL_ERROR." 8802 return http2ConnectionError(http2ErrCodeProtocol) 8803 } 8804 8805 func (cc *http2ClientConn) writeStreamReset(streamID uint32, code http2ErrCode, err error) { 8806 // TODO: map err to more interesting error codes, once the 8807 // HTTP community comes up with some. But currently for 8808 // RST_STREAM there's no equivalent to GOAWAY frame's debug 8809 // data, and the error codes are all pretty vague ("cancel"). 8810 cc.wmu.Lock() 8811 cc.fr.WriteRSTStream(streamID, code) 8812 cc.bw.Flush() 8813 cc.wmu.Unlock() 8814 } 8815 8816 var ( 8817 http2errResponseHeaderListSize = errors.New("http2: response header list larger than advertised limit") 8818 http2errRequestHeaderListSize = errors.New("http2: request header list larger than peer's advertised limit") 8819 http2errPseudoTrailers = errors.New("http2: invalid pseudo header in trailers") 8820 ) 8821 8822 func (cc *http2ClientConn) logf(format string, args ...interface{}) { 8823 cc.t.logf(format, args...) 8824 } 8825 8826 func (cc *http2ClientConn) vlogf(format string, args ...interface{}) { 8827 cc.t.vlogf(format, args...) 8828 } 8829 8830 func (t *http2Transport) vlogf(format string, args ...interface{}) { 8831 if http2VerboseLogs { 8832 t.logf(format, args...) 8833 } 8834 } 8835 8836 func (t *http2Transport) logf(format string, args ...interface{}) { 8837 log.Printf(format, args...) 8838 } 8839 8840 var http2noBody io.ReadCloser = ioutil.NopCloser(bytes.NewReader(nil)) 8841 8842 func http2strSliceContains(ss []string, s string) bool { 8843 for _, v := range ss { 8844 if v == s { 8845 return true 8846 } 8847 } 8848 return false 8849 } 8850 8851 type http2erringRoundTripper struct{ err error } 8852 8853 func (rt http2erringRoundTripper) RoundTrip(*Request) (*Response, error) { return nil, rt.err } 8854 8855 // gzipReader wraps a response body so it can lazily 8856 // call gzip.NewReader on the first call to Read 8857 type http2gzipReader struct { 8858 body io.ReadCloser // underlying Response.Body 8859 zr *gzip.Reader // lazily-initialized gzip reader 8860 zerr error // sticky error 8861 } 8862 8863 func (gz *http2gzipReader) Read(p []byte) (n int, err error) { 8864 if gz.zerr != nil { 8865 return 0, gz.zerr 8866 } 8867 if gz.zr == nil { 8868 gz.zr, err = gzip.NewReader(gz.body) 8869 if err != nil { 8870 gz.zerr = err 8871 return 0, err 8872 } 8873 } 8874 return gz.zr.Read(p) 8875 } 8876 8877 func (gz *http2gzipReader) Close() error { 8878 return gz.body.Close() 8879 } 8880 8881 type http2errorReader struct{ err error } 8882 8883 func (r http2errorReader) Read(p []byte) (int, error) { return 0, r.err } 8884 8885 // bodyWriterState encapsulates various state around the Transport's writing 8886 // of the request body, particularly regarding doing delayed writes of the body 8887 // when the request contains "Expect: 100-continue". 8888 type http2bodyWriterState struct { 8889 cs *http2clientStream 8890 timer *time.Timer // if non-nil, we're doing a delayed write 8891 fnonce *sync.Once // to call fn with 8892 fn func() // the code to run in the goroutine, writing the body 8893 resc chan error // result of fn's execution 8894 delay time.Duration // how long we should delay a delayed write for 8895 } 8896 8897 func (t *http2Transport) getBodyWriterState(cs *http2clientStream, body io.Reader) (s http2bodyWriterState) { 8898 s.cs = cs 8899 if body == nil { 8900 return 8901 } 8902 resc := make(chan error, 1) 8903 s.resc = resc 8904 s.fn = func() { 8905 cs.cc.mu.Lock() 8906 cs.startedWrite = true 8907 cs.cc.mu.Unlock() 8908 resc <- cs.writeRequestBody(body, cs.req.Body) 8909 } 8910 s.delay = t.expectContinueTimeout() 8911 if s.delay == 0 || 8912 !httpguts.HeaderValuesContainsToken( 8913 cs.req.Header["Expect"], 8914 "100-continue") { 8915 return 8916 } 8917 s.fnonce = new(sync.Once) 8918 8919 // Arm the timer with a very large duration, which we'll 8920 // intentionally lower later. It has to be large now because 8921 // we need a handle to it before writing the headers, but the 8922 // s.delay value is defined to not start until after the 8923 // request headers were written. 8924 const hugeDuration = 365 * 24 * time.Hour 8925 s.timer = time.AfterFunc(hugeDuration, func() { 8926 s.fnonce.Do(s.fn) 8927 }) 8928 return 8929 } 8930 8931 func (s http2bodyWriterState) cancel() { 8932 if s.timer != nil { 8933 s.timer.Stop() 8934 } 8935 } 8936 8937 func (s http2bodyWriterState) on100() { 8938 if s.timer == nil { 8939 // If we didn't do a delayed write, ignore the server's 8940 // bogus 100 continue response. 8941 return 8942 } 8943 s.timer.Stop() 8944 go func() { s.fnonce.Do(s.fn) }() 8945 } 8946 8947 // scheduleBodyWrite starts writing the body, either immediately (in 8948 // the common case) or after the delay timeout. It should not be 8949 // called until after the headers have been written. 8950 func (s http2bodyWriterState) scheduleBodyWrite() { 8951 if s.timer == nil { 8952 // We're not doing a delayed write (see 8953 // getBodyWriterState), so just start the writing 8954 // goroutine immediately. 8955 go s.fn() 8956 return 8957 } 8958 http2traceWait100Continue(s.cs.trace) 8959 if s.timer.Stop() { 8960 s.timer.Reset(s.delay) 8961 } 8962 } 8963 8964 // isConnectionCloseRequest reports whether req should use its own 8965 // connection for a single request and then close the connection. 8966 func http2isConnectionCloseRequest(req *Request) bool { 8967 return req.Close || httpguts.HeaderValuesContainsToken(req.Header["Connection"], "close") 8968 } 8969 8970 // registerHTTPSProtocol calls Transport.RegisterProtocol but 8971 // converting panics into errors. 8972 func http2registerHTTPSProtocol(t *Transport, rt http2noDialH2RoundTripper) (err error) { 8973 defer func() { 8974 if e := recover(); e != nil { 8975 err = fmt.Errorf("%v", e) 8976 } 8977 }() 8978 t.RegisterProtocol("https", rt) 8979 return nil 8980 } 8981 8982 // noDialH2RoundTripper is a RoundTripper which only tries to complete the request 8983 // if there's already has a cached connection to the host. 8984 // (The field is exported so it can be accessed via reflect from net/http; tested 8985 // by TestNoDialH2RoundTripperType) 8986 type http2noDialH2RoundTripper struct{ *http2Transport } 8987 8988 func (rt http2noDialH2RoundTripper) RoundTrip(req *Request) (*Response, error) { 8989 res, err := rt.http2Transport.RoundTrip(req) 8990 if http2isNoCachedConnError(err) { 8991 return nil, ErrSkipAltProtocol 8992 } 8993 return res, err 8994 } 8995 8996 func (t *http2Transport) idleConnTimeout() time.Duration { 8997 if t.t1 != nil { 8998 return t.t1.IdleConnTimeout 8999 } 9000 return 0 9001 } 9002 9003 func http2traceGetConn(req *Request, hostPort string) { 9004 trace := httptrace.ContextClientTrace(req.Context()) 9005 if trace == nil || trace.GetConn == nil { 9006 return 9007 } 9008 trace.GetConn(hostPort) 9009 } 9010 9011 func http2traceGotConn(req *Request, cc *http2ClientConn) { 9012 trace := httptrace.ContextClientTrace(req.Context()) 9013 if trace == nil || trace.GotConn == nil { 9014 return 9015 } 9016 ci := httptrace.GotConnInfo{Conn: cc.tconn} 9017 cc.mu.Lock() 9018 ci.Reused = cc.nextStreamID > 1 9019 ci.WasIdle = len(cc.streams) == 0 && ci.Reused 9020 if ci.WasIdle && !cc.lastActive.IsZero() { 9021 ci.IdleTime = time.Now().Sub(cc.lastActive) 9022 } 9023 cc.mu.Unlock() 9024 9025 trace.GotConn(ci) 9026 } 9027 9028 func http2traceWroteHeaders(trace *httptrace.ClientTrace) { 9029 if trace != nil && trace.WroteHeaders != nil { 9030 trace.WroteHeaders() 9031 } 9032 } 9033 9034 func http2traceGot100Continue(trace *httptrace.ClientTrace) { 9035 if trace != nil && trace.Got100Continue != nil { 9036 trace.Got100Continue() 9037 } 9038 } 9039 9040 func http2traceWait100Continue(trace *httptrace.ClientTrace) { 9041 if trace != nil && trace.Wait100Continue != nil { 9042 trace.Wait100Continue() 9043 } 9044 } 9045 9046 func http2traceWroteRequest(trace *httptrace.ClientTrace, err error) { 9047 if trace != nil && trace.WroteRequest != nil { 9048 trace.WroteRequest(httptrace.WroteRequestInfo{Err: err}) 9049 } 9050 } 9051 9052 func http2traceFirstResponseByte(trace *httptrace.ClientTrace) { 9053 if trace != nil && trace.GotFirstResponseByte != nil { 9054 trace.GotFirstResponseByte() 9055 } 9056 } 9057 9058 // writeFramer is implemented by any type that is used to write frames. 9059 type http2writeFramer interface { 9060 writeFrame(http2writeContext) error 9061 9062 // staysWithinBuffer reports whether this writer promises that 9063 // it will only write less than or equal to size bytes, and it 9064 // won't Flush the write context. 9065 staysWithinBuffer(size int) bool 9066 } 9067 9068 // writeContext is the interface needed by the various frame writer 9069 // types below. All the writeFrame methods below are scheduled via the 9070 // frame writing scheduler (see writeScheduler in writesched.go). 9071 // 9072 // This interface is implemented by *serverConn. 9073 // 9074 // TODO: decide whether to a) use this in the client code (which didn't 9075 // end up using this yet, because it has a simpler design, not 9076 // currently implementing priorities), or b) delete this and 9077 // make the server code a bit more concrete. 9078 type http2writeContext interface { 9079 Framer() *http2Framer 9080 Flush() error 9081 CloseConn() error 9082 // HeaderEncoder returns an HPACK encoder that writes to the 9083 // returned buffer. 9084 HeaderEncoder() (*hpack.Encoder, *bytes.Buffer) 9085 } 9086 9087 // writeEndsStream reports whether w writes a frame that will transition 9088 // the stream to a half-closed local state. This returns false for RST_STREAM, 9089 // which closes the entire stream (not just the local half). 9090 func http2writeEndsStream(w http2writeFramer) bool { 9091 switch v := w.(type) { 9092 case *http2writeData: 9093 return v.endStream 9094 case *http2writeResHeaders: 9095 return v.endStream 9096 case nil: 9097 // This can only happen if the caller reuses w after it's 9098 // been intentionally nil'ed out to prevent use. Keep this 9099 // here to catch future refactoring breaking it. 9100 panic("writeEndsStream called on nil writeFramer") 9101 } 9102 return false 9103 } 9104 9105 type http2flushFrameWriter struct{} 9106 9107 func (http2flushFrameWriter) writeFrame(ctx http2writeContext) error { 9108 return ctx.Flush() 9109 } 9110 9111 func (http2flushFrameWriter) staysWithinBuffer(max int) bool { return false } 9112 9113 type http2writeSettings []http2Setting 9114 9115 func (s http2writeSettings) staysWithinBuffer(max int) bool { 9116 const settingSize = 6 // uint16 + uint32 9117 return http2frameHeaderLen+settingSize*len(s) <= max 9118 9119 } 9120 9121 func (s http2writeSettings) writeFrame(ctx http2writeContext) error { 9122 return ctx.Framer().WriteSettings([]http2Setting(s)...) 9123 } 9124 9125 type http2writeGoAway struct { 9126 maxStreamID uint32 9127 code http2ErrCode 9128 } 9129 9130 func (p *http2writeGoAway) writeFrame(ctx http2writeContext) error { 9131 err := ctx.Framer().WriteGoAway(p.maxStreamID, p.code, nil) 9132 ctx.Flush() // ignore error: we're hanging up on them anyway 9133 return err 9134 } 9135 9136 func (*http2writeGoAway) staysWithinBuffer(max int) bool { return false } // flushes 9137 9138 type http2writeData struct { 9139 streamID uint32 9140 p []byte 9141 endStream bool 9142 } 9143 9144 func (w *http2writeData) String() string { 9145 return fmt.Sprintf("writeData(stream=%d, p=%d, endStream=%v)", w.streamID, len(w.p), w.endStream) 9146 } 9147 9148 func (w *http2writeData) writeFrame(ctx http2writeContext) error { 9149 return ctx.Framer().WriteData(w.streamID, w.endStream, w.p) 9150 } 9151 9152 func (w *http2writeData) staysWithinBuffer(max int) bool { 9153 return http2frameHeaderLen+len(w.p) <= max 9154 } 9155 9156 // handlerPanicRST is the message sent from handler goroutines when 9157 // the handler panics. 9158 type http2handlerPanicRST struct { 9159 StreamID uint32 9160 } 9161 9162 func (hp http2handlerPanicRST) writeFrame(ctx http2writeContext) error { 9163 return ctx.Framer().WriteRSTStream(hp.StreamID, http2ErrCodeInternal) 9164 } 9165 9166 func (hp http2handlerPanicRST) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max } 9167 9168 func (se http2StreamError) writeFrame(ctx http2writeContext) error { 9169 return ctx.Framer().WriteRSTStream(se.StreamID, se.Code) 9170 } 9171 9172 func (se http2StreamError) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max } 9173 9174 type http2writePingAck struct{ pf *http2PingFrame } 9175 9176 func (w http2writePingAck) writeFrame(ctx http2writeContext) error { 9177 return ctx.Framer().WritePing(true, w.pf.Data) 9178 } 9179 9180 func (w http2writePingAck) staysWithinBuffer(max int) bool { 9181 return http2frameHeaderLen+len(w.pf.Data) <= max 9182 } 9183 9184 type http2writeSettingsAck struct{} 9185 9186 func (http2writeSettingsAck) writeFrame(ctx http2writeContext) error { 9187 return ctx.Framer().WriteSettingsAck() 9188 } 9189 9190 func (http2writeSettingsAck) staysWithinBuffer(max int) bool { return http2frameHeaderLen <= max } 9191 9192 // splitHeaderBlock splits headerBlock into fragments so that each fragment fits 9193 // in a single frame, then calls fn for each fragment. firstFrag/lastFrag are true 9194 // for the first/last fragment, respectively. 9195 func http2splitHeaderBlock(ctx http2writeContext, headerBlock []byte, fn func(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error) error { 9196 // For now we're lazy and just pick the minimum MAX_FRAME_SIZE 9197 // that all peers must support (16KB). Later we could care 9198 // more and send larger frames if the peer advertised it, but 9199 // there's little point. Most headers are small anyway (so we 9200 // generally won't have CONTINUATION frames), and extra frames 9201 // only waste 9 bytes anyway. 9202 const maxFrameSize = 16384 9203 9204 first := true 9205 for len(headerBlock) > 0 { 9206 frag := headerBlock 9207 if len(frag) > maxFrameSize { 9208 frag = frag[:maxFrameSize] 9209 } 9210 headerBlock = headerBlock[len(frag):] 9211 if err := fn(ctx, frag, first, len(headerBlock) == 0); err != nil { 9212 return err 9213 } 9214 first = false 9215 } 9216 return nil 9217 } 9218 9219 // writeResHeaders is a request to write a HEADERS and 0+ CONTINUATION frames 9220 // for HTTP response headers or trailers from a server handler. 9221 type http2writeResHeaders struct { 9222 streamID uint32 9223 httpResCode int // 0 means no ":status" line 9224 h Header // may be nil 9225 trailers []string // if non-nil, which keys of h to write. nil means all. 9226 endStream bool 9227 9228 date string 9229 contentType string 9230 contentLength string 9231 } 9232 9233 func http2encKV(enc *hpack.Encoder, k, v string) { 9234 if http2VerboseLogs { 9235 log.Printf("http2: server encoding header %q = %q", k, v) 9236 } 9237 enc.WriteField(hpack.HeaderField{Name: k, Value: v}) 9238 } 9239 9240 func (w *http2writeResHeaders) staysWithinBuffer(max int) bool { 9241 // TODO: this is a common one. It'd be nice to return true 9242 // here and get into the fast path if we could be clever and 9243 // calculate the size fast enough, or at least a conservative 9244 // upper bound that usually fires. (Maybe if w.h and 9245 // w.trailers are nil, so we don't need to enumerate it.) 9246 // Otherwise I'm afraid that just calculating the length to 9247 // answer this question would be slower than the ~2µs benefit. 9248 return false 9249 } 9250 9251 func (w *http2writeResHeaders) writeFrame(ctx http2writeContext) error { 9252 enc, buf := ctx.HeaderEncoder() 9253 buf.Reset() 9254 9255 if w.httpResCode != 0 { 9256 http2encKV(enc, ":status", http2httpCodeString(w.httpResCode)) 9257 } 9258 9259 http2encodeHeaders(enc, w.h, w.trailers) 9260 9261 if w.contentType != "" { 9262 http2encKV(enc, "content-type", w.contentType) 9263 } 9264 if w.contentLength != "" { 9265 http2encKV(enc, "content-length", w.contentLength) 9266 } 9267 if w.date != "" { 9268 http2encKV(enc, "date", w.date) 9269 } 9270 9271 headerBlock := buf.Bytes() 9272 if len(headerBlock) == 0 && w.trailers == nil { 9273 panic("unexpected empty hpack") 9274 } 9275 9276 return http2splitHeaderBlock(ctx, headerBlock, w.writeHeaderBlock) 9277 } 9278 9279 func (w *http2writeResHeaders) writeHeaderBlock(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error { 9280 if firstFrag { 9281 return ctx.Framer().WriteHeaders(http2HeadersFrameParam{ 9282 StreamID: w.streamID, 9283 BlockFragment: frag, 9284 EndStream: w.endStream, 9285 EndHeaders: lastFrag, 9286 }) 9287 } else { 9288 return ctx.Framer().WriteContinuation(w.streamID, lastFrag, frag) 9289 } 9290 } 9291 9292 // writePushPromise is a request to write a PUSH_PROMISE and 0+ CONTINUATION frames. 9293 type http2writePushPromise struct { 9294 streamID uint32 // pusher stream 9295 method string // for :method 9296 url *url.URL // for :scheme, :authority, :path 9297 h Header 9298 9299 // Creates an ID for a pushed stream. This runs on serveG just before 9300 // the frame is written. The returned ID is copied to promisedID. 9301 allocatePromisedID func() (uint32, error) 9302 promisedID uint32 9303 } 9304 9305 func (w *http2writePushPromise) staysWithinBuffer(max int) bool { 9306 // TODO: see writeResHeaders.staysWithinBuffer 9307 return false 9308 } 9309 9310 func (w *http2writePushPromise) writeFrame(ctx http2writeContext) error { 9311 enc, buf := ctx.HeaderEncoder() 9312 buf.Reset() 9313 9314 http2encKV(enc, ":method", w.method) 9315 http2encKV(enc, ":scheme", w.url.Scheme) 9316 http2encKV(enc, ":authority", w.url.Host) 9317 http2encKV(enc, ":path", w.url.RequestURI()) 9318 http2encodeHeaders(enc, w.h, nil) 9319 9320 headerBlock := buf.Bytes() 9321 if len(headerBlock) == 0 { 9322 panic("unexpected empty hpack") 9323 } 9324 9325 return http2splitHeaderBlock(ctx, headerBlock, w.writeHeaderBlock) 9326 } 9327 9328 func (w *http2writePushPromise) writeHeaderBlock(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error { 9329 if firstFrag { 9330 return ctx.Framer().WritePushPromise(http2PushPromiseParam{ 9331 StreamID: w.streamID, 9332 PromiseID: w.promisedID, 9333 BlockFragment: frag, 9334 EndHeaders: lastFrag, 9335 }) 9336 } else { 9337 return ctx.Framer().WriteContinuation(w.streamID, lastFrag, frag) 9338 } 9339 } 9340 9341 type http2write100ContinueHeadersFrame struct { 9342 streamID uint32 9343 } 9344 9345 func (w http2write100ContinueHeadersFrame) writeFrame(ctx http2writeContext) error { 9346 enc, buf := ctx.HeaderEncoder() 9347 buf.Reset() 9348 http2encKV(enc, ":status", "100") 9349 return ctx.Framer().WriteHeaders(http2HeadersFrameParam{ 9350 StreamID: w.streamID, 9351 BlockFragment: buf.Bytes(), 9352 EndStream: false, 9353 EndHeaders: true, 9354 }) 9355 } 9356 9357 func (w http2write100ContinueHeadersFrame) staysWithinBuffer(max int) bool { 9358 // Sloppy but conservative: 9359 return 9+2*(len(":status")+len("100")) <= max 9360 } 9361 9362 type http2writeWindowUpdate struct { 9363 streamID uint32 // or 0 for conn-level 9364 n uint32 9365 } 9366 9367 func (wu http2writeWindowUpdate) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max } 9368 9369 func (wu http2writeWindowUpdate) writeFrame(ctx http2writeContext) error { 9370 return ctx.Framer().WriteWindowUpdate(wu.streamID, wu.n) 9371 } 9372 9373 // encodeHeaders encodes an http.Header. If keys is not nil, then (k, h[k]) 9374 // is encoded only if k is in keys. 9375 func http2encodeHeaders(enc *hpack.Encoder, h Header, keys []string) { 9376 if keys == nil { 9377 sorter := http2sorterPool.Get().(*http2sorter) 9378 // Using defer here, since the returned keys from the 9379 // sorter.Keys method is only valid until the sorter 9380 // is returned: 9381 defer http2sorterPool.Put(sorter) 9382 keys = sorter.Keys(h) 9383 } 9384 for _, k := range keys { 9385 vv := h[k] 9386 k = http2lowerHeader(k) 9387 if !http2validWireHeaderFieldName(k) { 9388 // Skip it as backup paranoia. Per 9389 // golang.org/issue/14048, these should 9390 // already be rejected at a higher level. 9391 continue 9392 } 9393 isTE := k == "transfer-encoding" 9394 for _, v := range vv { 9395 if !httpguts.ValidHeaderFieldValue(v) { 9396 // TODO: return an error? golang.org/issue/14048 9397 // For now just omit it. 9398 continue 9399 } 9400 // TODO: more of "8.1.2.2 Connection-Specific Header Fields" 9401 if isTE && v != "trailers" { 9402 continue 9403 } 9404 http2encKV(enc, k, v) 9405 } 9406 } 9407 } 9408 9409 // WriteScheduler is the interface implemented by HTTP/2 write schedulers. 9410 // Methods are never called concurrently. 9411 type http2WriteScheduler interface { 9412 // OpenStream opens a new stream in the write scheduler. 9413 // It is illegal to call this with streamID=0 or with a streamID that is 9414 // already open -- the call may panic. 9415 OpenStream(streamID uint32, options http2OpenStreamOptions) 9416 9417 // CloseStream closes a stream in the write scheduler. Any frames queued on 9418 // this stream should be discarded. It is illegal to call this on a stream 9419 // that is not open -- the call may panic. 9420 CloseStream(streamID uint32) 9421 9422 // AdjustStream adjusts the priority of the given stream. This may be called 9423 // on a stream that has not yet been opened or has been closed. Note that 9424 // RFC 7540 allows PRIORITY frames to be sent on streams in any state. See: 9425 // https://tools.ietf.org/html/rfc7540#section-5.1 9426 AdjustStream(streamID uint32, priority http2PriorityParam) 9427 9428 // Push queues a frame in the scheduler. In most cases, this will not be 9429 // called with wr.StreamID()!=0 unless that stream is currently open. The one 9430 // exception is RST_STREAM frames, which may be sent on idle or closed streams. 9431 Push(wr http2FrameWriteRequest) 9432 9433 // Pop dequeues the next frame to write. Returns false if no frames can 9434 // be written. Frames with a given wr.StreamID() are Pop'd in the same 9435 // order they are Push'd. No frames should be discarded except by CloseStream. 9436 Pop() (wr http2FrameWriteRequest, ok bool) 9437 } 9438 9439 // OpenStreamOptions specifies extra options for WriteScheduler.OpenStream. 9440 type http2OpenStreamOptions struct { 9441 // PusherID is zero if the stream was initiated by the client. Otherwise, 9442 // PusherID names the stream that pushed the newly opened stream. 9443 PusherID uint32 9444 } 9445 9446 // FrameWriteRequest is a request to write a frame. 9447 type http2FrameWriteRequest struct { 9448 // write is the interface value that does the writing, once the 9449 // WriteScheduler has selected this frame to write. The write 9450 // functions are all defined in write.go. 9451 write http2writeFramer 9452 9453 // stream is the stream on which this frame will be written. 9454 // nil for non-stream frames like PING and SETTINGS. 9455 stream *http2stream 9456 9457 // done, if non-nil, must be a buffered channel with space for 9458 // 1 message and is sent the return value from write (or an 9459 // earlier error) when the frame has been written. 9460 done chan error 9461 } 9462 9463 // StreamID returns the id of the stream this frame will be written to. 9464 // 0 is used for non-stream frames such as PING and SETTINGS. 9465 func (wr http2FrameWriteRequest) StreamID() uint32 { 9466 if wr.stream == nil { 9467 if se, ok := wr.write.(http2StreamError); ok { 9468 // (*serverConn).resetStream doesn't set 9469 // stream because it doesn't necessarily have 9470 // one. So special case this type of write 9471 // message. 9472 return se.StreamID 9473 } 9474 return 0 9475 } 9476 return wr.stream.id 9477 } 9478 9479 // isControl reports whether wr is a control frame for MaxQueuedControlFrames 9480 // purposes. That includes non-stream frames and RST_STREAM frames. 9481 func (wr http2FrameWriteRequest) isControl() bool { 9482 return wr.stream == nil 9483 } 9484 9485 // DataSize returns the number of flow control bytes that must be consumed 9486 // to write this entire frame. This is 0 for non-DATA frames. 9487 func (wr http2FrameWriteRequest) DataSize() int { 9488 if wd, ok := wr.write.(*http2writeData); ok { 9489 return len(wd.p) 9490 } 9491 return 0 9492 } 9493 9494 // Consume consumes min(n, available) bytes from this frame, where available 9495 // is the number of flow control bytes available on the stream. Consume returns 9496 // 0, 1, or 2 frames, where the integer return value gives the number of frames 9497 // returned. 9498 // 9499 // If flow control prevents consuming any bytes, this returns (_, _, 0). If 9500 // the entire frame was consumed, this returns (wr, _, 1). Otherwise, this 9501 // returns (consumed, rest, 2), where 'consumed' contains the consumed bytes and 9502 // 'rest' contains the remaining bytes. The consumed bytes are deducted from the 9503 // underlying stream's flow control budget. 9504 func (wr http2FrameWriteRequest) Consume(n int32) (http2FrameWriteRequest, http2FrameWriteRequest, int) { 9505 var empty http2FrameWriteRequest 9506 9507 // Non-DATA frames are always consumed whole. 9508 wd, ok := wr.write.(*http2writeData) 9509 if !ok || len(wd.p) == 0 { 9510 return wr, empty, 1 9511 } 9512 9513 // Might need to split after applying limits. 9514 allowed := wr.stream.flow.available() 9515 if n < allowed { 9516 allowed = n 9517 } 9518 if wr.stream.sc.maxFrameSize < allowed { 9519 allowed = wr.stream.sc.maxFrameSize 9520 } 9521 if allowed <= 0 { 9522 return empty, empty, 0 9523 } 9524 if len(wd.p) > int(allowed) { 9525 wr.stream.flow.take(allowed) 9526 consumed := http2FrameWriteRequest{ 9527 stream: wr.stream, 9528 write: &http2writeData{ 9529 streamID: wd.streamID, 9530 p: wd.p[:allowed], 9531 // Even if the original had endStream set, there 9532 // are bytes remaining because len(wd.p) > allowed, 9533 // so we know endStream is false. 9534 endStream: false, 9535 }, 9536 // Our caller is blocking on the final DATA frame, not 9537 // this intermediate frame, so no need to wait. 9538 done: nil, 9539 } 9540 rest := http2FrameWriteRequest{ 9541 stream: wr.stream, 9542 write: &http2writeData{ 9543 streamID: wd.streamID, 9544 p: wd.p[allowed:], 9545 endStream: wd.endStream, 9546 }, 9547 done: wr.done, 9548 } 9549 return consumed, rest, 2 9550 } 9551 9552 // The frame is consumed whole. 9553 // NB: This cast cannot overflow because allowed is <= math.MaxInt32. 9554 wr.stream.flow.take(int32(len(wd.p))) 9555 return wr, empty, 1 9556 } 9557 9558 // String is for debugging only. 9559 func (wr http2FrameWriteRequest) String() string { 9560 var des string 9561 if s, ok := wr.write.(fmt.Stringer); ok { 9562 des = s.String() 9563 } else { 9564 des = fmt.Sprintf("%T", wr.write) 9565 } 9566 return fmt.Sprintf("[FrameWriteRequest stream=%d, ch=%v, writer=%v]", wr.StreamID(), wr.done != nil, des) 9567 } 9568 9569 // replyToWriter sends err to wr.done and panics if the send must block 9570 // This does nothing if wr.done is nil. 9571 func (wr *http2FrameWriteRequest) replyToWriter(err error) { 9572 if wr.done == nil { 9573 return 9574 } 9575 select { 9576 case wr.done <- err: 9577 default: 9578 panic(fmt.Sprintf("unbuffered done channel passed in for type %T", wr.write)) 9579 } 9580 wr.write = nil // prevent use (assume it's tainted after wr.done send) 9581 } 9582 9583 // writeQueue is used by implementations of WriteScheduler. 9584 type http2writeQueue struct { 9585 s []http2FrameWriteRequest 9586 } 9587 9588 func (q *http2writeQueue) empty() bool { return len(q.s) == 0 } 9589 9590 func (q *http2writeQueue) push(wr http2FrameWriteRequest) { 9591 q.s = append(q.s, wr) 9592 } 9593 9594 func (q *http2writeQueue) shift() http2FrameWriteRequest { 9595 if len(q.s) == 0 { 9596 panic("invalid use of queue") 9597 } 9598 wr := q.s[0] 9599 // TODO: less copy-happy queue. 9600 copy(q.s, q.s[1:]) 9601 q.s[len(q.s)-1] = http2FrameWriteRequest{} 9602 q.s = q.s[:len(q.s)-1] 9603 return wr 9604 } 9605 9606 // consume consumes up to n bytes from q.s[0]. If the frame is 9607 // entirely consumed, it is removed from the queue. If the frame 9608 // is partially consumed, the frame is kept with the consumed 9609 // bytes removed. Returns true iff any bytes were consumed. 9610 func (q *http2writeQueue) consume(n int32) (http2FrameWriteRequest, bool) { 9611 if len(q.s) == 0 { 9612 return http2FrameWriteRequest{}, false 9613 } 9614 consumed, rest, numresult := q.s[0].Consume(n) 9615 switch numresult { 9616 case 0: 9617 return http2FrameWriteRequest{}, false 9618 case 1: 9619 q.shift() 9620 case 2: 9621 q.s[0] = rest 9622 } 9623 return consumed, true 9624 } 9625 9626 type http2writeQueuePool []*http2writeQueue 9627 9628 // put inserts an unused writeQueue into the pool. 9629 9630 // put inserts an unused writeQueue into the pool. 9631 func (p *http2writeQueuePool) put(q *http2writeQueue) { 9632 for i := range q.s { 9633 q.s[i] = http2FrameWriteRequest{} 9634 } 9635 q.s = q.s[:0] 9636 *p = append(*p, q) 9637 } 9638 9639 // get returns an empty writeQueue. 9640 func (p *http2writeQueuePool) get() *http2writeQueue { 9641 ln := len(*p) 9642 if ln == 0 { 9643 return new(http2writeQueue) 9644 } 9645 x := ln - 1 9646 q := (*p)[x] 9647 (*p)[x] = nil 9648 *p = (*p)[:x] 9649 return q 9650 } 9651 9652 // RFC 7540, Section 5.3.5: the default weight is 16. 9653 const http2priorityDefaultWeight = 15 // 16 = 15 + 1 9654 9655 // PriorityWriteSchedulerConfig configures a priorityWriteScheduler. 9656 type http2PriorityWriteSchedulerConfig struct { 9657 // MaxClosedNodesInTree controls the maximum number of closed streams to 9658 // retain in the priority tree. Setting this to zero saves a small amount 9659 // of memory at the cost of performance. 9660 // 9661 // See RFC 7540, Section 5.3.4: 9662 // "It is possible for a stream to become closed while prioritization 9663 // information ... is in transit. ... This potentially creates suboptimal 9664 // prioritization, since the stream could be given a priority that is 9665 // different from what is intended. To avoid these problems, an endpoint 9666 // SHOULD retain stream prioritization state for a period after streams 9667 // become closed. The longer state is retained, the lower the chance that 9668 // streams are assigned incorrect or default priority values." 9669 MaxClosedNodesInTree int 9670 9671 // MaxIdleNodesInTree controls the maximum number of idle streams to 9672 // retain in the priority tree. Setting this to zero saves a small amount 9673 // of memory at the cost of performance. 9674 // 9675 // See RFC 7540, Section 5.3.4: 9676 // Similarly, streams that are in the "idle" state can be assigned 9677 // priority or become a parent of other streams. This allows for the 9678 // creation of a grouping node in the dependency tree, which enables 9679 // more flexible expressions of priority. Idle streams begin with a 9680 // default priority (Section 5.3.5). 9681 MaxIdleNodesInTree int 9682 9683 // ThrottleOutOfOrderWrites enables write throttling to help ensure that 9684 // data is delivered in priority order. This works around a race where 9685 // stream B depends on stream A and both streams are about to call Write 9686 // to queue DATA frames. If B wins the race, a naive scheduler would eagerly 9687 // write as much data from B as possible, but this is suboptimal because A 9688 // is a higher-priority stream. With throttling enabled, we write a small 9689 // amount of data from B to minimize the amount of bandwidth that B can 9690 // steal from A. 9691 ThrottleOutOfOrderWrites bool 9692 } 9693 9694 // NewPriorityWriteScheduler constructs a WriteScheduler that schedules 9695 // frames by following HTTP/2 priorities as described in RFC 7540 Section 5.3. 9696 // If cfg is nil, default options are used. 9697 func http2NewPriorityWriteScheduler(cfg *http2PriorityWriteSchedulerConfig) http2WriteScheduler { 9698 if cfg == nil { 9699 // For justification of these defaults, see: 9700 // https://docs.google.com/document/d/1oLhNg1skaWD4_DtaoCxdSRN5erEXrH-KnLrMwEpOtFY 9701 cfg = &http2PriorityWriteSchedulerConfig{ 9702 MaxClosedNodesInTree: 10, 9703 MaxIdleNodesInTree: 10, 9704 ThrottleOutOfOrderWrites: false, 9705 } 9706 } 9707 9708 ws := &http2priorityWriteScheduler{ 9709 nodes: make(map[uint32]*http2priorityNode), 9710 maxClosedNodesInTree: cfg.MaxClosedNodesInTree, 9711 maxIdleNodesInTree: cfg.MaxIdleNodesInTree, 9712 enableWriteThrottle: cfg.ThrottleOutOfOrderWrites, 9713 } 9714 ws.nodes[0] = &ws.root 9715 if cfg.ThrottleOutOfOrderWrites { 9716 ws.writeThrottleLimit = 1024 9717 } else { 9718 ws.writeThrottleLimit = math.MaxInt32 9719 } 9720 return ws 9721 } 9722 9723 type http2priorityNodeState int 9724 9725 const ( 9726 http2priorityNodeOpen http2priorityNodeState = iota 9727 http2priorityNodeClosed 9728 http2priorityNodeIdle 9729 ) 9730 9731 // priorityNode is a node in an HTTP/2 priority tree. 9732 // Each node is associated with a single stream ID. 9733 // See RFC 7540, Section 5.3. 9734 type http2priorityNode struct { 9735 q http2writeQueue // queue of pending frames to write 9736 id uint32 // id of the stream, or 0 for the root of the tree 9737 weight uint8 // the actual weight is weight+1, so the value is in [1,256] 9738 state http2priorityNodeState // open | closed | idle 9739 bytes int64 // number of bytes written by this node, or 0 if closed 9740 subtreeBytes int64 // sum(node.bytes) of all nodes in this subtree 9741 9742 // These links form the priority tree. 9743 parent *http2priorityNode 9744 kids *http2priorityNode // start of the kids list 9745 prev, next *http2priorityNode // doubly-linked list of siblings 9746 } 9747 9748 func (n *http2priorityNode) setParent(parent *http2priorityNode) { 9749 if n == parent { 9750 panic("setParent to self") 9751 } 9752 if n.parent == parent { 9753 return 9754 } 9755 // Unlink from current parent. 9756 if parent := n.parent; parent != nil { 9757 if n.prev == nil { 9758 parent.kids = n.next 9759 } else { 9760 n.prev.next = n.next 9761 } 9762 if n.next != nil { 9763 n.next.prev = n.prev 9764 } 9765 } 9766 // Link to new parent. 9767 // If parent=nil, remove n from the tree. 9768 // Always insert at the head of parent.kids (this is assumed by walkReadyInOrder). 9769 n.parent = parent 9770 if parent == nil { 9771 n.next = nil 9772 n.prev = nil 9773 } else { 9774 n.next = parent.kids 9775 n.prev = nil 9776 if n.next != nil { 9777 n.next.prev = n 9778 } 9779 parent.kids = n 9780 } 9781 } 9782 9783 func (n *http2priorityNode) addBytes(b int64) { 9784 n.bytes += b 9785 for ; n != nil; n = n.parent { 9786 n.subtreeBytes += b 9787 } 9788 } 9789 9790 // walkReadyInOrder iterates over the tree in priority order, calling f for each node 9791 // with a non-empty write queue. When f returns true, this funcion returns true and the 9792 // walk halts. tmp is used as scratch space for sorting. 9793 // 9794 // f(n, openParent) takes two arguments: the node to visit, n, and a bool that is true 9795 // if any ancestor p of n is still open (ignoring the root node). 9796 func (n *http2priorityNode) walkReadyInOrder(openParent bool, tmp *[]*http2priorityNode, f func(*http2priorityNode, bool) bool) bool { 9797 if !n.q.empty() && f(n, openParent) { 9798 return true 9799 } 9800 if n.kids == nil { 9801 return false 9802 } 9803 9804 // Don't consider the root "open" when updating openParent since 9805 // we can't send data frames on the root stream (only control frames). 9806 if n.id != 0 { 9807 openParent = openParent || (n.state == http2priorityNodeOpen) 9808 } 9809 9810 // Common case: only one kid or all kids have the same weight. 9811 // Some clients don't use weights; other clients (like web browsers) 9812 // use mostly-linear priority trees. 9813 w := n.kids.weight 9814 needSort := false 9815 for k := n.kids.next; k != nil; k = k.next { 9816 if k.weight != w { 9817 needSort = true 9818 break 9819 } 9820 } 9821 if !needSort { 9822 for k := n.kids; k != nil; k = k.next { 9823 if k.walkReadyInOrder(openParent, tmp, f) { 9824 return true 9825 } 9826 } 9827 return false 9828 } 9829 9830 // Uncommon case: sort the child nodes. We remove the kids from the parent, 9831 // then re-insert after sorting so we can reuse tmp for future sort calls. 9832 *tmp = (*tmp)[:0] 9833 for n.kids != nil { 9834 *tmp = append(*tmp, n.kids) 9835 n.kids.setParent(nil) 9836 } 9837 sort.Sort(http2sortPriorityNodeSiblings(*tmp)) 9838 for i := len(*tmp) - 1; i >= 0; i-- { 9839 (*tmp)[i].setParent(n) // setParent inserts at the head of n.kids 9840 } 9841 for k := n.kids; k != nil; k = k.next { 9842 if k.walkReadyInOrder(openParent, tmp, f) { 9843 return true 9844 } 9845 } 9846 return false 9847 } 9848 9849 type http2sortPriorityNodeSiblings []*http2priorityNode 9850 9851 func (z http2sortPriorityNodeSiblings) Len() int { return len(z) } 9852 9853 func (z http2sortPriorityNodeSiblings) Swap(i, k int) { z[i], z[k] = z[k], z[i] } 9854 9855 func (z http2sortPriorityNodeSiblings) Less(i, k int) bool { 9856 // Prefer the subtree that has sent fewer bytes relative to its weight. 9857 // See sections 5.3.2 and 5.3.4. 9858 wi, bi := float64(z[i].weight+1), float64(z[i].subtreeBytes) 9859 wk, bk := float64(z[k].weight+1), float64(z[k].subtreeBytes) 9860 if bi == 0 && bk == 0 { 9861 return wi >= wk 9862 } 9863 if bk == 0 { 9864 return false 9865 } 9866 return bi/bk <= wi/wk 9867 } 9868 9869 type http2priorityWriteScheduler struct { 9870 // root is the root of the priority tree, where root.id = 0. 9871 // The root queues control frames that are not associated with any stream. 9872 root http2priorityNode 9873 9874 // nodes maps stream ids to priority tree nodes. 9875 nodes map[uint32]*http2priorityNode 9876 9877 // maxID is the maximum stream id in nodes. 9878 maxID uint32 9879 9880 // lists of nodes that have been closed or are idle, but are kept in 9881 // the tree for improved prioritization. When the lengths exceed either 9882 // maxClosedNodesInTree or maxIdleNodesInTree, old nodes are discarded. 9883 closedNodes, idleNodes []*http2priorityNode 9884 9885 // From the config. 9886 maxClosedNodesInTree int 9887 maxIdleNodesInTree int 9888 writeThrottleLimit int32 9889 enableWriteThrottle bool 9890 9891 // tmp is scratch space for priorityNode.walkReadyInOrder to reduce allocations. 9892 tmp []*http2priorityNode 9893 9894 // pool of empty queues for reuse. 9895 queuePool http2writeQueuePool 9896 } 9897 9898 func (ws *http2priorityWriteScheduler) OpenStream(streamID uint32, options http2OpenStreamOptions) { 9899 // The stream may be currently idle but cannot be opened or closed. 9900 if curr := ws.nodes[streamID]; curr != nil { 9901 if curr.state != http2priorityNodeIdle { 9902 panic(fmt.Sprintf("stream %d already opened", streamID)) 9903 } 9904 curr.state = http2priorityNodeOpen 9905 return 9906 } 9907 9908 // RFC 7540, Section 5.3.5: 9909 // "All streams are initially assigned a non-exclusive dependency on stream 0x0. 9910 // Pushed streams initially depend on their associated stream. In both cases, 9911 // streams are assigned a default weight of 16." 9912 parent := ws.nodes[options.PusherID] 9913 if parent == nil { 9914 parent = &ws.root 9915 } 9916 n := &http2priorityNode{ 9917 q: *ws.queuePool.get(), 9918 id: streamID, 9919 weight: http2priorityDefaultWeight, 9920 state: http2priorityNodeOpen, 9921 } 9922 n.setParent(parent) 9923 ws.nodes[streamID] = n 9924 if streamID > ws.maxID { 9925 ws.maxID = streamID 9926 } 9927 } 9928 9929 func (ws *http2priorityWriteScheduler) CloseStream(streamID uint32) { 9930 if streamID == 0 { 9931 panic("violation of WriteScheduler interface: cannot close stream 0") 9932 } 9933 if ws.nodes[streamID] == nil { 9934 panic(fmt.Sprintf("violation of WriteScheduler interface: unknown stream %d", streamID)) 9935 } 9936 if ws.nodes[streamID].state != http2priorityNodeOpen { 9937 panic(fmt.Sprintf("violation of WriteScheduler interface: stream %d already closed", streamID)) 9938 } 9939 9940 n := ws.nodes[streamID] 9941 n.state = http2priorityNodeClosed 9942 n.addBytes(-n.bytes) 9943 9944 q := n.q 9945 ws.queuePool.put(&q) 9946 n.q.s = nil 9947 if ws.maxClosedNodesInTree > 0 { 9948 ws.addClosedOrIdleNode(&ws.closedNodes, ws.maxClosedNodesInTree, n) 9949 } else { 9950 ws.removeNode(n) 9951 } 9952 } 9953 9954 func (ws *http2priorityWriteScheduler) AdjustStream(streamID uint32, priority http2PriorityParam) { 9955 if streamID == 0 { 9956 panic("adjustPriority on root") 9957 } 9958 9959 // If streamID does not exist, there are two cases: 9960 // - A closed stream that has been removed (this will have ID <= maxID) 9961 // - An idle stream that is being used for "grouping" (this will have ID > maxID) 9962 n := ws.nodes[streamID] 9963 if n == nil { 9964 if streamID <= ws.maxID || ws.maxIdleNodesInTree == 0 { 9965 return 9966 } 9967 ws.maxID = streamID 9968 n = &http2priorityNode{ 9969 q: *ws.queuePool.get(), 9970 id: streamID, 9971 weight: http2priorityDefaultWeight, 9972 state: http2priorityNodeIdle, 9973 } 9974 n.setParent(&ws.root) 9975 ws.nodes[streamID] = n 9976 ws.addClosedOrIdleNode(&ws.idleNodes, ws.maxIdleNodesInTree, n) 9977 } 9978 9979 // Section 5.3.1: A dependency on a stream that is not currently in the tree 9980 // results in that stream being given a default priority (Section 5.3.5). 9981 parent := ws.nodes[priority.StreamDep] 9982 if parent == nil { 9983 n.setParent(&ws.root) 9984 n.weight = http2priorityDefaultWeight 9985 return 9986 } 9987 9988 // Ignore if the client tries to make a node its own parent. 9989 if n == parent { 9990 return 9991 } 9992 9993 // Section 5.3.3: 9994 // "If a stream is made dependent on one of its own dependencies, the 9995 // formerly dependent stream is first moved to be dependent on the 9996 // reprioritized stream's previous parent. The moved dependency retains 9997 // its weight." 9998 // 9999 // That is: if parent depends on n, move parent to depend on n.parent. 10000 for x := parent.parent; x != nil; x = x.parent { 10001 if x == n { 10002 parent.setParent(n.parent) 10003 break 10004 } 10005 } 10006 10007 // Section 5.3.3: The exclusive flag causes the stream to become the sole 10008 // dependency of its parent stream, causing other dependencies to become 10009 // dependent on the exclusive stream. 10010 if priority.Exclusive { 10011 k := parent.kids 10012 for k != nil { 10013 next := k.next 10014 if k != n { 10015 k.setParent(n) 10016 } 10017 k = next 10018 } 10019 } 10020 10021 n.setParent(parent) 10022 n.weight = priority.Weight 10023 } 10024 10025 func (ws *http2priorityWriteScheduler) Push(wr http2FrameWriteRequest) { 10026 var n *http2priorityNode 10027 if id := wr.StreamID(); id == 0 { 10028 n = &ws.root 10029 } else { 10030 n = ws.nodes[id] 10031 if n == nil { 10032 // id is an idle or closed stream. wr should not be a HEADERS or 10033 // DATA frame. However, wr can be a RST_STREAM. In this case, we 10034 // push wr onto the root, rather than creating a new priorityNode, 10035 // since RST_STREAM is tiny and the stream's priority is unknown 10036 // anyway. See issue #17919. 10037 if wr.DataSize() > 0 { 10038 panic("add DATA on non-open stream") 10039 } 10040 n = &ws.root 10041 } 10042 } 10043 n.q.push(wr) 10044 } 10045 10046 func (ws *http2priorityWriteScheduler) Pop() (wr http2FrameWriteRequest, ok bool) { 10047 ws.root.walkReadyInOrder(false, &ws.tmp, func(n *http2priorityNode, openParent bool) bool { 10048 limit := int32(math.MaxInt32) 10049 if openParent { 10050 limit = ws.writeThrottleLimit 10051 } 10052 wr, ok = n.q.consume(limit) 10053 if !ok { 10054 return false 10055 } 10056 n.addBytes(int64(wr.DataSize())) 10057 // If B depends on A and B continuously has data available but A 10058 // does not, gradually increase the throttling limit to allow B to 10059 // steal more and more bandwidth from A. 10060 if openParent { 10061 ws.writeThrottleLimit += 1024 10062 if ws.writeThrottleLimit < 0 { 10063 ws.writeThrottleLimit = math.MaxInt32 10064 } 10065 } else if ws.enableWriteThrottle { 10066 ws.writeThrottleLimit = 1024 10067 } 10068 return true 10069 }) 10070 return wr, ok 10071 } 10072 10073 func (ws *http2priorityWriteScheduler) addClosedOrIdleNode(list *[]*http2priorityNode, maxSize int, n *http2priorityNode) { 10074 if maxSize == 0 { 10075 return 10076 } 10077 if len(*list) == maxSize { 10078 // Remove the oldest node, then shift left. 10079 ws.removeNode((*list)[0]) 10080 x := (*list)[1:] 10081 copy(*list, x) 10082 *list = (*list)[:len(x)] 10083 } 10084 *list = append(*list, n) 10085 } 10086 10087 func (ws *http2priorityWriteScheduler) removeNode(n *http2priorityNode) { 10088 for k := n.kids; k != nil; k = k.next { 10089 k.setParent(n.parent) 10090 } 10091 n.setParent(nil) 10092 delete(ws.nodes, n.id) 10093 } 10094 10095 // NewRandomWriteScheduler constructs a WriteScheduler that ignores HTTP/2 10096 // priorities. Control frames like SETTINGS and PING are written before DATA 10097 // frames, but if no control frames are queued and multiple streams have queued 10098 // HEADERS or DATA frames, Pop selects a ready stream arbitrarily. 10099 func http2NewRandomWriteScheduler() http2WriteScheduler { 10100 return &http2randomWriteScheduler{sq: make(map[uint32]*http2writeQueue)} 10101 } 10102 10103 type http2randomWriteScheduler struct { 10104 // zero are frames not associated with a specific stream. 10105 zero http2writeQueue 10106 10107 // sq contains the stream-specific queues, keyed by stream ID. 10108 // When a stream is idle or closed, it's deleted from the map. 10109 sq map[uint32]*http2writeQueue 10110 10111 // pool of empty queues for reuse. 10112 queuePool http2writeQueuePool 10113 } 10114 10115 func (ws *http2randomWriteScheduler) OpenStream(streamID uint32, options http2OpenStreamOptions) { 10116 // no-op: idle streams are not tracked 10117 } 10118 10119 func (ws *http2randomWriteScheduler) CloseStream(streamID uint32) { 10120 q, ok := ws.sq[streamID] 10121 if !ok { 10122 return 10123 } 10124 delete(ws.sq, streamID) 10125 ws.queuePool.put(q) 10126 } 10127 10128 func (ws *http2randomWriteScheduler) AdjustStream(streamID uint32, priority http2PriorityParam) { 10129 // no-op: priorities are ignored 10130 } 10131 10132 func (ws *http2randomWriteScheduler) Push(wr http2FrameWriteRequest) { 10133 id := wr.StreamID() 10134 if id == 0 { 10135 ws.zero.push(wr) 10136 return 10137 } 10138 q, ok := ws.sq[id] 10139 if !ok { 10140 q = ws.queuePool.get() 10141 ws.sq[id] = q 10142 } 10143 q.push(wr) 10144 } 10145 10146 func (ws *http2randomWriteScheduler) Pop() (http2FrameWriteRequest, bool) { 10147 // Control frames first. 10148 if !ws.zero.empty() { 10149 return ws.zero.shift(), true 10150 } 10151 // Iterate over all non-idle streams until finding one that can be consumed. 10152 for _, q := range ws.sq { 10153 if wr, ok := q.consume(math.MaxInt32); ok { 10154 return wr, true 10155 } 10156 } 10157 return http2FrameWriteRequest{}, false 10158 } 10159
View as plain text