...
Run Format

Source file src/net/http/h2_bundle.go

Documentation: net/http

     1  // Code generated by golang.org/x/tools/cmd/bundle. DO NOT EDIT.
     2  //go:generate bundle -o h2_bundle.go -prefix http2 -underscore golang.org/x/net/http2
     3  
     4  // Package http2 implements the HTTP/2 protocol.
     5  //
     6  // This package is low-level and intended to be used directly by very
     7  // few people. Most users will use it indirectly through the automatic
     8  // use by the net/http package (from Go 1.6 and later).
     9  // For use in earlier Go versions see ConfigureServer. (Transport support
    10  // requires Go 1.6 or later)
    11  //
    12  // See https://http2.github.io/ for more information on HTTP/2.
    13  //
    14  // See https://http2.golang.org/ for a test server running this code.
    15  //
    16  
    17  package http
    18  
    19  import (
    20  	"bufio"
    21  	"bytes"
    22  	"compress/gzip"
    23  	"context"
    24  	"crypto/rand"
    25  	"crypto/tls"
    26  	"encoding/binary"
    27  	"errors"
    28  	"fmt"
    29  	"io"
    30  	"io/ioutil"
    31  	"log"
    32  	"math"
    33  	mathrand "math/rand"
    34  	"net"
    35  	"net/http/httptrace"
    36  	"net/textproto"
    37  	"net/url"
    38  	"os"
    39  	"reflect"
    40  	"runtime"
    41  	"sort"
    42  	"strconv"
    43  	"strings"
    44  	"sync"
    45  	"time"
    46  
    47  	"internal/x/net/http/httpguts"
    48  	"internal/x/net/http2/hpack"
    49  	"internal/x/net/idna"
    50  )
    51  
    52  // A list of the possible cipher suite ids. Taken from
    53  // https://www.iana.org/assignments/tls-parameters/tls-parameters.txt
    54  
    55  const (
    56  	http2cipher_TLS_NULL_WITH_NULL_NULL               uint16 = 0x0000
    57  	http2cipher_TLS_RSA_WITH_NULL_MD5                 uint16 = 0x0001
    58  	http2cipher_TLS_RSA_WITH_NULL_SHA                 uint16 = 0x0002
    59  	http2cipher_TLS_RSA_EXPORT_WITH_RC4_40_MD5        uint16 = 0x0003
    60  	http2cipher_TLS_RSA_WITH_RC4_128_MD5              uint16 = 0x0004
    61  	http2cipher_TLS_RSA_WITH_RC4_128_SHA              uint16 = 0x0005
    62  	http2cipher_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5    uint16 = 0x0006
    63  	http2cipher_TLS_RSA_WITH_IDEA_CBC_SHA             uint16 = 0x0007
    64  	http2cipher_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA     uint16 = 0x0008
    65  	http2cipher_TLS_RSA_WITH_DES_CBC_SHA              uint16 = 0x0009
    66  	http2cipher_TLS_RSA_WITH_3DES_EDE_CBC_SHA         uint16 = 0x000A
    67  	http2cipher_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA  uint16 = 0x000B
    68  	http2cipher_TLS_DH_DSS_WITH_DES_CBC_SHA           uint16 = 0x000C
    69  	http2cipher_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA      uint16 = 0x000D
    70  	http2cipher_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA  uint16 = 0x000E
    71  	http2cipher_TLS_DH_RSA_WITH_DES_CBC_SHA           uint16 = 0x000F
    72  	http2cipher_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA      uint16 = 0x0010
    73  	http2cipher_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0011
    74  	http2cipher_TLS_DHE_DSS_WITH_DES_CBC_SHA          uint16 = 0x0012
    75  	http2cipher_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA     uint16 = 0x0013
    76  	http2cipher_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0014
    77  	http2cipher_TLS_DHE_RSA_WITH_DES_CBC_SHA          uint16 = 0x0015
    78  	http2cipher_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA     uint16 = 0x0016
    79  	http2cipher_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5    uint16 = 0x0017
    80  	http2cipher_TLS_DH_anon_WITH_RC4_128_MD5          uint16 = 0x0018
    81  	http2cipher_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0019
    82  	http2cipher_TLS_DH_anon_WITH_DES_CBC_SHA          uint16 = 0x001A
    83  	http2cipher_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA     uint16 = 0x001B
    84  	// Reserved uint16 =  0x001C-1D
    85  	http2cipher_TLS_KRB5_WITH_DES_CBC_SHA             uint16 = 0x001E
    86  	http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_SHA        uint16 = 0x001F
    87  	http2cipher_TLS_KRB5_WITH_RC4_128_SHA             uint16 = 0x0020
    88  	http2cipher_TLS_KRB5_WITH_IDEA_CBC_SHA            uint16 = 0x0021
    89  	http2cipher_TLS_KRB5_WITH_DES_CBC_MD5             uint16 = 0x0022
    90  	http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_MD5        uint16 = 0x0023
    91  	http2cipher_TLS_KRB5_WITH_RC4_128_MD5             uint16 = 0x0024
    92  	http2cipher_TLS_KRB5_WITH_IDEA_CBC_MD5            uint16 = 0x0025
    93  	http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA   uint16 = 0x0026
    94  	http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA   uint16 = 0x0027
    95  	http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_SHA       uint16 = 0x0028
    96  	http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5   uint16 = 0x0029
    97  	http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5   uint16 = 0x002A
    98  	http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_MD5       uint16 = 0x002B
    99  	http2cipher_TLS_PSK_WITH_NULL_SHA                 uint16 = 0x002C
   100  	http2cipher_TLS_DHE_PSK_WITH_NULL_SHA             uint16 = 0x002D
   101  	http2cipher_TLS_RSA_PSK_WITH_NULL_SHA             uint16 = 0x002E
   102  	http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA          uint16 = 0x002F
   103  	http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA       uint16 = 0x0030
   104  	http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA       uint16 = 0x0031
   105  	http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA      uint16 = 0x0032
   106  	http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA      uint16 = 0x0033
   107  	http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA      uint16 = 0x0034
   108  	http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA          uint16 = 0x0035
   109  	http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA       uint16 = 0x0036
   110  	http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA       uint16 = 0x0037
   111  	http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA      uint16 = 0x0038
   112  	http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA      uint16 = 0x0039
   113  	http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA      uint16 = 0x003A
   114  	http2cipher_TLS_RSA_WITH_NULL_SHA256              uint16 = 0x003B
   115  	http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA256       uint16 = 0x003C
   116  	http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA256       uint16 = 0x003D
   117  	http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA256    uint16 = 0x003E
   118  	http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA256    uint16 = 0x003F
   119  	http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256   uint16 = 0x0040
   120  	http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA     uint16 = 0x0041
   121  	http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA  uint16 = 0x0042
   122  	http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA  uint16 = 0x0043
   123  	http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0044
   124  	http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0045
   125  	http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0046
   126  	// Reserved uint16 =  0x0047-4F
   127  	// Reserved uint16 =  0x0050-58
   128  	// Reserved uint16 =  0x0059-5C
   129  	// Unassigned uint16 =  0x005D-5F
   130  	// Reserved uint16 =  0x0060-66
   131  	http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x0067
   132  	http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA256  uint16 = 0x0068
   133  	http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA256  uint16 = 0x0069
   134  	http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 uint16 = 0x006A
   135  	http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x006B
   136  	http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA256 uint16 = 0x006C
   137  	http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA256 uint16 = 0x006D
   138  	// Unassigned uint16 =  0x006E-83
   139  	http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA        uint16 = 0x0084
   140  	http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA     uint16 = 0x0085
   141  	http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA     uint16 = 0x0086
   142  	http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA    uint16 = 0x0087
   143  	http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA    uint16 = 0x0088
   144  	http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA    uint16 = 0x0089
   145  	http2cipher_TLS_PSK_WITH_RC4_128_SHA                 uint16 = 0x008A
   146  	http2cipher_TLS_PSK_WITH_3DES_EDE_CBC_SHA            uint16 = 0x008B
   147  	http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA             uint16 = 0x008C
   148  	http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA             uint16 = 0x008D
   149  	http2cipher_TLS_DHE_PSK_WITH_RC4_128_SHA             uint16 = 0x008E
   150  	http2cipher_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA        uint16 = 0x008F
   151  	http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA         uint16 = 0x0090
   152  	http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA         uint16 = 0x0091
   153  	http2cipher_TLS_RSA_PSK_WITH_RC4_128_SHA             uint16 = 0x0092
   154  	http2cipher_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA        uint16 = 0x0093
   155  	http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA         uint16 = 0x0094
   156  	http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA         uint16 = 0x0095
   157  	http2cipher_TLS_RSA_WITH_SEED_CBC_SHA                uint16 = 0x0096
   158  	http2cipher_TLS_DH_DSS_WITH_SEED_CBC_SHA             uint16 = 0x0097
   159  	http2cipher_TLS_DH_RSA_WITH_SEED_CBC_SHA             uint16 = 0x0098
   160  	http2cipher_TLS_DHE_DSS_WITH_SEED_CBC_SHA            uint16 = 0x0099
   161  	http2cipher_TLS_DHE_RSA_WITH_SEED_CBC_SHA            uint16 = 0x009A
   162  	http2cipher_TLS_DH_anon_WITH_SEED_CBC_SHA            uint16 = 0x009B
   163  	http2cipher_TLS_RSA_WITH_AES_128_GCM_SHA256          uint16 = 0x009C
   164  	http2cipher_TLS_RSA_WITH_AES_256_GCM_SHA384          uint16 = 0x009D
   165  	http2cipher_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256      uint16 = 0x009E
   166  	http2cipher_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384      uint16 = 0x009F
   167  	http2cipher_TLS_DH_RSA_WITH_AES_128_GCM_SHA256       uint16 = 0x00A0
   168  	http2cipher_TLS_DH_RSA_WITH_AES_256_GCM_SHA384       uint16 = 0x00A1
   169  	http2cipher_TLS_DHE_DSS_WITH_AES_128_GCM_SHA256      uint16 = 0x00A2
   170  	http2cipher_TLS_DHE_DSS_WITH_AES_256_GCM_SHA384      uint16 = 0x00A3
   171  	http2cipher_TLS_DH_DSS_WITH_AES_128_GCM_SHA256       uint16 = 0x00A4
   172  	http2cipher_TLS_DH_DSS_WITH_AES_256_GCM_SHA384       uint16 = 0x00A5
   173  	http2cipher_TLS_DH_anon_WITH_AES_128_GCM_SHA256      uint16 = 0x00A6
   174  	http2cipher_TLS_DH_anon_WITH_AES_256_GCM_SHA384      uint16 = 0x00A7
   175  	http2cipher_TLS_PSK_WITH_AES_128_GCM_SHA256          uint16 = 0x00A8
   176  	http2cipher_TLS_PSK_WITH_AES_256_GCM_SHA384          uint16 = 0x00A9
   177  	http2cipher_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256      uint16 = 0x00AA
   178  	http2cipher_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384      uint16 = 0x00AB
   179  	http2cipher_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256      uint16 = 0x00AC
   180  	http2cipher_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384      uint16 = 0x00AD
   181  	http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA256          uint16 = 0x00AE
   182  	http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA384          uint16 = 0x00AF
   183  	http2cipher_TLS_PSK_WITH_NULL_SHA256                 uint16 = 0x00B0
   184  	http2cipher_TLS_PSK_WITH_NULL_SHA384                 uint16 = 0x00B1
   185  	http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256      uint16 = 0x00B2
   186  	http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384      uint16 = 0x00B3
   187  	http2cipher_TLS_DHE_PSK_WITH_NULL_SHA256             uint16 = 0x00B4
   188  	http2cipher_TLS_DHE_PSK_WITH_NULL_SHA384             uint16 = 0x00B5
   189  	http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256      uint16 = 0x00B6
   190  	http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384      uint16 = 0x00B7
   191  	http2cipher_TLS_RSA_PSK_WITH_NULL_SHA256             uint16 = 0x00B8
   192  	http2cipher_TLS_RSA_PSK_WITH_NULL_SHA384             uint16 = 0x00B9
   193  	http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256     uint16 = 0x00BA
   194  	http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256  uint16 = 0x00BB
   195  	http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256  uint16 = 0x00BC
   196  	http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BD
   197  	http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BE
   198  	http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BF
   199  	http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256     uint16 = 0x00C0
   200  	http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256  uint16 = 0x00C1
   201  	http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256  uint16 = 0x00C2
   202  	http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C3
   203  	http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C4
   204  	http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C5
   205  	// Unassigned uint16 =  0x00C6-FE
   206  	http2cipher_TLS_EMPTY_RENEGOTIATION_INFO_SCSV uint16 = 0x00FF
   207  	// Unassigned uint16 =  0x01-55,*
   208  	http2cipher_TLS_FALLBACK_SCSV uint16 = 0x5600
   209  	// Unassigned                                   uint16 = 0x5601 - 0xC000
   210  	http2cipher_TLS_ECDH_ECDSA_WITH_NULL_SHA                 uint16 = 0xC001
   211  	http2cipher_TLS_ECDH_ECDSA_WITH_RC4_128_SHA              uint16 = 0xC002
   212  	http2cipher_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA         uint16 = 0xC003
   213  	http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA          uint16 = 0xC004
   214  	http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA          uint16 = 0xC005
   215  	http2cipher_TLS_ECDHE_ECDSA_WITH_NULL_SHA                uint16 = 0xC006
   216  	http2cipher_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA             uint16 = 0xC007
   217  	http2cipher_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA        uint16 = 0xC008
   218  	http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA         uint16 = 0xC009
   219  	http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA         uint16 = 0xC00A
   220  	http2cipher_TLS_ECDH_RSA_WITH_NULL_SHA                   uint16 = 0xC00B
   221  	http2cipher_TLS_ECDH_RSA_WITH_RC4_128_SHA                uint16 = 0xC00C
   222  	http2cipher_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA           uint16 = 0xC00D
   223  	http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA            uint16 = 0xC00E
   224  	http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA            uint16 = 0xC00F
   225  	http2cipher_TLS_ECDHE_RSA_WITH_NULL_SHA                  uint16 = 0xC010
   226  	http2cipher_TLS_ECDHE_RSA_WITH_RC4_128_SHA               uint16 = 0xC011
   227  	http2cipher_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA          uint16 = 0xC012
   228  	http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA           uint16 = 0xC013
   229  	http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA           uint16 = 0xC014
   230  	http2cipher_TLS_ECDH_anon_WITH_NULL_SHA                  uint16 = 0xC015
   231  	http2cipher_TLS_ECDH_anon_WITH_RC4_128_SHA               uint16 = 0xC016
   232  	http2cipher_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA          uint16 = 0xC017
   233  	http2cipher_TLS_ECDH_anon_WITH_AES_128_CBC_SHA           uint16 = 0xC018
   234  	http2cipher_TLS_ECDH_anon_WITH_AES_256_CBC_SHA           uint16 = 0xC019
   235  	http2cipher_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA            uint16 = 0xC01A
   236  	http2cipher_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA        uint16 = 0xC01B
   237  	http2cipher_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA        uint16 = 0xC01C
   238  	http2cipher_TLS_SRP_SHA_WITH_AES_128_CBC_SHA             uint16 = 0xC01D
   239  	http2cipher_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA         uint16 = 0xC01E
   240  	http2cipher_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA         uint16 = 0xC01F
   241  	http2cipher_TLS_SRP_SHA_WITH_AES_256_CBC_SHA             uint16 = 0xC020
   242  	http2cipher_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA         uint16 = 0xC021
   243  	http2cipher_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA         uint16 = 0xC022
   244  	http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256      uint16 = 0xC023
   245  	http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384      uint16 = 0xC024
   246  	http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256       uint16 = 0xC025
   247  	http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384       uint16 = 0xC026
   248  	http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256        uint16 = 0xC027
   249  	http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384        uint16 = 0xC028
   250  	http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256         uint16 = 0xC029
   251  	http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384         uint16 = 0xC02A
   252  	http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256      uint16 = 0xC02B
   253  	http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384      uint16 = 0xC02C
   254  	http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256       uint16 = 0xC02D
   255  	http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384       uint16 = 0xC02E
   256  	http2cipher_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256        uint16 = 0xC02F
   257  	http2cipher_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384        uint16 = 0xC030
   258  	http2cipher_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256         uint16 = 0xC031
   259  	http2cipher_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384         uint16 = 0xC032
   260  	http2cipher_TLS_ECDHE_PSK_WITH_RC4_128_SHA               uint16 = 0xC033
   261  	http2cipher_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA          uint16 = 0xC034
   262  	http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA           uint16 = 0xC035
   263  	http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA           uint16 = 0xC036
   264  	http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256        uint16 = 0xC037
   265  	http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384        uint16 = 0xC038
   266  	http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA                  uint16 = 0xC039
   267  	http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA256               uint16 = 0xC03A
   268  	http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA384               uint16 = 0xC03B
   269  	http2cipher_TLS_RSA_WITH_ARIA_128_CBC_SHA256             uint16 = 0xC03C
   270  	http2cipher_TLS_RSA_WITH_ARIA_256_CBC_SHA384             uint16 = 0xC03D
   271  	http2cipher_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256          uint16 = 0xC03E
   272  	http2cipher_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384          uint16 = 0xC03F
   273  	http2cipher_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256          uint16 = 0xC040
   274  	http2cipher_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384          uint16 = 0xC041
   275  	http2cipher_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256         uint16 = 0xC042
   276  	http2cipher_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384         uint16 = 0xC043
   277  	http2cipher_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256         uint16 = 0xC044
   278  	http2cipher_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384         uint16 = 0xC045
   279  	http2cipher_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256         uint16 = 0xC046
   280  	http2cipher_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384         uint16 = 0xC047
   281  	http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256     uint16 = 0xC048
   282  	http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384     uint16 = 0xC049
   283  	http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256      uint16 = 0xC04A
   284  	http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384      uint16 = 0xC04B
   285  	http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256       uint16 = 0xC04C
   286  	http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384       uint16 = 0xC04D
   287  	http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256        uint16 = 0xC04E
   288  	http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384        uint16 = 0xC04F
   289  	http2cipher_TLS_RSA_WITH_ARIA_128_GCM_SHA256             uint16 = 0xC050
   290  	http2cipher_TLS_RSA_WITH_ARIA_256_GCM_SHA384             uint16 = 0xC051
   291  	http2cipher_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256         uint16 = 0xC052
   292  	http2cipher_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384         uint16 = 0xC053
   293  	http2cipher_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256          uint16 = 0xC054
   294  	http2cipher_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384          uint16 = 0xC055
   295  	http2cipher_TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256         uint16 = 0xC056
   296  	http2cipher_TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384         uint16 = 0xC057
   297  	http2cipher_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256          uint16 = 0xC058
   298  	http2cipher_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384          uint16 = 0xC059
   299  	http2cipher_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256         uint16 = 0xC05A
   300  	http2cipher_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384         uint16 = 0xC05B
   301  	http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256     uint16 = 0xC05C
   302  	http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384     uint16 = 0xC05D
   303  	http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256      uint16 = 0xC05E
   304  	http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384      uint16 = 0xC05F
   305  	http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256       uint16 = 0xC060
   306  	http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384       uint16 = 0xC061
   307  	http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256        uint16 = 0xC062
   308  	http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384        uint16 = 0xC063
   309  	http2cipher_TLS_PSK_WITH_ARIA_128_CBC_SHA256             uint16 = 0xC064
   310  	http2cipher_TLS_PSK_WITH_ARIA_256_CBC_SHA384             uint16 = 0xC065
   311  	http2cipher_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256         uint16 = 0xC066
   312  	http2cipher_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384         uint16 = 0xC067
   313  	http2cipher_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256         uint16 = 0xC068
   314  	http2cipher_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384         uint16 = 0xC069
   315  	http2cipher_TLS_PSK_WITH_ARIA_128_GCM_SHA256             uint16 = 0xC06A
   316  	http2cipher_TLS_PSK_WITH_ARIA_256_GCM_SHA384             uint16 = 0xC06B
   317  	http2cipher_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256         uint16 = 0xC06C
   318  	http2cipher_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384         uint16 = 0xC06D
   319  	http2cipher_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256         uint16 = 0xC06E
   320  	http2cipher_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384         uint16 = 0xC06F
   321  	http2cipher_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256       uint16 = 0xC070
   322  	http2cipher_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384       uint16 = 0xC071
   323  	http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC072
   324  	http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC073
   325  	http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  uint16 = 0xC074
   326  	http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  uint16 = 0xC075
   327  	http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   uint16 = 0xC076
   328  	http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   uint16 = 0xC077
   329  	http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    uint16 = 0xC078
   330  	http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    uint16 = 0xC079
   331  	http2cipher_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256         uint16 = 0xC07A
   332  	http2cipher_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384         uint16 = 0xC07B
   333  	http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256     uint16 = 0xC07C
   334  	http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384     uint16 = 0xC07D
   335  	http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256      uint16 = 0xC07E
   336  	http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384      uint16 = 0xC07F
   337  	http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256     uint16 = 0xC080
   338  	http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384     uint16 = 0xC081
   339  	http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256      uint16 = 0xC082
   340  	http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384      uint16 = 0xC083
   341  	http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256     uint16 = 0xC084
   342  	http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384     uint16 = 0xC085
   343  	http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC086
   344  	http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC087
   345  	http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256  uint16 = 0xC088
   346  	http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384  uint16 = 0xC089
   347  	http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256   uint16 = 0xC08A
   348  	http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384   uint16 = 0xC08B
   349  	http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256    uint16 = 0xC08C
   350  	http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384    uint16 = 0xC08D
   351  	http2cipher_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256         uint16 = 0xC08E
   352  	http2cipher_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384         uint16 = 0xC08F
   353  	http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256     uint16 = 0xC090
   354  	http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384     uint16 = 0xC091
   355  	http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256     uint16 = 0xC092
   356  	http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384     uint16 = 0xC093
   357  	http2cipher_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256         uint16 = 0xC094
   358  	http2cipher_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384         uint16 = 0xC095
   359  	http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256     uint16 = 0xC096
   360  	http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384     uint16 = 0xC097
   361  	http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256     uint16 = 0xC098
   362  	http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384     uint16 = 0xC099
   363  	http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   uint16 = 0xC09A
   364  	http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   uint16 = 0xC09B
   365  	http2cipher_TLS_RSA_WITH_AES_128_CCM                     uint16 = 0xC09C
   366  	http2cipher_TLS_RSA_WITH_AES_256_CCM                     uint16 = 0xC09D
   367  	http2cipher_TLS_DHE_RSA_WITH_AES_128_CCM                 uint16 = 0xC09E
   368  	http2cipher_TLS_DHE_RSA_WITH_AES_256_CCM                 uint16 = 0xC09F
   369  	http2cipher_TLS_RSA_WITH_AES_128_CCM_8                   uint16 = 0xC0A0
   370  	http2cipher_TLS_RSA_WITH_AES_256_CCM_8                   uint16 = 0xC0A1
   371  	http2cipher_TLS_DHE_RSA_WITH_AES_128_CCM_8               uint16 = 0xC0A2
   372  	http2cipher_TLS_DHE_RSA_WITH_AES_256_CCM_8               uint16 = 0xC0A3
   373  	http2cipher_TLS_PSK_WITH_AES_128_CCM                     uint16 = 0xC0A4
   374  	http2cipher_TLS_PSK_WITH_AES_256_CCM                     uint16 = 0xC0A5
   375  	http2cipher_TLS_DHE_PSK_WITH_AES_128_CCM                 uint16 = 0xC0A6
   376  	http2cipher_TLS_DHE_PSK_WITH_AES_256_CCM                 uint16 = 0xC0A7
   377  	http2cipher_TLS_PSK_WITH_AES_128_CCM_8                   uint16 = 0xC0A8
   378  	http2cipher_TLS_PSK_WITH_AES_256_CCM_8                   uint16 = 0xC0A9
   379  	http2cipher_TLS_PSK_DHE_WITH_AES_128_CCM_8               uint16 = 0xC0AA
   380  	http2cipher_TLS_PSK_DHE_WITH_AES_256_CCM_8               uint16 = 0xC0AB
   381  	http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CCM             uint16 = 0xC0AC
   382  	http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CCM             uint16 = 0xC0AD
   383  	http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8           uint16 = 0xC0AE
   384  	http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8           uint16 = 0xC0AF
   385  	// Unassigned uint16 =  0xC0B0-FF
   386  	// Unassigned uint16 =  0xC1-CB,*
   387  	// Unassigned uint16 =  0xCC00-A7
   388  	http2cipher_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   uint16 = 0xCCA8
   389  	http2cipher_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCA9
   390  	http2cipher_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256     uint16 = 0xCCAA
   391  	http2cipher_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256         uint16 = 0xCCAB
   392  	http2cipher_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256   uint16 = 0xCCAC
   393  	http2cipher_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256     uint16 = 0xCCAD
   394  	http2cipher_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256     uint16 = 0xCCAE
   395  )
   396  
   397  // isBadCipher reports whether the cipher is blacklisted by the HTTP/2 spec.
   398  // References:
   399  // https://tools.ietf.org/html/rfc7540#appendix-A
   400  // Reject cipher suites from Appendix A.
   401  // "This list includes those cipher suites that do not
   402  // offer an ephemeral key exchange and those that are
   403  // based on the TLS null, stream or block cipher type"
   404  func http2isBadCipher(cipher uint16) bool {
   405  	switch cipher {
   406  	case http2cipher_TLS_NULL_WITH_NULL_NULL,
   407  		http2cipher_TLS_RSA_WITH_NULL_MD5,
   408  		http2cipher_TLS_RSA_WITH_NULL_SHA,
   409  		http2cipher_TLS_RSA_EXPORT_WITH_RC4_40_MD5,
   410  		http2cipher_TLS_RSA_WITH_RC4_128_MD5,
   411  		http2cipher_TLS_RSA_WITH_RC4_128_SHA,
   412  		http2cipher_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
   413  		http2cipher_TLS_RSA_WITH_IDEA_CBC_SHA,
   414  		http2cipher_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
   415  		http2cipher_TLS_RSA_WITH_DES_CBC_SHA,
   416  		http2cipher_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
   417  		http2cipher_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
   418  		http2cipher_TLS_DH_DSS_WITH_DES_CBC_SHA,
   419  		http2cipher_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,
   420  		http2cipher_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
   421  		http2cipher_TLS_DH_RSA_WITH_DES_CBC_SHA,
   422  		http2cipher_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,
   423  		http2cipher_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
   424  		http2cipher_TLS_DHE_DSS_WITH_DES_CBC_SHA,
   425  		http2cipher_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
   426  		http2cipher_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
   427  		http2cipher_TLS_DHE_RSA_WITH_DES_CBC_SHA,
   428  		http2cipher_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
   429  		http2cipher_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,
   430  		http2cipher_TLS_DH_anon_WITH_RC4_128_MD5,
   431  		http2cipher_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
   432  		http2cipher_TLS_DH_anon_WITH_DES_CBC_SHA,
   433  		http2cipher_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,
   434  		http2cipher_TLS_KRB5_WITH_DES_CBC_SHA,
   435  		http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_SHA,
   436  		http2cipher_TLS_KRB5_WITH_RC4_128_SHA,
   437  		http2cipher_TLS_KRB5_WITH_IDEA_CBC_SHA,
   438  		http2cipher_TLS_KRB5_WITH_DES_CBC_MD5,
   439  		http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_MD5,
   440  		http2cipher_TLS_KRB5_WITH_RC4_128_MD5,
   441  		http2cipher_TLS_KRB5_WITH_IDEA_CBC_MD5,
   442  		http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
   443  		http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA,
   444  		http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_SHA,
   445  		http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5,
   446  		http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5,
   447  		http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_MD5,
   448  		http2cipher_TLS_PSK_WITH_NULL_SHA,
   449  		http2cipher_TLS_DHE_PSK_WITH_NULL_SHA,
   450  		http2cipher_TLS_RSA_PSK_WITH_NULL_SHA,
   451  		http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA,
   452  		http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA,
   453  		http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA,
   454  		http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
   455  		http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
   456  		http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA,
   457  		http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA,
   458  		http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA,
   459  		http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA,
   460  		http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
   461  		http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
   462  		http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA,
   463  		http2cipher_TLS_RSA_WITH_NULL_SHA256,
   464  		http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA256,
   465  		http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA256,
   466  		http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA256,
   467  		http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA256,
   468  		http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
   469  		http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
   470  		http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
   471  		http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
   472  		http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
   473  		http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
   474  		http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,
   475  		http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
   476  		http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA256,
   477  		http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA256,
   478  		http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
   479  		http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
   480  		http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA256,
   481  		http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA256,
   482  		http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
   483  		http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
   484  		http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
   485  		http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
   486  		http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
   487  		http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA,
   488  		http2cipher_TLS_PSK_WITH_RC4_128_SHA,
   489  		http2cipher_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
   490  		http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA,
   491  		http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA,
   492  		http2cipher_TLS_DHE_PSK_WITH_RC4_128_SHA,
   493  		http2cipher_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
   494  		http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
   495  		http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
   496  		http2cipher_TLS_RSA_PSK_WITH_RC4_128_SHA,
   497  		http2cipher_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
   498  		http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
   499  		http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
   500  		http2cipher_TLS_RSA_WITH_SEED_CBC_SHA,
   501  		http2cipher_TLS_DH_DSS_WITH_SEED_CBC_SHA,
   502  		http2cipher_TLS_DH_RSA_WITH_SEED_CBC_SHA,
   503  		http2cipher_TLS_DHE_DSS_WITH_SEED_CBC_SHA,
   504  		http2cipher_TLS_DHE_RSA_WITH_SEED_CBC_SHA,
   505  		http2cipher_TLS_DH_anon_WITH_SEED_CBC_SHA,
   506  		http2cipher_TLS_RSA_WITH_AES_128_GCM_SHA256,
   507  		http2cipher_TLS_RSA_WITH_AES_256_GCM_SHA384,
   508  		http2cipher_TLS_DH_RSA_WITH_AES_128_GCM_SHA256,
   509  		http2cipher_TLS_DH_RSA_WITH_AES_256_GCM_SHA384,
   510  		http2cipher_TLS_DH_DSS_WITH_AES_128_GCM_SHA256,
   511  		http2cipher_TLS_DH_DSS_WITH_AES_256_GCM_SHA384,
   512  		http2cipher_TLS_DH_anon_WITH_AES_128_GCM_SHA256,
   513  		http2cipher_TLS_DH_anon_WITH_AES_256_GCM_SHA384,
   514  		http2cipher_TLS_PSK_WITH_AES_128_GCM_SHA256,
   515  		http2cipher_TLS_PSK_WITH_AES_256_GCM_SHA384,
   516  		http2cipher_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
   517  		http2cipher_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
   518  		http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA256,
   519  		http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA384,
   520  		http2cipher_TLS_PSK_WITH_NULL_SHA256,
   521  		http2cipher_TLS_PSK_WITH_NULL_SHA384,
   522  		http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
   523  		http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
   524  		http2cipher_TLS_DHE_PSK_WITH_NULL_SHA256,
   525  		http2cipher_TLS_DHE_PSK_WITH_NULL_SHA384,
   526  		http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
   527  		http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
   528  		http2cipher_TLS_RSA_PSK_WITH_NULL_SHA256,
   529  		http2cipher_TLS_RSA_PSK_WITH_NULL_SHA384,
   530  		http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
   531  		http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256,
   532  		http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
   533  		http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
   534  		http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
   535  		http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256,
   536  		http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
   537  		http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256,
   538  		http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256,
   539  		http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
   540  		http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
   541  		http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256,
   542  		http2cipher_TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
   543  		http2cipher_TLS_ECDH_ECDSA_WITH_NULL_SHA,
   544  		http2cipher_TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
   545  		http2cipher_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
   546  		http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
   547  		http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
   548  		http2cipher_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
   549  		http2cipher_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
   550  		http2cipher_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
   551  		http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
   552  		http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
   553  		http2cipher_TLS_ECDH_RSA_WITH_NULL_SHA,
   554  		http2cipher_TLS_ECDH_RSA_WITH_RC4_128_SHA,
   555  		http2cipher_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
   556  		http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
   557  		http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
   558  		http2cipher_TLS_ECDHE_RSA_WITH_NULL_SHA,
   559  		http2cipher_TLS_ECDHE_RSA_WITH_RC4_128_SHA,
   560  		http2cipher_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
   561  		http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
   562  		http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
   563  		http2cipher_TLS_ECDH_anon_WITH_NULL_SHA,
   564  		http2cipher_TLS_ECDH_anon_WITH_RC4_128_SHA,
   565  		http2cipher_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,
   566  		http2cipher_TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
   567  		http2cipher_TLS_ECDH_anon_WITH_AES_256_CBC_SHA,
   568  		http2cipher_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
   569  		http2cipher_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
   570  		http2cipher_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
   571  		http2cipher_TLS_SRP_SHA_WITH_AES_128_CBC_SHA,
   572  		http2cipher_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
   573  		http2cipher_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
   574  		http2cipher_TLS_SRP_SHA_WITH_AES_256_CBC_SHA,
   575  		http2cipher_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
   576  		http2cipher_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
   577  		http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
   578  		http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
   579  		http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
   580  		http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
   581  		http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
   582  		http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
   583  		http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
   584  		http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
   585  		http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
   586  		http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
   587  		http2cipher_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
   588  		http2cipher_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
   589  		http2cipher_TLS_ECDHE_PSK_WITH_RC4_128_SHA,
   590  		http2cipher_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
   591  		http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
   592  		http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
   593  		http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
   594  		http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
   595  		http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA,
   596  		http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA256,
   597  		http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA384,
   598  		http2cipher_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
   599  		http2cipher_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
   600  		http2cipher_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256,
   601  		http2cipher_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384,
   602  		http2cipher_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256,
   603  		http2cipher_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384,
   604  		http2cipher_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256,
   605  		http2cipher_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384,
   606  		http2cipher_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
   607  		http2cipher_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
   608  		http2cipher_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256,
   609  		http2cipher_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384,
   610  		http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
   611  		http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
   612  		http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
   613  		http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
   614  		http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
   615  		http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
   616  		http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
   617  		http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
   618  		http2cipher_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
   619  		http2cipher_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
   620  		http2cipher_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256,
   621  		http2cipher_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384,
   622  		http2cipher_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256,
   623  		http2cipher_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384,
   624  		http2cipher_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256,
   625  		http2cipher_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384,
   626  		http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
   627  		http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
   628  		http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
   629  		http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
   630  		http2cipher_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
   631  		http2cipher_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
   632  		http2cipher_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
   633  		http2cipher_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
   634  		http2cipher_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
   635  		http2cipher_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
   636  		http2cipher_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
   637  		http2cipher_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
   638  		http2cipher_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
   639  		http2cipher_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
   640  		http2cipher_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
   641  		http2cipher_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
   642  		http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
   643  		http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
   644  		http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
   645  		http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
   646  		http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
   647  		http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
   648  		http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
   649  		http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
   650  		http2cipher_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
   651  		http2cipher_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
   652  		http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
   653  		http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
   654  		http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256,
   655  		http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384,
   656  		http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256,
   657  		http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384,
   658  		http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
   659  		http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
   660  		http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
   661  		http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
   662  		http2cipher_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
   663  		http2cipher_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
   664  		http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
   665  		http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
   666  		http2cipher_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
   667  		http2cipher_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
   668  		http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
   669  		http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
   670  		http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
   671  		http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
   672  		http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
   673  		http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
   674  		http2cipher_TLS_RSA_WITH_AES_128_CCM,
   675  		http2cipher_TLS_RSA_WITH_AES_256_CCM,
   676  		http2cipher_TLS_RSA_WITH_AES_128_CCM_8,
   677  		http2cipher_TLS_RSA_WITH_AES_256_CCM_8,
   678  		http2cipher_TLS_PSK_WITH_AES_128_CCM,
   679  		http2cipher_TLS_PSK_WITH_AES_256_CCM,
   680  		http2cipher_TLS_PSK_WITH_AES_128_CCM_8,
   681  		http2cipher_TLS_PSK_WITH_AES_256_CCM_8:
   682  		return true
   683  	default:
   684  		return false
   685  	}
   686  }
   687  
   688  // ClientConnPool manages a pool of HTTP/2 client connections.
   689  type http2ClientConnPool interface {
   690  	GetClientConn(req *Request, addr string) (*http2ClientConn, error)
   691  	MarkDead(*http2ClientConn)
   692  }
   693  
   694  // clientConnPoolIdleCloser is the interface implemented by ClientConnPool
   695  // implementations which can close their idle connections.
   696  type http2clientConnPoolIdleCloser interface {
   697  	http2ClientConnPool
   698  	closeIdleConnections()
   699  }
   700  
   701  var (
   702  	_ http2clientConnPoolIdleCloser = (*http2clientConnPool)(nil)
   703  	_ http2clientConnPoolIdleCloser = http2noDialClientConnPool{}
   704  )
   705  
   706  // TODO: use singleflight for dialing and addConnCalls?
   707  type http2clientConnPool struct {
   708  	t *http2Transport
   709  
   710  	mu sync.Mutex // TODO: maybe switch to RWMutex
   711  	// TODO: add support for sharing conns based on cert names
   712  	// (e.g. share conn for googleapis.com and appspot.com)
   713  	conns        map[string][]*http2ClientConn // key is host:port
   714  	dialing      map[string]*http2dialCall     // currently in-flight dials
   715  	keys         map[*http2ClientConn][]string
   716  	addConnCalls map[string]*http2addConnCall // in-flight addConnIfNeede calls
   717  }
   718  
   719  func (p *http2clientConnPool) GetClientConn(req *Request, addr string) (*http2ClientConn, error) {
   720  	return p.getClientConn(req, addr, http2dialOnMiss)
   721  }
   722  
   723  const (
   724  	http2dialOnMiss   = true
   725  	http2noDialOnMiss = false
   726  )
   727  
   728  // shouldTraceGetConn reports whether getClientConn should call any
   729  // ClientTrace.GetConn hook associated with the http.Request.
   730  //
   731  // This complexity is needed to avoid double calls of the GetConn hook
   732  // during the back-and-forth between net/http and x/net/http2 (when the
   733  // net/http.Transport is upgraded to also speak http2), as well as support
   734  // the case where x/net/http2 is being used directly.
   735  func (p *http2clientConnPool) shouldTraceGetConn(st http2clientConnIdleState) bool {
   736  	// If our Transport wasn't made via ConfigureTransport, always
   737  	// trace the GetConn hook if provided, because that means the
   738  	// http2 package is being used directly and it's the one
   739  	// dialing, as opposed to net/http.
   740  	if _, ok := p.t.ConnPool.(http2noDialClientConnPool); !ok {
   741  		return true
   742  	}
   743  	// Otherwise, only use the GetConn hook if this connection has
   744  	// been used previously for other requests. For fresh
   745  	// connections, the net/http package does the dialing.
   746  	return !st.freshConn
   747  }
   748  
   749  func (p *http2clientConnPool) getClientConn(req *Request, addr string, dialOnMiss bool) (*http2ClientConn, error) {
   750  	if http2isConnectionCloseRequest(req) && dialOnMiss {
   751  		// It gets its own connection.
   752  		http2traceGetConn(req, addr)
   753  		const singleUse = true
   754  		cc, err := p.t.dialClientConn(addr, singleUse)
   755  		if err != nil {
   756  			return nil, err
   757  		}
   758  		return cc, nil
   759  	}
   760  	p.mu.Lock()
   761  	for _, cc := range p.conns[addr] {
   762  		if st := cc.idleState(); st.canTakeNewRequest {
   763  			if p.shouldTraceGetConn(st) {
   764  				http2traceGetConn(req, addr)
   765  			}
   766  			p.mu.Unlock()
   767  			return cc, nil
   768  		}
   769  	}
   770  	if !dialOnMiss {
   771  		p.mu.Unlock()
   772  		return nil, http2ErrNoCachedConn
   773  	}
   774  	http2traceGetConn(req, addr)
   775  	call := p.getStartDialLocked(addr)
   776  	p.mu.Unlock()
   777  	<-call.done
   778  	return call.res, call.err
   779  }
   780  
   781  // dialCall is an in-flight Transport dial call to a host.
   782  type http2dialCall struct {
   783  	p    *http2clientConnPool
   784  	done chan struct{}    // closed when done
   785  	res  *http2ClientConn // valid after done is closed
   786  	err  error            // valid after done is closed
   787  }
   788  
   789  // requires p.mu is held.
   790  func (p *http2clientConnPool) getStartDialLocked(addr string) *http2dialCall {
   791  	if call, ok := p.dialing[addr]; ok {
   792  		// A dial is already in-flight. Don't start another.
   793  		return call
   794  	}
   795  	call := &http2dialCall{p: p, done: make(chan struct{})}
   796  	if p.dialing == nil {
   797  		p.dialing = make(map[string]*http2dialCall)
   798  	}
   799  	p.dialing[addr] = call
   800  	go call.dial(addr)
   801  	return call
   802  }
   803  
   804  // run in its own goroutine.
   805  func (c *http2dialCall) dial(addr string) {
   806  	const singleUse = false // shared conn
   807  	c.res, c.err = c.p.t.dialClientConn(addr, singleUse)
   808  	close(c.done)
   809  
   810  	c.p.mu.Lock()
   811  	delete(c.p.dialing, addr)
   812  	if c.err == nil {
   813  		c.p.addConnLocked(addr, c.res)
   814  	}
   815  	c.p.mu.Unlock()
   816  }
   817  
   818  // addConnIfNeeded makes a NewClientConn out of c if a connection for key doesn't
   819  // already exist. It coalesces concurrent calls with the same key.
   820  // This is used by the http1 Transport code when it creates a new connection. Because
   821  // the http1 Transport doesn't de-dup TCP dials to outbound hosts (because it doesn't know
   822  // the protocol), it can get into a situation where it has multiple TLS connections.
   823  // This code decides which ones live or die.
   824  // The return value used is whether c was used.
   825  // c is never closed.
   826  func (p *http2clientConnPool) addConnIfNeeded(key string, t *http2Transport, c *tls.Conn) (used bool, err error) {
   827  	p.mu.Lock()
   828  	for _, cc := range p.conns[key] {
   829  		if cc.CanTakeNewRequest() {
   830  			p.mu.Unlock()
   831  			return false, nil
   832  		}
   833  	}
   834  	call, dup := p.addConnCalls[key]
   835  	if !dup {
   836  		if p.addConnCalls == nil {
   837  			p.addConnCalls = make(map[string]*http2addConnCall)
   838  		}
   839  		call = &http2addConnCall{
   840  			p:    p,
   841  			done: make(chan struct{}),
   842  		}
   843  		p.addConnCalls[key] = call
   844  		go call.run(t, key, c)
   845  	}
   846  	p.mu.Unlock()
   847  
   848  	<-call.done
   849  	if call.err != nil {
   850  		return false, call.err
   851  	}
   852  	return !dup, nil
   853  }
   854  
   855  type http2addConnCall struct {
   856  	p    *http2clientConnPool
   857  	done chan struct{} // closed when done
   858  	err  error
   859  }
   860  
   861  func (c *http2addConnCall) run(t *http2Transport, key string, tc *tls.Conn) {
   862  	cc, err := t.NewClientConn(tc)
   863  
   864  	p := c.p
   865  	p.mu.Lock()
   866  	if err != nil {
   867  		c.err = err
   868  	} else {
   869  		p.addConnLocked(key, cc)
   870  	}
   871  	delete(p.addConnCalls, key)
   872  	p.mu.Unlock()
   873  	close(c.done)
   874  }
   875  
   876  func (p *http2clientConnPool) addConn(key string, cc *http2ClientConn) {
   877  	p.mu.Lock()
   878  	p.addConnLocked(key, cc)
   879  	p.mu.Unlock()
   880  }
   881  
   882  // p.mu must be held
   883  func (p *http2clientConnPool) addConnLocked(key string, cc *http2ClientConn) {
   884  	for _, v := range p.conns[key] {
   885  		if v == cc {
   886  			return
   887  		}
   888  	}
   889  	if p.conns == nil {
   890  		p.conns = make(map[string][]*http2ClientConn)
   891  	}
   892  	if p.keys == nil {
   893  		p.keys = make(map[*http2ClientConn][]string)
   894  	}
   895  	p.conns[key] = append(p.conns[key], cc)
   896  	p.keys[cc] = append(p.keys[cc], key)
   897  }
   898  
   899  func (p *http2clientConnPool) MarkDead(cc *http2ClientConn) {
   900  	p.mu.Lock()
   901  	defer p.mu.Unlock()
   902  	for _, key := range p.keys[cc] {
   903  		vv, ok := p.conns[key]
   904  		if !ok {
   905  			continue
   906  		}
   907  		newList := http2filterOutClientConn(vv, cc)
   908  		if len(newList) > 0 {
   909  			p.conns[key] = newList
   910  		} else {
   911  			delete(p.conns, key)
   912  		}
   913  	}
   914  	delete(p.keys, cc)
   915  }
   916  
   917  func (p *http2clientConnPool) closeIdleConnections() {
   918  	p.mu.Lock()
   919  	defer p.mu.Unlock()
   920  	// TODO: don't close a cc if it was just added to the pool
   921  	// milliseconds ago and has never been used. There's currently
   922  	// a small race window with the HTTP/1 Transport's integration
   923  	// where it can add an idle conn just before using it, and
   924  	// somebody else can concurrently call CloseIdleConns and
   925  	// break some caller's RoundTrip.
   926  	for _, vv := range p.conns {
   927  		for _, cc := range vv {
   928  			cc.closeIfIdle()
   929  		}
   930  	}
   931  }
   932  
   933  func http2filterOutClientConn(in []*http2ClientConn, exclude *http2ClientConn) []*http2ClientConn {
   934  	out := in[:0]
   935  	for _, v := range in {
   936  		if v != exclude {
   937  			out = append(out, v)
   938  		}
   939  	}
   940  	// If we filtered it out, zero out the last item to prevent
   941  	// the GC from seeing it.
   942  	if len(in) != len(out) {
   943  		in[len(in)-1] = nil
   944  	}
   945  	return out
   946  }
   947  
   948  // noDialClientConnPool is an implementation of http2.ClientConnPool
   949  // which never dials. We let the HTTP/1.1 client dial and use its TLS
   950  // connection instead.
   951  type http2noDialClientConnPool struct{ *http2clientConnPool }
   952  
   953  func (p http2noDialClientConnPool) GetClientConn(req *Request, addr string) (*http2ClientConn, error) {
   954  	return p.getClientConn(req, addr, http2noDialOnMiss)
   955  }
   956  
   957  // Buffer chunks are allocated from a pool to reduce pressure on GC.
   958  // The maximum wasted space per dataBuffer is 2x the largest size class,
   959  // which happens when the dataBuffer has multiple chunks and there is
   960  // one unread byte in both the first and last chunks. We use a few size
   961  // classes to minimize overheads for servers that typically receive very
   962  // small request bodies.
   963  //
   964  // TODO: Benchmark to determine if the pools are necessary. The GC may have
   965  // improved enough that we can instead allocate chunks like this:
   966  // make([]byte, max(16<<10, expectedBytesRemaining))
   967  var (
   968  	http2dataChunkSizeClasses = []int{
   969  		1 << 10,
   970  		2 << 10,
   971  		4 << 10,
   972  		8 << 10,
   973  		16 << 10,
   974  	}
   975  	http2dataChunkPools = [...]sync.Pool{
   976  		{New: func() interface{} { return make([]byte, 1<<10) }},
   977  		{New: func() interface{} { return make([]byte, 2<<10) }},
   978  		{New: func() interface{} { return make([]byte, 4<<10) }},
   979  		{New: func() interface{} { return make([]byte, 8<<10) }},
   980  		{New: func() interface{} { return make([]byte, 16<<10) }},
   981  	}
   982  )
   983  
   984  func http2getDataBufferChunk(size int64) []byte {
   985  	i := 0
   986  	for ; i < len(http2dataChunkSizeClasses)-1; i++ {
   987  		if size <= int64(http2dataChunkSizeClasses[i]) {
   988  			break
   989  		}
   990  	}
   991  	return http2dataChunkPools[i].Get().([]byte)
   992  }
   993  
   994  func http2putDataBufferChunk(p []byte) {
   995  	for i, n := range http2dataChunkSizeClasses {
   996  		if len(p) == n {
   997  			http2dataChunkPools[i].Put(p)
   998  			return
   999  		}
  1000  	}
  1001  	panic(fmt.Sprintf("unexpected buffer len=%v", len(p)))
  1002  }
  1003  
  1004  // dataBuffer is an io.ReadWriter backed by a list of data chunks.
  1005  // Each dataBuffer is used to read DATA frames on a single stream.
  1006  // The buffer is divided into chunks so the server can limit the
  1007  // total memory used by a single connection without limiting the
  1008  // request body size on any single stream.
  1009  type http2dataBuffer struct {
  1010  	chunks   [][]byte
  1011  	r        int   // next byte to read is chunks[0][r]
  1012  	w        int   // next byte to write is chunks[len(chunks)-1][w]
  1013  	size     int   // total buffered bytes
  1014  	expected int64 // we expect at least this many bytes in future Write calls (ignored if <= 0)
  1015  }
  1016  
  1017  var http2errReadEmpty = errors.New("read from empty dataBuffer")
  1018  
  1019  // Read copies bytes from the buffer into p.
  1020  // It is an error to read when no data is available.
  1021  func (b *http2dataBuffer) Read(p []byte) (int, error) {
  1022  	if b.size == 0 {
  1023  		return 0, http2errReadEmpty
  1024  	}
  1025  	var ntotal int
  1026  	for len(p) > 0 && b.size > 0 {
  1027  		readFrom := b.bytesFromFirstChunk()
  1028  		n := copy(p, readFrom)
  1029  		p = p[n:]
  1030  		ntotal += n
  1031  		b.r += n
  1032  		b.size -= n
  1033  		// If the first chunk has been consumed, advance to the next chunk.
  1034  		if b.r == len(b.chunks[0]) {
  1035  			http2putDataBufferChunk(b.chunks[0])
  1036  			end := len(b.chunks) - 1
  1037  			copy(b.chunks[:end], b.chunks[1:])
  1038  			b.chunks[end] = nil
  1039  			b.chunks = b.chunks[:end]
  1040  			b.r = 0
  1041  		}
  1042  	}
  1043  	return ntotal, nil
  1044  }
  1045  
  1046  func (b *http2dataBuffer) bytesFromFirstChunk() []byte {
  1047  	if len(b.chunks) == 1 {
  1048  		return b.chunks[0][b.r:b.w]
  1049  	}
  1050  	return b.chunks[0][b.r:]
  1051  }
  1052  
  1053  // Len returns the number of bytes of the unread portion of the buffer.
  1054  func (b *http2dataBuffer) Len() int {
  1055  	return b.size
  1056  }
  1057  
  1058  // Write appends p to the buffer.
  1059  func (b *http2dataBuffer) Write(p []byte) (int, error) {
  1060  	ntotal := len(p)
  1061  	for len(p) > 0 {
  1062  		// If the last chunk is empty, allocate a new chunk. Try to allocate
  1063  		// enough to fully copy p plus any additional bytes we expect to
  1064  		// receive. However, this may allocate less than len(p).
  1065  		want := int64(len(p))
  1066  		if b.expected > want {
  1067  			want = b.expected
  1068  		}
  1069  		chunk := b.lastChunkOrAlloc(want)
  1070  		n := copy(chunk[b.w:], p)
  1071  		p = p[n:]
  1072  		b.w += n
  1073  		b.size += n
  1074  		b.expected -= int64(n)
  1075  	}
  1076  	return ntotal, nil
  1077  }
  1078  
  1079  func (b *http2dataBuffer) lastChunkOrAlloc(want int64) []byte {
  1080  	if len(b.chunks) != 0 {
  1081  		last := b.chunks[len(b.chunks)-1]
  1082  		if b.w < len(last) {
  1083  			return last
  1084  		}
  1085  	}
  1086  	chunk := http2getDataBufferChunk(want)
  1087  	b.chunks = append(b.chunks, chunk)
  1088  	b.w = 0
  1089  	return chunk
  1090  }
  1091  
  1092  // An ErrCode is an unsigned 32-bit error code as defined in the HTTP/2 spec.
  1093  type http2ErrCode uint32
  1094  
  1095  const (
  1096  	http2ErrCodeNo                 http2ErrCode = 0x0
  1097  	http2ErrCodeProtocol           http2ErrCode = 0x1
  1098  	http2ErrCodeInternal           http2ErrCode = 0x2
  1099  	http2ErrCodeFlowControl        http2ErrCode = 0x3
  1100  	http2ErrCodeSettingsTimeout    http2ErrCode = 0x4
  1101  	http2ErrCodeStreamClosed       http2ErrCode = 0x5
  1102  	http2ErrCodeFrameSize          http2ErrCode = 0x6
  1103  	http2ErrCodeRefusedStream      http2ErrCode = 0x7
  1104  	http2ErrCodeCancel             http2ErrCode = 0x8
  1105  	http2ErrCodeCompression        http2ErrCode = 0x9
  1106  	http2ErrCodeConnect            http2ErrCode = 0xa
  1107  	http2ErrCodeEnhanceYourCalm    http2ErrCode = 0xb
  1108  	http2ErrCodeInadequateSecurity http2ErrCode = 0xc
  1109  	http2ErrCodeHTTP11Required     http2ErrCode = 0xd
  1110  )
  1111  
  1112  var http2errCodeName = map[http2ErrCode]string{
  1113  	http2ErrCodeNo:                 "NO_ERROR",
  1114  	http2ErrCodeProtocol:           "PROTOCOL_ERROR",
  1115  	http2ErrCodeInternal:           "INTERNAL_ERROR",
  1116  	http2ErrCodeFlowControl:        "FLOW_CONTROL_ERROR",
  1117  	http2ErrCodeSettingsTimeout:    "SETTINGS_TIMEOUT",
  1118  	http2ErrCodeStreamClosed:       "STREAM_CLOSED",
  1119  	http2ErrCodeFrameSize:          "FRAME_SIZE_ERROR",
  1120  	http2ErrCodeRefusedStream:      "REFUSED_STREAM",
  1121  	http2ErrCodeCancel:             "CANCEL",
  1122  	http2ErrCodeCompression:        "COMPRESSION_ERROR",
  1123  	http2ErrCodeConnect:            "CONNECT_ERROR",
  1124  	http2ErrCodeEnhanceYourCalm:    "ENHANCE_YOUR_CALM",
  1125  	http2ErrCodeInadequateSecurity: "INADEQUATE_SECURITY",
  1126  	http2ErrCodeHTTP11Required:     "HTTP_1_1_REQUIRED",
  1127  }
  1128  
  1129  func (e http2ErrCode) String() string {
  1130  	if s, ok := http2errCodeName[e]; ok {
  1131  		return s
  1132  	}
  1133  	return fmt.Sprintf("unknown error code 0x%x", uint32(e))
  1134  }
  1135  
  1136  // ConnectionError is an error that results in the termination of the
  1137  // entire connection.
  1138  type http2ConnectionError http2ErrCode
  1139  
  1140  func (e http2ConnectionError) Error() string {
  1141  	return fmt.Sprintf("connection error: %s", http2ErrCode(e))
  1142  }
  1143  
  1144  // StreamError is an error that only affects one stream within an
  1145  // HTTP/2 connection.
  1146  type http2StreamError struct {
  1147  	StreamID uint32
  1148  	Code     http2ErrCode
  1149  	Cause    error // optional additional detail
  1150  }
  1151  
  1152  func http2streamError(id uint32, code http2ErrCode) http2StreamError {
  1153  	return http2StreamError{StreamID: id, Code: code}
  1154  }
  1155  
  1156  func (e http2StreamError) Error() string {
  1157  	if e.Cause != nil {
  1158  		return fmt.Sprintf("stream error: stream ID %d; %v; %v", e.StreamID, e.Code, e.Cause)
  1159  	}
  1160  	return fmt.Sprintf("stream error: stream ID %d; %v", e.StreamID, e.Code)
  1161  }
  1162  
  1163  // 6.9.1 The Flow Control Window
  1164  // "If a sender receives a WINDOW_UPDATE that causes a flow control
  1165  // window to exceed this maximum it MUST terminate either the stream
  1166  // or the connection, as appropriate. For streams, [...]; for the
  1167  // connection, a GOAWAY frame with a FLOW_CONTROL_ERROR code."
  1168  type http2goAwayFlowError struct{}
  1169  
  1170  func (http2goAwayFlowError) Error() string { return "connection exceeded flow control window size" }
  1171  
  1172  // connError represents an HTTP/2 ConnectionError error code, along
  1173  // with a string (for debugging) explaining why.
  1174  //
  1175  // Errors of this type are only returned by the frame parser functions
  1176  // and converted into ConnectionError(Code), after stashing away
  1177  // the Reason into the Framer's errDetail field, accessible via
  1178  // the (*Framer).ErrorDetail method.
  1179  type http2connError struct {
  1180  	Code   http2ErrCode // the ConnectionError error code
  1181  	Reason string       // additional reason
  1182  }
  1183  
  1184  func (e http2connError) Error() string {
  1185  	return fmt.Sprintf("http2: connection error: %v: %v", e.Code, e.Reason)
  1186  }
  1187  
  1188  type http2pseudoHeaderError string
  1189  
  1190  func (e http2pseudoHeaderError) Error() string {
  1191  	return fmt.Sprintf("invalid pseudo-header %q", string(e))
  1192  }
  1193  
  1194  type http2duplicatePseudoHeaderError string
  1195  
  1196  func (e http2duplicatePseudoHeaderError) Error() string {
  1197  	return fmt.Sprintf("duplicate pseudo-header %q", string(e))
  1198  }
  1199  
  1200  type http2headerFieldNameError string
  1201  
  1202  func (e http2headerFieldNameError) Error() string {
  1203  	return fmt.Sprintf("invalid header field name %q", string(e))
  1204  }
  1205  
  1206  type http2headerFieldValueError string
  1207  
  1208  func (e http2headerFieldValueError) Error() string {
  1209  	return fmt.Sprintf("invalid header field value %q", string(e))
  1210  }
  1211  
  1212  var (
  1213  	http2errMixPseudoHeaderTypes = errors.New("mix of request and response pseudo headers")
  1214  	http2errPseudoAfterRegular   = errors.New("pseudo header field after regular")
  1215  )
  1216  
  1217  // flow is the flow control window's size.
  1218  type http2flow struct {
  1219  	// n is the number of DATA bytes we're allowed to send.
  1220  	// A flow is kept both on a conn and a per-stream.
  1221  	n int32
  1222  
  1223  	// conn points to the shared connection-level flow that is
  1224  	// shared by all streams on that conn. It is nil for the flow
  1225  	// that's on the conn directly.
  1226  	conn *http2flow
  1227  }
  1228  
  1229  func (f *http2flow) setConnFlow(cf *http2flow) { f.conn = cf }
  1230  
  1231  func (f *http2flow) available() int32 {
  1232  	n := f.n
  1233  	if f.conn != nil && f.conn.n < n {
  1234  		n = f.conn.n
  1235  	}
  1236  	return n
  1237  }
  1238  
  1239  func (f *http2flow) take(n int32) {
  1240  	if n > f.available() {
  1241  		panic("internal error: took too much")
  1242  	}
  1243  	f.n -= n
  1244  	if f.conn != nil {
  1245  		f.conn.n -= n
  1246  	}
  1247  }
  1248  
  1249  // add adds n bytes (positive or negative) to the flow control window.
  1250  // It returns false if the sum would exceed 2^31-1.
  1251  func (f *http2flow) add(n int32) bool {
  1252  	sum := f.n + n
  1253  	if (sum > n) == (f.n > 0) {
  1254  		f.n = sum
  1255  		return true
  1256  	}
  1257  	return false
  1258  }
  1259  
  1260  const http2frameHeaderLen = 9
  1261  
  1262  var http2padZeros = make([]byte, 255) // zeros for padding
  1263  
  1264  // A FrameType is a registered frame type as defined in
  1265  // http://http2.github.io/http2-spec/#rfc.section.11.2
  1266  type http2FrameType uint8
  1267  
  1268  const (
  1269  	http2FrameData         http2FrameType = 0x0
  1270  	http2FrameHeaders      http2FrameType = 0x1
  1271  	http2FramePriority     http2FrameType = 0x2
  1272  	http2FrameRSTStream    http2FrameType = 0x3
  1273  	http2FrameSettings     http2FrameType = 0x4
  1274  	http2FramePushPromise  http2FrameType = 0x5
  1275  	http2FramePing         http2FrameType = 0x6
  1276  	http2FrameGoAway       http2FrameType = 0x7
  1277  	http2FrameWindowUpdate http2FrameType = 0x8
  1278  	http2FrameContinuation http2FrameType = 0x9
  1279  )
  1280  
  1281  var http2frameName = map[http2FrameType]string{
  1282  	http2FrameData:         "DATA",
  1283  	http2FrameHeaders:      "HEADERS",
  1284  	http2FramePriority:     "PRIORITY",
  1285  	http2FrameRSTStream:    "RST_STREAM",
  1286  	http2FrameSettings:     "SETTINGS",
  1287  	http2FramePushPromise:  "PUSH_PROMISE",
  1288  	http2FramePing:         "PING",
  1289  	http2FrameGoAway:       "GOAWAY",
  1290  	http2FrameWindowUpdate: "WINDOW_UPDATE",
  1291  	http2FrameContinuation: "CONTINUATION",
  1292  }
  1293  
  1294  func (t http2FrameType) String() string {
  1295  	if s, ok := http2frameName[t]; ok {
  1296  		return s
  1297  	}
  1298  	return fmt.Sprintf("UNKNOWN_FRAME_TYPE_%d", uint8(t))
  1299  }
  1300  
  1301  // Flags is a bitmask of HTTP/2 flags.
  1302  // The meaning of flags varies depending on the frame type.
  1303  type http2Flags uint8
  1304  
  1305  // Has reports whether f contains all (0 or more) flags in v.
  1306  func (f http2Flags) Has(v http2Flags) bool {
  1307  	return (f & v) == v
  1308  }
  1309  
  1310  // Frame-specific FrameHeader flag bits.
  1311  const (
  1312  	// Data Frame
  1313  	http2FlagDataEndStream http2Flags = 0x1
  1314  	http2FlagDataPadded    http2Flags = 0x8
  1315  
  1316  	// Headers Frame
  1317  	http2FlagHeadersEndStream  http2Flags = 0x1
  1318  	http2FlagHeadersEndHeaders http2Flags = 0x4
  1319  	http2FlagHeadersPadded     http2Flags = 0x8
  1320  	http2FlagHeadersPriority   http2Flags = 0x20
  1321  
  1322  	// Settings Frame
  1323  	http2FlagSettingsAck http2Flags = 0x1
  1324  
  1325  	// Ping Frame
  1326  	http2FlagPingAck http2Flags = 0x1
  1327  
  1328  	// Continuation Frame
  1329  	http2FlagContinuationEndHeaders http2Flags = 0x4
  1330  
  1331  	http2FlagPushPromiseEndHeaders http2Flags = 0x4
  1332  	http2FlagPushPromisePadded     http2Flags = 0x8
  1333  )
  1334  
  1335  var http2flagName = map[http2FrameType]map[http2Flags]string{
  1336  	http2FrameData: {
  1337  		http2FlagDataEndStream: "END_STREAM",
  1338  		http2FlagDataPadded:    "PADDED",
  1339  	},
  1340  	http2FrameHeaders: {
  1341  		http2FlagHeadersEndStream:  "END_STREAM",
  1342  		http2FlagHeadersEndHeaders: "END_HEADERS",
  1343  		http2FlagHeadersPadded:     "PADDED",
  1344  		http2FlagHeadersPriority:   "PRIORITY",
  1345  	},
  1346  	http2FrameSettings: {
  1347  		http2FlagSettingsAck: "ACK",
  1348  	},
  1349  	http2FramePing: {
  1350  		http2FlagPingAck: "ACK",
  1351  	},
  1352  	http2FrameContinuation: {
  1353  		http2FlagContinuationEndHeaders: "END_HEADERS",
  1354  	},
  1355  	http2FramePushPromise: {
  1356  		http2FlagPushPromiseEndHeaders: "END_HEADERS",
  1357  		http2FlagPushPromisePadded:     "PADDED",
  1358  	},
  1359  }
  1360  
  1361  // a frameParser parses a frame given its FrameHeader and payload
  1362  // bytes. The length of payload will always equal fh.Length (which
  1363  // might be 0).
  1364  type http2frameParser func(fc *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error)
  1365  
  1366  var http2frameParsers = map[http2FrameType]http2frameParser{
  1367  	http2FrameData:         http2parseDataFrame,
  1368  	http2FrameHeaders:      http2parseHeadersFrame,
  1369  	http2FramePriority:     http2parsePriorityFrame,
  1370  	http2FrameRSTStream:    http2parseRSTStreamFrame,
  1371  	http2FrameSettings:     http2parseSettingsFrame,
  1372  	http2FramePushPromise:  http2parsePushPromise,
  1373  	http2FramePing:         http2parsePingFrame,
  1374  	http2FrameGoAway:       http2parseGoAwayFrame,
  1375  	http2FrameWindowUpdate: http2parseWindowUpdateFrame,
  1376  	http2FrameContinuation: http2parseContinuationFrame,
  1377  }
  1378  
  1379  func http2typeFrameParser(t http2FrameType) http2frameParser {
  1380  	if f := http2frameParsers[t]; f != nil {
  1381  		return f
  1382  	}
  1383  	return http2parseUnknownFrame
  1384  }
  1385  
  1386  // A FrameHeader is the 9 byte header of all HTTP/2 frames.
  1387  //
  1388  // See http://http2.github.io/http2-spec/#FrameHeader
  1389  type http2FrameHeader struct {
  1390  	valid bool // caller can access []byte fields in the Frame
  1391  
  1392  	// Type is the 1 byte frame type. There are ten standard frame
  1393  	// types, but extension frame types may be written by WriteRawFrame
  1394  	// and will be returned by ReadFrame (as UnknownFrame).
  1395  	Type http2FrameType
  1396  
  1397  	// Flags are the 1 byte of 8 potential bit flags per frame.
  1398  	// They are specific to the frame type.
  1399  	Flags http2Flags
  1400  
  1401  	// Length is the length of the frame, not including the 9 byte header.
  1402  	// The maximum size is one byte less than 16MB (uint24), but only
  1403  	// frames up to 16KB are allowed without peer agreement.
  1404  	Length uint32
  1405  
  1406  	// StreamID is which stream this frame is for. Certain frames
  1407  	// are not stream-specific, in which case this field is 0.
  1408  	StreamID uint32
  1409  }
  1410  
  1411  // Header returns h. It exists so FrameHeaders can be embedded in other
  1412  // specific frame types and implement the Frame interface.
  1413  func (h http2FrameHeader) Header() http2FrameHeader { return h }
  1414  
  1415  func (h http2FrameHeader) String() string {
  1416  	var buf bytes.Buffer
  1417  	buf.WriteString("[FrameHeader ")
  1418  	h.writeDebug(&buf)
  1419  	buf.WriteByte(']')
  1420  	return buf.String()
  1421  }
  1422  
  1423  func (h http2FrameHeader) writeDebug(buf *bytes.Buffer) {
  1424  	buf.WriteString(h.Type.String())
  1425  	if h.Flags != 0 {
  1426  		buf.WriteString(" flags=")
  1427  		set := 0
  1428  		for i := uint8(0); i < 8; i++ {
  1429  			if h.Flags&(1<<i) == 0 {
  1430  				continue
  1431  			}
  1432  			set++
  1433  			if set > 1 {
  1434  				buf.WriteByte('|')
  1435  			}
  1436  			name := http2flagName[h.Type][http2Flags(1<<i)]
  1437  			if name != "" {
  1438  				buf.WriteString(name)
  1439  			} else {
  1440  				fmt.Fprintf(buf, "0x%x", 1<<i)
  1441  			}
  1442  		}
  1443  	}
  1444  	if h.StreamID != 0 {
  1445  		fmt.Fprintf(buf, " stream=%d", h.StreamID)
  1446  	}
  1447  	fmt.Fprintf(buf, " len=%d", h.Length)
  1448  }
  1449  
  1450  func (h *http2FrameHeader) checkValid() {
  1451  	if !h.valid {
  1452  		panic("Frame accessor called on non-owned Frame")
  1453  	}
  1454  }
  1455  
  1456  func (h *http2FrameHeader) invalidate() { h.valid = false }
  1457  
  1458  // frame header bytes.
  1459  // Used only by ReadFrameHeader.
  1460  var http2fhBytes = sync.Pool{
  1461  	New: func() interface{} {
  1462  		buf := make([]byte, http2frameHeaderLen)
  1463  		return &buf
  1464  	},
  1465  }
  1466  
  1467  // ReadFrameHeader reads 9 bytes from r and returns a FrameHeader.
  1468  // Most users should use Framer.ReadFrame instead.
  1469  func http2ReadFrameHeader(r io.Reader) (http2FrameHeader, error) {
  1470  	bufp := http2fhBytes.Get().(*[]byte)
  1471  	defer http2fhBytes.Put(bufp)
  1472  	return http2readFrameHeader(*bufp, r)
  1473  }
  1474  
  1475  func http2readFrameHeader(buf []byte, r io.Reader) (http2FrameHeader, error) {
  1476  	_, err := io.ReadFull(r, buf[:http2frameHeaderLen])
  1477  	if err != nil {
  1478  		return http2FrameHeader{}, err
  1479  	}
  1480  	return http2FrameHeader{
  1481  		Length:   (uint32(buf[0])<<16 | uint32(buf[1])<<8 | uint32(buf[2])),
  1482  		Type:     http2FrameType(buf[3]),
  1483  		Flags:    http2Flags(buf[4]),
  1484  		StreamID: binary.BigEndian.Uint32(buf[5:]) & (1<<31 - 1),
  1485  		valid:    true,
  1486  	}, nil
  1487  }
  1488  
  1489  // A Frame is the base interface implemented by all frame types.
  1490  // Callers will generally type-assert the specific frame type:
  1491  // *HeadersFrame, *SettingsFrame, *WindowUpdateFrame, etc.
  1492  //
  1493  // Frames are only valid until the next call to Framer.ReadFrame.
  1494  type http2Frame interface {
  1495  	Header() http2FrameHeader
  1496  
  1497  	// invalidate is called by Framer.ReadFrame to make this
  1498  	// frame's buffers as being invalid, since the subsequent
  1499  	// frame will reuse them.
  1500  	invalidate()
  1501  }
  1502  
  1503  // A Framer reads and writes Frames.
  1504  type http2Framer struct {
  1505  	r         io.Reader
  1506  	lastFrame http2Frame
  1507  	errDetail error
  1508  
  1509  	// lastHeaderStream is non-zero if the last frame was an
  1510  	// unfinished HEADERS/CONTINUATION.
  1511  	lastHeaderStream uint32
  1512  
  1513  	maxReadSize uint32
  1514  	headerBuf   [http2frameHeaderLen]byte
  1515  
  1516  	// TODO: let getReadBuf be configurable, and use a less memory-pinning
  1517  	// allocator in server.go to minimize memory pinned for many idle conns.
  1518  	// Will probably also need to make frame invalidation have a hook too.
  1519  	getReadBuf func(size uint32) []byte
  1520  	readBuf    []byte // cache for default getReadBuf
  1521  
  1522  	maxWriteSize uint32 // zero means unlimited; TODO: implement
  1523  
  1524  	w    io.Writer
  1525  	wbuf []byte
  1526  
  1527  	// AllowIllegalWrites permits the Framer's Write methods to
  1528  	// write frames that do not conform to the HTTP/2 spec. This
  1529  	// permits using the Framer to test other HTTP/2
  1530  	// implementations' conformance to the spec.
  1531  	// If false, the Write methods will prefer to return an error
  1532  	// rather than comply.
  1533  	AllowIllegalWrites bool
  1534  
  1535  	// AllowIllegalReads permits the Framer's ReadFrame method
  1536  	// to return non-compliant frames or frame orders.
  1537  	// This is for testing and permits using the Framer to test
  1538  	// other HTTP/2 implementations' conformance to the spec.
  1539  	// It is not compatible with ReadMetaHeaders.
  1540  	AllowIllegalReads bool
  1541  
  1542  	// ReadMetaHeaders if non-nil causes ReadFrame to merge
  1543  	// HEADERS and CONTINUATION frames together and return
  1544  	// MetaHeadersFrame instead.
  1545  	ReadMetaHeaders *hpack.Decoder
  1546  
  1547  	// MaxHeaderListSize is the http2 MAX_HEADER_LIST_SIZE.
  1548  	// It's used only if ReadMetaHeaders is set; 0 means a sane default
  1549  	// (currently 16MB)
  1550  	// If the limit is hit, MetaHeadersFrame.Truncated is set true.
  1551  	MaxHeaderListSize uint32
  1552  
  1553  	// TODO: track which type of frame & with which flags was sent
  1554  	// last. Then return an error (unless AllowIllegalWrites) if
  1555  	// we're in the middle of a header block and a
  1556  	// non-Continuation or Continuation on a different stream is
  1557  	// attempted to be written.
  1558  
  1559  	logReads, logWrites bool
  1560  
  1561  	debugFramer       *http2Framer // only use for logging written writes
  1562  	debugFramerBuf    *bytes.Buffer
  1563  	debugReadLoggerf  func(string, ...interface{})
  1564  	debugWriteLoggerf func(string, ...interface{})
  1565  
  1566  	frameCache *http2frameCache // nil if frames aren't reused (default)
  1567  }
  1568  
  1569  func (fr *http2Framer) maxHeaderListSize() uint32 {
  1570  	if fr.MaxHeaderListSize == 0 {
  1571  		return 16 << 20 // sane default, per docs
  1572  	}
  1573  	return fr.MaxHeaderListSize
  1574  }
  1575  
  1576  func (f *http2Framer) startWrite(ftype http2FrameType, flags http2Flags, streamID uint32) {
  1577  	// Write the FrameHeader.
  1578  	f.wbuf = append(f.wbuf[:0],
  1579  		0, // 3 bytes of length, filled in in endWrite
  1580  		0,
  1581  		0,
  1582  		byte(ftype),
  1583  		byte(flags),
  1584  		byte(streamID>>24),
  1585  		byte(streamID>>16),
  1586  		byte(streamID>>8),
  1587  		byte(streamID))
  1588  }
  1589  
  1590  func (f *http2Framer) endWrite() error {
  1591  	// Now that we know the final size, fill in the FrameHeader in
  1592  	// the space previously reserved for it. Abuse append.
  1593  	length := len(f.wbuf) - http2frameHeaderLen
  1594  	if length >= (1 << 24) {
  1595  		return http2ErrFrameTooLarge
  1596  	}
  1597  	_ = append(f.wbuf[:0],
  1598  		byte(length>>16),
  1599  		byte(length>>8),
  1600  		byte(length))
  1601  	if f.logWrites {
  1602  		f.logWrite()
  1603  	}
  1604  
  1605  	n, err := f.w.Write(f.wbuf)
  1606  	if err == nil && n != len(f.wbuf) {
  1607  		err = io.ErrShortWrite
  1608  	}
  1609  	return err
  1610  }
  1611  
  1612  func (f *http2Framer) logWrite() {
  1613  	if f.debugFramer == nil {
  1614  		f.debugFramerBuf = new(bytes.Buffer)
  1615  		f.debugFramer = http2NewFramer(nil, f.debugFramerBuf)
  1616  		f.debugFramer.logReads = false // we log it ourselves, saying "wrote" below
  1617  		// Let us read anything, even if we accidentally wrote it
  1618  		// in the wrong order:
  1619  		f.debugFramer.AllowIllegalReads = true
  1620  	}
  1621  	f.debugFramerBuf.Write(f.wbuf)
  1622  	fr, err := f.debugFramer.ReadFrame()
  1623  	if err != nil {
  1624  		f.debugWriteLoggerf("http2: Framer %p: failed to decode just-written frame", f)
  1625  		return
  1626  	}
  1627  	f.debugWriteLoggerf("http2: Framer %p: wrote %v", f, http2summarizeFrame(fr))
  1628  }
  1629  
  1630  func (f *http2Framer) writeByte(v byte) { f.wbuf = append(f.wbuf, v) }
  1631  
  1632  func (f *http2Framer) writeBytes(v []byte) { f.wbuf = append(f.wbuf, v...) }
  1633  
  1634  func (f *http2Framer) writeUint16(v uint16) { f.wbuf = append(f.wbuf, byte(v>>8), byte(v)) }
  1635  
  1636  func (f *http2Framer) writeUint32(v uint32) {
  1637  	f.wbuf = append(f.wbuf, byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
  1638  }
  1639  
  1640  const (
  1641  	http2minMaxFrameSize = 1 << 14
  1642  	http2maxFrameSize    = 1<<24 - 1
  1643  )
  1644  
  1645  // SetReuseFrames allows the Framer to reuse Frames.
  1646  // If called on a Framer, Frames returned by calls to ReadFrame are only
  1647  // valid until the next call to ReadFrame.
  1648  func (fr *http2Framer) SetReuseFrames() {
  1649  	if fr.frameCache != nil {
  1650  		return
  1651  	}
  1652  	fr.frameCache = &http2frameCache{}
  1653  }
  1654  
  1655  type http2frameCache struct {
  1656  	dataFrame http2DataFrame
  1657  }
  1658  
  1659  func (fc *http2frameCache) getDataFrame() *http2DataFrame {
  1660  	if fc == nil {
  1661  		return &http2DataFrame{}
  1662  	}
  1663  	return &fc.dataFrame
  1664  }
  1665  
  1666  // NewFramer returns a Framer that writes frames to w and reads them from r.
  1667  func http2NewFramer(w io.Writer, r io.Reader) *http2Framer {
  1668  	fr := &http2Framer{
  1669  		w:                 w,
  1670  		r:                 r,
  1671  		logReads:          http2logFrameReads,
  1672  		logWrites:         http2logFrameWrites,
  1673  		debugReadLoggerf:  log.Printf,
  1674  		debugWriteLoggerf: log.Printf,
  1675  	}
  1676  	fr.getReadBuf = func(size uint32) []byte {
  1677  		if cap(fr.readBuf) >= int(size) {
  1678  			return fr.readBuf[:size]
  1679  		}
  1680  		fr.readBuf = make([]byte, size)
  1681  		return fr.readBuf
  1682  	}
  1683  	fr.SetMaxReadFrameSize(http2maxFrameSize)
  1684  	return fr
  1685  }
  1686  
  1687  // SetMaxReadFrameSize sets the maximum size of a frame
  1688  // that will be read by a subsequent call to ReadFrame.
  1689  // It is the caller's responsibility to advertise this
  1690  // limit with a SETTINGS frame.
  1691  func (fr *http2Framer) SetMaxReadFrameSize(v uint32) {
  1692  	if v > http2maxFrameSize {
  1693  		v = http2maxFrameSize
  1694  	}
  1695  	fr.maxReadSize = v
  1696  }
  1697  
  1698  // ErrorDetail returns a more detailed error of the last error
  1699  // returned by Framer.ReadFrame. For instance, if ReadFrame
  1700  // returns a StreamError with code PROTOCOL_ERROR, ErrorDetail
  1701  // will say exactly what was invalid. ErrorDetail is not guaranteed
  1702  // to return a non-nil value and like the rest of the http2 package,
  1703  // its return value is not protected by an API compatibility promise.
  1704  // ErrorDetail is reset after the next call to ReadFrame.
  1705  func (fr *http2Framer) ErrorDetail() error {
  1706  	return fr.errDetail
  1707  }
  1708  
  1709  // ErrFrameTooLarge is returned from Framer.ReadFrame when the peer
  1710  // sends a frame that is larger than declared with SetMaxReadFrameSize.
  1711  var http2ErrFrameTooLarge = errors.New("http2: frame too large")
  1712  
  1713  // terminalReadFrameError reports whether err is an unrecoverable
  1714  // error from ReadFrame and no other frames should be read.
  1715  func http2terminalReadFrameError(err error) bool {
  1716  	if _, ok := err.(http2StreamError); ok {
  1717  		return false
  1718  	}
  1719  	return err != nil
  1720  }
  1721  
  1722  // ReadFrame reads a single frame. The returned Frame is only valid
  1723  // until the next call to ReadFrame.
  1724  //
  1725  // If the frame is larger than previously set with SetMaxReadFrameSize, the
  1726  // returned error is ErrFrameTooLarge. Other errors may be of type
  1727  // ConnectionError, StreamError, or anything else from the underlying
  1728  // reader.
  1729  func (fr *http2Framer) ReadFrame() (http2Frame, error) {
  1730  	fr.errDetail = nil
  1731  	if fr.lastFrame != nil {
  1732  		fr.lastFrame.invalidate()
  1733  	}
  1734  	fh, err := http2readFrameHeader(fr.headerBuf[:], fr.r)
  1735  	if err != nil {
  1736  		return nil, err
  1737  	}
  1738  	if fh.Length > fr.maxReadSize {
  1739  		return nil, http2ErrFrameTooLarge
  1740  	}
  1741  	payload := fr.getReadBuf(fh.Length)
  1742  	if _, err := io.ReadFull(fr.r, payload); err != nil {
  1743  		return nil, err
  1744  	}
  1745  	f, err := http2typeFrameParser(fh.Type)(fr.frameCache, fh, payload)
  1746  	if err != nil {
  1747  		if ce, ok := err.(http2connError); ok {
  1748  			return nil, fr.connError(ce.Code, ce.Reason)
  1749  		}
  1750  		return nil, err
  1751  	}
  1752  	if err := fr.checkFrameOrder(f); err != nil {
  1753  		return nil, err
  1754  	}
  1755  	if fr.logReads {
  1756  		fr.debugReadLoggerf("http2: Framer %p: read %v", fr, http2summarizeFrame(f))
  1757  	}
  1758  	if fh.Type == http2FrameHeaders && fr.ReadMetaHeaders != nil {
  1759  		return fr.readMetaFrame(f.(*http2HeadersFrame))
  1760  	}
  1761  	return f, nil
  1762  }
  1763  
  1764  // connError returns ConnectionError(code) but first
  1765  // stashes away a public reason to the caller can optionally relay it
  1766  // to the peer before hanging up on them. This might help others debug
  1767  // their implementations.
  1768  func (fr *http2Framer) connError(code http2ErrCode, reason string) error {
  1769  	fr.errDetail = errors.New(reason)
  1770  	return http2ConnectionError(code)
  1771  }
  1772  
  1773  // checkFrameOrder reports an error if f is an invalid frame to return
  1774  // next from ReadFrame. Mostly it checks whether HEADERS and
  1775  // CONTINUATION frames are contiguous.
  1776  func (fr *http2Framer) checkFrameOrder(f http2Frame) error {
  1777  	last := fr.lastFrame
  1778  	fr.lastFrame = f
  1779  	if fr.AllowIllegalReads {
  1780  		return nil
  1781  	}
  1782  
  1783  	fh := f.Header()
  1784  	if fr.lastHeaderStream != 0 {
  1785  		if fh.Type != http2FrameContinuation {
  1786  			return fr.connError(http2ErrCodeProtocol,
  1787  				fmt.Sprintf("got %s for stream %d; expected CONTINUATION following %s for stream %d",
  1788  					fh.Type, fh.StreamID,
  1789  					last.Header().Type, fr.lastHeaderStream))
  1790  		}
  1791  		if fh.StreamID != fr.lastHeaderStream {
  1792  			return fr.connError(http2ErrCodeProtocol,
  1793  				fmt.Sprintf("got CONTINUATION for stream %d; expected stream %d",
  1794  					fh.StreamID, fr.lastHeaderStream))
  1795  		}
  1796  	} else if fh.Type == http2FrameContinuation {
  1797  		return fr.connError(http2ErrCodeProtocol, fmt.Sprintf("unexpected CONTINUATION for stream %d", fh.StreamID))
  1798  	}
  1799  
  1800  	switch fh.Type {
  1801  	case http2FrameHeaders, http2FrameContinuation:
  1802  		if fh.Flags.Has(http2FlagHeadersEndHeaders) {
  1803  			fr.lastHeaderStream = 0
  1804  		} else {
  1805  			fr.lastHeaderStream = fh.StreamID
  1806  		}
  1807  	}
  1808  
  1809  	return nil
  1810  }
  1811  
  1812  // A DataFrame conveys arbitrary, variable-length sequences of octets
  1813  // associated with a stream.
  1814  // See http://http2.github.io/http2-spec/#rfc.section.6.1
  1815  type http2DataFrame struct {
  1816  	http2FrameHeader
  1817  	data []byte
  1818  }
  1819  
  1820  func (f *http2DataFrame) StreamEnded() bool {
  1821  	return f.http2FrameHeader.Flags.Has(http2FlagDataEndStream)
  1822  }
  1823  
  1824  // Data returns the frame's data octets, not including any padding
  1825  // size byte or padding suffix bytes.
  1826  // The caller must not retain the returned memory past the next
  1827  // call to ReadFrame.
  1828  func (f *http2DataFrame) Data() []byte {
  1829  	f.checkValid()
  1830  	return f.data
  1831  }
  1832  
  1833  func http2parseDataFrame(fc *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) {
  1834  	if fh.StreamID == 0 {
  1835  		// DATA frames MUST be associated with a stream. If a
  1836  		// DATA frame is received whose stream identifier
  1837  		// field is 0x0, the recipient MUST respond with a
  1838  		// connection error (Section 5.4.1) of type
  1839  		// PROTOCOL_ERROR.
  1840  		return nil, http2connError{http2ErrCodeProtocol, "DATA frame with stream ID 0"}
  1841  	}
  1842  	f := fc.getDataFrame()
  1843  	f.http2FrameHeader = fh
  1844  
  1845  	var padSize byte
  1846  	if fh.Flags.Has(http2FlagDataPadded) {
  1847  		var err error
  1848  		payload, padSize, err = http2readByte(payload)
  1849  		if err != nil {
  1850  			return nil, err
  1851  		}
  1852  	}
  1853  	if int(padSize) > len(payload) {
  1854  		// If the length of the padding is greater than the
  1855  		// length of the frame payload, the recipient MUST
  1856  		// treat this as a connection error.
  1857  		// Filed: https://github.com/http2/http2-spec/issues/610
  1858  		return nil, http2connError{http2ErrCodeProtocol, "pad size larger than data payload"}
  1859  	}
  1860  	f.data = payload[:len(payload)-int(padSize)]
  1861  	return f, nil
  1862  }
  1863  
  1864  var (
  1865  	http2errStreamID    = errors.New("invalid stream ID")
  1866  	http2errDepStreamID = errors.New("invalid dependent stream ID")
  1867  	http2errPadLength   = errors.New("pad length too large")
  1868  	http2errPadBytes    = errors.New("padding bytes must all be zeros unless AllowIllegalWrites is enabled")
  1869  )
  1870  
  1871  func http2validStreamIDOrZero(streamID uint32) bool {
  1872  	return streamID&(1<<31) == 0
  1873  }
  1874  
  1875  func http2validStreamID(streamID uint32) bool {
  1876  	return streamID != 0 && streamID&(1<<31) == 0
  1877  }
  1878  
  1879  // WriteData writes a DATA frame.
  1880  //
  1881  // It will perform exactly one Write to the underlying Writer.
  1882  // It is the caller's responsibility not to violate the maximum frame size
  1883  // and to not call other Write methods concurrently.
  1884  func (f *http2Framer) WriteData(streamID uint32, endStream bool, data []byte) error {
  1885  	return f.WriteDataPadded(streamID, endStream, data, nil)
  1886  }
  1887  
  1888  // WriteData writes a DATA frame with optional padding.
  1889  //
  1890  // If pad is nil, the padding bit is not sent.
  1891  // The length of pad must not exceed 255 bytes.
  1892  // The bytes of pad must all be zero, unless f.AllowIllegalWrites is set.
  1893  //
  1894  // It will perform exactly one Write to the underlying Writer.
  1895  // It is the caller's responsibility not to violate the maximum frame size
  1896  // and to not call other Write methods concurrently.
  1897  func (f *http2Framer) WriteDataPadded(streamID uint32, endStream bool, data, pad []byte) error {
  1898  	if !http2validStreamID(streamID) && !f.AllowIllegalWrites {
  1899  		return http2errStreamID
  1900  	}
  1901  	if len(pad) > 0 {
  1902  		if len(pad) > 255 {
  1903  			return http2errPadLength
  1904  		}
  1905  		if !f.AllowIllegalWrites {
  1906  			for _, b := range pad {
  1907  				if b != 0 {
  1908  					// "Padding octets MUST be set to zero when sending."
  1909  					return http2errPadBytes
  1910  				}
  1911  			}
  1912  		}
  1913  	}
  1914  	var flags http2Flags
  1915  	if endStream {
  1916  		flags |= http2FlagDataEndStream
  1917  	}
  1918  	if pad != nil {
  1919  		flags |= http2FlagDataPadded
  1920  	}
  1921  	f.startWrite(http2FrameData, flags, streamID)
  1922  	if pad != nil {
  1923  		f.wbuf = append(f.wbuf, byte(len(pad)))
  1924  	}
  1925  	f.wbuf = append(f.wbuf, data...)
  1926  	f.wbuf = append(f.wbuf, pad...)
  1927  	return f.endWrite()
  1928  }
  1929  
  1930  // A SettingsFrame conveys configuration parameters that affect how
  1931  // endpoints communicate, such as preferences and constraints on peer
  1932  // behavior.
  1933  //
  1934  // See http://http2.github.io/http2-spec/#SETTINGS
  1935  type http2SettingsFrame struct {
  1936  	http2FrameHeader
  1937  	p []byte
  1938  }
  1939  
  1940  func http2parseSettingsFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) {
  1941  	if fh.Flags.Has(http2FlagSettingsAck) && fh.Length > 0 {
  1942  		// When this (ACK 0x1) bit is set, the payload of the
  1943  		// SETTINGS frame MUST be empty. Receipt of a
  1944  		// SETTINGS frame with the ACK flag set and a length
  1945  		// field value other than 0 MUST be treated as a
  1946  		// connection error (Section 5.4.1) of type
  1947  		// FRAME_SIZE_ERROR.
  1948  		return nil, http2ConnectionError(http2ErrCodeFrameSize)
  1949  	}
  1950  	if fh.StreamID != 0 {
  1951  		// SETTINGS frames always apply to a connection,
  1952  		// never a single stream. The stream identifier for a
  1953  		// SETTINGS frame MUST be zero (0x0).  If an endpoint
  1954  		// receives a SETTINGS frame whose stream identifier
  1955  		// field is anything other than 0x0, the endpoint MUST
  1956  		// respond with a connection error (Section 5.4.1) of
  1957  		// type PROTOCOL_ERROR.
  1958  		return nil, http2ConnectionError(http2ErrCodeProtocol)
  1959  	}
  1960  	if len(p)%6 != 0 {
  1961  		// Expecting even number of 6 byte settings.
  1962  		return nil, http2ConnectionError(http2ErrCodeFrameSize)
  1963  	}
  1964  	f := &http2SettingsFrame{http2FrameHeader: fh, p: p}
  1965  	if v, ok := f.Value(http2SettingInitialWindowSize); ok && v > (1<<31)-1 {
  1966  		// Values above the maximum flow control window size of 2^31 - 1 MUST
  1967  		// be treated as a connection error (Section 5.4.1) of type
  1968  		// FLOW_CONTROL_ERROR.
  1969  		return nil, http2ConnectionError(http2ErrCodeFlowControl)
  1970  	}
  1971  	return f, nil
  1972  }
  1973  
  1974  func (f *http2SettingsFrame) IsAck() bool {
  1975  	return f.http2FrameHeader.Flags.Has(http2FlagSettingsAck)
  1976  }
  1977  
  1978  func (f *http2SettingsFrame) Value(id http2SettingID) (v uint32, ok bool) {
  1979  	f.checkValid()
  1980  	for i := 0; i < f.NumSettings(); i++ {
  1981  		if s := f.Setting(i); s.ID == id {
  1982  			return s.Val, true
  1983  		}
  1984  	}
  1985  	return 0, false
  1986  }
  1987  
  1988  // Setting returns the setting from the frame at the given 0-based index.
  1989  // The index must be >= 0 and less than f.NumSettings().
  1990  func (f *http2SettingsFrame) Setting(i int) http2Setting {
  1991  	buf := f.p
  1992  	return http2Setting{
  1993  		ID:  http2SettingID(binary.BigEndian.Uint16(buf[i*6 : i*6+2])),
  1994  		Val: binary.BigEndian.Uint32(buf[i*6+2 : i*6+6]),
  1995  	}
  1996  }
  1997  
  1998  func (f *http2SettingsFrame) NumSettings() int { return len(f.p) / 6 }
  1999  
  2000  // HasDuplicates reports whether f contains any duplicate setting IDs.
  2001  func (f *http2SettingsFrame) HasDuplicates() bool {
  2002  	num := f.NumSettings()
  2003  	if num == 0 {
  2004  		return false
  2005  	}
  2006  	// If it's small enough (the common case), just do the n^2
  2007  	// thing and avoid a map allocation.
  2008  	if num < 10 {
  2009  		for i := 0; i < num; i++ {
  2010  			idi := f.Setting(i).ID
  2011  			for j := i + 1; j < num; j++ {
  2012  				idj := f.Setting(j).ID
  2013  				if idi == idj {
  2014  					return true
  2015  				}
  2016  			}
  2017  		}
  2018  		return false
  2019  	}
  2020  	seen := map[http2SettingID]bool{}
  2021  	for i := 0; i < num; i++ {
  2022  		id := f.Setting(i).ID
  2023  		if seen[id] {
  2024  			return true
  2025  		}
  2026  		seen[id] = true
  2027  	}
  2028  	return false
  2029  }
  2030  
  2031  // ForeachSetting runs fn for each setting.
  2032  // It stops and returns the first error.
  2033  func (f *http2SettingsFrame) ForeachSetting(fn func(http2Setting) error) error {
  2034  	f.checkValid()
  2035  	for i := 0; i < f.NumSettings(); i++ {
  2036  		if err := fn(f.Setting(i)); err != nil {
  2037  			return err
  2038  		}
  2039  	}
  2040  	return nil
  2041  }
  2042  
  2043  // WriteSettings writes a SETTINGS frame with zero or more settings
  2044  // specified and the ACK bit not set.
  2045  //
  2046  // It will perform exactly one Write to the underlying Writer.
  2047  // It is the caller's responsibility to not call other Write methods concurrently.
  2048  func (f *http2Framer) WriteSettings(settings ...http2Setting) error {
  2049  	f.startWrite(http2FrameSettings, 0, 0)
  2050  	for _, s := range settings {
  2051  		f.writeUint16(uint16(s.ID))
  2052  		f.writeUint32(s.Val)
  2053  	}
  2054  	return f.endWrite()
  2055  }
  2056  
  2057  // WriteSettingsAck writes an empty SETTINGS frame with the ACK bit set.
  2058  //
  2059  // It will perform exactly one Write to the underlying Writer.
  2060  // It is the caller's responsibility to not call other Write methods concurrently.
  2061  func (f *http2Framer) WriteSettingsAck() error {
  2062  	f.startWrite(http2FrameSettings, http2FlagSettingsAck, 0)
  2063  	return f.endWrite()
  2064  }
  2065  
  2066  // A PingFrame is a mechanism for measuring a minimal round trip time
  2067  // from the sender, as well as determining whether an idle connection
  2068  // is still functional.
  2069  // See http://http2.github.io/http2-spec/#rfc.section.6.7
  2070  type http2PingFrame struct {
  2071  	http2FrameHeader
  2072  	Data [8]byte
  2073  }
  2074  
  2075  func (f *http2PingFrame) IsAck() bool { return f.Flags.Has(http2FlagPingAck) }
  2076  
  2077  func http2parsePingFrame(_ *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) {
  2078  	if len(payload) != 8 {
  2079  		return nil, http2ConnectionError(http2ErrCodeFrameSize)
  2080  	}
  2081  	if fh.StreamID != 0 {
  2082  		return nil, http2ConnectionError(http2ErrCodeProtocol)
  2083  	}
  2084  	f := &http2PingFrame{http2FrameHeader: fh}
  2085  	copy(f.Data[:], payload)
  2086  	return f, nil
  2087  }
  2088  
  2089  func (f *http2Framer) WritePing(ack bool, data [8]byte) error {
  2090  	var flags http2Flags
  2091  	if ack {
  2092  		flags = http2FlagPingAck
  2093  	}
  2094  	f.startWrite(http2FramePing, flags, 0)
  2095  	f.writeBytes(data[:])
  2096  	return f.endWrite()
  2097  }
  2098  
  2099  // A GoAwayFrame informs the remote peer to stop creating streams on this connection.
  2100  // See http://http2.github.io/http2-spec/#rfc.section.6.8
  2101  type http2GoAwayFrame struct {
  2102  	http2FrameHeader
  2103  	LastStreamID uint32
  2104  	ErrCode      http2ErrCode
  2105  	debugData    []byte
  2106  }
  2107  
  2108  // DebugData returns any debug data in the GOAWAY frame. Its contents
  2109  // are not defined.
  2110  // The caller must not retain the returned memory past the next
  2111  // call to ReadFrame.
  2112  func (f *http2GoAwayFrame) DebugData() []byte {
  2113  	f.checkValid()
  2114  	return f.debugData
  2115  }
  2116  
  2117  func http2parseGoAwayFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) {
  2118  	if fh.StreamID != 0 {
  2119  		return nil, http2ConnectionError(http2ErrCodeProtocol)
  2120  	}
  2121  	if len(p) < 8 {
  2122  		return nil, http2ConnectionError(http2ErrCodeFrameSize)
  2123  	}
  2124  	return &http2GoAwayFrame{
  2125  		http2FrameHeader: fh,
  2126  		LastStreamID:     binary.BigEndian.Uint32(p[:4]) & (1<<31 - 1),
  2127  		ErrCode:          http2ErrCode(binary.BigEndian.Uint32(p[4:8])),
  2128  		debugData:        p[8:],
  2129  	}, nil
  2130  }
  2131  
  2132  func (f *http2Framer) WriteGoAway(maxStreamID uint32, code http2ErrCode, debugData []byte) error {
  2133  	f.startWrite(http2FrameGoAway, 0, 0)
  2134  	f.writeUint32(maxStreamID & (1<<31 - 1))
  2135  	f.writeUint32(uint32(code))
  2136  	f.writeBytes(debugData)
  2137  	return f.endWrite()
  2138  }
  2139  
  2140  // An UnknownFrame is the frame type returned when the frame type is unknown
  2141  // or no specific frame type parser exists.
  2142  type http2UnknownFrame struct {
  2143  	http2FrameHeader
  2144  	p []byte
  2145  }
  2146  
  2147  // Payload returns the frame's payload (after the header).  It is not
  2148  // valid to call this method after a subsequent call to
  2149  // Framer.ReadFrame, nor is it valid to retain the returned slice.
  2150  // The memory is owned by the Framer and is invalidated when the next
  2151  // frame is read.
  2152  func (f *http2UnknownFrame) Payload() []byte {
  2153  	f.checkValid()
  2154  	return f.p
  2155  }
  2156  
  2157  func http2parseUnknownFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) {
  2158  	return &http2UnknownFrame{fh, p}, nil
  2159  }
  2160  
  2161  // A WindowUpdateFrame is used to implement flow control.
  2162  // See http://http2.github.io/http2-spec/#rfc.section.6.9
  2163  type http2WindowUpdateFrame struct {
  2164  	http2FrameHeader
  2165  	Increment uint32 // never read with high bit set
  2166  }
  2167  
  2168  func http2parseWindowUpdateFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) {
  2169  	if len(p) != 4 {
  2170  		return nil, http2ConnectionError(http2ErrCodeFrameSize)
  2171  	}
  2172  	inc := binary.BigEndian.Uint32(p[:4]) & 0x7fffffff // mask off high reserved bit
  2173  	if inc == 0 {
  2174  		// A receiver MUST treat the receipt of a
  2175  		// WINDOW_UPDATE frame with an flow control window
  2176  		// increment of 0 as a stream error (Section 5.4.2) of
  2177  		// type PROTOCOL_ERROR; errors on the connection flow
  2178  		// control window MUST be treated as a connection
  2179  		// error (Section 5.4.1).
  2180  		if fh.StreamID == 0 {
  2181  			return nil, http2ConnectionError(http2ErrCodeProtocol)
  2182  		}
  2183  		return nil, http2streamError(fh.StreamID, http2ErrCodeProtocol)
  2184  	}
  2185  	return &http2WindowUpdateFrame{
  2186  		http2FrameHeader: fh,
  2187  		Increment:        inc,
  2188  	}, nil
  2189  }
  2190  
  2191  // WriteWindowUpdate writes a WINDOW_UPDATE frame.
  2192  // The increment value must be between 1 and 2,147,483,647, inclusive.
  2193  // If the Stream ID is zero, the window update applies to the
  2194  // connection as a whole.
  2195  func (f *http2Framer) WriteWindowUpdate(streamID, incr uint32) error {
  2196  	// "The legal range for the increment to the flow control window is 1 to 2^31-1 (2,147,483,647) octets."
  2197  	if (incr < 1 || incr > 2147483647) && !f.AllowIllegalWrites {
  2198  		return errors.New("illegal window increment value")
  2199  	}
  2200  	f.startWrite(http2FrameWindowUpdate, 0, streamID)
  2201  	f.writeUint32(incr)
  2202  	return f.endWrite()
  2203  }
  2204  
  2205  // A HeadersFrame is used to open a stream and additionally carries a
  2206  // header block fragment.
  2207  type http2HeadersFrame struct {
  2208  	http2FrameHeader
  2209  
  2210  	// Priority is set if FlagHeadersPriority is set in the FrameHeader.
  2211  	Priority http2PriorityParam
  2212  
  2213  	headerFragBuf []byte // not owned
  2214  }
  2215  
  2216  func (f *http2HeadersFrame) HeaderBlockFragment() []byte {
  2217  	f.checkValid()
  2218  	return f.headerFragBuf
  2219  }
  2220  
  2221  func (f *http2HeadersFrame) HeadersEnded() bool {
  2222  	return f.http2FrameHeader.Flags.Has(http2FlagHeadersEndHeaders)
  2223  }
  2224  
  2225  func (f *http2HeadersFrame) StreamEnded() bool {
  2226  	return f.http2FrameHeader.Flags.Has(http2FlagHeadersEndStream)
  2227  }
  2228  
  2229  func (f *http2HeadersFrame) HasPriority() bool {
  2230  	return f.http2FrameHeader.Flags.Has(http2FlagHeadersPriority)
  2231  }
  2232  
  2233  func http2parseHeadersFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (_ http2Frame, err error) {
  2234  	hf := &http2HeadersFrame{
  2235  		http2FrameHeader: fh,
  2236  	}
  2237  	if fh.StreamID == 0 {
  2238  		// HEADERS frames MUST be associated with a stream. If a HEADERS frame
  2239  		// is received whose stream identifier field is 0x0, the recipient MUST
  2240  		// respond with a connection error (Section 5.4.1) of type
  2241  		// PROTOCOL_ERROR.
  2242  		return nil, http2connError{http2ErrCodeProtocol, "HEADERS frame with stream ID 0"}
  2243  	}
  2244  	var padLength uint8
  2245  	if fh.Flags.Has(http2FlagHeadersPadded) {
  2246  		if p, padLength, err = http2readByte(p); err != nil {
  2247  			return
  2248  		}
  2249  	}
  2250  	if fh.Flags.Has(http2FlagHeadersPriority) {
  2251  		var v uint32
  2252  		p, v, err = http2readUint32(p)
  2253  		if err != nil {
  2254  			return nil, err
  2255  		}
  2256  		hf.Priority.StreamDep = v & 0x7fffffff
  2257  		hf.Priority.Exclusive = (v != hf.Priority.StreamDep) // high bit was set
  2258  		p, hf.Priority.Weight, err = http2readByte(p)
  2259  		if err != nil {
  2260  			return nil, err
  2261  		}
  2262  	}
  2263  	if len(p)-int(padLength) <= 0 {
  2264  		return nil, http2streamError(fh.StreamID, http2ErrCodeProtocol)
  2265  	}
  2266  	hf.headerFragBuf = p[:len(p)-int(padLength)]
  2267  	return hf, nil
  2268  }
  2269  
  2270  // HeadersFrameParam are the parameters for writing a HEADERS frame.
  2271  type http2HeadersFrameParam struct {
  2272  	// StreamID is the required Stream ID to initiate.
  2273  	StreamID uint32
  2274  	// BlockFragment is part (or all) of a Header Block.
  2275  	BlockFragment []byte
  2276  
  2277  	// EndStream indicates that the header block is the last that
  2278  	// the endpoint will send for the identified stream. Setting
  2279  	// this flag causes the stream to enter one of "half closed"
  2280  	// states.
  2281  	EndStream bool
  2282  
  2283  	// EndHeaders indicates that this frame contains an entire
  2284  	// header block and is not followed by any
  2285  	// CONTINUATION frames.
  2286  	EndHeaders bool
  2287  
  2288  	// PadLength is the optional number of bytes of zeros to add
  2289  	// to this frame.
  2290  	PadLength uint8
  2291  
  2292  	// Priority, if non-zero, includes stream priority information
  2293  	// in the HEADER frame.
  2294  	Priority http2PriorityParam
  2295  }
  2296  
  2297  // WriteHeaders writes a single HEADERS frame.
  2298  //
  2299  // This is a low-level header writing method. Encoding headers and
  2300  // splitting them into any necessary CONTINUATION frames is handled
  2301  // elsewhere.
  2302  //
  2303  // It will perform exactly one Write to the underlying Writer.
  2304  // It is the caller's responsibility to not call other Write methods concurrently.
  2305  func (f *http2Framer) WriteHeaders(p http2HeadersFrameParam) error {
  2306  	if !http2validStreamID(p.StreamID) && !f.AllowIllegalWrites {
  2307  		return http2errStreamID
  2308  	}
  2309  	var flags http2Flags
  2310  	if p.PadLength != 0 {
  2311  		flags |= http2FlagHeadersPadded
  2312  	}
  2313  	if p.EndStream {
  2314  		flags |= http2FlagHeadersEndStream
  2315  	}
  2316  	if p.EndHeaders {
  2317  		flags |= http2FlagHeadersEndHeaders
  2318  	}
  2319  	if !p.Priority.IsZero() {
  2320  		flags |= http2FlagHeadersPriority
  2321  	}
  2322  	f.startWrite(http2FrameHeaders, flags, p.StreamID)
  2323  	if p.PadLength != 0 {
  2324  		f.writeByte(p.PadLength)
  2325  	}
  2326  	if !p.Priority.IsZero() {
  2327  		v := p.Priority.StreamDep
  2328  		if !http2validStreamIDOrZero(v) && !f.AllowIllegalWrites {
  2329  			return http2errDepStreamID
  2330  		}
  2331  		if p.Priority.Exclusive {
  2332  			v |= 1 << 31
  2333  		}
  2334  		f.writeUint32(v)
  2335  		f.writeByte(p.Priority.Weight)
  2336  	}
  2337  	f.wbuf = append(f.wbuf, p.BlockFragment...)
  2338  	f.wbuf = append(f.wbuf, http2padZeros[:p.PadLength]...)
  2339  	return f.endWrite()
  2340  }
  2341  
  2342  // A PriorityFrame specifies the sender-advised priority of a stream.
  2343  // See http://http2.github.io/http2-spec/#rfc.section.6.3
  2344  type http2PriorityFrame struct {
  2345  	http2FrameHeader
  2346  	http2PriorityParam
  2347  }
  2348  
  2349  // PriorityParam are the stream prioritzation parameters.
  2350  type http2PriorityParam struct {
  2351  	// StreamDep is a 31-bit stream identifier for the
  2352  	// stream that this stream depends on. Zero means no
  2353  	// dependency.
  2354  	StreamDep uint32
  2355  
  2356  	// Exclusive is whether the dependency is exclusive.
  2357  	Exclusive bool
  2358  
  2359  	// Weight is the stream's zero-indexed weight. It should be
  2360  	// set together with StreamDep, or neither should be set. Per
  2361  	// the spec, "Add one to the value to obtain a weight between
  2362  	// 1 and 256."
  2363  	Weight uint8
  2364  }
  2365  
  2366  func (p http2PriorityParam) IsZero() bool {
  2367  	return p == http2PriorityParam{}
  2368  }
  2369  
  2370  func http2parsePriorityFrame(_ *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) {
  2371  	if fh.StreamID == 0 {
  2372  		return nil, http2connError{http2ErrCodeProtocol, "PRIORITY frame with stream ID 0"}
  2373  	}
  2374  	if len(payload) != 5 {
  2375  		return nil, http2connError{http2ErrCodeFrameSize, fmt.Sprintf("PRIORITY frame payload size was %d; want 5", len(payload))}
  2376  	}
  2377  	v := binary.BigEndian.Uint32(payload[:4])
  2378  	streamID := v & 0x7fffffff // mask off high bit
  2379  	return &http2PriorityFrame{
  2380  		http2FrameHeader: fh,
  2381  		http2PriorityParam: http2PriorityParam{
  2382  			Weight:    payload[4],
  2383  			StreamDep: streamID,
  2384  			Exclusive: streamID != v, // was high bit set?
  2385  		},
  2386  	}, nil
  2387  }
  2388  
  2389  // WritePriority writes a PRIORITY frame.
  2390  //
  2391  // It will perform exactly one Write to the underlying Writer.
  2392  // It is the caller's responsibility to not call other Write methods concurrently.
  2393  func (f *http2Framer) WritePriority(streamID uint32, p http2PriorityParam) error {
  2394  	if !http2validStreamID(streamID) && !f.AllowIllegalWrites {
  2395  		return http2errStreamID
  2396  	}
  2397  	if !http2validStreamIDOrZero(p.StreamDep) {
  2398  		return http2errDepStreamID
  2399  	}
  2400  	f.startWrite(http2FramePriority, 0, streamID)
  2401  	v := p.StreamDep
  2402  	if p.Exclusive {
  2403  		v |= 1 << 31
  2404  	}
  2405  	f.writeUint32(v)
  2406  	f.writeByte(p.Weight)
  2407  	return f.endWrite()
  2408  }
  2409  
  2410  // A RSTStreamFrame allows for abnormal termination of a stream.
  2411  // See http://http2.github.io/http2-spec/#rfc.section.6.4
  2412  type http2RSTStreamFrame struct {
  2413  	http2FrameHeader
  2414  	ErrCode http2ErrCode
  2415  }
  2416  
  2417  func http2parseRSTStreamFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) {
  2418  	if len(p) != 4 {
  2419  		return nil, http2ConnectionError(http2ErrCodeFrameSize)
  2420  	}
  2421  	if fh.StreamID == 0 {
  2422  		return nil, http2ConnectionError(http2ErrCodeProtocol)
  2423  	}
  2424  	return &http2RSTStreamFrame{fh, http2ErrCode(binary.BigEndian.Uint32(p[:4]))}, nil
  2425  }
  2426  
  2427  // WriteRSTStream writes a RST_STREAM frame.
  2428  //
  2429  // It will perform exactly one Write to the underlying Writer.
  2430  // It is the caller's responsibility to not call other Write methods concurrently.
  2431  func (f *http2Framer) WriteRSTStream(streamID uint32, code http2ErrCode) error {
  2432  	if !http2validStreamID(streamID) && !f.AllowIllegalWrites {
  2433  		return http2errStreamID
  2434  	}
  2435  	f.startWrite(http2FrameRSTStream, 0, streamID)
  2436  	f.writeUint32(uint32(code))
  2437  	return f.endWrite()
  2438  }
  2439  
  2440  // A ContinuationFrame is used to continue a sequence of header block fragments.
  2441  // See http://http2.github.io/http2-spec/#rfc.section.6.10
  2442  type http2ContinuationFrame struct {
  2443  	http2FrameHeader
  2444  	headerFragBuf []byte
  2445  }
  2446  
  2447  func http2parseContinuationFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) {
  2448  	if fh.StreamID == 0 {
  2449  		return nil, http2connError{http2ErrCodeProtocol, "CONTINUATION frame with stream ID 0"}
  2450  	}
  2451  	return &http2ContinuationFrame{fh, p}, nil
  2452  }
  2453  
  2454  func (f *http2ContinuationFrame) HeaderBlockFragment() []byte {
  2455  	f.checkValid()
  2456  	return f.headerFragBuf
  2457  }
  2458  
  2459  func (f *http2ContinuationFrame) HeadersEnded() bool {
  2460  	return f.http2FrameHeader.Flags.Has(http2FlagContinuationEndHeaders)
  2461  }
  2462  
  2463  // WriteContinuation writes a CONTINUATION frame.
  2464  //
  2465  // It will perform exactly one Write to the underlying Writer.
  2466  // It is the caller's responsibility to not call other Write methods concurrently.
  2467  func (f *http2Framer) WriteContinuation(streamID uint32, endHeaders bool, headerBlockFragment []byte) error {
  2468  	if !http2validStreamID(streamID) && !f.AllowIllegalWrites {
  2469  		return http2errStreamID
  2470  	}
  2471  	var flags http2Flags
  2472  	if endHeaders {
  2473  		flags |= http2FlagContinuationEndHeaders
  2474  	}
  2475  	f.startWrite(http2FrameContinuation, flags, streamID)
  2476  	f.wbuf = append(f.wbuf, headerBlockFragment...)
  2477  	return f.endWrite()
  2478  }
  2479  
  2480  // A PushPromiseFrame is used to initiate a server stream.
  2481  // See http://http2.github.io/http2-spec/#rfc.section.6.6
  2482  type http2PushPromiseFrame struct {
  2483  	http2FrameHeader
  2484  	PromiseID     uint32
  2485  	headerFragBuf []byte // not owned
  2486  }
  2487  
  2488  func (f *http2PushPromiseFrame) HeaderBlockFragment() []byte {
  2489  	f.checkValid()
  2490  	return f.headerFragBuf
  2491  }
  2492  
  2493  func (f *http2PushPromiseFrame) HeadersEnded() bool {
  2494  	return f.http2FrameHeader.Flags.Has(http2FlagPushPromiseEndHeaders)
  2495  }
  2496  
  2497  func http2parsePushPromise(_ *http2frameCache, fh http2FrameHeader, p []byte) (_ http2Frame, err error) {
  2498  	pp := &http2PushPromiseFrame{
  2499  		http2FrameHeader: fh,
  2500  	}
  2501  	if pp.StreamID == 0 {
  2502  		// PUSH_PROMISE frames MUST be associated with an existing,
  2503  		// peer-initiated stream. The stream identifier of a
  2504  		// PUSH_PROMISE frame indicates the stream it is associated
  2505  		// with. If the stream identifier field specifies the value
  2506  		// 0x0, a recipient MUST respond with a connection error
  2507  		// (Section 5.4.1) of type PROTOCOL_ERROR.
  2508  		return nil, http2ConnectionError(http2ErrCodeProtocol)
  2509  	}
  2510  	// The PUSH_PROMISE frame includes optional padding.
  2511  	// Padding fields and flags are identical to those defined for DATA frames
  2512  	var padLength uint8
  2513  	if fh.Flags.Has(http2FlagPushPromisePadded) {
  2514  		if p, padLength, err = http2readByte(p); err != nil {
  2515  			return
  2516  		}
  2517  	}
  2518  
  2519  	p, pp.PromiseID, err = http2readUint32(p)
  2520  	if err != nil {
  2521  		return
  2522  	}
  2523  	pp.PromiseID = pp.PromiseID & (1<<31 - 1)
  2524  
  2525  	if int(padLength) > len(p) {
  2526  		// like the DATA frame, error out if padding is longer than the body.
  2527  		return nil, http2ConnectionError(http2ErrCodeProtocol)
  2528  	}
  2529  	pp.headerFragBuf = p[:len(p)-int(padLength)]
  2530  	return pp, nil
  2531  }
  2532  
  2533  // PushPromiseParam are the parameters for writing a PUSH_PROMISE frame.
  2534  type http2PushPromiseParam struct {
  2535  	// StreamID is the required Stream ID to initiate.
  2536  	StreamID uint32
  2537  
  2538  	// PromiseID is the required Stream ID which this
  2539  	// Push Promises
  2540  	PromiseID uint32
  2541  
  2542  	// BlockFragment is part (or all) of a Header Block.
  2543  	BlockFragment []byte
  2544  
  2545  	// EndHeaders indicates that this frame contains an entire
  2546  	// header block and is not followed by any
  2547  	// CONTINUATION frames.
  2548  	EndHeaders bool
  2549  
  2550  	// PadLength is the optional number of bytes of zeros to add
  2551  	// to this frame.
  2552  	PadLength uint8
  2553  }
  2554  
  2555  // WritePushPromise writes a single PushPromise Frame.
  2556  //
  2557  // As with Header Frames, This is the low level call for writing
  2558  // individual frames. Continuation frames are handled elsewhere.
  2559  //
  2560  // It will perform exactly one Write to the underlying Writer.
  2561  // It is the caller's responsibility to not call other Write methods concurrently.
  2562  func (f *http2Framer) WritePushPromise(p http2PushPromiseParam) error {
  2563  	if !http2validStreamID(p.StreamID) && !f.AllowIllegalWrites {
  2564  		return http2errStreamID
  2565  	}
  2566  	var flags http2Flags
  2567  	if p.PadLength != 0 {
  2568  		flags |= http2FlagPushPromisePadded
  2569  	}
  2570  	if p.EndHeaders {
  2571  		flags |= http2FlagPushPromiseEndHeaders
  2572  	}
  2573  	f.startWrite(http2FramePushPromise, flags, p.StreamID)
  2574  	if p.PadLength != 0 {
  2575  		f.writeByte(p.PadLength)
  2576  	}
  2577  	if !http2validStreamID(p.PromiseID) && !f.AllowIllegalWrites {
  2578  		return http2errStreamID
  2579  	}
  2580  	f.writeUint32(p.PromiseID)
  2581  	f.wbuf = append(f.wbuf, p.BlockFragment...)
  2582  	f.wbuf = append(f.wbuf, http2padZeros[:p.PadLength]...)
  2583  	return f.endWrite()
  2584  }
  2585  
  2586  // WriteRawFrame writes a raw frame. This can be used to write
  2587  // extension frames unknown to this package.
  2588  func (f *http2Framer) WriteRawFrame(t http2FrameType, flags http2Flags, streamID uint32, payload []byte) error {
  2589  	f.startWrite(t, flags, streamID)
  2590  	f.writeBytes(payload)
  2591  	return f.endWrite()
  2592  }
  2593  
  2594  func http2readByte(p []byte) (remain []byte, b byte, err error) {
  2595  	if len(p) == 0 {
  2596  		return nil, 0, io.ErrUnexpectedEOF
  2597  	}
  2598  	return p[1:], p[0], nil
  2599  }
  2600  
  2601  func http2readUint32(p []byte) (remain []byte, v uint32, err error) {
  2602  	if len(p) < 4 {
  2603  		return nil, 0, io.ErrUnexpectedEOF
  2604  	}
  2605  	return p[4:], binary.BigEndian.Uint32(p[:4]), nil
  2606  }
  2607  
  2608  type http2streamEnder interface {
  2609  	StreamEnded() bool
  2610  }
  2611  
  2612  type http2headersEnder interface {
  2613  	HeadersEnded() bool
  2614  }
  2615  
  2616  type http2headersOrContinuation interface {
  2617  	http2headersEnder
  2618  	HeaderBlockFragment() []byte
  2619  }
  2620  
  2621  // A MetaHeadersFrame is the representation of one HEADERS frame and
  2622  // zero or more contiguous CONTINUATION frames and the decoding of
  2623  // their HPACK-encoded contents.
  2624  //
  2625  // This type of frame does not appear on the wire and is only returned
  2626  // by the Framer when Framer.ReadMetaHeaders is set.
  2627  type http2MetaHeadersFrame struct {
  2628  	*http2HeadersFrame
  2629  
  2630  	// Fields are the fields contained in the HEADERS and
  2631  	// CONTINUATION frames. The underlying slice is owned by the
  2632  	// Framer and must not be retained after the next call to
  2633  	// ReadFrame.
  2634  	//
  2635  	// Fields are guaranteed to be in the correct http2 order and
  2636  	// not have unknown pseudo header fields or invalid header
  2637  	// field names or values. Required pseudo header fields may be
  2638  	// missing, however. Use the MetaHeadersFrame.Pseudo accessor
  2639  	// method access pseudo headers.
  2640  	Fields []hpack.HeaderField
  2641  
  2642  	// Truncated is whether the max header list size limit was hit
  2643  	// and Fields is incomplete. The hpack decoder state is still
  2644  	// valid, however.
  2645  	Truncated bool
  2646  }
  2647  
  2648  // PseudoValue returns the given pseudo header field's value.
  2649  // The provided pseudo field should not contain the leading colon.
  2650  func (mh *http2MetaHeadersFrame) PseudoValue(pseudo string) string {
  2651  	for _, hf := range mh.Fields {
  2652  		if !hf.IsPseudo() {
  2653  			return ""
  2654  		}
  2655  		if hf.Name[1:] == pseudo {
  2656  			return hf.Value
  2657  		}
  2658  	}
  2659  	return ""
  2660  }
  2661  
  2662  // RegularFields returns the regular (non-pseudo) header fields of mh.
  2663  // The caller does not own the returned slice.
  2664  func (mh *http2MetaHeadersFrame) RegularFields() []hpack.HeaderField {
  2665  	for i, hf := range mh.Fields {
  2666  		if !hf.IsPseudo() {
  2667  			return mh.Fields[i:]
  2668  		}
  2669  	}
  2670  	return nil
  2671  }
  2672  
  2673  // PseudoFields returns the pseudo header fields of mh.
  2674  // The caller does not own the returned slice.
  2675  func (mh *http2MetaHeadersFrame) PseudoFields() []hpack.HeaderField {
  2676  	for i, hf := range mh.Fields {
  2677  		if !hf.IsPseudo() {
  2678  			return mh.Fields[:i]
  2679  		}
  2680  	}
  2681  	return mh.Fields
  2682  }
  2683  
  2684  func (mh *http2MetaHeadersFrame) checkPseudos() error {
  2685  	var isRequest, isResponse bool
  2686  	pf := mh.PseudoFields()
  2687  	for i, hf := range pf {
  2688  		switch hf.Name {
  2689  		case ":method", ":path", ":scheme", ":authority":
  2690  			isRequest = true
  2691  		case ":status":
  2692  			isResponse = true
  2693  		default:
  2694  			return http2pseudoHeaderError(hf.Name)
  2695  		}
  2696  		// Check for duplicates.
  2697  		// This would be a bad algorithm, but N is 4.
  2698  		// And this doesn't allocate.
  2699  		for _, hf2 := range pf[:i] {
  2700  			if hf.Name == hf2.Name {
  2701  				return http2duplicatePseudoHeaderError(hf.Name)
  2702  			}
  2703  		}
  2704  	}
  2705  	if isRequest && isResponse {
  2706  		return http2errMixPseudoHeaderTypes
  2707  	}
  2708  	return nil
  2709  }
  2710  
  2711  func (fr *http2Framer) maxHeaderStringLen() int {
  2712  	v := fr.maxHeaderListSize()
  2713  	if uint32(int(v)) == v {
  2714  		return int(v)
  2715  	}
  2716  	// They had a crazy big number for MaxHeaderBytes anyway,
  2717  	// so give them unlimited header lengths:
  2718  	return 0
  2719  }
  2720  
  2721  // readMetaFrame returns 0 or more CONTINUATION frames from fr and
  2722  // merge them into the provided hf and returns a MetaHeadersFrame
  2723  // with the decoded hpack values.
  2724  func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFrame, error) {
  2725  	if fr.AllowIllegalReads {
  2726  		return nil, errors.New("illegal use of AllowIllegalReads with ReadMetaHeaders")
  2727  	}
  2728  	mh := &http2MetaHeadersFrame{
  2729  		http2HeadersFrame: hf,
  2730  	}
  2731  	var remainSize = fr.maxHeaderListSize()
  2732  	var sawRegular bool
  2733  
  2734  	var invalid error // pseudo header field errors
  2735  	hdec := fr.ReadMetaHeaders
  2736  	hdec.SetEmitEnabled(true)
  2737  	hdec.SetMaxStringLength(fr.maxHeaderStringLen())
  2738  	hdec.SetEmitFunc(func(hf hpack.HeaderField) {
  2739  		if http2VerboseLogs && fr.logReads {
  2740  			fr.debugReadLoggerf("http2: decoded hpack field %+v", hf)
  2741  		}
  2742  		if !httpguts.ValidHeaderFieldValue(hf.Value) {
  2743  			invalid = http2headerFieldValueError(hf.Value)
  2744  		}
  2745  		isPseudo := strings.HasPrefix(hf.Name, ":")
  2746  		if isPseudo {
  2747  			if sawRegular {
  2748  				invalid = http2errPseudoAfterRegular
  2749  			}
  2750  		} else {
  2751  			sawRegular = true
  2752  			if !http2validWireHeaderFieldName(hf.Name) {
  2753  				invalid = http2headerFieldNameError(hf.Name)
  2754  			}
  2755  		}
  2756  
  2757  		if invalid != nil {
  2758  			hdec.SetEmitEnabled(false)
  2759  			return
  2760  		}
  2761  
  2762  		size := hf.Size()
  2763  		if size > remainSize {
  2764  			hdec.SetEmitEnabled(false)
  2765  			mh.Truncated = true
  2766  			return
  2767  		}
  2768  		remainSize -= size
  2769  
  2770  		mh.Fields = append(mh.Fields, hf)
  2771  	})
  2772  	// Lose reference to MetaHeadersFrame:
  2773  	defer hdec.SetEmitFunc(func(hf hpack.HeaderField) {})
  2774  
  2775  	var hc http2headersOrContinuation = hf
  2776  	for {
  2777  		frag := hc.HeaderBlockFragment()
  2778  		if _, err := hdec.Write(frag); err != nil {
  2779  			return nil, http2ConnectionError(http2ErrCodeCompression)
  2780  		}
  2781  
  2782  		if hc.HeadersEnded() {
  2783  			break
  2784  		}
  2785  		if f, err := fr.ReadFrame(); err != nil {
  2786  			return nil, err
  2787  		} else {
  2788  			hc = f.(*http2ContinuationFrame) // guaranteed by checkFrameOrder
  2789  		}
  2790  	}
  2791  
  2792  	mh.http2HeadersFrame.headerFragBuf = nil
  2793  	mh.http2HeadersFrame.invalidate()
  2794  
  2795  	if err := hdec.Close(); err != nil {
  2796  		return nil, http2ConnectionError(http2ErrCodeCompression)
  2797  	}
  2798  	if invalid != nil {
  2799  		fr.errDetail = invalid
  2800  		if http2VerboseLogs {
  2801  			log.Printf("http2: invalid header: %v", invalid)
  2802  		}
  2803  		return nil, http2StreamError{mh.StreamID, http2ErrCodeProtocol, invalid}
  2804  	}
  2805  	if err := mh.checkPseudos(); err != nil {
  2806  		fr.errDetail = err
  2807  		if http2VerboseLogs {
  2808  			log.Printf("http2: invalid pseudo headers: %v", err)
  2809  		}
  2810  		return nil, http2StreamError{mh.StreamID, http2ErrCodeProtocol, err}
  2811  	}
  2812  	return mh, nil
  2813  }
  2814  
  2815  func http2summarizeFrame(f http2Frame) string {
  2816  	var buf bytes.Buffer
  2817  	f.Header().writeDebug(&buf)
  2818  	switch f := f.(type) {
  2819  	case *http2SettingsFrame:
  2820  		n := 0
  2821  		f.ForeachSetting(func(s http2Setting) error {
  2822  			n++
  2823  			if n == 1 {
  2824  				buf.WriteString(", settings:")
  2825  			}
  2826  			fmt.Fprintf(&buf, " %v=%v,", s.ID, s.Val)
  2827  			return nil
  2828  		})
  2829  		if n > 0 {
  2830  			buf.Truncate(buf.Len() - 1) // remove trailing comma
  2831  		}
  2832  	case *http2DataFrame:
  2833  		data := f.Data()
  2834  		const max = 256
  2835  		if len(data) > max {
  2836  			data = data[:max]
  2837  		}
  2838  		fmt.Fprintf(&buf, " data=%q", data)
  2839  		if len(f.Data()) > max {
  2840  			fmt.Fprintf(&buf, " (%d bytes omitted)", len(f.Data())-max)
  2841  		}
  2842  	case *http2WindowUpdateFrame:
  2843  		if f.StreamID == 0 {
  2844  			buf.WriteString(" (conn)")
  2845  		}
  2846  		fmt.Fprintf(&buf, " incr=%v", f.Increment)
  2847  	case *http2PingFrame:
  2848  		fmt.Fprintf(&buf, " ping=%q", f.Data[:])
  2849  	case *http2GoAwayFrame:
  2850  		fmt.Fprintf(&buf, " LastStreamID=%v ErrCode=%v Debug=%q",
  2851  			f.LastStreamID, f.ErrCode, f.debugData)
  2852  	case *http2RSTStreamFrame:
  2853  		fmt.Fprintf(&buf, " ErrCode=%v", f.ErrCode)
  2854  	}
  2855  	return buf.String()
  2856  }
  2857  
  2858  func http2traceHasWroteHeaderField(trace *httptrace.ClientTrace) bool {
  2859  	return trace != nil && trace.WroteHeaderField != nil
  2860  }
  2861  
  2862  func http2traceWroteHeaderField(trace *httptrace.ClientTrace, k, v string) {
  2863  	if trace != nil && trace.WroteHeaderField != nil {
  2864  		trace.WroteHeaderField(k, []string{v})
  2865  	}
  2866  }
  2867  
  2868  func http2traceGot1xxResponseFunc(trace *httptrace.ClientTrace) func(int, textproto.MIMEHeader) error {
  2869  	if trace != nil {
  2870  		return trace.Got1xxResponse
  2871  	}
  2872  	return nil
  2873  }
  2874  
  2875  var http2DebugGoroutines = os.Getenv("DEBUG_HTTP2_GOROUTINES") == "1"
  2876  
  2877  type http2goroutineLock uint64
  2878  
  2879  func http2newGoroutineLock() http2goroutineLock {
  2880  	if !http2DebugGoroutines {
  2881  		return 0
  2882  	}
  2883  	return http2goroutineLock(http2curGoroutineID())
  2884  }
  2885  
  2886  func (g http2goroutineLock) check() {
  2887  	if !http2DebugGoroutines {
  2888  		return
  2889  	}
  2890  	if http2curGoroutineID() != uint64(g) {
  2891  		panic("running on the wrong goroutine")
  2892  	}
  2893  }
  2894  
  2895  func (g http2goroutineLock) checkNotOn() {
  2896  	if !http2DebugGoroutines {
  2897  		return
  2898  	}
  2899  	if http2curGoroutineID() == uint64(g) {
  2900  		panic("running on the wrong goroutine")
  2901  	}
  2902  }
  2903  
  2904  var http2goroutineSpace = []byte("goroutine ")
  2905  
  2906  func http2curGoroutineID() uint64 {
  2907  	bp := http2littleBuf.Get().(*[]byte)
  2908  	defer http2littleBuf.Put(bp)
  2909  	b := *bp
  2910  	b = b[:runtime.Stack(b, false)]
  2911  	// Parse the 4707 out of "goroutine 4707 ["
  2912  	b = bytes.TrimPrefix(b, http2goroutineSpace)
  2913  	i := bytes.IndexByte(b, ' ')
  2914  	if i < 0 {
  2915  		panic(fmt.Sprintf("No space found in %q", b))
  2916  	}
  2917  	b = b[:i]
  2918  	n, err := http2parseUintBytes(b, 10, 64)
  2919  	if err != nil {
  2920  		panic(fmt.Sprintf("Failed to parse goroutine ID out of %q: %v", b, err))
  2921  	}
  2922  	return n
  2923  }
  2924  
  2925  var http2littleBuf = sync.Pool{
  2926  	New: func() interface{} {
  2927  		buf := make([]byte, 64)
  2928  		return &buf
  2929  	},
  2930  }
  2931  
  2932  // parseUintBytes is like strconv.ParseUint, but using a []byte.
  2933  func http2parseUintBytes(s []byte, base int, bitSize int) (n uint64, err error) {
  2934  	var cutoff, maxVal uint64
  2935  
  2936  	if bitSize == 0 {
  2937  		bitSize = int(strconv.IntSize)
  2938  	}
  2939  
  2940  	s0 := s
  2941  	switch {
  2942  	case len(s) < 1:
  2943  		err = strconv.ErrSyntax
  2944  		goto Error
  2945  
  2946  	case 2 <= base && base <= 36:
  2947  		// valid base; nothing to do
  2948  
  2949  	case base == 0:
  2950  		// Look for octal, hex prefix.
  2951  		switch {
  2952  		case s[0] == '0' && len(s) > 1 && (s[1] == 'x' || s[1] == 'X'):
  2953  			base = 16
  2954  			s = s[2:]
  2955  			if len(s) < 1 {
  2956  				err = strconv.ErrSyntax
  2957  				goto Error
  2958  			}
  2959  		case s[0] == '0':
  2960  			base = 8
  2961  		default:
  2962  			base = 10
  2963  		}
  2964  
  2965  	default:
  2966  		err = errors.New("invalid base " + strconv.Itoa(base))
  2967  		goto Error
  2968  	}
  2969  
  2970  	n = 0
  2971  	cutoff = http2cutoff64(base)
  2972  	maxVal = 1<<uint(bitSize) - 1
  2973  
  2974  	for i := 0; i < len(s); i++ {
  2975  		var v byte
  2976  		d := s[i]
  2977  		switch {
  2978  		case '0' <= d && d <= '9':
  2979  			v = d - '0'
  2980  		case 'a' <= d && d <= 'z':
  2981  			v = d - 'a' + 10
  2982  		case 'A' <= d && d <= 'Z':
  2983  			v = d - 'A' + 10
  2984  		default:
  2985  			n = 0
  2986  			err = strconv.ErrSyntax
  2987  			goto Error
  2988  		}
  2989  		if int(v) >= base {
  2990  			n = 0
  2991  			err = strconv.ErrSyntax
  2992  			goto Error
  2993  		}
  2994  
  2995  		if n >= cutoff {
  2996  			// n*base overflows
  2997  			n = 1<<64 - 1
  2998  			err = strconv.ErrRange
  2999  			goto Error
  3000  		}
  3001  		n *= uint64(base)
  3002  
  3003  		n1 := n + uint64(v)
  3004  		if n1 < n || n1 > maxVal {
  3005  			// n+v overflows
  3006  			n = 1<<64 - 1
  3007  			err = strconv.ErrRange
  3008  			goto Error
  3009  		}
  3010  		n = n1
  3011  	}
  3012  
  3013  	return n, nil
  3014  
  3015  Error:
  3016  	return n, &strconv.NumError{Func: "ParseUint", Num: string(s0), Err: err}
  3017  }
  3018  
  3019  // Return the first number n such that n*base >= 1<<64.
  3020  func http2cutoff64(base int) uint64 {
  3021  	if base < 2 {
  3022  		return 0
  3023  	}
  3024  	return (1<<64-1)/uint64(base) + 1
  3025  }
  3026  
  3027  var (
  3028  	http2commonBuildOnce   sync.Once
  3029  	http2commonLowerHeader map[string]string // Go-Canonical-Case -> lower-case
  3030  	http2commonCanonHeader map[string]string // lower-case -> Go-Canonical-Case
  3031  )
  3032  
  3033  func http2buildCommonHeaderMapsOnce() {
  3034  	http2commonBuildOnce.Do(http2buildCommonHeaderMaps)
  3035  }
  3036  
  3037  func http2buildCommonHeaderMaps() {
  3038  	common := []string{
  3039  		"accept",
  3040  		"accept-charset",
  3041  		"accept-encoding",
  3042  		"accept-language",
  3043  		"accept-ranges",
  3044  		"age",
  3045  		"access-control-allow-origin",
  3046  		"allow",
  3047  		"authorization",
  3048  		"cache-control",
  3049  		"content-disposition",
  3050  		"content-encoding",
  3051  		"content-language",
  3052  		"content-length",
  3053  		"content-location",
  3054  		"content-range",
  3055  		"content-type",
  3056  		"cookie",
  3057  		"date",
  3058  		"etag",
  3059  		"expect",
  3060  		"expires",
  3061  		"from",
  3062  		"host",
  3063  		"if-match",
  3064  		"if-modified-since",
  3065  		"if-none-match",
  3066  		"if-unmodified-since",
  3067  		"last-modified",
  3068  		"link",
  3069  		"location",
  3070  		"max-forwards",
  3071  		"proxy-authenticate",
  3072  		"proxy-authorization",
  3073  		"range",
  3074  		"referer",
  3075  		"refresh",
  3076  		"retry-after",
  3077  		"server",
  3078  		"set-cookie",
  3079  		"strict-transport-security",
  3080  		"trailer",
  3081  		"transfer-encoding",
  3082  		"user-agent",
  3083  		"vary",
  3084  		"via",
  3085  		"www-authenticate",
  3086  	}
  3087  	http2commonLowerHeader = make(map[string]string, len(common))
  3088  	http2commonCanonHeader = make(map[string]string, len(common))
  3089  	for _, v := range common {
  3090  		chk := CanonicalHeaderKey(v)
  3091  		http2commonLowerHeader[chk] = v
  3092  		http2commonCanonHeader[v] = chk
  3093  	}
  3094  }
  3095  
  3096  func http2lowerHeader(v string) string {
  3097  	http2buildCommonHeaderMapsOnce()
  3098  	if s, ok := http2commonLowerHeader[v]; ok {
  3099  		return s
  3100  	}
  3101  	return strings.ToLower(v)
  3102  }
  3103  
  3104  var (
  3105  	http2VerboseLogs    bool
  3106  	http2logFrameWrites bool
  3107  	http2logFrameReads  bool
  3108  	http2inTests        bool
  3109  )
  3110  
  3111  func init() {
  3112  	e := os.Getenv("GODEBUG")
  3113  	if strings.Contains(e, "http2debug=1") {
  3114  		http2VerboseLogs = true
  3115  	}
  3116  	if strings.Contains(e, "http2debug=2") {
  3117  		http2VerboseLogs = true
  3118  		http2logFrameWrites = true
  3119  		http2logFrameReads = true
  3120  	}
  3121  }
  3122  
  3123  const (
  3124  	// ClientPreface is the string that must be sent by new
  3125  	// connections from clients.
  3126  	http2ClientPreface = "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n"
  3127  
  3128  	// SETTINGS_MAX_FRAME_SIZE default
  3129  	// http://http2.github.io/http2-spec/#rfc.section.6.5.2
  3130  	http2initialMaxFrameSize = 16384
  3131  
  3132  	// NextProtoTLS is the NPN/ALPN protocol negotiated during
  3133  	// HTTP/2's TLS setup.
  3134  	http2NextProtoTLS = "h2"
  3135  
  3136  	// http://http2.github.io/http2-spec/#SettingValues
  3137  	http2initialHeaderTableSize = 4096
  3138  
  3139  	http2initialWindowSize = 65535 // 6.9.2 Initial Flow Control Window Size
  3140  
  3141  	http2defaultMaxReadFrameSize = 1 << 20
  3142  )
  3143  
  3144  var (
  3145  	http2clientPreface = []byte(http2ClientPreface)
  3146  )
  3147  
  3148  type http2streamState int
  3149  
  3150  // HTTP/2 stream states.
  3151  //
  3152  // See http://tools.ietf.org/html/rfc7540#section-5.1.
  3153  //
  3154  // For simplicity, the server code merges "reserved (local)" into
  3155  // "half-closed (remote)". This is one less state transition to track.
  3156  // The only downside is that we send PUSH_PROMISEs slightly less
  3157  // liberally than allowable. More discussion here:
  3158  // https://lists.w3.org/Archives/Public/ietf-http-wg/2016JulSep/0599.html
  3159  //
  3160  // "reserved (remote)" is omitted since the client code does not
  3161  // support server push.
  3162  const (
  3163  	http2stateIdle http2streamState = iota
  3164  	http2stateOpen
  3165  	http2stateHalfClosedLocal
  3166  	http2stateHalfClosedRemote
  3167  	http2stateClosed
  3168  )
  3169  
  3170  var http2stateName = [...]string{
  3171  	http2stateIdle:             "Idle",
  3172  	http2stateOpen:             "Open",
  3173  	http2stateHalfClosedLocal:  "HalfClosedLocal",
  3174  	http2stateHalfClosedRemote: "HalfClosedRemote",
  3175  	http2stateClosed:           "Closed",
  3176  }
  3177  
  3178  func (st http2streamState) String() string {
  3179  	return http2stateName[st]
  3180  }
  3181  
  3182  // Setting is a setting parameter: which setting it is, and its value.
  3183  type http2Setting struct {
  3184  	// ID is which setting is being set.
  3185  	// See http://http2.github.io/http2-spec/#SettingValues
  3186  	ID http2SettingID
  3187  
  3188  	// Val is the value.
  3189  	Val uint32
  3190  }
  3191  
  3192  func (s http2Setting) String() string {
  3193  	return fmt.Sprintf("[%v = %d]", s.ID, s.Val)
  3194  }
  3195  
  3196  // Valid reports whether the setting is valid.
  3197  func (s http2Setting) Valid() error {
  3198  	// Limits and error codes from 6.5.2 Defined SETTINGS Parameters
  3199  	switch s.ID {
  3200  	case http2SettingEnablePush:
  3201  		if s.Val != 1 && s.Val != 0 {
  3202  			return http2ConnectionError(http2ErrCodeProtocol)
  3203  		}
  3204  	case http2SettingInitialWindowSize:
  3205  		if s.Val > 1<<31-1 {
  3206  			return http2ConnectionError(http2ErrCodeFlowControl)
  3207  		}
  3208  	case http2SettingMaxFrameSize:
  3209  		if s.Val < 16384 || s.Val > 1<<24-1 {
  3210  			return http2ConnectionError(http2ErrCodeProtocol)
  3211  		}
  3212  	}
  3213  	return nil
  3214  }
  3215  
  3216  // A SettingID is an HTTP/2 setting as defined in
  3217  // http://http2.github.io/http2-spec/#iana-settings
  3218  type http2SettingID uint16
  3219  
  3220  const (
  3221  	http2SettingHeaderTableSize      http2SettingID = 0x1
  3222  	http2SettingEnablePush           http2SettingID = 0x2
  3223  	http2SettingMaxConcurrentStreams http2SettingID = 0x3
  3224  	http2SettingInitialWindowSize    http2SettingID = 0x4
  3225  	http2SettingMaxFrameSize         http2SettingID = 0x5
  3226  	http2SettingMaxHeaderListSize    http2SettingID = 0x6
  3227  )
  3228  
  3229  var http2settingName = map[http2SettingID]string{
  3230  	http2SettingHeaderTableSize:      "HEADER_TABLE_SIZE",
  3231  	http2SettingEnablePush:           "ENABLE_PUSH",
  3232  	http2SettingMaxConcurrentStreams: "MAX_CONCURRENT_STREAMS",
  3233  	http2SettingInitialWindowSize:    "INITIAL_WINDOW_SIZE",
  3234  	http2SettingMaxFrameSize:         "MAX_FRAME_SIZE",
  3235  	http2SettingMaxHeaderListSize:    "MAX_HEADER_LIST_SIZE",
  3236  }
  3237  
  3238  func (s http2SettingID) String() string {
  3239  	if v, ok := http2settingName[s]; ok {
  3240  		return v
  3241  	}
  3242  	return fmt.Sprintf("UNKNOWN_SETTING_%d", uint16(s))
  3243  }
  3244  
  3245  var (
  3246  	http2errInvalidHeaderFieldName  = errors.New("http2: invalid header field name")
  3247  	http2errInvalidHeaderFieldValue = errors.New("http2: invalid header field value")
  3248  )
  3249  
  3250  // validWireHeaderFieldName reports whether v is a valid header field
  3251  // name (key). See httpguts.ValidHeaderName for the base rules.
  3252  //
  3253  // Further, http2 says:
  3254  //   "Just as in HTTP/1.x, header field names are strings of ASCII
  3255  //   characters that are compared in a case-insensitive
  3256  //   fashion. However, header field names MUST be converted to
  3257  //   lowercase prior to their encoding in HTTP/2. "
  3258  func http2validWireHeaderFieldName(v string) bool {
  3259  	if len(v) == 0 {
  3260  		return false
  3261  	}
  3262  	for _, r := range v {
  3263  		if !httpguts.IsTokenRune(r) {
  3264  			return false
  3265  		}
  3266  		if 'A' <= r && r <= 'Z' {
  3267  			return false
  3268  		}
  3269  	}
  3270  	return true
  3271  }
  3272  
  3273  func http2httpCodeString(code int) string {
  3274  	switch code {
  3275  	case 200:
  3276  		return "200"
  3277  	case 404:
  3278  		return "404"
  3279  	}
  3280  	return strconv.Itoa(code)
  3281  }
  3282  
  3283  // from pkg io
  3284  type http2stringWriter interface {
  3285  	WriteString(s string) (n int, err error)
  3286  }
  3287  
  3288  // A gate lets two goroutines coordinate their activities.
  3289  type http2gate chan struct{}
  3290  
  3291  func (g http2gate) Done() { g <- struct{}{} }
  3292  
  3293  func (g http2gate) Wait() { <-g }
  3294  
  3295  // A closeWaiter is like a sync.WaitGroup but only goes 1 to 0 (open to closed).
  3296  type http2closeWaiter chan struct{}
  3297  
  3298  // Init makes a closeWaiter usable.
  3299  // It exists because so a closeWaiter value can be placed inside a
  3300  // larger struct and have the Mutex and Cond's memory in the same
  3301  // allocation.
  3302  func (cw *http2closeWaiter) Init() {
  3303  	*cw = make(chan struct{})
  3304  }
  3305  
  3306  // Close marks the closeWaiter as closed and unblocks any waiters.
  3307  func (cw http2closeWaiter) Close() {
  3308  	close(cw)
  3309  }
  3310  
  3311  // Wait waits for the closeWaiter to become closed.
  3312  func (cw http2closeWaiter) Wait() {
  3313  	<-cw
  3314  }
  3315  
  3316  // bufferedWriter is a buffered writer that writes to w.
  3317  // Its buffered writer is lazily allocated as needed, to minimize
  3318  // idle memory usage with many connections.
  3319  type http2bufferedWriter struct {
  3320  	w  io.Writer     // immutable
  3321  	bw *bufio.Writer // non-nil when data is buffered
  3322  }
  3323  
  3324  func http2newBufferedWriter(w io.Writer) *http2bufferedWriter {
  3325  	return &http2bufferedWriter{w: w}
  3326  }
  3327  
  3328  // bufWriterPoolBufferSize is the size of bufio.Writer's
  3329  // buffers created using bufWriterPool.
  3330  //
  3331  // TODO: pick a less arbitrary value? this is a bit under
  3332  // (3 x typical 1500 byte MTU) at least. Other than that,
  3333  // not much thought went into it.
  3334  const http2bufWriterPoolBufferSize = 4 << 10
  3335  
  3336  var http2bufWriterPool = sync.Pool{
  3337  	New: func() interface{} {
  3338  		return bufio.NewWriterSize(nil, http2bufWriterPoolBufferSize)
  3339  	},
  3340  }
  3341  
  3342  func (w *http2bufferedWriter) Available() int {
  3343  	if w.bw == nil {
  3344  		return http2bufWriterPoolBufferSize
  3345  	}
  3346  	return w.bw.Available()
  3347  }
  3348  
  3349  func (w *http2bufferedWriter) Write(p []byte) (n int, err error) {
  3350  	if w.bw == nil {
  3351  		bw := http2bufWriterPool.Get().(*bufio.Writer)
  3352  		bw.Reset(w.w)
  3353  		w.bw = bw
  3354  	}
  3355  	return w.bw.Write(p)
  3356  }
  3357  
  3358  func (w *http2bufferedWriter) Flush() error {
  3359  	bw := w.bw
  3360  	if bw == nil {
  3361  		return nil
  3362  	}
  3363  	err := bw.Flush()
  3364  	bw.Reset(nil)
  3365  	http2bufWriterPool.Put(bw)
  3366  	w.bw = nil
  3367  	return err
  3368  }
  3369  
  3370  func http2mustUint31(v int32) uint32 {
  3371  	if v < 0 || v > 2147483647 {
  3372  		panic("out of range")
  3373  	}
  3374  	return uint32(v)
  3375  }
  3376  
  3377  // bodyAllowedForStatus reports whether a given response status code
  3378  // permits a body. See RFC 7230, section 3.3.
  3379  func http2bodyAllowedForStatus(status int) bool {
  3380  	switch {
  3381  	case status >= 100 && status <= 199:
  3382  		return false
  3383  	case status == 204:
  3384  		return false
  3385  	case status == 304:
  3386  		return false
  3387  	}
  3388  	return true
  3389  }
  3390  
  3391  type http2httpError struct {
  3392  	msg     string
  3393  	timeout bool
  3394  }
  3395  
  3396  func (e *http2httpError) Error() string { return e.msg }
  3397  
  3398  func (e *http2httpError) Timeout() bool { return e.timeout }
  3399  
  3400  func (e *http2httpError) Temporary() bool { return true }
  3401  
  3402  var http2errTimeout error = &http2httpError{msg: "http2: timeout awaiting response headers", timeout: true}
  3403  
  3404  type http2connectionStater interface {
  3405  	ConnectionState() tls.ConnectionState
  3406  }
  3407  
  3408  var http2sorterPool = sync.Pool{New: func() interface{} { return new(http2sorter) }}
  3409  
  3410  type http2sorter struct {
  3411  	v []string // owned by sorter
  3412  }
  3413  
  3414  func (s *http2sorter) Len() int { return len(s.v) }
  3415  
  3416  func (s *http2sorter) Swap(i, j int) { s.v[i], s.v[j] = s.v[j], s.v[i] }
  3417  
  3418  func (s *http2sorter) Less(i, j int) bool { return s.v[i] < s.v[j] }
  3419  
  3420  // Keys returns the sorted keys of h.
  3421  //
  3422  // The returned slice is only valid until s used again or returned to
  3423  // its pool.
  3424  func (s *http2sorter) Keys(h Header) []string {
  3425  	keys := s.v[:0]
  3426  	for k := range h {
  3427  		keys = append(keys, k)
  3428  	}
  3429  	s.v = keys
  3430  	sort.Sort(s)
  3431  	return keys
  3432  }
  3433  
  3434  func (s *http2sorter) SortStrings(ss []string) {
  3435  	// Our sorter works on s.v, which sorter owns, so
  3436  	// stash it away while we sort the user's buffer.
  3437  	save := s.v
  3438  	s.v = ss
  3439  	sort.Sort(s)
  3440  	s.v = save
  3441  }
  3442  
  3443  // validPseudoPath reports whether v is a valid :path pseudo-header
  3444  // value. It must be either:
  3445  //
  3446  //     *) a non-empty string starting with '/'
  3447  //     *) the string '*', for OPTIONS requests.
  3448  //
  3449  // For now this is only used a quick check for deciding when to clean
  3450  // up Opaque URLs before sending requests from the Transport.
  3451  // See golang.org/issue/16847
  3452  //
  3453  // We used to enforce that the path also didn't start with "//", but
  3454  // Google's GFE accepts such paths and Chrome sends them, so ignore
  3455  // that part of the spec. See golang.org/issue/19103.
  3456  func http2validPseudoPath(v string) bool {
  3457  	return (len(v) > 0 && v[0] == '/') || v == "*"
  3458  }
  3459  
  3460  // pipe is a goroutine-safe io.Reader/io.Writer pair. It's like
  3461  // io.Pipe except there are no PipeReader/PipeWriter halves, and the
  3462  // underlying buffer is an interface. (io.Pipe is always unbuffered)
  3463  type http2pipe struct {
  3464  	mu       sync.Mutex
  3465  	c        sync.Cond       // c.L lazily initialized to &p.mu
  3466  	b        http2pipeBuffer // nil when done reading
  3467  	err      error           // read error once empty. non-nil means closed.
  3468  	breakErr error           // immediate read error (caller doesn't see rest of b)
  3469  	donec    chan struct{}   // closed on error
  3470  	readFn   func()          // optional code to run in Read before error
  3471  }
  3472  
  3473  type http2pipeBuffer interface {
  3474  	Len() int
  3475  	io.Writer
  3476  	io.Reader
  3477  }
  3478  
  3479  func (p *http2pipe) Len() int {
  3480  	p.mu.Lock()
  3481  	defer p.mu.Unlock()
  3482  	if p.b == nil {
  3483  		return 0
  3484  	}
  3485  	return p.b.Len()
  3486  }
  3487  
  3488  // Read waits until data is available and copies bytes
  3489  // from the buffer into p.
  3490  func (p *http2pipe) Read(d []byte) (n int, err error) {
  3491  	p.mu.Lock()
  3492  	defer p.mu.Unlock()
  3493  	if p.c.L == nil {
  3494  		p.c.L = &p.mu
  3495  	}
  3496  	for {
  3497  		if p.breakErr != nil {
  3498  			return 0, p.breakErr
  3499  		}
  3500  		if p.b != nil && p.b.Len() > 0 {
  3501  			return p.b.Read(d)
  3502  		}
  3503  		if p.err != nil {
  3504  			if p.readFn != nil {
  3505  				p.readFn()     // e.g. copy trailers
  3506  				p.readFn = nil // not sticky like p.err
  3507  			}
  3508  			p.b = nil
  3509  			return 0, p.err
  3510  		}
  3511  		p.c.Wait()
  3512  	}
  3513  }
  3514  
  3515  var http2errClosedPipeWrite = errors.New("write on closed buffer")
  3516  
  3517  // Write copies bytes from p into the buffer and wakes a reader.
  3518  // It is an error to write more data than the buffer can hold.
  3519  func (p *http2pipe) Write(d []byte) (n int, err error) {
  3520  	p.mu.Lock()
  3521  	defer p.mu.Unlock()
  3522  	if p.c.L == nil {
  3523  		p.c.L = &p.mu
  3524  	}
  3525  	defer p.c.Signal()
  3526  	if p.err != nil {
  3527  		return 0, http2errClosedPipeWrite
  3528  	}
  3529  	if p.breakErr != nil {
  3530  		return len(d), nil // discard when there is no reader
  3531  	}
  3532  	return p.b.Write(d)
  3533  }
  3534  
  3535  // CloseWithError causes the next Read (waking up a current blocked
  3536  // Read if needed) to return the provided err after all data has been
  3537  // read.
  3538  //
  3539  // The error must be non-nil.
  3540  func (p *http2pipe) CloseWithError(err error) { p.closeWithError(&p.err, err, nil) }
  3541  
  3542  // BreakWithError causes the next Read (waking up a current blocked
  3543  // Read if needed) to return the provided err immediately, without
  3544  // waiting for unread data.
  3545  func (p *http2pipe) BreakWithError(err error) { p.closeWithError(&p.breakErr, err, nil) }
  3546  
  3547  // closeWithErrorAndCode is like CloseWithError but also sets some code to run
  3548  // in the caller's goroutine before returning the error.
  3549  func (p *http2pipe) closeWithErrorAndCode(err error, fn func()) { p.closeWithError(&p.err, err, fn) }
  3550  
  3551  func (p *http2pipe) closeWithError(dst *error, err error, fn func()) {
  3552  	if err == nil {
  3553  		panic("err must be non-nil")
  3554  	}
  3555  	p.mu.Lock()
  3556  	defer p.mu.Unlock()
  3557  	if p.c.L == nil {
  3558  		p.c.L = &p.mu
  3559  	}
  3560  	defer p.c.Signal()
  3561  	if *dst != nil {
  3562  		// Already been done.
  3563  		return
  3564  	}
  3565  	p.readFn = fn
  3566  	if dst == &p.breakErr {
  3567  		p.b = nil
  3568  	}
  3569  	*dst = err
  3570  	p.closeDoneLocked()
  3571  }
  3572  
  3573  // requires p.mu be held.
  3574  func (p *http2pipe) closeDoneLocked() {
  3575  	if p.donec == nil {
  3576  		return
  3577  	}
  3578  	// Close if unclosed. This isn't racy since we always
  3579  	// hold p.mu while closing.
  3580  	select {
  3581  	case <-p.donec:
  3582  	default:
  3583  		close(p.donec)
  3584  	}
  3585  }
  3586  
  3587  // Err returns the error (if any) first set by BreakWithError or CloseWithError.
  3588  func (p *http2pipe) Err() error {
  3589  	p.mu.Lock()
  3590  	defer p.mu.Unlock()
  3591  	if p.breakErr != nil {
  3592  		return p.breakErr
  3593  	}
  3594  	return p.err
  3595  }
  3596  
  3597  // Done returns a channel which is closed if and when this pipe is closed
  3598  // with CloseWithError.
  3599  func (p *http2pipe) Done() <-chan struct{} {
  3600  	p.mu.Lock()
  3601  	defer p.mu.Unlock()
  3602  	if p.donec == nil {
  3603  		p.donec = make(chan struct{})
  3604  		if p.err != nil || p.breakErr != nil {
  3605  			// Already hit an error.
  3606  			p.closeDoneLocked()
  3607  		}
  3608  	}
  3609  	return p.donec
  3610  }
  3611  
  3612  const (
  3613  	http2prefaceTimeout        = 10 * time.Second
  3614  	http2firstSettingsTimeout  = 2 * time.Second // should be in-flight with preface anyway
  3615  	http2handlerChunkWriteSize = 4 << 10
  3616  	http2defaultMaxStreams     = 250 // TODO: make this 100 as the GFE seems to?
  3617  )
  3618  
  3619  var (
  3620  	http2errClientDisconnected = errors.New("client disconnected")
  3621  	http2errClosedBody         = errors.New("body closed by handler")
  3622  	http2errHandlerComplete    = errors.New("http2: request body closed due to handler exiting")
  3623  	http2errStreamClosed       = errors.New("http2: stream closed")
  3624  )
  3625  
  3626  var http2responseWriterStatePool = sync.Pool{
  3627  	New: func() interface{} {
  3628  		rws := &http2responseWriterState{}
  3629  		rws.bw = bufio.NewWriterSize(http2chunkWriter{rws}, http2handlerChunkWriteSize)
  3630  		return rws
  3631  	},
  3632  }
  3633  
  3634  // Test hooks.
  3635  var (
  3636  	http2testHookOnConn        func()
  3637  	http2testHookGetServerConn func(*http2serverConn)
  3638  	http2testHookOnPanicMu     *sync.Mutex // nil except in tests
  3639  	http2testHookOnPanic       func(sc *http2serverConn, panicVal interface{}) (rePanic bool)
  3640  )
  3641  
  3642  // Server is an HTTP/2 server.
  3643  type http2Server struct {
  3644  	// MaxHandlers limits the number of http.Handler ServeHTTP goroutines
  3645  	// which may run at a time over all connections.
  3646  	// Negative or zero no limit.
  3647  	// TODO: implement
  3648  	MaxHandlers int
  3649  
  3650  	// MaxConcurrentStreams optionally specifies the number of
  3651  	// concurrent streams that each client may have open at a
  3652  	// time. This is unrelated to the number of http.Handler goroutines
  3653  	// which may be active globally, which is MaxHandlers.
  3654  	// If zero, MaxConcurrentStreams defaults to at least 100, per
  3655  	// the HTTP/2 spec's recommendations.
  3656  	MaxConcurrentStreams uint32
  3657  
  3658  	// MaxReadFrameSize optionally specifies the largest frame
  3659  	// this server is willing to read. A valid value is between
  3660  	// 16k and 16M, inclusive. If zero or otherwise invalid, a
  3661  	// default value is used.
  3662  	MaxReadFrameSize uint32
  3663  
  3664  	// PermitProhibitedCipherSuites, if true, permits the use of
  3665  	// cipher suites prohibited by the HTTP/2 spec.
  3666  	PermitProhibitedCipherSuites bool
  3667  
  3668  	// IdleTimeout specifies how long until idle clients should be
  3669  	// closed with a GOAWAY frame. PING frames are not considered
  3670  	// activity for the purposes of IdleTimeout.
  3671  	IdleTimeout time.Duration
  3672  
  3673  	// MaxUploadBufferPerConnection is the size of the initial flow
  3674  	// control window for each connections. The HTTP/2 spec does not
  3675  	// allow this to be smaller than 65535 or larger than 2^32-1.
  3676  	// If the value is outside this range, a default value will be
  3677  	// used instead.
  3678  	MaxUploadBufferPerConnection int32
  3679  
  3680  	// MaxUploadBufferPerStream is the size of the initial flow control
  3681  	// window for each stream. The HTTP/2 spec does not allow this to
  3682  	// be larger than 2^32-1. If the value is zero or larger than the
  3683  	// maximum, a default value will be used instead.
  3684  	MaxUploadBufferPerStream int32
  3685  
  3686  	// NewWriteScheduler constructs a write scheduler for a connection.
  3687  	// If nil, a default scheduler is chosen.
  3688  	NewWriteScheduler func() http2WriteScheduler
  3689  
  3690  	// Internal state. This is a pointer (rather than embedded directly)
  3691  	// so that we don't embed a Mutex in this struct, which will make the
  3692  	// struct non-copyable, which might break some callers.
  3693  	state *http2serverInternalState
  3694  }
  3695  
  3696  func (s *http2Server) initialConnRecvWindowSize() int32 {
  3697  	if s.MaxUploadBufferPerConnection > http2initialWindowSize {
  3698  		return s.MaxUploadBufferPerConnection
  3699  	}
  3700  	return 1 << 20
  3701  }
  3702  
  3703  func (s *http2Server) initialStreamRecvWindowSize() int32 {
  3704  	if s.MaxUploadBufferPerStream > 0 {
  3705  		return s.MaxUploadBufferPerStream
  3706  	}
  3707  	return 1 << 20
  3708  }
  3709  
  3710  func (s *http2Server) maxReadFrameSize() uint32 {
  3711  	if v := s.MaxReadFrameSize; v >= http2minMaxFrameSize && v <= http2maxFrameSize {
  3712  		return v
  3713  	}
  3714  	return http2defaultMaxReadFrameSize
  3715  }
  3716  
  3717  func (s *http2Server) maxConcurrentStreams() uint32 {
  3718  	if v := s.MaxConcurrentStreams; v > 0 {
  3719  		return v
  3720  	}
  3721  	return http2defaultMaxStreams
  3722  }
  3723  
  3724  type http2serverInternalState struct {
  3725  	mu          sync.Mutex
  3726  	activeConns map[*http2serverConn]struct{}
  3727  }
  3728  
  3729  func (s *http2serverInternalState) registerConn(sc *http2serverConn) {
  3730  	if s == nil {
  3731  		return // if the Server was used without calling ConfigureServer
  3732  	}
  3733  	s.mu.Lock()
  3734  	s.activeConns[sc] = struct{}{}
  3735  	s.mu.Unlock()
  3736  }
  3737  
  3738  func (s *http2serverInternalState) unregisterConn(sc *http2serverConn) {
  3739  	if s == nil {
  3740  		return // if the Server was used without calling ConfigureServer
  3741  	}
  3742  	s.mu.Lock()
  3743  	delete(s.activeConns, sc)
  3744  	s.mu.Unlock()
  3745  }
  3746  
  3747  func (s *http2serverInternalState) startGracefulShutdown() {
  3748  	if s == nil {
  3749  		return // if the Server was used without calling ConfigureServer
  3750  	}
  3751  	s.mu.Lock()
  3752  	for sc := range s.activeConns {
  3753  		sc.startGracefulShutdown()
  3754  	}
  3755  	s.mu.Unlock()
  3756  }
  3757  
  3758  // ConfigureServer adds HTTP/2 support to a net/http Server.
  3759  //
  3760  // The configuration conf may be nil.
  3761  //
  3762  // ConfigureServer must be called before s begins serving.
  3763  func http2ConfigureServer(s *Server, conf *http2Server) error {
  3764  	if s == nil {
  3765  		panic("nil *http.Server")
  3766  	}
  3767  	if conf == nil {
  3768  		conf = new(http2Server)
  3769  	}
  3770  	conf.state = &http2serverInternalState{activeConns: make(map[*http2serverConn]struct{})}
  3771  	if h1, h2 := s, conf; h2.IdleTimeout == 0 {
  3772  		if h1.IdleTimeout != 0 {
  3773  			h2.IdleTimeout = h1.IdleTimeout
  3774  		} else {
  3775  			h2.IdleTimeout = h1.ReadTimeout
  3776  		}
  3777  	}
  3778  	s.RegisterOnShutdown(conf.state.startGracefulShutdown)
  3779  
  3780  	if s.TLSConfig == nil {
  3781  		s.TLSConfig = new(tls.Config)
  3782  	} else if s.TLSConfig.CipherSuites != nil {
  3783  		// If they already provided a CipherSuite list, return
  3784  		// an error if it has a bad order or is missing
  3785  		// ECDHE_RSA_WITH_AES_128_GCM_SHA256 or ECDHE_ECDSA_WITH_AES_128_GCM_SHA256.
  3786  		haveRequired := false
  3787  		sawBad := false
  3788  		for i, cs := range s.TLSConfig.CipherSuites {
  3789  			switch cs {
  3790  			case tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
  3791  				// Alternative MTI cipher to not discourage ECDSA-only servers.
  3792  				// See http://golang.org/cl/30721 for further information.
  3793  				tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
  3794  				haveRequired = true
  3795  			}
  3796  			if http2isBadCipher(cs) {
  3797  				sawBad = true
  3798  			} else if sawBad {
  3799  				return fmt.Errorf("http2: TLSConfig.CipherSuites index %d contains an HTTP/2-approved cipher suite (%#04x), but it comes after unapproved cipher suites. With this configuration, clients that don't support previous, approved cipher suites may be given an unapproved one and reject the connection.", i, cs)
  3800  			}
  3801  		}
  3802  		if !haveRequired {
  3803  			return fmt.Errorf("http2: TLSConfig.CipherSuites is missing an HTTP/2-required AES_128_GCM_SHA256 cipher.")
  3804  		}
  3805  	}
  3806  
  3807  	// Note: not setting MinVersion to tls.VersionTLS12,
  3808  	// as we don't want to interfere with HTTP/1.1 traffic
  3809  	// on the user's server. We enforce TLS 1.2 later once
  3810  	// we accept a connection. Ideally this should be done
  3811  	// during next-proto selection, but using TLS <1.2 with
  3812  	// HTTP/2 is still the client's bug.
  3813  
  3814  	s.TLSConfig.PreferServerCipherSuites = true
  3815  
  3816  	haveNPN := false
  3817  	for _, p := range s.TLSConfig.NextProtos {
  3818  		if p == http2NextProtoTLS {
  3819  			haveNPN = true
  3820  			break
  3821  		}
  3822  	}
  3823  	if !haveNPN {
  3824  		s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, http2NextProtoTLS)
  3825  	}
  3826  
  3827  	if s.TLSNextProto == nil {
  3828  		s.TLSNextProto = map[string]func(*Server, *tls.Conn, Handler){}
  3829  	}
  3830  	protoHandler := func(hs *Server, c *tls.Conn, h Handler) {
  3831  		if http2testHookOnConn != nil {
  3832  			http2testHookOnConn()
  3833  		}
  3834  		conf.ServeConn(c, &http2ServeConnOpts{
  3835  			Handler:    h,
  3836  			BaseConfig: hs,
  3837  		})
  3838  	}
  3839  	s.TLSNextProto[http2NextProtoTLS] = protoHandler
  3840  	return nil
  3841  }
  3842  
  3843  // ServeConnOpts are options for the Server.ServeConn method.
  3844  type http2ServeConnOpts struct {
  3845  	// BaseConfig optionally sets the base configuration
  3846  	// for values. If nil, defaults are used.
  3847  	BaseConfig *Server
  3848  
  3849  	// Handler specifies which handler to use for processing
  3850  	// requests. If nil, BaseConfig.Handler is used. If BaseConfig
  3851  	// or BaseConfig.Handler is nil, http.DefaultServeMux is used.
  3852  	Handler Handler
  3853  }
  3854  
  3855  func (o *http2ServeConnOpts) baseConfig() *Server {
  3856  	if o != nil && o.BaseConfig != nil {
  3857  		return o.BaseConfig
  3858  	}
  3859  	return new(Server)
  3860  }
  3861  
  3862  func (o *http2ServeConnOpts) handler() Handler {
  3863  	if o != nil {
  3864  		if o.Handler != nil {
  3865  			return o.Handler
  3866  		}
  3867  		if o.BaseConfig != nil && o.BaseConfig.Handler != nil {
  3868  			return o.BaseConfig.Handler
  3869  		}
  3870  	}
  3871  	return DefaultServeMux
  3872  }
  3873  
  3874  // ServeConn serves HTTP/2 requests on the provided connection and
  3875  // blocks until the connection is no longer readable.
  3876  //
  3877  // ServeConn starts speaking HTTP/2 assuming that c has not had any
  3878  // reads or writes. It writes its initial settings frame and expects
  3879  // to be able to read the preface and settings frame from the
  3880  // client. If c has a ConnectionState method like a *tls.Conn, the
  3881  // ConnectionState is used to verify the TLS ciphersuite and to set
  3882  // the Request.TLS field in Handlers.
  3883  //
  3884  // ServeConn does not support h2c by itself. Any h2c support must be
  3885  // implemented in terms of providing a suitably-behaving net.Conn.
  3886  //
  3887  // The opts parameter is optional. If nil, default values are used.
  3888  func (s *http2Server) ServeConn(c net.Conn, opts *http2ServeConnOpts) {
  3889  	baseCtx, cancel := http2serverConnBaseContext(c, opts)
  3890  	defer cancel()
  3891  
  3892  	sc := &http2serverConn{
  3893  		srv:                         s,
  3894  		hs:                          opts.baseConfig(),
  3895  		conn:                        c,
  3896  		baseCtx:                     baseCtx,
  3897  		remoteAddrStr:               c.RemoteAddr().String(),
  3898  		bw:                          http2newBufferedWriter(c),
  3899  		handler:                     opts.handler(),
  3900  		streams:                     make(map[uint32]*http2stream),
  3901  		readFrameCh:                 make(chan http2readFrameResult),
  3902  		wantWriteFrameCh:            make(chan http2FrameWriteRequest, 8),
  3903  		serveMsgCh:                  make(chan interface{}, 8),
  3904  		wroteFrameCh:                make(chan http2frameWriteResult, 1), // buffered; one send in writeFrameAsync
  3905  		bodyReadCh:                  make(chan http2bodyReadMsg),         // buffering doesn't matter either way
  3906  		doneServing:                 make(chan struct{}),
  3907  		clientMaxStreams:            math.MaxUint32, // Section 6.5.2: "Initially, there is no limit to this value"
  3908  		advMaxStreams:               s.maxConcurrentStreams(),
  3909  		initialStreamSendWindowSize: http2initialWindowSize,
  3910  		maxFrameSize:                http2initialMaxFrameSize,
  3911  		headerTableSize:             http2initialHeaderTableSize,
  3912  		serveG:                      http2newGoroutineLock(),
  3913  		pushEnabled:                 true,
  3914  	}
  3915  
  3916  	s.state.registerConn(sc)
  3917  	defer s.state.unregisterConn(sc)
  3918  
  3919  	// The net/http package sets the write deadline from the
  3920  	// http.Server.WriteTimeout during the TLS handshake, but then
  3921  	// passes the connection off to us with the deadline already set.
  3922  	// Write deadlines are set per stream in serverConn.newStream.
  3923  	// Disarm the net.Conn write deadline here.
  3924  	if sc.hs.WriteTimeout != 0 {
  3925  		sc.conn.SetWriteDeadline(time.Time{})
  3926  	}
  3927  
  3928  	if s.NewWriteScheduler != nil {
  3929  		sc.writeSched = s.NewWriteScheduler()
  3930  	} else {
  3931  		sc.writeSched = http2NewRandomWriteScheduler()
  3932  	}
  3933  
  3934  	// These start at the RFC-specified defaults. If there is a higher
  3935  	// configured value for inflow, that will be updated when we send a
  3936  	// WINDOW_UPDATE shortly after sending SETTINGS.
  3937  	sc.flow.add(http2initialWindowSize)
  3938  	sc.inflow.add(http2initialWindowSize)
  3939  	sc.hpackEncoder = hpack.NewEncoder(&sc.headerWriteBuf)
  3940  
  3941  	fr := http2NewFramer(sc.bw, c)
  3942  	fr.ReadMetaHeaders = hpack.NewDecoder(http2initialHeaderTableSize, nil)
  3943  	fr.MaxHeaderListSize = sc.maxHeaderListSize()
  3944  	fr.SetMaxReadFrameSize(s.maxReadFrameSize())
  3945  	sc.framer = fr
  3946  
  3947  	if tc, ok := c.(http2connectionStater); ok {
  3948  		sc.tlsState = new(tls.ConnectionState)
  3949  		*sc.tlsState = tc.ConnectionState()
  3950  		// 9.2 Use of TLS Features
  3951  		// An implementation of HTTP/2 over TLS MUST use TLS
  3952  		// 1.2 or higher with the restrictions on feature set
  3953  		// and cipher suite described in this section. Due to
  3954  		// implementation limitations, it might not be
  3955  		// possible to fail TLS negotiation. An endpoint MUST
  3956  		// immediately terminate an HTTP/2 connection that
  3957  		// does not meet the TLS requirements described in
  3958  		// this section with a connection error (Section
  3959  		// 5.4.1) of type INADEQUATE_SECURITY.
  3960  		if sc.tlsState.Version < tls.VersionTLS12 {
  3961  			sc.rejectConn(http2ErrCodeInadequateSecurity, "TLS version too low")
  3962  			return
  3963  		}
  3964  
  3965  		if sc.tlsState.ServerName == "" {
  3966  			// Client must use SNI, but we don't enforce that anymore,
  3967  			// since it was causing problems when connecting to bare IP
  3968  			// addresses during development.
  3969  			//
  3970  			// TODO: optionally enforce? Or enforce at the time we receive
  3971  			// a new request, and verify the ServerName matches the :authority?
  3972  			// But that precludes proxy situations, perhaps.
  3973  			//
  3974  			// So for now, do nothing here again.
  3975  		}
  3976  
  3977  		if !s.PermitProhibitedCipherSuites && http2isBadCipher(sc.tlsState.CipherSuite) {
  3978  			// "Endpoints MAY choose to generate a connection error
  3979  			// (Section 5.4.1) of type INADEQUATE_SECURITY if one of
  3980  			// the prohibited cipher suites are negotiated."
  3981  			//
  3982  			// We choose that. In my opinion, the spec is weak
  3983  			// here. It also says both parties must support at least
  3984  			// TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 so there's no
  3985  			// excuses here. If we really must, we could allow an
  3986  			// "AllowInsecureWeakCiphers" option on the server later.
  3987  			// Let's see how it plays out first.
  3988  			sc.rejectConn(http2ErrCodeInadequateSecurity, fmt.Sprintf("Prohibited TLS 1.2 Cipher Suite: %x", sc.tlsState.CipherSuite))
  3989  			return
  3990  		}
  3991  	}
  3992  
  3993  	if hook := http2testHookGetServerConn; hook != nil {
  3994  		hook(sc)
  3995  	}
  3996  	sc.serve()
  3997  }
  3998  
  3999  func http2serverConnBaseContext(c net.Conn, opts *http2ServeConnOpts) (ctx context.Context, cancel func()) {
  4000  	ctx, cancel = context.WithCancel(context.Background())
  4001  	ctx = context.WithValue(ctx, LocalAddrContextKey, c.LocalAddr())
  4002  	if hs := opts.baseConfig(); hs != nil {
  4003  		ctx = context.WithValue(ctx, ServerContextKey, hs)
  4004  	}
  4005  	return
  4006  }
  4007  
  4008  func (sc *http2serverConn) rejectConn(err http2ErrCode, debug string) {
  4009  	sc.vlogf("http2: server rejecting conn: %v, %s", err, debug)
  4010  	// ignoring errors. hanging up anyway.
  4011  	sc.framer.WriteGoAway(0, err, []byte(debug))
  4012  	sc.bw.Flush()
  4013  	sc.conn.Close()
  4014  }
  4015  
  4016  type http2serverConn struct {
  4017  	// Immutable:
  4018  	srv              *http2Server
  4019  	hs               *Server
  4020  	conn             net.Conn
  4021  	bw               *http2bufferedWriter // writing to conn
  4022  	handler          Handler
  4023  	baseCtx          context.Context
  4024  	framer           *http2Framer
  4025  	doneServing      chan struct{}               // closed when serverConn.serve ends
  4026  	readFrameCh      chan http2readFrameResult   // written by serverConn.readFrames
  4027  	wantWriteFrameCh chan http2FrameWriteRequest // from handlers -> serve
  4028  	wroteFrameCh     chan http2frameWriteResult  // from writeFrameAsync -> serve, tickles more frame writes
  4029  	bodyReadCh       chan http2bodyReadMsg       // from handlers -> serve
  4030  	serveMsgCh       chan interface{}            // misc messages & code to send to / run on the serve loop
  4031  	flow             http2flow                   // conn-wide (not stream-specific) outbound flow control
  4032  	inflow           http2flow                   // conn-wide inbound flow control
  4033  	tlsState         *tls.ConnectionState        // shared by all handlers, like net/http
  4034  	remoteAddrStr    string
  4035  	writeSched       http2WriteScheduler
  4036  
  4037  	// Everything following is owned by the serve loop; use serveG.check():
  4038  	serveG                      http2goroutineLock // used to verify funcs are on serve()
  4039  	pushEnabled                 bool
  4040  	sawFirstSettings            bool // got the initial SETTINGS frame after the preface
  4041  	needToSendSettingsAck       bool
  4042  	unackedSettings             int    // how many SETTINGS have we sent without ACKs?
  4043  	clientMaxStreams            uint32 // SETTINGS_MAX_CONCURRENT_STREAMS from client (our PUSH_PROMISE limit)
  4044  	advMaxStreams               uint32 // our SETTINGS_MAX_CONCURRENT_STREAMS advertised the client
  4045  	curClientStreams            uint32 // number of open streams initiated by the client
  4046  	curPushedStreams            uint32 // number of open streams initiated by server push
  4047  	maxClientStreamID           uint32 // max ever seen from client (odd), or 0 if there have been no client requests
  4048  	maxPushPromiseID            uint32 // ID of the last push promise (even), or 0 if there have been no pushes
  4049  	streams                     map[uint32]*http2stream
  4050  	initialStreamSendWindowSize int32
  4051  	maxFrameSize                int32
  4052  	headerTableSize             uint32
  4053  	peerMaxHeaderListSize       uint32            // zero means unknown (default)
  4054  	canonHeader                 map[string]string // http2-lower-case -> Go-Canonical-Case
  4055  	writingFrame                bool              // started writing a frame (on serve goroutine or separate)
  4056  	writingFrameAsync           bool              // started a frame on its own goroutine but haven't heard back on wroteFrameCh
  4057  	needsFrameFlush             bool              // last frame write wasn't a flush
  4058  	inGoAway                    bool              // we've started to or sent GOAWAY
  4059  	inFrameScheduleLoop         bool              // whether we're in the scheduleFrameWrite loop
  4060  	needToSendGoAway            bool              // we need to schedule a GOAWAY frame write
  4061  	goAwayCode                  http2ErrCode
  4062  	shutdownTimer               *time.Timer // nil until used
  4063  	idleTimer                   *time.Timer // nil if unused
  4064  
  4065  	// Owned by the writeFrameAsync goroutine:
  4066  	headerWriteBuf bytes.Buffer
  4067  	hpackEncoder   *hpack.Encoder
  4068  
  4069  	// Used by startGracefulShutdown.
  4070  	shutdownOnce sync.Once
  4071  }
  4072  
  4073  func (sc *http2serverConn) maxHeaderListSize() uint32 {
  4074  	n := sc.hs.MaxHeaderBytes
  4075  	if n <= 0 {
  4076  		n = DefaultMaxHeaderBytes
  4077  	}
  4078  	// http2's count is in a slightly different unit and includes 32 bytes per pair.
  4079  	// So, take the net/http.Server value and pad it up a bit, assuming 10 headers.
  4080  	const perFieldOverhead = 32 // per http2 spec
  4081  	const typicalHeaders = 10   // conservative
  4082  	return uint32(n + typicalHeaders*perFieldOverhead)
  4083  }
  4084  
  4085  func (sc *http2serverConn) curOpenStreams() uint32 {
  4086  	sc.serveG.check()
  4087  	return sc.curClientStreams + sc.curPushedStreams
  4088  }
  4089  
  4090  // stream represents a stream. This is the minimal metadata needed by
  4091  // the serve goroutine. Most of the actual stream state is owned by
  4092  // the http.Handler's goroutine in the responseWriter. Because the
  4093  // responseWriter's responseWriterState is recycled at the end of a
  4094  // handler, this struct intentionally has no pointer to the
  4095  // *responseWriter{,State} itself, as the Handler ending nils out the
  4096  // responseWriter's state field.
  4097  type http2stream struct {
  4098  	// immutable:
  4099  	sc        *http2serverConn
  4100  	id        uint32
  4101  	body      *http2pipe       // non-nil if expecting DATA frames
  4102  	cw        http2closeWaiter // closed wait stream transitions to closed state
  4103  	ctx       context.Context
  4104  	cancelCtx func()
  4105  
  4106  	// owned by serverConn's serve loop:
  4107  	bodyBytes        int64        // body bytes seen so far
  4108  	declBodyBytes    int64        // or -1 if undeclared
  4109  	flow             http2flow    // limits writing from Handler to client
  4110  	inflow           http2flow    // what the client is allowed to POST/etc to us
  4111  	parent           *http2stream // or nil
  4112  	numTrailerValues int64
  4113  	weight           uint8
  4114  	state            http2streamState
  4115  	resetQueued      bool        // RST_STREAM queued for write; set by sc.resetStream
  4116  	gotTrailerHeader bool        // HEADER frame for trailers was seen
  4117  	wroteHeaders     bool        // whether we wrote headers (not status 100)
  4118  	writeDeadline    *time.Timer // nil if unused
  4119  
  4120  	trailer    Header // accumulated trailers
  4121  	reqTrailer Header // handler's Request.Trailer
  4122  }
  4123  
  4124  func (sc *http2serverConn) Framer() *http2Framer { return sc.framer }
  4125  
  4126  func (sc *http2serverConn) CloseConn() error { return sc.conn.Close() }
  4127  
  4128  func (sc *http2serverConn) Flush() error { return sc.bw.Flush() }
  4129  
  4130  func (sc *http2serverConn) HeaderEncoder() (*hpack.Encoder, *bytes.Buffer) {
  4131  	return sc.hpackEncoder, &sc.headerWriteBuf
  4132  }
  4133  
  4134  func (sc *http2serverConn) state(streamID uint32) (http2streamState, *http2stream) {
  4135  	sc.serveG.check()
  4136  	// http://tools.ietf.org/html/rfc7540#section-5.1
  4137  	if st, ok := sc.streams[streamID]; ok {
  4138  		return st.state, st
  4139  	}
  4140  	// "The first use of a new stream identifier implicitly closes all
  4141  	// streams in the "idle" state that might have been initiated by
  4142  	// that peer with a lower-valued stream identifier. For example, if
  4143  	// a client sends a HEADERS frame on stream 7 without ever sending a
  4144  	// frame on stream 5, then stream 5 transitions to the "closed"
  4145  	// state when the first frame for stream 7 is sent or received."
  4146  	if streamID%2 == 1 {
  4147  		if streamID <= sc.maxClientStreamID {
  4148  			return http2stateClosed, nil
  4149  		}
  4150  	} else {
  4151  		if streamID <= sc.maxPushPromiseID {
  4152  			return http2stateClosed, nil
  4153  		}
  4154  	}
  4155  	return http2stateIdle, nil
  4156  }
  4157  
  4158  // setConnState calls the net/http ConnState hook for this connection, if configured.
  4159  // Note that the net/http package does StateNew and StateClosed for us.
  4160  // There is currently no plan for StateHijacked or hijacking HTTP/2 connections.
  4161  func (sc *http2serverConn) setConnState(state ConnState) {
  4162  	if sc.hs.ConnState != nil {
  4163  		sc.hs.ConnState(sc.conn, state)
  4164  	}
  4165  }
  4166  
  4167  func (sc *http2serverConn) vlogf(format string, args ...interface{}) {
  4168  	if http2VerboseLogs {
  4169  		sc.logf(format, args...)
  4170  	}
  4171  }
  4172  
  4173  func (sc *http2serverConn) logf(format string, args ...interface{}) {
  4174  	if lg := sc.hs.ErrorLog; lg != nil {
  4175  		lg.Printf(format, args...)
  4176  	} else {
  4177  		log.Printf(format, args...)
  4178  	}
  4179  }
  4180  
  4181  // errno returns v's underlying uintptr, else 0.
  4182  //
  4183  // TODO: remove this helper function once http2 can use build
  4184  // tags. See comment in isClosedConnError.
  4185  func http2errno(v error) uintptr {
  4186  	if rv := reflect.ValueOf(v); rv.Kind() == reflect.Uintptr {
  4187  		return uintptr(rv.Uint())
  4188  	}
  4189  	return 0
  4190  }
  4191  
  4192  // isClosedConnError reports whether err is an error from use of a closed
  4193  // network connection.
  4194  func http2isClosedConnError(err error) bool {
  4195  	if err == nil {
  4196  		return false
  4197  	}
  4198  
  4199  	// TODO: remove this string search and be more like the Windows
  4200  	// case below. That might involve modifying the standard library
  4201  	// to return better error types.
  4202  	str := err.Error()
  4203  	if strings.Contains(str, "use of closed network connection") {
  4204  		return true
  4205  	}
  4206  
  4207  	// TODO(bradfitz): x/tools/cmd/bundle doesn't really support
  4208  	// build tags, so I can't make an http2_windows.go file with
  4209  	// Windows-specific stuff. Fix that and move this, once we
  4210  	// have a way to bundle this into std's net/http somehow.
  4211  	if runtime.GOOS == "windows" {
  4212  		if oe, ok := err.(*net.OpError); ok && oe.Op == "read" {
  4213  			if se, ok := oe.Err.(*os.SyscallError); ok && se.Syscall == "wsarecv" {
  4214  				const WSAECONNABORTED = 10053
  4215  				const WSAECONNRESET = 10054
  4216  				if n := http2errno(se.Err); n == WSAECONNRESET || n == WSAECONNABORTED {
  4217  					return true
  4218  				}
  4219  			}
  4220  		}
  4221  	}
  4222  	return false
  4223  }
  4224  
  4225  func (sc *http2serverConn) condlogf(err error, format string, args ...interface{}) {
  4226  	if err == nil {
  4227  		return
  4228  	}
  4229  	if err == io.EOF || err == io.ErrUnexpectedEOF || http2isClosedConnError(err) || err == http2errPrefaceTimeout {
  4230  		// Boring, expected errors.
  4231  		sc.vlogf(format, args...)
  4232  	} else {
  4233  		sc.logf(format, args...)
  4234  	}
  4235  }
  4236  
  4237  func (sc *http2serverConn) canonicalHeader(v string) string {
  4238  	sc.serveG.check()
  4239  	http2buildCommonHeaderMapsOnce()
  4240  	cv, ok := http2commonCanonHeader[v]
  4241  	if ok {
  4242  		return cv
  4243  	}
  4244  	cv, ok = sc.canonHeader[v]
  4245  	if ok {
  4246  		return cv
  4247  	}
  4248  	if sc.canonHeader == nil {
  4249  		sc.canonHeader = make(map[string]string)
  4250  	}
  4251  	cv = CanonicalHeaderKey(v)
  4252  	sc.canonHeader[v] = cv
  4253  	return cv
  4254  }
  4255  
  4256  type http2readFrameResult struct {
  4257  	f   http2Frame // valid until readMore is called
  4258  	err error
  4259  
  4260  	// readMore should be called once the consumer no longer needs or
  4261  	// retains f. After readMore, f is invalid and more frames can be
  4262  	// read.
  4263  	readMore func()
  4264  }
  4265  
  4266  // readFrames is the loop that reads incoming frames.
  4267  // It takes care to only read one frame at a time, blocking until the
  4268  // consumer is done with the frame.
  4269  // It's run on its own goroutine.
  4270  func (sc *http2serverConn) readFrames() {
  4271  	gate := make(http2gate)
  4272  	gateDone := gate.Done
  4273  	for {
  4274  		f, err := sc.framer.ReadFrame()
  4275  		select {
  4276  		case sc.readFrameCh <- http2readFrameResult{f, err, gateDone}:
  4277  		case <-sc.doneServing:
  4278  			return
  4279  		}
  4280  		select {
  4281  		case <-gate:
  4282  		case <-sc.doneServing:
  4283  			return
  4284  		}
  4285  		if http2terminalReadFrameError(err) {
  4286  			return
  4287  		}
  4288  	}
  4289  }
  4290  
  4291  // frameWriteResult is the message passed from writeFrameAsync to the serve goroutine.
  4292  type http2frameWriteResult struct {
  4293  	wr  http2FrameWriteRequest // what was written (or attempted)
  4294  	err error                  // result of the writeFrame call
  4295  }
  4296  
  4297  // writeFrameAsync runs in its own goroutine and writes a single frame
  4298  // and then reports when it's done.
  4299  // At most one goroutine can be running writeFrameAsync at a time per
  4300  // serverConn.
  4301  func (sc *http2serverConn) writeFrameAsync(wr http2FrameWriteRequest) {
  4302  	err := wr.write.writeFrame(sc)
  4303  	sc.wroteFrameCh <- http2frameWriteResult{wr, err}
  4304  }
  4305  
  4306  func (sc *http2serverConn) closeAllStreamsOnConnClose() {
  4307  	sc.serveG.check()
  4308  	for _, st := range sc.streams {
  4309  		sc.closeStream(st, http2errClientDisconnected)
  4310  	}
  4311  }
  4312  
  4313  func (sc *http2serverConn) stopShutdownTimer() {
  4314  	sc.serveG.check()
  4315  	if t := sc.shutdownTimer; t != nil {
  4316  		t.Stop()
  4317  	}
  4318  }
  4319  
  4320  func (sc *http2serverConn) notePanic() {
  4321  	// Note: this is for serverConn.serve panicking, not http.Handler code.
  4322  	if http2testHookOnPanicMu != nil {
  4323  		http2testHookOnPanicMu.Lock()
  4324  		defer http2testHookOnPanicMu.Unlock()
  4325  	}
  4326  	if http2testHookOnPanic != nil {
  4327  		if e := recover(); e != nil {
  4328  			if http2testHookOnPanic(sc, e) {
  4329  				panic(e)
  4330  			}
  4331  		}
  4332  	}
  4333  }
  4334  
  4335  func (sc *http2serverConn) serve() {
  4336  	sc.serveG.check()
  4337  	defer sc.notePanic()
  4338  	defer sc.conn.Close()
  4339  	defer sc.closeAllStreamsOnConnClose()
  4340  	defer sc.stopShutdownTimer()
  4341  	defer close(sc.doneServing) // unblocks handlers trying to send
  4342  
  4343  	if http2VerboseLogs {
  4344  		sc.vlogf("http2: server connection from %v on %p", sc.conn.RemoteAddr(), sc.hs)
  4345  	}
  4346  
  4347  	sc.writeFrame(http2FrameWriteRequest{
  4348  		write: http2writeSettings{
  4349  			{http2SettingMaxFrameSize, sc.srv.maxReadFrameSize()},
  4350  			{http2SettingMaxConcurrentStreams, sc.advMaxStreams},
  4351  			{http2SettingMaxHeaderListSize, sc.maxHeaderListSize()},
  4352  			{http2SettingInitialWindowSize, uint32(sc.srv.initialStreamRecvWindowSize())},
  4353  		},
  4354  	})
  4355  	sc.unackedSettings++
  4356  
  4357  	// Each connection starts with intialWindowSize inflow tokens.
  4358  	// If a higher value is configured, we add more tokens.
  4359  	if diff := sc.srv.initialConnRecvWindowSize() - http2initialWindowSize; diff > 0 {
  4360  		sc.sendWindowUpdate(nil, int(diff))
  4361  	}
  4362  
  4363  	if err := sc.readPreface(); err != nil {
  4364  		sc.condlogf(err, "http2: server: error reading preface from client %v: %v", sc.conn.RemoteAddr(), err)
  4365  		return
  4366  	}
  4367  	// Now that we've got the preface, get us out of the
  4368  	// "StateNew" state. We can't go directly to idle, though.
  4369  	// Active means we read some data and anticipate a request. We'll
  4370  	// do another Active when we get a HEADERS frame.
  4371  	sc.setConnState(StateActive)
  4372  	sc.setConnState(StateIdle)
  4373  
  4374  	if sc.srv.IdleTimeout != 0 {
  4375  		sc.idleTimer = time.AfterFunc(sc.srv.IdleTimeout, sc.onIdleTimer)
  4376  		defer sc.idleTimer.Stop()
  4377  	}
  4378  
  4379  	go sc.readFrames() // closed by defer sc.conn.Close above
  4380  
  4381  	settingsTimer := time.AfterFunc(http2firstSettingsTimeout, sc.onSettingsTimer)
  4382  	defer settingsTimer.Stop()
  4383  
  4384  	loopNum := 0
  4385  	for {
  4386  		loopNum++
  4387  		select {
  4388  		case wr := <-sc.wantWriteFrameCh:
  4389  			if se, ok := wr.write.(http2StreamError); ok {
  4390  				sc.resetStream(se)
  4391  				break
  4392  			}
  4393  			sc.writeFrame(wr)
  4394  		case res := <-sc.wroteFrameCh:
  4395  			sc.wroteFrame(res)
  4396  		case res := <-sc.readFrameCh:
  4397  			if !sc.processFrameFromReader(res) {
  4398  				return
  4399  			}
  4400  			res.readMore()
  4401  			if settingsTimer != nil {
  4402  				settingsTimer.Stop()
  4403  				settingsTimer = nil
  4404  			}
  4405  		case m := <-sc.bodyReadCh:
  4406  			sc.noteBodyRead(m.st, m.n)
  4407  		case msg := <-sc.serveMsgCh:
  4408  			switch v := msg.(type) {
  4409  			case func(int):
  4410  				v(loopNum) // for testing
  4411  			case *http2serverMessage:
  4412  				switch v {
  4413  				case http2settingsTimerMsg:
  4414  					sc.logf("timeout waiting for SETTINGS frames from %v", sc.conn.RemoteAddr())
  4415  					return
  4416  				case http2idleTimerMsg:
  4417  					sc.vlogf("connection is idle")
  4418  					sc.goAway(http2ErrCodeNo)
  4419  				case http2shutdownTimerMsg:
  4420  					sc.vlogf("GOAWAY close timer fired; closing conn from %v", sc.conn.RemoteAddr())
  4421  					return
  4422  				case http2gracefulShutdownMsg:
  4423  					sc.startGracefulShutdownInternal()
  4424  				default:
  4425  					panic("unknown timer")
  4426  				}
  4427  			case *http2startPushRequest:
  4428  				sc.startPush(v)
  4429  			default:
  4430  				panic(fmt.Sprintf("unexpected type %T", v))
  4431  			}
  4432  		}
  4433  
  4434  		// Start the shutdown timer after sending a GOAWAY. When sending GOAWAY
  4435  		// with no error code (graceful shutdown), don't start the timer until
  4436  		// all open streams have been completed.
  4437  		sentGoAway := sc.inGoAway && !sc.needToSendGoAway && !sc.writingFrame
  4438  		gracefulShutdownComplete := sc.goAwayCode == http2ErrCodeNo && sc.curOpenStreams() == 0
  4439  		if sentGoAway && sc.shutdownTimer == nil && (sc.goAwayCode != http2ErrCodeNo || gracefulShutdownComplete) {
  4440  			sc.shutDownIn(http2goAwayTimeout)
  4441  		}
  4442  	}
  4443  }
  4444  
  4445  func (sc *http2serverConn) awaitGracefulShutdown(sharedCh <-chan struct{}, privateCh chan struct{}) {
  4446  	select {
  4447  	case <-sc.doneServing:
  4448  	case <-sharedCh:
  4449  		close(privateCh)
  4450  	}
  4451  }
  4452  
  4453  type http2serverMessage int
  4454  
  4455  // Message values sent to serveMsgCh.
  4456  var (
  4457  	http2settingsTimerMsg    = new(http2serverMessage)
  4458  	http2idleTimerMsg        = new(http2serverMessage)
  4459  	http2shutdownTimerMsg    = new(http2serverMessage)
  4460  	http2gracefulShutdownMsg = new(http2serverMessage)
  4461  )
  4462  
  4463  func (sc *http2serverConn) onSettingsTimer() { sc.sendServeMsg(http2settingsTimerMsg) }
  4464  
  4465  func (sc *http2serverConn) onIdleTimer() { sc.sendServeMsg(http2idleTimerMsg) }
  4466  
  4467  func (sc *http2serverConn) onShutdownTimer() { sc.sendServeMsg(http2shutdownTimerMsg) }
  4468  
  4469  func (sc *http2serverConn) sendServeMsg(msg interface{}) {
  4470  	sc.serveG.checkNotOn() // NOT
  4471  	select {
  4472  	case sc.serveMsgCh <- msg:
  4473  	case <-sc.doneServing:
  4474  	}
  4475  }
  4476  
  4477  var http2errPrefaceTimeout = errors.New("timeout waiting for client preface")
  4478  
  4479  // readPreface reads the ClientPreface greeting from the peer or
  4480  // returns errPrefaceTimeout on timeout, or an error if the greeting
  4481  // is invalid.
  4482  func (sc *http2serverConn) readPreface() error {
  4483  	errc := make(chan error, 1)
  4484  	go func() {
  4485  		// Read the client preface
  4486  		buf := make([]byte, len(http2ClientPreface))
  4487  		if _, err := io.ReadFull(sc.conn, buf); err != nil {
  4488  			errc <- err
  4489  		} else if !bytes.Equal(buf, http2clientPreface) {
  4490  			errc <- fmt.Errorf("bogus greeting %q", buf)
  4491  		} else {
  4492  			errc <- nil
  4493  		}
  4494  	}()
  4495  	timer := time.NewTimer(http2prefaceTimeout) // TODO: configurable on *Server?
  4496  	defer timer.Stop()
  4497  	select {
  4498  	case <-timer.C:
  4499  		return http2errPrefaceTimeout
  4500  	case err := <-errc:
  4501  		if err == nil {
  4502  			if http2VerboseLogs {
  4503  				sc.vlogf("http2: server: client %v said hello", sc.conn.RemoteAddr())
  4504  			}
  4505  		}
  4506  		return err
  4507  	}
  4508  }
  4509  
  4510  var http2errChanPool = sync.Pool{
  4511  	New: func() interface{} { return make(chan error, 1) },
  4512  }
  4513  
  4514  var http2writeDataPool = sync.Pool{
  4515  	New: func() interface{} { return new(http2writeData) },
  4516  }
  4517  
  4518  // writeDataFromHandler writes DATA response frames from a handler on
  4519  // the given stream.
  4520  func (sc *http2serverConn) writeDataFromHandler(stream *http2stream, data []byte, endStream bool) error {
  4521  	ch := http2errChanPool.Get().(chan error)
  4522  	writeArg := http2writeDataPool.Get().(*http2writeData)
  4523  	*writeArg = http2writeData{stream.id, data, endStream}
  4524  	err := sc.writeFrameFromHandler(http2FrameWriteRequest{
  4525  		write:  writeArg,
  4526  		stream: stream,
  4527  		done:   ch,
  4528  	})
  4529  	if err != nil {
  4530  		return err
  4531  	}
  4532  	var frameWriteDone bool // the frame write is done (successfully or not)
  4533  	select {
  4534  	case err = <-ch:
  4535  		frameWriteDone = true
  4536  	case <-sc.doneServing:
  4537  		return http2errClientDisconnected
  4538  	case <-stream.cw:
  4539  		// If both ch and stream.cw were ready (as might
  4540  		// happen on the final Write after an http.Handler
  4541  		// ends), prefer the write result. Otherwise this
  4542  		// might just be us successfully closing the stream.
  4543  		// The writeFrameAsync and serve goroutines guarantee
  4544  		// that the ch send will happen before the stream.cw
  4545  		// close.
  4546  		select {
  4547  		case err = <-ch:
  4548  			frameWriteDone = true
  4549  		default:
  4550  			return http2errStreamClosed
  4551  		}
  4552  	}
  4553  	http2errChanPool.Put(ch)
  4554  	if frameWriteDone {
  4555  		http2writeDataPool.Put(writeArg)
  4556  	}
  4557  	return err
  4558  }
  4559  
  4560  // writeFrameFromHandler sends wr to sc.wantWriteFrameCh, but aborts
  4561  // if the connection has gone away.
  4562  //
  4563  // This must not be run from the serve goroutine itself, else it might
  4564  // deadlock writing to sc.wantWriteFrameCh (which is only mildly
  4565  // buffered and is read by serve itself). If you're on the serve
  4566  // goroutine, call writeFrame instead.
  4567  func (sc *http2serverConn) writeFrameFromHandler(wr http2FrameWriteRequest) error {
  4568  	sc.serveG.checkNotOn() // NOT
  4569  	select {
  4570  	case sc.wantWriteFrameCh <- wr:
  4571  		return nil
  4572  	case <-sc.doneServing:
  4573  		// Serve loop is gone.
  4574  		// Client has closed their connection to the server.
  4575  		return http2errClientDisconnected
  4576  	}
  4577  }
  4578  
  4579  // writeFrame schedules a frame to write and sends it if there's nothing
  4580  // already being written.
  4581  //
  4582  // There is no pushback here (the serve goroutine never blocks). It's
  4583  // the http.Handlers that block, waiting for their previous frames to
  4584  // make it onto the wire
  4585  //
  4586  // If you're not on the serve goroutine, use writeFrameFromHandler instead.
  4587  func (sc *http2serverConn) writeFrame(wr http2FrameWriteRequest) {
  4588  	sc.serveG.check()
  4589  
  4590  	// If true, wr will not be written and wr.done will not be signaled.
  4591  	var ignoreWrite bool
  4592  
  4593  	// We are not allowed to write frames on closed streams. RFC 7540 Section
  4594  	// 5.1.1 says: "An endpoint MUST NOT send frames other than PRIORITY on
  4595  	// a closed stream." Our server never sends PRIORITY, so that exception
  4596  	// does not apply.
  4597  	//
  4598  	// The serverConn might close an open stream while the stream's handler
  4599  	// is still running. For example, the server might close a stream when it
  4600  	// receives bad data from the client. If this happens, the handler might
  4601  	// attempt to write a frame after the stream has been closed (since the
  4602  	// handler hasn't yet been notified of the close). In this case, we simply
  4603  	// ignore the frame. The handler will notice that the stream is closed when
  4604  	// it waits for the frame to be written.
  4605  	//
  4606  	// As an exception to this rule, we allow sending RST_STREAM after close.
  4607  	// This allows us to immediately reject new streams without tracking any
  4608  	// state for those streams (except for the queued RST_STREAM frame). This
  4609  	// may result in duplicate RST_STREAMs in some cases, but the client should
  4610  	// ignore those.
  4611  	if wr.StreamID() != 0 {
  4612  		_, isReset := wr.write.(http2StreamError)
  4613  		if state, _ := sc.state(wr.StreamID()); state == http2stateClosed && !isReset {
  4614  			ignoreWrite = true
  4615  		}
  4616  	}
  4617  
  4618  	// Don't send a 100-continue response if we've already sent headers.
  4619  	// See golang.org/issue/14030.
  4620  	switch wr.write.(type) {
  4621  	case *http2writeResHeaders:
  4622  		wr.stream.wroteHeaders = true
  4623  	case http2write100ContinueHeadersFrame:
  4624  		if wr.stream.wroteHeaders {
  4625  			// We do not need to notify wr.done because this frame is
  4626  			// never written with wr.done != nil.
  4627  			if wr.done != nil {
  4628  				panic("wr.done != nil for write100ContinueHeadersFrame")
  4629  			}
  4630  			ignoreWrite = true
  4631  		}
  4632  	}
  4633  
  4634  	if !ignoreWrite {
  4635  		sc.writeSched.Push(wr)
  4636  	}
  4637  	sc.scheduleFrameWrite()
  4638  }
  4639  
  4640  // startFrameWrite starts a goroutine to write wr (in a separate
  4641  // goroutine since that might block on the network), and updates the
  4642  // serve goroutine's state about the world, updated from info in wr.
  4643  func (sc *http2serverConn) startFrameWrite(wr http2FrameWriteRequest) {
  4644  	sc.serveG.check()
  4645  	if sc.writingFrame {
  4646  		panic("internal error: can only be writing one frame at a time")
  4647  	}
  4648  
  4649  	st := wr.stream
  4650  	if st != nil {
  4651  		switch st.state {
  4652  		case http2stateHalfClosedLocal:
  4653  			switch wr.write.(type) {
  4654  			case http2StreamError, http2handlerPanicRST, http2writeWindowUpdate:
  4655  				// RFC 7540 Section 5.1 allows sending RST_STREAM, PRIORITY, and WINDOW_UPDATE
  4656  				// in this state. (We never send PRIORITY from the server, so that is not checked.)
  4657  			default:
  4658  				panic(fmt.Sprintf("internal error: attempt to send frame on a half-closed-local stream: %v", wr))
  4659  			}
  4660  		case http2stateClosed:
  4661  			panic(fmt.Sprintf("internal error: attempt to send frame on a closed stream: %v", wr))
  4662  		}
  4663  	}
  4664  	if wpp, ok := wr.write.(*http2writePushPromise); ok {
  4665  		var err error
  4666  		wpp.promisedID, err = wpp.allocatePromisedID()
  4667  		if err != nil {
  4668  			sc.writingFrameAsync = false
  4669  			wr.replyToWriter(err)
  4670  			return
  4671  		}
  4672  	}
  4673  
  4674  	sc.writingFrame = true
  4675  	sc.needsFrameFlush = true
  4676  	if wr.write.staysWithinBuffer(sc.bw.Available()) {
  4677  		sc.writingFrameAsync = false
  4678  		err := wr.write.writeFrame(sc)
  4679  		sc.wroteFrame(http2frameWriteResult{wr, err})
  4680  	} else {
  4681  		sc.writingFrameAsync = true
  4682  		go sc.writeFrameAsync(wr)
  4683  	}
  4684  }
  4685  
  4686  // errHandlerPanicked is the error given to any callers blocked in a read from
  4687  // Request.Body when the main goroutine panics. Since most handlers read in the
  4688  // main ServeHTTP goroutine, this will show up rarely.
  4689  var http2errHandlerPanicked = errors.New("http2: handler panicked")
  4690  
  4691  // wroteFrame is called on the serve goroutine with the result of
  4692  // whatever happened on writeFrameAsync.
  4693  func (sc *http2serverConn) wroteFrame(res http2frameWriteResult) {
  4694  	sc.serveG.check()
  4695  	if !sc.writingFrame {
  4696  		panic("internal error: expected to be already writing a frame")
  4697  	}
  4698  	sc.writingFrame = false
  4699  	sc.writingFrameAsync = false
  4700  
  4701  	wr := res.wr
  4702  
  4703  	if http2writeEndsStream(wr.write) {
  4704  		st := wr.stream
  4705  		if st == nil {
  4706  			panic("internal error: expecting non-nil stream")
  4707  		}
  4708  		switch st.state {
  4709  		case http2stateOpen:
  4710  			// Here we would go to stateHalfClosedLocal in
  4711  			// theory, but since our handler is done and
  4712  			// the net/http package provides no mechanism
  4713  			// for closing a ResponseWriter while still
  4714  			// reading data (see possible TODO at top of
  4715  			// this file), we go into closed state here
  4716  			// anyway, after telling the peer we're
  4717  			// hanging up on them. We'll transition to
  4718  			// stateClosed after the RST_STREAM frame is
  4719  			// written.
  4720  			st.state = http2stateHalfClosedLocal
  4721  			// Section 8.1: a server MAY request that the client abort
  4722  			// transmission of a request without error by sending a
  4723  			// RST_STREAM with an error code of NO_ERROR after sending
  4724  			// a complete response.
  4725  			sc.resetStream(http2streamError(st.id, http2ErrCodeNo))
  4726  		case http2stateHalfClosedRemote:
  4727  			sc.closeStream(st, http2errHandlerComplete)
  4728  		}
  4729  	} else {
  4730  		switch v := wr.write.(type) {
  4731  		case http2StreamError:
  4732  			// st may be unknown if the RST_STREAM was generated to reject bad input.
  4733  			if st, ok := sc.streams[v.StreamID]; ok {
  4734  				sc.closeStream(st, v)
  4735  			}
  4736  		case http2handlerPanicRST:
  4737  			sc.closeStream(wr.stream, http2errHandlerPanicked)
  4738  		}
  4739  	}
  4740  
  4741  	// Reply (if requested) to unblock the ServeHTTP goroutine.
  4742  	wr.replyToWriter(res.err)
  4743  
  4744  	sc.scheduleFrameWrite()
  4745  }
  4746  
  4747  // scheduleFrameWrite tickles the frame writing scheduler.
  4748  //
  4749  // If a frame is already being written, nothing happens. This will be called again
  4750  // when the frame is done being written.
  4751  //
  4752  // If a frame isn't being written we need to send one, the best frame
  4753  // to send is selected, preferring first things that aren't
  4754  // stream-specific (e.g. ACKing settings), and then finding the
  4755  // highest priority stream.
  4756  //
  4757  // If a frame isn't being written and there's nothing else to send, we
  4758  // flush the write buffer.
  4759  func (sc *http2serverConn) scheduleFrameWrite() {
  4760  	sc.serveG.check()
  4761  	if sc.writingFrame || sc.inFrameScheduleLoop {
  4762  		return
  4763  	}
  4764  	sc.inFrameScheduleLoop = true
  4765  	for !sc.writingFrameAsync {
  4766  		if sc.needToSendGoAway {
  4767  			sc.needToSendGoAway = false
  4768  			sc.startFrameWrite(http2FrameWriteRequest{
  4769  				write: &http2writeGoAway{
  4770  					maxStreamID: sc.maxClientStreamID,
  4771  					code:        sc.goAwayCode,
  4772  				},
  4773  			})
  4774  			continue
  4775  		}
  4776  		if sc.needToSendSettingsAck {
  4777  			sc.needToSendSettingsAck = false
  4778  			sc.startFrameWrite(http2FrameWriteRequest{write: http2writeSettingsAck{}})
  4779  			continue
  4780  		}
  4781  		if !sc.inGoAway || sc.goAwayCode == http2ErrCodeNo {
  4782  			if wr, ok := sc.writeSched.Pop(); ok {
  4783  				sc.startFrameWrite(wr)
  4784  				continue
  4785  			}
  4786  		}
  4787  		if sc.needsFrameFlush {
  4788  			sc.startFrameWrite(http2FrameWriteRequest{write: http2flushFrameWriter{}})
  4789  			sc.needsFrameFlush = false // after startFrameWrite, since it sets this true
  4790  			continue
  4791  		}
  4792  		break
  4793  	}
  4794  	sc.inFrameScheduleLoop = false
  4795  }
  4796  
  4797  // startGracefulShutdown gracefully shuts down a connection. This
  4798  // sends GOAWAY with ErrCodeNo to tell the client we're gracefully
  4799  // shutting down. The connection isn't closed until all current
  4800  // streams are done.
  4801  //
  4802  // startGracefulShutdown returns immediately; it does not wait until
  4803  // the connection has shut down.
  4804  func (sc *http2serverConn) startGracefulShutdown() {
  4805  	sc.serveG.checkNotOn() // NOT
  4806  	sc.shutdownOnce.Do(func() { sc.sendServeMsg(http2gracefulShutdownMsg) })
  4807  }
  4808  
  4809  // After sending GOAWAY, the connection will close after goAwayTimeout.
  4810  // If we close the connection immediately after sending GOAWAY, there may
  4811  // be unsent data in our kernel receive buffer, which will cause the kernel
  4812  // to send a TCP RST on close() instead of a FIN. This RST will abort the
  4813  // connection immediately, whether or not the client had received the GOAWAY.
  4814  //
  4815  // Ideally we should delay for at least 1 RTT + epsilon so the client has
  4816  // a chance to read the GOAWAY and stop sending messages. Measuring RTT
  4817  // is hard, so we approximate with 1 second. See golang.org/issue/18701.
  4818  //
  4819  // This is a var so it can be shorter in tests, where all requests uses the
  4820  // loopback interface making the expected RTT very small.
  4821  //
  4822  // TODO: configurable?
  4823  var http2goAwayTimeout = 1 * time.Second
  4824  
  4825  func (sc *http2serverConn) startGracefulShutdownInternal() {
  4826  	sc.goAway(http2ErrCodeNo)
  4827  }
  4828  
  4829  func (sc *http2serverConn) goAway(code http2ErrCode) {
  4830  	sc.serveG.check()
  4831  	if sc.inGoAway {
  4832  		return
  4833  	}
  4834  	sc.inGoAway = true
  4835  	sc.needToSendGoAway = true
  4836  	sc.goAwayCode = code
  4837  	sc.scheduleFrameWrite()
  4838  }
  4839  
  4840  func (sc *http2serverConn) shutDownIn(d time.Duration) {
  4841  	sc.serveG.check()
  4842  	sc.shutdownTimer = time.AfterFunc(d, sc.onShutdownTimer)
  4843  }
  4844  
  4845  func (sc *http2serverConn) resetStream(se http2StreamError) {
  4846  	sc.serveG.check()
  4847  	sc.writeFrame(http2FrameWriteRequest{write: se})
  4848  	if st, ok := sc.streams[se.StreamID]; ok {
  4849  		st.resetQueued = true
  4850  	}
  4851  }
  4852  
  4853  // processFrameFromReader processes the serve loop's read from readFrameCh from the
  4854  // frame-reading goroutine.
  4855  // processFrameFromReader returns whether the connection should be kept open.
  4856  func (sc *http2serverConn) processFrameFromReader(res http2readFrameResult) bool {
  4857  	sc.serveG.check()
  4858  	err := res.err
  4859  	if err != nil {
  4860  		if err == http2ErrFrameTooLarge {
  4861  			sc.goAway(http2ErrCodeFrameSize)
  4862  			return true // goAway will close the loop
  4863  		}
  4864  		clientGone := err == io.EOF || err == io.ErrUnexpectedEOF || http2isClosedConnError(err)
  4865  		if clientGone {
  4866  			// TODO: could we also get into this state if
  4867  			// the peer does a half close
  4868  			// (e.g. CloseWrite) because they're done
  4869  			// sending frames but they're still wanting
  4870  			// our open replies?  Investigate.
  4871  			// TODO: add CloseWrite to crypto/tls.Conn first
  4872  			// so we have a way to test this? I suppose
  4873  			// just for testing we could have a non-TLS mode.
  4874  			return false
  4875  		}
  4876  	} else {
  4877  		f := res.f
  4878  		if http2VerboseLogs {
  4879  			sc.vlogf("http2: server read frame %v", http2summarizeFrame(f))
  4880  		}
  4881  		err = sc.processFrame(f)
  4882  		if err == nil {
  4883  			return true
  4884  		}
  4885  	}
  4886  
  4887  	switch ev := err.(type) {
  4888  	case http2StreamError:
  4889  		sc.resetStream(ev)
  4890  		return true
  4891  	case http2goAwayFlowError:
  4892  		sc.goAway(http2ErrCodeFlowControl)
  4893  		return true
  4894  	case http2ConnectionError:
  4895  		sc.logf("http2: server connection error from %v: %v", sc.conn.RemoteAddr(), ev)
  4896  		sc.goAway(http2ErrCode(ev))
  4897  		return true // goAway will handle shutdown
  4898  	default:
  4899  		if res.err != nil {
  4900  			sc.vlogf("http2: server closing client connection; error reading frame from client %s: %v", sc.conn.RemoteAddr(), err)
  4901  		} else {
  4902  			sc.logf("http2: server closing client connection: %v", err)
  4903  		}
  4904  		return false
  4905  	}
  4906  }
  4907  
  4908  func (sc *http2serverConn) processFrame(f http2Frame) error {
  4909  	sc.serveG.check()
  4910  
  4911  	// First frame received must be SETTINGS.
  4912  	if !sc.sawFirstSettings {
  4913  		if _, ok := f.(*http2SettingsFrame); !ok {
  4914  			return http2ConnectionError(http2ErrCodeProtocol)
  4915  		}
  4916  		sc.sawFirstSettings = true
  4917  	}
  4918  
  4919  	switch f := f.(type) {
  4920  	case *http2SettingsFrame:
  4921  		return sc.processSettings(f)
  4922  	case *http2MetaHeadersFrame:
  4923  		return sc.processHeaders(f)
  4924  	case *http2WindowUpdateFrame:
  4925  		return sc.processWindowUpdate(f)
  4926  	case *http2PingFrame:
  4927  		return sc.processPing(f)
  4928  	case *http2DataFrame:
  4929  		return sc.processData(f)
  4930  	case *http2RSTStreamFrame:
  4931  		return sc.processResetStream(f)
  4932  	case *http2PriorityFrame:
  4933  		return sc.processPriority(f)
  4934  	case *http2GoAwayFrame:
  4935  		return sc.processGoAway(f)
  4936  	case *http2PushPromiseFrame:
  4937  		// A client cannot push. Thus, servers MUST treat the receipt of a PUSH_PROMISE
  4938  		// frame as a connection error (Section 5.4.1) of type PROTOCOL_ERROR.
  4939  		return http2ConnectionError(http2ErrCodeProtocol)
  4940  	default:
  4941  		sc.vlogf("http2: server ignoring frame: %v", f.Header())
  4942  		return nil
  4943  	}
  4944  }
  4945  
  4946  func (sc *http2serverConn) processPing(f *http2PingFrame) error {
  4947  	sc.serveG.check()
  4948  	if f.IsAck() {
  4949  		// 6.7 PING: " An endpoint MUST NOT respond to PING frames
  4950  		// containing this flag."
  4951  		return nil
  4952  	}
  4953  	if f.StreamID != 0 {
  4954  		// "PING frames are not associated with any individual
  4955  		// stream. If a PING frame is received with a stream
  4956  		// identifier field value other than 0x0, the recipient MUST
  4957  		// respond with a connection error (Section 5.4.1) of type
  4958  		// PROTOCOL_ERROR."
  4959  		return http2ConnectionError(http2ErrCodeProtocol)
  4960  	}
  4961  	if sc.inGoAway && sc.goAwayCode != http2ErrCodeNo {
  4962  		return nil
  4963  	}
  4964  	sc.writeFrame(http2FrameWriteRequest{write: http2writePingAck{f}})
  4965  	return nil
  4966  }
  4967  
  4968  func (sc *http2serverConn) processWindowUpdate(f *http2WindowUpdateFrame) error {
  4969  	sc.serveG.check()
  4970  	switch {
  4971  	case f.StreamID != 0: // stream-level flow control
  4972  		state, st := sc.state(f.StreamID)
  4973  		if state == http2stateIdle {
  4974  			// Section 5.1: "Receiving any frame other than HEADERS
  4975  			// or PRIORITY on a stream in this state MUST be
  4976  			// treated as a connection error (Section 5.4.1) of
  4977  			// type PROTOCOL_ERROR."
  4978  			return http2ConnectionError(http2ErrCodeProtocol)
  4979  		}
  4980  		if st == nil {
  4981  			// "WINDOW_UPDATE can be sent by a peer that has sent a
  4982  			// frame bearing the END_STREAM flag. This means that a
  4983  			// receiver could receive a WINDOW_UPDATE frame on a "half
  4984  			// closed (remote)" or "closed" stream. A receiver MUST
  4985  			// NOT treat this as an error, see Section 5.1."
  4986  			return nil
  4987  		}
  4988  		if !st.flow.add(int32(f.Increment)) {
  4989  			return http2streamError(f.StreamID, http2ErrCodeFlowControl)
  4990  		}
  4991  	default: // connection-level flow control
  4992  		if !sc.flow.add(int32(f.Increment)) {
  4993  			return http2goAwayFlowError{}
  4994  		}
  4995  	}
  4996  	sc.scheduleFrameWrite()
  4997  	return nil
  4998  }
  4999  
  5000  func (sc *http2serverConn) processResetStream(f *http2RSTStreamFrame) error {
  5001  	sc.serveG.check()
  5002  
  5003  	state, st := sc.state(f.StreamID)
  5004  	if state == http2stateIdle {
  5005  		// 6.4 "RST_STREAM frames MUST NOT be sent for a
  5006  		// stream in the "idle" state. If a RST_STREAM frame
  5007  		// identifying an idle stream is received, the
  5008  		// recipient MUST treat this as a connection error
  5009  		// (Section 5.4.1) of type PROTOCOL_ERROR.
  5010  		return http2ConnectionError(http2ErrCodeProtocol)
  5011  	}
  5012  	if st != nil {
  5013  		st.cancelCtx()
  5014  		sc.closeStream(st, http2streamError(f.StreamID, f.ErrCode))
  5015  	}
  5016  	return nil
  5017  }
  5018  
  5019  func (sc *http2serverConn) closeStream(st *http2stream, err error) {
  5020  	sc.serveG.check()
  5021  	if st.state == http2stateIdle || st.state == http2stateClosed {
  5022  		panic(fmt.Sprintf("invariant; can't close stream in state %v", st.state))
  5023  	}
  5024  	st.state = http2stateClosed
  5025  	if st.writeDeadline != nil {
  5026  		st.writeDeadline.Stop()
  5027  	}
  5028  	if st.isPushed() {
  5029  		sc.curPushedStreams--
  5030  	} else {
  5031  		sc.curClientStreams--
  5032  	}
  5033  	delete(sc.streams, st.id)
  5034  	if len(sc.streams) == 0 {
  5035  		sc.setConnState(StateIdle)
  5036  		if sc.srv.IdleTimeout != 0 {
  5037  			sc.idleTimer.Reset(sc.srv.IdleTimeout)
  5038  		}
  5039  		if http2h1ServerKeepAlivesDisabled(sc.hs) {
  5040  			sc.startGracefulShutdownInternal()
  5041  		}
  5042  	}
  5043  	if p := st.body; p != nil {
  5044  		// Return any buffered unread bytes worth of conn-level flow control.
  5045  		// See golang.org/issue/16481
  5046  		sc.sendWindowUpdate(nil, p.Len())
  5047  
  5048  		p.CloseWithError(err)
  5049  	}
  5050  	st.cw.Close() // signals Handler's CloseNotifier, unblocks writes, etc
  5051  	sc.writeSched.CloseStream(st.id)
  5052  }
  5053  
  5054  func (sc *http2serverConn) processSettings(f *http2SettingsFrame) error {
  5055  	sc.serveG.check()
  5056  	if f.IsAck() {
  5057  		sc.unackedSettings--
  5058  		if sc.unackedSettings < 0 {
  5059  			// Why is the peer ACKing settings we never sent?
  5060  			// The spec doesn't mention this case, but
  5061  			// hang up on them anyway.
  5062  			return http2ConnectionError(http2ErrCodeProtocol)
  5063  		}
  5064  		return nil
  5065  	}
  5066  	if f.NumSettings() > 100 || f.HasDuplicates() {
  5067  		// This isn't actually in the spec, but hang up on
  5068  		// suspiciously large settings frames or those with
  5069  		// duplicate entries.
  5070  		return http2ConnectionError(http2ErrCodeProtocol)
  5071  	}
  5072  	if err := f.ForeachSetting(sc.processSetting); err != nil {
  5073  		return err
  5074  	}
  5075  	sc.needToSendSettingsAck = true
  5076  	sc.scheduleFrameWrite()
  5077  	return nil
  5078  }
  5079  
  5080  func (sc *http2serverConn) processSetting(s http2Setting) error {
  5081  	sc.serveG.check()
  5082  	if err := s.Valid(); err != nil {
  5083  		return err
  5084  	}
  5085  	if http2VerboseLogs {
  5086  		sc.vlogf("http2: server processing setting %v", s)
  5087  	}
  5088  	switch s.ID {
  5089  	case http2SettingHeaderTableSize:
  5090  		sc.headerTableSize = s.Val
  5091  		sc.hpackEncoder.SetMaxDynamicTableSize(s.Val)
  5092  	case http2SettingEnablePush:
  5093  		sc.pushEnabled = s.Val != 0
  5094  	case http2SettingMaxConcurrentStreams:
  5095  		sc.clientMaxStreams = s.Val
  5096  	case http2SettingInitialWindowSize:
  5097  		return sc.processSettingInitialWindowSize(s.Val)
  5098  	case http2SettingMaxFrameSize:
  5099  		sc.maxFrameSize = int32(s.Val) // the maximum valid s.Val is < 2^31
  5100  	case http2SettingMaxHeaderListSize:
  5101  		sc.peerMaxHeaderListSize = s.Val
  5102  	default:
  5103  		// Unknown setting: "An endpoint that receives a SETTINGS
  5104  		// frame with any unknown or unsupported identifier MUST
  5105  		// ignore that setting."
  5106  		if http2VerboseLogs {
  5107  			sc.vlogf("http2: server ignoring unknown setting %v", s)
  5108  		}
  5109  	}
  5110  	return nil
  5111  }
  5112  
  5113  func (sc *http2serverConn) processSettingInitialWindowSize(val uint32) error {
  5114  	sc.serveG.check()
  5115  	// Note: val already validated to be within range by
  5116  	// processSetting's Valid call.
  5117  
  5118  	// "A SETTINGS frame can alter the initial flow control window
  5119  	// size for all current streams. When the value of
  5120  	// SETTINGS_INITIAL_WINDOW_SIZE changes, a receiver MUST
  5121  	// adjust the size of all stream flow control windows that it
  5122  	// maintains by the difference between the new value and the
  5123  	// old value."
  5124  	old := sc.initialStreamSendWindowSize
  5125  	sc.initialStreamSendWindowSize = int32(val)
  5126  	growth := int32(val) - old // may be negative
  5127  	for _, st := range sc.streams {
  5128  		if !st.flow.add(growth) {
  5129  			// 6.9.2 Initial Flow Control Window Size
  5130  			// "An endpoint MUST treat a change to
  5131  			// SETTINGS_INITIAL_WINDOW_SIZE that causes any flow
  5132  			// control window to exceed the maximum size as a
  5133  			// connection error (Section 5.4.1) of type
  5134  			// FLOW_CONTROL_ERROR."
  5135  			return http2ConnectionError(http2ErrCodeFlowControl)
  5136  		}
  5137  	}
  5138  	return nil
  5139  }
  5140  
  5141  func (sc *http2serverConn) processData(f *http2DataFrame) error {
  5142  	sc.serveG.check()
  5143  	if sc.inGoAway && sc.goAwayCode != http2ErrCodeNo {
  5144  		return nil
  5145  	}
  5146  	data := f.Data()
  5147  
  5148  	// "If a DATA frame is received whose stream is not in "open"
  5149  	// or "half closed (local)" state, the recipient MUST respond
  5150  	// with a stream error (Section 5.4.2) of type STREAM_CLOSED."
  5151  	id := f.Header().StreamID
  5152  	state, st := sc.state(id)
  5153  	if id == 0 || state == http2stateIdle {
  5154  		// Section 5.1: "Receiving any frame other than HEADERS
  5155  		// or PRIORITY on a stream in this state MUST be
  5156  		// treated as a connection error (Section 5.4.1) of
  5157  		// type PROTOCOL_ERROR."
  5158  		return http2ConnectionError(http2ErrCodeProtocol)
  5159  	}
  5160  	if st == nil || state != http2stateOpen || st.gotTrailerHeader || st.resetQueued {
  5161  		// This includes sending a RST_STREAM if the stream is
  5162  		// in stateHalfClosedLocal (which currently means that
  5163  		// the http.Handler returned, so it's done reading &
  5164  		// done writing). Try to stop the client from sending
  5165  		// more DATA.
  5166  
  5167  		// But still enforce their connection-level flow control,
  5168  		// and return any flow control bytes since we're not going
  5169  		// to consume them.
  5170  		if sc.inflow.available() < int32(f.Length) {
  5171  			return http2streamError(id, http2ErrCodeFlowControl)
  5172  		}
  5173  		// Deduct the flow control from inflow, since we're
  5174  		// going to immediately add it back in
  5175  		// sendWindowUpdate, which also schedules sending the
  5176  		// frames.
  5177  		sc.inflow.take(int32(f.Length))
  5178  		sc.sendWindowUpdate(nil, int(f.Length)) // conn-level
  5179  
  5180  		if st != nil && st.resetQueued {
  5181  			// Already have a stream error in flight. Don't send another.
  5182  			return nil
  5183  		}
  5184  		return http2streamError(id, http2ErrCodeStreamClosed)
  5185  	}
  5186  	if st.body == nil {
  5187  		panic("internal error: should have a body in this state")
  5188  	}
  5189  
  5190  	// Sender sending more than they'd declared?
  5191  	if st.declBodyBytes != -1 && st.bodyBytes+int64(len(data)) > st.declBodyBytes {
  5192  		st.body.CloseWithError(fmt.Errorf("sender tried to send more than declared Content-Length of %d bytes", st.declBodyBytes))
  5193  		// RFC 7540, sec 8.1.2.6: A request or response is also malformed if the
  5194  		// value of a content-length header field does not equal the sum of the
  5195  		// DATA frame payload lengths that form the body.
  5196  		return http2streamError(id, http2ErrCodeProtocol)
  5197  	}
  5198  	if f.Length > 0 {
  5199  		// Check whether the client has flow control quota.
  5200  		if st.inflow.available() < int32(f.Length) {
  5201  			return http2streamError(id, http2ErrCodeFlowControl)
  5202  		}
  5203  		st.inflow.take(int32(f.Length))
  5204  
  5205  		if len(data) > 0 {
  5206  			wrote, err := st.body.Write(data)
  5207  			if err != nil {
  5208  				return http2streamError(id, http2ErrCodeStreamClosed)
  5209  			}
  5210  			if wrote != len(data) {
  5211  				panic("internal error: bad Writer")
  5212  			}
  5213  			st.bodyBytes += int64(len(data))
  5214  		}
  5215  
  5216  		// Return any padded flow control now, since we won't
  5217  		// refund it later on body reads.
  5218  		if pad := int32(f.Length) - int32(len(data)); pad > 0 {
  5219  			sc.sendWindowUpdate32(nil, pad)
  5220  			sc.sendWindowUpdate32(st, pad)
  5221  		}
  5222  	}
  5223  	if f.StreamEnded() {
  5224  		st.endStream()
  5225  	}
  5226  	return nil
  5227  }
  5228  
  5229  func (sc *http2serverConn) processGoAway(f *http2GoAwayFrame) error {
  5230  	sc.serveG.check()
  5231  	if f.ErrCode != http2ErrCodeNo {
  5232  		sc.logf("http2: received GOAWAY %+v, starting graceful shutdown", f)
  5233  	} else {
  5234  		sc.vlogf("http2: received GOAWAY %+v, starting graceful shutdown", f)
  5235  	}
  5236  	sc.startGracefulShutdownInternal()
  5237  	// http://tools.ietf.org/html/rfc7540#section-6.8
  5238  	// We should not create any new streams, which means we should disable push.
  5239  	sc.pushEnabled = false
  5240  	return nil
  5241  }
  5242  
  5243  // isPushed reports whether the stream is server-initiated.
  5244  func (st *http2stream) isPushed() bool {
  5245  	return st.id%2 == 0
  5246  }
  5247  
  5248  // endStream closes a Request.Body's pipe. It is called when a DATA
  5249  // frame says a request body is over (or after trailers).
  5250  func (st *http2stream) endStream() {
  5251  	sc := st.sc
  5252  	sc.serveG.check()
  5253  
  5254  	if st.declBodyBytes != -1 && st.declBodyBytes != st.bodyBytes {
  5255  		st.body.CloseWithError(fmt.Errorf("request declared a Content-Length of %d but only wrote %d bytes",
  5256  			st.declBodyBytes, st.bodyBytes))
  5257  	} else {
  5258  		st.body.closeWithErrorAndCode(io.EOF, st.copyTrailersToHandlerRequest)
  5259  		st.body.CloseWithError(io.EOF)
  5260  	}
  5261  	st.state = http2stateHalfClosedRemote
  5262  }
  5263  
  5264  // copyTrailersToHandlerRequest is run in the Handler's goroutine in
  5265  // its Request.Body.Read just before it gets io.EOF.
  5266  func (st *http2stream) copyTrailersToHandlerRequest() {
  5267  	for k, vv := range st.trailer {
  5268  		if _, ok := st.reqTrailer[k]; ok {
  5269  			// Only copy it over it was pre-declared.
  5270  			st.reqTrailer[k] = vv
  5271  		}
  5272  	}
  5273  }
  5274  
  5275  // onWriteTimeout is run on its own goroutine (from time.AfterFunc)
  5276  // when the stream's WriteTimeout has fired.
  5277  func (st *http2stream) onWriteTimeout() {
  5278  	st.sc.writeFrameFromHandler(http2FrameWriteRequest{write: http2streamError(st.id, http2ErrCodeInternal)})
  5279  }
  5280  
  5281  func (sc *http2serverConn) processHeaders(f *http2MetaHeadersFrame) error {
  5282  	sc.serveG.check()
  5283  	id := f.StreamID
  5284  	if sc.inGoAway {
  5285  		// Ignore.
  5286  		return nil
  5287  	}
  5288  	// http://tools.ietf.org/html/rfc7540#section-5.1.1
  5289  	// Streams initiated by a client MUST use odd-numbered stream
  5290  	// identifiers. [...] An endpoint that receives an unexpected
  5291  	// stream identifier MUST respond with a connection error
  5292  	// (Section 5.4.1) of type PROTOCOL_ERROR.
  5293  	if id%2 != 1 {
  5294  		return http2ConnectionError(http2ErrCodeProtocol)
  5295  	}
  5296  	// A HEADERS frame can be used to create a new stream or
  5297  	// send a trailer for an open one. If we already have a stream
  5298  	// open, let it process its own HEADERS frame (trailers at this
  5299  	// point, if it's valid).
  5300  	if st := sc.streams[f.StreamID]; st != nil {
  5301  		if st.resetQueued {
  5302  			// We're sending RST_STREAM to close the stream, so don't bother
  5303  			// processing this frame.
  5304  			return nil
  5305  		}
  5306  		// RFC 7540, sec 5.1: If an endpoint receives additional frames, other than
  5307  		// WINDOW_UPDATE, PRIORITY, or RST_STREAM, for a stream that is in
  5308  		// this state, it MUST respond with a stream error (Section 5.4.2) of
  5309  		// type STREAM_CLOSED.
  5310  		if st.state == http2stateHalfClosedRemote {
  5311  			return http2streamError(id, http2ErrCodeStreamClosed)
  5312  		}
  5313  		return st.processTrailerHeaders(f)
  5314  	}
  5315  
  5316  	// [...] The identifier of a newly established stream MUST be
  5317  	// numerically greater than all streams that the initiating
  5318  	// endpoint has opened or reserved. [...]  An endpoint that
  5319  	// receives an unexpected stream identifier MUST respond with
  5320  	// a connection error (Section 5.4.1) of type PROTOCOL_ERROR.
  5321  	if id <= sc.maxClientStreamID {
  5322  		return http2ConnectionError(http2ErrCodeProtocol)
  5323  	}
  5324  	sc.maxClientStreamID = id
  5325  
  5326  	if sc.idleTimer != nil {
  5327  		sc.idleTimer.Stop()
  5328  	}
  5329  
  5330  	// http://tools.ietf.org/html/rfc7540#section-5.1.2
  5331  	// [...] Endpoints MUST NOT exceed the limit set by their peer. An
  5332  	// endpoint that receives a HEADERS frame that causes their
  5333  	// advertised concurrent stream limit to be exceeded MUST treat
  5334  	// this as a stream error (Section 5.4.2) of type PROTOCOL_ERROR
  5335  	// or REFUSED_STREAM.
  5336  	if sc.curClientStreams+1 > sc.advMaxStreams {
  5337  		if sc.unackedSettings == 0 {
  5338  			// They should know better.
  5339  			return http2streamError(id, http2ErrCodeProtocol)
  5340  		}
  5341  		// Assume it's a network race, where they just haven't
  5342  		// received our last SETTINGS update. But actually
  5343  		// this can't happen yet, because we don't yet provide
  5344  		// a way for users to adjust server parameters at
  5345  		// runtime.
  5346  		return http2streamError(id, http2ErrCodeRefusedStream)
  5347  	}
  5348  
  5349  	initialState := http2stateOpen
  5350  	if f.StreamEnded() {
  5351  		initialState = http2stateHalfClosedRemote
  5352  	}
  5353  	st := sc.newStream(id, 0, initialState)
  5354  
  5355  	if f.HasPriority() {
  5356  		if err := http2checkPriority(f.StreamID, f.Priority); err != nil {
  5357  			return err
  5358  		}
  5359  		sc.writeSched.AdjustStream(st.id, f.Priority)
  5360  	}
  5361  
  5362  	rw, req, err := sc.newWriterAndRequest(st, f)
  5363  	if err != nil {
  5364  		return err
  5365  	}
  5366  	st.reqTrailer = req.Trailer
  5367  	if st.reqTrailer != nil {
  5368  		st.trailer = make(Header)
  5369  	}
  5370  	st.body = req.Body.(*http2requestBody).pipe // may be nil
  5371  	st.declBodyBytes = req.ContentLength
  5372  
  5373  	handler := sc.handler.ServeHTTP
  5374  	if f.Truncated {
  5375  		// Their header list was too long. Send a 431 error.
  5376  		handler = http2handleHeaderListTooLong
  5377  	} else if err := http2checkValidHTTP2RequestHeaders(req.Header); err != nil {
  5378  		handler = http2new400Handler(err)
  5379  	}
  5380  
  5381  	// The net/http package sets the read deadline from the
  5382  	// http.Server.ReadTimeout during the TLS handshake, but then
  5383  	// passes the connection off to us with the deadline already
  5384  	// set. Disarm it here after the request headers are read,
  5385  	// similar to how the http1 server works. Here it's
  5386  	// technically more like the http1 Server's ReadHeaderTimeout
  5387  	// (in Go 1.8), though. That's a more sane option anyway.
  5388  	if sc.hs.ReadTimeout != 0 {
  5389  		sc.conn.SetReadDeadline(time.Time{})
  5390  	}
  5391  
  5392  	go sc.runHandler(rw, req, handler)
  5393  	return nil
  5394  }
  5395  
  5396  func (st *http2stream) processTrailerHeaders(f *http2MetaHeadersFrame) error {
  5397  	sc := st.sc
  5398  	sc.serveG.check()
  5399  	if st.gotTrailerHeader {
  5400  		return http2ConnectionError(http2ErrCodeProtocol)
  5401  	}
  5402  	st.gotTrailerHeader = true
  5403  	if !f.StreamEnded() {
  5404  		return http2streamError(st.id, http2ErrCodeProtocol)
  5405  	}
  5406  
  5407  	if len(f.PseudoFields()) > 0 {
  5408  		return http2streamError(st.id, http2ErrCodeProtocol)
  5409  	}
  5410  	if st.trailer != nil {
  5411  		for _, hf := range f.RegularFields() {
  5412  			key := sc.canonicalHeader(hf.Name)
  5413  			if !httpguts.ValidTrailerHeader(key) {
  5414  				// TODO: send more details to the peer somehow. But http2 has
  5415  				// no way to send debug data at a stream level. Discuss with
  5416  				// HTTP folk.
  5417  				return http2streamError(st.id, http2ErrCodeProtocol)
  5418  			}
  5419  			st.trailer[key] = append(st.trailer[key], hf.Value)
  5420  		}
  5421  	}
  5422  	st.endStream()
  5423  	return nil
  5424  }
  5425  
  5426  func http2checkPriority(streamID uint32, p http2PriorityParam) error {
  5427  	if streamID == p.StreamDep {
  5428  		// Section 5.3.1: "A stream cannot depend on itself. An endpoint MUST treat
  5429  		// this as a stream error (Section 5.4.2) of type PROTOCOL_ERROR."
  5430  		// Section 5.3.3 says that a stream can depend on one of its dependencies,
  5431  		// so it's only self-dependencies that are forbidden.
  5432  		return http2streamError(streamID, http2ErrCodeProtocol)
  5433  	}
  5434  	return nil
  5435  }
  5436  
  5437  func (sc *http2serverConn) processPriority(f *http2PriorityFrame) error {
  5438  	if sc.inGoAway {
  5439  		return nil
  5440  	}
  5441  	if err := http2checkPriority(f.StreamID, f.http2PriorityParam); err != nil {
  5442  		return err
  5443  	}
  5444  	sc.writeSched.AdjustStream(f.StreamID, f.http2PriorityParam)
  5445  	return nil
  5446  }
  5447  
  5448  func (sc *http2serverConn) newStream(id, pusherID uint32, state http2streamState) *http2stream {
  5449  	sc.serveG.check()
  5450  	if id == 0 {
  5451  		panic("internal error: cannot create stream with id 0")
  5452  	}
  5453  
  5454  	ctx, cancelCtx := context.WithCancel(sc.baseCtx)
  5455  	st := &http2stream{
  5456  		sc:        sc,
  5457  		id:        id,
  5458  		state:     state,
  5459  		ctx:       ctx,
  5460  		cancelCtx: cancelCtx,
  5461  	}
  5462  	st.cw.Init()
  5463  	st.flow.conn = &sc.flow // link to conn-level counter
  5464  	st.flow.add(sc.initialStreamSendWindowSize)
  5465  	st.inflow.conn = &sc.inflow // link to conn-level counter
  5466  	st.inflow.add(sc.srv.initialStreamRecvWindowSize())
  5467  	if sc.hs.WriteTimeout != 0 {
  5468  		st.writeDeadline = time.AfterFunc(sc.hs.WriteTimeout, st.onWriteTimeout)
  5469  	}
  5470  
  5471  	sc.streams[id] = st
  5472  	sc.writeSched.OpenStream(st.id, http2OpenStreamOptions{PusherID: pusherID})
  5473  	if st.isPushed() {
  5474  		sc.curPushedStreams++
  5475  	} else {
  5476  		sc.curClientStreams++
  5477  	}
  5478  	if sc.curOpenStreams() == 1 {
  5479  		sc.setConnState(StateActive)
  5480  	}
  5481  
  5482  	return st
  5483  }
  5484  
  5485  func (sc *http2serverConn) newWriterAndRequest(st *http2stream, f *http2MetaHeadersFrame) (*http2responseWriter, *Request, error) {
  5486  	sc.serveG.check()
  5487  
  5488  	rp := http2requestParam{
  5489  		method:    f.PseudoValue("method"),
  5490  		scheme:    f.PseudoValue("scheme"),
  5491  		authority: f.PseudoValue("authority"),
  5492  		path:      f.PseudoValue("path"),
  5493  	}
  5494  
  5495  	isConnect := rp.method == "CONNECT"
  5496  	if isConnect {
  5497  		if rp.path != "" || rp.scheme != "" || rp.authority == "" {
  5498  			return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol)
  5499  		}
  5500  	} else if rp.method == "" || rp.path == "" || (rp.scheme != "https" && rp.scheme != "http") {
  5501  		// See 8.1.2.6 Malformed Requests and Responses:
  5502  		//
  5503  		// Malformed requests or responses that are detected
  5504  		// MUST be treated as a stream error (Section 5.4.2)
  5505  		// of type PROTOCOL_ERROR."
  5506  		//
  5507  		// 8.1.2.3 Request Pseudo-Header Fields
  5508  		// "All HTTP/2 requests MUST include exactly one valid
  5509  		// value for the :method, :scheme, and :path
  5510  		// pseudo-header fields"
  5511  		return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol)
  5512  	}
  5513  
  5514  	bodyOpen := !f.StreamEnded()
  5515  	if rp.method == "HEAD" && bodyOpen {
  5516  		// HEAD requests can't have bodies
  5517  		return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol)
  5518  	}
  5519  
  5520  	rp.header = make(Header)
  5521  	for _, hf := range f.RegularFields() {
  5522  		rp.header.Add(sc.canonicalHeader(hf.Name), hf.Value)
  5523  	}
  5524  	if rp.authority == "" {
  5525  		rp.authority = rp.header.Get("Host")
  5526  	}
  5527  
  5528  	rw, req, err := sc.newWriterAndRequestNoBody(st, rp)
  5529  	if err != nil {
  5530  		return nil, nil, err
  5531  	}
  5532  	if bodyOpen {
  5533  		if vv, ok := rp.header["Content-Length"]; ok {
  5534  			req.ContentLength, _ = strconv.ParseInt(vv[0], 10, 64)
  5535  		} else {
  5536  			req.ContentLength = -1
  5537  		}
  5538  		req.Body.(*http2requestBody).pipe = &http2pipe{
  5539  			b: &http2dataBuffer{expected: req.ContentLength},
  5540  		}
  5541  	}
  5542  	return rw, req, nil
  5543  }
  5544  
  5545  type http2requestParam struct {
  5546  	method                  string
  5547  	scheme, authority, path string
  5548  	header                  Header
  5549  }
  5550  
  5551  func (sc *http2serverConn) newWriterAndRequestNoBody(st *http2stream, rp http2requestParam) (*http2responseWriter, *Request, error) {
  5552  	sc.serveG.check()
  5553  
  5554  	var tlsState *tls.ConnectionState // nil if not scheme https
  5555  	if rp.scheme == "https" {
  5556  		tlsState = sc.tlsState
  5557  	}
  5558  
  5559  	needsContinue := rp.header.Get("Expect") == "100-continue"
  5560  	if needsContinue {
  5561  		rp.header.Del("Expect")
  5562  	}
  5563  	// Merge Cookie headers into one "; "-delimited value.
  5564  	if cookies := rp.header["Cookie"]; len(cookies) > 1 {
  5565  		rp.header.Set("Cookie", strings.Join(cookies, "; "))
  5566  	}
  5567  
  5568  	// Setup Trailers
  5569  	var trailer Header
  5570  	for _, v := range rp.header["Trailer"] {
  5571  		for _, key := range strings.Split(v, ",") {
  5572  			key = CanonicalHeaderKey(strings.TrimSpace(key))
  5573  			switch key {
  5574  			case "Transfer-Encoding", "Trailer", "Content-Length":
  5575  				// Bogus. (copy of http1 rules)
  5576  				// Ignore.
  5577  			default:
  5578  				if trailer == nil {
  5579  					trailer = make(Header)
  5580  				}
  5581  				trailer[key] = nil
  5582  			}
  5583  		}
  5584  	}
  5585  	delete(rp.header, "Trailer")
  5586  
  5587  	var url_ *url.URL
  5588  	var requestURI string
  5589  	if rp.method == "CONNECT" {
  5590  		url_ = &url.URL{Host: rp.authority}
  5591  		requestURI = rp.authority // mimic HTTP/1 server behavior
  5592  	} else {
  5593  		var err error
  5594  		url_, err = url.ParseRequestURI(rp.path)
  5595  		if err != nil {
  5596  			return nil, nil, http2streamError(st.id, http2ErrCodeProtocol)
  5597  		}
  5598  		requestURI = rp.path
  5599  	}
  5600  
  5601  	body := &http2requestBody{
  5602  		conn:          sc,
  5603  		stream:        st,
  5604  		needsContinue: needsContinue,
  5605  	}
  5606  	req := &Request{
  5607  		Method:     rp.method,
  5608  		URL:        url_,
  5609  		RemoteAddr: sc.remoteAddrStr,
  5610  		Header:     rp.header,
  5611  		RequestURI: requestURI,
  5612  		Proto:      "HTTP/2.0",
  5613  		ProtoMajor: 2,
  5614  		ProtoMinor: 0,
  5615  		TLS:        tlsState,
  5616  		Host:       rp.authority,
  5617  		Body:       body,
  5618  		Trailer:    trailer,
  5619  	}
  5620  	req = req.WithContext(st.ctx)
  5621  
  5622  	rws := http2responseWriterStatePool.Get().(*http2responseWriterState)
  5623  	bwSave := rws.bw
  5624  	*rws = http2responseWriterState{} // zero all the fields
  5625  	rws.conn = sc
  5626  	rws.bw = bwSave
  5627  	rws.bw.Reset(http2chunkWriter{rws})
  5628  	rws.stream = st
  5629  	rws.req = req
  5630  	rws.body = body
  5631  
  5632  	rw := &http2responseWriter{rws: rws}
  5633  	return rw, req, nil
  5634  }
  5635  
  5636  // Run on its own goroutine.
  5637  func (sc *http2serverConn) runHandler(rw *http2responseWriter, req *Request, handler func(ResponseWriter, *Request)) {
  5638  	didPanic := true
  5639  	defer func() {
  5640  		rw.rws.stream.cancelCtx()
  5641  		if didPanic {
  5642  			e := recover()
  5643  			sc.writeFrameFromHandler(http2FrameWriteRequest{
  5644  				write:  http2handlerPanicRST{rw.rws.stream.id},
  5645  				stream: rw.rws.stream,
  5646  			})
  5647  			// Same as net/http:
  5648  			if e != nil && e != ErrAbortHandler {
  5649  				const size = 64 << 10
  5650  				buf := make([]byte, size)
  5651  				buf = buf[:runtime.Stack(buf, false)]
  5652  				sc.logf("http2: panic serving %v: %v\n%s", sc.conn.RemoteAddr(), e, buf)
  5653  			}
  5654  			return
  5655  		}
  5656  		rw.handlerDone()
  5657  	}()
  5658  	handler(rw, req)
  5659  	didPanic = false
  5660  }
  5661  
  5662  func http2handleHeaderListTooLong(w ResponseWriter, r *Request) {
  5663  	// 10.5.1 Limits on Header Block Size:
  5664  	// .. "A server that receives a larger header block than it is
  5665  	// willing to handle can send an HTTP 431 (Request Header Fields Too
  5666  	// Large) status code"
  5667  	const statusRequestHeaderFieldsTooLarge = 431 // only in Go 1.6+
  5668  	w.WriteHeader(statusRequestHeaderFieldsTooLarge)
  5669  	io.WriteString(w, "<h1>HTTP Error 431</h1><p>Request Header Field(s) Too Large</p>")
  5670  }
  5671  
  5672  // called from handler goroutines.
  5673  // h may be nil.
  5674  func (sc *http2serverConn) writeHeaders(st *http2stream, headerData *http2writeResHeaders) error {
  5675  	sc.serveG.checkNotOn() // NOT on
  5676  	var errc chan error
  5677  	if headerData.h != nil {
  5678  		// If there's a header map (which we don't own), so we have to block on
  5679  		// waiting for this frame to be written, so an http.Flush mid-handler
  5680  		// writes out the correct value of keys, before a handler later potentially
  5681  		// mutates it.
  5682  		errc = http2errChanPool.Get().(chan error)
  5683  	}
  5684  	if err := sc.writeFrameFromHandler(http2FrameWriteRequest{
  5685  		write:  headerData,
  5686  		stream: st,
  5687  		done:   errc,
  5688  	}); err != nil {
  5689  		return err
  5690  	}
  5691  	if errc != nil {
  5692  		select {
  5693  		case err := <-errc:
  5694  			http2errChanPool.Put(errc)
  5695  			return err
  5696  		case <-sc.doneServing:
  5697  			return http2errClientDisconnected
  5698  		case <-st.cw:
  5699  			return http2errStreamClosed
  5700  		}
  5701  	}
  5702  	return nil
  5703  }
  5704  
  5705  // called from handler goroutines.
  5706  func (sc *http2serverConn) write100ContinueHeaders(st *http2stream) {
  5707  	sc.writeFrameFromHandler(http2FrameWriteRequest{
  5708  		write:  http2write100ContinueHeadersFrame{st.id},
  5709  		stream: st,
  5710  	})
  5711  }
  5712  
  5713  // A bodyReadMsg tells the server loop that the http.Handler read n
  5714  // bytes of the DATA from the client on the given stream.
  5715  type http2bodyReadMsg struct {
  5716  	st *http2stream
  5717  	n  int
  5718  }
  5719  
  5720  // called from handler goroutines.
  5721  // Notes that the handler for the given stream ID read n bytes of its body
  5722  // and schedules flow control tokens to be sent.
  5723  func (sc *http2serverConn) noteBodyReadFromHandler(st *http2stream, n int, err error) {
  5724  	sc.serveG.checkNotOn() // NOT on
  5725  	if n > 0 {
  5726  		select {
  5727  		case sc.bodyReadCh <- http2bodyReadMsg{st, n}:
  5728  		case <-sc.doneServing:
  5729  		}
  5730  	}
  5731  }
  5732  
  5733  func (sc *http2serverConn) noteBodyRead(st *http2stream, n int) {
  5734  	sc.serveG.check()
  5735  	sc.sendWindowUpdate(nil, n) // conn-level
  5736  	if st.state != http2stateHalfClosedRemote && st.state != http2stateClosed {
  5737  		// Don't send this WINDOW_UPDATE if the stream is closed
  5738  		// remotely.
  5739  		sc.sendWindowUpdate(st, n)
  5740  	}
  5741  }
  5742  
  5743  // st may be nil for conn-level
  5744  func (sc *http2serverConn) sendWindowUpdate(st *http2stream, n int) {
  5745  	sc.serveG.check()
  5746  	// "The legal range for the increment to the flow control
  5747  	// window is 1 to 2^31-1 (2,147,483,647) octets."
  5748  	// A Go Read call on 64-bit machines could in theory read
  5749  	// a larger Read than this. Very unlikely, but we handle it here
  5750  	// rather than elsewhere for now.
  5751  	const maxUint31 = 1<<31 - 1
  5752  	for n >= maxUint31 {
  5753  		sc.sendWindowUpdate32(st, maxUint31)
  5754  		n -= maxUint31
  5755  	}
  5756  	sc.sendWindowUpdate32(st, int32(n))
  5757  }
  5758  
  5759  // st may be nil for conn-level
  5760  func (sc *http2serverConn) sendWindowUpdate32(st *http2stream, n int32) {
  5761  	sc.serveG.check()
  5762  	if n == 0 {
  5763  		return
  5764  	}
  5765  	if n < 0 {
  5766  		panic("negative update")
  5767  	}
  5768  	var streamID uint32
  5769  	if st != nil {
  5770  		streamID = st.id
  5771  	}
  5772  	sc.writeFrame(http2FrameWriteRequest{
  5773  		write:  http2writeWindowUpdate{streamID: streamID, n: uint32(n)},
  5774  		stream: st,
  5775  	})
  5776  	var ok bool
  5777  	if st == nil {
  5778  		ok = sc.inflow.add(n)
  5779  	} else {
  5780  		ok = st.inflow.add(n)
  5781  	}
  5782  	if !ok {
  5783  		panic("internal error; sent too many window updates without decrements?")
  5784  	}
  5785  }
  5786  
  5787  // requestBody is the Handler's Request.Body type.
  5788  // Read and Close may be called concurrently.
  5789  type http2requestBody struct {
  5790  	stream        *http2stream
  5791  	conn          *http2serverConn
  5792  	closed        bool       // for use by Close only
  5793  	sawEOF        bool       // for use by Read only
  5794  	pipe          *http2pipe // non-nil if we have a HTTP entity message body
  5795  	needsContinue bool       // need to send a 100-continue
  5796  }
  5797  
  5798  func (b *http2requestBody) Close() error {
  5799  	if b.pipe != nil && !b.closed {
  5800  		b.pipe.BreakWithError(http2errClosedBody)
  5801  	}
  5802  	b.closed = true
  5803  	return nil
  5804  }
  5805  
  5806  func (b *http2requestBody) Read(p []byte) (n int, err error) {
  5807  	if b.needsContinue {
  5808  		b.needsContinue = false
  5809  		b.conn.write100ContinueHeaders(b.stream)
  5810  	}
  5811  	if b.pipe == nil || b.sawEOF {
  5812  		return 0, io.EOF
  5813  	}
  5814  	n, err = b.pipe.Read(p)
  5815  	if err == io.EOF {
  5816  		b.sawEOF = true
  5817  	}
  5818  	if b.conn == nil && http2inTests {
  5819  		return
  5820  	}
  5821  	b.conn.noteBodyReadFromHandler(b.stream, n, err)
  5822  	return
  5823  }
  5824  
  5825  // responseWriter is the http.ResponseWriter implementation. It's
  5826  // intentionally small (1 pointer wide) to minimize garbage. The
  5827  // responseWriterState pointer inside is zeroed at the end of a
  5828  // request (in handlerDone) and calls on the responseWriter thereafter
  5829  // simply crash (caller's mistake), but the much larger responseWriterState
  5830  // and buffers are reused between multiple requests.
  5831  type http2responseWriter struct {
  5832  	rws *http2responseWriterState
  5833  }
  5834  
  5835  // Optional http.ResponseWriter interfaces implemented.
  5836  var (
  5837  	_ CloseNotifier     = (*http2responseWriter)(nil)
  5838  	_ Flusher           = (*http2responseWriter)(nil)
  5839  	_ http2stringWriter = (*http2responseWriter)(nil)
  5840  )
  5841  
  5842  type http2responseWriterState struct {
  5843  	// immutable within a request:
  5844  	stream *http2stream
  5845  	req    *Request
  5846  	body   *http2requestBody // to close at end of request, if DATA frames didn't
  5847  	conn   *http2serverConn
  5848  
  5849  	// TODO: adjust buffer writing sizes based on server config, frame size updates from peer, etc
  5850  	bw *bufio.Writer // writing to a chunkWriter{this *responseWriterState}
  5851  
  5852  	// mutated by http.Handler goroutine:
  5853  	handlerHeader Header   // nil until called
  5854  	snapHeader    Header   // snapshot of handlerHeader at WriteHeader time
  5855  	trailers      []string // set in writeChunk
  5856  	status        int      // status code passed to WriteHeader
  5857  	wroteHeader   bool     // WriteHeader called (explicitly or implicitly). Not necessarily sent to user yet.
  5858  	sentHeader    bool     // have we sent the header frame?
  5859  	handlerDone   bool     // handler has finished
  5860  	dirty         bool     // a Write failed; don't reuse this responseWriterState
  5861  
  5862  	sentContentLen int64 // non-zero if handler set a Content-Length header
  5863  	wroteBytes     int64
  5864  
  5865  	closeNotifierMu sync.Mutex // guards closeNotifierCh
  5866  	closeNotifierCh chan bool  // nil until first used
  5867  }
  5868  
  5869  type http2chunkWriter struct{ rws *http2responseWriterState }
  5870  
  5871  func (cw http2chunkWriter) Write(p []byte) (n int, err error) { return cw.rws.writeChunk(p) }
  5872  
  5873  func (rws *http2responseWriterState) hasTrailers() bool { return len(rws.trailers) != 0 }
  5874  
  5875  // declareTrailer is called for each Trailer header when the
  5876  // response header is written. It notes that a header will need to be
  5877  // written in the trailers at the end of the response.
  5878  func (rws *http2responseWriterState) declareTrailer(k string) {
  5879  	k = CanonicalHeaderKey(k)
  5880  	if !httpguts.ValidTrailerHeader(k) {
  5881  		// Forbidden by RFC 7230, section 4.1.2.
  5882  		rws.conn.logf("ignoring invalid trailer %q", k)
  5883  		return
  5884  	}
  5885  	if !http2strSliceContains(rws.trailers, k) {
  5886  		rws.trailers = append(rws.trailers, k)
  5887  	}
  5888  }
  5889  
  5890  // writeChunk writes chunks from the bufio.Writer. But because
  5891  // bufio.Writer may bypass its chunking, sometimes p may be
  5892  // arbitrarily large.
  5893  //
  5894  // writeChunk is also responsible (on the first chunk) for sending the
  5895  // HEADER response.
  5896  func (rws *http2responseWriterState) writeChunk(p []byte) (n int, err error) {
  5897  	if !rws.wroteHeader {
  5898  		rws.writeHeader(200)
  5899  	}
  5900  
  5901  	isHeadResp := rws.req.Method == "HEAD"
  5902  	if !rws.sentHeader {
  5903  		rws.sentHeader = true
  5904  		var ctype, clen string
  5905  		if clen = rws.snapHeader.Get("Content-Length"); clen != "" {
  5906  			rws.snapHeader.Del("Content-Length")
  5907  			clen64, err := strconv.ParseInt(clen, 10, 64)
  5908  			if err == nil && clen64 >= 0 {
  5909  				rws.sentContentLen = clen64
  5910  			} else {
  5911  				clen = ""
  5912  			}
  5913  		}
  5914  		if clen == "" && rws.handlerDone && http2bodyAllowedForStatus(rws.status) && (len(p) > 0 || !isHeadResp) {
  5915  			clen = strconv.Itoa(len(p))
  5916  		}
  5917  		_, hasContentType := rws.snapHeader["Content-Type"]
  5918  		if !hasContentType && http2bodyAllowedForStatus(rws.status) && len(p) > 0 {
  5919  			ctype = DetectContentType(p)
  5920  		}
  5921  		var date string
  5922  		if _, ok := rws.snapHeader["Date"]; !ok {
  5923  			// TODO(bradfitz): be faster here, like net/http? measure.
  5924  			date = time.Now().UTC().Format(TimeFormat)
  5925  		}
  5926  
  5927  		for _, v := range rws.snapHeader["Trailer"] {
  5928  			http2foreachHeaderElement(v, rws.declareTrailer)
  5929  		}
  5930  
  5931  		// "Connection" headers aren't allowed in HTTP/2 (RFC 7540, 8.1.2.2),
  5932  		// but respect "Connection" == "close" to mean sending a GOAWAY and tearing
  5933  		// down the TCP connection when idle, like we do for HTTP/1.
  5934  		// TODO: remove more Connection-specific header fields here, in addition
  5935  		// to "Connection".
  5936  		if _, ok := rws.snapHeader["Connection"]; ok {
  5937  			v := rws.snapHeader.Get("Connection")
  5938  			delete(rws.snapHeader, "Connection")
  5939  			if v == "close" {
  5940  				rws.conn.startGracefulShutdown()
  5941  			}
  5942  		}
  5943  
  5944  		endStream := (rws.handlerDone && !rws.hasTrailers() && len(p) == 0) || isHeadResp
  5945  		err = rws.conn.writeHeaders(rws.stream, &http2writeResHeaders{
  5946  			streamID:      rws.stream.id,
  5947  			httpResCode:   rws.status,
  5948  			h:             rws.snapHeader,
  5949  			endStream:     endStream,
  5950  			contentType:   ctype,
  5951  			contentLength: clen,
  5952  			date:          date,
  5953  		})
  5954  		if err != nil {
  5955  			rws.dirty = true
  5956  			return 0, err
  5957  		}
  5958  		if endStream {
  5959  			return 0, nil
  5960  		}
  5961  	}
  5962  	if isHeadResp {
  5963  		return len(p), nil
  5964  	}
  5965  	if len(p) == 0 && !rws.handlerDone {
  5966  		return 0, nil
  5967  	}
  5968  
  5969  	if rws.handlerDone {
  5970  		rws.promoteUndeclaredTrailers()
  5971  	}
  5972  
  5973  	endStream := rws.handlerDone && !rws.hasTrailers()
  5974  	if len(p) > 0 || endStream {
  5975  		// only send a 0 byte DATA frame if we're ending the stream.
  5976  		if err := rws.conn.writeDataFromHandler(rws.stream, p, endStream); err != nil {
  5977  			rws.dirty = true
  5978  			return 0, err
  5979  		}
  5980  	}
  5981  
  5982  	if rws.handlerDone && rws.hasTrailers() {
  5983  		err = rws.conn.writeHeaders(rws.stream, &http2writeResHeaders{
  5984  			streamID:  rws.stream.id,
  5985  			h:         rws.handlerHeader,
  5986  			trailers:  rws.trailers,
  5987  			endStream: true,
  5988  		})
  5989  		if err != nil {
  5990  			rws.dirty = true
  5991  		}
  5992  		return len(p), err
  5993  	}
  5994  	return len(p), nil
  5995  }
  5996  
  5997  // TrailerPrefix is a magic prefix for ResponseWriter.Header map keys
  5998  // that, if present, signals that the map entry is actually for
  5999  // the response trailers, and not the response headers. The prefix
  6000  // is stripped after the ServeHTTP call finishes and the values are
  6001  // sent in the trailers.
  6002  //
  6003  // This mechanism is intended only for trailers that are not known
  6004  // prior to the headers being written. If the set of trailers is fixed
  6005  // or known before the header is written, the normal Go trailers mechanism
  6006  // is preferred:
  6007  //    https://golang.org/pkg/net/http/#ResponseWriter
  6008  //    https://golang.org/pkg/net/http/#example_ResponseWriter_trailers
  6009  const http2TrailerPrefix = "Trailer:"
  6010  
  6011  // promoteUndeclaredTrailers permits http.Handlers to set trailers
  6012  // after the header has already been flushed. Because the Go
  6013  // ResponseWriter interface has no way to set Trailers (only the
  6014  // Header), and because we didn't want to expand the ResponseWriter
  6015  // interface, and because nobody used trailers, and because RFC 7230
  6016  // says you SHOULD (but not must) predeclare any trailers in the
  6017  // header, the official ResponseWriter rules said trailers in Go must
  6018  // be predeclared, and then we reuse the same ResponseWriter.Header()
  6019  // map to mean both Headers and Trailers. When it's time to write the
  6020  // Trailers, we pick out the fields of Headers that were declared as
  6021  // trailers. That worked for a while, until we found the first major
  6022  // user of Trailers in the wild: gRPC (using them only over http2),
  6023  // and gRPC libraries permit setting trailers mid-stream without
  6024  // predeclarnig them. So: change of plans. We still permit the old
  6025  // way, but we also permit this hack: if a Header() key begins with
  6026  // "Trailer:", the suffix of that key is a Trailer. Because ':' is an
  6027  // invalid token byte anyway, there is no ambiguity. (And it's already
  6028  // filtered out) It's mildly hacky, but not terrible.
  6029  //
  6030  // This method runs after the Handler is done and promotes any Header
  6031  // fields to be trailers.
  6032  func (rws *http2responseWriterState) promoteUndeclaredTrailers() {
  6033  	for k, vv := range rws.handlerHeader {
  6034  		if !strings.HasPrefix(k, http2TrailerPrefix) {
  6035  			continue
  6036  		}
  6037  		trailerKey := strings.TrimPrefix(k, http2TrailerPrefix)
  6038  		rws.declareTrailer(trailerKey)
  6039  		rws.handlerHeader[CanonicalHeaderKey(trailerKey)] = vv
  6040  	}
  6041  
  6042  	if len(rws.trailers) > 1 {
  6043  		sorter := http2sorterPool.Get().(*http2sorter)
  6044  		sorter.SortStrings(rws.trailers)
  6045  		http2sorterPool.Put(sorter)
  6046  	}
  6047  }
  6048  
  6049  func (w *http2responseWriter) Flush() {
  6050  	rws := w.rws
  6051  	if rws == nil {
  6052  		panic("Header called after Handler finished")
  6053  	}
  6054  	if rws.bw.Buffered() > 0 {
  6055  		if err := rws.bw.Flush(); err != nil {
  6056  			// Ignore the error. The frame writer already knows.
  6057  			return
  6058  		}
  6059  	} else {
  6060  		// The bufio.Writer won't call chunkWriter.Write
  6061  		// (writeChunk with zero bytes, so we have to do it
  6062  		// ourselves to force the HTTP response header and/or
  6063  		// final DATA frame (with END_STREAM) to be sent.
  6064  		rws.writeChunk(nil)
  6065  	}
  6066  }
  6067  
  6068  func (w *http2responseWriter) CloseNotify() <-chan bool {
  6069  	rws := w.rws
  6070  	if rws == nil {
  6071  		panic("CloseNotify called after Handler finished")
  6072  	}
  6073  	rws.closeNotifierMu.Lock()
  6074  	ch := rws.closeNotifierCh
  6075  	if ch == nil {
  6076  		ch = make(chan bool, 1)
  6077  		rws.closeNotifierCh = ch
  6078  		cw := rws.stream.cw
  6079  		go func() {
  6080  			cw.Wait() // wait for close
  6081  			ch <- true
  6082  		}()
  6083  	}
  6084  	rws.closeNotifierMu.Unlock()
  6085  	return ch
  6086  }
  6087  
  6088  func (w *http2responseWriter) Header() Header {
  6089  	rws := w.rws
  6090  	if rws == nil {
  6091  		panic("Header called after Handler finished")
  6092  	}
  6093  	if rws.handlerHeader == nil {
  6094  		rws.handlerHeader = make(Header)
  6095  	}
  6096  	return rws.handlerHeader
  6097  }
  6098  
  6099  // checkWriteHeaderCode is a copy of net/http's checkWriteHeaderCode.
  6100  func http2checkWriteHeaderCode(code int) {
  6101  	// Issue 22880: require valid WriteHeader status codes.
  6102  	// For now we only enforce that it's three digits.
  6103  	// In the future we might block things over 599 (600 and above aren't defined
  6104  	// at http://httpwg.org/specs/rfc7231.html#status.codes)
  6105  	// and we might block under 200 (once we have more mature 1xx support).
  6106  	// But for now any three digits.
  6107  	//
  6108  	// We used to send "HTTP/1.1 000 0" on the wire in responses but there's
  6109  	// no equivalent bogus thing we can realistically send in HTTP/2,
  6110  	// so we'll consistently panic instead and help people find their bugs
  6111  	// early. (We can't return an error from WriteHeader even if we wanted to.)
  6112  	if code < 100 || code > 999 {
  6113  		panic(fmt.Sprintf("invalid WriteHeader code %v", code))
  6114  	}
  6115  }
  6116  
  6117  func (w *http2responseWriter) WriteHeader(code int) {
  6118  	rws := w.rws
  6119  	if rws == nil {
  6120  		panic("WriteHeader called after Handler finished")
  6121  	}
  6122  	rws.writeHeader(code)
  6123  }
  6124  
  6125  func (rws *http2responseWriterState) writeHeader(code int) {
  6126  	if !rws.wroteHeader {
  6127  		http2checkWriteHeaderCode(code)
  6128  		rws.wroteHeader = true
  6129  		rws.status = code
  6130  		if len(rws.handlerHeader) > 0 {
  6131  			rws.snapHeader = http2cloneHeader(rws.handlerHeader)
  6132  		}
  6133  	}
  6134  }
  6135  
  6136  func http2cloneHeader(h Header) Header {
  6137  	h2 := make(Header, len(h))
  6138  	for k, vv := range h {
  6139  		vv2 := make([]string, len(vv))
  6140  		copy(vv2, vv)
  6141  		h2[k] = vv2
  6142  	}
  6143  	return h2
  6144  }
  6145  
  6146  // The Life Of A Write is like this:
  6147  //
  6148  // * Handler calls w.Write or w.WriteString ->
  6149  // * -> rws.bw (*bufio.Writer) ->
  6150  // * (Handler might call Flush)
  6151  // * -> chunkWriter{rws}
  6152  // * -> responseWriterState.writeChunk(p []byte)
  6153  // * -> responseWriterState.writeChunk (most of the magic; see comment there)
  6154  func (w *http2responseWriter) Write(p []byte) (n int, err error) {
  6155  	return w.write(len(p), p, "")
  6156  }
  6157  
  6158  func (w *http2responseWriter) WriteString(s string) (n int, err error) {
  6159  	return w.write(len(s), nil, s)
  6160  }
  6161  
  6162  // either dataB or dataS is non-zero.
  6163  func (w *http2responseWriter) write(lenData int, dataB []byte, dataS string) (n int, err error) {
  6164  	rws := w.rws
  6165  	if rws == nil {
  6166  		panic("Write called after Handler finished")
  6167  	}
  6168  	if !rws.wroteHeader {
  6169  		w.WriteHeader(200)
  6170  	}
  6171  	if !http2bodyAllowedForStatus(rws.status) {
  6172  		return 0, ErrBodyNotAllowed
  6173  	}
  6174  	rws.wroteBytes += int64(len(dataB)) + int64(len(dataS)) // only one can be set
  6175  	if rws.sentContentLen != 0 && rws.wroteBytes > rws.sentContentLen {
  6176  		// TODO: send a RST_STREAM
  6177  		return 0, errors.New("http2: handler wrote more than declared Content-Length")
  6178  	}
  6179  
  6180  	if dataB != nil {
  6181  		return rws.bw.Write(dataB)
  6182  	} else {
  6183  		return rws.bw.WriteString(dataS)
  6184  	}
  6185  }
  6186  
  6187  func (w *http2responseWriter) handlerDone() {
  6188  	rws := w.rws
  6189  	dirty := rws.dirty
  6190  	rws.handlerDone = true
  6191  	w.Flush()
  6192  	w.rws = nil
  6193  	if !dirty {
  6194  		// Only recycle the pool if all prior Write calls to
  6195  		// the serverConn goroutine completed successfully. If
  6196  		// they returned earlier due to resets from the peer
  6197  		// there might still be write goroutines outstanding
  6198  		// from the serverConn referencing the rws memory. See
  6199  		// issue 20704.
  6200  		http2responseWriterStatePool.Put(rws)
  6201  	}
  6202  }
  6203  
  6204  // Push errors.
  6205  var (
  6206  	http2ErrRecursivePush    = errors.New("http2: recursive push not allowed")
  6207  	http2ErrPushLimitReached = errors.New("http2: push would exceed peer's SETTINGS_MAX_CONCURRENT_STREAMS")
  6208  )
  6209  
  6210  var _ Pusher = (*http2responseWriter)(nil)
  6211  
  6212  func (w *http2responseWriter) Push(target string, opts *PushOptions) error {
  6213  	st := w.rws.stream
  6214  	sc := st.sc
  6215  	sc.serveG.checkNotOn()
  6216  
  6217  	// No recursive pushes: "PUSH_PROMISE frames MUST only be sent on a peer-initiated stream."
  6218  	// http://tools.ietf.org/html/rfc7540#section-6.6
  6219  	if st.isPushed() {
  6220  		return http2ErrRecursivePush
  6221  	}
  6222  
  6223  	if opts == nil {
  6224  		opts = new(PushOptions)
  6225  	}
  6226  
  6227  	// Default options.
  6228  	if opts.Method == "" {
  6229  		opts.Method = "GET"
  6230  	}
  6231  	if opts.Header == nil {
  6232  		opts.Header = Header{}
  6233  	}
  6234  	wantScheme := "http"
  6235  	if w.rws.req.TLS != nil {
  6236  		wantScheme = "https"
  6237  	}
  6238  
  6239  	// Validate the request.
  6240  	u, err := url.Parse(target)
  6241  	if err != nil {
  6242  		return err
  6243  	}
  6244  	if u.Scheme == "" {
  6245  		if !strings.HasPrefix(target, "/") {
  6246  			return fmt.Errorf("target must be an absolute URL or an absolute path: %q", target)
  6247  		}
  6248  		u.Scheme = wantScheme
  6249  		u.Host = w.rws.req.Host
  6250  	} else {
  6251  		if u.Scheme != wantScheme {
  6252  			return fmt.Errorf("cannot push URL with scheme %q from request with scheme %q", u.Scheme, wantScheme)
  6253  		}
  6254  		if u.Host == "" {
  6255  			return errors.New("URL must have a host")
  6256  		}
  6257  	}
  6258  	for k := range opts.Header {
  6259  		if strings.HasPrefix(k, ":") {
  6260  			return fmt.Errorf("promised request headers cannot include pseudo header %q", k)
  6261  		}
  6262  		// These headers are meaningful only if the request has a body,
  6263  		// but PUSH_PROMISE requests cannot have a body.
  6264  		// http://tools.ietf.org/html/rfc7540#section-8.2
  6265  		// Also disallow Host, since the promised URL must be absolute.
  6266  		switch strings.ToLower(k) {
  6267  		case "content-length", "content-encoding", "trailer", "te", "expect", "host":
  6268  			return fmt.Errorf("promised request headers cannot include %q", k)
  6269  		}
  6270  	}
  6271  	if err := http2checkValidHTTP2RequestHeaders(opts.Header); err != nil {
  6272  		return err
  6273  	}
  6274  
  6275  	// The RFC effectively limits promised requests to GET and HEAD:
  6276  	// "Promised requests MUST be cacheable [GET, HEAD, or POST], and MUST be safe [GET or HEAD]"
  6277  	// http://tools.ietf.org/html/rfc7540#section-8.2
  6278  	if opts.Method != "GET" && opts.Method != "HEAD" {
  6279  		return fmt.Errorf("method %q must be GET or HEAD", opts.Method)
  6280  	}
  6281  
  6282  	msg := &http2startPushRequest{
  6283  		parent: st,
  6284  		method: opts.Method,
  6285  		url:    u,
  6286  		header: http2cloneHeader(opts.Header),
  6287  		done:   http2errChanPool.Get().(chan error),
  6288  	}
  6289  
  6290  	select {
  6291  	case <-sc.doneServing:
  6292  		return http2errClientDisconnected
  6293  	case <-st.cw:
  6294  		return http2errStreamClosed
  6295  	case sc.serveMsgCh <- msg:
  6296  	}
  6297  
  6298  	select {
  6299  	case <-sc.doneServing:
  6300  		return http2errClientDisconnected
  6301  	case <-st.cw:
  6302  		return http2errStreamClosed
  6303  	case err := <-msg.done:
  6304  		http2errChanPool.Put(msg.done)
  6305  		return err
  6306  	}
  6307  }
  6308  
  6309  type http2startPushRequest struct {
  6310  	parent *http2stream
  6311  	method string
  6312  	url    *url.URL
  6313  	header Header
  6314  	done   chan error
  6315  }
  6316  
  6317  func (sc *http2serverConn) startPush(msg *http2startPushRequest) {
  6318  	sc.serveG.check()
  6319  
  6320  	// http://tools.ietf.org/html/rfc7540#section-6.6.
  6321  	// PUSH_PROMISE frames MUST only be sent on a peer-initiated stream that
  6322  	// is in either the "open" or "half-closed (remote)" state.
  6323  	if msg.parent.state != http2stateOpen && msg.parent.state != http2stateHalfClosedRemote {
  6324  		// responseWriter.Push checks that the stream is peer-initiaed.
  6325  		msg.done <- http2errStreamClosed
  6326  		return
  6327  	}
  6328  
  6329  	// http://tools.ietf.org/html/rfc7540#section-6.6.
  6330  	if !sc.pushEnabled {
  6331  		msg.done <- ErrNotSupported
  6332  		return
  6333  	}
  6334  
  6335  	// PUSH_PROMISE frames must be sent in increasing order by stream ID, so
  6336  	// we allocate an ID for the promised stream lazily, when the PUSH_PROMISE
  6337  	// is written. Once the ID is allocated, we start the request handler.
  6338  	allocatePromisedID := func() (uint32, error) {
  6339  		sc.serveG.check()
  6340  
  6341  		// Check this again, just in case. Technically, we might have received
  6342  		// an updated SETTINGS by the time we got around to writing this frame.
  6343  		if !sc.pushEnabled {
  6344  			return 0, ErrNotSupported
  6345  		}
  6346  		// http://tools.ietf.org/html/rfc7540#section-6.5.2.
  6347  		if sc.curPushedStreams+1 > sc.clientMaxStreams {
  6348  			return 0, http2ErrPushLimitReached
  6349  		}
  6350  
  6351  		// http://tools.ietf.org/html/rfc7540#section-5.1.1.
  6352  		// Streams initiated by the server MUST use even-numbered identifiers.
  6353  		// A server that is unable to establish a new stream identifier can send a GOAWAY
  6354  		// frame so that the client is forced to open a new connection for new streams.
  6355  		if sc.maxPushPromiseID+2 >= 1<<31 {
  6356  			sc.startGracefulShutdownInternal()
  6357  			return 0, http2ErrPushLimitReached
  6358  		}
  6359  		sc.maxPushPromiseID += 2
  6360  		promisedID := sc.maxPushPromiseID
  6361  
  6362  		// http://tools.ietf.org/html/rfc7540#section-8.2.
  6363  		// Strictly speaking, the new stream should start in "reserved (local)", then
  6364  		// transition to "half closed (remote)" after sending the initial HEADERS, but
  6365  		// we start in "half closed (remote)" for simplicity.
  6366  		// See further comments at the definition of stateHalfClosedRemote.
  6367  		promised := sc.newStream(promisedID, msg.parent.id, http2stateHalfClosedRemote)
  6368  		rw, req, err := sc.newWriterAndRequestNoBody(promised, http2requestParam{
  6369  			method:    msg.method,
  6370  			scheme:    msg.url.Scheme,
  6371  			authority: msg.url.Host,
  6372  			path:      msg.url.RequestURI(),
  6373  			header:    http2cloneHeader(msg.header), // clone since handler runs concurrently with writing the PUSH_PROMISE
  6374  		})
  6375  		if err != nil {
  6376  			// Should not happen, since we've already validated msg.url.
  6377  			panic(fmt.Sprintf("newWriterAndRequestNoBody(%+v): %v", msg.url, err))
  6378  		}
  6379  
  6380  		go sc.runHandler(rw, req, sc.handler.ServeHTTP)
  6381  		return promisedID, nil
  6382  	}
  6383  
  6384  	sc.writeFrame(http2FrameWriteRequest{
  6385  		write: &http2writePushPromise{
  6386  			streamID:           msg.parent.id,
  6387  			method:             msg.method,
  6388  			url:                msg.url,
  6389  			h:                  msg.header,
  6390  			allocatePromisedID: allocatePromisedID,
  6391  		},
  6392  		stream: msg.parent,
  6393  		done:   msg.done,
  6394  	})
  6395  }
  6396  
  6397  // foreachHeaderElement splits v according to the "#rule" construction
  6398  // in RFC 7230 section 7 and calls fn for each non-empty element.
  6399  func http2foreachHeaderElement(v string, fn func(string)) {
  6400  	v = textproto.TrimString(v)
  6401  	if v == "" {
  6402  		return
  6403  	}
  6404  	if !strings.Contains(v, ",") {
  6405  		fn(v)
  6406  		return
  6407  	}
  6408  	for _, f := range strings.Split(v, ",") {
  6409  		if f = textproto.TrimString(f); f != "" {
  6410  			fn(f)
  6411  		}
  6412  	}
  6413  }
  6414  
  6415  // From http://httpwg.org/specs/rfc7540.html#rfc.section.8.1.2.2
  6416  var http2connHeaders = []string{
  6417  	"Connection",
  6418  	"Keep-Alive",
  6419  	"Proxy-Connection",
  6420  	"Transfer-Encoding",
  6421  	"Upgrade",
  6422  }
  6423  
  6424  // checkValidHTTP2RequestHeaders checks whether h is a valid HTTP/2 request,
  6425  // per RFC 7540 Section 8.1.2.2.
  6426  // The returned error is reported to users.
  6427  func http2checkValidHTTP2RequestHeaders(h Header) error {
  6428  	for _, k := range http2connHeaders {
  6429  		if _, ok := h[k]; ok {
  6430  			return fmt.Errorf("request header %q is not valid in HTTP/2", k)
  6431  		}
  6432  	}
  6433  	te := h["Te"]
  6434  	if len(te) > 0 && (len(te) > 1 || (te[0] != "trailers" && te[0] != "")) {
  6435  		return errors.New(`request header "TE" may only be "trailers" in HTTP/2`)
  6436  	}
  6437  	return nil
  6438  }
  6439  
  6440  func http2new400Handler(err error) HandlerFunc {
  6441  	return func(w ResponseWriter, r *Request) {
  6442  		Error(w, err.Error(), StatusBadRequest)
  6443  	}
  6444  }
  6445  
  6446  // h1ServerKeepAlivesDisabled reports whether hs has its keep-alives
  6447  // disabled. See comments on h1ServerShutdownChan above for why
  6448  // the code is written this way.
  6449  func http2h1ServerKeepAlivesDisabled(hs *Server) bool {
  6450  	var x interface{} = hs
  6451  	type I interface {
  6452  		doKeepAlives() bool
  6453  	}
  6454  	if hs, ok := x.(I); ok {
  6455  		return !hs.doKeepAlives()
  6456  	}
  6457  	return false
  6458  }
  6459  
  6460  const (
  6461  	// transportDefaultConnFlow is how many connection-level flow control
  6462  	// tokens we give the server at start-up, past the default 64k.
  6463  	http2transportDefaultConnFlow = 1 << 30
  6464  
  6465  	// transportDefaultStreamFlow is how many stream-level flow
  6466  	// control tokens we announce to the peer, and how many bytes
  6467  	// we buffer per stream.
  6468  	http2transportDefaultStreamFlow = 4 << 20
  6469  
  6470  	// transportDefaultStreamMinRefresh is the minimum number of bytes we'll send
  6471  	// a stream-level WINDOW_UPDATE for at a time.
  6472  	http2transportDefaultStreamMinRefresh = 4 << 10
  6473  
  6474  	http2defaultUserAgent = "Go-http-client/2.0"
  6475  )
  6476  
  6477  // Transport is an HTTP/2 Transport.
  6478  //
  6479  // A Transport internally caches connections to servers. It is safe
  6480  // for concurrent use by multiple goroutines.
  6481  type http2Transport struct {
  6482  	// DialTLS specifies an optional dial function for creating
  6483  	// TLS connections for requests.
  6484  	//
  6485  	// If DialTLS is nil, tls.Dial is used.
  6486  	//
  6487  	// If the returned net.Conn has a ConnectionState method like tls.Conn,
  6488  	// it will be used to set http.Response.TLS.
  6489  	DialTLS func(network, addr string, cfg *tls.Config) (net.Conn, error)
  6490  
  6491  	// TLSClientConfig specifies the TLS configuration to use with
  6492  	// tls.Client. If nil, the default configuration is used.
  6493  	TLSClientConfig *tls.Config
  6494  
  6495  	// ConnPool optionally specifies an alternate connection pool to use.
  6496  	// If nil, the default is used.
  6497  	ConnPool http2ClientConnPool
  6498  
  6499  	// DisableCompression, if true, prevents the Transport from
  6500  	// requesting compression with an "Accept-Encoding: gzip"
  6501  	// request header when the Request contains no existing
  6502  	// Accept-Encoding value. If the Transport requests gzip on
  6503  	// its own and gets a gzipped response, it's transparently
  6504  	// decoded in the Response.Body. However, if the user
  6505  	// explicitly requested gzip it is not automatically
  6506  	// uncompressed.
  6507  	DisableCompression bool
  6508  
  6509  	// AllowHTTP, if true, permits HTTP/2 requests using the insecure,
  6510  	// plain-text "http" scheme. Note that this does not enable h2c support.
  6511  	AllowHTTP bool
  6512  
  6513  	// MaxHeaderListSize is the http2 SETTINGS_MAX_HEADER_LIST_SIZE to
  6514  	// send in the initial settings frame. It is how many bytes
  6515  	// of response headers are allowed. Unlike the http2 spec, zero here
  6516  	// means to use a default limit (currently 10MB). If you actually
  6517  	// want to advertise an ulimited value to the peer, Transport
  6518  	// interprets the highest possible value here (0xffffffff or 1<<32-1)
  6519  	// to mean no limit.
  6520  	MaxHeaderListSize uint32
  6521  
  6522  	// StrictMaxConcurrentStreams controls whether the server's
  6523  	// SETTINGS_MAX_CONCURRENT_STREAMS should be respected
  6524  	// globally. If false, new TCP connections are created to the
  6525  	// server as needed to keep each under the per-connection
  6526  	// SETTINGS_MAX_CONCURRENT_STREAMS limit. If true, the
  6527  	// server's SETTINGS_MAX_CONCURRENT_STREAMS is interpreted as
  6528  	// a global limit and callers of RoundTrip block when needed,
  6529  	// waiting for their turn.
  6530  	StrictMaxConcurrentStreams bool
  6531  
  6532  	// t1, if non-nil, is the standard library Transport using
  6533  	// this transport. Its settings are used (but not its
  6534  	// RoundTrip method, etc).
  6535  	t1 *Transport
  6536  
  6537  	connPoolOnce  sync.Once
  6538  	connPoolOrDef http2ClientConnPool // non-nil version of ConnPool
  6539  }
  6540  
  6541  func (t *http2Transport) maxHeaderListSize() uint32 {
  6542  	if t.MaxHeaderListSize == 0 {
  6543  		return 10 << 20
  6544  	}
  6545  	if t.MaxHeaderListSize == 0xffffffff {
  6546  		return 0
  6547  	}
  6548  	return t.MaxHeaderListSize
  6549  }
  6550  
  6551  func (t *http2Transport) disableCompression() bool {
  6552  	return t.DisableCompression || (t.t1 != nil && t.t1.DisableCompression)
  6553  }
  6554  
  6555  // ConfigureTransport configures a net/http HTTP/1 Transport to use HTTP/2.
  6556  // It returns an error if t1 has already been HTTP/2-enabled.
  6557  func http2ConfigureTransport(t1 *Transport) error {
  6558  	_, err := http2configureTransport(t1)
  6559  	return err
  6560  }
  6561  
  6562  func http2configureTransport(t1 *Transport) (*http2Transport, error) {
  6563  	connPool := new(http2clientConnPool)
  6564  	t2 := &http2Transport{
  6565  		ConnPool: http2noDialClientConnPool{connPool},
  6566  		t1:       t1,
  6567  	}
  6568  	connPool.t = t2
  6569  	if err := http2registerHTTPSProtocol(t1, http2noDialH2RoundTripper{t2}); err != nil {
  6570  		return nil, err
  6571  	}
  6572  	if t1.TLSClientConfig == nil {
  6573  		t1.TLSClientConfig = new(tls.Config)
  6574  	}
  6575  	if !http2strSliceContains(t1.TLSClientConfig.NextProtos, "h2") {
  6576  		t1.TLSClientConfig.NextProtos = append([]string{"h2"}, t1.TLSClientConfig.NextProtos...)
  6577  	}
  6578  	if !http2strSliceContains(t1.TLSClientConfig.NextProtos, "http/1.1") {
  6579  		t1.TLSClientConfig.NextProtos = append(t1.TLSClientConfig.NextProtos, "http/1.1")
  6580  	}
  6581  	upgradeFn := func(authority string, c *tls.Conn) RoundTripper {
  6582  		addr := http2authorityAddr("https", authority)
  6583  		if used, err := connPool.addConnIfNeeded(addr, t2, c); err != nil {
  6584  			go c.Close()
  6585  			return http2erringRoundTripper{err}
  6586  		} else if !used {
  6587  			// Turns out we don't need this c.
  6588  			// For example, two goroutines made requests to the same host
  6589  			// at the same time, both kicking off TCP dials. (since protocol
  6590  			// was unknown)
  6591  			go c.Close()
  6592  		}
  6593  		return t2
  6594  	}
  6595  	if m := t1.TLSNextProto; len(m) == 0 {
  6596  		t1.TLSNextProto = map[string]func(string, *tls.Conn) RoundTripper{
  6597  			"h2": upgradeFn,
  6598  		}
  6599  	} else {
  6600  		m["h2"] = upgradeFn
  6601  	}
  6602  	return t2, nil
  6603  }
  6604  
  6605  func (t *http2Transport) connPool() http2ClientConnPool {
  6606  	t.connPoolOnce.Do(t.initConnPool)
  6607  	return t.connPoolOrDef
  6608  }
  6609  
  6610  func (t *http2Transport) initConnPool() {
  6611  	if t.ConnPool != nil {
  6612  		t.connPoolOrDef = t.ConnPool
  6613  	} else {
  6614  		t.connPoolOrDef = &http2clientConnPool{t: t}
  6615  	}
  6616  }
  6617  
  6618  // ClientConn is the state of a single HTTP/2 client connection to an
  6619  // HTTP/2 server.
  6620  type http2ClientConn struct {
  6621  	t         *http2Transport
  6622  	tconn     net.Conn             // usually *tls.Conn, except specialized impls
  6623  	tlsState  *tls.ConnectionState // nil only for specialized impls
  6624  	singleUse bool                 // whether being used for a single http.Request
  6625  
  6626  	// readLoop goroutine fields:
  6627  	readerDone chan struct{} // closed on error
  6628  	readerErr  error         // set before readerDone is closed
  6629  
  6630  	idleTimeout time.Duration // or 0 for never
  6631  	idleTimer   *time.Timer
  6632  
  6633  	mu              sync.Mutex // guards following
  6634  	cond            *sync.Cond // hold mu; broadcast on flow/closed changes
  6635  	flow            http2flow  // our conn-level flow control quota (cs.flow is per stream)
  6636  	inflow          http2flow  // peer's conn-level flow control
  6637  	closing         bool
  6638  	closed          bool
  6639  	wantSettingsAck bool                          // we sent a SETTINGS frame and haven't heard back
  6640  	goAway          *http2GoAwayFrame             // if non-nil, the GoAwayFrame we received
  6641  	goAwayDebug     string                        // goAway frame's debug data, retained as a string
  6642  	streams         map[uint32]*http2clientStream // client-initiated
  6643  	nextStreamID    uint32
  6644  	pendingRequests int                       // requests blocked and waiting to be sent because len(streams) == maxConcurrentStreams
  6645  	pings           map[[8]byte]chan struct{} // in flight ping data to notification channel
  6646  	bw              *bufio.Writer
  6647  	br              *bufio.Reader
  6648  	fr              *http2Framer
  6649  	lastActive      time.Time
  6650  	// Settings from peer: (also guarded by mu)
  6651  	maxFrameSize          uint32
  6652  	maxConcurrentStreams  uint32
  6653  	peerMaxHeaderListSize uint64
  6654  	initialWindowSize     uint32
  6655  
  6656  	hbuf    bytes.Buffer // HPACK encoder writes into this
  6657  	henc    *hpack.Encoder
  6658  	freeBuf [][]byte
  6659  
  6660  	wmu  sync.Mutex // held while writing; acquire AFTER mu if holding both
  6661  	werr error      // first write error that has occurred
  6662  }
  6663  
  6664  // clientStream is the state for a single HTTP/2 stream. One of these
  6665  // is created for each Transport.RoundTrip call.
  6666  type http2clientStream struct {
  6667  	cc            *http2ClientConn
  6668  	req           *Request
  6669  	trace         *httptrace.ClientTrace // or nil
  6670  	ID            uint32
  6671  	resc          chan http2resAndError
  6672  	bufPipe       http2pipe // buffered pipe with the flow-controlled response payload
  6673  	startedWrite  bool      // started request body write; guarded by cc.mu
  6674  	requestedGzip bool
  6675  	on100         func() // optional code to run if get a 100 continue response
  6676  
  6677  	flow        http2flow // guarded by cc.mu
  6678  	inflow      http2flow // guarded by cc.mu
  6679  	bytesRemain int64     // -1 means unknown; owned by transportResponseBody.Read
  6680  	readErr     error     // sticky read error; owned by transportResponseBody.Read
  6681  	stopReqBody error     // if non-nil, stop writing req body; guarded by cc.mu
  6682  	didReset    bool      // whether we sent a RST_STREAM to the server; guarded by cc.mu
  6683  
  6684  	peerReset chan struct{} // closed on peer reset
  6685  	resetErr  error         // populated before peerReset is closed
  6686  
  6687  	done chan struct{} // closed when stream remove from cc.streams map; close calls guarded by cc.mu
  6688  
  6689  	// owned by clientConnReadLoop:
  6690  	firstByte    bool  // got the first response byte
  6691  	pastHeaders  bool  // got first MetaHeadersFrame (actual headers)
  6692  	pastTrailers bool  // got optional second MetaHeadersFrame (trailers)
  6693  	num1xx       uint8 // number of 1xx responses seen
  6694  
  6695  	trailer    Header  // accumulated trailers
  6696  	resTrailer *Header // client's Response.Trailer
  6697  }
  6698  
  6699  // awaitRequestCancel waits for the user to cancel a request or for the done
  6700  // channel to be signaled. A non-nil error is returned only if the request was
  6701  // canceled.
  6702  func http2awaitRequestCancel(req *Request, done <-chan struct{}) error {
  6703  	ctx := req.Context()
  6704  	if req.Cancel == nil && ctx.Done() == nil {
  6705  		return nil
  6706  	}
  6707  	select {
  6708  	case <-req.Cancel:
  6709  		return http2errRequestCanceled
  6710  	case <-ctx.Done():
  6711  		return ctx.Err()
  6712  	case <-done:
  6713  		return nil
  6714  	}
  6715  }
  6716  
  6717  var http2got1xxFuncForTests func(int, textproto.MIMEHeader) error
  6718  
  6719  // get1xxTraceFunc returns the value of request's httptrace.ClientTrace.Got1xxResponse func,
  6720  // if any. It returns nil if not set or if the Go version is too old.
  6721  func (cs *http2clientStream) get1xxTraceFunc() func(int, textproto.MIMEHeader) error {
  6722  	if fn := http2got1xxFuncForTests; fn != nil {
  6723  		return fn
  6724  	}
  6725  	return http2traceGot1xxResponseFunc(cs.trace)
  6726  }
  6727  
  6728  // awaitRequestCancel waits for the user to cancel a request, its context to
  6729  // expire, or for the request to be done (any way it might be removed from the
  6730  // cc.streams map: peer reset, successful completion, TCP connection breakage,
  6731  // etc). If the request is canceled, then cs will be canceled and closed.
  6732  func (cs *http2clientStream) awaitRequestCancel(req *Request) {
  6733  	if err := http2awaitRequestCancel(req, cs.done); err != nil {
  6734  		cs.cancelStream()
  6735  		cs.bufPipe.CloseWithError(err)
  6736  	}
  6737  }
  6738  
  6739  func (cs *http2clientStream) cancelStream() {
  6740  	cc := cs.cc
  6741  	cc.mu.Lock()
  6742  	didReset := cs.didReset
  6743  	cs.didReset = true
  6744  	cc.mu.Unlock()
  6745  
  6746  	if !didReset {
  6747  		cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil)
  6748  		cc.forgetStreamID(cs.ID)
  6749  	}
  6750  }
  6751  
  6752  // checkResetOrDone reports any error sent in a RST_STREAM frame by the
  6753  // server, or errStreamClosed if the stream is complete.
  6754  func (cs *http2clientStream) checkResetOrDone() error {
  6755  	select {
  6756  	case <-cs.peerReset:
  6757  		return cs.resetErr
  6758  	case <-cs.done:
  6759  		return http2errStreamClosed
  6760  	default:
  6761  		return nil
  6762  	}
  6763  }
  6764  
  6765  func (cs *http2clientStream) getStartedWrite() bool {
  6766  	cc := cs.cc
  6767  	cc.mu.Lock()
  6768  	defer cc.mu.Unlock()
  6769  	return cs.startedWrite
  6770  }
  6771  
  6772  func (cs *http2clientStream) abortRequestBodyWrite(err error) {
  6773  	if err == nil {
  6774  		panic("nil error")
  6775  	}
  6776  	cc := cs.cc
  6777  	cc.mu.Lock()
  6778  	cs.stopReqBody = err
  6779  	cc.cond.Broadcast()
  6780  	cc.mu.Unlock()
  6781  }
  6782  
  6783  type http2stickyErrWriter struct {
  6784  	w   io.Writer
  6785  	err *error
  6786  }
  6787  
  6788  func (sew http2stickyErrWriter) Write(p []byte) (n int, err error) {
  6789  	if *sew.err != nil {
  6790  		return 0, *sew.err
  6791  	}
  6792  	n, err = sew.w.Write(p)
  6793  	*sew.err = err
  6794  	return
  6795  }
  6796  
  6797  // noCachedConnError is the concrete type of ErrNoCachedConn, which
  6798  // needs to be detected by net/http regardless of whether it's its
  6799  // bundled version (in h2_bundle.go with a rewritten type name) or
  6800  // from a user's x/net/http2. As such, as it has a unique method name
  6801  // (IsHTTP2NoCachedConnError) that net/http sniffs for via func
  6802  // isNoCachedConnError.
  6803  type http2noCachedConnError struct{}
  6804  
  6805  func (http2noCachedConnError) IsHTTP2NoCachedConnError() {}
  6806  
  6807  func (http2noCachedConnError) Error() string { return "http2: no cached connection was available" }
  6808  
  6809  // isNoCachedConnError reports whether err is of type noCachedConnError
  6810  // or its equivalent renamed type in net/http2's h2_bundle.go. Both types
  6811  // may coexist in the same running program.
  6812  func http2isNoCachedConnError(err error) bool {
  6813  	_, ok := err.(interface{ IsHTTP2NoCachedConnError() })
  6814  	return ok
  6815  }
  6816  
  6817  var http2ErrNoCachedConn error = http2noCachedConnError{}
  6818  
  6819  // RoundTripOpt are options for the Transport.RoundTripOpt method.
  6820  type http2RoundTripOpt struct {
  6821  	// OnlyCachedConn controls whether RoundTripOpt may
  6822  	// create a new TCP connection. If set true and
  6823  	// no cached connection is available, RoundTripOpt
  6824  	// will return ErrNoCachedConn.
  6825  	OnlyCachedConn bool
  6826  }
  6827  
  6828  func (t *http2Transport) RoundTrip(req *Request) (*Response, error) {
  6829  	return t.RoundTripOpt(req, http2RoundTripOpt{})
  6830  }
  6831  
  6832  // authorityAddr returns a given authority (a host/IP, or host:port / ip:port)
  6833  // and returns a host:port. The port 443 is added if needed.
  6834  func http2authorityAddr(scheme string, authority string) (addr string) {
  6835  	host, port, err := net.SplitHostPort(authority)
  6836  	if err != nil { // authority didn't have a port
  6837  		port = "443"
  6838  		if scheme == "http" {
  6839  			port = "80"
  6840  		}
  6841  		host = authority
  6842  	}
  6843  	if a, err := idna.ToASCII(host); err == nil {
  6844  		host = a
  6845  	}
  6846  	// IPv6 address literal, without a port:
  6847  	if strings.HasPrefix(host, "[") && strings.HasSuffix(host, "]") {
  6848  		return host + ":" + port
  6849  	}
  6850  	return net.JoinHostPort(host, port)
  6851  }
  6852  
  6853  // RoundTripOpt is like RoundTrip, but takes options.
  6854  func (t *http2Transport) RoundTripOpt(req *Request, opt http2RoundTripOpt) (*Response, error) {
  6855  	if !(req.URL.Scheme == "https" || (req.URL.Scheme == "http" && t.AllowHTTP)) {
  6856  		return nil, errors.New("http2: unsupported scheme")
  6857  	}
  6858  
  6859  	addr := http2authorityAddr(req.URL.Scheme, req.URL.Host)
  6860  	for retry := 0; ; retry++ {
  6861  		cc, err := t.connPool().GetClientConn(req, addr)
  6862  		if err != nil {
  6863  			t.vlogf("http2: Transport failed to get client conn for %s: %v", addr, err)
  6864  			return nil, err
  6865  		}
  6866  		http2traceGotConn(req, cc)
  6867  		res, gotErrAfterReqBodyWrite, err := cc.roundTrip(req)
  6868  		if err != nil && retry <= 6 {
  6869  			if req, err = http2shouldRetryRequest(req, err, gotErrAfterReqBodyWrite); err == nil {
  6870  				// After the first retry, do exponential backoff with 10% jitter.
  6871  				if retry == 0 {
  6872  					continue
  6873  				}
  6874  				backoff := float64(uint(1) << (uint(retry) - 1))
  6875  				backoff += backoff * (0.1 * mathrand.Float64())
  6876  				select {
  6877  				case <-time.After(time.Second * time.Duration(backoff)):
  6878  					continue
  6879  				case <-req.Context().Done():
  6880  					return nil, req.Context().Err()
  6881  				}
  6882  			}
  6883  		}
  6884  		if err != nil {
  6885  			t.vlogf("RoundTrip failure: %v", err)
  6886  			return nil, err
  6887  		}
  6888  		return res, nil
  6889  	}
  6890  }
  6891  
  6892  // CloseIdleConnections closes any connections which were previously
  6893  // connected from previous requests but are now sitting idle.
  6894  // It does not interrupt any connections currently in use.
  6895  func (t *http2Transport) CloseIdleConnections() {
  6896  	if cp, ok := t.connPool().(http2clientConnPoolIdleCloser); ok {
  6897  		cp.closeIdleConnections()
  6898  	}
  6899  }
  6900  
  6901  var (
  6902  	http2errClientConnClosed    = errors.New("http2: client conn is closed")
  6903  	http2errClientConnUnusable  = errors.New("http2: client conn not usable")
  6904  	http2errClientConnGotGoAway = errors.New("http2: Transport received Server's graceful shutdown GOAWAY")
  6905  )
  6906  
  6907  // shouldRetryRequest is called by RoundTrip when a request fails to get
  6908  // response headers. It is always called with a non-nil error.
  6909  // It returns either a request to retry (either the same request, or a
  6910  // modified clone), or an error if the request can't be replayed.
  6911  func http2shouldRetryRequest(req *Request, err error, afterBodyWrite bool) (*Request, error) {
  6912  	if !http2canRetryError(err) {
  6913  		return nil, err
  6914  	}
  6915  	// If the Body is nil (or http.NoBody), it's safe to reuse
  6916  	// this request and its Body.
  6917  	if req.Body == nil || req.Body == NoBody {
  6918  		return req, nil
  6919  	}
  6920  
  6921  	// If the request body can be reset back to its original
  6922  	// state via the optional req.GetBody, do that.
  6923  	if req.GetBody != nil {
  6924  		// TODO: consider a req.Body.Close here? or audit that all caller paths do?
  6925  		body, err := req.GetBody()
  6926  		if err != nil {
  6927  			return nil, err
  6928  		}
  6929  		newReq := *req
  6930  		newReq.Body = body
  6931  		return &newReq, nil
  6932  	}
  6933  
  6934  	// The Request.Body can't reset back to the beginning, but we
  6935  	// don't seem to have started to read from it yet, so reuse
  6936  	// the request directly. The "afterBodyWrite" means the
  6937  	// bodyWrite process has started, which becomes true before
  6938  	// the first Read.
  6939  	if !afterBodyWrite {
  6940  		return req, nil
  6941  	}
  6942  
  6943  	return nil, fmt.Errorf("http2: Transport: cannot retry err [%v] after Request.Body was written; define Request.GetBody to avoid this error", err)
  6944  }
  6945  
  6946  func http2canRetryError(err error) bool {
  6947  	if err == http2errClientConnUnusable || err == http2errClientConnGotGoAway {
  6948  		return true
  6949  	}
  6950  	if se, ok := err.(http2StreamError); ok {
  6951  		return se.Code == http2ErrCodeRefusedStream
  6952  	}
  6953  	return false
  6954  }
  6955  
  6956  func (t *http2Transport) dialClientConn(addr string, singleUse bool) (*http2ClientConn, error) {
  6957  	host, _, err := net.SplitHostPort(addr)
  6958  	if err != nil {
  6959  		return nil, err
  6960  	}
  6961  	tconn, err := t.dialTLS()("tcp", addr, t.newTLSConfig(host))
  6962  	if err != nil {
  6963  		return nil, err
  6964  	}
  6965  	return t.newClientConn(tconn, singleUse)
  6966  }
  6967  
  6968  func (t *http2Transport) newTLSConfig(host string) *tls.Config {
  6969  	cfg := new(tls.Config)
  6970  	if t.TLSClientConfig != nil {
  6971  		*cfg = *t.TLSClientConfig.Clone()
  6972  	}
  6973  	if !http2strSliceContains(cfg.NextProtos, http2NextProtoTLS) {
  6974  		cfg.NextProtos = append([]string{http2NextProtoTLS}, cfg.NextProtos...)
  6975  	}
  6976  	if cfg.ServerName == "" {
  6977  		cfg.ServerName = host
  6978  	}
  6979  	return cfg
  6980  }
  6981  
  6982  func (t *http2Transport) dialTLS() func(string, string, *tls.Config) (net.Conn, error) {
  6983  	if t.DialTLS != nil {
  6984  		return t.DialTLS
  6985  	}
  6986  	return t.dialTLSDefault
  6987  }
  6988  
  6989  func (t *http2Transport) dialTLSDefault(network, addr string, cfg *tls.Config) (net.Conn, error) {
  6990  	cn, err := tls.Dial(network, addr, cfg)
  6991  	if err != nil {
  6992  		return nil, err
  6993  	}
  6994  	if err := cn.Handshake(); err != nil {
  6995  		return nil, err
  6996  	}
  6997  	if !cfg.InsecureSkipVerify {
  6998  		if err := cn.VerifyHostname(cfg.ServerName); err != nil {
  6999  			return nil, err
  7000  		}
  7001  	}
  7002  	state := cn.ConnectionState()
  7003  	if p := state.NegotiatedProtocol; p != http2NextProtoTLS {
  7004  		return nil, fmt.Errorf("http2: unexpected ALPN protocol %q; want %q", p, http2NextProtoTLS)
  7005  	}
  7006  	if !state.NegotiatedProtocolIsMutual {
  7007  		return nil, errors.New("http2: could not negotiate protocol mutually")
  7008  	}
  7009  	return cn, nil
  7010  }
  7011  
  7012  // disableKeepAlives reports whether connections should be closed as
  7013  // soon as possible after handling the first request.
  7014  func (t *http2Transport) disableKeepAlives() bool {
  7015  	return t.t1 != nil && t.t1.DisableKeepAlives
  7016  }
  7017  
  7018  func (t *http2Transport) expectContinueTimeout() time.Duration {
  7019  	if t.t1 == nil {
  7020  		return 0
  7021  	}
  7022  	return t.t1.ExpectContinueTimeout
  7023  }
  7024  
  7025  func (t *http2Transport) NewClientConn(c net.Conn) (*http2ClientConn, error) {
  7026  	return t.newClientConn(c, false)
  7027  }
  7028  
  7029  func (t *http2Transport) newClientConn(c net.Conn, singleUse bool) (*http2ClientConn, error) {
  7030  	cc := &http2ClientConn{
  7031  		t:                     t,
  7032  		tconn:                 c,
  7033  		readerDone:            make(chan struct{}),
  7034  		nextStreamID:          1,
  7035  		maxFrameSize:          16 << 10,           // spec default
  7036  		initialWindowSize:     65535,              // spec default
  7037  		maxConcurrentStreams:  1000,               // "infinite", per spec. 1000 seems good enough.
  7038  		peerMaxHeaderListSize: 0xffffffffffffffff, // "infinite", per spec. Use 2^64-1 instead.
  7039  		streams:               make(map[uint32]*http2clientStream),
  7040  		singleUse:             singleUse,
  7041  		wantSettingsAck:       true,
  7042  		pings:                 make(map[[8]byte]chan struct{}),
  7043  	}
  7044  	if d := t.idleConnTimeout(); d != 0 {
  7045  		cc.idleTimeout = d
  7046  		cc.idleTimer = time.AfterFunc(d, cc.onIdleTimeout)
  7047  	}
  7048  	if http2VerboseLogs {
  7049  		t.vlogf("http2: Transport creating client conn %p to %v", cc, c.RemoteAddr())
  7050  	}
  7051  
  7052  	cc.cond = sync.NewCond(&cc.mu)
  7053  	cc.flow.add(int32(http2initialWindowSize))
  7054  
  7055  	// TODO: adjust this writer size to account for frame size +
  7056  	// MTU + crypto/tls record padding.
  7057  	cc.bw = bufio.NewWriter(http2stickyErrWriter{c, &cc.werr})
  7058  	cc.br = bufio.NewReader(c)
  7059  	cc.fr = http2NewFramer(cc.bw, cc.br)
  7060  	cc.fr.ReadMetaHeaders = hpack.NewDecoder(http2initialHeaderTableSize, nil)
  7061  	cc.fr.MaxHeaderListSize = t.maxHeaderListSize()
  7062  
  7063  	// TODO: SetMaxDynamicTableSize, SetMaxDynamicTableSizeLimit on
  7064  	// henc in response to SETTINGS frames?
  7065  	cc.henc = hpack.NewEncoder(&cc.hbuf)
  7066  
  7067  	if t.AllowHTTP {
  7068  		cc.nextStreamID = 3
  7069  	}
  7070  
  7071  	if cs, ok := c.(http2connectionStater); ok {
  7072  		state := cs.ConnectionState()
  7073  		cc.tlsState = &state
  7074  	}
  7075  
  7076  	initialSettings := []http2Setting{
  7077  		{ID: http2SettingEnablePush, Val: 0},
  7078  		{ID: http2SettingInitialWindowSize, Val: http2transportDefaultStreamFlow},
  7079  	}
  7080  	if max := t.maxHeaderListSize(); max != 0 {
  7081  		initialSettings = append(initialSettings, http2Setting{ID: http2SettingMaxHeaderListSize, Val: max})
  7082  	}
  7083  
  7084  	cc.bw.Write(http2clientPreface)
  7085  	cc.fr.WriteSettings(initialSettings...)
  7086  	cc.fr.WriteWindowUpdate(0, http2transportDefaultConnFlow)
  7087  	cc.inflow.add(http2transportDefaultConnFlow + http2initialWindowSize)
  7088  	cc.bw.Flush()
  7089  	if cc.werr != nil {
  7090  		return nil, cc.werr
  7091  	}
  7092  
  7093  	go cc.readLoop()
  7094  	return cc, nil
  7095  }
  7096  
  7097  func (cc *http2ClientConn) setGoAway(f *http2GoAwayFrame) {
  7098  	cc.mu.Lock()
  7099  	defer cc.mu.Unlock()
  7100  
  7101  	old := cc.goAway
  7102  	cc.goAway = f
  7103  
  7104  	// Merge the previous and current GoAway error frames.
  7105  	if cc.goAwayDebug == "" {
  7106  		cc.goAwayDebug = string(f.DebugData())
  7107  	}
  7108  	if old != nil && old.ErrCode != http2ErrCodeNo {
  7109  		cc.goAway.ErrCode = old.ErrCode
  7110  	}
  7111  	last := f.LastStreamID
  7112  	for streamID, cs := range cc.streams {
  7113  		if streamID > last {
  7114  			select {
  7115  			case cs.resc <- http2resAndError{err: http2errClientConnGotGoAway}:
  7116  			default:
  7117  			}
  7118  		}
  7119  	}
  7120  }
  7121  
  7122  // CanTakeNewRequest reports whether the connection can take a new request,
  7123  // meaning it has not been closed or received or sent a GOAWAY.
  7124  func (cc *http2ClientConn) CanTakeNewRequest() bool {
  7125  	cc.mu.Lock()
  7126  	defer cc.mu.Unlock()
  7127  	return cc.canTakeNewRequestLocked()
  7128  }
  7129  
  7130  // clientConnIdleState describes the suitability of a client
  7131  // connection to initiate a new RoundTrip request.
  7132  type http2clientConnIdleState struct {
  7133  	canTakeNewRequest bool
  7134  	freshConn         bool // whether it's unused by any previous request
  7135  }
  7136  
  7137  func (cc *http2ClientConn) idleState() http2clientConnIdleState {
  7138  	cc.mu.Lock()
  7139  	defer cc.mu.Unlock()
  7140  	return cc.idleStateLocked()
  7141  }
  7142  
  7143  func (cc *http2ClientConn) idleStateLocked() (st http2clientConnIdleState) {
  7144  	if cc.singleUse && cc.nextStreamID > 1 {
  7145  		return
  7146  	}
  7147  	var maxConcurrentOkay bool
  7148  	if cc.t.StrictMaxConcurrentStreams {
  7149  		// We'll tell the caller we can take a new request to
  7150  		// prevent the caller from dialing a new TCP
  7151  		// connection, but then we'll block later before
  7152  		// writing it.
  7153  		maxConcurrentOkay = true
  7154  	} else {
  7155  		maxConcurrentOkay = int64(len(cc.streams)+1) < int64(cc.maxConcurrentStreams)
  7156  	}
  7157  
  7158  	st.canTakeNewRequest = cc.goAway == nil && !cc.closed && !cc.closing && maxConcurrentOkay &&
  7159  		int64(cc.nextStreamID)+2*int64(cc.pendingRequests) < math.MaxInt32
  7160  	st.freshConn = cc.nextStreamID == 1 && st.canTakeNewRequest
  7161  	return
  7162  }
  7163  
  7164  func (cc *http2ClientConn) canTakeNewRequestLocked() bool {
  7165  	st := cc.idleStateLocked()
  7166  	return st.canTakeNewRequest
  7167  }
  7168  
  7169  // onIdleTimeout is called from a time.AfterFunc goroutine. It will
  7170  // only be called when we're idle, but because we're coming from a new
  7171  // goroutine, there could be a new request coming in at the same time,
  7172  // so this simply calls the synchronized closeIfIdle to shut down this
  7173  // connection. The timer could just call closeIfIdle, but this is more
  7174  // clear.
  7175  func (cc *http2ClientConn) onIdleTimeout() {
  7176  	cc.closeIfIdle()
  7177  }
  7178  
  7179  func (cc *http2ClientConn) closeIfIdle() {
  7180  	cc.mu.Lock()
  7181  	if len(cc.streams) > 0 {
  7182  		cc.mu.Unlock()
  7183  		return
  7184  	}
  7185  	cc.closed = true
  7186  	nextID := cc.nextStreamID
  7187  	// TODO: do clients send GOAWAY too? maybe? Just Close:
  7188  	cc.mu.Unlock()
  7189  
  7190  	if http2VerboseLogs {
  7191  		cc.vlogf("http2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)", cc, cc.singleUse, nextID-2)
  7192  	}
  7193  	cc.tconn.Close()
  7194  }
  7195  
  7196  var http2shutdownEnterWaitStateHook = func() {}
  7197  
  7198  // Shutdown gracefully close the client connection, waiting for running streams to complete.
  7199  func (cc *http2ClientConn) Shutdown(ctx context.Context) error {
  7200  	if err := cc.sendGoAway(); err != nil {
  7201  		return err
  7202  	}
  7203  	// Wait for all in-flight streams to complete or connection to close
  7204  	done := make(chan error, 1)
  7205  	cancelled := false // guarded by cc.mu
  7206  	go func() {
  7207  		cc.mu.Lock()
  7208  		defer cc.mu.Unlock()
  7209  		for {
  7210  			if len(cc.streams) == 0 || cc.closed {
  7211  				cc.closed = true
  7212  				done <- cc.tconn.Close()
  7213  				break
  7214  			}
  7215  			if cancelled {
  7216  				break
  7217  			}
  7218  			cc.cond.Wait()
  7219  		}
  7220  	}()
  7221  	http2shutdownEnterWaitStateHook()
  7222  	select {
  7223  	case err := <-done:
  7224  		return err
  7225  	case <-ctx.Done():
  7226  		cc.mu.Lock()
  7227  		// Free the goroutine above
  7228  		cancelled = true
  7229  		cc.cond.Broadcast()
  7230  		cc.mu.Unlock()
  7231  		return ctx.Err()
  7232  	}
  7233  }
  7234  
  7235  func (cc *http2ClientConn) sendGoAway() error {
  7236  	cc.mu.Lock()
  7237  	defer cc.mu.Unlock()
  7238  	cc.wmu.Lock()
  7239  	defer cc.wmu.Unlock()
  7240  	if cc.closing {
  7241  		// GOAWAY sent already
  7242  		return nil
  7243  	}
  7244  	// Send a graceful shutdown frame to server
  7245  	maxStreamID := cc.nextStreamID
  7246  	if err := cc.fr.WriteGoAway(maxStreamID, http2ErrCodeNo, nil); err != nil {
  7247  		return err
  7248  	}
  7249  	if err := cc.bw.Flush(); err != nil {
  7250  		return err
  7251  	}
  7252  	// Prevent new requests
  7253  	cc.closing = true
  7254  	return nil
  7255  }
  7256  
  7257  // Close closes the client connection immediately.
  7258  //
  7259  // In-flight requests are interrupted. For a graceful shutdown, use Shutdown instead.
  7260  func (cc *http2ClientConn) Close() error {
  7261  	cc.mu.Lock()
  7262  	defer cc.cond.Broadcast()
  7263  	defer cc.mu.Unlock()
  7264  	err := errors.New("http2: client connection force closed via ClientConn.Close")
  7265  	for id, cs := range cc.streams {
  7266  		select {
  7267  		case cs.resc <- http2resAndError{err: err}:
  7268  		default:
  7269  		}
  7270  		cs.bufPipe.CloseWithError(err)
  7271  		delete(cc.streams, id)
  7272  	}
  7273  	cc.closed = true
  7274  	return cc.tconn.Close()
  7275  }
  7276  
  7277  const http2maxAllocFrameSize = 512 << 10
  7278  
  7279  // frameBuffer returns a scratch buffer suitable for writing DATA frames.
  7280  // They're capped at the min of the peer's max frame size or 512KB
  7281  // (kinda arbitrarily), but definitely capped so we don't allocate 4GB
  7282  // bufers.
  7283  func (cc *http2ClientConn) frameScratchBuffer() []byte {
  7284  	cc.mu.Lock()
  7285  	size := cc.maxFrameSize
  7286  	if size > http2maxAllocFrameSize {
  7287  		size = http2maxAllocFrameSize
  7288  	}
  7289  	for i, buf := range cc.freeBuf {
  7290  		if len(buf) >= int(size) {
  7291  			cc.freeBuf[i] = nil
  7292  			cc.mu.Unlock()
  7293  			return buf[:size]
  7294  		}
  7295  	}
  7296  	cc.mu.Unlock()
  7297  	return make([]byte, size)
  7298  }
  7299  
  7300  func (cc *http2ClientConn) putFrameScratchBuffer(buf []byte) {
  7301  	cc.mu.Lock()
  7302  	defer cc.mu.Unlock()
  7303  	const maxBufs = 4 // arbitrary; 4 concurrent requests per conn? investigate.
  7304  	if len(cc.freeBuf) < maxBufs {
  7305  		cc.freeBuf = append(cc.freeBuf, buf)
  7306  		return
  7307  	}
  7308  	for i, old := range cc.freeBuf {
  7309  		if old == nil {
  7310  			cc.freeBuf[i] = buf
  7311  			return
  7312  		}
  7313  	}
  7314  	// forget about it.
  7315  }
  7316  
  7317  // errRequestCanceled is a copy of net/http's errRequestCanceled because it's not
  7318  // exported. At least they'll be DeepEqual for h1-vs-h2 comparisons tests.
  7319  var http2errRequestCanceled = errors.New("net/http: request canceled")
  7320  
  7321  func http2commaSeparatedTrailers(req *Request) (string, error) {
  7322  	keys := make([]string, 0, len(req.Trailer))
  7323  	for k := range req.Trailer {
  7324  		k = CanonicalHeaderKey(k)
  7325  		switch k {
  7326  		case "Transfer-Encoding", "Trailer", "Content-Length":
  7327  			return "", &http2badStringError{"invalid Trailer key", k}
  7328  		}
  7329  		keys = append(keys, k)
  7330  	}
  7331  	if len(keys) > 0 {
  7332  		sort.Strings(keys)
  7333  		return strings.Join(keys, ","), nil
  7334  	}
  7335  	return "", nil
  7336  }
  7337  
  7338  func (cc *http2ClientConn) responseHeaderTimeout() time.Duration {
  7339  	if cc.t.t1 != nil {
  7340  		return cc.t.t1.ResponseHeaderTimeout
  7341  	}
  7342  	// No way to do this (yet?) with just an http2.Transport. Probably
  7343  	// no need. Request.Cancel this is the new way. We only need to support
  7344  	// this for compatibility with the old http.Transport fields when
  7345  	// we're doing transparent http2.
  7346  	return 0
  7347  }
  7348  
  7349  // checkConnHeaders checks whether req has any invalid connection-level headers.
  7350  // per RFC 7540 section 8.1.2.2: Connection-Specific Header Fields.
  7351  // Certain headers are special-cased as okay but not transmitted later.
  7352  func http2checkConnHeaders(req *Request) error {
  7353  	if v := req.Header.Get("Upgrade"); v != "" {
  7354  		return fmt.Errorf("http2: invalid Upgrade request header: %q", req.Header["Upgrade"])
  7355  	}
  7356  	if vv := req.Header["Transfer-Encoding"]; len(vv) > 0 && (len(vv) > 1 || vv[0] != "" && vv[0] != "chunked") {
  7357  		return fmt.Errorf("http2: invalid Transfer-Encoding request header: %q", vv)
  7358  	}
  7359  	if vv := req.Header["Connection"]; len(vv) > 0 && (len(vv) > 1 || vv[0] != "" && !strings.EqualFold(vv[0], "close") && !strings.EqualFold(vv[0], "keep-alive")) {
  7360  		return fmt.Errorf("http2: invalid Connection request header: %q", vv)
  7361  	}
  7362  	return nil
  7363  }
  7364  
  7365  // actualContentLength returns a sanitized version of
  7366  // req.ContentLength, where 0 actually means zero (not unknown) and -1
  7367  // means unknown.
  7368  func http2actualContentLength(req *Request) int64 {
  7369  	if req.Body == nil || req.Body == NoBody {
  7370  		return 0
  7371  	}
  7372  	if req.ContentLength != 0 {
  7373  		return req.ContentLength
  7374  	}
  7375  	return -1
  7376  }
  7377  
  7378  func (cc *http2ClientConn) RoundTrip(req *Request) (*Response, error) {
  7379  	resp, _, err := cc.roundTrip(req)
  7380  	return resp, err
  7381  }
  7382  
  7383  func (cc *http2ClientConn) roundTrip(req *Request) (res *Response, gotErrAfterReqBodyWrite bool, err error) {
  7384  	if err := http2checkConnHeaders(req); err != nil {
  7385  		return nil, false, err
  7386  	}
  7387  	if cc.idleTimer != nil {
  7388  		cc.idleTimer.Stop()
  7389  	}
  7390  
  7391  	trailers, err := http2commaSeparatedTrailers(req)
  7392  	if err != nil {
  7393  		return nil, false, err
  7394  	}
  7395  	hasTrailers := trailers != ""
  7396  
  7397  	cc.mu.Lock()
  7398  	if err := cc.awaitOpenSlotForRequest(req); err != nil {
  7399  		cc.mu.Unlock()
  7400  		return nil, false, err
  7401  	}
  7402  
  7403  	body := req.Body
  7404  	contentLen := http2actualContentLength(req)
  7405  	hasBody := contentLen != 0
  7406  
  7407  	// TODO(bradfitz): this is a copy of the logic in net/http. Unify somewhere?
  7408  	var requestedGzip bool
  7409  	if !cc.t.disableCompression() &&
  7410  		req.Header.Get("Accept-Encoding") == "" &&
  7411  		req.Header.Get("Range") == "" &&
  7412  		req.Method != "HEAD" {
  7413  		// Request gzip only, not deflate. Deflate is ambiguous and
  7414  		// not as universally supported anyway.
  7415  		// See: http://www.gzip.org/zlib/zlib_faq.html#faq38
  7416  		//
  7417  		// Note that we don't request this for HEAD requests,
  7418  		// due to a bug in nginx:
  7419  		//   http://trac.nginx.org/nginx/ticket/358
  7420  		//   https://golang.org/issue/5522
  7421  		//
  7422  		// We don't request gzip if the request is for a range, since
  7423  		// auto-decoding a portion of a gzipped document will just fail
  7424  		// anyway. See https://golang.org/issue/8923
  7425  		requestedGzip = true
  7426  	}
  7427  
  7428  	// we send: HEADERS{1}, CONTINUATION{0,} + DATA{0,} (DATA is
  7429  	// sent by writeRequestBody below, along with any Trailers,
  7430  	// again in form HEADERS{1}, CONTINUATION{0,})
  7431  	hdrs, err := cc.encodeHeaders(req, requestedGzip, trailers, contentLen)
  7432  	if err != nil {
  7433  		cc.mu.Unlock()
  7434  		return nil, false, err
  7435  	}
  7436  
  7437  	cs := cc.newStream()
  7438  	cs.req = req
  7439  	cs.trace = httptrace.ContextClientTrace(req.Context())
  7440  	cs.requestedGzip = requestedGzip
  7441  	bodyWriter := cc.t.getBodyWriterState(cs, body)
  7442  	cs.on100 = bodyWriter.on100
  7443  
  7444  	cc.wmu.Lock()
  7445  	endStream := !hasBody && !hasTrailers
  7446  	werr := cc.writeHeaders(cs.ID, endStream, int(cc.maxFrameSize), hdrs)
  7447  	cc.wmu.Unlock()
  7448  	http2traceWroteHeaders(cs.trace)
  7449  	cc.mu.Unlock()
  7450  
  7451  	if werr != nil {
  7452  		if hasBody {
  7453  			req.Body.Close() // per RoundTripper contract
  7454  			bodyWriter.cancel()
  7455  		}
  7456  		cc.forgetStreamID(cs.ID)
  7457  		// Don't bother sending a RST_STREAM (our write already failed;
  7458  		// no need to keep writing)
  7459  		http2traceWroteRequest(cs.trace, werr)
  7460  		return nil, false, werr
  7461  	}
  7462  
  7463  	var respHeaderTimer <-chan time.Time
  7464  	if hasBody {
  7465  		bodyWriter.scheduleBodyWrite()
  7466  	} else {
  7467  		http2traceWroteRequest(cs.trace, nil)
  7468  		if d := cc.responseHeaderTimeout(); d != 0 {
  7469  			timer := time.NewTimer(d)
  7470  			defer timer.Stop()
  7471  			respHeaderTimer = timer.C
  7472  		}
  7473  	}
  7474  
  7475  	readLoopResCh := cs.resc
  7476  	bodyWritten := false
  7477  	ctx := req.Context()
  7478  
  7479  	handleReadLoopResponse := func(re http2resAndError) (*Response, bool, error) {
  7480  		res := re.res
  7481  		if re.err != nil || res.StatusCode > 299 {
  7482  			// On error or status code 3xx, 4xx, 5xx, etc abort any
  7483  			// ongoing write, assuming that the server doesn't care
  7484  			// about our request body. If the server replied with 1xx or
  7485  			// 2xx, however, then assume the server DOES potentially
  7486  			// want our body (e.g. full-duplex streaming:
  7487  			// golang.org/issue/13444). If it turns out the server
  7488  			// doesn't, they'll RST_STREAM us soon enough. This is a
  7489  			// heuristic to avoid adding knobs to Transport. Hopefully
  7490  			// we can keep it.
  7491  			bodyWriter.cancel()
  7492  			cs.abortRequestBodyWrite(http2errStopReqBodyWrite)
  7493  		}
  7494  		if re.err != nil {
  7495  			cc.forgetStreamID(cs.ID)
  7496  			return nil, cs.getStartedWrite(), re.err
  7497  		}
  7498  		res.Request = req
  7499  		res.TLS = cc.tlsState
  7500  		return res, false, nil
  7501  	}
  7502  
  7503  	for {
  7504  		select {
  7505  		case re := <-readLoopResCh:
  7506  			return handleReadLoopResponse(re)
  7507  		case <-respHeaderTimer:
  7508  			if !hasBody || bodyWritten {
  7509  				cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil)
  7510  			} else {
  7511  				bodyWriter.cancel()
  7512  				cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel)
  7513  			}
  7514  			cc.forgetStreamID(cs.ID)
  7515  			return nil, cs.getStartedWrite(), http2errTimeout
  7516  		case <-ctx.Done():
  7517  			if !hasBody || bodyWritten {
  7518  				cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil)
  7519  			} else {
  7520  				bodyWriter.cancel()
  7521  				cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel)
  7522  			}
  7523  			cc.forgetStreamID(cs.ID)
  7524  			return nil, cs.getStartedWrite(), ctx.Err()
  7525  		case <-req.Cancel:
  7526  			if !hasBody || bodyWritten {
  7527  				cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil)
  7528  			} else {
  7529  				bodyWriter.cancel()
  7530  				cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel)
  7531  			}
  7532  			cc.forgetStreamID(cs.ID)
  7533  			return nil, cs.getStartedWrite(), http2errRequestCanceled
  7534  		case <-cs.peerReset:
  7535  			// processResetStream already removed the
  7536  			// stream from the streams map; no need for
  7537  			// forgetStreamID.
  7538  			return nil, cs.getStartedWrite(), cs.resetErr
  7539  		case err := <-bodyWriter.resc:
  7540  			// Prefer the read loop's response, if available. Issue 16102.
  7541  			select {
  7542  			case re := <-readLoopResCh:
  7543  				return handleReadLoopResponse(re)
  7544  			default:
  7545  			}
  7546  			if err != nil {
  7547  				cc.forgetStreamID(cs.ID)
  7548  				return nil, cs.getStartedWrite(), err
  7549  			}
  7550  			bodyWritten = true
  7551  			if d := cc.responseHeaderTimeout(); d != 0 {
  7552  				timer := time.NewTimer(d)
  7553  				defer timer.Stop()
  7554  				respHeaderTimer = timer.C
  7555  			}
  7556  		}
  7557  	}
  7558  }
  7559  
  7560  // awaitOpenSlotForRequest waits until len(streams) < maxConcurrentStreams.
  7561  // Must hold cc.mu.
  7562  func (cc *http2ClientConn) awaitOpenSlotForRequest(req *Request) error {
  7563  	var waitingForConn chan struct{}
  7564  	var waitingForConnErr error // guarded by cc.mu
  7565  	for {
  7566  		cc.lastActive = time.Now()
  7567  		if cc.closed || !cc.canTakeNewRequestLocked() {
  7568  			if waitingForConn != nil {
  7569  				close(waitingForConn)
  7570  			}
  7571  			return http2errClientConnUnusable
  7572  		}
  7573  		if int64(len(cc.streams))+1 <= int64(cc.maxConcurrentStreams) {
  7574  			if waitingForConn != nil {
  7575  				close(waitingForConn)
  7576  			}
  7577  			return nil
  7578  		}
  7579  		// Unfortunately, we cannot wait on a condition variable and channel at
  7580  		// the same time, so instead, we spin up a goroutine to check if the
  7581  		// request is canceled while we wait for a slot to open in the connection.
  7582  		if waitingForConn == nil {
  7583  			waitingForConn = make(chan struct{})
  7584  			go func() {
  7585  				if err := http2awaitRequestCancel(req, waitingForConn); err != nil {
  7586  					cc.mu.Lock()
  7587  					waitingForConnErr = err
  7588  					cc.cond.Broadcast()
  7589  					cc.mu.Unlock()
  7590  				}
  7591  			}()
  7592  		}
  7593  		cc.pendingRequests++
  7594  		cc.cond.Wait()
  7595  		cc.pendingRequests--
  7596  		if waitingForConnErr != nil {
  7597  			return waitingForConnErr
  7598  		}
  7599  	}
  7600  }
  7601  
  7602  // requires cc.wmu be held
  7603  func (cc *http2ClientConn) writeHeaders(streamID uint32, endStream bool, maxFrameSize int, hdrs []byte) error {
  7604  	first := true // first frame written (HEADERS is first, then CONTINUATION)
  7605  	for len(hdrs) > 0 && cc.werr == nil {
  7606  		chunk := hdrs
  7607  		if len(chunk) > maxFrameSize {
  7608  			chunk = chunk[:maxFrameSize]
  7609  		}
  7610  		hdrs = hdrs[len(chunk):]
  7611  		endHeaders := len(hdrs) == 0
  7612  		if first {
  7613  			cc.fr.WriteHeaders(http2HeadersFrameParam{
  7614  				StreamID:      streamID,
  7615  				BlockFragment: chunk,
  7616  				EndStream:     endStream,
  7617  				EndHeaders:    endHeaders,
  7618  			})
  7619  			first = false
  7620  		} else {
  7621  			cc.fr.WriteContinuation(streamID, endHeaders, chunk)
  7622  		}
  7623  	}
  7624  	// TODO(bradfitz): this Flush could potentially block (as
  7625  	// could the WriteHeaders call(s) above), which means they
  7626  	// wouldn't respond to Request.Cancel being readable. That's
  7627  	// rare, but this should probably be in a goroutine.
  7628  	cc.bw.Flush()
  7629  	return cc.werr
  7630  }
  7631  
  7632  // internal error values; they don't escape to callers
  7633  var (
  7634  	// abort request body write; don't send cancel
  7635  	http2errStopReqBodyWrite = errors.New("http2: aborting request body write")
  7636  
  7637  	// abort request body write, but send stream reset of cancel.
  7638  	http2errStopReqBodyWriteAndCancel = errors.New("http2: canceling request")
  7639  )
  7640  
  7641  func (cs *http2clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) (err error) {
  7642  	cc := cs.cc
  7643  	sentEnd := false // whether we sent the final DATA frame w/ END_STREAM
  7644  	buf := cc.frameScratchBuffer()
  7645  	defer cc.putFrameScratchBuffer(buf)
  7646  
  7647  	defer func() {
  7648  		http2traceWroteRequest(cs.trace, err)
  7649  		// TODO: write h12Compare test showing whether
  7650  		// Request.Body is closed by the Transport,
  7651  		// and in multiple cases: server replies <=299 and >299
  7652  		// while still writing request body
  7653  		cerr := bodyCloser.Close()
  7654  		if err == nil {
  7655  			err = cerr
  7656  		}
  7657  	}()
  7658  
  7659  	req := cs.req
  7660  	hasTrailers := req.Trailer != nil
  7661  
  7662  	var sawEOF bool
  7663  	for !sawEOF {
  7664  		n, err := body.Read(buf)
  7665  		if err == io.EOF {
  7666  			sawEOF = true
  7667  			err = nil
  7668  		} else if err != nil {
  7669  			cc.writeStreamReset(cs.ID, http2ErrCodeCancel, err)
  7670  			return err
  7671  		}
  7672  
  7673  		remain := buf[:n]
  7674  		for len(remain) > 0 && err == nil {
  7675  			var allowed int32
  7676  			allowed, err = cs.awaitFlowControl(len(remain))
  7677  			switch {
  7678  			case err == http2errStopReqBodyWrite:
  7679  				return err
  7680  			case err == http2errStopReqBodyWriteAndCancel:
  7681  				cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil)
  7682  				return err
  7683  			case err != nil:
  7684  				return err
  7685  			}
  7686  			cc.wmu.Lock()
  7687  			data := remain[:allowed]
  7688  			remain = remain[allowed:]
  7689  			sentEnd = sawEOF && len(remain) == 0 && !hasTrailers
  7690  			err = cc.fr.WriteData(cs.ID, sentEnd, data)
  7691  			if err == nil {
  7692  				// TODO(bradfitz): this flush is for latency, not bandwidth.
  7693  				// Most requests won't need this. Make this opt-in or
  7694  				// opt-out?  Use some heuristic on the body type? Nagel-like
  7695  				// timers?  Based on 'n'? Only last chunk of this for loop,
  7696  				// unless flow control tokens are low? For now, always.
  7697  				// If we change this, see comment below.
  7698  				err = cc.bw.Flush()
  7699  			}
  7700  			cc.wmu.Unlock()
  7701  		}
  7702  		if err != nil {
  7703  			return err
  7704  		}
  7705  	}
  7706  
  7707  	if sentEnd {
  7708  		// Already sent END_STREAM (which implies we have no
  7709  		// trailers) and flushed, because currently all
  7710  		// WriteData frames above get a flush. So we're done.
  7711  		return nil
  7712  	}
  7713  
  7714  	var trls []byte
  7715  	if hasTrailers {
  7716  		cc.mu.Lock()
  7717  		trls, err = cc.encodeTrailers(req)
  7718  		cc.mu.Unlock()
  7719  		if err != nil {
  7720  			cc.writeStreamReset(cs.ID, http2ErrCodeInternal, err)
  7721  			cc.forgetStreamID(cs.ID)
  7722  			return err
  7723  		}
  7724  	}
  7725  
  7726  	cc.mu.Lock()
  7727  	maxFrameSize := int(cc.maxFrameSize)
  7728  	cc.mu.Unlock()
  7729  
  7730  	cc.wmu.Lock()
  7731  	defer cc.wmu.Unlock()
  7732  
  7733  	// Two ways to send END_STREAM: either with trailers, or
  7734  	// with an empty DATA frame.
  7735  	if len(trls) > 0 {
  7736  		err = cc.writeHeaders(cs.ID, true, maxFrameSize, trls)
  7737  	} else {
  7738  		err = cc.fr.WriteData(cs.ID, true, nil)
  7739  	}
  7740  	if ferr := cc.bw.Flush(); ferr != nil && err == nil {
  7741  		err = ferr
  7742  	}
  7743  	return err
  7744  }
  7745  
  7746  // awaitFlowControl waits for [1, min(maxBytes, cc.cs.maxFrameSize)] flow
  7747  // control tokens from the server.
  7748  // It returns either the non-zero number of tokens taken or an error
  7749  // if the stream is dead.
  7750  func (cs *http2clientStream) awaitFlowControl(maxBytes int) (taken int32, err error) {
  7751  	cc := cs.cc
  7752  	cc.mu.Lock()
  7753  	defer cc.mu.Unlock()
  7754  	for {
  7755  		if cc.closed {
  7756  			return 0, http2errClientConnClosed
  7757  		}
  7758  		if cs.stopReqBody != nil {
  7759  			return 0, cs.stopReqBody
  7760  		}
  7761  		if err := cs.checkResetOrDone(); err != nil {
  7762  			return 0, err
  7763  		}
  7764  		if a := cs.flow.available(); a > 0 {
  7765  			take := a
  7766  			if int(take) > maxBytes {
  7767  
  7768  				take = int32(maxBytes) // can't truncate int; take is int32
  7769  			}
  7770  			if take > int32(cc.maxFrameSize) {
  7771  				take = int32(cc.maxFrameSize)
  7772  			}
  7773  			cs.flow.take(take)
  7774  			return take, nil
  7775  		}
  7776  		cc.cond.Wait()
  7777  	}
  7778  }
  7779  
  7780  type http2badStringError struct {
  7781  	what string
  7782  	str  string
  7783  }
  7784  
  7785  func (e *http2badStringError) Error() string { return fmt.Sprintf("%s %q", e.what, e.str) }
  7786  
  7787  // requires cc.mu be held.
  7788  func (cc *http2ClientConn) encodeHeaders(req *Request, addGzipHeader bool, trailers string, contentLength int64) ([]byte, error) {
  7789  	cc.hbuf.Reset()
  7790  
  7791  	host := req.Host
  7792  	if host == "" {
  7793  		host = req.URL.Host
  7794  	}
  7795  	host, err := httpguts.PunycodeHostPort(host)
  7796  	if err != nil {
  7797  		return nil, err
  7798  	}
  7799  
  7800  	var path string
  7801  	if req.Method != "CONNECT" {
  7802  		path = req.URL.RequestURI()
  7803  		if !http2validPseudoPath(path) {
  7804  			orig := path
  7805  			path = strings.TrimPrefix(path, req.URL.Scheme+"://"+host)
  7806  			if !http2validPseudoPath(path) {
  7807  				if req.URL.Opaque != "" {
  7808  					return nil, fmt.Errorf("invalid request :path %q from URL.Opaque = %q", orig, req.URL.Opaque)
  7809  				} else {
  7810  					return nil, fmt.Errorf("invalid request :path %q", orig)
  7811  				}
  7812  			}
  7813  		}
  7814  	}
  7815  
  7816  	// Check for any invalid headers and return an error before we
  7817  	// potentially pollute our hpack state. (We want to be able to
  7818  	// continue to reuse the hpack encoder for future requests)
  7819  	for k, vv := range req.Header {
  7820  		if !httpguts.ValidHeaderFieldName(k) {
  7821  			return nil, fmt.Errorf("invalid HTTP header name %q", k)
  7822  		}
  7823  		for _, v := range vv {
  7824  			if !httpguts.ValidHeaderFieldValue(v) {
  7825  				return nil, fmt.Errorf("invalid HTTP header value %q for header %q", v, k)
  7826  			}
  7827  		}
  7828  	}
  7829  
  7830  	enumerateHeaders := func(f func(name, value string)) {
  7831  		// 8.1.2.3 Request Pseudo-Header Fields
  7832  		// The :path pseudo-header field includes the path and query parts of the
  7833  		// target URI (the path-absolute production and optionally a '?' character
  7834  		// followed by the query production (see Sections 3.3 and 3.4 of
  7835  		// [RFC3986]).
  7836  		f(":authority", host)
  7837  		f(":method", req.Method)
  7838  		if req.Method != "CONNECT" {
  7839  			f(":path", path)
  7840  			f(":scheme", req.URL.Scheme)
  7841  		}
  7842  		if trailers != "" {
  7843  			f("trailer", trailers)
  7844  		}
  7845  
  7846  		var didUA bool
  7847  		for k, vv := range req.Header {
  7848  			if strings.EqualFold(k, "host") || strings.EqualFold(k, "content-length") {
  7849  				// Host is :authority, already sent.
  7850  				// Content-Length is automatic, set below.
  7851  				continue
  7852  			} else if strings.EqualFold(k, "connection") || strings.EqualFold(k, "proxy-connection") ||
  7853  				strings.EqualFold(k, "transfer-encoding") || strings.EqualFold(k, "upgrade") ||
  7854  				strings.EqualFold(k, "keep-alive") {
  7855  				// Per 8.1.2.2 Connection-Specific Header
  7856  				// Fields, don't send connection-specific
  7857  				// fields. We have already checked if any
  7858  				// are error-worthy so just ignore the rest.
  7859  				continue
  7860  			} else if strings.EqualFold(k, "user-agent") {
  7861  				// Match Go's http1 behavior: at most one
  7862  				// User-Agent. If set to nil or empty string,
  7863  				// then omit it. Otherwise if not mentioned,
  7864  				// include the default (below).
  7865  				didUA = true
  7866  				if len(vv) < 1 {
  7867  					continue
  7868  				}
  7869  				vv = vv[:1]
  7870  				if vv[0] == "" {
  7871  					continue
  7872  				}
  7873  
  7874  			}
  7875  
  7876  			for _, v := range vv {
  7877  				f(k, v)
  7878  			}
  7879  		}
  7880  		if http2shouldSendReqContentLength(req.Method, contentLength) {
  7881  			f("content-length", strconv.FormatInt(contentLength, 10))
  7882  		}
  7883  		if addGzipHeader {
  7884  			f("accept-encoding", "gzip")
  7885  		}
  7886  		if !didUA {
  7887  			f("user-agent", http2defaultUserAgent)
  7888  		}
  7889  	}
  7890  
  7891  	// Do a first pass over the headers counting bytes to ensure
  7892  	// we don't exceed cc.peerMaxHeaderListSize. This is done as a
  7893  	// separate pass before encoding the headers to prevent
  7894  	// modifying the hpack state.
  7895  	hlSize := uint64(0)
  7896  	enumerateHeaders(func(name, value string) {
  7897  		hf := hpack.HeaderField{Name: name, Value: value}
  7898  		hlSize += uint64(hf.Size())
  7899  	})
  7900  
  7901  	if hlSize > cc.peerMaxHeaderListSize {
  7902  		return nil, http2errRequestHeaderListSize
  7903  	}
  7904  
  7905  	trace := httptrace.ContextClientTrace(req.Context())
  7906  	traceHeaders := http2traceHasWroteHeaderField(trace)
  7907  
  7908  	// Header list size is ok. Write the headers.
  7909  	enumerateHeaders(func(name, value string) {
  7910  		name = strings.ToLower(name)
  7911  		cc.writeHeader(name, value)
  7912  		if traceHeaders {
  7913  			http2traceWroteHeaderField(trace, name, value)
  7914  		}
  7915  	})
  7916  
  7917  	return cc.hbuf.Bytes(), nil
  7918  }
  7919  
  7920  // shouldSendReqContentLength reports whether the http2.Transport should send
  7921  // a "content-length" request header. This logic is basically a copy of the net/http
  7922  // transferWriter.shouldSendContentLength.
  7923  // The contentLength is the corrected contentLength (so 0 means actually 0, not unknown).
  7924  // -1 means unknown.
  7925  func http2shouldSendReqContentLength(method string, contentLength int64) bool {
  7926  	if contentLength > 0 {
  7927  		return true
  7928  	}
  7929  	if contentLength < 0 {
  7930  		return false
  7931  	}
  7932  	// For zero bodies, whether we send a content-length depends on the method.
  7933  	// It also kinda doesn't matter for http2 either way, with END_STREAM.
  7934  	switch method {
  7935  	case "POST", "PUT", "PATCH":
  7936  		return true
  7937  	default:
  7938  		return false
  7939  	}
  7940  }
  7941  
  7942  // requires cc.mu be held.
  7943  func (cc *http2ClientConn) encodeTrailers(req *Request) ([]byte, error) {
  7944  	cc.hbuf.Reset()
  7945  
  7946  	hlSize := uint64(0)
  7947  	for k, vv := range req.Trailer {
  7948  		for _, v := range vv {
  7949  			hf := hpack.HeaderField{Name: k, Value: v}
  7950  			hlSize += uint64(hf.Size())
  7951  		}
  7952  	}
  7953  	if hlSize > cc.peerMaxHeaderListSize {
  7954  		return nil, http2errRequestHeaderListSize
  7955  	}
  7956  
  7957  	for k, vv := range req.Trailer {
  7958  		// Transfer-Encoding, etc.. have already been filtered at the
  7959  		// start of RoundTrip
  7960  		lowKey := strings.ToLower(k)
  7961  		for _, v := range vv {
  7962  			cc.writeHeader(lowKey, v)
  7963  		}
  7964  	}
  7965  	return cc.hbuf.Bytes(), nil
  7966  }
  7967  
  7968  func (cc *http2ClientConn) writeHeader(name, value string) {
  7969  	if http2VerboseLogs {
  7970  		log.Printf("http2: Transport encoding header %q = %q", name, value)
  7971  	}
  7972  	cc.henc.WriteField(hpack.HeaderField{Name: name, Value: value})
  7973  }
  7974  
  7975  type http2resAndError struct {
  7976  	res *Response
  7977  	err error
  7978  }
  7979  
  7980  // requires cc.mu be held.
  7981  func (cc *http2ClientConn) newStream() *http2clientStream {
  7982  	cs := &http2clientStream{
  7983  		cc:        cc,
  7984  		ID:        cc.nextStreamID,
  7985  		resc:      make(chan http2resAndError, 1),
  7986  		peerReset: make(chan struct{}),
  7987  		done:      make(chan struct{}),
  7988  	}
  7989  	cs.flow.add(int32(cc.initialWindowSize))
  7990  	cs.flow.setConnFlow(&cc.flow)
  7991  	cs.inflow.add(http2transportDefaultStreamFlow)
  7992  	cs.inflow.setConnFlow(&cc.inflow)
  7993  	cc.nextStreamID += 2
  7994  	cc.streams[cs.ID] = cs
  7995  	return cs
  7996  }
  7997  
  7998  func (cc *http2ClientConn) forgetStreamID(id uint32) {
  7999  	cc.streamByID(id, true)
  8000  }
  8001  
  8002  func (cc *http2ClientConn) streamByID(id uint32, andRemove bool) *http2clientStream {
  8003  	cc.mu.Lock()
  8004  	defer cc.mu.Unlock()
  8005  	cs := cc.streams[id]
  8006  	if andRemove && cs != nil && !cc.closed {
  8007  		cc.lastActive = time.Now()
  8008  		delete(cc.streams, id)
  8009  		if len(cc.streams) == 0 && cc.idleTimer != nil {
  8010  			cc.idleTimer.Reset(cc.idleTimeout)
  8011  		}
  8012  		close(cs.done)
  8013  		// Wake up checkResetOrDone via clientStream.awaitFlowControl and
  8014  		// wake up RoundTrip if there is a pending request.
  8015  		cc.cond.Broadcast()
  8016  	}
  8017  	return cs
  8018  }
  8019  
  8020  // clientConnReadLoop is the state owned by the clientConn's frame-reading readLoop.
  8021  type http2clientConnReadLoop struct {
  8022  	cc            *http2ClientConn
  8023  	closeWhenIdle bool
  8024  }
  8025  
  8026  // readLoop runs in its own goroutine and reads and dispatches frames.
  8027  func (cc *http2ClientConn) readLoop() {
  8028  	rl := &http2clientConnReadLoop{cc: cc}
  8029  	defer rl.cleanup()
  8030  	cc.readerErr = rl.run()
  8031  	if ce, ok := cc.readerErr.(http2ConnectionError); ok {
  8032  		cc.wmu.Lock()
  8033  		cc.fr.WriteGoAway(0, http2ErrCode(ce), nil)
  8034  		cc.wmu.Unlock()
  8035  	}
  8036  }
  8037  
  8038  // GoAwayError is returned by the Transport when the server closes the
  8039  // TCP connection after sending a GOAWAY frame.
  8040  type http2GoAwayError struct {
  8041  	LastStreamID uint32
  8042  	ErrCode      http2ErrCode
  8043  	DebugData    string
  8044  }
  8045  
  8046  func (e http2GoAwayError) Error() string {
  8047  	return fmt.Sprintf("http2: server sent GOAWAY and closed the connection; LastStreamID=%v, ErrCode=%v, debug=%q",
  8048  		e.LastStreamID, e.ErrCode, e.DebugData)
  8049  }
  8050  
  8051  func http2isEOFOrNetReadError(err error) bool {
  8052  	if err == io.EOF {
  8053  		return true
  8054  	}
  8055  	ne, ok := err.(*net.OpError)
  8056  	return ok && ne.Op == "read"
  8057  }
  8058  
  8059  func (rl *http2clientConnReadLoop) cleanup() {
  8060  	cc := rl.cc
  8061  	defer cc.tconn.Close()
  8062  	defer cc.t.connPool().MarkDead(cc)
  8063  	defer close(cc.readerDone)
  8064  
  8065  	if cc.idleTimer != nil {
  8066  		cc.idleTimer.Stop()
  8067  	}
  8068  
  8069  	// Close any response bodies if the server closes prematurely.
  8070  	// TODO: also do this if we've written the headers but not
  8071  	// gotten a response yet.
  8072  	err := cc.readerErr
  8073  	cc.mu.Lock()
  8074  	if cc.goAway != nil && http2isEOFOrNetReadError(err) {
  8075  		err = http2GoAwayError{
  8076  			LastStreamID: cc.goAway.LastStreamID,
  8077  			ErrCode:      cc.goAway.ErrCode,
  8078  			DebugData:    cc.goAwayDebug,
  8079  		}
  8080  	} else if err == io.EOF {
  8081  		err = io.ErrUnexpectedEOF
  8082  	}
  8083  	for _, cs := range cc.streams {
  8084  		cs.bufPipe.CloseWithError(err) // no-op if already closed
  8085  		select {
  8086  		case cs.resc <- http2resAndError{err: err}:
  8087  		default:
  8088  		}
  8089  		close(cs.done)
  8090  	}
  8091  	cc.closed = true
  8092  	cc.cond.Broadcast()
  8093  	cc.mu.Unlock()
  8094  }
  8095  
  8096  func (rl *http2clientConnReadLoop) run() error {
  8097  	cc := rl.cc
  8098  	rl.closeWhenIdle = cc.t.disableKeepAlives() || cc.singleUse
  8099  	gotReply := false // ever saw a HEADERS reply
  8100  	gotSettings := false
  8101  	for {
  8102  		f, err := cc.fr.ReadFrame()
  8103  		if err != nil {
  8104  			cc.vlogf("http2: Transport readFrame error on conn %p: (%T) %v", cc, err, err)
  8105  		}
  8106  		if se, ok := err.(http2StreamError); ok {
  8107  			if cs := cc.streamByID(se.StreamID, false); cs != nil {
  8108  				cs.cc.writeStreamReset(cs.ID, se.Code, err)
  8109  				cs.cc.forgetStreamID(cs.ID)
  8110  				if se.Cause == nil {
  8111  					se.Cause = cc.fr.errDetail
  8112  				}
  8113  				rl.endStreamError(cs, se)
  8114  			}
  8115  			continue
  8116  		} else if err != nil {
  8117  			return err
  8118  		}
  8119  		if http2VerboseLogs {
  8120  			cc.vlogf("http2: Transport received %s", http2summarizeFrame(f))
  8121  		}
  8122  		if !gotSettings {
  8123  			if _, ok := f.(*http2SettingsFrame); !ok {
  8124  				cc.logf("protocol error: received %T before a SETTINGS frame", f)
  8125  				return http2ConnectionError(http2ErrCodeProtocol)
  8126  			}
  8127  			gotSettings = true
  8128  		}
  8129  		maybeIdle := false // whether frame might transition us to idle
  8130  
  8131  		switch f := f.(type) {
  8132  		case *http2MetaHeadersFrame:
  8133  			err = rl.processHeaders(f)
  8134  			maybeIdle = true
  8135  			gotReply = true
  8136  		case *http2DataFrame:
  8137  			err = rl.processData(f)
  8138  			maybeIdle = true
  8139  		case *http2GoAwayFrame:
  8140  			err = rl.processGoAway(f)
  8141  			maybeIdle = true
  8142  		case *http2RSTStreamFrame:
  8143  			err = rl.processResetStream(f)
  8144  			maybeIdle = true
  8145  		case *http2SettingsFrame:
  8146  			err = rl.processSettings(f)
  8147  		case *http2PushPromiseFrame:
  8148  			err = rl.processPushPromise(f)
  8149  		case *http2WindowUpdateFrame:
  8150  			err = rl.processWindowUpdate(f)
  8151  		case *http2PingFrame:
  8152  			err = rl.processPing(f)
  8153  		default:
  8154  			cc.logf("Transport: unhandled response frame type %T", f)
  8155  		}
  8156  		if err != nil {
  8157  			if http2VerboseLogs {
  8158  				cc.vlogf("http2: Transport conn %p received error from processing frame %v: %v", cc, http2summarizeFrame(f), err)
  8159  			}
  8160  			return err
  8161  		}
  8162  		if rl.closeWhenIdle && gotReply && maybeIdle {
  8163  			cc.closeIfIdle()
  8164  		}
  8165  	}
  8166  }
  8167  
  8168  func (rl *http2clientConnReadLoop) processHeaders(f *http2MetaHeadersFrame) error {
  8169  	cc := rl.cc
  8170  	cs := cc.streamByID(f.StreamID, false)
  8171  	if cs == nil {
  8172  		// We'd get here if we canceled a request while the
  8173  		// server had its response still in flight. So if this
  8174  		// was just something we canceled, ignore it.
  8175  		return nil
  8176  	}
  8177  	if f.StreamEnded() {
  8178  		// Issue 20521: If the stream has ended, streamByID() causes
  8179  		// clientStream.done to be closed, which causes the request's bodyWriter
  8180  		// to be closed with an errStreamClosed, which may be received by
  8181  		// clientConn.RoundTrip before the result of processing these headers.
  8182  		// Deferring stream closure allows the header processing to occur first.
  8183  		// clientConn.RoundTrip may still receive the bodyWriter error first, but
  8184  		// the fix for issue 16102 prioritises any response.
  8185  		//
  8186  		// Issue 22413: If there is no request body, we should close the
  8187  		// stream before writing to cs.resc so that the stream is closed
  8188  		// immediately once RoundTrip returns.
  8189  		if cs.req.Body != nil {
  8190  			defer cc.forgetStreamID(f.StreamID)
  8191  		} else {
  8192  			cc.forgetStreamID(f.StreamID)
  8193  		}
  8194  	}
  8195  	if !cs.firstByte {
  8196  		if cs.trace != nil {
  8197  			// TODO(bradfitz): move first response byte earlier,
  8198  			// when we first read the 9 byte header, not waiting
  8199  			// until all the HEADERS+CONTINUATION frames have been
  8200  			// merged. This works for now.
  8201  			http2traceFirstResponseByte(cs.trace)
  8202  		}
  8203  		cs.firstByte = true
  8204  	}
  8205  	if !cs.pastHeaders {
  8206  		cs.pastHeaders = true
  8207  	} else {
  8208  		return rl.processTrailers(cs, f)
  8209  	}
  8210  
  8211  	res, err := rl.handleResponse(cs, f)
  8212  	if err != nil {
  8213  		if _, ok := err.(http2ConnectionError); ok {
  8214  			return err
  8215  		}
  8216  		// Any other error type is a stream error.
  8217  		cs.cc.writeStreamReset(f.StreamID, http2ErrCodeProtocol, err)
  8218  		cc.forgetStreamID(cs.ID)
  8219  		cs.resc <- http2resAndError{err: err}
  8220  		return nil // return nil from process* funcs to keep conn alive
  8221  	}
  8222  	if res == nil {
  8223  		// (nil, nil) special case. See handleResponse docs.
  8224  		return nil
  8225  	}
  8226  	cs.resTrailer = &res.Trailer
  8227  	cs.resc <- http2resAndError{res: res}
  8228  	return nil
  8229  }
  8230  
  8231  // may return error types nil, or ConnectionError. Any other error value
  8232  // is a StreamError of type ErrCodeProtocol. The returned error in that case
  8233  // is the detail.
  8234  //
  8235  // As a special case, handleResponse may return (nil, nil) to skip the
  8236  // frame (currently only used for 1xx responses).
  8237  func (rl *http2clientConnReadLoop) handleResponse(cs *http2clientStream, f *http2MetaHeadersFrame) (*Response, error) {
  8238  	if f.Truncated {
  8239  		return nil, http2errResponseHeaderListSize
  8240  	}
  8241  
  8242  	status := f.PseudoValue("status")
  8243  	if status == "" {
  8244  		return nil, errors.New("malformed response from server: missing status pseudo header")
  8245  	}
  8246  	statusCode, err := strconv.Atoi(status)
  8247  	if err != nil {
  8248  		return nil, errors.New("malformed response from server: malformed non-numeric status pseudo header")
  8249  	}
  8250  
  8251  	header := make(Header)
  8252  	res := &Response{
  8253  		Proto:      "HTTP/2.0",
  8254  		ProtoMajor: 2,
  8255  		Header:     header,
  8256  		StatusCode: statusCode,
  8257  		Status:     status + " " + StatusText(statusCode),
  8258  	}
  8259  	for _, hf := range f.RegularFields() {
  8260  		key := CanonicalHeaderKey(hf.Name)
  8261  		if key == "Trailer" {
  8262  			t := res.Trailer
  8263  			if t == nil {
  8264  				t = make(Header)
  8265  				res.Trailer = t
  8266  			}
  8267  			http2foreachHeaderElement(hf.Value, func(v string) {
  8268  				t[CanonicalHeaderKey(v)] = nil
  8269  			})
  8270  		} else {
  8271  			header[key] = append(header[key], hf.Value)
  8272  		}
  8273  	}
  8274  
  8275  	if statusCode >= 100 && statusCode <= 199 {
  8276  		cs.num1xx++
  8277  		const max1xxResponses = 5 // arbitrary bound on number of informational responses, same as net/http
  8278  		if cs.num1xx > max1xxResponses {
  8279  			return nil, errors.New("http2: too many 1xx informational responses")
  8280  		}
  8281  		if fn := cs.get1xxTraceFunc(); fn != nil {
  8282  			if err := fn(statusCode, textproto.MIMEHeader(header)); err != nil {
  8283  				return nil, err
  8284  			}
  8285  		}
  8286  		if statusCode == 100 {
  8287  			http2traceGot100Continue(cs.trace)
  8288  			if cs.on100 != nil {
  8289  				cs.on100() // forces any write delay timer to fire
  8290  			}
  8291  		}
  8292  		cs.pastHeaders = false // do it all again
  8293  		return nil, nil
  8294  	}
  8295  
  8296  	streamEnded := f.StreamEnded()
  8297  	isHead := cs.req.Method == "HEAD"
  8298  	if !streamEnded || isHead {
  8299  		res.ContentLength = -1
  8300  		if clens := res.Header["Content-Length"]; len(clens) == 1 {
  8301  			if clen64, err := strconv.ParseInt(clens[0], 10, 64); err == nil {
  8302  				res.ContentLength = clen64
  8303  			} else {
  8304  				// TODO: care? unlike http/1, it won't mess up our framing, so it's
  8305  				// more safe smuggling-wise to ignore.
  8306  			}
  8307  		} else if len(clens) > 1 {
  8308  			// TODO: care? unlike http/1, it won't mess up our framing, so it's
  8309  			// more safe smuggling-wise to ignore.
  8310  		}
  8311  	}
  8312  
  8313  	if streamEnded || isHead {
  8314  		res.Body = http2noBody
  8315  		return res, nil
  8316  	}
  8317  
  8318  	cs.bufPipe = http2pipe{b: &http2dataBuffer{expected: res.ContentLength}}
  8319  	cs.bytesRemain = res.ContentLength
  8320  	res.Body = http2transportResponseBody{cs}
  8321  	go cs.awaitRequestCancel(cs.req)
  8322  
  8323  	if cs.requestedGzip && res.Header.Get("Content-Encoding") == "gzip" {
  8324  		res.Header.Del("Content-Encoding")
  8325  		res.Header.Del("Content-Length")
  8326  		res.ContentLength = -1
  8327  		res.Body = &http2gzipReader{body: res.Body}
  8328  		res.Uncompressed = true
  8329  	}
  8330  	return res, nil
  8331  }
  8332  
  8333  func (rl *http2clientConnReadLoop) processTrailers(cs *http2clientStream, f *http2MetaHeadersFrame) error {
  8334  	if cs.pastTrailers {
  8335  		// Too many HEADERS frames for this stream.
  8336  		return http2ConnectionError(http2ErrCodeProtocol)
  8337  	}
  8338  	cs.pastTrailers = true
  8339  	if !f.StreamEnded() {
  8340  		// We expect that any headers for trailers also
  8341  		// has END_STREAM.
  8342  		return http2ConnectionError(http2ErrCodeProtocol)
  8343  	}
  8344  	if len(f.PseudoFields()) > 0 {
  8345  		// No pseudo header fields are defined for trailers.
  8346  		// TODO: ConnectionError might be overly harsh? Check.
  8347  		return http2ConnectionError(http2ErrCodeProtocol)
  8348  	}
  8349  
  8350  	trailer := make(Header)
  8351  	for _, hf := range f.RegularFields() {
  8352  		key := CanonicalHeaderKey(hf.Name)
  8353  		trailer[key] = append(trailer[key], hf.Value)
  8354  	}
  8355  	cs.trailer = trailer
  8356  
  8357  	rl.endStream(cs)
  8358  	return nil
  8359  }
  8360  
  8361  // transportResponseBody is the concrete type of Transport.RoundTrip's
  8362  // Response.Body. It is an io.ReadCloser. On Read, it reads from cs.body.
  8363  // On Close it sends RST_STREAM if EOF wasn't already seen.
  8364  type http2transportResponseBody struct {
  8365  	cs *http2clientStream
  8366  }
  8367  
  8368  func (b http2transportResponseBody) Read(p []byte) (n int, err error) {
  8369  	cs := b.cs
  8370  	cc := cs.cc
  8371  
  8372  	if cs.readErr != nil {
  8373  		return 0, cs.readErr
  8374  	}
  8375  	n, err = b.cs.bufPipe.Read(p)
  8376  	if cs.bytesRemain != -1 {
  8377  		if int64(n) > cs.bytesRemain {
  8378  			n = int(cs.bytesRemain)
  8379  			if err == nil {
  8380  				err = errors.New("net/http: server replied with more than declared Content-Length; truncated")
  8381  				cc.writeStreamReset(cs.ID, http2ErrCodeProtocol, err)
  8382  			}
  8383  			cs.readErr = err
  8384  			return int(cs.bytesRemain), err
  8385  		}
  8386  		cs.bytesRemain -= int64(n)
  8387  		if err == io.EOF && cs.bytesRemain > 0 {
  8388  			err = io.ErrUnexpectedEOF
  8389  			cs.readErr = err
  8390  			return n, err
  8391  		}
  8392  	}
  8393  	if n == 0 {
  8394  		// No flow control tokens to send back.
  8395  		return
  8396  	}
  8397  
  8398  	cc.mu.Lock()
  8399  	defer cc.mu.Unlock()
  8400  
  8401  	var connAdd, streamAdd int32
  8402  	// Check the conn-level first, before the stream-level.
  8403  	if v := cc.inflow.available(); v < http2transportDefaultConnFlow/2 {
  8404  		connAdd = http2transportDefaultConnFlow - v
  8405  		cc.inflow.add(connAdd)
  8406  	}
  8407  	if err == nil { // No need to refresh if the stream is over or failed.
  8408  		// Consider any buffered body data (read from the conn but not
  8409  		// consumed by the client) when computing flow control for this
  8410  		// stream.
  8411  		v := int(cs.inflow.available()) + cs.bufPipe.Len()
  8412  		if v < http2transportDefaultStreamFlow-http2transportDefaultStreamMinRefresh {
  8413  			streamAdd = int32(http2transportDefaultStreamFlow - v)
  8414  			cs.inflow.add(streamAdd)
  8415  		}
  8416  	}
  8417  	if connAdd != 0 || streamAdd != 0 {
  8418  		cc.wmu.Lock()
  8419  		defer cc.wmu.Unlock()
  8420  		if connAdd != 0 {
  8421  			cc.fr.WriteWindowUpdate(0, http2mustUint31(connAdd))
  8422  		}
  8423  		if streamAdd != 0 {
  8424  			cc.fr.WriteWindowUpdate(cs.ID, http2mustUint31(streamAdd))
  8425  		}
  8426  		cc.bw.Flush()
  8427  	}
  8428  	return
  8429  }
  8430  
  8431  var http2errClosedResponseBody = errors.New("http2: response body closed")
  8432  
  8433  func (b http2transportResponseBody) Close() error {
  8434  	cs := b.cs
  8435  	cc := cs.cc
  8436  
  8437  	serverSentStreamEnd := cs.bufPipe.Err() == io.EOF
  8438  	unread := cs.bufPipe.Len()
  8439  
  8440  	if unread > 0 || !serverSentStreamEnd {
  8441  		cc.mu.Lock()
  8442  		cc.wmu.Lock()
  8443  		if !serverSentStreamEnd {
  8444  			cc.fr.WriteRSTStream(cs.ID, http2ErrCodeCancel)
  8445  			cs.didReset = true
  8446  		}
  8447  		// Return connection-level flow control.
  8448  		if unread > 0 {
  8449  			cc.inflow.add(int32(unread))
  8450  			cc.fr.WriteWindowUpdate(0, uint32(unread))
  8451  		}
  8452  		cc.bw.Flush()
  8453  		cc.wmu.Unlock()
  8454  		cc.mu.Unlock()
  8455  	}
  8456  
  8457  	cs.bufPipe.BreakWithError(http2errClosedResponseBody)
  8458  	cc.forgetStreamID(cs.ID)
  8459  	return nil
  8460  }
  8461  
  8462  func (rl *http2clientConnReadLoop) processData(f *http2DataFrame) error {
  8463  	cc := rl.cc
  8464  	cs := cc.streamByID(f.StreamID, f.StreamEnded())
  8465  	data := f.Data()
  8466  	if cs == nil {
  8467  		cc.mu.Lock()
  8468  		neverSent := cc.nextStreamID
  8469  		cc.mu.Unlock()
  8470  		if f.StreamID >= neverSent {
  8471  			// We never asked for this.
  8472  			cc.logf("http2: Transport received unsolicited DATA frame; closing connection")
  8473  			return http2ConnectionError(http2ErrCodeProtocol)
  8474  		}
  8475  		// We probably did ask for this, but canceled. Just ignore it.
  8476  		// TODO: be stricter here? only silently ignore things which
  8477  		// we canceled, but not things which were closed normally
  8478  		// by the peer? Tough without accumulating too much state.
  8479  
  8480  		// But at least return their flow control:
  8481  		if f.Length > 0 {
  8482  			cc.mu.Lock()
  8483  			cc.inflow.add(int32(f.Length))
  8484  			cc.mu.Unlock()
  8485  
  8486  			cc.wmu.Lock()
  8487  			cc.fr.WriteWindowUpdate(0, uint32(f.Length))
  8488  			cc.bw.Flush()
  8489  			cc.wmu.Unlock()
  8490  		}
  8491  		return nil
  8492  	}
  8493  	if !cs.firstByte {
  8494  		cc.logf("protocol error: received DATA before a HEADERS frame")
  8495  		rl.endStreamError(cs, http2StreamError{
  8496  			StreamID: f.StreamID,
  8497  			Code:     http2ErrCodeProtocol,
  8498  		})
  8499  		return nil
  8500  	}
  8501  	if f.Length > 0 {
  8502  		if cs.req.Method == "HEAD" && len(data) > 0 {
  8503  			cc.logf("protocol error: received DATA on a HEAD request")
  8504  			rl.endStreamError(cs, http2StreamError{
  8505  				StreamID: f.StreamID,
  8506  				Code:     http2ErrCodeProtocol,
  8507  			})
  8508  			return nil
  8509  		}
  8510  		// Check connection-level flow control.
  8511  		cc.mu.Lock()
  8512  		if cs.inflow.available() >= int32(f.Length) {
  8513  			cs.inflow.take(int32(f.Length))
  8514  		} else {
  8515  			cc.mu.Unlock()
  8516  			return http2ConnectionError(http2ErrCodeFlowControl)
  8517  		}
  8518  		// Return any padded flow control now, since we won't
  8519  		// refund it later on body reads.
  8520  		var refund int
  8521  		if pad := int(f.Length) - len(data); pad > 0 {
  8522  			refund += pad
  8523  		}
  8524  		// Return len(data) now if the stream is already closed,
  8525  		// since data will never be read.
  8526  		didReset := cs.didReset
  8527  		if didReset {
  8528  			refund += len(data)
  8529  		}
  8530  		if refund > 0 {
  8531  			cc.inflow.add(int32(refund))
  8532  			cc.wmu.Lock()
  8533  			cc.fr.WriteWindowUpdate(0, uint32(refund))
  8534  			if !didReset {
  8535  				cs.inflow.add(int32(refund))
  8536  				cc.fr.WriteWindowUpdate(cs.ID, uint32(refund))
  8537  			}
  8538  			cc.bw.Flush()
  8539  			cc.wmu.Unlock()
  8540  		}
  8541  		cc.mu.Unlock()
  8542  
  8543  		if len(data) > 0 && !didReset {
  8544  			if _, err := cs.bufPipe.Write(data); err != nil {
  8545  				rl.endStreamError(cs, err)
  8546  				return err
  8547  			}
  8548  		}
  8549  	}
  8550  
  8551  	if f.StreamEnded() {
  8552  		rl.endStream(cs)
  8553  	}
  8554  	return nil
  8555  }
  8556  
  8557  var http2errInvalidTrailers = errors.New("http2: invalid trailers")
  8558  
  8559  func (rl *http2clientConnReadLoop) endStream(cs *http2clientStream) {
  8560  	// TODO: check that any declared content-length matches, like
  8561  	// server.go's (*stream).endStream method.
  8562  	rl.endStreamError(cs, nil)
  8563  }
  8564  
  8565  func (rl *http2clientConnReadLoop) endStreamError(cs *http2clientStream, err error) {
  8566  	var code func()
  8567  	if err == nil {
  8568  		err = io.EOF
  8569  		code = cs.copyTrailers
  8570  	}
  8571  	if http2isConnectionCloseRequest(cs.req) {
  8572  		rl.closeWhenIdle = true
  8573  	}
  8574  	cs.bufPipe.closeWithErrorAndCode(err, code)
  8575  
  8576  	select {
  8577  	case cs.resc <- http2resAndError{err: err}:
  8578  	default:
  8579  	}
  8580  }
  8581  
  8582  func (cs *http2clientStream) copyTrailers() {
  8583  	for k, vv := range cs.trailer {
  8584  		t := cs.resTrailer
  8585  		if *t == nil {
  8586  			*t = make(Header)
  8587  		}
  8588  		(*t)[k] = vv
  8589  	}
  8590  }
  8591  
  8592  func (rl *http2clientConnReadLoop) processGoAway(f *http2GoAwayFrame) error {
  8593  	cc := rl.cc
  8594  	cc.t.connPool().MarkDead(cc)
  8595  	if f.ErrCode != 0 {
  8596  		// TODO: deal with GOAWAY more. particularly the error code
  8597  		cc.vlogf("transport got GOAWAY with error code = %v", f.ErrCode)
  8598  	}
  8599  	cc.setGoAway(f)
  8600  	return nil
  8601  }
  8602  
  8603  func (rl *http2clientConnReadLoop) processSettings(f *http2SettingsFrame) error {
  8604  	cc := rl.cc
  8605  	cc.mu.Lock()
  8606  	defer cc.mu.Unlock()
  8607  
  8608  	if f.IsAck() {
  8609  		if cc.wantSettingsAck {
  8610  			cc.wantSettingsAck = false
  8611  			return nil
  8612  		}
  8613  		return http2ConnectionError(http2ErrCodeProtocol)
  8614  	}
  8615  
  8616  	err := f.ForeachSetting(func(s http2Setting) error {
  8617  		switch s.ID {
  8618  		case http2SettingMaxFrameSize:
  8619  			cc.maxFrameSize = s.Val
  8620  		case http2SettingMaxConcurrentStreams:
  8621  			cc.maxConcurrentStreams = s.Val
  8622  		case http2SettingMaxHeaderListSize:
  8623  			cc.peerMaxHeaderListSize = uint64(s.Val)
  8624  		case http2SettingInitialWindowSize:
  8625  			// Values above the maximum flow-control
  8626  			// window size of 2^31-1 MUST be treated as a
  8627  			// connection error (Section 5.4.1) of type
  8628  			// FLOW_CONTROL_ERROR.
  8629  			if s.Val > math.MaxInt32 {
  8630  				return http2ConnectionError(http2ErrCodeFlowControl)
  8631  			}
  8632  
  8633  			// Adjust flow control of currently-open
  8634  			// frames by the difference of the old initial
  8635  			// window size and this one.
  8636  			delta := int32(s.Val) - int32(cc.initialWindowSize)
  8637  			for _, cs := range cc.streams {
  8638  				cs.flow.add(delta)
  8639  			}
  8640  			cc.cond.Broadcast()
  8641  
  8642  			cc.initialWindowSize = s.Val
  8643  		default:
  8644  			// TODO(bradfitz): handle more settings? SETTINGS_HEADER_TABLE_SIZE probably.
  8645  			cc.vlogf("Unhandled Setting: %v", s)
  8646  		}
  8647  		return nil
  8648  	})
  8649  	if err != nil {
  8650  		return err
  8651  	}
  8652  
  8653  	cc.wmu.Lock()
  8654  	defer cc.wmu.Unlock()
  8655  
  8656  	cc.fr.WriteSettingsAck()
  8657  	cc.bw.Flush()
  8658  	return cc.werr
  8659  }
  8660  
  8661  func (rl *http2clientConnReadLoop) processWindowUpdate(f *http2WindowUpdateFrame) error {
  8662  	cc := rl.cc
  8663  	cs := cc.streamByID(f.StreamID, false)
  8664  	if f.StreamID != 0 && cs == nil {
  8665  		return nil
  8666  	}
  8667  
  8668  	cc.mu.Lock()
  8669  	defer cc.mu.Unlock()
  8670  
  8671  	fl := &cc.flow
  8672  	if cs != nil {
  8673  		fl = &cs.flow
  8674  	}
  8675  	if !fl.add(int32(f.Increment)) {
  8676  		return http2ConnectionError(http2ErrCodeFlowControl)
  8677  	}
  8678  	cc.cond.Broadcast()
  8679  	return nil
  8680  }
  8681  
  8682  func (rl *http2clientConnReadLoop) processResetStream(f *http2RSTStreamFrame) error {
  8683  	cs := rl.cc.streamByID(f.StreamID, true)
  8684  	if cs == nil {
  8685  		// TODO: return error if server tries to RST_STEAM an idle stream
  8686  		return nil
  8687  	}
  8688  	select {
  8689  	case <-cs.peerReset:
  8690  		// Already reset.
  8691  		// This is the only goroutine
  8692  		// which closes this, so there
  8693  		// isn't a race.
  8694  	default:
  8695  		err := http2streamError(cs.ID, f.ErrCode)
  8696  		cs.resetErr = err
  8697  		close(cs.peerReset)
  8698  		cs.bufPipe.CloseWithError(err)
  8699  		cs.cc.cond.Broadcast() // wake up checkResetOrDone via clientStream.awaitFlowControl
  8700  	}
  8701  	return nil
  8702  }
  8703  
  8704  // Ping sends a PING frame to the server and waits for the ack.
  8705  func (cc *http2ClientConn) Ping(ctx context.Context) error {
  8706  	c := make(chan struct{})
  8707  	// Generate a random payload
  8708  	var p [8]byte
  8709  	for {
  8710  		if _, err := rand.Read(p[:]); err != nil {
  8711  			return err
  8712  		}
  8713  		cc.mu.Lock()
  8714  		// check for dup before insert
  8715  		if _, found := cc.pings[p]; !found {
  8716  			cc.pings[p] = c
  8717  			cc.mu.Unlock()
  8718  			break
  8719  		}
  8720  		cc.mu.Unlock()
  8721  	}
  8722  	cc.wmu.Lock()
  8723  	if err := cc.fr.WritePing(false, p); err != nil {
  8724  		cc.wmu.Unlock()
  8725  		return err
  8726  	}
  8727  	if err := cc.bw.Flush(); err != nil {
  8728  		cc.wmu.Unlock()
  8729  		return err
  8730  	}
  8731  	cc.wmu.Unlock()
  8732  	select {
  8733  	case <-c:
  8734  		return nil
  8735  	case <-ctx.Done():
  8736  		return ctx.Err()
  8737  	case <-cc.readerDone:
  8738  		// connection closed
  8739  		return cc.readerErr
  8740  	}
  8741  }
  8742  
  8743  func (rl *http2clientConnReadLoop) processPing(f *http2PingFrame) error {
  8744  	if f.IsAck() {
  8745  		cc := rl.cc
  8746  		cc.mu.Lock()
  8747  		defer cc.mu.Unlock()
  8748  		// If ack, notify listener if any
  8749  		if c, ok := cc.pings[f.Data]; ok {
  8750  			close(c)
  8751  			delete(cc.pings, f.Data)
  8752  		}
  8753  		return nil
  8754  	}
  8755  	cc := rl.cc
  8756  	cc.wmu.Lock()
  8757  	defer cc.wmu.Unlock()
  8758  	if err := cc.fr.WritePing(true, f.Data); err != nil {
  8759  		return err
  8760  	}
  8761  	return cc.bw.Flush()
  8762  }
  8763  
  8764  func (rl *http2clientConnReadLoop) processPushPromise(f *http2PushPromiseFrame) error {
  8765  	// We told the peer we don't want them.
  8766  	// Spec says:
  8767  	// "PUSH_PROMISE MUST NOT be sent if the SETTINGS_ENABLE_PUSH
  8768  	// setting of the peer endpoint is set to 0. An endpoint that
  8769  	// has set this setting and has received acknowledgement MUST
  8770  	// treat the receipt of a PUSH_PROMISE frame as a connection
  8771  	// error (Section 5.4.1) of type PROTOCOL_ERROR."
  8772  	return http2ConnectionError(http2ErrCodeProtocol)
  8773  }
  8774  
  8775  func (cc *http2ClientConn) writeStreamReset(streamID uint32, code http2ErrCode, err error) {
  8776  	// TODO: map err to more interesting error codes, once the
  8777  	// HTTP community comes up with some. But currently for
  8778  	// RST_STREAM there's no equivalent to GOAWAY frame's debug
  8779  	// data, and the error codes are all pretty vague ("cancel").
  8780  	cc.wmu.Lock()
  8781  	cc.fr.WriteRSTStream(streamID, code)
  8782  	cc.bw.Flush()
  8783  	cc.wmu.Unlock()
  8784  }
  8785  
  8786  var (
  8787  	http2errResponseHeaderListSize = errors.New("http2: response header list larger than advertised limit")
  8788  	http2errRequestHeaderListSize  = errors.New("http2: request header list larger than peer's advertised limit")
  8789  	http2errPseudoTrailers         = errors.New("http2: invalid pseudo header in trailers")
  8790  )
  8791  
  8792  func (cc *http2ClientConn) logf(format string, args ...interface{}) {
  8793  	cc.t.logf(format, args...)
  8794  }
  8795  
  8796  func (cc *http2ClientConn) vlogf(format string, args ...interface{}) {
  8797  	cc.t.vlogf(format, args...)
  8798  }
  8799  
  8800  func (t *http2Transport) vlogf(format string, args ...interface{}) {
  8801  	if http2VerboseLogs {
  8802  		t.logf(format, args...)
  8803  	}
  8804  }
  8805  
  8806  func (t *http2Transport) logf(format string, args ...interface{}) {
  8807  	log.Printf(format, args...)
  8808  }
  8809  
  8810  var http2noBody io.ReadCloser = ioutil.NopCloser(bytes.NewReader(nil))
  8811  
  8812  func http2strSliceContains(ss []string, s string) bool {
  8813  	for _, v := range ss {
  8814  		if v == s {
  8815  			return true
  8816  		}
  8817  	}
  8818  	return false
  8819  }
  8820  
  8821  type http2erringRoundTripper struct{ err error }
  8822  
  8823  func (rt http2erringRoundTripper) RoundTrip(*Request) (*Response, error) { return nil, rt.err }
  8824  
  8825  // gzipReader wraps a response body so it can lazily
  8826  // call gzip.NewReader on the first call to Read
  8827  type http2gzipReader struct {
  8828  	body io.ReadCloser // underlying Response.Body
  8829  	zr   *gzip.Reader  // lazily-initialized gzip reader
  8830  	zerr error         // sticky error
  8831  }
  8832  
  8833  func (gz *http2gzipReader) Read(p []byte) (n int, err error) {
  8834  	if gz.zerr != nil {
  8835  		return 0, gz.zerr
  8836  	}
  8837  	if gz.zr == nil {
  8838  		gz.zr, err = gzip.NewReader(gz.body)
  8839  		if err != nil {
  8840  			gz.zerr = err
  8841  			return 0, err
  8842  		}
  8843  	}
  8844  	return gz.zr.Read(p)
  8845  }
  8846  
  8847  func (gz *http2gzipReader) Close() error {
  8848  	return gz.body.Close()
  8849  }
  8850  
  8851  type http2errorReader struct{ err error }
  8852  
  8853  func (r http2errorReader) Read(p []byte) (int, error) { return 0, r.err }
  8854  
  8855  // bodyWriterState encapsulates various state around the Transport's writing
  8856  // of the request body, particularly regarding doing delayed writes of the body
  8857  // when the request contains "Expect: 100-continue".
  8858  type http2bodyWriterState struct {
  8859  	cs     *http2clientStream
  8860  	timer  *time.Timer   // if non-nil, we're doing a delayed write
  8861  	fnonce *sync.Once    // to call fn with
  8862  	fn     func()        // the code to run in the goroutine, writing the body
  8863  	resc   chan error    // result of fn's execution
  8864  	delay  time.Duration // how long we should delay a delayed write for
  8865  }
  8866  
  8867  func (t *http2Transport) getBodyWriterState(cs *http2clientStream, body io.Reader) (s http2bodyWriterState) {
  8868  	s.cs = cs
  8869  	if body == nil {
  8870  		return
  8871  	}
  8872  	resc := make(chan error, 1)
  8873  	s.resc = resc
  8874  	s.fn = func() {
  8875  		cs.cc.mu.Lock()
  8876  		cs.startedWrite = true
  8877  		cs.cc.mu.Unlock()
  8878  		resc <- cs.writeRequestBody(body, cs.req.Body)
  8879  	}
  8880  	s.delay = t.expectContinueTimeout()
  8881  	if s.delay == 0 ||
  8882  		!httpguts.HeaderValuesContainsToken(
  8883  			cs.req.Header["Expect"],
  8884  			"100-continue") {
  8885  		return
  8886  	}
  8887  	s.fnonce = new(sync.Once)
  8888  
  8889  	// Arm the timer with a very large duration, which we'll
  8890  	// intentionally lower later. It has to be large now because
  8891  	// we need a handle to it before writing the headers, but the
  8892  	// s.delay value is defined to not start until after the
  8893  	// request headers were written.
  8894  	const hugeDuration = 365 * 24 * time.Hour
  8895  	s.timer = time.AfterFunc(hugeDuration, func() {
  8896  		s.fnonce.Do(s.fn)
  8897  	})
  8898  	return
  8899  }
  8900  
  8901  func (s http2bodyWriterState) cancel() {
  8902  	if s.timer != nil {
  8903  		s.timer.Stop()
  8904  	}
  8905  }
  8906  
  8907  func (s http2bodyWriterState) on100() {
  8908  	if s.timer == nil {
  8909  		// If we didn't do a delayed write, ignore the server's
  8910  		// bogus 100 continue response.
  8911  		return
  8912  	}
  8913  	s.timer.Stop()
  8914  	go func() { s.fnonce.Do(s.fn) }()
  8915  }
  8916  
  8917  // scheduleBodyWrite starts writing the body, either immediately (in
  8918  // the common case) or after the delay timeout. It should not be
  8919  // called until after the headers have been written.
  8920  func (s http2bodyWriterState) scheduleBodyWrite() {
  8921  	if s.timer == nil {
  8922  		// We're not doing a delayed write (see
  8923  		// getBodyWriterState), so just start the writing
  8924  		// goroutine immediately.
  8925  		go s.fn()
  8926  		return
  8927  	}
  8928  	http2traceWait100Continue(s.cs.trace)
  8929  	if s.timer.Stop() {
  8930  		s.timer.Reset(s.delay)
  8931  	}
  8932  }
  8933  
  8934  // isConnectionCloseRequest reports whether req should use its own
  8935  // connection for a single request and then close the connection.
  8936  func http2isConnectionCloseRequest(req *Request) bool {
  8937  	return req.Close || httpguts.HeaderValuesContainsToken(req.Header["Connection"], "close")
  8938  }
  8939  
  8940  // registerHTTPSProtocol calls Transport.RegisterProtocol but
  8941  // converting panics into errors.
  8942  func http2registerHTTPSProtocol(t *Transport, rt http2noDialH2RoundTripper) (err error) {
  8943  	defer func() {
  8944  		if e := recover(); e != nil {
  8945  			err = fmt.Errorf("%v", e)
  8946  		}
  8947  	}()
  8948  	t.RegisterProtocol("https", rt)
  8949  	return nil
  8950  }
  8951  
  8952  // noDialH2RoundTripper is a RoundTripper which only tries to complete the request
  8953  // if there's already has a cached connection to the host.
  8954  // (The field is exported so it can be accessed via reflect from net/http; tested
  8955  // by TestNoDialH2RoundTripperType)
  8956  type http2noDialH2RoundTripper struct{ *http2Transport }
  8957  
  8958  func (rt http2noDialH2RoundTripper) RoundTrip(req *Request) (*Response, error) {
  8959  	res, err := rt.http2Transport.RoundTrip(req)
  8960  	if http2isNoCachedConnError(err) {
  8961  		return nil, ErrSkipAltProtocol
  8962  	}
  8963  	return res, err
  8964  }
  8965  
  8966  func (t *http2Transport) idleConnTimeout() time.Duration {
  8967  	if t.t1 != nil {
  8968  		return t.t1.IdleConnTimeout
  8969  	}
  8970  	return 0
  8971  }
  8972  
  8973  func http2traceGetConn(req *Request, hostPort string) {
  8974  	trace := httptrace.ContextClientTrace(req.Context())
  8975  	if trace == nil || trace.GetConn == nil {
  8976  		return
  8977  	}
  8978  	trace.GetConn(hostPort)
  8979  }
  8980  
  8981  func http2traceGotConn(req *Request, cc *http2ClientConn) {
  8982  	trace := httptrace.ContextClientTrace(req.Context())
  8983  	if trace == nil || trace.GotConn == nil {
  8984  		return
  8985  	}
  8986  	ci := httptrace.GotConnInfo{Conn: cc.tconn}
  8987  	cc.mu.Lock()
  8988  	ci.Reused = cc.nextStreamID > 1
  8989  	ci.WasIdle = len(cc.streams) == 0 && ci.Reused
  8990  	if ci.WasIdle && !cc.lastActive.IsZero() {
  8991  		ci.IdleTime = time.Now().Sub(cc.lastActive)
  8992  	}
  8993  	cc.mu.Unlock()
  8994  
  8995  	trace.GotConn(ci)
  8996  }
  8997  
  8998  func http2traceWroteHeaders(trace *httptrace.ClientTrace) {
  8999  	if trace != nil && trace.WroteHeaders != nil {
  9000  		trace.WroteHeaders()
  9001  	}
  9002  }
  9003  
  9004  func http2traceGot100Continue(trace *httptrace.ClientTrace) {
  9005  	if trace != nil && trace.Got100Continue != nil {
  9006  		trace.Got100Continue()
  9007  	}
  9008  }
  9009  
  9010  func http2traceWait100Continue(trace *httptrace.ClientTrace) {
  9011  	if trace != nil && trace.Wait100Continue != nil {
  9012  		trace.Wait100Continue()
  9013  	}
  9014  }
  9015  
  9016  func http2traceWroteRequest(trace *httptrace.ClientTrace, err error) {
  9017  	if trace != nil && trace.WroteRequest != nil {
  9018  		trace.WroteRequest(httptrace.WroteRequestInfo{Err: err})
  9019  	}
  9020  }
  9021  
  9022  func http2traceFirstResponseByte(trace *httptrace.ClientTrace) {
  9023  	if trace != nil && trace.GotFirstResponseByte != nil {
  9024  		trace.GotFirstResponseByte()
  9025  	}
  9026  }
  9027  
  9028  // writeFramer is implemented by any type that is used to write frames.
  9029  type http2writeFramer interface {
  9030  	writeFrame(http2writeContext) error
  9031  
  9032  	// staysWithinBuffer reports whether this writer promises that
  9033  	// it will only write less than or equal to size bytes, and it
  9034  	// won't Flush the write context.
  9035  	staysWithinBuffer(size int) bool
  9036  }
  9037  
  9038  // writeContext is the interface needed by the various frame writer
  9039  // types below. All the writeFrame methods below are scheduled via the
  9040  // frame writing scheduler (see writeScheduler in writesched.go).
  9041  //
  9042  // This interface is implemented by *serverConn.
  9043  //
  9044  // TODO: decide whether to a) use this in the client code (which didn't
  9045  // end up using this yet, because it has a simpler design, not
  9046  // currently implementing priorities), or b) delete this and
  9047  // make the server code a bit more concrete.
  9048  type http2writeContext interface {
  9049  	Framer() *http2Framer
  9050  	Flush() error
  9051  	CloseConn() error
  9052  	// HeaderEncoder returns an HPACK encoder that writes to the
  9053  	// returned buffer.
  9054  	HeaderEncoder() (*hpack.Encoder, *bytes.Buffer)
  9055  }
  9056  
  9057  // writeEndsStream reports whether w writes a frame that will transition
  9058  // the stream to a half-closed local state. This returns false for RST_STREAM,
  9059  // which closes the entire stream (not just the local half).
  9060  func http2writeEndsStream(w http2writeFramer) bool {
  9061  	switch v := w.(type) {
  9062  	case *http2writeData:
  9063  		return v.endStream
  9064  	case *http2writeResHeaders:
  9065  		return v.endStream
  9066  	case nil:
  9067  		// This can only happen if the caller reuses w after it's
  9068  		// been intentionally nil'ed out to prevent use. Keep this
  9069  		// here to catch future refactoring breaking it.
  9070  		panic("writeEndsStream called on nil writeFramer")
  9071  	}
  9072  	return false
  9073  }
  9074  
  9075  type http2flushFrameWriter struct{}
  9076  
  9077  func (http2flushFrameWriter) writeFrame(ctx http2writeContext) error {
  9078  	return ctx.Flush()
  9079  }
  9080  
  9081  func (http2flushFrameWriter) staysWithinBuffer(max int) bool { return false }
  9082  
  9083  type http2writeSettings []http2Setting
  9084  
  9085  func (s http2writeSettings) staysWithinBuffer(max int) bool {
  9086  	const settingSize = 6 // uint16 + uint32
  9087  	return http2frameHeaderLen+settingSize*len(s) <= max
  9088  
  9089  }
  9090  
  9091  func (s http2writeSettings) writeFrame(ctx http2writeContext) error {
  9092  	return ctx.Framer().WriteSettings([]http2Setting(s)...)
  9093  }
  9094  
  9095  type http2writeGoAway struct {
  9096  	maxStreamID uint32
  9097  	code        http2ErrCode
  9098  }
  9099  
  9100  func (p *http2writeGoAway) writeFrame(ctx http2writeContext) error {
  9101  	err := ctx.Framer().WriteGoAway(p.maxStreamID, p.code, nil)
  9102  	ctx.Flush() // ignore error: we're hanging up on them anyway
  9103  	return err
  9104  }
  9105  
  9106  func (*http2writeGoAway) staysWithinBuffer(max int) bool { return false } // flushes
  9107  
  9108  type http2writeData struct {
  9109  	streamID  uint32
  9110  	p         []byte
  9111  	endStream bool
  9112  }
  9113  
  9114  func (w *http2writeData) String() string {
  9115  	return fmt.Sprintf("writeData(stream=%d, p=%d, endStream=%v)", w.streamID, len(w.p), w.endStream)
  9116  }
  9117  
  9118  func (w *http2writeData) writeFrame(ctx http2writeContext) error {
  9119  	return ctx.Framer().WriteData(w.streamID, w.endStream, w.p)
  9120  }
  9121  
  9122  func (w *http2writeData) staysWithinBuffer(max int) bool {
  9123  	return http2frameHeaderLen+len(w.p) <= max
  9124  }
  9125  
  9126  // handlerPanicRST is the message sent from handler goroutines when
  9127  // the handler panics.
  9128  type http2handlerPanicRST struct {
  9129  	StreamID uint32
  9130  }
  9131  
  9132  func (hp http2handlerPanicRST) writeFrame(ctx http2writeContext) error {
  9133  	return ctx.Framer().WriteRSTStream(hp.StreamID, http2ErrCodeInternal)
  9134  }
  9135  
  9136  func (hp http2handlerPanicRST) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max }
  9137  
  9138  func (se http2StreamError) writeFrame(ctx http2writeContext) error {
  9139  	return ctx.Framer().WriteRSTStream(se.StreamID, se.Code)
  9140  }
  9141  
  9142  func (se http2StreamError) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max }
  9143  
  9144  type http2writePingAck struct{ pf *http2PingFrame }
  9145  
  9146  func (w http2writePingAck) writeFrame(ctx http2writeContext) error {
  9147  	return ctx.Framer().WritePing(true, w.pf.Data)
  9148  }
  9149  
  9150  func (w http2writePingAck) staysWithinBuffer(max int) bool {
  9151  	return http2frameHeaderLen+len(w.pf.Data) <= max
  9152  }
  9153  
  9154  type http2writeSettingsAck struct{}
  9155  
  9156  func (http2writeSettingsAck) writeFrame(ctx http2writeContext) error {
  9157  	return ctx.Framer().WriteSettingsAck()
  9158  }
  9159  
  9160  func (http2writeSettingsAck) staysWithinBuffer(max int) bool { return http2frameHeaderLen <= max }
  9161  
  9162  // splitHeaderBlock splits headerBlock into fragments so that each fragment fits
  9163  // in a single frame, then calls fn for each fragment. firstFrag/lastFrag are true
  9164  // for the first/last fragment, respectively.
  9165  func http2splitHeaderBlock(ctx http2writeContext, headerBlock []byte, fn func(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error) error {
  9166  	// For now we're lazy and just pick the minimum MAX_FRAME_SIZE
  9167  	// that all peers must support (16KB). Later we could care
  9168  	// more and send larger frames if the peer advertised it, but
  9169  	// there's little point. Most headers are small anyway (so we
  9170  	// generally won't have CONTINUATION frames), and extra frames
  9171  	// only waste 9 bytes anyway.
  9172  	const maxFrameSize = 16384
  9173  
  9174  	first := true
  9175  	for len(headerBlock) > 0 {
  9176  		frag := headerBlock
  9177  		if len(frag) > maxFrameSize {
  9178  			frag = frag[:maxFrameSize]
  9179  		}
  9180  		headerBlock = headerBlock[len(frag):]
  9181  		if err := fn(ctx, frag, first, len(headerBlock) == 0); err != nil {
  9182  			return err
  9183  		}
  9184  		first = false
  9185  	}
  9186  	return nil
  9187  }
  9188  
  9189  // writeResHeaders is a request to write a HEADERS and 0+ CONTINUATION frames
  9190  // for HTTP response headers or trailers from a server handler.
  9191  type http2writeResHeaders struct {
  9192  	streamID    uint32
  9193  	httpResCode int      // 0 means no ":status" line
  9194  	h           Header   // may be nil
  9195  	trailers    []string // if non-nil, which keys of h to write. nil means all.
  9196  	endStream   bool
  9197  
  9198  	date          string
  9199  	contentType   string
  9200  	contentLength string
  9201  }
  9202  
  9203  func http2encKV(enc *hpack.Encoder, k, v string) {
  9204  	if http2VerboseLogs {
  9205  		log.Printf("http2: server encoding header %q = %q", k, v)
  9206  	}
  9207  	enc.WriteField(hpack.HeaderField{Name: k, Value: v})
  9208  }
  9209  
  9210  func (w *http2writeResHeaders) staysWithinBuffer(max int) bool {
  9211  	// TODO: this is a common one. It'd be nice to return true
  9212  	// here and get into the fast path if we could be clever and
  9213  	// calculate the size fast enough, or at least a conservative
  9214  	// upper bound that usually fires. (Maybe if w.h and
  9215  	// w.trailers are nil, so we don't need to enumerate it.)
  9216  	// Otherwise I'm afraid that just calculating the length to
  9217  	// answer this question would be slower than the ~2µs benefit.
  9218  	return false
  9219  }
  9220  
  9221  func (w *http2writeResHeaders) writeFrame(ctx http2writeContext) error {
  9222  	enc, buf := ctx.HeaderEncoder()
  9223  	buf.Reset()
  9224  
  9225  	if w.httpResCode != 0 {
  9226  		http2encKV(enc, ":status", http2httpCodeString(w.httpResCode))
  9227  	}
  9228  
  9229  	http2encodeHeaders(enc, w.h, w.trailers)
  9230  
  9231  	if w.contentType != "" {
  9232  		http2encKV(enc, "content-type", w.contentType)
  9233  	}
  9234  	if w.contentLength != "" {
  9235  		http2encKV(enc, "content-length", w.contentLength)
  9236  	}
  9237  	if w.date != "" {
  9238  		http2encKV(enc, "date", w.date)
  9239  	}
  9240  
  9241  	headerBlock := buf.Bytes()
  9242  	if len(headerBlock) == 0 && w.trailers == nil {
  9243  		panic("unexpected empty hpack")
  9244  	}
  9245  
  9246  	return http2splitHeaderBlock(ctx, headerBlock, w.writeHeaderBlock)
  9247  }
  9248  
  9249  func (w *http2writeResHeaders) writeHeaderBlock(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error {
  9250  	if firstFrag {
  9251  		return ctx.Framer().WriteHeaders(http2HeadersFrameParam{
  9252  			StreamID:      w.streamID,
  9253  			BlockFragment: frag,
  9254  			EndStream:     w.endStream,
  9255  			EndHeaders:    lastFrag,
  9256  		})
  9257  	} else {
  9258  		return ctx.Framer().WriteContinuation(w.streamID, lastFrag, frag)
  9259  	}
  9260  }
  9261  
  9262  // writePushPromise is a request to write a PUSH_PROMISE and 0+ CONTINUATION frames.
  9263  type http2writePushPromise struct {
  9264  	streamID uint32   // pusher stream
  9265  	method   string   // for :method
  9266  	url      *url.URL // for :scheme, :authority, :path
  9267  	h        Header
  9268  
  9269  	// Creates an ID for a pushed stream. This runs on serveG just before
  9270  	// the frame is written. The returned ID is copied to promisedID.
  9271  	allocatePromisedID func() (uint32, error)
  9272  	promisedID         uint32
  9273  }
  9274  
  9275  func (w *http2writePushPromise) staysWithinBuffer(max int) bool {
  9276  	// TODO: see writeResHeaders.staysWithinBuffer
  9277  	return false
  9278  }
  9279  
  9280  func (w *http2writePushPromise) writeFrame(ctx http2writeContext) error {
  9281  	enc, buf := ctx.HeaderEncoder()
  9282  	buf.Reset()
  9283  
  9284  	http2encKV(enc, ":method", w.method)
  9285  	http2encKV(enc, ":scheme", w.url.Scheme)
  9286  	http2encKV(enc, ":authority", w.url.Host)
  9287  	http2encKV(enc, ":path", w.url.RequestURI())
  9288  	http2encodeHeaders(enc, w.h, nil)
  9289  
  9290  	headerBlock := buf.Bytes()
  9291  	if len(headerBlock) == 0 {
  9292  		panic("unexpected empty hpack")
  9293  	}
  9294  
  9295  	return http2splitHeaderBlock(ctx, headerBlock, w.writeHeaderBlock)
  9296  }
  9297  
  9298  func (w *http2writePushPromise) writeHeaderBlock(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error {
  9299  	if firstFrag {
  9300  		return ctx.Framer().WritePushPromise(http2PushPromiseParam{
  9301  			StreamID:      w.streamID,
  9302  			PromiseID:     w.promisedID,
  9303  			BlockFragment: frag,
  9304  			EndHeaders:    lastFrag,
  9305  		})
  9306  	} else {
  9307  		return ctx.Framer().WriteContinuation(w.streamID, lastFrag, frag)
  9308  	}
  9309  }
  9310  
  9311  type http2write100ContinueHeadersFrame struct {
  9312  	streamID uint32
  9313  }
  9314  
  9315  func (w http2write100ContinueHeadersFrame) writeFrame(ctx http2writeContext) error {
  9316  	enc, buf := ctx.HeaderEncoder()
  9317  	buf.Reset()
  9318  	http2encKV(enc, ":status", "100")
  9319  	return ctx.Framer().WriteHeaders(http2HeadersFrameParam{
  9320  		StreamID:      w.streamID,
  9321  		BlockFragment: buf.Bytes(),
  9322  		EndStream:     false,
  9323  		EndHeaders:    true,
  9324  	})
  9325  }
  9326  
  9327  func (w http2write100ContinueHeadersFrame) staysWithinBuffer(max int) bool {
  9328  	// Sloppy but conservative:
  9329  	return 9+2*(len(":status")+len("100")) <= max
  9330  }
  9331  
  9332  type http2writeWindowUpdate struct {
  9333  	streamID uint32 // or 0 for conn-level
  9334  	n        uint32
  9335  }
  9336  
  9337  func (wu http2writeWindowUpdate) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max }
  9338  
  9339  func (wu http2writeWindowUpdate) writeFrame(ctx http2writeContext) error {
  9340  	return ctx.Framer().WriteWindowUpdate(wu.streamID, wu.n)
  9341  }
  9342  
  9343  // encodeHeaders encodes an http.Header. If keys is not nil, then (k, h[k])
  9344  // is encoded only if k is in keys.
  9345  func http2encodeHeaders(enc *hpack.Encoder, h Header, keys []string) {
  9346  	if keys == nil {
  9347  		sorter := http2sorterPool.Get().(*http2sorter)
  9348  		// Using defer here, since the returned keys from the
  9349  		// sorter.Keys method is only valid until the sorter
  9350  		// is returned:
  9351  		defer http2sorterPool.Put(sorter)
  9352  		keys = sorter.Keys(h)
  9353  	}
  9354  	for _, k := range keys {
  9355  		vv := h[k]
  9356  		k = http2lowerHeader(k)
  9357  		if !http2validWireHeaderFieldName(k) {
  9358  			// Skip it as backup paranoia. Per
  9359  			// golang.org/issue/14048, these should
  9360  			// already be rejected at a higher level.
  9361  			continue
  9362  		}
  9363  		isTE := k == "transfer-encoding"
  9364  		for _, v := range vv {
  9365  			if !httpguts.ValidHeaderFieldValue(v) {
  9366  				// TODO: return an error? golang.org/issue/14048
  9367  				// For now just omit it.
  9368  				continue
  9369  			}
  9370  			// TODO: more of "8.1.2.2 Connection-Specific Header Fields"
  9371  			if isTE && v != "trailers" {
  9372  				continue
  9373  			}
  9374  			http2encKV(enc, k, v)
  9375  		}
  9376  	}
  9377  }
  9378  
  9379  // WriteScheduler is the interface implemented by HTTP/2 write schedulers.
  9380  // Methods are never called concurrently.
  9381  type http2WriteScheduler interface {
  9382  	// OpenStream opens a new stream in the write scheduler.
  9383  	// It is illegal to call this with streamID=0 or with a streamID that is
  9384  	// already open -- the call may panic.
  9385  	OpenStream(streamID uint32, options http2OpenStreamOptions)
  9386  
  9387  	// CloseStream closes a stream in the write scheduler. Any frames queued on
  9388  	// this stream should be discarded. It is illegal to call this on a stream
  9389  	// that is not open -- the call may panic.
  9390  	CloseStream(streamID uint32)
  9391  
  9392  	// AdjustStream adjusts the priority of the given stream. This may be called
  9393  	// on a stream that has not yet been opened or has been closed. Note that
  9394  	// RFC 7540 allows PRIORITY frames to be sent on streams in any state. See:
  9395  	// https://tools.ietf.org/html/rfc7540#section-5.1
  9396  	AdjustStream(streamID uint32, priority http2PriorityParam)
  9397  
  9398  	// Push queues a frame in the scheduler. In most cases, this will not be
  9399  	// called with wr.StreamID()!=0 unless that stream is currently open. The one
  9400  	// exception is RST_STREAM frames, which may be sent on idle or closed streams.
  9401  	Push(wr http2FrameWriteRequest)
  9402  
  9403  	// Pop dequeues the next frame to write. Returns false if no frames can
  9404  	// be written. Frames with a given wr.StreamID() are Pop'd in the same
  9405  	// order they are Push'd.
  9406  	Pop() (wr http2FrameWriteRequest, ok bool)
  9407  }
  9408  
  9409  // OpenStreamOptions specifies extra options for WriteScheduler.OpenStream.
  9410  type http2OpenStreamOptions struct {
  9411  	// PusherID is zero if the stream was initiated by the client. Otherwise,
  9412  	// PusherID names the stream that pushed the newly opened stream.
  9413  	PusherID uint32
  9414  }
  9415  
  9416  // FrameWriteRequest is a request to write a frame.
  9417  type http2FrameWriteRequest struct {
  9418  	// write is the interface value that does the writing, once the
  9419  	// WriteScheduler has selected this frame to write. The write
  9420  	// functions are all defined in write.go.
  9421  	write http2writeFramer
  9422  
  9423  	// stream is the stream on which this frame will be written.
  9424  	// nil for non-stream frames like PING and SETTINGS.
  9425  	stream *http2stream
  9426  
  9427  	// done, if non-nil, must be a buffered channel with space for
  9428  	// 1 message and is sent the return value from write (or an
  9429  	// earlier error) when the frame has been written.
  9430  	done chan error
  9431  }
  9432  
  9433  // StreamID returns the id of the stream this frame will be written to.
  9434  // 0 is used for non-stream frames such as PING and SETTINGS.
  9435  func (wr http2FrameWriteRequest) StreamID() uint32 {
  9436  	if wr.stream == nil {
  9437  		if se, ok := wr.write.(http2StreamError); ok {
  9438  			// (*serverConn).resetStream doesn't set
  9439  			// stream because it doesn't necessarily have
  9440  			// one. So special case this type of write
  9441  			// message.
  9442  			return se.StreamID
  9443  		}
  9444  		return 0
  9445  	}
  9446  	return wr.stream.id
  9447  }
  9448  
  9449  // DataSize returns the number of flow control bytes that must be consumed
  9450  // to write this entire frame. This is 0 for non-DATA frames.
  9451  func (wr http2FrameWriteRequest) DataSize() int {
  9452  	if wd, ok := wr.write.(*http2writeData); ok {
  9453  		return len(wd.p)
  9454  	}
  9455  	return 0
  9456  }
  9457  
  9458  // Consume consumes min(n, available) bytes from this frame, where available
  9459  // is the number of flow control bytes available on the stream. Consume returns
  9460  // 0, 1, or 2 frames, where the integer return value gives the number of frames
  9461  // returned.
  9462  //
  9463  // If flow control prevents consuming any bytes, this returns (_, _, 0). If
  9464  // the entire frame was consumed, this returns (wr, _, 1). Otherwise, this
  9465  // returns (consumed, rest, 2), where 'consumed' contains the consumed bytes and
  9466  // 'rest' contains the remaining bytes. The consumed bytes are deducted from the
  9467  // underlying stream's flow control budget.
  9468  func (wr http2FrameWriteRequest) Consume(n int32) (http2FrameWriteRequest, http2FrameWriteRequest, int) {
  9469  	var empty http2FrameWriteRequest
  9470  
  9471  	// Non-DATA frames are always consumed whole.
  9472  	wd, ok := wr.write.(*http2writeData)
  9473  	if !ok || len(wd.p) == 0 {
  9474  		return wr, empty, 1
  9475  	}
  9476  
  9477  	// Might need to split after applying limits.
  9478  	allowed := wr.stream.flow.available()
  9479  	if n < allowed {
  9480  		allowed = n
  9481  	}
  9482  	if wr.stream.sc.maxFrameSize < allowed {
  9483  		allowed = wr.stream.sc.maxFrameSize
  9484  	}
  9485  	if allowed <= 0 {
  9486  		return empty, empty, 0
  9487  	}
  9488  	if len(wd.p) > int(allowed) {
  9489  		wr.stream.flow.take(allowed)
  9490  		consumed := http2FrameWriteRequest{
  9491  			stream: wr.stream,
  9492  			write: &http2writeData{
  9493  				streamID: wd.streamID,
  9494  				p:        wd.p[:allowed],
  9495  				// Even if the original had endStream set, there
  9496  				// are bytes remaining because len(wd.p) > allowed,
  9497  				// so we know endStream is false.
  9498  				endStream: false,
  9499  			},
  9500  			// Our caller is blocking on the final DATA frame, not
  9501  			// this intermediate frame, so no need to wait.
  9502  			done: nil,
  9503  		}
  9504  		rest := http2FrameWriteRequest{
  9505  			stream: wr.stream,
  9506  			write: &http2writeData{
  9507  				streamID:  wd.streamID,
  9508  				p:         wd.p[allowed:],
  9509  				endStream: wd.endStream,
  9510  			},
  9511  			done: wr.done,
  9512  		}
  9513  		return consumed, rest, 2
  9514  	}
  9515  
  9516  	// The frame is consumed whole.
  9517  	// NB: This cast cannot overflow because allowed is <= math.MaxInt32.
  9518  	wr.stream.flow.take(int32(len(wd.p)))
  9519  	return wr, empty, 1
  9520  }
  9521  
  9522  // String is for debugging only.
  9523  func (wr http2FrameWriteRequest) String() string {
  9524  	var des string
  9525  	if s, ok := wr.write.(fmt.Stringer); ok {
  9526  		des = s.String()
  9527  	} else {
  9528  		des = fmt.Sprintf("%T", wr.write)
  9529  	}
  9530  	return fmt.Sprintf("[FrameWriteRequest stream=%d, ch=%v, writer=%v]", wr.StreamID(), wr.done != nil, des)
  9531  }
  9532  
  9533  // replyToWriter sends err to wr.done and panics if the send must block
  9534  // This does nothing if wr.done is nil.
  9535  func (wr *http2FrameWriteRequest) replyToWriter(err error) {
  9536  	if wr.done == nil {
  9537  		return
  9538  	}
  9539  	select {
  9540  	case wr.done <- err:
  9541  	default:
  9542  		panic(fmt.Sprintf("unbuffered done channel passed in for type %T", wr.write))
  9543  	}
  9544  	wr.write = nil // prevent use (assume it's tainted after wr.done send)
  9545  }
  9546  
  9547  // writeQueue is used by implementations of WriteScheduler.
  9548  type http2writeQueue struct {
  9549  	s []http2FrameWriteRequest
  9550  }
  9551  
  9552  func (q *http2writeQueue) empty() bool { return len(q.s) == 0 }
  9553  
  9554  func (q *http2writeQueue) push(wr http2FrameWriteRequest) {
  9555  	q.s = append(q.s, wr)
  9556  }
  9557  
  9558  func (q *http2writeQueue) shift() http2FrameWriteRequest {
  9559  	if len(q.s) == 0 {
  9560  		panic("invalid use of queue")
  9561  	}
  9562  	wr := q.s[0]
  9563  	// TODO: less copy-happy queue.
  9564  	copy(q.s, q.s[1:])
  9565  	q.s[len(q.s)-1] = http2FrameWriteRequest{}
  9566  	q.s = q.s[:len(q.s)-1]
  9567  	return wr
  9568  }
  9569  
  9570  // consume consumes up to n bytes from q.s[0]. If the frame is
  9571  // entirely consumed, it is removed from the queue. If the frame
  9572  // is partially consumed, the frame is kept with the consumed
  9573  // bytes removed. Returns true iff any bytes were consumed.
  9574  func (q *http2writeQueue) consume(n int32) (http2FrameWriteRequest, bool) {
  9575  	if len(q.s) == 0 {
  9576  		return http2FrameWriteRequest{}, false
  9577  	}
  9578  	consumed, rest, numresult := q.s[0].Consume(n)
  9579  	switch numresult {
  9580  	case 0:
  9581  		return http2FrameWriteRequest{}, false
  9582  	case 1:
  9583  		q.shift()
  9584  	case 2:
  9585  		q.s[0] = rest
  9586  	}
  9587  	return consumed, true
  9588  }
  9589  
  9590  type http2writeQueuePool []*http2writeQueue
  9591  
  9592  // put inserts an unused writeQueue into the pool.
  9593  
  9594  // put inserts an unused writeQueue into the pool.
  9595  func (p *http2writeQueuePool) put(q *http2writeQueue) {
  9596  	for i := range q.s {
  9597  		q.s[i] = http2FrameWriteRequest{}
  9598  	}
  9599  	q.s = q.s[:0]
  9600  	*p = append(*p, q)
  9601  }
  9602  
  9603  // get returns an empty writeQueue.
  9604  func (p *http2writeQueuePool) get() *http2writeQueue {
  9605  	ln := len(*p)
  9606  	if ln == 0 {
  9607  		return new(http2writeQueue)
  9608  	}
  9609  	x := ln - 1
  9610  	q := (*p)[x]
  9611  	(*p)[x] = nil
  9612  	*p = (*p)[:x]
  9613  	return q
  9614  }
  9615  
  9616  // RFC 7540, Section 5.3.5: the default weight is 16.
  9617  const http2priorityDefaultWeight = 15 // 16 = 15 + 1
  9618  
  9619  // PriorityWriteSchedulerConfig configures a priorityWriteScheduler.
  9620  type http2PriorityWriteSchedulerConfig struct {
  9621  	// MaxClosedNodesInTree controls the maximum number of closed streams to
  9622  	// retain in the priority tree. Setting this to zero saves a small amount
  9623  	// of memory at the cost of performance.
  9624  	//
  9625  	// See RFC 7540, Section 5.3.4:
  9626  	//   "It is possible for a stream to become closed while prioritization
  9627  	//   information ... is in transit. ... This potentially creates suboptimal
  9628  	//   prioritization, since the stream could be given a priority that is
  9629  	//   different from what is intended. To avoid these problems, an endpoint
  9630  	//   SHOULD retain stream prioritization state for a period after streams
  9631  	//   become closed. The longer state is retained, the lower the chance that
  9632  	//   streams are assigned incorrect or default priority values."
  9633  	MaxClosedNodesInTree int
  9634  
  9635  	// MaxIdleNodesInTree controls the maximum number of idle streams to
  9636  	// retain in the priority tree. Setting this to zero saves a small amount
  9637  	// of memory at the cost of performance.
  9638  	//
  9639  	// See RFC 7540, Section 5.3.4:
  9640  	//   Similarly, streams that are in the "idle" state can be assigned
  9641  	//   priority or become a parent of other streams. This allows for the
  9642  	//   creation of a grouping node in the dependency tree, which enables
  9643  	//   more flexible expressions of priority. Idle streams begin with a
  9644  	//   default priority (Section 5.3.5).
  9645  	MaxIdleNodesInTree int
  9646  
  9647  	// ThrottleOutOfOrderWrites enables write throttling to help ensure that
  9648  	// data is delivered in priority order. This works around a race where
  9649  	// stream B depends on stream A and both streams are about to call Write
  9650  	// to queue DATA frames. If B wins the race, a naive scheduler would eagerly
  9651  	// write as much data from B as possible, but this is suboptimal because A
  9652  	// is a higher-priority stream. With throttling enabled, we write a small
  9653  	// amount of data from B to minimize the amount of bandwidth that B can
  9654  	// steal from A.
  9655  	ThrottleOutOfOrderWrites bool
  9656  }
  9657  
  9658  // NewPriorityWriteScheduler constructs a WriteScheduler that schedules
  9659  // frames by following HTTP/2 priorities as described in RFC 7540 Section 5.3.
  9660  // If cfg is nil, default options are used.
  9661  func http2NewPriorityWriteScheduler(cfg *http2PriorityWriteSchedulerConfig) http2WriteScheduler {
  9662  	if cfg == nil {
  9663  		// For justification of these defaults, see:
  9664  		// https://docs.google.com/document/d/1oLhNg1skaWD4_DtaoCxdSRN5erEXrH-KnLrMwEpOtFY
  9665  		cfg = &http2PriorityWriteSchedulerConfig{
  9666  			MaxClosedNodesInTree:     10,
  9667  			MaxIdleNodesInTree:       10,
  9668  			ThrottleOutOfOrderWrites: false,
  9669  		}
  9670  	}
  9671  
  9672  	ws := &http2priorityWriteScheduler{
  9673  		nodes:                make(map[uint32]*http2priorityNode),
  9674  		maxClosedNodesInTree: cfg.MaxClosedNodesInTree,
  9675  		maxIdleNodesInTree:   cfg.MaxIdleNodesInTree,
  9676  		enableWriteThrottle:  cfg.ThrottleOutOfOrderWrites,
  9677  	}
  9678  	ws.nodes[0] = &ws.root
  9679  	if cfg.ThrottleOutOfOrderWrites {
  9680  		ws.writeThrottleLimit = 1024
  9681  	} else {
  9682  		ws.writeThrottleLimit = math.MaxInt32
  9683  	}
  9684  	return ws
  9685  }
  9686  
  9687  type http2priorityNodeState int
  9688  
  9689  const (
  9690  	http2priorityNodeOpen http2priorityNodeState = iota
  9691  	http2priorityNodeClosed
  9692  	http2priorityNodeIdle
  9693  )
  9694  
  9695  // priorityNode is a node in an HTTP/2 priority tree.
  9696  // Each node is associated with a single stream ID.
  9697  // See RFC 7540, Section 5.3.
  9698  type http2priorityNode struct {
  9699  	q            http2writeQueue        // queue of pending frames to write
  9700  	id           uint32                 // id of the stream, or 0 for the root of the tree
  9701  	weight       uint8                  // the actual weight is weight+1, so the value is in [1,256]
  9702  	state        http2priorityNodeState // open | closed | idle
  9703  	bytes        int64                  // number of bytes written by this node, or 0 if closed
  9704  	subtreeBytes int64                  // sum(node.bytes) of all nodes in this subtree
  9705  
  9706  	// These links form the priority tree.
  9707  	parent     *http2priorityNode
  9708  	kids       *http2priorityNode // start of the kids list
  9709  	prev, next *http2priorityNode // doubly-linked list of siblings
  9710  }
  9711  
  9712  func (n *http2priorityNode) setParent(parent *http2priorityNode) {
  9713  	if n == parent {
  9714  		panic("setParent to self")
  9715  	}
  9716  	if n.parent == parent {
  9717  		return
  9718  	}
  9719  	// Unlink from current parent.
  9720  	if parent := n.parent; parent != nil {
  9721  		if n.prev == nil {
  9722  			parent.kids = n.next
  9723  		} else {
  9724  			n.prev.next = n.next
  9725  		}
  9726  		if n.next != nil {
  9727  			n.next.prev = n.prev
  9728  		}
  9729  	}
  9730  	// Link to new parent.
  9731  	// If parent=nil, remove n from the tree.
  9732  	// Always insert at the head of parent.kids (this is assumed by walkReadyInOrder).
  9733  	n.parent = parent
  9734  	if parent == nil {
  9735  		n.next = nil
  9736  		n.prev = nil
  9737  	} else {
  9738  		n.next = parent.kids
  9739  		n.prev = nil
  9740  		if n.next != nil {
  9741  			n.next.prev = n
  9742  		}
  9743  		parent.kids = n
  9744  	}
  9745  }
  9746  
  9747  func (n *http2priorityNode) addBytes(b int64) {
  9748  	n.bytes += b
  9749  	for ; n != nil; n = n.parent {
  9750  		n.subtreeBytes += b
  9751  	}
  9752  }
  9753  
  9754  // walkReadyInOrder iterates over the tree in priority order, calling f for each node
  9755  // with a non-empty write queue. When f returns true, this funcion returns true and the
  9756  // walk halts. tmp is used as scratch space for sorting.
  9757  //
  9758  // f(n, openParent) takes two arguments: the node to visit, n, and a bool that is true
  9759  // if any ancestor p of n is still open (ignoring the root node).
  9760  func (n *http2priorityNode) walkReadyInOrder(openParent bool, tmp *[]*http2priorityNode, f func(*http2priorityNode, bool) bool) bool {
  9761  	if !n.q.empty() && f(n, openParent) {
  9762  		return true
  9763  	}
  9764  	if n.kids == nil {
  9765  		return false
  9766  	}
  9767  
  9768  	// Don't consider the root "open" when updating openParent since
  9769  	// we can't send data frames on the root stream (only control frames).
  9770  	if n.id != 0 {
  9771  		openParent = openParent || (n.state == http2priorityNodeOpen)
  9772  	}
  9773  
  9774  	// Common case: only one kid or all kids have the same weight.
  9775  	// Some clients don't use weights; other clients (like web browsers)
  9776  	// use mostly-linear priority trees.
  9777  	w := n.kids.weight
  9778  	needSort := false
  9779  	for k := n.kids.next; k != nil; k = k.next {
  9780  		if k.weight != w {
  9781  			needSort = true
  9782  			break
  9783  		}
  9784  	}
  9785  	if !needSort {
  9786  		for k := n.kids; k != nil; k = k.next {
  9787  			if k.walkReadyInOrder(openParent, tmp, f) {
  9788  				return true
  9789  			}
  9790  		}
  9791  		return false
  9792  	}
  9793  
  9794  	// Uncommon case: sort the child nodes. We remove the kids from the parent,
  9795  	// then re-insert after sorting so we can reuse tmp for future sort calls.
  9796  	*tmp = (*tmp)[:0]
  9797  	for n.kids != nil {
  9798  		*tmp = append(*tmp, n.kids)
  9799  		n.kids.setParent(nil)
  9800  	}
  9801  	sort.Sort(http2sortPriorityNodeSiblings(*tmp))
  9802  	for i := len(*tmp) - 1; i >= 0; i-- {
  9803  		(*tmp)[i].setParent(n) // setParent inserts at the head of n.kids
  9804  	}
  9805  	for k := n.kids; k != nil; k = k.next {
  9806  		if k.walkReadyInOrder(openParent, tmp, f) {
  9807  			return true
  9808  		}
  9809  	}
  9810  	return false
  9811  }
  9812  
  9813  type http2sortPriorityNodeSiblings []*http2priorityNode
  9814  
  9815  func (z http2sortPriorityNodeSiblings) Len() int { return len(z) }
  9816  
  9817  func (z http2sortPriorityNodeSiblings) Swap(i, k int) { z[i], z[k] = z[k], z[i] }
  9818  
  9819  func (z http2sortPriorityNodeSiblings) Less(i, k int) bool {
  9820  	// Prefer the subtree that has sent fewer bytes relative to its weight.
  9821  	// See sections 5.3.2 and 5.3.4.
  9822  	wi, bi := float64(z[i].weight+1), float64(z[i].subtreeBytes)
  9823  	wk, bk := float64(z[k].weight+1), float64(z[k].subtreeBytes)
  9824  	if bi == 0 && bk == 0 {
  9825  		return wi >= wk
  9826  	}
  9827  	if bk == 0 {
  9828  		return false
  9829  	}
  9830  	return bi/bk <= wi/wk
  9831  }
  9832  
  9833  type http2priorityWriteScheduler struct {
  9834  	// root is the root of the priority tree, where root.id = 0.
  9835  	// The root queues control frames that are not associated with any stream.
  9836  	root http2priorityNode
  9837  
  9838  	// nodes maps stream ids to priority tree nodes.
  9839  	nodes map[uint32]*http2priorityNode
  9840  
  9841  	// maxID is the maximum stream id in nodes.
  9842  	maxID uint32
  9843  
  9844  	// lists of nodes that have been closed or are idle, but are kept in
  9845  	// the tree for improved prioritization. When the lengths exceed either
  9846  	// maxClosedNodesInTree or maxIdleNodesInTree, old nodes are discarded.
  9847  	closedNodes, idleNodes []*http2priorityNode
  9848  
  9849  	// From the config.
  9850  	maxClosedNodesInTree int
  9851  	maxIdleNodesInTree   int
  9852  	writeThrottleLimit   int32
  9853  	enableWriteThrottle  bool
  9854  
  9855  	// tmp is scratch space for priorityNode.walkReadyInOrder to reduce allocations.
  9856  	tmp []*http2priorityNode
  9857  
  9858  	// pool of empty queues for reuse.
  9859  	queuePool http2writeQueuePool
  9860  }
  9861  
  9862  func (ws *http2priorityWriteScheduler) OpenStream(streamID uint32, options http2OpenStreamOptions) {
  9863  	// The stream may be currently idle but cannot be opened or closed.
  9864  	if curr := ws.nodes[streamID]; curr != nil {
  9865  		if curr.state != http2priorityNodeIdle {
  9866  			panic(fmt.Sprintf("stream %d already opened", streamID))
  9867  		}
  9868  		curr.state = http2priorityNodeOpen
  9869  		return
  9870  	}
  9871  
  9872  	// RFC 7540, Section 5.3.5:
  9873  	//  "All streams are initially assigned a non-exclusive dependency on stream 0x0.
  9874  	//  Pushed streams initially depend on their associated stream. In both cases,
  9875  	//  streams are assigned a default weight of 16."
  9876  	parent := ws.nodes[options.PusherID]
  9877  	if parent == nil {
  9878  		parent = &ws.root
  9879  	}
  9880  	n := &http2priorityNode{
  9881  		q:      *ws.queuePool.get(),
  9882  		id:     streamID,
  9883  		weight: http2priorityDefaultWeight,
  9884  		state:  http2priorityNodeOpen,
  9885  	}
  9886  	n.setParent(parent)
  9887  	ws.nodes[streamID] = n
  9888  	if streamID > ws.maxID {
  9889  		ws.maxID = streamID
  9890  	}
  9891  }
  9892  
  9893  func (ws *http2priorityWriteScheduler) CloseStream(streamID uint32) {
  9894  	if streamID == 0 {
  9895  		panic("violation of WriteScheduler interface: cannot close stream 0")
  9896  	}
  9897  	if ws.nodes[streamID] == nil {
  9898  		panic(fmt.Sprintf("violation of WriteScheduler interface: unknown stream %d", streamID))
  9899  	}
  9900  	if ws.nodes[streamID].state != http2priorityNodeOpen {
  9901  		panic(fmt.Sprintf("violation of WriteScheduler interface: stream %d already closed", streamID))
  9902  	}
  9903  
  9904  	n := ws.nodes[streamID]
  9905  	n.state = http2priorityNodeClosed
  9906  	n.addBytes(-n.bytes)
  9907  
  9908  	q := n.q
  9909  	ws.queuePool.put(&q)
  9910  	n.q.s = nil
  9911  	if ws.maxClosedNodesInTree > 0 {
  9912  		ws.addClosedOrIdleNode(&ws.closedNodes, ws.maxClosedNodesInTree, n)
  9913  	} else {
  9914  		ws.removeNode(n)
  9915  	}
  9916  }
  9917  
  9918  func (ws *http2priorityWriteScheduler) AdjustStream(streamID uint32, priority http2PriorityParam) {
  9919  	if streamID == 0 {
  9920  		panic("adjustPriority on root")
  9921  	}
  9922  
  9923  	// If streamID does not exist, there are two cases:
  9924  	// - A closed stream that has been removed (this will have ID <= maxID)
  9925  	// - An idle stream that is being used for "grouping" (this will have ID > maxID)
  9926  	n := ws.nodes[streamID]
  9927  	if n == nil {
  9928  		if streamID <= ws.maxID || ws.maxIdleNodesInTree == 0 {
  9929  			return
  9930  		}
  9931  		ws.maxID = streamID
  9932  		n = &http2priorityNode{
  9933  			q:      *ws.queuePool.get(),
  9934  			id:     streamID,
  9935  			weight: http2priorityDefaultWeight,
  9936  			state:  http2priorityNodeIdle,
  9937  		}
  9938  		n.setParent(&ws.root)
  9939  		ws.nodes[streamID] = n
  9940  		ws.addClosedOrIdleNode(&ws.idleNodes, ws.maxIdleNodesInTree, n)
  9941  	}
  9942  
  9943  	// Section 5.3.1: A dependency on a stream that is not currently in the tree
  9944  	// results in that stream being given a default priority (Section 5.3.5).
  9945  	parent := ws.nodes[priority.StreamDep]
  9946  	if parent == nil {
  9947  		n.setParent(&ws.root)
  9948  		n.weight = http2priorityDefaultWeight
  9949  		return
  9950  	}
  9951  
  9952  	// Ignore if the client tries to make a node its own parent.
  9953  	if n == parent {
  9954  		return
  9955  	}
  9956  
  9957  	// Section 5.3.3:
  9958  	//   "If a stream is made dependent on one of its own dependencies, the
  9959  	//   formerly dependent stream is first moved to be dependent on the
  9960  	//   reprioritized stream's previous parent. The moved dependency retains
  9961  	//   its weight."
  9962  	//
  9963  	// That is: if parent depends on n, move parent to depend on n.parent.
  9964  	for x := parent.parent; x != nil; x = x.parent {
  9965  		if x == n {
  9966  			parent.setParent(n.parent)
  9967  			break
  9968  		}
  9969  	}
  9970  
  9971  	// Section 5.3.3: The exclusive flag causes the stream to become the sole
  9972  	// dependency of its parent stream, causing other dependencies to become
  9973  	// dependent on the exclusive stream.
  9974  	if priority.Exclusive {
  9975  		k := parent.kids
  9976  		for k != nil {
  9977  			next := k.next
  9978  			if k != n {
  9979  				k.setParent(n)
  9980  			}
  9981  			k = next
  9982  		}
  9983  	}
  9984  
  9985  	n.setParent(parent)
  9986  	n.weight = priority.Weight
  9987  }
  9988  
  9989  func (ws *http2priorityWriteScheduler) Push(wr http2FrameWriteRequest) {
  9990  	var n *http2priorityNode
  9991  	if id := wr.StreamID(); id == 0 {
  9992  		n = &ws.root
  9993  	} else {
  9994  		n = ws.nodes[id]
  9995  		if n == nil {
  9996  			// id is an idle or closed stream. wr should not be a HEADERS or
  9997  			// DATA frame. However, wr can be a RST_STREAM. In this case, we
  9998  			// push wr onto the root, rather than creating a new priorityNode,
  9999  			// since RST_STREAM is tiny and the stream's priority is unknown
 10000  			// anyway. See issue #17919.
 10001  			if wr.DataSize() > 0 {
 10002  				panic("add DATA on non-open stream")
 10003  			}
 10004  			n = &ws.root
 10005  		}
 10006  	}
 10007  	n.q.push(wr)
 10008  }
 10009  
 10010  func (ws *http2priorityWriteScheduler) Pop() (wr http2FrameWriteRequest, ok bool) {
 10011  	ws.root.walkReadyInOrder(false, &ws.tmp, func(n *http2priorityNode, openParent bool) bool {
 10012  		limit := int32(math.MaxInt32)
 10013  		if openParent {
 10014  			limit = ws.writeThrottleLimit
 10015  		}
 10016  		wr, ok = n.q.consume(limit)
 10017  		if !ok {
 10018  			return false
 10019  		}
 10020  		n.addBytes(int64(wr.DataSize()))
 10021  		// If B depends on A and B continuously has data available but A
 10022  		// does not, gradually increase the throttling limit to allow B to
 10023  		// steal more and more bandwidth from A.
 10024  		if openParent {
 10025  			ws.writeThrottleLimit += 1024
 10026  			if ws.writeThrottleLimit < 0 {
 10027  				ws.writeThrottleLimit = math.MaxInt32
 10028  			}
 10029  		} else if ws.enableWriteThrottle {
 10030  			ws.writeThrottleLimit = 1024
 10031  		}
 10032  		return true
 10033  	})
 10034  	return wr, ok
 10035  }
 10036  
 10037  func (ws *http2priorityWriteScheduler) addClosedOrIdleNode(list *[]*http2priorityNode, maxSize int, n *http2priorityNode) {
 10038  	if maxSize == 0 {
 10039  		return
 10040  	}
 10041  	if len(*list) == maxSize {
 10042  		// Remove the oldest node, then shift left.
 10043  		ws.removeNode((*list)[0])
 10044  		x := (*list)[1:]
 10045  		copy(*list, x)
 10046  		*list = (*list)[:len(x)]
 10047  	}
 10048  	*list = append(*list, n)
 10049  }
 10050  
 10051  func (ws *http2priorityWriteScheduler) removeNode(n *http2priorityNode) {
 10052  	for k := n.kids; k != nil; k = k.next {
 10053  		k.setParent(n.parent)
 10054  	}
 10055  	n.setParent(nil)
 10056  	delete(ws.nodes, n.id)
 10057  }
 10058  
 10059  // NewRandomWriteScheduler constructs a WriteScheduler that ignores HTTP/2
 10060  // priorities. Control frames like SETTINGS and PING are written before DATA
 10061  // frames, but if no control frames are queued and multiple streams have queued
 10062  // HEADERS or DATA frames, Pop selects a ready stream arbitrarily.
 10063  func http2NewRandomWriteScheduler() http2WriteScheduler {
 10064  	return &http2randomWriteScheduler{sq: make(map[uint32]*http2writeQueue)}
 10065  }
 10066  
 10067  type http2randomWriteScheduler struct {
 10068  	// zero are frames not associated with a specific stream.
 10069  	zero http2writeQueue
 10070  
 10071  	// sq contains the stream-specific queues, keyed by stream ID.
 10072  	// When a stream is idle or closed, it's deleted from the map.
 10073  	sq map[uint32]*http2writeQueue
 10074  
 10075  	// pool of empty queues for reuse.
 10076  	queuePool http2writeQueuePool
 10077  }
 10078  
 10079  func (ws *http2randomWriteScheduler) OpenStream(streamID uint32, options http2OpenStreamOptions) {
 10080  	// no-op: idle streams are not tracked
 10081  }
 10082  
 10083  func (ws *http2randomWriteScheduler) CloseStream(streamID uint32) {
 10084  	q, ok := ws.sq[streamID]
 10085  	if !ok {
 10086  		return
 10087  	}
 10088  	delete(ws.sq, streamID)
 10089  	ws.queuePool.put(q)
 10090  }
 10091  
 10092  func (ws *http2randomWriteScheduler) AdjustStream(streamID uint32, priority http2PriorityParam) {
 10093  	// no-op: priorities are ignored
 10094  }
 10095  
 10096  func (ws *http2randomWriteScheduler) Push(wr http2FrameWriteRequest) {
 10097  	id := wr.StreamID()
 10098  	if id == 0 {
 10099  		ws.zero.push(wr)
 10100  		return
 10101  	}
 10102  	q, ok := ws.sq[id]
 10103  	if !ok {
 10104  		q = ws.queuePool.get()
 10105  		ws.sq[id] = q
 10106  	}
 10107  	q.push(wr)
 10108  }
 10109  
 10110  func (ws *http2randomWriteScheduler) Pop() (http2FrameWriteRequest, bool) {
 10111  	// Control frames first.
 10112  	if !ws.zero.empty() {
 10113  		return ws.zero.shift(), true
 10114  	}
 10115  	// Iterate over all non-idle streams until finding one that can be consumed.
 10116  	for _, q := range ws.sq {
 10117  		if wr, ok := q.consume(math.MaxInt32); ok {
 10118  			return wr, true
 10119  		}
 10120  	}
 10121  	return http2FrameWriteRequest{}, false
 10122  }
 10123  

View as plain text