1// +build !nethttpomithttp2 2 3// Code generated by golang.org/x/tools/cmd/bundle. DO NOT EDIT. 4// $ bundle -o=h2_bundle.go -prefix=http2 -tags=!nethttpomithttp2 golang.org/x/net/http2 5 6// Package http2 implements the HTTP/2 protocol. 7// 8// This package is low-level and intended to be used directly by very 9// few people. Most users will use it indirectly through the automatic 10// use by the net/http package (from Go 1.6 and later). 11// For use in earlier Go versions see ConfigureServer. (Transport support 12// requires Go 1.6 or later) 13// 14// See https://http2.github.io/ for more information on HTTP/2. 15// 16// See https://http2.golang.org/ for a test server running this code. 17// 18 19package http 20 21import ( 22 "bufio" 23 "bytes" 24 "compress/gzip" 25 "context" 26 "crypto/rand" 27 "crypto/tls" 28 "encoding/binary" 29 "errors" 30 "fmt" 31 "io" 32 "io/ioutil" 33 "log" 34 "math" 35 mathrand "math/rand" 36 "net" 37 "net/http/httptrace" 38 "net/textproto" 39 "net/url" 40 "os" 41 "reflect" 42 "runtime" 43 "sort" 44 "strconv" 45 "strings" 46 "sync" 47 "sync/atomic" 48 "time" 49 50 "golang.org/x/net/http/httpguts" 51 "golang.org/x/net/http2/hpack" 52 "golang.org/x/net/idna" 53) 54 55// A list of the possible cipher suite ids. Taken from 56// https://www.iana.org/assignments/tls-parameters/tls-parameters.txt 57 58const ( 59 http2cipher_TLS_NULL_WITH_NULL_NULL uint16 = 0x0000 60 http2cipher_TLS_RSA_WITH_NULL_MD5 uint16 = 0x0001 61 http2cipher_TLS_RSA_WITH_NULL_SHA uint16 = 0x0002 62 http2cipher_TLS_RSA_EXPORT_WITH_RC4_40_MD5 uint16 = 0x0003 63 http2cipher_TLS_RSA_WITH_RC4_128_MD5 uint16 = 0x0004 64 http2cipher_TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005 65 http2cipher_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 uint16 = 0x0006 66 http2cipher_TLS_RSA_WITH_IDEA_CBC_SHA uint16 = 0x0007 67 http2cipher_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0008 68 http2cipher_TLS_RSA_WITH_DES_CBC_SHA uint16 = 0x0009 69 http2cipher_TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000A 70 http2cipher_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x000B 71 http2cipher_TLS_DH_DSS_WITH_DES_CBC_SHA uint16 = 0x000C 72 http2cipher_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0x000D 73 http2cipher_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x000E 74 http2cipher_TLS_DH_RSA_WITH_DES_CBC_SHA uint16 = 0x000F 75 http2cipher_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x0010 76 http2cipher_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0011 77 http2cipher_TLS_DHE_DSS_WITH_DES_CBC_SHA uint16 = 0x0012 78 http2cipher_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0x0013 79 http2cipher_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0014 80 http2cipher_TLS_DHE_RSA_WITH_DES_CBC_SHA uint16 = 0x0015 81 http2cipher_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x0016 82 http2cipher_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 uint16 = 0x0017 83 http2cipher_TLS_DH_anon_WITH_RC4_128_MD5 uint16 = 0x0018 84 http2cipher_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0019 85 http2cipher_TLS_DH_anon_WITH_DES_CBC_SHA uint16 = 0x001A 86 http2cipher_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA uint16 = 0x001B 87 // Reserved uint16 = 0x001C-1D 88 http2cipher_TLS_KRB5_WITH_DES_CBC_SHA uint16 = 0x001E 89 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_SHA uint16 = 0x001F 90 http2cipher_TLS_KRB5_WITH_RC4_128_SHA uint16 = 0x0020 91 http2cipher_TLS_KRB5_WITH_IDEA_CBC_SHA uint16 = 0x0021 92 http2cipher_TLS_KRB5_WITH_DES_CBC_MD5 uint16 = 0x0022 93 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_MD5 uint16 = 0x0023 94 http2cipher_TLS_KRB5_WITH_RC4_128_MD5 uint16 = 0x0024 95 http2cipher_TLS_KRB5_WITH_IDEA_CBC_MD5 uint16 = 0x0025 96 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA uint16 = 0x0026 97 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA uint16 = 0x0027 98 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_SHA uint16 = 0x0028 99 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 uint16 = 0x0029 100 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 uint16 = 0x002A 101 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_MD5 uint16 = 0x002B 102 http2cipher_TLS_PSK_WITH_NULL_SHA uint16 = 0x002C 103 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA uint16 = 0x002D 104 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA uint16 = 0x002E 105 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002F 106 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA uint16 = 0x0030 107 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA uint16 = 0x0031 108 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA uint16 = 0x0032 109 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0x0033 110 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA uint16 = 0x0034 111 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035 112 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA uint16 = 0x0036 113 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0037 114 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA uint16 = 0x0038 115 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0039 116 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA uint16 = 0x003A 117 http2cipher_TLS_RSA_WITH_NULL_SHA256 uint16 = 0x003B 118 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003C 119 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x003D 120 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA256 uint16 = 0x003E 121 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003F 122 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 uint16 = 0x0040 123 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0041 124 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0042 125 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0043 126 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0044 127 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0045 128 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0046 129 // Reserved uint16 = 0x0047-4F 130 // Reserved uint16 = 0x0050-58 131 // Reserved uint16 = 0x0059-5C 132 // Unassigned uint16 = 0x005D-5F 133 // Reserved uint16 = 0x0060-66 134 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x0067 135 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA256 uint16 = 0x0068 136 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x0069 137 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 uint16 = 0x006A 138 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x006B 139 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA256 uint16 = 0x006C 140 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA256 uint16 = 0x006D 141 // Unassigned uint16 = 0x006E-83 142 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0084 143 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0085 144 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0086 145 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0087 146 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0088 147 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0089 148 http2cipher_TLS_PSK_WITH_RC4_128_SHA uint16 = 0x008A 149 http2cipher_TLS_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x008B 150 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA uint16 = 0x008C 151 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA uint16 = 0x008D 152 http2cipher_TLS_DHE_PSK_WITH_RC4_128_SHA uint16 = 0x008E 153 http2cipher_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x008F 154 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA uint16 = 0x0090 155 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA uint16 = 0x0091 156 http2cipher_TLS_RSA_PSK_WITH_RC4_128_SHA uint16 = 0x0092 157 http2cipher_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x0093 158 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA uint16 = 0x0094 159 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA uint16 = 0x0095 160 http2cipher_TLS_RSA_WITH_SEED_CBC_SHA uint16 = 0x0096 161 http2cipher_TLS_DH_DSS_WITH_SEED_CBC_SHA uint16 = 0x0097 162 http2cipher_TLS_DH_RSA_WITH_SEED_CBC_SHA uint16 = 0x0098 163 http2cipher_TLS_DHE_DSS_WITH_SEED_CBC_SHA uint16 = 0x0099 164 http2cipher_TLS_DHE_RSA_WITH_SEED_CBC_SHA uint16 = 0x009A 165 http2cipher_TLS_DH_anon_WITH_SEED_CBC_SHA uint16 = 0x009B 166 http2cipher_TLS_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009C 167 http2cipher_TLS_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009D 168 http2cipher_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009E 169 http2cipher_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009F 170 http2cipher_TLS_DH_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x00A0 171 http2cipher_TLS_DH_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x00A1 172 http2cipher_TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 uint16 = 0x00A2 173 http2cipher_TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 uint16 = 0x00A3 174 http2cipher_TLS_DH_DSS_WITH_AES_128_GCM_SHA256 uint16 = 0x00A4 175 http2cipher_TLS_DH_DSS_WITH_AES_256_GCM_SHA384 uint16 = 0x00A5 176 http2cipher_TLS_DH_anon_WITH_AES_128_GCM_SHA256 uint16 = 0x00A6 177 http2cipher_TLS_DH_anon_WITH_AES_256_GCM_SHA384 uint16 = 0x00A7 178 http2cipher_TLS_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00A8 179 http2cipher_TLS_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00A9 180 http2cipher_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00AA 181 http2cipher_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00AB 182 http2cipher_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00AC 183 http2cipher_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00AD 184 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00AE 185 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00AF 186 http2cipher_TLS_PSK_WITH_NULL_SHA256 uint16 = 0x00B0 187 http2cipher_TLS_PSK_WITH_NULL_SHA384 uint16 = 0x00B1 188 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00B2 189 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00B3 190 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA256 uint16 = 0x00B4 191 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA384 uint16 = 0x00B5 192 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00B6 193 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00B7 194 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA256 uint16 = 0x00B8 195 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA384 uint16 = 0x00B9 196 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BA 197 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BB 198 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BC 199 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BD 200 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BE 201 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BF 202 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C0 203 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C1 204 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C2 205 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C3 206 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C4 207 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C5 208 // Unassigned uint16 = 0x00C6-FE 209 http2cipher_TLS_EMPTY_RENEGOTIATION_INFO_SCSV uint16 = 0x00FF 210 // Unassigned uint16 = 0x01-55,* 211 http2cipher_TLS_FALLBACK_SCSV uint16 = 0x5600 212 // Unassigned uint16 = 0x5601 - 0xC000 213 http2cipher_TLS_ECDH_ECDSA_WITH_NULL_SHA uint16 = 0xC001 214 http2cipher_TLS_ECDH_ECDSA_WITH_RC4_128_SHA uint16 = 0xC002 215 http2cipher_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC003 216 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xC004 217 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xC005 218 http2cipher_TLS_ECDHE_ECDSA_WITH_NULL_SHA uint16 = 0xC006 219 http2cipher_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xC007 220 http2cipher_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC008 221 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xC009 222 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xC00A 223 http2cipher_TLS_ECDH_RSA_WITH_NULL_SHA uint16 = 0xC00B 224 http2cipher_TLS_ECDH_RSA_WITH_RC4_128_SHA uint16 = 0xC00C 225 http2cipher_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC00D 226 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC00E 227 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC00F 228 http2cipher_TLS_ECDHE_RSA_WITH_NULL_SHA uint16 = 0xC010 229 http2cipher_TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xC011 230 http2cipher_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC012 231 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC013 232 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC014 233 http2cipher_TLS_ECDH_anon_WITH_NULL_SHA uint16 = 0xC015 234 http2cipher_TLS_ECDH_anon_WITH_RC4_128_SHA uint16 = 0xC016 235 http2cipher_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA uint16 = 0xC017 236 http2cipher_TLS_ECDH_anon_WITH_AES_128_CBC_SHA uint16 = 0xC018 237 http2cipher_TLS_ECDH_anon_WITH_AES_256_CBC_SHA uint16 = 0xC019 238 http2cipher_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01A 239 http2cipher_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01B 240 http2cipher_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01C 241 http2cipher_TLS_SRP_SHA_WITH_AES_128_CBC_SHA uint16 = 0xC01D 242 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC01E 243 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA uint16 = 0xC01F 244 http2cipher_TLS_SRP_SHA_WITH_AES_256_CBC_SHA uint16 = 0xC020 245 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC021 246 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA uint16 = 0xC022 247 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC023 248 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC024 249 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC025 250 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC026 251 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC027 252 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC028 253 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC029 254 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC02A 255 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02B 256 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC02C 257 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02D 258 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC02E 259 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02F 260 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC030 261 http2cipher_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC031 262 http2cipher_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC032 263 http2cipher_TLS_ECDHE_PSK_WITH_RC4_128_SHA uint16 = 0xC033 264 http2cipher_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0xC034 265 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA uint16 = 0xC035 266 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA uint16 = 0xC036 267 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0xC037 268 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0xC038 269 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA uint16 = 0xC039 270 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA256 uint16 = 0xC03A 271 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA384 uint16 = 0xC03B 272 http2cipher_TLS_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC03C 273 http2cipher_TLS_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC03D 274 http2cipher_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC03E 275 http2cipher_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC03F 276 http2cipher_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC040 277 http2cipher_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC041 278 http2cipher_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC042 279 http2cipher_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC043 280 http2cipher_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC044 281 http2cipher_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC045 282 http2cipher_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC046 283 http2cipher_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC047 284 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC048 285 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC049 286 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04A 287 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04B 288 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04C 289 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04D 290 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04E 291 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04F 292 http2cipher_TLS_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC050 293 http2cipher_TLS_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC051 294 http2cipher_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC052 295 http2cipher_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC053 296 http2cipher_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC054 297 http2cipher_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC055 298 http2cipher_TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC056 299 http2cipher_TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC057 300 http2cipher_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC058 301 http2cipher_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC059 302 http2cipher_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05A 303 http2cipher_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05B 304 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05C 305 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05D 306 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05E 307 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05F 308 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC060 309 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC061 310 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC062 311 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC063 312 http2cipher_TLS_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC064 313 http2cipher_TLS_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC065 314 http2cipher_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC066 315 http2cipher_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC067 316 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC068 317 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC069 318 http2cipher_TLS_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06A 319 http2cipher_TLS_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06B 320 http2cipher_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06C 321 http2cipher_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06D 322 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06E 323 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06F 324 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC070 325 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC071 326 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC072 327 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC073 328 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC074 329 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC075 330 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC076 331 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC077 332 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC078 333 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC079 334 http2cipher_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07A 335 http2cipher_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07B 336 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07C 337 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07D 338 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07E 339 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07F 340 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC080 341 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC081 342 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC082 343 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC083 344 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC084 345 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC085 346 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC086 347 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC087 348 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC088 349 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC089 350 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08A 351 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08B 352 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08C 353 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08D 354 http2cipher_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08E 355 http2cipher_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08F 356 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC090 357 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC091 358 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC092 359 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC093 360 http2cipher_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC094 361 http2cipher_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC095 362 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC096 363 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC097 364 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC098 365 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC099 366 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC09A 367 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC09B 368 http2cipher_TLS_RSA_WITH_AES_128_CCM uint16 = 0xC09C 369 http2cipher_TLS_RSA_WITH_AES_256_CCM uint16 = 0xC09D 370 http2cipher_TLS_DHE_RSA_WITH_AES_128_CCM uint16 = 0xC09E 371 http2cipher_TLS_DHE_RSA_WITH_AES_256_CCM uint16 = 0xC09F 372 http2cipher_TLS_RSA_WITH_AES_128_CCM_8 uint16 = 0xC0A0 373 http2cipher_TLS_RSA_WITH_AES_256_CCM_8 uint16 = 0xC0A1 374 http2cipher_TLS_DHE_RSA_WITH_AES_128_CCM_8 uint16 = 0xC0A2 375 http2cipher_TLS_DHE_RSA_WITH_AES_256_CCM_8 uint16 = 0xC0A3 376 http2cipher_TLS_PSK_WITH_AES_128_CCM uint16 = 0xC0A4 377 http2cipher_TLS_PSK_WITH_AES_256_CCM uint16 = 0xC0A5 378 http2cipher_TLS_DHE_PSK_WITH_AES_128_CCM uint16 = 0xC0A6 379 http2cipher_TLS_DHE_PSK_WITH_AES_256_CCM uint16 = 0xC0A7 380 http2cipher_TLS_PSK_WITH_AES_128_CCM_8 uint16 = 0xC0A8 381 http2cipher_TLS_PSK_WITH_AES_256_CCM_8 uint16 = 0xC0A9 382 http2cipher_TLS_PSK_DHE_WITH_AES_128_CCM_8 uint16 = 0xC0AA 383 http2cipher_TLS_PSK_DHE_WITH_AES_256_CCM_8 uint16 = 0xC0AB 384 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CCM uint16 = 0xC0AC 385 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CCM uint16 = 0xC0AD 386 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 uint16 = 0xC0AE 387 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 uint16 = 0xC0AF 388 // Unassigned uint16 = 0xC0B0-FF 389 // Unassigned uint16 = 0xC1-CB,* 390 // Unassigned uint16 = 0xCC00-A7 391 http2cipher_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCA8 392 http2cipher_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCA9 393 http2cipher_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAA 394 http2cipher_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAB 395 http2cipher_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAC 396 http2cipher_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAD 397 http2cipher_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAE 398) 399 400// isBadCipher reports whether the cipher is blacklisted by the HTTP/2 spec. 401// References: 402// https://tools.ietf.org/html/rfc7540#appendix-A 403// Reject cipher suites from Appendix A. 404// "This list includes those cipher suites that do not 405// offer an ephemeral key exchange and those that are 406// based on the TLS null, stream or block cipher type" 407func http2isBadCipher(cipher uint16) bool { 408 switch cipher { 409 case http2cipher_TLS_NULL_WITH_NULL_NULL, 410 http2cipher_TLS_RSA_WITH_NULL_MD5, 411 http2cipher_TLS_RSA_WITH_NULL_SHA, 412 http2cipher_TLS_RSA_EXPORT_WITH_RC4_40_MD5, 413 http2cipher_TLS_RSA_WITH_RC4_128_MD5, 414 http2cipher_TLS_RSA_WITH_RC4_128_SHA, 415 http2cipher_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, 416 http2cipher_TLS_RSA_WITH_IDEA_CBC_SHA, 417 http2cipher_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, 418 http2cipher_TLS_RSA_WITH_DES_CBC_SHA, 419 http2cipher_TLS_RSA_WITH_3DES_EDE_CBC_SHA, 420 http2cipher_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, 421 http2cipher_TLS_DH_DSS_WITH_DES_CBC_SHA, 422 http2cipher_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, 423 http2cipher_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, 424 http2cipher_TLS_DH_RSA_WITH_DES_CBC_SHA, 425 http2cipher_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, 426 http2cipher_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, 427 http2cipher_TLS_DHE_DSS_WITH_DES_CBC_SHA, 428 http2cipher_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 429 http2cipher_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, 430 http2cipher_TLS_DHE_RSA_WITH_DES_CBC_SHA, 431 http2cipher_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 432 http2cipher_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5, 433 http2cipher_TLS_DH_anon_WITH_RC4_128_MD5, 434 http2cipher_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, 435 http2cipher_TLS_DH_anon_WITH_DES_CBC_SHA, 436 http2cipher_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, 437 http2cipher_TLS_KRB5_WITH_DES_CBC_SHA, 438 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_SHA, 439 http2cipher_TLS_KRB5_WITH_RC4_128_SHA, 440 http2cipher_TLS_KRB5_WITH_IDEA_CBC_SHA, 441 http2cipher_TLS_KRB5_WITH_DES_CBC_MD5, 442 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_MD5, 443 http2cipher_TLS_KRB5_WITH_RC4_128_MD5, 444 http2cipher_TLS_KRB5_WITH_IDEA_CBC_MD5, 445 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, 446 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, 447 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_SHA, 448 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, 449 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, 450 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_MD5, 451 http2cipher_TLS_PSK_WITH_NULL_SHA, 452 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA, 453 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA, 454 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA, 455 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA, 456 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA, 457 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 458 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 459 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA, 460 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA, 461 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA, 462 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA, 463 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 464 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 465 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA, 466 http2cipher_TLS_RSA_WITH_NULL_SHA256, 467 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA256, 468 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA256, 469 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA256, 470 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA256, 471 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 472 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, 473 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 474 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 475 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 476 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 477 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA, 478 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 479 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA256, 480 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA256, 481 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 482 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 483 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA256, 484 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA256, 485 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, 486 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 487 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 488 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 489 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 490 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA, 491 http2cipher_TLS_PSK_WITH_RC4_128_SHA, 492 http2cipher_TLS_PSK_WITH_3DES_EDE_CBC_SHA, 493 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA, 494 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA, 495 http2cipher_TLS_DHE_PSK_WITH_RC4_128_SHA, 496 http2cipher_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, 497 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, 498 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, 499 http2cipher_TLS_RSA_PSK_WITH_RC4_128_SHA, 500 http2cipher_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, 501 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, 502 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, 503 http2cipher_TLS_RSA_WITH_SEED_CBC_SHA, 504 http2cipher_TLS_DH_DSS_WITH_SEED_CBC_SHA, 505 http2cipher_TLS_DH_RSA_WITH_SEED_CBC_SHA, 506 http2cipher_TLS_DHE_DSS_WITH_SEED_CBC_SHA, 507 http2cipher_TLS_DHE_RSA_WITH_SEED_CBC_SHA, 508 http2cipher_TLS_DH_anon_WITH_SEED_CBC_SHA, 509 http2cipher_TLS_RSA_WITH_AES_128_GCM_SHA256, 510 http2cipher_TLS_RSA_WITH_AES_256_GCM_SHA384, 511 http2cipher_TLS_DH_RSA_WITH_AES_128_GCM_SHA256, 512 http2cipher_TLS_DH_RSA_WITH_AES_256_GCM_SHA384, 513 http2cipher_TLS_DH_DSS_WITH_AES_128_GCM_SHA256, 514 http2cipher_TLS_DH_DSS_WITH_AES_256_GCM_SHA384, 515 http2cipher_TLS_DH_anon_WITH_AES_128_GCM_SHA256, 516 http2cipher_TLS_DH_anon_WITH_AES_256_GCM_SHA384, 517 http2cipher_TLS_PSK_WITH_AES_128_GCM_SHA256, 518 http2cipher_TLS_PSK_WITH_AES_256_GCM_SHA384, 519 http2cipher_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, 520 http2cipher_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, 521 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA256, 522 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA384, 523 http2cipher_TLS_PSK_WITH_NULL_SHA256, 524 http2cipher_TLS_PSK_WITH_NULL_SHA384, 525 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, 526 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, 527 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA256, 528 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA384, 529 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, 530 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, 531 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA256, 532 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA384, 533 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, 534 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256, 535 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 536 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, 537 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 538 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256, 539 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, 540 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256, 541 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256, 542 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, 543 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 544 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256, 545 http2cipher_TLS_EMPTY_RENEGOTIATION_INFO_SCSV, 546 http2cipher_TLS_ECDH_ECDSA_WITH_NULL_SHA, 547 http2cipher_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 548 http2cipher_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 549 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 550 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 551 http2cipher_TLS_ECDHE_ECDSA_WITH_NULL_SHA, 552 http2cipher_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 553 http2cipher_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 554 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 555 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 556 http2cipher_TLS_ECDH_RSA_WITH_NULL_SHA, 557 http2cipher_TLS_ECDH_RSA_WITH_RC4_128_SHA, 558 http2cipher_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 559 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 560 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 561 http2cipher_TLS_ECDHE_RSA_WITH_NULL_SHA, 562 http2cipher_TLS_ECDHE_RSA_WITH_RC4_128_SHA, 563 http2cipher_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 564 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 565 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 566 http2cipher_TLS_ECDH_anon_WITH_NULL_SHA, 567 http2cipher_TLS_ECDH_anon_WITH_RC4_128_SHA, 568 http2cipher_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, 569 http2cipher_TLS_ECDH_anon_WITH_AES_128_CBC_SHA, 570 http2cipher_TLS_ECDH_anon_WITH_AES_256_CBC_SHA, 571 http2cipher_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 572 http2cipher_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 573 http2cipher_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 574 http2cipher_TLS_SRP_SHA_WITH_AES_128_CBC_SHA, 575 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 576 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 577 http2cipher_TLS_SRP_SHA_WITH_AES_256_CBC_SHA, 578 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 579 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 580 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 581 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 582 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, 583 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, 584 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 585 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 586 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 587 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 588 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 589 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 590 http2cipher_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, 591 http2cipher_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, 592 http2cipher_TLS_ECDHE_PSK_WITH_RC4_128_SHA, 593 http2cipher_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, 594 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, 595 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, 596 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 597 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, 598 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA, 599 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA256, 600 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA384, 601 http2cipher_TLS_RSA_WITH_ARIA_128_CBC_SHA256, 602 http2cipher_TLS_RSA_WITH_ARIA_256_CBC_SHA384, 603 http2cipher_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256, 604 http2cipher_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384, 605 http2cipher_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256, 606 http2cipher_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384, 607 http2cipher_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256, 608 http2cipher_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384, 609 http2cipher_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, 610 http2cipher_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, 611 http2cipher_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256, 612 http2cipher_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384, 613 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, 614 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, 615 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, 616 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, 617 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, 618 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, 619 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, 620 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, 621 http2cipher_TLS_RSA_WITH_ARIA_128_GCM_SHA256, 622 http2cipher_TLS_RSA_WITH_ARIA_256_GCM_SHA384, 623 http2cipher_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256, 624 http2cipher_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384, 625 http2cipher_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256, 626 http2cipher_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384, 627 http2cipher_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256, 628 http2cipher_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384, 629 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, 630 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, 631 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, 632 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, 633 http2cipher_TLS_PSK_WITH_ARIA_128_CBC_SHA256, 634 http2cipher_TLS_PSK_WITH_ARIA_256_CBC_SHA384, 635 http2cipher_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, 636 http2cipher_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, 637 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, 638 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, 639 http2cipher_TLS_PSK_WITH_ARIA_128_GCM_SHA256, 640 http2cipher_TLS_PSK_WITH_ARIA_256_GCM_SHA384, 641 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, 642 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, 643 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, 644 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, 645 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 646 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 647 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 648 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 649 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 650 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, 651 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 652 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, 653 http2cipher_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, 654 http2cipher_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, 655 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 656 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 657 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256, 658 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384, 659 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256, 660 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384, 661 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 662 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 663 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 664 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 665 http2cipher_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, 666 http2cipher_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, 667 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, 668 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, 669 http2cipher_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, 670 http2cipher_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, 671 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 672 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 673 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, 674 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, 675 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 676 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 677 http2cipher_TLS_RSA_WITH_AES_128_CCM, 678 http2cipher_TLS_RSA_WITH_AES_256_CCM, 679 http2cipher_TLS_RSA_WITH_AES_128_CCM_8, 680 http2cipher_TLS_RSA_WITH_AES_256_CCM_8, 681 http2cipher_TLS_PSK_WITH_AES_128_CCM, 682 http2cipher_TLS_PSK_WITH_AES_256_CCM, 683 http2cipher_TLS_PSK_WITH_AES_128_CCM_8, 684 http2cipher_TLS_PSK_WITH_AES_256_CCM_8: 685 return true 686 default: 687 return false 688 } 689} 690 691// ClientConnPool manages a pool of HTTP/2 client connections. 692type http2ClientConnPool interface { 693 GetClientConn(req *Request, addr string) (*http2ClientConn, error) 694 MarkDead(*http2ClientConn) 695} 696 697// clientConnPoolIdleCloser is the interface implemented by ClientConnPool 698// implementations which can close their idle connections. 699type http2clientConnPoolIdleCloser interface { 700 http2ClientConnPool 701 closeIdleConnections() 702} 703 704var ( 705 _ http2clientConnPoolIdleCloser = (*http2clientConnPool)(nil) 706 _ http2clientConnPoolIdleCloser = http2noDialClientConnPool{} 707) 708 709// TODO: use singleflight for dialing and addConnCalls? 710type http2clientConnPool struct { 711 t *http2Transport 712 713 mu sync.Mutex // TODO: maybe switch to RWMutex 714 // TODO: add support for sharing conns based on cert names 715 // (e.g. share conn for googleapis.com and appspot.com) 716 conns map[string][]*http2ClientConn // key is host:port 717 dialing map[string]*http2dialCall // currently in-flight dials 718 keys map[*http2ClientConn][]string 719 addConnCalls map[string]*http2addConnCall // in-flight addConnIfNeede calls 720} 721 722func (p *http2clientConnPool) GetClientConn(req *Request, addr string) (*http2ClientConn, error) { 723 return p.getClientConn(req, addr, http2dialOnMiss) 724} 725 726const ( 727 http2dialOnMiss = true 728 http2noDialOnMiss = false 729) 730 731// shouldTraceGetConn reports whether getClientConn should call any 732// ClientTrace.GetConn hook associated with the http.Request. 733// 734// This complexity is needed to avoid double calls of the GetConn hook 735// during the back-and-forth between net/http and x/net/http2 (when the 736// net/http.Transport is upgraded to also speak http2), as well as support 737// the case where x/net/http2 is being used directly. 738func (p *http2clientConnPool) shouldTraceGetConn(st http2clientConnIdleState) bool { 739 // If our Transport wasn't made via ConfigureTransport, always 740 // trace the GetConn hook if provided, because that means the 741 // http2 package is being used directly and it's the one 742 // dialing, as opposed to net/http. 743 if _, ok := p.t.ConnPool.(http2noDialClientConnPool); !ok { 744 return true 745 } 746 // Otherwise, only use the GetConn hook if this connection has 747 // been used previously for other requests. For fresh 748 // connections, the net/http package does the dialing. 749 return !st.freshConn 750} 751 752func (p *http2clientConnPool) getClientConn(req *Request, addr string, dialOnMiss bool) (*http2ClientConn, error) { 753 if http2isConnectionCloseRequest(req) && dialOnMiss { 754 // It gets its own connection. 755 http2traceGetConn(req, addr) 756 const singleUse = true 757 cc, err := p.t.dialClientConn(addr, singleUse) 758 if err != nil { 759 return nil, err 760 } 761 return cc, nil 762 } 763 p.mu.Lock() 764 for _, cc := range p.conns[addr] { 765 if st := cc.idleState(); st.canTakeNewRequest { 766 if p.shouldTraceGetConn(st) { 767 http2traceGetConn(req, addr) 768 } 769 p.mu.Unlock() 770 return cc, nil 771 } 772 } 773 if !dialOnMiss { 774 p.mu.Unlock() 775 return nil, http2ErrNoCachedConn 776 } 777 http2traceGetConn(req, addr) 778 call := p.getStartDialLocked(addr) 779 p.mu.Unlock() 780 <-call.done 781 return call.res, call.err 782} 783 784// dialCall is an in-flight Transport dial call to a host. 785type http2dialCall struct { 786 p *http2clientConnPool 787 done chan struct{} // closed when done 788 res *http2ClientConn // valid after done is closed 789 err error // valid after done is closed 790} 791 792// requires p.mu is held. 793func (p *http2clientConnPool) getStartDialLocked(addr string) *http2dialCall { 794 if call, ok := p.dialing[addr]; ok { 795 // A dial is already in-flight. Don't start another. 796 return call 797 } 798 call := &http2dialCall{p: p, done: make(chan struct{})} 799 if p.dialing == nil { 800 p.dialing = make(map[string]*http2dialCall) 801 } 802 p.dialing[addr] = call 803 go call.dial(addr) 804 return call 805} 806 807// run in its own goroutine. 808func (c *http2dialCall) dial(addr string) { 809 const singleUse = false // shared conn 810 c.res, c.err = c.p.t.dialClientConn(addr, singleUse) 811 close(c.done) 812 813 c.p.mu.Lock() 814 delete(c.p.dialing, addr) 815 if c.err == nil { 816 c.p.addConnLocked(addr, c.res) 817 } 818 c.p.mu.Unlock() 819} 820 821// addConnIfNeeded makes a NewClientConn out of c if a connection for key doesn't 822// already exist. It coalesces concurrent calls with the same key. 823// This is used by the http1 Transport code when it creates a new connection. Because 824// the http1 Transport doesn't de-dup TCP dials to outbound hosts (because it doesn't know 825// the protocol), it can get into a situation where it has multiple TLS connections. 826// This code decides which ones live or die. 827// The return value used is whether c was used. 828// c is never closed. 829func (p *http2clientConnPool) addConnIfNeeded(key string, t *http2Transport, c *tls.Conn) (used bool, err error) { 830 p.mu.Lock() 831 for _, cc := range p.conns[key] { 832 if cc.CanTakeNewRequest() { 833 p.mu.Unlock() 834 return false, nil 835 } 836 } 837 call, dup := p.addConnCalls[key] 838 if !dup { 839 if p.addConnCalls == nil { 840 p.addConnCalls = make(map[string]*http2addConnCall) 841 } 842 call = &http2addConnCall{ 843 p: p, 844 done: make(chan struct{}), 845 } 846 p.addConnCalls[key] = call 847 go call.run(t, key, c) 848 } 849 p.mu.Unlock() 850 851 <-call.done 852 if call.err != nil { 853 return false, call.err 854 } 855 return !dup, nil 856} 857 858type http2addConnCall struct { 859 p *http2clientConnPool 860 done chan struct{} // closed when done 861 err error 862} 863 864func (c *http2addConnCall) run(t *http2Transport, key string, tc *tls.Conn) { 865 cc, err := t.NewClientConn(tc) 866 867 p := c.p 868 p.mu.Lock() 869 if err != nil { 870 c.err = err 871 } else { 872 p.addConnLocked(key, cc) 873 } 874 delete(p.addConnCalls, key) 875 p.mu.Unlock() 876 close(c.done) 877} 878 879func (p *http2clientConnPool) addConn(key string, cc *http2ClientConn) { 880 p.mu.Lock() 881 p.addConnLocked(key, cc) 882 p.mu.Unlock() 883} 884 885// p.mu must be held 886func (p *http2clientConnPool) addConnLocked(key string, cc *http2ClientConn) { 887 for _, v := range p.conns[key] { 888 if v == cc { 889 return 890 } 891 } 892 if p.conns == nil { 893 p.conns = make(map[string][]*http2ClientConn) 894 } 895 if p.keys == nil { 896 p.keys = make(map[*http2ClientConn][]string) 897 } 898 p.conns[key] = append(p.conns[key], cc) 899 p.keys[cc] = append(p.keys[cc], key) 900} 901 902func (p *http2clientConnPool) MarkDead(cc *http2ClientConn) { 903 p.mu.Lock() 904 defer p.mu.Unlock() 905 for _, key := range p.keys[cc] { 906 vv, ok := p.conns[key] 907 if !ok { 908 continue 909 } 910 newList := http2filterOutClientConn(vv, cc) 911 if len(newList) > 0 { 912 p.conns[key] = newList 913 } else { 914 delete(p.conns, key) 915 } 916 } 917 delete(p.keys, cc) 918} 919 920func (p *http2clientConnPool) closeIdleConnections() { 921 p.mu.Lock() 922 defer p.mu.Unlock() 923 // TODO: don't close a cc if it was just added to the pool 924 // milliseconds ago and has never been used. There's currently 925 // a small race window with the HTTP/1 Transport's integration 926 // where it can add an idle conn just before using it, and 927 // somebody else can concurrently call CloseIdleConns and 928 // break some caller's RoundTrip. 929 for _, vv := range p.conns { 930 for _, cc := range vv { 931 cc.closeIfIdle() 932 } 933 } 934} 935 936func http2filterOutClientConn(in []*http2ClientConn, exclude *http2ClientConn) []*http2ClientConn { 937 out := in[:0] 938 for _, v := range in { 939 if v != exclude { 940 out = append(out, v) 941 } 942 } 943 // If we filtered it out, zero out the last item to prevent 944 // the GC from seeing it. 945 if len(in) != len(out) { 946 in[len(in)-1] = nil 947 } 948 return out 949} 950 951// noDialClientConnPool is an implementation of http2.ClientConnPool 952// which never dials. We let the HTTP/1.1 client dial and use its TLS 953// connection instead. 954type http2noDialClientConnPool struct{ *http2clientConnPool } 955 956func (p http2noDialClientConnPool) GetClientConn(req *Request, addr string) (*http2ClientConn, error) { 957 return p.getClientConn(req, addr, http2noDialOnMiss) 958} 959 960// Buffer chunks are allocated from a pool to reduce pressure on GC. 961// The maximum wasted space per dataBuffer is 2x the largest size class, 962// which happens when the dataBuffer has multiple chunks and there is 963// one unread byte in both the first and last chunks. We use a few size 964// classes to minimize overheads for servers that typically receive very 965// small request bodies. 966// 967// TODO: Benchmark to determine if the pools are necessary. The GC may have 968// improved enough that we can instead allocate chunks like this: 969// make([]byte, max(16<<10, expectedBytesRemaining)) 970var ( 971 http2dataChunkSizeClasses = []int{ 972 1 << 10, 973 2 << 10, 974 4 << 10, 975 8 << 10, 976 16 << 10, 977 } 978 http2dataChunkPools = [...]sync.Pool{ 979 {New: func() interface{} { return make([]byte, 1<<10) }}, 980 {New: func() interface{} { return make([]byte, 2<<10) }}, 981 {New: func() interface{} { return make([]byte, 4<<10) }}, 982 {New: func() interface{} { return make([]byte, 8<<10) }}, 983 {New: func() interface{} { return make([]byte, 16<<10) }}, 984 } 985) 986 987func http2getDataBufferChunk(size int64) []byte { 988 i := 0 989 for ; i < len(http2dataChunkSizeClasses)-1; i++ { 990 if size <= int64(http2dataChunkSizeClasses[i]) { 991 break 992 } 993 } 994 return http2dataChunkPools[i].Get().([]byte) 995} 996 997func http2putDataBufferChunk(p []byte) { 998 for i, n := range http2dataChunkSizeClasses { 999 if len(p) == n { 1000 http2dataChunkPools[i].Put(p) 1001 return 1002 } 1003 } 1004 panic(fmt.Sprintf("unexpected buffer len=%v", len(p))) 1005} 1006 1007// dataBuffer is an io.ReadWriter backed by a list of data chunks. 1008// Each dataBuffer is used to read DATA frames on a single stream. 1009// The buffer is divided into chunks so the server can limit the 1010// total memory used by a single connection without limiting the 1011// request body size on any single stream. 1012type http2dataBuffer struct { 1013 chunks [][]byte 1014 r int // next byte to read is chunks[0][r] 1015 w int // next byte to write is chunks[len(chunks)-1][w] 1016 size int // total buffered bytes 1017 expected int64 // we expect at least this many bytes in future Write calls (ignored if <= 0) 1018} 1019 1020var http2errReadEmpty = errors.New("read from empty dataBuffer") 1021 1022// Read copies bytes from the buffer into p. 1023// It is an error to read when no data is available. 1024func (b *http2dataBuffer) Read(p []byte) (int, error) { 1025 if b.size == 0 { 1026 return 0, http2errReadEmpty 1027 } 1028 var ntotal int 1029 for len(p) > 0 && b.size > 0 { 1030 readFrom := b.bytesFromFirstChunk() 1031 n := copy(p, readFrom) 1032 p = p[n:] 1033 ntotal += n 1034 b.r += n 1035 b.size -= n 1036 // If the first chunk has been consumed, advance to the next chunk. 1037 if b.r == len(b.chunks[0]) { 1038 http2putDataBufferChunk(b.chunks[0]) 1039 end := len(b.chunks) - 1 1040 copy(b.chunks[:end], b.chunks[1:]) 1041 b.chunks[end] = nil 1042 b.chunks = b.chunks[:end] 1043 b.r = 0 1044 } 1045 } 1046 return ntotal, nil 1047} 1048 1049func (b *http2dataBuffer) bytesFromFirstChunk() []byte { 1050 if len(b.chunks) == 1 { 1051 return b.chunks[0][b.r:b.w] 1052 } 1053 return b.chunks[0][b.r:] 1054} 1055 1056// Len returns the number of bytes of the unread portion of the buffer. 1057func (b *http2dataBuffer) Len() int { 1058 return b.size 1059} 1060 1061// Write appends p to the buffer. 1062func (b *http2dataBuffer) Write(p []byte) (int, error) { 1063 ntotal := len(p) 1064 for len(p) > 0 { 1065 // If the last chunk is empty, allocate a new chunk. Try to allocate 1066 // enough to fully copy p plus any additional bytes we expect to 1067 // receive. However, this may allocate less than len(p). 1068 want := int64(len(p)) 1069 if b.expected > want { 1070 want = b.expected 1071 } 1072 chunk := b.lastChunkOrAlloc(want) 1073 n := copy(chunk[b.w:], p) 1074 p = p[n:] 1075 b.w += n 1076 b.size += n 1077 b.expected -= int64(n) 1078 } 1079 return ntotal, nil 1080} 1081 1082func (b *http2dataBuffer) lastChunkOrAlloc(want int64) []byte { 1083 if len(b.chunks) != 0 { 1084 last := b.chunks[len(b.chunks)-1] 1085 if b.w < len(last) { 1086 return last 1087 } 1088 } 1089 chunk := http2getDataBufferChunk(want) 1090 b.chunks = append(b.chunks, chunk) 1091 b.w = 0 1092 return chunk 1093} 1094 1095// An ErrCode is an unsigned 32-bit error code as defined in the HTTP/2 spec. 1096type http2ErrCode uint32 1097 1098const ( 1099 http2ErrCodeNo http2ErrCode = 0x0 1100 http2ErrCodeProtocol http2ErrCode = 0x1 1101 http2ErrCodeInternal http2ErrCode = 0x2 1102 http2ErrCodeFlowControl http2ErrCode = 0x3 1103 http2ErrCodeSettingsTimeout http2ErrCode = 0x4 1104 http2ErrCodeStreamClosed http2ErrCode = 0x5 1105 http2ErrCodeFrameSize http2ErrCode = 0x6 1106 http2ErrCodeRefusedStream http2ErrCode = 0x7 1107 http2ErrCodeCancel http2ErrCode = 0x8 1108 http2ErrCodeCompression http2ErrCode = 0x9 1109 http2ErrCodeConnect http2ErrCode = 0xa 1110 http2ErrCodeEnhanceYourCalm http2ErrCode = 0xb 1111 http2ErrCodeInadequateSecurity http2ErrCode = 0xc 1112 http2ErrCodeHTTP11Required http2ErrCode = 0xd 1113) 1114 1115var http2errCodeName = map[http2ErrCode]string{ 1116 http2ErrCodeNo: "NO_ERROR", 1117 http2ErrCodeProtocol: "PROTOCOL_ERROR", 1118 http2ErrCodeInternal: "INTERNAL_ERROR", 1119 http2ErrCodeFlowControl: "FLOW_CONTROL_ERROR", 1120 http2ErrCodeSettingsTimeout: "SETTINGS_TIMEOUT", 1121 http2ErrCodeStreamClosed: "STREAM_CLOSED", 1122 http2ErrCodeFrameSize: "FRAME_SIZE_ERROR", 1123 http2ErrCodeRefusedStream: "REFUSED_STREAM", 1124 http2ErrCodeCancel: "CANCEL", 1125 http2ErrCodeCompression: "COMPRESSION_ERROR", 1126 http2ErrCodeConnect: "CONNECT_ERROR", 1127 http2ErrCodeEnhanceYourCalm: "ENHANCE_YOUR_CALM", 1128 http2ErrCodeInadequateSecurity: "INADEQUATE_SECURITY", 1129 http2ErrCodeHTTP11Required: "HTTP_1_1_REQUIRED", 1130} 1131 1132func (e http2ErrCode) String() string { 1133 if s, ok := http2errCodeName[e]; ok { 1134 return s 1135 } 1136 return fmt.Sprintf("unknown error code 0x%x", uint32(e)) 1137} 1138 1139// ConnectionError is an error that results in the termination of the 1140// entire connection. 1141type http2ConnectionError http2ErrCode 1142 1143func (e http2ConnectionError) Error() string { 1144 return fmt.Sprintf("connection error: %s", http2ErrCode(e)) 1145} 1146 1147// StreamError is an error that only affects one stream within an 1148// HTTP/2 connection. 1149type http2StreamError struct { 1150 StreamID uint32 1151 Code http2ErrCode 1152 Cause error // optional additional detail 1153} 1154 1155func http2streamError(id uint32, code http2ErrCode) http2StreamError { 1156 return http2StreamError{StreamID: id, Code: code} 1157} 1158 1159func (e http2StreamError) Error() string { 1160 if e.Cause != nil { 1161 return fmt.Sprintf("stream error: stream ID %d; %v; %v", e.StreamID, e.Code, e.Cause) 1162 } 1163 return fmt.Sprintf("stream error: stream ID %d; %v", e.StreamID, e.Code) 1164} 1165 1166// 6.9.1 The Flow Control Window 1167// "If a sender receives a WINDOW_UPDATE that causes a flow control 1168// window to exceed this maximum it MUST terminate either the stream 1169// or the connection, as appropriate. For streams, [...]; for the 1170// connection, a GOAWAY frame with a FLOW_CONTROL_ERROR code." 1171type http2goAwayFlowError struct{} 1172 1173func (http2goAwayFlowError) Error() string { return "connection exceeded flow control window size" } 1174 1175// connError represents an HTTP/2 ConnectionError error code, along 1176// with a string (for debugging) explaining why. 1177// 1178// Errors of this type are only returned by the frame parser functions 1179// and converted into ConnectionError(Code), after stashing away 1180// the Reason into the Framer's errDetail field, accessible via 1181// the (*Framer).ErrorDetail method. 1182type http2connError struct { 1183 Code http2ErrCode // the ConnectionError error code 1184 Reason string // additional reason 1185} 1186 1187func (e http2connError) Error() string { 1188 return fmt.Sprintf("http2: connection error: %v: %v", e.Code, e.Reason) 1189} 1190 1191type http2pseudoHeaderError string 1192 1193func (e http2pseudoHeaderError) Error() string { 1194 return fmt.Sprintf("invalid pseudo-header %q", string(e)) 1195} 1196 1197type http2duplicatePseudoHeaderError string 1198 1199func (e http2duplicatePseudoHeaderError) Error() string { 1200 return fmt.Sprintf("duplicate pseudo-header %q", string(e)) 1201} 1202 1203type http2headerFieldNameError string 1204 1205func (e http2headerFieldNameError) Error() string { 1206 return fmt.Sprintf("invalid header field name %q", string(e)) 1207} 1208 1209type http2headerFieldValueError string 1210 1211func (e http2headerFieldValueError) Error() string { 1212 return fmt.Sprintf("invalid header field value %q", string(e)) 1213} 1214 1215var ( 1216 http2errMixPseudoHeaderTypes = errors.New("mix of request and response pseudo headers") 1217 http2errPseudoAfterRegular = errors.New("pseudo header field after regular") 1218) 1219 1220// flow is the flow control window's size. 1221type http2flow struct { 1222 // n is the number of DATA bytes we're allowed to send. 1223 // A flow is kept both on a conn and a per-stream. 1224 n int32 1225 1226 // conn points to the shared connection-level flow that is 1227 // shared by all streams on that conn. It is nil for the flow 1228 // that's on the conn directly. 1229 conn *http2flow 1230} 1231 1232func (f *http2flow) setConnFlow(cf *http2flow) { f.conn = cf } 1233 1234func (f *http2flow) available() int32 { 1235 n := f.n 1236 if f.conn != nil && f.conn.n < n { 1237 n = f.conn.n 1238 } 1239 return n 1240} 1241 1242func (f *http2flow) take(n int32) { 1243 if n > f.available() { 1244 panic("internal error: took too much") 1245 } 1246 f.n -= n 1247 if f.conn != nil { 1248 f.conn.n -= n 1249 } 1250} 1251 1252// add adds n bytes (positive or negative) to the flow control window. 1253// It returns false if the sum would exceed 2^31-1. 1254func (f *http2flow) add(n int32) bool { 1255 sum := f.n + n 1256 if (sum > n) == (f.n > 0) { 1257 f.n = sum 1258 return true 1259 } 1260 return false 1261} 1262 1263const http2frameHeaderLen = 9 1264 1265var http2padZeros = make([]byte, 255) // zeros for padding 1266 1267// A FrameType is a registered frame type as defined in 1268// http://http2.github.io/http2-spec/#rfc.section.11.2 1269type http2FrameType uint8 1270 1271const ( 1272 http2FrameData http2FrameType = 0x0 1273 http2FrameHeaders http2FrameType = 0x1 1274 http2FramePriority http2FrameType = 0x2 1275 http2FrameRSTStream http2FrameType = 0x3 1276 http2FrameSettings http2FrameType = 0x4 1277 http2FramePushPromise http2FrameType = 0x5 1278 http2FramePing http2FrameType = 0x6 1279 http2FrameGoAway http2FrameType = 0x7 1280 http2FrameWindowUpdate http2FrameType = 0x8 1281 http2FrameContinuation http2FrameType = 0x9 1282) 1283 1284var http2frameName = map[http2FrameType]string{ 1285 http2FrameData: "DATA", 1286 http2FrameHeaders: "HEADERS", 1287 http2FramePriority: "PRIORITY", 1288 http2FrameRSTStream: "RST_STREAM", 1289 http2FrameSettings: "SETTINGS", 1290 http2FramePushPromise: "PUSH_PROMISE", 1291 http2FramePing: "PING", 1292 http2FrameGoAway: "GOAWAY", 1293 http2FrameWindowUpdate: "WINDOW_UPDATE", 1294 http2FrameContinuation: "CONTINUATION", 1295} 1296 1297func (t http2FrameType) String() string { 1298 if s, ok := http2frameName[t]; ok { 1299 return s 1300 } 1301 return fmt.Sprintf("UNKNOWN_FRAME_TYPE_%d", uint8(t)) 1302} 1303 1304// Flags is a bitmask of HTTP/2 flags. 1305// The meaning of flags varies depending on the frame type. 1306type http2Flags uint8 1307 1308// Has reports whether f contains all (0 or more) flags in v. 1309func (f http2Flags) Has(v http2Flags) bool { 1310 return (f & v) == v 1311} 1312 1313// Frame-specific FrameHeader flag bits. 1314const ( 1315 // Data Frame 1316 http2FlagDataEndStream http2Flags = 0x1 1317 http2FlagDataPadded http2Flags = 0x8 1318 1319 // Headers Frame 1320 http2FlagHeadersEndStream http2Flags = 0x1 1321 http2FlagHeadersEndHeaders http2Flags = 0x4 1322 http2FlagHeadersPadded http2Flags = 0x8 1323 http2FlagHeadersPriority http2Flags = 0x20 1324 1325 // Settings Frame 1326 http2FlagSettingsAck http2Flags = 0x1 1327 1328 // Ping Frame 1329 http2FlagPingAck http2Flags = 0x1 1330 1331 // Continuation Frame 1332 http2FlagContinuationEndHeaders http2Flags = 0x4 1333 1334 http2FlagPushPromiseEndHeaders http2Flags = 0x4 1335 http2FlagPushPromisePadded http2Flags = 0x8 1336) 1337 1338var http2flagName = map[http2FrameType]map[http2Flags]string{ 1339 http2FrameData: { 1340 http2FlagDataEndStream: "END_STREAM", 1341 http2FlagDataPadded: "PADDED", 1342 }, 1343 http2FrameHeaders: { 1344 http2FlagHeadersEndStream: "END_STREAM", 1345 http2FlagHeadersEndHeaders: "END_HEADERS", 1346 http2FlagHeadersPadded: "PADDED", 1347 http2FlagHeadersPriority: "PRIORITY", 1348 }, 1349 http2FrameSettings: { 1350 http2FlagSettingsAck: "ACK", 1351 }, 1352 http2FramePing: { 1353 http2FlagPingAck: "ACK", 1354 }, 1355 http2FrameContinuation: { 1356 http2FlagContinuationEndHeaders: "END_HEADERS", 1357 }, 1358 http2FramePushPromise: { 1359 http2FlagPushPromiseEndHeaders: "END_HEADERS", 1360 http2FlagPushPromisePadded: "PADDED", 1361 }, 1362} 1363 1364// a frameParser parses a frame given its FrameHeader and payload 1365// bytes. The length of payload will always equal fh.Length (which 1366// might be 0). 1367type http2frameParser func(fc *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) 1368 1369var http2frameParsers = map[http2FrameType]http2frameParser{ 1370 http2FrameData: http2parseDataFrame, 1371 http2FrameHeaders: http2parseHeadersFrame, 1372 http2FramePriority: http2parsePriorityFrame, 1373 http2FrameRSTStream: http2parseRSTStreamFrame, 1374 http2FrameSettings: http2parseSettingsFrame, 1375 http2FramePushPromise: http2parsePushPromise, 1376 http2FramePing: http2parsePingFrame, 1377 http2FrameGoAway: http2parseGoAwayFrame, 1378 http2FrameWindowUpdate: http2parseWindowUpdateFrame, 1379 http2FrameContinuation: http2parseContinuationFrame, 1380} 1381 1382func http2typeFrameParser(t http2FrameType) http2frameParser { 1383 if f := http2frameParsers[t]; f != nil { 1384 return f 1385 } 1386 return http2parseUnknownFrame 1387} 1388 1389// A FrameHeader is the 9 byte header of all HTTP/2 frames. 1390// 1391// See http://http2.github.io/http2-spec/#FrameHeader 1392type http2FrameHeader struct { 1393 valid bool // caller can access []byte fields in the Frame 1394 1395 // Type is the 1 byte frame type. There are ten standard frame 1396 // types, but extension frame types may be written by WriteRawFrame 1397 // and will be returned by ReadFrame (as UnknownFrame). 1398 Type http2FrameType 1399 1400 // Flags are the 1 byte of 8 potential bit flags per frame. 1401 // They are specific to the frame type. 1402 Flags http2Flags 1403 1404 // Length is the length of the frame, not including the 9 byte header. 1405 // The maximum size is one byte less than 16MB (uint24), but only 1406 // frames up to 16KB are allowed without peer agreement. 1407 Length uint32 1408 1409 // StreamID is which stream this frame is for. Certain frames 1410 // are not stream-specific, in which case this field is 0. 1411 StreamID uint32 1412} 1413 1414// Header returns h. It exists so FrameHeaders can be embedded in other 1415// specific frame types and implement the Frame interface. 1416func (h http2FrameHeader) Header() http2FrameHeader { return h } 1417 1418func (h http2FrameHeader) String() string { 1419 var buf bytes.Buffer 1420 buf.WriteString("[FrameHeader ") 1421 h.writeDebug(&buf) 1422 buf.WriteByte(']') 1423 return buf.String() 1424} 1425 1426func (h http2FrameHeader) writeDebug(buf *bytes.Buffer) { 1427 buf.WriteString(h.Type.String()) 1428 if h.Flags != 0 { 1429 buf.WriteString(" flags=") 1430 set := 0 1431 for i := uint8(0); i < 8; i++ { 1432 if h.Flags&(1<<i) == 0 { 1433 continue 1434 } 1435 set++ 1436 if set > 1 { 1437 buf.WriteByte('|') 1438 } 1439 name := http2flagName[h.Type][http2Flags(1<<i)] 1440 if name != "" { 1441 buf.WriteString(name) 1442 } else { 1443 fmt.Fprintf(buf, "0x%x", 1<<i) 1444 } 1445 } 1446 } 1447 if h.StreamID != 0 { 1448 fmt.Fprintf(buf, " stream=%d", h.StreamID) 1449 } 1450 fmt.Fprintf(buf, " len=%d", h.Length) 1451} 1452 1453func (h *http2FrameHeader) checkValid() { 1454 if !h.valid { 1455 panic("Frame accessor called on non-owned Frame") 1456 } 1457} 1458 1459func (h *http2FrameHeader) invalidate() { h.valid = false } 1460 1461// frame header bytes. 1462// Used only by ReadFrameHeader. 1463var http2fhBytes = sync.Pool{ 1464 New: func() interface{} { 1465 buf := make([]byte, http2frameHeaderLen) 1466 return &buf 1467 }, 1468} 1469 1470// ReadFrameHeader reads 9 bytes from r and returns a FrameHeader. 1471// Most users should use Framer.ReadFrame instead. 1472func http2ReadFrameHeader(r io.Reader) (http2FrameHeader, error) { 1473 bufp := http2fhBytes.Get().(*[]byte) 1474 defer http2fhBytes.Put(bufp) 1475 return http2readFrameHeader(*bufp, r) 1476} 1477 1478func http2readFrameHeader(buf []byte, r io.Reader) (http2FrameHeader, error) { 1479 _, err := io.ReadFull(r, buf[:http2frameHeaderLen]) 1480 if err != nil { 1481 return http2FrameHeader{}, err 1482 } 1483 return http2FrameHeader{ 1484 Length: (uint32(buf[0])<<16 | uint32(buf[1])<<8 | uint32(buf[2])), 1485 Type: http2FrameType(buf[3]), 1486 Flags: http2Flags(buf[4]), 1487 StreamID: binary.BigEndian.Uint32(buf[5:]) & (1<<31 - 1), 1488 valid: true, 1489 }, nil 1490} 1491 1492// A Frame is the base interface implemented by all frame types. 1493// Callers will generally type-assert the specific frame type: 1494// *HeadersFrame, *SettingsFrame, *WindowUpdateFrame, etc. 1495// 1496// Frames are only valid until the next call to Framer.ReadFrame. 1497type http2Frame interface { 1498 Header() http2FrameHeader 1499 1500 // invalidate is called by Framer.ReadFrame to make this 1501 // frame's buffers as being invalid, since the subsequent 1502 // frame will reuse them. 1503 invalidate() 1504} 1505 1506// A Framer reads and writes Frames. 1507type http2Framer struct { 1508 r io.Reader 1509 lastFrame http2Frame 1510 errDetail error 1511 1512 // lastHeaderStream is non-zero if the last frame was an 1513 // unfinished HEADERS/CONTINUATION. 1514 lastHeaderStream uint32 1515 1516 maxReadSize uint32 1517 headerBuf [http2frameHeaderLen]byte 1518 1519 // TODO: let getReadBuf be configurable, and use a less memory-pinning 1520 // allocator in server.go to minimize memory pinned for many idle conns. 1521 // Will probably also need to make frame invalidation have a hook too. 1522 getReadBuf func(size uint32) []byte 1523 readBuf []byte // cache for default getReadBuf 1524 1525 maxWriteSize uint32 // zero means unlimited; TODO: implement 1526 1527 w io.Writer 1528 wbuf []byte 1529 1530 // AllowIllegalWrites permits the Framer's Write methods to 1531 // write frames that do not conform to the HTTP/2 spec. This 1532 // permits using the Framer to test other HTTP/2 1533 // implementations' conformance to the spec. 1534 // If false, the Write methods will prefer to return an error 1535 // rather than comply. 1536 AllowIllegalWrites bool 1537 1538 // AllowIllegalReads permits the Framer's ReadFrame method 1539 // to return non-compliant frames or frame orders. 1540 // This is for testing and permits using the Framer to test 1541 // other HTTP/2 implementations' conformance to the spec. 1542 // It is not compatible with ReadMetaHeaders. 1543 AllowIllegalReads bool 1544 1545 // ReadMetaHeaders if non-nil causes ReadFrame to merge 1546 // HEADERS and CONTINUATION frames together and return 1547 // MetaHeadersFrame instead. 1548 ReadMetaHeaders *hpack.Decoder 1549 1550 // MaxHeaderListSize is the http2 MAX_HEADER_LIST_SIZE. 1551 // It's used only if ReadMetaHeaders is set; 0 means a sane default 1552 // (currently 16MB) 1553 // If the limit is hit, MetaHeadersFrame.Truncated is set true. 1554 MaxHeaderListSize uint32 1555 1556 // TODO: track which type of frame & with which flags was sent 1557 // last. Then return an error (unless AllowIllegalWrites) if 1558 // we're in the middle of a header block and a 1559 // non-Continuation or Continuation on a different stream is 1560 // attempted to be written. 1561 1562 logReads, logWrites bool 1563 1564 debugFramer *http2Framer // only use for logging written writes 1565 debugFramerBuf *bytes.Buffer 1566 debugReadLoggerf func(string, ...interface{}) 1567 debugWriteLoggerf func(string, ...interface{}) 1568 1569 frameCache *http2frameCache // nil if frames aren't reused (default) 1570} 1571 1572func (fr *http2Framer) maxHeaderListSize() uint32 { 1573 if fr.MaxHeaderListSize == 0 { 1574 return 16 << 20 // sane default, per docs 1575 } 1576 return fr.MaxHeaderListSize 1577} 1578 1579func (f *http2Framer) startWrite(ftype http2FrameType, flags http2Flags, streamID uint32) { 1580 // Write the FrameHeader. 1581 f.wbuf = append(f.wbuf[:0], 1582 0, // 3 bytes of length, filled in in endWrite 1583 0, 1584 0, 1585 byte(ftype), 1586 byte(flags), 1587 byte(streamID>>24), 1588 byte(streamID>>16), 1589 byte(streamID>>8), 1590 byte(streamID)) 1591} 1592 1593func (f *http2Framer) endWrite() error { 1594 // Now that we know the final size, fill in the FrameHeader in 1595 // the space previously reserved for it. Abuse append. 1596 length := len(f.wbuf) - http2frameHeaderLen 1597 if length >= (1 << 24) { 1598 return http2ErrFrameTooLarge 1599 } 1600 _ = append(f.wbuf[:0], 1601 byte(length>>16), 1602 byte(length>>8), 1603 byte(length)) 1604 if f.logWrites { 1605 f.logWrite() 1606 } 1607 1608 n, err := f.w.Write(f.wbuf) 1609 if err == nil && n != len(f.wbuf) { 1610 err = io.ErrShortWrite 1611 } 1612 return err 1613} 1614 1615func (f *http2Framer) logWrite() { 1616 if f.debugFramer == nil { 1617 f.debugFramerBuf = new(bytes.Buffer) 1618 f.debugFramer = http2NewFramer(nil, f.debugFramerBuf) 1619 f.debugFramer.logReads = false // we log it ourselves, saying "wrote" below 1620 // Let us read anything, even if we accidentally wrote it 1621 // in the wrong order: 1622 f.debugFramer.AllowIllegalReads = true 1623 } 1624 f.debugFramerBuf.Write(f.wbuf) 1625 fr, err := f.debugFramer.ReadFrame() 1626 if err != nil { 1627 f.debugWriteLoggerf("http2: Framer %p: failed to decode just-written frame", f) 1628 return 1629 } 1630 f.debugWriteLoggerf("http2: Framer %p: wrote %v", f, http2summarizeFrame(fr)) 1631} 1632 1633func (f *http2Framer) writeByte(v byte) { f.wbuf = append(f.wbuf, v) } 1634 1635func (f *http2Framer) writeBytes(v []byte) { f.wbuf = append(f.wbuf, v...) } 1636 1637func (f *http2Framer) writeUint16(v uint16) { f.wbuf = append(f.wbuf, byte(v>>8), byte(v)) } 1638 1639func (f *http2Framer) writeUint32(v uint32) { 1640 f.wbuf = append(f.wbuf, byte(v>>24), byte(v>>16), byte(v>>8), byte(v)) 1641} 1642 1643const ( 1644 http2minMaxFrameSize = 1 << 14 1645 http2maxFrameSize = 1<<24 - 1 1646) 1647 1648// SetReuseFrames allows the Framer to reuse Frames. 1649// If called on a Framer, Frames returned by calls to ReadFrame are only 1650// valid until the next call to ReadFrame. 1651func (fr *http2Framer) SetReuseFrames() { 1652 if fr.frameCache != nil { 1653 return 1654 } 1655 fr.frameCache = &http2frameCache{} 1656} 1657 1658type http2frameCache struct { 1659 dataFrame http2DataFrame 1660} 1661 1662func (fc *http2frameCache) getDataFrame() *http2DataFrame { 1663 if fc == nil { 1664 return &http2DataFrame{} 1665 } 1666 return &fc.dataFrame 1667} 1668 1669// NewFramer returns a Framer that writes frames to w and reads them from r. 1670func http2NewFramer(w io.Writer, r io.Reader) *http2Framer { 1671 fr := &http2Framer{ 1672 w: w, 1673 r: r, 1674 logReads: http2logFrameReads, 1675 logWrites: http2logFrameWrites, 1676 debugReadLoggerf: log.Printf, 1677 debugWriteLoggerf: log.Printf, 1678 } 1679 fr.getReadBuf = func(size uint32) []byte { 1680 if cap(fr.readBuf) >= int(size) { 1681 return fr.readBuf[:size] 1682 } 1683 fr.readBuf = make([]byte, size) 1684 return fr.readBuf 1685 } 1686 fr.SetMaxReadFrameSize(http2maxFrameSize) 1687 return fr 1688} 1689 1690// SetMaxReadFrameSize sets the maximum size of a frame 1691// that will be read by a subsequent call to ReadFrame. 1692// It is the caller's responsibility to advertise this 1693// limit with a SETTINGS frame. 1694func (fr *http2Framer) SetMaxReadFrameSize(v uint32) { 1695 if v > http2maxFrameSize { 1696 v = http2maxFrameSize 1697 } 1698 fr.maxReadSize = v 1699} 1700 1701// ErrorDetail returns a more detailed error of the last error 1702// returned by Framer.ReadFrame. For instance, if ReadFrame 1703// returns a StreamError with code PROTOCOL_ERROR, ErrorDetail 1704// will say exactly what was invalid. ErrorDetail is not guaranteed 1705// to return a non-nil value and like the rest of the http2 package, 1706// its return value is not protected by an API compatibility promise. 1707// ErrorDetail is reset after the next call to ReadFrame. 1708func (fr *http2Framer) ErrorDetail() error { 1709 return fr.errDetail 1710} 1711 1712// ErrFrameTooLarge is returned from Framer.ReadFrame when the peer 1713// sends a frame that is larger than declared with SetMaxReadFrameSize. 1714var http2ErrFrameTooLarge = errors.New("http2: frame too large") 1715 1716// terminalReadFrameError reports whether err is an unrecoverable 1717// error from ReadFrame and no other frames should be read. 1718func http2terminalReadFrameError(err error) bool { 1719 if _, ok := err.(http2StreamError); ok { 1720 return false 1721 } 1722 return err != nil 1723} 1724 1725// ReadFrame reads a single frame. The returned Frame is only valid 1726// until the next call to ReadFrame. 1727// 1728// If the frame is larger than previously set with SetMaxReadFrameSize, the 1729// returned error is ErrFrameTooLarge. Other errors may be of type 1730// ConnectionError, StreamError, or anything else from the underlying 1731// reader. 1732func (fr *http2Framer) ReadFrame() (http2Frame, error) { 1733 fr.errDetail = nil 1734 if fr.lastFrame != nil { 1735 fr.lastFrame.invalidate() 1736 } 1737 fh, err := http2readFrameHeader(fr.headerBuf[:], fr.r) 1738 if err != nil { 1739 return nil, err 1740 } 1741 if fh.Length > fr.maxReadSize { 1742 return nil, http2ErrFrameTooLarge 1743 } 1744 payload := fr.getReadBuf(fh.Length) 1745 if _, err := io.ReadFull(fr.r, payload); err != nil { 1746 return nil, err 1747 } 1748 f, err := http2typeFrameParser(fh.Type)(fr.frameCache, fh, payload) 1749 if err != nil { 1750 if ce, ok := err.(http2connError); ok { 1751 return nil, fr.connError(ce.Code, ce.Reason) 1752 } 1753 return nil, err 1754 } 1755 if err := fr.checkFrameOrder(f); err != nil { 1756 return nil, err 1757 } 1758 if fr.logReads { 1759 fr.debugReadLoggerf("http2: Framer %p: read %v", fr, http2summarizeFrame(f)) 1760 } 1761 if fh.Type == http2FrameHeaders && fr.ReadMetaHeaders != nil { 1762 return fr.readMetaFrame(f.(*http2HeadersFrame)) 1763 } 1764 return f, nil 1765} 1766 1767// connError returns ConnectionError(code) but first 1768// stashes away a public reason to the caller can optionally relay it 1769// to the peer before hanging up on them. This might help others debug 1770// their implementations. 1771func (fr *http2Framer) connError(code http2ErrCode, reason string) error { 1772 fr.errDetail = errors.New(reason) 1773 return http2ConnectionError(code) 1774} 1775 1776// checkFrameOrder reports an error if f is an invalid frame to return 1777// next from ReadFrame. Mostly it checks whether HEADERS and 1778// CONTINUATION frames are contiguous. 1779func (fr *http2Framer) checkFrameOrder(f http2Frame) error { 1780 last := fr.lastFrame 1781 fr.lastFrame = f 1782 if fr.AllowIllegalReads { 1783 return nil 1784 } 1785 1786 fh := f.Header() 1787 if fr.lastHeaderStream != 0 { 1788 if fh.Type != http2FrameContinuation { 1789 return fr.connError(http2ErrCodeProtocol, 1790 fmt.Sprintf("got %s for stream %d; expected CONTINUATION following %s for stream %d", 1791 fh.Type, fh.StreamID, 1792 last.Header().Type, fr.lastHeaderStream)) 1793 } 1794 if fh.StreamID != fr.lastHeaderStream { 1795 return fr.connError(http2ErrCodeProtocol, 1796 fmt.Sprintf("got CONTINUATION for stream %d; expected stream %d", 1797 fh.StreamID, fr.lastHeaderStream)) 1798 } 1799 } else if fh.Type == http2FrameContinuation { 1800 return fr.connError(http2ErrCodeProtocol, fmt.Sprintf("unexpected CONTINUATION for stream %d", fh.StreamID)) 1801 } 1802 1803 switch fh.Type { 1804 case http2FrameHeaders, http2FrameContinuation: 1805 if fh.Flags.Has(http2FlagHeadersEndHeaders) { 1806 fr.lastHeaderStream = 0 1807 } else { 1808 fr.lastHeaderStream = fh.StreamID 1809 } 1810 } 1811 1812 return nil 1813} 1814 1815// A DataFrame conveys arbitrary, variable-length sequences of octets 1816// associated with a stream. 1817// See http://http2.github.io/http2-spec/#rfc.section.6.1 1818type http2DataFrame struct { 1819 http2FrameHeader 1820 data []byte 1821} 1822 1823func (f *http2DataFrame) StreamEnded() bool { 1824 return f.http2FrameHeader.Flags.Has(http2FlagDataEndStream) 1825} 1826 1827// Data returns the frame's data octets, not including any padding 1828// size byte or padding suffix bytes. 1829// The caller must not retain the returned memory past the next 1830// call to ReadFrame. 1831func (f *http2DataFrame) Data() []byte { 1832 f.checkValid() 1833 return f.data 1834} 1835 1836func http2parseDataFrame(fc *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) { 1837 if fh.StreamID == 0 { 1838 // DATA frames MUST be associated with a stream. If a 1839 // DATA frame is received whose stream identifier 1840 // field is 0x0, the recipient MUST respond with a 1841 // connection error (Section 5.4.1) of type 1842 // PROTOCOL_ERROR. 1843 return nil, http2connError{http2ErrCodeProtocol, "DATA frame with stream ID 0"} 1844 } 1845 f := fc.getDataFrame() 1846 f.http2FrameHeader = fh 1847 1848 var padSize byte 1849 if fh.Flags.Has(http2FlagDataPadded) { 1850 var err error 1851 payload, padSize, err = http2readByte(payload) 1852 if err != nil { 1853 return nil, err 1854 } 1855 } 1856 if int(padSize) > len(payload) { 1857 // If the length of the padding is greater than the 1858 // length of the frame payload, the recipient MUST 1859 // treat this as a connection error. 1860 // Filed: https://github.com/http2/http2-spec/issues/610 1861 return nil, http2connError{http2ErrCodeProtocol, "pad size larger than data payload"} 1862 } 1863 f.data = payload[:len(payload)-int(padSize)] 1864 return f, nil 1865} 1866 1867var ( 1868 http2errStreamID = errors.New("invalid stream ID") 1869 http2errDepStreamID = errors.New("invalid dependent stream ID") 1870 http2errPadLength = errors.New("pad length too large") 1871 http2errPadBytes = errors.New("padding bytes must all be zeros unless AllowIllegalWrites is enabled") 1872) 1873 1874func http2validStreamIDOrZero(streamID uint32) bool { 1875 return streamID&(1<<31) == 0 1876} 1877 1878func http2validStreamID(streamID uint32) bool { 1879 return streamID != 0 && streamID&(1<<31) == 0 1880} 1881 1882// WriteData writes a DATA frame. 1883// 1884// It will perform exactly one Write to the underlying Writer. 1885// It is the caller's responsibility not to violate the maximum frame size 1886// and to not call other Write methods concurrently. 1887func (f *http2Framer) WriteData(streamID uint32, endStream bool, data []byte) error { 1888 return f.WriteDataPadded(streamID, endStream, data, nil) 1889} 1890 1891// WriteDataPadded writes a DATA frame with optional padding. 1892// 1893// If pad is nil, the padding bit is not sent. 1894// The length of pad must not exceed 255 bytes. 1895// The bytes of pad must all be zero, unless f.AllowIllegalWrites is set. 1896// 1897// It will perform exactly one Write to the underlying Writer. 1898// It is the caller's responsibility not to violate the maximum frame size 1899// and to not call other Write methods concurrently. 1900func (f *http2Framer) WriteDataPadded(streamID uint32, endStream bool, data, pad []byte) error { 1901 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 1902 return http2errStreamID 1903 } 1904 if len(pad) > 0 { 1905 if len(pad) > 255 { 1906 return http2errPadLength 1907 } 1908 if !f.AllowIllegalWrites { 1909 for _, b := range pad { 1910 if b != 0 { 1911 // "Padding octets MUST be set to zero when sending." 1912 return http2errPadBytes 1913 } 1914 } 1915 } 1916 } 1917 var flags http2Flags 1918 if endStream { 1919 flags |= http2FlagDataEndStream 1920 } 1921 if pad != nil { 1922 flags |= http2FlagDataPadded 1923 } 1924 f.startWrite(http2FrameData, flags, streamID) 1925 if pad != nil { 1926 f.wbuf = append(f.wbuf, byte(len(pad))) 1927 } 1928 f.wbuf = append(f.wbuf, data...) 1929 f.wbuf = append(f.wbuf, pad...) 1930 return f.endWrite() 1931} 1932 1933// A SettingsFrame conveys configuration parameters that affect how 1934// endpoints communicate, such as preferences and constraints on peer 1935// behavior. 1936// 1937// See http://http2.github.io/http2-spec/#SETTINGS 1938type http2SettingsFrame struct { 1939 http2FrameHeader 1940 p []byte 1941} 1942 1943func http2parseSettingsFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 1944 if fh.Flags.Has(http2FlagSettingsAck) && fh.Length > 0 { 1945 // When this (ACK 0x1) bit is set, the payload of the 1946 // SETTINGS frame MUST be empty. Receipt of a 1947 // SETTINGS frame with the ACK flag set and a length 1948 // field value other than 0 MUST be treated as a 1949 // connection error (Section 5.4.1) of type 1950 // FRAME_SIZE_ERROR. 1951 return nil, http2ConnectionError(http2ErrCodeFrameSize) 1952 } 1953 if fh.StreamID != 0 { 1954 // SETTINGS frames always apply to a connection, 1955 // never a single stream. The stream identifier for a 1956 // SETTINGS frame MUST be zero (0x0). If an endpoint 1957 // receives a SETTINGS frame whose stream identifier 1958 // field is anything other than 0x0, the endpoint MUST 1959 // respond with a connection error (Section 5.4.1) of 1960 // type PROTOCOL_ERROR. 1961 return nil, http2ConnectionError(http2ErrCodeProtocol) 1962 } 1963 if len(p)%6 != 0 { 1964 // Expecting even number of 6 byte settings. 1965 return nil, http2ConnectionError(http2ErrCodeFrameSize) 1966 } 1967 f := &http2SettingsFrame{http2FrameHeader: fh, p: p} 1968 if v, ok := f.Value(http2SettingInitialWindowSize); ok && v > (1<<31)-1 { 1969 // Values above the maximum flow control window size of 2^31 - 1 MUST 1970 // be treated as a connection error (Section 5.4.1) of type 1971 // FLOW_CONTROL_ERROR. 1972 return nil, http2ConnectionError(http2ErrCodeFlowControl) 1973 } 1974 return f, nil 1975} 1976 1977func (f *http2SettingsFrame) IsAck() bool { 1978 return f.http2FrameHeader.Flags.Has(http2FlagSettingsAck) 1979} 1980 1981func (f *http2SettingsFrame) Value(id http2SettingID) (v uint32, ok bool) { 1982 f.checkValid() 1983 for i := 0; i < f.NumSettings(); i++ { 1984 if s := f.Setting(i); s.ID == id { 1985 return s.Val, true 1986 } 1987 } 1988 return 0, false 1989} 1990 1991// Setting returns the setting from the frame at the given 0-based index. 1992// The index must be >= 0 and less than f.NumSettings(). 1993func (f *http2SettingsFrame) Setting(i int) http2Setting { 1994 buf := f.p 1995 return http2Setting{ 1996 ID: http2SettingID(binary.BigEndian.Uint16(buf[i*6 : i*6+2])), 1997 Val: binary.BigEndian.Uint32(buf[i*6+2 : i*6+6]), 1998 } 1999} 2000 2001func (f *http2SettingsFrame) NumSettings() int { return len(f.p) / 6 } 2002 2003// HasDuplicates reports whether f contains any duplicate setting IDs. 2004func (f *http2SettingsFrame) HasDuplicates() bool { 2005 num := f.NumSettings() 2006 if num == 0 { 2007 return false 2008 } 2009 // If it's small enough (the common case), just do the n^2 2010 // thing and avoid a map allocation. 2011 if num < 10 { 2012 for i := 0; i < num; i++ { 2013 idi := f.Setting(i).ID 2014 for j := i + 1; j < num; j++ { 2015 idj := f.Setting(j).ID 2016 if idi == idj { 2017 return true 2018 } 2019 } 2020 } 2021 return false 2022 } 2023 seen := map[http2SettingID]bool{} 2024 for i := 0; i < num; i++ { 2025 id := f.Setting(i).ID 2026 if seen[id] { 2027 return true 2028 } 2029 seen[id] = true 2030 } 2031 return false 2032} 2033 2034// ForeachSetting runs fn for each setting. 2035// It stops and returns the first error. 2036func (f *http2SettingsFrame) ForeachSetting(fn func(http2Setting) error) error { 2037 f.checkValid() 2038 for i := 0; i < f.NumSettings(); i++ { 2039 if err := fn(f.Setting(i)); err != nil { 2040 return err 2041 } 2042 } 2043 return nil 2044} 2045 2046// WriteSettings writes a SETTINGS frame with zero or more settings 2047// specified and the ACK bit not set. 2048// 2049// It will perform exactly one Write to the underlying Writer. 2050// It is the caller's responsibility to not call other Write methods concurrently. 2051func (f *http2Framer) WriteSettings(settings ...http2Setting) error { 2052 f.startWrite(http2FrameSettings, 0, 0) 2053 for _, s := range settings { 2054 f.writeUint16(uint16(s.ID)) 2055 f.writeUint32(s.Val) 2056 } 2057 return f.endWrite() 2058} 2059 2060// WriteSettingsAck writes an empty SETTINGS frame with the ACK bit set. 2061// 2062// It will perform exactly one Write to the underlying Writer. 2063// It is the caller's responsibility to not call other Write methods concurrently. 2064func (f *http2Framer) WriteSettingsAck() error { 2065 f.startWrite(http2FrameSettings, http2FlagSettingsAck, 0) 2066 return f.endWrite() 2067} 2068 2069// A PingFrame is a mechanism for measuring a minimal round trip time 2070// from the sender, as well as determining whether an idle connection 2071// is still functional. 2072// See http://http2.github.io/http2-spec/#rfc.section.6.7 2073type http2PingFrame struct { 2074 http2FrameHeader 2075 Data [8]byte 2076} 2077 2078func (f *http2PingFrame) IsAck() bool { return f.Flags.Has(http2FlagPingAck) } 2079 2080func http2parsePingFrame(_ *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) { 2081 if len(payload) != 8 { 2082 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2083 } 2084 if fh.StreamID != 0 { 2085 return nil, http2ConnectionError(http2ErrCodeProtocol) 2086 } 2087 f := &http2PingFrame{http2FrameHeader: fh} 2088 copy(f.Data[:], payload) 2089 return f, nil 2090} 2091 2092func (f *http2Framer) WritePing(ack bool, data [8]byte) error { 2093 var flags http2Flags 2094 if ack { 2095 flags = http2FlagPingAck 2096 } 2097 f.startWrite(http2FramePing, flags, 0) 2098 f.writeBytes(data[:]) 2099 return f.endWrite() 2100} 2101 2102// A GoAwayFrame informs the remote peer to stop creating streams on this connection. 2103// See http://http2.github.io/http2-spec/#rfc.section.6.8 2104type http2GoAwayFrame struct { 2105 http2FrameHeader 2106 LastStreamID uint32 2107 ErrCode http2ErrCode 2108 debugData []byte 2109} 2110 2111// DebugData returns any debug data in the GOAWAY frame. Its contents 2112// are not defined. 2113// The caller must not retain the returned memory past the next 2114// call to ReadFrame. 2115func (f *http2GoAwayFrame) DebugData() []byte { 2116 f.checkValid() 2117 return f.debugData 2118} 2119 2120func http2parseGoAwayFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2121 if fh.StreamID != 0 { 2122 return nil, http2ConnectionError(http2ErrCodeProtocol) 2123 } 2124 if len(p) < 8 { 2125 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2126 } 2127 return &http2GoAwayFrame{ 2128 http2FrameHeader: fh, 2129 LastStreamID: binary.BigEndian.Uint32(p[:4]) & (1<<31 - 1), 2130 ErrCode: http2ErrCode(binary.BigEndian.Uint32(p[4:8])), 2131 debugData: p[8:], 2132 }, nil 2133} 2134 2135func (f *http2Framer) WriteGoAway(maxStreamID uint32, code http2ErrCode, debugData []byte) error { 2136 f.startWrite(http2FrameGoAway, 0, 0) 2137 f.writeUint32(maxStreamID & (1<<31 - 1)) 2138 f.writeUint32(uint32(code)) 2139 f.writeBytes(debugData) 2140 return f.endWrite() 2141} 2142 2143// An UnknownFrame is the frame type returned when the frame type is unknown 2144// or no specific frame type parser exists. 2145type http2UnknownFrame struct { 2146 http2FrameHeader 2147 p []byte 2148} 2149 2150// Payload returns the frame's payload (after the header). It is not 2151// valid to call this method after a subsequent call to 2152// Framer.ReadFrame, nor is it valid to retain the returned slice. 2153// The memory is owned by the Framer and is invalidated when the next 2154// frame is read. 2155func (f *http2UnknownFrame) Payload() []byte { 2156 f.checkValid() 2157 return f.p 2158} 2159 2160func http2parseUnknownFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2161 return &http2UnknownFrame{fh, p}, nil 2162} 2163 2164// A WindowUpdateFrame is used to implement flow control. 2165// See http://http2.github.io/http2-spec/#rfc.section.6.9 2166type http2WindowUpdateFrame struct { 2167 http2FrameHeader 2168 Increment uint32 // never read with high bit set 2169} 2170 2171func http2parseWindowUpdateFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2172 if len(p) != 4 { 2173 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2174 } 2175 inc := binary.BigEndian.Uint32(p[:4]) & 0x7fffffff // mask off high reserved bit 2176 if inc == 0 { 2177 // A receiver MUST treat the receipt of a 2178 // WINDOW_UPDATE frame with an flow control window 2179 // increment of 0 as a stream error (Section 5.4.2) of 2180 // type PROTOCOL_ERROR; errors on the connection flow 2181 // control window MUST be treated as a connection 2182 // error (Section 5.4.1). 2183 if fh.StreamID == 0 { 2184 return nil, http2ConnectionError(http2ErrCodeProtocol) 2185 } 2186 return nil, http2streamError(fh.StreamID, http2ErrCodeProtocol) 2187 } 2188 return &http2WindowUpdateFrame{ 2189 http2FrameHeader: fh, 2190 Increment: inc, 2191 }, nil 2192} 2193 2194// WriteWindowUpdate writes a WINDOW_UPDATE frame. 2195// The increment value must be between 1 and 2,147,483,647, inclusive. 2196// If the Stream ID is zero, the window update applies to the 2197// connection as a whole. 2198func (f *http2Framer) WriteWindowUpdate(streamID, incr uint32) error { 2199 // "The legal range for the increment to the flow control window is 1 to 2^31-1 (2,147,483,647) octets." 2200 if (incr < 1 || incr > 2147483647) && !f.AllowIllegalWrites { 2201 return errors.New("illegal window increment value") 2202 } 2203 f.startWrite(http2FrameWindowUpdate, 0, streamID) 2204 f.writeUint32(incr) 2205 return f.endWrite() 2206} 2207 2208// A HeadersFrame is used to open a stream and additionally carries a 2209// header block fragment. 2210type http2HeadersFrame struct { 2211 http2FrameHeader 2212 2213 // Priority is set if FlagHeadersPriority is set in the FrameHeader. 2214 Priority http2PriorityParam 2215 2216 headerFragBuf []byte // not owned 2217} 2218 2219func (f *http2HeadersFrame) HeaderBlockFragment() []byte { 2220 f.checkValid() 2221 return f.headerFragBuf 2222} 2223 2224func (f *http2HeadersFrame) HeadersEnded() bool { 2225 return f.http2FrameHeader.Flags.Has(http2FlagHeadersEndHeaders) 2226} 2227 2228func (f *http2HeadersFrame) StreamEnded() bool { 2229 return f.http2FrameHeader.Flags.Has(http2FlagHeadersEndStream) 2230} 2231 2232func (f *http2HeadersFrame) HasPriority() bool { 2233 return f.http2FrameHeader.Flags.Has(http2FlagHeadersPriority) 2234} 2235 2236func http2parseHeadersFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (_ http2Frame, err error) { 2237 hf := &http2HeadersFrame{ 2238 http2FrameHeader: fh, 2239 } 2240 if fh.StreamID == 0 { 2241 // HEADERS frames MUST be associated with a stream. If a HEADERS frame 2242 // is received whose stream identifier field is 0x0, the recipient MUST 2243 // respond with a connection error (Section 5.4.1) of type 2244 // PROTOCOL_ERROR. 2245 return nil, http2connError{http2ErrCodeProtocol, "HEADERS frame with stream ID 0"} 2246 } 2247 var padLength uint8 2248 if fh.Flags.Has(http2FlagHeadersPadded) { 2249 if p, padLength, err = http2readByte(p); err != nil { 2250 return 2251 } 2252 } 2253 if fh.Flags.Has(http2FlagHeadersPriority) { 2254 var v uint32 2255 p, v, err = http2readUint32(p) 2256 if err != nil { 2257 return nil, err 2258 } 2259 hf.Priority.StreamDep = v & 0x7fffffff 2260 hf.Priority.Exclusive = (v != hf.Priority.StreamDep) // high bit was set 2261 p, hf.Priority.Weight, err = http2readByte(p) 2262 if err != nil { 2263 return nil, err 2264 } 2265 } 2266 if len(p)-int(padLength) <= 0 { 2267 return nil, http2streamError(fh.StreamID, http2ErrCodeProtocol) 2268 } 2269 hf.headerFragBuf = p[:len(p)-int(padLength)] 2270 return hf, nil 2271} 2272 2273// HeadersFrameParam are the parameters for writing a HEADERS frame. 2274type http2HeadersFrameParam struct { 2275 // StreamID is the required Stream ID to initiate. 2276 StreamID uint32 2277 // BlockFragment is part (or all) of a Header Block. 2278 BlockFragment []byte 2279 2280 // EndStream indicates that the header block is the last that 2281 // the endpoint will send for the identified stream. Setting 2282 // this flag causes the stream to enter one of "half closed" 2283 // states. 2284 EndStream bool 2285 2286 // EndHeaders indicates that this frame contains an entire 2287 // header block and is not followed by any 2288 // CONTINUATION frames. 2289 EndHeaders bool 2290 2291 // PadLength is the optional number of bytes of zeros to add 2292 // to this frame. 2293 PadLength uint8 2294 2295 // Priority, if non-zero, includes stream priority information 2296 // in the HEADER frame. 2297 Priority http2PriorityParam 2298} 2299 2300// WriteHeaders writes a single HEADERS frame. 2301// 2302// This is a low-level header writing method. Encoding headers and 2303// splitting them into any necessary CONTINUATION frames is handled 2304// elsewhere. 2305// 2306// It will perform exactly one Write to the underlying Writer. 2307// It is the caller's responsibility to not call other Write methods concurrently. 2308func (f *http2Framer) WriteHeaders(p http2HeadersFrameParam) error { 2309 if !http2validStreamID(p.StreamID) && !f.AllowIllegalWrites { 2310 return http2errStreamID 2311 } 2312 var flags http2Flags 2313 if p.PadLength != 0 { 2314 flags |= http2FlagHeadersPadded 2315 } 2316 if p.EndStream { 2317 flags |= http2FlagHeadersEndStream 2318 } 2319 if p.EndHeaders { 2320 flags |= http2FlagHeadersEndHeaders 2321 } 2322 if !p.Priority.IsZero() { 2323 flags |= http2FlagHeadersPriority 2324 } 2325 f.startWrite(http2FrameHeaders, flags, p.StreamID) 2326 if p.PadLength != 0 { 2327 f.writeByte(p.PadLength) 2328 } 2329 if !p.Priority.IsZero() { 2330 v := p.Priority.StreamDep 2331 if !http2validStreamIDOrZero(v) && !f.AllowIllegalWrites { 2332 return http2errDepStreamID 2333 } 2334 if p.Priority.Exclusive { 2335 v |= 1 << 31 2336 } 2337 f.writeUint32(v) 2338 f.writeByte(p.Priority.Weight) 2339 } 2340 f.wbuf = append(f.wbuf, p.BlockFragment...) 2341 f.wbuf = append(f.wbuf, http2padZeros[:p.PadLength]...) 2342 return f.endWrite() 2343} 2344 2345// A PriorityFrame specifies the sender-advised priority of a stream. 2346// See http://http2.github.io/http2-spec/#rfc.section.6.3 2347type http2PriorityFrame struct { 2348 http2FrameHeader 2349 http2PriorityParam 2350} 2351 2352// PriorityParam are the stream prioritzation parameters. 2353type http2PriorityParam struct { 2354 // StreamDep is a 31-bit stream identifier for the 2355 // stream that this stream depends on. Zero means no 2356 // dependency. 2357 StreamDep uint32 2358 2359 // Exclusive is whether the dependency is exclusive. 2360 Exclusive bool 2361 2362 // Weight is the stream's zero-indexed weight. It should be 2363 // set together with StreamDep, or neither should be set. Per 2364 // the spec, "Add one to the value to obtain a weight between 2365 // 1 and 256." 2366 Weight uint8 2367} 2368 2369func (p http2PriorityParam) IsZero() bool { 2370 return p == http2PriorityParam{} 2371} 2372 2373func http2parsePriorityFrame(_ *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) { 2374 if fh.StreamID == 0 { 2375 return nil, http2connError{http2ErrCodeProtocol, "PRIORITY frame with stream ID 0"} 2376 } 2377 if len(payload) != 5 { 2378 return nil, http2connError{http2ErrCodeFrameSize, fmt.Sprintf("PRIORITY frame payload size was %d; want 5", len(payload))} 2379 } 2380 v := binary.BigEndian.Uint32(payload[:4]) 2381 streamID := v & 0x7fffffff // mask off high bit 2382 return &http2PriorityFrame{ 2383 http2FrameHeader: fh, 2384 http2PriorityParam: http2PriorityParam{ 2385 Weight: payload[4], 2386 StreamDep: streamID, 2387 Exclusive: streamID != v, // was high bit set? 2388 }, 2389 }, nil 2390} 2391 2392// WritePriority writes a PRIORITY frame. 2393// 2394// It will perform exactly one Write to the underlying Writer. 2395// It is the caller's responsibility to not call other Write methods concurrently. 2396func (f *http2Framer) WritePriority(streamID uint32, p http2PriorityParam) error { 2397 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 2398 return http2errStreamID 2399 } 2400 if !http2validStreamIDOrZero(p.StreamDep) { 2401 return http2errDepStreamID 2402 } 2403 f.startWrite(http2FramePriority, 0, streamID) 2404 v := p.StreamDep 2405 if p.Exclusive { 2406 v |= 1 << 31 2407 } 2408 f.writeUint32(v) 2409 f.writeByte(p.Weight) 2410 return f.endWrite() 2411} 2412 2413// A RSTStreamFrame allows for abnormal termination of a stream. 2414// See http://http2.github.io/http2-spec/#rfc.section.6.4 2415type http2RSTStreamFrame struct { 2416 http2FrameHeader 2417 ErrCode http2ErrCode 2418} 2419 2420func http2parseRSTStreamFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2421 if len(p) != 4 { 2422 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2423 } 2424 if fh.StreamID == 0 { 2425 return nil, http2ConnectionError(http2ErrCodeProtocol) 2426 } 2427 return &http2RSTStreamFrame{fh, http2ErrCode(binary.BigEndian.Uint32(p[:4]))}, nil 2428} 2429 2430// WriteRSTStream writes a RST_STREAM frame. 2431// 2432// It will perform exactly one Write to the underlying Writer. 2433// It is the caller's responsibility to not call other Write methods concurrently. 2434func (f *http2Framer) WriteRSTStream(streamID uint32, code http2ErrCode) error { 2435 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 2436 return http2errStreamID 2437 } 2438 f.startWrite(http2FrameRSTStream, 0, streamID) 2439 f.writeUint32(uint32(code)) 2440 return f.endWrite() 2441} 2442 2443// A ContinuationFrame is used to continue a sequence of header block fragments. 2444// See http://http2.github.io/http2-spec/#rfc.section.6.10 2445type http2ContinuationFrame struct { 2446 http2FrameHeader 2447 headerFragBuf []byte 2448} 2449 2450func http2parseContinuationFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2451 if fh.StreamID == 0 { 2452 return nil, http2connError{http2ErrCodeProtocol, "CONTINUATION frame with stream ID 0"} 2453 } 2454 return &http2ContinuationFrame{fh, p}, nil 2455} 2456 2457func (f *http2ContinuationFrame) HeaderBlockFragment() []byte { 2458 f.checkValid() 2459 return f.headerFragBuf 2460} 2461 2462func (f *http2ContinuationFrame) HeadersEnded() bool { 2463 return f.http2FrameHeader.Flags.Has(http2FlagContinuationEndHeaders) 2464} 2465 2466// WriteContinuation writes a CONTINUATION frame. 2467// 2468// It will perform exactly one Write to the underlying Writer. 2469// It is the caller's responsibility to not call other Write methods concurrently. 2470func (f *http2Framer) WriteContinuation(streamID uint32, endHeaders bool, headerBlockFragment []byte) error { 2471 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 2472 return http2errStreamID 2473 } 2474 var flags http2Flags 2475 if endHeaders { 2476 flags |= http2FlagContinuationEndHeaders 2477 } 2478 f.startWrite(http2FrameContinuation, flags, streamID) 2479 f.wbuf = append(f.wbuf, headerBlockFragment...) 2480 return f.endWrite() 2481} 2482 2483// A PushPromiseFrame is used to initiate a server stream. 2484// See http://http2.github.io/http2-spec/#rfc.section.6.6 2485type http2PushPromiseFrame struct { 2486 http2FrameHeader 2487 PromiseID uint32 2488 headerFragBuf []byte // not owned 2489} 2490 2491func (f *http2PushPromiseFrame) HeaderBlockFragment() []byte { 2492 f.checkValid() 2493 return f.headerFragBuf 2494} 2495 2496func (f *http2PushPromiseFrame) HeadersEnded() bool { 2497 return f.http2FrameHeader.Flags.Has(http2FlagPushPromiseEndHeaders) 2498} 2499 2500func http2parsePushPromise(_ *http2frameCache, fh http2FrameHeader, p []byte) (_ http2Frame, err error) { 2501 pp := &http2PushPromiseFrame{ 2502 http2FrameHeader: fh, 2503 } 2504 if pp.StreamID == 0 { 2505 // PUSH_PROMISE frames MUST be associated with an existing, 2506 // peer-initiated stream. The stream identifier of a 2507 // PUSH_PROMISE frame indicates the stream it is associated 2508 // with. If the stream identifier field specifies the value 2509 // 0x0, a recipient MUST respond with a connection error 2510 // (Section 5.4.1) of type PROTOCOL_ERROR. 2511 return nil, http2ConnectionError(http2ErrCodeProtocol) 2512 } 2513 // The PUSH_PROMISE frame includes optional padding. 2514 // Padding fields and flags are identical to those defined for DATA frames 2515 var padLength uint8 2516 if fh.Flags.Has(http2FlagPushPromisePadded) { 2517 if p, padLength, err = http2readByte(p); err != nil { 2518 return 2519 } 2520 } 2521 2522 p, pp.PromiseID, err = http2readUint32(p) 2523 if err != nil { 2524 return 2525 } 2526 pp.PromiseID = pp.PromiseID & (1<<31 - 1) 2527 2528 if int(padLength) > len(p) { 2529 // like the DATA frame, error out if padding is longer than the body. 2530 return nil, http2ConnectionError(http2ErrCodeProtocol) 2531 } 2532 pp.headerFragBuf = p[:len(p)-int(padLength)] 2533 return pp, nil 2534} 2535 2536// PushPromiseParam are the parameters for writing a PUSH_PROMISE frame. 2537type http2PushPromiseParam struct { 2538 // StreamID is the required Stream ID to initiate. 2539 StreamID uint32 2540 2541 // PromiseID is the required Stream ID which this 2542 // Push Promises 2543 PromiseID uint32 2544 2545 // BlockFragment is part (or all) of a Header Block. 2546 BlockFragment []byte 2547 2548 // EndHeaders indicates that this frame contains an entire 2549 // header block and is not followed by any 2550 // CONTINUATION frames. 2551 EndHeaders bool 2552 2553 // PadLength is the optional number of bytes of zeros to add 2554 // to this frame. 2555 PadLength uint8 2556} 2557 2558// WritePushPromise writes a single PushPromise Frame. 2559// 2560// As with Header Frames, This is the low level call for writing 2561// individual frames. Continuation frames are handled elsewhere. 2562// 2563// It will perform exactly one Write to the underlying Writer. 2564// It is the caller's responsibility to not call other Write methods concurrently. 2565func (f *http2Framer) WritePushPromise(p http2PushPromiseParam) error { 2566 if !http2validStreamID(p.StreamID) && !f.AllowIllegalWrites { 2567 return http2errStreamID 2568 } 2569 var flags http2Flags 2570 if p.PadLength != 0 { 2571 flags |= http2FlagPushPromisePadded 2572 } 2573 if p.EndHeaders { 2574 flags |= http2FlagPushPromiseEndHeaders 2575 } 2576 f.startWrite(http2FramePushPromise, flags, p.StreamID) 2577 if p.PadLength != 0 { 2578 f.writeByte(p.PadLength) 2579 } 2580 if !http2validStreamID(p.PromiseID) && !f.AllowIllegalWrites { 2581 return http2errStreamID 2582 } 2583 f.writeUint32(p.PromiseID) 2584 f.wbuf = append(f.wbuf, p.BlockFragment...) 2585 f.wbuf = append(f.wbuf, http2padZeros[:p.PadLength]...) 2586 return f.endWrite() 2587} 2588 2589// WriteRawFrame writes a raw frame. This can be used to write 2590// extension frames unknown to this package. 2591func (f *http2Framer) WriteRawFrame(t http2FrameType, flags http2Flags, streamID uint32, payload []byte) error { 2592 f.startWrite(t, flags, streamID) 2593 f.writeBytes(payload) 2594 return f.endWrite() 2595} 2596 2597func http2readByte(p []byte) (remain []byte, b byte, err error) { 2598 if len(p) == 0 { 2599 return nil, 0, io.ErrUnexpectedEOF 2600 } 2601 return p[1:], p[0], nil 2602} 2603 2604func http2readUint32(p []byte) (remain []byte, v uint32, err error) { 2605 if len(p) < 4 { 2606 return nil, 0, io.ErrUnexpectedEOF 2607 } 2608 return p[4:], binary.BigEndian.Uint32(p[:4]), nil 2609} 2610 2611type http2streamEnder interface { 2612 StreamEnded() bool 2613} 2614 2615type http2headersEnder interface { 2616 HeadersEnded() bool 2617} 2618 2619type http2headersOrContinuation interface { 2620 http2headersEnder 2621 HeaderBlockFragment() []byte 2622} 2623 2624// A MetaHeadersFrame is the representation of one HEADERS frame and 2625// zero or more contiguous CONTINUATION frames and the decoding of 2626// their HPACK-encoded contents. 2627// 2628// This type of frame does not appear on the wire and is only returned 2629// by the Framer when Framer.ReadMetaHeaders is set. 2630type http2MetaHeadersFrame struct { 2631 *http2HeadersFrame 2632 2633 // Fields are the fields contained in the HEADERS and 2634 // CONTINUATION frames. The underlying slice is owned by the 2635 // Framer and must not be retained after the next call to 2636 // ReadFrame. 2637 // 2638 // Fields are guaranteed to be in the correct http2 order and 2639 // not have unknown pseudo header fields or invalid header 2640 // field names or values. Required pseudo header fields may be 2641 // missing, however. Use the MetaHeadersFrame.Pseudo accessor 2642 // method access pseudo headers. 2643 Fields []hpack.HeaderField 2644 2645 // Truncated is whether the max header list size limit was hit 2646 // and Fields is incomplete. The hpack decoder state is still 2647 // valid, however. 2648 Truncated bool 2649} 2650 2651// PseudoValue returns the given pseudo header field's value. 2652// The provided pseudo field should not contain the leading colon. 2653func (mh *http2MetaHeadersFrame) PseudoValue(pseudo string) string { 2654 for _, hf := range mh.Fields { 2655 if !hf.IsPseudo() { 2656 return "" 2657 } 2658 if hf.Name[1:] == pseudo { 2659 return hf.Value 2660 } 2661 } 2662 return "" 2663} 2664 2665// RegularFields returns the regular (non-pseudo) header fields of mh. 2666// The caller does not own the returned slice. 2667func (mh *http2MetaHeadersFrame) RegularFields() []hpack.HeaderField { 2668 for i, hf := range mh.Fields { 2669 if !hf.IsPseudo() { 2670 return mh.Fields[i:] 2671 } 2672 } 2673 return nil 2674} 2675 2676// PseudoFields returns the pseudo header fields of mh. 2677// The caller does not own the returned slice. 2678func (mh *http2MetaHeadersFrame) PseudoFields() []hpack.HeaderField { 2679 for i, hf := range mh.Fields { 2680 if !hf.IsPseudo() { 2681 return mh.Fields[:i] 2682 } 2683 } 2684 return mh.Fields 2685} 2686 2687func (mh *http2MetaHeadersFrame) checkPseudos() error { 2688 var isRequest, isResponse bool 2689 pf := mh.PseudoFields() 2690 for i, hf := range pf { 2691 switch hf.Name { 2692 case ":method", ":path", ":scheme", ":authority": 2693 isRequest = true 2694 case ":status": 2695 isResponse = true 2696 default: 2697 return http2pseudoHeaderError(hf.Name) 2698 } 2699 // Check for duplicates. 2700 // This would be a bad algorithm, but N is 4. 2701 // And this doesn't allocate. 2702 for _, hf2 := range pf[:i] { 2703 if hf.Name == hf2.Name { 2704 return http2duplicatePseudoHeaderError(hf.Name) 2705 } 2706 } 2707 } 2708 if isRequest && isResponse { 2709 return http2errMixPseudoHeaderTypes 2710 } 2711 return nil 2712} 2713 2714func (fr *http2Framer) maxHeaderStringLen() int { 2715 v := fr.maxHeaderListSize() 2716 if uint32(int(v)) == v { 2717 return int(v) 2718 } 2719 // They had a crazy big number for MaxHeaderBytes anyway, 2720 // so give them unlimited header lengths: 2721 return 0 2722} 2723 2724// readMetaFrame returns 0 or more CONTINUATION frames from fr and 2725// merge them into the provided hf and returns a MetaHeadersFrame 2726// with the decoded hpack values. 2727func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFrame, error) { 2728 if fr.AllowIllegalReads { 2729 return nil, errors.New("illegal use of AllowIllegalReads with ReadMetaHeaders") 2730 } 2731 mh := &http2MetaHeadersFrame{ 2732 http2HeadersFrame: hf, 2733 } 2734 var remainSize = fr.maxHeaderListSize() 2735 var sawRegular bool 2736 2737 var invalid error // pseudo header field errors 2738 hdec := fr.ReadMetaHeaders 2739 hdec.SetEmitEnabled(true) 2740 hdec.SetMaxStringLength(fr.maxHeaderStringLen()) 2741 hdec.SetEmitFunc(func(hf hpack.HeaderField) { 2742 if http2VerboseLogs && fr.logReads { 2743 fr.debugReadLoggerf("http2: decoded hpack field %+v", hf) 2744 } 2745 if !httpguts.ValidHeaderFieldValue(hf.Value) { 2746 invalid = http2headerFieldValueError(hf.Value) 2747 } 2748 isPseudo := strings.HasPrefix(hf.Name, ":") 2749 if isPseudo { 2750 if sawRegular { 2751 invalid = http2errPseudoAfterRegular 2752 } 2753 } else { 2754 sawRegular = true 2755 if !http2validWireHeaderFieldName(hf.Name) { 2756 invalid = http2headerFieldNameError(hf.Name) 2757 } 2758 } 2759 2760 if invalid != nil { 2761 hdec.SetEmitEnabled(false) 2762 return 2763 } 2764 2765 size := hf.Size() 2766 if size > remainSize { 2767 hdec.SetEmitEnabled(false) 2768 mh.Truncated = true 2769 return 2770 } 2771 remainSize -= size 2772 2773 mh.Fields = append(mh.Fields, hf) 2774 }) 2775 // Lose reference to MetaHeadersFrame: 2776 defer hdec.SetEmitFunc(func(hf hpack.HeaderField) {}) 2777 2778 var hc http2headersOrContinuation = hf 2779 for { 2780 frag := hc.HeaderBlockFragment() 2781 if _, err := hdec.Write(frag); err != nil { 2782 return nil, http2ConnectionError(http2ErrCodeCompression) 2783 } 2784 2785 if hc.HeadersEnded() { 2786 break 2787 } 2788 if f, err := fr.ReadFrame(); err != nil { 2789 return nil, err 2790 } else { 2791 hc = f.(*http2ContinuationFrame) // guaranteed by checkFrameOrder 2792 } 2793 } 2794 2795 mh.http2HeadersFrame.headerFragBuf = nil 2796 mh.http2HeadersFrame.invalidate() 2797 2798 if err := hdec.Close(); err != nil { 2799 return nil, http2ConnectionError(http2ErrCodeCompression) 2800 } 2801 if invalid != nil { 2802 fr.errDetail = invalid 2803 if http2VerboseLogs { 2804 log.Printf("http2: invalid header: %v", invalid) 2805 } 2806 return nil, http2StreamError{mh.StreamID, http2ErrCodeProtocol, invalid} 2807 } 2808 if err := mh.checkPseudos(); err != nil { 2809 fr.errDetail = err 2810 if http2VerboseLogs { 2811 log.Printf("http2: invalid pseudo headers: %v", err) 2812 } 2813 return nil, http2StreamError{mh.StreamID, http2ErrCodeProtocol, err} 2814 } 2815 return mh, nil 2816} 2817 2818func http2summarizeFrame(f http2Frame) string { 2819 var buf bytes.Buffer 2820 f.Header().writeDebug(&buf) 2821 switch f := f.(type) { 2822 case *http2SettingsFrame: 2823 n := 0 2824 f.ForeachSetting(func(s http2Setting) error { 2825 n++ 2826 if n == 1 { 2827 buf.WriteString(", settings:") 2828 } 2829 fmt.Fprintf(&buf, " %v=%v,", s.ID, s.Val) 2830 return nil 2831 }) 2832 if n > 0 { 2833 buf.Truncate(buf.Len() - 1) // remove trailing comma 2834 } 2835 case *http2DataFrame: 2836 data := f.Data() 2837 const max = 256 2838 if len(data) > max { 2839 data = data[:max] 2840 } 2841 fmt.Fprintf(&buf, " data=%q", data) 2842 if len(f.Data()) > max { 2843 fmt.Fprintf(&buf, " (%d bytes omitted)", len(f.Data())-max) 2844 } 2845 case *http2WindowUpdateFrame: 2846 if f.StreamID == 0 { 2847 buf.WriteString(" (conn)") 2848 } 2849 fmt.Fprintf(&buf, " incr=%v", f.Increment) 2850 case *http2PingFrame: 2851 fmt.Fprintf(&buf, " ping=%q", f.Data[:]) 2852 case *http2GoAwayFrame: 2853 fmt.Fprintf(&buf, " LastStreamID=%v ErrCode=%v Debug=%q", 2854 f.LastStreamID, f.ErrCode, f.debugData) 2855 case *http2RSTStreamFrame: 2856 fmt.Fprintf(&buf, " ErrCode=%v", f.ErrCode) 2857 } 2858 return buf.String() 2859} 2860 2861func http2traceHasWroteHeaderField(trace *httptrace.ClientTrace) bool { 2862 return trace != nil && trace.WroteHeaderField != nil 2863} 2864 2865func http2traceWroteHeaderField(trace *httptrace.ClientTrace, k, v string) { 2866 if trace != nil && trace.WroteHeaderField != nil { 2867 trace.WroteHeaderField(k, []string{v}) 2868 } 2869} 2870 2871func http2traceGot1xxResponseFunc(trace *httptrace.ClientTrace) func(int, textproto.MIMEHeader) error { 2872 if trace != nil { 2873 return trace.Got1xxResponse 2874 } 2875 return nil 2876} 2877 2878var http2DebugGoroutines = os.Getenv("DEBUG_HTTP2_GOROUTINES") == "1" 2879 2880type http2goroutineLock uint64 2881 2882func http2newGoroutineLock() http2goroutineLock { 2883 if !http2DebugGoroutines { 2884 return 0 2885 } 2886 return http2goroutineLock(http2curGoroutineID()) 2887} 2888 2889func (g http2goroutineLock) check() { 2890 if !http2DebugGoroutines { 2891 return 2892 } 2893 if http2curGoroutineID() != uint64(g) { 2894 panic("running on the wrong goroutine") 2895 } 2896} 2897 2898func (g http2goroutineLock) checkNotOn() { 2899 if !http2DebugGoroutines { 2900 return 2901 } 2902 if http2curGoroutineID() == uint64(g) { 2903 panic("running on the wrong goroutine") 2904 } 2905} 2906 2907var http2goroutineSpace = []byte("goroutine ") 2908 2909func http2curGoroutineID() uint64 { 2910 bp := http2littleBuf.Get().(*[]byte) 2911 defer http2littleBuf.Put(bp) 2912 b := *bp 2913 b = b[:runtime.Stack(b, false)] 2914 // Parse the 4707 out of "goroutine 4707 [" 2915 b = bytes.TrimPrefix(b, http2goroutineSpace) 2916 i := bytes.IndexByte(b, ' ') 2917 if i < 0 { 2918 panic(fmt.Sprintf("No space found in %q", b)) 2919 } 2920 b = b[:i] 2921 n, err := http2parseUintBytes(b, 10, 64) 2922 if err != nil { 2923 panic(fmt.Sprintf("Failed to parse goroutine ID out of %q: %v", b, err)) 2924 } 2925 return n 2926} 2927 2928var http2littleBuf = sync.Pool{ 2929 New: func() interface{} { 2930 buf := make([]byte, 64) 2931 return &buf 2932 }, 2933} 2934 2935// parseUintBytes is like strconv.ParseUint, but using a []byte. 2936func http2parseUintBytes(s []byte, base int, bitSize int) (n uint64, err error) { 2937 var cutoff, maxVal uint64 2938 2939 if bitSize == 0 { 2940 bitSize = int(strconv.IntSize) 2941 } 2942 2943 s0 := s 2944 switch { 2945 case len(s) < 1: 2946 err = strconv.ErrSyntax 2947 goto Error 2948 2949 case 2 <= base && base <= 36: 2950 // valid base; nothing to do 2951 2952 case base == 0: 2953 // Look for octal, hex prefix. 2954 switch { 2955 case s[0] == '0' && len(s) > 1 && (s[1] == 'x' || s[1] == 'X'): 2956 base = 16 2957 s = s[2:] 2958 if len(s) < 1 { 2959 err = strconv.ErrSyntax 2960 goto Error 2961 } 2962 case s[0] == '0': 2963 base = 8 2964 default: 2965 base = 10 2966 } 2967 2968 default: 2969 err = errors.New("invalid base " + strconv.Itoa(base)) 2970 goto Error 2971 } 2972 2973 n = 0 2974 cutoff = http2cutoff64(base) 2975 maxVal = 1<<uint(bitSize) - 1 2976 2977 for i := 0; i < len(s); i++ { 2978 var v byte 2979 d := s[i] 2980 switch { 2981 case '0' <= d && d <= '9': 2982 v = d - '0' 2983 case 'a' <= d && d <= 'z': 2984 v = d - 'a' + 10 2985 case 'A' <= d && d <= 'Z': 2986 v = d - 'A' + 10 2987 default: 2988 n = 0 2989 err = strconv.ErrSyntax 2990 goto Error 2991 } 2992 if int(v) >= base { 2993 n = 0 2994 err = strconv.ErrSyntax 2995 goto Error 2996 } 2997 2998 if n >= cutoff { 2999 // n*base overflows 3000 n = 1<<64 - 1 3001 err = strconv.ErrRange 3002 goto Error 3003 } 3004 n *= uint64(base) 3005 3006 n1 := n + uint64(v) 3007 if n1 < n || n1 > maxVal { 3008 // n+v overflows 3009 n = 1<<64 - 1 3010 err = strconv.ErrRange 3011 goto Error 3012 } 3013 n = n1 3014 } 3015 3016 return n, nil 3017 3018Error: 3019 return n, &strconv.NumError{Func: "ParseUint", Num: string(s0), Err: err} 3020} 3021 3022// Return the first number n such that n*base >= 1<<64. 3023func http2cutoff64(base int) uint64 { 3024 if base < 2 { 3025 return 0 3026 } 3027 return (1<<64-1)/uint64(base) + 1 3028} 3029 3030var ( 3031 http2commonBuildOnce sync.Once 3032 http2commonLowerHeader map[string]string // Go-Canonical-Case -> lower-case 3033 http2commonCanonHeader map[string]string // lower-case -> Go-Canonical-Case 3034) 3035 3036func http2buildCommonHeaderMapsOnce() { 3037 http2commonBuildOnce.Do(http2buildCommonHeaderMaps) 3038} 3039 3040func http2buildCommonHeaderMaps() { 3041 common := []string{ 3042 "accept", 3043 "accept-charset", 3044 "accept-encoding", 3045 "accept-language", 3046 "accept-ranges", 3047 "age", 3048 "access-control-allow-origin", 3049 "allow", 3050 "authorization", 3051 "cache-control", 3052 "content-disposition", 3053 "content-encoding", 3054 "content-language", 3055 "content-length", 3056 "content-location", 3057 "content-range", 3058 "content-type", 3059 "cookie", 3060 "date", 3061 "etag", 3062 "expect", 3063 "expires", 3064 "from", 3065 "host", 3066 "if-match", 3067 "if-modified-since", 3068 "if-none-match", 3069 "if-unmodified-since", 3070 "last-modified", 3071 "link", 3072 "location", 3073 "max-forwards", 3074 "proxy-authenticate", 3075 "proxy-authorization", 3076 "range", 3077 "referer", 3078 "refresh", 3079 "retry-after", 3080 "server", 3081 "set-cookie", 3082 "strict-transport-security", 3083 "trailer", 3084 "transfer-encoding", 3085 "user-agent", 3086 "vary", 3087 "via", 3088 "www-authenticate", 3089 } 3090 http2commonLowerHeader = make(map[string]string, len(common)) 3091 http2commonCanonHeader = make(map[string]string, len(common)) 3092 for _, v := range common { 3093 chk := CanonicalHeaderKey(v) 3094 http2commonLowerHeader[chk] = v 3095 http2commonCanonHeader[v] = chk 3096 } 3097} 3098 3099func http2lowerHeader(v string) string { 3100 http2buildCommonHeaderMapsOnce() 3101 if s, ok := http2commonLowerHeader[v]; ok { 3102 return s 3103 } 3104 return strings.ToLower(v) 3105} 3106 3107var ( 3108 http2VerboseLogs bool 3109 http2logFrameWrites bool 3110 http2logFrameReads bool 3111 http2inTests bool 3112) 3113 3114func init() { 3115 e := os.Getenv("GODEBUG") 3116 if strings.Contains(e, "http2debug=1") { 3117 http2VerboseLogs = true 3118 } 3119 if strings.Contains(e, "http2debug=2") { 3120 http2VerboseLogs = true 3121 http2logFrameWrites = true 3122 http2logFrameReads = true 3123 } 3124} 3125 3126const ( 3127 // ClientPreface is the string that must be sent by new 3128 // connections from clients. 3129 http2ClientPreface = "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n" 3130 3131 // SETTINGS_MAX_FRAME_SIZE default 3132 // http://http2.github.io/http2-spec/#rfc.section.6.5.2 3133 http2initialMaxFrameSize = 16384 3134 3135 // NextProtoTLS is the NPN/ALPN protocol negotiated during 3136 // HTTP/2's TLS setup. 3137 http2NextProtoTLS = "h2" 3138 3139 // http://http2.github.io/http2-spec/#SettingValues 3140 http2initialHeaderTableSize = 4096 3141 3142 http2initialWindowSize = 65535 // 6.9.2 Initial Flow Control Window Size 3143 3144 http2defaultMaxReadFrameSize = 1 << 20 3145) 3146 3147var ( 3148 http2clientPreface = []byte(http2ClientPreface) 3149) 3150 3151type http2streamState int 3152 3153// HTTP/2 stream states. 3154// 3155// See http://tools.ietf.org/html/rfc7540#section-5.1. 3156// 3157// For simplicity, the server code merges "reserved (local)" into 3158// "half-closed (remote)". This is one less state transition to track. 3159// The only downside is that we send PUSH_PROMISEs slightly less 3160// liberally than allowable. More discussion here: 3161// https://lists.w3.org/Archives/Public/ietf-http-wg/2016JulSep/0599.html 3162// 3163// "reserved (remote)" is omitted since the client code does not 3164// support server push. 3165const ( 3166 http2stateIdle http2streamState = iota 3167 http2stateOpen 3168 http2stateHalfClosedLocal 3169 http2stateHalfClosedRemote 3170 http2stateClosed 3171) 3172 3173var http2stateName = [...]string{ 3174 http2stateIdle: "Idle", 3175 http2stateOpen: "Open", 3176 http2stateHalfClosedLocal: "HalfClosedLocal", 3177 http2stateHalfClosedRemote: "HalfClosedRemote", 3178 http2stateClosed: "Closed", 3179} 3180 3181func (st http2streamState) String() string { 3182 return http2stateName[st] 3183} 3184 3185// Setting is a setting parameter: which setting it is, and its value. 3186type http2Setting struct { 3187 // ID is which setting is being set. 3188 // See http://http2.github.io/http2-spec/#SettingValues 3189 ID http2SettingID 3190 3191 // Val is the value. 3192 Val uint32 3193} 3194 3195func (s http2Setting) String() string { 3196 return fmt.Sprintf("[%v = %d]", s.ID, s.Val) 3197} 3198 3199// Valid reports whether the setting is valid. 3200func (s http2Setting) Valid() error { 3201 // Limits and error codes from 6.5.2 Defined SETTINGS Parameters 3202 switch s.ID { 3203 case http2SettingEnablePush: 3204 if s.Val != 1 && s.Val != 0 { 3205 return http2ConnectionError(http2ErrCodeProtocol) 3206 } 3207 case http2SettingInitialWindowSize: 3208 if s.Val > 1<<31-1 { 3209 return http2ConnectionError(http2ErrCodeFlowControl) 3210 } 3211 case http2SettingMaxFrameSize: 3212 if s.Val < 16384 || s.Val > 1<<24-1 { 3213 return http2ConnectionError(http2ErrCodeProtocol) 3214 } 3215 } 3216 return nil 3217} 3218 3219// A SettingID is an HTTP/2 setting as defined in 3220// http://http2.github.io/http2-spec/#iana-settings 3221type http2SettingID uint16 3222 3223const ( 3224 http2SettingHeaderTableSize http2SettingID = 0x1 3225 http2SettingEnablePush http2SettingID = 0x2 3226 http2SettingMaxConcurrentStreams http2SettingID = 0x3 3227 http2SettingInitialWindowSize http2SettingID = 0x4 3228 http2SettingMaxFrameSize http2SettingID = 0x5 3229 http2SettingMaxHeaderListSize http2SettingID = 0x6 3230) 3231 3232var http2settingName = map[http2SettingID]string{ 3233 http2SettingHeaderTableSize: "HEADER_TABLE_SIZE", 3234 http2SettingEnablePush: "ENABLE_PUSH", 3235 http2SettingMaxConcurrentStreams: "MAX_CONCURRENT_STREAMS", 3236 http2SettingInitialWindowSize: "INITIAL_WINDOW_SIZE", 3237 http2SettingMaxFrameSize: "MAX_FRAME_SIZE", 3238 http2SettingMaxHeaderListSize: "MAX_HEADER_LIST_SIZE", 3239} 3240 3241func (s http2SettingID) String() string { 3242 if v, ok := http2settingName[s]; ok { 3243 return v 3244 } 3245 return fmt.Sprintf("UNKNOWN_SETTING_%d", uint16(s)) 3246} 3247 3248var ( 3249 http2errInvalidHeaderFieldName = errors.New("http2: invalid header field name") 3250 http2errInvalidHeaderFieldValue = errors.New("http2: invalid header field value") 3251) 3252 3253// validWireHeaderFieldName reports whether v is a valid header field 3254// name (key). See httpguts.ValidHeaderName for the base rules. 3255// 3256// Further, http2 says: 3257// "Just as in HTTP/1.x, header field names are strings of ASCII 3258// characters that are compared in a case-insensitive 3259// fashion. However, header field names MUST be converted to 3260// lowercase prior to their encoding in HTTP/2. " 3261func http2validWireHeaderFieldName(v string) bool { 3262 if len(v) == 0 { 3263 return false 3264 } 3265 for _, r := range v { 3266 if !httpguts.IsTokenRune(r) { 3267 return false 3268 } 3269 if 'A' <= r && r <= 'Z' { 3270 return false 3271 } 3272 } 3273 return true 3274} 3275 3276func http2httpCodeString(code int) string { 3277 switch code { 3278 case 200: 3279 return "200" 3280 case 404: 3281 return "404" 3282 } 3283 return strconv.Itoa(code) 3284} 3285 3286// from pkg io 3287type http2stringWriter interface { 3288 WriteString(s string) (n int, err error) 3289} 3290 3291// A gate lets two goroutines coordinate their activities. 3292type http2gate chan struct{} 3293 3294func (g http2gate) Done() { g <- struct{}{} } 3295 3296func (g http2gate) Wait() { <-g } 3297 3298// A closeWaiter is like a sync.WaitGroup but only goes 1 to 0 (open to closed). 3299type http2closeWaiter chan struct{} 3300 3301// Init makes a closeWaiter usable. 3302// It exists because so a closeWaiter value can be placed inside a 3303// larger struct and have the Mutex and Cond's memory in the same 3304// allocation. 3305func (cw *http2closeWaiter) Init() { 3306 *cw = make(chan struct{}) 3307} 3308 3309// Close marks the closeWaiter as closed and unblocks any waiters. 3310func (cw http2closeWaiter) Close() { 3311 close(cw) 3312} 3313 3314// Wait waits for the closeWaiter to become closed. 3315func (cw http2closeWaiter) Wait() { 3316 <-cw 3317} 3318 3319// bufferedWriter is a buffered writer that writes to w. 3320// Its buffered writer is lazily allocated as needed, to minimize 3321// idle memory usage with many connections. 3322type http2bufferedWriter struct { 3323 w io.Writer // immutable 3324 bw *bufio.Writer // non-nil when data is buffered 3325} 3326 3327func http2newBufferedWriter(w io.Writer) *http2bufferedWriter { 3328 return &http2bufferedWriter{w: w} 3329} 3330 3331// bufWriterPoolBufferSize is the size of bufio.Writer's 3332// buffers created using bufWriterPool. 3333// 3334// TODO: pick a less arbitrary value? this is a bit under 3335// (3 x typical 1500 byte MTU) at least. Other than that, 3336// not much thought went into it. 3337const http2bufWriterPoolBufferSize = 4 << 10 3338 3339var http2bufWriterPool = sync.Pool{ 3340 New: func() interface{} { 3341 return bufio.NewWriterSize(nil, http2bufWriterPoolBufferSize) 3342 }, 3343} 3344 3345func (w *http2bufferedWriter) Available() int { 3346 if w.bw == nil { 3347 return http2bufWriterPoolBufferSize 3348 } 3349 return w.bw.Available() 3350} 3351 3352func (w *http2bufferedWriter) Write(p []byte) (n int, err error) { 3353 if w.bw == nil { 3354 bw := http2bufWriterPool.Get().(*bufio.Writer) 3355 bw.Reset(w.w) 3356 w.bw = bw 3357 } 3358 return w.bw.Write(p) 3359} 3360 3361func (w *http2bufferedWriter) Flush() error { 3362 bw := w.bw 3363 if bw == nil { 3364 return nil 3365 } 3366 err := bw.Flush() 3367 bw.Reset(nil) 3368 http2bufWriterPool.Put(bw) 3369 w.bw = nil 3370 return err 3371} 3372 3373func http2mustUint31(v int32) uint32 { 3374 if v < 0 || v > 2147483647 { 3375 panic("out of range") 3376 } 3377 return uint32(v) 3378} 3379 3380// bodyAllowedForStatus reports whether a given response status code 3381// permits a body. See RFC 7230, section 3.3. 3382func http2bodyAllowedForStatus(status int) bool { 3383 switch { 3384 case status >= 100 && status <= 199: 3385 return false 3386 case status == 204: 3387 return false 3388 case status == 304: 3389 return false 3390 } 3391 return true 3392} 3393 3394type http2httpError struct { 3395 msg string 3396 timeout bool 3397} 3398 3399func (e *http2httpError) Error() string { return e.msg } 3400 3401func (e *http2httpError) Timeout() bool { return e.timeout } 3402 3403func (e *http2httpError) Temporary() bool { return true } 3404 3405var http2errTimeout error = &http2httpError{msg: "http2: timeout awaiting response headers", timeout: true} 3406 3407type http2connectionStater interface { 3408 ConnectionState() tls.ConnectionState 3409} 3410 3411var http2sorterPool = sync.Pool{New: func() interface{} { return new(http2sorter) }} 3412 3413type http2sorter struct { 3414 v []string // owned by sorter 3415} 3416 3417func (s *http2sorter) Len() int { return len(s.v) } 3418 3419func (s *http2sorter) Swap(i, j int) { s.v[i], s.v[j] = s.v[j], s.v[i] } 3420 3421func (s *http2sorter) Less(i, j int) bool { return s.v[i] < s.v[j] } 3422 3423// Keys returns the sorted keys of h. 3424// 3425// The returned slice is only valid until s used again or returned to 3426// its pool. 3427func (s *http2sorter) Keys(h Header) []string { 3428 keys := s.v[:0] 3429 for k := range h { 3430 keys = append(keys, k) 3431 } 3432 s.v = keys 3433 sort.Sort(s) 3434 return keys 3435} 3436 3437func (s *http2sorter) SortStrings(ss []string) { 3438 // Our sorter works on s.v, which sorter owns, so 3439 // stash it away while we sort the user's buffer. 3440 save := s.v 3441 s.v = ss 3442 sort.Sort(s) 3443 s.v = save 3444} 3445 3446// validPseudoPath reports whether v is a valid :path pseudo-header 3447// value. It must be either: 3448// 3449// *) a non-empty string starting with '/' 3450// *) the string '*', for OPTIONS requests. 3451// 3452// For now this is only used a quick check for deciding when to clean 3453// up Opaque URLs before sending requests from the Transport. 3454// See golang.org/issue/16847 3455// 3456// We used to enforce that the path also didn't start with "//", but 3457// Google's GFE accepts such paths and Chrome sends them, so ignore 3458// that part of the spec. See golang.org/issue/19103. 3459func http2validPseudoPath(v string) bool { 3460 return (len(v) > 0 && v[0] == '/') || v == "*" 3461} 3462 3463// pipe is a goroutine-safe io.Reader/io.Writer pair. It's like 3464// io.Pipe except there are no PipeReader/PipeWriter halves, and the 3465// underlying buffer is an interface. (io.Pipe is always unbuffered) 3466type http2pipe struct { 3467 mu sync.Mutex 3468 c sync.Cond // c.L lazily initialized to &p.mu 3469 b http2pipeBuffer // nil when done reading 3470 unread int // bytes unread when done 3471 err error // read error once empty. non-nil means closed. 3472 breakErr error // immediate read error (caller doesn't see rest of b) 3473 donec chan struct{} // closed on error 3474 readFn func() // optional code to run in Read before error 3475} 3476 3477type http2pipeBuffer interface { 3478 Len() int 3479 io.Writer 3480 io.Reader 3481} 3482 3483func (p *http2pipe) Len() int { 3484 p.mu.Lock() 3485 defer p.mu.Unlock() 3486 if p.b == nil { 3487 return p.unread 3488 } 3489 return p.b.Len() 3490} 3491 3492// Read waits until data is available and copies bytes 3493// from the buffer into p. 3494func (p *http2pipe) Read(d []byte) (n int, err error) { 3495 p.mu.Lock() 3496 defer p.mu.Unlock() 3497 if p.c.L == nil { 3498 p.c.L = &p.mu 3499 } 3500 for { 3501 if p.breakErr != nil { 3502 return 0, p.breakErr 3503 } 3504 if p.b != nil && p.b.Len() > 0 { 3505 return p.b.Read(d) 3506 } 3507 if p.err != nil { 3508 if p.readFn != nil { 3509 p.readFn() // e.g. copy trailers 3510 p.readFn = nil // not sticky like p.err 3511 } 3512 p.b = nil 3513 return 0, p.err 3514 } 3515 p.c.Wait() 3516 } 3517} 3518 3519var http2errClosedPipeWrite = errors.New("write on closed buffer") 3520 3521// Write copies bytes from p into the buffer and wakes a reader. 3522// It is an error to write more data than the buffer can hold. 3523func (p *http2pipe) Write(d []byte) (n int, err error) { 3524 p.mu.Lock() 3525 defer p.mu.Unlock() 3526 if p.c.L == nil { 3527 p.c.L = &p.mu 3528 } 3529 defer p.c.Signal() 3530 if p.err != nil { 3531 return 0, http2errClosedPipeWrite 3532 } 3533 if p.breakErr != nil { 3534 p.unread += len(d) 3535 return len(d), nil // discard when there is no reader 3536 } 3537 return p.b.Write(d) 3538} 3539 3540// CloseWithError causes the next Read (waking up a current blocked 3541// Read if needed) to return the provided err after all data has been 3542// read. 3543// 3544// The error must be non-nil. 3545func (p *http2pipe) CloseWithError(err error) { p.closeWithError(&p.err, err, nil) } 3546 3547// BreakWithError causes the next Read (waking up a current blocked 3548// Read if needed) to return the provided err immediately, without 3549// waiting for unread data. 3550func (p *http2pipe) BreakWithError(err error) { p.closeWithError(&p.breakErr, err, nil) } 3551 3552// closeWithErrorAndCode is like CloseWithError but also sets some code to run 3553// in the caller's goroutine before returning the error. 3554func (p *http2pipe) closeWithErrorAndCode(err error, fn func()) { p.closeWithError(&p.err, err, fn) } 3555 3556func (p *http2pipe) closeWithError(dst *error, err error, fn func()) { 3557 if err == nil { 3558 panic("err must be non-nil") 3559 } 3560 p.mu.Lock() 3561 defer p.mu.Unlock() 3562 if p.c.L == nil { 3563 p.c.L = &p.mu 3564 } 3565 defer p.c.Signal() 3566 if *dst != nil { 3567 // Already been done. 3568 return 3569 } 3570 p.readFn = fn 3571 if dst == &p.breakErr { 3572 if p.b != nil { 3573 p.unread += p.b.Len() 3574 } 3575 p.b = nil 3576 } 3577 *dst = err 3578 p.closeDoneLocked() 3579} 3580 3581// requires p.mu be held. 3582func (p *http2pipe) closeDoneLocked() { 3583 if p.donec == nil { 3584 return 3585 } 3586 // Close if unclosed. This isn't racy since we always 3587 // hold p.mu while closing. 3588 select { 3589 case <-p.donec: 3590 default: 3591 close(p.donec) 3592 } 3593} 3594 3595// Err returns the error (if any) first set by BreakWithError or CloseWithError. 3596func (p *http2pipe) Err() error { 3597 p.mu.Lock() 3598 defer p.mu.Unlock() 3599 if p.breakErr != nil { 3600 return p.breakErr 3601 } 3602 return p.err 3603} 3604 3605// Done returns a channel which is closed if and when this pipe is closed 3606// with CloseWithError. 3607func (p *http2pipe) Done() <-chan struct{} { 3608 p.mu.Lock() 3609 defer p.mu.Unlock() 3610 if p.donec == nil { 3611 p.donec = make(chan struct{}) 3612 if p.err != nil || p.breakErr != nil { 3613 // Already hit an error. 3614 p.closeDoneLocked() 3615 } 3616 } 3617 return p.donec 3618} 3619 3620const ( 3621 http2prefaceTimeout = 10 * time.Second 3622 http2firstSettingsTimeout = 2 * time.Second // should be in-flight with preface anyway 3623 http2handlerChunkWriteSize = 4 << 10 3624 http2defaultMaxStreams = 250 // TODO: make this 100 as the GFE seems to? 3625 http2maxQueuedControlFrames = 10000 3626) 3627 3628var ( 3629 http2errClientDisconnected = errors.New("client disconnected") 3630 http2errClosedBody = errors.New("body closed by handler") 3631 http2errHandlerComplete = errors.New("http2: request body closed due to handler exiting") 3632 http2errStreamClosed = errors.New("http2: stream closed") 3633) 3634 3635var http2responseWriterStatePool = sync.Pool{ 3636 New: func() interface{} { 3637 rws := &http2responseWriterState{} 3638 rws.bw = bufio.NewWriterSize(http2chunkWriter{rws}, http2handlerChunkWriteSize) 3639 return rws 3640 }, 3641} 3642 3643// Test hooks. 3644var ( 3645 http2testHookOnConn func() 3646 http2testHookGetServerConn func(*http2serverConn) 3647 http2testHookOnPanicMu *sync.Mutex // nil except in tests 3648 http2testHookOnPanic func(sc *http2serverConn, panicVal interface{}) (rePanic bool) 3649) 3650 3651// Server is an HTTP/2 server. 3652type http2Server struct { 3653 // MaxHandlers limits the number of http.Handler ServeHTTP goroutines 3654 // which may run at a time over all connections. 3655 // Negative or zero no limit. 3656 // TODO: implement 3657 MaxHandlers int 3658 3659 // MaxConcurrentStreams optionally specifies the number of 3660 // concurrent streams that each client may have open at a 3661 // time. This is unrelated to the number of http.Handler goroutines 3662 // which may be active globally, which is MaxHandlers. 3663 // If zero, MaxConcurrentStreams defaults to at least 100, per 3664 // the HTTP/2 spec's recommendations. 3665 MaxConcurrentStreams uint32 3666 3667 // MaxReadFrameSize optionally specifies the largest frame 3668 // this server is willing to read. A valid value is between 3669 // 16k and 16M, inclusive. If zero or otherwise invalid, a 3670 // default value is used. 3671 MaxReadFrameSize uint32 3672 3673 // PermitProhibitedCipherSuites, if true, permits the use of 3674 // cipher suites prohibited by the HTTP/2 spec. 3675 PermitProhibitedCipherSuites bool 3676 3677 // IdleTimeout specifies how long until idle clients should be 3678 // closed with a GOAWAY frame. PING frames are not considered 3679 // activity for the purposes of IdleTimeout. 3680 IdleTimeout time.Duration 3681 3682 // MaxUploadBufferPerConnection is the size of the initial flow 3683 // control window for each connections. The HTTP/2 spec does not 3684 // allow this to be smaller than 65535 or larger than 2^32-1. 3685 // If the value is outside this range, a default value will be 3686 // used instead. 3687 MaxUploadBufferPerConnection int32 3688 3689 // MaxUploadBufferPerStream is the size of the initial flow control 3690 // window for each stream. The HTTP/2 spec does not allow this to 3691 // be larger than 2^32-1. If the value is zero or larger than the 3692 // maximum, a default value will be used instead. 3693 MaxUploadBufferPerStream int32 3694 3695 // NewWriteScheduler constructs a write scheduler for a connection. 3696 // If nil, a default scheduler is chosen. 3697 NewWriteScheduler func() http2WriteScheduler 3698 3699 // Internal state. This is a pointer (rather than embedded directly) 3700 // so that we don't embed a Mutex in this struct, which will make the 3701 // struct non-copyable, which might break some callers. 3702 state *http2serverInternalState 3703} 3704 3705func (s *http2Server) initialConnRecvWindowSize() int32 { 3706 if s.MaxUploadBufferPerConnection > http2initialWindowSize { 3707 return s.MaxUploadBufferPerConnection 3708 } 3709 return 1 << 20 3710} 3711 3712func (s *http2Server) initialStreamRecvWindowSize() int32 { 3713 if s.MaxUploadBufferPerStream > 0 { 3714 return s.MaxUploadBufferPerStream 3715 } 3716 return 1 << 20 3717} 3718 3719func (s *http2Server) maxReadFrameSize() uint32 { 3720 if v := s.MaxReadFrameSize; v >= http2minMaxFrameSize && v <= http2maxFrameSize { 3721 return v 3722 } 3723 return http2defaultMaxReadFrameSize 3724} 3725 3726func (s *http2Server) maxConcurrentStreams() uint32 { 3727 if v := s.MaxConcurrentStreams; v > 0 { 3728 return v 3729 } 3730 return http2defaultMaxStreams 3731} 3732 3733// maxQueuedControlFrames is the maximum number of control frames like 3734// SETTINGS, PING and RST_STREAM that will be queued for writing before 3735// the connection is closed to prevent memory exhaustion attacks. 3736func (s *http2Server) maxQueuedControlFrames() int { 3737 // TODO: if anybody asks, add a Server field, and remember to define the 3738 // behavior of negative values. 3739 return http2maxQueuedControlFrames 3740} 3741 3742type http2serverInternalState struct { 3743 mu sync.Mutex 3744 activeConns map[*http2serverConn]struct{} 3745} 3746 3747func (s *http2serverInternalState) registerConn(sc *http2serverConn) { 3748 if s == nil { 3749 return // if the Server was used without calling ConfigureServer 3750 } 3751 s.mu.Lock() 3752 s.activeConns[sc] = struct{}{} 3753 s.mu.Unlock() 3754} 3755 3756func (s *http2serverInternalState) unregisterConn(sc *http2serverConn) { 3757 if s == nil { 3758 return // if the Server was used without calling ConfigureServer 3759 } 3760 s.mu.Lock() 3761 delete(s.activeConns, sc) 3762 s.mu.Unlock() 3763} 3764 3765func (s *http2serverInternalState) startGracefulShutdown() { 3766 if s == nil { 3767 return // if the Server was used without calling ConfigureServer 3768 } 3769 s.mu.Lock() 3770 for sc := range s.activeConns { 3771 sc.startGracefulShutdown() 3772 } 3773 s.mu.Unlock() 3774} 3775 3776// ConfigureServer adds HTTP/2 support to a net/http Server. 3777// 3778// The configuration conf may be nil. 3779// 3780// ConfigureServer must be called before s begins serving. 3781func http2ConfigureServer(s *Server, conf *http2Server) error { 3782 if s == nil { 3783 panic("nil *http.Server") 3784 } 3785 if conf == nil { 3786 conf = new(http2Server) 3787 } 3788 conf.state = &http2serverInternalState{activeConns: make(map[*http2serverConn]struct{})} 3789 if h1, h2 := s, conf; h2.IdleTimeout == 0 { 3790 if h1.IdleTimeout != 0 { 3791 h2.IdleTimeout = h1.IdleTimeout 3792 } else { 3793 h2.IdleTimeout = h1.ReadTimeout 3794 } 3795 } 3796 s.RegisterOnShutdown(conf.state.startGracefulShutdown) 3797 3798 if s.TLSConfig == nil { 3799 s.TLSConfig = new(tls.Config) 3800 } else if s.TLSConfig.CipherSuites != nil { 3801 // If they already provided a CipherSuite list, return 3802 // an error if it has a bad order or is missing 3803 // ECDHE_RSA_WITH_AES_128_GCM_SHA256 or ECDHE_ECDSA_WITH_AES_128_GCM_SHA256. 3804 haveRequired := false 3805 sawBad := false 3806 for i, cs := range s.TLSConfig.CipherSuites { 3807 switch cs { 3808 case tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 3809 // Alternative MTI cipher to not discourage ECDSA-only servers. 3810 // See http://golang.org/cl/30721 for further information. 3811 tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: 3812 haveRequired = true 3813 } 3814 if http2isBadCipher(cs) { 3815 sawBad = true 3816 } else if sawBad { 3817 return fmt.Errorf("http2: TLSConfig.CipherSuites index %d contains an HTTP/2-approved cipher suite (%#04x), but it comes after unapproved cipher suites. With this configuration, clients that don't support previous, approved cipher suites may be given an unapproved one and reject the connection.", i, cs) 3818 } 3819 } 3820 if !haveRequired { 3821 return fmt.Errorf("http2: TLSConfig.CipherSuites is missing an HTTP/2-required AES_128_GCM_SHA256 cipher (need at least one of TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 or TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256).") 3822 } 3823 } 3824 3825 // Note: not setting MinVersion to tls.VersionTLS12, 3826 // as we don't want to interfere with HTTP/1.1 traffic 3827 // on the user's server. We enforce TLS 1.2 later once 3828 // we accept a connection. Ideally this should be done 3829 // during next-proto selection, but using TLS <1.2 with 3830 // HTTP/2 is still the client's bug. 3831 3832 s.TLSConfig.PreferServerCipherSuites = true 3833 3834 haveNPN := false 3835 for _, p := range s.TLSConfig.NextProtos { 3836 if p == http2NextProtoTLS { 3837 haveNPN = true 3838 break 3839 } 3840 } 3841 if !haveNPN { 3842 s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, http2NextProtoTLS) 3843 } 3844 3845 if s.TLSNextProto == nil { 3846 s.TLSNextProto = map[string]func(*Server, *tls.Conn, Handler){} 3847 } 3848 protoHandler := func(hs *Server, c *tls.Conn, h Handler) { 3849 if http2testHookOnConn != nil { 3850 http2testHookOnConn() 3851 } 3852 // The TLSNextProto interface predates contexts, so 3853 // the net/http package passes down its per-connection 3854 // base context via an exported but unadvertised 3855 // method on the Handler. This is for internal 3856 // net/http<=>http2 use only. 3857 var ctx context.Context 3858 type baseContexter interface { 3859 BaseContext() context.Context 3860 } 3861 if bc, ok := h.(baseContexter); ok { 3862 ctx = bc.BaseContext() 3863 } 3864 conf.ServeConn(c, &http2ServeConnOpts{ 3865 Context: ctx, 3866 Handler: h, 3867 BaseConfig: hs, 3868 }) 3869 } 3870 s.TLSNextProto[http2NextProtoTLS] = protoHandler 3871 return nil 3872} 3873 3874// ServeConnOpts are options for the Server.ServeConn method. 3875type http2ServeConnOpts struct { 3876 // Context is the base context to use. 3877 // If nil, context.Background is used. 3878 Context context.Context 3879 3880 // BaseConfig optionally sets the base configuration 3881 // for values. If nil, defaults are used. 3882 BaseConfig *Server 3883 3884 // Handler specifies which handler to use for processing 3885 // requests. If nil, BaseConfig.Handler is used. If BaseConfig 3886 // or BaseConfig.Handler is nil, http.DefaultServeMux is used. 3887 Handler Handler 3888} 3889 3890func (o *http2ServeConnOpts) context() context.Context { 3891 if o != nil && o.Context != nil { 3892 return o.Context 3893 } 3894 return context.Background() 3895} 3896 3897func (o *http2ServeConnOpts) baseConfig() *Server { 3898 if o != nil && o.BaseConfig != nil { 3899 return o.BaseConfig 3900 } 3901 return new(Server) 3902} 3903 3904func (o *http2ServeConnOpts) handler() Handler { 3905 if o != nil { 3906 if o.Handler != nil { 3907 return o.Handler 3908 } 3909 if o.BaseConfig != nil && o.BaseConfig.Handler != nil { 3910 return o.BaseConfig.Handler 3911 } 3912 } 3913 return DefaultServeMux 3914} 3915 3916// ServeConn serves HTTP/2 requests on the provided connection and 3917// blocks until the connection is no longer readable. 3918// 3919// ServeConn starts speaking HTTP/2 assuming that c has not had any 3920// reads or writes. It writes its initial settings frame and expects 3921// to be able to read the preface and settings frame from the 3922// client. If c has a ConnectionState method like a *tls.Conn, the 3923// ConnectionState is used to verify the TLS ciphersuite and to set 3924// the Request.TLS field in Handlers. 3925// 3926// ServeConn does not support h2c by itself. Any h2c support must be 3927// implemented in terms of providing a suitably-behaving net.Conn. 3928// 3929// The opts parameter is optional. If nil, default values are used. 3930func (s *http2Server) ServeConn(c net.Conn, opts *http2ServeConnOpts) { 3931 baseCtx, cancel := http2serverConnBaseContext(c, opts) 3932 defer cancel() 3933 3934 sc := &http2serverConn{ 3935 srv: s, 3936 hs: opts.baseConfig(), 3937 conn: c, 3938 baseCtx: baseCtx, 3939 remoteAddrStr: c.RemoteAddr().String(), 3940 bw: http2newBufferedWriter(c), 3941 handler: opts.handler(), 3942 streams: make(map[uint32]*http2stream), 3943 readFrameCh: make(chan http2readFrameResult), 3944 wantWriteFrameCh: make(chan http2FrameWriteRequest, 8), 3945 serveMsgCh: make(chan interface{}, 8), 3946 wroteFrameCh: make(chan http2frameWriteResult, 1), // buffered; one send in writeFrameAsync 3947 bodyReadCh: make(chan http2bodyReadMsg), // buffering doesn't matter either way 3948 doneServing: make(chan struct{}), 3949 clientMaxStreams: math.MaxUint32, // Section 6.5.2: "Initially, there is no limit to this value" 3950 advMaxStreams: s.maxConcurrentStreams(), 3951 initialStreamSendWindowSize: http2initialWindowSize, 3952 maxFrameSize: http2initialMaxFrameSize, 3953 headerTableSize: http2initialHeaderTableSize, 3954 serveG: http2newGoroutineLock(), 3955 pushEnabled: true, 3956 } 3957 3958 s.state.registerConn(sc) 3959 defer s.state.unregisterConn(sc) 3960 3961 // The net/http package sets the write deadline from the 3962 // http.Server.WriteTimeout during the TLS handshake, but then 3963 // passes the connection off to us with the deadline already set. 3964 // Write deadlines are set per stream in serverConn.newStream. 3965 // Disarm the net.Conn write deadline here. 3966 if sc.hs.WriteTimeout != 0 { 3967 sc.conn.SetWriteDeadline(time.Time{}) 3968 } 3969 3970 if s.NewWriteScheduler != nil { 3971 sc.writeSched = s.NewWriteScheduler() 3972 } else { 3973 sc.writeSched = http2NewRandomWriteScheduler() 3974 } 3975 3976 // These start at the RFC-specified defaults. If there is a higher 3977 // configured value for inflow, that will be updated when we send a 3978 // WINDOW_UPDATE shortly after sending SETTINGS. 3979 sc.flow.add(http2initialWindowSize) 3980 sc.inflow.add(http2initialWindowSize) 3981 sc.hpackEncoder = hpack.NewEncoder(&sc.headerWriteBuf) 3982 3983 fr := http2NewFramer(sc.bw, c) 3984 fr.ReadMetaHeaders = hpack.NewDecoder(http2initialHeaderTableSize, nil) 3985 fr.MaxHeaderListSize = sc.maxHeaderListSize() 3986 fr.SetMaxReadFrameSize(s.maxReadFrameSize()) 3987 sc.framer = fr 3988 3989 if tc, ok := c.(http2connectionStater); ok { 3990 sc.tlsState = new(tls.ConnectionState) 3991 *sc.tlsState = tc.ConnectionState() 3992 // 9.2 Use of TLS Features 3993 // An implementation of HTTP/2 over TLS MUST use TLS 3994 // 1.2 or higher with the restrictions on feature set 3995 // and cipher suite described in this section. Due to 3996 // implementation limitations, it might not be 3997 // possible to fail TLS negotiation. An endpoint MUST 3998 // immediately terminate an HTTP/2 connection that 3999 // does not meet the TLS requirements described in 4000 // this section with a connection error (Section 4001 // 5.4.1) of type INADEQUATE_SECURITY. 4002 if sc.tlsState.Version < tls.VersionTLS12 { 4003 sc.rejectConn(http2ErrCodeInadequateSecurity, "TLS version too low") 4004 return 4005 } 4006 4007 if sc.tlsState.ServerName == "" { 4008 // Client must use SNI, but we don't enforce that anymore, 4009 // since it was causing problems when connecting to bare IP 4010 // addresses during development. 4011 // 4012 // TODO: optionally enforce? Or enforce at the time we receive 4013 // a new request, and verify the ServerName matches the :authority? 4014 // But that precludes proxy situations, perhaps. 4015 // 4016 // So for now, do nothing here again. 4017 } 4018 4019 if !s.PermitProhibitedCipherSuites && http2isBadCipher(sc.tlsState.CipherSuite) { 4020 // "Endpoints MAY choose to generate a connection error 4021 // (Section 5.4.1) of type INADEQUATE_SECURITY if one of 4022 // the prohibited cipher suites are negotiated." 4023 // 4024 // We choose that. In my opinion, the spec is weak 4025 // here. It also says both parties must support at least 4026 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 so there's no 4027 // excuses here. If we really must, we could allow an 4028 // "AllowInsecureWeakCiphers" option on the server later. 4029 // Let's see how it plays out first. 4030 sc.rejectConn(http2ErrCodeInadequateSecurity, fmt.Sprintf("Prohibited TLS 1.2 Cipher Suite: %x", sc.tlsState.CipherSuite)) 4031 return 4032 } 4033 } 4034 4035 if hook := http2testHookGetServerConn; hook != nil { 4036 hook(sc) 4037 } 4038 sc.serve() 4039} 4040 4041func http2serverConnBaseContext(c net.Conn, opts *http2ServeConnOpts) (ctx context.Context, cancel func()) { 4042 ctx, cancel = context.WithCancel(opts.context()) 4043 ctx = context.WithValue(ctx, LocalAddrContextKey, c.LocalAddr()) 4044 if hs := opts.baseConfig(); hs != nil { 4045 ctx = context.WithValue(ctx, ServerContextKey, hs) 4046 } 4047 return 4048} 4049 4050func (sc *http2serverConn) rejectConn(err http2ErrCode, debug string) { 4051 sc.vlogf("http2: server rejecting conn: %v, %s", err, debug) 4052 // ignoring errors. hanging up anyway. 4053 sc.framer.WriteGoAway(0, err, []byte(debug)) 4054 sc.bw.Flush() 4055 sc.conn.Close() 4056} 4057 4058type http2serverConn struct { 4059 // Immutable: 4060 srv *http2Server 4061 hs *Server 4062 conn net.Conn 4063 bw *http2bufferedWriter // writing to conn 4064 handler Handler 4065 baseCtx context.Context 4066 framer *http2Framer 4067 doneServing chan struct{} // closed when serverConn.serve ends 4068 readFrameCh chan http2readFrameResult // written by serverConn.readFrames 4069 wantWriteFrameCh chan http2FrameWriteRequest // from handlers -> serve 4070 wroteFrameCh chan http2frameWriteResult // from writeFrameAsync -> serve, tickles more frame writes 4071 bodyReadCh chan http2bodyReadMsg // from handlers -> serve 4072 serveMsgCh chan interface{} // misc messages & code to send to / run on the serve loop 4073 flow http2flow // conn-wide (not stream-specific) outbound flow control 4074 inflow http2flow // conn-wide inbound flow control 4075 tlsState *tls.ConnectionState // shared by all handlers, like net/http 4076 remoteAddrStr string 4077 writeSched http2WriteScheduler 4078 4079 // Everything following is owned by the serve loop; use serveG.check(): 4080 serveG http2goroutineLock // used to verify funcs are on serve() 4081 pushEnabled bool 4082 sawFirstSettings bool // got the initial SETTINGS frame after the preface 4083 needToSendSettingsAck bool 4084 unackedSettings int // how many SETTINGS have we sent without ACKs? 4085 queuedControlFrames int // control frames in the writeSched queue 4086 clientMaxStreams uint32 // SETTINGS_MAX_CONCURRENT_STREAMS from client (our PUSH_PROMISE limit) 4087 advMaxStreams uint32 // our SETTINGS_MAX_CONCURRENT_STREAMS advertised the client 4088 curClientStreams uint32 // number of open streams initiated by the client 4089 curPushedStreams uint32 // number of open streams initiated by server push 4090 maxClientStreamID uint32 // max ever seen from client (odd), or 0 if there have been no client requests 4091 maxPushPromiseID uint32 // ID of the last push promise (even), or 0 if there have been no pushes 4092 streams map[uint32]*http2stream 4093 initialStreamSendWindowSize int32 4094 maxFrameSize int32 4095 headerTableSize uint32 4096 peerMaxHeaderListSize uint32 // zero means unknown (default) 4097 canonHeader map[string]string // http2-lower-case -> Go-Canonical-Case 4098 writingFrame bool // started writing a frame (on serve goroutine or separate) 4099 writingFrameAsync bool // started a frame on its own goroutine but haven't heard back on wroteFrameCh 4100 needsFrameFlush bool // last frame write wasn't a flush 4101 inGoAway bool // we've started to or sent GOAWAY 4102 inFrameScheduleLoop bool // whether we're in the scheduleFrameWrite loop 4103 needToSendGoAway bool // we need to schedule a GOAWAY frame write 4104 goAwayCode http2ErrCode 4105 shutdownTimer *time.Timer // nil until used 4106 idleTimer *time.Timer // nil if unused 4107 4108 // Owned by the writeFrameAsync goroutine: 4109 headerWriteBuf bytes.Buffer 4110 hpackEncoder *hpack.Encoder 4111 4112 // Used by startGracefulShutdown. 4113 shutdownOnce sync.Once 4114} 4115 4116func (sc *http2serverConn) maxHeaderListSize() uint32 { 4117 n := sc.hs.MaxHeaderBytes 4118 if n <= 0 { 4119 n = DefaultMaxHeaderBytes 4120 } 4121 // http2's count is in a slightly different unit and includes 32 bytes per pair. 4122 // So, take the net/http.Server value and pad it up a bit, assuming 10 headers. 4123 const perFieldOverhead = 32 // per http2 spec 4124 const typicalHeaders = 10 // conservative 4125 return uint32(n + typicalHeaders*perFieldOverhead) 4126} 4127 4128func (sc *http2serverConn) curOpenStreams() uint32 { 4129 sc.serveG.check() 4130 return sc.curClientStreams + sc.curPushedStreams 4131} 4132 4133// stream represents a stream. This is the minimal metadata needed by 4134// the serve goroutine. Most of the actual stream state is owned by 4135// the http.Handler's goroutine in the responseWriter. Because the 4136// responseWriter's responseWriterState is recycled at the end of a 4137// handler, this struct intentionally has no pointer to the 4138// *responseWriter{,State} itself, as the Handler ending nils out the 4139// responseWriter's state field. 4140type http2stream struct { 4141 // immutable: 4142 sc *http2serverConn 4143 id uint32 4144 body *http2pipe // non-nil if expecting DATA frames 4145 cw http2closeWaiter // closed wait stream transitions to closed state 4146 ctx context.Context 4147 cancelCtx func() 4148 4149 // owned by serverConn's serve loop: 4150 bodyBytes int64 // body bytes seen so far 4151 declBodyBytes int64 // or -1 if undeclared 4152 flow http2flow // limits writing from Handler to client 4153 inflow http2flow // what the client is allowed to POST/etc to us 4154 parent *http2stream // or nil 4155 numTrailerValues int64 4156 weight uint8 4157 state http2streamState 4158 resetQueued bool // RST_STREAM queued for write; set by sc.resetStream 4159 gotTrailerHeader bool // HEADER frame for trailers was seen 4160 wroteHeaders bool // whether we wrote headers (not status 100) 4161 writeDeadline *time.Timer // nil if unused 4162 4163 trailer Header // accumulated trailers 4164 reqTrailer Header // handler's Request.Trailer 4165} 4166 4167func (sc *http2serverConn) Framer() *http2Framer { return sc.framer } 4168 4169func (sc *http2serverConn) CloseConn() error { return sc.conn.Close() } 4170 4171func (sc *http2serverConn) Flush() error { return sc.bw.Flush() } 4172 4173func (sc *http2serverConn) HeaderEncoder() (*hpack.Encoder, *bytes.Buffer) { 4174 return sc.hpackEncoder, &sc.headerWriteBuf 4175} 4176 4177func (sc *http2serverConn) state(streamID uint32) (http2streamState, *http2stream) { 4178 sc.serveG.check() 4179 // http://tools.ietf.org/html/rfc7540#section-5.1 4180 if st, ok := sc.streams[streamID]; ok { 4181 return st.state, st 4182 } 4183 // "The first use of a new stream identifier implicitly closes all 4184 // streams in the "idle" state that might have been initiated by 4185 // that peer with a lower-valued stream identifier. For example, if 4186 // a client sends a HEADERS frame on stream 7 without ever sending a 4187 // frame on stream 5, then stream 5 transitions to the "closed" 4188 // state when the first frame for stream 7 is sent or received." 4189 if streamID%2 == 1 { 4190 if streamID <= sc.maxClientStreamID { 4191 return http2stateClosed, nil 4192 } 4193 } else { 4194 if streamID <= sc.maxPushPromiseID { 4195 return http2stateClosed, nil 4196 } 4197 } 4198 return http2stateIdle, nil 4199} 4200 4201// setConnState calls the net/http ConnState hook for this connection, if configured. 4202// Note that the net/http package does StateNew and StateClosed for us. 4203// There is currently no plan for StateHijacked or hijacking HTTP/2 connections. 4204func (sc *http2serverConn) setConnState(state ConnState) { 4205 if sc.hs.ConnState != nil { 4206 sc.hs.ConnState(sc.conn, state) 4207 } 4208} 4209 4210func (sc *http2serverConn) vlogf(format string, args ...interface{}) { 4211 if http2VerboseLogs { 4212 sc.logf(format, args...) 4213 } 4214} 4215 4216func (sc *http2serverConn) logf(format string, args ...interface{}) { 4217 if lg := sc.hs.ErrorLog; lg != nil { 4218 lg.Printf(format, args...) 4219 } else { 4220 log.Printf(format, args...) 4221 } 4222} 4223 4224// errno returns v's underlying uintptr, else 0. 4225// 4226// TODO: remove this helper function once http2 can use build 4227// tags. See comment in isClosedConnError. 4228func http2errno(v error) uintptr { 4229 if rv := reflect.ValueOf(v); rv.Kind() == reflect.Uintptr { 4230 return uintptr(rv.Uint()) 4231 } 4232 return 0 4233} 4234 4235// isClosedConnError reports whether err is an error from use of a closed 4236// network connection. 4237func http2isClosedConnError(err error) bool { 4238 if err == nil { 4239 return false 4240 } 4241 4242 // TODO: remove this string search and be more like the Windows 4243 // case below. That might involve modifying the standard library 4244 // to return better error types. 4245 str := err.Error() 4246 if strings.Contains(str, "use of closed network connection") { 4247 return true 4248 } 4249 4250 // TODO(bradfitz): x/tools/cmd/bundle doesn't really support 4251 // build tags, so I can't make an http2_windows.go file with 4252 // Windows-specific stuff. Fix that and move this, once we 4253 // have a way to bundle this into std's net/http somehow. 4254 if runtime.GOOS == "windows" { 4255 if oe, ok := err.(*net.OpError); ok && oe.Op == "read" { 4256 if se, ok := oe.Err.(*os.SyscallError); ok && se.Syscall == "wsarecv" { 4257 const WSAECONNABORTED = 10053 4258 const WSAECONNRESET = 10054 4259 if n := http2errno(se.Err); n == WSAECONNRESET || n == WSAECONNABORTED { 4260 return true 4261 } 4262 } 4263 } 4264 } 4265 return false 4266} 4267 4268func (sc *http2serverConn) condlogf(err error, format string, args ...interface{}) { 4269 if err == nil { 4270 return 4271 } 4272 if err == io.EOF || err == io.ErrUnexpectedEOF || http2isClosedConnError(err) || err == http2errPrefaceTimeout { 4273 // Boring, expected errors. 4274 sc.vlogf(format, args...) 4275 } else { 4276 sc.logf(format, args...) 4277 } 4278} 4279 4280func (sc *http2serverConn) canonicalHeader(v string) string { 4281 sc.serveG.check() 4282 http2buildCommonHeaderMapsOnce() 4283 cv, ok := http2commonCanonHeader[v] 4284 if ok { 4285 return cv 4286 } 4287 cv, ok = sc.canonHeader[v] 4288 if ok { 4289 return cv 4290 } 4291 if sc.canonHeader == nil { 4292 sc.canonHeader = make(map[string]string) 4293 } 4294 cv = CanonicalHeaderKey(v) 4295 sc.canonHeader[v] = cv 4296 return cv 4297} 4298 4299type http2readFrameResult struct { 4300 f http2Frame // valid until readMore is called 4301 err error 4302 4303 // readMore should be called once the consumer no longer needs or 4304 // retains f. After readMore, f is invalid and more frames can be 4305 // read. 4306 readMore func() 4307} 4308 4309// readFrames is the loop that reads incoming frames. 4310// It takes care to only read one frame at a time, blocking until the 4311// consumer is done with the frame. 4312// It's run on its own goroutine. 4313func (sc *http2serverConn) readFrames() { 4314 gate := make(http2gate) 4315 gateDone := gate.Done 4316 for { 4317 f, err := sc.framer.ReadFrame() 4318 select { 4319 case sc.readFrameCh <- http2readFrameResult{f, err, gateDone}: 4320 case <-sc.doneServing: 4321 return 4322 } 4323 select { 4324 case <-gate: 4325 case <-sc.doneServing: 4326 return 4327 } 4328 if http2terminalReadFrameError(err) { 4329 return 4330 } 4331 } 4332} 4333 4334// frameWriteResult is the message passed from writeFrameAsync to the serve goroutine. 4335type http2frameWriteResult struct { 4336 wr http2FrameWriteRequest // what was written (or attempted) 4337 err error // result of the writeFrame call 4338} 4339 4340// writeFrameAsync runs in its own goroutine and writes a single frame 4341// and then reports when it's done. 4342// At most one goroutine can be running writeFrameAsync at a time per 4343// serverConn. 4344func (sc *http2serverConn) writeFrameAsync(wr http2FrameWriteRequest) { 4345 err := wr.write.writeFrame(sc) 4346 sc.wroteFrameCh <- http2frameWriteResult{wr, err} 4347} 4348 4349func (sc *http2serverConn) closeAllStreamsOnConnClose() { 4350 sc.serveG.check() 4351 for _, st := range sc.streams { 4352 sc.closeStream(st, http2errClientDisconnected) 4353 } 4354} 4355 4356func (sc *http2serverConn) stopShutdownTimer() { 4357 sc.serveG.check() 4358 if t := sc.shutdownTimer; t != nil { 4359 t.Stop() 4360 } 4361} 4362 4363func (sc *http2serverConn) notePanic() { 4364 // Note: this is for serverConn.serve panicking, not http.Handler code. 4365 if http2testHookOnPanicMu != nil { 4366 http2testHookOnPanicMu.Lock() 4367 defer http2testHookOnPanicMu.Unlock() 4368 } 4369 if http2testHookOnPanic != nil { 4370 if e := recover(); e != nil { 4371 if http2testHookOnPanic(sc, e) { 4372 panic(e) 4373 } 4374 } 4375 } 4376} 4377 4378func (sc *http2serverConn) serve() { 4379 sc.serveG.check() 4380 defer sc.notePanic() 4381 defer sc.conn.Close() 4382 defer sc.closeAllStreamsOnConnClose() 4383 defer sc.stopShutdownTimer() 4384 defer close(sc.doneServing) // unblocks handlers trying to send 4385 4386 if http2VerboseLogs { 4387 sc.vlogf("http2: server connection from %v on %p", sc.conn.RemoteAddr(), sc.hs) 4388 } 4389 4390 sc.writeFrame(http2FrameWriteRequest{ 4391 write: http2writeSettings{ 4392 {http2SettingMaxFrameSize, sc.srv.maxReadFrameSize()}, 4393 {http2SettingMaxConcurrentStreams, sc.advMaxStreams}, 4394 {http2SettingMaxHeaderListSize, sc.maxHeaderListSize()}, 4395 {http2SettingInitialWindowSize, uint32(sc.srv.initialStreamRecvWindowSize())}, 4396 }, 4397 }) 4398 sc.unackedSettings++ 4399 4400 // Each connection starts with intialWindowSize inflow tokens. 4401 // If a higher value is configured, we add more tokens. 4402 if diff := sc.srv.initialConnRecvWindowSize() - http2initialWindowSize; diff > 0 { 4403 sc.sendWindowUpdate(nil, int(diff)) 4404 } 4405 4406 if err := sc.readPreface(); err != nil { 4407 sc.condlogf(err, "http2: server: error reading preface from client %v: %v", sc.conn.RemoteAddr(), err) 4408 return 4409 } 4410 // Now that we've got the preface, get us out of the 4411 // "StateNew" state. We can't go directly to idle, though. 4412 // Active means we read some data and anticipate a request. We'll 4413 // do another Active when we get a HEADERS frame. 4414 sc.setConnState(StateActive) 4415 sc.setConnState(StateIdle) 4416 4417 if sc.srv.IdleTimeout != 0 { 4418 sc.idleTimer = time.AfterFunc(sc.srv.IdleTimeout, sc.onIdleTimer) 4419 defer sc.idleTimer.Stop() 4420 } 4421 4422 go sc.readFrames() // closed by defer sc.conn.Close above 4423 4424 settingsTimer := time.AfterFunc(http2firstSettingsTimeout, sc.onSettingsTimer) 4425 defer settingsTimer.Stop() 4426 4427 loopNum := 0 4428 for { 4429 loopNum++ 4430 select { 4431 case wr := <-sc.wantWriteFrameCh: 4432 if se, ok := wr.write.(http2StreamError); ok { 4433 sc.resetStream(se) 4434 break 4435 } 4436 sc.writeFrame(wr) 4437 case res := <-sc.wroteFrameCh: 4438 sc.wroteFrame(res) 4439 case res := <-sc.readFrameCh: 4440 if !sc.processFrameFromReader(res) { 4441 return 4442 } 4443 res.readMore() 4444 if settingsTimer != nil { 4445 settingsTimer.Stop() 4446 settingsTimer = nil 4447 } 4448 case m := <-sc.bodyReadCh: 4449 sc.noteBodyRead(m.st, m.n) 4450 case msg := <-sc.serveMsgCh: 4451 switch v := msg.(type) { 4452 case func(int): 4453 v(loopNum) // for testing 4454 case *http2serverMessage: 4455 switch v { 4456 case http2settingsTimerMsg: 4457 sc.logf("timeout waiting for SETTINGS frames from %v", sc.conn.RemoteAddr()) 4458 return 4459 case http2idleTimerMsg: 4460 sc.vlogf("connection is idle") 4461 sc.goAway(http2ErrCodeNo) 4462 case http2shutdownTimerMsg: 4463 sc.vlogf("GOAWAY close timer fired; closing conn from %v", sc.conn.RemoteAddr()) 4464 return 4465 case http2gracefulShutdownMsg: 4466 sc.startGracefulShutdownInternal() 4467 default: 4468 panic("unknown timer") 4469 } 4470 case *http2startPushRequest: 4471 sc.startPush(v) 4472 default: 4473 panic(fmt.Sprintf("unexpected type %T", v)) 4474 } 4475 } 4476 4477 // If the peer is causing us to generate a lot of control frames, 4478 // but not reading them from us, assume they are trying to make us 4479 // run out of memory. 4480 if sc.queuedControlFrames > sc.srv.maxQueuedControlFrames() { 4481 sc.vlogf("http2: too many control frames in send queue, closing connection") 4482 return 4483 } 4484 4485 // Start the shutdown timer after sending a GOAWAY. When sending GOAWAY 4486 // with no error code (graceful shutdown), don't start the timer until 4487 // all open streams have been completed. 4488 sentGoAway := sc.inGoAway && !sc.needToSendGoAway && !sc.writingFrame 4489 gracefulShutdownComplete := sc.goAwayCode == http2ErrCodeNo && sc.curOpenStreams() == 0 4490 if sentGoAway && sc.shutdownTimer == nil && (sc.goAwayCode != http2ErrCodeNo || gracefulShutdownComplete) { 4491 sc.shutDownIn(http2goAwayTimeout) 4492 } 4493 } 4494} 4495 4496func (sc *http2serverConn) awaitGracefulShutdown(sharedCh <-chan struct{}, privateCh chan struct{}) { 4497 select { 4498 case <-sc.doneServing: 4499 case <-sharedCh: 4500 close(privateCh) 4501 } 4502} 4503 4504type http2serverMessage int 4505 4506// Message values sent to serveMsgCh. 4507var ( 4508 http2settingsTimerMsg = new(http2serverMessage) 4509 http2idleTimerMsg = new(http2serverMessage) 4510 http2shutdownTimerMsg = new(http2serverMessage) 4511 http2gracefulShutdownMsg = new(http2serverMessage) 4512) 4513 4514func (sc *http2serverConn) onSettingsTimer() { sc.sendServeMsg(http2settingsTimerMsg) } 4515 4516func (sc *http2serverConn) onIdleTimer() { sc.sendServeMsg(http2idleTimerMsg) } 4517 4518func (sc *http2serverConn) onShutdownTimer() { sc.sendServeMsg(http2shutdownTimerMsg) } 4519 4520func (sc *http2serverConn) sendServeMsg(msg interface{}) { 4521 sc.serveG.checkNotOn() // NOT 4522 select { 4523 case sc.serveMsgCh <- msg: 4524 case <-sc.doneServing: 4525 } 4526} 4527 4528var http2errPrefaceTimeout = errors.New("timeout waiting for client preface") 4529 4530// readPreface reads the ClientPreface greeting from the peer or 4531// returns errPrefaceTimeout on timeout, or an error if the greeting 4532// is invalid. 4533func (sc *http2serverConn) readPreface() error { 4534 errc := make(chan error, 1) 4535 go func() { 4536 // Read the client preface 4537 buf := make([]byte, len(http2ClientPreface)) 4538 if _, err := io.ReadFull(sc.conn, buf); err != nil { 4539 errc <- err 4540 } else if !bytes.Equal(buf, http2clientPreface) { 4541 errc <- fmt.Errorf("bogus greeting %q", buf) 4542 } else { 4543 errc <- nil 4544 } 4545 }() 4546 timer := time.NewTimer(http2prefaceTimeout) // TODO: configurable on *Server? 4547 defer timer.Stop() 4548 select { 4549 case <-timer.C: 4550 return http2errPrefaceTimeout 4551 case err := <-errc: 4552 if err == nil { 4553 if http2VerboseLogs { 4554 sc.vlogf("http2: server: client %v said hello", sc.conn.RemoteAddr()) 4555 } 4556 } 4557 return err 4558 } 4559} 4560 4561var http2errChanPool = sync.Pool{ 4562 New: func() interface{} { return make(chan error, 1) }, 4563} 4564 4565var http2writeDataPool = sync.Pool{ 4566 New: func() interface{} { return new(http2writeData) }, 4567} 4568 4569// writeDataFromHandler writes DATA response frames from a handler on 4570// the given stream. 4571func (sc *http2serverConn) writeDataFromHandler(stream *http2stream, data []byte, endStream bool) error { 4572 ch := http2errChanPool.Get().(chan error) 4573 writeArg := http2writeDataPool.Get().(*http2writeData) 4574 *writeArg = http2writeData{stream.id, data, endStream} 4575 err := sc.writeFrameFromHandler(http2FrameWriteRequest{ 4576 write: writeArg, 4577 stream: stream, 4578 done: ch, 4579 }) 4580 if err != nil { 4581 return err 4582 } 4583 var frameWriteDone bool // the frame write is done (successfully or not) 4584 select { 4585 case err = <-ch: 4586 frameWriteDone = true 4587 case <-sc.doneServing: 4588 return http2errClientDisconnected 4589 case <-stream.cw: 4590 // If both ch and stream.cw were ready (as might 4591 // happen on the final Write after an http.Handler 4592 // ends), prefer the write result. Otherwise this 4593 // might just be us successfully closing the stream. 4594 // The writeFrameAsync and serve goroutines guarantee 4595 // that the ch send will happen before the stream.cw 4596 // close. 4597 select { 4598 case err = <-ch: 4599 frameWriteDone = true 4600 default: 4601 return http2errStreamClosed 4602 } 4603 } 4604 http2errChanPool.Put(ch) 4605 if frameWriteDone { 4606 http2writeDataPool.Put(writeArg) 4607 } 4608 return err 4609} 4610 4611// writeFrameFromHandler sends wr to sc.wantWriteFrameCh, but aborts 4612// if the connection has gone away. 4613// 4614// This must not be run from the serve goroutine itself, else it might 4615// deadlock writing to sc.wantWriteFrameCh (which is only mildly 4616// buffered and is read by serve itself). If you're on the serve 4617// goroutine, call writeFrame instead. 4618func (sc *http2serverConn) writeFrameFromHandler(wr http2FrameWriteRequest) error { 4619 sc.serveG.checkNotOn() // NOT 4620 select { 4621 case sc.wantWriteFrameCh <- wr: 4622 return nil 4623 case <-sc.doneServing: 4624 // Serve loop is gone. 4625 // Client has closed their connection to the server. 4626 return http2errClientDisconnected 4627 } 4628} 4629 4630// writeFrame schedules a frame to write and sends it if there's nothing 4631// already being written. 4632// 4633// There is no pushback here (the serve goroutine never blocks). It's 4634// the http.Handlers that block, waiting for their previous frames to 4635// make it onto the wire 4636// 4637// If you're not on the serve goroutine, use writeFrameFromHandler instead. 4638func (sc *http2serverConn) writeFrame(wr http2FrameWriteRequest) { 4639 sc.serveG.check() 4640 4641 // If true, wr will not be written and wr.done will not be signaled. 4642 var ignoreWrite bool 4643 4644 // We are not allowed to write frames on closed streams. RFC 7540 Section 4645 // 5.1.1 says: "An endpoint MUST NOT send frames other than PRIORITY on 4646 // a closed stream." Our server never sends PRIORITY, so that exception 4647 // does not apply. 4648 // 4649 // The serverConn might close an open stream while the stream's handler 4650 // is still running. For example, the server might close a stream when it 4651 // receives bad data from the client. If this happens, the handler might 4652 // attempt to write a frame after the stream has been closed (since the 4653 // handler hasn't yet been notified of the close). In this case, we simply 4654 // ignore the frame. The handler will notice that the stream is closed when 4655 // it waits for the frame to be written. 4656 // 4657 // As an exception to this rule, we allow sending RST_STREAM after close. 4658 // This allows us to immediately reject new streams without tracking any 4659 // state for those streams (except for the queued RST_STREAM frame). This 4660 // may result in duplicate RST_STREAMs in some cases, but the client should 4661 // ignore those. 4662 if wr.StreamID() != 0 { 4663 _, isReset := wr.write.(http2StreamError) 4664 if state, _ := sc.state(wr.StreamID()); state == http2stateClosed && !isReset { 4665 ignoreWrite = true 4666 } 4667 } 4668 4669 // Don't send a 100-continue response if we've already sent headers. 4670 // See golang.org/issue/14030. 4671 switch wr.write.(type) { 4672 case *http2writeResHeaders: 4673 wr.stream.wroteHeaders = true 4674 case http2write100ContinueHeadersFrame: 4675 if wr.stream.wroteHeaders { 4676 // We do not need to notify wr.done because this frame is 4677 // never written with wr.done != nil. 4678 if wr.done != nil { 4679 panic("wr.done != nil for write100ContinueHeadersFrame") 4680 } 4681 ignoreWrite = true 4682 } 4683 } 4684 4685 if !ignoreWrite { 4686 if wr.isControl() { 4687 sc.queuedControlFrames++ 4688 // For extra safety, detect wraparounds, which should not happen, 4689 // and pull the plug. 4690 if sc.queuedControlFrames < 0 { 4691 sc.conn.Close() 4692 } 4693 } 4694 sc.writeSched.Push(wr) 4695 } 4696 sc.scheduleFrameWrite() 4697} 4698 4699// startFrameWrite starts a goroutine to write wr (in a separate 4700// goroutine since that might block on the network), and updates the 4701// serve goroutine's state about the world, updated from info in wr. 4702func (sc *http2serverConn) startFrameWrite(wr http2FrameWriteRequest) { 4703 sc.serveG.check() 4704 if sc.writingFrame { 4705 panic("internal error: can only be writing one frame at a time") 4706 } 4707 4708 st := wr.stream 4709 if st != nil { 4710 switch st.state { 4711 case http2stateHalfClosedLocal: 4712 switch wr.write.(type) { 4713 case http2StreamError, http2handlerPanicRST, http2writeWindowUpdate: 4714 // RFC 7540 Section 5.1 allows sending RST_STREAM, PRIORITY, and WINDOW_UPDATE 4715 // in this state. (We never send PRIORITY from the server, so that is not checked.) 4716 default: 4717 panic(fmt.Sprintf("internal error: attempt to send frame on a half-closed-local stream: %v", wr)) 4718 } 4719 case http2stateClosed: 4720 panic(fmt.Sprintf("internal error: attempt to send frame on a closed stream: %v", wr)) 4721 } 4722 } 4723 if wpp, ok := wr.write.(*http2writePushPromise); ok { 4724 var err error 4725 wpp.promisedID, err = wpp.allocatePromisedID() 4726 if err != nil { 4727 sc.writingFrameAsync = false 4728 wr.replyToWriter(err) 4729 return 4730 } 4731 } 4732 4733 sc.writingFrame = true 4734 sc.needsFrameFlush = true 4735 if wr.write.staysWithinBuffer(sc.bw.Available()) { 4736 sc.writingFrameAsync = false 4737 err := wr.write.writeFrame(sc) 4738 sc.wroteFrame(http2frameWriteResult{wr, err}) 4739 } else { 4740 sc.writingFrameAsync = true 4741 go sc.writeFrameAsync(wr) 4742 } 4743} 4744 4745// errHandlerPanicked is the error given to any callers blocked in a read from 4746// Request.Body when the main goroutine panics. Since most handlers read in the 4747// main ServeHTTP goroutine, this will show up rarely. 4748var http2errHandlerPanicked = errors.New("http2: handler panicked") 4749 4750// wroteFrame is called on the serve goroutine with the result of 4751// whatever happened on writeFrameAsync. 4752func (sc *http2serverConn) wroteFrame(res http2frameWriteResult) { 4753 sc.serveG.check() 4754 if !sc.writingFrame { 4755 panic("internal error: expected to be already writing a frame") 4756 } 4757 sc.writingFrame = false 4758 sc.writingFrameAsync = false 4759 4760 wr := res.wr 4761 4762 if http2writeEndsStream(wr.write) { 4763 st := wr.stream 4764 if st == nil { 4765 panic("internal error: expecting non-nil stream") 4766 } 4767 switch st.state { 4768 case http2stateOpen: 4769 // Here we would go to stateHalfClosedLocal in 4770 // theory, but since our handler is done and 4771 // the net/http package provides no mechanism 4772 // for closing a ResponseWriter while still 4773 // reading data (see possible TODO at top of 4774 // this file), we go into closed state here 4775 // anyway, after telling the peer we're 4776 // hanging up on them. We'll transition to 4777 // stateClosed after the RST_STREAM frame is 4778 // written. 4779 st.state = http2stateHalfClosedLocal 4780 // Section 8.1: a server MAY request that the client abort 4781 // transmission of a request without error by sending a 4782 // RST_STREAM with an error code of NO_ERROR after sending 4783 // a complete response. 4784 sc.resetStream(http2streamError(st.id, http2ErrCodeNo)) 4785 case http2stateHalfClosedRemote: 4786 sc.closeStream(st, http2errHandlerComplete) 4787 } 4788 } else { 4789 switch v := wr.write.(type) { 4790 case http2StreamError: 4791 // st may be unknown if the RST_STREAM was generated to reject bad input. 4792 if st, ok := sc.streams[v.StreamID]; ok { 4793 sc.closeStream(st, v) 4794 } 4795 case http2handlerPanicRST: 4796 sc.closeStream(wr.stream, http2errHandlerPanicked) 4797 } 4798 } 4799 4800 // Reply (if requested) to unblock the ServeHTTP goroutine. 4801 wr.replyToWriter(res.err) 4802 4803 sc.scheduleFrameWrite() 4804} 4805 4806// scheduleFrameWrite tickles the frame writing scheduler. 4807// 4808// If a frame is already being written, nothing happens. This will be called again 4809// when the frame is done being written. 4810// 4811// If a frame isn't being written and we need to send one, the best frame 4812// to send is selected by writeSched. 4813// 4814// If a frame isn't being written and there's nothing else to send, we 4815// flush the write buffer. 4816func (sc *http2serverConn) scheduleFrameWrite() { 4817 sc.serveG.check() 4818 if sc.writingFrame || sc.inFrameScheduleLoop { 4819 return 4820 } 4821 sc.inFrameScheduleLoop = true 4822 for !sc.writingFrameAsync { 4823 if sc.needToSendGoAway { 4824 sc.needToSendGoAway = false 4825 sc.startFrameWrite(http2FrameWriteRequest{ 4826 write: &http2writeGoAway{ 4827 maxStreamID: sc.maxClientStreamID, 4828 code: sc.goAwayCode, 4829 }, 4830 }) 4831 continue 4832 } 4833 if sc.needToSendSettingsAck { 4834 sc.needToSendSettingsAck = false 4835 sc.startFrameWrite(http2FrameWriteRequest{write: http2writeSettingsAck{}}) 4836 continue 4837 } 4838 if !sc.inGoAway || sc.goAwayCode == http2ErrCodeNo { 4839 if wr, ok := sc.writeSched.Pop(); ok { 4840 if wr.isControl() { 4841 sc.queuedControlFrames-- 4842 } 4843 sc.startFrameWrite(wr) 4844 continue 4845 } 4846 } 4847 if sc.needsFrameFlush { 4848 sc.startFrameWrite(http2FrameWriteRequest{write: http2flushFrameWriter{}}) 4849 sc.needsFrameFlush = false // after startFrameWrite, since it sets this true 4850 continue 4851 } 4852 break 4853 } 4854 sc.inFrameScheduleLoop = false 4855} 4856 4857// startGracefulShutdown gracefully shuts down a connection. This 4858// sends GOAWAY with ErrCodeNo to tell the client we're gracefully 4859// shutting down. The connection isn't closed until all current 4860// streams are done. 4861// 4862// startGracefulShutdown returns immediately; it does not wait until 4863// the connection has shut down. 4864func (sc *http2serverConn) startGracefulShutdown() { 4865 sc.serveG.checkNotOn() // NOT 4866 sc.shutdownOnce.Do(func() { sc.sendServeMsg(http2gracefulShutdownMsg) }) 4867} 4868 4869// After sending GOAWAY, the connection will close after goAwayTimeout. 4870// If we close the connection immediately after sending GOAWAY, there may 4871// be unsent data in our kernel receive buffer, which will cause the kernel 4872// to send a TCP RST on close() instead of a FIN. This RST will abort the 4873// connection immediately, whether or not the client had received the GOAWAY. 4874// 4875// Ideally we should delay for at least 1 RTT + epsilon so the client has 4876// a chance to read the GOAWAY and stop sending messages. Measuring RTT 4877// is hard, so we approximate with 1 second. See golang.org/issue/18701. 4878// 4879// This is a var so it can be shorter in tests, where all requests uses the 4880// loopback interface making the expected RTT very small. 4881// 4882// TODO: configurable? 4883var http2goAwayTimeout = 1 * time.Second 4884 4885func (sc *http2serverConn) startGracefulShutdownInternal() { 4886 sc.goAway(http2ErrCodeNo) 4887} 4888 4889func (sc *http2serverConn) goAway(code http2ErrCode) { 4890 sc.serveG.check() 4891 if sc.inGoAway { 4892 return 4893 } 4894 sc.inGoAway = true 4895 sc.needToSendGoAway = true 4896 sc.goAwayCode = code 4897 sc.scheduleFrameWrite() 4898} 4899 4900func (sc *http2serverConn) shutDownIn(d time.Duration) { 4901 sc.serveG.check() 4902 sc.shutdownTimer = time.AfterFunc(d, sc.onShutdownTimer) 4903} 4904 4905func (sc *http2serverConn) resetStream(se http2StreamError) { 4906 sc.serveG.check() 4907 sc.writeFrame(http2FrameWriteRequest{write: se}) 4908 if st, ok := sc.streams[se.StreamID]; ok { 4909 st.resetQueued = true 4910 } 4911} 4912 4913// processFrameFromReader processes the serve loop's read from readFrameCh from the 4914// frame-reading goroutine. 4915// processFrameFromReader returns whether the connection should be kept open. 4916func (sc *http2serverConn) processFrameFromReader(res http2readFrameResult) bool { 4917 sc.serveG.check() 4918 err := res.err 4919 if err != nil { 4920 if err == http2ErrFrameTooLarge { 4921 sc.goAway(http2ErrCodeFrameSize) 4922 return true // goAway will close the loop 4923 } 4924 clientGone := err == io.EOF || err == io.ErrUnexpectedEOF || http2isClosedConnError(err) 4925 if clientGone { 4926 // TODO: could we also get into this state if 4927 // the peer does a half close 4928 // (e.g. CloseWrite) because they're done 4929 // sending frames but they're still wanting 4930 // our open replies? Investigate. 4931 // TODO: add CloseWrite to crypto/tls.Conn first 4932 // so we have a way to test this? I suppose 4933 // just for testing we could have a non-TLS mode. 4934 return false 4935 } 4936 } else { 4937 f := res.f 4938 if http2VerboseLogs { 4939 sc.vlogf("http2: server read frame %v", http2summarizeFrame(f)) 4940 } 4941 err = sc.processFrame(f) 4942 if err == nil { 4943 return true 4944 } 4945 } 4946 4947 switch ev := err.(type) { 4948 case http2StreamError: 4949 sc.resetStream(ev) 4950 return true 4951 case http2goAwayFlowError: 4952 sc.goAway(http2ErrCodeFlowControl) 4953 return true 4954 case http2ConnectionError: 4955 sc.logf("http2: server connection error from %v: %v", sc.conn.RemoteAddr(), ev) 4956 sc.goAway(http2ErrCode(ev)) 4957 return true // goAway will handle shutdown 4958 default: 4959 if res.err != nil { 4960 sc.vlogf("http2: server closing client connection; error reading frame from client %s: %v", sc.conn.RemoteAddr(), err) 4961 } else { 4962 sc.logf("http2: server closing client connection: %v", err) 4963 } 4964 return false 4965 } 4966} 4967 4968func (sc *http2serverConn) processFrame(f http2Frame) error { 4969 sc.serveG.check() 4970 4971 // First frame received must be SETTINGS. 4972 if !sc.sawFirstSettings { 4973 if _, ok := f.(*http2SettingsFrame); !ok { 4974 return http2ConnectionError(http2ErrCodeProtocol) 4975 } 4976 sc.sawFirstSettings = true 4977 } 4978 4979 switch f := f.(type) { 4980 case *http2SettingsFrame: 4981 return sc.processSettings(f) 4982 case *http2MetaHeadersFrame: 4983 return sc.processHeaders(f) 4984 case *http2WindowUpdateFrame: 4985 return sc.processWindowUpdate(f) 4986 case *http2PingFrame: 4987 return sc.processPing(f) 4988 case *http2DataFrame: 4989 return sc.processData(f) 4990 case *http2RSTStreamFrame: 4991 return sc.processResetStream(f) 4992 case *http2PriorityFrame: 4993 return sc.processPriority(f) 4994 case *http2GoAwayFrame: 4995 return sc.processGoAway(f) 4996 case *http2PushPromiseFrame: 4997 // A client cannot push. Thus, servers MUST treat the receipt of a PUSH_PROMISE 4998 // frame as a connection error (Section 5.4.1) of type PROTOCOL_ERROR. 4999 return http2ConnectionError(http2ErrCodeProtocol) 5000 default: 5001 sc.vlogf("http2: server ignoring frame: %v", f.Header()) 5002 return nil 5003 } 5004} 5005 5006func (sc *http2serverConn) processPing(f *http2PingFrame) error { 5007 sc.serveG.check() 5008 if f.IsAck() { 5009 // 6.7 PING: " An endpoint MUST NOT respond to PING frames 5010 // containing this flag." 5011 return nil 5012 } 5013 if f.StreamID != 0 { 5014 // "PING frames are not associated with any individual 5015 // stream. If a PING frame is received with a stream 5016 // identifier field value other than 0x0, the recipient MUST 5017 // respond with a connection error (Section 5.4.1) of type 5018 // PROTOCOL_ERROR." 5019 return http2ConnectionError(http2ErrCodeProtocol) 5020 } 5021 if sc.inGoAway && sc.goAwayCode != http2ErrCodeNo { 5022 return nil 5023 } 5024 sc.writeFrame(http2FrameWriteRequest{write: http2writePingAck{f}}) 5025 return nil 5026} 5027 5028func (sc *http2serverConn) processWindowUpdate(f *http2WindowUpdateFrame) error { 5029 sc.serveG.check() 5030 switch { 5031 case f.StreamID != 0: // stream-level flow control 5032 state, st := sc.state(f.StreamID) 5033 if state == http2stateIdle { 5034 // Section 5.1: "Receiving any frame other than HEADERS 5035 // or PRIORITY on a stream in this state MUST be 5036 // treated as a connection error (Section 5.4.1) of 5037 // type PROTOCOL_ERROR." 5038 return http2ConnectionError(http2ErrCodeProtocol) 5039 } 5040 if st == nil { 5041 // "WINDOW_UPDATE can be sent by a peer that has sent a 5042 // frame bearing the END_STREAM flag. This means that a 5043 // receiver could receive a WINDOW_UPDATE frame on a "half 5044 // closed (remote)" or "closed" stream. A receiver MUST 5045 // NOT treat this as an error, see Section 5.1." 5046 return nil 5047 } 5048 if !st.flow.add(int32(f.Increment)) { 5049 return http2streamError(f.StreamID, http2ErrCodeFlowControl) 5050 } 5051 default: // connection-level flow control 5052 if !sc.flow.add(int32(f.Increment)) { 5053 return http2goAwayFlowError{} 5054 } 5055 } 5056 sc.scheduleFrameWrite() 5057 return nil 5058} 5059 5060func (sc *http2serverConn) processResetStream(f *http2RSTStreamFrame) error { 5061 sc.serveG.check() 5062 5063 state, st := sc.state(f.StreamID) 5064 if state == http2stateIdle { 5065 // 6.4 "RST_STREAM frames MUST NOT be sent for a 5066 // stream in the "idle" state. If a RST_STREAM frame 5067 // identifying an idle stream is received, the 5068 // recipient MUST treat this as a connection error 5069 // (Section 5.4.1) of type PROTOCOL_ERROR. 5070 return http2ConnectionError(http2ErrCodeProtocol) 5071 } 5072 if st != nil { 5073 st.cancelCtx() 5074 sc.closeStream(st, http2streamError(f.StreamID, f.ErrCode)) 5075 } 5076 return nil 5077} 5078 5079func (sc *http2serverConn) closeStream(st *http2stream, err error) { 5080 sc.serveG.check() 5081 if st.state == http2stateIdle || st.state == http2stateClosed { 5082 panic(fmt.Sprintf("invariant; can't close stream in state %v", st.state)) 5083 } 5084 st.state = http2stateClosed 5085 if st.writeDeadline != nil { 5086 st.writeDeadline.Stop() 5087 } 5088 if st.isPushed() { 5089 sc.curPushedStreams-- 5090 } else { 5091 sc.curClientStreams-- 5092 } 5093 delete(sc.streams, st.id) 5094 if len(sc.streams) == 0 { 5095 sc.setConnState(StateIdle) 5096 if sc.srv.IdleTimeout != 0 { 5097 sc.idleTimer.Reset(sc.srv.IdleTimeout) 5098 } 5099 if http2h1ServerKeepAlivesDisabled(sc.hs) { 5100 sc.startGracefulShutdownInternal() 5101 } 5102 } 5103 if p := st.body; p != nil { 5104 // Return any buffered unread bytes worth of conn-level flow control. 5105 // See golang.org/issue/16481 5106 sc.sendWindowUpdate(nil, p.Len()) 5107 5108 p.CloseWithError(err) 5109 } 5110 st.cw.Close() // signals Handler's CloseNotifier, unblocks writes, etc 5111 sc.writeSched.CloseStream(st.id) 5112} 5113 5114func (sc *http2serverConn) processSettings(f *http2SettingsFrame) error { 5115 sc.serveG.check() 5116 if f.IsAck() { 5117 sc.unackedSettings-- 5118 if sc.unackedSettings < 0 { 5119 // Why is the peer ACKing settings we never sent? 5120 // The spec doesn't mention this case, but 5121 // hang up on them anyway. 5122 return http2ConnectionError(http2ErrCodeProtocol) 5123 } 5124 return nil 5125 } 5126 if f.NumSettings() > 100 || f.HasDuplicates() { 5127 // This isn't actually in the spec, but hang up on 5128 // suspiciously large settings frames or those with 5129 // duplicate entries. 5130 return http2ConnectionError(http2ErrCodeProtocol) 5131 } 5132 if err := f.ForeachSetting(sc.processSetting); err != nil { 5133 return err 5134 } 5135 // TODO: judging by RFC 7540, Section 6.5.3 each SETTINGS frame should be 5136 // acknowledged individually, even if multiple are received before the ACK. 5137 sc.needToSendSettingsAck = true 5138 sc.scheduleFrameWrite() 5139 return nil 5140} 5141 5142func (sc *http2serverConn) processSetting(s http2Setting) error { 5143 sc.serveG.check() 5144 if err := s.Valid(); err != nil { 5145 return err 5146 } 5147 if http2VerboseLogs { 5148 sc.vlogf("http2: server processing setting %v", s) 5149 } 5150 switch s.ID { 5151 case http2SettingHeaderTableSize: 5152 sc.headerTableSize = s.Val 5153 sc.hpackEncoder.SetMaxDynamicTableSize(s.Val) 5154 case http2SettingEnablePush: 5155 sc.pushEnabled = s.Val != 0 5156 case http2SettingMaxConcurrentStreams: 5157 sc.clientMaxStreams = s.Val 5158 case http2SettingInitialWindowSize: 5159 return sc.processSettingInitialWindowSize(s.Val) 5160 case http2SettingMaxFrameSize: 5161 sc.maxFrameSize = int32(s.Val) // the maximum valid s.Val is < 2^31 5162 case http2SettingMaxHeaderListSize: 5163 sc.peerMaxHeaderListSize = s.Val 5164 default: 5165 // Unknown setting: "An endpoint that receives a SETTINGS 5166 // frame with any unknown or unsupported identifier MUST 5167 // ignore that setting." 5168 if http2VerboseLogs { 5169 sc.vlogf("http2: server ignoring unknown setting %v", s) 5170 } 5171 } 5172 return nil 5173} 5174 5175func (sc *http2serverConn) processSettingInitialWindowSize(val uint32) error { 5176 sc.serveG.check() 5177 // Note: val already validated to be within range by 5178 // processSetting's Valid call. 5179 5180 // "A SETTINGS frame can alter the initial flow control window 5181 // size for all current streams. When the value of 5182 // SETTINGS_INITIAL_WINDOW_SIZE changes, a receiver MUST 5183 // adjust the size of all stream flow control windows that it 5184 // maintains by the difference between the new value and the 5185 // old value." 5186 old := sc.initialStreamSendWindowSize 5187 sc.initialStreamSendWindowSize = int32(val) 5188 growth := int32(val) - old // may be negative 5189 for _, st := range sc.streams { 5190 if !st.flow.add(growth) { 5191 // 6.9.2 Initial Flow Control Window Size 5192 // "An endpoint MUST treat a change to 5193 // SETTINGS_INITIAL_WINDOW_SIZE that causes any flow 5194 // control window to exceed the maximum size as a 5195 // connection error (Section 5.4.1) of type 5196 // FLOW_CONTROL_ERROR." 5197 return http2ConnectionError(http2ErrCodeFlowControl) 5198 } 5199 } 5200 return nil 5201} 5202 5203func (sc *http2serverConn) processData(f *http2DataFrame) error { 5204 sc.serveG.check() 5205 if sc.inGoAway && sc.goAwayCode != http2ErrCodeNo { 5206 return nil 5207 } 5208 data := f.Data() 5209 5210 // "If a DATA frame is received whose stream is not in "open" 5211 // or "half closed (local)" state, the recipient MUST respond 5212 // with a stream error (Section 5.4.2) of type STREAM_CLOSED." 5213 id := f.Header().StreamID 5214 state, st := sc.state(id) 5215 if id == 0 || state == http2stateIdle { 5216 // Section 5.1: "Receiving any frame other than HEADERS 5217 // or PRIORITY on a stream in this state MUST be 5218 // treated as a connection error (Section 5.4.1) of 5219 // type PROTOCOL_ERROR." 5220 return http2ConnectionError(http2ErrCodeProtocol) 5221 } 5222 if st == nil || state != http2stateOpen || st.gotTrailerHeader || st.resetQueued { 5223 // This includes sending a RST_STREAM if the stream is 5224 // in stateHalfClosedLocal (which currently means that 5225 // the http.Handler returned, so it's done reading & 5226 // done writing). Try to stop the client from sending 5227 // more DATA. 5228 5229 // But still enforce their connection-level flow control, 5230 // and return any flow control bytes since we're not going 5231 // to consume them. 5232 if sc.inflow.available() < int32(f.Length) { 5233 return http2streamError(id, http2ErrCodeFlowControl) 5234 } 5235 // Deduct the flow control from inflow, since we're 5236 // going to immediately add it back in 5237 // sendWindowUpdate, which also schedules sending the 5238 // frames. 5239 sc.inflow.take(int32(f.Length)) 5240 sc.sendWindowUpdate(nil, int(f.Length)) // conn-level 5241 5242 if st != nil && st.resetQueued { 5243 // Already have a stream error in flight. Don't send another. 5244 return nil 5245 } 5246 return http2streamError(id, http2ErrCodeStreamClosed) 5247 } 5248 if st.body == nil { 5249 panic("internal error: should have a body in this state") 5250 } 5251 5252 // Sender sending more than they'd declared? 5253 if st.declBodyBytes != -1 && st.bodyBytes+int64(len(data)) > st.declBodyBytes { 5254 st.body.CloseWithError(fmt.Errorf("sender tried to send more than declared Content-Length of %d bytes", st.declBodyBytes)) 5255 // RFC 7540, sec 8.1.2.6: A request or response is also malformed if the 5256 // value of a content-length header field does not equal the sum of the 5257 // DATA frame payload lengths that form the body. 5258 return http2streamError(id, http2ErrCodeProtocol) 5259 } 5260 if f.Length > 0 { 5261 // Check whether the client has flow control quota. 5262 if st.inflow.available() < int32(f.Length) { 5263 return http2streamError(id, http2ErrCodeFlowControl) 5264 } 5265 st.inflow.take(int32(f.Length)) 5266 5267 if len(data) > 0 { 5268 wrote, err := st.body.Write(data) 5269 if err != nil { 5270 return http2streamError(id, http2ErrCodeStreamClosed) 5271 } 5272 if wrote != len(data) { 5273 panic("internal error: bad Writer") 5274 } 5275 st.bodyBytes += int64(len(data)) 5276 } 5277 5278 // Return any padded flow control now, since we won't 5279 // refund it later on body reads. 5280 if pad := int32(f.Length) - int32(len(data)); pad > 0 { 5281 sc.sendWindowUpdate32(nil, pad) 5282 sc.sendWindowUpdate32(st, pad) 5283 } 5284 } 5285 if f.StreamEnded() { 5286 st.endStream() 5287 } 5288 return nil 5289} 5290 5291func (sc *http2serverConn) processGoAway(f *http2GoAwayFrame) error { 5292 sc.serveG.check() 5293 if f.ErrCode != http2ErrCodeNo { 5294 sc.logf("http2: received GOAWAY %+v, starting graceful shutdown", f) 5295 } else { 5296 sc.vlogf("http2: received GOAWAY %+v, starting graceful shutdown", f) 5297 } 5298 sc.startGracefulShutdownInternal() 5299 // http://tools.ietf.org/html/rfc7540#section-6.8 5300 // We should not create any new streams, which means we should disable push. 5301 sc.pushEnabled = false 5302 return nil 5303} 5304 5305// isPushed reports whether the stream is server-initiated. 5306func (st *http2stream) isPushed() bool { 5307 return st.id%2 == 0 5308} 5309 5310// endStream closes a Request.Body's pipe. It is called when a DATA 5311// frame says a request body is over (or after trailers). 5312func (st *http2stream) endStream() { 5313 sc := st.sc 5314 sc.serveG.check() 5315 5316 if st.declBodyBytes != -1 && st.declBodyBytes != st.bodyBytes { 5317 st.body.CloseWithError(fmt.Errorf("request declared a Content-Length of %d but only wrote %d bytes", 5318 st.declBodyBytes, st.bodyBytes)) 5319 } else { 5320 st.body.closeWithErrorAndCode(io.EOF, st.copyTrailersToHandlerRequest) 5321 st.body.CloseWithError(io.EOF) 5322 } 5323 st.state = http2stateHalfClosedRemote 5324} 5325 5326// copyTrailersToHandlerRequest is run in the Handler's goroutine in 5327// its Request.Body.Read just before it gets io.EOF. 5328func (st *http2stream) copyTrailersToHandlerRequest() { 5329 for k, vv := range st.trailer { 5330 if _, ok := st.reqTrailer[k]; ok { 5331 // Only copy it over it was pre-declared. 5332 st.reqTrailer[k] = vv 5333 } 5334 } 5335} 5336 5337// onWriteTimeout is run on its own goroutine (from time.AfterFunc) 5338// when the stream's WriteTimeout has fired. 5339func (st *http2stream) onWriteTimeout() { 5340 st.sc.writeFrameFromHandler(http2FrameWriteRequest{write: http2streamError(st.id, http2ErrCodeInternal)}) 5341} 5342 5343func (sc *http2serverConn) processHeaders(f *http2MetaHeadersFrame) error { 5344 sc.serveG.check() 5345 id := f.StreamID 5346 if sc.inGoAway { 5347 // Ignore. 5348 return nil 5349 } 5350 // http://tools.ietf.org/html/rfc7540#section-5.1.1 5351 // Streams initiated by a client MUST use odd-numbered stream 5352 // identifiers. [...] An endpoint that receives an unexpected 5353 // stream identifier MUST respond with a connection error 5354 // (Section 5.4.1) of type PROTOCOL_ERROR. 5355 if id%2 != 1 { 5356 return http2ConnectionError(http2ErrCodeProtocol) 5357 } 5358 // A HEADERS frame can be used to create a new stream or 5359 // send a trailer for an open one. If we already have a stream 5360 // open, let it process its own HEADERS frame (trailers at this 5361 // point, if it's valid). 5362 if st := sc.streams[f.StreamID]; st != nil { 5363 if st.resetQueued { 5364 // We're sending RST_STREAM to close the stream, so don't bother 5365 // processing this frame. 5366 return nil 5367 } 5368 // RFC 7540, sec 5.1: If an endpoint receives additional frames, other than 5369 // WINDOW_UPDATE, PRIORITY, or RST_STREAM, for a stream that is in 5370 // this state, it MUST respond with a stream error (Section 5.4.2) of 5371 // type STREAM_CLOSED. 5372 if st.state == http2stateHalfClosedRemote { 5373 return http2streamError(id, http2ErrCodeStreamClosed) 5374 } 5375 return st.processTrailerHeaders(f) 5376 } 5377 5378 // [...] The identifier of a newly established stream MUST be 5379 // numerically greater than all streams that the initiating 5380 // endpoint has opened or reserved. [...] An endpoint that 5381 // receives an unexpected stream identifier MUST respond with 5382 // a connection error (Section 5.4.1) of type PROTOCOL_ERROR. 5383 if id <= sc.maxClientStreamID { 5384 return http2ConnectionError(http2ErrCodeProtocol) 5385 } 5386 sc.maxClientStreamID = id 5387 5388 if sc.idleTimer != nil { 5389 sc.idleTimer.Stop() 5390 } 5391 5392 // http://tools.ietf.org/html/rfc7540#section-5.1.2 5393 // [...] Endpoints MUST NOT exceed the limit set by their peer. An 5394 // endpoint that receives a HEADERS frame that causes their 5395 // advertised concurrent stream limit to be exceeded MUST treat 5396 // this as a stream error (Section 5.4.2) of type PROTOCOL_ERROR 5397 // or REFUSED_STREAM. 5398 if sc.curClientStreams+1 > sc.advMaxStreams { 5399 if sc.unackedSettings == 0 { 5400 // They should know better. 5401 return http2streamError(id, http2ErrCodeProtocol) 5402 } 5403 // Assume it's a network race, where they just haven't 5404 // received our last SETTINGS update. But actually 5405 // this can't happen yet, because we don't yet provide 5406 // a way for users to adjust server parameters at 5407 // runtime. 5408 return http2streamError(id, http2ErrCodeRefusedStream) 5409 } 5410 5411 initialState := http2stateOpen 5412 if f.StreamEnded() { 5413 initialState = http2stateHalfClosedRemote 5414 } 5415 st := sc.newStream(id, 0, initialState) 5416 5417 if f.HasPriority() { 5418 if err := http2checkPriority(f.StreamID, f.Priority); err != nil { 5419 return err 5420 } 5421 sc.writeSched.AdjustStream(st.id, f.Priority) 5422 } 5423 5424 rw, req, err := sc.newWriterAndRequest(st, f) 5425 if err != nil { 5426 return err 5427 } 5428 st.reqTrailer = req.Trailer 5429 if st.reqTrailer != nil { 5430 st.trailer = make(Header) 5431 } 5432 st.body = req.Body.(*http2requestBody).pipe // may be nil 5433 st.declBodyBytes = req.ContentLength 5434 5435 handler := sc.handler.ServeHTTP 5436 if f.Truncated { 5437 // Their header list was too long. Send a 431 error. 5438 handler = http2handleHeaderListTooLong 5439 } else if err := http2checkValidHTTP2RequestHeaders(req.Header); err != nil { 5440 handler = http2new400Handler(err) 5441 } 5442 5443 // The net/http package sets the read deadline from the 5444 // http.Server.ReadTimeout during the TLS handshake, but then 5445 // passes the connection off to us with the deadline already 5446 // set. Disarm it here after the request headers are read, 5447 // similar to how the http1 server works. Here it's 5448 // technically more like the http1 Server's ReadHeaderTimeout 5449 // (in Go 1.8), though. That's a more sane option anyway. 5450 if sc.hs.ReadTimeout != 0 { 5451 sc.conn.SetReadDeadline(time.Time{}) 5452 } 5453 5454 go sc.runHandler(rw, req, handler) 5455 return nil 5456} 5457 5458func (st *http2stream) processTrailerHeaders(f *http2MetaHeadersFrame) error { 5459 sc := st.sc 5460 sc.serveG.check() 5461 if st.gotTrailerHeader { 5462 return http2ConnectionError(http2ErrCodeProtocol) 5463 } 5464 st.gotTrailerHeader = true 5465 if !f.StreamEnded() { 5466 return http2streamError(st.id, http2ErrCodeProtocol) 5467 } 5468 5469 if len(f.PseudoFields()) > 0 { 5470 return http2streamError(st.id, http2ErrCodeProtocol) 5471 } 5472 if st.trailer != nil { 5473 for _, hf := range f.RegularFields() { 5474 key := sc.canonicalHeader(hf.Name) 5475 if !httpguts.ValidTrailerHeader(key) { 5476 // TODO: send more details to the peer somehow. But http2 has 5477 // no way to send debug data at a stream level. Discuss with 5478 // HTTP folk. 5479 return http2streamError(st.id, http2ErrCodeProtocol) 5480 } 5481 st.trailer[key] = append(st.trailer[key], hf.Value) 5482 } 5483 } 5484 st.endStream() 5485 return nil 5486} 5487 5488func http2checkPriority(streamID uint32, p http2PriorityParam) error { 5489 if streamID == p.StreamDep { 5490 // Section 5.3.1: "A stream cannot depend on itself. An endpoint MUST treat 5491 // this as a stream error (Section 5.4.2) of type PROTOCOL_ERROR." 5492 // Section 5.3.3 says that a stream can depend on one of its dependencies, 5493 // so it's only self-dependencies that are forbidden. 5494 return http2streamError(streamID, http2ErrCodeProtocol) 5495 } 5496 return nil 5497} 5498 5499func (sc *http2serverConn) processPriority(f *http2PriorityFrame) error { 5500 if sc.inGoAway { 5501 return nil 5502 } 5503 if err := http2checkPriority(f.StreamID, f.http2PriorityParam); err != nil { 5504 return err 5505 } 5506 sc.writeSched.AdjustStream(f.StreamID, f.http2PriorityParam) 5507 return nil 5508} 5509 5510func (sc *http2serverConn) newStream(id, pusherID uint32, state http2streamState) *http2stream { 5511 sc.serveG.check() 5512 if id == 0 { 5513 panic("internal error: cannot create stream with id 0") 5514 } 5515 5516 ctx, cancelCtx := context.WithCancel(sc.baseCtx) 5517 st := &http2stream{ 5518 sc: sc, 5519 id: id, 5520 state: state, 5521 ctx: ctx, 5522 cancelCtx: cancelCtx, 5523 } 5524 st.cw.Init() 5525 st.flow.conn = &sc.flow // link to conn-level counter 5526 st.flow.add(sc.initialStreamSendWindowSize) 5527 st.inflow.conn = &sc.inflow // link to conn-level counter 5528 st.inflow.add(sc.srv.initialStreamRecvWindowSize()) 5529 if sc.hs.WriteTimeout != 0 { 5530 st.writeDeadline = time.AfterFunc(sc.hs.WriteTimeout, st.onWriteTimeout) 5531 } 5532 5533 sc.streams[id] = st 5534 sc.writeSched.OpenStream(st.id, http2OpenStreamOptions{PusherID: pusherID}) 5535 if st.isPushed() { 5536 sc.curPushedStreams++ 5537 } else { 5538 sc.curClientStreams++ 5539 } 5540 if sc.curOpenStreams() == 1 { 5541 sc.setConnState(StateActive) 5542 } 5543 5544 return st 5545} 5546 5547func (sc *http2serverConn) newWriterAndRequest(st *http2stream, f *http2MetaHeadersFrame) (*http2responseWriter, *Request, error) { 5548 sc.serveG.check() 5549 5550 rp := http2requestParam{ 5551 method: f.PseudoValue("method"), 5552 scheme: f.PseudoValue("scheme"), 5553 authority: f.PseudoValue("authority"), 5554 path: f.PseudoValue("path"), 5555 } 5556 5557 isConnect := rp.method == "CONNECT" 5558 if isConnect { 5559 if rp.path != "" || rp.scheme != "" || rp.authority == "" { 5560 return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol) 5561 } 5562 } else if rp.method == "" || rp.path == "" || (rp.scheme != "https" && rp.scheme != "http") { 5563 // See 8.1.2.6 Malformed Requests and Responses: 5564 // 5565 // Malformed requests or responses that are detected 5566 // MUST be treated as a stream error (Section 5.4.2) 5567 // of type PROTOCOL_ERROR." 5568 // 5569 // 8.1.2.3 Request Pseudo-Header Fields 5570 // "All HTTP/2 requests MUST include exactly one valid 5571 // value for the :method, :scheme, and :path 5572 // pseudo-header fields" 5573 return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol) 5574 } 5575 5576 bodyOpen := !f.StreamEnded() 5577 if rp.method == "HEAD" && bodyOpen { 5578 // HEAD requests can't have bodies 5579 return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol) 5580 } 5581 5582 rp.header = make(Header) 5583 for _, hf := range f.RegularFields() { 5584 rp.header.Add(sc.canonicalHeader(hf.Name), hf.Value) 5585 } 5586 if rp.authority == "" { 5587 rp.authority = rp.header.Get("Host") 5588 } 5589 5590 rw, req, err := sc.newWriterAndRequestNoBody(st, rp) 5591 if err != nil { 5592 return nil, nil, err 5593 } 5594 if bodyOpen { 5595 if vv, ok := rp.header["Content-Length"]; ok { 5596 req.ContentLength, _ = strconv.ParseInt(vv[0], 10, 64) 5597 } else { 5598 req.ContentLength = -1 5599 } 5600 req.Body.(*http2requestBody).pipe = &http2pipe{ 5601 b: &http2dataBuffer{expected: req.ContentLength}, 5602 } 5603 } 5604 return rw, req, nil 5605} 5606 5607type http2requestParam struct { 5608 method string 5609 scheme, authority, path string 5610 header Header 5611} 5612 5613func (sc *http2serverConn) newWriterAndRequestNoBody(st *http2stream, rp http2requestParam) (*http2responseWriter, *Request, error) { 5614 sc.serveG.check() 5615 5616 var tlsState *tls.ConnectionState // nil if not scheme https 5617 if rp.scheme == "https" { 5618 tlsState = sc.tlsState 5619 } 5620 5621 needsContinue := rp.header.Get("Expect") == "100-continue" 5622 if needsContinue { 5623 rp.header.Del("Expect") 5624 } 5625 // Merge Cookie headers into one "; "-delimited value. 5626 if cookies := rp.header["Cookie"]; len(cookies) > 1 { 5627 rp.header.Set("Cookie", strings.Join(cookies, "; ")) 5628 } 5629 5630 // Setup Trailers 5631 var trailer Header 5632 for _, v := range rp.header["Trailer"] { 5633 for _, key := range strings.Split(v, ",") { 5634 key = CanonicalHeaderKey(strings.TrimSpace(key)) 5635 switch key { 5636 case "Transfer-Encoding", "Trailer", "Content-Length": 5637 // Bogus. (copy of http1 rules) 5638 // Ignore. 5639 default: 5640 if trailer == nil { 5641 trailer = make(Header) 5642 } 5643 trailer[key] = nil 5644 } 5645 } 5646 } 5647 delete(rp.header, "Trailer") 5648 5649 var url_ *url.URL 5650 var requestURI string 5651 if rp.method == "CONNECT" { 5652 url_ = &url.URL{Host: rp.authority} 5653 requestURI = rp.authority // mimic HTTP/1 server behavior 5654 } else { 5655 var err error 5656 url_, err = url.ParseRequestURI(rp.path) 5657 if err != nil { 5658 return nil, nil, http2streamError(st.id, http2ErrCodeProtocol) 5659 } 5660 requestURI = rp.path 5661 } 5662 5663 body := &http2requestBody{ 5664 conn: sc, 5665 stream: st, 5666 needsContinue: needsContinue, 5667 } 5668 req := &Request{ 5669 Method: rp.method, 5670 URL: url_, 5671 RemoteAddr: sc.remoteAddrStr, 5672 Header: rp.header, 5673 RequestURI: requestURI, 5674 Proto: "HTTP/2.0", 5675 ProtoMajor: 2, 5676 ProtoMinor: 0, 5677 TLS: tlsState, 5678 Host: rp.authority, 5679 Body: body, 5680 Trailer: trailer, 5681 } 5682 req = req.WithContext(st.ctx) 5683 5684 rws := http2responseWriterStatePool.Get().(*http2responseWriterState) 5685 bwSave := rws.bw 5686 *rws = http2responseWriterState{} // zero all the fields 5687 rws.conn = sc 5688 rws.bw = bwSave 5689 rws.bw.Reset(http2chunkWriter{rws}) 5690 rws.stream = st 5691 rws.req = req 5692 rws.body = body 5693 5694 rw := &http2responseWriter{rws: rws} 5695 return rw, req, nil 5696} 5697 5698// Run on its own goroutine. 5699func (sc *http2serverConn) runHandler(rw *http2responseWriter, req *Request, handler func(ResponseWriter, *Request)) { 5700 didPanic := true 5701 defer func() { 5702 rw.rws.stream.cancelCtx() 5703 if didPanic { 5704 e := recover() 5705 sc.writeFrameFromHandler(http2FrameWriteRequest{ 5706 write: http2handlerPanicRST{rw.rws.stream.id}, 5707 stream: rw.rws.stream, 5708 }) 5709 // Same as net/http: 5710 if e != nil && e != ErrAbortHandler { 5711 const size = 64 << 10 5712 buf := make([]byte, size) 5713 buf = buf[:runtime.Stack(buf, false)] 5714 sc.logf("http2: panic serving %v: %v\n%s", sc.conn.RemoteAddr(), e, buf) 5715 } 5716 return 5717 } 5718 rw.handlerDone() 5719 }() 5720 handler(rw, req) 5721 didPanic = false 5722} 5723 5724func http2handleHeaderListTooLong(w ResponseWriter, r *Request) { 5725 // 10.5.1 Limits on Header Block Size: 5726 // .. "A server that receives a larger header block than it is 5727 // willing to handle can send an HTTP 431 (Request Header Fields Too 5728 // Large) status code" 5729 const statusRequestHeaderFieldsTooLarge = 431 // only in Go 1.6+ 5730 w.WriteHeader(statusRequestHeaderFieldsTooLarge) 5731 io.WriteString(w, "<h1>HTTP Error 431</h1><p>Request Header Field(s) Too Large</p>") 5732} 5733 5734// called from handler goroutines. 5735// h may be nil. 5736func (sc *http2serverConn) writeHeaders(st *http2stream, headerData *http2writeResHeaders) error { 5737 sc.serveG.checkNotOn() // NOT on 5738 var errc chan error 5739 if headerData.h != nil { 5740 // If there's a header map (which we don't own), so we have to block on 5741 // waiting for this frame to be written, so an http.Flush mid-handler 5742 // writes out the correct value of keys, before a handler later potentially 5743 // mutates it. 5744 errc = http2errChanPool.Get().(chan error) 5745 } 5746 if err := sc.writeFrameFromHandler(http2FrameWriteRequest{ 5747 write: headerData, 5748 stream: st, 5749 done: errc, 5750 }); err != nil { 5751 return err 5752 } 5753 if errc != nil { 5754 select { 5755 case err := <-errc: 5756 http2errChanPool.Put(errc) 5757 return err 5758 case <-sc.doneServing: 5759 return http2errClientDisconnected 5760 case <-st.cw: 5761 return http2errStreamClosed 5762 } 5763 } 5764 return nil 5765} 5766 5767// called from handler goroutines. 5768func (sc *http2serverConn) write100ContinueHeaders(st *http2stream) { 5769 sc.writeFrameFromHandler(http2FrameWriteRequest{ 5770 write: http2write100ContinueHeadersFrame{st.id}, 5771 stream: st, 5772 }) 5773} 5774 5775// A bodyReadMsg tells the server loop that the http.Handler read n 5776// bytes of the DATA from the client on the given stream. 5777type http2bodyReadMsg struct { 5778 st *http2stream 5779 n int 5780} 5781 5782// called from handler goroutines. 5783// Notes that the handler for the given stream ID read n bytes of its body 5784// and schedules flow control tokens to be sent. 5785func (sc *http2serverConn) noteBodyReadFromHandler(st *http2stream, n int, err error) { 5786 sc.serveG.checkNotOn() // NOT on 5787 if n > 0 { 5788 select { 5789 case sc.bodyReadCh <- http2bodyReadMsg{st, n}: 5790 case <-sc.doneServing: 5791 } 5792 } 5793} 5794 5795func (sc *http2serverConn) noteBodyRead(st *http2stream, n int) { 5796 sc.serveG.check() 5797 sc.sendWindowUpdate(nil, n) // conn-level 5798 if st.state != http2stateHalfClosedRemote && st.state != http2stateClosed { 5799 // Don't send this WINDOW_UPDATE if the stream is closed 5800 // remotely. 5801 sc.sendWindowUpdate(st, n) 5802 } 5803} 5804 5805// st may be nil for conn-level 5806func (sc *http2serverConn) sendWindowUpdate(st *http2stream, n int) { 5807 sc.serveG.check() 5808 // "The legal range for the increment to the flow control 5809 // window is 1 to 2^31-1 (2,147,483,647) octets." 5810 // A Go Read call on 64-bit machines could in theory read 5811 // a larger Read than this. Very unlikely, but we handle it here 5812 // rather than elsewhere for now. 5813 const maxUint31 = 1<<31 - 1 5814 for n >= maxUint31 { 5815 sc.sendWindowUpdate32(st, maxUint31) 5816 n -= maxUint31 5817 } 5818 sc.sendWindowUpdate32(st, int32(n)) 5819} 5820 5821// st may be nil for conn-level 5822func (sc *http2serverConn) sendWindowUpdate32(st *http2stream, n int32) { 5823 sc.serveG.check() 5824 if n == 0 { 5825 return 5826 } 5827 if n < 0 { 5828 panic("negative update") 5829 } 5830 var streamID uint32 5831 if st != nil { 5832 streamID = st.id 5833 } 5834 sc.writeFrame(http2FrameWriteRequest{ 5835 write: http2writeWindowUpdate{streamID: streamID, n: uint32(n)}, 5836 stream: st, 5837 }) 5838 var ok bool 5839 if st == nil { 5840 ok = sc.inflow.add(n) 5841 } else { 5842 ok = st.inflow.add(n) 5843 } 5844 if !ok { 5845 panic("internal error; sent too many window updates without decrements?") 5846 } 5847} 5848 5849// requestBody is the Handler's Request.Body type. 5850// Read and Close may be called concurrently. 5851type http2requestBody struct { 5852 stream *http2stream 5853 conn *http2serverConn 5854 closed bool // for use by Close only 5855 sawEOF bool // for use by Read only 5856 pipe *http2pipe // non-nil if we have a HTTP entity message body 5857 needsContinue bool // need to send a 100-continue 5858} 5859 5860func (b *http2requestBody) Close() error { 5861 if b.pipe != nil && !b.closed { 5862 b.pipe.BreakWithError(http2errClosedBody) 5863 } 5864 b.closed = true 5865 return nil 5866} 5867 5868func (b *http2requestBody) Read(p []byte) (n int, err error) { 5869 if b.needsContinue { 5870 b.needsContinue = false 5871 b.conn.write100ContinueHeaders(b.stream) 5872 } 5873 if b.pipe == nil || b.sawEOF { 5874 return 0, io.EOF 5875 } 5876 n, err = b.pipe.Read(p) 5877 if err == io.EOF { 5878 b.sawEOF = true 5879 } 5880 if b.conn == nil && http2inTests { 5881 return 5882 } 5883 b.conn.noteBodyReadFromHandler(b.stream, n, err) 5884 return 5885} 5886 5887// responseWriter is the http.ResponseWriter implementation. It's 5888// intentionally small (1 pointer wide) to minimize garbage. The 5889// responseWriterState pointer inside is zeroed at the end of a 5890// request (in handlerDone) and calls on the responseWriter thereafter 5891// simply crash (caller's mistake), but the much larger responseWriterState 5892// and buffers are reused between multiple requests. 5893type http2responseWriter struct { 5894 rws *http2responseWriterState 5895} 5896 5897// Optional http.ResponseWriter interfaces implemented. 5898var ( 5899 _ CloseNotifier = (*http2responseWriter)(nil) 5900 _ Flusher = (*http2responseWriter)(nil) 5901 _ http2stringWriter = (*http2responseWriter)(nil) 5902) 5903 5904type http2responseWriterState struct { 5905 // immutable within a request: 5906 stream *http2stream 5907 req *Request 5908 body *http2requestBody // to close at end of request, if DATA frames didn't 5909 conn *http2serverConn 5910 5911 // TODO: adjust buffer writing sizes based on server config, frame size updates from peer, etc 5912 bw *bufio.Writer // writing to a chunkWriter{this *responseWriterState} 5913 5914 // mutated by http.Handler goroutine: 5915 handlerHeader Header // nil until called 5916 snapHeader Header // snapshot of handlerHeader at WriteHeader time 5917 trailers []string // set in writeChunk 5918 status int // status code passed to WriteHeader 5919 wroteHeader bool // WriteHeader called (explicitly or implicitly). Not necessarily sent to user yet. 5920 sentHeader bool // have we sent the header frame? 5921 handlerDone bool // handler has finished 5922 dirty bool // a Write failed; don't reuse this responseWriterState 5923 5924 sentContentLen int64 // non-zero if handler set a Content-Length header 5925 wroteBytes int64 5926 5927 closeNotifierMu sync.Mutex // guards closeNotifierCh 5928 closeNotifierCh chan bool // nil until first used 5929} 5930 5931type http2chunkWriter struct{ rws *http2responseWriterState } 5932 5933func (cw http2chunkWriter) Write(p []byte) (n int, err error) { return cw.rws.writeChunk(p) } 5934 5935func (rws *http2responseWriterState) hasTrailers() bool { return len(rws.trailers) > 0 } 5936 5937func (rws *http2responseWriterState) hasNonemptyTrailers() bool { 5938 for _, trailer := range rws.trailers { 5939 if _, ok := rws.handlerHeader[trailer]; ok { 5940 return true 5941 } 5942 } 5943 return false 5944} 5945 5946// declareTrailer is called for each Trailer header when the 5947// response header is written. It notes that a header will need to be 5948// written in the trailers at the end of the response. 5949func (rws *http2responseWriterState) declareTrailer(k string) { 5950 k = CanonicalHeaderKey(k) 5951 if !httpguts.ValidTrailerHeader(k) { 5952 // Forbidden by RFC 7230, section 4.1.2. 5953 rws.conn.logf("ignoring invalid trailer %q", k) 5954 return 5955 } 5956 if !http2strSliceContains(rws.trailers, k) { 5957 rws.trailers = append(rws.trailers, k) 5958 } 5959} 5960 5961// writeChunk writes chunks from the bufio.Writer. But because 5962// bufio.Writer may bypass its chunking, sometimes p may be 5963// arbitrarily large. 5964// 5965// writeChunk is also responsible (on the first chunk) for sending the 5966// HEADER response. 5967func (rws *http2responseWriterState) writeChunk(p []byte) (n int, err error) { 5968 if !rws.wroteHeader { 5969 rws.writeHeader(200) 5970 } 5971 5972 isHeadResp := rws.req.Method == "HEAD" 5973 if !rws.sentHeader { 5974 rws.sentHeader = true 5975 var ctype, clen string 5976 if clen = rws.snapHeader.Get("Content-Length"); clen != "" { 5977 rws.snapHeader.Del("Content-Length") 5978 clen64, err := strconv.ParseInt(clen, 10, 64) 5979 if err == nil && clen64 >= 0 { 5980 rws.sentContentLen = clen64 5981 } else { 5982 clen = "" 5983 } 5984 } 5985 if clen == "" && rws.handlerDone && http2bodyAllowedForStatus(rws.status) && (len(p) > 0 || !isHeadResp) { 5986 clen = strconv.Itoa(len(p)) 5987 } 5988 _, hasContentType := rws.snapHeader["Content-Type"] 5989 // If the Content-Encoding is non-blank, we shouldn't 5990 // sniff the body. See Issue golang.org/issue/31753. 5991 ce := rws.snapHeader.Get("Content-Encoding") 5992 hasCE := len(ce) > 0 5993 if !hasCE && !hasContentType && http2bodyAllowedForStatus(rws.status) && len(p) > 0 { 5994 ctype = DetectContentType(p) 5995 } 5996 var date string 5997 if _, ok := rws.snapHeader["Date"]; !ok { 5998 // TODO(bradfitz): be faster here, like net/http? measure. 5999 date = time.Now().UTC().Format(TimeFormat) 6000 } 6001 6002 for _, v := range rws.snapHeader["Trailer"] { 6003 http2foreachHeaderElement(v, rws.declareTrailer) 6004 } 6005 6006 // "Connection" headers aren't allowed in HTTP/2 (RFC 7540, 8.1.2.2), 6007 // but respect "Connection" == "close" to mean sending a GOAWAY and tearing 6008 // down the TCP connection when idle, like we do for HTTP/1. 6009 // TODO: remove more Connection-specific header fields here, in addition 6010 // to "Connection". 6011 if _, ok := rws.snapHeader["Connection"]; ok { 6012 v := rws.snapHeader.Get("Connection") 6013 delete(rws.snapHeader, "Connection") 6014 if v == "close" { 6015 rws.conn.startGracefulShutdown() 6016 } 6017 } 6018 6019 endStream := (rws.handlerDone && !rws.hasTrailers() && len(p) == 0) || isHeadResp 6020 err = rws.conn.writeHeaders(rws.stream, &http2writeResHeaders{ 6021 streamID: rws.stream.id, 6022 httpResCode: rws.status, 6023 h: rws.snapHeader, 6024 endStream: endStream, 6025 contentType: ctype, 6026 contentLength: clen, 6027 date: date, 6028 }) 6029 if err != nil { 6030 rws.dirty = true 6031 return 0, err 6032 } 6033 if endStream { 6034 return 0, nil 6035 } 6036 } 6037 if isHeadResp { 6038 return len(p), nil 6039 } 6040 if len(p) == 0 && !rws.handlerDone { 6041 return 0, nil 6042 } 6043 6044 if rws.handlerDone { 6045 rws.promoteUndeclaredTrailers() 6046 } 6047 6048 // only send trailers if they have actually been defined by the 6049 // server handler. 6050 hasNonemptyTrailers := rws.hasNonemptyTrailers() 6051 endStream := rws.handlerDone && !hasNonemptyTrailers 6052 if len(p) > 0 || endStream { 6053 // only send a 0 byte DATA frame if we're ending the stream. 6054 if err := rws.conn.writeDataFromHandler(rws.stream, p, endStream); err != nil { 6055 rws.dirty = true 6056 return 0, err 6057 } 6058 } 6059 6060 if rws.handlerDone && hasNonemptyTrailers { 6061 err = rws.conn.writeHeaders(rws.stream, &http2writeResHeaders{ 6062 streamID: rws.stream.id, 6063 h: rws.handlerHeader, 6064 trailers: rws.trailers, 6065 endStream: true, 6066 }) 6067 if err != nil { 6068 rws.dirty = true 6069 } 6070 return len(p), err 6071 } 6072 return len(p), nil 6073} 6074 6075// TrailerPrefix is a magic prefix for ResponseWriter.Header map keys 6076// that, if present, signals that the map entry is actually for 6077// the response trailers, and not the response headers. The prefix 6078// is stripped after the ServeHTTP call finishes and the values are 6079// sent in the trailers. 6080// 6081// This mechanism is intended only for trailers that are not known 6082// prior to the headers being written. If the set of trailers is fixed 6083// or known before the header is written, the normal Go trailers mechanism 6084// is preferred: 6085// https://golang.org/pkg/net/http/#ResponseWriter 6086// https://golang.org/pkg/net/http/#example_ResponseWriter_trailers 6087const http2TrailerPrefix = "Trailer:" 6088 6089// promoteUndeclaredTrailers permits http.Handlers to set trailers 6090// after the header has already been flushed. Because the Go 6091// ResponseWriter interface has no way to set Trailers (only the 6092// Header), and because we didn't want to expand the ResponseWriter 6093// interface, and because nobody used trailers, and because RFC 7230 6094// says you SHOULD (but not must) predeclare any trailers in the 6095// header, the official ResponseWriter rules said trailers in Go must 6096// be predeclared, and then we reuse the same ResponseWriter.Header() 6097// map to mean both Headers and Trailers. When it's time to write the 6098// Trailers, we pick out the fields of Headers that were declared as 6099// trailers. That worked for a while, until we found the first major 6100// user of Trailers in the wild: gRPC (using them only over http2), 6101// and gRPC libraries permit setting trailers mid-stream without 6102// predeclaring them. So: change of plans. We still permit the old 6103// way, but we also permit this hack: if a Header() key begins with 6104// "Trailer:", the suffix of that key is a Trailer. Because ':' is an 6105// invalid token byte anyway, there is no ambiguity. (And it's already 6106// filtered out) It's mildly hacky, but not terrible. 6107// 6108// This method runs after the Handler is done and promotes any Header 6109// fields to be trailers. 6110func (rws *http2responseWriterState) promoteUndeclaredTrailers() { 6111 for k, vv := range rws.handlerHeader { 6112 if !strings.HasPrefix(k, http2TrailerPrefix) { 6113 continue 6114 } 6115 trailerKey := strings.TrimPrefix(k, http2TrailerPrefix) 6116 rws.declareTrailer(trailerKey) 6117 rws.handlerHeader[CanonicalHeaderKey(trailerKey)] = vv 6118 } 6119 6120 if len(rws.trailers) > 1 { 6121 sorter := http2sorterPool.Get().(*http2sorter) 6122 sorter.SortStrings(rws.trailers) 6123 http2sorterPool.Put(sorter) 6124 } 6125} 6126 6127func (w *http2responseWriter) Flush() { 6128 rws := w.rws 6129 if rws == nil { 6130 panic("Header called after Handler finished") 6131 } 6132 if rws.bw.Buffered() > 0 { 6133 if err := rws.bw.Flush(); err != nil { 6134 // Ignore the error. The frame writer already knows. 6135 return 6136 } 6137 } else { 6138 // The bufio.Writer won't call chunkWriter.Write 6139 // (writeChunk with zero bytes, so we have to do it 6140 // ourselves to force the HTTP response header and/or 6141 // final DATA frame (with END_STREAM) to be sent. 6142 rws.writeChunk(nil) 6143 } 6144} 6145 6146func (w *http2responseWriter) CloseNotify() <-chan bool { 6147 rws := w.rws 6148 if rws == nil { 6149 panic("CloseNotify called after Handler finished") 6150 } 6151 rws.closeNotifierMu.Lock() 6152 ch := rws.closeNotifierCh 6153 if ch == nil { 6154 ch = make(chan bool, 1) 6155 rws.closeNotifierCh = ch 6156 cw := rws.stream.cw 6157 go func() { 6158 cw.Wait() // wait for close 6159 ch <- true 6160 }() 6161 } 6162 rws.closeNotifierMu.Unlock() 6163 return ch 6164} 6165 6166func (w *http2responseWriter) Header() Header { 6167 rws := w.rws 6168 if rws == nil { 6169 panic("Header called after Handler finished") 6170 } 6171 if rws.handlerHeader == nil { 6172 rws.handlerHeader = make(Header) 6173 } 6174 return rws.handlerHeader 6175} 6176 6177// checkWriteHeaderCode is a copy of net/http's checkWriteHeaderCode. 6178func http2checkWriteHeaderCode(code int) { 6179 // Issue 22880: require valid WriteHeader status codes. 6180 // For now we only enforce that it's three digits. 6181 // In the future we might block things over 599 (600 and above aren't defined 6182 // at http://httpwg.org/specs/rfc7231.html#status.codes) 6183 // and we might block under 200 (once we have more mature 1xx support). 6184 // But for now any three digits. 6185 // 6186 // We used to send "HTTP/1.1 000 0" on the wire in responses but there's 6187 // no equivalent bogus thing we can realistically send in HTTP/2, 6188 // so we'll consistently panic instead and help people find their bugs 6189 // early. (We can't return an error from WriteHeader even if we wanted to.) 6190 if code < 100 || code > 999 { 6191 panic(fmt.Sprintf("invalid WriteHeader code %v", code)) 6192 } 6193} 6194 6195func (w *http2responseWriter) WriteHeader(code int) { 6196 rws := w.rws 6197 if rws == nil { 6198 panic("WriteHeader called after Handler finished") 6199 } 6200 rws.writeHeader(code) 6201} 6202 6203func (rws *http2responseWriterState) writeHeader(code int) { 6204 if !rws.wroteHeader { 6205 http2checkWriteHeaderCode(code) 6206 rws.wroteHeader = true 6207 rws.status = code 6208 if len(rws.handlerHeader) > 0 { 6209 rws.snapHeader = http2cloneHeader(rws.handlerHeader) 6210 } 6211 } 6212} 6213 6214func http2cloneHeader(h Header) Header { 6215 h2 := make(Header, len(h)) 6216 for k, vv := range h { 6217 vv2 := make([]string, len(vv)) 6218 copy(vv2, vv) 6219 h2[k] = vv2 6220 } 6221 return h2 6222} 6223 6224// The Life Of A Write is like this: 6225// 6226// * Handler calls w.Write or w.WriteString -> 6227// * -> rws.bw (*bufio.Writer) -> 6228// * (Handler might call Flush) 6229// * -> chunkWriter{rws} 6230// * -> responseWriterState.writeChunk(p []byte) 6231// * -> responseWriterState.writeChunk (most of the magic; see comment there) 6232func (w *http2responseWriter) Write(p []byte) (n int, err error) { 6233 return w.write(len(p), p, "") 6234} 6235 6236func (w *http2responseWriter) WriteString(s string) (n int, err error) { 6237 return w.write(len(s), nil, s) 6238} 6239 6240// either dataB or dataS is non-zero. 6241func (w *http2responseWriter) write(lenData int, dataB []byte, dataS string) (n int, err error) { 6242 rws := w.rws 6243 if rws == nil { 6244 panic("Write called after Handler finished") 6245 } 6246 if !rws.wroteHeader { 6247 w.WriteHeader(200) 6248 } 6249 if !http2bodyAllowedForStatus(rws.status) { 6250 return 0, ErrBodyNotAllowed 6251 } 6252 rws.wroteBytes += int64(len(dataB)) + int64(len(dataS)) // only one can be set 6253 if rws.sentContentLen != 0 && rws.wroteBytes > rws.sentContentLen { 6254 // TODO: send a RST_STREAM 6255 return 0, errors.New("http2: handler wrote more than declared Content-Length") 6256 } 6257 6258 if dataB != nil { 6259 return rws.bw.Write(dataB) 6260 } else { 6261 return rws.bw.WriteString(dataS) 6262 } 6263} 6264 6265func (w *http2responseWriter) handlerDone() { 6266 rws := w.rws 6267 dirty := rws.dirty 6268 rws.handlerDone = true 6269 w.Flush() 6270 w.rws = nil 6271 if !dirty { 6272 // Only recycle the pool if all prior Write calls to 6273 // the serverConn goroutine completed successfully. If 6274 // they returned earlier due to resets from the peer 6275 // there might still be write goroutines outstanding 6276 // from the serverConn referencing the rws memory. See 6277 // issue 20704. 6278 http2responseWriterStatePool.Put(rws) 6279 } 6280} 6281 6282// Push errors. 6283var ( 6284 http2ErrRecursivePush = errors.New("http2: recursive push not allowed") 6285 http2ErrPushLimitReached = errors.New("http2: push would exceed peer's SETTINGS_MAX_CONCURRENT_STREAMS") 6286) 6287 6288var _ Pusher = (*http2responseWriter)(nil) 6289 6290func (w *http2responseWriter) Push(target string, opts *PushOptions) error { 6291 st := w.rws.stream 6292 sc := st.sc 6293 sc.serveG.checkNotOn() 6294 6295 // No recursive pushes: "PUSH_PROMISE frames MUST only be sent on a peer-initiated stream." 6296 // http://tools.ietf.org/html/rfc7540#section-6.6 6297 if st.isPushed() { 6298 return http2ErrRecursivePush 6299 } 6300 6301 if opts == nil { 6302 opts = new(PushOptions) 6303 } 6304 6305 // Default options. 6306 if opts.Method == "" { 6307 opts.Method = "GET" 6308 } 6309 if opts.Header == nil { 6310 opts.Header = Header{} 6311 } 6312 wantScheme := "http" 6313 if w.rws.req.TLS != nil { 6314 wantScheme = "https" 6315 } 6316 6317 // Validate the request. 6318 u, err := url.Parse(target) 6319 if err != nil { 6320 return err 6321 } 6322 if u.Scheme == "" { 6323 if !strings.HasPrefix(target, "/") { 6324 return fmt.Errorf("target must be an absolute URL or an absolute path: %q", target) 6325 } 6326 u.Scheme = wantScheme 6327 u.Host = w.rws.req.Host 6328 } else { 6329 if u.Scheme != wantScheme { 6330 return fmt.Errorf("cannot push URL with scheme %q from request with scheme %q", u.Scheme, wantScheme) 6331 } 6332 if u.Host == "" { 6333 return errors.New("URL must have a host") 6334 } 6335 } 6336 for k := range opts.Header { 6337 if strings.HasPrefix(k, ":") { 6338 return fmt.Errorf("promised request headers cannot include pseudo header %q", k) 6339 } 6340 // These headers are meaningful only if the request has a body, 6341 // but PUSH_PROMISE requests cannot have a body. 6342 // http://tools.ietf.org/html/rfc7540#section-8.2 6343 // Also disallow Host, since the promised URL must be absolute. 6344 switch strings.ToLower(k) { 6345 case "content-length", "content-encoding", "trailer", "te", "expect", "host": 6346 return fmt.Errorf("promised request headers cannot include %q", k) 6347 } 6348 } 6349 if err := http2checkValidHTTP2RequestHeaders(opts.Header); err != nil { 6350 return err 6351 } 6352 6353 // The RFC effectively limits promised requests to GET and HEAD: 6354 // "Promised requests MUST be cacheable [GET, HEAD, or POST], and MUST be safe [GET or HEAD]" 6355 // http://tools.ietf.org/html/rfc7540#section-8.2 6356 if opts.Method != "GET" && opts.Method != "HEAD" { 6357 return fmt.Errorf("method %q must be GET or HEAD", opts.Method) 6358 } 6359 6360 msg := &http2startPushRequest{ 6361 parent: st, 6362 method: opts.Method, 6363 url: u, 6364 header: http2cloneHeader(opts.Header), 6365 done: http2errChanPool.Get().(chan error), 6366 } 6367 6368 select { 6369 case <-sc.doneServing: 6370 return http2errClientDisconnected 6371 case <-st.cw: 6372 return http2errStreamClosed 6373 case sc.serveMsgCh <- msg: 6374 } 6375 6376 select { 6377 case <-sc.doneServing: 6378 return http2errClientDisconnected 6379 case <-st.cw: 6380 return http2errStreamClosed 6381 case err := <-msg.done: 6382 http2errChanPool.Put(msg.done) 6383 return err 6384 } 6385} 6386 6387type http2startPushRequest struct { 6388 parent *http2stream 6389 method string 6390 url *url.URL 6391 header Header 6392 done chan error 6393} 6394 6395func (sc *http2serverConn) startPush(msg *http2startPushRequest) { 6396 sc.serveG.check() 6397 6398 // http://tools.ietf.org/html/rfc7540#section-6.6. 6399 // PUSH_PROMISE frames MUST only be sent on a peer-initiated stream that 6400 // is in either the "open" or "half-closed (remote)" state. 6401 if msg.parent.state != http2stateOpen && msg.parent.state != http2stateHalfClosedRemote { 6402 // responseWriter.Push checks that the stream is peer-initiated. 6403 msg.done <- http2errStreamClosed 6404 return 6405 } 6406 6407 // http://tools.ietf.org/html/rfc7540#section-6.6. 6408 if !sc.pushEnabled { 6409 msg.done <- ErrNotSupported 6410 return 6411 } 6412 6413 // PUSH_PROMISE frames must be sent in increasing order by stream ID, so 6414 // we allocate an ID for the promised stream lazily, when the PUSH_PROMISE 6415 // is written. Once the ID is allocated, we start the request handler. 6416 allocatePromisedID := func() (uint32, error) { 6417 sc.serveG.check() 6418 6419 // Check this again, just in case. Technically, we might have received 6420 // an updated SETTINGS by the time we got around to writing this frame. 6421 if !sc.pushEnabled { 6422 return 0, ErrNotSupported 6423 } 6424 // http://tools.ietf.org/html/rfc7540#section-6.5.2. 6425 if sc.curPushedStreams+1 > sc.clientMaxStreams { 6426 return 0, http2ErrPushLimitReached 6427 } 6428 6429 // http://tools.ietf.org/html/rfc7540#section-5.1.1. 6430 // Streams initiated by the server MUST use even-numbered identifiers. 6431 // A server that is unable to establish a new stream identifier can send a GOAWAY 6432 // frame so that the client is forced to open a new connection for new streams. 6433 if sc.maxPushPromiseID+2 >= 1<<31 { 6434 sc.startGracefulShutdownInternal() 6435 return 0, http2ErrPushLimitReached 6436 } 6437 sc.maxPushPromiseID += 2 6438 promisedID := sc.maxPushPromiseID 6439 6440 // http://tools.ietf.org/html/rfc7540#section-8.2. 6441 // Strictly speaking, the new stream should start in "reserved (local)", then 6442 // transition to "half closed (remote)" after sending the initial HEADERS, but 6443 // we start in "half closed (remote)" for simplicity. 6444 // See further comments at the definition of stateHalfClosedRemote. 6445 promised := sc.newStream(promisedID, msg.parent.id, http2stateHalfClosedRemote) 6446 rw, req, err := sc.newWriterAndRequestNoBody(promised, http2requestParam{ 6447 method: msg.method, 6448 scheme: msg.url.Scheme, 6449 authority: msg.url.Host, 6450 path: msg.url.RequestURI(), 6451 header: http2cloneHeader(msg.header), // clone since handler runs concurrently with writing the PUSH_PROMISE 6452 }) 6453 if err != nil { 6454 // Should not happen, since we've already validated msg.url. 6455 panic(fmt.Sprintf("newWriterAndRequestNoBody(%+v): %v", msg.url, err)) 6456 } 6457 6458 go sc.runHandler(rw, req, sc.handler.ServeHTTP) 6459 return promisedID, nil 6460 } 6461 6462 sc.writeFrame(http2FrameWriteRequest{ 6463 write: &http2writePushPromise{ 6464 streamID: msg.parent.id, 6465 method: msg.method, 6466 url: msg.url, 6467 h: msg.header, 6468 allocatePromisedID: allocatePromisedID, 6469 }, 6470 stream: msg.parent, 6471 done: msg.done, 6472 }) 6473} 6474 6475// foreachHeaderElement splits v according to the "#rule" construction 6476// in RFC 7230 section 7 and calls fn for each non-empty element. 6477func http2foreachHeaderElement(v string, fn func(string)) { 6478 v = textproto.TrimString(v) 6479 if v == "" { 6480 return 6481 } 6482 if !strings.Contains(v, ",") { 6483 fn(v) 6484 return 6485 } 6486 for _, f := range strings.Split(v, ",") { 6487 if f = textproto.TrimString(f); f != "" { 6488 fn(f) 6489 } 6490 } 6491} 6492 6493// From http://httpwg.org/specs/rfc7540.html#rfc.section.8.1.2.2 6494var http2connHeaders = []string{ 6495 "Connection", 6496 "Keep-Alive", 6497 "Proxy-Connection", 6498 "Transfer-Encoding", 6499 "Upgrade", 6500} 6501 6502// checkValidHTTP2RequestHeaders checks whether h is a valid HTTP/2 request, 6503// per RFC 7540 Section 8.1.2.2. 6504// The returned error is reported to users. 6505func http2checkValidHTTP2RequestHeaders(h Header) error { 6506 for _, k := range http2connHeaders { 6507 if _, ok := h[k]; ok { 6508 return fmt.Errorf("request header %q is not valid in HTTP/2", k) 6509 } 6510 } 6511 te := h["Te"] 6512 if len(te) > 0 && (len(te) > 1 || (te[0] != "trailers" && te[0] != "")) { 6513 return errors.New(`request header "TE" may only be "trailers" in HTTP/2`) 6514 } 6515 return nil 6516} 6517 6518func http2new400Handler(err error) HandlerFunc { 6519 return func(w ResponseWriter, r *Request) { 6520 Error(w, err.Error(), StatusBadRequest) 6521 } 6522} 6523 6524// h1ServerKeepAlivesDisabled reports whether hs has its keep-alives 6525// disabled. See comments on h1ServerShutdownChan above for why 6526// the code is written this way. 6527func http2h1ServerKeepAlivesDisabled(hs *Server) bool { 6528 var x interface{} = hs 6529 type I interface { 6530 doKeepAlives() bool 6531 } 6532 if hs, ok := x.(I); ok { 6533 return !hs.doKeepAlives() 6534 } 6535 return false 6536} 6537 6538const ( 6539 // transportDefaultConnFlow is how many connection-level flow control 6540 // tokens we give the server at start-up, past the default 64k. 6541 http2transportDefaultConnFlow = 1 << 30 6542 6543 // transportDefaultStreamFlow is how many stream-level flow 6544 // control tokens we announce to the peer, and how many bytes 6545 // we buffer per stream. 6546 http2transportDefaultStreamFlow = 4 << 20 6547 6548 // transportDefaultStreamMinRefresh is the minimum number of bytes we'll send 6549 // a stream-level WINDOW_UPDATE for at a time. 6550 http2transportDefaultStreamMinRefresh = 4 << 10 6551 6552 http2defaultUserAgent = "Go-http-client/2.0" 6553) 6554 6555// Transport is an HTTP/2 Transport. 6556// 6557// A Transport internally caches connections to servers. It is safe 6558// for concurrent use by multiple goroutines. 6559type http2Transport struct { 6560 // DialTLS specifies an optional dial function for creating 6561 // TLS connections for requests. 6562 // 6563 // If DialTLS is nil, tls.Dial is used. 6564 // 6565 // If the returned net.Conn has a ConnectionState method like tls.Conn, 6566 // it will be used to set http.Response.TLS. 6567 DialTLS func(network, addr string, cfg *tls.Config) (net.Conn, error) 6568 6569 // TLSClientConfig specifies the TLS configuration to use with 6570 // tls.Client. If nil, the default configuration is used. 6571 TLSClientConfig *tls.Config 6572 6573 // ConnPool optionally specifies an alternate connection pool to use. 6574 // If nil, the default is used. 6575 ConnPool http2ClientConnPool 6576 6577 // DisableCompression, if true, prevents the Transport from 6578 // requesting compression with an "Accept-Encoding: gzip" 6579 // request header when the Request contains no existing 6580 // Accept-Encoding value. If the Transport requests gzip on 6581 // its own and gets a gzipped response, it's transparently 6582 // decoded in the Response.Body. However, if the user 6583 // explicitly requested gzip it is not automatically 6584 // uncompressed. 6585 DisableCompression bool 6586 6587 // AllowHTTP, if true, permits HTTP/2 requests using the insecure, 6588 // plain-text "http" scheme. Note that this does not enable h2c support. 6589 AllowHTTP bool 6590 6591 // MaxHeaderListSize is the http2 SETTINGS_MAX_HEADER_LIST_SIZE to 6592 // send in the initial settings frame. It is how many bytes 6593 // of response headers are allowed. Unlike the http2 spec, zero here 6594 // means to use a default limit (currently 10MB). If you actually 6595 // want to advertise an ulimited value to the peer, Transport 6596 // interprets the highest possible value here (0xffffffff or 1<<32-1) 6597 // to mean no limit. 6598 MaxHeaderListSize uint32 6599 6600 // StrictMaxConcurrentStreams controls whether the server's 6601 // SETTINGS_MAX_CONCURRENT_STREAMS should be respected 6602 // globally. If false, new TCP connections are created to the 6603 // server as needed to keep each under the per-connection 6604 // SETTINGS_MAX_CONCURRENT_STREAMS limit. If true, the 6605 // server's SETTINGS_MAX_CONCURRENT_STREAMS is interpreted as 6606 // a global limit and callers of RoundTrip block when needed, 6607 // waiting for their turn. 6608 StrictMaxConcurrentStreams bool 6609 6610 // t1, if non-nil, is the standard library Transport using 6611 // this transport. Its settings are used (but not its 6612 // RoundTrip method, etc). 6613 t1 *Transport 6614 6615 connPoolOnce sync.Once 6616 connPoolOrDef http2ClientConnPool // non-nil version of ConnPool 6617} 6618 6619func (t *http2Transport) maxHeaderListSize() uint32 { 6620 if t.MaxHeaderListSize == 0 { 6621 return 10 << 20 6622 } 6623 if t.MaxHeaderListSize == 0xffffffff { 6624 return 0 6625 } 6626 return t.MaxHeaderListSize 6627} 6628 6629func (t *http2Transport) disableCompression() bool { 6630 return t.DisableCompression || (t.t1 != nil && t.t1.DisableCompression) 6631} 6632 6633// ConfigureTransport configures a net/http HTTP/1 Transport to use HTTP/2. 6634// It returns an error if t1 has already been HTTP/2-enabled. 6635func http2ConfigureTransport(t1 *Transport) error { 6636 _, err := http2configureTransport(t1) 6637 return err 6638} 6639 6640func http2configureTransport(t1 *Transport) (*http2Transport, error) { 6641 connPool := new(http2clientConnPool) 6642 t2 := &http2Transport{ 6643 ConnPool: http2noDialClientConnPool{connPool}, 6644 t1: t1, 6645 } 6646 connPool.t = t2 6647 if err := http2registerHTTPSProtocol(t1, http2noDialH2RoundTripper{t2}); err != nil { 6648 return nil, err 6649 } 6650 if t1.TLSClientConfig == nil { 6651 t1.TLSClientConfig = new(tls.Config) 6652 } 6653 if !http2strSliceContains(t1.TLSClientConfig.NextProtos, "h2") { 6654 t1.TLSClientConfig.NextProtos = append([]string{"h2"}, t1.TLSClientConfig.NextProtos...) 6655 } 6656 if !http2strSliceContains(t1.TLSClientConfig.NextProtos, "http/1.1") { 6657 t1.TLSClientConfig.NextProtos = append(t1.TLSClientConfig.NextProtos, "http/1.1") 6658 } 6659 upgradeFn := func(authority string, c *tls.Conn) RoundTripper { 6660 addr := http2authorityAddr("https", authority) 6661 if used, err := connPool.addConnIfNeeded(addr, t2, c); err != nil { 6662 go c.Close() 6663 return http2erringRoundTripper{err} 6664 } else if !used { 6665 // Turns out we don't need this c. 6666 // For example, two goroutines made requests to the same host 6667 // at the same time, both kicking off TCP dials. (since protocol 6668 // was unknown) 6669 go c.Close() 6670 } 6671 return t2 6672 } 6673 if m := t1.TLSNextProto; len(m) == 0 { 6674 t1.TLSNextProto = map[string]func(string, *tls.Conn) RoundTripper{ 6675 "h2": upgradeFn, 6676 } 6677 } else { 6678 m["h2"] = upgradeFn 6679 } 6680 return t2, nil 6681} 6682 6683func (t *http2Transport) connPool() http2ClientConnPool { 6684 t.connPoolOnce.Do(t.initConnPool) 6685 return t.connPoolOrDef 6686} 6687 6688func (t *http2Transport) initConnPool() { 6689 if t.ConnPool != nil { 6690 t.connPoolOrDef = t.ConnPool 6691 } else { 6692 t.connPoolOrDef = &http2clientConnPool{t: t} 6693 } 6694} 6695 6696// ClientConn is the state of a single HTTP/2 client connection to an 6697// HTTP/2 server. 6698type http2ClientConn struct { 6699 t *http2Transport 6700 tconn net.Conn // usually *tls.Conn, except specialized impls 6701 tlsState *tls.ConnectionState // nil only for specialized impls 6702 reused uint32 // whether conn is being reused; atomic 6703 singleUse bool // whether being used for a single http.Request 6704 6705 // readLoop goroutine fields: 6706 readerDone chan struct{} // closed on error 6707 readerErr error // set before readerDone is closed 6708 6709 idleTimeout time.Duration // or 0 for never 6710 idleTimer *time.Timer 6711 6712 mu sync.Mutex // guards following 6713 cond *sync.Cond // hold mu; broadcast on flow/closed changes 6714 flow http2flow // our conn-level flow control quota (cs.flow is per stream) 6715 inflow http2flow // peer's conn-level flow control 6716 closing bool 6717 closed bool 6718 wantSettingsAck bool // we sent a SETTINGS frame and haven't heard back 6719 goAway *http2GoAwayFrame // if non-nil, the GoAwayFrame we received 6720 goAwayDebug string // goAway frame's debug data, retained as a string 6721 streams map[uint32]*http2clientStream // client-initiated 6722 nextStreamID uint32 6723 pendingRequests int // requests blocked and waiting to be sent because len(streams) == maxConcurrentStreams 6724 pings map[[8]byte]chan struct{} // in flight ping data to notification channel 6725 bw *bufio.Writer 6726 br *bufio.Reader 6727 fr *http2Framer 6728 lastActive time.Time 6729 lastIdle time.Time // time last idle 6730 // Settings from peer: (also guarded by mu) 6731 maxFrameSize uint32 6732 maxConcurrentStreams uint32 6733 peerMaxHeaderListSize uint64 6734 initialWindowSize uint32 6735 6736 hbuf bytes.Buffer // HPACK encoder writes into this 6737 henc *hpack.Encoder 6738 freeBuf [][]byte 6739 6740 wmu sync.Mutex // held while writing; acquire AFTER mu if holding both 6741 werr error // first write error that has occurred 6742} 6743 6744// clientStream is the state for a single HTTP/2 stream. One of these 6745// is created for each Transport.RoundTrip call. 6746type http2clientStream struct { 6747 cc *http2ClientConn 6748 req *Request 6749 trace *httptrace.ClientTrace // or nil 6750 ID uint32 6751 resc chan http2resAndError 6752 bufPipe http2pipe // buffered pipe with the flow-controlled response payload 6753 startedWrite bool // started request body write; guarded by cc.mu 6754 requestedGzip bool 6755 on100 func() // optional code to run if get a 100 continue response 6756 6757 flow http2flow // guarded by cc.mu 6758 inflow http2flow // guarded by cc.mu 6759 bytesRemain int64 // -1 means unknown; owned by transportResponseBody.Read 6760 readErr error // sticky read error; owned by transportResponseBody.Read 6761 stopReqBody error // if non-nil, stop writing req body; guarded by cc.mu 6762 didReset bool // whether we sent a RST_STREAM to the server; guarded by cc.mu 6763 6764 peerReset chan struct{} // closed on peer reset 6765 resetErr error // populated before peerReset is closed 6766 6767 done chan struct{} // closed when stream remove from cc.streams map; close calls guarded by cc.mu 6768 6769 // owned by clientConnReadLoop: 6770 firstByte bool // got the first response byte 6771 pastHeaders bool // got first MetaHeadersFrame (actual headers) 6772 pastTrailers bool // got optional second MetaHeadersFrame (trailers) 6773 num1xx uint8 // number of 1xx responses seen 6774 6775 trailer Header // accumulated trailers 6776 resTrailer *Header // client's Response.Trailer 6777} 6778 6779// awaitRequestCancel waits for the user to cancel a request or for the done 6780// channel to be signaled. A non-nil error is returned only if the request was 6781// canceled. 6782func http2awaitRequestCancel(req *Request, done <-chan struct{}) error { 6783 ctx := req.Context() 6784 if req.Cancel == nil && ctx.Done() == nil { 6785 return nil 6786 } 6787 select { 6788 case <-req.Cancel: 6789 return http2errRequestCanceled 6790 case <-ctx.Done(): 6791 return ctx.Err() 6792 case <-done: 6793 return nil 6794 } 6795} 6796 6797var http2got1xxFuncForTests func(int, textproto.MIMEHeader) error 6798 6799// get1xxTraceFunc returns the value of request's httptrace.ClientTrace.Got1xxResponse func, 6800// if any. It returns nil if not set or if the Go version is too old. 6801func (cs *http2clientStream) get1xxTraceFunc() func(int, textproto.MIMEHeader) error { 6802 if fn := http2got1xxFuncForTests; fn != nil { 6803 return fn 6804 } 6805 return http2traceGot1xxResponseFunc(cs.trace) 6806} 6807 6808// awaitRequestCancel waits for the user to cancel a request, its context to 6809// expire, or for the request to be done (any way it might be removed from the 6810// cc.streams map: peer reset, successful completion, TCP connection breakage, 6811// etc). If the request is canceled, then cs will be canceled and closed. 6812func (cs *http2clientStream) awaitRequestCancel(req *Request) { 6813 if err := http2awaitRequestCancel(req, cs.done); err != nil { 6814 cs.cancelStream() 6815 cs.bufPipe.CloseWithError(err) 6816 } 6817} 6818 6819func (cs *http2clientStream) cancelStream() { 6820 cc := cs.cc 6821 cc.mu.Lock() 6822 didReset := cs.didReset 6823 cs.didReset = true 6824 cc.mu.Unlock() 6825 6826 if !didReset { 6827 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 6828 cc.forgetStreamID(cs.ID) 6829 } 6830} 6831 6832// checkResetOrDone reports any error sent in a RST_STREAM frame by the 6833// server, or errStreamClosed if the stream is complete. 6834func (cs *http2clientStream) checkResetOrDone() error { 6835 select { 6836 case <-cs.peerReset: 6837 return cs.resetErr 6838 case <-cs.done: 6839 return http2errStreamClosed 6840 default: 6841 return nil 6842 } 6843} 6844 6845func (cs *http2clientStream) getStartedWrite() bool { 6846 cc := cs.cc 6847 cc.mu.Lock() 6848 defer cc.mu.Unlock() 6849 return cs.startedWrite 6850} 6851 6852func (cs *http2clientStream) abortRequestBodyWrite(err error) { 6853 if err == nil { 6854 panic("nil error") 6855 } 6856 cc := cs.cc 6857 cc.mu.Lock() 6858 cs.stopReqBody = err 6859 cc.cond.Broadcast() 6860 cc.mu.Unlock() 6861} 6862 6863type http2stickyErrWriter struct { 6864 w io.Writer 6865 err *error 6866} 6867 6868func (sew http2stickyErrWriter) Write(p []byte) (n int, err error) { 6869 if *sew.err != nil { 6870 return 0, *sew.err 6871 } 6872 n, err = sew.w.Write(p) 6873 *sew.err = err 6874 return 6875} 6876 6877// noCachedConnError is the concrete type of ErrNoCachedConn, which 6878// needs to be detected by net/http regardless of whether it's its 6879// bundled version (in h2_bundle.go with a rewritten type name) or 6880// from a user's x/net/http2. As such, as it has a unique method name 6881// (IsHTTP2NoCachedConnError) that net/http sniffs for via func 6882// isNoCachedConnError. 6883type http2noCachedConnError struct{} 6884 6885func (http2noCachedConnError) IsHTTP2NoCachedConnError() {} 6886 6887func (http2noCachedConnError) Error() string { return "http2: no cached connection was available" } 6888 6889// isNoCachedConnError reports whether err is of type noCachedConnError 6890// or its equivalent renamed type in net/http2's h2_bundle.go. Both types 6891// may coexist in the same running program. 6892func http2isNoCachedConnError(err error) bool { 6893 _, ok := err.(interface{ IsHTTP2NoCachedConnError() }) 6894 return ok 6895} 6896 6897var http2ErrNoCachedConn error = http2noCachedConnError{} 6898 6899// RoundTripOpt are options for the Transport.RoundTripOpt method. 6900type http2RoundTripOpt struct { 6901 // OnlyCachedConn controls whether RoundTripOpt may 6902 // create a new TCP connection. If set true and 6903 // no cached connection is available, RoundTripOpt 6904 // will return ErrNoCachedConn. 6905 OnlyCachedConn bool 6906} 6907 6908func (t *http2Transport) RoundTrip(req *Request) (*Response, error) { 6909 return t.RoundTripOpt(req, http2RoundTripOpt{}) 6910} 6911 6912// authorityAddr returns a given authority (a host/IP, or host:port / ip:port) 6913// and returns a host:port. The port 443 is added if needed. 6914func http2authorityAddr(scheme string, authority string) (addr string) { 6915 host, port, err := net.SplitHostPort(authority) 6916 if err != nil { // authority didn't have a port 6917 port = "443" 6918 if scheme == "http" { 6919 port = "80" 6920 } 6921 host = authority 6922 } 6923 if a, err := idna.ToASCII(host); err == nil { 6924 host = a 6925 } 6926 // IPv6 address literal, without a port: 6927 if strings.HasPrefix(host, "[") && strings.HasSuffix(host, "]") { 6928 return host + ":" + port 6929 } 6930 return net.JoinHostPort(host, port) 6931} 6932 6933// RoundTripOpt is like RoundTrip, but takes options. 6934func (t *http2Transport) RoundTripOpt(req *Request, opt http2RoundTripOpt) (*Response, error) { 6935 if !(req.URL.Scheme == "https" || (req.URL.Scheme == "http" && t.AllowHTTP)) { 6936 return nil, errors.New("http2: unsupported scheme") 6937 } 6938 6939 addr := http2authorityAddr(req.URL.Scheme, req.URL.Host) 6940 for retry := 0; ; retry++ { 6941 cc, err := t.connPool().GetClientConn(req, addr) 6942 if err != nil { 6943 t.vlogf("http2: Transport failed to get client conn for %s: %v", addr, err) 6944 return nil, err 6945 } 6946 reused := !atomic.CompareAndSwapUint32(&cc.reused, 0, 1) 6947 http2traceGotConn(req, cc, reused) 6948 res, gotErrAfterReqBodyWrite, err := cc.roundTrip(req) 6949 if err != nil && retry <= 6 { 6950 if req, err = http2shouldRetryRequest(req, err, gotErrAfterReqBodyWrite); err == nil { 6951 // After the first retry, do exponential backoff with 10% jitter. 6952 if retry == 0 { 6953 continue 6954 } 6955 backoff := float64(uint(1) << (uint(retry) - 1)) 6956 backoff += backoff * (0.1 * mathrand.Float64()) 6957 select { 6958 case <-time.After(time.Second * time.Duration(backoff)): 6959 continue 6960 case <-req.Context().Done(): 6961 return nil, req.Context().Err() 6962 } 6963 } 6964 } 6965 if err != nil { 6966 t.vlogf("RoundTrip failure: %v", err) 6967 return nil, err 6968 } 6969 return res, nil 6970 } 6971} 6972 6973// CloseIdleConnections closes any connections which were previously 6974// connected from previous requests but are now sitting idle. 6975// It does not interrupt any connections currently in use. 6976func (t *http2Transport) CloseIdleConnections() { 6977 if cp, ok := t.connPool().(http2clientConnPoolIdleCloser); ok { 6978 cp.closeIdleConnections() 6979 } 6980} 6981 6982var ( 6983 http2errClientConnClosed = errors.New("http2: client conn is closed") 6984 http2errClientConnUnusable = errors.New("http2: client conn not usable") 6985 http2errClientConnGotGoAway = errors.New("http2: Transport received Server's graceful shutdown GOAWAY") 6986) 6987 6988// shouldRetryRequest is called by RoundTrip when a request fails to get 6989// response headers. It is always called with a non-nil error. 6990// It returns either a request to retry (either the same request, or a 6991// modified clone), or an error if the request can't be replayed. 6992func http2shouldRetryRequest(req *Request, err error, afterBodyWrite bool) (*Request, error) { 6993 if !http2canRetryError(err) { 6994 return nil, err 6995 } 6996 // If the Body is nil (or http.NoBody), it's safe to reuse 6997 // this request and its Body. 6998 if req.Body == nil || req.Body == NoBody { 6999 return req, nil 7000 } 7001 7002 // If the request body can be reset back to its original 7003 // state via the optional req.GetBody, do that. 7004 if req.GetBody != nil { 7005 // TODO: consider a req.Body.Close here? or audit that all caller paths do? 7006 body, err := req.GetBody() 7007 if err != nil { 7008 return nil, err 7009 } 7010 newReq := *req 7011 newReq.Body = body 7012 return &newReq, nil 7013 } 7014 7015 // The Request.Body can't reset back to the beginning, but we 7016 // don't seem to have started to read from it yet, so reuse 7017 // the request directly. The "afterBodyWrite" means the 7018 // bodyWrite process has started, which becomes true before 7019 // the first Read. 7020 if !afterBodyWrite { 7021 return req, nil 7022 } 7023 7024 return nil, fmt.Errorf("http2: Transport: cannot retry err [%v] after Request.Body was written; define Request.GetBody to avoid this error", err) 7025} 7026 7027func http2canRetryError(err error) bool { 7028 if err == http2errClientConnUnusable || err == http2errClientConnGotGoAway { 7029 return true 7030 } 7031 if se, ok := err.(http2StreamError); ok { 7032 return se.Code == http2ErrCodeRefusedStream 7033 } 7034 return false 7035} 7036 7037func (t *http2Transport) dialClientConn(addr string, singleUse bool) (*http2ClientConn, error) { 7038 host, _, err := net.SplitHostPort(addr) 7039 if err != nil { 7040 return nil, err 7041 } 7042 tconn, err := t.dialTLS()("tcp", addr, t.newTLSConfig(host)) 7043 if err != nil { 7044 return nil, err 7045 } 7046 return t.newClientConn(tconn, singleUse) 7047} 7048 7049func (t *http2Transport) newTLSConfig(host string) *tls.Config { 7050 cfg := new(tls.Config) 7051 if t.TLSClientConfig != nil { 7052 *cfg = *t.TLSClientConfig.Clone() 7053 } 7054 if !http2strSliceContains(cfg.NextProtos, http2NextProtoTLS) { 7055 cfg.NextProtos = append([]string{http2NextProtoTLS}, cfg.NextProtos...) 7056 } 7057 if cfg.ServerName == "" { 7058 cfg.ServerName = host 7059 } 7060 return cfg 7061} 7062 7063func (t *http2Transport) dialTLS() func(string, string, *tls.Config) (net.Conn, error) { 7064 if t.DialTLS != nil { 7065 return t.DialTLS 7066 } 7067 return t.dialTLSDefault 7068} 7069 7070func (t *http2Transport) dialTLSDefault(network, addr string, cfg *tls.Config) (net.Conn, error) { 7071 cn, err := tls.Dial(network, addr, cfg) 7072 if err != nil { 7073 return nil, err 7074 } 7075 if err := cn.Handshake(); err != nil { 7076 return nil, err 7077 } 7078 if !cfg.InsecureSkipVerify { 7079 if err := cn.VerifyHostname(cfg.ServerName); err != nil { 7080 return nil, err 7081 } 7082 } 7083 state := cn.ConnectionState() 7084 if p := state.NegotiatedProtocol; p != http2NextProtoTLS { 7085 return nil, fmt.Errorf("http2: unexpected ALPN protocol %q; want %q", p, http2NextProtoTLS) 7086 } 7087 if !state.NegotiatedProtocolIsMutual { 7088 return nil, errors.New("http2: could not negotiate protocol mutually") 7089 } 7090 return cn, nil 7091} 7092 7093// disableKeepAlives reports whether connections should be closed as 7094// soon as possible after handling the first request. 7095func (t *http2Transport) disableKeepAlives() bool { 7096 return t.t1 != nil && t.t1.DisableKeepAlives 7097} 7098 7099func (t *http2Transport) expectContinueTimeout() time.Duration { 7100 if t.t1 == nil { 7101 return 0 7102 } 7103 return t.t1.ExpectContinueTimeout 7104} 7105 7106func (t *http2Transport) NewClientConn(c net.Conn) (*http2ClientConn, error) { 7107 return t.newClientConn(c, t.disableKeepAlives()) 7108} 7109 7110func (t *http2Transport) newClientConn(c net.Conn, singleUse bool) (*http2ClientConn, error) { 7111 cc := &http2ClientConn{ 7112 t: t, 7113 tconn: c, 7114 readerDone: make(chan struct{}), 7115 nextStreamID: 1, 7116 maxFrameSize: 16 << 10, // spec default 7117 initialWindowSize: 65535, // spec default 7118 maxConcurrentStreams: 1000, // "infinite", per spec. 1000 seems good enough. 7119 peerMaxHeaderListSize: 0xffffffffffffffff, // "infinite", per spec. Use 2^64-1 instead. 7120 streams: make(map[uint32]*http2clientStream), 7121 singleUse: singleUse, 7122 wantSettingsAck: true, 7123 pings: make(map[[8]byte]chan struct{}), 7124 } 7125 if d := t.idleConnTimeout(); d != 0 { 7126 cc.idleTimeout = d 7127 cc.idleTimer = time.AfterFunc(d, cc.onIdleTimeout) 7128 } 7129 if http2VerboseLogs { 7130 t.vlogf("http2: Transport creating client conn %p to %v", cc, c.RemoteAddr()) 7131 } 7132 7133 cc.cond = sync.NewCond(&cc.mu) 7134 cc.flow.add(int32(http2initialWindowSize)) 7135 7136 // TODO: adjust this writer size to account for frame size + 7137 // MTU + crypto/tls record padding. 7138 cc.bw = bufio.NewWriter(http2stickyErrWriter{c, &cc.werr}) 7139 cc.br = bufio.NewReader(c) 7140 cc.fr = http2NewFramer(cc.bw, cc.br) 7141 cc.fr.ReadMetaHeaders = hpack.NewDecoder(http2initialHeaderTableSize, nil) 7142 cc.fr.MaxHeaderListSize = t.maxHeaderListSize() 7143 7144 // TODO: SetMaxDynamicTableSize, SetMaxDynamicTableSizeLimit on 7145 // henc in response to SETTINGS frames? 7146 cc.henc = hpack.NewEncoder(&cc.hbuf) 7147 7148 if t.AllowHTTP { 7149 cc.nextStreamID = 3 7150 } 7151 7152 if cs, ok := c.(http2connectionStater); ok { 7153 state := cs.ConnectionState() 7154 cc.tlsState = &state 7155 } 7156 7157 initialSettings := []http2Setting{ 7158 {ID: http2SettingEnablePush, Val: 0}, 7159 {ID: http2SettingInitialWindowSize, Val: http2transportDefaultStreamFlow}, 7160 } 7161 if max := t.maxHeaderListSize(); max != 0 { 7162 initialSettings = append(initialSettings, http2Setting{ID: http2SettingMaxHeaderListSize, Val: max}) 7163 } 7164 7165 cc.bw.Write(http2clientPreface) 7166 cc.fr.WriteSettings(initialSettings...) 7167 cc.fr.WriteWindowUpdate(0, http2transportDefaultConnFlow) 7168 cc.inflow.add(http2transportDefaultConnFlow + http2initialWindowSize) 7169 cc.bw.Flush() 7170 if cc.werr != nil { 7171 return nil, cc.werr 7172 } 7173 7174 go cc.readLoop() 7175 return cc, nil 7176} 7177 7178func (cc *http2ClientConn) setGoAway(f *http2GoAwayFrame) { 7179 cc.mu.Lock() 7180 defer cc.mu.Unlock() 7181 7182 old := cc.goAway 7183 cc.goAway = f 7184 7185 // Merge the previous and current GoAway error frames. 7186 if cc.goAwayDebug == "" { 7187 cc.goAwayDebug = string(f.DebugData()) 7188 } 7189 if old != nil && old.ErrCode != http2ErrCodeNo { 7190 cc.goAway.ErrCode = old.ErrCode 7191 } 7192 last := f.LastStreamID 7193 for streamID, cs := range cc.streams { 7194 if streamID > last { 7195 select { 7196 case cs.resc <- http2resAndError{err: http2errClientConnGotGoAway}: 7197 default: 7198 } 7199 } 7200 } 7201} 7202 7203// CanTakeNewRequest reports whether the connection can take a new request, 7204// meaning it has not been closed or received or sent a GOAWAY. 7205func (cc *http2ClientConn) CanTakeNewRequest() bool { 7206 cc.mu.Lock() 7207 defer cc.mu.Unlock() 7208 return cc.canTakeNewRequestLocked() 7209} 7210 7211// clientConnIdleState describes the suitability of a client 7212// connection to initiate a new RoundTrip request. 7213type http2clientConnIdleState struct { 7214 canTakeNewRequest bool 7215 freshConn bool // whether it's unused by any previous request 7216} 7217 7218func (cc *http2ClientConn) idleState() http2clientConnIdleState { 7219 cc.mu.Lock() 7220 defer cc.mu.Unlock() 7221 return cc.idleStateLocked() 7222} 7223 7224func (cc *http2ClientConn) idleStateLocked() (st http2clientConnIdleState) { 7225 if cc.singleUse && cc.nextStreamID > 1 { 7226 return 7227 } 7228 var maxConcurrentOkay bool 7229 if cc.t.StrictMaxConcurrentStreams { 7230 // We'll tell the caller we can take a new request to 7231 // prevent the caller from dialing a new TCP 7232 // connection, but then we'll block later before 7233 // writing it. 7234 maxConcurrentOkay = true 7235 } else { 7236 maxConcurrentOkay = int64(len(cc.streams)+1) < int64(cc.maxConcurrentStreams) 7237 } 7238 7239 st.canTakeNewRequest = cc.goAway == nil && !cc.closed && !cc.closing && maxConcurrentOkay && 7240 int64(cc.nextStreamID)+2*int64(cc.pendingRequests) < math.MaxInt32 && 7241 !cc.tooIdleLocked() 7242 st.freshConn = cc.nextStreamID == 1 && st.canTakeNewRequest 7243 return 7244} 7245 7246func (cc *http2ClientConn) canTakeNewRequestLocked() bool { 7247 st := cc.idleStateLocked() 7248 return st.canTakeNewRequest 7249} 7250 7251// tooIdleLocked reports whether this connection has been been sitting idle 7252// for too much wall time. 7253func (cc *http2ClientConn) tooIdleLocked() bool { 7254 // The Round(0) strips the monontonic clock reading so the 7255 // times are compared based on their wall time. We don't want 7256 // to reuse a connection that's been sitting idle during 7257 // VM/laptop suspend if monotonic time was also frozen. 7258 return cc.idleTimeout != 0 && !cc.lastIdle.IsZero() && time.Since(cc.lastIdle.Round(0)) > cc.idleTimeout 7259} 7260 7261// onIdleTimeout is called from a time.AfterFunc goroutine. It will 7262// only be called when we're idle, but because we're coming from a new 7263// goroutine, there could be a new request coming in at the same time, 7264// so this simply calls the synchronized closeIfIdle to shut down this 7265// connection. The timer could just call closeIfIdle, but this is more 7266// clear. 7267func (cc *http2ClientConn) onIdleTimeout() { 7268 cc.closeIfIdle() 7269} 7270 7271func (cc *http2ClientConn) closeIfIdle() { 7272 cc.mu.Lock() 7273 if len(cc.streams) > 0 { 7274 cc.mu.Unlock() 7275 return 7276 } 7277 cc.closed = true 7278 nextID := cc.nextStreamID 7279 // TODO: do clients send GOAWAY too? maybe? Just Close: 7280 cc.mu.Unlock() 7281 7282 if http2VerboseLogs { 7283 cc.vlogf("http2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)", cc, cc.singleUse, nextID-2) 7284 } 7285 cc.tconn.Close() 7286} 7287 7288var http2shutdownEnterWaitStateHook = func() {} 7289 7290// Shutdown gracefully close the client connection, waiting for running streams to complete. 7291func (cc *http2ClientConn) Shutdown(ctx context.Context) error { 7292 if err := cc.sendGoAway(); err != nil { 7293 return err 7294 } 7295 // Wait for all in-flight streams to complete or connection to close 7296 done := make(chan error, 1) 7297 cancelled := false // guarded by cc.mu 7298 go func() { 7299 cc.mu.Lock() 7300 defer cc.mu.Unlock() 7301 for { 7302 if len(cc.streams) == 0 || cc.closed { 7303 cc.closed = true 7304 done <- cc.tconn.Close() 7305 break 7306 } 7307 if cancelled { 7308 break 7309 } 7310 cc.cond.Wait() 7311 } 7312 }() 7313 http2shutdownEnterWaitStateHook() 7314 select { 7315 case err := <-done: 7316 return err 7317 case <-ctx.Done(): 7318 cc.mu.Lock() 7319 // Free the goroutine above 7320 cancelled = true 7321 cc.cond.Broadcast() 7322 cc.mu.Unlock() 7323 return ctx.Err() 7324 } 7325} 7326 7327func (cc *http2ClientConn) sendGoAway() error { 7328 cc.mu.Lock() 7329 defer cc.mu.Unlock() 7330 cc.wmu.Lock() 7331 defer cc.wmu.Unlock() 7332 if cc.closing { 7333 // GOAWAY sent already 7334 return nil 7335 } 7336 // Send a graceful shutdown frame to server 7337 maxStreamID := cc.nextStreamID 7338 if err := cc.fr.WriteGoAway(maxStreamID, http2ErrCodeNo, nil); err != nil { 7339 return err 7340 } 7341 if err := cc.bw.Flush(); err != nil { 7342 return err 7343 } 7344 // Prevent new requests 7345 cc.closing = true 7346 return nil 7347} 7348 7349// Close closes the client connection immediately. 7350// 7351// In-flight requests are interrupted. For a graceful shutdown, use Shutdown instead. 7352func (cc *http2ClientConn) Close() error { 7353 cc.mu.Lock() 7354 defer cc.cond.Broadcast() 7355 defer cc.mu.Unlock() 7356 err := errors.New("http2: client connection force closed via ClientConn.Close") 7357 for id, cs := range cc.streams { 7358 select { 7359 case cs.resc <- http2resAndError{err: err}: 7360 default: 7361 } 7362 cs.bufPipe.CloseWithError(err) 7363 delete(cc.streams, id) 7364 } 7365 cc.closed = true 7366 return cc.tconn.Close() 7367} 7368 7369const http2maxAllocFrameSize = 512 << 10 7370 7371// frameBuffer returns a scratch buffer suitable for writing DATA frames. 7372// They're capped at the min of the peer's max frame size or 512KB 7373// (kinda arbitrarily), but definitely capped so we don't allocate 4GB 7374// bufers. 7375func (cc *http2ClientConn) frameScratchBuffer() []byte { 7376 cc.mu.Lock() 7377 size := cc.maxFrameSize 7378 if size > http2maxAllocFrameSize { 7379 size = http2maxAllocFrameSize 7380 } 7381 for i, buf := range cc.freeBuf { 7382 if len(buf) >= int(size) { 7383 cc.freeBuf[i] = nil 7384 cc.mu.Unlock() 7385 return buf[:size] 7386 } 7387 } 7388 cc.mu.Unlock() 7389 return make([]byte, size) 7390} 7391 7392func (cc *http2ClientConn) putFrameScratchBuffer(buf []byte) { 7393 cc.mu.Lock() 7394 defer cc.mu.Unlock() 7395 const maxBufs = 4 // arbitrary; 4 concurrent requests per conn? investigate. 7396 if len(cc.freeBuf) < maxBufs { 7397 cc.freeBuf = append(cc.freeBuf, buf) 7398 return 7399 } 7400 for i, old := range cc.freeBuf { 7401 if old == nil { 7402 cc.freeBuf[i] = buf 7403 return 7404 } 7405 } 7406 // forget about it. 7407} 7408 7409// errRequestCanceled is a copy of net/http's errRequestCanceled because it's not 7410// exported. At least they'll be DeepEqual for h1-vs-h2 comparisons tests. 7411var http2errRequestCanceled = errors.New("net/http: request canceled") 7412 7413func http2commaSeparatedTrailers(req *Request) (string, error) { 7414 keys := make([]string, 0, len(req.Trailer)) 7415 for k := range req.Trailer { 7416 k = CanonicalHeaderKey(k) 7417 switch k { 7418 case "Transfer-Encoding", "Trailer", "Content-Length": 7419 return "", &http2badStringError{"invalid Trailer key", k} 7420 } 7421 keys = append(keys, k) 7422 } 7423 if len(keys) > 0 { 7424 sort.Strings(keys) 7425 return strings.Join(keys, ","), nil 7426 } 7427 return "", nil 7428} 7429 7430func (cc *http2ClientConn) responseHeaderTimeout() time.Duration { 7431 if cc.t.t1 != nil { 7432 return cc.t.t1.ResponseHeaderTimeout 7433 } 7434 // No way to do this (yet?) with just an http2.Transport. Probably 7435 // no need. Request.Cancel this is the new way. We only need to support 7436 // this for compatibility with the old http.Transport fields when 7437 // we're doing transparent http2. 7438 return 0 7439} 7440 7441// checkConnHeaders checks whether req has any invalid connection-level headers. 7442// per RFC 7540 section 8.1.2.2: Connection-Specific Header Fields. 7443// Certain headers are special-cased as okay but not transmitted later. 7444func http2checkConnHeaders(req *Request) error { 7445 if v := req.Header.Get("Upgrade"); v != "" { 7446 return fmt.Errorf("http2: invalid Upgrade request header: %q", req.Header["Upgrade"]) 7447 } 7448 if vv := req.Header["Transfer-Encoding"]; len(vv) > 0 && (len(vv) > 1 || vv[0] != "" && vv[0] != "chunked") { 7449 return fmt.Errorf("http2: invalid Transfer-Encoding request header: %q", vv) 7450 } 7451 if vv := req.Header["Connection"]; len(vv) > 0 && (len(vv) > 1 || vv[0] != "" && !strings.EqualFold(vv[0], "close") && !strings.EqualFold(vv[0], "keep-alive")) { 7452 return fmt.Errorf("http2: invalid Connection request header: %q", vv) 7453 } 7454 return nil 7455} 7456 7457// actualContentLength returns a sanitized version of 7458// req.ContentLength, where 0 actually means zero (not unknown) and -1 7459// means unknown. 7460func http2actualContentLength(req *Request) int64 { 7461 if req.Body == nil || req.Body == NoBody { 7462 return 0 7463 } 7464 if req.ContentLength != 0 { 7465 return req.ContentLength 7466 } 7467 return -1 7468} 7469 7470func (cc *http2ClientConn) RoundTrip(req *Request) (*Response, error) { 7471 resp, _, err := cc.roundTrip(req) 7472 return resp, err 7473} 7474 7475func (cc *http2ClientConn) roundTrip(req *Request) (res *Response, gotErrAfterReqBodyWrite bool, err error) { 7476 if err := http2checkConnHeaders(req); err != nil { 7477 return nil, false, err 7478 } 7479 if cc.idleTimer != nil { 7480 cc.idleTimer.Stop() 7481 } 7482 7483 trailers, err := http2commaSeparatedTrailers(req) 7484 if err != nil { 7485 return nil, false, err 7486 } 7487 hasTrailers := trailers != "" 7488 7489 cc.mu.Lock() 7490 if err := cc.awaitOpenSlotForRequest(req); err != nil { 7491 cc.mu.Unlock() 7492 return nil, false, err 7493 } 7494 7495 body := req.Body 7496 contentLen := http2actualContentLength(req) 7497 hasBody := contentLen != 0 7498 7499 // TODO(bradfitz): this is a copy of the logic in net/http. Unify somewhere? 7500 var requestedGzip bool 7501 if !cc.t.disableCompression() && 7502 req.Header.Get("Accept-Encoding") == "" && 7503 req.Header.Get("Range") == "" && 7504 req.Method != "HEAD" { 7505 // Request gzip only, not deflate. Deflate is ambiguous and 7506 // not as universally supported anyway. 7507 // See: https://zlib.net/zlib_faq.html#faq39 7508 // 7509 // Note that we don't request this for HEAD requests, 7510 // due to a bug in nginx: 7511 // http://trac.nginx.org/nginx/ticket/358 7512 // https://golang.org/issue/5522 7513 // 7514 // We don't request gzip if the request is for a range, since 7515 // auto-decoding a portion of a gzipped document will just fail 7516 // anyway. See https://golang.org/issue/8923 7517 requestedGzip = true 7518 } 7519 7520 // we send: HEADERS{1}, CONTINUATION{0,} + DATA{0,} (DATA is 7521 // sent by writeRequestBody below, along with any Trailers, 7522 // again in form HEADERS{1}, CONTINUATION{0,}) 7523 hdrs, err := cc.encodeHeaders(req, requestedGzip, trailers, contentLen) 7524 if err != nil { 7525 cc.mu.Unlock() 7526 return nil, false, err 7527 } 7528 7529 cs := cc.newStream() 7530 cs.req = req 7531 cs.trace = httptrace.ContextClientTrace(req.Context()) 7532 cs.requestedGzip = requestedGzip 7533 bodyWriter := cc.t.getBodyWriterState(cs, body) 7534 cs.on100 = bodyWriter.on100 7535 7536 cc.wmu.Lock() 7537 endStream := !hasBody && !hasTrailers 7538 werr := cc.writeHeaders(cs.ID, endStream, int(cc.maxFrameSize), hdrs) 7539 cc.wmu.Unlock() 7540 http2traceWroteHeaders(cs.trace) 7541 cc.mu.Unlock() 7542 7543 if werr != nil { 7544 if hasBody { 7545 req.Body.Close() // per RoundTripper contract 7546 bodyWriter.cancel() 7547 } 7548 cc.forgetStreamID(cs.ID) 7549 // Don't bother sending a RST_STREAM (our write already failed; 7550 // no need to keep writing) 7551 http2traceWroteRequest(cs.trace, werr) 7552 return nil, false, werr 7553 } 7554 7555 var respHeaderTimer <-chan time.Time 7556 if hasBody { 7557 bodyWriter.scheduleBodyWrite() 7558 } else { 7559 http2traceWroteRequest(cs.trace, nil) 7560 if d := cc.responseHeaderTimeout(); d != 0 { 7561 timer := time.NewTimer(d) 7562 defer timer.Stop() 7563 respHeaderTimer = timer.C 7564 } 7565 } 7566 7567 readLoopResCh := cs.resc 7568 bodyWritten := false 7569 ctx := req.Context() 7570 7571 handleReadLoopResponse := func(re http2resAndError) (*Response, bool, error) { 7572 res := re.res 7573 if re.err != nil || res.StatusCode > 299 { 7574 // On error or status code 3xx, 4xx, 5xx, etc abort any 7575 // ongoing write, assuming that the server doesn't care 7576 // about our request body. If the server replied with 1xx or 7577 // 2xx, however, then assume the server DOES potentially 7578 // want our body (e.g. full-duplex streaming: 7579 // golang.org/issue/13444). If it turns out the server 7580 // doesn't, they'll RST_STREAM us soon enough. This is a 7581 // heuristic to avoid adding knobs to Transport. Hopefully 7582 // we can keep it. 7583 bodyWriter.cancel() 7584 cs.abortRequestBodyWrite(http2errStopReqBodyWrite) 7585 } 7586 if re.err != nil { 7587 cc.forgetStreamID(cs.ID) 7588 return nil, cs.getStartedWrite(), re.err 7589 } 7590 res.Request = req 7591 res.TLS = cc.tlsState 7592 return res, false, nil 7593 } 7594 7595 for { 7596 select { 7597 case re := <-readLoopResCh: 7598 return handleReadLoopResponse(re) 7599 case <-respHeaderTimer: 7600 if !hasBody || bodyWritten { 7601 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 7602 } else { 7603 bodyWriter.cancel() 7604 cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel) 7605 } 7606 cc.forgetStreamID(cs.ID) 7607 return nil, cs.getStartedWrite(), http2errTimeout 7608 case <-ctx.Done(): 7609 if !hasBody || bodyWritten { 7610 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 7611 } else { 7612 bodyWriter.cancel() 7613 cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel) 7614 } 7615 cc.forgetStreamID(cs.ID) 7616 return nil, cs.getStartedWrite(), ctx.Err() 7617 case <-req.Cancel: 7618 if !hasBody || bodyWritten { 7619 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 7620 } else { 7621 bodyWriter.cancel() 7622 cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel) 7623 } 7624 cc.forgetStreamID(cs.ID) 7625 return nil, cs.getStartedWrite(), http2errRequestCanceled 7626 case <-cs.peerReset: 7627 // processResetStream already removed the 7628 // stream from the streams map; no need for 7629 // forgetStreamID. 7630 return nil, cs.getStartedWrite(), cs.resetErr 7631 case err := <-bodyWriter.resc: 7632 // Prefer the read loop's response, if available. Issue 16102. 7633 select { 7634 case re := <-readLoopResCh: 7635 return handleReadLoopResponse(re) 7636 default: 7637 } 7638 if err != nil { 7639 cc.forgetStreamID(cs.ID) 7640 return nil, cs.getStartedWrite(), err 7641 } 7642 bodyWritten = true 7643 if d := cc.responseHeaderTimeout(); d != 0 { 7644 timer := time.NewTimer(d) 7645 defer timer.Stop() 7646 respHeaderTimer = timer.C 7647 } 7648 } 7649 } 7650} 7651 7652// awaitOpenSlotForRequest waits until len(streams) < maxConcurrentStreams. 7653// Must hold cc.mu. 7654func (cc *http2ClientConn) awaitOpenSlotForRequest(req *Request) error { 7655 var waitingForConn chan struct{} 7656 var waitingForConnErr error // guarded by cc.mu 7657 for { 7658 cc.lastActive = time.Now() 7659 if cc.closed || !cc.canTakeNewRequestLocked() { 7660 if waitingForConn != nil { 7661 close(waitingForConn) 7662 } 7663 return http2errClientConnUnusable 7664 } 7665 cc.lastIdle = time.Time{} 7666 if int64(len(cc.streams))+1 <= int64(cc.maxConcurrentStreams) { 7667 if waitingForConn != nil { 7668 close(waitingForConn) 7669 } 7670 return nil 7671 } 7672 // Unfortunately, we cannot wait on a condition variable and channel at 7673 // the same time, so instead, we spin up a goroutine to check if the 7674 // request is canceled while we wait for a slot to open in the connection. 7675 if waitingForConn == nil { 7676 waitingForConn = make(chan struct{}) 7677 go func() { 7678 if err := http2awaitRequestCancel(req, waitingForConn); err != nil { 7679 cc.mu.Lock() 7680 waitingForConnErr = err 7681 cc.cond.Broadcast() 7682 cc.mu.Unlock() 7683 } 7684 }() 7685 } 7686 cc.pendingRequests++ 7687 cc.cond.Wait() 7688 cc.pendingRequests-- 7689 if waitingForConnErr != nil { 7690 return waitingForConnErr 7691 } 7692 } 7693} 7694 7695// requires cc.wmu be held 7696func (cc *http2ClientConn) writeHeaders(streamID uint32, endStream bool, maxFrameSize int, hdrs []byte) error { 7697 first := true // first frame written (HEADERS is first, then CONTINUATION) 7698 for len(hdrs) > 0 && cc.werr == nil { 7699 chunk := hdrs 7700 if len(chunk) > maxFrameSize { 7701 chunk = chunk[:maxFrameSize] 7702 } 7703 hdrs = hdrs[len(chunk):] 7704 endHeaders := len(hdrs) == 0 7705 if first { 7706 cc.fr.WriteHeaders(http2HeadersFrameParam{ 7707 StreamID: streamID, 7708 BlockFragment: chunk, 7709 EndStream: endStream, 7710 EndHeaders: endHeaders, 7711 }) 7712 first = false 7713 } else { 7714 cc.fr.WriteContinuation(streamID, endHeaders, chunk) 7715 } 7716 } 7717 // TODO(bradfitz): this Flush could potentially block (as 7718 // could the WriteHeaders call(s) above), which means they 7719 // wouldn't respond to Request.Cancel being readable. That's 7720 // rare, but this should probably be in a goroutine. 7721 cc.bw.Flush() 7722 return cc.werr 7723} 7724 7725// internal error values; they don't escape to callers 7726var ( 7727 // abort request body write; don't send cancel 7728 http2errStopReqBodyWrite = errors.New("http2: aborting request body write") 7729 7730 // abort request body write, but send stream reset of cancel. 7731 http2errStopReqBodyWriteAndCancel = errors.New("http2: canceling request") 7732 7733 http2errReqBodyTooLong = errors.New("http2: request body larger than specified content length") 7734) 7735 7736func (cs *http2clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) (err error) { 7737 cc := cs.cc 7738 sentEnd := false // whether we sent the final DATA frame w/ END_STREAM 7739 buf := cc.frameScratchBuffer() 7740 defer cc.putFrameScratchBuffer(buf) 7741 7742 defer func() { 7743 http2traceWroteRequest(cs.trace, err) 7744 // TODO: write h12Compare test showing whether 7745 // Request.Body is closed by the Transport, 7746 // and in multiple cases: server replies <=299 and >299 7747 // while still writing request body 7748 cerr := bodyCloser.Close() 7749 if err == nil { 7750 err = cerr 7751 } 7752 }() 7753 7754 req := cs.req 7755 hasTrailers := req.Trailer != nil 7756 remainLen := http2actualContentLength(req) 7757 hasContentLen := remainLen != -1 7758 7759 var sawEOF bool 7760 for !sawEOF { 7761 n, err := body.Read(buf[:len(buf)-1]) 7762 if hasContentLen { 7763 remainLen -= int64(n) 7764 if remainLen == 0 && err == nil { 7765 // The request body's Content-Length was predeclared and 7766 // we just finished reading it all, but the underlying io.Reader 7767 // returned the final chunk with a nil error (which is one of 7768 // the two valid things a Reader can do at EOF). Because we'd prefer 7769 // to send the END_STREAM bit early, double-check that we're actually 7770 // at EOF. Subsequent reads should return (0, EOF) at this point. 7771 // If either value is different, we return an error in one of two ways below. 7772 var n1 int 7773 n1, err = body.Read(buf[n:]) 7774 remainLen -= int64(n1) 7775 } 7776 if remainLen < 0 { 7777 err = http2errReqBodyTooLong 7778 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, err) 7779 return err 7780 } 7781 } 7782 if err == io.EOF { 7783 sawEOF = true 7784 err = nil 7785 } else if err != nil { 7786 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, err) 7787 return err 7788 } 7789 7790 remain := buf[:n] 7791 for len(remain) > 0 && err == nil { 7792 var allowed int32 7793 allowed, err = cs.awaitFlowControl(len(remain)) 7794 switch { 7795 case err == http2errStopReqBodyWrite: 7796 return err 7797 case err == http2errStopReqBodyWriteAndCancel: 7798 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 7799 return err 7800 case err != nil: 7801 return err 7802 } 7803 cc.wmu.Lock() 7804 data := remain[:allowed] 7805 remain = remain[allowed:] 7806 sentEnd = sawEOF && len(remain) == 0 && !hasTrailers 7807 err = cc.fr.WriteData(cs.ID, sentEnd, data) 7808 if err == nil { 7809 // TODO(bradfitz): this flush is for latency, not bandwidth. 7810 // Most requests won't need this. Make this opt-in or 7811 // opt-out? Use some heuristic on the body type? Nagel-like 7812 // timers? Based on 'n'? Only last chunk of this for loop, 7813 // unless flow control tokens are low? For now, always. 7814 // If we change this, see comment below. 7815 err = cc.bw.Flush() 7816 } 7817 cc.wmu.Unlock() 7818 } 7819 if err != nil { 7820 return err 7821 } 7822 } 7823 7824 if sentEnd { 7825 // Already sent END_STREAM (which implies we have no 7826 // trailers) and flushed, because currently all 7827 // WriteData frames above get a flush. So we're done. 7828 return nil 7829 } 7830 7831 var trls []byte 7832 if hasTrailers { 7833 cc.mu.Lock() 7834 trls, err = cc.encodeTrailers(req) 7835 cc.mu.Unlock() 7836 if err != nil { 7837 cc.writeStreamReset(cs.ID, http2ErrCodeInternal, err) 7838 cc.forgetStreamID(cs.ID) 7839 return err 7840 } 7841 } 7842 7843 cc.mu.Lock() 7844 maxFrameSize := int(cc.maxFrameSize) 7845 cc.mu.Unlock() 7846 7847 cc.wmu.Lock() 7848 defer cc.wmu.Unlock() 7849 7850 // Two ways to send END_STREAM: either with trailers, or 7851 // with an empty DATA frame. 7852 if len(trls) > 0 { 7853 err = cc.writeHeaders(cs.ID, true, maxFrameSize, trls) 7854 } else { 7855 err = cc.fr.WriteData(cs.ID, true, nil) 7856 } 7857 if ferr := cc.bw.Flush(); ferr != nil && err == nil { 7858 err = ferr 7859 } 7860 return err 7861} 7862 7863// awaitFlowControl waits for [1, min(maxBytes, cc.cs.maxFrameSize)] flow 7864// control tokens from the server. 7865// It returns either the non-zero number of tokens taken or an error 7866// if the stream is dead. 7867func (cs *http2clientStream) awaitFlowControl(maxBytes int) (taken int32, err error) { 7868 cc := cs.cc 7869 cc.mu.Lock() 7870 defer cc.mu.Unlock() 7871 for { 7872 if cc.closed { 7873 return 0, http2errClientConnClosed 7874 } 7875 if cs.stopReqBody != nil { 7876 return 0, cs.stopReqBody 7877 } 7878 if err := cs.checkResetOrDone(); err != nil { 7879 return 0, err 7880 } 7881 if a := cs.flow.available(); a > 0 { 7882 take := a 7883 if int(take) > maxBytes { 7884 7885 take = int32(maxBytes) // can't truncate int; take is int32 7886 } 7887 if take > int32(cc.maxFrameSize) { 7888 take = int32(cc.maxFrameSize) 7889 } 7890 cs.flow.take(take) 7891 return take, nil 7892 } 7893 cc.cond.Wait() 7894 } 7895} 7896 7897type http2badStringError struct { 7898 what string 7899 str string 7900} 7901 7902func (e *http2badStringError) Error() string { return fmt.Sprintf("%s %q", e.what, e.str) } 7903 7904// requires cc.mu be held. 7905func (cc *http2ClientConn) encodeHeaders(req *Request, addGzipHeader bool, trailers string, contentLength int64) ([]byte, error) { 7906 cc.hbuf.Reset() 7907 7908 host := req.Host 7909 if host == "" { 7910 host = req.URL.Host 7911 } 7912 host, err := httpguts.PunycodeHostPort(host) 7913 if err != nil { 7914 return nil, err 7915 } 7916 7917 var path string 7918 if req.Method != "CONNECT" { 7919 path = req.URL.RequestURI() 7920 if !http2validPseudoPath(path) { 7921 orig := path 7922 path = strings.TrimPrefix(path, req.URL.Scheme+"://"+host) 7923 if !http2validPseudoPath(path) { 7924 if req.URL.Opaque != "" { 7925 return nil, fmt.Errorf("invalid request :path %q from URL.Opaque = %q", orig, req.URL.Opaque) 7926 } else { 7927 return nil, fmt.Errorf("invalid request :path %q", orig) 7928 } 7929 } 7930 } 7931 } 7932 7933 // Check for any invalid headers and return an error before we 7934 // potentially pollute our hpack state. (We want to be able to 7935 // continue to reuse the hpack encoder for future requests) 7936 for k, vv := range req.Header { 7937 if !httpguts.ValidHeaderFieldName(k) { 7938 return nil, fmt.Errorf("invalid HTTP header name %q", k) 7939 } 7940 for _, v := range vv { 7941 if !httpguts.ValidHeaderFieldValue(v) { 7942 return nil, fmt.Errorf("invalid HTTP header value %q for header %q", v, k) 7943 } 7944 } 7945 } 7946 7947 enumerateHeaders := func(f func(name, value string)) { 7948 // 8.1.2.3 Request Pseudo-Header Fields 7949 // The :path pseudo-header field includes the path and query parts of the 7950 // target URI (the path-absolute production and optionally a '?' character 7951 // followed by the query production (see Sections 3.3 and 3.4 of 7952 // [RFC3986]). 7953 f(":authority", host) 7954 m := req.Method 7955 if m == "" { 7956 m = MethodGet 7957 } 7958 f(":method", m) 7959 if req.Method != "CONNECT" { 7960 f(":path", path) 7961 f(":scheme", req.URL.Scheme) 7962 } 7963 if trailers != "" { 7964 f("trailer", trailers) 7965 } 7966 7967 var didUA bool 7968 for k, vv := range req.Header { 7969 if strings.EqualFold(k, "host") || strings.EqualFold(k, "content-length") { 7970 // Host is :authority, already sent. 7971 // Content-Length is automatic, set below. 7972 continue 7973 } else if strings.EqualFold(k, "connection") || strings.EqualFold(k, "proxy-connection") || 7974 strings.EqualFold(k, "transfer-encoding") || strings.EqualFold(k, "upgrade") || 7975 strings.EqualFold(k, "keep-alive") { 7976 // Per 8.1.2.2 Connection-Specific Header 7977 // Fields, don't send connection-specific 7978 // fields. We have already checked if any 7979 // are error-worthy so just ignore the rest. 7980 continue 7981 } else if strings.EqualFold(k, "user-agent") { 7982 // Match Go's http1 behavior: at most one 7983 // User-Agent. If set to nil or empty string, 7984 // then omit it. Otherwise if not mentioned, 7985 // include the default (below). 7986 didUA = true 7987 if len(vv) < 1 { 7988 continue 7989 } 7990 vv = vv[:1] 7991 if vv[0] == "" { 7992 continue 7993 } 7994 } else if strings.EqualFold(k, "cookie") { 7995 // Per 8.1.2.5 To allow for better compression efficiency, the 7996 // Cookie header field MAY be split into separate header fields, 7997 // each with one or more cookie-pairs. 7998 for _, v := range vv { 7999 for { 8000 p := strings.IndexByte(v, ';') 8001 if p < 0 { 8002 break 8003 } 8004 f("cookie", v[:p]) 8005 p++ 8006 // strip space after semicolon if any. 8007 for p+1 <= len(v) && v[p] == ' ' { 8008 p++ 8009 } 8010 v = v[p:] 8011 } 8012 if len(v) > 0 { 8013 f("cookie", v) 8014 } 8015 } 8016 continue 8017 } 8018 8019 for _, v := range vv { 8020 f(k, v) 8021 } 8022 } 8023 if http2shouldSendReqContentLength(req.Method, contentLength) { 8024 f("content-length", strconv.FormatInt(contentLength, 10)) 8025 } 8026 if addGzipHeader { 8027 f("accept-encoding", "gzip") 8028 } 8029 if !didUA { 8030 f("user-agent", http2defaultUserAgent) 8031 } 8032 } 8033 8034 // Do a first pass over the headers counting bytes to ensure 8035 // we don't exceed cc.peerMaxHeaderListSize. This is done as a 8036 // separate pass before encoding the headers to prevent 8037 // modifying the hpack state. 8038 hlSize := uint64(0) 8039 enumerateHeaders(func(name, value string) { 8040 hf := hpack.HeaderField{Name: name, Value: value} 8041 hlSize += uint64(hf.Size()) 8042 }) 8043 8044 if hlSize > cc.peerMaxHeaderListSize { 8045 return nil, http2errRequestHeaderListSize 8046 } 8047 8048 trace := httptrace.ContextClientTrace(req.Context()) 8049 traceHeaders := http2traceHasWroteHeaderField(trace) 8050 8051 // Header list size is ok. Write the headers. 8052 enumerateHeaders(func(name, value string) { 8053 name = strings.ToLower(name) 8054 cc.writeHeader(name, value) 8055 if traceHeaders { 8056 http2traceWroteHeaderField(trace, name, value) 8057 } 8058 }) 8059 8060 return cc.hbuf.Bytes(), nil 8061} 8062 8063// shouldSendReqContentLength reports whether the http2.Transport should send 8064// a "content-length" request header. This logic is basically a copy of the net/http 8065// transferWriter.shouldSendContentLength. 8066// The contentLength is the corrected contentLength (so 0 means actually 0, not unknown). 8067// -1 means unknown. 8068func http2shouldSendReqContentLength(method string, contentLength int64) bool { 8069 if contentLength > 0 { 8070 return true 8071 } 8072 if contentLength < 0 { 8073 return false 8074 } 8075 // For zero bodies, whether we send a content-length depends on the method. 8076 // It also kinda doesn't matter for http2 either way, with END_STREAM. 8077 switch method { 8078 case "POST", "PUT", "PATCH": 8079 return true 8080 default: 8081 return false 8082 } 8083} 8084 8085// requires cc.mu be held. 8086func (cc *http2ClientConn) encodeTrailers(req *Request) ([]byte, error) { 8087 cc.hbuf.Reset() 8088 8089 hlSize := uint64(0) 8090 for k, vv := range req.Trailer { 8091 for _, v := range vv { 8092 hf := hpack.HeaderField{Name: k, Value: v} 8093 hlSize += uint64(hf.Size()) 8094 } 8095 } 8096 if hlSize > cc.peerMaxHeaderListSize { 8097 return nil, http2errRequestHeaderListSize 8098 } 8099 8100 for k, vv := range req.Trailer { 8101 // Transfer-Encoding, etc.. have already been filtered at the 8102 // start of RoundTrip 8103 lowKey := strings.ToLower(k) 8104 for _, v := range vv { 8105 cc.writeHeader(lowKey, v) 8106 } 8107 } 8108 return cc.hbuf.Bytes(), nil 8109} 8110 8111func (cc *http2ClientConn) writeHeader(name, value string) { 8112 if http2VerboseLogs { 8113 log.Printf("http2: Transport encoding header %q = %q", name, value) 8114 } 8115 cc.henc.WriteField(hpack.HeaderField{Name: name, Value: value}) 8116} 8117 8118type http2resAndError struct { 8119 res *Response 8120 err error 8121} 8122 8123// requires cc.mu be held. 8124func (cc *http2ClientConn) newStream() *http2clientStream { 8125 cs := &http2clientStream{ 8126 cc: cc, 8127 ID: cc.nextStreamID, 8128 resc: make(chan http2resAndError, 1), 8129 peerReset: make(chan struct{}), 8130 done: make(chan struct{}), 8131 } 8132 cs.flow.add(int32(cc.initialWindowSize)) 8133 cs.flow.setConnFlow(&cc.flow) 8134 cs.inflow.add(http2transportDefaultStreamFlow) 8135 cs.inflow.setConnFlow(&cc.inflow) 8136 cc.nextStreamID += 2 8137 cc.streams[cs.ID] = cs 8138 return cs 8139} 8140 8141func (cc *http2ClientConn) forgetStreamID(id uint32) { 8142 cc.streamByID(id, true) 8143} 8144 8145func (cc *http2ClientConn) streamByID(id uint32, andRemove bool) *http2clientStream { 8146 cc.mu.Lock() 8147 defer cc.mu.Unlock() 8148 cs := cc.streams[id] 8149 if andRemove && cs != nil && !cc.closed { 8150 cc.lastActive = time.Now() 8151 delete(cc.streams, id) 8152 if len(cc.streams) == 0 && cc.idleTimer != nil { 8153 cc.idleTimer.Reset(cc.idleTimeout) 8154 cc.lastIdle = time.Now() 8155 } 8156 close(cs.done) 8157 // Wake up checkResetOrDone via clientStream.awaitFlowControl and 8158 // wake up RoundTrip if there is a pending request. 8159 cc.cond.Broadcast() 8160 } 8161 return cs 8162} 8163 8164// clientConnReadLoop is the state owned by the clientConn's frame-reading readLoop. 8165type http2clientConnReadLoop struct { 8166 cc *http2ClientConn 8167 closeWhenIdle bool 8168} 8169 8170// readLoop runs in its own goroutine and reads and dispatches frames. 8171func (cc *http2ClientConn) readLoop() { 8172 rl := &http2clientConnReadLoop{cc: cc} 8173 defer rl.cleanup() 8174 cc.readerErr = rl.run() 8175 if ce, ok := cc.readerErr.(http2ConnectionError); ok { 8176 cc.wmu.Lock() 8177 cc.fr.WriteGoAway(0, http2ErrCode(ce), nil) 8178 cc.wmu.Unlock() 8179 } 8180} 8181 8182// GoAwayError is returned by the Transport when the server closes the 8183// TCP connection after sending a GOAWAY frame. 8184type http2GoAwayError struct { 8185 LastStreamID uint32 8186 ErrCode http2ErrCode 8187 DebugData string 8188} 8189 8190func (e http2GoAwayError) Error() string { 8191 return fmt.Sprintf("http2: server sent GOAWAY and closed the connection; LastStreamID=%v, ErrCode=%v, debug=%q", 8192 e.LastStreamID, e.ErrCode, e.DebugData) 8193} 8194 8195func http2isEOFOrNetReadError(err error) bool { 8196 if err == io.EOF { 8197 return true 8198 } 8199 ne, ok := err.(*net.OpError) 8200 return ok && ne.Op == "read" 8201} 8202 8203func (rl *http2clientConnReadLoop) cleanup() { 8204 cc := rl.cc 8205 defer cc.tconn.Close() 8206 defer cc.t.connPool().MarkDead(cc) 8207 defer close(cc.readerDone) 8208 8209 if cc.idleTimer != nil { 8210 cc.idleTimer.Stop() 8211 } 8212 8213 // Close any response bodies if the server closes prematurely. 8214 // TODO: also do this if we've written the headers but not 8215 // gotten a response yet. 8216 err := cc.readerErr 8217 cc.mu.Lock() 8218 if cc.goAway != nil && http2isEOFOrNetReadError(err) { 8219 err = http2GoAwayError{ 8220 LastStreamID: cc.goAway.LastStreamID, 8221 ErrCode: cc.goAway.ErrCode, 8222 DebugData: cc.goAwayDebug, 8223 } 8224 } else if err == io.EOF { 8225 err = io.ErrUnexpectedEOF 8226 } 8227 for _, cs := range cc.streams { 8228 cs.bufPipe.CloseWithError(err) // no-op if already closed 8229 select { 8230 case cs.resc <- http2resAndError{err: err}: 8231 default: 8232 } 8233 close(cs.done) 8234 } 8235 cc.closed = true 8236 cc.cond.Broadcast() 8237 cc.mu.Unlock() 8238} 8239 8240func (rl *http2clientConnReadLoop) run() error { 8241 cc := rl.cc 8242 rl.closeWhenIdle = cc.t.disableKeepAlives() || cc.singleUse 8243 gotReply := false // ever saw a HEADERS reply 8244 gotSettings := false 8245 for { 8246 f, err := cc.fr.ReadFrame() 8247 if err != nil { 8248 cc.vlogf("http2: Transport readFrame error on conn %p: (%T) %v", cc, err, err) 8249 } 8250 if se, ok := err.(http2StreamError); ok { 8251 if cs := cc.streamByID(se.StreamID, false); cs != nil { 8252 cs.cc.writeStreamReset(cs.ID, se.Code, err) 8253 cs.cc.forgetStreamID(cs.ID) 8254 if se.Cause == nil { 8255 se.Cause = cc.fr.errDetail 8256 } 8257 rl.endStreamError(cs, se) 8258 } 8259 continue 8260 } else if err != nil { 8261 return err 8262 } 8263 if http2VerboseLogs { 8264 cc.vlogf("http2: Transport received %s", http2summarizeFrame(f)) 8265 } 8266 if !gotSettings { 8267 if _, ok := f.(*http2SettingsFrame); !ok { 8268 cc.logf("protocol error: received %T before a SETTINGS frame", f) 8269 return http2ConnectionError(http2ErrCodeProtocol) 8270 } 8271 gotSettings = true 8272 } 8273 maybeIdle := false // whether frame might transition us to idle 8274 8275 switch f := f.(type) { 8276 case *http2MetaHeadersFrame: 8277 err = rl.processHeaders(f) 8278 maybeIdle = true 8279 gotReply = true 8280 case *http2DataFrame: 8281 err = rl.processData(f) 8282 maybeIdle = true 8283 case *http2GoAwayFrame: 8284 err = rl.processGoAway(f) 8285 maybeIdle = true 8286 case *http2RSTStreamFrame: 8287 err = rl.processResetStream(f) 8288 maybeIdle = true 8289 case *http2SettingsFrame: 8290 err = rl.processSettings(f) 8291 case *http2PushPromiseFrame: 8292 err = rl.processPushPromise(f) 8293 case *http2WindowUpdateFrame: 8294 err = rl.processWindowUpdate(f) 8295 case *http2PingFrame: 8296 err = rl.processPing(f) 8297 default: 8298 cc.logf("Transport: unhandled response frame type %T", f) 8299 } 8300 if err != nil { 8301 if http2VerboseLogs { 8302 cc.vlogf("http2: Transport conn %p received error from processing frame %v: %v", cc, http2summarizeFrame(f), err) 8303 } 8304 return err 8305 } 8306 if rl.closeWhenIdle && gotReply && maybeIdle { 8307 cc.closeIfIdle() 8308 } 8309 } 8310} 8311 8312func (rl *http2clientConnReadLoop) processHeaders(f *http2MetaHeadersFrame) error { 8313 cc := rl.cc 8314 cs := cc.streamByID(f.StreamID, false) 8315 if cs == nil { 8316 // We'd get here if we canceled a request while the 8317 // server had its response still in flight. So if this 8318 // was just something we canceled, ignore it. 8319 return nil 8320 } 8321 if f.StreamEnded() { 8322 // Issue 20521: If the stream has ended, streamByID() causes 8323 // clientStream.done to be closed, which causes the request's bodyWriter 8324 // to be closed with an errStreamClosed, which may be received by 8325 // clientConn.RoundTrip before the result of processing these headers. 8326 // Deferring stream closure allows the header processing to occur first. 8327 // clientConn.RoundTrip may still receive the bodyWriter error first, but 8328 // the fix for issue 16102 prioritises any response. 8329 // 8330 // Issue 22413: If there is no request body, we should close the 8331 // stream before writing to cs.resc so that the stream is closed 8332 // immediately once RoundTrip returns. 8333 if cs.req.Body != nil { 8334 defer cc.forgetStreamID(f.StreamID) 8335 } else { 8336 cc.forgetStreamID(f.StreamID) 8337 } 8338 } 8339 if !cs.firstByte { 8340 if cs.trace != nil { 8341 // TODO(bradfitz): move first response byte earlier, 8342 // when we first read the 9 byte header, not waiting 8343 // until all the HEADERS+CONTINUATION frames have been 8344 // merged. This works for now. 8345 http2traceFirstResponseByte(cs.trace) 8346 } 8347 cs.firstByte = true 8348 } 8349 if !cs.pastHeaders { 8350 cs.pastHeaders = true 8351 } else { 8352 return rl.processTrailers(cs, f) 8353 } 8354 8355 res, err := rl.handleResponse(cs, f) 8356 if err != nil { 8357 if _, ok := err.(http2ConnectionError); ok { 8358 return err 8359 } 8360 // Any other error type is a stream error. 8361 cs.cc.writeStreamReset(f.StreamID, http2ErrCodeProtocol, err) 8362 cc.forgetStreamID(cs.ID) 8363 cs.resc <- http2resAndError{err: err} 8364 return nil // return nil from process* funcs to keep conn alive 8365 } 8366 if res == nil { 8367 // (nil, nil) special case. See handleResponse docs. 8368 return nil 8369 } 8370 cs.resTrailer = &res.Trailer 8371 cs.resc <- http2resAndError{res: res} 8372 return nil 8373} 8374 8375// may return error types nil, or ConnectionError. Any other error value 8376// is a StreamError of type ErrCodeProtocol. The returned error in that case 8377// is the detail. 8378// 8379// As a special case, handleResponse may return (nil, nil) to skip the 8380// frame (currently only used for 1xx responses). 8381func (rl *http2clientConnReadLoop) handleResponse(cs *http2clientStream, f *http2MetaHeadersFrame) (*Response, error) { 8382 if f.Truncated { 8383 return nil, http2errResponseHeaderListSize 8384 } 8385 8386 status := f.PseudoValue("status") 8387 if status == "" { 8388 return nil, errors.New("malformed response from server: missing status pseudo header") 8389 } 8390 statusCode, err := strconv.Atoi(status) 8391 if err != nil { 8392 return nil, errors.New("malformed response from server: malformed non-numeric status pseudo header") 8393 } 8394 8395 header := make(Header) 8396 res := &Response{ 8397 Proto: "HTTP/2.0", 8398 ProtoMajor: 2, 8399 Header: header, 8400 StatusCode: statusCode, 8401 Status: status + " " + StatusText(statusCode), 8402 } 8403 for _, hf := range f.RegularFields() { 8404 key := CanonicalHeaderKey(hf.Name) 8405 if key == "Trailer" { 8406 t := res.Trailer 8407 if t == nil { 8408 t = make(Header) 8409 res.Trailer = t 8410 } 8411 http2foreachHeaderElement(hf.Value, func(v string) { 8412 t[CanonicalHeaderKey(v)] = nil 8413 }) 8414 } else { 8415 header[key] = append(header[key], hf.Value) 8416 } 8417 } 8418 8419 if statusCode >= 100 && statusCode <= 199 { 8420 cs.num1xx++ 8421 const max1xxResponses = 5 // arbitrary bound on number of informational responses, same as net/http 8422 if cs.num1xx > max1xxResponses { 8423 return nil, errors.New("http2: too many 1xx informational responses") 8424 } 8425 if fn := cs.get1xxTraceFunc(); fn != nil { 8426 if err := fn(statusCode, textproto.MIMEHeader(header)); err != nil { 8427 return nil, err 8428 } 8429 } 8430 if statusCode == 100 { 8431 http2traceGot100Continue(cs.trace) 8432 if cs.on100 != nil { 8433 cs.on100() // forces any write delay timer to fire 8434 } 8435 } 8436 cs.pastHeaders = false // do it all again 8437 return nil, nil 8438 } 8439 8440 streamEnded := f.StreamEnded() 8441 isHead := cs.req.Method == "HEAD" 8442 if !streamEnded || isHead { 8443 res.ContentLength = -1 8444 if clens := res.Header["Content-Length"]; len(clens) == 1 { 8445 if clen64, err := strconv.ParseInt(clens[0], 10, 64); err == nil { 8446 res.ContentLength = clen64 8447 } else { 8448 // TODO: care? unlike http/1, it won't mess up our framing, so it's 8449 // more safe smuggling-wise to ignore. 8450 } 8451 } else if len(clens) > 1 { 8452 // TODO: care? unlike http/1, it won't mess up our framing, so it's 8453 // more safe smuggling-wise to ignore. 8454 } 8455 } 8456 8457 if streamEnded || isHead { 8458 res.Body = http2noBody 8459 return res, nil 8460 } 8461 8462 cs.bufPipe = http2pipe{b: &http2dataBuffer{expected: res.ContentLength}} 8463 cs.bytesRemain = res.ContentLength 8464 res.Body = http2transportResponseBody{cs} 8465 go cs.awaitRequestCancel(cs.req) 8466 8467 if cs.requestedGzip && res.Header.Get("Content-Encoding") == "gzip" { 8468 res.Header.Del("Content-Encoding") 8469 res.Header.Del("Content-Length") 8470 res.ContentLength = -1 8471 res.Body = &http2gzipReader{body: res.Body} 8472 res.Uncompressed = true 8473 } 8474 return res, nil 8475} 8476 8477func (rl *http2clientConnReadLoop) processTrailers(cs *http2clientStream, f *http2MetaHeadersFrame) error { 8478 if cs.pastTrailers { 8479 // Too many HEADERS frames for this stream. 8480 return http2ConnectionError(http2ErrCodeProtocol) 8481 } 8482 cs.pastTrailers = true 8483 if !f.StreamEnded() { 8484 // We expect that any headers for trailers also 8485 // has END_STREAM. 8486 return http2ConnectionError(http2ErrCodeProtocol) 8487 } 8488 if len(f.PseudoFields()) > 0 { 8489 // No pseudo header fields are defined for trailers. 8490 // TODO: ConnectionError might be overly harsh? Check. 8491 return http2ConnectionError(http2ErrCodeProtocol) 8492 } 8493 8494 trailer := make(Header) 8495 for _, hf := range f.RegularFields() { 8496 key := CanonicalHeaderKey(hf.Name) 8497 trailer[key] = append(trailer[key], hf.Value) 8498 } 8499 cs.trailer = trailer 8500 8501 rl.endStream(cs) 8502 return nil 8503} 8504 8505// transportResponseBody is the concrete type of Transport.RoundTrip's 8506// Response.Body. It is an io.ReadCloser. On Read, it reads from cs.body. 8507// On Close it sends RST_STREAM if EOF wasn't already seen. 8508type http2transportResponseBody struct { 8509 cs *http2clientStream 8510} 8511 8512func (b http2transportResponseBody) Read(p []byte) (n int, err error) { 8513 cs := b.cs 8514 cc := cs.cc 8515 8516 if cs.readErr != nil { 8517 return 0, cs.readErr 8518 } 8519 n, err = b.cs.bufPipe.Read(p) 8520 if cs.bytesRemain != -1 { 8521 if int64(n) > cs.bytesRemain { 8522 n = int(cs.bytesRemain) 8523 if err == nil { 8524 err = errors.New("net/http: server replied with more than declared Content-Length; truncated") 8525 cc.writeStreamReset(cs.ID, http2ErrCodeProtocol, err) 8526 } 8527 cs.readErr = err 8528 return int(cs.bytesRemain), err 8529 } 8530 cs.bytesRemain -= int64(n) 8531 if err == io.EOF && cs.bytesRemain > 0 { 8532 err = io.ErrUnexpectedEOF 8533 cs.readErr = err 8534 return n, err 8535 } 8536 } 8537 if n == 0 { 8538 // No flow control tokens to send back. 8539 return 8540 } 8541 8542 cc.mu.Lock() 8543 defer cc.mu.Unlock() 8544 8545 var connAdd, streamAdd int32 8546 // Check the conn-level first, before the stream-level. 8547 if v := cc.inflow.available(); v < http2transportDefaultConnFlow/2 { 8548 connAdd = http2transportDefaultConnFlow - v 8549 cc.inflow.add(connAdd) 8550 } 8551 if err == nil { // No need to refresh if the stream is over or failed. 8552 // Consider any buffered body data (read from the conn but not 8553 // consumed by the client) when computing flow control for this 8554 // stream. 8555 v := int(cs.inflow.available()) + cs.bufPipe.Len() 8556 if v < http2transportDefaultStreamFlow-http2transportDefaultStreamMinRefresh { 8557 streamAdd = int32(http2transportDefaultStreamFlow - v) 8558 cs.inflow.add(streamAdd) 8559 } 8560 } 8561 if connAdd != 0 || streamAdd != 0 { 8562 cc.wmu.Lock() 8563 defer cc.wmu.Unlock() 8564 if connAdd != 0 { 8565 cc.fr.WriteWindowUpdate(0, http2mustUint31(connAdd)) 8566 } 8567 if streamAdd != 0 { 8568 cc.fr.WriteWindowUpdate(cs.ID, http2mustUint31(streamAdd)) 8569 } 8570 cc.bw.Flush() 8571 } 8572 return 8573} 8574 8575var http2errClosedResponseBody = errors.New("http2: response body closed") 8576 8577func (b http2transportResponseBody) Close() error { 8578 cs := b.cs 8579 cc := cs.cc 8580 8581 serverSentStreamEnd := cs.bufPipe.Err() == io.EOF 8582 unread := cs.bufPipe.Len() 8583 8584 if unread > 0 || !serverSentStreamEnd { 8585 cc.mu.Lock() 8586 cc.wmu.Lock() 8587 if !serverSentStreamEnd { 8588 cc.fr.WriteRSTStream(cs.ID, http2ErrCodeCancel) 8589 cs.didReset = true 8590 } 8591 // Return connection-level flow control. 8592 if unread > 0 { 8593 cc.inflow.add(int32(unread)) 8594 cc.fr.WriteWindowUpdate(0, uint32(unread)) 8595 } 8596 cc.bw.Flush() 8597 cc.wmu.Unlock() 8598 cc.mu.Unlock() 8599 } 8600 8601 cs.bufPipe.BreakWithError(http2errClosedResponseBody) 8602 cc.forgetStreamID(cs.ID) 8603 return nil 8604} 8605 8606func (rl *http2clientConnReadLoop) processData(f *http2DataFrame) error { 8607 cc := rl.cc 8608 cs := cc.streamByID(f.StreamID, f.StreamEnded()) 8609 data := f.Data() 8610 if cs == nil { 8611 cc.mu.Lock() 8612 neverSent := cc.nextStreamID 8613 cc.mu.Unlock() 8614 if f.StreamID >= neverSent { 8615 // We never asked for this. 8616 cc.logf("http2: Transport received unsolicited DATA frame; closing connection") 8617 return http2ConnectionError(http2ErrCodeProtocol) 8618 } 8619 // We probably did ask for this, but canceled. Just ignore it. 8620 // TODO: be stricter here? only silently ignore things which 8621 // we canceled, but not things which were closed normally 8622 // by the peer? Tough without accumulating too much state. 8623 8624 // But at least return their flow control: 8625 if f.Length > 0 { 8626 cc.mu.Lock() 8627 cc.inflow.add(int32(f.Length)) 8628 cc.mu.Unlock() 8629 8630 cc.wmu.Lock() 8631 cc.fr.WriteWindowUpdate(0, uint32(f.Length)) 8632 cc.bw.Flush() 8633 cc.wmu.Unlock() 8634 } 8635 return nil 8636 } 8637 if !cs.firstByte { 8638 cc.logf("protocol error: received DATA before a HEADERS frame") 8639 rl.endStreamError(cs, http2StreamError{ 8640 StreamID: f.StreamID, 8641 Code: http2ErrCodeProtocol, 8642 }) 8643 return nil 8644 } 8645 if f.Length > 0 { 8646 if cs.req.Method == "HEAD" && len(data) > 0 { 8647 cc.logf("protocol error: received DATA on a HEAD request") 8648 rl.endStreamError(cs, http2StreamError{ 8649 StreamID: f.StreamID, 8650 Code: http2ErrCodeProtocol, 8651 }) 8652 return nil 8653 } 8654 // Check connection-level flow control. 8655 cc.mu.Lock() 8656 if cs.inflow.available() >= int32(f.Length) { 8657 cs.inflow.take(int32(f.Length)) 8658 } else { 8659 cc.mu.Unlock() 8660 return http2ConnectionError(http2ErrCodeFlowControl) 8661 } 8662 // Return any padded flow control now, since we won't 8663 // refund it later on body reads. 8664 var refund int 8665 if pad := int(f.Length) - len(data); pad > 0 { 8666 refund += pad 8667 } 8668 // Return len(data) now if the stream is already closed, 8669 // since data will never be read. 8670 didReset := cs.didReset 8671 if didReset { 8672 refund += len(data) 8673 } 8674 if refund > 0 { 8675 cc.inflow.add(int32(refund)) 8676 cc.wmu.Lock() 8677 cc.fr.WriteWindowUpdate(0, uint32(refund)) 8678 if !didReset { 8679 cs.inflow.add(int32(refund)) 8680 cc.fr.WriteWindowUpdate(cs.ID, uint32(refund)) 8681 } 8682 cc.bw.Flush() 8683 cc.wmu.Unlock() 8684 } 8685 cc.mu.Unlock() 8686 8687 if len(data) > 0 && !didReset { 8688 if _, err := cs.bufPipe.Write(data); err != nil { 8689 rl.endStreamError(cs, err) 8690 return err 8691 } 8692 } 8693 } 8694 8695 if f.StreamEnded() { 8696 rl.endStream(cs) 8697 } 8698 return nil 8699} 8700 8701var http2errInvalidTrailers = errors.New("http2: invalid trailers") 8702 8703func (rl *http2clientConnReadLoop) endStream(cs *http2clientStream) { 8704 // TODO: check that any declared content-length matches, like 8705 // server.go's (*stream).endStream method. 8706 rl.endStreamError(cs, nil) 8707} 8708 8709func (rl *http2clientConnReadLoop) endStreamError(cs *http2clientStream, err error) { 8710 var code func() 8711 if err == nil { 8712 err = io.EOF 8713 code = cs.copyTrailers 8714 } 8715 if http2isConnectionCloseRequest(cs.req) { 8716 rl.closeWhenIdle = true 8717 } 8718 cs.bufPipe.closeWithErrorAndCode(err, code) 8719 8720 select { 8721 case cs.resc <- http2resAndError{err: err}: 8722 default: 8723 } 8724} 8725 8726func (cs *http2clientStream) copyTrailers() { 8727 for k, vv := range cs.trailer { 8728 t := cs.resTrailer 8729 if *t == nil { 8730 *t = make(Header) 8731 } 8732 (*t)[k] = vv 8733 } 8734} 8735 8736func (rl *http2clientConnReadLoop) processGoAway(f *http2GoAwayFrame) error { 8737 cc := rl.cc 8738 cc.t.connPool().MarkDead(cc) 8739 if f.ErrCode != 0 { 8740 // TODO: deal with GOAWAY more. particularly the error code 8741 cc.vlogf("transport got GOAWAY with error code = %v", f.ErrCode) 8742 } 8743 cc.setGoAway(f) 8744 return nil 8745} 8746 8747func (rl *http2clientConnReadLoop) processSettings(f *http2SettingsFrame) error { 8748 cc := rl.cc 8749 cc.mu.Lock() 8750 defer cc.mu.Unlock() 8751 8752 if f.IsAck() { 8753 if cc.wantSettingsAck { 8754 cc.wantSettingsAck = false 8755 return nil 8756 } 8757 return http2ConnectionError(http2ErrCodeProtocol) 8758 } 8759 8760 err := f.ForeachSetting(func(s http2Setting) error { 8761 switch s.ID { 8762 case http2SettingMaxFrameSize: 8763 cc.maxFrameSize = s.Val 8764 case http2SettingMaxConcurrentStreams: 8765 cc.maxConcurrentStreams = s.Val 8766 case http2SettingMaxHeaderListSize: 8767 cc.peerMaxHeaderListSize = uint64(s.Val) 8768 case http2SettingInitialWindowSize: 8769 // Values above the maximum flow-control 8770 // window size of 2^31-1 MUST be treated as a 8771 // connection error (Section 5.4.1) of type 8772 // FLOW_CONTROL_ERROR. 8773 if s.Val > math.MaxInt32 { 8774 return http2ConnectionError(http2ErrCodeFlowControl) 8775 } 8776 8777 // Adjust flow control of currently-open 8778 // frames by the difference of the old initial 8779 // window size and this one. 8780 delta := int32(s.Val) - int32(cc.initialWindowSize) 8781 for _, cs := range cc.streams { 8782 cs.flow.add(delta) 8783 } 8784 cc.cond.Broadcast() 8785 8786 cc.initialWindowSize = s.Val 8787 default: 8788 // TODO(bradfitz): handle more settings? SETTINGS_HEADER_TABLE_SIZE probably. 8789 cc.vlogf("Unhandled Setting: %v", s) 8790 } 8791 return nil 8792 }) 8793 if err != nil { 8794 return err 8795 } 8796 8797 cc.wmu.Lock() 8798 defer cc.wmu.Unlock() 8799 8800 cc.fr.WriteSettingsAck() 8801 cc.bw.Flush() 8802 return cc.werr 8803} 8804 8805func (rl *http2clientConnReadLoop) processWindowUpdate(f *http2WindowUpdateFrame) error { 8806 cc := rl.cc 8807 cs := cc.streamByID(f.StreamID, false) 8808 if f.StreamID != 0 && cs == nil { 8809 return nil 8810 } 8811 8812 cc.mu.Lock() 8813 defer cc.mu.Unlock() 8814 8815 fl := &cc.flow 8816 if cs != nil { 8817 fl = &cs.flow 8818 } 8819 if !fl.add(int32(f.Increment)) { 8820 return http2ConnectionError(http2ErrCodeFlowControl) 8821 } 8822 cc.cond.Broadcast() 8823 return nil 8824} 8825 8826func (rl *http2clientConnReadLoop) processResetStream(f *http2RSTStreamFrame) error { 8827 cs := rl.cc.streamByID(f.StreamID, true) 8828 if cs == nil { 8829 // TODO: return error if server tries to RST_STEAM an idle stream 8830 return nil 8831 } 8832 select { 8833 case <-cs.peerReset: 8834 // Already reset. 8835 // This is the only goroutine 8836 // which closes this, so there 8837 // isn't a race. 8838 default: 8839 err := http2streamError(cs.ID, f.ErrCode) 8840 cs.resetErr = err 8841 close(cs.peerReset) 8842 cs.bufPipe.CloseWithError(err) 8843 cs.cc.cond.Broadcast() // wake up checkResetOrDone via clientStream.awaitFlowControl 8844 } 8845 return nil 8846} 8847 8848// Ping sends a PING frame to the server and waits for the ack. 8849func (cc *http2ClientConn) Ping(ctx context.Context) error { 8850 c := make(chan struct{}) 8851 // Generate a random payload 8852 var p [8]byte 8853 for { 8854 if _, err := rand.Read(p[:]); err != nil { 8855 return err 8856 } 8857 cc.mu.Lock() 8858 // check for dup before insert 8859 if _, found := cc.pings[p]; !found { 8860 cc.pings[p] = c 8861 cc.mu.Unlock() 8862 break 8863 } 8864 cc.mu.Unlock() 8865 } 8866 cc.wmu.Lock() 8867 if err := cc.fr.WritePing(false, p); err != nil { 8868 cc.wmu.Unlock() 8869 return err 8870 } 8871 if err := cc.bw.Flush(); err != nil { 8872 cc.wmu.Unlock() 8873 return err 8874 } 8875 cc.wmu.Unlock() 8876 select { 8877 case <-c: 8878 return nil 8879 case <-ctx.Done(): 8880 return ctx.Err() 8881 case <-cc.readerDone: 8882 // connection closed 8883 return cc.readerErr 8884 } 8885} 8886 8887func (rl *http2clientConnReadLoop) processPing(f *http2PingFrame) error { 8888 if f.IsAck() { 8889 cc := rl.cc 8890 cc.mu.Lock() 8891 defer cc.mu.Unlock() 8892 // If ack, notify listener if any 8893 if c, ok := cc.pings[f.Data]; ok { 8894 close(c) 8895 delete(cc.pings, f.Data) 8896 } 8897 return nil 8898 } 8899 cc := rl.cc 8900 cc.wmu.Lock() 8901 defer cc.wmu.Unlock() 8902 if err := cc.fr.WritePing(true, f.Data); err != nil { 8903 return err 8904 } 8905 return cc.bw.Flush() 8906} 8907 8908func (rl *http2clientConnReadLoop) processPushPromise(f *http2PushPromiseFrame) error { 8909 // We told the peer we don't want them. 8910 // Spec says: 8911 // "PUSH_PROMISE MUST NOT be sent if the SETTINGS_ENABLE_PUSH 8912 // setting of the peer endpoint is set to 0. An endpoint that 8913 // has set this setting and has received acknowledgement MUST 8914 // treat the receipt of a PUSH_PROMISE frame as a connection 8915 // error (Section 5.4.1) of type PROTOCOL_ERROR." 8916 return http2ConnectionError(http2ErrCodeProtocol) 8917} 8918 8919func (cc *http2ClientConn) writeStreamReset(streamID uint32, code http2ErrCode, err error) { 8920 // TODO: map err to more interesting error codes, once the 8921 // HTTP community comes up with some. But currently for 8922 // RST_STREAM there's no equivalent to GOAWAY frame's debug 8923 // data, and the error codes are all pretty vague ("cancel"). 8924 cc.wmu.Lock() 8925 cc.fr.WriteRSTStream(streamID, code) 8926 cc.bw.Flush() 8927 cc.wmu.Unlock() 8928} 8929 8930var ( 8931 http2errResponseHeaderListSize = errors.New("http2: response header list larger than advertised limit") 8932 http2errRequestHeaderListSize = errors.New("http2: request header list larger than peer's advertised limit") 8933 http2errPseudoTrailers = errors.New("http2: invalid pseudo header in trailers") 8934) 8935 8936func (cc *http2ClientConn) logf(format string, args ...interface{}) { 8937 cc.t.logf(format, args...) 8938} 8939 8940func (cc *http2ClientConn) vlogf(format string, args ...interface{}) { 8941 cc.t.vlogf(format, args...) 8942} 8943 8944func (t *http2Transport) vlogf(format string, args ...interface{}) { 8945 if http2VerboseLogs { 8946 t.logf(format, args...) 8947 } 8948} 8949 8950func (t *http2Transport) logf(format string, args ...interface{}) { 8951 log.Printf(format, args...) 8952} 8953 8954var http2noBody io.ReadCloser = ioutil.NopCloser(bytes.NewReader(nil)) 8955 8956func http2strSliceContains(ss []string, s string) bool { 8957 for _, v := range ss { 8958 if v == s { 8959 return true 8960 } 8961 } 8962 return false 8963} 8964 8965type http2erringRoundTripper struct{ err error } 8966 8967func (rt http2erringRoundTripper) RoundTrip(*Request) (*Response, error) { return nil, rt.err } 8968 8969// gzipReader wraps a response body so it can lazily 8970// call gzip.NewReader on the first call to Read 8971type http2gzipReader struct { 8972 body io.ReadCloser // underlying Response.Body 8973 zr *gzip.Reader // lazily-initialized gzip reader 8974 zerr error // sticky error 8975} 8976 8977func (gz *http2gzipReader) Read(p []byte) (n int, err error) { 8978 if gz.zerr != nil { 8979 return 0, gz.zerr 8980 } 8981 if gz.zr == nil { 8982 gz.zr, err = gzip.NewReader(gz.body) 8983 if err != nil { 8984 gz.zerr = err 8985 return 0, err 8986 } 8987 } 8988 return gz.zr.Read(p) 8989} 8990 8991func (gz *http2gzipReader) Close() error { 8992 return gz.body.Close() 8993} 8994 8995type http2errorReader struct{ err error } 8996 8997func (r http2errorReader) Read(p []byte) (int, error) { return 0, r.err } 8998 8999// bodyWriterState encapsulates various state around the Transport's writing 9000// of the request body, particularly regarding doing delayed writes of the body 9001// when the request contains "Expect: 100-continue". 9002type http2bodyWriterState struct { 9003 cs *http2clientStream 9004 timer *time.Timer // if non-nil, we're doing a delayed write 9005 fnonce *sync.Once // to call fn with 9006 fn func() // the code to run in the goroutine, writing the body 9007 resc chan error // result of fn's execution 9008 delay time.Duration // how long we should delay a delayed write for 9009} 9010 9011func (t *http2Transport) getBodyWriterState(cs *http2clientStream, body io.Reader) (s http2bodyWriterState) { 9012 s.cs = cs 9013 if body == nil { 9014 return 9015 } 9016 resc := make(chan error, 1) 9017 s.resc = resc 9018 s.fn = func() { 9019 cs.cc.mu.Lock() 9020 cs.startedWrite = true 9021 cs.cc.mu.Unlock() 9022 resc <- cs.writeRequestBody(body, cs.req.Body) 9023 } 9024 s.delay = t.expectContinueTimeout() 9025 if s.delay == 0 || 9026 !httpguts.HeaderValuesContainsToken( 9027 cs.req.Header["Expect"], 9028 "100-continue") { 9029 return 9030 } 9031 s.fnonce = new(sync.Once) 9032 9033 // Arm the timer with a very large duration, which we'll 9034 // intentionally lower later. It has to be large now because 9035 // we need a handle to it before writing the headers, but the 9036 // s.delay value is defined to not start until after the 9037 // request headers were written. 9038 const hugeDuration = 365 * 24 * time.Hour 9039 s.timer = time.AfterFunc(hugeDuration, func() { 9040 s.fnonce.Do(s.fn) 9041 }) 9042 return 9043} 9044 9045func (s http2bodyWriterState) cancel() { 9046 if s.timer != nil { 9047 s.timer.Stop() 9048 } 9049} 9050 9051func (s http2bodyWriterState) on100() { 9052 if s.timer == nil { 9053 // If we didn't do a delayed write, ignore the server's 9054 // bogus 100 continue response. 9055 return 9056 } 9057 s.timer.Stop() 9058 go func() { s.fnonce.Do(s.fn) }() 9059} 9060 9061// scheduleBodyWrite starts writing the body, either immediately (in 9062// the common case) or after the delay timeout. It should not be 9063// called until after the headers have been written. 9064func (s http2bodyWriterState) scheduleBodyWrite() { 9065 if s.timer == nil { 9066 // We're not doing a delayed write (see 9067 // getBodyWriterState), so just start the writing 9068 // goroutine immediately. 9069 go s.fn() 9070 return 9071 } 9072 http2traceWait100Continue(s.cs.trace) 9073 if s.timer.Stop() { 9074 s.timer.Reset(s.delay) 9075 } 9076} 9077 9078// isConnectionCloseRequest reports whether req should use its own 9079// connection for a single request and then close the connection. 9080func http2isConnectionCloseRequest(req *Request) bool { 9081 return req.Close || httpguts.HeaderValuesContainsToken(req.Header["Connection"], "close") 9082} 9083 9084// registerHTTPSProtocol calls Transport.RegisterProtocol but 9085// converting panics into errors. 9086func http2registerHTTPSProtocol(t *Transport, rt http2noDialH2RoundTripper) (err error) { 9087 defer func() { 9088 if e := recover(); e != nil { 9089 err = fmt.Errorf("%v", e) 9090 } 9091 }() 9092 t.RegisterProtocol("https", rt) 9093 return nil 9094} 9095 9096// noDialH2RoundTripper is a RoundTripper which only tries to complete the request 9097// if there's already has a cached connection to the host. 9098// (The field is exported so it can be accessed via reflect from net/http; tested 9099// by TestNoDialH2RoundTripperType) 9100type http2noDialH2RoundTripper struct{ *http2Transport } 9101 9102func (rt http2noDialH2RoundTripper) RoundTrip(req *Request) (*Response, error) { 9103 res, err := rt.http2Transport.RoundTrip(req) 9104 if http2isNoCachedConnError(err) { 9105 return nil, ErrSkipAltProtocol 9106 } 9107 return res, err 9108} 9109 9110func (t *http2Transport) idleConnTimeout() time.Duration { 9111 if t.t1 != nil { 9112 return t.t1.IdleConnTimeout 9113 } 9114 return 0 9115} 9116 9117func http2traceGetConn(req *Request, hostPort string) { 9118 trace := httptrace.ContextClientTrace(req.Context()) 9119 if trace == nil || trace.GetConn == nil { 9120 return 9121 } 9122 trace.GetConn(hostPort) 9123} 9124 9125func http2traceGotConn(req *Request, cc *http2ClientConn, reused bool) { 9126 trace := httptrace.ContextClientTrace(req.Context()) 9127 if trace == nil || trace.GotConn == nil { 9128 return 9129 } 9130 ci := httptrace.GotConnInfo{Conn: cc.tconn} 9131 ci.Reused = reused 9132 cc.mu.Lock() 9133 ci.WasIdle = len(cc.streams) == 0 && reused 9134 if ci.WasIdle && !cc.lastActive.IsZero() { 9135 ci.IdleTime = time.Now().Sub(cc.lastActive) 9136 } 9137 cc.mu.Unlock() 9138 9139 trace.GotConn(ci) 9140} 9141 9142func http2traceWroteHeaders(trace *httptrace.ClientTrace) { 9143 if trace != nil && trace.WroteHeaders != nil { 9144 trace.WroteHeaders() 9145 } 9146} 9147 9148func http2traceGot100Continue(trace *httptrace.ClientTrace) { 9149 if trace != nil && trace.Got100Continue != nil { 9150 trace.Got100Continue() 9151 } 9152} 9153 9154func http2traceWait100Continue(trace *httptrace.ClientTrace) { 9155 if trace != nil && trace.Wait100Continue != nil { 9156 trace.Wait100Continue() 9157 } 9158} 9159 9160func http2traceWroteRequest(trace *httptrace.ClientTrace, err error) { 9161 if trace != nil && trace.WroteRequest != nil { 9162 trace.WroteRequest(httptrace.WroteRequestInfo{Err: err}) 9163 } 9164} 9165 9166func http2traceFirstResponseByte(trace *httptrace.ClientTrace) { 9167 if trace != nil && trace.GotFirstResponseByte != nil { 9168 trace.GotFirstResponseByte() 9169 } 9170} 9171 9172// writeFramer is implemented by any type that is used to write frames. 9173type http2writeFramer interface { 9174 writeFrame(http2writeContext) error 9175 9176 // staysWithinBuffer reports whether this writer promises that 9177 // it will only write less than or equal to size bytes, and it 9178 // won't Flush the write context. 9179 staysWithinBuffer(size int) bool 9180} 9181 9182// writeContext is the interface needed by the various frame writer 9183// types below. All the writeFrame methods below are scheduled via the 9184// frame writing scheduler (see writeScheduler in writesched.go). 9185// 9186// This interface is implemented by *serverConn. 9187// 9188// TODO: decide whether to a) use this in the client code (which didn't 9189// end up using this yet, because it has a simpler design, not 9190// currently implementing priorities), or b) delete this and 9191// make the server code a bit more concrete. 9192type http2writeContext interface { 9193 Framer() *http2Framer 9194 Flush() error 9195 CloseConn() error 9196 // HeaderEncoder returns an HPACK encoder that writes to the 9197 // returned buffer. 9198 HeaderEncoder() (*hpack.Encoder, *bytes.Buffer) 9199} 9200 9201// writeEndsStream reports whether w writes a frame that will transition 9202// the stream to a half-closed local state. This returns false for RST_STREAM, 9203// which closes the entire stream (not just the local half). 9204func http2writeEndsStream(w http2writeFramer) bool { 9205 switch v := w.(type) { 9206 case *http2writeData: 9207 return v.endStream 9208 case *http2writeResHeaders: 9209 return v.endStream 9210 case nil: 9211 // This can only happen if the caller reuses w after it's 9212 // been intentionally nil'ed out to prevent use. Keep this 9213 // here to catch future refactoring breaking it. 9214 panic("writeEndsStream called on nil writeFramer") 9215 } 9216 return false 9217} 9218 9219type http2flushFrameWriter struct{} 9220 9221func (http2flushFrameWriter) writeFrame(ctx http2writeContext) error { 9222 return ctx.Flush() 9223} 9224 9225func (http2flushFrameWriter) staysWithinBuffer(max int) bool { return false } 9226 9227type http2writeSettings []http2Setting 9228 9229func (s http2writeSettings) staysWithinBuffer(max int) bool { 9230 const settingSize = 6 // uint16 + uint32 9231 return http2frameHeaderLen+settingSize*len(s) <= max 9232 9233} 9234 9235func (s http2writeSettings) writeFrame(ctx http2writeContext) error { 9236 return ctx.Framer().WriteSettings([]http2Setting(s)...) 9237} 9238 9239type http2writeGoAway struct { 9240 maxStreamID uint32 9241 code http2ErrCode 9242} 9243 9244func (p *http2writeGoAway) writeFrame(ctx http2writeContext) error { 9245 err := ctx.Framer().WriteGoAway(p.maxStreamID, p.code, nil) 9246 ctx.Flush() // ignore error: we're hanging up on them anyway 9247 return err 9248} 9249 9250func (*http2writeGoAway) staysWithinBuffer(max int) bool { return false } // flushes 9251 9252type http2writeData struct { 9253 streamID uint32 9254 p []byte 9255 endStream bool 9256} 9257 9258func (w *http2writeData) String() string { 9259 return fmt.Sprintf("writeData(stream=%d, p=%d, endStream=%v)", w.streamID, len(w.p), w.endStream) 9260} 9261 9262func (w *http2writeData) writeFrame(ctx http2writeContext) error { 9263 return ctx.Framer().WriteData(w.streamID, w.endStream, w.p) 9264} 9265 9266func (w *http2writeData) staysWithinBuffer(max int) bool { 9267 return http2frameHeaderLen+len(w.p) <= max 9268} 9269 9270// handlerPanicRST is the message sent from handler goroutines when 9271// the handler panics. 9272type http2handlerPanicRST struct { 9273 StreamID uint32 9274} 9275 9276func (hp http2handlerPanicRST) writeFrame(ctx http2writeContext) error { 9277 return ctx.Framer().WriteRSTStream(hp.StreamID, http2ErrCodeInternal) 9278} 9279 9280func (hp http2handlerPanicRST) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max } 9281 9282func (se http2StreamError) writeFrame(ctx http2writeContext) error { 9283 return ctx.Framer().WriteRSTStream(se.StreamID, se.Code) 9284} 9285 9286func (se http2StreamError) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max } 9287 9288type http2writePingAck struct{ pf *http2PingFrame } 9289 9290func (w http2writePingAck) writeFrame(ctx http2writeContext) error { 9291 return ctx.Framer().WritePing(true, w.pf.Data) 9292} 9293 9294func (w http2writePingAck) staysWithinBuffer(max int) bool { 9295 return http2frameHeaderLen+len(w.pf.Data) <= max 9296} 9297 9298type http2writeSettingsAck struct{} 9299 9300func (http2writeSettingsAck) writeFrame(ctx http2writeContext) error { 9301 return ctx.Framer().WriteSettingsAck() 9302} 9303 9304func (http2writeSettingsAck) staysWithinBuffer(max int) bool { return http2frameHeaderLen <= max } 9305 9306// splitHeaderBlock splits headerBlock into fragments so that each fragment fits 9307// in a single frame, then calls fn for each fragment. firstFrag/lastFrag are true 9308// for the first/last fragment, respectively. 9309func http2splitHeaderBlock(ctx http2writeContext, headerBlock []byte, fn func(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error) error { 9310 // For now we're lazy and just pick the minimum MAX_FRAME_SIZE 9311 // that all peers must support (16KB). Later we could care 9312 // more and send larger frames if the peer advertised it, but 9313 // there's little point. Most headers are small anyway (so we 9314 // generally won't have CONTINUATION frames), and extra frames 9315 // only waste 9 bytes anyway. 9316 const maxFrameSize = 16384 9317 9318 first := true 9319 for len(headerBlock) > 0 { 9320 frag := headerBlock 9321 if len(frag) > maxFrameSize { 9322 frag = frag[:maxFrameSize] 9323 } 9324 headerBlock = headerBlock[len(frag):] 9325 if err := fn(ctx, frag, first, len(headerBlock) == 0); err != nil { 9326 return err 9327 } 9328 first = false 9329 } 9330 return nil 9331} 9332 9333// writeResHeaders is a request to write a HEADERS and 0+ CONTINUATION frames 9334// for HTTP response headers or trailers from a server handler. 9335type http2writeResHeaders struct { 9336 streamID uint32 9337 httpResCode int // 0 means no ":status" line 9338 h Header // may be nil 9339 trailers []string // if non-nil, which keys of h to write. nil means all. 9340 endStream bool 9341 9342 date string 9343 contentType string 9344 contentLength string 9345} 9346 9347func http2encKV(enc *hpack.Encoder, k, v string) { 9348 if http2VerboseLogs { 9349 log.Printf("http2: server encoding header %q = %q", k, v) 9350 } 9351 enc.WriteField(hpack.HeaderField{Name: k, Value: v}) 9352} 9353 9354func (w *http2writeResHeaders) staysWithinBuffer(max int) bool { 9355 // TODO: this is a common one. It'd be nice to return true 9356 // here and get into the fast path if we could be clever and 9357 // calculate the size fast enough, or at least a conservative 9358 // upper bound that usually fires. (Maybe if w.h and 9359 // w.trailers are nil, so we don't need to enumerate it.) 9360 // Otherwise I'm afraid that just calculating the length to 9361 // answer this question would be slower than the ~2µs benefit. 9362 return false 9363} 9364 9365func (w *http2writeResHeaders) writeFrame(ctx http2writeContext) error { 9366 enc, buf := ctx.HeaderEncoder() 9367 buf.Reset() 9368 9369 if w.httpResCode != 0 { 9370 http2encKV(enc, ":status", http2httpCodeString(w.httpResCode)) 9371 } 9372 9373 http2encodeHeaders(enc, w.h, w.trailers) 9374 9375 if w.contentType != "" { 9376 http2encKV(enc, "content-type", w.contentType) 9377 } 9378 if w.contentLength != "" { 9379 http2encKV(enc, "content-length", w.contentLength) 9380 } 9381 if w.date != "" { 9382 http2encKV(enc, "date", w.date) 9383 } 9384 9385 headerBlock := buf.Bytes() 9386 if len(headerBlock) == 0 && w.trailers == nil { 9387 panic("unexpected empty hpack") 9388 } 9389 9390 return http2splitHeaderBlock(ctx, headerBlock, w.writeHeaderBlock) 9391} 9392 9393func (w *http2writeResHeaders) writeHeaderBlock(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error { 9394 if firstFrag { 9395 return ctx.Framer().WriteHeaders(http2HeadersFrameParam{ 9396 StreamID: w.streamID, 9397 BlockFragment: frag, 9398 EndStream: w.endStream, 9399 EndHeaders: lastFrag, 9400 }) 9401 } else { 9402 return ctx.Framer().WriteContinuation(w.streamID, lastFrag, frag) 9403 } 9404} 9405 9406// writePushPromise is a request to write a PUSH_PROMISE and 0+ CONTINUATION frames. 9407type http2writePushPromise struct { 9408 streamID uint32 // pusher stream 9409 method string // for :method 9410 url *url.URL // for :scheme, :authority, :path 9411 h Header 9412 9413 // Creates an ID for a pushed stream. This runs on serveG just before 9414 // the frame is written. The returned ID is copied to promisedID. 9415 allocatePromisedID func() (uint32, error) 9416 promisedID uint32 9417} 9418 9419func (w *http2writePushPromise) staysWithinBuffer(max int) bool { 9420 // TODO: see writeResHeaders.staysWithinBuffer 9421 return false 9422} 9423 9424func (w *http2writePushPromise) writeFrame(ctx http2writeContext) error { 9425 enc, buf := ctx.HeaderEncoder() 9426 buf.Reset() 9427 9428 http2encKV(enc, ":method", w.method) 9429 http2encKV(enc, ":scheme", w.url.Scheme) 9430 http2encKV(enc, ":authority", w.url.Host) 9431 http2encKV(enc, ":path", w.url.RequestURI()) 9432 http2encodeHeaders(enc, w.h, nil) 9433 9434 headerBlock := buf.Bytes() 9435 if len(headerBlock) == 0 { 9436 panic("unexpected empty hpack") 9437 } 9438 9439 return http2splitHeaderBlock(ctx, headerBlock, w.writeHeaderBlock) 9440} 9441 9442func (w *http2writePushPromise) writeHeaderBlock(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error { 9443 if firstFrag { 9444 return ctx.Framer().WritePushPromise(http2PushPromiseParam{ 9445 StreamID: w.streamID, 9446 PromiseID: w.promisedID, 9447 BlockFragment: frag, 9448 EndHeaders: lastFrag, 9449 }) 9450 } else { 9451 return ctx.Framer().WriteContinuation(w.streamID, lastFrag, frag) 9452 } 9453} 9454 9455type http2write100ContinueHeadersFrame struct { 9456 streamID uint32 9457} 9458 9459func (w http2write100ContinueHeadersFrame) writeFrame(ctx http2writeContext) error { 9460 enc, buf := ctx.HeaderEncoder() 9461 buf.Reset() 9462 http2encKV(enc, ":status", "100") 9463 return ctx.Framer().WriteHeaders(http2HeadersFrameParam{ 9464 StreamID: w.streamID, 9465 BlockFragment: buf.Bytes(), 9466 EndStream: false, 9467 EndHeaders: true, 9468 }) 9469} 9470 9471func (w http2write100ContinueHeadersFrame) staysWithinBuffer(max int) bool { 9472 // Sloppy but conservative: 9473 return 9+2*(len(":status")+len("100")) <= max 9474} 9475 9476type http2writeWindowUpdate struct { 9477 streamID uint32 // or 0 for conn-level 9478 n uint32 9479} 9480 9481func (wu http2writeWindowUpdate) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max } 9482 9483func (wu http2writeWindowUpdate) writeFrame(ctx http2writeContext) error { 9484 return ctx.Framer().WriteWindowUpdate(wu.streamID, wu.n) 9485} 9486 9487// encodeHeaders encodes an http.Header. If keys is not nil, then (k, h[k]) 9488// is encoded only if k is in keys. 9489func http2encodeHeaders(enc *hpack.Encoder, h Header, keys []string) { 9490 if keys == nil { 9491 sorter := http2sorterPool.Get().(*http2sorter) 9492 // Using defer here, since the returned keys from the 9493 // sorter.Keys method is only valid until the sorter 9494 // is returned: 9495 defer http2sorterPool.Put(sorter) 9496 keys = sorter.Keys(h) 9497 } 9498 for _, k := range keys { 9499 vv := h[k] 9500 k = http2lowerHeader(k) 9501 if !http2validWireHeaderFieldName(k) { 9502 // Skip it as backup paranoia. Per 9503 // golang.org/issue/14048, these should 9504 // already be rejected at a higher level. 9505 continue 9506 } 9507 isTE := k == "transfer-encoding" 9508 for _, v := range vv { 9509 if !httpguts.ValidHeaderFieldValue(v) { 9510 // TODO: return an error? golang.org/issue/14048 9511 // For now just omit it. 9512 continue 9513 } 9514 // TODO: more of "8.1.2.2 Connection-Specific Header Fields" 9515 if isTE && v != "trailers" { 9516 continue 9517 } 9518 http2encKV(enc, k, v) 9519 } 9520 } 9521} 9522 9523// WriteScheduler is the interface implemented by HTTP/2 write schedulers. 9524// Methods are never called concurrently. 9525type http2WriteScheduler interface { 9526 // OpenStream opens a new stream in the write scheduler. 9527 // It is illegal to call this with streamID=0 or with a streamID that is 9528 // already open -- the call may panic. 9529 OpenStream(streamID uint32, options http2OpenStreamOptions) 9530 9531 // CloseStream closes a stream in the write scheduler. Any frames queued on 9532 // this stream should be discarded. It is illegal to call this on a stream 9533 // that is not open -- the call may panic. 9534 CloseStream(streamID uint32) 9535 9536 // AdjustStream adjusts the priority of the given stream. This may be called 9537 // on a stream that has not yet been opened or has been closed. Note that 9538 // RFC 7540 allows PRIORITY frames to be sent on streams in any state. See: 9539 // https://tools.ietf.org/html/rfc7540#section-5.1 9540 AdjustStream(streamID uint32, priority http2PriorityParam) 9541 9542 // Push queues a frame in the scheduler. In most cases, this will not be 9543 // called with wr.StreamID()!=0 unless that stream is currently open. The one 9544 // exception is RST_STREAM frames, which may be sent on idle or closed streams. 9545 Push(wr http2FrameWriteRequest) 9546 9547 // Pop dequeues the next frame to write. Returns false if no frames can 9548 // be written. Frames with a given wr.StreamID() are Pop'd in the same 9549 // order they are Push'd. No frames should be discarded except by CloseStream. 9550 Pop() (wr http2FrameWriteRequest, ok bool) 9551} 9552 9553// OpenStreamOptions specifies extra options for WriteScheduler.OpenStream. 9554type http2OpenStreamOptions struct { 9555 // PusherID is zero if the stream was initiated by the client. Otherwise, 9556 // PusherID names the stream that pushed the newly opened stream. 9557 PusherID uint32 9558} 9559 9560// FrameWriteRequest is a request to write a frame. 9561type http2FrameWriteRequest struct { 9562 // write is the interface value that does the writing, once the 9563 // WriteScheduler has selected this frame to write. The write 9564 // functions are all defined in write.go. 9565 write http2writeFramer 9566 9567 // stream is the stream on which this frame will be written. 9568 // nil for non-stream frames like PING and SETTINGS. 9569 stream *http2stream 9570 9571 // done, if non-nil, must be a buffered channel with space for 9572 // 1 message and is sent the return value from write (or an 9573 // earlier error) when the frame has been written. 9574 done chan error 9575} 9576 9577// StreamID returns the id of the stream this frame will be written to. 9578// 0 is used for non-stream frames such as PING and SETTINGS. 9579func (wr http2FrameWriteRequest) StreamID() uint32 { 9580 if wr.stream == nil { 9581 if se, ok := wr.write.(http2StreamError); ok { 9582 // (*serverConn).resetStream doesn't set 9583 // stream because it doesn't necessarily have 9584 // one. So special case this type of write 9585 // message. 9586 return se.StreamID 9587 } 9588 return 0 9589 } 9590 return wr.stream.id 9591} 9592 9593// isControl reports whether wr is a control frame for MaxQueuedControlFrames 9594// purposes. That includes non-stream frames and RST_STREAM frames. 9595func (wr http2FrameWriteRequest) isControl() bool { 9596 return wr.stream == nil 9597} 9598 9599// DataSize returns the number of flow control bytes that must be consumed 9600// to write this entire frame. This is 0 for non-DATA frames. 9601func (wr http2FrameWriteRequest) DataSize() int { 9602 if wd, ok := wr.write.(*http2writeData); ok { 9603 return len(wd.p) 9604 } 9605 return 0 9606} 9607 9608// Consume consumes min(n, available) bytes from this frame, where available 9609// is the number of flow control bytes available on the stream. Consume returns 9610// 0, 1, or 2 frames, where the integer return value gives the number of frames 9611// returned. 9612// 9613// If flow control prevents consuming any bytes, this returns (_, _, 0). If 9614// the entire frame was consumed, this returns (wr, _, 1). Otherwise, this 9615// returns (consumed, rest, 2), where 'consumed' contains the consumed bytes and 9616// 'rest' contains the remaining bytes. The consumed bytes are deducted from the 9617// underlying stream's flow control budget. 9618func (wr http2FrameWriteRequest) Consume(n int32) (http2FrameWriteRequest, http2FrameWriteRequest, int) { 9619 var empty http2FrameWriteRequest 9620 9621 // Non-DATA frames are always consumed whole. 9622 wd, ok := wr.write.(*http2writeData) 9623 if !ok || len(wd.p) == 0 { 9624 return wr, empty, 1 9625 } 9626 9627 // Might need to split after applying limits. 9628 allowed := wr.stream.flow.available() 9629 if n < allowed { 9630 allowed = n 9631 } 9632 if wr.stream.sc.maxFrameSize < allowed { 9633 allowed = wr.stream.sc.maxFrameSize 9634 } 9635 if allowed <= 0 { 9636 return empty, empty, 0 9637 } 9638 if len(wd.p) > int(allowed) { 9639 wr.stream.flow.take(allowed) 9640 consumed := http2FrameWriteRequest{ 9641 stream: wr.stream, 9642 write: &http2writeData{ 9643 streamID: wd.streamID, 9644 p: wd.p[:allowed], 9645 // Even if the original had endStream set, there 9646 // are bytes remaining because len(wd.p) > allowed, 9647 // so we know endStream is false. 9648 endStream: false, 9649 }, 9650 // Our caller is blocking on the final DATA frame, not 9651 // this intermediate frame, so no need to wait. 9652 done: nil, 9653 } 9654 rest := http2FrameWriteRequest{ 9655 stream: wr.stream, 9656 write: &http2writeData{ 9657 streamID: wd.streamID, 9658 p: wd.p[allowed:], 9659 endStream: wd.endStream, 9660 }, 9661 done: wr.done, 9662 } 9663 return consumed, rest, 2 9664 } 9665 9666 // The frame is consumed whole. 9667 // NB: This cast cannot overflow because allowed is <= math.MaxInt32. 9668 wr.stream.flow.take(int32(len(wd.p))) 9669 return wr, empty, 1 9670} 9671 9672// String is for debugging only. 9673func (wr http2FrameWriteRequest) String() string { 9674 var des string 9675 if s, ok := wr.write.(fmt.Stringer); ok { 9676 des = s.String() 9677 } else { 9678 des = fmt.Sprintf("%T", wr.write) 9679 } 9680 return fmt.Sprintf("[FrameWriteRequest stream=%d, ch=%v, writer=%v]", wr.StreamID(), wr.done != nil, des) 9681} 9682 9683// replyToWriter sends err to wr.done and panics if the send must block 9684// This does nothing if wr.done is nil. 9685func (wr *http2FrameWriteRequest) replyToWriter(err error) { 9686 if wr.done == nil { 9687 return 9688 } 9689 select { 9690 case wr.done <- err: 9691 default: 9692 panic(fmt.Sprintf("unbuffered done channel passed in for type %T", wr.write)) 9693 } 9694 wr.write = nil // prevent use (assume it's tainted after wr.done send) 9695} 9696 9697// writeQueue is used by implementations of WriteScheduler. 9698type http2writeQueue struct { 9699 s []http2FrameWriteRequest 9700} 9701 9702func (q *http2writeQueue) empty() bool { return len(q.s) == 0 } 9703 9704func (q *http2writeQueue) push(wr http2FrameWriteRequest) { 9705 q.s = append(q.s, wr) 9706} 9707 9708func (q *http2writeQueue) shift() http2FrameWriteRequest { 9709 if len(q.s) == 0 { 9710 panic("invalid use of queue") 9711 } 9712 wr := q.s[0] 9713 // TODO: less copy-happy queue. 9714 copy(q.s, q.s[1:]) 9715 q.s[len(q.s)-1] = http2FrameWriteRequest{} 9716 q.s = q.s[:len(q.s)-1] 9717 return wr 9718} 9719 9720// consume consumes up to n bytes from q.s[0]. If the frame is 9721// entirely consumed, it is removed from the queue. If the frame 9722// is partially consumed, the frame is kept with the consumed 9723// bytes removed. Returns true iff any bytes were consumed. 9724func (q *http2writeQueue) consume(n int32) (http2FrameWriteRequest, bool) { 9725 if len(q.s) == 0 { 9726 return http2FrameWriteRequest{}, false 9727 } 9728 consumed, rest, numresult := q.s[0].Consume(n) 9729 switch numresult { 9730 case 0: 9731 return http2FrameWriteRequest{}, false 9732 case 1: 9733 q.shift() 9734 case 2: 9735 q.s[0] = rest 9736 } 9737 return consumed, true 9738} 9739 9740type http2writeQueuePool []*http2writeQueue 9741 9742// put inserts an unused writeQueue into the pool. 9743 9744// put inserts an unused writeQueue into the pool. 9745func (p *http2writeQueuePool) put(q *http2writeQueue) { 9746 for i := range q.s { 9747 q.s[i] = http2FrameWriteRequest{} 9748 } 9749 q.s = q.s[:0] 9750 *p = append(*p, q) 9751} 9752 9753// get returns an empty writeQueue. 9754func (p *http2writeQueuePool) get() *http2writeQueue { 9755 ln := len(*p) 9756 if ln == 0 { 9757 return new(http2writeQueue) 9758 } 9759 x := ln - 1 9760 q := (*p)[x] 9761 (*p)[x] = nil 9762 *p = (*p)[:x] 9763 return q 9764} 9765 9766// RFC 7540, Section 5.3.5: the default weight is 16. 9767const http2priorityDefaultWeight = 15 // 16 = 15 + 1 9768 9769// PriorityWriteSchedulerConfig configures a priorityWriteScheduler. 9770type http2PriorityWriteSchedulerConfig struct { 9771 // MaxClosedNodesInTree controls the maximum number of closed streams to 9772 // retain in the priority tree. Setting this to zero saves a small amount 9773 // of memory at the cost of performance. 9774 // 9775 // See RFC 7540, Section 5.3.4: 9776 // "It is possible for a stream to become closed while prioritization 9777 // information ... is in transit. ... This potentially creates suboptimal 9778 // prioritization, since the stream could be given a priority that is 9779 // different from what is intended. To avoid these problems, an endpoint 9780 // SHOULD retain stream prioritization state for a period after streams 9781 // become closed. The longer state is retained, the lower the chance that 9782 // streams are assigned incorrect or default priority values." 9783 MaxClosedNodesInTree int 9784 9785 // MaxIdleNodesInTree controls the maximum number of idle streams to 9786 // retain in the priority tree. Setting this to zero saves a small amount 9787 // of memory at the cost of performance. 9788 // 9789 // See RFC 7540, Section 5.3.4: 9790 // Similarly, streams that are in the "idle" state can be assigned 9791 // priority or become a parent of other streams. This allows for the 9792 // creation of a grouping node in the dependency tree, which enables 9793 // more flexible expressions of priority. Idle streams begin with a 9794 // default priority (Section 5.3.5). 9795 MaxIdleNodesInTree int 9796 9797 // ThrottleOutOfOrderWrites enables write throttling to help ensure that 9798 // data is delivered in priority order. This works around a race where 9799 // stream B depends on stream A and both streams are about to call Write 9800 // to queue DATA frames. If B wins the race, a naive scheduler would eagerly 9801 // write as much data from B as possible, but this is suboptimal because A 9802 // is a higher-priority stream. With throttling enabled, we write a small 9803 // amount of data from B to minimize the amount of bandwidth that B can 9804 // steal from A. 9805 ThrottleOutOfOrderWrites bool 9806} 9807 9808// NewPriorityWriteScheduler constructs a WriteScheduler that schedules 9809// frames by following HTTP/2 priorities as described in RFC 7540 Section 5.3. 9810// If cfg is nil, default options are used. 9811func http2NewPriorityWriteScheduler(cfg *http2PriorityWriteSchedulerConfig) http2WriteScheduler { 9812 if cfg == nil { 9813 // For justification of these defaults, see: 9814 // https://docs.google.com/document/d/1oLhNg1skaWD4_DtaoCxdSRN5erEXrH-KnLrMwEpOtFY 9815 cfg = &http2PriorityWriteSchedulerConfig{ 9816 MaxClosedNodesInTree: 10, 9817 MaxIdleNodesInTree: 10, 9818 ThrottleOutOfOrderWrites: false, 9819 } 9820 } 9821 9822 ws := &http2priorityWriteScheduler{ 9823 nodes: make(map[uint32]*http2priorityNode), 9824 maxClosedNodesInTree: cfg.MaxClosedNodesInTree, 9825 maxIdleNodesInTree: cfg.MaxIdleNodesInTree, 9826 enableWriteThrottle: cfg.ThrottleOutOfOrderWrites, 9827 } 9828 ws.nodes[0] = &ws.root 9829 if cfg.ThrottleOutOfOrderWrites { 9830 ws.writeThrottleLimit = 1024 9831 } else { 9832 ws.writeThrottleLimit = math.MaxInt32 9833 } 9834 return ws 9835} 9836 9837type http2priorityNodeState int 9838 9839const ( 9840 http2priorityNodeOpen http2priorityNodeState = iota 9841 http2priorityNodeClosed 9842 http2priorityNodeIdle 9843) 9844 9845// priorityNode is a node in an HTTP/2 priority tree. 9846// Each node is associated with a single stream ID. 9847// See RFC 7540, Section 5.3. 9848type http2priorityNode struct { 9849 q http2writeQueue // queue of pending frames to write 9850 id uint32 // id of the stream, or 0 for the root of the tree 9851 weight uint8 // the actual weight is weight+1, so the value is in [1,256] 9852 state http2priorityNodeState // open | closed | idle 9853 bytes int64 // number of bytes written by this node, or 0 if closed 9854 subtreeBytes int64 // sum(node.bytes) of all nodes in this subtree 9855 9856 // These links form the priority tree. 9857 parent *http2priorityNode 9858 kids *http2priorityNode // start of the kids list 9859 prev, next *http2priorityNode // doubly-linked list of siblings 9860} 9861 9862func (n *http2priorityNode) setParent(parent *http2priorityNode) { 9863 if n == parent { 9864 panic("setParent to self") 9865 } 9866 if n.parent == parent { 9867 return 9868 } 9869 // Unlink from current parent. 9870 if parent := n.parent; parent != nil { 9871 if n.prev == nil { 9872 parent.kids = n.next 9873 } else { 9874 n.prev.next = n.next 9875 } 9876 if n.next != nil { 9877 n.next.prev = n.prev 9878 } 9879 } 9880 // Link to new parent. 9881 // If parent=nil, remove n from the tree. 9882 // Always insert at the head of parent.kids (this is assumed by walkReadyInOrder). 9883 n.parent = parent 9884 if parent == nil { 9885 n.next = nil 9886 n.prev = nil 9887 } else { 9888 n.next = parent.kids 9889 n.prev = nil 9890 if n.next != nil { 9891 n.next.prev = n 9892 } 9893 parent.kids = n 9894 } 9895} 9896 9897func (n *http2priorityNode) addBytes(b int64) { 9898 n.bytes += b 9899 for ; n != nil; n = n.parent { 9900 n.subtreeBytes += b 9901 } 9902} 9903 9904// walkReadyInOrder iterates over the tree in priority order, calling f for each node 9905// with a non-empty write queue. When f returns true, this function returns true and the 9906// walk halts. tmp is used as scratch space for sorting. 9907// 9908// f(n, openParent) takes two arguments: the node to visit, n, and a bool that is true 9909// if any ancestor p of n is still open (ignoring the root node). 9910func (n *http2priorityNode) walkReadyInOrder(openParent bool, tmp *[]*http2priorityNode, f func(*http2priorityNode, bool) bool) bool { 9911 if !n.q.empty() && f(n, openParent) { 9912 return true 9913 } 9914 if n.kids == nil { 9915 return false 9916 } 9917 9918 // Don't consider the root "open" when updating openParent since 9919 // we can't send data frames on the root stream (only control frames). 9920 if n.id != 0 { 9921 openParent = openParent || (n.state == http2priorityNodeOpen) 9922 } 9923 9924 // Common case: only one kid or all kids have the same weight. 9925 // Some clients don't use weights; other clients (like web browsers) 9926 // use mostly-linear priority trees. 9927 w := n.kids.weight 9928 needSort := false 9929 for k := n.kids.next; k != nil; k = k.next { 9930 if k.weight != w { 9931 needSort = true 9932 break 9933 } 9934 } 9935 if !needSort { 9936 for k := n.kids; k != nil; k = k.next { 9937 if k.walkReadyInOrder(openParent, tmp, f) { 9938 return true 9939 } 9940 } 9941 return false 9942 } 9943 9944 // Uncommon case: sort the child nodes. We remove the kids from the parent, 9945 // then re-insert after sorting so we can reuse tmp for future sort calls. 9946 *tmp = (*tmp)[:0] 9947 for n.kids != nil { 9948 *tmp = append(*tmp, n.kids) 9949 n.kids.setParent(nil) 9950 } 9951 sort.Sort(http2sortPriorityNodeSiblings(*tmp)) 9952 for i := len(*tmp) - 1; i >= 0; i-- { 9953 (*tmp)[i].setParent(n) // setParent inserts at the head of n.kids 9954 } 9955 for k := n.kids; k != nil; k = k.next { 9956 if k.walkReadyInOrder(openParent, tmp, f) { 9957 return true 9958 } 9959 } 9960 return false 9961} 9962 9963type http2sortPriorityNodeSiblings []*http2priorityNode 9964 9965func (z http2sortPriorityNodeSiblings) Len() int { return len(z) } 9966 9967func (z http2sortPriorityNodeSiblings) Swap(i, k int) { z[i], z[k] = z[k], z[i] } 9968 9969func (z http2sortPriorityNodeSiblings) Less(i, k int) bool { 9970 // Prefer the subtree that has sent fewer bytes relative to its weight. 9971 // See sections 5.3.2 and 5.3.4. 9972 wi, bi := float64(z[i].weight+1), float64(z[i].subtreeBytes) 9973 wk, bk := float64(z[k].weight+1), float64(z[k].subtreeBytes) 9974 if bi == 0 && bk == 0 { 9975 return wi >= wk 9976 } 9977 if bk == 0 { 9978 return false 9979 } 9980 return bi/bk <= wi/wk 9981} 9982 9983type http2priorityWriteScheduler struct { 9984 // root is the root of the priority tree, where root.id = 0. 9985 // The root queues control frames that are not associated with any stream. 9986 root http2priorityNode 9987 9988 // nodes maps stream ids to priority tree nodes. 9989 nodes map[uint32]*http2priorityNode 9990 9991 // maxID is the maximum stream id in nodes. 9992 maxID uint32 9993 9994 // lists of nodes that have been closed or are idle, but are kept in 9995 // the tree for improved prioritization. When the lengths exceed either 9996 // maxClosedNodesInTree or maxIdleNodesInTree, old nodes are discarded. 9997 closedNodes, idleNodes []*http2priorityNode 9998 9999 // From the config. 10000 maxClosedNodesInTree int 10001 maxIdleNodesInTree int 10002 writeThrottleLimit int32 10003 enableWriteThrottle bool 10004 10005 // tmp is scratch space for priorityNode.walkReadyInOrder to reduce allocations. 10006 tmp []*http2priorityNode 10007 10008 // pool of empty queues for reuse. 10009 queuePool http2writeQueuePool 10010} 10011 10012func (ws *http2priorityWriteScheduler) OpenStream(streamID uint32, options http2OpenStreamOptions) { 10013 // The stream may be currently idle but cannot be opened or closed. 10014 if curr := ws.nodes[streamID]; curr != nil { 10015 if curr.state != http2priorityNodeIdle { 10016 panic(fmt.Sprintf("stream %d already opened", streamID)) 10017 } 10018 curr.state = http2priorityNodeOpen 10019 return 10020 } 10021 10022 // RFC 7540, Section 5.3.5: 10023 // "All streams are initially assigned a non-exclusive dependency on stream 0x0. 10024 // Pushed streams initially depend on their associated stream. In both cases, 10025 // streams are assigned a default weight of 16." 10026 parent := ws.nodes[options.PusherID] 10027 if parent == nil { 10028 parent = &ws.root 10029 } 10030 n := &http2priorityNode{ 10031 q: *ws.queuePool.get(), 10032 id: streamID, 10033 weight: http2priorityDefaultWeight, 10034 state: http2priorityNodeOpen, 10035 } 10036 n.setParent(parent) 10037 ws.nodes[streamID] = n 10038 if streamID > ws.maxID { 10039 ws.maxID = streamID 10040 } 10041} 10042 10043func (ws *http2priorityWriteScheduler) CloseStream(streamID uint32) { 10044 if streamID == 0 { 10045 panic("violation of WriteScheduler interface: cannot close stream 0") 10046 } 10047 if ws.nodes[streamID] == nil { 10048 panic(fmt.Sprintf("violation of WriteScheduler interface: unknown stream %d", streamID)) 10049 } 10050 if ws.nodes[streamID].state != http2priorityNodeOpen { 10051 panic(fmt.Sprintf("violation of WriteScheduler interface: stream %d already closed", streamID)) 10052 } 10053 10054 n := ws.nodes[streamID] 10055 n.state = http2priorityNodeClosed 10056 n.addBytes(-n.bytes) 10057 10058 q := n.q 10059 ws.queuePool.put(&q) 10060 n.q.s = nil 10061 if ws.maxClosedNodesInTree > 0 { 10062 ws.addClosedOrIdleNode(&ws.closedNodes, ws.maxClosedNodesInTree, n) 10063 } else { 10064 ws.removeNode(n) 10065 } 10066} 10067 10068func (ws *http2priorityWriteScheduler) AdjustStream(streamID uint32, priority http2PriorityParam) { 10069 if streamID == 0 { 10070 panic("adjustPriority on root") 10071 } 10072 10073 // If streamID does not exist, there are two cases: 10074 // - A closed stream that has been removed (this will have ID <= maxID) 10075 // - An idle stream that is being used for "grouping" (this will have ID > maxID) 10076 n := ws.nodes[streamID] 10077 if n == nil { 10078 if streamID <= ws.maxID || ws.maxIdleNodesInTree == 0 { 10079 return 10080 } 10081 ws.maxID = streamID 10082 n = &http2priorityNode{ 10083 q: *ws.queuePool.get(), 10084 id: streamID, 10085 weight: http2priorityDefaultWeight, 10086 state: http2priorityNodeIdle, 10087 } 10088 n.setParent(&ws.root) 10089 ws.nodes[streamID] = n 10090 ws.addClosedOrIdleNode(&ws.idleNodes, ws.maxIdleNodesInTree, n) 10091 } 10092 10093 // Section 5.3.1: A dependency on a stream that is not currently in the tree 10094 // results in that stream being given a default priority (Section 5.3.5). 10095 parent := ws.nodes[priority.StreamDep] 10096 if parent == nil { 10097 n.setParent(&ws.root) 10098 n.weight = http2priorityDefaultWeight 10099 return 10100 } 10101 10102 // Ignore if the client tries to make a node its own parent. 10103 if n == parent { 10104 return 10105 } 10106 10107 // Section 5.3.3: 10108 // "If a stream is made dependent on one of its own dependencies, the 10109 // formerly dependent stream is first moved to be dependent on the 10110 // reprioritized stream's previous parent. The moved dependency retains 10111 // its weight." 10112 // 10113 // That is: if parent depends on n, move parent to depend on n.parent. 10114 for x := parent.parent; x != nil; x = x.parent { 10115 if x == n { 10116 parent.setParent(n.parent) 10117 break 10118 } 10119 } 10120 10121 // Section 5.3.3: The exclusive flag causes the stream to become the sole 10122 // dependency of its parent stream, causing other dependencies to become 10123 // dependent on the exclusive stream. 10124 if priority.Exclusive { 10125 k := parent.kids 10126 for k != nil { 10127 next := k.next 10128 if k != n { 10129 k.setParent(n) 10130 } 10131 k = next 10132 } 10133 } 10134 10135 n.setParent(parent) 10136 n.weight = priority.Weight 10137} 10138 10139func (ws *http2priorityWriteScheduler) Push(wr http2FrameWriteRequest) { 10140 var n *http2priorityNode 10141 if id := wr.StreamID(); id == 0 { 10142 n = &ws.root 10143 } else { 10144 n = ws.nodes[id] 10145 if n == nil { 10146 // id is an idle or closed stream. wr should not be a HEADERS or 10147 // DATA frame. However, wr can be a RST_STREAM. In this case, we 10148 // push wr onto the root, rather than creating a new priorityNode, 10149 // since RST_STREAM is tiny and the stream's priority is unknown 10150 // anyway. See issue #17919. 10151 if wr.DataSize() > 0 { 10152 panic("add DATA on non-open stream") 10153 } 10154 n = &ws.root 10155 } 10156 } 10157 n.q.push(wr) 10158} 10159 10160func (ws *http2priorityWriteScheduler) Pop() (wr http2FrameWriteRequest, ok bool) { 10161 ws.root.walkReadyInOrder(false, &ws.tmp, func(n *http2priorityNode, openParent bool) bool { 10162 limit := int32(math.MaxInt32) 10163 if openParent { 10164 limit = ws.writeThrottleLimit 10165 } 10166 wr, ok = n.q.consume(limit) 10167 if !ok { 10168 return false 10169 } 10170 n.addBytes(int64(wr.DataSize())) 10171 // If B depends on A and B continuously has data available but A 10172 // does not, gradually increase the throttling limit to allow B to 10173 // steal more and more bandwidth from A. 10174 if openParent { 10175 ws.writeThrottleLimit += 1024 10176 if ws.writeThrottleLimit < 0 { 10177 ws.writeThrottleLimit = math.MaxInt32 10178 } 10179 } else if ws.enableWriteThrottle { 10180 ws.writeThrottleLimit = 1024 10181 } 10182 return true 10183 }) 10184 return wr, ok 10185} 10186 10187func (ws *http2priorityWriteScheduler) addClosedOrIdleNode(list *[]*http2priorityNode, maxSize int, n *http2priorityNode) { 10188 if maxSize == 0 { 10189 return 10190 } 10191 if len(*list) == maxSize { 10192 // Remove the oldest node, then shift left. 10193 ws.removeNode((*list)[0]) 10194 x := (*list)[1:] 10195 copy(*list, x) 10196 *list = (*list)[:len(x)] 10197 } 10198 *list = append(*list, n) 10199} 10200 10201func (ws *http2priorityWriteScheduler) removeNode(n *http2priorityNode) { 10202 for k := n.kids; k != nil; k = k.next { 10203 k.setParent(n.parent) 10204 } 10205 n.setParent(nil) 10206 delete(ws.nodes, n.id) 10207} 10208 10209// NewRandomWriteScheduler constructs a WriteScheduler that ignores HTTP/2 10210// priorities. Control frames like SETTINGS and PING are written before DATA 10211// frames, but if no control frames are queued and multiple streams have queued 10212// HEADERS or DATA frames, Pop selects a ready stream arbitrarily. 10213func http2NewRandomWriteScheduler() http2WriteScheduler { 10214 return &http2randomWriteScheduler{sq: make(map[uint32]*http2writeQueue)} 10215} 10216 10217type http2randomWriteScheduler struct { 10218 // zero are frames not associated with a specific stream. 10219 zero http2writeQueue 10220 10221 // sq contains the stream-specific queues, keyed by stream ID. 10222 // When a stream is idle, closed, or emptied, it's deleted 10223 // from the map. 10224 sq map[uint32]*http2writeQueue 10225 10226 // pool of empty queues for reuse. 10227 queuePool http2writeQueuePool 10228} 10229 10230func (ws *http2randomWriteScheduler) OpenStream(streamID uint32, options http2OpenStreamOptions) { 10231 // no-op: idle streams are not tracked 10232} 10233 10234func (ws *http2randomWriteScheduler) CloseStream(streamID uint32) { 10235 q, ok := ws.sq[streamID] 10236 if !ok { 10237 return 10238 } 10239 delete(ws.sq, streamID) 10240 ws.queuePool.put(q) 10241} 10242 10243func (ws *http2randomWriteScheduler) AdjustStream(streamID uint32, priority http2PriorityParam) { 10244 // no-op: priorities are ignored 10245} 10246 10247func (ws *http2randomWriteScheduler) Push(wr http2FrameWriteRequest) { 10248 id := wr.StreamID() 10249 if id == 0 { 10250 ws.zero.push(wr) 10251 return 10252 } 10253 q, ok := ws.sq[id] 10254 if !ok { 10255 q = ws.queuePool.get() 10256 ws.sq[id] = q 10257 } 10258 q.push(wr) 10259} 10260 10261func (ws *http2randomWriteScheduler) Pop() (http2FrameWriteRequest, bool) { 10262 // Control frames first. 10263 if !ws.zero.empty() { 10264 return ws.zero.shift(), true 10265 } 10266 // Iterate over all non-idle streams until finding one that can be consumed. 10267 for streamID, q := range ws.sq { 10268 if wr, ok := q.consume(math.MaxInt32); ok { 10269 if q.empty() { 10270 delete(ws.sq, streamID) 10271 ws.queuePool.put(q) 10272 } 10273 return wr, true 10274 } 10275 } 10276 return http2FrameWriteRequest{}, false 10277} 10278