1 // Code generated by golang.org/x/tools/cmd/bundle. DO NOT EDIT. 2 //go:generate bundle -o h2_bundle.go -prefix http2 -underscore golang.org/x/net/http2 3 4 // Package http2 implements the HTTP/2 protocol. 5 // 6 // This package is low-level and intended to be used directly by very 7 // few people. Most users will use it indirectly through the automatic 8 // use by the net/http package (from Go 1.6 and later). 9 // For use in earlier Go versions see ConfigureServer. (Transport support 10 // requires Go 1.6 or later) 11 // 12 // See https://http2.github.io/ for more information on HTTP/2. 13 // 14 // See https://http2.golang.org/ for a test server running this code. 15 // 16 17 package http 18 19 import ( 20 "bufio" 21 "bytes" 22 "compress/gzip" 23 "context" 24 "crypto/rand" 25 "crypto/tls" 26 "encoding/binary" 27 "errors" 28 "fmt" 29 "io" 30 "io/ioutil" 31 "log" 32 "math" 33 mathrand "math/rand" 34 "net" 35 "net/http/httptrace" 36 "net/textproto" 37 "net/url" 38 "os" 39 "reflect" 40 "runtime" 41 "sort" 42 "strconv" 43 "strings" 44 "sync" 45 "time" 46 47 "golang_org/x/net/http2/hpack" 48 "golang_org/x/net/idna" 49 "golang_org/x/net/lex/httplex" 50 ) 51 52 // A list of the possible cipher suite ids. Taken from 53 // http://www.iana.org/assignments/tls-parameters/tls-parameters.txt 54 55 const ( 56 http2cipher_TLS_NULL_WITH_NULL_NULL uint16 = 0x0000 57 http2cipher_TLS_RSA_WITH_NULL_MD5 uint16 = 0x0001 58 http2cipher_TLS_RSA_WITH_NULL_SHA uint16 = 0x0002 59 http2cipher_TLS_RSA_EXPORT_WITH_RC4_40_MD5 uint16 = 0x0003 60 http2cipher_TLS_RSA_WITH_RC4_128_MD5 uint16 = 0x0004 61 http2cipher_TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005 62 http2cipher_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 uint16 = 0x0006 63 http2cipher_TLS_RSA_WITH_IDEA_CBC_SHA uint16 = 0x0007 64 http2cipher_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0008 65 http2cipher_TLS_RSA_WITH_DES_CBC_SHA uint16 = 0x0009 66 http2cipher_TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000A 67 http2cipher_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x000B 68 http2cipher_TLS_DH_DSS_WITH_DES_CBC_SHA uint16 = 0x000C 69 http2cipher_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0x000D 70 http2cipher_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x000E 71 http2cipher_TLS_DH_RSA_WITH_DES_CBC_SHA uint16 = 0x000F 72 http2cipher_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x0010 73 http2cipher_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0011 74 http2cipher_TLS_DHE_DSS_WITH_DES_CBC_SHA uint16 = 0x0012 75 http2cipher_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0x0013 76 http2cipher_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0014 77 http2cipher_TLS_DHE_RSA_WITH_DES_CBC_SHA uint16 = 0x0015 78 http2cipher_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x0016 79 http2cipher_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 uint16 = 0x0017 80 http2cipher_TLS_DH_anon_WITH_RC4_128_MD5 uint16 = 0x0018 81 http2cipher_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0019 82 http2cipher_TLS_DH_anon_WITH_DES_CBC_SHA uint16 = 0x001A 83 http2cipher_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA uint16 = 0x001B 84 // Reserved uint16 = 0x001C-1D 85 http2cipher_TLS_KRB5_WITH_DES_CBC_SHA uint16 = 0x001E 86 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_SHA uint16 = 0x001F 87 http2cipher_TLS_KRB5_WITH_RC4_128_SHA uint16 = 0x0020 88 http2cipher_TLS_KRB5_WITH_IDEA_CBC_SHA uint16 = 0x0021 89 http2cipher_TLS_KRB5_WITH_DES_CBC_MD5 uint16 = 0x0022 90 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_MD5 uint16 = 0x0023 91 http2cipher_TLS_KRB5_WITH_RC4_128_MD5 uint16 = 0x0024 92 http2cipher_TLS_KRB5_WITH_IDEA_CBC_MD5 uint16 = 0x0025 93 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA uint16 = 0x0026 94 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA uint16 = 0x0027 95 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_SHA uint16 = 0x0028 96 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 uint16 = 0x0029 97 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 uint16 = 0x002A 98 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_MD5 uint16 = 0x002B 99 http2cipher_TLS_PSK_WITH_NULL_SHA uint16 = 0x002C 100 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA uint16 = 0x002D 101 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA uint16 = 0x002E 102 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002F 103 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA uint16 = 0x0030 104 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA uint16 = 0x0031 105 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA uint16 = 0x0032 106 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0x0033 107 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA uint16 = 0x0034 108 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035 109 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA uint16 = 0x0036 110 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0037 111 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA uint16 = 0x0038 112 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0039 113 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA uint16 = 0x003A 114 http2cipher_TLS_RSA_WITH_NULL_SHA256 uint16 = 0x003B 115 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003C 116 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x003D 117 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA256 uint16 = 0x003E 118 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003F 119 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 uint16 = 0x0040 120 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0041 121 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0042 122 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0043 123 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0044 124 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0045 125 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0046 126 // Reserved uint16 = 0x0047-4F 127 // Reserved uint16 = 0x0050-58 128 // Reserved uint16 = 0x0059-5C 129 // Unassigned uint16 = 0x005D-5F 130 // Reserved uint16 = 0x0060-66 131 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x0067 132 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA256 uint16 = 0x0068 133 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x0069 134 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 uint16 = 0x006A 135 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x006B 136 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA256 uint16 = 0x006C 137 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA256 uint16 = 0x006D 138 // Unassigned uint16 = 0x006E-83 139 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0084 140 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0085 141 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0086 142 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0087 143 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0088 144 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0089 145 http2cipher_TLS_PSK_WITH_RC4_128_SHA uint16 = 0x008A 146 http2cipher_TLS_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x008B 147 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA uint16 = 0x008C 148 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA uint16 = 0x008D 149 http2cipher_TLS_DHE_PSK_WITH_RC4_128_SHA uint16 = 0x008E 150 http2cipher_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x008F 151 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA uint16 = 0x0090 152 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA uint16 = 0x0091 153 http2cipher_TLS_RSA_PSK_WITH_RC4_128_SHA uint16 = 0x0092 154 http2cipher_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x0093 155 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA uint16 = 0x0094 156 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA uint16 = 0x0095 157 http2cipher_TLS_RSA_WITH_SEED_CBC_SHA uint16 = 0x0096 158 http2cipher_TLS_DH_DSS_WITH_SEED_CBC_SHA uint16 = 0x0097 159 http2cipher_TLS_DH_RSA_WITH_SEED_CBC_SHA uint16 = 0x0098 160 http2cipher_TLS_DHE_DSS_WITH_SEED_CBC_SHA uint16 = 0x0099 161 http2cipher_TLS_DHE_RSA_WITH_SEED_CBC_SHA uint16 = 0x009A 162 http2cipher_TLS_DH_anon_WITH_SEED_CBC_SHA uint16 = 0x009B 163 http2cipher_TLS_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009C 164 http2cipher_TLS_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009D 165 http2cipher_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009E 166 http2cipher_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009F 167 http2cipher_TLS_DH_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x00A0 168 http2cipher_TLS_DH_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x00A1 169 http2cipher_TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 uint16 = 0x00A2 170 http2cipher_TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 uint16 = 0x00A3 171 http2cipher_TLS_DH_DSS_WITH_AES_128_GCM_SHA256 uint16 = 0x00A4 172 http2cipher_TLS_DH_DSS_WITH_AES_256_GCM_SHA384 uint16 = 0x00A5 173 http2cipher_TLS_DH_anon_WITH_AES_128_GCM_SHA256 uint16 = 0x00A6 174 http2cipher_TLS_DH_anon_WITH_AES_256_GCM_SHA384 uint16 = 0x00A7 175 http2cipher_TLS_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00A8 176 http2cipher_TLS_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00A9 177 http2cipher_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00AA 178 http2cipher_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00AB 179 http2cipher_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00AC 180 http2cipher_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00AD 181 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00AE 182 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00AF 183 http2cipher_TLS_PSK_WITH_NULL_SHA256 uint16 = 0x00B0 184 http2cipher_TLS_PSK_WITH_NULL_SHA384 uint16 = 0x00B1 185 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00B2 186 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00B3 187 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA256 uint16 = 0x00B4 188 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA384 uint16 = 0x00B5 189 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00B6 190 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00B7 191 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA256 uint16 = 0x00B8 192 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA384 uint16 = 0x00B9 193 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BA 194 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BB 195 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BC 196 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BD 197 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BE 198 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BF 199 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C0 200 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C1 201 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C2 202 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C3 203 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C4 204 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C5 205 // Unassigned uint16 = 0x00C6-FE 206 http2cipher_TLS_EMPTY_RENEGOTIATION_INFO_SCSV uint16 = 0x00FF 207 // Unassigned uint16 = 0x01-55,* 208 http2cipher_TLS_FALLBACK_SCSV uint16 = 0x5600 209 // Unassigned uint16 = 0x5601 - 0xC000 210 http2cipher_TLS_ECDH_ECDSA_WITH_NULL_SHA uint16 = 0xC001 211 http2cipher_TLS_ECDH_ECDSA_WITH_RC4_128_SHA uint16 = 0xC002 212 http2cipher_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC003 213 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xC004 214 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xC005 215 http2cipher_TLS_ECDHE_ECDSA_WITH_NULL_SHA uint16 = 0xC006 216 http2cipher_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xC007 217 http2cipher_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC008 218 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xC009 219 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xC00A 220 http2cipher_TLS_ECDH_RSA_WITH_NULL_SHA uint16 = 0xC00B 221 http2cipher_TLS_ECDH_RSA_WITH_RC4_128_SHA uint16 = 0xC00C 222 http2cipher_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC00D 223 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC00E 224 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC00F 225 http2cipher_TLS_ECDHE_RSA_WITH_NULL_SHA uint16 = 0xC010 226 http2cipher_TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xC011 227 http2cipher_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC012 228 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC013 229 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC014 230 http2cipher_TLS_ECDH_anon_WITH_NULL_SHA uint16 = 0xC015 231 http2cipher_TLS_ECDH_anon_WITH_RC4_128_SHA uint16 = 0xC016 232 http2cipher_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA uint16 = 0xC017 233 http2cipher_TLS_ECDH_anon_WITH_AES_128_CBC_SHA uint16 = 0xC018 234 http2cipher_TLS_ECDH_anon_WITH_AES_256_CBC_SHA uint16 = 0xC019 235 http2cipher_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01A 236 http2cipher_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01B 237 http2cipher_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01C 238 http2cipher_TLS_SRP_SHA_WITH_AES_128_CBC_SHA uint16 = 0xC01D 239 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC01E 240 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA uint16 = 0xC01F 241 http2cipher_TLS_SRP_SHA_WITH_AES_256_CBC_SHA uint16 = 0xC020 242 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC021 243 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA uint16 = 0xC022 244 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC023 245 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC024 246 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC025 247 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC026 248 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC027 249 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC028 250 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC029 251 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC02A 252 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02B 253 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC02C 254 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02D 255 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC02E 256 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02F 257 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC030 258 http2cipher_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC031 259 http2cipher_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC032 260 http2cipher_TLS_ECDHE_PSK_WITH_RC4_128_SHA uint16 = 0xC033 261 http2cipher_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0xC034 262 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA uint16 = 0xC035 263 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA uint16 = 0xC036 264 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0xC037 265 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0xC038 266 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA uint16 = 0xC039 267 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA256 uint16 = 0xC03A 268 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA384 uint16 = 0xC03B 269 http2cipher_TLS_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC03C 270 http2cipher_TLS_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC03D 271 http2cipher_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC03E 272 http2cipher_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC03F 273 http2cipher_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC040 274 http2cipher_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC041 275 http2cipher_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC042 276 http2cipher_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC043 277 http2cipher_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC044 278 http2cipher_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC045 279 http2cipher_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC046 280 http2cipher_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC047 281 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC048 282 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC049 283 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04A 284 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04B 285 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04C 286 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04D 287 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04E 288 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04F 289 http2cipher_TLS_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC050 290 http2cipher_TLS_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC051 291 http2cipher_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC052 292 http2cipher_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC053 293 http2cipher_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC054 294 http2cipher_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC055 295 http2cipher_TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC056 296 http2cipher_TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC057 297 http2cipher_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC058 298 http2cipher_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC059 299 http2cipher_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05A 300 http2cipher_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05B 301 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05C 302 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05D 303 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05E 304 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05F 305 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC060 306 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC061 307 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC062 308 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC063 309 http2cipher_TLS_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC064 310 http2cipher_TLS_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC065 311 http2cipher_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC066 312 http2cipher_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC067 313 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC068 314 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC069 315 http2cipher_TLS_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06A 316 http2cipher_TLS_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06B 317 http2cipher_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06C 318 http2cipher_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06D 319 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06E 320 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06F 321 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC070 322 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC071 323 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC072 324 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC073 325 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC074 326 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC075 327 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC076 328 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC077 329 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC078 330 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC079 331 http2cipher_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07A 332 http2cipher_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07B 333 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07C 334 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07D 335 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07E 336 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07F 337 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC080 338 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC081 339 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC082 340 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC083 341 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC084 342 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC085 343 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC086 344 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC087 345 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC088 346 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC089 347 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08A 348 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08B 349 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08C 350 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08D 351 http2cipher_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08E 352 http2cipher_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08F 353 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC090 354 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC091 355 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC092 356 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC093 357 http2cipher_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC094 358 http2cipher_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC095 359 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC096 360 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC097 361 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC098 362 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC099 363 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC09A 364 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC09B 365 http2cipher_TLS_RSA_WITH_AES_128_CCM uint16 = 0xC09C 366 http2cipher_TLS_RSA_WITH_AES_256_CCM uint16 = 0xC09D 367 http2cipher_TLS_DHE_RSA_WITH_AES_128_CCM uint16 = 0xC09E 368 http2cipher_TLS_DHE_RSA_WITH_AES_256_CCM uint16 = 0xC09F 369 http2cipher_TLS_RSA_WITH_AES_128_CCM_8 uint16 = 0xC0A0 370 http2cipher_TLS_RSA_WITH_AES_256_CCM_8 uint16 = 0xC0A1 371 http2cipher_TLS_DHE_RSA_WITH_AES_128_CCM_8 uint16 = 0xC0A2 372 http2cipher_TLS_DHE_RSA_WITH_AES_256_CCM_8 uint16 = 0xC0A3 373 http2cipher_TLS_PSK_WITH_AES_128_CCM uint16 = 0xC0A4 374 http2cipher_TLS_PSK_WITH_AES_256_CCM uint16 = 0xC0A5 375 http2cipher_TLS_DHE_PSK_WITH_AES_128_CCM uint16 = 0xC0A6 376 http2cipher_TLS_DHE_PSK_WITH_AES_256_CCM uint16 = 0xC0A7 377 http2cipher_TLS_PSK_WITH_AES_128_CCM_8 uint16 = 0xC0A8 378 http2cipher_TLS_PSK_WITH_AES_256_CCM_8 uint16 = 0xC0A9 379 http2cipher_TLS_PSK_DHE_WITH_AES_128_CCM_8 uint16 = 0xC0AA 380 http2cipher_TLS_PSK_DHE_WITH_AES_256_CCM_8 uint16 = 0xC0AB 381 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CCM uint16 = 0xC0AC 382 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CCM uint16 = 0xC0AD 383 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 uint16 = 0xC0AE 384 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 uint16 = 0xC0AF 385 // Unassigned uint16 = 0xC0B0-FF 386 // Unassigned uint16 = 0xC1-CB,* 387 // Unassigned uint16 = 0xCC00-A7 388 http2cipher_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCA8 389 http2cipher_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCA9 390 http2cipher_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAA 391 http2cipher_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAB 392 http2cipher_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAC 393 http2cipher_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAD 394 http2cipher_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAE 395 ) 396 397 // isBadCipher reports whether the cipher is blacklisted by the HTTP/2 spec. 398 // References: 399 // https://tools.ietf.org/html/rfc7540#appendix-A 400 // Reject cipher suites from Appendix A. 401 // "This list includes those cipher suites that do not 402 // offer an ephemeral key exchange and those that are 403 // based on the TLS null, stream or block cipher type" 404 func http2isBadCipher(cipher uint16) bool { 405 switch cipher { 406 case http2cipher_TLS_NULL_WITH_NULL_NULL, 407 http2cipher_TLS_RSA_WITH_NULL_MD5, 408 http2cipher_TLS_RSA_WITH_NULL_SHA, 409 http2cipher_TLS_RSA_EXPORT_WITH_RC4_40_MD5, 410 http2cipher_TLS_RSA_WITH_RC4_128_MD5, 411 http2cipher_TLS_RSA_WITH_RC4_128_SHA, 412 http2cipher_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, 413 http2cipher_TLS_RSA_WITH_IDEA_CBC_SHA, 414 http2cipher_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, 415 http2cipher_TLS_RSA_WITH_DES_CBC_SHA, 416 http2cipher_TLS_RSA_WITH_3DES_EDE_CBC_SHA, 417 http2cipher_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, 418 http2cipher_TLS_DH_DSS_WITH_DES_CBC_SHA, 419 http2cipher_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, 420 http2cipher_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, 421 http2cipher_TLS_DH_RSA_WITH_DES_CBC_SHA, 422 http2cipher_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, 423 http2cipher_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, 424 http2cipher_TLS_DHE_DSS_WITH_DES_CBC_SHA, 425 http2cipher_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 426 http2cipher_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, 427 http2cipher_TLS_DHE_RSA_WITH_DES_CBC_SHA, 428 http2cipher_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 429 http2cipher_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5, 430 http2cipher_TLS_DH_anon_WITH_RC4_128_MD5, 431 http2cipher_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, 432 http2cipher_TLS_DH_anon_WITH_DES_CBC_SHA, 433 http2cipher_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, 434 http2cipher_TLS_KRB5_WITH_DES_CBC_SHA, 435 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_SHA, 436 http2cipher_TLS_KRB5_WITH_RC4_128_SHA, 437 http2cipher_TLS_KRB5_WITH_IDEA_CBC_SHA, 438 http2cipher_TLS_KRB5_WITH_DES_CBC_MD5, 439 http2cipher_TLS_KRB5_WITH_3DES_EDE_CBC_MD5, 440 http2cipher_TLS_KRB5_WITH_RC4_128_MD5, 441 http2cipher_TLS_KRB5_WITH_IDEA_CBC_MD5, 442 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, 443 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, 444 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_SHA, 445 http2cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, 446 http2cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, 447 http2cipher_TLS_KRB5_EXPORT_WITH_RC4_40_MD5, 448 http2cipher_TLS_PSK_WITH_NULL_SHA, 449 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA, 450 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA, 451 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA, 452 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA, 453 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA, 454 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 455 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 456 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA, 457 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA, 458 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA, 459 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA, 460 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 461 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 462 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA, 463 http2cipher_TLS_RSA_WITH_NULL_SHA256, 464 http2cipher_TLS_RSA_WITH_AES_128_CBC_SHA256, 465 http2cipher_TLS_RSA_WITH_AES_256_CBC_SHA256, 466 http2cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA256, 467 http2cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA256, 468 http2cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 469 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, 470 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 471 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 472 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 473 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 474 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA, 475 http2cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 476 http2cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA256, 477 http2cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA256, 478 http2cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 479 http2cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 480 http2cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA256, 481 http2cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA256, 482 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, 483 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 484 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 485 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 486 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 487 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA, 488 http2cipher_TLS_PSK_WITH_RC4_128_SHA, 489 http2cipher_TLS_PSK_WITH_3DES_EDE_CBC_SHA, 490 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA, 491 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA, 492 http2cipher_TLS_DHE_PSK_WITH_RC4_128_SHA, 493 http2cipher_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, 494 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, 495 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, 496 http2cipher_TLS_RSA_PSK_WITH_RC4_128_SHA, 497 http2cipher_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, 498 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, 499 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, 500 http2cipher_TLS_RSA_WITH_SEED_CBC_SHA, 501 http2cipher_TLS_DH_DSS_WITH_SEED_CBC_SHA, 502 http2cipher_TLS_DH_RSA_WITH_SEED_CBC_SHA, 503 http2cipher_TLS_DHE_DSS_WITH_SEED_CBC_SHA, 504 http2cipher_TLS_DHE_RSA_WITH_SEED_CBC_SHA, 505 http2cipher_TLS_DH_anon_WITH_SEED_CBC_SHA, 506 http2cipher_TLS_RSA_WITH_AES_128_GCM_SHA256, 507 http2cipher_TLS_RSA_WITH_AES_256_GCM_SHA384, 508 http2cipher_TLS_DH_RSA_WITH_AES_128_GCM_SHA256, 509 http2cipher_TLS_DH_RSA_WITH_AES_256_GCM_SHA384, 510 http2cipher_TLS_DH_DSS_WITH_AES_128_GCM_SHA256, 511 http2cipher_TLS_DH_DSS_WITH_AES_256_GCM_SHA384, 512 http2cipher_TLS_DH_anon_WITH_AES_128_GCM_SHA256, 513 http2cipher_TLS_DH_anon_WITH_AES_256_GCM_SHA384, 514 http2cipher_TLS_PSK_WITH_AES_128_GCM_SHA256, 515 http2cipher_TLS_PSK_WITH_AES_256_GCM_SHA384, 516 http2cipher_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, 517 http2cipher_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, 518 http2cipher_TLS_PSK_WITH_AES_128_CBC_SHA256, 519 http2cipher_TLS_PSK_WITH_AES_256_CBC_SHA384, 520 http2cipher_TLS_PSK_WITH_NULL_SHA256, 521 http2cipher_TLS_PSK_WITH_NULL_SHA384, 522 http2cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, 523 http2cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, 524 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA256, 525 http2cipher_TLS_DHE_PSK_WITH_NULL_SHA384, 526 http2cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, 527 http2cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, 528 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA256, 529 http2cipher_TLS_RSA_PSK_WITH_NULL_SHA384, 530 http2cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, 531 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256, 532 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 533 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, 534 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 535 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256, 536 http2cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, 537 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256, 538 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256, 539 http2cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, 540 http2cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 541 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256, 542 http2cipher_TLS_EMPTY_RENEGOTIATION_INFO_SCSV, 543 http2cipher_TLS_ECDH_ECDSA_WITH_NULL_SHA, 544 http2cipher_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 545 http2cipher_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 546 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 547 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 548 http2cipher_TLS_ECDHE_ECDSA_WITH_NULL_SHA, 549 http2cipher_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 550 http2cipher_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 551 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 552 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 553 http2cipher_TLS_ECDH_RSA_WITH_NULL_SHA, 554 http2cipher_TLS_ECDH_RSA_WITH_RC4_128_SHA, 555 http2cipher_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 556 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 557 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 558 http2cipher_TLS_ECDHE_RSA_WITH_NULL_SHA, 559 http2cipher_TLS_ECDHE_RSA_WITH_RC4_128_SHA, 560 http2cipher_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 561 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 562 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 563 http2cipher_TLS_ECDH_anon_WITH_NULL_SHA, 564 http2cipher_TLS_ECDH_anon_WITH_RC4_128_SHA, 565 http2cipher_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, 566 http2cipher_TLS_ECDH_anon_WITH_AES_128_CBC_SHA, 567 http2cipher_TLS_ECDH_anon_WITH_AES_256_CBC_SHA, 568 http2cipher_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 569 http2cipher_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 570 http2cipher_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 571 http2cipher_TLS_SRP_SHA_WITH_AES_128_CBC_SHA, 572 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 573 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 574 http2cipher_TLS_SRP_SHA_WITH_AES_256_CBC_SHA, 575 http2cipher_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 576 http2cipher_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 577 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 578 http2cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 579 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, 580 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, 581 http2cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 582 http2cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 583 http2cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 584 http2cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 585 http2cipher_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 586 http2cipher_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 587 http2cipher_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, 588 http2cipher_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, 589 http2cipher_TLS_ECDHE_PSK_WITH_RC4_128_SHA, 590 http2cipher_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, 591 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, 592 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, 593 http2cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 594 http2cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, 595 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA, 596 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA256, 597 http2cipher_TLS_ECDHE_PSK_WITH_NULL_SHA384, 598 http2cipher_TLS_RSA_WITH_ARIA_128_CBC_SHA256, 599 http2cipher_TLS_RSA_WITH_ARIA_256_CBC_SHA384, 600 http2cipher_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256, 601 http2cipher_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384, 602 http2cipher_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256, 603 http2cipher_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384, 604 http2cipher_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256, 605 http2cipher_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384, 606 http2cipher_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, 607 http2cipher_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, 608 http2cipher_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256, 609 http2cipher_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384, 610 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, 611 http2cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, 612 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, 613 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, 614 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, 615 http2cipher_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, 616 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, 617 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, 618 http2cipher_TLS_RSA_WITH_ARIA_128_GCM_SHA256, 619 http2cipher_TLS_RSA_WITH_ARIA_256_GCM_SHA384, 620 http2cipher_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256, 621 http2cipher_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384, 622 http2cipher_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256, 623 http2cipher_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384, 624 http2cipher_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256, 625 http2cipher_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384, 626 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, 627 http2cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, 628 http2cipher_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, 629 http2cipher_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, 630 http2cipher_TLS_PSK_WITH_ARIA_128_CBC_SHA256, 631 http2cipher_TLS_PSK_WITH_ARIA_256_CBC_SHA384, 632 http2cipher_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, 633 http2cipher_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, 634 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, 635 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, 636 http2cipher_TLS_PSK_WITH_ARIA_128_GCM_SHA256, 637 http2cipher_TLS_PSK_WITH_ARIA_256_GCM_SHA384, 638 http2cipher_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, 639 http2cipher_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, 640 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, 641 http2cipher_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, 642 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 643 http2cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 644 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 645 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 646 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 647 http2cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, 648 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 649 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, 650 http2cipher_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, 651 http2cipher_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, 652 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 653 http2cipher_TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 654 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256, 655 http2cipher_TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384, 656 http2cipher_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256, 657 http2cipher_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384, 658 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 659 http2cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 660 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 661 http2cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 662 http2cipher_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, 663 http2cipher_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, 664 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, 665 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, 666 http2cipher_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, 667 http2cipher_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, 668 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 669 http2cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 670 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, 671 http2cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, 672 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 673 http2cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 674 http2cipher_TLS_RSA_WITH_AES_128_CCM, 675 http2cipher_TLS_RSA_WITH_AES_256_CCM, 676 http2cipher_TLS_RSA_WITH_AES_128_CCM_8, 677 http2cipher_TLS_RSA_WITH_AES_256_CCM_8, 678 http2cipher_TLS_PSK_WITH_AES_128_CCM, 679 http2cipher_TLS_PSK_WITH_AES_256_CCM, 680 http2cipher_TLS_PSK_WITH_AES_128_CCM_8, 681 http2cipher_TLS_PSK_WITH_AES_256_CCM_8: 682 return true 683 default: 684 return false 685 } 686 } 687 688 // ClientConnPool manages a pool of HTTP/2 client connections. 689 type http2ClientConnPool interface { 690 GetClientConn(req *Request, addr string) (*http2ClientConn, error) 691 MarkDead(*http2ClientConn) 692 } 693 694 // clientConnPoolIdleCloser is the interface implemented by ClientConnPool 695 // implementations which can close their idle connections. 696 type http2clientConnPoolIdleCloser interface { 697 http2ClientConnPool 698 closeIdleConnections() 699 } 700 701 var ( 702 _ http2clientConnPoolIdleCloser = (*http2clientConnPool)(nil) 703 _ http2clientConnPoolIdleCloser = http2noDialClientConnPool{} 704 ) 705 706 // TODO: use singleflight for dialing and addConnCalls? 707 type http2clientConnPool struct { 708 t *http2Transport 709 710 mu sync.Mutex // TODO: maybe switch to RWMutex 711 // TODO: add support for sharing conns based on cert names 712 // (e.g. share conn for googleapis.com and appspot.com) 713 conns map[string][]*http2ClientConn // key is host:port 714 dialing map[string]*http2dialCall // currently in-flight dials 715 keys map[*http2ClientConn][]string 716 addConnCalls map[string]*http2addConnCall // in-flight addConnIfNeede calls 717 } 718 719 func (p *http2clientConnPool) GetClientConn(req *Request, addr string) (*http2ClientConn, error) { 720 return p.getClientConn(req, addr, http2dialOnMiss) 721 } 722 723 const ( 724 http2dialOnMiss = true 725 http2noDialOnMiss = false 726 ) 727 728 func (p *http2clientConnPool) getClientConn(req *Request, addr string, dialOnMiss bool) (*http2ClientConn, error) { 729 if http2isConnectionCloseRequest(req) && dialOnMiss { 730 // It gets its own connection. 731 const singleUse = true 732 cc, err := p.t.dialClientConn(addr, singleUse) 733 if err != nil { 734 return nil, err 735 } 736 return cc, nil 737 } 738 p.mu.Lock() 739 for _, cc := range p.conns[addr] { 740 if cc.CanTakeNewRequest() { 741 p.mu.Unlock() 742 return cc, nil 743 } 744 } 745 if !dialOnMiss { 746 p.mu.Unlock() 747 return nil, http2ErrNoCachedConn 748 } 749 call := p.getStartDialLocked(addr) 750 p.mu.Unlock() 751 <-call.done 752 return call.res, call.err 753 } 754 755 // dialCall is an in-flight Transport dial call to a host. 756 type http2dialCall struct { 757 p *http2clientConnPool 758 done chan struct{} // closed when done 759 res *http2ClientConn // valid after done is closed 760 err error // valid after done is closed 761 } 762 763 // requires p.mu is held. 764 func (p *http2clientConnPool) getStartDialLocked(addr string) *http2dialCall { 765 if call, ok := p.dialing[addr]; ok { 766 // A dial is already in-flight. Don't start another. 767 return call 768 } 769 call := &http2dialCall{p: p, done: make(chan struct{})} 770 if p.dialing == nil { 771 p.dialing = make(map[string]*http2dialCall) 772 } 773 p.dialing[addr] = call 774 go call.dial(addr) 775 return call 776 } 777 778 // run in its own goroutine. 779 func (c *http2dialCall) dial(addr string) { 780 const singleUse = false // shared conn 781 c.res, c.err = c.p.t.dialClientConn(addr, singleUse) 782 close(c.done) 783 784 c.p.mu.Lock() 785 delete(c.p.dialing, addr) 786 if c.err == nil { 787 c.p.addConnLocked(addr, c.res) 788 } 789 c.p.mu.Unlock() 790 } 791 792 // addConnIfNeeded makes a NewClientConn out of c if a connection for key doesn't 793 // already exist. It coalesces concurrent calls with the same key. 794 // This is used by the http1 Transport code when it creates a new connection. Because 795 // the http1 Transport doesn't de-dup TCP dials to outbound hosts (because it doesn't know 796 // the protocol), it can get into a situation where it has multiple TLS connections. 797 // This code decides which ones live or die. 798 // The return value used is whether c was used. 799 // c is never closed. 800 func (p *http2clientConnPool) addConnIfNeeded(key string, t *http2Transport, c *tls.Conn) (used bool, err error) { 801 p.mu.Lock() 802 for _, cc := range p.conns[key] { 803 if cc.CanTakeNewRequest() { 804 p.mu.Unlock() 805 return false, nil 806 } 807 } 808 call, dup := p.addConnCalls[key] 809 if !dup { 810 if p.addConnCalls == nil { 811 p.addConnCalls = make(map[string]*http2addConnCall) 812 } 813 call = &http2addConnCall{ 814 p: p, 815 done: make(chan struct{}), 816 } 817 p.addConnCalls[key] = call 818 go call.run(t, key, c) 819 } 820 p.mu.Unlock() 821 822 <-call.done 823 if call.err != nil { 824 return false, call.err 825 } 826 return !dup, nil 827 } 828 829 type http2addConnCall struct { 830 p *http2clientConnPool 831 done chan struct{} // closed when done 832 err error 833 } 834 835 func (c *http2addConnCall) run(t *http2Transport, key string, tc *tls.Conn) { 836 cc, err := t.NewClientConn(tc) 837 838 p := c.p 839 p.mu.Lock() 840 if err != nil { 841 c.err = err 842 } else { 843 p.addConnLocked(key, cc) 844 } 845 delete(p.addConnCalls, key) 846 p.mu.Unlock() 847 close(c.done) 848 } 849 850 func (p *http2clientConnPool) addConn(key string, cc *http2ClientConn) { 851 p.mu.Lock() 852 p.addConnLocked(key, cc) 853 p.mu.Unlock() 854 } 855 856 // p.mu must be held 857 func (p *http2clientConnPool) addConnLocked(key string, cc *http2ClientConn) { 858 for _, v := range p.conns[key] { 859 if v == cc { 860 return 861 } 862 } 863 if p.conns == nil { 864 p.conns = make(map[string][]*http2ClientConn) 865 } 866 if p.keys == nil { 867 p.keys = make(map[*http2ClientConn][]string) 868 } 869 p.conns[key] = append(p.conns[key], cc) 870 p.keys[cc] = append(p.keys[cc], key) 871 } 872 873 func (p *http2clientConnPool) MarkDead(cc *http2ClientConn) { 874 p.mu.Lock() 875 defer p.mu.Unlock() 876 for _, key := range p.keys[cc] { 877 vv, ok := p.conns[key] 878 if !ok { 879 continue 880 } 881 newList := http2filterOutClientConn(vv, cc) 882 if len(newList) > 0 { 883 p.conns[key] = newList 884 } else { 885 delete(p.conns, key) 886 } 887 } 888 delete(p.keys, cc) 889 } 890 891 func (p *http2clientConnPool) closeIdleConnections() { 892 p.mu.Lock() 893 defer p.mu.Unlock() 894 // TODO: don't close a cc if it was just added to the pool 895 // milliseconds ago and has never been used. There's currently 896 // a small race window with the HTTP/1 Transport's integration 897 // where it can add an idle conn just before using it, and 898 // somebody else can concurrently call CloseIdleConns and 899 // break some caller's RoundTrip. 900 for _, vv := range p.conns { 901 for _, cc := range vv { 902 cc.closeIfIdle() 903 } 904 } 905 } 906 907 func http2filterOutClientConn(in []*http2ClientConn, exclude *http2ClientConn) []*http2ClientConn { 908 out := in[:0] 909 for _, v := range in { 910 if v != exclude { 911 out = append(out, v) 912 } 913 } 914 // If we filtered it out, zero out the last item to prevent 915 // the GC from seeing it. 916 if len(in) != len(out) { 917 in[len(in)-1] = nil 918 } 919 return out 920 } 921 922 // noDialClientConnPool is an implementation of http2.ClientConnPool 923 // which never dials. We let the HTTP/1.1 client dial and use its TLS 924 // connection instead. 925 type http2noDialClientConnPool struct{ *http2clientConnPool } 926 927 func (p http2noDialClientConnPool) GetClientConn(req *Request, addr string) (*http2ClientConn, error) { 928 return p.getClientConn(req, addr, http2noDialOnMiss) 929 } 930 931 func http2configureTransport(t1 *Transport) (*http2Transport, error) { 932 connPool := new(http2clientConnPool) 933 t2 := &http2Transport{ 934 ConnPool: http2noDialClientConnPool{connPool}, 935 t1: t1, 936 } 937 connPool.t = t2 938 if err := http2registerHTTPSProtocol(t1, http2noDialH2RoundTripper{t2}); err != nil { 939 return nil, err 940 } 941 if t1.TLSClientConfig == nil { 942 t1.TLSClientConfig = new(tls.Config) 943 } 944 if !http2strSliceContains(t1.TLSClientConfig.NextProtos, "h2") { 945 t1.TLSClientConfig.NextProtos = append([]string{"h2"}, t1.TLSClientConfig.NextProtos...) 946 } 947 if !http2strSliceContains(t1.TLSClientConfig.NextProtos, "http/1.1") { 948 t1.TLSClientConfig.NextProtos = append(t1.TLSClientConfig.NextProtos, "http/1.1") 949 } 950 upgradeFn := func(authority string, c *tls.Conn) RoundTripper { 951 addr := http2authorityAddr("https", authority) 952 if used, err := connPool.addConnIfNeeded(addr, t2, c); err != nil { 953 go c.Close() 954 return http2erringRoundTripper{err} 955 } else if !used { 956 // Turns out we don't need this c. 957 // For example, two goroutines made requests to the same host 958 // at the same time, both kicking off TCP dials. (since protocol 959 // was unknown) 960 go c.Close() 961 } 962 return t2 963 } 964 if m := t1.TLSNextProto; len(m) == 0 { 965 t1.TLSNextProto = map[string]func(string, *tls.Conn) RoundTripper{ 966 "h2": upgradeFn, 967 } 968 } else { 969 m["h2"] = upgradeFn 970 } 971 return t2, nil 972 } 973 974 // registerHTTPSProtocol calls Transport.RegisterProtocol but 975 // converting panics into errors. 976 func http2registerHTTPSProtocol(t *Transport, rt RoundTripper) (err error) { 977 defer func() { 978 if e := recover(); e != nil { 979 err = fmt.Errorf("%v", e) 980 } 981 }() 982 t.RegisterProtocol("https", rt) 983 return nil 984 } 985 986 // noDialH2RoundTripper is a RoundTripper which only tries to complete the request 987 // if there's already has a cached connection to the host. 988 type http2noDialH2RoundTripper struct{ t *http2Transport } 989 990 func (rt http2noDialH2RoundTripper) RoundTrip(req *Request) (*Response, error) { 991 res, err := rt.t.RoundTrip(req) 992 if http2isNoCachedConnError(err) { 993 return nil, ErrSkipAltProtocol 994 } 995 return res, err 996 } 997 998 // Buffer chunks are allocated from a pool to reduce pressure on GC. 999 // The maximum wasted space per dataBuffer is 2x the largest size class, 1000 // which happens when the dataBuffer has multiple chunks and there is 1001 // one unread byte in both the first and last chunks. We use a few size 1002 // classes to minimize overheads for servers that typically receive very 1003 // small request bodies. 1004 // 1005 // TODO: Benchmark to determine if the pools are necessary. The GC may have 1006 // improved enough that we can instead allocate chunks like this: 1007 // make([]byte, max(16<<10, expectedBytesRemaining)) 1008 var ( 1009 http2dataChunkSizeClasses = []int{ 1010 1 << 10, 1011 2 << 10, 1012 4 << 10, 1013 8 << 10, 1014 16 << 10, 1015 } 1016 http2dataChunkPools = [...]sync.Pool{ 1017 {New: func() interface{} { return make([]byte, 1<<10) }}, 1018 {New: func() interface{} { return make([]byte, 2<<10) }}, 1019 {New: func() interface{} { return make([]byte, 4<<10) }}, 1020 {New: func() interface{} { return make([]byte, 8<<10) }}, 1021 {New: func() interface{} { return make([]byte, 16<<10) }}, 1022 } 1023 ) 1024 1025 func http2getDataBufferChunk(size int64) []byte { 1026 i := 0 1027 for ; i < len(http2dataChunkSizeClasses)-1; i++ { 1028 if size <= int64(http2dataChunkSizeClasses[i]) { 1029 break 1030 } 1031 } 1032 return http2dataChunkPools[i].Get().([]byte) 1033 } 1034 1035 func http2putDataBufferChunk(p []byte) { 1036 for i, n := range http2dataChunkSizeClasses { 1037 if len(p) == n { 1038 http2dataChunkPools[i].Put(p) 1039 return 1040 } 1041 } 1042 panic(fmt.Sprintf("unexpected buffer len=%v", len(p))) 1043 } 1044 1045 // dataBuffer is an io.ReadWriter backed by a list of data chunks. 1046 // Each dataBuffer is used to read DATA frames on a single stream. 1047 // The buffer is divided into chunks so the server can limit the 1048 // total memory used by a single connection without limiting the 1049 // request body size on any single stream. 1050 type http2dataBuffer struct { 1051 chunks [][]byte 1052 r int // next byte to read is chunks[0][r] 1053 w int // next byte to write is chunks[len(chunks)-1][w] 1054 size int // total buffered bytes 1055 expected int64 // we expect at least this many bytes in future Write calls (ignored if <= 0) 1056 } 1057 1058 var http2errReadEmpty = errors.New("read from empty dataBuffer") 1059 1060 // Read copies bytes from the buffer into p. 1061 // It is an error to read when no data is available. 1062 func (b *http2dataBuffer) Read(p []byte) (int, error) { 1063 if b.size == 0 { 1064 return 0, http2errReadEmpty 1065 } 1066 var ntotal int 1067 for len(p) > 0 && b.size > 0 { 1068 readFrom := b.bytesFromFirstChunk() 1069 n := copy(p, readFrom) 1070 p = p[n:] 1071 ntotal += n 1072 b.r += n 1073 b.size -= n 1074 // If the first chunk has been consumed, advance to the next chunk. 1075 if b.r == len(b.chunks[0]) { 1076 http2putDataBufferChunk(b.chunks[0]) 1077 end := len(b.chunks) - 1 1078 copy(b.chunks[:end], b.chunks[1:]) 1079 b.chunks[end] = nil 1080 b.chunks = b.chunks[:end] 1081 b.r = 0 1082 } 1083 } 1084 return ntotal, nil 1085 } 1086 1087 func (b *http2dataBuffer) bytesFromFirstChunk() []byte { 1088 if len(b.chunks) == 1 { 1089 return b.chunks[0][b.r:b.w] 1090 } 1091 return b.chunks[0][b.r:] 1092 } 1093 1094 // Len returns the number of bytes of the unread portion of the buffer. 1095 func (b *http2dataBuffer) Len() int { 1096 return b.size 1097 } 1098 1099 // Write appends p to the buffer. 1100 func (b *http2dataBuffer) Write(p []byte) (int, error) { 1101 ntotal := len(p) 1102 for len(p) > 0 { 1103 // If the last chunk is empty, allocate a new chunk. Try to allocate 1104 // enough to fully copy p plus any additional bytes we expect to 1105 // receive. However, this may allocate less than len(p). 1106 want := int64(len(p)) 1107 if b.expected > want { 1108 want = b.expected 1109 } 1110 chunk := b.lastChunkOrAlloc(want) 1111 n := copy(chunk[b.w:], p) 1112 p = p[n:] 1113 b.w += n 1114 b.size += n 1115 b.expected -= int64(n) 1116 } 1117 return ntotal, nil 1118 } 1119 1120 func (b *http2dataBuffer) lastChunkOrAlloc(want int64) []byte { 1121 if len(b.chunks) != 0 { 1122 last := b.chunks[len(b.chunks)-1] 1123 if b.w < len(last) { 1124 return last 1125 } 1126 } 1127 chunk := http2getDataBufferChunk(want) 1128 b.chunks = append(b.chunks, chunk) 1129 b.w = 0 1130 return chunk 1131 } 1132 1133 // An ErrCode is an unsigned 32-bit error code as defined in the HTTP/2 spec. 1134 type http2ErrCode uint32 1135 1136 const ( 1137 http2ErrCodeNo http2ErrCode = 0x0 1138 http2ErrCodeProtocol http2ErrCode = 0x1 1139 http2ErrCodeInternal http2ErrCode = 0x2 1140 http2ErrCodeFlowControl http2ErrCode = 0x3 1141 http2ErrCodeSettingsTimeout http2ErrCode = 0x4 1142 http2ErrCodeStreamClosed http2ErrCode = 0x5 1143 http2ErrCodeFrameSize http2ErrCode = 0x6 1144 http2ErrCodeRefusedStream http2ErrCode = 0x7 1145 http2ErrCodeCancel http2ErrCode = 0x8 1146 http2ErrCodeCompression http2ErrCode = 0x9 1147 http2ErrCodeConnect http2ErrCode = 0xa 1148 http2ErrCodeEnhanceYourCalm http2ErrCode = 0xb 1149 http2ErrCodeInadequateSecurity http2ErrCode = 0xc 1150 http2ErrCodeHTTP11Required http2ErrCode = 0xd 1151 ) 1152 1153 var http2errCodeName = map[http2ErrCode]string{ 1154 http2ErrCodeNo: "NO_ERROR", 1155 http2ErrCodeProtocol: "PROTOCOL_ERROR", 1156 http2ErrCodeInternal: "INTERNAL_ERROR", 1157 http2ErrCodeFlowControl: "FLOW_CONTROL_ERROR", 1158 http2ErrCodeSettingsTimeout: "SETTINGS_TIMEOUT", 1159 http2ErrCodeStreamClosed: "STREAM_CLOSED", 1160 http2ErrCodeFrameSize: "FRAME_SIZE_ERROR", 1161 http2ErrCodeRefusedStream: "REFUSED_STREAM", 1162 http2ErrCodeCancel: "CANCEL", 1163 http2ErrCodeCompression: "COMPRESSION_ERROR", 1164 http2ErrCodeConnect: "CONNECT_ERROR", 1165 http2ErrCodeEnhanceYourCalm: "ENHANCE_YOUR_CALM", 1166 http2ErrCodeInadequateSecurity: "INADEQUATE_SECURITY", 1167 http2ErrCodeHTTP11Required: "HTTP_1_1_REQUIRED", 1168 } 1169 1170 func (e http2ErrCode) String() string { 1171 if s, ok := http2errCodeName[e]; ok { 1172 return s 1173 } 1174 return fmt.Sprintf("unknown error code 0x%x", uint32(e)) 1175 } 1176 1177 // ConnectionError is an error that results in the termination of the 1178 // entire connection. 1179 type http2ConnectionError http2ErrCode 1180 1181 func (e http2ConnectionError) Error() string { 1182 return fmt.Sprintf("connection error: %s", http2ErrCode(e)) 1183 } 1184 1185 // StreamError is an error that only affects one stream within an 1186 // HTTP/2 connection. 1187 type http2StreamError struct { 1188 StreamID uint32 1189 Code http2ErrCode 1190 Cause error // optional additional detail 1191 } 1192 1193 func http2streamError(id uint32, code http2ErrCode) http2StreamError { 1194 return http2StreamError{StreamID: id, Code: code} 1195 } 1196 1197 func (e http2StreamError) Error() string { 1198 if e.Cause != nil { 1199 return fmt.Sprintf("stream error: stream ID %d; %v; %v", e.StreamID, e.Code, e.Cause) 1200 } 1201 return fmt.Sprintf("stream error: stream ID %d; %v", e.StreamID, e.Code) 1202 } 1203 1204 // 6.9.1 The Flow Control Window 1205 // "If a sender receives a WINDOW_UPDATE that causes a flow control 1206 // window to exceed this maximum it MUST terminate either the stream 1207 // or the connection, as appropriate. For streams, [...]; for the 1208 // connection, a GOAWAY frame with a FLOW_CONTROL_ERROR code." 1209 type http2goAwayFlowError struct{} 1210 1211 func (http2goAwayFlowError) Error() string { return "connection exceeded flow control window size" } 1212 1213 // connError represents an HTTP/2 ConnectionError error code, along 1214 // with a string (for debugging) explaining why. 1215 // 1216 // Errors of this type are only returned by the frame parser functions 1217 // and converted into ConnectionError(Code), after stashing away 1218 // the Reason into the Framer's errDetail field, accessible via 1219 // the (*Framer).ErrorDetail method. 1220 type http2connError struct { 1221 Code http2ErrCode // the ConnectionError error code 1222 Reason string // additional reason 1223 } 1224 1225 func (e http2connError) Error() string { 1226 return fmt.Sprintf("http2: connection error: %v: %v", e.Code, e.Reason) 1227 } 1228 1229 type http2pseudoHeaderError string 1230 1231 func (e http2pseudoHeaderError) Error() string { 1232 return fmt.Sprintf("invalid pseudo-header %q", string(e)) 1233 } 1234 1235 type http2duplicatePseudoHeaderError string 1236 1237 func (e http2duplicatePseudoHeaderError) Error() string { 1238 return fmt.Sprintf("duplicate pseudo-header %q", string(e)) 1239 } 1240 1241 type http2headerFieldNameError string 1242 1243 func (e http2headerFieldNameError) Error() string { 1244 return fmt.Sprintf("invalid header field name %q", string(e)) 1245 } 1246 1247 type http2headerFieldValueError string 1248 1249 func (e http2headerFieldValueError) Error() string { 1250 return fmt.Sprintf("invalid header field value %q", string(e)) 1251 } 1252 1253 var ( 1254 http2errMixPseudoHeaderTypes = errors.New("mix of request and response pseudo headers") 1255 http2errPseudoAfterRegular = errors.New("pseudo header field after regular") 1256 ) 1257 1258 // flow is the flow control window's size. 1259 type http2flow struct { 1260 // n is the number of DATA bytes we're allowed to send. 1261 // A flow is kept both on a conn and a per-stream. 1262 n int32 1263 1264 // conn points to the shared connection-level flow that is 1265 // shared by all streams on that conn. It is nil for the flow 1266 // that's on the conn directly. 1267 conn *http2flow 1268 } 1269 1270 func (f *http2flow) setConnFlow(cf *http2flow) { f.conn = cf } 1271 1272 func (f *http2flow) available() int32 { 1273 n := f.n 1274 if f.conn != nil && f.conn.n < n { 1275 n = f.conn.n 1276 } 1277 return n 1278 } 1279 1280 func (f *http2flow) take(n int32) { 1281 if n > f.available() { 1282 panic("internal error: took too much") 1283 } 1284 f.n -= n 1285 if f.conn != nil { 1286 f.conn.n -= n 1287 } 1288 } 1289 1290 // add adds n bytes (positive or negative) to the flow control window. 1291 // It returns false if the sum would exceed 2^31-1. 1292 func (f *http2flow) add(n int32) bool { 1293 remain := (1<<31 - 1) - f.n 1294 if n > remain { 1295 return false 1296 } 1297 f.n += n 1298 return true 1299 } 1300 1301 const http2frameHeaderLen = 9 1302 1303 var http2padZeros = make([]byte, 255) // zeros for padding 1304 1305 // A FrameType is a registered frame type as defined in 1306 // http://http2.github.io/http2-spec/#rfc.section.11.2 1307 type http2FrameType uint8 1308 1309 const ( 1310 http2FrameData http2FrameType = 0x0 1311 http2FrameHeaders http2FrameType = 0x1 1312 http2FramePriority http2FrameType = 0x2 1313 http2FrameRSTStream http2FrameType = 0x3 1314 http2FrameSettings http2FrameType = 0x4 1315 http2FramePushPromise http2FrameType = 0x5 1316 http2FramePing http2FrameType = 0x6 1317 http2FrameGoAway http2FrameType = 0x7 1318 http2FrameWindowUpdate http2FrameType = 0x8 1319 http2FrameContinuation http2FrameType = 0x9 1320 ) 1321 1322 var http2frameName = map[http2FrameType]string{ 1323 http2FrameData: "DATA", 1324 http2FrameHeaders: "HEADERS", 1325 http2FramePriority: "PRIORITY", 1326 http2FrameRSTStream: "RST_STREAM", 1327 http2FrameSettings: "SETTINGS", 1328 http2FramePushPromise: "PUSH_PROMISE", 1329 http2FramePing: "PING", 1330 http2FrameGoAway: "GOAWAY", 1331 http2FrameWindowUpdate: "WINDOW_UPDATE", 1332 http2FrameContinuation: "CONTINUATION", 1333 } 1334 1335 func (t http2FrameType) String() string { 1336 if s, ok := http2frameName[t]; ok { 1337 return s 1338 } 1339 return fmt.Sprintf("UNKNOWN_FRAME_TYPE_%d", uint8(t)) 1340 } 1341 1342 // Flags is a bitmask of HTTP/2 flags. 1343 // The meaning of flags varies depending on the frame type. 1344 type http2Flags uint8 1345 1346 // Has reports whether f contains all (0 or more) flags in v. 1347 func (f http2Flags) Has(v http2Flags) bool { 1348 return (f & v) == v 1349 } 1350 1351 // Frame-specific FrameHeader flag bits. 1352 const ( 1353 // Data Frame 1354 http2FlagDataEndStream http2Flags = 0x1 1355 http2FlagDataPadded http2Flags = 0x8 1356 1357 // Headers Frame 1358 http2FlagHeadersEndStream http2Flags = 0x1 1359 http2FlagHeadersEndHeaders http2Flags = 0x4 1360 http2FlagHeadersPadded http2Flags = 0x8 1361 http2FlagHeadersPriority http2Flags = 0x20 1362 1363 // Settings Frame 1364 http2FlagSettingsAck http2Flags = 0x1 1365 1366 // Ping Frame 1367 http2FlagPingAck http2Flags = 0x1 1368 1369 // Continuation Frame 1370 http2FlagContinuationEndHeaders http2Flags = 0x4 1371 1372 http2FlagPushPromiseEndHeaders http2Flags = 0x4 1373 http2FlagPushPromisePadded http2Flags = 0x8 1374 ) 1375 1376 var http2flagName = map[http2FrameType]map[http2Flags]string{ 1377 http2FrameData: { 1378 http2FlagDataEndStream: "END_STREAM", 1379 http2FlagDataPadded: "PADDED", 1380 }, 1381 http2FrameHeaders: { 1382 http2FlagHeadersEndStream: "END_STREAM", 1383 http2FlagHeadersEndHeaders: "END_HEADERS", 1384 http2FlagHeadersPadded: "PADDED", 1385 http2FlagHeadersPriority: "PRIORITY", 1386 }, 1387 http2FrameSettings: { 1388 http2FlagSettingsAck: "ACK", 1389 }, 1390 http2FramePing: { 1391 http2FlagPingAck: "ACK", 1392 }, 1393 http2FrameContinuation: { 1394 http2FlagContinuationEndHeaders: "END_HEADERS", 1395 }, 1396 http2FramePushPromise: { 1397 http2FlagPushPromiseEndHeaders: "END_HEADERS", 1398 http2FlagPushPromisePadded: "PADDED", 1399 }, 1400 } 1401 1402 // a frameParser parses a frame given its FrameHeader and payload 1403 // bytes. The length of payload will always equal fh.Length (which 1404 // might be 0). 1405 type http2frameParser func(fc *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) 1406 1407 var http2frameParsers = map[http2FrameType]http2frameParser{ 1408 http2FrameData: http2parseDataFrame, 1409 http2FrameHeaders: http2parseHeadersFrame, 1410 http2FramePriority: http2parsePriorityFrame, 1411 http2FrameRSTStream: http2parseRSTStreamFrame, 1412 http2FrameSettings: http2parseSettingsFrame, 1413 http2FramePushPromise: http2parsePushPromise, 1414 http2FramePing: http2parsePingFrame, 1415 http2FrameGoAway: http2parseGoAwayFrame, 1416 http2FrameWindowUpdate: http2parseWindowUpdateFrame, 1417 http2FrameContinuation: http2parseContinuationFrame, 1418 } 1419 1420 func http2typeFrameParser(t http2FrameType) http2frameParser { 1421 if f := http2frameParsers[t]; f != nil { 1422 return f 1423 } 1424 return http2parseUnknownFrame 1425 } 1426 1427 // A FrameHeader is the 9 byte header of all HTTP/2 frames. 1428 // 1429 // See http://http2.github.io/http2-spec/#FrameHeader 1430 type http2FrameHeader struct { 1431 valid bool // caller can access []byte fields in the Frame 1432 1433 // Type is the 1 byte frame type. There are ten standard frame 1434 // types, but extension frame types may be written by WriteRawFrame 1435 // and will be returned by ReadFrame (as UnknownFrame). 1436 Type http2FrameType 1437 1438 // Flags are the 1 byte of 8 potential bit flags per frame. 1439 // They are specific to the frame type. 1440 Flags http2Flags 1441 1442 // Length is the length of the frame, not including the 9 byte header. 1443 // The maximum size is one byte less than 16MB (uint24), but only 1444 // frames up to 16KB are allowed without peer agreement. 1445 Length uint32 1446 1447 // StreamID is which stream this frame is for. Certain frames 1448 // are not stream-specific, in which case this field is 0. 1449 StreamID uint32 1450 } 1451 1452 // Header returns h. It exists so FrameHeaders can be embedded in other 1453 // specific frame types and implement the Frame interface. 1454 func (h http2FrameHeader) Header() http2FrameHeader { return h } 1455 1456 func (h http2FrameHeader) String() string { 1457 var buf bytes.Buffer 1458 buf.WriteString("[FrameHeader ") 1459 h.writeDebug(&buf) 1460 buf.WriteByte(']') 1461 return buf.String() 1462 } 1463 1464 func (h http2FrameHeader) writeDebug(buf *bytes.Buffer) { 1465 buf.WriteString(h.Type.String()) 1466 if h.Flags != 0 { 1467 buf.WriteString(" flags=") 1468 set := 0 1469 for i := uint8(0); i < 8; i++ { 1470 if h.Flags&(1<<i) == 0 { 1471 continue 1472 } 1473 set++ 1474 if set > 1 { 1475 buf.WriteByte('|') 1476 } 1477 name := http2flagName[h.Type][http2Flags(1<<i)] 1478 if name != "" { 1479 buf.WriteString(name) 1480 } else { 1481 fmt.Fprintf(buf, "0x%x", 1<<i) 1482 } 1483 } 1484 } 1485 if h.StreamID != 0 { 1486 fmt.Fprintf(buf, " stream=%d", h.StreamID) 1487 } 1488 fmt.Fprintf(buf, " len=%d", h.Length) 1489 } 1490 1491 func (h *http2FrameHeader) checkValid() { 1492 if !h.valid { 1493 panic("Frame accessor called on non-owned Frame") 1494 } 1495 } 1496 1497 func (h *http2FrameHeader) invalidate() { h.valid = false } 1498 1499 // frame header bytes. 1500 // Used only by ReadFrameHeader. 1501 var http2fhBytes = sync.Pool{ 1502 New: func() interface{} { 1503 buf := make([]byte, http2frameHeaderLen) 1504 return &buf 1505 }, 1506 } 1507 1508 // ReadFrameHeader reads 9 bytes from r and returns a FrameHeader. 1509 // Most users should use Framer.ReadFrame instead. 1510 func http2ReadFrameHeader(r io.Reader) (http2FrameHeader, error) { 1511 bufp := http2fhBytes.Get().(*[]byte) 1512 defer http2fhBytes.Put(bufp) 1513 return http2readFrameHeader(*bufp, r) 1514 } 1515 1516 func http2readFrameHeader(buf []byte, r io.Reader) (http2FrameHeader, error) { 1517 _, err := io.ReadFull(r, buf[:http2frameHeaderLen]) 1518 if err != nil { 1519 return http2FrameHeader{}, err 1520 } 1521 return http2FrameHeader{ 1522 Length: (uint32(buf[0])<<16 | uint32(buf[1])<<8 | uint32(buf[2])), 1523 Type: http2FrameType(buf[3]), 1524 Flags: http2Flags(buf[4]), 1525 StreamID: binary.BigEndian.Uint32(buf[5:]) & (1<<31 - 1), 1526 valid: true, 1527 }, nil 1528 } 1529 1530 // A Frame is the base interface implemented by all frame types. 1531 // Callers will generally type-assert the specific frame type: 1532 // *HeadersFrame, *SettingsFrame, *WindowUpdateFrame, etc. 1533 // 1534 // Frames are only valid until the next call to Framer.ReadFrame. 1535 type http2Frame interface { 1536 Header() http2FrameHeader 1537 1538 // invalidate is called by Framer.ReadFrame to make this 1539 // frame's buffers as being invalid, since the subsequent 1540 // frame will reuse them. 1541 invalidate() 1542 } 1543 1544 // A Framer reads and writes Frames. 1545 type http2Framer struct { 1546 r io.Reader 1547 lastFrame http2Frame 1548 errDetail error 1549 1550 // lastHeaderStream is non-zero if the last frame was an 1551 // unfinished HEADERS/CONTINUATION. 1552 lastHeaderStream uint32 1553 1554 maxReadSize uint32 1555 headerBuf [http2frameHeaderLen]byte 1556 1557 // TODO: let getReadBuf be configurable, and use a less memory-pinning 1558 // allocator in server.go to minimize memory pinned for many idle conns. 1559 // Will probably also need to make frame invalidation have a hook too. 1560 getReadBuf func(size uint32) []byte 1561 readBuf []byte // cache for default getReadBuf 1562 1563 maxWriteSize uint32 // zero means unlimited; TODO: implement 1564 1565 w io.Writer 1566 wbuf []byte 1567 1568 // AllowIllegalWrites permits the Framer's Write methods to 1569 // write frames that do not conform to the HTTP/2 spec. This 1570 // permits using the Framer to test other HTTP/2 1571 // implementations' conformance to the spec. 1572 // If false, the Write methods will prefer to return an error 1573 // rather than comply. 1574 AllowIllegalWrites bool 1575 1576 // AllowIllegalReads permits the Framer's ReadFrame method 1577 // to return non-compliant frames or frame orders. 1578 // This is for testing and permits using the Framer to test 1579 // other HTTP/2 implementations' conformance to the spec. 1580 // It is not compatible with ReadMetaHeaders. 1581 AllowIllegalReads bool 1582 1583 // ReadMetaHeaders if non-nil causes ReadFrame to merge 1584 // HEADERS and CONTINUATION frames together and return 1585 // MetaHeadersFrame instead. 1586 ReadMetaHeaders *hpack.Decoder 1587 1588 // MaxHeaderListSize is the http2 MAX_HEADER_LIST_SIZE. 1589 // It's used only if ReadMetaHeaders is set; 0 means a sane default 1590 // (currently 16MB) 1591 // If the limit is hit, MetaHeadersFrame.Truncated is set true. 1592 MaxHeaderListSize uint32 1593 1594 // TODO: track which type of frame & with which flags was sent 1595 // last. Then return an error (unless AllowIllegalWrites) if 1596 // we're in the middle of a header block and a 1597 // non-Continuation or Continuation on a different stream is 1598 // attempted to be written. 1599 1600 logReads, logWrites bool 1601 1602 debugFramer *http2Framer // only use for logging written writes 1603 debugFramerBuf *bytes.Buffer 1604 debugReadLoggerf func(string, ...interface{}) 1605 debugWriteLoggerf func(string, ...interface{}) 1606 1607 frameCache *http2frameCache // nil if frames aren't reused (default) 1608 } 1609 1610 func (fr *http2Framer) maxHeaderListSize() uint32 { 1611 if fr.MaxHeaderListSize == 0 { 1612 return 16 << 20 // sane default, per docs 1613 } 1614 return fr.MaxHeaderListSize 1615 } 1616 1617 func (f *http2Framer) startWrite(ftype http2FrameType, flags http2Flags, streamID uint32) { 1618 // Write the FrameHeader. 1619 f.wbuf = append(f.wbuf[:0], 1620 0, // 3 bytes of length, filled in in endWrite 1621 0, 1622 0, 1623 byte(ftype), 1624 byte(flags), 1625 byte(streamID>>24), 1626 byte(streamID>>16), 1627 byte(streamID>>8), 1628 byte(streamID)) 1629 } 1630 1631 func (f *http2Framer) endWrite() error { 1632 // Now that we know the final size, fill in the FrameHeader in 1633 // the space previously reserved for it. Abuse append. 1634 length := len(f.wbuf) - http2frameHeaderLen 1635 if length >= (1 << 24) { 1636 return http2ErrFrameTooLarge 1637 } 1638 _ = append(f.wbuf[:0], 1639 byte(length>>16), 1640 byte(length>>8), 1641 byte(length)) 1642 if f.logWrites { 1643 f.logWrite() 1644 } 1645 1646 n, err := f.w.Write(f.wbuf) 1647 if err == nil && n != len(f.wbuf) { 1648 err = io.ErrShortWrite 1649 } 1650 return err 1651 } 1652 1653 func (f *http2Framer) logWrite() { 1654 if f.debugFramer == nil { 1655 f.debugFramerBuf = new(bytes.Buffer) 1656 f.debugFramer = http2NewFramer(nil, f.debugFramerBuf) 1657 f.debugFramer.logReads = false // we log it ourselves, saying "wrote" below 1658 // Let us read anything, even if we accidentally wrote it 1659 // in the wrong order: 1660 f.debugFramer.AllowIllegalReads = true 1661 } 1662 f.debugFramerBuf.Write(f.wbuf) 1663 fr, err := f.debugFramer.ReadFrame() 1664 if err != nil { 1665 f.debugWriteLoggerf("http2: Framer %p: failed to decode just-written frame", f) 1666 return 1667 } 1668 f.debugWriteLoggerf("http2: Framer %p: wrote %v", f, http2summarizeFrame(fr)) 1669 } 1670 1671 func (f *http2Framer) writeByte(v byte) { f.wbuf = append(f.wbuf, v) } 1672 1673 func (f *http2Framer) writeBytes(v []byte) { f.wbuf = append(f.wbuf, v...) } 1674 1675 func (f *http2Framer) writeUint16(v uint16) { f.wbuf = append(f.wbuf, byte(v>>8), byte(v)) } 1676 1677 func (f *http2Framer) writeUint32(v uint32) { 1678 f.wbuf = append(f.wbuf, byte(v>>24), byte(v>>16), byte(v>>8), byte(v)) 1679 } 1680 1681 const ( 1682 http2minMaxFrameSize = 1 << 14 1683 http2maxFrameSize = 1<<24 - 1 1684 ) 1685 1686 // SetReuseFrames allows the Framer to reuse Frames. 1687 // If called on a Framer, Frames returned by calls to ReadFrame are only 1688 // valid until the next call to ReadFrame. 1689 func (fr *http2Framer) SetReuseFrames() { 1690 if fr.frameCache != nil { 1691 return 1692 } 1693 fr.frameCache = &http2frameCache{} 1694 } 1695 1696 type http2frameCache struct { 1697 dataFrame http2DataFrame 1698 } 1699 1700 func (fc *http2frameCache) getDataFrame() *http2DataFrame { 1701 if fc == nil { 1702 return &http2DataFrame{} 1703 } 1704 return &fc.dataFrame 1705 } 1706 1707 // NewFramer returns a Framer that writes frames to w and reads them from r. 1708 func http2NewFramer(w io.Writer, r io.Reader) *http2Framer { 1709 fr := &http2Framer{ 1710 w: w, 1711 r: r, 1712 logReads: http2logFrameReads, 1713 logWrites: http2logFrameWrites, 1714 debugReadLoggerf: log.Printf, 1715 debugWriteLoggerf: log.Printf, 1716 } 1717 fr.getReadBuf = func(size uint32) []byte { 1718 if cap(fr.readBuf) >= int(size) { 1719 return fr.readBuf[:size] 1720 } 1721 fr.readBuf = make([]byte, size) 1722 return fr.readBuf 1723 } 1724 fr.SetMaxReadFrameSize(http2maxFrameSize) 1725 return fr 1726 } 1727 1728 // SetMaxReadFrameSize sets the maximum size of a frame 1729 // that will be read by a subsequent call to ReadFrame. 1730 // It is the caller's responsibility to advertise this 1731 // limit with a SETTINGS frame. 1732 func (fr *http2Framer) SetMaxReadFrameSize(v uint32) { 1733 if v > http2maxFrameSize { 1734 v = http2maxFrameSize 1735 } 1736 fr.maxReadSize = v 1737 } 1738 1739 // ErrorDetail returns a more detailed error of the last error 1740 // returned by Framer.ReadFrame. For instance, if ReadFrame 1741 // returns a StreamError with code PROTOCOL_ERROR, ErrorDetail 1742 // will say exactly what was invalid. ErrorDetail is not guaranteed 1743 // to return a non-nil value and like the rest of the http2 package, 1744 // its return value is not protected by an API compatibility promise. 1745 // ErrorDetail is reset after the next call to ReadFrame. 1746 func (fr *http2Framer) ErrorDetail() error { 1747 return fr.errDetail 1748 } 1749 1750 // ErrFrameTooLarge is returned from Framer.ReadFrame when the peer 1751 // sends a frame that is larger than declared with SetMaxReadFrameSize. 1752 var http2ErrFrameTooLarge = errors.New("http2: frame too large") 1753 1754 // terminalReadFrameError reports whether err is an unrecoverable 1755 // error from ReadFrame and no other frames should be read. 1756 func http2terminalReadFrameError(err error) bool { 1757 if _, ok := err.(http2StreamError); ok { 1758 return false 1759 } 1760 return err != nil 1761 } 1762 1763 // ReadFrame reads a single frame. The returned Frame is only valid 1764 // until the next call to ReadFrame. 1765 // 1766 // If the frame is larger than previously set with SetMaxReadFrameSize, the 1767 // returned error is ErrFrameTooLarge. Other errors may be of type 1768 // ConnectionError, StreamError, or anything else from the underlying 1769 // reader. 1770 func (fr *http2Framer) ReadFrame() (http2Frame, error) { 1771 fr.errDetail = nil 1772 if fr.lastFrame != nil { 1773 fr.lastFrame.invalidate() 1774 } 1775 fh, err := http2readFrameHeader(fr.headerBuf[:], fr.r) 1776 if err != nil { 1777 return nil, err 1778 } 1779 if fh.Length > fr.maxReadSize { 1780 return nil, http2ErrFrameTooLarge 1781 } 1782 payload := fr.getReadBuf(fh.Length) 1783 if _, err := io.ReadFull(fr.r, payload); err != nil { 1784 return nil, err 1785 } 1786 f, err := http2typeFrameParser(fh.Type)(fr.frameCache, fh, payload) 1787 if err != nil { 1788 if ce, ok := err.(http2connError); ok { 1789 return nil, fr.connError(ce.Code, ce.Reason) 1790 } 1791 return nil, err 1792 } 1793 if err := fr.checkFrameOrder(f); err != nil { 1794 return nil, err 1795 } 1796 if fr.logReads { 1797 fr.debugReadLoggerf("http2: Framer %p: read %v", fr, http2summarizeFrame(f)) 1798 } 1799 if fh.Type == http2FrameHeaders && fr.ReadMetaHeaders != nil { 1800 return fr.readMetaFrame(f.(*http2HeadersFrame)) 1801 } 1802 return f, nil 1803 } 1804 1805 // connError returns ConnectionError(code) but first 1806 // stashes away a public reason to the caller can optionally relay it 1807 // to the peer before hanging up on them. This might help others debug 1808 // their implementations. 1809 func (fr *http2Framer) connError(code http2ErrCode, reason string) error { 1810 fr.errDetail = errors.New(reason) 1811 return http2ConnectionError(code) 1812 } 1813 1814 // checkFrameOrder reports an error if f is an invalid frame to return 1815 // next from ReadFrame. Mostly it checks whether HEADERS and 1816 // CONTINUATION frames are contiguous. 1817 func (fr *http2Framer) checkFrameOrder(f http2Frame) error { 1818 last := fr.lastFrame 1819 fr.lastFrame = f 1820 if fr.AllowIllegalReads { 1821 return nil 1822 } 1823 1824 fh := f.Header() 1825 if fr.lastHeaderStream != 0 { 1826 if fh.Type != http2FrameContinuation { 1827 return fr.connError(http2ErrCodeProtocol, 1828 fmt.Sprintf("got %s for stream %d; expected CONTINUATION following %s for stream %d", 1829 fh.Type, fh.StreamID, 1830 last.Header().Type, fr.lastHeaderStream)) 1831 } 1832 if fh.StreamID != fr.lastHeaderStream { 1833 return fr.connError(http2ErrCodeProtocol, 1834 fmt.Sprintf("got CONTINUATION for stream %d; expected stream %d", 1835 fh.StreamID, fr.lastHeaderStream)) 1836 } 1837 } else if fh.Type == http2FrameContinuation { 1838 return fr.connError(http2ErrCodeProtocol, fmt.Sprintf("unexpected CONTINUATION for stream %d", fh.StreamID)) 1839 } 1840 1841 switch fh.Type { 1842 case http2FrameHeaders, http2FrameContinuation: 1843 if fh.Flags.Has(http2FlagHeadersEndHeaders) { 1844 fr.lastHeaderStream = 0 1845 } else { 1846 fr.lastHeaderStream = fh.StreamID 1847 } 1848 } 1849 1850 return nil 1851 } 1852 1853 // A DataFrame conveys arbitrary, variable-length sequences of octets 1854 // associated with a stream. 1855 // See http://http2.github.io/http2-spec/#rfc.section.6.1 1856 type http2DataFrame struct { 1857 http2FrameHeader 1858 data []byte 1859 } 1860 1861 func (f *http2DataFrame) StreamEnded() bool { 1862 return f.http2FrameHeader.Flags.Has(http2FlagDataEndStream) 1863 } 1864 1865 // Data returns the frame's data octets, not including any padding 1866 // size byte or padding suffix bytes. 1867 // The caller must not retain the returned memory past the next 1868 // call to ReadFrame. 1869 func (f *http2DataFrame) Data() []byte { 1870 f.checkValid() 1871 return f.data 1872 } 1873 1874 func http2parseDataFrame(fc *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) { 1875 if fh.StreamID == 0 { 1876 // DATA frames MUST be associated with a stream. If a 1877 // DATA frame is received whose stream identifier 1878 // field is 0x0, the recipient MUST respond with a 1879 // connection error (Section 5.4.1) of type 1880 // PROTOCOL_ERROR. 1881 return nil, http2connError{http2ErrCodeProtocol, "DATA frame with stream ID 0"} 1882 } 1883 f := fc.getDataFrame() 1884 f.http2FrameHeader = fh 1885 1886 var padSize byte 1887 if fh.Flags.Has(http2FlagDataPadded) { 1888 var err error 1889 payload, padSize, err = http2readByte(payload) 1890 if err != nil { 1891 return nil, err 1892 } 1893 } 1894 if int(padSize) > len(payload) { 1895 // If the length of the padding is greater than the 1896 // length of the frame payload, the recipient MUST 1897 // treat this as a connection error. 1898 // Filed: https://github.com/http2/http2-spec/issues/610 1899 return nil, http2connError{http2ErrCodeProtocol, "pad size larger than data payload"} 1900 } 1901 f.data = payload[:len(payload)-int(padSize)] 1902 return f, nil 1903 } 1904 1905 var ( 1906 http2errStreamID = errors.New("invalid stream ID") 1907 http2errDepStreamID = errors.New("invalid dependent stream ID") 1908 http2errPadLength = errors.New("pad length too large") 1909 http2errPadBytes = errors.New("padding bytes must all be zeros unless AllowIllegalWrites is enabled") 1910 ) 1911 1912 func http2validStreamIDOrZero(streamID uint32) bool { 1913 return streamID&(1<<31) == 0 1914 } 1915 1916 func http2validStreamID(streamID uint32) bool { 1917 return streamID != 0 && streamID&(1<<31) == 0 1918 } 1919 1920 // WriteData writes a DATA frame. 1921 // 1922 // It will perform exactly one Write to the underlying Writer. 1923 // It is the caller's responsibility not to violate the maximum frame size 1924 // and to not call other Write methods concurrently. 1925 func (f *http2Framer) WriteData(streamID uint32, endStream bool, data []byte) error { 1926 return f.WriteDataPadded(streamID, endStream, data, nil) 1927 } 1928 1929 // WriteData writes a DATA frame with optional padding. 1930 // 1931 // If pad is nil, the padding bit is not sent. 1932 // The length of pad must not exceed 255 bytes. 1933 // The bytes of pad must all be zero, unless f.AllowIllegalWrites is set. 1934 // 1935 // It will perform exactly one Write to the underlying Writer. 1936 // It is the caller's responsibility not to violate the maximum frame size 1937 // and to not call other Write methods concurrently. 1938 func (f *http2Framer) WriteDataPadded(streamID uint32, endStream bool, data, pad []byte) error { 1939 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 1940 return http2errStreamID 1941 } 1942 if len(pad) > 0 { 1943 if len(pad) > 255 { 1944 return http2errPadLength 1945 } 1946 if !f.AllowIllegalWrites { 1947 for _, b := range pad { 1948 if b != 0 { 1949 // "Padding octets MUST be set to zero when sending." 1950 return http2errPadBytes 1951 } 1952 } 1953 } 1954 } 1955 var flags http2Flags 1956 if endStream { 1957 flags |= http2FlagDataEndStream 1958 } 1959 if pad != nil { 1960 flags |= http2FlagDataPadded 1961 } 1962 f.startWrite(http2FrameData, flags, streamID) 1963 if pad != nil { 1964 f.wbuf = append(f.wbuf, byte(len(pad))) 1965 } 1966 f.wbuf = append(f.wbuf, data...) 1967 f.wbuf = append(f.wbuf, pad...) 1968 return f.endWrite() 1969 } 1970 1971 // A SettingsFrame conveys configuration parameters that affect how 1972 // endpoints communicate, such as preferences and constraints on peer 1973 // behavior. 1974 // 1975 // See http://http2.github.io/http2-spec/#SETTINGS 1976 type http2SettingsFrame struct { 1977 http2FrameHeader 1978 p []byte 1979 } 1980 1981 func http2parseSettingsFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 1982 if fh.Flags.Has(http2FlagSettingsAck) && fh.Length > 0 { 1983 // When this (ACK 0x1) bit is set, the payload of the 1984 // SETTINGS frame MUST be empty. Receipt of a 1985 // SETTINGS frame with the ACK flag set and a length 1986 // field value other than 0 MUST be treated as a 1987 // connection error (Section 5.4.1) of type 1988 // FRAME_SIZE_ERROR. 1989 return nil, http2ConnectionError(http2ErrCodeFrameSize) 1990 } 1991 if fh.StreamID != 0 { 1992 // SETTINGS frames always apply to a connection, 1993 // never a single stream. The stream identifier for a 1994 // SETTINGS frame MUST be zero (0x0). If an endpoint 1995 // receives a SETTINGS frame whose stream identifier 1996 // field is anything other than 0x0, the endpoint MUST 1997 // respond with a connection error (Section 5.4.1) of 1998 // type PROTOCOL_ERROR. 1999 return nil, http2ConnectionError(http2ErrCodeProtocol) 2000 } 2001 if len(p)%6 != 0 { 2002 // Expecting even number of 6 byte settings. 2003 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2004 } 2005 f := &http2SettingsFrame{http2FrameHeader: fh, p: p} 2006 if v, ok := f.Value(http2SettingInitialWindowSize); ok && v > (1<<31)-1 { 2007 // Values above the maximum flow control window size of 2^31 - 1 MUST 2008 // be treated as a connection error (Section 5.4.1) of type 2009 // FLOW_CONTROL_ERROR. 2010 return nil, http2ConnectionError(http2ErrCodeFlowControl) 2011 } 2012 return f, nil 2013 } 2014 2015 func (f *http2SettingsFrame) IsAck() bool { 2016 return f.http2FrameHeader.Flags.Has(http2FlagSettingsAck) 2017 } 2018 2019 func (f *http2SettingsFrame) Value(s http2SettingID) (v uint32, ok bool) { 2020 f.checkValid() 2021 buf := f.p 2022 for len(buf) > 0 { 2023 settingID := http2SettingID(binary.BigEndian.Uint16(buf[:2])) 2024 if settingID == s { 2025 return binary.BigEndian.Uint32(buf[2:6]), true 2026 } 2027 buf = buf[6:] 2028 } 2029 return 0, false 2030 } 2031 2032 // ForeachSetting runs fn for each setting. 2033 // It stops and returns the first error. 2034 func (f *http2SettingsFrame) ForeachSetting(fn func(http2Setting) error) error { 2035 f.checkValid() 2036 buf := f.p 2037 for len(buf) > 0 { 2038 if err := fn(http2Setting{ 2039 http2SettingID(binary.BigEndian.Uint16(buf[:2])), 2040 binary.BigEndian.Uint32(buf[2:6]), 2041 }); err != nil { 2042 return err 2043 } 2044 buf = buf[6:] 2045 } 2046 return nil 2047 } 2048 2049 // WriteSettings writes a SETTINGS frame with zero or more settings 2050 // specified and the ACK bit not set. 2051 // 2052 // It will perform exactly one Write to the underlying Writer. 2053 // It is the caller's responsibility to not call other Write methods concurrently. 2054 func (f *http2Framer) WriteSettings(settings ...http2Setting) error { 2055 f.startWrite(http2FrameSettings, 0, 0) 2056 for _, s := range settings { 2057 f.writeUint16(uint16(s.ID)) 2058 f.writeUint32(s.Val) 2059 } 2060 return f.endWrite() 2061 } 2062 2063 // WriteSettingsAck writes an empty SETTINGS frame with the ACK bit set. 2064 // 2065 // It will perform exactly one Write to the underlying Writer. 2066 // It is the caller's responsibility to not call other Write methods concurrently. 2067 func (f *http2Framer) WriteSettingsAck() error { 2068 f.startWrite(http2FrameSettings, http2FlagSettingsAck, 0) 2069 return f.endWrite() 2070 } 2071 2072 // A PingFrame is a mechanism for measuring a minimal round trip time 2073 // from the sender, as well as determining whether an idle connection 2074 // is still functional. 2075 // See http://http2.github.io/http2-spec/#rfc.section.6.7 2076 type http2PingFrame struct { 2077 http2FrameHeader 2078 Data [8]byte 2079 } 2080 2081 func (f *http2PingFrame) IsAck() bool { return f.Flags.Has(http2FlagPingAck) } 2082 2083 func http2parsePingFrame(_ *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) { 2084 if len(payload) != 8 { 2085 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2086 } 2087 if fh.StreamID != 0 { 2088 return nil, http2ConnectionError(http2ErrCodeProtocol) 2089 } 2090 f := &http2PingFrame{http2FrameHeader: fh} 2091 copy(f.Data[:], payload) 2092 return f, nil 2093 } 2094 2095 func (f *http2Framer) WritePing(ack bool, data [8]byte) error { 2096 var flags http2Flags 2097 if ack { 2098 flags = http2FlagPingAck 2099 } 2100 f.startWrite(http2FramePing, flags, 0) 2101 f.writeBytes(data[:]) 2102 return f.endWrite() 2103 } 2104 2105 // A GoAwayFrame informs the remote peer to stop creating streams on this connection. 2106 // See http://http2.github.io/http2-spec/#rfc.section.6.8 2107 type http2GoAwayFrame struct { 2108 http2FrameHeader 2109 LastStreamID uint32 2110 ErrCode http2ErrCode 2111 debugData []byte 2112 } 2113 2114 // DebugData returns any debug data in the GOAWAY frame. Its contents 2115 // are not defined. 2116 // The caller must not retain the returned memory past the next 2117 // call to ReadFrame. 2118 func (f *http2GoAwayFrame) DebugData() []byte { 2119 f.checkValid() 2120 return f.debugData 2121 } 2122 2123 func http2parseGoAwayFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2124 if fh.StreamID != 0 { 2125 return nil, http2ConnectionError(http2ErrCodeProtocol) 2126 } 2127 if len(p) < 8 { 2128 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2129 } 2130 return &http2GoAwayFrame{ 2131 http2FrameHeader: fh, 2132 LastStreamID: binary.BigEndian.Uint32(p[:4]) & (1<<31 - 1), 2133 ErrCode: http2ErrCode(binary.BigEndian.Uint32(p[4:8])), 2134 debugData: p[8:], 2135 }, nil 2136 } 2137 2138 func (f *http2Framer) WriteGoAway(maxStreamID uint32, code http2ErrCode, debugData []byte) error { 2139 f.startWrite(http2FrameGoAway, 0, 0) 2140 f.writeUint32(maxStreamID & (1<<31 - 1)) 2141 f.writeUint32(uint32(code)) 2142 f.writeBytes(debugData) 2143 return f.endWrite() 2144 } 2145 2146 // An UnknownFrame is the frame type returned when the frame type is unknown 2147 // or no specific frame type parser exists. 2148 type http2UnknownFrame struct { 2149 http2FrameHeader 2150 p []byte 2151 } 2152 2153 // Payload returns the frame's payload (after the header). It is not 2154 // valid to call this method after a subsequent call to 2155 // Framer.ReadFrame, nor is it valid to retain the returned slice. 2156 // The memory is owned by the Framer and is invalidated when the next 2157 // frame is read. 2158 func (f *http2UnknownFrame) Payload() []byte { 2159 f.checkValid() 2160 return f.p 2161 } 2162 2163 func http2parseUnknownFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2164 return &http2UnknownFrame{fh, p}, nil 2165 } 2166 2167 // A WindowUpdateFrame is used to implement flow control. 2168 // See http://http2.github.io/http2-spec/#rfc.section.6.9 2169 type http2WindowUpdateFrame struct { 2170 http2FrameHeader 2171 Increment uint32 // never read with high bit set 2172 } 2173 2174 func http2parseWindowUpdateFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2175 if len(p) != 4 { 2176 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2177 } 2178 inc := binary.BigEndian.Uint32(p[:4]) & 0x7fffffff // mask off high reserved bit 2179 if inc == 0 { 2180 // A receiver MUST treat the receipt of a 2181 // WINDOW_UPDATE frame with an flow control window 2182 // increment of 0 as a stream error (Section 5.4.2) of 2183 // type PROTOCOL_ERROR; errors on the connection flow 2184 // control window MUST be treated as a connection 2185 // error (Section 5.4.1). 2186 if fh.StreamID == 0 { 2187 return nil, http2ConnectionError(http2ErrCodeProtocol) 2188 } 2189 return nil, http2streamError(fh.StreamID, http2ErrCodeProtocol) 2190 } 2191 return &http2WindowUpdateFrame{ 2192 http2FrameHeader: fh, 2193 Increment: inc, 2194 }, nil 2195 } 2196 2197 // WriteWindowUpdate writes a WINDOW_UPDATE frame. 2198 // The increment value must be between 1 and 2,147,483,647, inclusive. 2199 // If the Stream ID is zero, the window update applies to the 2200 // connection as a whole. 2201 func (f *http2Framer) WriteWindowUpdate(streamID, incr uint32) error { 2202 // "The legal range for the increment to the flow control window is 1 to 2^31-1 (2,147,483,647) octets." 2203 if (incr < 1 || incr > 2147483647) && !f.AllowIllegalWrites { 2204 return errors.New("illegal window increment value") 2205 } 2206 f.startWrite(http2FrameWindowUpdate, 0, streamID) 2207 f.writeUint32(incr) 2208 return f.endWrite() 2209 } 2210 2211 // A HeadersFrame is used to open a stream and additionally carries a 2212 // header block fragment. 2213 type http2HeadersFrame struct { 2214 http2FrameHeader 2215 2216 // Priority is set if FlagHeadersPriority is set in the FrameHeader. 2217 Priority http2PriorityParam 2218 2219 headerFragBuf []byte // not owned 2220 } 2221 2222 func (f *http2HeadersFrame) HeaderBlockFragment() []byte { 2223 f.checkValid() 2224 return f.headerFragBuf 2225 } 2226 2227 func (f *http2HeadersFrame) HeadersEnded() bool { 2228 return f.http2FrameHeader.Flags.Has(http2FlagHeadersEndHeaders) 2229 } 2230 2231 func (f *http2HeadersFrame) StreamEnded() bool { 2232 return f.http2FrameHeader.Flags.Has(http2FlagHeadersEndStream) 2233 } 2234 2235 func (f *http2HeadersFrame) HasPriority() bool { 2236 return f.http2FrameHeader.Flags.Has(http2FlagHeadersPriority) 2237 } 2238 2239 func http2parseHeadersFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (_ http2Frame, err error) { 2240 hf := &http2HeadersFrame{ 2241 http2FrameHeader: fh, 2242 } 2243 if fh.StreamID == 0 { 2244 // HEADERS frames MUST be associated with a stream. If a HEADERS frame 2245 // is received whose stream identifier field is 0x0, the recipient MUST 2246 // respond with a connection error (Section 5.4.1) of type 2247 // PROTOCOL_ERROR. 2248 return nil, http2connError{http2ErrCodeProtocol, "HEADERS frame with stream ID 0"} 2249 } 2250 var padLength uint8 2251 if fh.Flags.Has(http2FlagHeadersPadded) { 2252 if p, padLength, err = http2readByte(p); err != nil { 2253 return 2254 } 2255 } 2256 if fh.Flags.Has(http2FlagHeadersPriority) { 2257 var v uint32 2258 p, v, err = http2readUint32(p) 2259 if err != nil { 2260 return nil, err 2261 } 2262 hf.Priority.StreamDep = v & 0x7fffffff 2263 hf.Priority.Exclusive = (v != hf.Priority.StreamDep) // high bit was set 2264 p, hf.Priority.Weight, err = http2readByte(p) 2265 if err != nil { 2266 return nil, err 2267 } 2268 } 2269 if len(p)-int(padLength) <= 0 { 2270 return nil, http2streamError(fh.StreamID, http2ErrCodeProtocol) 2271 } 2272 hf.headerFragBuf = p[:len(p)-int(padLength)] 2273 return hf, nil 2274 } 2275 2276 // HeadersFrameParam are the parameters for writing a HEADERS frame. 2277 type http2HeadersFrameParam struct { 2278 // StreamID is the required Stream ID to initiate. 2279 StreamID uint32 2280 // BlockFragment is part (or all) of a Header Block. 2281 BlockFragment []byte 2282 2283 // EndStream indicates that the header block is the last that 2284 // the endpoint will send for the identified stream. Setting 2285 // this flag causes the stream to enter one of "half closed" 2286 // states. 2287 EndStream bool 2288 2289 // EndHeaders indicates that this frame contains an entire 2290 // header block and is not followed by any 2291 // CONTINUATION frames. 2292 EndHeaders bool 2293 2294 // PadLength is the optional number of bytes of zeros to add 2295 // to this frame. 2296 PadLength uint8 2297 2298 // Priority, if non-zero, includes stream priority information 2299 // in the HEADER frame. 2300 Priority http2PriorityParam 2301 } 2302 2303 // WriteHeaders writes a single HEADERS frame. 2304 // 2305 // This is a low-level header writing method. Encoding headers and 2306 // splitting them into any necessary CONTINUATION frames is handled 2307 // elsewhere. 2308 // 2309 // It will perform exactly one Write to the underlying Writer. 2310 // It is the caller's responsibility to not call other Write methods concurrently. 2311 func (f *http2Framer) WriteHeaders(p http2HeadersFrameParam) error { 2312 if !http2validStreamID(p.StreamID) && !f.AllowIllegalWrites { 2313 return http2errStreamID 2314 } 2315 var flags http2Flags 2316 if p.PadLength != 0 { 2317 flags |= http2FlagHeadersPadded 2318 } 2319 if p.EndStream { 2320 flags |= http2FlagHeadersEndStream 2321 } 2322 if p.EndHeaders { 2323 flags |= http2FlagHeadersEndHeaders 2324 } 2325 if !p.Priority.IsZero() { 2326 flags |= http2FlagHeadersPriority 2327 } 2328 f.startWrite(http2FrameHeaders, flags, p.StreamID) 2329 if p.PadLength != 0 { 2330 f.writeByte(p.PadLength) 2331 } 2332 if !p.Priority.IsZero() { 2333 v := p.Priority.StreamDep 2334 if !http2validStreamIDOrZero(v) && !f.AllowIllegalWrites { 2335 return http2errDepStreamID 2336 } 2337 if p.Priority.Exclusive { 2338 v |= 1 << 31 2339 } 2340 f.writeUint32(v) 2341 f.writeByte(p.Priority.Weight) 2342 } 2343 f.wbuf = append(f.wbuf, p.BlockFragment...) 2344 f.wbuf = append(f.wbuf, http2padZeros[:p.PadLength]...) 2345 return f.endWrite() 2346 } 2347 2348 // A PriorityFrame specifies the sender-advised priority of a stream. 2349 // See http://http2.github.io/http2-spec/#rfc.section.6.3 2350 type http2PriorityFrame struct { 2351 http2FrameHeader 2352 http2PriorityParam 2353 } 2354 2355 // PriorityParam are the stream prioritzation parameters. 2356 type http2PriorityParam struct { 2357 // StreamDep is a 31-bit stream identifier for the 2358 // stream that this stream depends on. Zero means no 2359 // dependency. 2360 StreamDep uint32 2361 2362 // Exclusive is whether the dependency is exclusive. 2363 Exclusive bool 2364 2365 // Weight is the stream's zero-indexed weight. It should be 2366 // set together with StreamDep, or neither should be set. Per 2367 // the spec, "Add one to the value to obtain a weight between 2368 // 1 and 256." 2369 Weight uint8 2370 } 2371 2372 func (p http2PriorityParam) IsZero() bool { 2373 return p == http2PriorityParam{} 2374 } 2375 2376 func http2parsePriorityFrame(_ *http2frameCache, fh http2FrameHeader, payload []byte) (http2Frame, error) { 2377 if fh.StreamID == 0 { 2378 return nil, http2connError{http2ErrCodeProtocol, "PRIORITY frame with stream ID 0"} 2379 } 2380 if len(payload) != 5 { 2381 return nil, http2connError{http2ErrCodeFrameSize, fmt.Sprintf("PRIORITY frame payload size was %d; want 5", len(payload))} 2382 } 2383 v := binary.BigEndian.Uint32(payload[:4]) 2384 streamID := v & 0x7fffffff // mask off high bit 2385 return &http2PriorityFrame{ 2386 http2FrameHeader: fh, 2387 http2PriorityParam: http2PriorityParam{ 2388 Weight: payload[4], 2389 StreamDep: streamID, 2390 Exclusive: streamID != v, // was high bit set? 2391 }, 2392 }, nil 2393 } 2394 2395 // WritePriority writes a PRIORITY frame. 2396 // 2397 // It will perform exactly one Write to the underlying Writer. 2398 // It is the caller's responsibility to not call other Write methods concurrently. 2399 func (f *http2Framer) WritePriority(streamID uint32, p http2PriorityParam) error { 2400 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 2401 return http2errStreamID 2402 } 2403 if !http2validStreamIDOrZero(p.StreamDep) { 2404 return http2errDepStreamID 2405 } 2406 f.startWrite(http2FramePriority, 0, streamID) 2407 v := p.StreamDep 2408 if p.Exclusive { 2409 v |= 1 << 31 2410 } 2411 f.writeUint32(v) 2412 f.writeByte(p.Weight) 2413 return f.endWrite() 2414 } 2415 2416 // A RSTStreamFrame allows for abnormal termination of a stream. 2417 // See http://http2.github.io/http2-spec/#rfc.section.6.4 2418 type http2RSTStreamFrame struct { 2419 http2FrameHeader 2420 ErrCode http2ErrCode 2421 } 2422 2423 func http2parseRSTStreamFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2424 if len(p) != 4 { 2425 return nil, http2ConnectionError(http2ErrCodeFrameSize) 2426 } 2427 if fh.StreamID == 0 { 2428 return nil, http2ConnectionError(http2ErrCodeProtocol) 2429 } 2430 return &http2RSTStreamFrame{fh, http2ErrCode(binary.BigEndian.Uint32(p[:4]))}, nil 2431 } 2432 2433 // WriteRSTStream writes a RST_STREAM frame. 2434 // 2435 // It will perform exactly one Write to the underlying Writer. 2436 // It is the caller's responsibility to not call other Write methods concurrently. 2437 func (f *http2Framer) WriteRSTStream(streamID uint32, code http2ErrCode) error { 2438 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 2439 return http2errStreamID 2440 } 2441 f.startWrite(http2FrameRSTStream, 0, streamID) 2442 f.writeUint32(uint32(code)) 2443 return f.endWrite() 2444 } 2445 2446 // A ContinuationFrame is used to continue a sequence of header block fragments. 2447 // See http://http2.github.io/http2-spec/#rfc.section.6.10 2448 type http2ContinuationFrame struct { 2449 http2FrameHeader 2450 headerFragBuf []byte 2451 } 2452 2453 func http2parseContinuationFrame(_ *http2frameCache, fh http2FrameHeader, p []byte) (http2Frame, error) { 2454 if fh.StreamID == 0 { 2455 return nil, http2connError{http2ErrCodeProtocol, "CONTINUATION frame with stream ID 0"} 2456 } 2457 return &http2ContinuationFrame{fh, p}, nil 2458 } 2459 2460 func (f *http2ContinuationFrame) HeaderBlockFragment() []byte { 2461 f.checkValid() 2462 return f.headerFragBuf 2463 } 2464 2465 func (f *http2ContinuationFrame) HeadersEnded() bool { 2466 return f.http2FrameHeader.Flags.Has(http2FlagContinuationEndHeaders) 2467 } 2468 2469 // WriteContinuation writes a CONTINUATION frame. 2470 // 2471 // It will perform exactly one Write to the underlying Writer. 2472 // It is the caller's responsibility to not call other Write methods concurrently. 2473 func (f *http2Framer) WriteContinuation(streamID uint32, endHeaders bool, headerBlockFragment []byte) error { 2474 if !http2validStreamID(streamID) && !f.AllowIllegalWrites { 2475 return http2errStreamID 2476 } 2477 var flags http2Flags 2478 if endHeaders { 2479 flags |= http2FlagContinuationEndHeaders 2480 } 2481 f.startWrite(http2FrameContinuation, flags, streamID) 2482 f.wbuf = append(f.wbuf, headerBlockFragment...) 2483 return f.endWrite() 2484 } 2485 2486 // A PushPromiseFrame is used to initiate a server stream. 2487 // See http://http2.github.io/http2-spec/#rfc.section.6.6 2488 type http2PushPromiseFrame struct { 2489 http2FrameHeader 2490 PromiseID uint32 2491 headerFragBuf []byte // not owned 2492 } 2493 2494 func (f *http2PushPromiseFrame) HeaderBlockFragment() []byte { 2495 f.checkValid() 2496 return f.headerFragBuf 2497 } 2498 2499 func (f *http2PushPromiseFrame) HeadersEnded() bool { 2500 return f.http2FrameHeader.Flags.Has(http2FlagPushPromiseEndHeaders) 2501 } 2502 2503 func http2parsePushPromise(_ *http2frameCache, fh http2FrameHeader, p []byte) (_ http2Frame, err error) { 2504 pp := &http2PushPromiseFrame{ 2505 http2FrameHeader: fh, 2506 } 2507 if pp.StreamID == 0 { 2508 // PUSH_PROMISE frames MUST be associated with an existing, 2509 // peer-initiated stream. The stream identifier of a 2510 // PUSH_PROMISE frame indicates the stream it is associated 2511 // with. If the stream identifier field specifies the value 2512 // 0x0, a recipient MUST respond with a connection error 2513 // (Section 5.4.1) of type PROTOCOL_ERROR. 2514 return nil, http2ConnectionError(http2ErrCodeProtocol) 2515 } 2516 // The PUSH_PROMISE frame includes optional padding. 2517 // Padding fields and flags are identical to those defined for DATA frames 2518 var padLength uint8 2519 if fh.Flags.Has(http2FlagPushPromisePadded) { 2520 if p, padLength, err = http2readByte(p); err != nil { 2521 return 2522 } 2523 } 2524 2525 p, pp.PromiseID, err = http2readUint32(p) 2526 if err != nil { 2527 return 2528 } 2529 pp.PromiseID = pp.PromiseID & (1<<31 - 1) 2530 2531 if int(padLength) > len(p) { 2532 // like the DATA frame, error out if padding is longer than the body. 2533 return nil, http2ConnectionError(http2ErrCodeProtocol) 2534 } 2535 pp.headerFragBuf = p[:len(p)-int(padLength)] 2536 return pp, nil 2537 } 2538 2539 // PushPromiseParam are the parameters for writing a PUSH_PROMISE frame. 2540 type http2PushPromiseParam struct { 2541 // StreamID is the required Stream ID to initiate. 2542 StreamID uint32 2543 2544 // PromiseID is the required Stream ID which this 2545 // Push Promises 2546 PromiseID uint32 2547 2548 // BlockFragment is part (or all) of a Header Block. 2549 BlockFragment []byte 2550 2551 // EndHeaders indicates that this frame contains an entire 2552 // header block and is not followed by any 2553 // CONTINUATION frames. 2554 EndHeaders bool 2555 2556 // PadLength is the optional number of bytes of zeros to add 2557 // to this frame. 2558 PadLength uint8 2559 } 2560 2561 // WritePushPromise writes a single PushPromise Frame. 2562 // 2563 // As with Header Frames, This is the low level call for writing 2564 // individual frames. Continuation frames are handled elsewhere. 2565 // 2566 // It will perform exactly one Write to the underlying Writer. 2567 // It is the caller's responsibility to not call other Write methods concurrently. 2568 func (f *http2Framer) WritePushPromise(p http2PushPromiseParam) error { 2569 if !http2validStreamID(p.StreamID) && !f.AllowIllegalWrites { 2570 return http2errStreamID 2571 } 2572 var flags http2Flags 2573 if p.PadLength != 0 { 2574 flags |= http2FlagPushPromisePadded 2575 } 2576 if p.EndHeaders { 2577 flags |= http2FlagPushPromiseEndHeaders 2578 } 2579 f.startWrite(http2FramePushPromise, flags, p.StreamID) 2580 if p.PadLength != 0 { 2581 f.writeByte(p.PadLength) 2582 } 2583 if !http2validStreamID(p.PromiseID) && !f.AllowIllegalWrites { 2584 return http2errStreamID 2585 } 2586 f.writeUint32(p.PromiseID) 2587 f.wbuf = append(f.wbuf, p.BlockFragment...) 2588 f.wbuf = append(f.wbuf, http2padZeros[:p.PadLength]...) 2589 return f.endWrite() 2590 } 2591 2592 // WriteRawFrame writes a raw frame. This can be used to write 2593 // extension frames unknown to this package. 2594 func (f *http2Framer) WriteRawFrame(t http2FrameType, flags http2Flags, streamID uint32, payload []byte) error { 2595 f.startWrite(t, flags, streamID) 2596 f.writeBytes(payload) 2597 return f.endWrite() 2598 } 2599 2600 func http2readByte(p []byte) (remain []byte, b byte, err error) { 2601 if len(p) == 0 { 2602 return nil, 0, io.ErrUnexpectedEOF 2603 } 2604 return p[1:], p[0], nil 2605 } 2606 2607 func http2readUint32(p []byte) (remain []byte, v uint32, err error) { 2608 if len(p) < 4 { 2609 return nil, 0, io.ErrUnexpectedEOF 2610 } 2611 return p[4:], binary.BigEndian.Uint32(p[:4]), nil 2612 } 2613 2614 type http2streamEnder interface { 2615 StreamEnded() bool 2616 } 2617 2618 type http2headersEnder interface { 2619 HeadersEnded() bool 2620 } 2621 2622 type http2headersOrContinuation interface { 2623 http2headersEnder 2624 HeaderBlockFragment() []byte 2625 } 2626 2627 // A MetaHeadersFrame is the representation of one HEADERS frame and 2628 // zero or more contiguous CONTINUATION frames and the decoding of 2629 // their HPACK-encoded contents. 2630 // 2631 // This type of frame does not appear on the wire and is only returned 2632 // by the Framer when Framer.ReadMetaHeaders is set. 2633 type http2MetaHeadersFrame struct { 2634 *http2HeadersFrame 2635 2636 // Fields are the fields contained in the HEADERS and 2637 // CONTINUATION frames. The underlying slice is owned by the 2638 // Framer and must not be retained after the next call to 2639 // ReadFrame. 2640 // 2641 // Fields are guaranteed to be in the correct http2 order and 2642 // not have unknown pseudo header fields or invalid header 2643 // field names or values. Required pseudo header fields may be 2644 // missing, however. Use the MetaHeadersFrame.Pseudo accessor 2645 // method access pseudo headers. 2646 Fields []hpack.HeaderField 2647 2648 // Truncated is whether the max header list size limit was hit 2649 // and Fields is incomplete. The hpack decoder state is still 2650 // valid, however. 2651 Truncated bool 2652 } 2653 2654 // PseudoValue returns the given pseudo header field's value. 2655 // The provided pseudo field should not contain the leading colon. 2656 func (mh *http2MetaHeadersFrame) PseudoValue(pseudo string) string { 2657 for _, hf := range mh.Fields { 2658 if !hf.IsPseudo() { 2659 return "" 2660 } 2661 if hf.Name[1:] == pseudo { 2662 return hf.Value 2663 } 2664 } 2665 return "" 2666 } 2667 2668 // RegularFields returns the regular (non-pseudo) header fields of mh. 2669 // The caller does not own the returned slice. 2670 func (mh *http2MetaHeadersFrame) RegularFields() []hpack.HeaderField { 2671 for i, hf := range mh.Fields { 2672 if !hf.IsPseudo() { 2673 return mh.Fields[i:] 2674 } 2675 } 2676 return nil 2677 } 2678 2679 // PseudoFields returns the pseudo header fields of mh. 2680 // The caller does not own the returned slice. 2681 func (mh *http2MetaHeadersFrame) PseudoFields() []hpack.HeaderField { 2682 for i, hf := range mh.Fields { 2683 if !hf.IsPseudo() { 2684 return mh.Fields[:i] 2685 } 2686 } 2687 return mh.Fields 2688 } 2689 2690 func (mh *http2MetaHeadersFrame) checkPseudos() error { 2691 var isRequest, isResponse bool 2692 pf := mh.PseudoFields() 2693 for i, hf := range pf { 2694 switch hf.Name { 2695 case ":method", ":path", ":scheme", ":authority": 2696 isRequest = true 2697 case ":status": 2698 isResponse = true 2699 default: 2700 return http2pseudoHeaderError(hf.Name) 2701 } 2702 // Check for duplicates. 2703 // This would be a bad algorithm, but N is 4. 2704 // And this doesn't allocate. 2705 for _, hf2 := range pf[:i] { 2706 if hf.Name == hf2.Name { 2707 return http2duplicatePseudoHeaderError(hf.Name) 2708 } 2709 } 2710 } 2711 if isRequest && isResponse { 2712 return http2errMixPseudoHeaderTypes 2713 } 2714 return nil 2715 } 2716 2717 func (fr *http2Framer) maxHeaderStringLen() int { 2718 v := fr.maxHeaderListSize() 2719 if uint32(int(v)) == v { 2720 return int(v) 2721 } 2722 // They had a crazy big number for MaxHeaderBytes anyway, 2723 // so give them unlimited header lengths: 2724 return 0 2725 } 2726 2727 // readMetaFrame returns 0 or more CONTINUATION frames from fr and 2728 // merge them into into the provided hf and returns a MetaHeadersFrame 2729 // with the decoded hpack values. 2730 func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFrame, error) { 2731 if fr.AllowIllegalReads { 2732 return nil, errors.New("illegal use of AllowIllegalReads with ReadMetaHeaders") 2733 } 2734 mh := &http2MetaHeadersFrame{ 2735 http2HeadersFrame: hf, 2736 } 2737 var remainSize = fr.maxHeaderListSize() 2738 var sawRegular bool 2739 2740 var invalid error // pseudo header field errors 2741 hdec := fr.ReadMetaHeaders 2742 hdec.SetEmitEnabled(true) 2743 hdec.SetMaxStringLength(fr.maxHeaderStringLen()) 2744 hdec.SetEmitFunc(func(hf hpack.HeaderField) { 2745 if http2VerboseLogs && fr.logReads { 2746 fr.debugReadLoggerf("http2: decoded hpack field %+v", hf) 2747 } 2748 if !httplex.ValidHeaderFieldValue(hf.Value) { 2749 invalid = http2headerFieldValueError(hf.Value) 2750 } 2751 isPseudo := strings.HasPrefix(hf.Name, ":") 2752 if isPseudo { 2753 if sawRegular { 2754 invalid = http2errPseudoAfterRegular 2755 } 2756 } else { 2757 sawRegular = true 2758 if !http2validWireHeaderFieldName(hf.Name) { 2759 invalid = http2headerFieldNameError(hf.Name) 2760 } 2761 } 2762 2763 if invalid != nil { 2764 hdec.SetEmitEnabled(false) 2765 return 2766 } 2767 2768 size := hf.Size() 2769 if size > remainSize { 2770 hdec.SetEmitEnabled(false) 2771 mh.Truncated = true 2772 return 2773 } 2774 remainSize -= size 2775 2776 mh.Fields = append(mh.Fields, hf) 2777 }) 2778 // Lose reference to MetaHeadersFrame: 2779 defer hdec.SetEmitFunc(func(hf hpack.HeaderField) {}) 2780 2781 var hc http2headersOrContinuation = hf 2782 for { 2783 frag := hc.HeaderBlockFragment() 2784 if _, err := hdec.Write(frag); err != nil { 2785 return nil, http2ConnectionError(http2ErrCodeCompression) 2786 } 2787 2788 if hc.HeadersEnded() { 2789 break 2790 } 2791 if f, err := fr.ReadFrame(); err != nil { 2792 return nil, err 2793 } else { 2794 hc = f.(*http2ContinuationFrame) // guaranteed by checkFrameOrder 2795 } 2796 } 2797 2798 mh.http2HeadersFrame.headerFragBuf = nil 2799 mh.http2HeadersFrame.invalidate() 2800 2801 if err := hdec.Close(); err != nil { 2802 return nil, http2ConnectionError(http2ErrCodeCompression) 2803 } 2804 if invalid != nil { 2805 fr.errDetail = invalid 2806 if http2VerboseLogs { 2807 log.Printf("http2: invalid header: %v", invalid) 2808 } 2809 return nil, http2StreamError{mh.StreamID, http2ErrCodeProtocol, invalid} 2810 } 2811 if err := mh.checkPseudos(); err != nil { 2812 fr.errDetail = err 2813 if http2VerboseLogs { 2814 log.Printf("http2: invalid pseudo headers: %v", err) 2815 } 2816 return nil, http2StreamError{mh.StreamID, http2ErrCodeProtocol, err} 2817 } 2818 return mh, nil 2819 } 2820 2821 func http2summarizeFrame(f http2Frame) string { 2822 var buf bytes.Buffer 2823 f.Header().writeDebug(&buf) 2824 switch f := f.(type) { 2825 case *http2SettingsFrame: 2826 n := 0 2827 f.ForeachSetting(func(s http2Setting) error { 2828 n++ 2829 if n == 1 { 2830 buf.WriteString(", settings:") 2831 } 2832 fmt.Fprintf(&buf, " %v=%v,", s.ID, s.Val) 2833 return nil 2834 }) 2835 if n > 0 { 2836 buf.Truncate(buf.Len() - 1) // remove trailing comma 2837 } 2838 case *http2DataFrame: 2839 data := f.Data() 2840 const max = 256 2841 if len(data) > max { 2842 data = data[:max] 2843 } 2844 fmt.Fprintf(&buf, " data=%q", data) 2845 if len(f.Data()) > max { 2846 fmt.Fprintf(&buf, " (%d bytes omitted)", len(f.Data())-max) 2847 } 2848 case *http2WindowUpdateFrame: 2849 if f.StreamID == 0 { 2850 buf.WriteString(" (conn)") 2851 } 2852 fmt.Fprintf(&buf, " incr=%v", f.Increment) 2853 case *http2PingFrame: 2854 fmt.Fprintf(&buf, " ping=%q", f.Data[:]) 2855 case *http2GoAwayFrame: 2856 fmt.Fprintf(&buf, " LastStreamID=%v ErrCode=%v Debug=%q", 2857 f.LastStreamID, f.ErrCode, f.debugData) 2858 case *http2RSTStreamFrame: 2859 fmt.Fprintf(&buf, " ErrCode=%v", f.ErrCode) 2860 } 2861 return buf.String() 2862 } 2863 2864 func http2transportExpectContinueTimeout(t1 *Transport) time.Duration { 2865 return t1.ExpectContinueTimeout 2866 } 2867 2868 type http2contextContext interface { 2869 context.Context 2870 } 2871 2872 func http2serverConnBaseContext(c net.Conn, opts *http2ServeConnOpts) (ctx http2contextContext, cancel func()) { 2873 ctx, cancel = context.WithCancel(context.Background()) 2874 ctx = context.WithValue(ctx, LocalAddrContextKey, c.LocalAddr()) 2875 if hs := opts.baseConfig(); hs != nil { 2876 ctx = context.WithValue(ctx, ServerContextKey, hs) 2877 } 2878 return 2879 } 2880 2881 func http2contextWithCancel(ctx http2contextContext) (_ http2contextContext, cancel func()) { 2882 return context.WithCancel(ctx) 2883 } 2884 2885 func http2requestWithContext(req *Request, ctx http2contextContext) *Request { 2886 return req.WithContext(ctx) 2887 } 2888 2889 type http2clientTrace httptrace.ClientTrace 2890 2891 func http2reqContext(r *Request) context.Context { return r.Context() } 2892 2893 func (t *http2Transport) idleConnTimeout() time.Duration { 2894 if t.t1 != nil { 2895 return t.t1.IdleConnTimeout 2896 } 2897 return 0 2898 } 2899 2900 func http2setResponseUncompressed(res *Response) { res.Uncompressed = true } 2901 2902 func http2traceGotConn(req *Request, cc *http2ClientConn) { 2903 trace := httptrace.ContextClientTrace(req.Context()) 2904 if trace == nil || trace.GotConn == nil { 2905 return 2906 } 2907 ci := httptrace.GotConnInfo{Conn: cc.tconn} 2908 cc.mu.Lock() 2909 ci.Reused = cc.nextStreamID > 1 2910 ci.WasIdle = len(cc.streams) == 0 && ci.Reused 2911 if ci.WasIdle && !cc.lastActive.IsZero() { 2912 ci.IdleTime = time.Now().Sub(cc.lastActive) 2913 } 2914 cc.mu.Unlock() 2915 2916 trace.GotConn(ci) 2917 } 2918 2919 func http2traceWroteHeaders(trace *http2clientTrace) { 2920 if trace != nil && trace.WroteHeaders != nil { 2921 trace.WroteHeaders() 2922 } 2923 } 2924 2925 func http2traceGot100Continue(trace *http2clientTrace) { 2926 if trace != nil && trace.Got100Continue != nil { 2927 trace.Got100Continue() 2928 } 2929 } 2930 2931 func http2traceWait100Continue(trace *http2clientTrace) { 2932 if trace != nil && trace.Wait100Continue != nil { 2933 trace.Wait100Continue() 2934 } 2935 } 2936 2937 func http2traceWroteRequest(trace *http2clientTrace, err error) { 2938 if trace != nil && trace.WroteRequest != nil { 2939 trace.WroteRequest(httptrace.WroteRequestInfo{Err: err}) 2940 } 2941 } 2942 2943 func http2traceFirstResponseByte(trace *http2clientTrace) { 2944 if trace != nil && trace.GotFirstResponseByte != nil { 2945 trace.GotFirstResponseByte() 2946 } 2947 } 2948 2949 func http2requestTrace(req *Request) *http2clientTrace { 2950 trace := httptrace.ContextClientTrace(req.Context()) 2951 return (*http2clientTrace)(trace) 2952 } 2953 2954 // Ping sends a PING frame to the server and waits for the ack. 2955 func (cc *http2ClientConn) Ping(ctx context.Context) error { 2956 return cc.ping(ctx) 2957 } 2958 2959 func http2cloneTLSConfig(c *tls.Config) *tls.Config { 2960 c2 := c.Clone() 2961 c2.GetClientCertificate = c.GetClientCertificate // golang.org/issue/19264 2962 return c2 2963 } 2964 2965 var _ Pusher = (*http2responseWriter)(nil) 2966 2967 // Push implements http.Pusher. 2968 func (w *http2responseWriter) Push(target string, opts *PushOptions) error { 2969 internalOpts := http2pushOptions{} 2970 if opts != nil { 2971 internalOpts.Method = opts.Method 2972 internalOpts.Header = opts.Header 2973 } 2974 return w.push(target, internalOpts) 2975 } 2976 2977 func http2configureServer18(h1 *Server, h2 *http2Server) error { 2978 if h2.IdleTimeout == 0 { 2979 if h1.IdleTimeout != 0 { 2980 h2.IdleTimeout = h1.IdleTimeout 2981 } else { 2982 h2.IdleTimeout = h1.ReadTimeout 2983 } 2984 } 2985 return nil 2986 } 2987 2988 func http2shouldLogPanic(panicValue interface{}) bool { 2989 return panicValue != nil && panicValue != ErrAbortHandler 2990 } 2991 2992 func http2reqGetBody(req *Request) func() (io.ReadCloser, error) { 2993 return req.GetBody 2994 } 2995 2996 func http2reqBodyIsNoBody(body io.ReadCloser) bool { 2997 return body == NoBody 2998 } 2999 3000 func http2go18httpNoBody() io.ReadCloser { return NoBody } // for tests only 3001 3002 func http2configureServer19(s *Server, conf *http2Server) error { 3003 s.RegisterOnShutdown(conf.state.startGracefulShutdown) 3004 return nil 3005 } 3006 3007 var http2DebugGoroutines = os.Getenv("DEBUG_HTTP2_GOROUTINES") == "1" 3008 3009 type http2goroutineLock uint64 3010 3011 func http2newGoroutineLock() http2goroutineLock { 3012 if !http2DebugGoroutines { 3013 return 0 3014 } 3015 return http2goroutineLock(http2curGoroutineID()) 3016 } 3017 3018 func (g http2goroutineLock) check() { 3019 if !http2DebugGoroutines { 3020 return 3021 } 3022 if http2curGoroutineID() != uint64(g) { 3023 panic("running on the wrong goroutine") 3024 } 3025 } 3026 3027 func (g http2goroutineLock) checkNotOn() { 3028 if !http2DebugGoroutines { 3029 return 3030 } 3031 if http2curGoroutineID() == uint64(g) { 3032 panic("running on the wrong goroutine") 3033 } 3034 } 3035 3036 var http2goroutineSpace = []byte("goroutine ") 3037 3038 func http2curGoroutineID() uint64 { 3039 bp := http2littleBuf.Get().(*[]byte) 3040 defer http2littleBuf.Put(bp) 3041 b := *bp 3042 b = b[:runtime.Stack(b, false)] 3043 // Parse the 4707 out of "goroutine 4707 [" 3044 b = bytes.TrimPrefix(b, http2goroutineSpace) 3045 i := bytes.IndexByte(b, ' ') 3046 if i < 0 { 3047 panic(fmt.Sprintf("No space found in %q", b)) 3048 } 3049 b = b[:i] 3050 n, err := http2parseUintBytes(b, 10, 64) 3051 if err != nil { 3052 panic(fmt.Sprintf("Failed to parse goroutine ID out of %q: %v", b, err)) 3053 } 3054 return n 3055 } 3056 3057 var http2littleBuf = sync.Pool{ 3058 New: func() interface{} { 3059 buf := make([]byte, 64) 3060 return &buf 3061 }, 3062 } 3063 3064 // parseUintBytes is like strconv.ParseUint, but using a []byte. 3065 func http2parseUintBytes(s []byte, base int, bitSize int) (n uint64, err error) { 3066 var cutoff, maxVal uint64 3067 3068 if bitSize == 0 { 3069 bitSize = int(strconv.IntSize) 3070 } 3071 3072 s0 := s 3073 switch { 3074 case len(s) < 1: 3075 err = strconv.ErrSyntax 3076 goto Error 3077 3078 case 2 <= base && base <= 36: 3079 // valid base; nothing to do 3080 3081 case base == 0: 3082 // Look for octal, hex prefix. 3083 switch { 3084 case s[0] == '0' && len(s) > 1 && (s[1] == 'x' || s[1] == 'X'): 3085 base = 16 3086 s = s[2:] 3087 if len(s) < 1 { 3088 err = strconv.ErrSyntax 3089 goto Error 3090 } 3091 case s[0] == '0': 3092 base = 8 3093 default: 3094 base = 10 3095 } 3096 3097 default: 3098 err = errors.New("invalid base " + strconv.Itoa(base)) 3099 goto Error 3100 } 3101 3102 n = 0 3103 cutoff = http2cutoff64(base) 3104 maxVal = 1<<uint(bitSize) - 1 3105 3106 for i := 0; i < len(s); i++ { 3107 var v byte 3108 d := s[i] 3109 switch { 3110 case '0' <= d && d <= '9': 3111 v = d - '0' 3112 case 'a' <= d && d <= 'z': 3113 v = d - 'a' + 10 3114 case 'A' <= d && d <= 'Z': 3115 v = d - 'A' + 10 3116 default: 3117 n = 0 3118 err = strconv.ErrSyntax 3119 goto Error 3120 } 3121 if int(v) >= base { 3122 n = 0 3123 err = strconv.ErrSyntax 3124 goto Error 3125 } 3126 3127 if n >= cutoff { 3128 // n*base overflows 3129 n = 1<<64 - 1 3130 err = strconv.ErrRange 3131 goto Error 3132 } 3133 n *= uint64(base) 3134 3135 n1 := n + uint64(v) 3136 if n1 < n || n1 > maxVal { 3137 // n+v overflows 3138 n = 1<<64 - 1 3139 err = strconv.ErrRange 3140 goto Error 3141 } 3142 n = n1 3143 } 3144 3145 return n, nil 3146 3147 Error: 3148 return n, &strconv.NumError{Func: "ParseUint", Num: string(s0), Err: err} 3149 } 3150 3151 // Return the first number n such that n*base >= 1<<64. 3152 func http2cutoff64(base int) uint64 { 3153 if base < 2 { 3154 return 0 3155 } 3156 return (1<<64-1)/uint64(base) + 1 3157 } 3158 3159 var ( 3160 http2commonLowerHeader = map[string]string{} // Go-Canonical-Case -> lower-case 3161 http2commonCanonHeader = map[string]string{} // lower-case -> Go-Canonical-Case 3162 ) 3163 3164 func init() { 3165 for _, v := range []string{ 3166 "accept", 3167 "accept-charset", 3168 "accept-encoding", 3169 "accept-language", 3170 "accept-ranges", 3171 "age", 3172 "access-control-allow-origin", 3173 "allow", 3174 "authorization", 3175 "cache-control", 3176 "content-disposition", 3177 "content-encoding", 3178 "content-language", 3179 "content-length", 3180 "content-location", 3181 "content-range", 3182 "content-type", 3183 "cookie", 3184 "date", 3185 "etag", 3186 "expect", 3187 "expires", 3188 "from", 3189 "host", 3190 "if-match", 3191 "if-modified-since", 3192 "if-none-match", 3193 "if-unmodified-since", 3194 "last-modified", 3195 "link", 3196 "location", 3197 "max-forwards", 3198 "proxy-authenticate", 3199 "proxy-authorization", 3200 "range", 3201 "referer", 3202 "refresh", 3203 "retry-after", 3204 "server", 3205 "set-cookie", 3206 "strict-transport-security", 3207 "trailer", 3208 "transfer-encoding", 3209 "user-agent", 3210 "vary", 3211 "via", 3212 "www-authenticate", 3213 } { 3214 chk := CanonicalHeaderKey(v) 3215 http2commonLowerHeader[chk] = v 3216 http2commonCanonHeader[v] = chk 3217 } 3218 } 3219 3220 func http2lowerHeader(v string) string { 3221 if s, ok := http2commonLowerHeader[v]; ok { 3222 return s 3223 } 3224 return strings.ToLower(v) 3225 } 3226 3227 var ( 3228 http2VerboseLogs bool 3229 http2logFrameWrites bool 3230 http2logFrameReads bool 3231 http2inTests bool 3232 ) 3233 3234 func init() { 3235 e := os.Getenv("GODEBUG") 3236 if strings.Contains(e, "http2debug=1") { 3237 http2VerboseLogs = true 3238 } 3239 if strings.Contains(e, "http2debug=2") { 3240 http2VerboseLogs = true 3241 http2logFrameWrites = true 3242 http2logFrameReads = true 3243 } 3244 } 3245 3246 const ( 3247 // ClientPreface is the string that must be sent by new 3248 // connections from clients. 3249 http2ClientPreface = "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n" 3250 3251 // SETTINGS_MAX_FRAME_SIZE default 3252 // http://http2.github.io/http2-spec/#rfc.section.6.5.2 3253 http2initialMaxFrameSize = 16384 3254 3255 // NextProtoTLS is the NPN/ALPN protocol negotiated during 3256 // HTTP/2's TLS setup. 3257 http2NextProtoTLS = "h2" 3258 3259 // http://http2.github.io/http2-spec/#SettingValues 3260 http2initialHeaderTableSize = 4096 3261 3262 http2initialWindowSize = 65535 // 6.9.2 Initial Flow Control Window Size 3263 3264 http2defaultMaxReadFrameSize = 1 << 20 3265 ) 3266 3267 var ( 3268 http2clientPreface = []byte(http2ClientPreface) 3269 ) 3270 3271 type http2streamState int 3272 3273 // HTTP/2 stream states. 3274 // 3275 // See http://tools.ietf.org/html/rfc7540#section-5.1. 3276 // 3277 // For simplicity, the server code merges "reserved (local)" into 3278 // "half-closed (remote)". This is one less state transition to track. 3279 // The only downside is that we send PUSH_PROMISEs slightly less 3280 // liberally than allowable. More discussion here: 3281 // https://lists.w3.org/Archives/Public/ietf-http-wg/2016JulSep/0599.html 3282 // 3283 // "reserved (remote)" is omitted since the client code does not 3284 // support server push. 3285 const ( 3286 http2stateIdle http2streamState = iota 3287 http2stateOpen 3288 http2stateHalfClosedLocal 3289 http2stateHalfClosedRemote 3290 http2stateClosed 3291 ) 3292 3293 var http2stateName = [...]string{ 3294 http2stateIdle: "Idle", 3295 http2stateOpen: "Open", 3296 http2stateHalfClosedLocal: "HalfClosedLocal", 3297 http2stateHalfClosedRemote: "HalfClosedRemote", 3298 http2stateClosed: "Closed", 3299 } 3300 3301 func (st http2streamState) String() string { 3302 return http2stateName[st] 3303 } 3304 3305 // Setting is a setting parameter: which setting it is, and its value. 3306 type http2Setting struct { 3307 // ID is which setting is being set. 3308 // See http://http2.github.io/http2-spec/#SettingValues 3309 ID http2SettingID 3310 3311 // Val is the value. 3312 Val uint32 3313 } 3314 3315 func (s http2Setting) String() string { 3316 return fmt.Sprintf("[%v = %d]", s.ID, s.Val) 3317 } 3318 3319 // Valid reports whether the setting is valid. 3320 func (s http2Setting) Valid() error { 3321 // Limits and error codes from 6.5.2 Defined SETTINGS Parameters 3322 switch s.ID { 3323 case http2SettingEnablePush: 3324 if s.Val != 1 && s.Val != 0 { 3325 return http2ConnectionError(http2ErrCodeProtocol) 3326 } 3327 case http2SettingInitialWindowSize: 3328 if s.Val > 1<<31-1 { 3329 return http2ConnectionError(http2ErrCodeFlowControl) 3330 } 3331 case http2SettingMaxFrameSize: 3332 if s.Val < 16384 || s.Val > 1<<24-1 { 3333 return http2ConnectionError(http2ErrCodeProtocol) 3334 } 3335 } 3336 return nil 3337 } 3338 3339 // A SettingID is an HTTP/2 setting as defined in 3340 // http://http2.github.io/http2-spec/#iana-settings 3341 type http2SettingID uint16 3342 3343 const ( 3344 http2SettingHeaderTableSize http2SettingID = 0x1 3345 http2SettingEnablePush http2SettingID = 0x2 3346 http2SettingMaxConcurrentStreams http2SettingID = 0x3 3347 http2SettingInitialWindowSize http2SettingID = 0x4 3348 http2SettingMaxFrameSize http2SettingID = 0x5 3349 http2SettingMaxHeaderListSize http2SettingID = 0x6 3350 ) 3351 3352 var http2settingName = map[http2SettingID]string{ 3353 http2SettingHeaderTableSize: "HEADER_TABLE_SIZE", 3354 http2SettingEnablePush: "ENABLE_PUSH", 3355 http2SettingMaxConcurrentStreams: "MAX_CONCURRENT_STREAMS", 3356 http2SettingInitialWindowSize: "INITIAL_WINDOW_SIZE", 3357 http2SettingMaxFrameSize: "MAX_FRAME_SIZE", 3358 http2SettingMaxHeaderListSize: "MAX_HEADER_LIST_SIZE", 3359 } 3360 3361 func (s http2SettingID) String() string { 3362 if v, ok := http2settingName[s]; ok { 3363 return v 3364 } 3365 return fmt.Sprintf("UNKNOWN_SETTING_%d", uint16(s)) 3366 } 3367 3368 var ( 3369 http2errInvalidHeaderFieldName = errors.New("http2: invalid header field name") 3370 http2errInvalidHeaderFieldValue = errors.New("http2: invalid header field value") 3371 ) 3372 3373 // validWireHeaderFieldName reports whether v is a valid header field 3374 // name (key). See httplex.ValidHeaderName for the base rules. 3375 // 3376 // Further, http2 says: 3377 // "Just as in HTTP/1.x, header field names are strings of ASCII 3378 // characters that are compared in a case-insensitive 3379 // fashion. However, header field names MUST be converted to 3380 // lowercase prior to their encoding in HTTP/2. " 3381 func http2validWireHeaderFieldName(v string) bool { 3382 if len(v) == 0 { 3383 return false 3384 } 3385 for _, r := range v { 3386 if !httplex.IsTokenRune(r) { 3387 return false 3388 } 3389 if 'A' <= r && r <= 'Z' { 3390 return false 3391 } 3392 } 3393 return true 3394 } 3395 3396 var http2httpCodeStringCommon = map[int]string{} // n -> strconv.Itoa(n) 3397 3398 func init() { 3399 for i := 100; i <= 999; i++ { 3400 if v := StatusText(i); v != "" { 3401 http2httpCodeStringCommon[i] = strconv.Itoa(i) 3402 } 3403 } 3404 } 3405 3406 func http2httpCodeString(code int) string { 3407 if s, ok := http2httpCodeStringCommon[code]; ok { 3408 return s 3409 } 3410 return strconv.Itoa(code) 3411 } 3412 3413 // from pkg io 3414 type http2stringWriter interface { 3415 WriteString(s string) (n int, err error) 3416 } 3417 3418 // A gate lets two goroutines coordinate their activities. 3419 type http2gate chan struct{} 3420 3421 func (g http2gate) Done() { g <- struct{}{} } 3422 3423 func (g http2gate) Wait() { <-g } 3424 3425 // A closeWaiter is like a sync.WaitGroup but only goes 1 to 0 (open to closed). 3426 type http2closeWaiter chan struct{} 3427 3428 // Init makes a closeWaiter usable. 3429 // It exists because so a closeWaiter value can be placed inside a 3430 // larger struct and have the Mutex and Cond's memory in the same 3431 // allocation. 3432 func (cw *http2closeWaiter) Init() { 3433 *cw = make(chan struct{}) 3434 } 3435 3436 // Close marks the closeWaiter as closed and unblocks any waiters. 3437 func (cw http2closeWaiter) Close() { 3438 close(cw) 3439 } 3440 3441 // Wait waits for the closeWaiter to become closed. 3442 func (cw http2closeWaiter) Wait() { 3443 <-cw 3444 } 3445 3446 // bufferedWriter is a buffered writer that writes to w. 3447 // Its buffered writer is lazily allocated as needed, to minimize 3448 // idle memory usage with many connections. 3449 type http2bufferedWriter struct { 3450 w io.Writer // immutable 3451 bw *bufio.Writer // non-nil when data is buffered 3452 } 3453 3454 func http2newBufferedWriter(w io.Writer) *http2bufferedWriter { 3455 return &http2bufferedWriter{w: w} 3456 } 3457 3458 // bufWriterPoolBufferSize is the size of bufio.Writer's 3459 // buffers created using bufWriterPool. 3460 // 3461 // TODO: pick a less arbitrary value? this is a bit under 3462 // (3 x typical 1500 byte MTU) at least. Other than that, 3463 // not much thought went into it. 3464 const http2bufWriterPoolBufferSize = 4 << 10 3465 3466 var http2bufWriterPool = sync.Pool{ 3467 New: func() interface{} { 3468 return bufio.NewWriterSize(nil, http2bufWriterPoolBufferSize) 3469 }, 3470 } 3471 3472 func (w *http2bufferedWriter) Available() int { 3473 if w.bw == nil { 3474 return http2bufWriterPoolBufferSize 3475 } 3476 return w.bw.Available() 3477 } 3478 3479 func (w *http2bufferedWriter) Write(p []byte) (n int, err error) { 3480 if w.bw == nil { 3481 bw := http2bufWriterPool.Get().(*bufio.Writer) 3482 bw.Reset(w.w) 3483 w.bw = bw 3484 } 3485 return w.bw.Write(p) 3486 } 3487 3488 func (w *http2bufferedWriter) Flush() error { 3489 bw := w.bw 3490 if bw == nil { 3491 return nil 3492 } 3493 err := bw.Flush() 3494 bw.Reset(nil) 3495 http2bufWriterPool.Put(bw) 3496 w.bw = nil 3497 return err 3498 } 3499 3500 func http2mustUint31(v int32) uint32 { 3501 if v < 0 || v > 2147483647 { 3502 panic("out of range") 3503 } 3504 return uint32(v) 3505 } 3506 3507 // bodyAllowedForStatus reports whether a given response status code 3508 // permits a body. See RFC 2616, section 4.4. 3509 func http2bodyAllowedForStatus(status int) bool { 3510 switch { 3511 case status >= 100 && status <= 199: 3512 return false 3513 case status == 204: 3514 return false 3515 case status == 304: 3516 return false 3517 } 3518 return true 3519 } 3520 3521 type http2httpError struct { 3522 msg string 3523 timeout bool 3524 } 3525 3526 func (e *http2httpError) Error() string { return e.msg } 3527 3528 func (e *http2httpError) Timeout() bool { return e.timeout } 3529 3530 func (e *http2httpError) Temporary() bool { return true } 3531 3532 var http2errTimeout error = &http2httpError{msg: "http2: timeout awaiting response headers", timeout: true} 3533 3534 type http2connectionStater interface { 3535 ConnectionState() tls.ConnectionState 3536 } 3537 3538 var http2sorterPool = sync.Pool{New: func() interface{} { return new(http2sorter) }} 3539 3540 type http2sorter struct { 3541 v []string // owned by sorter 3542 } 3543 3544 func (s *http2sorter) Len() int { return len(s.v) } 3545 3546 func (s *http2sorter) Swap(i, j int) { s.v[i], s.v[j] = s.v[j], s.v[i] } 3547 3548 func (s *http2sorter) Less(i, j int) bool { return s.v[i] < s.v[j] } 3549 3550 // Keys returns the sorted keys of h. 3551 // 3552 // The returned slice is only valid until s used again or returned to 3553 // its pool. 3554 func (s *http2sorter) Keys(h Header) []string { 3555 keys := s.v[:0] 3556 for k := range h { 3557 keys = append(keys, k) 3558 } 3559 s.v = keys 3560 sort.Sort(s) 3561 return keys 3562 } 3563 3564 func (s *http2sorter) SortStrings(ss []string) { 3565 // Our sorter works on s.v, which sorter owns, so 3566 // stash it away while we sort the user's buffer. 3567 save := s.v 3568 s.v = ss 3569 sort.Sort(s) 3570 s.v = save 3571 } 3572 3573 // validPseudoPath reports whether v is a valid :path pseudo-header 3574 // value. It must be either: 3575 // 3576 // *) a non-empty string starting with '/' 3577 // *) the string '*', for OPTIONS requests. 3578 // 3579 // For now this is only used a quick check for deciding when to clean 3580 // up Opaque URLs before sending requests from the Transport. 3581 // See golang.org/issue/16847 3582 // 3583 // We used to enforce that the path also didn't start with "//", but 3584 // Google's GFE accepts such paths and Chrome sends them, so ignore 3585 // that part of the spec. See golang.org/issue/19103. 3586 func http2validPseudoPath(v string) bool { 3587 return (len(v) > 0 && v[0] == '/') || v == "*" 3588 } 3589 3590 // pipe is a goroutine-safe io.Reader/io.Writer pair. It's like 3591 // io.Pipe except there are no PipeReader/PipeWriter halves, and the 3592 // underlying buffer is an interface. (io.Pipe is always unbuffered) 3593 type http2pipe struct { 3594 mu sync.Mutex 3595 c sync.Cond // c.L lazily initialized to &p.mu 3596 b http2pipeBuffer // nil when done reading 3597 err error // read error once empty. non-nil means closed. 3598 breakErr error // immediate read error (caller doesn't see rest of b) 3599 donec chan struct{} // closed on error 3600 readFn func() // optional code to run in Read before error 3601 } 3602 3603 type http2pipeBuffer interface { 3604 Len() int 3605 io.Writer 3606 io.Reader 3607 } 3608 3609 func (p *http2pipe) Len() int { 3610 p.mu.Lock() 3611 defer p.mu.Unlock() 3612 if p.b == nil { 3613 return 0 3614 } 3615 return p.b.Len() 3616 } 3617 3618 // Read waits until data is available and copies bytes 3619 // from the buffer into p. 3620 func (p *http2pipe) Read(d []byte) (n int, err error) { 3621 p.mu.Lock() 3622 defer p.mu.Unlock() 3623 if p.c.L == nil { 3624 p.c.L = &p.mu 3625 } 3626 for { 3627 if p.breakErr != nil { 3628 return 0, p.breakErr 3629 } 3630 if p.b != nil && p.b.Len() > 0 { 3631 return p.b.Read(d) 3632 } 3633 if p.err != nil { 3634 if p.readFn != nil { 3635 p.readFn() // e.g. copy trailers 3636 p.readFn = nil // not sticky like p.err 3637 } 3638 p.b = nil 3639 return 0, p.err 3640 } 3641 p.c.Wait() 3642 } 3643 } 3644 3645 var http2errClosedPipeWrite = errors.New("write on closed buffer") 3646 3647 // Write copies bytes from p into the buffer and wakes a reader. 3648 // It is an error to write more data than the buffer can hold. 3649 func (p *http2pipe) Write(d []byte) (n int, err error) { 3650 p.mu.Lock() 3651 defer p.mu.Unlock() 3652 if p.c.L == nil { 3653 p.c.L = &p.mu 3654 } 3655 defer p.c.Signal() 3656 if p.err != nil { 3657 return 0, http2errClosedPipeWrite 3658 } 3659 if p.breakErr != nil { 3660 return len(d), nil // discard when there is no reader 3661 } 3662 return p.b.Write(d) 3663 } 3664 3665 // CloseWithError causes the next Read (waking up a current blocked 3666 // Read if needed) to return the provided err after all data has been 3667 // read. 3668 // 3669 // The error must be non-nil. 3670 func (p *http2pipe) CloseWithError(err error) { p.closeWithError(&p.err, err, nil) } 3671 3672 // BreakWithError causes the next Read (waking up a current blocked 3673 // Read if needed) to return the provided err immediately, without 3674 // waiting for unread data. 3675 func (p *http2pipe) BreakWithError(err error) { p.closeWithError(&p.breakErr, err, nil) } 3676 3677 // closeWithErrorAndCode is like CloseWithError but also sets some code to run 3678 // in the caller's goroutine before returning the error. 3679 func (p *http2pipe) closeWithErrorAndCode(err error, fn func()) { p.closeWithError(&p.err, err, fn) } 3680 3681 func (p *http2pipe) closeWithError(dst *error, err error, fn func()) { 3682 if err == nil { 3683 panic("err must be non-nil") 3684 } 3685 p.mu.Lock() 3686 defer p.mu.Unlock() 3687 if p.c.L == nil { 3688 p.c.L = &p.mu 3689 } 3690 defer p.c.Signal() 3691 if *dst != nil { 3692 // Already been done. 3693 return 3694 } 3695 p.readFn = fn 3696 if dst == &p.breakErr { 3697 p.b = nil 3698 } 3699 *dst = err 3700 p.closeDoneLocked() 3701 } 3702 3703 // requires p.mu be held. 3704 func (p *http2pipe) closeDoneLocked() { 3705 if p.donec == nil { 3706 return 3707 } 3708 // Close if unclosed. This isn't racy since we always 3709 // hold p.mu while closing. 3710 select { 3711 case <-p.donec: 3712 default: 3713 close(p.donec) 3714 } 3715 } 3716 3717 // Err returns the error (if any) first set by BreakWithError or CloseWithError. 3718 func (p *http2pipe) Err() error { 3719 p.mu.Lock() 3720 defer p.mu.Unlock() 3721 if p.breakErr != nil { 3722 return p.breakErr 3723 } 3724 return p.err 3725 } 3726 3727 // Done returns a channel which is closed if and when this pipe is closed 3728 // with CloseWithError. 3729 func (p *http2pipe) Done() <-chan struct{} { 3730 p.mu.Lock() 3731 defer p.mu.Unlock() 3732 if p.donec == nil { 3733 p.donec = make(chan struct{}) 3734 if p.err != nil || p.breakErr != nil { 3735 // Already hit an error. 3736 p.closeDoneLocked() 3737 } 3738 } 3739 return p.donec 3740 } 3741 3742 const ( 3743 http2prefaceTimeout = 10 * time.Second 3744 http2firstSettingsTimeout = 2 * time.Second // should be in-flight with preface anyway 3745 http2handlerChunkWriteSize = 4 << 10 3746 http2defaultMaxStreams = 250 // TODO: make this 100 as the GFE seems to? 3747 ) 3748 3749 var ( 3750 http2errClientDisconnected = errors.New("client disconnected") 3751 http2errClosedBody = errors.New("body closed by handler") 3752 http2errHandlerComplete = errors.New("http2: request body closed due to handler exiting") 3753 http2errStreamClosed = errors.New("http2: stream closed") 3754 ) 3755 3756 var http2responseWriterStatePool = sync.Pool{ 3757 New: func() interface{} { 3758 rws := &http2responseWriterState{} 3759 rws.bw = bufio.NewWriterSize(http2chunkWriter{rws}, http2handlerChunkWriteSize) 3760 return rws 3761 }, 3762 } 3763 3764 // Test hooks. 3765 var ( 3766 http2testHookOnConn func() 3767 http2testHookGetServerConn func(*http2serverConn) 3768 http2testHookOnPanicMu *sync.Mutex // nil except in tests 3769 http2testHookOnPanic func(sc *http2serverConn, panicVal interface{}) (rePanic bool) 3770 ) 3771 3772 // Server is an HTTP/2 server. 3773 type http2Server struct { 3774 // MaxHandlers limits the number of http.Handler ServeHTTP goroutines 3775 // which may run at a time over all connections. 3776 // Negative or zero no limit. 3777 // TODO: implement 3778 MaxHandlers int 3779 3780 // MaxConcurrentStreams optionally specifies the number of 3781 // concurrent streams that each client may have open at a 3782 // time. This is unrelated to the number of http.Handler goroutines 3783 // which may be active globally, which is MaxHandlers. 3784 // If zero, MaxConcurrentStreams defaults to at least 100, per 3785 // the HTTP/2 spec's recommendations. 3786 MaxConcurrentStreams uint32 3787 3788 // MaxReadFrameSize optionally specifies the largest frame 3789 // this server is willing to read. A valid value is between 3790 // 16k and 16M, inclusive. If zero or otherwise invalid, a 3791 // default value is used. 3792 MaxReadFrameSize uint32 3793 3794 // PermitProhibitedCipherSuites, if true, permits the use of 3795 // cipher suites prohibited by the HTTP/2 spec. 3796 PermitProhibitedCipherSuites bool 3797 3798 // IdleTimeout specifies how long until idle clients should be 3799 // closed with a GOAWAY frame. PING frames are not considered 3800 // activity for the purposes of IdleTimeout. 3801 IdleTimeout time.Duration 3802 3803 // MaxUploadBufferPerConnection is the size of the initial flow 3804 // control window for each connections. The HTTP/2 spec does not 3805 // allow this to be smaller than 65535 or larger than 2^32-1. 3806 // If the value is outside this range, a default value will be 3807 // used instead. 3808 MaxUploadBufferPerConnection int32 3809 3810 // MaxUploadBufferPerStream is the size of the initial flow control 3811 // window for each stream. The HTTP/2 spec does not allow this to 3812 // be larger than 2^32-1. If the value is zero or larger than the 3813 // maximum, a default value will be used instead. 3814 MaxUploadBufferPerStream int32 3815 3816 // NewWriteScheduler constructs a write scheduler for a connection. 3817 // If nil, a default scheduler is chosen. 3818 NewWriteScheduler func() http2WriteScheduler 3819 3820 // Internal state. This is a pointer (rather than embedded directly) 3821 // so that we don't embed a Mutex in this struct, which will make the 3822 // struct non-copyable, which might break some callers. 3823 state *http2serverInternalState 3824 } 3825 3826 func (s *http2Server) initialConnRecvWindowSize() int32 { 3827 if s.MaxUploadBufferPerConnection > http2initialWindowSize { 3828 return s.MaxUploadBufferPerConnection 3829 } 3830 return 1 << 20 3831 } 3832 3833 func (s *http2Server) initialStreamRecvWindowSize() int32 { 3834 if s.MaxUploadBufferPerStream > 0 { 3835 return s.MaxUploadBufferPerStream 3836 } 3837 return 1 << 20 3838 } 3839 3840 func (s *http2Server) maxReadFrameSize() uint32 { 3841 if v := s.MaxReadFrameSize; v >= http2minMaxFrameSize && v <= http2maxFrameSize { 3842 return v 3843 } 3844 return http2defaultMaxReadFrameSize 3845 } 3846 3847 func (s *http2Server) maxConcurrentStreams() uint32 { 3848 if v := s.MaxConcurrentStreams; v > 0 { 3849 return v 3850 } 3851 return http2defaultMaxStreams 3852 } 3853 3854 type http2serverInternalState struct { 3855 mu sync.Mutex 3856 activeConns map[*http2serverConn]struct{} 3857 } 3858 3859 func (s *http2serverInternalState) registerConn(sc *http2serverConn) { 3860 if s == nil { 3861 return // if the Server was used without calling ConfigureServer 3862 } 3863 s.mu.Lock() 3864 s.activeConns[sc] = struct{}{} 3865 s.mu.Unlock() 3866 } 3867 3868 func (s *http2serverInternalState) unregisterConn(sc *http2serverConn) { 3869 if s == nil { 3870 return // if the Server was used without calling ConfigureServer 3871 } 3872 s.mu.Lock() 3873 delete(s.activeConns, sc) 3874 s.mu.Unlock() 3875 } 3876 3877 func (s *http2serverInternalState) startGracefulShutdown() { 3878 if s == nil { 3879 return // if the Server was used without calling ConfigureServer 3880 } 3881 s.mu.Lock() 3882 for sc := range s.activeConns { 3883 sc.startGracefulShutdown() 3884 } 3885 s.mu.Unlock() 3886 } 3887 3888 // ConfigureServer adds HTTP/2 support to a net/http Server. 3889 // 3890 // The configuration conf may be nil. 3891 // 3892 // ConfigureServer must be called before s begins serving. 3893 func http2ConfigureServer(s *Server, conf *http2Server) error { 3894 if s == nil { 3895 panic("nil *http.Server") 3896 } 3897 if conf == nil { 3898 conf = new(http2Server) 3899 } 3900 conf.state = &http2serverInternalState{activeConns: make(map[*http2serverConn]struct{})} 3901 if err := http2configureServer18(s, conf); err != nil { 3902 return err 3903 } 3904 if err := http2configureServer19(s, conf); err != nil { 3905 return err 3906 } 3907 3908 if s.TLSConfig == nil { 3909 s.TLSConfig = new(tls.Config) 3910 } else if s.TLSConfig.CipherSuites != nil { 3911 // If they already provided a CipherSuite list, return 3912 // an error if it has a bad order or is missing 3913 // ECDHE_RSA_WITH_AES_128_GCM_SHA256 or ECDHE_ECDSA_WITH_AES_128_GCM_SHA256. 3914 haveRequired := false 3915 sawBad := false 3916 for i, cs := range s.TLSConfig.CipherSuites { 3917 switch cs { 3918 case tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 3919 // Alternative MTI cipher to not discourage ECDSA-only servers. 3920 // See http://golang.org/cl/30721 for further information. 3921 tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: 3922 haveRequired = true 3923 } 3924 if http2isBadCipher(cs) { 3925 sawBad = true 3926 } else if sawBad { 3927 return fmt.Errorf("http2: TLSConfig.CipherSuites index %d contains an HTTP/2-approved cipher suite (%#04x), but it comes after unapproved cipher suites. With this configuration, clients that don't support previous, approved cipher suites may be given an unapproved one and reject the connection.", i, cs) 3928 } 3929 } 3930 if !haveRequired { 3931 return fmt.Errorf("http2: TLSConfig.CipherSuites is missing an HTTP/2-required AES_128_GCM_SHA256 cipher.") 3932 } 3933 } 3934 3935 // Note: not setting MinVersion to tls.VersionTLS12, 3936 // as we don't want to interfere with HTTP/1.1 traffic 3937 // on the user's server. We enforce TLS 1.2 later once 3938 // we accept a connection. Ideally this should be done 3939 // during next-proto selection, but using TLS <1.2 with 3940 // HTTP/2 is still the client's bug. 3941 3942 s.TLSConfig.PreferServerCipherSuites = true 3943 3944 haveNPN := false 3945 for _, p := range s.TLSConfig.NextProtos { 3946 if p == http2NextProtoTLS { 3947 haveNPN = true 3948 break 3949 } 3950 } 3951 if !haveNPN { 3952 s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, http2NextProtoTLS) 3953 } 3954 3955 if s.TLSNextProto == nil { 3956 s.TLSNextProto = map[string]func(*Server, *tls.Conn, Handler){} 3957 } 3958 protoHandler := func(hs *Server, c *tls.Conn, h Handler) { 3959 if http2testHookOnConn != nil { 3960 http2testHookOnConn() 3961 } 3962 conf.ServeConn(c, &http2ServeConnOpts{ 3963 Handler: h, 3964 BaseConfig: hs, 3965 }) 3966 } 3967 s.TLSNextProto[http2NextProtoTLS] = protoHandler 3968 return nil 3969 } 3970 3971 // ServeConnOpts are options for the Server.ServeConn method. 3972 type http2ServeConnOpts struct { 3973 // BaseConfig optionally sets the base configuration 3974 // for values. If nil, defaults are used. 3975 BaseConfig *Server 3976 3977 // Handler specifies which handler to use for processing 3978 // requests. If nil, BaseConfig.Handler is used. If BaseConfig 3979 // or BaseConfig.Handler is nil, http.DefaultServeMux is used. 3980 Handler Handler 3981 } 3982 3983 func (o *http2ServeConnOpts) baseConfig() *Server { 3984 if o != nil && o.BaseConfig != nil { 3985 return o.BaseConfig 3986 } 3987 return new(Server) 3988 } 3989 3990 func (o *http2ServeConnOpts) handler() Handler { 3991 if o != nil { 3992 if o.Handler != nil { 3993 return o.Handler 3994 } 3995 if o.BaseConfig != nil && o.BaseConfig.Handler != nil { 3996 return o.BaseConfig.Handler 3997 } 3998 } 3999 return DefaultServeMux 4000 } 4001 4002 // ServeConn serves HTTP/2 requests on the provided connection and 4003 // blocks until the connection is no longer readable. 4004 // 4005 // ServeConn starts speaking HTTP/2 assuming that c has not had any 4006 // reads or writes. It writes its initial settings frame and expects 4007 // to be able to read the preface and settings frame from the 4008 // client. If c has a ConnectionState method like a *tls.Conn, the 4009 // ConnectionState is used to verify the TLS ciphersuite and to set 4010 // the Request.TLS field in Handlers. 4011 // 4012 // ServeConn does not support h2c by itself. Any h2c support must be 4013 // implemented in terms of providing a suitably-behaving net.Conn. 4014 // 4015 // The opts parameter is optional. If nil, default values are used. 4016 func (s *http2Server) ServeConn(c net.Conn, opts *http2ServeConnOpts) { 4017 baseCtx, cancel := http2serverConnBaseContext(c, opts) 4018 defer cancel() 4019 4020 sc := &http2serverConn{ 4021 srv: s, 4022 hs: opts.baseConfig(), 4023 conn: c, 4024 baseCtx: baseCtx, 4025 remoteAddrStr: c.RemoteAddr().String(), 4026 bw: http2newBufferedWriter(c), 4027 handler: opts.handler(), 4028 streams: make(map[uint32]*http2stream), 4029 readFrameCh: make(chan http2readFrameResult), 4030 wantWriteFrameCh: make(chan http2FrameWriteRequest, 8), 4031 serveMsgCh: make(chan interface{}, 8), 4032 wroteFrameCh: make(chan http2frameWriteResult, 1), // buffered; one send in writeFrameAsync 4033 bodyReadCh: make(chan http2bodyReadMsg), // buffering doesn't matter either way 4034 doneServing: make(chan struct{}), 4035 clientMaxStreams: math.MaxUint32, // Section 6.5.2: "Initially, there is no limit to this value" 4036 advMaxStreams: s.maxConcurrentStreams(), 4037 initialStreamSendWindowSize: http2initialWindowSize, 4038 maxFrameSize: http2initialMaxFrameSize, 4039 headerTableSize: http2initialHeaderTableSize, 4040 serveG: http2newGoroutineLock(), 4041 pushEnabled: true, 4042 } 4043 4044 s.state.registerConn(sc) 4045 defer s.state.unregisterConn(sc) 4046 4047 // The net/http package sets the write deadline from the 4048 // http.Server.WriteTimeout during the TLS handshake, but then 4049 // passes the connection off to us with the deadline already set. 4050 // Write deadlines are set per stream in serverConn.newStream. 4051 // Disarm the net.Conn write deadline here. 4052 if sc.hs.WriteTimeout != 0 { 4053 sc.conn.SetWriteDeadline(time.Time{}) 4054 } 4055 4056 if s.NewWriteScheduler != nil { 4057 sc.writeSched = s.NewWriteScheduler() 4058 } else { 4059 sc.writeSched = http2NewRandomWriteScheduler() 4060 } 4061 4062 // These start at the RFC-specified defaults. If there is a higher 4063 // configured value for inflow, that will be updated when we send a 4064 // WINDOW_UPDATE shortly after sending SETTINGS. 4065 sc.flow.add(http2initialWindowSize) 4066 sc.inflow.add(http2initialWindowSize) 4067 sc.hpackEncoder = hpack.NewEncoder(&sc.headerWriteBuf) 4068 4069 fr := http2NewFramer(sc.bw, c) 4070 fr.ReadMetaHeaders = hpack.NewDecoder(http2initialHeaderTableSize, nil) 4071 fr.MaxHeaderListSize = sc.maxHeaderListSize() 4072 fr.SetMaxReadFrameSize(s.maxReadFrameSize()) 4073 sc.framer = fr 4074 4075 if tc, ok := c.(http2connectionStater); ok { 4076 sc.tlsState = new(tls.ConnectionState) 4077 *sc.tlsState = tc.ConnectionState() 4078 // 9.2 Use of TLS Features 4079 // An implementation of HTTP/2 over TLS MUST use TLS 4080 // 1.2 or higher with the restrictions on feature set 4081 // and cipher suite described in this section. Due to 4082 // implementation limitations, it might not be 4083 // possible to fail TLS negotiation. An endpoint MUST 4084 // immediately terminate an HTTP/2 connection that 4085 // does not meet the TLS requirements described in 4086 // this section with a connection error (Section 4087 // 5.4.1) of type INADEQUATE_SECURITY. 4088 if sc.tlsState.Version < tls.VersionTLS12 { 4089 sc.rejectConn(http2ErrCodeInadequateSecurity, "TLS version too low") 4090 return 4091 } 4092 4093 if sc.tlsState.ServerName == "" { 4094 // Client must use SNI, but we don't enforce that anymore, 4095 // since it was causing problems when connecting to bare IP 4096 // addresses during development. 4097 // 4098 // TODO: optionally enforce? Or enforce at the time we receive 4099 // a new request, and verify the the ServerName matches the :authority? 4100 // But that precludes proxy situations, perhaps. 4101 // 4102 // So for now, do nothing here again. 4103 } 4104 4105 if !s.PermitProhibitedCipherSuites && http2isBadCipher(sc.tlsState.CipherSuite) { 4106 // "Endpoints MAY choose to generate a connection error 4107 // (Section 5.4.1) of type INADEQUATE_SECURITY if one of 4108 // the prohibited cipher suites are negotiated." 4109 // 4110 // We choose that. In my opinion, the spec is weak 4111 // here. It also says both parties must support at least 4112 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 so there's no 4113 // excuses here. If we really must, we could allow an 4114 // "AllowInsecureWeakCiphers" option on the server later. 4115 // Let's see how it plays out first. 4116 sc.rejectConn(http2ErrCodeInadequateSecurity, fmt.Sprintf("Prohibited TLS 1.2 Cipher Suite: %x", sc.tlsState.CipherSuite)) 4117 return 4118 } 4119 } 4120 4121 if hook := http2testHookGetServerConn; hook != nil { 4122 hook(sc) 4123 } 4124 sc.serve() 4125 } 4126 4127 func (sc *http2serverConn) rejectConn(err http2ErrCode, debug string) { 4128 sc.vlogf("http2: server rejecting conn: %v, %s", err, debug) 4129 // ignoring errors. hanging up anyway. 4130 sc.framer.WriteGoAway(0, err, []byte(debug)) 4131 sc.bw.Flush() 4132 sc.conn.Close() 4133 } 4134 4135 type http2serverConn struct { 4136 // Immutable: 4137 srv *http2Server 4138 hs *Server 4139 conn net.Conn 4140 bw *http2bufferedWriter // writing to conn 4141 handler Handler 4142 baseCtx http2contextContext 4143 framer *http2Framer 4144 doneServing chan struct{} // closed when serverConn.serve ends 4145 readFrameCh chan http2readFrameResult // written by serverConn.readFrames 4146 wantWriteFrameCh chan http2FrameWriteRequest // from handlers -> serve 4147 wroteFrameCh chan http2frameWriteResult // from writeFrameAsync -> serve, tickles more frame writes 4148 bodyReadCh chan http2bodyReadMsg // from handlers -> serve 4149 serveMsgCh chan interface{} // misc messages & code to send to / run on the serve loop 4150 flow http2flow // conn-wide (not stream-specific) outbound flow control 4151 inflow http2flow // conn-wide inbound flow control 4152 tlsState *tls.ConnectionState // shared by all handlers, like net/http 4153 remoteAddrStr string 4154 writeSched http2WriteScheduler 4155 4156 // Everything following is owned by the serve loop; use serveG.check(): 4157 serveG http2goroutineLock // used to verify funcs are on serve() 4158 pushEnabled bool 4159 sawFirstSettings bool // got the initial SETTINGS frame after the preface 4160 needToSendSettingsAck bool 4161 unackedSettings int // how many SETTINGS have we sent without ACKs? 4162 clientMaxStreams uint32 // SETTINGS_MAX_CONCURRENT_STREAMS from client (our PUSH_PROMISE limit) 4163 advMaxStreams uint32 // our SETTINGS_MAX_CONCURRENT_STREAMS advertised the client 4164 curClientStreams uint32 // number of open streams initiated by the client 4165 curPushedStreams uint32 // number of open streams initiated by server push 4166 maxClientStreamID uint32 // max ever seen from client (odd), or 0 if there have been no client requests 4167 maxPushPromiseID uint32 // ID of the last push promise (even), or 0 if there have been no pushes 4168 streams map[uint32]*http2stream 4169 initialStreamSendWindowSize int32 4170 maxFrameSize int32 4171 headerTableSize uint32 4172 peerMaxHeaderListSize uint32 // zero means unknown (default) 4173 canonHeader map[string]string // http2-lower-case -> Go-Canonical-Case 4174 writingFrame bool // started writing a frame (on serve goroutine or separate) 4175 writingFrameAsync bool // started a frame on its own goroutine but haven't heard back on wroteFrameCh 4176 needsFrameFlush bool // last frame write wasn't a flush 4177 inGoAway bool // we've started to or sent GOAWAY 4178 inFrameScheduleLoop bool // whether we're in the scheduleFrameWrite loop 4179 needToSendGoAway bool // we need to schedule a GOAWAY frame write 4180 goAwayCode http2ErrCode 4181 shutdownTimer *time.Timer // nil until used 4182 idleTimer *time.Timer // nil if unused 4183 4184 // Owned by the writeFrameAsync goroutine: 4185 headerWriteBuf bytes.Buffer 4186 hpackEncoder *hpack.Encoder 4187 4188 // Used by startGracefulShutdown. 4189 shutdownOnce sync.Once 4190 } 4191 4192 func (sc *http2serverConn) maxHeaderListSize() uint32 { 4193 n := sc.hs.MaxHeaderBytes 4194 if n <= 0 { 4195 n = DefaultMaxHeaderBytes 4196 } 4197 // http2's count is in a slightly different unit and includes 32 bytes per pair. 4198 // So, take the net/http.Server value and pad it up a bit, assuming 10 headers. 4199 const perFieldOverhead = 32 // per http2 spec 4200 const typicalHeaders = 10 // conservative 4201 return uint32(n + typicalHeaders*perFieldOverhead) 4202 } 4203 4204 func (sc *http2serverConn) curOpenStreams() uint32 { 4205 sc.serveG.check() 4206 return sc.curClientStreams + sc.curPushedStreams 4207 } 4208 4209 // stream represents a stream. This is the minimal metadata needed by 4210 // the serve goroutine. Most of the actual stream state is owned by 4211 // the http.Handler's goroutine in the responseWriter. Because the 4212 // responseWriter's responseWriterState is recycled at the end of a 4213 // handler, this struct intentionally has no pointer to the 4214 // *responseWriter{,State} itself, as the Handler ending nils out the 4215 // responseWriter's state field. 4216 type http2stream struct { 4217 // immutable: 4218 sc *http2serverConn 4219 id uint32 4220 body *http2pipe // non-nil if expecting DATA frames 4221 cw http2closeWaiter // closed wait stream transitions to closed state 4222 ctx http2contextContext 4223 cancelCtx func() 4224 4225 // owned by serverConn's serve loop: 4226 bodyBytes int64 // body bytes seen so far 4227 declBodyBytes int64 // or -1 if undeclared 4228 flow http2flow // limits writing from Handler to client 4229 inflow http2flow // what the client is allowed to POST/etc to us 4230 parent *http2stream // or nil 4231 numTrailerValues int64 4232 weight uint8 4233 state http2streamState 4234 resetQueued bool // RST_STREAM queued for write; set by sc.resetStream 4235 gotTrailerHeader bool // HEADER frame for trailers was seen 4236 wroteHeaders bool // whether we wrote headers (not status 100) 4237 writeDeadline *time.Timer // nil if unused 4238 4239 trailer Header // accumulated trailers 4240 reqTrailer Header // handler's Request.Trailer 4241 } 4242 4243 func (sc *http2serverConn) Framer() *http2Framer { return sc.framer } 4244 4245 func (sc *http2serverConn) CloseConn() error { return sc.conn.Close() } 4246 4247 func (sc *http2serverConn) Flush() error { return sc.bw.Flush() } 4248 4249 func (sc *http2serverConn) HeaderEncoder() (*hpack.Encoder, *bytes.Buffer) { 4250 return sc.hpackEncoder, &sc.headerWriteBuf 4251 } 4252 4253 func (sc *http2serverConn) state(streamID uint32) (http2streamState, *http2stream) { 4254 sc.serveG.check() 4255 // http://tools.ietf.org/html/rfc7540#section-5.1 4256 if st, ok := sc.streams[streamID]; ok { 4257 return st.state, st 4258 } 4259 // "The first use of a new stream identifier implicitly closes all 4260 // streams in the "idle" state that might have been initiated by 4261 // that peer with a lower-valued stream identifier. For example, if 4262 // a client sends a HEADERS frame on stream 7 without ever sending a 4263 // frame on stream 5, then stream 5 transitions to the "closed" 4264 // state when the first frame for stream 7 is sent or received." 4265 if streamID%2 == 1 { 4266 if streamID <= sc.maxClientStreamID { 4267 return http2stateClosed, nil 4268 } 4269 } else { 4270 if streamID <= sc.maxPushPromiseID { 4271 return http2stateClosed, nil 4272 } 4273 } 4274 return http2stateIdle, nil 4275 } 4276 4277 // setConnState calls the net/http ConnState hook for this connection, if configured. 4278 // Note that the net/http package does StateNew and StateClosed for us. 4279 // There is currently no plan for StateHijacked or hijacking HTTP/2 connections. 4280 func (sc *http2serverConn) setConnState(state ConnState) { 4281 if sc.hs.ConnState != nil { 4282 sc.hs.ConnState(sc.conn, state) 4283 } 4284 } 4285 4286 func (sc *http2serverConn) vlogf(format string, args ...interface{}) { 4287 if http2VerboseLogs { 4288 sc.logf(format, args...) 4289 } 4290 } 4291 4292 func (sc *http2serverConn) logf(format string, args ...interface{}) { 4293 if lg := sc.hs.ErrorLog; lg != nil { 4294 lg.Printf(format, args...) 4295 } else { 4296 log.Printf(format, args...) 4297 } 4298 } 4299 4300 // errno returns v's underlying uintptr, else 0. 4301 // 4302 // TODO: remove this helper function once http2 can use build 4303 // tags. See comment in isClosedConnError. 4304 func http2errno(v error) uintptr { 4305 if rv := reflect.ValueOf(v); rv.Kind() == reflect.Uintptr { 4306 return uintptr(rv.Uint()) 4307 } 4308 return 0 4309 } 4310 4311 // isClosedConnError reports whether err is an error from use of a closed 4312 // network connection. 4313 func http2isClosedConnError(err error) bool { 4314 if err == nil { 4315 return false 4316 } 4317 4318 // TODO: remove this string search and be more like the Windows 4319 // case below. That might involve modifying the standard library 4320 // to return better error types. 4321 str := err.Error() 4322 if strings.Contains(str, "use of closed network connection") { 4323 return true 4324 } 4325 4326 // TODO(bradfitz): x/tools/cmd/bundle doesn't really support 4327 // build tags, so I can't make an http2_windows.go file with 4328 // Windows-specific stuff. Fix that and move this, once we 4329 // have a way to bundle this into std's net/http somehow. 4330 if runtime.GOOS == "windows" { 4331 if oe, ok := err.(*net.OpError); ok && oe.Op == "read" { 4332 if se, ok := oe.Err.(*os.SyscallError); ok && se.Syscall == "wsarecv" { 4333 const WSAECONNABORTED = 10053 4334 const WSAECONNRESET = 10054 4335 if n := http2errno(se.Err); n == WSAECONNRESET || n == WSAECONNABORTED { 4336 return true 4337 } 4338 } 4339 } 4340 } 4341 return false 4342 } 4343 4344 func (sc *http2serverConn) condlogf(err error, format string, args ...interface{}) { 4345 if err == nil { 4346 return 4347 } 4348 if err == io.EOF || err == io.ErrUnexpectedEOF || http2isClosedConnError(err) || err == http2errPrefaceTimeout { 4349 // Boring, expected errors. 4350 sc.vlogf(format, args...) 4351 } else { 4352 sc.logf(format, args...) 4353 } 4354 } 4355 4356 func (sc *http2serverConn) canonicalHeader(v string) string { 4357 sc.serveG.check() 4358 cv, ok := http2commonCanonHeader[v] 4359 if ok { 4360 return cv 4361 } 4362 cv, ok = sc.canonHeader[v] 4363 if ok { 4364 return cv 4365 } 4366 if sc.canonHeader == nil { 4367 sc.canonHeader = make(map[string]string) 4368 } 4369 cv = CanonicalHeaderKey(v) 4370 sc.canonHeader[v] = cv 4371 return cv 4372 } 4373 4374 type http2readFrameResult struct { 4375 f http2Frame // valid until readMore is called 4376 err error 4377 4378 // readMore should be called once the consumer no longer needs or 4379 // retains f. After readMore, f is invalid and more frames can be 4380 // read. 4381 readMore func() 4382 } 4383 4384 // readFrames is the loop that reads incoming frames. 4385 // It takes care to only read one frame at a time, blocking until the 4386 // consumer is done with the frame. 4387 // It's run on its own goroutine. 4388 func (sc *http2serverConn) readFrames() { 4389 gate := make(http2gate) 4390 gateDone := gate.Done 4391 for { 4392 f, err := sc.framer.ReadFrame() 4393 select { 4394 case sc.readFrameCh <- http2readFrameResult{f, err, gateDone}: 4395 case <-sc.doneServing: 4396 return 4397 } 4398 select { 4399 case <-gate: 4400 case <-sc.doneServing: 4401 return 4402 } 4403 if http2terminalReadFrameError(err) { 4404 return 4405 } 4406 } 4407 } 4408 4409 // frameWriteResult is the message passed from writeFrameAsync to the serve goroutine. 4410 type http2frameWriteResult struct { 4411 wr http2FrameWriteRequest // what was written (or attempted) 4412 err error // result of the writeFrame call 4413 } 4414 4415 // writeFrameAsync runs in its own goroutine and writes a single frame 4416 // and then reports when it's done. 4417 // At most one goroutine can be running writeFrameAsync at a time per 4418 // serverConn. 4419 func (sc *http2serverConn) writeFrameAsync(wr http2FrameWriteRequest) { 4420 err := wr.write.writeFrame(sc) 4421 sc.wroteFrameCh <- http2frameWriteResult{wr, err} 4422 } 4423 4424 func (sc *http2serverConn) closeAllStreamsOnConnClose() { 4425 sc.serveG.check() 4426 for _, st := range sc.streams { 4427 sc.closeStream(st, http2errClientDisconnected) 4428 } 4429 } 4430 4431 func (sc *http2serverConn) stopShutdownTimer() { 4432 sc.serveG.check() 4433 if t := sc.shutdownTimer; t != nil { 4434 t.Stop() 4435 } 4436 } 4437 4438 func (sc *http2serverConn) notePanic() { 4439 // Note: this is for serverConn.serve panicking, not http.Handler code. 4440 if http2testHookOnPanicMu != nil { 4441 http2testHookOnPanicMu.Lock() 4442 defer http2testHookOnPanicMu.Unlock() 4443 } 4444 if http2testHookOnPanic != nil { 4445 if e := recover(); e != nil { 4446 if http2testHookOnPanic(sc, e) { 4447 panic(e) 4448 } 4449 } 4450 } 4451 } 4452 4453 func (sc *http2serverConn) serve() { 4454 sc.serveG.check() 4455 defer sc.notePanic() 4456 defer sc.conn.Close() 4457 defer sc.closeAllStreamsOnConnClose() 4458 defer sc.stopShutdownTimer() 4459 defer close(sc.doneServing) // unblocks handlers trying to send 4460 4461 if http2VerboseLogs { 4462 sc.vlogf("http2: server connection from %v on %p", sc.conn.RemoteAddr(), sc.hs) 4463 } 4464 4465 sc.writeFrame(http2FrameWriteRequest{ 4466 write: http2writeSettings{ 4467 {http2SettingMaxFrameSize, sc.srv.maxReadFrameSize()}, 4468 {http2SettingMaxConcurrentStreams, sc.advMaxStreams}, 4469 {http2SettingMaxHeaderListSize, sc.maxHeaderListSize()}, 4470 {http2SettingInitialWindowSize, uint32(sc.srv.initialStreamRecvWindowSize())}, 4471 }, 4472 }) 4473 sc.unackedSettings++ 4474 4475 // Each connection starts with intialWindowSize inflow tokens. 4476 // If a higher value is configured, we add more tokens. 4477 if diff := sc.srv.initialConnRecvWindowSize() - http2initialWindowSize; diff > 0 { 4478 sc.sendWindowUpdate(nil, int(diff)) 4479 } 4480 4481 if err := sc.readPreface(); err != nil { 4482 sc.condlogf(err, "http2: server: error reading preface from client %v: %v", sc.conn.RemoteAddr(), err) 4483 return 4484 } 4485 // Now that we've got the preface, get us out of the 4486 // "StateNew" state. We can't go directly to idle, though. 4487 // Active means we read some data and anticipate a request. We'll 4488 // do another Active when we get a HEADERS frame. 4489 sc.setConnState(StateActive) 4490 sc.setConnState(StateIdle) 4491 4492 if sc.srv.IdleTimeout != 0 { 4493 sc.idleTimer = time.AfterFunc(sc.srv.IdleTimeout, sc.onIdleTimer) 4494 defer sc.idleTimer.Stop() 4495 } 4496 4497 go sc.readFrames() // closed by defer sc.conn.Close above 4498 4499 settingsTimer := time.AfterFunc(http2firstSettingsTimeout, sc.onSettingsTimer) 4500 defer settingsTimer.Stop() 4501 4502 loopNum := 0 4503 for { 4504 loopNum++ 4505 select { 4506 case wr := <-sc.wantWriteFrameCh: 4507 if se, ok := wr.write.(http2StreamError); ok { 4508 sc.resetStream(se) 4509 break 4510 } 4511 sc.writeFrame(wr) 4512 case res := <-sc.wroteFrameCh: 4513 sc.wroteFrame(res) 4514 case res := <-sc.readFrameCh: 4515 if !sc.processFrameFromReader(res) { 4516 return 4517 } 4518 res.readMore() 4519 if settingsTimer != nil { 4520 settingsTimer.Stop() 4521 settingsTimer = nil 4522 } 4523 case m := <-sc.bodyReadCh: 4524 sc.noteBodyRead(m.st, m.n) 4525 case msg := <-sc.serveMsgCh: 4526 switch v := msg.(type) { 4527 case func(int): 4528 v(loopNum) // for testing 4529 case *http2serverMessage: 4530 switch v { 4531 case http2settingsTimerMsg: 4532 sc.logf("timeout waiting for SETTINGS frames from %v", sc.conn.RemoteAddr()) 4533 return 4534 case http2idleTimerMsg: 4535 sc.vlogf("connection is idle") 4536 sc.goAway(http2ErrCodeNo) 4537 case http2shutdownTimerMsg: 4538 sc.vlogf("GOAWAY close timer fired; closing conn from %v", sc.conn.RemoteAddr()) 4539 return 4540 case http2gracefulShutdownMsg: 4541 sc.startGracefulShutdownInternal() 4542 default: 4543 panic("unknown timer") 4544 } 4545 case *http2startPushRequest: 4546 sc.startPush(v) 4547 default: 4548 panic(fmt.Sprintf("unexpected type %T", v)) 4549 } 4550 } 4551 4552 // Start the shutdown timer after sending a GOAWAY. When sending GOAWAY 4553 // with no error code (graceful shutdown), don't start the timer until 4554 // all open streams have been completed. 4555 sentGoAway := sc.inGoAway && !sc.needToSendGoAway && !sc.writingFrame 4556 gracefulShutdownComplete := sc.goAwayCode == http2ErrCodeNo && sc.curOpenStreams() == 0 4557 if sentGoAway && sc.shutdownTimer == nil && (sc.goAwayCode != http2ErrCodeNo || gracefulShutdownComplete) { 4558 sc.shutDownIn(http2goAwayTimeout) 4559 } 4560 } 4561 } 4562 4563 func (sc *http2serverConn) awaitGracefulShutdown(sharedCh <-chan struct{}, privateCh chan struct{}) { 4564 select { 4565 case <-sc.doneServing: 4566 case <-sharedCh: 4567 close(privateCh) 4568 } 4569 } 4570 4571 type http2serverMessage int 4572 4573 // Message values sent to serveMsgCh. 4574 var ( 4575 http2settingsTimerMsg = new(http2serverMessage) 4576 http2idleTimerMsg = new(http2serverMessage) 4577 http2shutdownTimerMsg = new(http2serverMessage) 4578 http2gracefulShutdownMsg = new(http2serverMessage) 4579 ) 4580 4581 func (sc *http2serverConn) onSettingsTimer() { sc.sendServeMsg(http2settingsTimerMsg) } 4582 4583 func (sc *http2serverConn) onIdleTimer() { sc.sendServeMsg(http2idleTimerMsg) } 4584 4585 func (sc *http2serverConn) onShutdownTimer() { sc.sendServeMsg(http2shutdownTimerMsg) } 4586 4587 func (sc *http2serverConn) sendServeMsg(msg interface{}) { 4588 sc.serveG.checkNotOn() // NOT 4589 select { 4590 case sc.serveMsgCh <- msg: 4591 case <-sc.doneServing: 4592 } 4593 } 4594 4595 var http2errPrefaceTimeout = errors.New("timeout waiting for client preface") 4596 4597 // readPreface reads the ClientPreface greeting from the peer or 4598 // returns errPrefaceTimeout on timeout, or an error if the greeting 4599 // is invalid. 4600 func (sc *http2serverConn) readPreface() error { 4601 errc := make(chan error, 1) 4602 go func() { 4603 // Read the client preface 4604 buf := make([]byte, len(http2ClientPreface)) 4605 if _, err := io.ReadFull(sc.conn, buf); err != nil { 4606 errc <- err 4607 } else if !bytes.Equal(buf, http2clientPreface) { 4608 errc <- fmt.Errorf("bogus greeting %q", buf) 4609 } else { 4610 errc <- nil 4611 } 4612 }() 4613 timer := time.NewTimer(http2prefaceTimeout) // TODO: configurable on *Server? 4614 defer timer.Stop() 4615 select { 4616 case <-timer.C: 4617 return http2errPrefaceTimeout 4618 case err := <-errc: 4619 if err == nil { 4620 if http2VerboseLogs { 4621 sc.vlogf("http2: server: client %v said hello", sc.conn.RemoteAddr()) 4622 } 4623 } 4624 return err 4625 } 4626 } 4627 4628 var http2errChanPool = sync.Pool{ 4629 New: func() interface{} { return make(chan error, 1) }, 4630 } 4631 4632 var http2writeDataPool = sync.Pool{ 4633 New: func() interface{} { return new(http2writeData) }, 4634 } 4635 4636 // writeDataFromHandler writes DATA response frames from a handler on 4637 // the given stream. 4638 func (sc *http2serverConn) writeDataFromHandler(stream *http2stream, data []byte, endStream bool) error { 4639 ch := http2errChanPool.Get().(chan error) 4640 writeArg := http2writeDataPool.Get().(*http2writeData) 4641 *writeArg = http2writeData{stream.id, data, endStream} 4642 err := sc.writeFrameFromHandler(http2FrameWriteRequest{ 4643 write: writeArg, 4644 stream: stream, 4645 done: ch, 4646 }) 4647 if err != nil { 4648 return err 4649 } 4650 var frameWriteDone bool // the frame write is done (successfully or not) 4651 select { 4652 case err = <-ch: 4653 frameWriteDone = true 4654 case <-sc.doneServing: 4655 return http2errClientDisconnected 4656 case <-stream.cw: 4657 // If both ch and stream.cw were ready (as might 4658 // happen on the final Write after an http.Handler 4659 // ends), prefer the write result. Otherwise this 4660 // might just be us successfully closing the stream. 4661 // The writeFrameAsync and serve goroutines guarantee 4662 // that the ch send will happen before the stream.cw 4663 // close. 4664 select { 4665 case err = <-ch: 4666 frameWriteDone = true 4667 default: 4668 return http2errStreamClosed 4669 } 4670 } 4671 http2errChanPool.Put(ch) 4672 if frameWriteDone { 4673 http2writeDataPool.Put(writeArg) 4674 } 4675 return err 4676 } 4677 4678 // writeFrameFromHandler sends wr to sc.wantWriteFrameCh, but aborts 4679 // if the connection has gone away. 4680 // 4681 // This must not be run from the serve goroutine itself, else it might 4682 // deadlock writing to sc.wantWriteFrameCh (which is only mildly 4683 // buffered and is read by serve itself). If you're on the serve 4684 // goroutine, call writeFrame instead. 4685 func (sc *http2serverConn) writeFrameFromHandler(wr http2FrameWriteRequest) error { 4686 sc.serveG.checkNotOn() // NOT 4687 select { 4688 case sc.wantWriteFrameCh <- wr: 4689 return nil 4690 case <-sc.doneServing: 4691 // Serve loop is gone. 4692 // Client has closed their connection to the server. 4693 return http2errClientDisconnected 4694 } 4695 } 4696 4697 // writeFrame schedules a frame to write and sends it if there's nothing 4698 // already being written. 4699 // 4700 // There is no pushback here (the serve goroutine never blocks). It's 4701 // the http.Handlers that block, waiting for their previous frames to 4702 // make it onto the wire 4703 // 4704 // If you're not on the serve goroutine, use writeFrameFromHandler instead. 4705 func (sc *http2serverConn) writeFrame(wr http2FrameWriteRequest) { 4706 sc.serveG.check() 4707 4708 // If true, wr will not be written and wr.done will not be signaled. 4709 var ignoreWrite bool 4710 4711 // We are not allowed to write frames on closed streams. RFC 7540 Section 4712 // 5.1.1 says: "An endpoint MUST NOT send frames other than PRIORITY on 4713 // a closed stream." Our server never sends PRIORITY, so that exception 4714 // does not apply. 4715 // 4716 // The serverConn might close an open stream while the stream's handler 4717 // is still running. For example, the server might close a stream when it 4718 // receives bad data from the client. If this happens, the handler might 4719 // attempt to write a frame after the stream has been closed (since the 4720 // handler hasn't yet been notified of the close). In this case, we simply 4721 // ignore the frame. The handler will notice that the stream is closed when 4722 // it waits for the frame to be written. 4723 // 4724 // As an exception to this rule, we allow sending RST_STREAM after close. 4725 // This allows us to immediately reject new streams without tracking any 4726 // state for those streams (except for the queued RST_STREAM frame). This 4727 // may result in duplicate RST_STREAMs in some cases, but the client should 4728 // ignore those. 4729 if wr.StreamID() != 0 { 4730 _, isReset := wr.write.(http2StreamError) 4731 if state, _ := sc.state(wr.StreamID()); state == http2stateClosed && !isReset { 4732 ignoreWrite = true 4733 } 4734 } 4735 4736 // Don't send a 100-continue response if we've already sent headers. 4737 // See golang.org/issue/14030. 4738 switch wr.write.(type) { 4739 case *http2writeResHeaders: 4740 wr.stream.wroteHeaders = true 4741 case http2write100ContinueHeadersFrame: 4742 if wr.stream.wroteHeaders { 4743 // We do not need to notify wr.done because this frame is 4744 // never written with wr.done != nil. 4745 if wr.done != nil { 4746 panic("wr.done != nil for write100ContinueHeadersFrame") 4747 } 4748 ignoreWrite = true 4749 } 4750 } 4751 4752 if !ignoreWrite { 4753 sc.writeSched.Push(wr) 4754 } 4755 sc.scheduleFrameWrite() 4756 } 4757 4758 // startFrameWrite starts a goroutine to write wr (in a separate 4759 // goroutine since that might block on the network), and updates the 4760 // serve goroutine's state about the world, updated from info in wr. 4761 func (sc *http2serverConn) startFrameWrite(wr http2FrameWriteRequest) { 4762 sc.serveG.check() 4763 if sc.writingFrame { 4764 panic("internal error: can only be writing one frame at a time") 4765 } 4766 4767 st := wr.stream 4768 if st != nil { 4769 switch st.state { 4770 case http2stateHalfClosedLocal: 4771 switch wr.write.(type) { 4772 case http2StreamError, http2handlerPanicRST, http2writeWindowUpdate: 4773 // RFC 7540 Section 5.1 allows sending RST_STREAM, PRIORITY, and WINDOW_UPDATE 4774 // in this state. (We never send PRIORITY from the server, so that is not checked.) 4775 default: 4776 panic(fmt.Sprintf("internal error: attempt to send frame on a half-closed-local stream: %v", wr)) 4777 } 4778 case http2stateClosed: 4779 panic(fmt.Sprintf("internal error: attempt to send frame on a closed stream: %v", wr)) 4780 } 4781 } 4782 if wpp, ok := wr.write.(*http2writePushPromise); ok { 4783 var err error 4784 wpp.promisedID, err = wpp.allocatePromisedID() 4785 if err != nil { 4786 sc.writingFrameAsync = false 4787 wr.replyToWriter(err) 4788 return 4789 } 4790 } 4791 4792 sc.writingFrame = true 4793 sc.needsFrameFlush = true 4794 if wr.write.staysWithinBuffer(sc.bw.Available()) { 4795 sc.writingFrameAsync = false 4796 err := wr.write.writeFrame(sc) 4797 sc.wroteFrame(http2frameWriteResult{wr, err}) 4798 } else { 4799 sc.writingFrameAsync = true 4800 go sc.writeFrameAsync(wr) 4801 } 4802 } 4803 4804 // errHandlerPanicked is the error given to any callers blocked in a read from 4805 // Request.Body when the main goroutine panics. Since most handlers read in the 4806 // the main ServeHTTP goroutine, this will show up rarely. 4807 var http2errHandlerPanicked = errors.New("http2: handler panicked") 4808 4809 // wroteFrame is called on the serve goroutine with the result of 4810 // whatever happened on writeFrameAsync. 4811 func (sc *http2serverConn) wroteFrame(res http2frameWriteResult) { 4812 sc.serveG.check() 4813 if !sc.writingFrame { 4814 panic("internal error: expected to be already writing a frame") 4815 } 4816 sc.writingFrame = false 4817 sc.writingFrameAsync = false 4818 4819 wr := res.wr 4820 4821 if http2writeEndsStream(wr.write) { 4822 st := wr.stream 4823 if st == nil { 4824 panic("internal error: expecting non-nil stream") 4825 } 4826 switch st.state { 4827 case http2stateOpen: 4828 // Here we would go to stateHalfClosedLocal in 4829 // theory, but since our handler is done and 4830 // the net/http package provides no mechanism 4831 // for closing a ResponseWriter while still 4832 // reading data (see possible TODO at top of 4833 // this file), we go into closed state here 4834 // anyway, after telling the peer we're 4835 // hanging up on them. We'll transition to 4836 // stateClosed after the RST_STREAM frame is 4837 // written. 4838 st.state = http2stateHalfClosedLocal 4839 // Section 8.1: a server MAY request that the client abort 4840 // transmission of a request without error by sending a 4841 // RST_STREAM with an error code of NO_ERROR after sending 4842 // a complete response. 4843 sc.resetStream(http2streamError(st.id, http2ErrCodeNo)) 4844 case http2stateHalfClosedRemote: 4845 sc.closeStream(st, http2errHandlerComplete) 4846 } 4847 } else { 4848 switch v := wr.write.(type) { 4849 case http2StreamError: 4850 // st may be unknown if the RST_STREAM was generated to reject bad input. 4851 if st, ok := sc.streams[v.StreamID]; ok { 4852 sc.closeStream(st, v) 4853 } 4854 case http2handlerPanicRST: 4855 sc.closeStream(wr.stream, http2errHandlerPanicked) 4856 } 4857 } 4858 4859 // Reply (if requested) to unblock the ServeHTTP goroutine. 4860 wr.replyToWriter(res.err) 4861 4862 sc.scheduleFrameWrite() 4863 } 4864 4865 // scheduleFrameWrite tickles the frame writing scheduler. 4866 // 4867 // If a frame is already being written, nothing happens. This will be called again 4868 // when the frame is done being written. 4869 // 4870 // If a frame isn't being written we need to send one, the best frame 4871 // to send is selected, preferring first things that aren't 4872 // stream-specific (e.g. ACKing settings), and then finding the 4873 // highest priority stream. 4874 // 4875 // If a frame isn't being written and there's nothing else to send, we 4876 // flush the write buffer. 4877 func (sc *http2serverConn) scheduleFrameWrite() { 4878 sc.serveG.check() 4879 if sc.writingFrame || sc.inFrameScheduleLoop { 4880 return 4881 } 4882 sc.inFrameScheduleLoop = true 4883 for !sc.writingFrameAsync { 4884 if sc.needToSendGoAway { 4885 sc.needToSendGoAway = false 4886 sc.startFrameWrite(http2FrameWriteRequest{ 4887 write: &http2writeGoAway{ 4888 maxStreamID: sc.maxClientStreamID, 4889 code: sc.goAwayCode, 4890 }, 4891 }) 4892 continue 4893 } 4894 if sc.needToSendSettingsAck { 4895 sc.needToSendSettingsAck = false 4896 sc.startFrameWrite(http2FrameWriteRequest{write: http2writeSettingsAck{}}) 4897 continue 4898 } 4899 if !sc.inGoAway || sc.goAwayCode == http2ErrCodeNo { 4900 if wr, ok := sc.writeSched.Pop(); ok { 4901 sc.startFrameWrite(wr) 4902 continue 4903 } 4904 } 4905 if sc.needsFrameFlush { 4906 sc.startFrameWrite(http2FrameWriteRequest{write: http2flushFrameWriter{}}) 4907 sc.needsFrameFlush = false // after startFrameWrite, since it sets this true 4908 continue 4909 } 4910 break 4911 } 4912 sc.inFrameScheduleLoop = false 4913 } 4914 4915 // startGracefulShutdown gracefully shuts down a connection. This 4916 // sends GOAWAY with ErrCodeNo to tell the client we're gracefully 4917 // shutting down. The connection isn't closed until all current 4918 // streams are done. 4919 // 4920 // startGracefulShutdown returns immediately; it does not wait until 4921 // the connection has shut down. 4922 func (sc *http2serverConn) startGracefulShutdown() { 4923 sc.serveG.checkNotOn() // NOT 4924 sc.shutdownOnce.Do(func() { sc.sendServeMsg(http2gracefulShutdownMsg) }) 4925 } 4926 4927 // After sending GOAWAY, the connection will close after goAwayTimeout. 4928 // If we close the connection immediately after sending GOAWAY, there may 4929 // be unsent data in our kernel receive buffer, which will cause the kernel 4930 // to send a TCP RST on close() instead of a FIN. This RST will abort the 4931 // connection immediately, whether or not the client had received the GOAWAY. 4932 // 4933 // Ideally we should delay for at least 1 RTT + epsilon so the client has 4934 // a chance to read the GOAWAY and stop sending messages. Measuring RTT 4935 // is hard, so we approximate with 1 second. See golang.org/issue/18701. 4936 // 4937 // This is a var so it can be shorter in tests, where all requests uses the 4938 // loopback interface making the expected RTT very small. 4939 // 4940 // TODO: configurable? 4941 var http2goAwayTimeout = 1 * time.Second 4942 4943 func (sc *http2serverConn) startGracefulShutdownInternal() { 4944 sc.goAway(http2ErrCodeNo) 4945 } 4946 4947 func (sc *http2serverConn) goAway(code http2ErrCode) { 4948 sc.serveG.check() 4949 if sc.inGoAway { 4950 return 4951 } 4952 sc.inGoAway = true 4953 sc.needToSendGoAway = true 4954 sc.goAwayCode = code 4955 sc.scheduleFrameWrite() 4956 } 4957 4958 func (sc *http2serverConn) shutDownIn(d time.Duration) { 4959 sc.serveG.check() 4960 sc.shutdownTimer = time.AfterFunc(d, sc.onShutdownTimer) 4961 } 4962 4963 func (sc *http2serverConn) resetStream(se http2StreamError) { 4964 sc.serveG.check() 4965 sc.writeFrame(http2FrameWriteRequest{write: se}) 4966 if st, ok := sc.streams[se.StreamID]; ok { 4967 st.resetQueued = true 4968 } 4969 } 4970 4971 // processFrameFromReader processes the serve loop's read from readFrameCh from the 4972 // frame-reading goroutine. 4973 // processFrameFromReader returns whether the connection should be kept open. 4974 func (sc *http2serverConn) processFrameFromReader(res http2readFrameResult) bool { 4975 sc.serveG.check() 4976 err := res.err 4977 if err != nil { 4978 if err == http2ErrFrameTooLarge { 4979 sc.goAway(http2ErrCodeFrameSize) 4980 return true // goAway will close the loop 4981 } 4982 clientGone := err == io.EOF || err == io.ErrUnexpectedEOF || http2isClosedConnError(err) 4983 if clientGone { 4984 // TODO: could we also get into this state if 4985 // the peer does a half close 4986 // (e.g. CloseWrite) because they're done 4987 // sending frames but they're still wanting 4988 // our open replies? Investigate. 4989 // TODO: add CloseWrite to crypto/tls.Conn first 4990 // so we have a way to test this? I suppose 4991 // just for testing we could have a non-TLS mode. 4992 return false 4993 } 4994 } else { 4995 f := res.f 4996 if http2VerboseLogs { 4997 sc.vlogf("http2: server read frame %v", http2summarizeFrame(f)) 4998 } 4999 err = sc.processFrame(f) 5000 if err == nil { 5001 return true 5002 } 5003 } 5004 5005 switch ev := err.(type) { 5006 case http2StreamError: 5007 sc.resetStream(ev) 5008 return true 5009 case http2goAwayFlowError: 5010 sc.goAway(http2ErrCodeFlowControl) 5011 return true 5012 case http2ConnectionError: 5013 sc.logf("http2: server connection error from %v: %v", sc.conn.RemoteAddr(), ev) 5014 sc.goAway(http2ErrCode(ev)) 5015 return true // goAway will handle shutdown 5016 default: 5017 if res.err != nil { 5018 sc.vlogf("http2: server closing client connection; error reading frame from client %s: %v", sc.conn.RemoteAddr(), err) 5019 } else { 5020 sc.logf("http2: server closing client connection: %v", err) 5021 } 5022 return false 5023 } 5024 } 5025 5026 func (sc *http2serverConn) processFrame(f http2Frame) error { 5027 sc.serveG.check() 5028 5029 // First frame received must be SETTINGS. 5030 if !sc.sawFirstSettings { 5031 if _, ok := f.(*http2SettingsFrame); !ok { 5032 return http2ConnectionError(http2ErrCodeProtocol) 5033 } 5034 sc.sawFirstSettings = true 5035 } 5036 5037 switch f := f.(type) { 5038 case *http2SettingsFrame: 5039 return sc.processSettings(f) 5040 case *http2MetaHeadersFrame: 5041 return sc.processHeaders(f) 5042 case *http2WindowUpdateFrame: 5043 return sc.processWindowUpdate(f) 5044 case *http2PingFrame: 5045 return sc.processPing(f) 5046 case *http2DataFrame: 5047 return sc.processData(f) 5048 case *http2RSTStreamFrame: 5049 return sc.processResetStream(f) 5050 case *http2PriorityFrame: 5051 return sc.processPriority(f) 5052 case *http2GoAwayFrame: 5053 return sc.processGoAway(f) 5054 case *http2PushPromiseFrame: 5055 // A client cannot push. Thus, servers MUST treat the receipt of a PUSH_PROMISE 5056 // frame as a connection error (Section 5.4.1) of type PROTOCOL_ERROR. 5057 return http2ConnectionError(http2ErrCodeProtocol) 5058 default: 5059 sc.vlogf("http2: server ignoring frame: %v", f.Header()) 5060 return nil 5061 } 5062 } 5063 5064 func (sc *http2serverConn) processPing(f *http2PingFrame) error { 5065 sc.serveG.check() 5066 if f.IsAck() { 5067 // 6.7 PING: " An endpoint MUST NOT respond to PING frames 5068 // containing this flag." 5069 return nil 5070 } 5071 if f.StreamID != 0 { 5072 // "PING frames are not associated with any individual 5073 // stream. If a PING frame is received with a stream 5074 // identifier field value other than 0x0, the recipient MUST 5075 // respond with a connection error (Section 5.4.1) of type 5076 // PROTOCOL_ERROR." 5077 return http2ConnectionError(http2ErrCodeProtocol) 5078 } 5079 if sc.inGoAway && sc.goAwayCode != http2ErrCodeNo { 5080 return nil 5081 } 5082 sc.writeFrame(http2FrameWriteRequest{write: http2writePingAck{f}}) 5083 return nil 5084 } 5085 5086 func (sc *http2serverConn) processWindowUpdate(f *http2WindowUpdateFrame) error { 5087 sc.serveG.check() 5088 switch { 5089 case f.StreamID != 0: // stream-level flow control 5090 state, st := sc.state(f.StreamID) 5091 if state == http2stateIdle { 5092 // Section 5.1: "Receiving any frame other than HEADERS 5093 // or PRIORITY on a stream in this state MUST be 5094 // treated as a connection error (Section 5.4.1) of 5095 // type PROTOCOL_ERROR." 5096 return http2ConnectionError(http2ErrCodeProtocol) 5097 } 5098 if st == nil { 5099 // "WINDOW_UPDATE can be sent by a peer that has sent a 5100 // frame bearing the END_STREAM flag. This means that a 5101 // receiver could receive a WINDOW_UPDATE frame on a "half 5102 // closed (remote)" or "closed" stream. A receiver MUST 5103 // NOT treat this as an error, see Section 5.1." 5104 return nil 5105 } 5106 if !st.flow.add(int32(f.Increment)) { 5107 return http2streamError(f.StreamID, http2ErrCodeFlowControl) 5108 } 5109 default: // connection-level flow control 5110 if !sc.flow.add(int32(f.Increment)) { 5111 return http2goAwayFlowError{} 5112 } 5113 } 5114 sc.scheduleFrameWrite() 5115 return nil 5116 } 5117 5118 func (sc *http2serverConn) processResetStream(f *http2RSTStreamFrame) error { 5119 sc.serveG.check() 5120 5121 state, st := sc.state(f.StreamID) 5122 if state == http2stateIdle { 5123 // 6.4 "RST_STREAM frames MUST NOT be sent for a 5124 // stream in the "idle" state. If a RST_STREAM frame 5125 // identifying an idle stream is received, the 5126 // recipient MUST treat this as a connection error 5127 // (Section 5.4.1) of type PROTOCOL_ERROR. 5128 return http2ConnectionError(http2ErrCodeProtocol) 5129 } 5130 if st != nil { 5131 st.cancelCtx() 5132 sc.closeStream(st, http2streamError(f.StreamID, f.ErrCode)) 5133 } 5134 return nil 5135 } 5136 5137 func (sc *http2serverConn) closeStream(st *http2stream, err error) { 5138 sc.serveG.check() 5139 if st.state == http2stateIdle || st.state == http2stateClosed { 5140 panic(fmt.Sprintf("invariant; can't close stream in state %v", st.state)) 5141 } 5142 st.state = http2stateClosed 5143 if st.writeDeadline != nil { 5144 st.writeDeadline.Stop() 5145 } 5146 if st.isPushed() { 5147 sc.curPushedStreams-- 5148 } else { 5149 sc.curClientStreams-- 5150 } 5151 delete(sc.streams, st.id) 5152 if len(sc.streams) == 0 { 5153 sc.setConnState(StateIdle) 5154 if sc.srv.IdleTimeout != 0 { 5155 sc.idleTimer.Reset(sc.srv.IdleTimeout) 5156 } 5157 if http2h1ServerKeepAlivesDisabled(sc.hs) { 5158 sc.startGracefulShutdownInternal() 5159 } 5160 } 5161 if p := st.body; p != nil { 5162 // Return any buffered unread bytes worth of conn-level flow control. 5163 // See golang.org/issue/16481 5164 sc.sendWindowUpdate(nil, p.Len()) 5165 5166 p.CloseWithError(err) 5167 } 5168 st.cw.Close() // signals Handler's CloseNotifier, unblocks writes, etc 5169 sc.writeSched.CloseStream(st.id) 5170 } 5171 5172 func (sc *http2serverConn) processSettings(f *http2SettingsFrame) error { 5173 sc.serveG.check() 5174 if f.IsAck() { 5175 sc.unackedSettings-- 5176 if sc.unackedSettings < 0 { 5177 // Why is the peer ACKing settings we never sent? 5178 // The spec doesn't mention this case, but 5179 // hang up on them anyway. 5180 return http2ConnectionError(http2ErrCodeProtocol) 5181 } 5182 return nil 5183 } 5184 if err := f.ForeachSetting(sc.processSetting); err != nil { 5185 return err 5186 } 5187 sc.needToSendSettingsAck = true 5188 sc.scheduleFrameWrite() 5189 return nil 5190 } 5191 5192 func (sc *http2serverConn) processSetting(s http2Setting) error { 5193 sc.serveG.check() 5194 if err := s.Valid(); err != nil { 5195 return err 5196 } 5197 if http2VerboseLogs { 5198 sc.vlogf("http2: server processing setting %v", s) 5199 } 5200 switch s.ID { 5201 case http2SettingHeaderTableSize: 5202 sc.headerTableSize = s.Val 5203 sc.hpackEncoder.SetMaxDynamicTableSize(s.Val) 5204 case http2SettingEnablePush: 5205 sc.pushEnabled = s.Val != 0 5206 case http2SettingMaxConcurrentStreams: 5207 sc.clientMaxStreams = s.Val 5208 case http2SettingInitialWindowSize: 5209 return sc.processSettingInitialWindowSize(s.Val) 5210 case http2SettingMaxFrameSize: 5211 sc.maxFrameSize = int32(s.Val) // the maximum valid s.Val is < 2^31 5212 case http2SettingMaxHeaderListSize: 5213 sc.peerMaxHeaderListSize = s.Val 5214 default: 5215 // Unknown setting: "An endpoint that receives a SETTINGS 5216 // frame with any unknown or unsupported identifier MUST 5217 // ignore that setting." 5218 if http2VerboseLogs { 5219 sc.vlogf("http2: server ignoring unknown setting %v", s) 5220 } 5221 } 5222 return nil 5223 } 5224 5225 func (sc *http2serverConn) processSettingInitialWindowSize(val uint32) error { 5226 sc.serveG.check() 5227 // Note: val already validated to be within range by 5228 // processSetting's Valid call. 5229 5230 // "A SETTINGS frame can alter the initial flow control window 5231 // size for all current streams. When the value of 5232 // SETTINGS_INITIAL_WINDOW_SIZE changes, a receiver MUST 5233 // adjust the size of all stream flow control windows that it 5234 // maintains by the difference between the new value and the 5235 // old value." 5236 old := sc.initialStreamSendWindowSize 5237 sc.initialStreamSendWindowSize = int32(val) 5238 growth := int32(val) - old // may be negative 5239 for _, st := range sc.streams { 5240 if !st.flow.add(growth) { 5241 // 6.9.2 Initial Flow Control Window Size 5242 // "An endpoint MUST treat a change to 5243 // SETTINGS_INITIAL_WINDOW_SIZE that causes any flow 5244 // control window to exceed the maximum size as a 5245 // connection error (Section 5.4.1) of type 5246 // FLOW_CONTROL_ERROR." 5247 return http2ConnectionError(http2ErrCodeFlowControl) 5248 } 5249 } 5250 return nil 5251 } 5252 5253 func (sc *http2serverConn) processData(f *http2DataFrame) error { 5254 sc.serveG.check() 5255 if sc.inGoAway && sc.goAwayCode != http2ErrCodeNo { 5256 return nil 5257 } 5258 data := f.Data() 5259 5260 // "If a DATA frame is received whose stream is not in "open" 5261 // or "half closed (local)" state, the recipient MUST respond 5262 // with a stream error (Section 5.4.2) of type STREAM_CLOSED." 5263 id := f.Header().StreamID 5264 state, st := sc.state(id) 5265 if id == 0 || state == http2stateIdle { 5266 // Section 5.1: "Receiving any frame other than HEADERS 5267 // or PRIORITY on a stream in this state MUST be 5268 // treated as a connection error (Section 5.4.1) of 5269 // type PROTOCOL_ERROR." 5270 return http2ConnectionError(http2ErrCodeProtocol) 5271 } 5272 if st == nil || state != http2stateOpen || st.gotTrailerHeader || st.resetQueued { 5273 // This includes sending a RST_STREAM if the stream is 5274 // in stateHalfClosedLocal (which currently means that 5275 // the http.Handler returned, so it's done reading & 5276 // done writing). Try to stop the client from sending 5277 // more DATA. 5278 5279 // But still enforce their connection-level flow control, 5280 // and return any flow control bytes since we're not going 5281 // to consume them. 5282 if sc.inflow.available() < int32(f.Length) { 5283 return http2streamError(id, http2ErrCodeFlowControl) 5284 } 5285 // Deduct the flow control from inflow, since we're 5286 // going to immediately add it back in 5287 // sendWindowUpdate, which also schedules sending the 5288 // frames. 5289 sc.inflow.take(int32(f.Length)) 5290 sc.sendWindowUpdate(nil, int(f.Length)) // conn-level 5291 5292 if st != nil && st.resetQueued { 5293 // Already have a stream error in flight. Don't send another. 5294 return nil 5295 } 5296 return http2streamError(id, http2ErrCodeStreamClosed) 5297 } 5298 if st.body == nil { 5299 panic("internal error: should have a body in this state") 5300 } 5301 5302 // Sender sending more than they'd declared? 5303 if st.declBodyBytes != -1 && st.bodyBytes+int64(len(data)) > st.declBodyBytes { 5304 st.body.CloseWithError(fmt.Errorf("sender tried to send more than declared Content-Length of %d bytes", st.declBodyBytes)) 5305 return http2streamError(id, http2ErrCodeStreamClosed) 5306 } 5307 if f.Length > 0 { 5308 // Check whether the client has flow control quota. 5309 if st.inflow.available() < int32(f.Length) { 5310 return http2streamError(id, http2ErrCodeFlowControl) 5311 } 5312 st.inflow.take(int32(f.Length)) 5313 5314 if len(data) > 0 { 5315 wrote, err := st.body.Write(data) 5316 if err != nil { 5317 return http2streamError(id, http2ErrCodeStreamClosed) 5318 } 5319 if wrote != len(data) { 5320 panic("internal error: bad Writer") 5321 } 5322 st.bodyBytes += int64(len(data)) 5323 } 5324 5325 // Return any padded flow control now, since we won't 5326 // refund it later on body reads. 5327 if pad := int32(f.Length) - int32(len(data)); pad > 0 { 5328 sc.sendWindowUpdate32(nil, pad) 5329 sc.sendWindowUpdate32(st, pad) 5330 } 5331 } 5332 if f.StreamEnded() { 5333 st.endStream() 5334 } 5335 return nil 5336 } 5337 5338 func (sc *http2serverConn) processGoAway(f *http2GoAwayFrame) error { 5339 sc.serveG.check() 5340 if f.ErrCode != http2ErrCodeNo { 5341 sc.logf("http2: received GOAWAY %+v, starting graceful shutdown", f) 5342 } else { 5343 sc.vlogf("http2: received GOAWAY %+v, starting graceful shutdown", f) 5344 } 5345 sc.startGracefulShutdownInternal() 5346 // http://tools.ietf.org/html/rfc7540#section-6.8 5347 // We should not create any new streams, which means we should disable push. 5348 sc.pushEnabled = false 5349 return nil 5350 } 5351 5352 // isPushed reports whether the stream is server-initiated. 5353 func (st *http2stream) isPushed() bool { 5354 return st.id%2 == 0 5355 } 5356 5357 // endStream closes a Request.Body's pipe. It is called when a DATA 5358 // frame says a request body is over (or after trailers). 5359 func (st *http2stream) endStream() { 5360 sc := st.sc 5361 sc.serveG.check() 5362 5363 if st.declBodyBytes != -1 && st.declBodyBytes != st.bodyBytes { 5364 st.body.CloseWithError(fmt.Errorf("request declared a Content-Length of %d but only wrote %d bytes", 5365 st.declBodyBytes, st.bodyBytes)) 5366 } else { 5367 st.body.closeWithErrorAndCode(io.EOF, st.copyTrailersToHandlerRequest) 5368 st.body.CloseWithError(io.EOF) 5369 } 5370 st.state = http2stateHalfClosedRemote 5371 } 5372 5373 // copyTrailersToHandlerRequest is run in the Handler's goroutine in 5374 // its Request.Body.Read just before it gets io.EOF. 5375 func (st *http2stream) copyTrailersToHandlerRequest() { 5376 for k, vv := range st.trailer { 5377 if _, ok := st.reqTrailer[k]; ok { 5378 // Only copy it over it was pre-declared. 5379 st.reqTrailer[k] = vv 5380 } 5381 } 5382 } 5383 5384 // onWriteTimeout is run on its own goroutine (from time.AfterFunc) 5385 // when the stream's WriteTimeout has fired. 5386 func (st *http2stream) onWriteTimeout() { 5387 st.sc.writeFrameFromHandler(http2FrameWriteRequest{write: http2streamError(st.id, http2ErrCodeInternal)}) 5388 } 5389 5390 func (sc *http2serverConn) processHeaders(f *http2MetaHeadersFrame) error { 5391 sc.serveG.check() 5392 id := f.StreamID 5393 if sc.inGoAway { 5394 // Ignore. 5395 return nil 5396 } 5397 // http://tools.ietf.org/html/rfc7540#section-5.1.1 5398 // Streams initiated by a client MUST use odd-numbered stream 5399 // identifiers. [...] An endpoint that receives an unexpected 5400 // stream identifier MUST respond with a connection error 5401 // (Section 5.4.1) of type PROTOCOL_ERROR. 5402 if id%2 != 1 { 5403 return http2ConnectionError(http2ErrCodeProtocol) 5404 } 5405 // A HEADERS frame can be used to create a new stream or 5406 // send a trailer for an open one. If we already have a stream 5407 // open, let it process its own HEADERS frame (trailers at this 5408 // point, if it's valid). 5409 if st := sc.streams[f.StreamID]; st != nil { 5410 if st.resetQueued { 5411 // We're sending RST_STREAM to close the stream, so don't bother 5412 // processing this frame. 5413 return nil 5414 } 5415 return st.processTrailerHeaders(f) 5416 } 5417 5418 // [...] The identifier of a newly established stream MUST be 5419 // numerically greater than all streams that the initiating 5420 // endpoint has opened or reserved. [...] An endpoint that 5421 // receives an unexpected stream identifier MUST respond with 5422 // a connection error (Section 5.4.1) of type PROTOCOL_ERROR. 5423 if id <= sc.maxClientStreamID { 5424 return http2ConnectionError(http2ErrCodeProtocol) 5425 } 5426 sc.maxClientStreamID = id 5427 5428 if sc.idleTimer != nil { 5429 sc.idleTimer.Stop() 5430 } 5431 5432 // http://tools.ietf.org/html/rfc7540#section-5.1.2 5433 // [...] Endpoints MUST NOT exceed the limit set by their peer. An 5434 // endpoint that receives a HEADERS frame that causes their 5435 // advertised concurrent stream limit to be exceeded MUST treat 5436 // this as a stream error (Section 5.4.2) of type PROTOCOL_ERROR 5437 // or REFUSED_STREAM. 5438 if sc.curClientStreams+1 > sc.advMaxStreams { 5439 if sc.unackedSettings == 0 { 5440 // They should know better. 5441 return http2streamError(id, http2ErrCodeProtocol) 5442 } 5443 // Assume it's a network race, where they just haven't 5444 // received our last SETTINGS update. But actually 5445 // this can't happen yet, because we don't yet provide 5446 // a way for users to adjust server parameters at 5447 // runtime. 5448 return http2streamError(id, http2ErrCodeRefusedStream) 5449 } 5450 5451 initialState := http2stateOpen 5452 if f.StreamEnded() { 5453 initialState = http2stateHalfClosedRemote 5454 } 5455 st := sc.newStream(id, 0, initialState) 5456 5457 if f.HasPriority() { 5458 if err := http2checkPriority(f.StreamID, f.Priority); err != nil { 5459 return err 5460 } 5461 sc.writeSched.AdjustStream(st.id, f.Priority) 5462 } 5463 5464 rw, req, err := sc.newWriterAndRequest(st, f) 5465 if err != nil { 5466 return err 5467 } 5468 st.reqTrailer = req.Trailer 5469 if st.reqTrailer != nil { 5470 st.trailer = make(Header) 5471 } 5472 st.body = req.Body.(*http2requestBody).pipe // may be nil 5473 st.declBodyBytes = req.ContentLength 5474 5475 handler := sc.handler.ServeHTTP 5476 if f.Truncated { 5477 // Their header list was too long. Send a 431 error. 5478 handler = http2handleHeaderListTooLong 5479 } else if err := http2checkValidHTTP2RequestHeaders(req.Header); err != nil { 5480 handler = http2new400Handler(err) 5481 } 5482 5483 // The net/http package sets the read deadline from the 5484 // http.Server.ReadTimeout during the TLS handshake, but then 5485 // passes the connection off to us with the deadline already 5486 // set. Disarm it here after the request headers are read, 5487 // similar to how the http1 server works. Here it's 5488 // technically more like the http1 Server's ReadHeaderTimeout 5489 // (in Go 1.8), though. That's a more sane option anyway. 5490 if sc.hs.ReadTimeout != 0 { 5491 sc.conn.SetReadDeadline(time.Time{}) 5492 } 5493 5494 go sc.runHandler(rw, req, handler) 5495 return nil 5496 } 5497 5498 func (st *http2stream) processTrailerHeaders(f *http2MetaHeadersFrame) error { 5499 sc := st.sc 5500 sc.serveG.check() 5501 if st.gotTrailerHeader { 5502 return http2ConnectionError(http2ErrCodeProtocol) 5503 } 5504 st.gotTrailerHeader = true 5505 if !f.StreamEnded() { 5506 return http2streamError(st.id, http2ErrCodeProtocol) 5507 } 5508 5509 if len(f.PseudoFields()) > 0 { 5510 return http2streamError(st.id, http2ErrCodeProtocol) 5511 } 5512 if st.trailer != nil { 5513 for _, hf := range f.RegularFields() { 5514 key := sc.canonicalHeader(hf.Name) 5515 if !http2ValidTrailerHeader(key) { 5516 // TODO: send more details to the peer somehow. But http2 has 5517 // no way to send debug data at a stream level. Discuss with 5518 // HTTP folk. 5519 return http2streamError(st.id, http2ErrCodeProtocol) 5520 } 5521 st.trailer[key] = append(st.trailer[key], hf.Value) 5522 } 5523 } 5524 st.endStream() 5525 return nil 5526 } 5527 5528 func http2checkPriority(streamID uint32, p http2PriorityParam) error { 5529 if streamID == p.StreamDep { 5530 // Section 5.3.1: "A stream cannot depend on itself. An endpoint MUST treat 5531 // this as a stream error (Section 5.4.2) of type PROTOCOL_ERROR." 5532 // Section 5.3.3 says that a stream can depend on one of its dependencies, 5533 // so it's only self-dependencies that are forbidden. 5534 return http2streamError(streamID, http2ErrCodeProtocol) 5535 } 5536 return nil 5537 } 5538 5539 func (sc *http2serverConn) processPriority(f *http2PriorityFrame) error { 5540 if sc.inGoAway { 5541 return nil 5542 } 5543 if err := http2checkPriority(f.StreamID, f.http2PriorityParam); err != nil { 5544 return err 5545 } 5546 sc.writeSched.AdjustStream(f.StreamID, f.http2PriorityParam) 5547 return nil 5548 } 5549 5550 func (sc *http2serverConn) newStream(id, pusherID uint32, state http2streamState) *http2stream { 5551 sc.serveG.check() 5552 if id == 0 { 5553 panic("internal error: cannot create stream with id 0") 5554 } 5555 5556 ctx, cancelCtx := http2contextWithCancel(sc.baseCtx) 5557 st := &http2stream{ 5558 sc: sc, 5559 id: id, 5560 state: state, 5561 ctx: ctx, 5562 cancelCtx: cancelCtx, 5563 } 5564 st.cw.Init() 5565 st.flow.conn = &sc.flow // link to conn-level counter 5566 st.flow.add(sc.initialStreamSendWindowSize) 5567 st.inflow.conn = &sc.inflow // link to conn-level counter 5568 st.inflow.add(sc.srv.initialStreamRecvWindowSize()) 5569 if sc.hs.WriteTimeout != 0 { 5570 st.writeDeadline = time.AfterFunc(sc.hs.WriteTimeout, st.onWriteTimeout) 5571 } 5572 5573 sc.streams[id] = st 5574 sc.writeSched.OpenStream(st.id, http2OpenStreamOptions{PusherID: pusherID}) 5575 if st.isPushed() { 5576 sc.curPushedStreams++ 5577 } else { 5578 sc.curClientStreams++ 5579 } 5580 if sc.curOpenStreams() == 1 { 5581 sc.setConnState(StateActive) 5582 } 5583 5584 return st 5585 } 5586 5587 func (sc *http2serverConn) newWriterAndRequest(st *http2stream, f *http2MetaHeadersFrame) (*http2responseWriter, *Request, error) { 5588 sc.serveG.check() 5589 5590 rp := http2requestParam{ 5591 method: f.PseudoValue("method"), 5592 scheme: f.PseudoValue("scheme"), 5593 authority: f.PseudoValue("authority"), 5594 path: f.PseudoValue("path"), 5595 } 5596 5597 isConnect := rp.method == "CONNECT" 5598 if isConnect { 5599 if rp.path != "" || rp.scheme != "" || rp.authority == "" { 5600 return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol) 5601 } 5602 } else if rp.method == "" || rp.path == "" || (rp.scheme != "https" && rp.scheme != "http") { 5603 // See 8.1.2.6 Malformed Requests and Responses: 5604 // 5605 // Malformed requests or responses that are detected 5606 // MUST be treated as a stream error (Section 5.4.2) 5607 // of type PROTOCOL_ERROR." 5608 // 5609 // 8.1.2.3 Request Pseudo-Header Fields 5610 // "All HTTP/2 requests MUST include exactly one valid 5611 // value for the :method, :scheme, and :path 5612 // pseudo-header fields" 5613 return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol) 5614 } 5615 5616 bodyOpen := !f.StreamEnded() 5617 if rp.method == "HEAD" && bodyOpen { 5618 // HEAD requests can't have bodies 5619 return nil, nil, http2streamError(f.StreamID, http2ErrCodeProtocol) 5620 } 5621 5622 rp.header = make(Header) 5623 for _, hf := range f.RegularFields() { 5624 rp.header.Add(sc.canonicalHeader(hf.Name), hf.Value) 5625 } 5626 if rp.authority == "" { 5627 rp.authority = rp.header.Get("Host") 5628 } 5629 5630 rw, req, err := sc.newWriterAndRequestNoBody(st, rp) 5631 if err != nil { 5632 return nil, nil, err 5633 } 5634 if bodyOpen { 5635 if vv, ok := rp.header["Content-Length"]; ok { 5636 req.ContentLength, _ = strconv.ParseInt(vv[0], 10, 64) 5637 } else { 5638 req.ContentLength = -1 5639 } 5640 req.Body.(*http2requestBody).pipe = &http2pipe{ 5641 b: &http2dataBuffer{expected: req.ContentLength}, 5642 } 5643 } 5644 return rw, req, nil 5645 } 5646 5647 type http2requestParam struct { 5648 method string 5649 scheme, authority, path string 5650 header Header 5651 } 5652 5653 func (sc *http2serverConn) newWriterAndRequestNoBody(st *http2stream, rp http2requestParam) (*http2responseWriter, *Request, error) { 5654 sc.serveG.check() 5655 5656 var tlsState *tls.ConnectionState // nil if not scheme https 5657 if rp.scheme == "https" { 5658 tlsState = sc.tlsState 5659 } 5660 5661 needsContinue := rp.header.Get("Expect") == "100-continue" 5662 if needsContinue { 5663 rp.header.Del("Expect") 5664 } 5665 // Merge Cookie headers into one "; "-delimited value. 5666 if cookies := rp.header["Cookie"]; len(cookies) > 1 { 5667 rp.header.Set("Cookie", strings.Join(cookies, "; ")) 5668 } 5669 5670 // Setup Trailers 5671 var trailer Header 5672 for _, v := range rp.header["Trailer"] { 5673 for _, key := range strings.Split(v, ",") { 5674 key = CanonicalHeaderKey(strings.TrimSpace(key)) 5675 switch key { 5676 case "Transfer-Encoding", "Trailer", "Content-Length": 5677 // Bogus. (copy of http1 rules) 5678 // Ignore. 5679 default: 5680 if trailer == nil { 5681 trailer = make(Header) 5682 } 5683 trailer[key] = nil 5684 } 5685 } 5686 } 5687 delete(rp.header, "Trailer") 5688 5689 var url_ *url.URL 5690 var requestURI string 5691 if rp.method == "CONNECT" { 5692 url_ = &url.URL{Host: rp.authority} 5693 requestURI = rp.authority // mimic HTTP/1 server behavior 5694 } else { 5695 var err error 5696 url_, err = url.ParseRequestURI(rp.path) 5697 if err != nil { 5698 return nil, nil, http2streamError(st.id, http2ErrCodeProtocol) 5699 } 5700 requestURI = rp.path 5701 } 5702 5703 body := &http2requestBody{ 5704 conn: sc, 5705 stream: st, 5706 needsContinue: needsContinue, 5707 } 5708 req := &Request{ 5709 Method: rp.method, 5710 URL: url_, 5711 RemoteAddr: sc.remoteAddrStr, 5712 Header: rp.header, 5713 RequestURI: requestURI, 5714 Proto: "HTTP/2.0", 5715 ProtoMajor: 2, 5716 ProtoMinor: 0, 5717 TLS: tlsState, 5718 Host: rp.authority, 5719 Body: body, 5720 Trailer: trailer, 5721 } 5722 req = http2requestWithContext(req, st.ctx) 5723 5724 rws := http2responseWriterStatePool.Get().(*http2responseWriterState) 5725 bwSave := rws.bw 5726 *rws = http2responseWriterState{} // zero all the fields 5727 rws.conn = sc 5728 rws.bw = bwSave 5729 rws.bw.Reset(http2chunkWriter{rws}) 5730 rws.stream = st 5731 rws.req = req 5732 rws.body = body 5733 5734 rw := &http2responseWriter{rws: rws} 5735 return rw, req, nil 5736 } 5737 5738 // Run on its own goroutine. 5739 func (sc *http2serverConn) runHandler(rw *http2responseWriter, req *Request, handler func(ResponseWriter, *Request)) { 5740 didPanic := true 5741 defer func() { 5742 rw.rws.stream.cancelCtx() 5743 if didPanic { 5744 e := recover() 5745 sc.writeFrameFromHandler(http2FrameWriteRequest{ 5746 write: http2handlerPanicRST{rw.rws.stream.id}, 5747 stream: rw.rws.stream, 5748 }) 5749 // Same as net/http: 5750 if http2shouldLogPanic(e) { 5751 const size = 64 << 10 5752 buf := make([]byte, size) 5753 buf = buf[:runtime.Stack(buf, false)] 5754 sc.logf("http2: panic serving %v: %v\n%s", sc.conn.RemoteAddr(), e, buf) 5755 } 5756 return 5757 } 5758 rw.handlerDone() 5759 }() 5760 handler(rw, req) 5761 didPanic = false 5762 } 5763 5764 func http2handleHeaderListTooLong(w ResponseWriter, r *Request) { 5765 // 10.5.1 Limits on Header Block Size: 5766 // .. "A server that receives a larger header block than it is 5767 // willing to handle can send an HTTP 431 (Request Header Fields Too 5768 // Large) status code" 5769 const statusRequestHeaderFieldsTooLarge = 431 // only in Go 1.6+ 5770 w.WriteHeader(statusRequestHeaderFieldsTooLarge) 5771 io.WriteString(w, "<h1>HTTP Error 431</h1><p>Request Header Field(s) Too Large</p>") 5772 } 5773 5774 // called from handler goroutines. 5775 // h may be nil. 5776 func (sc *http2serverConn) writeHeaders(st *http2stream, headerData *http2writeResHeaders) error { 5777 sc.serveG.checkNotOn() // NOT on 5778 var errc chan error 5779 if headerData.h != nil { 5780 // If there's a header map (which we don't own), so we have to block on 5781 // waiting for this frame to be written, so an http.Flush mid-handler 5782 // writes out the correct value of keys, before a handler later potentially 5783 // mutates it. 5784 errc = http2errChanPool.Get().(chan error) 5785 } 5786 if err := sc.writeFrameFromHandler(http2FrameWriteRequest{ 5787 write: headerData, 5788 stream: st, 5789 done: errc, 5790 }); err != nil { 5791 return err 5792 } 5793 if errc != nil { 5794 select { 5795 case err := <-errc: 5796 http2errChanPool.Put(errc) 5797 return err 5798 case <-sc.doneServing: 5799 return http2errClientDisconnected 5800 case <-st.cw: 5801 return http2errStreamClosed 5802 } 5803 } 5804 return nil 5805 } 5806 5807 // called from handler goroutines. 5808 func (sc *http2serverConn) write100ContinueHeaders(st *http2stream) { 5809 sc.writeFrameFromHandler(http2FrameWriteRequest{ 5810 write: http2write100ContinueHeadersFrame{st.id}, 5811 stream: st, 5812 }) 5813 } 5814 5815 // A bodyReadMsg tells the server loop that the http.Handler read n 5816 // bytes of the DATA from the client on the given stream. 5817 type http2bodyReadMsg struct { 5818 st *http2stream 5819 n int 5820 } 5821 5822 // called from handler goroutines. 5823 // Notes that the handler for the given stream ID read n bytes of its body 5824 // and schedules flow control tokens to be sent. 5825 func (sc *http2serverConn) noteBodyReadFromHandler(st *http2stream, n int, err error) { 5826 sc.serveG.checkNotOn() // NOT on 5827 if n > 0 { 5828 select { 5829 case sc.bodyReadCh <- http2bodyReadMsg{st, n}: 5830 case <-sc.doneServing: 5831 } 5832 } 5833 } 5834 5835 func (sc *http2serverConn) noteBodyRead(st *http2stream, n int) { 5836 sc.serveG.check() 5837 sc.sendWindowUpdate(nil, n) // conn-level 5838 if st.state != http2stateHalfClosedRemote && st.state != http2stateClosed { 5839 // Don't send this WINDOW_UPDATE if the stream is closed 5840 // remotely. 5841 sc.sendWindowUpdate(st, n) 5842 } 5843 } 5844 5845 // st may be nil for conn-level 5846 func (sc *http2serverConn) sendWindowUpdate(st *http2stream, n int) { 5847 sc.serveG.check() 5848 // "The legal range for the increment to the flow control 5849 // window is 1 to 2^31-1 (2,147,483,647) octets." 5850 // A Go Read call on 64-bit machines could in theory read 5851 // a larger Read than this. Very unlikely, but we handle it here 5852 // rather than elsewhere for now. 5853 const maxUint31 = 1<<31 - 1 5854 for n >= maxUint31 { 5855 sc.sendWindowUpdate32(st, maxUint31) 5856 n -= maxUint31 5857 } 5858 sc.sendWindowUpdate32(st, int32(n)) 5859 } 5860 5861 // st may be nil for conn-level 5862 func (sc *http2serverConn) sendWindowUpdate32(st *http2stream, n int32) { 5863 sc.serveG.check() 5864 if n == 0 { 5865 return 5866 } 5867 if n < 0 { 5868 panic("negative update") 5869 } 5870 var streamID uint32 5871 if st != nil { 5872 streamID = st.id 5873 } 5874 sc.writeFrame(http2FrameWriteRequest{ 5875 write: http2writeWindowUpdate{streamID: streamID, n: uint32(n)}, 5876 stream: st, 5877 }) 5878 var ok bool 5879 if st == nil { 5880 ok = sc.inflow.add(n) 5881 } else { 5882 ok = st.inflow.add(n) 5883 } 5884 if !ok { 5885 panic("internal error; sent too many window updates without decrements?") 5886 } 5887 } 5888 5889 // requestBody is the Handler's Request.Body type. 5890 // Read and Close may be called concurrently. 5891 type http2requestBody struct { 5892 stream *http2stream 5893 conn *http2serverConn 5894 closed bool // for use by Close only 5895 sawEOF bool // for use by Read only 5896 pipe *http2pipe // non-nil if we have a HTTP entity message body 5897 needsContinue bool // need to send a 100-continue 5898 } 5899 5900 func (b *http2requestBody) Close() error { 5901 if b.pipe != nil && !b.closed { 5902 b.pipe.BreakWithError(http2errClosedBody) 5903 } 5904 b.closed = true 5905 return nil 5906 } 5907 5908 func (b *http2requestBody) Read(p []byte) (n int, err error) { 5909 if b.needsContinue { 5910 b.needsContinue = false 5911 b.conn.write100ContinueHeaders(b.stream) 5912 } 5913 if b.pipe == nil || b.sawEOF { 5914 return 0, io.EOF 5915 } 5916 n, err = b.pipe.Read(p) 5917 if err == io.EOF { 5918 b.sawEOF = true 5919 } 5920 if b.conn == nil && http2inTests { 5921 return 5922 } 5923 b.conn.noteBodyReadFromHandler(b.stream, n, err) 5924 return 5925 } 5926 5927 // responseWriter is the http.ResponseWriter implementation. It's 5928 // intentionally small (1 pointer wide) to minimize garbage. The 5929 // responseWriterState pointer inside is zeroed at the end of a 5930 // request (in handlerDone) and calls on the responseWriter thereafter 5931 // simply crash (caller's mistake), but the much larger responseWriterState 5932 // and buffers are reused between multiple requests. 5933 type http2responseWriter struct { 5934 rws *http2responseWriterState 5935 } 5936 5937 // Optional http.ResponseWriter interfaces implemented. 5938 var ( 5939 _ CloseNotifier = (*http2responseWriter)(nil) 5940 _ Flusher = (*http2responseWriter)(nil) 5941 _ http2stringWriter = (*http2responseWriter)(nil) 5942 ) 5943 5944 type http2responseWriterState struct { 5945 // immutable within a request: 5946 stream *http2stream 5947 req *Request 5948 body *http2requestBody // to close at end of request, if DATA frames didn't 5949 conn *http2serverConn 5950 5951 // TODO: adjust buffer writing sizes based on server config, frame size updates from peer, etc 5952 bw *bufio.Writer // writing to a chunkWriter{this *responseWriterState} 5953 5954 // mutated by http.Handler goroutine: 5955 handlerHeader Header // nil until called 5956 snapHeader Header // snapshot of handlerHeader at WriteHeader time 5957 trailers []string // set in writeChunk 5958 status int // status code passed to WriteHeader 5959 wroteHeader bool // WriteHeader called (explicitly or implicitly). Not necessarily sent to user yet. 5960 sentHeader bool // have we sent the header frame? 5961 handlerDone bool // handler has finished 5962 dirty bool // a Write failed; don't reuse this responseWriterState 5963 5964 sentContentLen int64 // non-zero if handler set a Content-Length header 5965 wroteBytes int64 5966 5967 closeNotifierMu sync.Mutex // guards closeNotifierCh 5968 closeNotifierCh chan bool // nil until first used 5969 } 5970 5971 type http2chunkWriter struct{ rws *http2responseWriterState } 5972 5973 func (cw http2chunkWriter) Write(p []byte) (n int, err error) { return cw.rws.writeChunk(p) } 5974 5975 func (rws *http2responseWriterState) hasTrailers() bool { return len(rws.trailers) != 0 } 5976 5977 // declareTrailer is called for each Trailer header when the 5978 // response header is written. It notes that a header will need to be 5979 // written in the trailers at the end of the response. 5980 func (rws *http2responseWriterState) declareTrailer(k string) { 5981 k = CanonicalHeaderKey(k) 5982 if !http2ValidTrailerHeader(k) { 5983 // Forbidden by RFC 2616 14.40. 5984 rws.conn.logf("ignoring invalid trailer %q", k) 5985 return 5986 } 5987 if !http2strSliceContains(rws.trailers, k) { 5988 rws.trailers = append(rws.trailers, k) 5989 } 5990 } 5991 5992 // writeChunk writes chunks from the bufio.Writer. But because 5993 // bufio.Writer may bypass its chunking, sometimes p may be 5994 // arbitrarily large. 5995 // 5996 // writeChunk is also responsible (on the first chunk) for sending the 5997 // HEADER response. 5998 func (rws *http2responseWriterState) writeChunk(p []byte) (n int, err error) { 5999 if !rws.wroteHeader { 6000 rws.writeHeader(200) 6001 } 6002 6003 isHeadResp := rws.req.Method == "HEAD" 6004 if !rws.sentHeader { 6005 rws.sentHeader = true 6006 var ctype, clen string 6007 if clen = rws.snapHeader.Get("Content-Length"); clen != "" { 6008 rws.snapHeader.Del("Content-Length") 6009 clen64, err := strconv.ParseInt(clen, 10, 64) 6010 if err == nil && clen64 >= 0 { 6011 rws.sentContentLen = clen64 6012 } else { 6013 clen = "" 6014 } 6015 } 6016 if clen == "" && rws.handlerDone && http2bodyAllowedForStatus(rws.status) && (len(p) > 0 || !isHeadResp) { 6017 clen = strconv.Itoa(len(p)) 6018 } 6019 _, hasContentType := rws.snapHeader["Content-Type"] 6020 if !hasContentType && http2bodyAllowedForStatus(rws.status) && len(p) > 0 { 6021 ctype = DetectContentType(p) 6022 } 6023 var date string 6024 if _, ok := rws.snapHeader["Date"]; !ok { 6025 // TODO(bradfitz): be faster here, like net/http? measure. 6026 date = time.Now().UTC().Format(TimeFormat) 6027 } 6028 6029 for _, v := range rws.snapHeader["Trailer"] { 6030 http2foreachHeaderElement(v, rws.declareTrailer) 6031 } 6032 6033 endStream := (rws.handlerDone && !rws.hasTrailers() && len(p) == 0) || isHeadResp 6034 err = rws.conn.writeHeaders(rws.stream, &http2writeResHeaders{ 6035 streamID: rws.stream.id, 6036 httpResCode: rws.status, 6037 h: rws.snapHeader, 6038 endStream: endStream, 6039 contentType: ctype, 6040 contentLength: clen, 6041 date: date, 6042 }) 6043 if err != nil { 6044 rws.dirty = true 6045 return 0, err 6046 } 6047 if endStream { 6048 return 0, nil 6049 } 6050 } 6051 if isHeadResp { 6052 return len(p), nil 6053 } 6054 if len(p) == 0 && !rws.handlerDone { 6055 return 0, nil 6056 } 6057 6058 if rws.handlerDone { 6059 rws.promoteUndeclaredTrailers() 6060 } 6061 6062 endStream := rws.handlerDone && !rws.hasTrailers() 6063 if len(p) > 0 || endStream { 6064 // only send a 0 byte DATA frame if we're ending the stream. 6065 if err := rws.conn.writeDataFromHandler(rws.stream, p, endStream); err != nil { 6066 rws.dirty = true 6067 return 0, err 6068 } 6069 } 6070 6071 if rws.handlerDone && rws.hasTrailers() { 6072 err = rws.conn.writeHeaders(rws.stream, &http2writeResHeaders{ 6073 streamID: rws.stream.id, 6074 h: rws.handlerHeader, 6075 trailers: rws.trailers, 6076 endStream: true, 6077 }) 6078 if err != nil { 6079 rws.dirty = true 6080 } 6081 return len(p), err 6082 } 6083 return len(p), nil 6084 } 6085 6086 // TrailerPrefix is a magic prefix for ResponseWriter.Header map keys 6087 // that, if present, signals that the map entry is actually for 6088 // the response trailers, and not the response headers. The prefix 6089 // is stripped after the ServeHTTP call finishes and the values are 6090 // sent in the trailers. 6091 // 6092 // This mechanism is intended only for trailers that are not known 6093 // prior to the headers being written. If the set of trailers is fixed 6094 // or known before the header is written, the normal Go trailers mechanism 6095 // is preferred: 6096 // https://golang.org/pkg/net/http/#ResponseWriter 6097 // https://golang.org/pkg/net/http/#example_ResponseWriter_trailers 6098 const http2TrailerPrefix = "Trailer:" 6099 6100 // promoteUndeclaredTrailers permits http.Handlers to set trailers 6101 // after the header has already been flushed. Because the Go 6102 // ResponseWriter interface has no way to set Trailers (only the 6103 // Header), and because we didn't want to expand the ResponseWriter 6104 // interface, and because nobody used trailers, and because RFC 2616 6105 // says you SHOULD (but not must) predeclare any trailers in the 6106 // header, the official ResponseWriter rules said trailers in Go must 6107 // be predeclared, and then we reuse the same ResponseWriter.Header() 6108 // map to mean both Headers and Trailers. When it's time to write the 6109 // Trailers, we pick out the fields of Headers that were declared as 6110 // trailers. That worked for a while, until we found the first major 6111 // user of Trailers in the wild: gRPC (using them only over http2), 6112 // and gRPC libraries permit setting trailers mid-stream without 6113 // predeclarnig them. So: change of plans. We still permit the old 6114 // way, but we also permit this hack: if a Header() key begins with 6115 // "Trailer:", the suffix of that key is a Trailer. Because ':' is an 6116 // invalid token byte anyway, there is no ambiguity. (And it's already 6117 // filtered out) It's mildly hacky, but not terrible. 6118 // 6119 // This method runs after the Handler is done and promotes any Header 6120 // fields to be trailers. 6121 func (rws *http2responseWriterState) promoteUndeclaredTrailers() { 6122 for k, vv := range rws.handlerHeader { 6123 if !strings.HasPrefix(k, http2TrailerPrefix) { 6124 continue 6125 } 6126 trailerKey := strings.TrimPrefix(k, http2TrailerPrefix) 6127 rws.declareTrailer(trailerKey) 6128 rws.handlerHeader[CanonicalHeaderKey(trailerKey)] = vv 6129 } 6130 6131 if len(rws.trailers) > 1 { 6132 sorter := http2sorterPool.Get().(*http2sorter) 6133 sorter.SortStrings(rws.trailers) 6134 http2sorterPool.Put(sorter) 6135 } 6136 } 6137 6138 func (w *http2responseWriter) Flush() { 6139 rws := w.rws 6140 if rws == nil { 6141 panic("Header called after Handler finished") 6142 } 6143 if rws.bw.Buffered() > 0 { 6144 if err := rws.bw.Flush(); err != nil { 6145 // Ignore the error. The frame writer already knows. 6146 return 6147 } 6148 } else { 6149 // The bufio.Writer won't call chunkWriter.Write 6150 // (writeChunk with zero bytes, so we have to do it 6151 // ourselves to force the HTTP response header and/or 6152 // final DATA frame (with END_STREAM) to be sent. 6153 rws.writeChunk(nil) 6154 } 6155 } 6156 6157 func (w *http2responseWriter) CloseNotify() <-chan bool { 6158 rws := w.rws 6159 if rws == nil { 6160 panic("CloseNotify called after Handler finished") 6161 } 6162 rws.closeNotifierMu.Lock() 6163 ch := rws.closeNotifierCh 6164 if ch == nil { 6165 ch = make(chan bool, 1) 6166 rws.closeNotifierCh = ch 6167 cw := rws.stream.cw 6168 go func() { 6169 cw.Wait() // wait for close 6170 ch <- true 6171 }() 6172 } 6173 rws.closeNotifierMu.Unlock() 6174 return ch 6175 } 6176 6177 func (w *http2responseWriter) Header() Header { 6178 rws := w.rws 6179 if rws == nil { 6180 panic("Header called after Handler finished") 6181 } 6182 if rws.handlerHeader == nil { 6183 rws.handlerHeader = make(Header) 6184 } 6185 return rws.handlerHeader 6186 } 6187 6188 // checkWriteHeaderCode is a copy of net/http's checkWriteHeaderCode. 6189 func http2checkWriteHeaderCode(code int) { 6190 // Issue 22880: require valid WriteHeader status codes. 6191 // For now we only enforce that it's three digits. 6192 // In the future we might block things over 599 (600 and above aren't defined 6193 // at http://httpwg.org/specs/rfc7231.html#status.codes) 6194 // and we might block under 200 (once we have more mature 1xx support). 6195 // But for now any three digits. 6196 // 6197 // We used to send "HTTP/1.1 000 0" on the wire in responses but there's 6198 // no equivalent bogus thing we can realistically send in HTTP/2, 6199 // so we'll consistently panic instead and help people find their bugs 6200 // early. (We can't return an error from WriteHeader even if we wanted to.) 6201 if code < 100 || code > 999 { 6202 panic(fmt.Sprintf("invalid WriteHeader code %v", code)) 6203 } 6204 } 6205 6206 func (w *http2responseWriter) WriteHeader(code int) { 6207 rws := w.rws 6208 if rws == nil { 6209 panic("WriteHeader called after Handler finished") 6210 } 6211 rws.writeHeader(code) 6212 } 6213 6214 func (rws *http2responseWriterState) writeHeader(code int) { 6215 if !rws.wroteHeader { 6216 http2checkWriteHeaderCode(code) 6217 rws.wroteHeader = true 6218 rws.status = code 6219 if len(rws.handlerHeader) > 0 { 6220 rws.snapHeader = http2cloneHeader(rws.handlerHeader) 6221 } 6222 } 6223 } 6224 6225 func http2cloneHeader(h Header) Header { 6226 h2 := make(Header, len(h)) 6227 for k, vv := range h { 6228 vv2 := make([]string, len(vv)) 6229 copy(vv2, vv) 6230 h2[k] = vv2 6231 } 6232 return h2 6233 } 6234 6235 // The Life Of A Write is like this: 6236 // 6237 // * Handler calls w.Write or w.WriteString -> 6238 // * -> rws.bw (*bufio.Writer) -> 6239 // * (Handler might call Flush) 6240 // * -> chunkWriter{rws} 6241 // * -> responseWriterState.writeChunk(p []byte) 6242 // * -> responseWriterState.writeChunk (most of the magic; see comment there) 6243 func (w *http2responseWriter) Write(p []byte) (n int, err error) { 6244 return w.write(len(p), p, "") 6245 } 6246 6247 func (w *http2responseWriter) WriteString(s string) (n int, err error) { 6248 return w.write(len(s), nil, s) 6249 } 6250 6251 // either dataB or dataS is non-zero. 6252 func (w *http2responseWriter) write(lenData int, dataB []byte, dataS string) (n int, err error) { 6253 rws := w.rws 6254 if rws == nil { 6255 panic("Write called after Handler finished") 6256 } 6257 if !rws.wroteHeader { 6258 w.WriteHeader(200) 6259 } 6260 if !http2bodyAllowedForStatus(rws.status) { 6261 return 0, ErrBodyNotAllowed 6262 } 6263 rws.wroteBytes += int64(len(dataB)) + int64(len(dataS)) // only one can be set 6264 if rws.sentContentLen != 0 && rws.wroteBytes > rws.sentContentLen { 6265 // TODO: send a RST_STREAM 6266 return 0, errors.New("http2: handler wrote more than declared Content-Length") 6267 } 6268 6269 if dataB != nil { 6270 return rws.bw.Write(dataB) 6271 } else { 6272 return rws.bw.WriteString(dataS) 6273 } 6274 } 6275 6276 func (w *http2responseWriter) handlerDone() { 6277 rws := w.rws 6278 dirty := rws.dirty 6279 rws.handlerDone = true 6280 w.Flush() 6281 w.rws = nil 6282 if !dirty { 6283 // Only recycle the pool if all prior Write calls to 6284 // the serverConn goroutine completed successfully. If 6285 // they returned earlier due to resets from the peer 6286 // there might still be write goroutines outstanding 6287 // from the serverConn referencing the rws memory. See 6288 // issue 20704. 6289 http2responseWriterStatePool.Put(rws) 6290 } 6291 } 6292 6293 // Push errors. 6294 var ( 6295 http2ErrRecursivePush = errors.New("http2: recursive push not allowed") 6296 http2ErrPushLimitReached = errors.New("http2: push would exceed peer's SETTINGS_MAX_CONCURRENT_STREAMS") 6297 ) 6298 6299 // pushOptions is the internal version of http.PushOptions, which we 6300 // cannot include here because it's only defined in Go 1.8 and later. 6301 type http2pushOptions struct { 6302 Method string 6303 Header Header 6304 } 6305 6306 func (w *http2responseWriter) push(target string, opts http2pushOptions) error { 6307 st := w.rws.stream 6308 sc := st.sc 6309 sc.serveG.checkNotOn() 6310 6311 // No recursive pushes: "PUSH_PROMISE frames MUST only be sent on a peer-initiated stream." 6312 // http://tools.ietf.org/html/rfc7540#section-6.6 6313 if st.isPushed() { 6314 return http2ErrRecursivePush 6315 } 6316 6317 // Default options. 6318 if opts.Method == "" { 6319 opts.Method = "GET" 6320 } 6321 if opts.Header == nil { 6322 opts.Header = Header{} 6323 } 6324 wantScheme := "http" 6325 if w.rws.req.TLS != nil { 6326 wantScheme = "https" 6327 } 6328 6329 // Validate the request. 6330 u, err := url.Parse(target) 6331 if err != nil { 6332 return err 6333 } 6334 if u.Scheme == "" { 6335 if !strings.HasPrefix(target, "/") { 6336 return fmt.Errorf("target must be an absolute URL or an absolute path: %q", target) 6337 } 6338 u.Scheme = wantScheme 6339 u.Host = w.rws.req.Host 6340 } else { 6341 if u.Scheme != wantScheme { 6342 return fmt.Errorf("cannot push URL with scheme %q from request with scheme %q", u.Scheme, wantScheme) 6343 } 6344 if u.Host == "" { 6345 return errors.New("URL must have a host") 6346 } 6347 } 6348 for k := range opts.Header { 6349 if strings.HasPrefix(k, ":") { 6350 return fmt.Errorf("promised request headers cannot include pseudo header %q", k) 6351 } 6352 // These headers are meaningful only if the request has a body, 6353 // but PUSH_PROMISE requests cannot have a body. 6354 // http://tools.ietf.org/html/rfc7540#section-8.2 6355 // Also disallow Host, since the promised URL must be absolute. 6356 switch strings.ToLower(k) { 6357 case "content-length", "content-encoding", "trailer", "te", "expect", "host": 6358 return fmt.Errorf("promised request headers cannot include %q", k) 6359 } 6360 } 6361 if err := http2checkValidHTTP2RequestHeaders(opts.Header); err != nil { 6362 return err 6363 } 6364 6365 // The RFC effectively limits promised requests to GET and HEAD: 6366 // "Promised requests MUST be cacheable [GET, HEAD, or POST], and MUST be safe [GET or HEAD]" 6367 // http://tools.ietf.org/html/rfc7540#section-8.2 6368 if opts.Method != "GET" && opts.Method != "HEAD" { 6369 return fmt.Errorf("method %q must be GET or HEAD", opts.Method) 6370 } 6371 6372 msg := &http2startPushRequest{ 6373 parent: st, 6374 method: opts.Method, 6375 url: u, 6376 header: http2cloneHeader(opts.Header), 6377 done: http2errChanPool.Get().(chan error), 6378 } 6379 6380 select { 6381 case <-sc.doneServing: 6382 return http2errClientDisconnected 6383 case <-st.cw: 6384 return http2errStreamClosed 6385 case sc.serveMsgCh <- msg: 6386 } 6387 6388 select { 6389 case <-sc.doneServing: 6390 return http2errClientDisconnected 6391 case <-st.cw: 6392 return http2errStreamClosed 6393 case err := <-msg.done: 6394 http2errChanPool.Put(msg.done) 6395 return err 6396 } 6397 } 6398 6399 type http2startPushRequest struct { 6400 parent *http2stream 6401 method string 6402 url *url.URL 6403 header Header 6404 done chan error 6405 } 6406 6407 func (sc *http2serverConn) startPush(msg *http2startPushRequest) { 6408 sc.serveG.check() 6409 6410 // http://tools.ietf.org/html/rfc7540#section-6.6. 6411 // PUSH_PROMISE frames MUST only be sent on a peer-initiated stream that 6412 // is in either the "open" or "half-closed (remote)" state. 6413 if msg.parent.state != http2stateOpen && msg.parent.state != http2stateHalfClosedRemote { 6414 // responseWriter.Push checks that the stream is peer-initiaed. 6415 msg.done <- http2errStreamClosed 6416 return 6417 } 6418 6419 // http://tools.ietf.org/html/rfc7540#section-6.6. 6420 if !sc.pushEnabled { 6421 msg.done <- ErrNotSupported 6422 return 6423 } 6424 6425 // PUSH_PROMISE frames must be sent in increasing order by stream ID, so 6426 // we allocate an ID for the promised stream lazily, when the PUSH_PROMISE 6427 // is written. Once the ID is allocated, we start the request handler. 6428 allocatePromisedID := func() (uint32, error) { 6429 sc.serveG.check() 6430 6431 // Check this again, just in case. Technically, we might have received 6432 // an updated SETTINGS by the time we got around to writing this frame. 6433 if !sc.pushEnabled { 6434 return 0, ErrNotSupported 6435 } 6436 // http://tools.ietf.org/html/rfc7540#section-6.5.2. 6437 if sc.curPushedStreams+1 > sc.clientMaxStreams { 6438 return 0, http2ErrPushLimitReached 6439 } 6440 6441 // http://tools.ietf.org/html/rfc7540#section-5.1.1. 6442 // Streams initiated by the server MUST use even-numbered identifiers. 6443 // A server that is unable to establish a new stream identifier can send a GOAWAY 6444 // frame so that the client is forced to open a new connection for new streams. 6445 if sc.maxPushPromiseID+2 >= 1<<31 { 6446 sc.startGracefulShutdownInternal() 6447 return 0, http2ErrPushLimitReached 6448 } 6449 sc.maxPushPromiseID += 2 6450 promisedID := sc.maxPushPromiseID 6451 6452 // http://tools.ietf.org/html/rfc7540#section-8.2. 6453 // Strictly speaking, the new stream should start in "reserved (local)", then 6454 // transition to "half closed (remote)" after sending the initial HEADERS, but 6455 // we start in "half closed (remote)" for simplicity. 6456 // See further comments at the definition of stateHalfClosedRemote. 6457 promised := sc.newStream(promisedID, msg.parent.id, http2stateHalfClosedRemote) 6458 rw, req, err := sc.newWriterAndRequestNoBody(promised, http2requestParam{ 6459 method: msg.method, 6460 scheme: msg.url.Scheme, 6461 authority: msg.url.Host, 6462 path: msg.url.RequestURI(), 6463 header: http2cloneHeader(msg.header), // clone since handler runs concurrently with writing the PUSH_PROMISE 6464 }) 6465 if err != nil { 6466 // Should not happen, since we've already validated msg.url. 6467 panic(fmt.Sprintf("newWriterAndRequestNoBody(%+v): %v", msg.url, err)) 6468 } 6469 6470 go sc.runHandler(rw, req, sc.handler.ServeHTTP) 6471 return promisedID, nil 6472 } 6473 6474 sc.writeFrame(http2FrameWriteRequest{ 6475 write: &http2writePushPromise{ 6476 streamID: msg.parent.id, 6477 method: msg.method, 6478 url: msg.url, 6479 h: msg.header, 6480 allocatePromisedID: allocatePromisedID, 6481 }, 6482 stream: msg.parent, 6483 done: msg.done, 6484 }) 6485 } 6486 6487 // foreachHeaderElement splits v according to the "#rule" construction 6488 // in RFC 2616 section 2.1 and calls fn for each non-empty element. 6489 func http2foreachHeaderElement(v string, fn func(string)) { 6490 v = textproto.TrimString(v) 6491 if v == "" { 6492 return 6493 } 6494 if !strings.Contains(v, ",") { 6495 fn(v) 6496 return 6497 } 6498 for _, f := range strings.Split(v, ",") { 6499 if f = textproto.TrimString(f); f != "" { 6500 fn(f) 6501 } 6502 } 6503 } 6504 6505 // From http://httpwg.org/specs/rfc7540.html#rfc.section.8.1.2.2 6506 var http2connHeaders = []string{ 6507 "Connection", 6508 "Keep-Alive", 6509 "Proxy-Connection", 6510 "Transfer-Encoding", 6511 "Upgrade", 6512 } 6513 6514 // checkValidHTTP2RequestHeaders checks whether h is a valid HTTP/2 request, 6515 // per RFC 7540 Section 8.1.2.2. 6516 // The returned error is reported to users. 6517 func http2checkValidHTTP2RequestHeaders(h Header) error { 6518 for _, k := range http2connHeaders { 6519 if _, ok := h[k]; ok { 6520 return fmt.Errorf("request header %q is not valid in HTTP/2", k) 6521 } 6522 } 6523 te := h["Te"] 6524 if len(te) > 0 && (len(te) > 1 || (te[0] != "trailers" && te[0] != "")) { 6525 return errors.New(`request header "TE" may only be "trailers" in HTTP/2`) 6526 } 6527 return nil 6528 } 6529 6530 func http2new400Handler(err error) HandlerFunc { 6531 return func(w ResponseWriter, r *Request) { 6532 Error(w, err.Error(), StatusBadRequest) 6533 } 6534 } 6535 6536 // ValidTrailerHeader reports whether name is a valid header field name to appear 6537 // in trailers. 6538 // See: http://tools.ietf.org/html/rfc7230#section-4.1.2 6539 func http2ValidTrailerHeader(name string) bool { 6540 name = CanonicalHeaderKey(name) 6541 if strings.HasPrefix(name, "If-") || http2badTrailer[name] { 6542 return false 6543 } 6544 return true 6545 } 6546 6547 var http2badTrailer = map[string]bool{ 6548 "Authorization": true, 6549 "Cache-Control": true, 6550 "Connection": true, 6551 "Content-Encoding": true, 6552 "Content-Length": true, 6553 "Content-Range": true, 6554 "Content-Type": true, 6555 "Expect": true, 6556 "Host": true, 6557 "Keep-Alive": true, 6558 "Max-Forwards": true, 6559 "Pragma": true, 6560 "Proxy-Authenticate": true, 6561 "Proxy-Authorization": true, 6562 "Proxy-Connection": true, 6563 "Range": true, 6564 "Realm": true, 6565 "Te": true, 6566 "Trailer": true, 6567 "Transfer-Encoding": true, 6568 "Www-Authenticate": true, 6569 } 6570 6571 // h1ServerKeepAlivesDisabled reports whether hs has its keep-alives 6572 // disabled. See comments on h1ServerShutdownChan above for why 6573 // the code is written this way. 6574 func http2h1ServerKeepAlivesDisabled(hs *Server) bool { 6575 var x interface{} = hs 6576 type I interface { 6577 doKeepAlives() bool 6578 } 6579 if hs, ok := x.(I); ok { 6580 return !hs.doKeepAlives() 6581 } 6582 return false 6583 } 6584 6585 const ( 6586 // transportDefaultConnFlow is how many connection-level flow control 6587 // tokens we give the server at start-up, past the default 64k. 6588 http2transportDefaultConnFlow = 1 << 30 6589 6590 // transportDefaultStreamFlow is how many stream-level flow 6591 // control tokens we announce to the peer, and how many bytes 6592 // we buffer per stream. 6593 http2transportDefaultStreamFlow = 4 << 20 6594 6595 // transportDefaultStreamMinRefresh is the minimum number of bytes we'll send 6596 // a stream-level WINDOW_UPDATE for at a time. 6597 http2transportDefaultStreamMinRefresh = 4 << 10 6598 6599 http2defaultUserAgent = "Go-http-client/2.0" 6600 ) 6601 6602 // Transport is an HTTP/2 Transport. 6603 // 6604 // A Transport internally caches connections to servers. It is safe 6605 // for concurrent use by multiple goroutines. 6606 type http2Transport struct { 6607 // DialTLS specifies an optional dial function for creating 6608 // TLS connections for requests. 6609 // 6610 // If DialTLS is nil, tls.Dial is used. 6611 // 6612 // If the returned net.Conn has a ConnectionState method like tls.Conn, 6613 // it will be used to set http.Response.TLS. 6614 DialTLS func(network, addr string, cfg *tls.Config) (net.Conn, error) 6615 6616 // TLSClientConfig specifies the TLS configuration to use with 6617 // tls.Client. If nil, the default configuration is used. 6618 TLSClientConfig *tls.Config 6619 6620 // ConnPool optionally specifies an alternate connection pool to use. 6621 // If nil, the default is used. 6622 ConnPool http2ClientConnPool 6623 6624 // DisableCompression, if true, prevents the Transport from 6625 // requesting compression with an "Accept-Encoding: gzip" 6626 // request header when the Request contains no existing 6627 // Accept-Encoding value. If the Transport requests gzip on 6628 // its own and gets a gzipped response, it's transparently 6629 // decoded in the Response.Body. However, if the user 6630 // explicitly requested gzip it is not automatically 6631 // uncompressed. 6632 DisableCompression bool 6633 6634 // AllowHTTP, if true, permits HTTP/2 requests using the insecure, 6635 // plain-text "http" scheme. Note that this does not enable h2c support. 6636 AllowHTTP bool 6637 6638 // MaxHeaderListSize is the http2 SETTINGS_MAX_HEADER_LIST_SIZE to 6639 // send in the initial settings frame. It is how many bytes 6640 // of response headers are allowed. Unlike the http2 spec, zero here 6641 // means to use a default limit (currently 10MB). If you actually 6642 // want to advertise an ulimited value to the peer, Transport 6643 // interprets the highest possible value here (0xffffffff or 1<<32-1) 6644 // to mean no limit. 6645 MaxHeaderListSize uint32 6646 6647 // t1, if non-nil, is the standard library Transport using 6648 // this transport. Its settings are used (but not its 6649 // RoundTrip method, etc). 6650 t1 *Transport 6651 6652 connPoolOnce sync.Once 6653 connPoolOrDef http2ClientConnPool // non-nil version of ConnPool 6654 } 6655 6656 func (t *http2Transport) maxHeaderListSize() uint32 { 6657 if t.MaxHeaderListSize == 0 { 6658 return 10 << 20 6659 } 6660 if t.MaxHeaderListSize == 0xffffffff { 6661 return 0 6662 } 6663 return t.MaxHeaderListSize 6664 } 6665 6666 func (t *http2Transport) disableCompression() bool { 6667 return t.DisableCompression || (t.t1 != nil && t.t1.DisableCompression) 6668 } 6669 6670 var http2errTransportVersion = errors.New("http2: ConfigureTransport is only supported starting at Go 1.6") 6671 6672 // ConfigureTransport configures a net/http HTTP/1 Transport to use HTTP/2. 6673 // It requires Go 1.6 or later and returns an error if the net/http package is too old 6674 // or if t1 has already been HTTP/2-enabled. 6675 func http2ConfigureTransport(t1 *Transport) error { 6676 _, err := http2configureTransport(t1) // in configure_transport.go (go1.6) or not_go16.go 6677 return err 6678 } 6679 6680 func (t *http2Transport) connPool() http2ClientConnPool { 6681 t.connPoolOnce.Do(t.initConnPool) 6682 return t.connPoolOrDef 6683 } 6684 6685 func (t *http2Transport) initConnPool() { 6686 if t.ConnPool != nil { 6687 t.connPoolOrDef = t.ConnPool 6688 } else { 6689 t.connPoolOrDef = &http2clientConnPool{t: t} 6690 } 6691 } 6692 6693 // ClientConn is the state of a single HTTP/2 client connection to an 6694 // HTTP/2 server. 6695 type http2ClientConn struct { 6696 t *http2Transport 6697 tconn net.Conn // usually *tls.Conn, except specialized impls 6698 tlsState *tls.ConnectionState // nil only for specialized impls 6699 singleUse bool // whether being used for a single http.Request 6700 6701 // readLoop goroutine fields: 6702 readerDone chan struct{} // closed on error 6703 readerErr error // set before readerDone is closed 6704 6705 idleTimeout time.Duration // or 0 for never 6706 idleTimer *time.Timer 6707 6708 mu sync.Mutex // guards following 6709 cond *sync.Cond // hold mu; broadcast on flow/closed changes 6710 flow http2flow // our conn-level flow control quota (cs.flow is per stream) 6711 inflow http2flow // peer's conn-level flow control 6712 closed bool 6713 wantSettingsAck bool // we sent a SETTINGS frame and haven't heard back 6714 goAway *http2GoAwayFrame // if non-nil, the GoAwayFrame we received 6715 goAwayDebug string // goAway frame's debug data, retained as a string 6716 streams map[uint32]*http2clientStream // client-initiated 6717 nextStreamID uint32 6718 pendingRequests int // requests blocked and waiting to be sent because len(streams) == maxConcurrentStreams 6719 pings map[[8]byte]chan struct{} // in flight ping data to notification channel 6720 bw *bufio.Writer 6721 br *bufio.Reader 6722 fr *http2Framer 6723 lastActive time.Time 6724 // Settings from peer: (also guarded by mu) 6725 maxFrameSize uint32 6726 maxConcurrentStreams uint32 6727 peerMaxHeaderListSize uint64 6728 initialWindowSize uint32 6729 6730 hbuf bytes.Buffer // HPACK encoder writes into this 6731 henc *hpack.Encoder 6732 freeBuf [][]byte 6733 6734 wmu sync.Mutex // held while writing; acquire AFTER mu if holding both 6735 werr error // first write error that has occurred 6736 } 6737 6738 // clientStream is the state for a single HTTP/2 stream. One of these 6739 // is created for each Transport.RoundTrip call. 6740 type http2clientStream struct { 6741 cc *http2ClientConn 6742 req *Request 6743 trace *http2clientTrace // or nil 6744 ID uint32 6745 resc chan http2resAndError 6746 bufPipe http2pipe // buffered pipe with the flow-controlled response payload 6747 startedWrite bool // started request body write; guarded by cc.mu 6748 requestedGzip bool 6749 on100 func() // optional code to run if get a 100 continue response 6750 6751 flow http2flow // guarded by cc.mu 6752 inflow http2flow // guarded by cc.mu 6753 bytesRemain int64 // -1 means unknown; owned by transportResponseBody.Read 6754 readErr error // sticky read error; owned by transportResponseBody.Read 6755 stopReqBody error // if non-nil, stop writing req body; guarded by cc.mu 6756 didReset bool // whether we sent a RST_STREAM to the server; guarded by cc.mu 6757 6758 peerReset chan struct{} // closed on peer reset 6759 resetErr error // populated before peerReset is closed 6760 6761 done chan struct{} // closed when stream remove from cc.streams map; close calls guarded by cc.mu 6762 6763 // owned by clientConnReadLoop: 6764 firstByte bool // got the first response byte 6765 pastHeaders bool // got first MetaHeadersFrame (actual headers) 6766 pastTrailers bool // got optional second MetaHeadersFrame (trailers) 6767 6768 trailer Header // accumulated trailers 6769 resTrailer *Header // client's Response.Trailer 6770 } 6771 6772 // awaitRequestCancel waits for the user to cancel a request or for the done 6773 // channel to be signaled. A non-nil error is returned only if the request was 6774 // canceled. 6775 func http2awaitRequestCancel(req *Request, done <-chan struct{}) error { 6776 ctx := http2reqContext(req) 6777 if req.Cancel == nil && ctx.Done() == nil { 6778 return nil 6779 } 6780 select { 6781 case <-req.Cancel: 6782 return http2errRequestCanceled 6783 case <-ctx.Done(): 6784 return ctx.Err() 6785 case <-done: 6786 return nil 6787 } 6788 } 6789 6790 // awaitRequestCancel waits for the user to cancel a request, its context to 6791 // expire, or for the request to be done (any way it might be removed from the 6792 // cc.streams map: peer reset, successful completion, TCP connection breakage, 6793 // etc). If the request is canceled, then cs will be canceled and closed. 6794 func (cs *http2clientStream) awaitRequestCancel(req *Request) { 6795 if err := http2awaitRequestCancel(req, cs.done); err != nil { 6796 cs.cancelStream() 6797 cs.bufPipe.CloseWithError(err) 6798 } 6799 } 6800 6801 func (cs *http2clientStream) cancelStream() { 6802 cc := cs.cc 6803 cc.mu.Lock() 6804 didReset := cs.didReset 6805 cs.didReset = true 6806 cc.mu.Unlock() 6807 6808 if !didReset { 6809 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 6810 cc.forgetStreamID(cs.ID) 6811 } 6812 } 6813 6814 // checkResetOrDone reports any error sent in a RST_STREAM frame by the 6815 // server, or errStreamClosed if the stream is complete. 6816 func (cs *http2clientStream) checkResetOrDone() error { 6817 select { 6818 case <-cs.peerReset: 6819 return cs.resetErr 6820 case <-cs.done: 6821 return http2errStreamClosed 6822 default: 6823 return nil 6824 } 6825 } 6826 6827 func (cs *http2clientStream) getStartedWrite() bool { 6828 cc := cs.cc 6829 cc.mu.Lock() 6830 defer cc.mu.Unlock() 6831 return cs.startedWrite 6832 } 6833 6834 func (cs *http2clientStream) abortRequestBodyWrite(err error) { 6835 if err == nil { 6836 panic("nil error") 6837 } 6838 cc := cs.cc 6839 cc.mu.Lock() 6840 cs.stopReqBody = err 6841 cc.cond.Broadcast() 6842 cc.mu.Unlock() 6843 } 6844 6845 type http2stickyErrWriter struct { 6846 w io.Writer 6847 err *error 6848 } 6849 6850 func (sew http2stickyErrWriter) Write(p []byte) (n int, err error) { 6851 if *sew.err != nil { 6852 return 0, *sew.err 6853 } 6854 n, err = sew.w.Write(p) 6855 *sew.err = err 6856 return 6857 } 6858 6859 // noCachedConnError is the concrete type of ErrNoCachedConn, needs to be detected 6860 // by net/http regardless of whether it's its bundled version (in h2_bundle.go with a rewritten type name) 6861 // or from a user's x/net/http2. As such, as it has a unique method name (IsHTTP2NoCachedConnError) that 6862 // net/http sniffs for via func isNoCachedConnError. 6863 type http2noCachedConnError struct{} 6864 6865 func (http2noCachedConnError) IsHTTP2NoCachedConnError() {} 6866 6867 func (http2noCachedConnError) Error() string { return "http2: no cached connection was available" } 6868 6869 // isNoCachedConnError reports whether err is of type noCachedConnError 6870 // or its equivalent renamed type in net/http2's h2_bundle.go. Both types 6871 // may coexist in the same running program. 6872 func http2isNoCachedConnError(err error) bool { 6873 _, ok := err.(interface { 6874 IsHTTP2NoCachedConnError() 6875 }) 6876 return ok 6877 } 6878 6879 var http2ErrNoCachedConn error = http2noCachedConnError{} 6880 6881 // RoundTripOpt are options for the Transport.RoundTripOpt method. 6882 type http2RoundTripOpt struct { 6883 // OnlyCachedConn controls whether RoundTripOpt may 6884 // create a new TCP connection. If set true and 6885 // no cached connection is available, RoundTripOpt 6886 // will return ErrNoCachedConn. 6887 OnlyCachedConn bool 6888 } 6889 6890 func (t *http2Transport) RoundTrip(req *Request) (*Response, error) { 6891 return t.RoundTripOpt(req, http2RoundTripOpt{}) 6892 } 6893 6894 // authorityAddr returns a given authority (a host/IP, or host:port / ip:port) 6895 // and returns a host:port. The port 443 is added if needed. 6896 func http2authorityAddr(scheme string, authority string) (addr string) { 6897 host, port, err := net.SplitHostPort(authority) 6898 if err != nil { // authority didn't have a port 6899 port = "443" 6900 if scheme == "http" { 6901 port = "80" 6902 } 6903 host = authority 6904 } 6905 if a, err := idna.ToASCII(host); err == nil { 6906 host = a 6907 } 6908 // IPv6 address literal, without a port: 6909 if strings.HasPrefix(host, "[") && strings.HasSuffix(host, "]") { 6910 return host + ":" + port 6911 } 6912 return net.JoinHostPort(host, port) 6913 } 6914 6915 // RoundTripOpt is like RoundTrip, but takes options. 6916 func (t *http2Transport) RoundTripOpt(req *Request, opt http2RoundTripOpt) (*Response, error) { 6917 if !(req.URL.Scheme == "https" || (req.URL.Scheme == "http" && t.AllowHTTP)) { 6918 return nil, errors.New("http2: unsupported scheme") 6919 } 6920 6921 addr := http2authorityAddr(req.URL.Scheme, req.URL.Host) 6922 for retry := 0; ; retry++ { 6923 cc, err := t.connPool().GetClientConn(req, addr) 6924 if err != nil { 6925 t.vlogf("http2: Transport failed to get client conn for %s: %v", addr, err) 6926 return nil, err 6927 } 6928 http2traceGotConn(req, cc) 6929 res, gotErrAfterReqBodyWrite, err := cc.roundTrip(req) 6930 if err != nil && retry <= 6 { 6931 if req, err = http2shouldRetryRequest(req, err, gotErrAfterReqBodyWrite); err == nil { 6932 // After the first retry, do exponential backoff with 10% jitter. 6933 if retry == 0 { 6934 continue 6935 } 6936 backoff := float64(uint(1) << (uint(retry) - 1)) 6937 backoff += backoff * (0.1 * mathrand.Float64()) 6938 select { 6939 case <-time.After(time.Second * time.Duration(backoff)): 6940 continue 6941 case <-http2reqContext(req).Done(): 6942 return nil, http2reqContext(req).Err() 6943 } 6944 } 6945 } 6946 if err != nil { 6947 t.vlogf("RoundTrip failure: %v", err) 6948 return nil, err 6949 } 6950 return res, nil 6951 } 6952 } 6953 6954 // CloseIdleConnections closes any connections which were previously 6955 // connected from previous requests but are now sitting idle. 6956 // It does not interrupt any connections currently in use. 6957 func (t *http2Transport) CloseIdleConnections() { 6958 if cp, ok := t.connPool().(http2clientConnPoolIdleCloser); ok { 6959 cp.closeIdleConnections() 6960 } 6961 } 6962 6963 var ( 6964 http2errClientConnClosed = errors.New("http2: client conn is closed") 6965 http2errClientConnUnusable = errors.New("http2: client conn not usable") 6966 http2errClientConnGotGoAway = errors.New("http2: Transport received Server's graceful shutdown GOAWAY") 6967 ) 6968 6969 // shouldRetryRequest is called by RoundTrip when a request fails to get 6970 // response headers. It is always called with a non-nil error. 6971 // It returns either a request to retry (either the same request, or a 6972 // modified clone), or an error if the request can't be replayed. 6973 func http2shouldRetryRequest(req *Request, err error, afterBodyWrite bool) (*Request, error) { 6974 if !http2canRetryError(err) { 6975 return nil, err 6976 } 6977 if !afterBodyWrite { 6978 return req, nil 6979 } 6980 // If the Body is nil (or http.NoBody), it's safe to reuse 6981 // this request and its Body. 6982 if req.Body == nil || http2reqBodyIsNoBody(req.Body) { 6983 return req, nil 6984 } 6985 // Otherwise we depend on the Request having its GetBody 6986 // func defined. 6987 getBody := http2reqGetBody(req) // Go 1.8: getBody = req.GetBody 6988 if getBody == nil { 6989 return nil, fmt.Errorf("http2: Transport: cannot retry err [%v] after Request.Body was written; define Request.GetBody to avoid this error", err) 6990 } 6991 body, err := getBody() 6992 if err != nil { 6993 return nil, err 6994 } 6995 newReq := *req 6996 newReq.Body = body 6997 return &newReq, nil 6998 } 6999 7000 func http2canRetryError(err error) bool { 7001 if err == http2errClientConnUnusable || err == http2errClientConnGotGoAway { 7002 return true 7003 } 7004 if se, ok := err.(http2StreamError); ok { 7005 return se.Code == http2ErrCodeRefusedStream 7006 } 7007 return false 7008 } 7009 7010 func (t *http2Transport) dialClientConn(addr string, singleUse bool) (*http2ClientConn, error) { 7011 host, _, err := net.SplitHostPort(addr) 7012 if err != nil { 7013 return nil, err 7014 } 7015 tconn, err := t.dialTLS()("tcp", addr, t.newTLSConfig(host)) 7016 if err != nil { 7017 return nil, err 7018 } 7019 return t.newClientConn(tconn, singleUse) 7020 } 7021 7022 func (t *http2Transport) newTLSConfig(host string) *tls.Config { 7023 cfg := new(tls.Config) 7024 if t.TLSClientConfig != nil { 7025 *cfg = *http2cloneTLSConfig(t.TLSClientConfig) 7026 } 7027 if !http2strSliceContains(cfg.NextProtos, http2NextProtoTLS) { 7028 cfg.NextProtos = append([]string{http2NextProtoTLS}, cfg.NextProtos...) 7029 } 7030 if cfg.ServerName == "" { 7031 cfg.ServerName = host 7032 } 7033 return cfg 7034 } 7035 7036 func (t *http2Transport) dialTLS() func(string, string, *tls.Config) (net.Conn, error) { 7037 if t.DialTLS != nil { 7038 return t.DialTLS 7039 } 7040 return t.dialTLSDefault 7041 } 7042 7043 func (t *http2Transport) dialTLSDefault(network, addr string, cfg *tls.Config) (net.Conn, error) { 7044 cn, err := tls.Dial(network, addr, cfg) 7045 if err != nil { 7046 return nil, err 7047 } 7048 if err := cn.Handshake(); err != nil { 7049 return nil, err 7050 } 7051 if !cfg.InsecureSkipVerify { 7052 if err := cn.VerifyHostname(cfg.ServerName); err != nil { 7053 return nil, err 7054 } 7055 } 7056 state := cn.ConnectionState() 7057 if p := state.NegotiatedProtocol; p != http2NextProtoTLS { 7058 return nil, fmt.Errorf("http2: unexpected ALPN protocol %q; want %q", p, http2NextProtoTLS) 7059 } 7060 if !state.NegotiatedProtocolIsMutual { 7061 return nil, errors.New("http2: could not negotiate protocol mutually") 7062 } 7063 return cn, nil 7064 } 7065 7066 // disableKeepAlives reports whether connections should be closed as 7067 // soon as possible after handling the first request. 7068 func (t *http2Transport) disableKeepAlives() bool { 7069 return t.t1 != nil && t.t1.DisableKeepAlives 7070 } 7071 7072 func (t *http2Transport) expectContinueTimeout() time.Duration { 7073 if t.t1 == nil { 7074 return 0 7075 } 7076 return http2transportExpectContinueTimeout(t.t1) 7077 } 7078 7079 func (t *http2Transport) NewClientConn(c net.Conn) (*http2ClientConn, error) { 7080 return t.newClientConn(c, false) 7081 } 7082 7083 func (t *http2Transport) newClientConn(c net.Conn, singleUse bool) (*http2ClientConn, error) { 7084 cc := &http2ClientConn{ 7085 t: t, 7086 tconn: c, 7087 readerDone: make(chan struct{}), 7088 nextStreamID: 1, 7089 maxFrameSize: 16 << 10, // spec default 7090 initialWindowSize: 65535, // spec default 7091 maxConcurrentStreams: 1000, // "infinite", per spec. 1000 seems good enough. 7092 peerMaxHeaderListSize: 0xffffffffffffffff, // "infinite", per spec. Use 2^64-1 instead. 7093 streams: make(map[uint32]*http2clientStream), 7094 singleUse: singleUse, 7095 wantSettingsAck: true, 7096 pings: make(map[[8]byte]chan struct{}), 7097 } 7098 if d := t.idleConnTimeout(); d != 0 { 7099 cc.idleTimeout = d 7100 cc.idleTimer = time.AfterFunc(d, cc.onIdleTimeout) 7101 } 7102 if http2VerboseLogs { 7103 t.vlogf("http2: Transport creating client conn %p to %v", cc, c.RemoteAddr()) 7104 } 7105 7106 cc.cond = sync.NewCond(&cc.mu) 7107 cc.flow.add(int32(http2initialWindowSize)) 7108 7109 // TODO: adjust this writer size to account for frame size + 7110 // MTU + crypto/tls record padding. 7111 cc.bw = bufio.NewWriter(http2stickyErrWriter{c, &cc.werr}) 7112 cc.br = bufio.NewReader(c) 7113 cc.fr = http2NewFramer(cc.bw, cc.br) 7114 cc.fr.ReadMetaHeaders = hpack.NewDecoder(http2initialHeaderTableSize, nil) 7115 cc.fr.MaxHeaderListSize = t.maxHeaderListSize() 7116 7117 // TODO: SetMaxDynamicTableSize, SetMaxDynamicTableSizeLimit on 7118 // henc in response to SETTINGS frames? 7119 cc.henc = hpack.NewEncoder(&cc.hbuf) 7120 7121 if cs, ok := c.(http2connectionStater); ok { 7122 state := cs.ConnectionState() 7123 cc.tlsState = &state 7124 } 7125 7126 initialSettings := []http2Setting{ 7127 {ID: http2SettingEnablePush, Val: 0}, 7128 {ID: http2SettingInitialWindowSize, Val: http2transportDefaultStreamFlow}, 7129 } 7130 if max := t.maxHeaderListSize(); max != 0 { 7131 initialSettings = append(initialSettings, http2Setting{ID: http2SettingMaxHeaderListSize, Val: max}) 7132 } 7133 7134 cc.bw.Write(http2clientPreface) 7135 cc.fr.WriteSettings(initialSettings...) 7136 cc.fr.WriteWindowUpdate(0, http2transportDefaultConnFlow) 7137 cc.inflow.add(http2transportDefaultConnFlow + http2initialWindowSize) 7138 cc.bw.Flush() 7139 if cc.werr != nil { 7140 return nil, cc.werr 7141 } 7142 7143 go cc.readLoop() 7144 return cc, nil 7145 } 7146 7147 func (cc *http2ClientConn) setGoAway(f *http2GoAwayFrame) { 7148 cc.mu.Lock() 7149 defer cc.mu.Unlock() 7150 7151 old := cc.goAway 7152 cc.goAway = f 7153 7154 // Merge the previous and current GoAway error frames. 7155 if cc.goAwayDebug == "" { 7156 cc.goAwayDebug = string(f.DebugData()) 7157 } 7158 if old != nil && old.ErrCode != http2ErrCodeNo { 7159 cc.goAway.ErrCode = old.ErrCode 7160 } 7161 last := f.LastStreamID 7162 for streamID, cs := range cc.streams { 7163 if streamID > last { 7164 select { 7165 case cs.resc <- http2resAndError{err: http2errClientConnGotGoAway}: 7166 default: 7167 } 7168 } 7169 } 7170 } 7171 7172 // CanTakeNewRequest reports whether the connection can take a new request, 7173 // meaning it has not been closed or received or sent a GOAWAY. 7174 func (cc *http2ClientConn) CanTakeNewRequest() bool { 7175 cc.mu.Lock() 7176 defer cc.mu.Unlock() 7177 return cc.canTakeNewRequestLocked() 7178 } 7179 7180 func (cc *http2ClientConn) canTakeNewRequestLocked() bool { 7181 if cc.singleUse && cc.nextStreamID > 1 { 7182 return false 7183 } 7184 return cc.goAway == nil && !cc.closed && 7185 int64(cc.nextStreamID)+int64(cc.pendingRequests) < math.MaxInt32 7186 } 7187 7188 // onIdleTimeout is called from a time.AfterFunc goroutine. It will 7189 // only be called when we're idle, but because we're coming from a new 7190 // goroutine, there could be a new request coming in at the same time, 7191 // so this simply calls the synchronized closeIfIdle to shut down this 7192 // connection. The timer could just call closeIfIdle, but this is more 7193 // clear. 7194 func (cc *http2ClientConn) onIdleTimeout() { 7195 cc.closeIfIdle() 7196 } 7197 7198 func (cc *http2ClientConn) closeIfIdle() { 7199 cc.mu.Lock() 7200 if len(cc.streams) > 0 { 7201 cc.mu.Unlock() 7202 return 7203 } 7204 cc.closed = true 7205 nextID := cc.nextStreamID 7206 // TODO: do clients send GOAWAY too? maybe? Just Close: 7207 cc.mu.Unlock() 7208 7209 if http2VerboseLogs { 7210 cc.vlogf("http2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)", cc, cc.singleUse, nextID-2) 7211 } 7212 cc.tconn.Close() 7213 } 7214 7215 const http2maxAllocFrameSize = 512 << 10 7216 7217 // frameBuffer returns a scratch buffer suitable for writing DATA frames. 7218 // They're capped at the min of the peer's max frame size or 512KB 7219 // (kinda arbitrarily), but definitely capped so we don't allocate 4GB 7220 // bufers. 7221 func (cc *http2ClientConn) frameScratchBuffer() []byte { 7222 cc.mu.Lock() 7223 size := cc.maxFrameSize 7224 if size > http2maxAllocFrameSize { 7225 size = http2maxAllocFrameSize 7226 } 7227 for i, buf := range cc.freeBuf { 7228 if len(buf) >= int(size) { 7229 cc.freeBuf[i] = nil 7230 cc.mu.Unlock() 7231 return buf[:size] 7232 } 7233 } 7234 cc.mu.Unlock() 7235 return make([]byte, size) 7236 } 7237 7238 func (cc *http2ClientConn) putFrameScratchBuffer(buf []byte) { 7239 cc.mu.Lock() 7240 defer cc.mu.Unlock() 7241 const maxBufs = 4 // arbitrary; 4 concurrent requests per conn? investigate. 7242 if len(cc.freeBuf) < maxBufs { 7243 cc.freeBuf = append(cc.freeBuf, buf) 7244 return 7245 } 7246 for i, old := range cc.freeBuf { 7247 if old == nil { 7248 cc.freeBuf[i] = buf 7249 return 7250 } 7251 } 7252 // forget about it. 7253 } 7254 7255 // errRequestCanceled is a copy of net/http's errRequestCanceled because it's not 7256 // exported. At least they'll be DeepEqual for h1-vs-h2 comparisons tests. 7257 var http2errRequestCanceled = errors.New("net/http: request canceled") 7258 7259 func http2commaSeparatedTrailers(req *Request) (string, error) { 7260 keys := make([]string, 0, len(req.Trailer)) 7261 for k := range req.Trailer { 7262 k = CanonicalHeaderKey(k) 7263 switch k { 7264 case "Transfer-Encoding", "Trailer", "Content-Length": 7265 return "", &http2badStringError{"invalid Trailer key", k} 7266 } 7267 keys = append(keys, k) 7268 } 7269 if len(keys) > 0 { 7270 sort.Strings(keys) 7271 return strings.Join(keys, ","), nil 7272 } 7273 return "", nil 7274 } 7275 7276 func (cc *http2ClientConn) responseHeaderTimeout() time.Duration { 7277 if cc.t.t1 != nil { 7278 return cc.t.t1.ResponseHeaderTimeout 7279 } 7280 // No way to do this (yet?) with just an http2.Transport. Probably 7281 // no need. Request.Cancel this is the new way. We only need to support 7282 // this for compatibility with the old http.Transport fields when 7283 // we're doing transparent http2. 7284 return 0 7285 } 7286 7287 // checkConnHeaders checks whether req has any invalid connection-level headers. 7288 // per RFC 7540 section 8.1.2.2: Connection-Specific Header Fields. 7289 // Certain headers are special-cased as okay but not transmitted later. 7290 func http2checkConnHeaders(req *Request) error { 7291 if v := req.Header.Get("Upgrade"); v != "" { 7292 return fmt.Errorf("http2: invalid Upgrade request header: %q", req.Header["Upgrade"]) 7293 } 7294 if vv := req.Header["Transfer-Encoding"]; len(vv) > 0 && (len(vv) > 1 || vv[0] != "" && vv[0] != "chunked") { 7295 return fmt.Errorf("http2: invalid Transfer-Encoding request header: %q", vv) 7296 } 7297 if vv := req.Header["Connection"]; len(vv) > 0 && (len(vv) > 1 || vv[0] != "" && vv[0] != "close" && vv[0] != "keep-alive") { 7298 return fmt.Errorf("http2: invalid Connection request header: %q", vv) 7299 } 7300 return nil 7301 } 7302 7303 // actualContentLength returns a sanitized version of 7304 // req.ContentLength, where 0 actually means zero (not unknown) and -1 7305 // means unknown. 7306 func http2actualContentLength(req *Request) int64 { 7307 if req.Body == nil || http2reqBodyIsNoBody(req.Body) { 7308 return 0 7309 } 7310 if req.ContentLength != 0 { 7311 return req.ContentLength 7312 } 7313 return -1 7314 } 7315 7316 func (cc *http2ClientConn) RoundTrip(req *Request) (*Response, error) { 7317 resp, _, err := cc.roundTrip(req) 7318 return resp, err 7319 } 7320 7321 func (cc *http2ClientConn) roundTrip(req *Request) (res *Response, gotErrAfterReqBodyWrite bool, err error) { 7322 if err := http2checkConnHeaders(req); err != nil { 7323 return nil, false, err 7324 } 7325 if cc.idleTimer != nil { 7326 cc.idleTimer.Stop() 7327 } 7328 7329 trailers, err := http2commaSeparatedTrailers(req) 7330 if err != nil { 7331 return nil, false, err 7332 } 7333 hasTrailers := trailers != "" 7334 7335 cc.mu.Lock() 7336 if err := cc.awaitOpenSlotForRequest(req); err != nil { 7337 cc.mu.Unlock() 7338 return nil, false, err 7339 } 7340 7341 body := req.Body 7342 contentLen := http2actualContentLength(req) 7343 hasBody := contentLen != 0 7344 7345 // TODO(bradfitz): this is a copy of the logic in net/http. Unify somewhere? 7346 var requestedGzip bool 7347 if !cc.t.disableCompression() && 7348 req.Header.Get("Accept-Encoding") == "" && 7349 req.Header.Get("Range") == "" && 7350 req.Method != "HEAD" { 7351 // Request gzip only, not deflate. Deflate is ambiguous and 7352 // not as universally supported anyway. 7353 // See: http://www.gzip.org/zlib/zlib_faq.html#faq38 7354 // 7355 // Note that we don't request this for HEAD requests, 7356 // due to a bug in nginx: 7357 // http://trac.nginx.org/nginx/ticket/358 7358 // https://golang.org/issue/5522 7359 // 7360 // We don't request gzip if the request is for a range, since 7361 // auto-decoding a portion of a gzipped document will just fail 7362 // anyway. See https://golang.org/issue/8923 7363 requestedGzip = true 7364 } 7365 7366 // we send: HEADERS{1}, CONTINUATION{0,} + DATA{0,} (DATA is 7367 // sent by writeRequestBody below, along with any Trailers, 7368 // again in form HEADERS{1}, CONTINUATION{0,}) 7369 hdrs, err := cc.encodeHeaders(req, requestedGzip, trailers, contentLen) 7370 if err != nil { 7371 cc.mu.Unlock() 7372 return nil, false, err 7373 } 7374 7375 cs := cc.newStream() 7376 cs.req = req 7377 cs.trace = http2requestTrace(req) 7378 cs.requestedGzip = requestedGzip 7379 bodyWriter := cc.t.getBodyWriterState(cs, body) 7380 cs.on100 = bodyWriter.on100 7381 7382 cc.wmu.Lock() 7383 endStream := !hasBody && !hasTrailers 7384 werr := cc.writeHeaders(cs.ID, endStream, int(cc.maxFrameSize), hdrs) 7385 cc.wmu.Unlock() 7386 http2traceWroteHeaders(cs.trace) 7387 cc.mu.Unlock() 7388 7389 if werr != nil { 7390 if hasBody { 7391 req.Body.Close() // per RoundTripper contract 7392 bodyWriter.cancel() 7393 } 7394 cc.forgetStreamID(cs.ID) 7395 // Don't bother sending a RST_STREAM (our write already failed; 7396 // no need to keep writing) 7397 http2traceWroteRequest(cs.trace, werr) 7398 return nil, false, werr 7399 } 7400 7401 var respHeaderTimer <-chan time.Time 7402 if hasBody { 7403 bodyWriter.scheduleBodyWrite() 7404 } else { 7405 http2traceWroteRequest(cs.trace, nil) 7406 if d := cc.responseHeaderTimeout(); d != 0 { 7407 timer := time.NewTimer(d) 7408 defer timer.Stop() 7409 respHeaderTimer = timer.C 7410 } 7411 } 7412 7413 readLoopResCh := cs.resc 7414 bodyWritten := false 7415 ctx := http2reqContext(req) 7416 7417 handleReadLoopResponse := func(re http2resAndError) (*Response, bool, error) { 7418 res := re.res 7419 if re.err != nil || res.StatusCode > 299 { 7420 // On error or status code 3xx, 4xx, 5xx, etc abort any 7421 // ongoing write, assuming that the server doesn't care 7422 // about our request body. If the server replied with 1xx or 7423 // 2xx, however, then assume the server DOES potentially 7424 // want our body (e.g. full-duplex streaming: 7425 // golang.org/issue/13444). If it turns out the server 7426 // doesn't, they'll RST_STREAM us soon enough. This is a 7427 // heuristic to avoid adding knobs to Transport. Hopefully 7428 // we can keep it. 7429 bodyWriter.cancel() 7430 cs.abortRequestBodyWrite(http2errStopReqBodyWrite) 7431 } 7432 if re.err != nil { 7433 cc.forgetStreamID(cs.ID) 7434 return nil, cs.getStartedWrite(), re.err 7435 } 7436 res.Request = req 7437 res.TLS = cc.tlsState 7438 return res, false, nil 7439 } 7440 7441 for { 7442 select { 7443 case re := <-readLoopResCh: 7444 return handleReadLoopResponse(re) 7445 case <-respHeaderTimer: 7446 if !hasBody || bodyWritten { 7447 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 7448 } else { 7449 bodyWriter.cancel() 7450 cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel) 7451 } 7452 cc.forgetStreamID(cs.ID) 7453 return nil, cs.getStartedWrite(), http2errTimeout 7454 case <-ctx.Done(): 7455 if !hasBody || bodyWritten { 7456 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 7457 } else { 7458 bodyWriter.cancel() 7459 cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel) 7460 } 7461 cc.forgetStreamID(cs.ID) 7462 return nil, cs.getStartedWrite(), ctx.Err() 7463 case <-req.Cancel: 7464 if !hasBody || bodyWritten { 7465 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 7466 } else { 7467 bodyWriter.cancel() 7468 cs.abortRequestBodyWrite(http2errStopReqBodyWriteAndCancel) 7469 } 7470 cc.forgetStreamID(cs.ID) 7471 return nil, cs.getStartedWrite(), http2errRequestCanceled 7472 case <-cs.peerReset: 7473 // processResetStream already removed the 7474 // stream from the streams map; no need for 7475 // forgetStreamID. 7476 return nil, cs.getStartedWrite(), cs.resetErr 7477 case err := <-bodyWriter.resc: 7478 // Prefer the read loop's response, if available. Issue 16102. 7479 select { 7480 case re := <-readLoopResCh: 7481 return handleReadLoopResponse(re) 7482 default: 7483 } 7484 if err != nil { 7485 return nil, cs.getStartedWrite(), err 7486 } 7487 bodyWritten = true 7488 if d := cc.responseHeaderTimeout(); d != 0 { 7489 timer := time.NewTimer(d) 7490 defer timer.Stop() 7491 respHeaderTimer = timer.C 7492 } 7493 } 7494 } 7495 } 7496 7497 // awaitOpenSlotForRequest waits until len(streams) < maxConcurrentStreams. 7498 // Must hold cc.mu. 7499 func (cc *http2ClientConn) awaitOpenSlotForRequest(req *Request) error { 7500 var waitingForConn chan struct{} 7501 var waitingForConnErr error // guarded by cc.mu 7502 for { 7503 cc.lastActive = time.Now() 7504 if cc.closed || !cc.canTakeNewRequestLocked() { 7505 return http2errClientConnUnusable 7506 } 7507 if int64(len(cc.streams))+1 <= int64(cc.maxConcurrentStreams) { 7508 if waitingForConn != nil { 7509 close(waitingForConn) 7510 } 7511 return nil 7512 } 7513 // Unfortunately, we cannot wait on a condition variable and channel at 7514 // the same time, so instead, we spin up a goroutine to check if the 7515 // request is canceled while we wait for a slot to open in the connection. 7516 if waitingForConn == nil { 7517 waitingForConn = make(chan struct{}) 7518 go func() { 7519 if err := http2awaitRequestCancel(req, waitingForConn); err != nil { 7520 cc.mu.Lock() 7521 waitingForConnErr = err 7522 cc.cond.Broadcast() 7523 cc.mu.Unlock() 7524 } 7525 }() 7526 } 7527 cc.pendingRequests++ 7528 cc.cond.Wait() 7529 cc.pendingRequests-- 7530 if waitingForConnErr != nil { 7531 return waitingForConnErr 7532 } 7533 } 7534 } 7535 7536 // requires cc.wmu be held 7537 func (cc *http2ClientConn) writeHeaders(streamID uint32, endStream bool, maxFrameSize int, hdrs []byte) error { 7538 first := true // first frame written (HEADERS is first, then CONTINUATION) 7539 for len(hdrs) > 0 && cc.werr == nil { 7540 chunk := hdrs 7541 if len(chunk) > maxFrameSize { 7542 chunk = chunk[:maxFrameSize] 7543 } 7544 hdrs = hdrs[len(chunk):] 7545 endHeaders := len(hdrs) == 0 7546 if first { 7547 cc.fr.WriteHeaders(http2HeadersFrameParam{ 7548 StreamID: streamID, 7549 BlockFragment: chunk, 7550 EndStream: endStream, 7551 EndHeaders: endHeaders, 7552 }) 7553 first = false 7554 } else { 7555 cc.fr.WriteContinuation(streamID, endHeaders, chunk) 7556 } 7557 } 7558 // TODO(bradfitz): this Flush could potentially block (as 7559 // could the WriteHeaders call(s) above), which means they 7560 // wouldn't respond to Request.Cancel being readable. That's 7561 // rare, but this should probably be in a goroutine. 7562 cc.bw.Flush() 7563 return cc.werr 7564 } 7565 7566 // internal error values; they don't escape to callers 7567 var ( 7568 // abort request body write; don't send cancel 7569 http2errStopReqBodyWrite = errors.New("http2: aborting request body write") 7570 7571 // abort request body write, but send stream reset of cancel. 7572 http2errStopReqBodyWriteAndCancel = errors.New("http2: canceling request") 7573 ) 7574 7575 func (cs *http2clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) (err error) { 7576 cc := cs.cc 7577 sentEnd := false // whether we sent the final DATA frame w/ END_STREAM 7578 buf := cc.frameScratchBuffer() 7579 defer cc.putFrameScratchBuffer(buf) 7580 7581 defer func() { 7582 http2traceWroteRequest(cs.trace, err) 7583 // TODO: write h12Compare test showing whether 7584 // Request.Body is closed by the Transport, 7585 // and in multiple cases: server replies <=299 and >299 7586 // while still writing request body 7587 cerr := bodyCloser.Close() 7588 if err == nil { 7589 err = cerr 7590 } 7591 }() 7592 7593 req := cs.req 7594 hasTrailers := req.Trailer != nil 7595 7596 var sawEOF bool 7597 for !sawEOF { 7598 n, err := body.Read(buf) 7599 if err == io.EOF { 7600 sawEOF = true 7601 err = nil 7602 } else if err != nil { 7603 return err 7604 } 7605 7606 remain := buf[:n] 7607 for len(remain) > 0 && err == nil { 7608 var allowed int32 7609 allowed, err = cs.awaitFlowControl(len(remain)) 7610 switch { 7611 case err == http2errStopReqBodyWrite: 7612 return err 7613 case err == http2errStopReqBodyWriteAndCancel: 7614 cc.writeStreamReset(cs.ID, http2ErrCodeCancel, nil) 7615 return err 7616 case err != nil: 7617 return err 7618 } 7619 cc.wmu.Lock() 7620 data := remain[:allowed] 7621 remain = remain[allowed:] 7622 sentEnd = sawEOF && len(remain) == 0 && !hasTrailers 7623 err = cc.fr.WriteData(cs.ID, sentEnd, data) 7624 if err == nil { 7625 // TODO(bradfitz): this flush is for latency, not bandwidth. 7626 // Most requests won't need this. Make this opt-in or 7627 // opt-out? Use some heuristic on the body type? Nagel-like 7628 // timers? Based on 'n'? Only last chunk of this for loop, 7629 // unless flow control tokens are low? For now, always. 7630 // If we change this, see comment below. 7631 err = cc.bw.Flush() 7632 } 7633 cc.wmu.Unlock() 7634 } 7635 if err != nil { 7636 return err 7637 } 7638 } 7639 7640 if sentEnd { 7641 // Already sent END_STREAM (which implies we have no 7642 // trailers) and flushed, because currently all 7643 // WriteData frames above get a flush. So we're done. 7644 return nil 7645 } 7646 7647 var trls []byte 7648 if hasTrailers { 7649 cc.mu.Lock() 7650 trls, err = cc.encodeTrailers(req) 7651 cc.mu.Unlock() 7652 if err != nil { 7653 cc.writeStreamReset(cs.ID, http2ErrCodeInternal, err) 7654 cc.forgetStreamID(cs.ID) 7655 return err 7656 } 7657 } 7658 7659 cc.mu.Lock() 7660 maxFrameSize := int(cc.maxFrameSize) 7661 cc.mu.Unlock() 7662 7663 cc.wmu.Lock() 7664 defer cc.wmu.Unlock() 7665 7666 // Two ways to send END_STREAM: either with trailers, or 7667 // with an empty DATA frame. 7668 if len(trls) > 0 { 7669 err = cc.writeHeaders(cs.ID, true, maxFrameSize, trls) 7670 } else { 7671 err = cc.fr.WriteData(cs.ID, true, nil) 7672 } 7673 if ferr := cc.bw.Flush(); ferr != nil && err == nil { 7674 err = ferr 7675 } 7676 return err 7677 } 7678 7679 // awaitFlowControl waits for [1, min(maxBytes, cc.cs.maxFrameSize)] flow 7680 // control tokens from the server. 7681 // It returns either the non-zero number of tokens taken or an error 7682 // if the stream is dead. 7683 func (cs *http2clientStream) awaitFlowControl(maxBytes int) (taken int32, err error) { 7684 cc := cs.cc 7685 cc.mu.Lock() 7686 defer cc.mu.Unlock() 7687 for { 7688 if cc.closed { 7689 return 0, http2errClientConnClosed 7690 } 7691 if cs.stopReqBody != nil { 7692 return 0, cs.stopReqBody 7693 } 7694 if err := cs.checkResetOrDone(); err != nil { 7695 return 0, err 7696 } 7697 if a := cs.flow.available(); a > 0 { 7698 take := a 7699 if int(take) > maxBytes { 7700 7701 take = int32(maxBytes) // can't truncate int; take is int32 7702 } 7703 if take > int32(cc.maxFrameSize) { 7704 take = int32(cc.maxFrameSize) 7705 } 7706 cs.flow.take(take) 7707 return take, nil 7708 } 7709 cc.cond.Wait() 7710 } 7711 } 7712 7713 type http2badStringError struct { 7714 what string 7715 str string 7716 } 7717 7718 func (e *http2badStringError) Error() string { return fmt.Sprintf("%s %q", e.what, e.str) } 7719 7720 // requires cc.mu be held. 7721 func (cc *http2ClientConn) encodeHeaders(req *Request, addGzipHeader bool, trailers string, contentLength int64) ([]byte, error) { 7722 cc.hbuf.Reset() 7723 7724 host := req.Host 7725 if host == "" { 7726 host = req.URL.Host 7727 } 7728 host, err := httplex.PunycodeHostPort(host) 7729 if err != nil { 7730 return nil, err 7731 } 7732 7733 var path string 7734 if req.Method != "CONNECT" { 7735 path = req.URL.RequestURI() 7736 if !http2validPseudoPath(path) { 7737 orig := path 7738 path = strings.TrimPrefix(path, req.URL.Scheme+"://"+host) 7739 if !http2validPseudoPath(path) { 7740 if req.URL.Opaque != "" { 7741 return nil, fmt.Errorf("invalid request :path %q from URL.Opaque = %q", orig, req.URL.Opaque) 7742 } else { 7743 return nil, fmt.Errorf("invalid request :path %q", orig) 7744 } 7745 } 7746 } 7747 } 7748 7749 // Check for any invalid headers and return an error before we 7750 // potentially pollute our hpack state. (We want to be able to 7751 // continue to reuse the hpack encoder for future requests) 7752 for k, vv := range req.Header { 7753 if !httplex.ValidHeaderFieldName(k) { 7754 return nil, fmt.Errorf("invalid HTTP header name %q", k) 7755 } 7756 for _, v := range vv { 7757 if !httplex.ValidHeaderFieldValue(v) { 7758 return nil, fmt.Errorf("invalid HTTP header value %q for header %q", v, k) 7759 } 7760 } 7761 } 7762 7763 enumerateHeaders := func(f func(name, value string)) { 7764 // 8.1.2.3 Request Pseudo-Header Fields 7765 // The :path pseudo-header field includes the path and query parts of the 7766 // target URI (the path-absolute production and optionally a '?' character 7767 // followed by the query production (see Sections 3.3 and 3.4 of 7768 // [RFC3986]). 7769 f(":authority", host) 7770 f(":method", req.Method) 7771 if req.Method != "CONNECT" { 7772 f(":path", path) 7773 f(":scheme", req.URL.Scheme) 7774 } 7775 if trailers != "" { 7776 f("trailer", trailers) 7777 } 7778 7779 var didUA bool 7780 for k, vv := range req.Header { 7781 if strings.EqualFold(k, "host") || strings.EqualFold(k, "content-length") { 7782 // Host is :authority, already sent. 7783 // Content-Length is automatic, set below. 7784 continue 7785 } else if strings.EqualFold(k, "connection") || strings.EqualFold(k, "proxy-connection") || 7786 strings.EqualFold(k, "transfer-encoding") || strings.EqualFold(k, "upgrade") || 7787 strings.EqualFold(k, "keep-alive") { 7788 // Per 8.1.2.2 Connection-Specific Header 7789 // Fields, don't send connection-specific 7790 // fields. We have already checked if any 7791 // are error-worthy so just ignore the rest. 7792 continue 7793 } else if strings.EqualFold(k, "user-agent") { 7794 // Match Go's http1 behavior: at most one 7795 // User-Agent. If set to nil or empty string, 7796 // then omit it. Otherwise if not mentioned, 7797 // include the default (below). 7798 didUA = true 7799 if len(vv) < 1 { 7800 continue 7801 } 7802 vv = vv[:1] 7803 if vv[0] == "" { 7804 continue 7805 } 7806 7807 } 7808 7809 for _, v := range vv { 7810 f(k, v) 7811 } 7812 } 7813 if http2shouldSendReqContentLength(req.Method, contentLength) { 7814 f("content-length", strconv.FormatInt(contentLength, 10)) 7815 } 7816 if addGzipHeader { 7817 f("accept-encoding", "gzip") 7818 } 7819 if !didUA { 7820 f("user-agent", http2defaultUserAgent) 7821 } 7822 } 7823 7824 // Do a first pass over the headers counting bytes to ensure 7825 // we don't exceed cc.peerMaxHeaderListSize. This is done as a 7826 // separate pass before encoding the headers to prevent 7827 // modifying the hpack state. 7828 hlSize := uint64(0) 7829 enumerateHeaders(func(name, value string) { 7830 hf := hpack.HeaderField{Name: name, Value: value} 7831 hlSize += uint64(hf.Size()) 7832 }) 7833 7834 if hlSize > cc.peerMaxHeaderListSize { 7835 return nil, http2errRequestHeaderListSize 7836 } 7837 7838 // Header list size is ok. Write the headers. 7839 enumerateHeaders(func(name, value string) { 7840 cc.writeHeader(strings.ToLower(name), value) 7841 }) 7842 7843 return cc.hbuf.Bytes(), nil 7844 } 7845 7846 // shouldSendReqContentLength reports whether the http2.Transport should send 7847 // a "content-length" request header. This logic is basically a copy of the net/http 7848 // transferWriter.shouldSendContentLength. 7849 // The contentLength is the corrected contentLength (so 0 means actually 0, not unknown). 7850 // -1 means unknown. 7851 func http2shouldSendReqContentLength(method string, contentLength int64) bool { 7852 if contentLength > 0 { 7853 return true 7854 } 7855 if contentLength < 0 { 7856 return false 7857 } 7858 // For zero bodies, whether we send a content-length depends on the method. 7859 // It also kinda doesn't matter for http2 either way, with END_STREAM. 7860 switch method { 7861 case "POST", "PUT", "PATCH": 7862 return true 7863 default: 7864 return false 7865 } 7866 } 7867 7868 // requires cc.mu be held. 7869 func (cc *http2ClientConn) encodeTrailers(req *Request) ([]byte, error) { 7870 cc.hbuf.Reset() 7871 7872 hlSize := uint64(0) 7873 for k, vv := range req.Trailer { 7874 for _, v := range vv { 7875 hf := hpack.HeaderField{Name: k, Value: v} 7876 hlSize += uint64(hf.Size()) 7877 } 7878 } 7879 if hlSize > cc.peerMaxHeaderListSize { 7880 return nil, http2errRequestHeaderListSize 7881 } 7882 7883 for k, vv := range req.Trailer { 7884 // Transfer-Encoding, etc.. have already been filtered at the 7885 // start of RoundTrip 7886 lowKey := strings.ToLower(k) 7887 for _, v := range vv { 7888 cc.writeHeader(lowKey, v) 7889 } 7890 } 7891 return cc.hbuf.Bytes(), nil 7892 } 7893 7894 func (cc *http2ClientConn) writeHeader(name, value string) { 7895 if http2VerboseLogs { 7896 log.Printf("http2: Transport encoding header %q = %q", name, value) 7897 } 7898 cc.henc.WriteField(hpack.HeaderField{Name: name, Value: value}) 7899 } 7900 7901 type http2resAndError struct { 7902 res *Response 7903 err error 7904 } 7905 7906 // requires cc.mu be held. 7907 func (cc *http2ClientConn) newStream() *http2clientStream { 7908 cs := &http2clientStream{ 7909 cc: cc, 7910 ID: cc.nextStreamID, 7911 resc: make(chan http2resAndError, 1), 7912 peerReset: make(chan struct{}), 7913 done: make(chan struct{}), 7914 } 7915 cs.flow.add(int32(cc.initialWindowSize)) 7916 cs.flow.setConnFlow(&cc.flow) 7917 cs.inflow.add(http2transportDefaultStreamFlow) 7918 cs.inflow.setConnFlow(&cc.inflow) 7919 cc.nextStreamID += 2 7920 cc.streams[cs.ID] = cs 7921 return cs 7922 } 7923 7924 func (cc *http2ClientConn) forgetStreamID(id uint32) { 7925 cc.streamByID(id, true) 7926 } 7927 7928 func (cc *http2ClientConn) streamByID(id uint32, andRemove bool) *http2clientStream { 7929 cc.mu.Lock() 7930 defer cc.mu.Unlock() 7931 cs := cc.streams[id] 7932 if andRemove && cs != nil && !cc.closed { 7933 cc.lastActive = time.Now() 7934 delete(cc.streams, id) 7935 if len(cc.streams) == 0 && cc.idleTimer != nil { 7936 cc.idleTimer.Reset(cc.idleTimeout) 7937 } 7938 close(cs.done) 7939 // Wake up checkResetOrDone via clientStream.awaitFlowControl and 7940 // wake up RoundTrip if there is a pending request. 7941 cc.cond.Broadcast() 7942 } 7943 return cs 7944 } 7945 7946 // clientConnReadLoop is the state owned by the clientConn's frame-reading readLoop. 7947 type http2clientConnReadLoop struct { 7948 cc *http2ClientConn 7949 closeWhenIdle bool 7950 } 7951 7952 // readLoop runs in its own goroutine and reads and dispatches frames. 7953 func (cc *http2ClientConn) readLoop() { 7954 rl := &http2clientConnReadLoop{cc: cc} 7955 defer rl.cleanup() 7956 cc.readerErr = rl.run() 7957 if ce, ok := cc.readerErr.(http2ConnectionError); ok { 7958 cc.wmu.Lock() 7959 cc.fr.WriteGoAway(0, http2ErrCode(ce), nil) 7960 cc.wmu.Unlock() 7961 } 7962 } 7963 7964 // GoAwayError is returned by the Transport when the server closes the 7965 // TCP connection after sending a GOAWAY frame. 7966 type http2GoAwayError struct { 7967 LastStreamID uint32 7968 ErrCode http2ErrCode 7969 DebugData string 7970 } 7971 7972 func (e http2GoAwayError) Error() string { 7973 return fmt.Sprintf("http2: server sent GOAWAY and closed the connection; LastStreamID=%v, ErrCode=%v, debug=%q", 7974 e.LastStreamID, e.ErrCode, e.DebugData) 7975 } 7976 7977 func http2isEOFOrNetReadError(err error) bool { 7978 if err == io.EOF { 7979 return true 7980 } 7981 ne, ok := err.(*net.OpError) 7982 return ok && ne.Op == "read" 7983 } 7984 7985 func (rl *http2clientConnReadLoop) cleanup() { 7986 cc := rl.cc 7987 defer cc.tconn.Close() 7988 defer cc.t.connPool().MarkDead(cc) 7989 defer close(cc.readerDone) 7990 7991 if cc.idleTimer != nil { 7992 cc.idleTimer.Stop() 7993 } 7994 7995 // Close any response bodies if the server closes prematurely. 7996 // TODO: also do this if we've written the headers but not 7997 // gotten a response yet. 7998 err := cc.readerErr 7999 cc.mu.Lock() 8000 if cc.goAway != nil && http2isEOFOrNetReadError(err) { 8001 err = http2GoAwayError{ 8002 LastStreamID: cc.goAway.LastStreamID, 8003 ErrCode: cc.goAway.ErrCode, 8004 DebugData: cc.goAwayDebug, 8005 } 8006 } else if err == io.EOF { 8007 err = io.ErrUnexpectedEOF 8008 } 8009 for _, cs := range cc.streams { 8010 cs.bufPipe.CloseWithError(err) // no-op if already closed 8011 select { 8012 case cs.resc <- http2resAndError{err: err}: 8013 default: 8014 } 8015 close(cs.done) 8016 } 8017 cc.closed = true 8018 cc.cond.Broadcast() 8019 cc.mu.Unlock() 8020 } 8021 8022 func (rl *http2clientConnReadLoop) run() error { 8023 cc := rl.cc 8024 rl.closeWhenIdle = cc.t.disableKeepAlives() || cc.singleUse 8025 gotReply := false // ever saw a HEADERS reply 8026 gotSettings := false 8027 for { 8028 f, err := cc.fr.ReadFrame() 8029 if err != nil { 8030 cc.vlogf("http2: Transport readFrame error on conn %p: (%T) %v", cc, err, err) 8031 } 8032 if se, ok := err.(http2StreamError); ok { 8033 if cs := cc.streamByID(se.StreamID, false); cs != nil { 8034 cs.cc.writeStreamReset(cs.ID, se.Code, err) 8035 cs.cc.forgetStreamID(cs.ID) 8036 if se.Cause == nil { 8037 se.Cause = cc.fr.errDetail 8038 } 8039 rl.endStreamError(cs, se) 8040 } 8041 continue 8042 } else if err != nil { 8043 return err 8044 } 8045 if http2VerboseLogs { 8046 cc.vlogf("http2: Transport received %s", http2summarizeFrame(f)) 8047 } 8048 if !gotSettings { 8049 if _, ok := f.(*http2SettingsFrame); !ok { 8050 cc.logf("protocol error: received %T before a SETTINGS frame", f) 8051 return http2ConnectionError(http2ErrCodeProtocol) 8052 } 8053 gotSettings = true 8054 } 8055 maybeIdle := false // whether frame might transition us to idle 8056 8057 switch f := f.(type) { 8058 case *http2MetaHeadersFrame: 8059 err = rl.processHeaders(f) 8060 maybeIdle = true 8061 gotReply = true 8062 case *http2DataFrame: 8063 err = rl.processData(f) 8064 maybeIdle = true 8065 case *http2GoAwayFrame: 8066 err = rl.processGoAway(f) 8067 maybeIdle = true 8068 case *http2RSTStreamFrame: 8069 err = rl.processResetStream(f) 8070 maybeIdle = true 8071 case *http2SettingsFrame: 8072 err = rl.processSettings(f) 8073 case *http2PushPromiseFrame: 8074 err = rl.processPushPromise(f) 8075 case *http2WindowUpdateFrame: 8076 err = rl.processWindowUpdate(f) 8077 case *http2PingFrame: 8078 err = rl.processPing(f) 8079 default: 8080 cc.logf("Transport: unhandled response frame type %T", f) 8081 } 8082 if err != nil { 8083 if http2VerboseLogs { 8084 cc.vlogf("http2: Transport conn %p received error from processing frame %v: %v", cc, http2summarizeFrame(f), err) 8085 } 8086 return err 8087 } 8088 if rl.closeWhenIdle && gotReply && maybeIdle { 8089 cc.closeIfIdle() 8090 } 8091 } 8092 } 8093 8094 func (rl *http2clientConnReadLoop) processHeaders(f *http2MetaHeadersFrame) error { 8095 cc := rl.cc 8096 cs := cc.streamByID(f.StreamID, false) 8097 if cs == nil { 8098 // We'd get here if we canceled a request while the 8099 // server had its response still in flight. So if this 8100 // was just something we canceled, ignore it. 8101 return nil 8102 } 8103 if f.StreamEnded() { 8104 // Issue 20521: If the stream has ended, streamByID() causes 8105 // clientStream.done to be closed, which causes the request's bodyWriter 8106 // to be closed with an errStreamClosed, which may be received by 8107 // clientConn.RoundTrip before the result of processing these headers. 8108 // Deferring stream closure allows the header processing to occur first. 8109 // clientConn.RoundTrip may still receive the bodyWriter error first, but 8110 // the fix for issue 16102 prioritises any response. 8111 // 8112 // Issue 22413: If there is no request body, we should close the 8113 // stream before writing to cs.resc so that the stream is closed 8114 // immediately once RoundTrip returns. 8115 if cs.req.Body != nil { 8116 defer cc.forgetStreamID(f.StreamID) 8117 } else { 8118 cc.forgetStreamID(f.StreamID) 8119 } 8120 } 8121 if !cs.firstByte { 8122 if cs.trace != nil { 8123 // TODO(bradfitz): move first response byte earlier, 8124 // when we first read the 9 byte header, not waiting 8125 // until all the HEADERS+CONTINUATION frames have been 8126 // merged. This works for now. 8127 http2traceFirstResponseByte(cs.trace) 8128 } 8129 cs.firstByte = true 8130 } 8131 if !cs.pastHeaders { 8132 cs.pastHeaders = true 8133 } else { 8134 return rl.processTrailers(cs, f) 8135 } 8136 8137 res, err := rl.handleResponse(cs, f) 8138 if err != nil { 8139 if _, ok := err.(http2ConnectionError); ok { 8140 return err 8141 } 8142 // Any other error type is a stream error. 8143 cs.cc.writeStreamReset(f.StreamID, http2ErrCodeProtocol, err) 8144 cc.forgetStreamID(cs.ID) 8145 cs.resc <- http2resAndError{err: err} 8146 return nil // return nil from process* funcs to keep conn alive 8147 } 8148 if res == nil { 8149 // (nil, nil) special case. See handleResponse docs. 8150 return nil 8151 } 8152 cs.resTrailer = &res.Trailer 8153 cs.resc <- http2resAndError{res: res} 8154 return nil 8155 } 8156 8157 // may return error types nil, or ConnectionError. Any other error value 8158 // is a StreamError of type ErrCodeProtocol. The returned error in that case 8159 // is the detail. 8160 // 8161 // As a special case, handleResponse may return (nil, nil) to skip the 8162 // frame (currently only used for 100 expect continue). This special 8163 // case is going away after Issue 13851 is fixed. 8164 func (rl *http2clientConnReadLoop) handleResponse(cs *http2clientStream, f *http2MetaHeadersFrame) (*Response, error) { 8165 if f.Truncated { 8166 return nil, http2errResponseHeaderListSize 8167 } 8168 8169 status := f.PseudoValue("status") 8170 if status == "" { 8171 return nil, errors.New("malformed response from server: missing status pseudo header") 8172 } 8173 statusCode, err := strconv.Atoi(status) 8174 if err != nil { 8175 return nil, errors.New("malformed response from server: malformed non-numeric status pseudo header") 8176 } 8177 8178 if statusCode == 100 { 8179 http2traceGot100Continue(cs.trace) 8180 if cs.on100 != nil { 8181 cs.on100() // forces any write delay timer to fire 8182 } 8183 cs.pastHeaders = false // do it all again 8184 return nil, nil 8185 } 8186 8187 header := make(Header) 8188 res := &Response{ 8189 Proto: "HTTP/2.0", 8190 ProtoMajor: 2, 8191 Header: header, 8192 StatusCode: statusCode, 8193 Status: status + " " + StatusText(statusCode), 8194 } 8195 for _, hf := range f.RegularFields() { 8196 key := CanonicalHeaderKey(hf.Name) 8197 if key == "Trailer" { 8198 t := res.Trailer 8199 if t == nil { 8200 t = make(Header) 8201 res.Trailer = t 8202 } 8203 http2foreachHeaderElement(hf.Value, func(v string) { 8204 t[CanonicalHeaderKey(v)] = nil 8205 }) 8206 } else { 8207 header[key] = append(header[key], hf.Value) 8208 } 8209 } 8210 8211 streamEnded := f.StreamEnded() 8212 isHead := cs.req.Method == "HEAD" 8213 if !streamEnded || isHead { 8214 res.ContentLength = -1 8215 if clens := res.Header["Content-Length"]; len(clens) == 1 { 8216 if clen64, err := strconv.ParseInt(clens[0], 10, 64); err == nil { 8217 res.ContentLength = clen64 8218 } else { 8219 // TODO: care? unlike http/1, it won't mess up our framing, so it's 8220 // more safe smuggling-wise to ignore. 8221 } 8222 } else if len(clens) > 1 { 8223 // TODO: care? unlike http/1, it won't mess up our framing, so it's 8224 // more safe smuggling-wise to ignore. 8225 } 8226 } 8227 8228 if streamEnded || isHead { 8229 res.Body = http2noBody 8230 return res, nil 8231 } 8232 8233 cs.bufPipe = http2pipe{b: &http2dataBuffer{expected: res.ContentLength}} 8234 cs.bytesRemain = res.ContentLength 8235 res.Body = http2transportResponseBody{cs} 8236 go cs.awaitRequestCancel(cs.req) 8237 8238 if cs.requestedGzip && res.Header.Get("Content-Encoding") == "gzip" { 8239 res.Header.Del("Content-Encoding") 8240 res.Header.Del("Content-Length") 8241 res.ContentLength = -1 8242 res.Body = &http2gzipReader{body: res.Body} 8243 http2setResponseUncompressed(res) 8244 } 8245 return res, nil 8246 } 8247 8248 func (rl *http2clientConnReadLoop) processTrailers(cs *http2clientStream, f *http2MetaHeadersFrame) error { 8249 if cs.pastTrailers { 8250 // Too many HEADERS frames for this stream. 8251 return http2ConnectionError(http2ErrCodeProtocol) 8252 } 8253 cs.pastTrailers = true 8254 if !f.StreamEnded() { 8255 // We expect that any headers for trailers also 8256 // has END_STREAM. 8257 return http2ConnectionError(http2ErrCodeProtocol) 8258 } 8259 if len(f.PseudoFields()) > 0 { 8260 // No pseudo header fields are defined for trailers. 8261 // TODO: ConnectionError might be overly harsh? Check. 8262 return http2ConnectionError(http2ErrCodeProtocol) 8263 } 8264 8265 trailer := make(Header) 8266 for _, hf := range f.RegularFields() { 8267 key := CanonicalHeaderKey(hf.Name) 8268 trailer[key] = append(trailer[key], hf.Value) 8269 } 8270 cs.trailer = trailer 8271 8272 rl.endStream(cs) 8273 return nil 8274 } 8275 8276 // transportResponseBody is the concrete type of Transport.RoundTrip's 8277 // Response.Body. It is an io.ReadCloser. On Read, it reads from cs.body. 8278 // On Close it sends RST_STREAM if EOF wasn't already seen. 8279 type http2transportResponseBody struct { 8280 cs *http2clientStream 8281 } 8282 8283 func (b http2transportResponseBody) Read(p []byte) (n int, err error) { 8284 cs := b.cs 8285 cc := cs.cc 8286 8287 if cs.readErr != nil { 8288 return 0, cs.readErr 8289 } 8290 n, err = b.cs.bufPipe.Read(p) 8291 if cs.bytesRemain != -1 { 8292 if int64(n) > cs.bytesRemain { 8293 n = int(cs.bytesRemain) 8294 if err == nil { 8295 err = errors.New("net/http: server replied with more than declared Content-Length; truncated") 8296 cc.writeStreamReset(cs.ID, http2ErrCodeProtocol, err) 8297 } 8298 cs.readErr = err 8299 return int(cs.bytesRemain), err 8300 } 8301 cs.bytesRemain -= int64(n) 8302 if err == io.EOF && cs.bytesRemain > 0 { 8303 err = io.ErrUnexpectedEOF 8304 cs.readErr = err 8305 return n, err 8306 } 8307 } 8308 if n == 0 { 8309 // No flow control tokens to send back. 8310 return 8311 } 8312 8313 cc.mu.Lock() 8314 defer cc.mu.Unlock() 8315 8316 var connAdd, streamAdd int32 8317 // Check the conn-level first, before the stream-level. 8318 if v := cc.inflow.available(); v < http2transportDefaultConnFlow/2 { 8319 connAdd = http2transportDefaultConnFlow - v 8320 cc.inflow.add(connAdd) 8321 } 8322 if err == nil { // No need to refresh if the stream is over or failed. 8323 // Consider any buffered body data (read from the conn but not 8324 // consumed by the client) when computing flow control for this 8325 // stream. 8326 v := int(cs.inflow.available()) + cs.bufPipe.Len() 8327 if v < http2transportDefaultStreamFlow-http2transportDefaultStreamMinRefresh { 8328 streamAdd = int32(http2transportDefaultStreamFlow - v) 8329 cs.inflow.add(streamAdd) 8330 } 8331 } 8332 if connAdd != 0 || streamAdd != 0 { 8333 cc.wmu.Lock() 8334 defer cc.wmu.Unlock() 8335 if connAdd != 0 { 8336 cc.fr.WriteWindowUpdate(0, http2mustUint31(connAdd)) 8337 } 8338 if streamAdd != 0 { 8339 cc.fr.WriteWindowUpdate(cs.ID, http2mustUint31(streamAdd)) 8340 } 8341 cc.bw.Flush() 8342 } 8343 return 8344 } 8345 8346 var http2errClosedResponseBody = errors.New("http2: response body closed") 8347 8348 func (b http2transportResponseBody) Close() error { 8349 cs := b.cs 8350 cc := cs.cc 8351 8352 serverSentStreamEnd := cs.bufPipe.Err() == io.EOF 8353 unread := cs.bufPipe.Len() 8354 8355 if unread > 0 || !serverSentStreamEnd { 8356 cc.mu.Lock() 8357 cc.wmu.Lock() 8358 if !serverSentStreamEnd { 8359 cc.fr.WriteRSTStream(cs.ID, http2ErrCodeCancel) 8360 cs.didReset = true 8361 } 8362 // Return connection-level flow control. 8363 if unread > 0 { 8364 cc.inflow.add(int32(unread)) 8365 cc.fr.WriteWindowUpdate(0, uint32(unread)) 8366 } 8367 cc.bw.Flush() 8368 cc.wmu.Unlock() 8369 cc.mu.Unlock() 8370 } 8371 8372 cs.bufPipe.BreakWithError(http2errClosedResponseBody) 8373 cc.forgetStreamID(cs.ID) 8374 return nil 8375 } 8376 8377 func (rl *http2clientConnReadLoop) processData(f *http2DataFrame) error { 8378 cc := rl.cc 8379 cs := cc.streamByID(f.StreamID, f.StreamEnded()) 8380 data := f.Data() 8381 if cs == nil { 8382 cc.mu.Lock() 8383 neverSent := cc.nextStreamID 8384 cc.mu.Unlock() 8385 if f.StreamID >= neverSent { 8386 // We never asked for this. 8387 cc.logf("http2: Transport received unsolicited DATA frame; closing connection") 8388 return http2ConnectionError(http2ErrCodeProtocol) 8389 } 8390 // We probably did ask for this, but canceled. Just ignore it. 8391 // TODO: be stricter here? only silently ignore things which 8392 // we canceled, but not things which were closed normally 8393 // by the peer? Tough without accumulating too much state. 8394 8395 // But at least return their flow control: 8396 if f.Length > 0 { 8397 cc.mu.Lock() 8398 cc.inflow.add(int32(f.Length)) 8399 cc.mu.Unlock() 8400 8401 cc.wmu.Lock() 8402 cc.fr.WriteWindowUpdate(0, uint32(f.Length)) 8403 cc.bw.Flush() 8404 cc.wmu.Unlock() 8405 } 8406 return nil 8407 } 8408 if !cs.firstByte { 8409 cc.logf("protocol error: received DATA before a HEADERS frame") 8410 rl.endStreamError(cs, http2StreamError{ 8411 StreamID: f.StreamID, 8412 Code: http2ErrCodeProtocol, 8413 }) 8414 return nil 8415 } 8416 if f.Length > 0 { 8417 if cs.req.Method == "HEAD" && len(data) > 0 { 8418 cc.logf("protocol error: received DATA on a HEAD request") 8419 rl.endStreamError(cs, http2StreamError{ 8420 StreamID: f.StreamID, 8421 Code: http2ErrCodeProtocol, 8422 }) 8423 return nil 8424 } 8425 // Check connection-level flow control. 8426 cc.mu.Lock() 8427 if cs.inflow.available() >= int32(f.Length) { 8428 cs.inflow.take(int32(f.Length)) 8429 } else { 8430 cc.mu.Unlock() 8431 return http2ConnectionError(http2ErrCodeFlowControl) 8432 } 8433 // Return any padded flow control now, since we won't 8434 // refund it later on body reads. 8435 var refund int 8436 if pad := int(f.Length) - len(data); pad > 0 { 8437 refund += pad 8438 } 8439 // Return len(data) now if the stream is already closed, 8440 // since data will never be read. 8441 didReset := cs.didReset 8442 if didReset { 8443 refund += len(data) 8444 } 8445 if refund > 0 { 8446 cc.inflow.add(int32(refund)) 8447 cc.wmu.Lock() 8448 cc.fr.WriteWindowUpdate(0, uint32(refund)) 8449 if !didReset { 8450 cs.inflow.add(int32(refund)) 8451 cc.fr.WriteWindowUpdate(cs.ID, uint32(refund)) 8452 } 8453 cc.bw.Flush() 8454 cc.wmu.Unlock() 8455 } 8456 cc.mu.Unlock() 8457 8458 if len(data) > 0 && !didReset { 8459 if _, err := cs.bufPipe.Write(data); err != nil { 8460 rl.endStreamError(cs, err) 8461 return err 8462 } 8463 } 8464 } 8465 8466 if f.StreamEnded() { 8467 rl.endStream(cs) 8468 } 8469 return nil 8470 } 8471 8472 var http2errInvalidTrailers = errors.New("http2: invalid trailers") 8473 8474 func (rl *http2clientConnReadLoop) endStream(cs *http2clientStream) { 8475 // TODO: check that any declared content-length matches, like 8476 // server.go's (*stream).endStream method. 8477 rl.endStreamError(cs, nil) 8478 } 8479 8480 func (rl *http2clientConnReadLoop) endStreamError(cs *http2clientStream, err error) { 8481 var code func() 8482 if err == nil { 8483 err = io.EOF 8484 code = cs.copyTrailers 8485 } 8486 if http2isConnectionCloseRequest(cs.req) { 8487 rl.closeWhenIdle = true 8488 } 8489 cs.bufPipe.closeWithErrorAndCode(err, code) 8490 8491 select { 8492 case cs.resc <- http2resAndError{err: err}: 8493 default: 8494 } 8495 } 8496 8497 func (cs *http2clientStream) copyTrailers() { 8498 for k, vv := range cs.trailer { 8499 t := cs.resTrailer 8500 if *t == nil { 8501 *t = make(Header) 8502 } 8503 (*t)[k] = vv 8504 } 8505 } 8506 8507 func (rl *http2clientConnReadLoop) processGoAway(f *http2GoAwayFrame) error { 8508 cc := rl.cc 8509 cc.t.connPool().MarkDead(cc) 8510 if f.ErrCode != 0 { 8511 // TODO: deal with GOAWAY more. particularly the error code 8512 cc.vlogf("transport got GOAWAY with error code = %v", f.ErrCode) 8513 } 8514 cc.setGoAway(f) 8515 return nil 8516 } 8517 8518 func (rl *http2clientConnReadLoop) processSettings(f *http2SettingsFrame) error { 8519 cc := rl.cc 8520 cc.mu.Lock() 8521 defer cc.mu.Unlock() 8522 8523 if f.IsAck() { 8524 if cc.wantSettingsAck { 8525 cc.wantSettingsAck = false 8526 return nil 8527 } 8528 return http2ConnectionError(http2ErrCodeProtocol) 8529 } 8530 8531 err := f.ForeachSetting(func(s http2Setting) error { 8532 switch s.ID { 8533 case http2SettingMaxFrameSize: 8534 cc.maxFrameSize = s.Val 8535 case http2SettingMaxConcurrentStreams: 8536 cc.maxConcurrentStreams = s.Val 8537 case http2SettingMaxHeaderListSize: 8538 cc.peerMaxHeaderListSize = uint64(s.Val) 8539 case http2SettingInitialWindowSize: 8540 // Values above the maximum flow-control 8541 // window size of 2^31-1 MUST be treated as a 8542 // connection error (Section 5.4.1) of type 8543 // FLOW_CONTROL_ERROR. 8544 if s.Val > math.MaxInt32 { 8545 return http2ConnectionError(http2ErrCodeFlowControl) 8546 } 8547 8548 // Adjust flow control of currently-open 8549 // frames by the difference of the old initial 8550 // window size and this one. 8551 delta := int32(s.Val) - int32(cc.initialWindowSize) 8552 for _, cs := range cc.streams { 8553 cs.flow.add(delta) 8554 } 8555 cc.cond.Broadcast() 8556 8557 cc.initialWindowSize = s.Val 8558 default: 8559 // TODO(bradfitz): handle more settings? SETTINGS_HEADER_TABLE_SIZE probably. 8560 cc.vlogf("Unhandled Setting: %v", s) 8561 } 8562 return nil 8563 }) 8564 if err != nil { 8565 return err 8566 } 8567 8568 cc.wmu.Lock() 8569 defer cc.wmu.Unlock() 8570 8571 cc.fr.WriteSettingsAck() 8572 cc.bw.Flush() 8573 return cc.werr 8574 } 8575 8576 func (rl *http2clientConnReadLoop) processWindowUpdate(f *http2WindowUpdateFrame) error { 8577 cc := rl.cc 8578 cs := cc.streamByID(f.StreamID, false) 8579 if f.StreamID != 0 && cs == nil { 8580 return nil 8581 } 8582 8583 cc.mu.Lock() 8584 defer cc.mu.Unlock() 8585 8586 fl := &cc.flow 8587 if cs != nil { 8588 fl = &cs.flow 8589 } 8590 if !fl.add(int32(f.Increment)) { 8591 return http2ConnectionError(http2ErrCodeFlowControl) 8592 } 8593 cc.cond.Broadcast() 8594 return nil 8595 } 8596 8597 func (rl *http2clientConnReadLoop) processResetStream(f *http2RSTStreamFrame) error { 8598 cs := rl.cc.streamByID(f.StreamID, true) 8599 if cs == nil { 8600 // TODO: return error if server tries to RST_STEAM an idle stream 8601 return nil 8602 } 8603 select { 8604 case <-cs.peerReset: 8605 // Already reset. 8606 // This is the only goroutine 8607 // which closes this, so there 8608 // isn't a race. 8609 default: 8610 err := http2streamError(cs.ID, f.ErrCode) 8611 cs.resetErr = err 8612 close(cs.peerReset) 8613 cs.bufPipe.CloseWithError(err) 8614 cs.cc.cond.Broadcast() // wake up checkResetOrDone via clientStream.awaitFlowControl 8615 } 8616 return nil 8617 } 8618 8619 // Ping sends a PING frame to the server and waits for the ack. 8620 // Public implementation is in go17.go and not_go17.go 8621 func (cc *http2ClientConn) ping(ctx http2contextContext) error { 8622 c := make(chan struct{}) 8623 // Generate a random payload 8624 var p [8]byte 8625 for { 8626 if _, err := rand.Read(p[:]); err != nil { 8627 return err 8628 } 8629 cc.mu.Lock() 8630 // check for dup before insert 8631 if _, found := cc.pings[p]; !found { 8632 cc.pings[p] = c 8633 cc.mu.Unlock() 8634 break 8635 } 8636 cc.mu.Unlock() 8637 } 8638 cc.wmu.Lock() 8639 if err := cc.fr.WritePing(false, p); err != nil { 8640 cc.wmu.Unlock() 8641 return err 8642 } 8643 if err := cc.bw.Flush(); err != nil { 8644 cc.wmu.Unlock() 8645 return err 8646 } 8647 cc.wmu.Unlock() 8648 select { 8649 case <-c: 8650 return nil 8651 case <-ctx.Done(): 8652 return ctx.Err() 8653 case <-cc.readerDone: 8654 // connection closed 8655 return cc.readerErr 8656 } 8657 } 8658 8659 func (rl *http2clientConnReadLoop) processPing(f *http2PingFrame) error { 8660 if f.IsAck() { 8661 cc := rl.cc 8662 cc.mu.Lock() 8663 defer cc.mu.Unlock() 8664 // If ack, notify listener if any 8665 if c, ok := cc.pings[f.Data]; ok { 8666 close(c) 8667 delete(cc.pings, f.Data) 8668 } 8669 return nil 8670 } 8671 cc := rl.cc 8672 cc.wmu.Lock() 8673 defer cc.wmu.Unlock() 8674 if err := cc.fr.WritePing(true, f.Data); err != nil { 8675 return err 8676 } 8677 return cc.bw.Flush() 8678 } 8679 8680 func (rl *http2clientConnReadLoop) processPushPromise(f *http2PushPromiseFrame) error { 8681 // We told the peer we don't want them. 8682 // Spec says: 8683 // "PUSH_PROMISE MUST NOT be sent if the SETTINGS_ENABLE_PUSH 8684 // setting of the peer endpoint is set to 0. An endpoint that 8685 // has set this setting and has received acknowledgement MUST 8686 // treat the receipt of a PUSH_PROMISE frame as a connection 8687 // error (Section 5.4.1) of type PROTOCOL_ERROR." 8688 return http2ConnectionError(http2ErrCodeProtocol) 8689 } 8690 8691 func (cc *http2ClientConn) writeStreamReset(streamID uint32, code http2ErrCode, err error) { 8692 // TODO: map err to more interesting error codes, once the 8693 // HTTP community comes up with some. But currently for 8694 // RST_STREAM there's no equivalent to GOAWAY frame's debug 8695 // data, and the error codes are all pretty vague ("cancel"). 8696 cc.wmu.Lock() 8697 cc.fr.WriteRSTStream(streamID, code) 8698 cc.bw.Flush() 8699 cc.wmu.Unlock() 8700 } 8701 8702 var ( 8703 http2errResponseHeaderListSize = errors.New("http2: response header list larger than advertised limit") 8704 http2errRequestHeaderListSize = errors.New("http2: request header list larger than peer's advertised limit") 8705 http2errPseudoTrailers = errors.New("http2: invalid pseudo header in trailers") 8706 ) 8707 8708 func (cc *http2ClientConn) logf(format string, args ...interface{}) { 8709 cc.t.logf(format, args...) 8710 } 8711 8712 func (cc *http2ClientConn) vlogf(format string, args ...interface{}) { 8713 cc.t.vlogf(format, args...) 8714 } 8715 8716 func (t *http2Transport) vlogf(format string, args ...interface{}) { 8717 if http2VerboseLogs { 8718 t.logf(format, args...) 8719 } 8720 } 8721 8722 func (t *http2Transport) logf(format string, args ...interface{}) { 8723 log.Printf(format, args...) 8724 } 8725 8726 var http2noBody io.ReadCloser = ioutil.NopCloser(bytes.NewReader(nil)) 8727 8728 func http2strSliceContains(ss []string, s string) bool { 8729 for _, v := range ss { 8730 if v == s { 8731 return true 8732 } 8733 } 8734 return false 8735 } 8736 8737 type http2erringRoundTripper struct{ err error } 8738 8739 func (rt http2erringRoundTripper) RoundTrip(*Request) (*Response, error) { return nil, rt.err } 8740 8741 // gzipReader wraps a response body so it can lazily 8742 // call gzip.NewReader on the first call to Read 8743 type http2gzipReader struct { 8744 body io.ReadCloser // underlying Response.Body 8745 zr *gzip.Reader // lazily-initialized gzip reader 8746 zerr error // sticky error 8747 } 8748 8749 func (gz *http2gzipReader) Read(p []byte) (n int, err error) { 8750 if gz.zerr != nil { 8751 return 0, gz.zerr 8752 } 8753 if gz.zr == nil { 8754 gz.zr, err = gzip.NewReader(gz.body) 8755 if err != nil { 8756 gz.zerr = err 8757 return 0, err 8758 } 8759 } 8760 return gz.zr.Read(p) 8761 } 8762 8763 func (gz *http2gzipReader) Close() error { 8764 return gz.body.Close() 8765 } 8766 8767 type http2errorReader struct{ err error } 8768 8769 func (r http2errorReader) Read(p []byte) (int, error) { return 0, r.err } 8770 8771 // bodyWriterState encapsulates various state around the Transport's writing 8772 // of the request body, particularly regarding doing delayed writes of the body 8773 // when the request contains "Expect: 100-continue". 8774 type http2bodyWriterState struct { 8775 cs *http2clientStream 8776 timer *time.Timer // if non-nil, we're doing a delayed write 8777 fnonce *sync.Once // to call fn with 8778 fn func() // the code to run in the goroutine, writing the body 8779 resc chan error // result of fn's execution 8780 delay time.Duration // how long we should delay a delayed write for 8781 } 8782 8783 func (t *http2Transport) getBodyWriterState(cs *http2clientStream, body io.Reader) (s http2bodyWriterState) { 8784 s.cs = cs 8785 if body == nil { 8786 return 8787 } 8788 resc := make(chan error, 1) 8789 s.resc = resc 8790 s.fn = func() { 8791 cs.cc.mu.Lock() 8792 cs.startedWrite = true 8793 cs.cc.mu.Unlock() 8794 resc <- cs.writeRequestBody(body, cs.req.Body) 8795 } 8796 s.delay = t.expectContinueTimeout() 8797 if s.delay == 0 || 8798 !httplex.HeaderValuesContainsToken( 8799 cs.req.Header["Expect"], 8800 "100-continue") { 8801 return 8802 } 8803 s.fnonce = new(sync.Once) 8804 8805 // Arm the timer with a very large duration, which we'll 8806 // intentionally lower later. It has to be large now because 8807 // we need a handle to it before writing the headers, but the 8808 // s.delay value is defined to not start until after the 8809 // request headers were written. 8810 const hugeDuration = 365 * 24 * time.Hour 8811 s.timer = time.AfterFunc(hugeDuration, func() { 8812 s.fnonce.Do(s.fn) 8813 }) 8814 return 8815 } 8816 8817 func (s http2bodyWriterState) cancel() { 8818 if s.timer != nil { 8819 s.timer.Stop() 8820 } 8821 } 8822 8823 func (s http2bodyWriterState) on100() { 8824 if s.timer == nil { 8825 // If we didn't do a delayed write, ignore the server's 8826 // bogus 100 continue response. 8827 return 8828 } 8829 s.timer.Stop() 8830 go func() { s.fnonce.Do(s.fn) }() 8831 } 8832 8833 // scheduleBodyWrite starts writing the body, either immediately (in 8834 // the common case) or after the delay timeout. It should not be 8835 // called until after the headers have been written. 8836 func (s http2bodyWriterState) scheduleBodyWrite() { 8837 if s.timer == nil { 8838 // We're not doing a delayed write (see 8839 // getBodyWriterState), so just start the writing 8840 // goroutine immediately. 8841 go s.fn() 8842 return 8843 } 8844 http2traceWait100Continue(s.cs.trace) 8845 if s.timer.Stop() { 8846 s.timer.Reset(s.delay) 8847 } 8848 } 8849 8850 // isConnectionCloseRequest reports whether req should use its own 8851 // connection for a single request and then close the connection. 8852 func http2isConnectionCloseRequest(req *Request) bool { 8853 return req.Close || httplex.HeaderValuesContainsToken(req.Header["Connection"], "close") 8854 } 8855 8856 // writeFramer is implemented by any type that is used to write frames. 8857 type http2writeFramer interface { 8858 writeFrame(http2writeContext) error 8859 8860 // staysWithinBuffer reports whether this writer promises that 8861 // it will only write less than or equal to size bytes, and it 8862 // won't Flush the write context. 8863 staysWithinBuffer(size int) bool 8864 } 8865 8866 // writeContext is the interface needed by the various frame writer 8867 // types below. All the writeFrame methods below are scheduled via the 8868 // frame writing scheduler (see writeScheduler in writesched.go). 8869 // 8870 // This interface is implemented by *serverConn. 8871 // 8872 // TODO: decide whether to a) use this in the client code (which didn't 8873 // end up using this yet, because it has a simpler design, not 8874 // currently implementing priorities), or b) delete this and 8875 // make the server code a bit more concrete. 8876 type http2writeContext interface { 8877 Framer() *http2Framer 8878 Flush() error 8879 CloseConn() error 8880 // HeaderEncoder returns an HPACK encoder that writes to the 8881 // returned buffer. 8882 HeaderEncoder() (*hpack.Encoder, *bytes.Buffer) 8883 } 8884 8885 // writeEndsStream reports whether w writes a frame that will transition 8886 // the stream to a half-closed local state. This returns false for RST_STREAM, 8887 // which closes the entire stream (not just the local half). 8888 func http2writeEndsStream(w http2writeFramer) bool { 8889 switch v := w.(type) { 8890 case *http2writeData: 8891 return v.endStream 8892 case *http2writeResHeaders: 8893 return v.endStream 8894 case nil: 8895 // This can only happen if the caller reuses w after it's 8896 // been intentionally nil'ed out to prevent use. Keep this 8897 // here to catch future refactoring breaking it. 8898 panic("writeEndsStream called on nil writeFramer") 8899 } 8900 return false 8901 } 8902 8903 type http2flushFrameWriter struct{} 8904 8905 func (http2flushFrameWriter) writeFrame(ctx http2writeContext) error { 8906 return ctx.Flush() 8907 } 8908 8909 func (http2flushFrameWriter) staysWithinBuffer(max int) bool { return false } 8910 8911 type http2writeSettings []http2Setting 8912 8913 func (s http2writeSettings) staysWithinBuffer(max int) bool { 8914 const settingSize = 6 // uint16 + uint32 8915 return http2frameHeaderLen+settingSize*len(s) <= max 8916 8917 } 8918 8919 func (s http2writeSettings) writeFrame(ctx http2writeContext) error { 8920 return ctx.Framer().WriteSettings([]http2Setting(s)...) 8921 } 8922 8923 type http2writeGoAway struct { 8924 maxStreamID uint32 8925 code http2ErrCode 8926 } 8927 8928 func (p *http2writeGoAway) writeFrame(ctx http2writeContext) error { 8929 err := ctx.Framer().WriteGoAway(p.maxStreamID, p.code, nil) 8930 ctx.Flush() // ignore error: we're hanging up on them anyway 8931 return err 8932 } 8933 8934 func (*http2writeGoAway) staysWithinBuffer(max int) bool { return false } // flushes 8935 8936 type http2writeData struct { 8937 streamID uint32 8938 p []byte 8939 endStream bool 8940 } 8941 8942 func (w *http2writeData) String() string { 8943 return fmt.Sprintf("writeData(stream=%d, p=%d, endStream=%v)", w.streamID, len(w.p), w.endStream) 8944 } 8945 8946 func (w *http2writeData) writeFrame(ctx http2writeContext) error { 8947 return ctx.Framer().WriteData(w.streamID, w.endStream, w.p) 8948 } 8949 8950 func (w *http2writeData) staysWithinBuffer(max int) bool { 8951 return http2frameHeaderLen+len(w.p) <= max 8952 } 8953 8954 // handlerPanicRST is the message sent from handler goroutines when 8955 // the handler panics. 8956 type http2handlerPanicRST struct { 8957 StreamID uint32 8958 } 8959 8960 func (hp http2handlerPanicRST) writeFrame(ctx http2writeContext) error { 8961 return ctx.Framer().WriteRSTStream(hp.StreamID, http2ErrCodeInternal) 8962 } 8963 8964 func (hp http2handlerPanicRST) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max } 8965 8966 func (se http2StreamError) writeFrame(ctx http2writeContext) error { 8967 return ctx.Framer().WriteRSTStream(se.StreamID, se.Code) 8968 } 8969 8970 func (se http2StreamError) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max } 8971 8972 type http2writePingAck struct{ pf *http2PingFrame } 8973 8974 func (w http2writePingAck) writeFrame(ctx http2writeContext) error { 8975 return ctx.Framer().WritePing(true, w.pf.Data) 8976 } 8977 8978 func (w http2writePingAck) staysWithinBuffer(max int) bool { 8979 return http2frameHeaderLen+len(w.pf.Data) <= max 8980 } 8981 8982 type http2writeSettingsAck struct{} 8983 8984 func (http2writeSettingsAck) writeFrame(ctx http2writeContext) error { 8985 return ctx.Framer().WriteSettingsAck() 8986 } 8987 8988 func (http2writeSettingsAck) staysWithinBuffer(max int) bool { return http2frameHeaderLen <= max } 8989 8990 // splitHeaderBlock splits headerBlock into fragments so that each fragment fits 8991 // in a single frame, then calls fn for each fragment. firstFrag/lastFrag are true 8992 // for the first/last fragment, respectively. 8993 func http2splitHeaderBlock(ctx http2writeContext, headerBlock []byte, fn func(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error) error { 8994 // For now we're lazy and just pick the minimum MAX_FRAME_SIZE 8995 // that all peers must support (16KB). Later we could care 8996 // more and send larger frames if the peer advertised it, but 8997 // there's little point. Most headers are small anyway (so we 8998 // generally won't have CONTINUATION frames), and extra frames 8999 // only waste 9 bytes anyway. 9000 const maxFrameSize = 16384 9001 9002 first := true 9003 for len(headerBlock) > 0 { 9004 frag := headerBlock 9005 if len(frag) > maxFrameSize { 9006 frag = frag[:maxFrameSize] 9007 } 9008 headerBlock = headerBlock[len(frag):] 9009 if err := fn(ctx, frag, first, len(headerBlock) == 0); err != nil { 9010 return err 9011 } 9012 first = false 9013 } 9014 return nil 9015 } 9016 9017 // writeResHeaders is a request to write a HEADERS and 0+ CONTINUATION frames 9018 // for HTTP response headers or trailers from a server handler. 9019 type http2writeResHeaders struct { 9020 streamID uint32 9021 httpResCode int // 0 means no ":status" line 9022 h Header // may be nil 9023 trailers []string // if non-nil, which keys of h to write. nil means all. 9024 endStream bool 9025 9026 date string 9027 contentType string 9028 contentLength string 9029 } 9030 9031 func http2encKV(enc *hpack.Encoder, k, v string) { 9032 if http2VerboseLogs { 9033 log.Printf("http2: server encoding header %q = %q", k, v) 9034 } 9035 enc.WriteField(hpack.HeaderField{Name: k, Value: v}) 9036 } 9037 9038 func (w *http2writeResHeaders) staysWithinBuffer(max int) bool { 9039 // TODO: this is a common one. It'd be nice to return true 9040 // here and get into the fast path if we could be clever and 9041 // calculate the size fast enough, or at least a conservative 9042 // uppper bound that usually fires. (Maybe if w.h and 9043 // w.trailers are nil, so we don't need to enumerate it.) 9044 // Otherwise I'm afraid that just calculating the length to 9045 // answer this question would be slower than the ~2s benefit. 9046 return false 9047 } 9048 9049 func (w *http2writeResHeaders) writeFrame(ctx http2writeContext) error { 9050 enc, buf := ctx.HeaderEncoder() 9051 buf.Reset() 9052 9053 if w.httpResCode != 0 { 9054 http2encKV(enc, ":status", http2httpCodeString(w.httpResCode)) 9055 } 9056 9057 http2encodeHeaders(enc, w.h, w.trailers) 9058 9059 if w.contentType != "" { 9060 http2encKV(enc, "content-type", w.contentType) 9061 } 9062 if w.contentLength != "" { 9063 http2encKV(enc, "content-length", w.contentLength) 9064 } 9065 if w.date != "" { 9066 http2encKV(enc, "date", w.date) 9067 } 9068 9069 headerBlock := buf.Bytes() 9070 if len(headerBlock) == 0 && w.trailers == nil { 9071 panic("unexpected empty hpack") 9072 } 9073 9074 return http2splitHeaderBlock(ctx, headerBlock, w.writeHeaderBlock) 9075 } 9076 9077 func (w *http2writeResHeaders) writeHeaderBlock(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error { 9078 if firstFrag { 9079 return ctx.Framer().WriteHeaders(http2HeadersFrameParam{ 9080 StreamID: w.streamID, 9081 BlockFragment: frag, 9082 EndStream: w.endStream, 9083 EndHeaders: lastFrag, 9084 }) 9085 } else { 9086 return ctx.Framer().WriteContinuation(w.streamID, lastFrag, frag) 9087 } 9088 } 9089 9090 // writePushPromise is a request to write a PUSH_PROMISE and 0+ CONTINUATION frames. 9091 type http2writePushPromise struct { 9092 streamID uint32 // pusher stream 9093 method string // for :method 9094 url *url.URL // for :scheme, :authority, :path 9095 h Header 9096 9097 // Creates an ID for a pushed stream. This runs on serveG just before 9098 // the frame is written. The returned ID is copied to promisedID. 9099 allocatePromisedID func() (uint32, error) 9100 promisedID uint32 9101 } 9102 9103 func (w *http2writePushPromise) staysWithinBuffer(max int) bool { 9104 // TODO: see writeResHeaders.staysWithinBuffer 9105 return false 9106 } 9107 9108 func (w *http2writePushPromise) writeFrame(ctx http2writeContext) error { 9109 enc, buf := ctx.HeaderEncoder() 9110 buf.Reset() 9111 9112 http2encKV(enc, ":method", w.method) 9113 http2encKV(enc, ":scheme", w.url.Scheme) 9114 http2encKV(enc, ":authority", w.url.Host) 9115 http2encKV(enc, ":path", w.url.RequestURI()) 9116 http2encodeHeaders(enc, w.h, nil) 9117 9118 headerBlock := buf.Bytes() 9119 if len(headerBlock) == 0 { 9120 panic("unexpected empty hpack") 9121 } 9122 9123 return http2splitHeaderBlock(ctx, headerBlock, w.writeHeaderBlock) 9124 } 9125 9126 func (w *http2writePushPromise) writeHeaderBlock(ctx http2writeContext, frag []byte, firstFrag, lastFrag bool) error { 9127 if firstFrag { 9128 return ctx.Framer().WritePushPromise(http2PushPromiseParam{ 9129 StreamID: w.streamID, 9130 PromiseID: w.promisedID, 9131 BlockFragment: frag, 9132 EndHeaders: lastFrag, 9133 }) 9134 } else { 9135 return ctx.Framer().WriteContinuation(w.streamID, lastFrag, frag) 9136 } 9137 } 9138 9139 type http2write100ContinueHeadersFrame struct { 9140 streamID uint32 9141 } 9142 9143 func (w http2write100ContinueHeadersFrame) writeFrame(ctx http2writeContext) error { 9144 enc, buf := ctx.HeaderEncoder() 9145 buf.Reset() 9146 http2encKV(enc, ":status", "100") 9147 return ctx.Framer().WriteHeaders(http2HeadersFrameParam{ 9148 StreamID: w.streamID, 9149 BlockFragment: buf.Bytes(), 9150 EndStream: false, 9151 EndHeaders: true, 9152 }) 9153 } 9154 9155 func (w http2write100ContinueHeadersFrame) staysWithinBuffer(max int) bool { 9156 // Sloppy but conservative: 9157 return 9+2*(len(":status")+len("100")) <= max 9158 } 9159 9160 type http2writeWindowUpdate struct { 9161 streamID uint32 // or 0 for conn-level 9162 n uint32 9163 } 9164 9165 func (wu http2writeWindowUpdate) staysWithinBuffer(max int) bool { return http2frameHeaderLen+4 <= max } 9166 9167 func (wu http2writeWindowUpdate) writeFrame(ctx http2writeContext) error { 9168 return ctx.Framer().WriteWindowUpdate(wu.streamID, wu.n) 9169 } 9170 9171 // encodeHeaders encodes an http.Header. If keys is not nil, then (k, h[k]) 9172 // is encoded only only if k is in keys. 9173 func http2encodeHeaders(enc *hpack.Encoder, h Header, keys []string) { 9174 if keys == nil { 9175 sorter := http2sorterPool.Get().(*http2sorter) 9176 // Using defer here, since the returned keys from the 9177 // sorter.Keys method is only valid until the sorter 9178 // is returned: 9179 defer http2sorterPool.Put(sorter) 9180 keys = sorter.Keys(h) 9181 } 9182 for _, k := range keys { 9183 vv := h[k] 9184 k = http2lowerHeader(k) 9185 if !http2validWireHeaderFieldName(k) { 9186 // Skip it as backup paranoia. Per 9187 // golang.org/issue/14048, these should 9188 // already be rejected at a higher level. 9189 continue 9190 } 9191 isTE := k == "transfer-encoding" 9192 for _, v := range vv { 9193 if !httplex.ValidHeaderFieldValue(v) { 9194 // TODO: return an error? golang.org/issue/14048 9195 // For now just omit it. 9196 continue 9197 } 9198 // TODO: more of "8.1.2.2 Connection-Specific Header Fields" 9199 if isTE && v != "trailers" { 9200 continue 9201 } 9202 http2encKV(enc, k, v) 9203 } 9204 } 9205 } 9206 9207 // WriteScheduler is the interface implemented by HTTP/2 write schedulers. 9208 // Methods are never called concurrently. 9209 type http2WriteScheduler interface { 9210 // OpenStream opens a new stream in the write scheduler. 9211 // It is illegal to call this with streamID=0 or with a streamID that is 9212 // already open -- the call may panic. 9213 OpenStream(streamID uint32, options http2OpenStreamOptions) 9214 9215 // CloseStream closes a stream in the write scheduler. Any frames queued on 9216 // this stream should be discarded. It is illegal to call this on a stream 9217 // that is not open -- the call may panic. 9218 CloseStream(streamID uint32) 9219 9220 // AdjustStream adjusts the priority of the given stream. This may be called 9221 // on a stream that has not yet been opened or has been closed. Note that 9222 // RFC 7540 allows PRIORITY frames to be sent on streams in any state. See: 9223 // https://tools.ietf.org/html/rfc7540#section-5.1 9224 AdjustStream(streamID uint32, priority http2PriorityParam) 9225 9226 // Push queues a frame in the scheduler. In most cases, this will not be 9227 // called with wr.StreamID()!=0 unless that stream is currently open. The one 9228 // exception is RST_STREAM frames, which may be sent on idle or closed streams. 9229 Push(wr http2FrameWriteRequest) 9230 9231 // Pop dequeues the next frame to write. Returns false if no frames can 9232 // be written. Frames with a given wr.StreamID() are Pop'd in the same 9233 // order they are Push'd. 9234 Pop() (wr http2FrameWriteRequest, ok bool) 9235 } 9236 9237 // OpenStreamOptions specifies extra options for WriteScheduler.OpenStream. 9238 type http2OpenStreamOptions struct { 9239 // PusherID is zero if the stream was initiated by the client. Otherwise, 9240 // PusherID names the stream that pushed the newly opened stream. 9241 PusherID uint32 9242 } 9243 9244 // FrameWriteRequest is a request to write a frame. 9245 type http2FrameWriteRequest struct { 9246 // write is the interface value that does the writing, once the 9247 // WriteScheduler has selected this frame to write. The write 9248 // functions are all defined in write.go. 9249 write http2writeFramer 9250 9251 // stream is the stream on which this frame will be written. 9252 // nil for non-stream frames like PING and SETTINGS. 9253 stream *http2stream 9254 9255 // done, if non-nil, must be a buffered channel with space for 9256 // 1 message and is sent the return value from write (or an 9257 // earlier error) when the frame has been written. 9258 done chan error 9259 } 9260 9261 // StreamID returns the id of the stream this frame will be written to. 9262 // 0 is used for non-stream frames such as PING and SETTINGS. 9263 func (wr http2FrameWriteRequest) StreamID() uint32 { 9264 if wr.stream == nil { 9265 if se, ok := wr.write.(http2StreamError); ok { 9266 // (*serverConn).resetStream doesn't set 9267 // stream because it doesn't necessarily have 9268 // one. So special case this type of write 9269 // message. 9270 return se.StreamID 9271 } 9272 return 0 9273 } 9274 return wr.stream.id 9275 } 9276 9277 // DataSize returns the number of flow control bytes that must be consumed 9278 // to write this entire frame. This is 0 for non-DATA frames. 9279 func (wr http2FrameWriteRequest) DataSize() int { 9280 if wd, ok := wr.write.(*http2writeData); ok { 9281 return len(wd.p) 9282 } 9283 return 0 9284 } 9285 9286 // Consume consumes min(n, available) bytes from this frame, where available 9287 // is the number of flow control bytes available on the stream. Consume returns 9288 // 0, 1, or 2 frames, where the integer return value gives the number of frames 9289 // returned. 9290 // 9291 // If flow control prevents consuming any bytes, this returns (_, _, 0). If 9292 // the entire frame was consumed, this returns (wr, _, 1). Otherwise, this 9293 // returns (consumed, rest, 2), where 'consumed' contains the consumed bytes and 9294 // 'rest' contains the remaining bytes. The consumed bytes are deducted from the 9295 // underlying stream's flow control budget. 9296 func (wr http2FrameWriteRequest) Consume(n int32) (http2FrameWriteRequest, http2FrameWriteRequest, int) { 9297 var empty http2FrameWriteRequest 9298 9299 // Non-DATA frames are always consumed whole. 9300 wd, ok := wr.write.(*http2writeData) 9301 if !ok || len(wd.p) == 0 { 9302 return wr, empty, 1 9303 } 9304 9305 // Might need to split after applying limits. 9306 allowed := wr.stream.flow.available() 9307 if n < allowed { 9308 allowed = n 9309 } 9310 if wr.stream.sc.maxFrameSize < allowed { 9311 allowed = wr.stream.sc.maxFrameSize 9312 } 9313 if allowed <= 0 { 9314 return empty, empty, 0 9315 } 9316 if len(wd.p) > int(allowed) { 9317 wr.stream.flow.take(allowed) 9318 consumed := http2FrameWriteRequest{ 9319 stream: wr.stream, 9320 write: &http2writeData{ 9321 streamID: wd.streamID, 9322 p: wd.p[:allowed], 9323 // Even if the original had endStream set, there 9324 // are bytes remaining because len(wd.p) > allowed, 9325 // so we know endStream is false. 9326 endStream: false, 9327 }, 9328 // Our caller is blocking on the final DATA frame, not 9329 // this intermediate frame, so no need to wait. 9330 done: nil, 9331 } 9332 rest := http2FrameWriteRequest{ 9333 stream: wr.stream, 9334 write: &http2writeData{ 9335 streamID: wd.streamID, 9336 p: wd.p[allowed:], 9337 endStream: wd.endStream, 9338 }, 9339 done: wr.done, 9340 } 9341 return consumed, rest, 2 9342 } 9343 9344 // The frame is consumed whole. 9345 // NB: This cast cannot overflow because allowed is <= math.MaxInt32. 9346 wr.stream.flow.take(int32(len(wd.p))) 9347 return wr, empty, 1 9348 } 9349 9350 // String is for debugging only. 9351 func (wr http2FrameWriteRequest) String() string { 9352 var des string 9353 if s, ok := wr.write.(fmt.Stringer); ok { 9354 des = s.String() 9355 } else { 9356 des = fmt.Sprintf("%T", wr.write) 9357 } 9358 return fmt.Sprintf("[FrameWriteRequest stream=%d, ch=%v, writer=%v]", wr.StreamID(), wr.done != nil, des) 9359 } 9360 9361 // replyToWriter sends err to wr.done and panics if the send must block 9362 // This does nothing if wr.done is nil. 9363 func (wr *http2FrameWriteRequest) replyToWriter(err error) { 9364 if wr.done == nil { 9365 return 9366 } 9367 select { 9368 case wr.done <- err: 9369 default: 9370 panic(fmt.Sprintf("unbuffered done channel passed in for type %T", wr.write)) 9371 } 9372 wr.write = nil // prevent use (assume it's tainted after wr.done send) 9373 } 9374 9375 // writeQueue is used by implementations of WriteScheduler. 9376 type http2writeQueue struct { 9377 s []http2FrameWriteRequest 9378 } 9379 9380 func (q *http2writeQueue) empty() bool { return len(q.s) == 0 } 9381 9382 func (q *http2writeQueue) push(wr http2FrameWriteRequest) { 9383 q.s = append(q.s, wr) 9384 } 9385 9386 func (q *http2writeQueue) shift() http2FrameWriteRequest { 9387 if len(q.s) == 0 { 9388 panic("invalid use of queue") 9389 } 9390 wr := q.s[0] 9391 // TODO: less copy-happy queue. 9392 copy(q.s, q.s[1:]) 9393 q.s[len(q.s)-1] = http2FrameWriteRequest{} 9394 q.s = q.s[:len(q.s)-1] 9395 return wr 9396 } 9397 9398 // consume consumes up to n bytes from q.s[0]. If the frame is 9399 // entirely consumed, it is removed from the queue. If the frame 9400 // is partially consumed, the frame is kept with the consumed 9401 // bytes removed. Returns true iff any bytes were consumed. 9402 func (q *http2writeQueue) consume(n int32) (http2FrameWriteRequest, bool) { 9403 if len(q.s) == 0 { 9404 return http2FrameWriteRequest{}, false 9405 } 9406 consumed, rest, numresult := q.s[0].Consume(n) 9407 switch numresult { 9408 case 0: 9409 return http2FrameWriteRequest{}, false 9410 case 1: 9411 q.shift() 9412 case 2: 9413 q.s[0] = rest 9414 } 9415 return consumed, true 9416 } 9417 9418 type http2writeQueuePool []*http2writeQueue 9419 9420 // put inserts an unused writeQueue into the pool. 9421 9422 // put inserts an unused writeQueue into the pool. 9423 func (p *http2writeQueuePool) put(q *http2writeQueue) { 9424 for i := range q.s { 9425 q.s[i] = http2FrameWriteRequest{} 9426 } 9427 q.s = q.s[:0] 9428 *p = append(*p, q) 9429 } 9430 9431 // get returns an empty writeQueue. 9432 func (p *http2writeQueuePool) get() *http2writeQueue { 9433 ln := len(*p) 9434 if ln == 0 { 9435 return new(http2writeQueue) 9436 } 9437 x := ln - 1 9438 q := (*p)[x] 9439 (*p)[x] = nil 9440 *p = (*p)[:x] 9441 return q 9442 } 9443 9444 // RFC 7540, Section 5.3.5: the default weight is 16. 9445 const http2priorityDefaultWeight = 15 // 16 = 15 + 1 9446 9447 // PriorityWriteSchedulerConfig configures a priorityWriteScheduler. 9448 type http2PriorityWriteSchedulerConfig struct { 9449 // MaxClosedNodesInTree controls the maximum number of closed streams to 9450 // retain in the priority tree. Setting this to zero saves a small amount 9451 // of memory at the cost of performance. 9452 // 9453 // See RFC 7540, Section 5.3.4: 9454 // "It is possible for a stream to become closed while prioritization 9455 // information ... is in transit. ... This potentially creates suboptimal 9456 // prioritization, since the stream could be given a priority that is 9457 // different from what is intended. To avoid these problems, an endpoint 9458 // SHOULD retain stream prioritization state for a period after streams 9459 // become closed. The longer state is retained, the lower the chance that 9460 // streams are assigned incorrect or default priority values." 9461 MaxClosedNodesInTree int 9462 9463 // MaxIdleNodesInTree controls the maximum number of idle streams to 9464 // retain in the priority tree. Setting this to zero saves a small amount 9465 // of memory at the cost of performance. 9466 // 9467 // See RFC 7540, Section 5.3.4: 9468 // Similarly, streams that are in the "idle" state can be assigned 9469 // priority or become a parent of other streams. This allows for the 9470 // creation of a grouping node in the dependency tree, which enables 9471 // more flexible expressions of priority. Idle streams begin with a 9472 // default priority (Section 5.3.5). 9473 MaxIdleNodesInTree int 9474 9475 // ThrottleOutOfOrderWrites enables write throttling to help ensure that 9476 // data is delivered in priority order. This works around a race where 9477 // stream B depends on stream A and both streams are about to call Write 9478 // to queue DATA frames. If B wins the race, a naive scheduler would eagerly 9479 // write as much data from B as possible, but this is suboptimal because A 9480 // is a higher-priority stream. With throttling enabled, we write a small 9481 // amount of data from B to minimize the amount of bandwidth that B can 9482 // steal from A. 9483 ThrottleOutOfOrderWrites bool 9484 } 9485 9486 // NewPriorityWriteScheduler constructs a WriteScheduler that schedules 9487 // frames by following HTTP/2 priorities as described in RFC 7540 Section 5.3. 9488 // If cfg is nil, default options are used. 9489 func http2NewPriorityWriteScheduler(cfg *http2PriorityWriteSchedulerConfig) http2WriteScheduler { 9490 if cfg == nil { 9491 // For justification of these defaults, see: 9492 // https://docs.google.com/document/d/1oLhNg1skaWD4_DtaoCxdSRN5erEXrH-KnLrMwEpOtFY 9493 cfg = &http2PriorityWriteSchedulerConfig{ 9494 MaxClosedNodesInTree: 10, 9495 MaxIdleNodesInTree: 10, 9496 ThrottleOutOfOrderWrites: false, 9497 } 9498 } 9499 9500 ws := &http2priorityWriteScheduler{ 9501 nodes: make(map[uint32]*http2priorityNode), 9502 maxClosedNodesInTree: cfg.MaxClosedNodesInTree, 9503 maxIdleNodesInTree: cfg.MaxIdleNodesInTree, 9504 enableWriteThrottle: cfg.ThrottleOutOfOrderWrites, 9505 } 9506 ws.nodes[0] = &ws.root 9507 if cfg.ThrottleOutOfOrderWrites { 9508 ws.writeThrottleLimit = 1024 9509 } else { 9510 ws.writeThrottleLimit = math.MaxInt32 9511 } 9512 return ws 9513 } 9514 9515 type http2priorityNodeState int 9516 9517 const ( 9518 http2priorityNodeOpen http2priorityNodeState = iota 9519 http2priorityNodeClosed 9520 http2priorityNodeIdle 9521 ) 9522 9523 // priorityNode is a node in an HTTP/2 priority tree. 9524 // Each node is associated with a single stream ID. 9525 // See RFC 7540, Section 5.3. 9526 type http2priorityNode struct { 9527 q http2writeQueue // queue of pending frames to write 9528 id uint32 // id of the stream, or 0 for the root of the tree 9529 weight uint8 // the actual weight is weight+1, so the value is in [1,256] 9530 state http2priorityNodeState // open | closed | idle 9531 bytes int64 // number of bytes written by this node, or 0 if closed 9532 subtreeBytes int64 // sum(node.bytes) of all nodes in this subtree 9533 9534 // These links form the priority tree. 9535 parent *http2priorityNode 9536 kids *http2priorityNode // start of the kids list 9537 prev, next *http2priorityNode // doubly-linked list of siblings 9538 } 9539 9540 func (n *http2priorityNode) setParent(parent *http2priorityNode) { 9541 if n == parent { 9542 panic("setParent to self") 9543 } 9544 if n.parent == parent { 9545 return 9546 } 9547 // Unlink from current parent. 9548 if parent := n.parent; parent != nil { 9549 if n.prev == nil { 9550 parent.kids = n.next 9551 } else { 9552 n.prev.next = n.next 9553 } 9554 if n.next != nil { 9555 n.next.prev = n.prev 9556 } 9557 } 9558 // Link to new parent. 9559 // If parent=nil, remove n from the tree. 9560 // Always insert at the head of parent.kids (this is assumed by walkReadyInOrder). 9561 n.parent = parent 9562 if parent == nil { 9563 n.next = nil 9564 n.prev = nil 9565 } else { 9566 n.next = parent.kids 9567 n.prev = nil 9568 if n.next != nil { 9569 n.next.prev = n 9570 } 9571 parent.kids = n 9572 } 9573 } 9574 9575 func (n *http2priorityNode) addBytes(b int64) { 9576 n.bytes += b 9577 for ; n != nil; n = n.parent { 9578 n.subtreeBytes += b 9579 } 9580 } 9581 9582 // walkReadyInOrder iterates over the tree in priority order, calling f for each node 9583 // with a non-empty write queue. When f returns true, this funcion returns true and the 9584 // walk halts. tmp is used as scratch space for sorting. 9585 // 9586 // f(n, openParent) takes two arguments: the node to visit, n, and a bool that is true 9587 // if any ancestor p of n is still open (ignoring the root node). 9588 func (n *http2priorityNode) walkReadyInOrder(openParent bool, tmp *[]*http2priorityNode, f func(*http2priorityNode, bool) bool) bool { 9589 if !n.q.empty() && f(n, openParent) { 9590 return true 9591 } 9592 if n.kids == nil { 9593 return false 9594 } 9595 9596 // Don't consider the root "open" when updating openParent since 9597 // we can't send data frames on the root stream (only control frames). 9598 if n.id != 0 { 9599 openParent = openParent || (n.state == http2priorityNodeOpen) 9600 } 9601 9602 // Common case: only one kid or all kids have the same weight. 9603 // Some clients don't use weights; other clients (like web browsers) 9604 // use mostly-linear priority trees. 9605 w := n.kids.weight 9606 needSort := false 9607 for k := n.kids.next; k != nil; k = k.next { 9608 if k.weight != w { 9609 needSort = true 9610 break 9611 } 9612 } 9613 if !needSort { 9614 for k := n.kids; k != nil; k = k.next { 9615 if k.walkReadyInOrder(openParent, tmp, f) { 9616 return true 9617 } 9618 } 9619 return false 9620 } 9621 9622 // Uncommon case: sort the child nodes. We remove the kids from the parent, 9623 // then re-insert after sorting so we can reuse tmp for future sort calls. 9624 *tmp = (*tmp)[:0] 9625 for n.kids != nil { 9626 *tmp = append(*tmp, n.kids) 9627 n.kids.setParent(nil) 9628 } 9629 sort.Sort(http2sortPriorityNodeSiblings(*tmp)) 9630 for i := len(*tmp) - 1; i >= 0; i-- { 9631 (*tmp)[i].setParent(n) // setParent inserts at the head of n.kids 9632 } 9633 for k := n.kids; k != nil; k = k.next { 9634 if k.walkReadyInOrder(openParent, tmp, f) { 9635 return true 9636 } 9637 } 9638 return false 9639 } 9640 9641 type http2sortPriorityNodeSiblings []*http2priorityNode 9642 9643 func (z http2sortPriorityNodeSiblings) Len() int { return len(z) } 9644 9645 func (z http2sortPriorityNodeSiblings) Swap(i, k int) { z[i], z[k] = z[k], z[i] } 9646 9647 func (z http2sortPriorityNodeSiblings) Less(i, k int) bool { 9648 // Prefer the subtree that has sent fewer bytes relative to its weight. 9649 // See sections 5.3.2 and 5.3.4. 9650 wi, bi := float64(z[i].weight+1), float64(z[i].subtreeBytes) 9651 wk, bk := float64(z[k].weight+1), float64(z[k].subtreeBytes) 9652 if bi == 0 && bk == 0 { 9653 return wi >= wk 9654 } 9655 if bk == 0 { 9656 return false 9657 } 9658 return bi/bk <= wi/wk 9659 } 9660 9661 type http2priorityWriteScheduler struct { 9662 // root is the root of the priority tree, where root.id = 0. 9663 // The root queues control frames that are not associated with any stream. 9664 root http2priorityNode 9665 9666 // nodes maps stream ids to priority tree nodes. 9667 nodes map[uint32]*http2priorityNode 9668 9669 // maxID is the maximum stream id in nodes. 9670 maxID uint32 9671 9672 // lists of nodes that have been closed or are idle, but are kept in 9673 // the tree for improved prioritization. When the lengths exceed either 9674 // maxClosedNodesInTree or maxIdleNodesInTree, old nodes are discarded. 9675 closedNodes, idleNodes []*http2priorityNode 9676 9677 // From the config. 9678 maxClosedNodesInTree int 9679 maxIdleNodesInTree int 9680 writeThrottleLimit int32 9681 enableWriteThrottle bool 9682 9683 // tmp is scratch space for priorityNode.walkReadyInOrder to reduce allocations. 9684 tmp []*http2priorityNode 9685 9686 // pool of empty queues for reuse. 9687 queuePool http2writeQueuePool 9688 } 9689 9690 func (ws *http2priorityWriteScheduler) OpenStream(streamID uint32, options http2OpenStreamOptions) { 9691 // The stream may be currently idle but cannot be opened or closed. 9692 if curr := ws.nodes[streamID]; curr != nil { 9693 if curr.state != http2priorityNodeIdle { 9694 panic(fmt.Sprintf("stream %d already opened", streamID)) 9695 } 9696 curr.state = http2priorityNodeOpen 9697 return 9698 } 9699 9700 // RFC 7540, Section 5.3.5: 9701 // "All streams are initially assigned a non-exclusive dependency on stream 0x0. 9702 // Pushed streams initially depend on their associated stream. In both cases, 9703 // streams are assigned a default weight of 16." 9704 parent := ws.nodes[options.PusherID] 9705 if parent == nil { 9706 parent = &ws.root 9707 } 9708 n := &http2priorityNode{ 9709 q: *ws.queuePool.get(), 9710 id: streamID, 9711 weight: http2priorityDefaultWeight, 9712 state: http2priorityNodeOpen, 9713 } 9714 n.setParent(parent) 9715 ws.nodes[streamID] = n 9716 if streamID > ws.maxID { 9717 ws.maxID = streamID 9718 } 9719 } 9720 9721 func (ws *http2priorityWriteScheduler) CloseStream(streamID uint32) { 9722 if streamID == 0 { 9723 panic("violation of WriteScheduler interface: cannot close stream 0") 9724 } 9725 if ws.nodes[streamID] == nil { 9726 panic(fmt.Sprintf("violation of WriteScheduler interface: unknown stream %d", streamID)) 9727 } 9728 if ws.nodes[streamID].state != http2priorityNodeOpen { 9729 panic(fmt.Sprintf("violation of WriteScheduler interface: stream %d already closed", streamID)) 9730 } 9731 9732 n := ws.nodes[streamID] 9733 n.state = http2priorityNodeClosed 9734 n.addBytes(-n.bytes) 9735 9736 q := n.q 9737 ws.queuePool.put(&q) 9738 n.q.s = nil 9739 if ws.maxClosedNodesInTree > 0 { 9740 ws.addClosedOrIdleNode(&ws.closedNodes, ws.maxClosedNodesInTree, n) 9741 } else { 9742 ws.removeNode(n) 9743 } 9744 } 9745 9746 func (ws *http2priorityWriteScheduler) AdjustStream(streamID uint32, priority http2PriorityParam) { 9747 if streamID == 0 { 9748 panic("adjustPriority on root") 9749 } 9750 9751 // If streamID does not exist, there are two cases: 9752 // - A closed stream that has been removed (this will have ID <= maxID) 9753 // - An idle stream that is being used for "grouping" (this will have ID > maxID) 9754 n := ws.nodes[streamID] 9755 if n == nil { 9756 if streamID <= ws.maxID || ws.maxIdleNodesInTree == 0 { 9757 return 9758 } 9759 ws.maxID = streamID 9760 n = &http2priorityNode{ 9761 q: *ws.queuePool.get(), 9762 id: streamID, 9763 weight: http2priorityDefaultWeight, 9764 state: http2priorityNodeIdle, 9765 } 9766 n.setParent(&ws.root) 9767 ws.nodes[streamID] = n 9768 ws.addClosedOrIdleNode(&ws.idleNodes, ws.maxIdleNodesInTree, n) 9769 } 9770 9771 // Section 5.3.1: A dependency on a stream that is not currently in the tree 9772 // results in that stream being given a default priority (Section 5.3.5). 9773 parent := ws.nodes[priority.StreamDep] 9774 if parent == nil { 9775 n.setParent(&ws.root) 9776 n.weight = http2priorityDefaultWeight 9777 return 9778 } 9779 9780 // Ignore if the client tries to make a node its own parent. 9781 if n == parent { 9782 return 9783 } 9784 9785 // Section 5.3.3: 9786 // "If a stream is made dependent on one of its own dependencies, the 9787 // formerly dependent stream is first moved to be dependent on the 9788 // reprioritized stream's previous parent. The moved dependency retains 9789 // its weight." 9790 // 9791 // That is: if parent depends on n, move parent to depend on n.parent. 9792 for x := parent.parent; x != nil; x = x.parent { 9793 if x == n { 9794 parent.setParent(n.parent) 9795 break 9796 } 9797 } 9798 9799 // Section 5.3.3: The exclusive flag causes the stream to become the sole 9800 // dependency of its parent stream, causing other dependencies to become 9801 // dependent on the exclusive stream. 9802 if priority.Exclusive { 9803 k := parent.kids 9804 for k != nil { 9805 next := k.next 9806 if k != n { 9807 k.setParent(n) 9808 } 9809 k = next 9810 } 9811 } 9812 9813 n.setParent(parent) 9814 n.weight = priority.Weight 9815 } 9816 9817 func (ws *http2priorityWriteScheduler) Push(wr http2FrameWriteRequest) { 9818 var n *http2priorityNode 9819 if id := wr.StreamID(); id == 0 { 9820 n = &ws.root 9821 } else { 9822 n = ws.nodes[id] 9823 if n == nil { 9824 // id is an idle or closed stream. wr should not be a HEADERS or 9825 // DATA frame. However, wr can be a RST_STREAM. In this case, we 9826 // push wr onto the root, rather than creating a new priorityNode, 9827 // since RST_STREAM is tiny and the stream's priority is unknown 9828 // anyway. See issue #17919. 9829 if wr.DataSize() > 0 { 9830 panic("add DATA on non-open stream") 9831 } 9832 n = &ws.root 9833 } 9834 } 9835 n.q.push(wr) 9836 } 9837 9838 func (ws *http2priorityWriteScheduler) Pop() (wr http2FrameWriteRequest, ok bool) { 9839 ws.root.walkReadyInOrder(false, &ws.tmp, func(n *http2priorityNode, openParent bool) bool { 9840 limit := int32(math.MaxInt32) 9841 if openParent { 9842 limit = ws.writeThrottleLimit 9843 } 9844 wr, ok = n.q.consume(limit) 9845 if !ok { 9846 return false 9847 } 9848 n.addBytes(int64(wr.DataSize())) 9849 // If B depends on A and B continuously has data available but A 9850 // does not, gradually increase the throttling limit to allow B to 9851 // steal more and more bandwidth from A. 9852 if openParent { 9853 ws.writeThrottleLimit += 1024 9854 if ws.writeThrottleLimit < 0 { 9855 ws.writeThrottleLimit = math.MaxInt32 9856 } 9857 } else if ws.enableWriteThrottle { 9858 ws.writeThrottleLimit = 1024 9859 } 9860 return true 9861 }) 9862 return wr, ok 9863 } 9864 9865 func (ws *http2priorityWriteScheduler) addClosedOrIdleNode(list *[]*http2priorityNode, maxSize int, n *http2priorityNode) { 9866 if maxSize == 0 { 9867 return 9868 } 9869 if len(*list) == maxSize { 9870 // Remove the oldest node, then shift left. 9871 ws.removeNode((*list)[0]) 9872 x := (*list)[1:] 9873 copy(*list, x) 9874 *list = (*list)[:len(x)] 9875 } 9876 *list = append(*list, n) 9877 } 9878 9879 func (ws *http2priorityWriteScheduler) removeNode(n *http2priorityNode) { 9880 for k := n.kids; k != nil; k = k.next { 9881 k.setParent(n.parent) 9882 } 9883 n.setParent(nil) 9884 delete(ws.nodes, n.id) 9885 } 9886 9887 // NewRandomWriteScheduler constructs a WriteScheduler that ignores HTTP/2 9888 // priorities. Control frames like SETTINGS and PING are written before DATA 9889 // frames, but if no control frames are queued and multiple streams have queued 9890 // HEADERS or DATA frames, Pop selects a ready stream arbitrarily. 9891 func http2NewRandomWriteScheduler() http2WriteScheduler { 9892 return &http2randomWriteScheduler{sq: make(map[uint32]*http2writeQueue)} 9893 } 9894 9895 type http2randomWriteScheduler struct { 9896 // zero are frames not associated with a specific stream. 9897 zero http2writeQueue 9898 9899 // sq contains the stream-specific queues, keyed by stream ID. 9900 // When a stream is idle or closed, it's deleted from the map. 9901 sq map[uint32]*http2writeQueue 9902 9903 // pool of empty queues for reuse. 9904 queuePool http2writeQueuePool 9905 } 9906 9907 func (ws *http2randomWriteScheduler) OpenStream(streamID uint32, options http2OpenStreamOptions) { 9908 // no-op: idle streams are not tracked 9909 } 9910 9911 func (ws *http2randomWriteScheduler) CloseStream(streamID uint32) { 9912 q, ok := ws.sq[streamID] 9913 if !ok { 9914 return 9915 } 9916 delete(ws.sq, streamID) 9917 ws.queuePool.put(q) 9918 } 9919 9920 func (ws *http2randomWriteScheduler) AdjustStream(streamID uint32, priority http2PriorityParam) { 9921 // no-op: priorities are ignored 9922 } 9923 9924 func (ws *http2randomWriteScheduler) Push(wr http2FrameWriteRequest) { 9925 id := wr.StreamID() 9926 if id == 0 { 9927 ws.zero.push(wr) 9928 return 9929 } 9930 q, ok := ws.sq[id] 9931 if !ok { 9932 q = ws.queuePool.get() 9933 ws.sq[id] = q 9934 } 9935 q.push(wr) 9936 } 9937 9938 func (ws *http2randomWriteScheduler) Pop() (http2FrameWriteRequest, bool) { 9939 // Control frames first. 9940 if !ws.zero.empty() { 9941 return ws.zero.shift(), true 9942 } 9943 // Iterate over all non-idle streams until finding one that can be consumed. 9944 for _, q := range ws.sq { 9945 if wr, ok := q.consume(math.MaxInt32); ok { 9946 return wr, true 9947 } 9948 } 9949 return http2FrameWriteRequest{}, false 9950 } 9951
