1
// Copyright 2014 The Go Authors. All rights reserved.
2
// Use of this source code is governed by a BSD-style
3
// license that can be found in the LICENSE file.
5
// TODO: turn off the serve goroutine when idle, so
6
// an idle conn only has the readFrames goroutine active. (which could
7
// also be optimized probably to pin less memory in crypto/tls). This
8
// would involve tracking when the serve goroutine is active (atomic
9
// int32 read/CAS probably?) and starting it up when frames arrive,
10
// and shutting it down when all handlers exit. the occasional PING
11
// packets could use time.AfterFunc to call sc.wakeStartServeLoop()
12
// (which is a no-op if already running) and then queue the PING write
13
// as normal. The serve loop would then exit in most cases (if no
14
// Handlers running) and not be woken up again until the PING packet
17
// TODO (maybe): add a mechanism for Handlers to going into
18
// half-closed-local mode (rw.(io.Closer) test?) but not exit their
19
// handler, and continue to be able to read from the
20
// Request.Body. This would be a somewhat semantic change from HTTP/1
21
// (or at least what we expose in net/http), so I'd probably want to
22
// add it there too. For now, this package says that returning from
23
// the Handler ServeHTTP function means you're both done reading and
24
// done writing, without a way to stop just one or the other.
50
"golang.org/x/net/http/httpguts"
51
"golang.org/x/net/http2/hpack"
55
prefaceTimeout = 10 * time.Second
56
firstSettingsTimeout = 2 * time.Second // should be in-flight with preface anyway
57
handlerChunkWriteSize = 4 << 10
58
defaultMaxStreams = 250 // TODO: make this 100 as the GFE seems to?
59
maxQueuedControlFrames = 10000
63
errClientDisconnected = errors.New("client disconnected")
64
errClosedBody = errors.New("body closed by handler")
65
errHandlerComplete = errors.New("http2: request body closed due to handler exiting")
66
errStreamClosed = errors.New("http2: stream closed")
69
var responseWriterStatePool = sync.Pool{
70
New: func() interface{} {
71
rws := &responseWriterState{}
72
rws.bw = bufio.NewWriterSize(chunkWriter{rws}, handlerChunkWriteSize)
80
testHookGetServerConn func(*serverConn)
81
testHookOnPanicMu *sync.Mutex // nil except in tests
82
testHookOnPanic func(sc *serverConn, panicVal interface{}) (rePanic bool)
85
// Server is an HTTP/2 server.
87
// MaxHandlers limits the number of http.Handler ServeHTTP goroutines
88
// which may run at a time over all connections.
89
// Negative or zero no limit.
93
// MaxConcurrentStreams optionally specifies the number of
94
// concurrent streams that each client may have open at a
95
// time. This is unrelated to the number of http.Handler goroutines
96
// which may be active globally, which is MaxHandlers.
97
// If zero, MaxConcurrentStreams defaults to at least 100, per
98
// the HTTP/2 spec's recommendations.
99
MaxConcurrentStreams uint32
101
// MaxDecoderHeaderTableSize optionally specifies the http2
102
// SETTINGS_HEADER_TABLE_SIZE to send in the initial settings frame. It
103
// informs the remote endpoint of the maximum size of the header compression
104
// table used to decode header blocks, in octets. If zero, the default value
106
MaxDecoderHeaderTableSize uint32
108
// MaxEncoderHeaderTableSize optionally specifies an upper limit for the
109
// header compression table used for encoding request headers. Received
110
// SETTINGS_HEADER_TABLE_SIZE settings are capped at this limit. If zero,
111
// the default value of 4096 is used.
112
MaxEncoderHeaderTableSize uint32
114
// MaxReadFrameSize optionally specifies the largest frame
115
// this server is willing to read. A valid value is between
116
// 16k and 16M, inclusive. If zero or otherwise invalid, a
117
// default value is used.
118
MaxReadFrameSize uint32
120
// PermitProhibitedCipherSuites, if true, permits the use of
121
// cipher suites prohibited by the HTTP/2 spec.
122
PermitProhibitedCipherSuites bool
124
// IdleTimeout specifies how long until idle clients should be
125
// closed with a GOAWAY frame. PING frames are not considered
126
// activity for the purposes of IdleTimeout.
127
// If zero or negative, there is no timeout.
128
IdleTimeout time.Duration
130
// MaxUploadBufferPerConnection is the size of the initial flow
131
// control window for each connections. The HTTP/2 spec does not
132
// allow this to be smaller than 65535 or larger than 2^32-1.
133
// If the value is outside this range, a default value will be
135
MaxUploadBufferPerConnection int32
137
// MaxUploadBufferPerStream is the size of the initial flow control
138
// window for each stream. The HTTP/2 spec does not allow this to
139
// be larger than 2^32-1. If the value is zero or larger than the
140
// maximum, a default value will be used instead.
141
MaxUploadBufferPerStream int32
143
// NewWriteScheduler constructs a write scheduler for a connection.
144
// If nil, a default scheduler is chosen.
145
NewWriteScheduler func() WriteScheduler
147
// CountError, if non-nil, is called on HTTP/2 server errors.
148
// It's intended to increment a metric for monitoring, such
149
// as an expvar or Prometheus metric.
150
// The errType consists of only ASCII word characters.
151
CountError func(errType string)
153
// Internal state. This is a pointer (rather than embedded directly)
154
// so that we don't embed a Mutex in this struct, which will make the
155
// struct non-copyable, which might break some callers.
156
state *serverInternalState
159
func (s *Server) initialConnRecvWindowSize() int32 {
160
if s.MaxUploadBufferPerConnection >= initialWindowSize {
161
return s.MaxUploadBufferPerConnection
166
func (s *Server) initialStreamRecvWindowSize() int32 {
167
if s.MaxUploadBufferPerStream > 0 {
168
return s.MaxUploadBufferPerStream
173
func (s *Server) maxReadFrameSize() uint32 {
174
if v := s.MaxReadFrameSize; v >= minMaxFrameSize && v <= maxFrameSize {
177
return defaultMaxReadFrameSize
180
func (s *Server) maxConcurrentStreams() uint32 {
181
if v := s.MaxConcurrentStreams; v > 0 {
184
return defaultMaxStreams
187
func (s *Server) maxDecoderHeaderTableSize() uint32 {
188
if v := s.MaxDecoderHeaderTableSize; v > 0 {
191
return initialHeaderTableSize
194
func (s *Server) maxEncoderHeaderTableSize() uint32 {
195
if v := s.MaxEncoderHeaderTableSize; v > 0 {
198
return initialHeaderTableSize
201
// maxQueuedControlFrames is the maximum number of control frames like
202
// SETTINGS, PING and RST_STREAM that will be queued for writing before
203
// the connection is closed to prevent memory exhaustion attacks.
204
func (s *Server) maxQueuedControlFrames() int {
205
// TODO: if anybody asks, add a Server field, and remember to define the
206
// behavior of negative values.
207
return maxQueuedControlFrames
210
type serverInternalState struct {
212
activeConns map[*serverConn]struct{}
215
func (s *serverInternalState) registerConn(sc *serverConn) {
217
return // if the Server was used without calling ConfigureServer
220
s.activeConns[sc] = struct{}{}
224
func (s *serverInternalState) unregisterConn(sc *serverConn) {
226
return // if the Server was used without calling ConfigureServer
229
delete(s.activeConns, sc)
233
func (s *serverInternalState) startGracefulShutdown() {
235
return // if the Server was used without calling ConfigureServer
238
for sc := range s.activeConns {
239
sc.startGracefulShutdown()
244
// ConfigureServer adds HTTP/2 support to a net/http Server.
246
// The configuration conf may be nil.
248
// ConfigureServer must be called before s begins serving.
249
func ConfigureServer(s *http.Server, conf *Server) error {
251
panic("nil *http.Server")
256
conf.state = &serverInternalState{activeConns: make(map[*serverConn]struct{})}
257
if h1, h2 := s, conf; h2.IdleTimeout == 0 {
258
if h1.IdleTimeout != 0 {
259
h2.IdleTimeout = h1.IdleTimeout
261
h2.IdleTimeout = h1.ReadTimeout
264
s.RegisterOnShutdown(conf.state.startGracefulShutdown)
266
if s.TLSConfig == nil {
267
s.TLSConfig = new(tls.Config)
268
} else if s.TLSConfig.CipherSuites != nil && s.TLSConfig.MinVersion < tls.VersionTLS13 {
269
// If they already provided a TLS 1.0–1.2 CipherSuite list, return an
270
// error if it is missing ECDHE_RSA_WITH_AES_128_GCM_SHA256 or
271
// ECDHE_ECDSA_WITH_AES_128_GCM_SHA256.
272
haveRequired := false
273
for _, cs := range s.TLSConfig.CipherSuites {
275
case tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
276
// Alternative MTI cipher to not discourage ECDSA-only servers.
277
// See http://golang.org/cl/30721 for further information.
278
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
283
return fmt.Errorf("http2: TLSConfig.CipherSuites is missing an HTTP/2-required AES_128_GCM_SHA256 cipher (need at least one of TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 or TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)")
287
// Note: not setting MinVersion to tls.VersionTLS12,
288
// as we don't want to interfere with HTTP/1.1 traffic
289
// on the user's server. We enforce TLS 1.2 later once
290
// we accept a connection. Ideally this should be done
291
// during next-proto selection, but using TLS <1.2 with
292
// HTTP/2 is still the client's bug.
294
s.TLSConfig.PreferServerCipherSuites = true
296
if !strSliceContains(s.TLSConfig.NextProtos, NextProtoTLS) {
297
s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, NextProtoTLS)
299
if !strSliceContains(s.TLSConfig.NextProtos, "http/1.1") {
300
s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, "http/1.1")
303
if s.TLSNextProto == nil {
304
s.TLSNextProto = map[string]func(*http.Server, *tls.Conn, http.Handler){}
306
protoHandler := func(hs *http.Server, c *tls.Conn, h http.Handler) {
307
if testHookOnConn != nil {
310
// The TLSNextProto interface predates contexts, so
311
// the net/http package passes down its per-connection
312
// base context via an exported but unadvertised
313
// method on the Handler. This is for internal
314
// net/http<=>http2 use only.
315
var ctx context.Context
316
type baseContexter interface {
317
BaseContext() context.Context
319
if bc, ok := h.(baseContexter); ok {
320
ctx = bc.BaseContext()
322
conf.ServeConn(c, &ServeConnOpts{
328
s.TLSNextProto[NextProtoTLS] = protoHandler
332
// ServeConnOpts are options for the Server.ServeConn method.
333
type ServeConnOpts struct {
334
// Context is the base context to use.
335
// If nil, context.Background is used.
336
Context context.Context
338
// BaseConfig optionally sets the base configuration
339
// for values. If nil, defaults are used.
340
BaseConfig *http.Server
342
// Handler specifies which handler to use for processing
343
// requests. If nil, BaseConfig.Handler is used. If BaseConfig
344
// or BaseConfig.Handler is nil, http.DefaultServeMux is used.
347
// UpgradeRequest is an initial request received on a connection
348
// undergoing an h2c upgrade. The request body must have been
349
// completely read from the connection before calling ServeConn,
350
// and the 101 Switching Protocols response written.
351
UpgradeRequest *http.Request
353
// Settings is the decoded contents of the HTTP2-Settings header
354
// in an h2c upgrade request.
357
// SawClientPreface is set if the HTTP/2 connection preface
358
// has already been read from the connection.
359
SawClientPreface bool
362
func (o *ServeConnOpts) context() context.Context {
363
if o != nil && o.Context != nil {
366
return context.Background()
369
func (o *ServeConnOpts) baseConfig() *http.Server {
370
if o != nil && o.BaseConfig != nil {
373
return new(http.Server)
376
func (o *ServeConnOpts) handler() http.Handler {
378
if o.Handler != nil {
381
if o.BaseConfig != nil && o.BaseConfig.Handler != nil {
382
return o.BaseConfig.Handler
385
return http.DefaultServeMux
388
// ServeConn serves HTTP/2 requests on the provided connection and
389
// blocks until the connection is no longer readable.
391
// ServeConn starts speaking HTTP/2 assuming that c has not had any
392
// reads or writes. It writes its initial settings frame and expects
393
// to be able to read the preface and settings frame from the
394
// client. If c has a ConnectionState method like a *tls.Conn, the
395
// ConnectionState is used to verify the TLS ciphersuite and to set
396
// the Request.TLS field in Handlers.
398
// ServeConn does not support h2c by itself. Any h2c support must be
399
// implemented in terms of providing a suitably-behaving net.Conn.
401
// The opts parameter is optional. If nil, default values are used.
402
func (s *Server) ServeConn(c net.Conn, opts *ServeConnOpts) {
403
baseCtx, cancel := serverConnBaseContext(c, opts)
408
hs: opts.baseConfig(),
411
remoteAddrStr: c.RemoteAddr().String(),
412
bw: newBufferedWriter(c),
413
handler: opts.handler(),
414
streams: make(map[uint32]*stream),
415
readFrameCh: make(chan readFrameResult),
416
wantWriteFrameCh: make(chan FrameWriteRequest, 8),
417
serveMsgCh: make(chan interface{}, 8),
418
wroteFrameCh: make(chan frameWriteResult, 1), // buffered; one send in writeFrameAsync
419
bodyReadCh: make(chan bodyReadMsg), // buffering doesn't matter either way
420
doneServing: make(chan struct{}),
421
clientMaxStreams: math.MaxUint32, // Section 6.5.2: "Initially, there is no limit to this value"
422
advMaxStreams: s.maxConcurrentStreams(),
423
initialStreamSendWindowSize: initialWindowSize,
424
maxFrameSize: initialMaxFrameSize,
425
serveG: newGoroutineLock(),
427
sawClientPreface: opts.SawClientPreface,
430
s.state.registerConn(sc)
431
defer s.state.unregisterConn(sc)
433
// The net/http package sets the write deadline from the
434
// http.Server.WriteTimeout during the TLS handshake, but then
435
// passes the connection off to us with the deadline already set.
436
// Write deadlines are set per stream in serverConn.newStream.
437
// Disarm the net.Conn write deadline here.
438
if sc.hs.WriteTimeout > 0 {
439
sc.conn.SetWriteDeadline(time.Time{})
442
if s.NewWriteScheduler != nil {
443
sc.writeSched = s.NewWriteScheduler()
445
sc.writeSched = newRoundRobinWriteScheduler()
448
// These start at the RFC-specified defaults. If there is a higher
449
// configured value for inflow, that will be updated when we send a
450
// WINDOW_UPDATE shortly after sending SETTINGS.
451
sc.flow.add(initialWindowSize)
452
sc.inflow.init(initialWindowSize)
453
sc.hpackEncoder = hpack.NewEncoder(&sc.headerWriteBuf)
454
sc.hpackEncoder.SetMaxDynamicTableSizeLimit(s.maxEncoderHeaderTableSize())
456
fr := NewFramer(sc.bw, c)
457
if s.CountError != nil {
458
fr.countError = s.CountError
460
fr.ReadMetaHeaders = hpack.NewDecoder(s.maxDecoderHeaderTableSize(), nil)
461
fr.MaxHeaderListSize = sc.maxHeaderListSize()
462
fr.SetMaxReadFrameSize(s.maxReadFrameSize())
465
if tc, ok := c.(connectionStater); ok {
466
sc.tlsState = new(tls.ConnectionState)
467
*sc.tlsState = tc.ConnectionState()
468
// 9.2 Use of TLS Features
469
// An implementation of HTTP/2 over TLS MUST use TLS
470
// 1.2 or higher with the restrictions on feature set
471
// and cipher suite described in this section. Due to
472
// implementation limitations, it might not be
473
// possible to fail TLS negotiation. An endpoint MUST
474
// immediately terminate an HTTP/2 connection that
475
// does not meet the TLS requirements described in
476
// this section with a connection error (Section
477
// 5.4.1) of type INADEQUATE_SECURITY.
478
if sc.tlsState.Version < tls.VersionTLS12 {
479
sc.rejectConn(ErrCodeInadequateSecurity, "TLS version too low")
483
if sc.tlsState.ServerName == "" {
484
// Client must use SNI, but we don't enforce that anymore,
485
// since it was causing problems when connecting to bare IP
486
// addresses during development.
488
// TODO: optionally enforce? Or enforce at the time we receive
489
// a new request, and verify the ServerName matches the :authority?
490
// But that precludes proxy situations, perhaps.
492
// So for now, do nothing here again.
495
if !s.PermitProhibitedCipherSuites && isBadCipher(sc.tlsState.CipherSuite) {
496
// "Endpoints MAY choose to generate a connection error
497
// (Section 5.4.1) of type INADEQUATE_SECURITY if one of
498
// the prohibited cipher suites are negotiated."
500
// We choose that. In my opinion, the spec is weak
501
// here. It also says both parties must support at least
502
// TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 so there's no
503
// excuses here. If we really must, we could allow an
504
// "AllowInsecureWeakCiphers" option on the server later.
505
// Let's see how it plays out first.
506
sc.rejectConn(ErrCodeInadequateSecurity, fmt.Sprintf("Prohibited TLS 1.2 Cipher Suite: %x", sc.tlsState.CipherSuite))
511
if opts.Settings != nil {
512
fr := &SettingsFrame{
513
FrameHeader: FrameHeader{valid: true},
516
if err := fr.ForeachSetting(sc.processSetting); err != nil {
517
sc.rejectConn(ErrCodeProtocol, "invalid settings")
523
if hook := testHookGetServerConn; hook != nil {
527
if opts.UpgradeRequest != nil {
528
sc.upgradeRequest(opts.UpgradeRequest)
529
opts.UpgradeRequest = nil
535
func serverConnBaseContext(c net.Conn, opts *ServeConnOpts) (ctx context.Context, cancel func()) {
536
ctx, cancel = context.WithCancel(opts.context())
537
ctx = context.WithValue(ctx, http.LocalAddrContextKey, c.LocalAddr())
538
if hs := opts.baseConfig(); hs != nil {
539
ctx = context.WithValue(ctx, http.ServerContextKey, hs)
544
func (sc *serverConn) rejectConn(err ErrCode, debug string) {
545
sc.vlogf("http2: server rejecting conn: %v, %s", err, debug)
546
// ignoring errors. hanging up anyway.
547
sc.framer.WriteGoAway(0, err, []byte(debug))
552
type serverConn struct {
557
bw *bufferedWriter // writing to conn
559
baseCtx context.Context
561
doneServing chan struct{} // closed when serverConn.serve ends
562
readFrameCh chan readFrameResult // written by serverConn.readFrames
563
wantWriteFrameCh chan FrameWriteRequest // from handlers -> serve
564
wroteFrameCh chan frameWriteResult // from writeFrameAsync -> serve, tickles more frame writes
565
bodyReadCh chan bodyReadMsg // from handlers -> serve
566
serveMsgCh chan interface{} // misc messages & code to send to / run on the serve loop
567
flow outflow // conn-wide (not stream-specific) outbound flow control
568
inflow inflow // conn-wide inbound flow control
569
tlsState *tls.ConnectionState // shared by all handlers, like net/http
571
writeSched WriteScheduler
573
// Everything following is owned by the serve loop; use serveG.check():
574
serveG goroutineLock // used to verify funcs are on serve()
576
sawClientPreface bool // preface has already been read, used in h2c upgrade
577
sawFirstSettings bool // got the initial SETTINGS frame after the preface
578
needToSendSettingsAck bool
579
unackedSettings int // how many SETTINGS have we sent without ACKs?
580
queuedControlFrames int // control frames in the writeSched queue
581
clientMaxStreams uint32 // SETTINGS_MAX_CONCURRENT_STREAMS from client (our PUSH_PROMISE limit)
582
advMaxStreams uint32 // our SETTINGS_MAX_CONCURRENT_STREAMS advertised the client
583
curClientStreams uint32 // number of open streams initiated by the client
584
curPushedStreams uint32 // number of open streams initiated by server push
585
curHandlers uint32 // number of running handler goroutines
586
maxClientStreamID uint32 // max ever seen from client (odd), or 0 if there have been no client requests
587
maxPushPromiseID uint32 // ID of the last push promise (even), or 0 if there have been no pushes
588
streams map[uint32]*stream
589
unstartedHandlers []unstartedHandler
590
initialStreamSendWindowSize int32
592
peerMaxHeaderListSize uint32 // zero means unknown (default)
593
canonHeader map[string]string // http2-lower-case -> Go-Canonical-Case
594
canonHeaderKeysSize int // canonHeader keys size in bytes
595
writingFrame bool // started writing a frame (on serve goroutine or separate)
596
writingFrameAsync bool // started a frame on its own goroutine but haven't heard back on wroteFrameCh
597
needsFrameFlush bool // last frame write wasn't a flush
598
inGoAway bool // we've started to or sent GOAWAY
599
inFrameScheduleLoop bool // whether we're in the scheduleFrameWrite loop
600
needToSendGoAway bool // we need to schedule a GOAWAY frame write
602
shutdownTimer *time.Timer // nil until used
603
idleTimer *time.Timer // nil if unused
605
// Owned by the writeFrameAsync goroutine:
606
headerWriteBuf bytes.Buffer
607
hpackEncoder *hpack.Encoder
609
// Used by startGracefulShutdown.
610
shutdownOnce sync.Once
613
func (sc *serverConn) maxHeaderListSize() uint32 {
614
n := sc.hs.MaxHeaderBytes
616
n = http.DefaultMaxHeaderBytes
618
// http2's count is in a slightly different unit and includes 32 bytes per pair.
619
// So, take the net/http.Server value and pad it up a bit, assuming 10 headers.
620
const perFieldOverhead = 32 // per http2 spec
621
const typicalHeaders = 10 // conservative
622
return uint32(n + typicalHeaders*perFieldOverhead)
625
func (sc *serverConn) curOpenStreams() uint32 {
627
return sc.curClientStreams + sc.curPushedStreams
630
// stream represents a stream. This is the minimal metadata needed by
631
// the serve goroutine. Most of the actual stream state is owned by
632
// the http.Handler's goroutine in the responseWriter. Because the
633
// responseWriter's responseWriterState is recycled at the end of a
634
// handler, this struct intentionally has no pointer to the
635
// *responseWriter{,State} itself, as the Handler ending nils out the
636
// responseWriter's state field.
641
body *pipe // non-nil if expecting DATA frames
642
cw closeWaiter // closed wait stream transitions to closed state
646
// owned by serverConn's serve loop:
647
bodyBytes int64 // body bytes seen so far
648
declBodyBytes int64 // or -1 if undeclared
649
flow outflow // limits writing from Handler to client
650
inflow inflow // what the client is allowed to POST/etc to us
652
resetQueued bool // RST_STREAM queued for write; set by sc.resetStream
653
gotTrailerHeader bool // HEADER frame for trailers was seen
654
wroteHeaders bool // whether we wrote headers (not status 100)
655
readDeadline *time.Timer // nil if unused
656
writeDeadline *time.Timer // nil if unused
657
closeErr error // set before cw is closed
659
trailer http.Header // accumulated trailers
660
reqTrailer http.Header // handler's Request.Trailer
663
func (sc *serverConn) Framer() *Framer { return sc.framer }
664
func (sc *serverConn) CloseConn() error { return sc.conn.Close() }
665
func (sc *serverConn) Flush() error { return sc.bw.Flush() }
666
func (sc *serverConn) HeaderEncoder() (*hpack.Encoder, *bytes.Buffer) {
667
return sc.hpackEncoder, &sc.headerWriteBuf
670
func (sc *serverConn) state(streamID uint32) (streamState, *stream) {
672
// http://tools.ietf.org/html/rfc7540#section-5.1
673
if st, ok := sc.streams[streamID]; ok {
676
// "The first use of a new stream identifier implicitly closes all
677
// streams in the "idle" state that might have been initiated by
678
// that peer with a lower-valued stream identifier. For example, if
679
// a client sends a HEADERS frame on stream 7 without ever sending a
680
// frame on stream 5, then stream 5 transitions to the "closed"
681
// state when the first frame for stream 7 is sent or received."
683
if streamID <= sc.maxClientStreamID {
684
return stateClosed, nil
687
if streamID <= sc.maxPushPromiseID {
688
return stateClosed, nil
691
return stateIdle, nil
694
// setConnState calls the net/http ConnState hook for this connection, if configured.
695
// Note that the net/http package does StateNew and StateClosed for us.
696
// There is currently no plan for StateHijacked or hijacking HTTP/2 connections.
697
func (sc *serverConn) setConnState(state http.ConnState) {
698
if sc.hs.ConnState != nil {
699
sc.hs.ConnState(sc.conn, state)
703
func (sc *serverConn) vlogf(format string, args ...interface{}) {
705
sc.logf(format, args...)
709
func (sc *serverConn) logf(format string, args ...interface{}) {
710
if lg := sc.hs.ErrorLog; lg != nil {
711
lg.Printf(format, args...)
713
log.Printf(format, args...)
717
// errno returns v's underlying uintptr, else 0.
719
// TODO: remove this helper function once http2 can use build
720
// tags. See comment in isClosedConnError.
721
func errno(v error) uintptr {
722
if rv := reflect.ValueOf(v); rv.Kind() == reflect.Uintptr {
723
return uintptr(rv.Uint())
728
// isClosedConnError reports whether err is an error from use of a closed
729
// network connection.
730
func isClosedConnError(err error) bool {
735
// TODO: remove this string search and be more like the Windows
736
// case below. That might involve modifying the standard library
737
// to return better error types.
739
if strings.Contains(str, "use of closed network connection") {
743
// TODO(bradfitz): x/tools/cmd/bundle doesn't really support
744
// build tags, so I can't make an http2_windows.go file with
745
// Windows-specific stuff. Fix that and move this, once we
746
// have a way to bundle this into std's net/http somehow.
747
if runtime.GOOS == "windows" {
748
if oe, ok := err.(*net.OpError); ok && oe.Op == "read" {
749
if se, ok := oe.Err.(*os.SyscallError); ok && se.Syscall == "wsarecv" {
750
const WSAECONNABORTED = 10053
751
const WSAECONNRESET = 10054
752
if n := errno(se.Err); n == WSAECONNRESET || n == WSAECONNABORTED {
761
func (sc *serverConn) condlogf(err error, format string, args ...interface{}) {
765
if err == io.EOF || err == io.ErrUnexpectedEOF || isClosedConnError(err) || err == errPrefaceTimeout {
766
// Boring, expected errors.
767
sc.vlogf(format, args...)
769
sc.logf(format, args...)
773
// maxCachedCanonicalHeadersKeysSize is an arbitrarily-chosen limit on the size
774
// of the entries in the canonHeader cache.
775
// This should be larger than the size of unique, uncommon header keys likely to
776
// be sent by the peer, while not so high as to permit unreasonable memory usage
777
// if the peer sends an unbounded number of unique header keys.
778
const maxCachedCanonicalHeadersKeysSize = 2048
780
func (sc *serverConn) canonicalHeader(v string) string {
782
buildCommonHeaderMapsOnce()
783
cv, ok := commonCanonHeader[v]
787
cv, ok = sc.canonHeader[v]
791
if sc.canonHeader == nil {
792
sc.canonHeader = make(map[string]string)
794
cv = http.CanonicalHeaderKey(v)
795
size := 100 + len(v)*2 // 100 bytes of map overhead + key + value
796
if sc.canonHeaderKeysSize+size <= maxCachedCanonicalHeadersKeysSize {
797
sc.canonHeader[v] = cv
798
sc.canonHeaderKeysSize += size
803
type readFrameResult struct {
804
f Frame // valid until readMore is called
807
// readMore should be called once the consumer no longer needs or
808
// retains f. After readMore, f is invalid and more frames can be
813
// readFrames is the loop that reads incoming frames.
814
// It takes care to only read one frame at a time, blocking until the
815
// consumer is done with the frame.
816
// It's run on its own goroutine.
817
func (sc *serverConn) readFrames() {
819
gateDone := gate.Done
821
f, err := sc.framer.ReadFrame()
823
case sc.readFrameCh <- readFrameResult{f, err, gateDone}:
824
case <-sc.doneServing:
829
case <-sc.doneServing:
832
if terminalReadFrameError(err) {
838
// frameWriteResult is the message passed from writeFrameAsync to the serve goroutine.
839
type frameWriteResult struct {
841
wr FrameWriteRequest // what was written (or attempted)
842
err error // result of the writeFrame call
845
// writeFrameAsync runs in its own goroutine and writes a single frame
846
// and then reports when it's done.
847
// At most one goroutine can be running writeFrameAsync at a time per
849
func (sc *serverConn) writeFrameAsync(wr FrameWriteRequest, wd *writeData) {
852
err = wr.write.writeFrame(sc)
854
err = sc.framer.endWrite()
856
sc.wroteFrameCh <- frameWriteResult{wr: wr, err: err}
859
func (sc *serverConn) closeAllStreamsOnConnClose() {
861
for _, st := range sc.streams {
862
sc.closeStream(st, errClientDisconnected)
866
func (sc *serverConn) stopShutdownTimer() {
868
if t := sc.shutdownTimer; t != nil {
873
func (sc *serverConn) notePanic() {
874
// Note: this is for serverConn.serve panicking, not http.Handler code.
875
if testHookOnPanicMu != nil {
876
testHookOnPanicMu.Lock()
877
defer testHookOnPanicMu.Unlock()
879
if testHookOnPanic != nil {
880
if e := recover(); e != nil {
881
if testHookOnPanic(sc, e) {
888
func (sc *serverConn) serve() {
891
defer sc.conn.Close()
892
defer sc.closeAllStreamsOnConnClose()
893
defer sc.stopShutdownTimer()
894
defer close(sc.doneServing) // unblocks handlers trying to send
897
sc.vlogf("http2: server connection from %v on %p", sc.conn.RemoteAddr(), sc.hs)
900
sc.writeFrame(FrameWriteRequest{
901
write: writeSettings{
902
{SettingMaxFrameSize, sc.srv.maxReadFrameSize()},
903
{SettingMaxConcurrentStreams, sc.advMaxStreams},
904
{SettingMaxHeaderListSize, sc.maxHeaderListSize()},
905
{SettingHeaderTableSize, sc.srv.maxDecoderHeaderTableSize()},
906
{SettingInitialWindowSize, uint32(sc.srv.initialStreamRecvWindowSize())},
911
// Each connection starts with initialWindowSize inflow tokens.
912
// If a higher value is configured, we add more tokens.
913
if diff := sc.srv.initialConnRecvWindowSize() - initialWindowSize; diff > 0 {
914
sc.sendWindowUpdate(nil, int(diff))
917
if err := sc.readPreface(); err != nil {
918
sc.condlogf(err, "http2: server: error reading preface from client %v: %v", sc.conn.RemoteAddr(), err)
921
// Now that we've got the preface, get us out of the
922
// "StateNew" state. We can't go directly to idle, though.
923
// Active means we read some data and anticipate a request. We'll
924
// do another Active when we get a HEADERS frame.
925
sc.setConnState(http.StateActive)
926
sc.setConnState(http.StateIdle)
928
if sc.srv.IdleTimeout > 0 {
929
sc.idleTimer = time.AfterFunc(sc.srv.IdleTimeout, sc.onIdleTimer)
930
defer sc.idleTimer.Stop()
933
go sc.readFrames() // closed by defer sc.conn.Close above
935
settingsTimer := time.AfterFunc(firstSettingsTimeout, sc.onSettingsTimer)
936
defer settingsTimer.Stop()
942
case wr := <-sc.wantWriteFrameCh:
943
if se, ok := wr.write.(StreamError); ok {
948
case res := <-sc.wroteFrameCh:
950
case res := <-sc.readFrameCh:
951
// Process any written frames before reading new frames from the client since a
952
// written frame could have triggered a new stream to be started.
953
if sc.writingFrameAsync {
955
case wroteRes := <-sc.wroteFrameCh:
956
sc.wroteFrame(wroteRes)
960
if !sc.processFrameFromReader(res) {
964
if settingsTimer != nil {
968
case m := <-sc.bodyReadCh:
969
sc.noteBodyRead(m.st, m.n)
970
case msg := <-sc.serveMsgCh:
971
switch v := msg.(type) {
973
v(loopNum) // for testing
976
case settingsTimerMsg:
977
sc.logf("timeout waiting for SETTINGS frames from %v", sc.conn.RemoteAddr())
980
sc.vlogf("connection is idle")
982
case shutdownTimerMsg:
983
sc.vlogf("GOAWAY close timer fired; closing conn from %v", sc.conn.RemoteAddr())
985
case gracefulShutdownMsg:
986
sc.startGracefulShutdownInternal()
990
panic("unknown timer")
992
case *startPushRequest:
994
case func(*serverConn):
997
panic(fmt.Sprintf("unexpected type %T", v))
1001
// If the peer is causing us to generate a lot of control frames,
1002
// but not reading them from us, assume they are trying to make us
1003
// run out of memory.
1004
if sc.queuedControlFrames > sc.srv.maxQueuedControlFrames() {
1005
sc.vlogf("http2: too many control frames in send queue, closing connection")
1009
// Start the shutdown timer after sending a GOAWAY. When sending GOAWAY
1010
// with no error code (graceful shutdown), don't start the timer until
1011
// all open streams have been completed.
1012
sentGoAway := sc.inGoAway && !sc.needToSendGoAway && !sc.writingFrame
1013
gracefulShutdownComplete := sc.goAwayCode == ErrCodeNo && sc.curOpenStreams() == 0
1014
if sentGoAway && sc.shutdownTimer == nil && (sc.goAwayCode != ErrCodeNo || gracefulShutdownComplete) {
1015
sc.shutDownIn(goAwayTimeout)
1020
type serverMessage int
1022
// Message values sent to serveMsgCh.
1024
settingsTimerMsg = new(serverMessage)
1025
idleTimerMsg = new(serverMessage)
1026
shutdownTimerMsg = new(serverMessage)
1027
gracefulShutdownMsg = new(serverMessage)
1028
handlerDoneMsg = new(serverMessage)
1031
func (sc *serverConn) onSettingsTimer() { sc.sendServeMsg(settingsTimerMsg) }
1032
func (sc *serverConn) onIdleTimer() { sc.sendServeMsg(idleTimerMsg) }
1033
func (sc *serverConn) onShutdownTimer() { sc.sendServeMsg(shutdownTimerMsg) }
1035
func (sc *serverConn) sendServeMsg(msg interface{}) {
1036
sc.serveG.checkNotOn() // NOT
1038
case sc.serveMsgCh <- msg:
1039
case <-sc.doneServing:
1043
var errPrefaceTimeout = errors.New("timeout waiting for client preface")
1045
// readPreface reads the ClientPreface greeting from the peer or
1046
// returns errPrefaceTimeout on timeout, or an error if the greeting
1048
func (sc *serverConn) readPreface() error {
1049
if sc.sawClientPreface {
1052
errc := make(chan error, 1)
1054
// Read the client preface
1055
buf := make([]byte, len(ClientPreface))
1056
if _, err := io.ReadFull(sc.conn, buf); err != nil {
1058
} else if !bytes.Equal(buf, clientPreface) {
1059
errc <- fmt.Errorf("bogus greeting %q", buf)
1064
timer := time.NewTimer(prefaceTimeout) // TODO: configurable on *Server?
1068
return errPrefaceTimeout
1072
sc.vlogf("http2: server: client %v said hello", sc.conn.RemoteAddr())
1079
var errChanPool = sync.Pool{
1080
New: func() interface{} { return make(chan error, 1) },
1083
var writeDataPool = sync.Pool{
1084
New: func() interface{} { return new(writeData) },
1087
// writeDataFromHandler writes DATA response frames from a handler on
1089
func (sc *serverConn) writeDataFromHandler(stream *stream, data []byte, endStream bool) error {
1090
ch := errChanPool.Get().(chan error)
1091
writeArg := writeDataPool.Get().(*writeData)
1092
*writeArg = writeData{stream.id, data, endStream}
1093
err := sc.writeFrameFromHandler(FrameWriteRequest{
1101
var frameWriteDone bool // the frame write is done (successfully or not)
1104
frameWriteDone = true
1105
case <-sc.doneServing:
1106
return errClientDisconnected
1108
// If both ch and stream.cw were ready (as might
1109
// happen on the final Write after an http.Handler
1110
// ends), prefer the write result. Otherwise this
1111
// might just be us successfully closing the stream.
1112
// The writeFrameAsync and serve goroutines guarantee
1113
// that the ch send will happen before the stream.cw
1117
frameWriteDone = true
1119
return errStreamClosed
1124
writeDataPool.Put(writeArg)
1129
// writeFrameFromHandler sends wr to sc.wantWriteFrameCh, but aborts
1130
// if the connection has gone away.
1132
// This must not be run from the serve goroutine itself, else it might
1133
// deadlock writing to sc.wantWriteFrameCh (which is only mildly
1134
// buffered and is read by serve itself). If you're on the serve
1135
// goroutine, call writeFrame instead.
1136
func (sc *serverConn) writeFrameFromHandler(wr FrameWriteRequest) error {
1137
sc.serveG.checkNotOn() // NOT
1139
case sc.wantWriteFrameCh <- wr:
1141
case <-sc.doneServing:
1142
// Serve loop is gone.
1143
// Client has closed their connection to the server.
1144
return errClientDisconnected
1148
// writeFrame schedules a frame to write and sends it if there's nothing
1149
// already being written.
1151
// There is no pushback here (the serve goroutine never blocks). It's
1152
// the http.Handlers that block, waiting for their previous frames to
1153
// make it onto the wire
1155
// If you're not on the serve goroutine, use writeFrameFromHandler instead.
1156
func (sc *serverConn) writeFrame(wr FrameWriteRequest) {
1159
// If true, wr will not be written and wr.done will not be signaled.
1160
var ignoreWrite bool
1162
// We are not allowed to write frames on closed streams. RFC 7540 Section
1163
// 5.1.1 says: "An endpoint MUST NOT send frames other than PRIORITY on
1164
// a closed stream." Our server never sends PRIORITY, so that exception
1167
// The serverConn might close an open stream while the stream's handler
1168
// is still running. For example, the server might close a stream when it
1169
// receives bad data from the client. If this happens, the handler might
1170
// attempt to write a frame after the stream has been closed (since the
1171
// handler hasn't yet been notified of the close). In this case, we simply
1172
// ignore the frame. The handler will notice that the stream is closed when
1173
// it waits for the frame to be written.
1175
// As an exception to this rule, we allow sending RST_STREAM after close.
1176
// This allows us to immediately reject new streams without tracking any
1177
// state for those streams (except for the queued RST_STREAM frame). This
1178
// may result in duplicate RST_STREAMs in some cases, but the client should
1180
if wr.StreamID() != 0 {
1181
_, isReset := wr.write.(StreamError)
1182
if state, _ := sc.state(wr.StreamID()); state == stateClosed && !isReset {
1187
// Don't send a 100-continue response if we've already sent headers.
1188
// See golang.org/issue/14030.
1189
switch wr.write.(type) {
1190
case *writeResHeaders:
1191
wr.stream.wroteHeaders = true
1192
case write100ContinueHeadersFrame:
1193
if wr.stream.wroteHeaders {
1194
// We do not need to notify wr.done because this frame is
1195
// never written with wr.done != nil.
1197
panic("wr.done != nil for write100ContinueHeadersFrame")
1205
sc.queuedControlFrames++
1206
// For extra safety, detect wraparounds, which should not happen,
1207
// and pull the plug.
1208
if sc.queuedControlFrames < 0 {
1212
sc.writeSched.Push(wr)
1214
sc.scheduleFrameWrite()
1217
// startFrameWrite starts a goroutine to write wr (in a separate
1218
// goroutine since that might block on the network), and updates the
1219
// serve goroutine's state about the world, updated from info in wr.
1220
func (sc *serverConn) startFrameWrite(wr FrameWriteRequest) {
1222
if sc.writingFrame {
1223
panic("internal error: can only be writing one frame at a time")
1229
case stateHalfClosedLocal:
1230
switch wr.write.(type) {
1231
case StreamError, handlerPanicRST, writeWindowUpdate:
1232
// RFC 7540 Section 5.1 allows sending RST_STREAM, PRIORITY, and WINDOW_UPDATE
1233
// in this state. (We never send PRIORITY from the server, so that is not checked.)
1235
panic(fmt.Sprintf("internal error: attempt to send frame on a half-closed-local stream: %v", wr))
1238
panic(fmt.Sprintf("internal error: attempt to send frame on a closed stream: %v", wr))
1241
if wpp, ok := wr.write.(*writePushPromise); ok {
1243
wpp.promisedID, err = wpp.allocatePromisedID()
1245
sc.writingFrameAsync = false
1246
wr.replyToWriter(err)
1251
sc.writingFrame = true
1252
sc.needsFrameFlush = true
1253
if wr.write.staysWithinBuffer(sc.bw.Available()) {
1254
sc.writingFrameAsync = false
1255
err := wr.write.writeFrame(sc)
1256
sc.wroteFrame(frameWriteResult{wr: wr, err: err})
1257
} else if wd, ok := wr.write.(*writeData); ok {
1258
// Encode the frame in the serve goroutine, to ensure we don't have
1259
// any lingering asynchronous references to data passed to Write.
1260
// See https://go.dev/issue/58446.
1261
sc.framer.startWriteDataPadded(wd.streamID, wd.endStream, wd.p, nil)
1262
sc.writingFrameAsync = true
1263
go sc.writeFrameAsync(wr, wd)
1265
sc.writingFrameAsync = true
1266
go sc.writeFrameAsync(wr, nil)
1270
// errHandlerPanicked is the error given to any callers blocked in a read from
1271
// Request.Body when the main goroutine panics. Since most handlers read in the
1272
// main ServeHTTP goroutine, this will show up rarely.
1273
var errHandlerPanicked = errors.New("http2: handler panicked")
1275
// wroteFrame is called on the serve goroutine with the result of
1276
// whatever happened on writeFrameAsync.
1277
func (sc *serverConn) wroteFrame(res frameWriteResult) {
1279
if !sc.writingFrame {
1280
panic("internal error: expected to be already writing a frame")
1282
sc.writingFrame = false
1283
sc.writingFrameAsync = false
1287
if writeEndsStream(wr.write) {
1290
panic("internal error: expecting non-nil stream")
1294
// Here we would go to stateHalfClosedLocal in
1295
// theory, but since our handler is done and
1296
// the net/http package provides no mechanism
1297
// for closing a ResponseWriter while still
1298
// reading data (see possible TODO at top of
1299
// this file), we go into closed state here
1300
// anyway, after telling the peer we're
1301
// hanging up on them. We'll transition to
1302
// stateClosed after the RST_STREAM frame is
1304
st.state = stateHalfClosedLocal
1305
// Section 8.1: a server MAY request that the client abort
1306
// transmission of a request without error by sending a
1307
// RST_STREAM with an error code of NO_ERROR after sending
1308
// a complete response.
1309
sc.resetStream(streamError(st.id, ErrCodeNo))
1310
case stateHalfClosedRemote:
1311
sc.closeStream(st, errHandlerComplete)
1314
switch v := wr.write.(type) {
1316
// st may be unknown if the RST_STREAM was generated to reject bad input.
1317
if st, ok := sc.streams[v.StreamID]; ok {
1318
sc.closeStream(st, v)
1320
case handlerPanicRST:
1321
sc.closeStream(wr.stream, errHandlerPanicked)
1325
// Reply (if requested) to unblock the ServeHTTP goroutine.
1326
wr.replyToWriter(res.err)
1328
sc.scheduleFrameWrite()
1331
// scheduleFrameWrite tickles the frame writing scheduler.
1333
// If a frame is already being written, nothing happens. This will be called again
1334
// when the frame is done being written.
1336
// If a frame isn't being written and we need to send one, the best frame
1337
// to send is selected by writeSched.
1339
// If a frame isn't being written and there's nothing else to send, we
1340
// flush the write buffer.
1341
func (sc *serverConn) scheduleFrameWrite() {
1343
if sc.writingFrame || sc.inFrameScheduleLoop {
1346
sc.inFrameScheduleLoop = true
1347
for !sc.writingFrameAsync {
1348
if sc.needToSendGoAway {
1349
sc.needToSendGoAway = false
1350
sc.startFrameWrite(FrameWriteRequest{
1351
write: &writeGoAway{
1352
maxStreamID: sc.maxClientStreamID,
1353
code: sc.goAwayCode,
1358
if sc.needToSendSettingsAck {
1359
sc.needToSendSettingsAck = false
1360
sc.startFrameWrite(FrameWriteRequest{write: writeSettingsAck{}})
1363
if !sc.inGoAway || sc.goAwayCode == ErrCodeNo {
1364
if wr, ok := sc.writeSched.Pop(); ok {
1366
sc.queuedControlFrames--
1368
sc.startFrameWrite(wr)
1372
if sc.needsFrameFlush {
1373
sc.startFrameWrite(FrameWriteRequest{write: flushFrameWriter{}})
1374
sc.needsFrameFlush = false // after startFrameWrite, since it sets this true
1379
sc.inFrameScheduleLoop = false
1382
// startGracefulShutdown gracefully shuts down a connection. This
1383
// sends GOAWAY with ErrCodeNo to tell the client we're gracefully
1384
// shutting down. The connection isn't closed until all current
1387
// startGracefulShutdown returns immediately; it does not wait until
1388
// the connection has shut down.
1389
func (sc *serverConn) startGracefulShutdown() {
1390
sc.serveG.checkNotOn() // NOT
1391
sc.shutdownOnce.Do(func() { sc.sendServeMsg(gracefulShutdownMsg) })
1394
// After sending GOAWAY with an error code (non-graceful shutdown), the
1395
// connection will close after goAwayTimeout.
1397
// If we close the connection immediately after sending GOAWAY, there may
1398
// be unsent data in our kernel receive buffer, which will cause the kernel
1399
// to send a TCP RST on close() instead of a FIN. This RST will abort the
1400
// connection immediately, whether or not the client had received the GOAWAY.
1402
// Ideally we should delay for at least 1 RTT + epsilon so the client has
1403
// a chance to read the GOAWAY and stop sending messages. Measuring RTT
1404
// is hard, so we approximate with 1 second. See golang.org/issue/18701.
1406
// This is a var so it can be shorter in tests, where all requests uses the
1407
// loopback interface making the expected RTT very small.
1409
// TODO: configurable?
1410
var goAwayTimeout = 1 * time.Second
1412
func (sc *serverConn) startGracefulShutdownInternal() {
1413
sc.goAway(ErrCodeNo)
1416
func (sc *serverConn) goAway(code ErrCode) {
1419
if sc.goAwayCode == ErrCodeNo {
1420
sc.goAwayCode = code
1425
sc.needToSendGoAway = true
1426
sc.goAwayCode = code
1427
sc.scheduleFrameWrite()
1430
func (sc *serverConn) shutDownIn(d time.Duration) {
1432
sc.shutdownTimer = time.AfterFunc(d, sc.onShutdownTimer)
1435
func (sc *serverConn) resetStream(se StreamError) {
1437
sc.writeFrame(FrameWriteRequest{write: se})
1438
if st, ok := sc.streams[se.StreamID]; ok {
1439
st.resetQueued = true
1443
// processFrameFromReader processes the serve loop's read from readFrameCh from the
1444
// frame-reading goroutine.
1445
// processFrameFromReader returns whether the connection should be kept open.
1446
func (sc *serverConn) processFrameFromReader(res readFrameResult) bool {
1450
if err == ErrFrameTooLarge {
1451
sc.goAway(ErrCodeFrameSize)
1452
return true // goAway will close the loop
1454
clientGone := err == io.EOF || err == io.ErrUnexpectedEOF || isClosedConnError(err)
1456
// TODO: could we also get into this state if
1457
// the peer does a half close
1458
// (e.g. CloseWrite) because they're done
1459
// sending frames but they're still wanting
1460
// our open replies? Investigate.
1461
// TODO: add CloseWrite to crypto/tls.Conn first
1462
// so we have a way to test this? I suppose
1463
// just for testing we could have a non-TLS mode.
1469
sc.vlogf("http2: server read frame %v", summarizeFrame(f))
1471
err = sc.processFrame(f)
1477
switch ev := err.(type) {
1481
case goAwayFlowError:
1482
sc.goAway(ErrCodeFlowControl)
1484
case ConnectionError:
1485
sc.logf("http2: server connection error from %v: %v", sc.conn.RemoteAddr(), ev)
1486
sc.goAway(ErrCode(ev))
1487
return true // goAway will handle shutdown
1490
sc.vlogf("http2: server closing client connection; error reading frame from client %s: %v", sc.conn.RemoteAddr(), err)
1492
sc.logf("http2: server closing client connection: %v", err)
1498
func (sc *serverConn) processFrame(f Frame) error {
1501
// First frame received must be SETTINGS.
1502
if !sc.sawFirstSettings {
1503
if _, ok := f.(*SettingsFrame); !ok {
1504
return sc.countError("first_settings", ConnectionError(ErrCodeProtocol))
1506
sc.sawFirstSettings = true
1509
// Discard frames for streams initiated after the identified last
1510
// stream sent in a GOAWAY, or all frames after sending an error.
1511
// We still need to return connection-level flow control for DATA frames.
1512
// RFC 9113 Section 6.8.
1513
if sc.inGoAway && (sc.goAwayCode != ErrCodeNo || f.Header().StreamID > sc.maxClientStreamID) {
1515
if f, ok := f.(*DataFrame); ok {
1516
if !sc.inflow.take(f.Length) {
1517
return sc.countError("data_flow", streamError(f.Header().StreamID, ErrCodeFlowControl))
1519
sc.sendWindowUpdate(nil, int(f.Length)) // conn-level
1524
switch f := f.(type) {
1525
case *SettingsFrame:
1526
return sc.processSettings(f)
1527
case *MetaHeadersFrame:
1528
return sc.processHeaders(f)
1529
case *WindowUpdateFrame:
1530
return sc.processWindowUpdate(f)
1532
return sc.processPing(f)
1534
return sc.processData(f)
1535
case *RSTStreamFrame:
1536
return sc.processResetStream(f)
1537
case *PriorityFrame:
1538
return sc.processPriority(f)
1540
return sc.processGoAway(f)
1541
case *PushPromiseFrame:
1542
// A client cannot push. Thus, servers MUST treat the receipt of a PUSH_PROMISE
1543
// frame as a connection error (Section 5.4.1) of type PROTOCOL_ERROR.
1544
return sc.countError("push_promise", ConnectionError(ErrCodeProtocol))
1546
sc.vlogf("http2: server ignoring frame: %v", f.Header())
1551
func (sc *serverConn) processPing(f *PingFrame) error {
1554
// 6.7 PING: " An endpoint MUST NOT respond to PING frames
1555
// containing this flag."
1558
if f.StreamID != 0 {
1559
// "PING frames are not associated with any individual
1560
// stream. If a PING frame is received with a stream
1561
// identifier field value other than 0x0, the recipient MUST
1562
// respond with a connection error (Section 5.4.1) of type
1564
return sc.countError("ping_on_stream", ConnectionError(ErrCodeProtocol))
1566
sc.writeFrame(FrameWriteRequest{write: writePingAck{f}})
1570
func (sc *serverConn) processWindowUpdate(f *WindowUpdateFrame) error {
1573
case f.StreamID != 0: // stream-level flow control
1574
state, st := sc.state(f.StreamID)
1575
if state == stateIdle {
1576
// Section 5.1: "Receiving any frame other than HEADERS
1577
// or PRIORITY on a stream in this state MUST be
1578
// treated as a connection error (Section 5.4.1) of
1579
// type PROTOCOL_ERROR."
1580
return sc.countError("stream_idle", ConnectionError(ErrCodeProtocol))
1583
// "WINDOW_UPDATE can be sent by a peer that has sent a
1584
// frame bearing the END_STREAM flag. This means that a
1585
// receiver could receive a WINDOW_UPDATE frame on a "half
1586
// closed (remote)" or "closed" stream. A receiver MUST
1587
// NOT treat this as an error, see Section 5.1."
1590
if !st.flow.add(int32(f.Increment)) {
1591
return sc.countError("bad_flow", streamError(f.StreamID, ErrCodeFlowControl))
1593
default: // connection-level flow control
1594
if !sc.flow.add(int32(f.Increment)) {
1595
return goAwayFlowError{}
1598
sc.scheduleFrameWrite()
1602
func (sc *serverConn) processResetStream(f *RSTStreamFrame) error {
1605
state, st := sc.state(f.StreamID)
1606
if state == stateIdle {
1607
// 6.4 "RST_STREAM frames MUST NOT be sent for a
1608
// stream in the "idle" state. If a RST_STREAM frame
1609
// identifying an idle stream is received, the
1610
// recipient MUST treat this as a connection error
1611
// (Section 5.4.1) of type PROTOCOL_ERROR.
1612
return sc.countError("reset_idle_stream", ConnectionError(ErrCodeProtocol))
1616
sc.closeStream(st, streamError(f.StreamID, f.ErrCode))
1621
func (sc *serverConn) closeStream(st *stream, err error) {
1623
if st.state == stateIdle || st.state == stateClosed {
1624
panic(fmt.Sprintf("invariant; can't close stream in state %v", st.state))
1626
st.state = stateClosed
1627
if st.readDeadline != nil {
1628
st.readDeadline.Stop()
1630
if st.writeDeadline != nil {
1631
st.writeDeadline.Stop()
1634
sc.curPushedStreams--
1636
sc.curClientStreams--
1638
delete(sc.streams, st.id)
1639
if len(sc.streams) == 0 {
1640
sc.setConnState(http.StateIdle)
1641
if sc.srv.IdleTimeout > 0 {
1642
sc.idleTimer.Reset(sc.srv.IdleTimeout)
1644
if h1ServerKeepAlivesDisabled(sc.hs) {
1645
sc.startGracefulShutdownInternal()
1648
if p := st.body; p != nil {
1649
// Return any buffered unread bytes worth of conn-level flow control.
1650
// See golang.org/issue/16481
1651
sc.sendWindowUpdate(nil, p.Len())
1653
p.CloseWithError(err)
1655
if e, ok := err.(StreamError); ok {
1659
err = errStreamClosed
1663
st.cw.Close() // signals Handler's CloseNotifier, unblocks writes, etc
1664
sc.writeSched.CloseStream(st.id)
1667
func (sc *serverConn) processSettings(f *SettingsFrame) error {
1670
sc.unackedSettings--
1671
if sc.unackedSettings < 0 {
1672
// Why is the peer ACKing settings we never sent?
1673
// The spec doesn't mention this case, but
1674
// hang up on them anyway.
1675
return sc.countError("ack_mystery", ConnectionError(ErrCodeProtocol))
1679
if f.NumSettings() > 100 || f.HasDuplicates() {
1680
// This isn't actually in the spec, but hang up on
1681
// suspiciously large settings frames or those with
1682
// duplicate entries.
1683
return sc.countError("settings_big_or_dups", ConnectionError(ErrCodeProtocol))
1685
if err := f.ForeachSetting(sc.processSetting); err != nil {
1688
// TODO: judging by RFC 7540, Section 6.5.3 each SETTINGS frame should be
1689
// acknowledged individually, even if multiple are received before the ACK.
1690
sc.needToSendSettingsAck = true
1691
sc.scheduleFrameWrite()
1695
func (sc *serverConn) processSetting(s Setting) error {
1697
if err := s.Valid(); err != nil {
1701
sc.vlogf("http2: server processing setting %v", s)
1704
case SettingHeaderTableSize:
1705
sc.hpackEncoder.SetMaxDynamicTableSize(s.Val)
1706
case SettingEnablePush:
1707
sc.pushEnabled = s.Val != 0
1708
case SettingMaxConcurrentStreams:
1709
sc.clientMaxStreams = s.Val
1710
case SettingInitialWindowSize:
1711
return sc.processSettingInitialWindowSize(s.Val)
1712
case SettingMaxFrameSize:
1713
sc.maxFrameSize = int32(s.Val) // the maximum valid s.Val is < 2^31
1714
case SettingMaxHeaderListSize:
1715
sc.peerMaxHeaderListSize = s.Val
1717
// Unknown setting: "An endpoint that receives a SETTINGS
1718
// frame with any unknown or unsupported identifier MUST
1719
// ignore that setting."
1721
sc.vlogf("http2: server ignoring unknown setting %v", s)
1727
func (sc *serverConn) processSettingInitialWindowSize(val uint32) error {
1729
// Note: val already validated to be within range by
1730
// processSetting's Valid call.
1732
// "A SETTINGS frame can alter the initial flow control window
1733
// size for all current streams. When the value of
1734
// SETTINGS_INITIAL_WINDOW_SIZE changes, a receiver MUST
1735
// adjust the size of all stream flow control windows that it
1736
// maintains by the difference between the new value and the
1738
old := sc.initialStreamSendWindowSize
1739
sc.initialStreamSendWindowSize = int32(val)
1740
growth := int32(val) - old // may be negative
1741
for _, st := range sc.streams {
1742
if !st.flow.add(growth) {
1743
// 6.9.2 Initial Flow Control Window Size
1744
// "An endpoint MUST treat a change to
1745
// SETTINGS_INITIAL_WINDOW_SIZE that causes any flow
1746
// control window to exceed the maximum size as a
1747
// connection error (Section 5.4.1) of type
1748
// FLOW_CONTROL_ERROR."
1749
return sc.countError("setting_win_size", ConnectionError(ErrCodeFlowControl))
1755
func (sc *serverConn) processData(f *DataFrame) error {
1757
id := f.Header().StreamID
1760
state, st := sc.state(id)
1761
if id == 0 || state == stateIdle {
1762
// Section 6.1: "DATA frames MUST be associated with a
1763
// stream. If a DATA frame is received whose stream
1764
// identifier field is 0x0, the recipient MUST respond
1765
// with a connection error (Section 5.4.1) of type
1768
// Section 5.1: "Receiving any frame other than HEADERS
1769
// or PRIORITY on a stream in this state MUST be
1770
// treated as a connection error (Section 5.4.1) of
1771
// type PROTOCOL_ERROR."
1772
return sc.countError("data_on_idle", ConnectionError(ErrCodeProtocol))
1775
// "If a DATA frame is received whose stream is not in "open"
1776
// or "half closed (local)" state, the recipient MUST respond
1777
// with a stream error (Section 5.4.2) of type STREAM_CLOSED."
1778
if st == nil || state != stateOpen || st.gotTrailerHeader || st.resetQueued {
1779
// This includes sending a RST_STREAM if the stream is
1780
// in stateHalfClosedLocal (which currently means that
1781
// the http.Handler returned, so it's done reading &
1782
// done writing). Try to stop the client from sending
1785
// But still enforce their connection-level flow control,
1786
// and return any flow control bytes since we're not going
1788
if !sc.inflow.take(f.Length) {
1789
return sc.countError("data_flow", streamError(id, ErrCodeFlowControl))
1791
sc.sendWindowUpdate(nil, int(f.Length)) // conn-level
1793
if st != nil && st.resetQueued {
1794
// Already have a stream error in flight. Don't send another.
1797
return sc.countError("closed", streamError(id, ErrCodeStreamClosed))
1800
panic("internal error: should have a body in this state")
1803
// Sender sending more than they'd declared?
1804
if st.declBodyBytes != -1 && st.bodyBytes+int64(len(data)) > st.declBodyBytes {
1805
if !sc.inflow.take(f.Length) {
1806
return sc.countError("data_flow", streamError(id, ErrCodeFlowControl))
1808
sc.sendWindowUpdate(nil, int(f.Length)) // conn-level
1810
st.body.CloseWithError(fmt.Errorf("sender tried to send more than declared Content-Length of %d bytes", st.declBodyBytes))
1811
// RFC 7540, sec 8.1.2.6: A request or response is also malformed if the
1812
// value of a content-length header field does not equal the sum of the
1813
// DATA frame payload lengths that form the body.
1814
return sc.countError("send_too_much", streamError(id, ErrCodeProtocol))
1817
// Check whether the client has flow control quota.
1818
if !takeInflows(&sc.inflow, &st.inflow, f.Length) {
1819
return sc.countError("flow_on_data_length", streamError(id, ErrCodeFlowControl))
1823
st.bodyBytes += int64(len(data))
1824
wrote, err := st.body.Write(data)
1826
// The handler has closed the request body.
1827
// Return the connection-level flow control for the discarded data,
1828
// but not the stream-level flow control.
1829
sc.sendWindowUpdate(nil, int(f.Length)-wrote)
1832
if wrote != len(data) {
1833
panic("internal error: bad Writer")
1837
// Return any padded flow control now, since we won't
1838
// refund it later on body reads.
1839
// Call sendWindowUpdate even if there is no padding,
1840
// to return buffered flow control credit if the sent
1841
// window has shrunk.
1842
pad := int32(f.Length) - int32(len(data))
1843
sc.sendWindowUpdate32(nil, pad)
1844
sc.sendWindowUpdate32(st, pad)
1846
if f.StreamEnded() {
1852
func (sc *serverConn) processGoAway(f *GoAwayFrame) error {
1854
if f.ErrCode != ErrCodeNo {
1855
sc.logf("http2: received GOAWAY %+v, starting graceful shutdown", f)
1857
sc.vlogf("http2: received GOAWAY %+v, starting graceful shutdown", f)
1859
sc.startGracefulShutdownInternal()
1860
// http://tools.ietf.org/html/rfc7540#section-6.8
1861
// We should not create any new streams, which means we should disable push.
1862
sc.pushEnabled = false
1866
// isPushed reports whether the stream is server-initiated.
1867
func (st *stream) isPushed() bool {
1871
// endStream closes a Request.Body's pipe. It is called when a DATA
1872
// frame says a request body is over (or after trailers).
1873
func (st *stream) endStream() {
1877
if st.declBodyBytes != -1 && st.declBodyBytes != st.bodyBytes {
1878
st.body.CloseWithError(fmt.Errorf("request declared a Content-Length of %d but only wrote %d bytes",
1879
st.declBodyBytes, st.bodyBytes))
1881
st.body.closeWithErrorAndCode(io.EOF, st.copyTrailersToHandlerRequest)
1882
st.body.CloseWithError(io.EOF)
1884
st.state = stateHalfClosedRemote
1887
// copyTrailersToHandlerRequest is run in the Handler's goroutine in
1888
// its Request.Body.Read just before it gets io.EOF.
1889
func (st *stream) copyTrailersToHandlerRequest() {
1890
for k, vv := range st.trailer {
1891
if _, ok := st.reqTrailer[k]; ok {
1892
// Only copy it over it was pre-declared.
1893
st.reqTrailer[k] = vv
1898
// onReadTimeout is run on its own goroutine (from time.AfterFunc)
1899
// when the stream's ReadTimeout has fired.
1900
func (st *stream) onReadTimeout() {
1902
// Wrap the ErrDeadlineExceeded to avoid callers depending on us
1903
// returning the bare error.
1904
st.body.CloseWithError(fmt.Errorf("%w", os.ErrDeadlineExceeded))
1908
// onWriteTimeout is run on its own goroutine (from time.AfterFunc)
1909
// when the stream's WriteTimeout has fired.
1910
func (st *stream) onWriteTimeout() {
1911
st.sc.writeFrameFromHandler(FrameWriteRequest{write: StreamError{
1913
Code: ErrCodeInternal,
1914
Cause: os.ErrDeadlineExceeded,
1918
func (sc *serverConn) processHeaders(f *MetaHeadersFrame) error {
1921
// http://tools.ietf.org/html/rfc7540#section-5.1.1
1922
// Streams initiated by a client MUST use odd-numbered stream
1923
// identifiers. [...] An endpoint that receives an unexpected
1924
// stream identifier MUST respond with a connection error
1925
// (Section 5.4.1) of type PROTOCOL_ERROR.
1927
return sc.countError("headers_even", ConnectionError(ErrCodeProtocol))
1929
// A HEADERS frame can be used to create a new stream or
1930
// send a trailer for an open one. If we already have a stream
1931
// open, let it process its own HEADERS frame (trailers at this
1932
// point, if it's valid).
1933
if st := sc.streams[f.StreamID]; st != nil {
1935
// We're sending RST_STREAM to close the stream, so don't bother
1936
// processing this frame.
1939
// RFC 7540, sec 5.1: If an endpoint receives additional frames, other than
1940
// WINDOW_UPDATE, PRIORITY, or RST_STREAM, for a stream that is in
1941
// this state, it MUST respond with a stream error (Section 5.4.2) of
1942
// type STREAM_CLOSED.
1943
if st.state == stateHalfClosedRemote {
1944
return sc.countError("headers_half_closed", streamError(id, ErrCodeStreamClosed))
1946
return st.processTrailerHeaders(f)
1949
// [...] The identifier of a newly established stream MUST be
1950
// numerically greater than all streams that the initiating
1951
// endpoint has opened or reserved. [...] An endpoint that
1952
// receives an unexpected stream identifier MUST respond with
1953
// a connection error (Section 5.4.1) of type PROTOCOL_ERROR.
1954
if id <= sc.maxClientStreamID {
1955
return sc.countError("stream_went_down", ConnectionError(ErrCodeProtocol))
1957
sc.maxClientStreamID = id
1959
if sc.idleTimer != nil {
1963
// http://tools.ietf.org/html/rfc7540#section-5.1.2
1964
// [...] Endpoints MUST NOT exceed the limit set by their peer. An
1965
// endpoint that receives a HEADERS frame that causes their
1966
// advertised concurrent stream limit to be exceeded MUST treat
1967
// this as a stream error (Section 5.4.2) of type PROTOCOL_ERROR
1968
// or REFUSED_STREAM.
1969
if sc.curClientStreams+1 > sc.advMaxStreams {
1970
if sc.unackedSettings == 0 {
1971
// They should know better.
1972
return sc.countError("over_max_streams", streamError(id, ErrCodeProtocol))
1974
// Assume it's a network race, where they just haven't
1975
// received our last SETTINGS update. But actually
1976
// this can't happen yet, because we don't yet provide
1977
// a way for users to adjust server parameters at
1979
return sc.countError("over_max_streams_race", streamError(id, ErrCodeRefusedStream))
1982
initialState := stateOpen
1983
if f.StreamEnded() {
1984
initialState = stateHalfClosedRemote
1986
st := sc.newStream(id, 0, initialState)
1988
if f.HasPriority() {
1989
if err := sc.checkPriority(f.StreamID, f.Priority); err != nil {
1992
sc.writeSched.AdjustStream(st.id, f.Priority)
1995
rw, req, err := sc.newWriterAndRequest(st, f)
1999
st.reqTrailer = req.Trailer
2000
if st.reqTrailer != nil {
2001
st.trailer = make(http.Header)
2003
st.body = req.Body.(*requestBody).pipe // may be nil
2004
st.declBodyBytes = req.ContentLength
2006
handler := sc.handler.ServeHTTP
2008
// Their header list was too long. Send a 431 error.
2009
handler = handleHeaderListTooLong
2010
} else if err := checkValidHTTP2RequestHeaders(req.Header); err != nil {
2011
handler = new400Handler(err)
2014
// The net/http package sets the read deadline from the
2015
// http.Server.ReadTimeout during the TLS handshake, but then
2016
// passes the connection off to us with the deadline already
2017
// set. Disarm it here after the request headers are read,
2018
// similar to how the http1 server works. Here it's
2019
// technically more like the http1 Server's ReadHeaderTimeout
2020
// (in Go 1.8), though. That's a more sane option anyway.
2021
if sc.hs.ReadTimeout > 0 {
2022
sc.conn.SetReadDeadline(time.Time{})
2023
st.readDeadline = time.AfterFunc(sc.hs.ReadTimeout, st.onReadTimeout)
2026
return sc.scheduleHandler(id, rw, req, handler)
2029
func (sc *serverConn) upgradeRequest(req *http.Request) {
2032
sc.maxClientStreamID = id
2033
st := sc.newStream(id, 0, stateHalfClosedRemote)
2034
st.reqTrailer = req.Trailer
2035
if st.reqTrailer != nil {
2036
st.trailer = make(http.Header)
2038
rw := sc.newResponseWriter(st, req)
2040
// Disable any read deadline set by the net/http package
2041
// prior to the upgrade.
2042
if sc.hs.ReadTimeout > 0 {
2043
sc.conn.SetReadDeadline(time.Time{})
2046
// This is the first request on the connection,
2047
// so start the handler directly rather than going
2048
// through scheduleHandler.
2050
go sc.runHandler(rw, req, sc.handler.ServeHTTP)
2053
func (st *stream) processTrailerHeaders(f *MetaHeadersFrame) error {
2056
if st.gotTrailerHeader {
2057
return sc.countError("dup_trailers", ConnectionError(ErrCodeProtocol))
2059
st.gotTrailerHeader = true
2060
if !f.StreamEnded() {
2061
return sc.countError("trailers_not_ended", streamError(st.id, ErrCodeProtocol))
2064
if len(f.PseudoFields()) > 0 {
2065
return sc.countError("trailers_pseudo", streamError(st.id, ErrCodeProtocol))
2067
if st.trailer != nil {
2068
for _, hf := range f.RegularFields() {
2069
key := sc.canonicalHeader(hf.Name)
2070
if !httpguts.ValidTrailerHeader(key) {
2071
// TODO: send more details to the peer somehow. But http2 has
2072
// no way to send debug data at a stream level. Discuss with
2074
return sc.countError("trailers_bogus", streamError(st.id, ErrCodeProtocol))
2076
st.trailer[key] = append(st.trailer[key], hf.Value)
2083
func (sc *serverConn) checkPriority(streamID uint32, p PriorityParam) error {
2084
if streamID == p.StreamDep {
2085
// Section 5.3.1: "A stream cannot depend on itself. An endpoint MUST treat
2086
// this as a stream error (Section 5.4.2) of type PROTOCOL_ERROR."
2087
// Section 5.3.3 says that a stream can depend on one of its dependencies,
2088
// so it's only self-dependencies that are forbidden.
2089
return sc.countError("priority", streamError(streamID, ErrCodeProtocol))
2094
func (sc *serverConn) processPriority(f *PriorityFrame) error {
2095
if err := sc.checkPriority(f.StreamID, f.PriorityParam); err != nil {
2098
sc.writeSched.AdjustStream(f.StreamID, f.PriorityParam)
2102
func (sc *serverConn) newStream(id, pusherID uint32, state streamState) *stream {
2105
panic("internal error: cannot create stream with id 0")
2108
ctx, cancelCtx := context.WithCancel(sc.baseCtx)
2114
cancelCtx: cancelCtx,
2117
st.flow.conn = &sc.flow // link to conn-level counter
2118
st.flow.add(sc.initialStreamSendWindowSize)
2119
st.inflow.init(sc.srv.initialStreamRecvWindowSize())
2120
if sc.hs.WriteTimeout > 0 {
2121
st.writeDeadline = time.AfterFunc(sc.hs.WriteTimeout, st.onWriteTimeout)
2125
sc.writeSched.OpenStream(st.id, OpenStreamOptions{PusherID: pusherID})
2127
sc.curPushedStreams++
2129
sc.curClientStreams++
2131
if sc.curOpenStreams() == 1 {
2132
sc.setConnState(http.StateActive)
2138
func (sc *serverConn) newWriterAndRequest(st *stream, f *MetaHeadersFrame) (*responseWriter, *http.Request, error) {
2142
method: f.PseudoValue("method"),
2143
scheme: f.PseudoValue("scheme"),
2144
authority: f.PseudoValue("authority"),
2145
path: f.PseudoValue("path"),
2148
isConnect := rp.method == "CONNECT"
2150
if rp.path != "" || rp.scheme != "" || rp.authority == "" {
2151
return nil, nil, sc.countError("bad_connect", streamError(f.StreamID, ErrCodeProtocol))
2153
} else if rp.method == "" || rp.path == "" || (rp.scheme != "https" && rp.scheme != "http") {
2154
// See 8.1.2.6 Malformed Requests and Responses:
2156
// Malformed requests or responses that are detected
2157
// MUST be treated as a stream error (Section 5.4.2)
2158
// of type PROTOCOL_ERROR."
2160
// 8.1.2.3 Request Pseudo-Header Fields
2161
// "All HTTP/2 requests MUST include exactly one valid
2162
// value for the :method, :scheme, and :path
2163
// pseudo-header fields"
2164
return nil, nil, sc.countError("bad_path_method", streamError(f.StreamID, ErrCodeProtocol))
2167
rp.header = make(http.Header)
2168
for _, hf := range f.RegularFields() {
2169
rp.header.Add(sc.canonicalHeader(hf.Name), hf.Value)
2171
if rp.authority == "" {
2172
rp.authority = rp.header.Get("Host")
2175
rw, req, err := sc.newWriterAndRequestNoBody(st, rp)
2177
return nil, nil, err
2179
bodyOpen := !f.StreamEnded()
2181
if vv, ok := rp.header["Content-Length"]; ok {
2182
if cl, err := strconv.ParseUint(vv[0], 10, 63); err == nil {
2183
req.ContentLength = int64(cl)
2185
req.ContentLength = 0
2188
req.ContentLength = -1
2190
req.Body.(*requestBody).pipe = &pipe{
2191
b: &dataBuffer{expected: req.ContentLength},
2197
type requestParam struct {
2199
scheme, authority, path string
2203
func (sc *serverConn) newWriterAndRequestNoBody(st *stream, rp requestParam) (*responseWriter, *http.Request, error) {
2206
var tlsState *tls.ConnectionState // nil if not scheme https
2207
if rp.scheme == "https" {
2208
tlsState = sc.tlsState
2211
needsContinue := httpguts.HeaderValuesContainsToken(rp.header["Expect"], "100-continue")
2213
rp.header.Del("Expect")
2215
// Merge Cookie headers into one "; "-delimited value.
2216
if cookies := rp.header["Cookie"]; len(cookies) > 1 {
2217
rp.header.Set("Cookie", strings.Join(cookies, "; "))
2221
var trailer http.Header
2222
for _, v := range rp.header["Trailer"] {
2223
for _, key := range strings.Split(v, ",") {
2224
key = http.CanonicalHeaderKey(textproto.TrimString(key))
2226
case "Transfer-Encoding", "Trailer", "Content-Length":
2227
// Bogus. (copy of http1 rules)
2231
trailer = make(http.Header)
2237
delete(rp.header, "Trailer")
2240
var requestURI string
2241
if rp.method == "CONNECT" {
2242
url_ = &url.URL{Host: rp.authority}
2243
requestURI = rp.authority // mimic HTTP/1 server behavior
2246
url_, err = url.ParseRequestURI(rp.path)
2248
return nil, nil, sc.countError("bad_path", streamError(st.id, ErrCodeProtocol))
2250
requestURI = rp.path
2253
body := &requestBody{
2256
needsContinue: needsContinue,
2258
req := &http.Request{
2261
RemoteAddr: sc.remoteAddrStr,
2263
RequestURI: requestURI,
2272
req = req.WithContext(st.ctx)
2274
rw := sc.newResponseWriter(st, req)
2278
func (sc *serverConn) newResponseWriter(st *stream, req *http.Request) *responseWriter {
2279
rws := responseWriterStatePool.Get().(*responseWriterState)
2281
*rws = responseWriterState{} // zero all the fields
2284
rws.bw.Reset(chunkWriter{rws})
2287
return &responseWriter{rws: rws}
2290
type unstartedHandler struct {
2294
handler func(http.ResponseWriter, *http.Request)
2297
// scheduleHandler starts a handler goroutine,
2298
// or schedules one to start as soon as an existing handler finishes.
2299
func (sc *serverConn) scheduleHandler(streamID uint32, rw *responseWriter, req *http.Request, handler func(http.ResponseWriter, *http.Request)) error {
2301
maxHandlers := sc.advMaxStreams
2302
if sc.curHandlers < maxHandlers {
2304
go sc.runHandler(rw, req, handler)
2307
if len(sc.unstartedHandlers) > int(4*sc.advMaxStreams) {
2308
return sc.countError("too_many_early_resets", ConnectionError(ErrCodeEnhanceYourCalm))
2310
sc.unstartedHandlers = append(sc.unstartedHandlers, unstartedHandler{
2319
func (sc *serverConn) handlerDone() {
2323
maxHandlers := sc.advMaxStreams
2324
for ; i < len(sc.unstartedHandlers); i++ {
2325
u := sc.unstartedHandlers[i]
2326
if sc.streams[u.streamID] == nil {
2327
// This stream was reset before its goroutine had a chance to start.
2330
if sc.curHandlers >= maxHandlers {
2334
go sc.runHandler(u.rw, u.req, u.handler)
2335
sc.unstartedHandlers[i] = unstartedHandler{} // don't retain references
2337
sc.unstartedHandlers = sc.unstartedHandlers[i:]
2338
if len(sc.unstartedHandlers) == 0 {
2339
sc.unstartedHandlers = nil
2343
// Run on its own goroutine.
2344
func (sc *serverConn) runHandler(rw *responseWriter, req *http.Request, handler func(http.ResponseWriter, *http.Request)) {
2345
defer sc.sendServeMsg(handlerDoneMsg)
2348
rw.rws.stream.cancelCtx()
2349
if req.MultipartForm != nil {
2350
req.MultipartForm.RemoveAll()
2354
sc.writeFrameFromHandler(FrameWriteRequest{
2355
write: handlerPanicRST{rw.rws.stream.id},
2356
stream: rw.rws.stream,
2358
// Same as net/http:
2359
if e != nil && e != http.ErrAbortHandler {
2360
const size = 64 << 10
2361
buf := make([]byte, size)
2362
buf = buf[:runtime.Stack(buf, false)]
2363
sc.logf("http2: panic serving %v: %v\n%s", sc.conn.RemoteAddr(), e, buf)
2373
func handleHeaderListTooLong(w http.ResponseWriter, r *http.Request) {
2374
// 10.5.1 Limits on Header Block Size:
2375
// .. "A server that receives a larger header block than it is
2376
// willing to handle can send an HTTP 431 (Request Header Fields Too
2377
// Large) status code"
2378
const statusRequestHeaderFieldsTooLarge = 431 // only in Go 1.6+
2379
w.WriteHeader(statusRequestHeaderFieldsTooLarge)
2380
io.WriteString(w, "<h1>HTTP Error 431</h1><p>Request Header Field(s) Too Large</p>")
2383
// called from handler goroutines.
2385
func (sc *serverConn) writeHeaders(st *stream, headerData *writeResHeaders) error {
2386
sc.serveG.checkNotOn() // NOT on
2388
if headerData.h != nil {
2389
// If there's a header map (which we don't own), so we have to block on
2390
// waiting for this frame to be written, so an http.Flush mid-handler
2391
// writes out the correct value of keys, before a handler later potentially
2393
errc = errChanPool.Get().(chan error)
2395
if err := sc.writeFrameFromHandler(FrameWriteRequest{
2405
errChanPool.Put(errc)
2407
case <-sc.doneServing:
2408
return errClientDisconnected
2410
return errStreamClosed
2416
// called from handler goroutines.
2417
func (sc *serverConn) write100ContinueHeaders(st *stream) {
2418
sc.writeFrameFromHandler(FrameWriteRequest{
2419
write: write100ContinueHeadersFrame{st.id},
2424
// A bodyReadMsg tells the server loop that the http.Handler read n
2425
// bytes of the DATA from the client on the given stream.
2426
type bodyReadMsg struct {
2431
// called from handler goroutines.
2432
// Notes that the handler for the given stream ID read n bytes of its body
2433
// and schedules flow control tokens to be sent.
2434
func (sc *serverConn) noteBodyReadFromHandler(st *stream, n int, err error) {
2435
sc.serveG.checkNotOn() // NOT on
2438
case sc.bodyReadCh <- bodyReadMsg{st, n}:
2439
case <-sc.doneServing:
2444
func (sc *serverConn) noteBodyRead(st *stream, n int) {
2446
sc.sendWindowUpdate(nil, n) // conn-level
2447
if st.state != stateHalfClosedRemote && st.state != stateClosed {
2448
// Don't send this WINDOW_UPDATE if the stream is closed
2450
sc.sendWindowUpdate(st, n)
2454
// st may be nil for conn-level
2455
func (sc *serverConn) sendWindowUpdate32(st *stream, n int32) {
2456
sc.sendWindowUpdate(st, int(n))
2459
// st may be nil for conn-level
2460
func (sc *serverConn) sendWindowUpdate(st *stream, n int) {
2465
send = sc.inflow.add(n)
2468
send = st.inflow.add(n)
2473
sc.writeFrame(FrameWriteRequest{
2474
write: writeWindowUpdate{streamID: streamID, n: uint32(send)},
2479
// requestBody is the Handler's Request.Body type.
2480
// Read and Close may be called concurrently.
2481
type requestBody struct {
2485
closeOnce sync.Once // for use by Close only
2486
sawEOF bool // for use by Read only
2487
pipe *pipe // non-nil if we have an HTTP entity message body
2488
needsContinue bool // need to send a 100-continue
2491
func (b *requestBody) Close() error {
2492
b.closeOnce.Do(func() {
2494
b.pipe.BreakWithError(errClosedBody)
2500
func (b *requestBody) Read(p []byte) (n int, err error) {
2501
if b.needsContinue {
2502
b.needsContinue = false
2503
b.conn.write100ContinueHeaders(b.stream)
2505
if b.pipe == nil || b.sawEOF {
2508
n, err = b.pipe.Read(p)
2512
if b.conn == nil && inTests {
2515
b.conn.noteBodyReadFromHandler(b.stream, n, err)
2519
// responseWriter is the http.ResponseWriter implementation. It's
2520
// intentionally small (1 pointer wide) to minimize garbage. The
2521
// responseWriterState pointer inside is zeroed at the end of a
2522
// request (in handlerDone) and calls on the responseWriter thereafter
2523
// simply crash (caller's mistake), but the much larger responseWriterState
2524
// and buffers are reused between multiple requests.
2525
type responseWriter struct {
2526
rws *responseWriterState
2529
// Optional http.ResponseWriter interfaces implemented.
2531
_ http.CloseNotifier = (*responseWriter)(nil)
2532
_ http.Flusher = (*responseWriter)(nil)
2533
_ stringWriter = (*responseWriter)(nil)
2536
type responseWriterState struct {
2537
// immutable within a request:
2542
// TODO: adjust buffer writing sizes based on server config, frame size updates from peer, etc
2543
bw *bufio.Writer // writing to a chunkWriter{this *responseWriterState}
2545
// mutated by http.Handler goroutine:
2546
handlerHeader http.Header // nil until called
2547
snapHeader http.Header // snapshot of handlerHeader at WriteHeader time
2548
trailers []string // set in writeChunk
2549
status int // status code passed to WriteHeader
2550
wroteHeader bool // WriteHeader called (explicitly or implicitly). Not necessarily sent to user yet.
2551
sentHeader bool // have we sent the header frame?
2552
handlerDone bool // handler has finished
2554
sentContentLen int64 // non-zero if handler set a Content-Length header
2557
closeNotifierMu sync.Mutex // guards closeNotifierCh
2558
closeNotifierCh chan bool // nil until first used
2561
type chunkWriter struct{ rws *responseWriterState }
2563
func (cw chunkWriter) Write(p []byte) (n int, err error) {
2564
n, err = cw.rws.writeChunk(p)
2565
if err == errStreamClosed {
2566
// If writing failed because the stream has been closed,
2567
// return the reason it was closed.
2568
err = cw.rws.stream.closeErr
2573
func (rws *responseWriterState) hasTrailers() bool { return len(rws.trailers) > 0 }
2575
func (rws *responseWriterState) hasNonemptyTrailers() bool {
2576
for _, trailer := range rws.trailers {
2577
if _, ok := rws.handlerHeader[trailer]; ok {
2584
// declareTrailer is called for each Trailer header when the
2585
// response header is written. It notes that a header will need to be
2586
// written in the trailers at the end of the response.
2587
func (rws *responseWriterState) declareTrailer(k string) {
2588
k = http.CanonicalHeaderKey(k)
2589
if !httpguts.ValidTrailerHeader(k) {
2590
// Forbidden by RFC 7230, section 4.1.2.
2591
rws.conn.logf("ignoring invalid trailer %q", k)
2594
if !strSliceContains(rws.trailers, k) {
2595
rws.trailers = append(rws.trailers, k)
2599
// writeChunk writes chunks from the bufio.Writer. But because
2600
// bufio.Writer may bypass its chunking, sometimes p may be
2601
// arbitrarily large.
2603
// writeChunk is also responsible (on the first chunk) for sending the
2605
func (rws *responseWriterState) writeChunk(p []byte) (n int, err error) {
2606
if !rws.wroteHeader {
2607
rws.writeHeader(200)
2610
if rws.handlerDone {
2611
rws.promoteUndeclaredTrailers()
2614
isHeadResp := rws.req.Method == "HEAD"
2615
if !rws.sentHeader {
2616
rws.sentHeader = true
2617
var ctype, clen string
2618
if clen = rws.snapHeader.Get("Content-Length"); clen != "" {
2619
rws.snapHeader.Del("Content-Length")
2620
if cl, err := strconv.ParseUint(clen, 10, 63); err == nil {
2621
rws.sentContentLen = int64(cl)
2626
_, hasContentLength := rws.snapHeader["Content-Length"]
2627
if !hasContentLength && clen == "" && rws.handlerDone && bodyAllowedForStatus(rws.status) && (len(p) > 0 || !isHeadResp) {
2628
clen = strconv.Itoa(len(p))
2630
_, hasContentType := rws.snapHeader["Content-Type"]
2631
// If the Content-Encoding is non-blank, we shouldn't
2632
// sniff the body. See Issue golang.org/issue/31753.
2633
ce := rws.snapHeader.Get("Content-Encoding")
2634
hasCE := len(ce) > 0
2635
if !hasCE && !hasContentType && bodyAllowedForStatus(rws.status) && len(p) > 0 {
2636
ctype = http.DetectContentType(p)
2639
if _, ok := rws.snapHeader["Date"]; !ok {
2640
// TODO(bradfitz): be faster here, like net/http? measure.
2641
date = time.Now().UTC().Format(http.TimeFormat)
2644
for _, v := range rws.snapHeader["Trailer"] {
2645
foreachHeaderElement(v, rws.declareTrailer)
2648
// "Connection" headers aren't allowed in HTTP/2 (RFC 7540, 8.1.2.2),
2649
// but respect "Connection" == "close" to mean sending a GOAWAY and tearing
2650
// down the TCP connection when idle, like we do for HTTP/1.
2651
// TODO: remove more Connection-specific header fields here, in addition
2653
if _, ok := rws.snapHeader["Connection"]; ok {
2654
v := rws.snapHeader.Get("Connection")
2655
delete(rws.snapHeader, "Connection")
2657
rws.conn.startGracefulShutdown()
2661
endStream := (rws.handlerDone && !rws.hasTrailers() && len(p) == 0) || isHeadResp
2662
err = rws.conn.writeHeaders(rws.stream, &writeResHeaders{
2663
streamID: rws.stream.id,
2664
httpResCode: rws.status,
2666
endStream: endStream,
2668
contentLength: clen,
2681
if len(p) == 0 && !rws.handlerDone {
2685
// only send trailers if they have actually been defined by the
2687
hasNonemptyTrailers := rws.hasNonemptyTrailers()
2688
endStream := rws.handlerDone && !hasNonemptyTrailers
2689
if len(p) > 0 || endStream {
2690
// only send a 0 byte DATA frame if we're ending the stream.
2691
if err := rws.conn.writeDataFromHandler(rws.stream, p, endStream); err != nil {
2696
if rws.handlerDone && hasNonemptyTrailers {
2697
err = rws.conn.writeHeaders(rws.stream, &writeResHeaders{
2698
streamID: rws.stream.id,
2699
h: rws.handlerHeader,
2700
trailers: rws.trailers,
2708
// TrailerPrefix is a magic prefix for ResponseWriter.Header map keys
2709
// that, if present, signals that the map entry is actually for
2710
// the response trailers, and not the response headers. The prefix
2711
// is stripped after the ServeHTTP call finishes and the values are
2712
// sent in the trailers.
2714
// This mechanism is intended only for trailers that are not known
2715
// prior to the headers being written. If the set of trailers is fixed
2716
// or known before the header is written, the normal Go trailers mechanism
2719
// https://golang.org/pkg/net/http/#ResponseWriter
2720
// https://golang.org/pkg/net/http/#example_ResponseWriter_trailers
2721
const TrailerPrefix = "Trailer:"
2723
// promoteUndeclaredTrailers permits http.Handlers to set trailers
2724
// after the header has already been flushed. Because the Go
2725
// ResponseWriter interface has no way to set Trailers (only the
2726
// Header), and because we didn't want to expand the ResponseWriter
2727
// interface, and because nobody used trailers, and because RFC 7230
2728
// says you SHOULD (but not must) predeclare any trailers in the
2729
// header, the official ResponseWriter rules said trailers in Go must
2730
// be predeclared, and then we reuse the same ResponseWriter.Header()
2731
// map to mean both Headers and Trailers. When it's time to write the
2732
// Trailers, we pick out the fields of Headers that were declared as
2733
// trailers. That worked for a while, until we found the first major
2734
// user of Trailers in the wild: gRPC (using them only over http2),
2735
// and gRPC libraries permit setting trailers mid-stream without
2736
// predeclaring them. So: change of plans. We still permit the old
2737
// way, but we also permit this hack: if a Header() key begins with
2738
// "Trailer:", the suffix of that key is a Trailer. Because ':' is an
2739
// invalid token byte anyway, there is no ambiguity. (And it's already
2740
// filtered out) It's mildly hacky, but not terrible.
2742
// This method runs after the Handler is done and promotes any Header
2743
// fields to be trailers.
2744
func (rws *responseWriterState) promoteUndeclaredTrailers() {
2745
for k, vv := range rws.handlerHeader {
2746
if !strings.HasPrefix(k, TrailerPrefix) {
2749
trailerKey := strings.TrimPrefix(k, TrailerPrefix)
2750
rws.declareTrailer(trailerKey)
2751
rws.handlerHeader[http.CanonicalHeaderKey(trailerKey)] = vv
2754
if len(rws.trailers) > 1 {
2755
sorter := sorterPool.Get().(*sorter)
2756
sorter.SortStrings(rws.trailers)
2757
sorterPool.Put(sorter)
2761
func (w *responseWriter) SetReadDeadline(deadline time.Time) error {
2763
if !deadline.IsZero() && deadline.Before(time.Now()) {
2764
// If we're setting a deadline in the past, reset the stream immediately
2765
// so writes after SetWriteDeadline returns will fail.
2769
w.rws.conn.sendServeMsg(func(sc *serverConn) {
2770
if st.readDeadline != nil {
2771
if !st.readDeadline.Stop() {
2772
// Deadline already exceeded, or stream has been closed.
2776
if deadline.IsZero() {
2777
st.readDeadline = nil
2778
} else if st.readDeadline == nil {
2779
st.readDeadline = time.AfterFunc(deadline.Sub(time.Now()), st.onReadTimeout)
2781
st.readDeadline.Reset(deadline.Sub(time.Now()))
2787
func (w *responseWriter) SetWriteDeadline(deadline time.Time) error {
2789
if !deadline.IsZero() && deadline.Before(time.Now()) {
2790
// If we're setting a deadline in the past, reset the stream immediately
2791
// so writes after SetWriteDeadline returns will fail.
2795
w.rws.conn.sendServeMsg(func(sc *serverConn) {
2796
if st.writeDeadline != nil {
2797
if !st.writeDeadline.Stop() {
2798
// Deadline already exceeded, or stream has been closed.
2802
if deadline.IsZero() {
2803
st.writeDeadline = nil
2804
} else if st.writeDeadline == nil {
2805
st.writeDeadline = time.AfterFunc(deadline.Sub(time.Now()), st.onWriteTimeout)
2807
st.writeDeadline.Reset(deadline.Sub(time.Now()))
2813
func (w *responseWriter) Flush() {
2817
func (w *responseWriter) FlushError() error {
2820
panic("Header called after Handler finished")
2823
if rws.bw.Buffered() > 0 {
2824
err = rws.bw.Flush()
2826
// The bufio.Writer won't call chunkWriter.Write
2827
// (writeChunk with zero bytes), so we have to do it
2828
// ourselves to force the HTTP response header and/or
2829
// final DATA frame (with END_STREAM) to be sent.
2830
_, err = chunkWriter{rws}.Write(nil)
2833
case <-rws.stream.cw:
2834
err = rws.stream.closeErr
2842
func (w *responseWriter) CloseNotify() <-chan bool {
2845
panic("CloseNotify called after Handler finished")
2847
rws.closeNotifierMu.Lock()
2848
ch := rws.closeNotifierCh
2850
ch = make(chan bool, 1)
2851
rws.closeNotifierCh = ch
2854
cw.Wait() // wait for close
2858
rws.closeNotifierMu.Unlock()
2862
func (w *responseWriter) Header() http.Header {
2865
panic("Header called after Handler finished")
2867
if rws.handlerHeader == nil {
2868
rws.handlerHeader = make(http.Header)
2870
return rws.handlerHeader
2873
// checkWriteHeaderCode is a copy of net/http's checkWriteHeaderCode.
2874
func checkWriteHeaderCode(code int) {
2875
// Issue 22880: require valid WriteHeader status codes.
2876
// For now we only enforce that it's three digits.
2877
// In the future we might block things over 599 (600 and above aren't defined
2878
// at http://httpwg.org/specs/rfc7231.html#status.codes).
2879
// But for now any three digits.
2881
// We used to send "HTTP/1.1 000 0" on the wire in responses but there's
2882
// no equivalent bogus thing we can realistically send in HTTP/2,
2883
// so we'll consistently panic instead and help people find their bugs
2884
// early. (We can't return an error from WriteHeader even if we wanted to.)
2885
if code < 100 || code > 999 {
2886
panic(fmt.Sprintf("invalid WriteHeader code %v", code))
2890
func (w *responseWriter) WriteHeader(code int) {
2893
panic("WriteHeader called after Handler finished")
2895
rws.writeHeader(code)
2898
func (rws *responseWriterState) writeHeader(code int) {
2899
if rws.wroteHeader {
2903
checkWriteHeaderCode(code)
2905
// Handle informational headers
2906
if code >= 100 && code <= 199 {
2907
// Per RFC 8297 we must not clear the current header map
2908
h := rws.handlerHeader
2910
_, cl := h["Content-Length"]
2911
_, te := h["Transfer-Encoding"]
2914
h.Del("Content-Length")
2915
h.Del("Transfer-Encoding")
2918
rws.conn.writeHeaders(rws.stream, &writeResHeaders{
2919
streamID: rws.stream.id,
2922
endStream: rws.handlerDone && !rws.hasTrailers(),
2928
rws.wroteHeader = true
2930
if len(rws.handlerHeader) > 0 {
2931
rws.snapHeader = cloneHeader(rws.handlerHeader)
2935
func cloneHeader(h http.Header) http.Header {
2936
h2 := make(http.Header, len(h))
2937
for k, vv := range h {
2938
vv2 := make([]string, len(vv))
2945
// The Life Of A Write is like this:
2947
// * Handler calls w.Write or w.WriteString ->
2948
// * -> rws.bw (*bufio.Writer) ->
2949
// * (Handler might call Flush)
2950
// * -> chunkWriter{rws}
2951
// * -> responseWriterState.writeChunk(p []byte)
2952
// * -> responseWriterState.writeChunk (most of the magic; see comment there)
2953
func (w *responseWriter) Write(p []byte) (n int, err error) {
2954
return w.write(len(p), p, "")
2957
func (w *responseWriter) WriteString(s string) (n int, err error) {
2958
return w.write(len(s), nil, s)
2961
// either dataB or dataS is non-zero.
2962
func (w *responseWriter) write(lenData int, dataB []byte, dataS string) (n int, err error) {
2965
panic("Write called after Handler finished")
2967
if !rws.wroteHeader {
2970
if !bodyAllowedForStatus(rws.status) {
2971
return 0, http.ErrBodyNotAllowed
2973
rws.wroteBytes += int64(len(dataB)) + int64(len(dataS)) // only one can be set
2974
if rws.sentContentLen != 0 && rws.wroteBytes > rws.sentContentLen {
2975
// TODO: send a RST_STREAM
2976
return 0, errors.New("http2: handler wrote more than declared Content-Length")
2980
return rws.bw.Write(dataB)
2982
return rws.bw.WriteString(dataS)
2986
func (w *responseWriter) handlerDone() {
2988
rws.handlerDone = true
2991
responseWriterStatePool.Put(rws)
2996
ErrRecursivePush = errors.New("http2: recursive push not allowed")
2997
ErrPushLimitReached = errors.New("http2: push would exceed peer's SETTINGS_MAX_CONCURRENT_STREAMS")
3000
var _ http.Pusher = (*responseWriter)(nil)
3002
func (w *responseWriter) Push(target string, opts *http.PushOptions) error {
3005
sc.serveG.checkNotOn()
3007
// No recursive pushes: "PUSH_PROMISE frames MUST only be sent on a peer-initiated stream."
3008
// http://tools.ietf.org/html/rfc7540#section-6.6
3010
return ErrRecursivePush
3014
opts = new(http.PushOptions)
3018
if opts.Method == "" {
3021
if opts.Header == nil {
3022
opts.Header = http.Header{}
3024
wantScheme := "http"
3025
if w.rws.req.TLS != nil {
3026
wantScheme = "https"
3029
// Validate the request.
3030
u, err := url.Parse(target)
3035
if !strings.HasPrefix(target, "/") {
3036
return fmt.Errorf("target must be an absolute URL or an absolute path: %q", target)
3038
u.Scheme = wantScheme
3039
u.Host = w.rws.req.Host
3041
if u.Scheme != wantScheme {
3042
return fmt.Errorf("cannot push URL with scheme %q from request with scheme %q", u.Scheme, wantScheme)
3045
return errors.New("URL must have a host")
3048
for k := range opts.Header {
3049
if strings.HasPrefix(k, ":") {
3050
return fmt.Errorf("promised request headers cannot include pseudo header %q", k)
3052
// These headers are meaningful only if the request has a body,
3053
// but PUSH_PROMISE requests cannot have a body.
3054
// http://tools.ietf.org/html/rfc7540#section-8.2
3055
// Also disallow Host, since the promised URL must be absolute.
3056
if asciiEqualFold(k, "content-length") ||
3057
asciiEqualFold(k, "content-encoding") ||
3058
asciiEqualFold(k, "trailer") ||
3059
asciiEqualFold(k, "te") ||
3060
asciiEqualFold(k, "expect") ||
3061
asciiEqualFold(k, "host") {
3062
return fmt.Errorf("promised request headers cannot include %q", k)
3065
if err := checkValidHTTP2RequestHeaders(opts.Header); err != nil {
3069
// The RFC effectively limits promised requests to GET and HEAD:
3070
// "Promised requests MUST be cacheable [GET, HEAD, or POST], and MUST be safe [GET or HEAD]"
3071
// http://tools.ietf.org/html/rfc7540#section-8.2
3072
if opts.Method != "GET" && opts.Method != "HEAD" {
3073
return fmt.Errorf("method %q must be GET or HEAD", opts.Method)
3076
msg := &startPushRequest{
3078
method: opts.Method,
3080
header: cloneHeader(opts.Header),
3081
done: errChanPool.Get().(chan error),
3085
case <-sc.doneServing:
3086
return errClientDisconnected
3088
return errStreamClosed
3089
case sc.serveMsgCh <- msg:
3093
case <-sc.doneServing:
3094
return errClientDisconnected
3096
return errStreamClosed
3097
case err := <-msg.done:
3098
errChanPool.Put(msg.done)
3103
type startPushRequest struct {
3111
func (sc *serverConn) startPush(msg *startPushRequest) {
3114
// http://tools.ietf.org/html/rfc7540#section-6.6.
3115
// PUSH_PROMISE frames MUST only be sent on a peer-initiated stream that
3116
// is in either the "open" or "half-closed (remote)" state.
3117
if msg.parent.state != stateOpen && msg.parent.state != stateHalfClosedRemote {
3118
// responseWriter.Push checks that the stream is peer-initiated.
3119
msg.done <- errStreamClosed
3123
// http://tools.ietf.org/html/rfc7540#section-6.6.
3124
if !sc.pushEnabled {
3125
msg.done <- http.ErrNotSupported
3129
// PUSH_PROMISE frames must be sent in increasing order by stream ID, so
3130
// we allocate an ID for the promised stream lazily, when the PUSH_PROMISE
3131
// is written. Once the ID is allocated, we start the request handler.
3132
allocatePromisedID := func() (uint32, error) {
3135
// Check this again, just in case. Technically, we might have received
3136
// an updated SETTINGS by the time we got around to writing this frame.
3137
if !sc.pushEnabled {
3138
return 0, http.ErrNotSupported
3140
// http://tools.ietf.org/html/rfc7540#section-6.5.2.
3141
if sc.curPushedStreams+1 > sc.clientMaxStreams {
3142
return 0, ErrPushLimitReached
3145
// http://tools.ietf.org/html/rfc7540#section-5.1.1.
3146
// Streams initiated by the server MUST use even-numbered identifiers.
3147
// A server that is unable to establish a new stream identifier can send a GOAWAY
3148
// frame so that the client is forced to open a new connection for new streams.
3149
if sc.maxPushPromiseID+2 >= 1<<31 {
3150
sc.startGracefulShutdownInternal()
3151
return 0, ErrPushLimitReached
3153
sc.maxPushPromiseID += 2
3154
promisedID := sc.maxPushPromiseID
3156
// http://tools.ietf.org/html/rfc7540#section-8.2.
3157
// Strictly speaking, the new stream should start in "reserved (local)", then
3158
// transition to "half closed (remote)" after sending the initial HEADERS, but
3159
// we start in "half closed (remote)" for simplicity.
3160
// See further comments at the definition of stateHalfClosedRemote.
3161
promised := sc.newStream(promisedID, msg.parent.id, stateHalfClosedRemote)
3162
rw, req, err := sc.newWriterAndRequestNoBody(promised, requestParam{
3164
scheme: msg.url.Scheme,
3165
authority: msg.url.Host,
3166
path: msg.url.RequestURI(),
3167
header: cloneHeader(msg.header), // clone since handler runs concurrently with writing the PUSH_PROMISE
3170
// Should not happen, since we've already validated msg.url.
3171
panic(fmt.Sprintf("newWriterAndRequestNoBody(%+v): %v", msg.url, err))
3175
go sc.runHandler(rw, req, sc.handler.ServeHTTP)
3176
return promisedID, nil
3179
sc.writeFrame(FrameWriteRequest{
3180
write: &writePushPromise{
3181
streamID: msg.parent.id,
3185
allocatePromisedID: allocatePromisedID,
3192
// foreachHeaderElement splits v according to the "#rule" construction
3193
// in RFC 7230 section 7 and calls fn for each non-empty element.
3194
func foreachHeaderElement(v string, fn func(string)) {
3195
v = textproto.TrimString(v)
3199
if !strings.Contains(v, ",") {
3203
for _, f := range strings.Split(v, ",") {
3204
if f = textproto.TrimString(f); f != "" {
3210
// From http://httpwg.org/specs/rfc7540.html#rfc.section.8.1.2.2
3211
var connHeaders = []string{
3215
"Transfer-Encoding",
3219
// checkValidHTTP2RequestHeaders checks whether h is a valid HTTP/2 request,
3220
// per RFC 7540 Section 8.1.2.2.
3221
// The returned error is reported to users.
3222
func checkValidHTTP2RequestHeaders(h http.Header) error {
3223
for _, k := range connHeaders {
3224
if _, ok := h[k]; ok {
3225
return fmt.Errorf("request header %q is not valid in HTTP/2", k)
3229
if len(te) > 0 && (len(te) > 1 || (te[0] != "trailers" && te[0] != "")) {
3230
return errors.New(`request header "TE" may only be "trailers" in HTTP/2`)
3235
func new400Handler(err error) http.HandlerFunc {
3236
return func(w http.ResponseWriter, r *http.Request) {
3237
http.Error(w, err.Error(), http.StatusBadRequest)
3241
// h1ServerKeepAlivesDisabled reports whether hs has its keep-alives
3242
// disabled. See comments on h1ServerShutdownChan above for why
3243
// the code is written this way.
3244
func h1ServerKeepAlivesDisabled(hs *http.Server) bool {
3245
var x interface{} = hs
3249
if hs, ok := x.(I); ok {
3250
return !hs.doKeepAlives()
3255
func (sc *serverConn) countError(name string, err error) error {
3256
if sc == nil || sc.srv == nil {
3259
f := sc.srv.CountError
3265
switch e := err.(type) {
3266
case ConnectionError:
3271
code = ErrCode(e.Code)
3275
codeStr := errCodeName[code]
3277
codeStr = strconv.Itoa(int(code))
3279
f(fmt.Sprintf("%s_%s_%s", typ, codeStr, name))