diff options
Diffstat (limited to 'vendor/golang.org/x/net/http2/h2c')
-rw-r--r-- | vendor/golang.org/x/net/http2/h2c/h2c.go | 396 |
1 files changed, 60 insertions, 336 deletions
diff --git a/vendor/golang.org/x/net/http2/h2c/h2c.go b/vendor/golang.org/x/net/http2/h2c/h2c.go index c0970d84..c3df711d 100644 --- a/vendor/golang.org/x/net/http2/h2c/h2c.go +++ b/vendor/golang.org/x/net/http2/h2c/h2c.go @@ -12,7 +12,6 @@ import ( "bufio" "bytes" "encoding/base64" - "encoding/binary" "errors" "fmt" "io" @@ -25,7 +24,6 @@ import ( "golang.org/x/net/http/httpguts" "golang.org/x/net/http2" - "golang.org/x/net/http2/hpack" ) var ( @@ -61,6 +59,10 @@ type h2cHandler struct { // Once a request is recognized as h2c, we hijack the connection and convert it // to an HTTP/2 connection which is understandable to s.ServeConn. (s.ServeConn // understands HTTP/2 except for the h2c part of it.) +// +// The first request on an h2c connection is read entirely into memory before +// the Handler is called. To limit the memory consumed by this request, wrap +// the result of NewHandler in an http.MaxBytesHandler. func NewHandler(h http.Handler, s *http2.Server) http.Handler { return &h2cHandler{ Handler: h, @@ -83,24 +85,31 @@ func (s h2cHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { return } defer conn.Close() - s.s.ServeConn(conn, &http2.ServeConnOpts{ - Context: r.Context(), - Handler: s.Handler, + Context: r.Context(), + Handler: s.Handler, + SawClientPreface: true, }) return } // Handle Upgrade to h2c (RFC 7540 Section 3.2) - if conn, err := h2cUpgrade(w, r); err == nil { + if isH2CUpgrade(r.Header) { + conn, settings, err := h2cUpgrade(w, r) + if err != nil { + if http2VerboseLogs { + log.Printf("h2c: error h2c upgrade: %v", err) + } + return + } defer conn.Close() - s.s.ServeConn(conn, &http2.ServeConnOpts{ - Context: r.Context(), - Handler: s.Handler, + Context: r.Context(), + Handler: s.Handler, + UpgradeRequest: r, + Settings: settings, }) return } - s.Handler.ServeHTTP(w, r) return } @@ -113,11 +122,11 @@ func (s h2cHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { func initH2CWithPriorKnowledge(w http.ResponseWriter) (net.Conn, error) { hijacker, ok := w.(http.Hijacker) if !ok { - panic("Hijack not supported.") + return nil, errors.New("h2c: connection does not support Hijack") } conn, rw, err := hijacker.Hijack() if err != nil { - panic(fmt.Sprintf("Hijack failed: %v", err)) + return nil, err } const expectedBody = "SM\r\n\r\n" @@ -125,249 +134,40 @@ func initH2CWithPriorKnowledge(w http.ResponseWriter) (net.Conn, error) { buf := make([]byte, len(expectedBody)) n, err := io.ReadFull(rw, buf) if err != nil { - return nil, fmt.Errorf("could not read from the buffer: %s", err) + return nil, fmt.Errorf("h2c: error reading client preface: %s", err) } if string(buf[:n]) == expectedBody { - c := &rwConn{ - Conn: conn, - Reader: io.MultiReader(strings.NewReader(http2.ClientPreface), rw), - BufWriter: rw.Writer, - } - return c, nil + return newBufConn(conn, rw), nil } conn.Close() - if http2VerboseLogs { - log.Printf( - "h2c: missing the request body portion of the client preface. Wanted: %v Got: %v", - []byte(expectedBody), - buf[0:n], - ) - } - return nil, errors.New("invalid client preface") -} - -// drainClientPreface reads a single instance of the HTTP/2 client preface from -// the supplied reader. -func drainClientPreface(r io.Reader) error { - var buf bytes.Buffer - prefaceLen := int64(len(http2.ClientPreface)) - n, err := io.CopyN(&buf, r, prefaceLen) - if err != nil { - return err - } - if n != prefaceLen || buf.String() != http2.ClientPreface { - return fmt.Errorf("Client never sent: %s", http2.ClientPreface) - } - return nil + return nil, errors.New("h2c: invalid client preface") } // h2cUpgrade establishes a h2c connection using the HTTP/1 upgrade (Section 3.2). -func h2cUpgrade(w http.ResponseWriter, r *http.Request) (net.Conn, error) { - if !isH2CUpgrade(r.Header) { - return nil, errors.New("non-conforming h2c headers") - } - - // Initial bytes we put into conn to fool http2 server - initBytes, _, err := convertH1ReqToH2(r) +func h2cUpgrade(w http.ResponseWriter, r *http.Request) (_ net.Conn, settings []byte, err error) { + settings, err = getH2Settings(r.Header) if err != nil { - return nil, err + return nil, nil, err } - hijacker, ok := w.(http.Hijacker) if !ok { - return nil, errors.New("hijack not supported.") + return nil, nil, errors.New("h2c: connection does not support Hijack") } + + body, _ := io.ReadAll(r.Body) + r.Body = io.NopCloser(bytes.NewBuffer(body)) + conn, rw, err := hijacker.Hijack() if err != nil { - return nil, fmt.Errorf("hijack failed: %v", err) + return nil, nil, err } rw.Write([]byte("HTTP/1.1 101 Switching Protocols\r\n" + "Connection: Upgrade\r\n" + "Upgrade: h2c\r\n\r\n")) - rw.Flush() - - // A conforming client will now send an H2 client preface which need to drain - // since we already sent this. - if err := drainClientPreface(rw); err != nil { - return nil, err - } - - c := &rwConn{ - Conn: conn, - Reader: io.MultiReader(initBytes, rw), - BufWriter: newSettingsAckSwallowWriter(rw.Writer), - } - return c, nil -} - -// convert the data contained in the HTTP/1 upgrade request into the HTTP/2 -// version in byte form. -func convertH1ReqToH2(r *http.Request) (*bytes.Buffer, []http2.Setting, error) { - h2Bytes := bytes.NewBuffer([]byte((http2.ClientPreface))) - framer := http2.NewFramer(h2Bytes, nil) - settings, err := getH2Settings(r.Header) - if err != nil { - return nil, nil, err - } - - if err := framer.WriteSettings(settings...); err != nil { - return nil, nil, err - } - - headerBytes, err := getH2HeaderBytes(r, getMaxHeaderTableSize(settings)) - if err != nil { - return nil, nil, err - } - - maxFrameSize := int(getMaxFrameSize(settings)) - needOneHeader := len(headerBytes) < maxFrameSize - err = framer.WriteHeaders(http2.HeadersFrameParam{ - StreamID: 1, - BlockFragment: headerBytes, - EndHeaders: needOneHeader, - }) - if err != nil { - return nil, nil, err - } - - for i := maxFrameSize; i < len(headerBytes); i += maxFrameSize { - if len(headerBytes)-i > maxFrameSize { - if err := framer.WriteContinuation(1, - false, // endHeaders - headerBytes[i:maxFrameSize]); err != nil { - return nil, nil, err - } - } else { - if err := framer.WriteContinuation(1, - true, // endHeaders - headerBytes[i:]); err != nil { - return nil, nil, err - } - } - } - - return h2Bytes, settings, nil -} - -// getMaxFrameSize returns the SETTINGS_MAX_FRAME_SIZE. If not present default -// value is 16384 as specified by RFC 7540 Section 6.5.2. -func getMaxFrameSize(settings []http2.Setting) uint32 { - for _, setting := range settings { - if setting.ID == http2.SettingMaxFrameSize { - return setting.Val - } - } - return 16384 -} - -// getMaxHeaderTableSize returns the SETTINGS_HEADER_TABLE_SIZE. If not present -// default value is 4096 as specified by RFC 7540 Section 6.5.2. -func getMaxHeaderTableSize(settings []http2.Setting) uint32 { - for _, setting := range settings { - if setting.ID == http2.SettingHeaderTableSize { - return setting.Val - } - } - return 4096 -} - -// bufWriter is a Writer interface that also has a Flush method. -type bufWriter interface { - io.Writer - Flush() error -} - -// rwConn implements net.Conn but overrides Read and Write so that reads and -// writes are forwarded to the provided io.Reader and bufWriter. -type rwConn struct { - net.Conn - io.Reader - BufWriter bufWriter -} - -// Read forwards reads to the underlying Reader. -func (c *rwConn) Read(p []byte) (int, error) { - return c.Reader.Read(p) -} - -// Write forwards writes to the underlying bufWriter and immediately flushes. -func (c *rwConn) Write(p []byte) (int, error) { - n, err := c.BufWriter.Write(p) - if err := c.BufWriter.Flush(); err != nil { - return 0, err - } - return n, err -} - -// settingsAckSwallowWriter is a writer that normally forwards bytes to its -// underlying Writer, but swallows the first SettingsAck frame that it sees. -type settingsAckSwallowWriter struct { - Writer *bufio.Writer - buf []byte - didSwallow bool -} - -// newSettingsAckSwallowWriter returns a new settingsAckSwallowWriter. -func newSettingsAckSwallowWriter(w *bufio.Writer) *settingsAckSwallowWriter { - return &settingsAckSwallowWriter{ - Writer: w, - buf: make([]byte, 0), - didSwallow: false, - } -} - -// Write implements io.Writer interface. Normally forwards bytes to w.Writer, -// except for the first Settings ACK frame that it sees. -func (w *settingsAckSwallowWriter) Write(p []byte) (int, error) { - if !w.didSwallow { - w.buf = append(w.buf, p...) - // Process all the frames we have collected into w.buf - for { - // Append until we get full frame header which is 9 bytes - if len(w.buf) < 9 { - break - } - // Check if we have collected a whole frame. - fh, err := http2.ReadFrameHeader(bytes.NewBuffer(w.buf)) - if err != nil { - // Corrupted frame, fail current Write - return 0, err - } - fSize := fh.Length + 9 - if uint32(len(w.buf)) < fSize { - // Have not collected whole frame. Stop processing buf, and withhold on - // forward bytes to w.Writer until we get the full frame. - break - } - - // We have now collected a whole frame. - if fh.Type == http2.FrameSettings && fh.Flags.Has(http2.FlagSettingsAck) { - // If Settings ACK frame, do not forward to underlying writer, remove - // bytes from w.buf, and record that we have swallowed Settings Ack - // frame. - w.didSwallow = true - w.buf = w.buf[fSize:] - continue - } - - // Not settings ack frame. Forward bytes to w.Writer. - if _, err := w.Writer.Write(w.buf[:fSize]); err != nil { - // Couldn't forward bytes. Fail current Write. - return 0, err - } - w.buf = w.buf[fSize:] - } - return len(p), nil - } - return w.Writer.Write(p) -} - -// Flush calls w.Writer.Flush. -func (w *settingsAckSwallowWriter) Flush() error { - return w.Writer.Flush() + return newBufConn(conn, rw), settings, nil } // isH2CUpgrade returns true if the header properly request an upgrade to h2c @@ -377,9 +177,8 @@ func isH2CUpgrade(h http.Header) bool { httpguts.HeaderValuesContainsToken(h[textproto.CanonicalMIMEHeaderKey("Connection")], "HTTP2-Settings") } -// getH2Settings returns the []http2.Setting that are encoded in the -// HTTP2-Settings header. -func getH2Settings(h http.Header) ([]http2.Setting, error) { +// getH2Settings returns the settings in the HTTP2-Settings header. +func getH2Settings(h http.Header) ([]byte, error) { vals, ok := h[textproto.CanonicalMIMEHeaderKey("HTTP2-Settings")] if !ok { return nil, errors.New("missing HTTP2-Settings header") @@ -387,115 +186,40 @@ func getH2Settings(h http.Header) ([]http2.Setting, error) { if len(vals) != 1 { return nil, fmt.Errorf("expected 1 HTTP2-Settings. Got: %v", vals) } - settings, err := decodeSettings(vals[0]) - if err != nil { - return nil, fmt.Errorf("Invalid HTTP2-Settings: %q", vals[0]) - } - return settings, nil -} - -// decodeSettings decodes the base64url header value of the HTTP2-Settings -// header. RFC 7540 Section 3.2.1. -func decodeSettings(headerVal string) ([]http2.Setting, error) { - b, err := base64.RawURLEncoding.DecodeString(headerVal) + settings, err := base64.RawURLEncoding.DecodeString(vals[0]) if err != nil { return nil, err } - if len(b)%6 != 0 { - return nil, err - } - settings := make([]http2.Setting, 0) - for i := 0; i < len(b)/6; i++ { - settings = append(settings, http2.Setting{ - ID: http2.SettingID(binary.BigEndian.Uint16(b[i*6 : i*6+2])), - Val: binary.BigEndian.Uint32(b[i*6+2 : i*6+6]), - }) - } - return settings, nil } -// getH2HeaderBytes return the headers in r a []bytes encoded by HPACK. -func getH2HeaderBytes(r *http.Request, maxHeaderTableSize uint32) ([]byte, error) { - headerBytes := bytes.NewBuffer(nil) - hpackEnc := hpack.NewEncoder(headerBytes) - hpackEnc.SetMaxDynamicTableSize(maxHeaderTableSize) - - // Section 8.1.2.3 - err := hpackEnc.WriteField(hpack.HeaderField{ - Name: ":method", - Value: r.Method, - }) - if err != nil { - return nil, err - } - - err = hpackEnc.WriteField(hpack.HeaderField{ - Name: ":scheme", - Value: "http", - }) - if err != nil { - return nil, err - } - - err = hpackEnc.WriteField(hpack.HeaderField{ - Name: ":authority", - Value: r.Host, - }) - if err != nil { - return nil, err - } - - path := r.URL.Path - if r.URL.RawQuery != "" { - path = strings.Join([]string{path, r.URL.RawQuery}, "?") - } - err = hpackEnc.WriteField(hpack.HeaderField{ - Name: ":path", - Value: path, - }) - if err != nil { - return nil, err - } - - // TODO Implement Section 8.3 - - for header, values := range r.Header { - // Skip non h2 headers - if isNonH2Header(header) { - continue - } - for _, v := range values { - err := hpackEnc.WriteField(hpack.HeaderField{ - Name: strings.ToLower(header), - Value: v, - }) - if err != nil { - return nil, err - } - } +func newBufConn(conn net.Conn, rw *bufio.ReadWriter) net.Conn { + rw.Flush() + if rw.Reader.Buffered() == 0 { + // If there's no buffered data to be read, + // we can just discard the bufio.ReadWriter. + return conn } - return headerBytes.Bytes(), nil + return &bufConn{conn, rw.Reader} } -// Connection specific headers listed in RFC 7540 Section 8.1.2.2 that are not -// suppose to be transferred to HTTP/2. The Http2-Settings header is skipped -// since already use to create the HTTP/2 SETTINGS frame. -var nonH2Headers = []string{ - "Connection", - "Keep-Alive", - "Proxy-Connection", - "Transfer-Encoding", - "Upgrade", - "Http2-Settings", +// bufConn wraps a net.Conn, but reads drain the bufio.Reader first. +type bufConn struct { + net.Conn + *bufio.Reader } -// isNonH2Header returns true if header should not be transferred to HTTP/2. -func isNonH2Header(header string) bool { - for _, nonH2h := range nonH2Headers { - if header == nonH2h { - return true - } +func (c *bufConn) Read(p []byte) (int, error) { + if c.Reader == nil { + return c.Conn.Read(p) + } + n := c.Reader.Buffered() + if n == 0 { + c.Reader = nil + return c.Conn.Read(p) } - return false + if n < len(p) { + p = p[:n] + } + return c.Reader.Read(p) } |