frame.go

     1  // Copyright 2014 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package http2
     6  
     7  import (
     8  	"bytes"
     9  	"encoding/binary"
    10  	"errors"
    11  	"fmt"
    12  	"io"
    13  	"log"
    14  	"slices"
    15  	"strings"
    16  	"sync"
    17  
    18  	"net/http/internal/httpsfv"
    19  
    20  	"golang.org/x/net/http2/hpack"
    21  
    22  	"golang.org/x/net/http/httpguts"
    23  )
    24  
    25  const frameHeaderLen = 9
    26  
    27  var padZeros = make([]byte, 255) // zeros for padding
    28  
    29  // A FrameType is a registered frame type as defined in
    30  // https://httpwg.org/specs/rfc7540.html#rfc.section.11.2 and other future
    31  // RFCs.
    32  type FrameType uint8
    33  
    34  const (
    35  	FrameData           FrameType = 0x0
    36  	FrameHeaders        FrameType = 0x1
    37  	FramePriority       FrameType = 0x2
    38  	FrameRSTStream      FrameType = 0x3
    39  	FrameSettings       FrameType = 0x4
    40  	FramePushPromise    FrameType = 0x5
    41  	FramePing           FrameType = 0x6
    42  	FrameGoAway         FrameType = 0x7
    43  	FrameWindowUpdate   FrameType = 0x8
    44  	FrameContinuation   FrameType = 0x9
    45  	FramePriorityUpdate FrameType = 0x10
    46  )
    47  
    48  var frameNames = [...]string{
    49  	FrameData:           "DATA",
    50  	FrameHeaders:        "HEADERS",
    51  	FramePriority:       "PRIORITY",
    52  	FrameRSTStream:      "RST_STREAM",
    53  	FrameSettings:       "SETTINGS",
    54  	FramePushPromise:    "PUSH_PROMISE",
    55  	FramePing:           "PING",
    56  	FrameGoAway:         "GOAWAY",
    57  	FrameWindowUpdate:   "WINDOW_UPDATE",
    58  	FrameContinuation:   "CONTINUATION",
    59  	FramePriorityUpdate: "PRIORITY_UPDATE",
    60  }
    61  
    62  func (t FrameType) String() string {
    63  	if int(t) < len(frameNames) {
    64  		return frameNames[t]
    65  	}
    66  	return fmt.Sprintf("UNKNOWN_FRAME_TYPE_%d", t)
    67  }
    68  
    69  // Flags is a bitmask of HTTP/2 flags.
    70  // The meaning of flags varies depending on the frame type.
    71  type Flags uint8
    72  
    73  // Has reports whether f contains all (0 or more) flags in v.
    74  func (f Flags) Has(v Flags) bool {
    75  	return (f & v) == v
    76  }
    77  
    78  // Frame-specific FrameHeader flag bits.
    79  const (
    80  	// Data Frame
    81  	FlagDataEndStream Flags = 0x1
    82  	FlagDataPadded    Flags = 0x8
    83  
    84  	// Headers Frame
    85  	FlagHeadersEndStream  Flags = 0x1
    86  	FlagHeadersEndHeaders Flags = 0x4
    87  	FlagHeadersPadded     Flags = 0x8
    88  	FlagHeadersPriority   Flags = 0x20
    89  
    90  	// Settings Frame
    91  	FlagSettingsAck Flags = 0x1
    92  
    93  	// Ping Frame
    94  	FlagPingAck Flags = 0x1
    95  
    96  	// Continuation Frame
    97  	FlagContinuationEndHeaders Flags = 0x4
    98  
    99  	FlagPushPromiseEndHeaders Flags = 0x4
   100  	FlagPushPromisePadded     Flags = 0x8
   101  )
   102  
   103  var flagName = map[FrameType]map[Flags]string{
   104  	FrameData: {
   105  		FlagDataEndStream: "END_STREAM",
   106  		FlagDataPadded:    "PADDED",
   107  	},
   108  	FrameHeaders: {
   109  		FlagHeadersEndStream:  "END_STREAM",
   110  		FlagHeadersEndHeaders: "END_HEADERS",
   111  		FlagHeadersPadded:     "PADDED",
   112  		FlagHeadersPriority:   "PRIORITY",
   113  	},
   114  	FrameSettings: {
   115  		FlagSettingsAck: "ACK",
   116  	},
   117  	FramePing: {
   118  		FlagPingAck: "ACK",
   119  	},
   120  	FrameContinuation: {
   121  		FlagContinuationEndHeaders: "END_HEADERS",
   122  	},
   123  	FramePushPromise: {
   124  		FlagPushPromiseEndHeaders: "END_HEADERS",
   125  		FlagPushPromisePadded:     "PADDED",
   126  	},
   127  }
   128  
   129  // a frameParser parses a frame given its FrameHeader and payload
   130  // bytes. The length of payload will always equal fh.Length (which
   131  // might be 0).
   132  type frameParser func(fc *frameCache, fh FrameHeader, countError func(string), payload []byte) (Frame, error)
   133  
   134  var frameParsers = [...]frameParser{
   135  	FrameData:           parseDataFrame,
   136  	FrameHeaders:        parseHeadersFrame,
   137  	FramePriority:       parsePriorityFrame,
   138  	FrameRSTStream:      parseRSTStreamFrame,
   139  	FrameSettings:       parseSettingsFrame,
   140  	FramePushPromise:    parsePushPromise,
   141  	FramePing:           parsePingFrame,
   142  	FrameGoAway:         parseGoAwayFrame,
   143  	FrameWindowUpdate:   parseWindowUpdateFrame,
   144  	FrameContinuation:   parseContinuationFrame,
   145  	FramePriorityUpdate: parsePriorityUpdateFrame,
   146  }
   147  
   148  func typeFrameParser(t FrameType) frameParser {
   149  	if int(t) < len(frameParsers) {
   150  		if f := frameParsers[t]; f != nil {
   151  			return f
   152  		}
   153  	}
   154  	return parseUnknownFrame
   155  }
   156  
   157  // A FrameHeader is the 9 byte header of all HTTP/2 frames.
   158  //
   159  // See https://httpwg.org/specs/rfc7540.html#FrameHeader
   160  type FrameHeader struct {
   161  	valid bool // caller can access []byte fields in the Frame
   162  
   163  	// Type is the 1 byte frame type. There are ten standard frame
   164  	// types, but extension frame types may be written by WriteRawFrame
   165  	// and will be returned by ReadFrame (as UnknownFrame).
   166  	Type FrameType
   167  
   168  	// Flags are the 1 byte of 8 potential bit flags per frame.
   169  	// They are specific to the frame type.
   170  	Flags Flags
   171  
   172  	// Length is the length of the frame, not including the 9 byte header.
   173  	// The maximum size is one byte less than 16MB (uint24), but only
   174  	// frames up to 16KB are allowed without peer agreement.
   175  	Length uint32
   176  
   177  	// StreamID is which stream this frame is for. Certain frames
   178  	// are not stream-specific, in which case this field is 0.
   179  	StreamID uint32
   180  }
   181  
   182  // Header returns h. It exists so FrameHeaders can be embedded in other
   183  // specific frame types and implement the Frame interface.
   184  func (h FrameHeader) Header() FrameHeader { return h }
   185  
   186  func (h FrameHeader) String() string {
   187  	var buf bytes.Buffer
   188  	buf.WriteString("[FrameHeader ")
   189  	h.writeDebug(&buf)
   190  	buf.WriteByte(']')
   191  	return buf.String()
   192  }
   193  
   194  func (h FrameHeader) writeDebug(buf *bytes.Buffer) {
   195  	buf.WriteString(h.Type.String())
   196  	if h.Flags != 0 {
   197  		buf.WriteString(" flags=")
   198  		set := 0
   199  		for i := uint8(0); i < 8; i++ {
   200  			if h.Flags&(1<<i) == 0 {
   201  				continue
   202  			}
   203  			set++
   204  			if set > 1 {
   205  				buf.WriteByte('|')
   206  			}
   207  			name := flagName[h.Type][Flags(1<<i)]
   208  			if name != "" {
   209  				buf.WriteString(name)
   210  			} else {
   211  				fmt.Fprintf(buf, "0x%x", 1<<i)
   212  			}
   213  		}
   214  	}
   215  	if h.StreamID != 0 {
   216  		fmt.Fprintf(buf, " stream=%d", h.StreamID)
   217  	}
   218  	fmt.Fprintf(buf, " len=%d", h.Length)
   219  }
   220  
   221  func (h *FrameHeader) checkValid() {
   222  	if !h.valid {
   223  		panic("Frame accessor called on non-owned Frame")
   224  	}
   225  }
   226  
   227  func (h *FrameHeader) invalidate() { h.valid = false }
   228  
   229  // frame header bytes.
   230  // Used only by ReadFrameHeader.
   231  var fhBytes = sync.Pool{
   232  	New: func() interface{} {
   233  		buf := make([]byte, frameHeaderLen)
   234  		return &buf
   235  	},
   236  }
   237  
   238  func invalidHTTP1LookingFrameHeader() FrameHeader {
   239  	fh, _ := readFrameHeader(make([]byte, frameHeaderLen), strings.NewReader("HTTP/1.1 "))
   240  	return fh
   241  }
   242  
   243  // ReadFrameHeader reads 9 bytes from r and returns a FrameHeader.
   244  // Most users should use Framer.ReadFrame instead.
   245  func ReadFrameHeader(r io.Reader) (FrameHeader, error) {
   246  	bufp := fhBytes.Get().(*[]byte)
   247  	defer fhBytes.Put(bufp)
   248  	return readFrameHeader(*bufp, r)
   249  }
   250  
   251  func readFrameHeader(buf []byte, r io.Reader) (FrameHeader, error) {
   252  	_, err := io.ReadFull(r, buf[:frameHeaderLen])
   253  	if err != nil {
   254  		return FrameHeader{}, err
   255  	}
   256  	return FrameHeader{
   257  		Length:   (uint32(buf[0])<<16 | uint32(buf[1])<<8 | uint32(buf[2])),
   258  		Type:     FrameType(buf[3]),
   259  		Flags:    Flags(buf[4]),
   260  		StreamID: binary.BigEndian.Uint32(buf[5:]) & (1<<31 - 1),
   261  		valid:    true,
   262  	}, nil
   263  }
   264  
   265  // A Frame is the base interface implemented by all frame types.
   266  // Callers will generally type-assert the specific frame type:
   267  // *HeadersFrame, *SettingsFrame, *WindowUpdateFrame, etc.
   268  //
   269  // Frames are only valid until the next call to Framer.ReadFrame.
   270  type Frame interface {
   271  	Header() FrameHeader
   272  
   273  	// invalidate is called by Framer.ReadFrame to make this
   274  	// frame's buffers as being invalid, since the subsequent
   275  	// frame will reuse them.
   276  	invalidate()
   277  }
   278  
   279  // A Framer reads and writes Frames.
   280  type Framer struct {
   281  	r         io.Reader
   282  	lastFrame Frame
   283  	errDetail error
   284  
   285  	// countError is a non-nil func that's called on a frame parse
   286  	// error with some unique error path token. It's initialized
   287  	// from Transport.CountError or Server.CountError.
   288  	countError func(errToken string)
   289  
   290  	// lastHeaderStream is non-zero if the last frame was an
   291  	// unfinished HEADERS/CONTINUATION.
   292  	lastHeaderStream uint32
   293  	// lastFrameType holds the type of the last frame for verifying frame order.
   294  	lastFrameType FrameType
   295  
   296  	maxReadSize uint32
   297  	headerBuf   [frameHeaderLen]byte
   298  
   299  	// TODO: let getReadBuf be configurable, and use a less memory-pinning
   300  	// allocator in server.go to minimize memory pinned for many idle conns.
   301  	// Will probably also need to make frame invalidation have a hook too.
   302  	getReadBuf func(size uint32) []byte
   303  	readBuf    []byte // cache for default getReadBuf
   304  
   305  	maxWriteSize uint32 // zero means unlimited; TODO: implement
   306  
   307  	w    io.Writer
   308  	wbuf []byte
   309  
   310  	// AllowIllegalWrites permits the Framer's Write methods to
   311  	// write frames that do not conform to the HTTP/2 spec. This
   312  	// permits using the Framer to test other HTTP/2
   313  	// implementations' conformance to the spec.
   314  	// If false, the Write methods will prefer to return an error
   315  	// rather than comply.
   316  	AllowIllegalWrites bool
   317  
   318  	// AllowIllegalReads permits the Framer's ReadFrame method
   319  	// to return non-compliant frames or frame orders.
   320  	// This is for testing and permits using the Framer to test
   321  	// other HTTP/2 implementations' conformance to the spec.
   322  	// It is not compatible with ReadMetaHeaders.
   323  	AllowIllegalReads bool
   324  
   325  	// ReadMetaHeaders if non-nil causes ReadFrame to merge
   326  	// HEADERS and CONTINUATION frames together and return
   327  	// MetaHeadersFrame instead.
   328  	ReadMetaHeaders *hpack.Decoder
   329  
   330  	// MaxHeaderListSize is the http2 MAX_HEADER_LIST_SIZE.
   331  	// It's used only if ReadMetaHeaders is set; 0 means a sane default
   332  	// (currently 16MB)
   333  	// If the limit is hit, MetaHeadersFrame.Truncated is set true.
   334  	MaxHeaderListSize uint32
   335  
   336  	// TODO: track which type of frame & with which flags was sent
   337  	// last. Then return an error (unless AllowIllegalWrites) if
   338  	// we're in the middle of a header block and a
   339  	// non-Continuation or Continuation on a different stream is
   340  	// attempted to be written.
   341  
   342  	logReads, logWrites bool
   343  
   344  	debugFramer       *Framer // only use for logging written writes
   345  	debugFramerBuf    *bytes.Buffer
   346  	debugReadLoggerf  func(string, ...interface{})
   347  	debugWriteLoggerf func(string, ...interface{})
   348  
   349  	frameCache *frameCache // nil if frames aren't reused (default)
   350  }
   351  
   352  func (fr *Framer) maxHeaderListSize() uint32 {
   353  	if fr.MaxHeaderListSize == 0 {
   354  		return 16 << 20 // sane default, per docs
   355  	}
   356  	return fr.MaxHeaderListSize
   357  }
   358  
   359  func (f *Framer) startWrite(ftype FrameType, flags Flags, streamID uint32) {
   360  	// Write the FrameHeader.
   361  	f.wbuf = append(f.wbuf[:0],
   362  		0, // 3 bytes of length, filled in endWrite
   363  		0,
   364  		0,
   365  		byte(ftype),
   366  		byte(flags),
   367  		byte(streamID>>24),
   368  		byte(streamID>>16),
   369  		byte(streamID>>8),
   370  		byte(streamID))
   371  }
   372  
   373  func (f *Framer) endWrite() error {
   374  	// Now that we know the final size, fill in the FrameHeader in
   375  	// the space previously reserved for it. Abuse append.
   376  	length := len(f.wbuf) - frameHeaderLen
   377  	if length >= (1 << 24) {
   378  		return ErrFrameTooLarge
   379  	}
   380  	_ = append(f.wbuf[:0],
   381  		byte(length>>16),
   382  		byte(length>>8),
   383  		byte(length))
   384  	if f.logWrites {
   385  		f.logWrite()
   386  	}
   387  
   388  	n, err := f.w.Write(f.wbuf)
   389  	if err == nil && n != len(f.wbuf) {
   390  		err = io.ErrShortWrite
   391  	}
   392  	return err
   393  }
   394  
   395  func (f *Framer) logWrite() {
   396  	if f.debugFramer == nil {
   397  		f.debugFramerBuf = new(bytes.Buffer)
   398  		f.debugFramer = NewFramer(nil, f.debugFramerBuf)
   399  		f.debugFramer.logReads = false // we log it ourselves, saying "wrote" below
   400  		// Let us read anything, even if we accidentally wrote it
   401  		// in the wrong order:
   402  		f.debugFramer.AllowIllegalReads = true
   403  	}
   404  	f.debugFramerBuf.Write(f.wbuf)
   405  	fr, err := f.debugFramer.ReadFrame()
   406  	if err != nil {
   407  		f.debugWriteLoggerf("http2: Framer %p: failed to decode just-written frame", f)
   408  		return
   409  	}
   410  	f.debugWriteLoggerf("http2: Framer %p: wrote %v", f, summarizeFrame(fr))
   411  }
   412  
   413  func (f *Framer) writeByte(v byte)     { f.wbuf = append(f.wbuf, v) }
   414  func (f *Framer) writeBytes(v []byte)  { f.wbuf = append(f.wbuf, v...) }
   415  func (f *Framer) writeUint16(v uint16) { f.wbuf = append(f.wbuf, byte(v>>8), byte(v)) }
   416  func (f *Framer) writeUint32(v uint32) {
   417  	f.wbuf = append(f.wbuf, byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
   418  }
   419  
   420  const (
   421  	minMaxFrameSize = 1 << 14
   422  	maxFrameSize    = 1<<24 - 1
   423  )
   424  
   425  // SetReuseFrames allows the Framer to reuse Frames.
   426  // If called on a Framer, Frames returned by calls to ReadFrame are only
   427  // valid until the next call to ReadFrame.
   428  func (fr *Framer) SetReuseFrames() {
   429  	if fr.frameCache != nil {
   430  		return
   431  	}
   432  	fr.frameCache = &frameCache{}
   433  }
   434  
   435  type frameCache struct {
   436  	dataFrame DataFrame
   437  }
   438  
   439  func (fc *frameCache) getDataFrame() *DataFrame {
   440  	if fc == nil {
   441  		return &DataFrame{}
   442  	}
   443  	return &fc.dataFrame
   444  }
   445  
   446  // NewFramer returns a Framer that writes frames to w and reads them from r.
   447  func NewFramer(w io.Writer, r io.Reader) *Framer {
   448  	fr := &Framer{
   449  		w:                 w,
   450  		r:                 r,
   451  		countError:        func(string) {},
   452  		logReads:          logFrameReads,
   453  		logWrites:         logFrameWrites,
   454  		debugReadLoggerf:  log.Printf,
   455  		debugWriteLoggerf: log.Printf,
   456  	}
   457  	fr.getReadBuf = func(size uint32) []byte {
   458  		if cap(fr.readBuf) >= int(size) {
   459  			return fr.readBuf[:size]
   460  		}
   461  		fr.readBuf = make([]byte, size)
   462  		return fr.readBuf
   463  	}
   464  	fr.SetMaxReadFrameSize(maxFrameSize)
   465  	return fr
   466  }
   467  
   468  // SetMaxReadFrameSize sets the maximum size of a frame
   469  // that will be read by a subsequent call to ReadFrame.
   470  // It is the caller's responsibility to advertise this
   471  // limit with a SETTINGS frame.
   472  func (fr *Framer) SetMaxReadFrameSize(v uint32) {
   473  	if v > maxFrameSize {
   474  		v = maxFrameSize
   475  	}
   476  	fr.maxReadSize = v
   477  }
   478  
   479  // ErrorDetail returns a more detailed error of the last error
   480  // returned by Framer.ReadFrame. For instance, if ReadFrame
   481  // returns a StreamError with code PROTOCOL_ERROR, ErrorDetail
   482  // will say exactly what was invalid. ErrorDetail is not guaranteed
   483  // to return a non-nil value and like the rest of the http2 package,
   484  // its return value is not protected by an API compatibility promise.
   485  // ErrorDetail is reset after the next call to ReadFrame.
   486  func (fr *Framer) ErrorDetail() error {
   487  	return fr.errDetail
   488  }
   489  
   490  // ErrFrameTooLarge is returned from Framer.ReadFrame when the peer
   491  // sends a frame that is larger than declared with SetMaxReadFrameSize.
   492  var ErrFrameTooLarge = errors.New("http2: frame too large")
   493  
   494  // terminalReadFrameError reports whether err is an unrecoverable
   495  // error from ReadFrame and no other frames should be read.
   496  func terminalReadFrameError(err error) bool {
   497  	if _, ok := err.(StreamError); ok {
   498  		return false
   499  	}
   500  	return err != nil
   501  }
   502  
   503  // ReadFrameHeader reads the header of the next frame.
   504  // It reads the 9-byte fixed frame header, and does not read any portion of the
   505  // frame payload. The caller is responsible for consuming the payload, either
   506  // with ReadFrameForHeader or directly from the Framer's io.Reader.
   507  //
   508  // If the frame is larger than previously set with SetMaxReadFrameSize, it
   509  // returns the frame header and ErrFrameTooLarge.
   510  //
   511  // If the returned FrameHeader.StreamID is non-zero, it indicates the stream
   512  // responsible for the error.
   513  func (fr *Framer) ReadFrameHeader() (FrameHeader, error) {
   514  	fr.errDetail = nil
   515  	fh, err := readFrameHeader(fr.headerBuf[:], fr.r)
   516  	if err != nil {
   517  		return fh, err
   518  	}
   519  	if fh.Length > fr.maxReadSize {
   520  		if fh == invalidHTTP1LookingFrameHeader() {
   521  			return fh, fmt.Errorf("http2: failed reading the frame payload: %w, note that the frame header looked like an HTTP/1.1 header", ErrFrameTooLarge)
   522  		}
   523  		return fh, ErrFrameTooLarge
   524  	}
   525  	if err := fr.checkFrameOrder(fh); err != nil {
   526  		return fh, err
   527  	}
   528  	return fh, nil
   529  }
   530  
   531  // ReadFrameForHeader reads the payload for the frame with the given FrameHeader.
   532  //
   533  // It behaves identically to ReadFrame, other than not checking the maximum
   534  // frame size.
   535  func (fr *Framer) ReadFrameForHeader(fh FrameHeader) (Frame, error) {
   536  	if fr.lastFrame != nil {
   537  		fr.lastFrame.invalidate()
   538  	}
   539  	payload := fr.getReadBuf(fh.Length)
   540  	if _, err := io.ReadFull(fr.r, payload); err != nil {
   541  		if fh == invalidHTTP1LookingFrameHeader() {
   542  			return nil, fmt.Errorf("http2: failed reading the frame payload: %w, note that the frame header looked like an HTTP/1.1 header", err)
   543  		}
   544  		return nil, err
   545  	}
   546  	f, err := typeFrameParser(fh.Type)(fr.frameCache, fh, fr.countError, payload)
   547  	if err != nil {
   548  		if ce, ok := err.(connError); ok {
   549  			return nil, fr.connError(ce.Code, ce.Reason)
   550  		}
   551  		return nil, err
   552  	}
   553  	fr.lastFrame = f
   554  	if fr.logReads {
   555  		fr.debugReadLoggerf("http2: Framer %p: read %v", fr, summarizeFrame(f))
   556  	}
   557  	if fh.Type == FrameHeaders && fr.ReadMetaHeaders != nil {
   558  		return fr.readMetaFrame(f.(*HeadersFrame))
   559  	}
   560  	return f, nil
   561  }
   562  
   563  // ReadFrame reads a single frame. The returned Frame is only valid
   564  // until the next call to ReadFrame or ReadFrameBodyForHeader.
   565  //
   566  // If the frame is larger than previously set with SetMaxReadFrameSize, the
   567  // returned error is ErrFrameTooLarge. Other errors may be of type
   568  // ConnectionError, StreamError, or anything else from the underlying
   569  // reader.
   570  //
   571  // If ReadFrame returns an error and a non-nil Frame, the Frame's StreamID
   572  // indicates the stream responsible for the error.
   573  func (fr *Framer) ReadFrame() (Frame, error) {
   574  	fh, err := fr.ReadFrameHeader()
   575  	if err != nil {
   576  		return nil, err
   577  	}
   578  	return fr.ReadFrameForHeader(fh)
   579  }
   580  
   581  // connError returns ConnectionError(code) but first
   582  // stashes away a public reason to the caller can optionally relay it
   583  // to the peer before hanging up on them. This might help others debug
   584  // their implementations.
   585  func (fr *Framer) connError(code ErrCode, reason string) error {
   586  	fr.errDetail = errors.New(reason)
   587  	return ConnectionError(code)
   588  }
   589  
   590  // checkFrameOrder reports an error if f is an invalid frame to return
   591  // next from ReadFrame. Mostly it checks whether HEADERS and
   592  // CONTINUATION frames are contiguous.
   593  func (fr *Framer) checkFrameOrder(fh FrameHeader) error {
   594  	lastType := fr.lastFrameType
   595  	fr.lastFrameType = fh.Type
   596  	if fr.AllowIllegalReads {
   597  		return nil
   598  	}
   599  
   600  	if fr.lastHeaderStream != 0 {
   601  		if fh.Type != FrameContinuation {
   602  			return fr.connError(ErrCodeProtocol,
   603  				fmt.Sprintf("got %s for stream %d; expected CONTINUATION following %s for stream %d",
   604  					fh.Type, fh.StreamID,
   605  					lastType, fr.lastHeaderStream))
   606  		}
   607  		if fh.StreamID != fr.lastHeaderStream {
   608  			return fr.connError(ErrCodeProtocol,
   609  				fmt.Sprintf("got CONTINUATION for stream %d; expected stream %d",
   610  					fh.StreamID, fr.lastHeaderStream))
   611  		}
   612  	} else if fh.Type == FrameContinuation {
   613  		return fr.connError(ErrCodeProtocol, fmt.Sprintf("unexpected CONTINUATION for stream %d", fh.StreamID))
   614  	}
   615  
   616  	switch fh.Type {
   617  	case FrameHeaders, FrameContinuation:
   618  		if fh.Flags.Has(FlagHeadersEndHeaders) {
   619  			fr.lastHeaderStream = 0
   620  		} else {
   621  			fr.lastHeaderStream = fh.StreamID
   622  		}
   623  	}
   624  
   625  	return nil
   626  }
   627  
   628  // A DataFrame conveys arbitrary, variable-length sequences of octets
   629  // associated with a stream.
   630  // See https://httpwg.org/specs/rfc7540.html#rfc.section.6.1
   631  type DataFrame struct {
   632  	FrameHeader
   633  	data []byte
   634  }
   635  
   636  func (f *DataFrame) StreamEnded() bool {
   637  	return f.FrameHeader.Flags.Has(FlagDataEndStream)
   638  }
   639  
   640  // Data returns the frame's data octets, not including any padding
   641  // size byte or padding suffix bytes.
   642  // The caller must not retain the returned memory past the next
   643  // call to ReadFrame.
   644  func (f *DataFrame) Data() []byte {
   645  	f.checkValid()
   646  	return f.data
   647  }
   648  
   649  func parseDataFrame(fc *frameCache, fh FrameHeader, countError func(string), payload []byte) (Frame, error) {
   650  	if fh.StreamID == 0 {
   651  		// DATA frames MUST be associated with a stream. If a
   652  		// DATA frame is received whose stream identifier
   653  		// field is 0x0, the recipient MUST respond with a
   654  		// connection error (Section 5.4.1) of type
   655  		// PROTOCOL_ERROR.
   656  		countError("frame_data_stream_0")
   657  		return nil, connError{ErrCodeProtocol, "DATA frame with stream ID 0"}
   658  	}
   659  	f := fc.getDataFrame()
   660  	f.FrameHeader = fh
   661  
   662  	var padSize byte
   663  	if fh.Flags.Has(FlagDataPadded) {
   664  		var err error
   665  		payload, padSize, err = readByte(payload)
   666  		if err != nil {
   667  			countError("frame_data_pad_byte_short")
   668  			return nil, err
   669  		}
   670  	}
   671  	if int(padSize) > len(payload) {
   672  		// If the length of the padding is greater than the
   673  		// length of the frame payload, the recipient MUST
   674  		// treat this as a connection error.
   675  		// Filed: https://github.com/http2/http2-spec/issues/610
   676  		countError("frame_data_pad_too_big")
   677  		return nil, connError{ErrCodeProtocol, "pad size larger than data payload"}
   678  	}
   679  	f.data = payload[:len(payload)-int(padSize)]
   680  	return f, nil
   681  }
   682  
   683  var (
   684  	errStreamID    = errors.New("invalid stream ID")
   685  	errDepStreamID = errors.New("invalid dependent stream ID")
   686  	errPadLength   = errors.New("pad length too large")
   687  	errPadBytes    = errors.New("padding bytes must all be zeros unless AllowIllegalWrites is enabled")
   688  )
   689  
   690  func validStreamIDOrZero(streamID uint32) bool {
   691  	return streamID&(1<<31) == 0
   692  }
   693  
   694  func validStreamID(streamID uint32) bool {
   695  	return streamID != 0 && streamID&(1<<31) == 0
   696  }
   697  
   698  // WriteData writes a DATA frame.
   699  //
   700  // It will perform exactly one Write to the underlying Writer.
   701  // It is the caller's responsibility not to violate the maximum frame size
   702  // and to not call other Write methods concurrently.
   703  func (f *Framer) WriteData(streamID uint32, endStream bool, data []byte) error {
   704  	return f.WriteDataPadded(streamID, endStream, data, nil)
   705  }
   706  
   707  // WriteDataPadded writes a DATA frame with optional padding.
   708  //
   709  // If pad is nil, the padding bit is not sent.
   710  // The length of pad must not exceed 255 bytes.
   711  // The bytes of pad must all be zero, unless f.AllowIllegalWrites is set.
   712  //
   713  // It will perform exactly one Write to the underlying Writer.
   714  // It is the caller's responsibility not to violate the maximum frame size
   715  // and to not call other Write methods concurrently.
   716  func (f *Framer) WriteDataPadded(streamID uint32, endStream bool, data, pad []byte) error {
   717  	if err := f.startWriteDataPadded(streamID, endStream, data, pad); err != nil {
   718  		return err
   719  	}
   720  	return f.endWrite()
   721  }
   722  
   723  // startWriteDataPadded is WriteDataPadded, but only writes the frame to the Framer's internal buffer.
   724  // The caller should call endWrite to flush the frame to the underlying writer.
   725  func (f *Framer) startWriteDataPadded(streamID uint32, endStream bool, data, pad []byte) error {
   726  	if !validStreamID(streamID) && !f.AllowIllegalWrites {
   727  		return errStreamID
   728  	}
   729  	if len(pad) > 0 {
   730  		if len(pad) > 255 {
   731  			return errPadLength
   732  		}
   733  		if !f.AllowIllegalWrites {
   734  			for _, b := range pad {
   735  				if b != 0 {
   736  					// "Padding octets MUST be set to zero when sending."
   737  					return errPadBytes
   738  				}
   739  			}
   740  		}
   741  	}
   742  	var flags Flags
   743  	if endStream {
   744  		flags |= FlagDataEndStream
   745  	}
   746  	if pad != nil {
   747  		flags |= FlagDataPadded
   748  	}
   749  	f.startWrite(FrameData, flags, streamID)
   750  	if pad != nil {
   751  		f.wbuf = append(f.wbuf, byte(len(pad)))
   752  	}
   753  	f.wbuf = append(f.wbuf, data...)
   754  	f.wbuf = append(f.wbuf, pad...)
   755  	return nil
   756  }
   757  
   758  // A SettingsFrame conveys configuration parameters that affect how
   759  // endpoints communicate, such as preferences and constraints on peer
   760  // behavior.
   761  //
   762  // See https://httpwg.org/specs/rfc7540.html#SETTINGS
   763  type SettingsFrame struct {
   764  	FrameHeader
   765  	p []byte
   766  }
   767  
   768  func parseSettingsFrame(_ *frameCache, fh FrameHeader, countError func(string), p []byte) (Frame, error) {
   769  	if fh.Flags.Has(FlagSettingsAck) && fh.Length > 0 {
   770  		// When this (ACK 0x1) bit is set, the payload of the
   771  		// SETTINGS frame MUST be empty. Receipt of a
   772  		// SETTINGS frame with the ACK flag set and a length
   773  		// field value other than 0 MUST be treated as a
   774  		// connection error (Section 5.4.1) of type
   775  		// FRAME_SIZE_ERROR.
   776  		countError("frame_settings_ack_with_length")
   777  		return nil, ConnectionError(ErrCodeFrameSize)
   778  	}
   779  	if fh.StreamID != 0 {
   780  		// SETTINGS frames always apply to a connection,
   781  		// never a single stream. The stream identifier for a
   782  		// SETTINGS frame MUST be zero (0x0).  If an endpoint
   783  		// receives a SETTINGS frame whose stream identifier
   784  		// field is anything other than 0x0, the endpoint MUST
   785  		// respond with a connection error (Section 5.4.1) of
   786  		// type PROTOCOL_ERROR.
   787  		countError("frame_settings_has_stream")
   788  		return nil, ConnectionError(ErrCodeProtocol)
   789  	}
   790  	if len(p)%6 != 0 {
   791  		countError("frame_settings_mod_6")
   792  		// Expecting even number of 6 byte settings.
   793  		return nil, ConnectionError(ErrCodeFrameSize)
   794  	}
   795  	f := &SettingsFrame{FrameHeader: fh, p: p}
   796  	if v, ok := f.Value(SettingInitialWindowSize); ok && v > (1<<31)-1 {
   797  		countError("frame_settings_window_size_too_big")
   798  		// Values above the maximum flow control window size of 2^31 - 1 MUST
   799  		// be treated as a connection error (Section 5.4.1) of type
   800  		// FLOW_CONTROL_ERROR.
   801  		return nil, ConnectionError(ErrCodeFlowControl)
   802  	}
   803  	return f, nil
   804  }
   805  
   806  func (f *SettingsFrame) IsAck() bool {
   807  	return f.FrameHeader.Flags.Has(FlagSettingsAck)
   808  }
   809  
   810  func (f *SettingsFrame) Value(id SettingID) (v uint32, ok bool) {
   811  	f.checkValid()
   812  	for i := 0; i < f.NumSettings(); i++ {
   813  		if s := f.Setting(i); s.ID == id {
   814  			return s.Val, true
   815  		}
   816  	}
   817  	return 0, false
   818  }
   819  
   820  // Setting returns the setting from the frame at the given 0-based index.
   821  // The index must be >= 0 and less than f.NumSettings().
   822  func (f *SettingsFrame) Setting(i int) Setting {
   823  	buf := f.p
   824  	return Setting{
   825  		ID:  SettingID(binary.BigEndian.Uint16(buf[i*6 : i*6+2])),
   826  		Val: binary.BigEndian.Uint32(buf[i*6+2 : i*6+6]),
   827  	}
   828  }
   829  
   830  func (f *SettingsFrame) NumSettings() int { return len(f.p) / 6 }
   831  
   832  // HasDuplicates reports whether f contains any duplicate setting IDs.
   833  func (f *SettingsFrame) HasDuplicates() bool {
   834  	num := f.NumSettings()
   835  	if num == 0 {
   836  		return false
   837  	}
   838  	// If it's small enough (the common case), just do the n^2
   839  	// thing and avoid a map allocation.
   840  	if num < 10 {
   841  		for i := 0; i < num; i++ {
   842  			idi := f.Setting(i).ID
   843  			for j := i + 1; j < num; j++ {
   844  				idj := f.Setting(j).ID
   845  				if idi == idj {
   846  					return true
   847  				}
   848  			}
   849  		}
   850  		return false
   851  	}
   852  	seen := map[SettingID]bool{}
   853  	for i := 0; i < num; i++ {
   854  		id := f.Setting(i).ID
   855  		if seen[id] {
   856  			return true
   857  		}
   858  		seen[id] = true
   859  	}
   860  	return false
   861  }
   862  
   863  // ForeachSetting runs fn for each setting.
   864  // It stops and returns the first error.
   865  func (f *SettingsFrame) ForeachSetting(fn func(Setting) error) error {
   866  	f.checkValid()
   867  	for i := 0; i < f.NumSettings(); i++ {
   868  		if err := fn(f.Setting(i)); err != nil {
   869  			return err
   870  		}
   871  	}
   872  	return nil
   873  }
   874  
   875  // WriteSettings writes a SETTINGS frame with zero or more settings
   876  // specified and the ACK bit not set.
   877  //
   878  // It will perform exactly one Write to the underlying Writer.
   879  // It is the caller's responsibility to not call other Write methods concurrently.
   880  func (f *Framer) WriteSettings(settings ...Setting) error {
   881  	f.startWrite(FrameSettings, 0, 0)
   882  	for _, s := range settings {
   883  		f.writeUint16(uint16(s.ID))
   884  		f.writeUint32(s.Val)
   885  	}
   886  	return f.endWrite()
   887  }
   888  
   889  // WriteSettingsAck writes an empty SETTINGS frame with the ACK bit set.
   890  //
   891  // It will perform exactly one Write to the underlying Writer.
   892  // It is the caller's responsibility to not call other Write methods concurrently.
   893  func (f *Framer) WriteSettingsAck() error {
   894  	f.startWrite(FrameSettings, FlagSettingsAck, 0)
   895  	return f.endWrite()
   896  }
   897  
   898  // A PingFrame is a mechanism for measuring a minimal round trip time
   899  // from the sender, as well as determining whether an idle connection
   900  // is still functional.
   901  // See https://httpwg.org/specs/rfc7540.html#rfc.section.6.7
   902  type PingFrame struct {
   903  	FrameHeader
   904  	Data [8]byte
   905  }
   906  
   907  func (f *PingFrame) IsAck() bool { return f.Flags.Has(FlagPingAck) }
   908  
   909  func parsePingFrame(_ *frameCache, fh FrameHeader, countError func(string), payload []byte) (Frame, error) {
   910  	if len(payload) != 8 {
   911  		countError("frame_ping_length")
   912  		return nil, ConnectionError(ErrCodeFrameSize)
   913  	}
   914  	if fh.StreamID != 0 {
   915  		countError("frame_ping_has_stream")
   916  		return nil, ConnectionError(ErrCodeProtocol)
   917  	}
   918  	f := &PingFrame{FrameHeader: fh}
   919  	copy(f.Data[:], payload)
   920  	return f, nil
   921  }
   922  
   923  func (f *Framer) WritePing(ack bool, data [8]byte) error {
   924  	var flags Flags
   925  	if ack {
   926  		flags = FlagPingAck
   927  	}
   928  	f.startWrite(FramePing, flags, 0)
   929  	f.writeBytes(data[:])
   930  	return f.endWrite()
   931  }
   932  
   933  // A GoAwayFrame informs the remote peer to stop creating streams on this connection.
   934  // See https://httpwg.org/specs/rfc7540.html#rfc.section.6.8
   935  type GoAwayFrame struct {
   936  	FrameHeader
   937  	LastStreamID uint32
   938  	ErrCode      ErrCode
   939  	debugData    []byte
   940  }
   941  
   942  // DebugData returns any debug data in the GOAWAY frame. Its contents
   943  // are not defined.
   944  // The caller must not retain the returned memory past the next
   945  // call to ReadFrame.
   946  func (f *GoAwayFrame) DebugData() []byte {
   947  	f.checkValid()
   948  	return f.debugData
   949  }
   950  
   951  func parseGoAwayFrame(_ *frameCache, fh FrameHeader, countError func(string), p []byte) (Frame, error) {
   952  	if fh.StreamID != 0 {
   953  		countError("frame_goaway_has_stream")
   954  		return nil, ConnectionError(ErrCodeProtocol)
   955  	}
   956  	if len(p) < 8 {
   957  		countError("frame_goaway_short")
   958  		return nil, ConnectionError(ErrCodeFrameSize)
   959  	}
   960  	return &GoAwayFrame{
   961  		FrameHeader:  fh,
   962  		LastStreamID: binary.BigEndian.Uint32(p[:4]) & (1<<31 - 1),
   963  		ErrCode:      ErrCode(binary.BigEndian.Uint32(p[4:8])),
   964  		debugData:    p[8:],
   965  	}, nil
   966  }
   967  
   968  func (f *Framer) WriteGoAway(maxStreamID uint32, code ErrCode, debugData []byte) error {
   969  	f.startWrite(FrameGoAway, 0, 0)
   970  	f.writeUint32(maxStreamID & (1<<31 - 1))
   971  	f.writeUint32(uint32(code))
   972  	f.writeBytes(debugData)
   973  	return f.endWrite()
   974  }
   975  
   976  // An UnknownFrame is the frame type returned when the frame type is unknown
   977  // or no specific frame type parser exists.
   978  type UnknownFrame struct {
   979  	FrameHeader
   980  	p []byte
   981  }
   982  
   983  // Payload returns the frame's payload (after the header).  It is not
   984  // valid to call this method after a subsequent call to
   985  // Framer.ReadFrame, nor is it valid to retain the returned slice.
   986  // The memory is owned by the Framer and is invalidated when the next
   987  // frame is read.
   988  func (f *UnknownFrame) Payload() []byte {
   989  	f.checkValid()
   990  	return f.p
   991  }
   992  
   993  func parseUnknownFrame(_ *frameCache, fh FrameHeader, countError func(string), p []byte) (Frame, error) {
   994  	return &UnknownFrame{fh, p}, nil
   995  }
   996  
   997  // A WindowUpdateFrame is used to implement flow control.
   998  // See https://httpwg.org/specs/rfc7540.html#rfc.section.6.9
   999  type WindowUpdateFrame struct {
  1000  	FrameHeader
  1001  	Increment uint32 // never read with high bit set
  1002  }
  1003  
  1004  func parseWindowUpdateFrame(_ *frameCache, fh FrameHeader, countError func(string), p []byte) (Frame, error) {
  1005  	if len(p) != 4 {
  1006  		countError("frame_windowupdate_bad_len")
  1007  		return nil, ConnectionError(ErrCodeFrameSize)
  1008  	}
  1009  	inc := binary.BigEndian.Uint32(p[:4]) & 0x7fffffff // mask off high reserved bit
  1010  	if inc == 0 {
  1011  		// A receiver MUST treat the receipt of a
  1012  		// WINDOW_UPDATE frame with an flow control window
  1013  		// increment of 0 as a stream error (Section 5.4.2) of
  1014  		// type PROTOCOL_ERROR; errors on the connection flow
  1015  		// control window MUST be treated as a connection
  1016  		// error (Section 5.4.1).
  1017  		if fh.StreamID == 0 {
  1018  			countError("frame_windowupdate_zero_inc_conn")
  1019  			return nil, ConnectionError(ErrCodeProtocol)
  1020  		}
  1021  		countError("frame_windowupdate_zero_inc_stream")
  1022  		return nil, streamError(fh.StreamID, ErrCodeProtocol)
  1023  	}
  1024  	return &WindowUpdateFrame{
  1025  		FrameHeader: fh,
  1026  		Increment:   inc,
  1027  	}, nil
  1028  }
  1029  
  1030  // WriteWindowUpdate writes a WINDOW_UPDATE frame.
  1031  // The increment value must be between 1 and 2,147,483,647, inclusive.
  1032  // If the Stream ID is zero, the window update applies to the
  1033  // connection as a whole.
  1034  func (f *Framer) WriteWindowUpdate(streamID, incr uint32) error {
  1035  	// "The legal range for the increment to the flow control window is 1 to 2^31-1 (2,147,483,647) octets."
  1036  	if (incr < 1 || incr > 2147483647) && !f.AllowIllegalWrites {
  1037  		return errors.New("illegal window increment value")
  1038  	}
  1039  	f.startWrite(FrameWindowUpdate, 0, streamID)
  1040  	f.writeUint32(incr)
  1041  	return f.endWrite()
  1042  }
  1043  
  1044  // A HeadersFrame is used to open a stream and additionally carries a
  1045  // header block fragment.
  1046  type HeadersFrame struct {
  1047  	FrameHeader
  1048  
  1049  	// Priority is set if FlagHeadersPriority is set in the FrameHeader.
  1050  	Priority PriorityParam
  1051  
  1052  	headerFragBuf []byte // not owned
  1053  }
  1054  
  1055  func (f *HeadersFrame) HeaderBlockFragment() []byte {
  1056  	f.checkValid()
  1057  	return f.headerFragBuf
  1058  }
  1059  
  1060  func (f *HeadersFrame) HeadersEnded() bool {
  1061  	return f.FrameHeader.Flags.Has(FlagHeadersEndHeaders)
  1062  }
  1063  
  1064  func (f *HeadersFrame) StreamEnded() bool {
  1065  	return f.FrameHeader.Flags.Has(FlagHeadersEndStream)
  1066  }
  1067  
  1068  func (f *HeadersFrame) HasPriority() bool {
  1069  	return f.FrameHeader.Flags.Has(FlagHeadersPriority)
  1070  }
  1071  
  1072  func parseHeadersFrame(_ *frameCache, fh FrameHeader, countError func(string), p []byte) (_ Frame, err error) {
  1073  	hf := &HeadersFrame{
  1074  		FrameHeader: fh,
  1075  	}
  1076  	if fh.StreamID == 0 {
  1077  		// HEADERS frames MUST be associated with a stream. If a HEADERS frame
  1078  		// is received whose stream identifier field is 0x0, the recipient MUST
  1079  		// respond with a connection error (Section 5.4.1) of type
  1080  		// PROTOCOL_ERROR.
  1081  		countError("frame_headers_zero_stream")
  1082  		return nil, connError{ErrCodeProtocol, "HEADERS frame with stream ID 0"}
  1083  	}
  1084  	var padLength uint8
  1085  	if fh.Flags.Has(FlagHeadersPadded) {
  1086  		if p, padLength, err = readByte(p); err != nil {
  1087  			countError("frame_headers_pad_short")
  1088  			return
  1089  		}
  1090  	}
  1091  	if fh.Flags.Has(FlagHeadersPriority) {
  1092  		var v uint32
  1093  		p, v, err = readUint32(p)
  1094  		if err != nil {
  1095  			countError("frame_headers_prio_short")
  1096  			return nil, err
  1097  		}
  1098  		hf.Priority.StreamDep = v & 0x7fffffff
  1099  		hf.Priority.Exclusive = (v != hf.Priority.StreamDep) // high bit was set
  1100  		p, hf.Priority.Weight, err = readByte(p)
  1101  		if err != nil {
  1102  			countError("frame_headers_prio_weight_short")
  1103  			return nil, err
  1104  		}
  1105  	}
  1106  	if len(p)-int(padLength) < 0 {
  1107  		countError("frame_headers_pad_too_big")
  1108  		return nil, streamError(fh.StreamID, ErrCodeProtocol)
  1109  	}
  1110  	hf.headerFragBuf = p[:len(p)-int(padLength)]
  1111  	return hf, nil
  1112  }
  1113  
  1114  // HeadersFrameParam are the parameters for writing a HEADERS frame.
  1115  type HeadersFrameParam struct {
  1116  	// StreamID is the required Stream ID to initiate.
  1117  	StreamID uint32
  1118  	// BlockFragment is part (or all) of a Header Block.
  1119  	BlockFragment []byte
  1120  
  1121  	// EndStream indicates that the header block is the last that
  1122  	// the endpoint will send for the identified stream. Setting
  1123  	// this flag causes the stream to enter one of "half closed"
  1124  	// states.
  1125  	EndStream bool
  1126  
  1127  	// EndHeaders indicates that this frame contains an entire
  1128  	// header block and is not followed by any
  1129  	// CONTINUATION frames.
  1130  	EndHeaders bool
  1131  
  1132  	// PadLength is the optional number of bytes of zeros to add
  1133  	// to this frame.
  1134  	PadLength uint8
  1135  
  1136  	// Priority, if non-zero, includes stream priority information
  1137  	// in the HEADER frame.
  1138  	Priority PriorityParam
  1139  }
  1140  
  1141  // WriteHeaders writes a single HEADERS frame.
  1142  //
  1143  // This is a low-level header writing method. Encoding headers and
  1144  // splitting them into any necessary CONTINUATION frames is handled
  1145  // elsewhere.
  1146  //
  1147  // It will perform exactly one Write to the underlying Writer.
  1148  // It is the caller's responsibility to not call other Write methods concurrently.
  1149  func (f *Framer) WriteHeaders(p HeadersFrameParam) error {
  1150  	if !validStreamID(p.StreamID) && !f.AllowIllegalWrites {
  1151  		return errStreamID
  1152  	}
  1153  	var flags Flags
  1154  	if p.PadLength != 0 {
  1155  		flags |= FlagHeadersPadded
  1156  	}
  1157  	if p.EndStream {
  1158  		flags |= FlagHeadersEndStream
  1159  	}
  1160  	if p.EndHeaders {
  1161  		flags |= FlagHeadersEndHeaders
  1162  	}
  1163  	if !p.Priority.IsZero() {
  1164  		flags |= FlagHeadersPriority
  1165  	}
  1166  	f.startWrite(FrameHeaders, flags, p.StreamID)
  1167  	if p.PadLength != 0 {
  1168  		f.writeByte(p.PadLength)
  1169  	}
  1170  	if !p.Priority.IsZero() {
  1171  		v := p.Priority.StreamDep
  1172  		if !validStreamIDOrZero(v) && !f.AllowIllegalWrites {
  1173  			return errDepStreamID
  1174  		}
  1175  		if p.Priority.Exclusive {
  1176  			v |= 1 << 31
  1177  		}
  1178  		f.writeUint32(v)
  1179  		f.writeByte(p.Priority.Weight)
  1180  	}
  1181  	f.wbuf = append(f.wbuf, p.BlockFragment...)
  1182  	f.wbuf = append(f.wbuf, padZeros[:p.PadLength]...)
  1183  	return f.endWrite()
  1184  }
  1185  
  1186  // A PriorityFrame specifies the sender-advised priority of a stream.
  1187  // See https://httpwg.org/specs/rfc7540.html#rfc.section.6.3
  1188  type PriorityFrame struct {
  1189  	FrameHeader
  1190  	PriorityParam
  1191  }
  1192  
  1193  // defaultRFC9218Priority determines what priority we should use as the default
  1194  // value.
  1195  //
  1196  // According to RFC 9218, by default, streams should be given an urgency of 3
  1197  // and should be non-incremental. However, making streams non-incremental by
  1198  // default would be a huge change to our historical behavior where we would
  1199  // round-robin writes across streams. When streams are non-incremental, we
  1200  // would process streams of the same urgency one-by-one to completion instead.
  1201  //
  1202  // To avoid such a sudden change which might break some HTTP/2 users, this
  1203  // function allows the caller to specify whether they can actually use the
  1204  // default value as specified in RFC 9218. If not, this function will return a
  1205  // priority value where streams are incremental by default instead: effectively
  1206  // a round-robin between stream of the same urgency.
  1207  //
  1208  // As an example, a server might not be able to use the RFC 9218 default value
  1209  // when it's not sure that the client it is serving is aware of RFC 9218.
  1210  func defaultRFC9218Priority(canUseDefault bool) PriorityParam {
  1211  	if canUseDefault {
  1212  		return PriorityParam{
  1213  			urgency:     3,
  1214  			incremental: 0,
  1215  		}
  1216  	}
  1217  	return PriorityParam{
  1218  		urgency:     3,
  1219  		incremental: 1,
  1220  	}
  1221  }
  1222  
  1223  // Note that HTTP/2 has had two different prioritization schemes, and
  1224  // PriorityParam struct below is a superset of both schemes. The exported
  1225  // symbols are from RFC 7540 and the non-exported ones are from RFC 9218.
  1226  
  1227  // PriorityParam are the stream prioritization parameters.
  1228  type PriorityParam struct {
  1229  	// StreamDep is a 31-bit stream identifier for the
  1230  	// stream that this stream depends on. Zero means no
  1231  	// dependency.
  1232  	StreamDep uint32
  1233  
  1234  	// Exclusive is whether the dependency is exclusive.
  1235  	Exclusive bool
  1236  
  1237  	// Weight is the stream's zero-indexed weight. It should be
  1238  	// set together with StreamDep, or neither should be set. Per
  1239  	// the spec, "Add one to the value to obtain a weight between
  1240  	// 1 and 256."
  1241  	Weight uint8
  1242  
  1243  	// "The urgency (u) parameter value is Integer (see Section 3.3.1 of
  1244  	// [STRUCTURED-FIELDS]), between 0 and 7 inclusive, in descending order of
  1245  	// priority. The default is 3."
  1246  	urgency uint8
  1247  
  1248  	// "The incremental (i) parameter value is Boolean (see Section 3.3.6 of
  1249  	// [STRUCTURED-FIELDS]). It indicates if an HTTP response can be processed
  1250  	// incrementally, i.e., provide some meaningful output as chunks of the
  1251  	// response arrive."
  1252  	//
  1253  	// We use uint8 (i.e. 0 is false, 1 is true) instead of bool so we can
  1254  	// avoid unnecessary type conversions and because either type takes 1 byte.
  1255  	incremental uint8
  1256  }
  1257  
  1258  func (p PriorityParam) IsZero() bool {
  1259  	return p == PriorityParam{}
  1260  }
  1261  
  1262  func parsePriorityFrame(_ *frameCache, fh FrameHeader, countError func(string), payload []byte) (Frame, error) {
  1263  	if fh.StreamID == 0 {
  1264  		countError("frame_priority_zero_stream")
  1265  		return nil, connError{ErrCodeProtocol, "PRIORITY frame with stream ID 0"}
  1266  	}
  1267  	if len(payload) != 5 {
  1268  		countError("frame_priority_bad_length")
  1269  		return nil, connError{ErrCodeFrameSize, fmt.Sprintf("PRIORITY frame payload size was %d; want 5", len(payload))}
  1270  	}
  1271  	v := binary.BigEndian.Uint32(payload[:4])
  1272  	streamID := v & 0x7fffffff // mask off high bit
  1273  	return &PriorityFrame{
  1274  		FrameHeader: fh,
  1275  		PriorityParam: PriorityParam{
  1276  			Weight:    payload[4],
  1277  			StreamDep: streamID,
  1278  			Exclusive: streamID != v, // was high bit set?
  1279  		},
  1280  	}, nil
  1281  }
  1282  
  1283  // WritePriority writes a PRIORITY frame.
  1284  //
  1285  // It will perform exactly one Write to the underlying Writer.
  1286  // It is the caller's responsibility to not call other Write methods concurrently.
  1287  func (f *Framer) WritePriority(streamID uint32, p PriorityParam) error {
  1288  	if !validStreamID(streamID) && !f.AllowIllegalWrites {
  1289  		return errStreamID
  1290  	}
  1291  	if !validStreamIDOrZero(p.StreamDep) {
  1292  		return errDepStreamID
  1293  	}
  1294  	f.startWrite(FramePriority, 0, streamID)
  1295  	v := p.StreamDep
  1296  	if p.Exclusive {
  1297  		v |= 1 << 31
  1298  	}
  1299  	f.writeUint32(v)
  1300  	f.writeByte(p.Weight)
  1301  	return f.endWrite()
  1302  }
  1303  
  1304  // PriorityUpdateFrame is a PRIORITY_UPDATE frame as described in
  1305  // https://www.rfc-editor.org/rfc/rfc9218.html#name-the-priority_update-frame.
  1306  type PriorityUpdateFrame struct {
  1307  	FrameHeader
  1308  	Priority            string
  1309  	PrioritizedStreamID uint32
  1310  }
  1311  
  1312  func parseRFC9218Priority(s string, canUseDefault bool) (p PriorityParam, ok bool) {
  1313  	p = defaultRFC9218Priority(canUseDefault)
  1314  	ok = httpsfv.ParseDictionary(s, func(key, val, _ string) {
  1315  		switch key {
  1316  		case "u":
  1317  			if u, ok := httpsfv.ParseInteger(val); ok && u >= 0 && u <= 7 {
  1318  				p.urgency = uint8(u)
  1319  			}
  1320  		case "i":
  1321  			if i, ok := httpsfv.ParseBoolean(val); ok {
  1322  				if i {
  1323  					p.incremental = 1
  1324  				} else {
  1325  					p.incremental = 0
  1326  				}
  1327  			}
  1328  		}
  1329  	})
  1330  	if !ok {
  1331  		return defaultRFC9218Priority(canUseDefault), ok
  1332  	}
  1333  	return p, true
  1334  }
  1335  
  1336  func parsePriorityUpdateFrame(_ *frameCache, fh FrameHeader, countError func(string), payload []byte) (Frame, error) {
  1337  	if fh.StreamID != 0 {
  1338  		countError("frame_priority_update_non_zero_stream")
  1339  		return nil, connError{ErrCodeProtocol, "PRIORITY_UPDATE frame with non-zero stream ID"}
  1340  	}
  1341  	if len(payload) < 4 {
  1342  		countError("frame_priority_update_bad_length")
  1343  		return nil, connError{ErrCodeFrameSize, fmt.Sprintf("PRIORITY_UPDATE frame payload size was %d; want at least 4", len(payload))}
  1344  	}
  1345  	v := binary.BigEndian.Uint32(payload[:4])
  1346  	streamID := v & 0x7fffffff // mask off high bit
  1347  	if streamID == 0 {
  1348  		countError("frame_priority_update_prioritizing_zero_stream")
  1349  		return nil, connError{ErrCodeProtocol, "PRIORITY_UPDATE frame with prioritized stream ID of zero"}
  1350  	}
  1351  	return &PriorityUpdateFrame{
  1352  		FrameHeader:         fh,
  1353  		PrioritizedStreamID: streamID,
  1354  		Priority:            string(payload[4:]),
  1355  	}, nil
  1356  }
  1357  
  1358  // WritePriorityUpdate writes a PRIORITY_UPDATE frame.
  1359  //
  1360  // It will perform exactly one Write to the underlying Writer.
  1361  // It is the caller's responsibility to not call other Write methods concurrently.
  1362  func (f *Framer) WritePriorityUpdate(streamID uint32, priority string) error {
  1363  	if !validStreamID(streamID) && !f.AllowIllegalWrites {
  1364  		return errStreamID
  1365  	}
  1366  	f.startWrite(FramePriorityUpdate, 0, 0)
  1367  	f.writeUint32(streamID)
  1368  	f.writeBytes([]byte(priority))
  1369  	return f.endWrite()
  1370  }
  1371  
  1372  // A RSTStreamFrame allows for abnormal termination of a stream.
  1373  // See https://httpwg.org/specs/rfc7540.html#rfc.section.6.4
  1374  type RSTStreamFrame struct {
  1375  	FrameHeader
  1376  	ErrCode ErrCode
  1377  }
  1378  
  1379  func parseRSTStreamFrame(_ *frameCache, fh FrameHeader, countError func(string), p []byte) (Frame, error) {
  1380  	if len(p) != 4 {
  1381  		countError("frame_rststream_bad_len")
  1382  		return nil, ConnectionError(ErrCodeFrameSize)
  1383  	}
  1384  	if fh.StreamID == 0 {
  1385  		countError("frame_rststream_zero_stream")
  1386  		return nil, ConnectionError(ErrCodeProtocol)
  1387  	}
  1388  	return &RSTStreamFrame{fh, ErrCode(binary.BigEndian.Uint32(p[:4]))}, nil
  1389  }
  1390  
  1391  // WriteRSTStream writes a RST_STREAM frame.
  1392  //
  1393  // It will perform exactly one Write to the underlying Writer.
  1394  // It is the caller's responsibility to not call other Write methods concurrently.
  1395  func (f *Framer) WriteRSTStream(streamID uint32, code ErrCode) error {
  1396  	if !validStreamID(streamID) && !f.AllowIllegalWrites {
  1397  		return errStreamID
  1398  	}
  1399  	f.startWrite(FrameRSTStream, 0, streamID)
  1400  	f.writeUint32(uint32(code))
  1401  	return f.endWrite()
  1402  }
  1403  
  1404  // A ContinuationFrame is used to continue a sequence of header block fragments.
  1405  // See https://httpwg.org/specs/rfc7540.html#rfc.section.6.10
  1406  type ContinuationFrame struct {
  1407  	FrameHeader
  1408  	headerFragBuf []byte
  1409  }
  1410  
  1411  func parseContinuationFrame(_ *frameCache, fh FrameHeader, countError func(string), p []byte) (Frame, error) {
  1412  	if fh.StreamID == 0 {
  1413  		countError("frame_continuation_zero_stream")
  1414  		return nil, connError{ErrCodeProtocol, "CONTINUATION frame with stream ID 0"}
  1415  	}
  1416  	return &ContinuationFrame{fh, p}, nil
  1417  }
  1418  
  1419  func (f *ContinuationFrame) HeaderBlockFragment() []byte {
  1420  	f.checkValid()
  1421  	return f.headerFragBuf
  1422  }
  1423  
  1424  func (f *ContinuationFrame) HeadersEnded() bool {
  1425  	return f.FrameHeader.Flags.Has(FlagContinuationEndHeaders)
  1426  }
  1427  
  1428  // WriteContinuation writes a CONTINUATION frame.
  1429  //
  1430  // It will perform exactly one Write to the underlying Writer.
  1431  // It is the caller's responsibility to not call other Write methods concurrently.
  1432  func (f *Framer) WriteContinuation(streamID uint32, endHeaders bool, headerBlockFragment []byte) error {
  1433  	if !validStreamID(streamID) && !f.AllowIllegalWrites {
  1434  		return errStreamID
  1435  	}
  1436  	var flags Flags
  1437  	if endHeaders {
  1438  		flags |= FlagContinuationEndHeaders
  1439  	}
  1440  	f.startWrite(FrameContinuation, flags, streamID)
  1441  	f.wbuf = append(f.wbuf, headerBlockFragment...)
  1442  	return f.endWrite()
  1443  }
  1444  
  1445  // A PushPromiseFrame is used to initiate a server stream.
  1446  // See https://httpwg.org/specs/rfc7540.html#rfc.section.6.6
  1447  type PushPromiseFrame struct {
  1448  	FrameHeader
  1449  	PromiseID     uint32
  1450  	headerFragBuf []byte // not owned
  1451  }
  1452  
  1453  func (f *PushPromiseFrame) HeaderBlockFragment() []byte {
  1454  	f.checkValid()
  1455  	return f.headerFragBuf
  1456  }
  1457  
  1458  func (f *PushPromiseFrame) HeadersEnded() bool {
  1459  	return f.FrameHeader.Flags.Has(FlagPushPromiseEndHeaders)
  1460  }
  1461  
  1462  func parsePushPromise(_ *frameCache, fh FrameHeader, countError func(string), p []byte) (_ Frame, err error) {
  1463  	pp := &PushPromiseFrame{
  1464  		FrameHeader: fh,
  1465  	}
  1466  	if pp.StreamID == 0 {
  1467  		// PUSH_PROMISE frames MUST be associated with an existing,
  1468  		// peer-initiated stream. The stream identifier of a
  1469  		// PUSH_PROMISE frame indicates the stream it is associated
  1470  		// with. If the stream identifier field specifies the value
  1471  		// 0x0, a recipient MUST respond with a connection error
  1472  		// (Section 5.4.1) of type PROTOCOL_ERROR.
  1473  		countError("frame_pushpromise_zero_stream")
  1474  		return nil, ConnectionError(ErrCodeProtocol)
  1475  	}
  1476  	// The PUSH_PROMISE frame includes optional padding.
  1477  	// Padding fields and flags are identical to those defined for DATA frames
  1478  	var padLength uint8
  1479  	if fh.Flags.Has(FlagPushPromisePadded) {
  1480  		if p, padLength, err = readByte(p); err != nil {
  1481  			countError("frame_pushpromise_pad_short")
  1482  			return
  1483  		}
  1484  	}
  1485  
  1486  	p, pp.PromiseID, err = readUint32(p)
  1487  	if err != nil {
  1488  		countError("frame_pushpromise_promiseid_short")
  1489  		return
  1490  	}
  1491  	pp.PromiseID = pp.PromiseID & (1<<31 - 1)
  1492  
  1493  	if int(padLength) > len(p) {
  1494  		// like the DATA frame, error out if padding is longer than the body.
  1495  		countError("frame_pushpromise_pad_too_big")
  1496  		return nil, ConnectionError(ErrCodeProtocol)
  1497  	}
  1498  	pp.headerFragBuf = p[:len(p)-int(padLength)]
  1499  	return pp, nil
  1500  }
  1501  
  1502  // PushPromiseParam are the parameters for writing a PUSH_PROMISE frame.
  1503  type PushPromiseParam struct {
  1504  	// StreamID is the required Stream ID to initiate.
  1505  	StreamID uint32
  1506  
  1507  	// PromiseID is the required Stream ID which this
  1508  	// Push Promises
  1509  	PromiseID uint32
  1510  
  1511  	// BlockFragment is part (or all) of a Header Block.
  1512  	BlockFragment []byte
  1513  
  1514  	// EndHeaders indicates that this frame contains an entire
  1515  	// header block and is not followed by any
  1516  	// CONTINUATION frames.
  1517  	EndHeaders bool
  1518  
  1519  	// PadLength is the optional number of bytes of zeros to add
  1520  	// to this frame.
  1521  	PadLength uint8
  1522  }
  1523  
  1524  // WritePushPromise writes a single PushPromise Frame.
  1525  //
  1526  // As with Header Frames, This is the low level call for writing
  1527  // individual frames. Continuation frames are handled elsewhere.
  1528  //
  1529  // It will perform exactly one Write to the underlying Writer.
  1530  // It is the caller's responsibility to not call other Write methods concurrently.
  1531  func (f *Framer) WritePushPromise(p PushPromiseParam) error {
  1532  	if !validStreamID(p.StreamID) && !f.AllowIllegalWrites {
  1533  		return errStreamID
  1534  	}
  1535  	var flags Flags
  1536  	if p.PadLength != 0 {
  1537  		flags |= FlagPushPromisePadded
  1538  	}
  1539  	if p.EndHeaders {
  1540  		flags |= FlagPushPromiseEndHeaders
  1541  	}
  1542  	f.startWrite(FramePushPromise, flags, p.StreamID)
  1543  	if p.PadLength != 0 {
  1544  		f.writeByte(p.PadLength)
  1545  	}
  1546  	if !validStreamID(p.PromiseID) && !f.AllowIllegalWrites {
  1547  		return errStreamID
  1548  	}
  1549  	f.writeUint32(p.PromiseID)
  1550  	f.wbuf = append(f.wbuf, p.BlockFragment...)
  1551  	f.wbuf = append(f.wbuf, padZeros[:p.PadLength]...)
  1552  	return f.endWrite()
  1553  }
  1554  
  1555  // WriteRawFrame writes a raw frame. This can be used to write
  1556  // extension frames unknown to this package.
  1557  func (f *Framer) WriteRawFrame(t FrameType, flags Flags, streamID uint32, payload []byte) error {
  1558  	f.startWrite(t, flags, streamID)
  1559  	f.writeBytes(payload)
  1560  	return f.endWrite()
  1561  }
  1562  
  1563  func readByte(p []byte) (remain []byte, b byte, err error) {
  1564  	if len(p) == 0 {
  1565  		return nil, 0, io.ErrUnexpectedEOF
  1566  	}
  1567  	return p[1:], p[0], nil
  1568  }
  1569  
  1570  func readUint32(p []byte) (remain []byte, v uint32, err error) {
  1571  	if len(p) < 4 {
  1572  		return nil, 0, io.ErrUnexpectedEOF
  1573  	}
  1574  	return p[4:], binary.BigEndian.Uint32(p[:4]), nil
  1575  }
  1576  
  1577  type streamEnder interface {
  1578  	StreamEnded() bool
  1579  }
  1580  
  1581  type headersEnder interface {
  1582  	HeadersEnded() bool
  1583  }
  1584  
  1585  type headersOrContinuation interface {
  1586  	headersEnder
  1587  	HeaderBlockFragment() []byte
  1588  }
  1589  
  1590  // A MetaHeadersFrame is the representation of one HEADERS frame and
  1591  // zero or more contiguous CONTINUATION frames and the decoding of
  1592  // their HPACK-encoded contents.
  1593  //
  1594  // This type of frame does not appear on the wire and is only returned
  1595  // by the Framer when Framer.ReadMetaHeaders is set.
  1596  type MetaHeadersFrame struct {
  1597  	*HeadersFrame
  1598  
  1599  	// Fields are the fields contained in the HEADERS and
  1600  	// CONTINUATION frames. The underlying slice is owned by the
  1601  	// Framer and must not be retained after the next call to
  1602  	// ReadFrame.
  1603  	//
  1604  	// Fields are guaranteed to be in the correct http2 order and
  1605  	// not have unknown pseudo header fields or invalid header
  1606  	// field names or values. Required pseudo header fields may be
  1607  	// missing, however. Use the MetaHeadersFrame.Pseudo accessor
  1608  	// method access pseudo headers.
  1609  	Fields []hpack.HeaderField
  1610  
  1611  	// Truncated is whether the max header list size limit was hit
  1612  	// and Fields is incomplete. The hpack decoder state is still
  1613  	// valid, however.
  1614  	Truncated bool
  1615  }
  1616  
  1617  // PseudoValue returns the given pseudo header field's value.
  1618  // The provided pseudo field should not contain the leading colon.
  1619  func (mh *MetaHeadersFrame) PseudoValue(pseudo string) string {
  1620  	for _, hf := range mh.Fields {
  1621  		if !hf.IsPseudo() {
  1622  			return ""
  1623  		}
  1624  		if hf.Name[1:] == pseudo {
  1625  			return hf.Value
  1626  		}
  1627  	}
  1628  	return ""
  1629  }
  1630  
  1631  // RegularFields returns the regular (non-pseudo) header fields of mh.
  1632  // The caller does not own the returned slice.
  1633  func (mh *MetaHeadersFrame) RegularFields() []hpack.HeaderField {
  1634  	for i, hf := range mh.Fields {
  1635  		if !hf.IsPseudo() {
  1636  			return mh.Fields[i:]
  1637  		}
  1638  	}
  1639  	return nil
  1640  }
  1641  
  1642  // PseudoFields returns the pseudo header fields of mh.
  1643  // The caller does not own the returned slice.
  1644  func (mh *MetaHeadersFrame) PseudoFields() []hpack.HeaderField {
  1645  	for i, hf := range mh.Fields {
  1646  		if !hf.IsPseudo() {
  1647  			return mh.Fields[:i]
  1648  		}
  1649  	}
  1650  	return mh.Fields
  1651  }
  1652  
  1653  func (mh *MetaHeadersFrame) rfc9218Priority(priorityAware bool) (p PriorityParam, priorityAwareAfter, hasIntermediary bool) {
  1654  	var s string
  1655  	for _, field := range mh.Fields {
  1656  		if field.Name == "priority" {
  1657  			s = field.Value
  1658  			priorityAware = true
  1659  		}
  1660  		if slices.Contains([]string{"via", "forwarded", "x-forwarded-for"}, field.Name) {
  1661  			hasIntermediary = true
  1662  		}
  1663  	}
  1664  	// No need to check for ok. parseRFC9218Priority will return a default
  1665  	// value if there is no priority field or if the field cannot be parsed.
  1666  	p, _ = parseRFC9218Priority(s, priorityAware && !hasIntermediary)
  1667  	return p, priorityAware, hasIntermediary
  1668  }
  1669  
  1670  func (mh *MetaHeadersFrame) checkPseudos() error {
  1671  	var isRequest, isResponse bool
  1672  	pf := mh.PseudoFields()
  1673  	for i, hf := range pf {
  1674  		switch hf.Name {
  1675  		case ":method", ":path", ":scheme", ":authority", ":protocol":
  1676  			isRequest = true
  1677  		case ":status":
  1678  			isResponse = true
  1679  		default:
  1680  			return pseudoHeaderError(hf.Name)
  1681  		}
  1682  		// Check for duplicates.
  1683  		// This would be a bad algorithm, but N is 5.
  1684  		// And this doesn't allocate.
  1685  		for _, hf2 := range pf[:i] {
  1686  			if hf.Name == hf2.Name {
  1687  				return duplicatePseudoHeaderError(hf.Name)
  1688  			}
  1689  		}
  1690  	}
  1691  	if isRequest && isResponse {
  1692  		return errMixPseudoHeaderTypes
  1693  	}
  1694  	return nil
  1695  }
  1696  
  1697  func (fr *Framer) maxHeaderStringLen() int {
  1698  	v := int(fr.maxHeaderListSize())
  1699  	if v < 0 {
  1700  		// If maxHeaderListSize overflows an int, use no limit (0).
  1701  		return 0
  1702  	}
  1703  	return v
  1704  }
  1705  
  1706  // readMetaFrame returns 0 or more CONTINUATION frames from fr and
  1707  // merge them into the provided hf and returns a MetaHeadersFrame
  1708  // with the decoded hpack values.
  1709  func (fr *Framer) readMetaFrame(hf *HeadersFrame) (Frame, error) {
  1710  	if fr.AllowIllegalReads {
  1711  		return nil, errors.New("illegal use of AllowIllegalReads with ReadMetaHeaders")
  1712  	}
  1713  	mh := &MetaHeadersFrame{
  1714  		HeadersFrame: hf,
  1715  	}
  1716  	var remainSize = fr.maxHeaderListSize()
  1717  	var sawRegular bool
  1718  
  1719  	var invalid error // pseudo header field errors
  1720  	hdec := fr.ReadMetaHeaders
  1721  	hdec.SetEmitEnabled(true)
  1722  	hdec.SetMaxStringLength(fr.maxHeaderStringLen())
  1723  	hdec.SetEmitFunc(func(hf hpack.HeaderField) {
  1724  		if VerboseLogs && fr.logReads {
  1725  			fr.debugReadLoggerf("http2: decoded hpack field %+v", hf)
  1726  		}
  1727  		if !httpguts.ValidHeaderFieldValue(hf.Value) {
  1728  			// Don't include the value in the error, because it may be sensitive.
  1729  			invalid = headerFieldValueError(hf.Name)
  1730  		}
  1731  		isPseudo := strings.HasPrefix(hf.Name, ":")
  1732  		if isPseudo {
  1733  			if sawRegular {
  1734  				invalid = errPseudoAfterRegular
  1735  			}
  1736  		} else {
  1737  			sawRegular = true
  1738  			if !validWireHeaderFieldName(hf.Name) {
  1739  				invalid = headerFieldNameError(hf.Name)
  1740  			}
  1741  		}
  1742  
  1743  		if invalid != nil {
  1744  			hdec.SetEmitEnabled(false)
  1745  			return
  1746  		}
  1747  
  1748  		size := hf.Size()
  1749  		if size > remainSize {
  1750  			hdec.SetEmitEnabled(false)
  1751  			mh.Truncated = true
  1752  			remainSize = 0
  1753  			return
  1754  		}
  1755  		remainSize -= size
  1756  
  1757  		mh.Fields = append(mh.Fields, hf)
  1758  	})
  1759  	// Lose reference to MetaHeadersFrame:
  1760  	defer hdec.SetEmitFunc(func(hf hpack.HeaderField) {})
  1761  
  1762  	var hc headersOrContinuation = hf
  1763  	for {
  1764  		frag := hc.HeaderBlockFragment()
  1765  
  1766  		// Avoid parsing large amounts of headers that we will then discard.
  1767  		// If the sender exceeds the max header list size by too much,
  1768  		// skip parsing the fragment and close the connection.
  1769  		//
  1770  		// "Too much" is either any CONTINUATION frame after we've already
  1771  		// exceeded the max header list size (in which case remainSize is 0),
  1772  		// or a frame whose encoded size is more than twice the remaining
  1773  		// header list bytes we're willing to accept.
  1774  		if int64(len(frag)) > int64(2*remainSize) {
  1775  			if VerboseLogs {
  1776  				log.Printf("http2: header list too large")
  1777  			}
  1778  			// It would be nice to send a RST_STREAM before sending the GOAWAY,
  1779  			// but the structure of the server's frame writer makes this difficult.
  1780  			return mh, ConnectionError(ErrCodeProtocol)
  1781  		}
  1782  
  1783  		// Also close the connection after any CONTINUATION frame following an
  1784  		// invalid header, since we stop tracking the size of the headers after
  1785  		// an invalid one.
  1786  		if invalid != nil {
  1787  			if VerboseLogs {
  1788  				log.Printf("http2: invalid header: %v", invalid)
  1789  			}
  1790  			// It would be nice to send a RST_STREAM before sending the GOAWAY,
  1791  			// but the structure of the server's frame writer makes this difficult.
  1792  			return mh, ConnectionError(ErrCodeProtocol)
  1793  		}
  1794  
  1795  		if _, err := hdec.Write(frag); err != nil {
  1796  			return mh, ConnectionError(ErrCodeCompression)
  1797  		}
  1798  
  1799  		if hc.HeadersEnded() {
  1800  			break
  1801  		}
  1802  		if f, err := fr.ReadFrame(); err != nil {
  1803  			return nil, err
  1804  		} else {
  1805  			hc = f.(*ContinuationFrame) // guaranteed by checkFrameOrder
  1806  		}
  1807  	}
  1808  
  1809  	mh.HeadersFrame.headerFragBuf = nil
  1810  	mh.HeadersFrame.invalidate()
  1811  
  1812  	if err := hdec.Close(); err != nil {
  1813  		return mh, ConnectionError(ErrCodeCompression)
  1814  	}
  1815  	if invalid != nil {
  1816  		fr.errDetail = invalid
  1817  		if VerboseLogs {
  1818  			log.Printf("http2: invalid header: %v", invalid)
  1819  		}
  1820  		return nil, StreamError{mh.StreamID, ErrCodeProtocol, invalid}
  1821  	}
  1822  	if err := mh.checkPseudos(); err != nil {
  1823  		fr.errDetail = err
  1824  		if VerboseLogs {
  1825  			log.Printf("http2: invalid pseudo headers: %v", err)
  1826  		}
  1827  		return nil, StreamError{mh.StreamID, ErrCodeProtocol, err}
  1828  	}
  1829  	return mh, nil
  1830  }
  1831  
  1832  func summarizeFrame(f Frame) string {
  1833  	var buf bytes.Buffer
  1834  	f.Header().writeDebug(&buf)
  1835  	switch f := f.(type) {
  1836  	case *SettingsFrame:
  1837  		n := 0
  1838  		f.ForeachSetting(func(s Setting) error {
  1839  			n++
  1840  			if n == 1 {
  1841  				buf.WriteString(", settings:")
  1842  			}
  1843  			fmt.Fprintf(&buf, " %v=%v,", s.ID, s.Val)
  1844  			return nil
  1845  		})
  1846  		if n > 0 {
  1847  			buf.Truncate(buf.Len() - 1) // remove trailing comma
  1848  		}
  1849  	case *DataFrame:
  1850  		data := f.Data()
  1851  		const max = 256
  1852  		if len(data) > max {
  1853  			data = data[:max]
  1854  		}
  1855  		fmt.Fprintf(&buf, " data=%q", data)
  1856  		if len(f.Data()) > max {
  1857  			fmt.Fprintf(&buf, " (%d bytes omitted)", len(f.Data())-max)
  1858  		}
  1859  	case *WindowUpdateFrame:
  1860  		if f.StreamID == 0 {
  1861  			buf.WriteString(" (conn)")
  1862  		}
  1863  		fmt.Fprintf(&buf, " incr=%v", f.Increment)
  1864  	case *PingFrame:
  1865  		fmt.Fprintf(&buf, " ping=%q", f.Data[:])
  1866  	case *GoAwayFrame:
  1867  		fmt.Fprintf(&buf, " LastStreamID=%v ErrCode=%v Debug=%q",
  1868  			f.LastStreamID, f.ErrCode, f.debugData)
  1869  	case *RSTStreamFrame:
  1870  		fmt.Fprintf(&buf, " ErrCode=%v", f.ErrCode)
  1871  	}
  1872  	return buf.String()
  1873  }
  1874
View as plain text