Source file src/net/http/server.go

Documentation: net/http

		 1  // Copyright 2009 The Go Authors. All rights reserved.
		 2  // Use of this source code is governed by a BSD-style
		 3  // license that can be found in the LICENSE file.
		 4  
		 5  // HTTP server. See RFC 7230 through 7235.
		 6  
		 7  package http
		 8  
		 9  import (
		10  	"bufio"
		11  	"bytes"
		12  	"context"
		13  	"crypto/tls"
		14  	"errors"
		15  	"fmt"
		16  	"io"
		17  	"log"
		18  	"math/rand"
		19  	"net"
		20  	"net/textproto"
		21  	"net/url"
		22  	urlpkg "net/url"
		23  	"os"
		24  	"path"
		25  	"runtime"
		26  	"sort"
		27  	"strconv"
		28  	"strings"
		29  	"sync"
		30  	"sync/atomic"
		31  	"time"
		32  
		33  	"golang.org/x/net/http/httpguts"
		34  )
		35  
		36  // Errors used by the HTTP server.
		37  var (
		38  	// ErrBodyNotAllowed is returned by ResponseWriter.Write calls
		39  	// when the HTTP method or response code does not permit a
		40  	// body.
		41  	ErrBodyNotAllowed = errors.New("http: request method or response status code does not allow body")
		42  
		43  	// ErrHijacked is returned by ResponseWriter.Write calls when
		44  	// the underlying connection has been hijacked using the
		45  	// Hijacker interface. A zero-byte write on a hijacked
		46  	// connection will return ErrHijacked without any other side
		47  	// effects.
		48  	ErrHijacked = errors.New("http: connection has been hijacked")
		49  
		50  	// ErrContentLength is returned by ResponseWriter.Write calls
		51  	// when a Handler set a Content-Length response header with a
		52  	// declared size and then attempted to write more bytes than
		53  	// declared.
		54  	ErrContentLength = errors.New("http: wrote more than the declared Content-Length")
		55  
		56  	// Deprecated: ErrWriteAfterFlush is no longer returned by
		57  	// anything in the net/http package. Callers should not
		58  	// compare errors against this variable.
		59  	ErrWriteAfterFlush = errors.New("unused")
		60  )
		61  
		62  // A Handler responds to an HTTP request.
		63  //
		64  // ServeHTTP should write reply headers and data to the ResponseWriter
		65  // and then return. Returning signals that the request is finished; it
		66  // is not valid to use the ResponseWriter or read from the
		67  // Request.Body after or concurrently with the completion of the
		68  // ServeHTTP call.
		69  //
		70  // Depending on the HTTP client software, HTTP protocol version, and
		71  // any intermediaries between the client and the Go server, it may not
		72  // be possible to read from the Request.Body after writing to the
		73  // ResponseWriter. Cautious handlers should read the Request.Body
		74  // first, and then reply.
		75  //
		76  // Except for reading the body, handlers should not modify the
		77  // provided Request.
		78  //
		79  // If ServeHTTP panics, the server (the caller of ServeHTTP) assumes
		80  // that the effect of the panic was isolated to the active request.
		81  // It recovers the panic, logs a stack trace to the server error log,
		82  // and either closes the network connection or sends an HTTP/2
		83  // RST_STREAM, depending on the HTTP protocol. To abort a handler so
		84  // the client sees an interrupted response but the server doesn't log
		85  // an error, panic with the value ErrAbortHandler.
		86  type Handler interface {
		87  	ServeHTTP(ResponseWriter, *Request)
		88  }
		89  
		90  // A ResponseWriter interface is used by an HTTP handler to
		91  // construct an HTTP response.
		92  //
		93  // A ResponseWriter may not be used after the Handler.ServeHTTP method
		94  // has returned.
		95  type ResponseWriter interface {
		96  	// Header returns the header map that will be sent by
		97  	// WriteHeader. The Header map also is the mechanism with which
		98  	// Handlers can set HTTP trailers.
		99  	//
	 100  	// Changing the header map after a call to WriteHeader (or
	 101  	// Write) has no effect unless the modified headers are
	 102  	// trailers.
	 103  	//
	 104  	// There are two ways to set Trailers. The preferred way is to
	 105  	// predeclare in the headers which trailers you will later
	 106  	// send by setting the "Trailer" header to the names of the
	 107  	// trailer keys which will come later. In this case, those
	 108  	// keys of the Header map are treated as if they were
	 109  	// trailers. See the example. The second way, for trailer
	 110  	// keys not known to the Handler until after the first Write,
	 111  	// is to prefix the Header map keys with the TrailerPrefix
	 112  	// constant value. See TrailerPrefix.
	 113  	//
	 114  	// To suppress automatic response headers (such as "Date"), set
	 115  	// their value to nil.
	 116  	Header() Header
	 117  
	 118  	// Write writes the data to the connection as part of an HTTP reply.
	 119  	//
	 120  	// If WriteHeader has not yet been called, Write calls
	 121  	// WriteHeader(http.StatusOK) before writing the data. If the Header
	 122  	// does not contain a Content-Type line, Write adds a Content-Type set
	 123  	// to the result of passing the initial 512 bytes of written data to
	 124  	// DetectContentType. Additionally, if the total size of all written
	 125  	// data is under a few KB and there are no Flush calls, the
	 126  	// Content-Length header is added automatically.
	 127  	//
	 128  	// Depending on the HTTP protocol version and the client, calling
	 129  	// Write or WriteHeader may prevent future reads on the
	 130  	// Request.Body. For HTTP/1.x requests, handlers should read any
	 131  	// needed request body data before writing the response. Once the
	 132  	// headers have been flushed (due to either an explicit Flusher.Flush
	 133  	// call or writing enough data to trigger a flush), the request body
	 134  	// may be unavailable. For HTTP/2 requests, the Go HTTP server permits
	 135  	// handlers to continue to read the request body while concurrently
	 136  	// writing the response. However, such behavior may not be supported
	 137  	// by all HTTP/2 clients. Handlers should read before writing if
	 138  	// possible to maximize compatibility.
	 139  	Write([]byte) (int, error)
	 140  
	 141  	// WriteHeader sends an HTTP response header with the provided
	 142  	// status code.
	 143  	//
	 144  	// If WriteHeader is not called explicitly, the first call to Write
	 145  	// will trigger an implicit WriteHeader(http.StatusOK).
	 146  	// Thus explicit calls to WriteHeader are mainly used to
	 147  	// send error codes.
	 148  	//
	 149  	// The provided code must be a valid HTTP 1xx-5xx status code.
	 150  	// Only one header may be written. Go does not currently
	 151  	// support sending user-defined 1xx informational headers,
	 152  	// with the exception of 100-continue response header that the
	 153  	// Server sends automatically when the Request.Body is read.
	 154  	WriteHeader(statusCode int)
	 155  }
	 156  
	 157  // The Flusher interface is implemented by ResponseWriters that allow
	 158  // an HTTP handler to flush buffered data to the client.
	 159  //
	 160  // The default HTTP/1.x and HTTP/2 ResponseWriter implementations
	 161  // support Flusher, but ResponseWriter wrappers may not. Handlers
	 162  // should always test for this ability at runtime.
	 163  //
	 164  // Note that even for ResponseWriters that support Flush,
	 165  // if the client is connected through an HTTP proxy,
	 166  // the buffered data may not reach the client until the response
	 167  // completes.
	 168  type Flusher interface {
	 169  	// Flush sends any buffered data to the client.
	 170  	Flush()
	 171  }
	 172  
	 173  // The Hijacker interface is implemented by ResponseWriters that allow
	 174  // an HTTP handler to take over the connection.
	 175  //
	 176  // The default ResponseWriter for HTTP/1.x connections supports
	 177  // Hijacker, but HTTP/2 connections intentionally do not.
	 178  // ResponseWriter wrappers may also not support Hijacker. Handlers
	 179  // should always test for this ability at runtime.
	 180  type Hijacker interface {
	 181  	// Hijack lets the caller take over the connection.
	 182  	// After a call to Hijack the HTTP server library
	 183  	// will not do anything else with the connection.
	 184  	//
	 185  	// It becomes the caller's responsibility to manage
	 186  	// and close the connection.
	 187  	//
	 188  	// The returned net.Conn may have read or write deadlines
	 189  	// already set, depending on the configuration of the
	 190  	// Server. It is the caller's responsibility to set
	 191  	// or clear those deadlines as needed.
	 192  	//
	 193  	// The returned bufio.Reader may contain unprocessed buffered
	 194  	// data from the client.
	 195  	//
	 196  	// After a call to Hijack, the original Request.Body must not
	 197  	// be used. The original Request's Context remains valid and
	 198  	// is not canceled until the Request's ServeHTTP method
	 199  	// returns.
	 200  	Hijack() (net.Conn, *bufio.ReadWriter, error)
	 201  }
	 202  
	 203  // The CloseNotifier interface is implemented by ResponseWriters which
	 204  // allow detecting when the underlying connection has gone away.
	 205  //
	 206  // This mechanism can be used to cancel long operations on the server
	 207  // if the client has disconnected before the response is ready.
	 208  //
	 209  // Deprecated: the CloseNotifier interface predates Go's context package.
	 210  // New code should use Request.Context instead.
	 211  type CloseNotifier interface {
	 212  	// CloseNotify returns a channel that receives at most a
	 213  	// single value (true) when the client connection has gone
	 214  	// away.
	 215  	//
	 216  	// CloseNotify may wait to notify until Request.Body has been
	 217  	// fully read.
	 218  	//
	 219  	// After the Handler has returned, there is no guarantee
	 220  	// that the channel receives a value.
	 221  	//
	 222  	// If the protocol is HTTP/1.1 and CloseNotify is called while
	 223  	// processing an idempotent request (such a GET) while
	 224  	// HTTP/1.1 pipelining is in use, the arrival of a subsequent
	 225  	// pipelined request may cause a value to be sent on the
	 226  	// returned channel. In practice HTTP/1.1 pipelining is not
	 227  	// enabled in browsers and not seen often in the wild. If this
	 228  	// is a problem, use HTTP/2 or only use CloseNotify on methods
	 229  	// such as POST.
	 230  	CloseNotify() <-chan bool
	 231  }
	 232  
	 233  var (
	 234  	// ServerContextKey is a context key. It can be used in HTTP
	 235  	// handlers with Context.Value to access the server that
	 236  	// started the handler. The associated value will be of
	 237  	// type *Server.
	 238  	ServerContextKey = &contextKey{"http-server"}
	 239  
	 240  	// LocalAddrContextKey is a context key. It can be used in
	 241  	// HTTP handlers with Context.Value to access the local
	 242  	// address the connection arrived on.
	 243  	// The associated value will be of type net.Addr.
	 244  	LocalAddrContextKey = &contextKey{"local-addr"}
	 245  )
	 246  
	 247  // A conn represents the server side of an HTTP connection.
	 248  type conn struct {
	 249  	// server is the server on which the connection arrived.
	 250  	// Immutable; never nil.
	 251  	server *Server
	 252  
	 253  	// cancelCtx cancels the connection-level context.
	 254  	cancelCtx context.CancelFunc
	 255  
	 256  	// rwc is the underlying network connection.
	 257  	// This is never wrapped by other types and is the value given out
	 258  	// to CloseNotifier callers. It is usually of type *net.TCPConn or
	 259  	// *tls.Conn.
	 260  	rwc net.Conn
	 261  
	 262  	// remoteAddr is rwc.RemoteAddr().String(). It is not populated synchronously
	 263  	// inside the Listener's Accept goroutine, as some implementations block.
	 264  	// It is populated immediately inside the (*conn).serve goroutine.
	 265  	// This is the value of a Handler's (*Request).RemoteAddr.
	 266  	remoteAddr string
	 267  
	 268  	// tlsState is the TLS connection state when using TLS.
	 269  	// nil means not TLS.
	 270  	tlsState *tls.ConnectionState
	 271  
	 272  	// werr is set to the first write error to rwc.
	 273  	// It is set via checkConnErrorWriter{w}, where bufw writes.
	 274  	werr error
	 275  
	 276  	// r is bufr's read source. It's a wrapper around rwc that provides
	 277  	// io.LimitedReader-style limiting (while reading request headers)
	 278  	// and functionality to support CloseNotifier. See *connReader docs.
	 279  	r *connReader
	 280  
	 281  	// bufr reads from r.
	 282  	bufr *bufio.Reader
	 283  
	 284  	// bufw writes to checkConnErrorWriter{c}, which populates werr on error.
	 285  	bufw *bufio.Writer
	 286  
	 287  	// lastMethod is the method of the most recent request
	 288  	// on this connection, if any.
	 289  	lastMethod string
	 290  
	 291  	curReq atomic.Value // of *response (which has a Request in it)
	 292  
	 293  	curState struct{ atomic uint64 } // packed (unixtime<<8|uint8(ConnState))
	 294  
	 295  	// mu guards hijackedv
	 296  	mu sync.Mutex
	 297  
	 298  	// hijackedv is whether this connection has been hijacked
	 299  	// by a Handler with the Hijacker interface.
	 300  	// It is guarded by mu.
	 301  	hijackedv bool
	 302  }
	 303  
	 304  func (c *conn) hijacked() bool {
	 305  	c.mu.Lock()
	 306  	defer c.mu.Unlock()
	 307  	return c.hijackedv
	 308  }
	 309  
	 310  // c.mu must be held.
	 311  func (c *conn) hijackLocked() (rwc net.Conn, buf *bufio.ReadWriter, err error) {
	 312  	if c.hijackedv {
	 313  		return nil, nil, ErrHijacked
	 314  	}
	 315  	c.r.abortPendingRead()
	 316  
	 317  	c.hijackedv = true
	 318  	rwc = c.rwc
	 319  	rwc.SetDeadline(time.Time{})
	 320  
	 321  	buf = bufio.NewReadWriter(c.bufr, bufio.NewWriter(rwc))
	 322  	if c.r.hasByte {
	 323  		if _, err := c.bufr.Peek(c.bufr.Buffered() + 1); err != nil {
	 324  			return nil, nil, fmt.Errorf("unexpected Peek failure reading buffered byte: %v", err)
	 325  		}
	 326  	}
	 327  	c.setState(rwc, StateHijacked, runHooks)
	 328  	return
	 329  }
	 330  
	 331  // This should be >= 512 bytes for DetectContentType,
	 332  // but otherwise it's somewhat arbitrary.
	 333  const bufferBeforeChunkingSize = 2048
	 334  
	 335  // chunkWriter writes to a response's conn buffer, and is the writer
	 336  // wrapped by the response.w buffered writer.
	 337  //
	 338  // chunkWriter also is responsible for finalizing the Header, including
	 339  // conditionally setting the Content-Type and setting a Content-Length
	 340  // in cases where the handler's final output is smaller than the buffer
	 341  // size. It also conditionally adds chunk headers, when in chunking mode.
	 342  //
	 343  // See the comment above (*response).Write for the entire write flow.
	 344  type chunkWriter struct {
	 345  	res *response
	 346  
	 347  	// header is either nil or a deep clone of res.handlerHeader
	 348  	// at the time of res.writeHeader, if res.writeHeader is
	 349  	// called and extra buffering is being done to calculate
	 350  	// Content-Type and/or Content-Length.
	 351  	header Header
	 352  
	 353  	// wroteHeader tells whether the header's been written to "the
	 354  	// wire" (or rather: w.conn.buf). this is unlike
	 355  	// (*response).wroteHeader, which tells only whether it was
	 356  	// logically written.
	 357  	wroteHeader bool
	 358  
	 359  	// set by the writeHeader method:
	 360  	chunking bool // using chunked transfer encoding for reply body
	 361  }
	 362  
	 363  var (
	 364  	crlf			 = []byte("\r\n")
	 365  	colonSpace = []byte(": ")
	 366  )
	 367  
	 368  func (cw *chunkWriter) Write(p []byte) (n int, err error) {
	 369  	if !cw.wroteHeader {
	 370  		cw.writeHeader(p)
	 371  	}
	 372  	if cw.res.req.Method == "HEAD" {
	 373  		// Eat writes.
	 374  		return len(p), nil
	 375  	}
	 376  	if cw.chunking {
	 377  		_, err = fmt.Fprintf(cw.res.conn.bufw, "%x\r\n", len(p))
	 378  		if err != nil {
	 379  			cw.res.conn.rwc.Close()
	 380  			return
	 381  		}
	 382  	}
	 383  	n, err = cw.res.conn.bufw.Write(p)
	 384  	if cw.chunking && err == nil {
	 385  		_, err = cw.res.conn.bufw.Write(crlf)
	 386  	}
	 387  	if err != nil {
	 388  		cw.res.conn.rwc.Close()
	 389  	}
	 390  	return
	 391  }
	 392  
	 393  func (cw *chunkWriter) flush() {
	 394  	if !cw.wroteHeader {
	 395  		cw.writeHeader(nil)
	 396  	}
	 397  	cw.res.conn.bufw.Flush()
	 398  }
	 399  
	 400  func (cw *chunkWriter) close() {
	 401  	if !cw.wroteHeader {
	 402  		cw.writeHeader(nil)
	 403  	}
	 404  	if cw.chunking {
	 405  		bw := cw.res.conn.bufw // conn's bufio writer
	 406  		// zero chunk to mark EOF
	 407  		bw.WriteString("0\r\n")
	 408  		if trailers := cw.res.finalTrailers(); trailers != nil {
	 409  			trailers.Write(bw) // the writer handles noting errors
	 410  		}
	 411  		// final blank line after the trailers (whether
	 412  		// present or not)
	 413  		bw.WriteString("\r\n")
	 414  	}
	 415  }
	 416  
	 417  // A response represents the server side of an HTTP response.
	 418  type response struct {
	 419  	conn						 *conn
	 420  	req							*Request // request for this response
	 421  	reqBody					io.ReadCloser
	 422  	cancelCtx				context.CancelFunc // when ServeHTTP exits
	 423  	wroteHeader			bool							 // reply header has been (logically) written
	 424  	wroteContinue		bool							 // 100 Continue response was written
	 425  	wants10KeepAlive bool							 // HTTP/1.0 w/ Connection "keep-alive"
	 426  	wantsClose			 bool							 // HTTP request has Connection "close"
	 427  
	 428  	// canWriteContinue is a boolean value accessed as an atomic int32
	 429  	// that says whether or not a 100 Continue header can be written
	 430  	// to the connection.
	 431  	// writeContinueMu must be held while writing the header.
	 432  	// These two fields together synchronize the body reader
	 433  	// (the expectContinueReader, which wants to write 100 Continue)
	 434  	// against the main writer.
	 435  	canWriteContinue atomicBool
	 436  	writeContinueMu	sync.Mutex
	 437  
	 438  	w	*bufio.Writer // buffers output in chunks to chunkWriter
	 439  	cw chunkWriter
	 440  
	 441  	// handlerHeader is the Header that Handlers get access to,
	 442  	// which may be retained and mutated even after WriteHeader.
	 443  	// handlerHeader is copied into cw.header at WriteHeader
	 444  	// time, and privately mutated thereafter.
	 445  	handlerHeader Header
	 446  	calledHeader	bool // handler accessed handlerHeader via Header
	 447  
	 448  	written			 int64 // number of bytes written in body
	 449  	contentLength int64 // explicitly-declared Content-Length; or -1
	 450  	status				int	 // status code passed to WriteHeader
	 451  
	 452  	// close connection after this reply.	set on request and
	 453  	// updated after response from handler if there's a
	 454  	// "Connection: keep-alive" response header and a
	 455  	// Content-Length.
	 456  	closeAfterReply bool
	 457  
	 458  	// requestBodyLimitHit is set by requestTooLarge when
	 459  	// maxBytesReader hits its max size. It is checked in
	 460  	// WriteHeader, to make sure we don't consume the
	 461  	// remaining request body to try to advance to the next HTTP
	 462  	// request. Instead, when this is set, we stop reading
	 463  	// subsequent requests on this connection and stop reading
	 464  	// input from it.
	 465  	requestBodyLimitHit bool
	 466  
	 467  	// trailers are the headers to be sent after the handler
	 468  	// finishes writing the body. This field is initialized from
	 469  	// the Trailer response header when the response header is
	 470  	// written.
	 471  	trailers []string
	 472  
	 473  	handlerDone atomicBool // set true when the handler exits
	 474  
	 475  	// Buffers for Date, Content-Length, and status code
	 476  	dateBuf	 [len(TimeFormat)]byte
	 477  	clenBuf	 [10]byte
	 478  	statusBuf [3]byte
	 479  
	 480  	// closeNotifyCh is the channel returned by CloseNotify.
	 481  	// TODO(bradfitz): this is currently (for Go 1.8) always
	 482  	// non-nil. Make this lazily-created again as it used to be?
	 483  	closeNotifyCh	chan bool
	 484  	didCloseNotify int32 // atomic (only 0->1 winner should send)
	 485  }
	 486  
	 487  // TrailerPrefix is a magic prefix for ResponseWriter.Header map keys
	 488  // that, if present, signals that the map entry is actually for
	 489  // the response trailers, and not the response headers. The prefix
	 490  // is stripped after the ServeHTTP call finishes and the values are
	 491  // sent in the trailers.
	 492  //
	 493  // This mechanism is intended only for trailers that are not known
	 494  // prior to the headers being written. If the set of trailers is fixed
	 495  // or known before the header is written, the normal Go trailers mechanism
	 496  // is preferred:
	 497  //		https://golang.org/pkg/net/http/#ResponseWriter
	 498  //		https://golang.org/pkg/net/http/#example_ResponseWriter_trailers
	 499  const TrailerPrefix = "Trailer:"
	 500  
	 501  // finalTrailers is called after the Handler exits and returns a non-nil
	 502  // value if the Handler set any trailers.
	 503  func (w *response) finalTrailers() Header {
	 504  	var t Header
	 505  	for k, vv := range w.handlerHeader {
	 506  		if strings.HasPrefix(k, TrailerPrefix) {
	 507  			if t == nil {
	 508  				t = make(Header)
	 509  			}
	 510  			t[strings.TrimPrefix(k, TrailerPrefix)] = vv
	 511  		}
	 512  	}
	 513  	for _, k := range w.trailers {
	 514  		if t == nil {
	 515  			t = make(Header)
	 516  		}
	 517  		for _, v := range w.handlerHeader[k] {
	 518  			t.Add(k, v)
	 519  		}
	 520  	}
	 521  	return t
	 522  }
	 523  
	 524  type atomicBool int32
	 525  
	 526  func (b *atomicBool) isSet() bool { return atomic.LoadInt32((*int32)(b)) != 0 }
	 527  func (b *atomicBool) setTrue()		{ atomic.StoreInt32((*int32)(b), 1) }
	 528  func (b *atomicBool) setFalse()	 { atomic.StoreInt32((*int32)(b), 0) }
	 529  
	 530  // declareTrailer is called for each Trailer header when the
	 531  // response header is written. It notes that a header will need to be
	 532  // written in the trailers at the end of the response.
	 533  func (w *response) declareTrailer(k string) {
	 534  	k = CanonicalHeaderKey(k)
	 535  	if !httpguts.ValidTrailerHeader(k) {
	 536  		// Forbidden by RFC 7230, section 4.1.2
	 537  		return
	 538  	}
	 539  	w.trailers = append(w.trailers, k)
	 540  }
	 541  
	 542  // requestTooLarge is called by maxBytesReader when too much input has
	 543  // been read from the client.
	 544  func (w *response) requestTooLarge() {
	 545  	w.closeAfterReply = true
	 546  	w.requestBodyLimitHit = true
	 547  	if !w.wroteHeader {
	 548  		w.Header().Set("Connection", "close")
	 549  	}
	 550  }
	 551  
	 552  // needsSniff reports whether a Content-Type still needs to be sniffed.
	 553  func (w *response) needsSniff() bool {
	 554  	_, haveType := w.handlerHeader["Content-Type"]
	 555  	return !w.cw.wroteHeader && !haveType && w.written < sniffLen
	 556  }
	 557  
	 558  // writerOnly hides an io.Writer value's optional ReadFrom method
	 559  // from io.Copy.
	 560  type writerOnly struct {
	 561  	io.Writer
	 562  }
	 563  
	 564  // ReadFrom is here to optimize copying from an *os.File regular file
	 565  // to a *net.TCPConn with sendfile, or from a supported src type such
	 566  // as a *net.TCPConn on Linux with splice.
	 567  func (w *response) ReadFrom(src io.Reader) (n int64, err error) {
	 568  	bufp := copyBufPool.Get().(*[]byte)
	 569  	buf := *bufp
	 570  	defer copyBufPool.Put(bufp)
	 571  
	 572  	// Our underlying w.conn.rwc is usually a *TCPConn (with its
	 573  	// own ReadFrom method). If not, just fall back to the normal
	 574  	// copy method.
	 575  	rf, ok := w.conn.rwc.(io.ReaderFrom)
	 576  	if !ok {
	 577  		return io.CopyBuffer(writerOnly{w}, src, buf)
	 578  	}
	 579  
	 580  	// Copy the first sniffLen bytes before switching to ReadFrom.
	 581  	// This ensures we don't start writing the response before the
	 582  	// source is available (see golang.org/issue/5660) and provides
	 583  	// enough bytes to perform Content-Type sniffing when required.
	 584  	if !w.cw.wroteHeader {
	 585  		n0, err := io.CopyBuffer(writerOnly{w}, io.LimitReader(src, sniffLen), buf)
	 586  		n += n0
	 587  		if err != nil || n0 < sniffLen {
	 588  			return n, err
	 589  		}
	 590  	}
	 591  
	 592  	w.w.Flush()	// get rid of any previous writes
	 593  	w.cw.flush() // make sure Header is written; flush data to rwc
	 594  
	 595  	// Now that cw has been flushed, its chunking field is guaranteed initialized.
	 596  	if !w.cw.chunking && w.bodyAllowed() {
	 597  		n0, err := rf.ReadFrom(src)
	 598  		n += n0
	 599  		w.written += n0
	 600  		return n, err
	 601  	}
	 602  
	 603  	n0, err := io.CopyBuffer(writerOnly{w}, src, buf)
	 604  	n += n0
	 605  	return n, err
	 606  }
	 607  
	 608  // debugServerConnections controls whether all server connections are wrapped
	 609  // with a verbose logging wrapper.
	 610  const debugServerConnections = false
	 611  
	 612  // Create new connection from rwc.
	 613  func (srv *Server) newConn(rwc net.Conn) *conn {
	 614  	c := &conn{
	 615  		server: srv,
	 616  		rwc:		rwc,
	 617  	}
	 618  	if debugServerConnections {
	 619  		c.rwc = newLoggingConn("server", c.rwc)
	 620  	}
	 621  	return c
	 622  }
	 623  
	 624  type readResult struct {
	 625  	_	 incomparable
	 626  	n	 int
	 627  	err error
	 628  	b	 byte // byte read, if n == 1
	 629  }
	 630  
	 631  // connReader is the io.Reader wrapper used by *conn. It combines a
	 632  // selectively-activated io.LimitedReader (to bound request header
	 633  // read sizes) with support for selectively keeping an io.Reader.Read
	 634  // call blocked in a background goroutine to wait for activity and
	 635  // trigger a CloseNotifier channel.
	 636  type connReader struct {
	 637  	conn *conn
	 638  
	 639  	mu			sync.Mutex // guards following
	 640  	hasByte bool
	 641  	byteBuf [1]byte
	 642  	cond		*sync.Cond
	 643  	inRead	bool
	 644  	aborted bool	// set true before conn.rwc deadline is set to past
	 645  	remain	int64 // bytes remaining
	 646  }
	 647  
	 648  func (cr *connReader) lock() {
	 649  	cr.mu.Lock()
	 650  	if cr.cond == nil {
	 651  		cr.cond = sync.NewCond(&cr.mu)
	 652  	}
	 653  }
	 654  
	 655  func (cr *connReader) unlock() { cr.mu.Unlock() }
	 656  
	 657  func (cr *connReader) startBackgroundRead() {
	 658  	cr.lock()
	 659  	defer cr.unlock()
	 660  	if cr.inRead {
	 661  		panic("invalid concurrent Body.Read call")
	 662  	}
	 663  	if cr.hasByte {
	 664  		return
	 665  	}
	 666  	cr.inRead = true
	 667  	cr.conn.rwc.SetReadDeadline(time.Time{})
	 668  	go cr.backgroundRead()
	 669  }
	 670  
	 671  func (cr *connReader) backgroundRead() {
	 672  	n, err := cr.conn.rwc.Read(cr.byteBuf[:])
	 673  	cr.lock()
	 674  	if n == 1 {
	 675  		cr.hasByte = true
	 676  		// We were past the end of the previous request's body already
	 677  		// (since we wouldn't be in a background read otherwise), so
	 678  		// this is a pipelined HTTP request. Prior to Go 1.11 we used to
	 679  		// send on the CloseNotify channel and cancel the context here,
	 680  		// but the behavior was documented as only "may", and we only
	 681  		// did that because that's how CloseNotify accidentally behaved
	 682  		// in very early Go releases prior to context support. Once we
	 683  		// added context support, people used a Handler's
	 684  		// Request.Context() and passed it along. Having that context
	 685  		// cancel on pipelined HTTP requests caused problems.
	 686  		// Fortunately, almost nothing uses HTTP/1.x pipelining.
	 687  		// Unfortunately, apt-get does, or sometimes does.
	 688  		// New Go 1.11 behavior: don't fire CloseNotify or cancel
	 689  		// contexts on pipelined requests. Shouldn't affect people, but
	 690  		// fixes cases like Issue 23921. This does mean that a client
	 691  		// closing their TCP connection after sending a pipelined
	 692  		// request won't cancel the context, but we'll catch that on any
	 693  		// write failure (in checkConnErrorWriter.Write).
	 694  		// If the server never writes, yes, there are still contrived
	 695  		// server & client behaviors where this fails to ever cancel the
	 696  		// context, but that's kinda why HTTP/1.x pipelining died
	 697  		// anyway.
	 698  	}
	 699  	if ne, ok := err.(net.Error); ok && cr.aborted && ne.Timeout() {
	 700  		// Ignore this error. It's the expected error from
	 701  		// another goroutine calling abortPendingRead.
	 702  	} else if err != nil {
	 703  		cr.handleReadError(err)
	 704  	}
	 705  	cr.aborted = false
	 706  	cr.inRead = false
	 707  	cr.unlock()
	 708  	cr.cond.Broadcast()
	 709  }
	 710  
	 711  func (cr *connReader) abortPendingRead() {
	 712  	cr.lock()
	 713  	defer cr.unlock()
	 714  	if !cr.inRead {
	 715  		return
	 716  	}
	 717  	cr.aborted = true
	 718  	cr.conn.rwc.SetReadDeadline(aLongTimeAgo)
	 719  	for cr.inRead {
	 720  		cr.cond.Wait()
	 721  	}
	 722  	cr.conn.rwc.SetReadDeadline(time.Time{})
	 723  }
	 724  
	 725  func (cr *connReader) setReadLimit(remain int64) { cr.remain = remain }
	 726  func (cr *connReader) setInfiniteReadLimit()		 { cr.remain = maxInt64 }
	 727  func (cr *connReader) hitReadLimit() bool				{ return cr.remain <= 0 }
	 728  
	 729  // handleReadError is called whenever a Read from the client returns a
	 730  // non-nil error.
	 731  //
	 732  // The provided non-nil err is almost always io.EOF or a "use of
	 733  // closed network connection". In any case, the error is not
	 734  // particularly interesting, except perhaps for debugging during
	 735  // development. Any error means the connection is dead and we should
	 736  // down its context.
	 737  //
	 738  // It may be called from multiple goroutines.
	 739  func (cr *connReader) handleReadError(_ error) {
	 740  	cr.conn.cancelCtx()
	 741  	cr.closeNotify()
	 742  }
	 743  
	 744  // may be called from multiple goroutines.
	 745  func (cr *connReader) closeNotify() {
	 746  	res, _ := cr.conn.curReq.Load().(*response)
	 747  	if res != nil && atomic.CompareAndSwapInt32(&res.didCloseNotify, 0, 1) {
	 748  		res.closeNotifyCh <- true
	 749  	}
	 750  }
	 751  
	 752  func (cr *connReader) Read(p []byte) (n int, err error) {
	 753  	cr.lock()
	 754  	if cr.inRead {
	 755  		cr.unlock()
	 756  		if cr.conn.hijacked() {
	 757  			panic("invalid Body.Read call. After hijacked, the original Request must not be used")
	 758  		}
	 759  		panic("invalid concurrent Body.Read call")
	 760  	}
	 761  	if cr.hitReadLimit() {
	 762  		cr.unlock()
	 763  		return 0, io.EOF
	 764  	}
	 765  	if len(p) == 0 {
	 766  		cr.unlock()
	 767  		return 0, nil
	 768  	}
	 769  	if int64(len(p)) > cr.remain {
	 770  		p = p[:cr.remain]
	 771  	}
	 772  	if cr.hasByte {
	 773  		p[0] = cr.byteBuf[0]
	 774  		cr.hasByte = false
	 775  		cr.unlock()
	 776  		return 1, nil
	 777  	}
	 778  	cr.inRead = true
	 779  	cr.unlock()
	 780  	n, err = cr.conn.rwc.Read(p)
	 781  
	 782  	cr.lock()
	 783  	cr.inRead = false
	 784  	if err != nil {
	 785  		cr.handleReadError(err)
	 786  	}
	 787  	cr.remain -= int64(n)
	 788  	cr.unlock()
	 789  
	 790  	cr.cond.Broadcast()
	 791  	return n, err
	 792  }
	 793  
	 794  var (
	 795  	bufioReaderPool	 sync.Pool
	 796  	bufioWriter2kPool sync.Pool
	 797  	bufioWriter4kPool sync.Pool
	 798  )
	 799  
	 800  var copyBufPool = sync.Pool{
	 801  	New: func() interface{} {
	 802  		b := make([]byte, 32*1024)
	 803  		return &b
	 804  	},
	 805  }
	 806  
	 807  func bufioWriterPool(size int) *sync.Pool {
	 808  	switch size {
	 809  	case 2 << 10:
	 810  		return &bufioWriter2kPool
	 811  	case 4 << 10:
	 812  		return &bufioWriter4kPool
	 813  	}
	 814  	return nil
	 815  }
	 816  
	 817  func newBufioReader(r io.Reader) *bufio.Reader {
	 818  	if v := bufioReaderPool.Get(); v != nil {
	 819  		br := v.(*bufio.Reader)
	 820  		br.Reset(r)
	 821  		return br
	 822  	}
	 823  	// Note: if this reader size is ever changed, update
	 824  	// TestHandlerBodyClose's assumptions.
	 825  	return bufio.NewReader(r)
	 826  }
	 827  
	 828  func putBufioReader(br *bufio.Reader) {
	 829  	br.Reset(nil)
	 830  	bufioReaderPool.Put(br)
	 831  }
	 832  
	 833  func newBufioWriterSize(w io.Writer, size int) *bufio.Writer {
	 834  	pool := bufioWriterPool(size)
	 835  	if pool != nil {
	 836  		if v := pool.Get(); v != nil {
	 837  			bw := v.(*bufio.Writer)
	 838  			bw.Reset(w)
	 839  			return bw
	 840  		}
	 841  	}
	 842  	return bufio.NewWriterSize(w, size)
	 843  }
	 844  
	 845  func putBufioWriter(bw *bufio.Writer) {
	 846  	bw.Reset(nil)
	 847  	if pool := bufioWriterPool(bw.Available()); pool != nil {
	 848  		pool.Put(bw)
	 849  	}
	 850  }
	 851  
	 852  // DefaultMaxHeaderBytes is the maximum permitted size of the headers
	 853  // in an HTTP request.
	 854  // This can be overridden by setting Server.MaxHeaderBytes.
	 855  const DefaultMaxHeaderBytes = 1 << 20 // 1 MB
	 856  
	 857  func (srv *Server) maxHeaderBytes() int {
	 858  	if srv.MaxHeaderBytes > 0 {
	 859  		return srv.MaxHeaderBytes
	 860  	}
	 861  	return DefaultMaxHeaderBytes
	 862  }
	 863  
	 864  func (srv *Server) initialReadLimitSize() int64 {
	 865  	return int64(srv.maxHeaderBytes()) + 4096 // bufio slop
	 866  }
	 867  
	 868  // wrapper around io.ReadCloser which on first read, sends an
	 869  // HTTP/1.1 100 Continue header
	 870  type expectContinueReader struct {
	 871  	resp			 *response
	 872  	readCloser io.ReadCloser
	 873  	closed		 atomicBool
	 874  	sawEOF		 atomicBool
	 875  }
	 876  
	 877  func (ecr *expectContinueReader) Read(p []byte) (n int, err error) {
	 878  	if ecr.closed.isSet() {
	 879  		return 0, ErrBodyReadAfterClose
	 880  	}
	 881  	w := ecr.resp
	 882  	if !w.wroteContinue && w.canWriteContinue.isSet() && !w.conn.hijacked() {
	 883  		w.wroteContinue = true
	 884  		w.writeContinueMu.Lock()
	 885  		if w.canWriteContinue.isSet() {
	 886  			w.conn.bufw.WriteString("HTTP/1.1 100 Continue\r\n\r\n")
	 887  			w.conn.bufw.Flush()
	 888  			w.canWriteContinue.setFalse()
	 889  		}
	 890  		w.writeContinueMu.Unlock()
	 891  	}
	 892  	n, err = ecr.readCloser.Read(p)
	 893  	if err == io.EOF {
	 894  		ecr.sawEOF.setTrue()
	 895  	}
	 896  	return
	 897  }
	 898  
	 899  func (ecr *expectContinueReader) Close() error {
	 900  	ecr.closed.setTrue()
	 901  	return ecr.readCloser.Close()
	 902  }
	 903  
	 904  // TimeFormat is the time format to use when generating times in HTTP
	 905  // headers. It is like time.RFC1123 but hard-codes GMT as the time
	 906  // zone. The time being formatted must be in UTC for Format to
	 907  // generate the correct format.
	 908  //
	 909  // For parsing this time format, see ParseTime.
	 910  const TimeFormat = "Mon, 02 Jan 2006 15:04:05 GMT"
	 911  
	 912  // appendTime is a non-allocating version of []byte(t.UTC().Format(TimeFormat))
	 913  func appendTime(b []byte, t time.Time) []byte {
	 914  	const days = "SunMonTueWedThuFriSat"
	 915  	const months = "JanFebMarAprMayJunJulAugSepOctNovDec"
	 916  
	 917  	t = t.UTC()
	 918  	yy, mm, dd := t.Date()
	 919  	hh, mn, ss := t.Clock()
	 920  	day := days[3*t.Weekday():]
	 921  	mon := months[3*(mm-1):]
	 922  
	 923  	return append(b,
	 924  		day[0], day[1], day[2], ',', ' ',
	 925  		byte('0'+dd/10), byte('0'+dd%10), ' ',
	 926  		mon[0], mon[1], mon[2], ' ',
	 927  		byte('0'+yy/1000), byte('0'+(yy/100)%10), byte('0'+(yy/10)%10), byte('0'+yy%10), ' ',
	 928  		byte('0'+hh/10), byte('0'+hh%10), ':',
	 929  		byte('0'+mn/10), byte('0'+mn%10), ':',
	 930  		byte('0'+ss/10), byte('0'+ss%10), ' ',
	 931  		'G', 'M', 'T')
	 932  }
	 933  
	 934  var errTooLarge = errors.New("http: request too large")
	 935  
	 936  // Read next request from connection.
	 937  func (c *conn) readRequest(ctx context.Context) (w *response, err error) {
	 938  	if c.hijacked() {
	 939  		return nil, ErrHijacked
	 940  	}
	 941  
	 942  	var (
	 943  		wholeReqDeadline time.Time // or zero if none
	 944  		hdrDeadline			time.Time // or zero if none
	 945  	)
	 946  	t0 := time.Now()
	 947  	if d := c.server.readHeaderTimeout(); d > 0 {
	 948  		hdrDeadline = t0.Add(d)
	 949  	}
	 950  	if d := c.server.ReadTimeout; d > 0 {
	 951  		wholeReqDeadline = t0.Add(d)
	 952  	}
	 953  	c.rwc.SetReadDeadline(hdrDeadline)
	 954  	if d := c.server.WriteTimeout; d > 0 {
	 955  		defer func() {
	 956  			c.rwc.SetWriteDeadline(time.Now().Add(d))
	 957  		}()
	 958  	}
	 959  
	 960  	c.r.setReadLimit(c.server.initialReadLimitSize())
	 961  	if c.lastMethod == "POST" {
	 962  		// RFC 7230 section 3 tolerance for old buggy clients.
	 963  		peek, _ := c.bufr.Peek(4) // ReadRequest will get err below
	 964  		c.bufr.Discard(numLeadingCRorLF(peek))
	 965  	}
	 966  	req, err := readRequest(c.bufr)
	 967  	if err != nil {
	 968  		if c.r.hitReadLimit() {
	 969  			return nil, errTooLarge
	 970  		}
	 971  		return nil, err
	 972  	}
	 973  
	 974  	if !http1ServerSupportsRequest(req) {
	 975  		return nil, statusError{StatusHTTPVersionNotSupported, "unsupported protocol version"}
	 976  	}
	 977  
	 978  	c.lastMethod = req.Method
	 979  	c.r.setInfiniteReadLimit()
	 980  
	 981  	hosts, haveHost := req.Header["Host"]
	 982  	isH2Upgrade := req.isH2Upgrade()
	 983  	if req.ProtoAtLeast(1, 1) && (!haveHost || len(hosts) == 0) && !isH2Upgrade && req.Method != "CONNECT" {
	 984  		return nil, badRequestError("missing required Host header")
	 985  	}
	 986  	if len(hosts) == 1 && !httpguts.ValidHostHeader(hosts[0]) {
	 987  		return nil, badRequestError("malformed Host header")
	 988  	}
	 989  	for k, vv := range req.Header {
	 990  		if !httpguts.ValidHeaderFieldName(k) {
	 991  			return nil, badRequestError("invalid header name")
	 992  		}
	 993  		for _, v := range vv {
	 994  			if !httpguts.ValidHeaderFieldValue(v) {
	 995  				return nil, badRequestError("invalid header value")
	 996  			}
	 997  		}
	 998  	}
	 999  	delete(req.Header, "Host")
	1000  
	1001  	ctx, cancelCtx := context.WithCancel(ctx)
	1002  	req.ctx = ctx
	1003  	req.RemoteAddr = c.remoteAddr
	1004  	req.TLS = c.tlsState
	1005  	if body, ok := req.Body.(*body); ok {
	1006  		body.doEarlyClose = true
	1007  	}
	1008  
	1009  	// Adjust the read deadline if necessary.
	1010  	if !hdrDeadline.Equal(wholeReqDeadline) {
	1011  		c.rwc.SetReadDeadline(wholeReqDeadline)
	1012  	}
	1013  
	1014  	w = &response{
	1015  		conn:					c,
	1016  		cancelCtx:		 cancelCtx,
	1017  		req:					 req,
	1018  		reqBody:			 req.Body,
	1019  		handlerHeader: make(Header),
	1020  		contentLength: -1,
	1021  		closeNotifyCh: make(chan bool, 1),
	1022  
	1023  		// We populate these ahead of time so we're not
	1024  		// reading from req.Header after their Handler starts
	1025  		// and maybe mutates it (Issue 14940)
	1026  		wants10KeepAlive: req.wantsHttp10KeepAlive(),
	1027  		wantsClose:			 req.wantsClose(),
	1028  	}
	1029  	if isH2Upgrade {
	1030  		w.closeAfterReply = true
	1031  	}
	1032  	w.cw.res = w
	1033  	w.w = newBufioWriterSize(&w.cw, bufferBeforeChunkingSize)
	1034  	return w, nil
	1035  }
	1036  
	1037  // http1ServerSupportsRequest reports whether Go's HTTP/1.x server
	1038  // supports the given request.
	1039  func http1ServerSupportsRequest(req *Request) bool {
	1040  	if req.ProtoMajor == 1 {
	1041  		return true
	1042  	}
	1043  	// Accept "PRI * HTTP/2.0" upgrade requests, so Handlers can
	1044  	// wire up their own HTTP/2 upgrades.
	1045  	if req.ProtoMajor == 2 && req.ProtoMinor == 0 &&
	1046  		req.Method == "PRI" && req.RequestURI == "*" {
	1047  		return true
	1048  	}
	1049  	// Reject HTTP/0.x, and all other HTTP/2+ requests (which
	1050  	// aren't encoded in ASCII anyway).
	1051  	return false
	1052  }
	1053  
	1054  func (w *response) Header() Header {
	1055  	if w.cw.header == nil && w.wroteHeader && !w.cw.wroteHeader {
	1056  		// Accessing the header between logically writing it
	1057  		// and physically writing it means we need to allocate
	1058  		// a clone to snapshot the logically written state.
	1059  		w.cw.header = w.handlerHeader.Clone()
	1060  	}
	1061  	w.calledHeader = true
	1062  	return w.handlerHeader
	1063  }
	1064  
	1065  // maxPostHandlerReadBytes is the max number of Request.Body bytes not
	1066  // consumed by a handler that the server will read from the client
	1067  // in order to keep a connection alive. If there are more bytes than
	1068  // this then the server to be paranoid instead sends a "Connection:
	1069  // close" response.
	1070  //
	1071  // This number is approximately what a typical machine's TCP buffer
	1072  // size is anyway.	(if we have the bytes on the machine, we might as
	1073  // well read them)
	1074  const maxPostHandlerReadBytes = 256 << 10
	1075  
	1076  func checkWriteHeaderCode(code int) {
	1077  	// Issue 22880: require valid WriteHeader status codes.
	1078  	// For now we only enforce that it's three digits.
	1079  	// In the future we might block things over 599 (600 and above aren't defined
	1080  	// at https://httpwg.org/specs/rfc7231.html#status.codes)
	1081  	// and we might block under 200 (once we have more mature 1xx support).
	1082  	// But for now any three digits.
	1083  	//
	1084  	// We used to send "HTTP/1.1 000 0" on the wire in responses but there's
	1085  	// no equivalent bogus thing we can realistically send in HTTP/2,
	1086  	// so we'll consistently panic instead and help people find their bugs
	1087  	// early. (We can't return an error from WriteHeader even if we wanted to.)
	1088  	if code < 100 || code > 999 {
	1089  		panic(fmt.Sprintf("invalid WriteHeader code %v", code))
	1090  	}
	1091  }
	1092  
	1093  // relevantCaller searches the call stack for the first function outside of net/http.
	1094  // The purpose of this function is to provide more helpful error messages.
	1095  func relevantCaller() runtime.Frame {
	1096  	pc := make([]uintptr, 16)
	1097  	n := runtime.Callers(1, pc)
	1098  	frames := runtime.CallersFrames(pc[:n])
	1099  	var frame runtime.Frame
	1100  	for {
	1101  		frame, more := frames.Next()
	1102  		if !strings.HasPrefix(frame.Function, "net/http.") {
	1103  			return frame
	1104  		}
	1105  		if !more {
	1106  			break
	1107  		}
	1108  	}
	1109  	return frame
	1110  }
	1111  
	1112  func (w *response) WriteHeader(code int) {
	1113  	if w.conn.hijacked() {
	1114  		caller := relevantCaller()
	1115  		w.conn.server.logf("http: response.WriteHeader on hijacked connection from %s (%s:%d)", caller.Function, path.Base(caller.File), caller.Line)
	1116  		return
	1117  	}
	1118  	if w.wroteHeader {
	1119  		caller := relevantCaller()
	1120  		w.conn.server.logf("http: superfluous response.WriteHeader call from %s (%s:%d)", caller.Function, path.Base(caller.File), caller.Line)
	1121  		return
	1122  	}
	1123  	checkWriteHeaderCode(code)
	1124  	w.wroteHeader = true
	1125  	w.status = code
	1126  
	1127  	if w.calledHeader && w.cw.header == nil {
	1128  		w.cw.header = w.handlerHeader.Clone()
	1129  	}
	1130  
	1131  	if cl := w.handlerHeader.get("Content-Length"); cl != "" {
	1132  		v, err := strconv.ParseInt(cl, 10, 64)
	1133  		if err == nil && v >= 0 {
	1134  			w.contentLength = v
	1135  		} else {
	1136  			w.conn.server.logf("http: invalid Content-Length of %q", cl)
	1137  			w.handlerHeader.Del("Content-Length")
	1138  		}
	1139  	}
	1140  }
	1141  
	1142  // extraHeader is the set of headers sometimes added by chunkWriter.writeHeader.
	1143  // This type is used to avoid extra allocations from cloning and/or populating
	1144  // the response Header map and all its 1-element slices.
	1145  type extraHeader struct {
	1146  	contentType			string
	1147  	connection			 string
	1148  	transferEncoding string
	1149  	date						 []byte // written if not nil
	1150  	contentLength		[]byte // written if not nil
	1151  }
	1152  
	1153  // Sorted the same as extraHeader.Write's loop.
	1154  var extraHeaderKeys = [][]byte{
	1155  	[]byte("Content-Type"),
	1156  	[]byte("Connection"),
	1157  	[]byte("Transfer-Encoding"),
	1158  }
	1159  
	1160  var (
	1161  	headerContentLength = []byte("Content-Length: ")
	1162  	headerDate					= []byte("Date: ")
	1163  )
	1164  
	1165  // Write writes the headers described in h to w.
	1166  //
	1167  // This method has a value receiver, despite the somewhat large size
	1168  // of h, because it prevents an allocation. The escape analysis isn't
	1169  // smart enough to realize this function doesn't mutate h.
	1170  func (h extraHeader) Write(w *bufio.Writer) {
	1171  	if h.date != nil {
	1172  		w.Write(headerDate)
	1173  		w.Write(h.date)
	1174  		w.Write(crlf)
	1175  	}
	1176  	if h.contentLength != nil {
	1177  		w.Write(headerContentLength)
	1178  		w.Write(h.contentLength)
	1179  		w.Write(crlf)
	1180  	}
	1181  	for i, v := range []string{h.contentType, h.connection, h.transferEncoding} {
	1182  		if v != "" {
	1183  			w.Write(extraHeaderKeys[i])
	1184  			w.Write(colonSpace)
	1185  			w.WriteString(v)
	1186  			w.Write(crlf)
	1187  		}
	1188  	}
	1189  }
	1190  
	1191  // writeHeader finalizes the header sent to the client and writes it
	1192  // to cw.res.conn.bufw.
	1193  //
	1194  // p is not written by writeHeader, but is the first chunk of the body
	1195  // that will be written. It is sniffed for a Content-Type if none is
	1196  // set explicitly. It's also used to set the Content-Length, if the
	1197  // total body size was small and the handler has already finished
	1198  // running.
	1199  func (cw *chunkWriter) writeHeader(p []byte) {
	1200  	if cw.wroteHeader {
	1201  		return
	1202  	}
	1203  	cw.wroteHeader = true
	1204  
	1205  	w := cw.res
	1206  	keepAlivesEnabled := w.conn.server.doKeepAlives()
	1207  	isHEAD := w.req.Method == "HEAD"
	1208  
	1209  	// header is written out to w.conn.buf below. Depending on the
	1210  	// state of the handler, we either own the map or not. If we
	1211  	// don't own it, the exclude map is created lazily for
	1212  	// WriteSubset to remove headers. The setHeader struct holds
	1213  	// headers we need to add.
	1214  	header := cw.header
	1215  	owned := header != nil
	1216  	if !owned {
	1217  		header = w.handlerHeader
	1218  	}
	1219  	var excludeHeader map[string]bool
	1220  	delHeader := func(key string) {
	1221  		if owned {
	1222  			header.Del(key)
	1223  			return
	1224  		}
	1225  		if _, ok := header[key]; !ok {
	1226  			return
	1227  		}
	1228  		if excludeHeader == nil {
	1229  			excludeHeader = make(map[string]bool)
	1230  		}
	1231  		excludeHeader[key] = true
	1232  	}
	1233  	var setHeader extraHeader
	1234  
	1235  	// Don't write out the fake "Trailer:foo" keys. See TrailerPrefix.
	1236  	trailers := false
	1237  	for k := range cw.header {
	1238  		if strings.HasPrefix(k, TrailerPrefix) {
	1239  			if excludeHeader == nil {
	1240  				excludeHeader = make(map[string]bool)
	1241  			}
	1242  			excludeHeader[k] = true
	1243  			trailers = true
	1244  		}
	1245  	}
	1246  	for _, v := range cw.header["Trailer"] {
	1247  		trailers = true
	1248  		foreachHeaderElement(v, cw.res.declareTrailer)
	1249  	}
	1250  
	1251  	te := header.get("Transfer-Encoding")
	1252  	hasTE := te != ""
	1253  
	1254  	// If the handler is done but never sent a Content-Length
	1255  	// response header and this is our first (and last) write, set
	1256  	// it, even to zero. This helps HTTP/1.0 clients keep their
	1257  	// "keep-alive" connections alive.
	1258  	// Exceptions: 304/204/1xx responses never get Content-Length, and if
	1259  	// it was a HEAD request, we don't know the difference between
	1260  	// 0 actual bytes and 0 bytes because the handler noticed it
	1261  	// was a HEAD request and chose not to write anything. So for
	1262  	// HEAD, the handler should either write the Content-Length or
	1263  	// write non-zero bytes. If it's actually 0 bytes and the
	1264  	// handler never looked at the Request.Method, we just don't
	1265  	// send a Content-Length header.
	1266  	// Further, we don't send an automatic Content-Length if they
	1267  	// set a Transfer-Encoding, because they're generally incompatible.
	1268  	if w.handlerDone.isSet() && !trailers && !hasTE && bodyAllowedForStatus(w.status) && header.get("Content-Length") == "" && (!isHEAD || len(p) > 0) {
	1269  		w.contentLength = int64(len(p))
	1270  		setHeader.contentLength = strconv.AppendInt(cw.res.clenBuf[:0], int64(len(p)), 10)
	1271  	}
	1272  
	1273  	// If this was an HTTP/1.0 request with keep-alive and we sent a
	1274  	// Content-Length back, we can make this a keep-alive response ...
	1275  	if w.wants10KeepAlive && keepAlivesEnabled {
	1276  		sentLength := header.get("Content-Length") != ""
	1277  		if sentLength && header.get("Connection") == "keep-alive" {
	1278  			w.closeAfterReply = false
	1279  		}
	1280  	}
	1281  
	1282  	// Check for an explicit (and valid) Content-Length header.
	1283  	hasCL := w.contentLength != -1
	1284  
	1285  	if w.wants10KeepAlive && (isHEAD || hasCL || !bodyAllowedForStatus(w.status)) {
	1286  		_, connectionHeaderSet := header["Connection"]
	1287  		if !connectionHeaderSet {
	1288  			setHeader.connection = "keep-alive"
	1289  		}
	1290  	} else if !w.req.ProtoAtLeast(1, 1) || w.wantsClose {
	1291  		w.closeAfterReply = true
	1292  	}
	1293  
	1294  	if header.get("Connection") == "close" || !keepAlivesEnabled {
	1295  		w.closeAfterReply = true
	1296  	}
	1297  
	1298  	// If the client wanted a 100-continue but we never sent it to
	1299  	// them (or, more strictly: we never finished reading their
	1300  	// request body), don't reuse this connection because it's now
	1301  	// in an unknown state: we might be sending this response at
	1302  	// the same time the client is now sending its request body
	1303  	// after a timeout.	(Some HTTP clients send Expect:
	1304  	// 100-continue but knowing that some servers don't support
	1305  	// it, the clients set a timer and send the body later anyway)
	1306  	// If we haven't seen EOF, we can't skip over the unread body
	1307  	// because we don't know if the next bytes on the wire will be
	1308  	// the body-following-the-timer or the subsequent request.
	1309  	// See Issue 11549.
	1310  	if ecr, ok := w.req.Body.(*expectContinueReader); ok && !ecr.sawEOF.isSet() {
	1311  		w.closeAfterReply = true
	1312  	}
	1313  
	1314  	// Per RFC 2616, we should consume the request body before
	1315  	// replying, if the handler hasn't already done so. But we
	1316  	// don't want to do an unbounded amount of reading here for
	1317  	// DoS reasons, so we only try up to a threshold.
	1318  	// TODO(bradfitz): where does RFC 2616 say that? See Issue 15527
	1319  	// about HTTP/1.x Handlers concurrently reading and writing, like
	1320  	// HTTP/2 handlers can do. Maybe this code should be relaxed?
	1321  	if w.req.ContentLength != 0 && !w.closeAfterReply {
	1322  		var discard, tooBig bool
	1323  
	1324  		switch bdy := w.req.Body.(type) {
	1325  		case *expectContinueReader:
	1326  			if bdy.resp.wroteContinue {
	1327  				discard = true
	1328  			}
	1329  		case *body:
	1330  			bdy.mu.Lock()
	1331  			switch {
	1332  			case bdy.closed:
	1333  				if !bdy.sawEOF {
	1334  					// Body was closed in handler with non-EOF error.
	1335  					w.closeAfterReply = true
	1336  				}
	1337  			case bdy.unreadDataSizeLocked() >= maxPostHandlerReadBytes:
	1338  				tooBig = true
	1339  			default:
	1340  				discard = true
	1341  			}
	1342  			bdy.mu.Unlock()
	1343  		default:
	1344  			discard = true
	1345  		}
	1346  
	1347  		if discard {
	1348  			_, err := io.CopyN(io.Discard, w.reqBody, maxPostHandlerReadBytes+1)
	1349  			switch err {
	1350  			case nil:
	1351  				// There must be even more data left over.
	1352  				tooBig = true
	1353  			case ErrBodyReadAfterClose:
	1354  				// Body was already consumed and closed.
	1355  			case io.EOF:
	1356  				// The remaining body was just consumed, close it.
	1357  				err = w.reqBody.Close()
	1358  				if err != nil {
	1359  					w.closeAfterReply = true
	1360  				}
	1361  			default:
	1362  				// Some other kind of error occurred, like a read timeout, or
	1363  				// corrupt chunked encoding. In any case, whatever remains
	1364  				// on the wire must not be parsed as another HTTP request.
	1365  				w.closeAfterReply = true
	1366  			}
	1367  		}
	1368  
	1369  		if tooBig {
	1370  			w.requestTooLarge()
	1371  			delHeader("Connection")
	1372  			setHeader.connection = "close"
	1373  		}
	1374  	}
	1375  
	1376  	code := w.status
	1377  	if bodyAllowedForStatus(code) {
	1378  		// If no content type, apply sniffing algorithm to body.
	1379  		_, haveType := header["Content-Type"]
	1380  
	1381  		// If the Content-Encoding was set and is non-blank,
	1382  		// we shouldn't sniff the body. See Issue 31753.
	1383  		ce := header.Get("Content-Encoding")
	1384  		hasCE := len(ce) > 0
	1385  		if !hasCE && !haveType && !hasTE && len(p) > 0 {
	1386  			setHeader.contentType = DetectContentType(p)
	1387  		}
	1388  	} else {
	1389  		for _, k := range suppressedHeaders(code) {
	1390  			delHeader(k)
	1391  		}
	1392  	}
	1393  
	1394  	if !header.has("Date") {
	1395  		setHeader.date = appendTime(cw.res.dateBuf[:0], time.Now())
	1396  	}
	1397  
	1398  	if hasCL && hasTE && te != "identity" {
	1399  		// TODO: return an error if WriteHeader gets a return parameter
	1400  		// For now just ignore the Content-Length.
	1401  		w.conn.server.logf("http: WriteHeader called with both Transfer-Encoding of %q and a Content-Length of %d",
	1402  			te, w.contentLength)
	1403  		delHeader("Content-Length")
	1404  		hasCL = false
	1405  	}
	1406  
	1407  	if w.req.Method == "HEAD" || !bodyAllowedForStatus(code) || code == StatusNoContent {
	1408  		// Response has no body.
	1409  		delHeader("Transfer-Encoding")
	1410  	} else if hasCL {
	1411  		// Content-Length has been provided, so no chunking is to be done.
	1412  		delHeader("Transfer-Encoding")
	1413  	} else if w.req.ProtoAtLeast(1, 1) {
	1414  		// HTTP/1.1 or greater: Transfer-Encoding has been set to identity, and no
	1415  		// content-length has been provided. The connection must be closed after the
	1416  		// reply is written, and no chunking is to be done. This is the setup
	1417  		// recommended in the Server-Sent Events candidate recommendation 11,
	1418  		// section 8.
	1419  		if hasTE && te == "identity" {
	1420  			cw.chunking = false
	1421  			w.closeAfterReply = true
	1422  			delHeader("Transfer-Encoding")
	1423  		} else {
	1424  			// HTTP/1.1 or greater: use chunked transfer encoding
	1425  			// to avoid closing the connection at EOF.
	1426  			cw.chunking = true
	1427  			setHeader.transferEncoding = "chunked"
	1428  			if hasTE && te == "chunked" {
	1429  				// We will send the chunked Transfer-Encoding header later.
	1430  				delHeader("Transfer-Encoding")
	1431  			}
	1432  		}
	1433  	} else {
	1434  		// HTTP version < 1.1: cannot do chunked transfer
	1435  		// encoding and we don't know the Content-Length so
	1436  		// signal EOF by closing connection.
	1437  		w.closeAfterReply = true
	1438  		delHeader("Transfer-Encoding") // in case already set
	1439  	}
	1440  
	1441  	// Cannot use Content-Length with non-identity Transfer-Encoding.
	1442  	if cw.chunking {
	1443  		delHeader("Content-Length")
	1444  	}
	1445  	if !w.req.ProtoAtLeast(1, 0) {
	1446  		return
	1447  	}
	1448  
	1449  	// Only override the Connection header if it is not a successful
	1450  	// protocol switch response and if KeepAlives are not enabled.
	1451  	// See https://golang.org/issue/36381.
	1452  	delConnectionHeader := w.closeAfterReply &&
	1453  		(!keepAlivesEnabled || !hasToken(cw.header.get("Connection"), "close")) &&
	1454  		!isProtocolSwitchResponse(w.status, header)
	1455  	if delConnectionHeader {
	1456  		delHeader("Connection")
	1457  		if w.req.ProtoAtLeast(1, 1) {
	1458  			setHeader.connection = "close"
	1459  		}
	1460  	}
	1461  
	1462  	writeStatusLine(w.conn.bufw, w.req.ProtoAtLeast(1, 1), code, w.statusBuf[:])
	1463  	cw.header.WriteSubset(w.conn.bufw, excludeHeader)
	1464  	setHeader.Write(w.conn.bufw)
	1465  	w.conn.bufw.Write(crlf)
	1466  }
	1467  
	1468  // foreachHeaderElement splits v according to the "#rule" construction
	1469  // in RFC 7230 section 7 and calls fn for each non-empty element.
	1470  func foreachHeaderElement(v string, fn func(string)) {
	1471  	v = textproto.TrimString(v)
	1472  	if v == "" {
	1473  		return
	1474  	}
	1475  	if !strings.Contains(v, ",") {
	1476  		fn(v)
	1477  		return
	1478  	}
	1479  	for _, f := range strings.Split(v, ",") {
	1480  		if f = textproto.TrimString(f); f != "" {
	1481  			fn(f)
	1482  		}
	1483  	}
	1484  }
	1485  
	1486  // writeStatusLine writes an HTTP/1.x Status-Line (RFC 7230 Section 3.1.2)
	1487  // to bw. is11 is whether the HTTP request is HTTP/1.1. false means HTTP/1.0.
	1488  // code is the response status code.
	1489  // scratch is an optional scratch buffer. If it has at least capacity 3, it's used.
	1490  func writeStatusLine(bw *bufio.Writer, is11 bool, code int, scratch []byte) {
	1491  	if is11 {
	1492  		bw.WriteString("HTTP/1.1 ")
	1493  	} else {
	1494  		bw.WriteString("HTTP/1.0 ")
	1495  	}
	1496  	if text, ok := statusText[code]; ok {
	1497  		bw.Write(strconv.AppendInt(scratch[:0], int64(code), 10))
	1498  		bw.WriteByte(' ')
	1499  		bw.WriteString(text)
	1500  		bw.WriteString("\r\n")
	1501  	} else {
	1502  		// don't worry about performance
	1503  		fmt.Fprintf(bw, "%03d status code %d\r\n", code, code)
	1504  	}
	1505  }
	1506  
	1507  // bodyAllowed reports whether a Write is allowed for this response type.
	1508  // It's illegal to call this before the header has been flushed.
	1509  func (w *response) bodyAllowed() bool {
	1510  	if !w.wroteHeader {
	1511  		panic("")
	1512  	}
	1513  	return bodyAllowedForStatus(w.status)
	1514  }
	1515  
	1516  // The Life Of A Write is like this:
	1517  //
	1518  // Handler starts. No header has been sent. The handler can either
	1519  // write a header, or just start writing. Writing before sending a header
	1520  // sends an implicitly empty 200 OK header.
	1521  //
	1522  // If the handler didn't declare a Content-Length up front, we either
	1523  // go into chunking mode or, if the handler finishes running before
	1524  // the chunking buffer size, we compute a Content-Length and send that
	1525  // in the header instead.
	1526  //
	1527  // Likewise, if the handler didn't set a Content-Type, we sniff that
	1528  // from the initial chunk of output.
	1529  //
	1530  // The Writers are wired together like:
	1531  //
	1532  // 1. *response (the ResponseWriter) ->
	1533  // 2. (*response).w, a *bufio.Writer of bufferBeforeChunkingSize bytes ->
	1534  // 3. chunkWriter.Writer (whose writeHeader finalizes Content-Length/Type)
	1535  //		and which writes the chunk headers, if needed ->
	1536  // 4. conn.bufw, a *bufio.Writer of default (4kB) bytes, writing to ->
	1537  // 5. checkConnErrorWriter{c}, which notes any non-nil error on Write
	1538  //		and populates c.werr with it if so, but otherwise writes to ->
	1539  // 6. the rwc, the net.Conn.
	1540  //
	1541  // TODO(bradfitz): short-circuit some of the buffering when the
	1542  // initial header contains both a Content-Type and Content-Length.
	1543  // Also short-circuit in (1) when the header's been sent and not in
	1544  // chunking mode, writing directly to (4) instead, if (2) has no
	1545  // buffered data. More generally, we could short-circuit from (1) to
	1546  // (3) even in chunking mode if the write size from (1) is over some
	1547  // threshold and nothing is in (2).	The answer might be mostly making
	1548  // bufferBeforeChunkingSize smaller and having bufio's fast-paths deal
	1549  // with this instead.
	1550  func (w *response) Write(data []byte) (n int, err error) {
	1551  	return w.write(len(data), data, "")
	1552  }
	1553  
	1554  func (w *response) WriteString(data string) (n int, err error) {
	1555  	return w.write(len(data), nil, data)
	1556  }
	1557  
	1558  // either dataB or dataS is non-zero.
	1559  func (w *response) write(lenData int, dataB []byte, dataS string) (n int, err error) {
	1560  	if w.conn.hijacked() {
	1561  		if lenData > 0 {
	1562  			caller := relevantCaller()
	1563  			w.conn.server.logf("http: response.Write on hijacked connection from %s (%s:%d)", caller.Function, path.Base(caller.File), caller.Line)
	1564  		}
	1565  		return 0, ErrHijacked
	1566  	}
	1567  
	1568  	if w.canWriteContinue.isSet() {
	1569  		// Body reader wants to write 100 Continue but hasn't yet.
	1570  		// Tell it not to. The store must be done while holding the lock
	1571  		// because the lock makes sure that there is not an active write
	1572  		// this very moment.
	1573  		w.writeContinueMu.Lock()
	1574  		w.canWriteContinue.setFalse()
	1575  		w.writeContinueMu.Unlock()
	1576  	}
	1577  
	1578  	if !w.wroteHeader {
	1579  		w.WriteHeader(StatusOK)
	1580  	}
	1581  	if lenData == 0 {
	1582  		return 0, nil
	1583  	}
	1584  	if !w.bodyAllowed() {
	1585  		return 0, ErrBodyNotAllowed
	1586  	}
	1587  
	1588  	w.written += int64(lenData) // ignoring errors, for errorKludge
	1589  	if w.contentLength != -1 && w.written > w.contentLength {
	1590  		return 0, ErrContentLength
	1591  	}
	1592  	if dataB != nil {
	1593  		return w.w.Write(dataB)
	1594  	} else {
	1595  		return w.w.WriteString(dataS)
	1596  	}
	1597  }
	1598  
	1599  func (w *response) finishRequest() {
	1600  	w.handlerDone.setTrue()
	1601  
	1602  	if !w.wroteHeader {
	1603  		w.WriteHeader(StatusOK)
	1604  	}
	1605  
	1606  	w.w.Flush()
	1607  	putBufioWriter(w.w)
	1608  	w.cw.close()
	1609  	w.conn.bufw.Flush()
	1610  
	1611  	w.conn.r.abortPendingRead()
	1612  
	1613  	// Close the body (regardless of w.closeAfterReply) so we can
	1614  	// re-use its bufio.Reader later safely.
	1615  	w.reqBody.Close()
	1616  
	1617  	if w.req.MultipartForm != nil {
	1618  		w.req.MultipartForm.RemoveAll()
	1619  	}
	1620  }
	1621  
	1622  // shouldReuseConnection reports whether the underlying TCP connection can be reused.
	1623  // It must only be called after the handler is done executing.
	1624  func (w *response) shouldReuseConnection() bool {
	1625  	if w.closeAfterReply {
	1626  		// The request or something set while executing the
	1627  		// handler indicated we shouldn't reuse this
	1628  		// connection.
	1629  		return false
	1630  	}
	1631  
	1632  	if w.req.Method != "HEAD" && w.contentLength != -1 && w.bodyAllowed() && w.contentLength != w.written {
	1633  		// Did not write enough. Avoid getting out of sync.
	1634  		return false
	1635  	}
	1636  
	1637  	// There was some error writing to the underlying connection
	1638  	// during the request, so don't re-use this conn.
	1639  	if w.conn.werr != nil {
	1640  		return false
	1641  	}
	1642  
	1643  	if w.closedRequestBodyEarly() {
	1644  		return false
	1645  	}
	1646  
	1647  	return true
	1648  }
	1649  
	1650  func (w *response) closedRequestBodyEarly() bool {
	1651  	body, ok := w.req.Body.(*body)
	1652  	return ok && body.didEarlyClose()
	1653  }
	1654  
	1655  func (w *response) Flush() {
	1656  	if !w.wroteHeader {
	1657  		w.WriteHeader(StatusOK)
	1658  	}
	1659  	w.w.Flush()
	1660  	w.cw.flush()
	1661  }
	1662  
	1663  func (c *conn) finalFlush() {
	1664  	if c.bufr != nil {
	1665  		// Steal the bufio.Reader (~4KB worth of memory) and its associated
	1666  		// reader for a future connection.
	1667  		putBufioReader(c.bufr)
	1668  		c.bufr = nil
	1669  	}
	1670  
	1671  	if c.bufw != nil {
	1672  		c.bufw.Flush()
	1673  		// Steal the bufio.Writer (~4KB worth of memory) and its associated
	1674  		// writer for a future connection.
	1675  		putBufioWriter(c.bufw)
	1676  		c.bufw = nil
	1677  	}
	1678  }
	1679  
	1680  // Close the connection.
	1681  func (c *conn) close() {
	1682  	c.finalFlush()
	1683  	c.rwc.Close()
	1684  }
	1685  
	1686  // rstAvoidanceDelay is the amount of time we sleep after closing the
	1687  // write side of a TCP connection before closing the entire socket.
	1688  // By sleeping, we increase the chances that the client sees our FIN
	1689  // and processes its final data before they process the subsequent RST
	1690  // from closing a connection with known unread data.
	1691  // This RST seems to occur mostly on BSD systems. (And Windows?)
	1692  // This timeout is somewhat arbitrary (~latency around the planet).
	1693  const rstAvoidanceDelay = 500 * time.Millisecond
	1694  
	1695  type closeWriter interface {
	1696  	CloseWrite() error
	1697  }
	1698  
	1699  var _ closeWriter = (*net.TCPConn)(nil)
	1700  
	1701  // closeWrite flushes any outstanding data and sends a FIN packet (if
	1702  // client is connected via TCP), signalling that we're done. We then
	1703  // pause for a bit, hoping the client processes it before any
	1704  // subsequent RST.
	1705  //
	1706  // See https://golang.org/issue/3595
	1707  func (c *conn) closeWriteAndWait() {
	1708  	c.finalFlush()
	1709  	if tcp, ok := c.rwc.(closeWriter); ok {
	1710  		tcp.CloseWrite()
	1711  	}
	1712  	time.Sleep(rstAvoidanceDelay)
	1713  }
	1714  
	1715  // validNextProto reports whether the proto is a valid ALPN protocol name.
	1716  // Everything is valid except the empty string and built-in protocol types,
	1717  // so that those can't be overridden with alternate implementations.
	1718  func validNextProto(proto string) bool {
	1719  	switch proto {
	1720  	case "", "http/1.1", "http/1.0":
	1721  		return false
	1722  	}
	1723  	return true
	1724  }
	1725  
	1726  const (
	1727  	runHooks	= true
	1728  	skipHooks = false
	1729  )
	1730  
	1731  func (c *conn) setState(nc net.Conn, state ConnState, runHook bool) {
	1732  	srv := c.server
	1733  	switch state {
	1734  	case StateNew:
	1735  		srv.trackConn(c, true)
	1736  	case StateHijacked, StateClosed:
	1737  		srv.trackConn(c, false)
	1738  	}
	1739  	if state > 0xff || state < 0 {
	1740  		panic("internal error")
	1741  	}
	1742  	packedState := uint64(time.Now().Unix()<<8) | uint64(state)
	1743  	atomic.StoreUint64(&c.curState.atomic, packedState)
	1744  	if !runHook {
	1745  		return
	1746  	}
	1747  	if hook := srv.ConnState; hook != nil {
	1748  		hook(nc, state)
	1749  	}
	1750  }
	1751  
	1752  func (c *conn) getState() (state ConnState, unixSec int64) {
	1753  	packedState := atomic.LoadUint64(&c.curState.atomic)
	1754  	return ConnState(packedState & 0xff), int64(packedState >> 8)
	1755  }
	1756  
	1757  // badRequestError is a literal string (used by in the server in HTML,
	1758  // unescaped) to tell the user why their request was bad. It should
	1759  // be plain text without user info or other embedded errors.
	1760  func badRequestError(e string) error { return statusError{StatusBadRequest, e} }
	1761  
	1762  // statusError is an error used to respond to a request with an HTTP status.
	1763  // The text should be plain text without user info or other embedded errors.
	1764  type statusError struct {
	1765  	code int
	1766  	text string
	1767  }
	1768  
	1769  func (e statusError) Error() string { return StatusText(e.code) + ": " + e.text }
	1770  
	1771  // ErrAbortHandler is a sentinel panic value to abort a handler.
	1772  // While any panic from ServeHTTP aborts the response to the client,
	1773  // panicking with ErrAbortHandler also suppresses logging of a stack
	1774  // trace to the server's error log.
	1775  var ErrAbortHandler = errors.New("net/http: abort Handler")
	1776  
	1777  // isCommonNetReadError reports whether err is a common error
	1778  // encountered during reading a request off the network when the
	1779  // client has gone away or had its read fail somehow. This is used to
	1780  // determine which logs are interesting enough to log about.
	1781  func isCommonNetReadError(err error) bool {
	1782  	if err == io.EOF {
	1783  		return true
	1784  	}
	1785  	if neterr, ok := err.(net.Error); ok && neterr.Timeout() {
	1786  		return true
	1787  	}
	1788  	if oe, ok := err.(*net.OpError); ok && oe.Op == "read" {
	1789  		return true
	1790  	}
	1791  	return false
	1792  }
	1793  
	1794  // Serve a new connection.
	1795  func (c *conn) serve(ctx context.Context) {
	1796  	c.remoteAddr = c.rwc.RemoteAddr().String()
	1797  	ctx = context.WithValue(ctx, LocalAddrContextKey, c.rwc.LocalAddr())
	1798  	defer func() {
	1799  		if err := recover(); err != nil && err != ErrAbortHandler {
	1800  			const size = 64 << 10
	1801  			buf := make([]byte, size)
	1802  			buf = buf[:runtime.Stack(buf, false)]
	1803  			c.server.logf("http: panic serving %v: %v\n%s", c.remoteAddr, err, buf)
	1804  		}
	1805  		if !c.hijacked() {
	1806  			c.close()
	1807  			c.setState(c.rwc, StateClosed, runHooks)
	1808  		}
	1809  	}()
	1810  
	1811  	if tlsConn, ok := c.rwc.(*tls.Conn); ok {
	1812  		if d := c.server.ReadTimeout; d > 0 {
	1813  			c.rwc.SetReadDeadline(time.Now().Add(d))
	1814  		}
	1815  		if d := c.server.WriteTimeout; d > 0 {
	1816  			c.rwc.SetWriteDeadline(time.Now().Add(d))
	1817  		}
	1818  		if err := tlsConn.HandshakeContext(ctx); err != nil {
	1819  			// If the handshake failed due to the client not speaking
	1820  			// TLS, assume they're speaking plaintext HTTP and write a
	1821  			// 400 response on the TLS conn's underlying net.Conn.
	1822  			if re, ok := err.(tls.RecordHeaderError); ok && re.Conn != nil && tlsRecordHeaderLooksLikeHTTP(re.RecordHeader) {
	1823  				io.WriteString(re.Conn, "HTTP/1.0 400 Bad Request\r\n\r\nClient sent an HTTP request to an HTTPS server.\n")
	1824  				re.Conn.Close()
	1825  				return
	1826  			}
	1827  			c.server.logf("http: TLS handshake error from %s: %v", c.rwc.RemoteAddr(), err)
	1828  			return
	1829  		}
	1830  		c.tlsState = new(tls.ConnectionState)
	1831  		*c.tlsState = tlsConn.ConnectionState()
	1832  		if proto := c.tlsState.NegotiatedProtocol; validNextProto(proto) {
	1833  			if fn := c.server.TLSNextProto[proto]; fn != nil {
	1834  				h := initALPNRequest{ctx, tlsConn, serverHandler{c.server}}
	1835  				// Mark freshly created HTTP/2 as active and prevent any server state hooks
	1836  				// from being run on these connections. This prevents closeIdleConns from
	1837  				// closing such connections. See issue https://golang.org/issue/39776.
	1838  				c.setState(c.rwc, StateActive, skipHooks)
	1839  				fn(c.server, tlsConn, h)
	1840  			}
	1841  			return
	1842  		}
	1843  	}
	1844  
	1845  	// HTTP/1.x from here on.
	1846  
	1847  	ctx, cancelCtx := context.WithCancel(ctx)
	1848  	c.cancelCtx = cancelCtx
	1849  	defer cancelCtx()
	1850  
	1851  	c.r = &connReader{conn: c}
	1852  	c.bufr = newBufioReader(c.r)
	1853  	c.bufw = newBufioWriterSize(checkConnErrorWriter{c}, 4<<10)
	1854  
	1855  	for {
	1856  		w, err := c.readRequest(ctx)
	1857  		if c.r.remain != c.server.initialReadLimitSize() {
	1858  			// If we read any bytes off the wire, we're active.
	1859  			c.setState(c.rwc, StateActive, runHooks)
	1860  		}
	1861  		if err != nil {
	1862  			const errorHeaders = "\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n"
	1863  
	1864  			switch {
	1865  			case err == errTooLarge:
	1866  				// Their HTTP client may or may not be
	1867  				// able to read this if we're
	1868  				// responding to them and hanging up
	1869  				// while they're still writing their
	1870  				// request. Undefined behavior.
	1871  				const publicErr = "431 Request Header Fields Too Large"
	1872  				fmt.Fprintf(c.rwc, "HTTP/1.1 "+publicErr+errorHeaders+publicErr)
	1873  				c.closeWriteAndWait()
	1874  				return
	1875  
	1876  			case isUnsupportedTEError(err):
	1877  				// Respond as per RFC 7230 Section 3.3.1 which says,
	1878  				//			A server that receives a request message with a
	1879  				//			transfer coding it does not understand SHOULD
	1880  				//			respond with 501 (Unimplemented).
	1881  				code := StatusNotImplemented
	1882  
	1883  				// We purposefully aren't echoing back the transfer-encoding's value,
	1884  				// so as to mitigate the risk of cross side scripting by an attacker.
	1885  				fmt.Fprintf(c.rwc, "HTTP/1.1 %d %s%sUnsupported transfer encoding", code, StatusText(code), errorHeaders)
	1886  				return
	1887  
	1888  			case isCommonNetReadError(err):
	1889  				return // don't reply
	1890  
	1891  			default:
	1892  				if v, ok := err.(statusError); ok {
	1893  					fmt.Fprintf(c.rwc, "HTTP/1.1 %d %s: %s%s%d %s: %s", v.code, StatusText(v.code), v.text, errorHeaders, v.code, StatusText(v.code), v.text)
	1894  					return
	1895  				}
	1896  				publicErr := "400 Bad Request"
	1897  				fmt.Fprintf(c.rwc, "HTTP/1.1 "+publicErr+errorHeaders+publicErr)
	1898  				return
	1899  			}
	1900  		}
	1901  
	1902  		// Expect 100 Continue support
	1903  		req := w.req
	1904  		if req.expectsContinue() {
	1905  			if req.ProtoAtLeast(1, 1) && req.ContentLength != 0 {
	1906  				// Wrap the Body reader with one that replies on the connection
	1907  				req.Body = &expectContinueReader{readCloser: req.Body, resp: w}
	1908  				w.canWriteContinue.setTrue()
	1909  			}
	1910  		} else if req.Header.get("Expect") != "" {
	1911  			w.sendExpectationFailed()
	1912  			return
	1913  		}
	1914  
	1915  		c.curReq.Store(w)
	1916  
	1917  		if requestBodyRemains(req.Body) {
	1918  			registerOnHitEOF(req.Body, w.conn.r.startBackgroundRead)
	1919  		} else {
	1920  			w.conn.r.startBackgroundRead()
	1921  		}
	1922  
	1923  		// HTTP cannot have multiple simultaneous active requests.[*]
	1924  		// Until the server replies to this request, it can't read another,
	1925  		// so we might as well run the handler in this goroutine.
	1926  		// [*] Not strictly true: HTTP pipelining. We could let them all process
	1927  		// in parallel even if their responses need to be serialized.
	1928  		// But we're not going to implement HTTP pipelining because it
	1929  		// was never deployed in the wild and the answer is HTTP/2.
	1930  		serverHandler{c.server}.ServeHTTP(w, w.req)
	1931  		w.cancelCtx()
	1932  		if c.hijacked() {
	1933  			return
	1934  		}
	1935  		w.finishRequest()
	1936  		if !w.shouldReuseConnection() {
	1937  			if w.requestBodyLimitHit || w.closedRequestBodyEarly() {
	1938  				c.closeWriteAndWait()
	1939  			}
	1940  			return
	1941  		}
	1942  		c.setState(c.rwc, StateIdle, runHooks)
	1943  		c.curReq.Store((*response)(nil))
	1944  
	1945  		if !w.conn.server.doKeepAlives() {
	1946  			// We're in shutdown mode. We might've replied
	1947  			// to the user without "Connection: close" and
	1948  			// they might think they can send another
	1949  			// request, but such is life with HTTP/1.1.
	1950  			return
	1951  		}
	1952  
	1953  		if d := c.server.idleTimeout(); d != 0 {
	1954  			c.rwc.SetReadDeadline(time.Now().Add(d))
	1955  			if _, err := c.bufr.Peek(4); err != nil {
	1956  				return
	1957  			}
	1958  		}
	1959  		c.rwc.SetReadDeadline(time.Time{})
	1960  	}
	1961  }
	1962  
	1963  func (w *response) sendExpectationFailed() {
	1964  	// TODO(bradfitz): let ServeHTTP handlers handle
	1965  	// requests with non-standard expectation[s]? Seems
	1966  	// theoretical at best, and doesn't fit into the
	1967  	// current ServeHTTP model anyway. We'd need to
	1968  	// make the ResponseWriter an optional
	1969  	// "ExpectReplier" interface or something.
	1970  	//
	1971  	// For now we'll just obey RFC 7231 5.1.1 which says
	1972  	// "A server that receives an Expect field-value other
	1973  	// than 100-continue MAY respond with a 417 (Expectation
	1974  	// Failed) status code to indicate that the unexpected
	1975  	// expectation cannot be met."
	1976  	w.Header().Set("Connection", "close")
	1977  	w.WriteHeader(StatusExpectationFailed)
	1978  	w.finishRequest()
	1979  }
	1980  
	1981  // Hijack implements the Hijacker.Hijack method. Our response is both a ResponseWriter
	1982  // and a Hijacker.
	1983  func (w *response) Hijack() (rwc net.Conn, buf *bufio.ReadWriter, err error) {
	1984  	if w.handlerDone.isSet() {
	1985  		panic("net/http: Hijack called after ServeHTTP finished")
	1986  	}
	1987  	if w.wroteHeader {
	1988  		w.cw.flush()
	1989  	}
	1990  
	1991  	c := w.conn
	1992  	c.mu.Lock()
	1993  	defer c.mu.Unlock()
	1994  
	1995  	// Release the bufioWriter that writes to the chunk writer, it is not
	1996  	// used after a connection has been hijacked.
	1997  	rwc, buf, err = c.hijackLocked()
	1998  	if err == nil {
	1999  		putBufioWriter(w.w)
	2000  		w.w = nil
	2001  	}
	2002  	return rwc, buf, err
	2003  }
	2004  
	2005  func (w *response) CloseNotify() <-chan bool {
	2006  	if w.handlerDone.isSet() {
	2007  		panic("net/http: CloseNotify called after ServeHTTP finished")
	2008  	}
	2009  	return w.closeNotifyCh
	2010  }
	2011  
	2012  func registerOnHitEOF(rc io.ReadCloser, fn func()) {
	2013  	switch v := rc.(type) {
	2014  	case *expectContinueReader:
	2015  		registerOnHitEOF(v.readCloser, fn)
	2016  	case *body:
	2017  		v.registerOnHitEOF(fn)
	2018  	default:
	2019  		panic("unexpected type " + fmt.Sprintf("%T", rc))
	2020  	}
	2021  }
	2022  
	2023  // requestBodyRemains reports whether future calls to Read
	2024  // on rc might yield more data.
	2025  func requestBodyRemains(rc io.ReadCloser) bool {
	2026  	if rc == NoBody {
	2027  		return false
	2028  	}
	2029  	switch v := rc.(type) {
	2030  	case *expectContinueReader:
	2031  		return requestBodyRemains(v.readCloser)
	2032  	case *body:
	2033  		return v.bodyRemains()
	2034  	default:
	2035  		panic("unexpected type " + fmt.Sprintf("%T", rc))
	2036  	}
	2037  }
	2038  
	2039  // The HandlerFunc type is an adapter to allow the use of
	2040  // ordinary functions as HTTP handlers. If f is a function
	2041  // with the appropriate signature, HandlerFunc(f) is a
	2042  // Handler that calls f.
	2043  type HandlerFunc func(ResponseWriter, *Request)
	2044  
	2045  // ServeHTTP calls f(w, r).
	2046  func (f HandlerFunc) ServeHTTP(w ResponseWriter, r *Request) {
	2047  	f(w, r)
	2048  }
	2049  
	2050  // Helper handlers
	2051  
	2052  // Error replies to the request with the specified error message and HTTP code.
	2053  // It does not otherwise end the request; the caller should ensure no further
	2054  // writes are done to w.
	2055  // The error message should be plain text.
	2056  func Error(w ResponseWriter, error string, code int) {
	2057  	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
	2058  	w.Header().Set("X-Content-Type-Options", "nosniff")
	2059  	w.WriteHeader(code)
	2060  	fmt.Fprintln(w, error)
	2061  }
	2062  
	2063  // NotFound replies to the request with an HTTP 404 not found error.
	2064  func NotFound(w ResponseWriter, r *Request) { Error(w, "404 page not found", StatusNotFound) }
	2065  
	2066  // NotFoundHandler returns a simple request handler
	2067  // that replies to each request with a ``404 page not found'' reply.
	2068  func NotFoundHandler() Handler { return HandlerFunc(NotFound) }
	2069  
	2070  // StripPrefix returns a handler that serves HTTP requests by removing the
	2071  // given prefix from the request URL's Path (and RawPath if set) and invoking
	2072  // the handler h. StripPrefix handles a request for a path that doesn't begin
	2073  // with prefix by replying with an HTTP 404 not found error. The prefix must
	2074  // match exactly: if the prefix in the request contains escaped characters
	2075  // the reply is also an HTTP 404 not found error.
	2076  func StripPrefix(prefix string, h Handler) Handler {
	2077  	if prefix == "" {
	2078  		return h
	2079  	}
	2080  	return HandlerFunc(func(w ResponseWriter, r *Request) {
	2081  		p := strings.TrimPrefix(r.URL.Path, prefix)
	2082  		rp := strings.TrimPrefix(r.URL.RawPath, prefix)
	2083  		if len(p) < len(r.URL.Path) && (r.URL.RawPath == "" || len(rp) < len(r.URL.RawPath)) {
	2084  			r2 := new(Request)
	2085  			*r2 = *r
	2086  			r2.URL = new(url.URL)
	2087  			*r2.URL = *r.URL
	2088  			r2.URL.Path = p
	2089  			r2.URL.RawPath = rp
	2090  			h.ServeHTTP(w, r2)
	2091  		} else {
	2092  			NotFound(w, r)
	2093  		}
	2094  	})
	2095  }
	2096  
	2097  // Redirect replies to the request with a redirect to url,
	2098  // which may be a path relative to the request path.
	2099  //
	2100  // The provided code should be in the 3xx range and is usually
	2101  // StatusMovedPermanently, StatusFound or StatusSeeOther.
	2102  //
	2103  // If the Content-Type header has not been set, Redirect sets it
	2104  // to "text/html; charset=utf-8" and writes a small HTML body.
	2105  // Setting the Content-Type header to any value, including nil,
	2106  // disables that behavior.
	2107  func Redirect(w ResponseWriter, r *Request, url string, code int) {
	2108  	if u, err := urlpkg.Parse(url); err == nil {
	2109  		// If url was relative, make its path absolute by
	2110  		// combining with request path.
	2111  		// The client would probably do this for us,
	2112  		// but doing it ourselves is more reliable.
	2113  		// See RFC 7231, section 7.1.2
	2114  		if u.Scheme == "" && u.Host == "" {
	2115  			oldpath := r.URL.Path
	2116  			if oldpath == "" { // should not happen, but avoid a crash if it does
	2117  				oldpath = "/"
	2118  			}
	2119  
	2120  			// no leading http://server
	2121  			if url == "" || url[0] != '/' {
	2122  				// make relative path absolute
	2123  				olddir, _ := path.Split(oldpath)
	2124  				url = olddir + url
	2125  			}
	2126  
	2127  			var query string
	2128  			if i := strings.Index(url, "?"); i != -1 {
	2129  				url, query = url[:i], url[i:]
	2130  			}
	2131  
	2132  			// clean up but preserve trailing slash
	2133  			trailing := strings.HasSuffix(url, "/")
	2134  			url = path.Clean(url)
	2135  			if trailing && !strings.HasSuffix(url, "/") {
	2136  				url += "/"
	2137  			}
	2138  			url += query
	2139  		}
	2140  	}
	2141  
	2142  	h := w.Header()
	2143  
	2144  	// RFC 7231 notes that a short HTML body is usually included in
	2145  	// the response because older user agents may not understand 301/307.
	2146  	// Do it only if the request didn't already have a Content-Type header.
	2147  	_, hadCT := h["Content-Type"]
	2148  
	2149  	h.Set("Location", hexEscapeNonASCII(url))
	2150  	if !hadCT && (r.Method == "GET" || r.Method == "HEAD") {
	2151  		h.Set("Content-Type", "text/html; charset=utf-8")
	2152  	}
	2153  	w.WriteHeader(code)
	2154  
	2155  	// Shouldn't send the body for POST or HEAD; that leaves GET.
	2156  	if !hadCT && r.Method == "GET" {
	2157  		body := "<a href=\"" + htmlEscape(url) + "\">" + statusText[code] + "</a>.\n"
	2158  		fmt.Fprintln(w, body)
	2159  	}
	2160  }
	2161  
	2162  var htmlReplacer = strings.NewReplacer(
	2163  	"&", "&amp;",
	2164  	"<", "&lt;",
	2165  	">", "&gt;",
	2166  	// "&#34;" is shorter than "&quot;".
	2167  	`"`, "&#34;",
	2168  	// "&#39;" is shorter than "&apos;" and apos was not in HTML until HTML5.
	2169  	"'", "&#39;",
	2170  )
	2171  
	2172  func htmlEscape(s string) string {
	2173  	return htmlReplacer.Replace(s)
	2174  }
	2175  
	2176  // Redirect to a fixed URL
	2177  type redirectHandler struct {
	2178  	url	string
	2179  	code int
	2180  }
	2181  
	2182  func (rh *redirectHandler) ServeHTTP(w ResponseWriter, r *Request) {
	2183  	Redirect(w, r, rh.url, rh.code)
	2184  }
	2185  
	2186  // RedirectHandler returns a request handler that redirects
	2187  // each request it receives to the given url using the given
	2188  // status code.
	2189  //
	2190  // The provided code should be in the 3xx range and is usually
	2191  // StatusMovedPermanently, StatusFound or StatusSeeOther.
	2192  func RedirectHandler(url string, code int) Handler {
	2193  	return &redirectHandler{url, code}
	2194  }
	2195  
	2196  // ServeMux is an HTTP request multiplexer.
	2197  // It matches the URL of each incoming request against a list of registered
	2198  // patterns and calls the handler for the pattern that
	2199  // most closely matches the URL.
	2200  //
	2201  // Patterns name fixed, rooted paths, like "/favicon.ico",
	2202  // or rooted subtrees, like "/images/" (note the trailing slash).
	2203  // Longer patterns take precedence over shorter ones, so that
	2204  // if there are handlers registered for both "/images/"
	2205  // and "/images/thumbnails/", the latter handler will be
	2206  // called for paths beginning "/images/thumbnails/" and the
	2207  // former will receive requests for any other paths in the
	2208  // "/images/" subtree.
	2209  //
	2210  // Note that since a pattern ending in a slash names a rooted subtree,
	2211  // the pattern "/" matches all paths not matched by other registered
	2212  // patterns, not just the URL with Path == "/".
	2213  //
	2214  // If a subtree has been registered and a request is received naming the
	2215  // subtree root without its trailing slash, ServeMux redirects that
	2216  // request to the subtree root (adding the trailing slash). This behavior can
	2217  // be overridden with a separate registration for the path without
	2218  // the trailing slash. For example, registering "/images/" causes ServeMux
	2219  // to redirect a request for "/images" to "/images/", unless "/images" has
	2220  // been registered separately.
	2221  //
	2222  // Patterns may optionally begin with a host name, restricting matches to
	2223  // URLs on that host only. Host-specific patterns take precedence over
	2224  // general patterns, so that a handler might register for the two patterns
	2225  // "/codesearch" and "codesearch.google.com/" without also taking over
	2226  // requests for "http://www.google.com/".
	2227  //
	2228  // ServeMux also takes care of sanitizing the URL request path and the Host
	2229  // header, stripping the port number and redirecting any request containing . or
	2230  // .. elements or repeated slashes to an equivalent, cleaner URL.
	2231  type ServeMux struct {
	2232  	mu		sync.RWMutex
	2233  	m		 map[string]muxEntry
	2234  	es		[]muxEntry // slice of entries sorted from longest to shortest.
	2235  	hosts bool			 // whether any patterns contain hostnames
	2236  }
	2237  
	2238  type muxEntry struct {
	2239  	h			 Handler
	2240  	pattern string
	2241  }
	2242  
	2243  // NewServeMux allocates and returns a new ServeMux.
	2244  func NewServeMux() *ServeMux { return new(ServeMux) }
	2245  
	2246  // DefaultServeMux is the default ServeMux used by Serve.
	2247  var DefaultServeMux = &defaultServeMux
	2248  
	2249  var defaultServeMux ServeMux
	2250  
	2251  // cleanPath returns the canonical path for p, eliminating . and .. elements.
	2252  func cleanPath(p string) string {
	2253  	if p == "" {
	2254  		return "/"
	2255  	}
	2256  	if p[0] != '/' {
	2257  		p = "/" + p
	2258  	}
	2259  	np := path.Clean(p)
	2260  	// path.Clean removes trailing slash except for root;
	2261  	// put the trailing slash back if necessary.
	2262  	if p[len(p)-1] == '/' && np != "/" {
	2263  		// Fast path for common case of p being the string we want:
	2264  		if len(p) == len(np)+1 && strings.HasPrefix(p, np) {
	2265  			np = p
	2266  		} else {
	2267  			np += "/"
	2268  		}
	2269  	}
	2270  	return np
	2271  }
	2272  
	2273  // stripHostPort returns h without any trailing ":<port>".
	2274  func stripHostPort(h string) string {
	2275  	// If no port on host, return unchanged
	2276  	if strings.IndexByte(h, ':') == -1 {
	2277  		return h
	2278  	}
	2279  	host, _, err := net.SplitHostPort(h)
	2280  	if err != nil {
	2281  		return h // on error, return unchanged
	2282  	}
	2283  	return host
	2284  }
	2285  
	2286  // Find a handler on a handler map given a path string.
	2287  // Most-specific (longest) pattern wins.
	2288  func (mux *ServeMux) match(path string) (h Handler, pattern string) {
	2289  	// Check for exact match first.
	2290  	v, ok := mux.m[path]
	2291  	if ok {
	2292  		return v.h, v.pattern
	2293  	}
	2294  
	2295  	// Check for longest valid match.	mux.es contains all patterns
	2296  	// that end in / sorted from longest to shortest.
	2297  	for _, e := range mux.es {
	2298  		if strings.HasPrefix(path, e.pattern) {
	2299  			return e.h, e.pattern
	2300  		}
	2301  	}
	2302  	return nil, ""
	2303  }
	2304  
	2305  // redirectToPathSlash determines if the given path needs appending "/" to it.
	2306  // This occurs when a handler for path + "/" was already registered, but
	2307  // not for path itself. If the path needs appending to, it creates a new
	2308  // URL, setting the path to u.Path + "/" and returning true to indicate so.
	2309  func (mux *ServeMux) redirectToPathSlash(host, path string, u *url.URL) (*url.URL, bool) {
	2310  	mux.mu.RLock()
	2311  	shouldRedirect := mux.shouldRedirectRLocked(host, path)
	2312  	mux.mu.RUnlock()
	2313  	if !shouldRedirect {
	2314  		return u, false
	2315  	}
	2316  	path = path + "/"
	2317  	u = &url.URL{Path: path, RawQuery: u.RawQuery}
	2318  	return u, true
	2319  }
	2320  
	2321  // shouldRedirectRLocked reports whether the given path and host should be redirected to
	2322  // path+"/". This should happen if a handler is registered for path+"/" but
	2323  // not path -- see comments at ServeMux.
	2324  func (mux *ServeMux) shouldRedirectRLocked(host, path string) bool {
	2325  	p := []string{path, host + path}
	2326  
	2327  	for _, c := range p {
	2328  		if _, exist := mux.m[c]; exist {
	2329  			return false
	2330  		}
	2331  	}
	2332  
	2333  	n := len(path)
	2334  	if n == 0 {
	2335  		return false
	2336  	}
	2337  	for _, c := range p {
	2338  		if _, exist := mux.m[c+"/"]; exist {
	2339  			return path[n-1] != '/'
	2340  		}
	2341  	}
	2342  
	2343  	return false
	2344  }
	2345  
	2346  // Handler returns the handler to use for the given request,
	2347  // consulting r.Method, r.Host, and r.URL.Path. It always returns
	2348  // a non-nil handler. If the path is not in its canonical form, the
	2349  // handler will be an internally-generated handler that redirects
	2350  // to the canonical path. If the host contains a port, it is ignored
	2351  // when matching handlers.
	2352  //
	2353  // The path and host are used unchanged for CONNECT requests.
	2354  //
	2355  // Handler also returns the registered pattern that matches the
	2356  // request or, in the case of internally-generated redirects,
	2357  // the pattern that will match after following the redirect.
	2358  //
	2359  // If there is no registered handler that applies to the request,
	2360  // Handler returns a ``page not found'' handler and an empty pattern.
	2361  func (mux *ServeMux) Handler(r *Request) (h Handler, pattern string) {
	2362  
	2363  	// CONNECT requests are not canonicalized.
	2364  	if r.Method == "CONNECT" {
	2365  		// If r.URL.Path is /tree and its handler is not registered,
	2366  		// the /tree -> /tree/ redirect applies to CONNECT requests
	2367  		// but the path canonicalization does not.
	2368  		if u, ok := mux.redirectToPathSlash(r.URL.Host, r.URL.Path, r.URL); ok {
	2369  			return RedirectHandler(u.String(), StatusMovedPermanently), u.Path
	2370  		}
	2371  
	2372  		return mux.handler(r.Host, r.URL.Path)
	2373  	}
	2374  
	2375  	// All other requests have any port stripped and path cleaned
	2376  	// before passing to mux.handler.
	2377  	host := stripHostPort(r.Host)
	2378  	path := cleanPath(r.URL.Path)
	2379  
	2380  	// If the given path is /tree and its handler is not registered,
	2381  	// redirect for /tree/.
	2382  	if u, ok := mux.redirectToPathSlash(host, path, r.URL); ok {
	2383  		return RedirectHandler(u.String(), StatusMovedPermanently), u.Path
	2384  	}
	2385  
	2386  	if path != r.URL.Path {
	2387  		_, pattern = mux.handler(host, path)
	2388  		u := &url.URL{Path: path, RawQuery: r.URL.RawQuery}
	2389  		return RedirectHandler(u.String(), StatusMovedPermanently), pattern
	2390  	}
	2391  
	2392  	return mux.handler(host, r.URL.Path)
	2393  }
	2394  
	2395  // handler is the main implementation of Handler.
	2396  // The path is known to be in canonical form, except for CONNECT methods.
	2397  func (mux *ServeMux) handler(host, path string) (h Handler, pattern string) {
	2398  	mux.mu.RLock()
	2399  	defer mux.mu.RUnlock()
	2400  
	2401  	// Host-specific pattern takes precedence over generic ones
	2402  	if mux.hosts {
	2403  		h, pattern = mux.match(host + path)
	2404  	}
	2405  	if h == nil {
	2406  		h, pattern = mux.match(path)
	2407  	}
	2408  	if h == nil {
	2409  		h, pattern = NotFoundHandler(), ""
	2410  	}
	2411  	return
	2412  }
	2413  
	2414  // ServeHTTP dispatches the request to the handler whose
	2415  // pattern most closely matches the request URL.
	2416  func (mux *ServeMux) ServeHTTP(w ResponseWriter, r *Request) {
	2417  	if r.RequestURI == "*" {
	2418  		if r.ProtoAtLeast(1, 1) {
	2419  			w.Header().Set("Connection", "close")
	2420  		}
	2421  		w.WriteHeader(StatusBadRequest)
	2422  		return
	2423  	}
	2424  	h, _ := mux.Handler(r)
	2425  	h.ServeHTTP(w, r)
	2426  }
	2427  
	2428  // Handle registers the handler for the given pattern.
	2429  // If a handler already exists for pattern, Handle panics.
	2430  func (mux *ServeMux) Handle(pattern string, handler Handler) {
	2431  	mux.mu.Lock()
	2432  	defer mux.mu.Unlock()
	2433  
	2434  	if pattern == "" {
	2435  		panic("http: invalid pattern")
	2436  	}
	2437  	if handler == nil {
	2438  		panic("http: nil handler")
	2439  	}
	2440  	if _, exist := mux.m[pattern]; exist {
	2441  		panic("http: multiple registrations for " + pattern)
	2442  	}
	2443  
	2444  	if mux.m == nil {
	2445  		mux.m = make(map[string]muxEntry)
	2446  	}
	2447  	e := muxEntry{h: handler, pattern: pattern}
	2448  	mux.m[pattern] = e
	2449  	if pattern[len(pattern)-1] == '/' {
	2450  		mux.es = appendSorted(mux.es, e)
	2451  	}
	2452  
	2453  	if pattern[0] != '/' {
	2454  		mux.hosts = true
	2455  	}
	2456  }
	2457  
	2458  func appendSorted(es []muxEntry, e muxEntry) []muxEntry {
	2459  	n := len(es)
	2460  	i := sort.Search(n, func(i int) bool {
	2461  		return len(es[i].pattern) < len(e.pattern)
	2462  	})
	2463  	if i == n {
	2464  		return append(es, e)
	2465  	}
	2466  	// we now know that i points at where we want to insert
	2467  	es = append(es, muxEntry{}) // try to grow the slice in place, any entry works.
	2468  	copy(es[i+1:], es[i:])			// Move shorter entries down
	2469  	es[i] = e
	2470  	return es
	2471  }
	2472  
	2473  // HandleFunc registers the handler function for the given pattern.
	2474  func (mux *ServeMux) HandleFunc(pattern string, handler func(ResponseWriter, *Request)) {
	2475  	if handler == nil {
	2476  		panic("http: nil handler")
	2477  	}
	2478  	mux.Handle(pattern, HandlerFunc(handler))
	2479  }
	2480  
	2481  // Handle registers the handler for the given pattern
	2482  // in the DefaultServeMux.
	2483  // The documentation for ServeMux explains how patterns are matched.
	2484  func Handle(pattern string, handler Handler) { DefaultServeMux.Handle(pattern, handler) }
	2485  
	2486  // HandleFunc registers the handler function for the given pattern
	2487  // in the DefaultServeMux.
	2488  // The documentation for ServeMux explains how patterns are matched.
	2489  func HandleFunc(pattern string, handler func(ResponseWriter, *Request)) {
	2490  	DefaultServeMux.HandleFunc(pattern, handler)
	2491  }
	2492  
	2493  // Serve accepts incoming HTTP connections on the listener l,
	2494  // creating a new service goroutine for each. The service goroutines
	2495  // read requests and then call handler to reply to them.
	2496  //
	2497  // The handler is typically nil, in which case the DefaultServeMux is used.
	2498  //
	2499  // HTTP/2 support is only enabled if the Listener returns *tls.Conn
	2500  // connections and they were configured with "h2" in the TLS
	2501  // Config.NextProtos.
	2502  //
	2503  // Serve always returns a non-nil error.
	2504  func Serve(l net.Listener, handler Handler) error {
	2505  	srv := &Server{Handler: handler}
	2506  	return srv.Serve(l)
	2507  }
	2508  
	2509  // ServeTLS accepts incoming HTTPS connections on the listener l,
	2510  // creating a new service goroutine for each. The service goroutines
	2511  // read requests and then call handler to reply to them.
	2512  //
	2513  // The handler is typically nil, in which case the DefaultServeMux is used.
	2514  //
	2515  // Additionally, files containing a certificate and matching private key
	2516  // for the server must be provided. If the certificate is signed by a
	2517  // certificate authority, the certFile should be the concatenation
	2518  // of the server's certificate, any intermediates, and the CA's certificate.
	2519  //
	2520  // ServeTLS always returns a non-nil error.
	2521  func ServeTLS(l net.Listener, handler Handler, certFile, keyFile string) error {
	2522  	srv := &Server{Handler: handler}
	2523  	return srv.ServeTLS(l, certFile, keyFile)
	2524  }
	2525  
	2526  // A Server defines parameters for running an HTTP server.
	2527  // The zero value for Server is a valid configuration.
	2528  type Server struct {
	2529  	// Addr optionally specifies the TCP address for the server to listen on,
	2530  	// in the form "host:port". If empty, ":http" (port 80) is used.
	2531  	// The service names are defined in RFC 6335 and assigned by IANA.
	2532  	// See net.Dial for details of the address format.
	2533  	Addr string
	2534  
	2535  	Handler Handler // handler to invoke, http.DefaultServeMux if nil
	2536  
	2537  	// TLSConfig optionally provides a TLS configuration for use
	2538  	// by ServeTLS and ListenAndServeTLS. Note that this value is
	2539  	// cloned by ServeTLS and ListenAndServeTLS, so it's not
	2540  	// possible to modify the configuration with methods like
	2541  	// tls.Config.SetSessionTicketKeys. To use
	2542  	// SetSessionTicketKeys, use Server.Serve with a TLS Listener
	2543  	// instead.
	2544  	TLSConfig *tls.Config
	2545  
	2546  	// ReadTimeout is the maximum duration for reading the entire
	2547  	// request, including the body. A zero or negative value means
	2548  	// there will be no timeout.
	2549  	//
	2550  	// Because ReadTimeout does not let Handlers make per-request
	2551  	// decisions on each request body's acceptable deadline or
	2552  	// upload rate, most users will prefer to use
	2553  	// ReadHeaderTimeout. It is valid to use them both.
	2554  	ReadTimeout time.Duration
	2555  
	2556  	// ReadHeaderTimeout is the amount of time allowed to read
	2557  	// request headers. The connection's read deadline is reset
	2558  	// after reading the headers and the Handler can decide what
	2559  	// is considered too slow for the body. If ReadHeaderTimeout
	2560  	// is zero, the value of ReadTimeout is used. If both are
	2561  	// zero, there is no timeout.
	2562  	ReadHeaderTimeout time.Duration
	2563  
	2564  	// WriteTimeout is the maximum duration before timing out
	2565  	// writes of the response. It is reset whenever a new
	2566  	// request's header is read. Like ReadTimeout, it does not
	2567  	// let Handlers make decisions on a per-request basis.
	2568  	// A zero or negative value means there will be no timeout.
	2569  	WriteTimeout time.Duration
	2570  
	2571  	// IdleTimeout is the maximum amount of time to wait for the
	2572  	// next request when keep-alives are enabled. If IdleTimeout
	2573  	// is zero, the value of ReadTimeout is used. If both are
	2574  	// zero, there is no timeout.
	2575  	IdleTimeout time.Duration
	2576  
	2577  	// MaxHeaderBytes controls the maximum number of bytes the
	2578  	// server will read parsing the request header's keys and
	2579  	// values, including the request line. It does not limit the
	2580  	// size of the request body.
	2581  	// If zero, DefaultMaxHeaderBytes is used.
	2582  	MaxHeaderBytes int
	2583  
	2584  	// TLSNextProto optionally specifies a function to take over
	2585  	// ownership of the provided TLS connection when an ALPN
	2586  	// protocol upgrade has occurred. The map key is the protocol
	2587  	// name negotiated. The Handler argument should be used to
	2588  	// handle HTTP requests and will initialize the Request's TLS
	2589  	// and RemoteAddr if not already set. The connection is
	2590  	// automatically closed when the function returns.
	2591  	// If TLSNextProto is not nil, HTTP/2 support is not enabled
	2592  	// automatically.
	2593  	TLSNextProto map[string]func(*Server, *tls.Conn, Handler)
	2594  
	2595  	// ConnState specifies an optional callback function that is
	2596  	// called when a client connection changes state. See the
	2597  	// ConnState type and associated constants for details.
	2598  	ConnState func(net.Conn, ConnState)
	2599  
	2600  	// ErrorLog specifies an optional logger for errors accepting
	2601  	// connections, unexpected behavior from handlers, and
	2602  	// underlying FileSystem errors.
	2603  	// If nil, logging is done via the log package's standard logger.
	2604  	ErrorLog *log.Logger
	2605  
	2606  	// BaseContext optionally specifies a function that returns
	2607  	// the base context for incoming requests on this server.
	2608  	// The provided Listener is the specific Listener that's
	2609  	// about to start accepting requests.
	2610  	// If BaseContext is nil, the default is context.Background().
	2611  	// If non-nil, it must return a non-nil context.
	2612  	BaseContext func(net.Listener) context.Context
	2613  
	2614  	// ConnContext optionally specifies a function that modifies
	2615  	// the context used for a new connection c. The provided ctx
	2616  	// is derived from the base context and has a ServerContextKey
	2617  	// value.
	2618  	ConnContext func(ctx context.Context, c net.Conn) context.Context
	2619  
	2620  	inShutdown atomicBool // true when server is in shutdown
	2621  
	2622  	disableKeepAlives int32		 // accessed atomically.
	2623  	nextProtoOnce		 sync.Once // guards setupHTTP2_* init
	2624  	nextProtoErr			error		 // result of http2.ConfigureServer if used
	2625  
	2626  	mu				 sync.Mutex
	2627  	listeners	map[*net.Listener]struct{}
	2628  	activeConn map[*conn]struct{}
	2629  	doneChan	 chan struct{}
	2630  	onShutdown []func()
	2631  }
	2632  
	2633  func (s *Server) getDoneChan() <-chan struct{} {
	2634  	s.mu.Lock()
	2635  	defer s.mu.Unlock()
	2636  	return s.getDoneChanLocked()
	2637  }
	2638  
	2639  func (s *Server) getDoneChanLocked() chan struct{} {
	2640  	if s.doneChan == nil {
	2641  		s.doneChan = make(chan struct{})
	2642  	}
	2643  	return s.doneChan
	2644  }
	2645  
	2646  func (s *Server) closeDoneChanLocked() {
	2647  	ch := s.getDoneChanLocked()
	2648  	select {
	2649  	case <-ch:
	2650  		// Already closed. Don't close again.
	2651  	default:
	2652  		// Safe to close here. We're the only closer, guarded
	2653  		// by s.mu.
	2654  		close(ch)
	2655  	}
	2656  }
	2657  
	2658  // Close immediately closes all active net.Listeners and any
	2659  // connections in state StateNew, StateActive, or StateIdle. For a
	2660  // graceful shutdown, use Shutdown.
	2661  //
	2662  // Close does not attempt to close (and does not even know about)
	2663  // any hijacked connections, such as WebSockets.
	2664  //
	2665  // Close returns any error returned from closing the Server's
	2666  // underlying Listener(s).
	2667  func (srv *Server) Close() error {
	2668  	srv.inShutdown.setTrue()
	2669  	srv.mu.Lock()
	2670  	defer srv.mu.Unlock()
	2671  	srv.closeDoneChanLocked()
	2672  	err := srv.closeListenersLocked()
	2673  	for c := range srv.activeConn {
	2674  		c.rwc.Close()
	2675  		delete(srv.activeConn, c)
	2676  	}
	2677  	return err
	2678  }
	2679  
	2680  // shutdownPollIntervalMax is the max polling interval when checking
	2681  // quiescence during Server.Shutdown. Polling starts with a small
	2682  // interval and backs off to the max.
	2683  // Ideally we could find a solution that doesn't involve polling,
	2684  // but which also doesn't have a high runtime cost (and doesn't
	2685  // involve any contentious mutexes), but that is left as an
	2686  // exercise for the reader.
	2687  const shutdownPollIntervalMax = 500 * time.Millisecond
	2688  
	2689  // Shutdown gracefully shuts down the server without interrupting any
	2690  // active connections. Shutdown works by first closing all open
	2691  // listeners, then closing all idle connections, and then waiting
	2692  // indefinitely for connections to return to idle and then shut down.
	2693  // If the provided context expires before the shutdown is complete,
	2694  // Shutdown returns the context's error, otherwise it returns any
	2695  // error returned from closing the Server's underlying Listener(s).
	2696  //
	2697  // When Shutdown is called, Serve, ListenAndServe, and
	2698  // ListenAndServeTLS immediately return ErrServerClosed. Make sure the
	2699  // program doesn't exit and waits instead for Shutdown to return.
	2700  //
	2701  // Shutdown does not attempt to close nor wait for hijacked
	2702  // connections such as WebSockets. The caller of Shutdown should
	2703  // separately notify such long-lived connections of shutdown and wait
	2704  // for them to close, if desired. See RegisterOnShutdown for a way to
	2705  // register shutdown notification functions.
	2706  //
	2707  // Once Shutdown has been called on a server, it may not be reused;
	2708  // future calls to methods such as Serve will return ErrServerClosed.
	2709  func (srv *Server) Shutdown(ctx context.Context) error {
	2710  	srv.inShutdown.setTrue()
	2711  
	2712  	srv.mu.Lock()
	2713  	lnerr := srv.closeListenersLocked()
	2714  	srv.closeDoneChanLocked()
	2715  	for _, f := range srv.onShutdown {
	2716  		go f()
	2717  	}
	2718  	srv.mu.Unlock()
	2719  
	2720  	pollIntervalBase := time.Millisecond
	2721  	nextPollInterval := func() time.Duration {
	2722  		// Add 10% jitter.
	2723  		interval := pollIntervalBase + time.Duration(rand.Intn(int(pollIntervalBase/10)))
	2724  		// Double and clamp for next time.
	2725  		pollIntervalBase *= 2
	2726  		if pollIntervalBase > shutdownPollIntervalMax {
	2727  			pollIntervalBase = shutdownPollIntervalMax
	2728  		}
	2729  		return interval
	2730  	}
	2731  
	2732  	timer := time.NewTimer(nextPollInterval())
	2733  	defer timer.Stop()
	2734  	for {
	2735  		if srv.closeIdleConns() && srv.numListeners() == 0 {
	2736  			return lnerr
	2737  		}
	2738  		select {
	2739  		case <-ctx.Done():
	2740  			return ctx.Err()
	2741  		case <-timer.C:
	2742  			timer.Reset(nextPollInterval())
	2743  		}
	2744  	}
	2745  }
	2746  
	2747  // RegisterOnShutdown registers a function to call on Shutdown.
	2748  // This can be used to gracefully shutdown connections that have
	2749  // undergone ALPN protocol upgrade or that have been hijacked.
	2750  // This function should start protocol-specific graceful shutdown,
	2751  // but should not wait for shutdown to complete.
	2752  func (srv *Server) RegisterOnShutdown(f func()) {
	2753  	srv.mu.Lock()
	2754  	srv.onShutdown = append(srv.onShutdown, f)
	2755  	srv.mu.Unlock()
	2756  }
	2757  
	2758  func (s *Server) numListeners() int {
	2759  	s.mu.Lock()
	2760  	defer s.mu.Unlock()
	2761  	return len(s.listeners)
	2762  }
	2763  
	2764  // closeIdleConns closes all idle connections and reports whether the
	2765  // server is quiescent.
	2766  func (s *Server) closeIdleConns() bool {
	2767  	s.mu.Lock()
	2768  	defer s.mu.Unlock()
	2769  	quiescent := true
	2770  	for c := range s.activeConn {
	2771  		st, unixSec := c.getState()
	2772  		// Issue 22682: treat StateNew connections as if
	2773  		// they're idle if we haven't read the first request's
	2774  		// header in over 5 seconds.
	2775  		if st == StateNew && unixSec < time.Now().Unix()-5 {
	2776  			st = StateIdle
	2777  		}
	2778  		if st != StateIdle || unixSec == 0 {
	2779  			// Assume unixSec == 0 means it's a very new
	2780  			// connection, without state set yet.
	2781  			quiescent = false
	2782  			continue
	2783  		}
	2784  		c.rwc.Close()
	2785  		delete(s.activeConn, c)
	2786  	}
	2787  	return quiescent
	2788  }
	2789  
	2790  func (s *Server) closeListenersLocked() error {
	2791  	var err error
	2792  	for ln := range s.listeners {
	2793  		if cerr := (*ln).Close(); cerr != nil && err == nil {
	2794  			err = cerr
	2795  		}
	2796  	}
	2797  	return err
	2798  }
	2799  
	2800  // A ConnState represents the state of a client connection to a server.
	2801  // It's used by the optional Server.ConnState hook.
	2802  type ConnState int
	2803  
	2804  const (
	2805  	// StateNew represents a new connection that is expected to
	2806  	// send a request immediately. Connections begin at this
	2807  	// state and then transition to either StateActive or
	2808  	// StateClosed.
	2809  	StateNew ConnState = iota
	2810  
	2811  	// StateActive represents a connection that has read 1 or more
	2812  	// bytes of a request. The Server.ConnState hook for
	2813  	// StateActive fires before the request has entered a handler
	2814  	// and doesn't fire again until the request has been
	2815  	// handled. After the request is handled, the state
	2816  	// transitions to StateClosed, StateHijacked, or StateIdle.
	2817  	// For HTTP/2, StateActive fires on the transition from zero
	2818  	// to one active request, and only transitions away once all
	2819  	// active requests are complete. That means that ConnState
	2820  	// cannot be used to do per-request work; ConnState only notes
	2821  	// the overall state of the connection.
	2822  	StateActive
	2823  
	2824  	// StateIdle represents a connection that has finished
	2825  	// handling a request and is in the keep-alive state, waiting
	2826  	// for a new request. Connections transition from StateIdle
	2827  	// to either StateActive or StateClosed.
	2828  	StateIdle
	2829  
	2830  	// StateHijacked represents a hijacked connection.
	2831  	// This is a terminal state. It does not transition to StateClosed.
	2832  	StateHijacked
	2833  
	2834  	// StateClosed represents a closed connection.
	2835  	// This is a terminal state. Hijacked connections do not
	2836  	// transition to StateClosed.
	2837  	StateClosed
	2838  )
	2839  
	2840  var stateName = map[ConnState]string{
	2841  	StateNew:			"new",
	2842  	StateActive:	 "active",
	2843  	StateIdle:		 "idle",
	2844  	StateHijacked: "hijacked",
	2845  	StateClosed:	 "closed",
	2846  }
	2847  
	2848  func (c ConnState) String() string {
	2849  	return stateName[c]
	2850  }
	2851  
	2852  // serverHandler delegates to either the server's Handler or
	2853  // DefaultServeMux and also handles "OPTIONS *" requests.
	2854  type serverHandler struct {
	2855  	srv *Server
	2856  }
	2857  
	2858  func (sh serverHandler) ServeHTTP(rw ResponseWriter, req *Request) {
	2859  	handler := sh.srv.Handler
	2860  	if handler == nil {
	2861  		handler = DefaultServeMux
	2862  	}
	2863  	if req.RequestURI == "*" && req.Method == "OPTIONS" {
	2864  		handler = globalOptionsHandler{}
	2865  	}
	2866  
	2867  	if req.URL != nil && strings.Contains(req.URL.RawQuery, ";") {
	2868  		var allowQuerySemicolonsInUse int32
	2869  		req = req.WithContext(context.WithValue(req.Context(), silenceSemWarnContextKey, func() {
	2870  			atomic.StoreInt32(&allowQuerySemicolonsInUse, 1)
	2871  		}))
	2872  		defer func() {
	2873  			if atomic.LoadInt32(&allowQuerySemicolonsInUse) == 0 {
	2874  				sh.srv.logf("http: URL query contains semicolon, which is no longer a supported separator; parts of the query may be stripped when parsed; see golang.org/issue/25192")
	2875  			}
	2876  		}()
	2877  	}
	2878  
	2879  	handler.ServeHTTP(rw, req)
	2880  }
	2881  
	2882  var silenceSemWarnContextKey = &contextKey{"silence-semicolons"}
	2883  
	2884  // AllowQuerySemicolons returns a handler that serves requests by converting any
	2885  // unescaped semicolons in the URL query to ampersands, and invoking the handler h.
	2886  //
	2887  // This restores the pre-Go 1.17 behavior of splitting query parameters on both
	2888  // semicolons and ampersands. (See golang.org/issue/25192). Note that this
	2889  // behavior doesn't match that of many proxies, and the mismatch can lead to
	2890  // security issues.
	2891  //
	2892  // AllowQuerySemicolons should be invoked before Request.ParseForm is called.
	2893  func AllowQuerySemicolons(h Handler) Handler {
	2894  	return HandlerFunc(func(w ResponseWriter, r *Request) {
	2895  		if silenceSemicolonsWarning, ok := r.Context().Value(silenceSemWarnContextKey).(func()); ok {
	2896  			silenceSemicolonsWarning()
	2897  		}
	2898  		if strings.Contains(r.URL.RawQuery, ";") {
	2899  			r2 := new(Request)
	2900  			*r2 = *r
	2901  			r2.URL = new(url.URL)
	2902  			*r2.URL = *r.URL
	2903  			r2.URL.RawQuery = strings.ReplaceAll(r.URL.RawQuery, ";", "&")
	2904  			h.ServeHTTP(w, r2)
	2905  		} else {
	2906  			h.ServeHTTP(w, r)
	2907  		}
	2908  	})
	2909  }
	2910  
	2911  // ListenAndServe listens on the TCP network address srv.Addr and then
	2912  // calls Serve to handle requests on incoming connections.
	2913  // Accepted connections are configured to enable TCP keep-alives.
	2914  //
	2915  // If srv.Addr is blank, ":http" is used.
	2916  //
	2917  // ListenAndServe always returns a non-nil error. After Shutdown or Close,
	2918  // the returned error is ErrServerClosed.
	2919  func (srv *Server) ListenAndServe() error {
	2920  	if srv.shuttingDown() {
	2921  		return ErrServerClosed
	2922  	}
	2923  	addr := srv.Addr
	2924  	if addr == "" {
	2925  		addr = ":http"
	2926  	}
	2927  	ln, err := net.Listen("tcp", addr)
	2928  	if err != nil {
	2929  		return err
	2930  	}
	2931  	return srv.Serve(ln)
	2932  }
	2933  
	2934  var testHookServerServe func(*Server, net.Listener) // used if non-nil
	2935  
	2936  // shouldDoServeHTTP2 reports whether Server.Serve should configure
	2937  // automatic HTTP/2. (which sets up the srv.TLSNextProto map)
	2938  func (srv *Server) shouldConfigureHTTP2ForServe() bool {
	2939  	if srv.TLSConfig == nil {
	2940  		// Compatibility with Go 1.6:
	2941  		// If there's no TLSConfig, it's possible that the user just
	2942  		// didn't set it on the http.Server, but did pass it to
	2943  		// tls.NewListener and passed that listener to Serve.
	2944  		// So we should configure HTTP/2 (to set up srv.TLSNextProto)
	2945  		// in case the listener returns an "h2" *tls.Conn.
	2946  		return true
	2947  	}
	2948  	// The user specified a TLSConfig on their http.Server.
	2949  	// In this, case, only configure HTTP/2 if their tls.Config
	2950  	// explicitly mentions "h2". Otherwise http2.ConfigureServer
	2951  	// would modify the tls.Config to add it, but they probably already
	2952  	// passed this tls.Config to tls.NewListener. And if they did,
	2953  	// it's too late anyway to fix it. It would only be potentially racy.
	2954  	// See Issue 15908.
	2955  	return strSliceContains(srv.TLSConfig.NextProtos, http2NextProtoTLS)
	2956  }
	2957  
	2958  // ErrServerClosed is returned by the Server's Serve, ServeTLS, ListenAndServe,
	2959  // and ListenAndServeTLS methods after a call to Shutdown or Close.
	2960  var ErrServerClosed = errors.New("http: Server closed")
	2961  
	2962  // Serve accepts incoming connections on the Listener l, creating a
	2963  // new service goroutine for each. The service goroutines read requests and
	2964  // then call srv.Handler to reply to them.
	2965  //
	2966  // HTTP/2 support is only enabled if the Listener returns *tls.Conn
	2967  // connections and they were configured with "h2" in the TLS
	2968  // Config.NextProtos.
	2969  //
	2970  // Serve always returns a non-nil error and closes l.
	2971  // After Shutdown or Close, the returned error is ErrServerClosed.
	2972  func (srv *Server) Serve(l net.Listener) error {
	2973  	if fn := testHookServerServe; fn != nil {
	2974  		fn(srv, l) // call hook with unwrapped listener
	2975  	}
	2976  
	2977  	origListener := l
	2978  	l = &onceCloseListener{Listener: l}
	2979  	defer l.Close()
	2980  
	2981  	if err := srv.setupHTTP2_Serve(); err != nil {
	2982  		return err
	2983  	}
	2984  
	2985  	if !srv.trackListener(&l, true) {
	2986  		return ErrServerClosed
	2987  	}
	2988  	defer srv.trackListener(&l, false)
	2989  
	2990  	baseCtx := context.Background()
	2991  	if srv.BaseContext != nil {
	2992  		baseCtx = srv.BaseContext(origListener)
	2993  		if baseCtx == nil {
	2994  			panic("BaseContext returned a nil context")
	2995  		}
	2996  	}
	2997  
	2998  	var tempDelay time.Duration // how long to sleep on accept failure
	2999  
	3000  	ctx := context.WithValue(baseCtx, ServerContextKey, srv)
	3001  	for {
	3002  		rw, err := l.Accept()
	3003  		if err != nil {
	3004  			select {
	3005  			case <-srv.getDoneChan():
	3006  				return ErrServerClosed
	3007  			default:
	3008  			}
	3009  			if ne, ok := err.(net.Error); ok && ne.Temporary() {
	3010  				if tempDelay == 0 {
	3011  					tempDelay = 5 * time.Millisecond
	3012  				} else {
	3013  					tempDelay *= 2
	3014  				}
	3015  				if max := 1 * time.Second; tempDelay > max {
	3016  					tempDelay = max
	3017  				}
	3018  				srv.logf("http: Accept error: %v; retrying in %v", err, tempDelay)
	3019  				time.Sleep(tempDelay)
	3020  				continue
	3021  			}
	3022  			return err
	3023  		}
	3024  		connCtx := ctx
	3025  		if cc := srv.ConnContext; cc != nil {
	3026  			connCtx = cc(connCtx, rw)
	3027  			if connCtx == nil {
	3028  				panic("ConnContext returned nil")
	3029  			}
	3030  		}
	3031  		tempDelay = 0
	3032  		c := srv.newConn(rw)
	3033  		c.setState(c.rwc, StateNew, runHooks) // before Serve can return
	3034  		go c.serve(connCtx)
	3035  	}
	3036  }
	3037  
	3038  // ServeTLS accepts incoming connections on the Listener l, creating a
	3039  // new service goroutine for each. The service goroutines perform TLS
	3040  // setup and then read requests, calling srv.Handler to reply to them.
	3041  //
	3042  // Files containing a certificate and matching private key for the
	3043  // server must be provided if neither the Server's
	3044  // TLSConfig.Certificates nor TLSConfig.GetCertificate are populated.
	3045  // If the certificate is signed by a certificate authority, the
	3046  // certFile should be the concatenation of the server's certificate,
	3047  // any intermediates, and the CA's certificate.
	3048  //
	3049  // ServeTLS always returns a non-nil error. After Shutdown or Close, the
	3050  // returned error is ErrServerClosed.
	3051  func (srv *Server) ServeTLS(l net.Listener, certFile, keyFile string) error {
	3052  	// Setup HTTP/2 before srv.Serve, to initialize srv.TLSConfig
	3053  	// before we clone it and create the TLS Listener.
	3054  	if err := srv.setupHTTP2_ServeTLS(); err != nil {
	3055  		return err
	3056  	}
	3057  
	3058  	config := cloneTLSConfig(srv.TLSConfig)
	3059  	if !strSliceContains(config.NextProtos, "http/1.1") {
	3060  		config.NextProtos = append(config.NextProtos, "http/1.1")
	3061  	}
	3062  
	3063  	configHasCert := len(config.Certificates) > 0 || config.GetCertificate != nil
	3064  	if !configHasCert || certFile != "" || keyFile != "" {
	3065  		var err error
	3066  		config.Certificates = make([]tls.Certificate, 1)
	3067  		config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
	3068  		if err != nil {
	3069  			return err
	3070  		}
	3071  	}
	3072  
	3073  	tlsListener := tls.NewListener(l, config)
	3074  	return srv.Serve(tlsListener)
	3075  }
	3076  
	3077  // trackListener adds or removes a net.Listener to the set of tracked
	3078  // listeners.
	3079  //
	3080  // We store a pointer to interface in the map set, in case the
	3081  // net.Listener is not comparable. This is safe because we only call
	3082  // trackListener via Serve and can track+defer untrack the same
	3083  // pointer to local variable there. We never need to compare a
	3084  // Listener from another caller.
	3085  //
	3086  // It reports whether the server is still up (not Shutdown or Closed).
	3087  func (s *Server) trackListener(ln *net.Listener, add bool) bool {
	3088  	s.mu.Lock()
	3089  	defer s.mu.Unlock()
	3090  	if s.listeners == nil {
	3091  		s.listeners = make(map[*net.Listener]struct{})
	3092  	}
	3093  	if add {
	3094  		if s.shuttingDown() {
	3095  			return false
	3096  		}
	3097  		s.listeners[ln] = struct{}{}
	3098  	} else {
	3099  		delete(s.listeners, ln)
	3100  	}
	3101  	return true
	3102  }
	3103  
	3104  func (s *Server) trackConn(c *conn, add bool) {
	3105  	s.mu.Lock()
	3106  	defer s.mu.Unlock()
	3107  	if s.activeConn == nil {
	3108  		s.activeConn = make(map[*conn]struct{})
	3109  	}
	3110  	if add {
	3111  		s.activeConn[c] = struct{}{}
	3112  	} else {
	3113  		delete(s.activeConn, c)
	3114  	}
	3115  }
	3116  
	3117  func (s *Server) idleTimeout() time.Duration {
	3118  	if s.IdleTimeout != 0 {
	3119  		return s.IdleTimeout
	3120  	}
	3121  	return s.ReadTimeout
	3122  }
	3123  
	3124  func (s *Server) readHeaderTimeout() time.Duration {
	3125  	if s.ReadHeaderTimeout != 0 {
	3126  		return s.ReadHeaderTimeout
	3127  	}
	3128  	return s.ReadTimeout
	3129  }
	3130  
	3131  func (s *Server) doKeepAlives() bool {
	3132  	return atomic.LoadInt32(&s.disableKeepAlives) == 0 && !s.shuttingDown()
	3133  }
	3134  
	3135  func (s *Server) shuttingDown() bool {
	3136  	return s.inShutdown.isSet()
	3137  }
	3138  
	3139  // SetKeepAlivesEnabled controls whether HTTP keep-alives are enabled.
	3140  // By default, keep-alives are always enabled. Only very
	3141  // resource-constrained environments or servers in the process of
	3142  // shutting down should disable them.
	3143  func (srv *Server) SetKeepAlivesEnabled(v bool) {
	3144  	if v {
	3145  		atomic.StoreInt32(&srv.disableKeepAlives, 0)
	3146  		return
	3147  	}
	3148  	atomic.StoreInt32(&srv.disableKeepAlives, 1)
	3149  
	3150  	// Close idle HTTP/1 conns:
	3151  	srv.closeIdleConns()
	3152  
	3153  	// TODO: Issue 26303: close HTTP/2 conns as soon as they become idle.
	3154  }
	3155  
	3156  func (s *Server) logf(format string, args ...interface{}) {
	3157  	if s.ErrorLog != nil {
	3158  		s.ErrorLog.Printf(format, args...)
	3159  	} else {
	3160  		log.Printf(format, args...)
	3161  	}
	3162  }
	3163  
	3164  // logf prints to the ErrorLog of the *Server associated with request r
	3165  // via ServerContextKey. If there's no associated server, or if ErrorLog
	3166  // is nil, logging is done via the log package's standard logger.
	3167  func logf(r *Request, format string, args ...interface{}) {
	3168  	s, _ := r.Context().Value(ServerContextKey).(*Server)
	3169  	if s != nil && s.ErrorLog != nil {
	3170  		s.ErrorLog.Printf(format, args...)
	3171  	} else {
	3172  		log.Printf(format, args...)
	3173  	}
	3174  }
	3175  
	3176  // ListenAndServe listens on the TCP network address addr and then calls
	3177  // Serve with handler to handle requests on incoming connections.
	3178  // Accepted connections are configured to enable TCP keep-alives.
	3179  //
	3180  // The handler is typically nil, in which case the DefaultServeMux is used.
	3181  //
	3182  // ListenAndServe always returns a non-nil error.
	3183  func ListenAndServe(addr string, handler Handler) error {
	3184  	server := &Server{Addr: addr, Handler: handler}
	3185  	return server.ListenAndServe()
	3186  }
	3187  
	3188  // ListenAndServeTLS acts identically to ListenAndServe, except that it
	3189  // expects HTTPS connections. Additionally, files containing a certificate and
	3190  // matching private key for the server must be provided. If the certificate
	3191  // is signed by a certificate authority, the certFile should be the concatenation
	3192  // of the server's certificate, any intermediates, and the CA's certificate.
	3193  func ListenAndServeTLS(addr, certFile, keyFile string, handler Handler) error {
	3194  	server := &Server{Addr: addr, Handler: handler}
	3195  	return server.ListenAndServeTLS(certFile, keyFile)
	3196  }
	3197  
	3198  // ListenAndServeTLS listens on the TCP network address srv.Addr and
	3199  // then calls ServeTLS to handle requests on incoming TLS connections.
	3200  // Accepted connections are configured to enable TCP keep-alives.
	3201  //
	3202  // Filenames containing a certificate and matching private key for the
	3203  // server must be provided if neither the Server's TLSConfig.Certificates
	3204  // nor TLSConfig.GetCertificate are populated. If the certificate is
	3205  // signed by a certificate authority, the certFile should be the
	3206  // concatenation of the server's certificate, any intermediates, and
	3207  // the CA's certificate.
	3208  //
	3209  // If srv.Addr is blank, ":https" is used.
	3210  //
	3211  // ListenAndServeTLS always returns a non-nil error. After Shutdown or
	3212  // Close, the returned error is ErrServerClosed.
	3213  func (srv *Server) ListenAndServeTLS(certFile, keyFile string) error {
	3214  	if srv.shuttingDown() {
	3215  		return ErrServerClosed
	3216  	}
	3217  	addr := srv.Addr
	3218  	if addr == "" {
	3219  		addr = ":https"
	3220  	}
	3221  
	3222  	ln, err := net.Listen("tcp", addr)
	3223  	if err != nil {
	3224  		return err
	3225  	}
	3226  
	3227  	defer ln.Close()
	3228  
	3229  	return srv.ServeTLS(ln, certFile, keyFile)
	3230  }
	3231  
	3232  // setupHTTP2_ServeTLS conditionally configures HTTP/2 on
	3233  // srv and reports whether there was an error setting it up. If it is
	3234  // not configured for policy reasons, nil is returned.
	3235  func (srv *Server) setupHTTP2_ServeTLS() error {
	3236  	srv.nextProtoOnce.Do(srv.onceSetNextProtoDefaults)
	3237  	return srv.nextProtoErr
	3238  }
	3239  
	3240  // setupHTTP2_Serve is called from (*Server).Serve and conditionally
	3241  // configures HTTP/2 on srv using a more conservative policy than
	3242  // setupHTTP2_ServeTLS because Serve is called after tls.Listen,
	3243  // and may be called concurrently. See shouldConfigureHTTP2ForServe.
	3244  //
	3245  // The tests named TestTransportAutomaticHTTP2* and
	3246  // TestConcurrentServerServe in server_test.go demonstrate some
	3247  // of the supported use cases and motivations.
	3248  func (srv *Server) setupHTTP2_Serve() error {
	3249  	srv.nextProtoOnce.Do(srv.onceSetNextProtoDefaults_Serve)
	3250  	return srv.nextProtoErr
	3251  }
	3252  
	3253  func (srv *Server) onceSetNextProtoDefaults_Serve() {
	3254  	if srv.shouldConfigureHTTP2ForServe() {
	3255  		srv.onceSetNextProtoDefaults()
	3256  	}
	3257  }
	3258  
	3259  // onceSetNextProtoDefaults configures HTTP/2, if the user hasn't
	3260  // configured otherwise. (by setting srv.TLSNextProto non-nil)
	3261  // It must only be called via srv.nextProtoOnce (use srv.setupHTTP2_*).
	3262  func (srv *Server) onceSetNextProtoDefaults() {
	3263  	if omitBundledHTTP2 || strings.Contains(os.Getenv("GODEBUG"), "http2server=0") {
	3264  		return
	3265  	}
	3266  	// Enable HTTP/2 by default if the user hasn't otherwise
	3267  	// configured their TLSNextProto map.
	3268  	if srv.TLSNextProto == nil {
	3269  		conf := &http2Server{
	3270  			NewWriteScheduler: func() http2WriteScheduler { return http2NewPriorityWriteScheduler(nil) },
	3271  		}
	3272  		srv.nextProtoErr = http2ConfigureServer(srv, conf)
	3273  	}
	3274  }
	3275  
	3276  // TimeoutHandler returns a Handler that runs h with the given time limit.
	3277  //
	3278  // The new Handler calls h.ServeHTTP to handle each request, but if a
	3279  // call runs for longer than its time limit, the handler responds with
	3280  // a 503 Service Unavailable error and the given message in its body.
	3281  // (If msg is empty, a suitable default message will be sent.)
	3282  // After such a timeout, writes by h to its ResponseWriter will return
	3283  // ErrHandlerTimeout.
	3284  //
	3285  // TimeoutHandler supports the Pusher interface but does not support
	3286  // the Hijacker or Flusher interfaces.
	3287  func TimeoutHandler(h Handler, dt time.Duration, msg string) Handler {
	3288  	return &timeoutHandler{
	3289  		handler: h,
	3290  		body:		msg,
	3291  		dt:			dt,
	3292  	}
	3293  }
	3294  
	3295  // ErrHandlerTimeout is returned on ResponseWriter Write calls
	3296  // in handlers which have timed out.
	3297  var ErrHandlerTimeout = errors.New("http: Handler timeout")
	3298  
	3299  type timeoutHandler struct {
	3300  	handler Handler
	3301  	body		string
	3302  	dt			time.Duration
	3303  
	3304  	// When set, no context will be created and this context will
	3305  	// be used instead.
	3306  	testContext context.Context
	3307  }
	3308  
	3309  func (h *timeoutHandler) errorBody() string {
	3310  	if h.body != "" {
	3311  		return h.body
	3312  	}
	3313  	return "<html><head><title>Timeout</title></head><body><h1>Timeout</h1></body></html>"
	3314  }
	3315  
	3316  func (h *timeoutHandler) ServeHTTP(w ResponseWriter, r *Request) {
	3317  	ctx := h.testContext
	3318  	if ctx == nil {
	3319  		var cancelCtx context.CancelFunc
	3320  		ctx, cancelCtx = context.WithTimeout(r.Context(), h.dt)
	3321  		defer cancelCtx()
	3322  	}
	3323  	r = r.WithContext(ctx)
	3324  	done := make(chan struct{})
	3325  	tw := &timeoutWriter{
	3326  		w:	 w,
	3327  		h:	 make(Header),
	3328  		req: r,
	3329  	}
	3330  	panicChan := make(chan interface{}, 1)
	3331  	go func() {
	3332  		defer func() {
	3333  			if p := recover(); p != nil {
	3334  				panicChan <- p
	3335  			}
	3336  		}()
	3337  		h.handler.ServeHTTP(tw, r)
	3338  		close(done)
	3339  	}()
	3340  	select {
	3341  	case p := <-panicChan:
	3342  		panic(p)
	3343  	case <-done:
	3344  		tw.mu.Lock()
	3345  		defer tw.mu.Unlock()
	3346  		dst := w.Header()
	3347  		for k, vv := range tw.h {
	3348  			dst[k] = vv
	3349  		}
	3350  		if !tw.wroteHeader {
	3351  			tw.code = StatusOK
	3352  		}
	3353  		w.WriteHeader(tw.code)
	3354  		w.Write(tw.wbuf.Bytes())
	3355  	case <-ctx.Done():
	3356  		tw.mu.Lock()
	3357  		defer tw.mu.Unlock()
	3358  		w.WriteHeader(StatusServiceUnavailable)
	3359  		io.WriteString(w, h.errorBody())
	3360  		tw.timedOut = true
	3361  	}
	3362  }
	3363  
	3364  type timeoutWriter struct {
	3365  	w		ResponseWriter
	3366  	h		Header
	3367  	wbuf bytes.Buffer
	3368  	req	*Request
	3369  
	3370  	mu					sync.Mutex
	3371  	timedOut		bool
	3372  	wroteHeader bool
	3373  	code				int
	3374  }
	3375  
	3376  var _ Pusher = (*timeoutWriter)(nil)
	3377  
	3378  // Push implements the Pusher interface.
	3379  func (tw *timeoutWriter) Push(target string, opts *PushOptions) error {
	3380  	if pusher, ok := tw.w.(Pusher); ok {
	3381  		return pusher.Push(target, opts)
	3382  	}
	3383  	return ErrNotSupported
	3384  }
	3385  
	3386  func (tw *timeoutWriter) Header() Header { return tw.h }
	3387  
	3388  func (tw *timeoutWriter) Write(p []byte) (int, error) {
	3389  	tw.mu.Lock()
	3390  	defer tw.mu.Unlock()
	3391  	if tw.timedOut {
	3392  		return 0, ErrHandlerTimeout
	3393  	}
	3394  	if !tw.wroteHeader {
	3395  		tw.writeHeaderLocked(StatusOK)
	3396  	}
	3397  	return tw.wbuf.Write(p)
	3398  }
	3399  
	3400  func (tw *timeoutWriter) writeHeaderLocked(code int) {
	3401  	checkWriteHeaderCode(code)
	3402  
	3403  	switch {
	3404  	case tw.timedOut:
	3405  		return
	3406  	case tw.wroteHeader:
	3407  		if tw.req != nil {
	3408  			caller := relevantCaller()
	3409  			logf(tw.req, "http: superfluous response.WriteHeader call from %s (%s:%d)", caller.Function, path.Base(caller.File), caller.Line)
	3410  		}
	3411  	default:
	3412  		tw.wroteHeader = true
	3413  		tw.code = code
	3414  	}
	3415  }
	3416  
	3417  func (tw *timeoutWriter) WriteHeader(code int) {
	3418  	tw.mu.Lock()
	3419  	defer tw.mu.Unlock()
	3420  	tw.writeHeaderLocked(code)
	3421  }
	3422  
	3423  // onceCloseListener wraps a net.Listener, protecting it from
	3424  // multiple Close calls.
	3425  type onceCloseListener struct {
	3426  	net.Listener
	3427  	once		 sync.Once
	3428  	closeErr error
	3429  }
	3430  
	3431  func (oc *onceCloseListener) Close() error {
	3432  	oc.once.Do(oc.close)
	3433  	return oc.closeErr
	3434  }
	3435  
	3436  func (oc *onceCloseListener) close() { oc.closeErr = oc.Listener.Close() }
	3437  
	3438  // globalOptionsHandler responds to "OPTIONS *" requests.
	3439  type globalOptionsHandler struct{}
	3440  
	3441  func (globalOptionsHandler) ServeHTTP(w ResponseWriter, r *Request) {
	3442  	w.Header().Set("Content-Length", "0")
	3443  	if r.ContentLength != 0 {
	3444  		// Read up to 4KB of OPTIONS body (as mentioned in the
	3445  		// spec as being reserved for future use), but anything
	3446  		// over that is considered a waste of server resources
	3447  		// (or an attack) and we abort and close the connection,
	3448  		// courtesy of MaxBytesReader's EOF behavior.
	3449  		mb := MaxBytesReader(w, r.Body, 4<<10)
	3450  		io.Copy(io.Discard, mb)
	3451  	}
	3452  }
	3453  
	3454  // initALPNRequest is an HTTP handler that initializes certain
	3455  // uninitialized fields in its *Request. Such partially-initialized
	3456  // Requests come from ALPN protocol handlers.
	3457  type initALPNRequest struct {
	3458  	ctx context.Context
	3459  	c	 *tls.Conn
	3460  	h	 serverHandler
	3461  }
	3462  
	3463  // BaseContext is an exported but unadvertised http.Handler method
	3464  // recognized by x/net/http2 to pass down a context; the TLSNextProto
	3465  // API predates context support so we shoehorn through the only
	3466  // interface we have available.
	3467  func (h initALPNRequest) BaseContext() context.Context { return h.ctx }
	3468  
	3469  func (h initALPNRequest) ServeHTTP(rw ResponseWriter, req *Request) {
	3470  	if req.TLS == nil {
	3471  		req.TLS = &tls.ConnectionState{}
	3472  		*req.TLS = h.c.ConnectionState()
	3473  	}
	3474  	if req.Body == nil {
	3475  		req.Body = NoBody
	3476  	}
	3477  	if req.RemoteAddr == "" {
	3478  		req.RemoteAddr = h.c.RemoteAddr().String()
	3479  	}
	3480  	h.h.ServeHTTP(rw, req)
	3481  }
	3482  
	3483  // loggingConn is used for debugging.
	3484  type loggingConn struct {
	3485  	name string
	3486  	net.Conn
	3487  }
	3488  
	3489  var (
	3490  	uniqNameMu	 sync.Mutex
	3491  	uniqNameNext = make(map[string]int)
	3492  )
	3493  
	3494  func newLoggingConn(baseName string, c net.Conn) net.Conn {
	3495  	uniqNameMu.Lock()
	3496  	defer uniqNameMu.Unlock()
	3497  	uniqNameNext[baseName]++
	3498  	return &loggingConn{
	3499  		name: fmt.Sprintf("%s-%d", baseName, uniqNameNext[baseName]),
	3500  		Conn: c,
	3501  	}
	3502  }
	3503  
	3504  func (c *loggingConn) Write(p []byte) (n int, err error) {
	3505  	log.Printf("%s.Write(%d) = ....", c.name, len(p))
	3506  	n, err = c.Conn.Write(p)
	3507  	log.Printf("%s.Write(%d) = %d, %v", c.name, len(p), n, err)
	3508  	return
	3509  }
	3510  
	3511  func (c *loggingConn) Read(p []byte) (n int, err error) {
	3512  	log.Printf("%s.Read(%d) = ....", c.name, len(p))
	3513  	n, err = c.Conn.Read(p)
	3514  	log.Printf("%s.Read(%d) = %d, %v", c.name, len(p), n, err)
	3515  	return
	3516  }
	3517  
	3518  func (c *loggingConn) Close() (err error) {
	3519  	log.Printf("%s.Close() = ...", c.name)
	3520  	err = c.Conn.Close()
	3521  	log.Printf("%s.Close() = %v", c.name, err)
	3522  	return
	3523  }
	3524  
	3525  // checkConnErrorWriter writes to c.rwc and records any write errors to c.werr.
	3526  // It only contains one field (and a pointer field at that), so it
	3527  // fits in an interface value without an extra allocation.
	3528  type checkConnErrorWriter struct {
	3529  	c *conn
	3530  }
	3531  
	3532  func (w checkConnErrorWriter) Write(p []byte) (n int, err error) {
	3533  	n, err = w.c.rwc.Write(p)
	3534  	if err != nil && w.c.werr == nil {
	3535  		w.c.werr = err
	3536  		w.c.cancelCtx()
	3537  	}
	3538  	return
	3539  }
	3540  
	3541  func numLeadingCRorLF(v []byte) (n int) {
	3542  	for _, b := range v {
	3543  		if b == '\r' || b == '\n' {
	3544  			n++
	3545  			continue
	3546  		}
	3547  		break
	3548  	}
	3549  	return
	3550  
	3551  }
	3552  
	3553  func strSliceContains(ss []string, s string) bool {
	3554  	for _, v := range ss {
	3555  		if v == s {
	3556  			return true
	3557  		}
	3558  	}
	3559  	return false
	3560  }
	3561  
	3562  // tlsRecordHeaderLooksLikeHTTP reports whether a TLS record header
	3563  // looks like it might've been a misdirected plaintext HTTP request.
	3564  func tlsRecordHeaderLooksLikeHTTP(hdr [5]byte) bool {
	3565  	switch string(hdr[:]) {
	3566  	case "GET /", "HEAD ", "POST ", "PUT /", "OPTIO":
	3567  		return true
	3568  	}
	3569  	return false
	3570  }
	3571  

View as plain text