Source file src/net/http/transport.go

     1  // Copyright 2011 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  // HTTP client implementation. See RFC 7230 through 7235.
     6  //
     7  // This is the low-level Transport implementation of RoundTripper.
     8  // The high-level interface is in client.go.
     9  
    10  package http
    11  
    12  import (
    13  	"bufio"
    14  	"compress/gzip"
    15  	"container/list"
    16  	"context"
    17  	"crypto/tls"
    18  	"errors"
    19  	"fmt"
    20  	"internal/godebug"
    21  	"io"
    22  	"log"
    23  	"net"
    24  	"net/http/httptrace"
    25  	"net/http/internal/ascii"
    26  	"net/textproto"
    27  	"net/url"
    28  	"reflect"
    29  	"strings"
    30  	"sync"
    31  	"sync/atomic"
    32  	"time"
    33  
    34  	"golang.org/x/net/http/httpguts"
    35  	"golang.org/x/net/http/httpproxy"
    36  )
    37  
    38  // DefaultTransport is the default implementation of [Transport] and is
    39  // used by [DefaultClient]. It establishes network connections as needed
    40  // and caches them for reuse by subsequent calls. It uses HTTP proxies
    41  // as directed by the environment variables HTTP_PROXY, HTTPS_PROXY
    42  // and NO_PROXY (or the lowercase versions thereof).
    43  var DefaultTransport RoundTripper = &Transport{
    44  	Proxy: ProxyFromEnvironment,
    45  	DialContext: defaultTransportDialContext(&net.Dialer{
    46  		Timeout:   30 * time.Second,
    47  		KeepAlive: 30 * time.Second,
    48  	}),
    49  	ForceAttemptHTTP2:     true,
    50  	MaxIdleConns:          100,
    51  	IdleConnTimeout:       90 * time.Second,
    52  	TLSHandshakeTimeout:   10 * time.Second,
    53  	ExpectContinueTimeout: 1 * time.Second,
    54  }
    55  
    56  // DefaultMaxIdleConnsPerHost is the default value of [Transport]'s
    57  // MaxIdleConnsPerHost.
    58  const DefaultMaxIdleConnsPerHost = 2
    59  
    60  // Transport is an implementation of [RoundTripper] that supports HTTP,
    61  // HTTPS, and HTTP proxies (for either HTTP or HTTPS with CONNECT).
    62  //
    63  // By default, Transport caches connections for future re-use.
    64  // This may leave many open connections when accessing many hosts.
    65  // This behavior can be managed using [Transport.CloseIdleConnections] method
    66  // and the [Transport.MaxIdleConnsPerHost] and [Transport.DisableKeepAlives] fields.
    67  //
    68  // Transports should be reused instead of created as needed.
    69  // Transports are safe for concurrent use by multiple goroutines.
    70  //
    71  // A Transport is a low-level primitive for making HTTP and HTTPS requests.
    72  // For high-level functionality, such as cookies and redirects, see [Client].
    73  //
    74  // Transport uses HTTP/1.1 for HTTP URLs and either HTTP/1.1 or HTTP/2
    75  // for HTTPS URLs, depending on whether the server supports HTTP/2,
    76  // and how the Transport is configured. The [DefaultTransport] supports HTTP/2.
    77  // To explicitly enable HTTP/2 on a transport, use golang.org/x/net/http2
    78  // and call ConfigureTransport. See the package docs for more about HTTP/2.
    79  //
    80  // Responses with status codes in the 1xx range are either handled
    81  // automatically (100 expect-continue) or ignored. The one
    82  // exception is HTTP status code 101 (Switching Protocols), which is
    83  // considered a terminal status and returned by [Transport.RoundTrip]. To see the
    84  // ignored 1xx responses, use the httptrace trace package's
    85  // ClientTrace.Got1xxResponse.
    86  //
    87  // Transport only retries a request upon encountering a network error
    88  // if the connection has been already been used successfully and if the
    89  // request is idempotent and either has no body or has its [Request.GetBody]
    90  // defined. HTTP requests are considered idempotent if they have HTTP methods
    91  // GET, HEAD, OPTIONS, or TRACE; or if their [Header] map contains an
    92  // "Idempotency-Key" or "X-Idempotency-Key" entry. If the idempotency key
    93  // value is a zero-length slice, the request is treated as idempotent but the
    94  // header is not sent on the wire.
    95  type Transport struct {
    96  	idleMu       sync.Mutex
    97  	closeIdle    bool                                // user has requested to close all idle conns
    98  	idleConn     map[connectMethodKey][]*persistConn // most recently used at end
    99  	idleConnWait map[connectMethodKey]wantConnQueue  // waiting getConns
   100  	idleLRU      connLRU
   101  
   102  	reqMu       sync.Mutex
   103  	reqCanceler map[cancelKey]func(error)
   104  
   105  	altMu    sync.Mutex   // guards changing altProto only
   106  	altProto atomic.Value // of nil or map[string]RoundTripper, key is URI scheme
   107  
   108  	connsPerHostMu   sync.Mutex
   109  	connsPerHost     map[connectMethodKey]int
   110  	connsPerHostWait map[connectMethodKey]wantConnQueue // waiting getConns
   111  
   112  	// Proxy specifies a function to return a proxy for a given
   113  	// Request. If the function returns a non-nil error, the
   114  	// request is aborted with the provided error.
   115  	//
   116  	// The proxy type is determined by the URL scheme. "http",
   117  	// "https", "socks5", and "socks5h" are supported. If the scheme is empty,
   118  	// "http" is assumed.
   119  	// "socks5" is treated the same as "socks5h".
   120  	//
   121  	// If the proxy URL contains a userinfo subcomponent,
   122  	// the proxy request will pass the username and password
   123  	// in a Proxy-Authorization header.
   124  	//
   125  	// If Proxy is nil or returns a nil *URL, no proxy is used.
   126  	Proxy func(*Request) (*url.URL, error)
   127  
   128  	// OnProxyConnectResponse is called when the Transport gets an HTTP response from
   129  	// a proxy for a CONNECT request. It's called before the check for a 200 OK response.
   130  	// If it returns an error, the request fails with that error.
   131  	OnProxyConnectResponse func(ctx context.Context, proxyURL *url.URL, connectReq *Request, connectRes *Response) error
   132  
   133  	// DialContext specifies the dial function for creating unencrypted TCP connections.
   134  	// If DialContext is nil (and the deprecated Dial below is also nil),
   135  	// then the transport dials using package net.
   136  	//
   137  	// DialContext runs concurrently with calls to RoundTrip.
   138  	// A RoundTrip call that initiates a dial may end up using
   139  	// a connection dialed previously when the earlier connection
   140  	// becomes idle before the later DialContext completes.
   141  	DialContext func(ctx context.Context, network, addr string) (net.Conn, error)
   142  
   143  	// Dial specifies the dial function for creating unencrypted TCP connections.
   144  	//
   145  	// Dial runs concurrently with calls to RoundTrip.
   146  	// A RoundTrip call that initiates a dial may end up using
   147  	// a connection dialed previously when the earlier connection
   148  	// becomes idle before the later Dial completes.
   149  	//
   150  	// Deprecated: Use DialContext instead, which allows the transport
   151  	// to cancel dials as soon as they are no longer needed.
   152  	// If both are set, DialContext takes priority.
   153  	Dial func(network, addr string) (net.Conn, error)
   154  
   155  	// DialTLSContext specifies an optional dial function for creating
   156  	// TLS connections for non-proxied HTTPS requests.
   157  	//
   158  	// If DialTLSContext is nil (and the deprecated DialTLS below is also nil),
   159  	// DialContext and TLSClientConfig are used.
   160  	//
   161  	// If DialTLSContext is set, the Dial and DialContext hooks are not used for HTTPS
   162  	// requests and the TLSClientConfig and TLSHandshakeTimeout
   163  	// are ignored. The returned net.Conn is assumed to already be
   164  	// past the TLS handshake.
   165  	DialTLSContext func(ctx context.Context, network, addr string) (net.Conn, error)
   166  
   167  	// DialTLS specifies an optional dial function for creating
   168  	// TLS connections for non-proxied HTTPS requests.
   169  	//
   170  	// Deprecated: Use DialTLSContext instead, which allows the transport
   171  	// to cancel dials as soon as they are no longer needed.
   172  	// If both are set, DialTLSContext takes priority.
   173  	DialTLS func(network, addr string) (net.Conn, error)
   174  
   175  	// TLSClientConfig specifies the TLS configuration to use with
   176  	// tls.Client.
   177  	// If nil, the default configuration is used.
   178  	// If non-nil, HTTP/2 support may not be enabled by default.
   179  	TLSClientConfig *tls.Config
   180  
   181  	// TLSHandshakeTimeout specifies the maximum amount of time to
   182  	// wait for a TLS handshake. Zero means no timeout.
   183  	TLSHandshakeTimeout time.Duration
   184  
   185  	// DisableKeepAlives, if true, disables HTTP keep-alives and
   186  	// will only use the connection to the server for a single
   187  	// HTTP request.
   188  	//
   189  	// This is unrelated to the similarly named TCP keep-alives.
   190  	DisableKeepAlives bool
   191  
   192  	// DisableCompression, if true, prevents the Transport from
   193  	// requesting compression with an "Accept-Encoding: gzip"
   194  	// request header when the Request contains no existing
   195  	// Accept-Encoding value. If the Transport requests gzip on
   196  	// its own and gets a gzipped response, it's transparently
   197  	// decoded in the Response.Body. However, if the user
   198  	// explicitly requested gzip it is not automatically
   199  	// uncompressed.
   200  	DisableCompression bool
   201  
   202  	// MaxIdleConns controls the maximum number of idle (keep-alive)
   203  	// connections across all hosts. Zero means no limit.
   204  	MaxIdleConns int
   205  
   206  	// MaxIdleConnsPerHost, if non-zero, controls the maximum idle
   207  	// (keep-alive) connections to keep per-host. If zero,
   208  	// DefaultMaxIdleConnsPerHost is used.
   209  	MaxIdleConnsPerHost int
   210  
   211  	// MaxConnsPerHost optionally limits the total number of
   212  	// connections per host, including connections in the dialing,
   213  	// active, and idle states. On limit violation, dials will block.
   214  	//
   215  	// Zero means no limit.
   216  	MaxConnsPerHost int
   217  
   218  	// IdleConnTimeout is the maximum amount of time an idle
   219  	// (keep-alive) connection will remain idle before closing
   220  	// itself.
   221  	// Zero means no limit.
   222  	IdleConnTimeout time.Duration
   223  
   224  	// ResponseHeaderTimeout, if non-zero, specifies the amount of
   225  	// time to wait for a server's response headers after fully
   226  	// writing the request (including its body, if any). This
   227  	// time does not include the time to read the response body.
   228  	ResponseHeaderTimeout time.Duration
   229  
   230  	// ExpectContinueTimeout, if non-zero, specifies the amount of
   231  	// time to wait for a server's first response headers after fully
   232  	// writing the request headers if the request has an
   233  	// "Expect: 100-continue" header. Zero means no timeout and
   234  	// causes the body to be sent immediately, without
   235  	// waiting for the server to approve.
   236  	// This time does not include the time to send the request header.
   237  	ExpectContinueTimeout time.Duration
   238  
   239  	// TLSNextProto specifies how the Transport switches to an
   240  	// alternate protocol (such as HTTP/2) after a TLS ALPN
   241  	// protocol negotiation. If Transport dials a TLS connection
   242  	// with a non-empty protocol name and TLSNextProto contains a
   243  	// map entry for that key (such as "h2"), then the func is
   244  	// called with the request's authority (such as "example.com"
   245  	// or "example.com:1234") and the TLS connection. The function
   246  	// must return a RoundTripper that then handles the request.
   247  	// If TLSNextProto is not nil, HTTP/2 support is not enabled
   248  	// automatically.
   249  	TLSNextProto map[string]func(authority string, c *tls.Conn) RoundTripper
   250  
   251  	// ProxyConnectHeader optionally specifies headers to send to
   252  	// proxies during CONNECT requests.
   253  	// To set the header dynamically, see GetProxyConnectHeader.
   254  	ProxyConnectHeader Header
   255  
   256  	// GetProxyConnectHeader optionally specifies a func to return
   257  	// headers to send to proxyURL during a CONNECT request to the
   258  	// ip:port target.
   259  	// If it returns an error, the Transport's RoundTrip fails with
   260  	// that error. It can return (nil, nil) to not add headers.
   261  	// If GetProxyConnectHeader is non-nil, ProxyConnectHeader is
   262  	// ignored.
   263  	GetProxyConnectHeader func(ctx context.Context, proxyURL *url.URL, target string) (Header, error)
   264  
   265  	// MaxResponseHeaderBytes specifies a limit on how many
   266  	// response bytes are allowed in the server's response
   267  	// header.
   268  	//
   269  	// Zero means to use a default limit.
   270  	MaxResponseHeaderBytes int64
   271  
   272  	// WriteBufferSize specifies the size of the write buffer used
   273  	// when writing to the transport.
   274  	// If zero, a default (currently 4KB) is used.
   275  	WriteBufferSize int
   276  
   277  	// ReadBufferSize specifies the size of the read buffer used
   278  	// when reading from the transport.
   279  	// If zero, a default (currently 4KB) is used.
   280  	ReadBufferSize int
   281  
   282  	// nextProtoOnce guards initialization of TLSNextProto and
   283  	// h2transport (via onceSetNextProtoDefaults)
   284  	nextProtoOnce      sync.Once
   285  	h2transport        h2Transport // non-nil if http2 wired up
   286  	tlsNextProtoWasNil bool        // whether TLSNextProto was nil when the Once fired
   287  
   288  	// ForceAttemptHTTP2 controls whether HTTP/2 is enabled when a non-zero
   289  	// Dial, DialTLS, or DialContext func or TLSClientConfig is provided.
   290  	// By default, use of any those fields conservatively disables HTTP/2.
   291  	// To use a custom dialer or TLS config and still attempt HTTP/2
   292  	// upgrades, set this to true.
   293  	ForceAttemptHTTP2 bool
   294  }
   295  
   296  // A cancelKey is the key of the reqCanceler map.
   297  // We wrap the *Request in this type since we want to use the original request,
   298  // not any transient one created by roundTrip.
   299  type cancelKey struct {
   300  	req *Request
   301  }
   302  
   303  func (t *Transport) writeBufferSize() int {
   304  	if t.WriteBufferSize > 0 {
   305  		return t.WriteBufferSize
   306  	}
   307  	return 4 << 10
   308  }
   309  
   310  func (t *Transport) readBufferSize() int {
   311  	if t.ReadBufferSize > 0 {
   312  		return t.ReadBufferSize
   313  	}
   314  	return 4 << 10
   315  }
   316  
   317  // Clone returns a deep copy of t's exported fields.
   318  func (t *Transport) Clone() *Transport {
   319  	t.nextProtoOnce.Do(t.onceSetNextProtoDefaults)
   320  	t2 := &Transport{
   321  		Proxy:                  t.Proxy,
   322  		OnProxyConnectResponse: t.OnProxyConnectResponse,
   323  		DialContext:            t.DialContext,
   324  		Dial:                   t.Dial,
   325  		DialTLS:                t.DialTLS,
   326  		DialTLSContext:         t.DialTLSContext,
   327  		TLSHandshakeTimeout:    t.TLSHandshakeTimeout,
   328  		DisableKeepAlives:      t.DisableKeepAlives,
   329  		DisableCompression:     t.DisableCompression,
   330  		MaxIdleConns:           t.MaxIdleConns,
   331  		MaxIdleConnsPerHost:    t.MaxIdleConnsPerHost,
   332  		MaxConnsPerHost:        t.MaxConnsPerHost,
   333  		IdleConnTimeout:        t.IdleConnTimeout,
   334  		ResponseHeaderTimeout:  t.ResponseHeaderTimeout,
   335  		ExpectContinueTimeout:  t.ExpectContinueTimeout,
   336  		ProxyConnectHeader:     t.ProxyConnectHeader.Clone(),
   337  		GetProxyConnectHeader:  t.GetProxyConnectHeader,
   338  		MaxResponseHeaderBytes: t.MaxResponseHeaderBytes,
   339  		ForceAttemptHTTP2:      t.ForceAttemptHTTP2,
   340  		WriteBufferSize:        t.WriteBufferSize,
   341  		ReadBufferSize:         t.ReadBufferSize,
   342  	}
   343  	if t.TLSClientConfig != nil {
   344  		t2.TLSClientConfig = t.TLSClientConfig.Clone()
   345  	}
   346  	if !t.tlsNextProtoWasNil {
   347  		npm := map[string]func(authority string, c *tls.Conn) RoundTripper{}
   348  		for k, v := range t.TLSNextProto {
   349  			npm[k] = v
   350  		}
   351  		t2.TLSNextProto = npm
   352  	}
   353  	return t2
   354  }
   355  
   356  // h2Transport is the interface we expect to be able to call from
   357  // net/http against an *http2.Transport that's either bundled into
   358  // h2_bundle.go or supplied by the user via x/net/http2.
   359  //
   360  // We name it with the "h2" prefix to stay out of the "http2" prefix
   361  // namespace used by x/tools/cmd/bundle for h2_bundle.go.
   362  type h2Transport interface {
   363  	CloseIdleConnections()
   364  }
   365  
   366  func (t *Transport) hasCustomTLSDialer() bool {
   367  	return t.DialTLS != nil || t.DialTLSContext != nil
   368  }
   369  
   370  var http2client = godebug.New("http2client")
   371  
   372  // onceSetNextProtoDefaults initializes TLSNextProto.
   373  // It must be called via t.nextProtoOnce.Do.
   374  func (t *Transport) onceSetNextProtoDefaults() {
   375  	t.tlsNextProtoWasNil = (t.TLSNextProto == nil)
   376  	if http2client.Value() == "0" {
   377  		http2client.IncNonDefault()
   378  		return
   379  	}
   380  
   381  	// If they've already configured http2 with
   382  	// golang.org/x/net/http2 instead of the bundled copy, try to
   383  	// get at its http2.Transport value (via the "https"
   384  	// altproto map) so we can call CloseIdleConnections on it if
   385  	// requested. (Issue 22891)
   386  	altProto, _ := t.altProto.Load().(map[string]RoundTripper)
   387  	if rv := reflect.ValueOf(altProto["https"]); rv.IsValid() && rv.Type().Kind() == reflect.Struct && rv.Type().NumField() == 1 {
   388  		if v := rv.Field(0); v.CanInterface() {
   389  			if h2i, ok := v.Interface().(h2Transport); ok {
   390  				t.h2transport = h2i
   391  				return
   392  			}
   393  		}
   394  	}
   395  
   396  	if t.TLSNextProto != nil {
   397  		// This is the documented way to disable http2 on a
   398  		// Transport.
   399  		return
   400  	}
   401  	if !t.ForceAttemptHTTP2 && (t.TLSClientConfig != nil || t.Dial != nil || t.DialContext != nil || t.hasCustomTLSDialer()) {
   402  		// Be conservative and don't automatically enable
   403  		// http2 if they've specified a custom TLS config or
   404  		// custom dialers. Let them opt-in themselves via
   405  		// http2.ConfigureTransport so we don't surprise them
   406  		// by modifying their tls.Config. Issue 14275.
   407  		// However, if ForceAttemptHTTP2 is true, it overrides the above checks.
   408  		return
   409  	}
   410  	if omitBundledHTTP2 {
   411  		return
   412  	}
   413  	t2, err := http2configureTransports(t)
   414  	if err != nil {
   415  		log.Printf("Error enabling Transport HTTP/2 support: %v", err)
   416  		return
   417  	}
   418  	t.h2transport = t2
   419  
   420  	// Auto-configure the http2.Transport's MaxHeaderListSize from
   421  	// the http.Transport's MaxResponseHeaderBytes. They don't
   422  	// exactly mean the same thing, but they're close.
   423  	//
   424  	// TODO: also add this to x/net/http2.Configure Transport, behind
   425  	// a +build go1.7 build tag:
   426  	if limit1 := t.MaxResponseHeaderBytes; limit1 != 0 && t2.MaxHeaderListSize == 0 {
   427  		const h2max = 1<<32 - 1
   428  		if limit1 >= h2max {
   429  			t2.MaxHeaderListSize = h2max
   430  		} else {
   431  			t2.MaxHeaderListSize = uint32(limit1)
   432  		}
   433  	}
   434  }
   435  
   436  // ProxyFromEnvironment returns the URL of the proxy to use for a
   437  // given request, as indicated by the environment variables
   438  // HTTP_PROXY, HTTPS_PROXY and NO_PROXY (or the lowercase versions
   439  // thereof). Requests use the proxy from the environment variable
   440  // matching their scheme, unless excluded by NO_PROXY.
   441  //
   442  // The environment values may be either a complete URL or a
   443  // "host[:port]", in which case the "http" scheme is assumed.
   444  // An error is returned if the value is a different form.
   445  //
   446  // A nil URL and nil error are returned if no proxy is defined in the
   447  // environment, or a proxy should not be used for the given request,
   448  // as defined by NO_PROXY.
   449  //
   450  // As a special case, if req.URL.Host is "localhost" (with or without
   451  // a port number), then a nil URL and nil error will be returned.
   452  func ProxyFromEnvironment(req *Request) (*url.URL, error) {
   453  	return envProxyFunc()(req.URL)
   454  }
   455  
   456  // ProxyURL returns a proxy function (for use in a [Transport])
   457  // that always returns the same URL.
   458  func ProxyURL(fixedURL *url.URL) func(*Request) (*url.URL, error) {
   459  	return func(*Request) (*url.URL, error) {
   460  		return fixedURL, nil
   461  	}
   462  }
   463  
   464  // transportRequest is a wrapper around a *Request that adds
   465  // optional extra headers to write and stores any error to return
   466  // from roundTrip.
   467  type transportRequest struct {
   468  	*Request                         // original request, not to be mutated
   469  	extra     Header                 // extra headers to write, or nil
   470  	trace     *httptrace.ClientTrace // optional
   471  	cancelKey cancelKey
   472  
   473  	mu  sync.Mutex // guards err
   474  	err error      // first setError value for mapRoundTripError to consider
   475  }
   476  
   477  func (tr *transportRequest) extraHeaders() Header {
   478  	if tr.extra == nil {
   479  		tr.extra = make(Header)
   480  	}
   481  	return tr.extra
   482  }
   483  
   484  func (tr *transportRequest) setError(err error) {
   485  	tr.mu.Lock()
   486  	if tr.err == nil {
   487  		tr.err = err
   488  	}
   489  	tr.mu.Unlock()
   490  }
   491  
   492  // useRegisteredProtocol reports whether an alternate protocol (as registered
   493  // with Transport.RegisterProtocol) should be respected for this request.
   494  func (t *Transport) useRegisteredProtocol(req *Request) bool {
   495  	if req.URL.Scheme == "https" && req.requiresHTTP1() {
   496  		// If this request requires HTTP/1, don't use the
   497  		// "https" alternate protocol, which is used by the
   498  		// HTTP/2 code to take over requests if there's an
   499  		// existing cached HTTP/2 connection.
   500  		return false
   501  	}
   502  	return true
   503  }
   504  
   505  // alternateRoundTripper returns the alternate RoundTripper to use
   506  // for this request if the Request's URL scheme requires one,
   507  // or nil for the normal case of using the Transport.
   508  func (t *Transport) alternateRoundTripper(req *Request) RoundTripper {
   509  	if !t.useRegisteredProtocol(req) {
   510  		return nil
   511  	}
   512  	altProto, _ := t.altProto.Load().(map[string]RoundTripper)
   513  	return altProto[req.URL.Scheme]
   514  }
   515  
   516  func validateHeaders(hdrs Header) string {
   517  	for k, vv := range hdrs {
   518  		if !httpguts.ValidHeaderFieldName(k) {
   519  			return fmt.Sprintf("field name %q", k)
   520  		}
   521  		for _, v := range vv {
   522  			if !httpguts.ValidHeaderFieldValue(v) {
   523  				// Don't include the value in the error,
   524  				// because it may be sensitive.
   525  				return fmt.Sprintf("field value for %q", k)
   526  			}
   527  		}
   528  	}
   529  	return ""
   530  }
   531  
   532  // roundTrip implements a RoundTripper over HTTP.
   533  func (t *Transport) roundTrip(req *Request) (*Response, error) {
   534  	t.nextProtoOnce.Do(t.onceSetNextProtoDefaults)
   535  	ctx := req.Context()
   536  	trace := httptrace.ContextClientTrace(ctx)
   537  
   538  	if req.URL == nil {
   539  		req.closeBody()
   540  		return nil, errors.New("http: nil Request.URL")
   541  	}
   542  	if req.Header == nil {
   543  		req.closeBody()
   544  		return nil, errors.New("http: nil Request.Header")
   545  	}
   546  	scheme := req.URL.Scheme
   547  	isHTTP := scheme == "http" || scheme == "https"
   548  	if isHTTP {
   549  		// Validate the outgoing headers.
   550  		if err := validateHeaders(req.Header); err != "" {
   551  			req.closeBody()
   552  			return nil, fmt.Errorf("net/http: invalid header %s", err)
   553  		}
   554  
   555  		// Validate the outgoing trailers too.
   556  		if err := validateHeaders(req.Trailer); err != "" {
   557  			req.closeBody()
   558  			return nil, fmt.Errorf("net/http: invalid trailer %s", err)
   559  		}
   560  	}
   561  
   562  	origReq := req
   563  	cancelKey := cancelKey{origReq}
   564  	req = setupRewindBody(req)
   565  
   566  	if altRT := t.alternateRoundTripper(req); altRT != nil {
   567  		if resp, err := altRT.RoundTrip(req); err != ErrSkipAltProtocol {
   568  			return resp, err
   569  		}
   570  		var err error
   571  		req, err = rewindBody(req)
   572  		if err != nil {
   573  			return nil, err
   574  		}
   575  	}
   576  	if !isHTTP {
   577  		req.closeBody()
   578  		return nil, badStringError("unsupported protocol scheme", scheme)
   579  	}
   580  	if req.Method != "" && !validMethod(req.Method) {
   581  		req.closeBody()
   582  		return nil, fmt.Errorf("net/http: invalid method %q", req.Method)
   583  	}
   584  	if req.URL.Host == "" {
   585  		req.closeBody()
   586  		return nil, errors.New("http: no Host in request URL")
   587  	}
   588  
   589  	for {
   590  		select {
   591  		case <-ctx.Done():
   592  			req.closeBody()
   593  			return nil, ctx.Err()
   594  		default:
   595  		}
   596  
   597  		// treq gets modified by roundTrip, so we need to recreate for each retry.
   598  		treq := &transportRequest{Request: req, trace: trace, cancelKey: cancelKey}
   599  		cm, err := t.connectMethodForRequest(treq)
   600  		if err != nil {
   601  			req.closeBody()
   602  			return nil, err
   603  		}
   604  
   605  		// Get the cached or newly-created connection to either the
   606  		// host (for http or https), the http proxy, or the http proxy
   607  		// pre-CONNECTed to https server. In any case, we'll be ready
   608  		// to send it requests.
   609  		pconn, err := t.getConn(treq, cm)
   610  		if err != nil {
   611  			t.setReqCanceler(cancelKey, nil)
   612  			req.closeBody()
   613  			return nil, err
   614  		}
   615  
   616  		var resp *Response
   617  		if pconn.alt != nil {
   618  			// HTTP/2 path.
   619  			t.setReqCanceler(cancelKey, nil) // not cancelable with CancelRequest
   620  			resp, err = pconn.alt.RoundTrip(req)
   621  		} else {
   622  			resp, err = pconn.roundTrip(treq)
   623  		}
   624  		if err == nil {
   625  			resp.Request = origReq
   626  			return resp, nil
   627  		}
   628  
   629  		// Failed. Clean up and determine whether to retry.
   630  		if http2isNoCachedConnError(err) {
   631  			if t.removeIdleConn(pconn) {
   632  				t.decConnsPerHost(pconn.cacheKey)
   633  			}
   634  		} else if !pconn.shouldRetryRequest(req, err) {
   635  			// Issue 16465: return underlying net.Conn.Read error from peek,
   636  			// as we've historically done.
   637  			if e, ok := err.(nothingWrittenError); ok {
   638  				err = e.error
   639  			}
   640  			if e, ok := err.(transportReadFromServerError); ok {
   641  				err = e.err
   642  			}
   643  			if b, ok := req.Body.(*readTrackingBody); ok && !b.didClose {
   644  				// Issue 49621: Close the request body if pconn.roundTrip
   645  				// didn't do so already. This can happen if the pconn
   646  				// write loop exits without reading the write request.
   647  				req.closeBody()
   648  			}
   649  			return nil, err
   650  		}
   651  		testHookRoundTripRetried()
   652  
   653  		// Rewind the body if we're able to.
   654  		req, err = rewindBody(req)
   655  		if err != nil {
   656  			return nil, err
   657  		}
   658  	}
   659  }
   660  
   661  var errCannotRewind = errors.New("net/http: cannot rewind body after connection loss")
   662  
   663  type readTrackingBody struct {
   664  	io.ReadCloser
   665  	didRead  bool
   666  	didClose bool
   667  }
   668  
   669  func (r *readTrackingBody) Read(data []byte) (int, error) {
   670  	r.didRead = true
   671  	return r.ReadCloser.Read(data)
   672  }
   673  
   674  func (r *readTrackingBody) Close() error {
   675  	r.didClose = true
   676  	return r.ReadCloser.Close()
   677  }
   678  
   679  // setupRewindBody returns a new request with a custom body wrapper
   680  // that can report whether the body needs rewinding.
   681  // This lets rewindBody avoid an error result when the request
   682  // does not have GetBody but the body hasn't been read at all yet.
   683  func setupRewindBody(req *Request) *Request {
   684  	if req.Body == nil || req.Body == NoBody {
   685  		return req
   686  	}
   687  	newReq := *req
   688  	newReq.Body = &readTrackingBody{ReadCloser: req.Body}
   689  	return &newReq
   690  }
   691  
   692  // rewindBody returns a new request with the body rewound.
   693  // It returns req unmodified if the body does not need rewinding.
   694  // rewindBody takes care of closing req.Body when appropriate
   695  // (in all cases except when rewindBody returns req unmodified).
   696  func rewindBody(req *Request) (rewound *Request, err error) {
   697  	if req.Body == nil || req.Body == NoBody || (!req.Body.(*readTrackingBody).didRead && !req.Body.(*readTrackingBody).didClose) {
   698  		return req, nil // nothing to rewind
   699  	}
   700  	if !req.Body.(*readTrackingBody).didClose {
   701  		req.closeBody()
   702  	}
   703  	if req.GetBody == nil {
   704  		return nil, errCannotRewind
   705  	}
   706  	body, err := req.GetBody()
   707  	if err != nil {
   708  		return nil, err
   709  	}
   710  	newReq := *req
   711  	newReq.Body = &readTrackingBody{ReadCloser: body}
   712  	return &newReq, nil
   713  }
   714  
   715  // shouldRetryRequest reports whether we should retry sending a failed
   716  // HTTP request on a new connection. The non-nil input error is the
   717  // error from roundTrip.
   718  func (pc *persistConn) shouldRetryRequest(req *Request, err error) bool {
   719  	if http2isNoCachedConnError(err) {
   720  		// Issue 16582: if the user started a bunch of
   721  		// requests at once, they can all pick the same conn
   722  		// and violate the server's max concurrent streams.
   723  		// Instead, match the HTTP/1 behavior for now and dial
   724  		// again to get a new TCP connection, rather than failing
   725  		// this request.
   726  		return true
   727  	}
   728  	if err == errMissingHost {
   729  		// User error.
   730  		return false
   731  	}
   732  	if !pc.isReused() {
   733  		// This was a fresh connection. There's no reason the server
   734  		// should've hung up on us.
   735  		//
   736  		// Also, if we retried now, we could loop forever
   737  		// creating new connections and retrying if the server
   738  		// is just hanging up on us because it doesn't like
   739  		// our request (as opposed to sending an error).
   740  		return false
   741  	}
   742  	if _, ok := err.(nothingWrittenError); ok {
   743  		// We never wrote anything, so it's safe to retry, if there's no body or we
   744  		// can "rewind" the body with GetBody.
   745  		return req.outgoingLength() == 0 || req.GetBody != nil
   746  	}
   747  	if !req.isReplayable() {
   748  		// Don't retry non-idempotent requests.
   749  		return false
   750  	}
   751  	if _, ok := err.(transportReadFromServerError); ok {
   752  		// We got some non-EOF net.Conn.Read failure reading
   753  		// the 1st response byte from the server.
   754  		return true
   755  	}
   756  	if err == errServerClosedIdle {
   757  		// The server replied with io.EOF while we were trying to
   758  		// read the response. Probably an unfortunately keep-alive
   759  		// timeout, just as the client was writing a request.
   760  		return true
   761  	}
   762  	return false // conservatively
   763  }
   764  
   765  // ErrSkipAltProtocol is a sentinel error value defined by Transport.RegisterProtocol.
   766  var ErrSkipAltProtocol = errors.New("net/http: skip alternate protocol")
   767  
   768  // RegisterProtocol registers a new protocol with scheme.
   769  // The [Transport] will pass requests using the given scheme to rt.
   770  // It is rt's responsibility to simulate HTTP request semantics.
   771  //
   772  // RegisterProtocol can be used by other packages to provide
   773  // implementations of protocol schemes like "ftp" or "file".
   774  //
   775  // If rt.RoundTrip returns [ErrSkipAltProtocol], the Transport will
   776  // handle the [Transport.RoundTrip] itself for that one request, as if the
   777  // protocol were not registered.
   778  func (t *Transport) RegisterProtocol(scheme string, rt RoundTripper) {
   779  	t.altMu.Lock()
   780  	defer t.altMu.Unlock()
   781  	oldMap, _ := t.altProto.Load().(map[string]RoundTripper)
   782  	if _, exists := oldMap[scheme]; exists {
   783  		panic("protocol " + scheme + " already registered")
   784  	}
   785  	newMap := make(map[string]RoundTripper)
   786  	for k, v := range oldMap {
   787  		newMap[k] = v
   788  	}
   789  	newMap[scheme] = rt
   790  	t.altProto.Store(newMap)
   791  }
   792  
   793  // CloseIdleConnections closes any connections which were previously
   794  // connected from previous requests but are now sitting idle in
   795  // a "keep-alive" state. It does not interrupt any connections currently
   796  // in use.
   797  func (t *Transport) CloseIdleConnections() {
   798  	t.nextProtoOnce.Do(t.onceSetNextProtoDefaults)
   799  	t.idleMu.Lock()
   800  	m := t.idleConn
   801  	t.idleConn = nil
   802  	t.closeIdle = true // close newly idle connections
   803  	t.idleLRU = connLRU{}
   804  	t.idleMu.Unlock()
   805  	for _, conns := range m {
   806  		for _, pconn := range conns {
   807  			pconn.close(errCloseIdleConns)
   808  		}
   809  	}
   810  	if t2 := t.h2transport; t2 != nil {
   811  		t2.CloseIdleConnections()
   812  	}
   813  }
   814  
   815  // CancelRequest cancels an in-flight request by closing its connection.
   816  // CancelRequest should only be called after [Transport.RoundTrip] has returned.
   817  //
   818  // Deprecated: Use [Request.WithContext] to create a request with a
   819  // cancelable context instead. CancelRequest cannot cancel HTTP/2
   820  // requests.
   821  func (t *Transport) CancelRequest(req *Request) {
   822  	t.cancelRequest(cancelKey{req}, errRequestCanceled)
   823  }
   824  
   825  // Cancel an in-flight request, recording the error value.
   826  // Returns whether the request was canceled.
   827  func (t *Transport) cancelRequest(key cancelKey, err error) bool {
   828  	// This function must not return until the cancel func has completed.
   829  	// See: https://golang.org/issue/34658
   830  	t.reqMu.Lock()
   831  	defer t.reqMu.Unlock()
   832  	cancel := t.reqCanceler[key]
   833  	delete(t.reqCanceler, key)
   834  	if cancel != nil {
   835  		cancel(err)
   836  	}
   837  
   838  	return cancel != nil
   839  }
   840  
   841  //
   842  // Private implementation past this point.
   843  //
   844  
   845  var (
   846  	envProxyOnce      sync.Once
   847  	envProxyFuncValue func(*url.URL) (*url.URL, error)
   848  )
   849  
   850  // envProxyFunc returns a function that reads the
   851  // environment variable to determine the proxy address.
   852  func envProxyFunc() func(*url.URL) (*url.URL, error) {
   853  	envProxyOnce.Do(func() {
   854  		envProxyFuncValue = httpproxy.FromEnvironment().ProxyFunc()
   855  	})
   856  	return envProxyFuncValue
   857  }
   858  
   859  // resetProxyConfig is used by tests.
   860  func resetProxyConfig() {
   861  	envProxyOnce = sync.Once{}
   862  	envProxyFuncValue = nil
   863  }
   864  
   865  func (t *Transport) connectMethodForRequest(treq *transportRequest) (cm connectMethod, err error) {
   866  	cm.targetScheme = treq.URL.Scheme
   867  	cm.targetAddr = canonicalAddr(treq.URL)
   868  	if t.Proxy != nil {
   869  		cm.proxyURL, err = t.Proxy(treq.Request)
   870  	}
   871  	cm.onlyH1 = treq.requiresHTTP1()
   872  	return cm, err
   873  }
   874  
   875  // proxyAuth returns the Proxy-Authorization header to set
   876  // on requests, if applicable.
   877  func (cm *connectMethod) proxyAuth() string {
   878  	if cm.proxyURL == nil {
   879  		return ""
   880  	}
   881  	if u := cm.proxyURL.User; u != nil {
   882  		username := u.Username()
   883  		password, _ := u.Password()
   884  		return "Basic " + basicAuth(username, password)
   885  	}
   886  	return ""
   887  }
   888  
   889  // error values for debugging and testing, not seen by users.
   890  var (
   891  	errKeepAlivesDisabled = errors.New("http: putIdleConn: keep alives disabled")
   892  	errConnBroken         = errors.New("http: putIdleConn: connection is in bad state")
   893  	errCloseIdle          = errors.New("http: putIdleConn: CloseIdleConnections was called")
   894  	errTooManyIdle        = errors.New("http: putIdleConn: too many idle connections")
   895  	errTooManyIdleHost    = errors.New("http: putIdleConn: too many idle connections for host")
   896  	errCloseIdleConns     = errors.New("http: CloseIdleConnections called")
   897  	errReadLoopExiting    = errors.New("http: persistConn.readLoop exiting")
   898  	errIdleConnTimeout    = errors.New("http: idle connection timeout")
   899  
   900  	// errServerClosedIdle is not seen by users for idempotent requests, but may be
   901  	// seen by a user if the server shuts down an idle connection and sends its FIN
   902  	// in flight with already-written POST body bytes from the client.
   903  	// See https://github.com/golang/go/issues/19943#issuecomment-355607646
   904  	errServerClosedIdle = errors.New("http: server closed idle connection")
   905  )
   906  
   907  // transportReadFromServerError is used by Transport.readLoop when the
   908  // 1 byte peek read fails and we're actually anticipating a response.
   909  // Usually this is just due to the inherent keep-alive shut down race,
   910  // where the server closed the connection at the same time the client
   911  // wrote. The underlying err field is usually io.EOF or some
   912  // ECONNRESET sort of thing which varies by platform. But it might be
   913  // the user's custom net.Conn.Read error too, so we carry it along for
   914  // them to return from Transport.RoundTrip.
   915  type transportReadFromServerError struct {
   916  	err error
   917  }
   918  
   919  func (e transportReadFromServerError) Unwrap() error { return e.err }
   920  
   921  func (e transportReadFromServerError) Error() string {
   922  	return fmt.Sprintf("net/http: Transport failed to read from server: %v", e.err)
   923  }
   924  
   925  func (t *Transport) putOrCloseIdleConn(pconn *persistConn) {
   926  	if err := t.tryPutIdleConn(pconn); err != nil {
   927  		pconn.close(err)
   928  	}
   929  }
   930  
   931  func (t *Transport) maxIdleConnsPerHost() int {
   932  	if v := t.MaxIdleConnsPerHost; v != 0 {
   933  		return v
   934  	}
   935  	return DefaultMaxIdleConnsPerHost
   936  }
   937  
   938  // tryPutIdleConn adds pconn to the list of idle persistent connections awaiting
   939  // a new request.
   940  // If pconn is no longer needed or not in a good state, tryPutIdleConn returns
   941  // an error explaining why it wasn't registered.
   942  // tryPutIdleConn does not close pconn. Use putOrCloseIdleConn instead for that.
   943  func (t *Transport) tryPutIdleConn(pconn *persistConn) error {
   944  	if t.DisableKeepAlives || t.MaxIdleConnsPerHost < 0 {
   945  		return errKeepAlivesDisabled
   946  	}
   947  	if pconn.isBroken() {
   948  		return errConnBroken
   949  	}
   950  	pconn.markReused()
   951  
   952  	t.idleMu.Lock()
   953  	defer t.idleMu.Unlock()
   954  
   955  	// HTTP/2 (pconn.alt != nil) connections do not come out of the idle list,
   956  	// because multiple goroutines can use them simultaneously.
   957  	// If this is an HTTP/2 connection being “returned,” we're done.
   958  	if pconn.alt != nil && t.idleLRU.m[pconn] != nil {
   959  		return nil
   960  	}
   961  
   962  	// Deliver pconn to goroutine waiting for idle connection, if any.
   963  	// (They may be actively dialing, but this conn is ready first.
   964  	// Chrome calls this socket late binding.
   965  	// See https://www.chromium.org/developers/design-documents/network-stack#TOC-Connection-Management.)
   966  	key := pconn.cacheKey
   967  	if q, ok := t.idleConnWait[key]; ok {
   968  		done := false
   969  		if pconn.alt == nil {
   970  			// HTTP/1.
   971  			// Loop over the waiting list until we find a w that isn't done already, and hand it pconn.
   972  			for q.len() > 0 {
   973  				w := q.popFront()
   974  				if w.tryDeliver(pconn, nil, time.Time{}) {
   975  					done = true
   976  					break
   977  				}
   978  			}
   979  		} else {
   980  			// HTTP/2.
   981  			// Can hand the same pconn to everyone in the waiting list,
   982  			// and we still won't be done: we want to put it in the idle
   983  			// list unconditionally, for any future clients too.
   984  			for q.len() > 0 {
   985  				w := q.popFront()
   986  				w.tryDeliver(pconn, nil, time.Time{})
   987  			}
   988  		}
   989  		if q.len() == 0 {
   990  			delete(t.idleConnWait, key)
   991  		} else {
   992  			t.idleConnWait[key] = q
   993  		}
   994  		if done {
   995  			return nil
   996  		}
   997  	}
   998  
   999  	if t.closeIdle {
  1000  		return errCloseIdle
  1001  	}
  1002  	if t.idleConn == nil {
  1003  		t.idleConn = make(map[connectMethodKey][]*persistConn)
  1004  	}
  1005  	idles := t.idleConn[key]
  1006  	if len(idles) >= t.maxIdleConnsPerHost() {
  1007  		return errTooManyIdleHost
  1008  	}
  1009  	for _, exist := range idles {
  1010  		if exist == pconn {
  1011  			log.Fatalf("dup idle pconn %p in freelist", pconn)
  1012  		}
  1013  	}
  1014  	t.idleConn[key] = append(idles, pconn)
  1015  	t.idleLRU.add(pconn)
  1016  	if t.MaxIdleConns != 0 && t.idleLRU.len() > t.MaxIdleConns {
  1017  		oldest := t.idleLRU.removeOldest()
  1018  		oldest.close(errTooManyIdle)
  1019  		t.removeIdleConnLocked(oldest)
  1020  	}
  1021  
  1022  	// Set idle timer, but only for HTTP/1 (pconn.alt == nil).
  1023  	// The HTTP/2 implementation manages the idle timer itself
  1024  	// (see idleConnTimeout in h2_bundle.go).
  1025  	if t.IdleConnTimeout > 0 && pconn.alt == nil {
  1026  		if pconn.idleTimer != nil {
  1027  			pconn.idleTimer.Reset(t.IdleConnTimeout)
  1028  		} else {
  1029  			pconn.idleTimer = time.AfterFunc(t.IdleConnTimeout, pconn.closeConnIfStillIdle)
  1030  		}
  1031  	}
  1032  	pconn.idleAt = time.Now()
  1033  	return nil
  1034  }
  1035  
  1036  // queueForIdleConn queues w to receive the next idle connection for w.cm.
  1037  // As an optimization hint to the caller, queueForIdleConn reports whether
  1038  // it successfully delivered an already-idle connection.
  1039  func (t *Transport) queueForIdleConn(w *wantConn) (delivered bool) {
  1040  	if t.DisableKeepAlives {
  1041  		return false
  1042  	}
  1043  
  1044  	t.idleMu.Lock()
  1045  	defer t.idleMu.Unlock()
  1046  
  1047  	// Stop closing connections that become idle - we might want one.
  1048  	// (That is, undo the effect of t.CloseIdleConnections.)
  1049  	t.closeIdle = false
  1050  
  1051  	if w == nil {
  1052  		// Happens in test hook.
  1053  		return false
  1054  	}
  1055  
  1056  	// If IdleConnTimeout is set, calculate the oldest
  1057  	// persistConn.idleAt time we're willing to use a cached idle
  1058  	// conn.
  1059  	var oldTime time.Time
  1060  	if t.IdleConnTimeout > 0 {
  1061  		oldTime = time.Now().Add(-t.IdleConnTimeout)
  1062  	}
  1063  
  1064  	// Look for most recently-used idle connection.
  1065  	if list, ok := t.idleConn[w.key]; ok {
  1066  		stop := false
  1067  		delivered := false
  1068  		for len(list) > 0 && !stop {
  1069  			pconn := list[len(list)-1]
  1070  
  1071  			// See whether this connection has been idle too long, considering
  1072  			// only the wall time (the Round(0)), in case this is a laptop or VM
  1073  			// coming out of suspend with previously cached idle connections.
  1074  			tooOld := !oldTime.IsZero() && pconn.idleAt.Round(0).Before(oldTime)
  1075  			if tooOld {
  1076  				// Async cleanup. Launch in its own goroutine (as if a
  1077  				// time.AfterFunc called it); it acquires idleMu, which we're
  1078  				// holding, and does a synchronous net.Conn.Close.
  1079  				go pconn.closeConnIfStillIdle()
  1080  			}
  1081  			if pconn.isBroken() || tooOld {
  1082  				// If either persistConn.readLoop has marked the connection
  1083  				// broken, but Transport.removeIdleConn has not yet removed it
  1084  				// from the idle list, or if this persistConn is too old (it was
  1085  				// idle too long), then ignore it and look for another. In both
  1086  				// cases it's already in the process of being closed.
  1087  				list = list[:len(list)-1]
  1088  				continue
  1089  			}
  1090  			delivered = w.tryDeliver(pconn, nil, pconn.idleAt)
  1091  			if delivered {
  1092  				if pconn.alt != nil {
  1093  					// HTTP/2: multiple clients can share pconn.
  1094  					// Leave it in the list.
  1095  				} else {
  1096  					// HTTP/1: only one client can use pconn.
  1097  					// Remove it from the list.
  1098  					t.idleLRU.remove(pconn)
  1099  					list = list[:len(list)-1]
  1100  				}
  1101  			}
  1102  			stop = true
  1103  		}
  1104  		if len(list) > 0 {
  1105  			t.idleConn[w.key] = list
  1106  		} else {
  1107  			delete(t.idleConn, w.key)
  1108  		}
  1109  		if stop {
  1110  			return delivered
  1111  		}
  1112  	}
  1113  
  1114  	// Register to receive next connection that becomes idle.
  1115  	if t.idleConnWait == nil {
  1116  		t.idleConnWait = make(map[connectMethodKey]wantConnQueue)
  1117  	}
  1118  	q := t.idleConnWait[w.key]
  1119  	q.cleanFront()
  1120  	q.pushBack(w)
  1121  	t.idleConnWait[w.key] = q
  1122  	return false
  1123  }
  1124  
  1125  // removeIdleConn marks pconn as dead.
  1126  func (t *Transport) removeIdleConn(pconn *persistConn) bool {
  1127  	t.idleMu.Lock()
  1128  	defer t.idleMu.Unlock()
  1129  	return t.removeIdleConnLocked(pconn)
  1130  }
  1131  
  1132  // t.idleMu must be held.
  1133  func (t *Transport) removeIdleConnLocked(pconn *persistConn) bool {
  1134  	if pconn.idleTimer != nil {
  1135  		pconn.idleTimer.Stop()
  1136  	}
  1137  	t.idleLRU.remove(pconn)
  1138  	key := pconn.cacheKey
  1139  	pconns := t.idleConn[key]
  1140  	var removed bool
  1141  	switch len(pconns) {
  1142  	case 0:
  1143  		// Nothing
  1144  	case 1:
  1145  		if pconns[0] == pconn {
  1146  			delete(t.idleConn, key)
  1147  			removed = true
  1148  		}
  1149  	default:
  1150  		for i, v := range pconns {
  1151  			if v != pconn {
  1152  				continue
  1153  			}
  1154  			// Slide down, keeping most recently-used
  1155  			// conns at the end.
  1156  			copy(pconns[i:], pconns[i+1:])
  1157  			t.idleConn[key] = pconns[:len(pconns)-1]
  1158  			removed = true
  1159  			break
  1160  		}
  1161  	}
  1162  	return removed
  1163  }
  1164  
  1165  func (t *Transport) setReqCanceler(key cancelKey, fn func(error)) {
  1166  	t.reqMu.Lock()
  1167  	defer t.reqMu.Unlock()
  1168  	if t.reqCanceler == nil {
  1169  		t.reqCanceler = make(map[cancelKey]func(error))
  1170  	}
  1171  	if fn != nil {
  1172  		t.reqCanceler[key] = fn
  1173  	} else {
  1174  		delete(t.reqCanceler, key)
  1175  	}
  1176  }
  1177  
  1178  // replaceReqCanceler replaces an existing cancel function. If there is no cancel function
  1179  // for the request, we don't set the function and return false.
  1180  // Since CancelRequest will clear the canceler, we can use the return value to detect if
  1181  // the request was canceled since the last setReqCancel call.
  1182  func (t *Transport) replaceReqCanceler(key cancelKey, fn func(error)) bool {
  1183  	t.reqMu.Lock()
  1184  	defer t.reqMu.Unlock()
  1185  	_, ok := t.reqCanceler[key]
  1186  	if !ok {
  1187  		return false
  1188  	}
  1189  	if fn != nil {
  1190  		t.reqCanceler[key] = fn
  1191  	} else {
  1192  		delete(t.reqCanceler, key)
  1193  	}
  1194  	return true
  1195  }
  1196  
  1197  var zeroDialer net.Dialer
  1198  
  1199  func (t *Transport) dial(ctx context.Context, network, addr string) (net.Conn, error) {
  1200  	if t.DialContext != nil {
  1201  		c, err := t.DialContext(ctx, network, addr)
  1202  		if c == nil && err == nil {
  1203  			err = errors.New("net/http: Transport.DialContext hook returned (nil, nil)")
  1204  		}
  1205  		return c, err
  1206  	}
  1207  	if t.Dial != nil {
  1208  		c, err := t.Dial(network, addr)
  1209  		if c == nil && err == nil {
  1210  			err = errors.New("net/http: Transport.Dial hook returned (nil, nil)")
  1211  		}
  1212  		return c, err
  1213  	}
  1214  	return zeroDialer.DialContext(ctx, network, addr)
  1215  }
  1216  
  1217  // A wantConn records state about a wanted connection
  1218  // (that is, an active call to getConn).
  1219  // The conn may be gotten by dialing or by finding an idle connection,
  1220  // or a cancellation may make the conn no longer wanted.
  1221  // These three options are racing against each other and use
  1222  // wantConn to coordinate and agree about the winning outcome.
  1223  type wantConn struct {
  1224  	cm  connectMethod
  1225  	key connectMethodKey // cm.key()
  1226  
  1227  	// hooks for testing to know when dials are done
  1228  	// beforeDial is called in the getConn goroutine when the dial is queued.
  1229  	// afterDial is called when the dial is completed or canceled.
  1230  	beforeDial func()
  1231  	afterDial  func()
  1232  
  1233  	mu     sync.Mutex       // protects ctx, done and sending of the result
  1234  	ctx    context.Context  // context for dial, cleared after delivered or canceled
  1235  	done   bool             // true after delivered or canceled
  1236  	result chan connOrError // channel to deliver connection or error
  1237  }
  1238  
  1239  type connOrError struct {
  1240  	pc     *persistConn
  1241  	err    error
  1242  	idleAt time.Time
  1243  }
  1244  
  1245  // waiting reports whether w is still waiting for an answer (connection or error).
  1246  func (w *wantConn) waiting() bool {
  1247  	w.mu.Lock()
  1248  	defer w.mu.Unlock()
  1249  
  1250  	return !w.done
  1251  }
  1252  
  1253  // getCtxForDial returns context for dial or nil if connection was delivered or canceled.
  1254  func (w *wantConn) getCtxForDial() context.Context {
  1255  	w.mu.Lock()
  1256  	defer w.mu.Unlock()
  1257  
  1258  	return w.ctx
  1259  }
  1260  
  1261  // tryDeliver attempts to deliver pc, err to w and reports whether it succeeded.
  1262  func (w *wantConn) tryDeliver(pc *persistConn, err error, idleAt time.Time) bool {
  1263  	w.mu.Lock()
  1264  	defer w.mu.Unlock()
  1265  
  1266  	if w.done {
  1267  		return false
  1268  	}
  1269  	if (pc == nil) == (err == nil) {
  1270  		panic("net/http: internal error: misuse of tryDeliver")
  1271  	}
  1272  	w.ctx = nil
  1273  	w.done = true
  1274  
  1275  	w.result <- connOrError{pc: pc, err: err, idleAt: idleAt}
  1276  	close(w.result)
  1277  
  1278  	return true
  1279  }
  1280  
  1281  // cancel marks w as no longer wanting a result (for example, due to cancellation).
  1282  // If a connection has been delivered already, cancel returns it with t.putOrCloseIdleConn.
  1283  func (w *wantConn) cancel(t *Transport, err error) {
  1284  	w.mu.Lock()
  1285  	var pc *persistConn
  1286  	if w.done {
  1287  		if r, ok := <-w.result; ok {
  1288  			pc = r.pc
  1289  		}
  1290  	} else {
  1291  		close(w.result)
  1292  	}
  1293  	w.ctx = nil
  1294  	w.done = true
  1295  	w.mu.Unlock()
  1296  
  1297  	if pc != nil {
  1298  		t.putOrCloseIdleConn(pc)
  1299  	}
  1300  }
  1301  
  1302  // A wantConnQueue is a queue of wantConns.
  1303  type wantConnQueue struct {
  1304  	// This is a queue, not a deque.
  1305  	// It is split into two stages - head[headPos:] and tail.
  1306  	// popFront is trivial (headPos++) on the first stage, and
  1307  	// pushBack is trivial (append) on the second stage.
  1308  	// If the first stage is empty, popFront can swap the
  1309  	// first and second stages to remedy the situation.
  1310  	//
  1311  	// This two-stage split is analogous to the use of two lists
  1312  	// in Okasaki's purely functional queue but without the
  1313  	// overhead of reversing the list when swapping stages.
  1314  	head    []*wantConn
  1315  	headPos int
  1316  	tail    []*wantConn
  1317  }
  1318  
  1319  // len returns the number of items in the queue.
  1320  func (q *wantConnQueue) len() int {
  1321  	return len(q.head) - q.headPos + len(q.tail)
  1322  }
  1323  
  1324  // pushBack adds w to the back of the queue.
  1325  func (q *wantConnQueue) pushBack(w *wantConn) {
  1326  	q.tail = append(q.tail, w)
  1327  }
  1328  
  1329  // popFront removes and returns the wantConn at the front of the queue.
  1330  func (q *wantConnQueue) popFront() *wantConn {
  1331  	if q.headPos >= len(q.head) {
  1332  		if len(q.tail) == 0 {
  1333  			return nil
  1334  		}
  1335  		// Pick up tail as new head, clear tail.
  1336  		q.head, q.headPos, q.tail = q.tail, 0, q.head[:0]
  1337  	}
  1338  	w := q.head[q.headPos]
  1339  	q.head[q.headPos] = nil
  1340  	q.headPos++
  1341  	return w
  1342  }
  1343  
  1344  // peekFront returns the wantConn at the front of the queue without removing it.
  1345  func (q *wantConnQueue) peekFront() *wantConn {
  1346  	if q.headPos < len(q.head) {
  1347  		return q.head[q.headPos]
  1348  	}
  1349  	if len(q.tail) > 0 {
  1350  		return q.tail[0]
  1351  	}
  1352  	return nil
  1353  }
  1354  
  1355  // cleanFront pops any wantConns that are no longer waiting from the head of the
  1356  // queue, reporting whether any were popped.
  1357  func (q *wantConnQueue) cleanFront() (cleaned bool) {
  1358  	for {
  1359  		w := q.peekFront()
  1360  		if w == nil || w.waiting() {
  1361  			return cleaned
  1362  		}
  1363  		q.popFront()
  1364  		cleaned = true
  1365  	}
  1366  }
  1367  
  1368  func (t *Transport) customDialTLS(ctx context.Context, network, addr string) (conn net.Conn, err error) {
  1369  	if t.DialTLSContext != nil {
  1370  		conn, err = t.DialTLSContext(ctx, network, addr)
  1371  	} else {
  1372  		conn, err = t.DialTLS(network, addr)
  1373  	}
  1374  	if conn == nil && err == nil {
  1375  		err = errors.New("net/http: Transport.DialTLS or DialTLSContext returned (nil, nil)")
  1376  	}
  1377  	return
  1378  }
  1379  
  1380  // getConn dials and creates a new persistConn to the target as
  1381  // specified in the connectMethod. This includes doing a proxy CONNECT
  1382  // and/or setting up TLS.  If this doesn't return an error, the persistConn
  1383  // is ready to write requests to.
  1384  func (t *Transport) getConn(treq *transportRequest, cm connectMethod) (_ *persistConn, err error) {
  1385  	req := treq.Request
  1386  	trace := treq.trace
  1387  	ctx := req.Context()
  1388  	if trace != nil && trace.GetConn != nil {
  1389  		trace.GetConn(cm.addr())
  1390  	}
  1391  
  1392  	w := &wantConn{
  1393  		cm:         cm,
  1394  		key:        cm.key(),
  1395  		ctx:        ctx,
  1396  		result:     make(chan connOrError, 1),
  1397  		beforeDial: testHookPrePendingDial,
  1398  		afterDial:  testHookPostPendingDial,
  1399  	}
  1400  	defer func() {
  1401  		if err != nil {
  1402  			w.cancel(t, err)
  1403  		}
  1404  	}()
  1405  
  1406  	var cancelc chan error
  1407  
  1408  	// Queue for idle connection.
  1409  	if delivered := t.queueForIdleConn(w); delivered {
  1410  		// set request canceler to some non-nil function so we
  1411  		// can detect whether it was cleared between now and when
  1412  		// we enter roundTrip
  1413  		t.setReqCanceler(treq.cancelKey, func(error) {})
  1414  	} else {
  1415  		cancelc = make(chan error, 1)
  1416  		t.setReqCanceler(treq.cancelKey, func(err error) { cancelc <- err })
  1417  
  1418  		// Queue for permission to dial.
  1419  		t.queueForDial(w)
  1420  	}
  1421  
  1422  	// Wait for completion or cancellation.
  1423  	select {
  1424  	case r := <-w.result:
  1425  		// Trace success but only for HTTP/1.
  1426  		// HTTP/2 calls trace.GotConn itself.
  1427  		if r.pc != nil && r.pc.alt == nil && trace != nil && trace.GotConn != nil {
  1428  			info := httptrace.GotConnInfo{
  1429  				Conn:   r.pc.conn,
  1430  				Reused: r.pc.isReused(),
  1431  			}
  1432  			if !r.idleAt.IsZero() {
  1433  				info.WasIdle = true
  1434  				info.IdleTime = time.Since(r.idleAt)
  1435  			}
  1436  			trace.GotConn(info)
  1437  		}
  1438  		if r.err != nil {
  1439  			// If the request has been canceled, that's probably
  1440  			// what caused r.err; if so, prefer to return the
  1441  			// cancellation error (see golang.org/issue/16049).
  1442  			select {
  1443  			case <-req.Cancel:
  1444  				return nil, errRequestCanceledConn
  1445  			case <-req.Context().Done():
  1446  				return nil, req.Context().Err()
  1447  			case err := <-cancelc:
  1448  				if err == errRequestCanceled {
  1449  					err = errRequestCanceledConn
  1450  				}
  1451  				return nil, err
  1452  			default:
  1453  				// return below
  1454  			}
  1455  		}
  1456  		return r.pc, r.err
  1457  	case <-req.Cancel:
  1458  		return nil, errRequestCanceledConn
  1459  	case <-req.Context().Done():
  1460  		return nil, req.Context().Err()
  1461  	case err := <-cancelc:
  1462  		if err == errRequestCanceled {
  1463  			err = errRequestCanceledConn
  1464  		}
  1465  		return nil, err
  1466  	}
  1467  }
  1468  
  1469  // queueForDial queues w to wait for permission to begin dialing.
  1470  // Once w receives permission to dial, it will do so in a separate goroutine.
  1471  func (t *Transport) queueForDial(w *wantConn) {
  1472  	w.beforeDial()
  1473  	if t.MaxConnsPerHost <= 0 {
  1474  		go t.dialConnFor(w)
  1475  		return
  1476  	}
  1477  
  1478  	t.connsPerHostMu.Lock()
  1479  	defer t.connsPerHostMu.Unlock()
  1480  
  1481  	if n := t.connsPerHost[w.key]; n < t.MaxConnsPerHost {
  1482  		if t.connsPerHost == nil {
  1483  			t.connsPerHost = make(map[connectMethodKey]int)
  1484  		}
  1485  		t.connsPerHost[w.key] = n + 1
  1486  		go t.dialConnFor(w)
  1487  		return
  1488  	}
  1489  
  1490  	if t.connsPerHostWait == nil {
  1491  		t.connsPerHostWait = make(map[connectMethodKey]wantConnQueue)
  1492  	}
  1493  	q := t.connsPerHostWait[w.key]
  1494  	q.cleanFront()
  1495  	q.pushBack(w)
  1496  	t.connsPerHostWait[w.key] = q
  1497  }
  1498  
  1499  // dialConnFor dials on behalf of w and delivers the result to w.
  1500  // dialConnFor has received permission to dial w.cm and is counted in t.connCount[w.cm.key()].
  1501  // If the dial is canceled or unsuccessful, dialConnFor decrements t.connCount[w.cm.key()].
  1502  func (t *Transport) dialConnFor(w *wantConn) {
  1503  	defer w.afterDial()
  1504  	ctx := w.getCtxForDial()
  1505  	if ctx == nil {
  1506  		t.decConnsPerHost(w.key)
  1507  		return
  1508  	}
  1509  
  1510  	pc, err := t.dialConn(ctx, w.cm)
  1511  	delivered := w.tryDeliver(pc, err, time.Time{})
  1512  	if err == nil && (!delivered || pc.alt != nil) {
  1513  		// pconn was not passed to w,
  1514  		// or it is HTTP/2 and can be shared.
  1515  		// Add to the idle connection pool.
  1516  		t.putOrCloseIdleConn(pc)
  1517  	}
  1518  	if err != nil {
  1519  		t.decConnsPerHost(w.key)
  1520  	}
  1521  }
  1522  
  1523  // decConnsPerHost decrements the per-host connection count for key,
  1524  // which may in turn give a different waiting goroutine permission to dial.
  1525  func (t *Transport) decConnsPerHost(key connectMethodKey) {
  1526  	if t.MaxConnsPerHost <= 0 {
  1527  		return
  1528  	}
  1529  
  1530  	t.connsPerHostMu.Lock()
  1531  	defer t.connsPerHostMu.Unlock()
  1532  	n := t.connsPerHost[key]
  1533  	if n == 0 {
  1534  		// Shouldn't happen, but if it does, the counting is buggy and could
  1535  		// easily lead to a silent deadlock, so report the problem loudly.
  1536  		panic("net/http: internal error: connCount underflow")
  1537  	}
  1538  
  1539  	// Can we hand this count to a goroutine still waiting to dial?
  1540  	// (Some goroutines on the wait list may have timed out or
  1541  	// gotten a connection another way. If they're all gone,
  1542  	// we don't want to kick off any spurious dial operations.)
  1543  	if q := t.connsPerHostWait[key]; q.len() > 0 {
  1544  		done := false
  1545  		for q.len() > 0 {
  1546  			w := q.popFront()
  1547  			if w.waiting() {
  1548  				go t.dialConnFor(w)
  1549  				done = true
  1550  				break
  1551  			}
  1552  		}
  1553  		if q.len() == 0 {
  1554  			delete(t.connsPerHostWait, key)
  1555  		} else {
  1556  			// q is a value (like a slice), so we have to store
  1557  			// the updated q back into the map.
  1558  			t.connsPerHostWait[key] = q
  1559  		}
  1560  		if done {
  1561  			return
  1562  		}
  1563  	}
  1564  
  1565  	// Otherwise, decrement the recorded count.
  1566  	if n--; n == 0 {
  1567  		delete(t.connsPerHost, key)
  1568  	} else {
  1569  		t.connsPerHost[key] = n
  1570  	}
  1571  }
  1572  
  1573  // Add TLS to a persistent connection, i.e. negotiate a TLS session. If pconn is already a TLS
  1574  // tunnel, this function establishes a nested TLS session inside the encrypted channel.
  1575  // The remote endpoint's name may be overridden by TLSClientConfig.ServerName.
  1576  func (pconn *persistConn) addTLS(ctx context.Context, name string, trace *httptrace.ClientTrace) error {
  1577  	// Initiate TLS and check remote host name against certificate.
  1578  	cfg := cloneTLSConfig(pconn.t.TLSClientConfig)
  1579  	if cfg.ServerName == "" {
  1580  		cfg.ServerName = name
  1581  	}
  1582  	if pconn.cacheKey.onlyH1 {
  1583  		cfg.NextProtos = nil
  1584  	}
  1585  	plainConn := pconn.conn
  1586  	tlsConn := tls.Client(plainConn, cfg)
  1587  	errc := make(chan error, 2)
  1588  	var timer *time.Timer // for canceling TLS handshake
  1589  	if d := pconn.t.TLSHandshakeTimeout; d != 0 {
  1590  		timer = time.AfterFunc(d, func() {
  1591  			errc <- tlsHandshakeTimeoutError{}
  1592  		})
  1593  	}
  1594  	go func() {
  1595  		if trace != nil && trace.TLSHandshakeStart != nil {
  1596  			trace.TLSHandshakeStart()
  1597  		}
  1598  		err := tlsConn.HandshakeContext(ctx)
  1599  		if timer != nil {
  1600  			timer.Stop()
  1601  		}
  1602  		errc <- err
  1603  	}()
  1604  	if err := <-errc; err != nil {
  1605  		plainConn.Close()
  1606  		if err == (tlsHandshakeTimeoutError{}) {
  1607  			// Now that we have closed the connection,
  1608  			// wait for the call to HandshakeContext to return.
  1609  			<-errc
  1610  		}
  1611  		if trace != nil && trace.TLSHandshakeDone != nil {
  1612  			trace.TLSHandshakeDone(tls.ConnectionState{}, err)
  1613  		}
  1614  		return err
  1615  	}
  1616  	cs := tlsConn.ConnectionState()
  1617  	if trace != nil && trace.TLSHandshakeDone != nil {
  1618  		trace.TLSHandshakeDone(cs, nil)
  1619  	}
  1620  	pconn.tlsState = &cs
  1621  	pconn.conn = tlsConn
  1622  	return nil
  1623  }
  1624  
  1625  type erringRoundTripper interface {
  1626  	RoundTripErr() error
  1627  }
  1628  
  1629  func (t *Transport) dialConn(ctx context.Context, cm connectMethod) (pconn *persistConn, err error) {
  1630  	pconn = &persistConn{
  1631  		t:             t,
  1632  		cacheKey:      cm.key(),
  1633  		reqch:         make(chan requestAndChan, 1),
  1634  		writech:       make(chan writeRequest, 1),
  1635  		closech:       make(chan struct{}),
  1636  		writeErrCh:    make(chan error, 1),
  1637  		writeLoopDone: make(chan struct{}),
  1638  	}
  1639  	trace := httptrace.ContextClientTrace(ctx)
  1640  	wrapErr := func(err error) error {
  1641  		if cm.proxyURL != nil {
  1642  			// Return a typed error, per Issue 16997
  1643  			return &net.OpError{Op: "proxyconnect", Net: "tcp", Err: err}
  1644  		}
  1645  		return err
  1646  	}
  1647  	if cm.scheme() == "https" && t.hasCustomTLSDialer() {
  1648  		var err error
  1649  		pconn.conn, err = t.customDialTLS(ctx, "tcp", cm.addr())
  1650  		if err != nil {
  1651  			return nil, wrapErr(err)
  1652  		}
  1653  		if tc, ok := pconn.conn.(*tls.Conn); ok {
  1654  			// Handshake here, in case DialTLS didn't. TLSNextProto below
  1655  			// depends on it for knowing the connection state.
  1656  			if trace != nil && trace.TLSHandshakeStart != nil {
  1657  				trace.TLSHandshakeStart()
  1658  			}
  1659  			if err := tc.HandshakeContext(ctx); err != nil {
  1660  				go pconn.conn.Close()
  1661  				if trace != nil && trace.TLSHandshakeDone != nil {
  1662  					trace.TLSHandshakeDone(tls.ConnectionState{}, err)
  1663  				}
  1664  				return nil, err
  1665  			}
  1666  			cs := tc.ConnectionState()
  1667  			if trace != nil && trace.TLSHandshakeDone != nil {
  1668  				trace.TLSHandshakeDone(cs, nil)
  1669  			}
  1670  			pconn.tlsState = &cs
  1671  		}
  1672  	} else {
  1673  		conn, err := t.dial(ctx, "tcp", cm.addr())
  1674  		if err != nil {
  1675  			return nil, wrapErr(err)
  1676  		}
  1677  		pconn.conn = conn
  1678  		if cm.scheme() == "https" {
  1679  			var firstTLSHost string
  1680  			if firstTLSHost, _, err = net.SplitHostPort(cm.addr()); err != nil {
  1681  				return nil, wrapErr(err)
  1682  			}
  1683  			if err = pconn.addTLS(ctx, firstTLSHost, trace); err != nil {
  1684  				return nil, wrapErr(err)
  1685  			}
  1686  		}
  1687  	}
  1688  
  1689  	// Proxy setup.
  1690  	switch {
  1691  	case cm.proxyURL == nil:
  1692  		// Do nothing. Not using a proxy.
  1693  	case cm.proxyURL.Scheme == "socks5" || cm.proxyURL.Scheme == "socks5h":
  1694  		conn := pconn.conn
  1695  		d := socksNewDialer("tcp", conn.RemoteAddr().String())
  1696  		if u := cm.proxyURL.User; u != nil {
  1697  			auth := &socksUsernamePassword{
  1698  				Username: u.Username(),
  1699  			}
  1700  			auth.Password, _ = u.Password()
  1701  			d.AuthMethods = []socksAuthMethod{
  1702  				socksAuthMethodNotRequired,
  1703  				socksAuthMethodUsernamePassword,
  1704  			}
  1705  			d.Authenticate = auth.Authenticate
  1706  		}
  1707  		if _, err := d.DialWithConn(ctx, conn, "tcp", cm.targetAddr); err != nil {
  1708  			conn.Close()
  1709  			return nil, err
  1710  		}
  1711  	case cm.targetScheme == "http":
  1712  		pconn.isProxy = true
  1713  		if pa := cm.proxyAuth(); pa != "" {
  1714  			pconn.mutateHeaderFunc = func(h Header) {
  1715  				h.Set("Proxy-Authorization", pa)
  1716  			}
  1717  		}
  1718  	case cm.targetScheme == "https":
  1719  		conn := pconn.conn
  1720  		var hdr Header
  1721  		if t.GetProxyConnectHeader != nil {
  1722  			var err error
  1723  			hdr, err = t.GetProxyConnectHeader(ctx, cm.proxyURL, cm.targetAddr)
  1724  			if err != nil {
  1725  				conn.Close()
  1726  				return nil, err
  1727  			}
  1728  		} else {
  1729  			hdr = t.ProxyConnectHeader
  1730  		}
  1731  		if hdr == nil {
  1732  			hdr = make(Header)
  1733  		}
  1734  		if pa := cm.proxyAuth(); pa != "" {
  1735  			hdr = hdr.Clone()
  1736  			hdr.Set("Proxy-Authorization", pa)
  1737  		}
  1738  		connectReq := &Request{
  1739  			Method: "CONNECT",
  1740  			URL:    &url.URL{Opaque: cm.targetAddr},
  1741  			Host:   cm.targetAddr,
  1742  			Header: hdr,
  1743  		}
  1744  
  1745  		// If there's no done channel (no deadline or cancellation
  1746  		// from the caller possible), at least set some (long)
  1747  		// timeout here. This will make sure we don't block forever
  1748  		// and leak a goroutine if the connection stops replying
  1749  		// after the TCP connect.
  1750  		connectCtx := ctx
  1751  		if ctx.Done() == nil {
  1752  			newCtx, cancel := context.WithTimeout(ctx, 1*time.Minute)
  1753  			defer cancel()
  1754  			connectCtx = newCtx
  1755  		}
  1756  
  1757  		didReadResponse := make(chan struct{}) // closed after CONNECT write+read is done or fails
  1758  		var (
  1759  			resp *Response
  1760  			err  error // write or read error
  1761  		)
  1762  		// Write the CONNECT request & read the response.
  1763  		go func() {
  1764  			defer close(didReadResponse)
  1765  			err = connectReq.Write(conn)
  1766  			if err != nil {
  1767  				return
  1768  			}
  1769  			// Okay to use and discard buffered reader here, because
  1770  			// TLS server will not speak until spoken to.
  1771  			br := bufio.NewReader(conn)
  1772  			resp, err = ReadResponse(br, connectReq)
  1773  		}()
  1774  		select {
  1775  		case <-connectCtx.Done():
  1776  			conn.Close()
  1777  			<-didReadResponse
  1778  			return nil, connectCtx.Err()
  1779  		case <-didReadResponse:
  1780  			// resp or err now set
  1781  		}
  1782  		if err != nil {
  1783  			conn.Close()
  1784  			return nil, err
  1785  		}
  1786  
  1787  		if t.OnProxyConnectResponse != nil {
  1788  			err = t.OnProxyConnectResponse(ctx, cm.proxyURL, connectReq, resp)
  1789  			if err != nil {
  1790  				conn.Close()
  1791  				return nil, err
  1792  			}
  1793  		}
  1794  
  1795  		if resp.StatusCode != 200 {
  1796  			_, text, ok := strings.Cut(resp.Status, " ")
  1797  			conn.Close()
  1798  			if !ok {
  1799  				return nil, errors.New("unknown status code")
  1800  			}
  1801  			return nil, errors.New(text)
  1802  		}
  1803  	}
  1804  
  1805  	if cm.proxyURL != nil && cm.targetScheme == "https" {
  1806  		if err := pconn.addTLS(ctx, cm.tlsHost(), trace); err != nil {
  1807  			return nil, err
  1808  		}
  1809  	}
  1810  
  1811  	if s := pconn.tlsState; s != nil && s.NegotiatedProtocolIsMutual && s.NegotiatedProtocol != "" {
  1812  		if next, ok := t.TLSNextProto[s.NegotiatedProtocol]; ok {
  1813  			alt := next(cm.targetAddr, pconn.conn.(*tls.Conn))
  1814  			if e, ok := alt.(erringRoundTripper); ok {
  1815  				// pconn.conn was closed by next (http2configureTransports.upgradeFn).
  1816  				return nil, e.RoundTripErr()
  1817  			}
  1818  			return &persistConn{t: t, cacheKey: pconn.cacheKey, alt: alt}, nil
  1819  		}
  1820  	}
  1821  
  1822  	pconn.br = bufio.NewReaderSize(pconn, t.readBufferSize())
  1823  	pconn.bw = bufio.NewWriterSize(persistConnWriter{pconn}, t.writeBufferSize())
  1824  
  1825  	go pconn.readLoop()
  1826  	go pconn.writeLoop()
  1827  	return pconn, nil
  1828  }
  1829  
  1830  // persistConnWriter is the io.Writer written to by pc.bw.
  1831  // It accumulates the number of bytes written to the underlying conn,
  1832  // so the retry logic can determine whether any bytes made it across
  1833  // the wire.
  1834  // This is exactly 1 pointer field wide so it can go into an interface
  1835  // without allocation.
  1836  type persistConnWriter struct {
  1837  	pc *persistConn
  1838  }
  1839  
  1840  func (w persistConnWriter) Write(p []byte) (n int, err error) {
  1841  	n, err = w.pc.conn.Write(p)
  1842  	w.pc.nwrite += int64(n)
  1843  	return
  1844  }
  1845  
  1846  // ReadFrom exposes persistConnWriter's underlying Conn to io.Copy and if
  1847  // the Conn implements io.ReaderFrom, it can take advantage of optimizations
  1848  // such as sendfile.
  1849  func (w persistConnWriter) ReadFrom(r io.Reader) (n int64, err error) {
  1850  	n, err = io.Copy(w.pc.conn, r)
  1851  	w.pc.nwrite += n
  1852  	return
  1853  }
  1854  
  1855  var _ io.ReaderFrom = (*persistConnWriter)(nil)
  1856  
  1857  // connectMethod is the map key (in its String form) for keeping persistent
  1858  // TCP connections alive for subsequent HTTP requests.
  1859  //
  1860  // A connect method may be of the following types:
  1861  //
  1862  //	connectMethod.key().String()      Description
  1863  //	------------------------------    -------------------------
  1864  //	|http|foo.com                     http directly to server, no proxy
  1865  //	|https|foo.com                    https directly to server, no proxy
  1866  //	|https,h1|foo.com                 https directly to server w/o HTTP/2, no proxy
  1867  //	http://proxy.com|https|foo.com    http to proxy, then CONNECT to foo.com
  1868  //	http://proxy.com|http             http to proxy, http to anywhere after that
  1869  //	socks5://proxy.com|http|foo.com   socks5 to proxy, then http to foo.com
  1870  //	socks5://proxy.com|https|foo.com  socks5 to proxy, then https to foo.com
  1871  //	https://proxy.com|https|foo.com   https to proxy, then CONNECT to foo.com
  1872  //	https://proxy.com|http            https to proxy, http to anywhere after that
  1873  type connectMethod struct {
  1874  	_            incomparable
  1875  	proxyURL     *url.URL // nil for no proxy, else full proxy URL
  1876  	targetScheme string   // "http" or "https"
  1877  	// If proxyURL specifies an http or https proxy, and targetScheme is http (not https),
  1878  	// then targetAddr is not included in the connect method key, because the socket can
  1879  	// be reused for different targetAddr values.
  1880  	targetAddr string
  1881  	onlyH1     bool // whether to disable HTTP/2 and force HTTP/1
  1882  }
  1883  
  1884  func (cm *connectMethod) key() connectMethodKey {
  1885  	proxyStr := ""
  1886  	targetAddr := cm.targetAddr
  1887  	if cm.proxyURL != nil {
  1888  		proxyStr = cm.proxyURL.String()
  1889  		if (cm.proxyURL.Scheme == "http" || cm.proxyURL.Scheme == "https") && cm.targetScheme == "http" {
  1890  			targetAddr = ""
  1891  		}
  1892  	}
  1893  	return connectMethodKey{
  1894  		proxy:  proxyStr,
  1895  		scheme: cm.targetScheme,
  1896  		addr:   targetAddr,
  1897  		onlyH1: cm.onlyH1,
  1898  	}
  1899  }
  1900  
  1901  // scheme returns the first hop scheme: http, https, or socks5
  1902  func (cm *connectMethod) scheme() string {
  1903  	if cm.proxyURL != nil {
  1904  		return cm.proxyURL.Scheme
  1905  	}
  1906  	return cm.targetScheme
  1907  }
  1908  
  1909  // addr returns the first hop "host:port" to which we need to TCP connect.
  1910  func (cm *connectMethod) addr() string {
  1911  	if cm.proxyURL != nil {
  1912  		return canonicalAddr(cm.proxyURL)
  1913  	}
  1914  	return cm.targetAddr
  1915  }
  1916  
  1917  // tlsHost returns the host name to match against the peer's
  1918  // TLS certificate.
  1919  func (cm *connectMethod) tlsHost() string {
  1920  	h := cm.targetAddr
  1921  	if hasPort(h) {
  1922  		h = h[:strings.LastIndex(h, ":")]
  1923  	}
  1924  	return h
  1925  }
  1926  
  1927  // connectMethodKey is the map key version of connectMethod, with a
  1928  // stringified proxy URL (or the empty string) instead of a pointer to
  1929  // a URL.
  1930  type connectMethodKey struct {
  1931  	proxy, scheme, addr string
  1932  	onlyH1              bool
  1933  }
  1934  
  1935  func (k connectMethodKey) String() string {
  1936  	// Only used by tests.
  1937  	var h1 string
  1938  	if k.onlyH1 {
  1939  		h1 = ",h1"
  1940  	}
  1941  	return fmt.Sprintf("%s|%s%s|%s", k.proxy, k.scheme, h1, k.addr)
  1942  }
  1943  
  1944  // persistConn wraps a connection, usually a persistent one
  1945  // (but may be used for non-keep-alive requests as well)
  1946  type persistConn struct {
  1947  	// alt optionally specifies the TLS NextProto RoundTripper.
  1948  	// This is used for HTTP/2 today and future protocols later.
  1949  	// If it's non-nil, the rest of the fields are unused.
  1950  	alt RoundTripper
  1951  
  1952  	t         *Transport
  1953  	cacheKey  connectMethodKey
  1954  	conn      net.Conn
  1955  	tlsState  *tls.ConnectionState
  1956  	br        *bufio.Reader       // from conn
  1957  	bw        *bufio.Writer       // to conn
  1958  	nwrite    int64               // bytes written
  1959  	reqch     chan requestAndChan // written by roundTrip; read by readLoop
  1960  	writech   chan writeRequest   // written by roundTrip; read by writeLoop
  1961  	closech   chan struct{}       // closed when conn closed
  1962  	isProxy   bool
  1963  	sawEOF    bool  // whether we've seen EOF from conn; owned by readLoop
  1964  	readLimit int64 // bytes allowed to be read; owned by readLoop
  1965  	// writeErrCh passes the request write error (usually nil)
  1966  	// from the writeLoop goroutine to the readLoop which passes
  1967  	// it off to the res.Body reader, which then uses it to decide
  1968  	// whether or not a connection can be reused. Issue 7569.
  1969  	writeErrCh chan error
  1970  
  1971  	writeLoopDone chan struct{} // closed when write loop ends
  1972  
  1973  	// Both guarded by Transport.idleMu:
  1974  	idleAt    time.Time   // time it last become idle
  1975  	idleTimer *time.Timer // holding an AfterFunc to close it
  1976  
  1977  	mu                   sync.Mutex // guards following fields
  1978  	numExpectedResponses int
  1979  	closed               error // set non-nil when conn is closed, before closech is closed
  1980  	canceledErr          error // set non-nil if conn is canceled
  1981  	broken               bool  // an error has happened on this connection; marked broken so it's not reused.
  1982  	reused               bool  // whether conn has had successful request/response and is being reused.
  1983  	// mutateHeaderFunc is an optional func to modify extra
  1984  	// headers on each outbound request before it's written. (the
  1985  	// original Request given to RoundTrip is not modified)
  1986  	mutateHeaderFunc func(Header)
  1987  }
  1988  
  1989  func (pc *persistConn) maxHeaderResponseSize() int64 {
  1990  	if v := pc.t.MaxResponseHeaderBytes; v != 0 {
  1991  		return v
  1992  	}
  1993  	return 10 << 20 // conservative default; same as http2
  1994  }
  1995  
  1996  func (pc *persistConn) Read(p []byte) (n int, err error) {
  1997  	if pc.readLimit <= 0 {
  1998  		return 0, fmt.Errorf("read limit of %d bytes exhausted", pc.maxHeaderResponseSize())
  1999  	}
  2000  	if int64(len(p)) > pc.readLimit {
  2001  		p = p[:pc.readLimit]
  2002  	}
  2003  	n, err = pc.conn.Read(p)
  2004  	if err == io.EOF {
  2005  		pc.sawEOF = true
  2006  	}
  2007  	pc.readLimit -= int64(n)
  2008  	return
  2009  }
  2010  
  2011  // isBroken reports whether this connection is in a known broken state.
  2012  func (pc *persistConn) isBroken() bool {
  2013  	pc.mu.Lock()
  2014  	b := pc.closed != nil
  2015  	pc.mu.Unlock()
  2016  	return b
  2017  }
  2018  
  2019  // canceled returns non-nil if the connection was closed due to
  2020  // CancelRequest or due to context cancellation.
  2021  func (pc *persistConn) canceled() error {
  2022  	pc.mu.Lock()
  2023  	defer pc.mu.Unlock()
  2024  	return pc.canceledErr
  2025  }
  2026  
  2027  // isReused reports whether this connection has been used before.
  2028  func (pc *persistConn) isReused() bool {
  2029  	pc.mu.Lock()
  2030  	r := pc.reused
  2031  	pc.mu.Unlock()
  2032  	return r
  2033  }
  2034  
  2035  func (pc *persistConn) cancelRequest(err error) {
  2036  	pc.mu.Lock()
  2037  	defer pc.mu.Unlock()
  2038  	pc.canceledErr = err
  2039  	pc.closeLocked(errRequestCanceled)
  2040  }
  2041  
  2042  // closeConnIfStillIdle closes the connection if it's still sitting idle.
  2043  // This is what's called by the persistConn's idleTimer, and is run in its
  2044  // own goroutine.
  2045  func (pc *persistConn) closeConnIfStillIdle() {
  2046  	t := pc.t
  2047  	t.idleMu.Lock()
  2048  	defer t.idleMu.Unlock()
  2049  	if _, ok := t.idleLRU.m[pc]; !ok {
  2050  		// Not idle.
  2051  		return
  2052  	}
  2053  	t.removeIdleConnLocked(pc)
  2054  	pc.close(errIdleConnTimeout)
  2055  }
  2056  
  2057  // mapRoundTripError returns the appropriate error value for
  2058  // persistConn.roundTrip.
  2059  //
  2060  // The provided err is the first error that (*persistConn).roundTrip
  2061  // happened to receive from its select statement.
  2062  //
  2063  // The startBytesWritten value should be the value of pc.nwrite before the roundTrip
  2064  // started writing the request.
  2065  func (pc *persistConn) mapRoundTripError(req *transportRequest, startBytesWritten int64, err error) error {
  2066  	if err == nil {
  2067  		return nil
  2068  	}
  2069  
  2070  	// Wait for the writeLoop goroutine to terminate to avoid data
  2071  	// races on callers who mutate the request on failure.
  2072  	//
  2073  	// When resc in pc.roundTrip and hence rc.ch receives a responseAndError
  2074  	// with a non-nil error it implies that the persistConn is either closed
  2075  	// or closing. Waiting on pc.writeLoopDone is hence safe as all callers
  2076  	// close closech which in turn ensures writeLoop returns.
  2077  	<-pc.writeLoopDone
  2078  
  2079  	// If the request was canceled, that's better than network
  2080  	// failures that were likely the result of tearing down the
  2081  	// connection.
  2082  	if cerr := pc.canceled(); cerr != nil {
  2083  		return cerr
  2084  	}
  2085  
  2086  	// See if an error was set explicitly.
  2087  	req.mu.Lock()
  2088  	reqErr := req.err
  2089  	req.mu.Unlock()
  2090  	if reqErr != nil {
  2091  		return reqErr
  2092  	}
  2093  
  2094  	if err == errServerClosedIdle {
  2095  		// Don't decorate
  2096  		return err
  2097  	}
  2098  
  2099  	if _, ok := err.(transportReadFromServerError); ok {
  2100  		if pc.nwrite == startBytesWritten {
  2101  			return nothingWrittenError{err}
  2102  		}
  2103  		// Don't decorate
  2104  		return err
  2105  	}
  2106  	if pc.isBroken() {
  2107  		if pc.nwrite == startBytesWritten {
  2108  			return nothingWrittenError{err}
  2109  		}
  2110  		return fmt.Errorf("net/http: HTTP/1.x transport connection broken: %w", err)
  2111  	}
  2112  	return err
  2113  }
  2114  
  2115  // errCallerOwnsConn is an internal sentinel error used when we hand
  2116  // off a writable response.Body to the caller. We use this to prevent
  2117  // closing a net.Conn that is now owned by the caller.
  2118  var errCallerOwnsConn = errors.New("read loop ending; caller owns writable underlying conn")
  2119  
  2120  func (pc *persistConn) readLoop() {
  2121  	closeErr := errReadLoopExiting // default value, if not changed below
  2122  	defer func() {
  2123  		pc.close(closeErr)
  2124  		pc.t.removeIdleConn(pc)
  2125  	}()
  2126  
  2127  	tryPutIdleConn := func(trace *httptrace.ClientTrace) bool {
  2128  		if err := pc.t.tryPutIdleConn(pc); err != nil {
  2129  			closeErr = err
  2130  			if trace != nil && trace.PutIdleConn != nil && err != errKeepAlivesDisabled {
  2131  				trace.PutIdleConn(err)
  2132  			}
  2133  			return false
  2134  		}
  2135  		if trace != nil && trace.PutIdleConn != nil {
  2136  			trace.PutIdleConn(nil)
  2137  		}
  2138  		return true
  2139  	}
  2140  
  2141  	// eofc is used to block caller goroutines reading from Response.Body
  2142  	// at EOF until this goroutines has (potentially) added the connection
  2143  	// back to the idle pool.
  2144  	eofc := make(chan struct{})
  2145  	defer close(eofc) // unblock reader on errors
  2146  
  2147  	// Read this once, before loop starts. (to avoid races in tests)
  2148  	testHookMu.Lock()
  2149  	testHookReadLoopBeforeNextRead := testHookReadLoopBeforeNextRead
  2150  	testHookMu.Unlock()
  2151  
  2152  	alive := true
  2153  	for alive {
  2154  		pc.readLimit = pc.maxHeaderResponseSize()
  2155  		_, err := pc.br.Peek(1)
  2156  
  2157  		pc.mu.Lock()
  2158  		if pc.numExpectedResponses == 0 {
  2159  			pc.readLoopPeekFailLocked(err)
  2160  			pc.mu.Unlock()
  2161  			return
  2162  		}
  2163  		pc.mu.Unlock()
  2164  
  2165  		rc := <-pc.reqch
  2166  		trace := httptrace.ContextClientTrace(rc.req.Context())
  2167  
  2168  		var resp *Response
  2169  		if err == nil {
  2170  			resp, err = pc.readResponse(rc, trace)
  2171  		} else {
  2172  			err = transportReadFromServerError{err}
  2173  			closeErr = err
  2174  		}
  2175  
  2176  		if err != nil {
  2177  			if pc.readLimit <= 0 {
  2178  				err = fmt.Errorf("net/http: server response headers exceeded %d bytes; aborted", pc.maxHeaderResponseSize())
  2179  			}
  2180  
  2181  			select {
  2182  			case rc.ch <- responseAndError{err: err}:
  2183  			case <-rc.callerGone:
  2184  				return
  2185  			}
  2186  			return
  2187  		}
  2188  		pc.readLimit = maxInt64 // effectively no limit for response bodies
  2189  
  2190  		pc.mu.Lock()
  2191  		pc.numExpectedResponses--
  2192  		pc.mu.Unlock()
  2193  
  2194  		bodyWritable := resp.bodyIsWritable()
  2195  		hasBody := rc.req.Method != "HEAD" && resp.ContentLength != 0
  2196  
  2197  		if resp.Close || rc.req.Close || resp.StatusCode <= 199 || bodyWritable {
  2198  			// Don't do keep-alive on error if either party requested a close
  2199  			// or we get an unexpected informational (1xx) response.
  2200  			// StatusCode 100 is already handled above.
  2201  			alive = false
  2202  		}
  2203  
  2204  		if !hasBody || bodyWritable {
  2205  			replaced := pc.t.replaceReqCanceler(rc.cancelKey, nil)
  2206  
  2207  			// Put the idle conn back into the pool before we send the response
  2208  			// so if they process it quickly and make another request, they'll
  2209  			// get this same conn. But we use the unbuffered channel 'rc'
  2210  			// to guarantee that persistConn.roundTrip got out of its select
  2211  			// potentially waiting for this persistConn to close.
  2212  			alive = alive &&
  2213  				!pc.sawEOF &&
  2214  				pc.wroteRequest() &&
  2215  				replaced && tryPutIdleConn(trace)
  2216  
  2217  			if bodyWritable {
  2218  				closeErr = errCallerOwnsConn
  2219  			}
  2220  
  2221  			select {
  2222  			case rc.ch <- responseAndError{res: resp}:
  2223  			case <-rc.callerGone:
  2224  				return
  2225  			}
  2226  
  2227  			// Now that they've read from the unbuffered channel, they're safely
  2228  			// out of the select that also waits on this goroutine to die, so
  2229  			// we're allowed to exit now if needed (if alive is false)
  2230  			testHookReadLoopBeforeNextRead()
  2231  			continue
  2232  		}
  2233  
  2234  		waitForBodyRead := make(chan bool, 2)
  2235  		body := &bodyEOFSignal{
  2236  			body: resp.Body,
  2237  			earlyCloseFn: func() error {
  2238  				waitForBodyRead <- false
  2239  				<-eofc // will be closed by deferred call at the end of the function
  2240  				return nil
  2241  
  2242  			},
  2243  			fn: func(err error) error {
  2244  				isEOF := err == io.EOF
  2245  				waitForBodyRead <- isEOF
  2246  				if isEOF {
  2247  					<-eofc // see comment above eofc declaration
  2248  				} else if err != nil {
  2249  					if cerr := pc.canceled(); cerr != nil {
  2250  						return cerr
  2251  					}
  2252  				}
  2253  				return err
  2254  			},
  2255  		}
  2256  
  2257  		resp.Body = body
  2258  		if rc.addedGzip && ascii.EqualFold(resp.Header.Get("Content-Encoding"), "gzip") {
  2259  			resp.Body = &gzipReader{body: body}
  2260  			resp.Header.Del("Content-Encoding")
  2261  			resp.Header.Del("Content-Length")
  2262  			resp.ContentLength = -1
  2263  			resp.Uncompressed = true
  2264  		}
  2265  
  2266  		select {
  2267  		case rc.ch <- responseAndError{res: resp}:
  2268  		case <-rc.callerGone:
  2269  			return
  2270  		}
  2271  
  2272  		// Before looping back to the top of this function and peeking on
  2273  		// the bufio.Reader, wait for the caller goroutine to finish
  2274  		// reading the response body. (or for cancellation or death)
  2275  		select {
  2276  		case bodyEOF := <-waitForBodyRead:
  2277  			replaced := pc.t.replaceReqCanceler(rc.cancelKey, nil) // before pc might return to idle pool
  2278  			alive = alive &&
  2279  				bodyEOF &&
  2280  				!pc.sawEOF &&
  2281  				pc.wroteRequest() &&
  2282  				replaced && tryPutIdleConn(trace)
  2283  			if bodyEOF {
  2284  				eofc <- struct{}{}
  2285  			}
  2286  		case <-rc.req.Cancel:
  2287  			alive = false
  2288  			pc.t.cancelRequest(rc.cancelKey, errRequestCanceled)
  2289  		case <-rc.req.Context().Done():
  2290  			alive = false
  2291  			pc.t.cancelRequest(rc.cancelKey, rc.req.Context().Err())
  2292  		case <-pc.closech:
  2293  			alive = false
  2294  			pc.t.setReqCanceler(rc.cancelKey, nil)
  2295  		}
  2296  
  2297  		testHookReadLoopBeforeNextRead()
  2298  	}
  2299  }
  2300  
  2301  func (pc *persistConn) readLoopPeekFailLocked(peekErr error) {
  2302  	if pc.closed != nil {
  2303  		return
  2304  	}
  2305  	if n := pc.br.Buffered(); n > 0 {
  2306  		buf, _ := pc.br.Peek(n)
  2307  		if is408Message(buf) {
  2308  			pc.closeLocked(errServerClosedIdle)
  2309  			return
  2310  		} else {
  2311  			log.Printf("Unsolicited response received on idle HTTP channel starting with %q; err=%v", buf, peekErr)
  2312  		}
  2313  	}
  2314  	if peekErr == io.EOF {
  2315  		// common case.
  2316  		pc.closeLocked(errServerClosedIdle)
  2317  	} else {
  2318  		pc.closeLocked(fmt.Errorf("readLoopPeekFailLocked: %w", peekErr))
  2319  	}
  2320  }
  2321  
  2322  // is408Message reports whether buf has the prefix of an
  2323  // HTTP 408 Request Timeout response.
  2324  // See golang.org/issue/32310.
  2325  func is408Message(buf []byte) bool {
  2326  	if len(buf) < len("HTTP/1.x 408") {
  2327  		return false
  2328  	}
  2329  	if string(buf[:7]) != "HTTP/1." {
  2330  		return false
  2331  	}
  2332  	return string(buf[8:12]) == " 408"
  2333  }
  2334  
  2335  // readResponse reads an HTTP response (or two, in the case of "Expect:
  2336  // 100-continue") from the server. It returns the final non-100 one.
  2337  // trace is optional.
  2338  func (pc *persistConn) readResponse(rc requestAndChan, trace *httptrace.ClientTrace) (resp *Response, err error) {
  2339  	if trace != nil && trace.GotFirstResponseByte != nil {
  2340  		if peek, err := pc.br.Peek(1); err == nil && len(peek) == 1 {
  2341  			trace.GotFirstResponseByte()
  2342  		}
  2343  	}
  2344  	num1xx := 0               // number of informational 1xx headers received
  2345  	const max1xxResponses = 5 // arbitrary bound on number of informational responses
  2346  
  2347  	continueCh := rc.continueCh
  2348  	for {
  2349  		resp, err = ReadResponse(pc.br, rc.req)
  2350  		if err != nil {
  2351  			return
  2352  		}
  2353  		resCode := resp.StatusCode
  2354  		if continueCh != nil {
  2355  			if resCode == 100 {
  2356  				if trace != nil && trace.Got100Continue != nil {
  2357  					trace.Got100Continue()
  2358  				}
  2359  				continueCh <- struct{}{}
  2360  				continueCh = nil
  2361  			} else if resCode >= 200 {
  2362  				close(continueCh)
  2363  				continueCh = nil
  2364  			}
  2365  		}
  2366  		is1xx := 100 <= resCode && resCode <= 199
  2367  		// treat 101 as a terminal status, see issue 26161
  2368  		is1xxNonTerminal := is1xx && resCode != StatusSwitchingProtocols
  2369  		if is1xxNonTerminal {
  2370  			num1xx++
  2371  			if num1xx > max1xxResponses {
  2372  				return nil, errors.New("net/http: too many 1xx informational responses")
  2373  			}
  2374  			pc.readLimit = pc.maxHeaderResponseSize() // reset the limit
  2375  			if trace != nil && trace.Got1xxResponse != nil {
  2376  				if err := trace.Got1xxResponse(resCode, textproto.MIMEHeader(resp.Header)); err != nil {
  2377  					return nil, err
  2378  				}
  2379  			}
  2380  			continue
  2381  		}
  2382  		break
  2383  	}
  2384  	if resp.isProtocolSwitch() {
  2385  		resp.Body = newReadWriteCloserBody(pc.br, pc.conn)
  2386  	}
  2387  
  2388  	resp.TLS = pc.tlsState
  2389  	return
  2390  }
  2391  
  2392  // waitForContinue returns the function to block until
  2393  // any response, timeout or connection close. After any of them,
  2394  // the function returns a bool which indicates if the body should be sent.
  2395  func (pc *persistConn) waitForContinue(continueCh <-chan struct{}) func() bool {
  2396  	if continueCh == nil {
  2397  		return nil
  2398  	}
  2399  	return func() bool {
  2400  		timer := time.NewTimer(pc.t.ExpectContinueTimeout)
  2401  		defer timer.Stop()
  2402  
  2403  		select {
  2404  		case _, ok := <-continueCh:
  2405  			return ok
  2406  		case <-timer.C:
  2407  			return true
  2408  		case <-pc.closech:
  2409  			return false
  2410  		}
  2411  	}
  2412  }
  2413  
  2414  func newReadWriteCloserBody(br *bufio.Reader, rwc io.ReadWriteCloser) io.ReadWriteCloser {
  2415  	body := &readWriteCloserBody{ReadWriteCloser: rwc}
  2416  	if br.Buffered() != 0 {
  2417  		body.br = br
  2418  	}
  2419  	return body
  2420  }
  2421  
  2422  // readWriteCloserBody is the Response.Body type used when we want to
  2423  // give users write access to the Body through the underlying
  2424  // connection (TCP, unless using custom dialers). This is then
  2425  // the concrete type for a Response.Body on the 101 Switching
  2426  // Protocols response, as used by WebSockets, h2c, etc.
  2427  type readWriteCloserBody struct {
  2428  	_  incomparable
  2429  	br *bufio.Reader // used until empty
  2430  	io.ReadWriteCloser
  2431  }
  2432  
  2433  func (b *readWriteCloserBody) Read(p []byte) (n int, err error) {
  2434  	if b.br != nil {
  2435  		if n := b.br.Buffered(); len(p) > n {
  2436  			p = p[:n]
  2437  		}
  2438  		n, err = b.br.Read(p)
  2439  		if b.br.Buffered() == 0 {
  2440  			b.br = nil
  2441  		}
  2442  		return n, err
  2443  	}
  2444  	return b.ReadWriteCloser.Read(p)
  2445  }
  2446  
  2447  // nothingWrittenError wraps a write errors which ended up writing zero bytes.
  2448  type nothingWrittenError struct {
  2449  	error
  2450  }
  2451  
  2452  func (nwe nothingWrittenError) Unwrap() error {
  2453  	return nwe.error
  2454  }
  2455  
  2456  func (pc *persistConn) writeLoop() {
  2457  	defer close(pc.writeLoopDone)
  2458  	for {
  2459  		select {
  2460  		case wr := <-pc.writech:
  2461  			startBytesWritten := pc.nwrite
  2462  			err := wr.req.Request.write(pc.bw, pc.isProxy, wr.req.extra, pc.waitForContinue(wr.continueCh))
  2463  			if bre, ok := err.(requestBodyReadError); ok {
  2464  				err = bre.error
  2465  				// Errors reading from the user's
  2466  				// Request.Body are high priority.
  2467  				// Set it here before sending on the
  2468  				// channels below or calling
  2469  				// pc.close() which tears down
  2470  				// connections and causes other
  2471  				// errors.
  2472  				wr.req.setError(err)
  2473  			}
  2474  			if err == nil {
  2475  				err = pc.bw.Flush()
  2476  			}
  2477  			if err != nil {
  2478  				if pc.nwrite == startBytesWritten {
  2479  					err = nothingWrittenError{err}
  2480  				}
  2481  			}
  2482  			pc.writeErrCh <- err // to the body reader, which might recycle us
  2483  			wr.ch <- err         // to the roundTrip function
  2484  			if err != nil {
  2485  				pc.close(err)
  2486  				return
  2487  			}
  2488  		case <-pc.closech:
  2489  			return
  2490  		}
  2491  	}
  2492  }
  2493  
  2494  // maxWriteWaitBeforeConnReuse is how long the a Transport RoundTrip
  2495  // will wait to see the Request's Body.Write result after getting a
  2496  // response from the server. See comments in (*persistConn).wroteRequest.
  2497  //
  2498  // In tests, we set this to a large value to avoid flakiness from inconsistent
  2499  // recycling of connections.
  2500  var maxWriteWaitBeforeConnReuse = 50 * time.Millisecond
  2501  
  2502  // wroteRequest is a check before recycling a connection that the previous write
  2503  // (from writeLoop above) happened and was successful.
  2504  func (pc *persistConn) wroteRequest() bool {
  2505  	select {
  2506  	case err := <-pc.writeErrCh:
  2507  		// Common case: the write happened well before the response, so
  2508  		// avoid creating a timer.
  2509  		return err == nil
  2510  	default:
  2511  		// Rare case: the request was written in writeLoop above but
  2512  		// before it could send to pc.writeErrCh, the reader read it
  2513  		// all, processed it, and called us here. In this case, give the
  2514  		// write goroutine a bit of time to finish its send.
  2515  		//
  2516  		// Less rare case: We also get here in the legitimate case of
  2517  		// Issue 7569, where the writer is still writing (or stalled),
  2518  		// but the server has already replied. In this case, we don't
  2519  		// want to wait too long, and we want to return false so this
  2520  		// connection isn't re-used.
  2521  		t := time.NewTimer(maxWriteWaitBeforeConnReuse)
  2522  		defer t.Stop()
  2523  		select {
  2524  		case err := <-pc.writeErrCh:
  2525  			return err == nil
  2526  		case <-t.C:
  2527  			return false
  2528  		}
  2529  	}
  2530  }
  2531  
  2532  // responseAndError is how the goroutine reading from an HTTP/1 server
  2533  // communicates with the goroutine doing the RoundTrip.
  2534  type responseAndError struct {
  2535  	_   incomparable
  2536  	res *Response // else use this response (see res method)
  2537  	err error
  2538  }
  2539  
  2540  type requestAndChan struct {
  2541  	_         incomparable
  2542  	req       *Request
  2543  	cancelKey cancelKey
  2544  	ch        chan responseAndError // unbuffered; always send in select on callerGone
  2545  
  2546  	// whether the Transport (as opposed to the user client code)
  2547  	// added the Accept-Encoding gzip header. If the Transport
  2548  	// set it, only then do we transparently decode the gzip.
  2549  	addedGzip bool
  2550  
  2551  	// Optional blocking chan for Expect: 100-continue (for send).
  2552  	// If the request has an "Expect: 100-continue" header and
  2553  	// the server responds 100 Continue, readLoop send a value
  2554  	// to writeLoop via this chan.
  2555  	continueCh chan<- struct{}
  2556  
  2557  	callerGone <-chan struct{} // closed when roundTrip caller has returned
  2558  }
  2559  
  2560  // A writeRequest is sent by the caller's goroutine to the
  2561  // writeLoop's goroutine to write a request while the read loop
  2562  // concurrently waits on both the write response and the server's
  2563  // reply.
  2564  type writeRequest struct {
  2565  	req *transportRequest
  2566  	ch  chan<- error
  2567  
  2568  	// Optional blocking chan for Expect: 100-continue (for receive).
  2569  	// If not nil, writeLoop blocks sending request body until
  2570  	// it receives from this chan.
  2571  	continueCh <-chan struct{}
  2572  }
  2573  
  2574  // httpTimeoutError represents a timeout.
  2575  // It implements net.Error and wraps context.DeadlineExceeded.
  2576  type timeoutError struct {
  2577  	err string
  2578  }
  2579  
  2580  func (e *timeoutError) Error() string     { return e.err }
  2581  func (e *timeoutError) Timeout() bool     { return true }
  2582  func (e *timeoutError) Temporary() bool   { return true }
  2583  func (e *timeoutError) Is(err error) bool { return err == context.DeadlineExceeded }
  2584  
  2585  var errTimeout error = &timeoutError{"net/http: timeout awaiting response headers"}
  2586  
  2587  // errRequestCanceled is set to be identical to the one from h2 to facilitate
  2588  // testing.
  2589  var errRequestCanceled = http2errRequestCanceled
  2590  var errRequestCanceledConn = errors.New("net/http: request canceled while waiting for connection") // TODO: unify?
  2591  
  2592  func nop() {}
  2593  
  2594  // testHooks. Always non-nil.
  2595  var (
  2596  	testHookEnterRoundTrip   = nop
  2597  	testHookWaitResLoop      = nop
  2598  	testHookRoundTripRetried = nop
  2599  	testHookPrePendingDial   = nop
  2600  	testHookPostPendingDial  = nop
  2601  
  2602  	testHookMu                     sync.Locker = fakeLocker{} // guards following
  2603  	testHookReadLoopBeforeNextRead             = nop
  2604  )
  2605  
  2606  func (pc *persistConn) roundTrip(req *transportRequest) (resp *Response, err error) {
  2607  	testHookEnterRoundTrip()
  2608  	if !pc.t.replaceReqCanceler(req.cancelKey, pc.cancelRequest) {
  2609  		pc.t.putOrCloseIdleConn(pc)
  2610  		return nil, errRequestCanceled
  2611  	}
  2612  	pc.mu.Lock()
  2613  	pc.numExpectedResponses++
  2614  	headerFn := pc.mutateHeaderFunc
  2615  	pc.mu.Unlock()
  2616  
  2617  	if headerFn != nil {
  2618  		headerFn(req.extraHeaders())
  2619  	}
  2620  
  2621  	// Ask for a compressed version if the caller didn't set their
  2622  	// own value for Accept-Encoding. We only attempt to
  2623  	// uncompress the gzip stream if we were the layer that
  2624  	// requested it.
  2625  	requestedGzip := false
  2626  	if !pc.t.DisableCompression &&
  2627  		req.Header.Get("Accept-Encoding") == "" &&
  2628  		req.Header.Get("Range") == "" &&
  2629  		req.Method != "HEAD" {
  2630  		// Request gzip only, not deflate. Deflate is ambiguous and
  2631  		// not as universally supported anyway.
  2632  		// See: https://zlib.net/zlib_faq.html#faq39
  2633  		//
  2634  		// Note that we don't request this for HEAD requests,
  2635  		// due to a bug in nginx:
  2636  		//   https://trac.nginx.org/nginx/ticket/358
  2637  		//   https://golang.org/issue/5522
  2638  		//
  2639  		// We don't request gzip if the request is for a range, since
  2640  		// auto-decoding a portion of a gzipped document will just fail
  2641  		// anyway. See https://golang.org/issue/8923
  2642  		requestedGzip = true
  2643  		req.extraHeaders().Set("Accept-Encoding", "gzip")
  2644  	}
  2645  
  2646  	var continueCh chan struct{}
  2647  	if req.ProtoAtLeast(1, 1) && req.Body != nil && req.expectsContinue() {
  2648  		continueCh = make(chan struct{}, 1)
  2649  	}
  2650  
  2651  	if pc.t.DisableKeepAlives &&
  2652  		!req.wantsClose() &&
  2653  		!isProtocolSwitchHeader(req.Header) {
  2654  		req.extraHeaders().Set("Connection", "close")
  2655  	}
  2656  
  2657  	gone := make(chan struct{})
  2658  	defer close(gone)
  2659  
  2660  	defer func() {
  2661  		if err != nil {
  2662  			pc.t.setReqCanceler(req.cancelKey, nil)
  2663  		}
  2664  	}()
  2665  
  2666  	const debugRoundTrip = false
  2667  
  2668  	// Write the request concurrently with waiting for a response,
  2669  	// in case the server decides to reply before reading our full
  2670  	// request body.
  2671  	startBytesWritten := pc.nwrite
  2672  	writeErrCh := make(chan error, 1)
  2673  	pc.writech <- writeRequest{req, writeErrCh, continueCh}
  2674  
  2675  	resc := make(chan responseAndError)
  2676  	pc.reqch <- requestAndChan{
  2677  		req:        req.Request,
  2678  		cancelKey:  req.cancelKey,
  2679  		ch:         resc,
  2680  		addedGzip:  requestedGzip,
  2681  		continueCh: continueCh,
  2682  		callerGone: gone,
  2683  	}
  2684  
  2685  	var respHeaderTimer <-chan time.Time
  2686  	cancelChan := req.Request.Cancel
  2687  	ctxDoneChan := req.Context().Done()
  2688  	pcClosed := pc.closech
  2689  	canceled := false
  2690  	for {
  2691  		testHookWaitResLoop()
  2692  		select {
  2693  		case err := <-writeErrCh:
  2694  			if debugRoundTrip {
  2695  				req.logf("writeErrCh resv: %T/%#v", err, err)
  2696  			}
  2697  			if err != nil {
  2698  				pc.close(fmt.Errorf("write error: %w", err))
  2699  				return nil, pc.mapRoundTripError(req, startBytesWritten, err)
  2700  			}
  2701  			if d := pc.t.ResponseHeaderTimeout; d > 0 {
  2702  				if debugRoundTrip {
  2703  					req.logf("starting timer for %v", d)
  2704  				}
  2705  				timer := time.NewTimer(d)
  2706  				defer timer.Stop() // prevent leaks
  2707  				respHeaderTimer = timer.C
  2708  			}
  2709  		case <-pcClosed:
  2710  			pcClosed = nil
  2711  			if canceled || pc.t.replaceReqCanceler(req.cancelKey, nil) {
  2712  				if debugRoundTrip {
  2713  					req.logf("closech recv: %T %#v", pc.closed, pc.closed)
  2714  				}
  2715  				return nil, pc.mapRoundTripError(req, startBytesWritten, pc.closed)
  2716  			}
  2717  		case <-respHeaderTimer:
  2718  			if debugRoundTrip {
  2719  				req.logf("timeout waiting for response headers.")
  2720  			}
  2721  			pc.close(errTimeout)
  2722  			return nil, errTimeout
  2723  		case re := <-resc:
  2724  			if (re.res == nil) == (re.err == nil) {
  2725  				panic(fmt.Sprintf("internal error: exactly one of res or err should be set; nil=%v", re.res == nil))
  2726  			}
  2727  			if debugRoundTrip {
  2728  				req.logf("resc recv: %p, %T/%#v", re.res, re.err, re.err)
  2729  			}
  2730  			if re.err != nil {
  2731  				return nil, pc.mapRoundTripError(req, startBytesWritten, re.err)
  2732  			}
  2733  			return re.res, nil
  2734  		case <-cancelChan:
  2735  			canceled = pc.t.cancelRequest(req.cancelKey, errRequestCanceled)
  2736  			cancelChan = nil
  2737  		case <-ctxDoneChan:
  2738  			canceled = pc.t.cancelRequest(req.cancelKey, req.Context().Err())
  2739  			cancelChan = nil
  2740  			ctxDoneChan = nil
  2741  		}
  2742  	}
  2743  }
  2744  
  2745  // tLogKey is a context WithValue key for test debugging contexts containing
  2746  // a t.Logf func. See export_test.go's Request.WithT method.
  2747  type tLogKey struct{}
  2748  
  2749  func (tr *transportRequest) logf(format string, args ...any) {
  2750  	if logf, ok := tr.Request.Context().Value(tLogKey{}).(func(string, ...any)); ok {
  2751  		logf(time.Now().Format(time.RFC3339Nano)+": "+format, args...)
  2752  	}
  2753  }
  2754  
  2755  // markReused marks this connection as having been successfully used for a
  2756  // request and response.
  2757  func (pc *persistConn) markReused() {
  2758  	pc.mu.Lock()
  2759  	pc.reused = true
  2760  	pc.mu.Unlock()
  2761  }
  2762  
  2763  // close closes the underlying TCP connection and closes
  2764  // the pc.closech channel.
  2765  //
  2766  // The provided err is only for testing and debugging; in normal
  2767  // circumstances it should never be seen by users.
  2768  func (pc *persistConn) close(err error) {
  2769  	pc.mu.Lock()
  2770  	defer pc.mu.Unlock()
  2771  	pc.closeLocked(err)
  2772  }
  2773  
  2774  func (pc *persistConn) closeLocked(err error) {
  2775  	if err == nil {
  2776  		panic("nil error")
  2777  	}
  2778  	pc.broken = true
  2779  	if pc.closed == nil {
  2780  		pc.closed = err
  2781  		pc.t.decConnsPerHost(pc.cacheKey)
  2782  		// Close HTTP/1 (pc.alt == nil) connection.
  2783  		// HTTP/2 closes its connection itself.
  2784  		if pc.alt == nil {
  2785  			if err != errCallerOwnsConn {
  2786  				pc.conn.Close()
  2787  			}
  2788  			close(pc.closech)
  2789  		}
  2790  	}
  2791  	pc.mutateHeaderFunc = nil
  2792  }
  2793  
  2794  var portMap = map[string]string{
  2795  	"http":    "80",
  2796  	"https":   "443",
  2797  	"socks5":  "1080",
  2798  	"socks5h": "1080",
  2799  }
  2800  
  2801  func idnaASCIIFromURL(url *url.URL) string {
  2802  	addr := url.Hostname()
  2803  	if v, err := idnaASCII(addr); err == nil {
  2804  		addr = v
  2805  	}
  2806  	return addr
  2807  }
  2808  
  2809  // canonicalAddr returns url.Host but always with a ":port" suffix.
  2810  func canonicalAddr(url *url.URL) string {
  2811  	port := url.Port()
  2812  	if port == "" {
  2813  		port = portMap[url.Scheme]
  2814  	}
  2815  	return net.JoinHostPort(idnaASCIIFromURL(url), port)
  2816  }
  2817  
  2818  // bodyEOFSignal is used by the HTTP/1 transport when reading response
  2819  // bodies to make sure we see the end of a response body before
  2820  // proceeding and reading on the connection again.
  2821  //
  2822  // It wraps a ReadCloser but runs fn (if non-nil) at most
  2823  // once, right before its final (error-producing) Read or Close call
  2824  // returns. fn should return the new error to return from Read or Close.
  2825  //
  2826  // If earlyCloseFn is non-nil and Close is called before io.EOF is
  2827  // seen, earlyCloseFn is called instead of fn, and its return value is
  2828  // the return value from Close.
  2829  type bodyEOFSignal struct {
  2830  	body         io.ReadCloser
  2831  	mu           sync.Mutex        // guards following 4 fields
  2832  	closed       bool              // whether Close has been called
  2833  	rerr         error             // sticky Read error
  2834  	fn           func(error) error // err will be nil on Read io.EOF
  2835  	earlyCloseFn func() error      // optional alt Close func used if io.EOF not seen
  2836  }
  2837  
  2838  var errReadOnClosedResBody = errors.New("http: read on closed response body")
  2839  
  2840  func (es *bodyEOFSignal) Read(p []byte) (n int, err error) {
  2841  	es.mu.Lock()
  2842  	closed, rerr := es.closed, es.rerr
  2843  	es.mu.Unlock()
  2844  	if closed {
  2845  		return 0, errReadOnClosedResBody
  2846  	}
  2847  	if rerr != nil {
  2848  		return 0, rerr
  2849  	}
  2850  
  2851  	n, err = es.body.Read(p)
  2852  	if err != nil {
  2853  		es.mu.Lock()
  2854  		defer es.mu.Unlock()
  2855  		if es.rerr == nil {
  2856  			es.rerr = err
  2857  		}
  2858  		err = es.condfn(err)
  2859  	}
  2860  	return
  2861  }
  2862  
  2863  func (es *bodyEOFSignal) Close() error {
  2864  	es.mu.Lock()
  2865  	defer es.mu.Unlock()
  2866  	if es.closed {
  2867  		return nil
  2868  	}
  2869  	es.closed = true
  2870  	if es.earlyCloseFn != nil && es.rerr != io.EOF {
  2871  		return es.earlyCloseFn()
  2872  	}
  2873  	err := es.body.Close()
  2874  	return es.condfn(err)
  2875  }
  2876  
  2877  // caller must hold es.mu.
  2878  func (es *bodyEOFSignal) condfn(err error) error {
  2879  	if es.fn == nil {
  2880  		return err
  2881  	}
  2882  	err = es.fn(err)
  2883  	es.fn = nil
  2884  	return err
  2885  }
  2886  
  2887  // gzipReader wraps a response body so it can lazily
  2888  // call gzip.NewReader on the first call to Read
  2889  type gzipReader struct {
  2890  	_    incomparable
  2891  	body *bodyEOFSignal // underlying HTTP/1 response body framing
  2892  	zr   *gzip.Reader   // lazily-initialized gzip reader
  2893  	zerr error          // any error from gzip.NewReader; sticky
  2894  }
  2895  
  2896  func (gz *gzipReader) Read(p []byte) (n int, err error) {
  2897  	if gz.zr == nil {
  2898  		if gz.zerr == nil {
  2899  			gz.zr, gz.zerr = gzip.NewReader(gz.body)
  2900  		}
  2901  		if gz.zerr != nil {
  2902  			return 0, gz.zerr
  2903  		}
  2904  	}
  2905  
  2906  	gz.body.mu.Lock()
  2907  	if gz.body.closed {
  2908  		err = errReadOnClosedResBody
  2909  	}
  2910  	gz.body.mu.Unlock()
  2911  
  2912  	if err != nil {
  2913  		return 0, err
  2914  	}
  2915  	return gz.zr.Read(p)
  2916  }
  2917  
  2918  func (gz *gzipReader) Close() error {
  2919  	return gz.body.Close()
  2920  }
  2921  
  2922  type tlsHandshakeTimeoutError struct{}
  2923  
  2924  func (tlsHandshakeTimeoutError) Timeout() bool   { return true }
  2925  func (tlsHandshakeTimeoutError) Temporary() bool { return true }
  2926  func (tlsHandshakeTimeoutError) Error() string   { return "net/http: TLS handshake timeout" }
  2927  
  2928  // fakeLocker is a sync.Locker which does nothing. It's used to guard
  2929  // test-only fields when not under test, to avoid runtime atomic
  2930  // overhead.
  2931  type fakeLocker struct{}
  2932  
  2933  func (fakeLocker) Lock()   {}
  2934  func (fakeLocker) Unlock() {}
  2935  
  2936  // cloneTLSConfig returns a shallow clone of cfg, or a new zero tls.Config if
  2937  // cfg is nil. This is safe to call even if cfg is in active use by a TLS
  2938  // client or server.
  2939  func cloneTLSConfig(cfg *tls.Config) *tls.Config {
  2940  	if cfg == nil {
  2941  		return &tls.Config{}
  2942  	}
  2943  	return cfg.Clone()
  2944  }
  2945  
  2946  type connLRU struct {
  2947  	ll *list.List // list.Element.Value type is of *persistConn
  2948  	m  map[*persistConn]*list.Element
  2949  }
  2950  
  2951  // add adds pc to the head of the linked list.
  2952  func (cl *connLRU) add(pc *persistConn) {
  2953  	if cl.ll == nil {
  2954  		cl.ll = list.New()
  2955  		cl.m = make(map[*persistConn]*list.Element)
  2956  	}
  2957  	ele := cl.ll.PushFront(pc)
  2958  	if _, ok := cl.m[pc]; ok {
  2959  		panic("persistConn was already in LRU")
  2960  	}
  2961  	cl.m[pc] = ele
  2962  }
  2963  
  2964  func (cl *connLRU) removeOldest() *persistConn {
  2965  	ele := cl.ll.Back()
  2966  	pc := ele.Value.(*persistConn)
  2967  	cl.ll.Remove(ele)
  2968  	delete(cl.m, pc)
  2969  	return pc
  2970  }
  2971  
  2972  // remove removes pc from cl.
  2973  func (cl *connLRU) remove(pc *persistConn) {
  2974  	if ele, ok := cl.m[pc]; ok {
  2975  		cl.ll.Remove(ele)
  2976  		delete(cl.m, pc)
  2977  	}
  2978  }
  2979  
  2980  // len returns the number of items in the cache.
  2981  func (cl *connLRU) len() int {
  2982  	return len(cl.m)
  2983  }
  2984  

View as plain text