Browse the repository at this point in the history

currently only http/https/socks5 scheme are allowed. However, any scheme
could be possible if user provides their own implementation.
Specifically, the widely used "socks5h://localhost" is parsed as
Scheme="http" Host="socks5h:", which does not make sense because host
name cannot contain ":".

This patch allows any scheme to appear in the proxy config. And only
fallback to http scheme if parsed scheme or host is empty.

url.Parse() result of fallback cases:

localhost      => Scheme="localhost"
localhost:1234 => Scheme="localhost" Opaque="1234"
example.com    => Path="example.com"

Updates golang/go#24135

Change-Id: Ia2c041e37e2ac61be16220fd41d6cb6fabeeca3d
Reviewed-on: https://go-review.googlesource.com/c/net/+/525257
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Damien Neil <dneil@google.com>

Browse the repository at this point in the history

Browse the repository at this point in the history

Browse the repository at this point in the history

Many RoundTrip tests involve testing against a test-defined
server with specific behaviors. For example: Testing
RoundTrip's behavior when the server violates flow
control limits.

Existing tests mostly use the clientTester type, which
starts separate goroutines for the Transport and a fake
server. This results in tests where the control flow
bounces around the test function, and requires each
test to manage its own synchronization.

Introduce a new framework for writing RoundTrip tests.
testClientConn allows client tests to be written linearly,
with synchronization provided by the test framework.
For example, a testClientConn test can, as a linear
sequence of actions:

  - start RoundTrip;
  - check the request headers sent;
  - provide data to the request body;
  - check that a DATA frame is sent;
  - send response headers from the server to the client;
  - check that RoundTrip returns.

See TestTestClientConn at the top of clientconn_test.go
for a full example.

To enable synchronization with tests, this CL
instruments the RoundTrip path to record when
goroutines start, exit, and block waiting for events.
This adds a certain amount of noise and bookkeeping
to the client implementation, but (in my opinion)
this is more than repaid in improved testability.

The testClientConn also permits use of synthetic
time in tests. At the moment, this is limited to
the response header timeout, but extending it to
other timeouts (read, 100-continue) should be
straightforward.

This CL converts a number of existing clientTester tests
to use the new framework, but not all.

Change-Id: Ief963889969363ec8469cd3c3de0becb2fc548f9
Reviewed-on: https://go-review.googlesource.com/c/net/+/563540
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>

Browse the repository at this point in the history

Browse the repository at this point in the history

Browse the repository at this point in the history

Browse the repository at this point in the history

Browse the repository at this point in the history

This change is a counterpart to the HTTP/1.1 trailers
validation CL 572615. This change will ensure that we
validate trailers that were set on the HTTP client
before they are transformed to HTTP/2 equivalents.

Updates golang/go#64766

Change-Id: Id1afd7f7e9af820ea969ef226bbb16e4de6d57a5
Reviewed-on: https://go-review.googlesource.com/c/net/+/572655
Auto-Submit: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Emmanuel Odeke <emmanuel@orijtech.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: David Chase <drchase@google.com>

Browse the repository at this point in the history

Browse the repository at this point in the history

Rewrite TestIdleConnTimeout to use the new synthetic time and
synchronization test facilities, rather than using real time
and sleeps.

Reduces the test time from 20 seconds to 0.
Reduces all package tests on my laptop from 32 seconds to 12.

Change-Id: I33838488168450a7acd6a462777b5a4caf7f5307
Reviewed-on: https://go-review.googlesource.com/c/net/+/572379
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

Browse the repository at this point in the history

Browse the repository at this point in the history

All tests which use clientTester have been converted to use
testClientConn, so delete clientTester.

Change-Id: Id9a88bf7ee6760fada8442d383d5e68455c6dc3e
Reviewed-on: https://go-review.googlesource.com/c/net/+/572815
Reviewed-by: Jonathan Amsterdam <jba@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

Browse the repository at this point in the history

Browse the repository at this point in the history

Change-Id: I7e2c867efcc960553da77e395b0069ab6776cd9f
GitHub-Last-Rev: eaa122d
GitHub-Pull-Request: #205
Reviewed-on: https://go-review.googlesource.com/c/net/+/572995
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>

Browse the repository at this point in the history

Maintaining HPACK state requires that we parse and process
all HEADERS and CONTINUATION frames on a connection.
When a request's headers exceed MaxHeaderBytes, we don't
allocate memory to store the excess headers but we do
parse them. This permits an attacker to cause an HTTP/2
endpoint to read arbitrary amounts of data, all associated
with a request which is going to be rejected.

Set a limit on the amount of excess header frames we
will process before closing a connection.

Thanks to Bartek Nowotarski for reporting this issue.

Fixes CVE-2023-45288
Fixes golang/go#65051

Change-Id: I15df097268df13bb5a9e9d3a5c04a8a141d850f6
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2130527
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-on: https://go-review.googlesource.com/c/net/+/576155
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

Browse the repository at this point in the history

Browse the repository at this point in the history

This test causes the server to send a GOAWAY and close a connection.
The server GOAWAY path writes a GOAWAY frame asynchronously, and
closes the connection if the write doesn't complete within 1s.
This is causing failures on some builders, when the frame write
doesn't complete in time.

The important aspect of this test is that the connection be closed.
Drop the check for the GOAWAY frame.

Change-Id: I099413be9c4dfe71d8fe83d2c6242e82e282293e
Reviewed-on: https://go-review.googlesource.com/c/net/+/576235
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

Browse the repository at this point in the history