ngx_http_upstream_check_broken_connection() is broken
Maxim Dounin
mdounin at mdounin.ru
Sun Nov 27 16:13:40 UTC 2011
Hello!
On Sat, Nov 26, 2011 at 04:12:03PM -0500, Nicolas Viennot wrote:
> It goes like this:
>
> static void ngx_http_upstream_check_broken_connection(...) {
> ...
> n = recv(c->fd, buf, 1, MSG_PEEK);
> ...
> }
>
> Checking for closed connection with recv(..., MSG_PEEK) is broken.
>
> SSL closes are not detected, thus sockets stay in CLOSE_WAIT state forever
> -- nice DoS).
> The alternative is to use stunnel with the X-Forwarded-For patch, but
> that's way too messy.
>
> In ngx_http_upstream_check_broken_connection(), there seems to be a
> different path for kqueue.
> What about modifying the poll/epoll behavior to detect disconnections for
> other event modules ?
> In ngx_epoll_add_connection(), we can add the EPOLLHUP event, and mark the
> connection
> as disconnected when processing HUP events instead of using the buggy
> MSG_PEEK hack.
>
> What do you think ?
You've already got answer in nginx@ list:
http://mailman.nginx.org/pipermail/nginx/2011-November/030630.html
It makes a little sense to repeat the same question again.
Maxim Dounin
More information about the nginx-devel
mailing list