listen deferred option
zxcvbn4038 at gmail.com
Tue Nov 10 06:08:50 UTC 2015
Good info, thank you!
On Mon, Nov 9, 2015 at 7:53 AM, Maxim Dounin <mdounin at mdounin.ru> wrote:
> On Sat, Nov 07, 2015 at 08:28:29PM -0500, CJ Ess wrote:
> > Just curious - if I am using the deferred listen option on Linux my
> > understanding is that nginx will not be woken up until data arrives for
> > connection. If someone is trying to DDOS me by opening as many
> > as possible (has happened before) how does that situation play out with
> > deferred accepts?
> > Currently I am not using the deferred option and I have timeouts set so
> > that if complete request headers aren't received in a few seconds then
> > connection is closed, however with deffered accepts I don't believe nginx
> > would be able to do that.
> When using deferred accept, nginx instructs the kernel to defer
> connections for just 1 second. After this time, the kernel will
> pass connections to nginx for normal processing.
> If there are too many connections waiting in deferred accept (more
> than a socket backlog), syncookies will be used by the kernel if
> Note that this works slightly differently with old kernels (before
> 2.6.32), and in previous nginx versions (before 1.5.10). Some
> additional information can be found in these commit logs:
> Maxim Dounin
> nginx mailing list
> nginx at nginx.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx