ngx_http_upstream_check_broken_connection() is broken
Nicolas Viennot
nicolas at viennot.com
Sat Nov 26 21:12:03 UTC 2011
It goes like this:
static void ngx_http_upstream_check_broken_connection(...) {
...
n = recv(c->fd, buf, 1, MSG_PEEK);
...
}
Checking for closed connection with recv(..., MSG_PEEK) is broken.
SSL closes are not detected, thus sockets stay in CLOSE_WAIT state forever
-- nice DoS).
The alternative is to use stunnel with the X-Forwarded-For patch, but
that's way too messy.
In ngx_http_upstream_check_broken_connection(), there seems to be a
different path for kqueue.
What about modifying the poll/epoll behavior to detect disconnections for
other event modules ?
In ngx_epoll_add_connection(), we can add the EPOLLHUP event, and mark the
connection
as disconnected when processing HUP events instead of using the buggy
MSG_PEEK hack.
What do you think ?
Nico.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20111126/175c1306/attachment.html>
More information about the nginx-devel
mailing list