ngx_http_upstream_check_broken_connection() is broken

Nicolas Viennot nicolas at viennot.com
Sat Nov 26 21:12:03 UTC 2011


It goes like this:

static void ngx_http_upstream_check_broken_connection(...) {
     ...
    n = recv(c->fd, buf, 1, MSG_PEEK);
     ...
}

Checking for closed connection with recv(..., MSG_PEEK) is broken.

SSL closes are not detected, thus sockets stay in CLOSE_WAIT state forever
-- nice DoS).
The alternative is to use stunnel with the X-Forwarded-For patch, but
that's way too messy.

In ngx_http_upstream_check_broken_connection(), there seems to be a
different path for kqueue.
What about modifying the poll/epoll behavior to detect disconnections for
other event modules ?
In ngx_epoll_add_connection(), we can add the EPOLLHUP event, and mark the
connection
as disconnected when processing HUP events instead of using the buggy
MSG_PEEK hack.

What do you think ?

Nico.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20111126/175c1306/attachment.html>


More information about the nginx-devel mailing list