[PATCH] Fixed port ranges support in the listen directive

Maxim Dounin mdounin at mdounin.ru
Mon Dec 26 22:57:45 UTC 2022


On Fri, Dec 23, 2022 at 07:27:04PM +0400, Sergey Kandaurov wrote:

> > On 18 Dec 2022, at 22:36, Valentin V. Bartenev <vbart at wbsrv.ru> wrote:
> > 
> > # HG changeset patch
> > # User Valentin Bartenev <vbart at wbsrv.ru>
> > # Date 1671388142 -10800
> > #      Sun Dec 18 21:29:02 2022 +0300
> > # Node ID 2af1287d2da744335932f6dca345618f7b80d1c1
> > # Parent  3108d4d668e4b907868b815f0441d4c893bf4188
> > Fixed port ranges support in the listen directive.
> > 
> > Ports difference must be respected when checking addresses for duplicates,
> > otherwise configurations like this are broken:
> > 
> >  listen
> > 
> > It was broken by 4cc2bfeff46c (nginx 1.23.3).
> > 
> Thanks for the report, the patch looks good, pushed.
> It could've been caught by tests, if they were not skipped by default
> due to using wildcard addresses (as you recall, changes went there too),
> a measure to prevent from running on a box with external addresses.
> Nowadays, it is rather historic, it's much easier to setup an isolated
> environment.  Probably it's time to move on to 21st century and start
> running nginx tests with wildcard listening sockets unconditionally.
> Meanwhile, I've made some changes to have a better chance to catch this.

Testing port ranges certainly do not depend on using the wildcard 
address.  It's more about properly structuring tests.

Note though that even with proper structuring and/or with 
TEST_NGINX_UNSAFE the particular test is likely to be skipped with 
parallel test execution since the test requires two consecutive 
ports, which are unlikely to be allocated with parallel tests.

Either way, I'm certainly against the idea of listening on the 
wildcard address by default in tests.  The original idea is that 
tests should listen on local addresses only, so it should be 
reasonably safe to run tests on any host.  And I would rather 
preserve this behaviour.

If tests on wildcard addresses are indeed important, it might be a 
good idea to introduce a separate switch to allow such tests 
instead of requiring TEST_NGINX_UNSAFE.  I don't think this is 
needed in this particular case though, and properly re-structuring 
tests should be sufficient (at least assuming no parallel test 
execution; addressing this would require some port ranges 
support it port allocation infrastructure).

Maxim Dounin

More information about the nginx-devel mailing list