SSL FD Leak
Ben Maurer
bmaurer at andrew.cmu.edu
Mon Dec 31 01:12:04 MSK 2007
Ben Maurer wrote:
> Hi,
>
> On a server that has quite a few SSL connections, I started to notice
> that FDs were leaking. I set the load balancer in front of nginx to stop
> sending new requests to one server for a few minutes (to let the
> keepalive time expire) and found that there were a few thousand FDs
> open. netstat says that there are many sockets in the CLOSE_WAIT and
> ESTABLISHED state for the SSL server. Many of them have data in receive
> queue.
>
> Any ideas what might cause this? This is an up-to-date 0.5.x install.
Some progress on debugging this -- it may have to to do with the
deferred setting.
I've managed to get straces like this:
accept(6, {sa_family=AF_INET, sin_port=htons(35327),
sin_addr=inet_addr("127.0.0.1")}, [16]) = 92
ioctl(92, FIONBIO, [1]) = 0
recv(92, 0xbf9c6c2b, 1, MSG_PEEK) = -1 EAGAIN (Resource
temporarily unavailable)
by using:
ab -c500 -n2000 https://localhost:8095/
and aborting in the middle. It seems that these straces are the ones
that result in leaked FDs. The trace really doesn't make much sense to
me. Deferred accept promises that the socket only goes into accept once
it has data or if it's ready to be closed. Neither of these should
result in an EAGAIN. Regardless, it seems the problem is that the FD
never gets added to epoll at this point.
- Ben
More information about the nginx
mailing list