Is there a bug in ngx_http_upstream_module's broken connection check code?

Maxim Dounin mdounin at mdounin.ru
Thu Jun 23 16:13:16 MSD 2011


Hello!

On Thu, Jun 23, 2011 at 12:14:47AM -0400, speedfirst wrote:

> In the function "ngx_http_upstream_check_broken_connection" of
> ngx_http_upstream.c, there is a code segment like below:
> 
> 
>  n = recv(c->fd, buf, 1, MSG_PEEK);
> ...
>  else { /* n == 0 */
>         err = 0;
>     }
> 
> Here use whether receiving 0 bytes from downstream client to judge
> whether the connection has been closed. However, if the downstream
> connection is https, and the connection is cosed, this n will never be
> 0. So the code fails to check the broken connection for https.
> 
> My test is create a connection by firefox and click the "Stop" button in
> the firefox. If the connection is http, n will be 0; but if the
> connection is https, n is always 1. I try to increase the peek read
> limit from 1 to 1000 and then n will get 37.
> 
> So is it a bug or I misunderstand something?

Yes, the code in question won't be able to detect SSL connection 
close with appropriate shutdown records sent by a client (as well 
as connection close with some other pending data, e.g. pipelined 
request).  It is not possible to detect connection close with 
standard socket interface if there are pending data without 
reading that data first, which isn't always desired/possible.

In the particular case of SSL it should be possible to use 
SSL_peek() here, but better aproach is to use OS-provided hint, 
e.g. as EV_EOF provided by kqueue interface (and used by nginx).

Maxim Dounin



More information about the nginx mailing list