Is there a bug in ngx_http_upstream_module's broken connection check code?

nviennot nginx-forum at
Sat Nov 26 12:41:24 UTC 2011

I am experiencing this bug in a production system. (SSL closes are not
detected,  thus sockets stay in CLOSE_WAIT state forever -- nice DoS).

I was looking at nginx sources, and it seems that this bug has not been
The alternative is to use stunnel with the X-Forwarded-For patch, but
that's way too messy.

In ngx_http_upstream_check_broken_connection(), there seems to be a
different path for kqueue. What about modifying the poll/epoll behavior
to detect disconnections for other event modules ? In
ngx_epoll_add_connection(), we can add the EPOLLHUP event, and mark the
connection as disconnected when processing HUP events instead of using
the buggy MSG_PEEK hack

Posted at Nginx Forum:,209276,219105#msg-219105

More information about the nginx mailing list