Is there a bug in ngx_http_upstream_module's broken connection check code?
nviennot
nginx-forum at nginx.us
Sat Nov 26 12:41:24 UTC 2011
I am experiencing this bug in a production system. (SSL closes are not
detected, thus sockets stay in CLOSE_WAIT state forever -- nice DoS).
I was looking at nginx sources, and it seems that this bug has not been
fixed.
The alternative is to use stunnel with the X-Forwarded-For patch, but
that's way too messy.
In ngx_http_upstream_check_broken_connection(), there seems to be a
different path for kqueue. What about modifying the poll/epoll behavior
to detect disconnections for other event modules ? In
ngx_epoll_add_connection(), we can add the EPOLLHUP event, and mark the
connection as disconnected when processing HUP events instead of using
the buggy MSG_PEEK hack
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,209276,219105#msg-219105
More information about the nginx
mailing list