listen deferred option

Maxim Dounin mdounin at
Mon Nov 9 12:53:09 UTC 2015


On Sat, Nov 07, 2015 at 08:28:29PM -0500, CJ Ess wrote:

> Just curious - if I am using the deferred listen option on Linux my
> understanding is that nginx will not be woken up until data arrives for the
> connection. If someone is trying to DDOS me by opening as many connections
> as possible (has happened before) how does that situation play out with
> deferred accepts?
> Currently I am not using the deferred option and I have timeouts set so
> that if complete request headers aren't received in a few seconds then the
> connection is closed, however with deffered accepts I don't believe nginx
> would be able to do that.

When using deferred accept, nginx instructs the kernel to defer 
connections for just 1 second.  After this time, the kernel will 
pass connections to nginx for normal processing.

If there are too many connections waiting in deferred accept (more 
than a socket backlog), syncookies will be used by the kernel if 

Note that this works slightly differently with old kernels (before 
2.6.32), and in previous nginx versions (before 1.5.10).  Some 
additional information can be found in these commit logs:

Maxim Dounin

More information about the nginx mailing list