listen deferred option
CJ Ess
zxcvbn4038 at gmail.com
Tue Nov 10 06:08:50 UTC 2015
Good info, thank you!
On Mon, Nov 9, 2015 at 7:53 AM, Maxim Dounin <mdounin at mdounin.ru> wrote:
> Hello!
>
> On Sat, Nov 07, 2015 at 08:28:29PM -0500, CJ Ess wrote:
>
> > Just curious - if I am using the deferred listen option on Linux my
> > understanding is that nginx will not be woken up until data arrives for
> the
> > connection. If someone is trying to DDOS me by opening as many
> connections
> > as possible (has happened before) how does that situation play out with
> > deferred accepts?
> >
> > Currently I am not using the deferred option and I have timeouts set so
> > that if complete request headers aren't received in a few seconds then
> the
> > connection is closed, however with deffered accepts I don't believe nginx
> > would be able to do that.
>
> When using deferred accept, nginx instructs the kernel to defer
> connections for just 1 second. After this time, the kernel will
> pass connections to nginx for normal processing.
>
> If there are too many connections waiting in deferred accept (more
> than a socket backlog), syncookies will be used by the kernel if
> enabled.
>
> Note that this works slightly differently with old kernels (before
> 2.6.32), and in previous nginx versions (before 1.5.10). Some
> additional information can be found in these commit logs:
>
> http://hg.nginx.org/nginx/rev/fdb67cfc957d
> http://hg.nginx.org/nginx/rev/05a56ebb084a
>
> --
> Maxim Dounin
> http://nginx.org/
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20151110/5460f81b/attachment.html>
More information about the nginx
mailing list