It goes like this:

static void ngx_http_upstream_check_broken_connection(...) {
...
n = recv(c->fd, buf, 1, MSG_PEEK);
...
}

Checking for closed connection with recv(..., MSG_PEEK) is broken.

SSL closes are not detected, thus sockets stay in CLOSE_WAIT state forever
-- nice DoS).
The alternative is to use stunnel with the X-Forwarded-For patch, but
that's way too messy.

In ngx_http_upstream_check_broken_connection(), there seems to be a
different path for kqueue.
What about modifying the poll/epoll behavior to detect disconnections for
other event modules ?
In ngx_epoll_add_connection(), we can add the EPOLLHUP event, and mark the
connection
as disconnected when processing HUP events instead of using the buggy
MSG_PEEK hack.

What do you think ?

Nico.
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel