Hi,
On Fri, Dec 15, 2023 at 07:37:48PM +0400, Sergey Kandaurov wrote:
> # HG changeset patch
> # User Sergey Kandaurov <pluknet@nginx.com>
> # Date 1702650593 -14400
> # Fri Dec 15 18:29:53 2023 +0400
> # Node ID 9be627b7a3a35c00be13332f553e2d3b778877ae
> # Parent cca722e447f8beaaa6b41a620c8b4239a5d1aa7d
> Stream: the "accept_filter" parameter of the "listen" directive.
>
> The FreeBSD accept filters support.
>
> diff --git a/src/stream/ngx_stream.c b/src/stream/ngx_stream.c
> --- a/src/stream/ngx_stream.c
> +++ b/src/stream/ngx_stream.c
> @@ -1021,6 +1021,10 @@ ngx_stream_add_listening(ngx_conf_t *cf,
> ls->keepcnt = addr->opt.tcp_keepcnt;
> #endif
>
> +#if (NGX_HAVE_DEFERRED_ACCEPT && defined SO_ACCEPTFILTER)
> + ls->accept_filter = addr->opt.accept_filter;
> +#endif
> +
> #if (NGX_HAVE_DEFERRED_ACCEPT && defined TCP_DEFER_ACCEPT)
> ls->deferred_accept = addr->opt.deferred_accept;
> #endif
> diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h
> --- a/src/stream/ngx_stream.h
> +++ b/src/stream/ngx_stream.h
> @@ -70,6 +70,10 @@ typedef struct {
> int tcp_keepintvl;
> int tcp_keepcnt;
> #endif
> +
> +#if (NGX_HAVE_DEFERRED_ACCEPT && defined SO_ACCEPTFILTER)
> + char *accept_filter;
> +#endif
> } ngx_stream_listen_opt_t;
>
>
> diff --git a/src/stream/ngx_stream_core_module.c b/src/stream/ngx_stream_core_module.c
> --- a/src/stream/ngx_stream_core_module.c
> +++ b/src/stream/ngx_stream_core_module.c
> @@ -987,6 +987,20 @@ ngx_stream_core_listen(ngx_conf_t *cf, n
> continue;
> }
>
> + if (ngx_strncmp(value[i].data, "accept_filter=", 14) == 0) {
> +#if (NGX_HAVE_DEFERRED_ACCEPT && defined SO_ACCEPTFILTER)
> + lsopt.accept_filter = (char *) &value[i].data[14];
> + lsopt.set = 1;
> + lsopt.bind = 1;
> +#else
> + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
> + "accept filters \"%V\" are not supported "
> + "on this platform, ignored",
> + &value[i]);
> +#endif
> + continue;
> + }
> +
> if (ngx_strcmp(value[i].data, "deferred") == 0) {
> #if (NGX_HAVE_DEFERRED_ACCEPT && defined TCP_DEFER_ACCEPT)
> lsopt.deferred_accept = 1;
Again, for UDP this needs to be disabled.
Also, we need to check for similar parameters in http/quic.
--
Roman Arutyunyan
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel