Good info, thank you! On Mon, Nov 9, 2015 at 7:53 AM, Maxim Dounin <[email protected]> wrote:
> Hello! > > On Sat, Nov 07, 2015 at 08:28:29PM -0500, CJ Ess wrote: > > > Just curious - if I am using the deferred listen option on Linux my > > understanding is that nginx will not be woken up until data arrives for > the > > connection. If someone is trying to DDOS me by opening as many > connections > > as possible (has happened before) how does that situation play out with > > deferred accepts? > > > > Currently I am not using the deferred option and I have timeouts set so > > that if complete request headers aren't received in a few seconds then > the > > connection is closed, however with deffered accepts I don't believe nginx > > would be able to do that. > > When using deferred accept, nginx instructs the kernel to defer > connections for just 1 second. After this time, the kernel will > pass connections to nginx for normal processing. > > If there are too many connections waiting in deferred accept (more > than a socket backlog), syncookies will be used by the kernel if > enabled. > > Note that this works slightly differently with old kernels (before > 2.6.32), and in previous nginx versions (before 1.5.10). Some > additional information can be found in these commit logs: > > http://hg.nginx.org/nginx/rev/fdb67cfc957d > http://hg.nginx.org/nginx/rev/05a56ebb084a > > -- > Maxim Dounin > http://nginx.org/ > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
