On Wed, Feb 21, 2018 at 10:44:00PM +0800, Wang Shanker wrote: > Hi, > > I noticed that you have introduced `ngx_event_udp_accept()`, which can > create a separate socket for receiving datagrams from a specific client. > I understand that it is necessary for DTLS servers. However I wonder > why it is also called for normal udp servers.
for normal udp server this is beneficial if you need to process bidirectional stream, i.e. proxying DTLS or similar protocols without offloading it. Probably this should be at least configurable. > For udp servers listening on a port below 1024, such call will fail if > the worker processes drop their privilege as a non-root user. > The following patch solves this problem by retaining CAP_NET_BIND_SERVICE > after worker processes change UID. yes, there is an issue in such case, and retaining (partial) permissions is a possible (but ugly) solution. _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
