nginx.git/src/event/ngx_event_accept.c, branch release-1.29.2 nginx Core: added support for TCP keepalive parameters on macOS. 2025-05-26T21:59:02+00:00 Sergey Kandaurov pluknet@nginx.com 2025-05-26T12:11:36+00:00 5b8a5c08ce28639e788734b2528faad70baa113c The support first appeared in OS X Mavericks 10.9 and documented since OS X Yosemite 10.10. It has a subtle implementation difference from other operating systems in that the TCP_KEEPALIVE socket option (used in place of TCP_KEEPIDLE) isn't inherited from a listening socket to an accepted socket. An apparent reason for this behaviour is that it might be preserved for the sake of backward compatibility. The TCP_KEEPALIVE socket option is not inherited since appearance in OS X Panther 10.3, which long predates two other TCP_KEEPINTVL and TCP_KEEPCNT socket options. Thanks to Andy Pan for initial work. 
The support first appeared in OS X Mavericks 10.9 and documented since
OS X Yosemite 10.10.

It has a subtle implementation difference from other operating systems
in that the TCP_KEEPALIVE socket option (used in place of TCP_KEEPIDLE)
isn't inherited from a listening socket to an accepted socket.

An apparent reason for this behaviour is that it might be preserved for
the sake of backward compatibility.  The TCP_KEEPALIVE socket option is
not inherited since appearance in OS X Panther 10.3, which long predates
two other TCP_KEEPINTVL and TCP_KEEPCNT socket options.

Thanks to Andy Pan for initial work.
Events: fixed balancing between workers with EPOLLEXCLUSIVE. 2021-12-29T22:08:46+00:00 Maxim Dounin mdounin@mdounin.ru 2021-12-29T22:08:46+00:00 96c342e56035a9676180d03b4659d5b05b9c6b07 Linux with EPOLLEXCLUSIVE usually notifies only the process which was first to add the listening socket to the epoll instance. As a result most of the connections are handled by the first worker process (ticket #2285). To fix this, we re-add the socket periodically, so other workers will get a chance to accept connections. 
Linux with EPOLLEXCLUSIVE usually notifies only the process which was first
to add the listening socket to the epoll instance.  As a result most of the
connections are handled by the first worker process (ticket #2285).  To fix
this, we re-add the socket periodically, so other workers will get a chance
to accept connections.
Introduced the "keepalive_time" directive. 2021-04-07T21:15:48+00:00 Maxim Dounin mdounin@mdounin.ru 2021-04-07T21:15:48+00:00 d9996d6f27150bfb9c9c00d77fac940712aa1d28 Similar to lingering_time, it limits total connection lifetime before keepalive is switched off. The default is 1 hour, which is close to the total maximum connection lifetime possible with default keepalive_requests and keepalive_timeout. 
Similar to lingering_time, it limits total connection lifetime before
keepalive is switched off.  The default is 1 hour, which is close to
the total maximum connection lifetime possible with default
keepalive_requests and keepalive_timeout.
Events: moved ngx_recvmsg() to new file src/event/ngx_event_udp.c. 2018-06-01T13:55:49+00:00 Roman Arutyunyan arut@nginx.com 2018-06-01T13:55:49+00:00 1028d7169599dafd99a9f1720d995667750b1ab1 






Events: get remote addresses before creating udp connection.
2018-06-01T10:12:57+00:00

Roman Arutyunyan
arut@nginx.com

2018-06-01T10:12:57+00:00

20f8bfab34efe8069d6ab454b08ceb710ea55a97

Previously, ngx_event_recvmsg() got remote socket addresses after creating
the connection object.  In preparation to handling multiple UDP packets in a
single session, this code was moved up.





Previously, ngx_event_recvmsg() got remote socket addresses after creating
the connection object.  In preparation to handling multiple UDP packets in a
single session, this code was moved up.







Events: fixed handling zero-length client address.
2018-06-01T13:53:02+00:00

Roman Arutyunyan
arut@nginx.com

2018-06-01T13:53:02+00:00

26a57486f013abff616be8345e542c15419f0759

On Linux recvmsg() syscall may return a zero-length client address when
receiving a datagram from an unbound unix datagram socket.  It is usually
assumed that socket address has at least the sa_family member.  Zero-length
socket address caused buffer over-read in functions which receive socket
address, for example ngx_sock_ntop().  Typically the over-read resulted in
unexpected socket family followed by session close.  Now a fake socket address
is allocated instead of a zero-length client address.





On Linux recvmsg() syscall may return a zero-length client address when
receiving a datagram from an unbound unix datagram socket.  It is usually
assumed that socket address has at least the sa_family member.  Zero-length
socket address caused buffer over-read in functions which receive socket
address, for example ngx_sock_ntop().  Typically the over-read resulted in
unexpected socket family followed by session close.  Now a fake socket address
is allocated instead of a zero-length client address.







Fixed buffer overread with unix sockets after accept().
2017-10-04T18:19:33+00:00

Maxim Dounin
mdounin@mdounin.ru

2017-10-04T18:19:33+00:00

2e1e65a5c0a9f8ba5b7b3ce848176482ba4da654

Some OSes (notably macOS, NetBSD, and Solaris) allow unix socket addresses
larger than struct sockaddr_un.  Moreover, some of them (macOS, Solaris)
return socklen of the socket address before it was truncated to fit the
buffer provided.  As such, on these systems socklen must not be used without
additional check that it is within the buffer provided.

Appropriate checks added to ngx_event_accept() (after accept()),
ngx_event_recvmsg() (after recvmsg()), and ngx_set_inherited_sockets()
(after getsockname()).

We also obtain socket addresses via getsockname() in
ngx_connection_local_sockaddr(), but it does not need any checks as
it is only used for INET and INET6 sockets (as there can be no
wildcard unix sockets).





Some OSes (notably macOS, NetBSD, and Solaris) allow unix socket addresses
larger than struct sockaddr_un.  Moreover, some of them (macOS, Solaris)
return socklen of the socket address before it was truncated to fit the
buffer provided.  As such, on these systems socklen must not be used without
additional check that it is within the buffer provided.

Appropriate checks added to ngx_event_accept() (after accept()),
ngx_event_recvmsg() (after recvmsg()), and ngx_set_inherited_sockets()
(after getsockname()).

We also obtain socket addresses via getsockname() in
ngx_connection_local_sockaddr(), but it does not need any checks as
it is only used for INET and INET6 sockets (as there can be no
wildcard unix sockets).







Fixed deferred accept with EPOLLRDHUP enabled (ticket #1278).
2017-05-24T10:17:08+00:00

Roman Arutyunyan
arut@nginx.com

2017-05-24T10:17:08+00:00

c83922b18ddc83f654c1d0df48a6ca1ee9938078

Previously, the read event of the accepted connection was marked ready, but not
available.  This made EPOLLRDHUP-related code (for example, in ngx_unix_recv())
expect more data from the socket, leading to unexpected behavior.

For example, if SSL, PROXY protocol and deferred accept were enabled on a listen
socket, the client connection was aborted due to unexpected return value of
c->recv().





Previously, the read event of the accepted connection was marked ready, but not
available.  This made EPOLLRDHUP-related code (for example, in ngx_unix_recv())
expect more data from the socket, leading to unexpected behavior.

For example, if SSL, PROXY protocol and deferred accept were enabled on a listen
socket, the client connection was aborted due to unexpected return value of
c->recv().







Stream: filters.
2016-09-15T11:55:46+00:00

Roman Arutyunyan
arut@nginx.com

2016-09-15T11:55:46+00:00

04b9434b1817def37eb55cd7f4360d1164678797












Introduced the ngx_sockaddr_t type.
2016-05-23T13:37:20+00:00

Ruslan Ermilov
ru@nginx.com

2016-05-23T13:37:20+00:00

fd064d3b88e59ee71aec508687403539b01d643c

It's properly aligned and can hold any supported sockaddr.





It's properly aligned and can hold any supported sockaddr.