| commit | 646cc762cc9297510102fc094f3af8a5a9e296c7 | |
| author | Eric Wong <normalperson@yhbt.net> | |
| Sat, 3 Jul 2010 09:30:57 +0000 (3 09:30 +0000) | ||
| committer | Eric Wong <normalperson@yhbt.net> | |
| Sat, 3 Jul 2010 09:30:57 +0000 (3 09:30 +0000) | ||
| tree | 926b1fc90e89d5958efde8bba5d03cb6237ab313 | treesnapshot (tar.gz zip) |
| parent | 5769f313793ca84100f089b1911f2e22d0a31e9d | commitdiff |
socket_helper: tunables for tcp_defer_accept/accept_filter
Under Linux, this allows users to tune the time (in seconds) to
defer connections before allowing them to be accepted. The
behavior of TCP_DEFER_ACCEPT changed with Linux 2.6.32 and idle
connections may still be accept()-ed after the specified value
in seconds. A small value of '1' remains the default for
Unicorn as Unicorn does not worry about slow clients. Higher
values provide better DoS protection for Rainbows! but also
increases kernel memory usage.
Allowing "dataready" for FreeBSD accept filters will allow
SSL sockets to be used in the future for HTTPS, too.
Under Linux, this allows users to tune the time (in seconds) to
defer connections before allowing them to be accepted. The
behavior of TCP_DEFER_ACCEPT changed with Linux 2.6.32 and idle
connections may still be accept()-ed after the specified value
in seconds. A small value of '1' remains the default for
Unicorn as Unicorn does not worry about slow clients. Higher
values provide better DoS protection for Rainbows! but also
increases kernel memory usage.
Allowing "dataready" for FreeBSD accept filters will allow
SSL sockets to be used in the future for HTTPS, too.
| lib/unicorn/socket_helper.rb | diffblobblamehistory | |
| test/unit/test_socket_helper.rb | diffblobblamehistory |