> 在 2018年2月21日,23:34,Vladimir Homutov <v...@nginx.com> 写道: > >> On Wed, Feb 21, 2018 at 10:44:00PM +0800, Wang Shanker wrote: >> Hi, >> >> I noticed that you have introduced `ngx_event_udp_accept()`, which can >> create a separate socket for receiving datagrams from a specific client. >> I understand that it is necessary for DTLS servers. However I wonder >> why it is also called for normal udp servers. > > for normal udp server this is beneficial if you need to process > bidirectional stream, i.e. proxying DTLS or similar protocols without > offloading it. Probably this should be at least configurable. > >> For udp servers listening on a port below 1024, such call will fail if >> the worker processes drop their privilege as a non-root user. >> The following patch solves this problem by retaining CAP_NET_BIND_SERVICE >> after worker processes change UID. > > yes, there is an issue in such case, and retaining (partial) permissions > is a possible (but ugly) solution.
You can see from the code that it is not the first time to use that solution. I wonder if there is better solution for this issue. Cheers, Miao Wang _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
