A listening socket can be enabled with the sockopt
TCP_DEFER_ACCEPT. This informs the kernel to not call the user-land
accept() until real data has been written to the socket.
A new flag LEV_OPT_DEFERRED_ACCEPT has been introduced to
automatically set this option. Optionally
evutil_make_tcp_listen_socket_deferred() can be called manually.
(Tweaked slightly by nickm.)
When a nameserver is down, we periodically try sending a "probe"
message to that nameserver to see if it has come back up. If a
nameserver comes up, we cancel any pending probe messages.
Cancelling a probe message while handling the probe's response would
result in a access-after-free or a double-free, so when we notice that
we're about to call a nameserver up because of having received a probe
from it, we need to check whether current response is the response
from the probe.
There was a case where we didn't to that, though: when the resolver
gave us an unusual error response to our request that it resolve
google.com. This is pretty rare, but apparently it can happen with
some weird cacheing nameservers -- the one on the mikrotik router, for
example. Without this patch, we would crash with a NULL pointer
derefernce.
Thanks to Hannes Sowa for finding this issue and helping me track it
down.
Linux provides some features that allow avoiding extra calls to
fcntl when creating new nonblocking/close-on-exec sockets, so
we can add wrapper functions to emulate those when they are not
available.
Additionally, even when we are emulating those functions, we can
take a fast path that cuts our fcntl calls in half: we don't need to
look up the previous value of a file's flags when we have just
created it.
We were doing this because of (correct) reports that NetBSD gives an
EBADF when you try to add the write side of a pipe for which the
read side has been closed. But on most kqueue platforms, that
doesn't happen, and on *all* kqueue platforms, reporting a
nonexistent fd (which we usually have if we have seen EBADF) as
readable tends to give programs a case of the vapors.
Nicholas Marriott wrote the original patch here; I did the comment
fixes.
This is not a perfect fix, but it's much much better than the
current buggy behavior, which could lead to filtering SSL
connections that just stopped reading.
Based on ideas by Maseeb Abdul Qadir and Mark Ellzey.
