Opened 12 months ago

Last modified 10 months ago

#1154 new enhancement

Passing URG flag via nginx

Reported by: jjagodzinski@… Owned by:
Priority: minor Milestone:
Component: nginx-module Version: 1.10.x
Keywords: Cc:
Sensitive: no
uname -a: Linux t40487.te4.local 2.6.32-642.3.1.el6.x86_64 #1 SMP Tue Jul 12 18:30:56 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.10.1 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --add-dynamic-module=njs-1c50334fbea6/nginx --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'

Description

I have a problem with URG flag and passing it via nginx. I use stream module for TCP connections.
Configuration for nginx:

stream {

    server {
        listen 6002;
        proxy_pass 127.0.0.1:8000;
        proxy_timeout 10;
    }

}

tcpdumps:
from sender:

sudo tcpdump  -i any dst port 6002
10:24:08.532935 IP 172.20.9.82.54296 > t40487.te4.local.x11-2: Flags [S], seq 1000, win 8192, length 0
10:24:08.609577 IP 172.20.9.82.54296 > t40487.te4.local.x11-2: Flags [.], ack 1034154399, win 8192, length 0
10:24:08.680219 IP 172.20.9.82.54296 > t40487.te4.local.x11-2: Flags [U], seq 1003:1005, win 8192, urg 0, length 2

on nginx host (collect everything from network):

tcpdump -i any src host  172.20.9.82 and not dst port 22
10:24:08.678898 IP 172.20.9.82.54296 > t40487.te4.local.6002: Flags [.], ack 2008903947, win 8192, length 0
10:24:08.749167 IP 172.20.9.82.54296 > t40487.te4.local.6002: Flags [U], seq 2816206677:2816206679, win 8192, urg 0, length 2

on application (check only application port):

tcpdump -i any dst port 8000
10:25:38.704441 IP localhost.52258 > localhost.irdmi: Flags [S], seq 361184170, win 65495, options [mss 65495,sackOK,TS val 5902248 ecr 0,nop,wscale 7], length 0
10:25:38.704471 IP localhost.52258 > localhost.irdmi: Flags [.], ack 1535641746, win 512, options [nop,nop,TS val 5902248 ecr 5902248], length 0

As you can see the URG flag is not visible in application.
I think that nginx takes packet with URG flag for himself :-)

Is it possible to pass it to application?

Change History (5)

comment:1 Changed 12 months ago by maxim

Just wonder: what type of application is it?

comment:2 Changed 12 months ago by jjagodzinski@…

It is Oracle SQLdeveloper

comment:3 Changed 12 months ago by jjagodzinski@…

Additional detail:
URGs are implemented as 'out of band' communication (man sendto(2)):

MSG_OOB

Sends out-of-band data on sockets that support this notion (e.g., of type SOCK_STREAM); the underlying protocol must also support out-of-band data.

comment:4 Changed 12 months ago by maxim

Thanks, we are aware of the underlying details.

comment:5 Changed 10 months ago by mdounin

  • Type changed from defect to enhancement
Note: See TracTickets for help on using tickets.