diff mbox series

[Openvpn-devel,v2] Allow repeated cycles through remotes when management-query-remote is in use

Message ID 1589556111-18894-1-git-send-email-selva.nair@gmail.com
State Deferred
Headers show
Series [Openvpn-devel,v2] Allow repeated cycles through remotes when management-query-remote is in use | expand

Commit Message

Selva Nair May 15, 2020, 5:21 a.m. UTC 
From: Selva Nair <selva.nair@gmail.com>

(i) Let the management-client predictably cycle through remote entries. This
is done by not aborting after two cycles. The client can abort or restart
the connection  using  signals (USR/HUP/TERM) as necessary.

In the current behaviour, the daemon can unexpectedly exit when the last remote
is skipped. When management-query-remote is not in use, the behaviour is
unchanged.

(ii) Do not count skipping a remote as an unsuccessful connection attempt.
As the latter count is used for backoff it should count only failed attempts.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
---
 - rebased to master, no changes

 src/openvpn/init.c | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)
diff mbox series

Patch

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 70cd493..1bb39ee 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -471,14 +471,6 @@  next_connection_entry(struct context *c)
                         c->c1.link_socket_addr.remote_list;
                 }
 
-                /*
-                 * Increase the number of connection attempts
-                 * If this is connect-retry-max * size(l)
-                 * OpenVPN will quit
-                 */
-
-                c->options.unsuccessful_attempts++;
-
                 if (++l->current >= l->len)
                 {
 
@@ -504,6 +496,9 @@  next_connection_entry(struct context *c)
         {
             /* allow management interface to override connection entry details */
             ce_defined = ce_management_query_remote(c);
+
+            /* ignore cycles when management-query-remote is in use */
+            n_cycles = 0;
             if (IS_SIG(c))
             {
                 break;
@@ -520,6 +515,7 @@  next_connection_entry(struct context *c)
 #endif
     } while (!ce_defined);
 
+    c->options.unsuccessful_attempts++;
     /* Check if this connection attempt would bring us over the limit */
     if (c->options.connect_retry_max > 0
         && c->options.unsuccessful_attempts > (l->len  * c->options.connect_retry_max))