Message ID | 20210602194739.29488-1-selva.nair@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel] Apply the connect-retry backoff to only one side of a connection | expand |
Acked-by: Gert Doering <gert@greenie.muc.de> Thanks. Change makes sense. Code looks good. Lightly tested on TCP/--client, UDP/--client, TCP/--tls-client, UDP/--tls-client (same behaviour as without the patch). Plus t_client test rig. Tested on p2p "server" according to #1384 (--ping-restart, --secret, --proto udp, no --remote) - could reproduce #1384 without the patch, server does not go into backoff with the patch. Consequently, this will also affect a "p2p --secret client", as the only difference is "is there a remote?" (but for such setups, this is likely the right thing to do - to avoid restart loops, just do not use --ping-restart in p2p mode, use --ping alone to keep NAT sessions open) Your patch has been applied to the master, release/2.5 and release/2.4 branch (bugfix). Not sure we'll ever do another 2.4 release, but if we do, it's in :-) commit 063d55afeea723fc6df0af29a19df257a8ab6920 (master) commit d8dee82f1129ac6d3e4bcdc867726f5d64798dc7 (release/2.5) commit 7029cece844d9324aff687981b8b6c33b099db2d (release/2.4) Author: Selva Nair Date: Wed Jun 2 15:47:39 2021 -0400 Apply the connect-retry backoff to only one side of a connection Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20210602194739.29488-1-selva.nair@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22485.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 49c74292..2889f355 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2423,8 +2423,9 @@ socket_restart_pause(struct context *c) sec = 10; } - /* Slow down reconnection after 5 retries per remote -- for tcp only in client mode */ - if (c->options.ce.proto != PROTO_TCP_SERVER) + /* Slow down reconnection after 5 retries per remote -- for TCP client or UDP tls-client only */ + if (c->options.ce.proto == PROTO_TCP_CLIENT + || (c->options.ce.proto == PROTO_UDP && c->options.tls_client)) { backoff = (c->options.unsuccessful_attempts / c->options.connection_list->len) - 4; if (backoff > 0)