Apply the connect-retry backoff to only one side of a connection

p2p connections with both ends backing off seldom succeed
as their connection attempt durations becomes increasingly
unlikely to overlap when the retry wait time is long.

Avoid this by applying the backoff logic only on TCP clients
or the tls_client side for UDP.

Regression warning: shared secret setups are left out of the
backoff logic.

Trac: #1010, #1384

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210602194739.29488-1-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22485.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 29897af94435eb9869ba8c6957de5f2f4cb014ff..1c674a243511df5cad491137ac04594b4280a203 100644 (file)
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2423,8 +2423,9 @@ socket_restart_pause(struct context *c)
         sec = 10;
     }
 
-    /* Slow down reconnection after 5 retries per remote -- for tcp only in client mode */
-    if (c->options.ce.proto != PROTO_TCP_SERVER)
+    /* Slow down reconnection after 5 retries per remote -- for TCP client or UDP tls-client only */
+    if (c->options.ce.proto == PROTO_TCP_CLIENT
+        || (c->options.ce.proto == PROTO_UDP && c->options.tls_client))
     {
         backoff = (c->options.unsuccessful_attempts / c->options.connection_list->len) - 4;
         if (backoff > 0)