Apply the connect-retry backoff to only one side of a connection

p2p connections with both ends backing off seldom succeed
as their connection attempt durations becomes increasingly
unlikely to overlap when the retry wait time is long.

Avoid this by applying the backoff logic only on TCP clients
or the tls_client side for UDP.

Regression warning: shared secret setups are left out of the
backoff logic.

Trac: #1010, #1384

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210602194739.29488-1-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22485.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 063d55afeea723fc6df0af29a19df257a8ab6920)

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 34d830a3c56854a62268ae4793ba8c9c6d8e3dee..0c2fd03b26f2dc63bdc676ef7894a86f7b95c70f 100644 (file)
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2383,8 +2383,9 @@ socket_restart_pause(struct context *c)
     }
 #endif
 
-    /* Slow down reconnection after 5 retries per remote -- for tcp only in client mode */
-    if (c->options.ce.proto != PROTO_TCP_SERVER)
+    /* Slow down reconnection after 5 retries per remote -- for TCP client or UDP tls-client only */
+    if (c->options.ce.proto == PROTO_TCP_CLIENT
+        || (c->options.ce.proto == PROTO_UDP && c->options.tls_client))
     {
         backoff = (c->options.unsuccessful_attempts / c->options.connection_list->len) - 4;
         if (backoff > 0)