Exponentially back off on repeated connect retries
- When the number of retries per remote exceeds a limit
(hard coded to 5), double the restart pause interval
for each additional retry per remote.
- Trigger a SIGHUP to reset the retry count when the pause
interval exceeds 1024 times the base value of restart pause.
(removed in v2 of the patch)
The base value of restart pause is set using --connect-retry
(5 seconds by default).
v2 changes (based on suggestions from Arne Schwabe <arne@rfc2549.org>)
- Do not throw SIGHUP.
- Add an optional argument to "--connect-retry n [m]" where 'm'
specifies the max value of restart pause interval (default
300 sec).
E.g., "--connect-retry 5 1800" will cause the restart pause to
scale up starting at 5 until it exceeds 1800 seconds at which
point it gets capped at 1800.
- If n == m no slow down will occur.
- While at it, fix typos and clarify the description of connect-retry-max
in the man page and Changes.rst
v3 changes (on further feedback from arne@rfc2549.org):
- Limiting the base value of retry wait interval to 16 bits moved
to options.c
- Apply backoff only in the udp and tcp-client modes. Backing off on
tcp-server could be exploited by a client in p2p-mode to maliciously
slow it down (thanks to Arne Schwabe for pointing this out.
- Fix typo in Changes.rst: "third argument" -> "second argument"
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <
1467732770-19110-1-git-send-email-selva.nair@gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/12050
Signed-off-by: Gert Doering <gert@greenie.muc.de>
projects / thirdparty / openvpn.git / commit
