Am 03.07.16 um 01:34 schrieb Selva Nair:
> - When the number of retries per remote exceeds a limit
> (hard coded to 5), double the restart pause interval
> for each additional retry per remote.
> - Trigger a SIGHUP to reset the retry count when the pause
> interval exceeds 1024 times the base value of restart pause.
> (removed in v2 of the patch)
>
> The base value of restart pause is set using --connect-retry
> (5 seconds by default).
>
> v2 changes (based on suggestions from Arne Schwabe <a...@rfc2549.org>)
>
> - Do not throw SIGHUP.
> - Add an optional argument to "--connect-retry n [m]" where 'm'
> specifies the max value of restart pause interval (default
> 300 sec).
> E.g., "--connect-retry 5 1800" will cause the restart pause to
> scale up starting at 5 until it exceeds 1800 seconds at which
> point it gets capped at 1800.
> - If n == m no slow down will occur.
> - While at it, fix typos and clarify the description of connect-retry-max
> in the man page and Changes.rst
>
> Signed-off-by: Selva Nair <selva.n...@gmail.com>
> ---
> Changes.rst | 8 ++++++--
> doc/openvpn.8 | 19 ++++++++++++-------
> src/openvpn/init.c | 8 ++++++++
> src/openvpn/options.c | 13 ++++++++++---
> src/openvpn/options.h | 1 +
> 5 files changed, 37 insertions(+), 12 deletions(-)
>
> diff --git a/Changes.rst b/Changes.rst
> index d12cdad..59722e2 100644
> --- a/Changes.rst
> +++ b/Changes.rst
> @@ -75,8 +75,8 @@ User-visible Changes
> In --static mode connect-timeout specifies the timeout for TCP and
> proxy connection establishment
>
> -- connect-retry now specifies the maximum number of unsucessfully
> - trying all remote/connection entries before exiting.
> +- connect-retry-max now specifies the maximum number of unsuccessful
> + attempts of each remote/connection entry before exiting.
>
> - sndbuf and recvbuf default now to OS default instead of 64k
>
> @@ -120,6 +120,10 @@ User-visible Changes
> - --http-proxy-retry and --sock-proxy-retry have been removed. Proxy
> connections
> will now behave like regular connection entries and generate a USR1 on
> failure.
>
> +- --connect-retry gets a optional third argument that specifies the maximum
> + time in seconds to wait between reconnection attempts when an exponential
> + backoff is triggered due to repeated retries. Default = 300 seconds.
> +
> Maintainer-visible changes
> --------------------------
> - OpenVPN no longer supports building with crypto support, but without TLS
> diff --git a/doc/openvpn.8 b/doc/openvpn.8
> index 64cc934..3ca6f50 100644
> --- a/doc/openvpn.8
> +++ b/doc/openvpn.8
> @@ -462,22 +462,27 @@ application-level UDP protocols, or tunneling protocols
> which don't
> possess a built-in reliability layer.
> .\"*********************************************************
> .TP
> -.B \-\-connect\-retry n
> +.B \-\-connect\-retry n [max]
> Wait
> .B n
> -seconds between connection attempts (default=5).
> +seconds between connection attempts (default=5). Repeated reconnection
> +attempts are slowed down after 5 retries per remote by doubling the wait
> +time after each unsuccessful attempt. The optional argument
> +.B max
> +specifies the maximum value of wait time in seconds at which it gets
> +capped (default=300).
> .\"*********************************************************
> .TP
> .B \-\-connect\-retry\-max n
> .B n
> -specifies the number of times all
> +specifies the number of times each
> .B \-\-remote
> -respectively
> +or
> .B <connection>
> -statements are tried. Specifiying
> +entry is tried. Specifying
> .B n
> -as one would try each entry exactly once. A sucessful connection
> -resets the counter. (default=umlimited).
> +as one would try each entry exactly once. A successful connection
> +resets the counter. (default=unlimited).
> .\"*********************************************************
> .TP
> .B \-\-show\-proxy\-settings
> diff --git a/src/openvpn/init.c b/src/openvpn/init.c
> index 498d36f..247a526 100644
> --- a/src/openvpn/init.c
> +++ b/src/openvpn/init.c
> @@ -1955,6 +1955,7 @@ static void
> socket_restart_pause (struct context *c)
> {
> int sec = 2;
> + int backoff = 0;
>
> switch (c->options.ce.proto)
> {
> @@ -1977,6 +1978,13 @@ socket_restart_pause (struct context *c)
> sec = 10;
> #endif
>
> + /* Slow down reconnection after 5 retries per remote */
> + backoff = (c->options.unsuccessful_attempts /
> c->options.connection_list->len) - 4;
> + if (backoff > 0 && sec < 1<<16)
> + sec = max_int (sec, 1) << min_int (backoff, 15);
> + if (sec > c->options.ce.connect_retry_seconds_max)
> + sec = c->options.ce.connect_retry_seconds_max;
> +
> if (c->persist.restart_sleep_seconds > 0 &&
> c->persist.restart_sleep_seconds > sec)
> sec = c->persist.restart_sleep_seconds;
> else if (c->persist.restart_sleep_seconds == -1)
>
I think this also needs an excempt for TCP_SERVER case. I think moving
the TCP_SERVER if below the exponential logic will work. Otherwise
connecting just 10 times is an effect dos for a tcp server.
Arne
