summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/patches/increase-tcp-backlog.patch43
-rw-r--r--debian/patches/series1
2 files changed, 44 insertions, 0 deletions
diff --git a/debian/patches/increase-tcp-backlog.patch b/debian/patches/increase-tcp-backlog.patch
new file mode 100644
index 0000000..c729118
--- /dev/null
+++ b/debian/patches/increase-tcp-backlog.patch
@@ -0,0 +1,43 @@
+From ec0ca68f4ed1e6aa6f08f470b18e0198b7e5a4da Mon Sep 17 00:00:00 2001
+From: Gert Doering <gert@greenie.muc.de>
+Date: Thu, 15 Aug 2019 17:53:19 +0200
+Subject: [PATCH] Increase listen() backlog queue to 32
+
+For reasons historically unknown, OpenVPN sets the listen() backlog
+queue to "1", which signals the kernel "while there is one TCP connect
+waiting for OpenVPN to handle it, refuse all others" - which, on
+restarting a busy TCP server, will create connection issues.
+
+The exact "best" value of the backlog queue is subject of discussion,
+but for a server that is not extremely busy with many connections
+coming in in parallel, there is no real difference between "10" or "500",
+as long as it's "more than 1".
+
+Found and debugged by "mjo" in Trac.
+
+Trac: #1208
+
+Signed-off-by: Gert Doering <gert@greenie.muc.de>
+Acked-by: Antonio Quartulli <antonio@openvpn.net>
+Acked-by: David Sommerseth <davids@openvpn.net>
+Message-Id: <20190815155319.28249-1-gert@greenie.muc.de>
+URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18758.html
+Signed-off-by: Gert Doering <gert@greenie.muc.de>
+(cherry picked from commit 6d8380c78bf77766454b93b49ab2ebf713b0be48)
+---
+ src/openvpn/socket.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
+index c76d20627..9131ec202 100644
+--- a/src/openvpn/socket.c
++++ b/src/openvpn/socket.c
+@@ -1170,7 +1170,7 @@ socket_do_listen(socket_descriptor_t sd,
+ ASSERT(local);
+ msg(M_INFO, "Listening for incoming TCP connection on %s",
+ print_sockaddr(local->ai_addr, &gc));
+- if (listen(sd, 1))
++ if (listen(sd, 32))
+ {
+ msg(M_ERR, "TCP: listen() failed");
+ }
diff --git a/debian/patches/series b/debian/patches/series
index 5ce43a5..d97803c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,3 +9,4 @@ systemd.patch
fix-pkcs11-helper-hang.patch
CVE-2020-11810.patch
CVE-2020-15078.patch
+increase-tcp-backlog.patch