diff options
Diffstat (limited to 'debian')
-rw-r--r-- | debian/patches/increase-tcp-backlog.patch | 43 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 44 insertions, 0 deletions
diff --git a/debian/patches/increase-tcp-backlog.patch b/debian/patches/increase-tcp-backlog.patch new file mode 100644 index 0000000..c729118 --- /dev/null +++ b/debian/patches/increase-tcp-backlog.patch @@ -0,0 +1,43 @@ +From ec0ca68f4ed1e6aa6f08f470b18e0198b7e5a4da Mon Sep 17 00:00:00 2001 +From: Gert Doering <gert@greenie.muc.de> +Date: Thu, 15 Aug 2019 17:53:19 +0200 +Subject: [PATCH] Increase listen() backlog queue to 32 + +For reasons historically unknown, OpenVPN sets the listen() backlog +queue to "1", which signals the kernel "while there is one TCP connect +waiting for OpenVPN to handle it, refuse all others" - which, on +restarting a busy TCP server, will create connection issues. + +The exact "best" value of the backlog queue is subject of discussion, +but for a server that is not extremely busy with many connections +coming in in parallel, there is no real difference between "10" or "500", +as long as it's "more than 1". + +Found and debugged by "mjo" in Trac. + +Trac: #1208 + +Signed-off-by: Gert Doering <gert@greenie.muc.de> +Acked-by: Antonio Quartulli <antonio@openvpn.net> +Acked-by: David Sommerseth <davids@openvpn.net> +Message-Id: <20190815155319.28249-1-gert@greenie.muc.de> +URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18758.html +Signed-off-by: Gert Doering <gert@greenie.muc.de> +(cherry picked from commit 6d8380c78bf77766454b93b49ab2ebf713b0be48) +--- + src/openvpn/socket.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c +index c76d20627..9131ec202 100644 +--- a/src/openvpn/socket.c ++++ b/src/openvpn/socket.c +@@ -1170,7 +1170,7 @@ socket_do_listen(socket_descriptor_t sd, + ASSERT(local); + msg(M_INFO, "Listening for incoming TCP connection on %s", + print_sockaddr(local->ai_addr, &gc)); +- if (listen(sd, 1)) ++ if (listen(sd, 32)) + { + msg(M_ERR, "TCP: listen() failed"); + } diff --git a/debian/patches/series b/debian/patches/series index 5ce43a5..d97803c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -9,3 +9,4 @@ systemd.patch fix-pkcs11-helper-hang.patch CVE-2020-11810.patch CVE-2020-15078.patch +increase-tcp-backlog.patch |