+ if (!fo->n_controllers) {
+ /* Shouldn't ever arrive here, but if we do, never fail open. */
+ return INT_MAX;
+ } else {
+ /* Otherwise, every controller must have a chance to send an
+ * inactivity probe and reconnect before we fail open, so take the
+ * maximum probe interval and multiply by 3:
+ *
+ * - The first interval is the idle time before sending an inactivity
+ * probe.
+ *
+ * - The second interval is the time allowed for a response to the
+ * inactivity probe.
+ *
+ * - The third interval is the time allowed to reconnect after no
+ * response is received.
+ */
+ int max_probe_interval;
+ size_t i;
+
+ max_probe_interval = 0;
+ for (i = 0; i < fo->n_controllers; i++) {
+ int probe_interval = rconn_get_probe_interval(fo->controllers[i]);
+ max_probe_interval = MAX(max_probe_interval, probe_interval);
+ }
+ return max_probe_interval * 3;
+ }
+}
+
+/* Returns the number of seconds for which all controllers have been
+ * disconnected. */
+static int
+failure_duration(const struct fail_open *fo)
+{
+ int min_failure_duration;
+ size_t i;
+
+ if (!fo->n_controllers) {
+ return 0;
+ }
+
+ min_failure_duration = INT_MAX;
+ for (i = 0; i < fo->n_controllers; i++) {
+ int failure_duration = rconn_failure_duration(fo->controllers[i]);
+ min_failure_duration = MIN(min_failure_duration, failure_duration);
+ }
+ return min_failure_duration;