From patchwork Fri Mar 6 16:42:39 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4809 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7001:a68f:b0:83c:d90d:321 with SMTP id wf15csp1680593mab; Fri, 6 Mar 2026 08:42:58 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWTcKMMV1vInOspiLnznAwEcasXCh0O5Lzt6HbSmtRfunAJpikPv+xqZtDdz91ybbenEBy4SbYbvvE=@openvpn.net X-Received: by 2002:a4a:e909:0:b0:663:40d:48a3 with SMTP id 006d021491bc7-67b9bc56b92mr1888527eaf.8.1772815377994; Fri, 06 Mar 2026 08:42:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1772815377; cv=none; d=google.com; s=arc-20240605; b=WYM7TP1gj8f/U1BTLi52tfVf9FUkUBEoTtuuwMp0pGAlY7/spUa3Obi9ImtAdf8ow5 5n9UhJTbt+Izmw5lXzs/SY9En9Q7eCPpP829tnxRhA/dAaSmNEwUvW+XLOo/4cyXDQsn bV3AM8yyz3vtLQa2LGF5CYHPIVzhWY11LX0ZKim4skJb5FmoD2lDcTG11RAhjZv91Q8s 1+F5tUYtcpwYg7RIn38OYWNF1c2Dpk4wjPye36b7OLoqGMG7uZmKFI8p5udQCLUngBUy Qmljmoj4FNdz0ldHnGoiRIvfp7X+aWznVLCZ0P4EHxYWdUT/iqPbFQtIrV//DUhURMLV IqjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=ANfNzzIFysTPLGBuPO+43JFeqenXW6v0EtDKE7H01mw=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=lnPcPIn5OyCUmmk/Y4Uo013nUs64sqVVdGIpuAe8LgR+adua9r9y5bFhnp6HgBtjaj 10ekW177W4lHNtD/dZIE4piNeWyFLvof7ojXmv+gXpa7w+VQWMydmFaGX1ZQD9jNsCI2 ESVQLm8NvXjIa3gmdOzNHuLZYjDW4Li/BkwnbSwcZWdFq8zjkzAUJ4BZPoZPSzeOyhGe OreiGxi9uEOFA8x8if1cSWsN4hKps2zgXJyZvl4Ym91hrFeGtB8wVF+to/oiutvuLpvE nT98pTXVNlDDd0eTd7alYaLD9DDesHwJoF3zqr4iZkVzlyW81c/U8lCeAkDNdn+Nn7f6 zzgg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=PnRgNDME; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=ibiGiP1J; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=DO2cTR7v; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-416e68027c0si1529351fac.223.2026.03.06.08.42.57 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 06 Mar 2026 08:42:57 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=PnRgNDME; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=ibiGiP1J; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=DO2cTR7v; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ANfNzzIFysTPLGBuPO+43JFeqenXW6v0EtDKE7H01mw=; b=PnRgNDMERR5Wiv8X5QbUQPlRGJ ETc9BmtCKyNmMOnAA1jKsX43zuyOFQQXEAeqzJtiXwvAL+ixtfSUkGNDFIfGtbZmzzmIahAeOJDWq LFHizdnZtNWza+af+TPL1iGRY3n3KWLX6RVyhiJUYNWPqnMwMyHFmxhwAd3e/neaPQOc=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vyYGL-0004Jv-Js; Fri, 06 Mar 2026 16:42:54 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vyYGK-0004Ji-K7 for openvpn-devel@lists.sourceforge.net; Fri, 06 Mar 2026 16:42:53 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=UXTV+BUfHAnwkZY9jEXW3sa04IB4We5GLWlsafgHlsA=; b=ibiGiP1J7ddOapJtvY2IhDg/r4 5hIzV8KvUosmBjEdXPlcZsIE0cvKz8ygydDdrIWIPLVeaiS7xfdZ9c1eWjaEL2Pl3dQdkNasrIFL1 REn9kXEFXqZApIGE0Wk9+9dfwzIZ4/EjsIKXedm+zVtZsouVVBVQiIvcqXCC2CJsJMBg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=UXTV+BUfHAnwkZY9jEXW3sa04IB4We5GLWlsafgHlsA=; b=DO2cTR7vUYuK0C5Evag5qVyOIg NuXA+Sz71M6UHcOUX8hnFaRCESsd/BSYP0xLmFc0BTgZMoMaBtgjn8p9WVD1bAVh0e8orx976AzfJ S766fwBBBWEzVxMV75TDAbVMmIKwCDwtrK4dMiL6jVxj9tE60kt5ehDGipNGx614AlnY=; Received: from [193.149.48.129] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vyYGK-0006ZG-I7 for openvpn-devel@lists.sourceforge.net; Fri, 06 Mar 2026 16:42:53 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 626GgkMm003501 for ; Fri, 6 Mar 2026 17:42:46 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 626GgkNm003500 for openvpn-devel@lists.sourceforge.net; Fri, 6 Mar 2026 17:42:46 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Fri, 6 Mar 2026 17:42:39 +0100 Message-ID: <20260306164245.3486-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.52.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe This keeps track of the highest peer id that is currently allocated to avoid iterating over the empty tail of the m->instances array. Change-Id: If797f3fe178fba3f43fb12898e5484bfb38f05c3 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Gerrit URL: https://gerrit.openvpn.net/c [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vyYGK-0006ZG-I7 Subject: [Openvpn-devel] [PATCH v3] Optimise iterating over all clients by remembering highest peer id X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1858931657719291690?= X-GMAIL-MSGID: =?utf-8?q?1858931657719291690?= From: Arne Schwabe This keeps track of the highest peer id that is currently allocated to avoid iterating over the empty tail of the m->instances array. Change-Id: If797f3fe178fba3f43fb12898e5484bfb38f05c3 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1557 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1557 This mail reflects revision 3 of this Change. Signed-off-by line for the author was added as per our policy. Acked-by according to Gerrit (reflected above): Frank Lichtenheld diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 9d4ea49..c03e821 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -601,6 +601,13 @@ if (mi->context.c2.tls_multi->peer_id != MAX_PEER_ID) { m->instances[mi->context.c2.tls_multi->peer_id] = NULL; + + /* Adjust the max_peerid as this might have been the highest + * peer id instance */ + while (m->max_peerid > 0 && m->instances[m->max_peerid] == NULL) + { + m->max_peerid--; + } } schedule_remove_entry(m->schedule, (struct schedule_entry *)mi); @@ -652,7 +659,7 @@ { if (m->hash) { - for (int i = 0; i < m->max_clients; i++) + for (uint32_t i = 0; i <= m->max_peerid; i++) { struct multi_instance *mi = m->instances[i]; if (mi) @@ -1326,7 +1333,7 @@ { int count = 0; - for (int i = 0; i < m->max_clients; i++) + for (uint32_t i = 0; i <= m->max_peerid; i++) { struct multi_instance *mi = m->instances[i]; if (mi && mi != new_mi && !mi->halt) @@ -2885,7 +2892,7 @@ #endif mb = mbuf_alloc_buf(buf); - for (int i = 0; i < m->max_clients; i++) + for (uint32_t i = 0; i <= m->max_peerid; i++) { struct multi_instance *mi = m->instances[i]; @@ -3794,7 +3801,7 @@ multi_push_restart_schedule_exit(struct multi_context *m, bool next_server) { /* tell all clients to restart */ - for (int i = 0; i < m->max_clients; i++) + for (uint32_t i = 0; i <= m->max_peerid; i++) { struct multi_instance *mi = m->instances[i]; if (mi && !mi->halt && proto_is_dgram(mi->context.c2.link_sockets[0]->info.proto)) @@ -3876,7 +3883,7 @@ struct multi_context *m = (struct multi_context *)arg; int count = 0; - for (int i = 0; i < m->max_clients; i++) + for (uint32_t i = 0; i <= m->max_peerid; i++) { struct multi_instance *mi = m->instances[i]; if (mi && !mi->halt) @@ -3907,7 +3914,7 @@ maddr.proto = proto; if (mroute_extract_openvpn_sockaddr(&maddr, &saddr, true)) { - for (int i = 0; i < m->max_clients; i++) + for (uint32_t i = 0; i <= m->max_peerid; i++) { struct multi_instance *mi = m->instances[i]; if (mi && !mi->halt && mroute_addr_equal(&maddr, &mi->real)) @@ -4100,8 +4107,14 @@ } /* should not really end up here, since multi_create_instance returns null - * if amount of clients exceeds max_clients */ + * if amount of clients exceeds max_clients and this method would then + * also not have been called */ ASSERT(mi->context.c2.tls_multi->peer_id < m->max_clients); + + if (mi->context.c2.tls_multi->peer_id > m->max_peerid) + { + m->max_peerid = mi->context.c2.tls_multi->peer_id; + } } #if defined(__GNUC__) || defined(__clang__) diff --git a/src/openvpn/multi.h b/src/openvpn/multi.h index 498409d..17d850b 100644 --- a/src/openvpn/multi.h +++ b/src/openvpn/multi.h @@ -160,9 +160,12 @@ */ struct multi_context { - struct multi_instance **instances; /**< Array of multi_instances. An instance can be + struct multi_instance **instances; /**< Array of multi_instances with the size of + * max_clients. An instance can be * accessed using peer-id as an index. */ - + uint32_t max_peerid; /**< currently highest allocated peerid and + * maximum allocated/valid index in + * instances */ struct hash *hash; /**< VPN tunnel instances indexed by real * address of the remote peer. */ struct hash *vhash; /**< VPN tunnel instances indexed by diff --git a/src/openvpn/push_util.c b/src/openvpn/push_util.c index 6456554..529cc39 100644 --- a/src/openvpn/push_util.c +++ b/src/openvpn/push_util.c @@ -317,7 +317,7 @@ int count = 0; - for (int i = 0; i < m->max_clients; i++) + for (uint32_t i = 0; i <= m->max_peerid; i++) { struct multi_instance *curr_mi = m->instances[i];