aboutgitcodebugslistschat
diff options
context:
space:
mode:
-rw-r--r--Makefile37
-rwxr-xr-xseccomp.sh5
2 files changed, 25 insertions, 17 deletions
diff --git a/Makefile b/Makefile
index b0de1ec..e8ed7a9 100644
--- a/Makefile
+++ b/Makefile
@@ -31,6 +31,17 @@ CFLAGS += -DPASST_AUDIT_ARCH=AUDIT_ARCH_$(AUDIT_ARCH)
CFLAGS += -DRLIMIT_STACK_VAL=$(RLIMIT_STACK_VAL)
CFLAGS += -DARCH=\"$(TARGET_ARCH)\"
+PASST_SRCS = arch.c arp.c checksum.c conf.c dhcp.c dhcpv6.c icmp.c igmp.c \
+ mld.c ndp.c netlink.c packet.c passt.c pasta.c pcap.c siphash.c \
+ tap.c tcp.c tcp_splice.c udp.c util.c
+QRAP_SRCS = qrap.c
+SRCS = $(PASST_SRCS) $(QRAP_SRCS)
+
+PASST_HEADERS = arch.h arp.h checksum.h conf.h dhcp.h dhcpv6.h icmp.h \
+ ndp.h netlink.h packet.h passt.h pasta.h pcap.h siphash.h \
+ tap.h tcp.h tcp_splice.h udp.h util.h
+HEADERS = $(PASST_HEADERS)
+
# On gcc 11.2, with -O2 and -flto, tcp_hash() and siphash_20b(), if inlined,
# seem to be hitting something similar to:
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78993
@@ -82,18 +93,15 @@ endif
static: CFLAGS += -static -DGLIBC_NO_STATIC_NSS
static: clean all
-seccomp.h: *.c $(filter-out seccomp.h,$(wildcard *.h))
- @ EXTRA_SYSCALLS=$(EXTRA_SYSCALLS) ./seccomp.sh
+seccomp.h: $(PASST_SRCS) $(PASST_HEADERS)
+ @ EXTRA_SYSCALLS=$(EXTRA_SYSCALLS) ./seccomp.sh $^
-passt: $(filter-out qrap.c,$(wildcard *.c)) \
- $(filter-out qrap.h,$(wildcard *.h)) seccomp.h
- $(CC) $(CFLAGS) $(filter-out qrap.c,$(wildcard *.c)) -o passt
+passt: $(PASST_SRCS) $(PASST_HEADERS) seccomp.h
+ $(CC) $(CFLAGS) $(PASST_SRCS) -o passt
passt.avx2: CFLAGS += -Ofast -mavx2 -ftree-vectorize -funroll-loops
-passt.avx2: $(filter-out qrap.c,$(wildcard *.c)) \
- $(filter-out qrap.h,$(wildcard *.h)) seccomp.h
- $(CC) $(filter-out -O2,$(CFLAGS)) $(filter-out qrap.c,$(wildcard *.c)) \
- -o passt.avx2
+passt.avx2: $(PASST_SRCS) $(PASST_HEADERS) seccomp.h
+ $(CC) $(filter-out -O2,$(CFLAGS)) $(PASST_SRCS) -o passt.avx2
passt.avx2: passt
@@ -104,9 +112,8 @@ pasta: passt
ln -s passt pasta
ln -s passt.1 pasta.1
-qrap: qrap.c passt.h
- $(CC) $(CFLAGS) \
- qrap.c -o qrap
+qrap: $(QRAP_SRCS) passt.h
+ $(CC) $(CFLAGS) $(QRAP_SRCS) -o qrap
valgrind: EXTRA_SYSCALLS="rt_sigprocmask rt_sigtimedwait rt_sigaction \
getpid gettid kill clock_gettime mmap munmap open \
@@ -203,7 +210,7 @@ pkgs: static
# - concurrency-mt-unsafe
# TODO: check again if multithreading is implemented
-clang-tidy: $(wildcard *.c) $(wildcard *.h)
+clang-tidy: $(SRCS) $(HEADERS)
clang-tidy -checks=*,-modernize-*,\
-clang-analyzer-valist.Uninitialized,\
-cppcoreguidelines-init-variables,\
@@ -227,7 +234,7 @@ clang-tidy: $(wildcard *.c) $(wildcard *.h)
-altera-struct-pack-align,\
-concurrency-mt-unsafe \
-config='{CheckOptions: [{key: bugprone-suspicious-string-compare.WarnOnImplicitComparison, value: "false"}]}' \
- --warnings-as-errors=* $(wildcard *.c) -- $(filter-out -pie,$(CFLAGS))
+ --warnings-as-errors=* $(SRCS) -- $(filter-out -pie,$(CFLAGS))
ifeq ($(shell $(CC) -v 2>&1 | grep -c "gcc version"),1)
TARGET := $(shell ${CC} -v 2>&1 | sed -n 's/Target: \(.*\)/\1/p')
@@ -237,7 +244,7 @@ EXTRA_INCLUDES_OPT := -I$(EXTRA_INCLUDES)
else
EXTRA_INCLUDES_OPT :=
endif
-cppcheck: $(wildcard *.c) $(wildcard *.h)
+cppcheck: $(SRCS) $(HEADERS)
cppcheck --std=c99 --error-exitcode=1 --enable=all --force \
--inconclusive --library=posix \
-I/usr/include $(EXTRA_INCLUDES_OPT) \
diff --git a/seccomp.sh b/seccomp.sh
index 74eeb4b..17def4d 100755
--- a/seccomp.sh
+++ b/seccomp.sh
@@ -14,6 +14,7 @@
# Author: Stefano Brivio <sbrivio@redhat.com>
TMP="$(mktemp)"
+IN="$@"
OUT="seccomp.h"
HEADER="/* This file was automatically generated by $(basename ${0}) */
@@ -231,9 +232,9 @@ gen_profile() {
}
printf '%s\n' "${HEADER}" > "${OUT}"
-__profiles="$(sed -n 's/[\t ]*\*[\t ]*#syscalls:\([^ ]*\).*/\1/p' *.[ch] | sort -u)"
+__profiles="$(sed -n 's/[\t ]*\*[\t ]*#syscalls:\([^ ]*\).*/\1/p' ${IN} | sort -u)"
for __p in ${__profiles}; do
- __calls="$(sed -n 's/[\t ]*\*[\t ]*#syscalls\(:'"${__p}"'\|\)[\t ]\{1,\}\(.*\)/\2/p' *.[ch])"
+ __calls="$(sed -n 's/[\t ]*\*[\t ]*#syscalls\(:'"${__p}"'\|\)[\t ]\{1,\}\(.*\)/\2/p' ${IN})"
__calls="${__calls} ${EXTRA_SYSCALLS:-}"
__calls="$(filter ${__calls})"
echo "seccomp profile ${__p} allows: ${__calls}" | tr '\n' ' ' | fmt -t