aboutgitcodebugslistschat
diff options
context:
space:
mode:
-rw-r--r--conf.c5
-rw-r--r--isolation.c2
-rw-r--r--isolation.h2
-rw-r--r--log.c6
-rw-r--r--netlink.c6
-rw-r--r--netlink.h6
-rw-r--r--pasta.c4
-rw-r--r--pasta.h2
-rw-r--r--tap.c14
-rw-r--r--tap.h6
-rw-r--r--tcp.c18
-rw-r--r--tcp_conn.h2
-rw-r--r--tcp_splice.c5
-rw-r--r--tcp_splice.h3
-rw-r--r--udp.c4
-rw-r--r--udp.h2
-rw-r--r--util.c5
-rw-r--r--util.h4
18 files changed, 50 insertions, 46 deletions
diff --git a/conf.c b/conf.c
index 0ad6e23..551a9da 100644
--- a/conf.c
+++ b/conf.c
@@ -419,7 +419,8 @@ bind_fail:
* @addr: Address found in /etc/resolv.conf
* @conf: Pointer to reference of current entry in array of IPv4 resolvers
*/
-static void add_dns4(struct ctx *c, struct in_addr *addr, struct in_addr **conf)
+static void add_dns4(struct ctx *c, const struct in_addr *addr,
+ struct in_addr **conf)
{
/* Guest or container can only access local addresses via redirect */
if (IN4_IS_ADDR_LOOPBACK(addr)) {
@@ -1177,7 +1178,7 @@ static void conf_ugid(char *runas, uid_t *uid, gid_t *gid)
void conf(struct ctx *c, int argc, char **argv)
{
int netns_only = 0;
- struct option options[] = {
+ const struct option options[] = {
{"debug", no_argument, NULL, 'd' },
{"quiet", no_argument, NULL, 'q' },
{"foreground", no_argument, NULL, 'f' },
diff --git a/isolation.c b/isolation.c
index 1866724..f394e93 100644
--- a/isolation.c
+++ b/isolation.c
@@ -303,7 +303,7 @@ void isolate_user(uid_t uid, gid_t gid, bool use_userns, const char *userns,
* Mustn't:
* - Remove syscalls we need to daemonise
*/
-int isolate_prefork(struct ctx *c)
+int isolate_prefork(const struct ctx *c)
{
int flags = CLONE_NEWIPC | CLONE_NEWNS | CLONE_NEWUTS;
uint64_t ns_caps = 0;
diff --git a/isolation.h b/isolation.h
index 6ca00bf..846b2af 100644
--- a/isolation.h
+++ b/isolation.h
@@ -10,7 +10,7 @@
void isolate_initial(void);
void isolate_user(uid_t uid, gid_t gid, bool use_userns, const char *userns,
enum passt_modes mode);
-int isolate_prefork(struct ctx *c);
+int isolate_prefork(const struct ctx *c);
void isolate_postfork(const struct ctx *c);
#endif /* ISOLATION_H */
diff --git a/log.c b/log.c
index 63d7801..c57bc8d 100644
--- a/log.c
+++ b/log.c
@@ -216,7 +216,7 @@ void logfile_init(const char *name, const char *path, size_t size)
*
* #syscalls lseek ppc64le:_llseek ppc64:_llseek armv6l:_llseek armv7l:_llseek
*/
-static void logfile_rotate_fallocate(int fd, struct timespec *ts)
+static void logfile_rotate_fallocate(int fd, const struct timespec *ts)
{
char buf[BUFSIZ], *nl;
int n;
@@ -253,7 +253,7 @@ static void logfile_rotate_fallocate(int fd, struct timespec *ts)
* #syscalls lseek ppc64le:_llseek ppc64:_llseek armv6l:_llseek armv7l:_llseek
* #syscalls ftruncate
*/
-static void logfile_rotate_move(int fd, struct timespec *ts)
+static void logfile_rotate_move(int fd, const struct timespec *ts)
{
int header_len, write_offset, end, discard, n;
char buf[BUFSIZ], *nl;
@@ -318,7 +318,7 @@ out:
*
* fallocate() passed as EXTRA_SYSCALL only if FALLOC_FL_COLLAPSE_RANGE is there
*/
-static int logfile_rotate(int fd, struct timespec *ts)
+static int logfile_rotate(int fd, const struct timespec *ts)
{
if (fcntl(fd, F_SETFL, O_RDWR /* Drop O_APPEND: explicit lseek() */))
return -errno;
diff --git a/netlink.c b/netlink.c
index 6c57a68..768c6fd 100644
--- a/netlink.c
+++ b/netlink.c
@@ -345,7 +345,7 @@ int nl_route_get_def(int s, unsigned int ifi, sa_family_t af, void *gw)
*
* Return: 0 on success, negative error code on failure
*/
-int nl_route_set_def(int s, unsigned int ifi, sa_family_t af, void *gw)
+int nl_route_set_def(int s, unsigned int ifi, sa_family_t af, const void *gw)
{
struct req_t {
struct nlmsghdr nlh;
@@ -593,7 +593,7 @@ int nl_addr_get(int s, unsigned int ifi, sa_family_t af,
* Return: 0 on success, negative error code on failure
*/
int nl_addr_set(int s, unsigned int ifi, sa_family_t af,
- void *addr, int prefix_len)
+ const void *addr, int prefix_len)
{
struct req_t {
struct nlmsghdr nlh;
@@ -758,7 +758,7 @@ int nl_link_get_mac(int s, unsigned int ifi, void *mac)
*
* Return: 0 on success, negative error code on failure
*/
-int nl_link_set_mac(int s, unsigned int ifi, void *mac)
+int nl_link_set_mac(int s, unsigned int ifi, const void *mac)
{
struct req_t {
struct nlmsghdr nlh;
diff --git a/netlink.h b/netlink.h
index 9f4f8f4..3a1f0de 100644
--- a/netlink.h
+++ b/netlink.h
@@ -12,17 +12,17 @@ extern int nl_sock_ns;
void nl_sock_init(const struct ctx *c, bool ns);
unsigned int nl_get_ext_if(int s, sa_family_t af);
int nl_route_get_def(int s, unsigned int ifi, sa_family_t af, void *gw);
-int nl_route_set_def(int s, unsigned int ifi, sa_family_t af, void *gw);
+int nl_route_set_def(int s, unsigned int ifi, sa_family_t af, const void *gw);
int nl_route_dup(int s_src, unsigned int ifi_src,
int s_dst, unsigned int ifi_dst, sa_family_t af);
int nl_addr_get(int s, unsigned int ifi, sa_family_t af,
void *addr, int *prefix_len, void *addr_l);
int nl_addr_set(int s, unsigned int ifi, sa_family_t af,
- void *addr, int prefix_len);
+ const void *addr, int prefix_len);
int nl_addr_dup(int s_src, unsigned int ifi_src,
int s_dst, unsigned int ifi_dst, sa_family_t af);
int nl_link_get_mac(int s, unsigned int ifi, void *mac);
-int nl_link_set_mac(int s, unsigned int ifi, void *mac);
+int nl_link_set_mac(int s, unsigned int ifi, const void *mac);
int nl_link_up(int s, unsigned int ifi, int mtu);
#endif /* NETLINK_H */
diff --git a/pasta.c b/pasta.c
index 9bc26d5..5fd44fe 100644
--- a/pasta.c
+++ b/pasta.c
@@ -362,7 +362,7 @@ void pasta_ns_conf(struct ctx *c)
*
* Return: inotify file descriptor, -1 on failure or if not needed/applicable
*/
-int pasta_netns_quit_init(struct ctx *c)
+int pasta_netns_quit_init(const struct ctx *c)
{
int flags = O_NONBLOCK | O_CLOEXEC;
union epoll_ref ref = { .type = EPOLL_TYPE_NSQUIT };
@@ -399,7 +399,7 @@ int pasta_netns_quit_init(struct ctx *c)
void pasta_netns_quit_handler(struct ctx *c, int inotify_fd)
{
char buf[sizeof(struct inotify_event) + NAME_MAX + 1];
- struct inotify_event *in_ev = (struct inotify_event *)buf;
+ const struct inotify_event *in_ev = (struct inotify_event *)buf;
if (read(inotify_fd, buf, sizeof(buf)) < (ssize_t)sizeof(*in_ev))
return;
diff --git a/pasta.h b/pasta.h
index 8722ca1..5d20063 100644
--- a/pasta.h
+++ b/pasta.h
@@ -13,7 +13,7 @@ void pasta_start_ns(struct ctx *c, uid_t uid, gid_t gid,
int argc, char *argv[]);
void pasta_ns_conf(struct ctx *c);
void pasta_child_handler(int signal);
-int pasta_netns_quit_init(struct ctx *c);
+int pasta_netns_quit_init(const struct ctx *c);
void pasta_netns_quit_handler(struct ctx *c, int inotify_fd);
#endif /* PASTA_H */
diff --git a/tap.c b/tap.c
index 93db989..93bb348 100644
--- a/tap.c
+++ b/tap.c
@@ -203,7 +203,7 @@ void tap_udp4_send(const struct ctx *c, struct in_addr src, in_port_t sport,
* @len: ICMP packet length, including ICMP header
*/
void tap_icmp4_send(const struct ctx *c, struct in_addr src, struct in_addr dst,
- void *in, size_t len)
+ const void *in, size_t len)
{
char buf[USHRT_MAX];
void *ip4h = tap_push_l2h(c, buf, ETH_P_IP);
@@ -291,7 +291,7 @@ void tap_udp6_send(const struct ctx *c,
*/
void tap_icmp6_send(const struct ctx *c,
const struct in6_addr *src, const struct in6_addr *dst,
- void *in, size_t len)
+ const void *in, size_t len)
{
char buf[USHRT_MAX];
void *ip6h = tap_push_l2h(c, buf, ETH_P_IPV6);
@@ -315,7 +315,7 @@ void tap_icmp6_send(const struct ctx *c,
*
* #syscalls:pasta write
*/
-static size_t tap_send_frames_pasta(struct ctx *c,
+static size_t tap_send_frames_pasta(const struct ctx *c,
const struct iovec *iov, size_t n)
{
size_t i;
@@ -414,7 +414,7 @@ static size_t tap_send_frames_passt(const struct ctx *c,
* @iov: Array of buffers, each containing one frame (with L2 headers)
* @n: Number of buffers/frames in @iov
*/
-void tap_send_frames(struct ctx *c, const struct iovec *iov, size_t n)
+void tap_send_frames(const struct ctx *c, const struct iovec *iov, size_t n)
{
size_t m;
@@ -706,7 +706,7 @@ append:
}
for (j = 0, seq = tap4_l4; j < seq_count; j++, seq++) {
- struct pool *p = (struct pool *)&seq->p;
+ const struct pool *p = (const struct pool *)&seq->p;
size_t k;
tap_packet_debug(NULL, NULL, seq, 0, NULL, p->count);
@@ -869,7 +869,7 @@ append:
}
for (j = 0, seq = tap6_l4; j < seq_count; j++, seq++) {
- struct pool *p = (struct pool *)&seq->p;
+ const struct pool *p = (const struct pool *)&seq->p;
size_t k;
tap_packet_debug(NULL, NULL, NULL, seq->protocol, seq,
@@ -1022,7 +1022,7 @@ redo:
pool_flush(pool_tap6);
restart:
while ((len = read(c->fd_tap, pkt_buf + n, TAP_BUF_BYTES - n)) > 0) {
- struct ethhdr *eh = (struct ethhdr *)(pkt_buf + n);
+ const struct ethhdr *eh = (struct ethhdr *)(pkt_buf + n);
if (len < (ssize_t)sizeof(*eh) || len > (ssize_t)ETH_MAX_MTU) {
n += len;
diff --git a/tap.h b/tap.h
index 021fb7c..68509d1 100644
--- a/tap.h
+++ b/tap.h
@@ -62,7 +62,7 @@ void tap_udp4_send(const struct ctx *c, struct in_addr src, in_port_t sport,
struct in_addr dst, in_port_t dport,
const void *in, size_t len);
void tap_icmp4_send(const struct ctx *c, struct in_addr src, struct in_addr dst,
- void *in, size_t len);
+ const void *in, size_t len);
const struct in6_addr *tap_ip6_daddr(const struct ctx *c,
const struct in6_addr *src);
void tap_udp6_send(const struct ctx *c,
@@ -71,9 +71,9 @@ void tap_udp6_send(const struct ctx *c,
uint32_t flow, const void *in, size_t len);
void tap_icmp6_send(const struct ctx *c,
const struct in6_addr *src, const struct in6_addr *dst,
- void *in, size_t len);
+ const void *in, size_t len);
int tap_send(const struct ctx *c, const void *data, size_t len);
-void tap_send_frames(struct ctx *c, const struct iovec *iov, size_t n);
+void tap_send_frames(const struct ctx *c, const struct iovec *iov, size_t n);
void tap_update_mac(struct tap_hdr *taph,
const unsigned char *eth_d, const unsigned char *eth_s);
void tap_listen_handler(struct ctx *c, uint32_t events);
diff --git a/tcp.c b/tcp.c
index 680874f..1204e7b 100644
--- a/tcp.c
+++ b/tcp.c
@@ -1016,7 +1016,7 @@ void tcp_update_l2_buf(const unsigned char *eth_d, const unsigned char *eth_s)
* tcp_sock4_iov_init() - Initialise scatter-gather L2 buffers for IPv4 sockets
* @c: Execution context
*/
-static void tcp_sock4_iov_init(struct ctx *c)
+static void tcp_sock4_iov_init(const struct ctx *c)
{
struct iphdr iph = L2_BUF_IP4_INIT(IPPROTO_TCP);
struct iovec *iov;
@@ -1237,7 +1237,7 @@ static void tcp_hash_remove(const struct ctx *c,
* @old: Old location of tcp_tap_conn
* @new: New location of tcp_tap_conn
*/
-static void tcp_tap_conn_update(struct ctx *c, struct tcp_tap_conn *old,
+static void tcp_tap_conn_update(const struct ctx *c, struct tcp_tap_conn *old,
struct tcp_tap_conn *new)
{
struct tcp_tap_conn *entry, *prev = NULL;
@@ -1327,7 +1327,7 @@ void tcp_table_compact(struct ctx *c, union tcp_conn *hole)
*/
static void tcp_conn_destroy(struct ctx *c, union tcp_conn *conn_union)
{
- struct tcp_tap_conn *conn = &conn_union->tap;
+ const struct tcp_tap_conn *conn = &conn_union->tap;
close(conn->sock);
if (conn->timer != -1)
@@ -1349,7 +1349,7 @@ static void tcp_rst_do(struct ctx *c, struct tcp_tap_conn *conn);
* tcp_l2_flags_buf_flush() - Send out buffers for segments with no data (flags)
* @c: Execution context
*/
-static void tcp_l2_flags_buf_flush(struct ctx *c)
+static void tcp_l2_flags_buf_flush(const struct ctx *c)
{
tap_send_frames(c, tcp6_l2_flags_iov, tcp6_l2_flags_buf_used);
tcp6_l2_flags_buf_used = 0;
@@ -1362,7 +1362,7 @@ static void tcp_l2_flags_buf_flush(struct ctx *c)
* tcp_l2_data_buf_flush() - Send out buffers for segments with data
* @c: Execution context
*/
-static void tcp_l2_data_buf_flush(struct ctx *c)
+static void tcp_l2_data_buf_flush(const struct ctx *c)
{
tap_send_frames(c, tcp6_l2_iov, tcp6_l2_buf_used);
tcp6_l2_buf_used = 0;
@@ -2098,7 +2098,7 @@ static void tcp_conn_from_tap(struct ctx *c,
*
* Return: 0 on success, negative error code from recv() on failure
*/
-static int tcp_sock_consume(struct tcp_tap_conn *conn, uint32_t ack_seq)
+static int tcp_sock_consume(const struct tcp_tap_conn *conn, uint32_t ack_seq)
{
/* Simply ignore out-of-order ACKs: we already consumed the data we
* needed from the buffer, and we won't rewind back to a lower ACK
@@ -2124,14 +2124,14 @@ static int tcp_sock_consume(struct tcp_tap_conn *conn, uint32_t ack_seq)
* @seq: Sequence number to be sent
* @now: Current timestamp
*/
-static void tcp_data_to_tap(struct ctx *c, struct tcp_tap_conn *conn,
+static void tcp_data_to_tap(const struct ctx *c, struct tcp_tap_conn *conn,
ssize_t plen, int no_csum, uint32_t seq)
{
struct iovec *iov;
if (CONN_V4(conn)) {
struct tcp4_l2_buf_t *b = &tcp4_l2_buf[tcp4_l2_buf_used];
- uint16_t *check = no_csum ? &(b - 1)->iph.check : NULL;
+ const uint16_t *check = no_csum ? &(b - 1)->iph.check : NULL;
iov = tcp4_l2_iov + tcp4_l2_buf_used++;
iov->iov_len = tcp_l2_buf_fill_headers(c, conn, b, plen,
@@ -2704,7 +2704,7 @@ static void tcp_snat_inbound(const struct ctx *c, union inany_addr *addr)
static void tcp_tap_conn_from_sock(struct ctx *c,
union tcp_listen_epoll_ref ref,
struct tcp_tap_conn *conn, int s,
- struct sockaddr *sa,
+ const struct sockaddr *sa,
const struct timespec *now)
{
conn->c.spliced = false;
diff --git a/tcp_conn.h b/tcp_conn.h
index d67ea62..0751e00 100644
--- a/tcp_conn.h
+++ b/tcp_conn.h
@@ -190,7 +190,7 @@ extern union tcp_conn tc[];
extern int init_sock_pool4 [TCP_SOCK_POOL_SIZE];
extern int init_sock_pool6 [TCP_SOCK_POOL_SIZE];
-void tcp_splice_conn_update(struct ctx *c, struct tcp_splice_conn *new);
+void tcp_splice_conn_update(const struct ctx *c, struct tcp_splice_conn *new);
void tcp_table_compact(struct ctx *c, union tcp_conn *hole);
void tcp_splice_destroy(struct ctx *c, union tcp_conn *conn_union);
void tcp_splice_timer(struct ctx *c, union tcp_conn *conn_union);
diff --git a/tcp_splice.c b/tcp_splice.c
index a572aca..54fc317 100644
--- a/tcp_splice.c
+++ b/tcp_splice.c
@@ -253,7 +253,7 @@ static void conn_event_do(const struct ctx *c, struct tcp_splice_conn *conn,
* @c: Execution context
* @new: New location of tcp_splice_conn
*/
-void tcp_splice_conn_update(struct ctx *c, struct tcp_splice_conn *new)
+void tcp_splice_conn_update(const struct ctx *c, struct tcp_splice_conn *new)
{
tcp_splice_epoll_ctl(c, new);
if (tcp_splice_epoll_ctl(c, new))
@@ -486,7 +486,8 @@ static void tcp_splice_dir(struct tcp_splice_conn *conn, int ref_sock,
* Return: true if able to create a spliced connection, false otherwise
* #syscalls:pasta setsockopt
*/
-bool tcp_splice_conn_from_sock(struct ctx *c, union tcp_listen_epoll_ref ref,
+bool tcp_splice_conn_from_sock(const struct ctx *c,
+ union tcp_listen_epoll_ref ref,
struct tcp_splice_conn *conn, int s,
const struct sockaddr *sa)
{
diff --git a/tcp_splice.h b/tcp_splice.h
index e7a583a..dc486f1 100644
--- a/tcp_splice.h
+++ b/tcp_splice.h
@@ -10,7 +10,8 @@ struct tcp_splice_conn;
void tcp_splice_sock_handler(struct ctx *c, struct tcp_splice_conn *conn,
int s, uint32_t events);
-bool tcp_splice_conn_from_sock(struct ctx *c, union tcp_listen_epoll_ref ref,
+bool tcp_splice_conn_from_sock(const struct ctx *c,
+ union tcp_listen_epoll_ref ref,
struct tcp_splice_conn *conn, int s,
const struct sockaddr *sa);
void tcp_splice_init(struct ctx *c);
diff --git a/udp.c b/udp.c
index ed1b7a5..cadf393 100644
--- a/udp.c
+++ b/udp.c
@@ -691,7 +691,7 @@ static size_t udp_update_hdr6(const struct ctx *c, int n, in_port_t dstport,
*
* Return: size of tap frame with headers
*/
-static void udp_tap_send(struct ctx *c,
+static void udp_tap_send(const struct ctx *c,
unsigned int start, unsigned int n,
in_port_t dstport, bool v6, const struct timespec *now)
{
@@ -726,7 +726,7 @@ static void udp_tap_send(struct ctx *c,
*
* #syscalls recvmmsg
*/
-void udp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events,
+void udp_sock_handler(const struct ctx *c, union epoll_ref ref, uint32_t events,
const struct timespec *now)
{
/* For not entirely clear reasons (data locality?) pasta gets
diff --git a/udp.h b/udp.h
index 0ee0695..7837134 100644
--- a/udp.h
+++ b/udp.h
@@ -8,7 +8,7 @@
#define UDP_TIMER_INTERVAL 1000 /* ms */
-void udp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events,
+void udp_sock_handler(const struct ctx *c, union epoll_ref ref, uint32_t events,
const struct timespec *now);
int udp_tap_handler(struct ctx *c, int af, const void *saddr, const void *daddr,
const struct pool *p, int idx, const struct timespec *now);
diff --git a/util.c b/util.c
index 34c32b9..1f35382 100644
--- a/util.c
+++ b/util.c
@@ -320,7 +320,8 @@ void bitmap_clear(uint8_t *map, int bit)
*/
int bitmap_isset(const uint8_t *map, int bit)
{
- unsigned long *word = (unsigned long *)map + BITMAP_WORD(bit);
+ const unsigned long *word
+ = (const unsigned long *)map + BITMAP_WORD(bit);
return !!(*word & BITMAP_BIT(bit));
}
@@ -337,7 +338,7 @@ int bitmap_isset(const uint8_t *map, int bit)
* #syscalls:pasta ppc64le:_llseek ppc64:_llseek armv6l:_llseek armv7l:_llseek
*/
void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns,
- uint8_t *map, uint8_t *exclude)
+ uint8_t *map, const uint8_t *exclude)
{
char *path, *line;
struct lineread lr;
diff --git a/util.h b/util.h
index 57a05fb..60d6872 100644
--- a/util.h
+++ b/util.h
@@ -218,7 +218,7 @@ void bitmap_clear(uint8_t *map, int bit);
int bitmap_isset(const uint8_t *map, int bit);
char *line_read(char *buf, size_t len, int fd);
void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns,
- uint8_t *map, uint8_t *exclude);
+ uint8_t *map, const uint8_t *exclude);
void ns_enter(const struct ctx *c);
bool ns_is_init(void);
void write_pidfile(int fd, pid_t pid);
@@ -235,7 +235,7 @@ int write_file(const char *path, const char *buf);
* clang-tidy suppressions, because the warning doesn't show on the syscall
* itself but later when we access the supposedly uninitialised field.
*/
-static inline void sa_init(struct sockaddr *sa, socklen_t *sl)
+static inline void sa_init(struct sockaddr *sa, const socklen_t *sl)
{
#ifdef CLANG_TIDY_58992
if (sa)