diff options
| -rw-r--r-- | conf.c | 5 | ||||
| -rw-r--r-- | isolation.c | 2 | ||||
| -rw-r--r-- | isolation.h | 2 | ||||
| -rw-r--r-- | log.c | 6 | ||||
| -rw-r--r-- | netlink.c | 6 | ||||
| -rw-r--r-- | netlink.h | 6 | ||||
| -rw-r--r-- | pasta.c | 4 | ||||
| -rw-r--r-- | pasta.h | 2 | ||||
| -rw-r--r-- | tap.c | 14 | ||||
| -rw-r--r-- | tap.h | 6 | ||||
| -rw-r--r-- | tcp.c | 18 | ||||
| -rw-r--r-- | tcp_conn.h | 2 | ||||
| -rw-r--r-- | tcp_splice.c | 5 | ||||
| -rw-r--r-- | tcp_splice.h | 3 | ||||
| -rw-r--r-- | udp.c | 4 | ||||
| -rw-r--r-- | udp.h | 2 | ||||
| -rw-r--r-- | util.c | 5 | ||||
| -rw-r--r-- | util.h | 4 |
18 files changed, 50 insertions, 46 deletions
@@ -419,7 +419,8 @@ bind_fail: * @addr: Address found in /etc/resolv.conf * @conf: Pointer to reference of current entry in array of IPv4 resolvers */ -static void add_dns4(struct ctx *c, struct in_addr *addr, struct in_addr **conf) +static void add_dns4(struct ctx *c, const struct in_addr *addr, + struct in_addr **conf) { /* Guest or container can only access local addresses via redirect */ if (IN4_IS_ADDR_LOOPBACK(addr)) { @@ -1177,7 +1178,7 @@ static void conf_ugid(char *runas, uid_t *uid, gid_t *gid) void conf(struct ctx *c, int argc, char **argv) { int netns_only = 0; - struct option options[] = { + const struct option options[] = { {"debug", no_argument, NULL, 'd' }, {"quiet", no_argument, NULL, 'q' }, {"foreground", no_argument, NULL, 'f' }, diff --git a/isolation.c b/isolation.c index 1866724..f394e93 100644 --- a/isolation.c +++ b/isolation.c @@ -303,7 +303,7 @@ void isolate_user(uid_t uid, gid_t gid, bool use_userns, const char *userns, * Mustn't: * - Remove syscalls we need to daemonise */ -int isolate_prefork(struct ctx *c) +int isolate_prefork(const struct ctx *c) { int flags = CLONE_NEWIPC | CLONE_NEWNS | CLONE_NEWUTS; uint64_t ns_caps = 0; diff --git a/isolation.h b/isolation.h index 6ca00bf..846b2af 100644 --- a/isolation.h +++ b/isolation.h @@ -10,7 +10,7 @@ void isolate_initial(void); void isolate_user(uid_t uid, gid_t gid, bool use_userns, const char *userns, enum passt_modes mode); -int isolate_prefork(struct ctx *c); +int isolate_prefork(const struct ctx *c); void isolate_postfork(const struct ctx *c); #endif /* ISOLATION_H */ @@ -216,7 +216,7 @@ void logfile_init(const char *name, const char *path, size_t size) * * #syscalls lseek ppc64le:_llseek ppc64:_llseek armv6l:_llseek armv7l:_llseek */ -static void logfile_rotate_fallocate(int fd, struct timespec *ts) +static void logfile_rotate_fallocate(int fd, const struct timespec *ts) { char buf[BUFSIZ], *nl; int n; @@ -253,7 +253,7 @@ static void logfile_rotate_fallocate(int fd, struct timespec *ts) * #syscalls lseek ppc64le:_llseek ppc64:_llseek armv6l:_llseek armv7l:_llseek * #syscalls ftruncate */ -static void logfile_rotate_move(int fd, struct timespec *ts) +static void logfile_rotate_move(int fd, const struct timespec *ts) { int header_len, write_offset, end, discard, n; char buf[BUFSIZ], *nl; @@ -318,7 +318,7 @@ out: * * fallocate() passed as EXTRA_SYSCALL only if FALLOC_FL_COLLAPSE_RANGE is there */ -static int logfile_rotate(int fd, struct timespec *ts) +static int logfile_rotate(int fd, const struct timespec *ts) { if (fcntl(fd, F_SETFL, O_RDWR /* Drop O_APPEND: explicit lseek() */)) return -errno; @@ -345,7 +345,7 @@ int nl_route_get_def(int s, unsigned int ifi, sa_family_t af, void *gw) * * Return: 0 on success, negative error code on failure */ -int nl_route_set_def(int s, unsigned int ifi, sa_family_t af, void *gw) +int nl_route_set_def(int s, unsigned int ifi, sa_family_t af, const void *gw) { struct req_t { struct nlmsghdr nlh; @@ -593,7 +593,7 @@ int nl_addr_get(int s, unsigned int ifi, sa_family_t af, * Return: 0 on success, negative error code on failure */ int nl_addr_set(int s, unsigned int ifi, sa_family_t af, - void *addr, int prefix_len) + const void *addr, int prefix_len) { struct req_t { struct nlmsghdr nlh; @@ -758,7 +758,7 @@ int nl_link_get_mac(int s, unsigned int ifi, void *mac) * * Return: 0 on success, negative error code on failure */ -int nl_link_set_mac(int s, unsigned int ifi, void *mac) +int nl_link_set_mac(int s, unsigned int ifi, const void *mac) { struct req_t { struct nlmsghdr nlh; @@ -12,17 +12,17 @@ extern int nl_sock_ns; void nl_sock_init(const struct ctx *c, bool ns); unsigned int nl_get_ext_if(int s, sa_family_t af); int nl_route_get_def(int s, unsigned int ifi, sa_family_t af, void *gw); -int nl_route_set_def(int s, unsigned int ifi, sa_family_t af, void *gw); +int nl_route_set_def(int s, unsigned int ifi, sa_family_t af, const void *gw); int nl_route_dup(int s_src, unsigned int ifi_src, int s_dst, unsigned int ifi_dst, sa_family_t af); int nl_addr_get(int s, unsigned int ifi, sa_family_t af, void *addr, int *prefix_len, void *addr_l); int nl_addr_set(int s, unsigned int ifi, sa_family_t af, - void *addr, int prefix_len); + const void *addr, int prefix_len); int nl_addr_dup(int s_src, unsigned int ifi_src, int s_dst, unsigned int ifi_dst, sa_family_t af); int nl_link_get_mac(int s, unsigned int ifi, void *mac); -int nl_link_set_mac(int s, unsigned int ifi, void *mac); +int nl_link_set_mac(int s, unsigned int ifi, const void *mac); int nl_link_up(int s, unsigned int ifi, int mtu); #endif /* NETLINK_H */ @@ -362,7 +362,7 @@ void pasta_ns_conf(struct ctx *c) * * Return: inotify file descriptor, -1 on failure or if not needed/applicable */ -int pasta_netns_quit_init(struct ctx *c) +int pasta_netns_quit_init(const struct ctx *c) { int flags = O_NONBLOCK | O_CLOEXEC; union epoll_ref ref = { .type = EPOLL_TYPE_NSQUIT }; @@ -399,7 +399,7 @@ int pasta_netns_quit_init(struct ctx *c) void pasta_netns_quit_handler(struct ctx *c, int inotify_fd) { char buf[sizeof(struct inotify_event) + NAME_MAX + 1]; - struct inotify_event *in_ev = (struct inotify_event *)buf; + const struct inotify_event *in_ev = (struct inotify_event *)buf; if (read(inotify_fd, buf, sizeof(buf)) < (ssize_t)sizeof(*in_ev)) return; @@ -13,7 +13,7 @@ void pasta_start_ns(struct ctx *c, uid_t uid, gid_t gid, int argc, char *argv[]); void pasta_ns_conf(struct ctx *c); void pasta_child_handler(int signal); -int pasta_netns_quit_init(struct ctx *c); +int pasta_netns_quit_init(const struct ctx *c); void pasta_netns_quit_handler(struct ctx *c, int inotify_fd); #endif /* PASTA_H */ @@ -203,7 +203,7 @@ void tap_udp4_send(const struct ctx *c, struct in_addr src, in_port_t sport, * @len: ICMP packet length, including ICMP header */ void tap_icmp4_send(const struct ctx *c, struct in_addr src, struct in_addr dst, - void *in, size_t len) + const void *in, size_t len) { char buf[USHRT_MAX]; void *ip4h = tap_push_l2h(c, buf, ETH_P_IP); @@ -291,7 +291,7 @@ void tap_udp6_send(const struct ctx *c, */ void tap_icmp6_send(const struct ctx *c, const struct in6_addr *src, const struct in6_addr *dst, - void *in, size_t len) + const void *in, size_t len) { char buf[USHRT_MAX]; void *ip6h = tap_push_l2h(c, buf, ETH_P_IPV6); @@ -315,7 +315,7 @@ void tap_icmp6_send(const struct ctx *c, * * #syscalls:pasta write */ -static size_t tap_send_frames_pasta(struct ctx *c, +static size_t tap_send_frames_pasta(const struct ctx *c, const struct iovec *iov, size_t n) { size_t i; @@ -414,7 +414,7 @@ static size_t tap_send_frames_passt(const struct ctx *c, * @iov: Array of buffers, each containing one frame (with L2 headers) * @n: Number of buffers/frames in @iov */ -void tap_send_frames(struct ctx *c, const struct iovec *iov, size_t n) +void tap_send_frames(const struct ctx *c, const struct iovec *iov, size_t n) { size_t m; @@ -706,7 +706,7 @@ append: } for (j = 0, seq = tap4_l4; j < seq_count; j++, seq++) { - struct pool *p = (struct pool *)&seq->p; + const struct pool *p = (const struct pool *)&seq->p; size_t k; tap_packet_debug(NULL, NULL, seq, 0, NULL, p->count); @@ -869,7 +869,7 @@ append: } for (j = 0, seq = tap6_l4; j < seq_count; j++, seq++) { - struct pool *p = (struct pool *)&seq->p; + const struct pool *p = (const struct pool *)&seq->p; size_t k; tap_packet_debug(NULL, NULL, NULL, seq->protocol, seq, @@ -1022,7 +1022,7 @@ redo: pool_flush(pool_tap6); restart: while ((len = read(c->fd_tap, pkt_buf + n, TAP_BUF_BYTES - n)) > 0) { - struct ethhdr *eh = (struct ethhdr *)(pkt_buf + n); + const struct ethhdr *eh = (struct ethhdr *)(pkt_buf + n); if (len < (ssize_t)sizeof(*eh) || len > (ssize_t)ETH_MAX_MTU) { n += len; @@ -62,7 +62,7 @@ void tap_udp4_send(const struct ctx *c, struct in_addr src, in_port_t sport, struct in_addr dst, in_port_t dport, const void *in, size_t len); void tap_icmp4_send(const struct ctx *c, struct in_addr src, struct in_addr dst, - void *in, size_t len); + const void *in, size_t len); const struct in6_addr *tap_ip6_daddr(const struct ctx *c, const struct in6_addr *src); void tap_udp6_send(const struct ctx *c, @@ -71,9 +71,9 @@ void tap_udp6_send(const struct ctx *c, uint32_t flow, const void *in, size_t len); void tap_icmp6_send(const struct ctx *c, const struct in6_addr *src, const struct in6_addr *dst, - void *in, size_t len); + const void *in, size_t len); int tap_send(const struct ctx *c, const void *data, size_t len); -void tap_send_frames(struct ctx *c, const struct iovec *iov, size_t n); +void tap_send_frames(const struct ctx *c, const struct iovec *iov, size_t n); void tap_update_mac(struct tap_hdr *taph, const unsigned char *eth_d, const unsigned char *eth_s); void tap_listen_handler(struct ctx *c, uint32_t events); @@ -1016,7 +1016,7 @@ void tcp_update_l2_buf(const unsigned char *eth_d, const unsigned char *eth_s) * tcp_sock4_iov_init() - Initialise scatter-gather L2 buffers for IPv4 sockets * @c: Execution context */ -static void tcp_sock4_iov_init(struct ctx *c) +static void tcp_sock4_iov_init(const struct ctx *c) { struct iphdr iph = L2_BUF_IP4_INIT(IPPROTO_TCP); struct iovec *iov; @@ -1237,7 +1237,7 @@ static void tcp_hash_remove(const struct ctx *c, * @old: Old location of tcp_tap_conn * @new: New location of tcp_tap_conn */ -static void tcp_tap_conn_update(struct ctx *c, struct tcp_tap_conn *old, +static void tcp_tap_conn_update(const struct ctx *c, struct tcp_tap_conn *old, struct tcp_tap_conn *new) { struct tcp_tap_conn *entry, *prev = NULL; @@ -1327,7 +1327,7 @@ void tcp_table_compact(struct ctx *c, union tcp_conn *hole) */ static void tcp_conn_destroy(struct ctx *c, union tcp_conn *conn_union) { - struct tcp_tap_conn *conn = &conn_union->tap; + const struct tcp_tap_conn *conn = &conn_union->tap; close(conn->sock); if (conn->timer != -1) @@ -1349,7 +1349,7 @@ static void tcp_rst_do(struct ctx *c, struct tcp_tap_conn *conn); * tcp_l2_flags_buf_flush() - Send out buffers for segments with no data (flags) * @c: Execution context */ -static void tcp_l2_flags_buf_flush(struct ctx *c) +static void tcp_l2_flags_buf_flush(const struct ctx *c) { tap_send_frames(c, tcp6_l2_flags_iov, tcp6_l2_flags_buf_used); tcp6_l2_flags_buf_used = 0; @@ -1362,7 +1362,7 @@ static void tcp_l2_flags_buf_flush(struct ctx *c) * tcp_l2_data_buf_flush() - Send out buffers for segments with data * @c: Execution context */ -static void tcp_l2_data_buf_flush(struct ctx *c) +static void tcp_l2_data_buf_flush(const struct ctx *c) { tap_send_frames(c, tcp6_l2_iov, tcp6_l2_buf_used); tcp6_l2_buf_used = 0; @@ -2098,7 +2098,7 @@ static void tcp_conn_from_tap(struct ctx *c, * * Return: 0 on success, negative error code from recv() on failure */ -static int tcp_sock_consume(struct tcp_tap_conn *conn, uint32_t ack_seq) +static int tcp_sock_consume(const struct tcp_tap_conn *conn, uint32_t ack_seq) { /* Simply ignore out-of-order ACKs: we already consumed the data we * needed from the buffer, and we won't rewind back to a lower ACK @@ -2124,14 +2124,14 @@ static int tcp_sock_consume(struct tcp_tap_conn *conn, uint32_t ack_seq) * @seq: Sequence number to be sent * @now: Current timestamp */ -static void tcp_data_to_tap(struct ctx *c, struct tcp_tap_conn *conn, +static void tcp_data_to_tap(const struct ctx *c, struct tcp_tap_conn *conn, ssize_t plen, int no_csum, uint32_t seq) { struct iovec *iov; if (CONN_V4(conn)) { struct tcp4_l2_buf_t *b = &tcp4_l2_buf[tcp4_l2_buf_used]; - uint16_t *check = no_csum ? &(b - 1)->iph.check : NULL; + const uint16_t *check = no_csum ? &(b - 1)->iph.check : NULL; iov = tcp4_l2_iov + tcp4_l2_buf_used++; iov->iov_len = tcp_l2_buf_fill_headers(c, conn, b, plen, @@ -2704,7 +2704,7 @@ static void tcp_snat_inbound(const struct ctx *c, union inany_addr *addr) static void tcp_tap_conn_from_sock(struct ctx *c, union tcp_listen_epoll_ref ref, struct tcp_tap_conn *conn, int s, - struct sockaddr *sa, + const struct sockaddr *sa, const struct timespec *now) { conn->c.spliced = false; @@ -190,7 +190,7 @@ extern union tcp_conn tc[]; extern int init_sock_pool4 [TCP_SOCK_POOL_SIZE]; extern int init_sock_pool6 [TCP_SOCK_POOL_SIZE]; -void tcp_splice_conn_update(struct ctx *c, struct tcp_splice_conn *new); +void tcp_splice_conn_update(const struct ctx *c, struct tcp_splice_conn *new); void tcp_table_compact(struct ctx *c, union tcp_conn *hole); void tcp_splice_destroy(struct ctx *c, union tcp_conn *conn_union); void tcp_splice_timer(struct ctx *c, union tcp_conn *conn_union); diff --git a/tcp_splice.c b/tcp_splice.c index a572aca..54fc317 100644 --- a/tcp_splice.c +++ b/tcp_splice.c @@ -253,7 +253,7 @@ static void conn_event_do(const struct ctx *c, struct tcp_splice_conn *conn, * @c: Execution context * @new: New location of tcp_splice_conn */ -void tcp_splice_conn_update(struct ctx *c, struct tcp_splice_conn *new) +void tcp_splice_conn_update(const struct ctx *c, struct tcp_splice_conn *new) { tcp_splice_epoll_ctl(c, new); if (tcp_splice_epoll_ctl(c, new)) @@ -486,7 +486,8 @@ static void tcp_splice_dir(struct tcp_splice_conn *conn, int ref_sock, * Return: true if able to create a spliced connection, false otherwise * #syscalls:pasta setsockopt */ -bool tcp_splice_conn_from_sock(struct ctx *c, union tcp_listen_epoll_ref ref, +bool tcp_splice_conn_from_sock(const struct ctx *c, + union tcp_listen_epoll_ref ref, struct tcp_splice_conn *conn, int s, const struct sockaddr *sa) { diff --git a/tcp_splice.h b/tcp_splice.h index e7a583a..dc486f1 100644 --- a/tcp_splice.h +++ b/tcp_splice.h @@ -10,7 +10,8 @@ struct tcp_splice_conn; void tcp_splice_sock_handler(struct ctx *c, struct tcp_splice_conn *conn, int s, uint32_t events); -bool tcp_splice_conn_from_sock(struct ctx *c, union tcp_listen_epoll_ref ref, +bool tcp_splice_conn_from_sock(const struct ctx *c, + union tcp_listen_epoll_ref ref, struct tcp_splice_conn *conn, int s, const struct sockaddr *sa); void tcp_splice_init(struct ctx *c); @@ -691,7 +691,7 @@ static size_t udp_update_hdr6(const struct ctx *c, int n, in_port_t dstport, * * Return: size of tap frame with headers */ -static void udp_tap_send(struct ctx *c, +static void udp_tap_send(const struct ctx *c, unsigned int start, unsigned int n, in_port_t dstport, bool v6, const struct timespec *now) { @@ -726,7 +726,7 @@ static void udp_tap_send(struct ctx *c, * * #syscalls recvmmsg */ -void udp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events, +void udp_sock_handler(const struct ctx *c, union epoll_ref ref, uint32_t events, const struct timespec *now) { /* For not entirely clear reasons (data locality?) pasta gets @@ -8,7 +8,7 @@ #define UDP_TIMER_INTERVAL 1000 /* ms */ -void udp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events, +void udp_sock_handler(const struct ctx *c, union epoll_ref ref, uint32_t events, const struct timespec *now); int udp_tap_handler(struct ctx *c, int af, const void *saddr, const void *daddr, const struct pool *p, int idx, const struct timespec *now); @@ -320,7 +320,8 @@ void bitmap_clear(uint8_t *map, int bit) */ int bitmap_isset(const uint8_t *map, int bit) { - unsigned long *word = (unsigned long *)map + BITMAP_WORD(bit); + const unsigned long *word + = (const unsigned long *)map + BITMAP_WORD(bit); return !!(*word & BITMAP_BIT(bit)); } @@ -337,7 +338,7 @@ int bitmap_isset(const uint8_t *map, int bit) * #syscalls:pasta ppc64le:_llseek ppc64:_llseek armv6l:_llseek armv7l:_llseek */ void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns, - uint8_t *map, uint8_t *exclude) + uint8_t *map, const uint8_t *exclude) { char *path, *line; struct lineread lr; @@ -218,7 +218,7 @@ void bitmap_clear(uint8_t *map, int bit); int bitmap_isset(const uint8_t *map, int bit); char *line_read(char *buf, size_t len, int fd); void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns, - uint8_t *map, uint8_t *exclude); + uint8_t *map, const uint8_t *exclude); void ns_enter(const struct ctx *c); bool ns_is_init(void); void write_pidfile(int fd, pid_t pid); @@ -235,7 +235,7 @@ int write_file(const char *path, const char *buf); * clang-tidy suppressions, because the warning doesn't show on the syscall * itself but later when we access the supposedly uninitialised field. */ -static inline void sa_init(struct sockaddr *sa, socklen_t *sl) +static inline void sa_init(struct sockaddr *sa, const socklen_t *sl) { #ifdef CLANG_TIDY_58992 if (sa) |