From 027669129b882267f22f3ffcadfd33d749c9497b Mon Sep 17 00:00:00 2001 From: Zxilly Date: Fri, 10 Nov 2023 18:25:31 +0800 Subject: [PATCH] perf: using const for argument --- src/cache.c | 4 +- src/cli.c | 2 +- src/config.c | 6 +-- src/handler.c | 114 +++++++++++++++++++++------------------- src/statistics.c | 6 +-- src/third/nfqueue-mnl.c | 2 +- src/ua2f.c | 12 ++--- src/util.c | 14 +++-- 8 files changed, 85 insertions(+), 75 deletions(-) diff --git a/src/cache.c b/src/cache.c index 15bdbfd0..53c6f17d 100644 --- a/src/cache.c +++ b/src/cache.c @@ -14,7 +14,7 @@ _Noreturn static void check_cache() { while (true) { pthread_rwlock_wrlock(&cacheLock); - time_t now = time(NULL); + const time_t now = time(NULL); struct cache *cur, *tmp; HASH_ITER(hh, not_http_dst_cache, cur, tmp) { @@ -39,7 +39,7 @@ void init_not_http_cache() { syslog(LOG_INFO, "Cache lock initialized"); pthread_t cleanup_thread; - __auto_type ret = pthread_create(&cleanup_thread, NULL, (void *(*)(void *)) check_cache, NULL); + const __auto_type ret = pthread_create(&cleanup_thread, NULL, check_cache, NULL); if (ret) { syslog(LOG_ERR, "Failed to create cleanup thread: %d", ret); exit(EXIT_FAILURE); diff --git a/src/cli.c b/src/cli.c index b74c4f10..30e20917 100644 --- a/src/cli.c +++ b/src/cli.c @@ -6,7 +6,7 @@ #include "config.h" // handle print --version and --help -void try_print_info(int argc, char *argv[]) { +void try_print_info(const int argc, char *argv[]) { if (argc != 2) { return; } diff --git a/src/config.c b/src/config.c index acadf78e..7d186226 100644 --- a/src/config.c +++ b/src/config.c @@ -10,7 +10,7 @@ struct ua2f_config config = { }; void load_config() { - __auto_type ctx = uci_alloc_context(); + const __auto_type ctx = uci_alloc_context(); if (!ctx) { syslog(LOG_ERR, "Failed to allocate uci context"); return; @@ -22,12 +22,12 @@ void load_config() { } // find ua2f.main.custom_ua - __auto_type section = uci_lookup_section(ctx, package, "main"); + const __auto_type section = uci_lookup_section(ctx, package, "main"); if (!section) { goto cleanup; } - __auto_type custom_ua = uci_lookup_option_string(ctx, section, "custom_ua"); + const __auto_type custom_ua = uci_lookup_option_string(ctx, section, "custom_ua"); if (!custom_ua) { goto cleanup; } diff --git a/src/handler.c b/src/handler.c index 18969780..0093d1bd 100644 --- a/src/handler.c +++ b/src/handler.c @@ -12,7 +12,7 @@ #include #define MAX_USER_AGENT_LENGTH (0xffff + (MNL_SOCKET_BUFFER_SIZE / 2)) -static char *replacement_user_agent_string = NULL; +static char* replacement_user_agent_string = NULL; #define USER_AGENT_MATCH "\r\nUser-Agent:" #define USER_AGENT_MATCH_LENGTH 13 @@ -31,7 +31,8 @@ void init_handler() { memset(replacement_user_agent_string, ' ', MAX_USER_AGENT_LENGTH); strncpy(replacement_user_agent_string, config.custom_ua, strlen(config.custom_ua)); syslog(LOG_INFO, "Using config user agent string: %s", replacement_user_agent_string); - } else { + } + else { #ifdef UA2F_CUSTOM_UA memset(replacement_user_agent_string, ' ', MAX_USER_AGENT_LENGTH); strncpy(replacement_user_agent_string, UA2F_CUSTOM_UA, strlen(UA2F_CUSTOM_UA)); @@ -46,15 +47,16 @@ void init_handler() { } // should free the ret value -static char *ip_to_str(ip_address_t *ip, uint16_t port, int ip_version) { +static char* ip_to_str(const ip_address_t* ip, const uint16_t port, const int ip_version) { ASSERT(ip_version == IPV4 || ip_version == IPV6); - char *ip_buf = malloc(MAX_ADDR_PORT_LENGTH); + char* ip_buf = malloc(MAX_ADDR_PORT_LENGTH); memset(ip_buf, 0, MAX_ADDR_PORT_LENGTH); - const char *retval = NULL; + const char* retval = NULL; if (ip_version == IPV4) { retval = inet_ntop(AF_INET, &ip->in4, ip_buf, INET_ADDRSTRLEN); - } else if (ip_version == IPV6) { + } + else { retval = inet_ntop(AF_INET6, &ip->in6, ip_buf, INET6_ADDRSTRLEN); } ASSERT(retval != NULL); @@ -72,19 +74,19 @@ struct mark_op { }; static void send_verdict( - struct nf_queue *queue, - struct nf_packet *pkt, - struct mark_op mark, - struct pkt_buff *mangled_pkt_buff) { - struct nlmsghdr *nlh = nfqueue_put_header(pkt->queue_num, NFQNL_MSG_VERDICT); + const struct nf_queue* queue, + const struct nf_packet* pkt, + const struct mark_op mark, + struct pkt_buff* mangled_pkt_buff) { + struct nlmsghdr* nlh = nfqueue_put_header(pkt->queue_num, NFQNL_MSG_VERDICT); if (nlh == NULL) { syslog(LOG_ERR, "failed to put nfqueue header"); goto end; } - nfq_nlmsg_verdict_put(nlh, (int) pkt->packet_id, NF_ACCEPT); + nfq_nlmsg_verdict_put(nlh, pkt->packet_id, NF_ACCEPT); if (mark.should_set) { - struct nlattr *nest = mnl_attr_nest_start_check(nlh, SEND_BUF_LEN, NFQA_CT); + struct nlattr* nest = mnl_attr_nest_start_check(nlh, SEND_BUF_LEN, NFQA_CT); if (nest == NULL) { syslog(LOG_ERR, "failed to put nfqueue attr"); goto end; @@ -100,12 +102,12 @@ static void send_verdict( nfq_nlmsg_verdict_put_pkt(nlh, pktb_data(mangled_pkt_buff), pktb_len(mangled_pkt_buff)); } - __auto_type ret = mnl_socket_sendto(queue->nl_socket, nlh, nlh->nlmsg_len); + const __auto_type ret = mnl_socket_sendto(queue->nl_socket, nlh, nlh->nlmsg_len); if (ret == -1) { syslog(LOG_ERR, "failed to send verdict: %s", strerror(errno)); } - end: +end: if (nlh != NULL) { free(nlh); } @@ -114,66 +116,67 @@ static void send_verdict( static bool conntrack_info_available = true; static bool cache_initialized = false; -static void add_to_cache(struct nf_packet *pkt) { - char *ip_str = ip_to_str(&pkt->orig.dst, pkt->orig.dst_port, pkt->orig.ip_version); +static void add_to_cache(const struct nf_packet* pkt) { + char* ip_str = ip_to_str(&pkt->orig.dst, pkt->orig.dst_port, pkt->orig.ip_version); cache_add(ip_str); free(ip_str); } -static struct mark_op get_next_mark(struct nf_packet *pkt, bool has_ua) { +static struct mark_op get_next_mark(const struct nf_packet* pkt, const bool has_ua) { if (!conntrack_info_available) { - return (struct mark_op) {false, 0}; + return (struct mark_op){false, 0}; } // I didn't think this will happen, but just in case // firewall should already have a rule to return all marked with CONNMARK_NOT_HTTP packets if (pkt->conn_mark == CONNMARK_NOT_HTTP) { syslog(LOG_WARNING, "Packet has already been marked as not http. Maybe firewall rules are wrong?"); - return (struct mark_op) {false, 0}; + return (struct mark_op){false, 0}; } if (pkt->conn_mark == CONNMARK_HTTP) { - return (struct mark_op) {false, 0}; + return (struct mark_op){false, 0}; } if (has_ua) { - return (struct mark_op) {true, CONNMARK_HTTP}; + return (struct mark_op){true, CONNMARK_HTTP}; } if (!pkt->has_connmark || pkt->conn_mark == 0) { - return (struct mark_op) {true, CONNMARK_ESTIMATE_LOWER}; + return (struct mark_op){true, CONNMARK_ESTIMATE_LOWER}; } if (pkt->conn_mark == CONNMARK_ESTIMATE_VERDICT) { add_to_cache(pkt); - return (struct mark_op) {true, CONNMARK_NOT_HTTP}; + return (struct mark_op){true, CONNMARK_NOT_HTTP}; } if (pkt->conn_mark >= CONNMARK_ESTIMATE_LOWER && pkt->conn_mark <= CONNMARK_ESTIMATE_UPPER) { - return (struct mark_op) {true, pkt->conn_mark + 1}; + return (struct mark_op){true, pkt->conn_mark + 1}; } syslog(LOG_WARNING, "Unexpected connmark value: %d, Maybe other program has changed connmark?", pkt->conn_mark); - return (struct mark_op) {true, pkt->conn_mark + 1}; + return (struct mark_op){true, pkt->conn_mark + 1}; } -bool should_ignore(struct nf_packet *pkt) { +bool should_ignore(const struct nf_packet* pkt) { bool retval = false; - char *ip_str = ip_to_str(&pkt->orig.dst, pkt->orig.dst_port, pkt->orig.ip_version); + char* ip_str = ip_to_str(&pkt->orig.dst, pkt->orig.dst_port, pkt->orig.ip_version); retval = cache_contains(ip_str); free(ip_str); return retval; } -void handle_packet(struct nf_queue *queue, struct nf_packet *pkt) { +void handle_packet(const struct nf_queue* queue,const struct nf_packet* pkt) { if (conntrack_info_available) { if (!pkt->has_conntrack) { conntrack_info_available = false; syslog(LOG_WARNING, "Packet has no conntrack. Switching to no cache mode."); syslog(LOG_WARNING, "Note that this may lead to performance degradation. Especially on low-end routers."); - } else { + } + else { if (!cache_initialized) { init_not_http_cache(); cache_initialized = true; @@ -181,9 +184,9 @@ void handle_packet(struct nf_queue *queue, struct nf_packet *pkt) { } } - struct pkt_buff *pkt_buff = NULL; + struct pkt_buff* pkt_buff = NULL; if (conntrack_info_available && should_ignore(pkt)) { - send_verdict(queue, pkt, (struct mark_op) {true, CONNMARK_NOT_HTTP}, NULL); + send_verdict(queue, pkt, (struct mark_op){true, CONNMARK_NOT_HTTP}, NULL); goto end; } @@ -195,45 +198,49 @@ void handle_packet(struct nf_queue *queue, struct nf_packet *pkt) { if (conntrack_info_available) { type = pkt->orig.ip_version; - } else { - __auto_type ip_hdr = nfq_ip_get_hdr(pkt_buff); + } + else { + const __auto_type ip_hdr = nfq_ip_get_hdr(pkt_buff); if (ip_hdr == NULL) { type = IPV6; - } else { + } + else { type = IPV4; } } if (type == IPV4) { count_ipv4_packet(); - } else { + } + else { count_ipv6_packet(); } if (type == IPV4) { - __auto_type ip_hdr = nfq_ip_get_hdr(pkt_buff); + const __auto_type ip_hdr = nfq_ip_get_hdr(pkt_buff); if (nfq_ip_set_transport_header(pkt_buff, ip_hdr) < 0) { syslog(LOG_ERR, "Failed to set ipv4 transport header"); goto end; } - } else { - __auto_type ip_hdr = nfq_ip6_get_hdr(pkt_buff); + } + else { + const __auto_type ip_hdr = nfq_ip6_get_hdr(pkt_buff); if (nfq_ip6_set_transport_header(pkt_buff, ip_hdr, IPPROTO_TCP) < 0) { syslog(LOG_ERR, "Failed to set ipv6 transport header"); goto end; } } - __auto_type tcp_hdr = nfq_tcp_get_hdr(pkt_buff); + const __auto_type tcp_hdr = nfq_tcp_get_hdr(pkt_buff); if (tcp_hdr == NULL) { // This packet is not tcp, pass it - send_verdict(queue, pkt, (struct mark_op) {false, 0}, NULL); + send_verdict(queue, pkt, (struct mark_op){false, 0}, NULL); syslog(LOG_WARNING, "Received non-tcp packet. You may set wrong firewall rules."); goto end; } - __auto_type tcp_payload = nfq_tcp_get_payload(tcp_hdr, pkt_buff); - __auto_type tcp_payload_len = nfq_tcp_get_payload_len(tcp_hdr, pkt_buff); + const __auto_type tcp_payload = nfq_tcp_get_payload(tcp_hdr, pkt_buff); + const __auto_type tcp_payload_len = nfq_tcp_get_payload_len(tcp_hdr, pkt_buff); if (tcp_payload == NULL || tcp_payload_len < USER_AGENT_MATCH_LENGTH) { send_verdict(queue, pkt, get_next_mark(pkt, false), NULL); @@ -254,7 +261,7 @@ void handle_packet(struct nf_queue *queue, struct nf_packet *pkt) { } count_http_packet(); - void *search_start = tcp_payload; + const void* search_start = tcp_payload; unsigned int search_length = tcp_payload_len; bool has_ua = false; @@ -264,33 +271,34 @@ void handle_packet(struct nf_queue *queue, struct nf_packet *pkt) { break; } - char *ua_pos = memncasemem(search_start, search_length, USER_AGENT_MATCH, USER_AGENT_MATCH_LENGTH); + char* ua_pos = memncasemem(search_start, search_length, USER_AGENT_MATCH, USER_AGENT_MATCH_LENGTH); if (ua_pos == NULL) { break; } has_ua = true; - void *ua_start = ua_pos + USER_AGENT_MATCH_LENGTH; + void* ua_start = ua_pos + USER_AGENT_MATCH_LENGTH; // for non-standard user-agent like User-Agent:XXX with no space after colon - if ((char) (*(char *) (ua_start)) == ' ') { + if (*(char *)ua_start == ' ') { ua_start++; } - void *ua_end = memchr(ua_start, '\r', tcp_payload_len - (ua_start - tcp_payload)); + const void* ua_end = memchr(ua_start, '\r', tcp_payload_len - (ua_start - tcp_payload)); if (ua_end == NULL) { syslog(LOG_INFO, "User-Agent header is not terminated with \\r, not mangled."); send_verdict(queue, pkt, get_next_mark(pkt, true), NULL); goto end; } - unsigned int ua_len = ua_end - ua_start; - unsigned long ua_offset = ua_start - tcp_payload; + const unsigned int ua_len = ua_end - ua_start; + const unsigned long ua_offset = ua_start - tcp_payload; // Looks it's impossible to mangle pocket failed, so we just drop it if (type == IPV4) { nfq_tcp_mangle_ipv4(pkt_buff, ua_offset, ua_len, replacement_user_agent_string, ua_len); - } else { + } + else { nfq_tcp_mangle_ipv6(pkt_buff, ua_offset, ua_len, replacement_user_agent_string, ua_len); } @@ -304,7 +312,7 @@ void handle_packet(struct nf_queue *queue, struct nf_packet *pkt) { send_verdict(queue, pkt, get_next_mark(pkt, has_ua), pkt_buff); - end: +end: free(pkt->payload); if (pkt_buff != NULL) { pktb_free(pkt_buff); @@ -321,4 +329,4 @@ void handle_packet(struct nf_queue *queue, struct nf_packet *pkt) { #undef CONNMARK_ESTIMATE_VERDICT #undef CONNMARK_NOT_HTTP -#undef CONNMARK_HTTP \ No newline at end of file +#undef CONNMARK_HTTP diff --git a/src/statistics.c b/src/statistics.c index c72bc21a..6c19539b 100644 --- a/src/statistics.c +++ b/src/statistics.c @@ -41,8 +41,8 @@ void count_ipv6_packet() { static char time_string_buffer[100]; -char *fill_time_string(double sec) { - int s = (int) sec; +char *fill_time_string(const double sec) { + const int s = (int) sec; memset(time_string_buffer, 0, sizeof(time_string_buffer)); if (s <= 60) { sprintf(time_string_buffer, "%d seconds", s); @@ -61,7 +61,7 @@ char *fill_time_string(double sec) { void try_print_statistics() { if (user_agent_packet_count / last_report_count == 2 || user_agent_packet_count - last_report_count >= 8192) { last_report_count = user_agent_packet_count; - time_t current_t = time(NULL); + const time_t current_t = time(NULL); syslog( LOG_INFO, "UA2F has handled %lld ua http, %lld http, %lld tcp. %lld ipv4, %lld ipv6 packets in %s.", diff --git a/src/third/nfqueue-mnl.c b/src/third/nfqueue-mnl.c index ee9962f8..e6ba4d83 100644 --- a/src/third/nfqueue-mnl.c +++ b/src/third/nfqueue-mnl.c @@ -347,7 +347,7 @@ static bool inline read_ip_addr(struct nlattr *attr, int af, ip_address_t *ip_nu void *addr = mnl_attr_get_payload(attr); if (addr == NULL) return false; - int ip_ver = 0; + int ip_ver; if (af == AF_INET) { memset(&ip_num->ip, 0, sizeof(ip_num->ip)); memcpy(&ip_num->ip4, addr, sizeof(uint32_t)); diff --git a/src/ua2f.c b/src/ua2f.c index 353a928e..cfc31b47 100644 --- a/src/ua2f.c +++ b/src/ua2f.c @@ -15,12 +15,12 @@ volatile int should_exit = false; -void signal_handler(int signum) { +void signal_handler(const int signum) { syslog(LOG_ERR, "Signal %s received, exiting...", strsignal(signum)); should_exit = true; } -int main(int argc, char *argv[]) { +int main(const int argc, char *argv[]) { openlog("UA2F", LOG_PID, LOG_SYSLOG); load_config(); @@ -36,12 +36,10 @@ int main(int argc, char *argv[]) { signal(SIGSEGV, signal_handler); signal(SIGABRT, signal_handler); - struct nf_queue queue[1]; - memset(queue, 0, sizeof(struct nf_queue)); - struct nf_buffer buf[1]; - memset(buf, 0, sizeof(struct nf_buffer)); + struct nf_queue queue[1] = {0}; + struct nf_buffer buf[1] = {0}; - __auto_type ret = nfqueue_open(queue, QUEUE_NUM, 0); + const __auto_type ret = nfqueue_open(queue, QUEUE_NUM, 0); if (!ret) { syslog(LOG_ERR, "Failed to open nfqueue"); return EXIT_FAILURE; diff --git a/src/util.c b/src/util.c index cb76294b..36f46ca1 100644 --- a/src/util.c +++ b/src/util.c @@ -3,10 +3,10 @@ #include #include -void *memncasemem(const void *l, size_t l_len, const void *s, size_t s_len) { +void *memncasemem(const void *l, size_t l_len, const void *s, const size_t s_len) { register char *cur, *last; - const char *cl = (const char *) l; - const char *cs = (const char *) s; + const char *cl = l; + const char *cs = s; /* we need something to compare */ if (l_len == 0 || s_len == 0) @@ -36,11 +36,15 @@ void *memncasemem(const void *l, size_t l_len, const void *s, size_t s_len) { return NULL; } -static bool probe_http_method(const char *p, int len, const char *opt) { +static bool probe_http_method(const char *p, const int len, const char *opt) { + if (len < strlen(opt)) { + return false; + } + return !strncmp(p, opt, strlen(opt)); } -bool is_http_protocol(const char *p, unsigned int len) { +bool is_http_protocol(const char *p, const unsigned int len) { bool pass = false; #define PROBE_HTTP_METHOD(opt) if ((pass = probe_http_method(p, len, opt)) != false) return pass