Merge 3d4b73b65e into 031953e295

2025-04-10 04:21:01 +00:00 · 2014-04-24 15:40:25 +00:00 · 2014-04-24 15:40:25 +00:00 · d25682baee
commit d25682baee
parent 031953e295 3d4b73b65e
18 changed files with 125 additions and 168 deletions
--- a/src/Makefile
+++ b/src/Makefile
@ -10,7 +10,7 @@ HEAD_COMMIT = `git rev-parse --short HEAD`
 LIBPATH = -L.
 LDFLAGS +=  -lz `sh osflags $(TARGETOS) link` $(LIBPATH)
-CFLAGS += -c -g -Wall -D$(OS) -pedantic `sh osflags $(TARGETOS) cflags` -DGITREVISION=\"$(HEAD_COMMIT)\"
+CFLAGS += --std=gnu11 -O3 -c -g -Wall -D$(OS) -pedantic `sh osflags $(TARGETOS) cflags` -DGITREVISION=\"$(HEAD_COMMIT)\"
 all: stateos $(CLIENT) $(SERVER)
--- a/src/android_dns.h
+++ b/src/android_dns.h
@ -20,12 +20,7 @@ typedef struct {
 	unsigned arcount :16;
 } HEADER;
-#define NOERROR		0
+typedef enum {NOERROR, FORMERR, SERVFAIL, NXDOMAIN, NOTIMP, REFUSED} Error;
 #define FORMERR		1
 #define SERVFAIL	2
 #define NXDOMAIN	3
 #define NOTIMP		4
 #define REFUSED		5
 #define C_IN		1
--- a/src/base128.c
+++ b/src/base128.c
@ -70,38 +70,37 @@ static struct encoder base128_encoder =
 };
 struct encoder
-*get_base128_encoder()
+*get_base128_encoder(void)
 {
 	return &base128_encoder;
 }
 static int 
-base128_handles_dots()
+base128_handles_dots(void)
 {
 	return 0;
 }
 static int 
-base128_blksize_raw()
+base128_blksize_raw(void)
 {
 	return BLKSIZE_RAW;
 }
 static int 
-base128_blksize_enc()
+base128_blksize_enc(void)
 {
 	return BLKSIZE_ENC;
 }
 inline static void
-base128_reverse_init()
+base128_reverse_init(void)
 {
 	int i;
 	unsigned char c;
 	if (!reverse_init) {
 		memset (rev128, 0, 256);
-		for (i = 0; i < 128; i++) {
+		for (int i = 0; i < 128; i++) {
 			c = cb128[i];
 			rev128[(int) c] = i;
 		}
--- a/src/base32.c
+++ b/src/base32.c
@ -25,10 +25,8 @@
 #define BLKSIZE_RAW 5
 #define BLKSIZE_ENC 8
-static const char cb32[] = 
+static const char cb32[] = "abcdefghijklmnopqrstuvwxyz012345";
-	"abcdefghijklmnopqrstuvwxyz012345";
+static const char cb32_ucase[] =  "ABCDEFGHIJKLMNOPQRSTUVWXYZ012345";
 static const char cb32_ucase[] = 
 	"ABCDEFGHIJKLMNOPQRSTUVWXYZ012345";
 static unsigned char rev32[256];
 static int reverse_init = 0;
@ -50,38 +48,37 @@ static struct encoder base32_encoder =
 };
 struct encoder
-*get_base32_encoder()
+*get_base32_encoder(void)
 {
 	return &base32_encoder;
 }
 static int 
-base32_handles_dots()
+base32_handles_dots(void)
 {
 	return 0;
 }
 static int 
-base32_blksize_raw()
+base32_blksize_raw(void)
 {
 	return BLKSIZE_RAW;
 }
 static int 
-base32_blksize_enc()
+base32_blksize_enc(void)
 {
 	return BLKSIZE_ENC;
 }
 inline static void
-base32_reverse_init()
+base32_reverse_init(void)
 {
 	int i;
 	unsigned char c;
 	if (!reverse_init) {
 		memset (rev32, 0, 256);
-		for (i = 0; i < 32; i++) {
+		for (int i = 0; i < 32; i++) {
 			c = cb32[i];
 			rev32[(int) c] = i;
 			c = cb32_ucase[i];
@ -213,7 +210,7 @@ base32_decode(void *buf, size_t *buflen, const char *str, size_t slen)
 	int iout = 0;	/* to-be-filled output byte */
 	int iin = 0;	/* next input char to use in decoding */
-	base32_reverse_init ();
+	base32_reverse_init();
 	/* Note: Don't bother to optimize manually. GCC optimizes
 	   better(!) when using simplistic array indexing. */
--- a/src/base64.c
+++ b/src/base64.c
@ -27,8 +27,7 @@
 /* Note: the "unofficial" char is last here, which means that the \377 pattern
   in DOWNCODECCHECK1 ('Y' request) will properly test it. */
-static const char cb64[] = 
+static const char cb64[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-0123456789+";
 	"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-0123456789+";
 static unsigned char rev64[256];
 static int reverse_init = 0;
@ -50,38 +49,37 @@ static struct encoder base64_encoder =
 };
 struct encoder
-*get_base64_encoder()
+*get_base64_encoder(void)
 {
 	return &base64_encoder;
 }
 static int 
-base64_handles_dots()
+base64_handles_dots(void)
 {
 	return 0;
 }
 static int 
-base64_blksize_raw()
+base64_blksize_raw(void)
 {
 	return BLKSIZE_RAW;
 }
 static int 
-base64_blksize_enc()
+base64_blksize_enc(void)
 {
 	return BLKSIZE_ENC;
 }
 inline static void
-base64_reverse_init()
+base64_reverse_init(void)
 {
 	int i;
 	unsigned char c;
 	if (!reverse_init) {
 		memset (rev64, 0, 256);
-		for (i = 0; i < 64; i++) {
+		for (int i = 0; i < 64; i++) {
 			c = cb64[i];
 			rev64[(int) c] = i;
 		}
--- a/src/client.c
+++ b/src/client.c
@ -110,7 +110,7 @@ static long send_query_recvcnt = 0;
 static int hostname_maxlen = 0xFF;
 void
-client_init()
+client_init(void)
 {
 	running = 1;
 	b32 = get_base32_encoder();
@ -136,13 +136,13 @@ client_init()
 }
 void
-client_stop()
+client_stop(void)
 {
 	running = 0;
 }
 enum connection
-client_get_conn()
+client_get_conn(void)
 {
 	return conn;
 }
@ -232,7 +232,7 @@ client_set_hostname_maxlen(int i)
 }
 const char *
-client_get_raw_addr()
+client_get_raw_addr(void)
 {
 	return inet_ntoa(raw_serv.sin_addr);
 }
@ -338,7 +338,7 @@ send_packet(int fd, char cmd, const char *data, const size_t datalen)
 }
 static inline int
-is_sending()
+is_sending(void)
 {
 	return (outpkt.len != 0);
 }
@ -1835,7 +1835,6 @@ handshake_qtypetest(int dns_fd, int timeout)
 	char *s = DOWNCODECCHECK1;
        int slen = DOWNCODECCHECK1_LEN;
 	int trycodec;
 	int k;
 	if (do_qtype == T_NULL)
 		trycodec = 'R';
@ -1852,7 +1851,7 @@ handshake_qtypetest(int dns_fd, int timeout)
 	if (read != slen)
 		return 0;	/* incorrect */
-	for (k = 0; k < slen; k++) {
+	for (int k = 0; k < slen; k++) {
 		if (in[k] != s[k]) {
 			/* corrupted */
 			return 0;
@ -1885,8 +1884,6 @@ handshake_qtype_autodetect(int dns_fd)
 */
 {
 	int highestworking = 100;
 	int timeout;
 	int qtypenum;
 	fprintf(stderr, "Autodetecting DNS query type (use -T to override)");
 	fflush(stderr);
@ -1901,8 +1898,8 @@ handshake_qtype_autodetect(int dns_fd)
 	   to see if things will start working after a while.
 	 */
-	for (timeout = 1; running && timeout <= 3; timeout++) {
+	for (int timeout = 1; running && timeout <= 3; timeout++) {
-		for (qtypenum = 0; running && qtypenum < highestworking; qtypenum++) {
+		for (int qtypenum = 0; running && qtypenum < highestworking; qtypenum++) {
 			do_qtype = handshake_qtype_numcvt(qtypenum);
 			if (do_qtype == T_UNSET)
 				break;	/* this round finished */
@ -1957,7 +1954,6 @@ handshake_edns0_check(int dns_fd)
 */
 {
 	char in[4096];
 	int i;
 	int read;
 	char *s = DOWNCODECCHECK1;
        int slen = DOWNCODECCHECK1_LEN;
@ -1968,7 +1964,7 @@ handshake_edns0_check(int dns_fd)
 	else
 		trycodec = 'T';
-	for (i=0; running && i<3 ;i++) {
+	for (int i=0; running && i<3 ;i++) {
 		send_downenctest(dns_fd, trycodec, 1, NULL, 0);
@ -1981,8 +1977,7 @@ handshake_edns0_check(int dns_fd)
 			return 0;	/* reply incorrect = unreliable */
 		if (read > 0) {
-			int k;
+			for (int k = 0; k < slen; k++) {
 			for (k = 0; k < slen; k++) {
 				if (in[k] != s[k]) {
 					/* Definitely not reliable */
 					return 0;
@ -2003,7 +1998,6 @@ static void
 handshake_switch_codec(int dns_fd, int bits)
 {
 	char in[4096];
 	int i;
 	int read;
 	struct encoder *tempenc;
@ -2019,7 +2013,7 @@ handshake_switch_codec(int dns_fd, int bits)
 	fprintf(stderr, "Switching upstream to codec %s\n", tempenc->name);
-	for (i=0; running && i<5 ;i++) {
+	for (int i=0; running && i<5 ;i++) {
 		send_codec_switch(dns_fd, userid, bits);
@ -2057,7 +2051,6 @@ static void
 handshake_switch_downenc(int dns_fd)
 {
 	char in[4096];
 	int i;
 	int read;
 	char *dname;
@ -2072,7 +2065,7 @@ handshake_switch_downenc(int dns_fd)
 		dname = "Raw";
 	fprintf(stderr, "Switching downstream to codec %s\n", dname);
-	for (i=0; running && i<5 ;i++) {
+	for (int i=0; running && i<5 ;i++) {
 		send_downenc_switch(dns_fd, userid);
@ -2109,11 +2102,10 @@ static void
 handshake_try_lazy(int dns_fd)
 {
 	char in[4096];
 	int i;
 	int read;
 	fprintf(stderr, "Switching to lazy mode for low-latency\n");
-	for (i=0; running && i<5; i++) {
+	for (int i=0; running && i<5; i++) {
 		send_lazy_switch(dns_fd, userid);
@ -2154,10 +2146,9 @@ handshake_lazyoff(int dns_fd)
 /* Used in the middle of data transfer, timing is different and no error msgs */
 {
 	char in[4096];
 	int i;
 	int read;
-	for (i=0; running && i<5; i++) {
+	for (int i=0; running && i<5; i++) {
 		send_lazy_switch(dns_fd, userid);
@ -2182,8 +2173,8 @@ fragsize_check(char *in, int read, int proposed_fragsize, int *max_fragsize)
 {
 	int acked_fragsize = ((in[0] & 0xff) << 8) | (in[1] & 0xff);
 	int okay;
 	int i;
 	unsigned int v;
 	int i;
 	if (read >= 5 && strncmp("BADIP", in, 5) == 0) {
 		fprintf(stderr, "got BADIP (Try iodined -c)..\n");
@ -2253,7 +2244,6 @@ static int
 handshake_autoprobe_fragsize(int dns_fd)
 {
 	char in[4096];
 	int i;
 	int read;
 	int proposed_fragsize = 768;
 	int range = 768;
@ -2263,7 +2253,7 @@ handshake_autoprobe_fragsize(int dns_fd)
 	fprintf(stderr, "Autoprobing max downstream fragment size... (skip with -m fragsize)\n"); 
 	while (running && range > 0 && (range >= 8 || max_fragsize < 300)) {
 		/* stop the slow probing early when we have enough bytes anyway */
-		for (i=0; running && i<3 ;i++) {
+		for (int i=0; running && i<3 ;i++) {
 			send_fragsize_probe(dns_fd, proposed_fragsize);
@ -2327,11 +2317,10 @@ static void
 handshake_set_fragsize(int dns_fd, int fragsize)
 {
 	char in[4096];
 	int i;
 	int read;
 	fprintf(stderr, "Setting downstream fragment size to max %d...\n", fragsize);
-	for (i=0; running && i<5 ;i++) {
+	for (int i=0; running && i<5 ;i++) {
 		send_set_downstream_fragsize(dns_fd, fragsize);
--- a/src/common.c
+++ b/src/common.c
@ -59,7 +59,7 @@ const unsigned char raw_header[RAW_HDR_LEN] = { 0x10, 0xd1, 0x9e, 0x00 };
 #if !defined(ANDROID) && !defined(WINDOWS32) && !(defined(BSD) && (BSD >= 199306)) && !defined(__GLIBC__)
 static int daemon(int nochdir, int noclose)
 {
- 	int fd, i;
+ 	int fd;
 	switch (fork()) {
 		case 0:
@ -80,7 +80,7 @@ static int daemon(int nochdir, int noclose)
 	if (!noclose) {
 		if ((fd = open("/dev/null", O_RDWR)) >= 0) {
- 			for (i = 0; i < 3; i++) {
+ 			for (int i = 0; i < 3; i++) {
 				dup2(fd, i);
 			}
 			if (fd > 2) {
@ -196,7 +196,7 @@ open_dns(struct sockaddr_storage *sockaddr, size_t sockaddr_len)
 	setsockopt(fd, IPPROTO_IP, IP_OPT_DONT_FRAG, (const void*) &flag, sizeof(flag));
 #endif
-	if(bind(fd, (struct sockaddr*) sockaddr, sockaddr_len) < 0)
+	if(bind(fd, (struct sockaddr*) sockaddr, (unsigned) sockaddr_len) < 0)
 		err(1, "bind");
 	fprintf(stderr, "Opened IPv%d UDP socket\n", sockaddr->ss_family == AF_INET6 ? 6 : 4);
@ -255,7 +255,7 @@ do_pidfile(char *pidfile)
 #ifndef WINDOWS32
 	FILE *file;
-	if ((file = fopen(pidfile, "w")) == NULL) {
+	if (!(file = fopen(pidfile, "w"))) {
 		syslog(LOG_ERR, "Cannot write pidfile to %s, exiting", pidfile);
 		err(1, "do_pidfile: Can not write pidfile to %s", pidfile);
 	} else {
@ -268,7 +268,7 @@ do_pidfile(char *pidfile)
 }
 void
-do_detach()
+do_detach(void)
 {
 #ifndef WINDOWS32
 	fprintf(stderr, "Detaching from terminal...\n");
@ -293,8 +293,6 @@ read_password(char *buf, size_t len)
 	tp.c_lflag &= (~ECHO);
 	tcsetattr(0, TCSANOW, &tp);
 #else
 	int i;
 #endif
 	fprintf(stderr, "Enter password: ");
@ -302,7 +300,7 @@ read_password(char *buf, size_t len)
 #ifndef WINDOWS32
 	fscanf(stdin, "%79[^\n]", pwd);
 #else
-	for (i = 0; i < sizeof(pwd); i++) {
+	for (int i = 0; i < sizeof(pwd); i++) {
 		pwd[i] = getch();
 		if (pwd[i] == '\r' || pwd[i] == '\n') {
 			pwd[i] = 0;
@ -326,12 +324,10 @@ read_password(char *buf, size_t len)
 int
 check_topdomain(char *str)
 {
       int i;
       if(str[0] == '.') /* special case */
               return 1;
-       for( i = 0; i < strlen(str); i++) {
+       for(int i = 0; i < strlen(str); i++) {
               if( isalpha(str[i]) || isdigit(str[i]) || str[i] == '-' || str[i] == '.' )
                       continue;
               else 
@ -407,8 +403,7 @@ int recent_seqno(int ourseqno, int gotseqno)
   Return 0 if gotseqno is new (or very old).
 */
 {
-	int i;
+	for (int i = 0; i < 4; i++, ourseqno--) {
 	for (i = 0; i < 4; i++, ourseqno--) {
 		if (ourseqno < 0)
 			ourseqno = 7;
 		if (gotseqno == ourseqno)
--- a/src/dns.c
+++ b/src/dns.c
@ -431,7 +431,7 @@ dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet, siz
 	rlen = 0;
-	if (q != NULL) 
+	if (q)
 		q->rcode = header->rcode;
 	switch (qr) {
@ -441,7 +441,7 @@ dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet, siz
 			return -1;
 		}
-		if (q != NULL) 
+		if (q)
 			q->id = id;
 		/* Read name even if no answer, to give better error message */
@ -451,7 +451,7 @@ dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet, siz
 		readshort(packet, &data, &class);
 		/* if CHECKLEN okay, then we're sure to have a proper name */
-		if (q != NULL) {
+		if (q) {
 			/* We only need the first char to check it */
 			q->name[0] = name[0];
 			q->name[1] = '\0';
@ -508,11 +508,10 @@ dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet, siz
 			char names[250][QUERY_NAME_SIZE];
 			char *rdatastart;
 			short pref;
 			int i;
 			int offset;
 			memset(names, 0, sizeof(names));
-
+			int i;
 			for (i=0; i < ancount; i++) {
 				readname(packet, packetlen, &data, name, sizeof(name));
 				CHECKLEN(12);
@ -577,7 +576,7 @@ dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet, siz
 		}
 		/* Here type is the answer type (note A->CNAME) */
-		if (q != NULL)
+		if (q)
 			q->type = type;
 		break;
 	case QR_QUERY:
@ -593,7 +592,7 @@ dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet, siz
 		readshort(packet, &data, &type);
 		readshort(packet, &data, &class);
-		if (q == NULL) {
+		if (!q) {
 			rv = 0;
 			break;
 		}
--- a/src/encoding.c
+++ b/src/encoding.c
@ -51,7 +51,7 @@ build_hostname(char *buf, size_t buflen,
 	strncpy(b, topdomain, strlen(topdomain)+1);
-	return space;
+	return (int) space;
 }
 int
@ -70,7 +70,7 @@ inline_dotify(char *buf, size_t buflen)
 	unsigned total;
 	char *reader, *writer;
-	total = strlen(buf);
+	total = (int) strlen(buf);
 	dots = total / 57;
 	writer = buf;
@ -81,7 +81,7 @@ inline_dotify(char *buf, size_t buflen)
 	if (strlen(buf) + dots > buflen) {
 		writer = buf;
 		writer += buflen;
-		total = buflen;
+		total = (int) buflen;
 	}
 	reader = writer - dots;
@ -125,5 +125,5 @@ inline_undotify(char *buf, size_t len)
 	}
 	/* return new length of string */
-	return len - dots;
+	return (int)(len - dots);
 }
--- a/src/fw_query.c
+++ b/src/fw_query.c
@ -20,7 +20,7 @@
 static struct fw_query fwq[FW_QUERY_CACHE_SIZE];
 static int fwq_ix;
-void fw_query_init()
+void fw_query_init(void)
 {
 	memset(fwq, 0, sizeof(struct fw_query) * FW_QUERY_CACHE_SIZE);
 	fwq_ix = 0;
@ -37,10 +37,8 @@ void fw_query_put(struct fw_query *fw_query)
 void fw_query_get(unsigned short query_id, struct fw_query **fw_query)
 {
 	int i;
 	*fw_query = NULL;
-	for (i = 0; i < FW_QUERY_CACHE_SIZE; i++) {
+	for (int i = 0; i < FW_QUERY_CACHE_SIZE; i++) {
 		if (fwq[i].id == query_id) {
 			*fw_query = &(fwq[i]);
 			return;
--- a/src/iodine.c
+++ b/src/iodine.c
@ -58,7 +58,7 @@ sighandler(int sig)
 }
 static void
-usage() {
+usage(void) {
 	extern char *__progname;
 	fprintf(stderr, "Usage: %s [-v] [-h] [-f] [-r] [-u user] [-t chrootdir] [-d device] "
@ -68,7 +68,7 @@ usage() {
 }
 static void
-help() {
+help(void) {
 	extern char *__progname;
 	fprintf(stderr, "iodine IP over DNS tunneling client\n");
@ -101,7 +101,7 @@ help() {
 }
 static void
-version() {
+version(void) {
 	fprintf(stderr, "iodine IP over DNS tunneling client\n");
 	fprintf(stderr, "Git version: %s\n", GITREVISION);
@ -148,7 +148,7 @@ main(int argc, char **argv)
 #endif
 	username = NULL;
 	memset(password, 0, 33);
-	srand(time(NULL));
+	srand((unsigned) time(NULL));
 	foreground = 0;
 	newroot = NULL;
 	context = NULL;
@ -173,7 +173,7 @@ main(int argc, char **argv)
 #if !defined(BSD) && !defined(__GLIBC__)
 	__progname = strrchr(argv[0], '/');
-	if (__progname == NULL)
+	if (!__progname)
 		__progname = argv[0];
 	else
 		__progname++;
@ -320,9 +320,9 @@ main(int argc, char **argv)
 	client_set_topdomain(topdomain);
 	client_set_hostname_maxlen(hostname_maxlen);
-	if (username != NULL) {
+	if (username) {
 #ifndef WINDOWS32
-		if ((pw = getpwnam(username)) == NULL) {
+		if (!(pw = getpwnam(username))) {
 			warnx("User %s does not exist!\n", username);
 			usage();
 			/* NOTREACHED */
@ -331,7 +331,7 @@ main(int argc, char **argv)
 	}
 	if (strlen(password) == 0) {
-		if (NULL != getenv(PASSWORD_ENV_VAR))
+		if (getenv(PASSWORD_ENV_VAR))
 			snprintf(password, sizeof(password), "%s", getenv(PASSWORD_ENV_VAR));
 		else
 			read_password(password, sizeof(password));
@ -372,13 +372,13 @@ main(int argc, char **argv)
 	if (foreground == 0) 
 		do_detach();
-	if (pidfile != NULL)
+	if (pidfile)
 		do_pidfile(pidfile);
-	if (newroot != NULL)
+	if (newroot)
 		do_chroot(newroot);
-	if (username != NULL) {
+	if (username) {
 #ifndef WINDOWS32
 		gid_t gids[1];
 		gids[0] = pw->pw_gid;
@ -390,7 +390,7 @@ main(int argc, char **argv)
 #endif
 	}
-	if (context != NULL)
+	if (context)
 		do_setcon(context);
 	client_tunnel(tun_fd, dns_fd);
--- a/src/iodined.c
+++ b/src/iodined.c
@ -123,12 +123,12 @@ static int get_external_ip(struct in_addr *ip)
 	freeaddrinfo(addr);
 	if (res < 0) return 3;
-	res = write(sock, getstr, strlen(getstr));
+	res = (int) write(sock, getstr, strlen(getstr));
 	if (res != strlen(getstr)) return 4;
 	/* Zero buf before receiving, leave at least one zero at the end */
 	memset(buf, 0, sizeof(buf));
-	res = read(sock, buf, sizeof(buf) - 1);
+	res = (int) read(sock, buf, sizeof(buf) - 1);
 	if (res < 0) return 5;
 	len = res;
@ -415,7 +415,7 @@ save_to_qmem_pingordata(int userid, struct query *q)
 		size_t cmcsize = sizeof(cmc);
 		char *cp = strchr(q->name, '.');
-		if (cp == NULL)
+		if (!cp)
 			return;  /* illegal hostname; shouldn't happen */
 		/* We already unpacked in handle_null_request(), but that's
@ -607,7 +607,7 @@ tunnel_tun(int tun_fd, int dns_fd)
 	int userid;
 	int read;
-	if ((read = read_tun(tun_fd, in, sizeof(in))) <= 0)
+	if ((read = (int) read_tun(tun_fd, in, sizeof(in))) <= 0)
 		return 0;
 	/* find target ip in packet, in is padded with 4 bytes TUN header */
@ -625,12 +625,12 @@ tunnel_tun(int tun_fd, int dns_fd)
 		   If the queue is full, drop the packet. TCP will hopefully notice
 		   and reduce the packet rate. */
 		if (users[userid].outpacket.len > 0) {
-			save_to_outpacketq(userid, out, outlen);
+			save_to_outpacketq(userid, out, (int) outlen);
 			return 0;
 		}
 #endif
-		start_new_outpacket(userid, out, outlen);
+		start_new_outpacket(userid, out, (int) outlen);
 		/* Start sending immediately if query is waiting */
 		if (users[userid].q_sendrealsoon.id != 0)
@ -638,10 +638,10 @@ tunnel_tun(int tun_fd, int dns_fd)
 		else if (users[userid].q.id != 0)
 			send_chunk_or_dataless(dns_fd, userid, &users[userid].q);
-		return outlen;
+		return (int) outlen;
 	} else { /* CONN_RAW_UDP */
-		send_raw(dns_fd, out, outlen, userid, RAW_HDR_CMD_DATA, &users[userid].q);
+		send_raw(dns_fd, out, (int) outlen, userid, RAW_HDR_CMD_DATA, &users[userid].q);
-		return outlen;
+		return (int) outlen;
 	}
 }
@ -1993,9 +1993,7 @@ read_dns(int fd, int tun_fd, struct query *q) /* FIXME: tun_fd is because of raw
 		}
 #ifndef WINDOWS32
-		for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL; 
+		for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
 			cmsg = CMSG_NXTHDR(&msg, cmsg)) { 
 			if (cmsg->cmsg_level == IPPROTO_IP && 
 				cmsg->cmsg_type == DSTADDR_SOCKOPT) { 
@ -2173,7 +2171,7 @@ write_dns(int fd, struct query *q, char *data, int datalen, char downenc)
 }
 static void
-usage() {
+usage(void) {
 	extern char *__progname;
 	fprintf(stderr, "Usage: %s [-v] [-h] [-c] [-s] [-f] [-D] [-u user] "
@ -2185,7 +2183,7 @@ usage() {
 }
 static void
-help() {
+help(void) {
 	extern char *__progname;
 	fprintf(stderr, "iodine IP over DNS tunneling server\n");
@ -2221,7 +2219,7 @@ help() {
 }
 static void
-version() {
+version(void) {
 	fprintf(stderr, "iodine IP over DNS tunneling server\n");
 	fprintf(stderr, "Git version: %s\n", GITREVISION);
 	exit(0);
@ -2298,7 +2296,7 @@ main(int argc, char **argv)
 #if !defined(BSD) && !defined(__GLIBC__)
 	__progname = strrchr(argv[0], '/');
-	if (__progname == NULL)
+	if (!__progname)
 		__progname = argv[0];
 	else
 		__progname++;
@ -2412,9 +2410,9 @@ main(int argc, char **argv)
 		usage();
 	}
-	if (username != NULL) {
+	if (username) {
 #ifndef WINDOWS32
-		if ((pw = getpwnam(username)) == NULL) {
+		if (!(pw = getpwnam(username))) {
 			warnx("User %s does not exist!", username);
 			usage();
 		}
@ -2543,7 +2541,7 @@ main(int argc, char **argv)
 	if (foreground == 0) 
 		do_detach();
-	if (pidfile != NULL)
+	if (pidfile)
 		do_pidfile(pidfile);
 #ifdef FREEBSD
@ -2553,11 +2551,11 @@ main(int argc, char **argv)
 	openlog( __progname, LOG_NDELAY, LOG_DAEMON );
 #endif
-	if (newroot != NULL)
+	if (newroot)
 		do_chroot(newroot);
 	signal(SIGINT, sigint);
-	if (username != NULL) {
+	if (username) {
 #ifndef WINDOWS32
 		gid_t gids[1];
 		gids[0] = pw->pw_gid;
@ -2568,7 +2566,7 @@ main(int argc, char **argv)
 #endif
 	}
-	if (context != NULL)
+	if (context)
 		do_setcon(context);
 	syslog(LOG_INFO, "started, listening on port %d", port);
--- a/src/login.c
+++ b/src/login.c
@ -35,7 +35,6 @@ login_calculate(char *buf, int buflen, const char *pass, int seed)
 	unsigned char temp[32];
 	md5_state_t ctx;
 	int *ix;
 	int i;
 	int k;
 	if (buflen < 16) 
@ -44,7 +43,7 @@ login_calculate(char *buf, int buflen, const char *pass, int seed)
 	memcpy(temp, pass, 32);
 	ix = (int*) temp;
-	for (i = 0; i < 8; i++) {
+	for (int i = 0; i < 8; i++) {
 		k = ntohl(*ix);
 		k ^= seed;
 		*ix++ = htonl(k);
--- a/src/md5.c
+++ b/src/md5.c
@ -181,14 +181,13 @@ md5_process(md5_state_t *pms, const md5_byte_t *data /*[64]*/)
 	     * right order.
 	     */
 	    const md5_byte_t *xp = data;
 	    int i;
 #  if BYTE_ORDER == 0
 	    X = xbuf;		/* (dynamic only) */
 #  else
 #    define xbuf X		/* (static only) */
 #  endif
-	    for (i = 0; i < 16; ++i, xp += 4)
+	    for (int i = 0; i < 16; ++i, xp += 4)
 		xbuf[i] = xp[0] + (xp[1] << 8) + (xp[2] << 16) + (xp[3] << 24);
 	}
 #endif
@ -367,16 +366,15 @@ md5_finish(md5_state_t *pms, md5_byte_t digest[16])
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
    };
    md5_byte_t data[8];
    int i;
    /* Save the length before padding. */
-    for (i = 0; i < 8; ++i)
+    for (int i = 0; i < 8; ++i)
 	data[i] = (md5_byte_t)(pms->count[i >> 2] >> ((i & 3) << 3));
    /* Pad to 56 bytes mod 64. */
    md5_append(pms, pad, ((55 - (pms->count[0] >> 3)) & 63) + 1);
    /* Append the length. */
    md5_append(pms, data, 8);
-    for (i = 0; i < 16; ++i)
+    for (int i = 0; i < 16; ++i)
 	digest[i] = (md5_byte_t)(pms->abcd[i >> 2] >> ((i & 3) << 3));
 }
--- a/src/read.c
+++ b/src/read.c
@ -119,7 +119,7 @@ readdata(char *packet, char **src, char *dst, size_t len)
 	(*src) += len;
-	return len;
+	return (int) len;
 }
 int
@ -160,7 +160,7 @@ putname(char **buf, size_t buflen, const char *host)
 	char *p;
 	h = strdup(host);
-	left = buflen;
+	left = (int) buflen;
 	p = *buf;
 	word = strtok(h, ".");
@ -183,7 +183,7 @@ putname(char **buf, size_t buflen, const char *host)
 	free(h);
 	*buf = p;
-	return buflen - left;
+	return (int) (buflen - left);
 }
 int
@ -232,7 +232,7 @@ putdata(char **dst, char *data, size_t len)
 	memcpy(*dst, data, len);
 	(*dst) += len;
-	return len;
+	return (int) len;
 }
 int
@ -246,7 +246,7 @@ puttxtbin(char **buf, size_t bufremain, char *from, size_t fromremain)
 	while (fromremain > 0)
 	{
-		tocopy = fromremain;
+		tocopy = (int) fromremain;
 		if (tocopy > 252)
 			tocopy = 252;	/* allow off-by-1s in caches etc */
 		if (tocopy + 1 > bufremain)
--- a/src/tun.c
+++ b/src/tun.c
@ -89,7 +89,7 @@ open_tun(const char *tun_device)
 	ifreq.ifr_flags = IFF_TUN; 
-	if (tun_device != NULL) {
+	if (tun_device) {
 		strncpy(ifreq.ifr_name, tun_device, IFNAMSIZ);
 		ifreq.ifr_name[IFNAMSIZ-1] = '\0';
 		strncpy(if_name, tun_device, sizeof(if_name));
@ -135,7 +135,7 @@ open_tun(const char *tun_device)
 	int tun_fd;
 	char tun_name[50];
-	if (tun_device != NULL) {
+	if (tun_device) {
 		snprintf(tun_name, sizeof(tun_name), "/dev/%s", tun_device);
 		strncpy(if_name, tun_device, sizeof(if_name));
 		if_name[sizeof(if_name)-1] = '\0';
@ -437,7 +437,6 @@ tun_setip(const char *ip, const char *other_ip, int netbits)
 	char cmdline[512];
 	int netmask;
 	struct in_addr net;
 	int i;
 #ifndef LINUX
 	int r;
 #endif
@ -450,7 +449,7 @@ tun_setip(const char *ip, const char *other_ip, int netbits)
 	const char *display_ip;
 	netmask = 0;
-	for (i = 0; i < netbits; i++) {
+	for (int i = 0; i < netbits; i++) {
 		netmask = (netmask << 1) | 1;
 	}
 	netmask <<= (32 - netbits);
--- a/src/user.c
+++ b/src/user.c
@ -39,7 +39,6 @@ unsigned usercount;
 int
 init_users(in_addr_t my_ip, int netbits)
 {
 	int i;
 	int skip = 0;
 	char newip[16];
@ -49,7 +48,7 @@ init_users(in_addr_t my_ip, int netbits)
 	struct in_addr net;
 	struct in_addr ipstart;
-	for (i = 0; i < netbits; i++) {
+	for (int i = 0; i < netbits; i++) {
 		netmask = (netmask << 1) | 1;
 	}
 	netmask <<= (32 - netbits);
@ -60,7 +59,7 @@ init_users(in_addr_t my_ip, int netbits)
 	usercount = MIN(maxusers, USERS);
 	users = calloc(usercount, sizeof(struct tun_user));
-	for (i = 0; i < usercount; i++) {
+	for (int i = 0; i < usercount; i++) {
 		in_addr_t ip;
 		users[i].id = i;
 		snprintf(newip, sizeof(newip), "0.0.0.%d", i + skip + 1);
@ -82,7 +81,7 @@ init_users(in_addr_t my_ip, int netbits)
 }
 const char*
-users_get_first_ip()
+users_get_first_ip(void)
 {
 	struct in_addr ip;
 	ip.s_addr = users[0].tun_ip;
@ -90,13 +89,11 @@ users_get_first_ip()
 }
 int
-users_waiting_on_reply()
+users_waiting_on_reply(void)
 {
-	int ret;
+	int ret = 0;
 	int i;
-	ret = 0;
+	for (int i = 0; i < usercount; i++) {
 	for (i = 0; i < usercount; i++) {
 		if (users[i].active && !users[i].disabled && 
 			users[i].last_pkt + 60 > time(NULL) &&
 			users[i].q.id != 0 && users[i].conn == CONN_DNS_NULL) {
@ -110,11 +107,9 @@ users_waiting_on_reply()
 int
 find_user_by_ip(uint32_t ip)
 {
-	int ret;
+	int ret = -1;
 	int i;
-	ret = -1;
+	for (int i = 0; i < usercount; i++) {
 	for (i = 0; i < usercount; i++) {
 		if (users[i].active && !users[i].disabled &&
 			users[i].last_pkt + 60 > time(NULL) &&
 			ip == users[i].tun_ip) {
@ -126,7 +121,7 @@ find_user_by_ip(uint32_t ip)
 }
 int
-all_users_waiting_to_send()
+all_users_waiting_to_send(void)
 /* If this returns true, then reading from tun device is blocked.
   So only return true when all clients have at least one packet in
   the outpacket-queue, so that sending back-to-back is possible
@ -134,12 +129,10 @@ all_users_waiting_to_send()
 */
 {
 	time_t now;
-	int ret;
+	int ret = 1;
 	int i;
 	ret = 1;
 	now = time(NULL);
-	for (i = 0; i < usercount; i++) {
+
 	for (int i = 0; i < usercount; i++) {
 		if (users[i].active && !users[i].disabled &&
 			users[i].last_pkt + 60 > now &&
 			((users[i].conn == CONN_RAW_UDP) || 
@ -159,11 +152,11 @@ all_users_waiting_to_send()
 }
 int
-find_available_user()
+find_available_user(void)
 {
 	int ret = -1;
-	int i;
+
-	for (i = 0; i < usercount; i++) {
+	for (int i = 0; i < usercount; i++) {
 		/* Not used at all or not used in one minute */
 		if ((!users[i].active || users[i].last_pkt + 60 < time(NULL)) && !users[i].disabled) {
 			users[i].active = 1;
@ -192,7 +185,7 @@ user_set_conn_type(int userid, enum connection c)
 	if (userid < 0 || userid >= usercount)
 		return;
-	if (c < 0 || c >= CONN_MAX)
+	if (c >= CONN_MAX)
 		return;
 	users[userid].conn = c;
--- a/src/util.c
+++ b/src/util.c
@ -18,7 +18,7 @@
 #include "common.h"
 char *
-get_resolvconf_addr()
+get_resolvconf_addr(void)
 {
 	static char addr[16];
 	char *rv;
@ -27,9 +27,9 @@ get_resolvconf_addr()
 	FILE *fp;
 #ifdef ANDROID
 	fp = popen("getprop net.dns1", "r");
-	if (fp == NULL)
+	if (!fp)
 		err(1, "getprop net.dns1 failed");
-	if (fgets(buf, sizeof(buf), fp) == NULL)
+	if (!fgets(buf, sizeof(buf), fp))
 		err(1, "read getprop net.dns1 failed");
 	if (sscanf(buf, "%15s", addr) == 1)
 		rv = addr;
@ -38,7 +38,7 @@ get_resolvconf_addr()
 	rv = NULL;
-	if ((fp = fopen("/etc/resolv.conf", "r")) == NULL) 
+	if (!(fp = fopen("/etc/resolv.conf", "r")))
 		err(1, "/etc/resolv.conf");
 	while (feof(fp) == 0) {