treewide: Mark constant references as const

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

arp.c

@@ -36,7 +36,7 @@
  *
  * Return: 1 if handled, -1 on failure
  */
-int arp(struct ctx *c, struct pool *p)
+int arp(const struct ctx *c, const struct pool *p)
 {
 	unsigned char swap[4];
 	struct ethhdr *eh;

arp.h

@@ -20,6 +20,6 @@ struct arpmsg {
 	unsigned char tip[4];
 } __attribute__((__packed__));
 
-int arp(struct ctx *c, struct pool *p);
+int arp(const struct ctx *c, const struct pool *p);
 
 #endif /* ARP_H */

checksum.h

@@ -6,9 +6,9 @@
 #ifndef CHECKSUM_H
 #define CHECKSUM_H
 
-uint32_t sum_16b(void *buf, size_t len);
+uint32_t sum_16b(const void *buf, size_t len);
 uint16_t csum_fold(uint32_t sum);
-uint16_t csum_unaligned(void *buf, size_t len, uint32_t init);
+uint16_t csum_unaligned(const void *buf, size_t len, uint32_t init);
 void csum_tcp4(struct iphdr *iph);
 uint16_t csum(const void *buf, size_t len, uint32_t init);
 

conf.c

@@ -364,7 +364,7 @@ static int conf_ns_check(void *arg)
  * Return: 0 on success, negative error code otherwise
  */
 static int conf_ns_opt(struct ctx *c,
-		       char *nsdir, char *conf_userns, const char *optarg)
+		       char *nsdir, const char *conf_userns, const char *optarg)
 {
 	int ufd = -1, nfd = -1, try, ret, netns_only_reset = c->netns_only;
 	char userns[PATH_MAX] = { 0 }, netns[PATH_MAX];
@@ -702,7 +702,11 @@ pasta_opts:
 	exit(EXIT_FAILURE);
 }
 
-void conf_print(struct ctx *c)
+/**
+ * conf_print() - Print fundamental configuration parameters
+ * @c:		Execution context
+ */
+static void conf_print(const struct ctx *c)
 {
 	char buf4[INET_ADDRSTRLEN], ifn[IFNAMSIZ];
 	int i;

dhcp.c

@@ -178,7 +178,8 @@ static int fill(struct msg *m)
  *
  * Return: offset to corresponding compression pointer if any, -1 if not found
  */
-static int opt_dns_search_dup_ptr(unsigned char *buf, char *cmp, size_t len)
+static int opt_dns_search_dup_ptr(unsigned char *buf, const char *cmp,
+				  size_t len)
 {
 	unsigned int i;
 
@@ -202,7 +203,7 @@ static int opt_dns_search_dup_ptr(unsigned char *buf, char *cmp, size_t len)
  * @c:		Execution context
  * @max_len:	Maximum total length of option buffer
  */
-static void opt_set_dns_search(struct ctx *c, size_t max_len)
+static void opt_set_dns_search(const struct ctx *c, size_t max_len)
 {
 	char buf[NS_MAXDNAME];
 	int i;
@@ -215,7 +216,7 @@ static void opt_set_dns_search(struct ctx *c, size_t max_len)
 	for (i = 0; *c->dns_search[i].n; i++) {
 		unsigned int n;
 		int count = -1;
-		char *p;
+		const char *p;
 
 		buf[0] = 0;
 		for (p = c->dns_search[i].n, n = 1; *p; p++) {
@@ -263,7 +264,7 @@ static void opt_set_dns_search(struct ctx *c, size_t max_len)
  *
  * Return: 0 if it's not a DHCP message, 1 if handled, -1 on failure
  */
-int dhcp(struct ctx *c, struct pool *p)
+int dhcp(const struct ctx *c, const struct pool *p)
 {
 	size_t mlen, len, offset = 0, opt_len, opt_off = 0;
 	struct ethhdr *eh;

dhcp.h

@@ -6,7 +6,7 @@
 #ifndef DHCP_H
 #define DHCP_H
 
-int dhcp(struct ctx *c, struct pool *p);
+int dhcp(const struct ctx *c, const struct pool *p);
 void dhcp_init(void);
 
 #endif /* DHCP_H */

dhcpv6.c

@@ -297,7 +297,8 @@ static struct resp_not_on_link_t {
  *
  * Return: pointer to option header, or NULL on malformed or missing option
  */
-static struct opt_hdr *dhcpv6_opt(struct pool *p, size_t *offset, uint16_t type)
+static struct opt_hdr *dhcpv6_opt(const struct pool *p, size_t *offset,
+				  uint16_t type)
 {
 	struct opt_hdr *o;
 	size_t left;
@@ -322,13 +323,13 @@ static struct opt_hdr *dhcpv6_opt(struct pool *p, size_t *offset, uint16_t type)
 
 /**
  * dhcpv6_ia_notonlink() - Check if any IA contains non-appropriate addresses
- * @o:		First option header to check for IAs
+ * @p:		Packet pool, single packet starting from UDP header
- * @rem_len:	Remaining message length, host order
+ * @la:		Address we want to lease to the client
- * @addr:	Address we want to lease to the client
  *
  * Return: pointer to non-appropriate IA_NA or IA_TA, if any, NULL otherwise
  */
-static struct opt_hdr *dhcpv6_ia_notonlink(struct pool *p, struct in6_addr *la)
+static struct opt_hdr *dhcpv6_ia_notonlink(const struct pool *p,
+					   struct in6_addr *la)
 {
 	char buf[INET6_ADDRSTRLEN];
 	struct in6_addr *req_addr;
@@ -379,7 +380,7 @@ ia_ta:
  *
  * Return: updated length of response message buffer.
  */
-static size_t dhcpv6_dns_fill(struct ctx *c, char *buf, int offset)
+static size_t dhcpv6_dns_fill(const struct ctx *c, char *buf, int offset)
 {
 	struct opt_dns_servers *srv = NULL;
 	struct opt_dns_search *srch = NULL;
@@ -447,7 +448,7 @@ search:
  *
  * Return: 0 if it's not a DHCPv6 message, 1 if handled, -1 on failure
  */
-int dhcpv6(struct ctx *c, struct pool *p,
+int dhcpv6(struct ctx *c, const struct pool *p,
 	   const struct in6_addr *saddr, const struct in6_addr *daddr)
 {
 	struct opt_hdr *ia, *bad_ia, *client_id, *server_id;
@@ -588,7 +589,7 @@ int dhcpv6(struct ctx *c, struct pool *p,
  * dhcpv6_init() - Initialise DUID and addresses for DHCPv6 server
  * @c:		Execution context
  */
-void dhcpv6_init(struct ctx *c)
+void dhcpv6_init(const struct ctx *c)
 {
 	time_t y2k = 946684800; /* Epoch to 2000-01-01T00:00:00Z, no mktime() */
 	uint32_t duid_time;

dhcpv6.h

@@ -6,8 +6,8 @@
 #ifndef DHCPV6_H
 #define DHCPV6_H
 
-int dhcpv6(struct ctx *c, struct pool *p,
+int dhcpv6(struct ctx *c, const struct pool *p,
 	   struct in6_addr *saddr, struct in6_addr *daddr);
-void dhcpv6_init(struct ctx *c);
+void dhcpv6_init(const struct ctx *c);
 
 #endif /* DHCPV6_H */

icmp.c

@@ -65,8 +65,8 @@ static uint8_t icmp_act			[IP_VERSIONS][USHRT_MAX / 8];
  * @events:	epoll events bitmap
  * @now:	Current timestamp, unused
  */
-void icmp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events,
+void icmp_sock_handler(const struct ctx *c, union epoll_ref ref,
-		       struct timespec *now)
+		       uint32_t events, const struct timespec *now)
 {
 	struct in6_addr a6 = { .s6_addr = {    0,    0,    0,    0,
 					       0,    0,    0,    0,
@@ -136,13 +136,14 @@ void icmp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events,
  * icmp_tap_handler() - Handle packets from tap
  * @c:		Execution context
  * @af:		Address family, AF_INET or AF_INET6
+ * @addr:	Destination address
  * @p:		Packet pool, single packet with ICMP/ICMPv6 header
  * @now:	Current timestamp
  *
  * Return: count of consumed packets (always 1, even if malformed)
  */
-int icmp_tap_handler(struct ctx *c, int af, void *addr, struct pool *p,
+int icmp_tap_handler(const struct ctx *c, int af, const void *addr,
-		     struct timespec *now)
+		     const struct pool *p, const struct timespec *now)
 {
 	size_t plen;
 
@@ -227,8 +228,8 @@ fail_sock:
  * @id:		Echo identifier, host order
  * @ts:		Timestamp from caller
  */
-static void icmp_timer_one(struct ctx *c, int v6, uint16_t id,
+static void icmp_timer_one(const struct ctx *c, int v6, uint16_t id,
-			   struct timespec *ts)
+			   const struct timespec *ts)
 {
 	struct icmp_id_sock *id_map = &icmp_id_map[v6 ? V6 : V4][id];
 
@@ -247,7 +248,7 @@ static void icmp_timer_one(struct ctx *c, int v6, uint16_t id,
  * @c:		Execution context
  * @ts:		Timestamp from caller
  */
-void icmp_timer(struct ctx *c, struct timespec *ts)
+void icmp_timer(const struct ctx *c, const struct timespec *ts)
 {
 	long *word, tmp;
 	unsigned int i;

icmp.h

@@ -10,11 +10,11 @@
 
 struct ctx;
 
-void icmp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events,
+void icmp_sock_handler(const struct ctx *c, union epoll_ref ref,
-		       struct timespec *now);
+		       uint32_t events, const struct timespec *now);
-int icmp_tap_handler(struct ctx *c, int af, void *addr, struct pool *p,
+int icmp_tap_handler(const struct ctx *c, int af, const void *addr,
-		     struct timespec *now);
+		     const struct pool *p, const struct timespec *now);
-void icmp_timer(struct ctx *c, struct timespec *ts);
+void icmp_timer(const struct ctx *c, const struct timespec *ts);
 
 /**
  * union icmp_epoll_ref - epoll reference portion for ICMP tracking

ndp.c

@@ -45,8 +45,8 @@
  *
  * Return: 0 if not handled here, 1 if handled, -1 on failure
  */
-int ndp(struct ctx *c, struct icmp6hdr *ih, unsigned char *eh_source,
+int ndp(struct ctx *c, const struct icmp6hdr *ih,
-	struct in6_addr *saddr)
+	const unsigned char *eh_source, const struct in6_addr *saddr)
 {
 	char buf[BUFSIZ] = { 0 };
 	struct ipv6hdr *ip6hr;

ndp.h

@@ -6,7 +6,7 @@
 #ifndef NDP_H
 #define NDP_H
 
-int ndp(struct ctx *c, struct icmp6hdr *ih, unsigned char *eh_source,
+int ndp(struct ctx *c, const struct icmp6hdr *ih,
-	struct in6_addr *saddr);
+	const unsigned char *eh_source, const struct in6_addr *saddr);
 
 #endif /* NDP_H */

netlink.c

@@ -74,7 +74,7 @@ ns:
  *
  * Return: -EIO if sockets couldn't be set up, 0 otherwise
  */
-int nl_sock_init(struct ctx *c)
+int nl_sock_init(const struct ctx *c)
 {
 	if (c->mode == MODE_PASTA) {
 		NS_CALL(nl_sock_init_do, c);
@@ -99,7 +99,7 @@ int nl_sock_init(struct ctx *c)
  *
  * Return: received length on success, negative error code on failure
  */
-static int nl_req(int ns, char *buf, void *req, ssize_t len)
+static int nl_req(int ns, char *buf, const void *req, ssize_t len)
 {
 	int s = ns ? nl_sock_ns : nl_sock, done = 0;
 	char flush[BUFSIZ];

netlink.h

@@ -6,7 +6,7 @@
 #ifndef NETLINK_H
 #define NETLINK_H
 
-int nl_sock_init(struct ctx *c);
+int nl_sock_init(const struct ctx *c);
 unsigned int nl_get_ext_if(int *v4, int *v6);
 void nl_route(int ns, unsigned int ifi, sa_family_t af, void *gw);
 void nl_addr(int ns, unsigned int ifi, sa_family_t af,

packet.c

@@ -30,7 +30,7 @@
  * @line:	For tracing: caller line of function call
  */
 void packet_add_do(struct pool *p, size_t len, const char *start,
-		   const char *func, const int line)
+		   const char *func, int line)
 {
 	size_t index = p->count;
 
@@ -81,8 +81,8 @@ void packet_add_do(struct pool *p, size_t len, const char *start,
  *
  * Return: pointer to start of data range, NULL on invalid range or descriptor
  */
-void *packet_get_do(struct pool *p, size_t index, size_t offset, size_t len,
+void *packet_get_do(const struct pool *p, size_t index, size_t offset,
-		    size_t *left, const char *func, const int line)
+		    size_t len, size_t *left, const char *func, int line)
 {
 	if (index > p->size || index > p->count) {
 		if (func) {

packet.h

@@ -33,9 +33,10 @@ struct pool {
 };
 
 void packet_add_do(struct pool *p, size_t len, const char *start,
-		   const char *func, const int line);
+		   const char *func, int line);
-void *packet_get_do(struct pool *p, size_t index, size_t offset, size_t len,
+void *packet_get_do(const struct pool *p, const size_t index,
-		    size_t *left, const char *func, const int line);
+		    size_t offset, size_t len, size_t *left,
+		    const char *func, int line);
 void pool_flush(struct pool *p);
 
 #define packet_add(p, len, start)					\

passt.c

@@ -93,8 +93,8 @@ char *ip_proto_str[IPPROTO_SCTP + 1] = {
  * @events:	epoll events
  * @now:	Current timestamp
  */
-static void sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events,
+static void sock_handler(struct ctx *c, union epoll_ref ref,
-			 struct timespec *now)
+			 uint32_t events, const struct timespec *now)
 {
 	trace("%s: %s packet from socket %i (events: 0x%08x)",
 	      c->mode == MODE_PASST ? "passt" : "pasta",
@@ -114,7 +114,7 @@ static void sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events,
  * @c:		Execution context
  * @now:	Current timestamp
  */
-static void post_handler(struct ctx *c, struct timespec *now)
+static void post_handler(struct ctx *c, const struct timespec *now)
 {
 #define CALL_PROTO_HANDLER(c, now, lc, uc)				\
 	do {								\
@@ -149,7 +149,7 @@ static void post_handler(struct ctx *c, struct timespec *now)
  * @c:		Execution context
  * @now:	Current timestamp
  */
-static void timer_init(struct ctx *c, struct timespec *now)
+static void timer_init(struct ctx *c, const struct timespec *now)
 {
 	c->tcp.timer_run = c->udp.timer_run = c->icmp.timer_run = *now;
 }
@@ -160,8 +160,8 @@ static void timer_init(struct ctx *c, struct timespec *now)
  * @eth_s:	Ethernet source address, NULL if unchanged
  * @ip_da:	Pointer to IPv4 destination address, NULL if unchanged
  */
-void proto_update_l2_buf(unsigned char *eth_d, unsigned char *eth_s,
+void proto_update_l2_buf(const unsigned char *eth_d, const unsigned char *eth_s,
-			 uint32_t *ip_da)
+			 const uint32_t *ip_da)
 {
 	tcp_update_l2_buf(eth_d, eth_s, ip_da);
 	udp_update_l2_buf(eth_d, eth_s, ip_da);
@@ -171,7 +171,7 @@ void proto_update_l2_buf(unsigned char *eth_d, unsigned char *eth_s,
  * seccomp() - Set up seccomp filters depending on mode, won't return on failure
  * @c:		Execution context
  */
-static void seccomp(struct ctx *c)
+static void seccomp(const struct ctx *c)
 {
 	struct sock_fprog prog;
 

passt.h

@@ -233,7 +233,7 @@ struct ctx {
 	int low_rmem;
 };
 
-void proto_update_l2_buf(unsigned char *eth_d, unsigned char *eth_s,
+void proto_update_l2_buf(const unsigned char *eth_d, const unsigned char *eth_s,
-			 uint32_t *ip_da);
+			 const uint32_t *ip_da);
 
 #endif /* PASST_H */

pcap.c

@@ -41,7 +41,7 @@
 static int pcap_fd = -1;
 
 /* See pcap.h from libpcap, or pcap-savefile(5) */
-static struct {
+static const struct {
 	uint32_t magic;
 #define PCAP_MAGIC		0xa1b2c3d4
 
@@ -74,7 +74,7 @@ struct pcap_pkthdr {
  * @pkt:	Pointer to data buffer, including L2 headers
  * @len:	L2 packet length
  */
-void pcap(char *pkt, size_t len)
+void pcap(const char *pkt, size_t len)
 {
 	struct pcap_pkthdr h;
 	struct timeval tv;
@@ -95,7 +95,7 @@ void pcap(char *pkt, size_t len)
  * pcapm() - Capture multiple frames from message header to pcap file
  * @mh:		Pointer to sendmsg() message header buffer
  */
-void pcapm(struct msghdr *mh)
+void pcapm(const struct msghdr *mh)
 {
 	struct pcap_pkthdr h;
 	struct iovec *iov;
@@ -130,7 +130,7 @@ fail:
  * pcapm() - Capture multiple frames from multiple message headers to pcap file
  * @mmh:	Pointer to first sendmmsg() header
  */
-void pcapmm(struct mmsghdr *mmh, unsigned int vlen)
+void pcapmm(const struct mmsghdr *mmh, unsigned int vlen)
 {
 	struct pcap_pkthdr h;
 	struct iovec *iov;
@@ -145,7 +145,7 @@ void pcapmm(struct mmsghdr *mmh, unsigned int vlen)
 	h.tv_usec = tv.tv_usec;
 
 	for (i = 0; i < vlen; i++) {
-		struct msghdr *mh = &mmh[i].msg_hdr;
+		const struct msghdr *mh = &mmh[i].msg_hdr;
 
 		for (j = 0; j < mh->msg_iovlen; j++) {
 			iov = &mh->msg_iov[j];

pcap.h

@@ -6,9 +6,9 @@
 #ifndef PCAP_H
 #define PCAP_H
 
-void pcap(char *pkt, size_t len);
+void pcap(const char *pkt, size_t len);
-void pcapm(struct msghdr *mh);
+void pcapm(const struct msghdr *mh);
-void pcapmm(struct mmsghdr *mmh, unsigned int vlen);
+void pcapmm(const struct mmsghdr *mmh, unsigned int vlen);
 void pcap_init(struct ctx *c);
 
 #endif /* PCAP_H */

tap.c

@@ -66,7 +66,7 @@ static PACKET_POOL_NOINIT(pool_tap6, TAP_MSGS, pkt_buf);
  *
  * Return: return code from send() or write()
  */
-int tap_send(struct ctx *c, void *data, size_t len, int vnet_pre)
+int tap_send(const struct ctx *c, const void *data, size_t len, int vnet_pre)
 {
 	if (vnet_pre)
 		pcap((char *)data + 4, len);
@@ -100,8 +100,8 @@ int tap_send(struct ctx *c, void *data, size_t len, int vnet_pre)
  * @len:	L4 payload length
  * @flow:	Flow label for TCP over IPv6
  */
-void tap_ip_send(struct ctx *c, struct in6_addr *src, uint8_t proto,
+void tap_ip_send(const struct ctx *c, const struct in6_addr *src, uint8_t proto,
-		 char *in, size_t len, uint32_t flow)
+		 const char *in, size_t len, uint32_t flow)
 {
 	char buf[USHRT_MAX];
 	char *pkt = buf + 4;
@@ -258,9 +258,10 @@ static struct tap6_l4_t {
  * @seq6:	Pointer to @struct tap_l4_seq6, can be NULL
  * @count:	Count of packets in this sequence
  */
-static void tap_packet_debug(struct iphdr *iph, struct ipv6hdr *ip6h,
+static void tap_packet_debug(const struct iphdr *iph,
-			     struct tap4_l4_t *seq4, uint8_t proto6,
+			     const struct ipv6hdr *ip6h,
-			     struct tap6_l4_t *seq6, int count)
+			     const struct tap4_l4_t *seq4, uint8_t proto6,
+			     const struct tap6_l4_t *seq6, int count)
 {
 	char buf6s[INET6_ADDRSTRLEN], buf6d[INET6_ADDRSTRLEN];
 	char buf4s[INET_ADDRSTRLEN], buf4d[INET_ADDRSTRLEN];
@@ -306,7 +307,8 @@ static void tap_packet_debug(struct iphdr *iph, struct ipv6hdr *ip6h,
  *
  * Return: count of packets consumed by handlers
  */
-static int tap4_handler(struct ctx *c, struct pool *in, struct timespec *now)
+static int tap4_handler(struct ctx *c, const struct pool *in,
+			const struct timespec *now)
 {
 	unsigned int i, j, seq_count;
 	struct tap4_l4_t *seq;
@@ -458,7 +460,8 @@ append:
  *
  * Return: count of packets consumed by handlers
  */
-static int tap6_handler(struct ctx *c, struct pool *in, struct timespec *now)
+static int tap6_handler(struct ctx *c, const struct pool *in,
+			const struct timespec *now)
 {
 	unsigned int i, j, seq_count = 0;
 	struct tap6_l4_t *seq;
@@ -618,7 +621,7 @@ append:
  *
  * Return: -ECONNRESET on receive error, 0 otherwise
  */
-static int tap_handler_passt(struct ctx *c, struct timespec *now)
+static int tap_handler_passt(struct ctx *c, const struct timespec *now)
 {
 	struct ethhdr *eh;
 	ssize_t n, rem;
@@ -706,7 +709,7 @@ next:
  *
  * Return: -ECONNRESET on receive error, 0 otherwise
  */
-static int tap_handler_pasta(struct ctx *c, struct timespec *now)
+static int tap_handler_pasta(struct ctx *c, const struct timespec *now)
 {
 	ssize_t n = 0, len;
 	int ret;
@@ -946,7 +949,8 @@ void tap_sock_init(struct ctx *c)
  * @events:	epoll events
  * @now:	Current timestamp, can be NULL on EPOLLERR
  */
-void tap_handler(struct ctx *c, int fd, uint32_t events, struct timespec *now)
+void tap_handler(struct ctx *c, int fd, uint32_t events,
+		 const struct timespec *now)
 {
 	if (fd == c->fd_tap_listen && events == EPOLLIN) {
 		tap_sock_unix_new(c);

tap.h

@@ -6,10 +6,11 @@
 #ifndef TAP_H
 #define TAP_H
 
-void tap_ip_send(struct ctx *c, struct in6_addr *src, uint8_t proto,
+void tap_ip_send(const struct ctx *c, const struct in6_addr *src, uint8_t proto,
-		 char *in, size_t len, uint32_t flow);
+		 const char *in, size_t len, uint32_t flow);
-int tap_send(struct ctx *c, void *data, size_t len, int vnet_pre);
+int tap_send(const struct ctx *c, const void *data, size_t len, int vnet_pre);
-void tap_handler(struct ctx *c, int fd, uint32_t events, struct timespec *now);
+void tap_handler(struct ctx *c, int fd, uint32_t events,
+		 const struct timespec *now);
 void tap_sock_init(struct ctx *c);
 
 #endif /* TAP_H */

tcp.c

@@ -713,7 +713,7 @@ static uint32_t tcp_conn_epoll_events(uint8_t events, uint8_t conn_flags)
 	return EPOLLRDHUP;
 }
 
-static void conn_flag_do(struct ctx *c, struct tcp_conn *conn,
+static void conn_flag_do(const struct ctx *c, struct tcp_conn *conn,
 			 unsigned long flag);
 #define conn_flag(c, conn, flag)					\
 	do {								\
@@ -728,7 +728,7 @@ static void conn_flag_do(struct ctx *c, struct tcp_conn *conn,
  *
  * Return: 0 on success, negative error code on failure (not on deletion)
  */
-static int tcp_epoll_ctl(struct ctx *c, struct tcp_conn *conn)
+static int tcp_epoll_ctl(const struct ctx *c, struct tcp_conn *conn)
 {
 	int m = (conn->flags & IN_EPOLL) ? EPOLL_CTL_MOD : EPOLL_CTL_ADD;
 	union epoll_ref ref = { .r.proto = IPPROTO_TCP, .r.s = conn->sock,
@@ -773,7 +773,7 @@ static int tcp_epoll_ctl(struct ctx *c, struct tcp_conn *conn)
  *
  * #syscalls timerfd_create timerfd_settime
  */
-static void tcp_timer_ctl(struct ctx *c, struct tcp_conn *conn)
+static void tcp_timer_ctl(const struct ctx *c, struct tcp_conn *conn)
 {
 	struct itimerspec it = { { 0 }, { 0 } };
 
@@ -829,7 +829,7 @@ static void tcp_timer_ctl(struct ctx *c, struct tcp_conn *conn)
  * @conn:	Connection pointer
  * @flag:	Flag to set, or ~flag to unset
  */
-static void conn_flag_do(struct ctx *c, struct tcp_conn *conn,
+static void conn_flag_do(const struct ctx *c, struct tcp_conn *conn,
 			 unsigned long flag)
 {
 	if (flag & (flag - 1)) {
@@ -863,7 +863,7 @@ static void conn_flag_do(struct ctx *c, struct tcp_conn *conn,
  * @conn:	Connection pointer
  * @event:	Connection event
  */
-static void conn_event_do(struct ctx *c, struct tcp_conn *conn,
+static void conn_event_do(const struct ctx *c, struct tcp_conn *conn,
 			  unsigned long event)
 {
 	int prev, new, num = fls(event);
@@ -943,7 +943,7 @@ void tcp_remap_to_init(in_port_t port, in_port_t delta)
  *
  * Return: 1 if destination is in low RTT table, 0 otherwise
  */
-static int tcp_rtt_dst_low(struct tcp_conn *conn)
+static int tcp_rtt_dst_low(const struct tcp_conn *conn)
 {
 	int i;
 
@@ -959,7 +959,8 @@ static int tcp_rtt_dst_low(struct tcp_conn *conn)
  * @conn:	Connection pointer
  * @tinfo:	Pointer to struct tcp_info for socket
  */
-static void tcp_rtt_dst_check(struct tcp_conn *conn, struct tcp_info *tinfo)
+static void tcp_rtt_dst_check(const struct tcp_conn *conn,
+			      const struct tcp_info *tinfo)
 {
 #ifdef HAS_MIN_RTT
 	int i, hole = -1;
@@ -1014,7 +1015,7 @@ static void tcp_get_sndbuf(struct tcp_conn *conn)
  * tcp_sock_set_bufsize() - Set SO_RCVBUF and SO_SNDBUF to maximum values
  * @s:		Socket, can be -1 to avoid check in the caller
  */
-void tcp_sock_set_bufsize(struct ctx *c, int s)
+void tcp_sock_set_bufsize(const struct ctx *c, int s)
 {
 	int v = INT_MAX / 2; /* Kernel clamps and rounds, no need to check */
 
@@ -1086,7 +1087,7 @@ static void tcp_update_check_tcp6(struct tcp6_l2_buf_t *buf)
  * @eth_s:	Ethernet source address, NULL if unchanged
  * @ip_da:	Pointer to IPv4 destination address, NULL if unchanged
  */
-void tcp_update_l2_buf(unsigned char *eth_d, unsigned char *eth_s,
+void tcp_update_l2_buf(const unsigned char *eth_d, const unsigned char *eth_s,
 		       const uint32_t *ip_da)
 {
 	int i;
@@ -1209,8 +1210,8 @@ static void tcp_sock6_iov_init(void)
  *
  * Return: option value, meaningful for up to 4 bytes, -1 if not found
  */
-static int tcp_opt_get(char *opts, size_t len, uint8_t type_find,
+static int tcp_opt_get(const char *opts, size_t len, uint8_t type_find,
-		       uint8_t *optlen_set, char **value_set)
+		       uint8_t *optlen_set, const char **value_set)
 {
 	uint8_t type, optlen;
 
@@ -1263,7 +1264,7 @@ static int tcp_opt_get(char *opts, size_t len, uint8_t type_find,
  *
  * Return: 1 on match, 0 otherwise
  */
-static int tcp_hash_match(struct tcp_conn *conn, int af, void *addr,
+static int tcp_hash_match(const struct tcp_conn *conn, int af, const void *addr,
 			  in_port_t tap_port, in_port_t sock_port)
 {
 	if (af == AF_INET && CONN_V4(conn)			&&
@@ -1292,7 +1293,7 @@ static int tcp_hash_match(struct tcp_conn *conn, int af, void *addr,
 #if TCP_HASH_NOINLINE
 __attribute__((__noinline__))	/* See comment in Makefile */
 #endif
-static unsigned int tcp_hash(struct ctx *c, int af, void *addr,
+static unsigned int tcp_hash(const struct ctx *c, int af, const void *addr,
 			     in_port_t tap_port, in_port_t sock_port)
 {
 	uint64_t b = 0;
@@ -1329,8 +1330,8 @@ static unsigned int tcp_hash(struct ctx *c, int af, void *addr,
  * @af:		Address family, AF_INET or AF_INET6
  * @addr:	Remote address, pointer to sin_addr or sin6_addr
  */
-static void tcp_hash_insert(struct ctx *c, struct tcp_conn *conn,
+static void tcp_hash_insert(const struct ctx *c, struct tcp_conn *conn,
-			    int af, void *addr)
+			    int af, const void *addr)
 {
 	int b;
 
@@ -1347,7 +1348,7 @@ static void tcp_hash_insert(struct ctx *c, struct tcp_conn *conn,
  * tcp_hash_remove() - Drop connection from hash table, chain unlink
  * @conn:	Connection pointer
  */
-static void tcp_hash_remove(struct tcp_conn *conn)
+static void tcp_hash_remove(const struct tcp_conn *conn)
 {
 	struct tcp_conn *entry, *prev = NULL;
 	int b = conn->hash_bucket;
@@ -1404,7 +1405,8 @@ static void tcp_hash_update(struct tcp_conn *old, struct tcp_conn *new)
  *
  * Return: connection pointer, if found, -ENOENT otherwise
  */
-static struct tcp_conn *tcp_hash_lookup(struct ctx *c, int af, void *addr,
+static struct tcp_conn *tcp_hash_lookup(const struct ctx *c, int af,
+					const void *addr,
 					in_port_t tap_port, in_port_t sock_port)
 {
 	int b = tcp_hash(c, af, addr, tap_port, sock_port);
@@ -1480,7 +1482,7 @@ static void tcp_rst_do(struct ctx *c, struct tcp_conn *conn);
  *
  * Return: 0 on success, negative error code on failure (tap reset possible)
  */
-static int tcp_l2_buf_write_one(struct ctx *c, struct iovec *iov)
+static int tcp_l2_buf_write_one(struct ctx *c, const struct iovec *iov)
 {
 	if (write(c->fd_tap, (char *)iov->iov_base + 4, iov->iov_len - 4) < 0) {
 		debug("tap write: %s", strerror(errno));
@@ -1498,7 +1500,8 @@ static int tcp_l2_buf_write_one(struct ctx *c, struct iovec *iov)
  * @mh:		Message header that was partially sent by sendmsg()
  * @sent:	Bytes already sent
  */
-static void tcp_l2_buf_flush_part(struct ctx *c, struct msghdr *mh, size_t sent)
+static void tcp_l2_buf_flush_part(const struct ctx *c,
+				  const struct msghdr *mh, size_t sent)
 {
 	size_t end = 0, missing;
 	struct iovec *iov;
@@ -1625,7 +1628,8 @@ void tcp_defer_handler(struct ctx *c)
  *
  * Return: 802.3 length, host order
  */
-static size_t tcp_l2_buf_fill_headers(struct ctx *c, struct tcp_conn *conn,
+static size_t tcp_l2_buf_fill_headers(const struct ctx *c,
+				      const struct tcp_conn *conn,
 				      void *p, size_t plen,
 				      const uint16_t *check, uint32_t seq)
 {
@@ -1707,7 +1711,7 @@ do {									\
  *
  * Return: 1 if sequence or window were updated, 0 otherwise
  */
-static int tcp_update_seqack_wnd(struct ctx *c, struct tcp_conn *conn,
+static int tcp_update_seqack_wnd(const struct ctx *c, struct tcp_conn *conn,
 				 int force_seq, struct tcp_info *tinfo)
 {
 	uint32_t prev_wnd_to_tap = conn->wnd_to_tap << conn->ws_to_tap;
@@ -1954,7 +1958,8 @@ static void tcp_rst_do(struct ctx *c, struct tcp_conn *conn)
  * @opts:	Pointer to start of TCP options
  * @optlen:	Bytes in options: caller MUST ensure available length
  */
-static void tcp_get_tap_ws(struct tcp_conn *conn, char *opts, size_t optlen)
+static void tcp_get_tap_ws(struct tcp_conn *conn,
+			   const char *opts, size_t optlen)
 {
 	int ws = tcp_opt_get(opts, optlen, OPT_WS, NULL, NULL);
 
@@ -1970,7 +1975,8 @@ static void tcp_get_tap_ws(struct tcp_conn *conn, char *opts, size_t optlen)
  * @conn:	Connection pointer
  * @window:	Window value, host order, unscaled
  */
-static void tcp_clamp_window(struct ctx *c, struct tcp_conn *conn, unsigned wnd)
+static void tcp_clamp_window(const struct ctx *c, struct tcp_conn *conn,
+			     unsigned wnd)
 {
 	uint32_t prev_scaled = conn->wnd_from_tap << conn->ws_from_tap;
 
@@ -2003,9 +2009,9 @@ static void tcp_clamp_window(struct ctx *c, struct tcp_conn *conn, unsigned wnd)
  *
  * Return: initial TCP sequence
  */
-static uint32_t tcp_seq_init(struct ctx *c, int af, void *addr,
+static uint32_t tcp_seq_init(const struct ctx *c, int af, const void *addr,
 			     in_port_t dstport, in_port_t srcport,
-			     struct timespec *now)
+			     const struct timespec *now)
 {
 	uint32_t ns, seq = 0;
 
@@ -2052,7 +2058,7 @@ static uint32_t tcp_seq_init(struct ctx *c, int af, void *addr,
  *
  * Return: socket number if available, negative code if socket creation failed
  */
-static int tcp_conn_new_sock(struct ctx *c, sa_family_t af)
+static int tcp_conn_new_sock(const struct ctx *c, sa_family_t af)
 {
 	int *p = af == AF_INET6 ? init_sock_pool6 : init_sock_pool4, i, s = -1;
 
@@ -2079,7 +2085,7 @@ static int tcp_conn_new_sock(struct ctx *c, sa_family_t af)
 }
 
 /**
- * tcp_conn_tap_mss() - Get and clamp MSS value advertised by tap/guest
+ * tcp_conn_tap_mss() - Get MSS value advertised by tap/guest
  * @c:		Execution context
  * @conn:	Connection pointer
  * @opts:	Pointer to start of TCP options
@@ -2087,8 +2093,9 @@ static int tcp_conn_new_sock(struct ctx *c, sa_family_t af)
  *
  * Return: clamped MSS value
  */
-static uint16_t tcp_conn_tap_mss(struct ctx *c, struct tcp_conn *conn,
+static uint16_t tcp_conn_tap_mss(const struct ctx *c,
-				 char *opts, size_t optlen)
+				 const struct tcp_conn *conn,
+				 const char *opts, size_t optlen)
 {
 	unsigned int mss;
 	int ret;
@@ -2119,9 +2126,9 @@ static uint16_t tcp_conn_tap_mss(struct ctx *c, struct tcp_conn *conn,
  * @optlen:	Bytes in options: caller MUST ensure available length
  * @now:	Current timestamp
  */
-static void tcp_conn_from_tap(struct ctx *c, int af, void *addr,
+static void tcp_conn_from_tap(struct ctx *c, int af, const void *addr,
-			      struct tcphdr *th, char *opts, size_t optlen,
+			      const struct tcphdr *th, const char *opts,
-			      struct timespec *now)
+			      size_t optlen, const struct timespec *now)
 {
 	struct sockaddr_in addr4 = {
 		.sin_family = AF_INET,
@@ -2267,8 +2274,8 @@ static int tcp_sock_consume(struct tcp_conn *conn, uint32_t ack_seq)
  * @seq:	Sequence number to be sent
  * @now:	Current timestamp
  */
-static void tcp_data_to_tap(struct ctx *c, struct tcp_conn *conn, ssize_t plen,
+static void tcp_data_to_tap(struct ctx *c, struct tcp_conn *conn,
-			    int no_csum, uint32_t seq)
+			    ssize_t plen, int no_csum, uint32_t seq)
 {
 	struct iovec *iov;
 	size_t len;
@@ -2432,7 +2439,7 @@ zero_len:
  * #syscalls sendmsg
  */
 static void tcp_data_from_tap(struct ctx *c, struct tcp_conn *conn,
-			      struct pool *p)
+			      const struct pool *p)
 {
 	int i, iov_i, ack = 0, fin = 0, retr = 0, keep = -1, partial_send = 0;
 	uint16_t max_ack_seq_wnd = conn->wnd_from_tap;
@@ -2628,8 +2635,8 @@ out:
  * @optlen:	Bytes in options: caller MUST ensure available length
  */
 static void tcp_conn_from_sock_finish(struct ctx *c, struct tcp_conn *conn,
-				      struct tcphdr *th,
+				      const struct tcphdr *th,
-				      char *opts, size_t optlen)
+				      const char *opts, size_t optlen)
 {
 	tcp_clamp_window(c, conn, ntohs(th->window));
 	tcp_get_tap_ws(conn, opts, optlen);
@@ -2663,8 +2670,8 @@ static void tcp_conn_from_sock_finish(struct ctx *c, struct tcp_conn *conn,
  *
  * Return: count of consumed packets
  */
-int tcp_tap_handler(struct ctx *c, int af, void *addr, struct pool *p,
+int tcp_tap_handler(struct ctx *c, int af, const void *addr,
-		    struct timespec *now)
+		    const struct pool *p, const struct timespec *now)
 {
 	struct tcp_conn *conn;
 	size_t optlen, len;
@@ -2802,7 +2809,7 @@ static void tcp_connect_finish(struct ctx *c, struct tcp_conn *conn)
  * @now:	Current timestamp
  */
 static void tcp_conn_from_sock(struct ctx *c, union epoll_ref ref,
-			       struct timespec *now)
+			       const struct timespec *now)
 {
 	struct sockaddr_storage sa;
 	struct tcp_conn *conn;
@@ -2960,7 +2967,7 @@ static void tcp_timer_handler(struct ctx *c, union epoll_ref ref)
  * @now:	Current timestamp
  */
 void tcp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events,
-		      struct timespec *now)
+		      const struct timespec *now)
 {
 	struct tcp_conn *conn;
 
@@ -3034,7 +3041,7 @@ void tcp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events,
  * @ns:		In pasta mode, if set, bind with loopback address in namespace
  * @port:	Port, host order
  */
-static void tcp_sock_init_one(struct ctx *c, int ns, in_port_t port)
+static void tcp_sock_init_one(const struct ctx *c, int ns, in_port_t port)
 {
 	union tcp_epoll_ref tref = { .tcp.listen = 1 };
 	int s;
@@ -3404,7 +3411,7 @@ static int tcp_port_rebind(void *arg)
  * @c:		Execution context
  * @ts:		Unused
  */
-void tcp_timer(struct ctx *c, struct timespec *ts)
+void tcp_timer(struct ctx *c, const struct timespec *ts)
 {
 	struct tcp_sock_refill_arg refill_arg = { c, 0 };
 	struct tcp_conn *conn;

tcp.h

@@ -17,15 +17,15 @@
 struct ctx;
 
 void tcp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events,
-		      struct timespec *now);
+		      const struct timespec *now);
-int tcp_tap_handler(struct ctx *c, int af, void *addr, struct pool *p,
+int tcp_tap_handler(struct ctx *c, int af, const void *addr,
-		    struct timespec *now);
+		    const struct pool *p, const struct timespec *now);
 int tcp_sock_init(struct ctx *c);
-void tcp_timer(struct ctx *c, struct timespec *ts);
+void tcp_timer(struct ctx *c, const struct timespec *ts);
 void tcp_defer_handler(struct ctx *c);
 
-void tcp_sock_set_bufsize(struct ctx *c, int s);
+void tcp_sock_set_bufsize(const struct ctx *c, int s);
-void tcp_update_l2_buf(unsigned char *eth_d, unsigned char *eth_s,
+void tcp_update_l2_buf(const unsigned char *eth_d, const unsigned char *eth_s,
 		       const uint32_t *ip_da);
 void tcp_remap_to_tap(in_port_t port, in_port_t delta);
 void tcp_remap_to_init(in_port_t port, in_port_t delta);

tcp_splice.c

@@ -156,7 +156,8 @@ static void tcp_splice_conn_epoll_events(uint16_t events,
 }
 
 static void tcp_splice_destroy(struct ctx *c, struct tcp_splice_conn *conn);
-static int tcp_splice_epoll_ctl(struct ctx *c, struct tcp_splice_conn *conn);
+static int tcp_splice_epoll_ctl(const struct ctx *c,
+				struct tcp_splice_conn *conn);
 
 /**
  * conn_flag_do() - Set/unset given flag, log, update epoll on CLOSING flag
@@ -164,7 +165,7 @@ static int tcp_splice_epoll_ctl(struct ctx *c, struct tcp_splice_conn *conn);
  * @conn:	Connection pointer
  * @flag:	Flag to set, or ~flag to unset
  */
-static void conn_flag_do(struct ctx *c, struct tcp_splice_conn *conn,
+static void conn_flag_do(const struct ctx *c, struct tcp_splice_conn *conn,
 			 unsigned long flag)
 {
 	if (flag & (flag - 1)) {
@@ -201,7 +202,8 @@ static void conn_flag_do(struct ctx *c, struct tcp_splice_conn *conn,
  *
  * Return: 0 on success, negative error code on failure (not on deletion)
  */
-static int tcp_splice_epoll_ctl(struct ctx *c, struct tcp_splice_conn *conn)
+static int tcp_splice_epoll_ctl(const struct ctx *c,
+				struct tcp_splice_conn *conn)
 {
 	int m = (conn->flags & IN_EPOLL) ? EPOLL_CTL_MOD : EPOLL_CTL_ADD;
 	union epoll_ref ref_a = { .r.proto = IPPROTO_TCP, .r.s = conn->a,
@@ -243,7 +245,7 @@ delete:
  * @conn:	Connection pointer
  * @event:	Connection event
  */
-static void conn_event_do(struct ctx *c, struct tcp_splice_conn *conn,
+static void conn_event_do(const struct ctx *c, struct tcp_splice_conn *conn,
 			  unsigned long event)
 {
 	if (event & (event - 1)) {
@@ -348,7 +350,7 @@ static void tcp_splice_destroy(struct ctx *c, struct tcp_splice_conn *conn)
  *
  * Return: 0 on success, -EIO on failure
  */
-static int tcp_splice_connect_finish(struct ctx *c,
+static int tcp_splice_connect_finish(const struct ctx *c,
 				     struct tcp_splice_conn *conn)
 {
 	int i;
@@ -393,7 +395,7 @@ static int tcp_splice_connect_finish(struct ctx *c,
  *
  * Return: 0 for connect() succeeded or in progress, negative value on error
  */
-static int tcp_splice_connect(struct ctx *c, struct tcp_splice_conn *conn,
+static int tcp_splice_connect(const struct ctx *c, struct tcp_splice_conn *conn,
 			      int s, in_port_t port)
 {
 	int sock_conn = (s >= 0) ? s : socket(CONN_V6(conn) ? AF_INET6 :
@@ -460,7 +462,7 @@ static int tcp_splice_connect(struct ctx *c, struct tcp_splice_conn *conn,
  * @ret:	Return value of tcp_splice_connect_ns()
  */
 struct tcp_splice_connect_ns_arg {
-	struct ctx *c;
+	const struct ctx *c;
 	struct tcp_splice_conn *conn;
 	in_port_t port;
 	int ret;
@@ -490,7 +492,7 @@ static int tcp_splice_connect_ns(void *arg)
  *
  * Return: return code from connect()
  */
-static int tcp_splice_new(struct ctx *c, struct tcp_splice_conn *conn,
+static int tcp_splice_new(const struct ctx *c, struct tcp_splice_conn *conn,
 			  in_port_t port)
 {
 	struct tcp_splice_connect_ns_arg ns_arg = { c, conn, port, 0 };
@@ -800,7 +802,7 @@ smaller:
  * tcp_splice_pipe_refill() - Refill pool of pre-opened pipes
  * @c:		Execution context
  */
-static void tcp_splice_pipe_refill(struct ctx *c)
+static void tcp_splice_pipe_refill(const struct ctx *c)
 {
 	int i;
 

udp.c

@@ -306,7 +306,7 @@ static void udp_update_check4(struct udp4_l2_buf_t *buf)
  * @eth_s:	Ethernet source address, NULL if unchanged
  * @ip_da:	Pointer to IPv4 destination address, NULL if unchanged
  */
-void udp_update_l2_buf(unsigned char *eth_d, unsigned char *eth_s,
+void udp_update_l2_buf(const unsigned char *eth_d, const unsigned char *eth_s,
 		       const uint32_t *ip_da)
 {
 	int i;
@@ -429,7 +429,7 @@ static void udp_sock6_iov_init(void)
  *
  * #syscalls:pasta getsockname
  */
-int udp_splice_connect(struct ctx *c, int v6, int bound_sock,
+int udp_splice_connect(const struct ctx *c, int v6, int bound_sock,
 		       in_port_t src, in_port_t dst, int splice)
 {
 	struct epoll_event ev = { .events = EPOLLIN | EPOLLRDHUP | EPOLLHUP };
@@ -519,7 +519,7 @@ fail:
  * @s:		Newly created socket or negative error code
  */
 struct udp_splice_connect_ns_arg {
-	struct ctx *c;
+	const struct ctx *c;
 	int v6;
 	int bound_sock;
 	in_port_t src;
@@ -555,8 +555,8 @@ static int udp_splice_connect_ns(void *arg)
  * @events:	epoll events bitmap
  * @now:	Current timestamp
  */
-static void udp_sock_handler_splice(struct ctx *c, union epoll_ref ref,
+static void udp_sock_handler_splice(const struct ctx *c, union epoll_ref ref,
-				    uint32_t events, struct timespec *now)
+				    uint32_t events, const struct timespec *now)
 {
 	in_port_t src, dst = ref.r.p.udp.udp.port, send_dst = 0;
 	struct msghdr *mh = &udp_mmh_recv[0].msg_hdr;
@@ -671,9 +671,10 @@ static void udp_sock_handler_splice(struct ctx *c, union epoll_ref ref,
  * @msg_len:	Length of current message being prepared for sending
  * @now:	Current timestamp
  */
-static void udp_sock_fill_data_v4(struct ctx *c, int n, union epoll_ref ref,
+static void udp_sock_fill_data_v4(const struct ctx *c, int n,
+				  union epoll_ref ref,
 				  int *msg_idx, int *msg_bufs, ssize_t *msg_len,
-				  struct timespec *now)
+				  const struct timespec *now)
 {
 	struct msghdr *mh = &udp6_l2_mh_tap[*msg_idx].msg_hdr;
 	struct udp4_l2_buf_t *b = &udp4_l2_buf[n];
@@ -746,9 +747,10 @@ static void udp_sock_fill_data_v4(struct ctx *c, int n, union epoll_ref ref,
  * @msg_len:	Length of current message being prepared for sending
  * @now:	Current timestamp
  */
-static void udp_sock_fill_data_v6(struct ctx *c, int n, union epoll_ref ref,
+static void udp_sock_fill_data_v6(const struct ctx *c, int n,
+				  union epoll_ref ref,
 				  int *msg_idx, int *msg_bufs, ssize_t *msg_len,
-				  struct timespec *now)
+				  const struct timespec *now)
 {
 	struct msghdr *mh = &udp6_l2_mh_tap[*msg_idx].msg_hdr;
 	struct udp6_l2_buf_t *b = &udp6_l2_buf[n];
@@ -845,8 +847,8 @@ static void udp_sock_fill_data_v6(struct ctx *c, int n, union epoll_ref ref,
  * #syscalls recvmmsg
  * #syscalls:passt sendmmsg sendmsg
  */
-void udp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events,
+void udp_sock_handler(const struct ctx *c, union epoll_ref ref, uint32_t events,
-		      struct timespec *now)
+		      const struct timespec *now)
 {
 	ssize_t n, msg_len = 0, missing = 0;
 	int msg_bufs = 0, msg_i = 0, ret;
@@ -958,8 +960,8 @@ void udp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events,
  *
  * #syscalls sendmmsg
  */
-int udp_tap_handler(struct ctx *c, int af, void *addr, struct pool *p,
+int udp_tap_handler(struct ctx *c, int af, const void *addr,
-		    struct timespec *now)
+		    const struct pool *p, const struct timespec *now)
 {
 	struct mmsghdr mm[UIO_MAXIOV] = { 0 };
 	struct iovec m[UIO_MAXIOV];
@@ -1180,7 +1182,7 @@ static void udp_splice_iov_init(void)
  *
  * Return: 0 on success, -1 on failure
  */
-int udp_sock_init(struct ctx *c)
+int udp_sock_init(const struct ctx *c)
 {
 	union udp_epoll_ref uref = { .udp.bound = 1 };
 	int dst, s;
@@ -1246,7 +1248,7 @@ int udp_sock_init(struct ctx *c)
  * @ts:		Timestamp from caller
  */
 static void udp_timer_one(struct ctx *c, int v6, enum udp_act_type type,
-			  in_port_t port, struct timespec *ts)
+			  in_port_t port, const struct timespec *ts)
 {
 	struct udp_splice_port *sp;
 	struct udp_tap_port *tp;
@@ -1292,7 +1294,7 @@ static void udp_timer_one(struct ctx *c, int v6, enum udp_act_type type,
  * @c:		Execution context
  * @ts:		Timestamp from caller
  */
-void udp_timer(struct ctx *c, struct timespec *ts)
+void udp_timer(struct ctx *c, const struct timespec *ts)
 {
 	int n, t, v6 = 0;
 	unsigned int i;

udp.h

@@ -8,13 +8,13 @@
 
 #define UDP_TIMER_INTERVAL		1000 /* ms */
 
-void udp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events,
+void udp_sock_handler(const struct ctx *c, union epoll_ref ref, uint32_t events,
-		      struct timespec *now);
+		      const struct timespec *now);
-int udp_tap_handler(struct ctx *c, int af, void *addr, struct pool *p,
+int udp_tap_handler(struct ctx *c, int af, const void *addr,
-		    struct timespec *now);
+		    const struct pool *p, const struct timespec *now);
-int udp_sock_init(struct ctx *c);
+int udp_sock_init(const struct ctx *c);
-void udp_timer(struct ctx *c, struct timespec *ts);
+void udp_timer(struct ctx *c, const struct timespec *ts);
-void udp_update_l2_buf(unsigned char *eth_d, unsigned char *eth_s,
+void udp_update_l2_buf(const unsigned char *eth_d, const unsigned char *eth_s,
 		       const uint32_t *ip_da);
 void udp_remap_to_tap(in_port_t port, in_port_t delta);
 void udp_remap_to_init(in_port_t port, in_port_t delta);

util.c

@@ -172,7 +172,7 @@ void passt_vsyslog(int pri, const char *format, va_list ap)
  *
  * Return: pointer to L4 header, NULL if not found
  */
-char *ipv6_l4hdr(struct pool *p, int index, size_t offset, uint8_t *proto,
+char *ipv6_l4hdr(const struct pool *p, int index, size_t offset, uint8_t *proto,
 		 size_t *dlen)
 {
 	struct ipv6_opt_hdr *o;
@@ -223,7 +223,7 @@ found:
  *
  * Return: newly created socket, -1 on error
  */
-int sock_l4(struct ctx *c, int af, uint8_t proto, uint16_t port,
+int sock_l4(const struct ctx *c, int af, uint8_t proto, uint16_t port,
 	    enum bind_type bind_addr, uint32_t data)
 {
 	union epoll_ref ref = { .r.proto = proto, .r.p.data = data };
@@ -357,7 +357,7 @@ void sock_probe_mem(struct ctx *c)
  *
  * Return: difference in milliseconds
  */
-int timespec_diff_ms(struct timespec *a, struct timespec *b)
+int timespec_diff_ms(const struct timespec *a, const struct timespec *b)
 {
 	if (a->tv_nsec < b->tv_nsec) {
 		return (b->tv_nsec - a->tv_nsec) / 1000000 +
@@ -540,7 +540,7 @@ void drop_caps(void)
  *
  * #syscalls:pasta setns
  */
-int ns_enter(struct ctx *c)
+int ns_enter(const struct ctx *c)
 {
 	if (!c->netns_only &&
 	    c->pasta_userns_fd != -1 &&

util.h

@@ -199,12 +199,12 @@ __attribute__ ((weak)) int ffsl(long int i) { return __builtin_ffsl(i); }
 void __openlog(const char *ident, int option, int facility);
 void passt_vsyslog(int pri, const char *format, va_list ap);
 void __setlogmask(int mask);
-char *ipv6_l4hdr(struct pool *p, int index, size_t offset, uint8_t *proto,
+char *ipv6_l4hdr(const struct pool *p, int index, size_t offset, uint8_t *proto,
 		 size_t *dlen);
-int sock_l4(struct ctx *c, int af, uint8_t proto, uint16_t port,
+int sock_l4(const struct ctx *c, int af, uint8_t proto, uint16_t port,
 	    enum bind_type bind_addr, uint32_t data);
 void sock_probe_mem(struct ctx *c);
-int timespec_diff_ms(struct timespec *a, struct timespec *b);
+int timespec_diff_ms(const struct timespec *a, const struct timespec *b);
 void bitmap_set(uint8_t *map, int bit);
 void bitmap_clear(uint8_t *map, int bit);
 int bitmap_isset(const uint8_t *map, int bit);
@@ -212,7 +212,7 @@ char *line_read(char *buf, size_t len, int fd);
 void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns,
 			uint8_t *map, uint8_t *exclude);
 void drop_caps(void);
-int ns_enter(struct ctx *c);
+int ns_enter(const struct ctx *c);
 void write_pidfile(int fd, pid_t pid);
 int __daemon(int pidfile_fd, int devnull_fd);
 int fls(unsigned long x);