Improve const correctness in coturn (#1424)

Marking variables as const when they won't be modified after
initialization helps programmers trying to understand a codebase to
manage the cognative load.

This pull request uses a clang-tidy fixit (Hard to automate, since the
code needs to be temporarily compiled as C++ for it to work) to try to
mechanically apply the const keyword to code where the automated tool
can determine that the variable won't be modified.

I then follow this up with a manual improvement pass to
turnutils_uclient, where I address const correctness of local variables,
as well as do some adjustments to loops and scoping to help with
reducing complexity.

Co-authored-by: redraincatching <[email protected]>
Co-authored-by: Pavel Punsky <[email protected]>

.clang-format

@@ -130,9 +130,10 @@ Standard:        Latest
 StatementMacros:
   - Q_UNUSED
   - QT_REQUIRE_VERSION
-TabWidth:        8
-UseCRLF:         false
-UseTab:          Never
-InsertBraces:    true
+TabWidth:           8
+UseCRLF:            false
+UseTab:             Never
+InsertBraces:       true
+QualifierAlignment: Left
 ...
 

.clang-tidy

@@ -17,6 +17,7 @@ Checks: 'clang-diagnostic-*,
 	,-readability-magic-numbers,
 	,-readability-function-cognitive-complexity,
 	,-readability-uppercase-literal-suffix,
+	,-readability-suspicious-call-argument,
 	,modernize-*,
 	,-modernize-use-auto,
 	,-modernize-avoid-c-arrays,

src/apps/common/apputils.c

@@ -198,13 +198,13 @@ int socket_set_reusable(evutil_socket_t fd, int flag, SOCKET_TYPE st) {
 #if defined(WINDOWS)
     int use_reuseaddr = IS_TURN_SERVER;
 #else
-    int use_reuseaddr = 1;
+    const int use_reuseaddr = 1;
 #endif
 
 #if defined(SO_REUSEADDR)
     if (use_reuseaddr) {
       int on = flag;
-      int ret = setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (const void *)&on, (socklen_t)sizeof(on));
+      const int ret = setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (const void *)&on, (socklen_t)sizeof(on));
       if (ret < 0) {
         perror("SO_REUSEADDR");
       }
@@ -318,7 +318,7 @@ int addr_bind(evutil_socket_t fd, const ioa_addr *addr, int reusable, int debug,
     }
     if (ret < 0) {
       if (debug) {
-        int err = socket_errno();
+        const int err = socket_errno();
         perror("bind");
         char str[129];
         addr_to_string(addr, (uint8_t *)str);
@@ -670,7 +670,7 @@ int set_mtu_df(SSL *ssl, evutil_socket_t fd, int family, int mtu, int df_value,
     return 0;
   }
 
-  int ret = set_socket_df(fd, family, df_value);
+  const int ret = set_socket_df(fd, family, df_value);
 
   if (!mtu) {
     mtu = SOSO_MTU;
@@ -1094,7 +1094,7 @@ void print_abs_file_name(const char *msg1, const char *msg2, const char *fn) {
         if (!getcwd(absfn, sizeof(absfn) - 1)) {
           absfn[0] = 0;
         }
-        size_t blen = strlen(absfn);
+        const size_t blen = strlen(absfn);
         if (blen < sizeof(absfn) - 1) {
           strncpy(absfn + blen, "/", sizeof(absfn) - blen);
           strncpy(absfn + blen + 1, fn, sizeof(absfn) - blen - 1);
@@ -1122,10 +1122,10 @@ char *find_config_file(const char *config_file) {
       }
     } else {
       int i = 0;
-      size_t cflen = strlen(config_file);
+      const size_t cflen = strlen(config_file);
 
       while (config_file_search_dirs[i]) {
-        size_t dirlen = strlen(config_file_search_dirs[i]);
+        const size_t dirlen = strlen(config_file_search_dirs[i]);
         size_t fnsz = sizeof(char) * (dirlen + cflen + 10);
         char *fn = (char *)malloc(fnsz + 1);
         strncpy(fn, config_file_search_dirs[i], fnsz);
@@ -1139,7 +1139,7 @@ char *find_config_file(const char *config_file) {
         }
         free(fn);
         if (config_file_search_dirs[i][0] != '/' && config_file_search_dirs[i][0] != '.' && c_execdir && c_execdir[0]) {
-          size_t celen = strlen(c_execdir);
+          const size_t celen = strlen(c_execdir);
           fnsz = sizeof(char) * (dirlen + cflen + celen + 10);
           fn = (char *)malloc(fnsz + 1);
           strncpy(fn, c_execdir, fnsz);
@@ -1198,8 +1198,8 @@ static uint64_t turn_getRandTime(void) {
 #else
   tp.tv_sec = time(NULL);
 #endif
-  uint64_t current_time = (uint64_t)(tp.tv_sec);
-  uint64_t current_mstime = (uint64_t)(current_time + (tp.tv_nsec));
+  const uint64_t current_time = (uint64_t)(tp.tv_sec);
+  const uint64_t current_mstime = (uint64_t)(current_time + (tp.tv_nsec));
 
   return current_mstime;
 }
@@ -1311,11 +1311,11 @@ char *base64_encode(const unsigned char *data, size_t input_length, size_t *outp
 
   for (size_t i = 0, j = 0; i < input_length;) {
 
-    uint32_t octet_a = i < input_length ? data[i++] : 0;
-    uint32_t octet_b = i < input_length ? data[i++] : 0;
-    uint32_t octet_c = i < input_length ? data[i++] : 0;
+    const uint32_t octet_a = i < input_length ? data[i++] : 0;
+    const uint32_t octet_b = i < input_length ? data[i++] : 0;
+    const uint32_t octet_c = i < input_length ? data[i++] : 0;
 
-    uint32_t triple = (octet_a << 0x10) + (octet_b << 0x08) + octet_c;
+    const uint32_t triple = (octet_a << 0x10) + (octet_b << 0x08) + octet_c;
 
     encoded_data[j++] = encoding_table[(triple >> 3 * 6) & 0x3F];
     encoded_data[j++] = encoding_table[(triple >> 2 * 6) & 0x3F];
@@ -1369,12 +1369,12 @@ unsigned char *base64_decode(const char *data, size_t input_length, size_t *outp
   size_t j;
   for (i = 0, j = 0; i < (int)input_length;) {
 
-    uint32_t sextet_a = data[i] == '=' ? 0 & i++ : decoding_table[(int)data[i++]];
-    uint32_t sextet_b = data[i] == '=' ? 0 & i++ : decoding_table[(int)data[i++]];
-    uint32_t sextet_c = data[i] == '=' ? 0 & i++ : decoding_table[(int)data[i++]];
-    uint32_t sextet_d = data[i] == '=' ? 0 & i++ : decoding_table[(int)data[i++]];
+    const uint32_t sextet_a = data[i] == '=' ? 0 & i++ : decoding_table[(int)data[i++]];
+    const uint32_t sextet_b = data[i] == '=' ? 0 & i++ : decoding_table[(int)data[i++]];
+    const uint32_t sextet_c = data[i] == '=' ? 0 & i++ : decoding_table[(int)data[i++]];
+    const uint32_t sextet_d = data[i] == '=' ? 0 & i++ : decoding_table[(int)data[i++]];
 
-    uint32_t triple = (sextet_a << 3 * 6) + (sextet_b << 2 * 6) + (sextet_c << 1 * 6) + (sextet_d << 0 * 6);
+    const uint32_t triple = (sextet_a << 3 * 6) + (sextet_b << 2 * 6) + (sextet_c << 1 * 6) + (sextet_d << 0 * 6);
 
     if (j < *output_length) {
       decoded_data[j++] = (triple >> 2 * 8) & 0xFF;

src/apps/common/ns_turn_utils.c

@@ -216,7 +216,7 @@ void set_syslog_facility(char *val) {
     return;
   }
 #if defined(__unix__) || defined(unix) || defined(__APPLE__)
-  int tmp = str_to_syslog_facility(val);
+  const int tmp = str_to_syslog_facility(val);
   if (tmp == -1) {
     TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: invalid syslog-facility value (%s); ignored.\n", val);
     return;
@@ -578,7 +578,7 @@ void turn_log_func_default(const char *const file, const int line, const TURN_LO
   char s[MAX_RTPPRINTF_BUFFER_SIZE + 1];
   size_t so_far = 0;
   if (use_new_log_timestamp_format) {
-    time_t now = time(NULL);
+    const time_t now = time(NULL);
     so_far += strftime(s, sizeof(s), turn_log_timestamp_format, localtime(&now));
   } else {
     so_far += snprintf(s, sizeof(s), "%lu: ", (unsigned long)log_time());
@@ -721,7 +721,7 @@ int get_canonic_origin(const char *o, char *co, int sz) {
     if (uri) {
       const char *scheme = evhttp_uri_get_scheme(uri);
       if (scheme && scheme[0]) {
-        size_t schlen = strlen(scheme);
+        const size_t schlen = strlen(scheme);
         if ((schlen < (size_t)sz) && (schlen < STUN_MAX_ORIGIN_SIZE)) {
           const char *host = evhttp_uri_get_host(uri);
           if (host && host[0]) {

src/apps/common/stun_buffer.c

@@ -152,7 +152,7 @@ bool stun_is_channel_message(stun_buffer *buf, uint16_t *chnumber, bool is_paddi
     return false;
   }
   size_t blen = buf->len;
-  bool ret = stun_is_channel_message_str(buf->buf, &blen, chnumber, is_padding_mandatory);
+  const bool ret = stun_is_channel_message_str(buf->buf, &blen, chnumber, is_padding_mandatory);
   if (ret) {
     buf->len = blen;
   }

src/apps/natdiscovery/natdiscovery.c

@@ -62,7 +62,7 @@ static int counter = 0;
 #ifdef __cplusplus
 
 static int init_socket(int *socketfd, ioa_addr *local_addr, int local_port, ioa_addr *remote_addr) {
-  int ret = 0;
+  const int ret = 0;
 
   if (local_port >= 0) {
     addr_set_port(local_addr, local_port);
@@ -84,7 +84,7 @@ static int init_socket(int *socketfd, ioa_addr *local_addr, int local_port, ioa_
 
 static int stunclient_send(int sockfd, ioa_addr *local_addr, int *local_port, ioa_addr *remote_addr, bool change_ip,
                            bool change_port, int padding, int response_port) {
-  int ret = 0;
+  const int ret = 0;
 
   turn::StunMsgRequest req(STUN_METHOD_BINDING);
 
@@ -141,8 +141,8 @@ static int stunclient_send(int sockfd, ioa_addr *local_addr, int *local_port, io
   }
 
   {
-    int len = 0;
-    int slen = get_ioa_addr_len(remote_addr);
+    const int len = 0;
+    const int slen = get_ioa_addr_len(remote_addr);
 
     do {
       len = sendto(sockfd, req.getRawBuffer(), req.getSize(), 0, (struct sockaddr *)remote_addr, (socklen_t)slen);
@@ -234,7 +234,7 @@ static int stunclient_receive(int sockfd, ioa_addr *local_addr, ioa_addr *reflex
                 addr1.getAddr(*other_addr);
                 turn::StunAttrIterator iter3(res, STUN_ATTRIBUTE_RESPONSE_ORIGIN);
                 if (!iter3.eof()) {
-                  ioa_addr response_origin;
+                  const ioa_addr response_origin;
                   turn::StunAttrAddr addr3(iter3);
                   addr3.getAddr(response_origin);
                   addr_debug_print(1, &response_origin, "Response origin: ");

src/apps/oauth/oauth.c

@@ -86,7 +86,7 @@ static int setup_ikm_key(const char *kid, const char *ikm_key, const turn_time_t
   }
 
   char err_msg[1025] = "\0";
-  size_t err_msg_size = sizeof(err_msg) - 1;
+  const size_t err_msg_size = sizeof(err_msg) - 1;
 
   if (!convert_oauth_key_data(&okd, key, err_msg, err_msg_size)) {
     fprintf(stderr, "%s\n", err_msg);
@@ -165,8 +165,8 @@ static void print_token_body(oauth_token *dot) {
   printf("{\n");
   printf("    mac key: %s\n", (char *)dot->enc_block.mac_key);
   printf("    mac key length: %d\n", (int)dot->enc_block.key_length);
-  time_t time = dot->enc_block.timestamp >> 16;
-  unsigned msec = (dot->enc_block.timestamp & 0xFFFF) * 64;
+  const time_t time = dot->enc_block.timestamp >> 16;
+  const unsigned msec = (dot->enc_block.timestamp & 0xFFFF) * 64;
   printf("    timestamp:\n");
   printf("        unixtime: %u (localtime: %s )", (unsigned int)time, ctime(&time));
   printf("        msec:%u\n", msec);
@@ -212,7 +212,7 @@ int main(int argc, char **argv) {
 
   char mac_key[OAUTH_MAC_KEY_SIZE + 1] = "";
 
-  time_t current_time = time(NULL);
+  const time_t current_time = time(NULL);
   struct tm *gmt = gmtime(&current_time);
   uint64_t token_timestamp = (unsigned long long)mktime(gmt) << 16;
   uint32_t token_lifetime = OAUTH_TOKEN_LIFETIME;

src/apps/peer/udpserver.c

@@ -69,7 +69,7 @@ static void udp_server_input_handler(evutil_socket_t fd, short what, void *arg)
 ///////////////////// operations //////////////////////////
 
 static int udp_create_server_socket(server_type *const server, const char *const ifname,
-                                    const char *const local_address, int const port) {
+                                    const char *const local_address, const int port) {
 
   if (!server) {
     return -1;

src/apps/relay/dbdrivers/dbd_sqlite.c

@@ -59,14 +59,14 @@ static int read_threads = 0;
 static int write_level = 0;
 #if defined(WINDOWS)
 static pthread_t write_thread = {0};
-static pthread_t const null_thread = {0};
+static const pthread_t null_thread = {0};
 #else
 static pthread_t write_thread = 0;
-static pthread_t const null_thread = 0;
+static const pthread_t null_thread = 0;
 #endif
 
-static void sqlite_lock(bool const write) {
-  pthread_t const pths = pthread_self();
+static void sqlite_lock(const bool write) {
+  const pthread_t pths = pthread_self();
 
   bool can_move = false;
   while (!can_move) {
@@ -88,7 +88,7 @@ static void sqlite_lock(bool const write) {
   }
 }
 
-static void sqlite_unlock(bool const write) {
+static void sqlite_unlock(const bool write) {
   pthread_mutex_lock(&rc_mutex);
   if (write) {
     if (--write_level == 0) {
@@ -145,8 +145,8 @@ static void fix_user_directory(char *dir0) {
         }
       }
     }
-    size_t szh = strlen(home);
-    size_t sz = strlen(dir0) + 1 + szh;
+    const size_t szh = strlen(home);
+    const size_t sz = strlen(dir0) + 1 + szh;
     char *dir_fixed = (char *)malloc(sz);
     strncpy(dir_fixed, home, szh);
     strncpy(dir_fixed + szh, dir + 1, (sz - szh - 1));
@@ -195,7 +195,7 @@ static sqlite3 *get_sqlite_connection(void) {
 
   fix_user_directory(pud->userdb);
   (void)pthread_once(&sqlite_init_once, sqlite_init_multithreaded);
-  int const rc = sqlite3_open(pud->userdb, &sqliteconnection);
+  const int rc = sqlite3_open(pud->userdb, &sqliteconnection);
   if ((sqliteconnection == NULL) || (rc != SQLITE_OK)) {
     const char *errmsg = sqlite3_errmsg(sqliteconnection);
     TURN_LOG_FUNC(
@@ -287,8 +287,8 @@ static int sqlite_get_user_key(uint8_t *usname, uint8_t *realm, hmackey_t key) {
 
     // TODO: Error if more than one result.
     if (sqlite3_step(st) == SQLITE_ROW) {
-      char const *const kval = (const char *)sqlite3_column_text(st, 0);
-      size_t const sz = get_hmackey_size(SHATYPE_DEFAULT);
+      const char *const kval = (const char *)sqlite3_column_text(st, 0);
+      const size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
       convert_string_key_to_binary(kval, key, sz);
       ret = 0;
     }
@@ -1117,7 +1117,7 @@ static void sqlite_reread_realms(secrets_list_t *realms_list) {
 
   {
     lock_realms();
-    size_t const rlsz = realms_list->sz;
+    const size_t rlsz = realms_list->sz;
     unlock_realms();
 
     for (size_t i = 0; i < rlsz; ++i) {

src/apps/relay/dbdrivers/dbdriver.c

@@ -49,7 +49,7 @@ static void make_connection_key(void) { (void)pthread_key_create(&connection_key
 pthread_key_t connection_key;
 pthread_once_t connection_key_once = PTHREAD_ONCE_INIT;
 
-void convert_string_key_to_binary(char const *keysource, hmackey_t key, size_t sz) {
+void convert_string_key_to_binary(const char *keysource, hmackey_t key, size_t sz) {
   char is[3];
   size_t i;
   unsigned int v;
@@ -129,7 +129,7 @@ char *sanitize_userdb_string(char *udb) {
       pstart += strlen("postgresql://");
       pend = strstr(pstart, "@");
       if (pend != NULL) {
-        size_t plen = pend - pstart;
+        const size_t plen = pend - pstart;
         memset(pstart, '*', plen);
       }
     }

src/apps/relay/dbdrivers/dbdriver.h

@@ -83,7 +83,7 @@ typedef struct _turn_dbdriver_t {
 
 /////////// USER DB CHECK //////////////////
 
-void convert_string_key_to_binary(char const *keysource, hmackey_t key, size_t sz);
+void convert_string_key_to_binary(const char *keysource, hmackey_t key, size_t sz);
 persistent_users_db_t *get_persistent_users_db(void);
 const turn_dbdriver_t *get_dbdriver(void);
 char *sanitize_userdb_string(char *udb);

src/apps/relay/dtls_listener.c

@@ -135,8 +135,8 @@ int get_dtls_version(const unsigned char *buf, int len) {
 #if DTLS_SUPPORTED
 
 static void calculate_cookie(SSL *ssl, unsigned char *cookie_secret, unsigned int cookie_length) {
-  long rv = (long)ssl;
-  long inum = (cookie_length - (((long)cookie_secret) % sizeof(long))) / sizeof(long);
+  const long rv = (long)ssl;
+  const long inum = (cookie_length - (((long)cookie_secret) % sizeof(long))) / sizeof(long);
   long i = 0;
   long *ip = (long *)cookie_secret;
   for (i = 0; i < inum; ++i, ++ip) {
@@ -233,7 +233,7 @@ static ioa_socket_handle dtls_accept_client_connection(dtls_listener_relay_serve
     return NULL;
   }
 
-  int rc = ssl_read(sock->fd, ssl, nbh, server->verbose);
+  const int rc = ssl_read(sock->fd, ssl, nbh, server->verbose);
 
   if (rc < 0) {
     return NULL;
@@ -309,7 +309,7 @@ static ioa_socket_handle dtls_server_input_handler(dtls_listener_relay_server_ty
 
 static int handle_udp_packet(dtls_listener_relay_server_type *server, struct message_to_relay *sm,
                              ioa_engine_handle ioa_eng, turn_turnserver *ts) {
-  int verbose = ioa_eng->verbose;
+  const int verbose = ioa_eng->verbose;
   ioa_socket_handle s = sm->m.sm.s;
 
   ur_addr_map_value_type mvt = 0;
@@ -328,7 +328,7 @@ static int handle_udp_packet(dtls_listener_relay_server_type *server, struct mes
     s = chs;
     sm->m.sm.s = s;
     if (s->ssl) {
-      int sslret = ssl_read(s->fd, s->ssl, sm->m.sm.nd.nbh, verbose);
+      const int sslret = ssl_read(s->fd, s->ssl, sm->m.sm.nd.nbh, verbose);
       if (sslret < 0) {
         ioa_network_buffer_delete(ioa_eng, sm->m.sm.nd.nbh);
         sm->m.sm.nd.nbh = NULL;
@@ -556,7 +556,7 @@ static int create_new_connected_udp_socket(dtls_listener_relay_server_type *serv
     );
 
     SSL_set_max_cert_list(connecting_ssl, 655350);
-    int rc = ssl_read(ret->fd, connecting_ssl, server->sm.m.sm.nd.nbh, server->verbose);
+    const int rc = ssl_read(ret->fd, connecting_ssl, server->sm.m.sm.nd.nbh, server->verbose);
 
     if (rc < 0) {
       if (!(SSL_get_shutdown(connecting_ssl) & SSL_SENT_SHUTDOWN)) {
@@ -621,7 +621,7 @@ start_udp_cycle:
   u_long iMode = 1;
   ioctlsocket(fd, FIONBIO, &iMode);
 #else
-  int flags = MSG_DONTWAIT;
+  const int flags = MSG_DONTWAIT;
 #endif
   bsize = udp_recvfrom(fd, &(server->sm.m.sm.nd.src_addr), &(server->addr), (char *)ioa_network_buffer_data(elem),
                        (int)ioa_network_buffer_get_capacity_udp(), &(server->sm.m.sm.nd.recv_ttl),
@@ -652,7 +652,7 @@ start_udp_cycle:
     ioctlsocket(fd, FIONBIO, &iMode);
 #else
     // Linux
-    int eflags = MSG_ERRQUEUE | MSG_DONTWAIT;
+    const int eflags = MSG_ERRQUEUE | MSG_DONTWAIT;
 #endif
     static char buffer[65535];
     uint32_t errcode = 0;
@@ -689,7 +689,7 @@ start_udp_cycle:
 
   if (bsize < 0) {
     if (!to_block && !conn_reset) {
-      int ern = socket_errno();
+      const int ern = socket_errno();
       perror(__FUNCTION__);
       TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: recvfrom error %d\n", __FUNCTION__, ern);
     }
@@ -829,7 +829,7 @@ static int reopen_server_socket(dtls_listener_relay_server_type *server, evutil_
       return create_server_socket(server, 1);
     }
 
-    ioa_socket_raw udp_listen_fd =
+    const ioa_socket_raw udp_listen_fd =
         socket(server->addr.ss.sa_family, CLIENT_DGRAM_SOCKET_TYPE, CLIENT_DGRAM_SOCKET_PROTOCOL);
     if (udp_listen_fd < 0) {
       perror("socket");

src/apps/relay/http_server.c

@@ -58,7 +58,7 @@ struct http_headers {
 
 static void write_http_echo(ioa_socket_handle s) {
   if (s && !ioa_socket_tobeclosed(s)) {
-    SOCKET_APP_TYPE sat = get_ioa_socket_app_type(s);
+    const SOCKET_APP_TYPE sat = get_ioa_socket_app_type(s);
     if ((sat == HTTP_CLIENT_SOCKET) || (sat == HTTPS_CLIENT_SOCKET)) {
       char content_http[1025];
       const char *const title = "TURN Server";
@@ -91,7 +91,7 @@ const char *get_http_date_header(void) {
   static const char *wds[] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"};
   static const char *mons[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
 
-  time_t now = time(NULL);
+  const time_t now = time(NULL);
   struct tm *gmtm = gmtime(&now);
 
   buffer_header[0] = 0;
@@ -351,7 +351,7 @@ struct str_buffer *str_buffer_new(void) {
 
 void str_buffer_append(struct str_buffer *sb, const char *str) {
   if (sb && str && str[0]) {
-    size_t len = strlen(str);
+    const size_t len = strlen(str);
     while (sb->sz + len + 1 > sb->capacity) {
       sb->capacity += len + 1024;
       sb->buffer = (char *)realloc(sb->buffer, sb->capacity);

src/apps/relay/mainrelay.c

@@ -1816,7 +1816,7 @@ unsigned char *base64decode(const void *b64_decode_this, int decode_this_many_by
 int decodedTextSize(char *input) {
   int i = 0;
   int result = 0, padding = 0;
-  int size = strlen(input);
+  const int size = strlen(input);
   for (i = 0; i < size; ++i) {
     if (input[i] == '=') {
       padding++;
@@ -1831,8 +1831,8 @@ void decrypt_aes_128(char *in, const unsigned char *mykey) {
   AES_KEY key;
   unsigned char outdata[256] = {0};
   AES_set_encrypt_key(mykey, 128, &key);
-  int newTotalSize = decodedTextSize(in);
-  int bytes_to_decode = strlen(in);
+  const int newTotalSize = decodedTextSize(in);
+  const int bytes_to_decode = strlen(in);
   unsigned char *encryptedText = base64decode(in, bytes_to_decode);
   char last[1024] = "";
   struct ctr_state state;
@@ -1929,7 +1929,7 @@ static void set_option(int c, char *value) {
     turn_params.no_tlsv1_2 = get_bool_value(value);
     break;
   case NE_TYPE_OPT: {
-    int ne = atoi(value);
+    const int ne = atoi(value);
     if ((ne < (int)NEV_MIN) || (ne > (int)NEV_MAX)) {
       TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "ERROR: wrong version of the network engine: %d\n", ne);
     }
@@ -2797,7 +2797,7 @@ static int adminmain(int argc, char **argv) {
     exit(-1);
   }
 
-  int result = adminuser(user, realm, pwd, secret, origin, ct, &po, is_admin);
+  const int result = adminuser(user, realm, pwd, secret, origin, ct, &po, is_admin);
 
   disconnect_database();
 
@@ -3090,7 +3090,7 @@ int main(int argc, char **argv) {
   read_config_file(argc, argv, 2);
 
   {
-    unsigned long mfn = set_system_parameters(1);
+    const unsigned long mfn = set_system_parameters(1);
 
     print_features(mfn);
   }
@@ -3226,7 +3226,7 @@ int main(int argc, char **argv) {
   if (!turn_params.listener.addrs_number) {
     TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED\n");
     TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "===========Discovering listener addresses: =========\n");
-    int maddrs = make_local_listeners_list();
+    const int maddrs = make_local_listeners_list();
     if ((maddrs < 1) || !turn_params.listener.addrs_number) {
       TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: Cannot configure any meaningful IP listener address\n", __FUNCTION__);
       fprintf(stderr, "\n%s\n", Usage);
@@ -3296,7 +3296,7 @@ int main(int argc, char **argv) {
 #else
   if (turn_params.turn_daemon) {
 #if !defined(TURN_HAS_DAEMON)
-    pid_t pid = fork();
+    const pid_t pid = fork();
     if (pid > 0) {
       exit(0);
     }
@@ -3542,15 +3542,15 @@ static int ServerALPNCallback(SSL *ssl, const unsigned char **out, unsigned char
   UNUSED_ARG(ssl);
   UNUSED_ARG(arg);
 
-  unsigned char sa_len = (unsigned char)strlen(STUN_ALPN);
-  unsigned char ta_len = (unsigned char)strlen(TURN_ALPN);
-  unsigned char ha_len = (unsigned char)strlen(HTTP_ALPN);
+  const unsigned char sa_len = (unsigned char)strlen(STUN_ALPN);
+  const unsigned char ta_len = (unsigned char)strlen(TURN_ALPN);
+  const unsigned char ha_len = (unsigned char)strlen(HTTP_ALPN);
 
   int found_http = 0;
 
   const unsigned char *ptr = in;
   while (ptr < (in + inlen)) {
-    unsigned char current_len = *ptr;
+    const unsigned char current_len = *ptr;
     if (ptr + 1 + current_len > in + inlen) {
       break;
     }

src/apps/relay/netengine.c

@@ -94,7 +94,7 @@ static void barrier_wait_func(const char *func, int line) {
   do {
     br = pthread_barrier_wait(&barrier);
     if ((br < 0) && (br != PTHREAD_BARRIER_SERIAL_THREAD)) {
-      int err = socket_errno();
+      const int err = socket_errno();
       perror("barrier wait");
       printf("%s:%s:%d: %d\n", __FUNCTION__, func, line, err);
     }
@@ -123,7 +123,7 @@ static band_limit_t allocate_bps(band_limit_t bps, int positive) {
         ret = bps;
         turn_params.bps_capacity_allocated += ret;
       } else if (turn_params.bps_capacity_allocated < turn_params.bps_capacity) {
-        band_limit_t reserve = turn_params.bps_capacity - turn_params.bps_capacity_allocated;
+        const band_limit_t reserve = turn_params.bps_capacity - turn_params.bps_capacity_allocated;
         if (reserve <= bps) {
           ret = reserve;
           turn_params.bps_capacity_allocated = turn_params.bps_capacity;
@@ -441,7 +441,7 @@ static int handle_relay_message(relay_server_handle rs, struct message_to_relay
 static struct relay_server *get_relay_server(turnserver_id id) {
   struct relay_server *rs = NULL;
   if (id >= TURNSERVER_ID_BOUNDARY_BETWEEN_TCP_AND_UDP) {
-    size_t dest = id - TURNSERVER_ID_BOUNDARY_BETWEEN_TCP_AND_UDP;
+    const size_t dest = id - TURNSERVER_ID_BOUNDARY_BETWEEN_TCP_AND_UDP;
     if (dest >= get_real_udp_relay_servers_number()) {
       TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: Too large UDP relay number: %d, total=%d\n", __FUNCTION__, (int)dest,
                     (int)get_real_udp_relay_servers_number());
@@ -452,7 +452,7 @@ static struct relay_server *get_relay_server(turnserver_id id) {
                     (int)get_real_udp_relay_servers_number());
     }
   } else {
-    size_t dest = id;
+    const size_t dest = id;
     if (dest >= get_real_general_relay_servers_number()) {
       TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: Too large general relay number: %d, total=%d\n", __FUNCTION__, (int)dest,
                     (int)get_real_general_relay_servers_number());
@@ -476,7 +476,7 @@ void send_auth_message_to_auth_server(struct auth_message *am) {
   } else if (auth_message_counter < 1) {
     auth_message_counter = 1;
   }
-  authserver_id sn = auth_message_counter++;
+  const authserver_id sn = auth_message_counter++;
   TURN_MUTEX_UNLOCK(&auth_message_counter_mutex);
 
   struct evbuffer *output = bufferevent_get_output(authserver[sn].out_buf);
@@ -530,7 +530,7 @@ static int send_socket_to_general_relay(ioa_engine_handle e, struct message_to_r
   struct relay_server *rdest = sm->relay_server;
 
   if (!rdest) {
-    size_t dest = (hash_int32(addr_get_port(&(sm->m.sm.nd.src_addr)))) % get_real_general_relay_servers_number();
+    const size_t dest = (hash_int32(addr_get_port(&(sm->m.sm.nd.src_addr)))) % get_real_general_relay_servers_number();
     rdest = general_relay_servers[dest];
   }
 
@@ -673,7 +673,7 @@ int send_session_cancellation_to_relay(turnsession_id sid) {
   memset(&sm, 0, sizeof(struct message_to_relay));
   sm.t = RMT_CANCEL_SESSION;
 
-  turnserver_id id = (turnserver_id)(sid / TURN_SESSION_ID_FACTOR);
+  const turnserver_id id = (turnserver_id)(sid / TURN_SESSION_ID_FACTOR);
 
   struct relay_server *rs = get_relay_server(id);
   if (!rs) {
@@ -887,7 +887,7 @@ static void listener_receive_message(struct bufferevent *bev, void *ptr) {
     int found = 0;
     for (i = 0; i < turn_params.listener.addrs_number; i++) {
       if (addr_eq_no_port(turn_params.listener.encaddrs[i], &mm.m.tc.origin)) {
-        int o_port = addr_get_port(&mm.m.tc.origin);
+        const int o_port = addr_get_port(&mm.m.tc.origin);
         if (turn_params.listener.addrs_number == turn_params.listener.services_number) {
           if (o_port == turn_params.listener_port) {
             if (turn_params.listener.udp_services && turn_params.listener.udp_services[i] &&
@@ -957,7 +957,7 @@ static ioa_engine_handle create_new_listener_engine(void) {
 }
 
 static void *run_udp_listener_thread(void *arg) {
-  static int always_true = 1;
+  static const int always_true = 1;
 
   ignore_sigpipe();
 
@@ -1138,14 +1138,14 @@ static void setup_socket_per_endpoint_udp_listener_servers(void) {
   /* Aux UDP servers */
   for (i = 0; i < turn_params.aux_servers_list.size; i++) {
 
-    size_t index = i;
+    const int index = i;
 
     if (!turn_params.no_udp || !turn_params.no_dtls) {
 
       ioa_addr addr;
       char saddr[129];
       addr_cpy(&addr, &turn_params.aux_servers_list.addrs[i]);
-      int port = (int)addr_get_port(&addr);
+      const int port = (int)addr_get_port(&addr);
       addr_to_string_no_port(&addr, (uint8_t *)saddr);
 
       turn_params.listener.aux_udp_services[index] = (dtls_listener_relay_server_type **)allocate_super_memory_engine(
@@ -1170,7 +1170,7 @@ static void setup_socket_per_endpoint_udp_listener_servers(void) {
   /* Main servers */
   for (i = 0; i < turn_params.listener.addrs_number; i++) {
 
-    int index = turn_params.rfc5780 ? i * 2 : i;
+    const int index = turn_params.rfc5780 ? i * 2 : i;
 
     /* UDP: */
     if (!turn_params.no_udp) {
@@ -1280,14 +1280,14 @@ static void setup_socket_per_thread_udp_listener_servers(void) {
   /* Aux UDP servers */
   for (i = 0; i < turn_params.aux_servers_list.size; i++) {
 
-    int index = i;
+    const int index = i;
 
     if (!turn_params.no_udp || !turn_params.no_dtls) {
 
       ioa_addr addr;
       char saddr[129];
       addr_cpy(&addr, &turn_params.aux_servers_list.addrs[i]);
-      int port = (int)addr_get_port(&addr);
+      const int port = (int)addr_get_port(&addr);
       addr_to_string_no_port(&addr, (uint8_t *)saddr);
 
       turn_params.listener.aux_udp_services[index] = (dtls_listener_relay_server_type **)allocate_super_memory_engine(
@@ -1305,7 +1305,7 @@ static void setup_socket_per_thread_udp_listener_servers(void) {
   /* Main servers */
   for (i = 0; i < turn_params.listener.addrs_number; i++) {
 
-    int index = turn_params.rfc5780 ? i * 2 : i;
+    const int index = turn_params.rfc5780 ? i * 2 : i;
 
     /* UDP: */
     if (!turn_params.no_udp) {
@@ -1382,14 +1382,14 @@ static void setup_socket_per_session_udp_listener_servers(void) {
   /* Aux UDP servers */
   for (i = 0; i < turn_params.aux_servers_list.size; i++) {
 
-    int index = i;
+    const int index = i;
 
     if (!turn_params.no_udp || !turn_params.no_dtls) {
 
       ioa_addr addr;
       char saddr[129];
       addr_cpy(&addr, &turn_params.aux_servers_list.addrs[i]);
-      int port = (int)addr_get_port(&addr);
+      const int port = (int)addr_get_port(&addr);
       addr_to_string_no_port(&addr, (uint8_t *)saddr);
 
       turn_params.listener.aux_udp_services[index] = (dtls_listener_relay_server_type **)allocate_super_memory_engine(
@@ -1404,7 +1404,7 @@ static void setup_socket_per_session_udp_listener_servers(void) {
   /* Main servers */
   for (i = 0; i < turn_params.listener.addrs_number; i++) {
 
-    int index = turn_params.rfc5780 ? i * 2 : i;
+    const int index = turn_params.rfc5780 ? i * 2 : i;
 
     /* UDP: */
     if (!turn_params.no_udp) {
@@ -1480,7 +1480,7 @@ static void setup_tcp_listener_servers(ioa_engine_handle e, struct relay_server
       ioa_addr addr;
       char saddr[129];
       addr_cpy(&addr, &turn_params.aux_servers_list.addrs[i]);
-      int port = (int)addr_get_port(&addr);
+      const int port = (int)addr_get_port(&addr);
       addr_to_string_no_port(&addr, (uint8_t *)saddr);
 
       aux_tcp_services[i] = create_tls_listener_server(turn_params.listener_ifname, saddr, port, turn_params.verbose, e,
@@ -1491,7 +1491,7 @@ static void setup_tcp_listener_servers(ioa_engine_handle e, struct relay_server
   /* Main servers */
   for (i = 0; i < turn_params.listener.addrs_number; i++) {
 
-    int index = turn_params.rfc5780 ? i * 2 : i;
+    const int index = turn_params.rfc5780 ? i * 2 : i;
 
     /* TCP: */
     if (!turn_params.no_tcp) {
@@ -1538,7 +1538,7 @@ static int get_alt_addr(ioa_addr *addr, ioa_addr *alt_addr) {
     size_t index = 0xffff;
     size_t i = 0;
     int alt_port = -1;
-    int port = addr_get_port(addr);
+    const int port = addr_get_port(addr);
 
     if (port == turn_params.listener_port) {
       alt_port = get_alt_listener_port();
@@ -1562,7 +1562,7 @@ static int get_alt_addr(ioa_addr *addr, ioa_addr *alt_addr) {
     }
     if (index != 0xffff) {
       for (i = 0; i < turn_params.listener.addrs_number; i++) {
-        size_t ind = (index + i + 1) % turn_params.listener.addrs_number;
+        const size_t ind = (index + i + 1) % turn_params.listener.addrs_number;
         if (turn_params.listener.encaddrs && turn_params.listener.encaddrs[ind]) {
           ioa_addr *caddr = turn_params.listener.encaddrs[ind];
           if (caddr->ss.sa_family == addr->ss.sa_family) {
@@ -1684,14 +1684,14 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int
 }
 
 static void *run_general_relay_thread(void *arg) {
-  static int always_true = 1;
+  static const int always_true = 1;
   struct relay_server *rs = (struct relay_server *)arg;
 
-  int udp_reuses_the_same_relay_server = (turn_params.general_relay_servers_number <= 1) ||
-                                         (turn_params.net_engine_version == NEV_UDP_SOCKET_PER_THREAD) ||
-                                         (turn_params.net_engine_version == NEV_UDP_SOCKET_PER_SESSION);
+  const int udp_reuses_the_same_relay_server = (turn_params.general_relay_servers_number <= 1) ||
+                                               (turn_params.net_engine_version == NEV_UDP_SOCKET_PER_THREAD) ||
+                                               (turn_params.net_engine_version == NEV_UDP_SOCKET_PER_SESSION);
 
-  int we_need_rfc5780 = udp_reuses_the_same_relay_server && turn_params.rfc5780;
+  const int we_need_rfc5780 = udp_reuses_the_same_relay_server && turn_params.rfc5780;
 
   ignore_sigpipe();
 
@@ -1742,7 +1742,7 @@ static void *run_auth_server_thread(void *arg) {
 
   struct auth_server *as = (struct auth_server *)arg;
 
-  authserver_id id = as->id;
+  const authserver_id id = as->id;
 
   if (id == 0) {
 
@@ -1884,7 +1884,7 @@ void setup_server(void) {
   }
 
   {
-    int tot = get_real_general_relay_servers_number();
+    const int tot = get_real_general_relay_servers_number();
     if (tot) {
       int i;
       for (i = 0; i < tot; i++) {

src/apps/relay/ns_ioalib_engine_impl.c

@@ -143,8 +143,8 @@ static int is_socket_writeable(ioa_socket_handle s, size_t sz, const char *msg,
         struct evbuffer *evb = bufferevent_get_output(s->bev);
 
         if (evb) {
-          size_t bufsz = evbuffer_get_length(evb);
-          size_t newsz = bufsz + sz;
+          const size_t bufsz = evbuffer_get_length(evb);
+          const size_t newsz = bufsz + sz;
 
           switch (s->sat) {
           case TCP_CLIENT_DATA_SOCKET:
@@ -641,9 +641,9 @@ int ioa_socket_check_bandwidth(ioa_socket_handle s, ioa_network_buffer_handle nb
   if (s && (s->e) && nbh && ((s->sat == CLIENT_SOCKET) || (s->sat == RELAY_SOCKET) || (s->sat == RELAY_RTCP_SOCKET)) &&
       (s->session)) {
 
-    size_t sz = ioa_network_buffer_get_size(nbh);
+    const size_t sz = ioa_network_buffer_get_size(nbh);
 
-    band_limit_t max_bps = s->session->bps;
+    const band_limit_t max_bps = s->session->bps;
 
     if (max_bps < 1) {
       return 1;
@@ -654,14 +654,14 @@ int ioa_socket_check_bandwidth(ioa_socket_handle s, ioa_network_buffer_handle nb
     if (s->sat == CLIENT_SOCKET) {
       uint8_t *buf = ioa_network_buffer_data(nbh);
       if (stun_is_command_message_str(buf, sz)) {
-        uint16_t method = stun_get_method_str(buf, sz);
+        const uint16_t method = stun_get_method_str(buf, sz);
         if ((method != STUN_METHOD_SEND) && (method != STUN_METHOD_DATA)) {
           traffic = &(s->control_traffic);
         }
       }
     }
 
-    band_limit_t bsz = (band_limit_t)sz;
+    const band_limit_t bsz = (band_limit_t)sz;
 
     if (s->jiffie != s->e->jiffie) {
 
@@ -730,7 +730,7 @@ static int set_socket_ttl(ioa_socket_handle s, int ttl) {
   }
 
   if (s->current_ttl != ttl) {
-    int ret = set_raw_socket_ttl(s->fd, s->family, ttl);
+    const int ret = set_raw_socket_ttl(s->fd, s->family, ttl);
     s->current_ttl = ttl;
     return ret;
   }
@@ -750,7 +750,7 @@ static int set_socket_tos(ioa_socket_handle s, int tos) {
   CORRECT_RAW_TOS(tos);
 
   if (s->current_tos != tos) {
-    int ret = set_raw_socket_tos(s->fd, s->family, tos);
+    const int ret = set_raw_socket_tos(s->fd, s->family, tos);
     s->current_tos = tos;
     return ret;
   }
@@ -946,7 +946,7 @@ static int bind_ioa_socket(ioa_socket_handle s, const ioa_addr *local_addr, int
 
   if (s && s->fd >= 0 && s->e && local_addr) {
 
-    int res = addr_bind(s->fd, local_addr, reusable, 1, s->st);
+    const int res = addr_bind(s->fd, local_addr, reusable, 1, s->st);
     if (res >= 0) {
       s->bound = 1;
       addr_cpy(&(s->local_addr), local_addr);
@@ -1793,15 +1793,15 @@ int ssl_read(evutil_socket_t fd, SSL *ssl, ioa_network_buffer_handle nbh, int ve
   }
 
   char *buffer = (char *)ioa_network_buffer_data(nbh);
-  int buf_size = (int)ioa_network_buffer_get_capacity_udp();
-  int read_len = (int)ioa_network_buffer_get_size(nbh);
+  const int buf_size = (int)ioa_network_buffer_get_capacity_udp();
+  const int read_len = (int)ioa_network_buffer_get_size(nbh);
 
   if (read_len < 1) {
     return -1;
   }
 
   char *new_buffer = buffer + buf_size;
-  int old_buffer_len = read_len;
+  const int old_buffer_len = read_len;
 
   int len = 0;
 
@@ -1823,13 +1823,13 @@ int ssl_read(evutil_socket_t fd, SSL *ssl, ioa_network_buffer_handle nbh, int ve
   SSL_set0_rbio(ssl, rbio);
 #endif
 
-  int if1 = SSL_is_init_finished(ssl);
+  const int if1 = SSL_is_init_finished(ssl);
 
   do {
     len = SSL_read(ssl, new_buffer, buf_size);
   } while (len < 0 && socket_eintr());
 
-  int if2 = SSL_is_init_finished(ssl);
+  const int if2 = SSL_is_init_finished(ssl);
 
   if (eve(verbose)) {
     TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s: after read: %d\n", __FUNCTION__, len);
@@ -1883,7 +1883,7 @@ int ssl_read(evutil_socket_t fd, SSL *ssl, ioa_network_buffer_handle nbh, int ve
         ret = 0;
         break;
       case SSL_ERROR_SYSCALL: {
-        int err = socket_errno();
+        const int err = socket_errno();
         if (handle_socket_error()) {
           ret = 0;
         } else {
@@ -1937,7 +1937,7 @@ static int socket_readerr(evutil_socket_t fd, ioa_addr *orig_addr) {
   TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "The socket_readerr is not implement in _MSC_VER");
 #else
   uint8_t ecmsg[TURN_CMSG_SZ + 1];
-  int flags = MSG_ERRQUEUE;
+  const int flags = MSG_ERRQUEUE;
   int len = 0;
 
   struct msghdr msg;
@@ -1989,7 +1989,7 @@ int udp_recvfrom(evutil_socket_t fd, ioa_addr *orig_addr, const ioa_addr *like_a
     *errcode = 0;
   }
 
-  int slen = get_ioa_addr_len(like_addr);
+  const int slen = get_ioa_addr_len(like_addr);
   recv_ttl_t recv_ttl = TTL_DEFAULT;
   recv_tos_t recv_tos = TOS_DEFAULT;
 
@@ -2037,7 +2037,7 @@ try_again:
 
   if ((len < 0) && (!(flags & MSG_ERRQUEUE))) {
     // Linux
-    int eflags = MSG_ERRQUEUE | MSG_DONTWAIT;
+    const int eflags = MSG_ERRQUEUE | MSG_DONTWAIT;
     uint32_t errcode1 = 0;
     udp_recvfrom(fd, orig_addr, like_addr, buffer, buf_size, ttl, tos, ecmsg, eflags, &errcode1);
     // try again...
@@ -2053,8 +2053,8 @@ try_again:
 
     // Receive auxiliary data in msg
     for (cmsgh = CMSG_FIRSTHDR(&msg); cmsgh != NULL; cmsgh = CMSG_NXTHDR(&msg, cmsgh)) {
-      int l = cmsgh->cmsg_level;
-      int t = cmsgh->cmsg_type;
+      const int l = cmsgh->cmsg_level;
+      const int t = cmsgh->cmsg_type;
 
       switch (l) {
       case IPPROTO_IP:
@@ -2142,7 +2142,7 @@ static TURN_TLS_TYPE check_tentative_tls(ioa_socket_raw fd) {
 
   if (len > 0 && ((size_t)len == sizeof(s))) {
     if ((s[0] == 22) && (s[1] == 3) && (s[5] == 1) && (s[9] == 3)) {
-      char max_supported = (char)(TURN_TLS_TOTAL - 2);
+      const char max_supported = (char)(TURN_TLS_TOTAL - 2);
       if (s[10] > max_supported) {
         ret = TURN_TLS_v1_2; /* compatibility mode */
       } else {
@@ -2229,8 +2229,8 @@ static ssize_t socket_parse_proxy_v1(ioa_socket_handle s, uint8_t *buf, size_t l
 
   tlen++;
 
-  int sport_int = atoi(sport);
-  int dport_int = atoi(dport);
+  const int sport_int = atoi(sport);
+  const int dport_int = atoi(dport);
   if ((sport_int < 0) || (0xFFFF < sport_int)) {
     return -1;
   }
@@ -2283,18 +2283,18 @@ static ssize_t socket_parse_proxy_v2(ioa_socket_handle s, uint8_t *buf, size_t l
   }
 
   /* Check version */
-  uint8_t version = buf[12] >> 4;
+  const uint8_t version = buf[12] >> 4;
   if (version != 2) {
     return -1;
   }
 
   /* Read data */
-  uint8_t command = buf[12] & 0xF;
-  uint8_t family = buf[13] >> 4;
-  uint8_t proto = buf[13] & 0xF;
-  size_t plen = ((size_t)buf[14] << 8) | buf[15];
+  const uint8_t command = buf[12] & 0xF;
+  const uint8_t family = buf[13] >> 4;
+  const uint8_t proto = buf[13] & 0xF;
+  const size_t plen = ((size_t)buf[14] << 8) | buf[15];
 
-  size_t tlen = 16 + plen;
+  const size_t tlen = 16 + plen;
   if (len < tlen) {
     return 0;
   }
@@ -2421,7 +2421,7 @@ static int socket_input_worker(ioa_socket_handle s) {
   if (s->st == TENTATIVE_TCP_SOCKET) {
     EVENT_DEL(s->read_event);
 #if TLS_SUPPORTED
-    TURN_TLS_TYPE tls_type = check_tentative_tls(s->fd);
+    const TURN_TLS_TYPE tls_type = check_tentative_tls(s->fd);
     if (tls_type) {
       s->st = TLS_SOCKET;
       if (s->ssl) {
@@ -2460,7 +2460,7 @@ static int socket_input_worker(ioa_socket_handle s) {
   } else if (s->st == TENTATIVE_SCTP_SOCKET) {
     EVENT_DEL(s->read_event);
 #if TLS_SUPPORTED
-    TURN_TLS_TYPE tls_type = check_tentative_tls(s->fd);
+    const TURN_TLS_TYPE tls_type = check_tentative_tls(s->fd);
     if (tls_type) {
       s->st = TLS_SCTP_SOCKET;
       if (s->ssl) {
@@ -2521,7 +2521,7 @@ try_start:
         }
 
         if (s->st == TCP_SOCKET_PROXY) {
-          ssize_t tlen = socket_parse_proxy(s, buf_elem->buf.buf, blen);
+          const ssize_t tlen = socket_parse_proxy(s, buf_elem->buf.buf, blen);
           blen = 0;
           if (tlen < 0) {
             s->tobeclosed = 1;
@@ -2986,8 +2986,8 @@ static int ssl_send(ioa_socket_handle s, const char *buffer, int len, int verbos
     if (!wbio) {
       return -1;
     }
-    int fd = BIO_get_fd(wbio, 0);
-    int sfd = s->parent_s->fd;
+    const int fd = BIO_get_fd(wbio, 0);
+    const int sfd = s->parent_s->fd;
     if (sfd >= 0) {
       if (fd != sfd) {
         BIO_set_fd(wbio, sfd, BIO_NOCLOSE);
@@ -2998,7 +2998,7 @@ static int ssl_send(ioa_socket_handle s, const char *buffer, int len, int verbos
     if (!wbio) {
       return -1;
     }
-    int fd = BIO_get_fd(wbio, 0);
+    const int fd = BIO_get_fd(wbio, 0);
     if (fd != s->fd) {
       BIO_set_fd(wbio, s->fd, BIO_NOCLOSE);
     }
@@ -3055,14 +3055,14 @@ try_start:
     case SSL_ERROR_WANT_READ:
       return 0;
     case SSL_ERROR_SYSCALL: {
-      int err = socket_errno();
+      const int err = socket_errno();
       if (!handle_socket_error()) {
         if (s->st == DTLS_SOCKET) {
           if (is_connreset()) {
             if (try_again) {
               BIO *wbio = SSL_get_wbio(ssl);
               if (wbio) {
-                int fd = BIO_get_fd(wbio, 0);
+                const int fd = BIO_get_fd(wbio, 0);
                 if (fd >= 0) {
                   try_again = 0;
                   TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS Socket, tring to recover write operation...\n");
@@ -3104,8 +3104,8 @@ static int send_ssl_backlog_buffers(ioa_socket_handle s) {
   if (s) {
     stun_buffer_list_elem *buf_elem = s->bufs.head;
     while (buf_elem) {
-      int rc = ssl_send(s, (char *)buf_elem->buf.buf + buf_elem->buf.offset - buf_elem->buf.coffset,
-                        (size_t)buf_elem->buf.len, (s->e ? s->e->verbose : TURN_VERBOSE_NONE));
+      const int rc = ssl_send(s, (char *)buf_elem->buf.buf + buf_elem->buf.offset - buf_elem->buf.coffset,
+                              (size_t)buf_elem->buf.len, (s->e ? s->e->verbose : TURN_VERBOSE_NONE));
       if (rc < 1) {
         break;
       }
@@ -3157,7 +3157,7 @@ int udp_send(ioa_socket_handle s, const ioa_addr *dest_addr, const char *buffer,
 
     if (dest_addr) {
 
-      int slen = get_ioa_addr_len(dest_addr);
+      const int slen = get_ioa_addr_len(dest_addr);
 
       do {
         rc = sendto(fd, buffer, len, 0, (const struct sockaddr *)dest_addr, (socklen_t)slen);
@@ -3275,7 +3275,7 @@ int send_data_from_ioa_socket_nbh(ioa_socket_handle s, ioa_addr *dest_addr, ioa_
             if (ret < 0) {
               s->tobeclosed = 1;
 #if defined(EADDRNOTAVAIL)
-              int perr = socket_errno();
+              const int perr = socket_errno();
 #endif
               perror("udp send");
 #if defined(EADDRNOTAVAIL)
@@ -3921,7 +3921,7 @@ void *allocate_super_memory_region_func(super_memory_t *r, size_t size, const ch
     size_t *rsz = NULL;
     for (i = 0; i <= r->sm_chunk; ++i) {
 
-      size_t left = (size_t)r->sm_total_sz - r->sm_allocated[i];
+      const size_t left = (size_t)r->sm_total_sz - r->sm_allocated[i];
 
       if (left < size + sizeof(void *)) {
         continue;

src/apps/relay/tls_listener.c

@@ -109,7 +109,7 @@ static void server_input_handler(struct evconnlistener *l, evutil_socket_t fd, s
     server->sm.m.sm.can_resume = 1;
     server->sm.relay_server = server->relay_server;
 
-    int rc = server->connect_cb(server->e, &(server->sm));
+    const int rc = server->connect_cb(server->e, &(server->sm));
 
     if (rc < 0) {
       TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot create tcp or tls session\n");

src/apps/relay/turn_admin_server.c

@@ -586,7 +586,7 @@ static bool print_session(ur_map_key_type key, ur_map_value_type value, void *ar
 
 static void cancel_session(struct cli_session *cs, const char *ssid) {
   if (cs && cs->ts && ssid && *ssid) {
-    turnsession_id sid = strtoull(ssid, NULL, 10);
+    const turnsession_id sid = strtoull(ssid, NULL, 10);
     send_session_cancellation_to_relay(sid);
   }
 }
@@ -956,7 +956,7 @@ static int run_cli_input(struct cli_session *cs, const char *buf0, unsigned int
     size_t sl = strlen(cmd);
 
     while (sl) {
-      char c = cmd[sl - 1];
+      const char c = cmd[sl - 1];
       if ((c == 10) || (c == 13)) {
         cmd[sl - 1] = 0;
         --sl;
@@ -1112,7 +1112,7 @@ static void cli_socket_input_handler_bev(struct bufferevent *bev, void *arg) {
 
     if (cs->bev) {
 
-      int len = (int)bufferevent_read(cs->bev, buf.buf, STUN_BUFFER_SIZE - 1);
+      const int len = (int)bufferevent_read(cs->bev, buf.buf, STUN_BUFFER_SIZE - 1);
       if (len < 0) {
         close_cli_session(cs);
         return;
@@ -1214,13 +1214,13 @@ static void web_admin_input_handler(ioa_socket_handle s, int event_type, ioa_net
 
   int to_be_closed = 0;
 
-  int buffer_size = (int)ioa_network_buffer_get_size(in_buffer->nbh);
+  const int buffer_size = (int)ioa_network_buffer_get_size(in_buffer->nbh);
   if (buffer_size >= UDP_STUN_BUFFER_SIZE) {
     TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "%s: request is too big: %d\n", __FUNCTION__, buffer_size);
     to_be_closed = 1;
   } else if (buffer_size > 0) {
 
-    SOCKET_TYPE st = get_ioa_socket_type(s);
+    const SOCKET_TYPE st = get_ioa_socket_type(s);
 
     if (is_stream_socket(st)) {
       if (is_http((char *)ioa_network_buffer_data(in_buffer->nbh), buffer_size)) {
@@ -1635,7 +1635,7 @@ static void set_current_max_output_sessions(size_t value) {
 
 static void https_cancel_session(const char *ssid) {
   if (ssid && *ssid) {
-    turnsession_id sid = (turnsession_id)strtoull(ssid, NULL, 10);
+    const turnsession_id sid = (turnsession_id)strtoull(ssid, NULL, 10);
     send_session_cancellation_to_relay(sid);
   }
 }
@@ -1704,7 +1704,7 @@ static void write_https_logon_page(ioa_socket_handle s) {
     int we_have_admin_users = 0;
     const turn_dbdriver_t *dbd = get_dbdriver();
     if (dbd && dbd->list_admin_users) {
-      int ausers = dbd->list_admin_users(1);
+      const int ausers = dbd->list_admin_users(1);
       if (ausers > 0) {
         we_have_admin_users = 1;
       }
@@ -2513,7 +2513,7 @@ static void write_ps_page(ioa_socket_handle s, const char *client_protocol, cons
           "addr (IPv4)</th><th>Relay addr (IPv6)</th><th>Fingerprints</th><th>Mobile</th><th>TLS method</th><th>TLS "
           "cipher</th><th>BPS (allocated)</th><th>Packets</th><th>Rate</th><th>Peers</th></tr>\r\n");
 
-      size_t total_sz = https_print_sessions(sb, client_protocol, user_pattern, max_sessions, cs);
+      const size_t total_sz = https_print_sessions(sb, client_protocol, user_pattern, max_sessions, cs);
 
       str_buffer_append(sb, "\r\n</table>\r\n");
 
@@ -2535,7 +2535,7 @@ static size_t https_print_users(struct str_buffer *sb) {
     init_secrets_list(&realms);
     dbd->list_users((uint8_t *)current_eff_realm(), &users, &realms);
 
-    size_t sz = get_secrets_list_size(&users);
+    const size_t sz = get_secrets_list_size(&users);
     size_t i;
     for (i = 0; i < sz; ++i) {
       str_buffer_append(sb, "<tr><td>");
@@ -2659,7 +2659,7 @@ static void write_users_page(ioa_socket_handle s, const uint8_t *add_user, const
       str_buffer_append(sb, "<th> </th>");
       str_buffer_append(sb, "</tr>\r\n");
 
-      size_t total_sz = https_print_users(sb);
+      const size_t total_sz = https_print_users(sb);
 
       str_buffer_append(sb, "\r\n</table>\r\n");
 
@@ -2681,7 +2681,7 @@ static size_t https_print_secrets(struct str_buffer *sb) {
     init_secrets_list(&realms);
     dbd->list_secrets((uint8_t *)current_eff_realm(), &secrets, &realms);
 
-    size_t sz = get_secrets_list_size(&secrets);
+    const size_t sz = get_secrets_list_size(&secrets);
     size_t i;
     for (i = 0; i < sz; ++i) {
       str_buffer_append(sb, "<tr><td>");
@@ -2792,7 +2792,7 @@ static void write_shared_secrets_page(ioa_socket_handle s, const char *add_secre
       str_buffer_append(sb, "<th> </th>");
       str_buffer_append(sb, "</tr>\r\n");
 
-      size_t total_sz = https_print_secrets(sb);
+      const size_t total_sz = https_print_secrets(sb);
 
       str_buffer_append(sb, "\r\n</table>\r\n");
 
@@ -2814,7 +2814,7 @@ static size_t https_print_origins(struct str_buffer *sb) {
     init_secrets_list(&realms);
     dbd->list_origins((uint8_t *)current_eff_realm(), &origins, &realms);
 
-    size_t sz = get_secrets_list_size(&origins);
+    const size_t sz = get_secrets_list_size(&origins);
     size_t i;
     for (i = 0; i < sz; ++i) {
       str_buffer_append(sb, "<tr><td>");
@@ -2923,7 +2923,7 @@ static void write_origins_page(ioa_socket_handle s, const char *add_origin, cons
       }
       str_buffer_append(sb, "</tr>\r\n");
 
-      size_t total_sz = https_print_origins(sb);
+      const size_t total_sz = https_print_origins(sb);
 
       str_buffer_append(sb, "\r\n</table>\r\n");
 
@@ -2948,7 +2948,7 @@ static size_t https_print_oauth_keys(struct str_buffer *sb) {
     init_secrets_list(&realms);
     dbd->list_oauth_keys(&kids, &teas, &tss, &lts, &realms);
 
-    size_t sz = get_secrets_list_size(&kids);
+    const size_t sz = get_secrets_list_size(&kids);
     size_t i;
     for (i = 0; i < sz; ++i) {
       str_buffer_append(sb, "<tr><td>");
@@ -3034,7 +3034,7 @@ static void write_https_oauth_show_keys(ioa_socket_handle s, const char *kid) {
             convert_oauth_key_data_raw(&key, &okd);
 
             char err_msg[1025] = "\0";
-            size_t err_msg_size = sizeof(err_msg) - 1;
+            const size_t err_msg_size = sizeof(err_msg) - 1;
 
             oauth_key okey;
             memset(&okey, 0, sizeof(okey));
@@ -3206,7 +3206,7 @@ static void write_https_oauth_page(ioa_socket_handle s, const char *add_kid, con
       str_buffer_append(sb, "<th> </th>");
       str_buffer_append(sb, "</tr>\r\n");
 
-      size_t total_sz = https_print_oauth_keys(sb);
+      const size_t total_sz = https_print_oauth_keys(sb);
 
       str_buffer_append(sb, "\r\n</table>\r\n");
 
@@ -3376,7 +3376,7 @@ static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh) {
     } else {
       TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s: HTTPS request, path %s\n", __FUNCTION__, hr->path);
 
-      AS_FORM form = get_form(hr->path);
+      const AS_FORM form = get_form(hr->path);
 
       switch (form) {
       case AS_FORM_PC: {
@@ -3503,7 +3503,7 @@ static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh) {
                     STRCPY(p, pwd);
                     stun_produce_integrity_key_str(u, r, p, key, SHATYPE_DEFAULT);
                     size_t i = 0;
-                    size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
+                    const size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
                     int maxsz = (int)(sz * 2) + 1;
                     char *s = skey;
                     for (i = 0; (i < sz) && (maxsz > 2); i++) {
@@ -3713,7 +3713,7 @@ static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh) {
             add_tea = get_http_header_value(hr, HR_ADD_OAUTH_TEA, "");
             add_realm = get_http_header_value(hr, HR_ADD_OAUTH_REALM, "");
 
-            int keys_ok = (add_ikm[0] != 0);
+            const int keys_ok = (add_ikm[0] != 0);
             if (!keys_ok) {
               msg = "You must enter the key value.";
             } else {

src/apps/relay/turn_ports.c

@@ -90,15 +90,15 @@ static int is_taken(uint32_t status) {
 
 static void turnports_randomize(turnports *tp) {
   if (tp) {
-    unsigned int size = (unsigned int)(tp->high - tp->low);
+    const unsigned int size = (unsigned int)(tp->high - tp->low);
     unsigned int i = 0;
-    unsigned int cycles = size * 10;
+    const unsigned int cycles = size * 10;
     for (i = 0; i < cycles; i++) {
-      uint16_t port1 = (uint16_t)(tp->low + (uint16_t)(((unsigned long)turn_random()) % ((unsigned long)size)));
-      uint16_t port2 = (uint16_t)(tp->low + (uint16_t)(((unsigned long)turn_random()) % ((unsigned long)size)));
+      const uint16_t port1 = (uint16_t)(tp->low + (uint16_t)(((unsigned long)turn_random()) % ((unsigned long)size)));
+      const uint16_t port2 = (uint16_t)(tp->low + (uint16_t)(((unsigned long)turn_random()) % ((unsigned long)size)));
       if (port1 != port2) {
-        uint32_t pos1 = tp->status[port1];
-        uint32_t pos2 = tp->status[port2];
+        const uint32_t pos1 = tp->status[port1];
+        const uint32_t pos2 = tp->status[port2];
         uint32_t tmp = tp->status[port1];
         tp->status[port1] = tp->status[port2];
         tp->status[port2] = tmp;
@@ -156,7 +156,7 @@ uint16_t turnports_size(turnports *tp) {
     return 0;
   } else {
     TURN_MUTEX_LOCK(&tp->mutex);
-    uint16_t ret = (uint16_t)((tp->high - tp->low));
+    const uint16_t ret = (uint16_t)((tp->high - tp->low));
     TURN_MUTEX_UNLOCK(&tp->mutex);
     return ret;
   }
@@ -177,7 +177,7 @@ int turnports_allocate(turnports *tp) {
         return -1;
       }
 
-      int position = (uint16_t)(tp->low & 0x0000FFFF);
+      const int position = (uint16_t)(tp->low & 0x0000FFFF);
 
       port = (int)tp->ports[position];
       if (port < (int)(tp->range_start) || port > ((int)(tp->range_stop))) {
@@ -206,7 +206,7 @@ int turnports_allocate(turnports *tp) {
 void turnports_release(turnports *tp, uint16_t port) {
   TURN_MUTEX_LOCK(&tp->mutex);
   if (tp && port >= tp->range_start && port <= tp->range_stop) {
-    uint16_t position = (uint16_t)(tp->high & 0x0000FFFF);
+    const uint16_t position = (uint16_t)(tp->high & 0x0000FFFF);
     if (is_taken(tp->status[port])) {
       tp->status[port] = tp->high;
       tp->ports[position] = port;
@@ -217,24 +217,20 @@ void turnports_release(turnports *tp, uint16_t port) {
 }
 
 int turnports_allocate_even(turnports *tp, int allocate_rtcp, uint64_t *reservation_token) {
-  if (!tp) {
-    return -1;
-  }
-
-  TURN_MUTEX_LOCK(&tp->mutex);
-  uint16_t size = turnports_size(tp);
-  if (size > 1) {
-    for (uint16_t i = 0; i < size; i++) {
-      int port = turnports_allocate(tp);
-      if (port & 0x00000001) {
-        turnports_release(tp, port);
-      } else {
-        if (!allocate_rtcp) {
-          TURN_MUTEX_UNLOCK(&tp->mutex);
-          return port;
+  if (tp) {
+    TURN_MUTEX_LOCK(&tp->mutex);
+    const uint16_t size = turnports_size(tp);
+    if (size > 1) {
+      uint16_t i = 0;
+      for (i = 0; i < size; i++) {
+        const int port = turnports_allocate(tp);
+        if (port & 0x00000001) {
+          turnports_release(tp, port);
         } else {
-          int rtcp_port = port + 1;
-          if ((rtcp_port > tp->range_stop) || !turnports_is_available(tp, rtcp_port)) {
+          const int rtcp_port = port + 1;
+          if (rtcp_port > tp->range_stop) {
+            turnports_release(tp, port);
+          } else if (!turnports_is_available(tp, rtcp_port)) {
             turnports_release(tp, port);
           } else {
             tp->status[port] = TPS_TAKEN_EVEN;
@@ -253,6 +249,7 @@ int turnports_allocate_even(turnports *tp, int allocate_rtcp, uint64_t *reservat
       }
     }
   }
+
   TURN_MUTEX_UNLOCK(&tp->mutex);
 
   return -1;
@@ -263,7 +260,7 @@ int turnports_is_allocated(turnports *tp, uint16_t port) {
     return 0;
   } else {
     TURN_MUTEX_LOCK(&tp->mutex);
-    int ret = is_taken(tp->status[port]);
+    const int ret = is_taken(tp->status[port]);
     TURN_MUTEX_UNLOCK(&tp->mutex);
     return ret;
   }
@@ -272,9 +269,9 @@ int turnports_is_allocated(turnports *tp, uint16_t port) {
 int turnports_is_available(turnports *tp, uint16_t port) {
   if (tp) {
     TURN_MUTEX_LOCK(&tp->mutex);
-    uint32_t status = tp->status[port];
+    const uint32_t status = tp->status[port];
     if ((status != TPS_OUT_OF_RANGE) && !is_taken(status)) {
-      uint16_t position = (uint16_t)(status & 0x0000FFFF);
+      const uint16_t position = (uint16_t)(status & 0x0000FFFF);
       if (tp->ports[position] == port) {
         TURN_MUTEX_UNLOCK(&tp->mutex);
         return 1;

src/apps/relay/userdb.c

@@ -206,7 +206,7 @@ void get_realm_options_by_name(char *realm, realm_options_t *ro) {
 }
 
 int change_total_quota(char *realm, int value) {
-  int ret = value;
+  const int ret = value;
   lock_realms();
   realm_params_t *rp = get_realm(realm);
   rp->options.perf_options.total_quota = value;
@@ -215,7 +215,7 @@ int change_total_quota(char *realm, int value) {
 }
 
 int change_user_quota(char *realm, int value) {
-  int ret = value;
+  const int ret = value;
   lock_realms();
   realm_params_t *rp = get_realm(realm);
   rp->options.perf_options.user_quota = value;
@@ -413,7 +413,7 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, uint8_t *u
                                                         STUN_ATTRIBUTE_OAUTH_ACCESS_TOKEN);
     if (sar) {
 
-      int len = stun_attr_get_len(sar);
+      const int len = stun_attr_get_len(sar);
       const uint8_t *value = stun_attr_get_value(sar);
 
       *out_oauth = 1;
@@ -427,7 +427,7 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, uint8_t *u
           oauth_key_data_raw rawKey;
           memset(&rawKey, 0, sizeof(rawKey));
 
-          int gres = (*(dbd->get_oauth_key))(usname, &rawKey);
+          const int gres = (*(dbd->get_oauth_key))(usname, &rawKey);
           if (gres < 0) {
             return ret;
           }
@@ -448,7 +448,7 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, uint8_t *u
           convert_oauth_key_data_raw(&rawKey, &okd);
 
           char err_msg[1025] = "\0";
-          size_t err_msg_size = sizeof(err_msg) - 1;
+          const size_t err_msg_size = sizeof(err_msg) - 1;
 
           oauth_key okey;
           memset(&okey, 0, sizeof(okey));
@@ -502,11 +502,11 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, uint8_t *u
                                                       ioa_network_buffer_get_size(nbh), dot.enc_block.mac_key, pwdtmp,
                                                       SHATYPE_DEFAULT) > 0) {
 
-            turn_time_t lifetime = (turn_time_t)(dot.enc_block.lifetime);
+            const turn_time_t lifetime = (turn_time_t)(dot.enc_block.lifetime);
             if (lifetime) {
-              turn_time_t ts = (turn_time_t)(dot.enc_block.timestamp >> 16);
-              turn_time_t to = ts + lifetime + OAUTH_TIME_DELTA;
-              turn_time_t ct = turn_time();
+              const turn_time_t ts = (turn_time_t)(dot.enc_block.timestamp >> 16);
+              const turn_time_t to = ts + lifetime + OAUTH_TIME_DELTA;
+              const turn_time_t ct = turn_time();
               if (!turn_time_before(ct, to)) {
                 TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "oAuth token is too old\n");
                 return -1;
@@ -535,7 +535,7 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, uint8_t *u
 
   if (turn_params.use_auth_secret_with_timestamp) {
 
-    turn_time_t ctime = (turn_time_t)time(NULL);
+    const turn_time_t ctime = (turn_time_t)time(NULL);
     turn_time_t ts = 0;
     secrets_list_t sl;
     size_t sll = 0;
@@ -562,7 +562,7 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, uint8_t *u
         return -1;
       }
 
-      int sarlen = stun_attr_get_len(sar);
+      const int sarlen = stun_attr_get_len(sar);
       switch (sarlen) {
       case SHA1SIZEBYTES:
         hmac_len = SHA1SIZEBYTES;
@@ -621,7 +621,7 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, uint8_t *u
   ur_string_map_unlock(turn_params.default_users_db.ram_db.static_accounts);
 
   if (ret == 0) {
-    size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
+    const size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
     memcpy(key, ukey, sz);
     return 0;
   }
@@ -730,7 +730,7 @@ int add_static_user_account(char *user) {
     return -1;
   }
 
-  size_t ulen = s - user;
+  const size_t ulen = s - user;
 
   // TODO: TURN usernames should be length limited by the RFC.
   // are user account names as well? If so, we can avoid allocating
@@ -758,7 +758,7 @@ int add_static_user_account(char *user) {
 
   if (strstr(s, "0x") == s) {
     char *keysource = s + 2;
-    size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
+    const size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
     if (strlen(keysource) < sz * 2) {
       TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong key format: %s\n", s);
     }
@@ -968,7 +968,7 @@ int adminuser(uint8_t *user, uint8_t *realm, uint8_t *pwd, uint8_t *secret, uint
 
     {
       stun_produce_integrity_key_str(user, realm, pwd, key, SHATYPE_DEFAULT);
-      size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
+      const size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
       int maxsz = (int)(sz * 2) + 1;
       char *s = skey;
       for (size_t i = 0; (i < sz) && (maxsz > 2); i++) {

src/apps/rfc5769/rfc5769check.c

@@ -127,7 +127,7 @@ static int check_oauth(void) {
             convert_oauth_key_data_raw(&okdr, &okd);
 
             char err_msg[1025] = "\0";
-            size_t err_msg_size = sizeof(err_msg) - 1;
+            const size_t err_msg_size = sizeof(err_msg) - 1;
 
             if (!convert_oauth_key_data(&okd, &key, err_msg, err_msg_size)) {
               fprintf(stderr, "%s\n", err_msg);
@@ -358,11 +358,13 @@ int main(int argc, const char **argv) {
       if (memcmp(buf, reqltc, len) != 0) {
         printf("failure: wrong message content\n");
         {
-          size_t const lines = 29;
-          size_t const cols = 4;
-          for (size_t line = 0; line < lines; line++) {
-            for (size_t col = 0; col < cols; col++) {
-              uint8_t c = buf[line * 4 + col];
+          const size_t lines = 29;
+          size_t line = 0;
+          size_t col = 0;
+          const size_t cols = 4;
+          for (line = 0; line < lines; line++) {
+            for (col = 0; col < cols; col++) {
+              const uint8_t c = buf[line * 4 + col];
               printf(" %2x", (int)c);
             }
             printf("\n");

src/apps/stunclient/stunclient.c

@@ -108,10 +108,10 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780,
     rpa.setResponsePort((uint16_t)response_port);
     try {
       req.addAttr(rpa);
-    } catch (turn::WrongStunAttrFormatException const &ex1) {
+    } catch (const turn::WrongStunAttrFormatException &ex1) {
       printf("Wrong rp attr format\n");
       exit(-1);
-    } catch (turn::WrongStunBufferFormatException const &ex2) {
+    } catch (const turn::WrongStunBufferFormatException &ex2) {
       printf("Wrong stun buffer format (1)\n");
       exit(-1);
     } catch (...) {
@@ -125,10 +125,10 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780,
     cra.setChangePort(change_port);
     try {
       req.addAttr(cra);
-    } catch (turn::WrongStunAttrFormatException const &ex1) {
+    } catch (const turn::WrongStunAttrFormatException &ex1) {
       printf("Wrong cr attr format\n");
       exit(-1);
-    } catch (turn::WrongStunBufferFormatException const &ex2) {
+    } catch (const turn::WrongStunBufferFormatException &ex2) {
       printf("Wrong stun buffer format (2)\n");
       exit(-1);
     } catch (...) {
@@ -141,10 +141,10 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780,
     pa.setPadding(1500);
     try {
       req.addAttr(pa);
-    } catch (turn::WrongStunAttrFormatException const &ex1) {
+    } catch (const turn::WrongStunAttrFormatException &ex1) {
       printf("Wrong p attr format\n");
       exit(-1);
-    } catch (turn::WrongStunBufferFormatException const &ex2) {
+    } catch (const turn::WrongStunBufferFormatException &ex2) {
       printf("Wrong stun buffer format (3)\n");
       exit(-1);
     } catch (...) {
@@ -154,8 +154,8 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780,
   }
 
   {
-    int len = 0;
-    ssize_t slen = get_ioa_addr_len(&remote_addr);
+    const int len = 0;
+    const ssize_t slen = get_ioa_addr_len(&remote_addr);
 
     do {
       len = sendto(udp_fd, req.getRawBuffer(), req.getSize(), 0, (struct sockaddr *)&remote_addr, (socklen_t)slen);
@@ -218,12 +218,12 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780,
                 *rfc5780 = 1;
                 printf("\n========================================\n");
                 printf("RFC 5780 response %d\n", ++counter);
-                ioa_addr other_addr;
+                const ioa_addr other_addr;
                 turn::StunAttrAddr addr1(iter1);
                 addr1.getAddr(other_addr);
                 turn::StunAttrIterator iter2(res, STUN_ATTRIBUTE_RESPONSE_ORIGIN);
                 if (!iter2.eof()) {
-                  ioa_addr response_origin;
+                  const ioa_addr response_origin;
                   turn::StunAttrAddr addr2(iter2);
                   addr2.getAddr(response_origin);
                   addr_debug_print(1, &response_origin, "Response origin: ");

src/apps/uclient/mainuclient.c

@@ -211,7 +211,7 @@ int main(int argc, char **argv) {
       convert_oauth_key_data_raw(&okdr_array[2], &okd_array[2]);
 
       char err_msg[1025] = "\0";
-      size_t err_msg_size = sizeof(err_msg) - 1;
+      const size_t err_msg_size = sizeof(err_msg) - 1;
 
       if (!convert_oauth_key_data(&okd_array[0], &okey_array[0], err_msg, err_msg_size)) {
         fprintf(stderr, "%s\n", err_msg);

src/apps/uclient/startuclient.c

@@ -92,11 +92,9 @@ static int get_allocate_address_family(ioa_addr *relay_addr) {
 
 static SSL *tls_connect(ioa_socket_raw fd, ioa_addr *remote_addr, bool *try_again, int connect_cycle) {
 
-  int ctxtype = (int)(((unsigned long)turn_random()) % root_tls_ctx_num);
+  const int ctxtype = (int)(((unsigned long)turn_random()) % root_tls_ctx_num);
 
-  SSL *ssl;
-
-  ssl = SSL_new(root_tls_ctx[ctxtype]);
+  SSL *const ssl = SSL_new(root_tls_ctx[ctxtype]);
 
   SSL_set_alpn_protos(ssl, kALPNProtos, kALPNProtosLen);
 
@@ -140,7 +138,7 @@ static SSL *tls_connect(ioa_socket_raw fd, ioa_addr *remote_addr, bool *try_agai
     do {
       rc = SSL_connect(ssl);
     } while (rc < 0 && socket_eintr());
-    int orig_errno = socket_errno();
+    const int orig_errno = socket_errno();
     if (rc > 0) {
       TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s: client session connected with cipher %s, method=%s\n", __FUNCTION__,
                     SSL_get_cipher(ssl), turn_get_ssl_method(ssl, NULL));
@@ -318,9 +316,9 @@ start_socket:
 int read_mobility_ticket(app_ur_conn_info *clnet_info, stun_buffer *message) {
   int ret = 0;
   if (clnet_info && message) {
-    stun_attr_ref s_mobile_id_sar = stun_attr_get_first_by_type(message, STUN_ATTRIBUTE_MOBILITY_TICKET);
+    const stun_attr_ref s_mobile_id_sar = stun_attr_get_first_by_type(message, STUN_ATTRIBUTE_MOBILITY_TICKET);
     if (s_mobile_id_sar) {
-      int smid_len = stun_attr_get_len(s_mobile_id_sar);
+      const int smid_len = stun_attr_get_len(s_mobile_id_sar);
       if (smid_len > 0 && (((size_t)smid_len) < sizeof(clnet_info->s_mobile_id))) {
         const uint8_t *smid_val = stun_attr_get_value(s_mobile_id_sar);
         if (smid_val) {
@@ -341,11 +339,15 @@ int read_mobility_ticket(app_ur_conn_info *clnet_info, stun_buffer *message) {
 
 void add_origin(stun_buffer *message) {
   if (message && origin[0]) {
-    const char *some_origin = "https://carleon.gov:443";
-    stun_attr_add(message, STUN_ATTRIBUTE_ORIGIN, some_origin, strlen(some_origin));
+    {
+      const char *const some_origin = "https://carleon.gov:443";
+      stun_attr_add(message, STUN_ATTRIBUTE_ORIGIN, some_origin, strlen(some_origin));
+    }
     stun_attr_add(message, STUN_ATTRIBUTE_ORIGIN, origin, strlen(origin));
-    some_origin = "ftp://uffrith.net";
-    stun_attr_add(message, STUN_ATTRIBUTE_ORIGIN, some_origin, strlen(some_origin));
+    {
+      const char *const some_origin = "ftp://uffrith.net";
+      stun_attr_add(message, STUN_ATTRIBUTE_ORIGIN, some_origin, strlen(some_origin));
+    }
   }
 }
 
@@ -377,8 +379,8 @@ beg_allocate:
       reopen_socket = false;
     }
 
-    int af4 = dual_allocation || (af == STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY_VALUE_IPV4);
-    int af6 = dual_allocation || (af == STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY_VALUE_IPV6);
+    const int af4 = dual_allocation || (af == STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY_VALUE_IPV4);
+    const int af6 = dual_allocation || (af == STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY_VALUE_IPV6);
 
     uint64_t reservation_token = 0;
     char *rt = NULL;
@@ -428,7 +430,7 @@ beg_allocate:
 
     while (!allocate_sent) {
 
-      int len = send_buffer(clnet_info, &request_message, 0, 0);
+      const int len = send_buffer(clnet_info, &request_message, 0, 0);
 
       if (len > 0) {
         if (verbose) {
@@ -452,7 +454,7 @@ beg_allocate:
       bool allocate_received = false;
       while (!allocate_received) {
 
-        int len = recv_buffer(clnet_info, &response_message, 1, 0, NULL, &request_message);
+        const int len = recv_buffer(clnet_info, &response_message, 1, 0, NULL, &request_message);
 
         if (len > 0) {
           if (verbose) {
@@ -480,7 +482,7 @@ beg_allocate:
               stun_attr_ref sar = stun_attr_get_first(&response_message);
               while (sar) {
 
-                int attr_type = stun_attr_get_type(sar);
+                const int attr_type = stun_attr_get_type(sar);
                 if (attr_type == STUN_ATTRIBUTE_XOR_RELAYED_ADDRESS) {
 
                   if (!stun_attr_get_addr(&response_message, sar, relay_addr, NULL)) {
@@ -521,8 +523,9 @@ beg_allocate:
               }
             }
 
-            stun_attr_ref rt_sar = stun_attr_get_first_by_type(&response_message, STUN_ATTRIBUTE_RESERVATION_TOKEN);
-            uint64_t rtv = stun_attr_get_reservation_token_value(rt_sar);
+            const stun_attr_ref rt_sar =
+                stun_attr_get_first_by_type(&response_message, STUN_ATTRIBUTE_RESERVATION_TOKEN);
+            const uint64_t rtv = stun_attr_get_reservation_token_value(rt_sar);
             current_reservation_token = rtv;
             if (verbose) {
               TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s: rtv=%llu\n", __FUNCTION__, (long long unsigned int)rtv);
@@ -599,10 +602,10 @@ beg_allocate:
       int fd = clnet_info->fd;
       SSL *ssl = clnet_info->ssl;
 
-      bool close_now = turn_random() % 2;
+      const bool close_now = turn_random() % 2;
 
       if (close_now) {
-        bool close_socket = (int)(turn_random() % 2);
+        const bool close_socket = (int)(turn_random() % 2);
         if (ssl && !close_socket) {
           SSL_shutdown(ssl);
           SSL_free(ssl);
@@ -655,7 +658,7 @@ beg_allocate:
       }
 
       if (dual_allocation && !mobility) {
-        uint8_t rand = (uint8_t)turn_random();
+        const uint8_t rand = (uint8_t)turn_random();
         bool add_requested_family = rand & 0x01;
         bool use_ipv4 = rand & 0x02;
 
@@ -680,7 +683,7 @@ beg_allocate:
 
       while (!refresh_sent) {
 
-        int len = send_buffer(clnet_info, &request_message, 0, 0);
+        const int len = send_buffer(clnet_info, &request_message, 0, 0);
 
         if (len > 0) {
           if (verbose) {
@@ -775,7 +778,7 @@ beg_bind:
 
   while (!cb_sent) {
 
-    int len = send_buffer(clnet_info, &request_message, 0, 0);
+    const int len = send_buffer(clnet_info, &request_message, 0, 0);
     if (len > 0) {
       if (verbose) {
         TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "channel bind sent\n");
@@ -799,7 +802,7 @@ beg_bind:
     bool cb_received = false;
     while (!cb_received) {
 
-      int len = recv_buffer(clnet_info, &response_message, 1, 0, NULL, &request_message);
+      const int len = recv_buffer(clnet_info, &response_message, 1, 0, NULL, &request_message);
       if (len > 0) {
         if (verbose) {
           TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "cb response received: \n");
@@ -873,7 +876,7 @@ beg_cp:
 
   while (!cp_sent) {
 
-    int len = send_buffer(clnet_info, &request_message, 0, 0);
+    const int len = send_buffer(clnet_info, &request_message, 0, 0);
 
     if (len > 0) {
       if (verbose) {
@@ -898,7 +901,7 @@ beg_cp:
     bool cp_received = false;
     while (!cp_received) {
 
-      int len = recv_buffer(clnet_info, &response_message, 1, 0, NULL, &request_message);
+      const int len = recv_buffer(clnet_info, &response_message, 1, 0, NULL, &request_message);
       if (len > 0) {
         if (verbose) {
           TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "cp response received: \n");
@@ -1038,7 +1041,7 @@ int start_connection(uint16_t clnet_remote_port0, const char *remote_address0, c
         }
         ioa_addr arbaddr;
         make_ioa_addr((const uint8_t *)sarbaddr, 333, &arbaddr);
-        int maxi = (unsigned short)turn_random() % EXTRA_CREATE_PERMS;
+        const int maxi = (unsigned short)turn_random() % EXTRA_CREATE_PERMS;
         for (int i = 0; i < maxi; i++) {
           uint16_t chni = 0;
           int port = (unsigned short)turn_random();
@@ -1046,7 +1049,7 @@ int start_connection(uint16_t clnet_remote_port0, const char *remote_address0, c
             port += 1024;
           }
           addr_set_port(&arbaddr, port);
-          uint8_t *u = (uint8_t *)&(arbaddr.s4.sin_addr);
+          uint8_t *const u = (uint8_t *)&(arbaddr.s4.sin_addr);
           u[(unsigned short)turn_random() % 4] = u[(unsigned short)turn_random() % 4] + 1;
           // char sss[128];
           // addr_to_string(&arbaddr,(uint8_t*)sss);
@@ -1071,13 +1074,13 @@ int start_connection(uint16_t clnet_remote_port0, const char *remote_address0, c
         }
         ioa_addr arbaddr[EXTRA_CREATE_PERMS];
         make_ioa_addr((const uint8_t *)sarbaddr, 333, &arbaddr[0]);
-        int maxi = (unsigned short)turn_random() % EXTRA_CREATE_PERMS;
+        const int maxi = (unsigned short)turn_random() % EXTRA_CREATE_PERMS;
         for (int i = 0; i < maxi; i++) {
           if (i > 0) {
             addr_cpy(&arbaddr[i], &arbaddr[0]);
           }
           addr_set_port(&arbaddr[i], (unsigned short)turn_random());
-          uint8_t *u = (uint8_t *)&(arbaddr[i].s4.sin_addr);
+          uint8_t *const u = (uint8_t *)&(arbaddr[i].s4.sin_addr);
           u[(unsigned short)turn_random() % 4] = u[(unsigned short)turn_random() % 4] + 1;
           // char sss[128];
           // addr_to_string(&arbaddr[i],(uint8_t*)sss);
@@ -1087,7 +1090,7 @@ int start_connection(uint16_t clnet_remote_port0, const char *remote_address0, c
       }
     } else {
 
-      bool const before = turn_random() % 2;
+      const bool before = turn_random() % 2;
 
       if (before) {
         if (turn_create_permission(verbose, clnet_info, &peer_addr, 1) < 0) {
@@ -1111,13 +1114,13 @@ int start_connection(uint16_t clnet_remote_port0, const char *remote_address0, c
         }
         ioa_addr arbaddr[EXTRA_CREATE_PERMS];
         make_ioa_addr((const uint8_t *)sarbaddr, 333, &arbaddr[0]);
-        int maxi = (unsigned short)turn_random() % EXTRA_CREATE_PERMS;
+        const int maxi = (unsigned short)turn_random() % EXTRA_CREATE_PERMS;
         for (int i = 0; i < maxi; i++) {
           if (i > 0) {
             addr_cpy(&arbaddr[i], &arbaddr[0]);
           }
           addr_set_port(&arbaddr[i], (unsigned short)turn_random());
-          uint8_t *u = (uint8_t *)&(arbaddr[i].s4.sin_addr);
+          uint8_t *const u = (uint8_t *)&(arbaddr[i].s4.sin_addr);
           u[(unsigned short)turn_random() % 4] = u[(unsigned short)turn_random() % 4] + 1;
           // char sss[128];
           // addr_to_string(&arbaddr,(uint8_t*)sss);
@@ -1295,7 +1298,7 @@ int start_c2c_connection(uint16_t clnet_remote_port0, const char *remote_address
       }
       ioa_addr arbaddr;
       make_ioa_addr((const uint8_t *)sarbaddr, 333, &arbaddr);
-      int maxi = (unsigned short)turn_random() % EXTRA_CREATE_PERMS;
+      const int maxi = (unsigned short)turn_random() % EXTRA_CREATE_PERMS;
       for (int i = 0; i < maxi; i++) {
         uint16_t chni = 0;
         int port = (unsigned short)turn_random();
@@ -1303,7 +1306,7 @@ int start_c2c_connection(uint16_t clnet_remote_port0, const char *remote_address
           port += 1024;
         }
         addr_set_port(&arbaddr, port);
-        uint8_t *u = (uint8_t *)&(arbaddr.s4.sin_addr);
+        uint8_t *const u = (uint8_t *)&(arbaddr.s4.sin_addr);
         u[(unsigned short)turn_random() % 4] = u[(unsigned short)turn_random() % 4] + 1;
         // char sss[128];
         // addr_to_string(&arbaddr,(uint8_t*)sss);
@@ -1323,13 +1326,13 @@ int start_c2c_connection(uint16_t clnet_remote_port0, const char *remote_address
       }
       ioa_addr arbaddr[EXTRA_CREATE_PERMS];
       make_ioa_addr((const uint8_t *)sarbaddr, 333, &arbaddr[0]);
-      int maxi = (unsigned short)turn_random() % EXTRA_CREATE_PERMS;
+      const int maxi = (unsigned short)turn_random() % EXTRA_CREATE_PERMS;
       for (int i = 0; i < maxi; i++) {
         if (i > 0) {
           addr_cpy(&arbaddr[i], &arbaddr[0]);
         }
         addr_set_port(&arbaddr[i], (unsigned short)turn_random());
-        uint8_t *u = (uint8_t *)&(arbaddr[i].s4.sin_addr);
+        uint8_t *const u = (uint8_t *)&(arbaddr[i].s4.sin_addr);
         u[(unsigned short)turn_random() % 4] = u[(unsigned short)turn_random() % 4] + 1;
         // char sss[128];
         // addr_to_string(&arbaddr[i],(uint8_t*)sss);
@@ -1373,10 +1376,10 @@ int start_c2c_connection(uint16_t clnet_remote_port0, const char *remote_address
       }
       ioa_addr arbaddr;
       make_ioa_addr((const uint8_t *)sarbaddr, 333, &arbaddr);
-      int maxi = (unsigned short)turn_random() % EXTRA_CREATE_PERMS;
+      const int maxi = (unsigned short)turn_random() % EXTRA_CREATE_PERMS;
       for (int i = 0; i < maxi; i++) {
         addr_set_port(&arbaddr, (unsigned short)turn_random());
-        uint8_t *u = (uint8_t *)&(arbaddr.s4.sin_addr);
+        uint8_t *const u = (uint8_t *)&(arbaddr.s4.sin_addr);
         u[(unsigned short)turn_random() % 4] = u[(unsigned short)turn_random() % 4] + 1;
         // char sss[128];
         // addr_to_string(&arbaddr,(uint8_t*)sss);
@@ -1491,7 +1494,7 @@ beg_cb:
 
   while (!cb_sent) {
 
-    int len = send_buffer(clnet_info, &request_message, 1, atc);
+    const int len = send_buffer(clnet_info, &request_message, 1, atc);
 
     if (len > 0) {
       if (verbose) {
@@ -1519,7 +1522,7 @@ beg_cb:
     bool cb_received = false;
     while (!cb_received) {
 
-      int len = recv_buffer(clnet_info, &response_message, 1, 1, atc, &request_message);
+      const int len = recv_buffer(clnet_info, &response_message, 1, 1, atc, &request_message);
       if (len > 0) {
         if (verbose) {
           TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "connect bind response received: \n");
@@ -1585,7 +1588,7 @@ again:
   set_sock_buf_size(clnet_fd, (UR_CLIENT_SOCK_BUF_SIZE << 2));
 
   ++elem->pinfo.tcp_conn_number;
-  int i = (int)(elem->pinfo.tcp_conn_number - 1);
+  const int i = (int)(elem->pinfo.tcp_conn_number - 1);
   elem->pinfo.tcp_conn =
       (app_tcp_conn_info **)realloc(elem->pinfo.tcp_conn, elem->pinfo.tcp_conn_number * sizeof(app_tcp_conn_info *));
   elem->pinfo.tcp_conn[i] = (app_tcp_conn_info *)calloc(sizeof(app_tcp_conn_info), 1);
@@ -1601,44 +1604,41 @@ again:
 
   addr_get_from_sock(clnet_fd, &(elem->pinfo.tcp_conn[i]->tcp_data_local_addr));
 
-  {
-    int cycle = 0;
-    while (cycle++ < 1024) {
-      int err = 0;
-      if (addr_connect(clnet_fd, &(elem->pinfo.remote_addr), &err) < 0) {
-        if (err == EADDRINUSE) {
-          socket_closesocket(clnet_fd);
-          clnet_fd =
-              socket(elem->pinfo.remote_addr.ss.sa_family, CLIENT_STREAM_SOCKET_TYPE, CLIENT_STREAM_SOCKET_PROTOCOL);
-          if (clnet_fd < 0) {
-            perror("socket");
-            exit(-1);
-          }
-          if (sock_bind_to_device(clnet_fd, client_ifname) < 0) {
-            TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Cannot bind client socket to device %s\n", client_ifname);
-          }
-          set_sock_buf_size(clnet_fd, UR_CLIENT_SOCK_BUF_SIZE << 2);
+  for (int cycle = 0; cycle < 1024; ++cycle) {
+    int err = 0;
+    if (addr_connect(clnet_fd, &(elem->pinfo.remote_addr), &err) < 0) {
+      if (err == EADDRINUSE) {
+        socket_closesocket(clnet_fd);
+        clnet_fd =
+            socket(elem->pinfo.remote_addr.ss.sa_family, CLIENT_STREAM_SOCKET_TYPE, CLIENT_STREAM_SOCKET_PROTOCOL);
+        if (clnet_fd < 0) {
+          perror("socket");
+          exit(-1);
+        }
+        if (sock_bind_to_device(clnet_fd, client_ifname) < 0) {
+          TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Cannot bind client socket to device %s\n", client_ifname);
+        }
+        set_sock_buf_size(clnet_fd, UR_CLIENT_SOCK_BUF_SIZE << 2);
 
-          elem->pinfo.tcp_conn[i]->tcp_data_fd = clnet_fd;
+        elem->pinfo.tcp_conn[i]->tcp_data_fd = clnet_fd;
 
-          addr_cpy(&(elem->pinfo.tcp_conn[i]->tcp_data_local_addr), &(elem->pinfo.local_addr));
+        addr_cpy(&(elem->pinfo.tcp_conn[i]->tcp_data_local_addr), &(elem->pinfo.local_addr));
 
-          addr_set_port(&(elem->pinfo.tcp_conn[i]->tcp_data_local_addr), 0);
+        addr_set_port(&(elem->pinfo.tcp_conn[i]->tcp_data_local_addr), 0);
 
-          addr_bind(clnet_fd, &(elem->pinfo.tcp_conn[i]->tcp_data_local_addr), 1, 1, TCP_SOCKET);
+        addr_bind(clnet_fd, &(elem->pinfo.tcp_conn[i]->tcp_data_local_addr), 1, 1, TCP_SOCKET);
 
-          addr_get_from_sock(clnet_fd, &(elem->pinfo.tcp_conn[i]->tcp_data_local_addr));
+        addr_get_from_sock(clnet_fd, &(elem->pinfo.tcp_conn[i]->tcp_data_local_addr));
 
-          continue;
+        continue;
 
-        } else {
-          perror("connect");
-          TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s: cannot connect to remote addr\n", __FUNCTION__);
-          exit(-1);
-        }
       } else {
-        break;
+        perror("connect");
+        TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s: cannot connect to remote addr\n", __FUNCTION__);
+        exit(-1);
       }
+    } else {
+      break;
     }
   }
 
@@ -1662,7 +1662,7 @@ again:
 
     socket_set_nonblocking(clnet_fd);
 
-    struct event *ev = event_new(client_event_base, clnet_fd, EV_READ | EV_PERSIST, client_input_handler, elem);
+    struct event *const ev = event_new(client_event_base, clnet_fd, EV_READ | EV_PERSIST, client_input_handler, elem);
 
     event_add(ev, NULL);
 

src/client/ns_turn_ioaddr.c

@@ -520,7 +520,7 @@ int ioa_addr_is_multicast(ioa_addr *addr) {
       const uint8_t *u = ((const uint8_t *)&(addr->s4.sin_addr));
       return (u[0] > 223);
     } else if (addr->ss.sa_family == AF_INET6) {
-      uint8_t u = ((const uint8_t *)&(addr->s6.sin6_addr))[0];
+      const uint8_t u = ((const uint8_t *)&(addr->s6.sin6_addr))[0];
       return (u == 255);
     }
   }
@@ -584,7 +584,7 @@ static size_t mcount = 0;
 static size_t msz = 0;
 
 void ioa_addr_add_mapping(ioa_addr *apub, ioa_addr *apriv) {
-  size_t new_size = msz + sizeof(ioa_addr *);
+  const size_t new_size = msz + sizeof(ioa_addr *);
   public_addrs = (ioa_addr **)realloc(public_addrs, new_size);
   private_addrs = (ioa_addr **)realloc(private_addrs, new_size);
   public_addrs[mcount] = (ioa_addr *)malloc(sizeof(ioa_addr));

src/client/ns_turn_msg.c

@@ -175,11 +175,11 @@ bool stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm,
   ERR_clear_error();
   UNUSED_ARG(shatype);
 
-  size_t ulen = strlen((const char *)uname);
-  size_t rlen = strlen((const char *)realm);
-  size_t plen = strlen((const char *)upwd);
-  size_t sz = ulen + 1 + rlen + 1 + plen + 1 + 10;
-  size_t strl = ulen + 1 + rlen + 1 + plen;
+  const size_t ulen = strlen((const char *)uname);
+  const size_t rlen = strlen((const char *)realm);
+  const size_t plen = strlen((const char *)upwd);
+  const size_t sz = ulen + 1 + rlen + 1 + plen + 1 + 10;
+  const size_t strl = ulen + 1 + rlen + 1 + plen;
   uint8_t *str = (uint8_t *)malloc(sz + 1);
 
   strncpy((char *)str, (const char *)uname, sz);
@@ -347,7 +347,7 @@ int stun_get_command_message_len_str(const uint8_t *buf, size_t len) {
   }
 
   /* Validate the size the buffer claims to be */
-  size_t bufLen = (size_t)(nswap16(((const uint16_t *)(buf))[1]) + STUN_HEADER_LENGTH);
+  const size_t bufLen = (size_t)(nswap16(((const uint16_t *)(buf))[1]) + STUN_HEADER_LENGTH);
   if (bufLen > len) {
     return -1;
   }
@@ -375,7 +375,7 @@ uint16_t stun_get_method_str(const uint8_t *buf, size_t len) {
     return (uint16_t)-1;
   }
 
-  uint16_t tt = nswap16(((const uint16_t *)buf)[0]);
+  const uint16_t tt = nswap16(((const uint16_t *)buf)[0]);
 
   return (tt & 0x000F) | ((tt & 0x00E0) >> 1) | ((tt & 0x0E00) >> 2) | ((tt & 0x3000) >> 2);
 }
@@ -398,7 +398,7 @@ bool stun_is_command_message_str(const uint8_t *buf, size_t blen) {
     if (!STUN_VALID_CHANNEL(nswap16(((const uint16_t *)buf)[0]))) {
       if ((((uint8_t)buf[0]) & ((uint8_t)(0xC0))) == 0) {
         if (nswap32(((const uint32_t *)(buf))[1]) == STUN_MAGIC_COOKIE) {
-          uint16_t len = nswap16(((const uint16_t *)(buf))[1]);
+          const uint16_t len = nswap16(((const uint16_t *)(buf))[1]);
           if ((len & 0x0003) == 0) {
             if ((size_t)(len + STUN_HEADER_LENGTH) == blen) {
               return true;
@@ -416,7 +416,7 @@ bool old_stun_is_command_message_str(const uint8_t *buf, size_t blen, uint32_t *
     if (!STUN_VALID_CHANNEL(nswap16(((const uint16_t *)buf)[0]))) {
       if ((((uint8_t)buf[0]) & ((uint8_t)(0xC0))) == 0) {
         if (nswap32(((const uint32_t *)(buf))[1]) != STUN_MAGIC_COOKIE) {
-          uint16_t len = nswap16(((const uint16_t *)(buf))[1]);
+          const uint16_t len = nswap16(((const uint16_t *)(buf))[1]);
           if ((len & 0x0003) == 0) {
             if ((size_t)(len + STUN_HEADER_LENGTH) == blen) {
               *cookie = nswap32(((const uint32_t *)(buf))[1]);
@@ -452,8 +452,8 @@ bool stun_is_command_message_full_check_str(const uint8_t *buf, size_t blen, int
   if (!fingerprint) {
     return !must_check_fingerprint;
   }
-  uint32_t crc32len = (uint32_t)((((const uint8_t *)fingerprint) - buf) - 4);
-  bool ret = (*fingerprint == nswap32(ns_crc32(buf, crc32len) ^ ((uint32_t)FINGERPRINT_XOR)));
+  const uint32_t crc32len = (uint32_t)((((const uint8_t *)fingerprint) - buf) - 4);
+  const bool ret = (*fingerprint == nswap32(ns_crc32(buf, crc32len) ^ ((uint32_t)FINGERPRINT_XOR)));
   if (ret && fingerprint_present) {
     *fingerprint_present = ret;
   }
@@ -507,7 +507,7 @@ bool stun_is_error_response_str(const uint8_t *buf, size_t len, int *err_code, u
 bool stun_is_challenge_response_str(const uint8_t *buf, size_t len, int *err_code, uint8_t *err_msg,
                                     size_t err_msg_size, uint8_t *realm, uint8_t *nonce, uint8_t *server_name,
                                     bool *oauth) {
-  bool ret = stun_is_error_response_str(buf, len, err_code, err_msg, err_msg_size);
+  const bool ret = stun_is_error_response_str(buf, len, err_code, err_msg, err_msg_size);
 
   if (ret && (((*err_code) == 401) || ((*err_code) == 438))) {
     stun_attr_ref sar = stun_attr_get_first_by_type_str(buf, len, STUN_ATTRIBUTE_REALM);
@@ -715,7 +715,7 @@ static void stun_init_error_response_common_str(uint8_t *buf, size_t *len, uint1
 
   //"Manual" padding for compatibility with classic old stun:
   {
-    int rem = alen % 4;
+    const int rem = alen % 4;
     if (rem) {
       alen += (4 - rem);
     }
@@ -771,7 +771,7 @@ bool stun_is_channel_message_str(const uint8_t *buf, size_t *blen, uint16_t *chn
     return false;
   }
 
-  uint16_t chn = nswap16(((const uint16_t *)(buf))[0]);
+  const uint16_t chn = nswap16(((const uint16_t *)(buf))[0]);
   if (!STUN_VALID_CHANNEL(chn)) {
     return false;
   }
@@ -799,7 +799,7 @@ bool stun_is_channel_message_str(const uint8_t *buf, size_t *blen, uint16_t *chn
       } else if (datalen_header == 0) {
         return false;
       } else {
-        uint16_t diff = datalen_actual - datalen_header;
+        const uint16_t diff = datalen_actual - datalen_header;
         if (diff > 3) {
           return false;
         }
@@ -837,9 +837,9 @@ static inline const char *findstr(const char *hay, size_t slen, const char *need
   const char *ret = NULL;
 
   if (hay && slen && needle) {
-    size_t nlen = strlen(needle);
+    const size_t nlen = strlen(needle);
     if (nlen <= slen) {
-      size_t smax = slen - nlen + 1;
+      const size_t smax = slen - nlen + 1;
       const char *sp = hay;
       for (size_t i = 0; i < smax; ++i) {
         if (sheadof(needle, sp + i, ignore_case)) {
@@ -860,7 +860,7 @@ int is_http(const char *s, size_t blen) {
       const char *sp = findstr(s + 4, blen - 4, " HTTP/", false);
       if (sp) {
         sp += 6;
-        size_t diff_blen = sp - s;
+        const size_t diff_blen = sp - s;
         if (diff_blen + 4 <= blen) {
           sp = findstr(sp, blen - diff_blen, "\r\n\r\n", false);
           if (sp) {
@@ -868,7 +868,7 @@ int is_http(const char *s, size_t blen) {
             const char *clheader = "content-length: ";
             const char *cl = findstr(s, sp - s, clheader, true);
             if (cl) {
-              unsigned long clen = strtoul(cl + strlen(clheader), NULL, 10);
+              const unsigned long clen = strtoul(cl + strlen(clheader), NULL, 10);
               if (clen > 0 && clen < (0x0FFFFFFF)) {
                 ret_len += (int)clen;
               }
@@ -904,7 +904,7 @@ int stun_get_message_len_str(uint8_t *buf, size_t blen, int padding, size_t *app
 
     // HTTP request ?
     {
-      int http_len = is_http(((char *)buf), blen);
+      const int http_len = is_http(((char *)buf), blen);
       if ((http_len > 0) && ((size_t)http_len <= blen)) {
         *app_len = (size_t)http_len;
         return http_len;
@@ -913,7 +913,7 @@ int stun_get_message_len_str(uint8_t *buf, size_t blen, int padding, size_t *app
 
     /* STUN channel ? */
     if (blen >= 4) {
-      uint16_t chn = nswap16(((const uint16_t *)(buf))[0]);
+      const uint16_t chn = nswap16(((const uint16_t *)(buf))[0]);
       if (STUN_VALID_CHANNEL(chn)) {
 
         uint16_t bret = (4 + (nswap16(((const uint16_t *)(buf))[1])));
@@ -1278,7 +1278,7 @@ int stun_attr_get_len(stun_attr_ref attr) {
 
 const uint8_t *stun_attr_get_value(stun_attr_ref attr) {
   if (attr) {
-    int len = (int)(nswap16(((const uint16_t *)attr)[1]));
+    const int len = (int)(nswap16(((const uint16_t *)attr)[1]));
     if (len < 1) {
       return NULL;
     }
@@ -1289,11 +1289,11 @@ const uint8_t *stun_attr_get_value(stun_attr_ref attr) {
 
 int stun_get_requested_address_family(stun_attr_ref attr) {
   if (attr) {
-    int len = (int)(nswap16(((const uint16_t *)attr)[1]));
+    const int len = (int)(nswap16(((const uint16_t *)attr)[1]));
     if (len != 4) {
       return STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY_VALUE_INVALID;
     }
-    int val = ((const uint8_t *)attr)[4];
+    const int val = ((const uint8_t *)attr)[4];
     switch (val) {
     case STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY_VALUE_IPV4:
     case STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY_VALUE_IPV6:
@@ -1309,7 +1309,7 @@ uint16_t stun_attr_get_channel_number(stun_attr_ref attr) {
   if (attr) {
     const uint8_t *value = stun_attr_get_value(attr);
     if (value && (stun_attr_get_len(attr) >= 2)) {
-      uint16_t cn = nswap16(((const uint16_t *)value)[0]);
+      const uint16_t cn = nswap16(((const uint16_t *)value)[0]);
       if (STUN_VALID_CHANNEL(cn)) {
         return cn;
       }
@@ -1322,7 +1322,7 @@ band_limit_t stun_attr_get_bandwidth(stun_attr_ref attr) {
   if (attr) {
     const uint8_t *value = stun_attr_get_value(attr);
     if (value && (stun_attr_get_len(attr) >= 4)) {
-      uint32_t bps = nswap32(((const uint32_t *)value)[0]);
+      const uint32_t bps = nswap32(((const uint32_t *)value)[0]);
       return (band_limit_t)(bps << 7);
     }
   }
@@ -1395,7 +1395,7 @@ static stun_attr_ref stun_attr_check_valid(stun_attr_ref attr, size_t remaining)
     remaining -= 4;
 
     /* Round to boundary */
-    uint16_t rem4 = ((uint16_t)attrlen) & 0x0003;
+    const uint16_t rem4 = ((uint16_t)attrlen) & 0x0003;
     if (rem4) {
       attrlen = attrlen + 4 - (int)rem4;
     }
@@ -1410,7 +1410,7 @@ static stun_attr_ref stun_attr_check_valid(stun_attr_ref attr, size_t remaining)
 }
 
 stun_attr_ref stun_attr_get_first_str(const uint8_t *buf, size_t len) {
-  int bufLen = stun_get_command_message_len_str(buf, len);
+  const int bufLen = stun_get_command_message_len_str(buf, len);
   if (bufLen > STUN_HEADER_LENGTH) {
     stun_attr_ref attr = (stun_attr_ref)(buf + STUN_HEADER_LENGTH);
     return stun_attr_check_valid(attr, bufLen - STUN_HEADER_LENGTH);
@@ -1425,7 +1425,7 @@ stun_attr_ref stun_attr_get_next_str(const uint8_t *buf, size_t len, stun_attr_r
   } else {
     const uint8_t *end = buf + stun_get_command_message_len_str(buf, len);
     int attrlen = stun_attr_get_len(prev);
-    uint16_t rem4 = ((uint16_t)attrlen) & 0x0003;
+    const uint16_t rem4 = ((uint16_t)attrlen) & 0x0003;
     if (rem4) {
       attrlen = attrlen + 4 - (int)rem4;
     }
@@ -1447,9 +1447,9 @@ bool stun_attr_add_str(uint8_t *buf, size_t *len, uint16_t attr, const uint8_t *
     alen = 0;
     avalue = tmp;
   }
-  int clen = stun_get_command_message_len_str(buf, *len);
+  const int clen = stun_get_command_message_len_str(buf, *len);
   int newlen = clen + 4 + alen;
-  int newlenrem4 = newlen & 0x00000003;
+  const int newlenrem4 = newlen & 0x00000003;
   int paddinglen = 0;
   if (newlenrem4) {
     paddinglen = 4 - newlenrem4;
@@ -1519,7 +1519,7 @@ bool stun_attr_get_addr_str(const uint8_t *buf, size_t len, stun_attr_ref attr,
   addr_set_any(ca);
   addr_set_any(&public_addr);
 
-  int attr_type = stun_attr_get_type(attr);
+  const int attr_type = stun_attr_get_type(attr);
   if (attr_type < 0) {
     return false;
   }
@@ -1546,7 +1546,7 @@ bool stun_attr_get_addr_str(const uint8_t *buf, size_t len, stun_attr_ref attr,
   map_addr_from_public_to_private(&public_addr, ca);
 
   if (default_addr && addr_any_no_port(ca) && !addr_any_no_port(default_addr)) {
-    int port = addr_get_port(ca);
+    const int port = addr_get_port(ca);
     addr_cpy(ca, default_addr);
     addr_set_port(ca, port);
   }
@@ -1581,7 +1581,7 @@ bool stun_attr_add_channel_number_str(uint8_t *buf, size_t *len, uint16_t chnumb
 
 bool stun_attr_add_bandwidth_str(uint8_t *buf, size_t *len, band_limit_t bps0) {
 
-  uint32_t bps = (uint32_t)(band_limit_t)(bps0 >> 7);
+  const uint32_t bps = (uint32_t)(band_limit_t)(bps0 >> 7);
 
   uint32_t field = nswap32(bps);
 
@@ -1602,7 +1602,7 @@ bool stun_attr_add_address_error_code(uint8_t *buf, size_t *len, int requested_a
 
   //"Manual" padding for compatibility with classic old stun:
   {
-    int rem = alen % 4;
+    const int rem = alen % 4;
     if (rem) {
       alen += (4 - rem);
     }
@@ -1616,7 +1616,7 @@ uint16_t stun_attr_get_first_channel_number_str(const uint8_t *buf, size_t len)
   stun_attr_ref attr = stun_attr_get_first_str(buf, len);
   while (attr) {
     if (stun_attr_get_type(attr) == STUN_ATTRIBUTE_CHANNEL_NUMBER) {
-      uint16_t ret = stun_attr_get_channel_number(attr);
+      const uint16_t ret = stun_attr_get_channel_number(attr);
       if (STUN_VALID_CHANNEL(ret)) {
         return ret;
       }
@@ -1693,7 +1693,7 @@ bool SASLprep(uint8_t *s) {
     uint8_t *strin = s;
     uint8_t *strout = s;
     for (;;) {
-      uint8_t c = *strin;
+      const uint8_t c = *strin;
       if (!c) {
         *strout = 0;
         break;
@@ -1863,12 +1863,12 @@ int stun_check_message_integrity_by_key_str(turn_credential_type ct, uint8_t *bu
     return -1;
   };
 
-  int orig_len = stun_get_command_message_len_str(buf, len);
+  const int orig_len = stun_get_command_message_len_str(buf, len);
   if (orig_len < 0) {
     return -1;
   }
 
-  int new_len = (int)((const uint8_t *)sar - buf) + 4 + shasize;
+  const int new_len = (int)((const uint8_t *)sar - buf) + 4 + shasize;
   if (new_len > orig_len) {
     return -1;
   }
@@ -1980,7 +1980,7 @@ bool stun_attr_add_response_port_str(uint8_t *buf, size_t *len, uint16_t port) {
 }
 
 int stun_attr_get_padding_len_str(stun_attr_ref attr) {
-  int len = stun_attr_get_len(attr);
+  const int len = stun_attr_get_len(attr);
   if (len < 0) {
     return -1;
   }
@@ -2194,7 +2194,7 @@ int my_EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, con
     if (out) {
       ptr = out + out_len;
     }
-    int ret = EVP_EncryptUpdate(ctx, ptr, &tmp_outl, in + out_len, inl - out_len);
+    const int ret = EVP_EncryptUpdate(ctx, ptr, &tmp_outl, in + out_len, inl - out_len);
     out_len += tmp_outl;
     if (ret < 1) {
       return ret;
@@ -2214,7 +2214,7 @@ int my_EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, con
     if (out) {
       ptr = out + out_len;
     }
-    int ret = EVP_DecryptUpdate(ctx, ptr, &tmp_outl, in + out_len, inl - out_len);
+    const int ret = EVP_DecryptUpdate(ctx, ptr, &tmp_outl, in + out_len, inl - out_len);
     out_len += tmp_outl;
     if (ret < 1) {
       return ret;
@@ -2286,7 +2286,7 @@ static bool encode_oauth_token_gcm(const uint8_t *server_name, encoded_oauth_tok
     }
 
     int outl = 0;
-    size_t sn_len = strlen((const char *)server_name);
+    const size_t sn_len = strlen((const char *)server_name);
 
     /* Provide any AAD data. This can be called zero or more times as
      * required
@@ -2330,17 +2330,17 @@ static bool decode_oauth_token_gcm(const uint8_t *server_name, const encoded_oau
     memcpy(snl, (const unsigned char *)(etoken->token), 2);
     const unsigned char *csnl = snl;
 
-    uint16_t nonce_len = nswap16(*((const uint16_t *)csnl));
+    const uint16_t nonce_len = nswap16(*((const uint16_t *)csnl));
     dtoken->enc_block.nonce_length = nonce_len;
 
-    size_t min_encoded_field_size = 2 + 4 + 8 + nonce_len + 2 + OAUTH_GCM_TAG_SIZE + 1;
+    const size_t min_encoded_field_size = 2 + 4 + 8 + nonce_len + 2 + OAUTH_GCM_TAG_SIZE + 1;
     if (etoken->size < min_encoded_field_size) {
       OAUTH_ERROR("%s: token size too small: %d\n", __FUNCTION__, (int)etoken->size);
       return false;
     }
 
     const unsigned char *encoded_field = (const unsigned char *)(etoken->token + nonce_len + 2);
-    unsigned int encoded_field_size = (unsigned int)etoken->size - nonce_len - 2 - OAUTH_GCM_TAG_SIZE;
+    const unsigned int encoded_field_size = (unsigned int)etoken->size - nonce_len - 2 - OAUTH_GCM_TAG_SIZE;
     const unsigned char *nonce = ((const unsigned char *)etoken->token + 2);
     memcpy(dtoken->enc_block.nonce, nonce, nonce_len);
 
@@ -2382,7 +2382,7 @@ static bool decode_oauth_token_gcm(const uint8_t *server_name, const encoded_oau
     EVP_CIPHER_CTX_ctrl(ctxp, EVP_CTRL_GCM_SET_TAG, OAUTH_GCM_TAG_SIZE, tag);
 
     int outl = 0;
-    size_t sn_len = strlen((const char *)server_name);
+    const size_t sn_len = strlen((const char *)server_name);
 
     /* Provide any AAD data. This can be called zero or more times as
      * required

src/server/ns_turn_allocation.c

@@ -243,7 +243,7 @@ static turn_permission_info *get_from_turn_permission_hashtable(turn_permission_
     return NULL;
   }
 
-  uint32_t index = addr_hash_no_port(addr) & (TURN_PERMISSION_HASHTABLE_SIZE - 1);
+  const uint32_t index = addr_hash_no_port(addr) & (TURN_PERMISSION_HASHTABLE_SIZE - 1);
   turn_permission_array *parray = &(map->table[index]);
 
   for (size_t i = 0; i < TURN_PERMISSION_ARRAY_SIZE; ++i) {
@@ -297,7 +297,7 @@ void turn_channel_delete(ch_info *chn) {
     return;
   }
 
-  int port = addr_get_port(&(chn->peer_addr));
+  const int port = addr_get_port(&(chn->peer_addr));
   if (port < 1) {
     char s[129];
     addr_to_string(&(chn->peer_addr), (uint8_t *)s);
@@ -391,8 +391,8 @@ turn_permission_info *allocation_add_permission(allocation *a, const ioa_addr *a
   }
 
   turn_permission_hashtable *map = &(a->addr_to_perm);
-  uint32_t hash = addr_hash_no_port(addr);
-  size_t fds = (size_t)(hash & (TURN_PERMISSION_HASHTABLE_SIZE - 1));
+  const uint32_t hash = addr_hash_no_port(addr);
+  const size_t fds = (size_t)(hash & (TURN_PERMISSION_HASHTABLE_SIZE - 1));
 
   turn_permission_array *parray = &(map->table[fds]);
 

src/server/ns_turn_maps.c

@@ -147,7 +147,7 @@ bool ur_map_exist(const ur_map *map, ur_map_key_type key) {
 void ur_map_free(ur_map **map) {
   if (map && ur_map_valid(*map)) {
     {
-      static int khctest = 0;
+      static const int khctest = 0;
       if (khctest) {
         kh_clear(3, (*map)->h);
       }
@@ -224,12 +224,12 @@ bool lm_map_put(lm_map *map, ur_map_key_type key, ur_map_value_type value) {
     return false;
   }
 
-  size_t index = (size_t)(key & (LM_MAP_HASH_SIZE - 1));
+  const size_t index = (size_t)(key & (LM_MAP_HASH_SIZE - 1));
   lm_map_array *a = &(map->table[index]);
 
   for (size_t i = 0; i < LM_MAP_ARRAY_SIZE; ++i) {
-    ur_map_key_type key0 = a->main_keys[i];
-    ur_map_value_type value0 = a->main_values[i];
+    const ur_map_key_type key0 = a->main_keys[i];
+    const ur_map_value_type value0 = a->main_values[i];
 
     if (key0 == key) {
       return value0 == value;
@@ -242,7 +242,7 @@ bool lm_map_put(lm_map *map, ur_map_key_type key, ur_map_value_type value) {
     }
   }
 
-  size_t esz = a->extra_sz;
+  const size_t esz = a->extra_sz;
   if (esz && a->extra_keys && a->extra_values) {
     for (size_t i = 0; i < esz; ++i) {
       ur_map_key_type *keyp = a->extra_keys[i];
@@ -271,7 +271,7 @@ bool lm_map_put(lm_map *map, ur_map_key_type key, ur_map_value_type value) {
     }
   }
 
-  size_t old_sz = esz;
+  const size_t old_sz = esz;
   size_t old_sz_mem = esz * sizeof(ur_map_key_type *);
   a->extra_keys = (ur_map_key_type **)realloc(a->extra_keys, old_sz_mem + sizeof(ur_map_key_type *));
   assert(a->extra_keys);
@@ -294,11 +294,11 @@ bool lm_map_get(const lm_map *map, ur_map_key_type key, ur_map_value_type *value
     return false;
   }
 
-  size_t index = (size_t)(key & (LM_MAP_HASH_SIZE - 1));
+  const size_t index = (size_t)(key & (LM_MAP_HASH_SIZE - 1));
   const lm_map_array *a = &(map->table[index]);
 
   for (size_t i = 0; i < LM_MAP_ARRAY_SIZE; ++i) {
-    ur_map_key_type key0 = a->main_keys[i];
+    const ur_map_key_type key0 = a->main_keys[i];
     if ((key0 == key) && a->main_values[i]) {
       if (value) {
         *value = a->main_values[i];
@@ -307,7 +307,7 @@ bool lm_map_get(const lm_map *map, ur_map_key_type key, ur_map_value_type *value
     }
   }
 
-  size_t esz = a->extra_sz;
+  const size_t esz = a->extra_sz;
   if (esz && a->extra_keys && a->extra_values) {
     for (size_t i = 0; i < esz; ++i) {
       ur_map_key_type *keyp = a->extra_keys[i];
@@ -331,11 +331,11 @@ bool lm_map_del(lm_map *map, ur_map_key_type key, ur_map_del_func delfunc) {
     return false;
   }
 
-  size_t index = (size_t)(key & (LM_MAP_HASH_SIZE - 1));
+  const size_t index = (size_t)(key & (LM_MAP_HASH_SIZE - 1));
   lm_map_array *a = &(map->table[index]);
 
   for (size_t i = 0; i < LM_MAP_ARRAY_SIZE; ++i) {
-    ur_map_key_type key0 = a->main_keys[i];
+    const ur_map_key_type key0 = a->main_keys[i];
 
     if ((key0 == key) && a->main_values[i]) {
       if (delfunc) {
@@ -347,7 +347,7 @@ bool lm_map_del(lm_map *map, ur_map_key_type key, ur_map_del_func delfunc) {
     }
   }
 
-  size_t esz = a->extra_sz;
+  const size_t esz = a->extra_sz;
   if (esz && a->extra_keys && a->extra_values) {
     for (size_t i = 0; i < esz; ++i) {
       ur_map_key_type *keyp = a->extra_keys[i];
@@ -374,7 +374,7 @@ void lm_map_clean(lm_map *map) {
   for (size_t j = 0; j < LM_MAP_HASH_SIZE; ++j) {
     lm_map_array *a = &(map->table[j]);
 
-    size_t esz = a->extra_sz;
+    const size_t esz = a->extra_sz;
     if (esz) {
       if (a->extra_keys) {
         for (size_t i = 0; i < esz; ++i) {
@@ -420,7 +420,7 @@ size_t lm_map_size(const lm_map *map) {
       }
     }
 
-    size_t esz = a->extra_sz;
+    const size_t esz = a->extra_sz;
     if (esz && a->extra_values && a->extra_keys) {
       for (size_t j = 0; j < esz; ++j) {
         if (*(a->extra_keys[j]) && *(a->extra_values[j])) {
@@ -449,7 +449,7 @@ bool lm_map_foreach(lm_map *map, foreachcb_type func) {
       }
     }
 
-    size_t esz = a->extra_sz;
+    const size_t esz = a->extra_sz;
     if (esz && a->extra_values && a->extra_keys) {
       for (size_t j = 0; j < esz; ++j) {
         if (*(a->extra_keys[j]) && *(a->extra_values[j])) {
@@ -480,7 +480,7 @@ bool lm_map_foreach_arg(lm_map *map, foreachcb_arg_type func, void *arg) {
       }
     }
 
-    size_t esz = a->extra_sz;
+    const size_t esz = a->extra_sz;
     if (esz && a->extra_values && a->extra_keys) {
       for (size_t j = 0; j < esz; ++j) {
         if (*(a->extra_keys[j]) && *(a->extra_values[j])) {
@@ -530,8 +530,8 @@ static void addr_list_add(addr_list_header *slh, const ioa_addr *key, ur_addr_ma
   }
 
   if (!elem) {
-    size_t old_sz = slh->extra_sz;
-    size_t old_sz_mem = old_sz * sizeof(addr_elem);
+    const size_t old_sz = slh->extra_sz;
+    const size_t old_sz_mem = old_sz * sizeof(addr_elem);
     slh->extra_list = (addr_elem *)realloc(slh->extra_list, old_sz_mem + sizeof(addr_elem));
     assert(slh->extra_list);
     elem = &(slh->extra_list[old_sz]);

src/server/ns_turn_maps_rtcp.c

@@ -119,7 +119,7 @@ static bool rtcp_map_del(rtcp_map *map, rtcp_token_type token) {
   }
 
   TURN_MUTEX_LOCK(&map->mutex);
-  bool ret = ur_map_del(map->map, token, rtcp_alloc_free);
+  const bool ret = ur_map_del(map->map, token, rtcp_alloc_free);
   TURN_MUTEX_UNLOCK(&map->mutex);
   return ret;
 }
@@ -203,7 +203,7 @@ bool rtcp_map_put(rtcp_map *map, rtcp_token_type token, ioa_socket_handle s) {
     value->t = turn_time() + RTCP_TIMEOUT;
     value->token = token;
     TURN_MUTEX_LOCK(&map->mutex);
-    bool ret = ur_map_put(map->map, token, (ur_map_value_type)value);
+    const bool ret = ur_map_put(map->map, token, (ur_map_value_type)value);
     // TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO,"%s: 111.111: ret=%d, token=%llu\n",__FUNCTION__,ret,token);
     TURN_MUTEX_UNLOCK(&map->mutex);
     if (!ret) {
@@ -223,7 +223,7 @@ ioa_socket_handle rtcp_map_get(rtcp_map *map, rtcp_token_type token) {
   if (rtcp_map_valid(map)) {
     ur_map_value_type value;
     TURN_MUTEX_LOCK(&map->mutex);
-    int ret = ur_map_get(map->map, token, &value);
+    const int ret = ur_map_get(map->map, token, &value);
     if (ret) {
       rtcp_alloc_type *rval = (rtcp_alloc_type *)value;
       if (rval) {
@@ -253,7 +253,7 @@ void rtcp_map_free(rtcp_map **map) {
 size_t rtcp_map_size(const rtcp_map *map) {
   if (rtcp_map_valid(map)) {
     TURN_MUTEX_LOCK(&map->mutex);
-    size_t ret = ur_map_size(map->map);
+    const size_t ret = ur_map_size(map->map);
     TURN_MUTEX_UNLOCK(&map->mutex);
     return ret;
   } else {

src/server/ns_turn_server.c

@@ -265,7 +265,7 @@ static int is_rfc5780(turn_turnserver *server) {
 
 static int get_other_address(turn_turnserver *server, ts_ur_super_session *ss, ioa_addr *alt_addr) {
   if (is_rfc5780(server) && ss && ss->client_socket) {
-    int ret = server->alt_addr_cb(get_local_addr_from_ioa_socket(ss->client_socket), alt_addr);
+    const int ret = server->alt_addr_cb(get_local_addr_from_ioa_socket(ss->client_socket), alt_addr);
     return ret;
   }
 
@@ -288,7 +288,7 @@ static int good_peer_addr(turn_turnserver *server, const char *realm, ioa_addr *
   if ((r)[0] && realm && realm[0] && strcmp((r), realm))                                                               \
   continue
 
-  turnserver_id server_id = (turnserver_id)(session_id / TURN_SESSION_ID_FACTOR);
+  const turnserver_id server_id = (turnserver_id)(session_id / TURN_SESSION_ID_FACTOR);
   if (server && peer_addr) {
     if (*(server->no_multicast_peers) && ioa_addr_is_multicast(peer_addr)) {
       return 0;
@@ -440,7 +440,7 @@ struct tsi_arg {
 static bool turn_session_info_foreachcb(ur_map_key_type key, ur_map_value_type value, void *arg) {
   UNUSED_ARG(value);
 
-  int port = (int)key;
+  const int port = (int)key;
   struct tsi_arg *ta = (struct tsi_arg *)arg;
   if (port && ta && ta->tsi && ta->addr) {
     ioa_addr a;
@@ -582,7 +582,7 @@ int turn_session_info_copy_from(struct turn_session_info *tsi, ts_ur_super_sessi
           {
             turn_permission_slot **slots = parray->extra_slots;
             if (slots) {
-              size_t sz = parray->extra_sz;
+              const size_t sz = parray->extra_sz;
               size_t j;
               for (j = 0; j < sz; ++j) {
                 turn_permission_slot *slot = slots[j];
@@ -601,7 +601,7 @@ int turn_session_info_copy_from(struct turn_session_info *tsi, ts_ur_super_sessi
         tcp_connection_list *tcl = &(ss->alloc.tcs);
         if (tcl->elems) {
           size_t i;
-          size_t sz = tcl->sz;
+          const size_t sz = tcl->sz;
           for (i = 0; i < sz; ++i) {
             if (tcl->elems[i]) {
               tcp_connection *tc = tcl->elems[i];
@@ -831,7 +831,7 @@ static int turn_server_remove_all_from_ur_map_ss(ts_ur_super_session *ss, SOCKET
   if (!ss) {
     return 0;
   } else {
-    int ret = 0;
+    const int ret = 0;
     if (ss->client_socket) {
       clear_ioa_socket_session_if(ss->client_socket, ss);
     }
@@ -1055,7 +1055,7 @@ static int handle_turn_allocate(turn_turnserver *server, ts_ur_super_session *ss
         stun_attr_get_first_str(ioa_network_buffer_data(in_buffer->nbh), ioa_network_buffer_get_size(in_buffer->nbh));
     while (sar && (!(*err_code)) && (*ua_num < MAX_NUMBER_OF_UNKNOWN_ATTRS)) {
 
-      int attr_type = stun_attr_get_type(sar);
+      const int attr_type = stun_attr_get_type(sar);
 
       if (attr_type == STUN_ATTRIBUTE_USERNAME) {
         const uint8_t *value = stun_attr_get_value(sar);
@@ -1114,7 +1114,7 @@ static int handle_turn_allocate(turn_turnserver *server, ts_ur_super_session *ss
               *err_code = 442;
               *reason = (const uint8_t *)"UDP Transport is not allowed by the TURN Server configuration";
             } else if (ss->client_socket) {
-              SOCKET_TYPE cst = get_ioa_socket_type(ss->client_socket);
+              const SOCKET_TYPE cst = get_ioa_socket_type(ss->client_socket);
               if ((transport == STUN_ATTRIBUTE_TRANSPORT_TCP_VALUE) && !is_stream_socket(cst)) {
                 *err_code = 400;
                 *reason = (const uint8_t *)"Wrong Transport Data";
@@ -1163,7 +1163,7 @@ static int handle_turn_allocate(turn_turnserver *server, ts_ur_super_session *ss
         }
       } break;
       case STUN_ATTRIBUTE_RESERVATION_TOKEN: {
-        int len = stun_attr_get_len(sar);
+        const int len = stun_attr_get_len(sar);
         if (len != 8) {
           *err_code = 400;
           *reason = (const uint8_t *)"Wrong Format of Reservation Token";
@@ -1197,7 +1197,7 @@ static int handle_turn_allocate(turn_turnserver *server, ts_ur_super_session *ss
           *err_code = 400;
           *reason = (const uint8_t *)"Extra address family attribute can not be used in the request";
         } else {
-          int af_req = stun_get_requested_address_family(sar);
+          const int af_req = stun_get_requested_address_family(sar);
           switch (af_req) {
           case STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY_VALUE_IPV4:
             if (attr_type == STUN_ATTRIBUTE_ADDITIONAL_ADDRESS_FAMILY) {
@@ -1332,8 +1332,9 @@ static int handle_turn_allocate(turn_turnserver *server, ts_ur_super_session *ss
             }
           }
           if (!af4 && af6) {
-            int af6res = create_relay_connection(server, ss, lifetime, af6, transport, even_port, in_reservation_token,
-                                                 &out_reservation_token, err_code, reason, tcp_peer_accept_connection);
+            const int af6res =
+                create_relay_connection(server, ss, lifetime, af6, transport, even_port, in_reservation_token,
+                                        &out_reservation_token, err_code, reason, tcp_peer_accept_connection);
             if (af6res < 0) {
               set_relay_session_failure(alloc, AF_INET6);
               if (!(*err_code)) {
@@ -1341,8 +1342,9 @@ static int handle_turn_allocate(turn_turnserver *server, ts_ur_super_session *ss
               }
             }
           } else if (af4 && !af6) {
-            int af4res = create_relay_connection(server, ss, lifetime, af4, transport, even_port, in_reservation_token,
-                                                 &out_reservation_token, err_code, reason, tcp_peer_accept_connection);
+            const int af4res =
+                create_relay_connection(server, ss, lifetime, af4, transport, even_port, in_reservation_token,
+                                        &out_reservation_token, err_code, reason, tcp_peer_accept_connection);
             if (af4res < 0) {
               set_relay_session_failure(alloc, AF_INET);
               if (!(*err_code)) {
@@ -1353,7 +1355,7 @@ static int handle_turn_allocate(turn_turnserver *server, ts_ur_super_session *ss
             const uint8_t *reason4 = NULL;
             const uint8_t *reason6 = NULL;
             {
-              int af4res =
+              const int af4res =
                   create_relay_connection(server, ss, lifetime, af4, transport, even_port, in_reservation_token,
                                           &out_reservation_token, &err_code4, &reason4, tcp_peer_accept_connection);
               if (af4res < 0) {
@@ -1364,7 +1366,7 @@ static int handle_turn_allocate(turn_turnserver *server, ts_ur_super_session *ss
               }
             }
             {
-              int af6res =
+              const int af6res =
                   create_relay_connection(server, ss, lifetime, af6, transport, even_port, in_reservation_token,
                                           &out_reservation_token, &err_code6, &reason6, tcp_peer_accept_connection);
               if (af6res < 0) {
@@ -1518,7 +1520,7 @@ static int handle_turn_refresh(turn_turnserver *server, ts_ur_super_session *ss,
     int i;
     for (i = 0; i < ALLOC_PROTOCOLS_NUMBER; ++i) {
       if (a->relay_sessions[i].s && !ioa_socket_tobeclosed(a->relay_sessions[i].s)) {
-        int family = get_ioa_socket_address_family(a->relay_sessions[i].s);
+        const int family = get_ioa_socket_address_family(a->relay_sessions[i].s);
         if (AF_INET == family) {
           af4c = 1;
         } else if (AF_INET6 == family) {
@@ -1543,7 +1545,7 @@ static int handle_turn_refresh(turn_turnserver *server, ts_ur_super_session *ss,
     stun_attr_ref sar =
         stun_attr_get_first_str(ioa_network_buffer_data(in_buffer->nbh), ioa_network_buffer_get_size(in_buffer->nbh));
     while (sar && (!(*err_code)) && (*ua_num < MAX_NUMBER_OF_UNKNOWN_ATTRS)) {
-      int attr_type = stun_attr_get_type(sar);
+      const int attr_type = stun_attr_get_type(sar);
       switch (attr_type) {
         SKIP_ATTRIBUTES;
       case STUN_ATTRIBUTE_MOBILITY_TICKET: {
@@ -1551,7 +1553,7 @@ static int handle_turn_refresh(turn_turnserver *server, ts_ur_super_session *ss,
           *err_code = 405;
           *reason = (const uint8_t *)"Mobility forbidden";
         } else {
-          int smid_len = stun_attr_get_len(sar);
+          const int smid_len = stun_attr_get_len(sar);
           if (smid_len > 0 && (((size_t)smid_len) < sizeof(smid))) {
             const uint8_t *smid_val = stun_attr_get_value(sar);
             if (smid_val) {
@@ -1589,7 +1591,7 @@ static int handle_turn_refresh(turn_turnserver *server, ts_ur_super_session *ss,
       case STUN_ATTRIBUTE_ADDITIONAL_ADDRESS_FAMILY: /* deprecated, for backward compatibility with older versions of
                                                         TURN-bis */
       case STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY: {
-        int af_req = stun_get_requested_address_family(sar);
+        const int af_req = stun_get_requested_address_family(sar);
         {
           int is_err = 0;
           switch (af_req) {
@@ -1638,7 +1640,7 @@ static int handle_turn_refresh(turn_turnserver *server, ts_ur_super_session *ss,
 
       if (mid && smid[0]) {
 
-        turnserver_id tsid = ((0xFF00000000000000LL) & mid) >> 56;
+        const turnserver_id tsid = ((0xFF00000000000000LL) & mid) >> 56;
 
         if (tsid != server->id) {
 
@@ -1893,9 +1895,9 @@ static void tcp_deliver_delayed_buffer(unsent_buffer *ub, ioa_socket_handle s, t
         break;
       }
 
-      uint32_t bytes = (uint32_t)ioa_network_buffer_get_size(nbh);
+      const uint32_t bytes = (uint32_t)ioa_network_buffer_get_size(nbh);
 
-      int ret = send_data_from_ioa_socket_nbh(s, NULL, nbh, TTL_IGNORE, TOS_IGNORE, NULL);
+      const int ret = send_data_from_ioa_socket_nbh(s, NULL, nbh, TTL_IGNORE, TOS_IGNORE, NULL);
       if (ret < 0) {
         set_ioa_socket_tobeclosed(s);
       } else {
@@ -1933,14 +1935,14 @@ static void tcp_peer_input_handler(ioa_socket_handle s, int event_type, ioa_net_
   ioa_network_buffer_handle nbh = in_buffer->nbh;
   in_buffer->nbh = NULL;
 
-  uint32_t bytes = (uint32_t)ioa_network_buffer_get_size(nbh);
+  const uint32_t bytes = (uint32_t)ioa_network_buffer_get_size(nbh);
 
   if (ss) {
     ++(ss->peer_received_packets);
     ss->peer_received_bytes += bytes;
   }
 
-  int ret = send_data_from_ioa_socket_nbh(tc->client_s, NULL, nbh, TTL_IGNORE, TOS_IGNORE, NULL);
+  const int ret = send_data_from_ioa_socket_nbh(tc->client_s, NULL, nbh, TTL_IGNORE, TOS_IGNORE, NULL);
   if (ret < 0) {
     set_ioa_socket_tobeclosed(s);
   } else if (ss) {
@@ -1980,14 +1982,14 @@ static void tcp_client_input_handler_rfc6062data(ioa_socket_handle s, int event_
   ioa_network_buffer_handle nbh = in_buffer->nbh;
   in_buffer->nbh = NULL;
 
-  uint32_t bytes = (uint32_t)ioa_network_buffer_get_size(nbh);
+  const uint32_t bytes = (uint32_t)ioa_network_buffer_get_size(nbh);
   if (ss) {
     ++(ss->received_packets);
     ss->received_bytes += bytes;
   }
 
   int skip = 0;
-  int ret = send_data_from_ioa_socket_nbh(tc->peer_s, NULL, nbh, TTL_IGNORE, TOS_IGNORE, &skip);
+  const int ret = send_data_from_ioa_socket_nbh(tc->peer_s, NULL, nbh, TTL_IGNORE, TOS_IGNORE, &skip);
   if (ret < 0) {
     set_ioa_socket_tobeclosed(s);
   }
@@ -2291,7 +2293,7 @@ static int handle_turn_connect(turn_turnserver *server, ts_ur_super_session *ss,
     stun_attr_ref sar =
         stun_attr_get_first_str(ioa_network_buffer_data(in_buffer->nbh), ioa_network_buffer_get_size(in_buffer->nbh));
     while (sar && (!(*err_code)) && (*ua_num < MAX_NUMBER_OF_UNKNOWN_ATTRS)) {
-      int attr_type = stun_attr_get_type(sar);
+      const int attr_type = stun_attr_get_type(sar);
       switch (attr_type) {
         SKIP_ATTRIBUTES;
       case STUN_ATTRIBUTE_XOR_PEER_ADDRESS: {
@@ -2352,7 +2354,7 @@ static int handle_turn_connection_bind(turn_turnserver *server, ts_ur_super_sess
 
   allocation *a = get_allocation_ss(ss);
 
-  uint16_t method = STUN_METHOD_CONNECTION_BIND;
+  const uint16_t method = STUN_METHOD_CONNECTION_BIND;
 
   if (ss->to_be_closed) {
 
@@ -2374,7 +2376,7 @@ static int handle_turn_connection_bind(turn_turnserver *server, ts_ur_super_sess
     stun_attr_ref sar =
         stun_attr_get_first_str(ioa_network_buffer_data(in_buffer->nbh), ioa_network_buffer_get_size(in_buffer->nbh));
     while (sar && (!(*err_code)) && (*ua_num < MAX_NUMBER_OF_UNKNOWN_ATTRS)) {
-      int attr_type = stun_attr_get_type(sar);
+      const int attr_type = stun_attr_get_type(sar);
       switch (attr_type) {
         SKIP_ATTRIBUTES;
       case STUN_ATTRIBUTE_CONNECTION_ID: {
@@ -2410,7 +2412,7 @@ static int handle_turn_connection_bind(turn_turnserver *server, ts_ur_super_sess
 
     } else {
       if (server->send_socket_to_relay) {
-        turnserver_id sid = (id & 0xFF000000) >> 24;
+        const turnserver_id sid = (id & 0xFF000000) >> 24;
         ioa_socket_handle s = ss->client_socket;
         if (s && !ioa_socket_tobeclosed(s)) {
           ioa_socket_handle new_s = detach_ioa_socket(s);
@@ -2593,7 +2595,7 @@ static int handle_turn_channel_bind(turn_turnserver *server, ts_ur_super_session
     stun_attr_ref sar =
         stun_attr_get_first_str(ioa_network_buffer_data(in_buffer->nbh), ioa_network_buffer_get_size(in_buffer->nbh));
     while (sar && (!(*err_code)) && (*ua_num < MAX_NUMBER_OF_UNKNOWN_ATTRS)) {
-      int attr_type = stun_attr_get_type(sar);
+      const int attr_type = stun_attr_get_type(sar);
       switch (attr_type) {
         SKIP_ATTRIBUTES;
       case STUN_ATTRIBUTE_CHANNEL_NUMBER: {
@@ -2753,7 +2755,7 @@ static int handle_turn_binding(turn_turnserver *server, ts_ur_super_session *ss,
   int padding = 0;
   int response_port_present = 0;
   uint16_t response_port = 0;
-  SOCKET_TYPE st = get_ioa_socket_type(ss->client_socket);
+  const SOCKET_TYPE st = get_ioa_socket_type(ss->client_socket);
   int use_reflected_from = 0;
 
   if (!(ss->client_socket)) {
@@ -2766,7 +2768,7 @@ static int handle_turn_binding(turn_turnserver *server, ts_ur_super_session *ss,
   stun_attr_ref sar =
       stun_attr_get_first_str(ioa_network_buffer_data(in_buffer->nbh), ioa_network_buffer_get_size(in_buffer->nbh));
   while (sar && (!(*err_code)) && (*ua_num < MAX_NUMBER_OF_UNKNOWN_ATTRS)) {
-    int attr_type = stun_attr_get_type(sar);
+    const int attr_type = stun_attr_get_type(sar);
     switch (attr_type) {
     case OLD_STUN_ATTRIBUTE_PASSWORD:
       SKIP_ATTRIBUTES;
@@ -2819,7 +2821,7 @@ static int handle_turn_binding(turn_turnserver *server, ts_ur_super_session *ss,
         *err_code = 400;
         *reason = (const uint8_t *)"Wrong request: applicable only to UDP protocol";
       } else {
-        int rp = stun_attr_get_response_port_str(sar);
+        const int rp = stun_attr_get_response_port_str(sar);
         if (rp >= 0) {
           response_port_present = 1;
           response_port = (uint16_t)rp;
@@ -2881,7 +2883,7 @@ static int handle_turn_binding(turn_turnserver *server, ts_ur_super_session *ss,
             if (change_port) {
               addr_cpy(response_origin, &other_address);
             } else {
-              int old_port = addr_get_port(response_origin);
+              const int old_port = addr_get_port(response_origin);
               addr_cpy(response_origin, &other_address);
               addr_set_port(response_origin, old_port);
             }
@@ -2932,7 +2934,7 @@ static int handle_turn_send(turn_turnserver *server, ts_ur_super_session *ss, in
   ioa_addr peer_addr;
   const uint8_t *value = NULL;
   int len = -1;
-  int addr_found = 0;
+  const int addr_found = 0;
   int set_df = 0;
 
   addr_set_any(&peer_addr);
@@ -2950,7 +2952,7 @@ static int handle_turn_send(turn_turnserver *server, ts_ur_super_session *ss, in
     stun_attr_ref sar =
         stun_attr_get_first_str(ioa_network_buffer_data(in_buffer->nbh), ioa_network_buffer_get_size(in_buffer->nbh));
     while (sar && (!(*err_code)) && (*ua_num < MAX_NUMBER_OF_UNKNOWN_ATTRS)) {
-      int attr_type = stun_attr_get_type(sar);
+      const int attr_type = stun_attr_get_type(sar);
       switch (attr_type) {
         SKIP_ATTRIBUTES;
       case STUN_ATTRIBUTE_DONT_FRAGMENT:
@@ -3007,7 +3009,7 @@ static int handle_turn_send(turn_turnserver *server, ts_ur_super_session *ss, in
 
         ioa_network_buffer_handle nbh = in_buffer->nbh;
         if (value && len > 0) {
-          uint16_t offset = (uint16_t)(value - ioa_network_buffer_data(nbh));
+          const uint16_t offset = (uint16_t)(value - ioa_network_buffer_data(nbh));
           ioa_network_buffer_add_offset_size(nbh, offset, 0, len);
         } else {
           len = 0;
@@ -3088,7 +3090,7 @@ static int handle_turn_create_permission(turn_turnserver *server, ts_ur_super_se
 
       while (sar && (!(*err_code)) && (*ua_num < MAX_NUMBER_OF_UNKNOWN_ATTRS)) {
 
-        int attr_type = stun_attr_get_type(sar);
+        const int attr_type = stun_attr_get_type(sar);
 
         switch (attr_type) {
 
@@ -3142,7 +3144,7 @@ static int handle_turn_create_permission(turn_turnserver *server, ts_ur_super_se
 
       while (sar) {
 
-        int attr_type = stun_attr_get_type(sar);
+        const int attr_type = stun_attr_get_type(sar);
 
         switch (attr_type) {
 
@@ -3293,13 +3295,13 @@ static int check_stun_auth(turn_turnserver *server, ts_ur_super_session *ss, stu
       if (TURN_RANDOM_SIZE == 8) {
         for (i = 0; i < (NONCE_LENGTH_32BITS >> 1); i++) {
           uint8_t *s = ss->nonce + 8 * i;
-          uint64_t rand = (uint64_t)turn_random();
+          const uint64_t rand = (uint64_t)turn_random();
           snprintf((char *)s, NONCE_MAX_SIZE - 8 * i, "%08lx", (unsigned long)rand);
         }
       } else {
         for (i = 0; i < NONCE_LENGTH_32BITS; i++) {
           uint8_t *s = ss->nonce + 4 * i;
-          uint32_t rand = (uint32_t)turn_random();
+          const uint32_t rand = (uint32_t)turn_random();
           snprintf((char *)s, NONCE_MAX_SIZE - 4 * i, "%04x", (unsigned int)rand);
         }
       }
@@ -3319,7 +3321,7 @@ static int check_stun_auth(turn_turnserver *server, ts_ur_super_session *ss, stu
   }
 
   {
-    int sarlen = stun_attr_get_len(sar);
+    const int sarlen = stun_attr_get_len(sar);
 
     switch (sarlen) {
     case SHA1SIZEBYTES:
@@ -3541,7 +3543,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
 
   uint16_t unknown_attrs[MAX_NUMBER_OF_UNKNOWN_ATTRS];
   uint16_t ua_num = 0;
-  uint16_t method =
+  const uint16_t method =
       stun_get_method_str(ioa_network_buffer_data(in_buffer->nbh), ioa_network_buffer_get_size(in_buffer->nbh));
 
   *resp_constructed = 0;
@@ -3579,7 +3581,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
         }
 
         if (!err_code) {
-          SOCKET_TYPE cst = get_ioa_socket_type(ss->client_socket);
+          const SOCKET_TYPE cst = get_ioa_socket_type(ss->client_socket);
           turn_server_addrs_list_t *asl = server->alternate_servers_list;
 
           if (((cst == UDP_SOCKET) || (cst == DTLS_SOCKET)) && server->self_udp_balance && server->aux_servers_list &&
@@ -3609,7 +3611,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
 
         while (sar && !origin_found) {
           if (stun_attr_get_type(sar) == STUN_ATTRIBUTE_ORIGIN) {
-            int sarlen = stun_attr_get_len(sar);
+            const int sarlen = stun_attr_get_len(sar);
             if (sarlen > 0) {
               ++norigins;
               char *o = (char *)malloc(sarlen + 1);
@@ -3665,7 +3667,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
 
         while (sar && !origin_found) {
           if (stun_attr_get_type(sar) == STUN_ATTRIBUTE_ORIGIN) {
-            int sarlen = stun_attr_get_len(sar);
+            const int sarlen = stun_attr_get_len(sar);
             if (sarlen > 0) {
               char *o = (char *)malloc(sarlen + 1);
               memcpy(o, stun_attr_get_value(sar), sarlen);
@@ -3817,7 +3819,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
                                     ioa_network_buffer_get_size(in_buffer->nbh))) {
 
     no_response = 1;
-    int postpone = 0;
+    const int postpone = 0;
 
     if (!postpone && !err_code) {
 
@@ -3930,7 +3932,7 @@ static int handle_old_stun_command(turn_turnserver *server, ts_ur_super_session
 
   uint16_t unknown_attrs[MAX_NUMBER_OF_UNKNOWN_ATTRS];
   uint16_t ua_num = 0;
-  uint16_t method =
+  const uint16_t method =
       stun_get_method_str(ioa_network_buffer_data(in_buffer->nbh), ioa_network_buffer_get_size(in_buffer->nbh));
 
   *resp_constructed = 0;
@@ -3967,7 +3969,7 @@ static int handle_old_stun_command(turn_turnserver *server, ts_ur_super_session
         }
 
         {
-          size_t oldsz = strlen(get_version(server));
+          const size_t oldsz = strlen(get_version(server));
           size_t newsz = (((oldsz) >> 2) + 1) << 2;
           uint8_t software[120] = {0};
           if (newsz > sizeof(software)) {
@@ -4023,7 +4025,7 @@ static int handle_old_stun_command(turn_turnserver *server, ts_ur_super_session
     }
 
     {
-      size_t oldsz = strlen(get_version(server));
+      const size_t oldsz = strlen(get_version(server));
       size_t newsz = (((oldsz) >> 2) + 1) << 2;
       uint8_t software[120] = {0};
       if (newsz > sizeof(software)) {
@@ -4110,7 +4112,7 @@ int shutdown_client_connection(turn_turnserver *server, ts_ur_super_session *ss,
     return -1;
   }
 
-  SOCKET_TYPE socket_type = get_ioa_socket_type(ss->client_socket);
+  const SOCKET_TYPE socket_type = get_ioa_socket_type(ss->client_socket);
 
   turn_report_session_usage(ss, 1);
   dec_quota(ss);
@@ -4251,7 +4253,7 @@ static int write_client_connection(turn_turnserver *server, ts_ur_super_session
     }
 
     int skip = 0;
-    int ret = send_data_from_ioa_socket_nbh(ss->client_socket, NULL, nbh, ttl, tos, &skip);
+    const int ret = send_data_from_ioa_socket_nbh(ss->client_socket, NULL, nbh, ttl, tos, &skip);
 
     if (!skip && ret > -1) {
       ++(ss->sent_packets);
@@ -4295,7 +4297,7 @@ static void client_ss_allocation_timeout_handler(ioa_engine_handle e, void *arg)
 
   FUNCSTART;
 
-  int family = get_ioa_socket_address_family(rsession->s);
+  const int family = get_ioa_socket_address_family(rsession->s);
 
   set_allocation_family_invalid(a, family);
 
@@ -4330,7 +4332,7 @@ static int create_relay_connection(turn_turnserver *server, ts_ur_super_session
         return -1;
       }
 
-      int family = get_ioa_socket_address_family(s);
+      const int family = get_ioa_socket_address_family(s);
 
       newelem = get_relay_session_ss(ss, family);
 
@@ -4345,7 +4347,7 @@ static int create_relay_connection(turn_turnserver *server, ts_ur_super_session
       addr_debug_print(server->verbose, get_local_addr_from_ioa_socket(newelem->s), "Local relay addr (RTCP)");
 
     } else {
-      int family = get_family(address_family, server->e, ss->client_socket);
+      const int family = get_family(address_family, server->e, ss->client_socket);
 
       newelem = get_relay_session_ss(ss, family);
 
@@ -4354,8 +4356,9 @@ static int create_relay_connection(turn_turnserver *server, ts_ur_super_session
       memset(newelem, 0, sizeof(relay_endpoint_session));
       newelem->s = NULL;
 
-      int res = create_relay_ioa_sockets(server->e, ss->client_socket, address_family, transport, even_port,
-                                         &(newelem->s), &rtcp_s, out_reservation_token, err_code, reason, acb, ss);
+      const int res =
+          create_relay_ioa_sockets(server->e, ss->client_socket, address_family, transport, even_port, &(newelem->s),
+                                   &rtcp_s, out_reservation_token, err_code, reason, acb, ss);
       if (res < 0) {
         if (!(*err_code)) {
           *err_code = 508;
@@ -4461,7 +4464,7 @@ static int read_client_connection(turn_turnserver *server, ts_ur_super_session *
     return -1;
   }
 
-  int ret = (int)ioa_network_buffer_get_size(in_buffer->nbh);
+  const int ret = (int)ioa_network_buffer_get_size(in_buffer->nbh);
   if (ret < 0) {
     FUNCEND;
     return -1;
@@ -4482,10 +4485,10 @@ static int read_client_connection(turn_turnserver *server, ts_ur_super_session *
   uint32_t old_stun_cookie = 0;
 
   size_t blen = ioa_network_buffer_get_size(in_buffer->nbh);
-  size_t orig_blen = blen;
-  SOCKET_TYPE st = get_ioa_socket_type(ss->client_socket);
-  SOCKET_APP_TYPE sat = get_ioa_socket_app_type(ss->client_socket);
-  int is_padding_mandatory = is_stream_socket(st);
+  const size_t orig_blen = blen;
+  const SOCKET_TYPE st = get_ioa_socket_type(ss->client_socket);
+  const SOCKET_APP_TYPE sat = get_ioa_socket_app_type(ss->client_socket);
+  const int is_padding_mandatory = is_stream_socket(st);
 
   if (sat == HTTP_CLIENT_SOCKET) {
 
@@ -4530,7 +4533,7 @@ static int read_client_connection(turn_turnserver *server, ts_ur_super_session *
     ioa_network_buffer_handle nbh = ioa_network_buffer_allocate(server->e);
     int resp_constructed = 0;
 
-    uint16_t method =
+    const uint16_t method =
         stun_get_method_str(ioa_network_buffer_data(in_buffer->nbh), ioa_network_buffer_get_size(in_buffer->nbh));
 
     handle_turn_command(server, ss, in_buffer, nbh, &resp_constructed, can_resume);
@@ -4557,7 +4560,7 @@ static int read_client_connection(turn_turnserver *server, ts_ur_super_session *
         ioa_network_buffer_set_size(nbh, len);
       }
 
-      int ret = write_client_connection(server, ss, nbh, TTL_IGNORE, TOS_IGNORE);
+      const int ret = write_client_connection(server, ss, nbh, TTL_IGNORE, TOS_IGNORE);
 
       FUNCEND;
       return ret;
@@ -4577,7 +4580,7 @@ static int read_client_connection(turn_turnserver *server, ts_ur_super_session *
 
     if (resp_constructed) {
 
-      int ret = write_client_connection(server, ss, nbh, TTL_IGNORE, TOS_IGNORE);
+      const int ret = write_client_connection(server, ss, nbh, TTL_IGNORE, TOS_IGNORE);
 
       FUNCEND;
       return ret;
@@ -4586,7 +4589,7 @@ static int read_client_connection(turn_turnserver *server, ts_ur_super_session *
       return 0;
     }
   } else {
-    SOCKET_TYPE st = get_ioa_socket_type(ss->client_socket);
+    const SOCKET_TYPE st = get_ioa_socket_type(ss->client_socket);
     if (is_stream_socket(st)) {
       if (is_http((char *)ioa_network_buffer_data(in_buffer->nbh), ioa_network_buffer_get_size(in_buffer->nbh))) {
 
@@ -4642,7 +4645,7 @@ static int read_client_connection(turn_turnserver *server, ts_ur_super_session *
           char *content = "HTTP not supported.\n";
 
           /* Measure length of content */
-          int content_length = strlen(content);
+          const int content_length = strlen(content);
 
           /* Construct full response */
           char buffer[1024];
@@ -4780,9 +4783,9 @@ static void peer_input_handler(ioa_socket_handle s, int event_type, ioa_net_data
     return;
   }
 
-  int offset = STUN_CHANNEL_HEADER_LENGTH;
+  const int offset = STUN_CHANNEL_HEADER_LENGTH;
 
-  int ilen =
+  const int ilen =
       min((int)ioa_network_buffer_get_size(in_buffer->nbh), (int)(ioa_network_buffer_get_capacity_udp() - offset));
   if (ilen < 0) {
     return;
@@ -4819,8 +4822,8 @@ static void peer_input_handler(ioa_socket_handle s, int event_type, ioa_net_data
 
     ioa_network_buffer_header_init(nbh);
 
-    SOCKET_TYPE st = get_ioa_socket_type(ss->client_socket);
-    int do_padding = is_stream_socket(st);
+    const SOCKET_TYPE st = get_ioa_socket_type(ss->client_socket);
+    const int do_padding = is_stream_socket(st);
 
     stun_init_channel_message_str(chnum, ioa_network_buffer_data(nbh), &len, len, do_padding);
     ioa_network_buffer_set_size(nbh, len);