lint: fix lint warnings.

.clang-tidy

@@ -24,6 +24,7 @@ Checks: >
   -misc-unused-parameters,
   -misc-misplaced-widening-cast,
   -misc-no-recursion,
+  -misc-include-cleaner,
   -readability-magic-numbers,
   -readability-use-anyofallof,
   -readability-identifier-length,
@@ -33,6 +34,7 @@ Checks: >
   -readability-else-after-return,
   -readability-redundant-control-flow,
   -readability-suspicious-call-argument,
+  -readability-math-missing-parentheses,
   -google-readability-casting,
   -google-readability-todo,
   -performance-no-int-to-ptr,

src/Makefile

@@ -1,4 +1,3 @@
-
 # Copyright (C) 2018-2025 Ruilin Peng (Nick) <[email protected]>.
 #
 # smartdns is free software: you can redistribute it and/or modify
@@ -100,8 +99,19 @@ $(SMARTDNS_TEST_LIB): $(TEST_OBJS)
 $(SMARTDNS_LIB): $(OBJS)
 	$(AR) rcs $@ $^
 
+clang-tidy-parallel:
+	@echo "Running clang-tidy with $(shell nproc) parallel jobs..."
+	@printf '%s\n' $(LINT_OBJS:.o=.c) | xargs -P $(shell nproc) -I {} clang-tidy {} -- $(CFLAGS)
+
 clang-tidy:
 	clang-tidy -p=. $(LINT_OBJS:.o=.c) -- $(CFLAGS)
 
 clean:
 	$(RM) $(OBJS) $(BIN) $(SMARTDNS_LIB) $(MAIN_OBJ) $(SMARTDNS_TEST_LIB) $(TEST_OBJS)
+
+# lint specific files
+# make lint-files FILES="dns.c proxy.c"
+lint-files:
+	@echo "Specify FILES variable to lint specific files, e.g., make lint-files FILES='src/dns.c src/proxy.c'"
+	clang-tidy -p=. $(FILES) -- $(CFLAGS)
+

src/dns.c

@@ -20,14 +20,12 @@
 #include "smartdns/dns.h"
 #include "smartdns/lib/stringutil.h"
 #include "smartdns/tlog.h"
-#include <arpa/inet.h>
-#include <fcntl.h>
+
+#include <netinet/in.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <string.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
+#include <strings.h>
 
 #define QR_MASK 0x8000
 #define OPCODE_MASK 0x7800
@@ -2956,12 +2954,12 @@ static int _dns_update_domain(struct dns_context *context, const char *domain)
 {
 	int len = 0;
 	int ptr_jump = 0;
-	int output_len = 0;
+	size_t output_len = 0;
 	unsigned char *ptr = context->ptr;
 	unsigned char *packet = context->data;
 	int packet_size = context->maxsize;
-	int domain_len = strlen(domain);
-	int processed_len = 0;
+	size_t domain_len = strlen(domain);
+	size_t processed_len = 0;
 
 	while (1) {
 		if (ptr >= packet + packet_size || ptr < packet || ptr_jump > 32 || processed_len > domain_len + 1) {
@@ -3011,7 +3009,7 @@ static int _dns_update_domain(struct dns_context *context, const char *domain)
 	}
 
 	if (output_len != domain_len) {
-		tlog(TLOG_DEBUG, "update domain failed, length mismatch. output_len: %d, domain_len: %d", output_len,
+		tlog(TLOG_DEBUG, "update domain failed, length mismatch. output_len: %lu, domain_len: %lu", output_len,
 			 domain_len);
 		return -1;
 	}

src/dns_client/client_tls.c

@@ -629,6 +629,8 @@ int _dns_client_socket_ssl_recv_ext(struct dns_server_info *server, SSL *ssl, vo
 		case SSL_R_UNEXPECTED_EOF_WHILE_READING:
 #endif
 			return 0;
+		default:
+			break;
 		}
 
 		tlog(TLOG_ERROR, "server %s SSL read fail error: %s", server->ip, ERR_error_string(ssl_err, buff));

src/dns_conf/conf_file.c

@@ -149,6 +149,8 @@ int config_additional_file(void *data, int argc, char *argv[])
 			group_name = optarg;
 			break;
 		}
+		default:
+			break;
 		}
 	}
 

src/dns_conf/dns_conf_group.h

@@ -35,6 +35,7 @@ struct dns_conf_group_info {
 
 extern struct dns_conf_rule dns_conf_rule;
 
+// NOLINTNEXTLINE(bugprone-casting-through-void): offsetof result stored as void* for generic interface
 #define group_member(m) ((void *)offsetof(struct dns_conf_group, m))
 int _dns_conf_group_int(int value, int *data);
 int _dns_conf_group_int_base(int value, int *data);

src/dns_conf/domain_rule.c

@@ -106,7 +106,7 @@ static struct dns_domain_rule *_ensure_domain_rule_capacity(struct dns_domain_ru
 	}
 
 	uint8_t old_capacity = new_rule->capacity;
-	memset(new_rule->rules + old_capacity, 0, (new_capacity - old_capacity) * sizeof(struct dns_rule *));
+	memset((void *)(new_rule->rules + old_capacity), 0, (new_capacity - old_capacity) * sizeof(struct dns_rule *));
 	new_rule->capacity = new_capacity;
 
 	return new_rule;

src/dns_conf/group.c

@@ -57,6 +57,8 @@ int _config_group_begin(void *data, int argc, char *argv[])
 			inherit_group_name = optarg;
 			break;
 		}
+		default:
+			break;
 		}
 	}
 

src/dns_conf/ip_rule.c

@@ -63,10 +63,11 @@ int _config_ip_rule_set_each(const char *ip_set, set_rule_add_func callback, voi
 
 static void _dns_iplist_ip_address_add(struct dns_iplist_ip_addresses *iplist, unsigned char addr[], int addr_len)
 {
-	iplist->ipaddr = realloc(iplist->ipaddr, (iplist->ipaddr_num + 1) * sizeof(struct dns_iplist_ip_address));
-	if (iplist->ipaddr == NULL) {
+	struct dns_iplist_ip_address *new_ipaddr = realloc(iplist->ipaddr, (iplist->ipaddr_num + 1) * sizeof(struct dns_iplist_ip_address));
+	if (new_ipaddr == NULL) {
 		return;
 	}
+	iplist->ipaddr = new_ipaddr;
 	memset(&iplist->ipaddr[iplist->ipaddr_num], 0, sizeof(struct dns_iplist_ip_address));
 	iplist->ipaddr[iplist->ipaddr_num].addr_len = addr_len;
 	memcpy(iplist->ipaddr[iplist->ipaddr_num].addr, addr, addr_len);
@@ -192,6 +193,8 @@ static radix_node_t *_create_addr_node(const char *addr)
 	case AF_INET6:
 		tree = _config_current_rule_group()->address_rule.ipv6;
 		break;
+	default:
+		return NULL;
 	}
 
 	node = radix_lookup(tree, &prefix);

src/dns_server/answer.c

@@ -343,6 +343,8 @@ static int _dns_server_process_answer_HTTPS(struct dns_rrs *rrs, struct dns_requ
 				_dns_server_process_answer_AAAA_IP(request, cname, p->value + k * 16, ttl, result_flag);
 			}
 		} break;
+		default:
+			break;
 		}
 	}
 
@@ -398,6 +400,8 @@ int _dns_server_process_answer(struct dns_request *request, const char *domain,
 					*need_passthrouh = 1;
 					return DNS_CLIENT_ACTION_OK;
 				}
+				default:
+					break;
 				}
 			}
 		}

src/dns_server/cache.c

@@ -321,7 +321,7 @@ int _dns_cache_cname_packet(struct dns_server_post_context *context)
 	return 0;
 errout:
 	if (cache_packet) {
-		dns_cache_data_put((struct dns_cache_data *)cache_packet);
+		dns_cache_data_put(cache_packet);
 	}
 
 	return ret;
@@ -369,7 +369,7 @@ int _dns_cache_packet(struct dns_server_post_context *context)
 	return 0;
 errout:
 	if (cache_packet) {
-		dns_cache_data_put((struct dns_cache_data *)cache_packet);
+		dns_cache_data_put(cache_packet);
 	}
 
 	return ret;

src/dns_server/rules.c

@@ -427,7 +427,8 @@ int _dns_server_get_reply_ttl(struct dns_request *request, int ttl)
 	int reply_ttl = ttl;
 
 	if ((request->passthrough == 0 || request->passthrough == 2) && dns_conf.cachesize > 0 &&
-		request->check_order_list->orders[0].type != DOMAIN_CHECK_NONE && request->no_serve_expired == 0 && request->has_soa == 0) {
+		request->check_order_list->orders[0].type != DOMAIN_CHECK_NONE && request->no_serve_expired == 0 &&
+		request->has_soa == 0) {
 		reply_ttl = request->conf->dns_serve_expired_reply_ttl;
 		if (reply_ttl < 2) {
 			reply_ttl = 2;

src/dns_server/server_tcp.c

@@ -259,7 +259,8 @@ static int _dns_server_tcp_process_one_request(struct dns_server_conn_tcp_client
 				goto out;
 			}
 
-			len = http_head_parse(http_head, tcpclient->recvbuff.buf + proceed_len, tcpclient->recvbuff.size  - proceed_len);
+			len = http_head_parse(http_head, tcpclient->recvbuff.buf + proceed_len,
+								  tcpclient->recvbuff.size - proceed_len);
 			if (len < 0) {
 				if (len == -1) {
 					ret = 0;

src/dns_server/speed_check.c

@@ -34,8 +34,8 @@ static void _dns_server_ping_result(struct ping_host_struct *ping_host, const ch
 	int may_complete = 0;
 	int threshold = 100;
 	struct dns_ip_address *addr_map = NULL;
-	int last_rtt = 0; 
-	
+	int last_rtt = 0;
+
 	if (request == NULL) {
 		return;
 	}

src/fast_ping/ping_icmp6.c

@@ -150,6 +150,9 @@ struct fast_ping_packet *_fast_ping_icmp6_packet(struct ping_host_struct *ping_h
 				continue;
 			}
 			memcpy(&hops, CMSG_DATA(c), sizeof(hops));
+			break;
+		default:
+			break;
 		}
 	}
 

src/include/smartdns/dns.h

@@ -54,7 +54,7 @@ typedef enum dns_rr_type {
 	DNS_RRS_NS = 2,
 	DNS_RRS_NR = 3,
 	DNS_RRS_OPT = 4,
-	DNS_RRS_END,
+	DNS_RRS_END = 5,
 } dns_rr_type;
 
 typedef enum dns_class {

src/include/smartdns/util.h

@@ -134,7 +134,8 @@ int SSL_base64_decode_ext(const char *in, unsigned char *out, int max_outlen, in
 
 int SSL_base64_encode(const void *in, int in_len, char *out);
 
-int generate_cert_key(const char *key_path, const char *cert_path, const char *root_key_path, const char *san, int days);
+int generate_cert_key(const char *key_path, const char *cert_path, const char *root_key_path, const char *san,
+					  int days);
 
 int generate_cert_san(char *san, int max_san_len, const char *append_san);
 

src/proxy.c

@@ -642,7 +642,7 @@ static proxy_handshake_state _proxy_handshake_socks5(struct proxy_conn *proxy_co
 		}
 
 		if (recv_buff[1] != 0) {
-			if ((unsigned char)recv_buff[1] <=
+			if (recv_buff[1] <=
 				(sizeof(proxy_socks5_status_code) / sizeof(proxy_socks5_status_code[0]))) {
 				tlog(TLOG_ERROR, "server %s reply failed, error-code: %s", proxy_conn->server_info->proxy_name,
 					 proxy_socks5_status_code[(int)recv_buff[1]]);

src/tlog.c

@@ -1203,6 +1203,7 @@ static int _tlog_archive_log_compressed(struct tlog_log *log)
 
     /* start gzip process to compress log file */
     if (log->zip_pid <= 0) {
+        // NOLINTNEXTLINE(bugprone-unsafe-functions): vfork is safe here as we immediately exec
         int pid = vfork();
         if (pid == 0) {
             _tlog_close_all_fd();

src/utils/stack.c

@@ -22,7 +22,6 @@
 #include "smartdns/util.h"
 
 #include <dlfcn.h>
-#include <errno.h>
 #include <signal.h>
 #include <stdint.h>
 #include <unistd.h>