diff --git a/code-format.bat b/code-format.bat
new file mode 100644
index 000000000..f51e20bc7
--- /dev/null
+++ b/code-format.bat
@@ -0,0 +1,35 @@
+@echo off
+
+set root=%~dp0
+set source=%root%src
+
+goto start
+
+:format
+set filelist=%1
+for /r "%filelist%" %%f in (*) do (
+  if "%%~xf" equ ".h" (
+    call :format_file %%f
+  ) else if "%%~xf" equ ".c" (
+    call :format_file %%f
+  )
+)
+goto end
+
+:format_file
+set f=%1
+if "%~n1" neq "base64" (
+  if "%~n1" neq "json" (
+    if "%~n1" neq "uthash" (
+      echo 'format file "%f%"'
+      uncrustify -c %root%\.uncrustify.cfg -l C --replace --no-backup %f%
+      DEL %~dp1*.uncrustify >nul 2>nul
+    )
+  )
+)
+goto end
+
+:start
+call :format %source%
+
+:end
diff --git a/code-format.sh b/code-format.sh
new file mode 100755
index 000000000..3f4ed536a
--- /dev/null
+++ b/code-format.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+root=$(pwd)
+source="$root"/src
+
+function format() {
+  filelist=$(ls "$1")
+  pushd "$1"
+  for file in $filelist; do
+    if test -d "$file"; then
+      echo "format directory $file"
+      format "$file"
+    else
+      if ([ "${file%%.*}" != "base64" ] &&
+        [ "${file%%.*}" != "json" ] &&
+        [ "${file%%.*}" != "uthash" ]) &&
+        ([ "${file##*.}" = "h" ] || [ "${file##*.}" = "c" ]); then
+        echo "format file $file"
+        uncrustify -c "$root"/.uncrustify.cfg -l C --replace --no-backup "$file"
+        rm ./*.uncrustify >/dev/null 2>&1
+      fi
+    fi
+  done
+  popd
+}
+
+format "$source"
diff --git a/src/aead.c b/src/aead.c
index 61bac8dba..1ea3e4d3a 100644
--- a/src/aead.c
+++ b/src/aead.c
@@ -264,10 +264,10 @@ aead_cipher_ctx_set_key(cipher_ctx_t *cipher_ctx, int enc)
     }
 
     int err = crypto_hkdf(md,
-            cipher_ctx->salt, cipher_ctx->cipher->key_len,
-            cipher_ctx->cipher->key, cipher_ctx->cipher->key_len,
-            (uint8_t *)SUBKEY_INFO, strlen(SUBKEY_INFO),
-            cipher_ctx->skey, cipher_ctx->cipher->key_len);
+                          cipher_ctx->salt, cipher_ctx->cipher->key_len,
+                          cipher_ctx->cipher->key, cipher_ctx->cipher->key_len,
+                          (uint8_t *)SUBKEY_INFO, strlen(SUBKEY_INFO),
+                          cipher_ctx->skey, cipher_ctx->cipher->key_len);
     if (err) {
         FATAL("Unable to generate subkey");
     }
@@ -358,9 +358,9 @@ aead_encrypt_all(buffer_t *plaintext, cipher_t *cipher, size_t capacity)
     cipher_ctx_t cipher_ctx;
     aead_ctx_init(cipher, &cipher_ctx, 1);
 
-    size_t salt_len  = cipher->key_len;
-    size_t tag_len   = cipher->tag_len;
-    int err          = CRYPTO_OK;
+    size_t salt_len = cipher->key_len;
+    size_t tag_len  = cipher->tag_len;
+    int err         = CRYPTO_OK;
 
     static buffer_t tmp = { 0, 0, 0, NULL };
     brealloc(&tmp, salt_len + tag_len + plaintext->len, capacity);
@@ -395,9 +395,9 @@ aead_encrypt_all(buffer_t *plaintext, cipher_t *cipher, size_t capacity)
 int
 aead_decrypt_all(buffer_t *ciphertext, cipher_t *cipher, size_t capacity)
 {
-    size_t salt_len  = cipher->key_len;
-    size_t tag_len   = cipher->tag_len;
-    int err          = CRYPTO_OK;
+    size_t salt_len = cipher->key_len;
+    size_t tag_len  = cipher->tag_len;
+    int err         = CRYPTO_OK;
 
     if (ciphertext->len <= salt_len + tag_len) {
         return CRYPTO_ERROR;
@@ -469,7 +469,7 @@ aead_chunk_encrypt(cipher_ctx_t *ctx, uint8_t *p, uint8_t *c,
     sodium_increment(n, nlen);
 
     clen = plen + tlen;
-    err  = aead_cipher_encrypt(ctx, c + CHUNK_SIZE_LEN + tlen, &clen,p, plen,
+    err  = aead_cipher_encrypt(ctx, c + CHUNK_SIZE_LEN + tlen, &clen, p, plen,
                                NULL, 0, n, ctx->skey);
     if (err)
         return CRYPTO_ERROR;
@@ -495,11 +495,11 @@ aead_encrypt(buffer_t *plaintext, cipher_ctx_t *cipher_ctx, size_t capacity)
     static buffer_t tmp = { 0, 0, 0, NULL };
     buffer_t *ciphertext;
 
-    cipher_t *cipher  = cipher_ctx->cipher;
-    int err           = CRYPTO_ERROR;
-    size_t salt_ofst  = 0;
-    size_t salt_len   = cipher->key_len;
-    size_t tag_len    = cipher->tag_len;
+    cipher_t *cipher = cipher_ctx->cipher;
+    int err          = CRYPTO_ERROR;
+    size_t salt_ofst = 0;
+    size_t salt_len  = cipher->key_len;
+    size_t tag_len   = cipher->tag_len;
 
     if (!cipher_ctx->init) {
         salt_ofst = salt_len;
@@ -586,7 +586,7 @@ aead_decrypt(buffer_t *ciphertext, cipher_ctx_t *cipher_ctx, size_t capacity)
 
     cipher_t *cipher = cipher_ctx->cipher;
 
-    size_t salt_len  = cipher->key_len;
+    size_t salt_len = cipher->key_len;
 
     if (cipher_ctx->chunk == NULL) {
         cipher_ctx->chunk = (buffer_t *)ss_malloc(sizeof(buffer_t));
@@ -621,7 +621,6 @@ aead_decrypt(buffer_t *ciphertext, cipher_ctx_t *cipher_ctx, size_t capacity)
         cipher_ctx->chunk->len -= salt_len;
 
         cipher_ctx->init = 1;
-
     }
 
     size_t plen = 0;
@@ -686,10 +685,10 @@ aead_key_init(int method, const char *pass, const char *key)
 
     if (key != NULL)
         cipher->key_len = crypto_parse_key(key, cipher->key,
-                supported_aead_ciphers_key_size[method]);
+                                           supported_aead_ciphers_key_size[method]);
     else
         cipher->key_len = crypto_derive_key(pass, cipher->key,
-                supported_aead_ciphers_key_size[method]);
+                                            supported_aead_ciphers_key_size[method]);
 
     if (cipher->key_len == 0) {
         FATAL("Cannot generate key and nonce");
@@ -719,4 +718,3 @@ aead_init(const char *pass, const char *key, const char *method)
     }
     return aead_key_init(m, pass, key);
 }
-
diff --git a/src/cache.h b/src/cache.h
index 7b980ce4a..ce6550222 100644
--- a/src/cache.h
+++ b/src/cache.h
@@ -56,7 +56,7 @@ struct cache {
 };
 
 int cache_create(struct cache **dst, const size_t capacity,
-                        void (*free_cb)(void *key, void *element));
+                 void (*free_cb)(void *key, void *element));
 int cache_delete(struct cache *cache, int keep_data);
 int cache_clear(struct cache *cache, ev_tstamp age);
 int cache_lookup(struct cache *cache, char *key, size_t key_len, void *result);
diff --git a/src/crypto.c b/src/crypto.c
index 677c1cf9b..d445f343f 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -25,10 +25,10 @@
 #endif
 
 #if defined(__linux__) && defined(HAVE_LINUX_RANDOM_H)
-# include <fcntl.h>
-# include <unistd.h>
-# include <sys/ioctl.h>
-# include <linux/random.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/ioctl.h>
+#include <linux/random.h>
 #endif
 
 #include <stdint.h>
@@ -239,22 +239,24 @@ crypto_derive_key(const char *pass, uint8_t *key, size_t key_len)
 }
 
 /* HKDF-Extract + HKDF-Expand */
-int crypto_hkdf(const mbedtls_md_info_t *md, const unsigned char *salt,
-                 int salt_len, const unsigned char *ikm, int ikm_len,
-                 const unsigned char *info, int info_len, unsigned char *okm,
-                 int okm_len)
+int
+crypto_hkdf(const mbedtls_md_info_t *md, const unsigned char *salt,
+            int salt_len, const unsigned char *ikm, int ikm_len,
+            const unsigned char *info, int info_len, unsigned char *okm,
+            int okm_len)
 {
     unsigned char prk[MBEDTLS_MD_MAX_SIZE];
 
     return crypto_hkdf_extract(md, salt, salt_len, ikm, ikm_len, prk) ||
            crypto_hkdf_expand(md, prk, mbedtls_md_get_size(md), info, info_len,
-                               okm, okm_len);
+                              okm, okm_len);
 }
 
 /* HKDF-Extract(salt, IKM) -> PRK */
-int crypto_hkdf_extract(const mbedtls_md_info_t *md, const unsigned char *salt,
-                         int salt_len, const unsigned char *ikm, int ikm_len,
-                         unsigned char *prk)
+int
+crypto_hkdf_extract(const mbedtls_md_info_t *md, const unsigned char *salt,
+                    int salt_len, const unsigned char *ikm, int ikm_len,
+                    unsigned char *prk)
 {
     int hash_len;
     unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' };
@@ -266,7 +268,7 @@ int crypto_hkdf_extract(const mbedtls_md_info_t *md, const unsigned char *salt,
     hash_len = mbedtls_md_get_size(md);
 
     if (salt == NULL) {
-        salt = null_salt;
+        salt     = null_salt;
         salt_len = hash_len;
     }
 
@@ -274,9 +276,10 @@ int crypto_hkdf_extract(const mbedtls_md_info_t *md, const unsigned char *salt,
 }
 
 /* HKDF-Expand(PRK, info, L) -> OKM */
-int crypto_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk,
-                        int prk_len, const unsigned char *info, int info_len,
-                        unsigned char *okm, int okm_len)
+int
+crypto_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk,
+                   int prk_len, const unsigned char *info, int info_len,
+                   unsigned char *okm, int okm_len)
 {
     int hash_len;
     int N;
@@ -323,7 +326,7 @@ int crypto_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk,
               mbedtls_md_hmac_update(&ctx, T, T_len) ||
               mbedtls_md_hmac_update(&ctx, info, info_len) ||
               /* The constant concatenated to the end of each T(n) is a single
-                 octet. */
+               * octet. */
               mbedtls_md_hmac_update(&ctx, &c, 1) ||
               mbedtls_md_hmac_finish(&ctx, T);
 
@@ -334,7 +337,7 @@ int crypto_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk,
 
         memcpy(okm + where, T, (i != N) ? hash_len : (okm_len - where));
         where += hash_len;
-        T_len = hash_len;
+        T_len  = hash_len;
     }
 
     mbedtls_md_free(&ctx);
@@ -346,14 +349,14 @@ int
 crypto_parse_key(const char *base64, uint8_t *key, size_t key_len)
 {
     size_t base64_len = strlen(base64);
-    int out_len = BASE64_SIZE(base64_len);
+    int out_len       = BASE64_SIZE(base64_len);
     uint8_t out[out_len];
 
     out_len = base64_decode(out, base64, out_len);
     if (out_len > 0 && out_len >= key_len) {
         memcpy(key, out, key_len);
 #ifdef SS_DEBUG
-        dump("KEY", (char*)key, key_len);
+        dump("KEY", (char *)key, key_len);
 #endif
         return key_len;
     }
@@ -379,4 +382,5 @@ dump(char *tag, char *text, int len)
         printf("0x%02x ", (uint8_t)text[i]);
     printf("\n");
 }
+
 #endif
diff --git a/src/crypto.h b/src/crypto.h
index e3c1f63a9..e877e8f90 100644
--- a/src/crypto.h
+++ b/src/crypto.h
@@ -134,15 +134,15 @@ unsigned char *crypto_md5(const unsigned char *, size_t, unsigned char *);
 int crypto_derive_key(const char *, uint8_t *, size_t);
 int crypto_parse_key(const char *, uint8_t *, size_t);
 int crypto_hkdf(const mbedtls_md_info_t *md, const unsigned char *salt,
-                 int salt_len, const unsigned char *ikm, int ikm_len,
-                 const unsigned char *info, int info_len, unsigned char *okm,
-                 int okm_len);
+                int salt_len, const unsigned char *ikm, int ikm_len,
+                const unsigned char *info, int info_len, unsigned char *okm,
+                int okm_len);
 int crypto_hkdf_extract(const mbedtls_md_info_t *md, const unsigned char *salt,
-                         int salt_len, const unsigned char *ikm, int ikm_len,
-                         unsigned char *prk);
+                        int salt_len, const unsigned char *ikm, int ikm_len,
+                        unsigned char *prk);
 int crypto_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk,
-                        int prk_len, const unsigned char *info, int info_len,
-                        unsigned char *okm, int okm_len);
+                       int prk_len, const unsigned char *info, int info_len,
+                       unsigned char *okm, int okm_len);
 #ifdef SS_DEBUG
 void dump(char *tag, char *text, int len);
 #endif
diff --git a/src/jconf.c b/src/jconf.c
index abd69572c..b706275c7 100644
--- a/src/jconf.c
+++ b/src/jconf.c
@@ -36,7 +36,7 @@
     do { \
         if ((value)->type != (expected_type)) \
             FATAL((message)); \
-    } while(0)
+    } while (0)
 
 static char *
 to_string(const json_value *value)
@@ -64,7 +64,8 @@ free_addr(ss_addr_t *addr)
 void
 parse_addr(const char *str_in, ss_addr_t *addr)
 {
-    if (str_in == NULL) return;
+    if (str_in == NULL)
+        return;
 
     int ipv6 = 0, ret = -1, n = 0;
     char *pch;
@@ -203,7 +204,7 @@ read_jconf(const char *file)
                         if (j >= MAX_REMOTE_NUM) {
                             break;
                         }
-                        json_value *v = value->u.array.values[j];
+                        json_value *v  = value->u.array.values[j];
                         char *addr_str = to_string(v);
                         parse_addr(addr_str, conf.remote_addr + j);
                         ss_free(addr_str);
@@ -255,21 +256,21 @@ read_jconf(const char *file)
                 conf.plugin_opts = to_string(value);
             } else if (strcmp(name, "fast_open") == 0) {
                 check_json_value_type(value, json_boolean,
-                        "invalid config file: option 'fast_open' must be a boolean");
+                                      "invalid config file: option 'fast_open' must be a boolean");
                 conf.fast_open = value->u.boolean;
             } else if (strcmp(name, "reuse_port") == 0) {
                 check_json_value_type(value, json_boolean,
-                        "invalid config file: option 'reuse_port' must be a boolean");
+                                      "invalid config file: option 'reuse_port' must be a boolean");
                 conf.reuse_port = value->u.boolean;
             } else if (strcmp(name, "disable_sni") == 0) {
                 check_json_value_type(value, json_boolean,
-                        "invalid config file: option 'disable_sni' must be a boolean");
+                                      "invalid config file: option 'disable_sni' must be a boolean");
                 conf.disable_sni = value->u.boolean;
             } else if (strcmp(name, "auth") == 0) {
                 FATAL("One time auth has been deprecated. Try AEAD ciphers instead.");
             } else if (strcmp(name, "nofile") == 0) {
                 check_json_value_type(value, json_integer,
-                    "invalid config file: option 'nofile' must be an integer");
+                                      "invalid config file: option 'nofile' must be an integer");
                 conf.nofile = value->u.integer;
             } else if (strcmp(name, "nameserver") == 0) {
                 conf.nameserver = to_string(value);
@@ -281,12 +282,12 @@ read_jconf(const char *file)
                         }
                         json_value *v = value->u.object.values[j].value;
                         if (v->type == json_string) {
-                            int dscp = parse_dscp(to_string(v));
+                            int dscp   = parse_dscp(to_string(v));
                             char *port = ss_strndup(value->u.object.values[j].name,
-                                    value->u.object.values[j].name_length);
+                                                    value->u.object.values[j].name_length);
                             conf.dscp[j].port = port;
                             conf.dscp[j].dscp = dscp;
-                            conf.dscp_num = j + 1;
+                            conf.dscp_num     = j + 1;
                         }
                     }
                 }
@@ -310,20 +311,20 @@ read_jconf(const char *file)
                 ss_free(mode_str);
             } else if (strcmp(name, "mtu") == 0) {
                 check_json_value_type(value, json_integer,
-                    "invalid config file: option 'mtu' must be an integer");
+                                      "invalid config file: option 'mtu' must be an integer");
                 conf.mtu = value->u.integer;
             } else if (strcmp(name, "mptcp") == 0) {
                 check_json_value_type(value, json_boolean,
-                    "invalid config file: option 'mptcp' must be a boolean");
+                                      "invalid config file: option 'mptcp' must be a boolean");
                 conf.mptcp = value->u.boolean;
             } else if (strcmp(name, "ipv6_first") == 0) {
                 check_json_value_type(value, json_boolean,
-                    "invalid config file: option 'ipv6_first' must be a boolean");
+                                      "invalid config file: option 'ipv6_first' must be a boolean");
                 conf.ipv6_first = value->u.boolean;
 #ifdef HAS_SYSLOG
             } else if (strcmp(name, "use_syslog") == 0) {
                 check_json_value_type(value, json_boolean,
-                    "invalid config file: option 'use_syslog' must be a boolean");
+                                      "invalid config file: option 'use_syslog' must be a boolean");
                 use_syslog = value->u.boolean;
 #endif
             } else if (strcmp(name, "no_delay") == 0) {
diff --git a/src/local.c b/src/local.c
index 5a10fd465..f66373758 100644
--- a/src/local.c
+++ b/src/local.c
@@ -157,7 +157,7 @@ create_and_bind(const char *addr, const char *port)
     memset(&hints, 0, sizeof(struct addrinfo));
     hints.ai_family   = AF_UNSPEC;   /* Return IPv4 and IPv6 choices */
     hints.ai_socktype = SOCK_STREAM; /* We want a TCP socket */
-    result = NULL;
+    result            = NULL;
 
     s = getaddrinfo(addr, port, &hints, &result);
 
@@ -234,6 +234,7 @@ launch_or_create(const char *addr, const char *port)
     }
     return -1;
 }
+
 #endif
 
 static void
@@ -477,7 +478,7 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
                 return;
             }
             struct method_select_request *method = (struct method_select_request *)buf->data;
-            int method_len = method->nmethods + sizeof(struct method_select_request);
+            int method_len                       = method->nmethods + sizeof(struct method_select_request);
             if (buf->len < method_len) {
                 return;
             }
@@ -485,12 +486,11 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
             struct method_select_response response;
             response.ver    = SVERSION;
             response.method = METHOD_UNACCEPTABLE;
-            for (int i = 0; i < method->nmethods; i++) {
+            for (int i = 0; i < method->nmethods; i++)
                 if (method->methods[i] == METHOD_NOAUTH) {
                     response.method = METHOD_NOAUTH;
                     break;
                 }
-            }
             char *send_buf = (char *)&response;
             send(server->fd, send_buf, sizeof(response), 0);
             if (response.method == METHOD_UNACCEPTABLE) {
@@ -502,7 +502,7 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
             server->stage = STAGE_HANDSHAKE;
 
             if (method_len < (int)(buf->len)) {
-                memmove(buf->data, buf->data + method_len , buf->len - method_len);
+                memmove(buf->data, buf->data + method_len, buf->len - method_len);
                 buf->len -= method_len;
                 continue;
             }
@@ -511,7 +511,7 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
             return;
         } else if (server->stage == STAGE_HANDSHAKE || server->stage == STAGE_PARSE) {
             struct socks5_request *request = (struct socks5_request *)buf->data;
-            size_t request_len = sizeof(struct socks5_request);
+            size_t request_len             = sizeof(struct socks5_request);
             struct sockaddr_in sock_addr;
             memset(&sock_addr, 0, sizeof(sock_addr));
 
@@ -605,7 +605,7 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
                 if (acl || verbose) {
                     uint16_t p = ntohs(*(uint16_t *)(buf->data + request_len + in_addr_len));
                     inet_ntop(AF_INET, (const void *)(buf->data + request_len),
-                             ip, INET_ADDRSTRLEN);
+                              ip, INET_ADDRSTRLEN);
                     sprintf(port, "%d", p);
                 }
             } else if (atyp == 3) {
@@ -624,7 +624,6 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
                     memcpy(host, buf->data + request_len + 1, name_len);
                     host[name_len] = '\0';
                     sprintf(port, "%d", p);
-
                 }
             } else if (atyp == 4) {
                 // IP V6
@@ -638,7 +637,7 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
                 if (acl || verbose) {
                     uint16_t p = ntohs(*(uint16_t *)(buf->data + request_len + in6_addr_len));
                     inet_ntop(AF_INET6, (const void *)(buf->data + request_len),
-                             ip, INET6_ADDRSTRLEN);
+                              ip, INET6_ADDRSTRLEN);
                     sprintf(port, "%d", p);
                 }
             } else {
@@ -705,12 +704,12 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
 
             if (acl
 #ifdef __ANDROID__
-                    && !(vpn && strcmp(port, "53") == 0)
+                && !(vpn && strcmp(port, "53") == 0)
 #endif
-                    ) {
+                ) {
                 int host_match = acl_match_host(host);
-                int bypass = 0;
-                int resolved = 0;
+                int bypass     = 0;
+                int resolved   = 0;
                 struct sockaddr_storage storage;
                 memset(&storage, 0, sizeof(struct sockaddr_storage));
                 int err;
@@ -725,34 +724,36 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
                         err = get_sockaddr(host, port, &storage, 0, ipv6first);
                         if (err != -1) {
                             resolved = 1;
-                            switch(((struct sockaddr*)&storage)->sa_family) {
-                                case AF_INET: {
-                                    struct sockaddr_in *addr_in = (struct sockaddr_in *)&storage;
-                                    inet_ntop(AF_INET, &(addr_in->sin_addr), ip, INET_ADDRSTRLEN);
-                                    break;
-                                }
-                                case AF_INET6: {
-                                    struct sockaddr_in6 *addr_in6 = (struct sockaddr_in6 *)&storage;
-                                    inet_ntop(AF_INET6, &(addr_in6->sin6_addr), ip, INET6_ADDRSTRLEN);
-                                    break;
-                                }
-                                default:
-                                    break;
+                            switch (((struct sockaddr *)&storage)->sa_family) {
+                            case AF_INET:
+                            {
+                                struct sockaddr_in *addr_in = (struct sockaddr_in *)&storage;
+                                inet_ntop(AF_INET, &(addr_in->sin_addr), ip, INET_ADDRSTRLEN);
+                                break;
+                            }
+                            case AF_INET6:
+                            {
+                                struct sockaddr_in6 *addr_in6 = (struct sockaddr_in6 *)&storage;
+                                inet_ntop(AF_INET6, &(addr_in6->sin6_addr), ip, INET6_ADDRSTRLEN);
+                                break;
+                            }
+                            default:
+                                break;
                             }
                         }
                     }
 #endif
                     int ip_match = acl_match_host(ip);
                     switch (get_acl_mode()) {
-                        case BLACK_LIST:
-                            if (ip_match > 0)
-                                bypass = 1;               // bypass IPs in black list
-                            break;
-                        case WHITE_LIST:
-                            bypass = 1;
-                            if (ip_match < 0)
-                                bypass = 0;               // proxy IPs in white list
-                            break;
+                    case BLACK_LIST:
+                        if (ip_match > 0)
+                            bypass = 1;                   // bypass IPs in black list
+                        break;
+                    case WHITE_LIST:
+                        bypass = 1;
+                        if (ip_match < 0)
+                            bypass = 0;                   // proxy IPs in white list
+                        break;
                     }
                 }
 
@@ -770,7 +771,7 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
                         err = get_sockaddr(host, port, &storage, 0, ipv6first);
                     else
 #endif
-                        err = get_sockaddr(ip, port, &storage, 0, ipv6first);
+                    err = get_sockaddr(ip, port, &storage, 0, ipv6first);
                     if (err != -1) {
                         remote = create_remote(server->listener, (struct sockaddr *)&storage);
                         if (remote != NULL)
@@ -1114,7 +1115,7 @@ new_server(int fd)
     ev_io_init(&server->send_ctx->io, server_send_cb, fd, EV_WRITE);
 
     ev_timer_init(&server->delayed_connect_watcher,
-            delayed_connect_cb, 0.05, 0);
+                  delayed_connect_cb, 0.05, 0);
 
     cork_dllist_add(&connections, &server->entries);
 
@@ -1195,7 +1196,7 @@ create_remote(listen_ctx_t *listener,
         }
     } else if (listener->mptcp == 1) {
         int i = 0;
-        while((listener->mptcp = mptcp_enabled_values[i]) > 0) {
+        while ((listener->mptcp = mptcp_enabled_values[i]) > 0) {
             int err = setsockopt(remotefd, SOL_TCP, listener->mptcp, &opt, sizeof(opt));
             if (err != -1) {
                 break;
@@ -1300,18 +1301,18 @@ main(int argc, char **argv)
     char *remote_port = NULL;
 
     static struct option long_options[] = {
-        { "reuse-port",  no_argument,       NULL, GETOPT_VAL_REUSE_PORT },
-        { "fast-open",   no_argument,       NULL, GETOPT_VAL_FAST_OPEN },
-        { "no-delay",    no_argument,       NULL, GETOPT_VAL_NODELAY },
-        { "acl",         required_argument, NULL, GETOPT_VAL_ACL },
-        { "mtu",         required_argument, NULL, GETOPT_VAL_MTU },
-        { "mptcp",       no_argument,       NULL, GETOPT_VAL_MPTCP },
-        { "plugin",      required_argument, NULL, GETOPT_VAL_PLUGIN },
+        { "reuse-port",  no_argument,       NULL, GETOPT_VAL_REUSE_PORT  },
+        { "fast-open",   no_argument,       NULL, GETOPT_VAL_FAST_OPEN   },
+        { "no-delay",    no_argument,       NULL, GETOPT_VAL_NODELAY     },
+        { "acl",         required_argument, NULL, GETOPT_VAL_ACL         },
+        { "mtu",         required_argument, NULL, GETOPT_VAL_MTU         },
+        { "mptcp",       no_argument,       NULL, GETOPT_VAL_MPTCP       },
+        { "plugin",      required_argument, NULL, GETOPT_VAL_PLUGIN      },
         { "plugin-opts", required_argument, NULL, GETOPT_VAL_PLUGIN_OPTS },
-        { "password",    required_argument, NULL, GETOPT_VAL_PASSWORD },
-        { "key",         required_argument, NULL, GETOPT_VAL_KEY },
-        { "help",        no_argument,       NULL, GETOPT_VAL_HELP },
-        { NULL,          0,                 NULL, 0 }
+        { "password",    required_argument, NULL, GETOPT_VAL_PASSWORD    },
+        { "key",         required_argument, NULL, GETOPT_VAL_KEY         },
+        { "help",        no_argument,       NULL, GETOPT_VAL_HELP        },
+        { NULL,                          0, NULL,                      0 }
     };
 
     opterr = 0;
@@ -1495,7 +1496,7 @@ main(int argc, char **argv)
             mptcp = conf->mptcp;
         }
         if (no_delay == 0) {
-          no_delay = conf->no_delay;
+            no_delay = conf->no_delay;
         }
 #ifdef HAVE_SETRLIMIT
         if (nofile == 0) {
@@ -1576,8 +1577,8 @@ main(int argc, char **argv)
     }
 
     if (plugin != NULL) {
-        int len = 0;
-        size_t buf_size = 256 * remote_num;
+        int len          = 0;
+        size_t buf_size  = 256 * remote_num;
         char *remote_str = ss_malloc(buf_size);
 
         snprintf(remote_str, buf_size, "%s", remote_addr[0].host);
@@ -1587,7 +1588,7 @@ main(int argc, char **argv)
             len = strlen(remote_str);
         }
         int err = start_plugin(plugin, plugin_opts, remote_str,
-                remote_port, plugin_host, plugin_port, MODE_CLIENT);
+                               remote_port, plugin_host, plugin_port, MODE_CLIENT);
         if (err) {
             FATAL("failed to start the plugin");
         }
@@ -1624,7 +1625,8 @@ main(int argc, char **argv)
         listen_ctx.remote_addr[i] = (struct sockaddr *)storage;
         ++listen_ctx.remote_num;
 
-        if (plugin != NULL) break;
+        if (plugin != NULL)
+            break;
     }
     listen_ctx.timeout = atoi(timeout);
     listen_ctx.iface   = iface;
@@ -1665,8 +1667,8 @@ main(int argc, char **argv)
     // Setup UDP
     if (mode != TCP_ONLY) {
         LOGI("udprelay enabled");
-        char *host = remote_addr[0].host;
-        char *port = remote_addr[0].port == NULL ? remote_port : remote_addr[0].port;
+        char *host                       = remote_addr[0].host;
+        char *port                       = remote_addr[0].port == NULL ? remote_port : remote_addr[0].port;
         struct sockaddr_storage *storage = ss_malloc(sizeof(struct sockaddr_storage));
         memset(storage, 0, sizeof(struct sockaddr_storage));
         if (get_sockaddr(host, port, storage, 1, ipv6first) == -1) {
@@ -1674,7 +1676,7 @@ main(int argc, char **argv)
         }
         struct sockaddr *addr = (struct sockaddr *)storage;
         udp_fd = init_udprelay(local_addr, local_port, addr,
-                      get_sockaddr_len(addr), mtu, crypto, listen_ctx.timeout, iface);
+                               get_sockaddr_len(addr), mtu, crypto, listen_ctx.timeout, iface);
     }
 
 #ifdef HAVE_LAUNCHD
@@ -1829,7 +1831,7 @@ start_ss_local_server(profile_t profile)
         LOGI("udprelay enabled");
         struct sockaddr *addr = (struct sockaddr *)(&storage);
         udp_fd = init_udprelay(local_addr, local_port_str, addr,
-                      get_sockaddr_len(addr), mtu, crypto, timeout, NULL);
+                               get_sockaddr_len(addr), mtu, crypto, timeout, NULL);
     }
 
     if (strcmp(local_addr, ":") > 0)
diff --git a/src/manager.c b/src/manager.c
index 5f9c9f06b..3e311946b 100644
--- a/src/manager.c
+++ b/src/manager.c
@@ -83,12 +83,17 @@ setnonblocking(int fd)
 }
 
 static void
-destroy_server(struct server *server) {
+destroy_server(struct server *server)
+{
 // function used to free memories alloced in **get_server**
-    if (server->method) ss_free(server->method);
-    if (server->plugin) ss_free(server->plugin);
-    if (server->plugin_opts) ss_free(server->plugin_opts);
-    if (server->mode) ss_free(server->mode);
+    if (server->method)
+        ss_free(server->method);
+    if (server->plugin)
+        ss_free(server->plugin);
+    if (server->plugin_opts)
+        ss_free(server->plugin_opts);
+    if (server->mode)
+        ss_free(server->mode);
 }
 
 static void
@@ -465,11 +470,10 @@ check_port(struct manager_ctx *manager, struct server *server)
     }
 
     /* clean socks */
-    for (int i = 0; i < fd_count; i++) {
+    for (int i = 0; i < fd_count; i++)
         if (sock_fds[i] > 0) {
             close(sock_fds[i]);
         }
-    }
 
     ss_free(sock_fds);
 
@@ -630,7 +634,7 @@ manager_recv_cb(EV_P_ ev_io *w, int revents)
             ERROR("add_sendto");
         }
     } else if (strcmp(action, "list") == 0) {
-        struct cork_hash_table_iterator  iter;
+        struct cork_hash_table_iterator iter;
         struct cork_hash_table_entry  *entry;
         char buf[BUF_SIZE];
         memset(buf, 0, BUF_SIZE);
@@ -639,10 +643,10 @@ manager_recv_cb(EV_P_ ev_io *w, int revents)
         cork_hash_table_iterator_init(server_table, &iter);
         while ((entry = cork_hash_table_iterator_next(&iter)) != NULL) {
             struct server *server = (struct server *)entry->value;
-            char *method = server->method?server->method:manager->method;
-            size_t pos = strlen(buf);
-            size_t entry_len = strlen(server->port) + strlen(server->password) + strlen(method);
-            if (pos > BUF_SIZE-entry_len-50) {
+            char *method          = server->method ? server->method : manager->method;
+            size_t pos            = strlen(buf);
+            size_t entry_len      = strlen(server->port) + strlen(server->password) + strlen(method);
+            if (pos > BUF_SIZE - entry_len - 50) {
                 if (sendto(manager->fd, buf, pos, 0, (struct sockaddr *)&claddr, len)
                     != pos) {
                     ERROR("list_sendto");
@@ -650,13 +654,12 @@ manager_recv_cb(EV_P_ ev_io *w, int revents)
                 memset(buf, 0, BUF_SIZE);
                 pos = 0;
             }
-            sprintf(buf + pos, "\n\t{\"server_port\":\"%s\",\"password\":\"%s\",\"method\":\"%s\"},", 
-                    server->port,server->password,method);
-
+            sprintf(buf + pos, "\n\t{\"server_port\":\"%s\",\"password\":\"%s\",\"method\":\"%s\"},",
+                    server->port, server->password, method);
         }
 
         size_t pos = strlen(buf);
-        strcpy(buf + pos - 1, "\n]"); //Remove trailing ","
+        strcpy(buf + pos - 1, "\n]"); // Remove trailing ","
         pos = strlen(buf);
         if (sendto(manager->fd, buf, pos, 0, (struct sockaddr *)&claddr, len)
             != pos) {
@@ -864,19 +867,19 @@ main(int argc, char **argv)
     jconf_t *conf = NULL;
 
     static struct option long_options[] = {
-        { "fast-open",       no_argument,       NULL, GETOPT_VAL_FAST_OPEN },
-        { "reuse-port",      no_argument,       NULL, GETOPT_VAL_REUSE_PORT },
-        { "acl",             required_argument, NULL, GETOPT_VAL_ACL },
+        { "fast-open",       no_argument,       NULL, GETOPT_VAL_FAST_OPEN   },
+        { "reuse-port",      no_argument,       NULL, GETOPT_VAL_REUSE_PORT  },
+        { "acl",             required_argument, NULL, GETOPT_VAL_ACL         },
         { "manager-address", required_argument, NULL,
-                                                GETOPT_VAL_MANAGER_ADDRESS },
+          GETOPT_VAL_MANAGER_ADDRESS },
         { "executable",      required_argument, NULL,
-                                                GETOPT_VAL_EXECUTABLE },
-        { "mtu",             required_argument, NULL, GETOPT_VAL_MTU },
-        { "plugin",          required_argument, NULL, GETOPT_VAL_PLUGIN },
+          GETOPT_VAL_EXECUTABLE },
+        { "mtu",             required_argument, NULL, GETOPT_VAL_MTU         },
+        { "plugin",          required_argument, NULL, GETOPT_VAL_PLUGIN      },
         { "plugin-opts",     required_argument, NULL, GETOPT_VAL_PLUGIN_OPTS },
-        { "password",        required_argument, NULL, GETOPT_VAL_PASSWORD },
-        { "help",            no_argument,       NULL, GETOPT_VAL_HELP },
-        { NULL,              0,                 NULL, 0 }
+        { "password",        required_argument, NULL, GETOPT_VAL_PASSWORD    },
+        { "help",            no_argument,       NULL, GETOPT_VAL_HELP        },
+        { NULL,                              0, NULL,                      0 }
     };
 
     opterr = 0;
diff --git a/src/plugin.c b/src/plugin.c
index 2fe10cd04..6abdc8a15 100644
--- a/src/plugin.c
+++ b/src/plugin.c
@@ -39,15 +39,15 @@
 #define CMD_RESRV_LEN 128
 
 static int exit_code;
-static struct cork_env *env = NULL;
-static struct cork_exec *exec = NULL;
+static struct cork_env *env        = NULL;
+static struct cork_exec *exec      = NULL;
 static struct cork_subprocess *sub = NULL;
 
 static int
 plugin_log__data(struct cork_stream_consumer *vself,
-        const void *buf, size_t size, bool is_first)
+                 const void *buf, size_t size, bool is_first)
 {
-    size_t  bytes_written = fwrite(buf, 1, size, stderr);
+    size_t bytes_written = fwrite(buf, 1, size, stderr);
     /*  If there was an error writing to the file, then signal this
      *  to the producer */
     if (bytes_written == size) {
@@ -74,22 +74,23 @@ plugin_log__free(struct cork_stream_consumer *vself)
 
 struct cork_stream_consumer plugin_log = {
     .data = plugin_log__data,
-    .eof = plugin_log__eof,
+    .eof  = plugin_log__eof,
     .free = plugin_log__free,
 };
 
-static int start_ss_plugin(const char *plugin,
-                           const char *plugin_opts,
-                           const char *remote_host,
-                           const char *remote_port,
-                           const char *local_host,
-                           const char *local_port,
-                           enum plugin_mode mode)
+static int
+start_ss_plugin(const char *plugin,
+                const char *plugin_opts,
+                const char *remote_host,
+                const char *remote_port,
+                const char *local_host,
+                const char *local_port,
+                enum plugin_mode mode)
 {
-    char *cmd      = NULL;
+    char *cmd = NULL;
 
     size_t plugin_len = strlen(plugin);
-    size_t cmd_len = plugin_len + CMD_RESRV_LEN;
+    size_t cmd_len    = plugin_len + CMD_RESRV_LEN;
     cmd = ss_malloc(cmd_len);
 
     snprintf(cmd, cmd_len, "exec %s", plugin);
@@ -143,13 +144,14 @@ static int start_ss_plugin(const char *plugin,
  * Some old obfsproxy will not be supported as it doesn't even support
  * "--data-dir" option
  */
-static int start_obfsproxy(const char *plugin,
-                           const char *plugin_opts,
-                           const char *remote_host,
-                           const char *remote_port,
-                           const char *local_host,
-                           const char *local_port,
-                           enum plugin_mode mode)
+static int
+start_obfsproxy(const char *plugin,
+                const char *plugin_opts,
+                const char *remote_host,
+                const char *remote_port,
+                const char *local_host,
+                const char *local_port,
+                enum plugin_mode mode)
 {
     char *pch;
     char *opts_dump;
@@ -168,7 +170,7 @@ static int start_obfsproxy(const char *plugin,
 
     cork_exec_add_param(exec, "--data-dir");
     buf_size = 20 + strlen(plugin) + strlen(remote_host)
-        + strlen(remote_port) + strlen(local_host) + strlen(local_port);
+               + strlen(remote_port) + strlen(local_host) + strlen(local_port);
     buf = ss_malloc(buf_size);
     snprintf(buf, buf_size, "/tmp/%s_%s:%s_%s:%s", plugin,
              remote_host, remote_port, local_host, local_port);
@@ -232,7 +234,7 @@ start_plugin(const char *plugin,
     /*
      * Add current dir to PATH, so we can search plugin in current dir
      */
-    env = cork_env_clone_current();
+    env          = cork_env_clone_current();
     current_path = cork_env_get(env, "PATH");
     if (current_path != NULL) {
 #ifdef HAVE_GET_CURRENT_DIR_NAME
@@ -243,7 +245,7 @@ start_plugin(const char *plugin,
         if (!getcwd(cwd, PATH_MAX)) {
 #endif
             new_path_len = strlen(current_path) + strlen(cwd) + 2;
-            new_path = ss_malloc(new_path_len);
+            new_path     = ss_malloc(new_path_len);
             snprintf(new_path, new_path_len, "%s:%s", cwd, current_path);
 #ifdef HAVE_GET_CURRENT_DIR_NAME
             free(cwd);
@@ -273,11 +275,11 @@ get_local_port()
     }
 
     struct sockaddr_in serv_addr;
-    bzero((char *) &serv_addr, sizeof(serv_addr));
-    serv_addr.sin_family = AF_INET;
+    bzero((char *)&serv_addr, sizeof(serv_addr));
+    serv_addr.sin_family      = AF_INET;
     serv_addr.sin_addr.s_addr = INADDR_ANY;
-    serv_addr.sin_port = 0;
-    if (bind(sock, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) {
+    serv_addr.sin_port        = 0;
+    if (bind(sock, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) < 0) {
         return 0;
     }
 
@@ -285,7 +287,7 @@ get_local_port()
     if (getsockname(sock, (struct sockaddr *)&serv_addr, &len) == -1) {
         return 0;
     }
-    if (close (sock) < 0) {
+    if (close(sock) < 0) {
         return 0;
     }
 
@@ -301,7 +303,8 @@ stop_plugin()
     }
 }
 
-int is_plugin_running()
+int
+is_plugin_running()
 {
     if (sub != NULL) {
         return cork_subprocess_is_finished(sub);
diff --git a/src/ppbloom.c b/src/ppbloom.c
index 0ef5b95d7..d06dc011b 100644
--- a/src/ppbloom.c
+++ b/src/ppbloom.c
@@ -41,13 +41,15 @@ ppbloom_init(int n, double e)
 {
     int err;
     entries = n / 2;
-    error = e;
+    error   = e;
 
     err = bloom_init(ppbloom + PING, entries, error);
-    if (err) return err;
+    if (err)
+        return err;
 
     err = bloom_init(ppbloom + PONG, entries, error);
-    if (err) return err;
+    if (err)
+        return err;
 
     bloom_count[PING] = 0;
     bloom_count[PONG] = 0;
@@ -63,10 +65,12 @@ ppbloom_check(const void *buffer, int len)
     int ret;
 
     ret = bloom_check(ppbloom + PING, buffer, len);
-    if (ret) return ret;
+    if (ret)
+        return ret;
 
     ret = bloom_check(ppbloom + PONG, buffer, len);
-    if (ret) return ret;
+    if (ret)
+        return ret;
 
     return 0;
 }
@@ -76,13 +80,14 @@ ppbloom_add(const void *buffer, int len)
 {
     int err;
     err = bloom_add(ppbloom + current, buffer, len);
-    if (err == -1) return err;
+    if (err == -1)
+        return err;
 
     bloom_count[current]++;
 
     if (bloom_count[current] >= entries) {
         bloom_count[current] = 0;
-        current = current == PING ? PONG : PING;
+        current              = current == PING ? PONG : PING;
         bloom_free(ppbloom + current);
         bloom_init(ppbloom + current, entries, error);
     }
diff --git a/src/ppbloom.h b/src/ppbloom.h
index 855a78d51..5316b4359 100644
--- a/src/ppbloom.h
+++ b/src/ppbloom.h
@@ -24,8 +24,8 @@
 #define _PPBLOOM_
 
 int ppbloom_init(int entries, double error);
-int ppbloom_check(const void * buffer, int len);
-int ppbloom_add(const void * buffer, int len);
+int ppbloom_check(const void *buffer, int len);
+int ppbloom_add(const void *buffer, int len);
 void ppbloom_free(void);
 
 #endif
diff --git a/src/redir.c b/src/redir.c
index a83e5ab99..91b6579c1 100644
--- a/src/redir.c
+++ b/src/redir.c
@@ -95,7 +95,7 @@ static crypto_t *crypto;
 static int ipv6first = 0;
 static int mode      = TCP_ONLY;
 #ifdef HAVE_SETRLIMIT
-static int nofile    = 0;
+static int nofile = 0;
 #endif
 static int fast_open = 0;
 static int no_delay  = 0;
@@ -477,7 +477,7 @@ remote_send_cb(EV_P_ ev_io *w, int revents)
             balloc(abuf, BUF_SIZE);
 
             if (server->hostname_len > 0
-                    && validate_hostname(server->hostname, server->hostname_len)) { // HTTP/SNI
+                && validate_hostname(server->hostname, server->hostname_len)) {     // HTTP/SNI
                 uint16_t port;
                 if (AF_INET6 == server->destaddr.ss_family) { // IPv6
                     port = (((struct sockaddr_in6 *)&(server->destaddr))->sin6_port);
@@ -557,7 +557,7 @@ remote_send_cb(EV_P_ ev_io *w, int revents)
                        get_sockaddr_len(remote->addr));
 
             if (s == -1 && (errno == EOPNOTSUPP || errno == EPROTONOSUPPORT ||
-                errno == ENOPROTOOPT)) {
+                            errno == ENOPROTOOPT)) {
                 fast_open = 0;
                 LOGE("fast open is not supported on this platform");
                 close_and_free_remote(EV_A_ remote);
@@ -807,7 +807,7 @@ accept_cb(EV_P_ ev_io *w, int revents)
         }
     } else if (listener->mptcp == 1) {
         int i = 0;
-        while((listener->mptcp = mptcp_enabled_values[i]) > 0) {
+        while ((listener->mptcp = mptcp_enabled_values[i]) > 0) {
             int err = setsockopt(remotefd, SOL_TCP, listener->mptcp, &opt, sizeof(opt));
             if (err != -1) {
                 break;
@@ -896,21 +896,21 @@ main(int argc, char **argv)
     ss_addr_t remote_addr[MAX_REMOTE_NUM];
     char *remote_port = NULL;
 
-    int dscp_num   = 0;
-    ss_dscp_t * dscp = NULL;
+    int dscp_num    = 0;
+    ss_dscp_t *dscp = NULL;
 
     static struct option long_options[] = {
-        { "fast-open",   no_argument,       NULL, GETOPT_VAL_FAST_OPEN },
-        { "mtu",         required_argument, NULL, GETOPT_VAL_MTU },
-        { "mptcp",       no_argument,       NULL, GETOPT_VAL_MPTCP },
-        { "plugin",      required_argument, NULL, GETOPT_VAL_PLUGIN },
+        { "fast-open",   no_argument,       NULL, GETOPT_VAL_FAST_OPEN   },
+        { "mtu",         required_argument, NULL, GETOPT_VAL_MTU         },
+        { "mptcp",       no_argument,       NULL, GETOPT_VAL_MPTCP       },
+        { "plugin",      required_argument, NULL, GETOPT_VAL_PLUGIN      },
         { "plugin-opts", required_argument, NULL, GETOPT_VAL_PLUGIN_OPTS },
-        { "reuse-port",  no_argument,       NULL, GETOPT_VAL_REUSE_PORT },
-        { "no-delay",    no_argument,       NULL, GETOPT_VAL_NODELAY },
-        { "password",    required_argument, NULL, GETOPT_VAL_PASSWORD },
-        { "key",         required_argument, NULL, GETOPT_VAL_KEY },
-        { "help",        no_argument,       NULL, GETOPT_VAL_HELP },
-        { NULL,          0,                 NULL, 0 }
+        { "reuse-port",  no_argument,       NULL, GETOPT_VAL_REUSE_PORT  },
+        { "no-delay",    no_argument,       NULL, GETOPT_VAL_NODELAY     },
+        { "password",    required_argument, NULL, GETOPT_VAL_PASSWORD    },
+        { "key",         required_argument, NULL, GETOPT_VAL_KEY         },
+        { "help",        no_argument,       NULL, GETOPT_VAL_HELP        },
+        { NULL,                          0, NULL,                      0 }
     };
 
     opterr = 0;
@@ -1072,7 +1072,7 @@ main(int argc, char **argv)
             mptcp = conf->mptcp;
         }
         if (no_delay == 0) {
-          no_delay = conf->no_delay;
+            no_delay = conf->no_delay;
         }
         if (reuse_port == 0) {
             reuse_port = conf->reuse_port;
@@ -1091,12 +1091,12 @@ main(int argc, char **argv)
         if (ipv6first == 0) {
             ipv6first = conf->ipv6_first;
         }
-	dscp_num = conf->dscp_num;
-	dscp = conf->dscp;
+        dscp_num = conf->dscp_num;
+        dscp     = conf->dscp;
     }
 
     if (remote_num == 0 || remote_port == NULL || local_port == NULL
-            || (password == NULL && key == NULL)) {
+        || (password == NULL && key == NULL)) {
         usage();
         exit(EXIT_FAILURE);
     }
@@ -1138,7 +1138,6 @@ main(int argc, char **argv)
         local_addr = "127.0.0.1";
     }
 
-
     if (fast_open == 1) {
 #ifdef TCP_FASTOPEN
         LOGI("using tcp fast open");
@@ -1154,7 +1153,7 @@ main(int argc, char **argv)
     }
 
     if (no_delay) {
-      LOGI("enable TCP no-delay");
+        LOGI("enable TCP no-delay");
     }
 
     if (ipv6first) {
@@ -1162,8 +1161,8 @@ main(int argc, char **argv)
     }
 
     if (plugin != NULL) {
-        int len = 0;
-        size_t buf_size = 256 * remote_num;
+        int len          = 0;
+        size_t buf_size  = 256 * remote_num;
         char *remote_str = ss_malloc(buf_size);
 
         snprintf(remote_str, buf_size, "%s", remote_addr[0].host);
@@ -1172,7 +1171,7 @@ main(int argc, char **argv)
             len = strlen(remote_str);
         }
         int err = start_plugin(plugin, plugin_opts, remote_str,
-                remote_port, plugin_host, plugin_port, MODE_CLIENT);
+                               remote_port, plugin_host, plugin_port, MODE_CLIENT);
         if (err) {
             FATAL("failed to start the plugin");
         }
@@ -1216,24 +1215,25 @@ main(int argc, char **argv)
         }
         listen_ctx.remote_addr[i] = (struct sockaddr *)storage;
 
-        if (plugin != NULL) break;
+        if (plugin != NULL)
+            break;
     }
     listen_ctx.timeout = atoi(timeout);
     listen_ctx.mptcp   = mptcp;
 
     struct ev_loop *loop = EV_DEFAULT;
 
-    listen_ctx_t* listen_ctx_current = &listen_ctx;
+    listen_ctx_t *listen_ctx_current = &listen_ctx;
     do {
         if (mode != UDP_ONLY) {
             // Setup socket
             int listenfd;
             listenfd = create_and_bind(local_addr, local_port);
             if (listenfd == -1) {
-               FATAL("bind() error");
+                FATAL("bind() error");
             }
             if (listen(listenfd, SOMAXCONN) == -1) {
-               FATAL("listen() error");
+                FATAL("listen() error");
             }
             setnonblocking(listenfd);
 
@@ -1246,8 +1246,8 @@ main(int argc, char **argv)
         // Setup UDP
         if (mode != TCP_ONLY) {
             LOGI("UDP relay enabled");
-            char *host = remote_addr[0].host;
-            char *port = remote_addr[0].port == NULL ? remote_port : remote_addr[0].port;
+            char *host                       = remote_addr[0].host;
+            char *port                       = remote_addr[0].port == NULL ? remote_port : remote_addr[0].port;
             struct sockaddr_storage *storage = ss_malloc(sizeof(struct sockaddr_storage));
             memset(storage, 0, sizeof(struct sockaddr_storage));
             if (get_sockaddr(host, port, storage, 1, ipv6first) == -1) {
@@ -1262,7 +1262,7 @@ main(int argc, char **argv)
             LOGI("TCP relay disabled");
         }
 
-        if(listen_ctx_current->tos) {
+        if (listen_ctx_current->tos) {
             LOGI("listening at %s:%s (TOS 0x%x)", local_addr, local_port, listen_ctx_current->tos);
         } else {
             LOGI("listening at %s:%s", local_addr, local_port);
@@ -1270,10 +1270,10 @@ main(int argc, char **argv)
 
         // Handle additionals TOS/DSCP listening ports
         if (dscp_num > 0) {
-            listen_ctx_current = (listen_ctx_t*) ss_malloc(sizeof(listen_ctx_t));
-            listen_ctx_current = memcpy(listen_ctx_current, &listen_ctx, sizeof(listen_ctx_t));
-            local_port = dscp[dscp_num-1].port;
-            listen_ctx_current->tos = dscp[dscp_num-1].dscp << 2;
+            listen_ctx_current      = (listen_ctx_t *)ss_malloc(sizeof(listen_ctx_t));
+            listen_ctx_current      = memcpy(listen_ctx_current, &listen_ctx, sizeof(listen_ctx_t));
+            local_port              = dscp[dscp_num - 1].port;
+            listen_ctx_current->tos = dscp[dscp_num - 1].dscp << 2;
         }
     } while (dscp_num-- > 0);
 
diff --git a/src/resolv.c b/src/resolv.c
index ec89e9420..8e29a38ff 100644
--- a/src/resolv.c
+++ b/src/resolv.c
@@ -58,7 +58,7 @@
  */
 
 struct resolv_ctx {
-    struct ev_io    io;
+    struct ev_io io;
     struct ev_timer tw;
 
     ares_channel channel;
@@ -71,7 +71,7 @@ struct resolv_query {
     struct sockaddr **responses;
 
     void (*client_cb)(struct sockaddr *, void *);
-    void (*free_cb)(void*);
+    void (*free_cb)(void *);
 
     uint16_t port;
 
@@ -83,16 +83,14 @@ struct resolv_query {
 extern int verbose;
 
 struct resolv_ctx default_ctx;
-static struct ev_loop* default_loop;
+static struct ev_loop *default_loop;
 
 enum {
-
     MODE_IPV4_FIRST = 0,
     MODE_IPV6_FIRST = 1
-
 } RESOLV_MODE;
 
-static int resolv_mode           = MODE_IPV4_FIRST;
+static int resolv_mode = MODE_IPV4_FIRST;
 
 static void resolv_sock_cb(struct ev_loop *, struct ev_io *, int);
 static void resolv_timeout_cb(struct ev_loop *, struct ev_timer *, int);
@@ -115,7 +113,7 @@ static void reset_timer();
 static void
 resolv_sock_cb(EV_P_ ev_io *w, int revents)
 {
-    struct resolv_ctx *ctx = (struct resolv_ctx *) w;
+    struct resolv_ctx *ctx = (struct resolv_ctx *)w;
 
     ares_socket_t rfd = ARES_SOCKET_BAD, wfd = ARES_SOCKET_BAD;
 
@@ -141,7 +139,7 @@ resolv_init(struct ev_loop *loop, char *nameservers, int ipv6first)
 
     default_loop = loop;
 
-    if ((status = ares_library_init(ARES_LIB_INIT_ALL) )!= ARES_SUCCESS) {
+    if ((status = ares_library_init(ARES_LIB_INIT_ALL)) != ARES_SUCCESS) {
         LOGE("c-ares error: %s", ares_strerror(status));
         FATAL("failed to initialize c-ares");
     }
@@ -149,15 +147,15 @@ resolv_init(struct ev_loop *loop, char *nameservers, int ipv6first)
     memset(&default_ctx, 0, sizeof(struct resolv_ctx));
 
     default_ctx.options.sock_state_cb_data = &default_ctx;
-    default_ctx.options.sock_state_cb = resolv_sock_state_cb;
-    default_ctx.options.timeout = 3000;
-    default_ctx.options.tries = 2;
+    default_ctx.options.sock_state_cb      = resolv_sock_state_cb;
+    default_ctx.options.timeout            = 3000;
+    default_ctx.options.tries              = 2;
 
     status = ares_init_options(&default_ctx.channel, &default_ctx.options,
 #if ARES_VERSION_MAJOR >= 1 && ARES_VERSION_MINOR >= 12
-            ARES_OPT_NOROTATE |
+                               ARES_OPT_NOROTATE |
 #endif
-            ARES_OPT_TIMEOUTMS | ARES_OPT_TRIES | ARES_OPT_SOCK_STATE_CB);
+                               ARES_OPT_TIMEOUTMS | ARES_OPT_TRIES | ARES_OPT_SOCK_STATE_CB);
 
     if (status != ARES_SUCCESS) {
         FATAL("failed to initialize c-ares");
@@ -192,8 +190,8 @@ resolv_shutdown(struct ev_loop *loop)
 
 struct resolv_query *
 resolv_start(const char *hostname, uint16_t port,
-        void (*client_cb)(struct sockaddr *, void *),
-        void (*free_cb)(void*), void *data)
+             void (*client_cb)(struct sockaddr *, void *),
+             void (*free_cb)(void *), void *data)
 {
     /*
      * Wrap c-ares's call back in our own
@@ -215,10 +213,10 @@ resolv_start(const char *hostname, uint16_t port,
     query->data           = data;
     query->free_cb        = free_cb;
 
-    query->requests[0]   = AF_INET;
-    query->requests[1]   = AF_INET6;
+    query->requests[0] = AF_INET;
+    query->requests[1] = AF_INET6;
 
-    ares_gethostbyname(default_ctx.channel, hostname, AF_INET,  dns_query_v4_cb, query);
+    ares_gethostbyname(default_ctx.channel, hostname, AF_INET, dns_query_v4_cb, query);
     ares_gethostbyname(default_ctx.channel, hostname, AF_INET6, dns_query_v6_cb, query);
 
     reset_timer();
@@ -239,7 +237,7 @@ dns_query_v4_cb(void *arg, int status, int timeouts, struct hostent *he)
         return;
     }
 
-    if(!he || status != ARES_SUCCESS){
+    if (!he || status != ARES_SUCCESS) {
         if (verbose) {
             LOGI("failed to lookup v4 address %s", ares_strerror(status));
         }
@@ -251,14 +249,13 @@ dns_query_v4_cb(void *arg, int status, int timeouts, struct hostent *he)
     }
 
     n = 0;
-    while (he->h_addr_list[n]) {
+    while (he->h_addr_list[n])
         n++;
-    }
 
     if (n > 0) {
         struct sockaddr **new_responses = ss_realloc(query->responses,
-                (query->response_count + n)
-                * sizeof(struct sockaddr *));
+                                                     (query->response_count + n)
+                                                     * sizeof(struct sockaddr *));
 
         if (new_responses == NULL) {
             LOGE("failed to allocate memory for additional DNS responses");
@@ -272,7 +269,7 @@ dns_query_v4_cb(void *arg, int status, int timeouts, struct hostent *he)
                 sa->sin_port   = query->port;
                 memcpy(&sa->sin_addr, he->h_addr_list[i], he->h_length);
 
-                query->responses[query->response_count] = (struct sockaddr*)sa;
+                query->responses[query->response_count] = (struct sockaddr *)sa;
                 if (query->responses[query->response_count] == NULL) {
                     LOGE("failed to allocate memory for DNS query result address");
                 } else {
@@ -302,7 +299,7 @@ dns_query_v6_cb(void *arg, int status, int timeouts, struct hostent *he)
         return;
     }
 
-    if(!he || status != ARES_SUCCESS){
+    if (!he || status != ARES_SUCCESS) {
         if (verbose) {
             LOGI("failed to lookup v6 address %s", ares_strerror(status));
         }
@@ -314,14 +311,13 @@ dns_query_v6_cb(void *arg, int status, int timeouts, struct hostent *he)
     }
 
     n = 0;
-    while (he->h_addr_list[n]) {
+    while (he->h_addr_list[n])
         n++;
-    }
 
     if (n > 0) {
         struct sockaddr **new_responses = ss_realloc(query->responses,
-                (query->response_count + n)
-                * sizeof(struct sockaddr *));
+                                                     (query->response_count + n)
+                                                     * sizeof(struct sockaddr *));
 
         if (new_responses == NULL) {
             LOGE("failed to allocate memory for additional DNS responses");
@@ -335,7 +331,7 @@ dns_query_v6_cb(void *arg, int status, int timeouts, struct hostent *he)
                 sa->sin6_port   = query->port;
                 memcpy(&sa->sin6_addr, he->h_addr_list[i], he->h_length);
 
-                query->responses[query->response_count] = (struct sockaddr*)sa;
+                query->responses[query->response_count] = (struct sockaddr *)sa;
                 if (query->responses[query->response_count] == NULL) {
                     LOGE("failed to allocate memory for DNS query result address");
                 } else {
@@ -436,7 +432,7 @@ all_requests_are_null(struct resolv_query *query)
 static void
 resolv_timeout_cb(struct ev_loop *loop, struct ev_timer *w, int revents)
 {
-    struct resolv_ctx *ctx= cork_container_of(w, struct resolv_ctx, tw);
+    struct resolv_ctx *ctx = cork_container_of(w, struct resolv_ctx, tw);
 
     ares_process_fd(ctx->channel, ARES_SOCKET_BAD, ARES_SOCKET_BAD);
 
@@ -460,10 +456,10 @@ reset_timer()
  * Handle c-ares events
  */
 static void
-resolv_sock_state_cb(void *data, int s, int read, int write) {
-
-    struct resolv_ctx *ctx = (struct resolv_ctx *) data;
-    int io_active = ev_is_active(&ctx->io);
+resolv_sock_state_cb(void *data, int s, int read, int write)
+{
+    struct resolv_ctx *ctx = (struct resolv_ctx *)data;
+    int io_active          = ev_is_active(&ctx->io);
 
     if (read || write) {
         if (io_active && ctx->io.fd != s) {
diff --git a/src/resolv.h b/src/resolv.h
index 9bf625311..22f9e0f96 100644
--- a/src/resolv.h
+++ b/src/resolv.h
@@ -37,8 +37,8 @@ struct resolv_query;
 
 int resolv_init(struct ev_loop *, char *, int);
 struct resolv_query *resolv_start(const char *hostname, uint16_t port,
-        void (*client_cb)(struct sockaddr *, void *),
-        void (*free_cb)(void*), void *data);
+                                  void (*client_cb)(struct sockaddr *, void *),
+                                  void (*free_cb)(void *), void *data);
 void resolv_shutdown(struct ev_loop *);
 
 #endif
diff --git a/src/server.c b/src/server.c
index 3e88de4a4..bec120410 100644
--- a/src/server.c
+++ b/src/server.c
@@ -110,7 +110,7 @@ static void close_and_free_server(EV_P_ server_t *server);
 static void resolv_cb(struct sockaddr *addr, void *data);
 static void resolv_free_cb(void *data);
 
-int verbose     = 0;
+int verbose    = 0;
 int reuse_port = 0;
 
 static crypto_t *crypto;
@@ -277,7 +277,7 @@ reset_addr(int fd)
 }
 
 static void
-report_addr(int fd, int err_level, const char* info)
+report_addr(int fd, int err_level, const char *info)
 {
 #ifdef __linux__
     set_linger(fd);
@@ -410,7 +410,7 @@ create_and_bind(const char *host, const char *port, int mptcp)
 
         if (mptcp == 1) {
             int i = 0;
-            while((mptcp = mptcp_enabled_values[i]) > 0) {
+            while ((mptcp = mptcp_enabled_values[i]) > 0) {
                 int err = setsockopt(listen_sock, IPPROTO_TCP, mptcp, &opt, sizeof(opt));
                 if (err != -1) {
                     break;
@@ -526,7 +526,7 @@ connect_to_remote(EV_P_ struct addrinfo *res,
         }
 #else
         ssize_t s = sendto(sockfd, server->buf->data, server->buf->len,
-                MSG_FASTOPEN, res->ai_addr, res->ai_addrlen);
+                           MSG_FASTOPEN, res->ai_addr, res->ai_addrlen);
 #endif
         if (s == -1) {
             if (errno == CONNECT_IN_PROGRESS || errno == EAGAIN
@@ -562,90 +562,94 @@ connect_to_remote(EV_P_ struct addrinfo *res,
 }
 
 #ifdef USE_NFCONNTRACK_TOS
-int setMarkDscpCallback(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data)
+int
+setMarkDscpCallback(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data)
 {
-	server_t* server = (server_t*) data;
-	struct dscptracker* tracker = server->tracker;
-
-	tracker->mark = nfct_get_attr_u32(ct, ATTR_MARK);
-	if ((tracker->mark & 0xff00) == MARK_MASK_PREFIX) {
-		// Extract DSCP value from mark value
-		tracker->dscp = tracker->mark & 0x00ff;
-		int tos = (tracker->dscp) << 2;
-		if (setsockopt(server->fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) != 0) {
-			ERROR("iptable setsockopt IP_TOS");
-		};
-	}
-	return NFCT_CB_CONTINUE;
+    server_t *server            = (server_t *)data;
+    struct dscptracker *tracker = server->tracker;
+
+    tracker->mark = nfct_get_attr_u32(ct, ATTR_MARK);
+    if ((tracker->mark & 0xff00) == MARK_MASK_PREFIX) {
+        // Extract DSCP value from mark value
+        tracker->dscp = tracker->mark & 0x00ff;
+        int tos = (tracker->dscp) << 2;
+        if (setsockopt(server->fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) != 0) {
+            ERROR("iptable setsockopt IP_TOS");
+        }
+    }
+    return NFCT_CB_CONTINUE;
 }
 
-void conntrackQuery(server_t* server) {
-	struct dscptracker* tracker = server->tracker;
-	if(tracker && tracker->ct) {
-		// Trying query mark from nf conntrack
-		struct nfct_handle *h = nfct_open(CONNTRACK, 0);
-		if (h) {
-			nfct_callback_register(h, NFCT_T_ALL, setMarkDscpCallback, (void*) server);
-			int x = nfct_query(h, NFCT_Q_GET, tracker->ct);
-			if (x == -1) {
-				LOGE("QOS: Failed to retrieve connection mark %s", strerror(errno));
-			}
-			nfct_close(h);
-		} else {
-			LOGE("QOS: Failed to open conntrack handle for upstream netfilter mark retrieval.");
-		}
-	}
+void
+conntrackQuery(server_t *server)
+{
+    struct dscptracker *tracker = server->tracker;
+    if (tracker && tracker->ct) {
+        // Trying query mark from nf conntrack
+        struct nfct_handle *h = nfct_open(CONNTRACK, 0);
+        if (h) {
+            nfct_callback_register(h, NFCT_T_ALL, setMarkDscpCallback, (void *)server);
+            int x = nfct_query(h, NFCT_Q_GET, tracker->ct);
+            if (x == -1) {
+                LOGE("QOS: Failed to retrieve connection mark %s", strerror(errno));
+            }
+            nfct_close(h);
+        } else {
+            LOGE("QOS: Failed to open conntrack handle for upstream netfilter mark retrieval.");
+        }
+    }
 }
 
-void setTosFromConnmark(remote_t* remote, server_t* server)
+void
+setTosFromConnmark(remote_t *remote, server_t *server)
 {
-	if(server->tracker && server->tracker->ct) {
-		if(server->tracker->mark == 0 && server->tracker->packet_count < MARK_MAX_PACKET) {
-			server->tracker->packet_count++;
-			conntrackQuery(server);
-		}
-	} else {
-		socklen_t len;
-		struct sockaddr_storage sin;
-		len = sizeof(sin);
-		if (getsockname(remote->fd, (struct sockaddr *)&sin, &len) == 0) {
-			struct sockaddr_storage from_addr;
-			len = sizeof from_addr;
-			if(getpeername(remote->fd, (struct sockaddr*)&from_addr, &len) == 0) {
-				if((server->tracker = (struct dscptracker*) ss_malloc(sizeof(struct dscptracker))))
-				{
-					if ((server->tracker->ct = nfct_new())) {
-						// Build conntrack query SELECT
-						if (from_addr.ss_family == AF_INET) {
-							struct sockaddr_in *src = (struct sockaddr_in *)&from_addr;
-							struct sockaddr_in *dst = (struct sockaddr_in *)&sin;
-
-							nfct_set_attr_u8(server->tracker->ct, ATTR_L3PROTO, AF_INET);
-							nfct_set_attr_u32(server->tracker->ct, ATTR_IPV4_DST, dst->sin_addr.s_addr);
-							nfct_set_attr_u32(server->tracker->ct, ATTR_IPV4_SRC, src->sin_addr.s_addr);
-							nfct_set_attr_u16(server->tracker->ct, ATTR_PORT_DST, dst->sin_port);
-							nfct_set_attr_u16(server->tracker->ct, ATTR_PORT_SRC, src->sin_port);
-						} else if (from_addr.ss_family == AF_INET6) {
-							struct sockaddr_in6 *src = (struct sockaddr_in6 *)&from_addr;
-							struct sockaddr_in6 *dst = (struct sockaddr_in6 *)&sin;
-
-							nfct_set_attr_u8(server->tracker->ct, ATTR_L3PROTO, AF_INET6);
-							nfct_set_attr(server->tracker->ct, ATTR_IPV6_DST, dst->sin6_addr.s6_addr);
-							nfct_set_attr(server->tracker->ct, ATTR_IPV6_SRC, src->sin6_addr.s6_addr);
-							nfct_set_attr_u16(server->tracker->ct, ATTR_PORT_DST, dst->sin6_port);
-							nfct_set_attr_u16(server->tracker->ct, ATTR_PORT_SRC, src->sin6_port);
-						}
-						nfct_set_attr_u8(server->tracker->ct, ATTR_L4PROTO, IPPROTO_TCP);
-						conntrackQuery(server);
-					} else {
-						LOGE("Failed to allocate new conntrack for upstream netfilter mark retrieval.");
-						server->tracker->ct=NULL;
-					};
-				}
-			}
-		}
-	}
+    if (server->tracker && server->tracker->ct) {
+        if (server->tracker->mark == 0 && server->tracker->packet_count < MARK_MAX_PACKET) {
+            server->tracker->packet_count++;
+            conntrackQuery(server);
+        }
+    } else {
+        socklen_t len;
+        struct sockaddr_storage sin;
+        len = sizeof(sin);
+        if (getsockname(remote->fd, (struct sockaddr *)&sin, &len) == 0) {
+            struct sockaddr_storage from_addr;
+            len = sizeof from_addr;
+            if (getpeername(remote->fd, (struct sockaddr *)&from_addr, &len) == 0) {
+                if ((server->tracker = (struct dscptracker *)ss_malloc(sizeof(struct dscptracker)))) {
+                    if ((server->tracker->ct = nfct_new())) {
+                        // Build conntrack query SELECT
+                        if (from_addr.ss_family == AF_INET) {
+                            struct sockaddr_in *src = (struct sockaddr_in *)&from_addr;
+                            struct sockaddr_in *dst = (struct sockaddr_in *)&sin;
+
+                            nfct_set_attr_u8(server->tracker->ct, ATTR_L3PROTO, AF_INET);
+                            nfct_set_attr_u32(server->tracker->ct, ATTR_IPV4_DST, dst->sin_addr.s_addr);
+                            nfct_set_attr_u32(server->tracker->ct, ATTR_IPV4_SRC, src->sin_addr.s_addr);
+                            nfct_set_attr_u16(server->tracker->ct, ATTR_PORT_DST, dst->sin_port);
+                            nfct_set_attr_u16(server->tracker->ct, ATTR_PORT_SRC, src->sin_port);
+                        } else if (from_addr.ss_family == AF_INET6) {
+                            struct sockaddr_in6 *src = (struct sockaddr_in6 *)&from_addr;
+                            struct sockaddr_in6 *dst = (struct sockaddr_in6 *)&sin;
+
+                            nfct_set_attr_u8(server->tracker->ct, ATTR_L3PROTO, AF_INET6);
+                            nfct_set_attr(server->tracker->ct, ATTR_IPV6_DST, dst->sin6_addr.s6_addr);
+                            nfct_set_attr(server->tracker->ct, ATTR_IPV6_SRC, src->sin6_addr.s6_addr);
+                            nfct_set_attr_u16(server->tracker->ct, ATTR_PORT_DST, dst->sin6_port);
+                            nfct_set_attr_u16(server->tracker->ct, ATTR_PORT_SRC, src->sin6_port);
+                        }
+                        nfct_set_attr_u8(server->tracker->ct, ATTR_L4PROTO, IPPROTO_TCP);
+                        conntrackQuery(server);
+                    } else {
+                        LOGE("Failed to allocate new conntrack for upstream netfilter mark retrieval.");
+                        server->tracker->ct = NULL;
+                    }
+                }
+            }
+        }
+    }
 }
+
 #endif
 
 static void
@@ -687,7 +691,7 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
         }
     }
 
-    tx += r;
+    tx      += r;
     buf->len = r;
 
     int err = crypto->decrypt(buf, server->d_ctx, BUF_SIZE);
@@ -760,7 +764,7 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
             if (server->buf->len >= in_addr_len + 3) {
                 addr->sin_addr = *(struct in_addr *)(server->buf->data + offset);
                 inet_ntop(AF_INET, (const void *)(server->buf->data + offset),
-                         host, INET_ADDRSTRLEN);
+                          host, INET_ADDRSTRLEN);
                 offset += in_addr_len;
             } else {
                 report_addr(server->fd, MALFORMED, "invalid length for ipv4 address");
@@ -827,7 +831,7 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
             if (server->buf->len >= in6_addr_len + 3) {
                 addr->sin6_addr = *(struct in6_addr *)(server->buf->data + offset);
                 inet_ntop(AF_INET6, (const void *)(server->buf->data + offset),
-                         host, INET6_ADDRSTRLEN);
+                          host, INET6_ADDRSTRLEN);
                 offset += in6_addr_len;
             } else {
                 LOGE("invalid header with addr type %d", atyp);
@@ -884,7 +888,7 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
                 if (server->buf->len > 0) {
                     brealloc(remote->buf, server->buf->len, BUF_SIZE);
                     memcpy(remote->buf->data, server->buf->data + server->buf->idx,
-                            server->buf->len);
+                           server->buf->len);
                     remote->buf->len = server->buf->len;
                     remote->buf->idx = 0;
                     server->buf->len = 0;
@@ -904,10 +908,11 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
 
             server->stage = STAGE_RESOLVE;
             struct resolv_query *q = resolv_start(host, port,
-                    resolv_cb, resolv_free_cb, query);
+                                                  resolv_cb, resolv_free_cb, query);
 
             if (q == NULL) {
-                if (query != NULL) ss_free(query);
+                if (query != NULL)
+                    ss_free(query);
                 server->query = NULL;
                 close_and_free_server(EV_A_ server);
                 return;
@@ -1014,10 +1019,11 @@ resolv_free_cb(void *data)
 static void
 resolv_cb(struct sockaddr *addr, void *data)
 {
-    query_t *query       = (query_t *)data;
-    server_t *server     = query->server;
+    query_t *query   = (query_t *)data;
+    server_t *server = query->server;
 
-    if (server == NULL) return;
+    if (server == NULL)
+        return;
 
     struct ev_loop *loop = server->listen_ctx->loop;
 
@@ -1055,7 +1061,7 @@ resolv_cb(struct sockaddr *addr, void *data)
             if (server->buf->len > 0) {
                 brealloc(remote->buf, server->buf->len, BUF_SIZE);
                 memcpy(remote->buf->data, server->buf->data + server->buf->idx,
-                        server->buf->len);
+                       server->buf->len);
                 remote->buf->len = server->buf->len;
                 remote->buf->idx = 0;
                 server->buf->len = 0;
@@ -1311,9 +1317,9 @@ new_server(int fd, listen_ctx_t *listener)
 
     memset(server, 0, sizeof(server_t));
 
-    server->recv_ctx   = ss_malloc(sizeof(server_ctx_t));
-    server->send_ctx   = ss_malloc(sizeof(server_ctx_t));
-    server->buf        = ss_malloc(sizeof(buffer_t));
+    server->recv_ctx = ss_malloc(sizeof(server_ctx_t));
+    server->send_ctx = ss_malloc(sizeof(server_ctx_t));
+    server->buf      = ss_malloc(sizeof(buffer_t));
     memset(server->recv_ctx, 0, sizeof(server_ctx_t));
     memset(server->send_ctx, 0, sizeof(server_ctx_t));
     balloc(server->buf, BUF_SIZE);
@@ -1350,15 +1356,15 @@ static void
 free_server(server_t *server)
 {
 #ifdef USE_NFCONNTRACK_TOS
-    if(server->tracker) {
-        struct dscptracker* tracker = server->tracker;
-        struct nf_conntrack* ct = server->tracker->ct;
+    if (server->tracker) {
+        struct dscptracker *tracker = server->tracker;
+        struct nf_conntrack *ct     = server->tracker->ct;
         server->tracker = NULL;
         if (ct) {
             nfct_destroy(ct);
-       }
-       free(tracker);
-    };
+        }
+        free(tracker);
+    }
 #endif
     cork_dllist_remove(&server->entries);
 
@@ -1389,7 +1395,7 @@ close_and_free_server(EV_P_ server_t *server)
     if (server != NULL) {
         if (server->query != NULL) {
             server->query->server = NULL;
-            server->query = NULL;
+            server->query         = NULL;
         }
         ev_io_stop(EV_A_ & server->send_ctx->io);
         ev_io_stop(EV_A_ & server->recv_ctx->io);
@@ -1447,7 +1453,7 @@ accept_cb(EV_P_ ev_io *w, int revents)
             }
         }
         if (!in_white_list && plugin == NULL
-                && check_block_list(peer_name)) {
+            && check_block_list(peer_name)) {
             LOGE("block all requests from %s", peer_name);
 #ifdef __linux__
             set_linger(serverfd);
@@ -1500,22 +1506,22 @@ main(int argc, char **argv)
     char *nameservers = NULL;
 
     static struct option long_options[] = {
-        { "fast-open",       no_argument,       NULL, GETOPT_VAL_FAST_OPEN },
-        { "reuse-port",      no_argument,       NULL, GETOPT_VAL_REUSE_PORT },
-        { "no-delay",        no_argument,       NULL, GETOPT_VAL_NODELAY },
-        { "acl",             required_argument, NULL, GETOPT_VAL_ACL },
+        { "fast-open",       no_argument,       NULL, GETOPT_VAL_FAST_OPEN   },
+        { "reuse-port",      no_argument,       NULL, GETOPT_VAL_REUSE_PORT  },
+        { "no-delay",        no_argument,       NULL, GETOPT_VAL_NODELAY     },
+        { "acl",             required_argument, NULL, GETOPT_VAL_ACL         },
         { "manager-address", required_argument, NULL,
-                                                GETOPT_VAL_MANAGER_ADDRESS },
-        { "mtu",             required_argument, NULL, GETOPT_VAL_MTU },
-        { "help",            no_argument,       NULL, GETOPT_VAL_HELP },
-        { "plugin",          required_argument, NULL, GETOPT_VAL_PLUGIN },
+          GETOPT_VAL_MANAGER_ADDRESS },
+        { "mtu",             required_argument, NULL, GETOPT_VAL_MTU         },
+        { "help",            no_argument,       NULL, GETOPT_VAL_HELP        },
+        { "plugin",          required_argument, NULL, GETOPT_VAL_PLUGIN      },
         { "plugin-opts",     required_argument, NULL, GETOPT_VAL_PLUGIN_OPTS },
-        { "password",        required_argument, NULL, GETOPT_VAL_PASSWORD },
-        { "key",             required_argument, NULL, GETOPT_VAL_KEY },
+        { "password",        required_argument, NULL, GETOPT_VAL_PASSWORD    },
+        { "key",             required_argument, NULL, GETOPT_VAL_KEY         },
 #ifdef __linux__
-        { "mptcp",           no_argument,       NULL, GETOPT_VAL_MPTCP },
+        { "mptcp",           no_argument,       NULL, GETOPT_VAL_MPTCP       },
 #endif
-        { NULL,              0,                 NULL, 0 }
+        { NULL,                              0, NULL,                      0 }
     };
 
     opterr = 0;
@@ -1680,7 +1686,7 @@ main(int argc, char **argv)
             mptcp = conf->mptcp;
         }
         if (no_delay == 0) {
-          no_delay = conf->no_delay;
+            no_delay = conf->no_delay;
         }
         if (reuse_port == 0) {
             reuse_port = conf->reuse_port;
@@ -1706,7 +1712,7 @@ main(int argc, char **argv)
     }
 
     if (server_num == 0 || server_port == NULL
-            || (password == NULL && key == NULL)) {
+        || (password == NULL && key == NULL)) {
         usage();
         exit(EXIT_FAILURE);
     }
@@ -1775,7 +1781,7 @@ main(int argc, char **argv)
     }
 
     if (no_delay) {
-      LOGI("enable TCP no-delay");
+        LOGI("enable TCP no-delay");
     }
 
     // ignore SIGPIPE
@@ -1806,8 +1812,8 @@ main(int argc, char **argv)
 
     // Start plugin server
     if (plugin != NULL) {
-        int len = 0;
-        size_t buf_size = 256 * server_num;
+        int len          = 0;
+        size_t buf_size  = 256 * server_num;
         char *server_str = ss_malloc(buf_size);
 
         snprintf(server_str, buf_size, "%s", server_host[0]);
@@ -1818,7 +1824,7 @@ main(int argc, char **argv)
         }
 
         int err = start_plugin(plugin, plugin_opts, server_str,
-                plugin_port, "127.0.0.1", server_port, MODE_SERVER);
+                               plugin_port, "127.0.0.1", server_port, MODE_SERVER);
         if (err) {
             FATAL("failed to start the plugin");
         }
@@ -1863,7 +1869,8 @@ main(int argc, char **argv)
             else
                 LOGI("tcp server listening at %s:%s", host ? host : "0.0.0.0", server_port);
 
-            if (plugin != NULL) break;
+            if (plugin != NULL)
+                break;
         }
     }
 
@@ -1936,7 +1943,8 @@ main(int argc, char **argv)
             ev_io_stop(loop, &listen_ctx->io);
             close(listen_ctx->fd);
         }
-        if (plugin != NULL) break;
+        if (plugin != NULL)
+            break;
     }
 
     if (mode != UDP_ONLY) {
diff --git a/src/server.h b/src/server.h
index 4eb509343..6ba561cb2 100644
--- a/src/server.h
+++ b/src/server.h
@@ -59,10 +59,10 @@ typedef struct server_ctx {
 #include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
 
 struct dscptracker {
-        struct nf_conntrack *ct;
-        long unsigned int mark;
-        unsigned int dscp;
-        unsigned int packet_count;
+    struct nf_conntrack *ct;
+    long unsigned int mark;
+    unsigned int dscp;
+    unsigned int packet_count;
 };
 
 #endif
@@ -87,7 +87,7 @@ typedef struct server {
 
     struct cork_dllist_item entries;
 #ifdef USE_NFCONNTRACK_TOS
-    struct dscptracker* tracker;
+    struct dscptracker *tracker;
 #endif
 } server_t;
 
diff --git a/src/stream.c b/src/stream.c
index b79259dc1..4407fcb70 100644
--- a/src/stream.c
+++ b/src/stream.c
@@ -683,4 +683,3 @@ stream_init(const char *pass, const char *key, const char *method)
     }
     return stream_key_init(m, pass, key);
 }
-
diff --git a/src/tunnel.c b/src/tunnel.c
index 0cae1e1df..7b3abcb05 100644
--- a/src/tunnel.c
+++ b/src/tunnel.c
@@ -489,7 +489,7 @@ remote_send_cb(EV_P_ ev_io *w, int revents)
                 server->abuf = NULL;
             }
             ssize_t s = send(remote->fd, remote->buf->data + remote->buf->idx,
-                         remote->buf->len, 0);
+                             remote->buf->len, 0);
             if (s == -1) {
                 if (errno != EAGAIN && errno != EWOULDBLOCK) {
                     ERROR("send");
@@ -594,7 +594,7 @@ new_server(int fd)
     ev_io_init(&server->send_ctx->io, server_send_cb, fd, EV_WRITE);
 
     ev_timer_init(&server->delayed_connect_watcher,
-            delayed_connect_cb, 0.05, 0);
+                  delayed_connect_cb, 0.05, 0);
 
     return server;
 }
@@ -691,8 +691,8 @@ accept_cb(EV_P_ ev_io *w, int revents)
             ERROR("failed to enable multipath TCP");
         }
     } else if (listener->mptcp == 1) {
-       int i = 0;
-       while((listener->mptcp = mptcp_enabled_values[i]) > 0) {
+        int i = 0;
+        while ((listener->mptcp = mptcp_enabled_values[i]) > 0) {
             int err = setsockopt(remotefd, SOL_TCP, listener->mptcp, &opt, sizeof(opt));
             if (err != -1) {
                 break;
@@ -788,16 +788,16 @@ main(int argc, char **argv)
     char *tunnel_addr_str = NULL;
 
     static struct option long_options[] = {
-        { "mtu",         required_argument, NULL, GETOPT_VAL_MTU },
-        { "no-delay",    no_argument,       NULL, GETOPT_VAL_NODELAY },
-        { "mptcp",       no_argument,       NULL, GETOPT_VAL_MPTCP },
-        { "plugin",      required_argument, NULL, GETOPT_VAL_PLUGIN },
+        { "mtu",         required_argument, NULL, GETOPT_VAL_MTU         },
+        { "no-delay",    no_argument,       NULL, GETOPT_VAL_NODELAY     },
+        { "mptcp",       no_argument,       NULL, GETOPT_VAL_MPTCP       },
+        { "plugin",      required_argument, NULL, GETOPT_VAL_PLUGIN      },
         { "plugin-opts", required_argument, NULL, GETOPT_VAL_PLUGIN_OPTS },
-        { "reuse-port",  no_argument,       NULL, GETOPT_VAL_REUSE_PORT },
-        { "password",    required_argument, NULL, GETOPT_VAL_PASSWORD },
-        { "key",         required_argument, NULL, GETOPT_VAL_KEY },
-        { "help",        no_argument,       NULL, GETOPT_VAL_HELP },
-        { NULL,          0,                 NULL, 0 }
+        { "reuse-port",  no_argument,       NULL, GETOPT_VAL_REUSE_PORT  },
+        { "password",    required_argument, NULL, GETOPT_VAL_PASSWORD    },
+        { "key",         required_argument, NULL, GETOPT_VAL_KEY         },
+        { "help",        no_argument,       NULL, GETOPT_VAL_HELP        },
+        { NULL,                          0, NULL,                      0 }
     };
 
     opterr = 0;
@@ -988,7 +988,7 @@ main(int argc, char **argv)
     }
 
     if (remote_num == 0 || remote_port == NULL || tunnel_addr_str == NULL
-            || local_port == NULL || (password == NULL && key == NULL)) {
+        || local_port == NULL || (password == NULL && key == NULL)) {
         usage();
         exit(EXIT_FAILURE);
     }
@@ -1047,8 +1047,8 @@ main(int argc, char **argv)
     }
 
     if (plugin != NULL) {
-        int len = 0;
-        size_t buf_size = 256 * remote_num;
+        int len          = 0;
+        size_t buf_size  = 256 * remote_num;
         char *remote_str = ss_malloc(buf_size);
 
         snprintf(remote_str, buf_size, "%s", remote_addr[0].host);
@@ -1057,7 +1057,7 @@ main(int argc, char **argv)
             len = strlen(remote_str);
         }
         int err = start_plugin(plugin, plugin_opts, remote_str,
-                remote_port, plugin_host, plugin_port, MODE_CLIENT);
+                               remote_port, plugin_host, plugin_port, MODE_CLIENT);
         if (err) {
             FATAL("failed to start the plugin");
         }
@@ -1101,7 +1101,8 @@ main(int argc, char **argv)
         }
         listen_ctx.remote_addr[i] = (struct sockaddr *)storage;
 
-        if (plugin != NULL) break;
+        if (plugin != NULL)
+            break;
     }
     listen_ctx.timeout = atoi(timeout);
     listen_ctx.iface   = iface;
@@ -1130,8 +1131,8 @@ main(int argc, char **argv)
     // Setup UDP
     if (mode != TCP_ONLY) {
         LOGI("UDP relay enabled");
-        char *host = remote_addr[0].host;
-        char *port = remote_addr[0].port == NULL ? remote_port : remote_addr[0].port;
+        char *host                       = remote_addr[0].host;
+        char *port                       = remote_addr[0].port == NULL ? remote_port : remote_addr[0].port;
         struct sockaddr_storage *storage = ss_malloc(sizeof(struct sockaddr_storage));
         memset(storage, 0, sizeof(struct sockaddr_storage));
         if (get_sockaddr(host, port, storage, 1, ipv6first) == -1) {
@@ -1139,7 +1140,7 @@ main(int argc, char **argv)
         }
         struct sockaddr *addr = (struct sockaddr *)storage;
         init_udprelay(local_addr, local_port, addr, get_sockaddr_len(addr),
-                tunnel_addr, mtu, crypto, listen_ctx.timeout, iface);
+                      tunnel_addr, mtu, crypto, listen_ctx.timeout, iface);
     }
 
     if (mode == UDP_ONLY) {
diff --git a/src/udprelay.c b/src/udprelay.c
index b39d6e2b5..d63c30101 100644
--- a/src/udprelay.c
+++ b/src/udprelay.c
@@ -242,7 +242,7 @@ parse_udprelay_header(const char *buf, const size_t buf_len,
             }
             if (host != NULL) {
                 inet_ntop(AF_INET, (const void *)(buf + offset),
-                         host, INET_ADDRSTRLEN);
+                          host, INET_ADDRSTRLEN);
             }
             offset += in_addr_len;
         }
@@ -285,7 +285,7 @@ parse_udprelay_header(const char *buf, const size_t buf_len,
             }
             if (host != NULL) {
                 inet_ntop(AF_INET6, (const void *)(buf + offset),
-                         host, INET6_ADDRSTRLEN);
+                          host, INET6_ADDRSTRLEN);
             }
             offset += in6_addr_len;
         }
@@ -316,14 +316,14 @@ get_addr_str(const struct sockaddr *sa)
     switch (sa->sa_family) {
     case AF_INET:
         inet_ntop(AF_INET, &(((struct sockaddr_in *)sa)->sin_addr),
-                 addr, INET_ADDRSTRLEN);
+                  addr, INET_ADDRSTRLEN);
         p = ntohs(((struct sockaddr_in *)sa)->sin_port);
         sprintf(port, "%d", p);
         break;
 
     case AF_INET6:
         inet_ntop(AF_INET6, &(((struct sockaddr_in6 *)sa)->sin6_addr),
-                 addr, INET6_ADDRSTRLEN);
+                  addr, INET6_ADDRSTRLEN);
         p = ntohs(((struct sockaddr_in *)sa)->sin_port);
         sprintf(port, "%d", p);
         break;
@@ -1294,7 +1294,7 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
         }
 
         struct resolv_query *query = resolv_start(host, htons(atoi(port)),
-                resolv_cb, resolv_free_cb, query_ctx);
+                                                  resolv_cb, resolv_free_cb, query_ctx);
 
         if (query == NULL) {
             ERROR("[udp] unable to create DNS query");
diff --git a/src/utils.c b/src/utils.c
index 24c53f375..35f736e61 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -87,7 +87,8 @@ ss_itoa(int i)
 }
 
 int
-ss_isnumeric(const char *s) {
+ss_isnumeric(const char *s)
+{
     if (!s || !*s)
         return 0;
     while (isdigit((unsigned char)*s))
@@ -126,7 +127,7 @@ run_as(const char *user)
              * which returns its result in a statically allocated buffer and
              * cannot be considered thread safe. */
             err = uid >= 0 ? getpwuid_r((uid_t)uid, &pwdbuf, buf, buflen, &pwd)
-                : getpwnam_r(user, &pwdbuf, buf, buflen, &pwd);
+                  : getpwnam_r(user, &pwdbuf, buf, buflen, &pwd);
 
             if (err == 0 && pwd) {
                 /* setgid first, because we may not be allowed to do it anymore after setuid */
@@ -154,7 +155,7 @@ run_as(const char *user)
             } else if (err != ERANGE) {
                 if (err) {
                     LOGE("run_as user '%s' could not be found: %s", user,
-                            strerror(err));
+                         strerror(err));
                 } else {
                     LOGE("run_as user '%s' could not be found.", user);
                 }
@@ -173,7 +174,7 @@ run_as(const char *user)
         /* No getpwnam_r() :-(  We'll use getpwnam() and hope for the best. */
         struct passwd *pwd;
 
-        if (!(pwd = uid >=0 ? getpwuid((uid_t)uid) : getpwnam(user))) {
+        if (!(pwd = uid >= 0 ? getpwuid((uid_t)uid) : getpwnam(user))) {
             LOGE("run_as user %s could not be found.", user);
             return 0;
         }
diff --git a/src/utils.h b/src/utils.h
index b300f5c5d..0b1825b67 100644
--- a/src/utils.h
+++ b/src/utils.h
@@ -174,4 +174,3 @@ void *ss_realloc(void *ptr, size_t new_size);
     } while (0)
 
 #endif // _UTILS_H
-