pf: simplify pf_addrcpy() and pf_match_addr()
Use the v4/v6 union members rather than the uint32_t ones. Export IN_ARE_MASKED_ADDR_EQUAL() in in_var.h and use it (and its IPv6 equivalent) for masked comparisons rather than hand-rolled code. Event: Kitchener-Waterloo Hackathon 202406
This commit is contained in:
@@ -1473,9 +1473,6 @@ in_lltable_new(struct in_addr addr4, u_int flags)
|
|||||||
return (&lle->base);
|
return (&lle->base);
|
||||||
}
|
}
|
||||||
|
|
||||||
#define IN_ARE_MASKED_ADDR_EQUAL(d, a, m) ( \
|
|
||||||
((((d).s_addr ^ (a).s_addr) & (m).s_addr)) == 0 )
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
in_lltable_match_prefix(const struct sockaddr *saddr,
|
in_lltable_match_prefix(const struct sockaddr *saddr,
|
||||||
const struct sockaddr *smask, u_int flags, struct llentry *lle)
|
const struct sockaddr *smask, u_int flags, struct llentry *lle)
|
||||||
|
|||||||
@@ -97,6 +97,11 @@ struct in_ifaddr {
|
|||||||
#define IN_LNAOF(in, ifa) \
|
#define IN_LNAOF(in, ifa) \
|
||||||
((ntohl((in).s_addr) & ~((struct in_ifaddr *)(ifa)->ia_subnetmask))
|
((ntohl((in).s_addr) & ~((struct in_ifaddr *)(ifa)->ia_subnetmask))
|
||||||
|
|
||||||
|
#ifdef _KERNEL
|
||||||
|
#define IN_ARE_MASKED_ADDR_EQUAL(d, a, m) ( \
|
||||||
|
((((d).s_addr ^ (a).s_addr) & (m).s_addr)) == 0 )
|
||||||
|
#endif
|
||||||
|
|
||||||
#define LLTABLE(ifp) \
|
#define LLTABLE(ifp) \
|
||||||
((struct in_ifinfo *)(ifp)->if_afdata[AF_INET])->ii_llt
|
((struct in_ifinfo *)(ifp)->if_afdata[AF_INET])->ii_llt
|
||||||
/*
|
/*
|
||||||
|
|||||||
+4
-15
@@ -723,14 +723,11 @@ pf_addrcpy(struct pf_addr *dst, struct pf_addr *src, sa_family_t af)
|
|||||||
switch (af) {
|
switch (af) {
|
||||||
#ifdef INET
|
#ifdef INET
|
||||||
case AF_INET:
|
case AF_INET:
|
||||||
dst->addr32[0] = src->addr32[0];
|
memcpy(&dst->v4, &src->v4, sizeof(dst->v4));
|
||||||
break;
|
break;
|
||||||
#endif /* INET */
|
#endif /* INET */
|
||||||
case AF_INET6:
|
case AF_INET6:
|
||||||
dst->addr32[0] = src->addr32[0];
|
memcpy(&dst->v6, &src->v6, sizeof(dst->v6));
|
||||||
dst->addr32[1] = src->addr32[1];
|
|
||||||
dst->addr32[2] = src->addr32[2];
|
|
||||||
dst->addr32[3] = src->addr32[3];
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -3408,21 +3405,13 @@ pf_match_addr(u_int8_t n, struct pf_addr *a, struct pf_addr *m,
|
|||||||
switch (af) {
|
switch (af) {
|
||||||
#ifdef INET
|
#ifdef INET
|
||||||
case AF_INET:
|
case AF_INET:
|
||||||
if ((a->addr32[0] & m->addr32[0]) ==
|
if (IN_ARE_MASKED_ADDR_EQUAL(a->v4, b->v4, m->v4))
|
||||||
(b->addr32[0] & m->addr32[0]))
|
|
||||||
match++;
|
match++;
|
||||||
break;
|
break;
|
||||||
#endif /* INET */
|
#endif /* INET */
|
||||||
#ifdef INET6
|
#ifdef INET6
|
||||||
case AF_INET6:
|
case AF_INET6:
|
||||||
if (((a->addr32[0] & m->addr32[0]) ==
|
if (IN6_ARE_MASKED_ADDR_EQUAL(&a->v6, &b->v6, &m->v6))
|
||||||
(b->addr32[0] & m->addr32[0])) &&
|
|
||||||
((a->addr32[1] & m->addr32[1]) ==
|
|
||||||
(b->addr32[1] & m->addr32[1])) &&
|
|
||||||
((a->addr32[2] & m->addr32[2]) ==
|
|
||||||
(b->addr32[2] & m->addr32[2])) &&
|
|
||||||
((a->addr32[3] & m->addr32[3]) ==
|
|
||||||
(b->addr32[3] & m->addr32[3])))
|
|
||||||
match++;
|
match++;
|
||||||
break;
|
break;
|
||||||
#endif /* INET6 */
|
#endif /* INET6 */
|
||||||
|
|||||||
Reference in New Issue
Block a user