pf: simplify pf_addrcpy() and pf_match_addr()

Use the v4/v6 union members rather than the uint32_t ones. Export IN_ARE_MASKED_ADDR_EQUAL() in in_var.h and use it (and its IPv6 equivalent) for masked comparisons rather than hand-rolled code. Event: Kitchener-Waterloo Hackathon 202406
2024-07-22 02:37:15 +00:00 · 2024-06-05 16:30:34 -04:00 · 2024-06-05 16:30:34 -04:00 · 8f04209d37
parent f0829825fb
commit 8f04209d37
3 changed files with 9 additions and 18 deletions
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@ -1473,9 +1473,6 @@ in_lltable_new(struct in_addr addr4, u_int flags)
 	return (&lle->base);
 }

-#define IN_ARE_MASKED_ADDR_EQUAL(d, a, m)	(		\
-	((((d).s_addr ^ (a).s_addr) & (m).s_addr)) == 0 )
-
 static int
 in_lltable_match_prefix(const struct sockaddr *saddr,
    const struct sockaddr *smask, u_int flags, struct llentry *lle)
--- a/sys/netinet/in_var.h
+++ b/sys/netinet/in_var.h
@ -97,6 +97,11 @@ struct in_ifaddr {
 #define IN_LNAOF(in, ifa) \
 	((ntohl((in).s_addr) & ~((struct in_ifaddr *)(ifa)->ia_subnetmask))

+#ifdef _KERNEL
+#define IN_ARE_MASKED_ADDR_EQUAL(d, a, m)	(		\
+	((((d).s_addr ^ (a).s_addr) & (m).s_addr)) == 0 )
+#endif
+
 #define LLTABLE(ifp)	\
 	((struct in_ifinfo *)(ifp)->if_afdata[AF_INET])->ii_llt
 /*
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@ -723,14 +723,11 @@ pf_addrcpy(struct pf_addr *dst, struct pf_addr *src, sa_family_t af)
 	switch (af) {
 #ifdef INET
 	case AF_INET:
-		dst->addr32[0] = src->addr32[0];
+		memcpy(&dst->v4, &src->v4, sizeof(dst->v4));
 		break;
 #endif /* INET */
 	case AF_INET6:
-		dst->addr32[0] = src->addr32[0];
-		dst->addr32[1] = src->addr32[1];
-		dst->addr32[2] = src->addr32[2];
-		dst->addr32[3] = src->addr32[3];
+		memcpy(&dst->v6, &src->v6, sizeof(dst->v6));
 		break;
 	}
 }
@ -3408,21 +3405,13 @@ pf_match_addr(u_int8_t n, struct pf_addr *a, struct pf_addr *m,
 	switch (af) {
 #ifdef INET
 	case AF_INET:
-		if ((a->addr32[0] & m->addr32[0]) ==
-		    (b->addr32[0] & m->addr32[0]))
+		if (IN_ARE_MASKED_ADDR_EQUAL(a->v4, b->v4, m->v4))
 			match++;
 		break;
 #endif /* INET */
 #ifdef INET6
 	case AF_INET6:
-		if (((a->addr32[0] & m->addr32[0]) ==
-		     (b->addr32[0] & m->addr32[0])) &&
-		    ((a->addr32[1] & m->addr32[1]) ==
-		     (b->addr32[1] & m->addr32[1])) &&
-		    ((a->addr32[2] & m->addr32[2]) ==
-		     (b->addr32[2] & m->addr32[2])) &&
-		    ((a->addr32[3] & m->addr32[3]) ==
-		     (b->addr32[3] & m->addr32[3])))
+		if (IN6_ARE_MASKED_ADDR_EQUAL(&a->v6, &b->v6, &m->v6))
 			match++;
 		break;
 #endif /* INET6 */