git: 8f04209d37ec - main - pf: simplify pf_addrcpy() and pf_match_addr()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 06 Jun 2024 13:46:06 UTC
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=8f04209d37ec14e28aaeb14a7a020dac9fb4983b commit 8f04209d37ec14e28aaeb14a7a020dac9fb4983b Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-06-05 20:30:34 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-06-06 13:45:31 +0000 pf: simplify pf_addrcpy() and pf_match_addr() Use the v4/v6 union members rather than the uint32_t ones. Export IN_ARE_MASKED_ADDR_EQUAL() in in_var.h and use it (and its IPv6 equivalent) for masked comparisons rather than hand-rolled code. Event: Kitchener-Waterloo Hackathon 202406 --- sys/netinet/in.c | 3 --- sys/netinet/in_var.h | 5 +++++ sys/netpfil/pf/pf.c | 19 ++++--------------- 3 files changed, 9 insertions(+), 18 deletions(-) diff --git a/sys/netinet/in.c b/sys/netinet/in.c index 940b197d9e95..cc2f37863ea1 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -1473,9 +1473,6 @@ in_lltable_new(struct in_addr addr4, u_int flags) return (&lle->base); } -#define IN_ARE_MASKED_ADDR_EQUAL(d, a, m) ( \ - ((((d).s_addr ^ (a).s_addr) & (m).s_addr)) == 0 ) - static int in_lltable_match_prefix(const struct sockaddr *saddr, const struct sockaddr *smask, u_int flags, struct llentry *lle) diff --git a/sys/netinet/in_var.h b/sys/netinet/in_var.h index 09d3cd050fc3..b4bdb2a65fc8 100644 --- a/sys/netinet/in_var.h +++ b/sys/netinet/in_var.h @@ -97,6 +97,11 @@ struct in_ifaddr { #define IN_LNAOF(in, ifa) \ ((ntohl((in).s_addr) & ~((struct in_ifaddr *)(ifa)->ia_subnetmask)) +#ifdef _KERNEL +#define IN_ARE_MASKED_ADDR_EQUAL(d, a, m) ( \ + ((((d).s_addr ^ (a).s_addr) & (m).s_addr)) == 0 ) +#endif + #define LLTABLE(ifp) \ ((struct in_ifinfo *)(ifp)->if_afdata[AF_INET])->ii_llt /* diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 195b5d49db7a..064642d7da05 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -723,14 +723,11 @@ pf_addrcpy(struct pf_addr *dst, struct pf_addr *src, sa_family_t af) switch (af) { #ifdef INET case AF_INET: - dst->addr32[0] = src->addr32[0]; + memcpy(&dst->v4, &src->v4, sizeof(dst->v4)); break; #endif /* INET */ case AF_INET6: - dst->addr32[0] = src->addr32[0]; - dst->addr32[1] = src->addr32[1]; - dst->addr32[2] = src->addr32[2]; - dst->addr32[3] = src->addr32[3]; + memcpy(&dst->v6, &src->v6, sizeof(dst->v6)); break; } } @@ -3408,21 +3405,13 @@ pf_match_addr(u_int8_t n, struct pf_addr *a, struct pf_addr *m, switch (af) { #ifdef INET case AF_INET: - if ((a->addr32[0] & m->addr32[0]) == - (b->addr32[0] & m->addr32[0])) + if (IN_ARE_MASKED_ADDR_EQUAL(a->v4, b->v4, m->v4)) match++; break; #endif /* INET */ #ifdef INET6 case AF_INET6: - if (((a->addr32[0] & m->addr32[0]) == - (b->addr32[0] & m->addr32[0])) && - ((a->addr32[1] & m->addr32[1]) == - (b->addr32[1] & m->addr32[1])) && - ((a->addr32[2] & m->addr32[2]) == - (b->addr32[2] & m->addr32[2])) && - ((a->addr32[3] & m->addr32[3]) == - (b->addr32[3] & m->addr32[3]))) + if (IN6_ARE_MASKED_ADDR_EQUAL(&a->v6, &b->v6, &m->v6)) match++; break; #endif /* INET6 */