git: 8f04209d37ec - main - pf: simplify pf_addrcpy() and pf_match_addr()

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Thu, 06 Jun 2024 13:46:06 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=8f04209d37ec14e28aaeb14a7a020dac9fb4983b

commit 8f04209d37ec14e28aaeb14a7a020dac9fb4983b
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-06-05 20:30:34 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-06-06 13:45:31 +0000

    pf: simplify pf_addrcpy() and pf_match_addr()
    
    Use the v4/v6 union members rather than the uint32_t ones.
    Export IN_ARE_MASKED_ADDR_EQUAL() in in_var.h and use it (and its IPv6
    equivalent) for masked comparisons rather than hand-rolled code.
    
    Event:          Kitchener-Waterloo Hackathon 202406
---
 sys/netinet/in.c     |  3 ---
 sys/netinet/in_var.h |  5 +++++
 sys/netpfil/pf/pf.c  | 19 ++++---------------
 3 files changed, 9 insertions(+), 18 deletions(-)

diff --git a/sys/netinet/in.c b/sys/netinet/in.c
index 940b197d9e95..cc2f37863ea1 100644
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@@ -1473,9 +1473,6 @@ in_lltable_new(struct in_addr addr4, u_int flags)
 	return (&lle->base);
 }
 
-#define IN_ARE_MASKED_ADDR_EQUAL(d, a, m)	(		\
-	((((d).s_addr ^ (a).s_addr) & (m).s_addr)) == 0 )
-
 static int
 in_lltable_match_prefix(const struct sockaddr *saddr,
     const struct sockaddr *smask, u_int flags, struct llentry *lle)
diff --git a/sys/netinet/in_var.h b/sys/netinet/in_var.h
index 09d3cd050fc3..b4bdb2a65fc8 100644
--- a/sys/netinet/in_var.h
+++ b/sys/netinet/in_var.h
@@ -97,6 +97,11 @@ struct in_ifaddr {
 #define IN_LNAOF(in, ifa) \
 	((ntohl((in).s_addr) & ~((struct in_ifaddr *)(ifa)->ia_subnetmask))
 
+#ifdef _KERNEL
+#define IN_ARE_MASKED_ADDR_EQUAL(d, a, m)	(		\
+	((((d).s_addr ^ (a).s_addr) & (m).s_addr)) == 0 )
+#endif
+
 #define LLTABLE(ifp)	\
 	((struct in_ifinfo *)(ifp)->if_afdata[AF_INET])->ii_llt
 /*
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 195b5d49db7a..064642d7da05 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -723,14 +723,11 @@ pf_addrcpy(struct pf_addr *dst, struct pf_addr *src, sa_family_t af)
 	switch (af) {
 #ifdef INET
 	case AF_INET:
-		dst->addr32[0] = src->addr32[0];
+		memcpy(&dst->v4, &src->v4, sizeof(dst->v4));
 		break;
 #endif /* INET */
 	case AF_INET6:
-		dst->addr32[0] = src->addr32[0];
-		dst->addr32[1] = src->addr32[1];
-		dst->addr32[2] = src->addr32[2];
-		dst->addr32[3] = src->addr32[3];
+		memcpy(&dst->v6, &src->v6, sizeof(dst->v6));
 		break;
 	}
 }
@@ -3408,21 +3405,13 @@ pf_match_addr(u_int8_t n, struct pf_addr *a, struct pf_addr *m,
 	switch (af) {
 #ifdef INET
 	case AF_INET:
-		if ((a->addr32[0] & m->addr32[0]) ==
-		    (b->addr32[0] & m->addr32[0]))
+		if (IN_ARE_MASKED_ADDR_EQUAL(a->v4, b->v4, m->v4))
 			match++;
 		break;
 #endif /* INET */
 #ifdef INET6
 	case AF_INET6:
-		if (((a->addr32[0] & m->addr32[0]) ==
-		     (b->addr32[0] & m->addr32[0])) &&
-		    ((a->addr32[1] & m->addr32[1]) ==
-		     (b->addr32[1] & m->addr32[1])) &&
-		    ((a->addr32[2] & m->addr32[2]) ==
-		     (b->addr32[2] & m->addr32[2])) &&
-		    ((a->addr32[3] & m->addr32[3]) ==
-		     (b->addr32[3] & m->addr32[3])))
+		if (IN6_ARE_MASKED_ADDR_EQUAL(&a->v6, &b->v6, &m->v6))
 			match++;
 		break;
 #endif /* INET6 */