pflog: use nd_ipv4 and nd_ipv6 for addresses in the header.

We should be using nd_ types in structures that are overlaid on packets,
so that we control the field offsets (as independently of the compiler
as possible) and to make it more difficult to fetch data fromt he packet
without using packet data accessor routines (to force bounds checking
and conversion from the appropriate byte order to host byte order as
necessary).

diff --git a/pflog.h b/pflog.h
index 0d3f899b8eecbfe4191bf6a4278c16c9a698ca83..f5198600d51f2cc73241659f533fe7d76941405e 100644 (file)
--- a/pflog.h
+++ b/pflog.h
@@ -107,17 +107,11 @@
 
 struct pf_addr {
        union {
-               struct in_addr          v4;
-               struct in6_addr         v6;
-               uint8_t                 addr8[16];
-               uint16_t                addr16[8];
-               uint32_t                addr32[4];
+               nd_ipv4         v4;
+               nd_ipv6         v6;
        } pfa;              /* 128-bit address */
 #define v4     pfa.v4
 #define v6     pfa.v6
-#define addr8  pfa.addr8
-#define addr16 pfa.addr16
-#define addr32 pfa.addr32
 };
 
 struct pfloghdr {