Refactoring various usages of new IPAddr class.

Reducing number of places that internal representation was exposed via GetBytes/CopyIPv6. Also fixed a bug in remask_addr bif.
2025-10-02 14:48:21 +00:00 · 2012-02-22 14:45:44 -06:00 · 2012-02-22 14:45:44 -06:00 · d7dafe2fe2
commit d7dafe2fe2
parent d887eb3178
24 changed files with 301 additions and 267 deletions
--- a/src/CompHash.cc
+++ b/src/CompHash.cc
@ -108,12 +108,7 @@ char* CompositeHash::SingleValHash(int type_check, char* kp0,
 	case TYPE_INTERNAL_ADDR:
 		{
 		uint32* kp = AlignAndPadType<uint32>(kp0);
-		uint32 bytes[4];
+		v->AsAddr().CopyIPv6(kp);
 		v->AsAddr().CopyIPv6(bytes);
 		kp[0] = bytes[0];
 		kp[1] = bytes[1];
 		kp[2] = bytes[2];
 		kp[3] = bytes[3];
 		kp1 = reinterpret_cast<char*>(kp+4);
 		}
 		break;
@ -121,12 +116,7 @@ char* CompositeHash::SingleValHash(int type_check, char* kp0,
 	case TYPE_INTERNAL_SUBNET:
 		{
 		uint32* kp = AlignAndPadType<uint32>(kp0);
-		uint32 bytes[4];
+		v->AsSubNet().Prefix().CopyIPv6(kp);
 		v->AsSubNet().Prefix().CopyIPv6(bytes);
 		kp[0] = bytes[0];
 		kp[1] = bytes[1];
 		kp[2] = bytes[2];
 		kp[3] = bytes[3];
 		kp[4] = v->AsSubNet().Length();
 		kp1 = reinterpret_cast<char*>(kp+5);
 		}
@ -352,19 +342,10 @@ HashKey* CompositeHash::ComputeSingletonHash(const Val* v, int type_check) const
 		return new HashKey(v->ForceAsInt());
 	case TYPE_INTERNAL_ADDR:
-		{
+		return v->AsAddr().GetHashKey();
 		uint32 bytes[4];
 		v->AsAddr().CopyIPv6(bytes);
 		return new HashKey((void*)bytes, 4 * sizeof(uint32));
 		}
 	case TYPE_INTERNAL_SUBNET:
-		{
+		return v->AsSubNet().GetHashKey();
 		uint32 bytes[5];
 		v->AsSubNet().Prefix().CopyIPv6(bytes);
 		bytes[4] = v->AsSubNet().Length();
 		return new HashKey((void*)bytes, 5 * sizeof(uint32));
 		}
 	case TYPE_INTERNAL_DOUBLE:
 		return new HashKey(v->InternalDouble());
--- a/src/Conn.cc
+++ b/src/Conn.cc
@ -14,32 +14,6 @@
 #include "PIA.h"
 #include "binpac.h"
 HashKey* ConnID::BuildConnKey() const
 	{
 	Key key;
 	// Lookup up connection based on canonical ordering, which is
 	// the smaller of <src addr, src port> and <dst addr, dst port>
 	// followed by the other.
 	if ( is_one_way ||
 	     addr_port_canon_lt(src_addr, src_port, dst_addr, dst_port) )
 		{
 		src_addr.CopyIPv6(key.ip1);
 		dst_addr.CopyIPv6(key.ip2);
 		key.port1 = src_port;
 		key.port2 = dst_port;
 		}
 	else
 		{
 		dst_addr.CopyIPv6(key.ip1);
 		src_addr.CopyIPv6(key.ip2);
 		key.port1 = dst_port;
 		key.port2 = src_port;
 		}
 	return new HashKey(&key, sizeof(key));
 	}
 void ConnectionTimer::Init(Connection* arg_conn, timer_func arg_timer,
 				int arg_do_expire)
 	{
@ -842,7 +816,7 @@ bool Connection::DoUnserialize(UnserialInfo* info)
 	id.src_port = orig_port;
 	id.dst_port = resp_port;
 	id.is_one_way = 0;	// ### incorrect for ICMP
-	key = id.BuildConnKey();
+	key = BuildConnIDHashKey(id);
 	int len;
 	if ( ! UNSERIALIZE(&len) )
--- a/src/Conn.h
+++ b/src/Conn.h
@ -38,47 +38,12 @@ struct ConnID {
 	uint32 src_port;
 	uint32 dst_port;
 	bool is_one_way;	// if true, don't canonicalize
 	// Returns a ListVal suitable for looking up a connection in
 	// a hash table.  addr/ports are expected to be in network order.
 	// Unless is_one_way is true, the lookup sorts src and dst,
 	// so src_addr/src_port and dst_addr/dst_port just have to
 	// reflect the two different sides of the connection,
 	// neither has to be the particular source/destination
 	// or originator/responder.
 	HashKey* BuildConnKey() const;
 	// The structure used internally for hashing.
 	struct Key {
 		uint32 ip1[4];
 		uint32 ip2[4];
 		uint16 port1;
 		uint16 port2;
 	};
 };
 static inline int addr_port_canon_lt(const IPAddr& addr1, uint32 p1,
 					const IPAddr& addr2, uint32 p2)
 	{
-	uint32 a1[4];
+	return addr1 < addr2 || (addr1 == addr2 && p1 < p2);
 	uint32 a2[4];
 	addr1.CopyIPv6(a1);
 	addr2.CopyIPv6(a2);
 	// Because it's a canonical ordering, not a strict ordering,
 	// we can choose to give more weight to the least significant
 	// word than to the most significant word.  This matters
 	// because for the common case of IPv4 addresses embedded in
 	// a IPv6 address, the top three words are identical, so we can
 	// save a few cycles by first testing the bottom word.
 	return a1[3] < a2[3] ||
 		(a1[3] == a2[3] &&
 		 (a1[2] < a2[2] ||
 		  (a1[2] == a2[2] &&
 		   (a1[1] < a2[1] ||
 		    (a1[1] == a2[1] &&
 		     (a1[0] < a2[0] ||
 		      (a1[0] == a2[0] &&
 		       p1 < p2)))))));
 	}
 class Analyzer;
--- a/src/ConnCompressor.cc
+++ b/src/ConnCompressor.cc
@ -665,20 +665,8 @@ const IP_Hdr* ConnCompressor::PendingConnToPacket(const PendingConn* c)
 		reporter->InternalError("IPv6 snuck into connection compressor");
 	else
 		{
-		const uint32* src_bytes;
+		ip1.CopyIPv4(c->ip1_is_src ? &ip->ip_src : &ip->ip_dst);
-		const uint32* dst_bytes;
+		ip2.CopyIPv4(c->ip1_is_src ? &ip->ip_dst : &ip->ip_dst);
 		if ( c->ip1_is_src )
 			{
 			ip1.GetBytes(&src_bytes);
 			ip2.GetBytes(&dst_bytes);
 			}
 		else
 			{
 			ip2.GetBytes(&src_bytes);
 			ip1.GetBytes(&dst_bytes);
 			}
 		memcpy(&ip->ip_src, src_bytes, sizeof(ip->ip_src));
 		memcpy(&ip->ip_dst, dst_bytes, sizeof(ip->ip_dst));
 		}
 	if ( c->ip1_is_src )
--- a/src/ConnCompressor.h
+++ b/src/ConnCompressor.h
@ -90,7 +90,12 @@ public:
 		unsigned int ACK:1;
 		double time;
-		ConnID::Key key;
+		struct Key {
 			uint32 ip1[4];
 			uint32 ip2[4];
 			uint16 port1;
 			uint16 port2;
 		} key;
 		uint32 seq;
 		uint32 ack;
 		hash_t hash;
--- a/src/DNS_Mgr.cc
+++ b/src/DNS_Mgr.cc
@ -363,8 +363,6 @@ DNS_Mgr::DNS_Mgr(DNS_MgrMode arg_mode)
 	mode = arg_mode;
 	addr_mappings.SetDeleteFunc(DNS_Mgr_mapping_delete_func);
 	char err[NB_DNS_ERRSIZE];
 	nb_dns = nb_dns_init(err);
@ -504,11 +502,11 @@ Val* DNS_Mgr::LookupAddr(const IPAddr& addr)
 	if ( mode != DNS_PRIME )
 		{
-		HashKey h(addr);
+		AddrMap::iterator it = addr_mappings.find(addr);
 		DNS_Mapping* d = addr_mappings.Lookup(&h);
-		if ( d )
+		if ( it != addr_mappings.end() )
 			{
 			DNS_Mapping* d = it->second;
 			if ( d->Valid() )
 				return d->Host();
 			else
@ -744,13 +742,13 @@ void DNS_Mgr::AddResult(DNS_Mgr_Request* dr, struct nb_dns_result* r)
 	else
 		{
 		new_dm = new DNS_Mapping(dr->ReqAddr(), h, ttl);
-		HashKey k(dr->ReqAddr());
+		AddrMap::iterator it = addr_mappings.find(dr->ReqAddr());
-		prev_dm = addr_mappings.Insert(&k, new_dm);
+		prev_dm = it == addr_mappings.end() ? 0 : it->second;
 		addr_mappings[dr->ReqAddr()] = new_dm;
 		if ( new_dm->Failed() && prev_dm && prev_dm->Valid() )
 			{
-			HashKey k2(dr->ReqAddr());
+			addr_mappings[dr->ReqAddr()] = prev_dm;
 			(void) addr_mappings.Insert(&k2, prev_dm);
 			++keep_prev;
 			}
 		}
@ -871,8 +869,7 @@ void DNS_Mgr::LoadCache(FILE* f)
 			}
 		else
 			{
-			HashKey h(m->ReqAddr());
+			addr_mappings[m->ReqAddr()] = m;
 			addr_mappings.Insert(&h, m);
 			}
 		}
@ -883,13 +880,12 @@ void DNS_Mgr::LoadCache(FILE* f)
 	fclose(f);
 	}
-void DNS_Mgr::Save(FILE* f, PDict(DNS_Mapping)& m)
+void DNS_Mgr::Save(FILE* f, const AddrMap& m)
 	{
-	IterCookie* cookie = m.InitForIteration();
+	AddrMap::const_iterator it;
-	DNS_Mapping* dm;
+	for ( it = m.begin(); it != m.end(); ++it )
-
+		if ( it->second )
-	while ( (dm = m.NextEntry(cookie)) )
+			it->second->Save(f);
 		dm->Save(f);
 	}
 void DNS_Mgr::Save(FILE* f, const HostMap& m)
@ -908,15 +904,16 @@ void DNS_Mgr::Save(FILE* f, const HostMap& m)
 const char* DNS_Mgr::LookupAddrInCache(const IPAddr& addr)
 	{
-	HashKey h(addr);
+	AddrMap::iterator it = dns_mgr->addr_mappings.find(addr);
 	DNS_Mapping* d = dns_mgr->addr_mappings.Lookup(&h);
-	if ( ! d )
+	if ( it == addr_mappings.end() )
 		return 0;
 	DNS_Mapping* d = it->second;
 	if ( d->Expired() )
 		{
-		dns_mgr->addr_mappings.Remove(&h);
+		dns_mgr->addr_mappings.erase(it);
 		delete d;
 		return 0;
 		}
@ -1156,8 +1153,12 @@ void DNS_Mgr::Flush()
 		delete it->second.second;
 		}
 	AddrMap::iterator it2;
 	for ( it2 = addr_mappings.begin(); it2 != addr_mappings.end(); ++it2 )
 		delete it2->second;
 	host_mappings.clear();
-	addr_mappings.Clear();
+	addr_mappings.clear();
 	}
 void DNS_Mgr::Process()
@ -1269,6 +1270,6 @@ void DNS_Mgr::GetStats(Stats* stats)
 	stats->failed = failed;
 	stats->pending = asyncs_pending;
 	stats->cached_hosts = host_mappings.size();
-	stats->cached_addresses = addr_mappings.Length();
+	stats->cached_addresses = addr_mappings.size();
 	}
--- a/src/DNS_Mgr.h
+++ b/src/DNS_Mgr.h
@ -29,7 +29,6 @@ struct nb_dns_result;
 declare(PDict,ListVal);
 class DNS_Mapping;
 declare(PDict,DNS_Mapping);
 enum DNS_MgrMode {
 	DNS_PRIME,	// used to prime the cache
@ -106,8 +105,9 @@ protected:
 	void DumpAddrList(FILE* f, ListVal* al);
 	typedef map<string, pair<DNS_Mapping*, DNS_Mapping*> > HostMap;
 	typedef map<IPAddr, DNS_Mapping*> AddrMap;
 	void LoadCache(FILE* f);
-	void Save(FILE* f, PDict(DNS_Mapping)& m);
+	void Save(FILE* f, const AddrMap& m);
 	void Save(FILE* f, const HostMap& m);
 	// Selects on the fd to see if there is an answer available (timeout
@ -137,7 +137,7 @@ protected:
 	PDict(ListVal) services;
 	HostMap host_mappings;
-	PDict(DNS_Mapping) addr_mappings;
+	AddrMap addr_mappings;
 	DNS_mgr_request_list requests;
--- a/src/DPM.cc
+++ b/src/DPM.cc
@ -33,22 +33,6 @@ ExpectedConn::ExpectedConn(const ExpectedConn& c)
 	proto = c.proto;
 	}
 HashKey* ExpectedConn::GetKey() const
 	{
 	struct Key {
 		uint32 orig[4];
 		uint32 resp[4];
 		uint16 resp_p;
 		uint16 proto;
 	};
 	Key k;
 	orig.CopyIPv6(k.orig);
 	resp.CopyIPv6(k.resp);
 	k.resp_p = resp_p;
 	k.proto = proto;
 	return new HashKey(&k, sizeof(k));
 	}
 DPM::DPM()
 : expected_conns_queue(AssignedAnalyzer::compare)
 	{
@ -149,7 +133,7 @@ AnalyzerTag::Tag DPM::GetExpected(int proto, const Connection* conn)
 	ExpectedConn c(conn->OrigAddr(), conn->RespAddr(),
 			ntohs(conn->RespPort()), proto);
-	HashKey* key = c.GetKey();
+	HashKey* key = BuildExpectedConnHashKey(c);
 	AssignedAnalyzer* a = expected_conns.Lookup(key);
 	delete key;
@ -158,7 +142,7 @@ AnalyzerTag::Tag DPM::GetExpected(int proto, const Connection* conn)
 		// Wildcard for originator.
 		c.orig = IPAddr(string("::"));
-		HashKey* key = c.GetKey();
+		HashKey* key = BuildExpectedConnHashKey(c);
 		a = expected_conns.Lookup(key);
 		delete key;
 		}
@ -403,7 +387,7 @@ void DPM::ExpectConnection(const IPAddr& orig, const IPAddr& resp,
 			{
 			if ( ! a->deleted )
 				{
-				HashKey* key = a->conn.GetKey();
+				HashKey* key = BuildExpectedConnHashKey(a->conn);
 				expected_conns.Remove(key);
 				delete key;
 				}
@ -422,7 +406,7 @@ void DPM::ExpectConnection(const IPAddr& orig, const IPAddr& resp,
 	ExpectedConn c(orig, resp, resp_p, proto);
-	HashKey* key = c.GetKey();
+	HashKey* key = BuildExpectedConnHashKey(c);
 	AssignedAnalyzer* a = expected_conns.Lookup(key);
@ -449,7 +433,7 @@ void DPM::Done()
 		AssignedAnalyzer* a = expected_conns_queue.top();
 		if ( ! a->deleted )
 			{
-			HashKey* key = a->conn.GetKey();
+			HashKey* key = BuildExpectedConnHashKey(a->conn);
 			expected_conns.Remove(key);
 			delete key;
 			}
--- a/src/DPM.h
+++ b/src/DPM.h
@ -32,8 +32,6 @@ public:
 	ExpectedConn(const ExpectedConn& c);
 	HashKey* GetKey() const;
 	IPAddr orig;
 	IPAddr resp;
 	uint16 resp_p;
--- a/src/Hash.cc
+++ b/src/Hash.cc
@ -103,16 +103,6 @@ HashKey::HashKey(const BroString* s)
 	is_our_dynamic = 0;
 	}
 HashKey::HashKey(const IPAddr& addr)
 	{
 	const uint32* bytes;
 	int len = addr.GetBytes(&bytes);
 	size = len * sizeof(uint32);
 	key = CopyKey(bytes, size);
 	is_our_dynamic = 1;
 	hash = HashBytes(key, size);
 	}
 HashKey::HashKey(int copy_key, void* arg_key, int arg_size)
 	{
 	size = arg_size;
--- a/src/Hash.h
+++ b/src/Hash.h
@ -6,7 +6,6 @@
 #include <stdlib.h>
 #include "BroString.h"
 #include "IPAddr.h"
 #define UHASH_KEY_SIZE 36
@ -29,7 +28,6 @@ public:
 	HashKey(const void* p);
 	HashKey(const char* s);
 	HashKey(const BroString* s);
 	HashKey(const IPAddr& addr);
 	~HashKey()
 		{
 		if ( is_our_dynamic )
--- a/src/IPAddr.cc
+++ b/src/IPAddr.cc
@ -4,11 +4,62 @@
 #include <vector>
 #include "IPAddr.h"
 #include "Reporter.h"
 #include "Conn.h"
 #include "DPM.h"
 const uint8_t IPAddr::v4_mapped_prefix[12] = { 0, 0, 0, 0,
                                               0, 0, 0, 0,
                                               0, 0, 0xff, 0xff };
 HashKey* BuildConnIDHashKey(const ConnID& id)
 	{
 	struct {
 		in6_addr ip1;
 		in6_addr ip2;
 		uint16 port1;
 		uint16 port2;
 	} key;
 	// Lookup up connection based on canonical ordering, which is
 	// the smaller of <src addr, src port> and <dst addr, dst port>
 	// followed by the other.
 	if ( id.is_one_way ||
 	     addr_port_canon_lt(id.src_addr, id.src_port, id.dst_addr, id.dst_port)
 	   )
 		{
 		key.ip1 = id.src_addr.in6;
 		key.ip2 = id.dst_addr.in6;
 		key.port1 = id.src_port;
 		key.port2 = id.dst_port;
 		}
 	else
 		{
 		key.ip1 = id.dst_addr.in6;
 		key.ip2 = id.src_addr.in6;
 		key.port1 = id.dst_port;
 		key.port2 = id.src_port;
 		}
 	return new HashKey(&key, sizeof(key));
 	}
 HashKey* BuildExpectedConnHashKey(const ExpectedConn& c)
 	{
 	struct {
 		in6_addr orig;
 		in6_addr resp;
 		uint16 resp_p;
 		uint16 proto;
 	} key;
 	key.orig = c.orig.in6;
 	key.resp = c.resp.in6;
 	key.resp_p = c.resp_p;
 	key.proto = c.proto;
 	return new HashKey(&key, sizeof(key));
 	}
 void IPAddr::Mask(int top_bits_to_keep)
 	{
 	if ( top_bits_to_keep <= 0 || top_bits_to_keep > 128 )
@ -147,6 +198,58 @@ string IPAddr::AsString() const
 		}
 	}
 string IPAddr::AsHexString() const
 	{
 	char buf[33];
 	if ( GetFamily() == IPv4 )
 		{
 		uint32_t* p = (uint32_t*) &in6.s6_addr[12];
 		snprintf(buf, sizeof(buf), "%08x", (uint32_t) ntohl(*p));
 		}
 	else
 		{
 		uint32_t* p = (uint32_t*) in6.s6_addr;
 		snprintf(buf, sizeof(buf), "%08x%08x%08x%08x",
 				(uint32_t) ntohl(p[0]), (uint32_t) ntohl(p[1]),
 				(uint32_t) ntohl(p[2]), (uint32_t) ntohl(p[3]));
 		}
 	return buf;
 	}
 string IPAddr::PtrName() const
 	{
 	if ( GetFamily() == IPv4 )
 		{
 		char buf[256];
 		uint32_t* p = (uint32_t*) &in6.s6_addr[12];
 		uint32_t a = ntohl(*p);
 		uint32_t a3 = (a >> 24) & 0xff;
 		uint32_t a2 = (a >> 16) & 0xff;
 		uint32_t a1 = (a >> 8) & 0xff;
 		uint32_t a0 = a & 0xff;
 		snprintf(buf, sizeof(buf), "%u.%u.%u.%u.in-addr.arpa", a0, a1, a2, a3);
 		return buf;
 		}
 	else
 		{
 		static const char hex_digit[] = "0123456789abcdef";
 		string ptr_name("ip6.arpa");
 		uint32_t* p = (uint32_t*) in6.s6_addr;
 		for ( unsigned int i = 0; i < 4; ++i )
 			{
 			uint32 a = ntohl(p[i]);
 			for ( unsigned int j = 1; j <=8; ++j )
 				{
 				ptr_name.insert(0, 1, '.');
 				ptr_name.insert(0, 1, hex_digit[(a >> (32-j*4)) & 0x0f]);
 				}
 			}
 		return ptr_name;
 		}
 	}
 IPPrefix::IPPrefix(const in4_addr& in4, uint8_t length)
 	: prefix(in4), length(96 + length)
 	{
--- a/src/IPAddr.h
+++ b/src/IPAddr.h
@ -8,8 +8,12 @@
 #include <string>
 #include "BroString.h"
 #include "Hash.h"
 #include "util.h"
 struct ConnID;
 class ExpectedConn;
 typedef in_addr in4_addr;
 /**
@ -189,6 +193,36 @@ public:
 		memcpy(bytes, in6.s6_addr, sizeof(in6.s6_addr));
 		}
 	/**
 	 * Retrieves a copy of the IPv6 raw byte representation of the address.
 	 * @see CopyIPv6(uint32_t)
 	 */
 	void CopyIPv6(in6_addr* arg_in6) const
 		{
 		memcpy(arg_in6->s6_addr, in6.s6_addr, sizeof(in6.s6_addr));
 		}
 	/**
 	 * Retrieves a copy of the IPv4 raw byte representation of the address.
 	 * The caller should verify the address is of the IPv4 family type
 	 * beforehand.  @see GetFamily().
 	 *
 	 * @param in4 The pointer to a memory location in which the raw bytes
 	 * of the address are to be copied in network byte-order.
 	 */
 	void CopyIPv4(in4_addr* in4) const
 		{
 		memcpy(&in4->s_addr, &in6.s6_addr[12], sizeof(in4->s_addr));
 		}
 	/**
 	 * Returns a key that can be used to lookup the IP Address in a hash table.
 	 */
 	HashKey* GetHashKey() const
 		{
 		return new HashKey((void*)in6.s6_addr, sizeof(in6.s6_addr));
 		}
 	/**
 	 * Masks out lower bits of the address.
 	 *
@ -223,6 +257,18 @@ public:
 		return *this;
 		}
 	/**
 	 * Bitwise OR operator returns the IP address resulting from the bitwise
 	 * OR operation on the raw bytes of this address with another.
 	 */
 	IPAddr operator|(const IPAddr& other)
 		{
 		in6_addr result;
 		for ( int i = 0; i < 16; ++i )
 			result.s6_addr[i] = this->in6.s6_addr[i] | other.in6.s6_addr[i];
 		return IPAddr(result);
 		}
 	/**
 	 * Returns a string representation of the address. IPv4 addresses
 	 * will be returned in dotted representation, IPv6 addresses in
@ -230,12 +276,23 @@ public:
 	 */
 	string AsString() const;
 	/**
 	 * Returns a host-order, plain hex string representation of the address.
 	 */
 	string AsHexString() const;
 	/**
 	 * Returns a string representation of the address. This returns the
 	 * same as AsString().
 	 */
 	operator std::string() const { return AsString(); }
 	/**
 	 * Returns a reverse pointer name associated with the IP address.
 	 * For example, 192.168.0.1's reverse pointer is 1.0.168.192.in-addr.arpa.
 	 */
 	string PtrName() const;
 	/**
 	 * Comparison operator for IP address.
 	 */
@ -259,6 +316,11 @@ public:
 		return memcmp(&addr1.in6, &addr2.in6, sizeof(in6_addr)) < 0;
 		}
 	friend HashKey* BuildConnIDHashKey(const ConnID& id);
 	friend HashKey* BuildExpectedConnHashKey(const ExpectedConn& c);
 	friend class IPPrefix;
 	unsigned int MemoryAllocation() const { return padded_sizeof(*this); }
 	/**
@ -328,6 +390,9 @@ inline bool IPAddr::IsLoopback() const
 			&& (in6.s6_addr[14] == 0) && (in6.s6_addr[15] == 1));
 	}
 HashKey* BuildConnIDHashKey(const ConnID& id);
 HashKey* BuildExpectedConnHashKey(const ExpectedConn& c);
 /**
 * Class storing both IPv4 and IPv6 prefixes
 * (i.e., \c 192.168.1.1/16 and \c FD00::/8.
@ -433,6 +498,20 @@ public:
 	operator std::string() const	{ return AsString(); }
 	/**
 	 * Returns a key that can be used to lookup the IP Prefix in a hash table.
 	 */
 	HashKey* GetHashKey() const
 		{
 		struct {
 			in6_addr ip;
 			uint32 len;
 		} key;
 		key.ip = prefix.in6;
 		key.len = Length();
 		return new HashKey(&key, sizeof(key));
 		}
 	unsigned int MemoryAllocation() const { return padded_sizeof(*this); }
 	/**
--- a/src/OSFinger.cc
+++ b/src/OSFinger.cc
@ -65,15 +65,14 @@ OSFingerprint::OSFingerprint(FingerprintMode arg_mode)
 bool OSFingerprint::CacheMatch(const IPAddr& addr, int id)
  {
-  uint32 bytes[4];
+  HashKey* key = addr.GetHashKey();
  addr.CopyIPv6(bytes);
  HashKey key = HashKey(bytes, 4);
  int* pid = new int;
  *pid=id;
-  int* prev = os_matches.Insert(&key, pid);
+  int* prev = os_matches.Insert(key, pid);
  bool ret = (prev ? *prev != id : 1);
  if (prev)
    delete prev;
  delete key;
  return ret;
  }
--- a/src/PIA.cc
+++ b/src/PIA.cc
@ -199,21 +199,17 @@ void PIA_TCP::FirstPacket(bool is_orig, const IP_Hdr* ip)
 			ip4_hdr = new IP_Hdr((const struct ip*) ip4);
 			}
 		const uint32* obytes;
 		const uint32* rbytes;
 		Conn()->OrigAddr().GetBytes(&obytes);
 		Conn()->RespAddr().GetBytes(&rbytes);
 		if ( is_orig )
 			{
-			memcpy(&ip4->ip_src.s_addr, obytes, sizeof(uint32));
+			Conn()->OrigAddr().CopyIPv4(&ip4->ip_src);
-			memcpy(&ip4->ip_dst.s_addr, rbytes, sizeof(uint32));
+			Conn()->RespAddr().CopyIPv4(&ip4->ip_dst);
 			tcp4->th_sport = htons(Conn()->OrigPort());
 			tcp4->th_dport = htons(Conn()->RespPort());
 			}
 		else
 			{
-			memcpy(&ip4->ip_src.s_addr, rbytes, sizeof(uint32));
+			Conn()->RespAddr().CopyIPv4(&ip4->ip_src);
-			memcpy(&ip4->ip_dst.s_addr, obytes, sizeof(uint32));
+			Conn()->OrigAddr().CopyIPv4(&ip4->ip_dst);
 			tcp4->th_sport = htons(Conn()->RespPort());
 			tcp4->th_dport = htons(Conn()->OrigPort());
 			}
--- a/src/PacketSort.cc
+++ b/src/PacketSort.cc
@ -65,7 +65,7 @@ PacketSortElement::PacketSortElement(PktSrc* arg_src,
 				payload_length = ip_hdr->PayloadLen() - tp->th_off * 4;
-				key = id.BuildConnKey();
+				key = BuildConnIDHashKey(id);
 				is_tcp = 1;
 				}
--- a/src/PrefixTable.cc
+++ b/src/PrefixTable.cc
@ -5,9 +5,7 @@ inline static prefix_t* make_prefix(const IPAddr& addr, int width)
 	{
 	prefix_t* prefix = (prefix_t*) safe_malloc(sizeof(prefix_t));
-	uint32 bytes[4];
+	addr.CopyIPv6(&prefix->add.sin6);
 	addr.CopyIPv6(bytes);
 	memcpy(&prefix->add.sin6, bytes, 4 * sizeof(uint32));
 	prefix->family = AF_INET6;
 	prefix->bitlen = width;
 	prefix->ref_count = 1;
--- a/src/Sessions.cc
+++ b/src/Sessions.cc
@ -555,7 +555,7 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 		return;
 	}
-	HashKey* h = id.BuildConnKey();
+	HashKey* h = BuildConnIDHashKey(id);
 	if ( ! h )
 		reporter->InternalError("hash computation failed");
@ -831,7 +831,7 @@ Connection* NetSessions::FindConnection(Val* v)
 	id.is_one_way = 0;	// ### incorrect for ICMP connections
-	HashKey* h = id.BuildConnKey();
+	HashKey* h = BuildConnIDHashKey(id);
 	if ( ! h )
 		reporter->InternalError("hash computation failed");
--- a/src/TCP_Endpoint.cc
+++ b/src/TCP_Endpoint.cc
@ -32,12 +32,8 @@ TCP_Endpoint::TCP_Endpoint(TCP_Analyzer* arg_analyzer, int arg_is_orig)
 	dst_addr = is_orig ? tcp_analyzer->Conn()->OrigAddr() :
 				tcp_analyzer->Conn()->RespAddr();
-	const uint32* src_bytes;
+	checksum_base = ones_complement_checksum(src_addr, 0);
-	const uint32* dst_bytes;
+	checksum_base = ones_complement_checksum(dst_addr, checksum_base);
 	int n = src_addr.GetBytes(&src_bytes);
 	int m = dst_addr.GetBytes(&dst_bytes);
 	checksum_base = ones_complement_checksum((void*) src_bytes, n*4, 0);
 	checksum_base = ones_complement_checksum((void*) dst_bytes, m*4, checksum_base);
 	// Note, for IPv6, strictly speaking this field is 32 bits
 	// rather than 16 bits.  But because the upper bits are all zero,
 	// we get the same checksum either way.  The same applies to
--- a/src/bro.bif
+++ b/src/bro.bif
@ -179,38 +179,8 @@ static void do_fmt(const char*& fmt, Val* v, ODesc* d)
 			// This makes only a very slight difference, so not
 			// clear it would e worth the hassle.
-			const IPAddr& u = v->AsAddr();
+			snprintf(out_buf, sizeof(out_buf), "%s",
-			const uint32* net_order_u;
+			         v->AsAddr().AsHexString().c_str());
 			int len = u.GetBytes(&net_order_u);
 			if ( len == 4 )
 				{
 				// We explicitly convert the address to host order
 				// in a copy, because if we just call ntohl() for
 				// our invocation on snprintf() below, on some systems
 				// it turns a 32-bit value (Linux), whereas on
 				// others it returns a long (FreeBSD); the latter
 				// gets us in trouble if we have longs > 32 bits,
 				// because then the format specifier needs to be %lx
 				// rather than %x ....... what a pain!
 				//
 				// Also note that we don't change u in-place because
 				// that would alter the byte order of the underlying
 				// value.
 				uint32 host_order_u[4];
 				host_order_u[0] = ntohl(net_order_u[0]);
 				host_order_u[1] = ntohl(net_order_u[1]);
 				host_order_u[2] = ntohl(net_order_u[2]);
 				host_order_u[3] = ntohl(net_order_u[3]);
 				snprintf(out_buf, sizeof(out_buf), "%08x%08x%08x%08x",
 						host_order_u[0], host_order_u[1],
 						host_order_u[2], host_order_u[3]);
 				}
 			else
 				{
 				snprintf(out_buf, sizeof(out_buf), "%08x", ntohl(net_order_u[0]));
 				}
 			}
 		else if ( ! check_fmt_type(t, ok_d_fmt) )
@ -2445,35 +2415,7 @@ function ptr_name_to_addr%(s: string%): addr
 ## .. bro:see:: ptr_name_to_addr parse_dotted_addr
 function addr_to_ptr_name%(a: addr%): string
 	%{
-	const uint32* addr;
+	return new StringVal(a->AsAddr().PtrName().c_str());
 	int len = a->AsAddr().GetBytes(&addr);
 	if ( len == 1 )
 		{
 		char buf[256];
 		uint32 a = ntohl(addr[0]);
 		uint32 a3 = (a >> 24) & 0xff;
 		uint32 a2 = (a >> 16) & 0xff;
 		uint32 a1 = (a >> 8) & 0xff;
 		uint32 a0 = a & 0xff;
 		sprintf(buf, "%u.%u.%u.%u.in-addr.arpa", a0, a1, a2, a3);
 		return new StringVal(buf);
 		}
 	else
 		{
 		static const char hex_digit[] = "0123456789abcdef";
 		string ptr_name("ip6.arpa");
 		for ( unsigned int i = 0; i < 4; ++i )
 			{
 			uint32 a = ntohl(addr[i]);
 			for ( unsigned int j = 1; j <=8; ++j )
 				{
 				ptr_name.insert(0, 1, '.');
 				ptr_name.insert(0, 1, hex_digit[(a >> (32-j*4)) & 0x0f]);
 				}
 			}
 		return new StringVal(ptr_name.c_str());
 		}
 	%}
 # Transforms n0.n1.n2.n3 -> addr.
@ -2541,7 +2483,7 @@ static Val* parse_eftp(const char* line)
 	RecordVal* r = new RecordVal(ftp_port);
 	int net_proto = 0;	// currently not used
-	uint32 addr = 0;
+	IPAddr addr;
 	int port = 0;
 	int good = 0;
@ -2563,11 +2505,8 @@ static Val* parse_eftp(const char* line)
 		if ( *line != delimiter )	// default of 0 is ok
 			{
 			string s(line);
-			IPAddr tmp(s);
+			addr = IPAddr(s);
-			const uint32* bytes;
+			if ( addr == IPAddr("0.0.0.0") )
 			tmp.GetBytes(&bytes);
 			addr = *bytes;
 			if ( addr == 0 )
 				good = 0;
 			}
@ -3025,14 +2964,8 @@ function remask_addr%(a1: addr, a2: addr, top_bits_from_a1: count%): addr
 	IPAddr addr1(a1->AsAddr());
 	addr1.Mask(top_bits_from_a1);
 	IPAddr addr2(a2->AsAddr());
-	addr1.ReverseMask(top_bits_from_a1);
+	addr2.ReverseMask(top_bits_from_a1);
-	uint32 x1[4];
+	return new AddrVal(addr1|addr2);
 	uint32 x2[4];
 	addr1.CopyIPv6(x1);
 	addr2.CopyIPv6(x2);
 	for ( unsigned int i = 0; i < 4; ++i )
 		x1[i] = x1[i] | x2[i];
 	return new AddrVal(x1);
 	%}
 ## Checks whether a given :bro:type:`port` has TCP as transport protocol.
@ -3551,10 +3484,8 @@ function lookup_location%(a: addr%) : geo_location
 #ifdef HAVE_GEOIP_COUNTRY_EDITION_V6
 	if ( geoip_v6 && a->AsAddr().GetFamily() == IPAddr::IPv6 )
 		{
 		const uint32* bytes;
 		a->AsAddr().GetBytes(&bytes);
 		geoipv6_t ga;
-		memcpy(&ga, bytes, 16);
+		a->AsAddr().CopyIPv6(&ga);
 		if ( have_cityv6_db )
 			gir = GeoIP_record_by_ipnum_v6(geoip_v6, ga);
 		else
@ -3648,10 +3579,8 @@ function lookup_asn%(a: addr%) : count
 #ifdef HAVE_GEOIP_COUNTRY_EDITION_V6
 		if ( a->AsAddr().GetFamily() == IPAddr::IPv6 )
 			{
 			const uint32* bytes;
 			a->AsAddr().GetBytes(&bytes);
 			geoipv6_t ga;
-			memcpy(&ga, bytes, 16);
+			a->AsAddr().CopyIPv6(&ga);
 			gir = GeoIP_name_by_ipnum_v6(geoip_asn, ga);
 			}
 		else
--- a/src/net_util.cc
+++ b/src/net_util.cc
@ -31,6 +31,13 @@ int ones_complement_checksum(const void* p, int b, uint32 sum)
 	return sum;
 	}
 int ones_complement_checksum(const IPAddr& a, uint32 sum)
 	{
 	const uint32* bytes;
 	int len = a.GetBytes(&bytes);
 	return ones_complement_checksum(bytes, len*4, sum);
 	}
 int tcp_checksum(const struct ip* ip, const struct tcphdr* tp, int len)
 	{
 	// ### Note, this is only correct for IPv4.  This routine is only
--- a/src/net_util.h
+++ b/src/net_util.h
@ -60,6 +60,7 @@ inline int seq_delta(uint32 a, uint32 b)
 // Returns the ones-complement checksum of a chunk of b short-aligned bytes.
 extern int ones_complement_checksum(const void* p, int b, uint32 sum);
 extern int ones_complement_checksum(const IPAddr& a, uint32 sum);
 extern int tcp_checksum(const struct ip* ip, const struct tcphdr* tp, int len);
 extern int udp_checksum(const struct ip* ip, const struct udphdr* up, int len);
--- a/testing/btest/Baseline/bifs.remask_addr/output
+++ b/testing/btest/Baseline/bifs.remask_addr/output
@ -0,0 +1,32 @@
 1: 127.255.0.0
 2: 63.255.0.0
 3: 31.255.0.0
 4: 15.255.0.0
 5: 7.255.0.0
 6: 3.255.0.0
 7: 1.255.0.0
 8: 0.255.0.0
 9: 0.127.0.0
 10: 0.63.0.0
 11: 0.31.0.0
 12: 0.15.0.0
 13: 0.7.0.0
 14: 0.3.0.0
 15: 0.1.0.0
 16: 0.0.0.0
 17: 0.0.128.0
 18: 0.0.192.0
 19: 0.0.224.0
 20: 0.0.240.0
 21: 0.0.248.0
 22: 0.0.252.0
 23: 0.0.254.0
 24: 0.0.255.0
 25: 0.0.255.128
 26: 0.0.255.192
 27: 0.0.255.224
 28: 0.0.255.240
 29: 0.0.255.248
 30: 0.0.255.252
 31: 0.0.255.254
 32: 0.0.255.255
--- a/testing/btest/bifs/remask_addr.bro
+++ b/testing/btest/bifs/remask_addr.bro
@ -0,0 +1,10 @@
 # @TEST-EXEC: bro %INPUT >output
 # @TEST-EXEC: btest-diff output
 const one_to_32: vector of count = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32};
 for ( i in one_to_32 )
 	{
 	print fmt("%s: %s", one_to_32[i],
 	          remask_addr(0.0.255.255, 255.255.0.0, 96+one_to_32[i]));
 	}