Employ 'IpNetwork' class

3 files changed, 28 insertions, 25 deletions

diff --git a/windows/winfw/src/winfw/rules/permitdhcp.cpp b/windows/winfw/src/winfw/rules/permitdhcp.cpp
index 1a52865cf1..3537a2a2a1 100644
--- a/windows/winfw/src/winfw/rules/permitdhcp.cpp
+++ b/windows/winfw/src/winfw/rules/permitdhcp.cpp
@@ -4,6 +4,7 @@
 #include "libwfp/filterbuilder.h"
 #include "libwfp/conditionbuilder.h"
 #include "libwfp/ipaddress.h"
+#include "libwfp/ipnetwork.h"
 #include "libwfp/conditions/conditionprotocol.h"
 #include "libwfp/conditions/conditionport.h"
 #include "libwfp/conditions/conditionip.h"
@@ -87,7 +88,7 @@ bool PermitDhcp::applyIpv4(IObjectInstaller &objectInstaller) const
 
 bool PermitDhcp::applyIpv6(IObjectInstaller &objectInstaller) const
 {
-	const wfp::IpAddress::Literal6 fe80{ 0xFE80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 };
+	const wfp::IpNetwork linkLocal(wfp::IpAddress::Literal6({ 0xFE80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }), 10);
 
 	wfp::FilterBuilder filterBuilder;
 
@@ -103,11 +104,11 @@ bool PermitDhcp::applyIpv6(IObjectInstaller &objectInstaller) const
 	{
 		wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V6);
 
-		const wfp::IpAddress::Literal6 linkLocalDhcpMulticast{ 0xFF02, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2 };
-		const wfp::IpAddress::Literal6 siteLocalDhcpMulticast{ 0xFF05, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3 };
+		const wfp::IpAddress::Literal6 linkLocalDhcpMulticast({ 0xFF02, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2 });
+		const wfp::IpAddress::Literal6 siteLocalDhcpMulticast({ 0xFF05, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3 });
 
 		conditionBuilder.add_condition(ConditionProtocol::Udp());
-		conditionBuilder.add_condition(ConditionIp::Local(fe80, uint8_t(10)));
+		conditionBuilder.add_condition(ConditionIp::Local(linkLocal));
 		conditionBuilder.add_condition(ConditionPort::Local(DHCPV6_CLIENT_PORT));
 		conditionBuilder.add_condition(ConditionIp::Remote(linkLocalDhcpMulticast));
 		conditionBuilder.add_condition(ConditionIp::Remote(siteLocalDhcpMulticast));
@@ -131,9 +132,9 @@ bool PermitDhcp::applyIpv6(IObjectInstaller &objectInstaller) const
 	wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6);
 
 	conditionBuilder.add_condition(ConditionProtocol::Udp());
-	conditionBuilder.add_condition(ConditionIp::Local(fe80, uint8_t(10)));
+	conditionBuilder.add_condition(ConditionIp::Local(linkLocal));
 	conditionBuilder.add_condition(ConditionPort::Local(DHCPV6_CLIENT_PORT));
-	conditionBuilder.add_condition(ConditionIp::Remote(fe80, uint8_t(10)));
+	conditionBuilder.add_condition(ConditionIp::Remote(linkLocal));
 	conditionBuilder.add_condition(ConditionPort::Remote(DHCPV6_SERVER_PORT));
 
 	return objectInstaller.addFilter(filterBuilder, conditionBuilder);
diff --git a/windows/winfw/src/winfw/rules/permitlan.cpp b/windows/winfw/src/winfw/rules/permitlan.cpp
index ae9af0d27f..7c389f6517 100644
--- a/windows/winfw/src/winfw/rules/permitlan.cpp
+++ b/windows/winfw/src/winfw/rules/permitlan.cpp
@@ -4,6 +4,7 @@
 #include "libwfp/filterbuilder.h"
 #include "libwfp/conditionbuilder.h"
 #include "libwfp/ipaddress.h"
+#include "libwfp/ipnetwork.h"
 #include "libwfp/conditions/conditionip.h"
 
 using namespace wfp::conditions;
@@ -36,10 +37,10 @@ bool PermitLan::applyIpv4(IObjectInstaller &objectInstaller) const
 
 	wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V4);
 
-	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpAddress::Literal({ 10, 0, 0, 0 }), uint8_t(8)));
-	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpAddress::Literal({ 172, 16, 0, 0 }), uint8_t(12)));
-	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpAddress::Literal({ 192, 168, 0, 0 }), uint8_t(16)));
-	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpAddress::Literal({ 169, 254, 0, 0 }), uint8_t(16)));
+	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpNetwork(wfp::IpAddress::Literal({ 10, 0, 0, 0 }), 8)));
+	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpNetwork(wfp::IpAddress::Literal({ 172, 16, 0, 0 }), 12)));
+	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpNetwork(wfp::IpAddress::Literal({ 192, 168, 0, 0 }), 16)));
+	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpNetwork(wfp::IpAddress::Literal({ 169, 254, 0, 0 }), 16)));
 
 	if (!objectInstaller.addFilter(filterBuilder, conditionBuilder))
 	{
@@ -57,13 +58,13 @@ bool PermitLan::applyIpv4(IObjectInstaller &objectInstaller) const
 	conditionBuilder.reset();
 
 	// Local subnet multicast.
-	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpAddress::Literal({ 224, 0, 0, 0 }), uint8_t(24)));
+	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpNetwork(wfp::IpAddress::Literal({ 224, 0, 0, 0 }), 24)));
 
 	// Simple Service Discovery Protocol (SSDP) address.
-	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpAddress::Literal({ 239, 255, 255, 250 }), uint8_t(32)));
+	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpNetwork(wfp::IpAddress::Literal({ 239, 255, 255, 250 }), 32)));
 
 	// mDNS Service Discovery address.
-	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpAddress::Literal({ 239, 255, 255, 251 }), uint8_t(32)));
+	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpNetwork(wfp::IpAddress::Literal({ 239, 255, 255, 251 }), 32)));
 
 	return objectInstaller.addFilter(filterBuilder, conditionBuilder);
 }
@@ -88,9 +89,9 @@ bool PermitLan::applyIpv6(IObjectInstaller &objectInstaller) const
 
 	wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V6);
 
-	wfp::IpAddress::Literal6 fe80 { 0xFE80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 };
+	const wfp::IpNetwork linkLocal(wfp::IpAddress::Literal6({ 0xFE80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }), 10);
 
-	conditionBuilder.add_condition(ConditionIp::Remote(fe80, uint8_t(10)));
+	conditionBuilder.add_condition(ConditionIp::Remote(linkLocal));
 
 	if (!objectInstaller.addFilter(filterBuilder, conditionBuilder))
 	{
@@ -107,11 +108,11 @@ bool PermitLan::applyIpv6(IObjectInstaller &objectInstaller) const
 
 	conditionBuilder.reset();
 
-	wfp::IpAddress::Literal6 linkLocal{ 0xFF02, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 };
-	wfp::IpAddress::Literal6 siteLocal{ 0xFF05, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 };
+	const wfp::IpNetwork linkLocalMulticast(wfp::IpAddress::Literal6({ 0xFF02, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }), 16);
+	const wfp::IpNetwork siteLocalMulticast(wfp::IpAddress::Literal6({ 0xFF05, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }), 16);
 
-	conditionBuilder.add_condition(ConditionIp::Remote(linkLocal, uint8_t(16)));
-	conditionBuilder.add_condition(ConditionIp::Remote(siteLocal, uint8_t(16)));
+	conditionBuilder.add_condition(ConditionIp::Remote(linkLocalMulticast));
+	conditionBuilder.add_condition(ConditionIp::Remote(siteLocalMulticast));
 
 	return objectInstaller.addFilter(filterBuilder, conditionBuilder);
 }
diff --git a/windows/winfw/src/winfw/rules/permitlanservice.cpp b/windows/winfw/src/winfw/rules/permitlanservice.cpp
index 1bba1cf9f0..da98c48245 100644
--- a/windows/winfw/src/winfw/rules/permitlanservice.cpp
+++ b/windows/winfw/src/winfw/rules/permitlanservice.cpp
@@ -4,6 +4,7 @@
 #include "libwfp/filterbuilder.h"
 #include "libwfp/conditionbuilder.h"
 #include "libwfp/ipaddress.h"
+#include "libwfp/ipnetwork.h"
 #include "libwfp/conditions/conditionip.h"
 
 using namespace wfp::conditions;
@@ -36,10 +37,10 @@ bool PermitLanService::applyIpv4(IObjectInstaller &objectInstaller) const
 
 	wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4);
 
-	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpAddress::Literal({ 10, 0, 0, 0 }), uint8_t(8)));
-	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpAddress::Literal({ 172, 16, 0, 0 }), uint8_t(12)));
-	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpAddress::Literal({ 192, 168, 0, 0 }), uint8_t(16)));
-	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpAddress::Literal({ 169, 254, 0, 0 }), uint8_t(16)));
+	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpNetwork(wfp::IpAddress::Literal({ 10, 0, 0, 0 }), 8)));
+	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpNetwork(wfp::IpAddress::Literal({ 172, 16, 0, 0 }), 12)));
+	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpNetwork(wfp::IpAddress::Literal({ 192, 168, 0, 0 }), 16)));
+	conditionBuilder.add_condition(ConditionIp::Remote(wfp::IpNetwork(wfp::IpAddress::Literal({ 169, 254, 0, 0 }), 16)));
 
 	return objectInstaller.addFilter(filterBuilder, conditionBuilder);
 }
@@ -64,9 +65,9 @@ bool PermitLanService::applyIpv6(IObjectInstaller &objectInstaller) const
 
 	wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6);
 
-	wfp::IpAddress::Literal6 fe80{ 0xFE80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 };
+	const wfp::IpNetwork linkLocal(wfp::IpAddress::Literal6{ 0xFE80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }, 10);
 
-	conditionBuilder.add_condition(ConditionIp::Remote(fe80, uint8_t(10)));
+	conditionBuilder.add_condition(ConditionIp::Remote(linkLocal));
 
 	return objectInstaller.addFilter(filterBuilder, conditionBuilder);
 }