CVS commit: src/sys/netipsec

Wed, 19 Apr 2017 20:42:07 -0700 

Module Name:    src
Committed By:   ozaki-r
Date:           Thu Apr 20 03:41:47 UTC 2017

Modified Files:
        src/sys/netipsec: ipsec.c ipsec.h key.c

Log Message:
Provide IPSEC_DIR_* validation macros


To generate a diff of this commit:
cvs rdiff -u -r1.80 -r1.81 src/sys/netipsec/ipsec.c
cvs rdiff -u -r1.41 -r1.42 src/sys/netipsec/ipsec.h
cvs rdiff -u -r1.114 -r1.115 src/sys/netipsec/key.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/netipsec/ipsec.c
diff -u src/sys/netipsec/ipsec.c:1.80 src/sys/netipsec/ipsec.c:1.81
--- src/sys/netipsec/ipsec.c:1.80	Wed Apr 19 07:19:46 2017
+++ src/sys/netipsec/ipsec.c	Thu Apr 20 03:41:47 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec.c,v 1.80 2017/04/19 07:19:46 ozaki-r Exp $	*/
+/*	$NetBSD: ipsec.c,v 1.81 2017/04/20 03:41:47 ozaki-r Exp $	*/
 /*	$FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $	*/
 /*	$KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.80 2017/04/19 07:19:46 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.81 2017/04/20 03:41:47 ozaki-r Exp $");
 
 /*
  * IPsec controller part.
@@ -211,15 +211,7 @@ ipsec_checkpcbcache(struct mbuf *m, stru
 {
 	struct secpolicyindex spidx;
 
-	switch (dir) {
-	case IPSEC_DIR_INBOUND:
-	case IPSEC_DIR_OUTBOUND:
-	case IPSEC_DIR_ANY:
-		break;
-	default:
-		return NULL;
-	}
-
+	KASSERT(IPSEC_DIR_IS_VALID(dir));
 	KASSERT(pcbsp != NULL);
 	KASSERT(dir < sizeof(pcbsp->sp_cache)/sizeof(pcbsp->sp_cache[0]));
 
@@ -276,14 +268,7 @@ ipsec_fillpcbcache(struct inpcbpolicy *p
 	struct secpolicy *sp, int dir)
 {
 
-	switch (dir) {
-	case IPSEC_DIR_INBOUND:
-	case IPSEC_DIR_OUTBOUND:
-		break;
-	default:
-		return EINVAL;
-	}
-
+	KASSERT(IPSEC_DIR_IS_INOROUT(dir));
 	KASSERT(dir < sizeof(pcbsp->sp_cache)/sizeof(pcbsp->sp_cache[0]));
 
 	if (pcbsp->sp_cache[dir].cachesp)
@@ -426,8 +411,7 @@ ipsec_getpolicy(const struct tdb_ident *
 	struct secpolicy *sp;
 
 	KASSERT(tdbi != NULL);
-	KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
-	    "invalid direction %u", dir);
+	KASSERTMSG(IPSEC_DIR_IS_INOROUT(dir), "invalid direction %u", dir);
 
 	sp = KEY_ALLOCSP2(tdbi->spi, &tdbi->dst, tdbi->proto, dir);
 	if (sp == NULL)			/*XXX????*/
@@ -460,8 +444,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_
 	KASSERT(m != NULL);
 	KASSERT(inp != NULL);
 	KASSERT(error != NULL);
-	KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
-	    "invalid direction %u", dir);
+	KASSERTMSG(IPSEC_DIR_IS_INOROUT(dir), "invalid direction %u", dir);
 
 	KASSERT(inp->inph_socket != NULL);
 
@@ -592,8 +575,7 @@ ipsec_getpolicybyaddr(struct mbuf *m, u_
 
 	KASSERT(m != NULL);
 	KASSERT(error != NULL);
-	KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
-	    "invalid direction %u", dir);
+	KASSERTMSG(IPSEC_DIR_IS_INOROUT(dir), "invalid direction %u", dir);
 
 	sp = NULL;
 

Index: src/sys/netipsec/ipsec.h
diff -u src/sys/netipsec/ipsec.h:1.41 src/sys/netipsec/ipsec.h:1.42
--- src/sys/netipsec/ipsec.h:1.41	Wed Apr 19 03:39:14 2017
+++ src/sys/netipsec/ipsec.h	Thu Apr 20 03:41:47 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec.h,v 1.41 2017/04/19 03:39:14 ozaki-r Exp $	*/
+/*	$NetBSD: ipsec.h,v 1.42 2017/04/20 03:41:47 ozaki-r Exp $	*/
 /*	$FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $	*/
 /*	$KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $	*/
 
@@ -171,6 +171,10 @@ struct secspacq {
 #define IPSEC_DIR_MAX		3
 #define IPSEC_DIR_INVALID	4
 
+#define IPSEC_DIR_IS_VALID(dir)		((dir) >= 0 && (dir) <= IPSEC_DIR_MAX)
+#define IPSEC_DIR_IS_INOROUT(dir)	((dir) == IPSEC_DIR_INBOUND || \
+					 (dir) == IPSEC_DIR_OUTBOUND)
+
 /* Policy level */
 /*
  * IPSEC, ENTRUST and BYPASS are allowed for setsockopt() in PCB,

Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.114 src/sys/netipsec/key.c:1.115
--- src/sys/netipsec/key.c:1.114	Wed Apr 19 09:23:19 2017
+++ src/sys/netipsec/key.c	Thu Apr 20 03:41:47 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: key.c,v 1.114 2017/04/19 09:23:19 ozaki-r Exp $	*/
+/*	$NetBSD: key.c,v 1.115 2017/04/20 03:41:47 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $	*/
 /*	$KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.114 2017/04/19 09:23:19 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.115 2017/04/20 03:41:47 ozaki-r Exp $");
 
 /*
  * This code is referd to RFC 2367
@@ -652,8 +652,7 @@ key_allocsp2(u_int32_t spi,
 	int s;
 
 	KASSERT(dst != NULL);
-	KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
-	    "invalid direction %u", dir);
+	KASSERTMSG(IPSEC_DIR_IS_INOROUT(dir), "invalid direction %u", dir);
 
 	KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP from %s:%u\n", where, tag);

Reply via email to