Module Name: src Committed By: ozaki-r Date: Thu Apr 20 03:41:47 UTC 2017
Modified Files: src/sys/netipsec: ipsec.c ipsec.h key.c Log Message: Provide IPSEC_DIR_* validation macros To generate a diff of this commit: cvs rdiff -u -r1.80 -r1.81 src/sys/netipsec/ipsec.c cvs rdiff -u -r1.41 -r1.42 src/sys/netipsec/ipsec.h cvs rdiff -u -r1.114 -r1.115 src/sys/netipsec/key.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netipsec/ipsec.c diff -u src/sys/netipsec/ipsec.c:1.80 src/sys/netipsec/ipsec.c:1.81 --- src/sys/netipsec/ipsec.c:1.80 Wed Apr 19 07:19:46 2017 +++ src/sys/netipsec/ipsec.c Thu Apr 20 03:41:47 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec.c,v 1.80 2017/04/19 07:19:46 ozaki-r Exp $ */ +/* $NetBSD: ipsec.c,v 1.81 2017/04/20 03:41:47 ozaki-r Exp $ */ /* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */ /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */ @@ -32,7 +32,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.80 2017/04/19 07:19:46 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.81 2017/04/20 03:41:47 ozaki-r Exp $"); /* * IPsec controller part. @@ -211,15 +211,7 @@ ipsec_checkpcbcache(struct mbuf *m, stru { struct secpolicyindex spidx; - switch (dir) { - case IPSEC_DIR_INBOUND: - case IPSEC_DIR_OUTBOUND: - case IPSEC_DIR_ANY: - break; - default: - return NULL; - } - + KASSERT(IPSEC_DIR_IS_VALID(dir)); KASSERT(pcbsp != NULL); KASSERT(dir < sizeof(pcbsp->sp_cache)/sizeof(pcbsp->sp_cache[0])); @@ -276,14 +268,7 @@ ipsec_fillpcbcache(struct inpcbpolicy *p struct secpolicy *sp, int dir) { - switch (dir) { - case IPSEC_DIR_INBOUND: - case IPSEC_DIR_OUTBOUND: - break; - default: - return EINVAL; - } - + KASSERT(IPSEC_DIR_IS_INOROUT(dir)); KASSERT(dir < sizeof(pcbsp->sp_cache)/sizeof(pcbsp->sp_cache[0])); if (pcbsp->sp_cache[dir].cachesp) @@ -426,8 +411,7 @@ ipsec_getpolicy(const struct tdb_ident * struct secpolicy *sp; KASSERT(tdbi != NULL); - KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, - "invalid direction %u", dir); + KASSERTMSG(IPSEC_DIR_IS_INOROUT(dir), "invalid direction %u", dir); sp = KEY_ALLOCSP2(tdbi->spi, &tdbi->dst, tdbi->proto, dir); if (sp == NULL) /*XXX????*/ @@ -460,8 +444,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_ KASSERT(m != NULL); KASSERT(inp != NULL); KASSERT(error != NULL); - KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, - "invalid direction %u", dir); + KASSERTMSG(IPSEC_DIR_IS_INOROUT(dir), "invalid direction %u", dir); KASSERT(inp->inph_socket != NULL); @@ -592,8 +575,7 @@ ipsec_getpolicybyaddr(struct mbuf *m, u_ KASSERT(m != NULL); KASSERT(error != NULL); - KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, - "invalid direction %u", dir); + KASSERTMSG(IPSEC_DIR_IS_INOROUT(dir), "invalid direction %u", dir); sp = NULL; Index: src/sys/netipsec/ipsec.h diff -u src/sys/netipsec/ipsec.h:1.41 src/sys/netipsec/ipsec.h:1.42 --- src/sys/netipsec/ipsec.h:1.41 Wed Apr 19 03:39:14 2017 +++ src/sys/netipsec/ipsec.h Thu Apr 20 03:41:47 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec.h,v 1.41 2017/04/19 03:39:14 ozaki-r Exp $ */ +/* $NetBSD: ipsec.h,v 1.42 2017/04/20 03:41:47 ozaki-r Exp $ */ /* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $ */ /* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */ @@ -171,6 +171,10 @@ struct secspacq { #define IPSEC_DIR_MAX 3 #define IPSEC_DIR_INVALID 4 +#define IPSEC_DIR_IS_VALID(dir) ((dir) >= 0 && (dir) <= IPSEC_DIR_MAX) +#define IPSEC_DIR_IS_INOROUT(dir) ((dir) == IPSEC_DIR_INBOUND || \ + (dir) == IPSEC_DIR_OUTBOUND) + /* Policy level */ /* * IPSEC, ENTRUST and BYPASS are allowed for setsockopt() in PCB, Index: src/sys/netipsec/key.c diff -u src/sys/netipsec/key.c:1.114 src/sys/netipsec/key.c:1.115 --- src/sys/netipsec/key.c:1.114 Wed Apr 19 09:23:19 2017 +++ src/sys/netipsec/key.c Thu Apr 20 03:41:47 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: key.c,v 1.114 2017/04/19 09:23:19 ozaki-r Exp $ */ +/* $NetBSD: key.c,v 1.115 2017/04/20 03:41:47 ozaki-r Exp $ */ /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ @@ -32,7 +32,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.114 2017/04/19 09:23:19 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.115 2017/04/20 03:41:47 ozaki-r Exp $"); /* * This code is referd to RFC 2367 @@ -652,8 +652,7 @@ key_allocsp2(u_int32_t spi, int s; KASSERT(dst != NULL); - KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, - "invalid direction %u", dir); + KASSERTMSG(IPSEC_DIR_IS_INOROUT(dir), "invalid direction %u", dir); KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP from %s:%u\n", where, tag);