diff options
| author | bz <bz@FreeBSD.org> | 2007-06-15 21:32:51 +0000 |
|---|---|---|
| committer | bz <bz@FreeBSD.org> | 2007-06-15 21:32:51 +0000 |
| commit | 9868265580898c9ed93791c269ee9fcc163d9285 (patch) | |
| tree | 7e360929e6e1741a7bc7ff0dba76604481359e41 /sys/netipsec | |
| parent | 795f6bc14a8b9e6ca354322e67d6fdef6b04dbf5 (diff) | |
| download | FreeBSD-src-9868265580898c9ed93791c269ee9fcc163d9285.zip FreeBSD-src-9868265580898c9ed93791c269ee9fcc163d9285.tar.gz | |
Though we are only called for the three security protocols we can
handle, document those sprotos using an IPSEC_ASSERT so that it will
be clear that 'spi' will always be initialized when used the first time.
Found with: Coverity Prevent(tm)
CID: 2533
Diffstat (limited to 'sys/netipsec')
| -rw-r--r-- | sys/netipsec/ipsec_input.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/netipsec/ipsec_input.c b/sys/netipsec/ipsec_input.c index 3368560..2587f64 100644 --- a/sys/netipsec/ipsec_input.c +++ b/sys/netipsec/ipsec_input.c @@ -116,6 +116,10 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto) IPSEC_ASSERT(m != NULL, ("null packet")); + IPSEC_ASSERT(sproto == IPPROTO_ESP || sproto == IPPROTO_AH || + sproto == IPPROTO_IPCOMP, + ("unexpected security protocol %u", sproto)); + if ((sproto == IPPROTO_ESP && !esp_enable) || (sproto == IPPROTO_AH && !ah_enable) || (sproto == IPPROTO_IPCOMP && !ipcomp_enable)) { |
