From f4760821dbe9934086f47ce9df51d43f2ca7d929 Mon Sep 17 00:00:00 2001 From: "Bjoern A. Zeeb" Date: Fri, 15 Jun 2007 21:32:51 +0000 Subject: [PATCH] Though we are only called for the three security protocols we can handle, document those sprotos using an IPSEC_ASSERT so that it will be clear that 'spi' will always be initialized when used the first time. Found with: Coverity Prevent(tm) CID: 2533 --- sys/netipsec/ipsec_input.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/netipsec/ipsec_input.c b/sys/netipsec/ipsec_input.c index 33685602e3f..2587f64843b 100644 --- a/sys/netipsec/ipsec_input.c +++ b/sys/netipsec/ipsec_input.c @@ -116,6 +116,10 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto) IPSEC_ASSERT(m != NULL, ("null packet")); + IPSEC_ASSERT(sproto == IPPROTO_ESP || sproto == IPPROTO_AH || + sproto == IPPROTO_IPCOMP, + ("unexpected security protocol %u", sproto)); + if ((sproto == IPPROTO_ESP && !esp_enable) || (sproto == IPPROTO_AH && !ah_enable) || (sproto == IPPROTO_IPCOMP && !ipcomp_enable)) {