From 86104d3ebb3525c2773b3d3881104725b3f0f3cf Mon Sep 17 00:00:00 2001
From: Mateusz Guzik <mjg@FreeBSD.org>
Date: Wed, 7 Sep 2022 22:27:15 +0200
Subject: [PATCH] ipsec: prohibit unknown directions in key_havesp

Eliminates a branch checking for its validity.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D36485
---
 sys/netipsec/key.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index b8a47a6a678b..093db4fb9126 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -806,8 +806,9 @@ int
 key_havesp(u_int dir)
 {
 
-	return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ?
-		TAILQ_FIRST(&V_sptree[dir]) != NULL : 1);
+	IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
+		("invalid direction %u", dir));
+	return (TAILQ_FIRST(&V_sptree[dir]) != NULL);
 }
 
 /* %%% IPsec policy management */