Though we are only called for the three security protocols we can
handle, document those sprotos using an IPSEC_ASSERT so that it will be clear that 'spi' will always be initialized when used the first time. Found with: Coverity Prevent(tm) CID: 2533
This commit is contained in:
parent
b9e7085a57
commit
f4760821db
@ -116,6 +116,10 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto)
|
||||
|
||||
IPSEC_ASSERT(m != NULL, ("null packet"));
|
||||
|
||||
IPSEC_ASSERT(sproto == IPPROTO_ESP || sproto == IPPROTO_AH ||
|
||||
sproto == IPPROTO_IPCOMP,
|
||||
("unexpected security protocol %u", sproto));
|
||||
|
||||
if ((sproto == IPPROTO_ESP && !esp_enable) ||
|
||||
(sproto == IPPROTO_AH && !ah_enable) ||
|
||||
(sproto == IPPROTO_IPCOMP && !ipcomp_enable)) {
|
||||
|
Loading…
Reference in New Issue
Block a user