[src/trunk]: src/sys/netipsec Provide IPSEC_DIR_* validation macros

[ozaki-r <ozaki-r%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/571b397f8615
branches:  trunk
changeset: 353092:571b397f8615
user:      ozaki-r <ozaki-r%NetBSD.org@localhost>
date:      Thu Apr 20 03:41:47 2017 +0000

description:
Provide IPSEC_DIR_* validation macros

diffstat:

 sys/netipsec/ipsec.c |  32 +++++++-------------------------
 sys/netipsec/ipsec.h |   6 +++++-
 sys/netipsec/key.c   |   7 +++----
 3 files changed, 15 insertions(+), 30 deletions(-)

diffs (129 lines):

diff -r 17a76a994387 -r 571b397f8615 sys/netipsec/ipsec.c
--- a/sys/netipsec/ipsec.c      Thu Apr 20 02:42:59 2017 +0000
+++ b/sys/netipsec/ipsec.c      Thu Apr 20 03:41:47 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsec.c,v 1.80 2017/04/19 07:19:46 ozaki-r Exp $       */
+/*     $NetBSD: ipsec.c,v 1.81 2017/04/20 03:41:47 ozaki-r Exp $       */
 /*     $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $       */
 /*     $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.80 2017/04/19 07:19:46 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.81 2017/04/20 03:41:47 ozaki-r Exp $");
 
 /*
  * IPsec controller part.
@@ -211,15 +211,7 @@
 {
        struct secpolicyindex spidx;
 
-       switch (dir) {
-       case IPSEC_DIR_INBOUND:
-       case IPSEC_DIR_OUTBOUND:
-       case IPSEC_DIR_ANY:
-               break;
-       default:
-               return NULL;
-       }
-
+       KASSERT(IPSEC_DIR_IS_VALID(dir));
        KASSERT(pcbsp != NULL);
        KASSERT(dir < sizeof(pcbsp->sp_cache)/sizeof(pcbsp->sp_cache[0]));
 
@@ -276,14 +268,7 @@
        struct secpolicy *sp, int dir)
 {
 
-       switch (dir) {
-       case IPSEC_DIR_INBOUND:
-       case IPSEC_DIR_OUTBOUND:
-               break;
-       default:
-               return EINVAL;
-       }
-
+       KASSERT(IPSEC_DIR_IS_INOROUT(dir));
        KASSERT(dir < sizeof(pcbsp->sp_cache)/sizeof(pcbsp->sp_cache[0]));
 
        if (pcbsp->sp_cache[dir].cachesp)
@@ -426,8 +411,7 @@
        struct secpolicy *sp;
 
        KASSERT(tdbi != NULL);
-       KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
-           "invalid direction %u", dir);
+       KASSERTMSG(IPSEC_DIR_IS_INOROUT(dir), "invalid direction %u", dir);
 
        sp = KEY_ALLOCSP2(tdbi->spi, &tdbi->dst, tdbi->proto, dir);
        if (sp == NULL)                 /*XXX????*/
@@ -460,8 +444,7 @@
        KASSERT(m != NULL);
        KASSERT(inp != NULL);
        KASSERT(error != NULL);
-       KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
-           "invalid direction %u", dir);
+       KASSERTMSG(IPSEC_DIR_IS_INOROUT(dir), "invalid direction %u", dir);
 
        KASSERT(inp->inph_socket != NULL);
 
@@ -592,8 +575,7 @@
 
        KASSERT(m != NULL);
        KASSERT(error != NULL);
-       KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
-           "invalid direction %u", dir);
+       KASSERTMSG(IPSEC_DIR_IS_INOROUT(dir), "invalid direction %u", dir);
 
        sp = NULL;
 
diff -r 17a76a994387 -r 571b397f8615 sys/netipsec/ipsec.h
--- a/sys/netipsec/ipsec.h      Thu Apr 20 02:42:59 2017 +0000
+++ b/sys/netipsec/ipsec.h      Thu Apr 20 03:41:47 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsec.h,v 1.41 2017/04/19 03:39:14 ozaki-r Exp $       */
+/*     $NetBSD: ipsec.h,v 1.42 2017/04/20 03:41:47 ozaki-r Exp $       */
 /*     $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $       */
 /*     $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $  */
 
@@ -171,6 +171,10 @@
 #define IPSEC_DIR_MAX          3
 #define IPSEC_DIR_INVALID      4
 
+#define IPSEC_DIR_IS_VALID(dir)                ((dir) >= 0 && (dir) <= IPSEC_DIR_MAX)
+#define IPSEC_DIR_IS_INOROUT(dir)      ((dir) == IPSEC_DIR_INBOUND || \
+                                        (dir) == IPSEC_DIR_OUTBOUND)
+
 /* Policy level */
 /*
  * IPSEC, ENTRUST and BYPASS are allowed for setsockopt() in PCB,
diff -r 17a76a994387 -r 571b397f8615 sys/netipsec/key.c
--- a/sys/netipsec/key.c        Thu Apr 20 02:42:59 2017 +0000
+++ b/sys/netipsec/key.c        Thu Apr 20 03:41:47 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: key.c,v 1.114 2017/04/19 09:23:19 ozaki-r Exp $        */
+/*     $NetBSD: key.c,v 1.115 2017/04/20 03:41:47 ozaki-r Exp $        */
 /*     $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $        */
 /*     $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $   */
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.114 2017/04/19 09:23:19 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.115 2017/04/20 03:41:47 ozaki-r Exp $");
 
 /*
  * This code is referd to RFC 2367
@@ -652,8 +652,7 @@
        int s;
 
        KASSERT(dst != NULL);
-       KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
-           "invalid direction %u", dir);
+       KASSERTMSG(IPSEC_DIR_IS_INOROUT(dir), "invalid direction %u", dir);
 
        KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP from %s:%u\n", where, tag);