CVS commit: src/sys/netipsec

Thu, 06 Jul 2017 02:50:07 -0700 

Module Name:    src
Committed By:   ozaki-r
Date:           Thu Jul  6 09:49:46 UTC 2017

Modified Files:
        src/sys/netipsec: ipsec_input.c ipsec_output.c

Log Message:
Simplify; we can assume sav->tdb_xform cannot be NULL while it's valid


To generate a diff of this commit:
cvs rdiff -u -r1.45 -r1.46 src/sys/netipsec/ipsec_input.c
cvs rdiff -u -r1.49 -r1.50 src/sys/netipsec/ipsec_output.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/netipsec/ipsec_input.c
diff -u src/sys/netipsec/ipsec_input.c:1.45 src/sys/netipsec/ipsec_input.c:1.46
--- src/sys/netipsec/ipsec_input.c:1.45	Wed Jul  5 03:44:59 2017
+++ src/sys/netipsec/ipsec_input.c	Thu Jul  6 09:49:46 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_input.c,v 1.45 2017/07/05 03:44:59 ozaki-r Exp $	*/
+/*	$NetBSD: ipsec_input.c,v 1.46 2017/07/06 09:49:46 ozaki-r Exp $	*/
 /*	$FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $	*/
 /*	$OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $	*/
 
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.45 2017/07/05 03:44:59 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.46 2017/07/06 09:49:46 ozaki-r Exp $");
 
 /*
  * IPsec input processing.
@@ -281,18 +281,7 @@ ipsec_common_input(struct mbuf *m, int s
 		return ENOENT;
 	}
 
-	if (sav->tdb_xform == NULL) {
-		IPSECLOG(LOG_DEBUG,
-		    "attempted to use uninitialized SA %s/%08lx/%u\n",
-		    ipsec_address(&dst_address, buf, sizeof(buf)),
-		    (u_long) ntohl(spi), sproto);
-		IPSEC_ISTAT(sproto, ESP_STAT_NOXFORM, AH_STAT_NOXFORM,
-		    IPCOMP_STAT_NOXFORM);
-		KEY_FREESAV(&sav);
-		splx(s);
-		m_freem(m);
-		return ENXIO;
-	}
+	KASSERT(sav->tdb_xform != NULL);
 
 	/*
 	 * Call appropriate transform and return -- callback takes care of

Index: src/sys/netipsec/ipsec_output.c
diff -u src/sys/netipsec/ipsec_output.c:1.49 src/sys/netipsec/ipsec_output.c:1.50
--- src/sys/netipsec/ipsec_output.c:1.49	Tue Jul  4 06:45:05 2017
+++ src/sys/netipsec/ipsec_output.c	Thu Jul  6 09:49:46 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_output.c,v 1.49 2017/07/04 06:45:05 ozaki-r Exp $	*/
+/*	$NetBSD: ipsec_output.c,v 1.50 2017/07/06 09:49:46 ozaki-r Exp $	*/
 
 /*-
  * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,7 +29,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.49 2017/07/04 06:45:05 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.50 2017/07/06 09:49:46 ozaki-r Exp $");
 
 /*
  * IPsec output processing.
@@ -428,12 +428,7 @@ again:
 	 * Sanity check the SA contents for the caller
 	 * before they invoke the xform output method.
 	 */
-	if (sav->tdb_xform == NULL) {
-		IPSECLOG(LOG_DEBUG, "no transform for SA\n");
-		IPSEC_OSTAT(NOXFORM);
-		*error = EHOSTUNREACH;
-		goto bad;
-	}
+	KASSERT(sav->tdb_xform != NULL);
 	return isr;
 bad:
 	KASSERTMSG(*error != 0, "error return w/ no error code");

Reply via email to