ipsec: validate number of input sas

[vpp.git] / src / vnet / ipsec / ipsec_tun.h

diff --git a/src/vnet/ipsec/ipsec_tun.h b/src/vnet/ipsec/ipsec_tun.h
index 56d3de1..90f2996 100644 (file)
--- a/src/vnet/ipsec/ipsec_tun.h
+++ b/src/vnet/ipsec/ipsec_tun.h
@@ -59,6 +59,8 @@ typedef struct ipsec_ep_t_
   ip46_address_t dst;
 } ipsec_ep_t;
 
+#define ITP_MAX_N_SA_IN 4
+
 typedef struct ipsec_tun_protect_t_
 {
   CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
@@ -67,7 +69,7 @@ typedef struct ipsec_tun_protect_t_
   /* not using a vector since we want the memory inline
    * with this struct */
   u32 itp_n_sa_in;
-  index_t itp_in_sas[4];
+  index_t itp_in_sas[ITP_MAX_N_SA_IN];
 
   u32 itp_sw_if_index;
 
@@ -121,6 +123,9 @@ extern void ipsec_tun_protect_walk_itf (u32 sw_if_index,
 extern u8 *format_ipsec_tun_protect (u8 * s, va_list * args);
 extern u8 *format_ipsec_tun_protect_index (u8 * s, va_list * args);
 
+extern void ipsec_tun_register_nodes (ip_address_family_t af);
+extern void ipsec_tun_unregister_nodes (ip_address_family_t af);
+
 // FIXME
 extern vlib_node_registration_t ipsec4_tun_input_node;
 extern vlib_node_registration_t ipsec6_tun_input_node;