NetworkPkg: Fix hang issue after system reconnected when IPSec has set up

IpSecStop() is incompetent to send out the delete information since the underlying IP child has been destroyed. Delete all established IKE SAs and related Child SAs directly. Cc: Ye Ting <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18223 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-14 07:41:51 +00:00 · 2015-08-14 07:41:51 +00:00 · 5dd08a463d
parent a0f2af3a74
commit 5dd08a463d
5 changed files with 30 additions and 11 deletions
--- a/NetworkPkg/IpSecDxe/IkeService.c
+++ b/NetworkPkg/IpSecDxe/IkeService.c
@ -15,7 +15,6 @@

 #include "IkeService.h"
 #include "IpSecConfigImpl.h"
-#include "Ikev2/Utility.h"

 IKE_EXCHANGE_INTERFACE  *mIkeExchange[] = {
  &mIkev1Exchange,
--- a/NetworkPkg/IpSecDxe/IkeService.h
+++ b/NetworkPkg/IpSecDxe/IkeService.h
@ -1,7 +1,7 @@
 /** @file
  Prototypes definitions of IKE service.

-  Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>

  This program and the accompanying materials
  are licensed and made available under the terms and conditions of the BSD License
@ -19,6 +19,7 @@
 #include "Ike.h"
 #include "IpSecImpl.h"
 #include "IkeCommon.h"
+#include "Ikev2/Utility.h"

 #define IPSEC_CRYPTO_LIB_MEMORY 128 * 1024

--- a/NetworkPkg/IpSecDxe/Ikev2/Exchange.c
+++ b/NetworkPkg/IpSecDxe/Ikev2/Exchange.c
@ -1,7 +1,7 @@
 /** @file
  The general interfaces of the IKEv2.

-  Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>

  This program and the accompanying materials
  are licensed and made available under the terms and conditions of the BSD License
@ -330,7 +330,7 @@ Ikev2NegotiateInfo (
    //
    // Send out the Packet
    //
-    if (UdpService != NULL) {
+    if (UdpService != NULL && UdpService->Output != NULL) {
      Status = Ikev2SendIkePacket (UdpService, (UINT8 *) SaCommon, IkePacket, 0);

      if (EFI_ERROR (Status)) {
@ -357,7 +357,7 @@ Ikev2NegotiateInfo (
      //
      // Send out the Packet
      //
-      if (UdpService != NULL) {
+      if (UdpService != NULL && UdpService->Output != NULL) {
        Status = Ikev2SendIkePacket (UdpService, (UINT8 *) &ChildSaSession->SessionCommon, IkePacket, 0);

        if (EFI_ERROR (Status)) {
--- a/NetworkPkg/IpSecDxe/Ikev2/Utility.c
+++ b/NetworkPkg/IpSecDxe/Ikev2/Utility.c
@ -2,7 +2,7 @@
  The Common operations used by IKE Exchange Process.

  (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
-  Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>

  This program and the accompanying materials
  are licensed and made available under the terms and conditions of the BSD License
@ -891,9 +891,7 @@ Ikev2ChildSaSilentDelete (
  RemoteSelector  = NULL;
  UdpService      = IkeSaSession->SessionCommon.UdpService;

-  Private  = (UdpService->IpVersion == IP_VERSION_4) ?
-             IPSEC_PRIVATE_DATA_FROM_UDP4LIST(UdpService->ListHead) :
-             IPSEC_PRIVATE_DATA_FROM_UDP6LIST(UdpService->ListHead);
+  Private = IkeSaSession->SessionCommon.Private;

  //
  // Remove the Established SA from ChildSaEstablishlist.
--- a/NetworkPkg/IpSecDxe/IpSecDriver.c
+++ b/NetworkPkg/IpSecDxe/IpSecDriver.c
@ -1,7 +1,7 @@
 /** @file
  Driver Binding Protocol for IPsec Driver.

-  Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>

  This program and the accompanying materials
  are licensed and made available under the terms and conditions of the BSD License
@ -178,6 +178,7 @@ IpSecStop (
  IKE_UDP_SERVICE     *UdpSrv;
  LIST_ENTRY          *Entry;
  LIST_ENTRY          *Next;
+  IKEV2_SA_SESSION    *Ikev2SaSession;

  //
  // Locate ipsec protocol to get private data.
@ -196,7 +197,27 @@ IpSecStop (
  //
  if ((IpVersion == IP_VERSION_4 && Private->Udp6Num ==0) ||
      (IpVersion == IP_VERSION_6 && Private->Udp4Num ==0)) {
-    IkeDeleteAllSas (Private, FALSE);
+    //
+    // If IKEv2 SAs are under establishing, delete it directly.
+    //
+    if (!IsListEmpty (&Private->Ikev2SessionList)) {
+      NET_LIST_FOR_EACH_SAFE (Entry, Next, &Private->Ikev2SessionList) {
+        Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry);
+        RemoveEntryList (&Ikev2SaSession->BySessionTable);
+        Ikev2SaSessionFree (Ikev2SaSession);
+      }
+    }
+
+    //
+    // Delete established IKEv2 SAs.
+    //
+    if (!IsListEmpty (&Private->Ikev2EstablishedList)) {
+      NET_LIST_FOR_EACH_SAFE (Entry, Next, &Private->Ikev2EstablishedList) {
+        Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry); 
+        RemoveEntryList (&Ikev2SaSession->BySessionTable);
+        Ikev2SaSessionFree (Ikev2SaSession);
+      }
+    }
  }

  if (IpVersion == IP_VERSION_4) {