mirror of https://github.com/acidanthera/audk.git
1. Update IPsec driver to produce EFI_IPSEC2_PROTOCOL which is defined by UEFI errata that will appear in UEFI 2.3 specification after 2.3 errata B and future UEFI Specifications after 2.3.
2. Update IPv6 driver to consume the EFI_IPSEC2_PROTOCOL. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10991 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
parent
780847d128
commit
68d3f2fb61
|
@ -15,7 +15,7 @@
|
||||||
|
|
||||||
#include "Ip6Impl.h"
|
#include "Ip6Impl.h"
|
||||||
|
|
||||||
EFI_IPSEC_PROTOCOL *mIpSec = NULL;
|
EFI_IPSEC2_PROTOCOL *mIpSec = NULL;
|
||||||
|
|
||||||
EFI_IP6_PROTOCOL mEfiIp6ProtocolTemplete = {
|
EFI_IP6_PROTOCOL mEfiIp6ProtocolTemplete = {
|
||||||
EfiIp6GetModeData,
|
EfiIp6GetModeData,
|
||||||
|
|
|
@ -89,7 +89,7 @@
|
||||||
|
|
||||||
#define IP6_NO_MAPPING(IpInstance) (!(IpInstance)->Interface->Configured)
|
#define IP6_NO_MAPPING(IpInstance) (!(IpInstance)->Interface->Configured)
|
||||||
|
|
||||||
extern EFI_IPSEC_PROTOCOL *mIpSec;
|
extern EFI_IPSEC2_PROTOCOL *mIpSec;
|
||||||
|
|
||||||
//
|
//
|
||||||
// IP6_TXTOKEN_WRAP wraps the upper layer's transmit token.
|
// IP6_TXTOKEN_WRAP wraps the upper layer's transmit token.
|
||||||
|
|
|
@ -481,11 +481,11 @@ Ip6IpSecFree (
|
||||||
actions: bypass the packet, discard the packet, or protect the packet.
|
actions: bypass the packet, discard the packet, or protect the packet.
|
||||||
|
|
||||||
@param[in] IpSb The IP6 service instance.
|
@param[in] IpSb The IP6 service instance.
|
||||||
@param[in] Head The caller-supplied IP6 header.
|
@param[in, out] Head The caller-supplied IP6 header.
|
||||||
@param[in, out] LastHead The next header field of last IP header.
|
@param[in, out] LastHead The next header field of last IP header.
|
||||||
@param[in, out] Netbuf The IP6 packet to be processed by IPsec.
|
@param[in, out] Netbuf The IP6 packet to be processed by IPsec.
|
||||||
@param[in] ExtHdrs The caller-supplied options.
|
@param[in, out] ExtHdrs The caller-supplied options.
|
||||||
@param[in] ExtHdrsLen The length of the option.
|
@param[in, out] ExtHdrsLen The length of the option.
|
||||||
@param[in] Direction The directionality in an SPD entry,
|
@param[in] Direction The directionality in an SPD entry,
|
||||||
EfiIPsecInBound, or EfiIPsecOutBound.
|
EfiIPsecInBound, or EfiIPsecOutBound.
|
||||||
@param[in] Context The token's wrap.
|
@param[in] Context The token's wrap.
|
||||||
|
@ -501,18 +501,20 @@ Ip6IpSecFree (
|
||||||
**/
|
**/
|
||||||
EFI_STATUS
|
EFI_STATUS
|
||||||
Ip6IpSecProcessPacket (
|
Ip6IpSecProcessPacket (
|
||||||
IN IP6_SERVICE *IpSb,
|
IN IP6_SERVICE *IpSb,
|
||||||
IN EFI_IP6_HEADER *Head,
|
IN OUT EFI_IP6_HEADER **Head,
|
||||||
IN OUT UINT8 *LastHead,
|
IN OUT UINT8 *LastHead,
|
||||||
IN OUT NET_BUF **Netbuf,
|
IN OUT NET_BUF **Netbuf,
|
||||||
IN VOID *ExtHdrs,
|
IN OUT UINT8 **ExtHdrs,
|
||||||
IN UINT32 ExtHdrsLen,
|
IN OUT UINT32 *ExtHdrsLen,
|
||||||
IN EFI_IPSEC_TRAFFIC_DIR Direction,
|
IN EFI_IPSEC_TRAFFIC_DIR Direction,
|
||||||
IN VOID *Context
|
IN VOID *Context
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
NET_FRAGMENT *FragmentTable;
|
NET_FRAGMENT *FragmentTable;
|
||||||
|
NET_FRAGMENT *OriginalFragmentTable;
|
||||||
UINT32 FragmentCount;
|
UINT32 FragmentCount;
|
||||||
|
UINT32 OriginalFragmentCount;
|
||||||
EFI_EVENT RecycleEvent;
|
EFI_EVENT RecycleEvent;
|
||||||
NET_BUF *Packet;
|
NET_BUF *Packet;
|
||||||
IP6_TXTOKEN_WRAP *TxWrap;
|
IP6_TXTOKEN_WRAP *TxWrap;
|
||||||
|
@ -520,6 +522,7 @@ Ip6IpSecProcessPacket (
|
||||||
EFI_STATUS Status;
|
EFI_STATUS Status;
|
||||||
EFI_IP6_HEADER *PacketHead;
|
EFI_IP6_HEADER *PacketHead;
|
||||||
UINT8 *Buf;
|
UINT8 *Buf;
|
||||||
|
EFI_IP6_HEADER ZeroHead;
|
||||||
|
|
||||||
Status = EFI_SUCCESS;
|
Status = EFI_SUCCESS;
|
||||||
Packet = *Netbuf;
|
Packet = *Netbuf;
|
||||||
|
@ -530,6 +533,7 @@ Ip6IpSecProcessPacket (
|
||||||
Buf = NULL;
|
Buf = NULL;
|
||||||
TxWrap = (IP6_TXTOKEN_WRAP *) Context;
|
TxWrap = (IP6_TXTOKEN_WRAP *) Context;
|
||||||
FragmentCount = Packet->BlockOpNum;
|
FragmentCount = Packet->BlockOpNum;
|
||||||
|
ZeroMem (&ZeroHead, sizeof (EFI_IP6_HEADER));
|
||||||
|
|
||||||
if (mIpSec == NULL) {
|
if (mIpSec == NULL) {
|
||||||
gBS->LocateProtocol (&gEfiIpSecProtocolGuid, NULL, (VOID **) &mIpSec);
|
gBS->LocateProtocol (&gEfiIpSecProtocolGuid, NULL, (VOID **) &mIpSec);
|
||||||
|
@ -562,7 +566,7 @@ Ip6IpSecProcessPacket (
|
||||||
//
|
//
|
||||||
// Bypass all multicast inbound or outbound traffic.
|
// Bypass all multicast inbound or outbound traffic.
|
||||||
//
|
//
|
||||||
if (IP6_IS_MULTICAST (&Head->DestinationAddress) || IP6_IS_MULTICAST (&Head->SourceAddress)) {
|
if (IP6_IS_MULTICAST (&(*Head)->DestinationAddress) || IP6_IS_MULTICAST (&(*Head)->SourceAddress)) {
|
||||||
goto ON_EXIT;
|
goto ON_EXIT;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -577,6 +581,8 @@ Ip6IpSecProcessPacket (
|
||||||
}
|
}
|
||||||
|
|
||||||
Status = NetbufBuildExt (Packet, FragmentTable, &FragmentCount);
|
Status = NetbufBuildExt (Packet, FragmentTable, &FragmentCount);
|
||||||
|
OriginalFragmentTable = FragmentTable;
|
||||||
|
OriginalFragmentCount = FragmentCount;
|
||||||
|
|
||||||
if (EFI_ERROR(Status)) {
|
if (EFI_ERROR(Status)) {
|
||||||
FreePool (FragmentTable);
|
FreePool (FragmentTable);
|
||||||
|
@ -586,16 +592,16 @@ Ip6IpSecProcessPacket (
|
||||||
//
|
//
|
||||||
// Convert host byte order to network byte order
|
// Convert host byte order to network byte order
|
||||||
//
|
//
|
||||||
Ip6NtohHead (Head);
|
Ip6NtohHead (*Head);
|
||||||
|
|
||||||
Status = mIpSec->Process (
|
Status = mIpSec->ProcessExt (
|
||||||
mIpSec,
|
mIpSec,
|
||||||
IpSb->Controller,
|
IpSb->Controller,
|
||||||
IP_VERSION_6,
|
IP_VERSION_6,
|
||||||
(VOID *) Head,
|
(VOID *) (*Head),
|
||||||
LastHead,
|
LastHead,
|
||||||
NULL,
|
(VOID **) ExtHdrs,
|
||||||
0,
|
ExtHdrsLen,
|
||||||
(EFI_IPSEC_FRAGMENT_DATA **) (&FragmentTable),
|
(EFI_IPSEC_FRAGMENT_DATA **) (&FragmentTable),
|
||||||
&FragmentCount,
|
&FragmentCount,
|
||||||
Direction,
|
Direction,
|
||||||
|
@ -604,14 +610,20 @@ Ip6IpSecProcessPacket (
|
||||||
//
|
//
|
||||||
// Convert back to host byte order
|
// Convert back to host byte order
|
||||||
//
|
//
|
||||||
Ip6NtohHead (Head);
|
Ip6NtohHead (*Head);
|
||||||
|
|
||||||
if (EFI_ERROR (Status)) {
|
if (EFI_ERROR (Status)) {
|
||||||
goto ON_EXIT;
|
goto ON_EXIT;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (Direction == EfiIPsecOutBound && TxWrap != NULL) {
|
if (OriginalFragmentCount == FragmentCount && OriginalFragmentTable == FragmentTable) {
|
||||||
|
//
|
||||||
|
// For ByPass Packet
|
||||||
|
//
|
||||||
|
goto ON_EXIT;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (Direction == EfiIPsecOutBound && TxWrap != NULL) {
|
||||||
TxWrap->IpSecRecycleSignal = RecycleEvent;
|
TxWrap->IpSecRecycleSignal = RecycleEvent;
|
||||||
TxWrap->Packet = NetbufFromExt (
|
TxWrap->Packet = NetbufFromExt (
|
||||||
FragmentTable,
|
FragmentTable,
|
||||||
|
@ -626,6 +638,13 @@ Ip6IpSecProcessPacket (
|
||||||
goto ON_EXIT;
|
goto ON_EXIT;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CopyMem (
|
||||||
|
IP6_GET_CLIP_INFO (TxWrap->Packet),
|
||||||
|
IP6_GET_CLIP_INFO (Packet),
|
||||||
|
sizeof (IP6_CLIP_INFO)
|
||||||
|
);
|
||||||
|
|
||||||
|
NetIpSecNetbufFree(Packet);
|
||||||
*Netbuf = TxWrap->Packet;
|
*Netbuf = TxWrap->Packet;
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
@ -652,11 +671,11 @@ Ip6IpSecProcessPacket (
|
||||||
goto ON_EXIT;
|
goto ON_EXIT;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (Direction == EfiIPsecInBound) {
|
if (Direction == EfiIPsecInBound && 0 != CompareMem (&ZeroHead, *Head, sizeof (EFI_IP6_HEADER))) {
|
||||||
|
|
||||||
PacketHead = (EFI_IP6_HEADER *) NetbufAllocSpace (
|
PacketHead = (EFI_IP6_HEADER *) NetbufAllocSpace (
|
||||||
Packet,
|
Packet,
|
||||||
sizeof (EFI_IP6_HEADER) + ExtHdrsLen,
|
sizeof (EFI_IP6_HEADER) + *ExtHdrsLen,
|
||||||
NET_BUF_HEAD
|
NET_BUF_HEAD
|
||||||
);
|
);
|
||||||
if (PacketHead == NULL) {
|
if (PacketHead == NULL) {
|
||||||
|
@ -664,22 +683,22 @@ Ip6IpSecProcessPacket (
|
||||||
goto ON_EXIT;
|
goto ON_EXIT;
|
||||||
}
|
}
|
||||||
|
|
||||||
CopyMem (PacketHead, Head, sizeof (EFI_IP6_HEADER));
|
CopyMem (PacketHead, *Head, sizeof (EFI_IP6_HEADER));
|
||||||
|
*Head = PacketHead;
|
||||||
Packet->Ip.Ip6 = PacketHead;
|
Packet->Ip.Ip6 = PacketHead;
|
||||||
|
|
||||||
if (ExtHdrs != NULL) {
|
if (*ExtHdrs != NULL) {
|
||||||
Buf = (UINT8 *) (PacketHead + 1);
|
Buf = (UINT8 *) (PacketHead + 1);
|
||||||
CopyMem (Buf, ExtHdrs, ExtHdrsLen);
|
CopyMem (Buf, *ExtHdrs, *ExtHdrsLen);
|
||||||
}
|
}
|
||||||
|
|
||||||
NetbufTrim (Packet, sizeof (EFI_IP6_HEADER) + ExtHdrsLen, TRUE);
|
NetbufTrim (Packet, sizeof (EFI_IP6_HEADER) + *ExtHdrsLen, TRUE);
|
||||||
CopyMem (
|
CopyMem (
|
||||||
IP6_GET_CLIP_INFO (Packet),
|
IP6_GET_CLIP_INFO (Packet),
|
||||||
IP6_GET_CLIP_INFO (IpSecWrap->Packet),
|
IP6_GET_CLIP_INFO (IpSecWrap->Packet),
|
||||||
sizeof (IP6_CLIP_INFO)
|
sizeof (IP6_CLIP_INFO)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
*Netbuf = Packet;
|
*Netbuf = Packet;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -688,73 +707,72 @@ ON_EXIT:
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
The IP6 input routine. It is called by the IP6_INTERFACE when an
|
Pre-process the IPv6 packet. First validates the IPv6 packet, and
|
||||||
IP6 fragment is received from MNP.
|
then reassembles packet if it is necessary.
|
||||||
|
|
||||||
@param[in] Packet The IP6 packet received.
|
@param[in] IpSb The IP6 service instance.
|
||||||
@param[in] IoStatus The return status of receive request.
|
@param[in, out] Packet The received IP6 packet to be processed.
|
||||||
@param[in] Flag The link layer flag for the packet received, such
|
@param[in] Flag The link layer flag for the packet received, such
|
||||||
as multicast.
|
as multicast.
|
||||||
@param[in] Context The IP6 service instance that owns the MNP.
|
@param[out] Payload The pointer to the payload of the recieved packet.
|
||||||
|
it starts from the first byte of the extension header.
|
||||||
|
@param[out] LastHead The pointer of NextHeader of the last extension
|
||||||
|
header processed by IP6.
|
||||||
|
@param[out] ExtHdrsLen The length of the whole option.
|
||||||
|
@param[out] UnFragmentLen The length of unfragmented length of extension headers.
|
||||||
|
@param[out] Fragmented Indicate whether the packet is fragmented.
|
||||||
|
@param[out] Head The pointer to the EFI_IP6_Header.
|
||||||
|
|
||||||
|
@retval EFI_SUCCESS The received packet is well format.
|
||||||
|
@retval EFI_INVALID_PARAMETER The received packet is malformed.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
VOID
|
EFI_STATUS
|
||||||
Ip6AcceptFrame (
|
Ip6PreProcessPacket (
|
||||||
IN NET_BUF *Packet,
|
IN IP6_SERVICE *IpSb,
|
||||||
IN EFI_STATUS IoStatus,
|
IN OUT NET_BUF **Packet,
|
||||||
IN UINT32 Flag,
|
IN UINT32 Flag,
|
||||||
IN VOID *Context
|
OUT UINT8 **Payload,
|
||||||
|
OUT UINT8 **LastHead,
|
||||||
|
OUT UINT32 *ExtHdrsLen,
|
||||||
|
OUT UINT32 *UnFragmentLen,
|
||||||
|
OUT BOOLEAN *Fragmented,
|
||||||
|
OUT EFI_IP6_HEADER **Head
|
||||||
|
|
||||||
|
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
IP6_SERVICE *IpSb;
|
|
||||||
IP6_CLIP_INFO *Info;
|
|
||||||
EFI_IP6_HEADER *Head;
|
|
||||||
UINT16 PayloadLen;
|
UINT16 PayloadLen;
|
||||||
UINT8 *Payload;
|
|
||||||
UINT16 TotalLen;
|
UINT16 TotalLen;
|
||||||
UINT8 *LastHead;
|
|
||||||
UINT32 FormerHeadOffset;
|
UINT32 FormerHeadOffset;
|
||||||
UINT32 UnFragmentLen;
|
|
||||||
UINT32 ExtHdrsLen;
|
|
||||||
UINT32 HeadLen;
|
UINT32 HeadLen;
|
||||||
BOOLEAN Fragmented;
|
|
||||||
IP6_FRAGMENT_HEADER *FragmentHead;
|
IP6_FRAGMENT_HEADER *FragmentHead;
|
||||||
UINT16 FragmentOffset;
|
UINT16 FragmentOffset;
|
||||||
EFI_STATUS Status;
|
IP6_CLIP_INFO *Info;
|
||||||
EFI_IPv6_ADDRESS Loopback;
|
EFI_IPv6_ADDRESS Loopback;
|
||||||
|
|
||||||
IpSb = (IP6_SERVICE *) Context;
|
HeadLen = 0;
|
||||||
NET_CHECK_SIGNATURE (IpSb, IP6_SERVICE_SIGNATURE);
|
PayloadLen = 0;
|
||||||
|
|
||||||
Payload = NULL;
|
|
||||||
|
|
||||||
//
|
|
||||||
// Check input parameters
|
|
||||||
//
|
|
||||||
if (EFI_ERROR (IoStatus) || (IpSb->State == IP6_SERVICE_DESTROY)) {
|
|
||||||
goto Drop;
|
|
||||||
}
|
|
||||||
|
|
||||||
//
|
//
|
||||||
// Check whether the input packet is a valid packet
|
// Check whether the input packet is a valid packet
|
||||||
//
|
//
|
||||||
if (Packet->TotalSize < IP6_MIN_HEADLEN) {
|
if ((*Packet)->TotalSize < IP6_MIN_HEADLEN) {
|
||||||
goto Restart;
|
return EFI_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Get header information of the packet.
|
// Get header information of the packet.
|
||||||
//
|
//
|
||||||
Head = (EFI_IP6_HEADER *) NetbufGetByte (Packet, 0, NULL);
|
*Head = (EFI_IP6_HEADER *) NetbufGetByte (*Packet, 0, NULL);
|
||||||
if (Head == NULL) {
|
if (*Head == NULL) {
|
||||||
goto Restart;
|
return EFI_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Multicast addresses must not be used as source addresses in IPv6 packets.
|
// Multicast addresses must not be used as source addresses in IPv6 packets.
|
||||||
//
|
//
|
||||||
if ((Head->Version != 6) || (IP6_IS_MULTICAST (&Head->SourceAddress))) {
|
if (((*Head)->Version != 6) || (IP6_IS_MULTICAST (&(*Head)->SourceAddress))) {
|
||||||
goto Restart;
|
return EFI_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
|
@ -762,20 +780,20 @@ Ip6AcceptFrame (
|
||||||
//
|
//
|
||||||
ZeroMem (&Loopback, sizeof (EFI_IPv6_ADDRESS));
|
ZeroMem (&Loopback, sizeof (EFI_IPv6_ADDRESS));
|
||||||
Loopback.Addr[15] = 0x1;
|
Loopback.Addr[15] = 0x1;
|
||||||
if ((CompareMem (&Loopback, &Head->DestinationAddress, sizeof (EFI_IPv6_ADDRESS)) == 0) ||
|
if ((CompareMem (&Loopback, &(*Head)->DestinationAddress, sizeof (EFI_IPv6_ADDRESS)) == 0) ||
|
||||||
(NetIp6IsUnspecifiedAddr (&Head->DestinationAddress))) {
|
(NetIp6IsUnspecifiedAddr (&(*Head)->DestinationAddress))) {
|
||||||
goto Restart;
|
return EFI_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Convert the IP header to host byte order.
|
// Convert the IP header to host byte order.
|
||||||
//
|
//
|
||||||
Packet->Ip.Ip6 = Ip6NtohHead (Head);
|
(*Packet)->Ip.Ip6 = Ip6NtohHead (*Head);
|
||||||
|
|
||||||
//
|
//
|
||||||
// Get the per packet info.
|
// Get the per packet info.
|
||||||
//
|
//
|
||||||
Info = IP6_GET_CLIP_INFO (Packet);
|
Info = IP6_GET_CLIP_INFO (*Packet);
|
||||||
Info->LinkFlag = Flag;
|
Info->LinkFlag = Flag;
|
||||||
Info->CastType = 0;
|
Info->CastType = 0;
|
||||||
|
|
||||||
|
@ -783,10 +801,10 @@ Ip6AcceptFrame (
|
||||||
Info->CastType = Ip6Promiscuous;
|
Info->CastType = Ip6Promiscuous;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (Ip6IsOneOfSetAddress (IpSb, &Head->DestinationAddress, NULL, NULL)) {
|
if (Ip6IsOneOfSetAddress (IpSb, &(*Head)->DestinationAddress, NULL, NULL)) {
|
||||||
Info->CastType = Ip6Unicast;
|
Info->CastType = Ip6Unicast;
|
||||||
} else if (IP6_IS_MULTICAST (&Head->DestinationAddress)) {
|
} else if (IP6_IS_MULTICAST (&(*Head)->DestinationAddress)) {
|
||||||
if (Ip6FindMldEntry (IpSb, &Head->DestinationAddress) != NULL) {
|
if (Ip6FindMldEntry (IpSb, &(*Head)->DestinationAddress) != NULL) {
|
||||||
Info->CastType = Ip6Multicast;
|
Info->CastType = Ip6Multicast;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -795,11 +813,11 @@ Ip6AcceptFrame (
|
||||||
// Drop the packet that is not delivered to us.
|
// Drop the packet that is not delivered to us.
|
||||||
//
|
//
|
||||||
if (Info->CastType == 0) {
|
if (Info->CastType == 0) {
|
||||||
goto Restart;
|
return EFI_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
PayloadLen = Head->PayloadLength;
|
PayloadLen = (*Head)->PayloadLength;
|
||||||
|
|
||||||
Info->Start = 0;
|
Info->Start = 0;
|
||||||
Info->Length = PayloadLen;
|
Info->Length = PayloadLen;
|
||||||
|
@ -813,52 +831,51 @@ Ip6AcceptFrame (
|
||||||
//
|
//
|
||||||
// Mnp may deliver frame trailer sequence up, trim it off.
|
// Mnp may deliver frame trailer sequence up, trim it off.
|
||||||
//
|
//
|
||||||
if (TotalLen < Packet->TotalSize) {
|
if (TotalLen < (*Packet)->TotalSize) {
|
||||||
NetbufTrim (Packet, Packet->TotalSize - TotalLen, FALSE);
|
NetbufTrim (*Packet, (*Packet)->TotalSize - TotalLen, FALSE);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (TotalLen != Packet->TotalSize) {
|
if (TotalLen != (*Packet)->TotalSize) {
|
||||||
goto Restart;
|
return EFI_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Check the extension headers, if exist validate them
|
// Check the extension headers, if exist validate them
|
||||||
//
|
//
|
||||||
if (PayloadLen != 0) {
|
if (PayloadLen != 0) {
|
||||||
Payload = AllocatePool ((UINTN) PayloadLen);
|
*Payload = AllocatePool ((UINTN) PayloadLen);
|
||||||
if (Payload == NULL) {
|
if (*Payload == NULL) {
|
||||||
goto Restart;
|
return EFI_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
NetbufCopy (Packet, sizeof (EFI_IP6_HEADER), PayloadLen, Payload);
|
NetbufCopy (*Packet, sizeof (EFI_IP6_HEADER), PayloadLen, *Payload);
|
||||||
}
|
}
|
||||||
|
|
||||||
LastHead = NULL;
|
|
||||||
if (!Ip6IsExtsValid (
|
if (!Ip6IsExtsValid (
|
||||||
IpSb,
|
IpSb,
|
||||||
Packet,
|
*Packet,
|
||||||
&Head->NextHeader,
|
&(*Head)->NextHeader,
|
||||||
Payload,
|
*Payload,
|
||||||
(UINT32) PayloadLen,
|
(UINT32) PayloadLen,
|
||||||
TRUE,
|
TRUE,
|
||||||
&FormerHeadOffset,
|
&FormerHeadOffset,
|
||||||
&LastHead,
|
LastHead,
|
||||||
&ExtHdrsLen,
|
ExtHdrsLen,
|
||||||
&UnFragmentLen,
|
UnFragmentLen,
|
||||||
&Fragmented
|
Fragmented
|
||||||
)) {
|
)) {
|
||||||
goto Restart;
|
return EFI_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
HeadLen = sizeof (EFI_IP6_HEADER) + UnFragmentLen;
|
HeadLen = sizeof (EFI_IP6_HEADER) + *UnFragmentLen;
|
||||||
|
|
||||||
if (Fragmented) {
|
if (*Fragmented) {
|
||||||
//
|
//
|
||||||
// Get the fragment offset from the Fragment header
|
// Get the fragment offset from the Fragment header
|
||||||
//
|
//
|
||||||
FragmentHead = (IP6_FRAGMENT_HEADER *) NetbufGetByte (Packet, HeadLen, NULL);
|
FragmentHead = (IP6_FRAGMENT_HEADER *) NetbufGetByte (*Packet, HeadLen, NULL);
|
||||||
if (FragmentHead == NULL) {
|
if (FragmentHead == NULL) {
|
||||||
goto Restart;
|
return EFI_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
FragmentOffset = NTOHS (FragmentHead->FragmentOffset);
|
FragmentOffset = NTOHS (FragmentHead->FragmentOffset);
|
||||||
|
@ -888,49 +905,49 @@ Ip6AcceptFrame (
|
||||||
// Fragments should in the unit of 8 octets long except the last one.
|
// Fragments should in the unit of 8 octets long except the last one.
|
||||||
//
|
//
|
||||||
if ((Info->LastFrag == 0) && (Info->Length % 8 != 0)) {
|
if ((Info->LastFrag == 0) && (Info->Length % 8 != 0)) {
|
||||||
goto Restart;
|
return EFI_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Reassemble the packet.
|
// Reassemble the packet.
|
||||||
//
|
//
|
||||||
Packet = Ip6Reassemble (&IpSb->Assemble, Packet);
|
*Packet = Ip6Reassemble (&IpSb->Assemble, *Packet);
|
||||||
if (Packet == NULL) {
|
if (*Packet == NULL) {
|
||||||
goto Restart;
|
return EFI_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Re-check the assembled packet to get the right values.
|
// Re-check the assembled packet to get the right values.
|
||||||
//
|
//
|
||||||
Head = Packet->Ip.Ip6;
|
*Head = (*Packet)->Ip.Ip6;
|
||||||
PayloadLen = Head->PayloadLength;
|
PayloadLen = (*Head)->PayloadLength;
|
||||||
if (PayloadLen != 0) {
|
if (PayloadLen != 0) {
|
||||||
if (Payload != NULL) {
|
if (*Payload != NULL) {
|
||||||
FreePool (Payload);
|
FreePool (*Payload);
|
||||||
}
|
}
|
||||||
|
|
||||||
Payload = AllocatePool ((UINTN) PayloadLen);
|
*Payload = AllocatePool ((UINTN) PayloadLen);
|
||||||
if (Payload == NULL) {
|
if (*Payload == NULL) {
|
||||||
goto Restart;
|
return EFI_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
NetbufCopy (Packet, sizeof (EFI_IP6_HEADER), PayloadLen, Payload);
|
NetbufCopy (*Packet, sizeof (EFI_IP6_HEADER), PayloadLen, *Payload);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!Ip6IsExtsValid (
|
if (!Ip6IsExtsValid (
|
||||||
IpSb,
|
IpSb,
|
||||||
Packet,
|
*Packet,
|
||||||
&Head->NextHeader,
|
&(*Head)->NextHeader,
|
||||||
Payload,
|
*Payload,
|
||||||
(UINT32) PayloadLen,
|
(UINT32) PayloadLen,
|
||||||
TRUE,
|
TRUE,
|
||||||
NULL,
|
NULL,
|
||||||
&LastHead,
|
LastHead,
|
||||||
&ExtHdrsLen,
|
ExtHdrsLen,
|
||||||
&UnFragmentLen,
|
UnFragmentLen,
|
||||||
&Fragmented
|
Fragmented
|
||||||
)) {
|
)) {
|
||||||
goto Restart;
|
return EFI_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -938,30 +955,109 @@ Ip6AcceptFrame (
|
||||||
// Trim the head off, after this point, the packet is headless.
|
// Trim the head off, after this point, the packet is headless.
|
||||||
// and Packet->TotalLen == Info->Length.
|
// and Packet->TotalLen == Info->Length.
|
||||||
//
|
//
|
||||||
NetbufTrim (Packet, sizeof (EFI_IP6_HEADER) + ExtHdrsLen, TRUE);
|
NetbufTrim (*Packet, sizeof (EFI_IP6_HEADER) + *ExtHdrsLen, TRUE);
|
||||||
|
|
||||||
|
return EFI_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
The IP6 input routine. It is called by the IP6_INTERFACE when an
|
||||||
|
IP6 fragment is received from MNP.
|
||||||
|
|
||||||
|
@param[in] Packet The IP6 packet received.
|
||||||
|
@param[in] IoStatus The return status of receive request.
|
||||||
|
@param[in] Flag The link layer flag for the packet received, such
|
||||||
|
as multicast.
|
||||||
|
@param[in] Context The IP6 service instance that owns the MNP.
|
||||||
|
|
||||||
|
**/
|
||||||
|
VOID
|
||||||
|
Ip6AcceptFrame (
|
||||||
|
IN NET_BUF *Packet,
|
||||||
|
IN EFI_STATUS IoStatus,
|
||||||
|
IN UINT32 Flag,
|
||||||
|
IN VOID *Context
|
||||||
|
)
|
||||||
|
{
|
||||||
|
IP6_SERVICE *IpSb;
|
||||||
|
EFI_IP6_HEADER *Head;
|
||||||
|
UINT8 *Payload;
|
||||||
|
UINT8 *LastHead;
|
||||||
|
UINT32 UnFragmentLen;
|
||||||
|
UINT32 ExtHdrsLen;
|
||||||
|
BOOLEAN Fragmented;
|
||||||
|
EFI_STATUS Status;
|
||||||
|
EFI_IP6_HEADER ZeroHead;
|
||||||
|
|
||||||
|
IpSb = (IP6_SERVICE *) Context;
|
||||||
|
NET_CHECK_SIGNATURE (IpSb, IP6_SERVICE_SIGNATURE);
|
||||||
|
|
||||||
|
Payload = NULL;
|
||||||
|
LastHead = NULL;
|
||||||
|
|
||||||
|
//
|
||||||
|
// Check input parameters
|
||||||
|
//
|
||||||
|
if (EFI_ERROR (IoStatus) || (IpSb->State == IP6_SERVICE_DESTROY)) {
|
||||||
|
goto Drop;
|
||||||
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// Pre-Process the Ipv6 Packet and then reassemble if it is necessary.
|
||||||
|
//
|
||||||
|
Status = Ip6PreProcessPacket (
|
||||||
|
IpSb,
|
||||||
|
&Packet,
|
||||||
|
Flag,
|
||||||
|
&Payload,
|
||||||
|
&LastHead,
|
||||||
|
&ExtHdrsLen,
|
||||||
|
&UnFragmentLen,
|
||||||
|
&Fragmented,
|
||||||
|
&Head
|
||||||
|
);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
goto Restart;
|
||||||
|
}
|
||||||
//
|
//
|
||||||
// After trim off, the packet is a esp/ah/udp/tcp/icmp6 net buffer,
|
// After trim off, the packet is a esp/ah/udp/tcp/icmp6 net buffer,
|
||||||
// and no need consider any other ahead ext headers.
|
// and no need consider any other ahead ext headers.
|
||||||
//
|
//
|
||||||
Status = Ip6IpSecProcessPacket (
|
Status = Ip6IpSecProcessPacket (
|
||||||
IpSb,
|
IpSb,
|
||||||
Head,
|
&Head,
|
||||||
LastHead, // need get the lasthead value for input
|
LastHead, // need get the lasthead value for input
|
||||||
&Packet,
|
&Packet,
|
||||||
NULL,
|
&Payload,
|
||||||
0,
|
&ExtHdrsLen,
|
||||||
EfiIPsecInBound,
|
EfiIPsecInBound,
|
||||||
NULL
|
NULL
|
||||||
);
|
);
|
||||||
|
|
||||||
if (EFI_ERROR(Status)) {
|
if (EFI_ERROR (Status)) {
|
||||||
goto Restart;
|
goto Restart;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// TODO: may check the last head again, the same as the output routine
|
// If the packet is protected by IPsec Tunnel Mode, Check the Inner Ip Packet.
|
||||||
//
|
//
|
||||||
|
ZeroMem (&ZeroHead, sizeof (EFI_IP6_HEADER));
|
||||||
|
if (0 == CompareMem (Head, &ZeroHead, sizeof (EFI_IP6_HEADER))) {
|
||||||
|
Status = Ip6PreProcessPacket (
|
||||||
|
IpSb,
|
||||||
|
&Packet,
|
||||||
|
Flag,
|
||||||
|
&Payload,
|
||||||
|
&LastHead,
|
||||||
|
&ExtHdrsLen,
|
||||||
|
&UnFragmentLen,
|
||||||
|
&Fragmented,
|
||||||
|
&Head
|
||||||
|
);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
goto Restart;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Packet may have been changed. The ownership of the packet
|
// Packet may have been changed. The ownership of the packet
|
||||||
|
|
|
@ -137,39 +137,39 @@ Ip6InstanceDeliverPacket (
|
||||||
);
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
The work function to locate IPsec protocol to process the inbound or
|
The work function to locate the IPsec protocol to process the inbound or
|
||||||
outbound IP packets. The process routine handls the packet with the following
|
outbound IP packets. The process routine handles the packet with the following
|
||||||
actions: bypass the packet, discard the packet, or protect the packet.
|
actions: bypass the packet, discard the packet, or protect the packet.
|
||||||
|
|
||||||
@param[in] IpSb The IP6 service instance.
|
@param[in] IpSb The IP6 service instance.
|
||||||
@param[in] Head The caller supplied IP6 header.
|
@param[in, out] Head The caller-supplied IP6 header.
|
||||||
@param[in, out] LastHead The next header field of last IP header.
|
@param[in, out] LastHead The next header field of last IP header.
|
||||||
@param[in, out] Netbuf The IP6 packet to be processed by IPsec.
|
@param[in, out] Netbuf The IP6 packet to be processed by IPsec.
|
||||||
@param[in] ExtHdrs The caller supplied options.
|
@param[in, out] ExtHdrs The caller-supplied options.
|
||||||
@param[in] ExtHdrsLen The length of the option.
|
@param[in, out] ExtHdrsLen The length of the option.
|
||||||
@param[in] Direction The directionality in an SPD entry,
|
@param[in] Direction The directionality in an SPD entry,
|
||||||
EfiIPsecInBound or EfiIPsecOutBound.
|
EfiIPsecInBound, or EfiIPsecOutBound.
|
||||||
@param[in] Context The token's wrap.
|
@param[in] Context The token's wrap.
|
||||||
|
|
||||||
@retval EFI_SUCCESS The IPsec protocol is not available or disabled.
|
@retval EFI_SUCCESS The IPsec protocol is not available or disabled.
|
||||||
@retval EFI_SUCCESS The packet was bypassed and all buffers remain the same.
|
@retval EFI_SUCCESS The packet was bypassed, and all buffers remain the same.
|
||||||
@retval EFI_SUCCESS The packet was protected.
|
@retval EFI_SUCCESS The packet was protected.
|
||||||
@retval EFI_ACCESS_DENIED The packet was discarded.
|
@retval EFI_ACCESS_DENIED The packet was discarded.
|
||||||
@retval EFI_OUT_OF_RESOURCES There are not suffcient resources to complete the operation.
|
@retval EFI_OUT_OF_RESOURCES There are not suffcient resources to complete the operation.
|
||||||
@retval EFI_BUFFER_TOO_SMALL The number of non-empty block is bigger than the
|
@retval EFI_BUFFER_TOO_SMALL The number of non-empty blocks is bigger than the
|
||||||
number of input data blocks when building a fragment table.
|
number of input data blocks when building a fragment table.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
EFI_STATUS
|
EFI_STATUS
|
||||||
Ip6IpSecProcessPacket (
|
Ip6IpSecProcessPacket (
|
||||||
IN IP6_SERVICE *IpSb,
|
IN IP6_SERVICE *IpSb,
|
||||||
IN EFI_IP6_HEADER *Head,
|
IN OUT EFI_IP6_HEADER **Head,
|
||||||
IN OUT UINT8 *LastHead,
|
IN OUT UINT8 *LastHead,
|
||||||
IN OUT NET_BUF **Netbuf,
|
IN OUT NET_BUF **Netbuf,
|
||||||
IN VOID *ExtHdrs,
|
IN OUT UINT8 **ExtHdrs,
|
||||||
IN UINT32 ExtHdrsLen,
|
IN OUT UINT32 *ExtHdrsLen,
|
||||||
IN EFI_IPSEC_TRAFFIC_DIR Direction,
|
IN EFI_IPSEC_TRAFFIC_DIR Direction,
|
||||||
IN VOID *Context
|
IN VOID *Context
|
||||||
);
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -638,11 +638,11 @@ Ip6Output (
|
||||||
|
|
||||||
Status = Ip6IpSecProcessPacket (
|
Status = Ip6IpSecProcessPacket (
|
||||||
IpSb,
|
IpSb,
|
||||||
Head,
|
&Head,
|
||||||
LastHeader, // no need get the lasthead value for output
|
LastHeader, // no need get the lasthead value for output
|
||||||
&Packet,
|
&Packet,
|
||||||
ExtHdrs,
|
&ExtHdrs,
|
||||||
ExtHdrsLen,
|
&ExtHdrsLen,
|
||||||
EfiIPsecOutBound,
|
EfiIPsecOutBound,
|
||||||
Context
|
Context
|
||||||
);
|
);
|
||||||
|
|
|
@ -2365,7 +2365,7 @@ EfiIpSecConfigGetNextSelector (
|
||||||
NET_LIST_FOR_EACH (Link, &mConfigData[DataType]) {
|
NET_LIST_FOR_EACH (Link, &mConfigData[DataType]) {
|
||||||
CommonEntry = BASE_CR (Link, IPSEC_COMMON_POLICY_ENTRY, List);
|
CommonEntry = BASE_CR (Link, IPSEC_COMMON_POLICY_ENTRY, List);
|
||||||
|
|
||||||
if (IsFound || mIsZeroSelector[DataType](Selector)) {
|
if (IsFound || (BOOLEAN)(mIsZeroSelector[DataType](Selector))) {
|
||||||
//
|
//
|
||||||
// If found the appointed entry, then duplicate the next one and return,
|
// If found the appointed entry, then duplicate the next one and return,
|
||||||
// or if the appointed entry is zero, then return the first one directly.
|
// or if the appointed entry is zero, then return the first one directly.
|
||||||
|
|
|
@ -18,15 +18,15 @@
|
||||||
// Alogrithm's informations for the Encrypt/Decrpt Alogrithm.
|
// Alogrithm's informations for the Encrypt/Decrpt Alogrithm.
|
||||||
//
|
//
|
||||||
ENCRYPT_ALGORITHM mIpsecEncryptAlgorithmList[IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE] = {
|
ENCRYPT_ALGORITHM mIpsecEncryptAlgorithmList[IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE] = {
|
||||||
{EFI_IPSEC_EALG_NULL, 0, 0, 1, NULL, NULL, NULL, NULL},
|
{IKE_EALG_NULL, 0, 0, 1, NULL, NULL, NULL, NULL},
|
||||||
{(UINT8)-1, 0, 0, 0, NULL, NULL, NULL, NULL}
|
{(UINT8)-1, 0, 0, 0, NULL, NULL, NULL, NULL}
|
||||||
};
|
};
|
||||||
//
|
//
|
||||||
// Alogrithm's informations for the Authentication algorithm
|
// Alogrithm's informations for the Authentication algorithm
|
||||||
//
|
//
|
||||||
AUTH_ALGORITHM mIpsecAuthAlgorithmList[IPSEC_AUTH_ALGORITHM_LIST_SIZE] = {
|
AUTH_ALGORITHM mIpsecAuthAlgorithmList[IPSEC_AUTH_ALGORITHM_LIST_SIZE] = {
|
||||||
{EFI_IPSEC_AALG_NONE, 0, 0, 0, NULL, NULL, NULL, NULL},
|
{IKE_AALG_NONE, 0, 0, 0, NULL, NULL, NULL, NULL},
|
||||||
{EFI_IPSEC_AALG_NULL, 0, 0, 0, NULL, NULL, NULL, NULL},
|
{IKE_AALG_NULL, 0, 0, 0, NULL, NULL, NULL, NULL},
|
||||||
{(UINT8)-1, 0, 0, 0, NULL, NULL, NULL, NULL}
|
{(UINT8)-1, 0, 0, 0, NULL, NULL, NULL, NULL}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -22,6 +22,23 @@
|
||||||
#define IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE 2
|
#define IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE 2
|
||||||
#define IPSEC_AUTH_ALGORITHM_LIST_SIZE 3
|
#define IPSEC_AUTH_ALGORITHM_LIST_SIZE 3
|
||||||
|
|
||||||
|
///
|
||||||
|
/// Authentication Algorithm Definition
|
||||||
|
/// The number value definition is aligned to IANA assignment
|
||||||
|
///
|
||||||
|
#define IKE_AALG_NONE 0x00
|
||||||
|
#define IKE_AALG_SHA1HMAC 0x02
|
||||||
|
#define IKE_AALG_NULL 0xFB
|
||||||
|
|
||||||
|
///
|
||||||
|
/// Encryption Algorithm Definition
|
||||||
|
/// The number value definition is aligned to IANA assignment
|
||||||
|
///
|
||||||
|
#define IKE_EALG_NONE 0x00
|
||||||
|
#define IKE_EALG_3DESCBC 0x03
|
||||||
|
#define IKE_EALG_NULL 0x0B
|
||||||
|
#define IKE_EALG_AESCBC 0x0C
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Prototype of Hash GetContextSize.
|
Prototype of Hash GetContextSize.
|
||||||
|
|
||||||
|
|
|
@ -174,7 +174,7 @@ IpSecDriverEntryPoint (
|
||||||
{
|
{
|
||||||
EFI_STATUS Status;
|
EFI_STATUS Status;
|
||||||
IPSEC_PRIVATE_DATA *Private;
|
IPSEC_PRIVATE_DATA *Private;
|
||||||
EFI_IPSEC_PROTOCOL *IpSec;
|
EFI_IPSEC2_PROTOCOL *IpSec;
|
||||||
|
|
||||||
//
|
//
|
||||||
// Check whether ipsec protocol has already been installed.
|
// Check whether ipsec protocol has already been installed.
|
||||||
|
@ -218,7 +218,7 @@ IpSecDriverEntryPoint (
|
||||||
|
|
||||||
Private->Signature = IPSEC_PRIVATE_DATA_SIGNATURE;
|
Private->Signature = IPSEC_PRIVATE_DATA_SIGNATURE;
|
||||||
Private->ImageHandle = ImageHandle;
|
Private->ImageHandle = ImageHandle;
|
||||||
CopyMem (&Private->IpSec, &mIpSecInstance, sizeof (EFI_IPSEC_PROTOCOL));
|
CopyMem (&Private->IpSec, &mIpSecInstance, sizeof (EFI_IPSEC2_PROTOCOL));
|
||||||
|
|
||||||
//
|
//
|
||||||
// Initilize Private's members. Thess members is used for IKE.
|
// Initilize Private's members. Thess members is used for IKE.
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
|
|
||||||
#include "IpSecConfigImpl.h"
|
#include "IpSecConfigImpl.h"
|
||||||
|
|
||||||
EFI_IPSEC_PROTOCOL mIpSecInstance = { IpSecProcess, NULL, TRUE };
|
EFI_IPSEC2_PROTOCOL mIpSecInstance = { IpSecProcess, NULL, TRUE };
|
||||||
|
|
||||||
extern LIST_ENTRY mConfigData[IPsecConfigDataTypeMaximum];
|
extern LIST_ENTRY mConfigData[IPsecConfigDataTypeMaximum];
|
||||||
|
|
||||||
|
@ -656,11 +656,11 @@ IpSecLookupSpdEntry (
|
||||||
@param[in] NicHandle Instance of the network interface.
|
@param[in] NicHandle Instance of the network interface.
|
||||||
@param[in] IpVersion IPV4 or IPV6.
|
@param[in] IpVersion IPV4 or IPV6.
|
||||||
@param[in, out] IpHead Pointer to the IP Header.
|
@param[in, out] IpHead Pointer to the IP Header.
|
||||||
@param[in] LastHead The protocol of the next layer to be processed by IPsec.
|
@param[in, out] LastHead The protocol of the next layer to be processed by IPsec.
|
||||||
@param[in] OptionsBuffer Pointer to the options buffer.
|
@param[in, out] OptionsBuffer Pointer to the options buffer.
|
||||||
@param[in] OptionsLength Length of the options buffer.
|
@param[in, out] OptionsLength Length of the options buffer.
|
||||||
@param[in, out] FragmentTable Pointer to a list of fragments.
|
@param[in, out] FragmentTable Pointer to a list of fragments.
|
||||||
@param[in] FragmentCount Number of fragments.
|
@param[in, out] FragmentCount Number of fragments.
|
||||||
@param[in] TrafficDirection Traffic direction.
|
@param[in] TrafficDirection Traffic direction.
|
||||||
@param[out] RecycleSignal Event for recycling of resources.
|
@param[out] RecycleSignal Event for recycling of resources.
|
||||||
|
|
||||||
|
@ -672,15 +672,15 @@ IpSecLookupSpdEntry (
|
||||||
EFI_STATUS
|
EFI_STATUS
|
||||||
EFIAPI
|
EFIAPI
|
||||||
IpSecProcess (
|
IpSecProcess (
|
||||||
IN EFI_IPSEC_PROTOCOL *This,
|
IN EFI_IPSEC2_PROTOCOL *This,
|
||||||
IN EFI_HANDLE NicHandle,
|
IN EFI_HANDLE NicHandle,
|
||||||
IN UINT8 IpVersion,
|
IN UINT8 IpVersion,
|
||||||
IN OUT VOID *IpHead,
|
IN OUT VOID *IpHead,
|
||||||
IN UINT8 *LastHead,
|
IN OUT UINT8 *LastHead,
|
||||||
IN VOID *OptionsBuffer,
|
IN OUT VOID **OptionsBuffer,
|
||||||
IN UINT32 OptionsLength,
|
IN OUT UINT32 *OptionsLength,
|
||||||
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
||||||
IN UINT32 *FragmentCount,
|
IN OUT UINT32 *FragmentCount,
|
||||||
IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection,
|
IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection,
|
||||||
OUT EFI_EVENT *RecycleSignal
|
OUT EFI_EVENT *RecycleSignal
|
||||||
)
|
)
|
||||||
|
|
|
@ -88,16 +88,19 @@ struct _IPSEC_SPD_ENTRY {
|
||||||
};
|
};
|
||||||
|
|
||||||
typedef struct _IPSEC_SAD_DATA {
|
typedef struct _IPSEC_SAD_DATA {
|
||||||
EFI_IPSEC_MODE Mode;
|
EFI_IPSEC_MODE Mode;
|
||||||
UINT64 SequenceNumber;
|
UINT64 SequenceNumber;
|
||||||
UINT8 AntiReplayWindowSize;
|
UINT8 AntiReplayWindowSize;
|
||||||
UINT64 AntiReplayBitmap[4]; // bitmap for received packet
|
UINT64 AntiReplayBitmap[4]; // bitmap for received packet
|
||||||
EFI_IPSEC_ALGO_INFO AlgoInfo;
|
EFI_IPSEC_ALGO_INFO AlgoInfo;
|
||||||
EFI_IPSEC_SA_LIFETIME SaLifetime;
|
EFI_IPSEC_SA_LIFETIME SaLifetime;
|
||||||
UINT32 PathMTU;
|
UINT32 PathMTU;
|
||||||
IPSEC_SPD_ENTRY *SpdEntry;
|
IPSEC_SPD_ENTRY *SpdEntry;
|
||||||
BOOLEAN ESNEnabled; // Extended (64-bit) SN enabled
|
EFI_IPSEC_SPD_SELECTOR *SpdSelector;
|
||||||
BOOLEAN ManualSet;
|
BOOLEAN ESNEnabled; // Extended (64-bit) SN enabled
|
||||||
|
BOOLEAN ManualSet;
|
||||||
|
EFI_IP_ADDRESS TunnelDestAddress;
|
||||||
|
EFI_IP_ADDRESS TunnelSourceAddress;
|
||||||
} IPSEC_SAD_DATA;
|
} IPSEC_SAD_DATA;
|
||||||
|
|
||||||
typedef struct _IPSEC_SAD_ENTRY {
|
typedef struct _IPSEC_SAD_ENTRY {
|
||||||
|
@ -122,7 +125,7 @@ struct _IPSEC_PRIVATE_DATA {
|
||||||
UINT32 Signature;
|
UINT32 Signature;
|
||||||
EFI_HANDLE Handle; // Virtual handle to install private prtocol
|
EFI_HANDLE Handle; // Virtual handle to install private prtocol
|
||||||
EFI_HANDLE ImageHandle;
|
EFI_HANDLE ImageHandle;
|
||||||
EFI_IPSEC_PROTOCOL IpSec;
|
EFI_IPSEC2_PROTOCOL IpSec;
|
||||||
EFI_IPSEC_CONFIG_PROTOCOL IpSecConfig;
|
EFI_IPSEC_CONFIG_PROTOCOL IpSecConfig;
|
||||||
BOOLEAN SetBySelf;
|
BOOLEAN SetBySelf;
|
||||||
LIST_ENTRY Udp4List;
|
LIST_ENTRY Udp4List;
|
||||||
|
@ -146,13 +149,13 @@ struct _IPSEC_PRIVATE_DATA {
|
||||||
@param[in, out] IpHead Points to IP header containing the ESP/AH header
|
@param[in, out] IpHead Points to IP header containing the ESP/AH header
|
||||||
to be trimed on input, and without ESP/AH header
|
to be trimed on input, and without ESP/AH header
|
||||||
on return.
|
on return.
|
||||||
@param[in] LastHead The Last Header in IP header on return.
|
@param[out] LastHead The Last Header in IP header on return.
|
||||||
@param[in] OptionsBuffer Pointer to the options buffer. It is optional.
|
@param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
|
||||||
@param[in] OptionsLength Length of the options buffer. It is optional.
|
@param[in, out] OptionsLength Length of the options buffer. It is optional.
|
||||||
@param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec
|
@param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec
|
||||||
protected on input, and without IPsec protected
|
protected on input, and without IPsec protected
|
||||||
on return.
|
on return.
|
||||||
@param[in] FragmentCount Number of fragments.
|
@param[in, out] FragmentCount Number of fragments.
|
||||||
@param[out] SpdEntry Pointer to contain the address of SPD entry on return.
|
@param[out] SpdEntry Pointer to contain the address of SPD entry on return.
|
||||||
@param[out] RecycleEvent Event for recycling of resources.
|
@param[out] RecycleEvent Event for recycling of resources.
|
||||||
|
|
||||||
|
@ -164,11 +167,11 @@ EFI_STATUS
|
||||||
IpSecProtectInboundPacket (
|
IpSecProtectInboundPacket (
|
||||||
IN UINT8 IpVersion,
|
IN UINT8 IpVersion,
|
||||||
IN OUT VOID *IpHead,
|
IN OUT VOID *IpHead,
|
||||||
IN UINT8 *LastHead,
|
OUT UINT8 *LastHead,
|
||||||
IN VOID *OptionsBuffer, OPTIONAL
|
IN OUT VOID **OptionsBuffer, OPTIONAL
|
||||||
IN UINT32 OptionsLength, OPTIONAL
|
IN OUT UINT32 *OptionsLength, OPTIONAL
|
||||||
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
||||||
IN UINT32 *FragmentCount,
|
IN OUT UINT32 *FragmentCount,
|
||||||
OUT IPSEC_SPD_ENTRY **SpdEntry,
|
OUT IPSEC_SPD_ENTRY **SpdEntry,
|
||||||
OUT EFI_EVENT *RecycleEvent
|
OUT EFI_EVENT *RecycleEvent
|
||||||
);
|
);
|
||||||
|
@ -184,13 +187,13 @@ IpSecProtectInboundPacket (
|
||||||
@param[in, out] IpHead Point to IP header containing the orginal IP header
|
@param[in, out] IpHead Point to IP header containing the orginal IP header
|
||||||
to be processed on input, and inserted ESP/AH header
|
to be processed on input, and inserted ESP/AH header
|
||||||
on return.
|
on return.
|
||||||
@param[in] LastHead The Last Header in IP header.
|
@param[in, out] LastHead The Last Header in IP header.
|
||||||
@param[in] OptionsBuffer Pointer to the options buffer. It is optional.
|
@param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
|
||||||
@param[in] OptionsLength Length of the options buffer. It is optional.
|
@param[in, out] OptionsLength Length of the options buffer. It is optional.
|
||||||
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by
|
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by
|
||||||
IPsec on input, and with IPsec protected
|
IPsec on input, and with IPsec protected
|
||||||
on return.
|
on return.
|
||||||
@param[in] FragmentCount Number of fragments.
|
@param[in, out] FragmentCount Number of fragments.
|
||||||
@param[in] SadEntry Related SAD entry.
|
@param[in] SadEntry Related SAD entry.
|
||||||
@param[out] RecycleEvent Event for recycling of resources.
|
@param[out] RecycleEvent Event for recycling of resources.
|
||||||
|
|
||||||
|
@ -202,11 +205,11 @@ EFI_STATUS
|
||||||
IpSecProtectOutboundPacket (
|
IpSecProtectOutboundPacket (
|
||||||
IN UINT8 IpVersion,
|
IN UINT8 IpVersion,
|
||||||
IN OUT VOID *IpHead,
|
IN OUT VOID *IpHead,
|
||||||
IN UINT8 *LastHead,
|
IN OUT UINT8 *LastHead,
|
||||||
IN VOID *OptionsBuffer, OPTIONAL
|
IN OUT VOID **OptionsBuffer, OPTIONAL
|
||||||
IN UINT32 OptionsLength, OPTIONAL
|
IN OUT UINT32 *OptionsLength, OPTIONAL
|
||||||
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
||||||
IN UINT32 *FragmentCount,
|
IN OUT UINT32 *FragmentCount,
|
||||||
IN IPSEC_SAD_ENTRY *SadEntry,
|
IN IPSEC_SAD_ENTRY *SadEntry,
|
||||||
OUT EFI_EVENT *RecycleEvent
|
OUT EFI_EVENT *RecycleEvent
|
||||||
);
|
);
|
||||||
|
@ -274,11 +277,11 @@ IpSecLookupSadBySpi (
|
||||||
@param[in] NicHandle Instance of the network interface.
|
@param[in] NicHandle Instance of the network interface.
|
||||||
@param[in] IpVersion IPV4 or IPV6.
|
@param[in] IpVersion IPV4 or IPV6.
|
||||||
@param[in, out] IpHead Pointer to the IP Header.
|
@param[in, out] IpHead Pointer to the IP Header.
|
||||||
@param[in] LastHead The protocol of the next layer to be processed by IPsec.
|
@param[in, out] LastHead The protocol of the next layer to be processed by IPsec.
|
||||||
@param[in] OptionsBuffer Pointer to the options buffer.
|
@param[in, out] OptionsBuffer Pointer to the options buffer.
|
||||||
@param[in] OptionsLength Length of the options buffer.
|
@param[in, out] OptionsLength Length of the options buffer.
|
||||||
@param[in, out] FragmentTable Pointer to a list of fragments.
|
@param[in, out] FragmentTable Pointer to a list of fragments.
|
||||||
@param[in] FragmentCount Number of fragments.
|
@param[in, out] FragmentCount Number of fragments.
|
||||||
@param[in] TrafficDirection Traffic direction.
|
@param[in] TrafficDirection Traffic direction.
|
||||||
@param[out] RecycleSignal Event for recycling of resources.
|
@param[out] RecycleSignal Event for recycling of resources.
|
||||||
|
|
||||||
|
@ -290,21 +293,21 @@ IpSecLookupSadBySpi (
|
||||||
EFI_STATUS
|
EFI_STATUS
|
||||||
EFIAPI
|
EFIAPI
|
||||||
IpSecProcess (
|
IpSecProcess (
|
||||||
IN EFI_IPSEC_PROTOCOL *This,
|
IN EFI_IPSEC2_PROTOCOL *This,
|
||||||
IN EFI_HANDLE NicHandle,
|
IN EFI_HANDLE NicHandle,
|
||||||
IN UINT8 IpVersion,
|
IN UINT8 IpVersion,
|
||||||
IN OUT VOID *IpHead,
|
IN OUT VOID *IpHead,
|
||||||
IN UINT8 *LastHead,
|
IN OUT UINT8 *LastHead,
|
||||||
IN VOID *OptionsBuffer,
|
IN OUT VOID **OptionsBuffer,
|
||||||
IN UINT32 OptionsLength,
|
IN OUT UINT32 *OptionsLength,
|
||||||
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
||||||
IN UINT32 *FragmentCount,
|
IN OUT UINT32 *FragmentCount,
|
||||||
IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection,
|
IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection,
|
||||||
OUT EFI_EVENT *RecycleSignal
|
OUT EFI_EVENT *RecycleSignal
|
||||||
);
|
);
|
||||||
|
|
||||||
extern EFI_DPC_PROTOCOL *mDpc;
|
extern EFI_DPC_PROTOCOL *mDpc;
|
||||||
extern EFI_IPSEC_PROTOCOL mIpSecInstance;
|
extern EFI_IPSEC2_PROTOCOL mIpSecInstance;
|
||||||
|
|
||||||
extern EFI_COMPONENT_NAME2_PROTOCOL gIpSecComponentName2;
|
extern EFI_COMPONENT_NAME2_PROTOCOL gIpSecComponentName2;
|
||||||
extern EFI_COMPONENT_NAME_PROTOCOL gIpSecComponentName;
|
extern EFI_COMPONENT_NAME_PROTOCOL gIpSecComponentName;
|
||||||
|
|
|
@ -124,8 +124,8 @@ IpSecAuthPayload (
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
switch (AuthAlgId) {
|
switch (AuthAlgId) {
|
||||||
case EFI_IPSEC_AALG_NONE :
|
case IKE_AALG_NONE :
|
||||||
case EFI_IPSEC_AALG_NULL :
|
case IKE_AALG_NULL :
|
||||||
return EFI_SUCCESS;
|
return EFI_SUCCESS;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
@ -222,15 +222,15 @@ IpSecEspDecryptPayload (
|
||||||
EFI_ESP_TAIL *EspTail;
|
EFI_ESP_TAIL *EspTail;
|
||||||
|
|
||||||
switch (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId) {
|
switch (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId) {
|
||||||
case EFI_IPSEC_EALG_NULL:
|
case IKE_EALG_NULL:
|
||||||
EspTail = (EFI_ESP_TAIL *) (PayloadBuffer + EncryptSize - sizeof (EFI_ESP_TAIL));
|
EspTail = (EFI_ESP_TAIL *) (PayloadBuffer + EncryptSize - sizeof (EFI_ESP_TAIL));
|
||||||
*PaddingSize = EspTail->PaddingLength;
|
*PaddingSize = EspTail->PaddingLength;
|
||||||
*NextHeader = EspTail->NextHeader;
|
*NextHeader = EspTail->NextHeader;
|
||||||
*PlainPayloadSize = EncryptSize - EspTail->PaddingLength - sizeof (EFI_ESP_TAIL);
|
*PlainPayloadSize = EncryptSize - EspTail->PaddingLength - sizeof (EFI_ESP_TAIL);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case EFI_IPSEC_EALG_3DESCBC:
|
case IKE_EALG_3DESCBC:
|
||||||
case EFI_IPSEC_EALG_AESCBC:
|
case IKE_EALG_AESCBC:
|
||||||
//
|
//
|
||||||
// TODO: support these algorithm
|
// TODO: support these algorithm
|
||||||
//
|
//
|
||||||
|
@ -269,11 +269,11 @@ IpSecEspEncryptPayload (
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
switch (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId) {
|
switch (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId) {
|
||||||
case EFI_IPSEC_EALG_NULL:
|
case IKE_EALG_NULL:
|
||||||
return EFI_SUCCESS;
|
return EFI_SUCCESS;
|
||||||
|
|
||||||
case EFI_IPSEC_EALG_3DESCBC:
|
case IKE_EALG_3DESCBC:
|
||||||
case EFI_IPSEC_EALG_AESCBC:
|
case IKE_EALG_AESCBC:
|
||||||
//
|
//
|
||||||
// TODO: support these algorithms
|
// TODO: support these algorithms
|
||||||
//
|
//
|
||||||
|
@ -296,12 +296,12 @@ IpSecEspEncryptPayload (
|
||||||
to be trimed on input, and without ESP header
|
to be trimed on input, and without ESP header
|
||||||
on return.
|
on return.
|
||||||
@param[out] LastHead The Last Header in IP header on return.
|
@param[out] LastHead The Last Header in IP header on return.
|
||||||
@param[in] OptionsBuffer Pointer to the options buffer. It is optional.
|
@param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
|
||||||
@param[in] OptionsLength Length of the options buffer. It is optional.
|
@param[in, out] OptionsLength Length of the options buffer. It is optional.
|
||||||
@param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec
|
@param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec
|
||||||
protected on input, and without IPsec protected
|
protected on input, and without IPsec protected
|
||||||
on return.
|
on return.
|
||||||
@param[in] FragmentCount The number of fragments.
|
@param[in, out] FragmentCount The number of fragments.
|
||||||
@param[out] SpdEntry Pointer to contain the address of SPD entry on return.
|
@param[out] SpdEntry Pointer to contain the address of SPD entry on return.
|
||||||
@param[out] RecycleEvent The event for recycling of resources.
|
@param[out] RecycleEvent The event for recycling of resources.
|
||||||
|
|
||||||
|
@ -318,10 +318,10 @@ IpSecEspInboundPacket (
|
||||||
IN UINT8 IpVersion,
|
IN UINT8 IpVersion,
|
||||||
IN OUT VOID *IpHead,
|
IN OUT VOID *IpHead,
|
||||||
OUT UINT8 *LastHead,
|
OUT UINT8 *LastHead,
|
||||||
IN VOID *OptionsBuffer, OPTIONAL
|
IN OUT VOID **OptionsBuffer, OPTIONAL
|
||||||
IN UINT32 OptionsLength, OPTIONAL
|
IN OUT UINT32 *OptionsLength, OPTIONAL
|
||||||
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
||||||
IN UINT32 *FragmentCount,
|
IN OUT UINT32 *FragmentCount,
|
||||||
OUT IPSEC_SPD_ENTRY **SpdEntry,
|
OUT IPSEC_SPD_ENTRY **SpdEntry,
|
||||||
OUT EFI_EVENT *RecycleEvent
|
OUT EFI_EVENT *RecycleEvent
|
||||||
)
|
)
|
||||||
|
@ -558,13 +558,13 @@ ON_EXIT:
|
||||||
@param[in, out] IpHead Points to IP header containing the orginal IP header
|
@param[in, out] IpHead Points to IP header containing the orginal IP header
|
||||||
to be processed on input, and inserted ESP header
|
to be processed on input, and inserted ESP header
|
||||||
on return.
|
on return.
|
||||||
@param[in] LastHead The Last Header in IP header.
|
@param[in, out] LastHead The Last Header in IP header.
|
||||||
@param[in] OptionsBuffer Pointer to the options buffer. It is optional.
|
@param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
|
||||||
@param[in] OptionsLength Length of the options buffer. It is optional.
|
@param[in, out] OptionsLength Length of the options buffer. It is optional.
|
||||||
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by
|
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by
|
||||||
IPsec on input, and with IPsec protected
|
IPsec on input, and with IPsec protected
|
||||||
on return.
|
on return.
|
||||||
@param[in] FragmentCount The number of fragments.
|
@param[in, out] FragmentCount The number of fragments.
|
||||||
@param[in] SadEntry The related SAD entry.
|
@param[in] SadEntry The related SAD entry.
|
||||||
@param[out] RecycleEvent The event for recycling of resources.
|
@param[out] RecycleEvent The event for recycling of resources.
|
||||||
|
|
||||||
|
@ -576,11 +576,11 @@ EFI_STATUS
|
||||||
IpSecEspOutboundPacket (
|
IpSecEspOutboundPacket (
|
||||||
IN UINT8 IpVersion,
|
IN UINT8 IpVersion,
|
||||||
IN OUT VOID *IpHead,
|
IN OUT VOID *IpHead,
|
||||||
IN UINT8 *LastHead,
|
IN OUT UINT8 *LastHead,
|
||||||
IN VOID *OptionsBuffer, OPTIONAL
|
IN OUT VOID **OptionsBuffer, OPTIONAL
|
||||||
IN UINT32 OptionsLength, OPTIONAL
|
IN OUT UINT32 *OptionsLength, OPTIONAL
|
||||||
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
||||||
IN UINT32 *FragmentCount,
|
IN OUT UINT32 *FragmentCount,
|
||||||
IN IPSEC_SAD_ENTRY *SadEntry,
|
IN IPSEC_SAD_ENTRY *SadEntry,
|
||||||
OUT EFI_EVENT *RecycleEvent
|
OUT EFI_EVENT *RecycleEvent
|
||||||
)
|
)
|
||||||
|
@ -825,29 +825,29 @@ ON_EXIT:
|
||||||
@param[in, out] IpHead Points to IP header containing the ESP/AH header
|
@param[in, out] IpHead Points to IP header containing the ESP/AH header
|
||||||
to be trimed on input, and without ESP/AH header
|
to be trimed on input, and without ESP/AH header
|
||||||
on return.
|
on return.
|
||||||
@param[in] LastHead The Last Header in IP header on return.
|
@param[out] LastHead The Last Header in IP header on return.
|
||||||
@param[in] OptionsBuffer Pointer to the options buffer. It is optional.
|
@param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
|
||||||
@param[in] OptionsLength Length of the options buffer. It is optional.
|
@param[in, out] OptionsLength Length of the options buffer. It is optional.
|
||||||
@param[in, out] FragmentTable Pointer to a list of fragments in form of IPsec
|
@param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec
|
||||||
protected on input, and without IPsec protected
|
protected on input, and without IPsec protected
|
||||||
on return.
|
on return.
|
||||||
@param[in] FragmentCount The number of fragments.
|
@param[in, out] FragmentCount Number of fragments.
|
||||||
@param[out] SpdEntry Pointer to contain the address of SPD entry on return.
|
@param[out] SpdEntry Pointer to contain the address of SPD entry on return.
|
||||||
@param[out] RecycleEvent The event for recycling of resources.
|
@param[out] RecycleEvent Event for recycling of resources.
|
||||||
|
|
||||||
@retval EFI_SUCCESS The operation was successful.
|
@retval EFI_SUCCESS The operation is successful.
|
||||||
@retval EFI_UNSUPPORTED The IPSEC protocol is not supported.
|
@retval EFI_UNSUPPORTED If the IPSEC protocol is not supported.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
EFI_STATUS
|
EFI_STATUS
|
||||||
IpSecProtectInboundPacket (
|
IpSecProtectInboundPacket (
|
||||||
IN UINT8 IpVersion,
|
IN UINT8 IpVersion,
|
||||||
IN OUT VOID *IpHead,
|
IN OUT VOID *IpHead,
|
||||||
IN UINT8 *LastHead,
|
OUT UINT8 *LastHead,
|
||||||
IN VOID *OptionsBuffer, OPTIONAL
|
IN OUT VOID **OptionsBuffer, OPTIONAL
|
||||||
IN UINT32 OptionsLength, OPTIONAL
|
IN OUT UINT32 *OptionsLength, OPTIONAL
|
||||||
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
||||||
IN UINT32 *FragmentCount,
|
IN OUT UINT32 *FragmentCount,
|
||||||
OUT IPSEC_SPD_ENTRY **SpdEntry,
|
OUT IPSEC_SPD_ENTRY **SpdEntry,
|
||||||
OUT EFI_EVENT *RecycleEvent
|
OUT EFI_EVENT *RecycleEvent
|
||||||
)
|
)
|
||||||
|
@ -875,26 +875,26 @@ IpSecProtectInboundPacket (
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
This function processes the output traffic with IPsec.
|
This fucntion processes the output traffic with IPsec.
|
||||||
|
|
||||||
It protected the sending packet by encrypting it payload and inserting ESP/AH header
|
It protected the sending packet by encrypting it payload and inserting ESP/AH header
|
||||||
in the orginal IP header, then returns the IpHeader and IPsec protected Fragmentable.
|
in the orginal IP header, then return the IpHeader and IPsec protected Fragmentable.
|
||||||
|
|
||||||
@param[in] IpVersion The version of IP.
|
@param[in] IpVersion The version of IP.
|
||||||
@param[in, out] IpHead Points to IP header containing the orginal IP header
|
@param[in, out] IpHead Point to IP header containing the orginal IP header
|
||||||
to be processed on input, and inserted ESP/AH header
|
to be processed on input, and inserted ESP/AH header
|
||||||
on return.
|
on return.
|
||||||
@param[in] LastHead The Last Header in the IP header.
|
@param[in, out] LastHead The Last Header in IP header.
|
||||||
@param[in] OptionsBuffer Pointer to the options buffer. It is optional.
|
@param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
|
||||||
@param[in] OptionsLength Length of the options buffer. It is optional.
|
@param[in, out] OptionsLength Length of the options buffer. It is optional.
|
||||||
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by
|
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by
|
||||||
IPsec on input, and with IPsec protected
|
IPsec on input, and with IPsec protected
|
||||||
on return.
|
on return.
|
||||||
@param[in] FragmentCount The number of fragments.
|
@param[in, out] FragmentCount Number of fragments.
|
||||||
@param[in] SadEntry The related SAD entry.
|
@param[in] SadEntry Related SAD entry.
|
||||||
@param[out] RecycleEvent The event for recycling of resources.
|
@param[out] RecycleEvent Event for recycling of resources.
|
||||||
|
|
||||||
@retval EFI_SUCCESS The operation was successful.
|
@retval EFI_SUCCESS The operation is successful.
|
||||||
@retval EFI_UNSUPPORTED If the IPSEC protocol is not supported.
|
@retval EFI_UNSUPPORTED If the IPSEC protocol is not supported.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
@ -902,11 +902,11 @@ EFI_STATUS
|
||||||
IpSecProtectOutboundPacket (
|
IpSecProtectOutboundPacket (
|
||||||
IN UINT8 IpVersion,
|
IN UINT8 IpVersion,
|
||||||
IN OUT VOID *IpHead,
|
IN OUT VOID *IpHead,
|
||||||
IN UINT8 *LastHead,
|
IN OUT UINT8 *LastHead,
|
||||||
IN VOID *OptionsBuffer, OPTIONAL
|
IN OUT VOID **OptionsBuffer, OPTIONAL
|
||||||
IN UINT32 OptionsLength, OPTIONAL
|
IN OUT UINT32 *OptionsLength, OPTIONAL
|
||||||
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
||||||
IN UINT32 *FragmentCount,
|
IN OUT UINT32 *FragmentCount,
|
||||||
IN IPSEC_SAD_ENTRY *SadEntry,
|
IN IPSEC_SAD_ENTRY *SadEntry,
|
||||||
OUT EFI_EVENT *RecycleEvent
|
OUT EFI_EVENT *RecycleEvent
|
||||||
)
|
)
|
||||||
|
|
Loading…
Reference in New Issue