mirror of https://github.com/acidanthera/audk.git
1. Update IPsec driver to produce EFI_IPSEC2_PROTOCOL which is defined by UEFI errata that will appear in UEFI 2.3 specification after 2.3 errata B and future UEFI Specifications after 2.3.
2. Update IPv6 driver to consume the EFI_IPSEC2_PROTOCOL. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10991 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
parent
780847d128
commit
68d3f2fb61
|
@ -15,7 +15,7 @@
|
|||
|
||||
#include "Ip6Impl.h"
|
||||
|
||||
EFI_IPSEC_PROTOCOL *mIpSec = NULL;
|
||||
EFI_IPSEC2_PROTOCOL *mIpSec = NULL;
|
||||
|
||||
EFI_IP6_PROTOCOL mEfiIp6ProtocolTemplete = {
|
||||
EfiIp6GetModeData,
|
||||
|
|
|
@ -89,7 +89,7 @@
|
|||
|
||||
#define IP6_NO_MAPPING(IpInstance) (!(IpInstance)->Interface->Configured)
|
||||
|
||||
extern EFI_IPSEC_PROTOCOL *mIpSec;
|
||||
extern EFI_IPSEC2_PROTOCOL *mIpSec;
|
||||
|
||||
//
|
||||
// IP6_TXTOKEN_WRAP wraps the upper layer's transmit token.
|
||||
|
|
|
@ -481,11 +481,11 @@ Ip6IpSecFree (
|
|||
actions: bypass the packet, discard the packet, or protect the packet.
|
||||
|
||||
@param[in] IpSb The IP6 service instance.
|
||||
@param[in] Head The caller-supplied IP6 header.
|
||||
@param[in, out] Head The caller-supplied IP6 header.
|
||||
@param[in, out] LastHead The next header field of last IP header.
|
||||
@param[in, out] Netbuf The IP6 packet to be processed by IPsec.
|
||||
@param[in] ExtHdrs The caller-supplied options.
|
||||
@param[in] ExtHdrsLen The length of the option.
|
||||
@param[in, out] ExtHdrs The caller-supplied options.
|
||||
@param[in, out] ExtHdrsLen The length of the option.
|
||||
@param[in] Direction The directionality in an SPD entry,
|
||||
EfiIPsecInBound, or EfiIPsecOutBound.
|
||||
@param[in] Context The token's wrap.
|
||||
|
@ -501,18 +501,20 @@ Ip6IpSecFree (
|
|||
**/
|
||||
EFI_STATUS
|
||||
Ip6IpSecProcessPacket (
|
||||
IN IP6_SERVICE *IpSb,
|
||||
IN EFI_IP6_HEADER *Head,
|
||||
IN OUT UINT8 *LastHead,
|
||||
IN OUT NET_BUF **Netbuf,
|
||||
IN VOID *ExtHdrs,
|
||||
IN UINT32 ExtHdrsLen,
|
||||
IN EFI_IPSEC_TRAFFIC_DIR Direction,
|
||||
IN VOID *Context
|
||||
IN IP6_SERVICE *IpSb,
|
||||
IN OUT EFI_IP6_HEADER **Head,
|
||||
IN OUT UINT8 *LastHead,
|
||||
IN OUT NET_BUF **Netbuf,
|
||||
IN OUT UINT8 **ExtHdrs,
|
||||
IN OUT UINT32 *ExtHdrsLen,
|
||||
IN EFI_IPSEC_TRAFFIC_DIR Direction,
|
||||
IN VOID *Context
|
||||
)
|
||||
{
|
||||
NET_FRAGMENT *FragmentTable;
|
||||
NET_FRAGMENT *OriginalFragmentTable;
|
||||
UINT32 FragmentCount;
|
||||
UINT32 OriginalFragmentCount;
|
||||
EFI_EVENT RecycleEvent;
|
||||
NET_BUF *Packet;
|
||||
IP6_TXTOKEN_WRAP *TxWrap;
|
||||
|
@ -520,6 +522,7 @@ Ip6IpSecProcessPacket (
|
|||
EFI_STATUS Status;
|
||||
EFI_IP6_HEADER *PacketHead;
|
||||
UINT8 *Buf;
|
||||
EFI_IP6_HEADER ZeroHead;
|
||||
|
||||
Status = EFI_SUCCESS;
|
||||
Packet = *Netbuf;
|
||||
|
@ -530,6 +533,7 @@ Ip6IpSecProcessPacket (
|
|||
Buf = NULL;
|
||||
TxWrap = (IP6_TXTOKEN_WRAP *) Context;
|
||||
FragmentCount = Packet->BlockOpNum;
|
||||
ZeroMem (&ZeroHead, sizeof (EFI_IP6_HEADER));
|
||||
|
||||
if (mIpSec == NULL) {
|
||||
gBS->LocateProtocol (&gEfiIpSecProtocolGuid, NULL, (VOID **) &mIpSec);
|
||||
|
@ -562,7 +566,7 @@ Ip6IpSecProcessPacket (
|
|||
//
|
||||
// Bypass all multicast inbound or outbound traffic.
|
||||
//
|
||||
if (IP6_IS_MULTICAST (&Head->DestinationAddress) || IP6_IS_MULTICAST (&Head->SourceAddress)) {
|
||||
if (IP6_IS_MULTICAST (&(*Head)->DestinationAddress) || IP6_IS_MULTICAST (&(*Head)->SourceAddress)) {
|
||||
goto ON_EXIT;
|
||||
}
|
||||
|
||||
|
@ -577,6 +581,8 @@ Ip6IpSecProcessPacket (
|
|||
}
|
||||
|
||||
Status = NetbufBuildExt (Packet, FragmentTable, &FragmentCount);
|
||||
OriginalFragmentTable = FragmentTable;
|
||||
OriginalFragmentCount = FragmentCount;
|
||||
|
||||
if (EFI_ERROR(Status)) {
|
||||
FreePool (FragmentTable);
|
||||
|
@ -586,16 +592,16 @@ Ip6IpSecProcessPacket (
|
|||
//
|
||||
// Convert host byte order to network byte order
|
||||
//
|
||||
Ip6NtohHead (Head);
|
||||
Ip6NtohHead (*Head);
|
||||
|
||||
Status = mIpSec->Process (
|
||||
Status = mIpSec->ProcessExt (
|
||||
mIpSec,
|
||||
IpSb->Controller,
|
||||
IP_VERSION_6,
|
||||
(VOID *) Head,
|
||||
(VOID *) (*Head),
|
||||
LastHead,
|
||||
NULL,
|
||||
0,
|
||||
(VOID **) ExtHdrs,
|
||||
ExtHdrsLen,
|
||||
(EFI_IPSEC_FRAGMENT_DATA **) (&FragmentTable),
|
||||
&FragmentCount,
|
||||
Direction,
|
||||
|
@ -604,14 +610,20 @@ Ip6IpSecProcessPacket (
|
|||
//
|
||||
// Convert back to host byte order
|
||||
//
|
||||
Ip6NtohHead (Head);
|
||||
Ip6NtohHead (*Head);
|
||||
|
||||
if (EFI_ERROR (Status)) {
|
||||
goto ON_EXIT;
|
||||
}
|
||||
|
||||
if (Direction == EfiIPsecOutBound && TxWrap != NULL) {
|
||||
if (OriginalFragmentCount == FragmentCount && OriginalFragmentTable == FragmentTable) {
|
||||
//
|
||||
// For ByPass Packet
|
||||
//
|
||||
goto ON_EXIT;
|
||||
}
|
||||
|
||||
if (Direction == EfiIPsecOutBound && TxWrap != NULL) {
|
||||
TxWrap->IpSecRecycleSignal = RecycleEvent;
|
||||
TxWrap->Packet = NetbufFromExt (
|
||||
FragmentTable,
|
||||
|
@ -626,6 +638,13 @@ Ip6IpSecProcessPacket (
|
|||
goto ON_EXIT;
|
||||
}
|
||||
|
||||
CopyMem (
|
||||
IP6_GET_CLIP_INFO (TxWrap->Packet),
|
||||
IP6_GET_CLIP_INFO (Packet),
|
||||
sizeof (IP6_CLIP_INFO)
|
||||
);
|
||||
|
||||
NetIpSecNetbufFree(Packet);
|
||||
*Netbuf = TxWrap->Packet;
|
||||
|
||||
} else {
|
||||
|
@ -652,11 +671,11 @@ Ip6IpSecProcessPacket (
|
|||
goto ON_EXIT;
|
||||
}
|
||||
|
||||
if (Direction == EfiIPsecInBound) {
|
||||
if (Direction == EfiIPsecInBound && 0 != CompareMem (&ZeroHead, *Head, sizeof (EFI_IP6_HEADER))) {
|
||||
|
||||
PacketHead = (EFI_IP6_HEADER *) NetbufAllocSpace (
|
||||
Packet,
|
||||
sizeof (EFI_IP6_HEADER) + ExtHdrsLen,
|
||||
sizeof (EFI_IP6_HEADER) + *ExtHdrsLen,
|
||||
NET_BUF_HEAD
|
||||
);
|
||||
if (PacketHead == NULL) {
|
||||
|
@ -664,22 +683,22 @@ Ip6IpSecProcessPacket (
|
|||
goto ON_EXIT;
|
||||
}
|
||||
|
||||
CopyMem (PacketHead, Head, sizeof (EFI_IP6_HEADER));
|
||||
CopyMem (PacketHead, *Head, sizeof (EFI_IP6_HEADER));
|
||||
*Head = PacketHead;
|
||||
Packet->Ip.Ip6 = PacketHead;
|
||||
|
||||
if (ExtHdrs != NULL) {
|
||||
if (*ExtHdrs != NULL) {
|
||||
Buf = (UINT8 *) (PacketHead + 1);
|
||||
CopyMem (Buf, ExtHdrs, ExtHdrsLen);
|
||||
CopyMem (Buf, *ExtHdrs, *ExtHdrsLen);
|
||||
}
|
||||
|
||||
NetbufTrim (Packet, sizeof (EFI_IP6_HEADER) + ExtHdrsLen, TRUE);
|
||||
NetbufTrim (Packet, sizeof (EFI_IP6_HEADER) + *ExtHdrsLen, TRUE);
|
||||
CopyMem (
|
||||
IP6_GET_CLIP_INFO (Packet),
|
||||
IP6_GET_CLIP_INFO (IpSecWrap->Packet),
|
||||
sizeof (IP6_CLIP_INFO)
|
||||
);
|
||||
}
|
||||
|
||||
*Netbuf = Packet;
|
||||
}
|
||||
|
||||
|
@ -688,73 +707,72 @@ ON_EXIT:
|
|||
}
|
||||
|
||||
/**
|
||||
The IP6 input routine. It is called by the IP6_INTERFACE when an
|
||||
IP6 fragment is received from MNP.
|
||||
Pre-process the IPv6 packet. First validates the IPv6 packet, and
|
||||
then reassembles packet if it is necessary.
|
||||
|
||||
@param[in] Packet The IP6 packet received.
|
||||
@param[in] IoStatus The return status of receive request.
|
||||
@param[in] Flag The link layer flag for the packet received, such
|
||||
as multicast.
|
||||
@param[in] Context The IP6 service instance that owns the MNP.
|
||||
@param[in] IpSb The IP6 service instance.
|
||||
@param[in, out] Packet The received IP6 packet to be processed.
|
||||
@param[in] Flag The link layer flag for the packet received, such
|
||||
as multicast.
|
||||
@param[out] Payload The pointer to the payload of the recieved packet.
|
||||
it starts from the first byte of the extension header.
|
||||
@param[out] LastHead The pointer of NextHeader of the last extension
|
||||
header processed by IP6.
|
||||
@param[out] ExtHdrsLen The length of the whole option.
|
||||
@param[out] UnFragmentLen The length of unfragmented length of extension headers.
|
||||
@param[out] Fragmented Indicate whether the packet is fragmented.
|
||||
@param[out] Head The pointer to the EFI_IP6_Header.
|
||||
|
||||
@retval EFI_SUCCESS The received packet is well format.
|
||||
@retval EFI_INVALID_PARAMETER The received packet is malformed.
|
||||
|
||||
**/
|
||||
VOID
|
||||
Ip6AcceptFrame (
|
||||
IN NET_BUF *Packet,
|
||||
IN EFI_STATUS IoStatus,
|
||||
IN UINT32 Flag,
|
||||
IN VOID *Context
|
||||
EFI_STATUS
|
||||
Ip6PreProcessPacket (
|
||||
IN IP6_SERVICE *IpSb,
|
||||
IN OUT NET_BUF **Packet,
|
||||
IN UINT32 Flag,
|
||||
OUT UINT8 **Payload,
|
||||
OUT UINT8 **LastHead,
|
||||
OUT UINT32 *ExtHdrsLen,
|
||||
OUT UINT32 *UnFragmentLen,
|
||||
OUT BOOLEAN *Fragmented,
|
||||
OUT EFI_IP6_HEADER **Head
|
||||
|
||||
|
||||
)
|
||||
{
|
||||
IP6_SERVICE *IpSb;
|
||||
IP6_CLIP_INFO *Info;
|
||||
EFI_IP6_HEADER *Head;
|
||||
UINT16 PayloadLen;
|
||||
UINT8 *Payload;
|
||||
UINT16 TotalLen;
|
||||
UINT8 *LastHead;
|
||||
UINT32 FormerHeadOffset;
|
||||
UINT32 UnFragmentLen;
|
||||
UINT32 ExtHdrsLen;
|
||||
UINT32 HeadLen;
|
||||
BOOLEAN Fragmented;
|
||||
IP6_FRAGMENT_HEADER *FragmentHead;
|
||||
UINT16 FragmentOffset;
|
||||
EFI_STATUS Status;
|
||||
IP6_CLIP_INFO *Info;
|
||||
EFI_IPv6_ADDRESS Loopback;
|
||||
|
||||
IpSb = (IP6_SERVICE *) Context;
|
||||
NET_CHECK_SIGNATURE (IpSb, IP6_SERVICE_SIGNATURE);
|
||||
|
||||
Payload = NULL;
|
||||
|
||||
//
|
||||
// Check input parameters
|
||||
//
|
||||
if (EFI_ERROR (IoStatus) || (IpSb->State == IP6_SERVICE_DESTROY)) {
|
||||
goto Drop;
|
||||
}
|
||||
|
||||
HeadLen = 0;
|
||||
PayloadLen = 0;
|
||||
//
|
||||
// Check whether the input packet is a valid packet
|
||||
//
|
||||
if (Packet->TotalSize < IP6_MIN_HEADLEN) {
|
||||
goto Restart;
|
||||
if ((*Packet)->TotalSize < IP6_MIN_HEADLEN) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
//
|
||||
// Get header information of the packet.
|
||||
//
|
||||
Head = (EFI_IP6_HEADER *) NetbufGetByte (Packet, 0, NULL);
|
||||
if (Head == NULL) {
|
||||
goto Restart;
|
||||
*Head = (EFI_IP6_HEADER *) NetbufGetByte (*Packet, 0, NULL);
|
||||
if (*Head == NULL) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
//
|
||||
// Multicast addresses must not be used as source addresses in IPv6 packets.
|
||||
//
|
||||
if ((Head->Version != 6) || (IP6_IS_MULTICAST (&Head->SourceAddress))) {
|
||||
goto Restart;
|
||||
if (((*Head)->Version != 6) || (IP6_IS_MULTICAST (&(*Head)->SourceAddress))) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
//
|
||||
|
@ -762,20 +780,20 @@ Ip6AcceptFrame (
|
|||
//
|
||||
ZeroMem (&Loopback, sizeof (EFI_IPv6_ADDRESS));
|
||||
Loopback.Addr[15] = 0x1;
|
||||
if ((CompareMem (&Loopback, &Head->DestinationAddress, sizeof (EFI_IPv6_ADDRESS)) == 0) ||
|
||||
(NetIp6IsUnspecifiedAddr (&Head->DestinationAddress))) {
|
||||
goto Restart;
|
||||
if ((CompareMem (&Loopback, &(*Head)->DestinationAddress, sizeof (EFI_IPv6_ADDRESS)) == 0) ||
|
||||
(NetIp6IsUnspecifiedAddr (&(*Head)->DestinationAddress))) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
//
|
||||
// Convert the IP header to host byte order.
|
||||
//
|
||||
Packet->Ip.Ip6 = Ip6NtohHead (Head);
|
||||
(*Packet)->Ip.Ip6 = Ip6NtohHead (*Head);
|
||||
|
||||
//
|
||||
// Get the per packet info.
|
||||
//
|
||||
Info = IP6_GET_CLIP_INFO (Packet);
|
||||
Info = IP6_GET_CLIP_INFO (*Packet);
|
||||
Info->LinkFlag = Flag;
|
||||
Info->CastType = 0;
|
||||
|
||||
|
@ -783,10 +801,10 @@ Ip6AcceptFrame (
|
|||
Info->CastType = Ip6Promiscuous;
|
||||
}
|
||||
|
||||
if (Ip6IsOneOfSetAddress (IpSb, &Head->DestinationAddress, NULL, NULL)) {
|
||||
if (Ip6IsOneOfSetAddress (IpSb, &(*Head)->DestinationAddress, NULL, NULL)) {
|
||||
Info->CastType = Ip6Unicast;
|
||||
} else if (IP6_IS_MULTICAST (&Head->DestinationAddress)) {
|
||||
if (Ip6FindMldEntry (IpSb, &Head->DestinationAddress) != NULL) {
|
||||
} else if (IP6_IS_MULTICAST (&(*Head)->DestinationAddress)) {
|
||||
if (Ip6FindMldEntry (IpSb, &(*Head)->DestinationAddress) != NULL) {
|
||||
Info->CastType = Ip6Multicast;
|
||||
}
|
||||
}
|
||||
|
@ -795,11 +813,11 @@ Ip6AcceptFrame (
|
|||
// Drop the packet that is not delivered to us.
|
||||
//
|
||||
if (Info->CastType == 0) {
|
||||
goto Restart;
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
|
||||
PayloadLen = Head->PayloadLength;
|
||||
PayloadLen = (*Head)->PayloadLength;
|
||||
|
||||
Info->Start = 0;
|
||||
Info->Length = PayloadLen;
|
||||
|
@ -813,52 +831,51 @@ Ip6AcceptFrame (
|
|||
//
|
||||
// Mnp may deliver frame trailer sequence up, trim it off.
|
||||
//
|
||||
if (TotalLen < Packet->TotalSize) {
|
||||
NetbufTrim (Packet, Packet->TotalSize - TotalLen, FALSE);
|
||||
if (TotalLen < (*Packet)->TotalSize) {
|
||||
NetbufTrim (*Packet, (*Packet)->TotalSize - TotalLen, FALSE);
|
||||
}
|
||||
|
||||
if (TotalLen != Packet->TotalSize) {
|
||||
goto Restart;
|
||||
if (TotalLen != (*Packet)->TotalSize) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
//
|
||||
// Check the extension headers, if exist validate them
|
||||
//
|
||||
if (PayloadLen != 0) {
|
||||
Payload = AllocatePool ((UINTN) PayloadLen);
|
||||
if (Payload == NULL) {
|
||||
goto Restart;
|
||||
*Payload = AllocatePool ((UINTN) PayloadLen);
|
||||
if (*Payload == NULL) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
NetbufCopy (Packet, sizeof (EFI_IP6_HEADER), PayloadLen, Payload);
|
||||
NetbufCopy (*Packet, sizeof (EFI_IP6_HEADER), PayloadLen, *Payload);
|
||||
}
|
||||
|
||||
LastHead = NULL;
|
||||
if (!Ip6IsExtsValid (
|
||||
IpSb,
|
||||
Packet,
|
||||
&Head->NextHeader,
|
||||
Payload,
|
||||
*Packet,
|
||||
&(*Head)->NextHeader,
|
||||
*Payload,
|
||||
(UINT32) PayloadLen,
|
||||
TRUE,
|
||||
&FormerHeadOffset,
|
||||
&LastHead,
|
||||
&ExtHdrsLen,
|
||||
&UnFragmentLen,
|
||||
&Fragmented
|
||||
LastHead,
|
||||
ExtHdrsLen,
|
||||
UnFragmentLen,
|
||||
Fragmented
|
||||
)) {
|
||||
goto Restart;
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
HeadLen = sizeof (EFI_IP6_HEADER) + UnFragmentLen;
|
||||
HeadLen = sizeof (EFI_IP6_HEADER) + *UnFragmentLen;
|
||||
|
||||
if (Fragmented) {
|
||||
if (*Fragmented) {
|
||||
//
|
||||
// Get the fragment offset from the Fragment header
|
||||
//
|
||||
FragmentHead = (IP6_FRAGMENT_HEADER *) NetbufGetByte (Packet, HeadLen, NULL);
|
||||
FragmentHead = (IP6_FRAGMENT_HEADER *) NetbufGetByte (*Packet, HeadLen, NULL);
|
||||
if (FragmentHead == NULL) {
|
||||
goto Restart;
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
FragmentOffset = NTOHS (FragmentHead->FragmentOffset);
|
||||
|
@ -888,49 +905,49 @@ Ip6AcceptFrame (
|
|||
// Fragments should in the unit of 8 octets long except the last one.
|
||||
//
|
||||
if ((Info->LastFrag == 0) && (Info->Length % 8 != 0)) {
|
||||
goto Restart;
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
//
|
||||
// Reassemble the packet.
|
||||
//
|
||||
Packet = Ip6Reassemble (&IpSb->Assemble, Packet);
|
||||
if (Packet == NULL) {
|
||||
goto Restart;
|
||||
*Packet = Ip6Reassemble (&IpSb->Assemble, *Packet);
|
||||
if (*Packet == NULL) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
//
|
||||
// Re-check the assembled packet to get the right values.
|
||||
//
|
||||
Head = Packet->Ip.Ip6;
|
||||
PayloadLen = Head->PayloadLength;
|
||||
*Head = (*Packet)->Ip.Ip6;
|
||||
PayloadLen = (*Head)->PayloadLength;
|
||||
if (PayloadLen != 0) {
|
||||
if (Payload != NULL) {
|
||||
FreePool (Payload);
|
||||
if (*Payload != NULL) {
|
||||
FreePool (*Payload);
|
||||
}
|
||||
|
||||
Payload = AllocatePool ((UINTN) PayloadLen);
|
||||
if (Payload == NULL) {
|
||||
goto Restart;
|
||||
*Payload = AllocatePool ((UINTN) PayloadLen);
|
||||
if (*Payload == NULL) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
NetbufCopy (Packet, sizeof (EFI_IP6_HEADER), PayloadLen, Payload);
|
||||
NetbufCopy (*Packet, sizeof (EFI_IP6_HEADER), PayloadLen, *Payload);
|
||||
}
|
||||
|
||||
if (!Ip6IsExtsValid (
|
||||
IpSb,
|
||||
Packet,
|
||||
&Head->NextHeader,
|
||||
Payload,
|
||||
*Packet,
|
||||
&(*Head)->NextHeader,
|
||||
*Payload,
|
||||
(UINT32) PayloadLen,
|
||||
TRUE,
|
||||
NULL,
|
||||
&LastHead,
|
||||
&ExtHdrsLen,
|
||||
&UnFragmentLen,
|
||||
&Fragmented
|
||||
LastHead,
|
||||
ExtHdrsLen,
|
||||
UnFragmentLen,
|
||||
Fragmented
|
||||
)) {
|
||||
goto Restart;
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -938,30 +955,109 @@ Ip6AcceptFrame (
|
|||
// Trim the head off, after this point, the packet is headless.
|
||||
// and Packet->TotalLen == Info->Length.
|
||||
//
|
||||
NetbufTrim (Packet, sizeof (EFI_IP6_HEADER) + ExtHdrsLen, TRUE);
|
||||
NetbufTrim (*Packet, sizeof (EFI_IP6_HEADER) + *ExtHdrsLen, TRUE);
|
||||
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
The IP6 input routine. It is called by the IP6_INTERFACE when an
|
||||
IP6 fragment is received from MNP.
|
||||
|
||||
@param[in] Packet The IP6 packet received.
|
||||
@param[in] IoStatus The return status of receive request.
|
||||
@param[in] Flag The link layer flag for the packet received, such
|
||||
as multicast.
|
||||
@param[in] Context The IP6 service instance that owns the MNP.
|
||||
|
||||
**/
|
||||
VOID
|
||||
Ip6AcceptFrame (
|
||||
IN NET_BUF *Packet,
|
||||
IN EFI_STATUS IoStatus,
|
||||
IN UINT32 Flag,
|
||||
IN VOID *Context
|
||||
)
|
||||
{
|
||||
IP6_SERVICE *IpSb;
|
||||
EFI_IP6_HEADER *Head;
|
||||
UINT8 *Payload;
|
||||
UINT8 *LastHead;
|
||||
UINT32 UnFragmentLen;
|
||||
UINT32 ExtHdrsLen;
|
||||
BOOLEAN Fragmented;
|
||||
EFI_STATUS Status;
|
||||
EFI_IP6_HEADER ZeroHead;
|
||||
|
||||
IpSb = (IP6_SERVICE *) Context;
|
||||
NET_CHECK_SIGNATURE (IpSb, IP6_SERVICE_SIGNATURE);
|
||||
|
||||
Payload = NULL;
|
||||
LastHead = NULL;
|
||||
|
||||
//
|
||||
// Check input parameters
|
||||
//
|
||||
if (EFI_ERROR (IoStatus) || (IpSb->State == IP6_SERVICE_DESTROY)) {
|
||||
goto Drop;
|
||||
}
|
||||
|
||||
//
|
||||
// Pre-Process the Ipv6 Packet and then reassemble if it is necessary.
|
||||
//
|
||||
Status = Ip6PreProcessPacket (
|
||||
IpSb,
|
||||
&Packet,
|
||||
Flag,
|
||||
&Payload,
|
||||
&LastHead,
|
||||
&ExtHdrsLen,
|
||||
&UnFragmentLen,
|
||||
&Fragmented,
|
||||
&Head
|
||||
);
|
||||
if (EFI_ERROR (Status)) {
|
||||
goto Restart;
|
||||
}
|
||||
//
|
||||
// After trim off, the packet is a esp/ah/udp/tcp/icmp6 net buffer,
|
||||
// and no need consider any other ahead ext headers.
|
||||
//
|
||||
Status = Ip6IpSecProcessPacket (
|
||||
IpSb,
|
||||
Head,
|
||||
&Head,
|
||||
LastHead, // need get the lasthead value for input
|
||||
&Packet,
|
||||
NULL,
|
||||
0,
|
||||
&Payload,
|
||||
&ExtHdrsLen,
|
||||
EfiIPsecInBound,
|
||||
NULL
|
||||
);
|
||||
|
||||
if (EFI_ERROR(Status)) {
|
||||
if (EFI_ERROR (Status)) {
|
||||
goto Restart;
|
||||
}
|
||||
|
||||
//
|
||||
// TODO: may check the last head again, the same as the output routine
|
||||
// If the packet is protected by IPsec Tunnel Mode, Check the Inner Ip Packet.
|
||||
//
|
||||
ZeroMem (&ZeroHead, sizeof (EFI_IP6_HEADER));
|
||||
if (0 == CompareMem (Head, &ZeroHead, sizeof (EFI_IP6_HEADER))) {
|
||||
Status = Ip6PreProcessPacket (
|
||||
IpSb,
|
||||
&Packet,
|
||||
Flag,
|
||||
&Payload,
|
||||
&LastHead,
|
||||
&ExtHdrsLen,
|
||||
&UnFragmentLen,
|
||||
&Fragmented,
|
||||
&Head
|
||||
);
|
||||
if (EFI_ERROR (Status)) {
|
||||
goto Restart;
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// Packet may have been changed. The ownership of the packet
|
||||
|
|
|
@ -137,39 +137,39 @@ Ip6InstanceDeliverPacket (
|
|||
);
|
||||
|
||||
/**
|
||||
The work function to locate IPsec protocol to process the inbound or
|
||||
outbound IP packets. The process routine handls the packet with the following
|
||||
The work function to locate the IPsec protocol to process the inbound or
|
||||
outbound IP packets. The process routine handles the packet with the following
|
||||
actions: bypass the packet, discard the packet, or protect the packet.
|
||||
|
||||
@param[in] IpSb The IP6 service instance.
|
||||
@param[in] Head The caller supplied IP6 header.
|
||||
@param[in, out] Head The caller-supplied IP6 header.
|
||||
@param[in, out] LastHead The next header field of last IP header.
|
||||
@param[in, out] Netbuf The IP6 packet to be processed by IPsec.
|
||||
@param[in] ExtHdrs The caller supplied options.
|
||||
@param[in] ExtHdrsLen The length of the option.
|
||||
@param[in, out] ExtHdrs The caller-supplied options.
|
||||
@param[in, out] ExtHdrsLen The length of the option.
|
||||
@param[in] Direction The directionality in an SPD entry,
|
||||
EfiIPsecInBound or EfiIPsecOutBound.
|
||||
EfiIPsecInBound, or EfiIPsecOutBound.
|
||||
@param[in] Context The token's wrap.
|
||||
|
||||
@retval EFI_SUCCESS The IPsec protocol is not available or disabled.
|
||||
@retval EFI_SUCCESS The packet was bypassed and all buffers remain the same.
|
||||
@retval EFI_SUCCESS The packet was bypassed, and all buffers remain the same.
|
||||
@retval EFI_SUCCESS The packet was protected.
|
||||
@retval EFI_ACCESS_DENIED The packet was discarded.
|
||||
@retval EFI_OUT_OF_RESOURCES There are not suffcient resources to complete the operation.
|
||||
@retval EFI_BUFFER_TOO_SMALL The number of non-empty block is bigger than the
|
||||
@retval EFI_BUFFER_TOO_SMALL The number of non-empty blocks is bigger than the
|
||||
number of input data blocks when building a fragment table.
|
||||
|
||||
**/
|
||||
EFI_STATUS
|
||||
Ip6IpSecProcessPacket (
|
||||
IN IP6_SERVICE *IpSb,
|
||||
IN EFI_IP6_HEADER *Head,
|
||||
IN OUT UINT8 *LastHead,
|
||||
IN OUT NET_BUF **Netbuf,
|
||||
IN VOID *ExtHdrs,
|
||||
IN UINT32 ExtHdrsLen,
|
||||
IN EFI_IPSEC_TRAFFIC_DIR Direction,
|
||||
IN VOID *Context
|
||||
IN IP6_SERVICE *IpSb,
|
||||
IN OUT EFI_IP6_HEADER **Head,
|
||||
IN OUT UINT8 *LastHead,
|
||||
IN OUT NET_BUF **Netbuf,
|
||||
IN OUT UINT8 **ExtHdrs,
|
||||
IN OUT UINT32 *ExtHdrsLen,
|
||||
IN EFI_IPSEC_TRAFFIC_DIR Direction,
|
||||
IN VOID *Context
|
||||
);
|
||||
|
||||
/**
|
||||
|
|
|
@ -638,11 +638,11 @@ Ip6Output (
|
|||
|
||||
Status = Ip6IpSecProcessPacket (
|
||||
IpSb,
|
||||
Head,
|
||||
&Head,
|
||||
LastHeader, // no need get the lasthead value for output
|
||||
&Packet,
|
||||
ExtHdrs,
|
||||
ExtHdrsLen,
|
||||
&ExtHdrs,
|
||||
&ExtHdrsLen,
|
||||
EfiIPsecOutBound,
|
||||
Context
|
||||
);
|
||||
|
|
|
@ -2365,7 +2365,7 @@ EfiIpSecConfigGetNextSelector (
|
|||
NET_LIST_FOR_EACH (Link, &mConfigData[DataType]) {
|
||||
CommonEntry = BASE_CR (Link, IPSEC_COMMON_POLICY_ENTRY, List);
|
||||
|
||||
if (IsFound || mIsZeroSelector[DataType](Selector)) {
|
||||
if (IsFound || (BOOLEAN)(mIsZeroSelector[DataType](Selector))) {
|
||||
//
|
||||
// If found the appointed entry, then duplicate the next one and return,
|
||||
// or if the appointed entry is zero, then return the first one directly.
|
||||
|
|
|
@ -18,15 +18,15 @@
|
|||
// Alogrithm's informations for the Encrypt/Decrpt Alogrithm.
|
||||
//
|
||||
ENCRYPT_ALGORITHM mIpsecEncryptAlgorithmList[IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE] = {
|
||||
{EFI_IPSEC_EALG_NULL, 0, 0, 1, NULL, NULL, NULL, NULL},
|
||||
{IKE_EALG_NULL, 0, 0, 1, NULL, NULL, NULL, NULL},
|
||||
{(UINT8)-1, 0, 0, 0, NULL, NULL, NULL, NULL}
|
||||
};
|
||||
//
|
||||
// Alogrithm's informations for the Authentication algorithm
|
||||
//
|
||||
AUTH_ALGORITHM mIpsecAuthAlgorithmList[IPSEC_AUTH_ALGORITHM_LIST_SIZE] = {
|
||||
{EFI_IPSEC_AALG_NONE, 0, 0, 0, NULL, NULL, NULL, NULL},
|
||||
{EFI_IPSEC_AALG_NULL, 0, 0, 0, NULL, NULL, NULL, NULL},
|
||||
{IKE_AALG_NONE, 0, 0, 0, NULL, NULL, NULL, NULL},
|
||||
{IKE_AALG_NULL, 0, 0, 0, NULL, NULL, NULL, NULL},
|
||||
{(UINT8)-1, 0, 0, 0, NULL, NULL, NULL, NULL}
|
||||
};
|
||||
|
||||
|
|
|
@ -22,6 +22,23 @@
|
|||
#define IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE 2
|
||||
#define IPSEC_AUTH_ALGORITHM_LIST_SIZE 3
|
||||
|
||||
///
|
||||
/// Authentication Algorithm Definition
|
||||
/// The number value definition is aligned to IANA assignment
|
||||
///
|
||||
#define IKE_AALG_NONE 0x00
|
||||
#define IKE_AALG_SHA1HMAC 0x02
|
||||
#define IKE_AALG_NULL 0xFB
|
||||
|
||||
///
|
||||
/// Encryption Algorithm Definition
|
||||
/// The number value definition is aligned to IANA assignment
|
||||
///
|
||||
#define IKE_EALG_NONE 0x00
|
||||
#define IKE_EALG_3DESCBC 0x03
|
||||
#define IKE_EALG_NULL 0x0B
|
||||
#define IKE_EALG_AESCBC 0x0C
|
||||
|
||||
/**
|
||||
Prototype of Hash GetContextSize.
|
||||
|
||||
|
|
|
@ -174,7 +174,7 @@ IpSecDriverEntryPoint (
|
|||
{
|
||||
EFI_STATUS Status;
|
||||
IPSEC_PRIVATE_DATA *Private;
|
||||
EFI_IPSEC_PROTOCOL *IpSec;
|
||||
EFI_IPSEC2_PROTOCOL *IpSec;
|
||||
|
||||
//
|
||||
// Check whether ipsec protocol has already been installed.
|
||||
|
@ -218,7 +218,7 @@ IpSecDriverEntryPoint (
|
|||
|
||||
Private->Signature = IPSEC_PRIVATE_DATA_SIGNATURE;
|
||||
Private->ImageHandle = ImageHandle;
|
||||
CopyMem (&Private->IpSec, &mIpSecInstance, sizeof (EFI_IPSEC_PROTOCOL));
|
||||
CopyMem (&Private->IpSec, &mIpSecInstance, sizeof (EFI_IPSEC2_PROTOCOL));
|
||||
|
||||
//
|
||||
// Initilize Private's members. Thess members is used for IKE.
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
#include "IpSecConfigImpl.h"
|
||||
|
||||
EFI_IPSEC_PROTOCOL mIpSecInstance = { IpSecProcess, NULL, TRUE };
|
||||
EFI_IPSEC2_PROTOCOL mIpSecInstance = { IpSecProcess, NULL, TRUE };
|
||||
|
||||
extern LIST_ENTRY mConfigData[IPsecConfigDataTypeMaximum];
|
||||
|
||||
|
@ -656,11 +656,11 @@ IpSecLookupSpdEntry (
|
|||
@param[in] NicHandle Instance of the network interface.
|
||||
@param[in] IpVersion IPV4 or IPV6.
|
||||
@param[in, out] IpHead Pointer to the IP Header.
|
||||
@param[in] LastHead The protocol of the next layer to be processed by IPsec.
|
||||
@param[in] OptionsBuffer Pointer to the options buffer.
|
||||
@param[in] OptionsLength Length of the options buffer.
|
||||
@param[in, out] LastHead The protocol of the next layer to be processed by IPsec.
|
||||
@param[in, out] OptionsBuffer Pointer to the options buffer.
|
||||
@param[in, out] OptionsLength Length of the options buffer.
|
||||
@param[in, out] FragmentTable Pointer to a list of fragments.
|
||||
@param[in] FragmentCount Number of fragments.
|
||||
@param[in, out] FragmentCount Number of fragments.
|
||||
@param[in] TrafficDirection Traffic direction.
|
||||
@param[out] RecycleSignal Event for recycling of resources.
|
||||
|
||||
|
@ -672,15 +672,15 @@ IpSecLookupSpdEntry (
|
|||
EFI_STATUS
|
||||
EFIAPI
|
||||
IpSecProcess (
|
||||
IN EFI_IPSEC_PROTOCOL *This,
|
||||
IN EFI_IPSEC2_PROTOCOL *This,
|
||||
IN EFI_HANDLE NicHandle,
|
||||
IN UINT8 IpVersion,
|
||||
IN OUT VOID *IpHead,
|
||||
IN UINT8 *LastHead,
|
||||
IN VOID *OptionsBuffer,
|
||||
IN UINT32 OptionsLength,
|
||||
IN OUT UINT8 *LastHead,
|
||||
IN OUT VOID **OptionsBuffer,
|
||||
IN OUT UINT32 *OptionsLength,
|
||||
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
||||
IN UINT32 *FragmentCount,
|
||||
IN OUT UINT32 *FragmentCount,
|
||||
IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection,
|
||||
OUT EFI_EVENT *RecycleSignal
|
||||
)
|
||||
|
|
|
@ -88,16 +88,19 @@ struct _IPSEC_SPD_ENTRY {
|
|||
};
|
||||
|
||||
typedef struct _IPSEC_SAD_DATA {
|
||||
EFI_IPSEC_MODE Mode;
|
||||
UINT64 SequenceNumber;
|
||||
UINT8 AntiReplayWindowSize;
|
||||
UINT64 AntiReplayBitmap[4]; // bitmap for received packet
|
||||
EFI_IPSEC_ALGO_INFO AlgoInfo;
|
||||
EFI_IPSEC_SA_LIFETIME SaLifetime;
|
||||
UINT32 PathMTU;
|
||||
IPSEC_SPD_ENTRY *SpdEntry;
|
||||
BOOLEAN ESNEnabled; // Extended (64-bit) SN enabled
|
||||
BOOLEAN ManualSet;
|
||||
EFI_IPSEC_MODE Mode;
|
||||
UINT64 SequenceNumber;
|
||||
UINT8 AntiReplayWindowSize;
|
||||
UINT64 AntiReplayBitmap[4]; // bitmap for received packet
|
||||
EFI_IPSEC_ALGO_INFO AlgoInfo;
|
||||
EFI_IPSEC_SA_LIFETIME SaLifetime;
|
||||
UINT32 PathMTU;
|
||||
IPSEC_SPD_ENTRY *SpdEntry;
|
||||
EFI_IPSEC_SPD_SELECTOR *SpdSelector;
|
||||
BOOLEAN ESNEnabled; // Extended (64-bit) SN enabled
|
||||
BOOLEAN ManualSet;
|
||||
EFI_IP_ADDRESS TunnelDestAddress;
|
||||
EFI_IP_ADDRESS TunnelSourceAddress;
|
||||
} IPSEC_SAD_DATA;
|
||||
|
||||
typedef struct _IPSEC_SAD_ENTRY {
|
||||
|
@ -122,7 +125,7 @@ struct _IPSEC_PRIVATE_DATA {
|
|||
UINT32 Signature;
|
||||
EFI_HANDLE Handle; // Virtual handle to install private prtocol
|
||||
EFI_HANDLE ImageHandle;
|
||||
EFI_IPSEC_PROTOCOL IpSec;
|
||||
EFI_IPSEC2_PROTOCOL IpSec;
|
||||
EFI_IPSEC_CONFIG_PROTOCOL IpSecConfig;
|
||||
BOOLEAN SetBySelf;
|
||||
LIST_ENTRY Udp4List;
|
||||
|
@ -146,13 +149,13 @@ struct _IPSEC_PRIVATE_DATA {
|
|||
@param[in, out] IpHead Points to IP header containing the ESP/AH header
|
||||
to be trimed on input, and without ESP/AH header
|
||||
on return.
|
||||
@param[in] LastHead The Last Header in IP header on return.
|
||||
@param[in] OptionsBuffer Pointer to the options buffer. It is optional.
|
||||
@param[in] OptionsLength Length of the options buffer. It is optional.
|
||||
@param[out] LastHead The Last Header in IP header on return.
|
||||
@param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
|
||||
@param[in, out] OptionsLength Length of the options buffer. It is optional.
|
||||
@param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec
|
||||
protected on input, and without IPsec protected
|
||||
on return.
|
||||
@param[in] FragmentCount Number of fragments.
|
||||
@param[in, out] FragmentCount Number of fragments.
|
||||
@param[out] SpdEntry Pointer to contain the address of SPD entry on return.
|
||||
@param[out] RecycleEvent Event for recycling of resources.
|
||||
|
||||
|
@ -164,11 +167,11 @@ EFI_STATUS
|
|||
IpSecProtectInboundPacket (
|
||||
IN UINT8 IpVersion,
|
||||
IN OUT VOID *IpHead,
|
||||
IN UINT8 *LastHead,
|
||||
IN VOID *OptionsBuffer, OPTIONAL
|
||||
IN UINT32 OptionsLength, OPTIONAL
|
||||
OUT UINT8 *LastHead,
|
||||
IN OUT VOID **OptionsBuffer, OPTIONAL
|
||||
IN OUT UINT32 *OptionsLength, OPTIONAL
|
||||
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
||||
IN UINT32 *FragmentCount,
|
||||
IN OUT UINT32 *FragmentCount,
|
||||
OUT IPSEC_SPD_ENTRY **SpdEntry,
|
||||
OUT EFI_EVENT *RecycleEvent
|
||||
);
|
||||
|
@ -184,13 +187,13 @@ IpSecProtectInboundPacket (
|
|||
@param[in, out] IpHead Point to IP header containing the orginal IP header
|
||||
to be processed on input, and inserted ESP/AH header
|
||||
on return.
|
||||
@param[in] LastHead The Last Header in IP header.
|
||||
@param[in] OptionsBuffer Pointer to the options buffer. It is optional.
|
||||
@param[in] OptionsLength Length of the options buffer. It is optional.
|
||||
@param[in, out] LastHead The Last Header in IP header.
|
||||
@param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
|
||||
@param[in, out] OptionsLength Length of the options buffer. It is optional.
|
||||
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by
|
||||
IPsec on input, and with IPsec protected
|
||||
on return.
|
||||
@param[in] FragmentCount Number of fragments.
|
||||
@param[in, out] FragmentCount Number of fragments.
|
||||
@param[in] SadEntry Related SAD entry.
|
||||
@param[out] RecycleEvent Event for recycling of resources.
|
||||
|
||||
|
@ -202,11 +205,11 @@ EFI_STATUS
|
|||
IpSecProtectOutboundPacket (
|
||||
IN UINT8 IpVersion,
|
||||
IN OUT VOID *IpHead,
|
||||
IN UINT8 *LastHead,
|
||||
IN VOID *OptionsBuffer, OPTIONAL
|
||||
IN UINT32 OptionsLength, OPTIONAL
|
||||
IN OUT UINT8 *LastHead,
|
||||
IN OUT VOID **OptionsBuffer, OPTIONAL
|
||||
IN OUT UINT32 *OptionsLength, OPTIONAL
|
||||
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
||||
IN UINT32 *FragmentCount,
|
||||
IN OUT UINT32 *FragmentCount,
|
||||
IN IPSEC_SAD_ENTRY *SadEntry,
|
||||
OUT EFI_EVENT *RecycleEvent
|
||||
);
|
||||
|
@ -274,11 +277,11 @@ IpSecLookupSadBySpi (
|
|||
@param[in] NicHandle Instance of the network interface.
|
||||
@param[in] IpVersion IPV4 or IPV6.
|
||||
@param[in, out] IpHead Pointer to the IP Header.
|
||||
@param[in] LastHead The protocol of the next layer to be processed by IPsec.
|
||||
@param[in] OptionsBuffer Pointer to the options buffer.
|
||||
@param[in] OptionsLength Length of the options buffer.
|
||||
@param[in, out] LastHead The protocol of the next layer to be processed by IPsec.
|
||||
@param[in, out] OptionsBuffer Pointer to the options buffer.
|
||||
@param[in, out] OptionsLength Length of the options buffer.
|
||||
@param[in, out] FragmentTable Pointer to a list of fragments.
|
||||
@param[in] FragmentCount Number of fragments.
|
||||
@param[in, out] FragmentCount Number of fragments.
|
||||
@param[in] TrafficDirection Traffic direction.
|
||||
@param[out] RecycleSignal Event for recycling of resources.
|
||||
|
||||
|
@ -290,21 +293,21 @@ IpSecLookupSadBySpi (
|
|||
EFI_STATUS
|
||||
EFIAPI
|
||||
IpSecProcess (
|
||||
IN EFI_IPSEC_PROTOCOL *This,
|
||||
IN EFI_IPSEC2_PROTOCOL *This,
|
||||
IN EFI_HANDLE NicHandle,
|
||||
IN UINT8 IpVersion,
|
||||
IN OUT VOID *IpHead,
|
||||
IN UINT8 *LastHead,
|
||||
IN VOID *OptionsBuffer,
|
||||
IN UINT32 OptionsLength,
|
||||
IN OUT UINT8 *LastHead,
|
||||
IN OUT VOID **OptionsBuffer,
|
||||
IN OUT UINT32 *OptionsLength,
|
||||
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
||||
IN UINT32 *FragmentCount,
|
||||
IN OUT UINT32 *FragmentCount,
|
||||
IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection,
|
||||
OUT EFI_EVENT *RecycleSignal
|
||||
);
|
||||
|
||||
extern EFI_DPC_PROTOCOL *mDpc;
|
||||
extern EFI_IPSEC_PROTOCOL mIpSecInstance;
|
||||
extern EFI_IPSEC2_PROTOCOL mIpSecInstance;
|
||||
|
||||
extern EFI_COMPONENT_NAME2_PROTOCOL gIpSecComponentName2;
|
||||
extern EFI_COMPONENT_NAME_PROTOCOL gIpSecComponentName;
|
||||
|
|
|
@ -124,8 +124,8 @@ IpSecAuthPayload (
|
|||
)
|
||||
{
|
||||
switch (AuthAlgId) {
|
||||
case EFI_IPSEC_AALG_NONE :
|
||||
case EFI_IPSEC_AALG_NULL :
|
||||
case IKE_AALG_NONE :
|
||||
case IKE_AALG_NULL :
|
||||
return EFI_SUCCESS;
|
||||
|
||||
default:
|
||||
|
@ -222,15 +222,15 @@ IpSecEspDecryptPayload (
|
|||
EFI_ESP_TAIL *EspTail;
|
||||
|
||||
switch (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId) {
|
||||
case EFI_IPSEC_EALG_NULL:
|
||||
case IKE_EALG_NULL:
|
||||
EspTail = (EFI_ESP_TAIL *) (PayloadBuffer + EncryptSize - sizeof (EFI_ESP_TAIL));
|
||||
*PaddingSize = EspTail->PaddingLength;
|
||||
*NextHeader = EspTail->NextHeader;
|
||||
*PlainPayloadSize = EncryptSize - EspTail->PaddingLength - sizeof (EFI_ESP_TAIL);
|
||||
break;
|
||||
|
||||
case EFI_IPSEC_EALG_3DESCBC:
|
||||
case EFI_IPSEC_EALG_AESCBC:
|
||||
case IKE_EALG_3DESCBC:
|
||||
case IKE_EALG_AESCBC:
|
||||
//
|
||||
// TODO: support these algorithm
|
||||
//
|
||||
|
@ -269,11 +269,11 @@ IpSecEspEncryptPayload (
|
|||
)
|
||||
{
|
||||
switch (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId) {
|
||||
case EFI_IPSEC_EALG_NULL:
|
||||
case IKE_EALG_NULL:
|
||||
return EFI_SUCCESS;
|
||||
|
||||
case EFI_IPSEC_EALG_3DESCBC:
|
||||
case EFI_IPSEC_EALG_AESCBC:
|
||||
case IKE_EALG_3DESCBC:
|
||||
case IKE_EALG_AESCBC:
|
||||
//
|
||||
// TODO: support these algorithms
|
||||
//
|
||||
|
@ -296,12 +296,12 @@ IpSecEspEncryptPayload (
|
|||
to be trimed on input, and without ESP header
|
||||
on return.
|
||||
@param[out] LastHead The Last Header in IP header on return.
|
||||
@param[in] OptionsBuffer Pointer to the options buffer. It is optional.
|
||||
@param[in] OptionsLength Length of the options buffer. It is optional.
|
||||
@param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
|
||||
@param[in, out] OptionsLength Length of the options buffer. It is optional.
|
||||
@param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec
|
||||
protected on input, and without IPsec protected
|
||||
on return.
|
||||
@param[in] FragmentCount The number of fragments.
|
||||
@param[in, out] FragmentCount The number of fragments.
|
||||
@param[out] SpdEntry Pointer to contain the address of SPD entry on return.
|
||||
@param[out] RecycleEvent The event for recycling of resources.
|
||||
|
||||
|
@ -318,10 +318,10 @@ IpSecEspInboundPacket (
|
|||
IN UINT8 IpVersion,
|
||||
IN OUT VOID *IpHead,
|
||||
OUT UINT8 *LastHead,
|
||||
IN VOID *OptionsBuffer, OPTIONAL
|
||||
IN UINT32 OptionsLength, OPTIONAL
|
||||
IN OUT VOID **OptionsBuffer, OPTIONAL
|
||||
IN OUT UINT32 *OptionsLength, OPTIONAL
|
||||
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
||||
IN UINT32 *FragmentCount,
|
||||
IN OUT UINT32 *FragmentCount,
|
||||
OUT IPSEC_SPD_ENTRY **SpdEntry,
|
||||
OUT EFI_EVENT *RecycleEvent
|
||||
)
|
||||
|
@ -558,13 +558,13 @@ ON_EXIT:
|
|||
@param[in, out] IpHead Points to IP header containing the orginal IP header
|
||||
to be processed on input, and inserted ESP header
|
||||
on return.
|
||||
@param[in] LastHead The Last Header in IP header.
|
||||
@param[in] OptionsBuffer Pointer to the options buffer. It is optional.
|
||||
@param[in] OptionsLength Length of the options buffer. It is optional.
|
||||
@param[in, out] LastHead The Last Header in IP header.
|
||||
@param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
|
||||
@param[in, out] OptionsLength Length of the options buffer. It is optional.
|
||||
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by
|
||||
IPsec on input, and with IPsec protected
|
||||
on return.
|
||||
@param[in] FragmentCount The number of fragments.
|
||||
@param[in, out] FragmentCount The number of fragments.
|
||||
@param[in] SadEntry The related SAD entry.
|
||||
@param[out] RecycleEvent The event for recycling of resources.
|
||||
|
||||
|
@ -576,11 +576,11 @@ EFI_STATUS
|
|||
IpSecEspOutboundPacket (
|
||||
IN UINT8 IpVersion,
|
||||
IN OUT VOID *IpHead,
|
||||
IN UINT8 *LastHead,
|
||||
IN VOID *OptionsBuffer, OPTIONAL
|
||||
IN UINT32 OptionsLength, OPTIONAL
|
||||
IN OUT UINT8 *LastHead,
|
||||
IN OUT VOID **OptionsBuffer, OPTIONAL
|
||||
IN OUT UINT32 *OptionsLength, OPTIONAL
|
||||
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
||||
IN UINT32 *FragmentCount,
|
||||
IN OUT UINT32 *FragmentCount,
|
||||
IN IPSEC_SAD_ENTRY *SadEntry,
|
||||
OUT EFI_EVENT *RecycleEvent
|
||||
)
|
||||
|
@ -825,29 +825,29 @@ ON_EXIT:
|
|||
@param[in, out] IpHead Points to IP header containing the ESP/AH header
|
||||
to be trimed on input, and without ESP/AH header
|
||||
on return.
|
||||
@param[in] LastHead The Last Header in IP header on return.
|
||||
@param[in] OptionsBuffer Pointer to the options buffer. It is optional.
|
||||
@param[in] OptionsLength Length of the options buffer. It is optional.
|
||||
@param[in, out] FragmentTable Pointer to a list of fragments in form of IPsec
|
||||
@param[out] LastHead The Last Header in IP header on return.
|
||||
@param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
|
||||
@param[in, out] OptionsLength Length of the options buffer. It is optional.
|
||||
@param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec
|
||||
protected on input, and without IPsec protected
|
||||
on return.
|
||||
@param[in] FragmentCount The number of fragments.
|
||||
@param[in, out] FragmentCount Number of fragments.
|
||||
@param[out] SpdEntry Pointer to contain the address of SPD entry on return.
|
||||
@param[out] RecycleEvent The event for recycling of resources.
|
||||
@param[out] RecycleEvent Event for recycling of resources.
|
||||
|
||||
@retval EFI_SUCCESS The operation was successful.
|
||||
@retval EFI_UNSUPPORTED The IPSEC protocol is not supported.
|
||||
@retval EFI_SUCCESS The operation is successful.
|
||||
@retval EFI_UNSUPPORTED If the IPSEC protocol is not supported.
|
||||
|
||||
**/
|
||||
EFI_STATUS
|
||||
IpSecProtectInboundPacket (
|
||||
IN UINT8 IpVersion,
|
||||
IN OUT VOID *IpHead,
|
||||
IN UINT8 *LastHead,
|
||||
IN VOID *OptionsBuffer, OPTIONAL
|
||||
IN UINT32 OptionsLength, OPTIONAL
|
||||
OUT UINT8 *LastHead,
|
||||
IN OUT VOID **OptionsBuffer, OPTIONAL
|
||||
IN OUT UINT32 *OptionsLength, OPTIONAL
|
||||
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
||||
IN UINT32 *FragmentCount,
|
||||
IN OUT UINT32 *FragmentCount,
|
||||
OUT IPSEC_SPD_ENTRY **SpdEntry,
|
||||
OUT EFI_EVENT *RecycleEvent
|
||||
)
|
||||
|
@ -875,26 +875,26 @@ IpSecProtectInboundPacket (
|
|||
}
|
||||
|
||||
/**
|
||||
This function processes the output traffic with IPsec.
|
||||
This fucntion processes the output traffic with IPsec.
|
||||
|
||||
It protected the sending packet by encrypting it payload and inserting ESP/AH header
|
||||
in the orginal IP header, then returns the IpHeader and IPsec protected Fragmentable.
|
||||
in the orginal IP header, then return the IpHeader and IPsec protected Fragmentable.
|
||||
|
||||
@param[in] IpVersion The version of IP.
|
||||
@param[in, out] IpHead Points to IP header containing the orginal IP header
|
||||
@param[in, out] IpHead Point to IP header containing the orginal IP header
|
||||
to be processed on input, and inserted ESP/AH header
|
||||
on return.
|
||||
@param[in] LastHead The Last Header in the IP header.
|
||||
@param[in] OptionsBuffer Pointer to the options buffer. It is optional.
|
||||
@param[in] OptionsLength Length of the options buffer. It is optional.
|
||||
@param[in, out] LastHead The Last Header in IP header.
|
||||
@param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
|
||||
@param[in, out] OptionsLength Length of the options buffer. It is optional.
|
||||
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by
|
||||
IPsec on input, and with IPsec protected
|
||||
on return.
|
||||
@param[in] FragmentCount The number of fragments.
|
||||
@param[in] SadEntry The related SAD entry.
|
||||
@param[out] RecycleEvent The event for recycling of resources.
|
||||
@param[in, out] FragmentCount Number of fragments.
|
||||
@param[in] SadEntry Related SAD entry.
|
||||
@param[out] RecycleEvent Event for recycling of resources.
|
||||
|
||||
@retval EFI_SUCCESS The operation was successful.
|
||||
@retval EFI_SUCCESS The operation is successful.
|
||||
@retval EFI_UNSUPPORTED If the IPSEC protocol is not supported.
|
||||
|
||||
**/
|
||||
|
@ -902,11 +902,11 @@ EFI_STATUS
|
|||
IpSecProtectOutboundPacket (
|
||||
IN UINT8 IpVersion,
|
||||
IN OUT VOID *IpHead,
|
||||
IN UINT8 *LastHead,
|
||||
IN VOID *OptionsBuffer, OPTIONAL
|
||||
IN UINT32 OptionsLength, OPTIONAL
|
||||
IN OUT UINT8 *LastHead,
|
||||
IN OUT VOID **OptionsBuffer, OPTIONAL
|
||||
IN OUT UINT32 *OptionsLength, OPTIONAL
|
||||
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
|
||||
IN UINT32 *FragmentCount,
|
||||
IN OUT UINT32 *FragmentCount,
|
||||
IN IPSEC_SAD_ENTRY *SadEntry,
|
||||
OUT EFI_EVENT *RecycleEvent
|
||||
)
|
||||
|
|
Loading…
Reference in New Issue