tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

1.Update IPsec driver to set the Transform structure’s Next Payload field to be zero when it is the last transform structure in a proposal. The same as Proposal Structure’s Next Payload filed, it also should be zero when it is the last proposal in the SA. 

2.Delete all SAs in the IPsec->Stop().

Signed-off-by: qianouyang
Reviewed-by: sfu5

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12768 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
qianouyang 2011-11-23 10:31:04 +00:00
parent eb5e7d3e7a
commit 6cf9230ff2
6 changed files with 414 additions and 409 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
NetworkPkg/IpSecDxe/IkeService.c
View File

@ -692,12 +692,14 @@ ON_EXIT:
IkeDeleteChildSa() to delete all Child SAs then send out the related IkeDeleteChildSa() to delete all Child SAs then send out the related
Information packet. Information packet.
@param[in] Private Pointer of the IPSEC_PRIVATE_DATA @param[in] Private Pointer of the IPSEC_PRIVATE_DATA
@param[in] IsDisableIPsec Indicate whether needs to disable IPsec.
**/ **/
VOID VOID
IkeDeleteAllSas ( IkeDeleteAllSas (
IN IPSEC_PRIVATE_DATA *Private IN IPSEC_PRIVATE_DATA *Private,
IN BOOLEAN IsDisableIpsec
) )
{ {
LIST_ENTRY *Entry; LIST_ENTRY *Entry;
@ -729,7 +731,7 @@ IkeDeleteAllSas (
// If there is no existing established IKE SA, set the Ipsec DisableFlag to TRUE // If there is no existing established IKE SA, set the Ipsec DisableFlag to TRUE
// and turn off the IsIPsecDisabling flag. // and turn off the IsIPsecDisabling flag.
// //
if (IsListEmpty (&Private->Ikev2EstablishedList)) { if (IsListEmpty (&Private->Ikev2EstablishedList) && IsDisableIpsec) {
Value = IPSEC_STATUS_DISABLED; Value = IPSEC_STATUS_DISABLED;
Status = gRT->SetVariable ( Status = gRT->SetVariable (
IPSECCONFIG_STATUS_NAME, IPSECCONFIG_STATUS_NAME,

6
NetworkPkg/IpSecDxe/IkeService.h
View File

@ -240,12 +240,14 @@ IkeLookupUdp (
IkeDeleteChildSa() to delete all Child SAs then send out the related IkeDeleteChildSa() to delete all Child SAs then send out the related
Information packet. Information packet.
@param[in] Private Pointer of the IPSEC_PRIVATE_DATA. @param[in] Private Pointer of the IPSEC_PRIVATE_DATA.
@param[in] IsDisableIPsec Indicate whether needs to disable IPsec.
**/ **/
VOID VOID
IkeDeleteAllSas ( IkeDeleteAllSas (
IN IPSEC_PRIVATE_DATA *Private IN IPSEC_PRIVATE_DATA *Private,
IN BOOLEAN IsDisableIpsec
); );

23
NetworkPkg/IpSecDxe/Ikev2/Exchange.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
The general interfaces of the IKEv2. The general interfaces of the IKEv2.
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR> Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
@ -318,11 +318,6 @@ Ikev2NegotiateInfo (
// //
if (Ikev2SaSession->SessionCommon.State == IkeStateSaDeleting && Context == NULL) { if (Ikev2SaSession->SessionCommon.State == IkeStateSaDeleting && Context == NULL) {
//
// The IKE SA Session should be initiator if it triggers the deleting.
//
Ikev2SaSession->SessionCommon.IsInitiator = TRUE;
// //
// Generate Information Packet which contains the Delete Payload. // Generate Information Packet which contains the Delete Payload.
// //
@ -335,10 +330,12 @@ Ikev2NegotiateInfo (
// //
// Send out the Packet // Send out the Packet
// //
Status = Ikev2SendIkePacket (UdpService, (UINT8 *) SaCommon, IkePacket, 0); if (UdpService != NULL) {
Status = Ikev2SendIkePacket (UdpService, (UINT8 *) SaCommon, IkePacket, 0);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
goto ON_ERROR; goto ON_ERROR;
}
} }
} else if (!IsListEmpty (&Ikev2SaSession->DeleteSaList)) { } else if (!IsListEmpty (&Ikev2SaSession->DeleteSaList)) {
// //
@ -360,10 +357,12 @@ Ikev2NegotiateInfo (
// //
// Send out the Packet // Send out the Packet
// //
Status = Ikev2SendIkePacket (UdpService, (UINT8 *) &ChildSaSession->SessionCommon, IkePacket, 0); if (UdpService != NULL) {
Status = Ikev2SendIkePacket (UdpService, (UINT8 *) &ChildSaSession->SessionCommon, IkePacket, 0);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
goto ON_ERROR; goto ON_ERROR;
}
} }
} }
} else if (Context == NULL) { } else if (Context == NULL) {

21
NetworkPkg/IpSecDxe/Ikev2/Payload.c
View File

@ -1605,9 +1605,7 @@ Ikev2EncodeSa (
UINTN TransformIndex; UINTN TransformIndex;
IKE_SA_ATTRIBUTE *SaAttribute; IKE_SA_ATTRIBUTE *SaAttribute;
IKEV2_PROPOSAL *Proposal; IKEV2_PROPOSAL *Proposal;
IKEV2_PROPOSAL *LastProposal;
IKEV2_TRANSFORM *Transform; IKEV2_TRANSFORM *Transform;
IKEV2_TRANSFORM *LastTransform;
// //
// Transform IKE_SA_DATA structure to IKE_SA Payload. // Transform IKE_SA_DATA structure to IKE_SA Payload.
@ -1635,7 +1633,6 @@ Ikev2EncodeSa (
CopyMem (Sa, SaData, sizeof (IKEV2_SA)); CopyMem (Sa, SaData, sizeof (IKEV2_SA));
Sa->Header.PayloadLength = (UINT16) sizeof (IKEV2_SA); Sa->Header.PayloadLength = (UINT16) sizeof (IKEV2_SA);
ProposalsSize = 0; ProposalsSize = 0;
LastProposal = NULL;
Proposal = (IKEV2_PROPOSAL *) (Sa + 1); Proposal = (IKEV2_PROPOSAL *) (Sa + 1);
// //
@ -1655,7 +1652,6 @@ Ikev2EncodeSa (
} }
TransformsSize = 0; TransformsSize = 0;
LastTransform = NULL;
Transform = (IKEV2_TRANSFORM *) ((UINT8 *) (Proposal + 1) + Proposal->SpiSize); Transform = (IKEV2_TRANSFORM *) ((UINT8 *) (Proposal + 1) + Proposal->SpiSize);
// //
@ -1694,8 +1690,8 @@ Ikev2EncodeSa (
Transform->Header.NextPayload = IKE_TRANSFORM_NEXT_PAYLOAD_MORE; Transform->Header.NextPayload = IKE_TRANSFORM_NEXT_PAYLOAD_MORE;
Transform->Header.PayloadLength = HTONS ((UINT16)TransformSize); Transform->Header.PayloadLength = HTONS ((UINT16)TransformSize);
if (TransformIndex == ProposalData->NumTransforms) { if (TransformIndex == (UINTN)(ProposalData->NumTransforms - 1)) {
LastTransform->Header.NextPayload = IKE_TRANSFORM_NEXT_PAYLOAD_NONE; Transform->Header.NextPayload = IKE_TRANSFORM_NEXT_PAYLOAD_NONE;
} }
Transform = (IKEV2_TRANSFORM *)((UINT8 *) Transform + TransformSize); Transform = (IKEV2_TRANSFORM *)((UINT8 *) Transform + TransformSize);
@ -1709,8 +1705,8 @@ Ikev2EncodeSa (
Proposal->Header.NextPayload = IKE_PROPOSAL_NEXT_PAYLOAD_MORE; Proposal->Header.NextPayload = IKE_PROPOSAL_NEXT_PAYLOAD_MORE;
Proposal->Header.PayloadLength = HTONS ((UINT16)ProposalSize); Proposal->Header.PayloadLength = HTONS ((UINT16)ProposalSize);
if (ProposalIndex == SaData->NumProposals) { if (ProposalIndex == (UINTN)(SaData->NumProposals - 1)) {
LastProposal->Header.NextPayload = IKE_PROPOSAL_NEXT_PAYLOAD_NONE; Proposal->Header.NextPayload = IKE_PROPOSAL_NEXT_PAYLOAD_NONE;
} }
// //
@ -1804,11 +1800,14 @@ Ikev2DecodeSa (
} }
// //
// Check the proposal number. The Proposal Payload type is 2. Nonce Paylod is 0. // Check the proposal number.
// SUM(ProposalNextPayload) = Proposal Num * 2 + Noce Payload Type (0). // The proposal Substructure, the NextPayLoad field indicates : 0 (last) or 2 (more)
// which Specifies whether this is the last Proposal Substructure in the SA.
// Here suming all Proposal NextPayLoad field to check the proposal number is correct
// or not.
// //
if (TotalProposals == 0 || if (TotalProposals == 0 ||
(TotalProposals - 1) * IKE_PROPOSAL_NEXT_PAYLOAD_MORE + IKE_PROPOSAL_NEXT_PAYLOAD_NONE != ProposalNextPayloadSum (TotalProposals - 1) * IKE_PROPOSAL_NEXT_PAYLOAD_MORE != ProposalNextPayloadSum
) { ) {
Status = EFI_INVALID_PARAMETER; Status = EFI_INVALID_PARAMETER;
goto Exit; goto Exit;

8
NetworkPkg/IpSecDxe/IpSecDriver.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
Driver Binding Protocol for IPsec Driver. Driver Binding Protocol for IPsec Driver.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
@ -189,6 +189,10 @@ IpSecDriverBindingStop (
Private = IPSEC_PRIVATE_DATA_FROM_IPSEC (IpSec); Private = IPSEC_PRIVATE_DATA_FROM_IPSEC (IpSec);
//
// Delete all SAs before stop Ipsec.
//
IkeDeleteAllSas (Private, FALSE);
// //
// If has udp4 io opened on the controller, close and free it. // If has udp4 io opened on the controller, close and free it.
// //
@ -271,7 +275,7 @@ IpSecCleanupAllSa (
IPSEC_PRIVATE_DATA *Private; IPSEC_PRIVATE_DATA *Private;
Private = (IPSEC_PRIVATE_DATA *) Context; Private = (IPSEC_PRIVATE_DATA *) Context;
Private->IsIPsecDisabling = TRUE; Private->IsIPsecDisabling = TRUE;
IkeDeleteAllSas (Private); IkeDeleteAllSas (Private, TRUE);
} }
/** /**

1
NetworkPkg/IpSecDxe/IpSecImpl.c
View File

@ -478,7 +478,6 @@ IpSecLookupSadEntry (
Entry = IpSecLookupSadBySpd (&SpdEntry->Data->Sas, &DestIp, IpVersion); Entry = IpSecLookupSadBySpd (&SpdEntry->Data->Sas, &DestIp, IpVersion);
if (Entry == NULL) { if (Entry == NULL) {
if (OldLastHead != IP6_ICMP || if (OldLastHead != IP6_ICMP ||
(OldLastHead == IP6_ICMP && *IpPayload == ICMP_V6_ECHO_REQUEST) (OldLastHead == IP6_ICMP && *IpPayload == ICMP_V6_ECHO_REQUEST)
) { ) {