Commit Graph

4 Commits

Author SHA1 Message Date
Laszlo Ersek bb33c27fbe NetworkPkg: introduce the NETWORK_ISCSI_MD5_ENABLE feature test macro
Introduce the NETWORK_ISCSI_MD5_ENABLE feature test macro for NetworkPkg.
When explicitly set to FALSE, remove MD5 from IScsiDxe's CHAP algorithm
list.

Set NETWORK_ISCSI_MD5_ENABLE to TRUE by default, for compatibility
reasons. Not just to minimize the disruption for platforms that currently
include IScsiDxe, but also because RFC 7143 mandates MD5 for CHAP, and
some vendors' iSCSI targets support MD5 only.

With MD5 enabled, IScsiDxe will suggest SHA256, and then fall back to MD5
if the target requests it. With MD5 disabled, IScsiDxe will suggest
SHA256, and break off the connection (and session) if the target doesn't
support SHA256.

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3355
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210629163337.14120-7-lersek@redhat.com>
2021-06-30 19:20:41 +00:00
Abner Chang 126115a9fb NetworkPkg: Add NETWORK_HTTP_ENABLE macro
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2917

Add NETWORK_HTTP_ENABLE macro and separate HttpDxe
and HttpUtilitiesDxe drivers from
HTTP_NETWORK_HTTP_BOOT_ENABLE macro.

Current NETWORK_HTTP_BOOT_ENABLE macro is defined to enable HTTP
boot feature in POST, this macro is not only enabling HTTP Boot
related modules but also enabling other generic HTTP modules
such as HttpDxe, HttpUtilitiesDxe and DnsDxe.
These HTTP base drivers would not be only used by HTTP boot
when we introduce the use case of Redfish implementation over
HTTP to edk2.
We should have a dedicate macro to enable generic HTTP functions
on Network stack and additionally provide NETWORK_HTTP_BOOT_ENABLE
for HTTP boot functionality for the use case that platform doesn't
require HTTP boot.

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Nickle Wang <nickle.wang@hpe.com>
Cc: Peter O'Hanley <peter.ohanley@hpe.com>
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2020-12-03 17:08:11 +00:00
Gao, Zhichao 4ecb1ba5ef NetworkPkg/Defines: Make iSCSI disable as default
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003

iSCSI is using the deprecated function MD5. It is
better to make the default setting secure. If the platforms
want to use the iSCSI, they should enable it in the platforms'
dsc file and be aware they are using an function with weak
cryptography.

Enable iSCSI in NetworkPkg.dsc for build.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Zailiang Sun <zailiang.sun@intel.com>
Cc: Yi Qian <yi.qian@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Message-Id: <20201112055558.2348-13-zhichao.gao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
2020-11-17 19:26:50 +00:00
Liming Gao 1e948802e7 NetworkPkg: Add DSC/FDF include segment files to NetworkPkg.
This patch provides a set of include segment files for platform owner to
easily enable/disable network stack support on their platform.

For DSC, there are:
- a "NetworkDefines.dsc.inc" for the [Defines] section(s),
- a "NetworkLibs.dsc.inc" for the [LibraryClasses*] section(s),
- a "NetworkPcds.dsc.inc" for the [Pcds*] section(s),
- a "NetworkComponents.dsc.inc" for the [Components*] section(s).
For FDF, there is:
- a "Network.fdf.inc" for the [Fv*] section(s).

These files can be added to the platform DSC/FDF file by using
  !include NetworkPkg/xxx
where "xxx" is the *.inc file name.

A platform DSC file can diverge from the defaults in
"NetworkDefines.dsc.inc" by setting the individual DEFINEs before
including "NetworkDefines.dsc.inc".
And, build command line ("-D FLAG=VALUE") can be used to enable or
disable related feature set, please check "NetworkDefines.dsc.inc"
for a detail description of each flag.

The default value of these flags are:
  DEFINE NETWORK_ENABLE                 = TRUE
  DEFINE NETWORK_SNP_ENABLE             = TRUE
  DEFINE NETWORK_IP4_ENABLE             = TRUE
  DEFINE NETWORK_IP6_ENABLE             = TRUE
  DEFINE NETWORK_TLS_ENABLE             = TRUE
  DEFINE NETWORK_HTTP_BOOT_ENABLE       = TRUE
  DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
  DEFINE NETWORK_ISCSI_ENABLE           = TRUE
  DEFINE NETWORK_VLAN_ENABLE            = TRUE

Related BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1293

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
2019-05-08 16:10:39 +08:00