The current implementation doesn't handle the relationship between
SPD and SAD well, which may introduce some security and connection
issue after SPD updated.
For SPD SetData policy:
A) When delete the existed SPD entry, its related SAs also should be
removed from its Sas list(SadEntry->BySpd). If the SA entry is
established by IKE, we can remove it from global SAD list(SadEntry->List)
and then free it directly since its SpdEntry will be freed later.
B) SPD SetData operation should do some setting date validity-check.
For example, whether the SaId specified by setting Data is valid. If
the setting date is invalid, EFI_INVALID_PARAMETER should be returned.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19652 6f19259b-4bc3-4df7-8a09-765794883524
This patch is used to fix connection failure issue after correct the SPD
and re-enable IPsec. The driver should not update the SadEntry's SpdSelector
when doing SpdEntry modification. SadEntry's SpdSelector may not equal to
this edited SpdEntry’s Selector.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18484 6f19259b-4bc3-4df7-8a09-765794883524
Fix a bug that the TrafficDirection field is not saved in IPsecConfig.SetData.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18483 6f19259b-4bc3-4df7-8a09-765794883524
v2:
* Update the copyright year and conditional judgment for removing.
When edit one SPEntry in SPD database, the corresponding SA entry will
be updated to the sas list of the new SPD entry. But before that, all
of them should be removed from the original sas list. If not, the list
will be broken into infinite loop.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18352 6f19259b-4bc3-4df7-8a09-765794883524
Jiaxin Wu
Fu Siyuan
sfu5
qianouyang
xdu2
hhtian