mirror of https://github.com/acidanthera/audk.git
4991eeffcd
The current implementation doesn't handle the relationship between SPD and SAD well, which may introduce some security and connection issue after SPD updated. For SPD SetData policy: A) When delete the existed SPD entry, its related SAs also should be removed from its Sas list(SadEntry->BySpd). If the SA entry is established by IKE, we can remove it from global SAD list(SadEntry->List) and then free it directly since its SpdEntry will be freed later. B) SPD SetData operation should do some setting date validity-check. For example, whether the SaId specified by setting Data is valid. If the setting date is invalid, EFI_INVALID_PARAMETER should be returned. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19652 6f19259b-4bc3-4df7-8a09-765794883524 |
||
|---|---|---|
| .. | ||
| Ikev2 | ||
| ComponentName.c | ||
| IetfConstants.c | ||
| Ike.h | ||
| IkeCommon.c | ||
| IkeCommon.h | ||
| IkePacket.c | ||
| IkePacket.h | ||
| IkeService.c | ||
| IkeService.h | ||
| IpSecConfigImpl.c | ||
| IpSecConfigImpl.h | ||
| IpSecCryptIo.c | ||
| IpSecCryptIo.h | ||
| IpSecDebug.c | ||
| IpSecDebug.h | ||
| IpSecDriver.c | ||
| IpSecDxe.inf | ||
| IpSecDxe.uni | ||
| IpSecDxeExtra.uni | ||
| IpSecImpl.c | ||
| IpSecImpl.h | ||
| IpSecMain.c | ||