diff options
| author | Guo Mang <mang.guo@intel.com> | 2018-04-25 17:23:25 +0800 |
|---|---|---|
| committer | Guo Mang <mang.guo@intel.com> | 2018-04-25 17:23:25 +0800 |
| commit | d33896d88d9d32d516129e92e25b80f8fddc6f7b (patch) | |
| tree | 8b38b8c52d2305d88d5c484959bbc5fbf3193b34 /Core/NetworkPkg/IpSecDxe/IpSecMain.c | |
| parent | d937b4f03f776eeec0be8860e99e7f4c487125e8 (diff) | |
| download | edk2-platforms-d33896d88d9d32d516129e92e25b80f8fddc6f7b.tar.xz | |
Remove Core Package
Remove Core Package since we will use EDK2 code from edk2 repository: https://github.com/tianocore/edk2
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Guo Mang <mang.guo@intel.com>
Diffstat (limited to 'Core/NetworkPkg/IpSecDxe/IpSecMain.c')
| -rw-r--r-- | Core/NetworkPkg/IpSecDxe/IpSecMain.c | 242 |
1 files changed, 0 insertions, 242 deletions
diff --git a/Core/NetworkPkg/IpSecDxe/IpSecMain.c b/Core/NetworkPkg/IpSecDxe/IpSecMain.c deleted file mode 100644 index a2fefa70d7..0000000000 --- a/Core/NetworkPkg/IpSecDxe/IpSecMain.c +++ /dev/null @@ -1,242 +0,0 @@ -/** @file
- The mian interface of IPsec Protocol.
-
- Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
-
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php.
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "IpSecConfigImpl.h"
-#include "IpSecImpl.h"
-
-EFI_IPSEC2_PROTOCOL mIpSecInstance = { IpSecProcess, NULL, TRUE };
-
-/**
- Handles IPsec packet processing for inbound and outbound IP packets.
-
- The EFI_IPSEC_PROCESS process routine handles each inbound or outbound packet.
- The behavior is that it can perform one of the following actions:
- bypass the packet, discard the packet, or protect the packet.
-
- @param[in] This Pointer to the EFI_IPSEC2_PROTOCOL instance.
- @param[in] NicHandle Instance of the network interface.
- @param[in] IpVersion IPV4 or IPV6.
- @param[in, out] IpHead Pointer to the IP Header.
- @param[in, out] LastHead The protocol of the next layer to be processed by IPsec.
- @param[in, out] OptionsBuffer Pointer to the options buffer.
- @param[in, out] OptionsLength Length of the options buffer.
- @param[in, out] FragmentTable Pointer to a list of fragments.
- @param[in, out] FragmentCount Number of fragments.
- @param[in] TrafficDirection Traffic direction.
- @param[out] RecycleSignal Event for recycling of resources.
-
- @retval EFI_SUCCESS The packet was bypassed and all buffers remain the same.
- @retval EFI_SUCCESS The packet was protected.
- @retval EFI_ACCESS_DENIED The packet was discarded.
-
-**/
-EFI_STATUS
-EFIAPI
-IpSecProcess (
- IN EFI_IPSEC2_PROTOCOL *This,
- IN EFI_HANDLE NicHandle,
- IN UINT8 IpVersion,
- IN OUT VOID *IpHead,
- IN OUT UINT8 *LastHead,
- IN OUT VOID **OptionsBuffer,
- IN OUT UINT32 *OptionsLength,
- IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
- IN OUT UINT32 *FragmentCount,
- IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection,
- OUT EFI_EVENT *RecycleSignal
- )
-{
- IPSEC_PRIVATE_DATA *Private;
- IPSEC_SPD_ENTRY *SpdEntry;
- EFI_IPSEC_SPD_SELECTOR *SpdSelector;
- IPSEC_SAD_ENTRY *SadEntry;
- LIST_ENTRY *SpdList;
- LIST_ENTRY *Entry;
- EFI_IPSEC_ACTION Action;
- EFI_STATUS Status;
- UINT8 *IpPayload;
- UINT8 OldLastHead;
- BOOLEAN IsOutbound;
-
- if (OptionsBuffer == NULL ||
- OptionsLength == NULL ||
- FragmentTable == NULL ||
- FragmentCount == NULL
- ) {
- return EFI_INVALID_PARAMETER;
- }
- Private = IPSEC_PRIVATE_DATA_FROM_IPSEC (This);
- IpPayload = (*FragmentTable)[0].FragmentBuffer;
- IsOutbound = (BOOLEAN) ((TrafficDirection == EfiIPsecOutBound) ? TRUE : FALSE);
- OldLastHead = *LastHead;
- *RecycleSignal = NULL;
- SpdList = &mConfigData[IPsecConfigDataTypeSpd];
-
- if (!IsOutbound) {
- //
- // For inbound traffic, process the ipsec header of the packet.
- //
- Status = IpSecProtectInboundPacket (
- IpVersion,
- IpHead,
- LastHead,
- OptionsBuffer,
- OptionsLength,
- FragmentTable,
- FragmentCount,
- &SpdSelector,
- RecycleSignal
- );
-
- if (Status == EFI_ACCESS_DENIED || Status == EFI_OUT_OF_RESOURCES) {
- //
- // The packet is denied to access.
- //
- goto ON_EXIT;
- }
-
- if (Status == EFI_SUCCESS) {
-
- //
- // Check the spd entry if the packet is accessible.
- //
- if (SpdSelector == NULL) {
- Status = EFI_ACCESS_DENIED;
- goto ON_EXIT;
- }
-
- Status = EFI_ACCESS_DENIED;
- NET_LIST_FOR_EACH (Entry, SpdList) {
- SpdEntry = IPSEC_SPD_ENTRY_FROM_LIST (Entry);
- if (IsSubSpdSelector (
- (EFI_IPSEC_CONFIG_SELECTOR *) SpdSelector,
- (EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector
- )) {
- Status = EFI_SUCCESS;
- }
- }
- goto ON_EXIT;
- }
- }
-
- Status = EFI_ACCESS_DENIED;
-
- NET_LIST_FOR_EACH (Entry, SpdList) {
- //
- // For outbound and non-ipsec Inbound traffic: check the spd entry.
- //
- SpdEntry = IPSEC_SPD_ENTRY_FROM_LIST (Entry);
-
- if (EFI_ERROR (IpSecLookupSpdEntry (
- SpdEntry,
- IpVersion,
- IpHead,
- IpPayload,
- OldLastHead,
- IsOutbound,
- &Action
- ))) {
- //
- // If the related SPD not find
- //
- continue;
- }
-
- switch (Action) {
-
- case EfiIPsecActionProtect:
-
- if (IsOutbound) {
- //
- // For outbound traffic, lookup the sad entry.
- //
- Status = IpSecLookupSadEntry (
- Private,
- NicHandle,
- IpVersion,
- IpHead,
- IpPayload,
- OldLastHead,
- SpdEntry,
- &SadEntry
- );
-
- if (SadEntry != NULL) {
- //
- // Process the packet by the found sad entry.
- //
- Status = IpSecProtectOutboundPacket (
- IpVersion,
- IpHead,
- LastHead,
- OptionsBuffer,
- OptionsLength,
- FragmentTable,
- FragmentCount,
- SadEntry,
- RecycleSignal
- );
-
- } else if (OldLastHead == IP6_ICMP && *IpPayload != ICMP_V6_ECHO_REQUEST) {
- //
- // TODO: if no need return not ready to upper layer, change here.
- //
- Status = EFI_SUCCESS;
- }
- } else if (OldLastHead == IP6_ICMP && *IpPayload != ICMP_V6_ECHO_REQUEST) {
- //
- // For inbound icmpv6 traffic except ping request, accept the packet
- // although no sad entry associated with protect spd entry.
- //
- Status = IpSecLookupSadEntry (
- Private,
- NicHandle,
- IpVersion,
- IpHead,
- IpPayload,
- OldLastHead,
- SpdEntry,
- &SadEntry
- );
- if (SadEntry == NULL) {
- Status = EFI_SUCCESS;
- }
- }
-
- goto ON_EXIT;
-
- case EfiIPsecActionBypass:
- Status = EFI_SUCCESS;
- goto ON_EXIT;
-
- case EfiIPsecActionDiscard:
- goto ON_EXIT;
- }
- }
-
- //
- // If don't find the related SPD entry, return the EFI_ACCESS_DENIED and discard it.
- // But it the packet is NS/NA, it should be by passed even not find the related SPD entry.
- //
- if (OldLastHead == IP6_ICMP &&
- (*IpPayload == ICMP_V6_NEIGHBOR_SOLICIT || *IpPayload == ICMP_V6_NEIGHBOR_ADVERTISE)
- ){
- Status = EFI_SUCCESS;
- }
-
-ON_EXIT:
- return Status;
-}
-
|