diff options
| author | xdu2 <xdu2@6f19259b-4bc3-4df7-8a09-765794883524> | 2010-11-01 08:19:28 +0000 |
|---|---|---|
| committer | xdu2 <xdu2@6f19259b-4bc3-4df7-8a09-765794883524> | 2010-11-01 08:19:28 +0000 |
| commit | 68d3f2fb61dba9bbde4caa214a0c5bb3bc6ee7da (patch) | |
| tree | 2f9d4f16b2bed6899213e207f036a78a500158f1 /NetworkPkg/IpSecDxe | |
| parent | 780847d1287b1d70555570a4cdbcfa5da65d53b1 (diff) | |
| download | edk2-platforms-68d3f2fb61dba9bbde4caa214a0c5bb3bc6ee7da.tar.xz | |
1. Update IPsec driver to produce EFI_IPSEC2_PROTOCOL which is defined by UEFI errata that will appear in UEFI 2.3 specification after 2.3 errata B and future UEFI Specifications after 2.3.
2. Update IPv6 driver to consume the EFI_IPSEC2_PROTOCOL.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10991 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'NetworkPkg/IpSecDxe')
| -rw-r--r-- | NetworkPkg/IpSecDxe/IpSecConfigImpl.c | 2 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/IpSecCryptIo.c | 6 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/IpSecCryptIo.h | 17 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/IpSecDriver.c | 4 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/IpSecImpl.c | 20 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/IpSecImpl.h | 77 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/IpSecSaEngine.c | 96 |
7 files changed, 121 insertions, 101 deletions
diff --git a/NetworkPkg/IpSecDxe/IpSecConfigImpl.c b/NetworkPkg/IpSecDxe/IpSecConfigImpl.c index e671e42e27..0b52a49ae5 100644 --- a/NetworkPkg/IpSecDxe/IpSecConfigImpl.c +++ b/NetworkPkg/IpSecDxe/IpSecConfigImpl.c @@ -2365,7 +2365,7 @@ EfiIpSecConfigGetNextSelector ( NET_LIST_FOR_EACH (Link, &mConfigData[DataType]) {
CommonEntry = BASE_CR (Link, IPSEC_COMMON_POLICY_ENTRY, List);
- if (IsFound || mIsZeroSelector[DataType](Selector)) {
+ if (IsFound || (BOOLEAN)(mIsZeroSelector[DataType](Selector))) {
//
// If found the appointed entry, then duplicate the next one and return,
// or if the appointed entry is zero, then return the first one directly.
diff --git a/NetworkPkg/IpSecDxe/IpSecCryptIo.c b/NetworkPkg/IpSecDxe/IpSecCryptIo.c index 7011f98b06..93b69a6682 100644 --- a/NetworkPkg/IpSecDxe/IpSecCryptIo.c +++ b/NetworkPkg/IpSecDxe/IpSecCryptIo.c @@ -18,15 +18,15 @@ // Alogrithm's informations for the Encrypt/Decrpt Alogrithm.
//
ENCRYPT_ALGORITHM mIpsecEncryptAlgorithmList[IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE] = {
- {EFI_IPSEC_EALG_NULL, 0, 0, 1, NULL, NULL, NULL, NULL},
+ {IKE_EALG_NULL, 0, 0, 1, NULL, NULL, NULL, NULL},
{(UINT8)-1, 0, 0, 0, NULL, NULL, NULL, NULL}
};
//
// Alogrithm's informations for the Authentication algorithm
//
AUTH_ALGORITHM mIpsecAuthAlgorithmList[IPSEC_AUTH_ALGORITHM_LIST_SIZE] = {
- {EFI_IPSEC_AALG_NONE, 0, 0, 0, NULL, NULL, NULL, NULL},
- {EFI_IPSEC_AALG_NULL, 0, 0, 0, NULL, NULL, NULL, NULL},
+ {IKE_AALG_NONE, 0, 0, 0, NULL, NULL, NULL, NULL},
+ {IKE_AALG_NULL, 0, 0, 0, NULL, NULL, NULL, NULL},
{(UINT8)-1, 0, 0, 0, NULL, NULL, NULL, NULL}
};
diff --git a/NetworkPkg/IpSecDxe/IpSecCryptIo.h b/NetworkPkg/IpSecDxe/IpSecCryptIo.h index d883a2ef72..ddceb12bb6 100644 --- a/NetworkPkg/IpSecDxe/IpSecCryptIo.h +++ b/NetworkPkg/IpSecDxe/IpSecCryptIo.h @@ -22,6 +22,23 @@ #define IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE 2
#define IPSEC_AUTH_ALGORITHM_LIST_SIZE 3
+///
+/// Authentication Algorithm Definition
+/// The number value definition is aligned to IANA assignment
+///
+#define IKE_AALG_NONE 0x00
+#define IKE_AALG_SHA1HMAC 0x02
+#define IKE_AALG_NULL 0xFB
+
+///
+/// Encryption Algorithm Definition
+/// The number value definition is aligned to IANA assignment
+///
+#define IKE_EALG_NONE 0x00
+#define IKE_EALG_3DESCBC 0x03
+#define IKE_EALG_NULL 0x0B
+#define IKE_EALG_AESCBC 0x0C
+
/**
Prototype of Hash GetContextSize.
diff --git a/NetworkPkg/IpSecDxe/IpSecDriver.c b/NetworkPkg/IpSecDxe/IpSecDriver.c index b38f2a9452..00fb26f761 100644 --- a/NetworkPkg/IpSecDxe/IpSecDriver.c +++ b/NetworkPkg/IpSecDxe/IpSecDriver.c @@ -174,7 +174,7 @@ IpSecDriverEntryPoint ( {
EFI_STATUS Status;
IPSEC_PRIVATE_DATA *Private;
- EFI_IPSEC_PROTOCOL *IpSec;
+ EFI_IPSEC2_PROTOCOL *IpSec;
//
// Check whether ipsec protocol has already been installed.
@@ -218,7 +218,7 @@ IpSecDriverEntryPoint ( Private->Signature = IPSEC_PRIVATE_DATA_SIGNATURE;
Private->ImageHandle = ImageHandle;
- CopyMem (&Private->IpSec, &mIpSecInstance, sizeof (EFI_IPSEC_PROTOCOL));
+ CopyMem (&Private->IpSec, &mIpSecInstance, sizeof (EFI_IPSEC2_PROTOCOL));
//
// Initilize Private's members. Thess members is used for IKE.
diff --git a/NetworkPkg/IpSecDxe/IpSecImpl.c b/NetworkPkg/IpSecDxe/IpSecImpl.c index 15884ae403..b693eb94d1 100644 --- a/NetworkPkg/IpSecDxe/IpSecImpl.c +++ b/NetworkPkg/IpSecDxe/IpSecImpl.c @@ -15,7 +15,7 @@ #include "IpSecConfigImpl.h"
-EFI_IPSEC_PROTOCOL mIpSecInstance = { IpSecProcess, NULL, TRUE };
+EFI_IPSEC2_PROTOCOL mIpSecInstance = { IpSecProcess, NULL, TRUE };
extern LIST_ENTRY mConfigData[IPsecConfigDataTypeMaximum];
@@ -656,11 +656,11 @@ IpSecLookupSpdEntry ( @param[in] NicHandle Instance of the network interface.
@param[in] IpVersion IPV4 or IPV6.
@param[in, out] IpHead Pointer to the IP Header.
- @param[in] LastHead The protocol of the next layer to be processed by IPsec.
- @param[in] OptionsBuffer Pointer to the options buffer.
- @param[in] OptionsLength Length of the options buffer.
+ @param[in, out] LastHead The protocol of the next layer to be processed by IPsec.
+ @param[in, out] OptionsBuffer Pointer to the options buffer.
+ @param[in, out] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments.
- @param[in] FragmentCount Number of fragments.
+ @param[in, out] FragmentCount Number of fragments.
@param[in] TrafficDirection Traffic direction.
@param[out] RecycleSignal Event for recycling of resources.
@@ -672,15 +672,15 @@ IpSecLookupSpdEntry ( EFI_STATUS
EFIAPI
IpSecProcess (
- IN EFI_IPSEC_PROTOCOL *This,
+ IN EFI_IPSEC2_PROTOCOL *This,
IN EFI_HANDLE NicHandle,
IN UINT8 IpVersion,
IN OUT VOID *IpHead,
- IN UINT8 *LastHead,
- IN VOID *OptionsBuffer,
- IN UINT32 OptionsLength,
+ IN OUT UINT8 *LastHead,
+ IN OUT VOID **OptionsBuffer,
+ IN OUT UINT32 *OptionsLength,
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount,
+ IN OUT UINT32 *FragmentCount,
IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection,
OUT EFI_EVENT *RecycleSignal
)
diff --git a/NetworkPkg/IpSecDxe/IpSecImpl.h b/NetworkPkg/IpSecDxe/IpSecImpl.h index 644c658082..84494460c4 100644 --- a/NetworkPkg/IpSecDxe/IpSecImpl.h +++ b/NetworkPkg/IpSecDxe/IpSecImpl.h @@ -88,16 +88,19 @@ struct _IPSEC_SPD_ENTRY { };
typedef struct _IPSEC_SAD_DATA {
- EFI_IPSEC_MODE Mode;
- UINT64 SequenceNumber;
- UINT8 AntiReplayWindowSize;
- UINT64 AntiReplayBitmap[4]; // bitmap for received packet
- EFI_IPSEC_ALGO_INFO AlgoInfo;
- EFI_IPSEC_SA_LIFETIME SaLifetime;
- UINT32 PathMTU;
- IPSEC_SPD_ENTRY *SpdEntry;
- BOOLEAN ESNEnabled; // Extended (64-bit) SN enabled
- BOOLEAN ManualSet;
+ EFI_IPSEC_MODE Mode;
+ UINT64 SequenceNumber;
+ UINT8 AntiReplayWindowSize;
+ UINT64 AntiReplayBitmap[4]; // bitmap for received packet
+ EFI_IPSEC_ALGO_INFO AlgoInfo;
+ EFI_IPSEC_SA_LIFETIME SaLifetime;
+ UINT32 PathMTU;
+ IPSEC_SPD_ENTRY *SpdEntry;
+ EFI_IPSEC_SPD_SELECTOR *SpdSelector;
+ BOOLEAN ESNEnabled; // Extended (64-bit) SN enabled
+ BOOLEAN ManualSet;
+ EFI_IP_ADDRESS TunnelDestAddress;
+ EFI_IP_ADDRESS TunnelSourceAddress;
} IPSEC_SAD_DATA;
typedef struct _IPSEC_SAD_ENTRY {
@@ -122,7 +125,7 @@ struct _IPSEC_PRIVATE_DATA { UINT32 Signature;
EFI_HANDLE Handle; // Virtual handle to install private prtocol
EFI_HANDLE ImageHandle;
- EFI_IPSEC_PROTOCOL IpSec;
+ EFI_IPSEC2_PROTOCOL IpSec;
EFI_IPSEC_CONFIG_PROTOCOL IpSecConfig;
BOOLEAN SetBySelf;
LIST_ENTRY Udp4List;
@@ -146,13 +149,13 @@ struct _IPSEC_PRIVATE_DATA { @param[in, out] IpHead Points to IP header containing the ESP/AH header
to be trimed on input, and without ESP/AH header
on return.
- @param[in] LastHead The Last Header in IP header on return.
- @param[in] OptionsBuffer Pointer to the options buffer. It is optional.
- @param[in] OptionsLength Length of the options buffer. It is optional.
+ @param[out] LastHead The Last Header in IP header on return.
+ @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
+ @param[in, out] OptionsLength Length of the options buffer. It is optional.
@param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec
protected on input, and without IPsec protected
on return.
- @param[in] FragmentCount Number of fragments.
+ @param[in, out] FragmentCount Number of fragments.
@param[out] SpdEntry Pointer to contain the address of SPD entry on return.
@param[out] RecycleEvent Event for recycling of resources.
@@ -164,11 +167,11 @@ EFI_STATUS IpSecProtectInboundPacket (
IN UINT8 IpVersion,
IN OUT VOID *IpHead,
- IN UINT8 *LastHead,
- IN VOID *OptionsBuffer, OPTIONAL
- IN UINT32 OptionsLength, OPTIONAL
+ OUT UINT8 *LastHead,
+ IN OUT VOID **OptionsBuffer, OPTIONAL
+ IN OUT UINT32 *OptionsLength, OPTIONAL
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount,
+ IN OUT UINT32 *FragmentCount,
OUT IPSEC_SPD_ENTRY **SpdEntry,
OUT EFI_EVENT *RecycleEvent
);
@@ -184,13 +187,13 @@ IpSecProtectInboundPacket ( @param[in, out] IpHead Point to IP header containing the orginal IP header
to be processed on input, and inserted ESP/AH header
on return.
- @param[in] LastHead The Last Header in IP header.
- @param[in] OptionsBuffer Pointer to the options buffer. It is optional.
- @param[in] OptionsLength Length of the options buffer. It is optional.
+ @param[in, out] LastHead The Last Header in IP header.
+ @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
+ @param[in, out] OptionsLength Length of the options buffer. It is optional.
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by
IPsec on input, and with IPsec protected
on return.
- @param[in] FragmentCount Number of fragments.
+ @param[in, out] FragmentCount Number of fragments.
@param[in] SadEntry Related SAD entry.
@param[out] RecycleEvent Event for recycling of resources.
@@ -202,11 +205,11 @@ EFI_STATUS IpSecProtectOutboundPacket (
IN UINT8 IpVersion,
IN OUT VOID *IpHead,
- IN UINT8 *LastHead,
- IN VOID *OptionsBuffer, OPTIONAL
- IN UINT32 OptionsLength, OPTIONAL
+ IN OUT UINT8 *LastHead,
+ IN OUT VOID **OptionsBuffer, OPTIONAL
+ IN OUT UINT32 *OptionsLength, OPTIONAL
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount,
+ IN OUT UINT32 *FragmentCount,
IN IPSEC_SAD_ENTRY *SadEntry,
OUT EFI_EVENT *RecycleEvent
);
@@ -274,11 +277,11 @@ IpSecLookupSadBySpi ( @param[in] NicHandle Instance of the network interface.
@param[in] IpVersion IPV4 or IPV6.
@param[in, out] IpHead Pointer to the IP Header.
- @param[in] LastHead The protocol of the next layer to be processed by IPsec.
- @param[in] OptionsBuffer Pointer to the options buffer.
- @param[in] OptionsLength Length of the options buffer.
+ @param[in, out] LastHead The protocol of the next layer to be processed by IPsec.
+ @param[in, out] OptionsBuffer Pointer to the options buffer.
+ @param[in, out] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments.
- @param[in] FragmentCount Number of fragments.
+ @param[in, out] FragmentCount Number of fragments.
@param[in] TrafficDirection Traffic direction.
@param[out] RecycleSignal Event for recycling of resources.
@@ -290,21 +293,21 @@ IpSecLookupSadBySpi ( EFI_STATUS
EFIAPI
IpSecProcess (
- IN EFI_IPSEC_PROTOCOL *This,
+ IN EFI_IPSEC2_PROTOCOL *This,
IN EFI_HANDLE NicHandle,
IN UINT8 IpVersion,
IN OUT VOID *IpHead,
- IN UINT8 *LastHead,
- IN VOID *OptionsBuffer,
- IN UINT32 OptionsLength,
+ IN OUT UINT8 *LastHead,
+ IN OUT VOID **OptionsBuffer,
+ IN OUT UINT32 *OptionsLength,
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount,
+ IN OUT UINT32 *FragmentCount,
IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection,
OUT EFI_EVENT *RecycleSignal
);
extern EFI_DPC_PROTOCOL *mDpc;
-extern EFI_IPSEC_PROTOCOL mIpSecInstance;
+extern EFI_IPSEC2_PROTOCOL mIpSecInstance;
extern EFI_COMPONENT_NAME2_PROTOCOL gIpSecComponentName2;
extern EFI_COMPONENT_NAME_PROTOCOL gIpSecComponentName;
diff --git a/NetworkPkg/IpSecDxe/IpSecSaEngine.c b/NetworkPkg/IpSecDxe/IpSecSaEngine.c index 8abf4d6bf4..b556b246a3 100644 --- a/NetworkPkg/IpSecDxe/IpSecSaEngine.c +++ b/NetworkPkg/IpSecDxe/IpSecSaEngine.c @@ -124,8 +124,8 @@ IpSecAuthPayload ( )
{
switch (AuthAlgId) {
- case EFI_IPSEC_AALG_NONE :
- case EFI_IPSEC_AALG_NULL :
+ case IKE_AALG_NONE :
+ case IKE_AALG_NULL :
return EFI_SUCCESS;
default:
@@ -222,15 +222,15 @@ IpSecEspDecryptPayload ( EFI_ESP_TAIL *EspTail;
switch (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId) {
- case EFI_IPSEC_EALG_NULL:
+ case IKE_EALG_NULL:
EspTail = (EFI_ESP_TAIL *) (PayloadBuffer + EncryptSize - sizeof (EFI_ESP_TAIL));
*PaddingSize = EspTail->PaddingLength;
*NextHeader = EspTail->NextHeader;
*PlainPayloadSize = EncryptSize - EspTail->PaddingLength - sizeof (EFI_ESP_TAIL);
break;
- case EFI_IPSEC_EALG_3DESCBC:
- case EFI_IPSEC_EALG_AESCBC:
+ case IKE_EALG_3DESCBC:
+ case IKE_EALG_AESCBC:
//
// TODO: support these algorithm
//
@@ -269,11 +269,11 @@ IpSecEspEncryptPayload ( )
{
switch (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId) {
- case EFI_IPSEC_EALG_NULL:
+ case IKE_EALG_NULL:
return EFI_SUCCESS;
- case EFI_IPSEC_EALG_3DESCBC:
- case EFI_IPSEC_EALG_AESCBC:
+ case IKE_EALG_3DESCBC:
+ case IKE_EALG_AESCBC:
//
// TODO: support these algorithms
//
@@ -296,12 +296,12 @@ IpSecEspEncryptPayload ( to be trimed on input, and without ESP header
on return.
@param[out] LastHead The Last Header in IP header on return.
- @param[in] OptionsBuffer Pointer to the options buffer. It is optional.
- @param[in] OptionsLength Length of the options buffer. It is optional.
+ @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
+ @param[in, out] OptionsLength Length of the options buffer. It is optional.
@param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec
protected on input, and without IPsec protected
on return.
- @param[in] FragmentCount The number of fragments.
+ @param[in, out] FragmentCount The number of fragments.
@param[out] SpdEntry Pointer to contain the address of SPD entry on return.
@param[out] RecycleEvent The event for recycling of resources.
@@ -318,10 +318,10 @@ IpSecEspInboundPacket ( IN UINT8 IpVersion,
IN OUT VOID *IpHead,
OUT UINT8 *LastHead,
- IN VOID *OptionsBuffer, OPTIONAL
- IN UINT32 OptionsLength, OPTIONAL
+ IN OUT VOID **OptionsBuffer, OPTIONAL
+ IN OUT UINT32 *OptionsLength, OPTIONAL
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount,
+ IN OUT UINT32 *FragmentCount,
OUT IPSEC_SPD_ENTRY **SpdEntry,
OUT EFI_EVENT *RecycleEvent
)
@@ -558,13 +558,13 @@ ON_EXIT: @param[in, out] IpHead Points to IP header containing the orginal IP header
to be processed on input, and inserted ESP header
on return.
- @param[in] LastHead The Last Header in IP header.
- @param[in] OptionsBuffer Pointer to the options buffer. It is optional.
- @param[in] OptionsLength Length of the options buffer. It is optional.
+ @param[in, out] LastHead The Last Header in IP header.
+ @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
+ @param[in, out] OptionsLength Length of the options buffer. It is optional.
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by
IPsec on input, and with IPsec protected
on return.
- @param[in] FragmentCount The number of fragments.
+ @param[in, out] FragmentCount The number of fragments.
@param[in] SadEntry The related SAD entry.
@param[out] RecycleEvent The event for recycling of resources.
@@ -576,11 +576,11 @@ EFI_STATUS IpSecEspOutboundPacket (
IN UINT8 IpVersion,
IN OUT VOID *IpHead,
- IN UINT8 *LastHead,
- IN VOID *OptionsBuffer, OPTIONAL
- IN UINT32 OptionsLength, OPTIONAL
+ IN OUT UINT8 *LastHead,
+ IN OUT VOID **OptionsBuffer, OPTIONAL
+ IN OUT UINT32 *OptionsLength, OPTIONAL
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount,
+ IN OUT UINT32 *FragmentCount,
IN IPSEC_SAD_ENTRY *SadEntry,
OUT EFI_EVENT *RecycleEvent
)
@@ -825,29 +825,29 @@ ON_EXIT: @param[in, out] IpHead Points to IP header containing the ESP/AH header
to be trimed on input, and without ESP/AH header
on return.
- @param[in] LastHead The Last Header in IP header on return.
- @param[in] OptionsBuffer Pointer to the options buffer. It is optional.
- @param[in] OptionsLength Length of the options buffer. It is optional.
- @param[in, out] FragmentTable Pointer to a list of fragments in form of IPsec
+ @param[out] LastHead The Last Header in IP header on return.
+ @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
+ @param[in, out] OptionsLength Length of the options buffer. It is optional.
+ @param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec
protected on input, and without IPsec protected
on return.
- @param[in] FragmentCount The number of fragments.
+ @param[in, out] FragmentCount Number of fragments.
@param[out] SpdEntry Pointer to contain the address of SPD entry on return.
- @param[out] RecycleEvent The event for recycling of resources.
+ @param[out] RecycleEvent Event for recycling of resources.
- @retval EFI_SUCCESS The operation was successful.
- @retval EFI_UNSUPPORTED The IPSEC protocol is not supported.
+ @retval EFI_SUCCESS The operation is successful.
+ @retval EFI_UNSUPPORTED If the IPSEC protocol is not supported.
**/
EFI_STATUS
IpSecProtectInboundPacket (
IN UINT8 IpVersion,
IN OUT VOID *IpHead,
- IN UINT8 *LastHead,
- IN VOID *OptionsBuffer, OPTIONAL
- IN UINT32 OptionsLength, OPTIONAL
+ OUT UINT8 *LastHead,
+ IN OUT VOID **OptionsBuffer, OPTIONAL
+ IN OUT UINT32 *OptionsLength, OPTIONAL
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount,
+ IN OUT UINT32 *FragmentCount,
OUT IPSEC_SPD_ENTRY **SpdEntry,
OUT EFI_EVENT *RecycleEvent
)
@@ -875,26 +875,26 @@ IpSecProtectInboundPacket ( }
/**
- This function processes the output traffic with IPsec.
+ This fucntion processes the output traffic with IPsec.
It protected the sending packet by encrypting it payload and inserting ESP/AH header
- in the orginal IP header, then returns the IpHeader and IPsec protected Fragmentable.
+ in the orginal IP header, then return the IpHeader and IPsec protected Fragmentable.
@param[in] IpVersion The version of IP.
- @param[in, out] IpHead Points to IP header containing the orginal IP header
+ @param[in, out] IpHead Point to IP header containing the orginal IP header
to be processed on input, and inserted ESP/AH header
on return.
- @param[in] LastHead The Last Header in the IP header.
- @param[in] OptionsBuffer Pointer to the options buffer. It is optional.
- @param[in] OptionsLength Length of the options buffer. It is optional.
+ @param[in, out] LastHead The Last Header in IP header.
+ @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
+ @param[in, out] OptionsLength Length of the options buffer. It is optional.
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by
IPsec on input, and with IPsec protected
on return.
- @param[in] FragmentCount The number of fragments.
- @param[in] SadEntry The related SAD entry.
- @param[out] RecycleEvent The event for recycling of resources.
+ @param[in, out] FragmentCount Number of fragments.
+ @param[in] SadEntry Related SAD entry.
+ @param[out] RecycleEvent Event for recycling of resources.
- @retval EFI_SUCCESS The operation was successful.
+ @retval EFI_SUCCESS The operation is successful.
@retval EFI_UNSUPPORTED If the IPSEC protocol is not supported.
**/
@@ -902,11 +902,11 @@ EFI_STATUS IpSecProtectOutboundPacket (
IN UINT8 IpVersion,
IN OUT VOID *IpHead,
- IN UINT8 *LastHead,
- IN VOID *OptionsBuffer, OPTIONAL
- IN UINT32 OptionsLength, OPTIONAL
+ IN OUT UINT8 *LastHead,
+ IN OUT VOID **OptionsBuffer, OPTIONAL
+ IN OUT UINT32 *OptionsLength, OPTIONAL
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount,
+ IN OUT UINT32 *FragmentCount,
IN IPSEC_SAD_ENTRY *SadEntry,
OUT EFI_EVENT *RecycleEvent
)
|