1 files changed, 38 insertions, 0 deletions

diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.h b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.h
index cd1367b012..ceffece8fb 100644
--- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.h
+++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.h
@@ -16,6 +16,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 

 #define IP4_MIN_HEADLEN        20

 #define IP4_MAX_HEADLEN        60

+///

+/// 8(ESP header) + 16(max IV) + 16(max padding) + 2(ESP tail) + 12(max ICV) = 54 

+///

+#define IP4_MAX_IPSEC_HEADLEN  54

 

 #define IP4_ASSEMLE_HASH_SIZE  31

 #define IP4_FRAGMENT_LIFE      120

@@ -203,4 +207,38 @@ Ip4PacketTimerTicking (
   IN IP4_SERVICE            *IpSb

   );

 

+/**

+  The work function to locate IPsec protocol to process the inbound or 

+  outbound IP packets. The process routine handls the packet with following

+  actions: bypass the packet, discard the packet, or protect the packet.       

+

+  @param[in]       IpSb          The IP4 service instance

+  @param[in]       Head          The The caller supplied IP4 header.

+  @param[in, out]  Netbuf        The IP4 packet to be processed by IPsec

+  @param[in]       Options       The caller supplied options

+  @param[in]       OptionsLen    The length of the option

+  @param[in]       Direction     The directionality in an SPD entry, 

+                                 EfiIPsecInBound or EfiIPsecOutBound

+  @param[in]       Context       The token's wrap

+

+  @retval EFI_SUCCESS            The IPsec protocol is not available or disabled.

+  @retval EFI_SUCCESS            The packet was bypassed and all buffers remain the same.

+  @retval EFI_SUCCESS            The packet was protected.

+  @retval EFI_ACCESS_DENIED      The packet was discarded.  

+  @retval EFI_OUT_OF_RESOURCES   There is no suffcient resource to complete the operation.

+  @retval EFI_BUFFER_TOO_SMALL   The number of non-empty block is bigger than the 

+                                 number of input data blocks when build a fragment table.

+

+**/

+EFI_STATUS

+Ip4IpSecProcessPacket (

+  IN IP4_SERVICE            *IpSb,

+  IN IP4_HEAD               *Head,

+  IN OUT NET_BUF            **Netbuf,

+  IN UINT8                  *Options,

+  IN UINT32                 OptionsLen,

+  IN EFI_IPSEC_TRAFFIC_DIR  Direction,

+  IN VOID                   *Context

+  );

+

 #endif