From 68d3f2fb61dba9bbde4caa214a0c5bb3bc6ee7da Mon Sep 17 00:00:00 2001 From: xdu2 Date: Mon, 1 Nov 2010 08:19:28 +0000 Subject: 1. Update IPsec driver to produce EFI_IPSEC2_PROTOCOL which is defined by UEFI errata that will appear in UEFI 2.3 specification after 2.3 errata B and future UEFI Specifications after 2.3. 2. Update IPv6 driver to consume the EFI_IPSEC2_PROTOCOL. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10991 6f19259b-4bc3-4df7-8a09-765794883524 --- NetworkPkg/IpSecDxe/IpSecConfigImpl.c | 2 +- NetworkPkg/IpSecDxe/IpSecCryptIo.c | 6 +-- NetworkPkg/IpSecDxe/IpSecCryptIo.h | 17 +++++++ NetworkPkg/IpSecDxe/IpSecDriver.c | 4 +- NetworkPkg/IpSecDxe/IpSecImpl.c | 20 ++++---- NetworkPkg/IpSecDxe/IpSecImpl.h | 77 ++++++++++++++-------------- NetworkPkg/IpSecDxe/IpSecSaEngine.c | 96 +++++++++++++++++------------------ 7 files changed, 121 insertions(+), 101 deletions(-) (limited to 'NetworkPkg/IpSecDxe') diff --git a/NetworkPkg/IpSecDxe/IpSecConfigImpl.c b/NetworkPkg/IpSecDxe/IpSecConfigImpl.c index e671e42e27..0b52a49ae5 100644 --- a/NetworkPkg/IpSecDxe/IpSecConfigImpl.c +++ b/NetworkPkg/IpSecDxe/IpSecConfigImpl.c @@ -2365,7 +2365,7 @@ EfiIpSecConfigGetNextSelector ( NET_LIST_FOR_EACH (Link, &mConfigData[DataType]) { CommonEntry = BASE_CR (Link, IPSEC_COMMON_POLICY_ENTRY, List); - if (IsFound || mIsZeroSelector[DataType](Selector)) { + if (IsFound || (BOOLEAN)(mIsZeroSelector[DataType](Selector))) { // // If found the appointed entry, then duplicate the next one and return, // or if the appointed entry is zero, then return the first one directly. diff --git a/NetworkPkg/IpSecDxe/IpSecCryptIo.c b/NetworkPkg/IpSecDxe/IpSecCryptIo.c index 7011f98b06..93b69a6682 100644 --- a/NetworkPkg/IpSecDxe/IpSecCryptIo.c +++ b/NetworkPkg/IpSecDxe/IpSecCryptIo.c @@ -18,15 +18,15 @@ // Alogrithm's informations for the Encrypt/Decrpt Alogrithm. // ENCRYPT_ALGORITHM mIpsecEncryptAlgorithmList[IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE] = { - {EFI_IPSEC_EALG_NULL, 0, 0, 1, NULL, NULL, NULL, NULL}, + {IKE_EALG_NULL, 0, 0, 1, NULL, NULL, NULL, NULL}, {(UINT8)-1, 0, 0, 0, NULL, NULL, NULL, NULL} }; // // Alogrithm's informations for the Authentication algorithm // AUTH_ALGORITHM mIpsecAuthAlgorithmList[IPSEC_AUTH_ALGORITHM_LIST_SIZE] = { - {EFI_IPSEC_AALG_NONE, 0, 0, 0, NULL, NULL, NULL, NULL}, - {EFI_IPSEC_AALG_NULL, 0, 0, 0, NULL, NULL, NULL, NULL}, + {IKE_AALG_NONE, 0, 0, 0, NULL, NULL, NULL, NULL}, + {IKE_AALG_NULL, 0, 0, 0, NULL, NULL, NULL, NULL}, {(UINT8)-1, 0, 0, 0, NULL, NULL, NULL, NULL} }; diff --git a/NetworkPkg/IpSecDxe/IpSecCryptIo.h b/NetworkPkg/IpSecDxe/IpSecCryptIo.h index d883a2ef72..ddceb12bb6 100644 --- a/NetworkPkg/IpSecDxe/IpSecCryptIo.h +++ b/NetworkPkg/IpSecDxe/IpSecCryptIo.h @@ -22,6 +22,23 @@ #define IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE 2 #define IPSEC_AUTH_ALGORITHM_LIST_SIZE 3 +/// +/// Authentication Algorithm Definition +/// The number value definition is aligned to IANA assignment +/// +#define IKE_AALG_NONE 0x00 +#define IKE_AALG_SHA1HMAC 0x02 +#define IKE_AALG_NULL 0xFB + +/// +/// Encryption Algorithm Definition +/// The number value definition is aligned to IANA assignment +/// +#define IKE_EALG_NONE 0x00 +#define IKE_EALG_3DESCBC 0x03 +#define IKE_EALG_NULL 0x0B +#define IKE_EALG_AESCBC 0x0C + /** Prototype of Hash GetContextSize. diff --git a/NetworkPkg/IpSecDxe/IpSecDriver.c b/NetworkPkg/IpSecDxe/IpSecDriver.c index b38f2a9452..00fb26f761 100644 --- a/NetworkPkg/IpSecDxe/IpSecDriver.c +++ b/NetworkPkg/IpSecDxe/IpSecDriver.c @@ -174,7 +174,7 @@ IpSecDriverEntryPoint ( { EFI_STATUS Status; IPSEC_PRIVATE_DATA *Private; - EFI_IPSEC_PROTOCOL *IpSec; + EFI_IPSEC2_PROTOCOL *IpSec; // // Check whether ipsec protocol has already been installed. @@ -218,7 +218,7 @@ IpSecDriverEntryPoint ( Private->Signature = IPSEC_PRIVATE_DATA_SIGNATURE; Private->ImageHandle = ImageHandle; - CopyMem (&Private->IpSec, &mIpSecInstance, sizeof (EFI_IPSEC_PROTOCOL)); + CopyMem (&Private->IpSec, &mIpSecInstance, sizeof (EFI_IPSEC2_PROTOCOL)); // // Initilize Private's members. Thess members is used for IKE. diff --git a/NetworkPkg/IpSecDxe/IpSecImpl.c b/NetworkPkg/IpSecDxe/IpSecImpl.c index 15884ae403..b693eb94d1 100644 --- a/NetworkPkg/IpSecDxe/IpSecImpl.c +++ b/NetworkPkg/IpSecDxe/IpSecImpl.c @@ -15,7 +15,7 @@ #include "IpSecConfigImpl.h" -EFI_IPSEC_PROTOCOL mIpSecInstance = { IpSecProcess, NULL, TRUE }; +EFI_IPSEC2_PROTOCOL mIpSecInstance = { IpSecProcess, NULL, TRUE }; extern LIST_ENTRY mConfigData[IPsecConfigDataTypeMaximum]; @@ -656,11 +656,11 @@ IpSecLookupSpdEntry ( @param[in] NicHandle Instance of the network interface. @param[in] IpVersion IPV4 or IPV6. @param[in, out] IpHead Pointer to the IP Header. - @param[in] LastHead The protocol of the next layer to be processed by IPsec. - @param[in] OptionsBuffer Pointer to the options buffer. - @param[in] OptionsLength Length of the options buffer. + @param[in, out] LastHead The protocol of the next layer to be processed by IPsec. + @param[in, out] OptionsBuffer Pointer to the options buffer. + @param[in, out] OptionsLength Length of the options buffer. @param[in, out] FragmentTable Pointer to a list of fragments. - @param[in] FragmentCount Number of fragments. + @param[in, out] FragmentCount Number of fragments. @param[in] TrafficDirection Traffic direction. @param[out] RecycleSignal Event for recycling of resources. @@ -672,15 +672,15 @@ IpSecLookupSpdEntry ( EFI_STATUS EFIAPI IpSecProcess ( - IN EFI_IPSEC_PROTOCOL *This, + IN EFI_IPSEC2_PROTOCOL *This, IN EFI_HANDLE NicHandle, IN UINT8 IpVersion, IN OUT VOID *IpHead, - IN UINT8 *LastHead, - IN VOID *OptionsBuffer, - IN UINT32 OptionsLength, + IN OUT UINT8 *LastHead, + IN OUT VOID **OptionsBuffer, + IN OUT UINT32 *OptionsLength, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, - IN UINT32 *FragmentCount, + IN OUT UINT32 *FragmentCount, IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection, OUT EFI_EVENT *RecycleSignal ) diff --git a/NetworkPkg/IpSecDxe/IpSecImpl.h b/NetworkPkg/IpSecDxe/IpSecImpl.h index 644c658082..84494460c4 100644 --- a/NetworkPkg/IpSecDxe/IpSecImpl.h +++ b/NetworkPkg/IpSecDxe/IpSecImpl.h @@ -88,16 +88,19 @@ struct _IPSEC_SPD_ENTRY { }; typedef struct _IPSEC_SAD_DATA { - EFI_IPSEC_MODE Mode; - UINT64 SequenceNumber; - UINT8 AntiReplayWindowSize; - UINT64 AntiReplayBitmap[4]; // bitmap for received packet - EFI_IPSEC_ALGO_INFO AlgoInfo; - EFI_IPSEC_SA_LIFETIME SaLifetime; - UINT32 PathMTU; - IPSEC_SPD_ENTRY *SpdEntry; - BOOLEAN ESNEnabled; // Extended (64-bit) SN enabled - BOOLEAN ManualSet; + EFI_IPSEC_MODE Mode; + UINT64 SequenceNumber; + UINT8 AntiReplayWindowSize; + UINT64 AntiReplayBitmap[4]; // bitmap for received packet + EFI_IPSEC_ALGO_INFO AlgoInfo; + EFI_IPSEC_SA_LIFETIME SaLifetime; + UINT32 PathMTU; + IPSEC_SPD_ENTRY *SpdEntry; + EFI_IPSEC_SPD_SELECTOR *SpdSelector; + BOOLEAN ESNEnabled; // Extended (64-bit) SN enabled + BOOLEAN ManualSet; + EFI_IP_ADDRESS TunnelDestAddress; + EFI_IP_ADDRESS TunnelSourceAddress; } IPSEC_SAD_DATA; typedef struct _IPSEC_SAD_ENTRY { @@ -122,7 +125,7 @@ struct _IPSEC_PRIVATE_DATA { UINT32 Signature; EFI_HANDLE Handle; // Virtual handle to install private prtocol EFI_HANDLE ImageHandle; - EFI_IPSEC_PROTOCOL IpSec; + EFI_IPSEC2_PROTOCOL IpSec; EFI_IPSEC_CONFIG_PROTOCOL IpSecConfig; BOOLEAN SetBySelf; LIST_ENTRY Udp4List; @@ -146,13 +149,13 @@ struct _IPSEC_PRIVATE_DATA { @param[in, out] IpHead Points to IP header containing the ESP/AH header to be trimed on input, and without ESP/AH header on return. - @param[in] LastHead The Last Header in IP header on return. - @param[in] OptionsBuffer Pointer to the options buffer. It is optional. - @param[in] OptionsLength Length of the options buffer. It is optional. + @param[out] LastHead The Last Header in IP header on return. + @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional. + @param[in, out] OptionsLength Length of the options buffer. It is optional. @param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec protected on input, and without IPsec protected on return. - @param[in] FragmentCount Number of fragments. + @param[in, out] FragmentCount Number of fragments. @param[out] SpdEntry Pointer to contain the address of SPD entry on return. @param[out] RecycleEvent Event for recycling of resources. @@ -164,11 +167,11 @@ EFI_STATUS IpSecProtectInboundPacket ( IN UINT8 IpVersion, IN OUT VOID *IpHead, - IN UINT8 *LastHead, - IN VOID *OptionsBuffer, OPTIONAL - IN UINT32 OptionsLength, OPTIONAL + OUT UINT8 *LastHead, + IN OUT VOID **OptionsBuffer, OPTIONAL + IN OUT UINT32 *OptionsLength, OPTIONAL IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, - IN UINT32 *FragmentCount, + IN OUT UINT32 *FragmentCount, OUT IPSEC_SPD_ENTRY **SpdEntry, OUT EFI_EVENT *RecycleEvent ); @@ -184,13 +187,13 @@ IpSecProtectInboundPacket ( @param[in, out] IpHead Point to IP header containing the orginal IP header to be processed on input, and inserted ESP/AH header on return. - @param[in] LastHead The Last Header in IP header. - @param[in] OptionsBuffer Pointer to the options buffer. It is optional. - @param[in] OptionsLength Length of the options buffer. It is optional. + @param[in, out] LastHead The Last Header in IP header. + @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional. + @param[in, out] OptionsLength Length of the options buffer. It is optional. @param[in, out] FragmentTable Pointer to a list of fragments to be protected by IPsec on input, and with IPsec protected on return. - @param[in] FragmentCount Number of fragments. + @param[in, out] FragmentCount Number of fragments. @param[in] SadEntry Related SAD entry. @param[out] RecycleEvent Event for recycling of resources. @@ -202,11 +205,11 @@ EFI_STATUS IpSecProtectOutboundPacket ( IN UINT8 IpVersion, IN OUT VOID *IpHead, - IN UINT8 *LastHead, - IN VOID *OptionsBuffer, OPTIONAL - IN UINT32 OptionsLength, OPTIONAL + IN OUT UINT8 *LastHead, + IN OUT VOID **OptionsBuffer, OPTIONAL + IN OUT UINT32 *OptionsLength, OPTIONAL IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, - IN UINT32 *FragmentCount, + IN OUT UINT32 *FragmentCount, IN IPSEC_SAD_ENTRY *SadEntry, OUT EFI_EVENT *RecycleEvent ); @@ -274,11 +277,11 @@ IpSecLookupSadBySpi ( @param[in] NicHandle Instance of the network interface. @param[in] IpVersion IPV4 or IPV6. @param[in, out] IpHead Pointer to the IP Header. - @param[in] LastHead The protocol of the next layer to be processed by IPsec. - @param[in] OptionsBuffer Pointer to the options buffer. - @param[in] OptionsLength Length of the options buffer. + @param[in, out] LastHead The protocol of the next layer to be processed by IPsec. + @param[in, out] OptionsBuffer Pointer to the options buffer. + @param[in, out] OptionsLength Length of the options buffer. @param[in, out] FragmentTable Pointer to a list of fragments. - @param[in] FragmentCount Number of fragments. + @param[in, out] FragmentCount Number of fragments. @param[in] TrafficDirection Traffic direction. @param[out] RecycleSignal Event for recycling of resources. @@ -290,21 +293,21 @@ IpSecLookupSadBySpi ( EFI_STATUS EFIAPI IpSecProcess ( - IN EFI_IPSEC_PROTOCOL *This, + IN EFI_IPSEC2_PROTOCOL *This, IN EFI_HANDLE NicHandle, IN UINT8 IpVersion, IN OUT VOID *IpHead, - IN UINT8 *LastHead, - IN VOID *OptionsBuffer, - IN UINT32 OptionsLength, + IN OUT UINT8 *LastHead, + IN OUT VOID **OptionsBuffer, + IN OUT UINT32 *OptionsLength, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, - IN UINT32 *FragmentCount, + IN OUT UINT32 *FragmentCount, IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection, OUT EFI_EVENT *RecycleSignal ); extern EFI_DPC_PROTOCOL *mDpc; -extern EFI_IPSEC_PROTOCOL mIpSecInstance; +extern EFI_IPSEC2_PROTOCOL mIpSecInstance; extern EFI_COMPONENT_NAME2_PROTOCOL gIpSecComponentName2; extern EFI_COMPONENT_NAME_PROTOCOL gIpSecComponentName; diff --git a/NetworkPkg/IpSecDxe/IpSecSaEngine.c b/NetworkPkg/IpSecDxe/IpSecSaEngine.c index 8abf4d6bf4..b556b246a3 100644 --- a/NetworkPkg/IpSecDxe/IpSecSaEngine.c +++ b/NetworkPkg/IpSecDxe/IpSecSaEngine.c @@ -124,8 +124,8 @@ IpSecAuthPayload ( ) { switch (AuthAlgId) { - case EFI_IPSEC_AALG_NONE : - case EFI_IPSEC_AALG_NULL : + case IKE_AALG_NONE : + case IKE_AALG_NULL : return EFI_SUCCESS; default: @@ -222,15 +222,15 @@ IpSecEspDecryptPayload ( EFI_ESP_TAIL *EspTail; switch (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId) { - case EFI_IPSEC_EALG_NULL: + case IKE_EALG_NULL: EspTail = (EFI_ESP_TAIL *) (PayloadBuffer + EncryptSize - sizeof (EFI_ESP_TAIL)); *PaddingSize = EspTail->PaddingLength; *NextHeader = EspTail->NextHeader; *PlainPayloadSize = EncryptSize - EspTail->PaddingLength - sizeof (EFI_ESP_TAIL); break; - case EFI_IPSEC_EALG_3DESCBC: - case EFI_IPSEC_EALG_AESCBC: + case IKE_EALG_3DESCBC: + case IKE_EALG_AESCBC: // // TODO: support these algorithm // @@ -269,11 +269,11 @@ IpSecEspEncryptPayload ( ) { switch (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId) { - case EFI_IPSEC_EALG_NULL: + case IKE_EALG_NULL: return EFI_SUCCESS; - case EFI_IPSEC_EALG_3DESCBC: - case EFI_IPSEC_EALG_AESCBC: + case IKE_EALG_3DESCBC: + case IKE_EALG_AESCBC: // // TODO: support these algorithms // @@ -296,12 +296,12 @@ IpSecEspEncryptPayload ( to be trimed on input, and without ESP header on return. @param[out] LastHead The Last Header in IP header on return. - @param[in] OptionsBuffer Pointer to the options buffer. It is optional. - @param[in] OptionsLength Length of the options buffer. It is optional. + @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional. + @param[in, out] OptionsLength Length of the options buffer. It is optional. @param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec protected on input, and without IPsec protected on return. - @param[in] FragmentCount The number of fragments. + @param[in, out] FragmentCount The number of fragments. @param[out] SpdEntry Pointer to contain the address of SPD entry on return. @param[out] RecycleEvent The event for recycling of resources. @@ -318,10 +318,10 @@ IpSecEspInboundPacket ( IN UINT8 IpVersion, IN OUT VOID *IpHead, OUT UINT8 *LastHead, - IN VOID *OptionsBuffer, OPTIONAL - IN UINT32 OptionsLength, OPTIONAL + IN OUT VOID **OptionsBuffer, OPTIONAL + IN OUT UINT32 *OptionsLength, OPTIONAL IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, - IN UINT32 *FragmentCount, + IN OUT UINT32 *FragmentCount, OUT IPSEC_SPD_ENTRY **SpdEntry, OUT EFI_EVENT *RecycleEvent ) @@ -558,13 +558,13 @@ ON_EXIT: @param[in, out] IpHead Points to IP header containing the orginal IP header to be processed on input, and inserted ESP header on return. - @param[in] LastHead The Last Header in IP header. - @param[in] OptionsBuffer Pointer to the options buffer. It is optional. - @param[in] OptionsLength Length of the options buffer. It is optional. + @param[in, out] LastHead The Last Header in IP header. + @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional. + @param[in, out] OptionsLength Length of the options buffer. It is optional. @param[in, out] FragmentTable Pointer to a list of fragments to be protected by IPsec on input, and with IPsec protected on return. - @param[in] FragmentCount The number of fragments. + @param[in, out] FragmentCount The number of fragments. @param[in] SadEntry The related SAD entry. @param[out] RecycleEvent The event for recycling of resources. @@ -576,11 +576,11 @@ EFI_STATUS IpSecEspOutboundPacket ( IN UINT8 IpVersion, IN OUT VOID *IpHead, - IN UINT8 *LastHead, - IN VOID *OptionsBuffer, OPTIONAL - IN UINT32 OptionsLength, OPTIONAL + IN OUT UINT8 *LastHead, + IN OUT VOID **OptionsBuffer, OPTIONAL + IN OUT UINT32 *OptionsLength, OPTIONAL IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, - IN UINT32 *FragmentCount, + IN OUT UINT32 *FragmentCount, IN IPSEC_SAD_ENTRY *SadEntry, OUT EFI_EVENT *RecycleEvent ) @@ -825,29 +825,29 @@ ON_EXIT: @param[in, out] IpHead Points to IP header containing the ESP/AH header to be trimed on input, and without ESP/AH header on return. - @param[in] LastHead The Last Header in IP header on return. - @param[in] OptionsBuffer Pointer to the options buffer. It is optional. - @param[in] OptionsLength Length of the options buffer. It is optional. - @param[in, out] FragmentTable Pointer to a list of fragments in form of IPsec + @param[out] LastHead The Last Header in IP header on return. + @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional. + @param[in, out] OptionsLength Length of the options buffer. It is optional. + @param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec protected on input, and without IPsec protected on return. - @param[in] FragmentCount The number of fragments. + @param[in, out] FragmentCount Number of fragments. @param[out] SpdEntry Pointer to contain the address of SPD entry on return. - @param[out] RecycleEvent The event for recycling of resources. + @param[out] RecycleEvent Event for recycling of resources. - @retval EFI_SUCCESS The operation was successful. - @retval EFI_UNSUPPORTED The IPSEC protocol is not supported. + @retval EFI_SUCCESS The operation is successful. + @retval EFI_UNSUPPORTED If the IPSEC protocol is not supported. **/ EFI_STATUS IpSecProtectInboundPacket ( IN UINT8 IpVersion, IN OUT VOID *IpHead, - IN UINT8 *LastHead, - IN VOID *OptionsBuffer, OPTIONAL - IN UINT32 OptionsLength, OPTIONAL + OUT UINT8 *LastHead, + IN OUT VOID **OptionsBuffer, OPTIONAL + IN OUT UINT32 *OptionsLength, OPTIONAL IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, - IN UINT32 *FragmentCount, + IN OUT UINT32 *FragmentCount, OUT IPSEC_SPD_ENTRY **SpdEntry, OUT EFI_EVENT *RecycleEvent ) @@ -875,26 +875,26 @@ IpSecProtectInboundPacket ( } /** - This function processes the output traffic with IPsec. + This fucntion processes the output traffic with IPsec. It protected the sending packet by encrypting it payload and inserting ESP/AH header - in the orginal IP header, then returns the IpHeader and IPsec protected Fragmentable. + in the orginal IP header, then return the IpHeader and IPsec protected Fragmentable. @param[in] IpVersion The version of IP. - @param[in, out] IpHead Points to IP header containing the orginal IP header + @param[in, out] IpHead Point to IP header containing the orginal IP header to be processed on input, and inserted ESP/AH header on return. - @param[in] LastHead The Last Header in the IP header. - @param[in] OptionsBuffer Pointer to the options buffer. It is optional. - @param[in] OptionsLength Length of the options buffer. It is optional. + @param[in, out] LastHead The Last Header in IP header. + @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional. + @param[in, out] OptionsLength Length of the options buffer. It is optional. @param[in, out] FragmentTable Pointer to a list of fragments to be protected by IPsec on input, and with IPsec protected on return. - @param[in] FragmentCount The number of fragments. - @param[in] SadEntry The related SAD entry. - @param[out] RecycleEvent The event for recycling of resources. + @param[in, out] FragmentCount Number of fragments. + @param[in] SadEntry Related SAD entry. + @param[out] RecycleEvent Event for recycling of resources. - @retval EFI_SUCCESS The operation was successful. + @retval EFI_SUCCESS The operation is successful. @retval EFI_UNSUPPORTED If the IPSEC protocol is not supported. **/ @@ -902,11 +902,11 @@ EFI_STATUS IpSecProtectOutboundPacket ( IN UINT8 IpVersion, IN OUT VOID *IpHead, - IN UINT8 *LastHead, - IN VOID *OptionsBuffer, OPTIONAL - IN UINT32 OptionsLength, OPTIONAL + IN OUT UINT8 *LastHead, + IN OUT VOID **OptionsBuffer, OPTIONAL + IN OUT UINT32 *OptionsLength, OPTIONAL IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, - IN UINT32 *FragmentCount, + IN OUT UINT32 *FragmentCount, IN IPSEC_SAD_ENTRY *SadEntry, OUT EFI_EVENT *RecycleEvent ) -- cgit v1.2.3