From 5dd08a463d5ca40b2ee3a8a0639c846e68265b92 Mon Sep 17 00:00:00 2001 From: Jiaxin Wu Date: Fri, 14 Aug 2015 07:41:51 +0000 Subject: NetworkPkg: Fix hang issue after system reconnected when IPSec has set up IpSecStop() is incompetent to send out the delete information since the underlying IP child has been destroyed. Delete all established IKE SAs and related Child SAs directly. Cc: Ye Ting Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu Reviewed-by: Ye Ting git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18223 6f19259b-4bc3-4df7-8a09-765794883524 --- NetworkPkg/IpSecDxe/IkeService.c | 1 - NetworkPkg/IpSecDxe/IkeService.h | 3 ++- NetworkPkg/IpSecDxe/Ikev2/Exchange.c | 6 +++--- NetworkPkg/IpSecDxe/Ikev2/Utility.c | 6 ++---- NetworkPkg/IpSecDxe/IpSecDriver.c | 25 +++++++++++++++++++++++-- 5 files changed, 30 insertions(+), 11 deletions(-) (limited to 'NetworkPkg') diff --git a/NetworkPkg/IpSecDxe/IkeService.c b/NetworkPkg/IpSecDxe/IkeService.c index 6594963f5d..d8571960a0 100644 --- a/NetworkPkg/IpSecDxe/IkeService.c +++ b/NetworkPkg/IpSecDxe/IkeService.c @@ -15,7 +15,6 @@ #include "IkeService.h" #include "IpSecConfigImpl.h" -#include "Ikev2/Utility.h" IKE_EXCHANGE_INTERFACE *mIkeExchange[] = { &mIkev1Exchange, diff --git a/NetworkPkg/IpSecDxe/IkeService.h b/NetworkPkg/IpSecDxe/IkeService.h index 3ebd17919a..0e05dfe976 100644 --- a/NetworkPkg/IpSecDxe/IkeService.h +++ b/NetworkPkg/IpSecDxe/IkeService.h @@ -1,7 +1,7 @@ /** @file Prototypes definitions of IKE service. - Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.
+ Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -19,6 +19,7 @@ #include "Ike.h" #include "IpSecImpl.h" #include "IkeCommon.h" +#include "Ikev2/Utility.h" #define IPSEC_CRYPTO_LIB_MEMORY 128 * 1024 diff --git a/NetworkPkg/IpSecDxe/Ikev2/Exchange.c b/NetworkPkg/IpSecDxe/Ikev2/Exchange.c index 37f9667d3d..9d58ab0a46 100644 --- a/NetworkPkg/IpSecDxe/Ikev2/Exchange.c +++ b/NetworkPkg/IpSecDxe/Ikev2/Exchange.c @@ -1,7 +1,7 @@ /** @file The general interfaces of the IKEv2. - Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
+ Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -330,7 +330,7 @@ Ikev2NegotiateInfo ( // // Send out the Packet // - if (UdpService != NULL) { + if (UdpService != NULL && UdpService->Output != NULL) { Status = Ikev2SendIkePacket (UdpService, (UINT8 *) SaCommon, IkePacket, 0); if (EFI_ERROR (Status)) { @@ -357,7 +357,7 @@ Ikev2NegotiateInfo ( // // Send out the Packet // - if (UdpService != NULL) { + if (UdpService != NULL && UdpService->Output != NULL) { Status = Ikev2SendIkePacket (UdpService, (UINT8 *) &ChildSaSession->SessionCommon, IkePacket, 0); if (EFI_ERROR (Status)) { diff --git a/NetworkPkg/IpSecDxe/Ikev2/Utility.c b/NetworkPkg/IpSecDxe/Ikev2/Utility.c index 8769850d41..16be09e14a 100644 --- a/NetworkPkg/IpSecDxe/Ikev2/Utility.c +++ b/NetworkPkg/IpSecDxe/Ikev2/Utility.c @@ -2,7 +2,7 @@ The Common operations used by IKE Exchange Process. (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
- Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
+ Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -891,9 +891,7 @@ Ikev2ChildSaSilentDelete ( RemoteSelector = NULL; UdpService = IkeSaSession->SessionCommon.UdpService; - Private = (UdpService->IpVersion == IP_VERSION_4) ? - IPSEC_PRIVATE_DATA_FROM_UDP4LIST(UdpService->ListHead) : - IPSEC_PRIVATE_DATA_FROM_UDP6LIST(UdpService->ListHead); + Private = IkeSaSession->SessionCommon.Private; // // Remove the Established SA from ChildSaEstablishlist. diff --git a/NetworkPkg/IpSecDxe/IpSecDriver.c b/NetworkPkg/IpSecDxe/IpSecDriver.c index 454d218c75..d8282b5e2f 100644 --- a/NetworkPkg/IpSecDxe/IpSecDriver.c +++ b/NetworkPkg/IpSecDxe/IpSecDriver.c @@ -1,7 +1,7 @@ /** @file Driver Binding Protocol for IPsec Driver. - Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
+ Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -178,6 +178,7 @@ IpSecStop ( IKE_UDP_SERVICE *UdpSrv; LIST_ENTRY *Entry; LIST_ENTRY *Next; + IKEV2_SA_SESSION *Ikev2SaSession; // // Locate ipsec protocol to get private data. @@ -196,7 +197,27 @@ IpSecStop ( // if ((IpVersion == IP_VERSION_4 && Private->Udp6Num ==0) || (IpVersion == IP_VERSION_6 && Private->Udp4Num ==0)) { - IkeDeleteAllSas (Private, FALSE); + // + // If IKEv2 SAs are under establishing, delete it directly. + // + if (!IsListEmpty (&Private->Ikev2SessionList)) { + NET_LIST_FOR_EACH_SAFE (Entry, Next, &Private->Ikev2SessionList) { + Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry); + RemoveEntryList (&Ikev2SaSession->BySessionTable); + Ikev2SaSessionFree (Ikev2SaSession); + } + } + + // + // Delete established IKEv2 SAs. + // + if (!IsListEmpty (&Private->Ikev2EstablishedList)) { + NET_LIST_FOR_EACH_SAFE (Entry, Next, &Private->Ikev2EstablishedList) { + Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry); + RemoveEntryList (&Ikev2SaSession->BySessionTable); + Ikev2SaSessionFree (Ikev2SaSession); + } + } } if (IpVersion == IP_VERSION_4) { -- cgit v1.2.3