Functions | |
BOOLEAN | IpSecValidAddressRange (IN UINT8 IpVersion, IN EFI_IP_ADDRESS *Address, IN UINT8 PrefixLength) |
VOID | IpSecExtractAddressRange (IN EFI_IP_ADDRESS *Address, IN UINT8 PrefixLength, OUT EFI_IP_ADDRESS *Range) |
BOOLEAN | IpSecMatchIpAddress (IN UINT8 IpVersion, IN EFI_IP_ADDRESS *IpAddr, IN EFI_IP_ADDRESS_INFO *AddressInfo, IN UINT32 AddressCount) |
BOOLEAN | IpSecMatchNextLayerProtocol (IN UINT8 Protocol, IN UINT8 *IpPayload, IN UINT16 SpdProtocol, IN UINT16 SpdLocalPort, IN UINT16 SpdRemotePort, IN BOOLEAN IsOutbound) |
IPSEC_SAD_ENTRY * | IpSecLookupSadBySpd (IN LIST_ENTRY *SadList, IN EFI_IP_ADDRESS *DestAddress, IN UINT8 IpVersion) |
IPSEC_SAD_ENTRY * | IpSecLookupSadBySpi (IN UINT32 Spi, IN EFI_IP_ADDRESS *DestAddress, IN UINT8 IpVersion) |
EFI_STATUS | IpSecLookupSadEntry (IN IPSEC_PRIVATE_DATA *Private, IN EFI_HANDLE NicHandle, IN UINT8 IpVersion, IN VOID *IpHead, IN UINT8 *IpPayload, IN UINT8 OldLastHead, IN IPSEC_SPD_ENTRY *SpdEntry, OUT IPSEC_SAD_ENTRY **SadEntry) |
IPSEC_PAD_ENTRY * | IpSecLookupPadEntry (IN UINT8 IpVersion, IN EFI_IP_ADDRESS *IpAddr) |
EFI_STATUS | IpSecLookupSpdEntry (IN IPSEC_SPD_ENTRY *SpdEntry, IN UINT8 IpVersion, IN VOID *IpHead, IN UINT8 *IpPayload, IN UINT8 Protocol, IN BOOLEAN IsOutbound, OUT EFI_IPSEC_ACTION *Action) |
VOID EFIAPI | IpSecOnRecyclePacket (IN VOID *Arg) |
VOID EFIAPI | IpSecRecycleCallback (IN EFI_EVENT Event, IN VOID *Context) |
UINT16 | IpSecGetPlainExtHeadSize (IN VOID *IpHead, IN UINT8 *LastHead) |
EFI_STATUS | IpSecEspAuthVerifyPayload (IN UINT8 *EspBuffer, IN UINTN EspSize, IN IPSEC_SAD_ENTRY *SadEntry, IN UINTN IcvSize) |
IPSEC_SAD_ENTRY * | IpSecFoundSadFromInboundPacket (UINT8 *IpHead, UINT8 IpVersion, UINT32 Spi) |
BOOLEAN | IpSecIsIp6ExtsValid (IN UINT8 *NextHeader, IN UINT8 *ExtHdrs, IN UINT32 ExtHdrsLen, OUT UINT8 **LastHeader, OUT UINT32 *RealExtsLen) |
VOID | IpSecTunnelInboundPacket (IN OUT UINT8 *IpHead, IN UINT8 *IpPayload, IN UINT8 IpVersion, IN IPSEC_SAD_DATA *SadData, IN OUT UINT8 *LastHead) |
UINT8 * | IpSecTunnelOutboundPacket (IN OUT UINT8 *IpHead, IN UINT8 IpVersion, IN IPSEC_SAD_DATA *SadData, IN OUT UINT8 *LastHead, IN VOID **OptionsBuffer, IN UINT32 *OptionsLength, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, IN UINT32 *FragmentCount) |
EFI_STATUS | IpSecEspInboundPacket (IN UINT8 IpVersion, IN OUT VOID *IpHead, OUT UINT8 *LastHead, IN OUT VOID **OptionsBuffer, IN OUT UINT32 *OptionsLength, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, IN OUT UINT32 *FragmentCount, OUT EFI_IPSEC_SPD_SELECTOR **SpdSelector, OUT EFI_EVENT *RecycleEvent) |
EFI_STATUS | IpSecEspOutboundPacket (IN UINT8 IpVersion, IN OUT VOID *IpHead, IN OUT UINT8 *LastHead, IN OUT VOID **OptionsBuffer, IN OUT UINT32 *OptionsLength, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, IN OUT UINT32 *FragmentCount, IN IPSEC_SAD_ENTRY *SadEntry, OUT EFI_EVENT *RecycleEvent) |
EFI_STATUS | IpSecProtectInboundPacket (IN UINT8 IpVersion, IN OUT VOID *IpHead, IN OUT UINT8 *LastHead, IN OUT VOID **OptionsBuffer, IN OUT UINT32 *OptionsLength, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, IN OUT UINT32 *FragmentCount, OUT EFI_IPSEC_SPD_SELECTOR **SpdEntry, OUT EFI_EVENT *RecycleEvent) |
EFI_STATUS | IpSecProtectOutboundPacket (IN UINT8 IpVersion, IN OUT VOID *IpHead, IN OUT UINT8 *LastHead, IN OUT VOID **OptionsBuffer, IN OUT UINT32 *OptionsLength, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, IN OUT UINT32 *FragmentCount, IN IPSEC_SAD_ENTRY *SadEntry, OUT EFI_EVENT *RecycleEvent) |
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
EFI_STATUS IpSecEspAuthVerifyPayload | ( | IN UINT8 * | EspBuffer, | |
IN UINTN | EspSize, | |||
IN IPSEC_SAD_ENTRY * | SadEntry, | |||
IN UINTN | IcvSize | |||
) |
Verify if the Authentication payload is correct.
[in] | EspBuffer | Points to the ESP wrapped buffer. |
[in] | EspSize | The size of the ESP wrapped buffer. |
[in] | SadEntry | The related SAD entry to store the authentication algorithm key. |
[in] | IcvSize | The length of ICV. |
EFI_SUCCESS | The authentication data is correct. | |
EFI_ACCESS_DENIED | The authentication data is not correct. |
References HASH_DATA_FRAGMENT::Data, HASH_DATA_FRAGMENT::DataSize, and IpSecCryptoIoHmac().
Referenced by IpSecEspInboundPacket().
EFI_STATUS IpSecEspInboundPacket | ( | IN UINT8 | IpVersion, | |
IN OUT VOID * | IpHead, | |||
OUT UINT8 * | LastHead, | |||
IN OUT VOID ** | OptionsBuffer, | |||
IN OUT UINT32 * | OptionsLength, | |||
IN OUT EFI_IPSEC_FRAGMENT_DATA ** | FragmentTable, | |||
IN OUT UINT32 * | FragmentCount, | |||
OUT EFI_IPSEC_SPD_SELECTOR ** | SpdSelector, | |||
OUT EFI_EVENT * | RecycleEvent | |||
) |
The actual entry to relative function processes the inbound traffic of ESP header.
This function is the subfunction of IpSecProtectInboundPacket(). It checks the received packet security property and trim the ESP header and then returns without an IPsec protected IP Header and FramgmentTable.
[in] | IpVersion | The version of IP. |
[in,out] | IpHead | Points to the IP header containing the ESP header to be trimed on input, and without ESP header on return. |
[out] | LastHead | The Last Header in IP header on return. |
[in,out] | OptionsBuffer | Pointer to the options buffer. |
[in,out] | OptionsLength | Length of the options buffer. |
[in,out] | FragmentTable | Pointer to a list of fragments in the form of IPsec protected on input, and without IPsec protected on return. |
[in,out] | FragmentCount | The number of fragments. |
[out] | SpdSelector | Pointer to contain the address of SPD selector on return. |
[out] | RecycleEvent | The event for recycling of resources. |
EFI_SUCCESS | The operation was successful. | |
EFI_ACCESS_DENIED | One or more following conditions is TRUE:
| |
EFI_OUT_OF_RESOURCES | The required system resource can't be allocated. |
References _IPSEC_SAD_DATA::AlgoInfo, _IPSEC_SAD_ENTRY::Data, _IPSEC_RECYCLE_CONTEXT::FragmentTable, _IPSEC_SAD_ENTRY::Id, IpSecCryptoIoDecrypt(), IpSecEspAuthVerifyPayload(), IpSecFoundSadFromInboundPacket(), IpSecGetEncryptBlockSize(), IpSecGetEncryptIvLength(), IpSecGetIcvLength(), IpSecGetPlainExtHeadSize(), IpSecOnRecyclePacket(), IpSecRecycleCallback(), IpSecTunnelInboundPacket(), _IPSEC_SAD_DATA::ManualSet, _IPSEC_SAD_DATA::Mode, _EFI_ESP_TAIL::NextHeader, _EFI_ESP_TAIL::PaddingLength, _IPSEC_RECYCLE_CONTEXT::PayloadBuffer, _IPSEC_SAD_DATA::SpdSelector, and _EFI_ESP_HEADER::Spi.
Referenced by IpSecProtectInboundPacket().
EFI_STATUS IpSecEspOutboundPacket | ( | IN UINT8 | IpVersion, | |
IN OUT VOID * | IpHead, | |||
IN OUT UINT8 * | LastHead, | |||
IN OUT VOID ** | OptionsBuffer, | |||
IN OUT UINT32 * | OptionsLength, | |||
IN OUT EFI_IPSEC_FRAGMENT_DATA ** | FragmentTable, | |||
IN OUT UINT32 * | FragmentCount, | |||
IN IPSEC_SAD_ENTRY * | SadEntry, | |||
OUT EFI_EVENT * | RecycleEvent | |||
) |
The actual entry to the relative function processes the output traffic using the ESP protocol.
This function is the subfunction of IpSecProtectOutboundPacket(). It protected the sending packet by encrypting its payload and inserting ESP header in the orginal IP header, then return the IpHeader and IPsec protected Fragmentable.
[in] | IpVersion | The version of IP. |
[in,out] | IpHead | Points to IP header containing the orginal IP header to be processed on input, and inserted ESP header on return. |
[in,out] | LastHead | The Last Header in IP header. |
[in,out] | OptionsBuffer | Pointer to the options buffer. |
[in,out] | OptionsLength | Length of the options buffer. |
[in,out] | FragmentTable | Pointer to a list of fragments to be protected by IPsec on input, and with IPsec protected on return. |
[in,out] | FragmentCount | The number of fragments. |
[in] | SadEntry | The related SAD entry. |
[out] | RecycleEvent | The event for recycling of resources. |
EFI_SUCCESS | The operation was successful. | |
EFI_OUT_OF_RESOURCES | The required system resources can't be allocated. |
References _IPSEC_SAD_DATA::AlgoInfo, HASH_DATA_FRAGMENT::Data, HASH_DATA_FRAGMENT::DataSize, _IPSEC_RECYCLE_CONTEXT::FragmentTable, IPSEC_ESP_PROTOCOL, IpSecCryptoIoEncrypt(), IpSecCryptoIoHmac(), IpSecGenerateIv(), IpSecGetEncryptBlockSize(), IpSecGetEncryptIvLength(), IpSecGetIcvLength(), IpSecGetPlainExtHeadSize(), IpSecRecycleCallback(), IpSecTunnelOutboundPacket(), _IPSEC_SAD_DATA::ManualSet, _IPSEC_SAD_DATA::Mode, _EFI_ESP_TAIL::NextHeader, _EFI_ESP_TAIL::PaddingLength, _IPSEC_RECYCLE_CONTEXT::PayloadBuffer, _IPSEC_SAD_DATA::SequenceNumber, _EFI_ESP_HEADER::SequenceNumber, _EFI_ESP_HEADER::Spi, _IPSEC_SAD_DATA::TunnelDestAddress, and _IPSEC_SAD_DATA::TunnelSourceAddress.
Referenced by IpSecProtectOutboundPacket().
VOID IpSecExtractAddressRange | ( | IN EFI_IP_ADDRESS * | Address, | |
IN UINT8 | PrefixLength, | |||
OUT EFI_IP_ADDRESS * | Range | |||
) |
Extrct the Address Range from a Address.
This function keep the prefix address and zero other part address.
[in] | Address | Point to a specified address. |
[in] | PrefixLength | The prefix length. |
[out] | Range | Contain the return Address Range. |
Referenced by IpSecMatchIpAddress().
IPSEC_SAD_ENTRY* IpSecFoundSadFromInboundPacket | ( | UINT8 * | IpHead, | |
UINT8 | IpVersion, | |||
UINT32 | Spi | |||
) |
Search the related SAD entry by the input .
[in] | IpHead | The pointer to IP header. |
[in] | IpVersion | The version of IP (IP4 or IP6). |
[in] | Spi | The SPI used to search the related SAD entry. |
NULL | Not find the related SAD entry. | |
IPSEC_SAD_ENTRY | Return the related SAD entry. |
References IpSecLookupSadBySpi().
Referenced by IpSecEspInboundPacket().
UINT16 IpSecGetPlainExtHeadSize | ( | IN VOID * | IpHead, | |
IN UINT8 * | LastHead | |||
) |
Calculate the extension hader of IP. The return length only doesn't contain the fixed IP header length.
[in] | IpHead | Points to an IP head to be calculated. |
[in] | LastHead | Points to the last header of the IP header. |
Referenced by IpSecEspInboundPacket(), and IpSecEspOutboundPacket().
BOOLEAN IpSecIsIp6ExtsValid | ( | IN UINT8 * | NextHeader, | |
IN UINT8 * | ExtHdrs, | |||
IN UINT32 | ExtHdrsLen, | |||
OUT UINT8 ** | LastHeader, | |||
OUT UINT32 * | RealExtsLen | |||
) |
Validate the IP6 extension header format for both the packets we received and that we will transmit.
[in] | NextHeader | The next header field in IPv6 basic header. |
[in] | ExtHdrs | The first bye of the option. |
[in] | ExtHdrsLen | The length of the whole option. |
[out] | LastHeader | The pointer of NextHeader of the last extension header processed by IP6. |
[out] | RealExtsLen | The length of extension headers processed by IP6 layer. This is an optional parameter that may be NULL. |
TRUE | The option is properly formated. | |
FALSE | The option is malformated. |
Referenced by IpSecTunnelInboundPacket().
IPSEC_PAD_ENTRY* IpSecLookupPadEntry | ( | IN UINT8 | IpVersion, | |
IN EFI_IP_ADDRESS * | IpAddr | |||
) |
Find a PAD entry according to a remote IP address.
[in] | IpVersion | The version of IP. |
[in] | IpAddr | Points to remote IP address. |
References _IPSEC_PAD_ENTRY::Id, IPSEC_PAD_ENTRY_FROM_LIST, IpSecMatchIpAddress(), and mConfigData.
Referenced by IkeNegotiate(), and Ikev2HandleSa().
IPSEC_SAD_ENTRY* IpSecLookupSadBySpd | ( | IN LIST_ENTRY * | SadList, | |
IN EFI_IP_ADDRESS * | DestAddress, | |||
IN UINT8 | IpVersion | |||
) |
Find the SAD through a specified SPD's SAD list.
[in] | SadList | SAD list related to a specified SPD entry. |
[in] | DestAddress | The destination address used to find the SAD entry. |
[in] | IpVersion | The IP version. Ip4 or Ip6. |
References _IPSEC_SAD_ENTRY::Data, IPSEC_SAD_ENTRY_FROM_SPD, IpSecMatchIpAddress(), and _IPSEC_SAD_DATA::SpdSelector.
Referenced by IpSecLookupSadEntry().
IPSEC_SAD_ENTRY* IpSecLookupSadBySpi | ( | IN UINT32 | Spi, | |
IN EFI_IP_ADDRESS * | DestAddress, | |||
IN UINT8 | IpVersion | |||
) |
Find the SAD through whole SAD list.
[in] | Spi | The SPI used to search the SAD entry. |
[in] | DestAddress | The destination used to search the SAD entry. |
[in] | IpVersion | The IP version. Ip4 or Ip6. |
References _IPSEC_SAD_ENTRY::Data, _IPSEC_SAD_ENTRY::Id, IPSEC_SAD_ENTRY_FROM_LIST, IpSecMatchIpAddress(), mConfigData, _IPSEC_SAD_DATA::Mode, _IPSEC_SAD_DATA::SpdSelector, and _IPSEC_SAD_DATA::TunnelDestAddress.
Referenced by IpSecFoundSadFromInboundPacket().
EFI_STATUS IpSecLookupSadEntry | ( | IN IPSEC_PRIVATE_DATA * | Private, | |
IN EFI_HANDLE | NicHandle, | |||
IN UINT8 | IpVersion, | |||
IN VOID * | IpHead, | |||
IN UINT8 * | IpPayload, | |||
IN UINT8 | OldLastHead, | |||
IN IPSEC_SPD_ENTRY * | SpdEntry, | |||
OUT IPSEC_SAD_ENTRY ** | SadEntry | |||
) |
Look up if there is existing SAD entry for specified IP packet sending.
This function is called by the IPsecProcess when there is some IP packet needed to send out. This function checks if there is an existing SAD entry that can be serviced to this IP packet sending. If no existing SAD entry could be used, this function will invoke an IPsec Key Exchange Negotiation.
[in] | Private | Points to private data. |
[in] | NicHandle | Points to a NIC handle. |
[in] | IpVersion | The version of IP. |
[in] | IpHead | The IP Header of packet to be sent out. |
[in] | IpPayload | The IP Payload to be sent out. |
[in] | OldLastHead | The Last protocol of the IP packet. |
[in] | SpdEntry | Points to a related SPD entry. |
[out] | SadEntry | Contains the Point of a related SAD entry. |
EFI_DEVICE_ERROR | One of following conditions is TRUE:
| |
EFI_NOT_READY | No existing SAD entry could be used. | |
EFI_SUCCESS | Find the related SAD entry. |
References _IPSEC_SAD_ENTRY::Data, _IPSEC_SAD_DATA::ESNEnabled, IkeLookupUdp(), IkeNegotiate(), IpSecLookupSadBySpd(), _IPSEC_SAD_DATA::ManualSet, and _IPSEC_SAD_DATA::SequenceNumber.
Referenced by IpSecProcess().
EFI_STATUS IpSecLookupSpdEntry | ( | IN IPSEC_SPD_ENTRY * | SpdEntry, | |
IN UINT8 | IpVersion, | |||
IN VOID * | IpHead, | |||
IN UINT8 * | IpPayload, | |||
IN UINT8 | Protocol, | |||
IN BOOLEAN | IsOutbound, | |||
OUT EFI_IPSEC_ACTION * | Action | |||
) |
Check if the specified IP packet can be serviced by this SPD entry.
[in] | SpdEntry | Point to SPD entry. |
[in] | IpVersion | Version of IP. |
[in] | IpHead | Point to IP header. |
[in] | IpPayload | Point to IP payload. |
[in] | Protocol | The Last protocol of IP packet. |
[in] | IsOutbound | Traffic direction. |
[out] | Action | The support action of SPD entry. |
EFI_SUCCESS | Find the related SPD. | |
EFI_NOT_FOUND | Not find the related SPD entry; |
References IpSecMatchIpAddress(), and IpSecMatchNextLayerProtocol().
Referenced by IpSecProcess().
BOOLEAN IpSecMatchIpAddress | ( | IN UINT8 | IpVersion, | |
IN EFI_IP_ADDRESS * | IpAddr, | |||
IN EFI_IP_ADDRESS_INFO * | AddressInfo, | |||
IN UINT32 | AddressCount | |||
) |
Checks if the IP Address in the address range of AddressInfos specified.
[in] | IpVersion | The IP version. |
[in] | IpAddr | Point to EFI_IP_ADDRESS to be check. |
[in] | AddressInfo | A list of EFI_IP_ADDRESS_INFO that is used to check the IP Address is matched. |
[in] | AddressCount | The total numbers of the AddressInfo. |
TRUE | If the Specified IP Address is in the range of the AddressInfos specified. | |
FALSE | If the Specified IP Address is not in the range of the AddressInfos specified. |
References IpSecExtractAddressRange(), and IpSecValidAddressRange().
Referenced by Ikev2MatchSpdEntry(), IpSecLookupPadEntry(), IpSecLookupSadBySpd(), IpSecLookupSadBySpi(), and IpSecLookupSpdEntry().
BOOLEAN IpSecMatchNextLayerProtocol | ( | IN UINT8 | Protocol, | |
IN UINT8 * | IpPayload, | |||
IN UINT16 | SpdProtocol, | |||
IN UINT16 | SpdLocalPort, | |||
IN UINT16 | SpdRemotePort, | |||
IN BOOLEAN | IsOutbound | |||
) |
Check if the specified Protocol and Prot is supported by the specified SPD Entry.
This function is the subfunction of IPsecLookUpSpdEntry() that is used to check if the sent/received IKE packet has the related SPD entry support.
[in] | Protocol | The Protocol to be checked. |
[in] | IpPayload | Point to IP Payload to be check. |
[in] | SpdProtocol | The Protocol supported by SPD. |
[in] | SpdLocalPort | The Local Port in SPD. |
[in] | SpdRemotePort | The Remote Port in SPD. |
[in] | IsOutbound | Flag to indicate the is for IKE Packet sending or recieving. |
TRUE | The Protocol and Port are supported by the SPD Entry. | |
FALSE | The Protocol and Port are not supported by the SPD Entry. |
References EFI_IPSEC_ANY_PROTOCOL.
Referenced by IpSecLookupSpdEntry().
VOID EFIAPI IpSecOnRecyclePacket | ( | IN VOID * | Arg | ) |
The call back function of NetbufFromExt.
[in] | Arg | The argument passed from the caller. |
Referenced by IpSecEspInboundPacket(), and IpSecTunnelOutboundPacket().
EFI_STATUS IpSecProtectInboundPacket | ( | IN UINT8 | IpVersion, | |
IN OUT VOID * | IpHead, | |||
IN OUT UINT8 * | LastHead, | |||
IN OUT VOID ** | OptionsBuffer, | |||
IN OUT UINT32 * | OptionsLength, | |||
IN OUT EFI_IPSEC_FRAGMENT_DATA ** | FragmentTable, | |||
IN OUT UINT32 * | FragmentCount, | |||
OUT EFI_IPSEC_SPD_SELECTOR ** | SpdEntry, | |||
OUT EFI_EVENT * | RecycleEvent | |||
) |
This function processes the inbound traffic with IPsec.
It checks the received packet security property, trims the ESP/AH header, and then returns without an IPsec protected IP Header and FragmentTable.
[in] | IpVersion | The version of IP. |
[in,out] | IpHead | Points to IP header containing the ESP/AH header to be trimed on input, and without ESP/AH header on return. |
[in,out] | LastHead | The Last Header in IP header on return. |
[in,out] | OptionsBuffer | Pointer to the options buffer. |
[in,out] | OptionsLength | Length of the options buffer. |
[in,out] | FragmentTable | Pointer to a list of fragments in form of IPsec protected on input, and without IPsec protected on return. |
[in,out] | FragmentCount | The number of fragments. |
[out] | SpdEntry | Pointer to contain the address of SPD entry on return. |
[out] | RecycleEvent | The event for recycling of resources. |
EFI_SUCCESS | The operation was successful. | |
EFI_UNSUPPORTED | The IPSEC protocol is not supported. |
References IPSEC_ESP_PROTOCOL, and IpSecEspInboundPacket().
Referenced by IpSecProcess().
EFI_STATUS IpSecProtectOutboundPacket | ( | IN UINT8 | IpVersion, | |
IN OUT VOID * | IpHead, | |||
IN OUT UINT8 * | LastHead, | |||
IN OUT VOID ** | OptionsBuffer, | |||
IN OUT UINT32 * | OptionsLength, | |||
IN OUT EFI_IPSEC_FRAGMENT_DATA ** | FragmentTable, | |||
IN OUT UINT32 * | FragmentCount, | |||
IN IPSEC_SAD_ENTRY * | SadEntry, | |||
OUT EFI_EVENT * | RecycleEvent | |||
) |
This fucntion processes the output traffic with IPsec.
It protected the sending packet by encrypting it payload and inserting ESP/AH header in the orginal IP header, then return the IpHeader and IPsec protected Fragmentable.
[in] | IpVersion | The version of IP. |
[in,out] | IpHead | Point to IP header containing the orginal IP header to be processed on input, and inserted ESP/AH header on return. |
[in,out] | LastHead | The Last Header in IP header. |
[in,out] | OptionsBuffer | Pointer to the options buffer. |
[in,out] | OptionsLength | Length of the options buffer. |
[in,out] | FragmentTable | Pointer to a list of fragments to be protected by IPsec on input, and with IPsec protected on return. |
[in,out] | FragmentCount | Number of fragments. |
[in] | SadEntry | Related SAD entry. |
[out] | RecycleEvent | Event for recycling of resources. |
EFI_SUCCESS | The operation is successful. | |
EFI_UNSUPPORTED | If the IPSEC protocol is not supported. |
References IpSecEspOutboundPacket().
Referenced by IpSecProcess().
VOID EFIAPI IpSecRecycleCallback | ( | IN EFI_EVENT | Event, | |
IN VOID * | Context | |||
) |
This is a Notification function. It is called when the related IP6_TXTOKEN_WRAP is released.
[in] | Event | The related event. |
[in] | Context | The data passed by the caller. |
References _IPSEC_RECYCLE_CONTEXT::FragmentTable, and _IPSEC_RECYCLE_CONTEXT::PayloadBuffer.
Referenced by IpSecEspInboundPacket(), and IpSecEspOutboundPacket().
VOID IpSecTunnelInboundPacket | ( | IN OUT UINT8 * | IpHead, | |
IN UINT8 * | IpPayload, | |||
IN UINT8 | IpVersion, | |||
IN IPSEC_SAD_DATA * | SadData, | |||
IN OUT UINT8 * | LastHead | |||
) |
The actual entry to process the tunnel header and inner header for tunnel mode outbound traffic.
This function is the subfunction of IpSecEspInboundPacket(). It change the destination Ip address to the station address and recalculate the uplayyer's checksum.
[in,out] | IpHead | Points to the IP header containing the ESP header to be trimed on input, and without ESP header on return. |
[in] | IpPayload | The decrypted Ip payload. It start from the inner header. |
[in] | IpVersion | The version of IP. |
[in] | SadData | Pointer of the relevant SAD. |
[in,out] | LastHead | The Last Header in IP header on return. |
References IpSecIsIp6ExtsValid().
Referenced by IpSecEspInboundPacket().
UINT8* IpSecTunnelOutboundPacket | ( | IN OUT UINT8 * | IpHead, | |
IN UINT8 | IpVersion, | |||
IN IPSEC_SAD_DATA * | SadData, | |||
IN OUT UINT8 * | LastHead, | |||
IN VOID ** | OptionsBuffer, | |||
IN UINT32 * | OptionsLength, | |||
IN OUT EFI_IPSEC_FRAGMENT_DATA ** | FragmentTable, | |||
IN UINT32 * | FragmentCount | |||
) |
The actual entry to create inner header for tunnel mode inbound traffic.
This function is the subfunction of IpSecEspOutboundPacket(). It create the sending packet by encrypting its payload and inserting ESP header in the orginal IP header, then return the IpHeader and IPsec protected Fragmentable.
[in,out] | IpHead | Points to IP header containing the orginal IP header to be processed on input, and inserted ESP header on return. |
[in] | IpVersion | The version of IP. |
[in] | SadData | The related SAD data. |
[in,out] | LastHead | The Last Header in IP header. |
[in] | OptionsBuffer | Pointer to the options buffer. |
[in] | OptionsLength | Length of the options buffer. |
[in,out] | FragmentTable | Pointer to a list of fragments to be protected by IPsec on input, and with IPsec protected on return. |
[in] | FragmentCount | The number of fragments. |
EFI_SUCCESS | The operation was successful. | |
EFI_OUT_OF_RESOURCES | The required system resources can't be allocated. |
References IpSecOnRecyclePacket().
Referenced by IpSecEspOutboundPacket().
BOOLEAN IpSecValidAddressRange | ( | IN UINT8 | IpVersion, | |
IN EFI_IP_ADDRESS * | Address, | |||
IN UINT8 | PrefixLength | |||
) |
Check if the specified Address is the Valid Address Range.
This function checks if the bytes after prefixed length are all Zero in this Address. This Address is supposed to point to a range address. That means it should gives the correct prefixed address and the bytes outside the prefixed are zero.
[in] | IpVersion | The IP version. |
[in] | Address | Points to EFI_IP_ADDRESS to be checked. |
[in] | PrefixLength | The PrefixeLength of this address. |
TRUE | The address is a vaild address range. | |
FALSE | The address is not a vaild address range. |
Referenced by IpSecMatchIpAddress().