sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
3bb13d35d6b9255f5a2ed4f05a91b98d3486aed3
system76-edk2/NetworkPkg/IpSecDxe/IkeService.h
Jiaxin Wu 5dd08a463d NetworkPkg: Fix hang issue after system reconnected when IPSec has set up 
IpSecStop() is incompetent to send out the delete information since the underlying
IP child has been destroyed. Delete all established IKE SAs and related
Child SAs directly.

Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18223 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-14 07:41:51 +00:00

263 lines
8.1 KiB
C
Raw Blame History

/** @file
Prototypes definitions of IKE service.
Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef _IKE_SERVICE_H_
#define _IKE_SERVICE_H_
#include "Ike.h"
#include "IpSecImpl.h"
#include "IkeCommon.h"
#include "Ikev2/Utility.h"
#define IPSEC_CRYPTO_LIB_MEMORY 128 * 1024
/**
This is prototype definition of general interface to intialize a IKE negotiation.
@param[in] UdpService Point to Udp Servcie used for the IKE packet sending.
@param[in] SpdEntry Point to SPD entry related to this IKE negotiation.
@param[in] PadEntry Point to PAD entry related to this IKE negotiation.
@param[in] RemoteIp Point to IP Address which the remote peer to negnotiate.
@retval EFI_SUCCESS The operation is successful.
@return Otherwise The operation is failed.
**/
typedef
EFI_STATUS
(*IKE_NEGOTIATE_SA) (
IN IKE_UDP_SERVICE * UdpService,
IN IPSEC_SPD_ENTRY * SpdEntry,
IN IPSEC_PAD_ENTRY * PadEntry,
IN EFI_IP_ADDRESS * RemoteIp
);
/**
This is prototype definition fo general interface to start a IKE negotiation at Quick Mode.
This function will be called when the related IKE SA is existed and start to
create a Child SA.
@param[in] IkeSaSession Point to IKE SA Session related to this Negotiation.
@param[in] SpdEntry Point to SPD entry related to this Negotiation.
@param[in] Context Point to data passed from the caller.
@retval EFI_SUCCESS The operation is successful.
@retval Otherwise The operation is failed.
**/
typedef
EFI_STATUS
(*IKE_NEGOTIATE_CHILD_SA) (
IN UINT8 *IkeSaSession,
IN IPSEC_SPD_ENTRY *SpdEntry,
IN UINT8 *Context
);
/**
This is prototype definition of the general interface when initialize a Inforamtion
Exchange.
@param[in] IkeSaSession Point to IKE SA Session related to.
@param[in] Context Point to data passed from caller.
**/
typedef
EFI_STATUS
(*IKE_NEGOTIATE_INFO) (
IN UINT8 *IkeSaSession,
IN UINT8 *Context
);
/**
This is prototype definition of the general interface when recived a IKE Pakcet
for the IKE SA establishing.
@param[in] UdpService Point to UDP service used to send IKE Packet.
@param[in] IkePacket Point to received IKE packet.
**/
typedef
VOID
(*IKE_HANDLE_SA) (
IN IKE_UDP_SERVICE *UdpService,
IN IKE_PACKET *IkePacket
);
/**
This is prototyp definition of the general interface when recived a IKE Packet
xfor the Child SA establishing.
@param[in] UdpService Point to UDP service used to send IKE packet.
@param[in] IkePacket Point to received IKE packet.
**/
typedef
VOID
(*IKE_HANDLE_CHILD_SA) (
IN IKE_UDP_SERVICE *UdpService,
IN IKE_PACKET *IkePacket
);
/**
This is prototype definition of the general interface when received a IKE
information Packet.
@param[in] UdpService Point to UDP service used to send IKE packet.
@param[in] IkePacket Point to received IKE packet.
**/
typedef
VOID
(*IKE_HANDLE_INFO) (
IN IKE_UDP_SERVICE *UdpService,
IN IKE_PACKET *IkePacket
);
typedef struct _IKE_EXCHANGE_INTERFACE {
UINT8 IkeVer;
IKE_NEGOTIATE_SA NegotiateSa;
IKE_NEGOTIATE_CHILD_SA NegotiateChildSa;
IKE_NEGOTIATE_INFO NegotiateInfo;
IKE_HANDLE_SA HandleSa;
IKE_HANDLE_CHILD_SA HandleChildSa;
IKE_HANDLE_INFO HandleInfo;
} IKE_EXCHANGE_INTERFACE;
/**
Open and configure a UDPIO of Udp4 for IKE packet receiving.
This function is called at the IPsecDriverBinding start. IPsec create a UDP4 and
a UDP4 IO for each NIC handle.
@param[in] Private Point to IPSEC_PRIVATE_DATA
@param[in] Controller Handler for NIC card.
@param[in] ImageHandle The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.
@retval EFI_SUCCESS The Operation is successful.
@retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.
**/
EFI_STATUS
IkeOpenInputUdp4 (
IN IPSEC_PRIVATE_DATA *Private,
IN EFI_HANDLE Controller,
IN EFI_HANDLE ImageHandle
);
/**
Open and configure a UDPIO of Udp6 for IKE packet receiving.
This function is called at the IPsecDriverBinding start. IPsec create a UDP6 and UDP6
IO for each NIC handle.
@param[in] Private Point to IPSEC_PRIVATE_DATA
@param[in] Controller Handler for NIC card.
@param[in] ImageHandle The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.
@retval EFI_SUCCESS The Operation is successful.
@retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.
**/
EFI_STATUS
IkeOpenInputUdp6 (
IN IPSEC_PRIVATE_DATA *Private,
IN EFI_HANDLE Controller,
IN EFI_HANDLE ImageHandle
);
/**
The general interface of starting IPsec Key Exchange.
This function is called when start a IKE negotiation to get a Key.
@param[in] UdpService Point to IKE_UDP_SERVICE which will be used for
IKE packet sending.
@param[in] SpdEntry Point to the SPD entry related to the IKE negotiation.
@param[in] RemoteIp Point to EFI_IP_ADDRESS related to the IKE negotiation.
@retval EFI_SUCCESS The Operation is successful.
@retval EFI_ACCESS_DENIED No related PAD entry was found.
**/
EFI_STATUS
IkeNegotiate (
IN IKE_UDP_SERVICE *UdpService,
IN IPSEC_SPD_ENTRY *SpdEntry,
IN EFI_IP_ADDRESS *RemoteIp
);
/**
The general interface when receive a IKE packet.
This function is called when UDP IO receives a IKE packet.
@param[in] Packet Point to received IKE packet.
@param[in] EndPoint Point to UDP_END_POINT which contains the information of
Remote IP and Port.
@param[in] IoStatus The Status of Recieve Token.
@param[in] Context Point to data passed from the caller.
**/
VOID
EFIAPI
IkeDispatch (
IN NET_BUF *Packet,
IN UDP_END_POINT *EndPoint,
IN EFI_STATUS IoStatus,
IN VOID *Context
);
/**
Check if the NIC handle is binded to a Udp service.
@param[in] Private Pointer of IPSEC_PRIVATE_DATA
@param[in] Handle The Handle of the NIC card
@param[in] IpVersion The version of the IP stack.
@return a pointer of IKE_UDP_SERVICE.
**/
IKE_UDP_SERVICE *
IkeLookupUdp (
IN IPSEC_PRIVATE_DATA *Private,
IN EFI_HANDLE Handle,
IN UINT8 IpVersion
);
/**
Delete all established IKE SAs and related Child SAs.
This function is the subfunction of the IpSecCleanupAllSa(). It first calls
IkeDeleteChildSa() to delete all Child SAs then send out the related
Information packet.
@param[in] Private Pointer of the IPSEC_PRIVATE_DATA.
@param[in] IsDisableIpsec Indicate whether needs to disable IPsec.
**/
VOID
IkeDeleteAllSas (
IN IPSEC_PRIVATE_DATA *Private,
IN BOOLEAN IsDisableIpsec
);
extern IKE_EXCHANGE_INTERFACE mIkev1Exchange;
extern IKE_EXCHANGE_INTERFACE mIkev2Exchange;
#endif
Reference in New Issue View Git Blame Copy Permalink