2 The main process for IpSecConfig application.
4 Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
6 SPDX-License-Identifier: BSD-2-Clause-Patent
10 #include <Library/UefiRuntimeServicesTableLib.h>
11 #include <Library/HiiLib.h>
13 #include <Protocol/IpSec.h>
15 #include "IpSecConfig.h"
18 #include "PolicyEntryOperation.h"
23 // String token ID of IpSecConfig command help message text.
25 GLOBAL_REMOVE_IF_UNREFERENCED EFI_STRING_ID mStringIpSecHelpTokenId
= STRING_TOKEN (STR_IPSEC_CONFIG_HELP
);
28 // Used for ShellCommandLineParseEx only
29 // and to ensure user inputs are in valid format
31 SHELL_PARAM_ITEM mIpSecConfigParamList
[] = {
39 { L
"-enable", TypeFlag
},
40 { L
"-disable", TypeFlag
},
41 { L
"-status", TypeFlag
},
46 { L
"--local", TypeValue
},
47 { L
"--remote", TypeValue
},
48 { L
"--proto", TypeValue
},
49 { L
"--local-port", TypeValue
},
50 { L
"--remote-port", TypeValue
},
51 { L
"--icmp-type", TypeValue
},
52 { L
"--icmp-code", TypeValue
},
57 { L
"--name", TypeValue
},
58 { L
"--packet-flag", TypeValue
},
59 { L
"--action", TypeValue
},
60 { L
"--lifebyte", TypeValue
},
61 { L
"--lifetime-soft", TypeValue
},
62 { L
"--lifetime", TypeValue
},
63 { L
"--mode", TypeValue
},
64 { L
"--tunnel-local", TypeValue
},
65 { L
"--tunnel-remote", TypeValue
},
66 { L
"--dont-fragment", TypeValue
},
67 { L
"--ipsec-proto", TypeValue
},
68 { L
"--auth-algo", TypeValue
},
69 { L
"--encrypt-algo", TypeValue
},
71 { L
"--ext-sequence", TypeFlag
},
72 { L
"--sequence-overflow", TypeFlag
},
73 { L
"--fragment-check", TypeFlag
},
74 { L
"--ext-sequence-", TypeFlag
},
75 { L
"--sequence-overflow-", TypeFlag
},
76 { L
"--fragment-check-", TypeFlag
},
82 { L
"--spi", TypeValue
},
83 { L
"--tunnel-dest", TypeValue
},
84 { L
"--tunnel-source", TypeValue
},
85 { L
"--lookup-spi", TypeValue
},
86 { L
"--lookup-ipsec-proto", TypeValue
},
87 { L
"--lookup-dest", TypeValue
},
95 { L
"--sequence-number", TypeValue
},
96 { L
"--antireplay-window", TypeValue
},
97 { L
"--auth-key", TypeValue
},
98 { L
"--encrypt-key", TypeValue
},
99 { L
"--path-mtu", TypeValue
},
104 { L
"--peer-id", TypeValue
},
105 { L
"--peer-address", TypeValue
},
106 { L
"--auth-proto", TypeValue
},
107 { L
"--auth-method", TypeValue
},
108 { L
"--ike-id", TypeValue
},
109 { L
"--ike-id-", TypeValue
},
110 { L
"--auth-data", TypeValue
},
111 { L
"--revocation-data", TypeValue
},
112 { L
"--lookup-peer-id", TypeValue
},
113 { L
"--lookup-peer-address", TypeValue
},
121 STR2INT mMapPolicy
[] = {
122 { L
"SPD", IPsecConfigDataTypeSpd
},
123 { L
"SAD", IPsecConfigDataTypeSad
},
124 { L
"PAD", IPsecConfigDataTypePad
},
131 STR2INT mMapIpProtocol
[] = {
132 { L
"TCP", EFI_IP4_PROTO_TCP
},
133 { L
"UDP", EFI_IP4_PROTO_UDP
},
134 { L
"ICMP", EFI_IP4_PROTO_ICMP
},
141 STR2INT mMapIpSecAction
[] = {
142 { L
"Bypass", EfiIPsecActionBypass
},
143 { L
"Discard", EfiIPsecActionDiscard
},
144 { L
"Protect", EfiIPsecActionProtect
},
151 STR2INT mMapIpSecMode
[] = {
152 { L
"Transport", EfiIPsecTransport
},
153 { L
"Tunnel", EfiIPsecTunnel
},
160 STR2INT mMapDfOption
[] = {
161 { L
"clear", EfiIPsecTunnelClearDf
},
162 { L
"set", EfiIPsecTunnelSetDf
},
163 { L
"copy", EfiIPsecTunnelCopyDf
},
170 STR2INT mMapIpSecProtocol
[] = {
171 { L
"AH", EfiIPsecAH
},
172 { L
"ESP", EfiIPsecESP
},
179 STR2INT mMapAuthAlgo
[] = {
180 { L
"NONE", IPSEC_AALG_NONE
},
181 { L
"MD5HMAC", IPSEC_AALG_MD5HMAC
},
182 { L
"SHA1HMAC", IPSEC_AALG_SHA1HMAC
},
183 { L
"SHA2-256HMAC", IPSEC_AALG_SHA2_256HMAC
},
184 { L
"SHA2-384HMAC", IPSEC_AALG_SHA2_384HMAC
},
185 { L
"SHA2-512HMAC", IPSEC_AALG_SHA2_512HMAC
},
186 { L
"AES-XCBC-MAC", IPSEC_AALG_AES_XCBC_MAC
},
187 { L
"NULL", IPSEC_AALG_NULL
},
194 STR2INT mMapEncAlgo
[] = {
195 { L
"NONE", IPSEC_EALG_NONE
},
196 { L
"DESCBC", IPSEC_EALG_DESCBC
},
197 { L
"3DESCBC", IPSEC_EALG_3DESCBC
},
198 { L
"CASTCBC", IPSEC_EALG_CASTCBC
},
199 { L
"BLOWFISHCBC", IPSEC_EALG_BLOWFISHCBC
},
200 { L
"NULL", IPSEC_EALG_NULL
},
201 { L
"AESCBC", IPSEC_EALG_AESCBC
},
202 { L
"AESCTR", IPSEC_EALG_AESCTR
},
203 { L
"AES-CCM-ICV8", IPSEC_EALG_AES_CCM_ICV8
},
204 { L
"AES-CCM-ICV12",IPSEC_EALG_AES_CCM_ICV12
},
205 { L
"AES-CCM-ICV16",IPSEC_EALG_AES_CCM_ICV16
},
206 { L
"AES-GCM-ICV8", IPSEC_EALG_AES_GCM_ICV8
},
207 { L
"AES-GCM-ICV12",IPSEC_EALG_AES_GCM_ICV12
},
208 { L
"AES-GCM-ICV16",IPSEC_EALG_AES_GCM_ICV16
},
215 STR2INT mMapAuthProto
[] = {
216 { L
"IKEv1", EfiIPsecAuthProtocolIKEv1
},
217 { L
"IKEv2", EfiIPsecAuthProtocolIKEv2
},
224 STR2INT mMapAuthMethod
[] = {
225 { L
"PreSharedSecret", EfiIPsecAuthMethodPreSharedSecret
},
226 { L
"Certificates", EfiIPsecAuthMethodCertificates
},
230 EFI_IPSEC2_PROTOCOL
*mIpSec
;
231 EFI_IPSEC_CONFIG_PROTOCOL
*mIpSecConfig
;
232 EFI_HII_HANDLE mHiiHandle
;
233 CHAR16 mAppName
[] = L
"IpSecConfig";
236 // Used for IpSecConfigRetriveCheckListByName only to check the validation of user input
238 VAR_CHECK_ITEM mIpSecConfigVarCheckList
[] = {
239 { L
"-enable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },
240 { L
"-disable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },
241 { L
"-status", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },
242 { L
"-p", BIT(1), 0, BIT(2)|BIT(1)|BIT(0), 0 },
244 { L
"-a", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
245 { L
"-i", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
246 { L
"-d", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
247 { L
"-e", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
248 { L
"-l", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
249 { L
"-f", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
251 { L
"-?", BIT(0), BIT(0), BIT(2)|BIT(1)|BIT(0), 0 },
256 { L
"--local", 0, 0, BIT(2)|BIT(1), 0 },
257 { L
"--remote", 0, 0, BIT(2)|BIT(1), 0 },
258 { L
"--proto", 0, 0, BIT(2)|BIT(1), 0 },
259 { L
"--local-port", 0, 0, BIT(2)|BIT(1), BIT(0) },
260 { L
"--remote-port", 0, 0, BIT(2)|BIT(1), BIT(0) },
261 { L
"--icmp-type", 0, 0, BIT(2)|BIT(1), BIT(1) },
262 { L
"--icmp-code", 0, 0, BIT(2)|BIT(1), BIT(1) },
267 { L
"--name", 0, 0, BIT(2), 0 },
268 { L
"--packet-flag", 0, 0, BIT(2), 0 },
269 { L
"--action", 0, 0, BIT(2)|BIT(1), 0 },
270 { L
"--lifebyte", 0, 0, BIT(2)|BIT(1), 0 },
271 { L
"--lifetime-soft", 0, 0, BIT(2)|BIT(1), 0 },
272 { L
"--lifetime", 0, 0, BIT(2)|BIT(1), 0 },
273 { L
"--mode", 0, 0, BIT(2)|BIT(1), 0 },
274 { L
"--tunnel-local", 0, 0, BIT(2), 0 },
275 { L
"--tunnel-remote", 0, 0, BIT(2), 0 },
276 { L
"--dont-fragment", 0, 0, BIT(2), 0 },
277 { L
"--ipsec-proto", 0, 0, BIT(2)|BIT(1), 0 },
278 { L
"--auth-algo", 0, 0, BIT(2)|BIT(1), 0 },
279 { L
"--encrypt-algo", 0, 0, BIT(2)|BIT(1), 0 },
281 { L
"--ext-sequence", 0, 0, BIT(2), BIT(2) },
282 { L
"--sequence-overflow", 0, 0, BIT(2), BIT(2) },
283 { L
"--fragment-check", 0, 0, BIT(2), BIT(2) },
284 { L
"--ext-sequence-", 0, 0, BIT(2), BIT(3) },
285 { L
"--sequence-overflow-", 0, 0, BIT(2), BIT(3) },
286 { L
"--fragment-check-", 0, 0, BIT(2), BIT(3) },
292 { L
"--spi", 0, 0, BIT(1), 0 },
293 { L
"--tunnel-dest", 0, 0, BIT(1), 0 },
294 { L
"--tunnel-source", 0, 0, BIT(1), 0 },
295 { L
"--lookup-spi", 0, 0, BIT(1), 0 },
296 { L
"--lookup-ipsec-proto", 0, 0, BIT(1), 0 },
297 { L
"--lookup-dest", 0, 0, BIT(1), 0 },
305 { L
"--sequence-number", 0, 0, BIT(1), 0 },
306 { L
"--antireplay-window", 0, 0, BIT(1), 0 },
307 { L
"--auth-key", 0, 0, BIT(1), 0 },
308 { L
"--encrypt-key", 0, 0, BIT(1), 0 },
309 { L
"--path-mtu", 0, 0, BIT(1), 0 },
312 // The example to add a PAD:
313 // "-A --peer-id Mike [--peer-address 10.23.2.2] --auth-proto IKE1/IKE2
314 // --auth-method PreSharedSeceret/Certificate --ike-id
315 // --auth-data 343343 --revocation-data 2342432"
316 // The example to delete a PAD:
317 // "-D * --lookup-peer-id Mike [--lookup-peer-address 10.23.2.2]"
319 // The example to edit a PAD:
320 // "-E * --lookup-peer-id Mike --auth-method Certificate"
325 { L
"--peer-id", 0, 0, BIT(0), BIT(4) },
326 { L
"--peer-address", 0, 0, BIT(0), BIT(5) },
327 { L
"--auth-proto", 0, 0, BIT(0), 0 },
328 { L
"--auth-method", 0, 0, BIT(0), 0 },
329 { L
"--IKE-ID", 0, 0, BIT(0), BIT(6) },
330 { L
"--IKE-ID-", 0, 0, BIT(0), BIT(7) },
331 { L
"--auth-data", 0, 0, BIT(0), 0 },
332 { L
"--revocation-data", 0, 0, BIT(0), 0 },
333 { L
"--lookup-peer-id", 0, 0, BIT(0), BIT(4) },
334 { L
"--lookup-peer-address",0, 0, BIT(0), BIT(5) },
336 { NULL
, 0, 0, 0, 0 },
340 The function to allocate the proper sized buffer for various
343 @param[in, out] Status Current status.
344 @param[in, out] Buffer Current allocated buffer, or NULL.
345 @param[in] BufferSize Current buffer size needed
347 @retval TRUE If the buffer was reallocated and the caller should try the API again.
348 @retval FALSE If the buffer was not reallocated successfully.
352 IN OUT EFI_STATUS
*Status
,
353 IN OUT VOID
**Buffer
,
359 ASSERT (Status
!= NULL
);
360 ASSERT (Buffer
!= NULL
);
363 // If this is an initial request, buffer will be null with a new buffer size.
365 if ((NULL
== *Buffer
) && (BufferSize
!= 0)) {
366 *Status
= EFI_BUFFER_TOO_SMALL
;
370 // If the status code is "buffer too small", resize the buffer.
373 if (*Status
== EFI_BUFFER_TOO_SMALL
) {
375 if (*Buffer
!= NULL
) {
379 *Buffer
= AllocateZeroPool (BufferSize
);
381 if (*Buffer
!= NULL
) {
384 *Status
= EFI_OUT_OF_RESOURCES
;
389 // If there's an error, free the buffer.
391 if (!TryAgain
&& EFI_ERROR (*Status
) && (*Buffer
!= NULL
)) {
400 Function returns an array of handles that support the requested protocol
401 in a buffer allocated from a pool.
403 @param[in] SearchType Specifies which handle(s) are to be returned.
404 @param[in] Protocol Provides the protocol to search by.
405 This parameter is only valid for SearchType ByProtocol.
407 @param[in] SearchKey Supplies the search key depending on the SearchType.
408 @param[in, out] NoHandles The number of handles returned in Buffer.
409 @param[out] Buffer A pointer to the buffer to return the requested array of
410 handles that support Protocol.
412 @retval EFI_SUCCESS The resulting array of handles was returned.
413 @retval Others Other mistake case.
417 IN EFI_LOCATE_SEARCH_TYPE SearchType
,
418 IN EFI_GUID
*Protocol OPTIONAL
,
419 IN VOID
*SearchKey OPTIONAL
,
420 IN OUT UINTN
*NoHandles
,
421 OUT EFI_HANDLE
**Buffer
427 ASSERT (NoHandles
!= NULL
);
428 ASSERT (Buffer
!= NULL
);
431 // Initialize for GrowBuffer loop.
433 Status
= EFI_SUCCESS
;
435 BufferSize
= 50 * sizeof (EFI_HANDLE
);
438 // Call the real function.
440 while (GrowBuffer (&Status
, (VOID
**) Buffer
, BufferSize
)) {
441 Status
= gBS
->LocateHandle (
450 *NoHandles
= BufferSize
/ sizeof (EFI_HANDLE
);
451 if (EFI_ERROR (Status
)) {
459 Find the first instance of this protocol in the system and return its interface.
461 @param[in] ProtocolGuid The guid of the protocol.
462 @param[out] Interface The pointer to the first instance of the protocol.
464 @retval EFI_SUCCESS A protocol instance matching ProtocolGuid was found.
465 @retval Others A protocol instance matching ProtocolGuid was not found.
469 IN EFI_GUID
*ProtocolGuid
,
483 Status
= LocateHandle (ByProtocol
, ProtocolGuid
, NULL
, &NumberHandles
, &Handles
);
484 if (EFI_ERROR (Status
)) {
485 DEBUG ((EFI_D_INFO
, "LibLocateProtocol: Handle not found\n"));
489 for (Index
= 0; Index
< NumberHandles
; Index
++) {
490 ASSERT (Handles
!= NULL
);
491 Status
= gBS
->HandleProtocol (
497 if (!EFI_ERROR (Status
)) {
502 if (Handles
!= NULL
) {
510 Helper function called to check the conflicted flags.
512 @param[in] CheckList The pointer to the VAR_CHECK_ITEM table.
513 @param[in] ParamPackage The pointer to the ParamPackage list.
515 @retval EFI_SUCCESS No conflicted flags.
516 @retval EFI_INVALID_PARAMETER The input parameter is erroroneous or there are some conflicted flags.
519 IpSecConfigRetriveCheckListByName (
520 IN VAR_CHECK_ITEM
*CheckList
,
521 IN LIST_ENTRY
*ParamPackage
526 VAR_CHECK_ITEM
*Item
;
538 Item
= mIpSecConfigVarCheckList
;
540 if ((ParamPackage
== NULL
) || (CheckList
== NULL
)) {
541 return EFI_INVALID_PARAMETER
;
545 // Enumerate through the list of parameters that are input by user.
547 for (Node
= GetFirstNode (ParamPackage
); !IsNull (ParamPackage
, Node
); Node
= GetNextNode (ParamPackage
, Node
)) {
548 if (((SHELL_PARAM_PACKAGE
*) Node
)->Name
!= NULL
) {
550 // Enumerate the check list that defines the conflicted attributes of each flag.
552 for (; Item
->VarName
!= NULL
; Item
++) {
553 if (StrCmp (((SHELL_PARAM_PACKAGE
*) Node
)->Name
, Item
->VarName
) == 0) {
556 Attribute1
= Item
->Attribute1
;
557 Attribute2
= Item
->Attribute2
;
558 Attribute3
= Item
->Attribute3
;
559 Attribute4
= Item
->Attribute4
;
561 Attribute1
&= Item
->Attribute1
;
562 Attribute2
|= Item
->Attribute2
;
563 Attribute3
&= Item
->Attribute3
;
564 Attribute4
|= Item
->Attribute4
;
565 if (Attribute1
!= 0) {
566 return EFI_INVALID_PARAMETER
;
569 if (Attribute2
!= 0) {
570 if ((Index
== 2) && (StrCmp (Item
->VarName
, L
"-p") == 0)) {
574 return EFI_INVALID_PARAMETER
;
577 if (Attribute3
== 0) {
578 return EFI_INVALID_PARAMETER
;
580 if (((Attribute4
& 0xFF) == 0x03) || ((Attribute4
& 0xFF) == 0x0C) ||
581 ((Attribute4
& 0xFF) == 0x30) || ((Attribute4
& 0xFF) == 0xC0)) {
582 return EFI_INVALID_PARAMETER
;
589 Item
= mIpSecConfigVarCheckList
;
597 This is the declaration of an EFI image entry point. This entry point is
598 the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers, including
599 both device drivers and bus drivers.
601 The entry point for IpSecConfig application that parse the command line input and call an IpSecConfig process.
603 @param[in] ImageHandle The image handle of this application.
604 @param[in] SystemTable The pointer to the EFI System Table.
606 @retval EFI_SUCCESS The operation completed successfully.
611 InitializeIpSecConfig (
612 IN EFI_HANDLE ImageHandle
,
613 IN EFI_SYSTEM_TABLE
*SystemTable
617 EFI_IPSEC_CONFIG_DATA_TYPE DataType
;
619 LIST_ENTRY
*ParamPackage
;
620 CONST CHAR16
*ValueStr
;
621 CHAR16
*ProblemParam
;
622 UINTN NonOptionCount
;
623 EFI_HII_PACKAGE_LIST_HEADER
*PackageList
;
626 // Retrieve HII package list from ImageHandle
628 Status
= gBS
->OpenProtocol (
630 &gEfiHiiPackageListProtocolGuid
,
631 (VOID
**) &PackageList
,
634 EFI_OPEN_PROTOCOL_GET_PROTOCOL
636 if (EFI_ERROR (Status
)) {
641 // Publish HII package list to HII Database.
643 Status
= gHiiDatabase
->NewPackageList (
649 if (EFI_ERROR (Status
)) {
653 ASSERT (mHiiHandle
!= NULL
);
655 Status
= ShellCommandLineParseEx (mIpSecConfigParamList
, &ParamPackage
, &ProblemParam
, TRUE
, FALSE
);
656 if (EFI_ERROR (Status
)) {
657 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION
), mHiiHandle
, ProblemParam
);
661 Status
= IpSecConfigRetriveCheckListByName (mIpSecConfigVarCheckList
, ParamPackage
);
662 if (EFI_ERROR (Status
)) {
663 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_MISTAKEN_OPTIONS
), mHiiHandle
);
667 Status
= LocateProtocol (&gEfiIpSecConfigProtocolGuid
, (VOID
**) &mIpSecConfig
);
668 if (EFI_ERROR (Status
) || mIpSecConfig
== NULL
) {
669 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT
), mHiiHandle
, mAppName
);
673 Status
= LocateProtocol (&gEfiIpSec2ProtocolGuid
, (VOID
**) &mIpSec
);
674 if (EFI_ERROR (Status
) || mIpSec
== NULL
) {
675 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT
), mHiiHandle
, mAppName
);
682 if (ShellCommandLineGetFlag (ParamPackage
, L
"-enable")) {
683 if (!(mIpSec
->DisabledFlag
)) {
684 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_ENABLE
), mHiiHandle
, mAppName
);
689 Value
= IPSEC_STATUS_ENABLED
;
690 Status
= gRT
->SetVariable (
691 IPSECCONFIG_STATUS_NAME
,
692 &gEfiIpSecConfigProtocolGuid
,
693 EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_NON_VOLATILE
,
697 if (!EFI_ERROR (Status
)) {
698 mIpSec
->DisabledFlag
= FALSE
;
699 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_SUCCESS
), mHiiHandle
, mAppName
);
701 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_FAILED
), mHiiHandle
, mAppName
);
711 if (ShellCommandLineGetFlag (ParamPackage
, L
"-disable")) {
712 if (mIpSec
->DisabledFlag
) {
713 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_DISABLE
), mHiiHandle
, mAppName
);
716 // Set disable flag; however, leave it to be disabled in the callback function of DisabledEvent.
718 gBS
->SignalEvent (mIpSec
->DisabledEvent
);
719 if (mIpSec
->DisabledFlag
) {
720 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_SUCCESS
), mHiiHandle
, mAppName
);
722 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_FAILED
), mHiiHandle
, mAppName
);
732 if (ShellCommandLineGetFlag (ParamPackage
, L
"-status")) {
733 if (mIpSec
->DisabledFlag
) {
734 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_DISABLE
), mHiiHandle
, mAppName
);
736 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_ENABLE
), mHiiHandle
, mAppName
);
742 // Try to get policy database type.
744 DataType
= (EFI_IPSEC_CONFIG_DATA_TYPE
) - 1;
745 ValueStr
= ShellCommandLineGetValue (ParamPackage
, L
"-p");
746 if (ValueStr
!= NULL
) {
747 DataType
= (EFI_IPSEC_CONFIG_DATA_TYPE
) MapStringToInteger (ValueStr
, mMapPolicy
);
748 if (DataType
== -1) {
749 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_DB
), mHiiHandle
, mAppName
, ValueStr
);
754 NonOptionCount
= ShellCommandLineGetCount (ParamPackage
);
755 if ((NonOptionCount
- 1) > 0) {
756 ValueStr
= ShellCommandLineGetRawValue (ParamPackage
, (UINT32
) (NonOptionCount
- 1));
757 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_REDUNDANCY_MANY
), mHiiHandle
, mAppName
, ValueStr
);
761 if (DataType
== -1) {
762 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_DB
), mHiiHandle
, mAppName
);
766 if (ShellCommandLineGetFlag (ParamPackage
, L
"-a")) {
767 Status
= AddOrInsertPolicyEntry (DataType
, ParamPackage
);
768 if (EFI_ERROR (Status
)) {
771 } else if (ShellCommandLineGetFlag (ParamPackage
, L
"-i")) {
772 Status
= AddOrInsertPolicyEntry (DataType
, ParamPackage
);
773 if (EFI_ERROR (Status
)) {
776 } else if (ShellCommandLineGetFlag (ParamPackage
, L
"-e")) {
777 Status
= EditPolicyEntry (DataType
, ParamPackage
);
778 if (EFI_ERROR (Status
)) {
781 } else if (ShellCommandLineGetFlag (ParamPackage
, L
"-d")) {
782 Status
= FlushOrDeletePolicyEntry (DataType
, ParamPackage
);
783 if (EFI_ERROR (Status
)) {
786 } else if (ShellCommandLineGetFlag (ParamPackage
, L
"-f")) {
787 Status
= FlushOrDeletePolicyEntry (DataType
, ParamPackage
);
788 if (EFI_ERROR (Status
)) {
791 } else if (ShellCommandLineGetFlag (ParamPackage
, L
"-l")) {
792 Status
= ListPolicyEntry (DataType
, ParamPackage
);
793 if (EFI_ERROR (Status
)) {
797 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION
), mHiiHandle
, mAppName
);
802 ShellCommandLineFreeVarList (ParamPackage
);
803 HiiRemovePackages (mHiiHandle
);