/** @file\r
\r
-Copyright (c) 2005 - 2006, Intel Corporation.<BR>\r
-All rights reserved. This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#ifndef __EFI_IP4_INPUT_H__\r
#define __EFI_IP4_INPUT_H__\r
\r
-typedef enum {\r
- IP4_MIN_HEADLEN = 20,\r
- IP4_MAX_HEADLEN = 60,\r
+#define IP4_MIN_HEADLEN 20\r
+#define IP4_MAX_HEADLEN 60\r
+///\r
+/// 8(ESP header) + 16(max IV) + 16(max padding) + 2(ESP tail) + 12(max ICV) = 54\r
+///\r
+#define IP4_MAX_IPSEC_HEADLEN 54\r
\r
- IP4_ASSEMLE_HASH_SIZE = 31,\r
- IP4_FRAGMENT_LIFE = 120,\r
- IP4_MAX_PACKET_SIZE = 65535\r
-} IP4_INPUT_ENUM_TYPES;\r
+#define IP4_ASSEMLE_HASH_SIZE 31\r
+#define IP4_FRAGMENT_LIFE 120\r
+#define IP4_MAX_PACKET_SIZE 65535\r
\r
///\r
/// Per packet information for input process. LinkFlag specifies whether\r
child wants to consume the packet because each IP child needs\r
its own copy of the packet to make changes.\r
\r
- @param[in] IpSb The IP4 service instance that received the packet\r
- @param[in] Head The header of the received packet\r
- @param[in] Packet The data of the received packet\r
+ @param[in] IpSb The IP4 service instance that received the packet.\r
+ @param[in] Head The header of the received packet.\r
+ @param[in] Packet The data of the received packet.\r
+ @param[in] Option Point to the IP4 packet header options.\r
+ @param[in] OptionLen Length of the IP4 packet header options.\r
\r
- @retval EFI_NOT_FOUND No IP child accepts the packet\r
+ @retval EFI_NOT_FOUND No IP child accepts the packet.\r
@retval EFI_SUCCESS The packet is enqueued or delivered to some IP\r
children.\r
\r
Ip4Demultiplex (\r
IN IP4_SERVICE *IpSb,\r
IN IP4_HEAD *Head,\r
- IN NET_BUF *Packet\r
+ IN NET_BUF *Packet,\r
+ IN UINT8 *Option,\r
+ IN UINT32 OptionLen\r
);\r
\r
/**\r
Enqueue a received packet to all the IP children that share\r
the same interface.\r
\r
- @param[in] IpSb The IP4 service instance that receive the packet\r
- @param[in] Head The header of the received packet\r
- @param[in] Packet The data of the received packet\r
- @param[in] IpIf The interface to enqueue the packet to\r
+ @param[in] IpSb The IP4 service instance that receive the packet.\r
+ @param[in] Head The header of the received packet.\r
+ @param[in] Packet The data of the received packet.\r
+ @param[in] Option Point to the IP4 packet header options.\r
+ @param[in] OptionLen Length of the IP4 packet header options.\r
+ @param[in] IpIf The interface to enqueue the packet to.\r
\r
@return The number of the IP4 children that accepts the packet\r
\r
IN IP4_SERVICE *IpSb,\r
IN IP4_HEAD *Head,\r
IN NET_BUF *Packet,\r
+ IN UINT8 *Option,\r
+ IN UINT32 OptionLen,\r
IN IP4_INTERFACE *IpIf\r
);\r
\r
IN IP4_SERVICE *IpSb\r
);\r
\r
+/**\r
+ The work function to locate IPsec protocol to process the inbound or\r
+ outbound IP packets. The process routine handls the packet with following\r
+ actions: bypass the packet, discard the packet, or protect the packet.\r
+\r
+ @param[in] IpSb The IP4 service instance.\r
+ @param[in, out] Head The The caller supplied IP4 header.\r
+ @param[in, out] Netbuf The IP4 packet to be processed by IPsec.\r
+ @param[in, out] Options The caller supplied options.\r
+ @param[in, out] OptionsLen The length of the option.\r
+ @param[in] Direction The directionality in an SPD entry,\r
+ EfiIPsecInBound or EfiIPsecOutBound.\r
+ @param[in] Context The token's wrap.\r
+\r
+ @retval EFI_SUCCESS The IPsec protocol is not available or disabled.\r
+ @retval EFI_SUCCESS The packet was bypassed and all buffers remain the same.\r
+ @retval EFI_SUCCESS The packet was protected.\r
+ @retval EFI_ACCESS_DENIED The packet was discarded.\r
+ @retval EFI_OUT_OF_RESOURCES There is no suffcient resource to complete the operation.\r
+ @retval EFI_BUFFER_TOO_SMALL The number of non-empty block is bigger than the\r
+ number of input data blocks when build a fragment table.\r
+\r
+**/\r
+EFI_STATUS\r
+Ip4IpSecProcessPacket (\r
+ IN IP4_SERVICE *IpSb,\r
+ IN OUT IP4_HEAD **Head,\r
+ IN OUT NET_BUF **Netbuf,\r
+ IN OUT UINT8 **Options,\r
+ IN OUT UINT32 *OptionsLen,\r
+ IN EFI_IPSEC_TRAFFIC_DIR Direction,\r
+ IN VOID *Context\r
+ );\r
+\r
#endif\r