2 The implementation of dump policy entry function in IpSecConfig application.
4 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
6 SPDX-License-Identifier: BSD-2-Clause-Patent
10 #include "IpSecConfig.h"
16 Private function called to get the version infomation from an EFI_IP_ADDRESS_INFO structure.
18 @param[in] AddressInfo The pointer to the EFI_IP_ADDRESS_INFO structure.
20 @return the value of version.
24 IN EFI_IP_ADDRESS_INFO
*AddressInfo
27 if((AddressInfo
->PrefixLength
<= 32) && (AddressInfo
->Address
.Addr
[1] == 0) &&
28 (AddressInfo
->Address
.Addr
[2] == 0) && (AddressInfo
->Address
.Addr
[3] == 0)) {
36 Private function called to get the version information from a EFI_IP_ADDRESS structure.
38 @param[in] Address The pointer to the EFI_IP_ADDRESS structure.
40 @return The value of the version.
44 IN EFI_IP_ADDRESS
*Address
47 if ((Address
->Addr
[1] == 0) && (Address
->Addr
[2] == 0) && (Address
->Addr
[3] == 0)) {
55 Private function called to print an ASCII string in unicode char format.
57 @param[in] Str The pointer to the ASCII string.
58 @param[in] Length The value of the ASCII string length.
68 for (Index
= 0; Index
< Length
; Index
++) {
69 Print (L
"%c", (CHAR16
) Str
[Index
]);
75 Private function called to print a buffer in Hex format.
77 @param[in] Data The pointer to the buffer.
78 @param[in] Length The size of the buffer.
88 for (Index
= 0; Index
< Length
; Index
++) {
89 Print (L
"%02x ", Data
[Index
]);
94 Private function called to print EFI_IP_ADDRESS_INFO content.
96 @param[in] AddressInfo The pointer to the EFI_IP_ADDRESS_INFO structure.
100 IN EFI_IP_ADDRESS_INFO
*AddressInfo
103 if (IP_VERSION_4
== GetVerFromAddrInfo (AddressInfo
)) {
106 (UINTN
) AddressInfo
->Address
.v4
.Addr
[0],
107 (UINTN
) AddressInfo
->Address
.v4
.Addr
[1],
108 (UINTN
) AddressInfo
->Address
.v4
.Addr
[2],
109 (UINTN
) AddressInfo
->Address
.v4
.Addr
[3]
111 if (AddressInfo
->PrefixLength
!= 32) {
112 Print (L
"/%d", (UINTN
) AddressInfo
->PrefixLength
);
116 if (IP_VERSION_6
== GetVerFromAddrInfo (AddressInfo
)) {
118 L
"%x:%x:%x:%x:%x:%x:%x:%x",
119 (((UINT16
) AddressInfo
->Address
.v6
.Addr
[0]) << 8) | ((UINT16
) AddressInfo
->Address
.v6
.Addr
[1]),
120 (((UINT16
) AddressInfo
->Address
.v6
.Addr
[2]) << 8) | ((UINT16
) AddressInfo
->Address
.v6
.Addr
[3]),
121 (((UINT16
) AddressInfo
->Address
.v6
.Addr
[4]) << 8) | ((UINT16
) AddressInfo
->Address
.v6
.Addr
[5]),
122 (((UINT16
) AddressInfo
->Address
.v6
.Addr
[6]) << 8) | ((UINT16
) AddressInfo
->Address
.v6
.Addr
[7]),
123 (((UINT16
) AddressInfo
->Address
.v6
.Addr
[8]) << 8) | ((UINT16
) AddressInfo
->Address
.v6
.Addr
[9]),
124 (((UINT16
) AddressInfo
->Address
.v6
.Addr
[10]) << 8) | ((UINT16
) AddressInfo
->Address
.v6
.Addr
[11]),
125 (((UINT16
) AddressInfo
->Address
.v6
.Addr
[12]) << 8) | ((UINT16
) AddressInfo
->Address
.v6
.Addr
[13]),
126 (((UINT16
) AddressInfo
->Address
.v6
.Addr
[14]) << 8) | ((UINT16
) AddressInfo
->Address
.v6
.Addr
[15])
128 if (AddressInfo
->PrefixLength
!= 128) {
129 Print (L
"/%d", AddressInfo
->PrefixLength
);
135 Private function called to print EFI_IP_ADDRESS content.
137 @param[in] IpAddress The pointer to the EFI_IP_ADDRESS structure.
141 IN EFI_IP_ADDRESS
*IpAddress
144 if (IP_VERSION_4
== GetVerFromIpAddr (IpAddress
)) {
147 (UINTN
) IpAddress
->v4
.Addr
[0],
148 (UINTN
) IpAddress
->v4
.Addr
[1],
149 (UINTN
) IpAddress
->v4
.Addr
[2],
150 (UINTN
) IpAddress
->v4
.Addr
[3]
154 if (IP_VERSION_6
== GetVerFromIpAddr (IpAddress
)) {
156 L
"%x:%x:%x:%x:%x:%x:%x:%x",
157 (((UINT16
) IpAddress
->v6
.Addr
[0]) << 8) | ((UINT16
) IpAddress
->v6
.Addr
[1]),
158 (((UINT16
) IpAddress
->v6
.Addr
[2]) << 8) | ((UINT16
) IpAddress
->v6
.Addr
[3]),
159 (((UINT16
) IpAddress
->v6
.Addr
[4]) << 8) | ((UINT16
) IpAddress
->v6
.Addr
[5]),
160 (((UINT16
) IpAddress
->v6
.Addr
[6]) << 8) | ((UINT16
) IpAddress
->v6
.Addr
[7]),
161 (((UINT16
) IpAddress
->v6
.Addr
[8]) << 8) | ((UINT16
) IpAddress
->v6
.Addr
[9]),
162 (((UINT16
) IpAddress
->v6
.Addr
[10]) << 8) | ((UINT16
) IpAddress
->v6
.Addr
[11]),
163 (((UINT16
) IpAddress
->v6
.Addr
[12]) << 8) | ((UINT16
) IpAddress
->v6
.Addr
[13]),
164 (((UINT16
) IpAddress
->v6
.Addr
[14]) << 8) | ((UINT16
) IpAddress
->v6
.Addr
[15])
171 Private function called to print EFI_IPSEC_SPD_SELECTOR content.
173 @param[in] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
177 IN EFI_IPSEC_SPD_SELECTOR
*Selector
183 for (Index
= 0; Index
< Selector
->LocalAddressCount
; Index
++) {
188 DumpAddressInfo (&Selector
->LocalAddress
[Index
]);
192 Print (L
"localhost");
197 for (Index
= 0; Index
< Selector
->RemoteAddressCount
; Index
++) {
202 DumpAddressInfo (&Selector
->RemoteAddress
[Index
]);
205 Str
= MapIntegerToString (Selector
->NextLayerProtocol
, mMapIpProtocol
);
209 Print (L
" proto:%d", (UINTN
) Selector
->NextLayerProtocol
);
212 if ((Selector
->NextLayerProtocol
== EFI_IP4_PROTO_TCP
) || (Selector
->NextLayerProtocol
== EFI_IP4_PROTO_UDP
)) {
214 if (Selector
->LocalPort
!= EFI_IPSEC_ANY_PORT
) {
215 Print (L
"%d", Selector
->LocalPort
);
216 if (Selector
->LocalPortRange
!= 0) {
217 Print (L
"~%d", (UINTN
) Selector
->LocalPort
+ Selector
->LocalPortRange
);
224 if (Selector
->RemotePort
!= EFI_IPSEC_ANY_PORT
) {
225 Print (L
"%d", Selector
->RemotePort
);
226 if (Selector
->RemotePortRange
!= 0) {
227 Print (L
"~%d", (UINTN
) Selector
->RemotePort
+ Selector
->RemotePortRange
);
232 } else if (Selector
->NextLayerProtocol
== EFI_IP4_PROTO_ICMP
) {
233 Print (L
" class/code:");
234 if (Selector
->LocalPort
!= 0) {
235 Print (L
"%d", (UINTN
) (UINT8
) Selector
->LocalPort
);
241 if (Selector
->RemotePort
!= 0) {
242 Print (L
"%d", (UINTN
) (UINT8
) Selector
->RemotePort
);
250 Print EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA content.
252 @param[in] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
253 @param[in] Data The pointer to the EFI_IPSEC_SPD_DATA structure.
254 @param[in] EntryIndex The pointer to the Index in SPD Database.
256 @retval EFI_SUCCESS Dump SPD information successfully.
260 IN EFI_IPSEC_SPD_SELECTOR
*Selector
,
261 IN EFI_IPSEC_SPD_DATA
*Data
,
266 CHAR16 DataName
[128];
272 Print (L
"%d.", (*EntryIndex
)++);
275 // xxx.xxx.xxx.xxx/yy -> xxx.xxx.xxx.xx/yy proto:23 port:100~300 -> 300~400
276 // Protect PF:0x34323423 Name:First Entry
277 // ext-sequence sequence-overflow fragcheck life:[B0,S1024,H3600]
278 // ESP algo1 algo2 Tunnel [xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx set]
281 DumpSpdSelector (Selector
);
284 Print (L
"%s ", MapIntegerToString (Data
->Action
, mMapIpSecAction
));
285 Print (L
"PF:%08x ", Data
->PackageFlag
);
288 while (Data
->Name
[Index
] != 0) {
289 DataName
[Index
] = (CHAR16
) Data
->Name
[Index
];
291 ASSERT (Index
< 128);
293 DataName
[Index
] = L
'\0';
295 Print (L
"Name:%s", DataName
);
297 if (Data
->Action
== EfiIPsecActionProtect
) {
299 if (Data
->ProcessingPolicy
->ExtSeqNum
) {
300 Print (L
"ext-sequence ");
303 if (Data
->ProcessingPolicy
->SeqOverflow
) {
304 Print (L
"sequence-overflow ");
307 if (Data
->ProcessingPolicy
->FragCheck
) {
308 Print (L
"fragment-check ");
312 if (Data
->ProcessingPolicy
->SaLifetime
.ByteCount
!= 0) {
313 Print (HasPre
? L
"," : L
"life:[");
314 Print (L
"%lxB", Data
->ProcessingPolicy
->SaLifetime
.ByteCount
);
318 if (Data
->ProcessingPolicy
->SaLifetime
.SoftLifetime
!= 0) {
319 Print (HasPre
? L
"," : L
"life:[");
320 Print (L
"%lxs", Data
->ProcessingPolicy
->SaLifetime
.SoftLifetime
);
324 if (Data
->ProcessingPolicy
->SaLifetime
.HardLifetime
!= 0) {
325 Print (HasPre
? L
"," : L
"life:[");
326 Print (L
"%lxS", Data
->ProcessingPolicy
->SaLifetime
.HardLifetime
);
334 if (HasPre
|| Data
->ProcessingPolicy
->ExtSeqNum
||
335 Data
->ProcessingPolicy
->SeqOverflow
|| Data
->ProcessingPolicy
->FragCheck
) {
339 String1
= MapIntegerToString (Data
->ProcessingPolicy
->Proto
, mMapIpSecProtocol
);
340 String2
= MapIntegerToString (Data
->ProcessingPolicy
->AuthAlgoId
, mMapAuthAlgo
);
341 String3
= MapIntegerToString (Data
->ProcessingPolicy
->EncAlgoId
, mMapEncAlgo
);
343 L
"%s Auth:%s Encrypt:%s ",
349 Print (L
"%s ", MapIntegerToString (Data
->ProcessingPolicy
->Mode
, mMapIpSecMode
));
350 if (Data
->ProcessingPolicy
->Mode
== EfiIPsecTunnel
) {
352 DumpIpAddress (&Data
->ProcessingPolicy
->TunnelOption
->LocalTunnelAddress
);
354 DumpIpAddress (&Data
->ProcessingPolicy
->TunnelOption
->RemoteTunnelAddress
);
355 Print (L
" %s]", MapIntegerToString (Data
->ProcessingPolicy
->TunnelOption
->DF
, mMapDfOption
));
365 Print EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 content.
367 @param[in] SaId The pointer to the EFI_IPSEC_SA_ID structure.
368 @param[in] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.
369 @param[in] EntryIndex The pointer to the Index in the SAD Database.
371 @retval EFI_SUCCESS Dump SAD information successfully.
375 IN EFI_IPSEC_SA_ID
*SaId
,
376 IN EFI_IPSEC_SA_DATA2
*Data
,
388 // SPI:1234 ESP Destination:xxx.xxx.xxx.xxx
389 // Mode:Transport SeqNum:134 AntiReplayWin:64 life:[0B,1023s,3400S] PathMTU:34
390 // Auth:xxxx/password Encrypt:yyyy/password
391 // xxx.xxx.xxx.xxx/yy -> xxx.xxx.xxx.xx/yy proto:23 port:100~300 -> 300~400
394 Print (L
"%d.", (*EntryIndex
)++);
395 Print (L
"0x%x %s ", (UINTN
) SaId
->Spi
, MapIntegerToString (SaId
->Proto
, mMapIpSecProtocol
));
396 if (Data
->Mode
== EfiIPsecTunnel
) {
397 Print (L
"TunnelSourceAddress:");
398 DumpIpAddress (&Data
->TunnelSourceAddress
);
400 Print (L
" TunnelDestination:");
401 DumpIpAddress (&Data
->TunnelDestinationAddress
);
406 L
" Mode:%s SeqNum:%lx AntiReplayWin:%d ",
407 MapIntegerToString (Data
->Mode
, mMapIpSecMode
),
409 (UINTN
) Data
->AntiReplayWindows
413 if (Data
->SaLifetime
.ByteCount
!= 0) {
414 Print (HasPre
? L
"," : L
"life:[");
415 Print (L
"%lxB", Data
->SaLifetime
.ByteCount
);
419 if (Data
->SaLifetime
.SoftLifetime
!= 0) {
420 Print (HasPre
? L
"," : L
"life:[");
421 Print (L
"%lxs", Data
->SaLifetime
.SoftLifetime
);
425 if (Data
->SaLifetime
.HardLifetime
!= 0) {
426 Print (HasPre
? L
"," : L
"life:[");
427 Print (L
"%lxS", Data
->SaLifetime
.HardLifetime
);
435 Print (L
"PathMTU:%d\n", (UINTN
) Data
->PathMTU
);
437 if (SaId
->Proto
== EfiIPsecAH
) {
440 MapIntegerToString (Data
->AlgoInfo
.AhAlgoInfo
.AuthAlgoId
, mMapAuthAlgo
),
441 Data
->AlgoInfo
.AhAlgoInfo
.AuthKey
444 AuthAlgoStr
= MapIntegerToString (Data
->AlgoInfo
.EspAlgoInfo
.AuthAlgoId
, mMapAuthAlgo
);
445 EncAlgoStr
= MapIntegerToString (Data
->AlgoInfo
.EspAlgoInfo
.EncAlgoId
, mMapEncAlgo
);
447 if (Data
->ManualSet
) {
449 // if the SAD is set manually the key is a Ascii string in most of time.
450 // Print the Key in Ascii string format.
452 Print (L
" Auth:%s/",AuthAlgoStr
);
454 Data
->AlgoInfo
.EspAlgoInfo
.AuthKey
,
455 Data
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
457 Print (L
"\n Encrypt:%s/",EncAlgoStr
);
459 Data
->AlgoInfo
.EspAlgoInfo
.EncKey
,
460 Data
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
464 // if the SAD is created by IKE, the key is a set of hex value in buffer.
465 // Print the Key in Hex format.
467 Print (L
" Auth:%s/",AuthAlgoStr
);
468 DumpBuf ((UINT8
*)(Data
->AlgoInfo
.EspAlgoInfo
.AuthKey
), Data
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
);
470 Print (L
"\n Encrypt:%s/",EncAlgoStr
);
471 DumpBuf ((UINT8
*)(Data
->AlgoInfo
.EspAlgoInfo
.EncKey
), Data
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
);
475 if (Data
->SpdSelector
!= NULL
) {
477 DumpSpdSelector (Data
->SpdSelector
);
485 Print EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA content.
487 @param[in] PadId The pointer to the EFI_IPSEC_PAD_ID structure.
488 @param[in] Data The pointer to the EFI_IPSEC_PAD_DATA structure.
489 @param[in] EntryIndex The pointer to the Index in the PAD Database.
491 @retval EFI_SUCCESS Dump PAD information successfully.
495 IN EFI_IPSEC_PAD_ID
*PadId
,
496 IN EFI_IPSEC_PAD_DATA
*Data
,
504 // ADDR:10.23.17.34/15
505 // IDEv1 PreSharedSecret IKE-ID
509 Print (L
"%d.", (*EntryIndex
)++);
511 if (PadId
->PeerIdValid
) {
512 Print (L
"ID:%s", PadId
->Id
.PeerId
);
515 DumpAddressInfo (&PadId
->Id
.IpAddress
);
520 String1
= MapIntegerToString (Data
->AuthProtocol
, mMapAuthProto
);
521 String2
= MapIntegerToString (Data
->AuthMethod
, mMapAuthMethod
);
528 if (Data
->IkeIdFlag
) {
534 if (Data
->AuthData
!= NULL
) {
535 DumpAsciiString (Data
->AuthData
, Data
->AuthDataSize
);
539 if (Data
->RevocationData
!= NULL
) {
540 Print (L
" %s\n", Data
->RevocationData
);
547 VISIT_POLICY_ENTRY mDumpPolicyEntry
[] = {
548 (VISIT_POLICY_ENTRY
) DumpSpdEntry
,
549 (VISIT_POLICY_ENTRY
) DumpSadEntry
,
550 (VISIT_POLICY_ENTRY
) DumpPadEntry
554 Print all entry information in the database according to datatype.
556 @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
557 @param[in] ParamPackage The pointer to the ParamPackage list.
559 @retval EFI_SUCCESS Dump all information successfully.
560 @retval Others Some mistaken case.
564 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType
,
565 IN LIST_ENTRY
*ParamPackage
571 return ForeachPolicyEntry (DataType
, mDumpPolicyEntry
[DataType
], &EntryIndex
);