2 The main process for IpSecConfig application.
4 Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php.
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
16 #include <Library/UefiRuntimeServicesTableLib.h>
17 #include <Library/HiiLib.h>
19 #include <Protocol/IpSec.h>
21 #include "IpSecConfig.h"
24 #include "PolicyEntryOperation.h"
29 // String token ID of IpSecConfig command help message text.
31 GLOBAL_REMOVE_IF_UNREFERENCED EFI_STRING_ID mStringIpSecHelpTokenId
= STRING_TOKEN (STR_IPSEC_CONFIG_HELP
);
34 // Used for ShellCommandLineParseEx only
35 // and to ensure user inputs are in valid format
37 SHELL_PARAM_ITEM mIpSecConfigParamList
[] = {
45 { L
"-enable", TypeFlag
},
46 { L
"-disable", TypeFlag
},
47 { L
"-status", TypeFlag
},
52 { L
"--local", TypeValue
},
53 { L
"--remote", TypeValue
},
54 { L
"--proto", TypeValue
},
55 { L
"--local-port", TypeValue
},
56 { L
"--remote-port", TypeValue
},
57 { L
"--icmp-type", TypeValue
},
58 { L
"--icmp-code", TypeValue
},
63 { L
"--name", TypeValue
},
64 { L
"--packet-flag", TypeValue
},
65 { L
"--action", TypeValue
},
66 { L
"--lifebyte", TypeValue
},
67 { L
"--lifetime-soft", TypeValue
},
68 { L
"--lifetime", TypeValue
},
69 { L
"--mode", TypeValue
},
70 { L
"--tunnel-local", TypeValue
},
71 { L
"--tunnel-remote", TypeValue
},
72 { L
"--dont-fragment", TypeValue
},
73 { L
"--ipsec-proto", TypeValue
},
74 { L
"--auth-algo", TypeValue
},
75 { L
"--encrypt-algo", TypeValue
},
77 { L
"--ext-sequence", TypeFlag
},
78 { L
"--sequence-overflow", TypeFlag
},
79 { L
"--fragment-check", TypeFlag
},
80 { L
"--ext-sequence-", TypeFlag
},
81 { L
"--sequence-overflow-", TypeFlag
},
82 { L
"--fragment-check-", TypeFlag
},
88 { L
"--spi", TypeValue
},
89 { L
"--tunnel-dest", TypeValue
},
90 { L
"--tunnel-source", TypeValue
},
91 { L
"--lookup-spi", TypeValue
},
92 { L
"--lookup-ipsec-proto", TypeValue
},
93 { L
"--lookup-dest", TypeValue
},
101 { L
"--sequence-number", TypeValue
},
102 { L
"--antireplay-window", TypeValue
},
103 { L
"--auth-key", TypeValue
},
104 { L
"--encrypt-key", TypeValue
},
105 { L
"--path-mtu", TypeValue
},
110 { L
"--peer-id", TypeValue
},
111 { L
"--peer-address", TypeValue
},
112 { L
"--auth-proto", TypeValue
},
113 { L
"--auth-method", TypeValue
},
114 { L
"--ike-id", TypeValue
},
115 { L
"--ike-id-", TypeValue
},
116 { L
"--auth-data", TypeValue
},
117 { L
"--revocation-data", TypeValue
},
118 { L
"--lookup-peer-id", TypeValue
},
119 { L
"--lookup-peer-address", TypeValue
},
127 STR2INT mMapPolicy
[] = {
128 { L
"SPD", IPsecConfigDataTypeSpd
},
129 { L
"SAD", IPsecConfigDataTypeSad
},
130 { L
"PAD", IPsecConfigDataTypePad
},
137 STR2INT mMapIpProtocol
[] = {
138 { L
"TCP", EFI_IP4_PROTO_TCP
},
139 { L
"UDP", EFI_IP4_PROTO_UDP
},
140 { L
"ICMP", EFI_IP4_PROTO_ICMP
},
147 STR2INT mMapIpSecAction
[] = {
148 { L
"Bypass", EfiIPsecActionBypass
},
149 { L
"Discard", EfiIPsecActionDiscard
},
150 { L
"Protect", EfiIPsecActionProtect
},
157 STR2INT mMapIpSecMode
[] = {
158 { L
"Transport", EfiIPsecTransport
},
159 { L
"Tunnel", EfiIPsecTunnel
},
166 STR2INT mMapDfOption
[] = {
167 { L
"clear", EfiIPsecTunnelClearDf
},
168 { L
"set", EfiIPsecTunnelSetDf
},
169 { L
"copy", EfiIPsecTunnelCopyDf
},
176 STR2INT mMapIpSecProtocol
[] = {
177 { L
"AH", EfiIPsecAH
},
178 { L
"ESP", EfiIPsecESP
},
185 STR2INT mMapAuthAlgo
[] = {
186 { L
"NONE", IPSEC_AALG_NONE
},
187 { L
"MD5HMAC", IPSEC_AALG_MD5HMAC
},
188 { L
"SHA1HMAC", IPSEC_AALG_SHA1HMAC
},
189 { L
"SHA2-256HMAC", IPSEC_AALG_SHA2_256HMAC
},
190 { L
"SHA2-384HMAC", IPSEC_AALG_SHA2_384HMAC
},
191 { L
"SHA2-512HMAC", IPSEC_AALG_SHA2_512HMAC
},
192 { L
"AES-XCBC-MAC", IPSEC_AALG_AES_XCBC_MAC
},
193 { L
"NULL", IPSEC_AALG_NULL
},
200 STR2INT mMapEncAlgo
[] = {
201 { L
"NONE", IPSEC_EALG_NONE
},
202 { L
"DESCBC", IPSEC_EALG_DESCBC
},
203 { L
"3DESCBC", IPSEC_EALG_3DESCBC
},
204 { L
"CASTCBC", IPSEC_EALG_CASTCBC
},
205 { L
"BLOWFISHCBC", IPSEC_EALG_BLOWFISHCBC
},
206 { L
"NULL", IPSEC_EALG_NULL
},
207 { L
"AESCBC", IPSEC_EALG_AESCBC
},
208 { L
"AESCTR", IPSEC_EALG_AESCTR
},
209 { L
"AES-CCM-ICV8", IPSEC_EALG_AES_CCM_ICV8
},
210 { L
"AES-CCM-ICV12",IPSEC_EALG_AES_CCM_ICV12
},
211 { L
"AES-CCM-ICV16",IPSEC_EALG_AES_CCM_ICV16
},
212 { L
"AES-GCM-ICV8", IPSEC_EALG_AES_GCM_ICV8
},
213 { L
"AES-GCM-ICV12",IPSEC_EALG_AES_GCM_ICV12
},
214 { L
"AES-GCM-ICV16",IPSEC_EALG_AES_GCM_ICV16
},
221 STR2INT mMapAuthProto
[] = {
222 { L
"IKEv1", EfiIPsecAuthProtocolIKEv1
},
223 { L
"IKEv2", EfiIPsecAuthProtocolIKEv2
},
230 STR2INT mMapAuthMethod
[] = {
231 { L
"PreSharedSecret", EfiIPsecAuthMethodPreSharedSecret
},
232 { L
"Certificates", EfiIPsecAuthMethodCertificates
},
236 EFI_IPSEC2_PROTOCOL
*mIpSec
;
237 EFI_IPSEC_CONFIG_PROTOCOL
*mIpSecConfig
;
238 EFI_HII_HANDLE mHiiHandle
;
239 CHAR16 mAppName
[] = L
"IpSecConfig";
242 // Used for IpSecConfigRetriveCheckListByName only to check the validation of user input
244 VAR_CHECK_ITEM mIpSecConfigVarCheckList
[] = {
245 { L
"-enable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },
246 { L
"-disable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },
247 { L
"-status", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },
248 { L
"-p", BIT(1), 0, BIT(2)|BIT(1)|BIT(0), 0 },
250 { L
"-a", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
251 { L
"-i", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
252 { L
"-d", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
253 { L
"-e", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
254 { L
"-l", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
255 { L
"-f", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
257 { L
"-?", BIT(0), BIT(0), BIT(2)|BIT(1)|BIT(0), 0 },
262 { L
"--local", 0, 0, BIT(2)|BIT(1), 0 },
263 { L
"--remote", 0, 0, BIT(2)|BIT(1), 0 },
264 { L
"--proto", 0, 0, BIT(2)|BIT(1), 0 },
265 { L
"--local-port", 0, 0, BIT(2)|BIT(1), BIT(0) },
266 { L
"--remote-port", 0, 0, BIT(2)|BIT(1), BIT(0) },
267 { L
"--icmp-type", 0, 0, BIT(2)|BIT(1), BIT(1) },
268 { L
"--icmp-code", 0, 0, BIT(2)|BIT(1), BIT(1) },
273 { L
"--name", 0, 0, BIT(2), 0 },
274 { L
"--packet-flag", 0, 0, BIT(2), 0 },
275 { L
"--action", 0, 0, BIT(2)|BIT(1), 0 },
276 { L
"--lifebyte", 0, 0, BIT(2)|BIT(1), 0 },
277 { L
"--lifetime-soft", 0, 0, BIT(2)|BIT(1), 0 },
278 { L
"--lifetime", 0, 0, BIT(2)|BIT(1), 0 },
279 { L
"--mode", 0, 0, BIT(2)|BIT(1), 0 },
280 { L
"--tunnel-local", 0, 0, BIT(2), 0 },
281 { L
"--tunnel-remote", 0, 0, BIT(2), 0 },
282 { L
"--dont-fragment", 0, 0, BIT(2), 0 },
283 { L
"--ipsec-proto", 0, 0, BIT(2)|BIT(1), 0 },
284 { L
"--auth-algo", 0, 0, BIT(2)|BIT(1), 0 },
285 { L
"--encrypt-algo", 0, 0, BIT(2)|BIT(1), 0 },
287 { L
"--ext-sequence", 0, 0, BIT(2), BIT(2) },
288 { L
"--sequence-overflow", 0, 0, BIT(2), BIT(2) },
289 { L
"--fragment-check", 0, 0, BIT(2), BIT(2) },
290 { L
"--ext-sequence-", 0, 0, BIT(2), BIT(3) },
291 { L
"--sequence-overflow-", 0, 0, BIT(2), BIT(3) },
292 { L
"--fragment-check-", 0, 0, BIT(2), BIT(3) },
298 { L
"--spi", 0, 0, BIT(1), 0 },
299 { L
"--tunnel-dest", 0, 0, BIT(1), 0 },
300 { L
"--tunnel-source", 0, 0, BIT(1), 0 },
301 { L
"--lookup-spi", 0, 0, BIT(1), 0 },
302 { L
"--lookup-ipsec-proto", 0, 0, BIT(1), 0 },
303 { L
"--lookup-dest", 0, 0, BIT(1), 0 },
311 { L
"--sequence-number", 0, 0, BIT(1), 0 },
312 { L
"--antireplay-window", 0, 0, BIT(1), 0 },
313 { L
"--auth-key", 0, 0, BIT(1), 0 },
314 { L
"--encrypt-key", 0, 0, BIT(1), 0 },
315 { L
"--path-mtu", 0, 0, BIT(1), 0 },
318 // The example to add a PAD:
319 // "-A --peer-id Mike [--peer-address 10.23.2.2] --auth-proto IKE1/IKE2
320 // --auth-method PreSharedSeceret/Certificate --ike-id
321 // --auth-data 343343 --revocation-data 2342432"
322 // The example to delete a PAD:
323 // "-D * --lookup-peer-id Mike [--lookup-peer-address 10.23.2.2]"
325 // The example to edit a PAD:
326 // "-E * --lookup-peer-id Mike --auth-method Certificate"
331 { L
"--peer-id", 0, 0, BIT(0), BIT(4) },
332 { L
"--peer-address", 0, 0, BIT(0), BIT(5) },
333 { L
"--auth-proto", 0, 0, BIT(0), 0 },
334 { L
"--auth-method", 0, 0, BIT(0), 0 },
335 { L
"--IKE-ID", 0, 0, BIT(0), BIT(6) },
336 { L
"--IKE-ID-", 0, 0, BIT(0), BIT(7) },
337 { L
"--auth-data", 0, 0, BIT(0), 0 },
338 { L
"--revocation-data", 0, 0, BIT(0), 0 },
339 { L
"--lookup-peer-id", 0, 0, BIT(0), BIT(4) },
340 { L
"--lookup-peer-address",0, 0, BIT(0), BIT(5) },
342 { NULL
, 0, 0, 0, 0 },
346 The function to allocate the proper sized buffer for various
349 @param[in, out] Status Current status.
350 @param[in, out] Buffer Current allocated buffer, or NULL.
351 @param[in] BufferSize Current buffer size needed
353 @retval TRUE If the buffer was reallocated and the caller should try the API again.
354 @retval FALSE If the buffer was not reallocated successfully.
358 IN OUT EFI_STATUS
*Status
,
359 IN OUT VOID
**Buffer
,
365 ASSERT (Status
!= NULL
);
366 ASSERT (Buffer
!= NULL
);
369 // If this is an initial request, buffer will be null with a new buffer size.
371 if ((NULL
== *Buffer
) && (BufferSize
!= 0)) {
372 *Status
= EFI_BUFFER_TOO_SMALL
;
376 // If the status code is "buffer too small", resize the buffer.
379 if (*Status
== EFI_BUFFER_TOO_SMALL
) {
381 if (*Buffer
!= NULL
) {
385 *Buffer
= AllocateZeroPool (BufferSize
);
387 if (*Buffer
!= NULL
) {
390 *Status
= EFI_OUT_OF_RESOURCES
;
395 // If there's an error, free the buffer.
397 if (!TryAgain
&& EFI_ERROR (*Status
) && (*Buffer
!= NULL
)) {
406 Function returns an array of handles that support the requested protocol
407 in a buffer allocated from a pool.
409 @param[in] SearchType Specifies which handle(s) are to be returned.
410 @param[in] Protocol Provides the protocol to search by.
411 This parameter is only valid for SearchType ByProtocol.
413 @param[in] SearchKey Supplies the search key depending on the SearchType.
414 @param[in, out] NoHandles The number of handles returned in Buffer.
415 @param[out] Buffer A pointer to the buffer to return the requested array of
416 handles that support Protocol.
418 @retval EFI_SUCCESS The resulting array of handles was returned.
419 @retval Others Other mistake case.
423 IN EFI_LOCATE_SEARCH_TYPE SearchType
,
424 IN EFI_GUID
*Protocol OPTIONAL
,
425 IN VOID
*SearchKey OPTIONAL
,
426 IN OUT UINTN
*NoHandles
,
427 OUT EFI_HANDLE
**Buffer
433 ASSERT (NoHandles
!= NULL
);
434 ASSERT (Buffer
!= NULL
);
437 // Initialize for GrowBuffer loop.
439 Status
= EFI_SUCCESS
;
441 BufferSize
= 50 * sizeof (EFI_HANDLE
);
444 // Call the real function.
446 while (GrowBuffer (&Status
, (VOID
**) Buffer
, BufferSize
)) {
447 Status
= gBS
->LocateHandle (
456 *NoHandles
= BufferSize
/ sizeof (EFI_HANDLE
);
457 if (EFI_ERROR (Status
)) {
465 Find the first instance of this protocol in the system and return its interface.
467 @param[in] ProtocolGuid The guid of the protocol.
468 @param[out] Interface The pointer to the first instance of the protocol.
470 @retval EFI_SUCCESS A protocol instance matching ProtocolGuid was found.
471 @retval Others A protocol instance matching ProtocolGuid was not found.
475 IN EFI_GUID
*ProtocolGuid
,
489 Status
= LocateHandle (ByProtocol
, ProtocolGuid
, NULL
, &NumberHandles
, &Handles
);
490 if (EFI_ERROR (Status
)) {
491 DEBUG ((EFI_D_INFO
, "LibLocateProtocol: Handle not found\n"));
495 for (Index
= 0; Index
< NumberHandles
; Index
++) {
496 ASSERT (Handles
!= NULL
);
497 Status
= gBS
->HandleProtocol (
503 if (!EFI_ERROR (Status
)) {
508 if (Handles
!= NULL
) {
516 Helper function called to check the conflicted flags.
518 @param[in] CheckList The pointer to the VAR_CHECK_ITEM table.
519 @param[in] ParamPackage The pointer to the ParamPackage list.
521 @retval EFI_SUCCESS No conflicted flags.
522 @retval EFI_INVALID_PARAMETER The input parameter is erroroneous or there are some conflicted flags.
525 IpSecConfigRetriveCheckListByName (
526 IN VAR_CHECK_ITEM
*CheckList
,
527 IN LIST_ENTRY
*ParamPackage
532 VAR_CHECK_ITEM
*Item
;
544 Item
= mIpSecConfigVarCheckList
;
546 if ((ParamPackage
== NULL
) || (CheckList
== NULL
)) {
547 return EFI_INVALID_PARAMETER
;
551 // Enumerate through the list of parameters that are input by user.
553 for (Node
= GetFirstNode (ParamPackage
); !IsNull (ParamPackage
, Node
); Node
= GetNextNode (ParamPackage
, Node
)) {
554 if (((SHELL_PARAM_PACKAGE
*) Node
)->Name
!= NULL
) {
556 // Enumerate the check list that defines the conflicted attributes of each flag.
558 for (; Item
->VarName
!= NULL
; Item
++) {
559 if (StrCmp (((SHELL_PARAM_PACKAGE
*) Node
)->Name
, Item
->VarName
) == 0) {
562 Attribute1
= Item
->Attribute1
;
563 Attribute2
= Item
->Attribute2
;
564 Attribute3
= Item
->Attribute3
;
565 Attribute4
= Item
->Attribute4
;
567 Attribute1
&= Item
->Attribute1
;
568 Attribute2
|= Item
->Attribute2
;
569 Attribute3
&= Item
->Attribute3
;
570 Attribute4
|= Item
->Attribute4
;
571 if (Attribute1
!= 0) {
572 return EFI_INVALID_PARAMETER
;
575 if (Attribute2
!= 0) {
576 if ((Index
== 2) && (StrCmp (Item
->VarName
, L
"-p") == 0)) {
580 return EFI_INVALID_PARAMETER
;
583 if (Attribute3
== 0) {
584 return EFI_INVALID_PARAMETER
;
586 if (((Attribute4
& 0xFF) == 0x03) || ((Attribute4
& 0xFF) == 0x0C) ||
587 ((Attribute4
& 0xFF) == 0x30) || ((Attribute4
& 0xFF) == 0xC0)) {
588 return EFI_INVALID_PARAMETER
;
595 Item
= mIpSecConfigVarCheckList
;
603 This is the declaration of an EFI image entry point. This entry point is
604 the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers, including
605 both device drivers and bus drivers.
607 The entry point for IpSecConfig application that parse the command line input and call an IpSecConfig process.
609 @param[in] ImageHandle The image handle of this application.
610 @param[in] SystemTable The pointer to the EFI System Table.
612 @retval EFI_SUCCESS The operation completed successfully.
617 InitializeIpSecConfig (
618 IN EFI_HANDLE ImageHandle
,
619 IN EFI_SYSTEM_TABLE
*SystemTable
623 EFI_IPSEC_CONFIG_DATA_TYPE DataType
;
625 LIST_ENTRY
*ParamPackage
;
626 CONST CHAR16
*ValueStr
;
627 CHAR16
*ProblemParam
;
628 UINTN NonOptionCount
;
629 EFI_HII_PACKAGE_LIST_HEADER
*PackageList
;
632 // Retrieve HII package list from ImageHandle
634 Status
= gBS
->OpenProtocol (
636 &gEfiHiiPackageListProtocolGuid
,
637 (VOID
**) &PackageList
,
640 EFI_OPEN_PROTOCOL_GET_PROTOCOL
642 if (EFI_ERROR (Status
)) {
647 // Publish HII package list to HII Database.
649 Status
= gHiiDatabase
->NewPackageList (
655 if (EFI_ERROR (Status
)) {
659 ASSERT (mHiiHandle
!= NULL
);
661 Status
= ShellCommandLineParseEx (mIpSecConfigParamList
, &ParamPackage
, &ProblemParam
, TRUE
, FALSE
);
662 if (EFI_ERROR (Status
)) {
663 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION
), mHiiHandle
, ProblemParam
);
667 Status
= IpSecConfigRetriveCheckListByName (mIpSecConfigVarCheckList
, ParamPackage
);
668 if (EFI_ERROR (Status
)) {
669 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_MISTAKEN_OPTIONS
), mHiiHandle
);
673 Status
= LocateProtocol (&gEfiIpSecConfigProtocolGuid
, (VOID
**) &mIpSecConfig
);
674 if (EFI_ERROR (Status
) || mIpSecConfig
== NULL
) {
675 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT
), mHiiHandle
, mAppName
);
679 Status
= LocateProtocol (&gEfiIpSec2ProtocolGuid
, (VOID
**) &mIpSec
);
680 if (EFI_ERROR (Status
) || mIpSec
== NULL
) {
681 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT
), mHiiHandle
, mAppName
);
688 if (ShellCommandLineGetFlag (ParamPackage
, L
"-enable")) {
689 if (!(mIpSec
->DisabledFlag
)) {
690 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_ENABLE
), mHiiHandle
, mAppName
);
695 Value
= IPSEC_STATUS_ENABLED
;
696 Status
= gRT
->SetVariable (
697 IPSECCONFIG_STATUS_NAME
,
698 &gEfiIpSecConfigProtocolGuid
,
699 EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_NON_VOLATILE
,
703 if (!EFI_ERROR (Status
)) {
704 mIpSec
->DisabledFlag
= FALSE
;
705 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_SUCCESS
), mHiiHandle
, mAppName
);
707 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_FAILED
), mHiiHandle
, mAppName
);
717 if (ShellCommandLineGetFlag (ParamPackage
, L
"-disable")) {
718 if (mIpSec
->DisabledFlag
) {
719 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_DISABLE
), mHiiHandle
, mAppName
);
722 // Set disable flag; however, leave it to be disabled in the callback function of DisabledEvent.
724 gBS
->SignalEvent (mIpSec
->DisabledEvent
);
725 if (mIpSec
->DisabledFlag
) {
726 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_SUCCESS
), mHiiHandle
, mAppName
);
728 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_FAILED
), mHiiHandle
, mAppName
);
738 if (ShellCommandLineGetFlag (ParamPackage
, L
"-status")) {
739 if (mIpSec
->DisabledFlag
) {
740 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_DISABLE
), mHiiHandle
, mAppName
);
742 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_ENABLE
), mHiiHandle
, mAppName
);
748 // Try to get policy database type.
750 DataType
= (EFI_IPSEC_CONFIG_DATA_TYPE
) - 1;
751 ValueStr
= ShellCommandLineGetValue (ParamPackage
, L
"-p");
752 if (ValueStr
!= NULL
) {
753 DataType
= (EFI_IPSEC_CONFIG_DATA_TYPE
) MapStringToInteger (ValueStr
, mMapPolicy
);
754 if (DataType
== -1) {
755 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_DB
), mHiiHandle
, mAppName
, ValueStr
);
760 NonOptionCount
= ShellCommandLineGetCount (ParamPackage
);
761 if ((NonOptionCount
- 1) > 0) {
762 ValueStr
= ShellCommandLineGetRawValue (ParamPackage
, (UINT32
) (NonOptionCount
- 1));
763 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_REDUNDANCY_MANY
), mHiiHandle
, mAppName
, ValueStr
);
767 if (DataType
== -1) {
768 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_DB
), mHiiHandle
, mAppName
);
772 if (ShellCommandLineGetFlag (ParamPackage
, L
"-a")) {
773 Status
= AddOrInsertPolicyEntry (DataType
, ParamPackage
);
774 if (EFI_ERROR (Status
)) {
777 } else if (ShellCommandLineGetFlag (ParamPackage
, L
"-i")) {
778 Status
= AddOrInsertPolicyEntry (DataType
, ParamPackage
);
779 if (EFI_ERROR (Status
)) {
782 } else if (ShellCommandLineGetFlag (ParamPackage
, L
"-e")) {
783 Status
= EditPolicyEntry (DataType
, ParamPackage
);
784 if (EFI_ERROR (Status
)) {
787 } else if (ShellCommandLineGetFlag (ParamPackage
, L
"-d")) {
788 Status
= FlushOrDeletePolicyEntry (DataType
, ParamPackage
);
789 if (EFI_ERROR (Status
)) {
792 } else if (ShellCommandLineGetFlag (ParamPackage
, L
"-f")) {
793 Status
= FlushOrDeletePolicyEntry (DataType
, ParamPackage
);
794 if (EFI_ERROR (Status
)) {
797 } else if (ShellCommandLineGetFlag (ParamPackage
, L
"-l")) {
798 Status
= ListPolicyEntry (DataType
, ParamPackage
);
799 if (EFI_ERROR (Status
)) {
803 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION
), mHiiHandle
, mAppName
);
808 ShellCommandLineFreeVarList (ParamPackage
);
809 HiiRemovePackages (mHiiHandle
);