2 The main process for IpSecConfig application.
4 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php.
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
16 #include <Library/UefiRuntimeServicesTableLib.h>
17 #include <Library/HiiLib.h>
19 #include <Protocol/IpSec.h>
21 #include "IpSecConfig.h"
24 #include "PolicyEntryOperation.h"
29 // Used for ShellCommandLineParseEx only
30 // and to ensure user inputs are in valid format
32 SHELL_PARAM_ITEM mIpSecConfigParamList
[] = {
40 { L
"-enable", TypeFlag
},
41 { L
"-disable", TypeFlag
},
42 { L
"-status", TypeFlag
},
47 { L
"--local", TypeValue
},
48 { L
"--remote", TypeValue
},
49 { L
"--proto", TypeValue
},
50 { L
"--local-port", TypeValue
},
51 { L
"--remote-port", TypeValue
},
52 { L
"--icmp-type", TypeValue
},
53 { L
"--icmp-code", TypeValue
},
58 { L
"--name", TypeValue
},
59 { L
"--packet-flag", TypeValue
},
60 { L
"--action", TypeValue
},
61 { L
"--lifebyte", TypeValue
},
62 { L
"--lifetime-soft", TypeValue
},
63 { L
"--lifetime", TypeValue
},
64 { L
"--mode", TypeValue
},
65 { L
"--tunnel-local", TypeValue
},
66 { L
"--tunnel-remote", TypeValue
},
67 { L
"--dont-fragment", TypeValue
},
68 { L
"--ipsec-proto", TypeValue
},
69 { L
"--auth-algo", TypeValue
},
70 { L
"--encrypt-algo", TypeValue
},
72 { L
"--ext-sequence", TypeFlag
},
73 { L
"--sequence-overflow", TypeFlag
},
74 { L
"--fragment-check", TypeFlag
},
75 { L
"--ext-sequence-", TypeFlag
},
76 { L
"--sequence-overflow-", TypeFlag
},
77 { L
"--fragment-check-", TypeFlag
},
83 { L
"--spi", TypeValue
},
84 { L
"--tunnel-dest", TypeValue
},
85 { L
"--tunnel-source", TypeValue
},
86 { L
"--lookup-spi", TypeValue
},
87 { L
"--lookup-ipsec-proto", TypeValue
},
88 { L
"--lookup-dest", TypeValue
},
96 { L
"--sequence-number", TypeValue
},
97 { L
"--antireplay-window", TypeValue
},
98 { L
"--auth-key", TypeValue
},
99 { L
"--encrypt-key", TypeValue
},
100 { L
"--path-mtu", TypeValue
},
105 { L
"--peer-id", TypeValue
},
106 { L
"--peer-address", TypeValue
},
107 { L
"--auth-proto", TypeValue
},
108 { L
"--auth-method", TypeValue
},
109 { L
"--ike-id", TypeValue
},
110 { L
"--ike-id-", TypeValue
},
111 { L
"--auth-data", TypeValue
},
112 { L
"--revocation-data", TypeValue
},
113 { L
"--lookup-peer-id", TypeValue
},
114 { L
"--lookup-peer-address", TypeValue
},
122 STR2INT mMapPolicy
[] = {
123 { L
"SPD", IPsecConfigDataTypeSpd
},
124 { L
"SAD", IPsecConfigDataTypeSad
},
125 { L
"PAD", IPsecConfigDataTypePad
},
132 STR2INT mMapIpProtocol
[] = {
133 { L
"TCP", EFI_IP4_PROTO_TCP
},
134 { L
"UDP", EFI_IP4_PROTO_UDP
},
135 { L
"ICMP", EFI_IP4_PROTO_ICMP
},
142 STR2INT mMapIpSecAction
[] = {
143 { L
"Bypass", EfiIPsecActionBypass
},
144 { L
"Discard", EfiIPsecActionDiscard
},
145 { L
"Protect", EfiIPsecActionProtect
},
152 STR2INT mMapIpSecMode
[] = {
153 { L
"Transport", EfiIPsecTransport
},
154 { L
"Tunnel", EfiIPsecTunnel
},
161 STR2INT mMapDfOption
[] = {
162 { L
"clear", EfiIPsecTunnelClearDf
},
163 { L
"set", EfiIPsecTunnelSetDf
},
164 { L
"copy", EfiIPsecTunnelCopyDf
},
171 STR2INT mMapIpSecProtocol
[] = {
172 { L
"AH", EfiIPsecAH
},
173 { L
"ESP", EfiIPsecESP
},
180 STR2INT mMapAuthAlgo
[] = {
181 { L
"NONE", IPSEC_AALG_NONE
},
182 { L
"MD5HMAC", IPSEC_AALG_MD5HMAC
},
183 { L
"SHA1HMAC", IPSEC_AALG_SHA1HMAC
},
184 { L
"SHA2-256HMAC", IPSEC_AALG_SHA2_256HMAC
},
185 { L
"SHA2-384HMAC", IPSEC_AALG_SHA2_384HMAC
},
186 { L
"SHA2-512HMAC", IPSEC_AALG_SHA2_512HMAC
},
187 { L
"AES-XCBC-MAC", IPSEC_AALG_AES_XCBC_MAC
},
188 { L
"NULL", IPSEC_AALG_NULL
},
195 STR2INT mMapEncAlgo
[] = {
196 { L
"NONE", IPSEC_EALG_NONE
},
197 { L
"DESCBC", IPSEC_EALG_DESCBC
},
198 { L
"3DESCBC", IPSEC_EALG_3DESCBC
},
199 { L
"CASTCBC", IPSEC_EALG_CASTCBC
},
200 { L
"BLOWFISHCBC", IPSEC_EALG_BLOWFISHCBC
},
201 { L
"NULL", IPSEC_EALG_NULL
},
202 { L
"AESCBC", IPSEC_EALG_AESCBC
},
203 { L
"AESCTR", IPSEC_EALG_AESCTR
},
204 { L
"AES-CCM-ICV8", IPSEC_EALG_AES_CCM_ICV8
},
205 { L
"AES-CCM-ICV12",IPSEC_EALG_AES_CCM_ICV12
},
206 { L
"AES-CCM-ICV16",IPSEC_EALG_AES_CCM_ICV16
},
207 { L
"AES-GCM-ICV8", IPSEC_EALG_AES_GCM_ICV8
},
208 { L
"AES-GCM-ICV12",IPSEC_EALG_AES_GCM_ICV12
},
209 { L
"AES-GCM-ICV16",IPSEC_EALG_AES_GCM_ICV16
},
216 STR2INT mMapAuthProto
[] = {
217 { L
"IKEv1", EfiIPsecAuthProtocolIKEv1
},
218 { L
"IKEv2", EfiIPsecAuthProtocolIKEv2
},
225 STR2INT mMapAuthMethod
[] = {
226 { L
"PreSharedSecret", EfiIPsecAuthMethodPreSharedSecret
},
227 { L
"Certificates", EfiIPsecAuthMethodCertificates
},
231 EFI_IPSEC2_PROTOCOL
*mIpSec
;
232 EFI_IPSEC_CONFIG_PROTOCOL
*mIpSecConfig
;
233 EFI_HII_HANDLE mHiiHandle
;
234 CHAR16 mAppName
[] = L
"IpSecConfig";
237 // Used for IpSecConfigRetriveCheckListByName only to check the validation of user input
239 VAR_CHECK_ITEM mIpSecConfigVarCheckList
[] = {
240 { L
"-enable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },
241 { L
"-disable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },
242 { L
"-status", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },
243 { L
"-p", BIT(1), 0, BIT(2)|BIT(1)|BIT(0), 0 },
245 { L
"-a", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
246 { L
"-i", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
247 { L
"-d", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
248 { L
"-e", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
249 { L
"-l", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
250 { L
"-f", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
252 { L
"-?", BIT(0), BIT(0), BIT(2)|BIT(1)|BIT(0), 0 },
257 { L
"--local", 0, 0, BIT(2)|BIT(1), 0 },
258 { L
"--remote", 0, 0, BIT(2)|BIT(1), 0 },
259 { L
"--proto", 0, 0, BIT(2)|BIT(1), 0 },
260 { L
"--local-port", 0, 0, BIT(2)|BIT(1), BIT(0) },
261 { L
"--remote-port", 0, 0, BIT(2)|BIT(1), BIT(0) },
262 { L
"--icmp-type", 0, 0, BIT(2)|BIT(1), BIT(1) },
263 { L
"--icmp-code", 0, 0, BIT(2)|BIT(1), BIT(1) },
268 { L
"--name", 0, 0, BIT(2), 0 },
269 { L
"--packet-flag", 0, 0, BIT(2), 0 },
270 { L
"--action", 0, 0, BIT(2)|BIT(1), 0 },
271 { L
"--lifebyte", 0, 0, BIT(2)|BIT(1), 0 },
272 { L
"--lifetime-soft", 0, 0, BIT(2)|BIT(1), 0 },
273 { L
"--lifetime", 0, 0, BIT(2)|BIT(1), 0 },
274 { L
"--mode", 0, 0, BIT(2)|BIT(1), 0 },
275 { L
"--tunnel-local", 0, 0, BIT(2), 0 },
276 { L
"--tunnel-remote", 0, 0, BIT(2), 0 },
277 { L
"--dont-fragment", 0, 0, BIT(2), 0 },
278 { L
"--ipsec-proto", 0, 0, BIT(2)|BIT(1), 0 },
279 { L
"--auth-algo", 0, 0, BIT(2)|BIT(1), 0 },
280 { L
"--encrypt-algo", 0, 0, BIT(2)|BIT(1), 0 },
282 { L
"--ext-sequence", 0, 0, BIT(2), BIT(2) },
283 { L
"--sequence-overflow", 0, 0, BIT(2), BIT(2) },
284 { L
"--fragment-check", 0, 0, BIT(2), BIT(2) },
285 { L
"--ext-sequence-", 0, 0, BIT(2), BIT(3) },
286 { L
"--sequence-overflow-", 0, 0, BIT(2), BIT(3) },
287 { L
"--fragment-check-", 0, 0, BIT(2), BIT(3) },
293 { L
"--spi", 0, 0, BIT(1), 0 },
294 { L
"--tunnel-dest", 0, 0, BIT(1), 0 },
295 { L
"--tunnel-source", 0, 0, BIT(1), 0 },
296 { L
"--lookup-spi", 0, 0, BIT(1), 0 },
297 { L
"--lookup-ipsec-proto", 0, 0, BIT(1), 0 },
298 { L
"--lookup-dest", 0, 0, BIT(1), 0 },
306 { L
"--sequence-number", 0, 0, BIT(1), 0 },
307 { L
"--antireplay-window", 0, 0, BIT(1), 0 },
308 { L
"--auth-key", 0, 0, BIT(1), 0 },
309 { L
"--encrypt-key", 0, 0, BIT(1), 0 },
310 { L
"--path-mtu", 0, 0, BIT(1), 0 },
313 // The example to add a PAD:
314 // "-A --peer-id Mike [--peer-address 10.23.2.2] --auth-proto IKE1/IKE2
315 // --auth-method PreSharedSeceret/Certificate --ike-id
316 // --auth-data 343343 --revocation-data 2342432"
317 // The example to delete a PAD:
318 // "-D * --lookup-peer-id Mike [--lookup-peer-address 10.23.2.2]"
320 // The example to edit a PAD:
321 // "-E * --lookup-peer-id Mike --auth-method Certificate"
326 { L
"--peer-id", 0, 0, BIT(0), BIT(4) },
327 { L
"--peer-address", 0, 0, BIT(0), BIT(5) },
328 { L
"--auth-proto", 0, 0, BIT(0), 0 },
329 { L
"--auth-method", 0, 0, BIT(0), 0 },
330 { L
"--IKE-ID", 0, 0, BIT(0), BIT(6) },
331 { L
"--IKE-ID-", 0, 0, BIT(0), BIT(7) },
332 { L
"--auth-data", 0, 0, BIT(0), 0 },
333 { L
"--revocation-data", 0, 0, BIT(0), 0 },
334 { L
"--lookup-peer-id", 0, 0, BIT(0), BIT(4) },
335 { L
"--lookup-peer-address",0, 0, BIT(0), BIT(5) },
337 { NULL
, 0, 0, 0, 0 },
341 The function to allocate the proper sized buffer for various
344 @param[in, out] Status Current status.
345 @param[in, out] Buffer Current allocated buffer, or NULL.
346 @param[in] BufferSize Current buffer size needed
348 @retval TRUE If the buffer was reallocated and the caller should try the API again.
349 @retval FALSE If the buffer was not reallocated successfully.
353 IN OUT EFI_STATUS
*Status
,
354 IN OUT VOID
**Buffer
,
360 ASSERT (Status
!= NULL
);
361 ASSERT (Buffer
!= NULL
);
364 // If this is an initial request, buffer will be null with a new buffer size.
366 if ((NULL
== *Buffer
) && (BufferSize
!= 0)) {
367 *Status
= EFI_BUFFER_TOO_SMALL
;
371 // If the status code is "buffer too small", resize the buffer.
374 if (*Status
== EFI_BUFFER_TOO_SMALL
) {
376 if (*Buffer
!= NULL
) {
380 *Buffer
= AllocateZeroPool (BufferSize
);
382 if (*Buffer
!= NULL
) {
385 *Status
= EFI_OUT_OF_RESOURCES
;
390 // If there's an error, free the buffer.
392 if (!TryAgain
&& EFI_ERROR (*Status
) && (*Buffer
!= NULL
)) {
401 Function returns an array of handles that support the requested protocol
402 in a buffer allocated from a pool.
404 @param[in] SearchType Specifies which handle(s) are to be returned.
405 @param[in] Protocol Provides the protocol to search by.
406 This parameter is only valid for SearchType ByProtocol.
408 @param[in] SearchKey Supplies the search key depending on the SearchType.
409 @param[in, out] NoHandles The number of handles returned in Buffer.
410 @param[out] Buffer A pointer to the buffer to return the requested array of
411 handles that support Protocol.
413 @retval EFI_SUCCESS The resulting array of handles was returned.
414 @retval Others Other mistake case.
418 IN EFI_LOCATE_SEARCH_TYPE SearchType
,
419 IN EFI_GUID
*Protocol OPTIONAL
,
420 IN VOID
*SearchKey OPTIONAL
,
421 IN OUT UINTN
*NoHandles
,
422 OUT EFI_HANDLE
**Buffer
428 ASSERT (NoHandles
!= NULL
);
429 ASSERT (Buffer
!= NULL
);
432 // Initialize for GrowBuffer loop.
434 Status
= EFI_SUCCESS
;
436 BufferSize
= 50 * sizeof (EFI_HANDLE
);
439 // Call the real function.
441 while (GrowBuffer (&Status
, (VOID
**) Buffer
, BufferSize
)) {
442 Status
= gBS
->LocateHandle (
451 *NoHandles
= BufferSize
/ sizeof (EFI_HANDLE
);
452 if (EFI_ERROR (Status
)) {
460 Find the first instance of this protocol in the system and return its interface.
462 @param[in] ProtocolGuid The guid of the protocol.
463 @param[out] Interface The pointer to the first instance of the protocol.
465 @retval EFI_SUCCESS A protocol instance matching ProtocolGuid was found.
466 @retval Others A protocol instance matching ProtocolGuid was not found.
470 IN EFI_GUID
*ProtocolGuid
,
484 Status
= LocateHandle (ByProtocol
, ProtocolGuid
, NULL
, &NumberHandles
, &Handles
);
485 if (EFI_ERROR (Status
)) {
486 DEBUG ((EFI_D_INFO
, "LibLocateProtocol: Handle not found\n"));
490 for (Index
= 0; Index
< NumberHandles
; Index
++) {
491 ASSERT (Handles
!= NULL
);
492 Status
= gBS
->HandleProtocol (
498 if (!EFI_ERROR (Status
)) {
503 if (Handles
!= NULL
) {
511 Helper function called to check the conflicted flags.
513 @param[in] CheckList The pointer to the VAR_CHECK_ITEM table.
514 @param[in] ParamPackage The pointer to the ParamPackage list.
516 @retval EFI_SUCCESS No conflicted flags.
517 @retval EFI_INVALID_PARAMETER The input parameter is erroroneous or there are some conflicted flags.
520 IpSecConfigRetriveCheckListByName (
521 IN VAR_CHECK_ITEM
*CheckList
,
522 IN LIST_ENTRY
*ParamPackage
527 VAR_CHECK_ITEM
*Item
;
539 Item
= mIpSecConfigVarCheckList
;
541 if ((ParamPackage
== NULL
) || (CheckList
== NULL
)) {
542 return EFI_INVALID_PARAMETER
;
546 // Enumerate through the list of parameters that are input by user.
548 for (Node
= GetFirstNode (ParamPackage
); !IsNull (ParamPackage
, Node
); Node
= GetNextNode (ParamPackage
, Node
)) {
549 if (((SHELL_PARAM_PACKAGE
*) Node
)->Name
!= NULL
) {
551 // Enumerate the check list that defines the conflicted attributes of each flag.
553 for (; Item
->VarName
!= NULL
; Item
++) {
554 if (StrCmp (((SHELL_PARAM_PACKAGE
*) Node
)->Name
, Item
->VarName
) == 0) {
557 Attribute1
= Item
->Attribute1
;
558 Attribute2
= Item
->Attribute2
;
559 Attribute3
= Item
->Attribute3
;
560 Attribute4
= Item
->Attribute4
;
562 Attribute1
&= Item
->Attribute1
;
563 Attribute2
|= Item
->Attribute2
;
564 Attribute3
&= Item
->Attribute3
;
565 Attribute4
|= Item
->Attribute4
;
566 if (Attribute1
!= 0) {
567 return EFI_INVALID_PARAMETER
;
570 if (Attribute2
!= 0) {
571 if ((Index
== 2) && (StrCmp (Item
->VarName
, L
"-p") == 0)) {
575 return EFI_INVALID_PARAMETER
;
578 if (Attribute3
== 0) {
579 return EFI_INVALID_PARAMETER
;
581 if (((Attribute4
& 0xFF) == 0x03) || ((Attribute4
& 0xFF) == 0x0C) ||
582 ((Attribute4
& 0xFF) == 0x30) || ((Attribute4
& 0xFF) == 0xC0)) {
583 return EFI_INVALID_PARAMETER
;
590 Item
= mIpSecConfigVarCheckList
;
598 This is the declaration of an EFI image entry point. This entry point is
599 the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers, including
600 both device drivers and bus drivers.
602 The entry point for IpSecConfig application that parse the command line input and call an IpSecConfig process.
604 @param[in] ImageHandle The image handle of this application.
605 @param[in] SystemTable The pointer to the EFI System Table.
607 @retval EFI_SUCCESS The operation completed successfully.
612 InitializeIpSecConfig (
613 IN EFI_HANDLE ImageHandle
,
614 IN EFI_SYSTEM_TABLE
*SystemTable
618 EFI_IPSEC_CONFIG_DATA_TYPE DataType
;
620 LIST_ENTRY
*ParamPackage
;
621 CONST CHAR16
*ValueStr
;
622 CHAR16
*ProblemParam
;
623 UINTN NonOptionCount
;
624 EFI_HII_PACKAGE_LIST_HEADER
*PackageList
;
627 // Retrieve HII package list from ImageHandle
629 Status
= gBS
->OpenProtocol (
631 &gEfiHiiPackageListProtocolGuid
,
632 (VOID
**) &PackageList
,
635 EFI_OPEN_PROTOCOL_GET_PROTOCOL
637 if (EFI_ERROR (Status
)) {
642 // Publish HII package list to HII Database.
644 Status
= gHiiDatabase
->NewPackageList (
650 if (EFI_ERROR (Status
)) {
654 ASSERT (mHiiHandle
!= NULL
);
656 Status
= ShellCommandLineParseEx (mIpSecConfigParamList
, &ParamPackage
, &ProblemParam
, TRUE
, FALSE
);
657 if (EFI_ERROR (Status
)) {
658 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION
), mHiiHandle
, ProblemParam
);
662 Status
= IpSecConfigRetriveCheckListByName (mIpSecConfigVarCheckList
, ParamPackage
);
663 if (EFI_ERROR (Status
)) {
664 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_MISTAKEN_OPTIONS
), mHiiHandle
);
668 Status
= LocateProtocol (&gEfiIpSecConfigProtocolGuid
, (VOID
**) &mIpSecConfig
);
669 if (EFI_ERROR (Status
) || mIpSecConfig
== NULL
) {
670 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT
), mHiiHandle
, mAppName
);
674 Status
= LocateProtocol (&gEfiIpSec2ProtocolGuid
, (VOID
**) &mIpSec
);
675 if (EFI_ERROR (Status
) || mIpSec
== NULL
) {
676 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT
), mHiiHandle
, mAppName
);
683 if (ShellCommandLineGetFlag (ParamPackage
, L
"-enable")) {
684 if (!(mIpSec
->DisabledFlag
)) {
685 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_ENABLE
), mHiiHandle
, mAppName
);
690 Value
= IPSEC_STATUS_ENABLED
;
691 Status
= gRT
->SetVariable (
692 IPSECCONFIG_STATUS_NAME
,
693 &gEfiIpSecConfigProtocolGuid
,
694 EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_NON_VOLATILE
,
698 if (!EFI_ERROR (Status
)) {
699 mIpSec
->DisabledFlag
= FALSE
;
700 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_SUCCESS
), mHiiHandle
, mAppName
);
702 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_FAILED
), mHiiHandle
, mAppName
);
712 if (ShellCommandLineGetFlag (ParamPackage
, L
"-disable")) {
713 if (mIpSec
->DisabledFlag
) {
714 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_DISABLE
), mHiiHandle
, mAppName
);
717 // Set disable flag; however, leave it to be disabled in the callback function of DisabledEvent.
719 gBS
->SignalEvent (mIpSec
->DisabledEvent
);
720 if (mIpSec
->DisabledFlag
) {
721 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_SUCCESS
), mHiiHandle
, mAppName
);
723 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_FAILED
), mHiiHandle
, mAppName
);
733 if (ShellCommandLineGetFlag (ParamPackage
, L
"-status")) {
734 if (mIpSec
->DisabledFlag
) {
735 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_DISABLE
), mHiiHandle
, mAppName
);
737 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_ENABLE
), mHiiHandle
, mAppName
);
743 // Try to get policy database type.
745 DataType
= (EFI_IPSEC_CONFIG_DATA_TYPE
) - 1;
746 ValueStr
= ShellCommandLineGetValue (ParamPackage
, L
"-p");
747 if (ValueStr
!= NULL
) {
748 DataType
= (EFI_IPSEC_CONFIG_DATA_TYPE
) MapStringToInteger (ValueStr
, mMapPolicy
);
749 if (DataType
== -1) {
750 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_DB
), mHiiHandle
, mAppName
, ValueStr
);
755 NonOptionCount
= ShellCommandLineGetCount (ParamPackage
);
756 if ((NonOptionCount
- 1) > 0) {
757 ValueStr
= ShellCommandLineGetRawValue (ParamPackage
, (UINT32
) (NonOptionCount
- 1));
758 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_REDUNDANCY_MANY
), mHiiHandle
, mAppName
, ValueStr
);
762 if (DataType
== -1) {
763 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_DB
), mHiiHandle
, mAppName
);
767 if (ShellCommandLineGetFlag (ParamPackage
, L
"-a")) {
768 Status
= AddOrInsertPolicyEntry (DataType
, ParamPackage
);
769 if (EFI_ERROR (Status
)) {
772 } else if (ShellCommandLineGetFlag (ParamPackage
, L
"-i")) {
773 Status
= AddOrInsertPolicyEntry (DataType
, ParamPackage
);
774 if (EFI_ERROR (Status
)) {
777 } else if (ShellCommandLineGetFlag (ParamPackage
, L
"-e")) {
778 Status
= EditPolicyEntry (DataType
, ParamPackage
);
779 if (EFI_ERROR (Status
)) {
782 } else if (ShellCommandLineGetFlag (ParamPackage
, L
"-d")) {
783 Status
= FlushOrDeletePolicyEntry (DataType
, ParamPackage
);
784 if (EFI_ERROR (Status
)) {
787 } else if (ShellCommandLineGetFlag (ParamPackage
, L
"-f")) {
788 Status
= FlushOrDeletePolicyEntry (DataType
, ParamPackage
);
789 if (EFI_ERROR (Status
)) {
792 } else if (ShellCommandLineGetFlag (ParamPackage
, L
"-l")) {
793 Status
= ListPolicyEntry (DataType
, ParamPackage
);
794 if (EFI_ERROR (Status
)) {
798 ShellPrintHiiEx (-1, -1, NULL
, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION
), mHiiHandle
, mAppName
);
803 ShellCommandLineFreeVarList (ParamPackage
);
804 HiiRemovePackages (mHiiHandle
);