/** @file\r
\r
-Copyright (c) 2005 - 2006, Intel Corporation\r
-All rights reserved. This program and the accompanying materials\r
+Copyright (c) 2005 - 2012, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
-Module Name:\r
-\r
- Ip4Input.h\r
-\r
-Abstract:\r
-\r
-\r
**/\r
\r
#ifndef __EFI_IP4_INPUT_H__\r
#define __EFI_IP4_INPUT_H__\r
\r
-typedef enum {\r
- IP4_MIN_HEADLEN = 20,\r
- IP4_MAX_HEADLEN = 60,\r
+#define IP4_MIN_HEADLEN 20\r
+#define IP4_MAX_HEADLEN 60\r
+///\r
+/// 8(ESP header) + 16(max IV) + 16(max padding) + 2(ESP tail) + 12(max ICV) = 54 \r
+///\r
+#define IP4_MAX_IPSEC_HEADLEN 54\r
\r
- IP4_ASSEMLE_HASH_SIZE = 31,\r
- IP4_FRAGMENT_LIFE = 120,\r
- IP4_MAX_PACKET_SIZE = 65535\r
-} IP4_INPUT_ENUM_TYPES;\r
+#define IP4_ASSEMLE_HASH_SIZE 31\r
+#define IP4_FRAGMENT_LIFE 120\r
+#define IP4_MAX_PACKET_SIZE 65535\r
\r
///\r
/// Per packet information for input process. LinkFlag specifies whether\r
Initialize an already allocated assemble table. This is generally\r
the assemble table embedded in the IP4 service instance.\r
\r
- @param Table The assemble table to initialize.\r
-\r
- @return NONE\r
+ @param[in, out] Table The assemble table to initialize.\r
\r
**/\r
VOID\r
Clean up the assemble table: remove all the fragments\r
and assemble entries.\r
\r
- @param Table The assemble table to clean up\r
-\r
- @return None\r
+ @param[in] Table The assemble table to clean up\r
\r
**/\r
VOID\r
The IP4 input routine. It is called by the IP4_INTERFACE when a\r
IP4 fragment is received from MNP.\r
\r
- @param Ip4Instance The IP4 child that request the receive, most like\r
+ @param[in] Ip4Instance The IP4 child that request the receive, most like\r
it is NULL.\r
- @param Packet The IP4 packet received.\r
- @param IoStatus The return status of receive request.\r
- @param Flag The link layer flag for the packet received, such\r
+ @param[in] Packet The IP4 packet received.\r
+ @param[in] IoStatus The return status of receive request.\r
+ @param[in] Flag The link layer flag for the packet received, such\r
as multicast.\r
- @param Context The IP4 service instance that own the MNP.\r
-\r
- @return None\r
+ @param[in] Context The IP4 service instance that own the MNP.\r
\r
**/\r
VOID\r
child wants to consume the packet because each IP child needs\r
its own copy of the packet to make changes.\r
\r
- @param IpSb The IP4 service instance that received the packet\r
- @param Head The header of the received packet\r
- @param Packet The data of the received packet\r
+ @param[in] IpSb The IP4 service instance that received the packet.\r
+ @param[in] Head The header of the received packet.\r
+ @param[in] Packet The data of the received packet.\r
+ @param[in] Option Point to the IP4 packet header options.\r
+ @param[in] OptionLen Length of the IP4 packet header options.\r
\r
- @retval EFI_NOT_FOUND No IP child accepts the packet\r
+ @retval EFI_NOT_FOUND No IP child accepts the packet.\r
@retval EFI_SUCCESS The packet is enqueued or delivered to some IP\r
children.\r
\r
Ip4Demultiplex (\r
IN IP4_SERVICE *IpSb,\r
IN IP4_HEAD *Head,\r
- IN NET_BUF *Packet\r
+ IN NET_BUF *Packet,\r
+ IN UINT8 *Option,\r
+ IN UINT32 OptionLen\r
);\r
\r
/**\r
Enqueue a received packet to all the IP children that share\r
the same interface.\r
\r
- @param IpSb The IP4 service instance that receive the packet\r
- @param Head The header of the received packet\r
- @param Packet The data of the received packet\r
- @param IpIf The interface to enqueue the packet to\r
+ @param[in] IpSb The IP4 service instance that receive the packet.\r
+ @param[in] Head The header of the received packet.\r
+ @param[in] Packet The data of the received packet.\r
+ @param[in] Option Point to the IP4 packet header options.\r
+ @param[in] OptionLen Length of the IP4 packet header options. \r
+ @param[in] IpIf The interface to enqueue the packet to.\r
\r
@return The number of the IP4 children that accepts the packet\r
\r
IN IP4_SERVICE *IpSb,\r
IN IP4_HEAD *Head,\r
IN NET_BUF *Packet,\r
+ IN UINT8 *Option,\r
+ IN UINT32 OptionLen,\r
IN IP4_INTERFACE *IpIf\r
);\r
\r
duplicate it to a non-shared packet, release the shared packet, then\r
deliver the non-shared packet up.\r
\r
- @param IpInstance The IP child to deliver the packet up.\r
+ @param[in] IpInstance The IP child to deliver the packet up.\r
\r
@retval EFI_OUT_OF_RESOURCES Failed to allocate resources to deliver the\r
packets.\r
/**\r
Timeout the fragment and enqueued packets.\r
\r
- @param IpSb The IP4 service instance to timeout\r
-\r
- @return None\r
+ @param[in] IpSb The IP4 service instance to timeout\r
\r
**/\r
VOID\r
IN IP4_SERVICE *IpSb\r
);\r
\r
+/**\r
+ The work function to locate IPsec protocol to process the inbound or \r
+ outbound IP packets. The process routine handls the packet with following\r
+ actions: bypass the packet, discard the packet, or protect the packet. \r
+\r
+ @param[in] IpSb The IP4 service instance.\r
+ @param[in, out] Head The The caller supplied IP4 header.\r
+ @param[in, out] Netbuf The IP4 packet to be processed by IPsec.\r
+ @param[in, out] Options The caller supplied options.\r
+ @param[in, out] OptionsLen The length of the option.\r
+ @param[in] Direction The directionality in an SPD entry, \r
+ EfiIPsecInBound or EfiIPsecOutBound.\r
+ @param[in] Context The token's wrap.\r
+\r
+ @retval EFI_SUCCESS The IPsec protocol is not available or disabled.\r
+ @retval EFI_SUCCESS The packet was bypassed and all buffers remain the same.\r
+ @retval EFI_SUCCESS The packet was protected.\r
+ @retval EFI_ACCESS_DENIED The packet was discarded. \r
+ @retval EFI_OUT_OF_RESOURCES There is no suffcient resource to complete the operation.\r
+ @retval EFI_BUFFER_TOO_SMALL The number of non-empty block is bigger than the \r
+ number of input data blocks when build a fragment table.\r
+\r
+**/\r
+EFI_STATUS\r
+Ip4IpSecProcessPacket (\r
+ IN IP4_SERVICE *IpSb,\r
+ IN OUT IP4_HEAD **Head,\r
+ IN OUT NET_BUF **Netbuf,\r
+ IN OUT UINT8 **Options,\r
+ IN OUT UINT32 *OptionsLen,\r
+ IN EFI_IPSEC_TRAFFIC_DIR Direction,\r
+ IN VOID *Context\r
+ );\r
+\r
#endif\r
projects / mirror_edk2.git / blobdiff