/** @file\r
\r
-Copyright (c) 2005 - 2006, Intel Corporation.<BR>\r
-All rights reserved. This program and the accompanying materials\r
+Copyright (c) 2005 - 2012, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
#ifndef __EFI_IP4_INPUT_H__\r
#define __EFI_IP4_INPUT_H__\r
\r
-typedef enum {\r
- IP4_MIN_HEADLEN = 20,\r
- IP4_MAX_HEADLEN = 60,\r
+#define IP4_MIN_HEADLEN 20\r
+#define IP4_MAX_HEADLEN 60\r
+///\r
+/// 8(ESP header) + 16(max IV) + 16(max padding) + 2(ESP tail) + 12(max ICV) = 54 \r
+///\r
+#define IP4_MAX_IPSEC_HEADLEN 54\r
\r
- IP4_ASSEMLE_HASH_SIZE = 31,\r
- IP4_FRAGMENT_LIFE = 120,\r
- IP4_MAX_PACKET_SIZE = 65535\r
-} IP4_INPUT_ENUM_TYPES;\r
+#define IP4_ASSEMLE_HASH_SIZE 31\r
+#define IP4_FRAGMENT_LIFE 120\r
+#define IP4_MAX_PACKET_SIZE 65535\r
\r
///\r
/// Per packet information for input process. LinkFlag specifies whether\r
child wants to consume the packet because each IP child needs\r
its own copy of the packet to make changes.\r
\r
- @param[in] IpSb The IP4 service instance that received the packet\r
- @param[in] Head The header of the received packet\r
- @param[in] Packet The data of the received packet\r
+ @param[in] IpSb The IP4 service instance that received the packet.\r
+ @param[in] Head The header of the received packet.\r
+ @param[in] Packet The data of the received packet.\r
+ @param[in] Option Point to the IP4 packet header options.\r
+ @param[in] OptionLen Length of the IP4 packet header options.\r
\r
- @retval EFI_NOT_FOUND No IP child accepts the packet\r
+ @retval EFI_NOT_FOUND No IP child accepts the packet.\r
@retval EFI_SUCCESS The packet is enqueued or delivered to some IP\r
children.\r
\r
Ip4Demultiplex (\r
IN IP4_SERVICE *IpSb,\r
IN IP4_HEAD *Head,\r
- IN NET_BUF *Packet\r
+ IN NET_BUF *Packet,\r
+ IN UINT8 *Option,\r
+ IN UINT32 OptionLen\r
);\r
\r
/**\r
Enqueue a received packet to all the IP children that share\r
the same interface.\r
\r
- @param[in] IpSb The IP4 service instance that receive the packet\r
- @param[in] Head The header of the received packet\r
- @param[in] Packet The data of the received packet\r
- @param[in] IpIf The interface to enqueue the packet to\r
+ @param[in] IpSb The IP4 service instance that receive the packet.\r
+ @param[in] Head The header of the received packet.\r
+ @param[in] Packet The data of the received packet.\r
+ @param[in] Option Point to the IP4 packet header options.\r
+ @param[in] OptionLen Length of the IP4 packet header options. \r
+ @param[in] IpIf The interface to enqueue the packet to.\r
\r
@return The number of the IP4 children that accepts the packet\r
\r
IN IP4_SERVICE *IpSb,\r
IN IP4_HEAD *Head,\r
IN NET_BUF *Packet,\r
+ IN UINT8 *Option,\r
+ IN UINT32 OptionLen,\r
IN IP4_INTERFACE *IpIf\r
);\r
\r
IN IP4_SERVICE *IpSb\r
);\r
\r
+/**\r
+ The work function to locate IPsec protocol to process the inbound or \r
+ outbound IP packets. The process routine handls the packet with following\r
+ actions: bypass the packet, discard the packet, or protect the packet. \r
+\r
+ @param[in] IpSb The IP4 service instance.\r
+ @param[in, out] Head The The caller supplied IP4 header.\r
+ @param[in, out] Netbuf The IP4 packet to be processed by IPsec.\r
+ @param[in, out] Options The caller supplied options.\r
+ @param[in, out] OptionsLen The length of the option.\r
+ @param[in] Direction The directionality in an SPD entry, \r
+ EfiIPsecInBound or EfiIPsecOutBound.\r
+ @param[in] Context The token's wrap.\r
+\r
+ @retval EFI_SUCCESS The IPsec protocol is not available or disabled.\r
+ @retval EFI_SUCCESS The packet was bypassed and all buffers remain the same.\r
+ @retval EFI_SUCCESS The packet was protected.\r
+ @retval EFI_ACCESS_DENIED The packet was discarded. \r
+ @retval EFI_OUT_OF_RESOURCES There is no suffcient resource to complete the operation.\r
+ @retval EFI_BUFFER_TOO_SMALL The number of non-empty block is bigger than the \r
+ number of input data blocks when build a fragment table.\r
+\r
+**/\r
+EFI_STATUS\r
+Ip4IpSecProcessPacket (\r
+ IN IP4_SERVICE *IpSb,\r
+ IN OUT IP4_HEAD **Head,\r
+ IN OUT NET_BUF **Netbuf,\r
+ IN OUT UINT8 **Options,\r
+ IN OUT UINT32 *OptionsLen,\r
+ IN EFI_IPSEC_TRAFFIC_DIR Direction,\r
+ IN VOID *Context\r
+ );\r
+\r
#endif\r
projects / mirror_edk2.git / blobdiff