/** @file\r
The implementation of IPSEC_CONFIG_PROTOCOL.\r
\r
- Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>\r
\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
}\r
\r
//\r
- // Compare the all LocalAddress fields in the two Spdselectors.\r
+ // Compare the all LocalAddress and RemoteAddress fields in the two Spdselectors.\r
// First, SpdSel1->LocalAddress to SpdSel2->LocalAddress && Compare \r
// SpdSel1->RemoteAddress to SpdSel2->RemoteAddress. If all match, return\r
// TRUE.\r
}\r
\r
//\r
- // Compare the all LocalAddress fields in the two Spdselectors.\r
+ // Compare the all LocalAddress and RemoteAddress fields in the two Spdselectors.\r
// First, SpdSel1->LocalAddress to SpdSel2->LocalAddress && Compare \r
// SpdSel1->RemoteAddress to SpdSel2->RemoteAddress. If all match, return\r
// TRUE.\r
}\r
\r
//\r
- // Compare the all LocalAddress fields in the two Spdselectors.\r
- // First, SpdSel1->LocalAddress to SpdSel2->LocalAddress && Compare \r
- // SpdSel1->RemoteAddress to SpdSel2->RemoteAddress. If all match, return\r
+ // Compare the all LocalAddress and RemoteAddress fields in the two Spdselectors.\r
+ // First, SpdSel1->LocalAddress to SpdSel2->RemoteAddress && Compare \r
+ // SpdSel1->RemoteAddress to SpdSel2->LocalAddress. If all match, return\r
// TRUE.\r
//\r
for (Index = 0; Index < SpdSel1->LocalAddressCount; Index++) {\r
mode is Tunnel, and its tunnel option is NULL.\r
- The Action of Data is protected and its policy \r
mode is not Tunnel and it tunnel option is not NULL.\r
+ - SadEntry requied to be set into new SpdEntry's Sas has \r
+ been found but it is invalid.\r
@retval EFI_OUT_OF_RESOURCED The required system resource could not be allocated.\r
@retval EFI_SUCCESS The specified configuration data was obtained successfully.\r
\r
LIST_ENTRY *Entry;\r
LIST_ENTRY *Entry2;\r
LIST_ENTRY *NextEntry;\r
+ LIST_ENTRY *NextEntry2;\r
IPSEC_SPD_ENTRY *SpdEntry;\r
IPSEC_SAD_ENTRY *SadEntry;\r
UINTN SpdEntrySize;\r
SpdSas = &SpdEntry->Data->Sas;\r
\r
//\r
- // TODO: Deleted the related SAs.\r
+ // Remove the related SAs from Sas(SadEntry->BySpd). If the SA entry is established by \r
+ // IKE, remove from mConfigData list(SadEntry->List) and then free it directly since its \r
+ // SpdEntry will be freed later.\r
//\r
- NET_LIST_FOR_EACH (Entry2, SpdSas) {\r
- SadEntry = IPSEC_SAD_ENTRY_FROM_SPD (Entry2);\r
- SadEntry->Data->SpdEntry = NULL;\r
+ NET_LIST_FOR_EACH_SAFE (Entry2, NextEntry2, SpdSas) {\r
+ SadEntry = IPSEC_SAD_ENTRY_FROM_SPD (Entry2);\r
+ \r
+ if (SadEntry->Data->SpdEntry != NULL) {\r
+ RemoveEntryList (&SadEntry->BySpd);\r
+ SadEntry->Data->SpdEntry = NULL;\r
+ }\r
+ \r
+ if (!(SadEntry->Data->ManualSet)) {\r
+ RemoveEntryList (&SadEntry->List);\r
+ FreePool (SadEntry);\r
+ }\r
}\r
\r
//\r
// Do Padding for the different Arch.\r
//\r
SpdEntrySize = ALIGN_VARIABLE (sizeof (IPSEC_SPD_ENTRY));\r
- SpdEntrySize = ALIGN_VARIABLE (SpdEntrySize + (UINTN)SIZE_OF_SPD_SELECTOR (SpdSel));\r
+ SpdEntrySize = ALIGN_VARIABLE (SpdEntrySize + SIZE_OF_SPD_SELECTOR (SpdSel));\r
SpdEntrySize += IpSecGetSizeOfEfiSpdData (SpdData);\r
\r
SpdEntry = AllocateZeroPool (SpdEntrySize);\r
SpdData->Name,\r
sizeof (SpdData->Name)\r
);\r
- SpdEntry->Data->PackageFlag = SpdData->PackageFlag;\r
- SpdEntry->Data->Action = SpdData->Action;\r
-\r
+ SpdEntry->Data->PackageFlag = SpdData->PackageFlag;\r
+ SpdEntry->Data->TrafficDirection = SpdData->TrafficDirection;\r
+ SpdEntry->Data->Action = SpdData->Action;\r
+ \r
//\r
// Fix the address of ProcessingPolicy and copy it if need, which is continous\r
// memory and close to the base structure of SAD data.\r
NET_LIST_FOR_EACH (Entry, SadList) {\r
SadEntry = IPSEC_SAD_ENTRY_FROM_LIST (Entry);\r
\r
- for (Index = 0; Index < SpdData->SaIdCount; Index++) {\r
-\r
- if (CompareSaId (\r
- (EFI_IPSEC_CONFIG_SELECTOR *) &SpdData->SaId[Index],\r
- (EFI_IPSEC_CONFIG_SELECTOR *) SadEntry->Id\r
- )) {\r
- if (SadEntry->Data->SpdEntry != NULL) { \r
- RemoveEntryList (&SadEntry->BySpd);\r
+ for (Index = 0; Index < SpdData->SaIdCount; Index++) {\r
+ if (CompareSaId (\r
+ (EFI_IPSEC_CONFIG_SELECTOR *) &SpdData->SaId[Index],\r
+ (EFI_IPSEC_CONFIG_SELECTOR *) SadEntry->Id\r
+ )) {\r
+ //\r
+ // Check whether the found SadEntry is vaild.\r
+ //\r
+ if (IsSubSpdSelector (\r
+ (EFI_IPSEC_CONFIG_SELECTOR *) SadEntry->Data->SpdSelector,\r
+ (EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector\r
+ )) {\r
+ if (SadEntry->Data->SpdEntry != NULL) {\r
+ RemoveEntryList (&SadEntry->BySpd);\r
+ }\r
+ InsertTailList (&SpdEntry->Data->Sas, &SadEntry->BySpd);\r
+ SadEntry->Data->SpdEntry = SpdEntry;\r
+ } else {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
}\r
- InsertTailList (&SpdEntry->Data->Sas, &SadEntry->BySpd);\r
- SadEntry->Data->SpdEntry = SpdEntry;\r
- DuplicateSpdSelector (\r
- (EFI_IPSEC_CONFIG_SELECTOR *)SadEntry->Data->SpdSelector,\r
- (EFI_IPSEC_CONFIG_SELECTOR *)SpdEntry->Selector,\r
- NULL\r
- ); \r
- }\r
- }\r
+ } \r
}\r
+ \r
//\r
// Insert the new SPD entry.\r
//\r
}\r
\r
if (SaData->SpdSelector != NULL) {\r
- SadEntrySize += SadEntrySize + (UINTN)SIZE_OF_SPD_SELECTOR (SaData->SpdSelector);\r
+ SadEntrySize += SadEntrySize + SIZE_OF_SPD_SELECTOR (SaData->SpdSelector);\r
}\r
SadEntry = AllocateZeroPool (SadEntrySize);\r
\r
SadEntry->Data->SpdEntry = SpdEntry;\r
SadEntry->Data->SpdSelector = (EFI_IPSEC_SPD_SELECTOR *)((UINT8 *)SadEntry +\r
SadEntrySize -\r
- (UINTN)SIZE_OF_SPD_SELECTOR (SaData->SpdSelector)\r
+ SIZE_OF_SPD_SELECTOR (SaData->SpdSelector)\r
);\r
DuplicateSpdSelector (\r
(EFI_IPSEC_CONFIG_SELECTOR *) SadEntry->Data->SpdSelector,\r
//\r
CopyMem (SpdData->Name, SpdEntry->Data->Name, sizeof (SpdData->Name));\r
\r
- SpdData->PackageFlag = SpdEntry->Data->PackageFlag;\r
- SpdData->Action = SpdEntry->Data->Action;\r
-\r
+ SpdData->PackageFlag = SpdEntry->Data->PackageFlag;\r
+ SpdData->TrafficDirection = SpdEntry->Data->TrafficDirection;\r
+ SpdData->Action = SpdEntry->Data->Action;\r
+ \r
if (SpdData->Action != EfiIPsecActionProtect) {\r
SpdData->ProcessingPolicy = NULL;\r
} else {\r
VariableNameLength = StrLen (VariableName);\r
VariableNameISize = (VariableNameLength + 5) * sizeof (CHAR16);\r
VariableNameI = AllocateZeroPool (VariableNameISize);\r
- ASSERT (VariableNameI != NULL);\r
+ if (VariableNameI == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
\r
//\r
// Construct the varible name of ipsecconfig meta data.\r
projects / mirror_edk2.git / blobdiff