X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=MdeModulePkg%2FUniversal%2FNetwork%2FIp4Dxe%2FIp4Input.c;h=f22a3c3199ed89e2a7f5836d60af228af8e1ae51;hp=f5c4c9e1d406ff7963a1b2dbd7928cd86df68496;hb=d1102dba7210b95e41d06c2338a22ba6af248645;hpb=772db4bb33ae66fa20e39f786b5f80d107d450a5
diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c
index f5c4c9e1d4..f22a3c3199 100644
--- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c
+++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c
@@ -1,7 +1,10 @@
/** @file
+ IP4 input process.
+
+Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
+(C) Copyright 2015 Hewlett-Packard Development Company, L.P.
-Copyright (c) 2005 - 2006, Intel Corporation
-All rights reserved. This program and the accompanying materials
+This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
@@ -9,35 +12,25 @@ http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-Module Name:
-
- Ip4Input.c
-
-Abstract:
-
- IP4 input process.
-
-
**/
#include "Ip4Impl.h"
/**
- Create a empty assemble entry for the packet identified by
+ Create an empty assemble entry for the packet identified by
(Dst, Src, Id, Protocol). The default life for the packet is
120 seconds.
- @param Dst The destination address
- @param Src The source address
- @param Id The ID field in IP header
- @param Protocol The protocol field in IP header
+ @param[in] Dst The destination address
+ @param[in] Src The source address
+ @param[in] Id The ID field in IP header
+ @param[in] Protocol The protocol field in IP header
@return NULL if failed to allocate memory for the entry, otherwise
- @return the point to just created reassemble entry.
+ the point to just created reassemble entry.
**/
-STATIC
IP4_ASSEMBLE_ENTRY *
Ip4CreateAssembleEntry (
IN IP4_ADDR Dst,
@@ -49,14 +42,14 @@ Ip4CreateAssembleEntry (
IP4_ASSEMBLE_ENTRY *Assemble;
- Assemble = NetAllocatePool (sizeof (IP4_ASSEMBLE_ENTRY));
+ Assemble = AllocatePool (sizeof (IP4_ASSEMBLE_ENTRY));
if (Assemble == NULL) {
return NULL;
}
- NetListInit (&Assemble->Link);
- NetListInit (&Assemble->Fragments);
+ InitializeListHead (&Assemble->Link);
+ InitializeListHead (&Assemble->Fragments);
Assemble->Dst = Dst;
Assemble->Src = Src;
@@ -73,31 +66,28 @@ Ip4CreateAssembleEntry (
/**
- Release all the fragments of a packet, then free the assemble entry
-
- @param Assemble The assemble entry to free
+ Release all the fragments of a packet, then free the assemble entry.
- @return None
+ @param[in] Assemble The assemble entry to free
**/
-STATIC
VOID
Ip4FreeAssembleEntry (
IN IP4_ASSEMBLE_ENTRY *Assemble
)
{
- NET_LIST_ENTRY *Entry;
- NET_LIST_ENTRY *Next;
+ LIST_ENTRY *Entry;
+ LIST_ENTRY *Next;
NET_BUF *Fragment;
NET_LIST_FOR_EACH_SAFE (Entry, Next, &Assemble->Fragments) {
Fragment = NET_LIST_USER_STRUCT (Entry, NET_BUF, List);
- NetListRemoveEntry (Entry);
+ RemoveEntryList (Entry);
NetbufFree (Fragment);
}
- NetFreePool (Assemble);
+ FreePool (Assemble);
}
@@ -105,20 +95,18 @@ Ip4FreeAssembleEntry (
Initialize an already allocated assemble table. This is generally
the assemble table embedded in the IP4 service instance.
- @param Table The assemble table to initialize.
-
- @return NONE
+ @param[in, out] Table The assemble table to initialize.
**/
VOID
Ip4InitAssembleTable (
- IN IP4_ASSEMBLE_TABLE *Table
+ IN OUT IP4_ASSEMBLE_TABLE *Table
)
{
UINT32 Index;
for (Index = 0; Index < IP4_ASSEMLE_HASH_SIZE; Index++) {
- NetListInit (&Table->Bucket[Index]);
+ InitializeListHead (&Table->Bucket[Index]);
}
}
@@ -127,9 +115,7 @@ Ip4InitAssembleTable (
Clean up the assemble table: remove all the fragments
and assemble entries.
- @param Table The assemble table to clean up
-
- @return None
+ @param[in] Table The assemble table to clean up
**/
VOID
@@ -137,8 +123,8 @@ Ip4CleanAssembleTable (
IN IP4_ASSEMBLE_TABLE *Table
)
{
- NET_LIST_ENTRY *Entry;
- NET_LIST_ENTRY *Next;
+ LIST_ENTRY *Entry;
+ LIST_ENTRY *Next;
IP4_ASSEMBLE_ENTRY *Assemble;
UINT32 Index;
@@ -146,7 +132,7 @@ Ip4CleanAssembleTable (
NET_LIST_FOR_EACH_SAFE (Entry, Next, &Table->Bucket[Index]) {
Assemble = NET_LIST_USER_STRUCT (Entry, IP4_ASSEMBLE_ENTRY, Link);
- NetListRemoveEntry (Entry);
+ RemoveEntryList (Entry);
Ip4FreeAssembleEntry (Assemble);
}
}
@@ -161,15 +147,12 @@ Ip4CleanAssembleTable (
@param Start The sequence of the first byte to fit in
@param End One beyond the sequence of last byte to fit in.
- @return None
-
**/
-STATIC
VOID
Ip4TrimPacket (
- IN NET_BUF *Packet,
- IN INTN Start,
- IN INTN End
+ IN OUT NET_BUF *Packet,
+ IN INTN Start,
+ IN INTN End
)
{
IP4_CLIP_INFO *Info;
@@ -203,13 +186,11 @@ Ip4TrimPacket (
the assembled packet's OnFree. It will free the assemble entry,
which in turn will free all the fragments of the packet.
- @param Arg The assemble entry to free
-
- @return None
+ @param[in] Arg The assemble entry to free
**/
-STATIC
VOID
+EFIAPI
Ip4OnFreeFragments (
IN VOID *Arg
)
@@ -224,32 +205,33 @@ Ip4OnFreeFragments (
return it to caller. If the packet can't be assembled, NULL is
return.
- @param Table The assemble table used.
- @param Packet The fragment to assemble
+ @param Table The assemble table used. New assemble entry will be created
+ if the Packet is from a new chain of fragments.
+ @param Packet The fragment to assemble. It might be freed if the fragment
+ can't be re-assembled.
@return NULL if the packet can't be reassemble. The point to just assembled
- @return packet if all the fragments of the packet have arrived.
+ packet if all the fragments of the packet have arrived.
**/
-STATIC
NET_BUF *
Ip4Reassemble (
- IN IP4_ASSEMBLE_TABLE *Table,
- IN NET_BUF *Packet
+ IN OUT IP4_ASSEMBLE_TABLE *Table,
+ IN OUT NET_BUF *Packet
)
{
IP4_HEAD *IpHead;
IP4_CLIP_INFO *This;
IP4_CLIP_INFO *Node;
IP4_ASSEMBLE_ENTRY *Assemble;
- NET_LIST_ENTRY *Head;
- NET_LIST_ENTRY *Prev;
- NET_LIST_ENTRY *Cur;
+ LIST_ENTRY *Head;
+ LIST_ENTRY *Prev;
+ LIST_ENTRY *Cur;
NET_BUF *Fragment;
NET_BUF *NewPacket;
INTN Index;
- IpHead = Packet->Ip;
+ IpHead = Packet->Ip.Ip4;
This = IP4_GET_CLIP_INFO (Packet);
ASSERT (IpHead != NULL);
@@ -284,8 +266,12 @@ Ip4Reassemble (
goto DROP;
}
- NetListInsertHead (&Table->Bucket[Index], &Assemble->Link);
+ InsertHeadList (&Table->Bucket[Index], &Assemble->Link);
}
+ //
+ // Assemble shouldn't be NULL here
+ //
+ ASSERT (Assemble != NULL);
//
// Find the point to insert the packet: before the first
@@ -308,7 +294,7 @@ Ip4Reassemble (
// check whether THIS.Start < PREV.End for overlap. If two fragments
// overlaps, trim the overlapped part off THIS fragment.
//
- if ((Prev = Cur->ForwardLink) != Head) {
+ if ((Prev = Cur->BackLink) != Head) {
Fragment = NET_LIST_USER_STRUCT (Prev, NET_BUF, List);
Node = IP4_GET_CLIP_INFO (Fragment);
@@ -344,7 +330,7 @@ Ip4Reassemble (
if (Node->End <= This->End) {
Cur = Cur->ForwardLink;
- NetListRemoveEntry (&Fragment->List);
+ RemoveEntryList (&Fragment->List);
Assemble->CurLen -= Node->Length;
NetbufFree (Fragment);
@@ -359,7 +345,7 @@ Ip4Reassemble (
//
if (Node->Start < This->End) {
if (This->Start == Node->Start) {
- NetListRemoveEntry (&Packet->List);
+ RemoveEntryList (&Packet->List);
goto DROP;
}
@@ -398,13 +384,13 @@ Ip4Reassemble (
//
// Deliver the whole packet if all the fragments received.
// All fragments received if:
- // 1. received the last one, so, the totoal length is know
+ // 1. received the last one, so, the total length is know
// 2. received all the data. If the last fragment on the
// queue ends at the total length, all data is received.
//
if ((Assemble->TotalLen != 0) && (Assemble->CurLen >= Assemble->TotalLen)) {
- NetListRemoveEntry (&Assemble->Link);
+ RemoveEntryList (&Assemble->Link);
//
// If the packet is properly formated, the last fragment's End
@@ -434,8 +420,16 @@ Ip4Reassemble (
return NULL;
}
- NewPacket->Ip = Assemble->Head;
- CopyMem (IP4_GET_CLIP_INFO (NewPacket), Assemble->Info, sizeof (IP4_CLIP_INFO));
+ NewPacket->Ip.Ip4 = Assemble->Head;
+
+ ASSERT (Assemble->Info != NULL);
+
+ CopyMem (
+ IP4_GET_CLIP_INFO (NewPacket),
+ Assemble->Info,
+ sizeof (*IP4_GET_CLIP_INFO (NewPacket))
+ );
+
return NewPacket;
}
@@ -446,83 +440,317 @@ DROP:
return NULL;
}
+/**
+ The callback function for the net buffer which wraps the packet processed by
+ IPsec. It releases the wrap packet and also signals IPsec to free the resources.
+
+ @param[in] Arg The wrap context
+
+**/
+VOID
+EFIAPI
+Ip4IpSecFree (
+ IN VOID *Arg
+ )
+{
+ IP4_IPSEC_WRAP *Wrap;
+
+ Wrap = (IP4_IPSEC_WRAP *) Arg;
+
+ if (Wrap->IpSecRecycleSignal != NULL) {
+ gBS->SignalEvent (Wrap->IpSecRecycleSignal);
+ }
+
+ NetbufFree (Wrap->Packet);
+
+ FreePool (Wrap);
+
+ return;
+}
/**
- The IP4 input routine. It is called by the IP4_INTERFACE when a
- IP4 fragment is received from MNP.
+ The work function to locate IPsec protocol to process the inbound or
+ outbound IP packets. The process routine handls the packet with following
+ actions: bypass the packet, discard the packet, or protect the packet.
+
+ @param[in] IpSb The IP4 service instance.
+ @param[in, out] Head The The caller supplied IP4 header.
+ @param[in, out] Netbuf The IP4 packet to be processed by IPsec.
+ @param[in, out] Options The caller supplied options.
+ @param[in, out] OptionsLen The length of the option.
+ @param[in] Direction The directionality in an SPD entry,
+ EfiIPsecInBound or EfiIPsecOutBound.
+ @param[in] Context The token's wrap.
+
+ @retval EFI_SUCCESS The IPsec protocol is not available or disabled.
+ @retval EFI_SUCCESS The packet was bypassed and all buffers remain the same.
+ @retval EFI_SUCCESS The packet was protected.
+ @retval EFI_ACCESS_DENIED The packet was discarded.
+ @retval EFI_OUT_OF_RESOURCES There is no suffcient resource to complete the operation.
+ @retval EFI_BUFFER_TOO_SMALL The number of non-empty block is bigger than the
+ number of input data blocks when build a fragment table.
- @param Ip4Instance The IP4 child that request the receive, most like
- it is NULL.
- @param Packet The IP4 packet received.
- @param IoStatus The return status of receive request.
- @param Flag The link layer flag for the packet received, such
- as multicast.
- @param Context The IP4 service instance that own the MNP.
+**/
+EFI_STATUS
+Ip4IpSecProcessPacket (
+ IN IP4_SERVICE *IpSb,
+ IN OUT IP4_HEAD **Head,
+ IN OUT NET_BUF **Netbuf,
+ IN OUT UINT8 **Options,
+ IN OUT UINT32 *OptionsLen,
+ IN EFI_IPSEC_TRAFFIC_DIR Direction,
+ IN VOID *Context
+ )
+{
+ NET_FRAGMENT *FragmentTable;
+ NET_FRAGMENT *OriginalFragmentTable;
+ UINT32 FragmentCount;
+ UINT32 OriginalFragmentCount;
+ EFI_EVENT RecycleEvent;
+ NET_BUF *Packet;
+ IP4_TXTOKEN_WRAP *TxWrap;
+ IP4_IPSEC_WRAP *IpSecWrap;
+ EFI_STATUS Status;
+ IP4_HEAD ZeroHead;
+
+ Status = EFI_SUCCESS;
+
+ if (!mIpSec2Installed) {
+ goto ON_EXIT;
+ }
+ ASSERT (mIpSec != NULL);
+
+ Packet = *Netbuf;
+ RecycleEvent = NULL;
+ IpSecWrap = NULL;
+ FragmentTable = NULL;
+ TxWrap = (IP4_TXTOKEN_WRAP *) Context;
+ FragmentCount = Packet->BlockOpNum;
+
+ ZeroMem (&ZeroHead, sizeof (IP4_HEAD));
+
+ //
+ // Check whether the IPsec enable variable is set.
+ //
+ if (mIpSec->DisabledFlag) {
+ //
+ // If IPsec is disabled, restore the original MTU
+ //
+ IpSb->MaxPacketSize = IpSb->OldMaxPacketSize;
+ goto ON_EXIT;
+ } else {
+ //
+ // If IPsec is enabled, use the MTU which reduce the IPsec header length.
+ //
+ IpSb->MaxPacketSize = IpSb->OldMaxPacketSize - IP4_MAX_IPSEC_HEADLEN;
+ }
+
+ //
+ // Rebuild fragment table from netbuf to ease IPsec process.
+ //
+ FragmentTable = AllocateZeroPool (FragmentCount * sizeof (NET_FRAGMENT));
+
+ if (FragmentTable == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
+
+ Status = NetbufBuildExt (Packet, FragmentTable, &FragmentCount);
+
+ //
+ // Record the original FragmentTable and count.
+ //
+ OriginalFragmentTable = FragmentTable;
+ OriginalFragmentCount = FragmentCount;
+
+ if (EFI_ERROR (Status)) {
+ FreePool (FragmentTable);
+ goto ON_EXIT;
+ }
+
+ //
+ // Convert host byte order to network byte order
+ //
+ Ip4NtohHead (*Head);
+
+ Status = mIpSec->ProcessExt (
+ mIpSec,
+ IpSb->Controller,
+ IP_VERSION_4,
+ (VOID *) (*Head),
+ &(*Head)->Protocol,
+ (VOID **) Options,
+ OptionsLen,
+ (EFI_IPSEC_FRAGMENT_DATA **) (&FragmentTable),
+ &FragmentCount,
+ Direction,
+ &RecycleEvent
+ );
+ //
+ // Convert back to host byte order
+ //
+ Ip4NtohHead (*Head);
+
+ if (EFI_ERROR (Status)) {
+ FreePool (OriginalFragmentTable);
+ goto ON_EXIT;
+ }
+
+ if (OriginalFragmentTable == FragmentTable && OriginalFragmentCount == FragmentCount) {
+ //
+ // For ByPass Packet
+ //
+ FreePool (FragmentTable);
+ goto ON_EXIT;
+ } else {
+ //
+ // Free the FragmentTable which allocated before calling the IPsec.
+ //
+ FreePool (OriginalFragmentTable);
+ }
+
+ if (Direction == EfiIPsecOutBound && TxWrap != NULL) {
+
+ TxWrap->IpSecRecycleSignal = RecycleEvent;
+ TxWrap->Packet = NetbufFromExt (
+ FragmentTable,
+ FragmentCount,
+ IP4_MAX_HEADLEN,
+ 0,
+ Ip4FreeTxToken,
+ TxWrap
+ );
+ if (TxWrap->Packet == NULL) {
+ //
+ // Recover the TxWrap->Packet, if meet a error, and the caller will free
+ // the TxWrap.
+ //
+ TxWrap->Packet = *Netbuf;
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
+
+ //
+ // Free orginal Netbuf.
+ //
+ NetIpSecNetbufFree (*Netbuf);
+ *Netbuf = TxWrap->Packet;
+
+ } else {
+
+ IpSecWrap = AllocateZeroPool (sizeof (IP4_IPSEC_WRAP));
+
+ if (IpSecWrap == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ gBS->SignalEvent (RecycleEvent);
+ goto ON_EXIT;
+ }
+
+ IpSecWrap->IpSecRecycleSignal = RecycleEvent;
+ IpSecWrap->Packet = Packet;
+ Packet = NetbufFromExt (
+ FragmentTable,
+ FragmentCount,
+ IP4_MAX_HEADLEN,
+ 0,
+ Ip4IpSecFree,
+ IpSecWrap
+ );
+
+ if (Packet == NULL) {
+ Packet = IpSecWrap->Packet;
+ gBS->SignalEvent (RecycleEvent);
+ FreePool (IpSecWrap);
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
+
+ if (Direction == EfiIPsecInBound && 0 != CompareMem (*Head, &ZeroHead, sizeof (IP4_HEAD))) {
+ Ip4PrependHead (Packet, *Head, *Options, *OptionsLen);
+ Ip4NtohHead (Packet->Ip.Ip4);
+ NetbufTrim (Packet, ((*Head)->HeadLen << 2), TRUE);
- @return None
+ CopyMem (
+ IP4_GET_CLIP_INFO (Packet),
+ IP4_GET_CLIP_INFO (IpSecWrap->Packet),
+ sizeof (IP4_CLIP_INFO)
+ );
+ }
+ *Netbuf = Packet;
+ }
+
+ON_EXIT:
+ return Status;
+}
+
+/**
+ Pre-process the IPv4 packet. First validates the IPv4 packet, and
+ then reassembles packet if it is necessary.
+
+ @param[in] IpSb Pointer to IP4_SERVICE.
+ @param[in, out] Packet Pointer to the Packet to be processed.
+ @param[in] Head Pointer to the IP4_HEAD.
+ @param[in] Option Pointer to a buffer which contains the IPv4 option.
+ @param[in] OptionLen The length of Option in bytes.
+ @param[in] Flag The link layer flag for the packet received, such
+ as multicast.
+
+ @retval EFI_SEUCCESS The recieved packet is in well form.
+ @retval EFI_INVAILD_PARAMETER The recieved packet is malformed.
**/
-VOID
-Ip4AccpetFrame (
- IN IP4_PROTOCOL *Ip4Instance,
- IN NET_BUF *Packet,
- IN EFI_STATUS IoStatus,
- IN UINT32 Flag,
- IN VOID *Context
+EFI_STATUS
+Ip4PreProcessPacket (
+ IN IP4_SERVICE *IpSb,
+ IN OUT NET_BUF **Packet,
+ IN IP4_HEAD *Head,
+ IN UINT8 *Option,
+ IN UINT32 OptionLen,
+ IN UINT32 Flag
)
{
- IP4_SERVICE *IpSb;
IP4_CLIP_INFO *Info;
- IP4_HEAD *Head;
UINT32 HeadLen;
- UINT32 OptionLen;
UINT32 TotalLen;
UINT16 Checksum;
- IpSb = (IP4_SERVICE *) Context;
-
- if (EFI_ERROR (IoStatus) || (IpSb->State == IP4_SERVICE_DESTORY)) {
- goto DROP;
- }
-
//
- // Check that the IP4 header is correctly formated
+ // Check if the IP4 header is correctly formatted.
//
- if (Packet->TotalSize < IP4_MIN_HEADLEN) {
- goto RESTART;
+ if ((*Packet)->TotalSize < IP4_MIN_HEADLEN) {
+ return EFI_INVALID_PARAMETER;
}
- Head = (IP4_HEAD *) NetbufGetByte (Packet, 0, NULL);
HeadLen = (Head->HeadLen << 2);
TotalLen = NTOHS (Head->TotalLen);
//
// Mnp may deliver frame trailer sequence up, trim it off.
//
- if (TotalLen < Packet->TotalSize) {
- NetbufTrim (Packet, Packet->TotalSize - TotalLen, FALSE);
+ if (TotalLen < (*Packet)->TotalSize) {
+ NetbufTrim (*Packet, (*Packet)->TotalSize - TotalLen, FALSE);
}
if ((Head->Ver != 4) || (HeadLen < IP4_MIN_HEADLEN) ||
- (TotalLen < HeadLen) || (TotalLen != Packet->TotalSize)) {
- goto RESTART;
+ (TotalLen < HeadLen) || (TotalLen != (*Packet)->TotalSize)) {
+ return EFI_INVALID_PARAMETER;
}
//
// Some OS may send IP packets without checksum.
//
- Checksum = ~NetblockChecksum ((UINT8 *) Head, HeadLen);
+ Checksum = (UINT16) (~NetblockChecksum ((UINT8 *) Head, HeadLen));
if ((Head->Checksum != 0) && (Checksum != 0)) {
- goto RESTART;
+ return EFI_INVALID_PARAMETER;
}
//
// Convert the IP header to host byte order, then get the per packet info.
//
- Packet->Ip = Ip4NtohHead (Head);
+ (*Packet)->Ip.Ip4 = Ip4NtohHead (Head);
- Info = IP4_GET_CLIP_INFO (Packet);
+ Info = IP4_GET_CLIP_INFO (*Packet);
Info->LinkFlag = Flag;
Info->CastType = Ip4GetHostCast (IpSb, Head->Dst, Head->Src);
Info->Start = (Head->Fragment & IP4_HEAD_OFFSET_MASK) << 3;
@@ -534,66 +762,165 @@ Ip4AccpetFrame (
// The packet is destinated to us if the CastType is non-zero.
//
if ((Info->CastType == 0) || (Info->End > IP4_MAX_PACKET_SIZE)) {
- goto RESTART;
+ return EFI_INVALID_PARAMETER;
}
//
// Validate the options. Don't call the Ip4OptionIsValid if
// there is no option to save some CPU process.
//
- OptionLen = HeadLen - IP4_MIN_HEADLEN;
- if ((OptionLen > 0) && !Ip4OptionIsValid ((UINT8 *) (Head + 1), OptionLen, TRUE)) {
- goto RESTART;
+ if ((OptionLen > 0) && !Ip4OptionIsValid (Option, OptionLen, TRUE)) {
+ return EFI_INVALID_PARAMETER;
}
//
- // Trim the head off, after this point, the packet is headless.
+ // Trim the head off, after this point, the packet is headless,
// and Packet->TotalLen == Info->Length.
//
- NetbufTrim (Packet, HeadLen, TRUE);
+ NetbufTrim (*Packet, HeadLen, TRUE);
//
// Reassemble the packet if this is a fragment. The packet is a
// fragment if its head has MF (more fragment) set, or it starts
// at non-zero byte.
//
- if ((Head->Fragment & IP4_HEAD_MF_MASK) || (Info->Start != 0)) {
+ if (((Head->Fragment & IP4_HEAD_MF_MASK) != 0) || (Info->Start != 0)) {
//
// Drop the fragment if DF is set but it is fragmented. Gateway
// need to send a type 4 destination unreache ICMP message here.
//
- if (Head->Fragment & IP4_HEAD_DF_MASK) {
- goto RESTART;
+ if ((Head->Fragment & IP4_HEAD_DF_MASK) != 0) {
+ return EFI_INVALID_PARAMETER;
}
//
// The length of all but the last fragments is in the unit of 8 bytes.
//
- if ((Head->Fragment & IP4_HEAD_MF_MASK) && (Info->Length % 8 != 0)) {
- goto RESTART;
+ if (((Head->Fragment & IP4_HEAD_MF_MASK) != 0) && (Info->Length % 8 != 0)) {
+ return EFI_INVALID_PARAMETER;
}
- Packet = Ip4Reassemble (&IpSb->Assemble, Packet);
+ *Packet = Ip4Reassemble (&IpSb->Assemble, *Packet);
//
// Packet assembly isn't complete, start receive more packet.
//
- if (Packet == NULL) {
- goto RESTART;
+ if (*Packet == NULL) {
+ return EFI_INVALID_PARAMETER;
}
}
+ return EFI_SUCCESS;
+}
+
+/**
+ The IP4 input routine. It is called by the IP4_INTERFACE when a
+ IP4 fragment is received from MNP.
+
+ @param[in] Ip4Instance The IP4 child that request the receive, most like
+ it is NULL.
+ @param[in] Packet The IP4 packet received.
+ @param[in] IoStatus The return status of receive request.
+ @param[in] Flag The link layer flag for the packet received, such
+ as multicast.
+ @param[in] Context The IP4 service instance that own the MNP.
+
+**/
+VOID
+Ip4AccpetFrame (
+ IN IP4_PROTOCOL *Ip4Instance,
+ IN NET_BUF *Packet,
+ IN EFI_STATUS IoStatus,
+ IN UINT32 Flag,
+ IN VOID *Context
+ )
+{
+ IP4_SERVICE *IpSb;
+ IP4_HEAD *Head;
+ EFI_STATUS Status;
+ IP4_HEAD ZeroHead;
+ UINT8 *Option;
+ UINT32 OptionLen;
+
+ IpSb = (IP4_SERVICE *) Context;
+ Option = NULL;
+
+ if (EFI_ERROR (IoStatus) || (IpSb->State == IP4_SERVICE_DESTROY)) {
+ goto DROP;
+ }
+
+ Head = (IP4_HEAD *) NetbufGetByte (Packet, 0, NULL);
+ ASSERT (Head != NULL);
+ OptionLen = (Head->HeadLen << 2) - IP4_MIN_HEADLEN;
+ if (OptionLen > 0) {
+ Option = (UINT8 *) (Head + 1);
+ }
+
+ //
+ // Validate packet format and reassemble packet if it is necessary.
+ //
+ Status = Ip4PreProcessPacket (
+ IpSb,
+ &Packet,
+ Head,
+ Option,
+ OptionLen,
+ Flag
+ );
+
+ if (EFI_ERROR (Status)) {
+ goto RESTART;
+ }
+
+ //
+ // After trim off, the packet is a esp/ah/udp/tcp/icmp6 net buffer,
+ // and no need consider any other ahead ext headers.
+ //
+ Status = Ip4IpSecProcessPacket (
+ IpSb,
+ &Head,
+ &Packet,
+ &Option,
+ &OptionLen,
+ EfiIPsecInBound,
+ NULL
+ );
+
+ if (EFI_ERROR (Status)) {
+ goto RESTART;
+ }
+
+ //
+ // If the packet is protected by tunnel mode, parse the inner Ip Packet.
//
+ ZeroMem (&ZeroHead, sizeof (IP4_HEAD));
+ if (0 == CompareMem (Head, &ZeroHead, sizeof (IP4_HEAD))) {
// Packet may have been changed. Head, HeadLen, TotalLen, and
// info must be reloaded bofore use. The ownership of the packet
// is transfered to the packet process logic.
//
- Head = Packet->Ip;
+ Head = (IP4_HEAD *) NetbufGetByte (Packet, 0, NULL);
+ ASSERT (Head != NULL);
+ Status = Ip4PreProcessPacket (
+ IpSb,
+ &Packet,
+ Head,
+ Option,
+ OptionLen,
+ Flag
+ );
+ if (EFI_ERROR (Status)) {
+ goto RESTART;
+ }
+ }
+
+ ASSERT (Packet != NULL);
+ Head = Packet->Ip.Ip4;
IP4_GET_CLIP_INFO (Packet)->Status = EFI_SUCCESS;
switch (Head->Protocol) {
- case IP4_PROTO_ICMP:
+ case EFI_IP_PROTO_ICMP:
Ip4IcmpHandle (IpSb, Head, Packet);
break;
@@ -602,11 +929,17 @@ Ip4AccpetFrame (
break;
default:
- Ip4Demultiplex (IpSb, Head, Packet);
+ Ip4Demultiplex (IpSb, Head, Packet, Option, OptionLen);
}
Packet = NULL;
+ //
+ // Dispatch the DPCs queued by the NotifyFunction of the rx token's events
+ // which are signaled with received data.
+ //
+ DispatchDpc ();
+
RESTART:
Ip4ReceiveFrame (IpSb->DefaultInterface, NULL, Ip4AccpetFrame, IpSb);
@@ -622,11 +955,12 @@ DROP:
/**
Check whether this IP child accepts the packet.
- @param IpInstance The IP child to check
- @param Head The IP header of the packet
- @param Packet The data of the packet
+ @param[in] IpInstance The IP child to check
+ @param[in] Head The IP header of the packet
+ @param[in] Packet The data of the packet
- @return TRUE if the child wants to receive the packet, otherwise return FALSE.
+ @retval TRUE If the child wants to receive the packet.
+ @retval FALSE Otherwise.
**/
BOOLEAN
@@ -647,7 +981,7 @@ Ip4InstanceFrameAcceptable (
//
// Dirty trick for the Tiano UEFI network stack implmentation. If
// ReceiveTimeout == -1, the receive of the packet for this instance
- // is disabled. The UEFI spec don't have such captibility. We add
+ // is disabled. The UEFI spec don't have such capability. We add
// this to improve the performance because IP will make a copy of
// the received packet for each accepting instance. Some IP instances
// used by UDP/TCP only send packets, they don't wants to receive.
@@ -663,11 +997,11 @@ Ip4InstanceFrameAcceptable (
//
// Use protocol from the IP header embedded in the ICMP error
// message to filter, instead of ICMP itself. ICMP handle will
- // can Ip4Demultiplex to deliver ICMP errors.
+ // call Ip4Demultiplex to deliver ICMP errors.
//
Proto = Head->Protocol;
- if (Proto == IP4_PROTO_ICMP) {
+ if ((Proto == EFI_IP_PROTO_ICMP) && (!Config->AcceptAnyProtocol) && (Proto != Config->DefaultProtocol)) {
NetbufCopy (Packet, 0, sizeof (Icmp.Head), (UINT8 *) &Icmp.Head);
if (mIcmpClass[Icmp.Head.Type].IcmpClass == ICMP_ERROR_MESSAGE) {
@@ -726,9 +1060,9 @@ Ip4InstanceFrameAcceptable (
packet is acceptable to it. Here the data of the packet is
shared, but the net buffer isn't.
- @param IpInstance The IP4 child to enqueue the packet to
- @param Head The IP header of the received packet
- @param Packet The data of the received packet
+ @param[in] IpInstance The IP4 child to enqueue the packet to
+ @param[in] Head The IP header of the received packet
+ @param[in] Packet The data of the received packet
@retval EFI_NOT_STARTED The IP child hasn't been configured.
@retval EFI_INVALID_PARAMETER The child doesn't want to receive the packet
@@ -773,7 +1107,7 @@ Ip4InstanceEnquePacket (
Info = IP4_GET_CLIP_INFO (Clone);
Info->Life = IP4_US_TO_SEC (IpInstance->ConfigData.ReceiveTimeout);
- NetListInsertTail (&IpInstance->Received, &Clone->List);
+ InsertTailList (&IpInstance->Received, &Clone->List);
return EFI_SUCCESS;
}
@@ -782,14 +1116,11 @@ Ip4InstanceEnquePacket (
The signal handle of IP4's recycle event. It is called back
when the upper layer release the packet.
- @param Event The IP4's recycle event.
- @param Context The context of the handle, which is a
- IP4_RXDATA_WRAP
-
- @return None
+ @param Event The IP4's recycle event.
+ @param Context The context of the handle, which is a
+ IP4_RXDATA_WRAP
**/
-STATIC
VOID
EFIAPI
Ip4OnRecyclePacket (
@@ -801,15 +1132,15 @@ Ip4OnRecyclePacket (
Wrap = (IP4_RXDATA_WRAP *) Context;
- NET_TRYLOCK (&Wrap->IpInstance->RecycleLock);
- NetListRemoveEntry (&Wrap->Link);
- NET_UNLOCK (&Wrap->IpInstance->RecycleLock);
+ EfiAcquireLockOrFail (&Wrap->IpInstance->RecycleLock);
+ RemoveEntryList (&Wrap->Link);
+ EfiReleaseLock (&Wrap->IpInstance->RecycleLock);
ASSERT (!NET_BUF_SHARED (Wrap->Packet));
NetbufFree (Wrap->Packet);
gBS->CloseEvent (Wrap->RxData.RecycleSignal);
- NetFreePool (Wrap);
+ FreePool (Wrap);
}
@@ -821,10 +1152,11 @@ Ip4OnRecyclePacket (
to the upper layer. Upper layer will signal the recycle event in
it when it is done with the packet.
- @param IpInstance The IP4 child to receive the packet
- @param Packet The packet to deliver up.
+ @param[in] IpInstance The IP4 child to receive the packet.
+ @param[in] Packet The packet to deliver up.
- @return NULL if failed to wrap the packet, otherwise the wrapper.
+ @retval Wrap if warp the packet succeed.
+ @retval NULL failed to wrap the packet .
**/
IP4_RXDATA_WRAP *
@@ -836,47 +1168,52 @@ Ip4WrapRxData (
IP4_RXDATA_WRAP *Wrap;
EFI_IP4_RECEIVE_DATA *RxData;
EFI_STATUS Status;
+ BOOLEAN RawData;
- Wrap = NetAllocatePool (IP4_RXDATA_WRAP_SIZE (Packet->BlockOpNum));
+ Wrap = AllocatePool (IP4_RXDATA_WRAP_SIZE (Packet->BlockOpNum));
if (Wrap == NULL) {
return NULL;
}
- NetListInit (&Wrap->Link);
+ InitializeListHead (&Wrap->Link);
Wrap->IpInstance = IpInstance;
Wrap->Packet = Packet;
RxData = &Wrap->RxData;
- NetZeroMem (&RxData->TimeStamp, sizeof (EFI_TIME));
+ ZeroMem (RxData, sizeof (EFI_IP4_RECEIVE_DATA));
Status = gBS->CreateEvent (
EVT_NOTIFY_SIGNAL,
- NET_TPL_RECYCLE,
+ TPL_NOTIFY,
Ip4OnRecyclePacket,
Wrap,
&RxData->RecycleSignal
);
if (EFI_ERROR (Status)) {
- NetFreePool (Wrap);
+ FreePool (Wrap);
return NULL;
}
- ASSERT (Packet->Ip != NULL);
+ ASSERT (Packet->Ip.Ip4 != NULL);
+
+ ASSERT (IpInstance != NULL);
+ RawData = IpInstance->ConfigData.RawData;
//
// The application expects a network byte order header.
//
- RxData->HeaderLength = (Packet->Ip->HeadLen << 2);
- RxData->Header = (EFI_IP4_HEADER *) Ip4NtohHead (Packet->Ip);
+ if (!RawData) {
+ RxData->HeaderLength = (Packet->Ip.Ip4->HeadLen << 2);
+ RxData->Header = (EFI_IP4_HEADER *) Ip4NtohHead (Packet->Ip.Ip4);
+ RxData->OptionsLength = RxData->HeaderLength - IP4_MIN_HEADLEN;
+ RxData->Options = NULL;
- RxData->OptionsLength = RxData->HeaderLength - IP4_MIN_HEADLEN;
- RxData->Options = NULL;
-
- if (RxData->OptionsLength != 0) {
- RxData->Options = (VOID *) (RxData->Header + 1);
+ if (RxData->OptionsLength != 0) {
+ RxData->Options = (VOID *) (RxData->Header + 1);
+ }
}
RxData->DataLength = Packet->TotalSize;
@@ -897,7 +1234,7 @@ Ip4WrapRxData (
duplicate it to a non-shared packet, release the shared packet, then
deliver the non-shared packet up.
- @param IpInstance The IP child to deliver the packet up.
+ @param[in] IpInstance The IP child to deliver the packet up.
@retval EFI_OUT_OF_RESOURCES Failed to allocate resources to deliver the
packets.
@@ -915,11 +1252,12 @@ Ip4InstanceDeliverPacket (
NET_BUF *Packet;
NET_BUF *Dup;
UINT8 *Head;
+ UINT32 HeadLen;
//
// Deliver a packet if there are both a packet and a receive token.
//
- while (!NetListIsEmpty (&IpInstance->Received) &&
+ while (!IsListEmpty (&IpInstance->Received) &&
!NetMapIsEmpty (&IpInstance->RxTokens)) {
Packet = NET_LIST_HEAD (&IpInstance->Received, NET_BUF, List);
@@ -934,28 +1272,38 @@ Ip4InstanceDeliverPacket (
return EFI_OUT_OF_RESOURCES;
}
- NetListRemoveEntry (&Packet->List);
+ RemoveEntryList (&Packet->List);
} else {
//
// Create a duplicated packet if this packet is shared
//
- Dup = NetbufDuplicate (Packet, NULL, IP4_MAX_HEADLEN);
+ if (IpInstance->ConfigData.RawData) {
+ HeadLen = 0;
+ } else {
+ HeadLen = IP4_MAX_HEADLEN;
+ }
+
+ Dup = NetbufDuplicate (Packet, NULL, HeadLen);
if (Dup == NULL) {
return EFI_OUT_OF_RESOURCES;
}
- //
- // Copy the IP head over. The packet to deliver up is
- // headless. Trim the head off after copy. The IP head
- // may be not continuous before the data.
- //
- Head = NetbufAllocSpace (Dup, IP4_MAX_HEADLEN, NET_BUF_HEAD);
- Dup->Ip = (IP4_HEAD *) Head;
+ if (!IpInstance->ConfigData.RawData) {
+ //
+ // Copy the IP head over. The packet to deliver up is
+ // headless. Trim the head off after copy. The IP head
+ // may be not continuous before the data.
+ //
+ Head = NetbufAllocSpace (Dup, IP4_MAX_HEADLEN, NET_BUF_HEAD);
+ ASSERT (Head != NULL);
- NetCopyMem (Head, Packet->Ip, Packet->Ip->HeadLen << 2);
- NetbufTrim (Dup, IP4_MAX_HEADLEN, TRUE);
+ Dup->Ip.Ip4 = (IP4_HEAD *) Head;
+
+ CopyMem (Head, Packet->Ip.Ip4, Packet->Ip.Ip4->HeadLen << 2);
+ NetbufTrim (Dup, IP4_MAX_HEADLEN, TRUE);
+ }
Wrap = Ip4WrapRxData (IpInstance, Dup);
@@ -964,7 +1312,7 @@ Ip4InstanceDeliverPacket (
return EFI_OUT_OF_RESOURCES;
}
- NetListRemoveEntry (&Packet->List);
+ RemoveEntryList (&Packet->List);
NetbufFree (Packet);
Packet = Dup;
@@ -974,9 +1322,9 @@ Ip4InstanceDeliverPacket (
// Insert it into the delivered packet, then get a user's
// receive token, pass the wrapped packet up.
//
- NET_TRYLOCK (&IpInstance->RecycleLock);
- NetListInsertHead (&IpInstance->Delivered, &Wrap->Link);
- NET_UNLOCK (&IpInstance->RecycleLock);
+ EfiAcquireLockOrFail (&IpInstance->RecycleLock);
+ InsertHeadList (&IpInstance->Delivered, &Wrap->Link);
+ EfiReleaseLock (&IpInstance->RecycleLock);
Token = NetMapRemoveHead (&IpInstance->RxTokens, NULL);
Token->Status = IP4_GET_CLIP_INFO (Packet)->Status;
@@ -993,10 +1341,12 @@ Ip4InstanceDeliverPacket (
Enqueue a received packet to all the IP children that share
the same interface.
- @param IpSb The IP4 service instance that receive the packet
- @param Head The header of the received packet
- @param Packet The data of the received packet
- @param IpIf The interface to enqueue the packet to
+ @param[in] IpSb The IP4 service instance that receive the packet.
+ @param[in] Head The header of the received packet.
+ @param[in] Packet The data of the received packet.
+ @param[in] Option Point to the IP4 packet header options.
+ @param[in] OptionLen Length of the IP4 packet header options.
+ @param[in] IpIf The interface to enqueue the packet to.
@return The number of the IP4 children that accepts the packet
@@ -1006,12 +1356,14 @@ Ip4InterfaceEnquePacket (
IN IP4_SERVICE *IpSb,
IN IP4_HEAD *Head,
IN NET_BUF *Packet,
+ IN UINT8 *Option,
+ IN UINT32 OptionLen,
IN IP4_INTERFACE *IpIf
)
{
IP4_PROTOCOL *IpInstance;
IP4_CLIP_INFO *Info;
- NET_LIST_ENTRY *Entry;
+ LIST_ENTRY *Entry;
INTN Enqueued;
INTN LocalType;
INTN SavedType;
@@ -1071,6 +1423,13 @@ Ip4InterfaceEnquePacket (
IpInstance = NET_LIST_USER_STRUCT (Entry, IP4_PROTOCOL, AddrLink);
NET_CHECK_SIGNATURE (IpInstance, IP4_PROTOCOL_SIGNATURE);
+ //
+ // In RawData mode, add IPv4 headers and options back to packet.
+ //
+ if ((IpInstance->ConfigData.RawData) && (Option != NULL) && (OptionLen != 0)){
+ Ip4PrependHead (Packet, Head, Option, OptionLen);
+ }
+
if (Ip4InstanceEnquePacket (IpInstance, Head, Packet) == EFI_SUCCESS) {
Enqueued++;
}
@@ -1084,8 +1443,8 @@ Ip4InterfaceEnquePacket (
/**
Deliver the packet for each IP4 child on the interface.
- @param IpSb The IP4 service instance that received the packet
- @param IpIf The IP4 interface to deliver the packet.
+ @param[in] IpSb The IP4 service instance that received the packet
+ @param[in] IpIf The IP4 interface to deliver the packet.
@retval EFI_SUCCESS It always returns EFI_SUCCESS now
@@ -1097,7 +1456,7 @@ Ip4InterfaceDeliverPacket (
)
{
IP4_PROTOCOL *Ip4Instance;
- NET_LIST_ENTRY *Entry;
+ LIST_ENTRY *Entry;
NET_LIST_FOR_EACH (Entry, &IpIf->IpInstances) {
Ip4Instance = NET_LIST_USER_STRUCT (Entry, IP4_PROTOCOL, AddrLink);
@@ -1114,14 +1473,16 @@ Ip4InterfaceDeliverPacket (
to each IP4 child that accepts the packet. The second pass will
deliver a non-shared copy of the packet to each IP4 child that
has pending receive requests. Data is copied if more than one
- child wants to consume the packet bacause each IP child need
+ child wants to consume the packet because each IP child needs
its own copy of the packet to make changes.
- @param IpSb The IP4 service instance that received the packet
- @param Head The header of the received packet
- @param Packet The data of the received packet
+ @param[in] IpSb The IP4 service instance that received the packet.
+ @param[in] Head The header of the received packet.
+ @param[in] Packet The data of the received packet.
+ @param[in] Option Point to the IP4 packet header options.
+ @param[in] OptionLen Length of the IP4 packet header options.
- @retval EFI_NOT_FOUND No IP child accepts the packet
+ @retval EFI_NOT_FOUND No IP child accepts the packet.
@retval EFI_SUCCESS The packet is enqueued or delivered to some IP
children.
@@ -1130,10 +1491,12 @@ EFI_STATUS
Ip4Demultiplex (
IN IP4_SERVICE *IpSb,
IN IP4_HEAD *Head,
- IN NET_BUF *Packet
+ IN NET_BUF *Packet,
+ IN UINT8 *Option,
+ IN UINT32 OptionLen
)
{
- NET_LIST_ENTRY *Entry;
+ LIST_ENTRY *Entry;
IP4_INTERFACE *IpIf;
INTN Enqueued;
@@ -1147,7 +1510,14 @@ Ip4Demultiplex (
IpIf = NET_LIST_USER_STRUCT (Entry, IP4_INTERFACE, Link);
if (IpIf->Configured) {
- Enqueued += Ip4InterfaceEnquePacket (IpSb, Head, Packet, IpIf);
+ Enqueued += Ip4InterfaceEnquePacket (
+ IpSb,
+ Head,
+ Packet,
+ Option,
+ OptionLen,
+ IpIf
+ );
}
}
@@ -1177,9 +1547,7 @@ Ip4Demultiplex (
/**
Timeout the fragment and enqueued packets.
- @param IpSb The IP4 service instance to timeout
-
- @return None
+ @param[in] IpSb The IP4 service instance to timeout
**/
VOID
@@ -1187,9 +1555,9 @@ Ip4PacketTimerTicking (
IN IP4_SERVICE *IpSb
)
{
- NET_LIST_ENTRY *InstanceEntry;
- NET_LIST_ENTRY *Entry;
- NET_LIST_ENTRY *Next;
+ LIST_ENTRY *InstanceEntry;
+ LIST_ENTRY *Entry;
+ LIST_ENTRY *Next;
IP4_PROTOCOL *IpInstance;
IP4_ASSEMBLE_ENTRY *Assemble;
NET_BUF *Packet;
@@ -1205,7 +1573,7 @@ Ip4PacketTimerTicking (
Assemble = NET_LIST_USER_STRUCT (Entry, IP4_ASSEMBLE_ENTRY, Link);
if ((Assemble->Life > 0) && (--Assemble->Life == 0)) {
- NetListRemoveEntry (Entry);
+ RemoveEntryList (Entry);
Ip4FreeAssembleEntry (Assemble);
}
}
@@ -1222,7 +1590,7 @@ Ip4PacketTimerTicking (
Info = IP4_GET_CLIP_INFO (Packet);
if ((Info->Life > 0) && (--Info->Life == 0)) {
- NetListRemoveEntry (Entry);
+ RemoveEntryList (Entry);
NetbufFree (Packet);
}
}