NetworkPkg: Fix hang issue after system reconnected when IPSec has set up

IpSecStop() is incompetent to send out the delete information since the underlying
IP child has been destroyed. Delete all established IKE SAs and related
Child SAs directly.

Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18223 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/NetworkPkg/IpSecDxe/IkeService.c b/NetworkPkg/IpSecDxe/IkeService.c
index 6594963f5dfba2c731c29954bce3c9234ea4c16a..d8571960a011b61f44a4b7c23688640c42f7a13b 100644 (file)
--- a/NetworkPkg/IpSecDxe/IkeService.c
+++ b/NetworkPkg/IpSecDxe/IkeService.c
@@ -15,7 +15,6 @@
 \r
 #include "IkeService.h"\r
 #include "IpSecConfigImpl.h"\r
 \r
 #include "IkeService.h"\r
 #include "IpSecConfigImpl.h"\r

-#include "Ikev2/Utility.h"\r

 \r
 IKE_EXCHANGE_INTERFACE  *mIkeExchange[] = {\r
   &mIkev1Exchange,\r
 \r
 IKE_EXCHANGE_INTERFACE  *mIkeExchange[] = {\r
   &mIkev1Exchange,\r

diff --git a/NetworkPkg/IpSecDxe/IkeService.h b/NetworkPkg/IpSecDxe/IkeService.h
index 3ebd17919a61087f843ed81e17a3fdca4de586af..0e05dfe9764a1e2a712a95575d8cd92ec7861e55 100644 (file)
--- a/NetworkPkg/IpSecDxe/IkeService.h
+++ b/NetworkPkg/IpSecDxe/IkeService.h
@@ -1,7 +1,7 @@
 /** @file\r
   Prototypes definitions of IKE service.\r
 \r
 /** @file\r
   Prototypes definitions of IKE service.\r
 \r

-  Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>\r
+  Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r

 \r
   This program and the accompanying materials\r
   are licensed and made available under the terms and conditions of the BSD License\r
 \r
   This program and the accompanying materials\r
   are licensed and made available under the terms and conditions of the BSD License\r


@@ -19,6 +19,7 @@
 #include "Ike.h"\r
 #include "IpSecImpl.h"\r
 #include "IkeCommon.h"\r
 #include "Ike.h"\r
 #include "IpSecImpl.h"\r
 #include "IkeCommon.h"\r

+#include "Ikev2/Utility.h"\r

 \r
 #define IPSEC_CRYPTO_LIB_MEMORY 128 * 1024\r
 \r
 \r
 #define IPSEC_CRYPTO_LIB_MEMORY 128 * 1024\r
 \r

diff --git a/NetworkPkg/IpSecDxe/Ikev2/Exchange.c b/NetworkPkg/IpSecDxe/Ikev2/Exchange.c
index 37f9667d3d1ec1bb3bc44072e24b32b3c6a907e6..9d58ab0a46f6b46bb2f58fb3e257a19d042e07a5 100644 (file)
--- a/NetworkPkg/IpSecDxe/Ikev2/Exchange.c
+++ b/NetworkPkg/IpSecDxe/Ikev2/Exchange.c
@@ -1,7 +1,7 @@
 /** @file\r
   The general interfaces of the IKEv2.\r
 \r
 /** @file\r
   The general interfaces of the IKEv2.\r
 \r

-  Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>\r
+  Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r

 \r
   This program and the accompanying materials\r
   are licensed and made available under the terms and conditions of the BSD License\r
 \r
   This program and the accompanying materials\r
   are licensed and made available under the terms and conditions of the BSD License\r


@@ -330,7 +330,7 @@ Ikev2NegotiateInfo (
     //\r
     // Send out the Packet\r
     //\r
     //\r
     // Send out the Packet\r
     //\r

-    if (UdpService != NULL) {\r
+    if (UdpService != NULL && UdpService->Output != NULL) {\r

       Status = Ikev2SendIkePacket (UdpService, (UINT8 *) SaCommon, IkePacket, 0);\r
 \r
       if (EFI_ERROR (Status)) {\r
       Status = Ikev2SendIkePacket (UdpService, (UINT8 *) SaCommon, IkePacket, 0);\r
 \r
       if (EFI_ERROR (Status)) {\r


@@ -357,7 +357,7 @@ Ikev2NegotiateInfo (
       //\r
       // Send out the Packet\r
       //\r
       //\r
       // Send out the Packet\r
       //\r

-      if (UdpService != NULL) {\r
+      if (UdpService != NULL && UdpService->Output != NULL) {\r

         Status = Ikev2SendIkePacket (UdpService, (UINT8 *) &ChildSaSession->SessionCommon, IkePacket, 0);\r
 \r
         if (EFI_ERROR (Status)) {\r
         Status = Ikev2SendIkePacket (UdpService, (UINT8 *) &ChildSaSession->SessionCommon, IkePacket, 0);\r
 \r
         if (EFI_ERROR (Status)) {\r

diff --git a/NetworkPkg/IpSecDxe/Ikev2/Utility.c b/NetworkPkg/IpSecDxe/Ikev2/Utility.c
index 8769850d41bb5c723e402281750f42d96abc514a..16be09e14ad61166bd31c7430ad52d488e709a89 100644 (file)
--- a/NetworkPkg/IpSecDxe/Ikev2/Utility.c
+++ b/NetworkPkg/IpSecDxe/Ikev2/Utility.c
@@ -2,7 +2,7 @@
   The Common operations used by IKE Exchange Process.\r
 \r
   (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>\r
   The Common operations used by IKE Exchange Process.\r
 \r
   (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>\r

-  Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>\r
+  Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r

 \r
   This program and the accompanying materials\r
   are licensed and made available under the terms and conditions of the BSD License\r
 \r
   This program and the accompanying materials\r
   are licensed and made available under the terms and conditions of the BSD License\r


@@ -891,9 +891,7 @@ Ikev2ChildSaSilentDelete (
   RemoteSelector  = NULL;\r
   UdpService      = IkeSaSession->SessionCommon.UdpService;\r
 \r
   RemoteSelector  = NULL;\r
   UdpService      = IkeSaSession->SessionCommon.UdpService;\r
 \r

-  Private  = (UdpService->IpVersion == IP_VERSION_4) ?\r
-             IPSEC_PRIVATE_DATA_FROM_UDP4LIST(UdpService->ListHead) :\r
-             IPSEC_PRIVATE_DATA_FROM_UDP6LIST(UdpService->ListHead);\r
+  Private = IkeSaSession->SessionCommon.Private;\r

 \r
   //\r
   // Remove the Established SA from ChildSaEstablishlist.\r
 \r
   //\r
   // Remove the Established SA from ChildSaEstablishlist.\r

diff --git a/NetworkPkg/IpSecDxe/IpSecDriver.c b/NetworkPkg/IpSecDxe/IpSecDriver.c
index 454d218c75456282bfc6651e8062fef5fa406621..d8282b5e2fdab6c8d1732c238d31bfbe5bb735d8 100644 (file)
--- a/NetworkPkg/IpSecDxe/IpSecDriver.c
+++ b/NetworkPkg/IpSecDxe/IpSecDriver.c
@@ -1,7 +1,7 @@
 /** @file\r
   Driver Binding Protocol for IPsec Driver.\r
 \r
 /** @file\r
   Driver Binding Protocol for IPsec Driver.\r
 \r

-  Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>\r
+  Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r

 \r
   This program and the accompanying materials\r
   are licensed and made available under the terms and conditions of the BSD License\r
 \r
   This program and the accompanying materials\r
   are licensed and made available under the terms and conditions of the BSD License\r


@@ -178,6 +178,7 @@ IpSecStop (
   IKE_UDP_SERVICE     *UdpSrv;\r
   LIST_ENTRY          *Entry;\r
   LIST_ENTRY          *Next;\r
   IKE_UDP_SERVICE     *UdpSrv;\r
   LIST_ENTRY          *Entry;\r
   LIST_ENTRY          *Next;\r

+  IKEV2_SA_SESSION    *Ikev2SaSession;\r

 \r
   //\r
   // Locate ipsec protocol to get private data.\r
 \r
   //\r
   // Locate ipsec protocol to get private data.\r


@@ -196,7 +197,27 @@ IpSecStop (
   //\r
   if ((IpVersion == IP_VERSION_4 && Private->Udp6Num ==0) ||\r
       (IpVersion == IP_VERSION_6 && Private->Udp4Num ==0)) {\r
   //\r
   if ((IpVersion == IP_VERSION_4 && Private->Udp6Num ==0) ||\r
       (IpVersion == IP_VERSION_6 && Private->Udp4Num ==0)) {\r

-    IkeDeleteAllSas (Private, FALSE);\r
+    //\r
+    // If IKEv2 SAs are under establishing, delete it directly.\r
+    //\r
+    if (!IsListEmpty (&Private->Ikev2SessionList)) {\r
+      NET_LIST_FOR_EACH_SAFE (Entry, Next, &Private->Ikev2SessionList) {\r
+        Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry);\r
+        RemoveEntryList (&Ikev2SaSession->BySessionTable);\r
+        Ikev2SaSessionFree (Ikev2SaSession);\r
+      }\r
+    }\r
+\r
+    //\r
+    // Delete established IKEv2 SAs.\r
+    //\r
+    if (!IsListEmpty (&Private->Ikev2EstablishedList)) {\r
+      NET_LIST_FOR_EACH_SAFE (Entry, Next, &Private->Ikev2EstablishedList) {\r
+        Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry); \r
+        RemoveEntryList (&Ikev2SaSession->BySessionTable);\r
+        Ikev2SaSessionFree (Ikev2SaSession);\r
+      }\r
+    }\r

   }\r
 \r
   if (IpVersion == IP_VERSION_4) {\r
   }\r
 \r
   if (IpVersion == IP_VERSION_4) {\r