\r
#include "Ip6Impl.h"\r
\r
-EFI_IPSEC_PROTOCOL *mIpSec = NULL;\r
+EFI_IPSEC2_PROTOCOL *mIpSec = NULL;\r
\r
EFI_IP6_PROTOCOL mEfiIp6ProtocolTemplete = {\r
EfiIp6GetModeData,\r
\r
#define IP6_NO_MAPPING(IpInstance) (!(IpInstance)->Interface->Configured)\r
\r
-extern EFI_IPSEC_PROTOCOL *mIpSec;\r
+extern EFI_IPSEC2_PROTOCOL *mIpSec;\r
\r
//\r
// IP6_TXTOKEN_WRAP wraps the upper layer's transmit token.\r
actions: bypass the packet, discard the packet, or protect the packet.\r
\r
@param[in] IpSb The IP6 service instance.\r
- @param[in] Head The caller-supplied IP6 header.\r
+ @param[in, out] Head The caller-supplied IP6 header.\r
@param[in, out] LastHead The next header field of last IP header.\r
@param[in, out] Netbuf The IP6 packet to be processed by IPsec.\r
- @param[in] ExtHdrs The caller-supplied options.\r
- @param[in] ExtHdrsLen The length of the option.\r
+ @param[in, out] ExtHdrs The caller-supplied options.\r
+ @param[in, out] ExtHdrsLen The length of the option.\r
@param[in] Direction The directionality in an SPD entry,\r
EfiIPsecInBound, or EfiIPsecOutBound.\r
@param[in] Context The token's wrap.\r
**/\r
EFI_STATUS\r
Ip6IpSecProcessPacket (\r
- IN IP6_SERVICE *IpSb,\r
- IN EFI_IP6_HEADER *Head,\r
- IN OUT UINT8 *LastHead,\r
- IN OUT NET_BUF **Netbuf,\r
- IN VOID *ExtHdrs,\r
- IN UINT32 ExtHdrsLen,\r
- IN EFI_IPSEC_TRAFFIC_DIR Direction,\r
- IN VOID *Context\r
+ IN IP6_SERVICE *IpSb,\r
+ IN OUT EFI_IP6_HEADER **Head,\r
+ IN OUT UINT8 *LastHead,\r
+ IN OUT NET_BUF **Netbuf,\r
+ IN OUT UINT8 **ExtHdrs,\r
+ IN OUT UINT32 *ExtHdrsLen,\r
+ IN EFI_IPSEC_TRAFFIC_DIR Direction,\r
+ IN VOID *Context\r
)\r
{\r
NET_FRAGMENT *FragmentTable;\r
+ NET_FRAGMENT *OriginalFragmentTable;\r
UINT32 FragmentCount;\r
+ UINT32 OriginalFragmentCount;\r
EFI_EVENT RecycleEvent;\r
NET_BUF *Packet;\r
IP6_TXTOKEN_WRAP *TxWrap;\r
EFI_STATUS Status;\r
EFI_IP6_HEADER *PacketHead;\r
UINT8 *Buf;\r
+ EFI_IP6_HEADER ZeroHead;\r
\r
Status = EFI_SUCCESS;\r
Packet = *Netbuf;\r
Buf = NULL;\r
TxWrap = (IP6_TXTOKEN_WRAP *) Context;\r
FragmentCount = Packet->BlockOpNum;\r
+ ZeroMem (&ZeroHead, sizeof (EFI_IP6_HEADER));\r
\r
if (mIpSec == NULL) {\r
gBS->LocateProtocol (&gEfiIpSecProtocolGuid, NULL, (VOID **) &mIpSec);\r
//\r
// Bypass all multicast inbound or outbound traffic.\r
//\r
- if (IP6_IS_MULTICAST (&Head->DestinationAddress) || IP6_IS_MULTICAST (&Head->SourceAddress)) {\r
+ if (IP6_IS_MULTICAST (&(*Head)->DestinationAddress) || IP6_IS_MULTICAST (&(*Head)->SourceAddress)) {\r
goto ON_EXIT;\r
}\r
\r
}\r
\r
Status = NetbufBuildExt (Packet, FragmentTable, &FragmentCount);\r
+ OriginalFragmentTable = FragmentTable;\r
+ OriginalFragmentCount = FragmentCount;\r
\r
if (EFI_ERROR(Status)) {\r
FreePool (FragmentTable);\r
//\r
// Convert host byte order to network byte order\r
//\r
- Ip6NtohHead (Head);\r
+ Ip6NtohHead (*Head);\r
\r
- Status = mIpSec->Process (\r
+ Status = mIpSec->ProcessExt (\r
mIpSec,\r
IpSb->Controller,\r
IP_VERSION_6,\r
- (VOID *) Head,\r
+ (VOID *) (*Head),\r
LastHead,\r
- NULL,\r
- 0,\r
+ (VOID **) ExtHdrs,\r
+ ExtHdrsLen,\r
(EFI_IPSEC_FRAGMENT_DATA **) (&FragmentTable),\r
&FragmentCount,\r
Direction,\r
//\r
// Convert back to host byte order\r
//\r
- Ip6NtohHead (Head);\r
+ Ip6NtohHead (*Head);\r
\r
if (EFI_ERROR (Status)) {\r
goto ON_EXIT;\r
}\r
\r
- if (Direction == EfiIPsecOutBound && TxWrap != NULL) {\r
+ if (OriginalFragmentCount == FragmentCount && OriginalFragmentTable == FragmentTable) {\r
+ //\r
+ // For ByPass Packet\r
+ //\r
+ goto ON_EXIT;\r
+ }\r
\r
+ if (Direction == EfiIPsecOutBound && TxWrap != NULL) {\r
TxWrap->IpSecRecycleSignal = RecycleEvent;\r
TxWrap->Packet = NetbufFromExt (\r
FragmentTable,\r
goto ON_EXIT;\r
}\r
\r
+ CopyMem (\r
+ IP6_GET_CLIP_INFO (TxWrap->Packet),\r
+ IP6_GET_CLIP_INFO (Packet),\r
+ sizeof (IP6_CLIP_INFO)\r
+ );\r
+ \r
+ NetIpSecNetbufFree(Packet);\r
*Netbuf = TxWrap->Packet;\r
\r
} else {\r
goto ON_EXIT;\r
}\r
\r
- if (Direction == EfiIPsecInBound) {\r
+ if (Direction == EfiIPsecInBound && 0 != CompareMem (&ZeroHead, *Head, sizeof (EFI_IP6_HEADER))) {\r
\r
PacketHead = (EFI_IP6_HEADER *) NetbufAllocSpace (\r
Packet,\r
- sizeof (EFI_IP6_HEADER) + ExtHdrsLen,\r
+ sizeof (EFI_IP6_HEADER) + *ExtHdrsLen,\r
NET_BUF_HEAD\r
);\r
if (PacketHead == NULL) {\r
goto ON_EXIT;\r
}\r
\r
- CopyMem (PacketHead, Head, sizeof (EFI_IP6_HEADER));\r
+ CopyMem (PacketHead, *Head, sizeof (EFI_IP6_HEADER));\r
+ *Head = PacketHead;\r
Packet->Ip.Ip6 = PacketHead;\r
\r
- if (ExtHdrs != NULL) {\r
+ if (*ExtHdrs != NULL) {\r
Buf = (UINT8 *) (PacketHead + 1);\r
- CopyMem (Buf, ExtHdrs, ExtHdrsLen);\r
+ CopyMem (Buf, *ExtHdrs, *ExtHdrsLen);\r
}\r
\r
- NetbufTrim (Packet, sizeof (EFI_IP6_HEADER) + ExtHdrsLen, TRUE);\r
+ NetbufTrim (Packet, sizeof (EFI_IP6_HEADER) + *ExtHdrsLen, TRUE);\r
CopyMem (\r
IP6_GET_CLIP_INFO (Packet),\r
IP6_GET_CLIP_INFO (IpSecWrap->Packet),\r
sizeof (IP6_CLIP_INFO)\r
);\r
}\r
-\r
*Netbuf = Packet;\r
}\r
\r
}\r
\r
/**\r
- The IP6 input routine. It is called by the IP6_INTERFACE when an\r
- IP6 fragment is received from MNP.\r
-\r
- @param[in] Packet The IP6 packet received.\r
- @param[in] IoStatus The return status of receive request.\r
- @param[in] Flag The link layer flag for the packet received, such\r
- as multicast.\r
- @param[in] Context The IP6 service instance that owns the MNP.\r
+ Pre-process the IPv6 packet. First validates the IPv6 packet, and\r
+ then reassembles packet if it is necessary.\r
+\r
+ @param[in] IpSb The IP6 service instance.\r
+ @param[in, out] Packet The received IP6 packet to be processed.\r
+ @param[in] Flag The link layer flag for the packet received, such\r
+ as multicast.\r
+ @param[out] Payload The pointer to the payload of the recieved packet. \r
+ it starts from the first byte of the extension header. \r
+ @param[out] LastHead The pointer of NextHeader of the last extension\r
+ header processed by IP6.\r
+ @param[out] ExtHdrsLen The length of the whole option.\r
+ @param[out] UnFragmentLen The length of unfragmented length of extension headers.\r
+ @param[out] Fragmented Indicate whether the packet is fragmented. \r
+ @param[out] Head The pointer to the EFI_IP6_Header.\r
+\r
+ @retval EFI_SUCCESS The received packet is well format.\r
+ @retval EFI_INVALID_PARAMETER The received packet is malformed.\r
\r
**/\r
-VOID\r
-Ip6AcceptFrame (\r
- IN NET_BUF *Packet,\r
- IN EFI_STATUS IoStatus,\r
- IN UINT32 Flag,\r
- IN VOID *Context\r
+EFI_STATUS\r
+Ip6PreProcessPacket (\r
+ IN IP6_SERVICE *IpSb,\r
+ IN OUT NET_BUF **Packet,\r
+ IN UINT32 Flag,\r
+ OUT UINT8 **Payload,\r
+ OUT UINT8 **LastHead,\r
+ OUT UINT32 *ExtHdrsLen,\r
+ OUT UINT32 *UnFragmentLen,\r
+ OUT BOOLEAN *Fragmented, \r
+ OUT EFI_IP6_HEADER **Head\r
+ \r
+ \r
)\r
{\r
- IP6_SERVICE *IpSb;\r
- IP6_CLIP_INFO *Info;\r
- EFI_IP6_HEADER *Head;\r
UINT16 PayloadLen;\r
- UINT8 *Payload;\r
UINT16 TotalLen;\r
- UINT8 *LastHead;\r
UINT32 FormerHeadOffset;\r
- UINT32 UnFragmentLen;\r
- UINT32 ExtHdrsLen;\r
UINT32 HeadLen;\r
- BOOLEAN Fragmented;\r
IP6_FRAGMENT_HEADER *FragmentHead;\r
UINT16 FragmentOffset;\r
- EFI_STATUS Status;\r
+ IP6_CLIP_INFO *Info;\r
EFI_IPv6_ADDRESS Loopback;\r
\r
- IpSb = (IP6_SERVICE *) Context;\r
- NET_CHECK_SIGNATURE (IpSb, IP6_SERVICE_SIGNATURE);\r
-\r
- Payload = NULL;\r
-\r
- //\r
- // Check input parameters\r
- //\r
- if (EFI_ERROR (IoStatus) || (IpSb->State == IP6_SERVICE_DESTROY)) {\r
- goto Drop;\r
- }\r
-\r
+ HeadLen = 0;\r
+ PayloadLen = 0;\r
//\r
// Check whether the input packet is a valid packet\r
//\r
- if (Packet->TotalSize < IP6_MIN_HEADLEN) {\r
- goto Restart;\r
+ if ((*Packet)->TotalSize < IP6_MIN_HEADLEN) {\r
+ return EFI_INVALID_PARAMETER;\r
}\r
\r
//\r
// Get header information of the packet.\r
//\r
- Head = (EFI_IP6_HEADER *) NetbufGetByte (Packet, 0, NULL);\r
- if (Head == NULL) {\r
- goto Restart;\r
+ *Head = (EFI_IP6_HEADER *) NetbufGetByte (*Packet, 0, NULL);\r
+ if (*Head == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
}\r
\r
//\r
// Multicast addresses must not be used as source addresses in IPv6 packets.\r
//\r
- if ((Head->Version != 6) || (IP6_IS_MULTICAST (&Head->SourceAddress))) {\r
- goto Restart;\r
+ if (((*Head)->Version != 6) || (IP6_IS_MULTICAST (&(*Head)->SourceAddress))) {\r
+ return EFI_INVALID_PARAMETER;\r
}\r
\r
//\r
//\r
ZeroMem (&Loopback, sizeof (EFI_IPv6_ADDRESS));\r
Loopback.Addr[15] = 0x1;\r
- if ((CompareMem (&Loopback, &Head->DestinationAddress, sizeof (EFI_IPv6_ADDRESS)) == 0) ||\r
- (NetIp6IsUnspecifiedAddr (&Head->DestinationAddress))) {\r
- goto Restart;\r
+ if ((CompareMem (&Loopback, &(*Head)->DestinationAddress, sizeof (EFI_IPv6_ADDRESS)) == 0) ||\r
+ (NetIp6IsUnspecifiedAddr (&(*Head)->DestinationAddress))) {\r
+ return EFI_INVALID_PARAMETER;\r
}\r
\r
//\r
// Convert the IP header to host byte order.\r
//\r
- Packet->Ip.Ip6 = Ip6NtohHead (Head);\r
+ (*Packet)->Ip.Ip6 = Ip6NtohHead (*Head);\r
\r
//\r
// Get the per packet info.\r
//\r
- Info = IP6_GET_CLIP_INFO (Packet);\r
+ Info = IP6_GET_CLIP_INFO (*Packet);\r
Info->LinkFlag = Flag;\r
Info->CastType = 0;\r
\r
Info->CastType = Ip6Promiscuous;\r
}\r
\r
- if (Ip6IsOneOfSetAddress (IpSb, &Head->DestinationAddress, NULL, NULL)) {\r
+ if (Ip6IsOneOfSetAddress (IpSb, &(*Head)->DestinationAddress, NULL, NULL)) {\r
Info->CastType = Ip6Unicast;\r
- } else if (IP6_IS_MULTICAST (&Head->DestinationAddress)) {\r
- if (Ip6FindMldEntry (IpSb, &Head->DestinationAddress) != NULL) {\r
+ } else if (IP6_IS_MULTICAST (&(*Head)->DestinationAddress)) {\r
+ if (Ip6FindMldEntry (IpSb, &(*Head)->DestinationAddress) != NULL) {\r
Info->CastType = Ip6Multicast;\r
}\r
}\r
// Drop the packet that is not delivered to us.\r
//\r
if (Info->CastType == 0) {\r
- goto Restart;\r
+ return EFI_INVALID_PARAMETER;\r
}\r
\r
\r
- PayloadLen = Head->PayloadLength;\r
+ PayloadLen = (*Head)->PayloadLength;\r
\r
Info->Start = 0;\r
Info->Length = PayloadLen;\r
//\r
// Mnp may deliver frame trailer sequence up, trim it off.\r
//\r
- if (TotalLen < Packet->TotalSize) {\r
- NetbufTrim (Packet, Packet->TotalSize - TotalLen, FALSE);\r
+ if (TotalLen < (*Packet)->TotalSize) {\r
+ NetbufTrim (*Packet, (*Packet)->TotalSize - TotalLen, FALSE);\r
}\r
\r
- if (TotalLen != Packet->TotalSize) {\r
- goto Restart;\r
+ if (TotalLen != (*Packet)->TotalSize) {\r
+ return EFI_INVALID_PARAMETER;\r
}\r
\r
//\r
// Check the extension headers, if exist validate them\r
//\r
if (PayloadLen != 0) {\r
- Payload = AllocatePool ((UINTN) PayloadLen);\r
- if (Payload == NULL) {\r
- goto Restart;\r
+ *Payload = AllocatePool ((UINTN) PayloadLen);\r
+ if (*Payload == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
}\r
\r
- NetbufCopy (Packet, sizeof (EFI_IP6_HEADER), PayloadLen, Payload);\r
+ NetbufCopy (*Packet, sizeof (EFI_IP6_HEADER), PayloadLen, *Payload);\r
}\r
\r
- LastHead = NULL;\r
if (!Ip6IsExtsValid (\r
IpSb,\r
- Packet,\r
- &Head->NextHeader,\r
- Payload,\r
+ *Packet,\r
+ &(*Head)->NextHeader,\r
+ *Payload,\r
(UINT32) PayloadLen,\r
TRUE,\r
&FormerHeadOffset,\r
- &LastHead,\r
- &ExtHdrsLen,\r
- &UnFragmentLen,\r
- &Fragmented\r
+ LastHead,\r
+ ExtHdrsLen,\r
+ UnFragmentLen,\r
+ Fragmented\r
)) {\r
- goto Restart;\r
+ return EFI_INVALID_PARAMETER;\r
}\r
\r
- HeadLen = sizeof (EFI_IP6_HEADER) + UnFragmentLen;\r
+ HeadLen = sizeof (EFI_IP6_HEADER) + *UnFragmentLen;\r
\r
- if (Fragmented) {\r
+ if (*Fragmented) {\r
//\r
// Get the fragment offset from the Fragment header\r
//\r
- FragmentHead = (IP6_FRAGMENT_HEADER *) NetbufGetByte (Packet, HeadLen, NULL);\r
+ FragmentHead = (IP6_FRAGMENT_HEADER *) NetbufGetByte (*Packet, HeadLen, NULL);\r
if (FragmentHead == NULL) {\r
- goto Restart;\r
+ return EFI_INVALID_PARAMETER;\r
}\r
\r
FragmentOffset = NTOHS (FragmentHead->FragmentOffset);\r
// Fragments should in the unit of 8 octets long except the last one.\r
//\r
if ((Info->LastFrag == 0) && (Info->Length % 8 != 0)) {\r
- goto Restart;\r
+ return EFI_INVALID_PARAMETER;\r
}\r
\r
//\r
// Reassemble the packet.\r
//\r
- Packet = Ip6Reassemble (&IpSb->Assemble, Packet);\r
- if (Packet == NULL) {\r
- goto Restart;\r
+ *Packet = Ip6Reassemble (&IpSb->Assemble, *Packet);\r
+ if (*Packet == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
}\r
\r
//\r
// Re-check the assembled packet to get the right values.\r
//\r
- Head = Packet->Ip.Ip6;\r
- PayloadLen = Head->PayloadLength;\r
+ *Head = (*Packet)->Ip.Ip6;\r
+ PayloadLen = (*Head)->PayloadLength;\r
if (PayloadLen != 0) {\r
- if (Payload != NULL) {\r
- FreePool (Payload);\r
+ if (*Payload != NULL) {\r
+ FreePool (*Payload);\r
}\r
\r
- Payload = AllocatePool ((UINTN) PayloadLen);\r
- if (Payload == NULL) {\r
- goto Restart;\r
+ *Payload = AllocatePool ((UINTN) PayloadLen);\r
+ if (*Payload == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
}\r
\r
- NetbufCopy (Packet, sizeof (EFI_IP6_HEADER), PayloadLen, Payload);\r
+ NetbufCopy (*Packet, sizeof (EFI_IP6_HEADER), PayloadLen, *Payload);\r
}\r
\r
if (!Ip6IsExtsValid (\r
IpSb,\r
- Packet,\r
- &Head->NextHeader,\r
- Payload,\r
+ *Packet,\r
+ &(*Head)->NextHeader,\r
+ *Payload,\r
(UINT32) PayloadLen,\r
TRUE,\r
NULL,\r
- &LastHead,\r
- &ExtHdrsLen,\r
- &UnFragmentLen,\r
- &Fragmented\r
+ LastHead,\r
+ ExtHdrsLen,\r
+ UnFragmentLen,\r
+ Fragmented\r
)) {\r
- goto Restart;\r
+ return EFI_INVALID_PARAMETER;\r
}\r
}\r
\r
// Trim the head off, after this point, the packet is headless.\r
// and Packet->TotalLen == Info->Length.\r
//\r
- NetbufTrim (Packet, sizeof (EFI_IP6_HEADER) + ExtHdrsLen, TRUE);\r
+ NetbufTrim (*Packet, sizeof (EFI_IP6_HEADER) + *ExtHdrsLen, TRUE);\r
+ \r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ The IP6 input routine. It is called by the IP6_INTERFACE when an\r
+ IP6 fragment is received from MNP.\r
+\r
+ @param[in] Packet The IP6 packet received.\r
+ @param[in] IoStatus The return status of receive request.\r
+ @param[in] Flag The link layer flag for the packet received, such\r
+ as multicast.\r
+ @param[in] Context The IP6 service instance that owns the MNP.\r
+\r
+**/\r
+VOID\r
+Ip6AcceptFrame (\r
+ IN NET_BUF *Packet,\r
+ IN EFI_STATUS IoStatus,\r
+ IN UINT32 Flag,\r
+ IN VOID *Context\r
+ )\r
+{\r
+ IP6_SERVICE *IpSb;\r
+ EFI_IP6_HEADER *Head;\r
+ UINT8 *Payload;\r
+ UINT8 *LastHead;\r
+ UINT32 UnFragmentLen;\r
+ UINT32 ExtHdrsLen;\r
+ BOOLEAN Fragmented;\r
+ EFI_STATUS Status;\r
+ EFI_IP6_HEADER ZeroHead;\r
+\r
+ IpSb = (IP6_SERVICE *) Context;\r
+ NET_CHECK_SIGNATURE (IpSb, IP6_SERVICE_SIGNATURE);\r
+\r
+ Payload = NULL;\r
+ LastHead = NULL;\r
\r
+ //\r
+ // Check input parameters\r
+ //\r
+ if (EFI_ERROR (IoStatus) || (IpSb->State == IP6_SERVICE_DESTROY)) {\r
+ goto Drop;\r
+ }\r
+ \r
+ //\r
+ // Pre-Process the Ipv6 Packet and then reassemble if it is necessary.\r
+ //\r
+ Status = Ip6PreProcessPacket (\r
+ IpSb, \r
+ &Packet, \r
+ Flag, \r
+ &Payload, \r
+ &LastHead, \r
+ &ExtHdrsLen, \r
+ &UnFragmentLen, \r
+ &Fragmented,\r
+ &Head\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ goto Restart;\r
+ }\r
//\r
// After trim off, the packet is a esp/ah/udp/tcp/icmp6 net buffer,\r
// and no need consider any other ahead ext headers.\r
//\r
Status = Ip6IpSecProcessPacket (\r
IpSb,\r
- Head,\r
+ &Head,\r
LastHead, // need get the lasthead value for input\r
&Packet,\r
- NULL,\r
- 0,\r
+ &Payload,\r
+ &ExtHdrsLen,\r
EfiIPsecInBound,\r
NULL\r
);\r
\r
- if (EFI_ERROR(Status)) {\r
+ if (EFI_ERROR (Status)) {\r
goto Restart;\r
}\r
\r
//\r
- // TODO: may check the last head again, the same as the output routine\r
- //\r
+ // If the packet is protected by IPsec Tunnel Mode, Check the Inner Ip Packet.\r
+ //\r
+ ZeroMem (&ZeroHead, sizeof (EFI_IP6_HEADER));\r
+ if (0 == CompareMem (Head, &ZeroHead, sizeof (EFI_IP6_HEADER))) {\r
+ Status = Ip6PreProcessPacket (\r
+ IpSb, \r
+ &Packet, \r
+ Flag, \r
+ &Payload, \r
+ &LastHead, \r
+ &ExtHdrsLen, \r
+ &UnFragmentLen, \r
+ &Fragmented, \r
+ &Head\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ goto Restart;\r
+ }\r
+ }\r
\r
//\r
// Packet may have been changed. The ownership of the packet\r
);\r
\r
/**\r
- The work function to locate IPsec protocol to process the inbound or\r
- outbound IP packets. The process routine handls the packet with the following\r
+ The work function to locate the IPsec protocol to process the inbound or\r
+ outbound IP packets. The process routine handles the packet with the following\r
actions: bypass the packet, discard the packet, or protect the packet.\r
\r
@param[in] IpSb The IP6 service instance.\r
- @param[in] Head The caller supplied IP6 header.\r
+ @param[in, out] Head The caller-supplied IP6 header.\r
@param[in, out] LastHead The next header field of last IP header.\r
@param[in, out] Netbuf The IP6 packet to be processed by IPsec.\r
- @param[in] ExtHdrs The caller supplied options.\r
- @param[in] ExtHdrsLen The length of the option.\r
+ @param[in, out] ExtHdrs The caller-supplied options.\r
+ @param[in, out] ExtHdrsLen The length of the option.\r
@param[in] Direction The directionality in an SPD entry,\r
- EfiIPsecInBound or EfiIPsecOutBound.\r
+ EfiIPsecInBound, or EfiIPsecOutBound.\r
@param[in] Context The token's wrap.\r
\r
@retval EFI_SUCCESS The IPsec protocol is not available or disabled.\r
- @retval EFI_SUCCESS The packet was bypassed and all buffers remain the same.\r
+ @retval EFI_SUCCESS The packet was bypassed, and all buffers remain the same.\r
@retval EFI_SUCCESS The packet was protected.\r
@retval EFI_ACCESS_DENIED The packet was discarded.\r
@retval EFI_OUT_OF_RESOURCES There are not suffcient resources to complete the operation.\r
- @retval EFI_BUFFER_TOO_SMALL The number of non-empty block is bigger than the\r
+ @retval EFI_BUFFER_TOO_SMALL The number of non-empty blocks is bigger than the\r
number of input data blocks when building a fragment table.\r
\r
**/\r
EFI_STATUS\r
Ip6IpSecProcessPacket (\r
- IN IP6_SERVICE *IpSb,\r
- IN EFI_IP6_HEADER *Head,\r
- IN OUT UINT8 *LastHead,\r
- IN OUT NET_BUF **Netbuf,\r
- IN VOID *ExtHdrs,\r
- IN UINT32 ExtHdrsLen,\r
- IN EFI_IPSEC_TRAFFIC_DIR Direction,\r
- IN VOID *Context\r
+ IN IP6_SERVICE *IpSb,\r
+ IN OUT EFI_IP6_HEADER **Head,\r
+ IN OUT UINT8 *LastHead,\r
+ IN OUT NET_BUF **Netbuf,\r
+ IN OUT UINT8 **ExtHdrs,\r
+ IN OUT UINT32 *ExtHdrsLen,\r
+ IN EFI_IPSEC_TRAFFIC_DIR Direction,\r
+ IN VOID *Context\r
);\r
\r
/**\r
\r
Status = Ip6IpSecProcessPacket (\r
IpSb,\r
- Head,\r
+ &Head,\r
LastHeader, // no need get the lasthead value for output\r
&Packet,\r
- ExtHdrs,\r
- ExtHdrsLen,\r
+ &ExtHdrs,\r
+ &ExtHdrsLen,\r
EfiIPsecOutBound,\r
Context\r
);\r
NET_LIST_FOR_EACH (Link, &mConfigData[DataType]) {\r
CommonEntry = BASE_CR (Link, IPSEC_COMMON_POLICY_ENTRY, List);\r
\r
- if (IsFound || mIsZeroSelector[DataType](Selector)) {\r
+ if (IsFound || (BOOLEAN)(mIsZeroSelector[DataType](Selector))) {\r
//\r
// If found the appointed entry, then duplicate the next one and return,\r
// or if the appointed entry is zero, then return the first one directly.\r
// Alogrithm's informations for the Encrypt/Decrpt Alogrithm.\r
//\r
ENCRYPT_ALGORITHM mIpsecEncryptAlgorithmList[IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE] = {\r
- {EFI_IPSEC_EALG_NULL, 0, 0, 1, NULL, NULL, NULL, NULL},\r
+ {IKE_EALG_NULL, 0, 0, 1, NULL, NULL, NULL, NULL},\r
{(UINT8)-1, 0, 0, 0, NULL, NULL, NULL, NULL}\r
};\r
//\r
// Alogrithm's informations for the Authentication algorithm\r
//\r
AUTH_ALGORITHM mIpsecAuthAlgorithmList[IPSEC_AUTH_ALGORITHM_LIST_SIZE] = {\r
- {EFI_IPSEC_AALG_NONE, 0, 0, 0, NULL, NULL, NULL, NULL},\r
- {EFI_IPSEC_AALG_NULL, 0, 0, 0, NULL, NULL, NULL, NULL},\r
+ {IKE_AALG_NONE, 0, 0, 0, NULL, NULL, NULL, NULL},\r
+ {IKE_AALG_NULL, 0, 0, 0, NULL, NULL, NULL, NULL},\r
{(UINT8)-1, 0, 0, 0, NULL, NULL, NULL, NULL}\r
};\r
\r
#define IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE 2\r
#define IPSEC_AUTH_ALGORITHM_LIST_SIZE 3\r
\r
+///\r
+/// Authentication Algorithm Definition\r
+/// The number value definition is aligned to IANA assignment\r
+///\r
+#define IKE_AALG_NONE 0x00\r
+#define IKE_AALG_SHA1HMAC 0x02\r
+#define IKE_AALG_NULL 0xFB\r
+\r
+///\r
+/// Encryption Algorithm Definition\r
+/// The number value definition is aligned to IANA assignment\r
+///\r
+#define IKE_EALG_NONE 0x00\r
+#define IKE_EALG_3DESCBC 0x03\r
+#define IKE_EALG_NULL 0x0B\r
+#define IKE_EALG_AESCBC 0x0C\r
+\r
/**\r
Prototype of Hash GetContextSize.\r
\r
{\r
EFI_STATUS Status;\r
IPSEC_PRIVATE_DATA *Private;\r
- EFI_IPSEC_PROTOCOL *IpSec;\r
+ EFI_IPSEC2_PROTOCOL *IpSec;\r
\r
//\r
// Check whether ipsec protocol has already been installed.\r
\r
Private->Signature = IPSEC_PRIVATE_DATA_SIGNATURE;\r
Private->ImageHandle = ImageHandle;\r
- CopyMem (&Private->IpSec, &mIpSecInstance, sizeof (EFI_IPSEC_PROTOCOL));\r
+ CopyMem (&Private->IpSec, &mIpSecInstance, sizeof (EFI_IPSEC2_PROTOCOL));\r
\r
//\r
// Initilize Private's members. Thess members is used for IKE.\r
\r
#include "IpSecConfigImpl.h"\r
\r
-EFI_IPSEC_PROTOCOL mIpSecInstance = { IpSecProcess, NULL, TRUE };\r
+EFI_IPSEC2_PROTOCOL mIpSecInstance = { IpSecProcess, NULL, TRUE };\r
\r
extern LIST_ENTRY mConfigData[IPsecConfigDataTypeMaximum];\r
\r
@param[in] NicHandle Instance of the network interface.\r
@param[in] IpVersion IPV4 or IPV6.\r
@param[in, out] IpHead Pointer to the IP Header.\r
- @param[in] LastHead The protocol of the next layer to be processed by IPsec.\r
- @param[in] OptionsBuffer Pointer to the options buffer.\r
- @param[in] OptionsLength Length of the options buffer.\r
+ @param[in, out] LastHead The protocol of the next layer to be processed by IPsec.\r
+ @param[in, out] OptionsBuffer Pointer to the options buffer.\r
+ @param[in, out] OptionsLength Length of the options buffer.\r
@param[in, out] FragmentTable Pointer to a list of fragments.\r
- @param[in] FragmentCount Number of fragments.\r
+ @param[in, out] FragmentCount Number of fragments.\r
@param[in] TrafficDirection Traffic direction.\r
@param[out] RecycleSignal Event for recycling of resources.\r
\r
EFI_STATUS\r
EFIAPI\r
IpSecProcess (\r
- IN EFI_IPSEC_PROTOCOL *This,\r
+ IN EFI_IPSEC2_PROTOCOL *This,\r
IN EFI_HANDLE NicHandle,\r
IN UINT8 IpVersion,\r
IN OUT VOID *IpHead,\r
- IN UINT8 *LastHead,\r
- IN VOID *OptionsBuffer,\r
- IN UINT32 OptionsLength,\r
+ IN OUT UINT8 *LastHead,\r
+ IN OUT VOID **OptionsBuffer,\r
+ IN OUT UINT32 *OptionsLength,\r
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,\r
- IN UINT32 *FragmentCount,\r
+ IN OUT UINT32 *FragmentCount,\r
IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection,\r
OUT EFI_EVENT *RecycleSignal\r
)\r
};\r
\r
typedef struct _IPSEC_SAD_DATA {\r
- EFI_IPSEC_MODE Mode;\r
- UINT64 SequenceNumber;\r
- UINT8 AntiReplayWindowSize;\r
- UINT64 AntiReplayBitmap[4]; // bitmap for received packet\r
- EFI_IPSEC_ALGO_INFO AlgoInfo;\r
- EFI_IPSEC_SA_LIFETIME SaLifetime;\r
- UINT32 PathMTU;\r
- IPSEC_SPD_ENTRY *SpdEntry;\r
- BOOLEAN ESNEnabled; // Extended (64-bit) SN enabled\r
- BOOLEAN ManualSet;\r
+ EFI_IPSEC_MODE Mode;\r
+ UINT64 SequenceNumber;\r
+ UINT8 AntiReplayWindowSize;\r
+ UINT64 AntiReplayBitmap[4]; // bitmap for received packet\r
+ EFI_IPSEC_ALGO_INFO AlgoInfo;\r
+ EFI_IPSEC_SA_LIFETIME SaLifetime;\r
+ UINT32 PathMTU;\r
+ IPSEC_SPD_ENTRY *SpdEntry;\r
+ EFI_IPSEC_SPD_SELECTOR *SpdSelector;\r
+ BOOLEAN ESNEnabled; // Extended (64-bit) SN enabled\r
+ BOOLEAN ManualSet;\r
+ EFI_IP_ADDRESS TunnelDestAddress;\r
+ EFI_IP_ADDRESS TunnelSourceAddress;\r
} IPSEC_SAD_DATA;\r
\r
typedef struct _IPSEC_SAD_ENTRY {\r
UINT32 Signature;\r
EFI_HANDLE Handle; // Virtual handle to install private prtocol\r
EFI_HANDLE ImageHandle;\r
- EFI_IPSEC_PROTOCOL IpSec;\r
+ EFI_IPSEC2_PROTOCOL IpSec;\r
EFI_IPSEC_CONFIG_PROTOCOL IpSecConfig;\r
BOOLEAN SetBySelf;\r
LIST_ENTRY Udp4List;\r
@param[in, out] IpHead Points to IP header containing the ESP/AH header\r
to be trimed on input, and without ESP/AH header\r
on return.\r
- @param[in] LastHead The Last Header in IP header on return.\r
- @param[in] OptionsBuffer Pointer to the options buffer. It is optional.\r
- @param[in] OptionsLength Length of the options buffer. It is optional.\r
+ @param[out] LastHead The Last Header in IP header on return.\r
+ @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.\r
+ @param[in, out] OptionsLength Length of the options buffer. It is optional.\r
@param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec\r
protected on input, and without IPsec protected\r
on return.\r
- @param[in] FragmentCount Number of fragments.\r
+ @param[in, out] FragmentCount Number of fragments.\r
@param[out] SpdEntry Pointer to contain the address of SPD entry on return.\r
@param[out] RecycleEvent Event for recycling of resources.\r
\r
IpSecProtectInboundPacket (\r
IN UINT8 IpVersion,\r
IN OUT VOID *IpHead,\r
- IN UINT8 *LastHead,\r
- IN VOID *OptionsBuffer, OPTIONAL\r
- IN UINT32 OptionsLength, OPTIONAL\r
+ OUT UINT8 *LastHead,\r
+ IN OUT VOID **OptionsBuffer, OPTIONAL\r
+ IN OUT UINT32 *OptionsLength, OPTIONAL\r
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,\r
- IN UINT32 *FragmentCount,\r
+ IN OUT UINT32 *FragmentCount,\r
OUT IPSEC_SPD_ENTRY **SpdEntry,\r
OUT EFI_EVENT *RecycleEvent\r
);\r
@param[in, out] IpHead Point to IP header containing the orginal IP header\r
to be processed on input, and inserted ESP/AH header\r
on return.\r
- @param[in] LastHead The Last Header in IP header.\r
- @param[in] OptionsBuffer Pointer to the options buffer. It is optional.\r
- @param[in] OptionsLength Length of the options buffer. It is optional.\r
+ @param[in, out] LastHead The Last Header in IP header.\r
+ @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.\r
+ @param[in, out] OptionsLength Length of the options buffer. It is optional.\r
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by\r
IPsec on input, and with IPsec protected\r
on return.\r
- @param[in] FragmentCount Number of fragments.\r
+ @param[in, out] FragmentCount Number of fragments.\r
@param[in] SadEntry Related SAD entry.\r
@param[out] RecycleEvent Event for recycling of resources.\r
\r
IpSecProtectOutboundPacket (\r
IN UINT8 IpVersion,\r
IN OUT VOID *IpHead,\r
- IN UINT8 *LastHead,\r
- IN VOID *OptionsBuffer, OPTIONAL\r
- IN UINT32 OptionsLength, OPTIONAL\r
+ IN OUT UINT8 *LastHead,\r
+ IN OUT VOID **OptionsBuffer, OPTIONAL\r
+ IN OUT UINT32 *OptionsLength, OPTIONAL\r
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,\r
- IN UINT32 *FragmentCount,\r
+ IN OUT UINT32 *FragmentCount,\r
IN IPSEC_SAD_ENTRY *SadEntry,\r
OUT EFI_EVENT *RecycleEvent\r
);\r
@param[in] NicHandle Instance of the network interface.\r
@param[in] IpVersion IPV4 or IPV6.\r
@param[in, out] IpHead Pointer to the IP Header.\r
- @param[in] LastHead The protocol of the next layer to be processed by IPsec.\r
- @param[in] OptionsBuffer Pointer to the options buffer.\r
- @param[in] OptionsLength Length of the options buffer.\r
+ @param[in, out] LastHead The protocol of the next layer to be processed by IPsec.\r
+ @param[in, out] OptionsBuffer Pointer to the options buffer.\r
+ @param[in, out] OptionsLength Length of the options buffer.\r
@param[in, out] FragmentTable Pointer to a list of fragments.\r
- @param[in] FragmentCount Number of fragments.\r
+ @param[in, out] FragmentCount Number of fragments.\r
@param[in] TrafficDirection Traffic direction.\r
@param[out] RecycleSignal Event for recycling of resources.\r
\r
EFI_STATUS\r
EFIAPI\r
IpSecProcess (\r
- IN EFI_IPSEC_PROTOCOL *This,\r
+ IN EFI_IPSEC2_PROTOCOL *This,\r
IN EFI_HANDLE NicHandle,\r
IN UINT8 IpVersion,\r
IN OUT VOID *IpHead,\r
- IN UINT8 *LastHead,\r
- IN VOID *OptionsBuffer,\r
- IN UINT32 OptionsLength,\r
+ IN OUT UINT8 *LastHead,\r
+ IN OUT VOID **OptionsBuffer,\r
+ IN OUT UINT32 *OptionsLength,\r
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,\r
- IN UINT32 *FragmentCount,\r
+ IN OUT UINT32 *FragmentCount,\r
IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection,\r
OUT EFI_EVENT *RecycleSignal\r
);\r
\r
extern EFI_DPC_PROTOCOL *mDpc;\r
-extern EFI_IPSEC_PROTOCOL mIpSecInstance;\r
+extern EFI_IPSEC2_PROTOCOL mIpSecInstance;\r
\r
extern EFI_COMPONENT_NAME2_PROTOCOL gIpSecComponentName2;\r
extern EFI_COMPONENT_NAME_PROTOCOL gIpSecComponentName;\r
)\r
{\r
switch (AuthAlgId) {\r
- case EFI_IPSEC_AALG_NONE :\r
- case EFI_IPSEC_AALG_NULL :\r
+ case IKE_AALG_NONE :\r
+ case IKE_AALG_NULL :\r
return EFI_SUCCESS;\r
\r
default:\r
EFI_ESP_TAIL *EspTail;\r
\r
switch (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId) {\r
- case EFI_IPSEC_EALG_NULL:\r
+ case IKE_EALG_NULL:\r
EspTail = (EFI_ESP_TAIL *) (PayloadBuffer + EncryptSize - sizeof (EFI_ESP_TAIL));\r
*PaddingSize = EspTail->PaddingLength;\r
*NextHeader = EspTail->NextHeader;\r
*PlainPayloadSize = EncryptSize - EspTail->PaddingLength - sizeof (EFI_ESP_TAIL);\r
break;\r
\r
- case EFI_IPSEC_EALG_3DESCBC:\r
- case EFI_IPSEC_EALG_AESCBC:\r
+ case IKE_EALG_3DESCBC:\r
+ case IKE_EALG_AESCBC:\r
//\r
// TODO: support these algorithm\r
//\r
)\r
{\r
switch (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId) {\r
- case EFI_IPSEC_EALG_NULL:\r
+ case IKE_EALG_NULL:\r
return EFI_SUCCESS;\r
\r
- case EFI_IPSEC_EALG_3DESCBC:\r
- case EFI_IPSEC_EALG_AESCBC:\r
+ case IKE_EALG_3DESCBC:\r
+ case IKE_EALG_AESCBC:\r
//\r
// TODO: support these algorithms\r
//\r
to be trimed on input, and without ESP header\r
on return.\r
@param[out] LastHead The Last Header in IP header on return.\r
- @param[in] OptionsBuffer Pointer to the options buffer. It is optional.\r
- @param[in] OptionsLength Length of the options buffer. It is optional.\r
+ @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.\r
+ @param[in, out] OptionsLength Length of the options buffer. It is optional.\r
@param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec\r
protected on input, and without IPsec protected\r
on return.\r
- @param[in] FragmentCount The number of fragments.\r
+ @param[in, out] FragmentCount The number of fragments.\r
@param[out] SpdEntry Pointer to contain the address of SPD entry on return.\r
@param[out] RecycleEvent The event for recycling of resources.\r
\r
IN UINT8 IpVersion,\r
IN OUT VOID *IpHead,\r
OUT UINT8 *LastHead,\r
- IN VOID *OptionsBuffer, OPTIONAL\r
- IN UINT32 OptionsLength, OPTIONAL\r
+ IN OUT VOID **OptionsBuffer, OPTIONAL\r
+ IN OUT UINT32 *OptionsLength, OPTIONAL\r
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,\r
- IN UINT32 *FragmentCount,\r
+ IN OUT UINT32 *FragmentCount,\r
OUT IPSEC_SPD_ENTRY **SpdEntry,\r
OUT EFI_EVENT *RecycleEvent\r
)\r
@param[in, out] IpHead Points to IP header containing the orginal IP header\r
to be processed on input, and inserted ESP header\r
on return.\r
- @param[in] LastHead The Last Header in IP header.\r
- @param[in] OptionsBuffer Pointer to the options buffer. It is optional.\r
- @param[in] OptionsLength Length of the options buffer. It is optional.\r
+ @param[in, out] LastHead The Last Header in IP header.\r
+ @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.\r
+ @param[in, out] OptionsLength Length of the options buffer. It is optional.\r
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by\r
IPsec on input, and with IPsec protected\r
on return.\r
- @param[in] FragmentCount The number of fragments.\r
+ @param[in, out] FragmentCount The number of fragments.\r
@param[in] SadEntry The related SAD entry.\r
@param[out] RecycleEvent The event for recycling of resources.\r
\r
IpSecEspOutboundPacket (\r
IN UINT8 IpVersion,\r
IN OUT VOID *IpHead,\r
- IN UINT8 *LastHead,\r
- IN VOID *OptionsBuffer, OPTIONAL\r
- IN UINT32 OptionsLength, OPTIONAL\r
+ IN OUT UINT8 *LastHead,\r
+ IN OUT VOID **OptionsBuffer, OPTIONAL\r
+ IN OUT UINT32 *OptionsLength, OPTIONAL\r
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,\r
- IN UINT32 *FragmentCount,\r
+ IN OUT UINT32 *FragmentCount,\r
IN IPSEC_SAD_ENTRY *SadEntry,\r
OUT EFI_EVENT *RecycleEvent\r
)\r
@param[in, out] IpHead Points to IP header containing the ESP/AH header\r
to be trimed on input, and without ESP/AH header\r
on return.\r
- @param[in] LastHead The Last Header in IP header on return.\r
- @param[in] OptionsBuffer Pointer to the options buffer. It is optional.\r
- @param[in] OptionsLength Length of the options buffer. It is optional.\r
- @param[in, out] FragmentTable Pointer to a list of fragments in form of IPsec\r
+ @param[out] LastHead The Last Header in IP header on return.\r
+ @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.\r
+ @param[in, out] OptionsLength Length of the options buffer. It is optional.\r
+ @param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec\r
protected on input, and without IPsec protected\r
on return.\r
- @param[in] FragmentCount The number of fragments.\r
+ @param[in, out] FragmentCount Number of fragments.\r
@param[out] SpdEntry Pointer to contain the address of SPD entry on return.\r
- @param[out] RecycleEvent The event for recycling of resources.\r
+ @param[out] RecycleEvent Event for recycling of resources.\r
\r
- @retval EFI_SUCCESS The operation was successful.\r
- @retval EFI_UNSUPPORTED The IPSEC protocol is not supported.\r
+ @retval EFI_SUCCESS The operation is successful.\r
+ @retval EFI_UNSUPPORTED If the IPSEC protocol is not supported.\r
\r
**/\r
EFI_STATUS\r
IpSecProtectInboundPacket (\r
IN UINT8 IpVersion,\r
IN OUT VOID *IpHead,\r
- IN UINT8 *LastHead,\r
- IN VOID *OptionsBuffer, OPTIONAL\r
- IN UINT32 OptionsLength, OPTIONAL\r
+ OUT UINT8 *LastHead,\r
+ IN OUT VOID **OptionsBuffer, OPTIONAL\r
+ IN OUT UINT32 *OptionsLength, OPTIONAL\r
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,\r
- IN UINT32 *FragmentCount,\r
+ IN OUT UINT32 *FragmentCount,\r
OUT IPSEC_SPD_ENTRY **SpdEntry,\r
OUT EFI_EVENT *RecycleEvent\r
)\r
}\r
\r
/**\r
- This function processes the output traffic with IPsec.\r
+ This fucntion processes the output traffic with IPsec.\r
\r
It protected the sending packet by encrypting it payload and inserting ESP/AH header\r
- in the orginal IP header, then returns the IpHeader and IPsec protected Fragmentable.\r
+ in the orginal IP header, then return the IpHeader and IPsec protected Fragmentable.\r
\r
@param[in] IpVersion The version of IP.\r
- @param[in, out] IpHead Points to IP header containing the orginal IP header\r
+ @param[in, out] IpHead Point to IP header containing the orginal IP header\r
to be processed on input, and inserted ESP/AH header\r
on return.\r
- @param[in] LastHead The Last Header in the IP header.\r
- @param[in] OptionsBuffer Pointer to the options buffer. It is optional.\r
- @param[in] OptionsLength Length of the options buffer. It is optional.\r
+ @param[in, out] LastHead The Last Header in IP header.\r
+ @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.\r
+ @param[in, out] OptionsLength Length of the options buffer. It is optional.\r
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by\r
IPsec on input, and with IPsec protected\r
on return.\r
- @param[in] FragmentCount The number of fragments.\r
- @param[in] SadEntry The related SAD entry.\r
- @param[out] RecycleEvent The event for recycling of resources.\r
+ @param[in, out] FragmentCount Number of fragments.\r
+ @param[in] SadEntry Related SAD entry.\r
+ @param[out] RecycleEvent Event for recycling of resources.\r
\r
- @retval EFI_SUCCESS The operation was successful.\r
+ @retval EFI_SUCCESS The operation is successful.\r
@retval EFI_UNSUPPORTED If the IPSEC protocol is not supported.\r
\r
**/\r
IpSecProtectOutboundPacket (\r
IN UINT8 IpVersion,\r
IN OUT VOID *IpHead,\r
- IN UINT8 *LastHead,\r
- IN VOID *OptionsBuffer, OPTIONAL\r
- IN UINT32 OptionsLength, OPTIONAL\r
+ IN OUT UINT8 *LastHead,\r
+ IN OUT VOID **OptionsBuffer, OPTIONAL\r
+ IN OUT UINT32 *OptionsLength, OPTIONAL\r
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,\r
- IN UINT32 *FragmentCount,\r
+ IN OUT UINT32 *FragmentCount,\r
IN IPSEC_SAD_ENTRY *SadEntry,\r
OUT EFI_EVENT *RecycleEvent\r
)\r