diff options
| author | Jiaxin Wu <jiaxin.wu@intel.com> | 2016-01-18 01:59:16 +0000 |
|---|---|---|
| committer | jiaxinwu <jiaxinwu@Edk2> | 2016-01-18 01:59:16 +0000 |
| commit | 4991eeffcd86e1dc0bf2b15655b986b932551854 (patch) | |
| tree | b08b3378d9d7c18cccea3a3527e152ef84b670ef /NetworkPkg/Application | |
| parent | 22061fab23a2bc9bf39cb3d1bd0ff0f1264d3859 (diff) | |
| download | edk2-4991eeffcd86e1dc0bf2b15655b986b932551854.tar.gz edk2-4991eeffcd86e1dc0bf2b15655b986b932551854.tar.bz2 edk2-4991eeffcd86e1dc0bf2b15655b986b932551854.zip | |
NetworkPkg: Fix IpSec SPD and SAD mapping issue when SPD is updated
The current implementation doesn't handle the relationship between
SPD and SAD well, which may introduce some security and connection
issue after SPD updated.
For SPD SetData policy:
A) When delete the existed SPD entry, its related SAs also should be
removed from its Sas list(SadEntry->BySpd). If the SA entry is
established by IKE, we can remove it from global SAD list(SadEntry->List)
and then free it directly since its SpdEntry will be freed later.
B) SPD SetData operation should do some setting date validity-check.
For example, whether the SaId specified by setting Data is valid. If
the setting date is invalid, EFI_INVALID_PARAMETER should be returned.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19652 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'NetworkPkg/Application')
0 files changed, 0 insertions, 0 deletions