summaryrefslogtreecommitdiffstats
path: root/MdePkg/Include/Protocol/IpSec.h
diff options
context:
space:
mode:
Diffstat (limited to 'MdePkg/Include/Protocol/IpSec.h')
-rw-r--r--MdePkg/Include/Protocol/IpSec.h178
1 files changed, 89 insertions, 89 deletions
diff --git a/MdePkg/Include/Protocol/IpSec.h b/MdePkg/Include/Protocol/IpSec.h
index 24147e262e..66e857c9d4 100644
--- a/MdePkg/Include/Protocol/IpSec.h
+++ b/MdePkg/Include/Protocol/IpSec.h
@@ -1,16 +1,16 @@
/** @file
EFI IPSEC Protocol Definition
The EFI_IPSEC_PROTOCOL is used to abstract the ability to deal with the individual
- packets sent and received by the host and provide packet-level security for IP
+ packets sent and received by the host and provide packet-level security for IP
datagram.
The EFI_IPSEC2_PROTOCOL is used to abstract the ability to deal with the individual
- packets sent and received by the host and provide packet-level security for IP
- datagram. In addition, it supports the Option (extension header) processing in
- IPsec which doesn't support in EFI_IPSEC_PROTOCOL. It is also recommended to
- use EFI_IPSEC2_PROTOCOL instead of EFI_IPSEC_PROTOCOL especially for IPsec Tunnel
+ packets sent and received by the host and provide packet-level security for IP
+ datagram. In addition, it supports the Option (extension header) processing in
+ IPsec which doesn't support in EFI_IPSEC_PROTOCOL. It is also recommended to
+ use EFI_IPSEC2_PROTOCOL instead of EFI_IPSEC_PROTOCOL especially for IPsec Tunnel
Mode.
- Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -19,7 +19,7 @@
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
- @par Revision Reference:
+ @par Revision Reference:
The EFI_IPSEC2_PROTOCOL is introduced in UEFI Specification 2.3D.
**/
@@ -43,34 +43,34 @@ typedef struct _EFI_IPSEC_PROTOCOL EFI_IPSEC_PROTOCOL;
typedef struct _EFI_IPSEC2_PROTOCOL EFI_IPSEC2_PROTOCOL;
///
-/// EFI_IPSEC_FRAGMENT_DATA
+/// EFI_IPSEC_FRAGMENT_DATA
/// defines the instances of packet fragments.
///
-typedef struct _EFI_IPSEC_FRAGMENT_DATA {
+typedef struct _EFI_IPSEC_FRAGMENT_DATA {
UINT32 FragmentLength;
VOID *FragmentBuffer;
-} EFI_IPSEC_FRAGMENT_DATA;
+} EFI_IPSEC_FRAGMENT_DATA;
/**
- Handles IPsec packet processing for inbound and outbound IP packets.
+ Handles IPsec packet processing for inbound and outbound IP packets.
The EFI_IPSEC_PROCESS process routine handles each inbound or outbound packet.
- The behavior is that it can perform one of the following actions:
- bypass the packet, discard the packet, or protect the packet.
+ The behavior is that it can perform one of the following actions:
+ bypass the packet, discard the packet, or protect the packet.
@param[in] This Pointer to the EFI_IPSEC_PROTOCOL instance.
@param[in] NicHandle Instance of the network interface.
@param[in] IpVer IPV4 or IPV6.
@param[in, out] IpHead Pointer to the IP Header.
@param[in] LastHead The protocol of the next layer to be processed by IPsec.
- @param[in] OptionsBuffer Pointer to the options buffer.
+ @param[in] OptionsBuffer Pointer to the options buffer.
@param[in] OptionsLength Length of the options buffer.
- @param[in, out] FragmentTable Pointer to a list of fragments.
+ @param[in, out] FragmentTable Pointer to a list of fragments.
@param[in] FragmentCount Number of fragments.
@param[in] TrafficDirection Traffic direction.
@param[out] RecycleSignal Event for recycling of resources.
-
+
@retval EFI_SUCCESS The packet was bypassed and all buffers remain the same.
@retval EFI_SUCCESS The packet was protected.
@retval EFI_ACCESS_DENIED The packet was discarded.
@@ -93,9 +93,9 @@ EFI_STATUS
);
///
-/// EFI_IPSEC_PROTOCOL
+/// EFI_IPSEC_PROTOCOL
/// provides the ability for securing IP communications by authenticating
-/// and/or encrypting each IP packet in a data stream.
+/// and/or encrypting each IP packet in a data stream.
// EFI_IPSEC_PROTOCOL can be consumed by both the IPv4 and IPv6 stack.
// A user can employ this protocol for IPsec package handling in both IPv4
// and IPv6 environment.
@@ -107,72 +107,72 @@ struct _EFI_IPSEC_PROTOCOL {
};
/**
- Handles IPsec processing for both inbound and outbound IP packets. Compare with
- Process() in EFI_IPSEC_PROTOCOL, this interface has the capability to process
- Option(Extension Header).
+ Handles IPsec processing for both inbound and outbound IP packets. Compare with
+ Process() in EFI_IPSEC_PROTOCOL, this interface has the capability to process
+ Option(Extension Header).
The EFI_IPSEC2_PROCESS process routine handles each inbound or outbound packet.
- The behavior is that it can perform one of the following actions:
- bypass the packet, discard the packet, or protect the packet.
+ The behavior is that it can perform one of the following actions:
+ bypass the packet, discard the packet, or protect the packet.
@param[in] This Pointer to the EFI_IPSEC2_PROTOCOL instance.
- @param[in] NicHandle Instance of the network interface.
+ @param[in] NicHandle Instance of the network interface.
@param[in] IpVer IP version.IPv4 or IPv6.
- @param[in, out] IpHead Pointer to the IP Header it is either
+ @param[in, out] IpHead Pointer to the IP Header it is either
the EFI_IP4_HEADER or EFI_IP6_HEADER.
- On input, it contains the IP header.
- On output, 1) in tunnel mode and the
- traffic direction is inbound, the buffer
- will be reset to zero by IPsec; 2) in
- tunnel mode and the traffic direction
- is outbound, the buffer will reset to
- be the tunnel IP header.3) in transport
- mode, the related fielders (like payload
- length, Next header) in IP header will
+ On input, it contains the IP header.
+ On output, 1) in tunnel mode and the
+ traffic direction is inbound, the buffer
+ will be reset to zero by IPsec; 2) in
+ tunnel mode and the traffic direction
+ is outbound, the buffer will reset to
+ be the tunnel IP header.3) in transport
+ mode, the related fielders (like payload
+ length, Next header) in IP header will
be modified according to the condition.
@param[in, out] LastHead For IP4, it is the next protocol in IP
- header. For IP6 it is the Next Header
+ header. For IP6 it is the Next Header
of the last extension header.
- @param[in, out] OptionsBuffer On input, it contains the options
- (extensions header) to be processed by
+ @param[in, out] OptionsBuffer On input, it contains the options
+ (extensions header) to be processed by
IPsec. On output, 1) in tunnel mode and
- the traffic direction is outbound, it
- will be set to NULL, and that means this
- contents was wrapped after inner header
- and should not be concatenated after
- tunnel header again; 2) in transport
- mode and the traffic direction is inbound,
- if there are IP options (extension headers)
- protected by IPsec, IPsec will concatenate
- the those options after the input options
- (extension headers); 3) on other situations,
- the output of contents of OptionsBuffer
- might be same with input's. The caller
- should take the responsibility to free
+ the traffic direction is outbound, it
+ will be set to NULL, and that means this
+ contents was wrapped after inner header
+ and should not be concatenated after
+ tunnel header again; 2) in transport
+ mode and the traffic direction is inbound,
+ if there are IP options (extension headers)
+ protected by IPsec, IPsec will concatenate
+ the those options after the input options
+ (extension headers); 3) on other situations,
+ the output of contents of OptionsBuffer
+ might be same with input's. The caller
+ should take the responsibility to free
the buffer both on input and on output.
- @param[in, out] OptionsLength On input, the input length of the options
- buffer. On output, the output length of
+ @param[in, out] OptionsLength On input, the input length of the options
+ buffer. On output, the output length of
the options buffer.
- @param[in, out] FragmentTable Pointer to a list of fragments. On input,
- these fragments contain the IP payload.
- On output, 1) in tunnel mode and the traffic
- direction is inbound, the fragments contain
- the whole IP payload which is from the
- IP inner header to the last byte of the
- packet; 2) in tunnel mode and the traffic
- direction is the outbound, the fragments
- contains the whole encapsulated payload
- which encapsulates the whole IP payload
- between the encapsulated header and
- encapsulated trailer fields. 3) in transport
- mode and the traffic direction is inbound,
- the fragments contains the IP payload
- which is from the next layer protocol to
- the last byte of the packet; 4) in transport
- mode and the traffic direction is outbound,
- the fragments contains the whole encapsulated
- payload which encapsulates the next layer
- protocol information between the encapsulated
+ @param[in, out] FragmentTable Pointer to a list of fragments. On input,
+ these fragments contain the IP payload.
+ On output, 1) in tunnel mode and the traffic
+ direction is inbound, the fragments contain
+ the whole IP payload which is from the
+ IP inner header to the last byte of the
+ packet; 2) in tunnel mode and the traffic
+ direction is the outbound, the fragments
+ contains the whole encapsulated payload
+ which encapsulates the whole IP payload
+ between the encapsulated header and
+ encapsulated trailer fields. 3) in transport
+ mode and the traffic direction is inbound,
+ the fragments contains the IP payload
+ which is from the next layer protocol to
+ the last byte of the packet; 4) in transport
+ mode and the traffic direction is outbound,
+ the fragments contains the whole encapsulated
+ payload which encapsulates the next layer
+ protocol information between the encapsulated
header and encapsulated trailer fields.
@param[in, out] FragmentCount Number of fragments.
@param[in] TrafficDirection Traffic direction.
@@ -180,7 +180,7 @@ struct _EFI_IPSEC_PROTOCOL {
@retval EFI_SUCCESS The packet was processed by IPsec successfully.
@retval EFI_ACCESS_DENIED The packet was discarded.
- @retval EFI_NOT_READY The IKE negotiation is invoked and the packet
+ @retval EFI_NOT_READY The IKE negotiation is invoked and the packet
was discarded.
@retval EFI_INVALID_PARAMETER One or more of following are TRUE:
If OptionsBuffer is NULL;
@@ -189,23 +189,23 @@ struct _EFI_IPSEC_PROTOCOL {
If FragmentCount is NULL.
**/
-typedef
+typedef
EFI_STATUS
-(EFIAPI *EFI_IPSEC_PROCESSEXT) (
- IN EFI_IPSEC2_PROTOCOL *This,
- IN EFI_HANDLE NicHandle,
- IN UINT8 IpVer,
- IN OUT VOID *IpHead,
- IN OUT UINT8 *LastHead,
- IN OUT VOID **OptionsBuffer,
- IN OUT UINT32 *OptionsLength,
- IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
- IN OUT UINT32 *FragmentCount,
- IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection,
+(EFIAPI *EFI_IPSEC_PROCESSEXT) (
+ IN EFI_IPSEC2_PROTOCOL *This,
+ IN EFI_HANDLE NicHandle,
+ IN UINT8 IpVer,
+ IN OUT VOID *IpHead,
+ IN OUT UINT8 *LastHead,
+ IN OUT VOID **OptionsBuffer,
+ IN OUT UINT32 *OptionsLength,
+ IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
+ IN OUT UINT32 *FragmentCount,
+ IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection,
OUT EFI_EVENT *RecycleSignal
);
-///
+///
/// EFI_IPSEC2_PROTOCOL
/// supports the Option (extension header) processing in IPsec which doesn't support
/// in EFI_IPSEC_PROTOCOL. It is also recommended to use EFI_IPSEC2_PROTOCOL instead
@@ -213,10 +213,10 @@ EFI_STATUS
/// provides the ability for securing IP communications by authenticating and/or
/// encrypting each IP packet in a data stream.
///
-struct _EFI_IPSEC2_PROTOCOL {
+struct _EFI_IPSEC2_PROTOCOL {
EFI_IPSEC_PROCESSEXT ProcessExt;
-EFI_EVENT DisabledEvent;
-BOOLEAN DisabledFlag;
+EFI_EVENT DisabledEvent;
+BOOLEAN DisabledFlag;
};
extern EFI_GUID gEfiIpSecProtocolGuid;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-11 22:36:39 +0000