MdePkg/Include/Protocol/IpSec.h File Reference


Data Structures

struct  _EFI_IPSEC_FRAGMENT_DATA
struct  _EFI_IPSEC_PROTOCOL
struct  _EFI_IPSEC2_PROTOCOL

Defines

#define EFI_IPSEC_PROTOCOL_GUID
#define EFI_IPSEC2_PROTOCOL_GUID

Typedefs

typedef struct _EFI_IPSEC_PROTOCOL EFI_IPSEC_PROTOCOL
typedef struct _EFI_IPSEC2_PROTOCOL EFI_IPSEC2_PROTOCOL
typedef struct
_EFI_IPSEC_FRAGMENT_DATA 
EFI_IPSEC_FRAGMENT_DATA
typedef EFI_STATUS(EFIAPI * EFI_IPSEC_PROCESS )(IN EFI_IPSEC_PROTOCOL *This, IN EFI_HANDLE NicHandle, IN UINT8 IpVer, IN OUT VOID *IpHead, IN UINT8 *LastHead, IN VOID *OptionsBuffer, IN UINT32 OptionsLength, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, IN UINT32 *FragmentCount, IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection, OUT EFI_EVENT *RecycleSignal)
typedef IN EFI_HANDLE NicHandle
typedef IN EFI_HANDLE IN UINT8 IpVer
typedef IN EFI_HANDLE IN UINT8
IN OUT VOID * 
IpHead
typedef IN EFI_HANDLE IN UINT8
IN OUT VOID IN OUT UINT8
LastHead
typedef IN EFI_HANDLE IN UINT8
IN OUT VOID IN OUT UINT8 IN
OUT VOID ** 
OptionsBuffer
typedef IN EFI_HANDLE IN UINT8
IN OUT VOID IN OUT UINT8 IN
OUT VOID IN OUT UINT32
OptionsLength
typedef IN EFI_HANDLE IN UINT8
IN OUT VOID IN OUT UINT8 IN
OUT VOID IN OUT UINT32 IN OUT
EFI_IPSEC_FRAGMENT_DATA ** 
FragmentTable
typedef IN EFI_HANDLE IN UINT8
IN OUT VOID IN OUT UINT8 IN
OUT VOID IN OUT UINT32 IN OUT
EFI_IPSEC_FRAGMENT_DATA IN OUT
UINT32
FragmentCount
typedef IN EFI_HANDLE IN UINT8
IN OUT VOID IN OUT UINT8 IN
OUT VOID IN OUT UINT32 IN OUT
EFI_IPSEC_FRAGMENT_DATA IN OUT
UINT32 IN
EFI_IPSEC_TRAFFIC_DIR 
TrafficDirection
typedef IN EFI_HANDLE IN UINT8
IN OUT VOID IN OUT UINT8 IN
OUT VOID IN OUT UINT32 IN OUT
EFI_IPSEC_FRAGMENT_DATA IN OUT
UINT32 IN
EFI_IPSEC_TRAFFIC_DIR OUT
EFI_EVENT
RecycleSignal

Functions

typedef EFI_STATUS (EFIAPI *EFI_IPSEC_PROCESSEXT)(IN EFI_IPSEC2_PROTOCOL *This

Variables

EFI_GUID gEfiIpSecProtocolGuid
EFI_GUID gEfiIpSec2ProtocolGuid

Detailed Description

EFI IPSEC Protocol Definition The EFI_IPSEC_PROTOCOL is used to abstract the ability to deal with the individual packets sent and received by the host and provide packet-level security for IP datagram. The EFI_IPSEC2_PROTOCOL is used to abstract the ability to deal with the individual packets sent and received by the host and provide packet-level security for IP datagram. In addition, it supports the Option (extension header) processing in IPsec which doesn't support in EFI_IPSEC_PROTOCOL. It is also recommended to use EFI_IPSEC2_PROTOCOL instead of EFI_IPSEC_PROTOCOL especially for IPsec Tunnel Mode.

Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

Revision Reference:
The EFI_IPSEC2_PROTOCOL is introduced in UEFI Specification 2.3D.

Define Documentation

#define EFI_IPSEC2_PROTOCOL_GUID

Value:

{ \
    0xa3979e64, 0xace8, 0x4ddc, {0xbc, 0x7, 0x4d, 0x66, 0xb8, 0xfd, 0x9, 0x77 } \
  }

#define EFI_IPSEC_PROTOCOL_GUID

Value:

{ \
    0xdfb386f7, 0xe100, 0x43ad, {0x9c, 0x9a, 0xed, 0x90, 0xd0, 0x8a, 0x5e, 0x12 } \
  }


Typedef Documentation

EFI_IPSEC_FRAGMENT_DATA defines the instances of packet fragments.

Handles IPsec packet processing for inbound and outbound IP packets.

The EFI_IPSEC_PROCESS process routine handles each inbound or outbound packet. The behavior is that it can perform one of the following actions: bypass the packet, discard the packet, or protect the packet.

Parameters:
[in] This Pointer to the EFI_IPSEC_PROTOCOL instance.
[in] NicHandle Instance of the network interface.
[in] IpVer IPV4 or IPV6.
[in,out] IpHead Pointer to the IP Header.
[in] LastHead The protocol of the next layer to be processed by IPsec.
[in] OptionsBuffer Pointer to the options buffer.
[in] OptionsLength Length of the options buffer.
[in,out] FragmentTable Pointer to a list of fragments.
[in] FragmentCount Number of fragments.
[in] TrafficDirection Traffic direction.
[out] RecycleSignal Event for recycling of resources.
Return values:
EFI_SUCCESS The packet was bypassed and all buffers remain the same.
EFI_SUCCESS The packet was protected.
EFI_ACCESS_DENIED The packet was discarded.

typedef IN EFI_HANDLE IN UINT8 IN OUT VOID IN OUT UINT8 IN OUT VOID IN OUT UINT32 IN OUT EFI_IPSEC_FRAGMENT_DATA IN OUT UINT32* FragmentCount

typedef IN EFI_HANDLE IN UINT8 IN OUT VOID IN OUT UINT8 IN OUT VOID IN OUT UINT32 IN OUT EFI_IPSEC_FRAGMENT_DATA** FragmentTable

typedef IN EFI_HANDLE IN UINT8 IN OUT VOID* IpHead

typedef IN EFI_HANDLE IN UINT8 IpVer

typedef IN EFI_HANDLE IN UINT8 IN OUT VOID IN OUT UINT8* LastHead

typedef IN EFI_HANDLE NicHandle

typedef IN EFI_HANDLE IN UINT8 IN OUT VOID IN OUT UINT8 IN OUT VOID** OptionsBuffer

typedef IN EFI_HANDLE IN UINT8 IN OUT VOID IN OUT UINT8 IN OUT VOID IN OUT UINT32* OptionsLength

typedef IN EFI_HANDLE IN UINT8 IN OUT VOID IN OUT UINT8 IN OUT VOID IN OUT UINT32 IN OUT EFI_IPSEC_FRAGMENT_DATA IN OUT UINT32 IN EFI_IPSEC_TRAFFIC_DIR OUT EFI_EVENT* RecycleSignal

typedef IN EFI_HANDLE IN UINT8 IN OUT VOID IN OUT UINT8 IN OUT VOID IN OUT UINT32 IN OUT EFI_IPSEC_FRAGMENT_DATA IN OUT UINT32 IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection


Function Documentation

typedef EFI_STATUS ( EFIAPI *  EFI_IPSEC_PROCESSEXT  ) 

Handles IPsec processing for both inbound and outbound IP packets. Compare with Process() in EFI_IPSEC_PROTOCOL, this interface has the capability to process Option(Extension Header).

The EFI_IPSEC2_PROCESS process routine handles each inbound or outbound packet. The behavior is that it can perform one of the following actions: bypass the packet, discard the packet, or protect the packet.

Parameters:
[in] This Pointer to the EFI_IPSEC2_PROTOCOL instance.
[in] NicHandle Instance of the network interface.
[in] IpVer IP version.IPv4 or IPv6.
[in,out] IpHead Pointer to the IP Header it is either the EFI_IP4_HEADER or EFI_IP6_HEADER. On input, it contains the IP header. On output, 1) in tunnel mode and the traffic direction is inbound, the buffer will be reset to zero by IPsec; 2) in tunnel mode and the traffic direction is outbound, the buffer will reset to be the tunnel IP header.3) in transport mode, the related fielders (like payload length, Next header) in IP header will be modified according to the condition.
[in,out] LastHead For IP4, it is the next protocol in IP header. For IP6 it is the Next Header of the last extension header.
[in,out] OptionsBuffer On input, it contains the options (extensions header) to be processed by IPsec. On output, 1) in tunnel mode and the traffic direction is outbound, it will be set to NULL, and that means this contents was wrapped after inner header and should not be concatenated after tunnel header again; 2) in transport mode and the traffic direction is inbound, if there are IP options (extension headers) protected by IPsec, IPsec will concatenate the those options after the input options (extension headers); 3) on other situations, the output of contents of OptionsBuffer might be same with input's. The caller should take the responsibility to free the buffer both on input and on output.
[in,out] OptionsLength On input, the input length of the options buffer. On output, the output length of the options buffer.
[in,out] FragmentTable Pointer to a list of fragments. On input, these fragments contain the IP payload. On output, 1) in tunnel mode and the traffic direction is inbound, the fragments contain the whole IP payload which is from the IP inner header to the last byte of the packet; 2) in tunnel mode and the traffic direction is the outbound, the fragments contains the whole encapsulated payload which encapsulates the whole IP payload between the encapsulated header and encapsulated trailer fields. 3) in transport mode and the traffic direction is inbound, the fragments contains the IP payload which is from the next layer protocol to the last byte of the packet; 4) in transport mode and the traffic direction is outbound, the fragments contains the whole encapsulated payload which encapsulates the next layer protocol information between the encapsulated header and encapsulated trailer fields.
[in,out] FragmentCount Number of fragments.
[in] TrafficDirection Traffic direction.
[out] RecycleSignal Event for recycling of resources.
Return values:
EFI_SUCCESS The packet was processed by IPsec successfully.
EFI_ACCESS_DENIED The packet was discarded.
EFI_NOT_READY The IKE negotiation is invoked and the packet was discarded.
EFI_INVALID_PARAMETER One or more of following are TRUE: If OptionsBuffer is NULL; If OptionsLength is NULL; If FragmentTable is NULL; If FragmentCount is NULL.


Variable Documentation


Generated on Wed Sep 23 16:24:23 2015 for MdePkg[ALL] by  doxygen 1.5.7.1