1 /** @file
2   IP6 internal functions to process the incoming packets.
3 
4   Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
5   (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
6 
7   This program and the accompanying materials
8   are licensed and made available under the terms and conditions of the BSD License
9   which accompanies this distribution.  The full text of the license may be found at
10   http://opensource.org/licenses/bsd-license.php.
11 
12   THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
13   WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
14 
15 **/
16 
17 #include "Ip6Impl.h"
18 
19 /**
20   Create an empty assemble entry for the packet identified by
21   (Dst, Src, Id). The default life for the packet is 60 seconds.
22 
23   @param[in]  Dst                    The destination address.
24   @param[in]  Src                    The source address.
25   @param[in]  Id                     The ID field in the IP header.
26 
27   @return NULL if failed to allocate memory for the entry. Otherwise,
28           the pointer to the just created reassemble entry.
29 
30 **/
31 IP6_ASSEMBLE_ENTRY *
Ip6CreateAssembleEntry(IN EFI_IPv6_ADDRESS * Dst,IN EFI_IPv6_ADDRESS * Src,IN UINT32 Id)32 Ip6CreateAssembleEntry (
33   IN EFI_IPv6_ADDRESS       *Dst,
34   IN EFI_IPv6_ADDRESS       *Src,
35   IN UINT32                 Id
36   )
37 {
38   IP6_ASSEMBLE_ENTRY        *Assemble;
39 
40   Assemble = AllocatePool (sizeof (IP6_ASSEMBLE_ENTRY));
41   if (Assemble == NULL) {
42     return NULL;
43   }
44 
45   IP6_COPY_ADDRESS (&Assemble->Dst, Dst);
46   IP6_COPY_ADDRESS (&Assemble->Src, Src);
47   InitializeListHead (&Assemble->Fragments);
48 
49   Assemble->Id       = Id;
50   Assemble->Life     = IP6_FRAGMENT_LIFE + 1;
51 
52   Assemble->TotalLen = 0;
53   Assemble->CurLen   = 0;
54   Assemble->Head     = NULL;
55   Assemble->Info     = NULL;
56   Assemble->Packet   = NULL;
57 
58   return Assemble;
59 }
60 
61 /**
62   Release all the fragments of a packet, then free the assemble entry.
63 
64   @param[in]  Assemble               The assemble entry to free.
65 
66 **/
67 VOID
Ip6FreeAssembleEntry(IN IP6_ASSEMBLE_ENTRY * Assemble)68 Ip6FreeAssembleEntry (
69   IN IP6_ASSEMBLE_ENTRY     *Assemble
70   )
71 {
72   LIST_ENTRY                *Entry;
73   LIST_ENTRY                *Next;
74   NET_BUF                   *Fragment;
75 
76   NET_LIST_FOR_EACH_SAFE (Entry, Next, &Assemble->Fragments) {
77     Fragment = NET_LIST_USER_STRUCT (Entry, NET_BUF, List);
78 
79     RemoveEntryList (Entry);
80     NetbufFree (Fragment);
81   }
82 
83   if (Assemble->Packet != NULL) {
84     NetbufFree (Assemble->Packet);
85   }
86 
87   FreePool (Assemble);
88 }
89 
90 /**
91   Release all the fragments of the packet. This is the callback for
92   the assembled packet's OnFree. It will free the assemble entry,
93   which in turn frees all the fragments of the packet.
94 
95   @param[in]  Arg                    The assemble entry to free.
96 
97 **/
98 VOID
99 EFIAPI
Ip6OnFreeFragments(IN VOID * Arg)100 Ip6OnFreeFragments (
101   IN VOID                   *Arg
102   )
103 {
104   Ip6FreeAssembleEntry ((IP6_ASSEMBLE_ENTRY *) Arg);
105 }
106 
107 /**
108   Trim the packet to fit in [Start, End), and update per the
109   packet information.
110 
111   @param[in, out]  Packet   Packet to trim.
112   @param[in]       Start    The sequence of the first byte to fit in.
113   @param[in]       End      One beyond the sequence of last byte to fit in.
114 
115 **/
116 VOID
Ip6TrimPacket(IN OUT NET_BUF * Packet,IN INTN Start,IN INTN End)117 Ip6TrimPacket (
118   IN OUT NET_BUF            *Packet,
119   IN INTN                   Start,
120   IN INTN                   End
121   )
122 {
123   IP6_CLIP_INFO             *Info;
124   INTN                      Len;
125 
126   Info = IP6_GET_CLIP_INFO (Packet);
127 
128   ASSERT (Info->Start + Info->Length == Info->End);
129   ASSERT ((Info->Start < End) && (Start < Info->End));
130 
131    if (Info->Start < Start) {
132     Len = Start - Info->Start;
133 
134     NetbufTrim (Packet, (UINT32) Len, NET_BUF_HEAD);
135     Info->Start   = (UINT32) Start;
136     Info->Length -= (UINT32) Len;
137   }
138 
139   if (End < Info->End) {
140     Len = End - Info->End;
141 
142     NetbufTrim (Packet, (UINT32) Len, NET_BUF_TAIL);
143     Info->End     = (UINT32) End;
144     Info->Length -= (UINT32) Len;
145   }
146 }
147 
148 /**
149   Reassemble the IP fragments. If all the fragments of the packet
150   have been received, it will wrap the packet in a net buffer then
151   return it to caller. If the packet can't be assembled, NULL is
152   returned.
153 
154   @param[in, out] Table  The assemble table used. A new assemble entry will be created
155                          if the Packet is from a new chain of fragments.
156   @param[in]      Packet The fragment to assemble. It might be freed if the fragment
157                          can't be re-assembled.
158 
159   @return NULL if the packet can't be reassembled. The pointer to the just assembled
160           packet if all the fragments of the packet have arrived.
161 
162 **/
163 NET_BUF *
Ip6Reassemble(IN OUT IP6_ASSEMBLE_TABLE * Table,IN NET_BUF * Packet)164 Ip6Reassemble (
165   IN OUT IP6_ASSEMBLE_TABLE *Table,
166   IN NET_BUF                *Packet
167   )
168 {
169   EFI_IP6_HEADER            *Head;
170   IP6_CLIP_INFO             *This;
171   IP6_CLIP_INFO             *Node;
172   IP6_ASSEMBLE_ENTRY        *Assemble;
173   IP6_ASSEMBLE_ENTRY        *Entry;
174   LIST_ENTRY                *ListHead;
175   LIST_ENTRY                *Prev;
176   LIST_ENTRY                *Cur;
177   NET_BUF                   *Fragment;
178   NET_BUF                   *TmpPacket;
179   NET_BUF                   *NewPacket;
180   NET_BUF                   *Duplicate;
181   UINT8                     *DupHead;
182   INTN                      Index;
183   UINT16                    UnFragmentLen;
184   UINT8                     *NextHeader;
185 
186   Head = Packet->Ip.Ip6;
187   This = IP6_GET_CLIP_INFO (Packet);
188 
189   ASSERT (Head != NULL);
190 
191   //
192   // Find the corresponding assemble entry by (Dst, Src, Id)
193   //
194   Assemble  = NULL;
195   Index     = IP6_ASSEMBLE_HASH (&Head->DestinationAddress, &Head->SourceAddress, This->Id);
196 
197   NET_LIST_FOR_EACH (Cur, &Table->Bucket[Index]) {
198     Entry = NET_LIST_USER_STRUCT (Cur, IP6_ASSEMBLE_ENTRY, Link);
199 
200     if (Entry->Id == This->Id &&
201         EFI_IP6_EQUAL (&Entry->Src, &Head->SourceAddress) &&
202         EFI_IP6_EQUAL (&Entry->Dst, &Head->DestinationAddress)
203           ) {
204       Assemble = Entry;
205       break;
206     }
207   }
208 
209   //
210   // Create a new entry if can not find an existing one, insert it to assemble table
211   //
212   if (Assemble == NULL) {
213     Assemble = Ip6CreateAssembleEntry (
214                  &Head->DestinationAddress,
215                  &Head->SourceAddress,
216                  This->Id
217                  );
218 
219     if (Assemble == NULL) {
220       goto Error;
221     }
222 
223     InsertHeadList (&Table->Bucket[Index], &Assemble->Link);
224   }
225 
226   //
227   // Find the point to insert the packet: before the first
228   // fragment with THIS.Start < CUR.Start. the previous one
229   // has PREV.Start <= THIS.Start < CUR.Start.
230   //
231   ListHead = &Assemble->Fragments;
232 
233   NET_LIST_FOR_EACH (Cur, ListHead) {
234     Fragment = NET_LIST_USER_STRUCT (Cur, NET_BUF, List);
235 
236     if (This->Start < IP6_GET_CLIP_INFO (Fragment)->Start) {
237       break;
238     }
239   }
240 
241   //
242   // Check whether the current fragment overlaps with the previous one.
243   // It holds that: PREV.Start <= THIS.Start < THIS.End. Only need to
244   // check whether THIS.Start < PREV.End for overlap. If two fragments
245   // overlaps, trim the overlapped part off THIS fragment.
246   //
247   if ((Prev = Cur->BackLink) != ListHead) {
248     Fragment  = NET_LIST_USER_STRUCT (Prev, NET_BUF, List);
249     Node      = IP6_GET_CLIP_INFO (Fragment);
250 
251     if (This->Start < Node->End) {
252       if (This->End <= Node->End) {
253         goto Error;
254       }
255 
256       //
257       // Trim the previous fragment from tail.
258       //
259       Ip6TrimPacket (Fragment, Node->Start, This->Start);
260     }
261   }
262 
263   //
264   // Insert the fragment into the packet. The fragment may be removed
265   // from the list by the following checks.
266   //
267   NetListInsertBefore (Cur, &Packet->List);
268 
269   //
270   // Check the packets after the insert point. It holds that:
271   // THIS.Start <= NODE.Start < NODE.End. The equality holds
272   // if PREV and NEXT are continuous. THIS fragment may fill
273   // several holes. Remove the completely overlapped fragments
274   //
275   while (Cur != ListHead) {
276     Fragment = NET_LIST_USER_STRUCT (Cur, NET_BUF, List);
277     Node     = IP6_GET_CLIP_INFO (Fragment);
278 
279     //
280     // Remove fragments completely overlapped by this fragment
281     //
282     if (Node->End <= This->End) {
283       Cur = Cur->ForwardLink;
284 
285       RemoveEntryList (&Fragment->List);
286       Assemble->CurLen -= Node->Length;
287 
288       NetbufFree (Fragment);
289       continue;
290     }
291 
292     //
293     // The conditions are: THIS.Start <= NODE.Start, and THIS.End <
294     // NODE.End. Two fragments overlaps if NODE.Start < THIS.End.
295     // If two fragments start at the same offset, remove THIS fragment
296     // because ((THIS.Start == NODE.Start) && (THIS.End < NODE.End)).
297     //
298     if (Node->Start < This->End) {
299       if (This->Start == Node->Start) {
300         RemoveEntryList (&Packet->List);
301         goto Error;
302       }
303 
304       Ip6TrimPacket (Packet, This->Start, Node->Start);
305     }
306 
307     break;
308   }
309 
310   //
311   // Update the assemble info: increase the current length. If it is
312   // the frist fragment, update the packet's IP head and per packet
313   // info. If it is the last fragment, update the total length.
314   //
315   Assemble->CurLen += This->Length;
316 
317   if (This->Start == 0) {
318     //
319     // Once the first fragment is enqueued, it can't be removed
320     // from the fragment list. So, Assemble->Head always point
321     // to valid memory area.
322     //
323     if ((Assemble->Head != NULL) || (Assemble->Packet != NULL)) {
324       goto Error;
325     }
326 
327     //
328     // Backup the first fragment in case the reasembly of that packet fail.
329     //
330     Duplicate = NetbufDuplicate (Packet, NULL, sizeof (EFI_IP6_HEADER));
331     if (Duplicate == NULL) {
332       goto Error;
333     }
334 
335     //
336     // Revert IP head to network order.
337     //
338     DupHead = NetbufGetByte (Duplicate, 0, NULL);
339     ASSERT (DupHead != NULL);
340     Duplicate->Ip.Ip6 = Ip6NtohHead ((EFI_IP6_HEADER *) DupHead);
341     Assemble->Packet  = Duplicate;
342 
343     //
344     // Adjust the unfragmentable part in first fragment
345     //
346     UnFragmentLen = (UINT16) (This->HeadLen - sizeof (EFI_IP6_HEADER));
347     if (UnFragmentLen == 0) {
348       //
349       // There is not any unfragmentable extension header.
350       //
351       ASSERT (Head->NextHeader == IP6_FRAGMENT);
352       Head->NextHeader = This->NextHeader;
353     } else {
354       NextHeader = NetbufGetByte (
355                      Packet,
356                      This->FormerNextHeader + sizeof (EFI_IP6_HEADER),
357                      0
358                      );
359       if (NextHeader == NULL) {
360         goto Error;
361       }
362 
363       *NextHeader = This->NextHeader;
364     }
365 
366     Assemble->Head = Head;
367     Assemble->Info = IP6_GET_CLIP_INFO (Packet);
368   }
369 
370   //
371   // Don't update the length more than once.
372   //
373   if ((This->LastFrag != 0) && (Assemble->TotalLen == 0)) {
374     Assemble->TotalLen = This->End;
375   }
376 
377   //
378   // Deliver the whole packet if all the fragments received.
379   // All fragments received if:
380   //  1. received the last one, so, the totoal length is know
381   //  2. received all the data. If the last fragment on the
382   //     queue ends at the total length, all data is received.
383   //
384   if ((Assemble->TotalLen != 0) && (Assemble->CurLen >= Assemble->TotalLen)) {
385 
386     RemoveEntryList (&Assemble->Link);
387 
388     //
389     // If the packet is properly formated, the last fragment's End
390     // equals to the packet's total length. Otherwise, the packet
391     // is a fake, drop it now.
392     //
393     Fragment = NET_LIST_USER_STRUCT (ListHead->BackLink, NET_BUF, List);
394     if (IP6_GET_CLIP_INFO (Fragment)->End != (INTN) Assemble->TotalLen) {
395       Ip6FreeAssembleEntry (Assemble);
396       goto Error;
397     }
398 
399     Fragment = NET_LIST_HEAD (ListHead, NET_BUF, List);
400     This     = Assemble->Info;
401 
402     //
403     // This TmpPacket is used to hold the unfragmentable part, i.e.,
404     // the IPv6 header and the unfragmentable extension headers. Be noted that
405     // the Fragment Header is exluded.
406     //
407     TmpPacket = NetbufGetFragment (Fragment, 0, This->HeadLen, 0);
408     ASSERT (TmpPacket != NULL);
409 
410     NET_LIST_FOR_EACH (Cur, ListHead) {
411       //
412       // Trim off the unfragment part plus the fragment header from all fragments.
413       //
414       Fragment = NET_LIST_USER_STRUCT (Cur, NET_BUF, List);
415       NetbufTrim (Fragment, This->HeadLen + sizeof (IP6_FRAGMENT_HEADER), TRUE);
416     }
417 
418     InsertHeadList (ListHead, &TmpPacket->List);
419 
420     //
421     // Wrap the packet in a net buffer then deliver it up
422     //
423     NewPacket = NetbufFromBufList (
424                   &Assemble->Fragments,
425                   0,
426                   0,
427                   Ip6OnFreeFragments,
428                   Assemble
429                   );
430 
431     if (NewPacket == NULL) {
432       Ip6FreeAssembleEntry (Assemble);
433       goto Error;
434     }
435 
436     NewPacket->Ip.Ip6 = Assemble->Head;
437 
438     CopyMem (IP6_GET_CLIP_INFO (NewPacket), Assemble->Info, sizeof (IP6_CLIP_INFO));
439 
440     return NewPacket;
441   }
442 
443   return NULL;
444 
445 Error:
446   NetbufFree (Packet);
447   return NULL;
448 }
449 
450 
451 /**
452   The callback function for the net buffer that wraps the packet processed by
453   IPsec. It releases the wrap packet and also signals IPsec to free the resources.
454 
455   @param[in]  Arg       The wrap context.
456 
457 **/
458 VOID
459 EFIAPI
Ip6IpSecFree(IN VOID * Arg)460 Ip6IpSecFree (
461   IN VOID                   *Arg
462   )
463 {
464   IP6_IPSEC_WRAP            *Wrap;
465 
466   Wrap = (IP6_IPSEC_WRAP *) Arg;
467 
468   if (Wrap->IpSecRecycleSignal != NULL) {
469     gBS->SignalEvent (Wrap->IpSecRecycleSignal);
470   }
471 
472   NetbufFree (Wrap->Packet);
473 
474   FreePool (Wrap);
475 
476   return;
477 }
478 
479 /**
480   The work function to locate the IPsec protocol to process the inbound or
481   outbound IP packets. The process routine handles the packet with the following
482   actions: bypass the packet, discard the packet, or protect the packet.
483 
484   @param[in]       IpSb          The IP6 service instance.
485   @param[in, out]  Head          The caller-supplied IP6 header.
486   @param[in, out]  LastHead      The next header field of last IP header.
487   @param[in, out]  Netbuf        The IP6 packet to be processed by IPsec.
488   @param[in, out]  ExtHdrs       The caller-supplied options.
489   @param[in, out]  ExtHdrsLen    The length of the option.
490   @param[in]       Direction     The directionality in an SPD entry,
491                                  EfiIPsecInBound, or EfiIPsecOutBound.
492   @param[in]       Context       The token's wrap.
493 
494   @retval EFI_SUCCESS            The IPsec protocol is not available or disabled.
495   @retval EFI_SUCCESS            The packet was bypassed, and all buffers remain the same.
496   @retval EFI_SUCCESS            The packet was protected.
497   @retval EFI_ACCESS_DENIED      The packet was discarded.
498   @retval EFI_OUT_OF_RESOURCES   There are not suffcient resources to complete the operation.
499   @retval EFI_BUFFER_TOO_SMALL   The number of non-empty blocks is bigger than the
500                                  number of input data blocks when building a fragment table.
501 
502 **/
503 EFI_STATUS
Ip6IpSecProcessPacket(IN IP6_SERVICE * IpSb,IN OUT EFI_IP6_HEADER ** Head,IN OUT UINT8 * LastHead,IN OUT NET_BUF ** Netbuf,IN OUT UINT8 ** ExtHdrs,IN OUT UINT32 * ExtHdrsLen,IN EFI_IPSEC_TRAFFIC_DIR Direction,IN VOID * Context)504 Ip6IpSecProcessPacket (
505   IN     IP6_SERVICE            *IpSb,
506   IN OUT EFI_IP6_HEADER         **Head,
507   IN OUT UINT8                  *LastHead,
508   IN OUT NET_BUF                **Netbuf,
509   IN OUT UINT8                  **ExtHdrs,
510   IN OUT UINT32                 *ExtHdrsLen,
511   IN     EFI_IPSEC_TRAFFIC_DIR  Direction,
512   IN     VOID                   *Context
513   )
514 {
515   NET_FRAGMENT              *FragmentTable;
516   NET_FRAGMENT              *OriginalFragmentTable;
517   UINT32                    FragmentCount;
518   UINT32                    OriginalFragmentCount;
519   EFI_EVENT                 RecycleEvent;
520   NET_BUF                   *Packet;
521   IP6_TXTOKEN_WRAP          *TxWrap;
522   IP6_IPSEC_WRAP            *IpSecWrap;
523   EFI_STATUS                Status;
524   EFI_IP6_HEADER            *PacketHead;
525   UINT8                     *Buf;
526   EFI_IP6_HEADER            ZeroHead;
527 
528   Status        = EFI_SUCCESS;
529 
530   if (!mIpSec2Installed) {
531     goto ON_EXIT;
532   }
533 
534   Packet        = *Netbuf;
535   RecycleEvent  = NULL;
536   IpSecWrap     = NULL;
537   FragmentTable = NULL;
538   PacketHead    = NULL;
539   Buf           = NULL;
540   TxWrap        = (IP6_TXTOKEN_WRAP *) Context;
541   FragmentCount = Packet->BlockOpNum;
542   ZeroMem (&ZeroHead, sizeof (EFI_IP6_HEADER));
543 
544   if (mIpSec == NULL) {
545     gBS->LocateProtocol (&gEfiIpSec2ProtocolGuid, NULL, (VOID **) &mIpSec);
546 
547     //
548     // Check whether the ipsec protocol is available.
549     //
550     if (mIpSec == NULL) {
551       goto ON_EXIT;
552     }
553   }
554 
555   //
556   // Check whether the ipsec enable variable is set.
557   //
558   if (mIpSec->DisabledFlag) {
559     //
560     // If IPsec is disabled, restore the original MTU
561     //
562     IpSb->MaxPacketSize = IpSb->OldMaxPacketSize;
563     goto ON_EXIT;
564   } else {
565     //
566     // If IPsec is enabled, use the MTU which reduce the IPsec header length.
567     //
568     IpSb->MaxPacketSize = IpSb->OldMaxPacketSize - IP6_MAX_IPSEC_HEADLEN;
569   }
570 
571 
572   //
573   // Bypass all multicast inbound or outbound traffic.
574   //
575   if (IP6_IS_MULTICAST (&(*Head)->DestinationAddress) || IP6_IS_MULTICAST (&(*Head)->SourceAddress)) {
576     goto ON_EXIT;
577   }
578 
579   //
580   // Rebuild fragment table from netbuf to ease ipsec process.
581   //
582   FragmentTable = AllocateZeroPool (FragmentCount * sizeof (NET_FRAGMENT));
583 
584   if (FragmentTable == NULL) {
585     Status = EFI_OUT_OF_RESOURCES;
586     goto ON_EXIT;
587   }
588 
589   Status = NetbufBuildExt (Packet, FragmentTable, &FragmentCount);
590   OriginalFragmentTable = FragmentTable;
591   OriginalFragmentCount = FragmentCount;
592 
593   if (EFI_ERROR(Status)) {
594     FreePool (FragmentTable);
595     goto ON_EXIT;
596   }
597 
598   //
599   // Convert host byte order to network byte order
600   //
601   Ip6NtohHead (*Head);
602 
603   Status = mIpSec->ProcessExt (
604                      mIpSec,
605                      IpSb->Controller,
606                      IP_VERSION_6,
607                      (VOID *) (*Head),
608                      LastHead,
609                      (VOID **) ExtHdrs,
610                      ExtHdrsLen,
611                      (EFI_IPSEC_FRAGMENT_DATA  **) (&FragmentTable),
612                      &FragmentCount,
613                      Direction,
614                      &RecycleEvent
615                      );
616   //
617   // Convert back to host byte order
618   //
619   Ip6NtohHead (*Head);
620 
621   if (EFI_ERROR (Status)) {
622     FreePool (OriginalFragmentTable);
623     goto ON_EXIT;
624   }
625 
626   if (OriginalFragmentCount == FragmentCount && OriginalFragmentTable == FragmentTable) {
627     //
628     // For ByPass Packet
629     //
630     FreePool (FragmentTable);
631     goto ON_EXIT;
632   } else {
633     //
634     // Free the FragmentTable which allocated before calling the IPsec.
635     //
636     FreePool (OriginalFragmentTable);
637   }
638 
639   if (Direction == EfiIPsecOutBound && TxWrap != NULL) {
640     TxWrap->IpSecRecycleSignal = RecycleEvent;
641     TxWrap->Packet             = NetbufFromExt (
642                                    FragmentTable,
643                                    FragmentCount,
644                                    IP6_MAX_HEADLEN,
645                                    0,
646                                    Ip6FreeTxToken,
647                                    TxWrap
648                                    );
649     if (TxWrap->Packet == NULL) {
650       TxWrap->Packet = *Netbuf;
651       Status = EFI_OUT_OF_RESOURCES;
652       goto ON_EXIT;
653     }
654 
655     CopyMem (
656       IP6_GET_CLIP_INFO (TxWrap->Packet),
657       IP6_GET_CLIP_INFO (Packet),
658       sizeof (IP6_CLIP_INFO)
659       );
660 
661     NetIpSecNetbufFree(Packet);
662     *Netbuf = TxWrap->Packet;
663 
664   } else {
665 
666     IpSecWrap = AllocateZeroPool (sizeof (IP6_IPSEC_WRAP));
667 
668     if (IpSecWrap == NULL) {
669       Status = EFI_OUT_OF_RESOURCES;
670       gBS->SignalEvent (RecycleEvent);
671       goto ON_EXIT;
672     }
673 
674     IpSecWrap->IpSecRecycleSignal = RecycleEvent;
675     IpSecWrap->Packet             = Packet;
676     Packet                        = NetbufFromExt (
677                                       FragmentTable,
678                                       FragmentCount,
679                                       IP6_MAX_HEADLEN,
680                                       0,
681                                       Ip6IpSecFree,
682                                       IpSecWrap
683                                       );
684 
685     if (Packet == NULL) {
686       Packet = IpSecWrap->Packet;
687       gBS->SignalEvent (RecycleEvent);
688       FreePool (IpSecWrap);
689       Status = EFI_OUT_OF_RESOURCES;
690       goto ON_EXIT;
691     }
692 
693     if (Direction == EfiIPsecInBound && 0 != CompareMem (&ZeroHead, *Head, sizeof (EFI_IP6_HEADER))) {
694 
695       PacketHead = (EFI_IP6_HEADER *) NetbufAllocSpace (
696                                         Packet,
697                                         sizeof (EFI_IP6_HEADER) + *ExtHdrsLen,
698                                         NET_BUF_HEAD
699                                         );
700       if (PacketHead == NULL) {
701         *Netbuf = Packet;
702         Status  = EFI_OUT_OF_RESOURCES;
703         goto ON_EXIT;
704       }
705 
706       CopyMem (PacketHead, *Head, sizeof (EFI_IP6_HEADER));
707       *Head = PacketHead;
708       Packet->Ip.Ip6 = PacketHead;
709 
710       if (*ExtHdrs != NULL) {
711         Buf = (UINT8 *) (PacketHead + 1);
712         CopyMem (Buf, *ExtHdrs, *ExtHdrsLen);
713       }
714 
715       NetbufTrim (Packet, sizeof (EFI_IP6_HEADER) + *ExtHdrsLen, TRUE);
716       CopyMem (
717         IP6_GET_CLIP_INFO (Packet),
718         IP6_GET_CLIP_INFO (IpSecWrap->Packet),
719         sizeof (IP6_CLIP_INFO)
720         );
721     }
722     *Netbuf = Packet;
723   }
724 
725 ON_EXIT:
726   return Status;
727 }
728 
729 /**
730   Pre-process the IPv6 packet. First validates the IPv6 packet, and
731   then reassembles packet if it is necessary.
732 
733   @param[in]      IpSb          The IP6 service instance.
734   @param[in, out] Packet        The received IP6 packet to be processed.
735   @param[in]      Flag          The link layer flag for the packet received, such
736                                 as multicast.
737   @param[out]     Payload       The pointer to the payload of the recieved packet.
738                                 it starts from the first byte of the extension header.
739   @param[out]     LastHead      The pointer of NextHeader of the last extension
740                                 header processed by IP6.
741   @param[out]     ExtHdrsLen    The length of the whole option.
742   @param[out]     UnFragmentLen The length of unfragmented length of extension headers.
743   @param[out]     Fragmented    Indicate whether the packet is fragmented.
744   @param[out]     Head          The pointer to the EFI_IP6_Header.
745 
746   @retval     EFI_SUCCESS              The received packet is well format.
747   @retval     EFI_INVALID_PARAMETER    The received packet is malformed.
748 
749 **/
750 EFI_STATUS
Ip6PreProcessPacket(IN IP6_SERVICE * IpSb,IN OUT NET_BUF ** Packet,IN UINT32 Flag,OUT UINT8 ** Payload,OUT UINT8 ** LastHead,OUT UINT32 * ExtHdrsLen,OUT UINT32 * UnFragmentLen,OUT BOOLEAN * Fragmented,OUT EFI_IP6_HEADER ** Head)751 Ip6PreProcessPacket (
752   IN     IP6_SERVICE     *IpSb,
753   IN OUT NET_BUF         **Packet,
754   IN     UINT32          Flag,
755      OUT UINT8           **Payload,
756      OUT UINT8           **LastHead,
757      OUT UINT32          *ExtHdrsLen,
758      OUT UINT32          *UnFragmentLen,
759      OUT BOOLEAN         *Fragmented,
760      OUT EFI_IP6_HEADER  **Head
761   )
762 {
763   UINT16                    PayloadLen;
764   UINT16                    TotalLen;
765   UINT32                    FormerHeadOffset;
766   UINT32                    HeadLen;
767   IP6_FRAGMENT_HEADER       *FragmentHead;
768   UINT16                    FragmentOffset;
769   IP6_CLIP_INFO             *Info;
770   EFI_IPv6_ADDRESS          Loopback;
771 
772   HeadLen    = 0;
773   PayloadLen = 0;
774   //
775   // Check whether the input packet is a valid packet
776   //
777   if ((*Packet)->TotalSize < IP6_MIN_HEADLEN) {
778     return EFI_INVALID_PARAMETER;
779   }
780 
781   //
782   // Get header information of the packet.
783   //
784   *Head = (EFI_IP6_HEADER *) NetbufGetByte (*Packet, 0, NULL);
785   if (*Head == NULL) {
786     return EFI_INVALID_PARAMETER;
787   }
788 
789   //
790   // Multicast addresses must not be used as source addresses in IPv6 packets.
791   //
792   if (((*Head)->Version != 6) || (IP6_IS_MULTICAST (&(*Head)->SourceAddress))) {
793     return EFI_INVALID_PARAMETER;
794   }
795 
796   //
797   // A packet with a destination address of loopback ::1/128 or unspecified must be dropped.
798   //
799   ZeroMem (&Loopback, sizeof (EFI_IPv6_ADDRESS));
800   Loopback.Addr[15] = 0x1;
801   if ((CompareMem (&Loopback, &(*Head)->DestinationAddress, sizeof (EFI_IPv6_ADDRESS)) == 0) ||
802       (NetIp6IsUnspecifiedAddr (&(*Head)->DestinationAddress))) {
803     return EFI_INVALID_PARAMETER;
804   }
805 
806   //
807   // Convert the IP header to host byte order.
808   //
809   (*Packet)->Ip.Ip6 = Ip6NtohHead (*Head);
810 
811   //
812   // Get the per packet info.
813   //
814   Info           = IP6_GET_CLIP_INFO (*Packet);
815   Info->LinkFlag = Flag;
816   Info->CastType = 0;
817 
818   if (IpSb->MnpConfigData.EnablePromiscuousReceive) {
819     Info->CastType = Ip6Promiscuous;
820   }
821 
822   if (Ip6IsOneOfSetAddress (IpSb, &(*Head)->DestinationAddress, NULL, NULL)) {
823     Info->CastType = Ip6Unicast;
824   } else if (IP6_IS_MULTICAST (&(*Head)->DestinationAddress)) {
825     if (Ip6FindMldEntry (IpSb, &(*Head)->DestinationAddress) != NULL) {
826       Info->CastType = Ip6Multicast;
827     }
828   }
829 
830   //
831   // Drop the packet that is not delivered to us.
832   //
833   if (Info->CastType == 0) {
834     return EFI_INVALID_PARAMETER;
835   }
836 
837 
838   PayloadLen = (*Head)->PayloadLength;
839 
840   Info->Start    = 0;
841   Info->Length   = PayloadLen;
842   Info->End      = Info->Start + Info->Length;
843   Info->HeadLen  = (UINT16) sizeof (EFI_IP6_HEADER);
844   Info->Status   = EFI_SUCCESS;
845   Info->LastFrag = FALSE;
846 
847   TotalLen   = (UINT16) (PayloadLen + sizeof (EFI_IP6_HEADER));
848 
849   //
850   // Mnp may deliver frame trailer sequence up, trim it off.
851   //
852   if (TotalLen < (*Packet)->TotalSize) {
853     NetbufTrim (*Packet, (*Packet)->TotalSize - TotalLen, FALSE);
854   }
855 
856   if (TotalLen != (*Packet)->TotalSize) {
857     return EFI_INVALID_PARAMETER;
858   }
859 
860   //
861   // Check the extension headers, if exist validate them
862   //
863   if (PayloadLen != 0) {
864     *Payload = AllocatePool ((UINTN) PayloadLen);
865     if (*Payload == NULL) {
866       return EFI_INVALID_PARAMETER;
867     }
868 
869     NetbufCopy (*Packet, sizeof (EFI_IP6_HEADER), PayloadLen, *Payload);
870   }
871 
872   if (!Ip6IsExtsValid (
873          IpSb,
874          *Packet,
875          &(*Head)->NextHeader,
876          *Payload,
877          (UINT32) PayloadLen,
878          TRUE,
879          &FormerHeadOffset,
880          LastHead,
881          ExtHdrsLen,
882          UnFragmentLen,
883          Fragmented
884          )) {
885     return EFI_INVALID_PARAMETER;
886   }
887 
888   HeadLen        = sizeof (EFI_IP6_HEADER) + *UnFragmentLen;
889 
890   if (*Fragmented) {
891     //
892     // Get the fragment offset from the Fragment header
893     //
894     FragmentHead = (IP6_FRAGMENT_HEADER *) NetbufGetByte (*Packet, HeadLen, NULL);
895     if (FragmentHead == NULL) {
896       return EFI_INVALID_PARAMETER;
897     }
898 
899     FragmentOffset = NTOHS (FragmentHead->FragmentOffset);
900 
901     if ((FragmentOffset & 0x1) == 0) {
902       Info->LastFrag = TRUE;
903     }
904 
905     FragmentOffset &= (~0x1);
906 
907     //
908     // This is the first fragment of the packet
909     //
910     if (FragmentOffset == 0) {
911       Info->NextHeader = FragmentHead->NextHeader;
912     }
913 
914     Info->HeadLen          = (UINT16) HeadLen;
915     HeadLen                += sizeof (IP6_FRAGMENT_HEADER);
916     Info->Start            = FragmentOffset;
917     Info->Length           = TotalLen - (UINT16) HeadLen;
918     Info->End              = Info->Start + Info->Length;
919     Info->Id               = FragmentHead->Identification;
920     Info->FormerNextHeader = FormerHeadOffset;
921 
922     //
923     // Fragments should in the unit of 8 octets long except the last one.
924     //
925     if ((Info->LastFrag == 0) && (Info->Length % 8 != 0)) {
926       return EFI_INVALID_PARAMETER;
927     }
928 
929     //
930     // Reassemble the packet.
931     //
932     *Packet = Ip6Reassemble (&IpSb->Assemble, *Packet);
933     if (*Packet == NULL) {
934       return EFI_INVALID_PARAMETER;
935     }
936 
937     //
938     // Re-check the assembled packet to get the right values.
939     //
940     *Head       = (*Packet)->Ip.Ip6;
941     PayloadLen  = (*Head)->PayloadLength;
942     if (PayloadLen != 0) {
943       if (*Payload != NULL) {
944         FreePool (*Payload);
945       }
946 
947       *Payload = AllocatePool ((UINTN) PayloadLen);
948       if (*Payload == NULL) {
949         return EFI_INVALID_PARAMETER;
950       }
951 
952       NetbufCopy (*Packet, sizeof (EFI_IP6_HEADER), PayloadLen, *Payload);
953     }
954 
955     if (!Ip6IsExtsValid (
956            IpSb,
957            *Packet,
958            &(*Head)->NextHeader,
959            *Payload,
960            (UINT32) PayloadLen,
961            TRUE,
962            NULL,
963            LastHead,
964            ExtHdrsLen,
965            UnFragmentLen,
966            Fragmented
967            )) {
968       return EFI_INVALID_PARAMETER;
969     }
970   }
971 
972   //
973   // Trim the head off, after this point, the packet is headless.
974   // and Packet->TotalLen == Info->Length.
975   //
976   NetbufTrim (*Packet, sizeof (EFI_IP6_HEADER) + *ExtHdrsLen, TRUE);
977 
978   return EFI_SUCCESS;
979 }
980 
981 /**
982   The IP6 input routine. It is called by the IP6_INTERFACE when an
983   IP6 fragment is received from MNP.
984 
985   @param[in]  Packet             The IP6 packet received.
986   @param[in]  IoStatus           The return status of receive request.
987   @param[in]  Flag               The link layer flag for the packet received, such
988                                  as multicast.
989   @param[in]  Context            The IP6 service instance that owns the MNP.
990 
991 **/
992 VOID
Ip6AcceptFrame(IN NET_BUF * Packet,IN EFI_STATUS IoStatus,IN UINT32 Flag,IN VOID * Context)993 Ip6AcceptFrame (
994   IN NET_BUF                *Packet,
995   IN EFI_STATUS             IoStatus,
996   IN UINT32                 Flag,
997   IN VOID                   *Context
998   )
999 {
1000   IP6_SERVICE               *IpSb;
1001   EFI_IP6_HEADER            *Head;
1002   UINT8                     *Payload;
1003   UINT8                     *LastHead;
1004   UINT32                    UnFragmentLen;
1005   UINT32                    ExtHdrsLen;
1006   BOOLEAN                   Fragmented;
1007   EFI_STATUS                Status;
1008   EFI_IP6_HEADER            ZeroHead;
1009 
1010   IpSb = (IP6_SERVICE *) Context;
1011   NET_CHECK_SIGNATURE (IpSb, IP6_SERVICE_SIGNATURE);
1012 
1013   Payload  = NULL;
1014   LastHead = NULL;
1015 
1016   //
1017   // Check input parameters
1018   //
1019   if (EFI_ERROR (IoStatus) || (IpSb->State == IP6_SERVICE_DESTROY)) {
1020     goto Drop;
1021   }
1022 
1023   //
1024   // Pre-Process the Ipv6 Packet and then reassemble if it is necessary.
1025   //
1026   Status = Ip6PreProcessPacket (
1027              IpSb,
1028              &Packet,
1029              Flag,
1030              &Payload,
1031              &LastHead,
1032              &ExtHdrsLen,
1033              &UnFragmentLen,
1034              &Fragmented,
1035              &Head
1036              );
1037   if (EFI_ERROR (Status)) {
1038     goto Restart;
1039   }
1040   //
1041   // After trim off, the packet is a esp/ah/udp/tcp/icmp6 net buffer,
1042   // and no need consider any other ahead ext headers.
1043   //
1044   Status = Ip6IpSecProcessPacket (
1045              IpSb,
1046              &Head,
1047              LastHead, // need get the lasthead value for input
1048              &Packet,
1049              &Payload,
1050              &ExtHdrsLen,
1051              EfiIPsecInBound,
1052              NULL
1053              );
1054 
1055   if (EFI_ERROR (Status)) {
1056     goto Restart;
1057   }
1058 
1059   //
1060   // If the packet is protected by IPsec Tunnel Mode, Check the Inner Ip Packet.
1061   //
1062   ZeroMem (&ZeroHead, sizeof (EFI_IP6_HEADER));
1063   if (0 == CompareMem (Head, &ZeroHead, sizeof (EFI_IP6_HEADER))) {
1064     Status = Ip6PreProcessPacket (
1065                IpSb,
1066                &Packet,
1067                Flag,
1068                &Payload,
1069                &LastHead,
1070                &ExtHdrsLen,
1071                &UnFragmentLen,
1072                &Fragmented,
1073                &Head
1074                );
1075     if (EFI_ERROR (Status)) {
1076       goto Restart;
1077     }
1078   }
1079 
1080   //
1081   // Check the Packet again.
1082   //
1083   if (Packet == NULL) {
1084     goto Restart;
1085   }
1086 
1087   //
1088   // Packet may have been changed. The ownership of the packet
1089   // is transfered to the packet process logic.
1090   //
1091   Head  = Packet->Ip.Ip6;
1092   IP6_GET_CLIP_INFO (Packet)->Status = EFI_SUCCESS;
1093 
1094   switch (*LastHead) {
1095   case IP6_ICMP:
1096     Ip6IcmpHandle (IpSb, Head, Packet);
1097     break;
1098   default:
1099     Ip6Demultiplex (IpSb, Head, Packet);
1100   }
1101 
1102   Packet = NULL;
1103 
1104   //
1105   // Dispatch the DPCs queued by the NotifyFunction of the rx token's events
1106   // which are signaled with received data.
1107   //
1108   DispatchDpc ();
1109 
1110 Restart:
1111   if (Payload != NULL) {
1112     FreePool (Payload);
1113   }
1114 
1115   Ip6ReceiveFrame (Ip6AcceptFrame, IpSb);
1116 
1117 Drop:
1118   if (Packet != NULL) {
1119     NetbufFree (Packet);
1120   }
1121 
1122   return ;
1123 }
1124 
1125 /**
1126   Initialize an already allocated assemble table. This is generally
1127   the assemble table embedded in the IP6 service instance.
1128 
1129   @param[in, out]  Table    The assemble table to initialize.
1130 
1131 **/
1132 VOID
Ip6CreateAssembleTable(IN OUT IP6_ASSEMBLE_TABLE * Table)1133 Ip6CreateAssembleTable (
1134   IN OUT IP6_ASSEMBLE_TABLE *Table
1135   )
1136 {
1137   UINT32                    Index;
1138 
1139   for (Index = 0; Index < IP6_ASSEMLE_HASH_SIZE; Index++) {
1140     InitializeListHead (&Table->Bucket[Index]);
1141   }
1142 }
1143 
1144 /**
1145   Clean up the assemble table by removing all of the fragments
1146   and assemble entries.
1147 
1148   @param[in, out]  Table    The assemble table to clean up.
1149 
1150 **/
1151 VOID
Ip6CleanAssembleTable(IN OUT IP6_ASSEMBLE_TABLE * Table)1152 Ip6CleanAssembleTable (
1153   IN OUT IP6_ASSEMBLE_TABLE *Table
1154   )
1155 {
1156   LIST_ENTRY                *Entry;
1157   LIST_ENTRY                *Next;
1158   IP6_ASSEMBLE_ENTRY        *Assemble;
1159   UINT32                    Index;
1160 
1161   for (Index = 0; Index < IP6_ASSEMLE_HASH_SIZE; Index++) {
1162     NET_LIST_FOR_EACH_SAFE (Entry, Next, &Table->Bucket[Index]) {
1163       Assemble = NET_LIST_USER_STRUCT (Entry, IP6_ASSEMBLE_ENTRY, Link);
1164 
1165       RemoveEntryList (Entry);
1166       Ip6FreeAssembleEntry (Assemble);
1167     }
1168   }
1169 }
1170 
1171 
1172 /**
1173   The signal handle of IP6's recycle event. It is called back
1174   when the upper layer releases the packet.
1175 
1176   @param[in]  Event         The IP6's recycle event.
1177   @param[in]  Context       The context of the handle, which is a IP6_RXDATA_WRAP.
1178 
1179 **/
1180 VOID
1181 EFIAPI
Ip6OnRecyclePacket(IN EFI_EVENT Event,IN VOID * Context)1182 Ip6OnRecyclePacket (
1183   IN EFI_EVENT              Event,
1184   IN VOID                   *Context
1185   )
1186 {
1187   IP6_RXDATA_WRAP           *Wrap;
1188 
1189   Wrap = (IP6_RXDATA_WRAP *) Context;
1190 
1191   EfiAcquireLockOrFail (&Wrap->IpInstance->RecycleLock);
1192   RemoveEntryList (&Wrap->Link);
1193   EfiReleaseLock (&Wrap->IpInstance->RecycleLock);
1194 
1195   ASSERT (!NET_BUF_SHARED (Wrap->Packet));
1196   NetbufFree (Wrap->Packet);
1197 
1198   gBS->CloseEvent (Wrap->RxData.RecycleSignal);
1199   FreePool (Wrap);
1200 }
1201 
1202 /**
1203   Wrap the received packet to a IP6_RXDATA_WRAP, which will be
1204   delivered to the upper layer. Each IP6 child that accepts the
1205   packet will get a not-shared copy of the packet which is wrapped
1206   in the IP6_RXDATA_WRAP. The IP6_RXDATA_WRAP->RxData is passed
1207   to the upper layer. The upper layer will signal the recycle event in
1208   it when it is done with the packet.
1209 
1210   @param[in]  IpInstance    The IP6 child to receive the packet.
1211   @param[in]  Packet        The packet to deliver up.
1212 
1213   @return NULL if it failed to wrap the packet; otherwise, the wrapper.
1214 
1215 **/
1216 IP6_RXDATA_WRAP *
Ip6WrapRxData(IN IP6_PROTOCOL * IpInstance,IN NET_BUF * Packet)1217 Ip6WrapRxData (
1218   IN IP6_PROTOCOL           *IpInstance,
1219   IN NET_BUF                *Packet
1220   )
1221 {
1222   IP6_RXDATA_WRAP           *Wrap;
1223   EFI_IP6_RECEIVE_DATA      *RxData;
1224   EFI_STATUS                Status;
1225 
1226   Wrap = AllocatePool (IP6_RXDATA_WRAP_SIZE (Packet->BlockOpNum));
1227 
1228   if (Wrap == NULL) {
1229     return NULL;
1230   }
1231 
1232   InitializeListHead (&Wrap->Link);
1233 
1234   Wrap->IpInstance  = IpInstance;
1235   Wrap->Packet      = Packet;
1236   RxData            = &Wrap->RxData;
1237 
1238   ZeroMem (&RxData->TimeStamp, sizeof (EFI_TIME));
1239 
1240   Status = gBS->CreateEvent (
1241                   EVT_NOTIFY_SIGNAL,
1242                   TPL_NOTIFY,
1243                   Ip6OnRecyclePacket,
1244                   Wrap,
1245                   &RxData->RecycleSignal
1246                   );
1247 
1248   if (EFI_ERROR (Status)) {
1249     FreePool (Wrap);
1250     return NULL;
1251   }
1252 
1253   ASSERT (Packet->Ip.Ip6 != NULL);
1254 
1255   //
1256   // The application expects a network byte order header.
1257   //
1258   RxData->HeaderLength  = sizeof (EFI_IP6_HEADER);
1259   RxData->Header        = (EFI_IP6_HEADER *) Ip6NtohHead (Packet->Ip.Ip6);
1260   RxData->DataLength    = Packet->TotalSize;
1261 
1262   //
1263   // Build the fragment table to be delivered up.
1264   //
1265   RxData->FragmentCount = Packet->BlockOpNum;
1266   NetbufBuildExt (Packet, (NET_FRAGMENT *) RxData->FragmentTable, &RxData->FragmentCount);
1267 
1268   return Wrap;
1269 }
1270 
1271 /**
1272   Check whether this IP child accepts the packet.
1273 
1274   @param[in]  IpInstance    The IP child to check.
1275   @param[in]  Head          The IP header of the packet.
1276   @param[in]  Packet        The data of the packet.
1277 
1278   @retval     TRUE          The child wants to receive the packet.
1279   @retval     FALSE         The child does not want to receive the packet.
1280 
1281 **/
1282 BOOLEAN
Ip6InstanceFrameAcceptable(IN IP6_PROTOCOL * IpInstance,IN EFI_IP6_HEADER * Head,IN NET_BUF * Packet)1283 Ip6InstanceFrameAcceptable (
1284   IN IP6_PROTOCOL           *IpInstance,
1285   IN EFI_IP6_HEADER         *Head,
1286   IN NET_BUF                *Packet
1287   )
1288 {
1289   IP6_ICMP_ERROR_HEAD       Icmp;
1290   EFI_IP6_CONFIG_DATA       *Config;
1291   IP6_CLIP_INFO             *Info;
1292   UINT8                     *Proto;
1293   UINT32                    Index;
1294   UINT8                     *ExtHdrs;
1295   UINT16                    ErrMsgPayloadLen;
1296   UINT8                     *ErrMsgPayload;
1297 
1298   Config = &IpInstance->ConfigData;
1299   Proto  = NULL;
1300 
1301   //
1302   // Dirty trick for the Tiano UEFI network stack implmentation. If
1303   // ReceiveTimeout == -1, the receive of the packet for this instance
1304   // is disabled. The UEFI spec don't have such captibility. We add
1305   // this to improve the performance because IP will make a copy of
1306   // the received packet for each accepting instance. Some IP instances
1307   // used by UDP/TCP only send packets, they don't wants to receive.
1308   //
1309   if (Config->ReceiveTimeout == (UINT32)(-1)) {
1310     return FALSE;
1311   }
1312 
1313   if (Config->AcceptPromiscuous) {
1314     return TRUE;
1315   }
1316 
1317   //
1318   // Check whether the protocol is acceptable.
1319   //
1320   ExtHdrs = NetbufGetByte (Packet, 0, NULL);
1321 
1322   if (!Ip6IsExtsValid (
1323          IpInstance->Service,
1324          Packet,
1325          &Head->NextHeader,
1326          ExtHdrs,
1327          (UINT32) Head->PayloadLength,
1328          TRUE,
1329          NULL,
1330          &Proto,
1331          NULL,
1332          NULL,
1333          NULL
1334          )) {
1335     return FALSE;
1336   }
1337 
1338   //
1339   // The upper layer driver may want to receive the ICMPv6 error packet
1340   // invoked by its packet, like UDP.
1341   //
1342   if ((*Proto == IP6_ICMP) && (!Config->AcceptAnyProtocol) && (*Proto != Config->DefaultProtocol)) {
1343     NetbufCopy (Packet, 0, sizeof (Icmp), (UINT8 *) &Icmp);
1344 
1345     if (Icmp.Head.Type <= ICMP_V6_ERROR_MAX) {
1346       if (!Config->AcceptIcmpErrors) {
1347         return FALSE;
1348       }
1349 
1350       //
1351       // Get the protocol of the invoking packet of ICMPv6 error packet.
1352       //
1353       ErrMsgPayloadLen = NTOHS (Icmp.IpHead.PayloadLength);
1354       ErrMsgPayload    = NetbufGetByte (Packet, sizeof (Icmp), NULL);
1355 
1356       if (!Ip6IsExtsValid (
1357              NULL,
1358              NULL,
1359              &Icmp.IpHead.NextHeader,
1360              ErrMsgPayload,
1361              ErrMsgPayloadLen,
1362              TRUE,
1363              NULL,
1364              &Proto,
1365              NULL,
1366              NULL,
1367              NULL
1368              )) {
1369         return FALSE;
1370       }
1371     }
1372   }
1373 
1374   //
1375   // Match the protocol
1376   //
1377   if (!Config->AcceptAnyProtocol && (*Proto != Config->DefaultProtocol)) {
1378     return FALSE;
1379   }
1380 
1381   //
1382   // Check for broadcast, the caller has computed the packet's
1383   // cast type for this child's interface.
1384   //
1385   Info = IP6_GET_CLIP_INFO (Packet);
1386 
1387   //
1388   // If it is a multicast packet, check whether we are in the group.
1389   //
1390   if (Info->CastType == Ip6Multicast) {
1391     //
1392     // Receive the multicast if the instance wants to receive all packets.
1393     //
1394     if (NetIp6IsUnspecifiedAddr (&IpInstance->ConfigData.StationAddress)) {
1395       return TRUE;
1396     }
1397 
1398     for (Index = 0; Index < IpInstance->GroupCount; Index++) {
1399       if (EFI_IP6_EQUAL (IpInstance->GroupList + Index, &Head->DestinationAddress)) {
1400         break;
1401       }
1402     }
1403 
1404     return (BOOLEAN)(Index < IpInstance->GroupCount);
1405   }
1406 
1407   return TRUE;
1408 }
1409 
1410 /**
1411   Enqueue a shared copy of the packet to the IP6 child if the
1412   packet is acceptable to it. Here the data of the packet is
1413   shared, but the net buffer isn't.
1414 
1415   @param  IpInstance             The IP6 child to enqueue the packet to.
1416   @param  Head                   The IP header of the received packet.
1417   @param  Packet                 The data of the received packet.
1418 
1419   @retval EFI_NOT_STARTED        The IP child hasn't been configured.
1420   @retval EFI_INVALID_PARAMETER  The child doesn't want to receive the packet.
1421   @retval EFI_OUT_OF_RESOURCES   Failed to allocate some resources
1422   @retval EFI_SUCCESS            A shared copy the packet is enqueued to the child.
1423 
1424 **/
1425 EFI_STATUS
Ip6InstanceEnquePacket(IN IP6_PROTOCOL * IpInstance,IN EFI_IP6_HEADER * Head,IN NET_BUF * Packet)1426 Ip6InstanceEnquePacket (
1427   IN IP6_PROTOCOL           *IpInstance,
1428   IN EFI_IP6_HEADER         *Head,
1429   IN NET_BUF                *Packet
1430   )
1431 {
1432   IP6_CLIP_INFO             *Info;
1433   NET_BUF                   *Clone;
1434 
1435   //
1436   // Check whether the packet is acceptable to this instance.
1437   //
1438   if (IpInstance->State != IP6_STATE_CONFIGED) {
1439     return EFI_NOT_STARTED;
1440   }
1441 
1442   if (!Ip6InstanceFrameAcceptable (IpInstance, Head, Packet)) {
1443     return EFI_INVALID_PARAMETER;
1444   }
1445 
1446   //
1447   // Enque a shared copy of the packet.
1448   //
1449   Clone = NetbufClone (Packet);
1450 
1451   if (Clone == NULL) {
1452     return EFI_OUT_OF_RESOURCES;
1453   }
1454 
1455   //
1456   // Set the receive time out for the assembled packet. If it expires,
1457   // packet will be removed from the queue.
1458   //
1459   Info        = IP6_GET_CLIP_INFO (Clone);
1460   Info->Life  = IP6_US_TO_SEC (IpInstance->ConfigData.ReceiveTimeout);
1461 
1462   InsertTailList (&IpInstance->Received, &Clone->List);
1463   return EFI_SUCCESS;
1464 }
1465 
1466 /**
1467   Deliver the received packets to the upper layer if there are both received
1468   requests and enqueued packets. If the enqueued packet is shared, it will
1469   duplicate it to a non-shared packet, release the shared packet, then
1470   deliver the non-shared packet up.
1471 
1472   @param[in]  IpInstance         The IP child to deliver the packet up.
1473 
1474   @retval EFI_OUT_OF_RESOURCES   Failed to allocate resources to deliver the
1475                                  packets.
1476   @retval EFI_SUCCESS            All the enqueued packets that can be delivered
1477                                  are delivered up.
1478 
1479 **/
1480 EFI_STATUS
Ip6InstanceDeliverPacket(IN IP6_PROTOCOL * IpInstance)1481 Ip6InstanceDeliverPacket (
1482   IN IP6_PROTOCOL           *IpInstance
1483   )
1484 {
1485   EFI_IP6_COMPLETION_TOKEN  *Token;
1486   IP6_RXDATA_WRAP           *Wrap;
1487   NET_BUF                   *Packet;
1488   NET_BUF                   *Dup;
1489   UINT8                     *Head;
1490 
1491   //
1492   // Deliver a packet if there are both a packet and a receive token.
1493   //
1494   while (!IsListEmpty (&IpInstance->Received) && !NetMapIsEmpty (&IpInstance->RxTokens)) {
1495 
1496     Packet = NET_LIST_HEAD (&IpInstance->Received, NET_BUF, List);
1497 
1498     if (!NET_BUF_SHARED (Packet)) {
1499       //
1500       // If this is the only instance that wants the packet, wrap it up.
1501       //
1502       Wrap = Ip6WrapRxData (IpInstance, Packet);
1503 
1504       if (Wrap == NULL) {
1505         return EFI_OUT_OF_RESOURCES;
1506       }
1507 
1508       RemoveEntryList (&Packet->List);
1509 
1510     } else {
1511       //
1512       // Create a duplicated packet if this packet is shared
1513       //
1514       Dup = NetbufDuplicate (Packet, NULL, sizeof (EFI_IP6_HEADER));
1515 
1516       if (Dup == NULL) {
1517         return EFI_OUT_OF_RESOURCES;
1518       }
1519 
1520       //
1521       // Copy the IP head over. The packet to deliver up is
1522       // headless. Trim the head off after copy. The IP head
1523       // may be not continuous before the data.
1524       //
1525       Head        = NetbufAllocSpace (Dup, sizeof (EFI_IP6_HEADER), NET_BUF_HEAD);
1526       ASSERT (Head != NULL);
1527       Dup->Ip.Ip6 = (EFI_IP6_HEADER *) Head;
1528 
1529       CopyMem (Head, Packet->Ip.Ip6, sizeof (EFI_IP6_HEADER));
1530       NetbufTrim (Dup, sizeof (EFI_IP6_HEADER), TRUE);
1531 
1532       Wrap = Ip6WrapRxData (IpInstance, Dup);
1533 
1534       if (Wrap == NULL) {
1535         NetbufFree (Dup);
1536         return EFI_OUT_OF_RESOURCES;
1537       }
1538 
1539       RemoveEntryList (&Packet->List);
1540       NetbufFree (Packet);
1541 
1542       Packet = Dup;
1543     }
1544 
1545     //
1546     // Insert it into the delivered packet, then get a user's
1547     // receive token, pass the wrapped packet up.
1548     //
1549     EfiAcquireLockOrFail (&IpInstance->RecycleLock);
1550     InsertHeadList (&IpInstance->Delivered, &Wrap->Link);
1551     EfiReleaseLock (&IpInstance->RecycleLock);
1552 
1553     Token                = NetMapRemoveHead (&IpInstance->RxTokens, NULL);
1554     Token->Status        = IP6_GET_CLIP_INFO (Packet)->Status;
1555     Token->Packet.RxData = &Wrap->RxData;
1556 
1557     gBS->SignalEvent (Token->Event);
1558   }
1559 
1560   return EFI_SUCCESS;
1561 }
1562 
1563 /**
1564   Enqueue a received packet to all the IP children that share
1565   the same interface.
1566 
1567   @param[in]  IpSb          The IP6 service instance that receive the packet.
1568   @param[in]  Head          The header of the received packet.
1569   @param[in]  Packet        The data of the received packet.
1570   @param[in]  IpIf          The interface to enqueue the packet to.
1571 
1572   @return The number of the IP6 children that accepts the packet.
1573 
1574 **/
1575 INTN
Ip6InterfaceEnquePacket(IN IP6_SERVICE * IpSb,IN EFI_IP6_HEADER * Head,IN NET_BUF * Packet,IN IP6_INTERFACE * IpIf)1576 Ip6InterfaceEnquePacket (
1577   IN IP6_SERVICE            *IpSb,
1578   IN EFI_IP6_HEADER         *Head,
1579   IN NET_BUF                *Packet,
1580   IN IP6_INTERFACE          *IpIf
1581   )
1582 {
1583   IP6_PROTOCOL              *IpInstance;
1584   IP6_CLIP_INFO             *Info;
1585   LIST_ENTRY                *Entry;
1586   INTN                      Enqueued;
1587   INTN                      LocalType;
1588   INTN                      SavedType;
1589 
1590   //
1591   // First, check that the packet is acceptable to this interface
1592   // and find the local cast type for the interface.
1593   //
1594   LocalType = 0;
1595   Info      = IP6_GET_CLIP_INFO (Packet);
1596 
1597   if (IpIf->PromiscRecv) {
1598     LocalType = Ip6Promiscuous;
1599   } else {
1600     LocalType = Info->CastType;
1601   }
1602 
1603   //
1604   // Iterate through the ip instances on the interface, enqueue
1605   // the packet if filter passed. Save the original cast type,
1606   // and pass the local cast type to the IP children on the
1607   // interface. The global cast type will be restored later.
1608   //
1609   SavedType       = Info->CastType;
1610   Info->CastType  = (UINT32) LocalType;
1611 
1612   Enqueued        = 0;
1613 
1614   NET_LIST_FOR_EACH (Entry, &IpIf->IpInstances) {
1615     IpInstance = NET_LIST_USER_STRUCT (Entry, IP6_PROTOCOL, AddrLink);
1616     NET_CHECK_SIGNATURE (IpInstance, IP6_PROTOCOL_SIGNATURE);
1617 
1618     if (Ip6InstanceEnquePacket (IpInstance, Head, Packet) == EFI_SUCCESS) {
1619       Enqueued++;
1620     }
1621   }
1622 
1623   Info->CastType = (UINT32) SavedType;
1624   return Enqueued;
1625 }
1626 
1627 /**
1628   Deliver the packet for each IP6 child on the interface.
1629 
1630   @param[in]  IpSb          The IP6 service instance that received the packet.
1631   @param[in]  IpIf          The IP6 interface to deliver the packet.
1632 
1633 **/
1634 VOID
Ip6InterfaceDeliverPacket(IN IP6_SERVICE * IpSb,IN IP6_INTERFACE * IpIf)1635 Ip6InterfaceDeliverPacket (
1636   IN IP6_SERVICE            *IpSb,
1637   IN IP6_INTERFACE          *IpIf
1638   )
1639 {
1640   IP6_PROTOCOL              *IpInstance;
1641   LIST_ENTRY                *Entry;
1642 
1643   NET_LIST_FOR_EACH (Entry, &IpIf->IpInstances) {
1644     IpInstance = NET_LIST_USER_STRUCT (Entry, IP6_PROTOCOL, AddrLink);
1645     Ip6InstanceDeliverPacket (IpInstance);
1646   }
1647 }
1648 
1649 /**
1650   De-multiplex the packet. the packet delivery is processed in two
1651   passes. The first pass will enqueue a shared copy of the packet
1652   to each IP6 child that accepts the packet. The second pass will
1653   deliver a non-shared copy of the packet to each IP6 child that
1654   has pending receive requests. Data is copied if more than one
1655   child wants to consume the packet, because each IP child needs
1656   its own copy of the packet to make changes.
1657 
1658   @param[in]  IpSb          The IP6 service instance that received the packet.
1659   @param[in]  Head          The header of the received packet.
1660   @param[in]  Packet        The data of the received packet.
1661 
1662   @retval EFI_NOT_FOUND     No IP child accepts the packet.
1663   @retval EFI_SUCCESS       The packet is enqueued or delivered to some IP
1664                             children.
1665 
1666 **/
1667 EFI_STATUS
Ip6Demultiplex(IN IP6_SERVICE * IpSb,IN EFI_IP6_HEADER * Head,IN NET_BUF * Packet)1668 Ip6Demultiplex (
1669   IN IP6_SERVICE            *IpSb,
1670   IN EFI_IP6_HEADER         *Head,
1671   IN NET_BUF                *Packet
1672   )
1673 {
1674 
1675   LIST_ENTRY                *Entry;
1676   IP6_INTERFACE             *IpIf;
1677   INTN                      Enqueued;
1678 
1679   //
1680   // Two pass delivery: first, enque a shared copy of the packet
1681   // to each instance that accept the packet.
1682   //
1683   Enqueued = 0;
1684 
1685   NET_LIST_FOR_EACH (Entry, &IpSb->Interfaces) {
1686     IpIf = NET_LIST_USER_STRUCT (Entry, IP6_INTERFACE, Link);
1687 
1688     if (IpIf->Configured) {
1689       Enqueued += Ip6InterfaceEnquePacket (IpSb, Head, Packet, IpIf);
1690     }
1691   }
1692 
1693   //
1694   // Second: deliver a duplicate of the packet to each instance.
1695   // Release the local reference first, so that the last instance
1696   // getting the packet will not copy the data.
1697   //
1698   NetbufFree (Packet);
1699   Packet = NULL;
1700 
1701   if (Enqueued == 0) {
1702     return EFI_NOT_FOUND;
1703   }
1704 
1705   NET_LIST_FOR_EACH (Entry, &IpSb->Interfaces) {
1706     IpIf = NET_LIST_USER_STRUCT (Entry, IP6_INTERFACE, Link);
1707 
1708     if (IpIf->Configured) {
1709       Ip6InterfaceDeliverPacket (IpSb, IpIf);
1710     }
1711   }
1712 
1713   return EFI_SUCCESS;
1714 }
1715 
1716 /**
1717   Decrease the life of the transmitted packets. If it is
1718   decreased to zero, cancel the packet. This function is
1719   called by Ip6packetTimerTicking that provides timeout for both the
1720   received-but-not-delivered and transmitted-but-not-recycle
1721   packets.
1722 
1723   @param[in]  Map           The IP6 child's transmit map.
1724   @param[in]  Item          Current transmitted packet.
1725   @param[in]  Context       Not used.
1726 
1727   @retval EFI_SUCCESS       Always returns EFI_SUCCESS.
1728 
1729 **/
1730 EFI_STATUS
1731 EFIAPI
Ip6SentPacketTicking(IN NET_MAP * Map,IN NET_MAP_ITEM * Item,IN VOID * Context)1732 Ip6SentPacketTicking (
1733   IN NET_MAP                *Map,
1734   IN NET_MAP_ITEM           *Item,
1735   IN VOID                   *Context
1736   )
1737 {
1738   IP6_TXTOKEN_WRAP          *Wrap;
1739 
1740   Wrap = (IP6_TXTOKEN_WRAP *) Item->Value;
1741   ASSERT (Wrap != NULL);
1742 
1743   if ((Wrap->Life > 0) && (--Wrap->Life == 0)) {
1744     Ip6CancelPacket (Wrap->IpInstance->Interface, Wrap->Packet, EFI_ABORTED);
1745   }
1746 
1747   return EFI_SUCCESS;
1748 }
1749 
1750 /**
1751   Timeout the fragments, and the enqueued, and transmitted packets.
1752 
1753   @param[in]  IpSb          The IP6 service instance to timeout.
1754 
1755 **/
1756 VOID
Ip6PacketTimerTicking(IN IP6_SERVICE * IpSb)1757 Ip6PacketTimerTicking (
1758   IN IP6_SERVICE            *IpSb
1759   )
1760 {
1761   LIST_ENTRY                *InstanceEntry;
1762   LIST_ENTRY                *Entry;
1763   LIST_ENTRY                *Next;
1764   IP6_PROTOCOL              *IpInstance;
1765   IP6_ASSEMBLE_ENTRY        *Assemble;
1766   NET_BUF                   *Packet;
1767   IP6_CLIP_INFO             *Info;
1768   UINT32                    Index;
1769 
1770   //
1771   // First, time out the fragments. The packet's life is counting down
1772   // once the first-arriving fragment of that packet was received.
1773   //
1774   for (Index = 0; Index < IP6_ASSEMLE_HASH_SIZE; Index++) {
1775     NET_LIST_FOR_EACH_SAFE (Entry, Next, &(IpSb->Assemble.Bucket[Index])) {
1776       Assemble = NET_LIST_USER_STRUCT (Entry, IP6_ASSEMBLE_ENTRY, Link);
1777 
1778       if ((Assemble->Life > 0) && (--Assemble->Life == 0)) {
1779         //
1780         // If the first fragment (the one with a Fragment Offset of zero)
1781         // has been received, an ICMP Time Exceeded - Fragment Reassembly
1782         // Time Exceeded message should be sent to the source of that fragment.
1783         //
1784         if ((Assemble->Packet != NULL) &&
1785             !IP6_IS_MULTICAST (&Assemble->Head->DestinationAddress)) {
1786           Ip6SendIcmpError (
1787             IpSb,
1788             Assemble->Packet,
1789             NULL,
1790             &Assemble->Head->SourceAddress,
1791             ICMP_V6_TIME_EXCEEDED,
1792             ICMP_V6_TIMEOUT_REASSEMBLE,
1793             NULL
1794             );
1795         }
1796 
1797         //
1798         // If reassembly of a packet is not completed within 60 seconds of
1799         // the reception of the first-arriving fragment of that packet, the
1800         // reassembly must be abandoned and all the fragments that have been
1801         // received for that packet must be discarded.
1802         //
1803         RemoveEntryList (Entry);
1804         Ip6FreeAssembleEntry (Assemble);
1805       }
1806     }
1807   }
1808 
1809   NET_LIST_FOR_EACH (InstanceEntry, &IpSb->Children) {
1810     IpInstance = NET_LIST_USER_STRUCT (InstanceEntry, IP6_PROTOCOL, Link);
1811 
1812     //
1813     // Second, time out the assembled packets enqueued on each IP child.
1814     //
1815     NET_LIST_FOR_EACH_SAFE (Entry, Next, &IpInstance->Received) {
1816       Packet = NET_LIST_USER_STRUCT (Entry, NET_BUF, List);
1817       Info   = IP6_GET_CLIP_INFO (Packet);
1818 
1819       if ((Info->Life > 0) && (--Info->Life == 0)) {
1820         RemoveEntryList (Entry);
1821         NetbufFree (Packet);
1822       }
1823     }
1824 
1825     //
1826     // Third: time out the transmitted packets.
1827     //
1828     NetMapIterate (&IpInstance->TxTokens, Ip6SentPacketTicking, NULL);
1829   }
1830 }
1831 
1832