Re: [edk2] [PATCH 1/6] NetworkPkg: Add DSC/FDF include segment files to NetworkPkg.
On 11/21/18 12:53, Fu, Siyuan wrote:
>> -Original Message-
>> From: Laszlo Ersek [mailto:ler...@redhat.com]
>> Sent: Wednesday, November 21, 2018 6:47 PM
>> To: Fu, Siyuan
>> Cc: edk2-devel@lists.01.org; Ye, Ting ; Wu, Jiaxin
>>
>> Subject: Re: [edk2] [PATCH 1/6] NetworkPkg: Add DSC/FDF include segment
>> files to NetworkPkg.
[...]
>>> +[PcdsFixedAtBuild]
>>> +!if $(NETWORK_ALLOW_HTTP_CONNECTIONS) == TRUE
>>> + gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections|TRUE
>>> +!endif
>>
>> (11) I'm not sure this is flexible enough.
>>
>> First, in "OvmfPkg/OvmfPkgIa32X64.dsc", we set the PCD only under
>> [PcdsFixedAtBuild.X64], not under [PcdsFixedAtBuild]. I agree that in
>> practice, such a change shouldn't be a problem however.
>>
>> Second, a more practical observation: NetworkPkg.dec declares this PCD
>> not just as fixed, but also as patchable-in-module. As far as I
>> understand, the above DSC include hunk will prevent platforms from using
>> the PCD as patchable.
>>
>> I think the most flexible option would be to simply remove the
>> NETWORK_ALLOW_HTTP_CONNECTIONS build flag, from this patch, and to allow
>> platforms to set the PCD however they want. A build macro ("-D") is not
>> expressive enough for this. Also remember that "--pcd" can be passed on
>> the build command line too, so not much usability/convenience is lost by
>> removing NETWORK_ALLOW_HTTP_CONNECTIONS.
>
> I'm OK to remove this flag.
>
>>
>>> +
>>> +[Components]
>>
>> (12) How is this going to work with multi-arch platform builds, such as
>> "OvmfPkg/OvmfPkgIa32X64.dsc", where the PEI phase is 32-bit, and the DXE
>> phase is 64-bit?
>>
>> I don't think "OvmfPkgIa32X64.dsc" should build the networking modules
>> for 32-bit too. They would never be included in the final flash device,
>> so it's wasted compilation.
>>
>> Can we introduce separate DSC include files (fragments) for each of the
>> DSC file sections? That is, we could have:
>>
>> - a "NetworkDefines.dsc.inc" for the [Defines] section(s),
>> - a "NetworkLibs.dsc.inc" for the [LibraryClasses*] section(s),
>> - a "NetworkPcds.dsc.inc" for the [Pcds*] section(s),
>> - a "NetworkComponents.dsc.inc" for the [Components*] section(s).
>>
>> Then the platform DSC would be responsible for spelling out the precise
>> section header it wants, and then include the matching DSC include file
>> right below that.
>>
>> In other words, can we split this DSC include into multiple files, at
>> the currently shown section headers, and remove the section headers
>> themselves?
>
> It's quite a good suggestion.
>
> My initial intention is to make the include file as simple as possible,
> to minimize the platform owner's work, so I just provide 1 include file
> for DSC, and you are correct that it was done at the cost of losing
> flexibility and wasting build time.
>
> Now I think even we have 4 separate DSC include files, it's still much
> easier to organize than original 20 more INF, and with much more flexibility
> to platform owner.
>
> This could also solve the problem (11).
Right, this would restore flexibility to the PCD settings as well.
[...]
>>> + !if $(NETWORK_TLS_ENABLE) == TRUE
>>> +NetworkPkg/TlsDxe/TlsDxe.inf
>>> +NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
>>> + !endif
>>
>> (15) Unfortunately, this isn't flexible enough for OVMF. OVMF hooks
>>
>> OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
>>
>> into TlsAuthConfigDxe via NULL class resolution -- for setting up the CA
>> certificates and cipher suites, in volatile UEFI variables, just in time.
>
> You are correct, that's why I leave the original "TLS_ENABLE" flag and set
> NETWORK_TLS_ENABLE to false in OVMF package's patch. If a platform want to
> override a driver or library component, it should disable the relative
> NETWORK_*** flag for the include file, and add the override component in
> its DSC/FDF separately.
>
> I haven't figure out a good solution except this method.
(See also my OvmfPkg patch comments:)
I think this method can work well; the only thing we should be careful
about IMO is that the platform-specific flag should really be clear
about it being platform specific. Hence my earlier suggestion to rename
TLS_ENABLE in OVMF to PLATFORM_TLS_ENABLE.
Because, just "TLS_ENABLE" is a little bit ambiguous (to me anyway) in
whether it utilizes a pre-packaged core feature, or a platform-specific
inclusion of the feature.
Thank you!
Laszlo
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 1/6] NetworkPkg: Add DSC/FDF include segment files to NetworkPkg.
Hi, Laszlo
> -Original Message-
> From: Laszlo Ersek [mailto:ler...@redhat.com]
> Sent: Wednesday, November 21, 2018 6:47 PM
> To: Fu, Siyuan
> Cc: edk2-devel@lists.01.org; Ye, Ting ; Wu, Jiaxin
>
> Subject: Re: [edk2] [PATCH 1/6] NetworkPkg: Add DSC/FDF include segment
> files to NetworkPkg.
>
> On 11/21/18 06:28, Fu Siyuan wrote:
> > The "Network.dsc.inc" and "Network.fdf.inc" are added for platform owner
> to
> > easily enable/disable network stack support on their platform, by adding
> > !include NetworkPkg/Network.dsc.inc
> > and
> > !include NetworkPkg/Network.fdf.inc
> > to their platform DSC/FDF files.
> >
> > A set of flags can be changed before the include line or in build
> command
> > line ("-D FLAG=VALUE") to enable or disable related feature set.
> >
> > The default value of these flags are:
> > DEFINE NETWORK_ENABLE = TRUE
> > DEFINE NETWORK_SNP_ENABLE = TRUE
> > DEFINE NETWORK_IP4_ENABLE = TRUE
> > DEFINE NETWORK_IP6_ENABLE = TRUE
> > DEFINE NETWORK_TLS_ENABLE = TRUE
> > DEFINE NETWORK_HTTP_BOOT_ENABLE = TRUE
> > DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
> > DEFINE NETWORK_IPSEC_ENABLE = TRUE
> > DEFINE NETWORK_ISCSI_ENABLE = TRUE
> > DEFINE NETWORK_VLAN_ENABLE = TRUE
>
> (1) This table is inconsistent with regard to alignment. In some cases,
> there are attempts to align the equal signs, and the assigned values
> (such as NETWORK_ENABLE and NETWORK_ALLOW_HTTP_CONNECTIONS), however, as
> a whole, the table is inconsistent. Please align all the equal signs and
> the assigned values to the longest macro name, namely
> NETWORK_ALLOW_HTTP_CONNECTIONS.
Agree, I Will fix this in v2 patch.
>
> > Detail description of each flag is in Network.dsc.inc file.
> >
> > Related BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1293
> >
> > Cc: Jiaxin Wu
> > Cc: Ting Ye
> > Contributed-under: TianoCore Contribution Agreement 1.1
> > Signed-off-by: Fu Siyuan
> > ---
> > NetworkPkg/Network.dsc.inc | 203
> > NetworkPkg/Network.fdf.inc | 81
> > 2 files changed, 284 insertions(+)
> >
> > diff --git a/NetworkPkg/Network.dsc.inc b/NetworkPkg/Network.dsc.inc
> > new file mode 100644
> > index ..50cf93ba816a
> > --- /dev/null
> > +++ b/NetworkPkg/Network.dsc.inc
> > @@ -0,0 +1,203 @@
> > +## @file
> > +# Network DSC include file for All Architectures.
> > +#
> > +# This file can be included to a platform DSC by using "!include
> NetworkPkg/Network.dsc.inc"
> > +# to add edk2 network stack drivers.
> > +# Below flags can be changed on the command line to enable or disable
> related feature
> > +# support.
> > +# -D FLAG=VALUE
> > +# The default value of these flags are:
> > +# DEFINE NETWORK_ENABLE = TRUE
> > +# DEFINE NETWORK_SNP_ENABLE = TRUE
> > +# DEFINE NETWORK_IP4_ENABLE = TRUE
> > +# DEFINE NETWORK_IP6_ENABLE = TRUE
> > +# DEFINE NETWORK_TLS_ENABLE = TRUE
> > +# DEFINE NETWORK_HTTP_BOOT_ENABLE = TRUE
> > +# DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
> > +# DEFINE NETWORK_IPSEC_ENABLE = TRUE
> > +# DEFINE NETWORK_ISCSI_ENABLE = TRUE
> > +# DEFINE NETWORK_VLAN_ENABLE = TRUE
>
> (2) Same as (1).
>
> > +#
> > +# Copyright (c) 2018, Intel Corporation. All rights reserved.
> > +#
> > +#This program and the accompanying materials
> > +#are licensed and made available under the terms and conditions of
> the BSD License
> > +#which accompanies this distribution. The full text of the license
> may be found at
> > +#http://opensource.org/licenses/bsd-license.php
> > +#
> > +#THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> > +#WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS
> OR IMPLIED.
> > +#
> > +##
> > +
> > +[Defines]
> > +!ifndef NETWORK_ENABLE
> > + #
> > + # This flag is to enable or disable the whole network stack.
> > + # These can be changed on the command line.
> > + # -D FLAG=VALUE
>
> (3) I suggest dropping the statement "These can be changed on the
> command line".
>
> I also suggest dropping the generic "-D FLAG=VALUE" line.
>
> Both of those apply to all settings, and they are well explained in the
> general description near the top.
You are correct. These lines were added before I wrote the file header, they
are redundant
now since the
Re: [edk2] [PATCH 1/6] NetworkPkg: Add DSC/FDF include segment files to NetworkPkg.
On 11/21/18 11:46, Laszlo Ersek wrote:
> On 11/21/18 06:28, Fu Siyuan wrote:
>> The "Network.dsc.inc" and "Network.fdf.inc" are added for platform owner to
>> easily enable/disable network stack support on their platform, by adding
>> !include NetworkPkg/Network.dsc.inc
>> and
>> !include NetworkPkg/Network.fdf.inc
>> to their platform DSC/FDF files.
>>
>> A set of flags can be changed before the include line or in build command
>> line ("-D FLAG=VALUE") to enable or disable related feature set.
>>
>> The default value of these flags are:
>> DEFINE NETWORK_ENABLE = TRUE
>> DEFINE NETWORK_SNP_ENABLE = TRUE
>> DEFINE NETWORK_IP4_ENABLE = TRUE
>> DEFINE NETWORK_IP6_ENABLE = TRUE
>> DEFINE NETWORK_TLS_ENABLE = TRUE
>> DEFINE NETWORK_HTTP_BOOT_ENABLE = TRUE
>> DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
>> DEFINE NETWORK_IPSEC_ENABLE = TRUE
>> DEFINE NETWORK_ISCSI_ENABLE = TRUE
>> DEFINE NETWORK_VLAN_ENABLE = TRUE
>
> [...]
I'd like to review the ArmVirtPkg and OvmfPkg patches in detail once the
NetworkPkg patch stabilizes.
In addition, I have some higher-level comments. This patch series
effectively renames a few preexistent build flags, such as
"HTTP_BOOT_ENABLE" to "NETWORK_HTTP_BOOT_ENABLE", "TLS_ENABLE" to
"NETWORK_TLS_ENABLE", and so on.
- Please grep the edk2 source tree for the original (disappearing)
flags, and update them as necessary, not just in DSC/FDF files, but also
in documentation. For example, "HTTP_BOOT_ENABLE" and "TLS_ENABLE" are
mentioned in "OvmfPkg/README".
- Please also grep the edk2 Wiki for the same (clone it locally and then
run "git grep"). For example, the
"Testing-SMM-with-QEMU,-KVM-and-libvirt.md" article also refers to
HTTP_BOOT_ENABLE and TLS_ENABLE.
- It is likely a good idea to list this change (that is,
), under
.
I see that #1278 is listed already, but the build flag renaming is an
incompatible change, and it deserves a mention.
Thanks!
Laszlo
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 1/6] NetworkPkg: Add DSC/FDF include segment files to NetworkPkg.
On 11/21/18 06:28, Fu Siyuan wrote:
> The "Network.dsc.inc" and "Network.fdf.inc" are added for platform owner to
> easily enable/disable network stack support on their platform, by adding
> !include NetworkPkg/Network.dsc.inc
> and
> !include NetworkPkg/Network.fdf.inc
> to their platform DSC/FDF files.
>
> A set of flags can be changed before the include line or in build command
> line ("-D FLAG=VALUE") to enable or disable related feature set.
>
> The default value of these flags are:
> DEFINE NETWORK_ENABLE = TRUE
> DEFINE NETWORK_SNP_ENABLE = TRUE
> DEFINE NETWORK_IP4_ENABLE = TRUE
> DEFINE NETWORK_IP6_ENABLE = TRUE
> DEFINE NETWORK_TLS_ENABLE = TRUE
> DEFINE NETWORK_HTTP_BOOT_ENABLE = TRUE
> DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
> DEFINE NETWORK_IPSEC_ENABLE = TRUE
> DEFINE NETWORK_ISCSI_ENABLE = TRUE
> DEFINE NETWORK_VLAN_ENABLE = TRUE
(1) This table is inconsistent with regard to alignment. In some cases,
there are attempts to align the equal signs, and the assigned values
(such as NETWORK_ENABLE and NETWORK_ALLOW_HTTP_CONNECTIONS), however, as
a whole, the table is inconsistent. Please align all the equal signs and
the assigned values to the longest macro name, namely
NETWORK_ALLOW_HTTP_CONNECTIONS.
> Detail description of each flag is in Network.dsc.inc file.
>
> Related BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1293
>
> Cc: Jiaxin Wu
> Cc: Ting Ye
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Fu Siyuan
> ---
> NetworkPkg/Network.dsc.inc | 203
> NetworkPkg/Network.fdf.inc | 81
> 2 files changed, 284 insertions(+)
>
> diff --git a/NetworkPkg/Network.dsc.inc b/NetworkPkg/Network.dsc.inc
> new file mode 100644
> index ..50cf93ba816a
> --- /dev/null
> +++ b/NetworkPkg/Network.dsc.inc
> @@ -0,0 +1,203 @@
> +## @file
> +# Network DSC include file for All Architectures.
> +#
> +# This file can be included to a platform DSC by using "!include
> NetworkPkg/Network.dsc.inc"
> +# to add edk2 network stack drivers.
> +# Below flags can be changed on the command line to enable or disable
> related feature
> +# support.
> +# -D FLAG=VALUE
> +# The default value of these flags are:
> +# DEFINE NETWORK_ENABLE = TRUE
> +# DEFINE NETWORK_SNP_ENABLE = TRUE
> +# DEFINE NETWORK_IP4_ENABLE = TRUE
> +# DEFINE NETWORK_IP6_ENABLE = TRUE
> +# DEFINE NETWORK_TLS_ENABLE = TRUE
> +# DEFINE NETWORK_HTTP_BOOT_ENABLE = TRUE
> +# DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
> +# DEFINE NETWORK_IPSEC_ENABLE = TRUE
> +# DEFINE NETWORK_ISCSI_ENABLE = TRUE
> +# DEFINE NETWORK_VLAN_ENABLE = TRUE
(2) Same as (1).
> +#
> +# Copyright (c) 2018, Intel Corporation. All rights reserved.
> +#
> +#This program and the accompanying materials
> +#are licensed and made available under the terms and conditions of the
> BSD License
> +#which accompanies this distribution. The full text of the license may
> be found at
> +#http://opensource.org/licenses/bsd-license.php
> +#
> +#THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +#WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
> IMPLIED.
> +#
> +##
> +
> +[Defines]
> +!ifndef NETWORK_ENABLE
> + #
> + # This flag is to enable or disable the whole network stack.
> + # These can be changed on the command line.
> + # -D FLAG=VALUE
(3) I suggest dropping the statement "These can be changed on the
command line".
I also suggest dropping the generic "-D FLAG=VALUE" line.
Both of those apply to all settings, and they are well explained in the
general description near the top.
> + #
> + DEFINE NETWORK_ENABLE = TRUE
> +!endif
> +
> +!ifndef NETWORK_SNP_ENABLE
> + #
> + # This flag is to include the common SNP driver or not.
> + # These can be changed on the command line.
> + # -D FLAG=VALUE
> + #
> + DEFINE NETWORK_SNP_ENABLE = TRUE
> +!endif
> +
> +!ifndef NETWORK_IP4_ENABLE
> + #
> + # This flag is to enable or disable IPv4 network stack.
> + # These can be changed on the command line.
> + # -D FLAG=VALUE
> + #
> + DEFINE NETWORK_IP4_ENABLE = TRUE
> +!endif
> +
> +!ifndef NETWORK_IP6_ENABLE
> + #
> + # This flag is to enable or disable IPv6 network stack.
> + # These can be changed on the command line.
> + # -D FLAG=VALUE
> + #
> + DEFINE NETWORK_IP6_ENABLE = TRUE
> +!endif
> +
> +!ifndef NETWORK_TLS_ENABLE
> + #
> + # This flag is to enable or disable TLS feature.
> + # These can be changed on the command line.
> + # -D FLAG=VALUE
> + #
> + # Note: TLS feature highly depends on the OpenSSL building. To enable this
> + # feature, please follow the instructions found in the file
> "Patch-HOWTO.txt"
(4) The file is now called "OpenSSL-HOWTO.txt".
(5) Please strip all space characters directly preceding CRLFs. (There
are multiple instances in this patch.)
> + # located in CryptoPkg\Library\OpensslLib to enable
[edk2] [PATCH 1/6] NetworkPkg: Add DSC/FDF include segment files to NetworkPkg.
The "Network.dsc.inc" and "Network.fdf.inc" are added for platform owner to
easily enable/disable network stack support on their platform, by adding
!include NetworkPkg/Network.dsc.inc
and
!include NetworkPkg/Network.fdf.inc
to their platform DSC/FDF files.
A set of flags can be changed before the include line or in build command
line ("-D FLAG=VALUE") to enable or disable related feature set.
The default value of these flags are:
DEFINE NETWORK_ENABLE = TRUE
DEFINE NETWORK_SNP_ENABLE = TRUE
DEFINE NETWORK_IP4_ENABLE = TRUE
DEFINE NETWORK_IP6_ENABLE = TRUE
DEFINE NETWORK_TLS_ENABLE = TRUE
DEFINE NETWORK_HTTP_BOOT_ENABLE = TRUE
DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
DEFINE NETWORK_IPSEC_ENABLE = TRUE
DEFINE NETWORK_ISCSI_ENABLE = TRUE
DEFINE NETWORK_VLAN_ENABLE = TRUE
Detail description of each flag is in Network.dsc.inc file.
Related BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1293
Cc: Jiaxin Wu
Cc: Ting Ye
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Fu Siyuan
---
NetworkPkg/Network.dsc.inc | 203
NetworkPkg/Network.fdf.inc | 81
2 files changed, 284 insertions(+)
diff --git a/NetworkPkg/Network.dsc.inc b/NetworkPkg/Network.dsc.inc
new file mode 100644
index ..50cf93ba816a
--- /dev/null
+++ b/NetworkPkg/Network.dsc.inc
@@ -0,0 +1,203 @@
+## @file
+# Network DSC include file for All Architectures.
+#
+# This file can be included to a platform DSC by using "!include
NetworkPkg/Network.dsc.inc"
+# to add edk2 network stack drivers.
+# Below flags can be changed on the command line to enable or disable related
feature
+# support.
+# -D FLAG=VALUE
+# The default value of these flags are:
+# DEFINE NETWORK_ENABLE = TRUE
+# DEFINE NETWORK_SNP_ENABLE = TRUE
+# DEFINE NETWORK_IP4_ENABLE = TRUE
+# DEFINE NETWORK_IP6_ENABLE = TRUE
+# DEFINE NETWORK_TLS_ENABLE = TRUE
+# DEFINE NETWORK_HTTP_BOOT_ENABLE = TRUE
+# DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
+# DEFINE NETWORK_IPSEC_ENABLE = TRUE
+# DEFINE NETWORK_ISCSI_ENABLE = TRUE
+# DEFINE NETWORK_VLAN_ENABLE = TRUE
+#
+# Copyright (c) 2018, Intel Corporation. All rights reserved.
+#
+#This program and the accompanying materials
+#are licensed and made available under the terms and conditions of the BSD
License
+#which accompanies this distribution. The full text of the license may be
found at
+#http://opensource.org/licenses/bsd-license.php
+#
+#THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
IMPLIED.
+#
+##
+
+[Defines]
+!ifndef NETWORK_ENABLE
+ #
+ # This flag is to enable or disable the whole network stack.
+ # These can be changed on the command line.
+ # -D FLAG=VALUE
+ #
+ DEFINE NETWORK_ENABLE = TRUE
+!endif
+
+!ifndef NETWORK_SNP_ENABLE
+ #
+ # This flag is to include the common SNP driver or not.
+ # These can be changed on the command line.
+ # -D FLAG=VALUE
+ #
+ DEFINE NETWORK_SNP_ENABLE = TRUE
+!endif
+
+!ifndef NETWORK_IP4_ENABLE
+ #
+ # This flag is to enable or disable IPv4 network stack.
+ # These can be changed on the command line.
+ # -D FLAG=VALUE
+ #
+ DEFINE NETWORK_IP4_ENABLE = TRUE
+!endif
+
+!ifndef NETWORK_IP6_ENABLE
+ #
+ # This flag is to enable or disable IPv6 network stack.
+ # These can be changed on the command line.
+ # -D FLAG=VALUE
+ #
+ DEFINE NETWORK_IP6_ENABLE = TRUE
+!endif
+
+!ifndef NETWORK_TLS_ENABLE
+ #
+ # This flag is to enable or disable TLS feature.
+ # These can be changed on the command line.
+ # -D FLAG=VALUE
+ #
+ # Note: TLS feature highly depends on the OpenSSL building. To enable this
+ # feature, please follow the instructions found in the file
"Patch-HOWTO.txt"
+ # located in CryptoPkg\Library\OpensslLib to enable the OpenSSL
building first.
+ #
+ DEFINE NETWORK_TLS_ENABLE = TRUE
+!endif
+
+!ifndef NETWORK_HTTP_BOOT_ENABLE
+ #
+ # This flag is to enable or disable HTTP(s) boot feature.
+ # These can be changed on the command line.
+ # -D FLAG=VALUE
+ #
+ DEFINE NETWORK_HTTP_BOOT_ENABLE = TRUE
+!endif
+
+!ifndef NETWORK_ALLOW_HTTP_CONNECTIONS
+ #
+ # Indicates whether HTTP connections (i.e., unsecured) are permitted or not.
+ # -D FLAG=VALUE
+ #
+ # Note: If NETWORK_ALLOW_HTTP_CONNECTIONS is TRUE, HTTP connections are
allowed.
+ # Both the "https://; and "http://; URI schemes are permitted.
Otherwise, HTTP
+ # connections are denied. Only the "https://; URI scheme is permitted.
+ #
+ DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
+!endif
+
+!ifndef NETWORK_IPSEC_ENABLE
+ #
+ # This flag is to enable or disable IPsec feature.
+ # These can be changed on the command line.
+ # -D FLAG=VALUE
+ #
+ DEFINE NETWORK_IPSEC_ENABLE = TRUE
+!endif
+
+!ifndef NETWORK_ISCSI_ENABLE
+ #
+ # This flag is to enable or disable iSCSI feature.
+ # These can be
