Reviewed-by: Ye Ting <ting...@intel.com> -----Original Message----- From: Wu, Jiaxin Sent: Thursday, August 13, 2015 10:10 PM To: edk2-devel@lists.01.org Cc: Ye, Ting Subject: [Patch] NetworkPkg: Fix hang issue after system reconnected when IPSec has set up
IpSecStop() is incompetent to send out the delete information since the underlying IP child has been destroyed. Delete all established IKE SAs and related Child SAs directly. Cc: Ye Ting <ting...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin...@intel.com> --- NetworkPkg/IpSecDxe/IkeService.c | 1 - NetworkPkg/IpSecDxe/IkeService.h | 3 ++- NetworkPkg/IpSecDxe/Ikev2/Exchange.c | 6 +++--- NetworkPkg/IpSecDxe/Ikev2/Utility.c | 6 ++---- NetworkPkg/IpSecDxe/IpSecDriver.c | 25 +++++++++++++++++++++++-- 5 files changed, 30 insertions(+), 11 deletions(-) diff --git a/NetworkPkg/IpSecDxe/IkeService.c b/NetworkPkg/IpSecDxe/IkeService.c index 6594963..d857196 100644 --- a/NetworkPkg/IpSecDxe/IkeService.c +++ b/NetworkPkg/IpSecDxe/IkeService.c @@ -13,11 +13,10 @@ **/ #include "IkeService.h" #include "IpSecConfigImpl.h" -#include "Ikev2/Utility.h" IKE_EXCHANGE_INTERFACE *mIkeExchange[] = { &mIkev1Exchange, &mIkev2Exchange }; diff --git a/NetworkPkg/IpSecDxe/IkeService.h b/NetworkPkg/IpSecDxe/IkeService.h index 3ebd179..0e05dfe 100644 --- a/NetworkPkg/IpSecDxe/IkeService.h +++ b/NetworkPkg/IpSecDxe/IkeService.h @@ -1,9 +1,9 @@ /** @file Prototypes definitions of IKE service. - Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR> + Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR> This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php. @@ -17,10 +17,11 @@ #define _IKE_SERVICE_H_ #include "Ike.h" #include "IpSecImpl.h" #include "IkeCommon.h" +#include "Ikev2/Utility.h" #define IPSEC_CRYPTO_LIB_MEMORY 128 * 1024 /** This is prototype definition of general interface to intialize a IKE negotiation. diff --git a/NetworkPkg/IpSecDxe/Ikev2/Exchange.c b/NetworkPkg/IpSecDxe/Ikev2/Exchange.c index 37f9667..9d58ab0 100644 --- a/NetworkPkg/IpSecDxe/Ikev2/Exchange.c +++ b/NetworkPkg/IpSecDxe/Ikev2/Exchange.c @@ -1,9 +1,9 @@ /** @file The general interfaces of the IKEv2. - Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR> + Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR> This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php. @@ -328,11 +328,11 @@ Ikev2NegotiateInfo ( } // // Send out the Packet // - if (UdpService != NULL) { + if (UdpService != NULL && UdpService->Output != NULL) { Status = Ikev2SendIkePacket (UdpService, (UINT8 *) SaCommon, IkePacket, 0); if (EFI_ERROR (Status)) { goto ON_ERROR; } @@ -355,11 +355,11 @@ Ikev2NegotiateInfo ( } // // Send out the Packet // - if (UdpService != NULL) { + if (UdpService != NULL && UdpService->Output != NULL) { Status = Ikev2SendIkePacket (UdpService, (UINT8 *) &ChildSaSession->SessionCommon, IkePacket, 0); if (EFI_ERROR (Status)) { goto ON_ERROR; } diff --git a/NetworkPkg/IpSecDxe/Ikev2/Utility.c b/NetworkPkg/IpSecDxe/Ikev2/Utility.c index 8769850..16be09e 100644 --- a/NetworkPkg/IpSecDxe/Ikev2/Utility.c +++ b/NetworkPkg/IpSecDxe/Ikev2/Utility.c @@ -1,10 +1,10 @@ /** @file The Common operations used by IKE Exchange Process. (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR> - Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR> + Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR> This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php. @@ -889,13 +889,11 @@ Ikev2ChildSaSilentDelete ( ChildSession = NULL; LocalSelector = NULL; RemoteSelector = NULL; UdpService = IkeSaSession->SessionCommon.UdpService; - Private = (UdpService->IpVersion == IP_VERSION_4) ? - IPSEC_PRIVATE_DATA_FROM_UDP4LIST(UdpService->ListHead) : - IPSEC_PRIVATE_DATA_FROM_UDP6LIST(UdpService->ListHead); + Private = IkeSaSession->SessionCommon.Private; // // Remove the Established SA from ChildSaEstablishlist. // ChildSession = Ikev2ChildSaSessionRemove( diff --git a/NetworkPkg/IpSecDxe/IpSecDriver.c b/NetworkPkg/IpSecDxe/IpSecDriver.c index 454d218..d8282b5 100644 --- a/NetworkPkg/IpSecDxe/IpSecDriver.c +++ b/NetworkPkg/IpSecDxe/IpSecDriver.c @@ -1,9 +1,9 @@ /** @file Driver Binding Protocol for IPsec Driver. - Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR> + Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR> This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php. @@ -176,10 +176,11 @@ IpSecStop ( EFI_STATUS Status; IPSEC_PRIVATE_DATA *Private; IKE_UDP_SERVICE *UdpSrv; LIST_ENTRY *Entry; LIST_ENTRY *Next; + IKEV2_SA_SESSION *Ikev2SaSession; // // Locate ipsec protocol to get private data. // Status = gBS->LocateProtocol (&gEfiIpSec2ProtocolGuid, NULL, (VOID **) &IpSec); @@ -194,11 +195,31 @@ IpSecStop ( // The SAs are shared by both IP4 and IP6 stack. So we skip the cleanup // and leave the SAs unchanged if the other IP stack is still running. // if ((IpVersion == IP_VERSION_4 && Private->Udp6Num ==0) || (IpVersion == IP_VERSION_6 && Private->Udp4Num ==0)) { - IkeDeleteAllSas (Private, FALSE); + // + // If IKEv2 SAs are under establishing, delete it directly. + // + if (!IsListEmpty (&Private->Ikev2SessionList)) { + NET_LIST_FOR_EACH_SAFE (Entry, Next, &Private->Ikev2SessionList) { + Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry); + RemoveEntryList (&Ikev2SaSession->BySessionTable); + Ikev2SaSessionFree (Ikev2SaSession); + } + } + + // + // Delete established IKEv2 SAs. + // + if (!IsListEmpty (&Private->Ikev2EstablishedList)) { + NET_LIST_FOR_EACH_SAFE (Entry, Next, &Private->Ikev2EstablishedList) { + Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry); + RemoveEntryList (&Ikev2SaSession->BySessionTable); + Ikev2SaSessionFree (Ikev2SaSession); + } + } } if (IpVersion == IP_VERSION_4) { // // If has udp4 io opened on the controller, close and free it. -- 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel