1fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff/** @file 2fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff EFI IPSEC Protocol Definition 3fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff The EFI_IPSEC_PROTOCOL is used to abstract the ability to deal with the individual 4705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang packets sent and received by the host and provide packet-level security for IP 5705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang datagram. 6705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang The EFI_IPSEC2_PROTOCOL is used to abstract the ability to deal with the individual 7705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang packets sent and received by the host and provide packet-level security for IP 8705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang datagram. In addition, it supports the Option (extension header) processing in 9705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang IPsec which doesn't support in EFI_IPSEC_PROTOCOL. It is also recommended to 10705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang use EFI_IPSEC2_PROTOCOL instead of EFI_IPSEC_PROTOCOL especially for IPsec Tunnel 11705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang Mode. 12fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff 139df063a06aef048c042498e2f542fb693e93493ahhtian Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> 149df063a06aef048c042498e2f542fb693e93493ahhtian This program and the accompanying materials 15fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff are licensed and made available under the terms and conditions of the BSD License 16fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff which accompanies this distribution. The full text of the license may be found at 17fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff http://opensource.org/licenses/bsd-license.php 18fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff 19fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 20fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 21fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff 22fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff @par Revision Reference: 236361c6d50c69d8d5b27fb0459546aff102e92147qianouyang The EFI_IPSEC2_PROTOCOL is introduced in UEFI Specification 2.3D. 24fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff 25fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff**/ 26fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff 27fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff#ifndef __EFI_IPSEC_PROTOCOL_H__ 28fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff#define __EFI_IPSEC_PROTOCOL_H__ 29fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff 30fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff#include <Protocol/IpSecConfig.h> 31fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff 32fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff#define EFI_IPSEC_PROTOCOL_GUID \ 33fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff { \ 34fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff 0xdfb386f7, 0xe100, 0x43ad, {0x9c, 0x9a, 0xed, 0x90, 0xd0, 0x8a, 0x5e, 0x12 } \ 35fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff } 36fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff 37705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang#define EFI_IPSEC2_PROTOCOL_GUID \ 38705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang { \ 39705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang 0xa3979e64, 0xace8, 0x4ddc, {0xbc, 0x7, 0x4d, 0x66, 0xb8, 0xfd, 0x9, 0x77 } \ 40705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang } 41705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang 42fa05b97b8f75a1598f198db08d380b45a0f2f651vanjefftypedef struct _EFI_IPSEC_PROTOCOL EFI_IPSEC_PROTOCOL; 43705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyangtypedef struct _EFI_IPSEC2_PROTOCOL EFI_IPSEC2_PROTOCOL; 44fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff 45fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff/// 46fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff/// EFI_IPSEC_FRAGMENT_DATA 47fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff/// defines the instances of packet fragments. 48fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff/// 49fa05b97b8f75a1598f198db08d380b45a0f2f651vanjefftypedef struct _EFI_IPSEC_FRAGMENT_DATA { 50fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff UINT32 FragmentLength; 51fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff VOID *FragmentBuffer; 52fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff} EFI_IPSEC_FRAGMENT_DATA; 53fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff 54fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff 55fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff/** 56fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff Handles IPsec packet processing for inbound and outbound IP packets. 57fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff 58fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff The EFI_IPSEC_PROCESS process routine handles each inbound or outbound packet. 59fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff The behavior is that it can perform one of the following actions: 60fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff bypass the packet, discard the packet, or protect the packet. 61fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff 62fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff @param[in] This Pointer to the EFI_IPSEC_PROTOCOL instance. 63fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff @param[in] NicHandle Instance of the network interface. 64fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff @param[in] IpVer IPV4 or IPV6. 65fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff @param[in, out] IpHead Pointer to the IP Header. 66fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff @param[in] LastHead The protocol of the next layer to be processed by IPsec. 67fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff @param[in] OptionsBuffer Pointer to the options buffer. 68fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff @param[in] OptionsLength Length of the options buffer. 69fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff @param[in, out] FragmentTable Pointer to a list of fragments. 70fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff @param[in] FragmentCount Number of fragments. 71fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff @param[in] TrafficDirection Traffic direction. 72fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff @param[out] RecycleSignal Event for recycling of resources. 73fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff 74fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff @retval EFI_SUCCESS The packet was bypassed and all buffers remain the same. 75fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff @retval EFI_SUCCESS The packet was protected. 76fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff @retval EFI_ACCESS_DENIED The packet was discarded. 77fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff 78fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff**/ 79fa05b97b8f75a1598f198db08d380b45a0f2f651vanjefftypedef 80fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeffEFI_STATUS 81a1749b8045b49350c60b443b38345de02f00176eqhuang(EFIAPI *EFI_IPSEC_PROCESS)( 82fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff IN EFI_IPSEC_PROTOCOL *This, 83fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff IN EFI_HANDLE NicHandle, 84fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff IN UINT8 IpVer, 85fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff IN OUT VOID *IpHead, 86fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff IN UINT8 *LastHead, 87fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff IN VOID *OptionsBuffer, 88fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff IN UINT32 OptionsLength, 89fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, 90fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff IN UINT32 *FragmentCount, 91fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection, 92fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff OUT EFI_EVENT *RecycleSignal 93fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff ); 94fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff 95fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff/// 96fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff/// EFI_IPSEC_PROTOCOL 97fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff/// provides the ability for securing IP communications by authenticating 98fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff/// and/or encrypting each IP packet in a data stream. 99fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff// EFI_IPSEC_PROTOCOL can be consumed by both the IPv4 and IPv6 stack. 100fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff// A user can employ this protocol for IPsec package handling in both IPv4 101fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff// and IPv6 environment. 102fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff/// 103fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeffstruct _EFI_IPSEC_PROTOCOL { 104fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff EFI_IPSEC_PROCESS Process; ///< Handle the IPsec message. 105fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff EFI_EVENT DisabledEvent; ///< Event signaled when the interface is disabled. 106fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff BOOLEAN DisabledFlag; ///< State of the interface. 107fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff}; 108fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff 109705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang/** 110705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang Handles IPsec processing for both inbound and outbound IP packets. Compare with 111705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang Process() in EFI_IPSEC_PROTOCOL, this interface has the capability to process 112705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang Option(Extension Header). 113705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang 114705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang The EFI_IPSEC2_PROCESS process routine handles each inbound or outbound packet. 115705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang The behavior is that it can perform one of the following actions: 116705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang bypass the packet, discard the packet, or protect the packet. 117705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang 118705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang @param[in] This Pointer to the EFI_IPSEC2_PROTOCOL instance. 119705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang @param[in] NicHandle Instance of the network interface. 120705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang @param[in] IpVer IP version.IPv4 or IPv6. 121705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang @param[in, out] IpHead Pointer to the IP Header it is either 122705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang the EFI_IP4_HEADER or EFI_IP6_HEADER. 123705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang On input, it contains the IP header. 124705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang On output, 1) in tunnel mode and the 125705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang traffic direction is inbound, the buffer 126705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang will be reset to zero by IPsec; 2) in 127705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang tunnel mode and the traffic direction 128705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang is outbound, the buffer will reset to 129705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang be the tunnel IP header.3) in transport 130705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang mode, the related fielders (like payload 131705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang length, Next header) in IP header will 132705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang be modified according to the condition. 133705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang @param[in, out] LastHead For IP4, it is the next protocol in IP 134705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang header. For IP6 it is the Next Header 135705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang of the last extension header. 136705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang @param[in, out] OptionsBuffer On input, it contains the options 137705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang (extensions header) to be processed by 138705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang IPsec. On output, 1) in tunnel mode and 139705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang the traffic direction is outbound, it 140705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang will be set to NULL, and that means this 141705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang contents was wrapped after inner header 142705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang and should not be concatenated after 143705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang tunnel header again; 2) in transport 144705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang mode and the traffic direction is inbound, 145705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang if there are IP options (extension headers) 146705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang protected by IPsec, IPsec will concatenate 147705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang the those options after the input options 148705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang (extension headers); 3) on other situations, 149705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang the output of contents of OptionsBuffer 150705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang might be same with input's. The caller 151705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang should take the responsibility to free 152705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang the buffer both on input and on output. 153705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang @param[in, out] OptionsLength On input, the input length of the options 154705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang buffer. On output, the output length of 155705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang the options buffer. 156705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang @param[in, out] FragmentTable Pointer to a list of fragments. On input, 157705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang these fragments contain the IP payload. 158705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang On output, 1) in tunnel mode and the traffic 159705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang direction is inbound, the fragments contain 160705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang the whole IP payload which is from the 161705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang IP inner header to the last byte of the 162705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang packet; 2) in tunnel mode and the traffic 163705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang direction is the outbound, the fragments 164705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang contains the whole encapsulated payload 165705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang which encapsulates the whole IP payload 166705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang between the encapsulated header and 167705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang encapsulated trailer fields. 3) in transport 168705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang mode and the traffic direction is inbound, 169705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang the fragments contains the IP payload 170705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang which is from the next layer protocol to 171705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang the last byte of the packet; 4) in transport 172705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang mode and the traffic direction is outbound, 173705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang the fragments contains the whole encapsulated 174705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang payload which encapsulates the next layer 175705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang protocol information between the encapsulated 176705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang header and encapsulated trailer fields. 177705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang @param[in, out] FragmentCount Number of fragments. 178705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang @param[in] TrafficDirection Traffic direction. 179705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang @param[out] RecycleSignal Event for recycling of resources. 180705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang 181705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang @retval EFI_SUCCESS The packet was processed by IPsec successfully. 182705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang @retval EFI_ACCESS_DENIED The packet was discarded. 183705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang @retval EFI_NOT_READY The IKE negotiation is invoked and the packet 184705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang was discarded. 185705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang @retval EFI_INVALID_PARAMETER One or more of following are TRUE: 186705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang If OptionsBuffer is NULL; 187705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang If OptionsLength is NULL; 188705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang If FragmentTable is NULL; 189705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang If FragmentCount is NULL. 190705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang 191705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang**/ 192705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyangtypedef 193705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyangEFI_STATUS 194705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang(EFIAPI *EFI_IPSEC_PROCESSEXT) ( 195705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang IN EFI_IPSEC2_PROTOCOL *This, 196705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang IN EFI_HANDLE NicHandle, 197705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang IN UINT8 IpVer, 198705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang IN OUT VOID *IpHead, 199705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang IN OUT UINT8 *LastHead, 200705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang IN OUT VOID **OptionsBuffer, 201705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang IN OUT UINT32 *OptionsLength, 202705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, 203705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang IN OUT UINT32 *FragmentCount, 204705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection, 205705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang OUT EFI_EVENT *RecycleSignal 206705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang ); 207fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff 208705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang/// 209705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang/// EFI_IPSEC2_PROTOCOL 210705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang/// supports the Option (extension header) processing in IPsec which doesn't support 211705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang/// in EFI_IPSEC_PROTOCOL. It is also recommended to use EFI_IPSEC2_PROTOCOL instead 212705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang/// of EFI_IPSEC_PROTOCOL especially for IPsec Tunnel Mode. 213705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang/// provides the ability for securing IP communications by authenticating and/or 214705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang/// encrypting each IP packet in a data stream. 215705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang/// 216705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyangstruct _EFI_IPSEC2_PROTOCOL { 217705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyangEFI_IPSEC_PROCESSEXT ProcessExt; 218705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyangEFI_EVENT DisabledEvent; 219705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyangBOOLEAN DisabledFlag; 220705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang}; 221705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyang 222705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyangextern EFI_GUID gEfiIpSecProtocolGuid; 223705f53a9b49e7ee3d1ca4bcc7133534ed64590dcqianouyangextern EFI_GUID gEfiIpSec2ProtocolGuid; 224fa05b97b8f75a1598f198db08d380b45a0f2f651vanjeff#endif 225