Fork: 0
ajax / AMI-Aptio-BIOS-Reversed
Transfer to URL with SHA Find file
Newer
Older
AMI-Aptio-BIOS-Reversed / Ip6Dxe / Ip6Dxe.md
@Ajax Dong Ajax Dong 2 days ago 8 KB Init
Raw Blame History

Ip6Dxe Module

Overview

IPv6 Network Stack DXE Driver from AmiNetworkPkg/UefiNetworkStack/Ipv6/Ip6Dxe/.
Implements EFI_IP6_SERVICE_BINDING_PROTOCOL, EFI_IP6_PROTOCOL, EFI_IP6_CONFIG_PROTOCOL,
and EFI_HII_CONFIG_ACCESS_PROTOCOL. Provides IPv6 networking including Neighbor Discovery
(RFC 4861), MLDv1/v2 (RFC 3810), packet fragmentation, and HII-based configuration forms.

Address Range

0x2C0 - 0x17440 (315 functions, ~92KB .text)

Key Functions

Address Name Purpose
0x548 _ModuleEntryPoint UEFI driver entry point
0x5C4 sub_5C4 Driver library constructor (gST/gBS/gRT init, locate HII/DPC protocols)
0x7D4 sub_7D4 Install driver binding and multiple protocol interfaces
0x94C sub_94C DriverBinding Supported (MNP check)
0xC80 sub_C80 Ip6CreateService (alloc ~4KB IP6_SERVICE struct)
0x9C4 sub_9C4 Ip6DestroyService (cleanup all resources)
0x1160 sub_1160 DriverBinding Start
0x13F0 sub_13F0 DriverBinding Stop
0x1694 sub_1694 Ip6ServiceCreateChild
0x1818 sub_1818 Ip6ServiceDestroyChild
0x1FB8 sub_1FB8 Ip6Output (packet output/transmit/fragment)
0x324C sub_324C Ip6GetModeData
0x3950 sub_3950 Ip6Configure
0x3AE4 sub_3AE4 Ip6Groups
0x3BD0 sub_3BD0 Ip6Routes
0x3D20 sub_3D20 Ip6Neighbors
0x3F4C sub_3F4C Ip6Transmit
0x439C sub_439C Ip6Receive
0x44C4 sub_44C4 Ip6Cancel
0x4684 sub_4684 Ip6Poll
0x7988 sub_7988 Ip6ConfigSetData
0x8770 sub_8770 Ip6ConfigGetData
0x8DD8 sub_8DD8 Ip6ConfigRegisterNotify
0x9078 sub_9078 Ip6ConfigUnregisterNotify
0xAB40 sub_AB40 Timer tick handler (periodic ND/MLD processing)
0x6EC0 sub_6EC0 Receive data processing callback
0x7EB0 sub_7EB0 DPC queue handler
0x8068 sub_8068 DPC packet demux handler
0xFCC0 sub_FCC0 Ip6ConfigNvCallback (HII form callback)
0xEF84 sub_EF84 Ip6ConfigNvExtractConfig
0xF814 sub_F814 Ip6ConfigNvRouteConfig

Entry Points (Public API)

  • 0x548 _ModuleEntryPoint -- Standard UEFI driver entry point. Called by the DXE core on driver load.
  • 0x94C sub_94C -- EFI_DRIVER_BINDING_PROTOCOL.Supported()
  • 0x1160 sub_1160 -- EFI_DRIVER_BINDING_PROTOCOL.Start()
  • 0x13F0 sub_13F0 -- EFI_DRIVER_BINDING_PROTOCOL.Stop()
  • 0x1694 sub_1694 -- EFI_IP6_SERVICE_BINDING_PROTOCOL.CreateChild()
  • 0x1818 sub_1818 -- EFI_IP6_SERVICE_BINDING_PROTOCOL.DestroyChild()
  • 0x324C sub_324C -- EFI_IP6_PROTOCOL.GetModeData()
  • 0x3950 sub_3950 -- EFI_IP6_PROTOCOL.Configure()
  • 0x3AE4 sub_3AE4 -- EFI_IP6_PROTOCOL.Groups()
  • 0x3BD0 sub_3BD0 -- EFI_IP6_PROTOCOL.Routes()
  • 0x3D20 sub_3D20 -- EFI_IP6_PROTOCOL.Neighbors()
  • 0x3F4C sub_3F4C -- EFI_IP6_PROTOCOL.Transmit()
  • 0x439C sub_439C -- EFI_IP6_PROTOCOL.Receive()
  • 0x44C4 sub_44C4 -- EFI_IP6_PROTOCOL.Cancel()
  • 0x4684 sub_4684 -- EFI_IP6_PROTOCOL.Poll()
  • 0x7988 sub_7988 -- EFI_IP6_CONFIG_PROTOCOL.SetData()
  • 0x8770 sub_8770 -- EFI_IP6_CONFIG_PROTOCOL.GetData()
  • 0x8DD8 sub_8DD8 -- EFI_IP6_CONFIG_PROTOCOL.RegisterNotify()
  • 0x9078 sub_9078 -- EFI_IP6_CONFIG_PROTOCOL.UnregisterNotify()
  • 0xEF84 sub_EF84 -- EFI_HII_CONFIG_ACCESS_PROTOCOL.ExtractConfig()
  • 0xF814 sub_F814 -- EFI_HII_CONFIG_ACCESS_PROTOCOL.RouteConfig()
  • 0xFCC0 sub_FCC0 -- EFI_HII_CONFIG_ACCESS_PROTOCOL.Callback()

Protocol GUIDs

GUID Name Used At
{18A031AB-B443-4D1A-A5C0-0C09261E9F71} gEfiIp6ProtocolGuid 0x1BCF8
{107A772C-D5E1-11D4-9A46-0090273FC14D} gEfiIp6ConfigProtocolGuid 0x1BD28
{2C8759D5-5C2D-66EF-925F-B66C101957E2} gEfiIp6ServiceBindingProtocolGuid 0x1BD18
{F44C00EE-1F2C-4A00-AA09-1C9F3E0800A3} gEfiManagedNetworkProtocolGuid 0x1BD08
{F36FF770-A7E1-42CF-9ED2-56F0F271F44C} gEfiManagedNetworkServiceBindingProtocolGuid 0x1BCD8
{0FD96974-23AA-4CDC-B9CB-98D17750322A} gEfiHiiDatabaseProtocolGuid 0x1BC88
{EF9FC172-A1B2-4693-B327-6D32FC416042} gEfiHiiStringProtocolGuid 0x1BC68
{587E72D7-CC50-4F79-8209-CA291FC1A10F} gEfiHiiConfigRoutingProtocolGuid 0x1BC48
{31A6406A-6BDF-4E46-B2A2-EBAA89C40920} gEfiHiiImageProtocolGuid (presumed) 0x1BC58

IP6 Service Instance (Ip6Sb, ~4KB)

Signature: 'IP6S' = 0x53364950

Estimated layout:
Offset | Size | Field |
--------|------|-------|
+0 | 4 | Signature (0x53364950) |
+32 | 8 | Driver binding handle (controller) |
+40 | 8 | MNP handle |
+72 | 8 | Default interface (IpIf) |
+80 | 8 | MNP protocol pointer |
+88 | 8 | Configured flag |
+96 (0x60) | 8 | MNP child handle |
+104 (0x68) | 8 | MNP service binding protocol |
+136 (0x88) | ~16 | Timer event |
+264 (0x108) | 8 | Ip6Config instance |
+296 (0x128) | 4 | Address count |
+300 (0x12C) | 52 | Station address config |
+2192 (0x890) | 16 | Link-local address |
+2208 (0x8A0) | 1 | Configured flag |
+2209 (0x8A1) | 1 | Destroying flag |
+4184 (0x1058) | 4 | Interface count |

Global Variables (.data segment)

Address Name Purpose
0x1C160 byte_1C160 Driver unloaded flag
0x1C168 qword_1C168 Driver binding handle (unload)
0x1C170 qword_1C170 Host name list from NetworkStackVar
0x1C178 SystemTable gST pointer
0x1C180 BootServices gBS pointer
0x1C188 ImageHandle gImageHandle pointer
0x1C190 RuntimeServices gRT pointer
0x1C1A0 qword_1C1A0 HOB list pointer (sub_13EF0)
0x1C1A8 qword_1C1A8 gHiiConfigRouting
0x1C1B0 qword_1C1B0 gHiiDatabase
0x1C1B8 unk_1C1B8 gHiiImage (presumed)
0x1C1C0 unk_1C1C0 gHiiString
0x1C1C8 qword_1C1C8 HII-related pointer
0x1C1D8 n3 CMOS debug level byte
0x1C1E0 qword_1C1E0 gDpc protocol
0x1BDA8 ImageHandle_0 First driver binding handle
0x1BDB0 ImageHandle_1 Second driver binding handle

Calling Patterns

  1. Driver Loading: _ModuleEntryPoint (0x548) -> sub_5C4 (init globals, locate HII) -> sub_7D4 (install protocols)
  2. Driver Start: sub_94C (Supported: MNP check) -> sub_1160 (Start) -> sub_C80 (CreateService) -> sub_7EB0 (open MNP) -> sub_9CA0 (init config) -> sub_AB40 (start timer)
  3. Transmit: sub_3F4C (IP6 Transmit) -> sub_1FB8 (Output: route lookup, fragment) -> sub_1B40 (source addr selection) -> MNP transmit
  4. Receive: MNP callback -> sub_6EC0 (demux: ICMPv6->ND, else->IP layer) -> sub_439C (IP6 Receive)
  5. Timer Tick: sub_AB40 -> ND retransmission, neighbor reachability probing, DAD
  6. HII Config: sub_FCC0 (Callback) -> process data types (InterfaceID, HostAddress, Gateway, DNS, Route) -> sub_7988 (SetData)
  7. Cleanup: sub_9C4 (DestroyService) -> stop timers, close MNP, flush lists, free children

Dependencies

Consumed (calls out)

  • MnpDxe: EFI_MANAGED_NETWORK_PROTOCOL, EFI_MANAGED_NETWORK_SERVICE_BINDING_PROTOCOL
  • HII protocols: gEfiHiiDatabase, gEfiHiiString, gEfiHiiConfigRouting, gEfiHiiImage
  • UEFI Boot Services: AllocatePool/FreePool, CreateEvent/SetTimer/CloseEvent, OpenProtocol/CloseProtocol, LocateProtocol/LocateHandleBuffer, InstallMultipleProtocolInterfaces
  • UEFI Runtime Services: GetVariable (NetworkStackVar)
  • DxeNetLib: NET_BUF management, IP helper functions
  • HII Lib: String/config/forms utilities
  • DPC Lib: Deferred procedure calls for receive path

Consumed By (other modules call this)

  • Udp6Dxe: Uses gEfiIp6ProtocolGuid and gEfiIp6ServiceBindingProtocolGuid
  • Dhcp6Dxe: Uses IP6 for DHCPv6 communication
  • HttpBootDxe: Uses IP6 for HTTP boot
  • DnsDxe: Uses IP6 for DNS over IPv6
  • TcpDxe: Uses IP6 for TCP over IPv6 (through Udp6Dxe)

Source File Mapping (from debug strings)

Source File Address Range
Ip6Driver.c 0x94C - 0x1A28
Ip6Output.c 0x1A28 - 0x2B54
Ip6Common.c 0x2C04 - 0x38A4, 0xD1A4 - 0xDA30
Ip6Impl.c 0x324C - 0x4724
Ip6Nd.c 0x47B0 - 0x6DE4
Ip6Mld.c 0xACAC - 0xBA98
Ip6ConfigImpl.c 0x7988 - 0x9D20
Ip6ConfigNv.c 0xE7E0 - 0x10484

Notes

  • Uses AMI-specific "NetworkStackVar" UEFI variable to enable/disable IPv6 stack
  • All protocol interfaces installed via InstallMultipleProtocolInterfaces in sub_7D4
  • No import table -- all bindings resolved via UEFI protocol database at runtime
  • Driver references source path e:\hs\ suggesting build host path
  • Config data types include: InterfaceID (257), HostAddress (258), Gateway (259), DNS (260), Route (261), Policy (262), DAD (263)
  • Timer tick at 500ms drives ND retransmission, neighbor reachability probing, DAD