5002 	struct necp_kernel_socket_policy *new_kernel_policy = NULL;  in necp_kernel_socket_policy_add()  local
5005 	new_kernel_policy = zalloc_flags(necp_socket_policy_zone, Z_WAITOK | Z_ZERO);  in necp_kernel_socket_policy_add()
5007 	new_kernel_policy->id = necp_kernel_policy_get_new_id(true);  in necp_kernel_socket_policy_add()
5008 	new_kernel_policy->order = order;  in necp_kernel_socket_policy_add()
5009 	new_kernel_policy->session_order = session_order;  in necp_kernel_socket_policy_add()
5010 	new_kernel_policy->session_pid = session_pid;  in necp_kernel_socket_policy_add()
5013 	new_kernel_policy->condition_mask = (condition_mask & NECP_KERNEL_VALID_SOCKET_CONDITIONS);  in necp_kernel_socket_policy_add()
5014 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ALL_INTERFACES) && (new_kernel_poli…  in necp_kernel_socket_policy_add()
5015 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_BOUND_INTERFACE;  in necp_kernel_socket_policy_add()
5017 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ALL_INTERFACES) && (new_kernel_poli…  in necp_kernel_socket_policy_add()
5018 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_BOUND_INTERFACE_FLAGS;  in necp_kernel_socket_policy_add()
5020 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REAL_APP_ID) && !(new_kernel_policy…  in necp_kernel_socket_policy_add()
5021 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_REAL_APP_ID;  in necp_kernel_socket_policy_add()
5023 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) && (new_kernel_policy->c…  in necp_kernel_socket_policy_add()
5024 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_LOCAL_PREFIX;  in necp_kernel_socket_policy_add()
5026 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) && (new_kernel_policy->…  in necp_kernel_socket_policy_add()
5027 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_REMOTE_PREFIX;  in necp_kernel_socket_policy_add()
5029 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_EMPTY) {  in necp_kernel_socket_policy_add()
5030 …new_kernel_policy->condition_mask &= ~(NECP_KERNEL_CONDITION_LOCAL_PREFIX | NECP_KERNEL_CONDITION_…  in necp_kernel_socket_policy_add()
5032 	if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_EMPTY)) {  in necp_kernel_socket_policy_add()
5033 …new_kernel_policy->condition_mask &= ~(NECP_KERNEL_CONDITION_REMOTE_PREFIX | NECP_KERNEL_CONDITION…  in necp_kernel_socket_policy_add()
5035 …new_kernel_policy->condition_negated_mask = condition_negated_mask & new_kernel_policy->condition_…  in necp_kernel_socket_policy_add()
5038 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_APP_ID) {  in necp_kernel_socket_policy_add()
5039 		new_kernel_policy->cond_app_id = cond_app_id;  in necp_kernel_socket_policy_add()
5041 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REAL_APP_ID) {  in necp_kernel_socket_policy_add()
5042 		new_kernel_policy->cond_real_app_id = cond_real_app_id;  in necp_kernel_socket_policy_add()
5044 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_CUSTOM_ENTITLEMENT) {  in necp_kernel_socket_policy_add()
5045 		new_kernel_policy->cond_custom_entitlement = cond_custom_entitlement;  in necp_kernel_socket_policy_add()
5047 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ACCOUNT_ID) {  in necp_kernel_socket_policy_add()
5048 		new_kernel_policy->cond_account_id = cond_account_id;  in necp_kernel_socket_policy_add()
5050 	if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_DOMAIN) ||  in necp_kernel_socket_policy_add()
5051 	    (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_EXACT_DOMAIN)) {  in necp_kernel_socket_policy_add()
5052 		new_kernel_policy->cond_domain = cond_domain;  in necp_kernel_socket_policy_add()
5053 …new_kernel_policy->cond_domain_dot_count = necp_count_dots(__unsafe_null_terminated_to_indexable(c…  in necp_kernel_socket_policy_add()
5055 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_DOMAIN_FILTER) {  in necp_kernel_socket_policy_add()
5056 		new_kernel_policy->cond_domain_filter = cond_domain_filter;  in necp_kernel_socket_policy_add()
5058 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_URL) {  in necp_kernel_socket_policy_add()
5059 		new_kernel_policy->cond_url = cond_url;  in necp_kernel_socket_policy_add()
5061 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PID) {  in necp_kernel_socket_policy_add()
5062 		new_kernel_policy->cond_pid = cond_pid;  in necp_kernel_socket_policy_add()
5063 		new_kernel_policy->cond_pid_version = cond_pid_version;  in necp_kernel_socket_policy_add()
5065 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_UID) {  in necp_kernel_socket_policy_add()
5066 		new_kernel_policy->cond_uid = cond_uid;  in necp_kernel_socket_policy_add()
5068 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REAL_UID) {  in necp_kernel_socket_policy_add()
5069 		new_kernel_policy->cond_real_uid = cond_real_uid;  in necp_kernel_socket_policy_add()
5071 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE) {  in necp_kernel_socket_policy_add()
5075 		new_kernel_policy->cond_bound_interface = cond_bound_interface;  in necp_kernel_socket_policy_add()
5077 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_TRAFFIC_CLASS) {  in necp_kernel_socket_policy_add()
5078 		new_kernel_policy->cond_traffic_class = cond_traffic_class;  in necp_kernel_socket_policy_add()
5080 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PROTOCOL) {  in necp_kernel_socket_policy_add()
5081 		new_kernel_policy->cond_protocol = cond_protocol;  in necp_kernel_socket_policy_add()
5083 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_START) {  in necp_kernel_socket_policy_add()
5084 …SOCKADDR_COPY(cond_local_start, &new_kernel_policy->cond_local_start, cond_local_start->sa.sa_len);  in necp_kernel_socket_policy_add()
5086 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) {  in necp_kernel_socket_policy_add()
5087 		SOCKADDR_COPY(cond_local_end, &new_kernel_policy->cond_local_end, cond_local_end->sa.sa_len);  in necp_kernel_socket_policy_add()
5089 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_PREFIX) {  in necp_kernel_socket_policy_add()
5090 		new_kernel_policy->cond_local_prefix = cond_local_prefix;  in necp_kernel_socket_policy_add()
5092 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_START) {  in necp_kernel_socket_policy_add()
5093 …SOCKADDR_COPY(cond_remote_start, &new_kernel_policy->cond_remote_start, cond_remote_start->sa.sa_l…  in necp_kernel_socket_policy_add()
5095 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) {  in necp_kernel_socket_policy_add()
5096 		SOCKADDR_COPY(cond_remote_end, &new_kernel_policy->cond_remote_end, cond_remote_end->sa.sa_len);  in necp_kernel_socket_policy_add()
5098 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_PREFIX) {  in necp_kernel_socket_policy_add()
5099 		new_kernel_policy->cond_remote_prefix = cond_remote_prefix;  in necp_kernel_socket_policy_add()
5101 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_AGENT_TYPE) {  in necp_kernel_socket_policy_add()
5102 		memcpy(&new_kernel_policy->cond_agent_type, cond_agent_type, sizeof(*cond_agent_type));  in necp_kernel_socket_policy_add()
5104 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SDK_VERSION) {  in necp_kernel_socket_policy_add()
5105 		memcpy(&new_kernel_policy->cond_sdk_version, cond_sdk_version, sizeof(*cond_sdk_version));  in necp_kernel_socket_policy_add()
5107 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_CLIENT_FLAGS) {  in necp_kernel_socket_policy_add()
5108 		new_kernel_policy->cond_client_flags = cond_client_flags;  in necp_kernel_socket_policy_add()
5110 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SIGNING_IDENTIFIER) {  in necp_kernel_socket_policy_add()
5111 		new_kernel_policy->cond_signing_identifier = cond_signing_identifier;  in necp_kernel_socket_policy_add()
5113 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PACKET_FILTER_TAGS) {  in necp_kernel_socket_policy_add()
5114 		new_kernel_policy->cond_packet_filter_tags = cond_packet_filter_tags;  in necp_kernel_socket_policy_add()
5116 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SCHEME_PORT) {  in necp_kernel_socket_policy_add()
5117 		new_kernel_policy->cond_scheme_port = cond_scheme_port;  in necp_kernel_socket_policy_add()
5119 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE_FLAGS) {  in necp_kernel_socket_policy_add()
5120 		new_kernel_policy->cond_bound_interface_flags = cond_bound_interface_flags;  in necp_kernel_socket_policy_add()
5121 		new_kernel_policy->cond_bound_interface_eflags = cond_bound_interface_eflags;  in necp_kernel_socket_policy_add()
5122 		new_kernel_policy->cond_bound_interface_xflags = cond_bound_interface_xflags;  in necp_kernel_socket_policy_add()
5124 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_NETWORKS) {  in necp_kernel_socket_policy_add()
5125 		new_kernel_policy->cond_local_networks_flags = cond_local_networks_flags;  in necp_kernel_socket_policy_add()
5128 	new_kernel_policy->result = result;  in necp_kernel_socket_policy_add()
5129 	memcpy(&new_kernel_policy->result_parameter, &result_parameter, sizeof(result_parameter));  in necp_kernel_socket_policy_add()
5132 …BUG, "Added kernel policy: socket, id=%d, mask=%llx\n", new_kernel_policy->id, new_kernel_policy->…  in necp_kernel_socket_policy_add()
5134 …LIST_INSERT_SORTED_TWICE_ASCENDING(&necp_kernel_socket_policies, new_kernel_policy, chain, session…  in necp_kernel_socket_policy_add()
5136 	return new_kernel_policy ? new_kernel_policy->id : 0;  in necp_kernel_socket_policy_add()
6947 	struct necp_kernel_ip_output_policy *new_kernel_policy = NULL;  in necp_kernel_ip_output_policy_add()  local
6950 	new_kernel_policy = zalloc_flags(necp_ip_policy_zone, Z_WAITOK | Z_ZERO);  in necp_kernel_ip_output_policy_add()
6951 	new_kernel_policy->id = necp_kernel_policy_get_new_id(false);  in necp_kernel_ip_output_policy_add()
6952 	new_kernel_policy->suborder = suborder;  in necp_kernel_ip_output_policy_add()
6953 	new_kernel_policy->order = order;  in necp_kernel_ip_output_policy_add()
6954 	new_kernel_policy->session_order = session_order;  in necp_kernel_ip_output_policy_add()
6955 	new_kernel_policy->session_pid = session_pid;  in necp_kernel_ip_output_policy_add()
6958 	new_kernel_policy->condition_mask = (condition_mask & NECP_KERNEL_VALID_IP_OUTPUT_CONDITIONS);  in necp_kernel_ip_output_policy_add()
6959 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ALL_INTERFACES) && (new_kernel_poli…  in necp_kernel_ip_output_policy_add()
6960 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_BOUND_INTERFACE;  in necp_kernel_ip_output_policy_add()
6962 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ALL_INTERFACES) && (new_kernel_poli…  in necp_kernel_ip_output_policy_add()
6963 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_BOUND_INTERFACE_FLAGS;  in necp_kernel_ip_output_policy_add()
6965 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) && (new_kernel_policy->c…  in necp_kernel_ip_output_policy_add()
6966 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_LOCAL_PREFIX;  in necp_kernel_ip_output_policy_add()
6968 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) && (new_kernel_policy->…  in necp_kernel_ip_output_policy_add()
6969 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_REMOTE_PREFIX;  in necp_kernel_ip_output_policy_add()
6971 …new_kernel_policy->condition_negated_mask = condition_negated_mask & new_kernel_policy->condition_…  in necp_kernel_ip_output_policy_add()
6974 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_POLICY_ID) {  in necp_kernel_ip_output_policy_add()
6975 		new_kernel_policy->cond_policy_id = cond_policy_id;  in necp_kernel_ip_output_policy_add()
6977 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE) {  in necp_kernel_ip_output_policy_add()
6981 		new_kernel_policy->cond_bound_interface = cond_bound_interface;  in necp_kernel_ip_output_policy_add()
6983 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LAST_INTERFACE) {  in necp_kernel_ip_output_policy_add()
6984 		new_kernel_policy->cond_last_interface_index = cond_last_interface_index;  in necp_kernel_ip_output_policy_add()
6986 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PROTOCOL) {  in necp_kernel_ip_output_policy_add()
6987 		new_kernel_policy->cond_protocol = cond_protocol;  in necp_kernel_ip_output_policy_add()
6989 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_START) {  in necp_kernel_ip_output_policy_add()
6990 …SOCKADDR_COPY(cond_local_start, &new_kernel_policy->cond_local_start, cond_local_start->sa.sa_len);  in necp_kernel_ip_output_policy_add()
6992 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) {  in necp_kernel_ip_output_policy_add()
6993 		SOCKADDR_COPY(cond_local_end, &new_kernel_policy->cond_local_end, cond_local_end->sa.sa_len);  in necp_kernel_ip_output_policy_add()
6995 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_PREFIX) {  in necp_kernel_ip_output_policy_add()
6996 		new_kernel_policy->cond_local_prefix = cond_local_prefix;  in necp_kernel_ip_output_policy_add()
6998 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_START) {  in necp_kernel_ip_output_policy_add()
6999 …SOCKADDR_COPY(cond_remote_start, &new_kernel_policy->cond_remote_start, cond_remote_start->sa.sa_l…  in necp_kernel_ip_output_policy_add()
7001 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) {  in necp_kernel_ip_output_policy_add()
7002 		SOCKADDR_COPY(cond_remote_end, &new_kernel_policy->cond_remote_end, cond_remote_end->sa.sa_len);  in necp_kernel_ip_output_policy_add()
7004 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_PREFIX) {  in necp_kernel_ip_output_policy_add()
7005 		new_kernel_policy->cond_remote_prefix = cond_remote_prefix;  in necp_kernel_ip_output_policy_add()
7007 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PACKET_FILTER_TAGS) {  in necp_kernel_ip_output_policy_add()
7008 		new_kernel_policy->cond_packet_filter_tags = cond_packet_filter_tags;  in necp_kernel_ip_output_policy_add()
7010 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SCHEME_PORT) {  in necp_kernel_ip_output_policy_add()
7011 		new_kernel_policy->cond_scheme_port = cond_scheme_port;  in necp_kernel_ip_output_policy_add()
7013 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE_FLAGS) {  in necp_kernel_ip_output_policy_add()
7014 		new_kernel_policy->cond_bound_interface_flags = cond_bound_interface_flags;  in necp_kernel_ip_output_policy_add()
7015 		new_kernel_policy->cond_bound_interface_eflags = cond_bound_interface_eflags;  in necp_kernel_ip_output_policy_add()
7016 		new_kernel_policy->cond_bound_interface_xflags = cond_bound_interface_xflags;  in necp_kernel_ip_output_policy_add()
7018 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_NETWORKS) {  in necp_kernel_ip_output_policy_add()
7019 		new_kernel_policy->cond_local_networks_flags = cond_local_networks_flags;  in necp_kernel_ip_output_policy_add()
7022 	new_kernel_policy->result = result;  in necp_kernel_ip_output_policy_add()
7023 	memcpy(&new_kernel_policy->result_parameter, &result_parameter, sizeof(result_parameter));  in necp_kernel_ip_output_policy_add()
7026 …, "Added kernel policy: ip output, id=%d, mask=%llx\n", new_kernel_policy->id, new_kernel_policy->…  in necp_kernel_ip_output_policy_add()
7028 …LIST_INSERT_SORTED_THRICE_ASCENDING(&necp_kernel_ip_output_policies, new_kernel_policy, chain, ses…  in necp_kernel_ip_output_policy_add()
7030 	return new_kernel_policy ? new_kernel_policy->id : 0;  in necp_kernel_ip_output_policy_add()