4954 	struct necp_kernel_socket_policy *new_kernel_policy = NULL;  in necp_kernel_socket_policy_add()  local
4957 	new_kernel_policy = zalloc_flags(necp_socket_policy_zone, Z_WAITOK | Z_ZERO);  in necp_kernel_socket_policy_add()
4959 	new_kernel_policy->id = necp_kernel_policy_get_new_id(true);  in necp_kernel_socket_policy_add()
4960 	new_kernel_policy->order = order;  in necp_kernel_socket_policy_add()
4961 	new_kernel_policy->session_order = session_order;  in necp_kernel_socket_policy_add()
4962 	new_kernel_policy->session_pid = session_pid;  in necp_kernel_socket_policy_add()
4965 	new_kernel_policy->condition_mask = (condition_mask & NECP_KERNEL_VALID_SOCKET_CONDITIONS);  in necp_kernel_socket_policy_add()
4966 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ALL_INTERFACES) && (new_kernel_poli…  in necp_kernel_socket_policy_add()
4967 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_BOUND_INTERFACE;  in necp_kernel_socket_policy_add()
4969 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ALL_INTERFACES) && (new_kernel_poli…  in necp_kernel_socket_policy_add()
4970 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_BOUND_INTERFACE_FLAGS;  in necp_kernel_socket_policy_add()
4972 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REAL_APP_ID) && !(new_kernel_policy…  in necp_kernel_socket_policy_add()
4973 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_REAL_APP_ID;  in necp_kernel_socket_policy_add()
4975 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) && (new_kernel_policy->c…  in necp_kernel_socket_policy_add()
4976 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_LOCAL_PREFIX;  in necp_kernel_socket_policy_add()
4978 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) && (new_kernel_policy->…  in necp_kernel_socket_policy_add()
4979 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_REMOTE_PREFIX;  in necp_kernel_socket_policy_add()
4981 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_EMPTY) {  in necp_kernel_socket_policy_add()
4982 …new_kernel_policy->condition_mask &= ~(NECP_KERNEL_CONDITION_LOCAL_PREFIX | NECP_KERNEL_CONDITION_…  in necp_kernel_socket_policy_add()
4984 	if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_EMPTY)) {  in necp_kernel_socket_policy_add()
4985 …new_kernel_policy->condition_mask &= ~(NECP_KERNEL_CONDITION_REMOTE_PREFIX | NECP_KERNEL_CONDITION…  in necp_kernel_socket_policy_add()
4987 …new_kernel_policy->condition_negated_mask = condition_negated_mask & new_kernel_policy->condition_…  in necp_kernel_socket_policy_add()
4990 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_APP_ID) {  in necp_kernel_socket_policy_add()
4991 		new_kernel_policy->cond_app_id = cond_app_id;  in necp_kernel_socket_policy_add()
4993 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REAL_APP_ID) {  in necp_kernel_socket_policy_add()
4994 		new_kernel_policy->cond_real_app_id = cond_real_app_id;  in necp_kernel_socket_policy_add()
4996 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_CUSTOM_ENTITLEMENT) {  in necp_kernel_socket_policy_add()
4997 		new_kernel_policy->cond_custom_entitlement = cond_custom_entitlement;  in necp_kernel_socket_policy_add()
4999 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ACCOUNT_ID) {  in necp_kernel_socket_policy_add()
5000 		new_kernel_policy->cond_account_id = cond_account_id;  in necp_kernel_socket_policy_add()
5002 	if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_DOMAIN) ||  in necp_kernel_socket_policy_add()
5003 	    (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_EXACT_DOMAIN)) {  in necp_kernel_socket_policy_add()
5004 		new_kernel_policy->cond_domain = cond_domain;  in necp_kernel_socket_policy_add()
5005 …new_kernel_policy->cond_domain_dot_count = necp_count_dots(__unsafe_null_terminated_to_indexable(c…  in necp_kernel_socket_policy_add()
5007 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_DOMAIN_FILTER) {  in necp_kernel_socket_policy_add()
5008 		new_kernel_policy->cond_domain_filter = cond_domain_filter;  in necp_kernel_socket_policy_add()
5010 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_URL) {  in necp_kernel_socket_policy_add()
5011 		new_kernel_policy->cond_url = cond_url;  in necp_kernel_socket_policy_add()
5013 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PID) {  in necp_kernel_socket_policy_add()
5014 		new_kernel_policy->cond_pid = cond_pid;  in necp_kernel_socket_policy_add()
5015 		new_kernel_policy->cond_pid_version = cond_pid_version;  in necp_kernel_socket_policy_add()
5017 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_UID) {  in necp_kernel_socket_policy_add()
5018 		new_kernel_policy->cond_uid = cond_uid;  in necp_kernel_socket_policy_add()
5020 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REAL_UID) {  in necp_kernel_socket_policy_add()
5021 		new_kernel_policy->cond_real_uid = cond_real_uid;  in necp_kernel_socket_policy_add()
5023 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE) {  in necp_kernel_socket_policy_add()
5027 		new_kernel_policy->cond_bound_interface = cond_bound_interface;  in necp_kernel_socket_policy_add()
5029 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_TRAFFIC_CLASS) {  in necp_kernel_socket_policy_add()
5030 		new_kernel_policy->cond_traffic_class = cond_traffic_class;  in necp_kernel_socket_policy_add()
5032 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PROTOCOL) {  in necp_kernel_socket_policy_add()
5033 		new_kernel_policy->cond_protocol = cond_protocol;  in necp_kernel_socket_policy_add()
5035 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_START) {  in necp_kernel_socket_policy_add()
5036 …SOCKADDR_COPY(cond_local_start, &new_kernel_policy->cond_local_start, cond_local_start->sa.sa_len);  in necp_kernel_socket_policy_add()
5038 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) {  in necp_kernel_socket_policy_add()
5039 		SOCKADDR_COPY(cond_local_end, &new_kernel_policy->cond_local_end, cond_local_end->sa.sa_len);  in necp_kernel_socket_policy_add()
5041 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_PREFIX) {  in necp_kernel_socket_policy_add()
5042 		new_kernel_policy->cond_local_prefix = cond_local_prefix;  in necp_kernel_socket_policy_add()
5044 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_START) {  in necp_kernel_socket_policy_add()
5045 …SOCKADDR_COPY(cond_remote_start, &new_kernel_policy->cond_remote_start, cond_remote_start->sa.sa_l…  in necp_kernel_socket_policy_add()
5047 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) {  in necp_kernel_socket_policy_add()
5048 		SOCKADDR_COPY(cond_remote_end, &new_kernel_policy->cond_remote_end, cond_remote_end->sa.sa_len);  in necp_kernel_socket_policy_add()
5050 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_PREFIX) {  in necp_kernel_socket_policy_add()
5051 		new_kernel_policy->cond_remote_prefix = cond_remote_prefix;  in necp_kernel_socket_policy_add()
5053 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_AGENT_TYPE) {  in necp_kernel_socket_policy_add()
5054 		memcpy(&new_kernel_policy->cond_agent_type, cond_agent_type, sizeof(*cond_agent_type));  in necp_kernel_socket_policy_add()
5056 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SDK_VERSION) {  in necp_kernel_socket_policy_add()
5057 		memcpy(&new_kernel_policy->cond_sdk_version, cond_sdk_version, sizeof(*cond_sdk_version));  in necp_kernel_socket_policy_add()
5059 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_CLIENT_FLAGS) {  in necp_kernel_socket_policy_add()
5060 		new_kernel_policy->cond_client_flags = cond_client_flags;  in necp_kernel_socket_policy_add()
5062 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SIGNING_IDENTIFIER) {  in necp_kernel_socket_policy_add()
5063 		new_kernel_policy->cond_signing_identifier = cond_signing_identifier;  in necp_kernel_socket_policy_add()
5065 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PACKET_FILTER_TAGS) {  in necp_kernel_socket_policy_add()
5066 		new_kernel_policy->cond_packet_filter_tags = cond_packet_filter_tags;  in necp_kernel_socket_policy_add()
5068 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SCHEME_PORT) {  in necp_kernel_socket_policy_add()
5069 		new_kernel_policy->cond_scheme_port = cond_scheme_port;  in necp_kernel_socket_policy_add()
5071 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE_FLAGS) {  in necp_kernel_socket_policy_add()
5072 		new_kernel_policy->cond_bound_interface_flags = cond_bound_interface_flags;  in necp_kernel_socket_policy_add()
5073 		new_kernel_policy->cond_bound_interface_eflags = cond_bound_interface_eflags;  in necp_kernel_socket_policy_add()
5074 		new_kernel_policy->cond_bound_interface_xflags = cond_bound_interface_xflags;  in necp_kernel_socket_policy_add()
5076 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_NETWORKS) {  in necp_kernel_socket_policy_add()
5077 		new_kernel_policy->cond_local_networks_flags = cond_local_networks_flags;  in necp_kernel_socket_policy_add()
5080 	new_kernel_policy->result = result;  in necp_kernel_socket_policy_add()
5081 	memcpy(&new_kernel_policy->result_parameter, &result_parameter, sizeof(result_parameter));  in necp_kernel_socket_policy_add()
5084 …BUG, "Added kernel policy: socket, id=%d, mask=%llx\n", new_kernel_policy->id, new_kernel_policy->…  in necp_kernel_socket_policy_add()
5086 …LIST_INSERT_SORTED_TWICE_ASCENDING(&necp_kernel_socket_policies, new_kernel_policy, chain, session…  in necp_kernel_socket_policy_add()
5088 	return new_kernel_policy ? new_kernel_policy->id : 0;  in necp_kernel_socket_policy_add()
7034 	struct necp_kernel_ip_output_policy *new_kernel_policy = NULL;  in necp_kernel_ip_output_policy_add()  local
7037 	new_kernel_policy = zalloc_flags(necp_ip_policy_zone, Z_WAITOK | Z_ZERO);  in necp_kernel_ip_output_policy_add()
7038 	new_kernel_policy->id = necp_kernel_policy_get_new_id(false);  in necp_kernel_ip_output_policy_add()
7039 	new_kernel_policy->suborder = suborder;  in necp_kernel_ip_output_policy_add()
7040 	new_kernel_policy->order = order;  in necp_kernel_ip_output_policy_add()
7041 	new_kernel_policy->session_order = session_order;  in necp_kernel_ip_output_policy_add()
7042 	new_kernel_policy->session_pid = session_pid;  in necp_kernel_ip_output_policy_add()
7045 	new_kernel_policy->condition_mask = (condition_mask & NECP_KERNEL_VALID_IP_OUTPUT_CONDITIONS);  in necp_kernel_ip_output_policy_add()
7046 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ALL_INTERFACES) && (new_kernel_poli…  in necp_kernel_ip_output_policy_add()
7047 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_BOUND_INTERFACE;  in necp_kernel_ip_output_policy_add()
7049 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ALL_INTERFACES) && (new_kernel_poli…  in necp_kernel_ip_output_policy_add()
7050 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_BOUND_INTERFACE_FLAGS;  in necp_kernel_ip_output_policy_add()
7052 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) && (new_kernel_policy->c…  in necp_kernel_ip_output_policy_add()
7053 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_LOCAL_PREFIX;  in necp_kernel_ip_output_policy_add()
7055 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) && (new_kernel_policy->…  in necp_kernel_ip_output_policy_add()
7056 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_REMOTE_PREFIX;  in necp_kernel_ip_output_policy_add()
7058 …new_kernel_policy->condition_negated_mask = condition_negated_mask & new_kernel_policy->condition_…  in necp_kernel_ip_output_policy_add()
7061 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_POLICY_ID) {  in necp_kernel_ip_output_policy_add()
7062 		new_kernel_policy->cond_policy_id = cond_policy_id;  in necp_kernel_ip_output_policy_add()
7064 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE) {  in necp_kernel_ip_output_policy_add()
7068 		new_kernel_policy->cond_bound_interface = cond_bound_interface;  in necp_kernel_ip_output_policy_add()
7070 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LAST_INTERFACE) {  in necp_kernel_ip_output_policy_add()
7071 		new_kernel_policy->cond_last_interface_index = cond_last_interface_index;  in necp_kernel_ip_output_policy_add()
7073 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PROTOCOL) {  in necp_kernel_ip_output_policy_add()
7074 		new_kernel_policy->cond_protocol = cond_protocol;  in necp_kernel_ip_output_policy_add()
7076 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_START) {  in necp_kernel_ip_output_policy_add()
7077 …SOCKADDR_COPY(cond_local_start, &new_kernel_policy->cond_local_start, cond_local_start->sa.sa_len);  in necp_kernel_ip_output_policy_add()
7079 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) {  in necp_kernel_ip_output_policy_add()
7080 		SOCKADDR_COPY(cond_local_end, &new_kernel_policy->cond_local_end, cond_local_end->sa.sa_len);  in necp_kernel_ip_output_policy_add()
7082 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_PREFIX) {  in necp_kernel_ip_output_policy_add()
7083 		new_kernel_policy->cond_local_prefix = cond_local_prefix;  in necp_kernel_ip_output_policy_add()
7085 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_START) {  in necp_kernel_ip_output_policy_add()
7086 …SOCKADDR_COPY(cond_remote_start, &new_kernel_policy->cond_remote_start, cond_remote_start->sa.sa_l…  in necp_kernel_ip_output_policy_add()
7088 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) {  in necp_kernel_ip_output_policy_add()
7089 		SOCKADDR_COPY(cond_remote_end, &new_kernel_policy->cond_remote_end, cond_remote_end->sa.sa_len);  in necp_kernel_ip_output_policy_add()
7091 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_PREFIX) {  in necp_kernel_ip_output_policy_add()
7092 		new_kernel_policy->cond_remote_prefix = cond_remote_prefix;  in necp_kernel_ip_output_policy_add()
7094 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PACKET_FILTER_TAGS) {  in necp_kernel_ip_output_policy_add()
7095 		new_kernel_policy->cond_packet_filter_tags = cond_packet_filter_tags;  in necp_kernel_ip_output_policy_add()
7097 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SCHEME_PORT) {  in necp_kernel_ip_output_policy_add()
7098 		new_kernel_policy->cond_scheme_port = cond_scheme_port;  in necp_kernel_ip_output_policy_add()
7100 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE_FLAGS) {  in necp_kernel_ip_output_policy_add()
7101 		new_kernel_policy->cond_bound_interface_flags = cond_bound_interface_flags;  in necp_kernel_ip_output_policy_add()
7102 		new_kernel_policy->cond_bound_interface_eflags = cond_bound_interface_eflags;  in necp_kernel_ip_output_policy_add()
7103 		new_kernel_policy->cond_bound_interface_xflags = cond_bound_interface_xflags;  in necp_kernel_ip_output_policy_add()
7105 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_NETWORKS) {  in necp_kernel_ip_output_policy_add()
7106 		new_kernel_policy->cond_local_networks_flags = cond_local_networks_flags;  in necp_kernel_ip_output_policy_add()
7109 	new_kernel_policy->result = result;  in necp_kernel_ip_output_policy_add()
7110 	memcpy(&new_kernel_policy->result_parameter, &result_parameter, sizeof(result_parameter));  in necp_kernel_ip_output_policy_add()
7113 …, "Added kernel policy: ip output, id=%d, mask=%llx\n", new_kernel_policy->id, new_kernel_policy->…  in necp_kernel_ip_output_policy_add()
7115 …LIST_INSERT_SORTED_THRICE_ASCENDING(&necp_kernel_ip_output_policies, new_kernel_policy, chain, ses…  in necp_kernel_ip_output_policy_add()
7117 	return new_kernel_policy ? new_kernel_policy->id : 0;  in necp_kernel_ip_output_policy_add()