4943 	struct necp_kernel_socket_policy *new_kernel_policy = NULL;  in necp_kernel_socket_policy_add()  local
4946 	new_kernel_policy = zalloc_flags(necp_socket_policy_zone, Z_WAITOK | Z_ZERO);  in necp_kernel_socket_policy_add()
4948 	new_kernel_policy->id = necp_kernel_policy_get_new_id(true);  in necp_kernel_socket_policy_add()
4949 	new_kernel_policy->order = order;  in necp_kernel_socket_policy_add()
4950 	new_kernel_policy->session_order = session_order;  in necp_kernel_socket_policy_add()
4951 	new_kernel_policy->session_pid = session_pid;  in necp_kernel_socket_policy_add()
4954 	new_kernel_policy->condition_mask = (condition_mask & NECP_KERNEL_VALID_SOCKET_CONDITIONS);  in necp_kernel_socket_policy_add()
4955 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ALL_INTERFACES) && (new_kernel_poli…  in necp_kernel_socket_policy_add()
4956 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_BOUND_INTERFACE;  in necp_kernel_socket_policy_add()
4958 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ALL_INTERFACES) && (new_kernel_poli…  in necp_kernel_socket_policy_add()
4959 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_BOUND_INTERFACE_FLAGS;  in necp_kernel_socket_policy_add()
4961 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REAL_APP_ID) && !(new_kernel_policy…  in necp_kernel_socket_policy_add()
4962 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_REAL_APP_ID;  in necp_kernel_socket_policy_add()
4964 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) && (new_kernel_policy->c…  in necp_kernel_socket_policy_add()
4965 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_LOCAL_PREFIX;  in necp_kernel_socket_policy_add()
4967 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) && (new_kernel_policy->…  in necp_kernel_socket_policy_add()
4968 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_REMOTE_PREFIX;  in necp_kernel_socket_policy_add()
4970 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_EMPTY) {  in necp_kernel_socket_policy_add()
4971 …new_kernel_policy->condition_mask &= ~(NECP_KERNEL_CONDITION_LOCAL_PREFIX | NECP_KERNEL_CONDITION_…  in necp_kernel_socket_policy_add()
4973 	if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_EMPTY)) {  in necp_kernel_socket_policy_add()
4974 …new_kernel_policy->condition_mask &= ~(NECP_KERNEL_CONDITION_REMOTE_PREFIX | NECP_KERNEL_CONDITION…  in necp_kernel_socket_policy_add()
4976 …new_kernel_policy->condition_negated_mask = condition_negated_mask & new_kernel_policy->condition_…  in necp_kernel_socket_policy_add()
4979 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_APP_ID) {  in necp_kernel_socket_policy_add()
4980 		new_kernel_policy->cond_app_id = cond_app_id;  in necp_kernel_socket_policy_add()
4982 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REAL_APP_ID) {  in necp_kernel_socket_policy_add()
4983 		new_kernel_policy->cond_real_app_id = cond_real_app_id;  in necp_kernel_socket_policy_add()
4985 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_CUSTOM_ENTITLEMENT) {  in necp_kernel_socket_policy_add()
4986 		new_kernel_policy->cond_custom_entitlement = cond_custom_entitlement;  in necp_kernel_socket_policy_add()
4988 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ACCOUNT_ID) {  in necp_kernel_socket_policy_add()
4989 		new_kernel_policy->cond_account_id = cond_account_id;  in necp_kernel_socket_policy_add()
4991 	if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_DOMAIN) ||  in necp_kernel_socket_policy_add()
4992 	    (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_EXACT_DOMAIN)) {  in necp_kernel_socket_policy_add()
4993 		new_kernel_policy->cond_domain = cond_domain;  in necp_kernel_socket_policy_add()
4994 …new_kernel_policy->cond_domain_dot_count = necp_count_dots(__unsafe_null_terminated_to_indexable(c…  in necp_kernel_socket_policy_add()
4996 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_DOMAIN_FILTER) {  in necp_kernel_socket_policy_add()
4997 		new_kernel_policy->cond_domain_filter = cond_domain_filter;  in necp_kernel_socket_policy_add()
4999 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_URL) {  in necp_kernel_socket_policy_add()
5000 		new_kernel_policy->cond_url = cond_url;  in necp_kernel_socket_policy_add()
5002 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PID) {  in necp_kernel_socket_policy_add()
5003 		new_kernel_policy->cond_pid = cond_pid;  in necp_kernel_socket_policy_add()
5004 		new_kernel_policy->cond_pid_version = cond_pid_version;  in necp_kernel_socket_policy_add()
5006 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_UID) {  in necp_kernel_socket_policy_add()
5007 		new_kernel_policy->cond_uid = cond_uid;  in necp_kernel_socket_policy_add()
5009 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REAL_UID) {  in necp_kernel_socket_policy_add()
5010 		new_kernel_policy->cond_real_uid = cond_real_uid;  in necp_kernel_socket_policy_add()
5012 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE) {  in necp_kernel_socket_policy_add()
5016 		new_kernel_policy->cond_bound_interface = cond_bound_interface;  in necp_kernel_socket_policy_add()
5018 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_TRAFFIC_CLASS) {  in necp_kernel_socket_policy_add()
5019 		new_kernel_policy->cond_traffic_class = cond_traffic_class;  in necp_kernel_socket_policy_add()
5021 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PROTOCOL) {  in necp_kernel_socket_policy_add()
5022 		new_kernel_policy->cond_protocol = cond_protocol;  in necp_kernel_socket_policy_add()
5024 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_START) {  in necp_kernel_socket_policy_add()
5025 …SOCKADDR_COPY(cond_local_start, &new_kernel_policy->cond_local_start, cond_local_start->sa.sa_len);  in necp_kernel_socket_policy_add()
5027 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) {  in necp_kernel_socket_policy_add()
5028 		SOCKADDR_COPY(cond_local_end, &new_kernel_policy->cond_local_end, cond_local_end->sa.sa_len);  in necp_kernel_socket_policy_add()
5030 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_PREFIX) {  in necp_kernel_socket_policy_add()
5031 		new_kernel_policy->cond_local_prefix = cond_local_prefix;  in necp_kernel_socket_policy_add()
5033 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_START) {  in necp_kernel_socket_policy_add()
5034 …SOCKADDR_COPY(cond_remote_start, &new_kernel_policy->cond_remote_start, cond_remote_start->sa.sa_l…  in necp_kernel_socket_policy_add()
5036 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) {  in necp_kernel_socket_policy_add()
5037 		SOCKADDR_COPY(cond_remote_end, &new_kernel_policy->cond_remote_end, cond_remote_end->sa.sa_len);  in necp_kernel_socket_policy_add()
5039 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_PREFIX) {  in necp_kernel_socket_policy_add()
5040 		new_kernel_policy->cond_remote_prefix = cond_remote_prefix;  in necp_kernel_socket_policy_add()
5042 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_AGENT_TYPE) {  in necp_kernel_socket_policy_add()
5043 		memcpy(&new_kernel_policy->cond_agent_type, cond_agent_type, sizeof(*cond_agent_type));  in necp_kernel_socket_policy_add()
5045 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SDK_VERSION) {  in necp_kernel_socket_policy_add()
5046 		memcpy(&new_kernel_policy->cond_sdk_version, cond_sdk_version, sizeof(*cond_sdk_version));  in necp_kernel_socket_policy_add()
5048 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_CLIENT_FLAGS) {  in necp_kernel_socket_policy_add()
5049 		new_kernel_policy->cond_client_flags = cond_client_flags;  in necp_kernel_socket_policy_add()
5051 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SIGNING_IDENTIFIER) {  in necp_kernel_socket_policy_add()
5052 		new_kernel_policy->cond_signing_identifier = cond_signing_identifier;  in necp_kernel_socket_policy_add()
5054 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PACKET_FILTER_TAGS) {  in necp_kernel_socket_policy_add()
5055 		new_kernel_policy->cond_packet_filter_tags = cond_packet_filter_tags;  in necp_kernel_socket_policy_add()
5057 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SCHEME_PORT) {  in necp_kernel_socket_policy_add()
5058 		new_kernel_policy->cond_scheme_port = cond_scheme_port;  in necp_kernel_socket_policy_add()
5060 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE_FLAGS) {  in necp_kernel_socket_policy_add()
5061 		new_kernel_policy->cond_bound_interface_flags = cond_bound_interface_flags;  in necp_kernel_socket_policy_add()
5062 		new_kernel_policy->cond_bound_interface_eflags = cond_bound_interface_eflags;  in necp_kernel_socket_policy_add()
5063 		new_kernel_policy->cond_bound_interface_xflags = cond_bound_interface_xflags;  in necp_kernel_socket_policy_add()
5065 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_NETWORKS) {  in necp_kernel_socket_policy_add()
5066 		new_kernel_policy->cond_local_networks_flags = cond_local_networks_flags;  in necp_kernel_socket_policy_add()
5069 	new_kernel_policy->result = result;  in necp_kernel_socket_policy_add()
5070 	memcpy(&new_kernel_policy->result_parameter, &result_parameter, sizeof(result_parameter));  in necp_kernel_socket_policy_add()
5073 …BUG, "Added kernel policy: socket, id=%d, mask=%llx\n", new_kernel_policy->id, new_kernel_policy->…  in necp_kernel_socket_policy_add()
5075 …LIST_INSERT_SORTED_TWICE_ASCENDING(&necp_kernel_socket_policies, new_kernel_policy, chain, session…  in necp_kernel_socket_policy_add()
5077 	return new_kernel_policy ? new_kernel_policy->id : 0;  in necp_kernel_socket_policy_add()
7023 	struct necp_kernel_ip_output_policy *new_kernel_policy = NULL;  in necp_kernel_ip_output_policy_add()  local
7026 	new_kernel_policy = zalloc_flags(necp_ip_policy_zone, Z_WAITOK | Z_ZERO);  in necp_kernel_ip_output_policy_add()
7027 	new_kernel_policy->id = necp_kernel_policy_get_new_id(false);  in necp_kernel_ip_output_policy_add()
7028 	new_kernel_policy->suborder = suborder;  in necp_kernel_ip_output_policy_add()
7029 	new_kernel_policy->order = order;  in necp_kernel_ip_output_policy_add()
7030 	new_kernel_policy->session_order = session_order;  in necp_kernel_ip_output_policy_add()
7031 	new_kernel_policy->session_pid = session_pid;  in necp_kernel_ip_output_policy_add()
7034 	new_kernel_policy->condition_mask = (condition_mask & NECP_KERNEL_VALID_IP_OUTPUT_CONDITIONS);  in necp_kernel_ip_output_policy_add()
7035 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ALL_INTERFACES) && (new_kernel_poli…  in necp_kernel_ip_output_policy_add()
7036 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_BOUND_INTERFACE;  in necp_kernel_ip_output_policy_add()
7038 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ALL_INTERFACES) && (new_kernel_poli…  in necp_kernel_ip_output_policy_add()
7039 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_BOUND_INTERFACE_FLAGS;  in necp_kernel_ip_output_policy_add()
7041 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) && (new_kernel_policy->c…  in necp_kernel_ip_output_policy_add()
7042 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_LOCAL_PREFIX;  in necp_kernel_ip_output_policy_add()
7044 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) && (new_kernel_policy->…  in necp_kernel_ip_output_policy_add()
7045 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_REMOTE_PREFIX;  in necp_kernel_ip_output_policy_add()
7047 …new_kernel_policy->condition_negated_mask = condition_negated_mask & new_kernel_policy->condition_…  in necp_kernel_ip_output_policy_add()
7050 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_POLICY_ID) {  in necp_kernel_ip_output_policy_add()
7051 		new_kernel_policy->cond_policy_id = cond_policy_id;  in necp_kernel_ip_output_policy_add()
7053 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE) {  in necp_kernel_ip_output_policy_add()
7057 		new_kernel_policy->cond_bound_interface = cond_bound_interface;  in necp_kernel_ip_output_policy_add()
7059 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LAST_INTERFACE) {  in necp_kernel_ip_output_policy_add()
7060 		new_kernel_policy->cond_last_interface_index = cond_last_interface_index;  in necp_kernel_ip_output_policy_add()
7062 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PROTOCOL) {  in necp_kernel_ip_output_policy_add()
7063 		new_kernel_policy->cond_protocol = cond_protocol;  in necp_kernel_ip_output_policy_add()
7065 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_START) {  in necp_kernel_ip_output_policy_add()
7066 …SOCKADDR_COPY(cond_local_start, &new_kernel_policy->cond_local_start, cond_local_start->sa.sa_len);  in necp_kernel_ip_output_policy_add()
7068 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) {  in necp_kernel_ip_output_policy_add()
7069 		SOCKADDR_COPY(cond_local_end, &new_kernel_policy->cond_local_end, cond_local_end->sa.sa_len);  in necp_kernel_ip_output_policy_add()
7071 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_PREFIX) {  in necp_kernel_ip_output_policy_add()
7072 		new_kernel_policy->cond_local_prefix = cond_local_prefix;  in necp_kernel_ip_output_policy_add()
7074 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_START) {  in necp_kernel_ip_output_policy_add()
7075 …SOCKADDR_COPY(cond_remote_start, &new_kernel_policy->cond_remote_start, cond_remote_start->sa.sa_l…  in necp_kernel_ip_output_policy_add()
7077 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) {  in necp_kernel_ip_output_policy_add()
7078 		SOCKADDR_COPY(cond_remote_end, &new_kernel_policy->cond_remote_end, cond_remote_end->sa.sa_len);  in necp_kernel_ip_output_policy_add()
7080 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_PREFIX) {  in necp_kernel_ip_output_policy_add()
7081 		new_kernel_policy->cond_remote_prefix = cond_remote_prefix;  in necp_kernel_ip_output_policy_add()
7083 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PACKET_FILTER_TAGS) {  in necp_kernel_ip_output_policy_add()
7084 		new_kernel_policy->cond_packet_filter_tags = cond_packet_filter_tags;  in necp_kernel_ip_output_policy_add()
7086 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SCHEME_PORT) {  in necp_kernel_ip_output_policy_add()
7087 		new_kernel_policy->cond_scheme_port = cond_scheme_port;  in necp_kernel_ip_output_policy_add()
7089 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE_FLAGS) {  in necp_kernel_ip_output_policy_add()
7090 		new_kernel_policy->cond_bound_interface_flags = cond_bound_interface_flags;  in necp_kernel_ip_output_policy_add()
7091 		new_kernel_policy->cond_bound_interface_eflags = cond_bound_interface_eflags;  in necp_kernel_ip_output_policy_add()
7092 		new_kernel_policy->cond_bound_interface_xflags = cond_bound_interface_xflags;  in necp_kernel_ip_output_policy_add()
7094 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_NETWORKS) {  in necp_kernel_ip_output_policy_add()
7095 		new_kernel_policy->cond_local_networks_flags = cond_local_networks_flags;  in necp_kernel_ip_output_policy_add()
7098 	new_kernel_policy->result = result;  in necp_kernel_ip_output_policy_add()
7099 	memcpy(&new_kernel_policy->result_parameter, &result_parameter, sizeof(result_parameter));  in necp_kernel_ip_output_policy_add()
7102 …, "Added kernel policy: ip output, id=%d, mask=%llx\n", new_kernel_policy->id, new_kernel_policy->…  in necp_kernel_ip_output_policy_add()
7104 …LIST_INSERT_SORTED_THRICE_ASCENDING(&necp_kernel_ip_output_policies, new_kernel_policy, chain, ses…  in necp_kernel_ip_output_policy_add()
7106 	return new_kernel_policy ? new_kernel_policy->id : 0;  in necp_kernel_ip_output_policy_add()