Lines Matching refs:kernel_policy
4235 struct necp_kernel_socket_policy *kernel_policy = NULL; in necp_kernel_socket_policy_find() local
4242 LIST_FOREACH_SAFE(kernel_policy, &necp_kernel_socket_policies, chain, tmp_kernel_policy) { in necp_kernel_socket_policy_find()
4243 if (kernel_policy->id == policy_id) { in necp_kernel_socket_policy_find()
4244 return kernel_policy; in necp_kernel_socket_policy_find()
4559 necp_kernel_socket_result_is_trigger_service_type(struct necp_kernel_socket_policy *kernel_policy) in necp_kernel_socket_result_is_trigger_service_type() argument
4561 …return kernel_policy->result >= NECP_KERNEL_POLICY_RESULT_TRIGGER && kernel_policy->result <= NECP… in necp_kernel_socket_result_is_trigger_service_type()
4786 struct necp_kernel_socket_policy *kernel_policy = NULL; in necp_kernel_socket_policies_reprocess() local
4818 LIST_FOREACH(kernel_policy, &necp_kernel_socket_policies, chain) { in necp_kernel_socket_policies_reprocess()
4820 necp_kernel_application_policies_condition_mask |= kernel_policy->condition_mask; in necp_kernel_socket_policies_reprocess()
4824 if ((kernel_policy->condition_mask & NECP_KERNEL_CONDITION_AGENT_TYPE)) { in necp_kernel_socket_policies_reprocess()
4830 necp_kernel_socket_policies_condition_mask |= kernel_policy->condition_mask; in necp_kernel_socket_policies_reprocess()
4833 if (!(kernel_policy->condition_mask & NECP_KERNEL_CONDITION_APP_ID) || in necp_kernel_socket_policies_reprocess()
4834 kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_APP_ID) { in necp_kernel_socket_policies_reprocess()
4840 …necp_kernel_socket_policies_map_counts[NECP_SOCKET_MAP_APP_ID_TO_BUCKET(kernel_policy->cond_app_id… in necp_kernel_socket_policies_reprocess()
4863 LIST_FOREACH(kernel_policy, &necp_kernel_socket_policies, chain) { in necp_kernel_socket_policies_reprocess()
4865 …if (!necp_dedup_policies || !necp_kernel_socket_policy_is_unnecessary(kernel_policy, necp_kernel_s… in necp_kernel_socket_policies_reprocess()
4866 necp_kernel_socket_policies_app_layer_map[app_layer_current_free_index] = kernel_policy; in necp_kernel_socket_policies_reprocess()
4871 if ((kernel_policy->condition_mask & NECP_KERNEL_CONDITION_AGENT_TYPE)) { in necp_kernel_socket_policies_reprocess()
4877 if (!(kernel_policy->condition_mask & NECP_KERNEL_CONDITION_APP_ID) || in necp_kernel_socket_policies_reprocess()
4878 kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_APP_ID) { in necp_kernel_socket_policies_reprocess()
4880 …if (!necp_dedup_policies || !necp_kernel_socket_policy_is_unnecessary(kernel_policy, necp_kernel_s… in necp_kernel_socket_policies_reprocess()
4881 (necp_kernel_socket_policies_map[app_i])[(bucket_current_free_index[app_i])] = kernel_policy; in necp_kernel_socket_policies_reprocess()
4887 app_i = NECP_SOCKET_MAP_APP_ID_TO_BUCKET(kernel_policy->cond_app_id); in necp_kernel_socket_policies_reprocess()
4888 …if (!necp_dedup_policies || !necp_kernel_socket_policy_is_unnecessary(kernel_policy, necp_kernel_s… in necp_kernel_socket_policies_reprocess()
4889 (necp_kernel_socket_policies_map[app_i])[(bucket_current_free_index[app_i])] = kernel_policy; in necp_kernel_socket_policies_reprocess()
5865 struct necp_kernel_ip_output_policy *kernel_policy = NULL; in necp_kernel_ip_output_policy_find() local
5872 LIST_FOREACH_SAFE(kernel_policy, &necp_kernel_ip_output_policies, chain, tmp_kernel_policy) { in necp_kernel_ip_output_policy_find()
5873 if (kernel_policy->id == policy_id) { in necp_kernel_ip_output_policy_find()
5874 return kernel_policy; in necp_kernel_ip_output_policy_find()
6076 struct necp_kernel_ip_output_policy *kernel_policy = NULL; in necp_kernel_ip_output_policies_reprocess() local
6097 LIST_FOREACH(kernel_policy, &necp_kernel_ip_output_policies, chain) { in necp_kernel_ip_output_policies_reprocess()
6099 necp_kernel_ip_output_policies_condition_mask |= kernel_policy->condition_mask; in necp_kernel_ip_output_policies_reprocess()
6106 if (!(kernel_policy->condition_mask & NECP_KERNEL_CONDITION_POLICY_ID) || in necp_kernel_ip_output_policies_reprocess()
6107 (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_NETWORKS) || in necp_kernel_ip_output_policies_reprocess()
6108 kernel_policy->result == NECP_KERNEL_POLICY_RESULT_SKIP) { in necp_kernel_ip_output_policies_reprocess()
6113 if (!(kernel_policy->condition_mask & NECP_KERNEL_CONDITION_POLICY_ID)) { in necp_kernel_ip_output_policies_reprocess()
6116 …necp_kernel_ip_output_policies_map_counts[NECP_IP_OUTPUT_MAP_ID_TO_BUCKET(kernel_policy->cond_poli… in necp_kernel_ip_output_policies_reprocess()
6132 LIST_FOREACH(kernel_policy, &necp_kernel_ip_output_policies, chain) { in necp_kernel_ip_output_policies_reprocess()
6134 if (!(kernel_policy->condition_mask & NECP_KERNEL_CONDITION_POLICY_ID) || in necp_kernel_ip_output_policies_reprocess()
6135 (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_NETWORKS) || in necp_kernel_ip_output_policies_reprocess()
6136 kernel_policy->result == NECP_KERNEL_POLICY_RESULT_SKIP) { in necp_kernel_ip_output_policies_reprocess()
6138 …if (!necp_dedup_policies || !necp_kernel_ip_output_policy_is_unnecessary(kernel_policy, necp_kerne… in necp_kernel_ip_output_policies_reprocess()
6139 (necp_kernel_ip_output_policies_map[i])[(bucket_current_free_index[i])] = kernel_policy; in necp_kernel_ip_output_policies_reprocess()
6145 i = NECP_IP_OUTPUT_MAP_ID_TO_BUCKET(kernel_policy->cond_policy_id); in necp_kernel_ip_output_policies_reprocess()
6146 …if (!necp_dedup_policies || !necp_kernel_ip_output_policy_is_unnecessary(kernel_policy, necp_kerne… in necp_kernel_ip_output_policies_reprocess()
6147 (necp_kernel_ip_output_policies_map[i])[(bucket_current_free_index[i])] = kernel_policy; in necp_kernel_ip_output_policies_reprocess()
7545 necp_socket_check_policy(struct necp_kernel_socket_policy *kernel_policy, necp_app_id app_id, necp_… in necp_socket_check_policy() argument
7547 if (!(kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ALL_INTERFACES)) { in necp_socket_check_policy()
7548 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE) { in necp_socket_check_policy()
7549 …u_int32_t cond_bound_interface_index = kernel_policy->cond_bound_interface ? kernel_policy->cond_b… in necp_socket_check_policy()
7550 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
7552 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE) { in necp_socket_check_policy()
7572 if (kernel_policy->condition_mask == 0) { in necp_socket_check_policy()
7576 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_APP_ID) { in necp_socket_check_policy()
7577 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
7578 "NECP_KERNEL_CONDITION_APP_ID", kernel_policy->cond_app_id, app_id); in necp_socket_check_policy()
7579 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_APP_ID) { in necp_socket_check_policy()
7580 if (app_id == kernel_policy->cond_app_id) { in necp_socket_check_policy()
7585 if (app_id != kernel_policy->cond_app_id) { in necp_socket_check_policy()
7592 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_SIGNING_IDENTIFIER || in necp_socket_check_policy()
7593 kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SIGNING_IDENTIFIER) { in necp_socket_check_policy()
7596 …NECP_DATA_TRACE_LOG_CONDITION_STR(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KE… in necp_socket_check_policy()
7598 kernel_policy->cond_signing_identifier ? kernel_policy->cond_signing_identifier : "<n/a>", in necp_socket_check_policy()
7602 if (memcmp(signing_id, kernel_policy->cond_signing_identifier, signing_id_size) == 0) { in necp_socket_check_policy()
7607 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_SIGNING_IDENTIFIER) { in necp_socket_check_policy()
7619 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REAL_APP_ID) { in necp_socket_check_policy()
7620 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
7622 kernel_policy->cond_real_app_id, real_app_id); in necp_socket_check_policy()
7623 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_REAL_APP_ID) { in necp_socket_check_policy()
7624 if (real_app_id == kernel_policy->cond_real_app_id) { in necp_socket_check_policy()
7629 if (real_app_id != kernel_policy->cond_real_app_id) { in necp_socket_check_policy()
7636 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_HAS_CLIENT) { in necp_socket_check_policy()
7643 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ENTITLEMENT) { in necp_socket_check_policy()
7651 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PLATFORM_BINARY) { in necp_socket_check_policy()
7659 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SDK_VERSION) { in necp_socket_check_policy()
7662 kernel_policy->cond_sdk_version.platform, in necp_socket_check_policy()
7663 kernel_policy->cond_sdk_version.min_version, in necp_socket_check_policy()
7664 kernel_policy->cond_sdk_version.version, in necp_socket_check_policy()
7668 if (kernel_policy->cond_sdk_version.platform != 0) { in necp_socket_check_policy()
7669 if (kernel_policy->cond_sdk_version.platform != proc_platform(proc)) { in necp_socket_check_policy()
7675 if (kernel_policy->cond_sdk_version.min_version != 0) { in necp_socket_check_policy()
7676 if (kernel_policy->cond_sdk_version.min_version > proc_min_sdk(proc)) { in necp_socket_check_policy()
7682 if (kernel_policy->cond_sdk_version.version != 0) { in necp_socket_check_policy()
7683 if (kernel_policy->cond_sdk_version.version > proc_sdk(proc)) { in necp_socket_check_policy()
7691 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_CUSTOM_ENTITLEMENT) { in necp_socket_check_policy()
7692 …, "SOCKET", false, "NECP_KERNEL_CONDITION_CUSTOM_ENTITLEMENT", "n/a", kernel_policy->cond_custom_e… in necp_socket_check_policy()
7693 if (kernel_policy->cond_custom_entitlement_matched == necp_boolean_state_false) { in necp_socket_check_policy()
7696 } else if (kernel_policy->cond_custom_entitlement_matched == necp_boolean_state_unknown) { in necp_socket_check_policy()
7697 if (kernel_policy->cond_custom_entitlement != NULL) { in necp_socket_check_policy()
7704 !IOTaskHasEntitlement(task, kernel_policy->cond_custom_entitlement)) { in necp_socket_check_policy()
7706 kernel_policy->cond_custom_entitlement_matched = necp_boolean_state_false; in necp_socket_check_policy()
7709 kernel_policy->cond_custom_entitlement_matched = necp_boolean_state_true; in necp_socket_check_policy()
7715 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_DOMAIN) { in necp_socket_check_policy()
7716 …NECP_DATA_TRACE_LOG_CONDITION_STR(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KE… in necp_socket_check_policy()
7717 "NECP_KERNEL_CONDITION_DOMAIN", kernel_policy->cond_domain, domain.string); in necp_socket_check_policy()
7718 … necp_hostname_matches_domain(domain, domain_dot_count, kernel_policy->cond_domain, kernel_policy-… in necp_socket_check_policy()
7719 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_DOMAIN) { in necp_socket_check_policy()
7732 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ACCOUNT_ID) { in necp_socket_check_policy()
7733 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
7735 kernel_policy->cond_account_id, account_id); in necp_socket_check_policy()
7736 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_ACCOUNT_ID) { in necp_socket_check_policy()
7737 if (account_id == kernel_policy->cond_account_id) { in necp_socket_check_policy()
7742 if (account_id != kernel_policy->cond_account_id) { in necp_socket_check_policy()
7749 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PID) { in necp_socket_check_policy()
7750 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
7752 kernel_policy->cond_pid, pid); in necp_socket_check_policy()
7753 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_PID) { in necp_socket_check_policy()
7754 if (pid == kernel_policy->cond_pid) { in necp_socket_check_policy()
7758 if (kernel_policy->cond_pid_version != 0 && pid_version == kernel_policy->cond_pid_version) { in necp_socket_check_policy()
7762 if (pid != kernel_policy->cond_pid) { in necp_socket_check_policy()
7766 if (kernel_policy->cond_pid_version != 0 && pid_version != kernel_policy->cond_pid_version) { in necp_socket_check_policy()
7772 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_UID) { in necp_socket_check_policy()
7773 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
7775 kernel_policy->cond_uid, uid); in necp_socket_check_policy()
7776 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_UID) { in necp_socket_check_policy()
7777 if (uid == kernel_policy->cond_uid) { in necp_socket_check_policy()
7782 if (uid != kernel_policy->cond_uid) { in necp_socket_check_policy()
7789 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_TRAFFIC_CLASS) { in necp_socket_check_policy()
7791 kernel_policy->cond_traffic_class.start_tc, kernel_policy->cond_traffic_class.end_tc, 0, in necp_socket_check_policy()
7793 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_TRAFFIC_CLASS) { in necp_socket_check_policy()
7794 if (traffic_class >= kernel_policy->cond_traffic_class.start_tc && in necp_socket_check_policy()
7795 traffic_class <= kernel_policy->cond_traffic_class.end_tc) { in necp_socket_check_policy()
7800 if (traffic_class < kernel_policy->cond_traffic_class.start_tc || in necp_socket_check_policy()
7801 traffic_class > kernel_policy->cond_traffic_class.end_tc) { in necp_socket_check_policy()
7808 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PROTOCOL) { in necp_socket_check_policy()
7809 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
7811 kernel_policy->cond_protocol, protocol); in necp_socket_check_policy()
7812 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_PROTOCOL) { in necp_socket_check_policy()
7813 if (protocol == kernel_policy->cond_protocol) { in necp_socket_check_policy()
7818 if (protocol != kernel_policy->cond_protocol) { in necp_socket_check_policy()
7825 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_AGENT_TYPE) { in necp_socket_check_policy()
7827 kernel_policy->cond_agent_type.agent_domain, kernel_policy->cond_agent_type.agent_type, "n/a", in necp_socket_check_policy()
7832 if ((strlen(kernel_policy->cond_agent_type.agent_domain) == 0 || in necp_socket_check_policy()
7833 …strncmp(required_agent_type->netagent_domain, kernel_policy->cond_agent_type.agent_domain, NETAGEN… in necp_socket_check_policy()
7834 (strlen(kernel_policy->cond_agent_type.agent_type) == 0 || in necp_socket_check_policy()
7835 …strncmp(required_agent_type->netagent_type, kernel_policy->cond_agent_type.agent_type, NETAGENT_TY… in necp_socket_check_policy()
7846 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_NETWORKS) { in necp_socket_check_policy()
7861 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_START) { in necp_socket_check_policy()
7862 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) { in necp_socket_check_policy()
7863 …ruct sockaddr *)local, (struct sockaddr *)&kernel_policy->cond_local_start, (struct sockaddr *)&ke… in necp_socket_check_policy()
7864 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
7865 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_LOCAL_END) { in necp_socket_check_policy()
7874 } else if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_PREFIX) { in necp_socket_check_policy()
7875 …subnet((struct sockaddr *)local, (struct sockaddr *)&kernel_policy->cond_local_start, kernel_polic… in necp_socket_check_policy()
7876 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
7877 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_LOCAL_PREFIX) { in necp_socket_check_policy()
7889 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_START) { in necp_socket_check_policy()
7890 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) { in necp_socket_check_policy()
7891 …uct sockaddr *)remote, (struct sockaddr *)&kernel_policy->cond_remote_start, (struct sockaddr *)&k… in necp_socket_check_policy()
7892 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
7893 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_REMOTE_END) { in necp_socket_check_policy()
7902 } else if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_PREFIX) { in necp_socket_check_policy()
7903 …ubnet((struct sockaddr *)remote, (struct sockaddr *)&kernel_policy->cond_remote_start, kernel_poli… in necp_socket_check_policy()
7904 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
7905 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_REMOTE_PREFIX) { in necp_socket_check_policy()
7917 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_CLIENT_FLAGS) { in necp_socket_check_policy()
7918 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
7920 kernel_policy->cond_client_flags, client_flags); in necp_socket_check_policy()
7921 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_CLIENT_FLAGS) { in necp_socket_check_policy()
7922 if ((client_flags & kernel_policy->cond_client_flags) == kernel_policy->cond_client_flags) { in necp_socket_check_policy()
7927 if ((client_flags & kernel_policy->cond_client_flags) != kernel_policy->cond_client_flags) { in necp_socket_check_policy()
7934 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_EMPTY) { in necp_socket_check_policy()
7936 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
7939 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_LOCAL_EMPTY) { in necp_socket_check_policy()
7950 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_EMPTY) { in necp_socket_check_policy()
7952 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
7955 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_REMOTE_EMPTY) { in necp_socket_check_policy()
7966 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SCHEME_PORT) { in necp_socket_check_policy()
7971 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
7974 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_SCHEME_PORT) { in necp_socket_check_policy()
7975 if (kernel_policy->cond_scheme_port == scheme_port || in necp_socket_check_policy()
7976 kernel_policy->cond_scheme_port == remote_port) { in necp_socket_check_policy()
7980 if (kernel_policy->cond_scheme_port != scheme_port && in necp_socket_check_policy()
7981 kernel_policy->cond_scheme_port != remote_port) { in necp_socket_check_policy()
7987 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PACKET_FILTER_TAGS) { in necp_socket_check_policy()
7988 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
7990 kernel_policy->cond_packet_filter_tags, in necp_socket_check_policy()
7993 if (kernel_policy->cond_packet_filter_tags & NECP_POLICY_CONDITION_PACKET_FILTER_TAG_STACK_DROP) { in necp_socket_check_policy()
7999 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_PACKET_FILTER_TAGS) { in necp_socket_check_policy()
8010 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_IS_LOOPBACK) { in necp_socket_check_policy()
8011 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_IS_LOOPBACK) { in necp_socket_check_policy()
8022 …if (is_delegated && (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_DELEGATE_IS_PLATFORM_BI… in necp_socket_check_policy()
8023 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_DELEGATE_IS_PLATFORM_BINARY) { in necp_socket_check_policy()
8973 necp_ip_output_check_policy(struct necp_kernel_ip_output_policy *kernel_policy, necp_kernel_policy_… in necp_ip_output_check_policy() argument
8975 if (!(kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ALL_INTERFACES)) { in necp_ip_output_check_policy()
8976 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE) { in necp_ip_output_check_policy()
8977 …u_int32_t cond_bound_interface_index = kernel_policy->cond_bound_interface ? kernel_policy->cond_b… in necp_ip_output_check_policy()
8978 …NECP_DATA_TRACE_LOG_CONDITION(debug, "IP", kernel_policy->condition_negated_mask & NECP_KERNEL_CON… in necp_ip_output_check_policy()
8981 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE) { in necp_ip_output_check_policy()
9001 if (kernel_policy->condition_mask == 0) { in necp_ip_output_check_policy()
9005 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_POLICY_ID) { in necp_ip_output_check_policy()
9007 …kernel_policy->result == NECP_KERNEL_POLICY_RESULT_SKIP ? socket_skip_policy_id : socket_policy_id; in necp_ip_output_check_policy()
9010 kernel_policy->cond_policy_id, 0, 0, in necp_ip_output_check_policy()
9012 if (matched_policy_id != kernel_policy->cond_policy_id) { in necp_ip_output_check_policy()
9018 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LAST_INTERFACE) { in necp_ip_output_check_policy()
9021 kernel_policy->cond_last_interface_index, last_interface_index); in necp_ip_output_check_policy()
9022 if (last_interface_index != kernel_policy->cond_last_interface_index) { in necp_ip_output_check_policy()
9027 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PROTOCOL) { in necp_ip_output_check_policy()
9028 …NECP_DATA_TRACE_LOG_CONDITION(debug, "IP", kernel_policy->condition_negated_mask & NECP_KERNEL_CON… in necp_ip_output_check_policy()
9030 kernel_policy->cond_protocol, protocol); in necp_ip_output_check_policy()
9031 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_PROTOCOL) { in necp_ip_output_check_policy()
9032 if (protocol == kernel_policy->cond_protocol) { in necp_ip_output_check_policy()
9037 if (protocol != kernel_policy->cond_protocol) { in necp_ip_output_check_policy()
9044 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_NETWORKS) { in necp_ip_output_check_policy()
9059 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_START) { in necp_ip_output_check_policy()
9060 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) { in necp_ip_output_check_policy()
9061 …ruct sockaddr *)local, (struct sockaddr *)&kernel_policy->cond_local_start, (struct sockaddr *)&ke… in necp_ip_output_check_policy()
9062 …NECP_DATA_TRACE_LOG_CONDITION(debug, "IP", kernel_policy->condition_negated_mask & NECP_KERNEL_CON… in necp_ip_output_check_policy()
9063 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_LOCAL_END) { in necp_ip_output_check_policy()
9072 } else if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_PREFIX) { in necp_ip_output_check_policy()
9073 …subnet((struct sockaddr *)local, (struct sockaddr *)&kernel_policy->cond_local_start, kernel_polic… in necp_ip_output_check_policy()
9074 …NECP_DATA_TRACE_LOG_CONDITION(debug, "IP", kernel_policy->condition_negated_mask & NECP_KERNEL_CON… in necp_ip_output_check_policy()
9075 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_LOCAL_PREFIX) { in necp_ip_output_check_policy()
9087 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_START) { in necp_ip_output_check_policy()
9088 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) { in necp_ip_output_check_policy()
9089 …uct sockaddr *)remote, (struct sockaddr *)&kernel_policy->cond_remote_start, (struct sockaddr *)&k… in necp_ip_output_check_policy()
9090 …NECP_DATA_TRACE_LOG_CONDITION(debug, "IP", kernel_policy->condition_negated_mask & NECP_KERNEL_CON… in necp_ip_output_check_policy()
9091 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_REMOTE_END) { in necp_ip_output_check_policy()
9100 } else if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_PREFIX) { in necp_ip_output_check_policy()
9101 …ubnet((struct sockaddr *)remote, (struct sockaddr *)&kernel_policy->cond_remote_start, kernel_poli… in necp_ip_output_check_policy()
9102 …NECP_DATA_TRACE_LOG_CONDITION(debug, "IP", kernel_policy->condition_negated_mask & NECP_KERNEL_CON… in necp_ip_output_check_policy()
9103 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_REMOTE_PREFIX) { in necp_ip_output_check_policy()
9115 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SCHEME_PORT) { in necp_ip_output_check_policy()
9120 …NECP_DATA_TRACE_LOG_CONDITION(debug, "IP", kernel_policy->condition_negated_mask & NECP_KERNEL_CON… in necp_ip_output_check_policy()
9123 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_SCHEME_PORT) { in necp_ip_output_check_policy()
9124 if (kernel_policy->cond_scheme_port == remote_port) { in necp_ip_output_check_policy()
9128 if (kernel_policy->cond_scheme_port != remote_port) { in necp_ip_output_check_policy()
9134 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PACKET_FILTER_TAGS) { in necp_ip_output_check_policy()
9136 …NECP_DATA_TRACE_LOG_CONDITION(debug, "IP", kernel_policy->condition_negated_mask & NECP_KERNEL_CON… in necp_ip_output_check_policy()
9138 kernel_policy->cond_packet_filter_tags, pf_tag); in necp_ip_output_check_policy()
9139 if (kernel_policy->cond_packet_filter_tags & NECP_POLICY_CONDITION_PACKET_FILTER_TAG_STACK_DROP) { in necp_ip_output_check_policy()
9144 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_PACKET_FILTER_TAGS) { in necp_ip_output_check_policy()