Lines Matching refs:kernel_policy
4438 struct necp_kernel_socket_policy *kernel_policy = NULL; in necp_kernel_socket_policy_find() local
4445 LIST_FOREACH_SAFE(kernel_policy, &necp_kernel_socket_policies, chain, tmp_kernel_policy) { in necp_kernel_socket_policy_find()
4446 if (kernel_policy->id == policy_id) { in necp_kernel_socket_policy_find()
4447 return kernel_policy; in necp_kernel_socket_policy_find()
4946 struct necp_kernel_socket_policy *kernel_policy = NULL; in necp_kernel_socket_policies_reprocess() local
4978 LIST_FOREACH(kernel_policy, &necp_kernel_socket_policies, chain) { in necp_kernel_socket_policies_reprocess()
4980 necp_kernel_application_policies_condition_mask |= kernel_policy->condition_mask; in necp_kernel_socket_policies_reprocess()
4984 if ((kernel_policy->condition_mask & NECP_KERNEL_CONDITION_AGENT_TYPE)) { in necp_kernel_socket_policies_reprocess()
4990 necp_kernel_socket_policies_condition_mask |= kernel_policy->condition_mask; in necp_kernel_socket_policies_reprocess()
4993 if (!(kernel_policy->condition_mask & NECP_KERNEL_CONDITION_APP_ID) || in necp_kernel_socket_policies_reprocess()
4994 kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_APP_ID) { in necp_kernel_socket_policies_reprocess()
5000 …necp_kernel_socket_policies_map_counts[NECP_SOCKET_MAP_APP_ID_TO_BUCKET(kernel_policy->cond_app_id… in necp_kernel_socket_policies_reprocess()
5023 LIST_FOREACH(kernel_policy, &necp_kernel_socket_policies, chain) { in necp_kernel_socket_policies_reprocess()
5025 …if (!necp_dedup_policies || !necp_kernel_socket_policy_is_unnecessary(kernel_policy, necp_kernel_s… in necp_kernel_socket_policies_reprocess()
5026 necp_kernel_socket_policies_app_layer_map[app_layer_current_free_index] = kernel_policy; in necp_kernel_socket_policies_reprocess()
5031 if ((kernel_policy->condition_mask & NECP_KERNEL_CONDITION_AGENT_TYPE)) { in necp_kernel_socket_policies_reprocess()
5037 if (!(kernel_policy->condition_mask & NECP_KERNEL_CONDITION_APP_ID) || in necp_kernel_socket_policies_reprocess()
5038 kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_APP_ID) { in necp_kernel_socket_policies_reprocess()
5040 …if (!necp_dedup_policies || !necp_kernel_socket_policy_is_unnecessary(kernel_policy, necp_kernel_s… in necp_kernel_socket_policies_reprocess()
5041 (necp_kernel_socket_policies_map[app_i])[(bucket_current_free_index[app_i])] = kernel_policy; in necp_kernel_socket_policies_reprocess()
5047 app_i = NECP_SOCKET_MAP_APP_ID_TO_BUCKET(kernel_policy->cond_app_id); in necp_kernel_socket_policies_reprocess()
5048 …if (!necp_dedup_policies || !necp_kernel_socket_policy_is_unnecessary(kernel_policy, necp_kernel_s… in necp_kernel_socket_policies_reprocess()
5049 (necp_kernel_socket_policies_map[app_i])[(bucket_current_free_index[app_i])] = kernel_policy; in necp_kernel_socket_policies_reprocess()
6112 struct necp_kernel_ip_output_policy *kernel_policy = NULL; in necp_kernel_ip_output_policy_find() local
6119 LIST_FOREACH_SAFE(kernel_policy, &necp_kernel_ip_output_policies, chain, tmp_kernel_policy) { in necp_kernel_ip_output_policy_find()
6120 if (kernel_policy->id == policy_id) { in necp_kernel_ip_output_policy_find()
6121 return kernel_policy; in necp_kernel_ip_output_policy_find()
6323 struct necp_kernel_ip_output_policy *kernel_policy = NULL; in necp_kernel_ip_output_policies_reprocess() local
6344 LIST_FOREACH(kernel_policy, &necp_kernel_ip_output_policies, chain) { in necp_kernel_ip_output_policies_reprocess()
6346 necp_kernel_ip_output_policies_condition_mask |= kernel_policy->condition_mask; in necp_kernel_ip_output_policies_reprocess()
6353 if (!(kernel_policy->condition_mask & NECP_KERNEL_CONDITION_POLICY_ID) || in necp_kernel_ip_output_policies_reprocess()
6354 (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_NETWORKS) || in necp_kernel_ip_output_policies_reprocess()
6355 kernel_policy->result == NECP_KERNEL_POLICY_RESULT_SKIP) { in necp_kernel_ip_output_policies_reprocess()
6360 if (!(kernel_policy->condition_mask & NECP_KERNEL_CONDITION_POLICY_ID)) { in necp_kernel_ip_output_policies_reprocess()
6363 …necp_kernel_ip_output_policies_map_counts[NECP_IP_OUTPUT_MAP_ID_TO_BUCKET(kernel_policy->cond_poli… in necp_kernel_ip_output_policies_reprocess()
6379 LIST_FOREACH(kernel_policy, &necp_kernel_ip_output_policies, chain) { in necp_kernel_ip_output_policies_reprocess()
6381 if (!(kernel_policy->condition_mask & NECP_KERNEL_CONDITION_POLICY_ID) || in necp_kernel_ip_output_policies_reprocess()
6382 (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_NETWORKS) || in necp_kernel_ip_output_policies_reprocess()
6383 kernel_policy->result == NECP_KERNEL_POLICY_RESULT_SKIP) { in necp_kernel_ip_output_policies_reprocess()
6385 …if (!necp_dedup_policies || !necp_kernel_ip_output_policy_is_unnecessary(kernel_policy, necp_kerne… in necp_kernel_ip_output_policies_reprocess()
6386 (necp_kernel_ip_output_policies_map[i])[(bucket_current_free_index[i])] = kernel_policy; in necp_kernel_ip_output_policies_reprocess()
6392 i = NECP_IP_OUTPUT_MAP_ID_TO_BUCKET(kernel_policy->cond_policy_id); in necp_kernel_ip_output_policies_reprocess()
6393 …if (!necp_dedup_policies || !necp_kernel_ip_output_policy_is_unnecessary(kernel_policy, necp_kerne… in necp_kernel_ip_output_policies_reprocess()
6394 (necp_kernel_ip_output_policies_map[i])[(bucket_current_free_index[i])] = kernel_policy; in necp_kernel_ip_output_policies_reprocess()
7900 necp_socket_check_policy(struct necp_kernel_socket_policy *kernel_policy, necp_app_id app_id, necp_… in necp_socket_check_policy() argument
7902 if (!(kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ALL_INTERFACES)) { in necp_socket_check_policy()
7903 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE) { in necp_socket_check_policy()
7904 …u_int32_t cond_bound_interface_index = kernel_policy->cond_bound_interface ? kernel_policy->cond_b… in necp_socket_check_policy()
7905 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
7907 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE) { in necp_socket_check_policy()
7927 if (kernel_policy->condition_mask == 0) { in necp_socket_check_policy()
7931 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_APP_ID) { in necp_socket_check_policy()
7932 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
7933 "NECP_KERNEL_CONDITION_APP_ID", kernel_policy->cond_app_id, app_id); in necp_socket_check_policy()
7934 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_APP_ID) { in necp_socket_check_policy()
7935 if (app_id == kernel_policy->cond_app_id) { in necp_socket_check_policy()
7940 if (app_id != kernel_policy->cond_app_id) { in necp_socket_check_policy()
7947 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_SIGNING_IDENTIFIER || in necp_socket_check_policy()
7948 kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SIGNING_IDENTIFIER) { in necp_socket_check_policy()
7951 …NECP_DATA_TRACE_LOG_CONDITION_STR(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KE… in necp_socket_check_policy()
7953 kernel_policy->cond_signing_identifier ? kernel_policy->cond_signing_identifier : "<n/a>", in necp_socket_check_policy()
7957 if (memcmp(signing_id, kernel_policy->cond_signing_identifier, signing_id_size) == 0) { in necp_socket_check_policy()
7962 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_SIGNING_IDENTIFIER) { in necp_socket_check_policy()
7974 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REAL_APP_ID) { in necp_socket_check_policy()
7975 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
7977 kernel_policy->cond_real_app_id, real_app_id); in necp_socket_check_policy()
7978 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_REAL_APP_ID) { in necp_socket_check_policy()
7979 if (real_app_id == kernel_policy->cond_real_app_id) { in necp_socket_check_policy()
7984 if (real_app_id != kernel_policy->cond_real_app_id) { in necp_socket_check_policy()
7991 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_HAS_CLIENT) { in necp_socket_check_policy()
7998 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ENTITLEMENT) { in necp_socket_check_policy()
8006 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PLATFORM_BINARY) { in necp_socket_check_policy()
8014 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SYSTEM_SIGNED_RESULT) { in necp_socket_check_policy()
8022 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SDK_VERSION) { in necp_socket_check_policy()
8025 kernel_policy->cond_sdk_version.platform, in necp_socket_check_policy()
8026 kernel_policy->cond_sdk_version.min_version, in necp_socket_check_policy()
8027 kernel_policy->cond_sdk_version.version, in necp_socket_check_policy()
8031 if (kernel_policy->cond_sdk_version.platform != 0) { in necp_socket_check_policy()
8032 if (kernel_policy->cond_sdk_version.platform != proc_platform(proc)) { in necp_socket_check_policy()
8038 if (kernel_policy->cond_sdk_version.min_version != 0) { in necp_socket_check_policy()
8039 if (kernel_policy->cond_sdk_version.min_version > proc_min_sdk(proc)) { in necp_socket_check_policy()
8045 if (kernel_policy->cond_sdk_version.version != 0) { in necp_socket_check_policy()
8046 if (kernel_policy->cond_sdk_version.version > proc_sdk(proc)) { in necp_socket_check_policy()
8054 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_CUSTOM_ENTITLEMENT) { in necp_socket_check_policy()
8055 …, "SOCKET", false, "NECP_KERNEL_CONDITION_CUSTOM_ENTITLEMENT", "n/a", kernel_policy->cond_custom_e… in necp_socket_check_policy()
8056 if (kernel_policy->cond_custom_entitlement != NULL) { in necp_socket_check_policy()
8063 !IOTaskHasEntitlement(task, kernel_policy->cond_custom_entitlement)) { in necp_socket_check_policy()
8070 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_EXACT_DOMAIN) { in necp_socket_check_policy()
8071 …NECP_DATA_TRACE_LOG_CONDITION_STR(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KE… in necp_socket_check_policy()
8072 "NECP_KERNEL_CONDITION_EXACT_DOMAIN", kernel_policy->cond_domain, domain.string); in necp_socket_check_policy()
8074 bool domain_matches = (domain_dot_count == kernel_policy->cond_domain_dot_count && in necp_socket_check_policy()
8075 …necp_hostname_matches_domain(domain, domain_dot_count, kernel_policy->cond_domain, kernel_policy->… in necp_socket_check_policy()
8076 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_EXACT_DOMAIN) { in necp_socket_check_policy()
8087 } else if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_DOMAIN) { in necp_socket_check_policy()
8088 …NECP_DATA_TRACE_LOG_CONDITION_STR(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KE… in necp_socket_check_policy()
8089 "NECP_KERNEL_CONDITION_DOMAIN", kernel_policy->cond_domain, domain.string); in necp_socket_check_policy()
8090 … necp_hostname_matches_domain(domain, domain_dot_count, kernel_policy->cond_domain, kernel_policy-… in necp_socket_check_policy()
8091 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_DOMAIN) { in necp_socket_check_policy()
8104 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_DOMAIN_FILTER) { in necp_socket_check_policy()
8105 … *filter = necp_lookup_domain_filter(&necp_global_domain_filter_list, kernel_policy->cond_domain_f… in necp_socket_check_policy()
8108 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_DOMAIN_FILTER) { in necp_socket_check_policy()
8122 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ACCOUNT_ID) { in necp_socket_check_policy()
8123 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
8125 kernel_policy->cond_account_id, account_id); in necp_socket_check_policy()
8126 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_ACCOUNT_ID) { in necp_socket_check_policy()
8127 if (account_id == kernel_policy->cond_account_id) { in necp_socket_check_policy()
8132 if (account_id != kernel_policy->cond_account_id) { in necp_socket_check_policy()
8139 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PID) { in necp_socket_check_policy()
8140 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
8142 kernel_policy->cond_pid, pid); in necp_socket_check_policy()
8143 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_PID) { in necp_socket_check_policy()
8144 if (pid == kernel_policy->cond_pid) { in necp_socket_check_policy()
8148 if (kernel_policy->cond_pid_version != 0 && pid_version == kernel_policy->cond_pid_version) { in necp_socket_check_policy()
8152 if (pid != kernel_policy->cond_pid) { in necp_socket_check_policy()
8156 if (kernel_policy->cond_pid_version != 0 && pid_version != kernel_policy->cond_pid_version) { in necp_socket_check_policy()
8162 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_UID) { in necp_socket_check_policy()
8163 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
8165 kernel_policy->cond_uid, uid); in necp_socket_check_policy()
8166 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_UID) { in necp_socket_check_policy()
8167 if (uid == kernel_policy->cond_uid) { in necp_socket_check_policy()
8172 if (uid != kernel_policy->cond_uid) { in necp_socket_check_policy()
8179 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_TRAFFIC_CLASS) { in necp_socket_check_policy()
8181 kernel_policy->cond_traffic_class.start_tc, kernel_policy->cond_traffic_class.end_tc, 0, in necp_socket_check_policy()
8183 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_TRAFFIC_CLASS) { in necp_socket_check_policy()
8184 if (traffic_class >= kernel_policy->cond_traffic_class.start_tc && in necp_socket_check_policy()
8185 traffic_class <= kernel_policy->cond_traffic_class.end_tc) { in necp_socket_check_policy()
8190 if (traffic_class < kernel_policy->cond_traffic_class.start_tc || in necp_socket_check_policy()
8191 traffic_class > kernel_policy->cond_traffic_class.end_tc) { in necp_socket_check_policy()
8198 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PROTOCOL) { in necp_socket_check_policy()
8199 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
8201 kernel_policy->cond_protocol, protocol); in necp_socket_check_policy()
8202 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_PROTOCOL) { in necp_socket_check_policy()
8203 if (protocol == kernel_policy->cond_protocol) { in necp_socket_check_policy()
8208 if (protocol != kernel_policy->cond_protocol) { in necp_socket_check_policy()
8215 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_AGENT_TYPE) { in necp_socket_check_policy()
8217 kernel_policy->cond_agent_type.agent_domain, kernel_policy->cond_agent_type.agent_type, "n/a", in necp_socket_check_policy()
8222 if ((strlen(kernel_policy->cond_agent_type.agent_domain) == 0 || in necp_socket_check_policy()
8223 …strncmp(required_agent_type->netagent_domain, kernel_policy->cond_agent_type.agent_domain, NETAGEN… in necp_socket_check_policy()
8224 (strlen(kernel_policy->cond_agent_type.agent_type) == 0 || in necp_socket_check_policy()
8225 …strncmp(required_agent_type->netagent_type, kernel_policy->cond_agent_type.agent_type, NETAGENT_TY… in necp_socket_check_policy()
8236 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_NETWORKS) { in necp_socket_check_policy()
8251 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_START) { in necp_socket_check_policy()
8252 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) { in necp_socket_check_policy()
8253 …ruct sockaddr *)local, (struct sockaddr *)&kernel_policy->cond_local_start, (struct sockaddr *)&ke… in necp_socket_check_policy()
8254 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
8255 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_LOCAL_END) { in necp_socket_check_policy()
8264 } else if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_PREFIX) { in necp_socket_check_policy()
8265 …subnet((struct sockaddr *)local, (struct sockaddr *)&kernel_policy->cond_local_start, kernel_polic… in necp_socket_check_policy()
8266 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
8267 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_LOCAL_PREFIX) { in necp_socket_check_policy()
8279 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_START) { in necp_socket_check_policy()
8280 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) { in necp_socket_check_policy()
8281 …uct sockaddr *)remote, (struct sockaddr *)&kernel_policy->cond_remote_start, (struct sockaddr *)&k… in necp_socket_check_policy()
8282 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
8283 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_REMOTE_END) { in necp_socket_check_policy()
8292 } else if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_PREFIX) { in necp_socket_check_policy()
8293 …ubnet((struct sockaddr *)remote, (struct sockaddr *)&kernel_policy->cond_remote_start, kernel_poli… in necp_socket_check_policy()
8294 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
8295 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_REMOTE_PREFIX) { in necp_socket_check_policy()
8307 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_CLIENT_FLAGS) { in necp_socket_check_policy()
8308 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
8310 kernel_policy->cond_client_flags, client_flags); in necp_socket_check_policy()
8311 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_CLIENT_FLAGS) { in necp_socket_check_policy()
8312 if ((client_flags & kernel_policy->cond_client_flags) == kernel_policy->cond_client_flags) { in necp_socket_check_policy()
8317 if ((client_flags & kernel_policy->cond_client_flags) != kernel_policy->cond_client_flags) { in necp_socket_check_policy()
8324 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_EMPTY) { in necp_socket_check_policy()
8326 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
8329 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_LOCAL_EMPTY) { in necp_socket_check_policy()
8340 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_EMPTY) { in necp_socket_check_policy()
8342 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
8345 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_REMOTE_EMPTY) { in necp_socket_check_policy()
8356 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SCHEME_PORT) { in necp_socket_check_policy()
8361 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
8364 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_SCHEME_PORT) { in necp_socket_check_policy()
8365 if (kernel_policy->cond_scheme_port == scheme_port || in necp_socket_check_policy()
8366 kernel_policy->cond_scheme_port == remote_port) { in necp_socket_check_policy()
8370 if (kernel_policy->cond_scheme_port != scheme_port && in necp_socket_check_policy()
8371 kernel_policy->cond_scheme_port != remote_port) { in necp_socket_check_policy()
8377 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PACKET_FILTER_TAGS) { in necp_socket_check_policy()
8378 …NECP_DATA_TRACE_LOG_CONDITION(debug, "SOCKET", kernel_policy->condition_negated_mask & NECP_KERNEL… in necp_socket_check_policy()
8380 kernel_policy->cond_packet_filter_tags, in necp_socket_check_policy()
8383 if (kernel_policy->cond_packet_filter_tags & NECP_POLICY_CONDITION_PACKET_FILTER_TAG_STACK_DROP) { in necp_socket_check_policy()
8389 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_PACKET_FILTER_TAGS) { in necp_socket_check_policy()
8400 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_IS_LOOPBACK) { in necp_socket_check_policy()
8401 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_IS_LOOPBACK) { in necp_socket_check_policy()
8412 …if (is_delegated && (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_DELEGATE_IS_PLATFORM_BI… in necp_socket_check_policy()
8413 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_DELEGATE_IS_PLATFORM_BINARY) { in necp_socket_check_policy()
9334 necp_ip_output_check_policy(struct necp_kernel_ip_output_policy *kernel_policy, necp_kernel_policy_… in necp_ip_output_check_policy() argument
9336 if (!(kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ALL_INTERFACES)) { in necp_ip_output_check_policy()
9337 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE) { in necp_ip_output_check_policy()
9338 …u_int32_t cond_bound_interface_index = kernel_policy->cond_bound_interface ? kernel_policy->cond_b… in necp_ip_output_check_policy()
9339 …NECP_DATA_TRACE_LOG_CONDITION(debug, "IP", kernel_policy->condition_negated_mask & NECP_KERNEL_CON… in necp_ip_output_check_policy()
9342 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE) { in necp_ip_output_check_policy()
9362 if (kernel_policy->condition_mask == 0) { in necp_ip_output_check_policy()
9366 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_POLICY_ID) { in necp_ip_output_check_policy()
9368 …kernel_policy->result == NECP_KERNEL_POLICY_RESULT_SKIP ? socket_skip_policy_id : socket_policy_id; in necp_ip_output_check_policy()
9371 kernel_policy->cond_policy_id, 0, 0, in necp_ip_output_check_policy()
9373 if (matched_policy_id != kernel_policy->cond_policy_id) { in necp_ip_output_check_policy()
9379 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LAST_INTERFACE) { in necp_ip_output_check_policy()
9382 kernel_policy->cond_last_interface_index, last_interface_index); in necp_ip_output_check_policy()
9383 if (last_interface_index != kernel_policy->cond_last_interface_index) { in necp_ip_output_check_policy()
9388 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PROTOCOL) { in necp_ip_output_check_policy()
9389 …NECP_DATA_TRACE_LOG_CONDITION(debug, "IP", kernel_policy->condition_negated_mask & NECP_KERNEL_CON… in necp_ip_output_check_policy()
9391 kernel_policy->cond_protocol, protocol); in necp_ip_output_check_policy()
9392 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_PROTOCOL) { in necp_ip_output_check_policy()
9393 if (protocol == kernel_policy->cond_protocol) { in necp_ip_output_check_policy()
9398 if (protocol != kernel_policy->cond_protocol) { in necp_ip_output_check_policy()
9405 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_NETWORKS) { in necp_ip_output_check_policy()
9420 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_START) { in necp_ip_output_check_policy()
9421 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) { in necp_ip_output_check_policy()
9422 …ruct sockaddr *)local, (struct sockaddr *)&kernel_policy->cond_local_start, (struct sockaddr *)&ke… in necp_ip_output_check_policy()
9423 …NECP_DATA_TRACE_LOG_CONDITION(debug, "IP", kernel_policy->condition_negated_mask & NECP_KERNEL_CON… in necp_ip_output_check_policy()
9424 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_LOCAL_END) { in necp_ip_output_check_policy()
9433 } else if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_PREFIX) { in necp_ip_output_check_policy()
9434 …subnet((struct sockaddr *)local, (struct sockaddr *)&kernel_policy->cond_local_start, kernel_polic… in necp_ip_output_check_policy()
9435 …NECP_DATA_TRACE_LOG_CONDITION(debug, "IP", kernel_policy->condition_negated_mask & NECP_KERNEL_CON… in necp_ip_output_check_policy()
9436 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_LOCAL_PREFIX) { in necp_ip_output_check_policy()
9448 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_START) { in necp_ip_output_check_policy()
9449 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) { in necp_ip_output_check_policy()
9450 …uct sockaddr *)remote, (struct sockaddr *)&kernel_policy->cond_remote_start, (struct sockaddr *)&k… in necp_ip_output_check_policy()
9451 …NECP_DATA_TRACE_LOG_CONDITION(debug, "IP", kernel_policy->condition_negated_mask & NECP_KERNEL_CON… in necp_ip_output_check_policy()
9452 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_REMOTE_END) { in necp_ip_output_check_policy()
9461 } else if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_PREFIX) { in necp_ip_output_check_policy()
9462 …ubnet((struct sockaddr *)remote, (struct sockaddr *)&kernel_policy->cond_remote_start, kernel_poli… in necp_ip_output_check_policy()
9463 …NECP_DATA_TRACE_LOG_CONDITION(debug, "IP", kernel_policy->condition_negated_mask & NECP_KERNEL_CON… in necp_ip_output_check_policy()
9464 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_REMOTE_PREFIX) { in necp_ip_output_check_policy()
9476 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SCHEME_PORT) { in necp_ip_output_check_policy()
9481 …NECP_DATA_TRACE_LOG_CONDITION(debug, "IP", kernel_policy->condition_negated_mask & NECP_KERNEL_CON… in necp_ip_output_check_policy()
9484 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_SCHEME_PORT) { in necp_ip_output_check_policy()
9485 if (kernel_policy->cond_scheme_port == remote_port) { in necp_ip_output_check_policy()
9489 if (kernel_policy->cond_scheme_port != remote_port) { in necp_ip_output_check_policy()
9495 if (kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PACKET_FILTER_TAGS) { in necp_ip_output_check_policy()
9497 …NECP_DATA_TRACE_LOG_CONDITION(debug, "IP", kernel_policy->condition_negated_mask & NECP_KERNEL_CON… in necp_ip_output_check_policy()
9499 kernel_policy->cond_packet_filter_tags, pf_tag); in necp_ip_output_check_policy()
9500 if (kernel_policy->cond_packet_filter_tags & NECP_POLICY_CONDITION_PACKET_FILTER_TAG_STACK_DROP) { in necp_ip_output_check_policy()
9505 if (kernel_policy->condition_negated_mask & NECP_KERNEL_CONDITION_PACKET_FILTER_TAGS) { in necp_ip_output_check_policy()