4319 	struct necp_kernel_socket_policy *new_kernel_policy = NULL;  in necp_kernel_socket_policy_add()  local
4322 	new_kernel_policy = zalloc_flags(necp_socket_policy_zone, Z_WAITOK | Z_ZERO);  in necp_kernel_socket_policy_add()
4324 	new_kernel_policy->id = necp_kernel_policy_get_new_id(true);  in necp_kernel_socket_policy_add()
4325 	new_kernel_policy->order = order;  in necp_kernel_socket_policy_add()
4326 	new_kernel_policy->session_order = session_order;  in necp_kernel_socket_policy_add()
4327 	new_kernel_policy->session_pid = session_pid;  in necp_kernel_socket_policy_add()
4330 	new_kernel_policy->condition_mask = (condition_mask & NECP_KERNEL_VALID_SOCKET_CONDITIONS);  in necp_kernel_socket_policy_add()
4331 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ALL_INTERFACES) && (new_kernel_poli…  in necp_kernel_socket_policy_add()
4332 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_BOUND_INTERFACE;  in necp_kernel_socket_policy_add()
4334 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REAL_APP_ID) && !(new_kernel_policy…  in necp_kernel_socket_policy_add()
4335 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_REAL_APP_ID;  in necp_kernel_socket_policy_add()
4337 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) && (new_kernel_policy->c…  in necp_kernel_socket_policy_add()
4338 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_LOCAL_PREFIX;  in necp_kernel_socket_policy_add()
4340 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) && (new_kernel_policy->…  in necp_kernel_socket_policy_add()
4341 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_REMOTE_PREFIX;  in necp_kernel_socket_policy_add()
4343 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_EMPTY) {  in necp_kernel_socket_policy_add()
4344 …new_kernel_policy->condition_mask &= ~(NECP_KERNEL_CONDITION_LOCAL_PREFIX | NECP_KERNEL_CONDITION_…  in necp_kernel_socket_policy_add()
4346 	if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_EMPTY)) {  in necp_kernel_socket_policy_add()
4347 …new_kernel_policy->condition_mask &= ~(NECP_KERNEL_CONDITION_REMOTE_PREFIX | NECP_KERNEL_CONDITION…  in necp_kernel_socket_policy_add()
4349 …new_kernel_policy->condition_negated_mask = condition_negated_mask & new_kernel_policy->condition_…  in necp_kernel_socket_policy_add()
4352 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_APP_ID) {  in necp_kernel_socket_policy_add()
4353 		new_kernel_policy->cond_app_id = cond_app_id;  in necp_kernel_socket_policy_add()
4355 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REAL_APP_ID) {  in necp_kernel_socket_policy_add()
4356 		new_kernel_policy->cond_real_app_id = cond_real_app_id;  in necp_kernel_socket_policy_add()
4358 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_CUSTOM_ENTITLEMENT) {  in necp_kernel_socket_policy_add()
4359 		new_kernel_policy->cond_custom_entitlement = cond_custom_entitlement;  in necp_kernel_socket_policy_add()
4361 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ACCOUNT_ID) {  in necp_kernel_socket_policy_add()
4362 		new_kernel_policy->cond_account_id = cond_account_id;  in necp_kernel_socket_policy_add()
4364 	if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_DOMAIN) ||  in necp_kernel_socket_policy_add()
4365 	    (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_EXACT_DOMAIN)) {  in necp_kernel_socket_policy_add()
4366 		new_kernel_policy->cond_domain = cond_domain;  in necp_kernel_socket_policy_add()
4367 		new_kernel_policy->cond_domain_dot_count = necp_count_dots(cond_domain, strlen(cond_domain));  in necp_kernel_socket_policy_add()
4369 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_DOMAIN_FILTER) {  in necp_kernel_socket_policy_add()
4370 		new_kernel_policy->cond_domain_filter = cond_domain_filter;  in necp_kernel_socket_policy_add()
4372 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PID) {  in necp_kernel_socket_policy_add()
4373 		new_kernel_policy->cond_pid = cond_pid;  in necp_kernel_socket_policy_add()
4374 		new_kernel_policy->cond_pid_version = cond_pid_version;  in necp_kernel_socket_policy_add()
4376 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_UID) {  in necp_kernel_socket_policy_add()
4377 		new_kernel_policy->cond_uid = cond_uid;  in necp_kernel_socket_policy_add()
4379 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE) {  in necp_kernel_socket_policy_add()
4383 		new_kernel_policy->cond_bound_interface = cond_bound_interface;  in necp_kernel_socket_policy_add()
4385 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_TRAFFIC_CLASS) {  in necp_kernel_socket_policy_add()
4386 		new_kernel_policy->cond_traffic_class = cond_traffic_class;  in necp_kernel_socket_policy_add()
4388 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PROTOCOL) {  in necp_kernel_socket_policy_add()
4389 		new_kernel_policy->cond_protocol = cond_protocol;  in necp_kernel_socket_policy_add()
4391 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_START) {  in necp_kernel_socket_policy_add()
4392 		memcpy(&new_kernel_policy->cond_local_start, cond_local_start, cond_local_start->sa.sa_len);  in necp_kernel_socket_policy_add()
4394 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) {  in necp_kernel_socket_policy_add()
4395 		memcpy(&new_kernel_policy->cond_local_end, cond_local_end, cond_local_end->sa.sa_len);  in necp_kernel_socket_policy_add()
4397 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_PREFIX) {  in necp_kernel_socket_policy_add()
4398 		new_kernel_policy->cond_local_prefix = cond_local_prefix;  in necp_kernel_socket_policy_add()
4400 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_START) {  in necp_kernel_socket_policy_add()
4401 		memcpy(&new_kernel_policy->cond_remote_start, cond_remote_start, cond_remote_start->sa.sa_len);  in necp_kernel_socket_policy_add()
4403 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) {  in necp_kernel_socket_policy_add()
4404 		memcpy(&new_kernel_policy->cond_remote_end, cond_remote_end, cond_remote_end->sa.sa_len);  in necp_kernel_socket_policy_add()
4406 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_PREFIX) {  in necp_kernel_socket_policy_add()
4407 		new_kernel_policy->cond_remote_prefix = cond_remote_prefix;  in necp_kernel_socket_policy_add()
4409 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_AGENT_TYPE) {  in necp_kernel_socket_policy_add()
4410 		memcpy(&new_kernel_policy->cond_agent_type, cond_agent_type, sizeof(*cond_agent_type));  in necp_kernel_socket_policy_add()
4412 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SDK_VERSION) {  in necp_kernel_socket_policy_add()
4413 		memcpy(&new_kernel_policy->cond_sdk_version, cond_sdk_version, sizeof(*cond_sdk_version));  in necp_kernel_socket_policy_add()
4415 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_CLIENT_FLAGS) {  in necp_kernel_socket_policy_add()
4416 		new_kernel_policy->cond_client_flags = cond_client_flags;  in necp_kernel_socket_policy_add()
4418 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SIGNING_IDENTIFIER) {  in necp_kernel_socket_policy_add()
4419 		new_kernel_policy->cond_signing_identifier = cond_signing_identifier;  in necp_kernel_socket_policy_add()
4421 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PACKET_FILTER_TAGS) {  in necp_kernel_socket_policy_add()
4422 		new_kernel_policy->cond_packet_filter_tags = cond_packet_filter_tags;  in necp_kernel_socket_policy_add()
4424 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SCHEME_PORT) {  in necp_kernel_socket_policy_add()
4425 		new_kernel_policy->cond_scheme_port = cond_scheme_port;  in necp_kernel_socket_policy_add()
4428 	new_kernel_policy->result = result;  in necp_kernel_socket_policy_add()
4429 	memcpy(&new_kernel_policy->result_parameter, &result_parameter, sizeof(result_parameter));  in necp_kernel_socket_policy_add()
4432 …BUG, "Added kernel policy: socket, id=%d, mask=%llx\n", new_kernel_policy->id, new_kernel_policy->…  in necp_kernel_socket_policy_add()
4434 …LIST_INSERT_SORTED_TWICE_ASCENDING(&necp_kernel_socket_policies, new_kernel_policy, chain, session…  in necp_kernel_socket_policy_add()
4436 	return new_kernel_policy ? new_kernel_policy->id : 0;  in necp_kernel_socket_policy_add()
6047 	struct necp_kernel_ip_output_policy *new_kernel_policy = NULL;  in necp_kernel_ip_output_policy_add()  local
6050 	new_kernel_policy = zalloc_flags(necp_ip_policy_zone, Z_WAITOK | Z_ZERO);  in necp_kernel_ip_output_policy_add()
6051 	new_kernel_policy->id = necp_kernel_policy_get_new_id(false);  in necp_kernel_ip_output_policy_add()
6052 	new_kernel_policy->suborder = suborder;  in necp_kernel_ip_output_policy_add()
6053 	new_kernel_policy->order = order;  in necp_kernel_ip_output_policy_add()
6054 	new_kernel_policy->session_order = session_order;  in necp_kernel_ip_output_policy_add()
6055 	new_kernel_policy->session_pid = session_pid;  in necp_kernel_ip_output_policy_add()
6058 	new_kernel_policy->condition_mask = (condition_mask & NECP_KERNEL_VALID_IP_OUTPUT_CONDITIONS);  in necp_kernel_ip_output_policy_add()
6059 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ALL_INTERFACES) && (new_kernel_poli…  in necp_kernel_ip_output_policy_add()
6060 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_BOUND_INTERFACE;  in necp_kernel_ip_output_policy_add()
6062 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) && (new_kernel_policy->c…  in necp_kernel_ip_output_policy_add()
6063 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_LOCAL_PREFIX;  in necp_kernel_ip_output_policy_add()
6065 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) && (new_kernel_policy->…  in necp_kernel_ip_output_policy_add()
6066 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_REMOTE_PREFIX;  in necp_kernel_ip_output_policy_add()
6068 …new_kernel_policy->condition_negated_mask = condition_negated_mask & new_kernel_policy->condition_…  in necp_kernel_ip_output_policy_add()
6071 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_POLICY_ID) {  in necp_kernel_ip_output_policy_add()
6072 		new_kernel_policy->cond_policy_id = cond_policy_id;  in necp_kernel_ip_output_policy_add()
6074 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE) {  in necp_kernel_ip_output_policy_add()
6078 		new_kernel_policy->cond_bound_interface = cond_bound_interface;  in necp_kernel_ip_output_policy_add()
6080 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LAST_INTERFACE) {  in necp_kernel_ip_output_policy_add()
6081 		new_kernel_policy->cond_last_interface_index = cond_last_interface_index;  in necp_kernel_ip_output_policy_add()
6083 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PROTOCOL) {  in necp_kernel_ip_output_policy_add()
6084 		new_kernel_policy->cond_protocol = cond_protocol;  in necp_kernel_ip_output_policy_add()
6086 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_START) {  in necp_kernel_ip_output_policy_add()
6087 		memcpy(&new_kernel_policy->cond_local_start, cond_local_start, cond_local_start->sa.sa_len);  in necp_kernel_ip_output_policy_add()
6089 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) {  in necp_kernel_ip_output_policy_add()
6090 		memcpy(&new_kernel_policy->cond_local_end, cond_local_end, cond_local_end->sa.sa_len);  in necp_kernel_ip_output_policy_add()
6092 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_PREFIX) {  in necp_kernel_ip_output_policy_add()
6093 		new_kernel_policy->cond_local_prefix = cond_local_prefix;  in necp_kernel_ip_output_policy_add()
6095 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_START) {  in necp_kernel_ip_output_policy_add()
6096 		memcpy(&new_kernel_policy->cond_remote_start, cond_remote_start, cond_remote_start->sa.sa_len);  in necp_kernel_ip_output_policy_add()
6098 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) {  in necp_kernel_ip_output_policy_add()
6099 		memcpy(&new_kernel_policy->cond_remote_end, cond_remote_end, cond_remote_end->sa.sa_len);  in necp_kernel_ip_output_policy_add()
6101 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_PREFIX) {  in necp_kernel_ip_output_policy_add()
6102 		new_kernel_policy->cond_remote_prefix = cond_remote_prefix;  in necp_kernel_ip_output_policy_add()
6104 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PACKET_FILTER_TAGS) {  in necp_kernel_ip_output_policy_add()
6105 		new_kernel_policy->cond_packet_filter_tags = cond_packet_filter_tags;  in necp_kernel_ip_output_policy_add()
6107 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SCHEME_PORT) {  in necp_kernel_ip_output_policy_add()
6108 		new_kernel_policy->cond_scheme_port = cond_scheme_port;  in necp_kernel_ip_output_policy_add()
6111 	new_kernel_policy->result = result;  in necp_kernel_ip_output_policy_add()
6112 	memcpy(&new_kernel_policy->result_parameter, &result_parameter, sizeof(result_parameter));  in necp_kernel_ip_output_policy_add()
6115 …, "Added kernel policy: ip output, id=%d, mask=%llx\n", new_kernel_policy->id, new_kernel_policy->…  in necp_kernel_ip_output_policy_add()
6117 …LIST_INSERT_SORTED_THRICE_ASCENDING(&necp_kernel_ip_output_policies, new_kernel_policy, chain, ses…  in necp_kernel_ip_output_policy_add()
6119 	return new_kernel_policy ? new_kernel_policy->id : 0;  in necp_kernel_ip_output_policy_add()