4335 	struct necp_kernel_socket_policy *new_kernel_policy = NULL;  in necp_kernel_socket_policy_add()  local
4338 	new_kernel_policy = zalloc_flags(necp_socket_policy_zone, Z_WAITOK | Z_ZERO);  in necp_kernel_socket_policy_add()
4340 	new_kernel_policy->id = necp_kernel_policy_get_new_id(true);  in necp_kernel_socket_policy_add()
4341 	new_kernel_policy->order = order;  in necp_kernel_socket_policy_add()
4342 	new_kernel_policy->session_order = session_order;  in necp_kernel_socket_policy_add()
4343 	new_kernel_policy->session_pid = session_pid;  in necp_kernel_socket_policy_add()
4346 	new_kernel_policy->condition_mask = (condition_mask & NECP_KERNEL_VALID_SOCKET_CONDITIONS);  in necp_kernel_socket_policy_add()
4347 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ALL_INTERFACES) && (new_kernel_poli…  in necp_kernel_socket_policy_add()
4348 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_BOUND_INTERFACE;  in necp_kernel_socket_policy_add()
4350 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REAL_APP_ID) && !(new_kernel_policy…  in necp_kernel_socket_policy_add()
4351 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_REAL_APP_ID;  in necp_kernel_socket_policy_add()
4353 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) && (new_kernel_policy->c…  in necp_kernel_socket_policy_add()
4354 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_LOCAL_PREFIX;  in necp_kernel_socket_policy_add()
4356 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) && (new_kernel_policy->…  in necp_kernel_socket_policy_add()
4357 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_REMOTE_PREFIX;  in necp_kernel_socket_policy_add()
4359 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_EMPTY) {  in necp_kernel_socket_policy_add()
4360 …new_kernel_policy->condition_mask &= ~(NECP_KERNEL_CONDITION_LOCAL_PREFIX | NECP_KERNEL_CONDITION_…  in necp_kernel_socket_policy_add()
4362 	if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_EMPTY)) {  in necp_kernel_socket_policy_add()
4363 …new_kernel_policy->condition_mask &= ~(NECP_KERNEL_CONDITION_REMOTE_PREFIX | NECP_KERNEL_CONDITION…  in necp_kernel_socket_policy_add()
4365 …new_kernel_policy->condition_negated_mask = condition_negated_mask & new_kernel_policy->condition_…  in necp_kernel_socket_policy_add()
4368 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_APP_ID) {  in necp_kernel_socket_policy_add()
4369 		new_kernel_policy->cond_app_id = cond_app_id;  in necp_kernel_socket_policy_add()
4371 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REAL_APP_ID) {  in necp_kernel_socket_policy_add()
4372 		new_kernel_policy->cond_real_app_id = cond_real_app_id;  in necp_kernel_socket_policy_add()
4374 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_CUSTOM_ENTITLEMENT) {  in necp_kernel_socket_policy_add()
4375 		new_kernel_policy->cond_custom_entitlement = cond_custom_entitlement;  in necp_kernel_socket_policy_add()
4377 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ACCOUNT_ID) {  in necp_kernel_socket_policy_add()
4378 		new_kernel_policy->cond_account_id = cond_account_id;  in necp_kernel_socket_policy_add()
4380 	if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_DOMAIN) ||  in necp_kernel_socket_policy_add()
4381 	    (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_EXACT_DOMAIN)) {  in necp_kernel_socket_policy_add()
4382 		new_kernel_policy->cond_domain = cond_domain;  in necp_kernel_socket_policy_add()
4383 		new_kernel_policy->cond_domain_dot_count = necp_count_dots(cond_domain, strlen(cond_domain));  in necp_kernel_socket_policy_add()
4385 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_DOMAIN_FILTER) {  in necp_kernel_socket_policy_add()
4386 		new_kernel_policy->cond_domain_filter = cond_domain_filter;  in necp_kernel_socket_policy_add()
4388 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PID) {  in necp_kernel_socket_policy_add()
4389 		new_kernel_policy->cond_pid = cond_pid;  in necp_kernel_socket_policy_add()
4390 		new_kernel_policy->cond_pid_version = cond_pid_version;  in necp_kernel_socket_policy_add()
4392 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_UID) {  in necp_kernel_socket_policy_add()
4393 		new_kernel_policy->cond_uid = cond_uid;  in necp_kernel_socket_policy_add()
4395 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE) {  in necp_kernel_socket_policy_add()
4399 		new_kernel_policy->cond_bound_interface = cond_bound_interface;  in necp_kernel_socket_policy_add()
4401 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_TRAFFIC_CLASS) {  in necp_kernel_socket_policy_add()
4402 		new_kernel_policy->cond_traffic_class = cond_traffic_class;  in necp_kernel_socket_policy_add()
4404 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PROTOCOL) {  in necp_kernel_socket_policy_add()
4405 		new_kernel_policy->cond_protocol = cond_protocol;  in necp_kernel_socket_policy_add()
4407 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_START) {  in necp_kernel_socket_policy_add()
4408 		memcpy(&new_kernel_policy->cond_local_start, cond_local_start, cond_local_start->sa.sa_len);  in necp_kernel_socket_policy_add()
4410 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) {  in necp_kernel_socket_policy_add()
4411 		memcpy(&new_kernel_policy->cond_local_end, cond_local_end, cond_local_end->sa.sa_len);  in necp_kernel_socket_policy_add()
4413 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_PREFIX) {  in necp_kernel_socket_policy_add()
4414 		new_kernel_policy->cond_local_prefix = cond_local_prefix;  in necp_kernel_socket_policy_add()
4416 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_START) {  in necp_kernel_socket_policy_add()
4417 		memcpy(&new_kernel_policy->cond_remote_start, cond_remote_start, cond_remote_start->sa.sa_len);  in necp_kernel_socket_policy_add()
4419 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) {  in necp_kernel_socket_policy_add()
4420 		memcpy(&new_kernel_policy->cond_remote_end, cond_remote_end, cond_remote_end->sa.sa_len);  in necp_kernel_socket_policy_add()
4422 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_PREFIX) {  in necp_kernel_socket_policy_add()
4423 		new_kernel_policy->cond_remote_prefix = cond_remote_prefix;  in necp_kernel_socket_policy_add()
4425 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_AGENT_TYPE) {  in necp_kernel_socket_policy_add()
4426 		memcpy(&new_kernel_policy->cond_agent_type, cond_agent_type, sizeof(*cond_agent_type));  in necp_kernel_socket_policy_add()
4428 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SDK_VERSION) {  in necp_kernel_socket_policy_add()
4429 		memcpy(&new_kernel_policy->cond_sdk_version, cond_sdk_version, sizeof(*cond_sdk_version));  in necp_kernel_socket_policy_add()
4431 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_CLIENT_FLAGS) {  in necp_kernel_socket_policy_add()
4432 		new_kernel_policy->cond_client_flags = cond_client_flags;  in necp_kernel_socket_policy_add()
4434 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SIGNING_IDENTIFIER) {  in necp_kernel_socket_policy_add()
4435 		new_kernel_policy->cond_signing_identifier = cond_signing_identifier;  in necp_kernel_socket_policy_add()
4437 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PACKET_FILTER_TAGS) {  in necp_kernel_socket_policy_add()
4438 		new_kernel_policy->cond_packet_filter_tags = cond_packet_filter_tags;  in necp_kernel_socket_policy_add()
4440 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SCHEME_PORT) {  in necp_kernel_socket_policy_add()
4441 		new_kernel_policy->cond_scheme_port = cond_scheme_port;  in necp_kernel_socket_policy_add()
4444 	new_kernel_policy->result = result;  in necp_kernel_socket_policy_add()
4445 	memcpy(&new_kernel_policy->result_parameter, &result_parameter, sizeof(result_parameter));  in necp_kernel_socket_policy_add()
4448 …BUG, "Added kernel policy: socket, id=%d, mask=%llx\n", new_kernel_policy->id, new_kernel_policy->…  in necp_kernel_socket_policy_add()
4450 …LIST_INSERT_SORTED_TWICE_ASCENDING(&necp_kernel_socket_policies, new_kernel_policy, chain, session…  in necp_kernel_socket_policy_add()
4452 	return new_kernel_policy ? new_kernel_policy->id : 0;  in necp_kernel_socket_policy_add()
6063 	struct necp_kernel_ip_output_policy *new_kernel_policy = NULL;  in necp_kernel_ip_output_policy_add()  local
6066 	new_kernel_policy = zalloc_flags(necp_ip_policy_zone, Z_WAITOK | Z_ZERO);  in necp_kernel_ip_output_policy_add()
6067 	new_kernel_policy->id = necp_kernel_policy_get_new_id(false);  in necp_kernel_ip_output_policy_add()
6068 	new_kernel_policy->suborder = suborder;  in necp_kernel_ip_output_policy_add()
6069 	new_kernel_policy->order = order;  in necp_kernel_ip_output_policy_add()
6070 	new_kernel_policy->session_order = session_order;  in necp_kernel_ip_output_policy_add()
6071 	new_kernel_policy->session_pid = session_pid;  in necp_kernel_ip_output_policy_add()
6074 	new_kernel_policy->condition_mask = (condition_mask & NECP_KERNEL_VALID_IP_OUTPUT_CONDITIONS);  in necp_kernel_ip_output_policy_add()
6075 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_ALL_INTERFACES) && (new_kernel_poli…  in necp_kernel_ip_output_policy_add()
6076 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_BOUND_INTERFACE;  in necp_kernel_ip_output_policy_add()
6078 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) && (new_kernel_policy->c…  in necp_kernel_ip_output_policy_add()
6079 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_LOCAL_PREFIX;  in necp_kernel_ip_output_policy_add()
6081 …if ((new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) && (new_kernel_policy->…  in necp_kernel_ip_output_policy_add()
6082 		new_kernel_policy->condition_mask &= ~NECP_KERNEL_CONDITION_REMOTE_PREFIX;  in necp_kernel_ip_output_policy_add()
6084 …new_kernel_policy->condition_negated_mask = condition_negated_mask & new_kernel_policy->condition_…  in necp_kernel_ip_output_policy_add()
6087 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_POLICY_ID) {  in necp_kernel_ip_output_policy_add()
6088 		new_kernel_policy->cond_policy_id = cond_policy_id;  in necp_kernel_ip_output_policy_add()
6090 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_BOUND_INTERFACE) {  in necp_kernel_ip_output_policy_add()
6094 		new_kernel_policy->cond_bound_interface = cond_bound_interface;  in necp_kernel_ip_output_policy_add()
6096 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LAST_INTERFACE) {  in necp_kernel_ip_output_policy_add()
6097 		new_kernel_policy->cond_last_interface_index = cond_last_interface_index;  in necp_kernel_ip_output_policy_add()
6099 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PROTOCOL) {  in necp_kernel_ip_output_policy_add()
6100 		new_kernel_policy->cond_protocol = cond_protocol;  in necp_kernel_ip_output_policy_add()
6102 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_START) {  in necp_kernel_ip_output_policy_add()
6103 		memcpy(&new_kernel_policy->cond_local_start, cond_local_start, cond_local_start->sa.sa_len);  in necp_kernel_ip_output_policy_add()
6105 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_END) {  in necp_kernel_ip_output_policy_add()
6106 		memcpy(&new_kernel_policy->cond_local_end, cond_local_end, cond_local_end->sa.sa_len);  in necp_kernel_ip_output_policy_add()
6108 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_LOCAL_PREFIX) {  in necp_kernel_ip_output_policy_add()
6109 		new_kernel_policy->cond_local_prefix = cond_local_prefix;  in necp_kernel_ip_output_policy_add()
6111 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_START) {  in necp_kernel_ip_output_policy_add()
6112 		memcpy(&new_kernel_policy->cond_remote_start, cond_remote_start, cond_remote_start->sa.sa_len);  in necp_kernel_ip_output_policy_add()
6114 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_END) {  in necp_kernel_ip_output_policy_add()
6115 		memcpy(&new_kernel_policy->cond_remote_end, cond_remote_end, cond_remote_end->sa.sa_len);  in necp_kernel_ip_output_policy_add()
6117 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_REMOTE_PREFIX) {  in necp_kernel_ip_output_policy_add()
6118 		new_kernel_policy->cond_remote_prefix = cond_remote_prefix;  in necp_kernel_ip_output_policy_add()
6120 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_PACKET_FILTER_TAGS) {  in necp_kernel_ip_output_policy_add()
6121 		new_kernel_policy->cond_packet_filter_tags = cond_packet_filter_tags;  in necp_kernel_ip_output_policy_add()
6123 	if (new_kernel_policy->condition_mask & NECP_KERNEL_CONDITION_SCHEME_PORT) {  in necp_kernel_ip_output_policy_add()
6124 		new_kernel_policy->cond_scheme_port = cond_scheme_port;  in necp_kernel_ip_output_policy_add()
6127 	new_kernel_policy->result = result;  in necp_kernel_ip_output_policy_add()
6128 	memcpy(&new_kernel_policy->result_parameter, &result_parameter, sizeof(result_parameter));  in necp_kernel_ip_output_policy_add()
6131 …, "Added kernel policy: ip output, id=%d, mask=%llx\n", new_kernel_policy->id, new_kernel_policy->…  in necp_kernel_ip_output_policy_add()
6133 …LIST_INSERT_SORTED_THRICE_ASCENDING(&necp_kernel_ip_output_policies, new_kernel_policy, chain, ses…  in necp_kernel_ip_output_policy_add()
6135 	return new_kernel_policy ? new_kernel_policy->id : 0;  in necp_kernel_ip_output_policy_add()