1 /*
2 * Copyright (c) 2014-2024 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 #include <string.h>
30 #include <sys/systm.h>
31 #include <sys/types.h>
32 #include <sys/syslog.h>
33 #include <sys/queue.h>
34 #include <sys/malloc.h>
35 #include <sys/kernel.h>
36 #include <sys/kern_control.h>
37 #include <sys/mbuf.h>
38 #include <sys/kpi_mbuf.h>
39 #include <sys/sysctl.h>
40 #include <sys/priv.h>
41 #include <sys/kern_event.h>
42 #include <sys/sysproto.h>
43 #include <net/network_agent.h>
44 #include <net/if_var.h>
45 #include <net/necp.h>
46 #include <os/log.h>
47
48 u_int32_t netagent_debug = LOG_NOTICE; // 0=None, 1=Basic
49
50 SYSCTL_NODE(_net, OID_AUTO, netagent, CTLFLAG_RW | CTLFLAG_LOCKED, 0, "NetworkAgent");
51 SYSCTL_INT(_net_netagent, OID_AUTO, debug, CTLFLAG_LOCKED | CTLFLAG_RW, &netagent_debug, 0, "");
52
53 static int netagent_registered_count = 0;
54 SYSCTL_INT(_net_netagent, OID_AUTO, registered_count, CTLFLAG_RD | CTLFLAG_LOCKED,
55 &netagent_registered_count, 0, "");
56
57 static int netagent_active_count = 0;
58 SYSCTL_INT(_net_netagent, OID_AUTO, active_count, CTLFLAG_RD | CTLFLAG_LOCKED,
59 &netagent_active_count, 0, "");
60
61 #define NETAGENTLOG(level, format, ...) do { \
62 if (level <= netagent_debug) { \
63 if (level == LOG_ERR) { \
64 os_log_error(OS_LOG_DEFAULT, "%s: " format "\n", __FUNCTION__, __VA_ARGS__); \
65 } else { \
66 os_log(OS_LOG_DEFAULT, "%s: " format "\n", __FUNCTION__, __VA_ARGS__); \
67 } \
68 } \
69 } while (0)
70
71 #define NETAGENTLOG0(level, msg) do { \
72 if (level <= netagent_debug) { \
73 if (level == LOG_ERR) { \
74 os_log_error(OS_LOG_DEFAULT, "%s: %s\n", __FUNCTION__, msg); \
75 } else { \
76 os_log(OS_LOG_DEFAULT, "%s: %s\n", __FUNCTION__, msg); \
77 } \
78 } \
79 } while (0)
80
81 #if __has_ptrcheck
82 static inline
83 __attribute__((always_inline)) __pure
84 uint8_t * __bidi_indexable
netagent_get_data(const struct netagent * agent)85 netagent_get_data(const struct netagent *agent)
86 {
87 if (agent == NULL) {
88 return NULL;
89 }
90
91 return __unsafe_forge_bidi_indexable(uint8_t *, agent->netagent_data, agent->netagent_data_size);
92 }
93 #else
94 #define netagent_get_data(agent) ((agent)->netagent_data)
95 #endif
96
97 #if __has_ptrcheck
98 static inline
99 __attribute__((always_inline)) __pure
100 uint8_t * __bidi_indexable
netagent_group_message_get_members(const struct netagent_client_group_message * msg,size_t members_length)101 netagent_group_message_get_members(const struct netagent_client_group_message *msg, size_t members_length)
102 {
103 if (msg == NULL) {
104 return NULL;
105 }
106
107 return __unsafe_forge_bidi_indexable(uint8_t *, msg->group_members, members_length);
108 }
109 #else
110 #define netagent_group_message_get_members(msg, members_length) ((msg)->group_members)
111 #endif
112
113 #if __has_ptrcheck
114 static inline
115 __attribute__((always_inline)) __pure
116 uint8_t * __bidi_indexable
netagent_assign_message_get_necp_result(const struct netagent_assign_nexus_message * msg,size_t result_length)117 netagent_assign_message_get_necp_result(const struct netagent_assign_nexus_message *msg, size_t result_length)
118 {
119 if (msg == NULL) {
120 return NULL;
121 }
122
123 return __unsafe_forge_bidi_indexable(uint8_t *, msg->assign_necp_results, result_length);
124 }
125 #else
126 #define netagent_assign_message_get_necp_result(msg, result_length) ((msg)->assign_necp_results)
127 #endif
128
129 struct netagent_client {
130 LIST_ENTRY(netagent_client) client_chain;
131 uuid_t client_id;
132 uuid_t client_proc_uuid;
133 pid_t client_pid;
134 };
135
136 LIST_HEAD(netagent_client_list_s, netagent_client);
137
138 struct netagent_token {
139 TAILQ_ENTRY(netagent_token) token_chain;
140 u_int32_t token_length;
141 u_int8_t * __indexable token_bytes;
142 };
143
144 TAILQ_HEAD(netagent_token_list_s, netagent_token);
145
146 #define NETAGENT_MAX_CLIENT_ERROR_COUNT 32
147
148 struct netagent_registration {
149 LIST_ENTRY(netagent_registration) global_chain;
150 TAILQ_ENTRY(netagent_registration) session_chain;
151 lck_rw_t agent_lock;
152 u_int32_t control_unit;
153 netagent_event_f event_handler;
154 void *event_context;
155 u_int32_t generation;
156 u_int64_t use_count;
157 u_int64_t need_tokens_event_deadline;
158 u_int32_t token_count;
159 u_int32_t token_low_water;
160 int32_t last_client_error;
161 u_int32_t client_error_count;
162 u_int8_t allow_multiple_registrations;
163 u_int8_t __pad_bytes[2];
164 struct netagent_token_list_s token_list;
165 struct netagent_client_list_s pending_triggers_list;
166 size_t netagent_alloc_size;
167 struct netagent *netagent __sized_by(netagent_alloc_size);
168 };
169
170 struct netagent_session {
171 u_int32_t control_unit; // A control unit of 0 indicates an agent owned by the kernel
172 lck_mtx_t session_lock;
173 TAILQ_HEAD(_netagent_registration_list, netagent_registration) registrations;
174
175 netagent_event_f event_handler;
176 void *event_context;
177 bool allow_multiple_registrations;
178 };
179
180 typedef enum {
181 kNetagentErrorDomainPOSIX = 0,
182 kNetagentErrorDomainUserDefined = 1,
183 } netagent_error_domain_t;
184
185 static LIST_HEAD(_netagent_list, netagent_registration) shared_netagent_list =
186 LIST_HEAD_INITIALIZER(master_netagent_list);
187
188 // Protected by netagent_list_lock
189 static u_int32_t g_next_generation = 1;
190
191 static kern_ctl_ref netagent_kctlref;
192 static u_int32_t netagent_family;
193 static LCK_GRP_DECLARE(netagent_mtx_grp, NETAGENT_CONTROL_NAME);
194 static LCK_RW_DECLARE(netagent_list_lock, &netagent_mtx_grp);
195
196 #define NETAGENT_LIST_LOCK_EXCLUSIVE() lck_rw_lock_exclusive(&netagent_list_lock)
197 #define NETAGENT_LIST_LOCK_SHARED() lck_rw_lock_shared(&netagent_list_lock)
198 #define NETAGENT_LIST_UNLOCK() lck_rw_done(&netagent_list_lock)
199 #define NETAGENT_LIST_ASSERT_LOCKED() LCK_RW_ASSERT(&netagent_list_lock, LCK_RW_ASSERT_HELD)
200
201 #define NETAGENT_SESSION_LOCK(session) lck_mtx_lock(&session->session_lock)
202 #define NETAGENT_SESSION_UNLOCK(session) lck_mtx_unlock(&session->session_lock)
203 #define NETAGENT_SESSION_ASSERT_LOCKED(session) LCK_MTX_ASSERT(&session->session_lock, LCK_MTX_ASSERT_OWNED)
204
205 #define NETAGENT_LOCK_EXCLUSIVE(registration) lck_rw_lock_exclusive(®istration->agent_lock)
206 #define NETAGENT_LOCK_SHARED(registration) lck_rw_lock_shared(®istration->agent_lock)
207 #define NETAGENT_LOCK_SHARED_TO_EXCLUSIVE(registration) lck_rw_lock_shared_to_exclusive(®istration->agent_lock)
208 #define NETAGENT_UNLOCK(registration) lck_rw_done(®istration->agent_lock)
209 #define NETAGENT_ASSERT_LOCKED(registration) LCK_RW_ASSERT(®istration->agent_lock, LCK_RW_ASSERT_HELD)
210
211 // Locking Notes
212
213 // Precedence, where 1 is the first lock that must be taken
214 // 1. NETAGENT_LIST_LOCK - protects shared_netagent_list
215 // 2. NETAGENT_SESSION_LOCK - protects the session->registrations list
216 // 3. NETAGENT_LOCK -> protects values in a registration
217
218 static errno_t netagent_register_control(void);
219 static errno_t netagent_ctl_connect(kern_ctl_ref kctlref, struct sockaddr_ctl *sac,
220 void **unitinfo);
221 static errno_t netagent_ctl_disconnect(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo);
222 static errno_t netagent_ctl_send(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo,
223 mbuf_t m, int flags);
224 static void netagent_ctl_rcvd(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo, int flags);
225 static errno_t netagent_ctl_getopt(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo,
226 int opt, void * __sized_by(*len)data, size_t *len);
227 static errno_t netagent_ctl_setopt(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo,
228 int opt, void * __sized_by(len)data, size_t len);
229
230 static int netagent_send_ctl_data(u_int32_t control_unit,
231 u_int8_t *__sized_by(buffer_size)buffer, size_t buffer_size);
232
233 static struct netagent_session *netagent_create_session(u_int32_t control_unit);
234 static void netagent_delete_session(struct netagent_session *session);
235
236 // Register
237 static void netagent_handle_register_message(struct netagent_session *session, u_int32_t message_id,
238 size_t payload_length, mbuf_t packet, size_t offset);
239 static errno_t netagent_handle_register_setopt(struct netagent_session *session, u_int8_t *payload,
240 size_t payload_length);
241
242 // Unregister
243 static void netagent_handle_unregister_message(struct netagent_session *session, u_int32_t message_id,
244 size_t payload_length, mbuf_t packet, size_t offset);
245 static errno_t netagent_handle_unregister_setopt(struct netagent_session *session, u_int8_t * __sized_by(payload_length)payload,
246 size_t payload_length);
247 static errno_t netagent_handle_unregister_all_setopt(struct netagent_session *session, u_int8_t * __sized_by(payload_length)payload,
248 size_t payload_length);
249
250 // Update
251 static void netagent_handle_update_message(struct netagent_session *session, u_int32_t message_id,
252 size_t payload_length, mbuf_t packet, size_t offset);
253 static errno_t netagent_handle_update_setopt(struct netagent_session *session, u_int8_t *payload,
254 size_t payload_length);
255
256 // Assign nexus
257 static void netagent_handle_assign_nexus_message(struct netagent_session *session, u_int32_t message_id,
258 size_t payload_length, mbuf_t packet, size_t offset);
259 static errno_t netagent_handle_assign_nexus_setopt(struct netagent_session *session, u_int8_t * __sized_by(payload_length)payload,
260 size_t payload_length);
261
262 // Assign group
263 static errno_t netagent_handle_assign_group_setopt(struct netagent_session *session, u_int8_t * __sized_by(payload_length)payload,
264 size_t payload_length);
265
266 // Set/get assert count
267 static errno_t netagent_handle_use_count_setopt(struct netagent_session *session, u_int8_t * __sized_by(payload_length)payload, size_t payload_length);
268 static errno_t netagent_handle_use_count_getopt(struct netagent_session *session, u_int8_t * __sized_by(*buffer_length)buffer, size_t *buffer_length);
269
270 // Manage tokens
271 static errno_t netagent_handle_add_token_setopt(struct netagent_session *session, u_int8_t * __sized_by(token_length)token, size_t token_length);
272 static errno_t netagent_handle_flush_tokens_setopt(struct netagent_session *session, u_int8_t * __sized_by(payload_length)payload, size_t payload_length);
273 static errno_t netagent_handle_token_count_getopt(struct netagent_session *session, u_int8_t * __sized_by(*buffer_length)buffer, size_t *buffer_length);
274 static errno_t netagent_handle_token_low_water_setopt(struct netagent_session *session, u_int8_t * __sized_by(buffer_length)buffer, size_t buffer_length);
275 static errno_t netagent_handle_token_low_water_getopt(struct netagent_session *session, u_int8_t * __sized_by(*buffer_length)buffer, size_t *buffer_length);
276
277 // Client error
278 static errno_t netagent_handle_reset_client_error_setopt(struct netagent_session *session, u_int8_t * __sized_by(payload_length)payload, size_t payload_length);
279
280 // Enable session mode
281 static errno_t netagent_handle_enable_session_mode_setopt(struct netagent_session *session, u_int8_t *payload, size_t payload_length);
282
283 // Requires list lock being held
284 static struct netagent_registration *netagent_find_agent_with_uuid_and_lock(uuid_t uuid, bool exclusively, bool ignore_lock);
285
286 // Requires session lock being held
287 static struct netagent_registration *
288 netagent_session_find_agent_with_uuid_and_lock(struct netagent_session *session, uuid_t uuid, bool exclusively, bool ignore_lock);
289
290 // Requires session lock being held, and single agent only
291 static struct netagent_registration *
292 netagent_session_access_agent_with_lock(struct netagent_session *session, bool exclusively, bool ignore_lock);
293
294 errno_t
netagent_init(void)295 netagent_init(void)
296 {
297 return netagent_register_control();
298 }
299
300 static errno_t
netagent_register_control(void)301 netagent_register_control(void)
302 {
303 struct kern_ctl_reg kern_ctl;
304 errno_t result = 0;
305
306 // Find a unique value for our interface family
307 result = mbuf_tag_id_find(NETAGENT_CONTROL_NAME, &netagent_family);
308 if (result != 0) {
309 NETAGENTLOG(LOG_ERR, "mbuf_tag_id_find_internal failed: %d", result);
310 return result;
311 }
312
313 bzero(&kern_ctl, sizeof(kern_ctl));
314 strlcpy(kern_ctl.ctl_name, NETAGENT_CONTROL_NAME, sizeof(kern_ctl.ctl_name));
315 kern_ctl.ctl_name[sizeof(kern_ctl.ctl_name) - 1] = 0;
316 kern_ctl.ctl_flags = CTL_FLAG_PRIVILEGED; // Require root
317 kern_ctl.ctl_sendsize = 64 * 1024;
318 kern_ctl.ctl_recvsize = 64 * 1024;
319 kern_ctl.ctl_connect = netagent_ctl_connect;
320 kern_ctl.ctl_disconnect = netagent_ctl_disconnect;
321 kern_ctl.ctl_send = netagent_ctl_send;
322 kern_ctl.ctl_rcvd = netagent_ctl_rcvd;
323 kern_ctl.ctl_setopt = netagent_ctl_setopt;
324 kern_ctl.ctl_getopt = netagent_ctl_getopt;
325
326 result = ctl_register(&kern_ctl, &netagent_kctlref);
327 if (result != 0) {
328 NETAGENTLOG(LOG_ERR, "ctl_register failed: %d", result);
329 return result;
330 }
331
332 return 0;
333 }
334
335 static errno_t
netagent_ctl_connect(kern_ctl_ref kctlref,struct sockaddr_ctl * sac,void ** unitinfo)336 netagent_ctl_connect(kern_ctl_ref kctlref, struct sockaddr_ctl *sac, void **unitinfo)
337 {
338 #pragma unused(kctlref)
339 *unitinfo = netagent_create_session(sac->sc_unit);
340 if (*unitinfo == NULL) {
341 // Could not allocate session
342 return ENOBUFS;
343 }
344
345 return 0;
346 }
347
348 static errno_t
netagent_ctl_disconnect(kern_ctl_ref kctlref,u_int32_t unit,void * unitinfo)349 netagent_ctl_disconnect(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo)
350 {
351 #pragma unused(kctlref, unit)
352 struct netagent_session *session = (struct netagent_session *)unitinfo;
353 if (session != NULL) {
354 netagent_delete_session(session);
355 }
356
357 return 0;
358 }
359
360 // Kernel events
361 static void
netagent_post_event(uuid_t agent_uuid,u_int32_t event_code,bool update_necp,bool should_update_immediately)362 netagent_post_event(uuid_t agent_uuid, u_int32_t event_code, bool update_necp, bool should_update_immediately)
363 {
364 if (update_necp) {
365 necp_update_all_clients_immediately_if_needed(should_update_immediately);
366 }
367
368 struct kev_msg ev_msg;
369 memset(&ev_msg, 0, sizeof(ev_msg));
370
371 struct kev_netagent_data event_data;
372
373 ev_msg.vendor_code = KEV_VENDOR_APPLE;
374 ev_msg.kev_class = KEV_NETWORK_CLASS;
375 ev_msg.kev_subclass = KEV_NETAGENT_SUBCLASS;
376 ev_msg.event_code = event_code;
377
378 uuid_copy(event_data.netagent_uuid, agent_uuid);
379 ev_msg.dv[0].data_ptr = &event_data;
380 ev_msg.dv[0].data_length = sizeof(event_data);
381
382 kev_post_msg(&ev_msg);
383 }
384
385 // Message handling
386 static u_int8_t * __indexable
387 netagent_buffer_write_message_header(u_int8_t * __sized_by(sizeof(struct netagent_message_header) + payload_length)buffer, u_int8_t message_type, u_int8_t flags, u_int32_t message_id, u_int32_t error, size_t payload_length)
388 {
389 memset(buffer, 0, sizeof(struct netagent_message_header));
390 ((struct netagent_message_header *)(void *)buffer)->message_type = message_type;
391 ((struct netagent_message_header *)(void *)buffer)->message_flags = flags;
392 ((struct netagent_message_header *)(void *)buffer)->message_id = message_id;
393 ((struct netagent_message_header *)(void *)buffer)->message_error = error;
394 ((struct netagent_message_header *)(void *)buffer)->message_payload_length = (u_int32_t)payload_length;
395 return payload_length ? buffer + sizeof(struct netagent_message_header) : NULL;
396 }
397
398 static u_int8_t * __indexable
399 netagent_buffer_write_session_message_header(u_int8_t * __sized_by(sizeof(struct netagent_session_message_header) + payload_length)buffer, u_int8_t message_type, u_int8_t flags, u_int32_t message_id, u_int32_t error, uuid_t message_agent_id, size_t payload_length)
400 {
401 memset(buffer, 0, sizeof(struct netagent_session_message_header));
402 ((struct netagent_session_message_header *)(void *)buffer)->message_type = message_type;
403 ((struct netagent_session_message_header *)(void *)buffer)->message_flags = flags;
404 ((struct netagent_session_message_header *)(void *)buffer)->message_id = message_id;
405 ((struct netagent_session_message_header *)(void *)buffer)->message_error = error;
406 uuid_copy(((struct netagent_session_message_header *)(void *)buffer)->message_agent_id, message_agent_id);
407 ((struct netagent_session_message_header *)(void *)buffer)->message_payload_length = (u_int32_t)payload_length;
408 return payload_length ? buffer + sizeof(struct netagent_session_message_header) : NULL;
409 }
410
411 static int
netagent_send_ctl_data(u_int32_t control_unit,u_int8_t * __sized_by (buffer_size)buffer,size_t buffer_size)412 netagent_send_ctl_data(u_int32_t control_unit, u_int8_t *__sized_by(buffer_size) buffer, size_t buffer_size)
413 {
414 if (netagent_kctlref == NULL || control_unit == 0 || buffer == NULL || buffer_size == 0) {
415 return EINVAL;
416 }
417
418 return ctl_enqueuedata(netagent_kctlref, control_unit, buffer, buffer_size, CTL_DATA_EOR);
419 }
420
421 static int
netagent_send_trigger(struct netagent_registration * registration,struct proc * p,u_int32_t flags,u_int8_t trigger_type)422 netagent_send_trigger(struct netagent_registration *registration, struct proc *p, u_int32_t flags, u_int8_t trigger_type)
423 {
424 int error = 0;
425 struct netagent_trigger_message *trigger_message = NULL;
426 const bool session_mode = registration->allow_multiple_registrations;
427 const size_t header_size = (session_mode ? sizeof(struct netagent_session_message_header) : sizeof(struct netagent_message_header));
428 u_int8_t *trigger = NULL;
429 size_t trigger_size = header_size + sizeof(struct netagent_trigger_message);
430 trigger = (u_int8_t *)kalloc_data(trigger_size, Z_WAITOK);
431 if (trigger == NULL) {
432 return ENOMEM;
433 }
434
435 if (session_mode) {
436 (void)netagent_buffer_write_session_message_header(trigger, trigger_type, 0, 0, 0, registration->netagent->netagent_uuid, sizeof(struct netagent_trigger_message));
437 } else {
438 (void)netagent_buffer_write_message_header(trigger, trigger_type, 0, 0, 0, sizeof(struct netagent_trigger_message));
439 }
440
441 trigger_message = (struct netagent_trigger_message *)(void *)(trigger + header_size);
442 trigger_message->trigger_flags = flags;
443 if (p != NULL) {
444 trigger_message->trigger_pid = proc_pid(p);
445 proc_getexecutableuuid(p, trigger_message->trigger_proc_uuid, sizeof(trigger_message->trigger_proc_uuid));
446 } else {
447 trigger_message->trigger_pid = 0;
448 uuid_clear(trigger_message->trigger_proc_uuid);
449 }
450
451 if ((error = netagent_send_ctl_data(registration->control_unit, trigger, trigger_size))) {
452 NETAGENTLOG(LOG_ERR, "Failed to send trigger message on control unit %d", registration->control_unit);
453 }
454
455 kfree_data(trigger, trigger_size);
456 return error;
457 }
458
459 static int
netagent_send_client_message(struct netagent_registration * registration,uuid_t client_id,u_int8_t message_type)460 netagent_send_client_message(struct netagent_registration *registration, uuid_t client_id, u_int8_t message_type)
461 {
462 int error = 0;
463 struct netagent_client_message *client_message = NULL;
464 const bool session_mode = registration->allow_multiple_registrations;
465 const size_t header_size = (session_mode ? sizeof(struct netagent_session_message_header) : sizeof(struct netagent_message_header));
466 u_int8_t *message = NULL;
467 size_t message_size = header_size + sizeof(struct netagent_client_message);
468
469 message = (u_int8_t *)kalloc_data(message_size, Z_WAITOK);
470 if (message == NULL) {
471 return ENOMEM;
472 }
473
474 if (session_mode) {
475 (void)netagent_buffer_write_session_message_header(message, message_type, 0, 0, 0, registration->netagent->netagent_uuid, sizeof(struct netagent_client_message));
476 } else {
477 (void)netagent_buffer_write_message_header(message, message_type, 0, 0, 0, sizeof(struct netagent_client_message));
478 }
479
480 client_message = (struct netagent_client_message *)(void *)(message + header_size);
481 uuid_copy(client_message->client_id, client_id);
482
483 if ((error = netagent_send_ctl_data(registration->control_unit, message, message_size))) {
484 NETAGENTLOG(LOG_ERR, "Failed to send client message %d on control unit %d", message_type, registration->control_unit);
485 }
486
487 kfree_data(message, message_size);
488 return error;
489 }
490
491 static int
netagent_send_error_message(struct netagent_registration * registration,uuid_t client_id,u_int8_t message_type,int32_t error_code)492 netagent_send_error_message(struct netagent_registration *registration, uuid_t client_id, u_int8_t message_type, int32_t error_code)
493 {
494 int error = 0;
495 struct netagent_client_error_message *client_message = NULL;
496 const bool session_mode = registration->allow_multiple_registrations;
497 const size_t header_size = (session_mode ? sizeof(struct netagent_session_message_header) : sizeof(struct netagent_message_header));
498 u_int8_t *message = NULL;
499 size_t message_size = header_size + sizeof(struct netagent_client_error_message);
500
501 message = (u_int8_t *)kalloc_data(message_size, Z_WAITOK);
502 if (message == NULL) {
503 return ENOMEM;
504 }
505
506 if (session_mode) {
507 (void)netagent_buffer_write_session_message_header(message, message_type, 0, 0, 0, registration->netagent->netagent_uuid, sizeof(struct netagent_client_error_message));
508 } else {
509 (void)netagent_buffer_write_message_header(message, message_type, 0, 0, 0, sizeof(struct netagent_client_error_message));
510 }
511
512 client_message = (struct netagent_client_error_message *)(void *)(message + header_size);
513 uuid_copy(client_message->client_id, client_id);
514 client_message->error_code = error_code;
515
516 if ((error = netagent_send_ctl_data(registration->control_unit, message, message_size))) {
517 NETAGENTLOG(LOG_ERR, "Failed to send client message %d on control unit %d", message_type, registration->control_unit);
518 }
519
520 kfree_data(message, message_size);
521 return error;
522 }
523
524 static int
netagent_send_group_message(struct netagent_registration * registration,uuid_t client_id,u_int8_t message_type,struct necp_client_group_members * group_members)525 netagent_send_group_message(struct netagent_registration *registration, uuid_t client_id, u_int8_t message_type, struct necp_client_group_members *group_members)
526 {
527 int error = 0;
528 struct netagent_client_group_message * __single client_message = NULL;
529 const bool session_mode = registration->allow_multiple_registrations;
530 const size_t header_size = (session_mode ? sizeof(struct netagent_session_message_header) : sizeof(struct netagent_message_header));
531 u_int8_t *message = NULL;
532 size_t message_size = header_size + sizeof(struct netagent_client_group_message) + group_members->group_members_length;
533
534 message = (u_int8_t *)kalloc_data(message_size, Z_WAITOK);
535 if (message == NULL) {
536 return ENOMEM;
537 }
538
539 if (session_mode) {
540 (void)netagent_buffer_write_session_message_header(message, message_type, 0, 0, 0, registration->netagent->netagent_uuid, sizeof(struct netagent_client_group_message) + group_members->group_members_length);
541 } else {
542 (void)netagent_buffer_write_message_header(message, message_type, 0, 0, 0, sizeof(struct netagent_client_group_message) + group_members->group_members_length);
543 }
544
545 client_message = (struct netagent_client_group_message *)(void *)(message + header_size);
546 uuid_copy(client_message->client_id, client_id);
547 memcpy(netagent_group_message_get_members(client_message, group_members->group_members_length), group_members->group_members, group_members->group_members_length);
548
549 if ((error = netagent_send_ctl_data(registration->control_unit, message, message_size))) {
550 NETAGENTLOG(LOG_ERR, "Failed to send client group message %d on control unit %d", message_type, registration->control_unit);
551 }
552
553 kfree_data(message, message_size);
554 return error;
555 }
556
557 static int
netagent_send_tokens_needed(struct netagent_registration * registration)558 netagent_send_tokens_needed(struct netagent_registration *registration)
559 {
560 const u_int8_t message_type = NETAGENT_MESSAGE_TYPE_TOKENS_NEEDED;
561 int error = 0;
562 u_int8_t *message = NULL;
563 const bool session_mode = registration->allow_multiple_registrations;
564 const size_t header_size = (session_mode ? sizeof(struct netagent_session_message_header) : sizeof(struct netagent_message_header));
565 size_t message_size = header_size;
566
567 message = (u_int8_t *)kalloc_data(message_size, Z_WAITOK);
568 if (message == NULL) {
569 return ENOMEM;
570 }
571
572 if (session_mode) {
573 (void)netagent_buffer_write_session_message_header(message, message_type, 0, 0, 0, registration->netagent->netagent_uuid, 0);
574 } else {
575 (void)netagent_buffer_write_message_header(message, message_type, 0, 0, 0, 0);
576 }
577
578 if ((error = netagent_send_ctl_data(registration->control_unit, message, message_size))) {
579 NETAGENTLOG(LOG_ERR, "Failed to send client tokens needed message on control unit %d", registration->control_unit);
580 }
581
582 kfree_data(message, message_size);
583 return error;
584 }
585
586 static int
netagent_send_success_response(struct netagent_session * session,u_int8_t message_type,u_int32_t message_id)587 netagent_send_success_response(struct netagent_session *session, u_int8_t message_type, u_int32_t message_id)
588 {
589 int error = 0;
590 u_int8_t *response = NULL;
591 size_t response_size = sizeof(struct netagent_message_header);
592
593 response = (u_int8_t *)kalloc_data(response_size, Z_WAITOK);
594 if (response == NULL) {
595 return ENOMEM;
596 }
597 (void)netagent_buffer_write_message_header(response, message_type, NETAGENT_MESSAGE_FLAGS_RESPONSE, message_id, 0, 0);
598
599 if ((error = netagent_send_ctl_data(session->control_unit, response, response_size))) {
600 NETAGENTLOG0(LOG_ERR, "Failed to send response");
601 }
602
603 kfree_data(response, response_size);
604 return error;
605 }
606
607 static errno_t
netagent_send_error_response(struct netagent_session * session,u_int8_t message_type,u_int32_t message_id,u_int32_t error_code)608 netagent_send_error_response(struct netagent_session *session, u_int8_t message_type,
609 u_int32_t message_id, u_int32_t error_code)
610 {
611 int error = 0;
612 u_int8_t *response = NULL;
613 size_t response_size = sizeof(struct netagent_message_header);
614
615 if (session == NULL) {
616 NETAGENTLOG0(LOG_ERR, "Got a NULL session");
617 return EINVAL;
618 }
619
620 response = (u_int8_t *)kalloc_data(response_size, Z_WAITOK);
621 if (response == NULL) {
622 return ENOMEM;
623 }
624 (void)netagent_buffer_write_message_header(response, message_type, NETAGENT_MESSAGE_FLAGS_RESPONSE,
625 message_id, error_code, 0);
626
627 if ((error = netagent_send_ctl_data(session->control_unit, response, response_size))) {
628 NETAGENTLOG0(LOG_ERR, "Failed to send response");
629 }
630
631 kfree_data(response, response_size);
632 return error;
633 }
634
635 static errno_t
netagent_ctl_send(kern_ctl_ref kctlref,u_int32_t unit,void * unitinfo,mbuf_t packet,int flags)636 netagent_ctl_send(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo, mbuf_t packet, int flags)
637 {
638 #pragma unused(kctlref, unit, flags)
639 struct netagent_session *session = (struct netagent_session *)unitinfo;
640 struct netagent_message_header header;
641 int error = 0;
642
643 if (session == NULL) {
644 NETAGENTLOG0(LOG_ERR, "Got a NULL session");
645 error = EINVAL;
646 goto done;
647 }
648
649 if (mbuf_pkthdr_len(packet) < sizeof(header)) {
650 NETAGENTLOG(LOG_ERR, "Got a bad packet, length (%lu) < sizeof header (%lu)",
651 mbuf_pkthdr_len(packet), sizeof(header));
652 error = EINVAL;
653 goto done;
654 }
655
656 error = mbuf_copydata(packet, 0, sizeof(header), &header);
657 if (error) {
658 NETAGENTLOG(LOG_ERR, "mbuf_copydata failed for the header: %d", error);
659 error = ENOBUFS;
660 goto done;
661 }
662
663 switch (header.message_type) {
664 case NETAGENT_MESSAGE_TYPE_REGISTER: {
665 netagent_handle_register_message(session, header.message_id, header.message_payload_length,
666 packet, sizeof(header));
667 break;
668 }
669 case NETAGENT_MESSAGE_TYPE_UNREGISTER: {
670 netagent_handle_unregister_message(session, header.message_id, header.message_payload_length,
671 packet, sizeof(header));
672 break;
673 }
674 case NETAGENT_MESSAGE_TYPE_UPDATE: {
675 netagent_handle_update_message(session, header.message_id, header.message_payload_length,
676 packet, sizeof(header));
677 break;
678 }
679 case NETAGENT_MESSAGE_TYPE_GET: {
680 NETAGENTLOG0(LOG_ERR, "NETAGENT_MESSAGE_TYPE_GET no longer supported");
681 break;
682 }
683 case NETAGENT_MESSAGE_TYPE_ASSERT: {
684 NETAGENTLOG0(LOG_ERR, "NETAGENT_MESSAGE_TYPE_ASSERT no longer supported");
685 break;
686 }
687 case NETAGENT_MESSAGE_TYPE_UNASSERT: {
688 NETAGENTLOG0(LOG_ERR, "NETAGENT_MESSAGE_TYPE_UNASSERT no longer supported");
689 break;
690 }
691 case NETAGENT_MESSAGE_TYPE_ASSIGN_NEXUS: {
692 netagent_handle_assign_nexus_message(session, header.message_id, header.message_payload_length,
693 packet, sizeof(header));
694 break;
695 }
696 default: {
697 NETAGENTLOG(LOG_ERR, "Received unknown message type %d", header.message_type);
698 netagent_send_error_response(session, header.message_type, header.message_id,
699 NETAGENT_MESSAGE_ERROR_UNKNOWN_TYPE);
700 break;
701 }
702 }
703
704 done:
705 mbuf_freem(packet);
706 return error;
707 }
708
709 static void
netagent_ctl_rcvd(kern_ctl_ref kctlref,u_int32_t unit,void * unitinfo,int flags)710 netagent_ctl_rcvd(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo, int flags)
711 {
712 #pragma unused(kctlref, unit, unitinfo, flags)
713 return;
714 }
715
716 static errno_t
netagent_ctl_getopt(kern_ctl_ref kctlref,u_int32_t unit,void * unitinfo,int opt,void * __sized_by (* len)data,size_t * len)717 netagent_ctl_getopt(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo, int opt,
718 void * __sized_by(*len)data, size_t *len)
719 {
720 #pragma unused(kctlref, unit)
721 struct netagent_session *session = (struct netagent_session *)unitinfo;
722 errno_t error;
723
724 if (session == NULL) {
725 NETAGENTLOG0(LOG_ERR, "Received a NULL session");
726 error = EINVAL;
727 goto done;
728 }
729
730 switch (opt) {
731 case NETAGENT_OPTION_TYPE_USE_COUNT: {
732 NETAGENTLOG0(LOG_DEBUG, "Request to get use count");
733 error = netagent_handle_use_count_getopt(session, data, len);
734 break;
735 }
736 case NETAGENT_OPTION_TYPE_TOKEN_COUNT: {
737 NETAGENTLOG0(LOG_DEBUG, "Request to get token count");
738 error = netagent_handle_token_count_getopt(session, data, len);
739 break;
740 }
741 case NETAGENT_OPTION_TYPE_TOKEN_LOW_WATER: {
742 NETAGENTLOG0(LOG_DEBUG, "Request to get token low water mark");
743 error = netagent_handle_token_low_water_getopt(session, data, len);
744 break;
745 }
746 default:
747 NETAGENTLOG0(LOG_ERR, "Received unknown option");
748 error = ENOPROTOOPT;
749 break;
750 }
751
752 done:
753 return error;
754 }
755
756 static errno_t
netagent_ctl_setopt(kern_ctl_ref kctlref,u_int32_t unit,void * unitinfo,int opt,void * __sized_by (len)data,size_t len)757 netagent_ctl_setopt(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo, int opt,
758 void * __sized_by(len)data, size_t len)
759 {
760 #pragma unused(kctlref, unit)
761 struct netagent_session *session = (struct netagent_session *)unitinfo;
762 errno_t error;
763
764 if (session == NULL) {
765 NETAGENTLOG0(LOG_ERR, "Received a NULL session");
766 error = EINVAL;
767 goto done;
768 }
769
770 switch (opt) {
771 case NETAGENT_OPTION_TYPE_REGISTER: {
772 NETAGENTLOG0(LOG_DEBUG, "Request for registration");
773 error = netagent_handle_register_setopt(session, data, len);
774 break;
775 }
776 case NETAGENT_OPTION_TYPE_UPDATE: {
777 NETAGENTLOG0(LOG_DEBUG, "Request for update");
778 error = netagent_handle_update_setopt(session, data, len);
779 break;
780 }
781 case NETAGENT_OPTION_TYPE_UNREGISTER: {
782 NETAGENTLOG0(LOG_DEBUG, "Request for unregistration");
783 error = netagent_handle_unregister_setopt(session, data, len);
784 break;
785 }
786 case NETAGENT_OPTION_TYPE_ASSIGN_NEXUS: {
787 NETAGENTLOG0(LOG_DEBUG, "Request for assigning nexus");
788 error = netagent_handle_assign_nexus_setopt(session, data, len);
789 break;
790 }
791 case NETAGENT_MESSAGE_TYPE_ASSIGN_GROUP_MEMBERS: {
792 NETAGENTLOG0(LOG_DEBUG, "Request for assigning group members");
793 error = netagent_handle_assign_group_setopt(session, data, len);
794 break;
795 }
796 case NETAGENT_OPTION_TYPE_USE_COUNT: {
797 NETAGENTLOG0(LOG_DEBUG, "Request to set use count");
798 error = netagent_handle_use_count_setopt(session, data, len);
799 break;
800 }
801 case NETAGENT_OPTION_TYPE_ADD_TOKEN: {
802 NETAGENTLOG0(LOG_DEBUG, "Request to add a token");
803 error = netagent_handle_add_token_setopt(session, data, len);
804 break;
805 }
806 case NETAGENT_OPTION_TYPE_FLUSH_TOKENS: {
807 NETAGENTLOG0(LOG_DEBUG, "Request to flush tokens");
808 error = netagent_handle_flush_tokens_setopt(session, data, len);
809 break;
810 }
811 case NETAGENT_OPTION_TYPE_TOKEN_LOW_WATER: {
812 NETAGENTLOG0(LOG_DEBUG, "Request to set token low water mark");
813 error = netagent_handle_token_low_water_setopt(session, data, len);
814 break;
815 }
816 case NETAGENT_OPTION_TYPE_RESET_CLIENT_ERROR: {
817 NETAGENTLOG0(LOG_DEBUG, "Request to reset client error");
818 error = netagent_handle_reset_client_error_setopt(session, data, len);
819 break;
820 }
821 case NETAGENT_OPTION_TYPE_ENABLE_SESSION_MODE: {
822 NETAGENTLOG0(LOG_DEBUG, "Request to enable session mode");
823 error = netagent_handle_enable_session_mode_setopt(session, data, len);
824 break;
825 }
826 case NETAGENT_OPTION_TYPE_UNREGISTER_ALL: {
827 NETAGENTLOG0(LOG_DEBUG, "Request for unregistration of all agents");
828 error = netagent_handle_unregister_all_setopt(session, data, len);
829 break;
830 }
831 default:
832 NETAGENTLOG0(LOG_ERR, "Received unknown option");
833 error = ENOPROTOOPT;
834 break;
835 }
836
837 done:
838 return error;
839 }
840
841 // Session Management
842 static struct netagent_session *
netagent_create_session(u_int32_t control_unit)843 netagent_create_session(u_int32_t control_unit)
844 {
845 struct netagent_session *new_session = NULL;
846
847 new_session = kalloc_type(struct netagent_session,
848 Z_WAITOK | Z_ZERO | Z_NOFAIL);
849 NETAGENTLOG(LOG_DEBUG, "Create agent session, control unit %d", control_unit);
850 new_session->control_unit = control_unit;
851 lck_mtx_init(&new_session->session_lock, &netagent_mtx_grp, LCK_ATTR_NULL);
852 TAILQ_INIT(&new_session->registrations);
853
854 return new_session;
855 }
856
857 netagent_session_t
netagent_create(netagent_event_f event_handler,void * context)858 netagent_create(netagent_event_f event_handler, void *context)
859 {
860 struct netagent_session *session = netagent_create_session(0);
861 if (session == NULL) {
862 return NULL;
863 }
864
865 session->event_handler = event_handler;
866 session->event_context = context;
867 return session;
868 }
869
870 static void
netagent_token_free(struct netagent_token * token)871 netagent_token_free(struct netagent_token *token)
872 {
873 kfree_data(token->token_bytes, token->token_length);
874 kfree_type(struct netagent_token, token);
875 }
876
877 static struct netagent_registration *
netagent_alloc_registration_memory(uint32_t data_size)878 netagent_alloc_registration_memory(uint32_t data_size)
879 {
880 struct netagent_registration *new_registration;
881 size_t netagent_alloc_size = sizeof(struct netagent) + data_size;
882
883 new_registration = kalloc_type(struct netagent_registration,
884 Z_WAITOK | Z_ZERO | Z_NOFAIL);
885 new_registration->netagent = kalloc_data(netagent_alloc_size, Z_WAITOK | Z_NOFAIL);
886 new_registration->netagent_alloc_size = netagent_alloc_size;
887
888 lck_rw_init(&new_registration->agent_lock, &netagent_mtx_grp, LCK_ATTR_NULL);
889
890 return new_registration;
891 }
892
893 static void
netagent_free_registration_memory(struct netagent_registration * registration)894 netagent_free_registration_memory(struct netagent_registration *registration)
895 {
896 // Before destroying the lock, take the lock exclusively and then
897 // drop it again. This ensures that no other thread was holding
898 // onto the lock at the time of destroying it.
899 // This can happen in netagent_client_message_with_params due
900 // to the fact that the registration lock needs to be held during the
901 // event callout, while the list lock has been released. Taking
902 // this lock here ensures that any such remaining thread completes
903 // before this object is released. Since the registration object has
904 // already been removed from any and all lists by this point,
905 // there isn't any way for a new thread to start referencing it.
906 NETAGENT_LOCK_EXCLUSIVE(registration);
907 NETAGENT_UNLOCK(registration);
908 lck_rw_destroy(®istration->agent_lock, &netagent_mtx_grp);
909
910 kfree_data_sized_by(registration->netagent, registration->netagent_alloc_size);
911 kfree_type(struct netagent_registration, registration);
912 }
913
914 static void
netagent_free_registration(struct netagent_registration * registration)915 netagent_free_registration(struct netagent_registration *registration)
916 {
917 // Free any leftover tokens
918 struct netagent_token *search_token = NULL;
919 struct netagent_token *temp_token = NULL;
920 TAILQ_FOREACH_SAFE(search_token, ®istration->token_list, token_chain, temp_token) {
921 TAILQ_REMOVE(®istration->token_list, search_token, token_chain);
922 netagent_token_free(search_token);
923 }
924
925 // Free any pending client triggers
926 struct netagent_client * __single search_client = NULL;
927 struct netagent_client *temp_client = NULL;
928 LIST_FOREACH_SAFE(search_client, ®istration->pending_triggers_list, client_chain, temp_client) {
929 LIST_REMOVE(search_client, client_chain);
930 kfree_type(struct netagent_client, search_client);
931 }
932
933 // Free registration itself
934 netagent_free_registration_memory(registration);
935 }
936
937 static void
netagent_unregister_all_session_registrations(struct netagent_session * session)938 netagent_unregister_all_session_registrations(struct netagent_session *session)
939 {
940 TAILQ_HEAD(_netagent_registration_list, netagent_registration) deleting_registrations;
941 TAILQ_INIT(&deleting_registrations);
942 NETAGENT_LIST_LOCK_EXCLUSIVE();
943 if (session != NULL) {
944 NETAGENT_SESSION_LOCK(session);
945 struct netagent_registration *registration = NULL;
946 struct netagent_registration *temp_registration = NULL;
947 TAILQ_FOREACH_SAFE(registration, &session->registrations, session_chain, temp_registration) {
948 if (netagent_registered_count > 0) {
949 netagent_registered_count--;
950 }
951 if ((registration->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE) &&
952 netagent_active_count > 0) {
953 netagent_active_count--;
954 }
955
956 LIST_REMOVE(registration, global_chain);
957 TAILQ_REMOVE(&session->registrations, registration, session_chain);
958 TAILQ_INSERT_TAIL(&deleting_registrations, registration, session_chain);
959 NETAGENTLOG0(LOG_DEBUG, "Unregistered agent");
960 }
961 NETAGENT_SESSION_UNLOCK(session);
962 }
963 NETAGENT_LIST_UNLOCK();
964
965 struct netagent_registration *registration = NULL;
966 struct netagent_registration *temp_registration = NULL;
967 TAILQ_FOREACH_SAFE(registration, &deleting_registrations, session_chain, temp_registration) {
968 TAILQ_REMOVE(&deleting_registrations, registration, session_chain);
969
970 ifnet_clear_netagent(registration->netagent->netagent_uuid);
971 netagent_post_event(registration->netagent->netagent_uuid, KEV_NETAGENT_UNREGISTERED, TRUE, false);
972
973 netagent_free_registration(registration);
974 }
975 }
976
977 static void
netagent_unregister_one_session_registration(struct netagent_session * session,uuid_t agent_id)978 netagent_unregister_one_session_registration(struct netagent_session *session, uuid_t agent_id)
979 {
980 bool unregistered = false;
981 NETAGENT_LIST_LOCK_EXCLUSIVE();
982 if (session != NULL) {
983 NETAGENT_SESSION_LOCK(session);
984 struct netagent_registration *registration = NULL;
985 struct netagent_registration *temp_registration = NULL;
986 TAILQ_FOREACH_SAFE(registration, &session->registrations, session_chain, temp_registration) {
987 if (uuid_compare(agent_id, registration->netagent->netagent_uuid) != 0) {
988 // Not a match, skip
989 continue;
990 }
991
992 if (netagent_registered_count > 0) {
993 netagent_registered_count--;
994 }
995 if ((registration->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE) &&
996 netagent_active_count > 0) {
997 netagent_active_count--;
998 }
999
1000 LIST_REMOVE(registration, global_chain);
1001 TAILQ_REMOVE(&session->registrations, registration, session_chain);
1002
1003 unregistered = true;
1004 netagent_free_registration(registration);
1005
1006 NETAGENTLOG0(LOG_DEBUG, "Unregistered agent");
1007 }
1008 NETAGENT_SESSION_UNLOCK(session);
1009 }
1010 NETAGENT_LIST_UNLOCK();
1011
1012 if (unregistered) {
1013 ifnet_clear_netagent(agent_id);
1014 netagent_post_event(agent_id, KEV_NETAGENT_UNREGISTERED, TRUE, false);
1015 }
1016 }
1017
1018 static void
netagent_delete_session(struct netagent_session * session)1019 netagent_delete_session(struct netagent_session *session)
1020 {
1021 if (session != NULL) {
1022 netagent_unregister_all_session_registrations(session);
1023 lck_mtx_destroy(&session->session_lock, &netagent_mtx_grp);
1024 kfree_type(struct netagent_session, session);
1025 }
1026 }
1027
1028 void
netagent_destroy(netagent_session_t session)1029 netagent_destroy(netagent_session_t session)
1030 {
1031 return netagent_delete_session((struct netagent_session *)session);
1032 }
1033
1034 static size_t
netagent_packet_get_netagent_data_size(mbuf_t packet,size_t offset,int * err)1035 netagent_packet_get_netagent_data_size(mbuf_t packet, size_t offset, int *err)
1036 {
1037 int error = 0;
1038
1039 struct netagent netagent_peek;
1040 memset(&netagent_peek, 0, sizeof(netagent_peek));
1041
1042 *err = 0;
1043
1044 error = mbuf_copydata(packet, offset, sizeof(netagent_peek), &netagent_peek);
1045 if (error) {
1046 *err = ENOENT;
1047 return 0;
1048 }
1049
1050 return netagent_peek.netagent_data_size;
1051 }
1052
1053 static errno_t
netagent_handle_register_inner(struct netagent_session * session,struct netagent_registration * new_registration)1054 netagent_handle_register_inner(struct netagent_session *session, struct netagent_registration *new_registration)
1055 {
1056 NETAGENT_LIST_LOCK_EXCLUSIVE();
1057
1058 NETAGENT_SESSION_LOCK(session);
1059
1060 if (!session->allow_multiple_registrations && !TAILQ_EMPTY(&session->registrations)) {
1061 NETAGENT_SESSION_UNLOCK(session);
1062 NETAGENT_LIST_UNLOCK();
1063 return EINVAL;
1064 }
1065
1066 struct netagent_registration *existing_registration = netagent_find_agent_with_uuid_and_lock(new_registration->netagent->netagent_uuid, false, true);
1067 if (existing_registration != NULL) {
1068 NETAGENT_SESSION_UNLOCK(session);
1069 NETAGENT_LIST_UNLOCK();
1070 return EEXIST;
1071 }
1072
1073 new_registration->control_unit = session->control_unit;
1074 new_registration->allow_multiple_registrations = session->allow_multiple_registrations;
1075 new_registration->event_handler = session->event_handler;
1076 new_registration->event_context = session->event_context;
1077 new_registration->generation = g_next_generation++;
1078
1079 TAILQ_INSERT_TAIL(&session->registrations, new_registration, session_chain);
1080 LIST_INSERT_HEAD(&shared_netagent_list, new_registration, global_chain);
1081 TAILQ_INIT(&new_registration->token_list);
1082 LIST_INIT(&new_registration->pending_triggers_list);
1083
1084 new_registration->netagent->netagent_flags |= NETAGENT_FLAG_REGISTERED;
1085 netagent_registered_count++;
1086 if (new_registration->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE) {
1087 netagent_active_count++;
1088 }
1089
1090 NETAGENT_SESSION_UNLOCK(session);
1091 NETAGENT_LIST_UNLOCK();
1092 return 0;
1093 }
1094
1095 errno_t
netagent_register(netagent_session_t _session,struct netagent * agent)1096 netagent_register(netagent_session_t _session, struct netagent *agent)
1097 {
1098 struct netagent_registration *new_registration = NULL;
1099 uuid_t registered_uuid;
1100
1101 struct netagent_session *session = (struct netagent_session *)_session;
1102 if (session == NULL) {
1103 NETAGENTLOG0(LOG_ERR, "Cannot register agent on NULL session");
1104 return EINVAL;
1105 }
1106
1107 if (agent == NULL) {
1108 NETAGENTLOG0(LOG_ERR, "Cannot register NULL agent");
1109 return EINVAL;
1110 }
1111
1112 size_t data_size = agent->netagent_data_size;
1113 if (data_size > NETAGENT_MAX_DATA_SIZE) {
1114 NETAGENTLOG(LOG_ERR, "Register message size could not be read, data_size %zu",
1115 data_size);
1116 return EINVAL;
1117 }
1118
1119 new_registration = netagent_alloc_registration_memory(data_size);
1120
1121 __nochk_memcpy(new_registration->netagent, agent, sizeof(struct netagent));
1122 __nochk_memcpy(netagent_get_data(new_registration->netagent), netagent_get_data(agent), data_size);
1123
1124 uuid_copy(registered_uuid, new_registration->netagent->netagent_uuid);
1125
1126 errno_t error = netagent_handle_register_inner(session, new_registration);
1127 if (error != 0) {
1128 netagent_free_registration_memory(new_registration);
1129 return error;
1130 }
1131
1132 NETAGENTLOG0(LOG_DEBUG, "Registered new agent");
1133 netagent_post_event(registered_uuid, KEV_NETAGENT_REGISTERED, TRUE, false);
1134
1135 return 0;
1136 }
1137
1138 static errno_t
netagent_handle_register_setopt(struct netagent_session * session,u_int8_t * payload,size_t payload_length)1139 netagent_handle_register_setopt(struct netagent_session *session, u_int8_t *payload,
1140 size_t payload_length)
1141 {
1142 struct netagent_registration *new_registration = NULL;
1143 errno_t response_error = 0;
1144 struct netagent *register_netagent = (struct netagent *)(void *)payload;
1145 uuid_t registered_uuid;
1146
1147 if (session == NULL) {
1148 NETAGENTLOG0(LOG_ERR, "Failed to find session");
1149 response_error = EINVAL;
1150 goto done;
1151 }
1152
1153 if (payload == NULL) {
1154 NETAGENTLOG0(LOG_ERR, "No payload received");
1155 response_error = EINVAL;
1156 goto done;
1157 }
1158
1159 if (payload_length < sizeof(struct netagent)) {
1160 NETAGENTLOG(LOG_ERR, "Register message size too small for agent: (%zu < %zu)",
1161 payload_length, sizeof(struct netagent));
1162 response_error = EINVAL;
1163 goto done;
1164 }
1165
1166 size_t data_size = register_netagent->netagent_data_size;
1167 if (data_size > NETAGENT_MAX_DATA_SIZE) {
1168 NETAGENTLOG(LOG_ERR, "Register message size could not be read, data_size %zu", data_size);
1169 response_error = EINVAL;
1170 goto done;
1171 }
1172
1173 if (payload_length != (sizeof(struct netagent) + data_size)) {
1174 NETAGENTLOG(LOG_ERR, "Mismatch between data size and payload length (%lu != %zu)", (sizeof(struct netagent) + data_size), payload_length);
1175 response_error = EINVAL;
1176 goto done;
1177 }
1178
1179 new_registration = netagent_alloc_registration_memory(data_size);
1180
1181 __nochk_memcpy(new_registration->netagent, register_netagent, sizeof(struct netagent));
1182 __nochk_memcpy(netagent_get_data(new_registration->netagent), netagent_get_data(register_netagent), data_size);
1183
1184 uuid_copy(registered_uuid, new_registration->netagent->netagent_uuid);
1185
1186 response_error = netagent_handle_register_inner(session, new_registration);
1187 if (response_error != 0) {
1188 netagent_free_registration_memory(new_registration);
1189 goto done;
1190 }
1191
1192 NETAGENTLOG0(LOG_DEBUG, "Registered new agent");
1193 netagent_post_event(registered_uuid, KEV_NETAGENT_REGISTERED, TRUE, false);
1194
1195 done:
1196 return response_error;
1197 }
1198
1199 static void
netagent_handle_register_message(struct netagent_session * session,u_int32_t message_id,size_t payload_length,mbuf_t packet,size_t offset)1200 netagent_handle_register_message(struct netagent_session *session, u_int32_t message_id,
1201 size_t payload_length, mbuf_t packet, size_t offset)
1202 {
1203 errno_t error;
1204 struct netagent_registration *new_registration = NULL;
1205 u_int32_t response_error = NETAGENT_MESSAGE_ERROR_INTERNAL;
1206 uuid_t registered_uuid;
1207
1208 if (session == NULL) {
1209 NETAGENTLOG0(LOG_ERR, "Failed to find session");
1210 response_error = NETAGENT_MESSAGE_ERROR_INTERNAL;
1211 goto fail;
1212 }
1213
1214 if (session->allow_multiple_registrations) {
1215 NETAGENTLOG0(LOG_ERR, "Not allowed to register multiple agents");
1216 response_error = NETAGENT_MESSAGE_ERROR_INVALID_DATA;
1217 goto fail;
1218 }
1219
1220 if (payload_length < sizeof(struct netagent)) {
1221 NETAGENTLOG(LOG_ERR, "Register message size too small for agent: (%zu < %zu)",
1222 payload_length, sizeof(struct netagent));
1223 response_error = NETAGENT_MESSAGE_ERROR_INVALID_DATA;
1224 goto fail;
1225 }
1226
1227 size_t data_size = netagent_packet_get_netagent_data_size(packet, offset, &error);
1228 if (error || data_size > NETAGENT_MAX_DATA_SIZE) {
1229 NETAGENTLOG(LOG_ERR, "Register message size could not be read, error %d data_size %zu",
1230 error, data_size);
1231 response_error = NETAGENT_MESSAGE_ERROR_INVALID_DATA;
1232 goto fail;
1233 }
1234
1235 new_registration = netagent_alloc_registration_memory(data_size);
1236
1237 error = mbuf_copydata(packet, offset, sizeof(struct netagent) + data_size,
1238 new_registration->netagent);
1239 if (error) {
1240 NETAGENTLOG(LOG_ERR, "Failed to read data into agent structure: %d", error);
1241 netagent_free_registration_memory(new_registration);
1242 response_error = NETAGENT_MESSAGE_ERROR_INTERNAL;
1243 goto fail;
1244 }
1245
1246 uuid_copy(registered_uuid, new_registration->netagent->netagent_uuid);
1247
1248 error = netagent_handle_register_inner(session, new_registration);
1249 if (error) {
1250 NETAGENTLOG(LOG_ERR, "Failed to register agent: %d", error);
1251 netagent_free_registration_memory(new_registration);
1252 response_error = NETAGENT_MESSAGE_ERROR_INTERNAL;
1253 goto fail;
1254 }
1255
1256 NETAGENTLOG0(LOG_DEBUG, "Registered new agent");
1257 netagent_send_success_response(session, NETAGENT_MESSAGE_TYPE_REGISTER, message_id);
1258 netagent_post_event(registered_uuid, KEV_NETAGENT_REGISTERED, TRUE, false);
1259 return;
1260 fail:
1261 netagent_send_error_response(session, NETAGENT_MESSAGE_TYPE_REGISTER, message_id, response_error);
1262 }
1263
1264 errno_t
netagent_unregister(netagent_session_t _session)1265 netagent_unregister(netagent_session_t _session)
1266 {
1267 struct netagent_session *session = (struct netagent_session *)_session;
1268 if (session == NULL) {
1269 NETAGENTLOG0(LOG_ERR, "Cannot unregister NULL session");
1270 return EINVAL;
1271 }
1272
1273 netagent_unregister_all_session_registrations(session);
1274 return 0;
1275 }
1276
1277 static errno_t
netagent_handle_unregister_setopt(struct netagent_session * session,u_int8_t * __sized_by (payload_length)payload,size_t payload_length)1278 netagent_handle_unregister_setopt(struct netagent_session *session, u_int8_t * __sized_by(payload_length) payload,
1279 size_t payload_length)
1280 {
1281 errno_t response_error = 0;
1282
1283 if (session == NULL) {
1284 NETAGENTLOG0(LOG_ERR, "Failed to find session");
1285 response_error = EINVAL;
1286 goto done;
1287 }
1288
1289 if (!session->allow_multiple_registrations) {
1290 netagent_unregister_all_session_registrations(session);
1291 } else {
1292 if (payload == NULL) {
1293 NETAGENTLOG0(LOG_ERR, "No payload received");
1294 response_error = EINVAL;
1295 goto done;
1296 }
1297
1298 if (payload_length < sizeof(uuid_t)) {
1299 NETAGENTLOG(LOG_ERR, "Unregister message size too small for UUID: (%zu < %zu)",
1300 payload_length, sizeof(uuid_t));
1301 response_error = EINVAL;
1302 goto done;
1303 }
1304
1305 uuid_t agent_uuid = {};
1306 uuid_copy(agent_uuid, payload);
1307 netagent_unregister_one_session_registration(session, agent_uuid);
1308 }
1309
1310 done:
1311 return response_error;
1312 }
1313
1314 static errno_t
netagent_handle_unregister_all_setopt(struct netagent_session * session,u_int8_t * __sized_by (payload_length)payload,size_t payload_length)1315 netagent_handle_unregister_all_setopt(struct netagent_session *session, u_int8_t * __sized_by(payload_length) payload,
1316 size_t payload_length)
1317 {
1318 #pragma unused(payload, payload_length)
1319
1320 errno_t response_error = 0;
1321
1322 if (session == NULL) {
1323 NETAGENTLOG0(LOG_ERR, "Failed to find session");
1324 response_error = EINVAL;
1325 goto done;
1326 }
1327
1328 netagent_unregister_all_session_registrations(session);
1329
1330 done:
1331 return response_error;
1332 }
1333
1334 static void
netagent_handle_unregister_message(struct netagent_session * session,u_int32_t message_id,size_t payload_length,mbuf_t packet,size_t offset)1335 netagent_handle_unregister_message(struct netagent_session *session, u_int32_t message_id,
1336 size_t payload_length, mbuf_t packet, size_t offset)
1337 {
1338 #pragma unused(payload_length, packet, offset)
1339 u_int32_t response_error = NETAGENT_MESSAGE_ERROR_INTERNAL;
1340
1341 if (session == NULL) {
1342 NETAGENTLOG0(LOG_ERR, "Failed to find session");
1343 response_error = NETAGENT_MESSAGE_ERROR_INTERNAL;
1344 goto fail;
1345 }
1346
1347 if (session->allow_multiple_registrations) {
1348 NETAGENTLOG0(LOG_ERR, "Not allowed to register multiple agents");
1349 response_error = NETAGENT_MESSAGE_ERROR_INVALID_DATA;
1350 goto fail;
1351 }
1352
1353 netagent_unregister_all_session_registrations(session);
1354
1355 netagent_send_success_response(session, NETAGENT_MESSAGE_TYPE_UNREGISTER, message_id);
1356 return;
1357 fail:
1358 netagent_send_error_response(session, NETAGENT_MESSAGE_TYPE_UNREGISTER, message_id, response_error);
1359 }
1360
1361 static void
netagent_send_cellular_failed_event(struct netagent_registration * registration,pid_t pid,uuid_t proc_uuid)1362 netagent_send_cellular_failed_event(struct netagent_registration *registration,
1363 pid_t pid, uuid_t proc_uuid)
1364 {
1365 if (strlcmp(registration->netagent->netagent_domain, "Cellular", NETAGENT_DOMAINSIZE) != 0) {
1366 return;
1367 }
1368
1369 struct kev_netpolicy_ifdenied ev_ifdenied;
1370
1371 bzero(&ev_ifdenied, sizeof(ev_ifdenied));
1372
1373 ev_ifdenied.ev_data.epid = (u_int64_t)pid;
1374 uuid_copy(ev_ifdenied.ev_data.euuid, proc_uuid);
1375 ev_ifdenied.ev_if_functional_type = IFRTYPE_FUNCTIONAL_CELLULAR;
1376
1377 netpolicy_post_msg(KEV_NETPOLICY_IFFAILED, &ev_ifdenied.ev_data, sizeof(ev_ifdenied));
1378 }
1379
1380 static errno_t
netagent_handle_update_inner(struct netagent_session * session,struct netagent_registration * new_registration,size_t data_size,u_int8_t * agent_changed,netagent_error_domain_t error_domain)1381 netagent_handle_update_inner(struct netagent_session *session, struct netagent_registration *new_registration,
1382 size_t data_size, u_int8_t *agent_changed, netagent_error_domain_t error_domain)
1383 {
1384 errno_t response_error = 0;
1385
1386 if (agent_changed == NULL) {
1387 NETAGENTLOG0(LOG_ERR, "Invalid argument: agent_changed");
1388 return EINVAL;
1389 }
1390
1391 NETAGENT_LIST_LOCK_EXCLUSIVE();
1392
1393 NETAGENT_SESSION_LOCK(session);
1394 struct netagent_registration *registration = NULL;
1395 if (session->allow_multiple_registrations) {
1396 registration = netagent_session_find_agent_with_uuid_and_lock(session, new_registration->netagent->netagent_uuid, true, false);
1397 } else {
1398 registration = netagent_session_access_agent_with_lock(session, true, false);
1399 }
1400
1401 if (registration == NULL) {
1402 NETAGENT_SESSION_UNLOCK(session);
1403 NETAGENT_LIST_UNLOCK();
1404 response_error = ENOENT;
1405 return response_error;
1406 }
1407
1408 if (uuid_compare(registration->netagent->netagent_uuid, new_registration->netagent->netagent_uuid) != 0 ||
1409 memcmp(®istration->netagent->netagent_domain, &new_registration->netagent->netagent_domain,
1410 sizeof(new_registration->netagent->netagent_domain)) != 0 ||
1411 memcmp(®istration->netagent->netagent_type, &new_registration->netagent->netagent_type,
1412 sizeof(new_registration->netagent->netagent_type)) != 0) {
1413 NETAGENT_UNLOCK(registration);
1414 NETAGENT_SESSION_UNLOCK(session);
1415 NETAGENT_LIST_UNLOCK();
1416 NETAGENTLOG0(LOG_ERR, "Basic agent parameters do not match, cannot update");
1417 if (error_domain == kNetagentErrorDomainPOSIX) {
1418 response_error = EINVAL;
1419 } else if (error_domain == kNetagentErrorDomainUserDefined) {
1420 response_error = NETAGENT_MESSAGE_ERROR_CANNOT_UPDATE;
1421 }
1422 return response_error;
1423 }
1424
1425 new_registration->netagent->netagent_flags |= NETAGENT_FLAG_REGISTERED;
1426 if (registration->netagent->netagent_data_size == new_registration->netagent->netagent_data_size &&
1427 memcmp(registration->netagent, new_registration->netagent, sizeof(struct netagent)) == 0 &&
1428 memcmp(netagent_get_data(registration->netagent), netagent_get_data(new_registration->netagent), data_size) == 0) {
1429 // Agent is exactly identical, don't increment the generation count
1430
1431 // Make a copy of the list of pending clients, and clear the current list
1432 struct netagent_client_list_s pending_triggers_list_copy;
1433 LIST_INIT(&pending_triggers_list_copy);
1434 struct netagent_client * __single search_client = NULL;
1435 struct netagent_client *temp_client = NULL;
1436 LIST_FOREACH_SAFE(search_client, ®istration->pending_triggers_list, client_chain, temp_client) {
1437 LIST_REMOVE(search_client, client_chain);
1438 LIST_INSERT_HEAD(&pending_triggers_list_copy, search_client, client_chain);
1439 }
1440 NETAGENT_UNLOCK(registration);
1441 NETAGENT_SESSION_UNLOCK(session);
1442 NETAGENT_LIST_UNLOCK();
1443
1444 // Update pending client triggers without holding a lock
1445 search_client = NULL;
1446 temp_client = NULL;
1447 LIST_FOREACH_SAFE(search_client, &pending_triggers_list_copy, client_chain, temp_client) {
1448 necp_force_update_client(search_client->client_id, registration->netagent->netagent_uuid, registration->generation);
1449 netagent_send_cellular_failed_event(new_registration, search_client->client_pid, search_client->client_proc_uuid);
1450 LIST_REMOVE(search_client, client_chain);
1451 kfree_type(struct netagent_client, search_client);
1452 }
1453 NETAGENTLOG0(LOG_DEBUG, "Updated agent (no changes)");
1454 *agent_changed = FALSE;
1455 return response_error;
1456 }
1457
1458 new_registration->generation = g_next_generation++;
1459 new_registration->use_count = registration->use_count;
1460
1461 TAILQ_INIT(&new_registration->token_list);
1462 TAILQ_CONCAT(&new_registration->token_list, ®istration->token_list, token_chain);
1463 new_registration->token_count = registration->token_count;
1464 new_registration->token_low_water = registration->token_low_water;
1465 new_registration->last_client_error = registration->last_client_error;
1466 new_registration->client_error_count = registration->client_error_count;
1467 new_registration->allow_multiple_registrations = registration->allow_multiple_registrations;
1468
1469 if ((new_registration->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE) &&
1470 !(registration->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE)) {
1471 netagent_active_count++;
1472 } else if (!(new_registration->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE) &&
1473 (registration->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE) &&
1474 netagent_active_count > 0) {
1475 netagent_active_count--;
1476 }
1477
1478 TAILQ_REMOVE(&session->registrations, registration, session_chain);
1479 LIST_REMOVE(registration, global_chain);
1480 NETAGENT_UNLOCK(registration);
1481 netagent_free_registration(registration);
1482 TAILQ_INSERT_TAIL(&session->registrations, new_registration, session_chain);
1483 new_registration->control_unit = session->control_unit;
1484 new_registration->event_handler = session->event_handler;
1485 new_registration->event_context = session->event_context;
1486 LIST_INSERT_HEAD(&shared_netagent_list, new_registration, global_chain);
1487 LIST_INIT(&new_registration->pending_triggers_list);
1488
1489 NETAGENT_SESSION_UNLOCK(session);
1490 NETAGENT_LIST_UNLOCK();
1491
1492 NETAGENTLOG0(LOG_DEBUG, "Updated agent");
1493 *agent_changed = TRUE;
1494
1495 return response_error;
1496 }
1497
1498 errno_t
netagent_update(netagent_session_t _session,struct netagent * agent)1499 netagent_update(netagent_session_t _session, struct netagent *agent)
1500 {
1501 u_int8_t agent_changed;
1502 struct netagent_registration *new_registration = NULL;
1503 bool should_update_immediately;
1504 uuid_t updated_uuid;
1505
1506 struct netagent_session *session = (struct netagent_session *)_session;
1507 if (session == NULL) {
1508 NETAGENTLOG0(LOG_ERR, "Cannot update agent on NULL session");
1509 return EINVAL;
1510 }
1511
1512 if (agent == NULL) {
1513 NETAGENTLOG0(LOG_ERR, "Cannot register NULL agent");
1514 return EINVAL;
1515 }
1516
1517 size_t data_size = agent->netagent_data_size;
1518 if (data_size > NETAGENT_MAX_DATA_SIZE) {
1519 NETAGENTLOG(LOG_ERR, "Update message size (%zu > %u) too large", data_size, NETAGENT_MAX_DATA_SIZE);
1520 return EINVAL;
1521 }
1522
1523 new_registration = netagent_alloc_registration_memory(data_size);
1524
1525 __nochk_memcpy(new_registration->netagent, agent, sizeof(struct netagent));
1526 __nochk_memcpy(netagent_get_data(new_registration->netagent), netagent_get_data(agent), data_size);
1527
1528 uuid_copy(updated_uuid, new_registration->netagent->netagent_uuid);
1529 should_update_immediately = (NETAGENT_FLAG_UPDATE_IMMEDIATELY == (new_registration->netagent->netagent_flags & NETAGENT_FLAG_UPDATE_IMMEDIATELY));
1530
1531 errno_t error = netagent_handle_update_inner(session, new_registration, data_size, &agent_changed, kNetagentErrorDomainPOSIX);
1532 if (error == 0) {
1533 netagent_post_event(updated_uuid, KEV_NETAGENT_UPDATED, agent_changed, should_update_immediately);
1534 if (agent_changed == FALSE) {
1535 // The session registration does not need the "new_registration" as nothing changed
1536 netagent_free_registration_memory(new_registration);
1537 }
1538 } else {
1539 netagent_free_registration_memory(new_registration);
1540 return error;
1541 }
1542
1543 return 0;
1544 }
1545
1546 static errno_t
netagent_handle_update_setopt(struct netagent_session * session,u_int8_t * payload,size_t payload_length)1547 netagent_handle_update_setopt(struct netagent_session *session, u_int8_t *payload, size_t payload_length)
1548 {
1549 struct netagent_registration *new_registration = NULL;
1550 errno_t response_error = 0;
1551 struct netagent *update_netagent = (struct netagent *)(void *)payload;
1552 u_int8_t agent_changed;
1553 bool should_update_immediately;
1554 uuid_t updated_uuid;
1555
1556 if (session == NULL) {
1557 NETAGENTLOG0(LOG_ERR, "Failed to find session");
1558 response_error = EINVAL;
1559 goto done;
1560 }
1561
1562 if (payload == NULL) {
1563 NETAGENTLOG0(LOG_ERR, "No payload received");
1564 response_error = EINVAL;
1565 goto done;
1566 }
1567
1568 if (payload_length < sizeof(struct netagent)) {
1569 NETAGENTLOG(LOG_ERR, "Update message size too small for agent: (%zu < %zu)",
1570 payload_length, sizeof(struct netagent));
1571 response_error = EINVAL;
1572 goto done;
1573 }
1574
1575 size_t data_size = update_netagent->netagent_data_size;
1576 if (data_size > NETAGENT_MAX_DATA_SIZE) {
1577 NETAGENTLOG(LOG_ERR, "Update message size (%zu > %u) too large", data_size, NETAGENT_MAX_DATA_SIZE);
1578 response_error = EINVAL;
1579 goto done;
1580 }
1581
1582 if (payload_length != (sizeof(struct netagent) + data_size)) {
1583 NETAGENTLOG(LOG_ERR, "Mismatch between data size and payload length (%lu != %zu)", (sizeof(struct netagent) + data_size), payload_length);
1584 response_error = EINVAL;
1585 goto done;
1586 }
1587
1588 new_registration = netagent_alloc_registration_memory(data_size);
1589
1590 __nochk_memcpy(new_registration->netagent, update_netagent, sizeof(struct netagent));
1591 __nochk_memcpy(netagent_get_data(new_registration->netagent), netagent_get_data(update_netagent), data_size);
1592
1593 uuid_copy(updated_uuid, new_registration->netagent->netagent_uuid);
1594 should_update_immediately = (NETAGENT_FLAG_UPDATE_IMMEDIATELY == (new_registration->netagent->netagent_flags & NETAGENT_FLAG_UPDATE_IMMEDIATELY));
1595
1596 response_error = netagent_handle_update_inner(session, new_registration, data_size, &agent_changed, kNetagentErrorDomainPOSIX);
1597 if (response_error == 0) {
1598 netagent_post_event(updated_uuid, KEV_NETAGENT_UPDATED, agent_changed, should_update_immediately);
1599 if (agent_changed == FALSE) {
1600 // The session registration does not need the "new_registration" as nothing changed
1601 netagent_free_registration_memory(new_registration);
1602 }
1603 } else {
1604 netagent_free_registration_memory(new_registration);
1605 }
1606
1607 done:
1608 return response_error;
1609 }
1610
1611 static void
netagent_handle_update_message(struct netagent_session * session,u_int32_t message_id,size_t payload_length,mbuf_t packet,size_t offset)1612 netagent_handle_update_message(struct netagent_session *session, u_int32_t message_id,
1613 size_t payload_length, mbuf_t packet, size_t offset)
1614 {
1615 int error;
1616 struct netagent_registration *new_registration = NULL;
1617 u_int32_t response_error = NETAGENT_MESSAGE_ERROR_INTERNAL;
1618 u_int8_t agent_changed;
1619 uuid_t updated_uuid;
1620 bool should_update_immediately;
1621
1622 if (session == NULL) {
1623 NETAGENTLOG0(LOG_ERR, "Failed to find session");
1624 response_error = NETAGENT_MESSAGE_ERROR_INTERNAL;
1625 goto fail;
1626 }
1627
1628 if (payload_length < sizeof(struct netagent)) {
1629 NETAGENTLOG(LOG_ERR, "Update message size too small for agent: (%zu < %zu)",
1630 payload_length, sizeof(struct netagent));
1631 response_error = NETAGENT_MESSAGE_ERROR_INVALID_DATA;
1632 goto fail;
1633 }
1634
1635 size_t data_size = netagent_packet_get_netagent_data_size(packet, offset, &error);
1636 if (error || data_size > NETAGENT_MAX_DATA_SIZE) {
1637 NETAGENTLOG(LOG_ERR, "Update message size could not be read, error %d data_size %zu",
1638 error, data_size);
1639 response_error = NETAGENT_MESSAGE_ERROR_INVALID_DATA;
1640 goto fail;
1641 }
1642
1643 new_registration = netagent_alloc_registration_memory(data_size);
1644
1645 error = mbuf_copydata(packet, offset, new_registration->netagent_alloc_size, new_registration->netagent);
1646 if (error) {
1647 NETAGENTLOG(LOG_ERR, "Failed to read data into agent structure: %d", error);
1648 netagent_free_registration_memory(new_registration);
1649 response_error = NETAGENT_MESSAGE_ERROR_INTERNAL;
1650 goto fail;
1651 }
1652
1653 uuid_copy(updated_uuid, new_registration->netagent->netagent_uuid);
1654 should_update_immediately = (NETAGENT_FLAG_UPDATE_IMMEDIATELY == (new_registration->netagent->netagent_flags & NETAGENT_FLAG_UPDATE_IMMEDIATELY));
1655
1656 response_error = (u_int32_t)netagent_handle_update_inner(session, new_registration, data_size, &agent_changed, kNetagentErrorDomainUserDefined);
1657 if (response_error != 0) {
1658 if (response_error == ENOENT) {
1659 response_error = NETAGENT_MESSAGE_ERROR_NOT_REGISTERED;
1660 }
1661 netagent_free_registration_memory(new_registration);
1662 goto fail;
1663 }
1664
1665 netagent_send_success_response(session, NETAGENT_MESSAGE_TYPE_UPDATE, message_id);
1666
1667 netagent_post_event(updated_uuid, KEV_NETAGENT_UPDATED, agent_changed, should_update_immediately);
1668
1669 if (agent_changed == FALSE) {
1670 // The session registration does not need the "new_registration" as nothing changed
1671 netagent_free_registration_memory(new_registration);
1672 }
1673
1674 return;
1675 fail:
1676 netagent_send_error_response(session, NETAGENT_MESSAGE_TYPE_UPDATE, message_id, response_error);
1677 }
1678
1679 errno_t
netagent_assign_nexus(netagent_session_t _session,uuid_t necp_client_uuid,void * __sized_by (assigned_results_length)assign_message,size_t assigned_results_length)1680 netagent_assign_nexus(netagent_session_t _session, uuid_t necp_client_uuid,
1681 void * __sized_by(assigned_results_length)assign_message, size_t assigned_results_length)
1682 {
1683 struct netagent_session *session = (struct netagent_session *)_session;
1684 uuid_t netagent_uuid;
1685 if (session == NULL) {
1686 NETAGENTLOG0(LOG_ERR, "Cannot assign nexus from NULL session");
1687 return EINVAL;
1688 }
1689
1690 NETAGENT_SESSION_LOCK(session);
1691
1692 struct netagent_registration *registration = netagent_session_access_agent_with_lock(session, false, false);
1693 if (registration == NULL) {
1694 NETAGENT_SESSION_UNLOCK(session);
1695 NETAGENTLOG0(LOG_ERR, "Session has no matching agent");
1696 return ENOENT;
1697 }
1698 uuid_copy(netagent_uuid, registration->netagent->netagent_uuid);
1699 NETAGENT_UNLOCK(registration);
1700 NETAGENT_SESSION_UNLOCK(session);
1701
1702 // Note that if the error is 0, NECP has taken over our malloc'ed buffer
1703 int error = necp_assign_client_result(netagent_uuid, necp_client_uuid, assign_message, assigned_results_length);
1704 if (error) {
1705 // necp_assign_client_result returns POSIX errors; don't error for ENOENT
1706 NETAGENTLOG((error == ENOENT ? LOG_DEBUG : LOG_ERR), "Client assignment failed: %d", error);
1707 return error;
1708 }
1709
1710 NETAGENTLOG0(LOG_DEBUG, "Agent assigned nexus properties to client");
1711 return 0;
1712 }
1713
1714 errno_t
netagent_update_flow_protoctl_event(netagent_session_t _session,uuid_t client_id,uint32_t protoctl_event_code,uint32_t protoctl_event_val,uint32_t protoctl_event_tcp_seq_number)1715 netagent_update_flow_protoctl_event(netagent_session_t _session,
1716 uuid_t client_id, uint32_t protoctl_event_code,
1717 uint32_t protoctl_event_val, uint32_t protoctl_event_tcp_seq_number)
1718 {
1719 struct netagent_session *session = (struct netagent_session *)_session;
1720 uuid_t netagent_uuid;
1721 int error = 0;
1722
1723 if (session == NULL) {
1724 NETAGENTLOG0(LOG_ERR, "Cannot assign nexus from NULL session");
1725 return EINVAL;
1726 }
1727
1728 NETAGENT_SESSION_LOCK(session);
1729 struct netagent_registration *registration = netagent_session_access_agent_with_lock(session, false, false);
1730 if (registration == NULL) {
1731 NETAGENT_SESSION_UNLOCK(session);
1732 NETAGENTLOG0(LOG_ERR, "Session has no agent");
1733 return ENOENT;
1734 }
1735 uuid_copy(netagent_uuid, registration->netagent->netagent_uuid);
1736 NETAGENT_UNLOCK(registration);
1737 NETAGENT_SESSION_UNLOCK(session);
1738
1739 error = necp_update_flow_protoctl_event(netagent_uuid,
1740 client_id, protoctl_event_code, protoctl_event_val, protoctl_event_tcp_seq_number);
1741
1742 return error;
1743 }
1744
1745 static errno_t
netagent_handle_assign_nexus_setopt(struct netagent_session * session,u_int8_t * __sized_by (payload_length)payload,size_t payload_length)1746 netagent_handle_assign_nexus_setopt(struct netagent_session *session, u_int8_t * __sized_by(payload_length)payload,
1747 size_t payload_length)
1748 {
1749 errno_t response_error = 0;
1750 uuid_t client_id;
1751 uuid_t netagent_uuid;
1752 u_int8_t *assigned_results = NULL;
1753
1754 if (session == NULL) {
1755 NETAGENTLOG0(LOG_ERR, "Failed to find session");
1756 response_error = ENOENT;
1757 goto done;
1758 }
1759
1760 if (payload == NULL) {
1761 NETAGENTLOG0(LOG_ERR, "No payload received");
1762 response_error = EINVAL;
1763 goto done;
1764 }
1765
1766 NETAGENT_SESSION_LOCK(session);
1767
1768 const size_t header_offset = (session->allow_multiple_registrations ? sizeof(uuid_t) : 0);
1769 if (payload_length < header_offset) {
1770 NETAGENT_SESSION_UNLOCK(session);
1771 NETAGENTLOG0(LOG_ERR, "Assign message is too short");
1772 response_error = EINVAL;
1773 goto done;
1774 }
1775
1776 struct netagent_assign_nexus_message * __single assign_nexus_netagent = (struct netagent_assign_nexus_message *)(void *)((u_int8_t *)payload + header_offset);
1777
1778 struct netagent_registration *registration = NULL;
1779 if (session->allow_multiple_registrations) {
1780 uuid_t agent_uuid = {};
1781 uuid_copy(agent_uuid, payload);
1782 registration = netagent_session_find_agent_with_uuid_and_lock(session, agent_uuid, false, false);
1783 } else {
1784 registration = netagent_session_access_agent_with_lock(session, false, false);
1785 }
1786
1787 if (registration == NULL) {
1788 NETAGENT_SESSION_UNLOCK(session);
1789 NETAGENTLOG0(LOG_ERR, "Session has no agent to get");
1790 response_error = ENOENT;
1791 goto done;
1792 }
1793
1794 uuid_copy(netagent_uuid, registration->netagent->netagent_uuid);
1795 NETAGENT_UNLOCK(registration);
1796 NETAGENT_SESSION_UNLOCK(session);
1797
1798 if (payload_length < (header_offset + sizeof(uuid_t))) {
1799 NETAGENTLOG0(LOG_ERR, "Assign message is too short");
1800 response_error = EINVAL;
1801 goto done;
1802 }
1803
1804 memcpy(client_id, assign_nexus_netagent->assign_client_id, sizeof(client_id));
1805 size_t assigned_results_length = (payload_length - (header_offset + sizeof(client_id)));
1806
1807 if (assigned_results_length > 0) {
1808 assigned_results = kalloc_data(assigned_results_length, Z_WAITOK);
1809 if (assigned_results == NULL) {
1810 NETAGENTLOG(LOG_ERR, "Failed to allocate assign message (%lu bytes)", assigned_results_length);
1811 response_error = ENOMEM;
1812 goto done;
1813 }
1814 memcpy(assigned_results,
1815 netagent_assign_message_get_necp_result(assign_nexus_netagent, assigned_results_length),
1816 assigned_results_length);
1817 }
1818
1819 // Note that if the error is 0, NECP has taken over our malloc'ed buffer
1820 response_error = necp_assign_client_result(netagent_uuid, client_id, assigned_results, assigned_results_length);
1821 if (response_error) {
1822 // necp_assign_client_result returns POSIX errors
1823 kfree_data(assigned_results, assigned_results_length);
1824 NETAGENTLOG(LOG_ERR, "Client assignment failed: %d", response_error);
1825 goto done;
1826 }
1827
1828 NETAGENTLOG0(LOG_DEBUG, "Agent assigned nexus properties to client");
1829 done:
1830 return response_error;
1831 }
1832
1833 static void
netagent_handle_assign_nexus_message(struct netagent_session * session,u_int32_t message_id,size_t payload_length,mbuf_t packet,size_t offset)1834 netagent_handle_assign_nexus_message(struct netagent_session *session, u_int32_t message_id,
1835 size_t payload_length, mbuf_t packet, size_t offset)
1836 {
1837 int error = 0;
1838 u_int32_t response_error = NETAGENT_MESSAGE_ERROR_INTERNAL;
1839 uuid_t client_id;
1840 uuid_t netagent_uuid;
1841 u_int8_t * assigned_results = NULL;
1842
1843 if (session == NULL) {
1844 NETAGENTLOG0(LOG_ERR, "Failed to find session");
1845 response_error = NETAGENT_MESSAGE_ERROR_INTERNAL;
1846 goto fail;
1847 }
1848
1849 NETAGENT_SESSION_LOCK(session);
1850 struct netagent_registration *registration = netagent_session_access_agent_with_lock(session, false, false);
1851 if (registration == NULL) {
1852 NETAGENT_SESSION_UNLOCK(session);
1853 NETAGENTLOG0(LOG_ERR, "Session has no agent to get");
1854 response_error = NETAGENT_MESSAGE_ERROR_NOT_REGISTERED;
1855 goto fail;
1856 }
1857 uuid_copy(netagent_uuid, registration->netagent->netagent_uuid);
1858 NETAGENT_UNLOCK(registration);
1859 NETAGENT_SESSION_UNLOCK(session);
1860
1861 if (payload_length < sizeof(uuid_t)) {
1862 NETAGENTLOG0(LOG_ERR, "Assign message is too short");
1863 response_error = NETAGENT_MESSAGE_ERROR_INVALID_DATA;
1864 goto fail;
1865 }
1866
1867 error = mbuf_copydata(packet, offset, sizeof(client_id), &client_id);
1868 if (error) {
1869 NETAGENTLOG(LOG_ERR, "Failed to read uuid for assign message: %d", error);
1870 response_error = NETAGENT_MESSAGE_ERROR_INTERNAL;
1871 goto fail;
1872 }
1873
1874 size_t assigned_results_length = (payload_length - sizeof(client_id));
1875 if (assigned_results_length > 0) {
1876 assigned_results = kalloc_data( assigned_results_length, Z_WAITOK);
1877 if (assigned_results == NULL) {
1878 NETAGENTLOG(LOG_ERR, "Failed to allocate assign message (%lu bytes)", assigned_results_length);
1879 response_error = NETAGENT_MESSAGE_ERROR_INTERNAL;
1880 goto fail;
1881 }
1882
1883 error = mbuf_copydata(packet, offset + sizeof(client_id), assigned_results_length, assigned_results);
1884 if (error) {
1885 kfree_data(assigned_results, assigned_results_length);
1886 NETAGENTLOG(LOG_ERR, "Failed to read assign message: %d", error);
1887 response_error = NETAGENT_MESSAGE_ERROR_INTERNAL;
1888 goto fail;
1889 }
1890 }
1891
1892 // Note that if the error is 0, NECP has taken over our malloc'ed buffer
1893 error = necp_assign_client_result(netagent_uuid, client_id, assigned_results, assigned_results_length);
1894 if (error) {
1895 kfree_data(assigned_results, assigned_results_length);
1896 NETAGENTLOG(LOG_ERR, "Client assignment failed: %d", error);
1897 response_error = NETAGENT_MESSAGE_ERROR_CANNOT_ASSIGN;
1898 goto fail;
1899 }
1900
1901 NETAGENTLOG0(LOG_DEBUG, "Agent assigned nexus properties to client");
1902 netagent_send_success_response(session, NETAGENT_MESSAGE_TYPE_ASSIGN_NEXUS, message_id);
1903 return;
1904 fail:
1905 netagent_send_error_response(session, NETAGENT_MESSAGE_TYPE_ASSIGN_NEXUS, message_id, response_error);
1906 }
1907
1908 static errno_t
netagent_handle_assign_group_setopt(struct netagent_session * session,u_int8_t * __sized_by (payload_length)payload,size_t payload_length)1909 netagent_handle_assign_group_setopt(struct netagent_session *session, u_int8_t * __sized_by(payload_length)payload,
1910 size_t payload_length)
1911 {
1912 errno_t response_error = 0;
1913 uuid_t client_id;
1914 uuid_t netagent_uuid;
1915 u_int8_t *assigned_group_members = NULL;
1916
1917 if (session == NULL) {
1918 NETAGENTLOG0(LOG_ERR, "Failed to find session");
1919 response_error = ENOENT;
1920 goto done;
1921 }
1922
1923 if (payload == NULL) {
1924 NETAGENTLOG0(LOG_ERR, "No payload received");
1925 response_error = EINVAL;
1926 goto done;
1927 }
1928
1929 NETAGENT_SESSION_LOCK(session);
1930
1931 const size_t header_offset = (session->allow_multiple_registrations ? sizeof(uuid_t) : 0);
1932 if (payload_length < header_offset) {
1933 NETAGENT_SESSION_UNLOCK(session);
1934 NETAGENTLOG0(LOG_ERR, "Assign message is too short");
1935 response_error = EINVAL;
1936 goto done;
1937 }
1938
1939 struct netagent_assign_nexus_message *assign_message = (struct netagent_assign_nexus_message *)(void *)((u_int8_t *)payload + header_offset);
1940
1941 struct netagent_registration *registration = NULL;
1942 if (session->allow_multiple_registrations) {
1943 uuid_t agent_uuid = {};
1944 uuid_copy(agent_uuid, payload);
1945 registration = netagent_session_find_agent_with_uuid_and_lock(session, agent_uuid, false, false);
1946 } else {
1947 registration = netagent_session_access_agent_with_lock(session, false, false);
1948 }
1949
1950 if (registration == NULL) {
1951 NETAGENT_SESSION_UNLOCK(session);
1952 NETAGENTLOG0(LOG_ERR, "Session has no agent to get");
1953 response_error = ENOENT;
1954 goto done;
1955 }
1956
1957 uuid_copy(netagent_uuid, registration->netagent->netagent_uuid);
1958 NETAGENT_UNLOCK(registration);
1959 NETAGENT_SESSION_UNLOCK(session);
1960
1961 if (payload_length < (header_offset + sizeof(uuid_t))) {
1962 NETAGENTLOG0(LOG_ERR, "Group assign message is too short");
1963 response_error = EINVAL;
1964 goto done;
1965 }
1966
1967 memcpy(client_id, assign_message->assign_client_id, sizeof(client_id));
1968 size_t assigned_group_members_length = (payload_length - (header_offset + sizeof(client_id)));
1969
1970 if (assigned_group_members_length > 0) {
1971 assigned_group_members = (u_int8_t *)kalloc_data(assigned_group_members_length, Z_WAITOK);
1972 if (assigned_group_members == NULL) {
1973 NETAGENTLOG(LOG_ERR, "Failed to allocate group assign message (%lu bytes)", assigned_group_members_length);
1974 response_error = ENOMEM;
1975 goto done;
1976 }
1977 memcpy(assigned_group_members, netagent_assign_message_get_necp_result(assign_message, assigned_group_members_length), assigned_group_members_length);
1978 }
1979
1980 // Note that if the error is 0, NECP has taken over our malloc'ed buffer
1981 response_error = necp_assign_client_group_members(netagent_uuid, client_id, assigned_group_members, assigned_group_members_length);
1982 if (response_error != 0) {
1983 // necp_assign_client_group_members returns POSIX errors
1984 if (assigned_group_members != NULL) {
1985 kfree_data(assigned_group_members, assigned_group_members_length);
1986 }
1987 NETAGENTLOG(LOG_ERR, "Client group assignment failed: %d", response_error);
1988 goto done;
1989 }
1990
1991 NETAGENTLOG0(LOG_DEBUG, "Agent assigned group members to client");
1992 done:
1993 return response_error;
1994 }
1995
1996 errno_t
netagent_handle_use_count_setopt(struct netagent_session * session,u_int8_t * __sized_by (payload_length)payload,size_t payload_length)1997 netagent_handle_use_count_setopt(struct netagent_session *session, u_int8_t * __sized_by(payload_length)payload, size_t payload_length)
1998 {
1999 errno_t response_error = 0;
2000 uint64_t use_count = 0;
2001
2002 if (session == NULL) {
2003 NETAGENTLOG0(LOG_ERR, "Failed to find session");
2004 response_error = ENOENT;
2005 goto done;
2006 }
2007
2008 if (payload == NULL) {
2009 NETAGENTLOG0(LOG_ERR, "No payload received");
2010 response_error = EINVAL;
2011 goto done;
2012 }
2013
2014 NETAGENT_SESSION_LOCK(session);
2015 const size_t header_offset = (session->allow_multiple_registrations ? sizeof(uuid_t) : 0);
2016 const size_t expected_length = header_offset + sizeof(use_count);
2017 if (payload_length != expected_length) {
2018 NETAGENT_SESSION_UNLOCK(session);
2019 NETAGENTLOG(LOG_ERR, "Payload length is invalid (%lu)", payload_length);
2020 response_error = EINVAL;
2021 goto done;
2022 }
2023
2024 memcpy(&use_count, payload + header_offset, sizeof(use_count));
2025
2026 struct netagent_registration *registration = NULL;
2027 if (session->allow_multiple_registrations) {
2028 uuid_t agent_uuid = {};
2029 uuid_copy(agent_uuid, payload);
2030 registration = netagent_session_find_agent_with_uuid_and_lock(session, agent_uuid, false, false);
2031 } else {
2032 registration = netagent_session_access_agent_with_lock(session, true, false);
2033 }
2034
2035 if (registration == NULL) {
2036 NETAGENT_SESSION_UNLOCK(session);
2037 NETAGENTLOG0(LOG_ERR, "Session has no agent registered");
2038 response_error = ENOENT;
2039 goto done;
2040 }
2041
2042 registration->use_count = use_count;
2043 NETAGENT_UNLOCK(registration);
2044 NETAGENT_SESSION_UNLOCK(session);
2045
2046 done:
2047 return response_error;
2048 }
2049
2050 errno_t
netagent_handle_use_count_getopt(struct netagent_session * session,u_int8_t * __sized_by (* buffer_length)buffer,size_t * buffer_length)2051 netagent_handle_use_count_getopt(struct netagent_session *session, u_int8_t * __sized_by(*buffer_length)buffer, size_t *buffer_length)
2052 {
2053 errno_t response_error = 0;
2054 uint64_t use_count = 0;
2055
2056 if (session == NULL) {
2057 NETAGENTLOG0(LOG_ERR, "Failed to find session");
2058 response_error = ENOENT;
2059 goto done;
2060 }
2061
2062 if (buffer == NULL) {
2063 NETAGENTLOG0(LOG_ERR, "No payload received");
2064 response_error = EINVAL;
2065 goto done;
2066 }
2067
2068 NETAGENT_SESSION_LOCK(session);
2069 const size_t header_offset = (session->allow_multiple_registrations ? sizeof(uuid_t) : 0);
2070 const size_t expected_length = header_offset + sizeof(use_count);
2071 if (*buffer_length != expected_length) {
2072 NETAGENT_SESSION_UNLOCK(session);
2073 NETAGENTLOG(LOG_ERR, "Buffer length is invalid (%lu)", *buffer_length);
2074 response_error = EINVAL;
2075 goto done;
2076 }
2077
2078 struct netagent_registration *registration = NULL;
2079 if (session->allow_multiple_registrations) {
2080 uuid_t agent_uuid = {};
2081 uuid_copy(agent_uuid, buffer);
2082 registration = netagent_session_find_agent_with_uuid_and_lock(session, agent_uuid, false, false);
2083 } else {
2084 registration = netagent_session_access_agent_with_lock(session, false, false);
2085 }
2086
2087 if (registration == NULL) {
2088 NETAGENT_SESSION_UNLOCK(session);
2089 NETAGENTLOG0(LOG_ERR, "Session has no agent registered");
2090 response_error = ENOENT;
2091 goto done;
2092 }
2093
2094 use_count = registration->use_count;
2095 NETAGENT_UNLOCK(registration);
2096 NETAGENT_SESSION_UNLOCK(session);
2097
2098 memcpy(buffer + header_offset, &use_count, sizeof(use_count));
2099 *buffer_length = (header_offset + sizeof(use_count));
2100
2101 done:
2102 return response_error;
2103 }
2104
2105 static errno_t
netagent_handle_add_token_setopt(struct netagent_session * session,u_int8_t * __sized_by (token_length)token,size_t token_length)2106 netagent_handle_add_token_setopt(struct netagent_session *session, u_int8_t * __sized_by(token_length)token, size_t token_length)
2107 {
2108 errno_t response_error = 0;
2109
2110 if (session == NULL) {
2111 NETAGENTLOG0(LOG_ERR, "Failed to find session");
2112 response_error = ENOENT;
2113 goto done;
2114 }
2115
2116 if (token == NULL) {
2117 NETAGENTLOG0(LOG_ERR, "No token received");
2118 response_error = EINVAL;
2119 goto done;
2120 }
2121
2122 NETAGENT_SESSION_LOCK(session);
2123 const size_t header_offset = (session->allow_multiple_registrations ? sizeof(uuid_t) : 0);
2124 if (token_length > (header_offset + NETAGENT_MAX_DATA_SIZE) ||
2125 token_length < header_offset) {
2126 NETAGENT_SESSION_UNLOCK(session);
2127 NETAGENTLOG(LOG_ERR, "Token length is invalid (%lu)", token_length);
2128 response_error = EINVAL;
2129 goto done;
2130 }
2131
2132 struct netagent_registration *registration = NULL;
2133 if (session->allow_multiple_registrations) {
2134 uuid_t agent_uuid = {};
2135 uuid_copy(agent_uuid, token);
2136 registration = netagent_session_find_agent_with_uuid_and_lock(session, agent_uuid, true, false);
2137 } else {
2138 registration = netagent_session_access_agent_with_lock(session, true, false);
2139 }
2140
2141 if (registration == NULL) {
2142 NETAGENT_SESSION_UNLOCK(session);
2143 NETAGENTLOG0(LOG_ERR, "Session has no agent registered");
2144 response_error = ENOENT;
2145 goto done;
2146 }
2147
2148 if (registration->token_count >= NETAGENT_MAX_TOKEN_COUNT) {
2149 NETAGENT_UNLOCK(registration);
2150 NETAGENT_SESSION_UNLOCK(session);
2151 NETAGENTLOG0(LOG_ERR, "Session cannot add more tokens");
2152 response_error = EINVAL;
2153 goto done;
2154 }
2155
2156 struct netagent_token *token_struct = NULL;
2157
2158 token_struct = kalloc_type(struct netagent_token, Z_WAITOK | Z_ZERO | Z_NOFAIL);
2159 token_struct->token_bytes = kalloc_data((token_length - header_offset), Z_WAITOK | Z_NOFAIL);
2160 token_struct->token_length = (u_int32_t)(token_length - header_offset);
2161 memcpy(token_struct->token_bytes, token + header_offset, (token_length - header_offset));
2162
2163 TAILQ_INSERT_TAIL(®istration->token_list, token_struct, token_chain);
2164
2165 registration->token_count++;
2166
2167 // Reset deadline time, now that there are more than 0 tokens
2168 registration->need_tokens_event_deadline = 0;
2169
2170 NETAGENT_UNLOCK(registration);
2171 NETAGENT_SESSION_UNLOCK(session);
2172 done:
2173 return response_error;
2174 }
2175
2176 static errno_t
netagent_handle_flush_tokens_setopt(struct netagent_session * session,u_int8_t * __sized_by (buffer_length)buffer,size_t buffer_length)2177 netagent_handle_flush_tokens_setopt(struct netagent_session *session, u_int8_t * __sized_by(buffer_length)buffer, size_t buffer_length)
2178 {
2179 errno_t response_error = 0;
2180
2181 if (session == NULL) {
2182 NETAGENTLOG0(LOG_ERR, "Failed to find session");
2183 response_error = ENOENT;
2184 goto done;
2185 }
2186
2187 NETAGENT_SESSION_LOCK(session);
2188 struct netagent_registration *registration = NULL;
2189 if (session->allow_multiple_registrations) {
2190 if (buffer_length != sizeof(uuid_t)) {
2191 NETAGENT_SESSION_UNLOCK(session);
2192 NETAGENTLOG(LOG_ERR, "Buffer length is invalid (%lu)", buffer_length);
2193 response_error = EINVAL;
2194 goto done;
2195 }
2196
2197 uuid_t agent_uuid = {};
2198 uuid_copy(agent_uuid, buffer);
2199 registration = netagent_session_find_agent_with_uuid_and_lock(session, agent_uuid, true, false);
2200 } else {
2201 registration = netagent_session_access_agent_with_lock(session, true, false);
2202 }
2203
2204 if (registration == NULL) {
2205 NETAGENT_SESSION_UNLOCK(session);
2206 NETAGENTLOG0(LOG_ERR, "Session has no agent registered");
2207 response_error = ENOENT;
2208 goto done;
2209 }
2210
2211 struct netagent_token *search_token = NULL;
2212 struct netagent_token *temp_token = NULL;
2213 TAILQ_FOREACH_SAFE(search_token, ®istration->token_list, token_chain, temp_token) {
2214 TAILQ_REMOVE(®istration->token_list, search_token, token_chain);
2215 netagent_token_free(search_token);
2216 }
2217 registration->token_count = 0;
2218 NETAGENT_UNLOCK(registration);
2219 NETAGENT_SESSION_UNLOCK(session);
2220 done:
2221 return response_error;
2222 }
2223
2224 static errno_t
netagent_handle_token_count_getopt(struct netagent_session * session,u_int8_t * __sized_by (* buffer_length)buffer,size_t * buffer_length)2225 netagent_handle_token_count_getopt(struct netagent_session *session, u_int8_t * __sized_by(*buffer_length)buffer, size_t *buffer_length)
2226 {
2227 errno_t response_error = 0;
2228 uint32_t token_count = 0;
2229
2230 if (session == NULL) {
2231 NETAGENTLOG0(LOG_ERR, "Failed to find session");
2232 response_error = ENOENT;
2233 goto done;
2234 }
2235
2236 if (buffer == NULL) {
2237 NETAGENTLOG0(LOG_ERR, "No payload received");
2238 response_error = EINVAL;
2239 goto done;
2240 }
2241
2242 NETAGENT_SESSION_LOCK(session);
2243 const size_t header_offset = (session->allow_multiple_registrations ? sizeof(uuid_t) : 0);
2244 const size_t expected_length = header_offset + sizeof(token_count);
2245 if (*buffer_length != expected_length) {
2246 NETAGENT_SESSION_UNLOCK(session);
2247 NETAGENTLOG(LOG_ERR, "Buffer length is invalid (%lu)", *buffer_length);
2248 response_error = EINVAL;
2249 goto done;
2250 }
2251
2252 struct netagent_registration *registration = NULL;
2253 if (session->allow_multiple_registrations) {
2254 uuid_t agent_uuid = {};
2255 uuid_copy(agent_uuid, buffer);
2256 registration = netagent_session_find_agent_with_uuid_and_lock(session, agent_uuid, false, false);
2257 } else {
2258 registration = netagent_session_access_agent_with_lock(session, false, false);
2259 }
2260
2261 if (registration == NULL) {
2262 NETAGENT_SESSION_UNLOCK(session);
2263 NETAGENTLOG0(LOG_ERR, "Session has no agent registered");
2264 response_error = ENOENT;
2265 goto done;
2266 }
2267
2268 token_count = registration->token_count;
2269 NETAGENT_UNLOCK(registration);
2270 NETAGENT_SESSION_UNLOCK(session);
2271
2272 memcpy(buffer + header_offset, &token_count, sizeof(token_count));
2273 *buffer_length = (header_offset + sizeof(token_count));
2274
2275 done:
2276 return response_error;
2277 }
2278
2279 static errno_t
netagent_handle_token_low_water_setopt(struct netagent_session * session,u_int8_t * __sized_by (buffer_length)buffer,size_t buffer_length)2280 netagent_handle_token_low_water_setopt(struct netagent_session *session, u_int8_t * __sized_by(buffer_length)buffer, size_t buffer_length)
2281 {
2282 errno_t response_error = 0;
2283 uint32_t token_low_water = 0;
2284
2285 if (session == NULL) {
2286 NETAGENTLOG0(LOG_ERR, "Failed to find session");
2287 response_error = ENOENT;
2288 goto done;
2289 }
2290
2291 if (buffer == NULL) {
2292 NETAGENTLOG0(LOG_ERR, "No payload received");
2293 response_error = EINVAL;
2294 goto done;
2295 }
2296
2297 NETAGENT_SESSION_LOCK(session);
2298 const size_t header_offset = (session->allow_multiple_registrations ? sizeof(uuid_t) : 0);
2299 const size_t expected_length = header_offset + sizeof(token_low_water);
2300 if (buffer_length != expected_length) {
2301 NETAGENT_SESSION_UNLOCK(session);
2302 NETAGENTLOG(LOG_ERR, "Buffer length is invalid (%lu)", buffer_length);
2303 response_error = EINVAL;
2304 goto done;
2305 }
2306
2307 memcpy(&token_low_water, buffer + header_offset, sizeof(token_low_water));
2308
2309 struct netagent_registration *registration = NULL;
2310 if (session->allow_multiple_registrations) {
2311 uuid_t agent_uuid = {};
2312 uuid_copy(agent_uuid, buffer);
2313 registration = netagent_session_find_agent_with_uuid_and_lock(session, agent_uuid, true, false);
2314 } else {
2315 registration = netagent_session_access_agent_with_lock(session, true, false);
2316 }
2317
2318 if (registration == NULL) {
2319 NETAGENT_SESSION_UNLOCK(session);
2320 NETAGENTLOG0(LOG_ERR, "Session has no agent registered");
2321 response_error = ENOENT;
2322 goto done;
2323 }
2324
2325 registration->token_low_water = token_low_water;
2326 NETAGENT_UNLOCK(registration);
2327 NETAGENT_SESSION_UNLOCK(session);
2328
2329 done:
2330 return response_error;
2331 }
2332
2333 static errno_t
netagent_handle_token_low_water_getopt(struct netagent_session * session,u_int8_t * __sized_by (* buffer_length)buffer,size_t * buffer_length)2334 netagent_handle_token_low_water_getopt(struct netagent_session *session, u_int8_t * __sized_by(*buffer_length)buffer, size_t *buffer_length)
2335 {
2336 errno_t response_error = 0;
2337 uint32_t token_low_water = 0;
2338
2339 if (session == NULL) {
2340 NETAGENTLOG0(LOG_ERR, "Failed to find session");
2341 response_error = ENOENT;
2342 goto done;
2343 }
2344
2345 if (buffer == NULL) {
2346 NETAGENTLOG0(LOG_ERR, "No payload received");
2347 response_error = EINVAL;
2348 goto done;
2349 }
2350
2351 NETAGENT_SESSION_LOCK(session);
2352 const size_t header_offset = (session->allow_multiple_registrations ? sizeof(uuid_t) : 0);
2353 const size_t expected_length = header_offset + sizeof(token_low_water);
2354 if (*buffer_length != expected_length) {
2355 NETAGENT_SESSION_UNLOCK(session);
2356 NETAGENTLOG(LOG_ERR, "Buffer length is invalid (%lu)", *buffer_length);
2357 response_error = EINVAL;
2358 goto done;
2359 }
2360
2361 struct netagent_registration *registration = NULL;
2362 if (session->allow_multiple_registrations) {
2363 uuid_t agent_uuid = {};
2364 uuid_copy(agent_uuid, buffer);
2365 registration = netagent_session_find_agent_with_uuid_and_lock(session, agent_uuid, false, false);
2366 } else {
2367 registration = netagent_session_access_agent_with_lock(session, false, false);
2368 }
2369
2370 if (registration == NULL) {
2371 NETAGENT_SESSION_UNLOCK(session);
2372 NETAGENTLOG0(LOG_ERR, "Session has no agent registered");
2373 response_error = ENOENT;
2374 goto done;
2375 }
2376
2377 token_low_water = registration->token_low_water;
2378 NETAGENT_UNLOCK(registration);
2379 NETAGENT_SESSION_UNLOCK(session);
2380
2381 memcpy(buffer + header_offset, &token_low_water, sizeof(token_low_water));
2382 *buffer_length = (header_offset + sizeof(token_low_water));
2383
2384 done:
2385 return response_error;
2386 }
2387
2388 static errno_t
netagent_handle_reset_client_error_setopt(struct netagent_session * session,u_int8_t * __sized_by (payload_length)payload,size_t payload_length)2389 netagent_handle_reset_client_error_setopt(struct netagent_session *session, u_int8_t * __sized_by(payload_length)payload, size_t payload_length)
2390 {
2391 errno_t response_error = 0;
2392
2393 if (session == NULL) {
2394 NETAGENTLOG0(LOG_ERR, "Failed to find session");
2395 response_error = ENOENT;
2396 goto done;
2397 }
2398
2399 NETAGENT_SESSION_LOCK(session);
2400 struct netagent_registration *registration = NULL;
2401 if (session->allow_multiple_registrations) {
2402 if (payload_length != sizeof(uuid_t)) {
2403 NETAGENT_SESSION_UNLOCK(session);
2404 NETAGENTLOG(LOG_ERR, "Payload length is invalid (%lu)", payload_length);
2405 response_error = EINVAL;
2406 goto done;
2407 }
2408
2409 uuid_t agent_uuid = {};
2410 uuid_copy(agent_uuid, payload);
2411 registration = netagent_session_find_agent_with_uuid_and_lock(session, agent_uuid, true, false);
2412 } else {
2413 registration = netagent_session_access_agent_with_lock(session, true, false);
2414 }
2415
2416 if (registration == NULL) {
2417 NETAGENT_SESSION_UNLOCK(session);
2418 NETAGENTLOG0(LOG_ERR, "Session has no agent registered");
2419 response_error = ENOENT;
2420 goto done;
2421 }
2422
2423 struct netagent_token *search_token = NULL;
2424 struct netagent_token *temp_token = NULL;
2425 TAILQ_FOREACH_SAFE(search_token, ®istration->token_list, token_chain, temp_token) {
2426 TAILQ_REMOVE(®istration->token_list, search_token, token_chain);
2427 netagent_token_free(search_token);
2428 }
2429 registration->last_client_error = 0;
2430 registration->client_error_count = 0;
2431
2432 NETAGENT_UNLOCK(registration);
2433 NETAGENT_SESSION_UNLOCK(session);
2434 done:
2435 return response_error;
2436 }
2437
2438 static errno_t
netagent_handle_enable_session_mode_setopt(struct netagent_session * session,__unused u_int8_t * payload,__unused size_t payload_length)2439 netagent_handle_enable_session_mode_setopt(struct netagent_session *session, __unused u_int8_t *payload, __unused size_t payload_length)
2440 {
2441 errno_t response_error = 0;
2442
2443 if (session == NULL) {
2444 NETAGENTLOG0(LOG_ERR, "Failed to find session");
2445 response_error = ENOENT;
2446 goto done;
2447 }
2448
2449 NETAGENT_SESSION_LOCK(session);
2450 if (!TAILQ_EMPTY(&session->registrations)) {
2451 NETAGENT_SESSION_UNLOCK(session);
2452 NETAGENTLOG0(LOG_ERR, "Session already has agent registered");
2453 response_error = EEXIST;
2454 goto done;
2455 }
2456
2457 session->allow_multiple_registrations = true;
2458 NETAGENT_SESSION_UNLOCK(session);
2459 done:
2460 return response_error;
2461 }
2462
2463 static struct netagent_registration *
netagent_find_agent_with_uuid_and_lock(uuid_t uuid,bool exclusively,bool ignore_lock)2464 netagent_find_agent_with_uuid_and_lock(uuid_t uuid, bool exclusively, bool ignore_lock)
2465 {
2466 NETAGENT_LIST_ASSERT_LOCKED();
2467
2468 struct netagent_registration *registration = NULL;
2469 LIST_FOREACH(registration, &shared_netagent_list, global_chain) {
2470 if (uuid_compare(registration->netagent->netagent_uuid, uuid) == 0) {
2471 if (!ignore_lock) {
2472 if (exclusively) {
2473 NETAGENT_LOCK_EXCLUSIVE(registration);
2474 } else {
2475 NETAGENT_LOCK_SHARED(registration);
2476 }
2477 }
2478 return registration;
2479 }
2480 }
2481
2482 return NULL;
2483 }
2484
2485 static struct netagent_registration *
netagent_session_find_agent_with_uuid_and_lock(struct netagent_session * session,uuid_t uuid,bool exclusively,bool ignore_lock)2486 netagent_session_find_agent_with_uuid_and_lock(struct netagent_session *session, uuid_t uuid, bool exclusively, bool ignore_lock)
2487 {
2488 NETAGENT_SESSION_ASSERT_LOCKED(session);
2489
2490 struct netagent_registration *registration = NULL;
2491 TAILQ_FOREACH(registration, &session->registrations, session_chain) {
2492 if (uuid_compare(registration->netagent->netagent_uuid, uuid) == 0) {
2493 if (!ignore_lock) {
2494 if (exclusively) {
2495 NETAGENT_LOCK_EXCLUSIVE(registration);
2496 } else {
2497 NETAGENT_LOCK_SHARED(registration);
2498 }
2499 }
2500 return registration;
2501 }
2502 }
2503
2504 return NULL;
2505 }
2506
2507 static struct netagent_registration *
netagent_session_access_agent_with_lock(struct netagent_session * session,bool exclusively,bool ignore_lock)2508 netagent_session_access_agent_with_lock(struct netagent_session *session, bool exclusively, bool ignore_lock)
2509 {
2510 NETAGENT_SESSION_ASSERT_LOCKED(session);
2511
2512 struct netagent_registration *registration = TAILQ_FIRST(&session->registrations);
2513 if (registration != NULL) {
2514 if (!ignore_lock) {
2515 if (exclusively) {
2516 NETAGENT_LOCK_EXCLUSIVE(registration);
2517 } else {
2518 NETAGENT_LOCK_SHARED(registration);
2519 }
2520 }
2521 }
2522
2523 return registration;
2524 }
2525
2526 void
netagent_post_updated_interfaces(uuid_t uuid)2527 netagent_post_updated_interfaces(uuid_t uuid)
2528 {
2529 if (!uuid_is_null(uuid)) {
2530 netagent_post_event(uuid, KEV_NETAGENT_UPDATED_INTERFACES, true, false);
2531 } else {
2532 NETAGENTLOG0(LOG_DEBUG, "Interface event with no associated agent");
2533 }
2534 }
2535
2536 static u_int32_t
netagent_dump_get_data_size_locked()2537 netagent_dump_get_data_size_locked()
2538 {
2539 NETAGENT_LIST_ASSERT_LOCKED();
2540
2541 struct netagent_registration *search_netagent = NULL;
2542 u_int32_t total_netagent_data_size = 0;
2543 // Traverse the shared list to know how much data the client needs to allocate to get the list of agent UUIDs
2544 LIST_FOREACH(search_netagent, &shared_netagent_list, global_chain) {
2545 total_netagent_data_size += sizeof(search_netagent->netagent->netagent_uuid);
2546 }
2547 return total_netagent_data_size;
2548 }
2549
2550 static void
netagent_dump_copy_data_locked(u_int8_t * __sized_by (buffer_length)buffer,u_int32_t buffer_length)2551 netagent_dump_copy_data_locked(u_int8_t * __sized_by(buffer_length)buffer, u_int32_t buffer_length)
2552 {
2553 NETAGENT_LIST_ASSERT_LOCKED();
2554
2555 size_t response_size = 0;
2556 u_int8_t * __indexable cursor = NULL;
2557 struct netagent_registration * __single search_netagent = NULL;
2558
2559 response_size = buffer_length; // We already know that buffer_length is the same as total_netagent_data_size.
2560 cursor = buffer;
2561 LIST_FOREACH(search_netagent, &shared_netagent_list, global_chain) {
2562 memcpy(cursor, search_netagent->netagent->netagent_uuid, sizeof(search_netagent->netagent->netagent_uuid));
2563 cursor += sizeof(search_netagent->netagent->netagent_uuid);
2564 }
2565 }
2566
2567 int
netagent_ioctl(u_long cmd,caddr_t __sized_by (IOCPARM_LEN (cmd))data)2568 netagent_ioctl(u_long cmd, caddr_t __sized_by(IOCPARM_LEN(cmd)) data)
2569 {
2570 int error = 0;
2571
2572 switch (cmd) {
2573 case SIOCGIFAGENTLIST32:
2574 case SIOCGIFAGENTLIST64: {
2575 /* Check entitlement if the client requests agent dump */
2576 errno_t cred_result = priv_check_cred(kauth_cred_get(), PRIV_NET_PRIVILEGED_NECP_POLICIES, 0);
2577 if (cred_result != 0) {
2578 NETAGENTLOG0(LOG_ERR, "Client does not hold the necessary entitlement to get netagent information");
2579 return EINVAL;
2580 }
2581 break;
2582 }
2583 default:
2584 break;
2585 }
2586
2587 NETAGENT_LIST_LOCK_SHARED();
2588 switch (cmd) {
2589 case SIOCGIFAGENTDATA32: {
2590 struct netagent_req32 *ifsir32 = (struct netagent_req32 *)(void *)data;
2591 struct netagent_registration *registration = netagent_find_agent_with_uuid_and_lock(ifsir32->netagent_uuid, false, false);
2592 if (registration == NULL) {
2593 error = ENOENT;
2594 break;
2595 }
2596 uuid_copy(ifsir32->netagent_uuid, registration->netagent->netagent_uuid);
2597 memcpy(ifsir32->netagent_domain, registration->netagent->netagent_domain, sizeof(ifsir32->netagent_domain));
2598 memcpy(ifsir32->netagent_type, registration->netagent->netagent_type, sizeof(ifsir32->netagent_type));
2599 memcpy(ifsir32->netagent_desc, registration->netagent->netagent_desc, sizeof(ifsir32->netagent_desc));
2600 ifsir32->netagent_flags = registration->netagent->netagent_flags;
2601 if (ifsir32->netagent_data_size == 0) {
2602 // First pass, client wants data size
2603 ifsir32->netagent_data_size = registration->netagent->netagent_data_size;
2604 } else if (ifsir32->netagent_data != USER_ADDR_NULL &&
2605 ifsir32->netagent_data_size == registration->netagent->netagent_data_size) {
2606 // Second pass, client wants data buffer filled out
2607 error = copyout(netagent_get_data(registration->netagent), ifsir32->netagent_data, registration->netagent->netagent_data_size);
2608 } else {
2609 error = EINVAL;
2610 }
2611 NETAGENT_UNLOCK(registration);
2612 break;
2613 }
2614 case SIOCGIFAGENTDATA64: {
2615 struct netagent_req64 *ifsir64 = (struct netagent_req64 *)(void *)data;
2616 struct netagent_registration *registration = netagent_find_agent_with_uuid_and_lock(ifsir64->netagent_uuid, false, false);
2617 if (registration == NULL) {
2618 error = ENOENT;
2619 break;
2620 }
2621 uuid_copy(ifsir64->netagent_uuid, registration->netagent->netagent_uuid);
2622 memcpy(ifsir64->netagent_domain, registration->netagent->netagent_domain, sizeof(ifsir64->netagent_domain));
2623 memcpy(ifsir64->netagent_type, registration->netagent->netagent_type, sizeof(ifsir64->netagent_type));
2624 memcpy(ifsir64->netagent_desc, registration->netagent->netagent_desc, sizeof(ifsir64->netagent_desc));
2625 ifsir64->netagent_flags = registration->netagent->netagent_flags;
2626 if (ifsir64->netagent_data_size == 0) {
2627 // First pass, client wants data size
2628 ifsir64->netagent_data_size = registration->netagent->netagent_data_size;
2629 } else if (ifsir64->netagent_data != USER_ADDR_NULL &&
2630 ifsir64->netagent_data_size == registration->netagent->netagent_data_size) {
2631 // Second pass, client wants data buffer filled out
2632 error = copyout(netagent_get_data(registration->netagent), ifsir64->netagent_data, registration->netagent->netagent_data_size);
2633 } else {
2634 error = EINVAL;
2635 }
2636 NETAGENT_UNLOCK(registration);
2637 break;
2638 }
2639 case SIOCGIFAGENTLIST32: {
2640 struct netagentlist_req32 *ifsir32 = (struct netagentlist_req32 *)(void *)data;
2641 if (ifsir32->data_size == 0) {
2642 // First pass, client wants data size
2643 ifsir32->data_size = netagent_dump_get_data_size_locked();
2644 } else if (ifsir32->data != USER_ADDR_NULL &&
2645 ifsir32->data_size > 0 &&
2646 ifsir32->data_size == netagent_dump_get_data_size_locked()) {
2647 // Second pass, client wants data buffer filled out
2648 u_int8_t *response = NULL;
2649 response = (u_int8_t *)kalloc_data(ifsir32->data_size, Z_NOWAIT | Z_ZERO);
2650 if (response == NULL) {
2651 error = ENOMEM;
2652 break;
2653 }
2654
2655 netagent_dump_copy_data_locked(response, ifsir32->data_size);
2656 error = copyout(response, ifsir32->data, ifsir32->data_size);
2657 kfree_data(response, ifsir32->data_size);
2658 } else {
2659 error = EINVAL;
2660 }
2661 break;
2662 }
2663 case SIOCGIFAGENTLIST64: {
2664 struct netagentlist_req64 *ifsir64 = (struct netagentlist_req64 *)(void *)data;
2665 if (ifsir64->data_size == 0) {
2666 // First pass, client wants data size
2667 ifsir64->data_size = netagent_dump_get_data_size_locked();
2668 } else if (ifsir64->data != USER_ADDR_NULL &&
2669 ifsir64->data_size > 0 &&
2670 ifsir64->data_size == netagent_dump_get_data_size_locked()) {
2671 // Second pass, client wants data buffer filled out
2672 u_int8_t *response = NULL;
2673 response = (u_int8_t *)kalloc_data(ifsir64->data_size, Z_NOWAIT | Z_ZERO);
2674 if (response == NULL) {
2675 error = ENOMEM;
2676 break;
2677 }
2678
2679 netagent_dump_copy_data_locked(response, ifsir64->data_size);
2680 error = copyout(response, ifsir64->data, ifsir64->data_size);
2681 kfree_data(response, ifsir64->data_size);
2682 } else {
2683 error = EINVAL;
2684 }
2685 break;
2686 }
2687 default: {
2688 error = EINVAL;
2689 break;
2690 }
2691 }
2692 NETAGENT_LIST_UNLOCK();
2693 return error;
2694 }
2695
2696 u_int32_t
netagent_get_flags(uuid_t uuid)2697 netagent_get_flags(uuid_t uuid)
2698 {
2699 u_int32_t flags = 0;
2700 NETAGENT_LIST_LOCK_SHARED();
2701 struct netagent_registration *registration = netagent_find_agent_with_uuid_and_lock(uuid, false, false);
2702 if (registration != NULL) {
2703 flags = registration->netagent->netagent_flags;
2704 NETAGENT_UNLOCK(registration);
2705 } else {
2706 NETAGENTLOG0(LOG_DEBUG, "Flags requested for invalid netagent");
2707 }
2708 NETAGENT_LIST_UNLOCK();
2709
2710 return flags;
2711 }
2712
2713 errno_t
netagent_set_flags(uuid_t uuid,u_int32_t flags)2714 netagent_set_flags(uuid_t uuid, u_int32_t flags)
2715 {
2716 errno_t error = 0;
2717 bool updated = false;
2718
2719 NETAGENT_LIST_LOCK_SHARED();
2720 struct netagent_registration *registration = netagent_find_agent_with_uuid_and_lock(uuid, true, false);
2721 if (registration != NULL) {
2722 // Don't allow the clients to clear
2723 // NETAGENT_FLAG_REGISTERED.
2724 uint32_t registered =
2725 registration->netagent->netagent_flags & NETAGENT_FLAG_REGISTERED;
2726 flags |= registered;
2727 if (registration->netagent->netagent_flags != flags) {
2728 registration->netagent->netagent_flags = flags;
2729 registration->generation = g_next_generation++;
2730 updated = true;
2731 }
2732 NETAGENT_UNLOCK(registration);
2733 } else {
2734 NETAGENTLOG0(LOG_DEBUG,
2735 "Attempt to set flags for invalid netagent");
2736 error = ENOENT;
2737 }
2738 NETAGENT_LIST_UNLOCK();
2739 if (updated) {
2740 netagent_post_event(uuid, KEV_NETAGENT_UPDATED, true, false);
2741 }
2742
2743 return error;
2744 }
2745
2746 u_int32_t
netagent_get_generation(uuid_t uuid)2747 netagent_get_generation(uuid_t uuid)
2748 {
2749 u_int32_t generation = 0;
2750 NETAGENT_LIST_LOCK_SHARED();
2751 struct netagent_registration *registration = netagent_find_agent_with_uuid_and_lock(uuid, false, false);
2752 if (registration != NULL) {
2753 generation = registration->generation;
2754 NETAGENT_UNLOCK(registration);
2755 } else {
2756 NETAGENTLOG0(LOG_DEBUG, "Generation requested for invalid netagent");
2757 }
2758 NETAGENT_LIST_UNLOCK();
2759
2760 return generation;
2761 }
2762
2763 bool
netagent_get_agent_domain_and_type(uuid_t uuid,char * __sized_by (NETAGENT_DOMAINSIZE)domain,char * __sized_by (NETAGENT_TYPESIZE)type)2764 netagent_get_agent_domain_and_type(uuid_t uuid, char * __sized_by(NETAGENT_DOMAINSIZE)domain, char * __sized_by(NETAGENT_TYPESIZE)type)
2765 {
2766 bool found = FALSE;
2767 if (domain == NULL || type == NULL) {
2768 NETAGENTLOG(LOG_ERR, "Invalid arguments for netagent_get_agent_domain_and_type %p %p", domain, type);
2769 return FALSE;
2770 }
2771
2772 NETAGENT_LIST_LOCK_SHARED();
2773 struct netagent_registration *registration = netagent_find_agent_with_uuid_and_lock(uuid, false, false);
2774 if (registration != NULL) {
2775 found = TRUE;
2776 memcpy(domain, registration->netagent->netagent_domain, NETAGENT_DOMAINSIZE);
2777 memcpy(type, registration->netagent->netagent_type, NETAGENT_TYPESIZE);
2778 NETAGENT_UNLOCK(registration);
2779 } else {
2780 NETAGENTLOG0(LOG_ERR, "Type requested for invalid netagent");
2781 }
2782 NETAGENT_LIST_UNLOCK();
2783
2784 return found;
2785 }
2786
2787 int
netagent_kernel_trigger(uuid_t uuid)2788 netagent_kernel_trigger(uuid_t uuid)
2789 {
2790 int error = 0;
2791
2792 NETAGENT_LIST_LOCK_SHARED();
2793 struct netagent_registration *registration = netagent_find_agent_with_uuid_and_lock(uuid, false, false);
2794 if (registration == NULL) {
2795 NETAGENTLOG0(LOG_ERR, "Requested netagent for kernel trigger could not be found");
2796 error = ENOENT;
2797 goto done;
2798 }
2799
2800 if ((registration->netagent->netagent_flags & NETAGENT_FLAG_KERNEL_ACTIVATED) == 0) {
2801 NETAGENTLOG0(LOG_ERR, "Requested netagent for kernel trigger is not kernel activated");
2802 // Agent does not accept kernel triggers
2803 error = EINVAL;
2804 goto done;
2805 }
2806
2807 if ((registration->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE)) {
2808 // Agent already active
2809 NETAGENTLOG0(LOG_INFO, "Requested netagent for kernel trigger is already active");
2810 error = 0;
2811 goto done;
2812 }
2813
2814 error = netagent_send_trigger(registration, current_proc(), NETAGENT_TRIGGER_FLAG_KERNEL, NETAGENT_MESSAGE_TYPE_TRIGGER);
2815 NETAGENTLOG((error ? LOG_ERR : LOG_INFO), "Triggered netagent from kernel (error %d)", error);
2816 done:
2817 if (registration != NULL) {
2818 NETAGENT_UNLOCK(registration);
2819 }
2820 NETAGENT_LIST_UNLOCK();
2821 return error;
2822 }
2823
2824 int
netagent_client_message_with_params(uuid_t agent_uuid,uuid_t necp_client_uuid,pid_t pid,void * handle,u_int8_t message_type,struct necp_client_agent_parameters * parameters,void * __sized_by (* assigned_results_length)* assigned_results,size_t * assigned_results_length)2825 netagent_client_message_with_params(uuid_t agent_uuid,
2826 uuid_t necp_client_uuid,
2827 pid_t pid,
2828 void *handle,
2829 u_int8_t message_type,
2830 struct necp_client_agent_parameters *parameters,
2831 void * __sized_by(*assigned_results_length) *assigned_results,
2832 size_t *assigned_results_length)
2833 {
2834 int error = 0;
2835
2836 if (message_type != NETAGENT_MESSAGE_TYPE_CLIENT_TRIGGER &&
2837 message_type != NETAGENT_MESSAGE_TYPE_CLIENT_ASSERT &&
2838 message_type != NETAGENT_MESSAGE_TYPE_CLIENT_UNASSERT &&
2839 message_type != NETAGENT_MESSAGE_TYPE_CLIENT_ERROR &&
2840 message_type != NETAGENT_MESSAGE_TYPE_REQUEST_NEXUS &&
2841 message_type != NETAGENT_MESSAGE_TYPE_CLOSE_NEXUS &&
2842 message_type != NETAGENT_MESSAGE_TYPE_ABORT_NEXUS &&
2843 message_type != NETAGENT_MESSAGE_TYPE_ADD_GROUP_MEMBERS &&
2844 message_type != NETAGENT_MESSAGE_TYPE_REMOVE_GROUP_MEMBERS) {
2845 NETAGENTLOG(LOG_ERR, "Client netagent message type (%d) is invalid", message_type);
2846 return EINVAL;
2847 }
2848
2849 NETAGENT_LIST_LOCK_SHARED();
2850 bool should_unlock_list = true;
2851 bool should_unlock_registration = true;
2852 struct netagent_registration *registration = netagent_find_agent_with_uuid_and_lock(agent_uuid, false, false);
2853 if (registration == NULL) {
2854 NETAGENTLOG0(LOG_DEBUG, "Requested netagent for nexus instance could not be found");
2855 error = ENOENT;
2856 goto done;
2857 }
2858
2859 if (message_type == NETAGENT_MESSAGE_TYPE_CLIENT_TRIGGER) {
2860 if ((registration->netagent->netagent_flags & NETAGENT_FLAG_USER_ACTIVATED) == 0) {
2861 // Agent does not accept user triggers
2862 // Don't log, since this is a common case used to trigger events that cellular data is blocked, etc.
2863 error = ENOTSUP;
2864
2865
2866 pid_t report_pid = 0;
2867 uuid_t report_proc_uuid = {};
2868 if (parameters != NULL) {
2869 report_pid = parameters->u.nexus_request.epid;
2870 uuid_copy(report_proc_uuid, parameters->u.nexus_request.euuid);
2871 } else {
2872 struct proc *p = current_proc();
2873 if (p != NULL) {
2874 report_pid = proc_pid(p);
2875 proc_getexecutableuuid(p, report_proc_uuid, sizeof(report_proc_uuid));
2876 }
2877 }
2878 netagent_send_cellular_failed_event(registration, report_pid, report_proc_uuid);
2879 goto done;
2880 }
2881 } else if (message_type == NETAGENT_MESSAGE_TYPE_REQUEST_NEXUS ||
2882 message_type == NETAGENT_MESSAGE_TYPE_CLOSE_NEXUS ||
2883 message_type == NETAGENT_MESSAGE_TYPE_ABORT_NEXUS) {
2884 bool is_nexus_agent = ((registration->netagent->netagent_flags &
2885 (NETAGENT_FLAG_NEXUS_PROVIDER |
2886 NETAGENT_FLAG_NEXUS_LISTENER |
2887 NETAGENT_FLAG_CUSTOM_IP_NEXUS |
2888 NETAGENT_FLAG_CUSTOM_ETHER_NEXUS |
2889 NETAGENT_FLAG_INTERPOSE_NEXUS)) != 0);
2890 if (!is_nexus_agent) {
2891 NETAGENTLOG0(LOG_ERR, "Requested netagent for nexus instance is not a nexus provider");
2892 // Agent is not a nexus provider
2893 error = EINVAL;
2894 goto done;
2895 }
2896
2897 if ((registration->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE) == 0) {
2898 // Agent not active
2899 NETAGENTLOG0(LOG_INFO, "Requested netagent for nexus instance is not active");
2900 error = EINVAL;
2901 goto done;
2902 }
2903 } else if (message_type == NETAGENT_MESSAGE_TYPE_ADD_GROUP_MEMBERS ||
2904 message_type == NETAGENT_MESSAGE_TYPE_REMOVE_GROUP_MEMBERS) {
2905 bool is_group_agent = ((registration->netagent->netagent_flags & (NETAGENT_FLAG_SUPPORTS_GROUPS)) != 0);
2906 if (!is_group_agent) {
2907 NETAGENTLOG0(LOG_ERR, "Requested netagent for group operation is not a group provider");
2908 error = EINVAL;
2909 goto done;
2910 }
2911
2912 if ((registration->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE) == 0) {
2913 // Agent not active
2914 NETAGENTLOG0(LOG_INFO, "Requested netagent for group operation is not active");
2915 error = EINVAL;
2916 goto done;
2917 }
2918 }
2919
2920 if (registration->control_unit == 0) {
2921 if (registration->event_handler == NULL) {
2922 // No event handler registered for kernel agent
2923 error = EINVAL;
2924 } else {
2925 // We hold the registration lock during the event handler callout, so it is expected
2926 // that the event handler will not lead to any registrations or unregistrations
2927 // of network agents.
2928 // We release the list lock before calling the event handler to allow other threads
2929 // to access the list while the event is processing.
2930 NETAGENT_LIST_UNLOCK();
2931 should_unlock_list = false;
2932 error = registration->event_handler(message_type, necp_client_uuid, pid, handle,
2933 registration->event_context, parameters,
2934 assigned_results, assigned_results_length);
2935 if (error != 0) {
2936 VERIFY(assigned_results == NULL || *assigned_results == NULL);
2937 VERIFY(assigned_results_length == NULL || *assigned_results_length == 0);
2938 }
2939 }
2940 } else {
2941 // ABORT_NEXUS is kernel-private, so translate it for userspace nexus
2942 if (message_type == NETAGENT_MESSAGE_TYPE_ABORT_NEXUS) {
2943 message_type = NETAGENT_MESSAGE_TYPE_CLOSE_NEXUS;
2944 }
2945
2946 if (message_type == NETAGENT_MESSAGE_TYPE_CLIENT_ERROR) {
2947 const int32_t client_error = parameters->u.error.error;
2948 const bool force_report = parameters->u.error.force_report;
2949 if (registration->last_client_error != client_error || // Always notify for an error change
2950 force_report || // Always notify if force reporting was requested
2951 (client_error == 0 && registration->client_error_count == 0) || // Only notify once for no-error
2952 (client_error != 0 && registration->client_error_count < NETAGENT_MAX_CLIENT_ERROR_COUNT)) {
2953 if (NETAGENT_LOCK_SHARED_TO_EXCLUSIVE(registration)) {
2954 if (registration->last_client_error != client_error) {
2955 registration->last_client_error = client_error;
2956 registration->client_error_count = 1;
2957 } else {
2958 registration->client_error_count++;
2959 }
2960 error = netagent_send_error_message(registration, necp_client_uuid, message_type, client_error);
2961 } else {
2962 // If NETAGENT_LOCK_SHARED_TO_EXCLUSIVE fails, it unlocks automatically
2963 should_unlock_registration = false;
2964 }
2965 }
2966 } else if (message_type == NETAGENT_MESSAGE_TYPE_ADD_GROUP_MEMBERS ||
2967 message_type == NETAGENT_MESSAGE_TYPE_REMOVE_GROUP_MEMBERS) {
2968 error = netagent_send_group_message(registration, necp_client_uuid, message_type, ¶meters->u.group_members);
2969 } else {
2970 error = netagent_send_client_message(registration, necp_client_uuid, message_type);
2971 }
2972 if (error == 0 && message_type == NETAGENT_MESSAGE_TYPE_CLIENT_TRIGGER) {
2973 if (NETAGENT_LOCK_SHARED_TO_EXCLUSIVE(registration)) {
2974 // Grab the lock exclusively to add a pending client to the list
2975 struct netagent_client *new_pending_client = NULL;
2976 new_pending_client = kalloc_type(struct netagent_client, Z_WAITOK);
2977 if (new_pending_client == NULL) {
2978 NETAGENTLOG0(LOG_ERR, "Failed to allocate client for trigger");
2979 } else {
2980 uuid_copy(new_pending_client->client_id, necp_client_uuid);
2981 if (parameters != NULL) {
2982 new_pending_client->client_pid = parameters->u.nexus_request.epid;
2983 uuid_copy(new_pending_client->client_proc_uuid, parameters->u.nexus_request.euuid);
2984 } else {
2985 struct proc *p = current_proc();
2986 if (p != NULL) {
2987 new_pending_client->client_pid = proc_pid(p);
2988 proc_getexecutableuuid(p, new_pending_client->client_proc_uuid, sizeof(new_pending_client->client_proc_uuid));
2989 }
2990 }
2991 LIST_INSERT_HEAD(®istration->pending_triggers_list, new_pending_client, client_chain);
2992 }
2993 } else {
2994 // If NETAGENT_LOCK_SHARED_TO_EXCLUSIVE fails, it unlocks automatically
2995 should_unlock_registration = false;
2996 }
2997 }
2998 }
2999 NETAGENTLOG(((error && error != ENOENT) ? LOG_ERR : LOG_INFO), "Send message %d for client (error %d)", message_type, error);
3000 if (message_type == NETAGENT_MESSAGE_TYPE_CLIENT_TRIGGER) {
3001 uuid_string_t uuid_str;
3002 uuid_unparse(agent_uuid, uuid_str);
3003 NETAGENTLOG(LOG_NOTICE, "Triggered network agent %s, error = %d", uuid_str, error);
3004 }
3005 done:
3006 if (should_unlock_registration && registration != NULL) {
3007 NETAGENT_UNLOCK(registration);
3008 }
3009 if (should_unlock_list) {
3010 NETAGENT_LIST_UNLOCK();
3011 }
3012 return error;
3013 }
3014
3015 int
netagent_client_message(uuid_t agent_uuid,uuid_t necp_client_uuid,pid_t pid,void * handle,u_int8_t message_type)3016 netagent_client_message(uuid_t agent_uuid, uuid_t necp_client_uuid, pid_t pid, void *handle, u_int8_t message_type)
3017 {
3018 size_t dummy_length = 0;
3019 void *dummy_results __sized_by(dummy_length) = NULL;
3020
3021 return netagent_client_message_with_params(agent_uuid, necp_client_uuid, pid, handle, message_type, NULL, &dummy_results, &dummy_length);
3022 }
3023
3024 int
netagent_use(uuid_t agent_uuid,uint64_t * out_use_count)3025 netagent_use(uuid_t agent_uuid, uint64_t *out_use_count)
3026 {
3027 int error = 0;
3028
3029 NETAGENT_LIST_LOCK_SHARED();
3030 struct netagent_registration *registration = netagent_find_agent_with_uuid_and_lock(agent_uuid, true, false);
3031 if (registration == NULL) {
3032 NETAGENTLOG0(LOG_ERR, "netagent_assert: Requested netagent UUID is not registered");
3033 error = ENOENT;
3034 goto done;
3035 }
3036
3037 uint64_t current_count = registration->use_count;
3038 registration->use_count++;
3039
3040 if (out_use_count != NULL) {
3041 *out_use_count = current_count;
3042 }
3043
3044 done:
3045 if (registration != NULL) {
3046 NETAGENT_UNLOCK(registration);
3047 }
3048 NETAGENT_LIST_UNLOCK();
3049 return error;
3050 }
3051
3052 int
netagent_copyout(uuid_t agent_uuid,user_addr_t user_addr,u_int32_t user_size)3053 netagent_copyout(uuid_t agent_uuid, user_addr_t user_addr, u_int32_t user_size)
3054 {
3055 int error = 0;
3056
3057 NETAGENT_LIST_LOCK_SHARED();
3058 struct netagent_registration *registration = netagent_find_agent_with_uuid_and_lock(agent_uuid, false, false);
3059 if (registration == NULL) {
3060 NETAGENTLOG0(LOG_DEBUG, "Requested netagent for nexus instance could not be found");
3061 error = ENOENT;
3062 goto done;
3063 }
3064
3065 u_int32_t total_size = (sizeof(struct netagent) + registration->netagent->netagent_data_size);
3066 if (user_size < total_size) {
3067 NETAGENTLOG(LOG_ERR, "Provided user buffer is too small (%u < %u)", user_size, total_size);
3068 error = EINVAL;
3069 goto done;
3070 }
3071
3072 u_int8_t *ptr = __unsafe_forge_bidi_indexable(u_int8_t *, registration->netagent, total_size);
3073 error = copyout(ptr, user_addr, total_size);
3074
3075 NETAGENTLOG((error ? LOG_ERR : LOG_DEBUG), "Copied agent content (error %d)", error);
3076 done:
3077 if (registration != NULL) {
3078 NETAGENT_UNLOCK(registration);
3079 }
3080 NETAGENT_LIST_UNLOCK();
3081 return error;
3082 }
3083
3084 #define NETAGENT_TOKEN_EVENT_INTERVAL_NSEC (NSEC_PER_SEC * 10) // Only fire repeated events up to once every 10 seconds
3085
3086 int
netagent_acquire_token(uuid_t agent_uuid,user_addr_t user_addr,u_int32_t user_size,int * retval)3087 netagent_acquire_token(uuid_t agent_uuid, user_addr_t user_addr, u_int32_t user_size, int *retval)
3088 {
3089 int error = 0;
3090
3091 NETAGENT_LIST_LOCK_SHARED();
3092 struct netagent_registration *registration = netagent_find_agent_with_uuid_and_lock(agent_uuid, true, false);
3093 if (registration == NULL) {
3094 NETAGENTLOG0(LOG_DEBUG, "Network agent for request UUID could not be found");
3095 error = ENOENT;
3096 goto done;
3097 }
3098
3099 struct netagent_token *token = TAILQ_FIRST(®istration->token_list);
3100 if (token == NULL) {
3101 NETAGENTLOG0(LOG_DEBUG, "Network agent does not have any tokens");
3102 if (registration->token_low_water != 0) {
3103 // Only fire an event if one hasn't occurred in the last 10 seconds
3104 if (mach_absolute_time() >= registration->need_tokens_event_deadline) {
3105 int event_error = netagent_send_tokens_needed(registration);
3106 if (event_error == 0) {
3107 // Reset the deadline
3108 uint64_t deadline = 0;
3109 nanoseconds_to_absolutetime(NETAGENT_TOKEN_EVENT_INTERVAL_NSEC, &deadline);
3110 clock_absolutetime_interval_to_deadline(deadline, &deadline);
3111 registration->need_tokens_event_deadline = deadline;
3112 }
3113 }
3114 }
3115 error = ENODATA;
3116 goto done;
3117 }
3118
3119 if (user_size < token->token_length) {
3120 NETAGENTLOG(LOG_ERR, "Provided user buffer is too small (%u < %u)", user_size, token->token_length);
3121 error = EMSGSIZE;
3122 goto done;
3123 }
3124
3125 error = copyout(token->token_bytes, user_addr, token->token_length);
3126 if (error == 0) {
3127 *retval = (int)token->token_length;
3128 }
3129
3130 NETAGENTLOG((error ? LOG_ERR : LOG_DEBUG), "Copied token content (error %d)", error);
3131
3132 TAILQ_REMOVE(®istration->token_list, token, token_chain);
3133 netagent_token_free(token);
3134 if (registration->token_count > 0) {
3135 registration->token_count--;
3136 }
3137 if (registration->token_count < registration->token_low_water) {
3138 (void)netagent_send_tokens_needed(registration);
3139 }
3140 done:
3141 if (registration != NULL) {
3142 NETAGENT_UNLOCK(registration);
3143 }
3144 NETAGENT_LIST_UNLOCK();
3145 return error;
3146 }
3147
3148 int
netagent_trigger(struct proc * p,struct netagent_trigger_args * uap,int32_t * retval)3149 netagent_trigger(struct proc *p, struct netagent_trigger_args *uap, int32_t *retval)
3150 {
3151 #pragma unused(p, retval)
3152 uuid_t agent_uuid = {};
3153 int error = 0;
3154
3155 if (uap == NULL) {
3156 NETAGENTLOG0(LOG_ERR, "uap == NULL");
3157 return EINVAL;
3158 }
3159
3160 if (uap->agent_uuid) {
3161 if (uap->agent_uuidlen != sizeof(uuid_t)) {
3162 NETAGENTLOG(LOG_ERR, "Incorrect length (got %zu, expected %lu)",
3163 (size_t)uap->agent_uuidlen, sizeof(uuid_t));
3164 return ERANGE;
3165 }
3166
3167 error = copyin(uap->agent_uuid, agent_uuid, sizeof(uuid_t));
3168 if (error) {
3169 NETAGENTLOG(LOG_ERR, "copyin error (%d)", error);
3170 return error;
3171 }
3172 }
3173
3174 if (uuid_is_null(agent_uuid)) {
3175 NETAGENTLOG0(LOG_ERR, "Requested netagent UUID is empty");
3176 return EINVAL;
3177 }
3178
3179 NETAGENT_LIST_LOCK_SHARED();
3180 struct netagent_registration *registration = netagent_find_agent_with_uuid_and_lock(agent_uuid, false, false);
3181 if (registration == NULL) {
3182 NETAGENTLOG0(LOG_ERR, "Requested netagent UUID is not registered");
3183 error = ENOENT;
3184 goto done;
3185 }
3186
3187 if ((registration->netagent->netagent_flags & NETAGENT_FLAG_USER_ACTIVATED) == 0) {
3188 // Agent does not accept triggers
3189 NETAGENTLOG0(LOG_ERR, "Requested netagent UUID is not eligible for triggering");
3190 error = ENOTSUP;
3191 goto done;
3192 }
3193
3194 if ((registration->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE)) {
3195 // Agent already active
3196 NETAGENTLOG0(LOG_INFO, "Requested netagent UUID is already active");
3197 error = 0;
3198 goto done;
3199 }
3200
3201 error = netagent_send_trigger(registration, p, NETAGENT_TRIGGER_FLAG_USER, NETAGENT_MESSAGE_TYPE_TRIGGER);
3202 NETAGENTLOG((error ? LOG_ERR : LOG_INFO), "Triggered netagent (error %d)", error);
3203 done:
3204 if (registration != NULL) {
3205 NETAGENT_UNLOCK(registration);
3206 }
3207 NETAGENT_LIST_UNLOCK();
3208 return error;
3209 }
3210