1*d4514f0bSApple OSS Distributions /* 2*d4514f0bSApple OSS Distributions * Copyright (c) 2013-2019, 2022 Apple Inc. All rights reserved. 3*d4514f0bSApple OSS Distributions * 4*d4514f0bSApple OSS Distributions * @APPLE_LICENSE_HEADER_START@ 5*d4514f0bSApple OSS Distributions * 6*d4514f0bSApple OSS Distributions * This file contains Original Code and/or Modifications of Original Code 7*d4514f0bSApple OSS Distributions * as defined in and that are subject to the Apple Public Source License 8*d4514f0bSApple OSS Distributions * Version 2.0 (the 'License'). You may not use this file except in 9*d4514f0bSApple OSS Distributions * compliance with the License. Please obtain a copy of the License at 10*d4514f0bSApple OSS Distributions * http://www.opensource.apple.com/apsl/ and read it before using this 11*d4514f0bSApple OSS Distributions * file. 12*d4514f0bSApple OSS Distributions * 13*d4514f0bSApple OSS Distributions * The Original Code and all software distributed under the License are 14*d4514f0bSApple OSS Distributions * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15*d4514f0bSApple OSS Distributions * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16*d4514f0bSApple OSS Distributions * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17*d4514f0bSApple OSS Distributions * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18*d4514f0bSApple OSS Distributions * Please see the License for the specific language governing rights and 19*d4514f0bSApple OSS Distributions * limitations under the License. 20*d4514f0bSApple OSS Distributions * 21*d4514f0bSApple OSS Distributions * @APPLE_LICENSE_HEADER_END@ 22*d4514f0bSApple OSS Distributions */ 23*d4514f0bSApple OSS Distributions 24*d4514f0bSApple OSS Distributions #ifndef __CONTENT_FILTER_H__ 25*d4514f0bSApple OSS Distributions #define __CONTENT_FILTER_H__ 26*d4514f0bSApple OSS Distributions 27*d4514f0bSApple OSS Distributions #include <sys/param.h> 28*d4514f0bSApple OSS Distributions #include <sys/types.h> 29*d4514f0bSApple OSS Distributions #include <sys/_types/_timeval64.h> 30*d4514f0bSApple OSS Distributions #include <sys/socket.h> 31*d4514f0bSApple OSS Distributions #include <sys/syslog.h> 32*d4514f0bSApple OSS Distributions #include <netinet/in.h> 33*d4514f0bSApple OSS Distributions #include <stdint.h> 34*d4514f0bSApple OSS Distributions #include <corecrypto/ccsha2.h> 35*d4514f0bSApple OSS Distributions 36*d4514f0bSApple OSS Distributions #ifdef BSD_KERNEL_PRIVATE 37*d4514f0bSApple OSS Distributions #include <sys/mbuf.h> 38*d4514f0bSApple OSS Distributions #include <sys/socketvar.h> 39*d4514f0bSApple OSS Distributions #endif /* BSD_KERNEL_PRIVATE */ 40*d4514f0bSApple OSS Distributions 41*d4514f0bSApple OSS Distributions #ifndef XNU_KERNEL_PRIVATE 42*d4514f0bSApple OSS Distributions #include <TargetConditionals.h> 43*d4514f0bSApple OSS Distributions #endif 44*d4514f0bSApple OSS Distributions 45*d4514f0bSApple OSS Distributions __BEGIN_DECLS 46*d4514f0bSApple OSS Distributions 47*d4514f0bSApple OSS Distributions #ifdef PRIVATE 48*d4514f0bSApple OSS Distributions 49*d4514f0bSApple OSS Distributions /* 50*d4514f0bSApple OSS Distributions * Kernel control name for an instance of a Content Filter 51*d4514f0bSApple OSS Distributions * Use CTLIOCGINFO to find out the corresponding kernel control id 52*d4514f0bSApple OSS Distributions * to be set in the sc_id field of sockaddr_ctl for connect(2) 53*d4514f0bSApple OSS Distributions * Note: the sc_unit is ephemeral 54*d4514f0bSApple OSS Distributions */ 55*d4514f0bSApple OSS Distributions #define CONTENT_FILTER_CONTROL_NAME "com.apple.content-filter" 56*d4514f0bSApple OSS Distributions 57*d4514f0bSApple OSS Distributions /* 58*d4514f0bSApple OSS Distributions * Opaque socket identifier 59*d4514f0bSApple OSS Distributions */ 60*d4514f0bSApple OSS Distributions typedef uint64_t cfil_sock_id_t; 61*d4514f0bSApple OSS Distributions 62*d4514f0bSApple OSS Distributions #define CFIL_SOCK_ID_NONE UINT64_MAX 63*d4514f0bSApple OSS Distributions 64*d4514f0bSApple OSS Distributions 65*d4514f0bSApple OSS Distributions /* 66*d4514f0bSApple OSS Distributions * CFIL_OPT_NECP_CONTROL_UNIT 67*d4514f0bSApple OSS Distributions * To set or get the NECP filter control unit for the kernel control socket 68*d4514f0bSApple OSS Distributions * The option level is SYSPROTO_CONTROL 69*d4514f0bSApple OSS Distributions */ 70*d4514f0bSApple OSS Distributions #define CFIL_OPT_NECP_CONTROL_UNIT 1 /* uint32_t */ 71*d4514f0bSApple OSS Distributions 72*d4514f0bSApple OSS Distributions /* 73*d4514f0bSApple OSS Distributions * CFIL_OPT_GET_SOCKET_INFO 74*d4514f0bSApple OSS Distributions * To get information about a given socket that is being filtered. 75*d4514f0bSApple OSS Distributions */ 76*d4514f0bSApple OSS Distributions #define CFIL_OPT_GET_SOCKET_INFO 2 /* uint32_t */ 77*d4514f0bSApple OSS Distributions 78*d4514f0bSApple OSS Distributions /* 79*d4514f0bSApple OSS Distributions * CFIL_OPT_PRESERVE_CONNECTIONS 80*d4514f0bSApple OSS Distributions * To set or get the preserve-connections setting for the filter 81*d4514f0bSApple OSS Distributions */ 82*d4514f0bSApple OSS Distributions #define CFIL_OPT_PRESERVE_CONNECTIONS 3 /* uint32_t */ 83*d4514f0bSApple OSS Distributions 84*d4514f0bSApple OSS Distributions /* 85*d4514f0bSApple OSS Distributions * struct cfil_opt_sock_info 86*d4514f0bSApple OSS Distributions * 87*d4514f0bSApple OSS Distributions * Contains information about a socket that is being filtered. 88*d4514f0bSApple OSS Distributions */ 89*d4514f0bSApple OSS Distributions struct cfil_opt_sock_info { 90*d4514f0bSApple OSS Distributions cfil_sock_id_t cfs_sock_id; 91*d4514f0bSApple OSS Distributions int cfs_sock_family; /* e.g. PF_INET */ 92*d4514f0bSApple OSS Distributions int cfs_sock_type; /* e.g. SOCK_STREAM */ 93*d4514f0bSApple OSS Distributions int cfs_sock_protocol; /* e.g. IPPROTO_TCP */ 94*d4514f0bSApple OSS Distributions union sockaddr_in_4_6 cfs_local; 95*d4514f0bSApple OSS Distributions union sockaddr_in_4_6 cfs_remote; 96*d4514f0bSApple OSS Distributions pid_t cfs_pid; 97*d4514f0bSApple OSS Distributions pid_t cfs_e_pid; 98*d4514f0bSApple OSS Distributions pid_t cfs_r_pid; 99*d4514f0bSApple OSS Distributions uuid_t cfs_uuid; 100*d4514f0bSApple OSS Distributions uuid_t cfs_e_uuid; 101*d4514f0bSApple OSS Distributions uuid_t cfs_r_uuid; 102*d4514f0bSApple OSS Distributions }; 103*d4514f0bSApple OSS Distributions 104*d4514f0bSApple OSS Distributions /* 105*d4514f0bSApple OSS Distributions * How many filter may be active simultaneously 106*d4514f0bSApple OSS Distributions */ 107*d4514f0bSApple OSS Distributions 108*d4514f0bSApple OSS Distributions #define CFIL_MAX_FILTER_COUNT 8 109*d4514f0bSApple OSS Distributions 110*d4514f0bSApple OSS Distributions /* 111*d4514f0bSApple OSS Distributions * Crypto Support 112*d4514f0bSApple OSS Distributions */ 113*d4514f0bSApple OSS Distributions #define CFIL_CRYPTO 1 114*d4514f0bSApple OSS Distributions #define CFIL_CRYPTO_SIGNATURE_SIZE 32 115*d4514f0bSApple OSS Distributions #define CFIL_CRYPTO_DATA_EVENT 1 116*d4514f0bSApple OSS Distributions 117*d4514f0bSApple OSS Distributions typedef uint8_t cfil_crypto_key[CCSHA256_OUTPUT_SIZE]; 118*d4514f0bSApple OSS Distributions typedef uint8_t cfil_crypto_signature[CFIL_CRYPTO_SIGNATURE_SIZE]; 119*d4514f0bSApple OSS Distributions 120*d4514f0bSApple OSS Distributions typedef struct cfil_crypto_state { 121*d4514f0bSApple OSS Distributions const struct ccdigest_info *digest_info; 122*d4514f0bSApple OSS Distributions cfil_crypto_key key; 123*d4514f0bSApple OSS Distributions } *cfil_crypto_state_t; 124*d4514f0bSApple OSS Distributions 125*d4514f0bSApple OSS Distributions typedef struct cfil_crypto_data { 126*d4514f0bSApple OSS Distributions uuid_t flow_id; 127*d4514f0bSApple OSS Distributions u_int64_t sock_id; 128*d4514f0bSApple OSS Distributions u_int32_t direction; 129*d4514f0bSApple OSS Distributions union sockaddr_in_4_6 remote; 130*d4514f0bSApple OSS Distributions union sockaddr_in_4_6 local; 131*d4514f0bSApple OSS Distributions u_int32_t socketProtocol; 132*d4514f0bSApple OSS Distributions pid_t pid; 133*d4514f0bSApple OSS Distributions pid_t effective_pid; 134*d4514f0bSApple OSS Distributions pid_t responsible_pid; 135*d4514f0bSApple OSS Distributions uuid_t uuid; 136*d4514f0bSApple OSS Distributions uuid_t effective_uuid; 137*d4514f0bSApple OSS Distributions uuid_t responsible_uuid; 138*d4514f0bSApple OSS Distributions u_int64_t byte_count_in; 139*d4514f0bSApple OSS Distributions u_int64_t byte_count_out; 140*d4514f0bSApple OSS Distributions } *cfil_crypto_data_t; 141*d4514f0bSApple OSS Distributions 142*d4514f0bSApple OSS Distributions /* 143*d4514f0bSApple OSS Distributions * Responsible pid/uuid support 144*d4514f0bSApple OSS Distributions */ 145*d4514f0bSApple OSS Distributions #define CFIL_RESPONSIBLE_PID_SUPPORT 1 146*d4514f0bSApple OSS Distributions 147*d4514f0bSApple OSS Distributions /* 148*d4514f0bSApple OSS Distributions * Types of messages 149*d4514f0bSApple OSS Distributions * 150*d4514f0bSApple OSS Distributions * Event messages flow from kernel to user space while action 151*d4514f0bSApple OSS Distributions * messages flow in the reverse direction. 152*d4514f0bSApple OSS Distributions * A message in entirely represented by a packet sent or received 153*d4514f0bSApple OSS Distributions * on a Content Filter kernel control socket. 154*d4514f0bSApple OSS Distributions */ 155*d4514f0bSApple OSS Distributions #define CFM_TYPE_EVENT 1 /* message from kernel */ 156*d4514f0bSApple OSS Distributions #define CFM_TYPE_ACTION 2 /* message to kernel */ 157*d4514f0bSApple OSS Distributions 158*d4514f0bSApple OSS Distributions /* 159*d4514f0bSApple OSS Distributions * Operations associated with events from kernel 160*d4514f0bSApple OSS Distributions */ 161*d4514f0bSApple OSS Distributions #define CFM_OP_SOCKET_ATTACHED 1 /* a socket has been attached */ 162*d4514f0bSApple OSS Distributions #define CFM_OP_SOCKET_CLOSED 2 /* a socket is being closed */ 163*d4514f0bSApple OSS Distributions #define CFM_OP_DATA_OUT 3 /* data being sent */ 164*d4514f0bSApple OSS Distributions #define CFM_OP_DATA_IN 4 /* data being received */ 165*d4514f0bSApple OSS Distributions #define CFM_OP_DISCONNECT_OUT 5 /* no more outgoing data */ 166*d4514f0bSApple OSS Distributions #define CFM_OP_DISCONNECT_IN 6 /* no more incoming data */ 167*d4514f0bSApple OSS Distributions #define CFM_OP_STATS 7 /* periodic stats report(s) */ 168*d4514f0bSApple OSS Distributions 169*d4514f0bSApple OSS Distributions /* 170*d4514f0bSApple OSS Distributions * Operations associated with action from filter to kernel 171*d4514f0bSApple OSS Distributions */ 172*d4514f0bSApple OSS Distributions #define CFM_OP_DATA_UPDATE 16 /* update pass or peek offsets */ 173*d4514f0bSApple OSS Distributions #define CFM_OP_DROP 17 /* shutdown socket, no more data */ 174*d4514f0bSApple OSS Distributions #define CFM_OP_BLESS_CLIENT 18 /* mark a client flow as already filtered, passes a uuid */ 175*d4514f0bSApple OSS Distributions #define CFM_OP_SET_CRYPTO_KEY 19 /* assign client crypto key for message signing */ 176*d4514f0bSApple OSS Distributions 177*d4514f0bSApple OSS Distributions /* 178*d4514f0bSApple OSS Distributions * struct cfil_msg_hdr 179*d4514f0bSApple OSS Distributions * 180*d4514f0bSApple OSS Distributions * Header common to all messages 181*d4514f0bSApple OSS Distributions */ 182*d4514f0bSApple OSS Distributions struct cfil_msg_hdr { 183*d4514f0bSApple OSS Distributions uint32_t cfm_len; /* total length */ 184*d4514f0bSApple OSS Distributions uint32_t cfm_version; 185*d4514f0bSApple OSS Distributions uint32_t cfm_type; 186*d4514f0bSApple OSS Distributions uint32_t cfm_op; 187*d4514f0bSApple OSS Distributions cfil_sock_id_t cfm_sock_id; 188*d4514f0bSApple OSS Distributions }; 189*d4514f0bSApple OSS Distributions 190*d4514f0bSApple OSS Distributions #define CFM_VERSION_CURRENT 1 191*d4514f0bSApple OSS Distributions 192*d4514f0bSApple OSS Distributions /* 193*d4514f0bSApple OSS Distributions * Connection Direction 194*d4514f0bSApple OSS Distributions */ 195*d4514f0bSApple OSS Distributions #define CFS_CONNECTION_DIR_IN 0 196*d4514f0bSApple OSS Distributions #define CFS_CONNECTION_DIR_OUT 1 197*d4514f0bSApple OSS Distributions 198*d4514f0bSApple OSS Distributions #define CFS_REAL_AUDIT_TOKEN 1 199*d4514f0bSApple OSS Distributions 200*d4514f0bSApple OSS Distributions #define CFS_MAX_DOMAIN_NAME_LENGTH 256 201*d4514f0bSApple OSS Distributions 202*d4514f0bSApple OSS Distributions 203*d4514f0bSApple OSS Distributions /* 204*d4514f0bSApple OSS Distributions * struct cfil_msg_sock_attached 205*d4514f0bSApple OSS Distributions * 206*d4514f0bSApple OSS Distributions * Information about a new socket being attached to the content filter 207*d4514f0bSApple OSS Distributions * 208*d4514f0bSApple OSS Distributions * Action: No reply is expected as this does not block the creation of the 209*d4514f0bSApple OSS Distributions * TCP/IP but timely action must be taken to avoid user noticeable delays. 210*d4514f0bSApple OSS Distributions * 211*d4514f0bSApple OSS Distributions * Valid Types: CFM_TYPE_EVENT 212*d4514f0bSApple OSS Distributions * 213*d4514f0bSApple OSS Distributions * Valid Op: CFM_OP_SOCKET_ATTACHED 214*d4514f0bSApple OSS Distributions */ 215*d4514f0bSApple OSS Distributions struct cfil_msg_sock_attached { 216*d4514f0bSApple OSS Distributions struct cfil_msg_hdr cfs_msghdr; 217*d4514f0bSApple OSS Distributions int cfs_sock_family; /* e.g. PF_INET */ 218*d4514f0bSApple OSS Distributions int cfs_sock_type; /* e.g. SOCK_STREAM */ 219*d4514f0bSApple OSS Distributions int cfs_sock_protocol; /* e.g. IPPROTO_TCP */ 220*d4514f0bSApple OSS Distributions int cfs_unused; /* padding */ 221*d4514f0bSApple OSS Distributions pid_t cfs_pid; 222*d4514f0bSApple OSS Distributions pid_t cfs_e_pid; 223*d4514f0bSApple OSS Distributions pid_t cfs_r_pid; 224*d4514f0bSApple OSS Distributions uuid_t cfs_uuid; 225*d4514f0bSApple OSS Distributions uuid_t cfs_e_uuid; 226*d4514f0bSApple OSS Distributions uuid_t cfs_r_uuid; 227*d4514f0bSApple OSS Distributions union sockaddr_in_4_6 cfs_src; 228*d4514f0bSApple OSS Distributions union sockaddr_in_4_6 cfs_dst; 229*d4514f0bSApple OSS Distributions int cfs_conn_dir; 230*d4514f0bSApple OSS Distributions unsigned int cfs_audit_token[8]; /* Must match audit_token_t */ 231*d4514f0bSApple OSS Distributions unsigned int cfs_real_audit_token[8]; /* Must match audit_token_t */ 232*d4514f0bSApple OSS Distributions cfil_crypto_signature cfs_signature; 233*d4514f0bSApple OSS Distributions uint32_t cfs_signature_length; 234*d4514f0bSApple OSS Distributions char cfs_remote_domain_name[CFS_MAX_DOMAIN_NAME_LENGTH]; 235*d4514f0bSApple OSS Distributions }; 236*d4514f0bSApple OSS Distributions 237*d4514f0bSApple OSS Distributions /* 238*d4514f0bSApple OSS Distributions * CFIL data flags 239*d4514f0bSApple OSS Distributions */ 240*d4514f0bSApple OSS Distributions #define CFD_DATA_FLAG_IP_HEADER 0x00000001 /* Data includes IP header */ 241*d4514f0bSApple OSS Distributions #define CFIL_DATA_HAS_DELEGATED_PID 1 242*d4514f0bSApple OSS Distributions /* 243*d4514f0bSApple OSS Distributions * struct cfil_msg_data_event 244*d4514f0bSApple OSS Distributions * 245*d4514f0bSApple OSS Distributions * Event for the content fiter to act on a span of data 246*d4514f0bSApple OSS Distributions * A data span is described by a pair of offsets over the cumulative 247*d4514f0bSApple OSS Distributions * number of bytes sent or received on the socket. 248*d4514f0bSApple OSS Distributions * 249*d4514f0bSApple OSS Distributions * Action: The event must be acted upon but the filter may buffer 250*d4514f0bSApple OSS Distributions * data spans until it has enough content to make a decision. 251*d4514f0bSApple OSS Distributions * The action must be timely to avoid user noticeable delays. 252*d4514f0bSApple OSS Distributions * 253*d4514f0bSApple OSS Distributions * Valid Type: CFM_TYPE_EVENT 254*d4514f0bSApple OSS Distributions * 255*d4514f0bSApple OSS Distributions * Valid Ops: CFM_OP_DATA_OUT, CFM_OP_DATA_IN 256*d4514f0bSApple OSS Distributions */ 257*d4514f0bSApple OSS Distributions struct cfil_msg_data_event { 258*d4514f0bSApple OSS Distributions struct cfil_msg_hdr cfd_msghdr; 259*d4514f0bSApple OSS Distributions union sockaddr_in_4_6 cfc_src; 260*d4514f0bSApple OSS Distributions union sockaddr_in_4_6 cfc_dst; 261*d4514f0bSApple OSS Distributions uint64_t cfd_start_offset; 262*d4514f0bSApple OSS Distributions uint64_t cfd_end_offset; 263*d4514f0bSApple OSS Distributions cfil_crypto_signature cfd_signature; 264*d4514f0bSApple OSS Distributions uint32_t cfd_signature_length; 265*d4514f0bSApple OSS Distributions uint32_t cfd_flags; 266*d4514f0bSApple OSS Distributions pid_t cfd_delegated_pid; 267*d4514f0bSApple OSS Distributions unsigned int cfd_delegated_audit_token[8]; 268*d4514f0bSApple OSS Distributions /* Actual content data immediatly follows */ 269*d4514f0bSApple OSS Distributions }; 270*d4514f0bSApple OSS Distributions 271*d4514f0bSApple OSS Distributions #define CFI_MAX_TIME_LOG_ENTRY 6 272*d4514f0bSApple OSS Distributions /* 273*d4514f0bSApple OSS Distributions * struct cfil_msg_sock_closed 274*d4514f0bSApple OSS Distributions * 275*d4514f0bSApple OSS Distributions * Information about a socket being closed to the content filter 276*d4514f0bSApple OSS Distributions * 277*d4514f0bSApple OSS Distributions * Action: No reply is expected as this does not block the closing of the 278*d4514f0bSApple OSS Distributions * TCP/IP. 279*d4514f0bSApple OSS Distributions * 280*d4514f0bSApple OSS Distributions * Valid Types: CFM_TYPE_EVENT 281*d4514f0bSApple OSS Distributions * 282*d4514f0bSApple OSS Distributions * Valid Op: CFM_OP_SOCKET_CLOSED 283*d4514f0bSApple OSS Distributions */ 284*d4514f0bSApple OSS Distributions struct cfil_msg_sock_closed { 285*d4514f0bSApple OSS Distributions struct cfil_msg_hdr cfc_msghdr; 286*d4514f0bSApple OSS Distributions struct timeval64 cfc_first_event; 287*d4514f0bSApple OSS Distributions uint32_t cfc_op_list_ctr; 288*d4514f0bSApple OSS Distributions uint32_t cfc_op_time[CFI_MAX_TIME_LOG_ENTRY]; /* time interval in microseconds since first event */ 289*d4514f0bSApple OSS Distributions unsigned char cfc_op_list[CFI_MAX_TIME_LOG_ENTRY]; 290*d4514f0bSApple OSS Distributions uint64_t cfc_byte_inbound_count; 291*d4514f0bSApple OSS Distributions uint64_t cfc_byte_outbound_count; 292*d4514f0bSApple OSS Distributions #define CFC_CLOSED_EVENT_LADDR 1 293*d4514f0bSApple OSS Distributions union sockaddr_in_4_6 cfc_laddr; 294*d4514f0bSApple OSS Distributions cfil_crypto_signature cfc_signature; 295*d4514f0bSApple OSS Distributions uint32_t cfc_signature_length; 296*d4514f0bSApple OSS Distributions } __attribute__((aligned(8))); 297*d4514f0bSApple OSS Distributions 298*d4514f0bSApple OSS Distributions /* 299*d4514f0bSApple OSS Distributions * struct cfil_msg_stats_report 300*d4514f0bSApple OSS Distributions * 301*d4514f0bSApple OSS Distributions * Statistics report for flow(s). 302*d4514f0bSApple OSS Distributions * 303*d4514f0bSApple OSS Distributions * Action: No reply is expected. 304*d4514f0bSApple OSS Distributions * 305*d4514f0bSApple OSS Distributions * Valid Types: CFM_TYPE_EVENT 306*d4514f0bSApple OSS Distributions * 307*d4514f0bSApple OSS Distributions * Valid Op: CFM_OP_STATS 308*d4514f0bSApple OSS Distributions */ 309*d4514f0bSApple OSS Distributions struct cfil_msg_sock_stats { 310*d4514f0bSApple OSS Distributions cfil_sock_id_t cfs_sock_id; 311*d4514f0bSApple OSS Distributions uint64_t cfs_byte_inbound_count; 312*d4514f0bSApple OSS Distributions uint64_t cfs_byte_outbound_count; 313*d4514f0bSApple OSS Distributions union sockaddr_in_4_6 cfs_laddr; 314*d4514f0bSApple OSS Distributions } __attribute__((aligned(8))); 315*d4514f0bSApple OSS Distributions 316*d4514f0bSApple OSS Distributions struct cfil_msg_stats_report { 317*d4514f0bSApple OSS Distributions struct cfil_msg_hdr cfr_msghdr; 318*d4514f0bSApple OSS Distributions uint32_t cfr_count; 319*d4514f0bSApple OSS Distributions struct cfil_msg_sock_stats cfr_stats[]; 320*d4514f0bSApple OSS Distributions } __attribute__((aligned(8))); 321*d4514f0bSApple OSS Distributions 322*d4514f0bSApple OSS Distributions /* 323*d4514f0bSApple OSS Distributions * struct cfil_msg_action 324*d4514f0bSApple OSS Distributions * 325*d4514f0bSApple OSS Distributions * Valid Type: CFM_TYPE_ACTION 326*d4514f0bSApple OSS Distributions * 327*d4514f0bSApple OSS Distributions * Valid Ops: CFM_OP_DATA_UPDATE, CFM_OP_DROP 328*d4514f0bSApple OSS Distributions * 329*d4514f0bSApple OSS Distributions * For CFM_OP_DATA_UPDATE: 330*d4514f0bSApple OSS Distributions * 331*d4514f0bSApple OSS Distributions * cfa_in_pass_offset and cfa_out_pass_offset indicates how much data is 332*d4514f0bSApple OSS Distributions * allowed to pass. A zero value does not modify the corresponding pass offset. 333*d4514f0bSApple OSS Distributions * 334*d4514f0bSApple OSS Distributions * cfa_in_peek_offset and cfa_out_peek_offset lets the filter specify how much 335*d4514f0bSApple OSS Distributions * data it needs to make a decision: the kernel will deliver data up to that 336*d4514f0bSApple OSS Distributions * offset (if less than cfa_pass_offset it is ignored). Use CFM_MAX_OFFSET 337*d4514f0bSApple OSS Distributions * if you don't value the corresponding peek offset to be updated. 338*d4514f0bSApple OSS Distributions */ 339*d4514f0bSApple OSS Distributions struct cfil_msg_action { 340*d4514f0bSApple OSS Distributions struct cfil_msg_hdr cfa_msghdr; 341*d4514f0bSApple OSS Distributions uint64_t cfa_in_pass_offset; 342*d4514f0bSApple OSS Distributions uint64_t cfa_in_peek_offset; 343*d4514f0bSApple OSS Distributions uint64_t cfa_out_pass_offset; 344*d4514f0bSApple OSS Distributions uint64_t cfa_out_peek_offset; 345*d4514f0bSApple OSS Distributions uint32_t cfa_stats_frequency; // Statistics frequency in milliseconds 346*d4514f0bSApple OSS Distributions }; 347*d4514f0bSApple OSS Distributions 348*d4514f0bSApple OSS Distributions /* 349*d4514f0bSApple OSS Distributions * struct cfil_msg_bless_client 350*d4514f0bSApple OSS Distributions * 351*d4514f0bSApple OSS Distributions * Marks a client UUID as already filtered at a higher level. 352*d4514f0bSApple OSS Distributions * 353*d4514f0bSApple OSS Distributions * Valid Type: CFM_TYPE_ACTION 354*d4514f0bSApple OSS Distributions * 355*d4514f0bSApple OSS Distributions * Valid Ops: CFM_OP_BLESS_CLIENT 356*d4514f0bSApple OSS Distributions */ 357*d4514f0bSApple OSS Distributions struct cfil_msg_bless_client { 358*d4514f0bSApple OSS Distributions struct cfil_msg_hdr cfb_msghdr; 359*d4514f0bSApple OSS Distributions uuid_t cfb_client_uuid; 360*d4514f0bSApple OSS Distributions }; 361*d4514f0bSApple OSS Distributions 362*d4514f0bSApple OSS Distributions /* 363*d4514f0bSApple OSS Distributions * struct cfil_msg_set_crypto_key 364*d4514f0bSApple OSS Distributions * 365*d4514f0bSApple OSS Distributions * Filter assigning client crypto key to CFIL for message signing 366*d4514f0bSApple OSS Distributions * 367*d4514f0bSApple OSS Distributions * Valid Type: CFM_TYPE_ACTION 368*d4514f0bSApple OSS Distributions * 369*d4514f0bSApple OSS Distributions * Valid Ops: CFM_OP_SET_CRYPTO_KEY 370*d4514f0bSApple OSS Distributions */ 371*d4514f0bSApple OSS Distributions struct cfil_msg_set_crypto_key { 372*d4514f0bSApple OSS Distributions struct cfil_msg_hdr cfb_msghdr; 373*d4514f0bSApple OSS Distributions cfil_crypto_key crypto_key; 374*d4514f0bSApple OSS Distributions }; 375*d4514f0bSApple OSS Distributions 376*d4514f0bSApple OSS Distributions #define CFM_MAX_OFFSET UINT64_MAX 377*d4514f0bSApple OSS Distributions 378*d4514f0bSApple OSS Distributions /* 379*d4514f0bSApple OSS Distributions * Statistics retrieved via sysctl(3) 380*d4514f0bSApple OSS Distributions */ 381*d4514f0bSApple OSS Distributions struct cfil_filter_stat { 382*d4514f0bSApple OSS Distributions uint32_t cfs_len; 383*d4514f0bSApple OSS Distributions uint32_t cfs_filter_id; 384*d4514f0bSApple OSS Distributions uint32_t cfs_flags; 385*d4514f0bSApple OSS Distributions uint32_t cfs_sock_count; 386*d4514f0bSApple OSS Distributions uint32_t cfs_necp_control_unit; 387*d4514f0bSApple OSS Distributions }; 388*d4514f0bSApple OSS Distributions 389*d4514f0bSApple OSS Distributions struct cfil_entry_stat { 390*d4514f0bSApple OSS Distributions uint32_t ces_len; 391*d4514f0bSApple OSS Distributions uint32_t ces_filter_id; 392*d4514f0bSApple OSS Distributions uint32_t ces_flags; 393*d4514f0bSApple OSS Distributions uint32_t ces_necp_control_unit; 394*d4514f0bSApple OSS Distributions struct timeval64 ces_last_event; 395*d4514f0bSApple OSS Distributions struct timeval64 ces_last_action; 396*d4514f0bSApple OSS Distributions struct cfe_buf_stat { 397*d4514f0bSApple OSS Distributions uint64_t cbs_pending_first; 398*d4514f0bSApple OSS Distributions uint64_t cbs_pending_last; 399*d4514f0bSApple OSS Distributions uint64_t cbs_ctl_first; 400*d4514f0bSApple OSS Distributions uint64_t cbs_ctl_last; 401*d4514f0bSApple OSS Distributions uint64_t cbs_pass_offset; 402*d4514f0bSApple OSS Distributions uint64_t cbs_peek_offset; 403*d4514f0bSApple OSS Distributions uint64_t cbs_peeked; 404*d4514f0bSApple OSS Distributions } ces_snd, ces_rcv; 405*d4514f0bSApple OSS Distributions }; 406*d4514f0bSApple OSS Distributions 407*d4514f0bSApple OSS Distributions struct cfil_sock_stat { 408*d4514f0bSApple OSS Distributions uint32_t cfs_len; 409*d4514f0bSApple OSS Distributions int cfs_sock_family; 410*d4514f0bSApple OSS Distributions int cfs_sock_type; 411*d4514f0bSApple OSS Distributions int cfs_sock_protocol; 412*d4514f0bSApple OSS Distributions cfil_sock_id_t cfs_sock_id; 413*d4514f0bSApple OSS Distributions uint64_t cfs_flags; 414*d4514f0bSApple OSS Distributions pid_t cfs_pid; 415*d4514f0bSApple OSS Distributions pid_t cfs_e_pid; 416*d4514f0bSApple OSS Distributions uuid_t cfs_uuid; 417*d4514f0bSApple OSS Distributions uuid_t cfs_e_uuid; 418*d4514f0bSApple OSS Distributions struct cfi_buf_stat { 419*d4514f0bSApple OSS Distributions uint64_t cbs_pending_first; 420*d4514f0bSApple OSS Distributions uint64_t cbs_pending_last; 421*d4514f0bSApple OSS Distributions uint64_t cbs_pass_offset; 422*d4514f0bSApple OSS Distributions uint64_t cbs_inject_q_len; 423*d4514f0bSApple OSS Distributions } cfs_snd, cfs_rcv; 424*d4514f0bSApple OSS Distributions struct cfil_entry_stat ces_entries[CFIL_MAX_FILTER_COUNT]; 425*d4514f0bSApple OSS Distributions }; 426*d4514f0bSApple OSS Distributions 427*d4514f0bSApple OSS Distributions /* 428*d4514f0bSApple OSS Distributions * Global statistics 429*d4514f0bSApple OSS Distributions */ 430*d4514f0bSApple OSS Distributions struct cfil_stats { 431*d4514f0bSApple OSS Distributions int32_t cfs_ctl_connect_ok; 432*d4514f0bSApple OSS Distributions int32_t cfs_ctl_connect_fail; 433*d4514f0bSApple OSS Distributions int32_t cfs_ctl_disconnect_ok; 434*d4514f0bSApple OSS Distributions int32_t cfs_ctl_disconnect_fail; 435*d4514f0bSApple OSS Distributions int32_t cfs_ctl_send_ok; 436*d4514f0bSApple OSS Distributions int32_t cfs_ctl_send_bad; 437*d4514f0bSApple OSS Distributions int32_t cfs_ctl_rcvd_ok; 438*d4514f0bSApple OSS Distributions int32_t cfs_ctl_rcvd_bad; 439*d4514f0bSApple OSS Distributions int32_t cfs_ctl_rcvd_flow_lift; 440*d4514f0bSApple OSS Distributions int32_t cfs_ctl_action_data_update; 441*d4514f0bSApple OSS Distributions int32_t cfs_ctl_action_drop; 442*d4514f0bSApple OSS Distributions int32_t cfs_ctl_action_bad_op; 443*d4514f0bSApple OSS Distributions int32_t cfs_ctl_action_bad_len; 444*d4514f0bSApple OSS Distributions 445*d4514f0bSApple OSS Distributions int32_t cfs_sock_id_not_found; 446*d4514f0bSApple OSS Distributions 447*d4514f0bSApple OSS Distributions int32_t cfs_cfi_alloc_ok; 448*d4514f0bSApple OSS Distributions int32_t cfs_cfi_alloc_fail; 449*d4514f0bSApple OSS Distributions 450*d4514f0bSApple OSS Distributions int32_t cfs_sock_userspace_only; 451*d4514f0bSApple OSS Distributions int32_t cfs_sock_attach_in_vain; 452*d4514f0bSApple OSS Distributions int32_t cfs_sock_attach_already; 453*d4514f0bSApple OSS Distributions int32_t cfs_sock_attach_no_mem; 454*d4514f0bSApple OSS Distributions int32_t cfs_sock_attach_failed; 455*d4514f0bSApple OSS Distributions int32_t cfs_sock_attached; 456*d4514f0bSApple OSS Distributions int32_t cfs_sock_detached; 457*d4514f0bSApple OSS Distributions 458*d4514f0bSApple OSS Distributions int32_t cfs_attach_event_ok; 459*d4514f0bSApple OSS Distributions int32_t cfs_attach_event_flow_control; 460*d4514f0bSApple OSS Distributions int32_t cfs_attach_event_fail; 461*d4514f0bSApple OSS Distributions 462*d4514f0bSApple OSS Distributions int32_t cfs_closed_event_ok; 463*d4514f0bSApple OSS Distributions int32_t cfs_closed_event_flow_control; 464*d4514f0bSApple OSS Distributions int32_t cfs_closed_event_fail; 465*d4514f0bSApple OSS Distributions 466*d4514f0bSApple OSS Distributions int32_t cfs_data_event_ok; 467*d4514f0bSApple OSS Distributions int32_t cfs_data_event_flow_control; 468*d4514f0bSApple OSS Distributions int32_t cfs_data_event_fail; 469*d4514f0bSApple OSS Distributions 470*d4514f0bSApple OSS Distributions int32_t cfs_stats_event_ok; 471*d4514f0bSApple OSS Distributions int32_t cfs_stats_event_flow_control; 472*d4514f0bSApple OSS Distributions int32_t cfs_stats_event_fail; 473*d4514f0bSApple OSS Distributions 474*d4514f0bSApple OSS Distributions int32_t cfs_disconnect_in_event_ok; 475*d4514f0bSApple OSS Distributions int32_t cfs_disconnect_out_event_ok; 476*d4514f0bSApple OSS Distributions int32_t cfs_disconnect_event_flow_control; 477*d4514f0bSApple OSS Distributions int32_t cfs_disconnect_event_fail; 478*d4514f0bSApple OSS Distributions 479*d4514f0bSApple OSS Distributions int32_t cfs_ctl_q_not_started; 480*d4514f0bSApple OSS Distributions 481*d4514f0bSApple OSS Distributions int32_t cfs_close_wait; 482*d4514f0bSApple OSS Distributions int32_t cfs_close_wait_timeout; 483*d4514f0bSApple OSS Distributions 484*d4514f0bSApple OSS Distributions int32_t cfs_flush_in_drop; 485*d4514f0bSApple OSS Distributions int32_t cfs_flush_out_drop; 486*d4514f0bSApple OSS Distributions int32_t cfs_flush_in_close; 487*d4514f0bSApple OSS Distributions int32_t cfs_flush_out_close; 488*d4514f0bSApple OSS Distributions int32_t cfs_flush_in_free; 489*d4514f0bSApple OSS Distributions int32_t cfs_flush_out_free; 490*d4514f0bSApple OSS Distributions 491*d4514f0bSApple OSS Distributions int32_t cfs_inject_q_nomem; 492*d4514f0bSApple OSS Distributions int32_t cfs_inject_q_nobufs; 493*d4514f0bSApple OSS Distributions int32_t cfs_inject_q_detached; 494*d4514f0bSApple OSS Distributions int32_t cfs_inject_q_in_fail; 495*d4514f0bSApple OSS Distributions int32_t cfs_inject_q_out_fail; 496*d4514f0bSApple OSS Distributions 497*d4514f0bSApple OSS Distributions int32_t cfs_inject_q_in_retry; 498*d4514f0bSApple OSS Distributions int32_t cfs_inject_q_out_retry; 499*d4514f0bSApple OSS Distributions 500*d4514f0bSApple OSS Distributions int32_t cfs_data_in_control; 501*d4514f0bSApple OSS Distributions int32_t cfs_data_in_oob; 502*d4514f0bSApple OSS Distributions int32_t cfs_data_out_control; 503*d4514f0bSApple OSS Distributions int32_t cfs_data_out_oob; 504*d4514f0bSApple OSS Distributions 505*d4514f0bSApple OSS Distributions int64_t cfs_ctl_q_in_enqueued __attribute__((aligned(8))); 506*d4514f0bSApple OSS Distributions int64_t cfs_ctl_q_out_enqueued __attribute__((aligned(8))); 507*d4514f0bSApple OSS Distributions int64_t cfs_ctl_q_in_peeked __attribute__((aligned(8))); 508*d4514f0bSApple OSS Distributions int64_t cfs_ctl_q_out_peeked __attribute__((aligned(8))); 509*d4514f0bSApple OSS Distributions 510*d4514f0bSApple OSS Distributions int64_t cfs_pending_q_in_enqueued __attribute__((aligned(8))); 511*d4514f0bSApple OSS Distributions int64_t cfs_pending_q_out_enqueued __attribute__((aligned(8))); 512*d4514f0bSApple OSS Distributions 513*d4514f0bSApple OSS Distributions int64_t cfs_inject_q_in_enqueued __attribute__((aligned(8))); 514*d4514f0bSApple OSS Distributions int64_t cfs_inject_q_out_enqueued __attribute__((aligned(8))); 515*d4514f0bSApple OSS Distributions int64_t cfs_inject_q_in_passed __attribute__((aligned(8))); 516*d4514f0bSApple OSS Distributions int64_t cfs_inject_q_out_passed __attribute__((aligned(8))); 517*d4514f0bSApple OSS Distributions }; 518*d4514f0bSApple OSS Distributions #endif /* PRIVATE */ 519*d4514f0bSApple OSS Distributions 520*d4514f0bSApple OSS Distributions #ifdef BSD_KERNEL_PRIVATE 521*d4514f0bSApple OSS Distributions 522*d4514f0bSApple OSS Distributions #define M_SKIPCFIL M_PROTO5 523*d4514f0bSApple OSS Distributions 524*d4514f0bSApple OSS Distributions extern uint32_t cfil_active_count; 525*d4514f0bSApple OSS Distributions /* 526*d4514f0bSApple OSS Distributions * Check if flows on socket should be filtered 527*d4514f0bSApple OSS Distributions */ 528*d4514f0bSApple OSS Distributions #define CFIL_DGRAM_HAS_FILTERED_FLOWS(so) ((so->so_flags & SOF_CONTENT_FILTER) && (so->so_flow_db != NULL)) 529*d4514f0bSApple OSS Distributions #define CFIL_DGRAM_FILTERED(so) (!IS_TCP(so) && (cfil_active_count > 0) && (CFIL_DGRAM_HAS_FILTERED_FLOWS(so) || necp_socket_get_content_filter_control_unit(so))) 530*d4514f0bSApple OSS Distributions 531*d4514f0bSApple OSS Distributions extern int cfil_log_level; 532*d4514f0bSApple OSS Distributions 533*d4514f0bSApple OSS Distributions #define CFIL_LOG(level, fmt, ...) \ 534*d4514f0bSApple OSS Distributions do { \ 535*d4514f0bSApple OSS Distributions if (cfil_log_level >= level) \ 536*d4514f0bSApple OSS Distributions os_log(OS_LOG_DEFAULT, "%s:%d " fmt "\n",\ 537*d4514f0bSApple OSS Distributions __FUNCTION__, __LINE__, ##__VA_ARGS__); \ 538*d4514f0bSApple OSS Distributions } while (0) 539*d4514f0bSApple OSS Distributions 540*d4514f0bSApple OSS Distributions 541*d4514f0bSApple OSS Distributions extern void cfil_register_m_tag(void); 542*d4514f0bSApple OSS Distributions 543*d4514f0bSApple OSS Distributions extern void cfil_init(void); 544*d4514f0bSApple OSS Distributions 545*d4514f0bSApple OSS Distributions extern boolean_t cfil_filter_present(void); 546*d4514f0bSApple OSS Distributions extern boolean_t cfil_sock_connected_pending_verdict(struct socket *so); 547*d4514f0bSApple OSS Distributions extern boolean_t cfil_sock_is_dead(struct socket *so); 548*d4514f0bSApple OSS Distributions extern boolean_t cfil_sock_tcp_add_time_wait(struct socket *so); 549*d4514f0bSApple OSS Distributions extern errno_t cfil_sock_attach(struct socket *so, 550*d4514f0bSApple OSS Distributions struct sockaddr *local, struct sockaddr *remote, int dir); 551*d4514f0bSApple OSS Distributions extern errno_t cfil_sock_detach(struct socket *so); 552*d4514f0bSApple OSS Distributions 553*d4514f0bSApple OSS Distributions extern int cfil_sock_data_out(struct socket *so, struct sockaddr *to, 554*d4514f0bSApple OSS Distributions struct mbuf *data, struct mbuf *control, 555*d4514f0bSApple OSS Distributions uint32_t flags, struct soflow_hash_entry *); 556*d4514f0bSApple OSS Distributions extern int cfil_sock_data_in(struct socket *so, struct sockaddr *from, 557*d4514f0bSApple OSS Distributions struct mbuf *data, struct mbuf *control, 558*d4514f0bSApple OSS Distributions uint32_t flags, struct soflow_hash_entry *); 559*d4514f0bSApple OSS Distributions 560*d4514f0bSApple OSS Distributions extern int cfil_sock_shutdown(struct socket *so, int *how); 561*d4514f0bSApple OSS Distributions extern void cfil_sock_is_closed(struct socket *so); 562*d4514f0bSApple OSS Distributions extern void cfil_sock_notify_shutdown(struct socket *so, int how); 563*d4514f0bSApple OSS Distributions extern void cfil_sock_close_wait(struct socket *so); 564*d4514f0bSApple OSS Distributions 565*d4514f0bSApple OSS Distributions extern boolean_t cfil_sock_data_pending(struct sockbuf *sb); 566*d4514f0bSApple OSS Distributions extern int cfil_sock_data_space(struct sockbuf *sb); 567*d4514f0bSApple OSS Distributions extern void cfil_sock_buf_update(struct sockbuf *sb); 568*d4514f0bSApple OSS Distributions 569*d4514f0bSApple OSS Distributions extern cfil_sock_id_t cfil_sock_id_from_socket(struct socket *so); 570*d4514f0bSApple OSS Distributions extern cfil_sock_id_t cfil_sock_id_from_datagram_socket(struct socket *so, struct sockaddr *local, struct sockaddr *remote); 571*d4514f0bSApple OSS Distributions 572*d4514f0bSApple OSS Distributions extern struct m_tag *cfil_dgram_get_socket_state(struct mbuf *m, uint32_t *state_change_cnt, 573*d4514f0bSApple OSS Distributions uint32_t *options, struct sockaddr **faddr, int *inp_flags); 574*d4514f0bSApple OSS Distributions extern boolean_t cfil_dgram_peek_socket_state(struct mbuf *m, int *inp_flags); 575*d4514f0bSApple OSS Distributions 576*d4514f0bSApple OSS Distributions #endif /* BSD_KERNEL_PRIVATE */ 577*d4514f0bSApple OSS Distributions 578*d4514f0bSApple OSS Distributions __END_DECLS 579*d4514f0bSApple OSS Distributions 580*d4514f0bSApple OSS Distributions #endif /* __CONTENT_FILTER_H__ */ 581