necp_client.c source code [xnu/bsd/net/necp_client.c]

1	/*
2	* Copyright (c) 2015-2023 Apple Inc. All rights reserved.
3	*
4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5	*
6	* This file contains Original Code and/or Modifications of Original Code
7	* as defined in and that are subject to the Apple Public Source License
8	* Version 2.0 (the 'License'). You may not use this file except in
9	* compliance with the License. The rights granted to you under the License
10	* may not be used to create, or enable the creation or redistribution of,
11	* unlawful or unlicensed copies of an Apple operating system, or to
12	* circumvent, violate, or enable the circumvention or violation of, any
13	* terms of an Apple operating system software license agreement.
14	*
15	* Please obtain a copy of the License at
16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
17	*
18	* The Original Code and all software distributed under the License are
19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23	* Please see the License for the specific language governing rights and
24	* limitations under the License.
25	*
26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27	*/
28
29	#include <string.h>
30
31	#include <kern/thread_call.h>
32	#include <kern/zalloc.h>
33
34	#include <net/if.h>
35	#include <net/if_var.h>
36	#include <net/net_api_stats.h>
37	#include <net/necp.h>
38	#include <net/network_agent.h>
39	#include <net/ntstat.h>
40
41	#include <netinet/in_pcb.h>
42	#include <netinet/in_var.h>
43	#include <netinet/ip.h>
44	#include <netinet/ip6.h>
45	#include <netinet/mp_pcb.h>
46	#include <netinet/tcp_cc.h>
47	#include <netinet/tcp_fsm.h>
48	#include <netinet/tcp_cache.h>
49	#include <netinet6/in6_var.h>
50
51	#include <sys/domain.h>
52	#include <sys/file_internal.h>
53	#include <sys/kauth.h>
54	#include <sys/kernel.h>
55	#include <sys/malloc.h>
56	#include <sys/poll.h>
57	#include <sys/priv.h>
58	#include <sys/protosw.h>
59	#include <sys/queue.h>
60	#include <sys/socket.h>
61	#include <sys/socketvar.h>
62	#include <sys/sysproto.h>
63	#include <sys/systm.h>
64	#include <sys/types.h>
65	#include <sys/codesign.h>
66	#include <libkern/section_keywords.h>
67	#include <IOKit/IOBSD.h>
68
69	#include <os/refcnt.h>
70
71	#include <CoreEntitlements/CoreEntitlements.h>
72
73	#if SKYWALK
74	#include <skywalk/os_skywalk_private.h>
75	#include <skywalk/nexus/flowswitch/flow/flow_var.h>
76	#include <skywalk/nexus/flowswitch/nx_flowswitch.h>
77	#endif /* SKYWALK */
78
79	#if CONFIG_MACF
80	#include <security/mac_framework.h>
81	#endif
82
83	/*
84	* NECP Client Architecture
85	* ------------------------------------------------
86	* See <net/necp.c> for a discussion on NECP database architecture.
87	*
88	* Each client of NECP provides a set of parameters for a connection or network state
89	* evaluation, on which NECP policy evaluation is run. This produces a policy result
90	* which can be accessed by the originating process, along with events for when policies
91	* results have changed.
92	*
93	* ------------------------------------------------
94	* NECP Client FD
95	* ------------------------------------------------
96	* A process opens an NECP file descriptor using necp_open(). This is a very simple
97	* file descriptor, upon which the process may do the following operations:
98	* - necp_client_action(...), to add/remove/query clients
99	* - kqueue, to watch for readable events
100	* - close(), to close the client session and release all clients
101	*
102	* Client objects are allocated structures that hang off of the file descriptor. Each
103	* client contains:
104	* - Client ID, a UUID that references the client across the system
105	* - Parameters, a buffer of TLVs that describe the client's connection parameters,
106	* such as the remote and local endpoints, interface requirements, etc.
107	* - Result, a buffer of TLVs containing the current policy evaluation for the client.
108	* This result will be updated whenever a network change occurs that impacts the
109	* policy result for that client.
110	*
111	* +--------------+
112	* \| NECP fd \|
113	* +--------------+
114	* \|\|
115	* ==================================
116	* \|\| \|\| \|\|
117	* +--------------+ +--------------+ +--------------+
118	* \| Client ID \| \| Client ID \| \| Client ID \|
119	* \| ---- \| \| ---- \| \| ---- \|
120	* \| Parameters \| \| Parameters \| \| Parameters \|
121	* \| ---- \| \| ---- \| \| ---- \|
122	* \| Result \| \| Result \| \| Result \|
123	* +--------------+ +--------------+ +--------------+
124	*
125	* ------------------------------------------------
126	* Client Actions
127	* ------------------------------------------------
128	* - Add. Input parameters as a buffer of TLVs, and output a client ID. Allocates a
129	* new client structure on the file descriptor.
130	* - Remove. Input a client ID. Removes a client structure from the file descriptor.
131	* - Copy Parameters. Input a client ID, and output parameter TLVs.
132	* - Copy Result. Input a client ID, and output result TLVs. Alternatively, input empty
133	* client ID and get next unread client result.
134	* - Copy List. List all client IDs.
135	*
136	* ------------------------------------------------
137	* Client Policy Evaluation
138	* ------------------------------------------------
139	* Policies are evaluated for clients upon client creation, and upon update events,
140	* which are network/agent/policy changes coalesced by a timer.
141	*
142	* The policy evaluation goes through the following steps:
143	* 1. Parse client parameters.
144	* 2. Select a scoped interface if applicable. This involves using require/prohibit
145	* parameters, along with the local address, to select the most appropriate interface
146	* if not explicitly set by the client parameters.
147	* 3. Run NECP application-level policy evalution
148	* 4. Set policy result into client result buffer.
149	*
150	* ------------------------------------------------
151	* Client Observers
152	* ------------------------------------------------
153	* If necp_open() is called with the NECP_OPEN_FLAG_OBSERVER flag, and the process
154	* passes the necessary privilege check, the fd is allowed to use necp_client_action()
155	* to copy client state attached to the file descriptors of other processes, and to
156	* list all client IDs on the system.
157	*/
158
159	extern u_int32_t necp_debug;
160
161	static int necpop_select(struct fileproc , int, void* *, vfs_context_t);
162	static int necpop_close(struct fileglob *, vfs_context_t);
163	static int necpop_kqfilter(struct fileproc , struct* knote , struct* kevent_qos_s *);
164
165	// Timer functions
166	static int necp_timeout_microseconds = `1000` * `100`; // 100ms
167	static int necp_timeout_leeway_microseconds = `1000` * `50`; // 50ms
168	#if SKYWALK
169	static int necp_collect_stats_timeout_microseconds = `1000` * `1000` * `1`; // 1s
170	static int necp_collect_stats_timeout_leeway_microseconds = `1000` * `500`; // 500ms
171	static int necp_close_arenas_timeout_microseconds = `1000` * `1000` * `10`; // 10s
172	static int necp_close_arenas_timeout_leeway_microseconds = `1000` * `1000` * `1`; // 1s
173	#endif /* SKYWALK */
174
175	static int necp_client_fd_count = `0`;
176	static int necp_observer_fd_count = `0`;
177	static int necp_client_count = `0`;
178	static int necp_socket_flow_count = `0`;
179	static int necp_if_flow_count = `0`;
180	static int necp_observer_message_limit = `256`;
181
182	/*
183	* NECP client tracing control -
184	*
185	* necp_client_tracing_level : 1 for client trace, 2 for flow trace, 3 for parameter details
186	* necp_client_tracing_pid : match client with pid
187	*/
188	static int necp_client_tracing_level = `0`;
189	static int necp_client_tracing_pid = `0`;
190
191	#define NECP_CLIENT_TRACE_LEVEL_CLIENT 1
192	#define NECP_CLIENT_TRACE_LEVEL_FLOW 2
193	#define NECP_CLIENT_TRACE_LEVEL_PARAMS 3
194
195	#define NECP_CLIENT_TRACE_PID_MATCHED(pid) \
196	(pid == necp_client_tracing_pid)
197
198	#define NECP_ENABLE_CLIENT_TRACE(level) \
199	((necp_client_tracing_level >= level && \
200	(!necp_client_tracing_pid \|\| NECP_CLIENT_TRACE_PID_MATCHED(client->proc_pid))) ? necp_client_tracing_level : 0)
201
202	#define NECP_CLIENT_LOG(client, fmt, ...) \
203	if (client && NECP_ENABLE_CLIENT_TRACE(NECP_CLIENT_TRACE_LEVEL_CLIENT)) { \
204	uuid_string_t client_uuid_str = { }; \
205	uuid_unparse_lower(client->client_id, client_uuid_str); \
206	NECPLOG(LOG_NOTICE, "NECP_CLIENT_LOG <pid %d %s>: " fmt "\n", client ? client->proc_pid : 0, client_uuid_str, ##__VA_ARGS__); \
207	}
208
209	#define NECP_CLIENT_FLOW_LOG(client, flow, fmt, ...) \
210	if (client && flow && NECP_ENABLE_CLIENT_TRACE(NECP_CLIENT_TRACE_LEVEL_FLOW)) { \
211	uuid_string_t client_uuid_str = { }; \
212	uuid_unparse_lower(client->client_id, client_uuid_str); \
213	uuid_string_t flow_uuid_str = { }; \
214	uuid_unparse_lower(flow->registration_id, flow_uuid_str); \
215	NECPLOG(LOG_NOTICE, "NECP CLIENT FLOW TRACE <pid %d %s> <flow %s>: " fmt "\n", client ? client->proc_pid : 0, client_uuid_str, flow_uuid_str, ##__VA_ARGS__); \
216	}
217
218	#define NECP_CLIENT_PARAMS_LOG(client, fmt, ...) \
219	if (client && NECP_ENABLE_CLIENT_TRACE(NECP_CLIENT_TRACE_LEVEL_PARAMS)) { \
220	uuid_string_t client_uuid_str = { }; \
221	uuid_unparse_lower(client->client_id, client_uuid_str); \
222	NECPLOG(LOG_NOTICE, "NECP_CLIENT_PARAMS_LOG <pid %d %s>: " fmt "\n", client ? client->proc_pid : 0, client_uuid_str, ##__VA_ARGS__); \
223	}
224
225	#define NECP_SOCKET_PID(so) \
226	((so->so_flags & SOF_DELEGATED) ? so->e_pid : so->last_pid)
227
228	#define NECP_ENABLE_SOCKET_TRACE(level) \
229	((necp_client_tracing_level >= level && \
230	(!necp_client_tracing_pid \|\| NECP_CLIENT_TRACE_PID_MATCHED(NECP_SOCKET_PID(so)))) ? necp_client_tracing_level : 0)
231
232	#define NECP_SOCKET_PARAMS_LOG(so, fmt, ...) \
233	if (so && NECP_ENABLE_SOCKET_TRACE(NECP_CLIENT_TRACE_LEVEL_PARAMS)) { \
234	NECPLOG(LOG_NOTICE, "NECP_SOCKET_PARAMS_LOG <pid %d>: " fmt "\n", NECP_SOCKET_PID(so), ##__VA_ARGS__); \
235	}
236
237	#define NECP_SOCKET_ATTRIBUTE_LOG(fmt, ...) \
238	if (necp_client_tracing_level >= NECP_CLIENT_TRACE_LEVEL_PARAMS) { \
239	NECPLOG(LOG_NOTICE, "NECP_SOCKET_ATTRIBUTE_LOG: " fmt "\n", ##__VA_ARGS__); \
240	}
241
242	#define NECP_CLIENT_TRACKER_LOG(pid, fmt, ...) \
243	if (pid) { \
244	NECPLOG(LOG_NOTICE, "NECP_CLIENT_TRACKER_LOG <pid %d>: " fmt "\n", pid, ##__VA_ARGS__); \
245	}
246
247	#if SKYWALK
248	static int necp_arena_count = `0`;
249	static int necp_sysctl_arena_count = `0`;
250	static int necp_nexus_flow_count = `0`;
251
252	/ userspace stats sanity check range, same unit as TCP (see TCP_RTT_SCALE) /
253	static uint32_t necp_client_stats_rtt_floor = `1`; // 32us
254	static uint32_t necp_client_stats_rtt_ceiling = `1920000`; // 60s
255	const static struct sk_stats_flow ntstat_sk_stats_zero;
256	#endif /* SKYWALK */
257
258	/*
259	* Global lock to protect socket inp_necp_attributes across updates.
260	* NECP updating these attributes and clients accessing these attributes
261	* must take this lock.
262	*/
263	static LCK_GRP_DECLARE(necp_socket_attr_lock_grp, "necpSocketAttrGroup");
264	LCK_MTX_DECLARE(necp_socket_attr_lock, &necp_socket_attr_lock_grp);
265
266	os_refgrp_decl(static, necp_client_refgrp, "NECPClientRefGroup", NULL);
267
268	SYSCTL_INT(_net_necp, NECPCTL_CLIENT_FD_COUNT, client_fd_count, CTLFLAG_LOCKED \| CTLFLAG_RD, &necp_client_fd_count, `0`, "");
269	SYSCTL_INT(_net_necp, NECPCTL_OBSERVER_FD_COUNT, observer_fd_count, CTLFLAG_LOCKED \| CTLFLAG_RD, &necp_observer_fd_count, `0`, "");
270	SYSCTL_INT(_net_necp, NECPCTL_CLIENT_COUNT, client_count, CTLFLAG_LOCKED \| CTLFLAG_RD, &necp_client_count, `0`, "");
271	SYSCTL_INT(_net_necp, NECPCTL_SOCKET_FLOW_COUNT, socket_flow_count, CTLFLAG_LOCKED \| CTLFLAG_RD, &necp_socket_flow_count, `0`, "");
272	SYSCTL_INT(_net_necp, NECPCTL_IF_FLOW_COUNT, if_flow_count, CTLFLAG_LOCKED \| CTLFLAG_RD, &necp_if_flow_count, `0`, "");
273	SYSCTL_INT(_net_necp, NECPCTL_OBSERVER_MESSAGE_LIMIT, observer_message_limit, CTLFLAG_LOCKED \| CTLFLAG_RW, &necp_observer_message_limit, `256`, "");
274	SYSCTL_INT(_net_necp, NECPCTL_CLIENT_TRACING_LEVEL, necp_client_tracing_level, CTLFLAG_LOCKED \| CTLFLAG_RW, &necp_client_tracing_level, `0`, "");
275	SYSCTL_INT(_net_necp, NECPCTL_CLIENT_TRACING_PID, necp_client_tracing_pid, CTLFLAG_LOCKED \| CTLFLAG_RW, &necp_client_tracing_pid, `0`, "");
276
277	#if SKYWALK
278	SYSCTL_INT(_net_necp, NECPCTL_ARENA_COUNT, arena_count, CTLFLAG_LOCKED \| CTLFLAG_RD, &necp_arena_count, `0`, "");
279	SYSCTL_INT(_net_necp, NECPCTL_SYSCTL_ARENA_COUNT, sysctl_arena_count, CTLFLAG_LOCKED \| CTLFLAG_RD, &necp_sysctl_arena_count, `0`, "");
280	SYSCTL_INT(_net_necp, NECPCTL_NEXUS_FLOW_COUNT, nexus_flow_count, CTLFLAG_LOCKED \| CTLFLAG_RD, &necp_nexus_flow_count, `0`, "");
281	#if (DEVELOPMENT \|\| DEBUG)
282	SYSCTL_UINT(_net_necp, OID_AUTO, collect_stats_interval_us, CTLFLAG_RW \| CTLFLAG_LOCKED, &necp_collect_stats_timeout_microseconds, `0`, "");
283	SYSCTL_UINT(_net_necp, OID_AUTO, necp_client_stats_rtt_floor, CTLFLAG_RW \| CTLFLAG_LOCKED, &necp_client_stats_rtt_floor, `0`, "");
284	SYSCTL_UINT(_net_necp, OID_AUTO, necp_client_stats_rtt_ceiling, CTLFLAG_RW \| CTLFLAG_LOCKED, &necp_client_stats_rtt_ceiling, `0`, "");
285	#endif /* (DEVELOPMENT \|\| DEBUG) */
286	#endif /* SKYWALK */
287
288	#define NECP_MAX_CLIENT_LIST_SIZE 1024 * 1024 // 1MB
289	#define NECP_MAX_AGENT_ACTION_SIZE 10 * 1024 // 10K
290
291	extern int tvtohz(struct timeval *);
292	extern unsigned int get_maxmtu(struct rtentry *);
293
294	// Parsed parameters
295	#define NECP_PARSED_PARAMETERS_FIELD_LOCAL_ADDR 0x00001
296	#define NECP_PARSED_PARAMETERS_FIELD_REMOTE_ADDR 0x00002
297	#define NECP_PARSED_PARAMETERS_FIELD_REQUIRED_IF 0x00004
298	#define NECP_PARSED_PARAMETERS_FIELD_PROHIBITED_IF 0x00008
299	#define NECP_PARSED_PARAMETERS_FIELD_REQUIRED_IFTYPE 0x00010
300	#define NECP_PARSED_PARAMETERS_FIELD_PROHIBITED_IFTYPE 0x00020
301	#define NECP_PARSED_PARAMETERS_FIELD_REQUIRED_AGENT 0x00040
302	#define NECP_PARSED_PARAMETERS_FIELD_PROHIBITED_AGENT 0x00080
303	#define NECP_PARSED_PARAMETERS_FIELD_PREFERRED_AGENT 0x00100
304	#define NECP_PARSED_PARAMETERS_FIELD_AVOIDED_AGENT 0x00200
305	#define NECP_PARSED_PARAMETERS_FIELD_REQUIRED_AGENT_TYPE 0x00400
306	#define NECP_PARSED_PARAMETERS_FIELD_PROHIBITED_AGENT_TYPE 0x00800
307	#define NECP_PARSED_PARAMETERS_FIELD_PREFERRED_AGENT_TYPE 0x01000
308	#define NECP_PARSED_PARAMETERS_FIELD_AVOIDED_AGENT_TYPE 0x02000
309	#define NECP_PARSED_PARAMETERS_FIELD_FLAGS 0x04000
310	#define NECP_PARSED_PARAMETERS_FIELD_IP_PROTOCOL 0x08000
311	#define NECP_PARSED_PARAMETERS_FIELD_EFFECTIVE_PID 0x10000
312	#define NECP_PARSED_PARAMETERS_FIELD_EFFECTIVE_UUID 0x20000
313	#define NECP_PARSED_PARAMETERS_FIELD_TRAFFIC_CLASS 0x40000
314	#define NECP_PARSED_PARAMETERS_FIELD_LOCAL_PORT 0x80000
315	#define NECP_PARSED_PARAMETERS_FIELD_DELEGATED_UPID 0x100000
316	#define NECP_PARSED_PARAMETERS_FIELD_ETHERTYPE 0x200000
317	#define NECP_PARSED_PARAMETERS_FIELD_TRANSPORT_PROTOCOL 0x400000
318	#define NECP_PARSED_PARAMETERS_FIELD_LOCAL_ADDR_PREFERENCE 0x800000
319	#define NECP_PARSED_PARAMETERS_FIELD_ATTRIBUTED_BUNDLE_IDENTIFIER 0x1000000
320	#define NECP_PARSED_PARAMETERS_FIELD_PARENT_UUID 0x2000000
321	#define NECP_PARSED_PARAMETERS_FIELD_FLOW_DEMUX_PATTERN 0x4000000
322	#define NECP_PARSED_PARAMETERS_FIELD_UID 0x8000000
323	#define NECP_PARSED_PARAMETERS_FIELD_PERSONA_ID 0x10000000
324
325
326	#define NECP_MAX_INTERFACE_PARAMETERS 16
327	#define NECP_MAX_AGENT_PARAMETERS 4
328	struct necp_client_parsed_parameters {
329	u_int32_t valid_fields;
330	u_int32_t flags;
331	u_int64_t delegated_upid;
332	union necp_sockaddr_union local_addr;
333	union necp_sockaddr_union remote_addr;
334	u_int32_t required_interface_index;
335	char prohibited_interfaces[NECP_MAX_INTERFACE_PARAMETERS][IFXNAMSIZ];
336	u_int8_t required_interface_type;
337	u_int8_t local_address_preference;
338	u_int8_t prohibited_interface_types[NECP_MAX_INTERFACE_PARAMETERS];
339	struct necp_client_parameter_netagent_type required_netagent_types[NECP_MAX_AGENT_PARAMETERS];
340	struct necp_client_parameter_netagent_type prohibited_netagent_types[NECP_MAX_AGENT_PARAMETERS];
341	struct necp_client_parameter_netagent_type preferred_netagent_types[NECP_MAX_AGENT_PARAMETERS];
342	struct necp_client_parameter_netagent_type avoided_netagent_types[NECP_MAX_AGENT_PARAMETERS];
343	uuid_t required_netagents[NECP_MAX_AGENT_PARAMETERS];
344	uuid_t prohibited_netagents[NECP_MAX_AGENT_PARAMETERS];
345	uuid_t preferred_netagents[NECP_MAX_AGENT_PARAMETERS];
346	uuid_t avoided_netagents[NECP_MAX_AGENT_PARAMETERS];
347	u_int8_t ip_protocol;
348	u_int8_t transport_protocol;
349	u_int16_t ethertype;
350	pid_t effective_pid;
351	uuid_t effective_uuid;
352	uuid_t parent_uuid;
353	u_int32_t traffic_class;
354	struct necp_demux_pattern demux_patterns[NECP_MAX_DEMUX_PATTERNS];
355	u_int8_t demux_pattern_count;
356	uid_t uid;
357	uid_t persona_id;
358	};
359
360	static bool
361	necp_find_matching_interface_index(struct necp_client_parsed_parameters *parsed_parameters,
362	u_int return_ifindex, bool validate_agents);
363
364	static bool
365	necp_ifnet_matches_local_address(struct ifnet ifp, struct* sockaddr *sa);
366
367	static bool
368	necp_ifnet_matches_parameters(struct ifnet *ifp,
369	struct necp_client_parsed_parameters *parsed_parameters,
370	u_int32_t override_flags,
371	u_int32_t *preferred_count,
372	bool secondary_interface,
373	bool require_scoped_field);
374
375	static const struct fileops necp_fd_ops = {
376	.fo_type = DTYPE_NETPOLICY,
377	.fo_read = fo_no_read,
378	.fo_write = fo_no_write,
379	.fo_ioctl = fo_no_ioctl,
380	.fo_select = necpop_select,
381	.fo_close = necpop_close,
382	.fo_drain = fo_no_drain,
383	.fo_kqfilter = necpop_kqfilter,
384	};
385
386	struct necp_client_assertion {
387	LIST_ENTRY(necp_client_assertion) assertion_chain;
388	uuid_t asserted_netagent;
389	};
390
391	struct necp_client_flow_header {
392	struct necp_tlv_header outer_header;
393	struct necp_tlv_header flow_id_tlv_header;
394	uuid_t flow_id;
395	struct necp_tlv_header flags_tlv_header;
396	u_int32_t flags_value;
397	struct necp_tlv_header interface_tlv_header;
398	struct necp_client_result_interface interface_value;
399	} __attribute__((__packed__));
400
401	struct necp_client_flow_protoctl_event_header {
402	struct necp_tlv_header protoctl_tlv_header;
403	struct necp_client_flow_protoctl_event protoctl_event;
404	} __attribute__((__packed__));
405
406	struct necp_client_nexus_flow_header {
407	struct necp_client_flow_header flow_header;
408	struct necp_tlv_header agent_tlv_header;
409	struct necp_client_result_netagent agent_value;
410	struct necp_tlv_header tfo_cookie_tlv_header;
411	u_int8_t tfo_cookie_value[NECP_TFO_COOKIE_LEN_MAX];
412	} __attribute__((__packed__));
413
414	#if SKYWALK
415	struct necp_arena_info;
416	#endif
417
418	struct necp_client_flow {
419	LIST_ENTRY(necp_client_flow) flow_chain;
420	unsigned invalid : `1`;
421	unsigned nexus : `1`; // If true, flow is a nexus; if false, flow is attached to socket
422	unsigned socket : `1`;
423	unsigned viable : `1`;
424	unsigned assigned : `1`;
425	unsigned has_protoctl_event : `1`;
426	unsigned check_tcp_heuristics : `1`;
427	unsigned _reserved : `1`;
428	union {
429	uuid_t nexus_agent;
430	struct {
431	void *socket_handle;
432	necp_client_flow_cb cb;
433	};
434	} u;
435	uint32_t interface_index;
436	u_short delegated_interface_index;
437	uint32_t interface_flags;
438	uint32_t necp_flow_flags;
439	struct necp_client_flow_protoctl_event protoctl_event;
440	union necp_sockaddr_union local_addr;
441	union necp_sockaddr_union remote_addr;
442
443	size_t assigned_results_length;
444	u_int8_t *assigned_results;
445	};
446
447	struct necp_client_flow_registration {
448	RB_ENTRY(necp_client_flow_registration) fd_link;
449	RB_ENTRY(necp_client_flow_registration) global_link;
450	RB_ENTRY(necp_client_flow_registration) client_link;
451	LIST_ENTRY(necp_client_flow_registration) collect_stats_chain;
452	uuid_t registration_id;
453	u_int32_t flags;
454	unsigned flow_result_read : `1`;
455	unsigned defunct : `1`;
456	void *interface_handle;
457	necp_client_flow_cb interface_cb;
458	struct necp_client *client;
459	LIST_HEAD(_necp_registration_flow_list, necp_client_flow) flow_list;
460	#if SKYWALK
461	struct necp_arena_info stats_arena; /* arena where the stats objects came from /
462	void * kstats_kaddr; / kernel snapshot of untrusted userspace stats, for calculating delta /
463	mach_vm_address_t ustats_uaddr; / userspace stats (untrusted) /
464	nstat_userland_context stats_handler_context;
465	struct flow_stats nexus_stats; /* shared stats objects between necp_client and skywalk /
466	#endif /* !SKYWALK */
467	u_int64_t last_interface_details __attribute__((aligned(sizeof(u_int64_t))));
468	};
469
470	static int necp_client_flow_id_cmp(struct necp_client_flow_registration flow0, struct* necp_client_flow_registration *flow1);
471
472	RB_HEAD(_necp_client_flow_tree, necp_client_flow_registration);
473	RB_PROTOTYPE_PREV(_necp_client_flow_tree, necp_client_flow_registration, client_link, necp_client_flow_id_cmp);
474	RB_GENERATE_PREV(_necp_client_flow_tree, necp_client_flow_registration, client_link, necp_client_flow_id_cmp);
475
476	#define NECP_CLIENT_INTERFACE_OPTION_STATIC_COUNT 4
477	#define NECP_CLIENT_MAX_INTERFACE_OPTIONS 32
478
479	#define NECP_CLIENT_INTERFACE_OPTION_EXTRA_COUNT (NECP_CLIENT_MAX_INTERFACE_OPTIONS - NECP_CLIENT_INTERFACE_OPTION_STATIC_COUNT)
480
481	struct necp_client {
482	RB_ENTRY(necp_client) link;
483	RB_ENTRY(necp_client) global_link;
484
485	decl_lck_mtx_data(, lock);
486	decl_lck_mtx_data(, route_lock);
487	os_refcnt_t reference_count;
488
489	uuid_t client_id;
490	unsigned result_read : `1`;
491	unsigned group_members_read : `1`;
492	unsigned allow_multiple_flows : `1`;
493	unsigned legacy_client_is_flow : `1`;
494
495	unsigned platform_binary : `1`;
496	unsigned validated_parent : `1`;
497
498	size_t result_length;
499	u_int8_t result[NECP_BASE_CLIENT_RESULT_SIZE];
500
501	necp_policy_id policy_id;
502	necp_policy_id skip_policy_id;
503
504	u_int8_t ip_protocol;
505	int proc_pid;
506
507	u_int64_t delegated_upid;
508
509	struct _necp_client_flow_tree flow_registrations;
510	LIST_HEAD(_necp_client_assertion_list, necp_client_assertion) assertion_list;
511
512	size_t assigned_group_members_length;
513	u_int8_t *assigned_group_members;
514
515	struct rtentry *current_route;
516
517	struct necp_client_interface_option interface_options[NECP_CLIENT_INTERFACE_OPTION_STATIC_COUNT];
518	struct necp_client_interface_option *extra_interface_options;
519	u_int8_t interface_option_count; // Number in interface_options + extra_interface_options
520
521	struct necp_client_result_netagent failed_trigger_agent;
522
523	void *agent_handle;
524
525	uuid_t override_euuid;
526
527	#if SKYWALK
528	netns_token port_reservation;
529	nstat_context nstat_context;
530	uuid_t latest_flow_registration_id;
531	uuid_t parent_client_id;
532	struct necp_client *original_parameters_source;
533	#endif /* !SKYWALK */
534
535	size_t parameters_length;
536	u_int8_t *parameters;
537	};
538
539	#define NECP_CLIENT_LOCK(_c) lck_mtx_lock(&_c->lock)
540	#define NECP_CLIENT_UNLOCK(_c) lck_mtx_unlock(&_c->lock)
541	#define NECP_CLIENT_ASSERT_LOCKED(_c) LCK_MTX_ASSERT(&_c->lock, LCK_MTX_ASSERT_OWNED)
542	#define NECP_CLIENT_ASSERT_UNLOCKED(_c) LCK_MTX_ASSERT(&_c->lock, LCK_MTX_ASSERT_NOTOWNED)
543
544	#define NECP_CLIENT_ROUTE_LOCK(_c) lck_mtx_lock(&_c->route_lock)
545	#define NECP_CLIENT_ROUTE_UNLOCK(_c) lck_mtx_unlock(&_c->route_lock)
546
547	static void necp_client_retain_locked(struct necp_client *client);
548	static void necp_client_retain(struct necp_client *client);
549
550	static bool necp_client_release_locked(struct necp_client *client);
551	static bool necp_client_release(struct necp_client *client);
552
553	static void
554	necp_client_add_assertion(struct necp_client *client, uuid_t netagent_uuid);
555
556	static bool
557	necp_client_remove_assertion(struct necp_client *client, uuid_t netagent_uuid);
558
559	static int
560	necp_client_copy_parameters_locked(struct necp_client *client,
561	struct necp_client_nexus_parameters *parameters);
562
563	LIST_HEAD(_necp_flow_registration_list, necp_client_flow_registration);
564	static struct _necp_flow_registration_list necp_collect_stats_flow_list;
565
566	struct necp_flow_defunct {
567	LIST_ENTRY(necp_flow_defunct) chain;
568
569	uuid_t flow_id;
570	uuid_t nexus_agent;
571	void *agent_handle;
572	int proc_pid;
573	u_int32_t flags;
574	struct necp_client_agent_parameters close_parameters;
575	bool has_close_parameters;
576	};
577
578	LIST_HEAD(_necp_flow_defunct_list, necp_flow_defunct);
579
580	static int necp_client_id_cmp(struct necp_client client0, struct* necp_client *client1);
581
582	RB_HEAD(_necp_client_tree, necp_client);
583	RB_PROTOTYPE_PREV(_necp_client_tree, necp_client, link, necp_client_id_cmp);
584	RB_GENERATE_PREV(_necp_client_tree, necp_client, link, necp_client_id_cmp);
585
586	RB_HEAD(_necp_client_global_tree, necp_client);
587	RB_PROTOTYPE_PREV(_necp_client_global_tree, necp_client, global_link, necp_client_id_cmp);
588	RB_GENERATE_PREV(_necp_client_global_tree, necp_client, global_link, necp_client_id_cmp);
589
590	RB_HEAD(_necp_fd_flow_tree, necp_client_flow_registration);
591	RB_PROTOTYPE_PREV(_necp_fd_flow_tree, necp_client_flow_registration, fd_link, necp_client_flow_id_cmp);
592	RB_GENERATE_PREV(_necp_fd_flow_tree, necp_client_flow_registration, fd_link, necp_client_flow_id_cmp);
593
594	RB_HEAD(_necp_client_flow_global_tree, necp_client_flow_registration);
595	RB_PROTOTYPE_PREV(_necp_client_flow_global_tree, necp_client_flow_registration, global_link, necp_client_flow_id_cmp);
596	RB_GENERATE_PREV(_necp_client_flow_global_tree, necp_client_flow_registration, global_link, necp_client_flow_id_cmp);
597
598	static struct _necp_client_global_tree necp_client_global_tree;
599	static struct _necp_client_flow_global_tree necp_client_flow_global_tree;
600
601	struct necp_client_update {
602	TAILQ_ENTRY(necp_client_update) chain;
603
604	uuid_t client_id;
605
606	size_t update_length;
607	struct necp_client_observer_update *update;
608	};
609
610	#if SKYWALK
611	struct necp_arena_info {
612	LIST_ENTRY(necp_arena_info) nai_chain;
613	u_int32_t nai_flags;
614	pid_t nai_proc_pid;
615	struct skmem_arena *nai_arena;
616	struct skmem_arena_mmap_info nai_mmap;
617	mach_vm_offset_t nai_roff;
618	u_int32_t nai_use_count;
619	};
620	#endif /* !SKYWALK */
621
622	#define NAIF_ATTACHED 0x1 // arena is attached to list
623	#define NAIF_REDIRECT 0x2 // arena mmap has been redirected
624	#define NAIF_DEFUNCT 0x4 // arena is now defunct
625
626	#define NECP_FD_REPORTED_AGENT_COUNT 2
627
628	struct necp_fd_reported_agents {
629	uuid_t agent_uuid[NECP_FD_REPORTED_AGENT_COUNT];
630	};
631
632	struct necp_fd_data {
633	u_int8_t necp_fd_type;
634	LIST_ENTRY(necp_fd_data) chain;
635	struct _necp_client_tree clients;
636	struct _necp_fd_flow_tree flows;
637	TAILQ_HEAD(_necp_client_update_list, necp_client_update) update_list;
638	int update_count;
639	int flags;
640
641	unsigned background : `1`;
642	unsigned request_in_process_flow_divert : `1`;
643
644	int proc_pid;
645	decl_lck_mtx_data(, fd_lock);
646	struct selinfo si;
647
648	struct necp_fd_reported_agents reported_agents;
649	#if SKYWALK
650	// Arenas and their mmap info for per-process stats. Stats objects are allocated from an active arena
651	// that is not redirected/defunct. The stats_arena_active keeps track of such an arena, and it also
652	// holds a reference count on the object. Each flow allocating a stats object also holds a reference
653	// the necp_arena_info (where the object got allocated from). During defunct, we redirect the mapping
654	// of the arena such that any attempt to access (read/write) will result in getting zero-filled pages.
655	// We then go thru all of the flows for the process and free the stats objects associated with them,
656	// followed by destroying the skmem region(s) associated with the arena. The stats_arena_list keeps
657	// track of all current and defunct stats arenas; there could be more than one arena created for the
658	// process as the arena destruction happens when its reference count drops to 0.
659	struct necp_arena_info *stats_arena_active;
660	LIST_HEAD(_necp_arena_info_list, necp_arena_info) stats_arena_list;
661	u_int32_t stats_arena_gencnt;
662
663	struct skmem_arena *sysctl_arena;
664	struct skmem_arena_mmap_info sysctl_mmap;
665	mach_vm_offset_t system_sysctls_roff;
666	#endif /* !SKYWALK */
667	};
668
669	#define NECP_FD_LOCK(_f) lck_mtx_lock(&_f->fd_lock)
670	#define NECP_FD_UNLOCK(_f) lck_mtx_unlock(&_f->fd_lock)
671	#define NECP_FD_ASSERT_LOCKED(_f) LCK_MTX_ASSERT(&_f->fd_lock, LCK_MTX_ASSERT_OWNED)
672	#define NECP_FD_ASSERT_UNLOCKED(_f) LCK_MTX_ASSERT(&_f->fd_lock, LCK_MTX_ASSERT_NOTOWNED)
673
674	static LIST_HEAD(_necp_fd_list, necp_fd_data) necp_fd_list;
675	static LIST_HEAD(_necp_fd_observer_list, necp_fd_data) necp_fd_observer_list;
676
677	#if SKYWALK
678	static KALLOC_TYPE_DEFINE(necp_arena_info_zone, struct necp_arena_info, NET_KT_DEFAULT);
679	#endif /* !SKYWALK */
680
681	static LCK_ATTR_DECLARE(necp_fd_mtx_attr, `0`, `0`);
682	static LCK_GRP_DECLARE(necp_fd_mtx_grp, "necp_fd");
683
684	static LCK_RW_DECLARE_ATTR(necp_fd_lock, &necp_fd_mtx_grp, &necp_fd_mtx_attr);
685	static LCK_RW_DECLARE_ATTR(necp_observer_lock, &necp_fd_mtx_grp, &necp_fd_mtx_attr);
686	static LCK_RW_DECLARE_ATTR(necp_client_tree_lock, &necp_fd_mtx_grp, &necp_fd_mtx_attr);
687	static LCK_RW_DECLARE_ATTR(necp_flow_tree_lock, &necp_fd_mtx_grp, &necp_fd_mtx_attr);
688	static LCK_RW_DECLARE_ATTR(necp_collect_stats_list_lock, &necp_fd_mtx_grp, &necp_fd_mtx_attr);
689
690
691	#define NECP_STATS_LIST_LOCK_EXCLUSIVE() lck_rw_lock_exclusive(&necp_collect_stats_list_lock)
692	#define NECP_STATS_LIST_LOCK_SHARED() lck_rw_lock_shared(&necp_collect_stats_list_lock)
693	#define NECP_STATS_LIST_UNLOCK() lck_rw_done(&necp_collect_stats_list_lock)
694
695	#define NECP_CLIENT_TREE_LOCK_EXCLUSIVE() lck_rw_lock_exclusive(&necp_client_tree_lock)
696	#define NECP_CLIENT_TREE_LOCK_SHARED() lck_rw_lock_shared(&necp_client_tree_lock)
697	#define NECP_CLIENT_TREE_UNLOCK() lck_rw_done(&necp_client_tree_lock)
698	#define NECP_CLIENT_TREE_ASSERT_LOCKED() LCK_RW_ASSERT(&necp_client_tree_lock, LCK_RW_ASSERT_HELD)
699
700	#define NECP_FLOW_TREE_LOCK_EXCLUSIVE() lck_rw_lock_exclusive(&necp_flow_tree_lock)
701	#define NECP_FLOW_TREE_LOCK_SHARED() lck_rw_lock_shared(&necp_flow_tree_lock)
702	#define NECP_FLOW_TREE_UNLOCK() lck_rw_done(&necp_flow_tree_lock)
703	#define NECP_FLOW_TREE_ASSERT_LOCKED() LCK_RW_ASSERT(&necp_flow_tree_lock, LCK_RW_ASSERT_HELD)
704
705	#define NECP_FD_LIST_LOCK_EXCLUSIVE() lck_rw_lock_exclusive(&necp_fd_lock)
706	#define NECP_FD_LIST_LOCK_SHARED() lck_rw_lock_shared(&necp_fd_lock)
707	#define NECP_FD_LIST_UNLOCK() lck_rw_done(&necp_fd_lock)
708	#define NECP_FD_LIST_ASSERT_LOCKED() LCK_RW_ASSERT(&necp_fd_lock, LCK_RW_ASSERT_HELD)
709
710	#define NECP_OBSERVER_LIST_LOCK_EXCLUSIVE() lck_rw_lock_exclusive(&necp_observer_lock)
711	#define NECP_OBSERVER_LIST_LOCK_SHARED() lck_rw_lock_shared(&necp_observer_lock)
712	#define NECP_OBSERVER_LIST_UNLOCK() lck_rw_done(&necp_observer_lock)
713
714	// Locking Notes
715
716	// Take NECP_FD_LIST_LOCK when accessing or modifying the necp_fd_list
717	// Take NECP_CLIENT_TREE_LOCK when accessing or modifying the necp_client_global_tree
718	// Take NECP_FLOW_TREE_LOCK when accessing or modifying the necp_client_flow_global_tree
719	// Take NECP_STATS_LIST_LOCK when accessing or modifying the necp_collect_stats_flow_list
720	// Take NECP_FD_LOCK when accessing or modifying an necp_fd_data entry
721	// Take NECP_CLIENT_LOCK when accessing or modifying a single necp_client
722	// Take NECP_CLIENT_ROUTE_LOCK when accessing or modifying a client's route
723
724	// Precedence, where 1 is the first lock that must be taken
725	// 1. NECP_FD_LIST_LOCK
726	// 2. NECP_FD_LOCK (any)
727	// 3. NECP_CLIENT_TREE_LOCK
728	// 4. NECP_CLIENT_LOCK (any)
729	// 5. NECP_FLOW_TREE_LOCK
730	// 6. NECP_STATS_LIST_LOCK
731	// 7. NECP_CLIENT_ROUTE_LOCK (any)
732
733	static thread_call_t necp_client_update_tcall;
734	static uint32_t necp_update_all_clients_sched_cnt = `0`;
735	static uint64_t necp_update_all_clients_sched_abstime = `0`;
736	static LCK_RW_DECLARE_ATTR(necp_update_all_clients_lock, &necp_fd_mtx_grp, &necp_fd_mtx_attr);
737	#define NECP_UPDATE_ALL_CLIENTS_LOCK_EXCLUSIVE() lck_rw_lock_exclusive(&necp_update_all_clients_lock)
738	#define NECP_UPDATE_ALL_CLIENTS_SHARED_TO_EXCLUSIVE() lck_rw_lock_shared_to_exclusive(&necp_update_all_clients_lock)
739	#define NECP_UPDATE_ALL_CLIENTS_SHARED() lck_rw_lock_shared(&necp_update_all_clients_lock)
740	#define NECP_UPDATE_ALL_CLIENTS_UNLOCK() lck_rw_done(&necp_update_all_clients_lock)
741
742	// Array of PIDs that will trigger in-process flow divert, protected by NECP_FD_LIST_LOCK
743	#define NECP_MAX_FLOW_DIVERT_NEEDED_PIDS 4
744	static pid_t necp_flow_divert_needed_pids[NECP_MAX_FLOW_DIVERT_NEEDED_PIDS];
745
746	#if SKYWALK
747	static thread_call_t necp_client_collect_stats_tcall;
748	static thread_call_t necp_close_empty_arenas_tcall;
749
750	static void necp_fd_insert_stats_arena(struct necp_fd_data fd_data, struct* necp_arena_info *nai);
751	static void necp_fd_remove_stats_arena(struct necp_fd_data fd_data, struct* necp_arena_info *nai);
752	static struct necp_arena_info necp_fd_mredirect_stats_arena(struct* necp_fd_data fd_data, struct* proc *proc);
753
754	static void necp_arena_info_retain(struct necp_arena_info *nai);
755	static void necp_arena_info_release(struct necp_arena_info *nai);
756	static struct necp_arena_info necp_arena_info_alloc(void*);
757	static void necp_arena_info_free(struct necp_arena_info *nai);
758
759	static int necp_arena_initialize(struct necp_fd_data *fd_data, bool locked);
760	static int necp_stats_initialize(struct necp_fd_data fd_data, struct* necp_client *client,
761	struct necp_client_flow_registration flow_registration, struct* necp_stats_bufreq *bufreq);
762	static int necp_arena_create(struct necp_fd_data fd_data, size_t obj_size, size_t obj_cnt, struct* proc *p);
763	static int necp_arena_stats_obj_alloc(struct necp_fd_data fd_data, mach_vm_offset_t off, struct necp_arena_info *stats_arena, void* **kstats_kaddr, boolean_t cansleep);
764	static void necp_arena_stats_obj_free(struct necp_fd_data fd_data, struct* necp_arena_info stats_arena, void* *kstats_kaddr, mach_vm_address_t ustats_uaddr);
765	static void necp_stats_arenas_destroy(struct necp_fd_data *fd_data, boolean_t closing);
766
767	static int necp_sysctl_arena_initialize(struct necp_fd_data *fd_data, bool locked);
768	static void necp_sysctl_arena_destroy(struct necp_fd_data *fd_data);
769	static void necp_arena_sysctls_obj(struct* necp_fd_data fd_data, mach_vm_offset_t off, size_t *size);
770	#endif /* !SKYWALK */
771
772	void necp_copy_inp_domain_info(struct inpcb , struct* socket , nstat_domain_info );
773	void necp_with_inp_domain_name(struct socket so, void* ctx, void* (with_func)(char* domain_name, void* *ctx));
774
775	static void
776	necp_lock_socket_attributes(void)
777	{
778	lck_mtx_lock(lck: &necp_socket_attr_lock);
779	}
780
781	static void
782	necp_unlock_socket_attributes(void)
783	{
784	lck_mtx_unlock(lck: &necp_socket_attr_lock);
785	}
786
787	/// NECP file descriptor functions
788
789	static void
790	necp_fd_notify(struct necp_fd_data *fd_data, bool locked)
791	{
792	struct selinfo *si = &fd_data->si;
793
794	if (!locked) {
795	NECP_FD_LOCK(fd_data);
796	}
797
798	selwakeup(si);
799
800	// use a non-zero hint to tell the notification from the
801	// call done in kqueue_scan() which uses 0
802	KNOTE(&si->si_note, `1`); // notification
803
804	if (!locked) {
805	NECP_FD_UNLOCK(fd_data);
806	}
807	}
808
809	static inline bool
810	necp_client_has_unread_flows(struct necp_client *client)
811	{
812	NECP_CLIENT_ASSERT_LOCKED(client);
813	struct necp_client_flow_registration *flow_registration = NULL;
814	RB_FOREACH(flow_registration, _necp_client_flow_tree, &client->flow_registrations) {
815	if (!flow_registration->flow_result_read) {
816	return true;
817	}
818	}
819	return false;
820	}
821
822	static int
823	necp_fd_poll(struct necp_fd_data fd_data, int* events, void wql, struct* proc p, int* is_kevent)
824	{
825	#pragma unused(wql, p, is_kevent)
826	u_int revents = `0`;
827
828	u_int want_rx = events & (POLLIN \| POLLRDNORM);
829	if (want_rx) {
830	if (fd_data->flags & NECP_OPEN_FLAG_PUSH_OBSERVER) {
831	// Push-mode observers are readable when they have a new update
832	if (!TAILQ_EMPTY(&fd_data->update_list)) {
833	revents \|= want_rx;
834	}
835	} else {
836	// Standard fds are readable when some client is unread
837	struct necp_client *client = NULL;
838	bool has_unread_clients = FALSE;
839	RB_FOREACH(client, _necp_client_tree, &fd_data->clients) {
840	NECP_CLIENT_LOCK(client);
841	if (!client->result_read \|\| !client->group_members_read \|\| necp_client_has_unread_flows(client)) {
842	has_unread_clients = TRUE;
843	}
844	NECP_CLIENT_UNLOCK(client);
845	if (has_unread_clients) {
846	break;
847	}
848	}
849
850	if (has_unread_clients \|\| fd_data->request_in_process_flow_divert) {
851	revents \|= want_rx;
852	}
853	}
854	}
855
856	return revents;
857	}
858
859	static inline void
860	necp_generate_client_id(uuid_t client_id, bool is_flow)
861	{
862	uuid_generate_random(out: client_id);
863
864	if (is_flow) {
865	client_id[`9`] \|= `0x01`;
866	} else {
867	client_id[`9`] &= ~`0x01`;
868	}
869	}
870
871	static inline bool
872	necp_client_id_is_flow(uuid_t client_id)
873	{
874	return client_id[`9`] & `0x01`;
875	}
876
877	static struct necp_client *
878	necp_find_client_and_lock(uuid_t client_id)
879	{
880	NECP_CLIENT_TREE_ASSERT_LOCKED();
881
882	struct necp_client *client = NULL;
883
884	if (necp_client_id_is_flow(client_id)) {
885	NECP_FLOW_TREE_LOCK_SHARED();
886	struct necp_client_flow_registration find;
887	uuid_copy(dst: find.registration_id, src: client_id);
888	struct necp_client_flow_registration *flow = RB_FIND(_necp_client_flow_global_tree, &necp_client_flow_global_tree, &find);
889	if (flow != NULL) {
890	client = flow->client;
891	}
892	NECP_FLOW_TREE_UNLOCK();
893	} else {
894	struct necp_client find;
895	uuid_copy(dst: find.client_id, src: client_id);
896	client = RB_FIND(_necp_client_global_tree, &necp_client_global_tree, &find);
897	}
898
899	if (client != NULL) {
900	NECP_CLIENT_LOCK(client);
901	}
902
903	return client;
904	}
905
906	static struct necp_client_flow_registration *
907	necp_client_find_flow(struct necp_client *client, uuid_t flow_id)
908	{
909	NECP_CLIENT_ASSERT_LOCKED(client);
910	struct necp_client_flow_registration *flow = NULL;
911
912	if (necp_client_id_is_flow(client_id: flow_id)) {
913	struct necp_client_flow_registration find;
914	uuid_copy(dst: find.registration_id, src: flow_id);
915	flow = RB_FIND(_necp_client_flow_tree, &client->flow_registrations, &find);
916	} else {
917	flow = RB_ROOT(&client->flow_registrations);
918	}
919
920	return flow;
921	}
922
923	static struct necp_client *
924	necp_client_fd_find_client_unlocked(struct necp_fd_data *client_fd, uuid_t client_id)
925	{
926	NECP_FD_ASSERT_LOCKED(client_fd);
927	struct necp_client *client = NULL;
928
929	if (necp_client_id_is_flow(client_id)) {
930	struct necp_client_flow_registration find;
931	uuid_copy(dst: find.registration_id, src: client_id);
932	struct necp_client_flow_registration *flow = RB_FIND(_necp_fd_flow_tree, &client_fd->flows, &find);
933	if (flow != NULL) {
934	client = flow->client;
935	}
936	} else {
937	struct necp_client find;
938	uuid_copy(dst: find.client_id, src: client_id);
939	client = RB_FIND(_necp_client_tree, &client_fd->clients, &find);
940	}
941
942	return client;
943	}
944
945	static struct necp_client *
946	necp_client_fd_find_client_and_lock(struct necp_fd_data *client_fd, uuid_t client_id)
947	{
948	struct necp_client *client = necp_client_fd_find_client_unlocked(client_fd, client_id);
949	if (client != NULL) {
950	NECP_CLIENT_LOCK(client);
951	}
952
953	return client;
954	}
955
956	static inline int
957	necp_client_id_cmp(struct necp_client client0, struct* necp_client *client1)
958	{
959	return uuid_compare(uu1: client0->client_id, uu2: client1->client_id);
960	}
961
962	static inline int
963	necp_client_flow_id_cmp(struct necp_client_flow_registration flow0, struct* necp_client_flow_registration *flow1)
964	{
965	return uuid_compare(uu1: flow0->registration_id, uu2: flow1->registration_id);
966	}
967
968	static int
969	necpop_select(struct fileproc fp, int* which, void *wql, vfs_context_t ctx)
970	{
971	#pragma unused(fp, which, wql, ctx)
972	return `0`;
973	struct necp_fd_data *fd_data = NULL;
974	int revents = `0`;
975	int events = `0`;
976	proc_t procp;
977
978	fd_data = (struct necp_fd_data *)fp_get_data(fp);
979	if (fd_data == NULL) {
980	return `0`;
981	}
982
983	procp = vfs_context_proc(ctx);
984
985	switch (which) {
986	case FREAD: {
987	events = POLLIN;
988	break;
989	}
990
991	default: {
992	return `1`;
993	}
994	}
995
996	NECP_FD_LOCK(fd_data);
997	revents = necp_fd_poll(fd_data, events, wql, p: procp, is_kevent: `0`);
998	NECP_FD_UNLOCK(fd_data);
999
1000	return (events & revents) ? `1` : `0`;
1001	}
1002
1003	static void
1004	necp_fd_knrdetach(struct knote *kn)
1005	{
1006	struct necp_fd_data fd_data = (struct* necp_fd_data *)knote_kn_hook_get_raw(kn);
1007	struct selinfo *si = &fd_data->si;
1008
1009	NECP_FD_LOCK(fd_data);
1010	KNOTE_DETACH(&si->si_note, kn);
1011	NECP_FD_UNLOCK(fd_data);
1012	}
1013
1014	static int
1015	necp_fd_knread(struct knote kn, long* hint)
1016	{
1017	#pragma unused(kn, hint)
1018	return `1`; / assume we are ready /
1019	}
1020
1021	static int
1022	necp_fd_knrprocess(struct knote kn, struct* kevent_qos_s *kev)
1023	{
1024	struct necp_fd_data *fd_data;
1025	int revents;
1026	int res;
1027
1028	fd_data = (struct necp_fd_data *)knote_kn_hook_get_raw(kn);
1029
1030	NECP_FD_LOCK(fd_data);
1031	revents = necp_fd_poll(fd_data, POLLIN, NULL, p: current_proc(), is_kevent: `1`);
1032	res = ((revents & POLLIN) != `0`);
1033	if (res) {
1034	knote_fill_kevent(kn, kev, data: `0`);
1035	}
1036	NECP_FD_UNLOCK(fd_data);
1037	return res;
1038	}
1039
1040	static int
1041	necp_fd_knrtouch(struct knote kn, struct* kevent_qos_s *kev)
1042	{
1043	#pragma unused(kev)
1044	struct necp_fd_data *fd_data;
1045	int revents;
1046
1047	fd_data = (struct necp_fd_data *)knote_kn_hook_get_raw(kn);
1048
1049	NECP_FD_LOCK(fd_data);
1050	revents = necp_fd_poll(fd_data, POLLIN, NULL, p: current_proc(), is_kevent: `1`);
1051	NECP_FD_UNLOCK(fd_data);
1052
1053	return (revents & POLLIN) != `0`;
1054	}
1055
1056	SECURITY_READ_ONLY_EARLY(struct filterops) necp_fd_rfiltops = {
1057	.f_isfd = `1`,
1058	.f_detach = necp_fd_knrdetach,
1059	.f_event = necp_fd_knread,
1060	.f_touch = necp_fd_knrtouch,
1061	.f_process = necp_fd_knrprocess,
1062	};
1063
1064	static int
1065	necpop_kqfilter(struct fileproc fp, struct* knote *kn,
1066	__unused struct kevent_qos_s *kev)
1067	{
1068	struct necp_fd_data *fd_data = NULL;
1069	int revents;
1070
1071	if (kn->kn_filter != EVFILT_READ) {
1072	NECPLOG(LOG_ERR, "bad filter request %d", kn->kn_filter);
1073	knote_set_error(kn, EINVAL);
1074	return `0`;
1075	}
1076
1077	fd_data = (struct necp_fd_data *)fp_get_data(fp);
1078	if (fd_data == NULL) {
1079	NECPLOG0(LOG_ERR, "No channel for kqfilter");
1080	knote_set_error(kn, ENOENT);
1081	return `0`;
1082	}
1083
1084	NECP_FD_LOCK(fd_data);
1085	kn->kn_filtid = EVFILTID_NECP_FD;
1086	knote_kn_hook_set_raw(kn, kn_hook: fd_data);
1087	KNOTE_ATTACH(&fd_data->si.si_note, kn);
1088
1089	revents = necp_fd_poll(fd_data, POLLIN, NULL, p: current_proc(), is_kevent: `1`);
1090
1091	NECP_FD_UNLOCK(fd_data);
1092
1093	return (revents & POLLIN) != `0`;
1094	}
1095
1096	#define INTERFACE_FLAGS_SHIFT 32
1097	#define INTERFACE_FLAGS_MASK 0xffffffff
1098	#define INTERFACE_INDEX_SHIFT 0
1099	#define INTERFACE_INDEX_MASK 0xffffffff
1100
1101	static uint64_t
1102	combine_interface_details(uint32_t interface_index, uint32_t interface_flags)
1103	{
1104	return ((uint64_t)interface_flags & INTERFACE_FLAGS_MASK) << INTERFACE_FLAGS_SHIFT \|
1105	((uint64_t)interface_index & INTERFACE_INDEX_MASK) << INTERFACE_INDEX_SHIFT;
1106	}
1107
1108	#if SKYWALK
1109
1110	static void
1111	split_interface_details(uint64_t combined_details, uint32_t interface_index, uint32_t interface_flags)
1112	{
1113	*interface_index = (combined_details >> INTERFACE_INDEX_SHIFT) & INTERFACE_INDEX_MASK;
1114	*interface_flags = (combined_details >> INTERFACE_FLAGS_SHIFT) & INTERFACE_FLAGS_MASK;
1115	}
1116
1117	static void
1118	necp_flow_save_current_interface_details(struct necp_client_flow_registration *flow_registration)
1119	{
1120	struct necp_client_flow *flow = NULL;
1121	LIST_FOREACH(flow, &flow_registration->flow_list, flow_chain) {
1122	if (flow->nexus) {
1123	uint64_t combined_details = combine_interface_details(interface_index: flow->interface_index, interface_flags: flow->interface_flags);
1124	os_atomic_store(&flow_registration->last_interface_details, combined_details, release);
1125	break;
1126	}
1127	}
1128	}
1129
1130	static void
1131	necp_client_collect_interface_stats(struct necp_client_flow_registration flow_registration, struct* ifnet_stats_per_flow *ifs)
1132	{
1133	struct necp_client_flow *flow = NULL;
1134
1135	if (ifs == NULL \|\| ifs->txpackets == `0` \|\| ifs->rxpackets == `0`) {
1136	return; // App might have crashed without publishing ifs
1137	}
1138
1139	// Do malicious stats detection here
1140
1141	// Fold userspace stats into (trusted) kernel stats (stored in ifp).
1142	LIST_FOREACH(flow, &flow_registration->flow_list, flow_chain) {
1143	uint32_t if_idx = flow->interface_index;
1144	ifnet_t ifp = NULL;
1145	ifnet_head_lock_shared();
1146	if (if_idx != IFSCOPE_NONE && if_idx <= (uint32_t)if_index) {
1147	ifp = ifindex2ifnet[if_idx];
1148	ifnet_update_stats_per_flow(ifs, ifp);
1149	}
1150	ifnet_head_done();
1151
1152	// Currently there is only one flow that uses the shared necp
1153	// stats region, so this loop should exit after updating an ifp
1154	break;
1155	}
1156	}
1157
1158	static void
1159	necp_client_collect_stats(struct necp_client_flow_registration *flow_registration)
1160	{
1161	struct necp_all_kstats kstats = (struct* necp_all_kstats *)flow_registration->kstats_kaddr;
1162	if (kstats == NULL) {
1163	return;
1164	}
1165
1166	// Grab userspace stats delta (untrusted).
1167	struct necp_tcp_stats curr_tcpstats = (struct* necp_tcp_stats *)kstats->necp_stats_ustats;
1168	struct necp_tcp_stats prev_tcpstats = (struct* necp_tcp_stats *)&kstats->necp_stats_comm;
1169	#define diff_n_update(field) \
1170	u_int32_t d_##field = (curr_tcpstats->necp_tcp_counts.necp_stat_##field - prev_tcpstats->necp_tcp_counts.necp_stat_##field); \
1171	prev_tcpstats->necp_tcp_counts.necp_stat_##field += d_##field;
1172	diff_n_update(rxpackets);
1173	diff_n_update(txpackets);
1174	if (d_rxpackets == `0` && d_txpackets == `0`) {
1175	return; // no activity since last collection, stop here
1176	}
1177	diff_n_update(rxbytes);
1178	diff_n_update(txbytes);
1179	diff_n_update(rxduplicatebytes);
1180	diff_n_update(rxoutoforderbytes);
1181	diff_n_update(txretransmit);
1182	diff_n_update(connectattempts);
1183	diff_n_update(connectsuccesses);
1184	uint32_t rtt = prev_tcpstats->necp_tcp_counts.necp_stat_avg_rtt = curr_tcpstats->necp_tcp_counts.necp_stat_avg_rtt;
1185	uint32_t rtt_var = prev_tcpstats->necp_tcp_counts.necp_stat_var_rtt = curr_tcpstats->necp_tcp_counts.necp_stat_var_rtt;
1186	#undef diff_n_update
1187
1188	// Do malicious stats detection with the deltas here.
1189	// RTT check (not necessarily attacks, might just be not measured since we report stats async periodically).
1190	if (rtt < necp_client_stats_rtt_floor \|\| rtt > necp_client_stats_rtt_ceiling) {
1191	rtt = rtt_var = `0`; // nstat_route_update to skip 0 rtt
1192	}
1193
1194	// Fold userspace stats into (trusted) kernel stats (stored in route).
1195	NECP_CLIENT_ROUTE_LOCK(flow_registration->client);
1196	struct rtentry *route = flow_registration->client->current_route;
1197	if (route != NULL) {
1198	nstat_route_update(rte: route, connect_attempts: d_connectattempts, connect_successes: d_connectsuccesses, rx_packets: d_rxpackets, rx_bytes: d_rxbytes, rx_duplicatebytes: d_rxduplicatebytes,
1199	rx_outoforderbytes: d_rxoutoforderbytes, tx_packets: d_txpackets, tx_bytes: d_txbytes, tx_retransmit: d_txretransmit, rtt, rtt_var);
1200	}
1201	NECP_CLIENT_ROUTE_UNLOCK(flow_registration->client);
1202	}
1203
1204	// This is called from various places; "closing" here implies the client being closed/removed if true, otherwise being
1205	// defunct. In the former, we expect the caller to not hold the lock; for the latter it must have acquired it.
1206	static void
1207	necp_destroy_flow_stats(struct necp_fd_data *fd_data,
1208	struct necp_client_flow_registration *flow_registration,
1209	struct ifnet_stats_per_flow *flow_ifnet_stats,
1210	boolean_t closing)
1211	{
1212	NECP_FD_ASSERT_LOCKED(fd_data);
1213
1214	struct necp_client *client = flow_registration->client;
1215
1216	if (closing) {
1217	NECP_CLIENT_ASSERT_UNLOCKED(client);
1218	NECP_CLIENT_LOCK(client);
1219	} else {
1220	NECP_CLIENT_ASSERT_LOCKED(client);
1221	}
1222
1223	// the interface stats are independent of the flow stats, hence we check here
1224	if (flow_ifnet_stats != NULL) {
1225	necp_client_collect_interface_stats(flow_registration, ifs: flow_ifnet_stats);
1226	}
1227
1228	if (flow_registration->kstats_kaddr != NULL) {
1229	NECP_STATS_LIST_LOCK_EXCLUSIVE();
1230	necp_client_collect_stats(flow_registration);
1231	const bool destroyed = necp_client_release_locked(client); // Drop the reference held by the stats list
1232	ASSERT(!destroyed);
1233	(void)destroyed;
1234	LIST_REMOVE(flow_registration, collect_stats_chain);
1235	NECP_STATS_LIST_UNLOCK();
1236	if (flow_registration->stats_handler_context != NULL) {
1237	ntstat_userland_stats_close(nstat_ctx: flow_registration->stats_handler_context);
1238	flow_registration->stats_handler_context = NULL;
1239	}
1240	necp_arena_stats_obj_free(fd_data, stats_arena: flow_registration->stats_arena, kstats_kaddr: &flow_registration->kstats_kaddr, ustats_uaddr: &flow_registration->ustats_uaddr);
1241	ASSERT(flow_registration->kstats_kaddr == NULL);
1242	ASSERT(flow_registration->ustats_uaddr == `0`);
1243	}
1244
1245	if (flow_registration->nexus_stats != NULL) {
1246	flow_stats_release(fs: flow_registration->nexus_stats);
1247	flow_registration->nexus_stats = NULL;
1248	}
1249
1250	if (closing) {
1251	NECP_CLIENT_UNLOCK(client);
1252	}
1253	}
1254
1255	static void
1256	necp_schedule_collect_stats_clients(bool recur)
1257	{
1258	if (necp_client_collect_stats_tcall == NULL \|\|
1259	(!recur && thread_call_isactive(call: necp_client_collect_stats_tcall))) {
1260	return;
1261	}
1262
1263	uint64_t deadline = `0`;
1264	uint64_t leeway = `0`;
1265	clock_interval_to_deadline(interval: necp_collect_stats_timeout_microseconds, NSEC_PER_USEC, result: &deadline);
1266	clock_interval_to_absolutetime_interval(interval: necp_collect_stats_timeout_leeway_microseconds, NSEC_PER_USEC, result: &leeway);
1267
1268	thread_call_enter_delayed_with_leeway(call: necp_client_collect_stats_tcall, NULL,
1269	deadline, leeway, THREAD_CALL_DELAY_LEEWAY);
1270	}
1271
1272	static void
1273	necp_collect_stats_client_callout(__unused thread_call_param_t dummy,
1274	__unused thread_call_param_t arg)
1275	{
1276	struct necp_client_flow_registration *flow_registration;
1277
1278	net_update_uptime();
1279	NECP_STATS_LIST_LOCK_SHARED();
1280	if (LIST_EMPTY(&necp_collect_stats_flow_list)) {
1281	NECP_STATS_LIST_UNLOCK();
1282	return;
1283	}
1284	LIST_FOREACH(flow_registration, &necp_collect_stats_flow_list, collect_stats_chain) {
1285	// Collecting stats should be cheap (atomic increments)
1286	// Values like flow_registration->kstats_kaddr are guaranteed to be valid
1287	// as long as the flow_registration is in the stats list
1288	necp_client_collect_stats(flow_registration);
1289	}
1290	NECP_STATS_LIST_UNLOCK();
1291
1292	necp_schedule_collect_stats_clients(TRUE); // recurring collection
1293	}
1294
1295	#endif /* !SKYWALK */
1296
1297	static void
1298	necp_defunct_flow_registration(struct necp_client *client,
1299	struct necp_client_flow_registration *flow_registration,
1300	struct _necp_flow_defunct_list *defunct_list)
1301	{
1302	NECP_CLIENT_ASSERT_LOCKED(client);
1303
1304	if (!flow_registration->defunct) {
1305	bool needs_defunct = false;
1306	struct necp_client_flow *search_flow = NULL;
1307	LIST_FOREACH(search_flow, &flow_registration->flow_list, flow_chain) {
1308	if (search_flow->nexus &&
1309	!uuid_is_null(uu: search_flow->u.nexus_agent)) {
1310	// Save defunct values for the nexus
1311	if (defunct_list != NULL) {
1312	// Sleeping alloc won't fail; copy only what's necessary
1313	struct necp_flow_defunct flow_defunct = kalloc_type(struct* necp_flow_defunct,
1314	Z_WAITOK \| Z_ZERO);
1315	uuid_copy(dst: flow_defunct->nexus_agent, src: search_flow->u.nexus_agent);
1316	uuid_copy(dst: flow_defunct->flow_id, src: ((flow_registration->flags & NECP_CLIENT_FLOW_FLAGS_USE_CLIENT_ID) ?
1317	client->client_id :
1318	flow_registration->registration_id));
1319	flow_defunct->proc_pid = client->proc_pid;
1320	flow_defunct->agent_handle = client->agent_handle;
1321	flow_defunct->flags = flow_registration->flags;
1322	#if SKYWALK
1323	if (flow_registration->kstats_kaddr != NULL) {
1324	struct necp_all_stats ustats_kaddr = ((struct* necp_all_kstats *)flow_registration->kstats_kaddr)->necp_stats_ustats;
1325	struct necp_quic_stats quicstats = (struct* necp_quic_stats *)ustats_kaddr;
1326	if (quicstats != NULL) {
1327	memcpy(dst: flow_defunct->close_parameters.u.close_token, src: quicstats->necp_quic_extra.ssr_token, n: sizeof(flow_defunct->close_parameters.u.close_token));
1328	flow_defunct->has_close_parameters = true;
1329	}
1330	}
1331	#endif /* SKYWALK */
1332	// Add to the list provided by caller
1333	LIST_INSERT_HEAD(defunct_list, flow_defunct, chain);
1334	}
1335
1336	needs_defunct = true;
1337	}
1338	}
1339
1340	if (needs_defunct) {
1341	#if SKYWALK
1342	// Close the stats early
1343	if (flow_registration->stats_handler_context != NULL) {
1344	ntstat_userland_stats_event(nstat_ctx: flow_registration->stats_handler_context,
1345	NECP_CLIENT_STATISTICS_EVENT_TIME_WAIT);
1346	}
1347	#endif /* SKYWALK */
1348
1349	// Only set defunct if there was some assigned flow
1350	flow_registration->defunct = true;
1351	}
1352	}
1353	}
1354
1355	static void
1356	necp_defunct_client_for_policy(struct necp_client *client,
1357	struct _necp_flow_defunct_list *defunct_list)
1358	{
1359	NECP_CLIENT_ASSERT_LOCKED(client);
1360
1361	struct necp_client_flow_registration *flow_registration = NULL;
1362	RB_FOREACH(flow_registration, _necp_client_flow_tree, &client->flow_registrations) {
1363	necp_defunct_flow_registration(client, flow_registration, defunct_list);
1364	}
1365	}
1366
1367	static void
1368	necp_client_free(struct necp_client *client)
1369	{
1370	NECP_CLIENT_ASSERT_UNLOCKED(client);
1371
1372	kfree_data(client->extra_interface_options,
1373	sizeof(struct necp_client_interface_option) * NECP_CLIENT_INTERFACE_OPTION_EXTRA_COUNT);
1374	client->extra_interface_options = NULL;
1375
1376	kfree_data(client->parameters, client->parameters_length);
1377	client->parameters = NULL;
1378
1379	kfree_data(client->assigned_group_members, client->assigned_group_members_length);
1380	client->assigned_group_members = NULL;
1381
1382	lck_mtx_destroy(lck: &client->route_lock, grp: &necp_fd_mtx_grp);
1383	lck_mtx_destroy(lck: &client->lock, grp: &necp_fd_mtx_grp);
1384
1385	kfree_type(struct necp_client, client);
1386	}
1387
1388	static void
1389	necp_client_retain_locked(struct necp_client *client)
1390	{
1391	NECP_CLIENT_ASSERT_LOCKED(client);
1392
1393	os_ref_retain_locked(rc: &client->reference_count);
1394	}
1395
1396	static void
1397	necp_client_retain(struct necp_client *client)
1398	{
1399	NECP_CLIENT_LOCK(client);
1400	necp_client_retain_locked(client);
1401	NECP_CLIENT_UNLOCK(client);
1402	}
1403
1404	static bool
1405	necp_client_release_locked(struct necp_client *client)
1406	{
1407	NECP_CLIENT_ASSERT_LOCKED(client);
1408
1409	os_ref_count_t count = os_ref_release_locked(rc: &client->reference_count);
1410	if (count == `0`) {
1411	NECP_CLIENT_UNLOCK(client);
1412	necp_client_free(client);
1413	}
1414
1415	return count == `0`;
1416	}
1417
1418	static bool
1419	necp_client_release(struct necp_client *client)
1420	{
1421	bool last_ref;
1422
1423	NECP_CLIENT_LOCK(client);
1424	if (!(last_ref = necp_client_release_locked(client))) {
1425	NECP_CLIENT_UNLOCK(client);
1426	}
1427
1428	return last_ref;
1429	}
1430
1431	static struct necp_client_update *
1432	necp_client_update_alloc(const void *data, size_t length)
1433	{
1434	struct necp_client_update *client_update;
1435	struct necp_client_observer_update *buffer;
1436	size_t alloc_size;
1437
1438	if (os_add_overflow(length, sizeof(*buffer), &alloc_size)) {
1439	return NULL;
1440	}
1441	buffer = kalloc_data(alloc_size, Z_WAITOK);
1442	if (buffer == NULL) {
1443	return NULL;
1444	}
1445
1446	client_update = kalloc_type(struct necp_client_update,
1447	Z_WAITOK \| Z_ZERO \| Z_NOFAIL);
1448	client_update->update_length = alloc_size;
1449	client_update->update = buffer;
1450	memcpy(dst: buffer->tlv_buffer, src: data, n: length);
1451	return client_update;
1452	}
1453
1454	static void
1455	necp_client_update_free(struct necp_client_update *client_update)
1456	{
1457	kfree_data(client_update->update, client_update->update_length);
1458	kfree_type(struct necp_client_update, client_update);
1459	}
1460
1461	static void
1462	necp_client_update_observer_add_internal(struct necp_fd_data observer_fd, struct* necp_client *client)
1463	{
1464	struct necp_client_update *client_update;
1465
1466	NECP_FD_LOCK(observer_fd);
1467
1468	if (observer_fd->update_count >= necp_observer_message_limit) {
1469	NECP_FD_UNLOCK(observer_fd);
1470	return;
1471	}
1472
1473	client_update = necp_client_update_alloc(data: client->parameters, length: client->parameters_length);
1474	if (client_update != NULL) {
1475	uuid_copy(dst: client_update->client_id, src: client->client_id);
1476	client_update->update->update_type = NECP_CLIENT_UPDATE_TYPE_PARAMETERS;
1477	TAILQ_INSERT_TAIL(&observer_fd->update_list, client_update, chain);
1478	observer_fd->update_count++;
1479
1480	necp_fd_notify(fd_data: observer_fd, true);
1481	}
1482
1483	NECP_FD_UNLOCK(observer_fd);
1484	}
1485
1486	static void
1487	necp_client_update_observer_update_internal(struct necp_fd_data observer_fd, struct* necp_client *client)
1488	{
1489	NECP_FD_LOCK(observer_fd);
1490
1491	if (observer_fd->update_count >= necp_observer_message_limit) {
1492	NECP_FD_UNLOCK(observer_fd);
1493	return;
1494	}
1495
1496	struct necp_client_update *client_update = necp_client_update_alloc(data: client->result, length: client->result_length);
1497	if (client_update != NULL) {
1498	uuid_copy(dst: client_update->client_id, src: client->client_id);
1499	client_update->update->update_type = NECP_CLIENT_UPDATE_TYPE_RESULT;
1500	TAILQ_INSERT_TAIL(&observer_fd->update_list, client_update, chain);
1501	observer_fd->update_count++;
1502
1503	necp_fd_notify(fd_data: observer_fd, true);
1504	}
1505
1506	NECP_FD_UNLOCK(observer_fd);
1507	}
1508
1509	static void
1510	necp_client_update_observer_remove_internal(struct necp_fd_data observer_fd, struct* necp_client *client)
1511	{
1512	NECP_FD_LOCK(observer_fd);
1513
1514	if (observer_fd->update_count >= necp_observer_message_limit) {
1515	NECP_FD_UNLOCK(observer_fd);
1516	return;
1517	}
1518
1519	struct necp_client_update *client_update = necp_client_update_alloc(NULL, length: `0`);
1520	if (client_update != NULL) {
1521	uuid_copy(dst: client_update->client_id, src: client->client_id);
1522	client_update->update->update_type = NECP_CLIENT_UPDATE_TYPE_REMOVE;
1523	TAILQ_INSERT_TAIL(&observer_fd->update_list, client_update, chain);
1524	observer_fd->update_count++;
1525
1526	necp_fd_notify(fd_data: observer_fd, true);
1527	}
1528
1529	NECP_FD_UNLOCK(observer_fd);
1530	}
1531
1532	static void
1533	necp_client_update_observer_add(struct necp_client *client)
1534	{
1535	NECP_OBSERVER_LIST_LOCK_SHARED();
1536
1537	if (LIST_EMPTY(&necp_fd_observer_list)) {
1538	// No observers, bail
1539	NECP_OBSERVER_LIST_UNLOCK();
1540	return;
1541	}
1542
1543	struct necp_fd_data *observer_fd = NULL;
1544	LIST_FOREACH(observer_fd, &necp_fd_observer_list, chain) {
1545	necp_client_update_observer_add_internal(observer_fd, client);
1546	}
1547
1548	NECP_OBSERVER_LIST_UNLOCK();
1549	}
1550
1551	static void
1552	necp_client_update_observer_update(struct necp_client *client)
1553	{
1554	NECP_OBSERVER_LIST_LOCK_SHARED();
1555
1556	if (LIST_EMPTY(&necp_fd_observer_list)) {
1557	// No observers, bail
1558	NECP_OBSERVER_LIST_UNLOCK();
1559	return;
1560	}
1561
1562	struct necp_fd_data *observer_fd = NULL;
1563	LIST_FOREACH(observer_fd, &necp_fd_observer_list, chain) {
1564	necp_client_update_observer_update_internal(observer_fd, client);
1565	}
1566
1567	NECP_OBSERVER_LIST_UNLOCK();
1568	}
1569
1570	static void
1571	necp_client_update_observer_remove(struct necp_client *client)
1572	{
1573	NECP_OBSERVER_LIST_LOCK_SHARED();
1574
1575	if (LIST_EMPTY(&necp_fd_observer_list)) {
1576	// No observers, bail
1577	NECP_OBSERVER_LIST_UNLOCK();
1578	return;
1579	}
1580
1581	struct necp_fd_data *observer_fd = NULL;
1582	LIST_FOREACH(observer_fd, &necp_fd_observer_list, chain) {
1583	necp_client_update_observer_remove_internal(observer_fd, client);
1584	}
1585
1586	NECP_OBSERVER_LIST_UNLOCK();
1587	}
1588
1589	static void
1590	necp_destroy_client_flow_registration(struct necp_client *client,
1591	struct necp_client_flow_registration *flow_registration,
1592	pid_t pid, bool abort)
1593	{
1594	NECP_CLIENT_ASSERT_LOCKED(client);
1595
1596	bool has_close_parameters = false;
1597	struct necp_client_agent_parameters close_parameters = {};
1598	memset(s: close_parameters.u.close_token, c: `0`, n: sizeof(close_parameters.u.close_token));
1599	#if SKYWALK
1600	if (flow_registration->kstats_kaddr != NULL) {
1601	struct necp_all_stats ustats_kaddr = ((struct* necp_all_kstats *)flow_registration->kstats_kaddr)->necp_stats_ustats;
1602	struct necp_quic_stats quicstats = (struct* necp_quic_stats *)ustats_kaddr;
1603	if (quicstats != NULL &&
1604	quicstats->necp_quic_udp_stats.necp_udp_hdr.necp_stats_type == NECP_CLIENT_STATISTICS_TYPE_QUIC) {
1605	memcpy(dst: close_parameters.u.close_token, src: quicstats->necp_quic_extra.ssr_token, n: sizeof(close_parameters.u.close_token));
1606	has_close_parameters = true;
1607	}
1608	}
1609
1610	// Release reference held on the stats arena
1611	if (flow_registration->stats_arena != NULL) {
1612	necp_arena_info_release(nai: flow_registration->stats_arena);
1613	flow_registration->stats_arena = NULL;
1614	}
1615	#endif /* SKYWALK */
1616
1617	struct necp_client_flow *search_flow = NULL;
1618	struct necp_client_flow *temp_flow = NULL;
1619	LIST_FOREACH_SAFE(search_flow, &flow_registration->flow_list, flow_chain, temp_flow) {
1620	if (search_flow->nexus &&
1621	!uuid_is_null(uu: search_flow->u.nexus_agent)) {
1622	// Don't unregister for defunct flows
1623	if (!flow_registration->defunct) {
1624	u_int8_t message_type = (abort ? NETAGENT_MESSAGE_TYPE_ABORT_NEXUS :
1625	NETAGENT_MESSAGE_TYPE_CLOSE_NEXUS);
1626	if (((flow_registration->flags & NECP_CLIENT_FLOW_FLAGS_BROWSE) \|\|
1627	(flow_registration->flags & NECP_CLIENT_FLOW_FLAGS_RESOLVE)) &&
1628	!(flow_registration->flags & NECP_CLIENT_FLOW_FLAGS_ALLOW_NEXUS)) {
1629	message_type = NETAGENT_MESSAGE_TYPE_CLIENT_UNASSERT;
1630	}
1631	int netagent_error = netagent_client_message_with_params(agent_uuid: search_flow->u.nexus_agent,
1632	necp_client_uuid: ((flow_registration->flags & NECP_CLIENT_FLOW_FLAGS_USE_CLIENT_ID) ?
1633	client->client_id :
1634	flow_registration->registration_id),
1635	pid, handle: client->agent_handle,
1636	message_type,
1637	parameters: has_close_parameters ? &close_parameters : NULL,
1638	NULL, assigned_results_length: `0`);
1639	if (netagent_error != `0` && netagent_error != ENOENT) {
1640	NECPLOG(LOG_ERR, "necp_client_remove close nexus error (%d) MESSAGE TYPE %u", netagent_error, message_type);
1641	}
1642	}
1643	uuid_clear(uu: search_flow->u.nexus_agent);
1644	}
1645	if (search_flow->assigned_results != NULL) {
1646	kfree_data(search_flow->assigned_results, search_flow->assigned_results_length);
1647	search_flow->assigned_results = NULL;
1648	}
1649	LIST_REMOVE(search_flow, flow_chain);
1650	#if SKYWALK
1651	if (search_flow->nexus) {
1652	OSDecrementAtomic(&necp_nexus_flow_count);
1653	} else
1654	#endif /* SKYWALK */
1655	if (search_flow->socket) {
1656	OSDecrementAtomic(&necp_socket_flow_count);
1657	} else {
1658	OSDecrementAtomic(&necp_if_flow_count);
1659	}
1660	kfree_type(struct necp_client_flow, search_flow);
1661	}
1662
1663	RB_REMOVE(_necp_client_flow_tree, &client->flow_registrations, flow_registration);
1664	flow_registration->client = NULL;
1665
1666	kfree_type(struct necp_client_flow_registration, flow_registration);
1667	}
1668
1669	static void
1670	necp_destroy_client(struct necp_client *client, pid_t pid, bool abort)
1671	{
1672	NECP_CLIENT_ASSERT_UNLOCKED(client);
1673
1674	#if SKYWALK
1675	if (client->nstat_context != NULL) {
1676	// This is a catch-all that should be rarely used.
1677	nstat_provider_stats_close(nstat_ctx: client->nstat_context);
1678	client->nstat_context = NULL;
1679	}
1680	if (client->original_parameters_source != NULL) {
1681	necp_client_release(client: client->original_parameters_source);
1682	client->original_parameters_source = NULL;
1683	}
1684	#endif /* SKYWALK */
1685	necp_client_update_observer_remove(client);
1686
1687	NECP_CLIENT_LOCK(client);
1688
1689	// Free route
1690	NECP_CLIENT_ROUTE_LOCK(client);
1691	if (client->current_route != NULL) {
1692	rtfree(client->current_route);
1693	client->current_route = NULL;
1694	}
1695	NECP_CLIENT_ROUTE_UNLOCK(client);
1696
1697	// Remove flow assignments
1698	struct necp_client_flow_registration *flow_registration = NULL;
1699	struct necp_client_flow_registration *temp_flow_registration = NULL;
1700	RB_FOREACH_SAFE(flow_registration, _necp_client_flow_tree, &client->flow_registrations, temp_flow_registration) {
1701	necp_destroy_client_flow_registration(client, flow_registration, pid, abort);
1702	}
1703
1704	#if SKYWALK
1705	// Remove port reservation
1706	if (NETNS_TOKEN_VALID(&client->port_reservation)) {
1707	netns_release(token: &client->port_reservation);
1708	}
1709	#endif /* !SKYWALK */
1710
1711	// Remove agent assertions
1712	struct necp_client_assertion *search_assertion = NULL;
1713	struct necp_client_assertion *temp_assertion = NULL;
1714	LIST_FOREACH_SAFE(search_assertion, &client->assertion_list, assertion_chain, temp_assertion) {
1715	int netagent_error = netagent_client_message(agent_uuid: search_assertion->asserted_netagent, necp_client_uuid: client->client_id, pid,
1716	handle: client->agent_handle, NETAGENT_MESSAGE_TYPE_CLIENT_UNASSERT);
1717	if (netagent_error != `0`) {
1718	NECPLOG((netagent_error == ENOENT ? LOG_DEBUG : LOG_ERR),
1719	"necp_client_remove unassert agent error (%d)", netagent_error);
1720	}
1721	LIST_REMOVE(search_assertion, assertion_chain);
1722	kfree_type(struct necp_client_assertion, search_assertion);
1723	}
1724
1725	if (!necp_client_release_locked(client)) {
1726	NECP_CLIENT_UNLOCK(client);
1727	}
1728
1729	OSDecrementAtomic(&necp_client_count);
1730	}
1731
1732	static bool
1733	necp_defunct_client_fd_locked_inner(struct necp_fd_data client_fd, struct* _necp_flow_defunct_list *defunct_list, bool destroy_stats);
1734
1735	static void
1736	necp_process_defunct_list(struct _necp_flow_defunct_list *defunct_list)
1737	{
1738	if (!LIST_EMPTY(defunct_list)) {
1739	struct necp_flow_defunct *flow_defunct = NULL;
1740	struct necp_flow_defunct *temp_flow_defunct = NULL;
1741
1742	// For each newly defunct client, send a message to the nexus to remove the flow
1743	LIST_FOREACH_SAFE(flow_defunct, defunct_list, chain, temp_flow_defunct) {
1744	if (!uuid_is_null(uu: flow_defunct->nexus_agent)) {
1745	u_int8_t message_type = NETAGENT_MESSAGE_TYPE_ABORT_NEXUS;
1746	if (((flow_defunct->flags & NECP_CLIENT_FLOW_FLAGS_BROWSE) \|\|
1747	(flow_defunct->flags & NECP_CLIENT_FLOW_FLAGS_RESOLVE)) &&
1748	!(flow_defunct->flags & NECP_CLIENT_FLOW_FLAGS_ALLOW_NEXUS)) {
1749	message_type = NETAGENT_MESSAGE_TYPE_CLIENT_UNASSERT;
1750	}
1751	int netagent_error = netagent_client_message_with_params(agent_uuid: flow_defunct->nexus_agent,
1752	necp_client_uuid: flow_defunct->flow_id,
1753	pid: flow_defunct->proc_pid,
1754	handle: flow_defunct->agent_handle,
1755	message_type,
1756	parameters: flow_defunct->has_close_parameters ? &flow_defunct->close_parameters : NULL,
1757	NULL, assigned_results_length: `0`);
1758	if (netagent_error != `0`) {
1759	char namebuf[MAXCOMLEN + `1`];
1760	(void) strlcpy(dst: namebuf, src: "unknown", n: sizeof(namebuf));
1761	proc_name(pid: flow_defunct->proc_pid, buf: namebuf, size: sizeof(namebuf));
1762	NECPLOG((netagent_error == ENOENT ? LOG_DEBUG : LOG_ERR), "necp_update_client abort nexus error (%d) for pid %d %s", netagent_error, flow_defunct->proc_pid, namebuf);
1763	}
1764	}
1765	LIST_REMOVE(flow_defunct, chain);
1766	kfree_type(struct necp_flow_defunct, flow_defunct);
1767	}
1768	}
1769	ASSERT(LIST_EMPTY(defunct_list));
1770	}
1771
1772	static int
1773	necpop_close(struct fileglob *fg, vfs_context_t ctx)
1774	{
1775	#pragma unused(ctx)
1776	struct necp_fd_data *fd_data = NULL;
1777	int error = `0`;
1778
1779	fd_data = (struct necp_fd_data *)fg_get_data(fg);
1780	fg_set_data(fg, NULL);
1781
1782	if (fd_data != NULL) {
1783	struct _necp_client_tree clients_to_close;
1784	RB_INIT(&clients_to_close);
1785
1786	// Remove from list quickly
1787	if (fd_data->flags & NECP_OPEN_FLAG_PUSH_OBSERVER) {
1788	NECP_OBSERVER_LIST_LOCK_EXCLUSIVE();
1789	LIST_REMOVE(fd_data, chain);
1790	NECP_OBSERVER_LIST_UNLOCK();
1791	} else {
1792	NECP_FD_LIST_LOCK_EXCLUSIVE();
1793	LIST_REMOVE(fd_data, chain);
1794	NECP_FD_LIST_UNLOCK();
1795	}
1796
1797	NECP_FD_LOCK(fd_data);
1798	pid_t pid = fd_data->proc_pid;
1799
1800	struct _necp_flow_defunct_list defunct_list;
1801	LIST_INIT(&defunct_list);
1802
1803	(void)necp_defunct_client_fd_locked_inner(client_fd: fd_data, defunct_list: &defunct_list, false);
1804
1805	struct necp_client_flow_registration *flow_registration = NULL;
1806	struct necp_client_flow_registration *temp_flow_registration = NULL;
1807	RB_FOREACH_SAFE(flow_registration, _necp_fd_flow_tree, &fd_data->flows, temp_flow_registration) {
1808	#if SKYWALK
1809	necp_destroy_flow_stats(fd_data, flow_registration, NULL, TRUE);
1810	#endif /* SKYWALK */
1811	NECP_FLOW_TREE_LOCK_EXCLUSIVE();
1812	RB_REMOVE(_necp_client_flow_global_tree, &necp_client_flow_global_tree, flow_registration);
1813	NECP_FLOW_TREE_UNLOCK();
1814	RB_REMOVE(_necp_fd_flow_tree, &fd_data->flows, flow_registration);
1815	}
1816
1817	struct necp_client *client = NULL;
1818	struct necp_client *temp_client = NULL;
1819	RB_FOREACH_SAFE(client, _necp_client_tree, &fd_data->clients, temp_client) {
1820	// Clear out the agent_handle to avoid dangling pointers back to fd_data
1821	NECP_CLIENT_LOCK(client);
1822	client->agent_handle = NULL;
1823	NECP_CLIENT_UNLOCK(client);
1824
1825	NECP_CLIENT_TREE_LOCK_EXCLUSIVE();
1826	RB_REMOVE(_necp_client_global_tree, &necp_client_global_tree, client);
1827	NECP_CLIENT_TREE_UNLOCK();
1828	RB_REMOVE(_necp_client_tree, &fd_data->clients, client);
1829	RB_INSERT(_necp_client_tree, &clients_to_close, client);
1830	}
1831
1832	struct necp_client_update *client_update = NULL;
1833	struct necp_client_update *temp_update = NULL;
1834	TAILQ_FOREACH_SAFE(client_update, &fd_data->update_list, chain, temp_update) {
1835	// Flush pending updates
1836	TAILQ_REMOVE(&fd_data->update_list, client_update, chain);
1837	necp_client_update_free(client_update);
1838	}
1839	fd_data->update_count = `0`;
1840
1841	#if SKYWALK
1842	// Cleanup stats arena(s); indicate that we're closing
1843	necp_stats_arenas_destroy(fd_data, TRUE);
1844	ASSERT(fd_data->stats_arena_active == NULL);
1845	ASSERT(LIST_EMPTY(&fd_data->stats_arena_list));
1846
1847	// Cleanup systctl arena
1848	necp_sysctl_arena_destroy(fd_data);
1849	ASSERT(fd_data->sysctl_arena == NULL);
1850	#endif /* SKYWALK */
1851
1852	NECP_FD_UNLOCK(fd_data);
1853
1854	selthreadclear(&fd_data->si);
1855
1856	lck_mtx_destroy(lck: &fd_data->fd_lock, grp: &necp_fd_mtx_grp);
1857
1858	if (fd_data->flags & NECP_OPEN_FLAG_PUSH_OBSERVER) {
1859	OSDecrementAtomic(&necp_observer_fd_count);
1860	} else {
1861	OSDecrementAtomic(&necp_client_fd_count);
1862	}
1863
1864	kfree_type(struct necp_fd_data, fd_data);
1865
1866	RB_FOREACH_SAFE(client, _necp_client_tree, &clients_to_close, temp_client) {
1867	RB_REMOVE(_necp_client_tree, &clients_to_close, client);
1868	necp_destroy_client(client, pid, true);
1869	}
1870
1871	necp_process_defunct_list(defunct_list: &defunct_list);
1872	}
1873
1874	return error;
1875	}
1876
1877	/// NECP client utilities
1878
1879	static inline bool
1880	necp_address_is_wildcard(const union necp_sockaddr_union * const addr)
1881	{
1882	return (addr->sa.sa_family == AF_INET && addr->sin.sin_addr.s_addr == INADDR_ANY) \|\|
1883	(addr->sa.sa_family == AF_INET6 && IN6_IS_ADDR_UNSPECIFIED(&addr->sin6.sin6_addr));
1884	}
1885
1886	static int
1887	necp_find_fd_data(struct proc p, int* fd,
1888	struct fileproc fpp, struct necp_fd_data fd_data)
1889	{
1890	struct fileproc *fp;
1891	int error = fp_get_ftype(p, fd, ftype: DTYPE_NETPOLICY, ENODEV, fpp: &fp);
1892
1893	if (error == `0`) {
1894	fd_data = (struct* necp_fd_data *)fp_get_data(fp);
1895	*fpp = fp;
1896
1897	if ((*fd_data)->necp_fd_type != necp_fd_type_client) {
1898	// Not a client fd, ignore
1899	fp_drop(p, fd, fp, locked: `0`);
1900	error = EINVAL;
1901	}
1902	}
1903	return error;
1904	}
1905
1906	static void
1907	necp_client_add_nexus_flow(struct necp_client_flow_registration *flow_registration,
1908	uuid_t nexus_agent,
1909	uint32_t interface_index,
1910	uint32_t interface_flags)
1911	{
1912	struct necp_client_flow new_flow = kalloc_type(struct* necp_client_flow, Z_WAITOK \| Z_ZERO \| Z_NOFAIL);
1913
1914	new_flow->nexus = TRUE;
1915	uuid_copy(dst: new_flow->u.nexus_agent, src: nexus_agent);
1916	new_flow->interface_index = interface_index;
1917	new_flow->interface_flags = interface_flags;
1918	new_flow->check_tcp_heuristics = TRUE;
1919
1920	#if SKYWALK
1921	OSIncrementAtomic(&necp_nexus_flow_count);
1922	#endif /* SKYWALK */
1923
1924	LIST_INSERT_HEAD(&flow_registration->flow_list, new_flow, flow_chain);
1925
1926	#if SKYWALK
1927	necp_flow_save_current_interface_details(flow_registration);
1928	#endif /* SKYWALK */
1929	}
1930
1931	static void
1932	necp_client_add_nexus_flow_if_needed(struct necp_client_flow_registration *flow_registration,
1933	uuid_t nexus_agent,
1934	uint32_t interface_index)
1935	{
1936	struct necp_client_flow *flow = NULL;
1937	LIST_FOREACH(flow, &flow_registration->flow_list, flow_chain) {
1938	if (flow->nexus &&
1939	uuid_compare(uu1: flow->u.nexus_agent, uu2: nexus_agent) == `0`) {
1940	return;
1941	}
1942	}
1943
1944	uint32_t interface_flags = `0`;
1945	ifnet_t ifp = NULL;
1946	ifnet_head_lock_shared();
1947	if (interface_index != IFSCOPE_NONE && interface_index <= (u_int32_t)if_index) {
1948	ifp = ifindex2ifnet[interface_index];
1949	if (ifp != NULL) {
1950	ifnet_lock_shared(ifp);
1951	interface_flags = nstat_ifnet_to_flags(ifp);
1952	ifnet_lock_done(ifp);
1953	}
1954	}
1955	ifnet_head_done();
1956	necp_client_add_nexus_flow(flow_registration, nexus_agent, interface_index, interface_flags);
1957	}
1958
1959	static struct necp_client_flow *
1960	necp_client_add_interface_flow(struct necp_client_flow_registration *flow_registration,
1961	uint32_t interface_index)
1962	{
1963	struct necp_client_flow new_flow = kalloc_type(struct* necp_client_flow, Z_WAITOK \| Z_ZERO \| Z_NOFAIL);
1964
1965	// Neither nexus nor socket
1966	new_flow->interface_index = interface_index;
1967	new_flow->u.socket_handle = flow_registration->interface_handle;
1968	new_flow->u.cb = flow_registration->interface_cb;
1969
1970	OSIncrementAtomic(&necp_if_flow_count);
1971
1972	LIST_INSERT_HEAD(&flow_registration->flow_list, new_flow, flow_chain);
1973
1974	return new_flow;
1975	}
1976
1977	static struct necp_client_flow *
1978	necp_client_add_interface_flow_if_needed(struct necp_client *client,
1979	struct necp_client_flow_registration *flow_registration,
1980	uint32_t interface_index)
1981	{
1982	if (!client->allow_multiple_flows \|\|
1983	interface_index == IFSCOPE_NONE) {
1984	// Interface not set, or client not allowed to use this mode
1985	return NULL;
1986	}
1987
1988	struct necp_client_flow *flow = NULL;
1989	LIST_FOREACH(flow, &flow_registration->flow_list, flow_chain) {
1990	if (!flow->nexus && !flow->socket && flow->interface_index == interface_index) {
1991	// Already have the flow
1992	flow->invalid = FALSE;
1993	flow->u.socket_handle = flow_registration->interface_handle;
1994	flow->u.cb = flow_registration->interface_cb;
1995	return NULL;
1996	}
1997	}
1998	return necp_client_add_interface_flow(flow_registration, interface_index);
1999	}
2000
2001	static void
2002	necp_client_add_interface_option_if_needed(struct necp_client *client,
2003	uint32_t interface_index,
2004	uint32_t interface_generation,
2005	uuid_t *nexus_agent,
2006	bool network_provider)
2007	{
2008	if ((interface_index == IFSCOPE_NONE && !network_provider) \|\|
2009	(client->interface_option_count != `0` && !client->allow_multiple_flows)) {
2010	// Interface not set, or client not allowed to use this mode
2011	return;
2012	}
2013
2014	if (client->interface_option_count >= NECP_CLIENT_MAX_INTERFACE_OPTIONS) {
2015	// Cannot take any more interface options
2016	return;
2017	}
2018
2019	// Check if already present
2020	for (u_int32_t option_i = `0`; option_i < client->interface_option_count; option_i++) {
2021	if (option_i < NECP_CLIENT_INTERFACE_OPTION_STATIC_COUNT) {
2022	struct necp_client_interface_option *option = &client->interface_options[option_i];
2023	if (option->interface_index == interface_index) {
2024	if (nexus_agent == NULL) {
2025	return;
2026	}
2027	if (uuid_compare(uu1: option->nexus_agent, uu2: *nexus_agent) == `0`) {
2028	return;
2029	}
2030	if (uuid_is_null(uu: option->nexus_agent)) {
2031	uuid_copy(dst: option->nexus_agent, src: *nexus_agent);
2032	return;
2033	}
2034	// If we get to this point, this is a new nexus flow
2035	}
2036	} else {
2037	struct necp_client_interface_option *option = &client->extra_interface_options[option_i - NECP_CLIENT_INTERFACE_OPTION_STATIC_COUNT];
2038	if (option->interface_index == interface_index) {
2039	if (nexus_agent == NULL) {
2040	return;
2041	}
2042	if (uuid_compare(uu1: option->nexus_agent, uu2: *nexus_agent) == `0`) {
2043	return;
2044	}
2045	if (uuid_is_null(uu: option->nexus_agent)) {
2046	uuid_copy(dst: option->nexus_agent, src: *nexus_agent);
2047	return;
2048	}
2049	// If we get to this point, this is a new nexus flow
2050	}
2051	}
2052	}
2053
2054	// Add a new entry
2055	if (client->interface_option_count < NECP_CLIENT_INTERFACE_OPTION_STATIC_COUNT) {
2056	// Add to static
2057	struct necp_client_interface_option *option = &client->interface_options[client->interface_option_count];
2058	option->interface_index = interface_index;
2059	option->interface_generation = interface_generation;
2060	if (nexus_agent != NULL) {
2061	uuid_copy(dst: option->nexus_agent, src: *nexus_agent);
2062	} else {
2063	uuid_clear(uu: option->nexus_agent);
2064	}
2065	client->interface_option_count++;
2066	} else {
2067	// Add to extra
2068	if (client->extra_interface_options == NULL) {
2069	client->extra_interface_options = (struct necp_client_interface_option *)kalloc_data(
2070	sizeof(struct necp_client_interface_option) * NECP_CLIENT_INTERFACE_OPTION_EXTRA_COUNT, Z_WAITOK \| Z_ZERO);
2071	}
2072	if (client->extra_interface_options != NULL) {
2073	struct necp_client_interface_option *option = &client->extra_interface_options[client->interface_option_count - NECP_CLIENT_INTERFACE_OPTION_STATIC_COUNT];
2074	option->interface_index = interface_index;
2075	option->interface_generation = interface_generation;
2076	if (nexus_agent != NULL) {
2077	uuid_copy(dst: option->nexus_agent, src: *nexus_agent);
2078	} else {
2079	uuid_clear(uu: option->nexus_agent);
2080	}
2081	client->interface_option_count++;
2082	}
2083	}
2084	}
2085
2086	static bool
2087	necp_client_flow_is_viable(proc_t proc, struct necp_client *client,
2088	struct necp_client_flow *flow)
2089	{
2090	struct necp_aggregate_result result;
2091	bool ignore_address = (client->allow_multiple_flows && !flow->nexus && !flow->socket);
2092
2093	flow->necp_flow_flags = `0`;
2094	int error = necp_application_find_policy_match_internal(proc, parameters: client->parameters,
2095	parameters_size: (u_int32_t)client->parameters_length,
2096	returned_result: &result, flags: &flow->necp_flow_flags, NULL,
2097	required_interface_index: flow->interface_index,
2098	override_local_addr: &flow->local_addr, override_remote_addr: &flow->remote_addr, NULL, NULL,
2099	NULL, ignore_address, true, NULL);
2100
2101	// Check for blocking agents
2102	for (int i = `0`; i < NECP_MAX_NETAGENTS; i++) {
2103	if (uuid_is_null(uu: result.netagents[i])) {
2104	// Passed end of valid agents
2105	break;
2106	}
2107	if (result.netagent_use_flags[i] & NECP_AGENT_USE_FLAG_REMOVE) {
2108	// A removed agent, ignore
2109	continue;
2110	}
2111	u_int32_t flags = netagent_get_flags(uuid: result.netagents[i]);
2112	if ((flags & NETAGENT_FLAG_REGISTERED) &&
2113	!(flags & NETAGENT_FLAG_VOLUNTARY) &&
2114	!(flags & NETAGENT_FLAG_ACTIVE) &&
2115	!(flags & NETAGENT_FLAG_SPECIFIC_USE_ONLY)) {
2116	// A required agent is not active, cause the flow to be marked non-viable
2117	return false;
2118	}
2119	}
2120
2121	if (flow->interface_index != IFSCOPE_NONE) {
2122	ifnet_head_lock_shared();
2123
2124	struct ifnet *ifp = ifindex2ifnet[flow->interface_index];
2125	if (ifp && ifp->if_delegated.ifp != IFSCOPE_NONE) {
2126	flow->delegated_interface_index = ifp->if_delegated.ifp->if_index;
2127	}
2128
2129	ifnet_head_done();
2130	}
2131
2132	return error == `0` &&
2133	result.routed_interface_index != IFSCOPE_NONE &&
2134	result.routing_result != NECP_KERNEL_POLICY_RESULT_DROP;
2135	}
2136
2137	static void
2138	necp_flow_add_interface_flows(proc_t proc,
2139	struct necp_client *client,
2140	struct necp_client_flow_registration *flow_registration,
2141	bool send_initial)
2142	{
2143	// Traverse all interfaces and add a tracking flow if needed
2144	for (u_int32_t option_i = `0`; option_i < client->interface_option_count; option_i++) {
2145	if (option_i < NECP_CLIENT_INTERFACE_OPTION_STATIC_COUNT) {
2146	struct necp_client_interface_option *option = &client->interface_options[option_i];
2147	struct necp_client_flow *flow = necp_client_add_interface_flow_if_needed(client, flow_registration, interface_index: option->interface_index);
2148	if (flow != NULL && send_initial) {
2149	flow->viable = necp_client_flow_is_viable(proc, client, flow);
2150	if (flow->viable && flow->u.cb) {
2151	bool viable = flow->viable;
2152	flow->u.cb(flow_registration->interface_handle, NECP_CLIENT_CBACTION_INITIAL, flow->interface_index, flow->necp_flow_flags, &viable);
2153	flow->viable = viable;
2154	}
2155	}
2156	} else {
2157	struct necp_client_interface_option *option = &client->extra_interface_options[option_i - NECP_CLIENT_INTERFACE_OPTION_STATIC_COUNT];
2158	struct necp_client_flow *flow = necp_client_add_interface_flow_if_needed(client, flow_registration, interface_index: option->interface_index);
2159	if (flow != NULL && send_initial) {
2160	flow->viable = necp_client_flow_is_viable(proc, client, flow);
2161	if (flow->viable && flow->u.cb) {
2162	bool viable = flow->viable;
2163	flow->u.cb(flow_registration->interface_handle, NECP_CLIENT_CBACTION_INITIAL, flow->interface_index, flow->necp_flow_flags, &viable);
2164	flow->viable = viable;
2165	}
2166	}
2167	}
2168	}
2169	}
2170
2171	static bool
2172	necp_client_update_flows(proc_t proc,
2173	struct necp_client *client,
2174	struct _necp_flow_defunct_list *defunct_list)
2175	{
2176	NECP_CLIENT_ASSERT_LOCKED(client);
2177
2178	bool any_client_updated = FALSE;
2179	struct necp_client_flow *flow = NULL;
2180	struct necp_client_flow *temp_flow = NULL;
2181	struct necp_client_flow_registration *flow_registration = NULL;
2182	RB_FOREACH(flow_registration, _necp_client_flow_tree, &client->flow_registrations) {
2183	if (flow_registration->interface_cb != NULL) {
2184	// Add any interface flows that are not already tracked
2185	necp_flow_add_interface_flows(proc, client, flow_registration, false);
2186	}
2187
2188	LIST_FOREACH_SAFE(flow, &flow_registration->flow_list, flow_chain, temp_flow) {
2189	bool client_updated = FALSE;
2190
2191	// Check policy result for flow
2192	u_short old_delegated_ifindex = flow->delegated_interface_index;
2193
2194	int old_flags = flow->necp_flow_flags;
2195	bool viable = necp_client_flow_is_viable(proc, client, flow);
2196
2197	// TODO: Defunct nexus flows that are blocked by policy
2198
2199	if (flow->viable != viable) {
2200	flow->viable = viable;
2201	client_updated = TRUE;
2202	}
2203
2204	if ((old_flags & NECP_CLIENT_RESULT_FLAG_FORCE_UPDATE) !=
2205	(flow->necp_flow_flags & NECP_CLIENT_RESULT_FLAG_FORCE_UPDATE)) {
2206	client_updated = TRUE;
2207	}
2208
2209	if (flow->delegated_interface_index != old_delegated_ifindex) {
2210	client_updated = TRUE;
2211	}
2212
2213	if (flow->viable && client_updated && (flow->socket \|\| (!flow->socket && !flow->nexus)) && flow->u.cb) {
2214	bool flow_viable = flow->viable;
2215	flow->u.cb(flow->u.socket_handle, NECP_CLIENT_CBACTION_VIABLE, flow->interface_index, flow->necp_flow_flags, &flow_viable);
2216	flow->viable = flow_viable;
2217	}
2218
2219	if (!flow->viable \|\| flow->invalid) {
2220	if (client_updated && (flow->socket \|\| (!flow->socket && !flow->nexus)) && flow->u.cb) {
2221	bool flow_viable = flow->viable;
2222	flow->u.cb(flow->u.socket_handle, NECP_CLIENT_CBACTION_NONVIABLE, flow->interface_index, flow->necp_flow_flags, &flow_viable);
2223	flow->viable = flow_viable;
2224	}
2225	// The callback might change the viable-flag of the
2226	// flow depending on its policy. Thus, we need to
2227	// check the flags again after the callback.
2228	}
2229
2230	#if SKYWALK
2231	if (defunct_list != NULL) {
2232	if (flow->invalid && flow->nexus && flow->assigned && !uuid_is_null(uu: flow->u.nexus_agent)) {
2233	// This is a nexus flow that was assigned, but not found on path
2234	u_int32_t flags = netagent_get_flags(uuid: flow->u.nexus_agent);
2235	if (!(flags & NETAGENT_FLAG_REGISTERED)) {
2236	// The agent is no longer registered! Mark defunct.
2237	necp_defunct_flow_registration(client, flow_registration, defunct_list);
2238	client_updated = TRUE;
2239	}
2240	}
2241	}
2242	#else /* !SKYWALK */
2243	(void)defunct_list;
2244	#endif /* !SKYWALK */
2245
2246	// Handle flows that no longer match
2247	if (!flow->viable \|\| flow->invalid) {
2248	// Drop them as long as they aren't assigned data
2249	if (!flow->nexus && !flow->assigned) {
2250	if (flow->assigned_results != NULL) {
2251	kfree_data(flow->assigned_results, flow->assigned_results_length);
2252	flow->assigned_results = NULL;
2253	client_updated = TRUE;
2254	}
2255	LIST_REMOVE(flow, flow_chain);
2256	#if SKYWALK
2257	if (flow->nexus) {
2258	OSDecrementAtomic(&necp_nexus_flow_count);
2259	} else
2260	#endif /* SKYWALK */
2261	if (flow->socket) {
2262	OSDecrementAtomic(&necp_socket_flow_count);
2263	} else {
2264	OSDecrementAtomic(&necp_if_flow_count);
2265	}
2266	kfree_type(struct necp_client_flow, flow);
2267	}
2268	}
2269
2270	any_client_updated \|= client_updated;
2271	}
2272	#if SKYWALK
2273	necp_flow_save_current_interface_details(flow_registration);
2274	#endif /* SKYWALK */
2275	}
2276
2277	return any_client_updated;
2278	}
2279
2280	static void
2281	necp_client_mark_all_nonsocket_flows_as_invalid(struct necp_client *client)
2282	{
2283	struct necp_client_flow_registration *flow_registration = NULL;
2284	struct necp_client_flow *flow = NULL;
2285	RB_FOREACH(flow_registration, _necp_client_flow_tree, &client->flow_registrations) {
2286	LIST_FOREACH(flow, &flow_registration->flow_list, flow_chain) {
2287	if (!flow->socket) { // Socket flows are not marked as invalid
2288	flow->invalid = TRUE;
2289	}
2290	}
2291	}
2292
2293	// Reset option count every update
2294	client->interface_option_count = `0`;
2295	}
2296
2297	static inline bool
2298	necp_netagent_is_requested(const struct necp_client_parsed_parameters *parameters,
2299	uuid_t *netagent_uuid)
2300	{
2301	// Specific use agents only apply when requested
2302	bool requested = false;
2303	if (parameters != NULL) {
2304	// Check required agent UUIDs
2305	for (int i = `0`; i < NECP_MAX_AGENT_PARAMETERS; i++) {
2306	if (uuid_is_null(uu: parameters->required_netagents[i])) {
2307	break;
2308	}
2309	if (uuid_compare(uu1: parameters->required_netagents[i], uu2: *netagent_uuid) == `0`) {
2310	requested = true;
2311	break;
2312	}
2313	}
2314
2315	if (!requested) {
2316	// Check required agent types
2317	bool fetched_type = false;
2318	char netagent_domain[NETAGENT_DOMAINSIZE];
2319	char netagent_type[NETAGENT_TYPESIZE];
2320	memset(s: &netagent_domain, c: `0`, NETAGENT_DOMAINSIZE);
2321	memset(s: &netagent_type, c: `0`, NETAGENT_TYPESIZE);
2322
2323	for (int i = `0`; i < NECP_MAX_AGENT_PARAMETERS; i++) {
2324	if (strlen(s: parameters->required_netagent_types[i].netagent_domain) == `0` \|\|
2325	strlen(s: parameters->required_netagent_types[i].netagent_type) == `0`) {
2326	break;
2327	}
2328
2329	if (!fetched_type) {
2330	if (netagent_get_agent_domain_and_type(uuid: *netagent_uuid, domain: netagent_domain, type: netagent_type)) {
2331	fetched_type = TRUE;
2332	} else {
2333	break;
2334	}
2335	}
2336
2337	if ((strlen(s: parameters->required_netagent_types[i].netagent_domain) == `0` \|\|
2338	strncmp(s1: netagent_domain, s2: parameters->required_netagent_types[i].netagent_domain, NETAGENT_DOMAINSIZE) == `0`) &&
2339	(strlen(s: parameters->required_netagent_types[i].netagent_type) == `0` \|\|
2340	strncmp(s1: netagent_type, s2: parameters->required_netagent_types[i].netagent_type, NETAGENT_TYPESIZE) == `0`)) {
2341	requested = true;
2342	break;
2343	}
2344	}
2345	}
2346
2347	// Check preferred agent UUIDs
2348	for (int i = `0`; i < NECP_MAX_AGENT_PARAMETERS; i++) {
2349	if (uuid_is_null(uu: parameters->preferred_netagents[i])) {
2350	break;
2351	}
2352	if (uuid_compare(uu1: parameters->preferred_netagents[i], uu2: *netagent_uuid) == `0`) {
2353	requested = true;
2354	break;
2355	}
2356	}
2357
2358	if (!requested) {
2359	// Check preferred agent types
2360	bool fetched_type = false;
2361	char netagent_domain[NETAGENT_DOMAINSIZE];
2362	char netagent_type[NETAGENT_TYPESIZE];
2363	memset(s: &netagent_domain, c: `0`, NETAGENT_DOMAINSIZE);
2364	memset(s: &netagent_type, c: `0`, NETAGENT_TYPESIZE);
2365
2366	for (int i = `0`; i < NECP_MAX_AGENT_PARAMETERS; i++) {
2367	if (strlen(s: parameters->preferred_netagent_types[i].netagent_domain) == `0` \|\|
2368	strlen(s: parameters->preferred_netagent_types[i].netagent_type) == `0`) {
2369	break;
2370	}
2371
2372	if (!fetched_type) {
2373	if (netagent_get_agent_domain_and_type(uuid: *netagent_uuid, domain: netagent_domain, type: netagent_type)) {
2374	fetched_type = TRUE;
2375	} else {
2376	break;
2377	}
2378	}
2379
2380	if ((strlen(s: parameters->preferred_netagent_types[i].netagent_domain) == `0` \|\|
2381	strncmp(s1: netagent_domain, s2: parameters->preferred_netagent_types[i].netagent_domain, NETAGENT_DOMAINSIZE) == `0`) &&
2382	(strlen(s: parameters->preferred_netagent_types[i].netagent_type) == `0` \|\|
2383	strncmp(s1: netagent_type, s2: parameters->preferred_netagent_types[i].netagent_type, NETAGENT_TYPESIZE) == `0`)) {
2384	requested = true;
2385	break;
2386	}
2387	}
2388	}
2389	}
2390
2391	return requested;
2392	}
2393
2394	static bool
2395	necp_netagent_applies_to_client(struct necp_client *client,
2396	const struct necp_client_parsed_parameters *parameters,
2397	uuid_t *netagent_uuid, bool allow_nexus,
2398	uint32_t interface_index, uint32_t interface_generation)
2399	{
2400	#pragma unused(interface_index, interface_generation)
2401	bool applies = FALSE;
2402	u_int32_t flags = netagent_get_flags(uuid: *netagent_uuid);
2403	if (!(flags & NETAGENT_FLAG_REGISTERED)) {
2404	// Unregistered agents never apply
2405	return applies;
2406	}
2407
2408	const bool is_nexus_agent = ((flags & NETAGENT_FLAG_NEXUS_PROVIDER) \|\|
2409	(flags & NETAGENT_FLAG_NEXUS_LISTENER) \|\|
2410	(flags & NETAGENT_FLAG_CUSTOM_ETHER_NEXUS) \|\|
2411	(flags & NETAGENT_FLAG_CUSTOM_IP_NEXUS) \|\|
2412	(flags & NETAGENT_FLAG_INTERPOSE_NEXUS));
2413	if (is_nexus_agent) {
2414	if (!allow_nexus) {
2415	// Hide nexus providers unless allowed
2416	// Direct interfaces and direct policies are allowed to use a nexus
2417	// Delegate interfaces or re-scoped interfaces are not allowed
2418	return applies;
2419	}
2420
2421	if ((parameters->flags & NECP_CLIENT_PARAMETER_FLAG_CUSTOM_ETHER) &&
2422	!(flags & NETAGENT_FLAG_CUSTOM_ETHER_NEXUS)) {
2423	// Client requested a custom ether nexus, but this nexus isn't one
2424	return applies;
2425	}
2426
2427	if ((parameters->flags & NECP_CLIENT_PARAMETER_FLAG_CUSTOM_IP) &&
2428	!(flags & NETAGENT_FLAG_CUSTOM_IP_NEXUS)) {
2429	// Client requested a custom IP nexus, but this nexus isn't one
2430	return applies;
2431	}
2432
2433	if ((parameters->flags & NECP_CLIENT_PARAMETER_FLAG_INTERPOSE) &&
2434	!(flags & NETAGENT_FLAG_INTERPOSE_NEXUS)) {
2435	// Client requested an interpose nexus, but this nexus isn't one
2436	return applies;
2437	}
2438
2439	if (!(parameters->flags & NECP_CLIENT_PARAMETER_FLAG_CUSTOM_ETHER) &&
2440	!(parameters->flags & NECP_CLIENT_PARAMETER_FLAG_CUSTOM_IP) &&
2441	!(parameters->flags & NECP_CLIENT_PARAMETER_FLAG_INTERPOSE) &&
2442	!(flags & NETAGENT_FLAG_NEXUS_PROVIDER)) {
2443	// Client requested default parameters, but this nexus isn't generic
2444	return applies;
2445	}
2446	}
2447
2448	if (uuid_compare(uu1: client->failed_trigger_agent.netagent_uuid, uu2: *netagent_uuid) == `0`) {
2449	if (client->failed_trigger_agent.generation == netagent_get_generation(uuid: *netagent_uuid)) {
2450	// If this agent was triggered, and failed, and hasn't changed, keep hiding it
2451	return applies;
2452	} else {
2453	// Mismatch generation, clear out old trigger
2454	uuid_clear(uu: client->failed_trigger_agent.netagent_uuid);
2455	client->failed_trigger_agent.generation = `0`;
2456	}
2457	}
2458
2459	if (flags & NETAGENT_FLAG_SPECIFIC_USE_ONLY) {
2460	// Specific use agents only apply when requested
2461	applies = necp_netagent_is_requested(parameters, netagent_uuid);
2462	} else {
2463	applies = TRUE;
2464	}
2465
2466	#if SKYWALK
2467	// Add nexus agent if it is a nexus, and either is not a listener, or the nexus supports listeners
2468	if (applies && is_nexus_agent &&
2469	!(parameters->flags & NECP_CLIENT_PARAMETER_FLAG_BROWSE) && // Don't add for browse paths
2470	((flags & NETAGENT_FLAG_NEXUS_LISTENER) \|\| !(parameters->flags & NECP_CLIENT_PARAMETER_FLAG_LISTENER))) {
2471	necp_client_add_interface_option_if_needed(client, interface_index,
2472	interface_generation, nexus_agent: netagent_uuid,
2473	network_provider: (flags & NETAGENT_FLAG_NETWORK_PROVIDER));
2474	}
2475	#endif /* SKYWALK */
2476
2477	return applies;
2478	}
2479
2480	static void
2481	necp_client_add_agent_interface_options(struct necp_client *client,
2482	const struct necp_client_parsed_parameters *parsed_parameters,
2483	ifnet_t ifp)
2484	{
2485	if (ifp != NULL && ifp->if_agentids != NULL) {
2486	for (u_int32_t i = `0`; i < ifp->if_agentcount; i++) {
2487	if (uuid_is_null(uu: ifp->if_agentids[i])) {
2488	continue;
2489	}
2490	// Relies on the side effect that nexus agents that apply will create flows
2491	(void)necp_netagent_applies_to_client(client, parameters: parsed_parameters, netagent_uuid: &ifp->if_agentids[i], TRUE,
2492	interface_index: ifp->if_index, interface_generation: ifnet_get_generation(ifp));
2493	}
2494	}
2495	}
2496
2497	static void
2498	necp_client_add_browse_interface_options(struct necp_client *client,
2499	const struct necp_client_parsed_parameters *parsed_parameters,
2500	ifnet_t ifp)
2501	{
2502	if (ifp != NULL && ifp->if_agentids != NULL) {
2503	for (u_int32_t i = `0`; i < ifp->if_agentcount; i++) {
2504	if (uuid_is_null(uu: ifp->if_agentids[i])) {
2505	continue;
2506	}
2507
2508	u_int32_t flags = netagent_get_flags(uuid: ifp->if_agentids[i]);
2509	if ((flags & NETAGENT_FLAG_REGISTERED) &&
2510	(flags & NETAGENT_FLAG_ACTIVE) &&
2511	(flags & NETAGENT_FLAG_SUPPORTS_BROWSE) &&
2512	(!(flags & NETAGENT_FLAG_SPECIFIC_USE_ONLY) \|\|
2513	necp_netagent_is_requested(parameters: parsed_parameters, netagent_uuid: &ifp->if_agentids[i]))) {
2514	necp_client_add_interface_option_if_needed(client, interface_index: ifp->if_index, interface_generation: ifnet_get_generation(ifp), nexus_agent: &ifp->if_agentids[i], network_provider: (flags & NETAGENT_FLAG_NETWORK_PROVIDER));
2515
2516	// Finding one is enough
2517	break;
2518	}
2519	}
2520	}
2521	}
2522
2523	static inline bool
2524	_necp_client_address_is_valid(struct sockaddr *address)
2525	{
2526	if (address->sa_family == AF_INET) {
2527	return address->sa_len == sizeof(struct sockaddr_in);
2528	} else if (address->sa_family == AF_INET6) {
2529	return address->sa_len == sizeof(struct sockaddr_in6);
2530	} else {
2531	return FALSE;
2532	}
2533	}
2534
2535	#define necp_client_address_is_valid(S) _necp_client_address_is_valid(SA(S))
2536
2537	static inline bool
2538	necp_client_endpoint_is_unspecified(struct necp_client_endpoint *endpoint)
2539	{
2540	if (necp_client_address_is_valid(&endpoint->u.sa)) {
2541	if (endpoint->u.sa.sa_family == AF_INET) {
2542	return endpoint->u.sin.sin_addr.s_addr == INADDR_ANY;
2543	} else if (endpoint->u.sa.sa_family == AF_INET6) {
2544	return IN6_IS_ADDR_UNSPECIFIED(&endpoint->u.sin6.sin6_addr);
2545	} else {
2546	return TRUE;
2547	}
2548	} else {
2549	return TRUE;
2550	}
2551	}
2552
2553	#if SKYWALK
2554	static void
2555	necp_client_update_local_port_parameters(u_int8_t *parameters,
2556	u_int32_t parameters_size,
2557	uint16_t local_port)
2558	{
2559	size_t offset = `0`;
2560	while ((offset + sizeof(struct necp_tlv_header)) <= parameters_size) {
2561	u_int8_t type = necp_buffer_get_tlv_type(buffer: parameters, tlv_offset: offset);
2562	u_int32_t length = necp_buffer_get_tlv_length(buffer: parameters, tlv_offset: offset);
2563
2564	if (length > (parameters_size - (offset + sizeof(struct necp_tlv_header)))) {
2565	// If the length is larger than what can fit in the remaining parameters size, bail
2566	NECPLOG(LOG_ERR, "Invalid TLV length (%u)", length);
2567	break;
2568	}
2569
2570	if (length > `0`) {
2571	u_int8_t *value = necp_buffer_get_tlv_value(buffer: parameters, tlv_offset: offset, NULL);
2572	if (value != NULL) {
2573	switch (type) {
2574	case NECP_CLIENT_PARAMETER_LOCAL_ADDRESS: {
2575	if (length >= sizeof(struct necp_policy_condition_addr)) {
2576	struct necp_policy_condition_addr address_struct = (struct* necp_policy_condition_addr )(void* *)value;
2577	if (necp_client_address_is_valid(&address_struct->address.sa)) {
2578	if (address_struct->address.sa.sa_family == AF_INET) {
2579	address_struct->address.sin.sin_port = local_port;
2580	} else if (address_struct->address.sa.sa_family == AF_INET6) {
2581	address_struct->address.sin6.sin6_port = local_port;
2582	}
2583	}
2584	}
2585	break;
2586	}
2587	case NECP_CLIENT_PARAMETER_LOCAL_ENDPOINT: {
2588	if (length >= sizeof(struct necp_client_endpoint)) {
2589	struct necp_client_endpoint endpoint = (struct* necp_client_endpoint )(void* *)value;
2590	if (necp_client_address_is_valid(&endpoint->u.sa)) {
2591	if (endpoint->u.sa.sa_family == AF_INET) {
2592	endpoint->u.sin.sin_port = local_port;
2593	} else if (endpoint->u.sa.sa_family == AF_INET6) {
2594	endpoint->u.sin6.sin6_port = local_port;
2595	}
2596	}
2597	}
2598	break;
2599	}
2600	default: {
2601	break;
2602	}
2603	}
2604	}
2605	}
2606
2607	offset += sizeof(struct necp_tlv_header) + length;
2608	}
2609	}
2610	#endif /* !SKYWALK */
2611
2612	#define NECP_MAX_SOCKET_ATTRIBUTE_STRING_LENGTH 253
2613
2614	static void
2615	necp_client_trace_parameter_parsing(struct necp_client client, u_int8_t type, u_int8_t value, u_int32_t length)
2616	{
2617	uint64_t num = `0`;
2618	uint16_t shortBuf;
2619	uint32_t intBuf;
2620	char buffer[NECP_MAX_SOCKET_ATTRIBUTE_STRING_LENGTH + `1`];
2621
2622	if (value != NULL && length > `0`) {
2623	switch (length) {
2624	case `1`:
2625	num = *value;
2626	break;
2627	case `2`:
2628	memcpy(dst: &shortBuf, src: value, n: sizeof(shortBuf));
2629	num = shortBuf;
2630	break;
2631	case `4`:
2632	memcpy(dst: &intBuf, src: value, n: sizeof(intBuf));
2633	num = intBuf;
2634	break;
2635	case `8`:
2636	memcpy(dst: &num, src: value, n: sizeof(num));
2637	break;
2638	default:
2639	num = `0`;
2640	break;
2641	}
2642	int len = NECP_MAX_SOCKET_ATTRIBUTE_STRING_LENGTH < length ? NECP_MAX_SOCKET_ATTRIBUTE_STRING_LENGTH : length;
2643	memcpy(dst: buffer, src: value, n: len);
2644	buffer[len] = `0`;
2645	NECP_CLIENT_PARAMS_LOG(client, "Parsing param - type %d length %d value <%llu (%llX)> %s", type, length, num, num, buffer);
2646	} else {
2647	NECP_CLIENT_PARAMS_LOG(client, "Parsing param - type %d length %d", type, length);
2648	}
2649	}
2650
2651	static void
2652	necp_client_trace_parsed_parameters(struct necp_client client, struct* necp_client_parsed_parameters *parsed_parameters)
2653	{
2654	int i;
2655	char local_buffer[`64`] = { };
2656	char remote_buffer[`64`] = { };
2657	uuid_string_t uuid_str = { };
2658	uuid_unparse_lower(uu: parsed_parameters->effective_uuid, out: uuid_str);
2659
2660	switch (parsed_parameters->local_addr.sa.sa_family) {
2661	case AF_INET:
2662	if (parsed_parameters->local_addr.sa.sa_len == sizeof(struct sockaddr_in)) {
2663	struct sockaddr_in *addr = &parsed_parameters->local_addr.sin;
2664	inet_ntop(AF_INET, &(addr->sin_addr), local_buffer, sizeof(local_buffer));
2665	}
2666	break;
2667	case AF_INET6:
2668	if (parsed_parameters->local_addr.sa.sa_len == sizeof(struct sockaddr_in6)) {
2669	struct sockaddr_in6 *addr6 = &parsed_parameters->local_addr.sin6;
2670	inet_ntop(AF_INET6, &(addr6->sin6_addr), local_buffer, sizeof(local_buffer));
2671	}
2672	break;
2673	default:
2674	break;
2675	}
2676
2677	switch (parsed_parameters->remote_addr.sa.sa_family) {
2678	case AF_INET:
2679	if (parsed_parameters->remote_addr.sa.sa_len == sizeof(struct sockaddr_in)) {
2680	struct sockaddr_in *addr = &parsed_parameters->remote_addr.sin;
2681	inet_ntop(AF_INET, &(addr->sin_addr), remote_buffer, sizeof(remote_buffer));
2682	}
2683	break;
2684	case AF_INET6:
2685	if (parsed_parameters->remote_addr.sa.sa_len == sizeof(struct sockaddr_in6)) {
2686	struct sockaddr_in6 *addr6 = &parsed_parameters->remote_addr.sin6;
2687	inet_ntop(AF_INET6, &(addr6->sin6_addr), remote_buffer, sizeof(remote_buffer));
2688	}
2689	break;
2690	default:
2691	break;
2692	}
2693
2694	NECP_CLIENT_PARAMS_LOG(client, "Parsed params - valid_fields %X flags %X delegated_upid %llu local_addr %s remote_addr %s "
2695	"required_interface_index %u required_interface_type %d local_address_preference %d "
2696	"ip_protocol %d transport_protocol %d ethertype %d effective_pid %d effective_uuid %s uid %d persona_id %d traffic_class %d",
2697	parsed_parameters->valid_fields,
2698	parsed_parameters->flags,
2699	parsed_parameters->delegated_upid,
2700	local_buffer, remote_buffer,
2701	parsed_parameters->required_interface_index,
2702	parsed_parameters->required_interface_type,
2703	parsed_parameters->local_address_preference,
2704	parsed_parameters->ip_protocol,
2705	parsed_parameters->transport_protocol,
2706	parsed_parameters->ethertype,
2707	parsed_parameters->effective_pid,
2708	uuid_str,
2709	parsed_parameters->uid,
2710	parsed_parameters->persona_id,
2711	parsed_parameters->traffic_class);
2712
2713	NECP_CLIENT_PARAMS_LOG(client, "Parsed params - tracker flags <known-tracker %X> <non-app-initiated %X> <silent %X> <app-approved %X>",
2714	parsed_parameters->flags & NECP_CLIENT_PARAMETER_FLAG_KNOWN_TRACKER,
2715	parsed_parameters->flags & NECP_CLIENT_PARAMETER_FLAG_NON_APP_INITIATED,
2716	parsed_parameters->flags & NECP_CLIENT_PARAMETER_FLAG_SILENT,
2717	parsed_parameters->flags & NECP_CLIENT_PARAMETER_FLAG_APPROVED_APP_DOMAIN);
2718
2719	for (i = `0`; i < NECP_MAX_INTERFACE_PARAMETERS && parsed_parameters->prohibited_interfaces[i][`0`]; i++) {
2720	NECP_CLIENT_PARAMS_LOG(client, "Parsed prohibited_interfaces[%d] <%s>", i, parsed_parameters->prohibited_interfaces[i]);
2721	}
2722
2723	for (i = `0`; i < NECP_MAX_AGENT_PARAMETERS && parsed_parameters->required_netagent_types[i].netagent_domain[`0`]; i++) {
2724	NECP_CLIENT_PARAMS_LOG(client, "Parsed required_netagent_types[%d] <%s> <%s>", i,
2725	parsed_parameters->required_netagent_types[i].netagent_domain,
2726	parsed_parameters->required_netagent_types[i].netagent_type);
2727	}
2728	for (i = `0`; i < NECP_MAX_AGENT_PARAMETERS && parsed_parameters->prohibited_netagent_types[i].netagent_domain[`0`]; i++) {
2729	NECP_CLIENT_PARAMS_LOG(client, "Parsed prohibited_netagent_types[%d] <%s> <%s>", i,
2730	parsed_parameters->prohibited_netagent_types[i].netagent_domain,
2731	parsed_parameters->prohibited_netagent_types[i].netagent_type);
2732	}
2733	for (i = `0`; i < NECP_MAX_AGENT_PARAMETERS && parsed_parameters->preferred_netagent_types[i].netagent_domain[`0`]; i++) {
2734	NECP_CLIENT_PARAMS_LOG(client, "Parsed preferred_netagent_types[%d] <%s> <%s>", i,
2735	parsed_parameters->preferred_netagent_types[i].netagent_domain,
2736	parsed_parameters->preferred_netagent_types[i].netagent_type);
2737	}
2738	for (i = `0`; i < NECP_MAX_AGENT_PARAMETERS && parsed_parameters->avoided_netagent_types[i].netagent_domain[`0`]; i++) {
2739	NECP_CLIENT_PARAMS_LOG(client, "Parsed avoided_netagent_types[%d] <%s> <%s>", i,
2740	parsed_parameters->avoided_netagent_types[i].netagent_domain,
2741	parsed_parameters->avoided_netagent_types[i].netagent_type);
2742	}
2743
2744	for (i = `0`; i < NECP_MAX_AGENT_PARAMETERS && !uuid_is_null(uu: parsed_parameters->required_netagents[i]); i++) {
2745	uuid_unparse_lower(uu: parsed_parameters->required_netagents[i], out: uuid_str);
2746	NECP_CLIENT_PARAMS_LOG(client, "Parsed required_netagents[%d] <%s>", i, uuid_str);
2747	}
2748	for (i = `0`; i < NECP_MAX_AGENT_PARAMETERS && !uuid_is_null(uu: parsed_parameters->prohibited_netagents[i]); i++) {
2749	uuid_unparse_lower(uu: parsed_parameters->prohibited_netagents[i], out: uuid_str);
2750	NECP_CLIENT_PARAMS_LOG(client, "Parsed prohibited_netagents[%d] <%s>", i, uuid_str);
2751	}
2752	for (i = `0`; i < NECP_MAX_AGENT_PARAMETERS && !uuid_is_null(uu: parsed_parameters->preferred_netagents[i]); i++) {
2753	uuid_unparse_lower(uu: parsed_parameters->preferred_netagents[i], out: uuid_str);
2754	NECP_CLIENT_PARAMS_LOG(client, "Parsed preferred_netagents[%d] <%s>", i, uuid_str);
2755	}
2756	for (i = `0`; i < NECP_MAX_AGENT_PARAMETERS && !uuid_is_null(uu: parsed_parameters->avoided_netagents[i]); i++) {
2757	uuid_unparse_lower(uu: parsed_parameters->avoided_netagents[i], out: uuid_str);
2758	NECP_CLIENT_PARAMS_LOG(client, "Parsed avoided_netagents[%d] <%s>", i, uuid_str);
2759	}
2760	}
2761
2762	static bool
2763	necp_client_strings_are_equal(const char *string1, size_t string1_length,
2764	const char *string2, size_t string2_length)
2765	{
2766	if (string1 == NULL \|\| string2 == NULL) {
2767	return false;
2768	}
2769	const size_t string1_actual_length = strnlen(s: string1, n: string1_length);
2770	const size_t string2_actual_length = strnlen(s: string2, n: string2_length);
2771	if (string1_actual_length != string2_actual_length) {
2772	return false;
2773	}
2774	return strncmp(s1: string1, s2: string2, n: string1_actual_length) == `0`;
2775	}
2776
2777	static int
2778	necp_client_parse_parameters(struct necp_client client, u_int8_t parameters,
2779	u_int32_t parameters_size,
2780	struct necp_client_parsed_parameters *parsed_parameters)
2781	{
2782	int error = `0`;
2783	size_t offset = `0`;
2784
2785	u_int32_t num_prohibited_interfaces = `0`;
2786	u_int32_t num_prohibited_interface_types = `0`;
2787	u_int32_t num_required_agents = `0`;
2788	u_int32_t num_prohibited_agents = `0`;
2789	u_int32_t num_preferred_agents = `0`;
2790	u_int32_t num_avoided_agents = `0`;
2791	u_int32_t num_required_agent_types = `0`;
2792	u_int32_t num_prohibited_agent_types = `0`;
2793	u_int32_t num_preferred_agent_types = `0`;
2794	u_int32_t num_avoided_agent_types = `0`;
2795	u_int8_t *resolver_tag = NULL;
2796	u_int32_t resolver_tag_length = `0`;
2797	u_int8_t *client_hostname = NULL;
2798	u_int32_t hostname_length = `0`;
2799	uuid_t parent_id = {};
2800
2801	if (parsed_parameters == NULL) {
2802	return EINVAL;
2803	}
2804
2805	memset(s: parsed_parameters, c: `0`, n: sizeof(struct necp_client_parsed_parameters));
2806
2807	while ((offset + sizeof(struct necp_tlv_header)) <= parameters_size) {
2808	u_int8_t type = necp_buffer_get_tlv_type(buffer: parameters, tlv_offset: offset);
2809	u_int32_t length = necp_buffer_get_tlv_length(buffer: parameters, tlv_offset: offset);
2810
2811	if (length > (parameters_size - (offset + sizeof(struct necp_tlv_header)))) {
2812	// If the length is larger than what can fit in the remaining parameters size, bail
2813	NECPLOG(LOG_ERR, "Invalid TLV length (%u)", length);
2814	break;
2815	}
2816
2817	if (length > `0`) {
2818	u_int8_t *value = necp_buffer_get_tlv_value(buffer: parameters, tlv_offset: offset, NULL);
2819	if (value != NULL) {
2820	switch (type) {
2821	case NECP_CLIENT_PARAMETER_BOUND_INTERFACE: {
2822	if (length <= IFXNAMSIZ && length > `0`) {
2823	ifnet_t bound_interface = NULL;
2824	char interface_name[IFXNAMSIZ];
2825	memcpy(dst: interface_name, src: value, n: length);
2826	interface_name[length - `1`] = `0`; // Make sure the string is NULL terminated
2827	if (ifnet_find_by_name(ifname: interface_name, interface: &bound_interface) == `0`) {
2828	parsed_parameters->required_interface_index = bound_interface->if_index;
2829	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_REQUIRED_IF;
2830	ifnet_release(interface: bound_interface);
2831	}
2832	}
2833	break;
2834	}
2835	case NECP_CLIENT_PARAMETER_LOCAL_ADDRESS: {
2836	if (length >= sizeof(struct necp_policy_condition_addr)) {
2837	struct necp_policy_condition_addr address_struct = (struct* necp_policy_condition_addr )(void* *)value;
2838	if (necp_client_address_is_valid(&address_struct->address.sa)) {
2839	memcpy(dst: &parsed_parameters->local_addr, src: &address_struct->address, n: sizeof(address_struct->address));
2840	if (!necp_address_is_wildcard(addr: &parsed_parameters->local_addr)) {
2841	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_LOCAL_ADDR;
2842	}
2843	if ((parsed_parameters->local_addr.sa.sa_family == AF_INET && parsed_parameters->local_addr.sin.sin_port) \|\|
2844	(parsed_parameters->local_addr.sa.sa_family == AF_INET6 && parsed_parameters->local_addr.sin6.sin6_port)) {
2845	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_LOCAL_PORT;
2846	}
2847	}
2848	}
2849	break;
2850	}
2851	case NECP_CLIENT_PARAMETER_LOCAL_ENDPOINT: {
2852	if (length >= sizeof(struct necp_client_endpoint)) {
2853	struct necp_client_endpoint endpoint = (struct* necp_client_endpoint )(void* *)value;
2854	if (necp_client_address_is_valid(&endpoint->u.sa)) {
2855	memcpy(dst: &parsed_parameters->local_addr, src: &endpoint->u.sa, n: sizeof(union necp_sockaddr_union));
2856	if (!necp_address_is_wildcard(addr: &parsed_parameters->local_addr)) {
2857	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_LOCAL_ADDR;
2858	}
2859	if ((parsed_parameters->local_addr.sa.sa_family == AF_INET && parsed_parameters->local_addr.sin.sin_port) \|\|
2860	(parsed_parameters->local_addr.sa.sa_family == AF_INET6 && parsed_parameters->local_addr.sin6.sin6_port)) {
2861	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_LOCAL_PORT;
2862	}
2863	}
2864	}
2865	break;
2866	}
2867	case NECP_CLIENT_PARAMETER_REMOTE_ADDRESS: {
2868	if (length >= sizeof(struct necp_policy_condition_addr)) {
2869	struct necp_policy_condition_addr address_struct = (struct* necp_policy_condition_addr )(void* *)value;
2870	if (necp_client_address_is_valid(&address_struct->address.sa)) {
2871	memcpy(dst: &parsed_parameters->remote_addr, src: &address_struct->address, n: sizeof(address_struct->address));
2872	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_REMOTE_ADDR;
2873	}
2874	}
2875	break;
2876	}
2877	case NECP_CLIENT_PARAMETER_REMOTE_ENDPOINT: {
2878	if (length >= sizeof(struct necp_client_endpoint)) {
2879	struct necp_client_endpoint endpoint = (struct* necp_client_endpoint )(void* *)value;
2880	if (necp_client_address_is_valid(&endpoint->u.sa)) {
2881	memcpy(dst: &parsed_parameters->remote_addr, src: &endpoint->u.sa, n: sizeof(union necp_sockaddr_union));
2882	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_REMOTE_ADDR;
2883	}
2884	}
2885	break;
2886	}
2887	case NECP_CLIENT_PARAMETER_PROHIBIT_INTERFACE: {
2888	if (num_prohibited_interfaces >= NECP_MAX_INTERFACE_PARAMETERS) {
2889	break;
2890	}
2891	if (length <= IFXNAMSIZ && length > `0`) {
2892	memcpy(dst: parsed_parameters->prohibited_interfaces[num_prohibited_interfaces], src: value, n: length);
2893	parsed_parameters->prohibited_interfaces[num_prohibited_interfaces][length - `1`] = `0`; // Make sure the string is NULL terminated
2894	num_prohibited_interfaces++;
2895	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_PROHIBITED_IF;
2896	}
2897	break;
2898	}
2899	case NECP_CLIENT_PARAMETER_REQUIRE_IF_TYPE: {
2900	if (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_REQUIRED_IFTYPE) {
2901	break;
2902	}
2903	if (length >= sizeof(u_int8_t)) {
2904	memcpy(dst: &parsed_parameters->required_interface_type, src: value, n: sizeof(u_int8_t));
2905	if (parsed_parameters->required_interface_type) {
2906	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_REQUIRED_IFTYPE;
2907	}
2908	}
2909	break;
2910	}
2911	case NECP_CLIENT_PARAMETER_PROHIBIT_IF_TYPE: {
2912	if (num_prohibited_interface_types >= NECP_MAX_INTERFACE_PARAMETERS) {
2913	break;
2914	}
2915	if (length >= sizeof(u_int8_t)) {
2916	memcpy(dst: &parsed_parameters->prohibited_interface_types[num_prohibited_interface_types], src: value, n: sizeof(u_int8_t));
2917	num_prohibited_interface_types++;
2918	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_PROHIBITED_IFTYPE;
2919	}
2920	break;
2921	}
2922	case NECP_CLIENT_PARAMETER_REQUIRE_AGENT: {
2923	if (num_required_agents >= NECP_MAX_AGENT_PARAMETERS) {
2924	break;
2925	}
2926	if (length >= sizeof(uuid_t)) {
2927	memcpy(dst: &parsed_parameters->required_netagents[num_required_agents], src: value, n: sizeof(uuid_t));
2928	num_required_agents++;
2929	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_REQUIRED_AGENT;
2930	}
2931	break;
2932	}
2933	case NECP_CLIENT_PARAMETER_PROHIBIT_AGENT: {
2934	if (num_prohibited_agents >= NECP_MAX_AGENT_PARAMETERS) {
2935	break;
2936	}
2937	if (length >= sizeof(uuid_t)) {
2938	memcpy(dst: &parsed_parameters->prohibited_netagents[num_prohibited_agents], src: value, n: sizeof(uuid_t));
2939	num_prohibited_agents++;
2940	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_PROHIBITED_AGENT;
2941	}
2942	break;
2943	}
2944	case NECP_CLIENT_PARAMETER_PREFER_AGENT: {
2945	if (num_preferred_agents >= NECP_MAX_AGENT_PARAMETERS) {
2946	break;
2947	}
2948	if (length >= sizeof(uuid_t)) {
2949	memcpy(dst: &parsed_parameters->preferred_netagents[num_preferred_agents], src: value, n: sizeof(uuid_t));
2950	num_preferred_agents++;
2951	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_PREFERRED_AGENT;
2952	}
2953	break;
2954	}
2955	case NECP_CLIENT_PARAMETER_AVOID_AGENT: {
2956	if (num_avoided_agents >= NECP_MAX_AGENT_PARAMETERS) {
2957	break;
2958	}
2959	if (length >= sizeof(uuid_t)) {
2960	memcpy(dst: &parsed_parameters->avoided_netagents[num_avoided_agents], src: value, n: sizeof(uuid_t));
2961	num_avoided_agents++;
2962	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_AVOIDED_AGENT;
2963	}
2964	break;
2965	}
2966	case NECP_CLIENT_PARAMETER_REQUIRE_AGENT_TYPE: {
2967	if (num_required_agent_types >= NECP_MAX_AGENT_PARAMETERS) {
2968	break;
2969	}
2970	if (length >= sizeof(struct necp_client_parameter_netagent_type)) {
2971	memcpy(dst: &parsed_parameters->required_netagent_types[num_required_agent_types], src: value, n: sizeof(struct necp_client_parameter_netagent_type));
2972	num_required_agent_types++;
2973	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_REQUIRED_AGENT_TYPE;
2974	}
2975	break;
2976	}
2977	case NECP_CLIENT_PARAMETER_PROHIBIT_AGENT_TYPE: {
2978	if (num_prohibited_agent_types >= NECP_MAX_AGENT_PARAMETERS) {
2979	break;
2980	}
2981	if (length >= sizeof(struct necp_client_parameter_netagent_type)) {
2982	memcpy(dst: &parsed_parameters->prohibited_netagent_types[num_prohibited_agent_types], src: value, n: sizeof(struct necp_client_parameter_netagent_type));
2983	num_prohibited_agent_types++;
2984	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_PROHIBITED_AGENT_TYPE;
2985	}
2986	break;
2987	}
2988	case NECP_CLIENT_PARAMETER_PREFER_AGENT_TYPE: {
2989	if (num_preferred_agent_types >= NECP_MAX_AGENT_PARAMETERS) {
2990	break;
2991	}
2992	if (length >= sizeof(struct necp_client_parameter_netagent_type)) {
2993	memcpy(dst: &parsed_parameters->preferred_netagent_types[num_preferred_agent_types], src: value, n: sizeof(struct necp_client_parameter_netagent_type));
2994	num_preferred_agent_types++;
2995	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_PREFERRED_AGENT_TYPE;
2996	}
2997	break;
2998	}
2999	case NECP_CLIENT_PARAMETER_AVOID_AGENT_TYPE: {
3000	if (num_avoided_agent_types >= NECP_MAX_AGENT_PARAMETERS) {
3001	break;
3002	}
3003	if (length >= sizeof(struct necp_client_parameter_netagent_type)) {
3004	memcpy(dst: &parsed_parameters->avoided_netagent_types[num_avoided_agent_types], src: value, n: sizeof(struct necp_client_parameter_netagent_type));
3005	num_avoided_agent_types++;
3006	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_AVOIDED_AGENT_TYPE;
3007	}
3008	break;
3009	}
3010	case NECP_CLIENT_PARAMETER_FLAGS: {
3011	if (length >= sizeof(u_int32_t)) {
3012	memcpy(dst: &parsed_parameters->flags, src: value, n: sizeof(parsed_parameters->flags));
3013	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_FLAGS;
3014	}
3015	break;
3016	}
3017	case NECP_CLIENT_PARAMETER_IP_PROTOCOL: {
3018	if (length == sizeof(u_int16_t)) {
3019	u_int16_t large_ip_protocol = `0`;
3020	memcpy(dst: &large_ip_protocol, src: value, n: sizeof(large_ip_protocol));
3021	parsed_parameters->ip_protocol = (u_int8_t)large_ip_protocol;
3022	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_IP_PROTOCOL;
3023	} else if (length >= sizeof(parsed_parameters->ip_protocol)) {
3024	memcpy(dst: &parsed_parameters->ip_protocol, src: value, n: sizeof(parsed_parameters->ip_protocol));
3025	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_IP_PROTOCOL;
3026	}
3027	break;
3028	}
3029	case NECP_CLIENT_PARAMETER_TRANSPORT_PROTOCOL: {
3030	if (length >= sizeof(parsed_parameters->transport_protocol)) {
3031	memcpy(dst: &parsed_parameters->transport_protocol, src: value, n: sizeof(parsed_parameters->transport_protocol));
3032	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_TRANSPORT_PROTOCOL;
3033	}
3034	break;
3035	}
3036	case NECP_CLIENT_PARAMETER_PID: {
3037	if (length >= sizeof(parsed_parameters->effective_pid)) {
3038	memcpy(dst: &parsed_parameters->effective_pid, src: value, n: sizeof(parsed_parameters->effective_pid));
3039	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_EFFECTIVE_PID;
3040	}
3041	break;
3042	}
3043	case NECP_CLIENT_PARAMETER_DELEGATED_UPID: {
3044	if (length >= sizeof(parsed_parameters->delegated_upid)) {
3045	memcpy(dst: &parsed_parameters->delegated_upid, src: value, n: sizeof(parsed_parameters->delegated_upid));
3046	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_DELEGATED_UPID;
3047	}
3048	break;
3049	}
3050	case NECP_CLIENT_PARAMETER_ETHERTYPE: {
3051	if (length >= sizeof(parsed_parameters->ethertype)) {
3052	memcpy(dst: &parsed_parameters->ethertype, src: value, n: sizeof(parsed_parameters->ethertype));
3053	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_ETHERTYPE;
3054	}
3055	break;
3056	}
3057	case NECP_CLIENT_PARAMETER_APPLICATION: {
3058	if (length >= sizeof(parsed_parameters->effective_uuid)) {
3059	memcpy(dst: &parsed_parameters->effective_uuid, src: value, n: sizeof(parsed_parameters->effective_uuid));
3060	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_EFFECTIVE_UUID;
3061	}
3062	break;
3063	}
3064	case NECP_CLIENT_PARAMETER_TRAFFIC_CLASS: {
3065	if (length >= sizeof(parsed_parameters->traffic_class)) {
3066	memcpy(dst: &parsed_parameters->traffic_class, src: value, n: sizeof(parsed_parameters->traffic_class));
3067	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_TRAFFIC_CLASS;
3068	}
3069	break;
3070	}
3071	case NECP_CLIENT_PARAMETER_RESOLVER_TAG: {
3072	if (length > `0`) {
3073	if (resolver_tag != NULL) {
3074	// Multiple resolver tags is invalid
3075	NECPLOG0(LOG_ERR, "Multiple resolver tags are not supported");
3076	error = EINVAL;
3077	} else {
3078	resolver_tag = (u_int8_t *)value;
3079	resolver_tag_length = length;
3080	}
3081	}
3082	break;
3083	}
3084	case NECP_CLIENT_PARAMETER_DOMAIN: {
3085	if (length > `0`) {
3086	client_hostname = (u_int8_t *)value;
3087	hostname_length = length;
3088	}
3089	break;
3090	}
3091	case NECP_CLIENT_PARAMETER_PARENT_ID: {
3092	if (length == sizeof(parent_id)) {
3093	uuid_copy(dst: parent_id, src: value);
3094	memcpy(dst: &parsed_parameters->parent_uuid, src: value, n: sizeof(parsed_parameters->parent_uuid));
3095	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_PARENT_UUID;
3096	}
3097	break;
3098	}
3099	case NECP_CLIENT_PARAMETER_LOCAL_ADDRESS_PREFERENCE: {
3100	if (length >= sizeof(parsed_parameters->local_address_preference)) {
3101	memcpy(dst: &parsed_parameters->local_address_preference, src: value, n: sizeof(parsed_parameters->local_address_preference));
3102	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_LOCAL_ADDR_PREFERENCE;
3103	}
3104	break;
3105	}
3106	case NECP_CLIENT_PARAMETER_ATTRIBUTED_BUNDLE_IDENTIFIER: {
3107	if (length > `0`) {
3108	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_ATTRIBUTED_BUNDLE_IDENTIFIER;
3109	}
3110	break;
3111	}
3112	case NECP_CLIENT_PARAMETER_FLOW_DEMUX_PATTERN: {
3113	if (parsed_parameters->demux_pattern_count >= NECP_MAX_DEMUX_PATTERNS) {
3114	break;
3115	}
3116	if (length >= sizeof(struct necp_demux_pattern)) {
3117	memcpy(dst: &parsed_parameters->demux_patterns[parsed_parameters->demux_pattern_count], src: value, n: sizeof(struct necp_demux_pattern));
3118	parsed_parameters->demux_pattern_count++;
3119	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_FLOW_DEMUX_PATTERN;
3120	}
3121	break;
3122	}
3123	case NECP_CLIENT_PARAMETER_APPLICATION_ID: {
3124	if (length >= sizeof(necp_application_id_t)) {
3125	necp_application_id_t application_id = (necp_application_id_t )(void *)value;
3126	// UID
3127	parsed_parameters->uid = application_id->uid;
3128	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_UID;
3129	// EUUID
3130	uuid_copy(dst: parsed_parameters->effective_uuid, src: application_id->effective_uuid);
3131	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_EFFECTIVE_UUID;
3132	// PERSONA
3133	parsed_parameters->persona_id = application_id->persona_id;
3134	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_PERSONA_ID;
3135	}
3136	break;
3137	}
3138	default: {
3139	break;
3140	}
3141	}
3142	}
3143
3144	if (NECP_ENABLE_CLIENT_TRACE(NECP_CLIENT_TRACE_LEVEL_PARAMS)) {
3145	necp_client_trace_parameter_parsing(client, type, value, length);
3146	}
3147	}
3148
3149	offset += sizeof(struct necp_tlv_header) + length;
3150	}
3151
3152	if (resolver_tag != NULL) {
3153	struct necp_client_validatable validatable = (struct* necp_client_validatable *)resolver_tag;
3154	if (resolver_tag_length <= sizeof(struct necp_client_validatable)) {
3155	error = EINVAL;
3156	NECPLOG(LOG_ERR, "Resolver tag length too short: %u", resolver_tag_length);
3157	} else {
3158	bool matches = true;
3159
3160	// Check the client UUID for client-specific results
3161	if (validatable->signable.sign_type == NECP_CLIENT_SIGN_TYPE_RESOLVER_ANSWER \|\|
3162	validatable->signable.sign_type == NECP_CLIENT_SIGN_TYPE_BROWSE_RESULT \|\|
3163	validatable->signable.sign_type == NECP_CLIENT_SIGN_TYPE_SERVICE_RESOLVER_ANSWER) {
3164	if (uuid_compare(uu1: parent_id, uu2: validatable->signable.client_id) != `0` &&
3165	uuid_compare(uu1: client->client_id, uu2: validatable->signable.client_id) != `0`) {
3166	NECPLOG0(LOG_ERR, "Resolver tag invalid client ID");
3167	matches = false;
3168	}
3169	}
3170
3171	size_t data_length = resolver_tag_length - sizeof(struct necp_client_validatable);
3172	switch (validatable->signable.sign_type) {
3173	case NECP_CLIENT_SIGN_TYPE_RESOLVER_ANSWER:
3174	case NECP_CLIENT_SIGN_TYPE_SYSTEM_RESOLVER_ANSWER: {
3175	if (data_length < (sizeof(struct necp_client_host_resolver_answer) - sizeof(struct necp_client_signable))) {
3176	NECPLOG0(LOG_ERR, "Resolver tag invalid length for resolver answer");
3177	matches = false;
3178	} else {
3179	struct necp_client_host_resolver_answer answer_struct = (struct* necp_client_host_resolver_answer *)&validatable->signable;
3180	if (data_length != (sizeof(struct necp_client_host_resolver_answer) + answer_struct->hostname_length - sizeof(struct necp_client_signable))) {
3181	NECPLOG0(LOG_ERR, "Resolver tag invalid length for resolver answer");
3182	matches = false;
3183	} else {
3184	if (answer_struct->hostname_length != `0` && // If the hostname on the signed answer is empty, ignore
3185	!necp_client_strings_are_equal(string1: (const char *)client_hostname, string1_length: hostname_length,
3186	string2: answer_struct->hostname, string2_length: answer_struct->hostname_length)) {
3187	NECPLOG0(LOG_ERR, "Resolver tag hostname does not match");
3188	matches = false;
3189	} else if (answer_struct->address_answer.sa.sa_family != parsed_parameters->remote_addr.sa.sa_family \|\|
3190	answer_struct->address_answer.sa.sa_len != parsed_parameters->remote_addr.sa.sa_len) {
3191	NECPLOG0(LOG_ERR, "Resolver tag address type does not match");
3192	matches = false;
3193	} else if (answer_struct->address_answer.sin.sin_port != `0` && // If the port on the signed answer is empty, ignore
3194	answer_struct->address_answer.sin.sin_port != parsed_parameters->remote_addr.sin.sin_port) {
3195	NECPLOG0(LOG_ERR, "Resolver tag port does not match");
3196	matches = false;
3197	} else if ((answer_struct->address_answer.sa.sa_family == AF_INET &&
3198	answer_struct->address_answer.sin.sin_addr.s_addr != parsed_parameters->remote_addr.sin.sin_addr.s_addr) \|\|
3199	(answer_struct->address_answer.sa.sa_family == AF_INET6 &&
3200	memcmp(s1: &answer_struct->address_answer.sin6.sin6_addr, s2: &parsed_parameters->remote_addr.sin6.sin6_addr, n: sizeof(struct in6_addr)) != `0`)) {
3201	NECPLOG0(LOG_ERR, "Resolver tag address does not match");
3202	matches = false;
3203	}
3204	}
3205	}
3206	break;
3207	}
3208	case NECP_CLIENT_SIGN_TYPE_BROWSE_RESULT:
3209	case NECP_CLIENT_SIGN_TYPE_SYSTEM_BROWSE_RESULT: {
3210	if (data_length < (sizeof(struct necp_client_browse_result) - sizeof(struct necp_client_signable))) {
3211	NECPLOG0(LOG_ERR, "Resolver tag invalid length for browse result");
3212	matches = false;
3213	} else {
3214	struct necp_client_browse_result answer_struct = (struct* necp_client_browse_result *)&validatable->signable;
3215	if (data_length != (sizeof(struct necp_client_browse_result) + answer_struct->service_length - sizeof(struct necp_client_signable))) {
3216	NECPLOG0(LOG_ERR, "Resolver tag invalid length for browse result");
3217	matches = false;
3218	}
3219	}
3220	break;
3221	}
3222	case NECP_CLIENT_SIGN_TYPE_SERVICE_RESOLVER_ANSWER:
3223	case NECP_CLIENT_SIGN_TYPE_SYSTEM_SERVICE_RESOLVER_ANSWER: {
3224	if (data_length < (sizeof(struct necp_client_service_resolver_answer) - sizeof(struct necp_client_signable))) {
3225	NECPLOG0(LOG_ERR, "Resolver tag invalid length for service resolver answer");
3226	matches = false;
3227	} else {
3228	struct necp_client_service_resolver_answer answer_struct = (struct* necp_client_service_resolver_answer *)&validatable->signable;
3229	if (data_length != (sizeof(struct necp_client_service_resolver_answer) + answer_struct->service_length + answer_struct->hostname_length - sizeof(struct necp_client_signable))) {
3230	NECPLOG0(LOG_ERR, "Resolver tag invalid length for service resolver answer");
3231	matches = false;
3232	}
3233	}
3234	break;
3235	}
3236	default: {
3237	NECPLOG(LOG_ERR, "Resolver tag unknown sign type: %u", validatable->signable.sign_type);
3238	matches = false;
3239	break;
3240	}
3241	}
3242	if (!matches) {
3243	error = EAUTH;
3244	} else {
3245	const bool validated = necp_validate_resolver_answer(client_id: validatable->signable.client_id,
3246	sign_type: validatable->signable.sign_type,
3247	data: validatable->signable.signable_data, data_length,
3248	tag: validatable->signature.signed_tag, tag_length: sizeof(validatable->signature.signed_tag));
3249	if (!validated) {
3250	error = EAUTH;
3251	NECPLOG0(LOG_ERR, "Failed to validate resolve answer");
3252	}
3253	}
3254	}
3255	}
3256
3257	if (NECP_ENABLE_CLIENT_TRACE(NECP_CLIENT_TRACE_LEVEL_PARAMS)) {
3258	necp_client_trace_parsed_parameters(client, parsed_parameters);
3259	}
3260
3261	return error;
3262	}
3263
3264	static int
3265	necp_client_parse_result(u_int8_t *result,
3266	u_int32_t result_size,
3267	union necp_sockaddr_union *local_address,
3268	union necp_sockaddr_union *remote_address,
3269	void **flow_stats)
3270	{
3271	#pragma unused(flow_stats)
3272	int error = `0`;
3273	size_t offset = `0`;
3274
3275	while ((offset + sizeof(struct necp_tlv_header)) <= result_size) {
3276	u_int8_t type = necp_buffer_get_tlv_type(buffer: result, tlv_offset: offset);
3277	u_int32_t length = necp_buffer_get_tlv_length(buffer: result, tlv_offset: offset);
3278
3279	if (length > `0` && (offset + sizeof(struct necp_tlv_header) + length) <= result_size) {
3280	u_int8_t *value = necp_buffer_get_tlv_value(buffer: result, tlv_offset: offset, NULL);
3281	if (value != NULL) {
3282	switch (type) {
3283	case NECP_CLIENT_RESULT_LOCAL_ENDPOINT: {
3284	if (length >= sizeof(struct necp_client_endpoint)) {
3285	struct necp_client_endpoint endpoint = (struct* necp_client_endpoint )(void* *)value;
3286	if (local_address != NULL && necp_client_address_is_valid(&endpoint->u.sa)) {
3287	memcpy(dst: local_address, src: &endpoint->u.sa, n: endpoint->u.sa.sa_len);
3288	}
3289	}
3290	break;
3291	}
3292	case NECP_CLIENT_RESULT_REMOTE_ENDPOINT: {
3293	if (length >= sizeof(struct necp_client_endpoint)) {
3294	struct necp_client_endpoint endpoint = (struct* necp_client_endpoint )(void* *)value;
3295	if (remote_address != NULL && necp_client_address_is_valid(&endpoint->u.sa)) {
3296	memcpy(dst: remote_address, src: &endpoint->u.sa, n: endpoint->u.sa.sa_len);
3297	}
3298	}
3299	break;
3300	}
3301	#if SKYWALK
3302	case NECP_CLIENT_RESULT_NEXUS_FLOW_STATS: {
3303	// this TLV contains flow_stats pointer which is refcnt'ed.
3304	if (flow_stats != NULL && length >= sizeof(struct sk_stats_flow *)) {
3305	struct flow_stats fs = (void *)(void* *)value;
3306	// transfer the refcnt to flow_stats pointer
3307	*flow_stats = fs;
3308	}
3309	memset(s: value, c: `0`, n: length); // nullify TLV always
3310	break;
3311	}
3312	#endif /* SKYWALK */
3313	default: {
3314	break;
3315	}
3316	}
3317	}
3318	}
3319
3320	offset += sizeof(struct necp_tlv_header) + length;
3321	}
3322
3323	return error;
3324	}
3325
3326	static struct necp_client_flow_registration *
3327	necp_client_create_flow_registration(struct necp_fd_data fd_data, struct* necp_client *client)
3328	{
3329	NECP_FD_ASSERT_LOCKED(fd_data);
3330	NECP_CLIENT_ASSERT_LOCKED(client);
3331
3332	struct necp_client_flow_registration new_registration = kalloc_type(struct* necp_client_flow_registration, Z_WAITOK \| Z_ZERO \| Z_NOFAIL);
3333
3334	new_registration->last_interface_details = combine_interface_details(IFSCOPE_NONE, NSTAT_IFNET_IS_UNKNOWN_TYPE);
3335
3336	necp_generate_client_id(client_id: new_registration->registration_id, true);
3337	LIST_INIT(&new_registration->flow_list);
3338
3339	// Add registration to client list
3340	RB_INSERT(_necp_client_flow_tree, &client->flow_registrations, new_registration);
3341
3342	// Add registration to fd list
3343	RB_INSERT(_necp_fd_flow_tree, &fd_data->flows, new_registration);
3344
3345	// Add registration to global tree for lookup
3346	NECP_FLOW_TREE_LOCK_EXCLUSIVE();
3347	RB_INSERT(_necp_client_flow_global_tree, &necp_client_flow_global_tree, new_registration);
3348	NECP_FLOW_TREE_UNLOCK();
3349
3350	new_registration->client = client;
3351
3352	#if SKYWALK
3353	{
3354	// The uuid caching here is something of a hack, but saves a dynamic lookup with attendant lock hierarchy issues
3355	uint64_t stats_event_type = (uuid_is_null(uu: client->latest_flow_registration_id)) ? NSTAT_EVENT_SRC_FLOW_UUID_ASSIGNED : NSTAT_EVENT_SRC_FLOW_UUID_CHANGED;
3356	uuid_copy(dst: client->latest_flow_registration_id, src: new_registration->registration_id);
3357
3358	// With the flow uuid known, push a new statistics update to ensure the uuid gets known by any clients before the flow can close
3359	if (client->nstat_context != NULL) {
3360	nstat_provider_stats_event(nstat_ctx: client->nstat_context, event: stats_event_type);
3361	}
3362	}
3363	#endif /* !SKYWALK */
3364
3365	// Start out assuming there is nothing to read from the flow
3366	new_registration->flow_result_read = true;
3367
3368	return new_registration;
3369	}
3370
3371	static void
3372	necp_client_add_socket_flow(struct necp_client_flow_registration *flow_registration,
3373	struct inpcb *inp)
3374	{
3375	struct necp_client_flow new_flow = kalloc_type(struct* necp_client_flow, Z_WAITOK \| Z_ZERO \| Z_NOFAIL);
3376
3377	new_flow->socket = TRUE;
3378	new_flow->u.socket_handle = inp;
3379	new_flow->u.cb = inp->necp_cb;
3380
3381	OSIncrementAtomic(&necp_socket_flow_count);
3382
3383	LIST_INSERT_HEAD(&flow_registration->flow_list, new_flow, flow_chain);
3384	}
3385
3386	static int
3387	necp_client_register_socket_inner(pid_t pid, uuid_t client_id, struct inpcb *inp, bool is_listener)
3388	{
3389	int error = `0`;
3390	struct necp_fd_data *client_fd = NULL;
3391	bool found_client = FALSE;
3392
3393	NECP_FD_LIST_LOCK_SHARED();
3394	LIST_FOREACH(client_fd, &necp_fd_list, chain) {
3395	NECP_FD_LOCK(client_fd);
3396	struct necp_client *client = necp_client_fd_find_client_and_lock(client_fd, client_id);
3397	if (client != NULL) {
3398	if (!pid \|\| client->proc_pid == pid) {
3399	if (is_listener) {
3400	found_client = TRUE;
3401	#if SKYWALK
3402	// Check netns token for registration
3403	if (!NETNS_TOKEN_VALID(&client->port_reservation)) {
3404	error = EINVAL;
3405	}
3406	#endif /* !SKYWALK */
3407	} else {
3408	// Find client flow and assign from socket
3409	struct necp_client_flow_registration *flow_registration = necp_client_find_flow(client, flow_id: client_id);
3410	if (flow_registration != NULL) {
3411	// Found the right client and flow registration, add a new flow
3412	found_client = TRUE;
3413	necp_client_add_socket_flow(flow_registration, inp);
3414	} else if (RB_EMPTY(&client->flow_registrations) && !necp_client_id_is_flow(client_id)) {
3415	// No flows yet on this client, add a new registration
3416	flow_registration = necp_client_create_flow_registration(fd_data: client_fd, client);
3417	if (flow_registration == NULL) {
3418	error = ENOMEM;
3419	} else {
3420	// Add a new flow
3421	found_client = TRUE;
3422	necp_client_add_socket_flow(flow_registration, inp);
3423	}
3424	}
3425	}
3426	}
3427
3428	NECP_CLIENT_UNLOCK(client);
3429	}
3430	NECP_FD_UNLOCK(client_fd);
3431
3432	if (found_client) {
3433	break;
3434	}
3435	}
3436	NECP_FD_LIST_UNLOCK();
3437
3438	if (!found_client) {
3439	error = ENOENT;
3440	} else {
3441	// Count the sockets that have the NECP client UUID set
3442	struct socket *so = inp->inp_socket;
3443	if (!(so->so_flags1 & SOF1_HAS_NECP_CLIENT_UUID)) {
3444	so->so_flags1 \|= SOF1_HAS_NECP_CLIENT_UUID;
3445	INC_ATOMIC_INT64_LIM(net_api_stats.nas_socket_necp_clientuuid_total);
3446	}
3447	}
3448
3449	return error;
3450	}
3451
3452	int
3453	necp_client_register_socket_flow(pid_t pid, uuid_t client_id, struct inpcb *inp)
3454	{
3455	return necp_client_register_socket_inner(pid, client_id, inp, false);
3456	}
3457
3458	int
3459	necp_client_register_socket_listener(pid_t pid, uuid_t client_id, struct inpcb *inp)
3460	{
3461	return necp_client_register_socket_inner(pid, client_id, inp, true);
3462	}
3463
3464	#if SKYWALK
3465	int
3466	necp_client_get_netns_flow_info(uuid_t client_id, struct ns_flow_info *flow_info)
3467	{
3468	int error = `0`;
3469	struct necp_fd_data *client_fd = NULL;
3470	bool found_client = FALSE;
3471
3472	NECP_FD_LIST_LOCK_SHARED();
3473	LIST_FOREACH(client_fd, &necp_fd_list, chain) {
3474	NECP_FD_LOCK(client_fd);
3475	struct necp_client *client = necp_client_fd_find_client_and_lock(client_fd, client_id);
3476	if (client != NULL) {
3477	found_client = TRUE;
3478	if (!NETNS_TOKEN_VALID(&client->port_reservation)) {
3479	error = EINVAL;
3480	} else {
3481	error = netns_get_flow_info(token: &client->port_reservation, nfi: flow_info);
3482	}
3483
3484	NECP_CLIENT_UNLOCK(client);
3485	}
3486	NECP_FD_UNLOCK(client_fd);
3487
3488	if (found_client) {
3489	break;
3490	}
3491	}
3492	NECP_FD_LIST_UNLOCK();
3493
3494	if (!found_client) {
3495	error = ENOENT;
3496	}
3497
3498	return error;
3499	}
3500	#endif /* !SKYWALK */
3501
3502	static void
3503	necp_client_add_multipath_interface_flows(struct necp_client_flow_registration *flow_registration,
3504	struct necp_client *client,
3505	struct mppcb *mpp)
3506	{
3507	flow_registration->interface_handle = mpp;
3508	flow_registration->interface_cb = mpp->necp_cb;
3509
3510	proc_t proc = proc_find(pid: client->proc_pid);
3511	if (proc == PROC_NULL) {
3512	return;
3513	}
3514
3515	// Traverse all interfaces and add a tracking flow if needed
3516	necp_flow_add_interface_flows(proc, client, flow_registration, true);
3517
3518	proc_rele(p: proc);
3519	proc = PROC_NULL;
3520	}
3521
3522	int
3523	necp_client_register_multipath_cb(pid_t pid, uuid_t client_id, struct mppcb *mpp)
3524	{
3525	int error = `0`;
3526	struct necp_fd_data *client_fd = NULL;
3527	bool found_client = FALSE;
3528
3529	NECP_FD_LIST_LOCK_SHARED();
3530	LIST_FOREACH(client_fd, &necp_fd_list, chain) {
3531	NECP_FD_LOCK(client_fd);
3532	struct necp_client *client = necp_client_fd_find_client_and_lock(client_fd, client_id);
3533	if (client != NULL) {
3534	if (!pid \|\| client->proc_pid == pid) {
3535	struct necp_client_flow_registration *flow_registration = necp_client_find_flow(client, flow_id: client_id);
3536	if (flow_registration != NULL) {
3537	// Found the right client and flow registration, add a new flow
3538	found_client = TRUE;
3539	necp_client_add_multipath_interface_flows(flow_registration, client, mpp);
3540	} else if (RB_EMPTY(&client->flow_registrations) && !necp_client_id_is_flow(client_id)) {
3541	// No flows yet on this client, add a new registration
3542	flow_registration = necp_client_create_flow_registration(fd_data: client_fd, client);
3543	if (flow_registration == NULL) {
3544	error = ENOMEM;
3545	} else {
3546	// Add a new flow
3547	found_client = TRUE;
3548	necp_client_add_multipath_interface_flows(flow_registration, client, mpp);
3549	}
3550	}
3551	}
3552
3553	NECP_CLIENT_UNLOCK(client);
3554	}
3555	NECP_FD_UNLOCK(client_fd);
3556
3557	if (found_client) {
3558	break;
3559	}
3560	}
3561	NECP_FD_LIST_UNLOCK();
3562
3563	if (!found_client && error == `0`) {
3564	error = ENOENT;
3565	}
3566
3567	return error;
3568	}
3569
3570	#define NETAGENT_DOMAIN_RADIO_MANAGER "WirelessRadioManager"
3571	#define NETAGENT_TYPE_RADIO_MANAGER "WirelessRadioManager:BB Manager"
3572
3573	static int
3574	necp_client_lookup_bb_radio_manager(struct necp_client *client,
3575	uuid_t netagent_uuid)
3576	{
3577	char netagent_domain[NETAGENT_DOMAINSIZE];
3578	char netagent_type[NETAGENT_TYPESIZE];
3579	struct necp_aggregate_result result;
3580	proc_t proc;
3581	int error;
3582
3583	proc = proc_find(pid: client->proc_pid);
3584	if (proc == PROC_NULL) {
3585	return ESRCH;
3586	}
3587
3588	error = necp_application_find_policy_match_internal(proc, parameters: client->parameters, parameters_size: (u_int32_t)client->parameters_length,
3589	returned_result: &result, NULL, NULL, required_interface_index: `0`, NULL, NULL, NULL, NULL, NULL, true, true, NULL);
3590
3591	proc_rele(p: proc);
3592	proc = PROC_NULL;
3593
3594	if (error) {
3595	return error;
3596	}
3597
3598	for (int i = `0`; i < NECP_MAX_NETAGENTS; i++) {
3599	if (uuid_is_null(uu: result.netagents[i])) {
3600	// Passed end of valid agents
3601	break;
3602	}
3603
3604	memset(s: &netagent_domain, c: `0`, NETAGENT_DOMAINSIZE);
3605	memset(s: &netagent_type, c: `0`, NETAGENT_TYPESIZE);
3606	if (netagent_get_agent_domain_and_type(uuid: result.netagents[i], domain: netagent_domain, type: netagent_type) == FALSE) {
3607	continue;
3608	}
3609
3610	if (strncmp(s1: netagent_domain, NETAGENT_DOMAIN_RADIO_MANAGER, NETAGENT_DOMAINSIZE) != `0`) {
3611	continue;
3612	}
3613
3614	if (strncmp(s1: netagent_type, NETAGENT_TYPE_RADIO_MANAGER, NETAGENT_TYPESIZE) != `0`) {
3615	continue;
3616	}
3617
3618	uuid_copy(dst: netagent_uuid, src: result.netagents[i]);
3619
3620	break;
3621	}
3622
3623	return `0`;
3624	}
3625
3626	static int
3627	necp_client_assert_bb_radio_manager_common(struct necp_client *client, bool assert)
3628	{
3629	uuid_t netagent_uuid;
3630	uint8_t assert_type;
3631	int error;
3632
3633	error = necp_client_lookup_bb_radio_manager(client, netagent_uuid);
3634	if (error) {
3635	NECPLOG0(LOG_ERR, "BB radio manager agent not found");
3636	return error;
3637	}
3638
3639	// Before unasserting, verify that the assertion was already taken
3640	if (assert == FALSE) {
3641	assert_type = NETAGENT_MESSAGE_TYPE_CLIENT_UNASSERT;
3642
3643	if (!necp_client_remove_assertion(client, netagent_uuid)) {
3644	return EINVAL;
3645	}
3646	} else {
3647	assert_type = NETAGENT_MESSAGE_TYPE_CLIENT_ASSERT;
3648	}
3649
3650	error = netagent_client_message(agent_uuid: netagent_uuid, necp_client_uuid: client->client_id, pid: client->proc_pid, handle: client->agent_handle, message_type: assert_type);
3651	if (error) {
3652	NECPLOG0(LOG_ERR, "netagent_client_message failed");
3653	return error;
3654	}
3655
3656	// Only save the assertion if the action succeeded
3657	if (assert == TRUE) {
3658	necp_client_add_assertion(client, netagent_uuid);
3659	}
3660
3661	return `0`;
3662	}
3663
3664	int
3665	necp_client_assert_bb_radio_manager(uuid_t client_id, bool assert)
3666	{
3667	struct necp_client *client;
3668	int error = `0`;
3669
3670	NECP_CLIENT_TREE_LOCK_SHARED();
3671
3672	client = necp_find_client_and_lock(client_id);
3673
3674	if (client) {
3675	// Found the right client!
3676	error = necp_client_assert_bb_radio_manager_common(client, assert);
3677
3678	NECP_CLIENT_UNLOCK(client);
3679	} else {
3680	NECPLOG0(LOG_ERR, "Couldn't find client");
3681	error = ENOENT;
3682	}
3683
3684	NECP_CLIENT_TREE_UNLOCK();
3685
3686	return error;
3687	}
3688
3689	static int
3690	necp_client_unregister_socket_flow(uuid_t client_id, void *handle)
3691	{
3692	int error = `0`;
3693	struct necp_fd_data *client_fd = NULL;
3694	bool found_client = FALSE;
3695	bool client_updated = FALSE;
3696
3697	NECP_FD_LIST_LOCK_SHARED();
3698	LIST_FOREACH(client_fd, &necp_fd_list, chain) {
3699	NECP_FD_LOCK(client_fd);
3700
3701	struct necp_client *client = necp_client_fd_find_client_and_lock(client_fd, client_id);
3702	if (client != NULL) {
3703	struct necp_client_flow_registration *flow_registration = necp_client_find_flow(client, flow_id: client_id);
3704	if (flow_registration != NULL) {
3705	// Found the right client and flow!
3706	found_client = TRUE;
3707
3708	// Remove flow assignment
3709	struct necp_client_flow *search_flow = NULL;
3710	struct necp_client_flow *temp_flow = NULL;
3711	LIST_FOREACH_SAFE(search_flow, &flow_registration->flow_list, flow_chain, temp_flow) {
3712	if (search_flow->socket && search_flow->u.socket_handle == handle) {
3713	if (search_flow->assigned_results != NULL) {
3714	kfree_data(search_flow->assigned_results, search_flow->assigned_results_length);
3715	search_flow->assigned_results = NULL;
3716	}
3717	client_updated = TRUE;
3718	flow_registration->flow_result_read = FALSE;
3719	LIST_REMOVE(search_flow, flow_chain);
3720	OSDecrementAtomic(&necp_socket_flow_count);
3721	kfree_type(struct necp_client_flow, search_flow);
3722	}
3723	}
3724	}
3725
3726	NECP_CLIENT_UNLOCK(client);
3727	}
3728
3729	if (client_updated) {
3730	necp_fd_notify(fd_data: client_fd, true);
3731	}
3732	NECP_FD_UNLOCK(client_fd);
3733
3734	if (found_client) {
3735	break;
3736	}
3737	}
3738	NECP_FD_LIST_UNLOCK();
3739
3740	if (!found_client) {
3741	error = ENOENT;
3742	}
3743
3744	return error;
3745	}
3746
3747	static int
3748	necp_client_unregister_multipath_cb(uuid_t client_id, void *handle)
3749	{
3750	int error = `0`;
3751	bool found_client = FALSE;
3752
3753	NECP_CLIENT_TREE_LOCK_SHARED();
3754
3755	struct necp_client *client = necp_find_client_and_lock(client_id);
3756	if (client != NULL) {
3757	struct necp_client_flow_registration *flow_registration = necp_client_find_flow(client, flow_id: client_id);
3758	if (flow_registration != NULL) {
3759	// Found the right client and flow!
3760	found_client = TRUE;
3761
3762	// Remove flow assignment
3763	struct necp_client_flow *search_flow = NULL;
3764	struct necp_client_flow *temp_flow = NULL;
3765	LIST_FOREACH_SAFE(search_flow, &flow_registration->flow_list, flow_chain, temp_flow) {
3766	if (!search_flow->socket && !search_flow->nexus &&
3767	search_flow->u.socket_handle == handle) {
3768	search_flow->u.socket_handle = NULL;
3769	search_flow->u.cb = NULL;
3770	}
3771	}
3772
3773	flow_registration->interface_handle = NULL;
3774	flow_registration->interface_cb = NULL;
3775	}
3776
3777	NECP_CLIENT_UNLOCK(client);
3778	}
3779
3780	NECP_CLIENT_TREE_UNLOCK();
3781
3782	if (!found_client) {
3783	error = ENOENT;
3784	}
3785
3786	return error;
3787	}
3788
3789	int
3790	necp_client_assign_from_socket(pid_t pid, uuid_t client_id, struct inpcb *inp)
3791	{
3792	int error = `0`;
3793	struct necp_fd_data *client_fd = NULL;
3794	bool found_client = FALSE;
3795	bool client_updated = FALSE;
3796
3797	NECP_FD_LIST_LOCK_SHARED();
3798	LIST_FOREACH(client_fd, &necp_fd_list, chain) {
3799	if (pid && client_fd->proc_pid != pid) {
3800	continue;
3801	}
3802
3803	proc_t proc = proc_find(pid: client_fd->proc_pid);
3804	if (proc == PROC_NULL) {
3805	continue;
3806	}
3807
3808	NECP_FD_LOCK(client_fd);
3809
3810	struct necp_client *client = necp_client_fd_find_client_and_lock(client_fd, client_id);
3811	if (client != NULL) {
3812	struct necp_client_flow_registration *flow_registration = necp_client_find_flow(client, flow_id: client_id);
3813	if (flow_registration == NULL && RB_EMPTY(&client->flow_registrations) && !necp_client_id_is_flow(client_id)) {
3814	// No flows yet on this client, add a new registration
3815	flow_registration = necp_client_create_flow_registration(fd_data: client_fd, client);
3816	if (flow_registration == NULL) {
3817	error = ENOMEM;
3818	}
3819	}
3820	if (flow_registration != NULL) {
3821	// Found the right client and flow!
3822	found_client = TRUE;
3823
3824	struct necp_client_flow *flow = NULL;
3825	LIST_FOREACH(flow, &flow_registration->flow_list, flow_chain) {
3826	if (flow->socket && flow->u.socket_handle == inp) {
3827	// Release prior results and route
3828	if (flow->assigned_results != NULL) {
3829	kfree_data(flow->assigned_results, flow->assigned_results_length);
3830	flow->assigned_results = NULL;
3831	}
3832
3833	ifnet_t ifp = NULL;
3834	if ((inp->inp_flags & INP_BOUND_IF) && inp->inp_boundifp) {
3835	ifp = inp->inp_boundifp;
3836	} else {
3837	ifp = inp->inp_last_outifp;
3838	}
3839
3840	if (ifp != NULL) {
3841	flow->interface_index = ifp->if_index;
3842	} else {
3843	flow->interface_index = IFSCOPE_NONE;
3844	}
3845
3846	if (inp->inp_vflag & INP_IPV4) {
3847	flow->local_addr.sin.sin_family = AF_INET;
3848	flow->local_addr.sin.sin_len = sizeof(struct sockaddr_in);
3849	flow->local_addr.sin.sin_port = inp->inp_lport;
3850	memcpy(dst: &flow->local_addr.sin.sin_addr, src: &inp->inp_laddr, n: sizeof(struct in_addr));
3851
3852	flow->remote_addr.sin.sin_family = AF_INET;
3853	flow->remote_addr.sin.sin_len = sizeof(struct sockaddr_in);
3854	flow->remote_addr.sin.sin_port = inp->inp_fport;
3855	memcpy(dst: &flow->remote_addr.sin.sin_addr, src: &inp->inp_faddr, n: sizeof(struct in_addr));
3856	} else if (inp->inp_vflag & INP_IPV6) {
3857	in6_ip6_to_sockaddr(ip6: &inp->in6p_laddr, port: inp->inp_lport, ifscope: inp->inp_lifscope, sin6: &flow->local_addr.sin6, maxlen: sizeof(flow->local_addr));
3858	in6_ip6_to_sockaddr(ip6: &inp->in6p_faddr, port: inp->inp_fport, ifscope: inp->inp_fifscope, sin6: &flow->remote_addr.sin6, maxlen: sizeof(flow->remote_addr));
3859	}
3860
3861	flow->viable = necp_client_flow_is_viable(proc, client, flow);
3862
3863	uuid_t empty_uuid;
3864	uuid_clear(uu: empty_uuid);
3865	flow->assigned = TRUE;
3866	flow->assigned_results = necp_create_nexus_assign_message(nexus_instance: empty_uuid, nexus_port: `0`, NULL, key_length: `0`,
3867	local_endpoint: (struct necp_client_endpoint *)&flow->local_addr,
3868	remote_endpoint: (struct necp_client_endpoint *)&flow->remote_addr,
3869	NULL, flow_adv_index: `0`, NULL, message_length: &flow->assigned_results_length);
3870	flow_registration->flow_result_read = FALSE;
3871	client_updated = TRUE;
3872	break;
3873	}
3874	}
3875	}
3876
3877	NECP_CLIENT_UNLOCK(client);
3878	}
3879	if (client_updated) {
3880	necp_fd_notify(fd_data: client_fd, true);
3881	}
3882	NECP_FD_UNLOCK(client_fd);
3883
3884	proc_rele(p: proc);
3885	proc = PROC_NULL;
3886
3887	if (found_client) {
3888	break;
3889	}
3890	}
3891	NECP_FD_LIST_UNLOCK();
3892
3893	if (error == `0`) {
3894	if (!found_client) {
3895	error = ENOENT;
3896	} else if (!client_updated) {
3897	error = EINVAL;
3898	}
3899	}
3900
3901	return error;
3902	}
3903
3904	bool
3905	necp_socket_is_allowed_to_recv_on_interface(struct inpcb *inp, ifnet_t interface)
3906	{
3907	if (interface == NULL \|\|
3908	inp == NULL \|\|
3909	!(inp->inp_flags2 & INP2_EXTERNAL_PORT) \|\|
3910	uuid_is_null(uu: inp->necp_client_uuid)) {
3911	// If there's no interface or client ID to check,
3912	// or if this is not a listener, pass.
3913	// Outbound connections will have already been
3914	// validated for policy.
3915	return TRUE;
3916	}
3917
3918	// Only filter out listener sockets (no remote address specified)
3919	if ((inp->inp_vflag & INP_IPV4) &&
3920	inp->inp_faddr.s_addr != INADDR_ANY) {
3921	return TRUE;
3922	}
3923	if ((inp->inp_vflag & INP_IPV6) &&
3924	!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
3925	return TRUE;
3926	}
3927
3928	bool allowed = TRUE;
3929
3930	NECP_CLIENT_TREE_LOCK_SHARED();
3931
3932	struct necp_client *client = necp_find_client_and_lock(client_id: inp->necp_client_uuid);
3933	if (client != NULL) {
3934	struct necp_client_parsed_parameters *parsed_parameters = NULL;
3935
3936	parsed_parameters = kalloc_type(struct necp_client_parsed_parameters,
3937	Z_WAITOK \| Z_ZERO \| Z_NOFAIL);
3938	int error = necp_client_parse_parameters(client, parameters: client->parameters, parameters_size: (u_int32_t)client->parameters_length, parsed_parameters);
3939	if (error == `0`) {
3940	if (!necp_ifnet_matches_parameters(ifp: interface, parsed_parameters, override_flags: `0`, NULL, true, false)) {
3941	allowed = FALSE;
3942	}
3943	}
3944	kfree_type(struct necp_client_parsed_parameters, parsed_parameters);
3945
3946	NECP_CLIENT_UNLOCK(client);
3947	}
3948
3949	NECP_CLIENT_TREE_UNLOCK();
3950
3951	return allowed;
3952	}
3953
3954	int
3955	necp_update_flow_protoctl_event(uuid_t netagent_uuid, uuid_t client_id,
3956	uint32_t protoctl_event_code, uint32_t protoctl_event_val,
3957	uint32_t protoctl_event_tcp_seq_number)
3958	{
3959	int error = `0`;
3960	struct necp_fd_data *client_fd = NULL;
3961	bool found_client = FALSE;
3962	bool client_updated = FALSE;
3963
3964	NECP_FD_LIST_LOCK_SHARED();
3965	LIST_FOREACH(client_fd, &necp_fd_list, chain) {
3966	proc_t proc = proc_find(pid: client_fd->proc_pid);
3967	if (proc == PROC_NULL) {
3968	continue;
3969	}
3970
3971	NECP_FD_LOCK(client_fd);
3972
3973	struct necp_client *client = necp_client_fd_find_client_and_lock(client_fd, client_id);
3974	if (client != NULL) {
3975	struct necp_client_flow_registration *flow_registration = necp_client_find_flow(client, flow_id: client_id);
3976	if (flow_registration != NULL) {
3977	// Found the right client and flow!
3978	found_client = TRUE;
3979
3980	struct necp_client_flow *flow = NULL;
3981	LIST_FOREACH(flow, &flow_registration->flow_list, flow_chain) {
3982	// Verify that the client nexus agent matches
3983	if ((flow->nexus && uuid_compare(uu1: flow->u.nexus_agent, uu2: netagent_uuid) == `0`) \|\|
3984	flow->socket) {
3985	flow->has_protoctl_event = TRUE;
3986	flow->protoctl_event.protoctl_event_code = protoctl_event_code;
3987	flow->protoctl_event.protoctl_event_val = protoctl_event_val;
3988	flow->protoctl_event.protoctl_event_tcp_seq_num = protoctl_event_tcp_seq_number;
3989	flow_registration->flow_result_read = FALSE;
3990	client_updated = TRUE;
3991	break;
3992	}
3993	}
3994	}
3995
3996	NECP_CLIENT_UNLOCK(client);
3997	}
3998
3999	if (client_updated) {
4000	necp_fd_notify(fd_data: client_fd, true);
4001	}
4002
4003	NECP_FD_UNLOCK(client_fd);
4004	proc_rele(p: proc);
4005	proc = PROC_NULL;
4006
4007	if (found_client) {
4008	break;
4009	}
4010	}
4011	NECP_FD_LIST_UNLOCK();
4012
4013	if (!found_client) {
4014	error = ENOENT;
4015	} else if (!client_updated) {
4016	error = EINVAL;
4017	}
4018	return error;
4019	}
4020
4021	static bool
4022	necp_assign_client_result_locked(struct proc *proc,
4023	struct necp_fd_data *client_fd,
4024	struct necp_client *client,
4025	struct necp_client_flow_registration *flow_registration,
4026	uuid_t netagent_uuid,
4027	u_int8_t *assigned_results,
4028	size_t assigned_results_length,
4029	bool notify_fd,
4030	bool assigned_from_userspace_agent)
4031	{
4032	bool client_updated = FALSE;
4033
4034	NECP_FD_ASSERT_LOCKED(client_fd);
4035	NECP_CLIENT_ASSERT_LOCKED(client);
4036
4037	struct necp_client_flow *flow = NULL;
4038	LIST_FOREACH(flow, &flow_registration->flow_list, flow_chain) {
4039	// Verify that the client nexus agent matches
4040	if (flow->nexus &&
4041	uuid_compare(uu1: flow->u.nexus_agent, uu2: netagent_uuid) == `0`) {
4042	// Release prior results and route
4043	if (flow->assigned_results != NULL) {
4044	kfree_data(flow->assigned_results, flow->assigned_results_length);
4045	flow->assigned_results = NULL;
4046	}
4047
4048	void *nexus_stats = NULL;
4049	if (assigned_results != NULL && assigned_results_length > `0`) {
4050	int error = necp_client_parse_result(result: assigned_results, result_size: (u_int32_t)assigned_results_length,
4051	local_address: &flow->local_addr, remote_address: &flow->remote_addr,
4052	flow_stats: assigned_from_userspace_agent ? NULL : &nexus_stats); // Only assign stats from kernel agents
4053	VERIFY(error == `0`);
4054	}
4055
4056	flow->viable = necp_client_flow_is_viable(proc, client, flow);
4057
4058	flow->assigned = TRUE;
4059	flow->assigned_results = assigned_results;
4060	flow->assigned_results_length = assigned_results_length;
4061	flow_registration->flow_result_read = FALSE;
4062	#if SKYWALK
4063	if (nexus_stats != NULL) {
4064	if (flow_registration->nexus_stats != NULL) {
4065	flow_stats_release(fs: flow_registration->nexus_stats);
4066	}
4067	flow_registration->nexus_stats = nexus_stats;
4068	}
4069	#endif /* SKYWALK */
4070	client_updated = TRUE;
4071	break;
4072	}
4073	}
4074
4075	if (client_updated && notify_fd) {
4076	necp_fd_notify(fd_data: client_fd, true);
4077	}
4078
4079	// if not updated, client must free assigned_results
4080	return client_updated;
4081	}
4082
4083	int
4084	necp_assign_client_result(uuid_t netagent_uuid, uuid_t client_id,
4085	u_int8_t *assigned_results, size_t assigned_results_length)
4086	{
4087	int error = `0`;
4088	struct necp_fd_data *client_fd = NULL;
4089	bool found_client = FALSE;
4090	bool client_updated = FALSE;
4091
4092	NECP_FD_LIST_LOCK_SHARED();
4093
4094	LIST_FOREACH(client_fd, &necp_fd_list, chain) {
4095	proc_t proc = proc_find(pid: client_fd->proc_pid);
4096	if (proc == PROC_NULL) {
4097	continue;
4098	}
4099
4100	NECP_FD_LOCK(client_fd);
4101	struct necp_client *client = necp_client_fd_find_client_and_lock(client_fd, client_id);
4102	if (client != NULL) {
4103	struct necp_client_flow_registration *flow_registration = necp_client_find_flow(client, flow_id: client_id);
4104	if (flow_registration != NULL) {
4105	// Found the right client and flow!
4106	found_client = TRUE;
4107	if (necp_assign_client_result_locked(proc, client_fd, client, flow_registration, netagent_uuid,
4108	assigned_results, assigned_results_length, true, true)) {
4109	client_updated = TRUE;
4110	}
4111	}
4112
4113	NECP_CLIENT_UNLOCK(client);
4114	}
4115	NECP_FD_UNLOCK(client_fd);
4116
4117	proc_rele(p: proc);
4118	proc = PROC_NULL;
4119
4120	if (found_client) {
4121	break;
4122	}
4123	}
4124
4125	NECP_FD_LIST_UNLOCK();
4126
4127	// upon error, client must free assigned_results
4128	if (!found_client) {
4129	error = ENOENT;
4130	} else if (!client_updated) {
4131	error = EINVAL;
4132	}
4133
4134	return error;
4135	}
4136
4137	int
4138	necp_assign_client_group_members(uuid_t netagent_uuid, uuid_t client_id,
4139	u_int8_t *assigned_group_members, size_t assigned_group_members_length)
4140	{
4141	#pragma unused(netagent_uuid)
4142	int error = `0`;
4143	struct necp_fd_data *client_fd = NULL;
4144	bool found_client = false;
4145	bool client_updated = false;
4146
4147	NECP_FD_LIST_LOCK_SHARED();
4148
4149	LIST_FOREACH(client_fd, &necp_fd_list, chain) {
4150	proc_t proc = proc_find(pid: client_fd->proc_pid);
4151	if (proc == PROC_NULL) {
4152	continue;
4153	}
4154
4155	NECP_FD_LOCK(client_fd);
4156	struct necp_client *client = necp_client_fd_find_client_and_lock(client_fd, client_id);
4157	if (client != NULL) {
4158	found_client = true;
4159	// Release prior results
4160	if (client->assigned_group_members != NULL) {
4161	kfree_data(client->assigned_group_members, client->assigned_group_members_length);
4162	client->assigned_group_members = NULL;
4163	}
4164
4165	// Save new results
4166	client->assigned_group_members = assigned_group_members;
4167	client->assigned_group_members_length = assigned_group_members_length;
4168	client->group_members_read = false;
4169
4170	client_updated = true;
4171	necp_fd_notify(fd_data: client_fd, true);
4172
4173	NECP_CLIENT_UNLOCK(client);
4174	}
4175	NECP_FD_UNLOCK(client_fd);
4176
4177	proc_rele(p: proc);
4178	proc = PROC_NULL;
4179
4180	if (found_client) {
4181	break;
4182	}
4183	}
4184
4185	NECP_FD_LIST_UNLOCK();
4186
4187	// upon error, client must free assigned_results
4188	if (!found_client) {
4189	error = ENOENT;
4190	} else if (!client_updated) {
4191	error = EINVAL;
4192	}
4193
4194	return error;
4195	}
4196
4197	/// Client updating
4198
4199	static bool
4200	necp_update_parsed_parameters(struct necp_client_parsed_parameters *parsed_parameters,
4201	struct necp_aggregate_result *result)
4202	{
4203	if (parsed_parameters == NULL \|\|
4204	result == NULL) {
4205	return false;
4206	}
4207
4208	bool updated = false;
4209	for (int i = `0`; i < NECP_MAX_NETAGENTS; i++) {
4210	if (uuid_is_null(uu: result->netagents[i])) {
4211	// Passed end of valid agents
4212	break;
4213	}
4214
4215	if (!(result->netagent_use_flags[i] & NECP_AGENT_USE_FLAG_SCOPE)) {
4216	// Not a scoped agent, ignore
4217	continue;
4218	}
4219
4220	// This is a scoped agent. Add it to the required agents.
4221	if (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_REQUIRED_AGENT) {
4222	// Already some required agents, add this at the end
4223	for (int j = `0`; j < NECP_MAX_AGENT_PARAMETERS; j++) {
4224	if (uuid_compare(uu1: parsed_parameters->required_netagents[j], uu2: result->netagents[i]) == `0`) {
4225	// Already required, break
4226	break;
4227	}
4228	if (uuid_is_null(uu: parsed_parameters->required_netagents[j])) {
4229	// Add here
4230	memcpy(dst: &parsed_parameters->required_netagents[j], src: result->netagents[i], n: sizeof(uuid_t));
4231	updated = true;
4232	break;
4233	}
4234	}
4235	} else {
4236	// No required agents yet, add this one
4237	parsed_parameters->valid_fields \|= NECP_PARSED_PARAMETERS_FIELD_REQUIRED_AGENT;
4238	memcpy(dst: &parsed_parameters->required_netagents[`0`], src: result->netagents[i], n: sizeof(uuid_t));
4239	updated = true;
4240	}
4241
4242	// Remove requirements for agents of the same type
4243	if (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_REQUIRED_AGENT_TYPE) {
4244	char remove_agent_domain[NETAGENT_DOMAINSIZE] = { `0` };
4245	char remove_agent_type[NETAGENT_TYPESIZE] = { `0` };
4246	if (netagent_get_agent_domain_and_type(uuid: result->netagents[i], domain: remove_agent_domain, type: remove_agent_type)) {
4247	for (int j = `0`; j < NECP_MAX_AGENT_PARAMETERS; j++) {
4248	if (strlen(s: parsed_parameters->required_netagent_types[j].netagent_domain) == `0` &&
4249	strlen(s: parsed_parameters->required_netagent_types[j].netagent_type) == `0`) {
4250	break;
4251	}
4252
4253	if (strncmp(s1: parsed_parameters->required_netagent_types[j].netagent_domain, s2: remove_agent_domain, NETAGENT_DOMAINSIZE) == `0` &&
4254	strncmp(s1: parsed_parameters->required_netagent_types[j].netagent_type, s2: remove_agent_type, NETAGENT_TYPESIZE) == `0`) {
4255	updated = true;
4256
4257	if (j == NECP_MAX_AGENT_PARAMETERS - `1`) {
4258	// Last field, just clear and break
4259	memset(s: &parsed_parameters->required_netagent_types[NECP_MAX_AGENT_PARAMETERS - `1`], c: `0`, n: sizeof(struct necp_client_parameter_netagent_type));
4260	break;
4261	} else {
4262	// Move the parameters down, clear the last entry
4263	memmove(dst: &parsed_parameters->required_netagent_types[j],
4264	src: &parsed_parameters->required_netagent_types[j + `1`],
4265	n: sizeof(struct necp_client_parameter_netagent_type) * (NECP_MAX_AGENT_PARAMETERS - (j + `1`)));
4266	memset(s: &parsed_parameters->required_netagent_types[NECP_MAX_AGENT_PARAMETERS - `1`], c: `0`, n: sizeof(struct necp_client_parameter_netagent_type));
4267	// Continue, don't increment but look at the new shifted item instead
4268	continue;
4269	}
4270	}
4271
4272	// Increment j to look at the next agent type parameter
4273	j++;
4274	}
4275	}
4276	}
4277	}
4278
4279	if (updated &&
4280	parsed_parameters->required_interface_index != IFSCOPE_NONE &&
4281	(parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_REQUIRED_IF) == `0`) {
4282	// A required interface index was added after the fact. Clear it.
4283	parsed_parameters->required_interface_index = IFSCOPE_NONE;
4284	}
4285
4286
4287	return updated;
4288	}
4289
4290	static inline bool
4291	necp_agent_types_match(const char agent_domain1, const* char *agent_type1,
4292	const char agent_domain2, const* char *agent_type2)
4293	{
4294	return (strlen(s: agent_domain1) == `0` \|\|
4295	strncmp(s1: agent_domain2, s2: agent_domain1, NETAGENT_DOMAINSIZE) == `0`) &&
4296	(strlen(s: agent_type1) == `0` \|\|
4297	strncmp(s1: agent_type2, s2: agent_type1, NETAGENT_TYPESIZE) == `0`);
4298	}
4299
4300	static inline bool
4301	necp_calculate_client_result(proc_t proc,
4302	struct necp_client *client,
4303	struct necp_client_parsed_parameters *parsed_parameters,
4304	struct necp_aggregate_result *result,
4305	u_int32_t *flags,
4306	u_int32_t *reason,
4307	struct necp_client_endpoint *v4_gateway,
4308	struct necp_client_endpoint *v6_gateway,
4309	uuid_t *override_euuid)
4310	{
4311	struct rtentry *route = NULL;
4312
4313	// Check parameters to find best interface
4314	bool validate_agents = false;
4315	u_int matching_if_index = `0`;
4316	if (necp_find_matching_interface_index(parsed_parameters, return_ifindex: &matching_if_index, validate_agents: &validate_agents)) {
4317	if (matching_if_index != `0`) {
4318	parsed_parameters->required_interface_index = matching_if_index;
4319	}
4320	// Interface found or not needed, match policy.
4321	memset(s: result, c: `0`, n: sizeof(*result));
4322	int error = necp_application_find_policy_match_internal(proc, parameters: client->parameters,
4323	parameters_size: (u_int32_t)client->parameters_length,
4324	returned_result: result, flags, reason, required_interface_index: matching_if_index,
4325	NULL, NULL,
4326	returned_v4_gateway: v4_gateway, returned_v6_gateway: v6_gateway,
4327	returned_route: &route, false, true,
4328	returned_override_euuid: override_euuid);
4329	if (error != `0`) {
4330	if (route != NULL) {
4331	rtfree(route);
4332	}
4333	return FALSE;
4334	}
4335
4336	if (validate_agents) {
4337	bool requirement_failed = FALSE;
4338	if (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_REQUIRED_AGENT) {
4339	for (int i = `0`; i < NECP_MAX_AGENT_PARAMETERS; i++) {
4340	if (uuid_is_null(uu: parsed_parameters->required_netagents[i])) {
4341	break;
4342	}
4343
4344	bool requirement_found = FALSE;
4345	for (int j = `0`; j < NECP_MAX_NETAGENTS; j++) {
4346	if (uuid_is_null(uu: result->netagents[j])) {
4347	break;
4348	}
4349
4350	if (result->netagent_use_flags[j] & NECP_AGENT_USE_FLAG_REMOVE) {
4351	// A removed agent, ignore
4352	continue;
4353	}
4354
4355	if (uuid_compare(uu1: parsed_parameters->required_netagents[i], uu2: result->netagents[j]) == `0`) {
4356	requirement_found = TRUE;
4357	break;
4358	}
4359	}
4360
4361	if (!requirement_found) {
4362	requirement_failed = TRUE;
4363	break;
4364	}
4365	}
4366	}
4367
4368	if (!requirement_failed && parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_REQUIRED_AGENT_TYPE) {
4369	for (int i = `0`; i < NECP_MAX_AGENT_PARAMETERS; i++) {
4370	if (strlen(s: parsed_parameters->required_netagent_types[i].netagent_domain) == `0` &&
4371	strlen(s: parsed_parameters->required_netagent_types[i].netagent_type) == `0`) {
4372	break;
4373	}
4374
4375	bool requirement_found = FALSE;
4376	for (int j = `0`; j < NECP_MAX_NETAGENTS; j++) {
4377	if (uuid_is_null(uu: result->netagents[j])) {
4378	break;
4379	}
4380
4381	if (result->netagent_use_flags[j] & NECP_AGENT_USE_FLAG_REMOVE) {
4382	// A removed agent, ignore
4383	continue;
4384	}
4385
4386	char policy_agent_domain[NETAGENT_DOMAINSIZE] = { `0` };
4387	char policy_agent_type[NETAGENT_TYPESIZE] = { `0` };
4388
4389	if (netagent_get_agent_domain_and_type(uuid: result->netagents[j], domain: policy_agent_domain, type: policy_agent_type)) {
4390	if (necp_agent_types_match(agent_domain1: parsed_parameters->required_netagent_types[i].netagent_domain,
4391	agent_type1: parsed_parameters->required_netagent_types[i].netagent_type,
4392	agent_domain2: policy_agent_domain, agent_type2: policy_agent_type)) {
4393	requirement_found = TRUE;
4394	break;
4395	}
4396	}
4397	}
4398
4399	if (!requirement_found) {
4400	requirement_failed = TRUE;
4401	break;
4402	}
4403	}
4404	}
4405
4406	if (requirement_failed) {
4407	// Agent requirement failed. Clear out the whole result, make everything fail.
4408	memset(s: result, c: `0`, n: sizeof(*result));
4409	if (route != NULL) {
4410	rtfree(route);
4411	}
4412	return TRUE;
4413	}
4414	}
4415
4416	// Reset current route
4417	NECP_CLIENT_ROUTE_LOCK(client);
4418	if (client->current_route != NULL) {
4419	rtfree(client->current_route);
4420	}
4421	client->current_route = route;
4422	NECP_CLIENT_ROUTE_UNLOCK(client);
4423	} else {
4424	// Interface not found. Clear out the whole result, make everything fail.
4425	memset(s: result, c: `0`, n: sizeof(*result));
4426	}
4427
4428	return TRUE;
4429	}
4430
4431	#define NECP_PARSED_PARAMETERS_REQUIRED_FIELDS (NECP_PARSED_PARAMETERS_FIELD_REQUIRED_IF \| \
4432	NECP_PARSED_PARAMETERS_FIELD_REQUIRED_IFTYPE \| \
4433	NECP_PARSED_PARAMETERS_FIELD_REQUIRED_AGENT \| \
4434	NECP_PARSED_PARAMETERS_FIELD_REQUIRED_AGENT_TYPE)
4435
4436	static bool
4437	necp_update_client_result(proc_t proc,
4438	struct necp_fd_data *client_fd,
4439	struct necp_client *client,
4440	struct _necp_flow_defunct_list *defunct_list)
4441	{
4442	struct necp_client_result_netagent netagent;
4443	struct necp_aggregate_result result;
4444	struct necp_client_parsed_parameters *parsed_parameters = NULL;
4445	u_int32_t flags = `0`;
4446	u_int32_t reason = `0`;
4447
4448	NECP_CLIENT_ASSERT_LOCKED(client);
4449
4450	parsed_parameters = kalloc_type(struct necp_client_parsed_parameters,
4451	Z_WAITOK \| Z_ZERO \| Z_NOFAIL);
4452
4453	// Nexus flows will be brought back if they are still valid
4454	necp_client_mark_all_nonsocket_flows_as_invalid(client);
4455
4456	int error = necp_client_parse_parameters(client, parameters: client->parameters, parameters_size: (u_int32_t)client->parameters_length, parsed_parameters);
4457	if (error != `0`) {
4458	kfree_type(struct necp_client_parsed_parameters, parsed_parameters);
4459	return FALSE;
4460	}
4461	bool originally_scoped = (parsed_parameters->required_interface_index != IFSCOPE_NONE);
4462
4463	// Update saved IP protocol
4464	client->ip_protocol = parsed_parameters->ip_protocol;
4465
4466	// Calculate the policy result
4467	struct necp_client_endpoint v4_gateway = {};
4468	struct necp_client_endpoint v6_gateway = {};
4469	uuid_t override_euuid;
4470	uuid_clear(uu: override_euuid);
4471	if (!necp_calculate_client_result(proc, client, parsed_parameters, result: &result, flags: &flags, reason: &reason, v4_gateway: &v4_gateway, v6_gateway: &v6_gateway, override_euuid: &override_euuid)) {
4472	kfree_type(struct necp_client_parsed_parameters, parsed_parameters);
4473	return FALSE;
4474	}
4475
4476	if (necp_update_parsed_parameters(parsed_parameters, result: &result)) {
4477	// Changed the parameters based on result, try again (only once)
4478	if (!necp_calculate_client_result(proc, client, parsed_parameters, result: &result, flags: &flags, reason: &reason, v4_gateway: &v4_gateway, v6_gateway: &v6_gateway, override_euuid: &override_euuid)) {
4479	kfree_type(struct necp_client_parsed_parameters, parsed_parameters);
4480	return FALSE;
4481	}
4482	}
4483
4484	if ((parsed_parameters->flags & NECP_CLIENT_PARAMETER_FLAG_LISTENER) &&
4485	parsed_parameters->required_interface_index != IFSCOPE_NONE &&
4486	(parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_REQUIRED_IF) == `0`) {
4487	// Listener should not apply required interface index if
4488	parsed_parameters->required_interface_index = IFSCOPE_NONE;
4489	}
4490
4491	// Save the last policy id on the client
4492	client->policy_id = result.policy_id;
4493	client->skip_policy_id = result.skip_policy_id;
4494	uuid_copy(dst: client->override_euuid, src: override_euuid);
4495
4496	if ((parsed_parameters->flags & NECP_CLIENT_PARAMETER_FLAG_MULTIPATH) \|\|
4497	(parsed_parameters->flags & NECP_CLIENT_PARAMETER_FLAG_BROWSE) \|\|
4498	((parsed_parameters->flags & NECP_CLIENT_PARAMETER_FLAG_LISTENER) &&
4499	result.routing_result != NECP_KERNEL_POLICY_RESULT_SOCKET_SCOPED)) {
4500	client->allow_multiple_flows = TRUE;
4501	} else {
4502	client->allow_multiple_flows = FALSE;
4503	}
4504
4505	// If the original request was scoped, and the policy result matches, make sure the result is scoped
4506	if ((result.routing_result == NECP_KERNEL_POLICY_RESULT_NONE \|\|
4507	result.routing_result == NECP_KERNEL_POLICY_RESULT_PASS) &&
4508	result.routed_interface_index != IFSCOPE_NONE &&
4509	parsed_parameters->required_interface_index == result.routed_interface_index) {
4510	result.routing_result = NECP_KERNEL_POLICY_RESULT_SOCKET_SCOPED;
4511	result.routing_result_parameter.scoped_interface_index = result.routed_interface_index;
4512	}
4513
4514	if (defunct_list != NULL &&
4515	result.routing_result == NECP_KERNEL_POLICY_RESULT_DROP) {
4516	// If we are forced to drop the client, defunct it if it has flows
4517	necp_defunct_client_for_policy(client, defunct_list);
4518	}
4519
4520	// Recalculate flags
4521	if (parsed_parameters->flags & NECP_CLIENT_PARAMETER_FLAG_LISTENER) {
4522	// Listeners are valid as long as they aren't dropped
4523	if (result.routing_result != NECP_KERNEL_POLICY_RESULT_DROP) {
4524	flags \|= NECP_CLIENT_RESULT_FLAG_SATISFIED;
4525	}
4526	} else if (result.routed_interface_index != `0`) {
4527	// Clients without flows determine viability based on having some routable interface
4528	flags \|= NECP_CLIENT_RESULT_FLAG_SATISFIED;
4529	}
4530
4531	bool updated = FALSE;
4532	u_int8_t *cursor = client->result;
4533	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_FLAGS, length: sizeof(flags), value: &flags, updated: &updated, buffer: client->result, buffer_length: sizeof(client->result));
4534	if (reason != `0`) {
4535	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_REASON, length: sizeof(reason), value: &reason, updated: &updated, buffer: client->result, buffer_length: sizeof(client->result));
4536	}
4537	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_CLIENT_ID, length: sizeof(uuid_t), value: client->client_id, updated: &updated,
4538	buffer: client->result, buffer_length: sizeof(client->result));
4539	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_POLICY_RESULT, length: sizeof(result.routing_result), value: &result.routing_result, updated: &updated,
4540	buffer: client->result, buffer_length: sizeof(client->result));
4541	if (result.routing_result_parameter.tunnel_interface_index != `0`) {
4542	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_POLICY_RESULT_PARAMETER,
4543	length: sizeof(result.routing_result_parameter), value: &result.routing_result_parameter, updated: &updated,
4544	buffer: client->result, buffer_length: sizeof(client->result));
4545	}
4546	if (result.filter_control_unit != `0`) {
4547	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_FILTER_CONTROL_UNIT,
4548	length: sizeof(result.filter_control_unit), value: &result.filter_control_unit, updated: &updated,
4549	buffer: client->result, buffer_length: sizeof(client->result));
4550	}
4551	if (result.flow_divert_aggregate_unit != `0`) {
4552	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_FLOW_DIVERT_AGGREGATE_UNIT,
4553	length: sizeof(result.flow_divert_aggregate_unit), value: &result.flow_divert_aggregate_unit, updated: &updated,
4554	buffer: client->result, buffer_length: sizeof(client->result));
4555	}
4556	if (result.routed_interface_index != `0`) {
4557	u_int routed_interface_index = result.routed_interface_index;
4558	if (result.routing_result == NECP_KERNEL_POLICY_RESULT_IP_TUNNEL &&
4559	(parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_REQUIRED_FIELDS) &&
4560	parsed_parameters->required_interface_index != IFSCOPE_NONE &&
4561	parsed_parameters->required_interface_index != result.routed_interface_index) {
4562	routed_interface_index = parsed_parameters->required_interface_index;
4563	}
4564
4565	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_INTERFACE_INDEX,
4566	length: sizeof(routed_interface_index), value: &routed_interface_index, updated: &updated,
4567	buffer: client->result, buffer_length: sizeof(client->result));
4568	}
4569	if (client_fd && client_fd->flags & NECP_OPEN_FLAG_BACKGROUND) {
4570	u_int32_t effective_traffic_class = SO_TC_BK_SYS;
4571	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_EFFECTIVE_TRAFFIC_CLASS,
4572	length: sizeof(effective_traffic_class), value: &effective_traffic_class, updated: &updated,
4573	buffer: client->result, buffer_length: sizeof(client->result));
4574	}
4575
4576	if (client_fd->background) {
4577	bool has_assigned_flow = FALSE;
4578	struct necp_client_flow_registration *flow_registration = NULL;
4579	struct necp_client_flow *search_flow = NULL;
4580	RB_FOREACH(flow_registration, _necp_client_flow_tree, &client->flow_registrations) {
4581	LIST_FOREACH(search_flow, &flow_registration->flow_list, flow_chain) {
4582	if (search_flow->assigned) {
4583	has_assigned_flow = TRUE;
4584	break;
4585	}
4586	}
4587	}
4588
4589	if (has_assigned_flow) {
4590	u_int32_t background = client_fd->background;
4591	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_TRAFFIC_MGMT_BG,
4592	length: sizeof(background), value: &background, updated: &updated,
4593	buffer: client->result, buffer_length: sizeof(client->result));
4594	}
4595	}
4596
4597	bool write_v4_gateway = !necp_client_endpoint_is_unspecified(endpoint: &v4_gateway);
4598	bool write_v6_gateway = !necp_client_endpoint_is_unspecified(endpoint: &v6_gateway);
4599
4600	NECP_CLIENT_ROUTE_LOCK(client);
4601	if (client->current_route != NULL) {
4602	const u_int32_t route_mtu = get_maxmtu(client->current_route);
4603	if (route_mtu != `0`) {
4604	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_EFFECTIVE_MTU,
4605	length: sizeof(route_mtu), value: &route_mtu, updated: &updated,
4606	buffer: client->result, buffer_length: sizeof(client->result));
4607	}
4608	bool has_remote_addr = parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_REMOTE_ADDR;
4609	if (has_remote_addr && client->current_route->rt_gateway != NULL) {
4610	if (client->current_route->rt_gateway->sa_family == AF_INET) {
4611	write_v6_gateway = false;
4612	} else if (client->current_route->rt_gateway->sa_family == AF_INET6) {
4613	write_v4_gateway = false;
4614	}
4615	}
4616	}
4617	NECP_CLIENT_ROUTE_UNLOCK(client);
4618
4619	if (write_v4_gateway) {
4620	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_GATEWAY,
4621	length: sizeof(struct necp_client_endpoint), value: &v4_gateway, updated: &updated,
4622	buffer: client->result, buffer_length: sizeof(client->result));
4623	}
4624
4625	if (write_v6_gateway) {
4626	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_GATEWAY,
4627	length: sizeof(struct necp_client_endpoint), value: &v6_gateway, updated: &updated,
4628	buffer: client->result, buffer_length: sizeof(client->result));
4629	}
4630
4631	for (int i = `0`; i < NAT64_MAX_NUM_PREFIXES; i++) {
4632	if (result.nat64_prefixes[i].prefix_len != `0`) {
4633	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_NAT64,
4634	length: sizeof(result.nat64_prefixes), value: result.nat64_prefixes, updated: &updated,
4635	buffer: client->result, buffer_length: sizeof(client->result));
4636	break;
4637	}
4638	}
4639
4640	if (result.mss_recommended != `0`) {
4641	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_RECOMMENDED_MSS,
4642	length: sizeof(result.mss_recommended), value: &result.mss_recommended, updated: &updated,
4643	buffer: client->result, buffer_length: sizeof(client->result));
4644	}
4645
4646	for (int i = `0`; i < NECP_MAX_NETAGENTS; i++) {
4647	if (uuid_is_null(uu: result.netagents[i])) {
4648	break;
4649	}
4650	if (result.netagent_use_flags[i] & NECP_AGENT_USE_FLAG_REMOVE) {
4651	// A removed agent, ignore
4652	continue;
4653	}
4654	uuid_copy(dst: netagent.netagent_uuid, src: result.netagents[i]);
4655	netagent.generation = netagent_get_generation(uuid: netagent.netagent_uuid);
4656	if (necp_netagent_applies_to_client(client, parameters: parsed_parameters, netagent_uuid: &netagent.netagent_uuid, TRUE, interface_index: `0`, interface_generation: `0`)) {
4657	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_NETAGENT, length: sizeof(netagent), value: &netagent, updated: &updated,
4658	buffer: client->result, buffer_length: sizeof(client->result));
4659	}
4660	}
4661
4662	ifnet_head_lock_shared();
4663	ifnet_t direct_interface = NULL;
4664	ifnet_t delegate_interface = NULL;
4665	ifnet_t original_scoped_interface = NULL;
4666
4667	if (result.routed_interface_index != IFSCOPE_NONE && result.routed_interface_index <= (u_int32_t)if_index) {
4668	direct_interface = ifindex2ifnet[result.routed_interface_index];
4669	} else if (parsed_parameters->required_interface_index != IFSCOPE_NONE &&
4670	parsed_parameters->required_interface_index <= (u_int32_t)if_index) {
4671	// If the request was scoped, but the route didn't match, still grab the agents
4672	direct_interface = ifindex2ifnet[parsed_parameters->required_interface_index];
4673	} else if (result.routed_interface_index == IFSCOPE_NONE &&
4674	result.routing_result == NECP_KERNEL_POLICY_RESULT_SOCKET_SCOPED &&
4675	result.routing_result_parameter.scoped_interface_index != IFSCOPE_NONE) {
4676	direct_interface = ifindex2ifnet[result.routing_result_parameter.scoped_interface_index];
4677	}
4678	if (direct_interface != NULL) {
4679	delegate_interface = direct_interface->if_delegated.ifp;
4680	}
4681	if (result.routing_result == NECP_KERNEL_POLICY_RESULT_IP_TUNNEL &&
4682	(parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_REQUIRED_FIELDS) &&
4683	parsed_parameters->required_interface_index != IFSCOPE_NONE &&
4684	parsed_parameters->required_interface_index != result.routing_result_parameter.tunnel_interface_index &&
4685	parsed_parameters->required_interface_index <= (u_int32_t)if_index) {
4686	original_scoped_interface = ifindex2ifnet[parsed_parameters->required_interface_index];
4687	}
4688	// Add interfaces
4689	if (original_scoped_interface != NULL) {
4690	struct necp_client_result_interface interface_struct;
4691	interface_struct.index = original_scoped_interface->if_index;
4692	interface_struct.generation = ifnet_get_generation(original_scoped_interface);
4693	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_INTERFACE, length: sizeof(interface_struct), value: &interface_struct, updated: &updated,
4694	buffer: client->result, buffer_length: sizeof(client->result));
4695	}
4696	if (direct_interface != NULL) {
4697	struct necp_client_result_interface interface_struct;
4698	interface_struct.index = direct_interface->if_index;
4699	interface_struct.generation = ifnet_get_generation(direct_interface);
4700	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_INTERFACE, length: sizeof(interface_struct), value: &interface_struct, updated: &updated,
4701	buffer: client->result, buffer_length: sizeof(client->result));
4702
4703	// Set the delta time since interface up/down
4704	struct timeval updown_delta = {};
4705	if (ifnet_updown_delta(interface: direct_interface, updown_delta: &updown_delta) == `0`) {
4706	u_int32_t delta = updown_delta.tv_sec;
4707	bool ignore_updated = FALSE;
4708	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_INTERFACE_TIME_DELTA,
4709	length: sizeof(delta), value: &delta, updated: &ignore_updated,
4710	buffer: client->result, buffer_length: sizeof(client->result));
4711	}
4712	}
4713	if (delegate_interface != NULL) {
4714	struct necp_client_result_interface interface_struct;
4715	interface_struct.index = delegate_interface->if_index;
4716	interface_struct.generation = ifnet_get_generation(delegate_interface);
4717	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_INTERFACE, length: sizeof(interface_struct), value: &interface_struct, updated: &updated,
4718	buffer: client->result, buffer_length: sizeof(client->result));
4719	}
4720
4721	// Update multipath/listener interface flows
4722	if (parsed_parameters->flags & NECP_CLIENT_PARAMETER_FLAG_MULTIPATH) {
4723	// Add the interface option for the routed interface first
4724	if (direct_interface != NULL) {
4725	// Add nexus agent
4726	necp_client_add_agent_interface_options(client, parsed_parameters, ifp: direct_interface);
4727
4728	// Add interface option in case it is not a nexus
4729	necp_client_add_interface_option_if_needed(client, interface_index: direct_interface->if_index,
4730	interface_generation: ifnet_get_generation(direct_interface), NULL, false);
4731	}
4732	if (parsed_parameters->flags & NECP_CLIENT_PARAMETER_FLAG_INBOUND) {
4733	// For inbound multipath, add from the global list (like a listener)
4734	struct ifnet *multi_interface = NULL;
4735	TAILQ_FOREACH(multi_interface, &ifnet_head, if_link) {
4736	if ((multi_interface->if_flags & (IFF_UP \| IFF_RUNNING)) &&
4737	necp_ifnet_matches_parameters(ifp: multi_interface, parsed_parameters, override_flags: `0`, NULL, true, false)) {
4738	// Add nexus agents for inbound multipath
4739	necp_client_add_agent_interface_options(client, parsed_parameters, ifp: multi_interface);
4740	}
4741	}
4742	} else {
4743	// Get other multipath interface options from ordered list
4744	struct ifnet *multi_interface = NULL;
4745	TAILQ_FOREACH(multi_interface, &ifnet_ordered_head, if_ordered_link) {
4746	if (multi_interface != direct_interface &&
4747	necp_ifnet_matches_parameters(ifp: multi_interface, parsed_parameters, override_flags: `0`, NULL, true, false)) {
4748	// Add nexus agents for multipath
4749	necp_client_add_agent_interface_options(client, parsed_parameters, ifp: multi_interface);
4750
4751	// Add multipath interface flows for kernel MPTCP
4752	necp_client_add_interface_option_if_needed(client, interface_index: multi_interface->if_index,
4753	interface_generation: ifnet_get_generation(multi_interface), NULL, false);
4754	}
4755	}
4756	}
4757	} else if (parsed_parameters->flags & NECP_CLIENT_PARAMETER_FLAG_LISTENER) {
4758	if (result.routing_result == NECP_KERNEL_POLICY_RESULT_SOCKET_SCOPED) {
4759	if (direct_interface != NULL) {
4760	// If scoped, only listen on that interface
4761	// Add nexus agents for listeners
4762	necp_client_add_agent_interface_options(client, parsed_parameters, ifp: direct_interface);
4763
4764	// Add interface option in case it is not a nexus
4765	necp_client_add_interface_option_if_needed(client, interface_index: direct_interface->if_index,
4766	interface_generation: ifnet_get_generation(direct_interface), NULL, false);
4767	}
4768	} else {
4769	// Get listener interface options from global list
4770	struct ifnet *listen_interface = NULL;
4771	TAILQ_FOREACH(listen_interface, &ifnet_head, if_link) {
4772	if ((listen_interface->if_flags & (IFF_UP \| IFF_RUNNING)) &&
4773	necp_ifnet_matches_parameters(ifp: listen_interface, parsed_parameters, override_flags: `0`, NULL, true, false)) {
4774	// Add nexus agents for listeners
4775	necp_client_add_agent_interface_options(client, parsed_parameters, ifp: listen_interface);
4776	}
4777	}
4778	}
4779	} else if (parsed_parameters->flags & NECP_CLIENT_PARAMETER_FLAG_BROWSE) {
4780	if (result.routing_result == NECP_KERNEL_POLICY_RESULT_SOCKET_SCOPED && originally_scoped) {
4781	if (direct_interface != NULL) {
4782	// Add browse option if it has an agent
4783	necp_client_add_browse_interface_options(client, parsed_parameters, ifp: direct_interface);
4784	}
4785	} else {
4786	// Get browse interface options from global list
4787	struct ifnet *browse_interface = NULL;
4788	TAILQ_FOREACH(browse_interface, &ifnet_head, if_link) {
4789	if (necp_ifnet_matches_parameters(ifp: browse_interface, parsed_parameters, override_flags: `0`, NULL, true, false)) {
4790	necp_client_add_browse_interface_options(client, parsed_parameters, ifp: browse_interface);
4791	}
4792	}
4793	}
4794	}
4795
4796	struct necp_client_result_estimated_throughput throughput = {
4797	.up = `0`,
4798	.down = `0`,
4799	};
4800
4801	// Add agents
4802	if (original_scoped_interface != NULL) {
4803	ifnet_lock_shared(ifp: original_scoped_interface);
4804	if (original_scoped_interface->if_agentids != NULL) {
4805	for (u_int32_t i = `0`; i < original_scoped_interface->if_agentcount; i++) {
4806	if (uuid_is_null(uu: original_scoped_interface->if_agentids[i])) {
4807	continue;
4808	}
4809	bool skip_agent = false;
4810	for (int j = `0`; j < NECP_MAX_NETAGENTS; j++) {
4811	if (uuid_is_null(uu: result.netagents[j])) {
4812	break;
4813	}
4814	if ((result.netagent_use_flags[j] & NECP_AGENT_USE_FLAG_REMOVE) &&
4815	uuid_compare(uu1: original_scoped_interface->if_agentids[i], uu2: result.netagents[j]) == `0`) {
4816	skip_agent = true;
4817	break;
4818	}
4819	}
4820	if (skip_agent) {
4821	continue;
4822	}
4823	uuid_copy(dst: netagent.netagent_uuid, src: original_scoped_interface->if_agentids[i]);
4824	netagent.generation = netagent_get_generation(uuid: netagent.netagent_uuid);
4825	if (necp_netagent_applies_to_client(client, parameters: parsed_parameters, netagent_uuid: &netagent.netagent_uuid, FALSE,
4826	interface_index: original_scoped_interface->if_index, interface_generation: ifnet_get_generation(original_scoped_interface))) {
4827	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_NETAGENT, length: sizeof(netagent), value: &netagent, updated: &updated,
4828	buffer: client->result, buffer_length: sizeof(client->result));
4829	}
4830	}
4831	}
4832	ifnet_lock_done(ifp: original_scoped_interface);
4833	}
4834	if (direct_interface != NULL) {
4835	ifnet_lock_shared(ifp: direct_interface);
4836	throughput.up = direct_interface->if_estimated_up_bucket;
4837	throughput.down = direct_interface->if_estimated_down_bucket;
4838	if (direct_interface->if_agentids != NULL) {
4839	for (u_int32_t i = `0`; i < direct_interface->if_agentcount; i++) {
4840	if (uuid_is_null(uu: direct_interface->if_agentids[i])) {
4841	continue;
4842	}
4843	bool skip_agent = false;
4844	for (int j = `0`; j < NECP_MAX_NETAGENTS; j++) {
4845	if (uuid_is_null(uu: result.netagents[j])) {
4846	break;
4847	}
4848	if ((result.netagent_use_flags[j] & NECP_AGENT_USE_FLAG_REMOVE) &&
4849	uuid_compare(uu1: direct_interface->if_agentids[i], uu2: result.netagents[j]) == `0`) {
4850	skip_agent = true;
4851	break;
4852	}
4853	}
4854	if (skip_agent) {
4855	continue;
4856	}
4857	uuid_copy(dst: netagent.netagent_uuid, src: direct_interface->if_agentids[i]);
4858	netagent.generation = netagent_get_generation(uuid: netagent.netagent_uuid);
4859	if (necp_netagent_applies_to_client(client, parameters: parsed_parameters, netagent_uuid: &netagent.netagent_uuid, TRUE,
4860	interface_index: direct_interface->if_index, interface_generation: ifnet_get_generation(direct_interface))) {
4861	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_NETAGENT, length: sizeof(netagent), value: &netagent, updated: &updated,
4862	buffer: client->result, buffer_length: sizeof(client->result));
4863	}
4864	}
4865	}
4866	ifnet_lock_done(ifp: direct_interface);
4867	}
4868	if (delegate_interface != NULL) {
4869	ifnet_lock_shared(ifp: delegate_interface);
4870	if (throughput.up == `0` && throughput.down == `0`) {
4871	throughput.up = delegate_interface->if_estimated_up_bucket;
4872	throughput.down = delegate_interface->if_estimated_down_bucket;
4873	}
4874	if (delegate_interface->if_agentids != NULL) {
4875	for (u_int32_t i = `0`; i < delegate_interface->if_agentcount; i++) {
4876	if (uuid_is_null(uu: delegate_interface->if_agentids[i])) {
4877	continue;
4878	}
4879	bool skip_agent = false;
4880	for (int j = `0`; j < NECP_MAX_NETAGENTS; j++) {
4881	if (uuid_is_null(uu: result.netagents[j])) {
4882	break;
4883	}
4884	if ((result.netagent_use_flags[j] & NECP_AGENT_USE_FLAG_REMOVE) &&
4885	uuid_compare(uu1: delegate_interface->if_agentids[i], uu2: result.netagents[j]) == `0`) {
4886	skip_agent = true;
4887	break;
4888	}
4889	}
4890	if (skip_agent) {
4891	continue;
4892	}
4893	uuid_copy(dst: netagent.netagent_uuid, src: delegate_interface->if_agentids[i]);
4894	netagent.generation = netagent_get_generation(uuid: netagent.netagent_uuid);
4895	if (necp_netagent_applies_to_client(client, parameters: parsed_parameters, netagent_uuid: &netagent.netagent_uuid, FALSE,
4896	interface_index: delegate_interface->if_index, interface_generation: ifnet_get_generation(delegate_interface))) {
4897	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_NETAGENT, length: sizeof(netagent), value: &netagent, updated: &updated,
4898	buffer: client->result, buffer_length: sizeof(client->result));
4899	}
4900	}
4901	}
4902	ifnet_lock_done(ifp: delegate_interface);
4903	}
4904	ifnet_head_done();
4905
4906	if (throughput.up != `0` \|\| throughput.down != `0`) {
4907	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_ESTIMATED_THROUGHPUT,
4908	length: sizeof(throughput), value: &throughput, updated: &updated, buffer: client->result, buffer_length: sizeof(client->result));
4909	}
4910
4911	// Add interface options
4912	for (u_int32_t option_i = `0`; option_i < client->interface_option_count; option_i++) {
4913	if (option_i < NECP_CLIENT_INTERFACE_OPTION_STATIC_COUNT) {
4914	struct necp_client_interface_option *option = &client->interface_options[option_i];
4915	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_INTERFACE_OPTION, length: sizeof(*option), value: option, updated: &updated,
4916	buffer: client->result, buffer_length: sizeof(client->result));
4917	} else {
4918	struct necp_client_interface_option *option = &client->extra_interface_options[option_i - NECP_CLIENT_INTERFACE_OPTION_STATIC_COUNT];
4919	cursor = necp_buffer_write_tlv_if_different(cursor, NECP_CLIENT_RESULT_INTERFACE_OPTION, length: sizeof(*option), value: option, updated: &updated,
4920	buffer: client->result, buffer_length: sizeof(client->result));
4921	}
4922	}
4923
4924	size_t new_result_length = (cursor - client->result);
4925	if (new_result_length != client->result_length) {
4926	client->result_length = new_result_length;
4927	updated = TRUE;
4928	}
4929
4930	// Update flow viability/flags
4931	if (necp_client_update_flows(proc, client, defunct_list)) {
4932	updated = TRUE;
4933	}
4934
4935	if (updated) {
4936	client->result_read = FALSE;
4937	necp_client_update_observer_update(client);
4938	}
4939
4940	kfree_type(struct necp_client_parsed_parameters, parsed_parameters);
4941	return updated;
4942	}
4943
4944	static bool
4945	necp_defunct_client_fd_locked_inner(struct necp_fd_data client_fd, struct* _necp_flow_defunct_list *defunct_list, bool destroy_stats)
4946	{
4947	bool updated_result = FALSE;
4948	struct necp_client *client = NULL;
4949
4950	NECP_FD_ASSERT_LOCKED(client_fd);
4951
4952	RB_FOREACH(client, _necp_client_tree, &client_fd->clients) {
4953	struct necp_client_flow_registration *flow_registration = NULL;
4954
4955	NECP_CLIENT_LOCK(client);
4956
4957	// Prepare close events to be sent to the nexus to effectively remove the flows
4958	struct necp_client_flow *search_flow = NULL;
4959	RB_FOREACH(flow_registration, _necp_client_flow_tree, &client->flow_registrations) {
4960	LIST_FOREACH(search_flow, &flow_registration->flow_list, flow_chain) {
4961	if (search_flow->nexus &&
4962	!uuid_is_null(uu: search_flow->u.nexus_agent)) {
4963	// Sleeping alloc won't fail; copy only what's necessary
4964	struct necp_flow_defunct flow_defunct = kalloc_type(struct* necp_flow_defunct, Z_WAITOK \| Z_ZERO);
4965	uuid_copy(dst: flow_defunct->nexus_agent, src: search_flow->u.nexus_agent);
4966	uuid_copy(dst: flow_defunct->flow_id, src: ((flow_registration->flags & NECP_CLIENT_FLOW_FLAGS_USE_CLIENT_ID) ?
4967	client->client_id :
4968	flow_registration->registration_id));
4969	flow_defunct->proc_pid = client->proc_pid;
4970	flow_defunct->agent_handle = client->agent_handle;
4971	flow_defunct->flags = flow_registration->flags;
4972	#if SKYWALK
4973	if (flow_registration->kstats_kaddr != NULL) {
4974	struct necp_all_stats ustats_kaddr = ((struct* necp_all_kstats *)flow_registration->kstats_kaddr)->necp_stats_ustats;
4975	struct necp_quic_stats quicstats = (struct* necp_quic_stats *)ustats_kaddr;
4976	if (quicstats != NULL &&
4977	quicstats->necp_quic_udp_stats.necp_udp_hdr.necp_stats_type == NECP_CLIENT_STATISTICS_TYPE_QUIC) {
4978	memcpy(dst: flow_defunct->close_parameters.u.close_token, src: quicstats->necp_quic_extra.ssr_token, n: sizeof(flow_defunct->close_parameters.u.close_token));
4979	flow_defunct->has_close_parameters = true;
4980	}
4981	}
4982	#endif /* SKYWALK */
4983	// Add to the list provided by caller
4984	LIST_INSERT_HEAD(defunct_list, flow_defunct, chain);
4985
4986	flow_registration->defunct = true;
4987	flow_registration->flow_result_read = false;
4988	updated_result = true;
4989	}
4990	}
4991	}
4992	if (destroy_stats) {
4993	#if SKYWALK
4994	// Free any remaining stats objects back to the arena where they came from;
4995	// do this independent of the above defunct check, as the client may have
4996	// been marked as defunct separately via necp_defunct_client_for_policy().
4997	RB_FOREACH(flow_registration, _necp_client_flow_tree, &client->flow_registrations) {
4998	necp_destroy_flow_stats(fd_data: client_fd, flow_registration, NULL, FALSE);
4999	}
5000	#endif /* SKYWALK */
5001	}
5002	NECP_CLIENT_UNLOCK(client);
5003	}
5004
5005	return updated_result;
5006	}
5007
5008	static inline void
5009	necp_defunct_client_fd_locked(struct necp_fd_data client_fd, struct* _necp_flow_defunct_list defunct_list, struct* proc *proc)
5010	{
5011	#pragma unused(proc)
5012	bool updated_result = FALSE;
5013
5014	NECP_FD_ASSERT_LOCKED(client_fd);
5015	#if SKYWALK
5016	// redirect regions of currently-active stats arena to zero-filled pages
5017	struct necp_arena_info *nai = necp_fd_mredirect_stats_arena(fd_data: client_fd, proc);
5018	#endif /* SKYWALK */
5019
5020	updated_result = necp_defunct_client_fd_locked_inner(client_fd, defunct_list, true);
5021
5022	#if SKYWALK
5023	// and tear down the currently-active arena's regions now that the redirection and freeing are done
5024	if (nai != NULL) {
5025	ASSERT((nai->nai_flags & (NAIF_REDIRECT \| NAIF_DEFUNCT)) == NAIF_REDIRECT);
5026	ASSERT(nai->nai_arena != NULL);
5027	ASSERT(nai->nai_mmap.ami_mapref != NULL);
5028
5029	int err = skmem_arena_defunct(nai->nai_arena);
5030	VERIFY(err == `0`);
5031
5032	nai->nai_flags \|= NAIF_DEFUNCT;
5033	}
5034	#endif /* SKYWALK */
5035
5036	if (updated_result) {
5037	necp_fd_notify(fd_data: client_fd, true);
5038	}
5039	}
5040
5041	static inline void
5042	necp_update_client_fd_locked(struct necp_fd_data *client_fd,
5043	proc_t proc,
5044	struct _necp_flow_defunct_list *defunct_list)
5045	{
5046	struct necp_client *client = NULL;
5047	bool updated_result = FALSE;
5048	NECP_FD_ASSERT_LOCKED(client_fd);
5049	RB_FOREACH(client, _necp_client_tree, &client_fd->clients) {
5050	NECP_CLIENT_LOCK(client);
5051	if (necp_update_client_result(proc, client_fd, client, defunct_list)) {
5052	updated_result = TRUE;
5053	}
5054	NECP_CLIENT_UNLOCK(client);
5055	}
5056
5057	// Check if this PID needs to request in-process flow divert
5058	NECP_FD_LIST_ASSERT_LOCKED();
5059	for (int i = `0`; i < NECP_MAX_FLOW_DIVERT_NEEDED_PIDS; i++) {
5060	if (necp_flow_divert_needed_pids[i] == `0`) {
5061	break;
5062	}
5063	if (necp_flow_divert_needed_pids[i] == client_fd->proc_pid) {
5064	client_fd->request_in_process_flow_divert = true;
5065	break;
5066	}
5067	}
5068
5069	if (updated_result \|\| client_fd->request_in_process_flow_divert) {
5070	necp_fd_notify(fd_data: client_fd, true);
5071	}
5072	}
5073
5074	#if SKYWALK
5075	static void
5076	necp_close_empty_arenas_callout(__unused thread_call_param_t dummy,
5077	__unused thread_call_param_t arg)
5078	{
5079	struct necp_fd_data *client_fd = NULL;
5080
5081	NECP_FD_LIST_LOCK_SHARED();
5082
5083	LIST_FOREACH(client_fd, &necp_fd_list, chain) {
5084	NECP_FD_LOCK(client_fd);
5085	necp_stats_arenas_destroy(fd_data: client_fd, FALSE);
5086	NECP_FD_UNLOCK(client_fd);
5087	}
5088
5089	NECP_FD_LIST_UNLOCK();
5090	}
5091	#endif /* SKYWALK */
5092
5093	static void
5094	necp_update_all_clients_callout(__unused thread_call_param_t dummy,
5095	__unused thread_call_param_t arg)
5096	{
5097	struct necp_fd_data *client_fd = NULL;
5098
5099	NECP_UPDATE_ALL_CLIENTS_LOCK_EXCLUSIVE();
5100	uint32_t count = necp_update_all_clients_sched_cnt;
5101	necp_update_all_clients_sched_cnt = `0`;
5102	necp_update_all_clients_sched_abstime = `0`;
5103	NECP_UPDATE_ALL_CLIENTS_UNLOCK();
5104
5105	if (necp_debug > `0`) {
5106	NECPLOG(LOG_DEBUG,
5107	"necp_update_all_clients_callout running for coalesced %u updates",
5108	count);
5109	}
5110
5111	struct _necp_flow_defunct_list defunct_list;
5112	LIST_INIT(&defunct_list);
5113
5114	NECP_FD_LIST_LOCK_SHARED();
5115
5116	LIST_FOREACH(client_fd, &necp_fd_list, chain) {
5117	proc_t proc = proc_find(pid: client_fd->proc_pid);
5118	if (proc == PROC_NULL) {
5119	continue;
5120	}
5121
5122	// Update all clients on one fd
5123	NECP_FD_LOCK(client_fd);
5124	necp_update_client_fd_locked(client_fd, proc, defunct_list: &defunct_list);
5125	NECP_FD_UNLOCK(client_fd);
5126
5127	proc_rele(p: proc);
5128	proc = PROC_NULL;
5129	}
5130
5131	// Reset the necp_flow_divert_needed_pids list
5132	for (int i = `0`; i < NECP_MAX_FLOW_DIVERT_NEEDED_PIDS; i++) {
5133	necp_flow_divert_needed_pids[i] = `0`;
5134	}
5135
5136	NECP_FD_LIST_UNLOCK();
5137
5138	// Handle the case in which some clients became newly defunct
5139	necp_process_defunct_list(defunct_list: &defunct_list);
5140	}
5141
5142	void
5143	necp_update_all_clients(void)
5144	{
5145	necp_update_all_clients_immediately_if_needed(false);
5146	}
5147
5148	void
5149	necp_update_all_clients_immediately_if_needed(bool should_update_immediately)
5150	{
5151	if (necp_client_update_tcall == NULL) {
5152	// Don't try to update clients if the module is not initialized
5153	return;
5154	}
5155
5156	uint64_t deadline = `0`;
5157	uint64_t leeway = `0`;
5158
5159	uint32_t timeout_to_use = necp_timeout_microseconds;
5160	uint32_t leeway_to_use = necp_timeout_leeway_microseconds;
5161	if (should_update_immediately) {
5162	timeout_to_use = `1000` * `10`; // 10ms
5163	leeway_to_use = `1000` * `10`; // 10ms;
5164	}
5165
5166	clock_interval_to_deadline(interval: timeout_to_use, NSEC_PER_USEC, result: &deadline);
5167	clock_interval_to_absolutetime_interval(interval: leeway_to_use, NSEC_PER_USEC, result: &leeway);
5168
5169	NECP_UPDATE_ALL_CLIENTS_LOCK_EXCLUSIVE();
5170	bool need_cancel = false;
5171	bool need_schedule = true;
5172	uint64_t sched_abstime;
5173
5174	clock_absolutetime_interval_to_deadline(abstime: deadline + leeway, result: &sched_abstime);
5175
5176	/*
5177	* Do not push the timer if it is already scheduled
5178	*/
5179	if (necp_update_all_clients_sched_abstime != `0`) {
5180	need_schedule = false;
5181
5182	if (should_update_immediately) {
5183	/*
5184	* To update immediately we may have to cancel the current timer
5185	* if it's scheduled too far out.
5186	*/
5187	if (necp_update_all_clients_sched_abstime > sched_abstime) {
5188	need_cancel = true;
5189	need_schedule = true;
5190	}
5191	}
5192	}
5193
5194	/*
5195	* Record the time of the deadline with leeway
5196	*/
5197	if (need_schedule) {
5198	necp_update_all_clients_sched_abstime = sched_abstime;
5199	}
5200
5201	necp_update_all_clients_sched_cnt += `1`;
5202	uint32_t count = necp_update_all_clients_sched_cnt;
5203	NECP_UPDATE_ALL_CLIENTS_UNLOCK();
5204
5205	if (need_schedule) {
5206	/*
5207	* Wait if the thread call is currently executing to make sure the
5208	* next update will be delivered to all clients
5209	*/
5210	if (need_cancel) {
5211	(void) thread_call_cancel_wait(call: necp_client_update_tcall);
5212	}
5213
5214	(void) thread_call_enter_delayed_with_leeway(call: necp_client_update_tcall, NULL,
5215	deadline, leeway, THREAD_CALL_DELAY_LEEWAY);
5216	}
5217	if (necp_debug > `0`) {
5218	NECPLOG(LOG_DEBUG,
5219	"necp_update_all_clients immediate %s update %u",
5220	should_update_immediately ? "true" : "false", count);
5221	}
5222	}
5223
5224	bool
5225	necp_set_client_as_background(proc_t proc,
5226	struct fileproc *fp,
5227	bool background)
5228	{
5229	if (proc == PROC_NULL) {
5230	NECPLOG0(LOG_ERR, "NULL proc");
5231	return FALSE;
5232	}
5233
5234	if (fp == NULL) {
5235	NECPLOG0(LOG_ERR, "NULL fp");
5236	return FALSE;
5237	}
5238
5239	struct necp_fd_data client_fd = (struct* necp_fd_data *)fp_get_data(fp);
5240	if (client_fd == NULL) {
5241	NECPLOG0(LOG_ERR, "Could not find client structure for backgrounded client");
5242	return FALSE;
5243	}
5244
5245	if (client_fd->necp_fd_type != necp_fd_type_client) {
5246	// Not a client fd, ignore
5247	NECPLOG0(LOG_ERR, "Not a client fd, ignore");
5248	return FALSE;
5249	}
5250
5251	client_fd->background = background;
5252
5253	return TRUE;
5254	}
5255
5256	void
5257	necp_fd_memstatus(proc_t proc, uint32_t status,
5258	struct necp_fd_data *client_fd)
5259	{
5260	#pragma unused(proc, status, client_fd)
5261	ASSERT(proc != PROC_NULL);
5262	ASSERT(client_fd != NULL);
5263
5264	// Nothing to reap for the process or client for now,
5265	// but this is where we would trigger that in future.
5266	}
5267
5268	void
5269	necp_fd_defunct(proc_t proc, struct necp_fd_data *client_fd)
5270	{
5271	struct _necp_flow_defunct_list defunct_list;
5272
5273	ASSERT(proc != PROC_NULL);
5274	ASSERT(client_fd != NULL);
5275
5276	if (client_fd->necp_fd_type != necp_fd_type_client) {
5277	// Not a client fd, ignore
5278	return;
5279	}
5280
5281	// Our local temporary list
5282	LIST_INIT(&defunct_list);
5283
5284	// Need to hold lock so ntstats defunct the same set of clients
5285	NECP_FD_LOCK(client_fd);
5286	#if SKYWALK
5287	// Shut down statistics
5288	nstats_userland_stats_defunct_for_process(pid: proc_getpid(proc));
5289	#endif /* SKYWALK */
5290	necp_defunct_client_fd_locked(client_fd, defunct_list: &defunct_list, proc);
5291	NECP_FD_UNLOCK(client_fd);
5292
5293	necp_process_defunct_list(defunct_list: &defunct_list);
5294	}
5295
5296	void
5297	necp_client_request_in_process_flow_divert(pid_t pid)
5298	{
5299	if (pid == `0`) {
5300	return;
5301	}
5302
5303	// Add to the list of pids that should get an update. These will
5304	// get picked up on the next thread call to update client paths.
5305	NECP_FD_LIST_LOCK_SHARED();
5306	for (int i = `0`; i < NECP_MAX_FLOW_DIVERT_NEEDED_PIDS; i++) {
5307	if (necp_flow_divert_needed_pids[i] == `0`) {
5308	necp_flow_divert_needed_pids[i] = pid;
5309	break;
5310	}
5311	}
5312	NECP_FD_LIST_UNLOCK();
5313	}
5314
5315	static void
5316	necp_client_remove_agent_from_result(struct necp_client *client, uuid_t netagent_uuid)
5317	{
5318	size_t offset = `0`;
5319
5320	u_int8_t *result_buffer = client->result;
5321	while ((offset + sizeof(struct necp_tlv_header)) <= client->result_length) {
5322	u_int8_t type = necp_buffer_get_tlv_type(buffer: result_buffer, tlv_offset: offset);
5323	u_int32_t length = necp_buffer_get_tlv_length(buffer: result_buffer, tlv_offset: offset);
5324
5325	size_t tlv_total_length = (sizeof(struct necp_tlv_header) + length);
5326	if (type == NECP_CLIENT_RESULT_NETAGENT &&
5327	length == sizeof(struct necp_client_result_netagent) &&
5328	(offset + tlv_total_length) <= client->result_length) {
5329	struct necp_client_result_netagent value = ((struct* necp_client_result_netagent )(void* *)
5330	necp_buffer_get_tlv_value(buffer: result_buffer, tlv_offset: offset, NULL));
5331	if (uuid_compare(uu1: value->netagent_uuid, uu2: netagent_uuid) == `0`) {
5332	// Found a netagent to remove
5333	// Shift bytes down to remove the tlv, and adjust total length
5334	// Don't adjust the current offset
5335	memmove(dst: result_buffer + offset,
5336	src: result_buffer + offset + tlv_total_length,
5337	n: client->result_length - (offset + tlv_total_length));
5338	client->result_length -= tlv_total_length;
5339	memset(s: result_buffer + client->result_length, c: `0`, n: sizeof(client->result) - client->result_length);
5340	continue;
5341	}
5342	}
5343
5344	offset += tlv_total_length;
5345	}
5346	}
5347
5348	void
5349	necp_force_update_client(uuid_t client_id, uuid_t remove_netagent_uuid, u_int32_t agent_generation)
5350	{
5351	struct necp_fd_data *client_fd = NULL;
5352
5353	NECP_FD_LIST_LOCK_SHARED();
5354
5355	LIST_FOREACH(client_fd, &necp_fd_list, chain) {
5356	bool updated_result = FALSE;
5357	NECP_FD_LOCK(client_fd);
5358	struct necp_client *client = necp_client_fd_find_client_and_lock(client_fd, client_id);
5359	if (client != NULL) {
5360	client->failed_trigger_agent.generation = agent_generation;
5361	uuid_copy(dst: client->failed_trigger_agent.netagent_uuid, src: remove_netagent_uuid);
5362	if (!uuid_is_null(uu: remove_netagent_uuid)) {
5363	necp_client_remove_agent_from_result(client, netagent_uuid: remove_netagent_uuid);
5364	}
5365	client->result_read = FALSE;
5366	// Found the client, break
5367	updated_result = TRUE;
5368	NECP_CLIENT_UNLOCK(client);
5369	}
5370	if (updated_result) {
5371	necp_fd_notify(fd_data: client_fd, true);
5372	}
5373	NECP_FD_UNLOCK(client_fd);
5374	if (updated_result) {
5375	// Found the client, break
5376	break;
5377	}
5378	}
5379
5380	NECP_FD_LIST_UNLOCK();
5381	}
5382
5383	#if SKYWALK
5384	void
5385	necp_client_early_close(uuid_t client_id)
5386	{
5387	NECP_CLIENT_TREE_LOCK_SHARED();
5388
5389	struct necp_client *client = necp_find_client_and_lock(client_id);
5390	if (client != NULL) {
5391	struct necp_client_flow_registration *flow_registration = necp_client_find_flow(client, flow_id: client_id);
5392	if (flow_registration != NULL) {
5393	// Found the right client and flow, mark the stats as over
5394	if (flow_registration->stats_handler_context != NULL) {
5395	ntstat_userland_stats_event(nstat_ctx: flow_registration->stats_handler_context,
5396	NECP_CLIENT_STATISTICS_EVENT_TIME_WAIT);
5397	}
5398	}
5399	NECP_CLIENT_UNLOCK(client);
5400	}
5401
5402	NECP_CLIENT_TREE_UNLOCK();
5403	}
5404	#endif /* SKYWALK */
5405
5406	/// Interface matching
5407
5408	#define NECP_PARSED_PARAMETERS_INTERESTING_IFNET_FIELDS (NECP_PARSED_PARAMETERS_FIELD_LOCAL_ADDR \| \
5409	NECP_PARSED_PARAMETERS_FIELD_PROHIBITED_IF \| \
5410	NECP_PARSED_PARAMETERS_FIELD_REQUIRED_IFTYPE \| \
5411	NECP_PARSED_PARAMETERS_FIELD_PROHIBITED_IFTYPE \| \
5412	NECP_PARSED_PARAMETERS_FIELD_REQUIRED_AGENT \| \
5413	NECP_PARSED_PARAMETERS_FIELD_PROHIBITED_AGENT \| \
5414	NECP_PARSED_PARAMETERS_FIELD_PREFERRED_AGENT \| \
5415	NECP_PARSED_PARAMETERS_FIELD_AVOIDED_AGENT \| \
5416	NECP_PARSED_PARAMETERS_FIELD_REQUIRED_AGENT_TYPE \| \
5417	NECP_PARSED_PARAMETERS_FIELD_PROHIBITED_AGENT_TYPE \| \
5418	NECP_PARSED_PARAMETERS_FIELD_PREFERRED_AGENT_TYPE \| \
5419	NECP_PARSED_PARAMETERS_FIELD_AVOIDED_AGENT_TYPE)
5420
5421	#define NECP_PARSED_PARAMETERS_SCOPED_FIELDS (NECP_PARSED_PARAMETERS_FIELD_LOCAL_ADDR \| \
5422	NECP_PARSED_PARAMETERS_FIELD_REQUIRED_IFTYPE \| \
5423	NECP_PARSED_PARAMETERS_FIELD_REQUIRED_AGENT \| \
5424	NECP_PARSED_PARAMETERS_FIELD_PREFERRED_AGENT \| \
5425	NECP_PARSED_PARAMETERS_FIELD_REQUIRED_AGENT_TYPE \| \
5426	NECP_PARSED_PARAMETERS_FIELD_PREFERRED_AGENT_TYPE)
5427
5428	#define NECP_PARSED_PARAMETERS_SCOPED_IFNET_FIELDS (NECP_PARSED_PARAMETERS_FIELD_LOCAL_ADDR \| \
5429	NECP_PARSED_PARAMETERS_FIELD_REQUIRED_IFTYPE)
5430
5431	#define NECP_PARSED_PARAMETERS_PREFERRED_FIELDS (NECP_PARSED_PARAMETERS_FIELD_PREFERRED_AGENT \| \
5432	NECP_PARSED_PARAMETERS_FIELD_AVOIDED_AGENT \| \
5433	NECP_PARSED_PARAMETERS_FIELD_PREFERRED_AGENT_TYPE \| \
5434	NECP_PARSED_PARAMETERS_FIELD_AVOIDED_AGENT_TYPE)
5435
5436	static bool
5437	necp_ifnet_matches_type(struct ifnet *ifp, u_int8_t interface_type, bool check_delegates)
5438	{
5439	struct ifnet *check_ifp = ifp;
5440	while (check_ifp) {
5441	if (if_functional_type(check_ifp, TRUE) == interface_type) {
5442	return TRUE;
5443	}
5444	if (!check_delegates) {
5445	break;
5446	}
5447	check_ifp = check_ifp->if_delegated.ifp;
5448	}
5449	return FALSE;
5450	}
5451
5452	static bool
5453	necp_ifnet_matches_name(struct ifnet ifp, const* char *interface_name, bool check_delegates)
5454	{
5455	struct ifnet *check_ifp = ifp;
5456	while (check_ifp) {
5457	if (strncmp(s1: check_ifp->if_xname, s2: interface_name, IFXNAMSIZ) == `0`) {
5458	return TRUE;
5459	}
5460	if (!check_delegates) {
5461	break;
5462	}
5463	check_ifp = check_ifp->if_delegated.ifp;
5464	}
5465	return FALSE;
5466	}
5467
5468	static bool
5469	necp_ifnet_matches_agent(struct ifnet ifp, uuid_t agent_uuid, bool check_delegates)
5470	{
5471	struct ifnet *check_ifp = ifp;
5472
5473	while (check_ifp != NULL) {
5474	ifnet_lock_shared(ifp: check_ifp);
5475	if (check_ifp->if_agentids != NULL) {
5476	for (u_int32_t index = `0`; index < check_ifp->if_agentcount; index++) {
5477	if (uuid_compare(uu1: check_ifp->if_agentids[index], uu2: *agent_uuid) == `0`) {
5478	ifnet_lock_done(ifp: check_ifp);
5479	return TRUE;
5480	}
5481	}
5482	}
5483	ifnet_lock_done(ifp: check_ifp);
5484
5485	if (!check_delegates) {
5486	break;
5487	}
5488	check_ifp = check_ifp->if_delegated.ifp;
5489	}
5490	return FALSE;
5491	}
5492
5493	static bool
5494	necp_ifnet_matches_agent_type(struct ifnet ifp, const* char agent_domain, const* char *agent_type, bool check_delegates)
5495	{
5496	struct ifnet *check_ifp = ifp;
5497
5498	while (check_ifp != NULL) {
5499	ifnet_lock_shared(ifp: check_ifp);
5500	if (check_ifp->if_agentids != NULL) {
5501	for (u_int32_t index = `0`; index < check_ifp->if_agentcount; index++) {
5502	if (uuid_is_null(uu: check_ifp->if_agentids[index])) {
5503	continue;
5504	}
5505
5506	char if_agent_domain[NETAGENT_DOMAINSIZE] = { `0` };
5507	char if_agent_type[NETAGENT_TYPESIZE] = { `0` };
5508
5509	if (netagent_get_agent_domain_and_type(uuid: check_ifp->if_agentids[index], domain: if_agent_domain, type: if_agent_type)) {
5510	if (necp_agent_types_match(agent_domain1: agent_domain, agent_type1: agent_type, agent_domain2: if_agent_domain, agent_type2: if_agent_type)) {
5511	ifnet_lock_done(ifp: check_ifp);
5512	return TRUE;
5513	}
5514	}
5515	}
5516	}
5517	ifnet_lock_done(ifp: check_ifp);
5518
5519	if (!check_delegates) {
5520	break;
5521	}
5522	check_ifp = check_ifp->if_delegated.ifp;
5523	}
5524	return FALSE;
5525	}
5526
5527	static bool
5528	necp_ifnet_matches_local_address(struct ifnet ifp, struct* sockaddr *sa)
5529	{
5530	struct ifaddr *ifa = NULL;
5531	bool matched_local_address = FALSE;
5532
5533	// Transform sa into the ifaddr form
5534	// IPv6 Scope IDs are always embedded in the ifaddr list
5535	struct sockaddr_storage address;
5536	u_int ifscope = IFSCOPE_NONE;
5537	(void)sa_copy(sa, &address, &ifscope);
5538	SIN(&address)->sin_port = `0`;
5539	if (address.ss_family == AF_INET6) {
5540	if (in6_embedded_scope \|\|
5541	!IN6_IS_SCOPE_EMBED(&SIN6(&address)->sin6_addr)) {
5542	SIN6(&address)->sin6_scope_id = `0`;
5543	}
5544	}
5545
5546	ifa = ifa_ifwithaddr_scoped_locked((struct sockaddr *)&address, ifp->if_index);
5547	matched_local_address = (ifa != NULL);
5548
5549	if (ifa) {
5550	ifaddr_release(ifaddr: ifa);
5551	}
5552
5553	return matched_local_address;
5554	}
5555
5556	static bool
5557	necp_interface_type_should_match_unranked_interfaces(u_int8_t interface_type)
5558	{
5559	switch (interface_type) {
5560	// These are the interface types we allow a client to request even if the matching
5561	// interface isn't currently eligible to be primary (has default route, dns, etc)
5562	case IFRTYPE_FUNCTIONAL_WIFI_AWDL:
5563	case IFRTYPE_FUNCTIONAL_INTCOPROC:
5564	case IFRTYPE_FUNCTIONAL_COMPANIONLINK:
5565	return true;
5566	default:
5567	break;
5568	}
5569	return false;
5570	}
5571
5572	#define NECP_IFP_IS_ON_ORDERED_LIST(_ifp) ((_ifp)->if_ordered_link.tqe_next != NULL \|\| (_ifp)->if_ordered_link.tqe_prev != NULL)
5573
5574	// Secondary interface flag indicates that the interface is being
5575	// used for multipath or a listener as an extra path
5576	static bool
5577	necp_ifnet_matches_parameters(struct ifnet *ifp,
5578	struct necp_client_parsed_parameters *parsed_parameters,
5579	u_int32_t override_flags,
5580	u_int32_t *preferred_count,
5581	bool secondary_interface,
5582	bool require_scoped_field)
5583	{
5584	bool matched_some_scoped_field = FALSE;
5585
5586	if (preferred_count) {
5587	*preferred_count = `0`;
5588	}
5589
5590	if (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_REQUIRED_IF) {
5591	if (parsed_parameters->required_interface_index != ifp->if_index) {
5592	return FALSE;
5593	}
5594	}
5595	#if SKYWALK
5596	else {
5597	if (ifnet_is_low_latency(ifp)) {
5598	return FALSE;
5599	}
5600	}
5601	#endif /* SKYWALK */
5602
5603	if (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_LOCAL_ADDR) {
5604	if (!necp_ifnet_matches_local_address(ifp, SA(&parsed_parameters->local_addr.sa))) {
5605	return FALSE;
5606	}
5607	if (require_scoped_field) {
5608	matched_some_scoped_field = TRUE;
5609	}
5610	}
5611
5612	if (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_FLAGS) {
5613	if (override_flags != `0`) {
5614	if ((override_flags & NECP_CLIENT_PARAMETER_FLAG_PROHIBIT_EXPENSIVE) &&
5615	IFNET_IS_EXPENSIVE(ifp)) {
5616	return FALSE;
5617	}
5618	if ((override_flags & NECP_CLIENT_PARAMETER_FLAG_PROHIBIT_CONSTRAINED) &&
5619	IFNET_IS_CONSTRAINED(ifp)) {
5620	return FALSE;
5621	}
5622	} else {
5623	if ((parsed_parameters->flags & NECP_CLIENT_PARAMETER_FLAG_PROHIBIT_EXPENSIVE) &&
5624	IFNET_IS_EXPENSIVE(ifp)) {
5625	return FALSE;
5626	}
5627	if ((parsed_parameters->flags & NECP_CLIENT_PARAMETER_FLAG_PROHIBIT_CONSTRAINED) &&
5628	IFNET_IS_CONSTRAINED(ifp)) {
5629	return FALSE;
5630	}
5631	}
5632	}
5633
5634	if ((!secondary_interface \|\| // Enforce interface type if this is the primary interface
5635	!(parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_FLAGS) \|\| // or if there are no flags
5636	!(parsed_parameters->flags & NECP_CLIENT_PARAMETER_FLAG_ONLY_PRIMARY_REQUIRES_TYPE)) && // or if the flags don't give an exception
5637	(parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_REQUIRED_IFTYPE) &&
5638	!necp_ifnet_matches_type(ifp, interface_type: parsed_parameters->required_interface_type, FALSE)) {
5639	return FALSE;
5640	}
5641
5642	if (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_REQUIRED_IFTYPE) {
5643	if (require_scoped_field) {
5644	matched_some_scoped_field = TRUE;
5645	}
5646	}
5647
5648	if (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_PROHIBITED_IFTYPE) {
5649	for (int i = `0`; i < NECP_MAX_INTERFACE_PARAMETERS; i++) {
5650	if (parsed_parameters->prohibited_interface_types[i] == `0`) {
5651	break;
5652	}
5653
5654	if (necp_ifnet_matches_type(ifp, interface_type: parsed_parameters->prohibited_interface_types[i], TRUE)) {
5655	return FALSE;
5656	}
5657	}
5658	}
5659
5660	if (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_PROHIBITED_IF) {
5661	for (int i = `0`; i < NECP_MAX_INTERFACE_PARAMETERS; i++) {
5662	if (strlen(s: parsed_parameters->prohibited_interfaces[i]) == `0`) {
5663	break;
5664	}
5665
5666	if (necp_ifnet_matches_name(ifp, interface_name: parsed_parameters->prohibited_interfaces[i], TRUE)) {
5667	return FALSE;
5668	}
5669	}
5670	}
5671
5672	if (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_REQUIRED_AGENT) {
5673	for (int i = `0`; i < NECP_MAX_AGENT_PARAMETERS; i++) {
5674	if (uuid_is_null(uu: parsed_parameters->required_netagents[i])) {
5675	break;
5676	}
5677
5678	if (!necp_ifnet_matches_agent(ifp, agent_uuid: &parsed_parameters->required_netagents[i], FALSE)) {
5679	return FALSE;
5680	}
5681
5682	if (require_scoped_field) {
5683	matched_some_scoped_field = TRUE;
5684	}
5685	}
5686	}
5687
5688	if (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_PROHIBITED_AGENT) {
5689	for (int i = `0`; i < NECP_MAX_AGENT_PARAMETERS; i++) {
5690	if (uuid_is_null(uu: parsed_parameters->prohibited_netagents[i])) {
5691	break;
5692	}
5693
5694	if (necp_ifnet_matches_agent(ifp, agent_uuid: &parsed_parameters->prohibited_netagents[i], TRUE)) {
5695	return FALSE;
5696	}
5697	}
5698	}
5699
5700	if (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_REQUIRED_AGENT_TYPE) {
5701	for (int i = `0`; i < NECP_MAX_AGENT_PARAMETERS; i++) {
5702	if (strlen(s: parsed_parameters->required_netagent_types[i].netagent_domain) == `0` &&
5703	strlen(s: parsed_parameters->required_netagent_types[i].netagent_type) == `0`) {
5704	break;
5705	}
5706
5707	if (!necp_ifnet_matches_agent_type(ifp, agent_domain: parsed_parameters->required_netagent_types[i].netagent_domain, agent_type: parsed_parameters->required_netagent_types[i].netagent_type, FALSE)) {
5708	return FALSE;
5709	}
5710
5711	if (require_scoped_field) {
5712	matched_some_scoped_field = TRUE;
5713	}
5714	}
5715	}
5716
5717	if (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_PROHIBITED_AGENT_TYPE) {
5718	for (int i = `0`; i < NECP_MAX_AGENT_PARAMETERS; i++) {
5719	if (strlen(s: parsed_parameters->prohibited_netagent_types[i].netagent_domain) == `0` &&
5720	strlen(s: parsed_parameters->prohibited_netagent_types[i].netagent_type) == `0`) {
5721	break;
5722	}
5723
5724	if (necp_ifnet_matches_agent_type(ifp, agent_domain: parsed_parameters->prohibited_netagent_types[i].netagent_domain, agent_type: parsed_parameters->prohibited_netagent_types[i].netagent_type, TRUE)) {
5725	return FALSE;
5726	}
5727	}
5728	}
5729
5730	// Checked preferred properties
5731	if (preferred_count) {
5732	if (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_PREFERRED_AGENT) {
5733	for (int i = `0`; i < NECP_MAX_AGENT_PARAMETERS; i++) {
5734	if (uuid_is_null(uu: parsed_parameters->preferred_netagents[i])) {
5735	break;
5736	}
5737
5738	if (necp_ifnet_matches_agent(ifp, agent_uuid: &parsed_parameters->preferred_netagents[i], TRUE)) {
5739	(*preferred_count)++;
5740	if (require_scoped_field) {
5741	matched_some_scoped_field = TRUE;
5742	}
5743	}
5744	}
5745	}
5746
5747	if (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_PREFERRED_AGENT_TYPE) {
5748	for (int i = `0`; i < NECP_MAX_AGENT_PARAMETERS; i++) {
5749	if (strlen(s: parsed_parameters->preferred_netagent_types[i].netagent_domain) == `0` &&
5750	strlen(s: parsed_parameters->preferred_netagent_types[i].netagent_type) == `0`) {
5751	break;
5752	}
5753
5754	if (necp_ifnet_matches_agent_type(ifp, agent_domain: parsed_parameters->preferred_netagent_types[i].netagent_domain, agent_type: parsed_parameters->preferred_netagent_types[i].netagent_type, TRUE)) {
5755	(*preferred_count)++;
5756	if (require_scoped_field) {
5757	matched_some_scoped_field = TRUE;
5758	}
5759	}
5760	}
5761	}
5762
5763	if (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_AVOIDED_AGENT) {
5764	for (int i = `0`; i < NECP_MAX_AGENT_PARAMETERS; i++) {
5765	if (uuid_is_null(uu: parsed_parameters->avoided_netagents[i])) {
5766	break;
5767	}
5768
5769	if (!necp_ifnet_matches_agent(ifp, agent_uuid: &parsed_parameters->avoided_netagents[i], TRUE)) {
5770	(*preferred_count)++;
5771	}
5772	}
5773	}
5774
5775	if (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_AVOIDED_AGENT_TYPE) {
5776	for (int i = `0`; i < NECP_MAX_AGENT_PARAMETERS; i++) {
5777	if (strlen(s: parsed_parameters->avoided_netagent_types[i].netagent_domain) == `0` &&
5778	strlen(s: parsed_parameters->avoided_netagent_types[i].netagent_type) == `0`) {
5779	break;
5780	}
5781
5782	if (!necp_ifnet_matches_agent_type(ifp, agent_domain: parsed_parameters->avoided_netagent_types[i].netagent_domain,
5783	agent_type: parsed_parameters->avoided_netagent_types[i].netagent_type, TRUE)) {
5784	(*preferred_count)++;
5785	}
5786	}
5787	}
5788	}
5789
5790	if (require_scoped_field) {
5791	return matched_some_scoped_field;
5792	}
5793
5794	return TRUE;
5795	}
5796
5797	static bool
5798	necp_find_matching_interface_index(struct necp_client_parsed_parameters *parsed_parameters,
5799	u_int return_ifindex, bool validate_agents)
5800	{
5801	struct ifnet *ifp = NULL;
5802	u_int32_t best_preferred_count = `0`;
5803	bool has_preferred_fields = FALSE;
5804	*return_ifindex = `0`;
5805
5806	if (parsed_parameters->required_interface_index != `0`) {
5807	*return_ifindex = parsed_parameters->required_interface_index;
5808	return TRUE;
5809	}
5810
5811	// Check and save off flags
5812	u_int32_t flags = `0`;
5813	bool has_prohibit_flags = FALSE;
5814	if (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_FLAGS) {
5815	flags = parsed_parameters->flags;
5816	has_prohibit_flags = (parsed_parameters->flags &
5817	(NECP_CLIENT_PARAMETER_FLAG_PROHIBIT_EXPENSIVE \|
5818	NECP_CLIENT_PARAMETER_FLAG_PROHIBIT_CONSTRAINED));
5819	}
5820
5821	if (!(parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_INTERESTING_IFNET_FIELDS) &&
5822	!has_prohibit_flags) {
5823	return TRUE;
5824	}
5825
5826	has_preferred_fields = (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_PREFERRED_FIELDS);
5827
5828	// We have interesting parameters to parse and find a matching interface
5829	ifnet_head_lock_shared();
5830
5831	if (!(parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_SCOPED_FIELDS) &&
5832	!has_preferred_fields) {
5833	// We do have fields to match, but they are only prohibitory
5834	// If the first interface in the list matches, or there are no ordered interfaces, we don't need to scope
5835	ifp = TAILQ_FIRST(&ifnet_ordered_head);
5836	if (ifp == NULL \|\| necp_ifnet_matches_parameters(ifp, parsed_parameters, override_flags: `0`, NULL, false, false)) {
5837	// Don't set return_ifindex, so the client doesn't need to scope
5838	ifnet_head_done();
5839	return TRUE;
5840	}
5841
5842	if (parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_REMOTE_ADDR &&
5843	parsed_parameters->remote_addr.sin6.sin6_family == AF_INET6 &&
5844	parsed_parameters->remote_addr.sin6.sin6_scope_id != IFSCOPE_NONE &&
5845	parsed_parameters->remote_addr.sin6.sin6_scope_id <= (u_int32_t)if_index) {
5846	ifp = ifindex2ifnet[parsed_parameters->remote_addr.sin6.sin6_scope_id];
5847	if (ifp != NULL && necp_ifnet_matches_parameters(ifp, parsed_parameters, override_flags: `0`, NULL, false, false)) {
5848	// Don't set return_ifindex, so the client doesn't need to scope since the v6 scope ID will
5849	// already route to the correct interface
5850	ifnet_head_done();
5851	return TRUE;
5852	}
5853	}
5854	}
5855
5856	// First check the ordered interface list
5857	TAILQ_FOREACH(ifp, &ifnet_ordered_head, if_ordered_link) {
5858	u_int32_t preferred_count = `0`;
5859	if (necp_ifnet_matches_parameters(ifp, parsed_parameters, override_flags: flags, preferred_count: &preferred_count, false, false)) {
5860	if (preferred_count > best_preferred_count \|\|
5861	*return_ifindex == `0`) {
5862	// Everything matched, and is most preferred. Return this interface.
5863	*return_ifindex = ifp->if_index;
5864	best_preferred_count = preferred_count;
5865
5866	if (!has_preferred_fields) {
5867	break;
5868	}
5869	}
5870	}
5871
5872	if (has_prohibit_flags &&
5873	ifp == TAILQ_FIRST(&ifnet_ordered_head)) {
5874	// This was the first interface. From here on, if the
5875	// client prohibited either expensive or constrained,
5876	// don't allow either as a secondary interface option.
5877	flags \|= (NECP_CLIENT_PARAMETER_FLAG_PROHIBIT_EXPENSIVE \|
5878	NECP_CLIENT_PARAMETER_FLAG_PROHIBIT_CONSTRAINED);
5879	}
5880	}
5881
5882	bool is_listener = ((parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_FLAGS) &&
5883	(parsed_parameters->flags & NECP_CLIENT_PARAMETER_FLAG_LISTENER));
5884
5885	// Then check the remaining interfaces
5886	if ((parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_SCOPED_FIELDS) &&
5887	((!(parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_REQUIRED_IFTYPE)) \|\|
5888	necp_interface_type_should_match_unranked_interfaces(interface_type: parsed_parameters->required_interface_type) \|\|
5889	(parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_FIELD_LOCAL_ADDR) \|\|
5890	is_listener) &&
5891	(*return_ifindex == `0` \|\| has_preferred_fields)) {
5892	TAILQ_FOREACH(ifp, &ifnet_head, if_link) {
5893	u_int32_t preferred_count = `0`;
5894	if (NECP_IFP_IS_ON_ORDERED_LIST(ifp)) {
5895	// This interface was in the ordered list, skip
5896	continue;
5897	}
5898	if (necp_ifnet_matches_parameters(ifp, parsed_parameters, override_flags: flags, preferred_count: &preferred_count, false, true)) {
5899	if (preferred_count > best_preferred_count \|\|
5900	*return_ifindex == `0`) {
5901	// Everything matched, and is most preferred. Return this interface.
5902	*return_ifindex = ifp->if_index;
5903	best_preferred_count = preferred_count;
5904
5905	if (!has_preferred_fields) {
5906	break;
5907	}
5908	}
5909	}
5910	}
5911	}
5912
5913	ifnet_head_done();
5914
5915	if (has_preferred_fields && best_preferred_count == `0` &&
5916	((parsed_parameters->valid_fields & (NECP_PARSED_PARAMETERS_SCOPED_FIELDS \| NECP_PARSED_PARAMETERS_PREFERRED_FIELDS)) ==
5917	(parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_PREFERRED_FIELDS))) {
5918	// If only has preferred ifnet fields, and nothing was found, clear the interface index and return TRUE
5919	*return_ifindex = `0`;
5920	return TRUE;
5921	}
5922
5923	if (*return_ifindex == `0` &&
5924	!(parsed_parameters->valid_fields & NECP_PARSED_PARAMETERS_SCOPED_IFNET_FIELDS)) {
5925	// Has required fields, but not including specific interface fields. Pass for now, and check
5926	// to see if agents are satisfied by policy.
5927	*validate_agents = TRUE;
5928	return TRUE;
5929	}
5930
5931	return *return_ifindex != `0`;
5932	}
5933
5934	void
5935	necp_copy_inp_domain_info(struct inpcb inp, struct* socket so, nstat_domain_info domain_info)
5936	{
5937	if (inp == NULL \|\| so == NULL \|\| domain_info == NULL) {
5938	return;
5939	}
5940
5941	necp_lock_socket_attributes();
5942
5943	domain_info->is_tracker = !!(so->so_flags1 & SOF1_KNOWN_TRACKER);
5944	domain_info->is_non_app_initiated = !!(so->so_flags1 & SOF1_TRACKER_NON_APP_INITIATED);
5945	if (domain_info->is_tracker &&
5946	inp->inp_necp_attributes.inp_tracker_domain != NULL) {
5947	strlcpy(dst: domain_info->domain_name, src: inp->inp_necp_attributes.inp_tracker_domain,
5948	n: sizeof(domain_info->domain_name));
5949	} else if (inp->inp_necp_attributes.inp_domain != NULL) {
5950	strlcpy(dst: domain_info->domain_name, src: inp->inp_necp_attributes.inp_domain,
5951	n: sizeof(domain_info->domain_name));
5952	}
5953	if (inp->inp_necp_attributes.inp_domain_owner != NULL) {
5954	strlcpy(dst: domain_info->domain_owner, src: inp->inp_necp_attributes.inp_domain_owner,
5955	n: sizeof(domain_info->domain_owner));
5956	}
5957	if (inp->inp_necp_attributes.inp_domain_context != NULL) {
5958	strlcpy(dst: domain_info->domain_tracker_ctxt, src: inp->inp_necp_attributes.inp_domain_context,
5959	n: sizeof(domain_info->domain_tracker_ctxt));
5960	}
5961
5962	necp_unlock_socket_attributes();
5963	}
5964
5965	void
5966	necp_with_inp_domain_name(struct socket so, void* ctx, void* (with_func)(char* domain_name, void* *ctx))
5967	{
5968	struct inpcb *inp = NULL;
5969
5970	if (so == NULL \|\| with_func == NULL) {
5971	return;
5972	}
5973
5974	inp = (struct inpcb *)so->so_pcb;
5975	if (inp == NULL) {
5976	return;
5977	}
5978
5979	necp_lock_socket_attributes();
5980	with_func(inp->inp_necp_attributes.inp_domain, ctx);
5981	necp_unlock_socket_attributes();
5982	}
5983
5984	static size_t
5985	necp_find_domain_info_common(struct necp_client *client,
5986	u_int8_t *parameters,
5987	size_t parameters_size,
5988	struct necp_client_flow_registration flow_registration, /* For logging purposes only /
5989	nstat_domain_info *domain_info)
5990	{
5991	if (client == NULL) {
5992	return `0`;
5993	}
5994	if (domain_info == NULL) {
5995	return sizeof(nstat_domain_info);
5996	}
5997
5998	size_t offset = `0`;
5999	u_int32_t flags = `0`;
6000	u_int8_t *tracker_domain = NULL;
6001	u_int8_t *domain = NULL;
6002	size_t tracker_domain_length = `0`;
6003	size_t domain_length = `0`;
6004
6005	NECP_CLIENT_FLOW_LOG(client, flow_registration, "Collecting stats");
6006
6007	while ((offset + sizeof(struct necp_tlv_header)) <= parameters_size) {
6008	u_int8_t type = necp_buffer_get_tlv_type(buffer: parameters, tlv_offset: offset);
6009	u_int32_t length = necp_buffer_get_tlv_length(buffer: parameters, tlv_offset: offset);
6010
6011	if (length > (parameters_size - (offset + sizeof(struct necp_tlv_header)))) {
6012	// If the length is larger than what can fit in the remaining parameters size, bail
6013	NECPLOG(LOG_ERR, "Invalid TLV length (%u)", length);
6014	break;
6015	}
6016
6017	if (length > `0`) {
6018	u_int8_t *value = necp_buffer_get_tlv_value(buffer: parameters, tlv_offset: offset, NULL);
6019	if (value != NULL) {
6020	switch (type) {
6021	case NECP_CLIENT_PARAMETER_FLAGS: {
6022	if (length >= sizeof(u_int32_t)) {
6023	memcpy(dst: &flags, src: value, n: sizeof(u_int32_t));
6024	}
6025
6026	domain_info->is_tracker =
6027	!!(flags & NECP_CLIENT_PARAMETER_FLAG_KNOWN_TRACKER);
6028	domain_info->is_non_app_initiated =
6029	!!(flags & NECP_CLIENT_PARAMETER_FLAG_NON_APP_INITIATED);
6030	domain_info->is_silent =
6031	!!(flags & NECP_CLIENT_PARAMETER_FLAG_SILENT);
6032	break;
6033	}
6034	case NECP_CLIENT_PARAMETER_TRACKER_DOMAIN: {
6035	tracker_domain_length = length;
6036	tracker_domain = value;
6037	break;
6038	}
6039	case NECP_CLIENT_PARAMETER_DOMAIN: {
6040	domain_length = length;
6041	domain = value;
6042	break;
6043	}
6044	case NECP_CLIENT_PARAMETER_DOMAIN_OWNER: {
6045	size_t length_to_copy = MIN(length, sizeof(domain_info->domain_owner));
6046	strlcpy(dst: domain_info->domain_owner, src: (const char *)value, n: length_to_copy);
6047	break;
6048	}
6049	case NECP_CLIENT_PARAMETER_DOMAIN_CONTEXT: {
6050	size_t length_to_copy = MIN(length, sizeof(domain_info->domain_tracker_ctxt));
6051	strlcpy(dst: domain_info->domain_tracker_ctxt, src: (const char *)value, n: length_to_copy);
6052	break;
6053	}
6054	case NECP_CLIENT_PARAMETER_ATTRIBUTED_BUNDLE_IDENTIFIER: {
6055	size_t length_to_copy = MIN(length, sizeof(domain_info->domain_attributed_bundle_id));
6056	strlcpy(dst: domain_info->domain_attributed_bundle_id, src: (const char *)value, n: length_to_copy);
6057	break;
6058	}
6059	case NECP_CLIENT_PARAMETER_REMOTE_ADDRESS: {
6060	if (length >= sizeof(struct necp_policy_condition_addr)) {
6061	struct necp_policy_condition_addr address_struct = (struct* necp_policy_condition_addr )(void* *)value;
6062	if (necp_client_address_is_valid(&address_struct->address.sa)) {
6063	memcpy(dst: &domain_info->remote, src: &address_struct->address, n: sizeof(address_struct->address));
6064	}
6065	}
6066	break;
6067	}
6068	default: {
6069	break;
6070	}
6071	}
6072	}
6073	}
6074	offset += sizeof(struct necp_tlv_header) + length;
6075	}
6076
6077	if (domain_info->is_tracker && tracker_domain != NULL && tracker_domain_length > `0`) {
6078	size_t length_to_copy = MIN(tracker_domain_length, sizeof(domain_info->domain_name));
6079	strlcpy(dst: domain_info->domain_name, src: (const char *)tracker_domain, n: length_to_copy);
6080	} else if (domain != NULL && domain_length > `0`) {
6081	size_t length_to_copy = MIN(domain_length, sizeof(domain_info->domain_name));
6082	strlcpy(dst: domain_info->domain_name, src: (const char *)domain, n: length_to_copy);
6083	}
6084
6085	NECP_CLIENT_FLOW_LOG(client, flow_registration,
6086	"Collected stats - domain <%s> owner <%s> ctxt <%s> bundle id <%s> "
6087	"is_tracker %d is_non_app_initiated %d is_silent %d",
6088	domain_info->domain_name,
6089	domain_info->domain_owner,
6090	domain_info->domain_tracker_ctxt,
6091	domain_info->domain_attributed_bundle_id,
6092	domain_info->is_tracker,
6093	domain_info->is_non_app_initiated,
6094	domain_info->is_silent);
6095
6096	return sizeof(nstat_domain_info);
6097	}
6098
6099	static size_t
6100	necp_find_conn_extension_info(nstat_provider_context ctx,
6101	int requested_extension, / The extension to be returned /
6102	void buf, /* If not NULL, the address for extensions to be returned in /
6103	size_t buf_size) / The size of the buffer space, typically matching the return from a previous call with a NULL buf pointer /
6104	{
6105	// Note, the caller has guaranteed that any buffer has been zeroed, there is no need to clear it again
6106
6107	if (ctx == NULL) {
6108	return `0`;
6109	}
6110	struct necp_client client = (struct* necp_client *)ctx;
6111	switch (requested_extension) {
6112	case NSTAT_EXTENDED_UPDATE_TYPE_DOMAIN:
6113	// This is for completeness. The intent is that domain information can be extracted at user level from the TLV parameters
6114	if (buf == NULL) {
6115	return sizeof(nstat_domain_info);
6116	}
6117	if (buf_size < sizeof(nstat_domain_info)) {
6118	return `0`;
6119	}
6120	return necp_find_domain_info_common(client, parameters: client->parameters, parameters_size: client->parameters_length, NULL, domain_info: (nstat_domain_info *)buf);
6121
6122	case NSTAT_EXTENDED_UPDATE_TYPE_NECP_TLV: {
6123	size_t parameters_length = client->parameters_length;
6124	if (buf == NULL) {
6125	return parameters_length;
6126	}
6127	if (buf_size < parameters_length) {
6128	return `0`;
6129	}
6130	memcpy(dst: buf, src: client->parameters, n: parameters_length);
6131	return parameters_length;
6132	}
6133	case NSTAT_EXTENDED_UPDATE_TYPE_ORIGINAL_NECP_TLV:
6134	if (buf == NULL) {
6135	return (client->original_parameters_source != NULL) ? client->original_parameters_source->parameters_length : `0`;
6136	}
6137	if ((client->original_parameters_source == NULL) \|\| (buf_size < client->original_parameters_source->parameters_length)) {
6138	return `0`;
6139	}
6140	memcpy(dst: buf, src: client->original_parameters_source->parameters, n: client->original_parameters_source->parameters_length);
6141	return client->original_parameters_source->parameters_length;
6142
6143	case NSTAT_EXTENDED_UPDATE_TYPE_ORIGINAL_DOMAIN:
6144	if (buf == NULL) {
6145	return (client->original_parameters_source != NULL) ? sizeof(nstat_domain_info) : `0`;
6146	}
6147	if ((buf_size < sizeof(nstat_domain_info)) \|\| (client->original_parameters_source == NULL)) {
6148	return `0`;
6149	}
6150	return necp_find_domain_info_common(client, parameters: client->original_parameters_source->parameters, parameters_size: client->original_parameters_source->parameters_length,
6151	NULL, domain_info: (nstat_domain_info *)buf);
6152
6153	default:
6154	return `0`;
6155	}
6156	}
6157
6158	#if SKYWALK
6159
6160	static size_t
6161	necp_find_extension_info(userland_stats_provider_context *ctx,
6162	int requested_extension, / The extension to be returned /
6163	void buf, /* If not NULL, the address for extensions to be returned in /
6164	size_t buf_size) / The size of the buffer space, typically matching the return from a previous call with a NULL buf pointer /
6165	{
6166	if (ctx == NULL) {
6167	return `0`;
6168	}
6169	struct necp_client_flow_registration flow_registration = (struct* necp_client_flow_registration *)(uintptr_t)ctx;
6170	struct necp_client *client = flow_registration->client;
6171
6172	switch (requested_extension) {
6173	case NSTAT_EXTENDED_UPDATE_TYPE_DOMAIN:
6174	if (buf == NULL) {
6175	return sizeof(nstat_domain_info);
6176	}
6177	if (buf_size < sizeof(nstat_domain_info)) {
6178	return `0`;
6179	}
6180	return necp_find_domain_info_common(client, parameters: client->parameters, parameters_size: client->parameters_length, flow_registration, domain_info: (nstat_domain_info *)buf);
6181
6182	case NSTAT_EXTENDED_UPDATE_TYPE_NECP_TLV:
6183	if (buf == NULL) {
6184	return client->parameters_length;
6185	}
6186	if (buf_size < client->parameters_length) {
6187	return `0`;
6188	}
6189	memcpy(dst: buf, src: client->parameters, n: client->parameters_length);
6190	return client->parameters_length;
6191
6192	case NSTAT_EXTENDED_UPDATE_TYPE_FUUID:
6193	if (buf == NULL) {
6194	return sizeof(uuid_t);
6195	}
6196	if (buf_size < sizeof(uuid_t)) {
6197	return `0`;
6198	}
6199	uuid_copy(dst: buf, src: flow_registration->registration_id);
6200	return sizeof(uuid_t);
6201
6202	default:
6203	return `0`;
6204	}
6205	}
6206
6207	static void
6208	necp_find_netstat_data(struct necp_client *client,
6209	union necp_sockaddr_union *remote,
6210	pid_t *effective_pid,
6211	uid_t *uid,
6212	uuid_t euuid,
6213	uid_t *persona_id,
6214	u_int32_t *traffic_class,
6215	u_int8_t *fallback_mode)
6216	{
6217	bool have_set_euuid = false;
6218	size_t offset = `0`;
6219	u_int8_t *parameters;
6220	u_int32_t parameters_size;
6221
6222	parameters = client->parameters;
6223	parameters_size = (u_int32_t)client->parameters_length;
6224
6225	while ((offset + sizeof(struct necp_tlv_header)) <= parameters_size) {
6226	u_int8_t type = necp_buffer_get_tlv_type(buffer: parameters, tlv_offset: offset);
6227	u_int32_t length = necp_buffer_get_tlv_length(buffer: parameters, tlv_offset: offset);
6228
6229	if (length > (parameters_size - (offset + sizeof(struct necp_tlv_header)))) {
6230	// If the length is larger than what can fit in the remaining parameters size, bail
6231	NECPLOG(LOG_ERR, "Invalid TLV length (%u)", length);
6232	break;
6233	}
6234
6235	if (length > `0`) {
6236	u_int8_t *value = necp_buffer_get_tlv_value(buffer: parameters, tlv_offset: offset, NULL);
6237	if (value != NULL) {
6238	switch (type) {
6239	case NECP_CLIENT_PARAMETER_APPLICATION: {
6240	if (length >= sizeof(uuid_t)) {
6241	uuid_copy(dst: euuid, src: value);
6242	}
6243	break;
6244	}
6245	case NECP_CLIENT_PARAMETER_PID: {
6246	if (length >= sizeof(pid_t)) {
6247	memcpy(dst: effective_pid, src: value, n: sizeof(pid_t));
6248	}
6249	break;
6250	}
6251	case NECP_CLIENT_PARAMETER_TRAFFIC_CLASS: {
6252	if (length >= sizeof(u_int32_t)) {
6253	memcpy(dst: traffic_class, src: value, n: sizeof(u_int32_t));
6254	}
6255	break;
6256	}
6257	case NECP_CLIENT_PARAMETER_FALLBACK_MODE: {
6258	if (length >= sizeof(u_int8_t)) {
6259	memcpy(dst: fallback_mode, src: value, n: sizeof(u_int8_t));
6260	}
6261	break;
6262	}
6263	// It is an implementation quirk that the remote address can be found in the necp parameters
6264	// while the local address must be retrieved from the flowswitch
6265	case NECP_CLIENT_PARAMETER_REMOTE_ADDRESS: {
6266	if (length >= sizeof(struct necp_policy_condition_addr)) {
6267	struct necp_policy_condition_addr address_struct = (struct* necp_policy_condition_addr )(void* *)value;
6268	if (necp_client_address_is_valid(&address_struct->address.sa)) {
6269	memcpy(dst: remote, src: &address_struct->address, n: sizeof(address_struct->address));
6270	}
6271	}
6272	break;
6273	}
6274	case NECP_CLIENT_PARAMETER_APPLICATION_ID: {
6275	if (length >= sizeof(necp_application_id_t) && uid && persona_id) {
6276	necp_application_id_t application_id = (necp_application_id_t )(void *)value;
6277	memcpy(dst: uid, src: &application_id->uid, n: sizeof(uid_t));
6278	uuid_copy(dst: euuid, src: application_id->effective_uuid);
6279	memcpy(dst: persona_id, src: &application_id->persona_id, n: sizeof(uid_t));
6280	have_set_euuid = true;
6281	}
6282	break;
6283	}
6284	default: {
6285	break;
6286	}
6287	}
6288	}
6289	}
6290	offset += sizeof(struct necp_tlv_header) + length;
6291	}
6292
6293	if (!have_set_euuid) {
6294	proc_t proc = proc_find(pid: client->proc_pid);
6295	if (proc != PROC_NULL) {
6296	uuid_t responsible_uuid = { `0` };
6297	proc_getresponsibleuuid(proc, responsible_uuid, sizeof(responsible_uuid));
6298	proc_rele(p: proc);
6299	if (!uuid_is_null(uu: responsible_uuid)) {
6300	uuid_copy(dst: euuid, src: responsible_uuid);
6301	}
6302	}
6303	}
6304	}
6305
6306	static u_int64_t
6307	necp_find_netstat_initial_properties(struct necp_client *client)
6308	{
6309	size_t offset = `0`;
6310	u_int64_t retval = `0`;
6311	u_int8_t *parameters;
6312	u_int32_t parameters_size;
6313
6314	parameters = client->parameters;
6315	parameters_size = (u_int32_t)client->parameters_length;
6316
6317	while ((offset + sizeof(struct necp_tlv_header)) <= parameters_size) {
6318	u_int8_t type = necp_buffer_get_tlv_type(buffer: parameters, tlv_offset: offset);
6319	u_int32_t length = necp_buffer_get_tlv_length(buffer: parameters, tlv_offset: offset);
6320
6321	if (length > (parameters_size - (offset + sizeof(struct necp_tlv_header)))) {
6322	// If the length is larger than what can fit in the remaining parameters size, bail
6323	NECPLOG(LOG_ERR, "Invalid TLV length (%u)", length);
6324	break;
6325	}
6326
6327	if (type == NECP_CLIENT_PARAMETER_FLAGS) {
6328	u_int32_t policy_condition_client_flags;
6329	u_int8_t *value = necp_buffer_get_tlv_value(buffer: parameters, tlv_offset: offset, NULL);
6330	if ((value != NULL) && (length >= sizeof(policy_condition_client_flags))) {
6331	memcpy(dst: &policy_condition_client_flags, src: value, n: sizeof(policy_condition_client_flags));
6332	if (policy_condition_client_flags & NECP_CLIENT_PARAMETER_FLAG_LISTENER) {
6333	retval \|= NSTAT_SOURCE_IS_LISTENER;
6334	}
6335	if (policy_condition_client_flags & NECP_CLIENT_PARAMETER_FLAG_INBOUND) {
6336	retval \|= NSTAT_SOURCE_IS_INBOUND;
6337	}
6338	}
6339	break;
6340	}
6341	offset += sizeof(struct necp_tlv_header) + length;
6342	}
6343	if (retval == `0`) {
6344	retval = NSTAT_SOURCE_IS_OUTBOUND;
6345	}
6346	return retval;
6347	}
6348
6349	// Called from NetworkStatistics when it wishes to collect latest information for a TCP flow.
6350	// It is a responsibility of NetworkStatistics to have previously zeroed any supplied memory.
6351	static bool
6352	necp_request_tcp_netstats(userland_stats_provider_context *ctx,
6353	u_int32_t *ifflagsp,
6354	nstat_progress_digest *digestp,
6355	nstat_counts *countsp,
6356	void *metadatap)
6357	{
6358	if (ctx == NULL) {
6359	return false;
6360	}
6361
6362	struct necp_client_flow_registration flow_registration = (struct* necp_client_flow_registration *)(uintptr_t)ctx;
6363	struct necp_client *client = flow_registration->client;
6364	struct necp_all_stats ustats_kaddr = ((struct* necp_all_kstats *)flow_registration->kstats_kaddr)->necp_stats_ustats;
6365	struct necp_tcp_stats tcpstats = (struct* necp_tcp_stats *)ustats_kaddr;
6366	ASSERT(tcpstats != NULL);
6367
6368	u_int32_t nstat_diagnostic_flags = `0`;
6369
6370	// Retrieve details from the last time the assigned flows were updated
6371	u_int32_t route_ifindex = IFSCOPE_NONE;
6372	u_int32_t route_ifflags = NSTAT_IFNET_IS_UNKNOWN_TYPE;
6373	u_int64_t combined_interface_details = `0`;
6374
6375	combined_interface_details = os_atomic_load(&flow_registration->last_interface_details, relaxed);
6376	split_interface_details(combined_details: combined_interface_details, interface_index: &route_ifindex, interface_flags: &route_ifflags);
6377
6378	if (route_ifindex == IFSCOPE_NONE) {
6379	// Mark no interface
6380	nstat_diagnostic_flags \|= NSTAT_IFNET_ROUTE_VALUE_UNOBTAINABLE;
6381	route_ifflags = NSTAT_IFNET_IS_UNKNOWN_TYPE;
6382	NECPLOG(LOG_INFO, "req tcp stats, failed to get route details for pid %d curproc %d %s\n",
6383	client->proc_pid, proc_pid(current_proc()), proc_best_name(current_proc()));
6384	}
6385
6386	if (ifflagsp) {
6387	*ifflagsp = route_ifflags \| nstat_diagnostic_flags;
6388	if (tcpstats->necp_tcp_extra.flags1 & SOF1_CELLFALLBACK) {
6389	*ifflagsp \|= NSTAT_IFNET_VIA_CELLFALLBACK;
6390	}
6391	if ((digestp == NULL) && (countsp == NULL) && (metadatap == NULL)) {
6392	return true;
6393	}
6394	}
6395
6396	if (digestp) {
6397	// The digest is intended to give information that may help give insight into the state of the link
6398	// while avoiding the need to do the relatively expensive flowswitch lookup
6399	digestp->rxbytes = tcpstats->necp_tcp_counts.necp_stat_rxbytes;
6400	digestp->txbytes = tcpstats->necp_tcp_counts.necp_stat_txbytes;
6401	digestp->rxduplicatebytes = tcpstats->necp_tcp_counts.necp_stat_rxduplicatebytes;
6402	digestp->rxoutoforderbytes = tcpstats->necp_tcp_counts.necp_stat_rxoutoforderbytes;
6403	digestp->txretransmit = tcpstats->necp_tcp_counts.necp_stat_txretransmit;
6404	digestp->ifindex = route_ifindex;
6405	digestp->state = tcpstats->necp_tcp_extra.state;
6406	digestp->txunacked = tcpstats->necp_tcp_extra.txunacked;
6407	digestp->txwindow = tcpstats->necp_tcp_extra.txwindow;
6408	digestp->connstatus.probe_activated = tcpstats->necp_tcp_extra.probestatus.probe_activated;
6409	digestp->connstatus.write_probe_failed = tcpstats->necp_tcp_extra.probestatus.write_probe_failed;
6410	digestp->connstatus.read_probe_failed = tcpstats->necp_tcp_extra.probestatus.read_probe_failed;
6411	digestp->connstatus.conn_probe_failed = tcpstats->necp_tcp_extra.probestatus.conn_probe_failed;
6412
6413	if ((countsp == NULL) && (metadatap == NULL)) {
6414	return true;
6415	}
6416	}
6417
6418	const struct sk_stats_flow *sf = &flow_registration->nexus_stats->fs_stats;
6419	if (sf == NULL) {
6420	nstat_diagnostic_flags \|= NSTAT_IFNET_FLOWSWITCH_VALUE_UNOBTAINABLE;
6421	char namebuf[MAXCOMLEN + `1`];
6422	(void) strlcpy(dst: namebuf, src: "unknown", n: sizeof(namebuf));
6423	proc_name(pid: client->proc_pid, buf: namebuf, size: sizeof(namebuf));
6424	NECPLOG(LOG_ERR, "req tcp stats, necp_client flow_registration flow_stats missing for pid %d %s curproc %d %s\n",
6425	client->proc_pid, namebuf, proc_pid(current_proc()), proc_best_name(current_proc()));
6426	sf = &ntstat_sk_stats_zero;
6427	}
6428
6429	if (countsp) {
6430	countsp->nstat_rxbytes = tcpstats->necp_tcp_counts.necp_stat_rxbytes;
6431	countsp->nstat_txbytes = tcpstats->necp_tcp_counts.necp_stat_txbytes;
6432
6433	countsp->nstat_rxduplicatebytes = tcpstats->necp_tcp_counts.necp_stat_rxduplicatebytes;
6434	countsp->nstat_rxoutoforderbytes = tcpstats->necp_tcp_counts.necp_stat_rxoutoforderbytes;
6435	countsp->nstat_txretransmit = tcpstats->necp_tcp_counts.necp_stat_txretransmit;
6436
6437	countsp->nstat_min_rtt = tcpstats->necp_tcp_counts.necp_stat_min_rtt;
6438	countsp->nstat_avg_rtt = tcpstats->necp_tcp_counts.necp_stat_avg_rtt;
6439	countsp->nstat_var_rtt = tcpstats->necp_tcp_counts.necp_stat_var_rtt;
6440
6441	countsp->nstat_connectattempts = tcpstats->necp_tcp_extra.state >= TCPS_SYN_SENT ? `1` : `0`;
6442	countsp->nstat_connectsuccesses = tcpstats->necp_tcp_extra.state >= TCPS_ESTABLISHED ? `1` : `0`;
6443
6444	// Supplement what the user level has told us with what we know from the flowswitch
6445	countsp->nstat_rxpackets = sf->sf_ipackets;
6446	countsp->nstat_txpackets = sf->sf_opackets;
6447	if (route_ifflags & NSTAT_IFNET_IS_CELLULAR) {
6448	countsp->nstat_cell_rxbytes = sf->sf_ibytes;
6449	countsp->nstat_cell_txbytes = sf->sf_obytes;
6450	} else if (route_ifflags & NSTAT_IFNET_IS_WIFI) {
6451	countsp->nstat_wifi_rxbytes = sf->sf_ibytes;
6452	countsp->nstat_wifi_txbytes = sf->sf_obytes;
6453	} else if (route_ifflags & NSTAT_IFNET_IS_WIRED) {
6454	countsp->nstat_wired_rxbytes = sf->sf_ibytes;
6455	countsp->nstat_wired_txbytes = sf->sf_obytes;
6456	}
6457	}
6458
6459	if (metadatap) {
6460	nstat_tcp_descriptor desc = (nstat_tcp_descriptor )metadatap;
6461	memset(s: desc, c: `0`, n: sizeof(*desc));
6462
6463	// Metadata from the flow registration
6464	uuid_copy(dst: desc->fuuid, src: flow_registration->registration_id);
6465
6466	// Metadata that the necp client should have in TLV format.
6467	pid_t effective_pid = client->proc_pid;
6468	necp_find_netstat_data(client, remote: (union necp_sockaddr_union *)&desc->remote, effective_pid: &effective_pid, uid: &desc->uid, euuid: desc->euuid, persona_id: &desc->persona_id, traffic_class: &desc->traffic_class, fallback_mode: &desc->fallback_mode);
6469	desc->epid = (u_int32_t)effective_pid;
6470
6471	// Metadata from the flow registration
6472	// This needs to revisited if multiple flows are created from one flow registration
6473	struct necp_client_flow *flow = NULL;
6474	LIST_FOREACH(flow, &flow_registration->flow_list, flow_chain) {
6475	memcpy(dst: &desc->local, src: &flow->local_addr, n: sizeof(desc->local));
6476	break;
6477	}
6478
6479	// Metadata from the route
6480	desc->ifindex = route_ifindex;
6481	desc->ifnet_properties = route_ifflags \| nstat_diagnostic_flags;
6482	desc->ifnet_properties \|= (sf->sf_flags & SFLOWF_ONLINK) ? NSTAT_IFNET_IS_LOCAL : NSTAT_IFNET_IS_NON_LOCAL;
6483	if (tcpstats->necp_tcp_extra.flags1 & SOF1_CELLFALLBACK) {
6484	desc->ifnet_properties \|= NSTAT_IFNET_VIA_CELLFALLBACK;
6485	}
6486
6487	// Basic metadata from userland
6488	desc->rcvbufsize = tcpstats->necp_tcp_basic.rcvbufsize;
6489	desc->rcvbufused = tcpstats->necp_tcp_basic.rcvbufused;
6490
6491	// Additional TCP specific data
6492	desc->sndbufsize = tcpstats->necp_tcp_extra.sndbufsize;
6493	desc->sndbufused = tcpstats->necp_tcp_extra.sndbufused;
6494	desc->txunacked = tcpstats->necp_tcp_extra.txunacked;
6495	desc->txwindow = tcpstats->necp_tcp_extra.txwindow;
6496	desc->txcwindow = tcpstats->necp_tcp_extra.txcwindow;
6497	desc->traffic_mgt_flags = tcpstats->necp_tcp_extra.traffic_mgt_flags;
6498	desc->state = tcpstats->necp_tcp_extra.state;
6499
6500	u_int32_t cc_alg_index = tcpstats->necp_tcp_extra.cc_alg_index;
6501	if (cc_alg_index < TCP_CC_ALGO_COUNT) {
6502	strlcpy(dst: desc->cc_algo, src: tcp_cc_algo_list[cc_alg_index]->name, n: sizeof(desc->cc_algo));
6503	} else {
6504	strlcpy(dst: desc->cc_algo, src: "unknown", n: sizeof(desc->cc_algo));
6505	}
6506
6507	desc->connstatus.probe_activated = tcpstats->necp_tcp_extra.probestatus.probe_activated;
6508	desc->connstatus.write_probe_failed = tcpstats->necp_tcp_extra.probestatus.write_probe_failed;
6509	desc->connstatus.read_probe_failed = tcpstats->necp_tcp_extra.probestatus.read_probe_failed;
6510	desc->connstatus.conn_probe_failed = tcpstats->necp_tcp_extra.probestatus.conn_probe_failed;
6511
6512	memcpy(dst: &desc->activity_bitmap, src: &sf->sf_activity, n: sizeof(sf->sf_activity));
6513
6514	if (NECP_ENABLE_CLIENT_TRACE(NECP_CLIENT_TRACE_LEVEL_FLOW)) {
6515	uuid_string_t euuid_str = { `0` };
6516	uuid_unparse(uu: desc->euuid, out: euuid_str);
6517	NECPLOG(LOG_NOTICE, "Collected stats - TCP - epid %d uid %d euuid %s persona id %d", desc->epid, desc->uid, euuid_str, desc->persona_id);
6518	}
6519	}
6520
6521	return true;
6522	}
6523
6524	// Called from NetworkStatistics when it wishes to collect latest information for a UDP flow.
6525	static bool
6526	necp_request_udp_netstats(userland_stats_provider_context *ctx,
6527	u_int32_t *ifflagsp,
6528	nstat_progress_digest *digestp,
6529	nstat_counts *countsp,
6530	void *metadatap)
6531	{
6532	#pragma unused(digestp)
6533
6534	if (ctx == NULL) {
6535	return false;
6536	}
6537
6538	struct necp_client_flow_registration flow_registration = (struct* necp_client_flow_registration *)(uintptr_t)ctx;
6539	struct necp_client *client = flow_registration->client;
6540	struct necp_all_stats ustats_kaddr = ((struct* necp_all_kstats *)flow_registration->kstats_kaddr)->necp_stats_ustats;
6541	struct necp_udp_stats udpstats = (struct* necp_udp_stats *)ustats_kaddr;
6542	ASSERT(udpstats != NULL);
6543
6544	u_int32_t nstat_diagnostic_flags = `0`;
6545
6546	// Retrieve details from the last time the assigned flows were updated
6547	u_int32_t route_ifindex = IFSCOPE_NONE;
6548	u_int32_t route_ifflags = NSTAT_IFNET_IS_UNKNOWN_TYPE;
6549	u_int64_t combined_interface_details = `0`;
6550
6551	combined_interface_details = os_atomic_load(&flow_registration->last_interface_details, relaxed);
6552	split_interface_details(combined_details: combined_interface_details, interface_index: &route_ifindex, interface_flags: &route_ifflags);
6553
6554	if (route_ifindex == IFSCOPE_NONE) {
6555	// Mark no interface
6556	nstat_diagnostic_flags \|= NSTAT_IFNET_ROUTE_VALUE_UNOBTAINABLE;
6557	route_ifflags = NSTAT_IFNET_IS_UNKNOWN_TYPE;
6558	NECPLOG(LOG_INFO, "req udp stats, failed to get route details for pid %d curproc %d %s\n",
6559	client->proc_pid, proc_pid(current_proc()), proc_best_name(current_proc()));
6560	}
6561
6562	if (ifflagsp) {
6563	*ifflagsp = route_ifflags \| nstat_diagnostic_flags;
6564	if ((countsp == NULL) && (metadatap == NULL)) {
6565	return true;
6566	}
6567	}
6568	const struct sk_stats_flow *sf = &flow_registration->nexus_stats->fs_stats;
6569	if (sf == NULL) {
6570	nstat_diagnostic_flags \|= NSTAT_IFNET_FLOWSWITCH_VALUE_UNOBTAINABLE;
6571	char namebuf[MAXCOMLEN + `1`];
6572	(void) strlcpy(dst: namebuf, src: "unknown", n: sizeof(namebuf));
6573	proc_name(pid: client->proc_pid, buf: namebuf, size: sizeof(namebuf));
6574	NECPLOG(LOG_ERR, "req udp stats, necp_client flow_registration flow_stats missing for pid %d %s curproc %d %s\n",
6575	client->proc_pid, namebuf, proc_pid(current_proc()), proc_best_name(current_proc()));
6576	sf = &ntstat_sk_stats_zero;
6577	}
6578
6579	if (countsp) {
6580	countsp->nstat_rxbytes = udpstats->necp_udp_counts.necp_stat_rxbytes;
6581	countsp->nstat_txbytes = udpstats->necp_udp_counts.necp_stat_txbytes;
6582
6583	countsp->nstat_rxduplicatebytes = udpstats->necp_udp_counts.necp_stat_rxduplicatebytes;
6584	countsp->nstat_rxoutoforderbytes = udpstats->necp_udp_counts.necp_stat_rxoutoforderbytes;
6585	countsp->nstat_txretransmit = udpstats->necp_udp_counts.necp_stat_txretransmit;
6586
6587	countsp->nstat_min_rtt = udpstats->necp_udp_counts.necp_stat_min_rtt;
6588	countsp->nstat_avg_rtt = udpstats->necp_udp_counts.necp_stat_avg_rtt;
6589	countsp->nstat_var_rtt = udpstats->necp_udp_counts.necp_stat_var_rtt;
6590
6591	// Supplement what the user level has told us with what we know from the flowswitch
6592	countsp->nstat_rxpackets = sf->sf_ipackets;
6593	countsp->nstat_txpackets = sf->sf_opackets;
6594	if (route_ifflags & NSTAT_IFNET_IS_CELLULAR) {
6595	countsp->nstat_cell_rxbytes = sf->sf_ibytes;
6596	countsp->nstat_cell_txbytes = sf->sf_obytes;
6597	} else if (route_ifflags & NSTAT_IFNET_IS_WIFI) {
6598	countsp->nstat_wifi_rxbytes = sf->sf_ibytes;
6599	countsp->nstat_wifi_txbytes = sf->sf_obytes;
6600	} else if (route_ifflags & NSTAT_IFNET_IS_WIRED) {
6601	countsp->nstat_wired_rxbytes = sf->sf_ibytes;
6602	countsp->nstat_wired_txbytes = sf->sf_obytes;
6603	}
6604	}
6605
6606	if (metadatap) {
6607	nstat_udp_descriptor desc = (nstat_udp_descriptor )metadatap;
6608	memset(s: desc, c: `0`, n: sizeof(*desc));
6609
6610	// Metadata from the flow registration
6611	uuid_copy(dst: desc->fuuid, src: flow_registration->registration_id);
6612
6613	// Metadata that the necp client should have in TLV format.
6614	pid_t effective_pid = client->proc_pid;
6615	necp_find_netstat_data(client, remote: (union necp_sockaddr_union *)&desc->remote, effective_pid: &effective_pid, uid: &desc->uid, euuid: desc->euuid, persona_id: &desc->persona_id, traffic_class: &desc->traffic_class, fallback_mode: &desc->fallback_mode);
6616	desc->epid = (u_int32_t)effective_pid;
6617
6618	// Metadata from the flow registration
6619	// This needs to revisited if multiple flows are created from one flow registration
6620	struct necp_client_flow *flow = NULL;
6621	LIST_FOREACH(flow, &flow_registration->flow_list, flow_chain) {
6622	memcpy(dst: &desc->local, src: &flow->local_addr, n: sizeof(desc->local));
6623	break;
6624	}
6625
6626	// Metadata from the route
6627	desc->ifindex = route_ifindex;
6628	desc->ifnet_properties = route_ifflags \| nstat_diagnostic_flags;
6629	desc->ifnet_properties \|= (sf->sf_flags & SFLOWF_ONLINK) ? NSTAT_IFNET_IS_LOCAL : NSTAT_IFNET_IS_NON_LOCAL;
6630
6631	// Basic metadata is all that is required for UDP
6632	desc->rcvbufsize = udpstats->necp_udp_basic.rcvbufsize;
6633	desc->rcvbufused = udpstats->necp_udp_basic.rcvbufused;
6634
6635	memcpy(dst: &desc->activity_bitmap, src: &sf->sf_activity, n: sizeof(sf->sf_activity));
6636
6637	if (NECP_ENABLE_CLIENT_TRACE(NECP_CLIENT_TRACE_LEVEL_FLOW)) {
6638	uuid_string_t euuid_str = { `0` };
6639	uuid_unparse(uu: desc->euuid, out: euuid_str);
6640	NECPLOG(LOG_NOTICE, "Collected stats - UDP - epid %d uid %d euuid %s persona id %d", desc->epid, desc->uid, euuid_str, desc->persona_id);
6641	}
6642	}
6643
6644	return true;
6645	}
6646
6647	// Called from NetworkStatistics when it wishes to collect latest information for a QUIC flow.
6648	//
6649	// TODO: For now it is an exact implementation as that of TCP.
6650	// Still to keep the logic separate for future divergence, keeping the routines separate.
6651	// It also seems there are lots of common code between existing implementations and
6652	// it would be good to refactor this logic at some point.
6653	static bool
6654	necp_request_quic_netstats(userland_stats_provider_context *ctx,
6655	u_int32_t *ifflagsp,
6656	nstat_progress_digest *digestp,
6657	nstat_counts *countsp,
6658	void *metadatap)
6659	{
6660	if (ctx == NULL) {
6661	return false;
6662	}
6663
6664	struct necp_client_flow_registration flow_registration = (struct* necp_client_flow_registration *)(uintptr_t)ctx;
6665	struct necp_client *client = flow_registration->client;
6666	struct necp_all_stats ustats_kaddr = ((struct* necp_all_kstats *)flow_registration->kstats_kaddr)->necp_stats_ustats;
6667	struct necp_quic_stats quicstats = (struct* necp_quic_stats *)ustats_kaddr;
6668	ASSERT(quicstats != NULL);
6669
6670	u_int32_t nstat_diagnostic_flags = `0`;
6671
6672	// Retrieve details from the last time the assigned flows were updated
6673	u_int32_t route_ifindex = IFSCOPE_NONE;
6674	u_int32_t route_ifflags = NSTAT_IFNET_IS_UNKNOWN_TYPE;
6675	u_int64_t combined_interface_details = `0`;
6676
6677	combined_interface_details = os_atomic_load(&flow_registration->last_interface_details, relaxed);
6678	split_interface_details(combined_details: combined_interface_details, interface_index: &route_ifindex, interface_flags: &route_ifflags);
6679
6680	if (route_ifindex == IFSCOPE_NONE) {
6681	// Mark no interface
6682	nstat_diagnostic_flags \|= NSTAT_IFNET_ROUTE_VALUE_UNOBTAINABLE;
6683	route_ifflags = NSTAT_IFNET_IS_UNKNOWN_TYPE;
6684	NECPLOG(LOG_INFO, "req quic stats, failed to get route details for pid %d curproc %d %s\n",
6685	client->proc_pid, proc_pid(current_proc()), proc_best_name(current_proc()));
6686	}
6687
6688	if (ifflagsp) {
6689	*ifflagsp = route_ifflags \| nstat_diagnostic_flags;
6690	if ((digestp == NULL) && (countsp == NULL) && (metadatap == NULL)) {
6691	return true;
6692	}
6693	}
6694
6695	if (digestp) {
6696	// The digest is intended to give information that may help give insight into the state of the link
6697	// while avoiding the need to do the relatively expensive flowswitch lookup
6698	digestp->rxbytes = quicstats->necp_quic_counts.necp_stat_rxbytes;
6699	digestp->txbytes = quicstats->necp_quic_counts.necp_stat_txbytes;
6700	digestp->rxduplicatebytes = quicstats->necp_quic_counts.necp_stat_rxduplicatebytes;
6701	digestp->rxoutoforderbytes = quicstats->necp_quic_counts.necp_stat_rxoutoforderbytes;
6702	digestp->txretransmit = quicstats->necp_quic_counts.necp_stat_txretransmit;
6703	digestp->ifindex = route_ifindex;
6704	digestp->state = quicstats->necp_quic_extra.state;
6705	digestp->txunacked = quicstats->necp_quic_extra.txunacked;
6706	digestp->txwindow = quicstats->necp_quic_extra.txwindow;
6707	digestp->connstatus.probe_activated = quicstats->necp_quic_extra.probestatus.probe_activated;
6708	digestp->connstatus.write_probe_failed = quicstats->necp_quic_extra.probestatus.write_probe_failed;
6709	digestp->connstatus.read_probe_failed = quicstats->necp_quic_extra.probestatus.read_probe_failed;
6710	digestp->connstatus.conn_probe_failed = quicstats->necp_quic_extra.probestatus.conn_probe_failed;
6711
6712	if ((countsp == NULL) && (metadatap == NULL)) {
6713	return true;
6714	}
6715	}
6716
6717	const struct sk_stats_flow *sf = &flow_registration->nexus_stats->fs_stats;
6718	if (sf == NULL) {
6719	nstat_diagnostic_flags \|= NSTAT_IFNET_FLOWSWITCH_VALUE_UNOBTAINABLE;
6720	char namebuf[MAXCOMLEN + `1`];
6721	(void) strlcpy(dst: namebuf, src: "unknown", n: sizeof(namebuf));
6722	proc_name(pid: client->proc_pid, buf: namebuf, size: sizeof(namebuf));
6723	NECPLOG(LOG_ERR, "req quic stats, necp_client flow_registration flow_stats missing for pid %d %s curproc %d %s\n",
6724	client->proc_pid, namebuf, proc_pid(current_proc()), proc_best_name(current_proc()));
6725	sf = &ntstat_sk_stats_zero;
6726	}
6727
6728	if (countsp) {
6729	countsp->nstat_rxbytes = quicstats->necp_quic_counts.necp_stat_rxbytes;
6730	countsp->nstat_txbytes = quicstats->necp_quic_counts.necp_stat_txbytes;
6731
6732	countsp->nstat_rxduplicatebytes = quicstats->necp_quic_counts.necp_stat_rxduplicatebytes;
6733	countsp->nstat_rxoutoforderbytes = quicstats->necp_quic_counts.necp_stat_rxoutoforderbytes;
6734	countsp->nstat_txretransmit = quicstats->necp_quic_counts.necp_stat_txretransmit;
6735
6736	countsp->nstat_min_rtt = quicstats->necp_quic_counts.necp_stat_min_rtt;
6737	countsp->nstat_avg_rtt = quicstats->necp_quic_counts.necp_stat_avg_rtt;
6738	countsp->nstat_var_rtt = quicstats->necp_quic_counts.necp_stat_var_rtt;
6739
6740	// TODO: It would be good to expose QUIC stats for CH/SH retransmission and connection state
6741	// Supplement what the user level has told us with what we know from the flowswitch
6742	countsp->nstat_rxpackets = sf->sf_ipackets;
6743	countsp->nstat_txpackets = sf->sf_opackets;
6744	if (route_ifflags & NSTAT_IFNET_IS_CELLULAR) {
6745	countsp->nstat_cell_rxbytes = sf->sf_ibytes;
6746	countsp->nstat_cell_txbytes = sf->sf_obytes;
6747	} else if (route_ifflags & NSTAT_IFNET_IS_WIFI) {
6748	countsp->nstat_wifi_rxbytes = sf->sf_ibytes;
6749	countsp->nstat_wifi_txbytes = sf->sf_obytes;
6750	} else if (route_ifflags & NSTAT_IFNET_IS_WIRED) {
6751	countsp->nstat_wired_rxbytes = sf->sf_ibytes;
6752	countsp->nstat_wired_txbytes = sf->sf_obytes;
6753	}
6754	}
6755
6756	if (metadatap) {
6757	nstat_quic_descriptor desc = (nstat_quic_descriptor )metadatap;
6758	memset(s: desc, c: `0`, n: sizeof(*desc));
6759
6760	// Metadata from the flow registration
6761	uuid_copy(dst: desc->fuuid, src: flow_registration->registration_id);
6762
6763	// Metadata, that the necp client should have, in TLV format.
6764	pid_t effective_pid = client->proc_pid;
6765	necp_find_netstat_data(client, remote: (union necp_sockaddr_union *)&desc->remote, effective_pid: &effective_pid, uid: &desc->uid, euuid: desc->euuid, persona_id: &desc->persona_id, traffic_class: &desc->traffic_class, fallback_mode: &desc->fallback_mode);
6766	desc->epid = (u_int32_t)effective_pid;
6767
6768	// Metadata from the flow registration
6769	// This needs to revisited if multiple flows are created from one flow registration
6770	struct necp_client_flow *flow = NULL;
6771	LIST_FOREACH(flow, &flow_registration->flow_list, flow_chain) {
6772	memcpy(dst: &desc->local, src: &flow->local_addr, n: sizeof(desc->local));
6773	break;
6774	}
6775
6776	// Metadata from the route
6777	desc->ifindex = route_ifindex;
6778	desc->ifnet_properties = route_ifflags \| nstat_diagnostic_flags;
6779	desc->ifnet_properties \|= (sf->sf_flags & SFLOWF_ONLINK) ? NSTAT_IFNET_IS_LOCAL : NSTAT_IFNET_IS_NON_LOCAL;
6780
6781	// Basic metadata from userland
6782	desc->rcvbufsize = quicstats->necp_quic_basic.rcvbufsize;
6783	desc->rcvbufused = quicstats->necp_quic_basic.rcvbufused;
6784
6785	// Additional QUIC specific data
6786	desc->sndbufsize = quicstats->necp_quic_extra.sndbufsize;
6787	desc->sndbufused = quicstats->necp_quic_extra.sndbufused;
6788	desc->txunacked = quicstats->necp_quic_extra.txunacked;
6789	desc->txwindow = quicstats->necp_quic_extra.txwindow;
6790	desc->txcwindow = quicstats->necp_quic_extra.txcwindow;
6791	desc->traffic_mgt_flags = quicstats->necp_quic_extra.traffic_mgt_flags;
6792	desc->state = quicstats->necp_quic_extra.state;
6793
6794	// TODO: CC algo defines should be named agnostic of the protocol
6795	u_int32_t cc_alg_index = quicstats->necp_quic_extra.cc_alg_index;
6796	if (cc_alg_index < TCP_CC_ALGO_COUNT) {
6797	strlcpy(dst: desc->cc_algo, src: tcp_cc_algo_list[cc_alg_index]->name, n: sizeof(desc->cc_algo));
6798	} else {
6799	strlcpy(dst: desc->cc_algo, src: "unknown", n: sizeof(desc->cc_algo));
6800	}
6801
6802	memcpy(dst: &desc->activity_bitmap, src: &sf->sf_activity, n: sizeof(sf->sf_activity));
6803
6804	desc->connstatus.probe_activated = quicstats->necp_quic_extra.probestatus.probe_activated;
6805	desc->connstatus.write_probe_failed = quicstats->necp_quic_extra.probestatus.write_probe_failed;
6806	desc->connstatus.read_probe_failed = quicstats->necp_quic_extra.probestatus.read_probe_failed;
6807	desc->connstatus.conn_probe_failed = quicstats->necp_quic_extra.probestatus.conn_probe_failed;
6808
6809	if (NECP_ENABLE_CLIENT_TRACE(NECP_CLIENT_TRACE_LEVEL_FLOW)) {
6810	uuid_string_t euuid_str = { `0` };
6811	uuid_unparse(uu: desc->euuid, out: euuid_str);
6812	NECPLOG(LOG_NOTICE, "Collected stats - QUIC - epid %d uid %d euuid %s persona id %d", desc->epid, desc->uid, euuid_str, desc->persona_id);
6813	}
6814	}
6815	return true;
6816	}
6817
6818	#endif /* SKYWALK */
6819
6820	// Support functions for NetworkStatistics support for necp_client connections
6821
6822	static void
6823	necp_client_inherit_from_parent(
6824	struct necp_client *client,
6825	struct necp_client *parent)
6826	{
6827	assert(client->original_parameters_source == NULL);
6828
6829	if (parent->original_parameters_source != NULL) {
6830	client->original_parameters_source = parent->original_parameters_source;
6831	} else {
6832	client->original_parameters_source = parent;
6833	}
6834	necp_client_retain(client: client->original_parameters_source);
6835	}
6836
6837	static void
6838	necp_find_conn_netstat_data(struct necp_client *client,
6839	u_int32_t *ntstat_flags,
6840	pid_t *effective_pid,
6841	uuid_t puuid,
6842	uid_t *uid,
6843	uuid_t euuid,
6844	uid_t *persona_id)
6845	{
6846	bool has_remote_address = false;
6847	bool has_ip_protocol = false;
6848	bool has_transport_protocol = false;
6849	size_t offset = `0`;
6850	u_int8_t *parameters;
6851	u_int32_t parameters_size;
6852
6853
6854	parameters = client->parameters;
6855	parameters_size = (u_int32_t)client->parameters_length;
6856
6857	while ((offset + sizeof(struct necp_tlv_header)) <= parameters_size) {
6858	u_int8_t type = necp_buffer_get_tlv_type(buffer: parameters, tlv_offset: offset);
6859	u_int32_t length = necp_buffer_get_tlv_length(buffer: parameters, tlv_offset: offset);
6860
6861	if (length > (parameters_size - (offset + sizeof(struct necp_tlv_header)))) {
6862	// If the length is larger than what can fit in the remaining parameters size, bail
6863	NECPLOG(LOG_ERR, "Invalid TLV length (%u)", length);
6864	break;
6865	}
6866
6867	if (length > `0`) {
6868	u_int8_t *value = necp_buffer_get_tlv_value(buffer: parameters, tlv_offset: offset, NULL);
6869	if (value != NULL) {
6870	switch (type) {
6871	case NECP_CLIENT_PARAMETER_APPLICATION: {
6872	if ((euuid) && (length >= sizeof(uuid_t))) {
6873	uuid_copy(dst: euuid, src: value);
6874	}
6875	break;
6876	}
6877	case NECP_CLIENT_PARAMETER_IP_PROTOCOL: {
6878	if (length >= `1`) {
6879	has_ip_protocol = true;
6880	}
6881	break;
6882	}
6883	case NECP_CLIENT_PARAMETER_PID: {
6884	if ((effective_pid) && length >= sizeof(pid_t)) {
6885	memcpy(dst: effective_pid, src: value, n: sizeof(pid_t));
6886	}
6887	break;
6888	}
6889	case NECP_CLIENT_PARAMETER_PARENT_ID: {
6890	if ((puuid) && (length == sizeof(uuid_t))) {
6891	uuid_copy(dst: puuid, src: value);
6892	}
6893	break;
6894	}
6895	// It is an implementation quirk that the remote address can be found in the necp parameters
6896	case NECP_CLIENT_PARAMETER_REMOTE_ADDRESS: {
6897	if (length >= sizeof(struct necp_policy_condition_addr)) {
6898	struct necp_policy_condition_addr address_struct = (struct* necp_policy_condition_addr )(void* *)value;
6899	if (necp_client_address_is_valid(&address_struct->address.sa)) {
6900	has_remote_address = true;
6901	}
6902	}
6903	break;
6904	}
6905	case NECP_CLIENT_PARAMETER_TRANSPORT_PROTOCOL: {
6906	if (length >= `1`) {
6907	has_transport_protocol = true;
6908	}
6909	break;
6910	}
6911	case NECP_CLIENT_PARAMETER_APPLICATION_ID: {
6912	if (length >= sizeof(necp_application_id_t) && uid && persona_id) {
6913	necp_application_id_t application_id = (necp_application_id_t )(void *)value;
6914	memcpy(dst: uid, src: &application_id->uid, n: sizeof(uid_t));
6915	uuid_copy(dst: euuid, src: application_id->effective_uuid);
6916	memcpy(dst: persona_id, src: &application_id->persona_id, n: sizeof(uid_t));
6917	}
6918	break;
6919	}
6920	default: {
6921	break;
6922	}
6923	}
6924	}
6925	}
6926	offset += sizeof(struct necp_tlv_header) + length;
6927	}
6928	if (ntstat_flags) {
6929	*ntstat_flags = (has_remote_address && has_ip_protocol && has_transport_protocol)? NSTAT_NECP_CONN_HAS_NET_ACCESS: `0`;
6930	}
6931	}
6932
6933	static bool
6934	necp_request_conn_netstats(nstat_provider_context ctx,
6935	u_int32_t *ifflagsp,
6936	nstat_counts *countsp,
6937	void *metadatap)
6938	{
6939	if (ctx == NULL) {
6940	return false;
6941	}
6942	struct necp_client client = (struct* necp_client *)(uintptr_t)ctx;
6943	nstat_connection_descriptor desc = (nstat_connection_descriptor )metadatap;
6944
6945	if (ifflagsp) {
6946	necp_find_conn_netstat_data(client, ntstat_flags: ifflagsp, NULL, NULL, NULL, NULL, NULL);
6947	}
6948	if (countsp) {
6949	memset(s: countsp, c: `0`, n: sizeof(*countsp));
6950	}
6951	if (desc) {
6952	memset(s: desc, c: `0`, n: sizeof(*desc));
6953	// Metadata, that the necp client should have, in TLV format.
6954	pid_t effective_pid = client->proc_pid;
6955	necp_find_conn_netstat_data(client, ntstat_flags: &desc->ifnet_properties, effective_pid: &effective_pid, puuid: desc->puuid, uid: &desc->uid, euuid: desc->euuid, persona_id: &desc->persona_id);
6956	desc->epid = (u_int32_t)effective_pid;
6957
6958	// User level should obtain almost all connection information from an extension
6959	// leaving little to do here
6960	uuid_copy(dst: desc->fuuid, src: client->latest_flow_registration_id);
6961	uuid_copy(dst: desc->cuuid, src: client->client_id);
6962	}
6963	return true;
6964	}
6965
6966	static int
6967	necp_skywalk_priv_check_cred(proc_t p, kauth_cred_t cred)
6968	{
6969	#pragma unused(p, cred)
6970	#if SKYWALK
6971	/ This includes Nexus controller and Skywalk observer privs /
6972	return skywalk_nxctl_check_privileges(p, cred);
6973	#else /* !SKYWALK */
6974	return `0`;
6975	#endif /* !SKYWALK */
6976	}
6977
6978	/// System calls
6979
6980	int
6981	necp_open(struct proc p, struct* necp_open_args uap, int* *retval)
6982	{
6983	#pragma unused(retval)
6984	int error = `0`;
6985	struct necp_fd_data *fd_data = NULL;
6986	struct fileproc *fp = NULL;
6987	int fd = -`1`;
6988
6989	if (uap->flags & NECP_OPEN_FLAG_OBSERVER \|\|
6990	uap->flags & NECP_OPEN_FLAG_PUSH_OBSERVER) {
6991	if (necp_skywalk_priv_check_cred(p, cred: kauth_cred_get()) != `0` &&
6992	priv_check_cred(cred: kauth_cred_get(), PRIV_NET_PRIVILEGED_NETWORK_STATISTICS, flags: `0`) != `0`) {
6993	NECPLOG0(LOG_ERR, "Client does not hold necessary entitlement to observe other NECP clients");
6994	error = EACCES;
6995	goto done;
6996	}
6997	}
6998
6999	#if CONFIG_MACF
7000	error = mac_necp_check_open(proc: p, flags: uap->flags);
7001	if (error) {
7002	goto done;
7003	}
7004	#endif /* MACF */
7005
7006	error = falloc(p, &fp, &fd);
7007	if (error != `0`) {
7008	goto done;
7009	}
7010
7011	fd_data = kalloc_type(struct necp_fd_data, Z_WAITOK \| Z_ZERO \| Z_NOFAIL);
7012
7013	fd_data->necp_fd_type = necp_fd_type_client;
7014	fd_data->flags = uap->flags;
7015	RB_INIT(&fd_data->clients);
7016	RB_INIT(&fd_data->flows);
7017	TAILQ_INIT(&fd_data->update_list);
7018	lck_mtx_init(lck: &fd_data->fd_lock, grp: &necp_fd_mtx_grp, attr: &necp_fd_mtx_attr);
7019	klist_init(list: &fd_data->si.si_note);
7020	fd_data->proc_pid = proc_pid(p);
7021	#if SKYWALK
7022	LIST_INIT(&fd_data->stats_arena_list);
7023	#endif /* !SKYWALK */
7024
7025	fp->fp_flags \|= FP_CLOEXEC \| FP_CLOFORK;
7026	fp->fp_glob->fg_flag = FREAD;
7027	fp->fp_glob->fg_ops = &necp_fd_ops;
7028	fp_set_data(fp, fg_data: fd_data);
7029
7030	proc_fdlock(p);
7031
7032	procfdtbl_releasefd(p, fd, NULL);
7033	fp_drop(p, fd, fp, locked: `1`);
7034
7035	*retval = fd;
7036
7037	if (fd_data->flags & NECP_OPEN_FLAG_PUSH_OBSERVER) {
7038	NECP_OBSERVER_LIST_LOCK_EXCLUSIVE();
7039	LIST_INSERT_HEAD(&necp_fd_observer_list, fd_data, chain);
7040	OSIncrementAtomic(&necp_observer_fd_count);
7041	NECP_OBSERVER_LIST_UNLOCK();
7042
7043	// Walk all existing clients and add them
7044	NECP_CLIENT_TREE_LOCK_SHARED();
7045	struct necp_client *existing_client = NULL;
7046	RB_FOREACH(existing_client, _necp_client_global_tree, &necp_client_global_tree) {
7047	NECP_CLIENT_LOCK(existing_client);
7048	necp_client_update_observer_add_internal(observer_fd: fd_data, client: existing_client);
7049	necp_client_update_observer_update_internal(observer_fd: fd_data, client: existing_client);
7050	NECP_CLIENT_UNLOCK(existing_client);
7051	}
7052	NECP_CLIENT_TREE_UNLOCK();
7053	} else {
7054	NECP_FD_LIST_LOCK_EXCLUSIVE();
7055	LIST_INSERT_HEAD(&necp_fd_list, fd_data, chain);
7056	OSIncrementAtomic(&necp_client_fd_count);
7057	NECP_FD_LIST_UNLOCK();
7058	}
7059
7060	proc_fdunlock(p);
7061
7062	done:
7063	if (error != `0`) {
7064	if (fp != NULL) {
7065	fp_free(p, fd, fp);
7066	fp = NULL;
7067	}
7068	if (fd_data != NULL) {
7069	kfree_type(struct necp_fd_data, fd_data);
7070	}
7071	}
7072
7073	return error;
7074	}
7075
7076	// All functions called directly from necp_client_action() to handle one of the
7077	// types should be marked with NECP_CLIENT_ACTION_FUNCTION. This ensures that
7078	// necp_client_action() does not inline all the actions into a single function.
7079	#define NECP_CLIENT_ACTION_FUNCTION __attribute__((noinline))
7080
7081	static NECP_CLIENT_ACTION_FUNCTION int
7082	necp_client_add(struct proc p, struct* necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
7083	{
7084	int error = `0`;
7085	struct necp_client *client = NULL;
7086	const size_t buffer_size = uap->buffer_size;
7087
7088	if (fd_data->flags & NECP_OPEN_FLAG_PUSH_OBSERVER) {
7089	NECPLOG0(LOG_ERR, "NECP client observers with push enabled may not add their own clients");
7090	return EINVAL;
7091	}
7092
7093	if (uap->client_id == `0` \|\| uap->client_id_len != sizeof(uuid_t) \|\|
7094	buffer_size == `0` \|\| buffer_size > NECP_MAX_CLIENT_PARAMETERS_SIZE \|\| uap->buffer == `0`) {
7095	return EINVAL;
7096	}
7097
7098	client = kalloc_type(struct necp_client, Z_WAITOK \| Z_ZERO \| Z_NOFAIL);
7099	client->parameters = kalloc_data(buffer_size, Z_WAITOK \| Z_NOFAIL);
7100	client->parameters_length = buffer_size;
7101	lck_mtx_init(lck: &client->lock, grp: &necp_fd_mtx_grp, attr: &necp_fd_mtx_attr);
7102	lck_mtx_init(lck: &client->route_lock, grp: &necp_fd_mtx_grp, attr: &necp_fd_mtx_attr);
7103
7104	error = copyin(uap->buffer, client->parameters, buffer_size);
7105	if (error) {
7106	NECPLOG(LOG_ERR, "necp_client_add parameters copyin error (%d)", error);
7107	goto done;
7108	}
7109
7110	os_ref_init(&client->reference_count, &necp_client_refgrp); // Hold our reference until close
7111
7112	client->proc_pid = fd_data->proc_pid; // Save off proc pid in case the client will persist past fd
7113	client->agent_handle = (void *)fd_data;
7114	client->platform_binary = ((csproc_get_platform_binary(p) == `0`) ? `0` : `1`);
7115
7116	necp_generate_client_id(client_id: client->client_id, false);
7117	LIST_INIT(&client->assertion_list);
7118	RB_INIT(&client->flow_registrations);
7119
7120	NECP_CLIENT_LOG(client, "Adding client");
7121
7122	error = copyout(client->client_id, uap->client_id, sizeof(uuid_t));
7123	if (error) {
7124	NECPLOG(LOG_ERR, "necp_client_add client_id copyout error (%d)", error);
7125	goto done;
7126	}
7127
7128	#if SKYWALK
7129	struct necp_client_parsed_parameters parsed_parameters = {};
7130	int parse_error = necp_client_parse_parameters(client, parameters: client->parameters, parameters_size: (u_int32_t)client->parameters_length, parsed_parameters: &parsed_parameters);
7131
7132	if (parse_error == `0` &&
7133	((parsed_parameters.valid_fields & NECP_PARSED_PARAMETERS_FIELD_DELEGATED_UPID) \|\|
7134	(parsed_parameters.valid_fields & NECP_PARSED_PARAMETERS_FIELD_ATTRIBUTED_BUNDLE_IDENTIFIER))) {
7135	bool has_delegation_entitlement = (priv_check_cred(cred: kauth_cred_get(), PRIV_NET_PRIVILEGED_SOCKET_DELEGATE, flags: `0`) == `0`);
7136	if (!has_delegation_entitlement) {
7137	if (parsed_parameters.valid_fields & NECP_PARSED_PARAMETERS_FIELD_DELEGATED_UPID) {
7138	NECPLOG(LOG_ERR, "%s(%d) does not hold the necessary entitlement to delegate network traffic for other processes by upid",
7139	proc_name_address(p), proc_pid(p));
7140	}
7141	if (parsed_parameters.valid_fields & NECP_PARSED_PARAMETERS_FIELD_ATTRIBUTED_BUNDLE_IDENTIFIER) {
7142	NECPLOG(LOG_ERR, "%s(%d) does not hold the necessary entitlement to set attributed bundle identifier",
7143	proc_name_address(p), proc_pid(p));
7144	}
7145	error = EPERM;
7146	goto done;
7147	}
7148
7149	if (parsed_parameters.valid_fields & NECP_PARSED_PARAMETERS_FIELD_DELEGATED_UPID) {
7150	// Save off delegated unique PID
7151	client->delegated_upid = parsed_parameters.delegated_upid;
7152	}
7153	}
7154
7155	if (parse_error == `0` && parsed_parameters.flags & NECP_CLIENT_PARAMETER_FLAG_INTERPOSE) {
7156	bool has_nexus_entitlement = (necp_skywalk_priv_check_cred(p, cred: kauth_cred_get()) == `0`);
7157	if (!has_nexus_entitlement) {
7158	NECPLOG(LOG_ERR, "%s(%d) does not hold the necessary entitlement to open a custom nexus client",
7159	proc_name_address(p), proc_pid(p));
7160	error = EPERM;
7161	goto done;
7162	}
7163	}
7164
7165	if (parse_error == `0` && (parsed_parameters.flags &
7166	(NECP_CLIENT_PARAMETER_FLAG_CUSTOM_ETHER \| NECP_CLIENT_PARAMETER_FLAG_CUSTOM_IP))) {
7167	bool has_custom_protocol_entitlement = (priv_check_cred(cred: kauth_cred_get(), PRIV_NET_CUSTOM_PROTOCOL, flags: `0`) == `0`);
7168	if (!has_custom_protocol_entitlement) {
7169	NECPLOG(LOG_ERR, "%s(%d) does not hold the necessary entitlement for custom protocol APIs",
7170	proc_name_address(p), proc_pid(p));
7171	error = EPERM;
7172	goto done;
7173	}
7174	}
7175
7176	if (parse_error == `0` && parsed_parameters.flags & NECP_CLIENT_PARAMETER_FLAG_LISTENER &&
7177	(parsed_parameters.ip_protocol == IPPROTO_TCP \|\| parsed_parameters.ip_protocol == IPPROTO_UDP)) {
7178	uint32_t *netns_addr = NULL;
7179	uint8_t netns_addr_len = `0`;
7180	struct ns_flow_info flow_info = {};
7181	uint32_t netns_flags = NETNS_LISTENER;
7182	uuid_copy(dst: flow_info.nfi_flow_uuid, src: client->client_id);
7183	flow_info.nfi_protocol = parsed_parameters.ip_protocol;
7184	flow_info.nfi_owner_pid = client->proc_pid;
7185	if (parsed_parameters.valid_fields & NECP_PARSED_PARAMETERS_FIELD_EFFECTIVE_PID) {
7186	flow_info.nfi_effective_pid = parsed_parameters.effective_pid;
7187	} else {
7188	flow_info.nfi_effective_pid = flow_info.nfi_owner_pid;
7189	}
7190	proc_name(pid: flow_info.nfi_owner_pid, buf: flow_info.nfi_owner_name, MAXCOMLEN);
7191	proc_name(pid: flow_info.nfi_effective_pid, buf: flow_info.nfi_effective_name, MAXCOMLEN);
7192
7193	if (parsed_parameters.local_addr.sa.sa_family == AF_UNSPEC) {
7194	// Treat no local address as a wildcard IPv6
7195	// parsed_parameters is already initialized to all zeros
7196	parsed_parameters.local_addr.sin6.sin6_family = AF_INET6;
7197	parsed_parameters.local_addr.sin6.sin6_len = sizeof(struct sockaddr_in6);
7198	}
7199
7200	switch (parsed_parameters.local_addr.sa.sa_family) {
7201	case AF_INET: {
7202	memcpy(dst: &flow_info.nfi_laddr, src: &parsed_parameters.local_addr.sa, n: parsed_parameters.local_addr.sa.sa_len);
7203	netns_addr = (uint32_t *)&parsed_parameters.local_addr.sin.sin_addr;
7204	netns_addr_len = `4`;
7205	break;
7206	}
7207	case AF_INET6: {
7208	memcpy(dst: &flow_info.nfi_laddr, src: &parsed_parameters.local_addr.sa, n: parsed_parameters.local_addr.sa.sa_len);
7209	netns_addr = (uint32_t *)&parsed_parameters.local_addr.sin6.sin6_addr;
7210	netns_addr_len = `16`;
7211	break;
7212	}
7213
7214	default: {
7215	NECPLOG(LOG_ERR, "necp_client_add listener invalid address family (%d)", parsed_parameters.local_addr.sa.sa_family);
7216	error = EINVAL;
7217	goto done;
7218	}
7219	}
7220	if ((parsed_parameters.valid_fields & NECP_PARSED_PARAMETERS_FIELD_FLAGS) &&
7221	(parsed_parameters.flags & NECP_CLIENT_PARAMETER_FLAG_REUSE_LOCAL)) {
7222	netns_flags \|= NETNS_REUSEPORT;
7223	}
7224	if (parsed_parameters.local_addr.sin.sin_port == `0`) {
7225	error = netns_reserve_ephemeral(token: &client->port_reservation, addr: netns_addr, addr_len: netns_addr_len, proto: parsed_parameters.ip_protocol,
7226	port: &parsed_parameters.local_addr.sin.sin_port, flags: netns_flags, nfi: &flow_info);
7227	if (error) {
7228	NECPLOG(LOG_ERR, "necp_client_add netns_reserve_ephemeral error (%d)", error);
7229	goto done;
7230	}
7231
7232	// Update the parameter TLVs with the assigned port
7233	necp_client_update_local_port_parameters(parameters: client->parameters, parameters_size: (u_int32_t)client->parameters_length, local_port: parsed_parameters.local_addr.sin.sin_port);
7234	} else {
7235	error = netns_reserve(token: &client->port_reservation, addr: netns_addr, addr_len: netns_addr_len, proto: parsed_parameters.ip_protocol,
7236	port: parsed_parameters.local_addr.sin.sin_port, flags: netns_flags, nfi: &flow_info);
7237	if (error) {
7238	NECPLOG(LOG_ERR, "necp_client_add netns_reserve error (%d)", error);
7239	goto done;
7240	}
7241	}
7242	}
7243
7244	struct necp_client *parent = NULL;
7245	uuid_t parent_client_id;
7246	uuid_clear(uu: parent_client_id);
7247	struct necp_client_nexus_parameters parent_parameters = {};
7248	uint16_t num_flow_regs = `0`;
7249	if (parsed_parameters.valid_fields & NECP_PARSED_PARAMETERS_FIELD_PARENT_UUID) {
7250	// The parent "should" be found on fd_data without having to search across the whole necp_fd_list
7251	// It would be nice to do this a little further down where there's another instance of NECP_FD_LOCK
7252	// but the logic here depends on the parse paramters
7253	NECP_FD_LOCK(fd_data);
7254	parent = necp_client_fd_find_client_unlocked(client_fd: fd_data, client_id: parsed_parameters.parent_uuid);
7255	if (parent != NULL) {
7256	necp_client_inherit_from_parent(client, parent);
7257	necp_client_copy_parameters_locked(client, parameters: &parent_parameters);
7258	uuid_copy(dst: parent_client_id, src: parsed_parameters.parent_uuid);
7259	struct necp_client_flow_registration *flow_registration = NULL;
7260	RB_FOREACH(flow_registration, _necp_client_flow_tree, &parent->flow_registrations) {
7261	num_flow_regs++;
7262	}
7263	}
7264	NECP_FD_UNLOCK(fd_data);
7265	if (parent == NULL) {
7266	NECPLOG0(LOG_ERR, "necp_client_add, no necp_client_inherit_from_parent as can't find parent on fd_data");
7267	}
7268	}
7269	if (parse_error == `0` && parent != NULL && parsed_parameters.valid_fields & NECP_PARSED_PARAMETERS_FIELD_FLOW_DEMUX_PATTERN) {
7270	do {
7271	if (parsed_parameters.demux_patterns[`0`].len == `0`) {
7272	NECPLOG0(LOG_INFO, "necp_client_add, child does not have a demux pattern");
7273	break;
7274	}
7275
7276	if (uuid_is_null(uu: parent_client_id)) {
7277	NECPLOG0(LOG_INFO, "necp_client_add, parent ID is null");
7278	break;
7279	}
7280
7281	if (num_flow_regs > `1`) {
7282	NECPLOG0(LOG_INFO, "necp_client_add, multiple parent flows not supported");
7283	break;
7284	}
7285	if (parsed_parameters.ip_protocol != IPPROTO_UDP) {
7286	NECPLOG(LOG_INFO, "necp_client_add, flow demux pattern not supported for %d protocol",
7287	parsed_parameters.ip_protocol);
7288	break;
7289	}
7290	if (parsed_parameters.ip_protocol != parent_parameters.ip_protocol) {
7291	NECPLOG0(LOG_INFO, "necp_client_add, parent/child ip protocol mismatch");
7292	break;
7293	}
7294	if (parsed_parameters.local_addr.sa.sa_family != AF_INET && parsed_parameters.local_addr.sa.sa_family != AF_INET6) {
7295	NECPLOG(LOG_INFO, "necp_client_add, flow demux pattern not supported for %d family",
7296	parsed_parameters.local_addr.sa.sa_family);
7297	break;
7298	}
7299	if (parsed_parameters.local_addr.sa.sa_family != parsed_parameters.remote_addr.sa.sa_family) {
7300	NECPLOG0(LOG_INFO, "necp_client_add, local/remote address family mismatch");
7301	break;
7302	}
7303	if (parsed_parameters.local_addr.sa.sa_family != parent_parameters.local_addr.sa.sa_family) {
7304	NECPLOG0(LOG_INFO, "necp_client_add, parent/child address family mismatch");
7305	break;
7306	}
7307	if (memcmp(s1: &parsed_parameters.local_addr.sa, s2: &parent_parameters.local_addr.sa, n: parsed_parameters.local_addr.sa.sa_len)) {
7308	NECPLOG0(LOG_INFO, "necp_client_add, parent/child local address mismatch");
7309	break;
7310	}
7311	if (memcmp(s1: &parsed_parameters.remote_addr.sa, s2: &parent_parameters.remote_addr.sa, n: parsed_parameters.remote_addr.sa.sa_len)) {
7312	NECPLOG0(LOG_INFO, "necp_client_add, parent/child remote address mismatch");
7313	break;
7314	}
7315	if (parsed_parameters.local_addr.sin.sin_port != parent_parameters.local_addr.sin.sin_port) {
7316	NECPLOG0(LOG_INFO, "necp_client_add, parent/child local port mismatch");
7317	break;
7318	}
7319	if (parsed_parameters.remote_addr.sin.sin_port != parent_parameters.remote_addr.sin.sin_port) {
7320	NECPLOG0(LOG_INFO, "necp_client_add, parent/child remote port mismatch");
7321	break;
7322	}
7323	client->validated_parent = `1`;
7324	uuid_copy(dst: client->parent_client_id, src: parent_client_id);
7325	} while (false);
7326	}
7327
7328	#endif /* !SKYWALK */
7329
7330	necp_client_update_observer_add(client);
7331
7332	NECP_FD_LOCK(fd_data);
7333	RB_INSERT(_necp_client_tree, &fd_data->clients, client);
7334	OSIncrementAtomic(&necp_client_count);
7335	NECP_CLIENT_TREE_LOCK_EXCLUSIVE();
7336	RB_INSERT(_necp_client_global_tree, &necp_client_global_tree, client);
7337	NECP_CLIENT_TREE_UNLOCK();
7338
7339	// Prime the client result
7340	NECP_CLIENT_LOCK(client);
7341	(void)necp_update_client_result(proc: current_proc(), client_fd: fd_data, client, NULL);
7342	necp_client_retain_locked(client);
7343	NECP_CLIENT_UNLOCK(client);
7344	NECP_FD_UNLOCK(fd_data);
7345	// Now everything is set, it's safe to plumb this in to NetworkStatistics
7346	uint32_t ntstat_properties = `0`;
7347	necp_find_conn_netstat_data(client, ntstat_flags: &ntstat_properties, NULL, NULL, NULL, NULL, NULL);
7348
7349	client->nstat_context = nstat_provider_stats_open(ctx: (nstat_provider_context)client,
7350	provider_id: NSTAT_PROVIDER_CONN_USERLAND, properties: (u_int64_t)ntstat_properties, req_fn: necp_request_conn_netstats, req_extensions_fn: necp_find_conn_extension_info);
7351	necp_client_release(client);
7352	done:
7353	if (error != `0` && client != NULL) {
7354	necp_client_free(client);
7355	client = NULL;
7356	}
7357	*retval = error;
7358
7359	return error;
7360	}
7361
7362	static NECP_CLIENT_ACTION_FUNCTION int
7363	necp_client_claim(struct proc p, struct* necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
7364	{
7365	int error = `0`;
7366	uuid_t client_id = {};
7367	struct necp_client *client = NULL;
7368
7369	if (uap->client_id == `0` \|\| uap->client_id_len != sizeof(uuid_t)) {
7370	error = EINVAL;
7371	goto done;
7372	}
7373
7374	error = copyin(uap->client_id, client_id, sizeof(uuid_t));
7375	if (error) {
7376	NECPLOG(LOG_ERR, "necp_client_claim copyin client_id error (%d)", error);
7377	goto done;
7378	}
7379
7380	if (necp_client_id_is_flow(client_id)) {
7381	NECPLOG0(LOG_ERR, "necp_client_claim cannot claim from flow UUID");
7382	error = EINVAL;
7383	goto done;
7384	}
7385
7386	u_int64_t upid = proc_uniqueid(p);
7387
7388	NECP_FD_LIST_LOCK_SHARED();
7389
7390	struct necp_fd_data *find_fd = NULL;
7391	LIST_FOREACH(find_fd, &necp_fd_list, chain) {
7392	NECP_FD_LOCK(find_fd);
7393	struct necp_client *find_client = necp_client_fd_find_client_and_lock(client_fd: find_fd, client_id);
7394	if (find_client != NULL) {
7395	if (find_client->delegated_upid == upid &&
7396	RB_EMPTY(&find_client->flow_registrations)) {
7397	// Matched the client to claim; remove from the old fd
7398	client = find_client;
7399	RB_REMOVE(_necp_client_tree, &find_fd->clients, client);
7400	necp_client_retain_locked(client);
7401	}
7402	NECP_CLIENT_UNLOCK(find_client);
7403	}
7404	NECP_FD_UNLOCK(find_fd);
7405
7406	if (client != NULL) {
7407	break;
7408	}
7409	}
7410
7411	NECP_FD_LIST_UNLOCK();
7412
7413	if (client == NULL) {
7414	error = ENOENT;
7415	goto done;
7416	}
7417
7418	client->proc_pid = fd_data->proc_pid; // Transfer client to claiming pid
7419	client->agent_handle = (void *)fd_data;
7420	client->platform_binary = ((csproc_get_platform_binary(p) == `0`) ? `0` : `1`);
7421
7422	NECP_CLIENT_LOG(client, "Claiming client");
7423
7424	// Add matched client to our fd and re-run result
7425	NECP_FD_LOCK(fd_data);
7426	RB_INSERT(_necp_client_tree, &fd_data->clients, client);
7427	NECP_CLIENT_LOCK(client);
7428	(void)necp_update_client_result(proc: current_proc(), client_fd: fd_data, client, NULL);
7429	NECP_CLIENT_UNLOCK(client);
7430	NECP_FD_UNLOCK(fd_data);
7431
7432	necp_client_release(client);
7433
7434	done:
7435	*retval = error;
7436
7437	return error;
7438	}
7439
7440	static NECP_CLIENT_ACTION_FUNCTION int
7441	necp_client_remove(struct necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
7442	{
7443	int error = `0`;
7444	uuid_t client_id = {};
7445	struct ifnet_stats_per_flow flow_ifnet_stats = {};
7446	const size_t buffer_size = uap->buffer_size;
7447
7448	if (uap->client_id == `0` \|\| uap->client_id_len != sizeof(uuid_t)) {
7449	error = EINVAL;
7450	goto done;
7451	}
7452
7453	error = copyin(uap->client_id, client_id, sizeof(uuid_t));
7454	if (error) {
7455	NECPLOG(LOG_ERR, "necp_client_remove copyin client_id error (%d)", error);
7456	goto done;
7457	}
7458
7459	if (uap->buffer != `0` && buffer_size == sizeof(flow_ifnet_stats)) {
7460	error = copyin(uap->buffer, &flow_ifnet_stats, buffer_size);
7461	if (error) {
7462	NECPLOG(LOG_ERR, "necp_client_remove flow_ifnet_stats copyin error (%d)", error);
7463	// Not fatal; make sure to zero-out stats in case of partial copy
7464	memset(s: &flow_ifnet_stats, c: `0`, n: sizeof(flow_ifnet_stats));
7465	error = `0`;
7466	}
7467	} else if (uap->buffer != `0`) {
7468	NECPLOG(LOG_ERR, "necp_client_remove unexpected parameters length (%zu)", buffer_size);
7469	}
7470
7471	NECP_FD_LOCK(fd_data);
7472
7473	pid_t pid = fd_data->proc_pid;
7474	struct necp_client *client = necp_client_fd_find_client_unlocked(client_fd: fd_data, client_id);
7475
7476	NECP_CLIENT_LOG(client, "Removing client");
7477
7478	if (client != NULL) {
7479	// Remove any flow registrations that match
7480	struct necp_client_flow_registration *flow_registration = NULL;
7481	struct necp_client_flow_registration *temp_flow_registration = NULL;
7482	RB_FOREACH_SAFE(flow_registration, _necp_fd_flow_tree, &fd_data->flows, temp_flow_registration) {
7483	if (flow_registration->client == client) {
7484	#if SKYWALK
7485	necp_destroy_flow_stats(fd_data, flow_registration, NULL, TRUE);
7486	#endif /* SKYWALK */
7487	NECP_FLOW_TREE_LOCK_EXCLUSIVE();
7488	RB_REMOVE(_necp_client_flow_global_tree, &necp_client_flow_global_tree, flow_registration);
7489	NECP_FLOW_TREE_UNLOCK();
7490	RB_REMOVE(_necp_fd_flow_tree, &fd_data->flows, flow_registration);
7491	}
7492	}
7493	#if SKYWALK
7494	if (client->nstat_context != NULL) {
7495	// Main path, we expect stats to be in existance at this point
7496	nstat_provider_stats_close(nstat_ctx: client->nstat_context);
7497	client->nstat_context = NULL;
7498	} else {
7499	NECPLOG0(LOG_ERR, "necp_client_remove ntstat shutdown finds nstat_context NULL");
7500	}
7501	#endif /* SKYWALK */
7502	// Remove client from lists
7503	NECP_CLIENT_TREE_LOCK_EXCLUSIVE();
7504	RB_REMOVE(_necp_client_global_tree, &necp_client_global_tree, client);
7505	NECP_CLIENT_TREE_UNLOCK();
7506	RB_REMOVE(_necp_client_tree, &fd_data->clients, client);
7507	}
7508
7509	#if SKYWALK
7510	// If the currently-active arena is idle (has no more flows referring to it), or if there are defunct
7511	// arenas lingering in the list, schedule a threadcall to do the clean up. The idle check is done
7512	// by checking if the reference count is 3: one held by this client (will be released below when we
7513	// destroy it) when it's non-NULL; the rest held by stats_arena_{active,list}.
7514	if ((fd_data->stats_arena_active != NULL && fd_data->stats_arena_active->nai_use_count == `3`) \|\|
7515	(fd_data->stats_arena_active == NULL && !LIST_EMPTY(&fd_data->stats_arena_list))) {
7516	uint64_t deadline = `0`;
7517	uint64_t leeway = `0`;
7518	clock_interval_to_deadline(interval: necp_close_arenas_timeout_microseconds, NSEC_PER_USEC, result: &deadline);
7519	clock_interval_to_absolutetime_interval(interval: necp_close_arenas_timeout_leeway_microseconds, NSEC_PER_USEC, result: &leeway);
7520
7521	thread_call_enter_delayed_with_leeway(call: necp_close_empty_arenas_tcall, NULL,
7522	deadline, leeway, THREAD_CALL_DELAY_LEEWAY);
7523	}
7524	#endif /* SKYWALK */
7525
7526	NECP_FD_UNLOCK(fd_data);
7527
7528	if (client != NULL) {
7529	ASSERT(error == `0`);
7530	necp_destroy_client(client, pid, true);
7531	} else {
7532	error = ENOENT;
7533	NECPLOG(LOG_ERR, "necp_client_remove invalid client_id (%d)", error);
7534	}
7535	done:
7536	*retval = error;
7537
7538	return error;
7539	}
7540
7541	static struct necp_client_flow_registration *
7542	necp_client_fd_find_flow(struct necp_fd_data *client_fd, uuid_t flow_id)
7543	{
7544	NECP_FD_ASSERT_LOCKED(client_fd);
7545	struct necp_client_flow_registration *flow = NULL;
7546
7547	if (necp_client_id_is_flow(client_id: flow_id)) {
7548	struct necp_client_flow_registration find;
7549	uuid_copy(dst: find.registration_id, src: flow_id);
7550	flow = RB_FIND(_necp_fd_flow_tree, &client_fd->flows, &find);
7551	}
7552
7553	return flow;
7554	}
7555
7556	static NECP_CLIENT_ACTION_FUNCTION int
7557	necp_client_remove_flow(struct necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
7558	{
7559	int error = `0`;
7560	uuid_t flow_id = {};
7561	struct ifnet_stats_per_flow flow_ifnet_stats = {};
7562	const size_t buffer_size = uap->buffer_size;
7563
7564	if (uap->client_id == `0` \|\| uap->client_id_len != sizeof(uuid_t)) {
7565	error = EINVAL;
7566	NECPLOG(LOG_ERR, "necp_client_remove_flow invalid client_id (length %zu)", (size_t)uap->client_id_len);
7567	goto done;
7568	}
7569
7570	error = copyin(uap->client_id, flow_id, sizeof(uuid_t));
7571	if (error) {
7572	NECPLOG(LOG_ERR, "necp_client_remove_flow copyin client_id error (%d)", error);
7573	goto done;
7574	}
7575
7576	if (uap->buffer != `0` && buffer_size == sizeof(flow_ifnet_stats)) {
7577	error = copyin(uap->buffer, &flow_ifnet_stats, buffer_size);
7578	if (error) {
7579	NECPLOG(LOG_ERR, "necp_client_remove flow_ifnet_stats copyin error (%d)", error);
7580	// Not fatal
7581	}
7582	} else if (uap->buffer != `0`) {
7583	NECPLOG(LOG_ERR, "necp_client_remove unexpected parameters length (%zu)", buffer_size);
7584	}
7585
7586	NECP_FD_LOCK(fd_data);
7587	struct necp_client *client = NULL;
7588	struct necp_client_flow_registration *flow_registration = necp_client_fd_find_flow(client_fd: fd_data, flow_id);
7589	if (flow_registration != NULL) {
7590	#if SKYWALK
7591	// Cleanup stats per flow
7592	necp_destroy_flow_stats(fd_data, flow_registration, flow_ifnet_stats: &flow_ifnet_stats, TRUE);
7593	#endif /* SKYWALK */
7594	NECP_FLOW_TREE_LOCK_EXCLUSIVE();
7595	RB_REMOVE(_necp_client_flow_global_tree, &necp_client_flow_global_tree, flow_registration);
7596	NECP_FLOW_TREE_UNLOCK();
7597	RB_REMOVE(_necp_fd_flow_tree, &fd_data->flows, flow_registration);
7598
7599	client = flow_registration->client;
7600	if (client != NULL) {
7601	necp_client_retain(client);
7602	}
7603	}
7604	NECP_FD_UNLOCK(fd_data);
7605
7606	NECP_CLIENT_FLOW_LOG(client, flow_registration, "removing flow");
7607
7608	if (flow_registration != NULL && client != NULL) {
7609	NECP_CLIENT_LOCK(client);
7610	if (flow_registration->client == client) {
7611	necp_destroy_client_flow_registration(client, flow_registration, pid: fd_data->proc_pid, false);
7612	}
7613	necp_client_release_locked(client);
7614	NECP_CLIENT_UNLOCK(client);
7615	}
7616
7617	done:
7618	*retval = error;
7619	if (error != `0`) {
7620	NECPLOG(LOG_ERR, "Remove flow error (%d)", error);
7621	}
7622
7623	return error;
7624	}
7625
7626	// Don't inline the function since it includes necp_client_parsed_parameters on the stack
7627	static __attribute__((noinline)) int
7628	necp_client_check_tcp_heuristics(struct necp_client client, struct* necp_client_flow flow, u_int32_t flags, u_int8_t tfo_cookie, u_int8_t tfo_cookie_len)
7629	{
7630	struct necp_client_parsed_parameters parsed_parameters;
7631	int error = `0`;
7632
7633	error = necp_client_parse_parameters(client, parameters: client->parameters,
7634	parameters_size: (u_int32_t)client->parameters_length,
7635	parsed_parameters: &parsed_parameters);
7636	if (error) {
7637	NECPLOG(LOG_ERR, "necp_client_parse_parameters error (%d)", error);
7638	return error;
7639	}
7640
7641	if ((flow->remote_addr.sa.sa_family != AF_INET &&
7642	flow->remote_addr.sa.sa_family != AF_INET6) \|\|
7643	(flow->local_addr.sa.sa_family != AF_INET &&
7644	flow->local_addr.sa.sa_family != AF_INET6)) {
7645	return EINVAL;
7646	}
7647
7648	NECP_CLIENT_ROUTE_LOCK(client);
7649
7650	if (client->current_route == NULL) {
7651	error = ENOENT;
7652	goto do_unlock;
7653	}
7654
7655	bool check_ecn = false;
7656	do {
7657	if ((parsed_parameters.flags & NECP_CLIENT_PARAMETER_FLAG_ECN_ENABLE) ==
7658	NECP_CLIENT_PARAMETER_FLAG_ECN_ENABLE) {
7659	check_ecn = true;
7660	break;
7661	}
7662
7663	if ((parsed_parameters.flags & NECP_CLIENT_PARAMETER_FLAG_ECN_DISABLE) ==
7664	NECP_CLIENT_PARAMETER_FLAG_ECN_DISABLE) {
7665	break;
7666	}
7667
7668	if (client->current_route != NULL) {
7669	if (client->current_route->rt_ifp->if_eflags & IFEF_ECN_ENABLE) {
7670	check_ecn = true;
7671	break;
7672	}
7673	if (client->current_route->rt_ifp->if_eflags & IFEF_ECN_DISABLE) {
7674	break;
7675	}
7676	}
7677
7678	bool inbound = ((parsed_parameters.flags & NECP_CLIENT_PARAMETER_FLAG_LISTENER) == `0`);
7679	if ((inbound && tcp_ecn_inbound == `1`) \|\|
7680	(!inbound && tcp_ecn_outbound == `1`)) {
7681	check_ecn = true;
7682	}
7683	} while (false);
7684
7685	if (check_ecn) {
7686	if (tcp_heuristic_do_ecn_with_address(ifp: client->current_route->rt_ifp,
7687	local_address: (union sockaddr_in_4_6 *)&flow->local_addr)) {
7688	*flags \|= NECP_CLIENT_RESULT_FLAG_ECN_ENABLED;
7689	}
7690	}
7691
7692	if ((parsed_parameters.flags & NECP_CLIENT_PARAMETER_FLAG_TFO_ENABLE) ==
7693	NECP_CLIENT_PARAMETER_FLAG_TFO_ENABLE) {
7694	if (!tcp_heuristic_do_tfo_with_address(ifp: client->current_route->rt_ifp,
7695	local_address: (union sockaddr_in_4_6 *)&flow->local_addr,
7696	remote_address: (union sockaddr_in_4_6 *)&flow->remote_addr,
7697	cookie: tfo_cookie, cookie_len: tfo_cookie_len)) {
7698	*flags \|= NECP_CLIENT_RESULT_FLAG_FAST_OPEN_BLOCKED;
7699	*tfo_cookie_len = `0`;
7700	}
7701	} else {
7702	*flags \|= NECP_CLIENT_RESULT_FLAG_FAST_OPEN_BLOCKED;
7703	*tfo_cookie_len = `0`;
7704	}
7705	do_unlock:
7706	NECP_CLIENT_ROUTE_UNLOCK(client);
7707
7708	return error;
7709	}
7710
7711	static size_t
7712	necp_client_calculate_flow_tlv_size(struct necp_client_flow_registration *flow_registration)
7713	{
7714	size_t assigned_results_size = `0`;
7715	struct necp_client_flow *flow = NULL;
7716	LIST_FOREACH(flow, &flow_registration->flow_list, flow_chain) {
7717	if (flow->assigned \|\| !necp_client_endpoint_is_unspecified(endpoint: (struct necp_client_endpoint *)&flow->remote_addr)) {
7718	size_t header_length = `0`;
7719	if (flow->nexus) {
7720	header_length = sizeof(struct necp_client_nexus_flow_header);
7721	} else {
7722	header_length = sizeof(struct necp_client_flow_header);
7723	}
7724	assigned_results_size += (header_length + flow->assigned_results_length);
7725
7726	if (flow->has_protoctl_event) {
7727	assigned_results_size += sizeof(struct necp_client_flow_protoctl_event_header);
7728	}
7729	}
7730	}
7731	return assigned_results_size;
7732	}
7733
7734	static int
7735	necp_client_fillout_flow_tlvs(struct necp_client *client,
7736	bool client_is_observed,
7737	struct necp_client_flow_registration *flow_registration,
7738	struct necp_client_action_args *uap,
7739	size_t *assigned_results_cursor)
7740	{
7741	int error = `0`;
7742	struct necp_client_flow *flow = NULL;
7743	LIST_FOREACH(flow, &flow_registration->flow_list, flow_chain) {
7744	if (flow->assigned \|\| !necp_client_endpoint_is_unspecified(endpoint: (struct necp_client_endpoint *)&flow->remote_addr)) {
7745	// Write TLV headers
7746	struct necp_client_nexus_flow_header header = {};
7747	u_int32_t length = `0`;
7748	u_int32_t flags = `0`;
7749	u_int8_t tfo_cookie_len = `0`;
7750	u_int8_t type = `0`;
7751
7752	type = NECP_CLIENT_RESULT_FLOW_ID;
7753	length = sizeof(header.flow_header.flow_id);
7754	memcpy(dst: &header.flow_header.flow_id_tlv_header.type, src: &type, n: sizeof(type));
7755	memcpy(dst: &header.flow_header.flow_id_tlv_header.length, src: &length, n: sizeof(length));
7756	uuid_copy(dst: header.flow_header.flow_id, src: flow_registration->registration_id);
7757
7758	if (flow->nexus) {
7759	if (flow->check_tcp_heuristics) {
7760	u_int8_t tfo_cookie[NECP_TFO_COOKIE_LEN_MAX];
7761	tfo_cookie_len = NECP_TFO_COOKIE_LEN_MAX;
7762
7763	if (necp_client_check_tcp_heuristics(client, flow, flags: &flags,
7764	tfo_cookie, tfo_cookie_len: &tfo_cookie_len) != `0`) {
7765	tfo_cookie_len = `0`;
7766	} else {
7767	flow->check_tcp_heuristics = FALSE;
7768
7769	if (tfo_cookie_len != `0`) {
7770	type = NECP_CLIENT_RESULT_TFO_COOKIE;
7771	length = tfo_cookie_len;
7772	memcpy(dst: &header.tfo_cookie_tlv_header.type, src: &type, n: sizeof(type));
7773	memcpy(dst: &header.tfo_cookie_tlv_header.length, src: &length, n: sizeof(length));
7774	memcpy(dst: &header.tfo_cookie_value, src: tfo_cookie, n: tfo_cookie_len);
7775	}
7776	}
7777	}
7778	}
7779
7780	size_t header_length = `0`;
7781	if (flow->nexus) {
7782	if (tfo_cookie_len != `0`) {
7783	header_length = sizeof(struct necp_client_nexus_flow_header) - (NECP_TFO_COOKIE_LEN_MAX - tfo_cookie_len);
7784	} else {
7785	header_length = sizeof(struct necp_client_nexus_flow_header) - sizeof(struct necp_tlv_header) - NECP_TFO_COOKIE_LEN_MAX;
7786	}
7787	} else {
7788	header_length = sizeof(struct necp_client_flow_header);
7789	}
7790
7791	type = NECP_CLIENT_RESULT_FLAGS;
7792	length = sizeof(header.flow_header.flags_value);
7793	memcpy(dst: &header.flow_header.flags_tlv_header.type, src: &type, n: sizeof(type));
7794	memcpy(dst: &header.flow_header.flags_tlv_header.length, src: &length, n: sizeof(length));
7795	if (flow->assigned) {
7796	flags \|= NECP_CLIENT_RESULT_FLAG_FLOW_ASSIGNED;
7797	}
7798	if (flow->viable) {
7799	flags \|= NECP_CLIENT_RESULT_FLAG_FLOW_VIABLE;
7800	}
7801	if (flow_registration->defunct) {
7802	flags \|= NECP_CLIENT_RESULT_FLAG_DEFUNCT;
7803	}
7804	flags \|= flow->necp_flow_flags;
7805	memcpy(dst: &header.flow_header.flags_value, src: &flags, n: sizeof(flags));
7806
7807	type = NECP_CLIENT_RESULT_INTERFACE;
7808	length = sizeof(header.flow_header.interface_value);
7809	memcpy(dst: &header.flow_header.interface_tlv_header.type, src: &type, n: sizeof(type));
7810	memcpy(dst: &header.flow_header.interface_tlv_header.length, src: &length, n: sizeof(length));
7811
7812	struct necp_client_result_interface interface_struct;
7813	interface_struct.generation = `0`;
7814	interface_struct.index = flow->interface_index;
7815
7816	memcpy(dst: &header.flow_header.interface_value, src: &interface_struct, n: sizeof(interface_struct));
7817	if (flow->nexus) {
7818	type = NECP_CLIENT_RESULT_NETAGENT;
7819	length = sizeof(header.agent_value);
7820	memcpy(dst: &header.agent_tlv_header.type, src: &type, n: sizeof(type));
7821	memcpy(dst: &header.agent_tlv_header.length, src: &length, n: sizeof(length));
7822
7823	struct necp_client_result_netagent agent_struct;
7824	uuid_copy(dst: agent_struct.netagent_uuid, src: flow->u.nexus_agent);
7825	agent_struct.generation = netagent_get_generation(uuid: agent_struct.netagent_uuid);
7826
7827	memcpy(dst: &header.agent_value, src: &agent_struct, n: sizeof(agent_struct));
7828	}
7829
7830	// Don't include outer TLV header in length field
7831	type = NECP_CLIENT_RESULT_FLOW;
7832	length = (header_length - sizeof(struct necp_tlv_header) + flow->assigned_results_length);
7833	if (flow->has_protoctl_event) {
7834	length += sizeof(struct necp_client_flow_protoctl_event_header);
7835	}
7836	memcpy(dst: &header.flow_header.outer_header.type, src: &type, n: sizeof(type));
7837	memcpy(dst: &header.flow_header.outer_header.length, src: &length, n: sizeof(length));
7838
7839	error = copyout(&header, uap->buffer + client->result_length + *assigned_results_cursor, header_length);
7840	if (error) {
7841	NECPLOG(LOG_ERR, "necp_client_copy assigned results tlv_header copyout error (%d)", error);
7842	return error;
7843	}
7844	*assigned_results_cursor += header_length;
7845
7846	if (flow->assigned_results && flow->assigned_results_length) {
7847	// Write inner TLVs
7848	error = copyout(flow->assigned_results, uap->buffer + client->result_length + *assigned_results_cursor,
7849	flow->assigned_results_length);
7850	if (error) {
7851	NECPLOG(LOG_ERR, "necp_client_copy assigned results copyout error (%d)", error);
7852	return error;
7853	}
7854	}
7855	*assigned_results_cursor += flow->assigned_results_length;
7856
7857	/ Read the protocol event and reset it /
7858	if (flow->has_protoctl_event) {
7859	struct necp_client_flow_protoctl_event_header protoctl_event_header = {};
7860
7861	type = NECP_CLIENT_RESULT_PROTO_CTL_EVENT;
7862	length = sizeof(protoctl_event_header.protoctl_event);
7863
7864	memcpy(dst: &protoctl_event_header.protoctl_tlv_header.type, src: &type, n: sizeof(type));
7865	memcpy(dst: &protoctl_event_header.protoctl_tlv_header.length, src: &length, n: sizeof(length));
7866	memcpy(dst: &protoctl_event_header.protoctl_event, src: &flow->protoctl_event,
7867	n: sizeof(flow->protoctl_event));
7868
7869	error = copyout(&protoctl_event_header, uap->buffer + client->result_length + *assigned_results_cursor,
7870	sizeof(protoctl_event_header));
7871
7872	if (error) {
7873	NECPLOG(LOG_ERR, "necp_client_copy protocol control event results"
7874	" tlv_header copyout error (%d)", error);
7875	return error;
7876	}
7877	assigned_results_cursor += sizeof*(protoctl_event_header);
7878	flow->has_protoctl_event = FALSE;
7879	flow->protoctl_event.protoctl_event_code = `0`;
7880	flow->protoctl_event.protoctl_event_val = `0`;
7881	flow->protoctl_event.protoctl_event_tcp_seq_num = `0`;
7882	}
7883	}
7884	}
7885	if (!client_is_observed) {
7886	flow_registration->flow_result_read = TRUE;
7887	}
7888	return `0`;
7889	}
7890
7891	static int
7892	necp_client_copy_internal(struct necp_client client, uuid_t client_id, bool client_is_observed, struct* necp_client_action_args uap, int* *retval)
7893	{
7894	NECP_CLIENT_ASSERT_LOCKED(client);
7895	int error = `0`;
7896	// Copy results out
7897	if (uap->action == NECP_CLIENT_ACTION_COPY_PARAMETERS) {
7898	if (uap->buffer_size < client->parameters_length) {
7899	return EINVAL;
7900	}
7901	error = copyout(client->parameters, uap->buffer, client->parameters_length);
7902	if (error) {
7903	NECPLOG(LOG_ERR, "necp_client_copy parameters copyout error (%d)", error);
7904	return error;
7905	}
7906	*retval = client->parameters_length;
7907	} else if (uap->action == NECP_CLIENT_ACTION_COPY_UPDATED_RESULT &&
7908	client->result_read && client->group_members_read && !necp_client_has_unread_flows(client)) {
7909	// Copy updates only, but nothing to read
7910	// Just return 0 for bytes read
7911	*retval = `0`;
7912	} else if (uap->action == NECP_CLIENT_ACTION_COPY_RESULT \|\|
7913	uap->action == NECP_CLIENT_ACTION_COPY_UPDATED_RESULT) {
7914	size_t assigned_results_size = client->assigned_group_members_length;
7915
7916	bool some_flow_is_defunct = false;
7917	struct necp_client_flow_registration *single_flow_registration = NULL;
7918	if (necp_client_id_is_flow(client_id)) {
7919	single_flow_registration = necp_client_find_flow(client, flow_id: client_id);
7920	if (single_flow_registration != NULL) {
7921	assigned_results_size += necp_client_calculate_flow_tlv_size(flow_registration: single_flow_registration);
7922	}
7923	} else {
7924	// This request is for the client, so copy everything
7925	struct necp_client_flow_registration *flow_registration = NULL;
7926	RB_FOREACH(flow_registration, _necp_client_flow_tree, &client->flow_registrations) {
7927	if (flow_registration->defunct) {
7928	some_flow_is_defunct = true;
7929	}
7930	assigned_results_size += necp_client_calculate_flow_tlv_size(flow_registration);
7931	}
7932	}
7933	if (uap->buffer_size < (client->result_length + assigned_results_size)) {
7934	return EINVAL;
7935	}
7936
7937	u_int32_t original_flags = `0`;
7938	bool flags_updated = false;
7939	if (some_flow_is_defunct && client->legacy_client_is_flow) {
7940	// If our client expects the defunct flag in the client, add it now
7941	u_int32_t client_flags = `0`;
7942	u_int32_t value_size = `0`;
7943	u_int8_t *flags_pointer = necp_buffer_get_tlv_value(buffer: client->result, tlv_offset: `0`, value_size: &value_size);
7944	if (flags_pointer != NULL && value_size == sizeof(client_flags)) {
7945	memcpy(dst: &client_flags, src: flags_pointer, n: value_size);
7946	original_flags = client_flags;
7947	client_flags \|= NECP_CLIENT_RESULT_FLAG_DEFUNCT;
7948	(void)necp_buffer_write_tlv_if_different(cursor: client->result, NECP_CLIENT_RESULT_FLAGS,
7949	length: sizeof(client_flags), value: &client_flags, updated: &flags_updated,
7950	buffer: client->result, buffer_length: sizeof(client->result));
7951	}
7952	}
7953
7954	error = copyout(client->result, uap->buffer, client->result_length);
7955
7956	if (flags_updated) {
7957	// Revert stored flags
7958	(void)necp_buffer_write_tlv_if_different(cursor: client->result, NECP_CLIENT_RESULT_FLAGS,
7959	length: sizeof(original_flags), value: &original_flags, updated: &flags_updated,
7960	buffer: client->result, buffer_length: sizeof(client->result));
7961	}
7962
7963	if (error != `0`) {
7964	NECPLOG(LOG_ERR, "necp_client_copy result copyout error (%d)", error);
7965	return error;
7966	}
7967
7968	if (client->assigned_group_members != NULL && client->assigned_group_members_length > `0`) {
7969	error = copyout(client->assigned_group_members, uap->buffer + client->result_length, client->assigned_group_members_length);
7970	if (error != `0`) {
7971	NECPLOG(LOG_ERR, "necp_client_copy group members copyout error (%d)", error);
7972	return error;
7973	}
7974	}
7975
7976	size_t assigned_results_cursor = client->assigned_group_members_length; // Start with an offset based on the group members
7977	if (necp_client_id_is_flow(client_id)) {
7978	if (single_flow_registration != NULL) {
7979	error = necp_client_fillout_flow_tlvs(client, client_is_observed, flow_registration: single_flow_registration, uap, assigned_results_cursor: &assigned_results_cursor);
7980	if (error != `0`) {
7981	return error;
7982	}
7983	}
7984	} else {
7985	// This request is for the client, so copy everything
7986	struct necp_client_flow_registration *flow_registration = NULL;
7987	RB_FOREACH(flow_registration, _necp_client_flow_tree, &client->flow_registrations) {
7988	error = necp_client_fillout_flow_tlvs(client, client_is_observed, flow_registration, uap, assigned_results_cursor: &assigned_results_cursor);
7989	if (error != `0`) {
7990	return error;
7991	}
7992	}
7993	}
7994
7995	*retval = client->result_length + assigned_results_cursor;
7996
7997	if (!client_is_observed) {
7998	client->result_read = TRUE;
7999	client->group_members_read = TRUE;
8000	}
8001	}
8002
8003	return `0`;
8004	}
8005
8006	static NECP_CLIENT_ACTION_FUNCTION int
8007	necp_client_copy(struct necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
8008	{
8009	int error = `0`;
8010	struct necp_client *client = NULL;
8011	uuid_t client_id;
8012	uuid_clear(uu: client_id);
8013
8014	*retval = `0`;
8015
8016	if (uap->buffer_size == `0` \|\| uap->buffer == `0`) {
8017	return EINVAL;
8018	}
8019
8020	if (uap->action != NECP_CLIENT_ACTION_COPY_PARAMETERS &&
8021	uap->action != NECP_CLIENT_ACTION_COPY_RESULT &&
8022	uap->action != NECP_CLIENT_ACTION_COPY_UPDATED_RESULT) {
8023	return EINVAL;
8024	}
8025
8026	if (uap->client_id) {
8027	if (uap->client_id_len != sizeof(uuid_t)) {
8028	NECPLOG(LOG_ERR, "Incorrect length (got %zu, expected %zu)", (size_t)uap->client_id_len, sizeof(uuid_t));
8029	return ERANGE;
8030	}
8031
8032	error = copyin(uap->client_id, client_id, sizeof(uuid_t));
8033	if (error) {
8034	NECPLOG(LOG_ERR, "necp_client_copy client_id copyin error (%d)", error);
8035	return error;
8036	}
8037	}
8038
8039	const bool is_wildcard = (bool)uuid_is_null(uu: client_id);
8040
8041	NECP_FD_LOCK(fd_data);
8042
8043	bool send_in_process_flow_divert_message = false;
8044	if (is_wildcard) {
8045	if (uap->action == NECP_CLIENT_ACTION_COPY_RESULT \|\| uap->action == NECP_CLIENT_ACTION_COPY_UPDATED_RESULT) {
8046	struct necp_client *find_client = NULL;
8047	RB_FOREACH(find_client, _necp_client_tree, &fd_data->clients) {
8048	NECP_CLIENT_LOCK(find_client);
8049	if (!find_client->result_read \|\| !find_client->group_members_read \|\| necp_client_has_unread_flows(client: find_client)) {
8050	client = find_client;
8051	// Leave the client locked, and break
8052	break;
8053	}
8054	NECP_CLIENT_UNLOCK(find_client);
8055	}
8056
8057	if (client == NULL && fd_data->request_in_process_flow_divert) {
8058	// No client found that needs update. Check for an event requesting in-process flow divert.
8059	send_in_process_flow_divert_message = true;
8060	}
8061	}
8062	} else {
8063	client = necp_client_fd_find_client_and_lock(client_fd: fd_data, client_id);
8064	}
8065
8066	if (client != NULL) {
8067	if (!send_in_process_flow_divert_message) {
8068	// If client is set, it is locked
8069	error = necp_client_copy_internal(client, client_id, FALSE, uap, retval);
8070	}
8071	NECP_CLIENT_UNLOCK(client);
8072	}
8073
8074	if (send_in_process_flow_divert_message) {
8075	fd_data->request_in_process_flow_divert = false;
8076
8077	struct necp_tlv_header request_tlv = {
8078	.type = NECP_CLIENT_RESULT_REQUEST_IN_PROCESS_FLOW_DIVERT,
8079	.length = `0`,
8080	};
8081	if (uap->buffer_size < sizeof(request_tlv)) {
8082	error = EINVAL;
8083	} else {
8084	error = copyout(&request_tlv, uap->buffer, sizeof(request_tlv));
8085	if (error) {
8086	NECPLOG(LOG_ERR, "necp_client_copy request flow divert TLV copyout error (%d)", error);
8087	} else {
8088	retval = sizeof*(request_tlv);
8089	}
8090	}
8091	}
8092
8093	// Unlock our own fd before moving on or returning
8094	NECP_FD_UNLOCK(fd_data);
8095
8096	if (client == NULL && !send_in_process_flow_divert_message) {
8097	if (fd_data->flags & NECP_OPEN_FLAG_OBSERVER) {
8098	// Observers are allowed to lookup clients on other fds
8099
8100	// Lock tree
8101	NECP_CLIENT_TREE_LOCK_SHARED();
8102
8103	bool found_client = FALSE;
8104
8105	client = necp_find_client_and_lock(client_id);
8106	if (client != NULL) {
8107	// Matched, copy out data
8108	found_client = TRUE;
8109	error = necp_client_copy_internal(client, client_id, TRUE, uap, retval);
8110	NECP_CLIENT_UNLOCK(client);
8111	}
8112
8113	// Unlock tree
8114	NECP_CLIENT_TREE_UNLOCK();
8115
8116	// No client found, fail
8117	if (!found_client) {
8118	return ENOENT;
8119	}
8120	} else {
8121	// No client found, and not allowed to search other fds, fail
8122	return ENOENT;
8123	}
8124	}
8125
8126	return error;
8127	}
8128
8129	static NECP_CLIENT_ACTION_FUNCTION int
8130	necp_client_copy_client_update(struct necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
8131	{
8132	int error = `0`;
8133
8134	*retval = `0`;
8135
8136	if (!(fd_data->flags & NECP_OPEN_FLAG_PUSH_OBSERVER)) {
8137	NECPLOG0(LOG_ERR, "NECP fd is not observer, cannot copy client update");
8138	return EINVAL;
8139	}
8140
8141	if (uap->client_id_len != sizeof(uuid_t) \|\| uap->client_id == `0`) {
8142	NECPLOG0(LOG_ERR, "Client id invalid, cannot copy client update");
8143	return EINVAL;
8144	}
8145
8146	if (uap->buffer_size == `0` \|\| uap->buffer == `0`) {
8147	NECPLOG0(LOG_ERR, "Buffer invalid, cannot copy client update");
8148	return EINVAL;
8149	}
8150
8151	NECP_FD_LOCK(fd_data);
8152	struct necp_client_update *client_update = TAILQ_FIRST(&fd_data->update_list);
8153	if (client_update != NULL) {
8154	TAILQ_REMOVE(&fd_data->update_list, client_update, chain);
8155	VERIFY(fd_data->update_count > `0`);
8156	fd_data->update_count--;
8157	}
8158	NECP_FD_UNLOCK(fd_data);
8159
8160	if (client_update != NULL) {
8161	error = copyout(client_update->client_id, uap->client_id, sizeof(uuid_t));
8162	if (error) {
8163	NECPLOG(LOG_ERR, "Copy client update copyout client id error (%d)", error);
8164	} else {
8165	if (uap->buffer_size < client_update->update_length) {
8166	NECPLOG(LOG_ERR, "Buffer size cannot hold update (%zu < %zu)", (size_t)uap->buffer_size, client_update->update_length);
8167	error = EINVAL;
8168	} else {
8169	error = copyout(client_update->update, uap->buffer, client_update->update_length);
8170	if (error) {
8171	NECPLOG(LOG_ERR, "Copy client update copyout error (%d)", error);
8172	} else {
8173	*retval = client_update->update_length;
8174	}
8175	}
8176	}
8177
8178	necp_client_update_free(client_update);
8179	client_update = NULL;
8180	} else {
8181	error = ENOENT;
8182	}
8183
8184	return error;
8185	}
8186
8187	static int
8188	necp_client_copy_parameters_locked(struct necp_client *client,
8189	struct necp_client_nexus_parameters *parameters)
8190	{
8191	VERIFY(parameters != NULL);
8192
8193	struct necp_client_parsed_parameters parsed_parameters = {};
8194	int error = necp_client_parse_parameters(client, parameters: client->parameters, parameters_size: (u_int32_t)client->parameters_length, parsed_parameters: &parsed_parameters);
8195
8196	parameters->pid = client->proc_pid;
8197	if (parsed_parameters.valid_fields & NECP_PARSED_PARAMETERS_FIELD_EFFECTIVE_PID) {
8198	parameters->epid = parsed_parameters.effective_pid;
8199	} else {
8200	parameters->epid = parameters->pid;
8201	}
8202	#if SKYWALK
8203	parameters->port_reservation = client->port_reservation;
8204	#endif /* !SKYWALK */
8205	memcpy(dst: &parameters->local_addr, src: &parsed_parameters.local_addr, n: sizeof(parameters->local_addr));
8206	memcpy(dst: &parameters->remote_addr, src: &parsed_parameters.remote_addr, n: sizeof(parameters->remote_addr));
8207	parameters->ip_protocol = parsed_parameters.ip_protocol;
8208	if (parsed_parameters.valid_fields & NECP_PARSED_PARAMETERS_FIELD_TRANSPORT_PROTOCOL) {
8209	parameters->transport_protocol = parsed_parameters.transport_protocol;
8210	} else {
8211	parameters->transport_protocol = parsed_parameters.ip_protocol;
8212	}
8213	parameters->ethertype = parsed_parameters.ethertype;
8214	parameters->traffic_class = parsed_parameters.traffic_class;
8215	if (uuid_is_null(uu: client->override_euuid)) {
8216	uuid_copy(dst: parameters->euuid, src: parsed_parameters.effective_uuid);
8217	} else {
8218	uuid_copy(dst: parameters->euuid, src: client->override_euuid);
8219	}
8220	parameters->is_listener = (parsed_parameters.flags & NECP_CLIENT_PARAMETER_FLAG_LISTENER) ? `1` : `0`;
8221	parameters->is_interpose = (parsed_parameters.flags & NECP_CLIENT_PARAMETER_FLAG_INTERPOSE) ? `1` : `0`;
8222	parameters->is_custom_ether = (parsed_parameters.flags & NECP_CLIENT_PARAMETER_FLAG_CUSTOM_ETHER) ? `1` : `0`;
8223	parameters->policy_id = client->policy_id;
8224	parameters->skip_policy_id = client->skip_policy_id;
8225
8226	// parse client result flag
8227	u_int32_t client_result_flags = `0`;
8228	u_int32_t value_size = `0`;
8229	u_int8_t *flags_pointer = NULL;
8230	flags_pointer = necp_buffer_get_tlv_value(buffer: client->result, tlv_offset: `0`, value_size: &value_size);
8231	if (flags_pointer && value_size == sizeof(client_result_flags)) {
8232	memcpy(dst: &client_result_flags, src: flags_pointer, n: value_size);
8233	}
8234	parameters->allow_qos_marking = (client_result_flags & NECP_CLIENT_RESULT_FLAG_ALLOW_QOS_MARKING) ? `1` : `0`;
8235
8236	if (parsed_parameters.valid_fields & NECP_PARSED_PARAMETERS_FIELD_LOCAL_ADDR_PREFERENCE) {
8237	if (parsed_parameters.local_address_preference == NECP_CLIENT_PARAMETER_LOCAL_ADDRESS_PREFERENCE_DEFAULT) {
8238	parameters->override_address_selection = false;
8239	} else if (parsed_parameters.local_address_preference == NECP_CLIENT_PARAMETER_LOCAL_ADDRESS_PREFERENCE_TEMPORARY) {
8240	parameters->override_address_selection = true;
8241	parameters->use_stable_address = false;
8242	} else if (parsed_parameters.local_address_preference == NECP_CLIENT_PARAMETER_LOCAL_ADDRESS_PREFERENCE_STABLE) {
8243	parameters->override_address_selection = true;
8244	parameters->use_stable_address = true;
8245	}
8246	} else {
8247	parameters->override_address_selection = false;
8248	}
8249
8250	if ((parsed_parameters.valid_fields & NECP_PARSED_PARAMETERS_FIELD_FLAGS) &&
8251	(parsed_parameters.flags & NECP_CLIENT_PARAMETER_FLAG_NO_WAKE_FROM_SLEEP)) {
8252	parameters->no_wake_from_sleep = true;
8253	}
8254
8255	if ((parsed_parameters.valid_fields & NECP_PARSED_PARAMETERS_FIELD_FLAGS) &&
8256	(parsed_parameters.flags & NECP_CLIENT_PARAMETER_FLAG_REUSE_LOCAL)) {
8257	parameters->reuse_port = true;
8258	}
8259
8260	#if SKYWALK
8261	if (!parameters->is_listener) {
8262	if (parsed_parameters.valid_fields & NECP_PARSED_PARAMETERS_FIELD_FLOW_DEMUX_PATTERN) {
8263	if (parsed_parameters.demux_patterns[`0`].len == `0`) {
8264	parameters->is_demuxable_parent = `1`;
8265	} else {
8266	if (client->validated_parent) {
8267	ASSERT(!uuid_is_null(client->parent_client_id));
8268
8269	NECP_CLIENT_TREE_LOCK_SHARED();
8270	struct necp_client *parent = necp_find_client_and_lock(client_id: client->parent_client_id);
8271	if (parent != NULL) {
8272	struct necp_client_flow_registration *parent_flow_registration = NULL;
8273	RB_FOREACH(parent_flow_registration, _necp_client_flow_tree, &parent->flow_registrations) {
8274	uuid_copy(dst: parameters->parent_flow_uuid, src: parent_flow_registration->registration_id);
8275	break;
8276	}
8277
8278	NECP_CLIENT_UNLOCK(parent);
8279	}
8280	NECP_CLIENT_TREE_UNLOCK();
8281
8282	if (parsed_parameters.demux_pattern_count > `0`) {
8283	for (int i = `0`; i < parsed_parameters.demux_pattern_count; i++) {
8284	memcpy(dst: &parameters->demux_patterns[i], src: &parsed_parameters.demux_patterns[i], n: sizeof(struct necp_demux_pattern));
8285	}
8286	parameters->demux_pattern_count = parsed_parameters.demux_pattern_count;
8287	}
8288	}
8289	}
8290	}
8291	}
8292	#endif // SKYWALK
8293
8294	return error;
8295	}
8296
8297	static NECP_CLIENT_ACTION_FUNCTION int
8298	necp_client_list(struct necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
8299	{
8300	int error = `0`;
8301	struct necp_client *find_client = NULL;
8302	uuid_t *list = NULL;
8303	u_int32_t requested_client_count = `0`;
8304	u_int32_t client_count = `0`;
8305	size_t copy_buffer_size = `0`;
8306
8307	if (uap->buffer_size < sizeof(requested_client_count) \|\| uap->buffer == `0`) {
8308	error = EINVAL;
8309	goto done;
8310	}
8311
8312	if (!(fd_data->flags & NECP_OPEN_FLAG_OBSERVER)) {
8313	NECPLOG0(LOG_ERR, "Client does not hold necessary entitlement to list other NECP clients");
8314	error = EACCES;
8315	goto done;
8316	}
8317
8318	error = copyin(uap->buffer, &requested_client_count, sizeof(requested_client_count));
8319	if (error) {
8320	goto done;
8321	}
8322
8323	if (os_mul_overflow(sizeof(uuid_t), requested_client_count, &copy_buffer_size)) {
8324	error = ERANGE;
8325	goto done;
8326	}
8327
8328	if (uap->buffer_size - sizeof(requested_client_count) != copy_buffer_size) {
8329	error = EINVAL;
8330	goto done;
8331	}
8332
8333	if (copy_buffer_size > NECP_MAX_CLIENT_LIST_SIZE) {
8334	error = EINVAL;
8335	goto done;
8336	}
8337
8338	if (requested_client_count > `0`) {
8339	if ((list = (uuid_t*)kalloc_data(copy_buffer_size, Z_WAITOK \| Z_ZERO)) == NULL) {
8340	error = ENOMEM;
8341	goto done;
8342	}
8343	}
8344
8345	// Lock tree
8346	NECP_CLIENT_TREE_LOCK_SHARED();
8347
8348	find_client = NULL;
8349	RB_FOREACH(find_client, _necp_client_global_tree, &necp_client_global_tree) {
8350	NECP_CLIENT_LOCK(find_client);
8351	if (!uuid_is_null(uu: find_client->client_id)) {
8352	if (client_count < requested_client_count) {
8353	uuid_copy(dst: list[client_count], src: find_client->client_id);
8354	}
8355	client_count++;
8356	}
8357	NECP_CLIENT_UNLOCK(find_client);
8358	}
8359
8360	// Unlock tree
8361	NECP_CLIENT_TREE_UNLOCK();
8362
8363	error = copyout(&client_count, uap->buffer, sizeof(client_count));
8364	if (error) {
8365	NECPLOG(LOG_ERR, "necp_client_list buffer copyout error (%d)", error);
8366	goto done;
8367	}
8368
8369	if (requested_client_count > `0` &&
8370	client_count > `0` &&
8371	list != NULL) {
8372	error = copyout(list, uap->buffer + sizeof(client_count), copy_buffer_size);
8373	if (error) {
8374	NECPLOG(LOG_ERR, "necp_client_list client count copyout error (%d)", error);
8375	goto done;
8376	}
8377	}
8378	done:
8379	if (list != NULL) {
8380	kfree_data(list, copy_buffer_size);
8381	}
8382	*retval = error;
8383
8384	return error;
8385	}
8386
8387	static NECP_CLIENT_ACTION_FUNCTION int
8388	necp_client_add_flow(struct necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
8389	{
8390	int error = `0`;
8391	struct necp_client *client = NULL;
8392	uuid_t client_id;
8393	struct necp_client_nexus_parameters parameters = {};
8394	struct proc *proc = PROC_NULL;
8395	struct necp_client_add_flow *add_request = NULL;
8396	struct necp_client_add_flow *allocated_add_request = NULL;
8397	struct necp_client_add_flow_default default_add_request = {};
8398	const size_t buffer_size = uap->buffer_size;
8399
8400	if (uap->client_id == `0` \|\| uap->client_id_len != sizeof(uuid_t)) {
8401	error = EINVAL;
8402	NECPLOG(LOG_ERR, "necp_client_add_flow invalid client_id (length %zu)", (size_t)uap->client_id_len);
8403	goto done;
8404	}
8405
8406	if (uap->buffer == `0` \|\| buffer_size < sizeof(struct necp_client_add_flow) \|\|
8407	buffer_size > sizeof(struct necp_client_add_flow_default) * `4`) {
8408	error = EINVAL;
8409	NECPLOG(LOG_ERR, "necp_client_add_flow invalid buffer (length %zu)", buffer_size);
8410	goto done;
8411	}
8412
8413	error = copyin(uap->client_id, client_id, sizeof(uuid_t));
8414	if (error) {
8415	NECPLOG(LOG_ERR, "necp_client_add_flow copyin client_id error (%d)", error);
8416	goto done;
8417	}
8418
8419	if (buffer_size <= sizeof(struct necp_client_add_flow_default)) {
8420	// Fits in default size
8421	error = copyin(uap->buffer, &default_add_request, buffer_size);
8422	if (error) {
8423	NECPLOG(LOG_ERR, "necp_client_add_flow copyin default_add_request error (%d)", error);
8424	goto done;
8425	}
8426
8427	add_request = (struct necp_client_add_flow *)&default_add_request;
8428	} else {
8429	allocated_add_request = (struct necp_client_add_flow *)kalloc_data(buffer_size, Z_WAITOK \| Z_ZERO);
8430	if (allocated_add_request == NULL) {
8431	error = ENOMEM;
8432	goto done;
8433	}
8434
8435	error = copyin(uap->buffer, allocated_add_request, buffer_size);
8436	if (error) {
8437	NECPLOG(LOG_ERR, "necp_client_add_flow copyin default_add_request error (%d)", error);
8438	goto done;
8439	}
8440
8441	add_request = allocated_add_request;
8442	}
8443
8444	NECP_FD_LOCK(fd_data);
8445	pid_t pid = fd_data->proc_pid;
8446	proc = proc_find(pid);
8447	if (proc == PROC_NULL) {
8448	NECP_FD_UNLOCK(fd_data);
8449	NECPLOG(LOG_ERR, "necp_client_add_flow process not found for pid %d error (%d)", pid, error);
8450	error = ESRCH;
8451	goto done;
8452	}
8453
8454	client = necp_client_fd_find_client_and_lock(client_fd: fd_data, client_id);
8455	if (client == NULL) {
8456	error = ENOENT;
8457	NECP_FD_UNLOCK(fd_data);
8458	goto done;
8459	}
8460
8461	// Using ADD_FLOW indicates that the client supports multiple flows per client
8462	client->legacy_client_is_flow = false;
8463
8464	necp_client_retain_locked(client);
8465	necp_client_copy_parameters_locked(client, parameters: &parameters);
8466
8467	struct necp_client_flow_registration *new_registration = necp_client_create_flow_registration(fd_data, client);
8468	if (new_registration == NULL) {
8469	error = ENOMEM;
8470	NECP_CLIENT_UNLOCK(client);
8471	NECP_FD_UNLOCK(fd_data);
8472	NECPLOG0(LOG_ERR, "Failed to allocate flow registration");
8473	goto done;
8474	}
8475
8476	new_registration->flags = add_request->flags;
8477
8478	// Copy new ID out to caller
8479	uuid_copy(dst: add_request->registration_id, src: new_registration->registration_id);
8480
8481	NECP_CLIENT_FLOW_LOG(client, new_registration, "adding flow");
8482
8483	size_t trailer_offset = (sizeof(struct necp_client_add_flow) +
8484	add_request->stats_request_count * sizeof(struct necp_client_flow_stats));
8485
8486	// Copy override address
8487	struct sockaddr *override_address = NULL;
8488	if (add_request->flags & NECP_CLIENT_FLOW_FLAGS_OVERRIDE_ADDRESS) {
8489	size_t offset_of_address = trailer_offset;
8490	if (buffer_size >= offset_of_address + sizeof(struct sockaddr_in)) {
8491	override_address = (struct sockaddr )(((uint8_t )add_request) + offset_of_address);
8492	if (buffer_size >= offset_of_address + override_address->sa_len &&
8493	override_address->sa_len <= sizeof(parameters.remote_addr)) {
8494	memcpy(dst: &parameters.remote_addr, src: override_address, n: override_address->sa_len);
8495	trailer_offset += override_address->sa_len;
8496	} else {
8497	override_address = NULL;
8498	}
8499	}
8500	}
8501
8502	// Copy override IP protocol
8503	if (add_request->flags & NECP_CLIENT_FLOW_FLAGS_OVERRIDE_IP_PROTOCOL) {
8504	size_t offset_of_ip_protocol = trailer_offset;
8505	if (buffer_size >= offset_of_ip_protocol + sizeof(uint8_t)) {
8506	uint8_t ip_protocol_p = (uint8_t )(((uint8_t *)add_request) + offset_of_ip_protocol);
8507	memcpy(dst: &parameters.ip_protocol, src: ip_protocol_p, n: sizeof(uint8_t));
8508	}
8509	}
8510
8511	#if SKYWALK
8512	if (add_request->flags & NECP_CLIENT_FLOW_FLAGS_ALLOW_NEXUS) {
8513	void *assigned_results = NULL;
8514	size_t assigned_results_length = `0`;
8515	uint32_t interface_index = `0`;
8516
8517	// Validate that the nexus UUID is assigned
8518	bool found_nexus = false;
8519	for (u_int32_t option_i = `0`; option_i < client->interface_option_count; option_i++) {
8520	if (option_i < NECP_CLIENT_INTERFACE_OPTION_STATIC_COUNT) {
8521	struct necp_client_interface_option *option = &client->interface_options[option_i];
8522	if (uuid_compare(uu1: option->nexus_agent, uu2: add_request->agent_uuid) == `0`) {
8523	interface_index = option->interface_index;
8524	found_nexus = true;
8525	break;
8526	}
8527	} else {
8528	struct necp_client_interface_option *option = &client->extra_interface_options[option_i - NECP_CLIENT_INTERFACE_OPTION_STATIC_COUNT];
8529	if (uuid_compare(uu1: option->nexus_agent, uu2: add_request->agent_uuid) == `0`) {
8530	interface_index = option->interface_index;
8531	found_nexus = true;
8532	break;
8533	}
8534	}
8535	}
8536
8537	if (!found_nexus) {
8538	NECPLOG0(LOG_ERR, "Requested nexus not found");
8539	} else {
8540	necp_client_add_nexus_flow_if_needed(flow_registration: new_registration, nexus_agent: add_request->agent_uuid, interface_index);
8541
8542	error = netagent_client_message_with_params(agent_uuid: add_request->agent_uuid,
8543	necp_client_uuid: ((new_registration->flags & NECP_CLIENT_FLOW_FLAGS_USE_CLIENT_ID) ?
8544	client->client_id :
8545	new_registration->registration_id),
8546	pid, handle: client->agent_handle,
8547	NETAGENT_MESSAGE_TYPE_REQUEST_NEXUS,
8548	parameters: (struct necp_client_agent_parameters *)&parameters,
8549	assigned_results: &assigned_results, assigned_results_length: &assigned_results_length);
8550	if (error != `0`) {
8551	VERIFY(assigned_results == NULL);
8552	VERIFY(assigned_results_length == `0`);
8553	NECPLOG(LOG_ERR, "netagent_client_message error (%d)", error);
8554	} else if (assigned_results != NULL) {
8555	if (!necp_assign_client_result_locked(proc, client_fd: fd_data, client, flow_registration: new_registration, netagent_uuid: add_request->agent_uuid,
8556	assigned_results, assigned_results_length, false, false)) {
8557	kfree_data(assigned_results, assigned_results_length);
8558	}
8559	} else if (override_address != NULL) {
8560	// Save the overridden address in the flow. Find the correct flow,
8561	// and assign just the address TLV. Don't set the assigned flag.
8562	struct necp_client_flow *flow = NULL;
8563	LIST_FOREACH(flow, &new_registration->flow_list, flow_chain) {
8564	if (flow->nexus &&
8565	uuid_compare(uu1: flow->u.nexus_agent, uu2: add_request->agent_uuid) == `0`) {
8566	if (flow->assigned_results == NULL) {
8567	memcpy(dst: &flow->remote_addr, src: override_address, n: override_address->sa_len);
8568	uuid_t empty_uuid;
8569	uuid_clear(uu: empty_uuid);
8570	flow->assigned_results = necp_create_nexus_assign_message(nexus_instance: empty_uuid, nexus_port: `0`, NULL, key_length: `0`,
8571	local_endpoint: (struct necp_client_endpoint *)&flow->local_addr,
8572	remote_endpoint: (struct necp_client_endpoint *)&flow->remote_addr,
8573	NULL, flow_adv_index: `0`, NULL, message_length: &flow->assigned_results_length);
8574	}
8575	break;
8576	}
8577	}
8578	}
8579	}
8580	}
8581
8582	// Don't request stats if nexus creation fails
8583	if (error == `0` && add_request->stats_request_count > `0` && necp_arena_initialize(fd_data, true) == `0`) {
8584	struct necp_client_flow_stats stats_request = (struct* necp_client_flow_stats *)&add_request->stats_requests[`0`];
8585	struct necp_stats_bufreq bufreq = {};
8586
8587	NECP_CLIENT_FLOW_LOG(client, new_registration, "Initializing stats");
8588
8589	bufreq.necp_stats_bufreq_id = NECP_CLIENT_STATISTICS_BUFREQ_ID;
8590	bufreq.necp_stats_bufreq_type = stats_request->stats_type;
8591	bufreq.necp_stats_bufreq_ver = stats_request->stats_version;
8592	bufreq.necp_stats_bufreq_size = stats_request->stats_size;
8593	bufreq.necp_stats_bufreq_uaddr = stats_request->stats_addr;
8594	(void)necp_stats_initialize(fd_data, client, flow_registration: new_registration, bufreq: &bufreq);
8595	stats_request->stats_type = bufreq.necp_stats_bufreq_type;
8596	stats_request->stats_version = bufreq.necp_stats_bufreq_ver;
8597	stats_request->stats_size = bufreq.necp_stats_bufreq_size;
8598	stats_request->stats_addr = bufreq.necp_stats_bufreq_uaddr;
8599	}
8600	#endif /* !SKYWALK */
8601
8602	if (error == `0` &&
8603	(add_request->flags & NECP_CLIENT_FLOW_FLAGS_BROWSE \|\|
8604	add_request->flags & NECP_CLIENT_FLOW_FLAGS_RESOLVE)) {
8605	uint32_t interface_index = IFSCOPE_NONE;
8606	ifnet_head_lock_shared();
8607	struct ifnet *interface = NULL;
8608	TAILQ_FOREACH(interface, &ifnet_head, if_link) {
8609	ifnet_lock_shared(ifp: interface);
8610	if (interface->if_agentids != NULL) {
8611	for (u_int32_t i = `0`; i < interface->if_agentcount; i++) {
8612	if (uuid_compare(uu1: interface->if_agentids[i], uu2: add_request->agent_uuid) == `0`) {
8613	interface_index = interface->if_index;
8614	break;
8615	}
8616	}
8617	}
8618	ifnet_lock_done(ifp: interface);
8619	if (interface_index != IFSCOPE_NONE) {
8620	break;
8621	}
8622	}
8623	ifnet_head_done();
8624
8625	necp_client_add_nexus_flow_if_needed(flow_registration: new_registration, nexus_agent: add_request->agent_uuid, interface_index);
8626
8627	error = netagent_client_message_with_params(agent_uuid: add_request->agent_uuid,
8628	necp_client_uuid: ((new_registration->flags & NECP_CLIENT_FLOW_FLAGS_USE_CLIENT_ID) ?
8629	client->client_id :
8630	new_registration->registration_id),
8631	pid, handle: client->agent_handle,
8632	NETAGENT_MESSAGE_TYPE_CLIENT_ASSERT,
8633	parameters: (struct necp_client_agent_parameters *)&parameters,
8634	NULL, NULL);
8635	if (error != `0`) {
8636	NECPLOG(LOG_ERR, "netagent_client_message error (%d)", error);
8637	}
8638	}
8639
8640	if (error != `0`) {
8641	// Encountered an error in adding the flow, destroy the flow registration
8642	#if SKYWALK
8643	necp_destroy_flow_stats(fd_data, flow_registration: new_registration, NULL, false);
8644	#endif /* SKYWALK */
8645	NECP_FLOW_TREE_LOCK_EXCLUSIVE();
8646	RB_REMOVE(_necp_client_flow_global_tree, &necp_client_flow_global_tree, new_registration);
8647	NECP_FLOW_TREE_UNLOCK();
8648	RB_REMOVE(_necp_fd_flow_tree, &fd_data->flows, new_registration);
8649	necp_destroy_client_flow_registration(client, flow_registration: new_registration, pid: fd_data->proc_pid, true);
8650	new_registration = NULL;
8651	}
8652
8653	NECP_CLIENT_UNLOCK(client);
8654	NECP_FD_UNLOCK(fd_data);
8655
8656	necp_client_release(client);
8657
8658	if (error != `0`) {
8659	goto done;
8660	}
8661
8662	// Copy the request back out to the caller with assigned fields
8663	error = copyout(add_request, uap->buffer, buffer_size);
8664	if (error != `0`) {
8665	NECPLOG(LOG_ERR, "necp_client_add_flow copyout add_request error (%d)", error);
8666	}
8667
8668	done:
8669	*retval = error;
8670	if (error != `0`) {
8671	NECPLOG(LOG_ERR, "Add flow error (%d)", error);
8672	}
8673
8674	if (allocated_add_request != NULL) {
8675	kfree_data(allocated_add_request, buffer_size);
8676	}
8677
8678	if (proc != PROC_NULL) {
8679	proc_rele(p: proc);
8680	}
8681	return error;
8682	}
8683
8684	#if SKYWALK
8685
8686	static NECP_CLIENT_ACTION_FUNCTION int
8687	necp_client_request_nexus(struct necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
8688	{
8689	int error = `0`;
8690	struct necp_client *client = NULL;
8691	uuid_t client_id;
8692	struct necp_client_nexus_parameters parameters = {};
8693	struct proc *proc = PROC_NULL;
8694	const size_t buffer_size = uap->buffer_size;
8695
8696	if (uap->client_id == `0` \|\| uap->client_id_len != sizeof(uuid_t)) {
8697	error = EINVAL;
8698	goto done;
8699	}
8700
8701	error = copyin(uap->client_id, client_id, sizeof(uuid_t));
8702	if (error) {
8703	NECPLOG(LOG_ERR, "necp_client_request_nexus copyin client_id error (%d)", error);
8704	goto done;
8705	}
8706
8707	NECP_FD_LOCK(fd_data);
8708	pid_t pid = fd_data->proc_pid;
8709	proc = proc_find(pid);
8710	if (proc == PROC_NULL) {
8711	NECP_FD_UNLOCK(fd_data);
8712	NECPLOG(LOG_ERR, "necp_client_request_nexus process not found for pid %d error (%d)", pid, error);
8713	error = ESRCH;
8714	goto done;
8715	}
8716
8717	client = necp_client_fd_find_client_and_lock(client_fd: fd_data, client_id);
8718	if (client == NULL) {
8719	NECP_FD_UNLOCK(fd_data);
8720	error = ENOENT;
8721	goto done;
8722	}
8723
8724	// Using REQUEST_NEXUS indicates that the client only supports one flow per client
8725	client->legacy_client_is_flow = true;
8726
8727	necp_client_retain_locked(client);
8728	necp_client_copy_parameters_locked(client, parameters: &parameters);
8729
8730	do {
8731	void *assigned_results = NULL;
8732	size_t assigned_results_length = `0`;
8733	uuid_t nexus_uuid;
8734	uint32_t interface_index = `0`;
8735
8736	// Validate that the nexus UUID is assigned
8737	bool found_nexus = false;
8738	for (u_int32_t option_i = `0`; option_i < client->interface_option_count; option_i++) {
8739	if (option_i < NECP_CLIENT_INTERFACE_OPTION_STATIC_COUNT) {
8740	struct necp_client_interface_option *option = &client->interface_options[option_i];
8741	if (!uuid_is_null(uu: option->nexus_agent)) {
8742	uuid_copy(dst: nexus_uuid, src: option->nexus_agent);
8743	interface_index = option->interface_index;
8744	found_nexus = true;
8745	break;
8746	}
8747	} else {
8748	struct necp_client_interface_option *option = &client->extra_interface_options[option_i - NECP_CLIENT_INTERFACE_OPTION_STATIC_COUNT];
8749	if (!uuid_is_null(uu: option->nexus_agent)) {
8750	uuid_copy(dst: nexus_uuid, src: option->nexus_agent);
8751	interface_index = option->interface_index;
8752	found_nexus = true;
8753	break;
8754	}
8755	}
8756	}
8757
8758	if (!found_nexus) {
8759	NECP_CLIENT_UNLOCK(client);
8760	NECP_FD_UNLOCK(fd_data);
8761	necp_client_release(client);
8762	// Break the loop
8763	error = ENETDOWN;
8764	goto done;
8765	}
8766
8767	struct necp_client_flow_registration *new_registration = necp_client_create_flow_registration(fd_data, client);
8768	if (new_registration == NULL) {
8769	error = ENOMEM;
8770	NECP_CLIENT_UNLOCK(client);
8771	NECP_FD_UNLOCK(fd_data);
8772	necp_client_release(client);
8773	NECPLOG0(LOG_ERR, "Failed to allocate flow registration");
8774	goto done;
8775	}
8776
8777	new_registration->flags = (NECP_CLIENT_FLOW_FLAGS_ALLOW_NEXUS \| NECP_CLIENT_FLOW_FLAGS_USE_CLIENT_ID);
8778
8779	necp_client_add_nexus_flow_if_needed(flow_registration: new_registration, nexus_agent: nexus_uuid, interface_index);
8780
8781	// Note: Any clients using "request_nexus" are not flow-registration aware.
8782	// Register the Client ID rather than the Registration ID with the nexus, since
8783	// the client will send traffic based on the client ID.
8784	error = netagent_client_message_with_params(agent_uuid: nexus_uuid,
8785	necp_client_uuid: ((new_registration->flags & NECP_CLIENT_FLOW_FLAGS_USE_CLIENT_ID) ?
8786	client->client_id :
8787	new_registration->registration_id),
8788	pid, handle: client->agent_handle,
8789	NETAGENT_MESSAGE_TYPE_REQUEST_NEXUS,
8790	parameters: (struct necp_client_agent_parameters *)&parameters,
8791	assigned_results: &assigned_results, assigned_results_length: &assigned_results_length);
8792	if (error) {
8793	NECP_CLIENT_UNLOCK(client);
8794	NECP_FD_UNLOCK(fd_data);
8795	necp_client_release(client);
8796	VERIFY(assigned_results == NULL);
8797	VERIFY(assigned_results_length == `0`);
8798	NECPLOG(LOG_ERR, "netagent_client_message error (%d)", error);
8799	goto done;
8800	}
8801
8802	if (assigned_results != NULL) {
8803	if (!necp_assign_client_result_locked(proc, client_fd: fd_data, client, flow_registration: new_registration, netagent_uuid: nexus_uuid,
8804	assigned_results, assigned_results_length, false, false)) {
8805	kfree_data(assigned_results, assigned_results_length);
8806	}
8807	}
8808
8809	if (uap->buffer != `0` && buffer_size == sizeof(struct necp_stats_bufreq) &&
8810	necp_arena_initialize(fd_data, true) == `0`) {
8811	struct necp_stats_bufreq bufreq = {};
8812	int copy_error = copyin(uap->buffer, &bufreq, buffer_size);
8813	if (copy_error) {
8814	NECPLOG(LOG_ERR, "necp_client_request_nexus copyin bufreq error (%d)", copy_error);
8815	} else {
8816	(void)necp_stats_initialize(fd_data, client, flow_registration: new_registration, bufreq: &bufreq);
8817	copy_error = copyout(&bufreq, uap->buffer, buffer_size);
8818	if (copy_error != `0`) {
8819	NECPLOG(LOG_ERR, "necp_client_request_nexus copyout bufreq error (%d)", copy_error);
8820	}
8821	}
8822	}
8823	} while (false);
8824
8825	NECP_CLIENT_UNLOCK(client);
8826	NECP_FD_UNLOCK(fd_data);
8827
8828	necp_client_release(client);
8829
8830	done:
8831	*retval = error;
8832	if (error != `0`) {
8833	NECPLOG(LOG_ERR, "Request nexus error (%d)", error);
8834	}
8835
8836	if (proc != PROC_NULL) {
8837	proc_rele(p: proc);
8838	}
8839	return error;
8840	}
8841	#endif /* !SKYWALK */
8842
8843	static void
8844	necp_client_add_assertion(struct necp_client *client, uuid_t netagent_uuid)
8845	{
8846	struct necp_client_assertion *new_assertion = NULL;
8847
8848	new_assertion = kalloc_type(struct necp_client_assertion,
8849	Z_WAITOK \| Z_NOFAIL);
8850
8851	uuid_copy(dst: new_assertion->asserted_netagent, src: netagent_uuid);
8852
8853	LIST_INSERT_HEAD(&client->assertion_list, new_assertion, assertion_chain);
8854	}
8855
8856	static bool
8857	necp_client_remove_assertion(struct necp_client *client, uuid_t netagent_uuid)
8858	{
8859	struct necp_client_assertion *found_assertion = NULL;
8860	struct necp_client_assertion *search_assertion = NULL;
8861	LIST_FOREACH(search_assertion, &client->assertion_list, assertion_chain) {
8862	if (uuid_compare(uu1: search_assertion->asserted_netagent, uu2: netagent_uuid) == `0`) {
8863	found_assertion = search_assertion;
8864	break;
8865	}
8866	}
8867
8868	if (found_assertion == NULL) {
8869	NECPLOG0(LOG_ERR, "Netagent uuid not previously asserted");
8870	return false;
8871	}
8872
8873	LIST_REMOVE(found_assertion, assertion_chain);
8874	kfree_type(struct necp_client_assertion, found_assertion);
8875	return true;
8876	}
8877
8878	static NECP_CLIENT_ACTION_FUNCTION int
8879	necp_client_agent_action(struct necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
8880	{
8881	int error = `0`;
8882	struct necp_client *client = NULL;
8883	uuid_t client_id;
8884	bool acted_on_agent = FALSE;
8885	u_int8_t *parameters = NULL;
8886	const size_t buffer_size = uap->buffer_size;
8887
8888	if (uap->client_id == `0` \|\| uap->client_id_len != sizeof(uuid_t) \|\|
8889	buffer_size == `0` \|\| uap->buffer == `0`) {
8890	NECPLOG0(LOG_ERR, "necp_client_agent_action invalid parameters");
8891	error = EINVAL;
8892	goto done;
8893	}
8894
8895	error = copyin(uap->client_id, client_id, sizeof(uuid_t));
8896	if (error) {
8897	NECPLOG(LOG_ERR, "necp_client_agent_action copyin client_id error (%d)", error);
8898	goto done;
8899	}
8900
8901	if (buffer_size > NECP_MAX_AGENT_ACTION_SIZE) {
8902	NECPLOG(LOG_ERR, "necp_client_agent_action invalid buffer size (>%u)", NECP_MAX_AGENT_ACTION_SIZE);
8903	error = EINVAL;
8904	goto done;
8905	}
8906
8907	if ((parameters = (u_int8_t *)kalloc_data(buffer_size, Z_WAITOK \| Z_ZERO)) == NULL) {
8908	NECPLOG0(LOG_ERR, "necp_client_agent_action malloc failed");
8909	error = ENOMEM;
8910	goto done;
8911	}
8912
8913	error = copyin(uap->buffer, parameters, buffer_size);
8914	if (error) {
8915	NECPLOG(LOG_ERR, "necp_client_agent_action parameters copyin error (%d)", error);
8916	goto done;
8917	}
8918
8919	NECP_FD_LOCK(fd_data);
8920	client = necp_client_fd_find_client_and_lock(client_fd: fd_data, client_id);
8921	if (client != NULL) {
8922	size_t offset = `0`;
8923	while ((offset + sizeof(struct necp_tlv_header)) <= buffer_size) {
8924	u_int8_t type = necp_buffer_get_tlv_type(buffer: parameters, tlv_offset: offset);
8925	u_int32_t length = necp_buffer_get_tlv_length(buffer: parameters, tlv_offset: offset);
8926
8927	if (length > (buffer_size - (offset + sizeof(struct necp_tlv_header)))) {
8928	// If the length is larger than what can fit in the remaining parameters size, bail
8929	NECPLOG(LOG_ERR, "Invalid TLV length (%u)", length);
8930	break;
8931	}
8932
8933	if (length >= sizeof(uuid_t)) {
8934	u_int8_t *value = necp_buffer_get_tlv_value(buffer: parameters, tlv_offset: offset, NULL);
8935	if (value == NULL) {
8936	NECPLOG0(LOG_ERR, "Invalid TLV value");
8937	break;
8938	}
8939	if (type == NECP_CLIENT_PARAMETER_TRIGGER_AGENT \|\|
8940	type == NECP_CLIENT_PARAMETER_ASSERT_AGENT \|\|
8941	type == NECP_CLIENT_PARAMETER_UNASSERT_AGENT) {
8942	uuid_t agent_uuid;
8943	uuid_copy(dst: agent_uuid, src: value);
8944	u_int8_t netagent_message_type = `0`;
8945	if (type == NECP_CLIENT_PARAMETER_TRIGGER_AGENT) {
8946	netagent_message_type = NETAGENT_MESSAGE_TYPE_CLIENT_TRIGGER;
8947	} else if (type == NECP_CLIENT_PARAMETER_ASSERT_AGENT) {
8948	netagent_message_type = NETAGENT_MESSAGE_TYPE_CLIENT_ASSERT;
8949	} else if (type == NECP_CLIENT_PARAMETER_UNASSERT_AGENT) {
8950	netagent_message_type = NETAGENT_MESSAGE_TYPE_CLIENT_UNASSERT;
8951	}
8952
8953	// Before unasserting, verify that the assertion was already taken
8954	if (type == NECP_CLIENT_PARAMETER_UNASSERT_AGENT) {
8955	if (!necp_client_remove_assertion(client, netagent_uuid: agent_uuid)) {
8956	error = ENOENT;
8957	break;
8958	}
8959	}
8960
8961	struct necp_client_nexus_parameters parsed_parameters = {};
8962	necp_client_copy_parameters_locked(client, parameters: &parsed_parameters);
8963
8964	error = netagent_client_message_with_params(agent_uuid,
8965	necp_client_uuid: client_id,
8966	pid: fd_data->proc_pid,
8967	handle: client->agent_handle,
8968	message_type: netagent_message_type,
8969	parameters: (struct necp_client_agent_parameters *)&parsed_parameters,
8970	NULL, NULL);
8971	if (error == `0`) {
8972	acted_on_agent = TRUE;
8973	} else {
8974	break;
8975	}
8976
8977	// Only save the assertion if the action succeeded
8978	if (type == NECP_CLIENT_PARAMETER_ASSERT_AGENT) {
8979	necp_client_add_assertion(client, netagent_uuid: agent_uuid);
8980	}
8981	} else if (type == NECP_CLIENT_PARAMETER_AGENT_ADD_GROUP_MEMBERS \|\|
8982	type == NECP_CLIENT_PARAMETER_AGENT_REMOVE_GROUP_MEMBERS) {
8983	uuid_t agent_uuid;
8984	uuid_copy(dst: agent_uuid, src: value);
8985	u_int8_t netagent_message_type = `0`;
8986	if (type == NECP_CLIENT_PARAMETER_AGENT_ADD_GROUP_MEMBERS) {
8987	netagent_message_type = NETAGENT_MESSAGE_TYPE_ADD_GROUP_MEMBERS;
8988	} else if (type == NECP_CLIENT_PARAMETER_AGENT_REMOVE_GROUP_MEMBERS) {
8989	netagent_message_type = NETAGENT_MESSAGE_TYPE_REMOVE_GROUP_MEMBERS;
8990	}
8991
8992	struct necp_client_group_members group_members = {};
8993	group_members.group_members_length = (length - sizeof(uuid_t));
8994	group_members.group_members = (value + sizeof(uuid_t));
8995	error = netagent_client_message_with_params(agent_uuid,
8996	necp_client_uuid: client_id,
8997	pid: fd_data->proc_pid,
8998	handle: client->agent_handle,
8999	message_type: netagent_message_type,
9000	parameters: (struct necp_client_agent_parameters *)&group_members,
9001	NULL, NULL);
9002	if (error == `0`) {
9003	acted_on_agent = TRUE;
9004	} else {
9005	break;
9006	}
9007	} else if (type == NECP_CLIENT_PARAMETER_REPORT_AGENT_ERROR) {
9008	uuid_t agent_uuid;
9009	uuid_copy(dst: agent_uuid, src: value);
9010	struct necp_client_agent_parameters agent_params = {};
9011	if ((length - sizeof(uuid_t)) >= sizeof(agent_params.u.error.error)) {
9012	memcpy(dst: &agent_params.u.error.error,
9013	src: (value + sizeof(uuid_t)),
9014	n: sizeof(agent_params.u.error.error));
9015	}
9016	bool agent_reported = false;
9017	for (int agent_i = `0`; agent_i < NECP_FD_REPORTED_AGENT_COUNT; agent_i++) {
9018	if (uuid_compare(uu1: agent_uuid, uu2: fd_data->reported_agents.agent_uuid[agent_i]) == `0`) {
9019	// Found a match, already reported
9020	agent_reported = true;
9021	break;
9022	}
9023	}
9024	agent_params.u.error.force_report = !agent_reported;
9025	if (!agent_reported) {
9026	// Save this agent as having been reported
9027	bool saved_agent_uuid = false;
9028	for (int agent_i = `0`; agent_i < NECP_FD_REPORTED_AGENT_COUNT; agent_i++) {
9029	if (uuid_is_null(uu: fd_data->reported_agents.agent_uuid[agent_i])) {
9030	uuid_copy(dst: fd_data->reported_agents.agent_uuid[agent_i], src: agent_uuid);
9031	saved_agent_uuid = true;
9032	break;
9033	}
9034	}
9035	if (!saved_agent_uuid) {
9036	// Reported agent UUIDs full, move over and insert at the end
9037	for (int agent_i = `0`; agent_i < NECP_FD_REPORTED_AGENT_COUNT; agent_i++) {
9038	if (agent_i + `1` < NECP_FD_REPORTED_AGENT_COUNT) {
9039	uuid_copy(dst: fd_data->reported_agents.agent_uuid[agent_i], src: fd_data->reported_agents.agent_uuid[agent_i + `1`]);
9040	} else {
9041	uuid_copy(dst: fd_data->reported_agents.agent_uuid[agent_i], src: agent_uuid);
9042	}
9043	}
9044	}
9045	}
9046	error = netagent_client_message_with_params(agent_uuid,
9047	necp_client_uuid: client_id,
9048	pid: fd_data->proc_pid,
9049	handle: client->agent_handle,
9050	NETAGENT_MESSAGE_TYPE_CLIENT_ERROR,
9051	parameters: &agent_params,
9052	NULL, NULL);
9053	if (error == `0`) {
9054	acted_on_agent = TRUE;
9055	} else {
9056	break;
9057	}
9058	}
9059	}
9060
9061	offset += sizeof(struct necp_tlv_header) + length;
9062	}
9063
9064	NECP_CLIENT_UNLOCK(client);
9065	}
9066	NECP_FD_UNLOCK(fd_data);
9067
9068	if (!acted_on_agent &&
9069	error == `0`) {
9070	error = ENOENT;
9071	}
9072	done:
9073	*retval = error;
9074	if (parameters != NULL) {
9075	kfree_data(parameters, buffer_size);
9076	parameters = NULL;
9077	}
9078
9079	return error;
9080	}
9081
9082	static NECP_CLIENT_ACTION_FUNCTION int
9083	necp_client_copy_agent(__unused struct necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
9084	{
9085	int error = `0`;
9086	uuid_t agent_uuid;
9087	const size_t buffer_size = uap->buffer_size;
9088
9089	if (uap->client_id == `0` \|\| uap->client_id_len != sizeof(uuid_t) \|\|
9090	buffer_size == `0` \|\| uap->buffer == `0`) {
9091	NECPLOG0(LOG_ERR, "necp_client_copy_agent bad input");
9092	error = EINVAL;
9093	goto done;
9094	}
9095
9096	error = copyin(uap->client_id, agent_uuid, sizeof(uuid_t));
9097	if (error) {
9098	NECPLOG(LOG_ERR, "necp_client_copy_agent copyin agent_uuid error (%d)", error);
9099	goto done;
9100	}
9101
9102	error = netagent_copyout(uuid: agent_uuid, user_addr: uap->buffer, user_size: buffer_size);
9103	if (error) {
9104	// netagent_copyout already logs appropriate errors
9105	goto done;
9106	}
9107	done:
9108	*retval = error;
9109
9110	return error;
9111	}
9112
9113	static NECP_CLIENT_ACTION_FUNCTION int
9114	necp_client_agent_use(struct necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
9115	{
9116	int error = `0`;
9117	struct necp_client *client = NULL;
9118	uuid_t client_id;
9119	struct necp_agent_use_parameters parameters = {};
9120	const size_t buffer_size = uap->buffer_size;
9121
9122	if (uap->client_id == `0` \|\| uap->client_id_len != sizeof(uuid_t) \|\|
9123	buffer_size != sizeof(parameters) \|\| uap->buffer == `0`) {
9124	error = EINVAL;
9125	goto done;
9126	}
9127
9128	error = copyin(uap->client_id, client_id, sizeof(uuid_t));
9129	if (error) {
9130	NECPLOG(LOG_ERR, "Copyin client_id error (%d)", error);
9131	goto done;
9132	}
9133
9134	error = copyin(uap->buffer, &parameters, buffer_size);
9135	if (error) {
9136	NECPLOG(LOG_ERR, "Parameters copyin error (%d)", error);
9137	goto done;
9138	}
9139
9140	NECP_FD_LOCK(fd_data);
9141	client = necp_client_fd_find_client_and_lock(client_fd: fd_data, client_id);
9142	if (client != NULL) {
9143	error = netagent_use(agent_uuid: parameters.agent_uuid, out_use_count: &parameters.out_use_count);
9144	NECP_CLIENT_UNLOCK(client);
9145	} else {
9146	error = ENOENT;
9147	}
9148
9149	NECP_FD_UNLOCK(fd_data);
9150
9151	if (error == `0`) {
9152	error = copyout(&parameters, uap->buffer, buffer_size);
9153	if (error) {
9154	NECPLOG(LOG_ERR, "Parameters copyout error (%d)", error);
9155	goto done;
9156	}
9157	}
9158
9159	done:
9160	*retval = error;
9161
9162	return error;
9163	}
9164
9165	static NECP_CLIENT_ACTION_FUNCTION int
9166	necp_client_acquire_agent_token(__unused struct necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
9167	{
9168	int error = `0`;
9169	uuid_t agent_uuid = {};
9170	const size_t buffer_size = uap->buffer_size;
9171
9172	*retval = `0`;
9173
9174	if (uap->client_id == `0` \|\| uap->client_id_len != sizeof(uuid_t) \|\|
9175	buffer_size == `0` \|\| uap->buffer == `0`) {
9176	NECPLOG0(LOG_ERR, "necp_client_copy_agent bad input");
9177	error = EINVAL;
9178	goto done;
9179	}
9180
9181	error = copyin(uap->client_id, agent_uuid, sizeof(uuid_t));
9182	if (error) {
9183	NECPLOG(LOG_ERR, "necp_client_copy_agent copyin agent_uuid error (%d)", error);
9184	goto done;
9185	}
9186
9187	error = netagent_acquire_token(uuid: agent_uuid, user_addr: uap->buffer, user_size: buffer_size, retval);
9188	done:
9189	return error;
9190	}
9191
9192	static NECP_CLIENT_ACTION_FUNCTION int
9193	necp_client_copy_interface(__unused struct necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
9194	{
9195	int error = `0`;
9196	u_int32_t interface_index = `0`;
9197	struct necp_interface_details interface_details = {};
9198
9199	if (uap->client_id == `0` \|\| uap->client_id_len != sizeof(u_int32_t) \|\|
9200	uap->buffer_size < sizeof(interface_details) \|\|
9201	uap->buffer == `0`) {
9202	NECPLOG0(LOG_ERR, "necp_client_copy_interface bad input");
9203	error = EINVAL;
9204	goto done;
9205	}
9206
9207	error = copyin(uap->client_id, &interface_index, sizeof(u_int32_t));
9208	if (error) {
9209	NECPLOG(LOG_ERR, "necp_client_copy_interface copyin interface_index error (%d)", error);
9210	goto done;
9211	}
9212
9213	if (interface_index == `0`) {
9214	error = ENOENT;
9215	NECPLOG(LOG_ERR, "necp_client_copy_interface bad interface_index (%d)", interface_index);
9216	goto done;
9217	}
9218
9219	lck_mtx_lock(rnh_lock);
9220	ifnet_head_lock_shared();
9221	ifnet_t interface = NULL;
9222	if (interface_index != IFSCOPE_NONE && interface_index <= (u_int32_t)if_index) {
9223	interface = ifindex2ifnet[interface_index];
9224	}
9225
9226	if (interface != NULL) {
9227	if (interface->if_xname != NULL) {
9228	strlcpy(dst: (char )&interface_details.name, src: interface->if_xname, n: sizeof*(interface_details.name));
9229	}
9230	interface_details.index = interface->if_index;
9231	interface_details.generation = ifnet_get_generation(interface);
9232	if (interface->if_delegated.ifp != NULL) {
9233	interface_details.delegate_index = interface->if_delegated.ifp->if_index;
9234	}
9235	interface_details.functional_type = if_functional_type(interface, TRUE);
9236	if (IFNET_IS_EXPENSIVE(interface)) {
9237	interface_details.flags \|= NECP_INTERFACE_FLAG_EXPENSIVE;
9238	}
9239	if (IFNET_IS_CONSTRAINED(interface)) {
9240	interface_details.flags \|= NECP_INTERFACE_FLAG_CONSTRAINED;
9241	}
9242	if ((interface->if_eflags & IFEF_TXSTART) == IFEF_TXSTART) {
9243	interface_details.flags \|= NECP_INTERFACE_FLAG_TXSTART;
9244	}
9245	if ((interface->if_eflags & IFEF_NOACKPRI) == IFEF_NOACKPRI) {
9246	interface_details.flags \|= NECP_INTERFACE_FLAG_NOACKPRI;
9247	}
9248	if ((interface->if_eflags & IFEF_3CA) == IFEF_3CA) {
9249	interface_details.flags \|= NECP_INTERFACE_FLAG_3CARRIERAGG;
9250	}
9251	if (IFNET_IS_LOW_POWER(interface)) {
9252	interface_details.flags \|= NECP_INTERFACE_FLAG_IS_LOW_POWER;
9253	}
9254	if (interface->if_xflags & IFXF_MPK_LOG) {
9255	interface_details.flags \|= NECP_INTERFACE_FLAG_MPK_LOG;
9256	}
9257	if (interface->if_flags & IFF_MULTICAST) {
9258	interface_details.flags \|= NECP_INTERFACE_FLAG_SUPPORTS_MULTICAST;
9259	}
9260	if (IS_INTF_CLAT46(interface)) {
9261	interface_details.flags \|= NECP_INTERFACE_FLAG_HAS_NAT64;
9262	}
9263	interface_details.mtu = interface->if_mtu;
9264	#if SKYWALK
9265	fsw_get_tso_capabilities(interface, &interface_details.tso_max_segment_size_v4,
9266	&interface_details.tso_max_segment_size_v6);
9267
9268	interface_details.hwcsum_flags = interface->if_hwassist & IFNET_CHECKSUMF;
9269	#endif /* SKYWALK */
9270
9271	u_int8_t ipv4_signature_len = sizeof(interface_details.ipv4_signature.signature);
9272	u_int16_t ipv4_signature_flags;
9273	if (ifnet_get_netsignature(interface, AF_INET, &ipv4_signature_len, &ipv4_signature_flags,
9274	(u_int8_t *)&interface_details.ipv4_signature) != `0`) {
9275	ipv4_signature_len = `0`;
9276	}
9277	interface_details.ipv4_signature.signature_len = ipv4_signature_len;
9278
9279	// Check for default scoped routes for IPv4 and IPv6
9280	union necp_sockaddr_union default_address;
9281	struct rtentry *v4Route = NULL;
9282	memset(s: &default_address, c: `0`, n: sizeof(default_address));
9283	default_address.sa.sa_family = AF_INET;
9284	default_address.sa.sa_len = sizeof(struct sockaddr_in);
9285	v4Route = rtalloc1_scoped_locked((struct sockaddr *)&default_address, `0`, `0`,
9286	interface->if_index);
9287	if (v4Route != NULL) {
9288	if (v4Route->rt_ifp != NULL && !IS_INTF_CLAT46(v4Route->rt_ifp)) {
9289	interface_details.flags \|= NECP_INTERFACE_FLAG_IPV4_ROUTABLE;
9290	}
9291	rtfree_locked(v4Route);
9292	v4Route = NULL;
9293	}
9294
9295	struct rtentry *v6Route = NULL;
9296	memset(s: &default_address, c: `0`, n: sizeof(default_address));
9297	default_address.sa.sa_family = AF_INET6;
9298	default_address.sa.sa_len = sizeof(struct sockaddr_in6);
9299	v6Route = rtalloc1_scoped_locked((struct sockaddr *)&default_address, `0`, `0`,
9300	interface->if_index);
9301	if (v6Route != NULL) {
9302	if (v6Route->rt_ifp != NULL) {
9303	interface_details.flags \|= NECP_INTERFACE_FLAG_IPV6_ROUTABLE;
9304	}
9305	rtfree_locked(v6Route);
9306	v6Route = NULL;
9307	}
9308
9309	u_int8_t ipv6_signature_len = sizeof(interface_details.ipv6_signature.signature);
9310	u_int16_t ipv6_signature_flags;
9311	if (ifnet_get_netsignature(interface, AF_INET6, &ipv6_signature_len, &ipv6_signature_flags,
9312	(u_int8_t *)&interface_details.ipv6_signature) != `0`) {
9313	ipv6_signature_len = `0`;
9314	}
9315	interface_details.ipv6_signature.signature_len = ipv6_signature_len;
9316
9317	ifnet_lock_shared(ifp: interface);
9318	struct ifaddr *ifa = NULL;
9319	TAILQ_FOREACH(ifa, &interface->if_addrhead, ifa_link) {
9320	IFA_LOCK(ifa);
9321	if (ifa->ifa_addr->sa_family == AF_INET) {
9322	interface_details.flags \|= NECP_INTERFACE_FLAG_HAS_NETMASK;
9323	interface_details.ipv4_netmask = ((struct in_ifaddr *)ifa)->ia_sockmask.sin_addr.s_addr;
9324	if (interface->if_flags & IFF_BROADCAST) {
9325	interface_details.flags \|= NECP_INTERFACE_FLAG_HAS_BROADCAST;
9326	interface_details.ipv4_broadcast = ((struct in_ifaddr *)ifa)->ia_broadaddr.sin_addr.s_addr;
9327	}
9328	}
9329	IFA_UNLOCK(ifa);
9330	}
9331
9332	interface_details.radio_type = interface->if_radio_type;
9333	if (interface_details.radio_type == `0` && interface->if_delegated.ifp) {
9334	interface_details.radio_type = interface->if_delegated.ifp->if_radio_type;
9335	}
9336	ifnet_lock_done(ifp: interface);
9337	}
9338
9339	ifnet_head_done();
9340	lck_mtx_unlock(rnh_lock);
9341
9342	// If the client is using an older version of the struct, copy that length
9343	error = copyout(&interface_details, uap->buffer, sizeof(interface_details));
9344	if (error) {
9345	NECPLOG(LOG_ERR, "necp_client_copy_interface copyout error (%d)", error);
9346	goto done;
9347	}
9348	done:
9349	*retval = error;
9350
9351	return error;
9352	}
9353
9354	#if SKYWALK
9355
9356	static NECP_CLIENT_ACTION_FUNCTION int
9357	necp_client_get_interface_address(__unused struct necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
9358	{
9359	int error = `0`;
9360	u_int32_t interface_index = IFSCOPE_NONE;
9361	struct sockaddr_storage address = {};
9362	const size_t buffer_size = uap->buffer_size;
9363
9364	if (uap->client_id == `0` \|\| uap->client_id_len != sizeof(u_int32_t) \|\|
9365	buffer_size < sizeof(struct sockaddr_in) \|\|
9366	buffer_size > sizeof(struct sockaddr_storage) \|\|
9367	uap->buffer == `0`) {
9368	NECPLOG0(LOG_ERR, "necp_client_get_interface_address bad input");
9369	error = EINVAL;
9370	goto done;
9371	}
9372
9373	error = copyin(uap->client_id, &interface_index, sizeof(u_int32_t));
9374	if (error) {
9375	NECPLOG(LOG_ERR, "necp_client_get_interface_address copyin interface_index error (%d)", error);
9376	goto done;
9377	}
9378
9379	if (interface_index == IFSCOPE_NONE) {
9380	error = ENOENT;
9381	NECPLOG(LOG_ERR, "necp_client_get_interface_address bad interface_index (%d)", interface_index);
9382	goto done;
9383	}
9384
9385	error = copyin(uap->buffer, &address, buffer_size);
9386	if (error) {
9387	NECPLOG(LOG_ERR, "necp_client_get_interface_address copyin address error (%d)", error);
9388	goto done;
9389	}
9390
9391	if (address.ss_family != AF_INET && address.ss_family != AF_INET6) {
9392	error = EINVAL;
9393	NECPLOG(LOG_ERR, "necp_client_get_interface_address invalid address family (%u)", address.ss_family);
9394	goto done;
9395	}
9396
9397	if (address.ss_len != buffer_size) {
9398	error = EINVAL;
9399	NECPLOG(LOG_ERR, "necp_client_get_interface_address invalid address length (%u)", address.ss_len);
9400	goto done;
9401	}
9402
9403	ifnet_head_lock_shared();
9404	ifnet_t ifp = NULL;
9405	if (interface_index != IFSCOPE_NONE && interface_index <= (u_int32_t)if_index) {
9406	ifp = ifindex2ifnet[interface_index];
9407	}
9408	ifnet_head_done();
9409	if (ifp == NULL) {
9410	error = ENOENT;
9411	NECPLOG0(LOG_ERR, "necp_client_get_interface_address no matching interface found");
9412	goto done;
9413	}
9414
9415	struct rtentry rt = rtalloc1_scoped((struct* sockaddr *)&address, `0`, `0`, interface_index);
9416	if (rt == NULL) {
9417	error = EINVAL;
9418	NECPLOG0(LOG_ERR, "necp_client_get_interface_address route lookup failed");
9419	goto done;
9420	}
9421
9422	uint32_t gencount = `0`;
9423	struct sockaddr_storage local_address = {};
9424	error = flow_route_select_laddr((union sockaddr_in_4_6 *)&local_address,
9425	(union sockaddr_in_4_6 *)&address, ifp, rt, &gencount, `1`);
9426	rtfree(rt);
9427	rt = NULL;
9428
9429	if (error) {
9430	NECPLOG(LOG_ERR, "necp_client_get_interface_address local address selection failed (%d)", error);
9431	goto done;
9432	}
9433
9434	if (local_address.ss_len > buffer_size) {
9435	error = EMSGSIZE;
9436	NECPLOG(LOG_ERR, "necp_client_get_interface_address local address too long for buffer (%u)",
9437	local_address.ss_len);
9438	goto done;
9439	}
9440
9441	error = copyout(&local_address, uap->buffer, local_address.ss_len);
9442	if (error) {
9443	NECPLOG(LOG_ERR, "necp_client_get_interface_address copyout error (%d)", error);
9444	goto done;
9445	}
9446	done:
9447	*retval = error;
9448
9449	return error;
9450	}
9451
9452	extern char proc_name_address(void* *p);
9453
9454	int
9455	necp_stats_ctor(struct skmem_obj_info oi, struct* skmem_obj_info *oim,
9456	void *arg, uint32_t skmflag)
9457	{
9458	#pragma unused(arg, skmflag)
9459	struct necp_all_kstats *kstats = SKMEM_OBJ_ADDR(oi);
9460
9461	ASSERT(oim != NULL && SKMEM_OBJ_ADDR(oim) != NULL);
9462	ASSERT(SKMEM_OBJ_SIZE(oi) == SKMEM_OBJ_SIZE(oim));
9463
9464	kstats->necp_stats_ustats = SKMEM_OBJ_ADDR(oim);
9465
9466	return `0`;
9467	}
9468
9469	int
9470	necp_stats_dtor(void addr, void* *arg)
9471	{
9472	#pragma unused(addr, arg)
9473	struct necp_all_kstats *kstats = addr;
9474
9475	kstats->necp_stats_ustats = NULL;
9476
9477	return `0`;
9478	}
9479
9480	static void
9481	necp_fd_insert_stats_arena(struct necp_fd_data fd_data, struct* necp_arena_info *nai)
9482	{
9483	NECP_FD_ASSERT_LOCKED(fd_data);
9484	VERIFY(!(nai->nai_flags & NAIF_ATTACHED));
9485	VERIFY(nai->nai_chain.le_next == NULL && nai->nai_chain.le_prev == NULL);
9486
9487	LIST_INSERT_HEAD(&fd_data->stats_arena_list, nai, nai_chain);
9488	nai->nai_flags \|= NAIF_ATTACHED;
9489	necp_arena_info_retain(nai); // for the list
9490	}
9491
9492	static void
9493	necp_fd_remove_stats_arena(struct necp_fd_data fd_data, struct* necp_arena_info *nai)
9494	{
9495	#pragma unused(fd_data)
9496	NECP_FD_ASSERT_LOCKED(fd_data);
9497	VERIFY(nai->nai_flags & NAIF_ATTACHED);
9498	VERIFY(nai->nai_use_count >= `1`);
9499
9500	LIST_REMOVE(nai, nai_chain);
9501	nai->nai_flags &= ~NAIF_ATTACHED;
9502	nai->nai_chain.le_next = NULL;
9503	nai->nai_chain.le_prev = NULL;
9504	necp_arena_info_release(nai); // for the list
9505	}
9506
9507	static struct necp_arena_info *
9508	necp_fd_mredirect_stats_arena(struct necp_fd_data fd_data, struct* proc *proc)
9509	{
9510	struct necp_arena_info nai, nai_ret = NULL;
9511
9512	NECP_FD_ASSERT_LOCKED(fd_data);
9513
9514	// Redirect currently-active stats arena and remove it from the active state;
9515	// upon process resumption, new flow request would trigger the creation of
9516	// another active arena.
9517	if ((nai = fd_data->stats_arena_active) != NULL) {
9518	boolean_t need_defunct = FALSE;
9519
9520	ASSERT(!(nai->nai_flags & (NAIF_REDIRECT \| NAIF_DEFUNCT)));
9521	VERIFY(nai->nai_use_count >= `2`);
9522	ASSERT(nai->nai_arena != NULL);
9523	ASSERT(nai->nai_mmap.ami_mapref != NULL);
9524
9525	int err = skmem_arena_mredirect(nai->nai_arena, &nai->nai_mmap, proc, &need_defunct);
9526	VERIFY(err == `0`);
9527	// must be TRUE since we don't mmap the arena more than once
9528	VERIFY(need_defunct == TRUE);
9529
9530	nai->nai_flags \|= NAIF_REDIRECT;
9531	nai_ret = nai; // return to caller
9532
9533	necp_arena_info_release(nai); // for fd_data
9534	fd_data->stats_arena_active = nai = NULL;
9535	}
9536
9537	#if (DEVELOPMENT \|\| DEBUG)
9538	// make sure this list now contains nothing but redirected/defunct arenas
9539	LIST_FOREACH(nai, &fd_data->stats_arena_list, nai_chain) {
9540	ASSERT(nai->nai_use_count >= `1`);
9541	ASSERT(nai->nai_flags & (NAIF_REDIRECT \| NAIF_DEFUNCT));
9542	}
9543	#endif /* (DEVELOPMENT \|\| DEBUG) */
9544
9545	return nai_ret;
9546	}
9547
9548	static void
9549	necp_arena_info_retain(struct necp_arena_info *nai)
9550	{
9551	nai->nai_use_count++;
9552	VERIFY(nai->nai_use_count != `0`);
9553	}
9554
9555	static void
9556	necp_arena_info_release(struct necp_arena_info *nai)
9557	{
9558	VERIFY(nai->nai_use_count > `0`);
9559	if (--nai->nai_use_count == `0`) {
9560	necp_arena_info_free(nai);
9561	}
9562	}
9563
9564	static struct necp_arena_info *
9565	necp_arena_info_alloc(void)
9566	{
9567	return zalloc_flags(necp_arena_info_zone, Z_WAITOK \| Z_ZERO);
9568	}
9569
9570	static void
9571	necp_arena_info_free(struct necp_arena_info *nai)
9572	{
9573	VERIFY(nai->nai_chain.le_next == NULL && nai->nai_chain.le_prev == NULL);
9574	VERIFY(nai->nai_use_count == `0`);
9575
9576	// NOTE: destroying the arena requires that all outstanding objects
9577	// that were allocated have been freed, else it will assert.
9578	if (nai->nai_arena != NULL) {
9579	skmem_arena_munmap(nai->nai_arena, &nai->nai_mmap);
9580	skmem_arena_release(nai->nai_arena);
9581	OSDecrementAtomic(&necp_arena_count);
9582	nai->nai_arena = NULL;
9583	nai->nai_roff = `0`;
9584	}
9585
9586	ASSERT(nai->nai_arena == NULL);
9587	ASSERT(nai->nai_mmap.ami_mapref == NULL);
9588	ASSERT(nai->nai_mmap.ami_arena == NULL);
9589	ASSERT(nai->nai_mmap.ami_maptask == TASK_NULL);
9590
9591	zfree(necp_arena_info_zone, nai);
9592	}
9593
9594	static int
9595	necp_arena_create(struct necp_fd_data fd_data, size_t obj_size, size_t obj_cnt, struct* proc *p)
9596	{
9597	struct skmem_region_params srp_ustats = {};
9598	struct skmem_region_params srp_kstats = {};
9599	struct necp_arena_info *nai;
9600	char name[`32`];
9601	int error = `0`;
9602
9603	NECP_FD_ASSERT_LOCKED(fd_data);
9604	ASSERT(fd_data->stats_arena_active == NULL);
9605	ASSERT(p != PROC_NULL);
9606	ASSERT(proc_pid(p) == fd_data->proc_pid);
9607
9608	// inherit the default parameters for the stats region
9609	srp_ustats = *skmem_get_default(SKMEM_REGION_USTATS);
9610	srp_kstats = *skmem_get_default(SKMEM_REGION_KSTATS);
9611
9612	// enable multi-segment mode
9613	srp_ustats.srp_cflags &= ~SKMEM_REGION_CR_MONOLITHIC;
9614	srp_kstats.srp_cflags &= ~SKMEM_REGION_CR_MONOLITHIC;
9615
9616	// configure and adjust the region parameters
9617	srp_ustats.srp_r_obj_cnt = srp_kstats.srp_r_obj_cnt = obj_cnt;
9618	srp_ustats.srp_r_obj_size = srp_kstats.srp_r_obj_size = obj_size;
9619	skmem_region_params_config(&srp_ustats);
9620	skmem_region_params_config(&srp_kstats);
9621
9622	nai = necp_arena_info_alloc();
9623
9624	nai->nai_proc_pid = fd_data->proc_pid;
9625	(void) snprintf(name, count: sizeof(name), "stats-%u.%s.%d", fd_data->stats_arena_gencnt, proc_name_address(p), fd_data->proc_pid);
9626	nai->nai_arena = skmem_arena_create_for_necp(name, &srp_ustats, &srp_kstats, &error);
9627	ASSERT(nai->nai_arena != NULL \|\| error != `0`);
9628	if (error != `0`) {
9629	NECPLOG(LOG_ERR, "failed to create stats arena for pid %d\n", fd_data->proc_pid);
9630	} else {
9631	OSIncrementAtomic(&necp_arena_count);
9632
9633	// Get region offsets from base of mmap span; the arena
9634	// doesn't need to be mmap'd at this point, since we simply
9635	// compute the relative offset.
9636	nai->nai_roff = skmem_arena_get_region_offset(nai->nai_arena, SKMEM_REGION_USTATS);
9637
9638	// map to the task/process; upon success, the base address of the region
9639	// will be returned in nai_mmap.ami_mapaddr; this can be communicated to
9640	// the process.
9641	error = skmem_arena_mmap(nai->nai_arena, p, &nai->nai_mmap);
9642	if (error != `0`) {
9643	NECPLOG(LOG_ERR, "failed to map stats arena for pid %d\n", fd_data->proc_pid);
9644	}
9645	}
9646
9647	if (error == `0`) {
9648	fd_data->stats_arena_active = nai;
9649	necp_arena_info_retain(nai); // for fd_data
9650	necp_fd_insert_stats_arena(fd_data, nai);
9651	++fd_data->stats_arena_gencnt;
9652	} else {
9653	necp_arena_info_free(nai);
9654	}
9655
9656	return error;
9657	}
9658
9659	static int
9660	necp_arena_stats_obj_alloc(struct necp_fd_data *fd_data,
9661	mach_vm_offset_t *off,
9662	struct necp_arena_info **stats_arena,
9663	void **kstats_kaddr,
9664	boolean_t cansleep)
9665	{
9666	struct skmem_cache *kstats_cp = NULL;
9667	void *ustats_obj = NULL;
9668	void *kstats_obj = NULL;
9669	struct necp_all_kstats *kstats = NULL;
9670	struct skmem_obj_info kstats_oi = {};
9671
9672	ASSERT(off != NULL);
9673	ASSERT(stats_arena != NULL && *stats_arena == NULL);
9674	ASSERT(kstats_kaddr != NULL && *kstats_kaddr == NULL);
9675
9676	NECP_FD_ASSERT_LOCKED(fd_data);
9677	ASSERT(fd_data->stats_arena_active != NULL);
9678	ASSERT(fd_data->stats_arena_active->nai_arena != NULL);
9679
9680	kstats_cp = skmem_arena_necp(fd_data->stats_arena_active->nai_arena)->arc_kstats_cache;
9681	if ((kstats_obj = skmem_cache_alloc(kstats_cp, (cansleep ? SKMEM_SLEEP : SKMEM_NOSLEEP))) == NULL) {
9682	return ENOMEM;
9683	}
9684
9685	kstats = (struct necp_all_kstats*)kstats_obj;
9686	ustats_obj = kstats->necp_stats_ustats;
9687
9688	skmem_cache_get_obj_info(kstats_cp, kstats_obj, &kstats_oi, NULL);
9689	ASSERT(SKMEM_OBJ_SIZE(&kstats_oi) >= sizeof(struct necp_all_stats));
9690	// reset all stats counters
9691	bzero(s: ustats_obj, SKMEM_OBJ_SIZE(&kstats_oi));
9692	bzero(s: &kstats->necp_stats_comm, n: sizeof(struct necp_all_stats));
9693	*stats_arena = fd_data->stats_arena_active;
9694	*kstats_kaddr = kstats_obj;
9695	// kstats and ustats are mirrored and have the same offset
9696	*off = fd_data->stats_arena_active->nai_roff + SKMEM_OBJ_ROFF(&kstats_oi);
9697
9698	return `0`;
9699	}
9700
9701	static void
9702	necp_arena_stats_obj_free(struct necp_fd_data fd_data, struct* necp_arena_info stats_arena, void* *kstats_kaddr, mach_vm_address_t ustats_uaddr)
9703	{
9704	#pragma unused(fd_data)
9705	NECP_FD_ASSERT_LOCKED(fd_data);
9706
9707	ASSERT(stats_arena != NULL);
9708	ASSERT(stats_arena->nai_arena != NULL);
9709	ASSERT(kstats_kaddr != NULL && *kstats_kaddr != NULL);
9710	ASSERT(ustats_uaddr != NULL);
9711
9712	skmem_cache_free(skmem_arena_necp(stats_arena->nai_arena)->arc_kstats_cache, *kstats_kaddr);
9713	*kstats_kaddr = NULL;
9714	*ustats_uaddr = `0`;
9715	}
9716
9717	// This routine returns the KVA of the sysctls object, as well as the
9718	// offset of that object relative to the mmap base address for the
9719	// task/process.
9720	static void *
9721	necp_arena_sysctls_obj(struct necp_fd_data fd_data, mach_vm_offset_t off, size_t *size)
9722	{
9723	void *objaddr;
9724
9725	NECP_FD_ASSERT_LOCKED(fd_data);
9726	ASSERT(fd_data->sysctl_arena != NULL);
9727
9728	// kernel virtual address of the sysctls object
9729	objaddr = skmem_arena_system_sysctls_obj_addr(fd_data->sysctl_arena);
9730	ASSERT(objaddr != NULL);
9731
9732	// Return the relative offset of the sysctls object; there is
9733	// only 1 object in the entire sysctls region, and therefore the
9734	// object's offset is simply the region's offset in the arena.
9735	// (sysctl_mmap.ami_mapaddr + offset) is the address of this object
9736	// in the task/process.
9737	if (off != NULL) {
9738	*off = fd_data->system_sysctls_roff;
9739	}
9740
9741	if (size != NULL) {
9742	*size = skmem_arena_system_sysctls_obj_size(fd_data->sysctl_arena);
9743	ASSERT(*size != `0`);
9744	}
9745
9746	return objaddr;
9747	}
9748
9749	static void
9750	necp_stats_arenas_destroy(struct necp_fd_data *fd_data, boolean_t closing)
9751	{
9752	struct necp_arena_info nai, nai_tmp;
9753
9754	NECP_FD_ASSERT_LOCKED(fd_data);
9755
9756	// If reaping (not closing), release reference only for idle active arena; the reference
9757	// count must be 2 by now, when it's not being referred to by any clients/flows.
9758	if ((nai = fd_data->stats_arena_active) != NULL && (closing \|\| nai->nai_use_count == `2`)) {
9759	VERIFY(nai->nai_use_count >= `2`);
9760	necp_arena_info_release(nai); // for fd_data
9761	fd_data->stats_arena_active = NULL;
9762	}
9763
9764	// clean up any defunct arenas left in the list
9765	LIST_FOREACH_SAFE(nai, &fd_data->stats_arena_list, nai_chain, nai_tmp) {
9766	// If reaping, release reference if the list holds the last one
9767	if (closing \|\| nai->nai_use_count == `1`) {
9768	VERIFY(nai->nai_use_count >= `1`);
9769	// callee unchains nai (and may free it)
9770	necp_fd_remove_stats_arena(fd_data, nai);
9771	}
9772	}
9773	}
9774
9775	static void
9776	necp_sysctl_arena_destroy(struct necp_fd_data *fd_data)
9777	{
9778	NECP_FD_ASSERT_LOCKED(fd_data);
9779
9780	// NOTE: destroying the arena requires that all outstanding objects
9781	// that were allocated have been freed, else it will assert.
9782	if (fd_data->sysctl_arena != NULL) {
9783	skmem_arena_munmap(fd_data->sysctl_arena, &fd_data->sysctl_mmap);
9784	skmem_arena_release(fd_data->sysctl_arena);
9785	OSDecrementAtomic(&necp_sysctl_arena_count);
9786	fd_data->sysctl_arena = NULL;
9787	fd_data->system_sysctls_roff = `0`;
9788	}
9789	}
9790
9791	static int
9792	necp_arena_initialize(struct necp_fd_data *fd_data, bool locked)
9793	{
9794	int error = `0`;
9795	size_t stats_obj_size = MAX(sizeof(struct necp_all_stats), sizeof(struct necp_all_kstats));
9796
9797	if (!locked) {
9798	NECP_FD_LOCK(fd_data);
9799	}
9800	if (fd_data->stats_arena_active == NULL) {
9801	error = necp_arena_create(fd_data, obj_size: stats_obj_size,
9802	NECP_MAX_PER_PROCESS_CLIENT_STATISTICS_STRUCTS,
9803	p: current_proc());
9804	}
9805	if (!locked) {
9806	NECP_FD_UNLOCK(fd_data);
9807	}
9808
9809	return error;
9810	}
9811
9812	static int
9813	necp_sysctl_arena_initialize(struct necp_fd_data *fd_data, bool locked)
9814	{
9815	int error = `0`;
9816
9817	if (!locked) {
9818	NECP_FD_LOCK(fd_data);
9819	}
9820
9821	NECP_FD_ASSERT_LOCKED(fd_data);
9822
9823	if (fd_data->sysctl_arena == NULL) {
9824	char name[`32`];
9825	struct proc *p = current_proc();
9826
9827	ASSERT(p != PROC_NULL);
9828	ASSERT(proc_pid(p) == fd_data->proc_pid);
9829
9830	(void) snprintf(name, count: sizeof(name), "sysctl.%s.%d", proc_name_address(p), fd_data->proc_pid);
9831	fd_data->sysctl_arena = skmem_arena_create_for_system(name, &error);
9832	ASSERT(fd_data->sysctl_arena != NULL \|\| error != `0`);
9833	if (error != `0`) {
9834	NECPLOG(LOG_ERR, "failed to create arena for pid %d\n", fd_data->proc_pid);
9835	} else {
9836	OSIncrementAtomic(&necp_sysctl_arena_count);
9837
9838	// Get region offsets from base of mmap span; the arena
9839	// doesn't need to be mmap'd at this point, since we simply
9840	// compute the relative offset.
9841	fd_data->system_sysctls_roff = skmem_arena_get_region_offset(fd_data->sysctl_arena, SKMEM_REGION_SYSCTLS);
9842
9843	// map to the task/process; upon success, the base address of the region
9844	// will be returned in nai_mmap.ami_mapaddr; this can be communicated to
9845	// the process.
9846	error = skmem_arena_mmap(fd_data->sysctl_arena, p, &fd_data->sysctl_mmap);
9847	if (error != `0`) {
9848	NECPLOG(LOG_ERR, "failed to map sysctl arena for pid %d\n", fd_data->proc_pid);
9849	necp_sysctl_arena_destroy(fd_data);
9850	}
9851	}
9852	}
9853
9854	if (!locked) {
9855	NECP_FD_UNLOCK(fd_data);
9856	}
9857
9858	return error;
9859	}
9860
9861	static int
9862	necp_client_stats_bufreq(struct necp_fd_data *fd_data,
9863	struct necp_client *client,
9864	struct necp_client_flow_registration *flow_registration,
9865	struct necp_stats_bufreq *bufreq,
9866	struct necp_stats_hdr *out_header)
9867	{
9868	int error = `0`;
9869	NECP_CLIENT_ASSERT_LOCKED(client);
9870	NECP_FD_ASSERT_LOCKED(fd_data);
9871
9872	if ((bufreq->necp_stats_bufreq_id == NECP_CLIENT_STATISTICS_BUFREQ_ID) &&
9873	((bufreq->necp_stats_bufreq_type == NECP_CLIENT_STATISTICS_TYPE_TCP &&
9874	bufreq->necp_stats_bufreq_ver == NECP_CLIENT_STATISTICS_TYPE_TCP_CURRENT_VER) \|\|
9875	(bufreq->necp_stats_bufreq_type == NECP_CLIENT_STATISTICS_TYPE_UDP &&
9876	bufreq->necp_stats_bufreq_ver == NECP_CLIENT_STATISTICS_TYPE_UDP_CURRENT_VER) \|\|
9877	(bufreq->necp_stats_bufreq_type == NECP_CLIENT_STATISTICS_TYPE_QUIC &&
9878	bufreq->necp_stats_bufreq_ver == NECP_CLIENT_STATISTICS_TYPE_QUIC_CURRENT_VER)) &&
9879	(bufreq->necp_stats_bufreq_size == sizeof(struct necp_all_stats))) {
9880	// There should be one and only one stats allocation per client.
9881	// If asked more than once, we just repeat ourselves.
9882	if (flow_registration->ustats_uaddr == `0`) {
9883	mach_vm_offset_t off;
9884	ASSERT(flow_registration->stats_arena == NULL);
9885	ASSERT(flow_registration->kstats_kaddr == NULL);
9886	ASSERT(flow_registration->ustats_uaddr == `0`);
9887	error = necp_arena_stats_obj_alloc(fd_data, off: &off, stats_arena: &flow_registration->stats_arena, kstats_kaddr: &flow_registration->kstats_kaddr, FALSE);
9888	if (error == `0`) {
9889	// upon success, hold a reference for the client; this is released when the client is removed/closed
9890	ASSERT(flow_registration->stats_arena != NULL);
9891	necp_arena_info_retain(nai: flow_registration->stats_arena);
9892
9893	// compute user address based on mapping info and object offset
9894	flow_registration->ustats_uaddr = flow_registration->stats_arena->nai_mmap.ami_mapaddr + off;
9895
9896	// add to collect_stats list
9897	NECP_STATS_LIST_LOCK_EXCLUSIVE();
9898	necp_client_retain_locked(client); // Add a reference to the client
9899	LIST_INSERT_HEAD(&necp_collect_stats_flow_list, flow_registration, collect_stats_chain);
9900	NECP_STATS_LIST_UNLOCK();
9901	necp_schedule_collect_stats_clients(FALSE);
9902	} else {
9903	ASSERT(flow_registration->stats_arena == NULL);
9904	ASSERT(flow_registration->kstats_kaddr == NULL);
9905	}
9906	}
9907	if (flow_registration->ustats_uaddr != `0`) {
9908	ASSERT(error == `0`);
9909	ASSERT(flow_registration->stats_arena != NULL);
9910	ASSERT(flow_registration->kstats_kaddr != NULL);
9911
9912	struct necp_all_kstats kstats = (struct* necp_all_kstats *)flow_registration->kstats_kaddr;
9913	kstats->necp_stats_ustats->all_stats_u.tcp_stats.necp_tcp_hdr.necp_stats_type = bufreq->necp_stats_bufreq_type;
9914	kstats->necp_stats_ustats->all_stats_u.tcp_stats.necp_tcp_hdr.necp_stats_ver = bufreq->necp_stats_bufreq_ver;
9915
9916	if (out_header) {
9917	out_header->necp_stats_type = bufreq->necp_stats_bufreq_type;
9918	out_header->necp_stats_ver = bufreq->necp_stats_bufreq_ver;
9919	}
9920
9921	bufreq->necp_stats_bufreq_uaddr = flow_registration->ustats_uaddr;
9922	}
9923	} else {
9924	error = EINVAL;
9925	}
9926
9927	return error;
9928	}
9929
9930	static int
9931	necp_client_stats_initial(struct necp_client_flow_registration *flow_registration, uint32_t stats_type, uint32_t stats_ver)
9932	{
9933	// An attempted create
9934	assert(flow_registration->stats_handler_context == NULL);
9935	assert(flow_registration->stats_arena);
9936	assert(flow_registration->ustats_uaddr);
9937	assert(flow_registration->kstats_kaddr);
9938
9939	int error = `0`;
9940	uint64_t ntstat_properties = necp_find_netstat_initial_properties(client: flow_registration->client);
9941
9942	switch (stats_type) {
9943	case NECP_CLIENT_STATISTICS_TYPE_TCP: {
9944	if (stats_ver == NECP_CLIENT_STATISTICS_TYPE_TCP_VER_1) {
9945	flow_registration->stats_handler_context = ntstat_userland_stats_open(ctx: (userland_stats_provider_context *)flow_registration,
9946	provider_id: NSTAT_PROVIDER_TCP_USERLAND, properties: ntstat_properties, req_fn: necp_request_tcp_netstats, req_extension_fn: necp_find_extension_info);
9947	if (flow_registration->stats_handler_context == NULL) {
9948	error = EIO;
9949	}
9950	} else {
9951	error = ENOTSUP;
9952	}
9953	break;
9954	}
9955	case NECP_CLIENT_STATISTICS_TYPE_UDP: {
9956	if (stats_ver == NECP_CLIENT_STATISTICS_TYPE_UDP_VER_1) {
9957	flow_registration->stats_handler_context = ntstat_userland_stats_open(ctx: (userland_stats_provider_context *)flow_registration,
9958	provider_id: NSTAT_PROVIDER_UDP_USERLAND, properties: ntstat_properties, req_fn: necp_request_udp_netstats, req_extension_fn: necp_find_extension_info);
9959	if (flow_registration->stats_handler_context == NULL) {
9960	error = EIO;
9961	}
9962	} else {
9963	error = ENOTSUP;
9964	}
9965	break;
9966	}
9967	case NECP_CLIENT_STATISTICS_TYPE_QUIC: {
9968	if (stats_ver == NECP_CLIENT_STATISTICS_TYPE_QUIC_VER_1 && flow_registration->flags & NECP_CLIENT_FLOW_FLAGS_ALLOW_NEXUS) {
9969	flow_registration->stats_handler_context = ntstat_userland_stats_open(ctx: (userland_stats_provider_context *)flow_registration,
9970	provider_id: NSTAT_PROVIDER_QUIC_USERLAND, properties: ntstat_properties, req_fn: necp_request_quic_netstats, req_extension_fn: necp_find_extension_info);
9971	if (flow_registration->stats_handler_context == NULL) {
9972	error = EIO;
9973	}
9974	} else {
9975	error = ENOTSUP;
9976	}
9977	break;
9978	}
9979	default: {
9980	error = ENOTSUP;
9981	break;
9982	}
9983	}
9984	return error;
9985	}
9986
9987	static int
9988	necp_stats_initialize(struct necp_fd_data *fd_data,
9989	struct necp_client *client,
9990	struct necp_client_flow_registration *flow_registration,
9991	struct necp_stats_bufreq *bufreq)
9992	{
9993	int error = `0`;
9994	struct necp_stats_hdr stats_hdr = {};
9995
9996	NECP_CLIENT_ASSERT_LOCKED(client);
9997	NECP_FD_ASSERT_LOCKED(fd_data);
9998	VERIFY(fd_data->stats_arena_active != NULL);
9999	VERIFY(fd_data->stats_arena_active->nai_arena != NULL);
10000	VERIFY(!(fd_data->stats_arena_active->nai_flags & (NAIF_REDIRECT \| NAIF_DEFUNCT)));
10001
10002	if (bufreq == NULL) {
10003	return EINVAL;
10004	}
10005
10006	// Setup stats region
10007	error = necp_client_stats_bufreq(fd_data, client, flow_registration, bufreq, out_header: &stats_hdr);
10008	if (error) {
10009	return error;
10010	}
10011	// Notify ntstat about new flow
10012	if (flow_registration->stats_handler_context == NULL) {
10013	error = necp_client_stats_initial(flow_registration, stats_type: stats_hdr.necp_stats_type, stats_ver: stats_hdr.necp_stats_ver);
10014	if (flow_registration->stats_handler_context != NULL) {
10015	ntstat_userland_stats_event(nstat_ctx: flow_registration->stats_handler_context, NECP_CLIENT_STATISTICS_EVENT_INIT);
10016	}
10017	NECP_CLIENT_FLOW_LOG(client, flow_registration, "Initialized stats <error %d>", error);
10018	}
10019
10020	return error;
10021	}
10022
10023	static NECP_CLIENT_ACTION_FUNCTION int
10024	necp_client_map_sysctls(__unused struct necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
10025	{
10026	int result = `0`;
10027	if (!retval) {
10028	retval = &result;
10029	}
10030
10031	do {
10032	mach_vm_address_t uaddr = `0`;
10033	if (uap->buffer_size != sizeof(uaddr)) {
10034	*retval = EINVAL;
10035	break;
10036	}
10037
10038	*retval = necp_sysctl_arena_initialize(fd_data, false);
10039	if (*retval != `0`) {
10040	break;
10041	}
10042
10043	mach_vm_offset_t off = `0`;
10044	void *location = NULL;
10045	NECP_FD_LOCK(fd_data);
10046	location = necp_arena_sysctls_obj(fd_data, off: &off, NULL);
10047	NECP_FD_UNLOCK(fd_data);
10048
10049	if (location == NULL) {
10050	*retval = ENOENT;
10051	break;
10052	}
10053
10054	uaddr = fd_data->sysctl_mmap.ami_mapaddr + off;
10055	retval = copyout(&uaddr, uap->buffer, sizeof*(uaddr));
10056	} while (false);
10057
10058	return *retval;
10059	}
10060
10061	#endif /* !SKYWALK */
10062
10063	static NECP_CLIENT_ACTION_FUNCTION int
10064	necp_client_copy_route_statistics(__unused struct necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
10065	{
10066	int error = `0`;
10067	struct necp_client *client = NULL;
10068	uuid_t client_id;
10069
10070	if (uap->client_id == `0` \|\| uap->client_id_len != sizeof(uuid_t) \|\|
10071	uap->buffer_size < sizeof(struct necp_stat_counts) \|\| uap->buffer == `0`) {
10072	NECPLOG0(LOG_ERR, "necp_client_copy_route_statistics bad input");
10073	error = EINVAL;
10074	goto done;
10075	}
10076
10077	error = copyin(uap->client_id, client_id, sizeof(uuid_t));
10078	if (error) {
10079	NECPLOG(LOG_ERR, "necp_client_copy_route_statistics copyin client_id error (%d)", error);
10080	goto done;
10081	}
10082
10083	// Lock
10084	NECP_FD_LOCK(fd_data);
10085	client = necp_client_fd_find_client_and_lock(client_fd: fd_data, client_id);
10086	if (client != NULL) {
10087	NECP_CLIENT_ROUTE_LOCK(client);
10088	struct necp_stat_counts route_stats = {};
10089	if (client->current_route != NULL && client->current_route->rt_stats != NULL) {
10090	struct nstat_counts *rt_stats = client->current_route->rt_stats;
10091	route_stats.necp_stat_rxpackets = os_atomic_load(&rt_stats->nstat_rxpackets, relaxed);
10092	route_stats.necp_stat_rxbytes = os_atomic_load(&rt_stats->nstat_rxbytes, relaxed);
10093	route_stats.necp_stat_txpackets = os_atomic_load(&rt_stats->nstat_txpackets, relaxed);
10094	route_stats.necp_stat_txbytes = os_atomic_load(&rt_stats->nstat_txbytes, relaxed);
10095	route_stats.necp_stat_rxduplicatebytes = rt_stats->nstat_rxduplicatebytes;
10096	route_stats.necp_stat_rxoutoforderbytes = rt_stats->nstat_rxoutoforderbytes;
10097	route_stats.necp_stat_txretransmit = rt_stats->nstat_txretransmit;
10098	route_stats.necp_stat_connectattempts = rt_stats->nstat_connectattempts;
10099	route_stats.necp_stat_connectsuccesses = rt_stats->nstat_connectsuccesses;
10100	route_stats.necp_stat_min_rtt = rt_stats->nstat_min_rtt;
10101	route_stats.necp_stat_avg_rtt = rt_stats->nstat_avg_rtt;
10102	route_stats.necp_stat_var_rtt = rt_stats->nstat_var_rtt;
10103	route_stats.necp_stat_route_flags = client->current_route->rt_flags;
10104	}
10105
10106	// Unlock before copying out
10107	NECP_CLIENT_ROUTE_UNLOCK(client);
10108	NECP_CLIENT_UNLOCK(client);
10109	NECP_FD_UNLOCK(fd_data);
10110
10111	error = copyout(&route_stats, uap->buffer, sizeof(route_stats));
10112	if (error) {
10113	NECPLOG(LOG_ERR, "necp_client_copy_route_statistics copyout error (%d)", error);
10114	}
10115	} else {
10116	// Unlock
10117	NECP_FD_UNLOCK(fd_data);
10118	error = ENOENT;
10119	}
10120
10121
10122	done:
10123	*retval = error;
10124	return error;
10125	}
10126
10127	static NECP_CLIENT_ACTION_FUNCTION int
10128	necp_client_update_cache(struct necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
10129	{
10130	int error = `0`;
10131	struct necp_client *client = NULL;
10132	uuid_t client_id;
10133
10134	if (uap->client_id == `0` \|\| uap->client_id_len != sizeof(uuid_t)) {
10135	error = EINVAL;
10136	goto done;
10137	}
10138
10139	error = copyin(uap->client_id, client_id, sizeof(uuid_t));
10140	if (error) {
10141	NECPLOG(LOG_ERR, "necp_client_update_cache copyin client_id error (%d)", error);
10142	goto done;
10143	}
10144
10145	NECP_FD_LOCK(fd_data);
10146	client = necp_client_fd_find_client_and_lock(client_fd: fd_data, client_id);
10147	if (client == NULL) {
10148	NECP_FD_UNLOCK(fd_data);
10149	error = ENOENT;
10150	goto done;
10151	}
10152
10153	struct necp_client_flow_registration *flow_registration = necp_client_find_flow(client, flow_id: client_id);
10154	if (flow_registration == NULL) {
10155	NECP_CLIENT_UNLOCK(client);
10156	NECP_FD_UNLOCK(fd_data);
10157	error = ENOENT;
10158	goto done;
10159	}
10160
10161	NECP_CLIENT_ROUTE_LOCK(client);
10162	// This needs to be changed when TFO/ECN is supported by multiple flows
10163	struct necp_client_flow *flow = LIST_FIRST(&flow_registration->flow_list);
10164	if (flow == NULL \|\|
10165	(flow->remote_addr.sa.sa_family != AF_INET &&
10166	flow->remote_addr.sa.sa_family != AF_INET6) \|\|
10167	(flow->local_addr.sa.sa_family != AF_INET &&
10168	flow->local_addr.sa.sa_family != AF_INET6)) {
10169	error = EINVAL;
10170	NECPLOG(LOG_ERR, "necp_client_update_cache no flow error (%d)", error);
10171	goto done_unlock;
10172	}
10173
10174	necp_cache_buffer cache_buffer;
10175	memset(s: &cache_buffer, c: `0`, n: sizeof(cache_buffer));
10176
10177	if (uap->buffer_size != sizeof(necp_cache_buffer) \|\|
10178	uap->buffer == USER_ADDR_NULL) {
10179	error = EINVAL;
10180	goto done_unlock;
10181	}
10182
10183	error = copyin(uap->buffer, &cache_buffer, sizeof(cache_buffer));
10184	if (error) {
10185	NECPLOG(LOG_ERR, "necp_client_update_cache copyin cache buffer error (%d)", error);
10186	goto done_unlock;
10187	}
10188
10189	if (cache_buffer.necp_cache_buf_type == NECP_CLIENT_CACHE_TYPE_ECN &&
10190	cache_buffer.necp_cache_buf_ver == NECP_CLIENT_CACHE_TYPE_ECN_VER_1) {
10191	if (cache_buffer.necp_cache_buf_size != sizeof(necp_tcp_ecn_cache) \|\|
10192	cache_buffer.necp_cache_buf_addr == USER_ADDR_NULL) {
10193	error = EINVAL;
10194	goto done_unlock;
10195	}
10196
10197	necp_tcp_ecn_cache ecn_cache_buffer;
10198	memset(s: &ecn_cache_buffer, c: `0`, n: sizeof(ecn_cache_buffer));
10199
10200	error = copyin(cache_buffer.necp_cache_buf_addr, &ecn_cache_buffer, sizeof(necp_tcp_ecn_cache));
10201	if (error) {
10202	NECPLOG(LOG_ERR, "necp_client_update_cache copyin ecn cache buffer error (%d)", error);
10203	goto done_unlock;
10204	}
10205
10206	if (client->current_route != NULL && client->current_route->rt_ifp != NULL) {
10207	if (!client->platform_binary) {
10208	ecn_cache_buffer.necp_tcp_ecn_heuristics_success = `0`;
10209	}
10210	tcp_heuristics_ecn_update(necp_buffer: &ecn_cache_buffer, ifp: client->current_route->rt_ifp,
10211	local_address: (union sockaddr_in_4_6 *)&flow->local_addr);
10212	}
10213	} else if (cache_buffer.necp_cache_buf_type == NECP_CLIENT_CACHE_TYPE_TFO &&
10214	cache_buffer.necp_cache_buf_ver == NECP_CLIENT_CACHE_TYPE_TFO_VER_1) {
10215	if (cache_buffer.necp_cache_buf_size != sizeof(necp_tcp_tfo_cache) \|\|
10216	cache_buffer.necp_cache_buf_addr == USER_ADDR_NULL) {
10217	error = EINVAL;
10218	goto done_unlock;
10219	}
10220
10221	necp_tcp_tfo_cache tfo_cache_buffer;
10222	memset(s: &tfo_cache_buffer, c: `0`, n: sizeof(tfo_cache_buffer));
10223
10224	error = copyin(cache_buffer.necp_cache_buf_addr, &tfo_cache_buffer, sizeof(necp_tcp_tfo_cache));
10225	if (error) {
10226	NECPLOG(LOG_ERR, "necp_client_update_cache copyin tfo cache buffer error (%d)", error);
10227	goto done_unlock;
10228	}
10229
10230	if (client->current_route != NULL && client->current_route->rt_ifp != NULL) {
10231	if (!client->platform_binary) {
10232	tfo_cache_buffer.necp_tcp_tfo_heuristics_success = `0`;
10233	}
10234	tcp_heuristics_tfo_update(necp_buffer: &tfo_cache_buffer, ifp: client->current_route->rt_ifp,
10235	local_address: (union sockaddr_in_4_6 *)&flow->local_addr,
10236	remote_address: (union sockaddr_in_4_6 *)&flow->remote_addr);
10237	}
10238	} else {
10239	error = EINVAL;
10240	}
10241	done_unlock:
10242	NECP_CLIENT_ROUTE_UNLOCK(client);
10243	NECP_CLIENT_UNLOCK(client);
10244	NECP_FD_UNLOCK(fd_data);
10245	done:
10246	*retval = error;
10247	return error;
10248	}
10249
10250	// Most results will fit into this size
10251	struct necp_client_signable_default {
10252	uuid_t client_id;
10253	u_int32_t sign_type;
10254	u_int8_t signable_data[NECP_CLIENT_ACTION_SIGN_DEFAULT_DATA_LENGTH];
10255	} __attribute__((__packed__));
10256
10257	static NECP_CLIENT_ACTION_FUNCTION int
10258	necp_client_sign(__unused struct necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
10259	{
10260	int error = `0`;
10261	u_int8_t tag[NECP_CLIENT_ACTION_SIGN_TAG_LENGTH] = {};
10262	struct necp_client_signable *signable = NULL;
10263	struct necp_client_signable *allocated_signable = NULL;
10264	struct necp_client_signable_default default_signable = {};
10265	size_t tag_size = sizeof(tag);
10266
10267	const size_t signable_length = uap->client_id_len;
10268	const size_t return_tag_length = uap->buffer_size;
10269
10270	*retval = `0`;
10271
10272	const bool has_resolver_entitlement = (priv_check_cred(cred: kauth_cred_get(), PRIV_NET_VALIDATED_RESOLVER, flags: `0`) == `0`);
10273	if (!has_resolver_entitlement) {
10274	NECPLOG0(LOG_ERR, "Process does not hold the necessary entitlement to sign resolver answers");
10275	error = EPERM;
10276	goto done;
10277	}
10278
10279	if (uap->client_id == `0` \|\| signable_length < sizeof(*signable) \|\| signable_length > NECP_CLIENT_ACTION_SIGN_MAX_TOTAL_LENGTH) {
10280	error = EINVAL;
10281	goto done;
10282	}
10283
10284	if (uap->buffer == `0` \|\| return_tag_length != NECP_CLIENT_ACTION_SIGN_TAG_LENGTH) {
10285	error = EINVAL;
10286	goto done;
10287	}
10288
10289	if (signable_length <= sizeof(default_signable)) {
10290	signable = (struct necp_client_signable *)&default_signable;
10291	} else {
10292	if ((allocated_signable = (struct necp_client_signable *)kalloc_data(signable_length, Z_WAITOK \| Z_ZERO)) == NULL) {
10293	NECPLOG(LOG_ERR, "necp_client_sign allocate signable %zu failed", signable_length);
10294	error = ENOMEM;
10295	goto done;
10296	}
10297	signable = allocated_signable;
10298	}
10299
10300	error = copyin(uap->client_id, signable, signable_length);
10301	if (error) {
10302	NECPLOG(LOG_ERR, "necp_client_sign copyin signable error (%d)", error);
10303	goto done;
10304	}
10305
10306	size_t data_length = `0`;
10307	switch (signable->sign_type) {
10308	case NECP_CLIENT_SIGN_TYPE_RESOLVER_ANSWER:
10309	case NECP_CLIENT_SIGN_TYPE_SYSTEM_RESOLVER_ANSWER: {
10310	data_length = (sizeof(struct necp_client_host_resolver_answer) - sizeof(struct necp_client_signable));
10311	if (signable_length < (sizeof(struct necp_client_signable) + data_length)) {
10312	error = EINVAL;
10313	goto done;
10314	}
10315	struct necp_client_host_resolver_answer signable_struct = (struct* necp_client_host_resolver_answer *)signable;
10316	if (signable_struct->hostname_length > NECP_CLIENT_ACTION_SIGN_MAX_STRING_LENGTH \|\|
10317	signable_length != (sizeof(struct necp_client_signable) + data_length + signable_struct->hostname_length)) {
10318	error = EINVAL;
10319	goto done;
10320	}
10321	data_length += signable_struct->hostname_length;
10322	break;
10323	}
10324	case NECP_CLIENT_SIGN_TYPE_BROWSE_RESULT:
10325	case NECP_CLIENT_SIGN_TYPE_SYSTEM_BROWSE_RESULT: {
10326	data_length = (sizeof(struct necp_client_browse_result) - sizeof(struct necp_client_signable));
10327	if (signable_length < (sizeof(struct necp_client_signable) + data_length)) {
10328	error = EINVAL;
10329	goto done;
10330	}
10331	struct necp_client_browse_result signable_struct = (struct* necp_client_browse_result *)signable;
10332	if (signable_struct->service_length > NECP_CLIENT_ACTION_SIGN_MAX_STRING_LENGTH \|\|
10333	signable_length != (sizeof(struct necp_client_signable) + data_length + signable_struct->service_length)) {
10334	error = EINVAL;
10335	goto done;
10336	}
10337	data_length += signable_struct->service_length;
10338	break;
10339	}
10340	case NECP_CLIENT_SIGN_TYPE_SERVICE_RESOLVER_ANSWER:
10341	case NECP_CLIENT_SIGN_TYPE_SYSTEM_SERVICE_RESOLVER_ANSWER: {
10342	data_length = (sizeof(struct necp_client_service_resolver_answer) - sizeof(struct necp_client_signable));
10343	if (signable_length < (sizeof(struct necp_client_signable) + data_length)) {
10344	error = EINVAL;
10345	goto done;
10346	}
10347	struct necp_client_service_resolver_answer signable_struct = (struct* necp_client_service_resolver_answer *)signable;
10348	if (signable_struct->service_length > NECP_CLIENT_ACTION_SIGN_MAX_STRING_LENGTH \|\|
10349	signable_struct->hostname_length > NECP_CLIENT_ACTION_SIGN_MAX_STRING_LENGTH \|\|
10350	signable_length != (sizeof(struct necp_client_signable) + data_length + signable_struct->service_length + signable_struct->hostname_length)) {
10351	error = EINVAL;
10352	goto done;
10353	}
10354	data_length += signable_struct->service_length;
10355	data_length += signable_struct->hostname_length;
10356	break;
10357	}
10358	default: {
10359	NECPLOG(LOG_ERR, "necp_client_sign unknown signable type (%u)", signable->sign_type);
10360	error = EINVAL;
10361	goto done;
10362	}
10363	}
10364
10365	error = necp_sign_resolver_answer(client_id: signable->client_id, sign_type: signable->sign_type,
10366	data: signable->signable_data, data_length,
10367	tag, out_tag_length: &tag_size);
10368	if (tag_size != sizeof(tag)) {
10369	NECPLOG(LOG_ERR, "necp_client_sign unexpected tag size %zu", tag_size);
10370	error = EINVAL;
10371	goto done;
10372	}
10373	error = copyout(tag, uap->buffer, tag_size);
10374	if (error) {
10375	NECPLOG(LOG_ERR, "necp_client_sign copyout error (%d)", error);
10376	goto done;
10377	}
10378
10379	done:
10380	if (allocated_signable != NULL) {
10381	kfree_data(allocated_signable, signable_length);
10382	allocated_signable = NULL;
10383	}
10384	*retval = error;
10385	return error;
10386	}
10387
10388	// Most results will fit into this size
10389	struct necp_client_validatable_default {
10390	struct necp_client_signature signature;
10391	struct necp_client_signable_default signable;
10392	} __attribute__((__packed__));
10393
10394	static NECP_CLIENT_ACTION_FUNCTION int
10395	necp_client_validate(__unused struct necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
10396	{
10397	int error = `0`;
10398	struct necp_client_validatable *validatable = NULL;
10399	struct necp_client_validatable *allocated_validatable = NULL;
10400	struct necp_client_validatable_default default_validatable = {};
10401
10402	const size_t validatable_length = uap->client_id_len;
10403
10404	*retval = `0`;
10405
10406	const bool has_resolver_entitlement = (priv_check_cred(cred: kauth_cred_get(), PRIV_NET_VALIDATED_RESOLVER, flags: `0`) == `0`);
10407	if (!has_resolver_entitlement) {
10408	NECPLOG0(LOG_ERR, "Process does not hold the necessary entitlement to directly validate resolver answers");
10409	error = EPERM;
10410	goto done;
10411	}
10412
10413	if (uap->client_id == `0` \|\| validatable_length < sizeof(*validatable) \|\|
10414	validatable_length > (NECP_CLIENT_ACTION_SIGN_MAX_TOTAL_LENGTH + NECP_CLIENT_ACTION_SIGN_TAG_LENGTH)) {
10415	error = EINVAL;
10416	goto done;
10417	}
10418
10419	if (validatable_length <= sizeof(default_validatable)) {
10420	validatable = (struct necp_client_validatable *)&default_validatable;
10421	} else {
10422	if ((allocated_validatable = (struct necp_client_validatable *)kalloc_data(validatable_length, Z_WAITOK \| Z_ZERO)) == NULL) {
10423	NECPLOG(LOG_ERR, "necp_client_validate allocate struct %zu failed", validatable_length);
10424	error = ENOMEM;
10425	goto done;
10426	}
10427	validatable = allocated_validatable;
10428	}
10429
10430	error = copyin(uap->client_id, validatable, validatable_length);
10431	if (error) {
10432	NECPLOG(LOG_ERR, "necp_client_validate copyin error (%d)", error);
10433	goto done;
10434	}
10435
10436	const bool validated = necp_validate_resolver_answer(client_id: validatable->signable.client_id, sign_type: validatable->signable.sign_type,
10437	data: validatable->signable.signable_data, data_length: validatable_length - sizeof(struct necp_client_validatable),
10438	tag: validatable->signature.signed_tag, tag_length: sizeof(validatable->signature.signed_tag));
10439	if (!validated) {
10440	// Return EAUTH to indicate that the signature failed
10441	error = EAUTH;
10442	}
10443
10444	done:
10445	if (allocated_validatable != NULL) {
10446	kfree_data(allocated_validatable, validatable_length);
10447	allocated_validatable = NULL;
10448	}
10449	*retval = error;
10450	return error;
10451	}
10452
10453	static NECP_CLIENT_ACTION_FUNCTION int
10454	necp_client_get_signed_client_id(__unused struct necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
10455	{
10456	int error = `0`;
10457	*retval = `0`;
10458	u_int32_t request_type = `0`;
10459	struct necp_client_signed_client_id_uuid client_id = { `0` };
10460	const size_t buffer_size = uap->buffer_size;
10461	u_int8_t tag[NECP_CLIENT_ACTION_SIGN_TAG_LENGTH] = {};
10462	size_t tag_size = sizeof(tag);
10463
10464	// Only allow entitled processes to get the client ID.
10465	proc_t proc = current_proc();
10466	task_t __single task = proc_task(proc);
10467	bool has_delegation_entitlement = task != NULL && IOTaskHasEntitlement(task, kCSWebBrowserHostEntitlement);
10468	if (!has_delegation_entitlement) {
10469	has_delegation_entitlement = (priv_check_cred(cred: kauth_cred_get(), PRIV_NET_PRIVILEGED_SOCKET_DELEGATE, flags: `0`) == `0`);
10470	}
10471	if (!has_delegation_entitlement) {
10472	NECPLOG0(LOG_ERR, "necp_client_get_signed_client_id client lacks the necessary entitlement");
10473	error = EAUTH;
10474	goto done;
10475	}
10476
10477	if (uap->client_id == `0` \|\| uap->client_id_len != sizeof(u_int32_t) \|\|
10478	buffer_size < sizeof(struct necp_client_signed_client_id_uuid) \|\|
10479	uap->buffer == `0`) {
10480	NECPLOG0(LOG_ERR, "necp_client_get_signed_client_id bad input");
10481	error = EINVAL;
10482	goto done;
10483	}
10484
10485	error = copyin(uap->client_id, &request_type, sizeof(u_int32_t));
10486	if (error) {
10487	NECPLOG(LOG_ERR, "necp_client_get_signed_client_id copyin request_type error (%d)", error);
10488	goto done;
10489	}
10490
10491	if (request_type != NECP_CLIENT_SIGNED_CLIENT_ID_TYPE_UUID) {
10492	error = ENOENT;
10493	NECPLOG(LOG_ERR, "necp_client_get_signed_client_id bad request_type (%d)", request_type);
10494	goto done;
10495	}
10496
10497	uuid_t application_uuid;
10498	uuid_clear(uu: application_uuid);
10499	proc_getexecutableuuid(proc, application_uuid, sizeof(application_uuid));
10500
10501	error = necp_sign_application_id(client_id: application_uuid,
10502	NECP_CLIENT_SIGNED_CLIENT_ID_TYPE_UUID,
10503	tag, out_tag_length: &tag_size);
10504	if (tag_size != sizeof(tag)) {
10505	NECPLOG(LOG_ERR, "necp_client_get_signed_client_id unexpected tag size %zu", tag_size);
10506	error = EINVAL;
10507	goto done;
10508	}
10509	uuid_copy(dst: client_id.client_id, src: application_uuid);
10510	client_id.signature_length = tag_size;
10511	memcpy(dst: client_id.signature_data, src: tag, n: tag_size);
10512
10513	error = copyout(&client_id, uap->buffer, sizeof(client_id));
10514	if (error != `0`) {
10515	NECPLOG(LOG_ERR, "necp_client_get_signed_client_id copyout error (%d)", error);
10516	goto done;
10517	}
10518
10519	done:
10520	*retval = error;
10521	return error;
10522	}
10523
10524	static NECP_CLIENT_ACTION_FUNCTION int
10525	necp_client_set_signed_client_id(__unused struct necp_fd_data fd_data, struct* necp_client_action_args uap, int* *retval)
10526	{
10527	int error = `0`;
10528	*retval = `0`;
10529	u_int32_t request_type = `0`;
10530	struct necp_client_signed_client_id_uuid client_id = { `0` };
10531	const size_t buffer_size = uap->buffer_size;
10532
10533	// Only allow entitled processes to set the client ID.
10534	proc_t proc = current_proc();
10535	task_t __single task = proc_task(proc);
10536	bool has_delegation_entitlement = task != NULL && IOTaskHasEntitlement(task, kCSWebBrowserNetworkEntitlement);
10537	if (!has_delegation_entitlement) {
10538	has_delegation_entitlement = (priv_check_cred(cred: kauth_cred_get(), PRIV_NET_PRIVILEGED_SOCKET_DELEGATE, flags: `0`) == `0`);
10539	}
10540	if (!has_delegation_entitlement) {
10541	NECPLOG0(LOG_ERR, "necp_client_set_signed_client_id client lacks the necessary entitlement");
10542	error = EAUTH;
10543	goto done;
10544	}
10545
10546	if (uap->client_id == `0` \|\| uap->client_id_len != sizeof(u_int32_t) \|\|
10547	buffer_size < sizeof(struct necp_client_signed_client_id_uuid) \|\|
10548	uap->buffer == `0`) {
10549	NECPLOG0(LOG_ERR, "necp_client_set_signed_client_id bad input");
10550	error = EINVAL;
10551	goto done;
10552	}
10553
10554	error = copyin(uap->client_id, &request_type, sizeof(u_int32_t));
10555	if (error) {
10556	NECPLOG(LOG_ERR, "necp_client_set_signed_client_id copyin request_type error (%d)", error);
10557	goto done;
10558	}
10559
10560	if (request_type != NECP_CLIENT_SIGNED_CLIENT_ID_TYPE_UUID) {
10561	error = ENOENT;
10562	NECPLOG(LOG_ERR, "necp_client_set_signed_client_id bad request_type (%d)", request_type);
10563	goto done;
10564	}
10565
10566	error = copyin(uap->buffer, &client_id, sizeof(struct necp_client_signed_client_id_uuid));
10567	if (error) {
10568	NECPLOG(LOG_ERR, "necp_client_set_signed_client_id copyin request error (%d)", error);
10569	goto done;
10570	}
10571
10572	const bool validated = necp_validate_application_id(client_id: client_id.client_id,
10573	NECP_CLIENT_SIGNED_CLIENT_ID_TYPE_UUID,
10574	tag: client_id.signature_data, tag_length: sizeof(client_id.signature_data));
10575	if (!validated) {
10576	// Return EAUTH to indicate that the signature failed
10577	error = EAUTH;
10578	NECPLOG(LOG_ERR, "necp_client_set_signed_client_id signature validation failed (%d)", error);
10579	goto done;
10580	}
10581
10582	proc_setresponsibleuuid(target_proc: proc, responsible_uuid: client_id.client_id, size: sizeof(client_id.client_id));
10583
10584	done:
10585	*retval = error;
10586	return error;
10587	}
10588
10589	int
10590	necp_client_action(struct proc p, struct* necp_client_action_args uap, int* *retval)
10591	{
10592	struct fileproc *fp;
10593	int error = `0`;
10594	int return_value = `0`;
10595	struct necp_fd_data *fd_data = NULL;
10596
10597	error = necp_find_fd_data(p, fd: uap->necp_fd, fpp: &fp, fd_data: &fd_data);
10598	if (error != `0`) {
10599	NECPLOG(LOG_ERR, "necp_client_action find fd error (%d)", error);
10600	return error;
10601	}
10602
10603	u_int32_t action = uap->action;
10604
10605	#if CONFIG_MACF
10606	error = mac_necp_check_client_action(proc: p, fg: fp->fp_glob, action);
10607	if (error) {
10608	return_value = error;
10609	goto done;
10610	}
10611	#endif /* MACF */
10612
10613	switch (action) {
10614	case NECP_CLIENT_ACTION_ADD: {
10615	return_value = necp_client_add(p, fd_data, uap, retval);
10616	break;
10617	}
10618	case NECP_CLIENT_ACTION_CLAIM: {
10619	return_value = necp_client_claim(p, fd_data, uap, retval);
10620	break;
10621	}
10622	case NECP_CLIENT_ACTION_REMOVE: {
10623	return_value = necp_client_remove(fd_data, uap, retval);
10624	break;
10625	}
10626	case NECP_CLIENT_ACTION_COPY_PARAMETERS:
10627	case NECP_CLIENT_ACTION_COPY_RESULT:
10628	case NECP_CLIENT_ACTION_COPY_UPDATED_RESULT: {
10629	return_value = necp_client_copy(fd_data, uap, retval);
10630	break;
10631	}
10632	case NECP_CLIENT_ACTION_COPY_LIST: {
10633	return_value = necp_client_list(fd_data, uap, retval);
10634	break;
10635	}
10636	case NECP_CLIENT_ACTION_ADD_FLOW: {
10637	return_value = necp_client_add_flow(fd_data, uap, retval);
10638	break;
10639	}
10640	case NECP_CLIENT_ACTION_REMOVE_FLOW: {
10641	return_value = necp_client_remove_flow(fd_data, uap, retval);
10642	break;
10643	}
10644	#if SKYWALK
10645	case NECP_CLIENT_ACTION_REQUEST_NEXUS_INSTANCE: {
10646	return_value = necp_client_request_nexus(fd_data, uap, retval);
10647	break;
10648	}
10649	#endif /* !SKYWALK */
10650	case NECP_CLIENT_ACTION_AGENT: {
10651	return_value = necp_client_agent_action(fd_data, uap, retval);
10652	break;
10653	}
10654	case NECP_CLIENT_ACTION_COPY_AGENT: {
10655	return_value = necp_client_copy_agent(fd_data, uap, retval);
10656	break;
10657	}
10658	case NECP_CLIENT_ACTION_AGENT_USE: {
10659	return_value = necp_client_agent_use(fd_data, uap, retval);
10660	break;
10661	}
10662	case NECP_CLIENT_ACTION_ACQUIRE_AGENT_TOKEN: {
10663	return_value = necp_client_acquire_agent_token(fd_data, uap, retval);
10664	break;
10665	}
10666	case NECP_CLIENT_ACTION_COPY_INTERFACE: {
10667	return_value = necp_client_copy_interface(fd_data, uap, retval);
10668	break;
10669	}
10670	#if SKYWALK
10671	case NECP_CLIENT_ACTION_GET_INTERFACE_ADDRESS: {
10672	return_value = necp_client_get_interface_address(fd_data, uap, retval);
10673	break;
10674	}
10675	case NECP_CLIENT_ACTION_SET_STATISTICS: {
10676	return_value = ENOTSUP;
10677	break;
10678	}
10679	case NECP_CLIENT_ACTION_MAP_SYSCTLS: {
10680	return_value = necp_client_map_sysctls(fd_data, uap, retval);
10681	break;
10682	}
10683	#endif /* !SKYWALK */
10684	case NECP_CLIENT_ACTION_COPY_ROUTE_STATISTICS: {
10685	return_value = necp_client_copy_route_statistics(fd_data, uap, retval);
10686	break;
10687	}
10688	case NECP_CLIENT_ACTION_UPDATE_CACHE: {
10689	return_value = necp_client_update_cache(fd_data, uap, retval);
10690	break;
10691	}
10692	case NECP_CLIENT_ACTION_COPY_CLIENT_UPDATE: {
10693	return_value = necp_client_copy_client_update(fd_data, uap, retval);
10694	break;
10695	}
10696	case NECP_CLIENT_ACTION_SIGN: {
10697	return_value = necp_client_sign(fd_data, uap, retval);
10698	break;
10699	}
10700	case NECP_CLIENT_ACTION_VALIDATE: {
10701	return_value = necp_client_validate(fd_data, uap, retval);
10702	break;
10703	}
10704	case NECP_CLIENT_ACTION_GET_SIGNED_CLIENT_ID: {
10705	return_value = necp_client_get_signed_client_id(fd_data, uap, retval);
10706	break;
10707	}
10708	case NECP_CLIENT_ACTION_SET_SIGNED_CLIENT_ID: {
10709	return_value = necp_client_set_signed_client_id(fd_data, uap, retval);
10710	break;
10711	}
10712	default: {
10713	NECPLOG(LOG_ERR, "necp_client_action unknown action (%u)", action);
10714	return_value = EINVAL;
10715	break;
10716	}
10717	}
10718
10719	done:
10720	fp_drop(p, fd: uap->necp_fd, fp, locked: `0`);
10721	return return_value;
10722	}
10723
10724	#define NECP_MAX_MATCH_POLICY_PARAMETER_SIZE 1024
10725
10726	int
10727	necp_match_policy(struct proc p, struct* necp_match_policy_args uap, int32_t retval)
10728	{
10729	#pragma unused(retval)
10730	u_int8_t *parameters = NULL;
10731	struct necp_aggregate_result returned_result;
10732	int error = `0`;
10733
10734	if (uap == NULL) {
10735	error = EINVAL;
10736	goto done;
10737	}
10738
10739	if (uap->parameters == `0` \|\| uap->parameters_size == `0` \|\| uap->parameters_size > NECP_MAX_MATCH_POLICY_PARAMETER_SIZE \|\| uap->returned_result == `0`) {
10740	error = EINVAL;
10741	goto done;
10742	}
10743
10744	parameters = (u_int8_t *)kalloc_data(uap->parameters_size, Z_WAITOK \| Z_ZERO);
10745	if (parameters == NULL) {
10746	error = ENOMEM;
10747	goto done;
10748	}
10749	// Copy parameters in
10750	error = copyin(uap->parameters, parameters, uap->parameters_size);
10751	if (error) {
10752	goto done;
10753	}
10754
10755	error = necp_application_find_policy_match_internal(proc: p, parameters, parameters_size: uap->parameters_size,
10756	returned_result: &returned_result, NULL, NULL, required_interface_index: `0`, NULL, NULL, NULL, NULL, NULL, false, false, NULL);
10757	if (error) {
10758	goto done;
10759	}
10760
10761	// Copy return value back
10762	error = copyout(&returned_result, uap->returned_result, sizeof(struct necp_aggregate_result));
10763	if (error) {
10764	goto done;
10765	}
10766	done:
10767	if (parameters != NULL) {
10768	kfree_data(parameters, uap->parameters_size);
10769	}
10770	return error;
10771	}
10772
10773	/// Socket operations
10774
10775	static errno_t
10776	necp_set_socket_attribute(u_int8_t buffer, size_t buffer_length, u_int8_t type, char* *buffer_p, bool single_tlv)
10777	{
10778	int error = `0`;
10779	int cursor = `0`;
10780	size_t string_size = `0`;
10781	char *local_string = NULL;
10782	u_int8_t *value = NULL;
10783	char *buffer_to_free = NULL;
10784
10785	cursor = necp_buffer_find_tlv(buffer, buffer_length, offset: `0`, type, NULL, next: `0`);
10786	if (cursor < `0`) {
10787	// This will clear out the parameter
10788	goto done;
10789	}
10790
10791	string_size = necp_buffer_get_tlv_length(buffer, tlv_offset: cursor);
10792	if (single_tlv != NULL && (buffer_length == sizeof(struct necp_tlv_header) + string_size)) {
10793	*single_tlv = true;
10794	}
10795	if (string_size == `0` \|\| string_size > NECP_MAX_SOCKET_ATTRIBUTE_STRING_LENGTH) {
10796	// This will clear out the parameter
10797	goto done;
10798	}
10799
10800	local_string = (char *)kalloc_data(string_size + `1`, Z_WAITOK \| Z_ZERO);
10801	if (local_string == NULL) {
10802	NECPLOG(LOG_ERR, "Failed to allocate a socket attribute buffer (size %zu)", string_size);
10803	goto fail;
10804	}
10805
10806	value = necp_buffer_get_tlv_value(buffer, tlv_offset: cursor, NULL);
10807	if (value == NULL) {
10808	NECPLOG0(LOG_ERR, "Failed to get socket attribute");
10809	goto fail;
10810	}
10811
10812	memcpy(dst: local_string, src: value, n: string_size);
10813	local_string[string_size] = `0`;
10814
10815	done:
10816	buffer_to_free = *buffer_p;
10817
10818	// Protect switching of buffer pointer
10819	necp_lock_socket_attributes();
10820	*buffer_p = local_string;
10821	necp_unlock_socket_attributes();
10822
10823	if (buffer_to_free != NULL) {
10824	kfree_data_addr(buffer_to_free);
10825	}
10826	return `0`;
10827	fail:
10828	if (local_string != NULL) {
10829	kfree_data(local_string, string_size + `1`);
10830	}
10831	return error;
10832	}
10833
10834	errno_t
10835	necp_set_socket_attributes(struct inp_necp_attributes attributes, struct* sockopt *sopt)
10836	{
10837	int error = `0`;
10838	u_int8_t *buffer = NULL;
10839	bool single_tlv = false;
10840	size_t valsize = sopt->sopt_valsize;
10841	if (valsize == `0` \|\|
10842	valsize > ((sizeof(struct necp_tlv_header) + NECP_MAX_SOCKET_ATTRIBUTE_STRING_LENGTH) * `4`)) {
10843	goto done;
10844	}
10845
10846	buffer = (u_int8_t *)kalloc_data(valsize, Z_WAITOK \| Z_ZERO);
10847	if (buffer == NULL) {
10848	goto done;
10849	}
10850
10851	error = sooptcopyin(sopt, buffer, len: valsize, minlen: `0`);
10852	if (error) {
10853	goto done;
10854	}
10855
10856	// If NECP_TLV_ATTRIBUTE_DOMAIN_CONTEXT is being set/cleared separately from the other attributes,
10857	// do not clear other attributes.
10858	error = necp_set_socket_attribute(buffer, buffer_length: valsize, NECP_TLV_ATTRIBUTE_DOMAIN_CONTEXT, buffer_p: &attributes->inp_domain_context, single_tlv: &single_tlv);
10859	if (error) {
10860	NECPLOG0(LOG_ERR, "Could not set domain context TLV for socket attributes");
10861	goto done;
10862	}
10863	if (single_tlv == true) {
10864	goto done;
10865	}
10866
10867	error = necp_set_socket_attribute(buffer, buffer_length: valsize, NECP_TLV_ATTRIBUTE_DOMAIN, buffer_p: &attributes->inp_domain, NULL);
10868	if (error) {
10869	NECPLOG0(LOG_ERR, "Could not set domain TLV for socket attributes");
10870	goto done;
10871	}
10872
10873	error = necp_set_socket_attribute(buffer, buffer_length: valsize, NECP_TLV_ATTRIBUTE_DOMAIN_OWNER, buffer_p: &attributes->inp_domain_owner, NULL);
10874	if (error) {
10875	NECPLOG0(LOG_ERR, "Could not set domain owner TLV for socket attributes");
10876	goto done;
10877	}
10878
10879	error = necp_set_socket_attribute(buffer, buffer_length: valsize, NECP_TLV_ATTRIBUTE_TRACKER_DOMAIN, buffer_p: &attributes->inp_tracker_domain, NULL);
10880	if (error) {
10881	NECPLOG0(LOG_ERR, "Could not set tracker domain TLV for socket attributes");
10882	goto done;
10883	}
10884
10885	error = necp_set_socket_attribute(buffer, buffer_length: valsize, NECP_TLV_ATTRIBUTE_ACCOUNT, buffer_p: &attributes->inp_account, NULL);
10886	if (error) {
10887	NECPLOG0(LOG_ERR, "Could not set account TLV for socket attributes");
10888	goto done;
10889	}
10890
10891	done:
10892	NECP_SOCKET_ATTRIBUTE_LOG("NECP ATTRIBUTES SOCKET - domain <%s> owner <%s> context <%s> tracker domain <%s> account <%s>",
10893	attributes->inp_domain,
10894	attributes->inp_domain_owner,
10895	attributes->inp_domain_context,
10896	attributes->inp_tracker_domain,
10897	attributes->inp_account);
10898
10899	if (necp_debug) {
10900	NECPLOG(LOG_DEBUG, "Set on socket: Domain %s, Domain owner %s, Domain context %s, Tracker domain %s, Account %s",
10901	attributes->inp_domain,
10902	attributes->inp_domain_owner,
10903	attributes->inp_domain_context,
10904	attributes->inp_tracker_domain,
10905	attributes->inp_account);
10906	}
10907
10908	if (buffer != NULL) {
10909	kfree_data(buffer, valsize);
10910	}
10911
10912	return error;
10913	}
10914
10915	errno_t
10916	necp_get_socket_attributes(struct inp_necp_attributes attributes, struct* sockopt *sopt)
10917	{
10918	int error = `0`;
10919	u_int8_t *buffer = NULL;
10920	u_int8_t *cursor = NULL;
10921	size_t valsize = `0`;
10922
10923	if (attributes->inp_domain != NULL) {
10924	valsize += sizeof(struct necp_tlv_header) + strlen(s: attributes->inp_domain);
10925	}
10926	if (attributes->inp_domain_owner != NULL) {
10927	valsize += sizeof(struct necp_tlv_header) + strlen(s: attributes->inp_domain_owner);
10928	}
10929	if (attributes->inp_domain_context != NULL) {
10930	valsize += sizeof(struct necp_tlv_header) + strlen(s: attributes->inp_domain_context);
10931	}
10932	if (attributes->inp_tracker_domain != NULL) {
10933	valsize += sizeof(struct necp_tlv_header) + strlen(s: attributes->inp_tracker_domain);
10934	}
10935	if (attributes->inp_account != NULL) {
10936	valsize += sizeof(struct necp_tlv_header) + strlen(s: attributes->inp_account);
10937	}
10938	if (valsize == `0`) {
10939	goto done;
10940	}
10941
10942	buffer = (u_int8_t *)kalloc_data(valsize, Z_WAITOK \| Z_ZERO);
10943	if (buffer == NULL) {
10944	goto done;
10945	}
10946
10947	cursor = buffer;
10948	if (attributes->inp_domain != NULL) {
10949	cursor = necp_buffer_write_tlv(cursor, NECP_TLV_ATTRIBUTE_DOMAIN, length: strlen(s: attributes->inp_domain), value: attributes->inp_domain,
10950	buffer, buffer_length: valsize);
10951	}
10952
10953	if (attributes->inp_domain_owner != NULL) {
10954	cursor = necp_buffer_write_tlv(cursor, NECP_TLV_ATTRIBUTE_DOMAIN_OWNER, length: strlen(s: attributes->inp_domain_owner), value: attributes->inp_domain_owner,
10955	buffer, buffer_length: valsize);
10956	}
10957
10958	if (attributes->inp_domain_context != NULL) {
10959	cursor = necp_buffer_write_tlv(cursor, NECP_TLV_ATTRIBUTE_DOMAIN_CONTEXT, length: strlen(s: attributes->inp_domain_context), value: attributes->inp_domain_context,
10960	buffer, buffer_length: valsize);
10961	}
10962
10963	if (attributes->inp_tracker_domain != NULL) {
10964	cursor = necp_buffer_write_tlv(cursor, NECP_TLV_ATTRIBUTE_TRACKER_DOMAIN, length: strlen(s: attributes->inp_tracker_domain), value: attributes->inp_tracker_domain,
10965	buffer, buffer_length: valsize);
10966	}
10967
10968	if (attributes->inp_account != NULL) {
10969	cursor = necp_buffer_write_tlv(cursor, NECP_TLV_ATTRIBUTE_ACCOUNT, length: strlen(s: attributes->inp_account), value: attributes->inp_account,
10970	buffer, buffer_length: valsize);
10971	}
10972
10973	error = sooptcopyout(sopt, data: buffer, len: valsize);
10974	if (error) {
10975	goto done;
10976	}
10977	done:
10978	if (buffer != NULL) {
10979	kfree_data(buffer, valsize);
10980	}
10981
10982	return error;
10983	}
10984
10985	int
10986	necp_set_socket_resolver_signature(struct inpcb inp, struct* sockopt *sopt)
10987	{
10988	const size_t valsize = sopt->sopt_valsize;
10989	if (valsize > NECP_CLIENT_ACTION_SIGN_MAX_TOTAL_LENGTH + NECP_CLIENT_ACTION_SIGN_TAG_LENGTH) {
10990	return EINVAL;
10991	}
10992
10993	necp_lock_socket_attributes();
10994	if (inp->inp_resolver_signature != NULL) {
10995	kfree_data(inp->inp_resolver_signature, inp->inp_resolver_signature_length);
10996	}
10997	inp->inp_resolver_signature_length = `0`;
10998
10999	int error = `0`;
11000	if (valsize > `0`) {
11001	inp->inp_resolver_signature = kalloc_data(valsize, Z_WAITOK \| Z_ZERO);
11002	if ((error = sooptcopyin(sopt, inp->inp_resolver_signature, len: valsize,
11003	minlen: valsize)) != `0`) {
11004	// Free the signature buffer if the copyin failed
11005	kfree_data(inp->inp_resolver_signature, valsize);
11006	} else {
11007	inp->inp_resolver_signature_length = valsize;
11008	}
11009	}
11010	necp_unlock_socket_attributes();
11011
11012	return error;
11013	}
11014
11015	int
11016	necp_get_socket_resolver_signature(struct inpcb inp, struct* sockopt *sopt)
11017	{
11018	int error = `0`;
11019	necp_lock_socket_attributes();
11020	if (inp->inp_resolver_signature == NULL \|\|
11021	inp->inp_resolver_signature_length == `0`) {
11022	error = ENOENT;
11023	} else {
11024	error = sooptcopyout(sopt, data: inp->inp_resolver_signature,
11025	len: inp->inp_resolver_signature_length);
11026	}
11027	necp_unlock_socket_attributes();
11028	return error;
11029	}
11030
11031	bool
11032	necp_socket_has_resolver_signature(struct inpcb *inp)
11033	{
11034	necp_lock_socket_attributes();
11035	bool has_signature = (inp->inp_resolver_signature != NULL && inp->inp_resolver_signature_length != `0`);
11036	necp_unlock_socket_attributes();
11037	return has_signature;
11038	}
11039
11040	bool
11041	necp_socket_resolver_signature_matches_address(struct inpcb inp, union* necp_sockaddr_union *address)
11042	{
11043	bool matches_address = false;
11044	necp_lock_socket_attributes();
11045	if (inp->inp_resolver_signature != NULL && inp->inp_resolver_signature_length > `0` && address->sa.sa_len > `0`) {
11046	struct necp_client_validatable validatable = (struct* necp_client_validatable *)inp->inp_resolver_signature;
11047	if (inp->inp_resolver_signature_length > sizeof(struct necp_client_validatable) &&
11048	validatable->signable.sign_type == NECP_CLIENT_SIGN_TYPE_SYSTEM_RESOLVER_ANSWER) {
11049	size_t data_length = inp->inp_resolver_signature_length - sizeof(struct necp_client_validatable);
11050	if (data_length >= (sizeof(struct necp_client_host_resolver_answer) - sizeof(struct necp_client_signable))) {
11051	struct necp_client_host_resolver_answer answer_struct = (struct* necp_client_host_resolver_answer *)&validatable->signable;
11052	if (data_length == (sizeof(struct necp_client_host_resolver_answer) + answer_struct->hostname_length - sizeof(struct necp_client_signable)) &&
11053	answer_struct->address_answer.sa.sa_family == address->sa.sa_family &&
11054	answer_struct->address_answer.sa.sa_len == address->sa.sa_len &&
11055	(answer_struct->address_answer.sin.sin_port == `0` \|\|
11056	answer_struct->address_answer.sin.sin_port == address->sin.sin_port) &&
11057	((answer_struct->address_answer.sa.sa_family == AF_INET &&
11058	answer_struct->address_answer.sin.sin_addr.s_addr == address->sin.sin_addr.s_addr) \|\|
11059	(answer_struct->address_answer.sa.sa_family == AF_INET6 &&
11060	memcmp(s1: &answer_struct->address_answer.sin6.sin6_addr, s2: &address->sin6.sin6_addr, n: sizeof(struct in6_addr)) == `0`))) {
11061	// Address matches
11062	const bool validated = necp_validate_resolver_answer(client_id: validatable->signable.client_id,
11063	sign_type: validatable->signable.sign_type,
11064	data: validatable->signable.signable_data, data_length,
11065	tag: validatable->signature.signed_tag, tag_length: sizeof(validatable->signature.signed_tag));
11066	if (validated) {
11067	// Answer is validated
11068	matches_address = true;
11069	}
11070	}
11071	}
11072	}
11073	}
11074	necp_unlock_socket_attributes();
11075	return matches_address;
11076	}
11077
11078	/*
11079	* necp_set_socket_domain_attributes
11080	* Called from soconnectlock/soconnectxlock to directly set the tracker domain and owner for
11081	* a newly marked tracker socket.
11082	*/
11083	errno_t
11084	necp_set_socket_domain_attributes(struct socket so, const* char domain, const* char *domain_owner)
11085	{
11086	int error = `0`;
11087	struct inpcb *inp = NULL;
11088	u_int8_t *buffer = NULL;
11089	size_t valsize = `0`;
11090	char *buffer_to_free = NULL;
11091
11092	if (SOCK_DOM(so) != PF_INET && SOCK_DOM(so) != PF_INET6) {
11093	error = EINVAL;
11094	goto fail;
11095	}
11096
11097	// Set domain (required)
11098
11099	valsize = strlen(s: domain);
11100	if (valsize == `0` \|\| valsize > NECP_MAX_SOCKET_ATTRIBUTE_STRING_LENGTH) {
11101	error = EINVAL;
11102	goto fail;
11103	}
11104
11105	buffer = (u_int8_t *)kalloc_data(valsize + `1`, Z_WAITOK \| Z_ZERO);
11106	if (buffer == NULL) {
11107	error = ENOMEM;
11108	goto fail;
11109	}
11110	bcopy(src: domain, dst: buffer, n: valsize);
11111	buffer[valsize] = `0`;
11112
11113	inp = sotoinpcb(so);
11114	// Do not overwrite a previously set domain if tracker domain is different.
11115	if (inp->inp_necp_attributes.inp_domain != NULL) {
11116	if (strlen(s: inp->inp_necp_attributes.inp_domain) != strlen(s: domain) \|\|
11117	strncmp(s1: inp->inp_necp_attributes.inp_domain, s2: domain, n: strlen(s: domain)) != `0`) {
11118	buffer_to_free = inp->inp_necp_attributes.inp_tracker_domain;
11119	// Protect switching of buffer pointer
11120	necp_lock_socket_attributes();
11121	inp->inp_necp_attributes.inp_tracker_domain = (char *)buffer;
11122	necp_unlock_socket_attributes();
11123	if (buffer_to_free != NULL) {
11124	kfree_data_addr(buffer_to_free);
11125	}
11126	} else {
11127	kfree_data_addr(buffer);
11128	}
11129	} else {
11130	// Protect switching of buffer pointer
11131	necp_lock_socket_attributes();
11132	inp->inp_necp_attributes.inp_domain = (char *)buffer;
11133	necp_unlock_socket_attributes();
11134	}
11135	buffer = NULL;
11136
11137	// set domain_owner (required only for tracker)
11138	if (!(so->so_flags1 & SOF1_KNOWN_TRACKER)) {
11139	goto done;
11140	}
11141
11142	valsize = strlen(s: domain_owner);
11143	if (valsize == `0` \|\| valsize > NECP_MAX_SOCKET_ATTRIBUTE_STRING_LENGTH) {
11144	error = EINVAL;
11145	goto fail;
11146	}
11147
11148	buffer = (u_int8_t *)kalloc_data(valsize + `1`, Z_WAITOK \| Z_ZERO);
11149	if (buffer == NULL) {
11150	error = ENOMEM;
11151	goto fail;
11152	}
11153	bcopy(src: domain_owner, dst: buffer, n: valsize);
11154	buffer[valsize] = `0`;
11155
11156	inp = sotoinpcb(so);
11157
11158	buffer_to_free = inp->inp_necp_attributes.inp_domain_owner;
11159	// Protect switching of buffer pointer
11160	necp_lock_socket_attributes();
11161	inp->inp_necp_attributes.inp_domain_owner = (char *)buffer;
11162	necp_unlock_socket_attributes();
11163	buffer = NULL;
11164
11165	if (buffer_to_free != NULL) {
11166	kfree_data_addr(buffer_to_free);
11167	}
11168
11169	done:
11170	NECP_SOCKET_PARAMS_LOG(so, "NECP ATTRIBUTES SOCKET - domain <%s> owner <%s> context <%s> tracker domain <%s> account <%s> "
11171	"<so flags - is_tracker %X non-app-initiated %X app-approved-domain %X",
11172	inp->inp_necp_attributes.inp_domain,
11173	inp->inp_necp_attributes.inp_domain_owner,
11174	inp->inp_necp_attributes.inp_domain_context,
11175	inp->inp_necp_attributes.inp_tracker_domain,
11176	inp->inp_necp_attributes.inp_account,
11177	so->so_flags1 & SOF1_KNOWN_TRACKER,
11178	so->so_flags1 & SOF1_TRACKER_NON_APP_INITIATED,
11179	so->so_flags1 & SOF1_APPROVED_APP_DOMAIN);
11180
11181	if (necp_debug) {
11182	NECPLOG(LOG_DEBUG, "Set on socket: Domain <%s> Domain owner <%s> Domain context <%s> Tracker domain <%s> Account <%s> ",
11183	inp->inp_necp_attributes.inp_domain,
11184	inp->inp_necp_attributes.inp_domain_owner,
11185	inp->inp_necp_attributes.inp_domain_context,
11186	inp->inp_necp_attributes.inp_tracker_domain,
11187	inp->inp_necp_attributes.inp_account);
11188	}
11189	fail:
11190	if (buffer != NULL) {
11191	kfree_data(buffer, valsize + `1`);
11192	}
11193	return error;
11194	}
11195
11196	void *
11197	necp_create_nexus_assign_message(uuid_t nexus_instance, nexus_port_t nexus_port, void *key, uint32_t key_length,
11198	struct necp_client_endpoint local_endpoint, struct* necp_client_endpoint remote_endpoint, struct* ether_addr *local_ether_addr,
11199	u_int32_t flow_adv_index, void flow_stats, size_t message_length)
11200	{
11201	u_int8_t *buffer = NULL;
11202	u_int8_t *cursor = NULL;
11203	size_t valsize = `0`;
11204	bool has_nexus_assignment = FALSE;
11205
11206	if (!uuid_is_null(uu: nexus_instance)) {
11207	has_nexus_assignment = TRUE;
11208	valsize += sizeof(struct necp_tlv_header) + sizeof(uuid_t);
11209	valsize += sizeof(struct necp_tlv_header) + sizeof(nexus_port_t);
11210	}
11211	if (flow_adv_index != NECP_FLOWADV_IDX_INVALID) {
11212	valsize += sizeof(struct necp_tlv_header) + sizeof(u_int32_t);
11213	}
11214	if (key != NULL && key_length > `0`) {
11215	valsize += sizeof(struct necp_tlv_header) + key_length;
11216	}
11217	if (local_endpoint != NULL) {
11218	valsize += sizeof(struct necp_tlv_header) + sizeof(struct necp_client_endpoint);
11219	}
11220	if (remote_endpoint != NULL) {
11221	valsize += sizeof(struct necp_tlv_header) + sizeof(struct necp_client_endpoint);
11222	}
11223	if (local_ether_addr != NULL) {
11224	valsize += sizeof(struct necp_tlv_header) + sizeof(struct ether_addr);
11225	}
11226	if (flow_stats != NULL) {
11227	valsize += sizeof(struct necp_tlv_header) + sizeof(void *);
11228	}
11229	if (valsize == `0`) {
11230	return NULL;
11231	}
11232
11233	buffer = kalloc_data(valsize, Z_WAITOK \| Z_ZERO);
11234	if (buffer == NULL) {
11235	return NULL;
11236	}
11237
11238	cursor = buffer;
11239	if (has_nexus_assignment) {
11240	cursor = necp_buffer_write_tlv(cursor, NECP_CLIENT_RESULT_NEXUS_INSTANCE, length: sizeof(uuid_t), value: nexus_instance, buffer, buffer_length: valsize);
11241	cursor = necp_buffer_write_tlv(cursor, NECP_CLIENT_RESULT_NEXUS_PORT, length: sizeof(nexus_port_t), value: &nexus_port, buffer, buffer_length: valsize);
11242	}
11243	if (flow_adv_index != NECP_FLOWADV_IDX_INVALID) {
11244	cursor = necp_buffer_write_tlv(cursor, NECP_CLIENT_RESULT_NEXUS_PORT_FLOW_INDEX, length: sizeof(u_int32_t), value: &flow_adv_index, buffer, buffer_length: valsize);
11245	}
11246	if (key != NULL && key_length > `0`) {
11247	cursor = necp_buffer_write_tlv(cursor, NECP_CLIENT_PARAMETER_NEXUS_KEY, length: key_length, value: key, buffer, buffer_length: valsize);
11248	}
11249	if (local_endpoint != NULL) {
11250	cursor = necp_buffer_write_tlv(cursor, NECP_CLIENT_RESULT_LOCAL_ENDPOINT, length: sizeof(struct necp_client_endpoint), value: local_endpoint, buffer, buffer_length: valsize);
11251	}
11252	if (remote_endpoint != NULL) {
11253	cursor = necp_buffer_write_tlv(cursor, NECP_CLIENT_RESULT_REMOTE_ENDPOINT, length: sizeof(struct necp_client_endpoint), value: remote_endpoint, buffer, buffer_length: valsize);
11254	}
11255	if (local_ether_addr != NULL) {
11256	cursor = necp_buffer_write_tlv(cursor, NECP_CLIENT_RESULT_LOCAL_ETHER_ADDR, length: sizeof(struct ether_addr), value: local_ether_addr, buffer, buffer_length: valsize);
11257	}
11258	if (flow_stats != NULL) {
11259	cursor = necp_buffer_write_tlv(cursor, NECP_CLIENT_RESULT_NEXUS_FLOW_STATS, length: sizeof(void *), value: &flow_stats, buffer, buffer_length: valsize);
11260	}
11261
11262	*message_length = valsize;
11263
11264	return buffer;
11265	}
11266
11267	void
11268	necp_inpcb_remove_cb(struct inpcb *inp)
11269	{
11270	if (!uuid_is_null(uu: inp->necp_client_uuid)) {
11271	necp_client_unregister_socket_flow(client_id: inp->necp_client_uuid, handle: inp);
11272	uuid_clear(uu: inp->necp_client_uuid);
11273	}
11274	}
11275
11276	void
11277	necp_inpcb_dispose(struct inpcb *inp)
11278	{
11279	necp_inpcb_remove_cb(inp); // Clear out socket registrations if not yet done
11280	if (inp->inp_necp_attributes.inp_domain != NULL) {
11281	kfree_data_addr(inp->inp_necp_attributes.inp_domain);
11282	inp->inp_necp_attributes.inp_domain = NULL;
11283	}
11284	if (inp->inp_necp_attributes.inp_account != NULL) {
11285	kfree_data_addr(inp->inp_necp_attributes.inp_account);
11286	inp->inp_necp_attributes.inp_account = NULL;
11287	}
11288	if (inp->inp_necp_attributes.inp_domain_owner != NULL) {
11289	kfree_data_addr(inp->inp_necp_attributes.inp_domain_owner);
11290	inp->inp_necp_attributes.inp_domain_owner = NULL;
11291	}
11292	if (inp->inp_necp_attributes.inp_domain_context != NULL) {
11293	kfree_data_addr(inp->inp_necp_attributes.inp_domain_context);
11294	inp->inp_necp_attributes.inp_domain_context = NULL;
11295	}
11296	if (inp->inp_necp_attributes.inp_tracker_domain != NULL) {
11297	kfree_data_addr(inp->inp_necp_attributes.inp_tracker_domain);
11298	inp->inp_necp_attributes.inp_tracker_domain = NULL;
11299	}
11300	if (inp->inp_resolver_signature != NULL) {
11301	kfree_data(inp->inp_resolver_signature, inp->inp_resolver_signature_length);
11302	}
11303	inp->inp_resolver_signature_length = `0`;
11304	}
11305
11306	void
11307	necp_mppcb_dispose(struct mppcb *mpp)
11308	{
11309	if (!uuid_is_null(uu: mpp->necp_client_uuid)) {
11310	necp_client_unregister_multipath_cb(client_id: mpp->necp_client_uuid, handle: mpp);
11311	uuid_clear(uu: mpp->necp_client_uuid);
11312	}
11313
11314	if (mpp->inp_necp_attributes.inp_domain != NULL) {
11315	kfree_data_addr(mpp->inp_necp_attributes.inp_domain);
11316	mpp->inp_necp_attributes.inp_domain = NULL;
11317	}
11318	if (mpp->inp_necp_attributes.inp_account != NULL) {
11319	kfree_data_addr(mpp->inp_necp_attributes.inp_account);
11320	mpp->inp_necp_attributes.inp_account = NULL;
11321	}
11322	if (mpp->inp_necp_attributes.inp_domain_owner != NULL) {
11323	kfree_data_addr(mpp->inp_necp_attributes.inp_domain_owner);
11324	mpp->inp_necp_attributes.inp_domain_owner = NULL;
11325	}
11326	if (mpp->inp_necp_attributes.inp_tracker_domain != NULL) {
11327	kfree_data_addr(mpp->inp_necp_attributes.inp_tracker_domain);
11328	mpp->inp_necp_attributes.inp_tracker_domain = NULL;
11329	}
11330	}
11331
11332	/// Module init
11333
11334	void
11335	necp_client_init(void)
11336	{
11337	necp_client_update_tcall = thread_call_allocate_with_options(func: necp_update_all_clients_callout, NULL,
11338	pri: THREAD_CALL_PRIORITY_KERNEL, options: THREAD_CALL_OPTIONS_ONCE);
11339	VERIFY(necp_client_update_tcall != NULL);
11340	#if SKYWALK
11341
11342	necp_client_collect_stats_tcall = thread_call_allocate_with_options(func: necp_collect_stats_client_callout, NULL,
11343	pri: THREAD_CALL_PRIORITY_KERNEL, options: THREAD_CALL_OPTIONS_ONCE);
11344	VERIFY(necp_client_collect_stats_tcall != NULL);
11345
11346	necp_close_empty_arenas_tcall = thread_call_allocate_with_options(func: necp_close_empty_arenas_callout, NULL,
11347	pri: THREAD_CALL_PRIORITY_KERNEL, options: THREAD_CALL_OPTIONS_ONCE);
11348	VERIFY(necp_close_empty_arenas_tcall != NULL);
11349	#endif /* SKYWALK */
11350
11351	LIST_INIT(&necp_fd_list);
11352	LIST_INIT(&necp_fd_observer_list);
11353	LIST_INIT(&necp_collect_stats_flow_list);
11354
11355	RB_INIT(&necp_client_global_tree);
11356	RB_INIT(&necp_client_flow_global_tree);
11357	}
11358
11359	#if SKYWALK
11360	pid_t
11361	necp_client_get_proc_pid_from_arena_info(struct skmem_arena_mmap_info *arena_info)
11362	{
11363	ASSERT((arena_info->ami_arena->ar_type == SKMEM_ARENA_TYPE_NECP) \|\| (arena_info->ami_arena->ar_type == SKMEM_ARENA_TYPE_SYSTEM));
11364
11365	if (arena_info->ami_arena->ar_type == SKMEM_ARENA_TYPE_NECP) {
11366	struct necp_arena_info nai = container_of(arena_info, struct* necp_arena_info, nai_mmap);
11367	return nai->nai_proc_pid;
11368	} else {
11369	struct necp_fd_data fd_data = container_of(arena_info, struct* necp_fd_data, sysctl_mmap);
11370	return fd_data->proc_pid;
11371	}
11372	}
11373	#endif /* !SKYWALK */
11374

Browse the source code of xnu/bsd/net/necp_client.c