[apple/xnu.git] / bsd / kern / kpi_socketfilter.c

/*
 * Copyright (c) 2003-2007 Apple Inc. All rights reserved.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. The rights granted to you under the License
 * may not be used to create, or enable the creation or redistribution of,
 * unlawful or unlicensed copies of an Apple operating system, or to
 * circumvent, violate, or enable the circumvention or violation of, any
 * terms of an Apple operating system software license agreement.
 * 
 * Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
 */

#include <sys/kpi_socketfilter.h>

#include <sys/socket.h>
#include <sys/param.h>
#include <sys/errno.h>
#include <sys/malloc.h>
#include <sys/protosw.h>
#include <kern/locks.h>
#include <net/kext_net.h>

#include <libkern/libkern.h>

#include <string.h>

static struct socket_filter_list	sock_filter_head;
static lck_mtx_t					*sock_filter_lock = 0;

static void	sflt_detach_private(struct socket_filter_entry *entry, int unregistering);

__private_extern__ void
sflt_init(void)
{
	lck_grp_attr_t	*grp_attrib = 0;
	lck_attr_t		*lck_attrib = 0;
	lck_grp_t		*lck_group = 0;
	
	TAILQ_INIT(&sock_filter_head);
	
	/* Allocate a spin lock */
	grp_attrib = lck_grp_attr_alloc_init();
	lck_group = lck_grp_alloc_init("socket filter lock", grp_attrib);
	lck_grp_attr_free(grp_attrib);
	lck_attrib = lck_attr_alloc_init();
	sock_filter_lock = lck_mtx_alloc_init(lck_group, lck_attrib);
	lck_grp_free(lck_group);
	lck_attr_free(lck_attrib);
}

__private_extern__ void
sflt_initsock(
	struct socket *so)
{
	struct protosw *proto = so->so_proto;
	struct socket_filter *filter;
	
	if (TAILQ_FIRST(&proto->pr_filter_head) != NULL) {
		lck_mtx_lock(sock_filter_lock);
		TAILQ_FOREACH(filter, &proto->pr_filter_head, sf_protosw_next) {
			sflt_attach_private(so, filter, 0, 0);
		}
		lck_mtx_unlock(sock_filter_lock);
	}
}

__private_extern__ void
sflt_termsock(
	struct socket *so)
{
	struct socket_filter_entry *filter;
	struct socket_filter_entry *filter_next;
	
	for (filter = so->so_filt; filter; filter = filter_next) {
		filter_next = filter->sfe_next_onsocket;
		sflt_detach_private(filter, 0);
	}
	so->so_filt = NULL;
}

__private_extern__ void
sflt_use(
	struct socket *so)
{
	so->so_filteruse++;
}

__private_extern__ void
sflt_unuse(
	struct socket *so)
{
	so->so_filteruse--;
	if (so->so_filteruse == 0) {
		struct socket_filter_entry *filter;
		struct socket_filter_entry *next_filter;
		// search for detaching filters
		for (filter = so->so_filt; filter; filter = next_filter) {
			next_filter = filter->sfe_next_onsocket;
			
			if (filter->sfe_flags & SFEF_DETACHUSEZERO) {
				sflt_detach_private(filter, 0);
			}
		}
	}
}

__private_extern__ void
sflt_notify(
	struct socket	*so,
	sflt_event_t	event,
	void			*param)
{
	struct socket_filter_entry	*filter;
	int						 	filtered = 0;
	
	for (filter = so->so_filt; filter;
		 filter = filter->sfe_next_onsocket) {
		if (filter->sfe_filter->sf_filter.sf_notify) {
			if (filtered == 0) {
				filtered = 1;
				sflt_use(so);
				socket_unlock(so, 0);
			}
			filter->sfe_filter->sf_filter.sf_notify(
				filter->sfe_cookie, so, event, param);
		}
	}
	
	if (filtered != 0) {
		socket_lock(so, 0);
		sflt_unuse(so);
	}
}

__private_extern__ int
sflt_data_in(
	struct socket			*so,
	const struct sockaddr	*from,
	mbuf_t					*data,
	mbuf_t					*control,
	sflt_data_flag_t		flags,
	int						*filtered)
{
	struct socket_filter_entry	*filter;
	int							error = 0;
	int							filtered_storage;
	
	if (filtered == NULL)
		filtered = &filtered_storage;
	*filtered = 0;
	
	for (filter = so->so_filt; filter && (error == 0);
		 filter = filter->sfe_next_onsocket) {
		if (filter->sfe_filter->sf_filter.sf_data_in) {
			if (*filtered == 0) {
				*filtered = 1;
				sflt_use(so);
				socket_unlock(so, 0);
			}
			error = filter->sfe_filter->sf_filter.sf_data_in(
						filter->sfe_cookie, so, from, data, control, flags);
		}
	}
	
	if (*filtered != 0) {
		socket_lock(so, 0);
		sflt_unuse(so);
	}
	
	return error;
}

/* sflt_attach_private
 *
 * Assumptions: If filter is not NULL, socket_filter_lock is held.
 */

__private_extern__ int
sflt_attach_private(
	struct socket *so,
	struct socket_filter *filter,
	sflt_handle			handle,
	int sock_locked)
{
	struct socket_filter_entry *entry = NULL;
	int didlock = 0;
	int error = 0;
	
	if (filter == NULL) {
		/* Find the filter by the handle */
		lck_mtx_lock(sock_filter_lock);
		didlock = 1;
		
		TAILQ_FOREACH(filter, &sock_filter_head, sf_global_next) {
			if (filter->sf_filter.sf_handle == handle)
				break;
		}
	}
	
	if (filter == NULL)
		error = ENOENT;
	
	if (error == 0) {
		/* allocate the socket filter entry */
		MALLOC(entry, struct socket_filter_entry *, sizeof(*entry), M_IFADDR, M_WAITOK);
		if (entry == NULL) {
			error = ENOMEM;
		}
	}
	
	if (error == 0) {
		/* Initialize the socket filter entry and call the attach function */
		entry->sfe_filter = filter;
		entry->sfe_socket = so;
		entry->sfe_cookie = NULL;
		entry->sfe_flags = 0;
		if (entry->sfe_filter->sf_filter.sf_attach) {
			filter->sf_usecount++;
		
			if (sock_locked)
				socket_unlock(so, 0);	
			error = entry->sfe_filter->sf_filter.sf_attach(&entry->sfe_cookie, so);
			if (sock_locked)
				socket_lock(so, 0);	
			
			filter->sf_usecount--;
			
			/* If the attach function returns an error, this filter is not attached */
			if (error) {
				FREE(entry, M_IFADDR);
				entry = NULL;
			}
		}
	}
	
	if (error == 0) {
		/* Put the entry in the socket list */
		entry->sfe_next_onsocket = so->so_filt;
		so->so_filt = entry;
		
		/* Put the entry in the filter list */
		entry->sfe_next_onfilter = filter->sf_entry_head;
		filter->sf_entry_head = entry;
		
		/* Incremenet the parent filter's usecount */
		filter->sf_usecount++;
	}
	
	if (didlock) {
		lck_mtx_unlock(sock_filter_lock);
	}
	
	return error;
}


/* sflt_detach_private
 *
 * Assumptions: if you pass 0 in for the second parameter, you are holding the
 * socket lock for the socket the entry is attached to. If you pass 1 in for
 * the second parameter, it is assumed that the entry is not on the filter's
 * list and the socket lock is not held.
 */

static void
sflt_detach_private(
	struct socket_filter_entry *entry,
	int	unregistering)
{
	struct socket_filter_entry **next_ptr;
	int				detached = 0;
	int				found = 0;
	
	if (unregistering) {
		socket_lock(entry->sfe_socket, 0);
	}
	
	/*
	 * Attempt to find the entry on the filter's list and
	 * remove it. This prevents a filter detaching at the
	 * same time from attempting to remove the same entry.
	 */
	lck_mtx_lock(sock_filter_lock);
	if (!unregistering) {
		if ((entry->sfe_flags & SFEF_UNREGISTERING) != 0) {
			/*
			 * Another thread is unregistering the filter, we
			 * need to avoid detaching the filter here so the
			 * socket won't go away.  Bump up the socket's
			 * usecount so that it won't be freed until after
			 * the filter unregistration has been completed;
			 * at this point the caller has already held the
			 * socket's lock, so we can directly modify the
			 * usecount.
			 */
			if (!(entry->sfe_flags & SFEF_DETACHXREF)) {
				entry->sfe_socket->so_usecount++;
				entry->sfe_flags |= SFEF_DETACHXREF;
			}
			lck_mtx_unlock(sock_filter_lock);
			return;
		}
		for (next_ptr = &entry->sfe_filter->sf_entry_head; *next_ptr;
			 next_ptr = &((*next_ptr)->sfe_next_onfilter)) {
			if (*next_ptr == entry) {
				found = 1;
				*next_ptr = entry->sfe_next_onfilter;
				break;
			}
		}
		
		if (!found && (entry->sfe_flags & SFEF_DETACHUSEZERO) == 0) {
			lck_mtx_unlock(sock_filter_lock);
			return;
		}
	} else {
		/*
		 * Clear the removing flag. We will perform the detach here or
		 * request a delayed detach.  Since we do an extra ref release
		 * below, bump up the usecount if we haven't done so.
		 */
		entry->sfe_flags &= ~SFEF_UNREGISTERING;
		if (!(entry->sfe_flags & SFEF_DETACHXREF)) {
			entry->sfe_socket->so_usecount++;
			entry->sfe_flags |= SFEF_DETACHXREF;
		}
	}

	if (entry->sfe_socket->so_filteruse != 0) {
		entry->sfe_flags |= SFEF_DETACHUSEZERO;
		lck_mtx_unlock(sock_filter_lock);
	
		if (unregistering) {
#if DEBUG
			printf("sflt_detach_private unregistering SFEF_DETACHUSEZERO "
				"so%p so_filteruse %u so_usecount %d\n",
				entry->sfe_socket, entry->sfe_socket->so_filteruse, 
				entry->sfe_socket->so_usecount);
#endif
			socket_unlock(entry->sfe_socket, 0);	
		}
		return;
	} else {
		/*
		 * Check if we are removing the last attached filter and
		 * the parent filter is being unregistered.
		 */
		entry->sfe_filter->sf_usecount--;
		if ((entry->sfe_filter->sf_usecount == 0) &&
			(entry->sfe_filter->sf_flags & SFF_DETACHING) != 0)
			detached = 1;
	}
	lck_mtx_unlock(sock_filter_lock);
		
	/* Remove from the socket list */
	for (next_ptr = &entry->sfe_socket->so_filt; *next_ptr;
		 next_ptr = &((*next_ptr)->sfe_next_onsocket)) {
		if (*next_ptr == entry) {
			*next_ptr = entry->sfe_next_onsocket;
			break;
		}
	}
	
	if (entry->sfe_filter->sf_filter.sf_detach)
		entry->sfe_filter->sf_filter.sf_detach(entry->sfe_cookie, entry->sfe_socket);
	
	if (detached && entry->sfe_filter->sf_filter.sf_unregistered) {
		entry->sfe_filter->sf_filter.sf_unregistered(entry->sfe_filter->sf_filter.sf_handle);
		FREE(entry->sfe_filter, M_IFADDR);
	}

	if (unregistering) 
		socket_unlock(entry->sfe_socket, 1);

	FREE(entry, M_IFADDR);
}

errno_t
sflt_attach(
	socket_t	socket,
	sflt_handle	handle)
{
	if (socket == NULL || handle == 0)
		return EINVAL;
	
	return sflt_attach_private(socket, NULL, handle, 0);
}

errno_t
sflt_detach(
	socket_t	socket,
	sflt_handle	handle)
{
	struct socket_filter_entry	*filter;
	errno_t	result = 0;
	
	if (socket == NULL || handle == 0)
		return EINVAL;
	
	socket_lock(socket, 1);
	
	for (filter = socket->so_filt; filter;
		 filter = filter->sfe_next_onsocket) {
		if (filter->sfe_filter->sf_filter.sf_handle == handle)
			break;
	}
	
	if (filter != NULL) {
		sflt_detach_private(filter, 0);
	}
	else {
		socket->so_filt = NULL;
		result = ENOENT;
	}
	
	socket_unlock(socket, 1);
	
	return result;
}


errno_t
sflt_register(
	const struct sflt_filter	*filter,
	int				domain,
	int				type,
	int				protocol)
{
	struct socket_filter *sock_filt = NULL;
	struct socket_filter *match = NULL;
	int error = 0;
	struct protosw *pr = pffindproto(domain, protocol, type);
	unsigned int len;

	if (pr == NULL)
		return ENOENT;

	if (filter->sf_attach == NULL || filter->sf_detach == NULL ||
	    filter->sf_handle == 0 || filter->sf_name == NULL)
		return EINVAL;

	/* Allocate the socket filter */
	MALLOC(sock_filt, struct socket_filter *, sizeof (*sock_filt),
	    M_IFADDR, M_WAITOK);
	if (sock_filt == NULL) {
		return ENOBUFS;
	}

	bzero(sock_filt, sizeof (*sock_filt));

	/* Legacy sflt_filter length; current structure minus extended */
	len = sizeof (*filter) - sizeof (struct sflt_filter_ext);
	/*
	 * Include extended fields if filter defines SFLT_EXTENDED.
	 * We've zeroed out our internal sflt_filter placeholder,
	 * so any unused portion would have been taken care of.
	 */
	if (filter->sf_flags & SFLT_EXTENDED) {
		unsigned int ext_len = filter->sf_len;

		if (ext_len > sizeof (struct sflt_filter_ext))
			ext_len = sizeof (struct sflt_filter_ext);

		len += ext_len;
	}
	bcopy(filter, &sock_filt->sf_filter, len);

	lck_mtx_lock(sock_filter_lock);
	/* Look for an existing entry */
	TAILQ_FOREACH(match, &sock_filter_head, sf_global_next) {
		if (match->sf_filter.sf_handle ==
		    sock_filt->sf_filter.sf_handle) {
			break;
		}
	}

	/* Add the entry only if there was no existing entry */
	if (match == NULL) {
		TAILQ_INSERT_TAIL(&sock_filter_head, sock_filt, sf_global_next);
		if ((sock_filt->sf_filter.sf_flags & SFLT_GLOBAL) != 0) {
			TAILQ_INSERT_TAIL(&pr->pr_filter_head, sock_filt,
			    sf_protosw_next);
			sock_filt->sf_proto = pr;
		}
	}
	lck_mtx_unlock(sock_filter_lock);

	if (match != NULL) {
		FREE(sock_filt, M_IFADDR);
		return EEXIST;
	}

	return error;
}

errno_t
sflt_unregister(
	sflt_handle handle)
{
	struct socket_filter *filter;
	struct socket_filter_entry *entry_head = NULL;
	struct socket_filter_entry *next_entry = NULL;
	
	/* Find the entry and remove it from the global and protosw lists */
	lck_mtx_lock(sock_filter_lock);
	TAILQ_FOREACH(filter, &sock_filter_head, sf_global_next) {
		if (filter->sf_filter.sf_handle == handle)
			break;
	}
	
	if (filter) {
		TAILQ_REMOVE(&sock_filter_head, filter, sf_global_next);
		if ((filter->sf_filter.sf_flags & SFLT_GLOBAL) != 0) {
			TAILQ_REMOVE(&filter->sf_proto->pr_filter_head, filter, sf_protosw_next);
		}
		entry_head = filter->sf_entry_head;
		filter->sf_entry_head = NULL;
		filter->sf_flags |= SFF_DETACHING;
	
		for (next_entry = entry_head; next_entry;
		    next_entry = next_entry->sfe_next_onfilter) {
			/*
			 * Mark this as "unregistering"; upon dropping the
			 * lock, another thread may win the race and attempt
			 * to detach a socket from it (e.g. as part of close)
			 * before we get a chance to detach.  Setting this
			 * flag practically tells the other thread to go away.
			 * If the other thread wins, this causes an extra
			 * reference hold on the socket so that it won't be
			 * deallocated until after we finish with the detach
			 * for it below.  If we win the race, the extra
			 * reference hold is also taken to compensate for the
			 * extra reference release when detach is called
			 * with a "1" for its second parameter.
			 */
			next_entry->sfe_flags |= SFEF_UNREGISTERING;
		}
	}
	
	lck_mtx_unlock(sock_filter_lock);
	
	if (filter == NULL)
		return ENOENT;
	
	/* We need to detach the filter from any sockets it's attached to */
	if (entry_head == 0) {
		if (filter->sf_filter.sf_unregistered)
			filter->sf_filter.sf_unregistered(filter->sf_filter.sf_handle);
	} else {
		while (entry_head) {
			next_entry = entry_head->sfe_next_onfilter;
			sflt_detach_private(entry_head, 1);
			entry_head = next_entry;
		}
	}
	
	return 0;
}

errno_t
sock_inject_data_in(
	socket_t so,
	const struct sockaddr* from,
	mbuf_t data,
	mbuf_t control,
	sflt_data_flag_t flags)
{
	int error = 0;
	if (so == NULL || data == NULL) return EINVAL;
	
	if (flags & sock_data_filt_flag_oob) {
		return ENOTSUP;
	}
	
	socket_lock(so, 1);
	
	if (from) {
		if (sbappendaddr(&so->so_rcv, (struct sockaddr*)(uintptr_t)from, data,
						 control, NULL))
			sorwakeup(so);
		goto done;
	}
	
	if (control) {
		if (sbappendcontrol(&so->so_rcv, data, control, NULL))
			sorwakeup(so);
		goto done;
	}
	
	if (flags & sock_data_filt_flag_record) {
		if (control || from) {
			error = EINVAL;
			goto done;
		}
		if (sbappendrecord(&so->so_rcv, (struct mbuf*)data))
			sorwakeup(so);
		goto done;
	}
	
	if (sbappend(&so->so_rcv, data))
		sorwakeup(so);
done:
	socket_unlock(so, 1);
	return error;
}

errno_t
sock_inject_data_out(
	socket_t so,
	const struct sockaddr* to,
	mbuf_t data,
	mbuf_t control,
	sflt_data_flag_t flags)
{
	int	sosendflags = 0;
	if (flags & sock_data_filt_flag_oob) sosendflags = MSG_OOB;
	return sosend(so, (struct sockaddr*)(uintptr_t)to, NULL,
				  data, control, sosendflags);
}

sockopt_dir
sockopt_direction(
	sockopt_t	sopt)
{
	return (sopt->sopt_dir == SOPT_GET) ? sockopt_get : sockopt_set;
}

int
sockopt_level(
	sockopt_t	sopt)
{
	return sopt->sopt_level;
}

int
sockopt_name(
	sockopt_t	sopt)
{
	return sopt->sopt_name;
}

size_t
sockopt_valsize(
	sockopt_t	sopt)
{
	return sopt->sopt_valsize;
}

errno_t
sockopt_copyin(
	sockopt_t	sopt,
	void *data,
	size_t	len)
{
	return sooptcopyin(sopt, data, len, len);
}

errno_t
sockopt_copyout(
	sockopt_t	sopt,
	void *data,
	size_t	len)
{
	return sooptcopyout(sopt, data, len);
}
Commit	Line	Data
91447636	1	/*
2d21ac55	2	* Copyright (c) 2003-2007 Apple Inc. All rights reserved.
5d5c5d0d	3	*
2d21ac55	4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
91447636	5	*
2d21ac55 A	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. The rights granted to you under the License
	10	* may not be used to create, or enable the creation or redistribution of,
	11	* unlawful or unlicensed copies of an Apple operating system, or to
	12	* circumvent, violate, or enable the circumvention or violation of, any
	13	* terms of an Apple operating system software license agreement.
8f6c56a5	14	*
2d21ac55 A	15	* Please obtain a copy of the License at
	16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
	17	*
	18	* The Original Code and all software distributed under the License are
	19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
8f6c56a5 A	20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
8f6c56a5 A	21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
2d21ac55 A	22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	23	* Please see the License for the specific language governing rights and
	24	* limitations under the License.
8f6c56a5	25	*
2d21ac55	26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
91447636 A	27	*/
	28
	29	#include <sys/kpi_socketfilter.h>
	30
	31	#include <sys/socket.h>
	32	#include <sys/param.h>
	33	#include <sys/errno.h>
	34	#include <sys/malloc.h>
	35	#include <sys/protosw.h>
	36	#include <kern/locks.h>
	37	#include <net/kext_net.h>
	38
c910b4d9 A	39	#include <libkern/libkern.h>
c910b4d9 A	40
2d21ac55 A	41	#include <string.h>
2d21ac55 A	42
91447636 A	43	static struct socket_filter_list sock_filter_head;
	44	static lck_mtx_t *sock_filter_lock = 0;
	45
3a60a9f5 A	46	static void sflt_detach_private(struct socket_filter_entry *entry, int unregistering);
3a60a9f5 A	47
91447636 A	48	__private_extern__ void
	49	sflt_init(void)
	50	{
	51	lck_grp_attr_t *grp_attrib = 0;
	52	lck_attr_t *lck_attrib = 0;
	53	lck_grp_t *lck_group = 0;
	54
	55	TAILQ_INIT(&sock_filter_head);
	56
	57	/* Allocate a spin lock */
	58	grp_attrib = lck_grp_attr_alloc_init();
91447636 A	59	lck_group = lck_grp_alloc_init("socket filter lock", grp_attrib);
	60	lck_grp_attr_free(grp_attrib);
	61	lck_attrib = lck_attr_alloc_init();
91447636 A	62	sock_filter_lock = lck_mtx_alloc_init(lck_group, lck_attrib);
	63	lck_grp_free(lck_group);
	64	lck_attr_free(lck_attrib);
	65	}
	66
	67	__private_extern__ void
	68	sflt_initsock(
	69	struct socket *so)
	70	{
	71	struct protosw *proto = so->so_proto;
	72	struct socket_filter *filter;
	73
	74	if (TAILQ_FIRST(&proto->pr_filter_head) != NULL) {
	75	lck_mtx_lock(sock_filter_lock);
	76	TAILQ_FOREACH(filter, &proto->pr_filter_head, sf_protosw_next) {
	77	sflt_attach_private(so, filter, 0, 0);
	78	}
	79	lck_mtx_unlock(sock_filter_lock);
	80	}
	81	}
	82
	83	__private_extern__ void
	84	sflt_termsock(
	85	struct socket *so)
	86	{
	87	struct socket_filter_entry *filter;
	88	struct socket_filter_entry *filter_next;
	89
	90	for (filter = so->so_filt; filter; filter = filter_next) {
	91	filter_next = filter->sfe_next_onsocket;
	92	sflt_detach_private(filter, 0);
	93	}
3a60a9f5	94	so->so_filt = NULL;
91447636 A	95	}
	96
	97	__private_extern__ void
	98	sflt_use(
	99	struct socket *so)
	100	{
	101	so->so_filteruse++;
	102	}
	103
	104	__private_extern__ void
	105	sflt_unuse(
	106	struct socket *so)
	107	{
	108	so->so_filteruse--;
	109	if (so->so_filteruse == 0) {
	110	struct socket_filter_entry *filter;
	111	struct socket_filter_entry *next_filter;
	112	// search for detaching filters
	113	for (filter = so->so_filt; filter; filter = next_filter) {
	114	next_filter = filter->sfe_next_onsocket;
	115
3a60a9f5	116	if (filter->sfe_flags & SFEF_DETACHUSEZERO) {
91447636 A	117	sflt_detach_private(filter, 0);
	118	}
	119	}
	120	}
	121	}
	122
	123	__private_extern__ void
	124	sflt_notify(
	125	struct socket *so,
	126	sflt_event_t event,
	127	void *param)
	128	{
	129	struct socket_filter_entry *filter;
	130	int filtered = 0;
	131
	132	for (filter = so->so_filt; filter;
	133	filter = filter->sfe_next_onsocket) {
	134	if (filter->sfe_filter->sf_filter.sf_notify) {
	135	if (filtered == 0) {
	136	filtered = 1;
	137	sflt_use(so);
	138	socket_unlock(so, 0);
	139	}
	140	filter->sfe_filter->sf_filter.sf_notify(
	141	filter->sfe_cookie, so, event, param);
	142	}
	143	}
	144
	145	if (filtered != 0) {
	146	socket_lock(so, 0);
	147	sflt_unuse(so);
	148	}
	149	}
	150
	151	__private_extern__ int
	152	sflt_data_in(
	153	struct socket *so,
	154	const struct sockaddr *from,
	155	mbuf_t *data,
	156	mbuf_t *control,
cc9f6e38 A	157	sflt_data_flag_t flags,
cc9f6e38 A	158	int *filtered)
91447636 A	159	{
91447636 A	160	struct socket_filter_entry *filter;
91447636	161	int error = 0;
cc9f6e38 A	162	int filtered_storage;
	163
	164	if (filtered == NULL)
	165	filtered = &filtered_storage;
	166	*filtered = 0;
91447636	167
b36670ce	168	for (filter = so->so_filt; filter && (error == 0);
91447636 A	169	filter = filter->sfe_next_onsocket) {
91447636 A	170	if (filter->sfe_filter->sf_filter.sf_data_in) {
cc9f6e38 A	171	if (*filtered == 0) {
cc9f6e38 A	172	*filtered = 1;
91447636 A	173	sflt_use(so);
	174	socket_unlock(so, 0);
	175	}
	176	error = filter->sfe_filter->sf_filter.sf_data_in(
	177	filter->sfe_cookie, so, from, data, control, flags);
	178	}
	179	}
	180
cc9f6e38	181	if (*filtered != 0) {
91447636 A	182	socket_lock(so, 0);
	183	sflt_unuse(so);
	184	}
	185
	186	return error;
	187	}
	188
	189	/* sflt_attach_private
	190	*
	191	* Assumptions: If filter is not NULL, socket_filter_lock is held.
	192	*/
	193
	194	__private_extern__ int
	195	sflt_attach_private(
	196	struct socket *so,
	197	struct socket_filter *filter,
	198	sflt_handle handle,
	199	int sock_locked)
	200	{
	201	struct socket_filter_entry *entry = NULL;
	202	int didlock = 0;
	203	int error = 0;
	204
	205	if (filter == NULL) {
	206	/* Find the filter by the handle */
	207	lck_mtx_lock(sock_filter_lock);
	208	didlock = 1;
	209
	210	TAILQ_FOREACH(filter, &sock_filter_head, sf_global_next) {
	211	if (filter->sf_filter.sf_handle == handle)
	212	break;
	213	}
	214	}
	215
	216	if (filter == NULL)
	217	error = ENOENT;
	218
	219	if (error == 0) {
	220	/* allocate the socket filter entry */
	221	MALLOC(entry, struct socket_filter_entry , sizeof(entry), M_IFADDR, M_WAITOK);
	222	if (entry == NULL) {
	223	error = ENOMEM;
	224	}
	225	}
	226
	227	if (error == 0) {
	228	/* Initialize the socket filter entry and call the attach function */
	229	entry->sfe_filter = filter;
	230	entry->sfe_socket = so;
	231	entry->sfe_cookie = NULL;
3a60a9f5	232	entry->sfe_flags = 0;
91447636 A	233	if (entry->sfe_filter->sf_filter.sf_attach) {
	234	filter->sf_usecount++;
	235
	236	if (sock_locked)
	237	socket_unlock(so, 0);
	238	error = entry->sfe_filter->sf_filter.sf_attach(&entry->sfe_cookie, so);
	239	if (sock_locked)
	240	socket_lock(so, 0);
	241
	242	filter->sf_usecount--;
	243
	244	/* If the attach function returns an error, this filter is not attached */
	245	if (error) {
	246	FREE(entry, M_IFADDR);
	247	entry = NULL;
	248	}
	249	}
	250	}
	251
	252	if (error == 0) {
	253	/* Put the entry in the socket list */
	254	entry->sfe_next_onsocket = so->so_filt;
	255	so->so_filt = entry;
	256
	257	/* Put the entry in the filter list */
	258	entry->sfe_next_onfilter = filter->sf_entry_head;
	259	filter->sf_entry_head = entry;
	260
91447636 A	261	/* Incremenet the parent filter's usecount */
	262	filter->sf_usecount++;
	263	}
	264
	265	if (didlock) {
	266	lck_mtx_unlock(sock_filter_lock);
	267	}
	268
	269	return error;
	270	}
	271
	272
	273	/* sflt_detach_private
	274	*
	275	* Assumptions: if you pass 0 in for the second parameter, you are holding the
	276	* socket lock for the socket the entry is attached to. If you pass 1 in for
	277	* the second parameter, it is assumed that the entry is not on the filter's
	278	* list and the socket lock is not held.
	279	*/
	280
3a60a9f5	281	static void
91447636 A	282	sflt_detach_private(
91447636 A	283	struct socket_filter_entry *entry,
3a60a9f5	284	int unregistering)
91447636	285	{
91447636 A	286	struct socket_filter_entry **next_ptr;
	287	int detached = 0;
	288	int found = 0;
	289
3a60a9f5	290	if (unregistering) {
91447636 A	291	socket_lock(entry->sfe_socket, 0);
	292	}
	293
	294	/*
	295	* Attempt to find the entry on the filter's list and
	296	* remove it. This prevents a filter detaching at the
	297	* same time from attempting to remove the same entry.
	298	*/
	299	lck_mtx_lock(sock_filter_lock);
3a60a9f5 A	300	if (!unregistering) {
	301	if ((entry->sfe_flags & SFEF_UNREGISTERING) != 0) {
	302	/*
4a3eedf9 A	303	* Another thread is unregistering the filter, we
	304	* need to avoid detaching the filter here so the
	305	* socket won't go away. Bump up the socket's
	306	* usecount so that it won't be freed until after
	307	* the filter unregistration has been completed;
	308	* at this point the caller has already held the
	309	* socket's lock, so we can directly modify the
	310	* usecount.
3a60a9f5	311	*/
4a3eedf9 A	312	if (!(entry->sfe_flags & SFEF_DETACHXREF)) {
	313	entry->sfe_socket->so_usecount++;
	314	entry->sfe_flags \|= SFEF_DETACHXREF;
	315	}
3a60a9f5 A	316	lck_mtx_unlock(sock_filter_lock);
	317	return;
	318	}
91447636 A	319	for (next_ptr = &entry->sfe_filter->sf_entry_head; *next_ptr;
	320	next_ptr = &((*next_ptr)->sfe_next_onfilter)) {
	321	if (*next_ptr == entry) {
	322	found = 1;
	323	*next_ptr = entry->sfe_next_onfilter;
	324	break;
	325	}
	326	}
3a60a9f5 A	327
	328	if (!found && (entry->sfe_flags & SFEF_DETACHUSEZERO) == 0) {
	329	lck_mtx_unlock(sock_filter_lock);
	330	return;
	331	}
c910b4d9	332	} else {
3a60a9f5 A	333	/*
3a60a9f5 A	334	* Clear the removing flag. We will perform the detach here or
4a3eedf9 A	335	* request a delayed detach. Since we do an extra ref release
4a3eedf9 A	336	* below, bump up the usecount if we haven't done so.
3a60a9f5 A	337	*/
3a60a9f5 A	338	entry->sfe_flags &= ~SFEF_UNREGISTERING;
4a3eedf9 A	339	if (!(entry->sfe_flags & SFEF_DETACHXREF)) {
	340	entry->sfe_socket->so_usecount++;
	341	entry->sfe_flags \|= SFEF_DETACHXREF;
	342	}
91447636 A	343	}
	344
	345	if (entry->sfe_socket->so_filteruse != 0) {
3a60a9f5	346	entry->sfe_flags \|= SFEF_DETACHUSEZERO;
91447636	347	lck_mtx_unlock(sock_filter_lock);
b0d623f7	348
c910b4d9 A	349	if (unregistering) {
	350	#if DEBUG
	351	printf("sflt_detach_private unregistering SFEF_DETACHUSEZERO "
	352	"so%p so_filteruse %u so_usecount %d\n",
	353	entry->sfe_socket, entry->sfe_socket->so_filteruse,
	354	entry->sfe_socket->so_usecount);
	355	#endif
	356	socket_unlock(entry->sfe_socket, 0);
	357	}
91447636	358	return;
c910b4d9	359	} else {
3a60a9f5 A	360	/*
	361	* Check if we are removing the last attached filter and
	362	* the parent filter is being unregistered.
	363	*/
91447636 A	364	entry->sfe_filter->sf_usecount--;
	365	if ((entry->sfe_filter->sf_usecount == 0) &&
	366	(entry->sfe_filter->sf_flags & SFF_DETACHING) != 0)
	367	detached = 1;
	368	}
	369	lck_mtx_unlock(sock_filter_lock);
	370
	371	/* Remove from the socket list */
	372	for (next_ptr = &entry->sfe_socket->so_filt; *next_ptr;
	373	next_ptr = &((*next_ptr)->sfe_next_onsocket)) {
	374	if (*next_ptr == entry) {
	375	*next_ptr = entry->sfe_next_onsocket;
	376	break;
	377	}
	378	}
	379
	380	if (entry->sfe_filter->sf_filter.sf_detach)
	381	entry->sfe_filter->sf_filter.sf_detach(entry->sfe_cookie, entry->sfe_socket);
	382
	383	if (detached && entry->sfe_filter->sf_filter.sf_unregistered) {
	384	entry->sfe_filter->sf_filter.sf_unregistered(entry->sfe_filter->sf_filter.sf_handle);
	385	FREE(entry->sfe_filter, M_IFADDR);
	386	}
3a60a9f5 A	387
3a60a9f5 A	388	if (unregistering)
91447636	389	socket_unlock(entry->sfe_socket, 1);
3a60a9f5	390
91447636 A	391	FREE(entry, M_IFADDR);
	392	}
	393
	394	errno_t
	395	sflt_attach(
	396	socket_t socket,
	397	sflt_handle handle)
	398	{
	399	if (socket == NULL \|\| handle == 0)
	400	return EINVAL;
	401
	402	return sflt_attach_private(socket, NULL, handle, 0);
	403	}
	404
	405	errno_t
	406	sflt_detach(
	407	socket_t socket,
	408	sflt_handle handle)
	409	{
	410	struct socket_filter_entry *filter;
	411	errno_t result = 0;
	412
	413	if (socket == NULL \|\| handle == 0)
	414	return EINVAL;
	415
	416	socket_lock(socket, 1);
	417
	418	for (filter = socket->so_filt; filter;
	419	filter = filter->sfe_next_onsocket) {
	420	if (filter->sfe_filter->sf_filter.sf_handle == handle)
	421	break;
	422	}
	423
	424	if (filter != NULL) {
	425	sflt_detach_private(filter, 0);
	426	}
	427	else {
3a60a9f5	428	socket->so_filt = NULL;
91447636 A	429	result = ENOENT;
	430	}
	431
	432	socket_unlock(socket, 1);
	433
	434	return result;
	435	}
	436
	437
	438	errno_t
	439	sflt_register(
	440	const struct sflt_filter *filter,
2d21ac55 A	441	int domain,
	442	int type,
	443	int protocol)
91447636 A	444	{
	445	struct socket_filter *sock_filt = NULL;
	446	struct socket_filter *match = NULL;
	447	int error = 0;
	448	struct protosw *pr = pffindproto(domain, protocol, type);
2d21ac55 A	449	unsigned int len;
	450
	451	if (pr == NULL)
	452	return ENOENT;
	453
	454	if (filter->sf_attach == NULL \|\| filter->sf_detach == NULL \|\|
	455	filter->sf_handle == 0 \|\| filter->sf_name == NULL)
	456	return EINVAL;
91447636 A	457
91447636 A	458	/* Allocate the socket filter */
2d21ac55 A	459	MALLOC(sock_filt, struct socket_filter , sizeof (sock_filt),
2d21ac55 A	460	M_IFADDR, M_WAITOK);
91447636 A	461	if (sock_filt == NULL) {
	462	return ENOBUFS;
	463	}
2d21ac55 A	464
	465	bzero(sock_filt, sizeof (*sock_filt));
	466
	467	/* Legacy sflt_filter length; current structure minus extended */
	468	len = sizeof (*filter) - sizeof (struct sflt_filter_ext);
	469	/*
	470	* Include extended fields if filter defines SFLT_EXTENDED.
	471	* We've zeroed out our internal sflt_filter placeholder,
	472	* so any unused portion would have been taken care of.
	473	*/
	474	if (filter->sf_flags & SFLT_EXTENDED) {
	475	unsigned int ext_len = filter->sf_len;
	476
	477	if (ext_len > sizeof (struct sflt_filter_ext))
	478	ext_len = sizeof (struct sflt_filter_ext);
	479
	480	len += ext_len;
	481	}
	482	bcopy(filter, &sock_filt->sf_filter, len);
	483
91447636 A	484	lck_mtx_lock(sock_filter_lock);
	485	/* Look for an existing entry */
	486	TAILQ_FOREACH(match, &sock_filter_head, sf_global_next) {
2d21ac55 A	487	if (match->sf_filter.sf_handle ==
2d21ac55 A	488	sock_filt->sf_filter.sf_handle) {
91447636 A	489	break;
	490	}
	491	}
2d21ac55	492
91447636 A	493	/* Add the entry only if there was no existing entry */
	494	if (match == NULL) {
	495	TAILQ_INSERT_TAIL(&sock_filter_head, sock_filt, sf_global_next);
	496	if ((sock_filt->sf_filter.sf_flags & SFLT_GLOBAL) != 0) {
2d21ac55 A	497	TAILQ_INSERT_TAIL(&pr->pr_filter_head, sock_filt,
2d21ac55 A	498	sf_protosw_next);
91447636 A	499	sock_filt->sf_proto = pr;
	500	}
	501	}
	502	lck_mtx_unlock(sock_filter_lock);
2d21ac55	503
91447636 A	504	if (match != NULL) {
	505	FREE(sock_filt, M_IFADDR);
	506	return EEXIST;
	507	}
2d21ac55	508
91447636 A	509	return error;
	510	}
	511
	512	errno_t
	513	sflt_unregister(
	514	sflt_handle handle)
	515	{
	516	struct socket_filter *filter;
	517	struct socket_filter_entry *entry_head = NULL;
3a60a9f5	518	struct socket_filter_entry *next_entry = NULL;
91447636 A	519
	520	/* Find the entry and remove it from the global and protosw lists */
	521	lck_mtx_lock(sock_filter_lock);
	522	TAILQ_FOREACH(filter, &sock_filter_head, sf_global_next) {
	523	if (filter->sf_filter.sf_handle == handle)
	524	break;
	525	}
	526
	527	if (filter) {
	528	TAILQ_REMOVE(&sock_filter_head, filter, sf_global_next);
	529	if ((filter->sf_filter.sf_flags & SFLT_GLOBAL) != 0) {
	530	TAILQ_REMOVE(&filter->sf_proto->pr_filter_head, filter, sf_protosw_next);
	531	}
	532	entry_head = filter->sf_entry_head;
	533	filter->sf_entry_head = NULL;
	534	filter->sf_flags \|= SFF_DETACHING;
3a60a9f5 A	535
3a60a9f5 A	536	for (next_entry = entry_head; next_entry;
4a3eedf9 A	537	next_entry = next_entry->sfe_next_onfilter) {
	538	/*
	539	* Mark this as "unregistering"; upon dropping the
	540	* lock, another thread may win the race and attempt
	541	* to detach a socket from it (e.g. as part of close)
	542	* before we get a chance to detach. Setting this
	543	* flag practically tells the other thread to go away.
	544	* If the other thread wins, this causes an extra
	545	* reference hold on the socket so that it won't be
	546	* deallocated until after we finish with the detach
	547	* for it below. If we win the race, the extra
	548	* reference hold is also taken to compensate for the
	549	* extra reference release when detach is called
	550	* with a "1" for its second parameter.
	551	*/
3a60a9f5	552	next_entry->sfe_flags \|= SFEF_UNREGISTERING;
3a60a9f5	553	}
91447636 A	554	}
	555
	556	lck_mtx_unlock(sock_filter_lock);
	557
	558	if (filter == NULL)
	559	return ENOENT;
	560
	561	/* We need to detach the filter from any sockets it's attached to */
	562	if (entry_head == 0) {
	563	if (filter->sf_filter.sf_unregistered)
	564	filter->sf_filter.sf_unregistered(filter->sf_filter.sf_handle);
	565	} else {
	566	while (entry_head) {
91447636 A	567	next_entry = entry_head->sfe_next_onfilter;
	568	sflt_detach_private(entry_head, 1);
	569	entry_head = next_entry;
	570	}
	571	}
	572
	573	return 0;
	574	}
	575
	576	errno_t
	577	sock_inject_data_in(
	578	socket_t so,
	579	const struct sockaddr* from,
	580	mbuf_t data,
	581	mbuf_t control,
	582	sflt_data_flag_t flags)
	583	{
	584	int error = 0;
	585	if (so == NULL \|\| data == NULL) return EINVAL;
	586
	587	if (flags & sock_data_filt_flag_oob) {
	588	return ENOTSUP;
	589	}
	590
	591	socket_lock(so, 1);
	592
	593	if (from) {
b0d623f7	594	if (sbappendaddr(&so->so_rcv, (struct sockaddr*)(uintptr_t)from, data,
91447636 A	595	control, NULL))
	596	sorwakeup(so);
	597	goto done;
	598	}
	599
	600	if (control) {
	601	if (sbappendcontrol(&so->so_rcv, data, control, NULL))
	602	sorwakeup(so);
	603	goto done;
	604	}
	605
	606	if (flags & sock_data_filt_flag_record) {
	607	if (control \|\| from) {
	608	error = EINVAL;
	609	goto done;
	610	}
	611	if (sbappendrecord(&so->so_rcv, (struct mbuf*)data))
	612	sorwakeup(so);
	613	goto done;
	614	}
	615
	616	if (sbappend(&so->so_rcv, data))
	617	sorwakeup(so);
	618	done:
	619	socket_unlock(so, 1);
	620	return error;
	621	}
	622
	623	errno_t
	624	sock_inject_data_out(
	625	socket_t so,
	626	const struct sockaddr* to,
	627	mbuf_t data,
	628	mbuf_t control,
	629	sflt_data_flag_t flags)
	630	{
	631	int sosendflags = 0;
	632	if (flags & sock_data_filt_flag_oob) sosendflags = MSG_OOB;
b0d623f7	633	return sosend(so, (struct sockaddr*)(uintptr_t)to, NULL,
91447636 A	634	data, control, sosendflags);
	635	}
	636
	637	sockopt_dir
	638	sockopt_direction(
	639	sockopt_t sopt)
	640	{
	641	return (sopt->sopt_dir == SOPT_GET) ? sockopt_get : sockopt_set;
	642	}
	643
	644	int
	645	sockopt_level(
	646	sockopt_t sopt)
	647	{
	648	return sopt->sopt_level;
	649	}
	650
	651	int
	652	sockopt_name(
	653	sockopt_t sopt)
	654	{
	655	return sopt->sopt_name;
	656	}
	657
	658	size_t
	659	sockopt_valsize(
	660	sockopt_t sopt)
	661	{
	662	return sopt->sopt_valsize;
	663	}
	664
	665	errno_t
	666	sockopt_copyin(
	667	sockopt_t sopt,
	668	void *data,
	669	size_t len)
	670	{
	671	return sooptcopyin(sopt, data, len, len);
	672	}
	673
	674	errno_t
	675	sockopt_copyout(
	676	sockopt_t sopt,
	677	void *data,
	678	size_t len)
	679	{
	680	return sooptcopyout(sopt, data, len);
	681	}