]> git.saurik.com Git - apple/xnu.git/blame - bsd/sys/kpi_socketfilter.h
xnu-1504.9.17.tar.gz
[apple/xnu.git] / bsd / sys / kpi_socketfilter.h
CommitLineData
91447636 1/*
b0d623f7 2 * Copyright (c) 2008 Apple Computer, Inc. All rights reserved.
91447636 3 *
2d21ac55 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
91447636 5 *
2d21ac55
A
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
8f6c56a5 14 *
2d21ac55
A
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
8f6c56a5
A
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
2d21ac55
A
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
8f6c56a5 25 *
2d21ac55 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
91447636
A
27 */
28/*!
29 @header kpi_socketfilter.h
30 This header defines an API for intercepting communications at the
31 socket layer.
b0d623f7 32
91447636
A
33 For the most part, socket filters want to do three things: Filter
34 data in and out, watch for state changes, and intercept a few calls
35 for security. The number of function pointers supplied by a socket
36 filter has been significantly reduced. The filter no longer has any
37 knowledge of socket buffers. The filter no longer intercepts nearly
38 every internal socket call. There are two data filters, an in
39 filter, and an out filter. The in filter occurs before data is
40 placed in the receive socket buffer. This is done to avoid waking
41 the process unnecessarily. The out filter occurs before the data is
42 appended to the send socket buffer. This should cover inbound and
43 outbound data. For monitoring state changes, we've added a notify
44 function that will be called when various events that the filter can
45 not intercept occur. In addition, we've added a few functions that a
46 filter may use to intercept common operations. These functions are:
47 connect (inbound), connect (outbound), bind, set socket option,
48 get socket option, and listen. Bind, listen, connect in, and connect
49 out could be used together to build a fairly comprehensive firewall
50 without having to do much with individual packets.
51 */
52#ifndef __KPI_SOCKETFILTER__
53#define __KPI_SOCKETFILTER__
54
55#include <sys/kernel_types.h>
56#include <sys/kpi_socket.h>
57
58struct sockaddr;
59
60/*!
61 @enum sflt_flags
62 @abstract Constants defining mbuf flags. Only the flags listed below
2d21ac55 63 can be set or retrieved.
91447636
A
64 @constant SFLT_GLOBAL Indicates this socket filter should be
65 attached to all new sockets when they're created.
66 @constant SFLT_PROG Indicates this socket filter should be attached
67 only when request by the application using the SO_NKE socket
68 option.
2d21ac55
A
69 @constant SFLT_EXTENDED Indicates that this socket filter utilizes
70 the extended fields within the sflt_filter structure.
91447636
A
71*/
72enum {
73 SFLT_GLOBAL = 0x01,
2d21ac55
A
74 SFLT_PROG = 0x02,
75 SFLT_EXTENDED = 0x04
91447636
A
76};
77typedef u_int32_t sflt_flags;
78
79/*!
80 @typedef sflt_handle
81 @abstract A 4 byte identifier used with the SO_NKE socket option to
82 identify the socket filter to be attached.
83*/
84typedef u_int32_t sflt_handle;
85
86/*!
87 @enum sflt_event_t
88 @abstract Events notify a filter of state changes and other various
2d21ac55 89 events related to the socket. These events cannot be prevented
91447636
A
90 or intercepted, only observed.
91 @constant sock_evt_connected Indicates this socket has moved to the
92 connected state.
93 @constant sock_evt_disconnected Indicates this socket has moved to
94 the disconnected state.
95 @constant sock_evt_flush_read The read socket buffer has been
96 flushed.
97 @constant sock_evt_shutdown The read and or write side(s) of the
98 connection have been shutdown. The param will point to an
99 integer that indicates the direction that has been shutdown. See
100 'man 2 shutdown' for more information.
2d21ac55 101 @constant sock_evt_cantrecvmore Indicates the socket cannot receive
91447636 102 more data.
2d21ac55 103 @constant sock_evt_cantsendmore Indicates the socket cannot send
91447636
A
104 more data.
105 @constant sock_evt_closing Indicates the socket is closing.
2d21ac55
A
106 @constant sock_evt_bound Indicates this socket has moved to the
107 bound state (only for PF_INET/PF_INET6 domain).
91447636
A
108*/
109enum {
110 sock_evt_connecting = 1,
111 sock_evt_connected = 2,
2d21ac55
A
112 sock_evt_disconnecting = 3,
113 sock_evt_disconnected = 4,
91447636
A
114 sock_evt_flush_read = 5,
115 sock_evt_shutdown = 6, /* param points to an integer specifying how (read, write, or both) see man 2 shutdown */
2d21ac55
A
116 sock_evt_cantrecvmore = 7,
117 sock_evt_cantsendmore = 8,
118 sock_evt_closing = 9,
119 sock_evt_bound = 10
91447636
A
120};
121typedef u_int32_t sflt_event_t;
122
123/*!
124 @enum sflt_data_flag_t
125 @abstract Inbound and outbound data filters may handle many
126 different types of incoming and outgoing data. These flags help
127 distinguish between normal data, out-of-band data, and records.
128 @constant sock_data_filt_flag_oob Indicates this data is out-of-band
129 data.
130 @constant sock_data_filt_flag_record Indicates this data is a
131 record. This flag is only ever seen on inbound data.
132*/
133enum {
134 sock_data_filt_flag_oob = 1,
135 sock_data_filt_flag_record = 2
136};
137typedef u_int32_t sflt_data_flag_t;
138
2d21ac55
A
139__BEGIN_DECLS
140
91447636
A
141/*!
142 @typedef sf_unregistered_func
b0d623f7 143
91447636
A
144 @discussion sf_unregistered_func is called to notify the filter it
145 has been unregistered. This is the last function the stack will
146 call and this function will only be called once all other
147 function calls in to your filter have completed. Once this
148 function has been called, your kext may safely unload.
149 @param handle The socket filter handle used to identify this filter.
150*/
b0d623f7 151typedef void (*sf_unregistered_func)(sflt_handle handle);
91447636
A
152
153/*!
154 @typedef sf_attach_func
b0d623f7 155
91447636
A
156 @discussion sf_attach_func is called to notify the filter it has
157 been attached to a socket. The filter may allocate memory for
158 this attachment and use the cookie to track it. This filter is
159 called in one of two cases:
160 1) You've installed a global filter and a new socket was created.
161 2) Your non-global socket filter is being attached using the SO_NKE
162 socket option.
163 @param cookie Used to allow the socket filter to set the cookie for
164 this attachment.
165 @param so The socket the filter is being attached to.
166 @result If you return a non-zero value, your filter will not be
167 attached to this socket.
168*/
169typedef errno_t (*sf_attach_func)(void **cookie, socket_t so);
170
171/*!
172 @typedef sf_detach_func
b0d623f7 173
91447636
A
174 @discussion sf_detach_func is called to notify the filter it has
175 been detached from a socket. If the filter allocated any memory
176 for this attachment, it should be freed. This function will
177 be called when the socket is disposed of.
178 @param cookie Cookie value specified when the filter attach was
179 called.
180 @param so The socket the filter is attached to.
181 @result If you return a non-zero value, your filter will not be
182 attached to this socket.
183*/
b0d623f7 184typedef void (*sf_detach_func)(void *cookie, socket_t so);
91447636
A
185
186/*!
187 @typedef sf_notify_func
b0d623f7 188
91447636
A
189 @discussion sf_notify_func is called to notify the filter of various
190 state changes and other events occuring on the socket.
191 @param cookie Cookie value specified when the filter attach was
192 called.
193 @param so The socket the filter is attached to.
194 @param event The type of event that has occurred.
195 @param param Additional information about the event.
196*/
b0d623f7
A
197typedef void (*sf_notify_func)(void *cookie, socket_t so, sflt_event_t event,
198 void *param);
91447636
A
199
200/*!
201 @typedef sf_getpeername_func
b0d623f7 202
91447636
A
203 @discussion sf_getpeername_func is called to allow a filter to
204 to intercept the getpeername function. When called, sa will
205 point to a pointer to a socket address that was malloced
206 in zone M_SONAME. If you want to replace this address, either
207 modify the currenty copy or allocate a new one and free the
208 old one.
209 @param cookie Cookie value specified when the filter attach was
210 called.
211 @param so The socket the filter is attached to.
212 @param sa A pointer to a socket address pointer.
213 @result If you return a non-zero value, processing will stop. If
214 you return EJUSTRETURN, no further filters will be called
215 but a result of zero will be returned to the caller of
216 getpeername.
217*/
b0d623f7
A
218typedef int (*sf_getpeername_func)(void *cookie, socket_t so,
219 struct sockaddr **sa);
91447636
A
220
221/*!
222 @typedef sf_getsockname_func
b0d623f7 223
91447636
A
224 @discussion sf_getsockname_func is called to allow a filter to
225 to intercept the getsockname function. When called, sa will
226 point to a pointer to a socket address that was malloced
227 in zone M_SONAME. If you want to replace this address, either
228 modify the currenty copy or allocate a new one and free the
229 old one.
230 @param cookie Cookie value specified when the filter attach was
231 called.
232 @param so The socket the filter is attached to.
233 @param sa A pointer to a socket address pointer.
234 @result If you return a non-zero value, processing will stop. If
235 you return EJUSTRETURN, no further filters will be called
236 but a result of zero will be returned to the caller of
237 getsockname.
238*/
b0d623f7
A
239typedef int (*sf_getsockname_func)(void *cookie, socket_t so,
240 struct sockaddr **sa);
91447636
A
241
242/*!
243 @typedef sf_data_in_func
b0d623f7 244
91447636 245 @discussion sf_data_in_func is called to filter incoming data. If your
b0d623f7
A
246 filter intercepts data for later reinjection, it must queue
247 all incoming data to preserve the order of the data. Use
248 sock_inject_data_in to later reinject this data if you return
249 EJUSTRETURN. Warning: This filter is on the data path. Do not
250 spend excesive time. Do not wait for data on another socket.
91447636
A
251 @param cookie Cookie value specified when the filter attach was
252 called.
253 @param so The socket the filter is attached to.
254 @param from The addres the data is from, may be NULL if the socket
255 is connected.
256 @param data The data being received. Control data may appear in the
257 mbuf chain, be sure to check the mbuf types to find control
258 data.
259 @param control Control data being passed separately from the data.
260 @param flags Flags to indicate if this is out of band data or a
261 record.
262 @result Return:
263 0 - The caller will continue with normal processing of the data.
b0d623f7
A
264 EJUSTRETURN - The caller will stop processing the data, the
265 data will not be freed.
266 Anything Else - The caller will free the data and stop
267 processing.
91447636
A
268*/
269typedef errno_t (*sf_data_in_func)(void *cookie, socket_t so,
b0d623f7
A
270 const struct sockaddr *from, mbuf_t *data, mbuf_t *control,
271 sflt_data_flag_t flags);
91447636
A
272
273/*!
274 @typedef sf_data_out_func
b0d623f7 275
91447636
A
276 @discussion sf_data_out_func is called to filter outbound data. If
277 your filter intercepts data for later reinjection, it must queue
278 all outbound data to preserve the order of the data when
279 reinjecting. Use sock_inject_data_out to later reinject this
280 data.
281 @param cookie Cookie value specified when the filter attach was
282 called.
283 @param so The socket the filter is attached to.
284 @param from The address the data is from, may be NULL if the socket
285 is connected.
286 @param data The data being received. Control data may appear in the
287 mbuf chain, be sure to check the mbuf types to find control
288 data.
289 @param control Control data being passed separately from the data.
290 @param flags Flags to indicate if this is out of band data or a
291 record.
292 @result Return:
293 0 - The caller will continue with normal processing of the data.
b0d623f7
A
294 EJUSTRETURN - The caller will stop processing the data,
295 the data will not be freed.
296 Anything Else - The caller will free the data and stop
297 processing.
91447636
A
298*/
299typedef errno_t (*sf_data_out_func)(void *cookie, socket_t so,
b0d623f7
A
300 const struct sockaddr *to, mbuf_t *data, mbuf_t *control,
301 sflt_data_flag_t flags);
91447636
A
302
303/*!
304 @typedef sf_connect_in_func
b0d623f7
A
305
306 @discussion sf_connect_in_func is called to filter inbound connections.
307 A protocol will call this before accepting an incoming
308 connection and placing it on the queue of completed connections.
309 Warning: This filter is on the data path. Do not spend excesive
310 time. Do not wait for data on another socket.
91447636
A
311 @param cookie Cookie value specified when the filter attach was
312 called.
313 @param so The socket the filter is attached to.
314 @param from The address the incoming connection is from.
315 @result Return:
b0d623f7
A
316 0 - The caller will continue with normal processing of the
317 connection.
318 Anything Else - The caller will rejecting the incoming
319 connection.
91447636
A
320*/
321typedef errno_t (*sf_connect_in_func)(void *cookie, socket_t so,
b0d623f7 322 const struct sockaddr *from);
91447636
A
323
324/*!
325 @typedef sf_connect_out_func
b0d623f7 326
91447636
A
327 @discussion sf_connect_out_func is called to filter outbound
328 connections. A protocol will call this before initiating an
329 outbound connection.
330 @param cookie Cookie value specified when the filter attach was
331 called.
332 @param so The socket the filter is attached to.
333 @param to The remote address of the outbound connection.
334 @result Return:
b0d623f7
A
335 0 - The caller will continue with normal processing of the
336 connection.
337 Anything Else - The caller will rejecting the outbound
338 connection.
91447636
A
339*/
340typedef errno_t (*sf_connect_out_func)(void *cookie, socket_t so,
b0d623f7 341 const struct sockaddr *to);
91447636
A
342
343/*!
344 @typedef sf_bind_func
b0d623f7 345
91447636
A
346 @discussion sf_bind_func is called before performing a bind
347 operation on a socket.
348 @param cookie Cookie value specified when the filter attach was
349 called.
350 @param so The socket the filter is attached to.
351 @param to The local address of the socket will be bound to.
352 @result Return:
353 0 - The caller will continue with normal processing of the bind.
354 Anything Else - The caller will rejecting the bind.
355*/
356typedef errno_t (*sf_bind_func)(void *cookie, socket_t so,
b0d623f7 357 const struct sockaddr *to);
91447636
A
358
359/*!
360 @typedef sf_setoption_func
b0d623f7 361
91447636
A
362 @discussion sf_setoption_func is called before performing setsockopt
363 on a socket.
364 @param cookie Cookie value specified when the filter attach was
365 called.
366 @param so The socket the filter is attached to.
367 @param opt The socket option to set.
368 @result Return:
b0d623f7
A
369 0 - The caller will continue with normal processing of the
370 setsockopt.
371 Anything Else - The caller will stop processing and return
372 this error.
91447636 373*/
b0d623f7 374typedef errno_t (*sf_setoption_func)(void *cookie, socket_t so, sockopt_t opt);
91447636
A
375
376/*!
377 @typedef sf_getoption_func
b0d623f7 378
91447636
A
379 @discussion sf_getoption_func is called before performing getsockopt
380 on a socket.
381 @param cookie Cookie value specified when the filter attach was
382 called.
383 @param so The socket the filter is attached to.
384 @param opt The socket option to get.
385 @result Return:
b0d623f7
A
386 0 - The caller will continue with normal processing of the
387 getsockopt.
388 Anything Else - The caller will stop processing and return
389 this error.
91447636 390*/
b0d623f7 391typedef errno_t (*sf_getoption_func)(void *cookie, socket_t so, sockopt_t opt);
91447636
A
392
393/*!
394 @typedef sf_listen_func
b0d623f7 395
91447636
A
396 @discussion sf_listen_func is called before performing listen
397 on a socket.
398 @param cookie Cookie value specified when the filter attach was
399 called.
400 @param so The socket the filter is attached to.
401 @result Return:
402 0 - The caller will continue with normal processing of listen.
b0d623f7
A
403 Anything Else - The caller will stop processing and return
404 this error.
91447636
A
405*/
406typedef errno_t (*sf_listen_func)(void *cookie, socket_t so);
407
408/*!
409 @typedef sf_ioctl_func
b0d623f7 410
91447636
A
411 @discussion sf_ioctl_func is called before performing an ioctl
412 on a socket.
2d21ac55
A
413
414 All undefined ioctls are reserved for future use by Apple. If
415 you need to communicate with your kext using an ioctl, please
416 use SIOCSIFKPI and SIOCGIFKPI.
91447636
A
417 @param cookie Cookie value specified when the filter attach was
418 called.
419 @param so The socket the filter is attached to.
420 @param request The ioctl name.
421 @param argp A pointer to the ioctl parameter.
422 @result Return:
b0d623f7
A
423 0 - The caller will continue with normal processing of
424 this ioctl.
425 Anything Else - The caller will stop processing and return
426 this error.
91447636
A
427*/
428typedef errno_t (*sf_ioctl_func)(void *cookie, socket_t so,
b0d623f7 429 unsigned long request, const char* argp);
91447636 430
2d21ac55
A
431/*!
432 @typedef sf_accept_func
433
434 @discussion sf_accept_func is called after a socket is dequeued
435 off the completed (incoming) connection list and before
436 the file descriptor is associated with it. A filter can
437 utilize this callback to intercept the accepted socket
438 in order to examine it, prior to returning the socket to
439 the caller of accept. Such a filter may also choose to
440 discard the accepted socket if it wishes to do so.
441 @param cookie Cookie value specified when the filter attach was called.
442 @param so_listen The listening socket.
443 @param so The socket that is about to be accepted.
444 @param local The local address of the about to be accepted socket.
445 @param remote The remote address of the about to be accepted socket.
446 @result Return:
447 0 - The caller will continue with normal processing of accept.
448 EJUSTRETURN - The to be accepted socket will be disconnected
449 prior to being returned to the caller of accept. No further
450 control or data operations on the socket will be allowed.
451 This is the recommended return value as it has the least
452 amount of impact, especially to applications which don't
453 check the error value returned by accept.
454 Anything Else - The to be accepted socket will be closed and
455 the error will be returned to the caller of accept.
456 Note that socket filter developers are advised to exercise
457 caution when returning non-zero values to the caller,
458 since some applications don't check the error value
459 returned by accept and therefore risk breakage.
460 */
461typedef errno_t (*sf_accept_func)(void *cookie, socket_t so_listen, socket_t so,
462 const struct sockaddr *local, const struct sockaddr *remote);
463
91447636
A
464/*!
465 @struct sflt_filter
466 @discussion This structure is used to define a socket filter.
467 @field sf_handle A value used to find socket filters by
468 applications. An application can use this value to specify that
469 this filter should be attached when using the SO_NKE socket
470 option.
471 @field sf_flags Indicate whether this filter should be attached to
472 all new sockets or just those that request the filter be
2d21ac55
A
473 attached using the SO_NKE socket option. If this filter
474 utilizes the socket filter extension fields, it must also
475 set SFLT_EXTENDED.
91447636
A
476 @field sf_name A name used for debug purposes.
477 @field sf_unregistered Your function for being notified when your
478 filter has been unregistered.
479 @field sf_attach Your function for handling attaches to sockets.
480 @field sf_detach Your function for handling detaches from sockets.
481 @field sf_notify Your function for handling events. May be null.
482 @field sf_data_in Your function for handling incoming data. May be
483 null.
484 @field sf_data_out Your function for handling outgoing data. May be
485 null.
486 @field sf_connect_in Your function for handling inbound
487 connections. May be null.
2d21ac55 488 @field sf_connect_out Your function for handling outbound
91447636
A
489 connections. May be null.
490 @field sf_bind Your function for handling binds. May be null.
491 @field sf_setoption Your function for handling setsockopt. May be null.
492 @field sf_getoption Your function for handling getsockopt. May be null.
493 @field sf_listen Your function for handling listen. May be null.
494 @field sf_ioctl Your function for handling ioctls. May be null.
2d21ac55
A
495 @field sf_len Length of socket filter extension structure; developers
496 must initialize this to sizeof sflt_filter_ext structure.
497 This field and all fields following it will only be valid
498 if SFLT_EXTENDED flag is set in sf_flags field.
499 @field sf_ext_accept Your function for handling inbound connections
500 at accept time. May be null.
501 @field sf_ext_rsvd Reserved for future use; you must initialize
502 the reserved fields with zeroes.
91447636
A
503*/
504struct sflt_filter {
2d21ac55
A
505 sflt_handle sf_handle;
506 int sf_flags;
507 char *sf_name;
508
509 sf_unregistered_func sf_unregistered;
91447636
A
510 sf_attach_func sf_attach;
511 sf_detach_func sf_detach;
2d21ac55 512
91447636
A
513 sf_notify_func sf_notify;
514 sf_getpeername_func sf_getpeername;
515 sf_getsockname_func sf_getsockname;
516 sf_data_in_func sf_data_in;
517 sf_data_out_func sf_data_out;
518 sf_connect_in_func sf_connect_in;
519 sf_connect_out_func sf_connect_out;
520 sf_bind_func sf_bind;
521 sf_setoption_func sf_setoption;
522 sf_getoption_func sf_getoption;
523 sf_listen_func sf_listen;
524 sf_ioctl_func sf_ioctl;
2d21ac55
A
525 /*
526 * The following are valid only if SFLT_EXTENDED flag is set.
527 * Initialize sf_ext_len to sizeof sflt_filter_ext structure.
528 * Filters must also initialize reserved fields with zeroes.
529 */
530 struct sflt_filter_ext {
531 unsigned int sf_ext_len;
532 sf_accept_func sf_ext_accept;
533 void *sf_ext_rsvd[5]; /* Reserved */
534 } sf_ext;
535#define sf_len sf_ext.sf_ext_len
536#define sf_accept sf_ext.sf_ext_accept
91447636
A
537};
538
539/*!
540 @function sflt_register
541 @discussion Registers a socket filter. See 'man 2 socket' for a
542 desciption of domain, type, and protocol.
543 @param filter A structure describing the filter.
544 @param domain The protocol domain these filters will be attached to.
545 @param type The socket type these filters will be attached to.
546 @param protocol The protocol these filters will be attached to.
547 @result 0 on success otherwise the errno error.
548 */
b0d623f7
A
549extern errno_t sflt_register(const struct sflt_filter *filter, int domain,
550 int type, int protocol);
91447636
A
551
552/*!
553 @function sflt_unregister
554 @discussion Unregisters a socket filter. This will not detach the
555 socket filter from all sockets it may be attached to at the
556 time, it will just prevent the socket filter from being attached
557 to any new sockets.
558 @param handle The sf_handle of the socket filter to unregister.
559 @result 0 on success otherwise the errno error.
560 */
b0d623f7 561extern errno_t sflt_unregister(sflt_handle handle);
91447636
A
562
563/*!
564 @function sflt_attach
565 @discussion Attaches a socket filter to the specified socket. A
566 filter must be registered before it can be attached.
567 @param socket The socket the filter should be attached to.
568 @param handle The handle of the registered filter to be attached.
569 @result 0 on success otherwise the errno error.
570 */
b0d623f7 571extern errno_t sflt_attach(socket_t so, sflt_handle);
91447636
A
572
573/*!
574 @function sflt_detach
575 @discussion Detaches a socket filter from a specified socket.
576 @param socket The socket the filter should be detached from.
577 @param handle The handle of the registered filter to be detached.
578 @result 0 on success otherwise the errno error.
579 */
b0d623f7 580extern errno_t sflt_detach(socket_t so, sflt_handle);
91447636
A
581
582/* Functions for manipulating sockets */
583/*
584 * Inject data in to the receive buffer of the socket as if it
585 * had come from the network.
586 *
587 * flags should match sflt_data_flag_t
588 */
589
590/*!
591 @function sock_inject_data_in
592 @discussion Inject data in to the receive buffer of the socket as if
593 it had come from the network.
594 @param so The socket to inject the data on.
595 @param from The address the data is from, only necessary on
596 un-connected sockets. A copy of the address will be made, caller
597 is responsible for freeing the address after calling this
598 function.
599 @param data The data and possibly control mbufs.
600 @param control The separate control mbufs.
601 @param flags Flags indicating the type of data.
602 @result 0 on success otherwise the errno error. If the function
603 returns an error, the caller is responsible for freeing the
604 mbuf.
605 */
b0d623f7
A
606extern errno_t sock_inject_data_in(socket_t so, const struct sockaddr *from,
607 mbuf_t data, mbuf_t control, sflt_data_flag_t flags);
91447636
A
608
609/*!
610 @function sock_inject_data_out
611 @discussion Inject data in to the send buffer of the socket as if it
612 had come from the client.
613 @param so The socket to inject the data on.
614 @param to The address the data should be sent to, only necessary on
615 un-connected sockets. The caller is responsible for freeing the
616 to address after sock_inject_data_out returns.
617 @param data The data and possibly control mbufs.
618 @param control The separate control mbufs.
619 @param flags Flags indicating the type of data.
620 @result 0 on success otherwise the errno error. The data and control
621 values are always freed regardless of return value.
622 */
b0d623f7
A
623extern errno_t sock_inject_data_out(socket_t so, const struct sockaddr *to,
624 mbuf_t data, mbuf_t control, sflt_data_flag_t flags);
91447636
A
625
626
627/*
628 * sockopt_t accessors
629 */
630
631enum {
632 sockopt_get = 1,
633 sockopt_set = 2
634};
635typedef u_int8_t sockopt_dir;
636
637/*!
638 @function sockopt_direction
2d21ac55 639 @discussion Retrieves the direction of the socket option (Get or
91447636
A
640 Set).
641 @param sopt The socket option.
642 @result sock_opt_get or sock_opt_set.
643 */
b0d623f7 644extern sockopt_dir sockopt_direction(sockopt_t sopt);
91447636
A
645
646/*!
647 @function sockopt_level
2d21ac55 648 @discussion Retrieves the socket option level. (SOL_SOCKET, etc).
91447636
A
649 @param sopt The socket option.
650 @result The socket option level. See man 2 setsockopt
651 */
b0d623f7 652extern int sockopt_level(sockopt_t sopt);
91447636
A
653
654/*!
655 @function sockopt_name
2d21ac55 656 @discussion Retrieves the socket option name. (SO_SNDBUF, etc).
91447636
A
657 @param sopt The socket option.
658 @result The socket option name. See man 2 setsockopt
659 */
b0d623f7 660extern int sockopt_name(sockopt_t sopt);
91447636
A
661
662/*!
663 @function sockopt_valsize
2d21ac55 664 @discussion Retrieves the size of the socket option data.
91447636
A
665 @param sopt The socket option.
666 @result The length, in bytes, of the data.
667 */
b0d623f7 668extern size_t sockopt_valsize(sockopt_t sopt);
91447636
A
669
670/*!
671 @function sockopt_copyin
672 @discussion Copies the data from the socket option to a buffer.
673 @param sopt The socket option.
674 @param data A pointer to the buffer to copy the data in to.
675 @param length The number of bytes to copy.
676 @result An errno error or zero upon success.
677 */
b0d623f7 678extern errno_t sockopt_copyin(sockopt_t sopt, void *data, size_t length);
91447636
A
679
680/*!
681 @function sockopt_copyout
682 @discussion Copies the data from a buffer to a socket option.
683 @param sopt The socket option.
684 @param data A pointer to the buffer to copy the data out of.
685 @param length The number of bytes to copy.
686 @result An errno error or zero upon success.
687 */
b0d623f7 688extern errno_t sockopt_copyout(sockopt_t sopt, void *data, size_t length);
6601e61a 689
2d21ac55 690__END_DECLS
b0d623f7 691#endif /* __KPI_SOCKETFILTER__ */