[apple/xnu.git] / bsd / kern / kpi_socketfilter.c

/*
 * Copyright (c) 2003 Apple Computer, Inc. All rights reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * The contents of this file constitute Original Code as defined in and
 * are subject to the Apple Public Source License Version 1.1 (the
 * "License").  You may not use this file except in compliance with the
 * License.  Please obtain a copy of the License at
 * http://www.apple.com/publicsource and read it before using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
 * License for the specific language governing rights and limitations
 * under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

#include <sys/kpi_socketfilter.h>

#include <sys/socket.h>
#include <sys/param.h>
#include <sys/errno.h>
#include <sys/malloc.h>
#include <sys/protosw.h>
#include <kern/locks.h>
#include <net/kext_net.h>

static struct socket_filter_list	sock_filter_head;
static lck_mtx_t					*sock_filter_lock = 0;

__private_extern__ void
sflt_init(void)
{
	lck_grp_attr_t	*grp_attrib = 0;
	lck_attr_t		*lck_attrib = 0;
	lck_grp_t		*lck_group = 0;
	
	TAILQ_INIT(&sock_filter_head);
	
	/* Allocate a spin lock */
	grp_attrib = lck_grp_attr_alloc_init();
	lck_grp_attr_setdefault(grp_attrib);
	lck_group = lck_grp_alloc_init("socket filter lock", grp_attrib);
	lck_grp_attr_free(grp_attrib);
	lck_attrib = lck_attr_alloc_init();
	lck_attr_setdefault(lck_attrib);
	lck_attr_setdebug(lck_attrib);
	sock_filter_lock = lck_mtx_alloc_init(lck_group, lck_attrib);
	lck_grp_free(lck_group);
	lck_attr_free(lck_attrib);
}

__private_extern__ void
sflt_initsock(
	struct socket *so)
{
	struct protosw *proto = so->so_proto;
	struct socket_filter *filter;
	
	if (TAILQ_FIRST(&proto->pr_filter_head) != NULL) {
		lck_mtx_lock(sock_filter_lock);
		TAILQ_FOREACH(filter, &proto->pr_filter_head, sf_protosw_next) {
			sflt_attach_private(so, filter, 0, 0);
		}
		lck_mtx_unlock(sock_filter_lock);
	}
}

__private_extern__ void
sflt_termsock(
	struct socket *so)
{
	struct socket_filter_entry *filter;
	struct socket_filter_entry *filter_next;
	
	for (filter = so->so_filt; filter; filter = filter_next) {
		filter_next = filter->sfe_next_onsocket;
		sflt_detach_private(filter, 0);
	}
}

__private_extern__ void
sflt_use(
	struct socket *so)
{
	so->so_filteruse++;
}

__private_extern__ void
sflt_unuse(
	struct socket *so)
{
	so->so_filteruse--;
	if (so->so_filteruse == 0) {
		struct socket_filter_entry *filter;
		struct socket_filter_entry *next_filter;
		// search for detaching filters
		for (filter = so->so_filt; filter; filter = next_filter) {
			next_filter = filter->sfe_next_onsocket;
			
			if (filter->sfe_flags & SFEF_DETACHING) {
				sflt_detach_private(filter, 0);
			}
		}
	}
}

__private_extern__ void
sflt_notify(
	struct socket	*so,
	sflt_event_t	event,
	void			*param)
{
	struct socket_filter_entry	*filter;
	int						 	filtered = 0;
	
	for (filter = so->so_filt; filter;
		 filter = filter->sfe_next_onsocket) {
		if (filter->sfe_filter->sf_filter.sf_notify) {
			if (filtered == 0) {
				filtered = 1;
				sflt_use(so);
				socket_unlock(so, 0);
			}
			filter->sfe_filter->sf_filter.sf_notify(
				filter->sfe_cookie, so, event, param);
		}
	}
	
	if (filtered != 0) {
		socket_lock(so, 0);
		sflt_unuse(so);
	}
}

__private_extern__ int
sflt_data_in(
	struct socket			*so,
	const struct sockaddr	*from,
	mbuf_t					*data,
	mbuf_t					*control,
	sflt_data_flag_t		flags)
{
	struct socket_filter_entry	*filter;
	int						 	filtered = 0;
	int							error = 0;
	
	for (filter = so->so_filt; filter && (error == 0);
		 filter = filter->sfe_next_onsocket) {
		if (filter->sfe_filter->sf_filter.sf_data_in) {
			if (filtered == 0) {
				filtered = 1;
				sflt_use(so);
				socket_unlock(so, 0);
			}
			error = filter->sfe_filter->sf_filter.sf_data_in(
						filter->sfe_cookie, so, from, data, control, flags);
		}
	}
	
	if (filtered != 0) {
		socket_lock(so, 0);
		sflt_unuse(so);
	}
	
	return error;
}

/* sflt_attach_private
 *
 * Assumptions: If filter is not NULL, socket_filter_lock is held.
 */

__private_extern__ int
sflt_attach_private(
	struct socket *so,
	struct socket_filter *filter,
	sflt_handle			handle,
	int sock_locked)
{
	struct socket_filter_entry *entry = NULL;
	int didlock = 0;
	int error = 0;
	
	if (filter == NULL) {
		/* Find the filter by the handle */
		lck_mtx_lock(sock_filter_lock);
		didlock = 1;
		
		TAILQ_FOREACH(filter, &sock_filter_head, sf_global_next) {
			if (filter->sf_filter.sf_handle == handle)
				break;
		}
	}
	
	if (filter == NULL)
		error = ENOENT;
	
	if (error == 0) {
		/* allocate the socket filter entry */
		MALLOC(entry, struct socket_filter_entry *, sizeof(*entry), M_IFADDR, M_WAITOK);
		if (entry == NULL) {
			error = ENOMEM;
		}
	}
	
	if (error == 0) {
		/* Initialize the socket filter entry and call the attach function */
		entry->sfe_filter = filter;
		entry->sfe_socket = so;
		entry->sfe_cookie = NULL;
		if (entry->sfe_filter->sf_filter.sf_attach) {
			filter->sf_usecount++;
		
			if (sock_locked)
				socket_unlock(so, 0);	
			error = entry->sfe_filter->sf_filter.sf_attach(&entry->sfe_cookie, so);
			if (sock_locked)
				socket_lock(so, 0);	
			
			filter->sf_usecount--;
			
			/* If the attach function returns an error, this filter is not attached */
			if (error) {
				FREE(entry, M_IFADDR);
				entry = NULL;
			}
		}
	}
	
	if (error == 0) {
		/* Put the entry in the socket list */
		entry->sfe_next_onsocket = so->so_filt;
		so->so_filt = entry;
		
		/* Put the entry in the filter list */
		entry->sfe_next_onfilter = filter->sf_entry_head;
		filter->sf_entry_head = entry;
		
		/* Increment the socket's usecount */
		so->so_usecount++;
		
		/* Incremenet the parent filter's usecount */
		filter->sf_usecount++;
	}
	
	if (didlock) {
		lck_mtx_unlock(sock_filter_lock);
	}
	
	return error;
}


/* sflt_detach_private
 *
 * Assumptions: if you pass 0 in for the second parameter, you are holding the
 * socket lock for the socket the entry is attached to. If you pass 1 in for
 * the second parameter, it is assumed that the entry is not on the filter's
 * list and the socket lock is not held.
 */

__private_extern__ void
sflt_detach_private(
	struct socket_filter_entry *entry,
	int	filter_detached)
{
	struct socket *so = entry->sfe_socket;
	struct socket_filter_entry **next_ptr;
	int				detached = 0;
	int				found = 0;
	
	if (filter_detached) {
		socket_lock(entry->sfe_socket, 0);
	}
	
	/*
	 * Attempt to find the entry on the filter's list and
	 * remove it. This prevents a filter detaching at the
	 * same time from attempting to remove the same entry.
	 */
	lck_mtx_lock(sock_filter_lock);
	if (!filter_detached) {
		for (next_ptr = &entry->sfe_filter->sf_entry_head; *next_ptr;
			 next_ptr = &((*next_ptr)->sfe_next_onfilter)) {
			if (*next_ptr == entry) {
				found = 1;
				*next_ptr = entry->sfe_next_onfilter;
				break;
			}
		}
	}
	
	if (!filter_detached && !found && (entry->sfe_flags & SFEF_DETACHING) == 0) {
		lck_mtx_unlock(sock_filter_lock);
		return;
	}

	if (entry->sfe_socket->so_filteruse != 0) {
		lck_mtx_unlock(sock_filter_lock);
		entry->sfe_flags |= SFEF_DETACHING;
		return;
	}
	
	/*
	 * Check if we are removing the last attached filter and
	 * the parent filter is being unregistered.
	 */
	if (entry->sfe_socket->so_filteruse == 0) {
		entry->sfe_filter->sf_usecount--;
		if ((entry->sfe_filter->sf_usecount == 0) &&
			(entry->sfe_filter->sf_flags & SFF_DETACHING) != 0)
			detached = 1;
	}
	lck_mtx_unlock(sock_filter_lock);
		
	/* Remove from the socket list */
	for (next_ptr = &entry->sfe_socket->so_filt; *next_ptr;
		 next_ptr = &((*next_ptr)->sfe_next_onsocket)) {
		if (*next_ptr == entry) {
			*next_ptr = entry->sfe_next_onsocket;
			break;
		}
	}
	
	if (entry->sfe_filter->sf_filter.sf_detach)
		entry->sfe_filter->sf_filter.sf_detach(entry->sfe_cookie, entry->sfe_socket);
	
	if (detached && entry->sfe_filter->sf_filter.sf_unregistered) {
		entry->sfe_filter->sf_filter.sf_unregistered(entry->sfe_filter->sf_filter.sf_handle);
		FREE(entry->sfe_filter, M_IFADDR);
	}
	
	if (filter_detached) {
		socket_unlock(entry->sfe_socket, 1);
	}
	else {
		// We need some better way to decrement the usecount
		so->so_usecount--;
	}
	FREE(entry, M_IFADDR);
}

errno_t
sflt_attach(
	socket_t	socket,
	sflt_handle	handle)
{
	if (socket == NULL || handle == 0)
		return EINVAL;
	
	return sflt_attach_private(socket, NULL, handle, 0);
}

errno_t
sflt_detach(
	socket_t	socket,
	sflt_handle	handle)
{
	struct socket_filter_entry	*filter;
	errno_t	result = 0;
	
	if (socket == NULL || handle == 0)
		return EINVAL;
	
	socket_lock(socket, 1);
	
	for (filter = socket->so_filt; filter;
		 filter = filter->sfe_next_onsocket) {
		if (filter->sfe_filter->sf_filter.sf_handle == handle)
			break;
	}
	
	if (filter != NULL) {
		sflt_detach_private(filter, 0);
	}
	else {
		result = ENOENT;
	}
	
	socket_unlock(socket, 1);
	
	return result;
}


errno_t
sflt_register(
	const struct sflt_filter	*filter,
	int							domain,
	int							type,
	int							protocol)
{
	struct socket_filter *sock_filt = NULL;
	struct socket_filter *match = NULL;
	int error = 0;
	struct protosw *pr = pffindproto(domain, protocol, type);
	
	if (pr == NULL) return ENOENT;
	
	if (filter->sf_attach == NULL || filter->sf_detach == NULL) return EINVAL;
	if (filter->sf_handle == 0) return EINVAL;
	if (filter->sf_name == NULL) return EINVAL;

	/* Allocate the socket filter */
	MALLOC(sock_filt, struct socket_filter*, sizeof(*sock_filt), M_IFADDR, M_WAITOK);
	if (sock_filt == NULL) {
		return ENOBUFS;
	}
	
	bzero(sock_filt, sizeof(*sock_filt));
	sock_filt->sf_filter = *filter;
	
	lck_mtx_lock(sock_filter_lock);
	/* Look for an existing entry */
	TAILQ_FOREACH(match, &sock_filter_head, sf_global_next) {
		if (match->sf_filter.sf_handle == sock_filt->sf_filter.sf_handle) {
			break;
		}
	}
	
	/* Add the entry only if there was no existing entry */
	if (match == NULL) {
		TAILQ_INSERT_TAIL(&sock_filter_head, sock_filt, sf_global_next);
		if ((sock_filt->sf_filter.sf_flags & SFLT_GLOBAL) != 0) {
			TAILQ_INSERT_TAIL(&pr->pr_filter_head, sock_filt, sf_protosw_next);
			sock_filt->sf_proto = pr;
		}
	}
	lck_mtx_unlock(sock_filter_lock);
	
	if (match != NULL) {
		FREE(sock_filt, M_IFADDR);
		return EEXIST;
	}
	
	return error;
}

errno_t
sflt_unregister(
	sflt_handle handle)
{
	struct socket_filter *filter;
	struct socket_filter_entry *entry_head = NULL;
	
	/* Find the entry and remove it from the global and protosw lists */
	lck_mtx_lock(sock_filter_lock);
	TAILQ_FOREACH(filter, &sock_filter_head, sf_global_next) {
		if (filter->sf_filter.sf_handle == handle)
			break;
	}
	
	if (filter) {
		TAILQ_REMOVE(&sock_filter_head, filter, sf_global_next);
		if ((filter->sf_filter.sf_flags & SFLT_GLOBAL) != 0) {
			TAILQ_REMOVE(&filter->sf_proto->pr_filter_head, filter, sf_protosw_next);
		}
		entry_head = filter->sf_entry_head;
		filter->sf_entry_head = NULL;
		filter->sf_flags |= SFF_DETACHING;
	}
	
	lck_mtx_unlock(sock_filter_lock);
	
	if (filter == NULL)
		return ENOENT;
	
	/* We need to detach the filter from any sockets it's attached to */
	if (entry_head == 0) {
		if (filter->sf_filter.sf_unregistered)
			filter->sf_filter.sf_unregistered(filter->sf_filter.sf_handle);
	} else {
		while (entry_head) {
			struct socket_filter_entry *next_entry;
			next_entry = entry_head->sfe_next_onfilter;
			sflt_detach_private(entry_head, 1);
			entry_head = next_entry;
		}
	}
	
	return 0;
}

errno_t
sock_inject_data_in(
	socket_t so,
	const struct sockaddr* from,
	mbuf_t data,
	mbuf_t control,
	sflt_data_flag_t flags)
{
	int error = 0;
	if (so == NULL || data == NULL) return EINVAL;
	
	if (flags & sock_data_filt_flag_oob) {
		return ENOTSUP;
	}
	
	socket_lock(so, 1);
	
	if (from) {
		if (sbappendaddr(&so->so_rcv, (struct sockaddr*)from, data,
						 control, NULL))
			sorwakeup(so);
		goto done;
	}
	
	if (control) {
		if (sbappendcontrol(&so->so_rcv, data, control, NULL))
			sorwakeup(so);
		goto done;
	}
	
	if (flags & sock_data_filt_flag_record) {
		if (control || from) {
			error = EINVAL;
			goto done;
		}
		if (sbappendrecord(&so->so_rcv, (struct mbuf*)data))
			sorwakeup(so);
		goto done;
	}
	
	if (sbappend(&so->so_rcv, data))
		sorwakeup(so);
done:
	socket_unlock(so, 1);
	return error;
}

errno_t
sock_inject_data_out(
	socket_t so,
	const struct sockaddr* to,
	mbuf_t data,
	mbuf_t control,
	sflt_data_flag_t flags)
{
	int	sosendflags = 0;
	if (flags & sock_data_filt_flag_oob) sosendflags = MSG_OOB;
	return sosend(so, (const struct sockaddr*)to, NULL,
				  data, control, sosendflags);
}

sockopt_dir
sockopt_direction(
	sockopt_t	sopt)
{
	return (sopt->sopt_dir == SOPT_GET) ? sockopt_get : sockopt_set;
}

int
sockopt_level(
	sockopt_t	sopt)
{
	return sopt->sopt_level;
}

int
sockopt_name(
	sockopt_t	sopt)
{
	return sopt->sopt_name;
}

size_t
sockopt_valsize(
	sockopt_t	sopt)
{
	return sopt->sopt_valsize;
}

errno_t
sockopt_copyin(
	sockopt_t	sopt,
	void *data,
	size_t	len)
{
	return sooptcopyin(sopt, data, len, len);
}

errno_t
sockopt_copyout(
	sockopt_t	sopt,
	void *data,
	size_t	len)
{
	return sooptcopyout(sopt, data, len);
}
Commit	Line	Data
91447636 A	1	/*
	2	* Copyright (c) 2003 Apple Computer, Inc. All rights reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* The contents of this file constitute Original Code as defined in and
	7	* are subject to the Apple Public Source License Version 1.1 (the
	8	* "License"). You may not use this file except in compliance with the
	9	* License. Please obtain a copy of the License at
	10	* http://www.apple.com/publicsource and read it before using this file.
	11	*
	12	* This Original Code and all software distributed under the License are
	13	* distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	14	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	15	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	16	* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
	17	* License for the specific language governing rights and limitations
	18	* under the License.
	19	*
	20	* @APPLE_LICENSE_HEADER_END@
	21	*/
	22
	23	#include <sys/kpi_socketfilter.h>
	24
	25	#include <sys/socket.h>
	26	#include <sys/param.h>
	27	#include <sys/errno.h>
	28	#include <sys/malloc.h>
	29	#include <sys/protosw.h>
	30	#include <kern/locks.h>
	31	#include <net/kext_net.h>
	32
	33	static struct socket_filter_list sock_filter_head;
	34	static lck_mtx_t *sock_filter_lock = 0;
	35
	36	__private_extern__ void
	37	sflt_init(void)
	38	{
	39	lck_grp_attr_t *grp_attrib = 0;
	40	lck_attr_t *lck_attrib = 0;
	41	lck_grp_t *lck_group = 0;
	42
	43	TAILQ_INIT(&sock_filter_head);
	44
	45	/* Allocate a spin lock */
	46	grp_attrib = lck_grp_attr_alloc_init();
	47	lck_grp_attr_setdefault(grp_attrib);
	48	lck_group = lck_grp_alloc_init("socket filter lock", grp_attrib);
	49	lck_grp_attr_free(grp_attrib);
	50	lck_attrib = lck_attr_alloc_init();
	51	lck_attr_setdefault(lck_attrib);
	52	lck_attr_setdebug(lck_attrib);
	53	sock_filter_lock = lck_mtx_alloc_init(lck_group, lck_attrib);
	54	lck_grp_free(lck_group);
	55	lck_attr_free(lck_attrib);
	56	}
	57
	58	__private_extern__ void
	59	sflt_initsock(
	60	struct socket *so)
	61	{
	62	struct protosw *proto = so->so_proto;
	63	struct socket_filter *filter;
	64
65	if (TAILQ_FIRST(&proto->pr_filter_head) != NULL) {
66	lck_mtx_lock(sock_filter_lock);
67	TAILQ_FOREACH(filter, &proto->pr_filter_head, sf_protosw_next) {
68	sflt_attach_private(so, filter, 0, 0);
69	}
70	lck_mtx_unlock(sock_filter_lock);
71	}
72	}
73
74	__private_extern__ void
75	sflt_termsock(
76	struct socket *so)
77	{
78	struct socket_filter_entry *filter;
79	struct socket_filter_entry *filter_next;
80
81	for (filter = so->so_filt; filter; filter = filter_next) {
82	filter_next = filter->sfe_next_onsocket;
83	sflt_detach_private(filter, 0);
84	}
85	}
86
87	__private_extern__ void
88	sflt_use(
89	struct socket *so)
90	{
91	so->so_filteruse++;
92	}
93
94	__private_extern__ void
95	sflt_unuse(
96	struct socket *so)
97	{
98	so->so_filteruse--;
99	if (so->so_filteruse == 0) {
100	struct socket_filter_entry *filter;
101	struct socket_filter_entry *next_filter;
102	// search for detaching filters
103	for (filter = so->so_filt; filter; filter = next_filter) {
104	next_filter = filter->sfe_next_onsocket;
105
106	if (filter->sfe_flags & SFEF_DETACHING) {
107	sflt_detach_private(filter, 0);
108	}
109	}
110	}
111	}
112
113	__private_extern__ void
114	sflt_notify(
115	struct socket *so,
116	sflt_event_t event,
117	void *param)
118	{
119	struct socket_filter_entry *filter;
120	int filtered = 0;
121
122	for (filter = so->so_filt; filter;
123	filter = filter->sfe_next_onsocket) {
124	if (filter->sfe_filter->sf_filter.sf_notify) {
125	if (filtered == 0) {
126	filtered = 1;
127	sflt_use(so);
128	socket_unlock(so, 0);
129	}
130	filter->sfe_filter->sf_filter.sf_notify(
131	filter->sfe_cookie, so, event, param);
132	}
133	}
134
135	if (filtered != 0) {
136	socket_lock(so, 0);
137	sflt_unuse(so);
138	}
139	}
140
141	__private_extern__ int
142	sflt_data_in(
143	struct socket *so,
144	const struct sockaddr *from,
145	mbuf_t *data,
146	mbuf_t *control,
147	sflt_data_flag_t flags)
148	{
149	struct socket_filter_entry *filter;
150	int filtered = 0;
151	int error = 0;
152
b36670ce	153	for (filter = so->so_filt; filter && (error == 0);
91447636 A	154	filter = filter->sfe_next_onsocket) {
	155	if (filter->sfe_filter->sf_filter.sf_data_in) {
	156	if (filtered == 0) {
	157	filtered = 1;
	158	sflt_use(so);
	159	socket_unlock(so, 0);
	160	}
	161	error = filter->sfe_filter->sf_filter.sf_data_in(
	162	filter->sfe_cookie, so, from, data, control, flags);
	163	}
	164	}
	165
	166	if (filtered != 0) {
	167	socket_lock(so, 0);
	168	sflt_unuse(so);
	169	}
	170
	171	return error;
	172	}
	173
	174	/* sflt_attach_private
	175	*
	176	* Assumptions: If filter is not NULL, socket_filter_lock is held.
	177	*/
	178
	179	__private_extern__ int
	180	sflt_attach_private(
	181	struct socket *so,
	182	struct socket_filter *filter,
	183	sflt_handle handle,
	184	int sock_locked)
	185	{
	186	struct socket_filter_entry *entry = NULL;
	187	int didlock = 0;
	188	int error = 0;
	189
	190	if (filter == NULL) {
	191	/* Find the filter by the handle */
	192	lck_mtx_lock(sock_filter_lock);
	193	didlock = 1;
	194
	195	TAILQ_FOREACH(filter, &sock_filter_head, sf_global_next) {
	196	if (filter->sf_filter.sf_handle == handle)
	197	break;
	198	}
	199	}
	200
	201	if (filter == NULL)
	202	error = ENOENT;
	203
	204	if (error == 0) {
	205	/* allocate the socket filter entry */
	206	MALLOC(entry, struct socket_filter_entry , sizeof(entry), M_IFADDR, M_WAITOK);
	207	if (entry == NULL) {
	208	error = ENOMEM;
	209	}
	210	}
	211
	212	if (error == 0) {
	213	/* Initialize the socket filter entry and call the attach function */
	214	entry->sfe_filter = filter;
	215	entry->sfe_socket = so;
	216	entry->sfe_cookie = NULL;
	217	if (entry->sfe_filter->sf_filter.sf_attach) {
218	filter->sf_usecount++;
219
220	if (sock_locked)
221	socket_unlock(so, 0);
222	error = entry->sfe_filter->sf_filter.sf_attach(&entry->sfe_cookie, so);
223	if (sock_locked)
224	socket_lock(so, 0);
225
226	filter->sf_usecount--;
227
228	/* If the attach function returns an error, this filter is not attached */
229	if (error) {
230	FREE(entry, M_IFADDR);
231	entry = NULL;
232	}
233	}
234	}
235
236	if (error == 0) {
237	/* Put the entry in the socket list */
238	entry->sfe_next_onsocket = so->so_filt;
239	so->so_filt = entry;
240
241	/* Put the entry in the filter list */
242	entry->sfe_next_onfilter = filter->sf_entry_head;
243	filter->sf_entry_head = entry;
244
245	/* Increment the socket's usecount */
246	so->so_usecount++;
247
248	/* Incremenet the parent filter's usecount */
249	filter->sf_usecount++;
250	}
251
252	if (didlock) {
253	lck_mtx_unlock(sock_filter_lock);
254	}
255
256	return error;
257	}
258
259
260	/* sflt_detach_private
261	*
262	* Assumptions: if you pass 0 in for the second parameter, you are holding the
263	* socket lock for the socket the entry is attached to. If you pass 1 in for
264	* the second parameter, it is assumed that the entry is not on the filter's
265	* list and the socket lock is not held.
266	*/
267
268	__private_extern__ void
269	sflt_detach_private(
270	struct socket_filter_entry *entry,
271	int filter_detached)
272	{
273	struct socket *so = entry->sfe_socket;
274	struct socket_filter_entry **next_ptr;
275	int detached = 0;
276	int found = 0;
277
278	if (filter_detached) {
279	socket_lock(entry->sfe_socket, 0);
280	}
281
282	/*
283	* Attempt to find the entry on the filter's list and
284	* remove it. This prevents a filter detaching at the
285	* same time from attempting to remove the same entry.
286	*/
287	lck_mtx_lock(sock_filter_lock);
288	if (!filter_detached) {
289	for (next_ptr = &entry->sfe_filter->sf_entry_head; *next_ptr;
290	next_ptr = &((*next_ptr)->sfe_next_onfilter)) {
291	if (*next_ptr == entry) {
292	found = 1;
293	*next_ptr = entry->sfe_next_onfilter;
294	break;
295	}
296	}
297	}
298
299	if (!filter_detached && !found && (entry->sfe_flags & SFEF_DETACHING) == 0) {
300	lck_mtx_unlock(sock_filter_lock);
301	return;
302	}
303
304	if (entry->sfe_socket->so_filteruse != 0) {
305	lck_mtx_unlock(sock_filter_lock);
306	entry->sfe_flags \|= SFEF_DETACHING;
307	return;
308	}
309
310	/*
311	* Check if we are removing the last attached filter and
312	* the parent filter is being unregistered.
313	*/
314	if (entry->sfe_socket->so_filteruse == 0) {
315	entry->sfe_filter->sf_usecount--;
316	if ((entry->sfe_filter->sf_usecount == 0) &&
317	(entry->sfe_filter->sf_flags & SFF_DETACHING) != 0)
318	detached = 1;
319	}
320	lck_mtx_unlock(sock_filter_lock);
321
322	/* Remove from the socket list */
323	for (next_ptr = &entry->sfe_socket->so_filt; *next_ptr;
324	next_ptr = &((*next_ptr)->sfe_next_onsocket)) {
325	if (*next_ptr == entry) {
326	*next_ptr = entry->sfe_next_onsocket;
327	break;
328	}
329	}
330
331	if (entry->sfe_filter->sf_filter.sf_detach)
332	entry->sfe_filter->sf_filter.sf_detach(entry->sfe_cookie, entry->sfe_socket);
333
334	if (detached && entry->sfe_filter->sf_filter.sf_unregistered) {
335	entry->sfe_filter->sf_filter.sf_unregistered(entry->sfe_filter->sf_filter.sf_handle);
336	FREE(entry->sfe_filter, M_IFADDR);
337	}
338
339	if (filter_detached) {
340	socket_unlock(entry->sfe_socket, 1);
341	}
342	else {
343	// We need some better way to decrement the usecount
344	so->so_usecount--;
345	}
346	FREE(entry, M_IFADDR);
347	}
348
349	errno_t
350	sflt_attach(
351	socket_t socket,
352	sflt_handle handle)
353	{
354	if (socket == NULL \|\| handle == 0)
355	return EINVAL;
356
357	return sflt_attach_private(socket, NULL, handle, 0);
358	}
359
360	errno_t
361	sflt_detach(
362	socket_t socket,
363	sflt_handle handle)
364	{
365	struct socket_filter_entry *filter;
366	errno_t result = 0;
367
368	if (socket == NULL \|\| handle == 0)
369	return EINVAL;
370
371	socket_lock(socket, 1);
372
373	for (filter = socket->so_filt; filter;
374	filter = filter->sfe_next_onsocket) {
375	if (filter->sfe_filter->sf_filter.sf_handle == handle)
376	break;
377	}
378
379	if (filter != NULL) {
380	sflt_detach_private(filter, 0);
381	}
382	else {
383	result = ENOENT;
384	}
385
386	socket_unlock(socket, 1);
387
388	return result;
389	}
390
391
392	errno_t
393	sflt_register(
394	const struct sflt_filter *filter,
395	int domain,
396	int type,
397	int protocol)
398	{
399	struct socket_filter *sock_filt = NULL;
400	struct socket_filter *match = NULL;
401	int error = 0;
402	struct protosw *pr = pffindproto(domain, protocol, type);
403
404	if (pr == NULL) return ENOENT;
405
406	if (filter->sf_attach == NULL \|\| filter->sf_detach == NULL) return EINVAL;
407	if (filter->sf_handle == 0) return EINVAL;
408	if (filter->sf_name == NULL) return EINVAL;
409
410	/* Allocate the socket filter */
411	MALLOC(sock_filt, struct socket_filter, sizeof(sock_filt), M_IFADDR, M_WAITOK);
412	if (sock_filt == NULL) {
413	return ENOBUFS;
414	}
415
416	bzero(sock_filt, sizeof(*sock_filt));
417	sock_filt->sf_filter = *filter;
418
419	lck_mtx_lock(sock_filter_lock);
420	/* Look for an existing entry */
421	TAILQ_FOREACH(match, &sock_filter_head, sf_global_next) {
422	if (match->sf_filter.sf_handle == sock_filt->sf_filter.sf_handle) {
423	break;
424	}
425	}
426
427	/* Add the entry only if there was no existing entry */
428	if (match == NULL) {
429	TAILQ_INSERT_TAIL(&sock_filter_head, sock_filt, sf_global_next);
430	if ((sock_filt->sf_filter.sf_flags & SFLT_GLOBAL) != 0) {
431	TAILQ_INSERT_TAIL(&pr->pr_filter_head, sock_filt, sf_protosw_next);
432	sock_filt->sf_proto = pr;
433	}
434	}
435	lck_mtx_unlock(sock_filter_lock);
436
437	if (match != NULL) {
438	FREE(sock_filt, M_IFADDR);
439	return EEXIST;
440	}
441
442	return error;
443	}
444
445	errno_t
446	sflt_unregister(
447	sflt_handle handle)
448	{
449	struct socket_filter *filter;
450	struct socket_filter_entry *entry_head = NULL;
451
452	/* Find the entry and remove it from the global and protosw lists */
453	lck_mtx_lock(sock_filter_lock);
454	TAILQ_FOREACH(filter, &sock_filter_head, sf_global_next) {
455	if (filter->sf_filter.sf_handle == handle)
456	break;
457	}
458
459	if (filter) {
460	TAILQ_REMOVE(&sock_filter_head, filter, sf_global_next);
461	if ((filter->sf_filter.sf_flags & SFLT_GLOBAL) != 0) {
462	TAILQ_REMOVE(&filter->sf_proto->pr_filter_head, filter, sf_protosw_next);
463	}
464	entry_head = filter->sf_entry_head;
465	filter->sf_entry_head = NULL;
466	filter->sf_flags \|= SFF_DETACHING;
467	}
468
469	lck_mtx_unlock(sock_filter_lock);
470
471	if (filter == NULL)
472	return ENOENT;
473
474	/* We need to detach the filter from any sockets it's attached to */
475	if (entry_head == 0) {
476	if (filter->sf_filter.sf_unregistered)
477	filter->sf_filter.sf_unregistered(filter->sf_filter.sf_handle);
478	} else {
479	while (entry_head) {
480	struct socket_filter_entry *next_entry;
481	next_entry = entry_head->sfe_next_onfilter;
482	sflt_detach_private(entry_head, 1);
483	entry_head = next_entry;
484	}
485	}
486
487	return 0;
488	}
489
490	errno_t
491	sock_inject_data_in(
492	socket_t so,
493	const struct sockaddr* from,
494	mbuf_t data,
495	mbuf_t control,
496	sflt_data_flag_t flags)
497	{
498	int error = 0;
499	if (so == NULL \|\| data == NULL) return EINVAL;
500
501	if (flags & sock_data_filt_flag_oob) {
502	return ENOTSUP;
503	}
504
505	socket_lock(so, 1);
506
507	if (from) {
508	if (sbappendaddr(&so->so_rcv, (struct sockaddr*)from, data,
509	control, NULL))
510	sorwakeup(so);
511	goto done;
512	}
513
514	if (control) {
515	if (sbappendcontrol(&so->so_rcv, data, control, NULL))
516	sorwakeup(so);
517	goto done;
518	}
519
520	if (flags & sock_data_filt_flag_record) {
521	if (control \|\| from) {
522	error = EINVAL;
523	goto done;
524	}
525	if (sbappendrecord(&so->so_rcv, (struct mbuf*)data))
526	sorwakeup(so);
527	goto done;
528	}
529
530	if (sbappend(&so->so_rcv, data))
531	sorwakeup(so);
532	done:
533	socket_unlock(so, 1);
534	return error;
535	}
536
537	errno_t
538	sock_inject_data_out(
539	socket_t so,
540	const struct sockaddr* to,
541	mbuf_t data,
542	mbuf_t control,
543	sflt_data_flag_t flags)
544	{
545	int sosendflags = 0;
546	if (flags & sock_data_filt_flag_oob) sosendflags = MSG_OOB;
547	return sosend(so, (const struct sockaddr*)to, NULL,
548	data, control, sosendflags);
549	}
550
551	sockopt_dir
552	sockopt_direction(
553	sockopt_t sopt)
554	{
555	return (sopt->sopt_dir == SOPT_GET) ? sockopt_get : sockopt_set;
556	}
557
558	int
559	sockopt_level(
560	sockopt_t sopt)
561	{
562	return sopt->sopt_level;
563	}
564
565	int
566	sockopt_name(
567	sockopt_t sopt)
568	{
569	return sopt->sopt_name;
570	}
571
572	size_t
573	sockopt_valsize(
574	sockopt_t sopt)
575	{
576	return sopt->sopt_valsize;
577	}
578
579	errno_t
580	sockopt_copyin(
581	sockopt_t sopt,
582	void *data,
583	size_t len)
584	{
585	return sooptcopyin(sopt, data, len, len);
586	}
587
588	errno_t
589	sockopt_copyout(
590	sockopt_t sopt,
591	void *data,
592	size_t len)
593	{
594	return sooptcopyout(sopt, data, len);
595	}