Updated: 2022/Sep/29
Please read Privacy Policy. It's for your privacy.
ACCEPT_FILTER(9) Kernel Developer's Manual ACCEPT_FILTER(9)
NAME
accept_filter, accept_filt_add, accept_filt_del,
accept_filt_generic_mod_event, accept_filt_get - filter incoming
connections
SYNOPSIS
#define ACCEPT_FILTER_MOD
#include <sys/param.h>
#include <sys/kernel.h>
#include <sys/sysctl.h>
#include <sys/signalvar.h>
#include <sys/socketvar.h>
#include <netinet/accept_filter.h>
int
accept_filt_add(struct accept_filter *filt);
int
accept_filt_del(char *name);
int
accept_filt_generic_mod_event(module_t mod, int event, void *data);
struct accept_filter *
accept_filt_get(char *name);
DESCRIPTION
Accept filters allow an application to request that the kernel pre-
process incoming connections. This manual page describes the kernel
interface for accept filters. User applications request accept filters
via the setsockopt(2) system call, passing in an optname of
SO_ACCEPTFILTER.
IMPLEMENTATION NOTES
A module that wants to be an accept filter must provide a struct
accept_filter to the system:
struct accept_filter {
char accf_name[16];
void (*accf_callback)(struct socket *so, void *arg, int waitflag);
void * (*accf_create)(struct socket *so, char *arg);
void (*accf_destroy)(struct socket *so);
SLIST_ENTRY(accept_filter) accf_next; /* next on the list */
};
The module should register it with the function accept_filt_add(),
passing a pointer to a struct accept_filter, allocated with malloc(9).
The accept filters currently provided with NetBSD (accf_data(9) and
accf_http(9)) are implemented as pseudo-devices, but an accept filter may
use any supported means of initializing and registering itself at system
startup or later, including the module framework if supported by the
running kernel.
The fields of struct accept_filter are as follows:
accf_name Name of the filter; this is how it will be accessed
from userland.
accf_callback The callback that the kernel will do once the
connection is established. It is the same as a socket
upcall and will be called when the connection is
established and whenever new data arrives on the
socket, unless the callback modifies the socket's
flags.
accf_create Called whenever a setsockopt(2) installs the filter
onto a listening socket.
accf_destroy Called whenever the user removes the accept filter on
the socket.
The accept_filt_del() function passed the same string used in
accept_filter.accf_name during registration with accept_filt_add(), the
kernel will then disallow and further userland use of the filter.
The accept_filt_get() function is used internally to locate which accept
filter to use via the setsockopt(2) system call.
The accept_filt_generic_mod_event() function can be used by accept
filters which are loadable kernel modules to add and delete themselves.
SEE ALSO
setsockopt(2), accf_data(9), accf_http(9), malloc(9)
HISTORY
The accept filter mechanism was introduced in FreeBSD 4.0. It was ported
to NetBSD by Coyote Point Systems, Inc. and appeared in NetBSD 5.0.
AUTHORS
This manual page was written by Alfred Perlstein, Sheldon Hearn, and
Jeroen Ruigrok van der Werven.
The accept filter concept was pioneered by David Filo at Yahoo! and
refined to be a loadable module system by Alfred Perlstein.
NetBSD 10.99 November 12, 2008 NetBSD 10.99