1.\" 2.\" Copyright (c) 2000 Alfred Perlstein 3.\" 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25.\" " 26.Dd June 25, 2000 27.Dt ACCEPT_FILTER 9 28.Os 29.Sh NAME 30.Nm accept_filter , 31.Nm accept_filt_add , 32.Nm accept_filt_del , 33.Nm accept_filt_generic_mod_event , 34.Nm accept_filt_get 35.Nd filter incoming connections 36.Sh SYNOPSIS 37.In sys/types.h 38.In sys/module.h 39.In sys/socket.h 40.Fd #define ACCEPT_FILTER_MOD 41.In sys/socketvar.h 42.Ft int 43.Fn accept_filt_add "struct accept_filter *filt" 44.Ft int 45.Fn accept_filt_del "char *name" 46.Ft int 47.Fn accept_filt_generic_mod_event "module_t mod" "int event" "void *data" 48.Ft struct accept_filter * 49.Fn accept_filt_get "char *name" 50.Sh DESCRIPTION 51Accept filters allow an application to request 52that the kernel pre-process incoming connections. 53An accept filter is requested via the 54.Xr setsockopt 2 55system call, passing in an 56.Fa optname 57of 58.Dv SO_ACCEPTFILTER . 59.Sh IMPLEMENTATION NOTES 60A module that wants to be an accept filter 61must provide a 62.Vt "struct accept_filter" 63to the system: 64.Bd -literal 65struct accept_filter { 66 char accf_name[16]; 67 void (*accf_callback)(struct socket *so, void *arg, int waitflag); 68 void * (*accf_create)(struct socket *so, char *arg); 69 void (*accf_destroy)(struct socket *so); 70 SLIST_ENTRY(accept_filter) accf_next; /* next on the list */ 71}; 72.Ed 73.Pp 74The module should register it with the function 75.Fn accept_filt_add , 76passing a pointer to a 77.Vt "struct accept_filter" , 78allocated with 79.Xr malloc 9 . 80.Pp 81The fields of 82.Vt "struct accept_filter" 83are as follows: 84.Bl -tag -width ".Va accf_callback" 85.It Va accf_name 86Name of the filter; 87this is how it will be accessed from userland. 88.It Va accf_callback 89The callback that the kernel will do 90once the connection is established. 91It is the same as a socket upcall 92and will be called when the connection is established 93and whenever new data arrives on the socket, 94unless the callback modifies the socket's flags. 95.It Va accf_create 96Called whenever a 97.Xr setsockopt 2 98installs the filter onto 99a listening socket. 100.It Va accf_destroy 101Called whenever the user removes the accept filter on the socket. 102.El 103.Pp 104The 105.Fn accept_filt_del 106function 107passed the same string used in 108.Va accept_filter.accf_name 109during registration with 110.Fn accept_filt_add , 111the kernel will then disallow and further userland use of the filter. 112.Pp 113The 114.Fn accept_filt_get 115function is used internally to locate which accept filter to use via the 116.Xr setsockopt 2 117system call. 118.Pp 119The 120.Fn accept_filt_generic_mod_event 121function provides a simple way to avoid duplication of code 122for accept filters which do not use the argument field to load 123and unload themselves. 124This function can be used in the 125.Vt moduledata_t 126struct for the 127.Xr DECLARE_MODULE 9 128macro. 129.Sh SEE ALSO 130.Xr setsockopt 2 , 131.Xr accf_data 9 , 132.Xr accf_dns 9 , 133.Xr accf_http 9 , 134.Xr malloc 9 135.Sh HISTORY 136The accept filter mechanism was introduced in 137.Fx 4.0 . 138.Sh AUTHORS 139This manual page was written by 140.An -nosplit 141.An Alfred Perlstein , 142.An Sheldon Hearn 143and 144.An Jeroen Ruigrok van der Werven . 145.Pp 146The accept filter concept was pioneered by 147.An David Filo 148at Yahoo!\& 149and refined to be a loadable module system by 150.An Alfred Perlstein . 151