NAME
accept_filter, 
accept_filt_add,
  
accept_filt_del,
  
accept_filt_generic_mod_event,
  
accept_filt_get — 
filter incoming
  connections
SYNOPSIS
#define ACCEPT_FILTER_MOD
#include <sys/param.h>
#include <sys/kernel.h>
#include <sys/sysctl.h>
#include <sys/signalvar.h>
#include <sys/socketvar.h>
#include <netinet/accept_filter.h>
int
accept_filt_add(
struct
  accept_filter *filt);
int
accept_filt_del(
char
  *name);
int
accept_filt_generic_mod_event(
module_t
  mod, 
int event,
  
void *data);
struct accept_filter *
accept_filt_get(
char
  *name);
DESCRIPTION
Accept filters allow an application to request that the kernel pre-process
  incoming connections. This manual page describes the kernel interface for
  accept filters. User applications request accept filters via the
  
setsockopt(2) system call,
  passing in an 
optname of
  
SO_ACCEPTFILTER.
IMPLEMENTATION NOTES
A module that wants to be an accept filter must provide a 
struct
  accept_filter to the system:
struct accept_filter { 
	char	accf_name[16]; 
	void	(*accf_callback)(struct socket *so, void *arg, int waitflag); 
	void *	(*accf_create)(struct socket *so, char *arg); 
	void	(*accf_destroy)(struct socket *so); 
	SLIST_ENTRY(accept_filter) accf_next;	/* next on the list */ 
};
 
The module should register it with the function
  
accept_filt_add(), passing a pointer to a
  
struct accept_filter, allocated with
  
malloc(9).
The accept filters currently provided with 
NetBSD
  (
accf_data(9) and
  
accf_http(9)) are implemented
  as pseudo-devices, but an accept filter may use any supported means of
  initializing and registering itself at system startup or later, including the
  module framework if supported by the running kernel.
The fields of 
struct accept_filter are as follows:
  -  
-  
- accf_name
- Name of the filter; this is how it will be accessed from
      userland.
-  
-  
- accf_callback
- The callback that the kernel will do once the connection is
      established. It is the same as a socket upcall and will be called when the
      connection is established and whenever new data arrives on the socket,
      unless the callback modifies the socket's flags.
-  
-  
- accf_create
- Called whenever a
      setsockopt(2) installs
      the filter onto a listening socket.
-  
-  
- accf_destroy
- Called whenever the user removes the accept filter on the
      socket.
The 
accept_filt_del() function passed the same string used in
  
accept_filter.accf_name during registration with
  
accept_filt_add(), the kernel will then disallow and further
  userland use of the filter.
The 
accept_filt_get() function is used internally to locate
  which accept filter to use via the
  
setsockopt(2) system call.
The 
accept_filt_generic_mod_event() function can be used by
  accept filters which are loadable kernel modules to add and delete themselves.
SEE ALSO
setsockopt(2),
  
accf_data(9),
  
accf_http(9),
  
malloc(9)
HISTORY
The accept filter mechanism was introduced in 
FreeBSD
  4.0. It was ported to 
NetBSD by Coyote Point
  Systems, Inc. and appeared in 
NetBSD 5.0.
AUTHORS
This manual page was written by 
Alfred Perlstein,
  
Sheldon Hearn, and 
Jeroen Ruigrok van
  der Werven.
The accept filter concept was pioneered by 
David Filo at
  Yahoo! and refined to be a loadable module system by 
Alfred
  Perlstein.