1167fcf05SDavid Malone.\" 2167fcf05SDavid Malone.\" Copyright (c) 2008 David Malone 3167fcf05SDavid Malone.\" 4167fcf05SDavid Malone.\" All rights reserved. 5167fcf05SDavid Malone.\" 6167fcf05SDavid Malone.\" Redistribution and use in source and binary forms, with or without 7167fcf05SDavid Malone.\" modification, are permitted provided that the following conditions 8167fcf05SDavid Malone.\" are met: 9167fcf05SDavid Malone.\" 1. Redistributions of source code must retain the above copyright 10167fcf05SDavid Malone.\" notice, this list of conditions and the following disclaimer. 11167fcf05SDavid Malone.\" 2. Redistributions in binary form must reproduce the above copyright 12167fcf05SDavid Malone.\" notice, this list of conditions and the following disclaimer in the 13167fcf05SDavid Malone.\" documentation and/or other materials provided with the distribution. 14167fcf05SDavid Malone.\" 15167fcf05SDavid Malone.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR 16167fcf05SDavid Malone.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17167fcf05SDavid Malone.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18167fcf05SDavid Malone.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, 19167fcf05SDavid Malone.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20167fcf05SDavid Malone.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21167fcf05SDavid Malone.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22167fcf05SDavid Malone.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23167fcf05SDavid Malone.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24167fcf05SDavid Malone.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25167fcf05SDavid Malone.\" " 26167fcf05SDavid Malone.Dd July 16, 2008 27167fcf05SDavid Malone.Dt ACCF_DNS 9 28aa12cea2SUlrich Spörlein.Os 29167fcf05SDavid Malone.Sh NAME 30167fcf05SDavid Malone.Nm accf_dns 31167fcf05SDavid Malone.Nd buffer incoming DNS requests until the whole first request is present 32167fcf05SDavid Malone.Sh SYNOPSIS 33167fcf05SDavid Malone.Nm options INET 34167fcf05SDavid Malone.Nm options ACCEPT_FILTER_DNS 35167fcf05SDavid Malone.Nm kldload accf_dns 36167fcf05SDavid Malone.Sh DESCRIPTION 37167fcf05SDavid MaloneThis is a filter to be placed on a socket that will be using 38167fcf05SDavid Malone.Fn accept 39167fcf05SDavid Maloneto receive incoming connections. 40167fcf05SDavid Malone.Pp 41167fcf05SDavid MaloneIt prevents the application from receiving the connected descriptor via 42167fcf05SDavid Malone.Fn accept 43167fcf05SDavid Maloneuntil a whole DNS request is available on the socket. 44167fcf05SDavid MaloneIt does this by reading the first two bytes of the request, 45167fcf05SDavid Maloneto determine its size, 46167fcf05SDavid Maloneand waiting until the required amount of data is available to be read. 47167fcf05SDavid Malone.Pp 48167fcf05SDavid MaloneThe 49167fcf05SDavid Malone.Fa ACCEPT_FILTER_DNS 50167fcf05SDavid Malonekernel option is also a module that can be enabled at runtime via 51167fcf05SDavid Malone.Xr kldload 8 52167fcf05SDavid Maloneif the INET option has been compiled into the kernel. 53167fcf05SDavid Malone.Sh EXAMPLES 54167fcf05SDavid MaloneIf the 55167fcf05SDavid Malone.Nm 56167fcf05SDavid Malonemodule is available in the kernel, 57167fcf05SDavid Malonethe following code will enable the DNS accept filter 58167fcf05SDavid Maloneon a socket 59167fcf05SDavid Malone.Fa sok . 60167fcf05SDavid Malone.Bd -literal -offset 0i 61167fcf05SDavid Malone struct accept_filter_arg afa; 62167fcf05SDavid Malone 63167fcf05SDavid Malone bzero(&afa, sizeof(afa)); 64167fcf05SDavid Malone strcpy(afa.af_name, "dnsready"); 65167fcf05SDavid Malone setsockopt(sok, SOL_SOCKET, SO_ACCEPTFILTER, &afa, sizeof(afa)); 66167fcf05SDavid Malone.Ed 67167fcf05SDavid Malone.Sh SEE ALSO 68167fcf05SDavid Malone.Xr setsockopt 2 , 69167fcf05SDavid Malone.Xr accept_filter 9 , 70*1e9469d1SChristian Brueffer.Xr accf_data 9 , 71167fcf05SDavid Malone.Xr accf_http 9 72167fcf05SDavid Malone.Sh HISTORY 73167fcf05SDavid MaloneThe accept filter mechanism was introduced in 74167fcf05SDavid Malone.Fx 4.0 . 75167fcf05SDavid Malone.Sh AUTHORS 76167fcf05SDavid MaloneThis manual page and the filter were written by 77167fcf05SDavid Malone.An David Malone . 78