tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Patch: accept filters for NetBSD

On Mon, 28 Jan 2008, Thor Lancelot Simon wrote:

> A coworker has ported the FreeBSD "accept filter" functionality to
> NetBSD (approximately 4.99.40 -- I think the attached patch should
> apply cleanly to HEAD today, however).  Accept filters are kernel
> level filters, enabled with setsockopt(), which can perform arbitrary
> operations on a TCP or local stream connection before accept() returns
> to userspace or the listen socket selects ready for accept.  Think of
> it as a much more sophisticated version of the socket watermark.

I think I like this idea (have not studied it in detail) except that

+#ifdef INET
+       case SO_ACCEPTFILTER:
+               error = do_setopt_accept_filter(so, m);
+               if (error)
+                       return error;
+               break;

I'm not sure why its for INET only?

does the filter apply to the socket that it is optioned from or for all

There is a case in the bluetooth land to be able to limit connections to a
specific remote device address. This is possible inside the kernel as a
protocol callback indicates if it wants to accept or not but it would be
interesting to be able to do this from userland, if this mechanism was
generic enough.


Home | Main Index | Thread Index | Old Index