tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Patch: accept filters for NetBSD



On Mon, 28 Jan 2008, Thor Lancelot Simon wrote:

> A coworker has ported the FreeBSD "accept filter" functionality to
> NetBSD (approximately 4.99.40 -- I think the attached patch should
> apply cleanly to HEAD today, however).  Accept filters are kernel
> level filters, enabled with setsockopt(), which can perform arbitrary
> operations on a TCP or local stream connection before accept() returns
> to userspace or the listen socket selects ready for accept.  Think of
> it as a much more sophisticated version of the socket watermark.

I think I like this idea (have not studied it in detail) except that

+#ifdef INET
+       case SO_ACCEPTFILTER:
+               error = do_setopt_accept_filter(so, m);
+               if (error)
+                       return error;
+               break;
+#endif

I'm not sure why its for INET only?

does the filter apply to the socket that it is optioned from or for all
sockets?

There is a case in the bluetooth land to be able to limit connections to a
specific remote device address. This is possible inside the kernel as a
protocol callback indicates if it wants to accept or not but it would be
interesting to be able to do this from userland, if this mechanism was
generic enough.

iain



Home | Main Index | Thread Index | Old Index