diff --git a/share/man/man9/Makefile b/share/man/man9/Makefile index 4e43268ae0b8..383ec45f7ec1 100644 --- a/share/man/man9/Makefile +++ b/share/man/man9/Makefile @@ -2,6 +2,7 @@ MAN= accept_filter.9 \ accf_data.9 \ + accf_dns.9 \ accf_http.9 \ acl.9 \ alloc_unr.9 \ diff --git a/share/man/man9/accept_filter.9 b/share/man/man9/accept_filter.9 index af9e888a52f1..4a7d239f86d9 100644 --- a/share/man/man9/accept_filter.9 +++ b/share/man/man9/accept_filter.9 @@ -131,6 +131,7 @@ macro. .Sh SEE ALSO .Xr setsockopt 2 , .Xr accf_data 9 , +.Xr accf_dns 9 , .Xr accf_http 9 , .Xr malloc 9 .Sh HISTORY diff --git a/share/man/man9/accf_data.9 b/share/man/man9/accf_data.9 index 7eba8654a75c..836deba17a6e 100644 --- a/share/man/man9/accf_data.9 +++ b/share/man/man9/accf_data.9 @@ -67,6 +67,7 @@ on the socket .Sh SEE ALSO .Xr setsockopt 2 , .Xr accept_filter 9 , +.Xr accf_dns 9 .Xr accf_http 9 .Sh HISTORY The accept filter mechanism and the diff --git a/share/man/man9/accf_dns.9 b/share/man/man9/accf_dns.9 new file mode 100644 index 000000000000..f4b1563bb73b --- /dev/null +++ b/share/man/man9/accf_dns.9 @@ -0,0 +1,79 @@ +.\" +.\" Copyright (c) 2008 David Malone +.\" +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" " +.Dd July 16, 2008 +.Os +.Dt ACCF_DNS 9 +.Sh NAME +.Nm accf_dns +.Nd buffer incoming DNS requests until the whole first request is present +.Sh SYNOPSIS +.Nm options INET +.Nm options ACCEPT_FILTER_DNS +.Nm kldload accf_dns +.Sh DESCRIPTION +This is a filter to be placed on a socket that will be using +.Fn accept +to receive incoming connections. +.Pp +It prevents the application from receiving the connected descriptor via +.Fn accept +until a whole DNS request is available on the socket. +It does this by reading the first two bytes of the request, +to determine its size, +and waiting until the required amount of data is available to be read. +.Pp +The +.Fa ACCEPT_FILTER_DNS +kernel option is also a module that can be enabled at runtime via +.Xr kldload 8 +if the INET option has been compiled into the kernel. +.Sh EXAMPLES +If the +.Nm +module is available in the kernel, +the following code will enable the DNS accept filter +on a socket +.Fa sok . +.Bd -literal -offset 0i + struct accept_filter_arg afa; + + bzero(&afa, sizeof(afa)); + strcpy(afa.af_name, "dnsready"); + setsockopt(sok, SOL_SOCKET, SO_ACCEPTFILTER, &afa, sizeof(afa)); +.Ed +.Sh SEE ALSO +.Xr setsockopt 2 , +.Xr accept_filter 9 , +.Xr accf_http 9 +.Xr accf_data 9 +.Sh HISTORY +The accept filter mechanism was introduced in +.Fx 4.0 . +.Sh AUTHORS +This manual page and the filter were written by +.An David Malone .