1.\" 2.\" Copyright (c) 2008 David Malone 3.\" 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25.\" " 26.Dd July 16, 2008 27.Dt ACCF_DNS 9 28.Os 29.Sh NAME 30.Nm accf_dns 31.Nd buffer incoming DNS requests until the whole first request is present 32.Sh SYNOPSIS 33.Cd options INET 34.Cd options ACCEPT_FILTER_DNS 35.Pp 36In 37.Xr rc.conf 5 : 38.Cd kld_list="accf_dns" 39.Sh DESCRIPTION 40This is a filter to be placed on a socket that will be using 41.Fn accept 42to receive incoming connections. 43.Pp 44It prevents the application from receiving the connected descriptor via 45.Fn accept 46until a whole DNS request is available on the socket. 47It does this by reading the first two bytes of the request, 48to determine its size, 49and waiting until the required amount of data is available to be read. 50.Pp 51The 52.Fa ACCEPT_FILTER_DNS 53kernel option is also a module that can be enabled at runtime via 54.Xr kldload 8 55if the INET option has been compiled into the kernel. 56.Sh EXAMPLES 57If the 58.Nm 59module is available in the kernel, 60the following code will enable the DNS accept filter 61on a socket 62.Fa sok . 63.Bd -literal -offset 0i 64 struct accept_filter_arg afa; 65 66 bzero(&afa, sizeof(afa)); 67 strcpy(afa.af_name, "dnsready"); 68 setsockopt(sok, SOL_SOCKET, SO_ACCEPTFILTER, &afa, sizeof(afa)); 69.Ed 70.Sh SEE ALSO 71.Xr setsockopt 2 , 72.Xr accept_filter 9 , 73.Xr accf_data 9 , 74.Xr accf_http 9 75.Sh HISTORY 76The accept filter mechanism was introduced in 77.Fx 4.0 . 78.Sh AUTHORS 79This manual page and the filter were written by 80.An David Malone . 81