A module that wants to be an accept filter must provide a
struct accept_filter to the system:
struct accept_filter {
char accf_name[16];
void (*accf_callback)(struct socket *so, void *arg, int waitflag);
void * (*accf_create)(struct socket *so, char *arg);
void (*accf_destroy)(struct socket *so);
SLIST_ENTRY(accept_filter) accf_next; /* next on the list */
};
The module should register it with the function
accept_filt_add(), passing a pointer to a
struct accept_filter, allocated with
malloc(9).
The accept filters currently provided with
NetBSD (
accf_data(9) and
accf_http(9)) are implemented as pseudo-devices, but an accept filter may use any supported means of initializing and registering itself at system startup or later, including the module framework if supported by the running kernel.
The fields of
struct accept_filter are as follows:
accf_name
Name of the filter; this is how it will be accessed from userland.
accf_callback
The callback that the kernel will do once the connection is established. It is the same as a socket upcall and will be called when the connection is established and whenever new data arrives on the socket, unless the callback modifies the socket's flags.
accf_create
Called whenever a
setsockopt(2) installs the filter onto a listening socket.
accf_destroy
Called whenever the user removes the accept filter on the socket.
The
accept_filt_del() function passed the same string used in
accept_filter.accf_name during registration with
accept_filt_add(), the kernel will then disallow and further userland use of the filter.
The
accept_filt_get() function is used internally to locate which accept filter to use via the
setsockopt(2) system call.
The
accept_filt_generic_mod_event() function can be used by accept filters which are loadable kernel modules to add and delete themselves.