NAME

       accf_dns — buffer incoming DNS requests until the whole first request is present

SYNOPSIS

       options INET
       options ACCEPT_FILTER_DNS
       kldload accf_dns

DESCRIPTION

       This is a filter to be placed on a socket that will be using accept() to receive incoming connections.

       It  prevents  the  application  from  receiving  the  connected descriptor via accept() until a whole DNS
       request is available on the socket.  It does this by reading the first  two  bytes  of  the  request,  to
       determine its size, and waiting until the required amount of data is available to be read.

       The ACCEPT_FILTER_DNS kernel option is also a module that can be enabled at runtime via kldload(8) if the
       INET option has been compiled into the kernel.

EXAMPLES

       If  the  accf_dns module is available in the kernel, the following code will enable the DNS accept filter
       on a socket sok.

               struct accept_filter_arg afa;

               bzero(&afa, sizeof(afa));
               strcpy(afa.af_name, "dnsready");
               setsockopt(sok, SOL_SOCKET, SO_ACCEPTFILTER, &afa, sizeof(afa));

SEE ALSO

       setsockopt(2), accept_filter(9), accf_data(9), accf_http(9)

HISTORY

       The accept filter mechanism was introduced in FreeBSD 4.0.

AUTHORS

       This manual page and the filter were written by David Malone.

Debian                                            July 16, 2008                                      ACCF_DNS(9)