| Skip Navigation Links | |
| Exit Print View | |
|
man pages section 9: DDI and DKI Properties and Data Structures Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
man pages section 9: DDI and DKI Properties and Data Structures Oracle Solaris 11.1 Information Library |
- socket filter entry points structure
#include <sys/sockfilter.h>
The sof_ops structure defines a set of function entry points that a socket filter module exports to the socket filter framework. None of the entry points are required, and unused entry points should be set to NULL.
Filter instance are created and attached to sockets that match the requirements that were established when the filter was configured with soconfig(1M). A filter module can only have a single filter instance attached to a socket, but there may be multiple filter instance attached to a socket as a result of multiple filter modules being configured on the system.
The presence of multiple filter instance on a socket create a filter stack, which together with the source of the event determine the entry point execution order. Socket operations, such as connect(3SOCKET), traverse the stack top to bottom, while protocol events, such as incoming data, move bottom-up.
The order in which a filter is attached to a socket is undefined unless the filter specifies a placement hint when it is configured by soconfig.
The framework makes the following guarantees:
sofop_attach_active(9E) or sofop_attach_passive(9E) is always called before any other entry point
sofop_detach(9E) is always the final entry point to be called
while a filter module is executing sofop_attach_active(), sofop_attach_passive(), or sofop_detach() for a socket, no other filter entry point will be called for the same socket.
In certain circumstances , a socket must be moved to legacy STREAMS mode to satisfy a STREAMS operation (streamio(7I)) issued by an application. Socket filters are incompatible with sockets operating in STREAMS mode, and a socket that has an active socket filter attached can not fall back to legacy mode, causing the STREAMS operation to fail. Therefore, the impact of enabling a socket filter should always be evaluated before it is deployed. A socket filter can minimize this impact by always marking itself inactive (using sof_bypass(9F)) if it is determined that it will not be used by a particular socket.
Socket filters are currently not supported by either AF_UNIX or SCTP sockets.
sof_attach_active_fn_t sofop_attach_active; sof_attach_passive_fn_t sofop_attach_passive; sof_detach_fn_t sofop_detach; sof_data_in_fn_t sofop_data_in; sof_data_in_proc_fn_t sofop_data_in_proc; sof_data_out_fn_t sofop_data_out; sof_bind_fn_t sofop_bind; sof_listen_fn_t sofop_listen; sof_connect_fn_t sofop_connect; sof_accepted_fn_t sofop_accepted; sof_shutdown_fn_t sofop_shutdown; sof_getsockname_fn_t sofop_getsockname; sof_getpeername_fn_t sofop_getpeername; sof_setsockopt_fn_t sofop_setsockopt; sof_getsockopt_fn_t sofop_getsockopt; sof_notify_fn_t sofop_notify;
See attributes(5) for descriptions of the following attributes:
|
soconfig(1M), connect(3SOCKET), attributes(5), streamio(7I), sofop_attach_active(9E), sofop_attach_passive(9E), sofop_bind(9E), sofop_data_in(9E), sofop_detach(9E), sofop_notify(9E), sof_bypass(9F), sof_register(9F)
|