Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
DNS accept filter
12 views
Skip to first unread message
David Malone
Oct 17, 2012, 9:25:02 AM10/17/12
to bind-...@lists.isc.org
I'm not sure if this is of interest to anyone, but I wrote a FreeBSD
accept filter for DNS a few years ago. An accept filter is a socket
option that you can use to tell the kernel to wait before the
accept() syscall returns. In this case, the accept filter delays
the return of accept until there is a full DNS request in the buffer.
Named already tries to use FreeBSD's data-ready accept filter, but
I've been using the patch below to make it use the DNS filter, if
it is available. Would be interest in taking this into the BIND
tree?
David.
(Note, to use the filter, you have to patch named and load the kernel
module, "kldload accf_dns", and then restart named.)
Index: bin/named/interfacemgr.c
===================================================================
RCS file: /home/ncvs/src/contrib/bind9/bin/named/interfacemgr.c,v
retrieving revision 1.8
diff -u -r1.8 interfacemgr.c
--- bin/named/interfacemgr.c 5 Apr 2012 04:29:35 -0000 1.8
+++ bin/named/interfacemgr.c 17 Oct 2012 13:00:13 -0000
@@ -328,7 +328,9 @@
* If/when there a multiple filters listen to the
* result.
*/
- (void)isc_socket_filter(ifp->tcpsocket, "dataready");
+ if (isc_socket_filter(ifp->tcpsocket, "dnsready") != ISC_R_SUCCESS)
+ isc_socket_filter(ifp->tcpsocket, "dataready");
+
result = ns_clientmgr_createclients(ifp->clientmgr,
ifp->ntcptarget, ifp,
accept filter for DNS a few years ago. An accept filter is a socket
option that you can use to tell the kernel to wait before the
accept() syscall returns. In this case, the accept filter delays
the return of accept until there is a full DNS request in the buffer.
Named already tries to use FreeBSD's data-ready accept filter, but
I've been using the patch below to make it use the DNS filter, if
it is available. Would be interest in taking this into the BIND
tree?
David.
(Note, to use the filter, you have to patch named and load the kernel
module, "kldload accf_dns", and then restart named.)
Index: bin/named/interfacemgr.c
===================================================================
RCS file: /home/ncvs/src/contrib/bind9/bin/named/interfacemgr.c,v
retrieving revision 1.8
diff -u -r1.8 interfacemgr.c
--- bin/named/interfacemgr.c 5 Apr 2012 04:29:35 -0000 1.8
+++ bin/named/interfacemgr.c 17 Oct 2012 13:00:13 -0000
@@ -328,7 +328,9 @@
* If/when there a multiple filters listen to the
* result.
*/
- (void)isc_socket_filter(ifp->tcpsocket, "dataready");
+ if (isc_socket_filter(ifp->tcpsocket, "dnsready") != ISC_R_SUCCESS)
+ isc_socket_filter(ifp->tcpsocket, "dataready");
+
result = ns_clientmgr_createclients(ifp->clientmgr,
ifp->ntcptarget, ifp,
0 new messages