std::net: adding acceptfilter feature for netbsd/freebsd.

devnexen · devnexen · commit 42def7649a74 · 2024-03-11T20:02:10.000Z
similar to linux's ext deferaccept, to filter incoming connections
before accept.
diff --git a/library/std/src/os/unix/net/stream.rs b/library/std/src/os/unix/net/stream.rs
@@ -14,6 +14,7 @@ use super::{peer_cred, UCred};
 #[cfg(any(doc, target_os = "android", target_os = "linux"))]
 use super::{recv_vectored_with_ancillary_from, send_vectored_with_ancillary_to, SocketAncillary};
 use super::{sockaddr_un, SocketAddr};
+use crate::ffi::CStr;
 use crate::fmt;
 use crate::io::{self, IoSlice, IoSliceMut};
 use crate::net::Shutdown;
@@ -384,6 +385,85 @@ impl UnixStream {
         self.0.set_nonblocking(nonblocking)
     }
 
+    /// Moves the socket to pass unix credentials as control message in [`SocketAncillary`].
+    ///
+    /// Set the socket option `SO_PASSCRED`.
+    ///
+    /// # Examples
+    ///
+    #[cfg_attr(
+        any(
+            target_os = "android",
+            target_os = "linux",
+            target_os = "netbsd",
+            target_os = "freebsd"
+        ),
+        doc = "```no_run"
+    )]
+    #[cfg_attr(
+        not(any(
+            target_os = "android",
+            target_os = "linux",
+            target_os = "netbsd",
+            target_os = "freebsd"
+        )),
+        doc = "```ignore"
+    )]
+    /// #![feature(unix_socket_ancillary_data)]
+    /// use std::os::unix::net::UnixStream;
+    ///
+    /// fn main() -> std::io::Result<()> {
+    ///     let socket = UnixStream::connect("/tmp/sock")?;
+    ///     socket.set_passcred(true).expect("Couldn't set passcred");
+    ///     Ok(())
+    /// }
+    /// ```
+    #[cfg(any(
+        doc,
+        target_os = "android",
+        target_os = "linux",
+        target_os = "netbsd",
+        target_os = "freebsd"
+    ))]
+    #[unstable(feature = "unix_socket_ancillary_data", issue = "76915")]
+    pub fn set_passcred(&self, passcred: bool) -> io::Result<()> {
+        self.0.set_passcred(passcred)
+    }
+
+    /// Get the current value of the socket for passing unix credentials in [`SocketAncillary`].
+    /// This value can be change by [`set_passcred`].
+    ///
+    /// Get the socket option `SO_PASSCRED`.
+    ///
+    /// [`set_passcred`]: UnixStream::set_passcred
+    #[cfg(any(
+        doc,
+        target_os = "android",
+        target_os = "linux",
+        target_os = "netbsd",
+        target_os = "freebsd"
+    ))]
+    #[unstable(feature = "unix_socket_ancillary_data", issue = "76915")]
+    pub fn passcred(&self) -> io::Result<bool> {
+        self.0.passcred()
+    }
+
+    /// Set a filter name on the socket to filter incoming connections to defer it before accept(2)
+    ///
+    #[cfg(any(doc, target_os = "netbsd", target_os = "freebsd"))]
+    #[unstable(feature = "acceptfilter", issue = "none")]
+    pub fn set_acceptfilter(&self, name: &CStr) -> io::Result<()> {
+        self.0.set_acceptfilter(name)
+    }
+
+    /// Get a filter name if one had been set previously on the socket.
+    ///
+    #[cfg(any(doc, target_os = "netbsd", target_os = "freebsd"))]
+    #[unstable(feature = "acceptfilter", issue = "none")]
+    pub fn acceptfilter(&self) -> io::Result<&CStr> {
+        self.0.acceptfilter()
+    }
+
     /// Set the id of the socket for network filtering purpose
     ///
     #[cfg_attr(
diff --git a/library/std/src/sys/pal/unix/net.rs b/library/std/src/sys/pal/unix/net.rs
@@ -453,6 +453,28 @@ impl Socket {
         Ok(raw as u32)
     }
 
+    #[cfg(any(target_os = "freebsd", target_os = "netbsd"))]
+    pub fn set_acceptfilter(&self, name: &CStr) -> io::Result<()> {
+        const AF_NAME_MAX: usize = 16;
+        let mut buf = [0; AF_NAME_MAX];
+        for (src, dst) in name.to_bytes().iter().zip(&mut buf[..AF_NAME_MAX - 1]) {
+            *dst = *src as i8;
+        }
+        let mut arg: libc::accept_filter_arg = unsafe { mem::zeroed() };
+        arg.af_name = buf;
+        setsockopt(self, libc::SOL_SOCKET, libc::SO_ACCEPTFILTER, &mut arg)
+    }
+
+    #[cfg(any(target_os = "freebsd", target_os = "netbsd"))]
+    pub fn acceptfilter(&self) -> io::Result<&CStr> {
+        let arg: libc::accept_filter_arg =
+            getsockopt(self, libc::SOL_SOCKET, libc::SO_ACCEPTFILTER)?;
+        let s: &[u8] =
+            unsafe { core::slice::from_raw_parts(arg.af_name.as_ptr() as *const u8, 16) };
+        let name = CStr::from_bytes_with_nul(s).unwrap();
+        Ok(name)
+    }
+
     #[cfg(any(target_os = "android", target_os = "linux",))]
     pub fn set_passcred(&self, passcred: bool) -> io::Result<()> {
         setsockopt(self, libc::SOL_SOCKET, libc::SO_PASSCRED, passcred as libc::c_int)
