See the Overview section above for header-level documentation.
This header defines an API for intercepting communications at the socket layer.
For the most part, socket filters want to do three things: Filter data in and out, watch for state changes, and intercept a few calls for security. The number of function pointers supplied by a socket filter has been significantly reduced. The filter no longer has any knowledge of socket buffers. The filter no longer intercepts nearly every internal socket call. There are two data filters, an in filter, and an out filter. The in filter occurs before data is placed in the receive socket buffer. This is done to avoid waking the process unnecessarily. The out filter occurs before the data is appended to the send socket buffer. This should cover inbound and outbound data. For monitoring state changes, we've added a notify function that will be called when various events that the filter can not intercept occur. In addition, we've added a few functions that a filter may use to intercept common operations. These functions are: connect (inbound), connect (outbound), bind, set socket option, get socket option, and listen. Bind, listen, connect in, and connect out could be used together to build a fairly comprehensive firewall without having to do much with individual packets.