This is a filter to be placed on a socket that will be using
to receive incoming connections.
It prevents the application from receiving the connected descriptor via
until a whole DNS request is available on the socket.
It does this by reading the first two bytes of the request,
to determine its size,
and waiting until the required amount of data is available to be read.
kernel option is also a module that can be enabled at runtime via
if the INET option has been compiled into the kernel.
module is available in the kernel,
the following code will enable the DNS accept filter
on a socket
struct accept_filter_arg afa;
setsockopt(sok, SOL_SOCKET, SO_ACCEPTFILTER, &afa, sizeof(afa));