Sockets-related User Exit Points
Sockets-related user exit points give an exit program the ability to prevent a specific sockets API from completing successfully.
Sockets-related user exit points give an exit program the ability to control connections based on specific conditions for a job at runtime. This functionality is provided through system-wide user exit points for sockets APIs accepting incoming connections, connect(), and listen(). The user exit can allow or deny the operation successful completion based on the criteria set by the registered exit program. The intent is to allow exit programs runtime determination if a particular operation is allowed to complete based on the characteristics of the requesting job. These characteristics can include things such as user ID, job type, time of day, current system usage, and so on.
Exit points defined in the User Registry
User-defined exit programs registered with the exit points defined in the user registry are able to limit incoming and outgoing connections. The return codes of the user-defined exit programs indicate whether to allow successful completion to connect(), listen(), accept(), accept_and_recv(), or QsoStartAccept().
| User Exit Point | Description |
|---|---|
| QIBM_QSO_ACCEPT | Enables a custom exit program to allow or deny incoming connections based on the restrictions set by the programs. |
| QIBM_QSO_CONNECT | Enables a custom exit program to allow or deny outgoing connections based on the restrictions set by the programs. |
| QIBM_QSO_LISTEN | Enables a custom exit program to allow or deny a socket the ability to listen for connections based on the restrictions set by the programs. |
- By default, the sockets APIs accepting connections silently ignore rejected connections and wait for the next incoming connection. To give an application the ability to be informed about rejected connections, a socket option is provided. The socket option is enabled by setsockopt() with a level of SOL_SOCKET and option name SO_ACCEPTEPERM. When the socket option is enabled, sockets APIs accepting connections fail with EPERM for each incoming connection rejected by the user exit program registered for QIBM_QSO_ACCEPT.
- Any user trying to add or remove a sockets-related user exit program is required to have *IOSYSCFG, *ALLOBJ, and *SECADM authority.
- Not all IBM® developed applications
call the configured user exit programs for one of the following reasons:
- The application does not use sockets APIs for network communication.
- The sockets API was called from a system task that is unable to call user exit programs.