> > I have done some initial scoping, but have discovered that in order to
> > mark a packet using setsockopt(), the process needs to be run as root.
>
> Are you sure it needs root and not just a suitable capability flag? From
> what I can tel CAP_NET_ADMIN is sufficient.
You're right, it only needs CAP_NET_ADMIN. I've just hacked tools.cc to
add that capability and it worked.
So, is the best way of implementing this to do the same as transparent
proxying, and check whether the (proposed) marking option is enabled in
squid.conf when executing restoreCapabilities? If the user has asked for
packets to be marked, then CAP_NET_ADMIN will be retained. The mark
would then be applied in comm.cc in a similar way to the TOS settings.
Andy
Received on Tue Jun 22 2010 - 11:26:11 MDT
This archive was generated by hypermail 2.2.0 : Wed Jun 23 2010 - 12:00:08 MDT