From: Andrew Beverley <andy@andybev.com>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: Accessing packet marking functions
Date: Sun, 20 Jun 2010 13:31:12 +0100 [thread overview]
Message-ID: <1277037072.1476.107.camel@andybev> (raw)
In-Reply-To: <alpine.LSU.2.01.1006201351490.23203@obet.zrqbmnf.qr>
> >> >Can somebody point me in the right direction for the correct way of
> >> >setting and accessing the mark value of a packet? The TOS feature in
> >> >Squid uses setsockopt(). Is there an equivalent for mark? Should I be
> >> >using libnetfilter_queue?
> >>
> >> setsockopt(fd, SOL_SOCKET, SO_MARK, ...)
> >
> >I am getting the error "Operation not permitted" when trying to do this.
> >Is this because the packet is not in a state where it can be marked, or
> >am I doing something stupid? My code is:
> >
> >int nfmark = 255;
> >setsockopt(fd, SOL_SOCKET, SO_MARK, (int *) &nfmark, sizeof(int));
> 1. Do away with the pointless casts.
> 2. Needs root privileges.
Thanks, that works now when running as root (with pointless casts
removed).
The problem is that Squid normally runs as a non-privileged user (I had
to remove the root checks from the code to get it to run as root). Is
there any way to mark packets when not root? Or is the only way to make
this work to run a small part of Squid as root?
Thanks,
Andy
next prev parent reply other threads:[~2010-06-20 12:31 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-19 16:42 Accessing packet marking functions Andrew Beverley
2010-06-19 20:01 ` Jan Engelhardt
2010-06-19 20:50 ` Andrew Beverley
2010-06-20 11:16 ` Andrew Beverley
2010-06-20 11:52 ` Jan Engelhardt
2010-06-20 12:31 ` Andrew Beverley [this message]
2010-06-22 6:16 ` Patrick McHardy
2010-06-28 21:21 ` Andrew Beverley
2010-06-28 21:45 ` Jan Engelhardt
2010-06-29 21:22 ` Andrew Beverley
2010-06-29 21:35 ` Maciej Żenczykowski
2010-06-30 6:14 ` Andrew Beverley
2010-06-30 6:15 ` Jan Engelhardt
2010-06-30 6:32 ` Andrew Beverley
2010-06-30 6:47 ` Jan Engelhardt
2010-10-24 17:30 ` Andrew Beverley
2010-10-24 23:55 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1277037072.1476.107.camel@andybev \
--to=andy@andybev.com \
--cc=jengelh@medozas.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).