From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Beverley Subject: Re: Accessing packet marking functions Date: Sun, 20 Jun 2010 13:31:12 +0100 Message-ID: <1277037072.1476.107.camel@andybev> References: <1276965739.1476.35.camel@andybev> <1277032613.1476.93.camel@andybev> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Cc: netfilter-devel@vger.kernel.org To: Jan Engelhardt Return-path: Received: from earth.simplelists.com ([89.16.184.171]:60227 "EHLO earth.simplelists.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753132Ab0FTMbV (ORCPT ); Sun, 20 Jun 2010 08:31:21 -0400 In-Reply-To: Sender: netfilter-devel-owner@vger.kernel.org List-ID: > >> >Can somebody point me in the right direction for the correct way of > >> >setting and accessing the mark value of a packet? The TOS feature in > >> >Squid uses setsockopt(). Is there an equivalent for mark? Should I be > >> >using libnetfilter_queue? > >> > >> setsockopt(fd, SOL_SOCKET, SO_MARK, ...) > > > >I am getting the error "Operation not permitted" when trying to do this. > >Is this because the packet is not in a state where it can be marked, or > >am I doing something stupid? My code is: > > > >int nfmark = 255; > >setsockopt(fd, SOL_SOCKET, SO_MARK, (int *) &nfmark, sizeof(int)); > 1. Do away with the pointless casts. > 2. Needs root privileges. Thanks, that works now when running as root (with pointless casts removed). The problem is that Squid normally runs as a non-privileged user (I had to remove the root checks from the code to get it to run as root). Is there any way to mark packets when not root? Or is the only way to make this work to run a small part of Squid as root? Thanks, Andy