On Tue, 22 Jun 2010 12:26:02 +0100, Andrew Beverley <a...@andybev.com> wrote: >> > I have done some initial scoping, but have discovered that in order to >> > mark a packet using setsockopt(), the process needs to be run as root. >> >> Are you sure it needs root and not just a suitable capability flag? From >> what I can tel CAP_NET_ADMIN is sufficient. > > You're right, it only needs CAP_NET_ADMIN. I've just hacked tools.cc to > add that capability and it worked. > > So, is the best way of implementing this to do the same as transparent > proxying, and check whether the (proposed) marking option is enabled in > squid.conf when executing restoreCapabilities? If the user has asked for > packets to be marked, then CAP_NET_ADMIN will be retained. The mark > would then be applied in comm.cc in a similar way to the TOS settings. > > Andy
Cool. So, do you have a clear use-case we can add to the wiki and commit message? What do you think, for the config UI: qos_flows - adding an initial flag "tos"|"mark" which determines which marking type is to be set. Followed by the current (or extended) stream=value tags. Default to "tos" if missing for backward compatibility So we end up with: qos_flows tos parent-hit=0xA sibling-hit=0xB qos_flows mark local-miss=0x1 The current src/ip/QosConfig.h fields may become a sub-struct of fields if there is a double-up in wanting to label a stream with both TOS and mark. Amos
