On Tue, 22 Jun 2010 12:26:02 +0100, Andrew Beverley <andy_at_andybev.com>
wrote:
>> > I have done some initial scoping, but have discovered that in order
to
>> > mark a packet using setsockopt(), the process needs to be run as
root.
>>
>> Are you sure it needs root and not just a suitable capability flag?
From
>> what I can tel CAP_NET_ADMIN is sufficient.
>
> You're right, it only needs CAP_NET_ADMIN. I've just hacked tools.cc to
> add that capability and it worked.
>
> So, is the best way of implementing this to do the same as transparent
> proxying, and check whether the (proposed) marking option is enabled in
> squid.conf when executing restoreCapabilities? If the user has asked for
> packets to be marked, then CAP_NET_ADMIN will be retained. The mark
> would then be applied in comm.cc in a similar way to the TOS settings.
>
> Andy
Cool.
So, do you have a clear use-case we can add to the wiki and commit
message?
What do you think, for the config UI:
qos_flows - adding an initial flag "tos"|"mark" which determines which
marking type is to be set. Followed by the current (or extended)
stream=value tags. Default to "tos" if missing for backward compatibility
So we end up with:
qos_flows tos parent-hit=0xA sibling-hit=0xB
qos_flows mark local-miss=0x1
The current src/ip/QosConfig.h fields may become a sub-struct of fields
if there is a double-up in wanting to label a stream with both TOS and
mark.
Amos
Received on Wed Jun 23 2010 - 07:01:20 MDT
This archive was generated by hypermail 2.2.0 : Wed Jun 23 2010 - 12:00:08 MDT