setting DiffServ in network packets under Linux???
Bill Bogstad
bogstad-e+AXbWqSrlAAvxtiuMwx3w at public.gmane.org
Mon Mar 15 20:29:25 EDT 2010
On Tue, Jan 12, 2010 at 2:58 PM, Kevin D. Clark
<kevin_d_clark-Wuw85uim5zDR7s880joybQ at public.gmane.org> wrote:
>
> Bill Bogstad writes:
>
>> On Wed, Jan 6, 2010 at 4:36 PM, Bill Bogstad wrote:
>> > Does anybody have any idea if there is a programmatic way to set the
>> > DiffServ (Differentiated Services Code Point (DSCP)) field on IP
>> > packets generated by programs running under Linux?
>>
>> Never mind. It appears that you can use setsockopt() with IPPROTO_IP
>> and IP_TOS options to do this.
>> At least that's what the documentation seems to say.
>
> At a previous company, I experimented around with doing this via
> setsockopt(...IP_TOS...) and via iptables. Either way works.
>
> Eventually, I determined (for myself) that doing this via iptables was
> better (for my situation) because setsockopt(...IP_TOS...) requires
> root privileges, and I wanted to minimize the number of places in
> which my server had to run as root.
>
> (in fact, soon after the time that I added this iptables stuff to our
> product I also I added code to my server that disallowed it from
> being run as root, unless the
> "--i-want-to-run-this-server-incorrectly-as-root" flag was set...I
> recommend this pattern...)
I just wanted to let everyone know that things have changed as far as
IP_TOS and Linux are concerned. As of Feb. 2008,
root is no longer required. David Miller decided that other Unix
systems don't have any privilege check so he removed it for Linux as
well. The commit message is here:
http://kerneltrap.org/mailarchive/git-commits-head/2008/2/15/870764
It was backported to the 2.6.24.4 stable release as well: See
http://lwn.net/Articles/274741/
Just some additional info, in case someone runs across this thread
while trying to understand IP_TOS and DiffServ with Linux.
Bill Bogstad
More information about the Discuss
mailing list