On 28/08/14 02:56, Sage Weil wrote:
> I seem to remember someone telling me there were hooks/hints you could
> call that would tag either a socket or possibly data on that socket with a
> label for use by iptables and such.. but I forget what it was.
>
Something like setsockopt() SO_MARK?
*SO_MARK *(since Linux 2.6.25)
Set the mark for each packet sent through this socket (similar
to the netfilter MARK target but socket-based). Changing the
mark can be used for mark-based routing without netfilter or
for packet filtering. Setting this option requires the
*CAP_NET_ADMIN *capability.
Alternatively, directly set IP_TOS options on the socket, or SO_PRIORITY
which sets the IP TOS bits as well.
