> >| netfilter_add_tag("public-addresses-proxied-via-tor");
> >| netfilter_add_tag("internal-addresses-directly");
> >| netfilter_remove_tag("proxy-dns");
> >| execlp("wget", ...);
>
> A socket option, SO_MARK, for use with setsockopt/getsockopt.
but setsockopt is per socket. i'm looking for something that is
per process (and inherited by children - in the example, wget).
this is to replace what i do at the moment, namely
| setgid(123);
| execlp("wget", ...);
and
# iptables ... -m owner --gid-owner 123 ...
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
