В Вск, 23/10/2011 в 17:18 +0000, p. awa пишет:
> > >| netfilter_add_tag("public-addresses-proxied-via-tor");
> > >| netfilter_add_tag("internal-addresses-directly");
> > >| netfilter_remove_tag("proxy-dns");
> > >| execlp("wget", ...);
> >
> > A socket option, SO_MARK, for use with setsockopt/getsockopt.
>
> but setsockopt is per socket. i'm looking for something that is
> per process (and inherited by children - in the example, wget).
> this is to replace what i do at the moment, namely
>
> | setgid(123);
> | execlp("wget", ...);
>
> and
>
> # iptables ... -m owner --gid-owner 123 ...
Well, you could do interposition of libc's socket() with LD_PRELOAD, and
call setsockopt SO_MARK in the wrapper.
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
