> Alexey can complain next week when he comes back online. :-)
Nothing to complain. 8)
BTW, Paul, we can make one interesting thing now.
Namely, something sort of setsockopt(SO_NFMARK).
After this you can override socket(2) (f.e. with LD_PRELOAD
or on application level) and select nfmark depending
on some environment variable.
The only problem is how to prevent user to override
internal nfmarks (nat). Well, and security implications are to be
analyzed. Probably, it is enough to add sysctl variable sort of
nfmark_user_mask (set to zero by default) and allow to change
nfmark via setsockopt() only if (nfmark_user_mask&nfmark) == nfmark.