On Wed, 10 Oct 2001, Craig Rodrigues wrote:
> On Sun, Oct 07, 2001 at 11:49:35PM +0400, Alexey Kuznetsov wrote:
> > Hello!
> >
> > > A part of DSCP field was previously Precedence.
> > >
> > > Linux has required that in order to use 'Critical' or higher Precedence,
> > > one must have CAP_NET_ADMIN capability, in most cases, root.
> > >
> > > I'm not one to say whether this restriction should be removed. Perhaps.
> >
> > Not removed, but made _stronger_.
> >
> > Essentially, allowing user to set an arbitrary DSCP is an evidence of
> > security
> > hole and subject of CAP_NET_RAW or ADMIN. Actually, one of considered
> > variants was to allow to set by default only three values: 0 and those
> > which used to correspong low-delay and high-throghput.
>
> Hi,
>
> This is very interesting information, since I am trying to develop
> an application which uses Diffserv, but works on multiple
> operating systems.
In the case of diffserv, the DSCP setting is done by the router.
Using Linux as a router allows you to do this.
Settings even by root are not very valuable since in the network they will
be overriden.
> Can you point me to a document which explains what these
> CAP_NET_ADMIN is, and how it is related to setting DSCP values?
>
Think about it: if actually the network cared about dscp value, as set by
joe_l00s3r, we would have chaos. Everyone would be trying to get the
highest qos at the expense of the rest of the world.
Hope this helps
cheers,
jamal
> If there is no formal document, can you direct me to a section
> of the Linux kernel which I can grep to see how this works?
>
> I'm a newbie to Linux kernel networking internals, so some
> guidance would be appreciated. :)
>
>
> --
> Craig Rodrigues
> http://www.gis.net/~craigr
> rodrigc@xxxxxxxxxxxx
>
|