On Sun, Oct 07, 2001 at 11:49:35PM +0400, Alexey Kuznetsov wrote:
> Hello!
>
> > A part of DSCP field was previously Precedence.
> >
> > Linux has required that in order to use 'Critical' or higher Precedence,
> > one must have CAP_NET_ADMIN capability, in most cases, root.
> >
> > I'm not one to say whether this restriction should be removed. Perhaps.
>
> Not removed, but made _stronger_.
>
> Essentially, allowing user to set an arbitrary DSCP is an evidence of security
> hole and subject of CAP_NET_RAW or ADMIN. Actually, one of considered
> variants was to allow to set by default only three values: 0 and those
> which used to correspong low-delay and high-throghput.
Hi,
This is very interesting information, since I am trying to develop
an application which uses Diffserv, but works on multiple
operating systems.
Can you point me to a document which explains what these
CAP_NET_ADMIN is, and how it is related to setting DSCP values?
If there is no formal document, can you direct me to a section
of the Linux kernel which I can grep to see how this works?
I'm a newbie to Linux kernel networking internals, so some
guidance would be appreciated. :)
--
Craig Rodrigues
http://www.gis.net/~craigr
rodrigc@xxxxxxxxxxxx
|