[NET]: Introducing socket mark socket option.

A userspace program may wish to set the mark for each packets its send
without using the netfilter MARK target. Changing the mark can be used
for mark based routing without netfilter or for packet filtering.

It requires CAP_NET_ADMIN capability.

Signed-off-by: Laszlo Attila Toth <panther@balabit.hu>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 11 insertions, 0 deletions

diff --git a/net/core/sock.c b/net/core/sock.c
index 1c4b1cd16d65..433715fb141a 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -667,6 +667,13 @@ set_rcvbuf:
                 else
                         clear_bit(SOCK_PASSSEC, &sock->flags);
                 break;
+        case SO_MARK:
+                if (!capable(CAP_NET_ADMIN))
+                        ret = -EPERM;
+                else {
+                        sk->sk_mark = val;
+                }
+                break;
 
                 /* We implement the SO_SNDLOWAT etc to
                    not be settable (1003.1g 5.3) */
@@ -836,6 +843,10 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
         case SO_PEERSEC:
                 return security_socket_getpeersec_stream(sock, optval, optlen, len);
 
+        case SO_MARK:
+                v.val = sk->sk_mark;
+                break;
+
         default:
                 return -ENOPROTOOPT;
         }