On 07/03/2015 12:27 PM, Patrik Flykt wrote: > On Fri, 2015-07-03 at 10:31 +0200, Daniel Wagner wrote: >> I am afraid, but the work for getting it routed to the right interface >> is not finished yet. >> >> So the initial plan was to go with SO_MARK set via a cgroup controller >> if you don't want to touch your application. For testing purpose you >> could either hack your application to set the SO_MARK option correctly >> or you hack one of the network cgroup controllers to allow setting the >> SO_MARK as well. > > This applies if you have a group of processes that cannot be matched > otherwise. As long as one uses UID matching and all processes are run > with the same UID this should not be a problem?
Yes, you are right. I got confused about the matching. Hmm, I just wonder how we get the packets coming from the application into the policy routing table. Something needs to set the SO_MARK/fwmark. The connman-OUTPUT iptables chain is too late for this. /me looks into the code _______________________________________________ connman mailing list [email protected] https://lists.connman.net/mailman/listinfo/connman
