Re: [squid-users] Fwd: Squid/Ecap Adapter unable to open RAW Socket

From: Jatin Bhasin <jbhasin83_at_gmail.com>
Date: Tue, 6 May 2014 22:00:00 +1000

Hello,

Thanks for the response. I have to write an application where I have
to send icmp pings when I receive certain data in my eCap adapter. But
I am stuck at this issue and not able to move forward.

I am running squid with cache_effective_user root. What else I would
have to do to be able to open socket in my eCap adapter.

Thanks,
Jatin

On Tue, May 6, 2014 at 9:22 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 6/05/2014 11:16 p.m., Jatin Bhasin wrote:
>> Hello,
>>
>> icmp_sock = socket(PF_INET, SOCK_RAW, IPPROTO_ICMP);
>>
>> The above command works fine in squid. But if I run the same command
>> in my eCap adapter I get an error.
>> EPERM (Operation not permitted).
>>
>> Can you please help? Is this related the way dll are handled in linux.
>
> It is related to the application "effective user" permissions.
>
> The Squid helper program which that code is in requires to be run with
> root user privileges solely in order to do that. Whereas the main Squid
> binary running your eCAP library is operating under a protected /
> unprivileged user account when it processes HTTP traffic.
>
> Why are you trying to do ICMP from an eCAP adaptor?
>
> Amos
>
Received on Tue May 06 2014 - 12:00:09 MDT

This archive was generated by hypermail 2.2.0 : Tue May 06 2014 - 12:00:08 MDT