Discussion:
message "unable to setsocketopt(IP_TOS)" in logs
Adam Tauno Williams
2018-02-16 11:42:59 UTC
Permalink
On Fri, 2018-02-16 at 08:55 +0100, Chentao Credungtao via Info-cyrus
cyrus/master[7082]: unable to setsocketopt(IP_TOS) service
lmtpunix/unix: Operation not supported 
cyrus/master[7082]: unable to setsocketopt(IP_TOS) service
notify/unix: Operation not supported 
It is likely just the configuration of your host/nodes/whatevers.

ToS is frequently disabled as it is deprecated.  ToS comes from RFC1349
which was obsoleted by RFC2474 and RFC2475.  So in many cases the
failure of the call is treated as a non-critical event.

RFC2474, which obsoletes ToS, was released in December of 1999.

Some routers might still pay attention to ToS bits, but probably not.
And many routers will rewrite your ToS to zero either way.

You can happily ignore these messages.

If you want to dig further you will have to try to grant the process
the CAP_NET_ADMIN capability, which might make it work.

Capabilities are what allow you to do things like run ping as non-root.

# sudo getcap /usr/bin/ping
/usr/bin/ping = cap_net_raw+ep

So you can add the capability to the Cyrus binaries if it is important
to you;  provided the feature is supported in the underlying OS.

sudo setcap  cap_net_admin+ep {application}

Note that there are potential security issues created by giving
applications capabilities.
--
Adam Tauno Williams <mailto:***@whitemice.org> GPG D95ED383
Vladislav Kurz
2018-02-16 11:55:33 UTC
Permalink
Post by Adam Tauno Williams
On Fri, 2018-02-16 at 08:55 +0100, Chentao Credungtao via Info-cyrus
cyrus/master[7082]: unable to setsocketopt(IP_TOS) service
lmtpunix/unix: Operation not supported 
cyrus/master[7082]: unable to setsocketopt(IP_TOS) service
notify/unix: Operation not supported 
Hello all,

I see this too.
Post by Adam Tauno Williams
If you want to dig further you will have to try to grant the process
the CAP_NET_ADMIN capability, which might make it work.
Capabilities are what allow you to do things like run ping as non-root.
# sudo getcap /usr/bin/ping
/usr/bin/ping = cap_net_raw+ep
So you can add the capability to the Cyrus binaries if it is important
to you;  provided the feature is supported in the underlying OS.
Is there a way to tell cyrus not to try to setsocketopt ? (Instead of
allowing it to do that?) I don't need the ToS bits to be set in any way
--
Best Regards
Vladislav Kurz
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/l
Bron Gondwana
2018-02-17 21:34:32 UTC
Permalink
Post by Vladislav Kurz
cyrus/master[7082]: unable to setsocketopt(IP_TOS) service
lmtpunix/unix: Operation not supported
cyrus/master[7082]: unable to setsocketopt(IP_TOS) service
notify/unix: Operation not supported
Hello all,
I see this too.
If you want to dig further you will have to try to grant the process>> the CAP_NET_ADMIN capability, which might make it work.
Capabilities are what allow you to do things like run ping as
non-root.>>
# sudo getcap /usr/bin/ping
/usr/bin/ping = cap_net_raw+ep
So you can add the capability to the Cyrus binaries if it is
important>> to you; provided the feature is supported in the underlying OS.
Is there a way to tell cyrus not to try to setsocketopt ? (Instead of> allowing it to do that?) I don't need the ToS bits to be set in any
way
It looks like: only by patching the source.

/* set IP ToS if supported */
#if defined(SOL_IP) && defined(IP_TOS)
if (s->family == AF_INET || s->family == AF_INET6) {

{ "qosmarking", "cs0", ENUM("cs0", "cs1", "cs2", "cs3", "cs4", "cs5",
"cs6", "cs7", "af11", "af12", "af13", "af21", "af22", "af23", "af31",
"af32", "af33", "af41", "af42", "af43", "ef") }/* This specifies the Class Selector or Differentiated Services
Code Point designation on IP headers (in the ToS field). */

Goodness! It's quite a lot of options! I guess the way to do it would
be to add a "none" option there and have that mean it doesn't try to
setsockopt.
Bron.

--
Bron Gondwana, CEO, FastMail Pty Ltd
***@fastmailteam.com

Loading...