man/man7/ip.7: Document capabilities to use IP_TRANSPARENT

CAP_NET_ADMIN has been overkill to use setsockopt(IP_TRANSPARENT)
since a discussion on LKML[1] and a patch[2] in 2011.  All that is
left to do is to let devs know they don't need CAP_NET_ADMIN.

[2] linux.git 6cc7a765c298 (2011-10-20; "net: allow CAP_NET_RAW to set socket options IP{,V6}_TRANSPARENT")

Link: [1] <https://lore.kernel.org/netdev/20111020.182214.629562655202957174.davem@davemloft.net/T/>
Signed-off-by: Matthieu Buffet <matthieu@buffet.re>
Message-ID: <20250307222244.597006-1-matthieu@buffet.re>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

diff --git a/man/man7/ip.7 b/man/man7/ip.7
index e75aa7ca40a4704e5f0433a5e99fd9186ec1d80e..00e5274c552a31fceb6b2e5d7ce9bbbcfc26ae24 100644 (file)
--- a/man/man7/ip.7
+++ b/man/man7/ip.7
@@ -1088,6 +1088,8 @@ socket option).
 Enabling this socket option requires superuser privileges
 (the
 .B CAP_NET_ADMIN
+or
+.B CAP_NET_RAW
 capability).
 .IP
 TProxy redirection with the iptables TPROXY target also requires that