From: Matthieu Buffet <matthieu@buffet.re>
Date: Fri, 7 Mar 2025 22:22:44 +0000 (+0100)
Subject: man/man7/ip.7: Document capabilities to use IP_TRANSPARENT
X-Git-Tag: man-pages-6.14~55
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0c1e05eb27abb5e8ed2aafca1af064e13867165a;p=thirdparty%2Fman-pages.git

man/man7/ip.7: Document capabilities to use IP_TRANSPARENT

CAP_NET_ADMIN has been overkill to use setsockopt(IP_TRANSPARENT)
since a discussion on LKML[1] and a patch[2] in 2011.  All that is
left to do is to let devs know they don't need CAP_NET_ADMIN.

[2] linux.git 6cc7a765c298 (2011-10-20; "net: allow CAP_NET_RAW to set socket options IP{,V6}_TRANSPARENT")

Link: [1] <https://lore.kernel.org/netdev/20111020.182214.629562655202957174.davem@davemloft.net/T/>
Signed-off-by: Matthieu Buffet <matthieu@buffet.re>
Message-ID: <20250307222244.597006-1-matthieu@buffet.re>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---

diff --git a/man/man7/ip.7 b/man/man7/ip.7
index e75aa7ca4..00e5274c5 100644
--- a/man/man7/ip.7
+++ b/man/man7/ip.7
@@ -1088,6 +1088,8 @@ socket option).
 Enabling this socket option requires superuser privileges
 (the
 .B CAP_NET_ADMIN
+or
+.B CAP_NET_RAW
 capability).
 .IP
 TProxy redirection with the iptables TPROXY target also requires that