From 7184e01c9c02448fa2651c5d1e335ee6b500ccaa Mon Sep 17 00:00:00 2001
From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Fri, 23 Jan 2015 21:08:58 -0800
Subject: [PATCH] Set cap_net_admin capability when Squid sets TOS/Diffserv
 packet values.

In capabilities-capable environments (e.g., Linux with libcap), CAP_NET_ADMIN
capability is required to honor clientside_tos and tcp_outgoing_tos
directives. The code was setting that capability when Netfilter marks or
tproxy was enabled, but missed the clientside_tos and tcp_outgoing_tos cases.

This is a Measurement Factory project
---
 src/tools.cc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/tools.cc b/src/tools.cc
index 076446ef42..21923a090d 100644
--- a/src/tools.cc
+++ b/src/tools.cc
@@ -1319,7 +1319,10 @@ restoreCapabilities(int keep)
         cap_value_t cap_list[10];
         cap_list[ncaps] = CAP_NET_BIND_SERVICE;
         ++ncaps;
-        if (Ip::Interceptor.TransparentActive() || Ip::Qos::TheConfig.isHitNfmarkActive() || Ip::Qos::TheConfig.isAclNfmarkActive()) {
+        if (Ip::Interceptor.TransparentActive() ||
+                Ip::Qos::TheConfig.isHitNfmarkActive() ||
+                Ip::Qos::TheConfig.isAclNfmarkActive() ||
+                Ip::Qos::TheConfig.isAclTosActive()) {
             cap_list[ncaps] = CAP_NET_ADMIN;
             ++ncaps;
         }
-- 
2.47.2