I have noticed that ATS frequently attempts and fails to set the SO_MARK socket option. As we do not use packet marks, it would be nice to make setting SO_MARK configurable.
setsockopt(57001, SOL_SOCKET, SO_MARK, , 4) = -1 EPERM (Operation not permitted)
SO_MARK (since Linux 2.6.25) Set the mark for each packet sent through this socket (similar to the netfilter MARK target but socket-based). Changing the mark can be used for mark-based routing without netfilter or for packet filtering. Setting this option requires the CAP_NET_ADMIN capa‐ bility.
In our environment, neither trafficserver.service nor trafficserver-tls.service have CAP_NET_ADMIN.
Similarly, ATS tries to set IP_TOS too. From ip(7):
IP_TOS (since Linux 1.0) Set or receive the Type-Of-Service (TOS) field that is sent with every IP packet origi‐ nating from this socket. It is used to prioritize packets on the network. TOS is a byte. There are some standard TOS flags defined: IPTOS_LOWDELAY to minimize delays for interactive traffic, IPTOS_THROUGHPUT to optimize throughput, IPTOS_RELIABILITY to opti‐ mize for reliability, IPTOS_MINCOST should be used for "filler data" where slow trans‐ mission doesn't matter. At most one of these TOS values can be specified. Other bits are invalid and shall be cleared. Linux sends IPTOS_LOWDELAY datagrams first by de‐ fault, but the exact behavior depends on the configured queueing discipline. Some high- priority levels may require superuser privileges (the CAP_NET_ADMIN capability).