2 files changed, 35 insertions, 0 deletions

diff --git a/memcached.c b/memcached.c
index d53b607..7871fe8 100644
--- a/memcached.c
+++ b/memcached.c
@@ -292,6 +292,9 @@ static void settings_init(void) {
 #endif
     settings.num_napi_ids = 0;
     settings.memory_file = NULL;
+#ifdef SOCK_COOKIE_ID
+    settings.sock_cookie_id = 0;
+#endif
 }
 
 extern pthread_mutex_t conn_lock;
@@ -3539,6 +3542,13 @@ static int server_socket(const char *interface,
             }
         }
 #endif
+#ifdef SOCK_COOKIE_ID
+        if (settings.sock_cookie_id != 0) {
+            error = setsockopt(sfd, SOL_SOCKET, SOCK_COOKIE_ID, (void *)&settings.sock_cookie_id, sizeof(uint32_t));
+            if (error != 0)
+                perror("setsockopt");
+        }
+#endif
 
         setsockopt(sfd, SOL_SOCKET, SO_REUSEADDR, (void *)&flags, sizeof(flags));
         if (IS_UDP(transport)) {
@@ -4108,6 +4118,9 @@ static void usage(void) {
            flag_enabled_disabled(settings.relaxed_privileges));
 #endif
 #endif
+#ifdef SOCK_COOKIE_ID
+    printf("   - sock_cookie_id:      attributes an ID to a socket for ip filtering/firewalls \n");
+#endif
 #ifdef EXTSTORE
     printf("\n   - External storage (ext_*) related options (see: https://memcached.org/extstore)\n");
     printf("   - ext_path:            file to write to for external storage.\n"
@@ -4837,6 +4850,9 @@ int main (int argc, char **argv) {
 #ifdef MEMCACHED_DEBUG
         RELAXED_PRIVILEGES,
 #endif
+#ifdef SOCK_COOKIE_ID
+        COOKIE_ID,
+#endif
     };
     char *const subopts_tokens[] = {
         [MAXCONNS_FAST] = "maxconns_fast",
@@ -4897,6 +4913,9 @@ int main (int argc, char **argv) {
 #ifdef MEMCACHED_DEBUG
         [RELAXED_PRIVILEGES] = "relaxed_privileges",
 #endif
+#ifdef SOCK_COOKIE_ID
+        [COOKIE_ID] = "sock_cookie_id",
+#endif
         NULL
     };
 
@@ -5664,6 +5683,11 @@ int main (int argc, char **argv) {
                 settings.relaxed_privileges = true;
                 break;
 #endif
+#ifdef SOCK_COOKIE_ID
+            case COOKIE_ID:
+                (void)safe_strtoul(subopts_value, &settings.sock_cookie_id);
+                break;
+#endif
             default:
 #ifdef EXTSTORE
                 // TODO: differentiating response code.
diff --git a/memcached.h b/memcached.h
index 379a993..ba495d3 100644
--- a/memcached.h
+++ b/memcached.h
@@ -37,6 +37,14 @@
 #endif
 #endif
 
+#if defined(__linux__)
+# define SOCK_COOKIE_ID SO_MARK
+#elif defined(__FreeBSD__)
+# define SOCK_COOKIE_ID SO_USER_COOKIE
+#elif defined(__OpenBSD__)
+# define SOCK_COOKIE_ID SO_RTABLE
+#endif
+
 #include "itoa_ljust.h"
 #include "protocol_binary.h"
 #include "cache.h"
@@ -525,6 +533,9 @@ struct settings {
     char *proxy_startfile; /* lua file to run when workers start */
     void *proxy_ctx; /* proxy's state context */
 #endif
+#ifdef SOCK_COOKIE_ID
+    uint32_t sock_cookie_id;
+#endif
 };
 
 extern struct stats stats;