Run as non-root

README.md

@@ -36,9 +36,24 @@ USAGE
     [-h|--help]
 ```
 
-- udpbroadcastrelay must be run as root to be able to create a raw
-  socket (necessary) to send packets as though they originated from the
-  original sender.
+- udpbroadcastrelay must be run as root or via `sudo` to be able to 
+  create a raw socket (necessary) to send packets as though they 
+  originated from the original sender. 
+- If using a non-root sudoer user to run udpbroadcastrelay, special 
+  considerations may need to be addressed if running within a container
+  (e.g. docker). 
+  - The following capabilities may be required: 
+      - net_raw
+      - net_admin
+      - sys_module
+
+    See [here](https://docs.redhat.com/en/documentation/red_hat_enterprise_linux_atomic_host/7/html/container_security_guide/linux_capabilities_and_seccomp#linux_capabilities_and_seccomp) for more details.
+  - The container image itself may require the cap_net_raw to be enabled
+    in the DOCKERFILE: 
+    ```
+    RUN apk add sudo libcap
+    RUN setcap 'cap_net_raw+ep' /runtime/udp-broadcast-relay-redux
+    ```
 - `id` must be unique number between instances with range 1 - 63. This is
   used to set the DSCP of outgoing packets to determine if a packet is an
   echo and should be discarded.

main.c

@@ -2152,6 +2152,13 @@ srandom(time(NULL) ^ getpid());
             perror("SO_REUSEPORT on rcv");
             exit(1);
         }
+
+        if (setsockopt(rcv, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes)) < 0)
+        {
+            perror("SO_REUSEADDR on rcv");
+            exit(1);
+        }
+
         #ifdef __FreeBSD__
             if(setsockopt(rcv, IPPROTO_IP, IP_RECVTTL, &yes, sizeof(yes))<0){
                 perror("IP_RECVTTL on rcv");