Is it true that my program needs to have root access in order to change socket options with tproxy?
You need CAP_NET_ADMIN capabilities.
If so, is there a workaround for it?
Either change the code, or make sure your program somehow get's / keeps the CAP_NET_ADMIN caps.
Currently, I have a program running under a non-root user and needs to use tproxy but it keeps getting "Operation not permmited" error when trying to set socket option using tproxy.
You can simply drop all capabilities except CAP_NET_ADMIN and be done with it. See the capabilities and prctl() manpage.
I used my very own kernel module for that, http://jengelh.hopto.org/p/multiadm/ Loading it using `modprobe multiadm Netuid=31` gives UID 31 (squid in my case) CAP_NET_ADMIN. Jan Engelhardt --