mirror: allow mirroring without explict target

[victorjulien]

Allow omitting the -T option, indicating the target is irrelevant.

The use case is an IDS sensor listening on a dummy interface for the packets sslsplit produces. The IDS will listen in promisc mode, so the target is irrelevant.

How I've tested this:

ip link add decrypted type dummy
ip link set decrypted up
<iptables rules to redirect>
sslsplit -j /tmp/sslsplit/  -S logdir/ -k ca.key -c ca.crt -I decrypted https 0.0.0.0 8443
tcpdump -i decrypted

Replaces #282. If code looks good I'll do the doc side next.

[sonertari]

I'd appreciate the documentation too if you have time. Otherwise, I can do the rest. As you wish. Thanks Victor.

[victorjulien]

The first if condition opts->mirrortarget && !opts->mirrorif on line 513 was supposed to remain, the second on line 517 should go (not both). Because we still require mirrorif if mirrortarget is defined. I guess I wasn't clear, sorry.

Whoops, good catch. Wanted to go too fast.

[victorjulien]

I've pushed some updates, fixing the option check and updating the man page and default config. Should there be other updates?

[sonertari]

I think it's looking good, thanks @victorjulien. I can merge this to the develop branch if you are ok too. @droe can review it there, and it's up to him to merge to the master branch. My guess is that a new release will take a while, so people interested in this change will need to fetch the develop branch until then.

[victorjulien]

Sounds good @sonertari. I've converted it to a non-draft PR.

[victorjulien]

Thanks @sonertari. Would this be something you'd consider for SSLproxy as well? If so I'd be happy to port it and do a PR there as well.

[sonertari]

Thanks @victorjulien, but it's simple enough, I can do that myself, so you can use your time for more difficult stuff like SSLproxy support for Suricata ;-).