rofl0r / microsocks

tiny, portable SOCKS5 server with very moderate resource usage
Other
1.59k stars 277 forks source link

Enable support for SO_MARK on Linux via compile-time flag #38

Open grandrew opened 3 years ago

grandrew commented 3 years ago

This adds the -m <mark_id> option. SO_MARK allows to "mark" all outgoing packets with Linux-stack internal "tag". This enables the Linux network rules to identify these packets and make all sorts of decisions regarding routing and other packet processing.

Special compile flag is needed to enable.

rofl0r commented 3 years ago

i'm not very happy with this PR tbh, not only is it linux-specific, it clutters the entire code with ifdefs.

this could be done a lot less intrusive in the style the existing config_log option is implemented with a single ifdef block that defines a function mark_packet() which does the call, or is nop if compiled out, same for a couple defines for string pieces like #define MARK_OPT "m" or "" for use in getopt etc.

but then the question is whether what is done here couldnt be achieved by other means, for example making your iptables rule based on port of outgoing packet, pid, using a virtual interface that's used for binding only the proxy, etc.

grandrew commented 3 years ago

Thanks for the feedback and the styling ideas! I can fix to match

Let's discuss the rationale.

If you're going to achieve same policybased routing using nftables you would need to:

Having SO_MARK support directly in microsocks is what I expected from a "micro" way of doing a proxy