[MEDIUM] support fully transparent proxy on Linux (USE_LINUX_TPROXY)
Using some Linux kernel patches, it is possible to redirect non-local
traffic to local sockets when IP forwarding is enabled. In order to
enable this option, we introduce the "transparent" option keyword on
the "bind" command line. It will make the socket reachable by remote
sources even if the destination address does not belong to the machine.
diff --git a/Makefile b/Makefile
index 17d9dd1..43c05fd 100644
--- a/Makefile
+++ b/Makefile
@@ -19,6 +19,7 @@
# USE_STATIC_PCRE : enable static libpcre. Recommended.
# USE_TCPSPLICE : enable tcp_splice() on Linux (needs kernel patch).
# USE_TPROXY : enable transparent proxy. Automatic.
+# USE_LINUX_TPROXY : enable full transparent proxy (need kernel patch).
#
# Options can be forced by specifying "USE_xxx=1" or can be disabled by using
# "USE_xxx=" (empty string).
@@ -291,6 +292,11 @@
BUILD_OPTIONS += $(call ignore_implicit,USE_TPROXY)
endif
+ifneq ($(USE_LINUX_TPROXY),)
+OPTIONS_CFLAGS += -DCONFIG_HAP_LINUX_TPROXY
+BUILD_OPTIONS += $(call ignore_implicit,USE_LINUX_TPROXY)
+endif
+
ifneq ($(USE_POLL),)
OPTIONS_CFLAGS += -DENABLE_POLL
OPTIONS_OBJS += src/ev_poll.o