Enable support for SO_MARK on Linux via compile-time flag

[grandrew]

This adds the -m <mark_id> option. SO_MARK allows to "mark" all outgoing packets with Linux-stack internal "tag". This enables the Linux network rules to identify these packets and make all sorts of decisions regarding routing and other packet processing.

Special compile flag is needed to enable.

[rofl0r]

i'm not very happy with this PR tbh, not only is it linux-specific, it clutters the entire code with ifdefs.

this could be done a lot less intrusive in the style the existing config_log option is implemented with a single ifdef block that defines a function mark_packet() which does the call, or is nop if compiled out, same for a couple defines for string pieces like #define MARK_OPT "m" or "" for use in getopt etc.

but then the question is whether what is done here couldnt be achieved by other means, for example making your iptables rule based on port of outgoing packet, pid, using a virtual interface that's used for binding only the proxy, etc.

[grandrew]

Thanks for the feedback and the styling ideas! I can fix to match

Let's discuss the rationale.

If you're going to achieve same policybased routing using nftables you would need to:

• manage multiple rules in multiple chains per one single microsocks instance AND still write the routing rules and tables - which is messy
• you will need multiple kernel modules that might not be present on the system
• the nftables package (or iptables package) might not be available on an embedded router, esp. the required userspace libraries as they take a lot of space
• marking the packets at the socket is faster (which is important for embedded device)

Having SO_MARK support directly in microsocks is what I expected from a "micro" way of doing a proxy