update doc

bytedance · Jun 11, 2024 · 8b53692 · 8b53692
1 parent 6bff046
commit 8b53692
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 3 deletions.
diff --git a/doc/dev-setup.md b/doc/dev-setup.md
@@ -199,8 +199,6 @@ ln -s /usr/pkg/lib/pkgconfig/lua-5.4.pc /usr/pkg/lib/pkgconfig/lua5.4.pc
 # install python 3.11 or any other versions available on your system, and create links
 pkgin install python311
 ln -s /usr/pkg/bin/python3.11 /usr/pkg/bin/python3
-# build, with quic feature disabled
-cargo build --no-default-features c-ares,hickory,lua54,python
 ```
 
 ## Development Libraries

diff --git a/g3proxy/UserGuide.en_US.md b/g3proxy/UserGuide.en_US.md
@@ -15,6 +15,7 @@
     + [TLS Offloading](#tls-offloading)
     + [TLS Encapsulation](#tls-encapsulation)
     + [SNI Proxy](#sni-proxy)
+    + [Transparent Proxy](#transparent-proxy)
     + [Route Binding](#route-binding)
     + [Proxy Chaining](#proxy-chaining)
     + [Connection Throttling](#connection-throttling)
@@ -242,12 +243,32 @@ Automatically recognize the target address in TLS SNI / HTTP Host headers and fo
 ```yaml
 server:
   - name: sni          # The name needs to be unique, not conflicting with other entries, and should be used for logging & monitoring
-    escaper: default   # Required, can be any type of exit
+    escaper: default   # Required, can be any type of escaper
     type: sni_proxy
     listen:
       address: "[::]:443" # Listen on port 443, but can also support both TLS & HTTP protocol traffic to this port
 ```
 
+### Transparent Proxy
+
+On gateway devices, tcp connections can be configured to be forwarded to TcpTProxy server,
+then the proxy will forward those connections transparently. You can use the following config：
+
+```yaml
+server:
+  - name: transparent
+    escaper: default
+    auditor: default  # If you want to do protocol inspection and TLS interception
+    type: tcp_tproxy
+    listen: "127.0.0.1:1234"
+```
+
+The system level config should be taken is different depending on the OS type:
+
+- Linux [TPROXY](https://docs.kernel.org/networking/tproxy.html).
+- FreeBSD [ipfw fwd](https://man.freebsd.org/cgi/man.cgi?query=ipfw).
+- OpenBSD [pf divert-to](https://man.openbsd.org/pf.conf.5#divert-to).
+
 ### Route Binding
 
 When there are multiple network routes on a machine and you need to bind to one of them when accessing a target website, specify the Bind IP in the outbound configuration, using DirectFixed as an example:

diff --git a/g3proxy/UserGuide.zh_CN.md b/g3proxy/UserGuide.zh_CN.md
@@ -15,6 +15,7 @@
     + [TLS卸载](#tls卸载)
     + [TLS封装](#tls封装)
     + [SNI代理](#sni代理)
+    + [透明代理](#透明代理)
     + [线路绑定](#线路绑定)
     + [代理串联](#代理串联)
     + [连接限速](#连接限速)
@@ -251,6 +252,25 @@ server:
       address: "[::]:443" # 监听443端口，但可以同时支持发往该端口的TLS & HTTP协议流量
 ```
 
+### 透明代理
+
+在网关设备上，可以配置将需要代理的TCP连接，转发给TcpTProxy入口，由代理进行透明中转，示例如下：
+
+```yaml
+server:
+  - name: transparent
+    escaper: default
+    auditor: default  # 如果需要进行协议识别及TLS劫持等
+    type: tcp_tproxy
+    listen: "127.0.0.1:1234"
+```
+
+需要使用的系统配置取决于系统类型：
+
+- Linux [TPROXY](https://docs.kernel.org/networking/tproxy.html)。
+- FreeBSD [ipfw fwd](https://man.freebsd.org/cgi/man.cgi?query=ipfw)。
+- OpenBSD [pf divert-to](https://man.openbsd.org/pf.conf.5#divert-to)。
+
 ### 线路绑定
 
 机器上具有多条网络线路，需要绑定其中一条访问目标网站时，需要在出口指定Bind的IP,以DirectFixed出口为例：