Do not accept connection locally before connection with remote is established, is it possible?

[AngusLkc]

Currently, when proxied application makes a connection, it immediately succeeds as if port is always open. This works very differently from proxychains, which waits to establish connection with the remote. It is a subtle difference, but it breaks software that needs to check if port is truly open.

I am not familiar with LWIP and usage of namespaces - I couldn't identify area where connection is "accepted" locally.

Do you think it is even possible with the current architecture? And if yes, perhaps could point me to where to look at relevant pieces of the code, so I could try my hand at tweaking it?

[heiher]

I understand your point. Implementing a transparent proxy based on Netfilter presents significant challenges. However, I believe achieving this with a Tunnel-based transparent proxy is feasible.

In the HevSocks5Session, add a HevTaskCond to signal completion after establishing a connection with the remote server and then wait for it here. The side effect is that if one remote connection responds slowly, it may impact the establishment of other local connections.

hev-socks5-tunnel/src/hev-socks5-tunnel.c

Lines 161 to 162 in b918576

	return ERR_OK;