heiher
commented
1 week ago I understand your point. Implementing a transparent proxy based on Netfilter presents significant challenges. However, I believe achieving this with a Tunnel-based transparent proxy is feasible.
In the HevSocks5Session, add a HevTaskCond to signal completion after establishing a connection with the remote server and then wait for it here. The side effect is that if one remote connection responds slowly, it may impact the establishment of other local connections.
Currently, when proxied application makes a connection, it immediately succeeds as if port is always open. This works very differently from proxychains, which waits to establish connection with the remote. It is a subtle difference, but it breaks software that needs to check if port is truly open.
I am not familiar with LWIP and usage of namespaces - I couldn't identify area where connection is "accepted" locally.
Do you think it is even possible with the current architecture? And if yes, perhaps could point me to where to look at relevant pieces of the code, so I could try my hand at tweaking it?