==============================================================

Socks5++ - Single-thread multiplexed SOCKS5 proxy server.

Copyright (C) 2025,2026 by Matt Roberts, KK5JY.
All rights reserved.

License: GPL3 (www.gnu.org)

==============================================================


* Quick Start *

+ To build the project, run 'make'.
+ To see available command-line options, run 'socks5pp -h'.


* Features *

This is a lightweight SOCKS5 proxy that uses I/O multiplexing
to support large numbers of connections without the need for
multithreading.  The application is written in C++.  The
compliler should support at least C++ 11.

Name resolution (aka "socks5h") is supported through external
resolver processes.  Three different resolvers are provided,
and can be selected using the -R option.  By default, the
's5resolver' is used, which uses system-wide default DNS
settings.  's5host' can be used to call the 'host' program
to resolve names, which provides more flexibility and user
options for custom installations.  For encrypted DNS lookups,
the 's5dnstls' program implements a DNS/TLS client.

Name resolution is disabled by default.  Most browsers now
require name resolution to be enabled for SOCKS5, regardless
of browser settings otherwise.  At a minimum, a few resolvers
should be started for most installations, e.g., 'socs5pp -r 5'


* Limitations *

Client authentication is not supported, nor will it be.  The
SOCKS5 authentication mechanisms are poorly defined by the
text of RFC-1928.  Client support is also inconsistent.  This
is especially true with browsers, which already have shaky
SOCKS5 support.

Likewise, encryption is not supported, since that has to be
negotiated just like authentication.  SOCKS encryption is of
limited value, since the proxied protocols can exchange any
encryption or authentication mechanism needed between the
endpoints.

If you need authentication or encryption of the SOCKS traffic
itself, e.g, when the SOCKS5 servers is located on a distant
network, you can wrap the SOCKS5 traffic in SSL, using stunnel
or similar, or using a VPN of your choice.

Some access control is provided.  Use the -i and -I options to
limit binding the SOCKS5 listener to a safe interface or
virtual interface.  The -a option can further restrict the 
address range for allowed clients.

** EOF: 00-README.txt **
