chnet.patch

 Makefile                         | 10 ++---
 README.md                        | 97 ++++++++++++++++++++++++++++++----------
 src/core/src/hev-socks5-server.c | 42 ++++++++++-------
 3 files changed, 103 insertions(+), 46 deletions(-)
 
diff --git a/Makefile b/Makefile
index 4fec989e7531d10c..db449cb220f2e6c7 100644
--- a/Makefile
+++ b/Makefile
@@ -10,10 +10,10 @@ CCFLAGS=-O3 -pipe -Wall -Werror $(CFLAGS) \
 		-I$(SRCDIR)/misc \
 		-I$(SRCDIR)/core/include  \
 		-I$(THIRDPARTDIR)/yaml/src \
-		-I$(THIRDPARTDIR)/hev-task-system/include
+		-I$(THIRDPARTDIR)/hev-task-system/include -static
 LDFLAGS=-L$(THIRDPARTDIR)/yaml/bin -lyaml \
 		-L$(THIRDPARTDIR)/hev-task-system/bin -lhev-task-system \
-		-lcrypto -lpthread
+		-lcrypto -lpthread -static
 
 SRCDIR=src
 BINDIR=bin
@@ -23,7 +23,7 @@ INSTDIR=/usr/local
 THIRDPARTDIR=third-part
 
 CONFIG=$(CONFDIR)/main.yml
-TARGET=$(BINDIR)/hev-socks5-server
+TARGET=$(BINDIR)/hoody-socks5-server
 THIRDPARTS=$(THIRDPARTDIR)/yaml $(THIRDPARTDIR)/hev-task-system
 
 -include build.mk
@@ -89,8 +89,8 @@ $(TARGET) : $(LDOBJS) tp-build
 	$(ECHO_PREFIX) mkdir -p $(dir $@)
 	$(ECHO_PREFIX) $(CC) -o $@ $(LDOBJS) $(LDFLAGS)
 	@printf $(LINKMSG) $@
-	$(ECHO_PREFIX) $(STRIP) $@
-	@printf $(STRIPMSG) $@
+	#$(ECHO_PREFIX) $(STRIP) $@
+	#@printf $(STRIPMSG) $@
 
 $(BUILDDIR)/%.dep : $(SRCDIR)/%.c
 	$(ECHO_PREFIX) mkdir -p $(dir $@)
diff --git a/README.md b/README.md
index 0af84cecd15a03d7..fe972a20e4c0546e 100644
--- a/README.md
+++ b/README.md
@@ -1,40 +1,46 @@
-# HevSocks5Server
+# HoodySocks5Server
 
 [![status](https://gitlab.com/hev/hev-socks5-server/badges/master/pipeline.svg)](https://gitlab.com/hev/hev-socks5-server/commits/master)
 
-HevSocks5Server is a simple, lightweight socks5 server for Unix.
+HoodySocks5Server (C++) is a simple, lightweight, high-performance SOCKS5 server for Unix, initially based on `HevSocks5Server`, improved by the developer (hev) himself as well as internally.
 
-**Features**
+**Available Features**
 * IPv4/IPv6. (dual stack)
 * Standard `CONNECT` command.
 * Standard `UDP ASSOCIATE` command.
 * Extended `FWD UDP` command. (UDP in TCP)
+* Multi-Threaded
 * Multiple username/password authentication.
-
+* Fake-security for non-auth mode for Hoody chnet
+* SuperProxy mode - Multiple bind addresses
+* Limit the number of concurrent connections per username/password
+* Hot reload credentials
+* Hot reload bind address
+
+**Upcoming Features**
+* Multiple listen address
+* Dynamic routing (multiple set of bind-address) based on socket endpoint (DNS/IP)
+* Benchmarking tool
+* IP Block
+* Built-in encryption system, compatible with Hoody signatures
+* Automatic worker threads scaling
+  
 ## How to Build
 
-**Unix**:
 ```bash
-git clone --recursive https://github.com/heiher/hev-socks5-server
-cd hev-socks5-server
-make
+# sudo apt-get install libssl-dev -y
+git clone --recursive https://github.com/Hoody-Network/HoodySocks5Server/
+cd HoodySocks5Server
+make -j
 
 # statically link
 make ENABLE_STATIC=1
 ```
 
-**Android**:
-```bash
-mkdir hev-socks5-server
-cd hev-socks5-server
-git clone --recursive https://github.com/heiher/hev-socks5-server jni
-cd jni
-ndk-build
-```
 
 ## How to Use
 
-### Config
+### Config with bind-address as file (with Hot Reload)
 
 ```yaml
 main:
@@ -75,29 +81,72 @@ main:
 #  limit-nofile: 65535
 ```
 
+### Config with bind-address hardcoded in Yaml file (NO Hot Reload)
+
+```yaml
+main:
+  # Worker threads
+  workers: 4
+  # Listen port
+  port: 1080
+  # Listen address (ipv4|ipv6)
+  listen-address: '::'
+  # Listen ipv6 only
+  listen-ipv6-only: false
+  # Bind source address (ipv4|ipv6)
+  bind-address:
+    - 127.0.0.1
+    - 192.168.50.1
+  # Domain address type (ipv4|ipv6|unspec)
+  domain-address-type: ipv4
+
+#auth:
+#  file: conf/auth.txt
+#  username:
+#  password:
+
+```
+
 ### Authentication file
 
 ```
 <USERNAME> <SPACE> <PASSWORD> <SPACE> <LIMIT> <LF>
 ```
 
+### SuperProxy mode
+
+When multiple bind-address are available, it will pick a random one for each socket created (UDP supported too), this is because TLS handshakes often break when changing IP during negociation, so we keep the same Exit IP (bind-address) for that socket. 
+
+
 ### Run
 
 ```bash
-bin/hev-socks5-server conf/main.yml
+bin/hoody-socks5-server conf/main.yml
 ```
 
+### Limit concurrent connections per username
+
+This feature is to be used carefully, browsers/apps often establish 4-5 connections to the same SOCKS5 server, in authentication file, specifiy <LIMIT> after the password.
+
+`testlogin testpassword 10` # Will limit to 10 concurrent connections for this user.
+
+
 ### Live updating authentication file
 
 Send signal `SIGUSR1` to socks5 server process after the authentication file is updated.
 
 ```bash
-killall -SIGUSR1 hev-socks5-server
+killall -SIGUSR1 hoody-socks5-server
 ```
 
-## Contributors
-* **hev** - https://hev.cc
-* **pexcn** - <[email protected]>
+### Live updating bind address file
+
+Send signal `SIGUSR2` to socks5 server process after the bind address file is updated.
+
+```bash
+killall -SIGUSR2 hoody-socks5-server
+```
+  
+## Binaries
 
-## License
-GPLv3
+/binaries/ contains `hoody-socks5-server` for ease of use.
diff --git a/src/core/src/hev-socks5-server.c b/src/core/src/hev-socks5-server.c
index 6abd967be7257f5e..6a92bd44b3540d9b 100644
--- a/src/core/src/hev-socks5-server.c
+++ b/src/core/src/hev-socks5-server.c
@@ -65,9 +65,8 @@ static int
 hev_socks5_server_read_auth_method (HevSocks5Server *self)
 {
     HevSocks5Auth auth;
-    HevSocks5AuthMethod method;
+    uint8_t i;
     int res;
-    int i;
 
     LOG_D ("%p socks5 server read auth method", self);
 
@@ -78,11 +77,6 @@ hev_socks5_server_read_auth_method (HevSocks5Server *self)
         return -1;
     }
 
-    if (auth.ver != HEV_SOCKS5_VERSION_5) {
-        LOG_E ("%p socks5 server auth.ver %u", self, auth.ver);
-        return -1;
-    }
-
     res = hev_task_io_socket_recv (HEV_SOCKS5 (self)->fd, &auth.methods,
                                    auth.method_len, MSG_WAITALL,
                                    task_io_yielder, self);
@@ -91,20 +85,34 @@ hev_socks5_server_read_auth_method (HevSocks5Server *self)
         return -1;
     }
 
-    if (self->auth)
-        method = HEV_SOCKS5_AUTH_METHOD_USER;
-    else
-        method = HEV_SOCKS5_AUTH_METHOD_NONE;
+    /*
+     * No auth is only for chnet.
+     */
+    if (auth.method_len == 1 && auth.methods[0] == HEV_SOCKS5_AUTH_METHOD_NONE) {
 
-    res = -1;
-    for (i = 0; i < auth.method_len; i++) {
-        if (auth.methods[i] == method) {
-            res = method;
-            break;
+        // chnet specific check
+        if (auth.ver != 0x77) {
+            LOG_E ("%p socks5 server received invalid chnet request", self);
+            return -1;
         }
+
+        return HEV_SOCKS5_AUTH_METHOD_NONE;
+    }
+
+    if (auth.ver != HEV_SOCKS5_VERSION_5) {
+        LOG_E ("%p socks5 server received invalid socks5 version %u", self, auth.ver);
+        return -1;
+    }
+
+    if (!self->auth)
+        return -1;
+
+    for (i = 0; i < auth.method_len; i++) {
+        if (auth.methods[i] == HEV_SOCKS5_AUTH_METHOD_USER)
+            return HEV_SOCKS5_AUTH_METHOD_USER;
     }
 
-    return res;
+    return -1;
 }
 
 static int