chore: periodically try fallback

.github/rename-cgo.sh

@@ -15,15 +15,6 @@ do
     elif [[ $FILENAME =~ "windows-4.0-amd64" ]];then
         echo "rename windows amd64 $FILENAME"
         mv $FILENAME clash.meta-windows-amd64-cgo.exe
-    elif [[ $FILENAME =~ "clash.meta-linux-arm-5" ]];then
-        echo "rename clash.meta-linux-arm-5 $FILENAME"
-        mv $FILENAME clash.meta-linux-armv5-cgo
-    elif [[ $FILENAME =~ "clash.meta-linux-arm-6" ]];then
-        echo "rename clash.meta-linux-arm-6 $FILENAME"
-        mv $FILENAME clash.meta-linux-armv6-cgo
-    elif [[ $FILENAME =~ "clash.meta-linux-arm-7" ]];then
-        echo "rename clash.meta-linux-arm-7 $FILENAME"
-        mv $FILENAME clash.meta-linux-armv7-cgo
     elif [[ $FILENAME =~ "linux" ]];then
         echo "rename linux $FILENAME"
         mv $FILENAME $FILENAME-cgo

.github/workflows/build.yml

@@ -16,11 +16,6 @@ on:
       - Alpha
       - Beta
       - Meta
-      
-concurrency:
-  group: ${{ github.ref }}-${{ github.workflow }}
-  cancel-in-progress: true
-  
 env:
   REGISTRY: docker.io
 jobs:
@@ -51,26 +46,25 @@ jobs:
               target: "linux-mips-softfloat linux-mips-hardfloat linux-mipsle-softfloat linux-mipsle-hardfloat",
               id: "4",
             }
-          - { type: "WithoutCGO", target: "linux-386 linux-riscv64", id: "5" }
           - {
               type: "WithoutCGO",
               target: "freebsd-386 freebsd-amd64 freebsd-arm64",
-              id: "6",
+              id: "5",
             }
           - {
               type: "WithoutCGO",
               target: "windows-amd64-compatible windows-amd64 windows-386",
-              id: "7",
+              id: "6",
             }
           - {
               type: "WithoutCGO",
               target: "windows-arm64 windows-arm32v7",
-              id: "8",
+              id: "7",
             }
           - {
               type: "WithoutCGO",
               target: "darwin-amd64 darwin-arm64 android-arm64",
-              id: "9",
+              id: "8",
             }
           - { type: "WithCGO", target: "windows/*", id: "1" }
           - { type: "WithCGO", target: "linux/386", id: "2" }
@@ -114,11 +108,10 @@ jobs:
 
       - name: Set ENV
         run: |
-          sudo timedatectl set-timezone "Asia/Shanghai"
           echo "NAME=clash.meta" >> $GITHUB_ENV
           echo "REPO=${{ github.repository }}" >> $GITHUB_ENV
           echo "ShortSHA=$(git rev-parse --short ${{ github.sha }})" >> $GITHUB_ENV
-          echo "BUILDTIME=$(date)" >> $GITHUB_ENV
+          echo "BUILDTIME=$(date -u)" >> $GITHUB_ENV
           echo "BRANCH=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_ENV
         shell: bash
 
@@ -200,10 +193,6 @@ jobs:
           ls -la
           cd ..
 
-      - name: Save version
-        run: echo ${VERSION} > bin/version.txt
-        shell: bash
-
       - uses: actions/upload-artifact@v3
         if: ${{  success() }}
         with:
@@ -213,7 +202,7 @@ jobs:
   Upload-Prerelease:
     permissions: write-all
     if: ${{ github.ref_type=='branch' }}
-    needs: [Build]
+    needs: [ Build ]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/download-artifact@v3
@@ -232,11 +221,6 @@ jobs:
           tag: Prerelease-${{ github.ref_name }}
           deleteOnlyFromDrafts: false
 
-      - name: Set Env
-        run: |
-          echo "BUILDTIME=$(TZ=Asia/Shanghai date)" >> $GITHUB_ENV
-        shell: bash
-
       - name: Tag Repo
         uses: richardsimko/update-tag@v1.0.6
         with:
@@ -244,46 +228,20 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - run: |
-          cat > release.txt << 'EOF'
-          Release created at  ${{ env.BUILDTIME }}
-          Synchronize ${{ github.ref_name }} branch code updates, keeping only the latest version
-          <br>
-          ### release version
-          `default(not specified in file name)`: compiled with GOAMD64=v3
-          `cgo`: support lwip tun stack, compiled with GOAMD64=v1
-          `compatible`: compiled with GOAMD64=v1
-          Check details between different architectural levels [here](https://github.com/golang/go/wiki/MinimumRequirements#amd64).
-          EOF
-
       - name: Upload Prerelease
         uses: softprops/action-gh-release@v1
         if: ${{  success() }}
         with:
           tag: ${{ github.ref_name }}
           tag_name: Prerelease-${{ github.ref_name }}
-          files: |
-            bin/*
+          files: bin/*
           prerelease: true
           generate_release_notes: true
-          body_path: release.txt
-
-      - name: Git push assets to "release" branch
-        run: |
-          cd bin || exit 1
-          git init
-          git config --local user.name "github-actions[bot]"
-          git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git checkout -b release
-          git add .
-          git commit -m "${{ env.BUILDTIME }}"
-          git remote add origin "https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}"
-          git push -f -u origin release
 
   Upload-Release:
     permissions: write-all
     if: ${{ github.ref_type=='tag' }}
-    needs: [Build]
+    needs: [ Build ]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/download-artifact@v3
@@ -306,7 +264,7 @@ jobs:
 
   Docker:
     permissions: write-all
-    needs: [Build]
+    needs: [ Build ]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
@@ -363,7 +321,5 @@ jobs:
             linux/386
             linux/amd64
             linux/arm64/v8
-            linux/arm/v7
-          #            linux/riscv64
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

Dockerfile

@@ -1,6 +1,4 @@
 FROM alpine:latest as builder
-ARG TARGETPLATFORM
-RUN echo "I'm building for $TARGETPLATFORM"
 
 RUN apk add --no-cache gzip && \
     mkdir /clash-config && \
@@ -12,7 +10,7 @@ COPY docker/file-name.sh /clash/file-name.sh
 WORKDIR /clash
 COPY bin/ bin/
 RUN FILE_NAME=`sh file-name.sh` && echo $FILE_NAME && \
-    FILE_NAME=`ls bin/ | egrep "$FILE_NAME.*"|awk NR==1` && echo $FILE_NAME && \
+    FILE_NAME=`ls bin/ | egrep "$FILE_NAME.*"|awk NR==1` && \
     mv bin/$FILE_NAME clash.gz && gzip -d clash.gz && echo "$FILE_NAME" > /clash-config/test
 FROM alpine:latest
 LABEL org.opencontainers.image.source="https://github.com/MetaCubeX/Clash.Meta"

Makefile

@@ -101,9 +101,6 @@ linux-mips64:
 linux-mips64le:
 	GOARCH=mips64le GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
-linux-riscv64:
-	GOARCH=riscv64 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
-
 android-arm64:
 	GOARCH=arm64 GOOS=android $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 

README.md

@@ -31,7 +31,7 @@
 
 ## Wiki
 
-Documentation and configuring examples are available on [Clash.Meta Wiki](https://clash-meta.wiki).
+Documentation and configuring examples are available on [wiki](https://github.com/MetaCubeX/Clash.Meta/wiki) and [Clash.Meta Wiki](https://docs.metacubex.one/).
 
 ## Build
 

adapter/outbound/base.go

@@ -8,9 +8,10 @@ import (
 	"strings"
 
 	N "github.com/Dreamacro/clash/common/net"
-	"github.com/Dreamacro/clash/common/utils"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
+
+	"github.com/gofrs/uuid"
 )
 
 type Base struct {
@@ -34,7 +35,12 @@ func (b *Base) Name() string {
 // Id implements C.ProxyAdapter
 func (b *Base) Id() string {
 	if b.id == "" {
-		b.id = utils.NewUUIDV6().String()
+		id, err := uuid.NewV6()
+		if err != nil {
+			b.id = b.name
+		} else {
+			b.id = id.String()
+		}
 	}
 
 	return b.id
@@ -205,8 +211,6 @@ func NewConn(c net.Conn, a C.ProxyAdapter) C.Conn {
 type packetConn struct {
 	net.PacketConn
 	chain                   C.Chain
-	adapterName             string
-	connID                  string
 	actualRemoteDestination string
 }
 
@@ -224,13 +228,8 @@ func (c *packetConn) AppendToChains(a C.ProxyAdapter) {
 	c.chain = append(c.chain, a.Name())
 }
 
-func (c *packetConn) LocalAddr() net.Addr {
-	lAddr := c.PacketConn.LocalAddr()
-	return N.NewCustomAddr(c.adapterName, c.connID, lAddr) // make quic-go's connMultiplexer happy
-}
-
 func newPacketConn(pc net.PacketConn, a C.ProxyAdapter) C.PacketConn {
-	return &packetConn{pc, []string{a.Name()}, a.Name(), utils.NewUUIDV4().String(), parseRemoteDestination(a.Addr())}
+	return &packetConn{pc, []string{a.Name()}, parseRemoteDestination(a.Addr())}
 }
 
 func parseRemoteDestination(addr string) string {

adapter/outbound/reality.go

@@ -1,35 +0,0 @@
-package outbound
-
-import (
-	"encoding/base64"
-	"encoding/hex"
-	"errors"
-
-	tlsC "github.com/Dreamacro/clash/component/tls"
-
-	"golang.org/x/crypto/curve25519"
-)
-
-type RealityOptions struct {
-	PublicKey string `proxy:"public-key"`
-	ShortID   string `proxy:"short-id"`
-}
-
-func (o RealityOptions) Parse() (*tlsC.RealityConfig, error) {
-	if o.PublicKey != "" {
-		config := new(tlsC.RealityConfig)
-
-		n, err := base64.RawURLEncoding.Decode(config.PublicKey[:], []byte(o.PublicKey))
-		if err != nil || n != curve25519.ScalarSize {
-			return nil, errors.New("invalid REALITY public key")
-		}
-
-		n, err = hex.Decode(config.ShortID[:], []byte(o.ShortID))
-		if err != nil || n > tlsC.RealityMaxShortIDLen {
-			return nil, errors.New("invalid REALITY short ID")
-		}
-
-		return config, nil
-	}
-	return nil, nil
-}

adapter/outbound/reject.go

@@ -6,7 +6,6 @@ import (
 	"net"
 	"time"
 
-	"github.com/Dreamacro/clash/common/buf"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 )
@@ -17,12 +16,12 @@ type Reject struct {
 
 // DialContext implements C.ProxyAdapter
 func (r *Reject) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
-	return NewConn(nopConn{}, r), nil
+	return NewConn(&nopConn{}, r), nil
 }
 
 // ListenPacketContext implements C.ProxyAdapter
 func (r *Reject) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
-	return newPacketConn(nopPacketConn{}, r), nil
+	return newPacketConn(&nopPacketConn{}, r), nil
 }
 
 func NewReject() *Reject {
@@ -49,37 +48,30 @@ func NewPass() *Reject {
 
 type nopConn struct{}
 
-func (rw nopConn) Read(b []byte) (int, error) {
+func (rw *nopConn) Read(b []byte) (int, error) {
 	return 0, io.EOF
 }
 
-func (rw nopConn) ReadBuffer(buffer *buf.Buffer) error {
-	return io.EOF
-}
-
-func (rw nopConn) Write(b []byte) (int, error) {
+func (rw *nopConn) Write(b []byte) (int, error) {
+	if len(b) == 0 {
+		return 0, nil
+	}
 	return 0, io.EOF
 }
 
-func (rw nopConn) WriteBuffer(buffer *buf.Buffer) error {
-	return io.EOF
-}
-
-func (rw nopConn) Close() error                     { return nil }
-func (rw nopConn) LocalAddr() net.Addr              { return nil }
-func (rw nopConn) RemoteAddr() net.Addr             { return nil }
-func (rw nopConn) SetDeadline(time.Time) error      { return nil }
-func (rw nopConn) SetReadDeadline(time.Time) error  { return nil }
-func (rw nopConn) SetWriteDeadline(time.Time) error { return nil }
-
-var udpAddrIPv4Unspecified = &net.UDPAddr{IP: net.IPv4zero, Port: 0}
+func (rw *nopConn) Close() error                     { return nil }
+func (rw *nopConn) LocalAddr() net.Addr              { return nil }
+func (rw *nopConn) RemoteAddr() net.Addr             { return nil }
+func (rw *nopConn) SetDeadline(time.Time) error      { return nil }
+func (rw *nopConn) SetReadDeadline(time.Time) error  { return nil }
+func (rw *nopConn) SetWriteDeadline(time.Time) error { return nil }
 
 type nopPacketConn struct{}
 
-func (npc nopPacketConn) WriteTo(b []byte, addr net.Addr) (n int, err error) { return len(b), nil }
-func (npc nopPacketConn) ReadFrom(b []byte) (int, net.Addr, error)           { return 0, nil, io.EOF }
-func (npc nopPacketConn) Close() error                                       { return nil }
-func (npc nopPacketConn) LocalAddr() net.Addr                                { return udpAddrIPv4Unspecified }
-func (npc nopPacketConn) SetDeadline(time.Time) error                        { return nil }
-func (npc nopPacketConn) SetReadDeadline(time.Time) error                    { return nil }
-func (npc nopPacketConn) SetWriteDeadline(time.Time) error                   { return nil }
+func (npc *nopPacketConn) WriteTo(b []byte, addr net.Addr) (n int, err error) { return len(b), nil }
+func (npc *nopPacketConn) ReadFrom(b []byte) (int, net.Addr, error)           { return 0, nil, io.EOF }
+func (npc *nopPacketConn) Close() error                                       { return nil }
+func (npc *nopPacketConn) LocalAddr() net.Addr                                { return &net.UDPAddr{IP: net.IPv4zero, Port: 0} }
+func (npc *nopPacketConn) SetDeadline(time.Time) error                        { return nil }
+func (npc *nopPacketConn) SetReadDeadline(time.Time) error                    { return nil }
+func (npc *nopPacketConn) SetWriteDeadline(time.Time) error                   { return nil }

adapter/outbound/shadowsocks.go

@@ -6,19 +6,15 @@ import (
 	"fmt"
 	"net"
 	"strconv"
-	"time"
 
-	N "github.com/Dreamacro/clash/common/net"
 	"github.com/Dreamacro/clash/common/structure"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
-	"github.com/Dreamacro/clash/transport/restls"
 	obfs "github.com/Dreamacro/clash/transport/simple-obfs"
 	shadowtls "github.com/Dreamacro/clash/transport/sing-shadowtls"
 	"github.com/Dreamacro/clash/transport/socks5"
 	v2rayObfs "github.com/Dreamacro/clash/transport/v2ray-plugin"
 
-	restlsC "github.com/3andne/restls-client-go"
 	shadowsocks "github.com/metacubex/sing-shadowsocks"
 	"github.com/metacubex/sing-shadowsocks/shadowimpl"
 	"github.com/sagernet/sing/common/bufio"
@@ -36,22 +32,19 @@ type ShadowSocks struct {
 	obfsOption      *simpleObfsOption
 	v2rayOption     *v2rayObfs.Option
 	shadowTLSOption *shadowtls.ShadowTLSOption
-	restlsConfig    *restlsC.Config
 }
 
 type ShadowSocksOption struct {
 	BasicOption
-	Name              string         `proxy:"name"`
-	Server            string         `proxy:"server"`
-	Port              int            `proxy:"port"`
-	Password          string         `proxy:"password"`
-	Cipher            string         `proxy:"cipher"`
-	UDP               bool           `proxy:"udp,omitempty"`
-	Plugin            string         `proxy:"plugin,omitempty"`
-	PluginOpts        map[string]any `proxy:"plugin-opts,omitempty"`
-	UDPOverTCP        bool           `proxy:"udp-over-tcp,omitempty"`
-	UDPOverTCPVersion int            `proxy:"udp-over-tcp-version,omitempty"`
-	ClientFingerprint string         `proxy:"client-fingerprint,omitempty"`
+	Name       string         `proxy:"name"`
+	Server     string         `proxy:"server"`
+	Port       int            `proxy:"port"`
+	Password   string         `proxy:"password"`
+	Cipher     string         `proxy:"cipher"`
+	UDP        bool           `proxy:"udp,omitempty"`
+	Plugin     string         `proxy:"plugin,omitempty"`
+	PluginOpts map[string]any `proxy:"plugin-opts,omitempty"`
+	UDPOverTCP bool           `proxy:"udp-over-tcp,omitempty"`
 }
 
 type simpleObfsOption struct {
@@ -71,30 +64,31 @@ type v2rayObfsOption struct {
 }
 
 type shadowTLSOption struct {
-	Password       string `obfs:"password"`
-	Host           string `obfs:"host"`
-	Fingerprint    string `obfs:"fingerprint,omitempty"`
-	SkipCertVerify bool   `obfs:"skip-cert-verify,omitempty"`
-	Version        int    `obfs:"version,omitempty"`
-}
-
-type restlsOption struct {
-	Password     string `obfs:"password"`
-	Host         string `obfs:"host"`
-	VersionHint  string `obfs:"version-hint"`
-	RestlsScript string `obfs:"restls-script,omitempty"`
+	Password          string `obfs:"password"`
+	Host              string `obfs:"host"`
+	Fingerprint       string `obfs:"fingerprint,omitempty"`
+	ClientFingerprint string `obfs:"client-fingerprint,omitempty"`
+	SkipCertVerify    bool   `obfs:"skip-cert-verify,omitempty"`
+	Version           int    `obfs:"version,omitempty"`
 }
 
 // StreamConn implements C.ProxyAdapter
 func (ss *ShadowSocks) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
-	// fix tls handshake not timeout
-	ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
-	defer cancel()
-	return ss.StreamConnContext(ctx, c, metadata)
+	switch ss.obfsMode {
+	case shadowtls.Mode:
+		// fix tls handshake not timeout
+		ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
+		defer cancel()
+		var err error
+		c, err = shadowtls.NewShadowTLS(ctx, c, ss.shadowTLSOption)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return ss.streamConn(c, metadata)
 }
 
-func (ss *ShadowSocks) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.Metadata) (net.Conn, error) {
-	useEarly := false
+func (ss *ShadowSocks) streamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	switch ss.obfsMode {
 	case "tls":
 		c = obfs.NewTLSObfs(c, ss.obfsOption.Host)
@@ -107,35 +101,11 @@ func (ss *ShadowSocks) StreamConnContext(ctx context.Context, c net.Conn, metada
 		if err != nil {
 			return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
 		}
-	case shadowtls.Mode:
-		var err error
-		c, err = shadowtls.NewShadowTLS(ctx, c, ss.shadowTLSOption)
-		if err != nil {
-			return nil, err
-		}
-		useEarly = true
-	case restls.Mode:
-		var err error
-		c, err = restls.NewRestls(ctx, c, ss.restlsConfig)
-		if err != nil {
-			return nil, fmt.Errorf("%s (restls) connect error: %w", ss.addr, err)
-		}
-		useEarly = true
 	}
-	useEarly = useEarly || N.NeedHandshake(c)
 	if metadata.NetWork == C.UDP && ss.option.UDPOverTCP {
-		uotDestination := uot.RequestDestination(uint8(ss.option.UDPOverTCPVersion))
-		if useEarly {
-			return ss.method.DialEarlyConn(c, uotDestination), nil
-		} else {
-			return ss.method.DialConn(c, uotDestination)
-		}
-	}
-	if useEarly {
-		return ss.method.DialEarlyConn(c, M.ParseSocksaddr(metadata.RemoteAddress())), nil
-	} else {
-		return ss.method.DialConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
+		return ss.method.DialEarlyConn(c, M.ParseSocksaddr(uot.UOTMagicAddress+":443")), nil
 	}
+	return ss.method.DialEarlyConn(c, M.ParseSocksaddr(metadata.RemoteAddress())), nil
 }
 
 // DialContext implements C.ProxyAdapter
@@ -155,7 +125,15 @@ func (ss *ShadowSocks) DialContextWithDialer(ctx context.Context, dialer C.Diale
 		safeConnClose(c, err)
 	}(c)
 
-	c, err = ss.StreamConnContext(ctx, c, metadata)
+	switch ss.obfsMode {
+	case shadowtls.Mode:
+		c, err = shadowtls.NewShadowTLS(ctx, c, ss.shadowTLSOption)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	c, err = ss.streamConn(c, metadata)
 	return NewConn(c, ss), err
 }
 
@@ -171,12 +149,7 @@ func (ss *ShadowSocks) ListenPacketWithDialer(ctx context.Context, dialer C.Dial
 		if err != nil {
 			return nil, err
 		}
-		destination := M.ParseSocksaddr(metadata.RemoteAddress())
-		if ss.option.UDPOverTCPVersion == 1 {
-			return newPacketConn(uot.NewConn(tcpConn, uot.Request{Destination: destination}), ss), nil
-		} else {
-			return newPacketConn(uot.NewLazyConn(tcpConn, uot.Request{Destination: destination}), ss), nil
-		}
+		return newPacketConn(uot.NewClientConn(tcpConn), ss), nil
 	}
 	addr, err := resolveUDPAddrWithPrefer(ctx, "udp", ss.addr, ss.prefer)
 	if err != nil {
@@ -199,12 +172,7 @@ func (ss *ShadowSocks) SupportWithDialer() bool {
 // ListenPacketOnStreamConn implements C.ProxyAdapter
 func (ss *ShadowSocks) ListenPacketOnStreamConn(c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
 	if ss.option.UDPOverTCP {
-		destination := M.ParseSocksaddr(metadata.RemoteAddress())
-		if ss.option.UDPOverTCPVersion == uot.LegacyVersion {
-			return newPacketConn(uot.NewConn(c, uot.Request{Destination: destination}), ss), nil
-		} else {
-			return newPacketConn(uot.NewLazyConn(c, uot.Request{Destination: destination}), ss), nil
-		}
+		return newPacketConn(uot.NewClientConn(c), ss), nil
 	}
 	return nil, errors.New("no support")
 }
@@ -216,7 +184,7 @@ func (ss *ShadowSocks) SupportUOT() bool {
 
 func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
-	method, err := shadowimpl.FetchMethod(option.Cipher, option.Password, time.Now)
+	method, err := shadowimpl.FetchMethod(option.Cipher, option.Password)
 	if err != nil {
 		return nil, fmt.Errorf("ss %s initialize error: %w", addr, err)
 	}
@@ -224,7 +192,6 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
 	var v2rayOption *v2rayObfs.Option
 	var obfsOption *simpleObfsOption
 	var shadowTLSOpt *shadowtls.ShadowTLSOption
-	var restlsConfig *restlsC.Config
 	obfsMode := ""
 
 	decoder := structure.NewDecoder(structure.Option{TagName: "obfs", WeaklyTypedInput: true})
@@ -273,30 +240,10 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
 			Password:          opt.Password,
 			Host:              opt.Host,
 			Fingerprint:       opt.Fingerprint,
-			ClientFingerprint: option.ClientFingerprint,
+			ClientFingerprint: opt.ClientFingerprint,
 			SkipCertVerify:    opt.SkipCertVerify,
 			Version:           opt.Version,
 		}
-	} else if option.Plugin == restls.Mode {
-		obfsMode = restls.Mode
-		restlsOpt := &restlsOption{}
-		if err := decoder.Decode(option.PluginOpts, restlsOpt); err != nil {
-			return nil, fmt.Errorf("ss %s initialize restls-plugin error: %w", addr, err)
-		}
-
-		restlsConfig, err = restlsC.NewRestlsConfig(restlsOpt.Host, restlsOpt.Password, restlsOpt.VersionHint, restlsOpt.RestlsScript, option.ClientFingerprint)
-		restlsConfig.SessionTicketsDisabled = true
-		if err != nil {
-			return nil, fmt.Errorf("ss %s initialize restls-plugin error: %w", addr, err)
-		}
-
-	}
-	switch option.UDPOverTCPVersion {
-	case uot.Version, uot.LegacyVersion:
-	case 0:
-		option.UDPOverTCPVersion = uot.Version
-	default:
-		return nil, fmt.Errorf("ss %s unknown udp over tcp protocol version: %d", addr, option.UDPOverTCPVersion)
 	}
 
 	return &ShadowSocks{
@@ -317,7 +264,6 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
 		v2rayOption:     v2rayOption,
 		obfsOption:      obfsOption,
 		shadowTLSOption: shadowTLSOpt,
-		restlsConfig:    restlsConfig,
 	}, nil
 }
 

adapter/outbound/trojan.go

@@ -26,28 +26,25 @@ type Trojan struct {
 	gunTLSConfig *tls.Config
 	gunConfig    *gun.Config
 	transport    *gun.TransportWrap
-
-	realityConfig *tlsC.RealityConfig
 }
 
 type TrojanOption struct {
 	BasicOption
-	Name              string         `proxy:"name"`
-	Server            string         `proxy:"server"`
-	Port              int            `proxy:"port"`
-	Password          string         `proxy:"password"`
-	ALPN              []string       `proxy:"alpn,omitempty"`
-	SNI               string         `proxy:"sni,omitempty"`
-	SkipCertVerify    bool           `proxy:"skip-cert-verify,omitempty"`
-	Fingerprint       string         `proxy:"fingerprint,omitempty"`
-	UDP               bool           `proxy:"udp,omitempty"`
-	Network           string         `proxy:"network,omitempty"`
-	RealityOpts       RealityOptions `proxy:"reality-opts,omitempty"`
-	GrpcOpts          GrpcOptions    `proxy:"grpc-opts,omitempty"`
-	WSOpts            WSOptions      `proxy:"ws-opts,omitempty"`
-	Flow              string         `proxy:"flow,omitempty"`
-	FlowShow          bool           `proxy:"flow-show,omitempty"`
-	ClientFingerprint string         `proxy:"client-fingerprint,omitempty"`
+	Name              string      `proxy:"name"`
+	Server            string      `proxy:"server"`
+	Port              int         `proxy:"port"`
+	Password          string      `proxy:"password"`
+	ALPN              []string    `proxy:"alpn,omitempty"`
+	SNI               string      `proxy:"sni,omitempty"`
+	SkipCertVerify    bool        `proxy:"skip-cert-verify,omitempty"`
+	Fingerprint       string      `proxy:"fingerprint,omitempty"`
+	UDP               bool        `proxy:"udp,omitempty"`
+	Network           string      `proxy:"network,omitempty"`
+	GrpcOpts          GrpcOptions `proxy:"grpc-opts,omitempty"`
+	WSOpts            WSOptions   `proxy:"ws-opts,omitempty"`
+	Flow              string      `proxy:"flow,omitempty"`
+	FlowShow          bool        `proxy:"flow-show,omitempty"`
+	ClientFingerprint string      `proxy:"client-fingerprint,omitempty"`
 }
 
 func (t *Trojan) plainStream(c net.Conn) (net.Conn, error) {
@@ -86,7 +83,7 @@ func (t *Trojan) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error)
 	}
 
 	if t.transport != nil {
-		c, err = gun.StreamGunWithConn(c, t.gunTLSConfig, t.gunConfig, t.realityConfig)
+		c, err = gun.StreamGunWithConn(c, t.gunTLSConfig, t.gunConfig)
 	} else {
 		c, err = t.plainStream(c)
 	}
@@ -262,13 +259,6 @@ func NewTrojan(option TrojanOption) (*Trojan, error) {
 		option:   &option,
 	}
 
-	var err error
-	t.realityConfig, err = option.RealityOpts.Parse()
-	if err != nil {
-		return nil, err
-	}
-	tOption.Reality = t.realityConfig
-
 	if option.Network == "grpc" {
 		dialFn := func(network, addr string) (net.Conn, error) {
 			c, err := dialer.DialContext(context.Background(), "tcp", t.addr, t.Base.DialOptions()...)
@@ -295,7 +285,7 @@ func NewTrojan(option TrojanOption) (*Trojan, error) {
 			}
 		}
 
-		t.transport = gun.NewHTTP2Client(dialFn, tlsConfig, tOption.ClientFingerprint, t.realityConfig)
+		t.transport = gun.NewHTTP2Client(dialFn, tlsConfig, tOption.ClientFingerprint)
 
 		t.gunTLSConfig = tlsConfig
 		t.gunConfig = &gun.Config{

adapter/outbound/tuic.go

@@ -42,17 +42,16 @@ type TuicOption struct {
 	DisableSni            bool     `proxy:"disable-sni,omitempty"`
 	MaxUdpRelayPacketSize int      `proxy:"max-udp-relay-packet-size,omitempty"`
 
-	FastOpen             bool   `proxy:"fast-open,omitempty"`
-	MaxOpenStreams       int    `proxy:"max-open-streams,omitempty"`
-	SkipCertVerify       bool   `proxy:"skip-cert-verify,omitempty"`
-	Fingerprint          string `proxy:"fingerprint,omitempty"`
-	CustomCA             string `proxy:"ca,omitempty"`
-	CustomCAString       string `proxy:"ca-str,omitempty"`
-	ReceiveWindowConn    int    `proxy:"recv-window-conn,omitempty"`
-	ReceiveWindow        int    `proxy:"recv-window,omitempty"`
-	DisableMTUDiscovery  bool   `proxy:"disable-mtu-discovery,omitempty"`
-	MaxDatagramFrameSize int    `proxy:"max-datagram-frame-size,omitempty"`
-	SNI                  string `proxy:"sni,omitempty"`
+	FastOpen            bool   `proxy:"fast-open,omitempty"`
+	MaxOpenStreams      int    `proxy:"max-open-streams,omitempty"`
+	SkipCertVerify      bool   `proxy:"skip-cert-verify,omitempty"`
+	Fingerprint         string `proxy:"fingerprint,omitempty"`
+	CustomCA            string `proxy:"ca,omitempty"`
+	CustomCAString      string `proxy:"ca-str,omitempty"`
+	ReceiveWindowConn   int    `proxy:"recv-window-conn,omitempty"`
+	ReceiveWindow       int    `proxy:"recv-window,omitempty"`
+	DisableMTUDiscovery bool   `proxy:"disable-mtu-discovery,omitempty"`
+	SNI                 string `proxy:"sni,omitempty"`
 }
 
 // DialContext implements C.ProxyAdapter
@@ -176,15 +175,6 @@ func NewTuic(option TuicOption) (*Tuic, error) {
 		option.MaxOpenStreams = 100
 	}
 
-	if option.MaxDatagramFrameSize == 0 {
-		option.MaxDatagramFrameSize = option.MaxUdpRelayPacketSize + tuic.PacketOverHead
-	}
-
-	if option.MaxDatagramFrameSize > 1400 {
-		option.MaxDatagramFrameSize = 1400
-	}
-	option.MaxUdpRelayPacketSize = option.MaxDatagramFrameSize - tuic.PacketOverHead
-
 	// ensure server's incoming stream can handle correctly, increase to 1.1x
 	quicMaxOpenStreams := int64(option.MaxOpenStreams)
 	quicMaxOpenStreams = quicMaxOpenStreams + int64(math.Ceil(float64(quicMaxOpenStreams)/10.0))
@@ -197,7 +187,6 @@ func NewTuic(option TuicOption) (*Tuic, error) {
 		MaxIncomingUniStreams:          quicMaxOpenStreams,
 		KeepAlivePeriod:                time.Duration(option.HeartbeatInterval) * time.Millisecond,
 		DisablePathMTUDiscovery:        option.DisableMTUDiscovery,
-		MaxDatagramFrameSize:           int64(option.MaxDatagramFrameSize),
 		EnableDatagrams:                true,
 	}
 	if option.ReceiveWindowConn == 0 {

adapter/outbound/vless.go

@@ -17,7 +17,6 @@ import (
 	"github.com/Dreamacro/clash/component/resolver"
 	tlsC "github.com/Dreamacro/clash/component/tls"
 	C "github.com/Dreamacro/clash/constant"
-	"github.com/Dreamacro/clash/log"
 	"github.com/Dreamacro/clash/transport/gun"
 	"github.com/Dreamacro/clash/transport/socks5"
 	"github.com/Dreamacro/clash/transport/vless"
@@ -42,8 +41,6 @@ type Vless struct {
 	gunTLSConfig *tls.Config
 	gunConfig    *gun.Config
 	transport    *gun.TransportWrap
-
-	realityConfig *tlsC.RealityConfig
 }
 
 type VlessOption struct {
@@ -60,7 +57,6 @@ type VlessOption struct {
 	XUDP              bool              `proxy:"xudp,omitempty"`
 	PacketEncoding    string            `proxy:"packet-encoding,omitempty"`
 	Network           string            `proxy:"network,omitempty"`
-	RealityOpts       RealityOptions    `proxy:"reality-opts,omitempty"`
 	HTTPOpts          HTTPOptions       `proxy:"http-opts,omitempty"`
 	HTTP2Opts         HTTP2Options      `proxy:"h2-opts,omitempty"`
 	GrpcOpts          GrpcOptions       `proxy:"grpc-opts,omitempty"`
@@ -82,6 +78,7 @@ func (v *Vless) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 
 	switch v.option.Network {
 	case "ws":
+
 		host, port, _ := net.SplitHostPort(v.addr)
 		wsOpts := &vmess.WebsocketConfig{
 			Host:                host,
@@ -157,7 +154,7 @@ func (v *Vless) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 
 		c, err = vmess.StreamH2Conn(c, h2Opts)
 	case "grpc":
-		c, err = gun.StreamGunWithConn(c, v.gunTLSConfig, v.gunConfig, v.realityConfig)
+		c, err = gun.StreamGunWithConn(c, v.gunTLSConfig, v.gunConfig)
 	default:
 		// default tcp network
 		// handle TLS And XTLS
@@ -193,7 +190,6 @@ func (v *Vless) streamTLSOrXTLSConn(conn net.Conn, isH2 bool) (net.Conn, error)
 			SkipCertVerify:    v.option.SkipCertVerify,
 			FingerPrint:       v.option.Fingerprint,
 			ClientFingerprint: v.option.ClientFingerprint,
-			Reality:           v.realityConfig,
 		}
 
 		if isH2 {
@@ -483,10 +479,7 @@ func NewVless(option VlessOption) (*Vless, error) {
 	if option.Network != "ws" && len(option.Flow) >= 16 {
 		option.Flow = option.Flow[:16]
 		switch option.Flow {
-		case vless.XRV:
-			log.Warnln("To use %s, ensure your server is upgrade to Xray-core v1.8.0+", vless.XRV)
-			fallthrough
-		case vless.XRO, vless.XRD, vless.XRS:
+		case vless.XRO, vless.XRD, vless.XRS, vless.XRV:
 			addons = &vless.Addons{
 				Flow: option.Flow,
 			}
@@ -526,11 +519,6 @@ func NewVless(option VlessOption) (*Vless, error) {
 		option: &option,
 	}
 
-	v.realityConfig, err = v.option.RealityOpts.Parse()
-	if err != nil {
-		return nil, err
-	}
-
 	switch option.Network {
 	case "h2":
 		if len(option.HTTP2Opts.Host) == 0 {
@@ -565,7 +553,8 @@ func NewVless(option VlessOption) (*Vless, error) {
 		v.gunTLSConfig = tlsConfig
 		v.gunConfig = gunConfig
 
-		v.transport = gun.NewHTTP2Client(dialFn, tlsConfig, v.option.ClientFingerprint, v.realityConfig)
+		v.transport = gun.NewHTTP2Client(dialFn, tlsConfig, v.option.ClientFingerprint)
+
 	}
 
 	return v, nil

adapter/outbound/vmess.go

@@ -11,7 +11,6 @@ import (
 	"strings"
 	"sync"
 
-	N "github.com/Dreamacro/clash/common/net"
 	"github.com/Dreamacro/clash/component/dialer"
 	"github.com/Dreamacro/clash/component/resolver"
 	tlsC "github.com/Dreamacro/clash/component/tls"
@@ -35,35 +34,32 @@ type Vmess struct {
 	gunTLSConfig *tls.Config
 	gunConfig    *gun.Config
 	transport    *gun.TransportWrap
-
-	realityConfig *tlsC.RealityConfig
 }
 
 type VmessOption struct {
 	BasicOption
-	Name                string         `proxy:"name"`
-	Server              string         `proxy:"server"`
-	Port                int            `proxy:"port"`
-	UUID                string         `proxy:"uuid"`
-	AlterID             int            `proxy:"alterId"`
-	Cipher              string         `proxy:"cipher"`
-	UDP                 bool           `proxy:"udp,omitempty"`
-	Network             string         `proxy:"network,omitempty"`
-	TLS                 bool           `proxy:"tls,omitempty"`
-	SkipCertVerify      bool           `proxy:"skip-cert-verify,omitempty"`
-	Fingerprint         string         `proxy:"fingerprint,omitempty"`
-	ServerName          string         `proxy:"servername,omitempty"`
-	RealityOpts         RealityOptions `proxy:"reality-opts,omitempty"`
-	HTTPOpts            HTTPOptions    `proxy:"http-opts,omitempty"`
-	HTTP2Opts           HTTP2Options   `proxy:"h2-opts,omitempty"`
-	GrpcOpts            GrpcOptions    `proxy:"grpc-opts,omitempty"`
-	WSOpts              WSOptions      `proxy:"ws-opts,omitempty"`
-	PacketAddr          bool           `proxy:"packet-addr,omitempty"`
-	XUDP                bool           `proxy:"xudp,omitempty"`
-	PacketEncoding      string         `proxy:"packet-encoding,omitempty"`
-	GlobalPadding       bool           `proxy:"global-padding,omitempty"`
-	AuthenticatedLength bool           `proxy:"authenticated-length,omitempty"`
-	ClientFingerprint   string         `proxy:"client-fingerprint,omitempty"`
+	Name                string       `proxy:"name"`
+	Server              string       `proxy:"server"`
+	Port                int          `proxy:"port"`
+	UUID                string       `proxy:"uuid"`
+	AlterID             int          `proxy:"alterId"`
+	Cipher              string       `proxy:"cipher"`
+	UDP                 bool         `proxy:"udp,omitempty"`
+	Network             string       `proxy:"network,omitempty"`
+	TLS                 bool         `proxy:"tls,omitempty"`
+	SkipCertVerify      bool         `proxy:"skip-cert-verify,omitempty"`
+	Fingerprint         string       `proxy:"fingerprint,omitempty"`
+	ServerName          string       `proxy:"servername,omitempty"`
+	HTTPOpts            HTTPOptions  `proxy:"http-opts,omitempty"`
+	HTTP2Opts           HTTP2Options `proxy:"h2-opts,omitempty"`
+	GrpcOpts            GrpcOptions  `proxy:"grpc-opts,omitempty"`
+	WSOpts              WSOptions    `proxy:"ws-opts,omitempty"`
+	PacketAddr          bool         `proxy:"packet-addr,omitempty"`
+	XUDP                bool         `proxy:"xudp,omitempty"`
+	PacketEncoding      string       `proxy:"packet-encoding,omitempty"`
+	GlobalPadding       bool         `proxy:"global-padding,omitempty"`
+	AuthenticatedLength bool         `proxy:"authenticated-length,omitempty"`
+	ClientFingerprint   string       `proxy:"client-fingerprint,omitempty"`
 }
 
 type HTTPOptions struct {
@@ -98,6 +94,7 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 
 	switch v.option.Network {
 	case "ws":
+
 		host, port, _ := net.SplitHostPort(v.addr)
 		wsOpts := &clashVMess.WebsocketConfig{
 			Host:                host,
@@ -146,12 +143,12 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 				Host:              host,
 				SkipCertVerify:    v.option.SkipCertVerify,
 				ClientFingerprint: v.option.ClientFingerprint,
-				Reality:           v.realityConfig,
 			}
 
 			if v.option.ServerName != "" {
 				tlsOpts.Host = v.option.ServerName
 			}
+
 			c, err = clashVMess.StreamTLSConn(c, tlsOpts)
 			if err != nil {
 				return nil, err
@@ -174,7 +171,6 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 			SkipCertVerify:    v.option.SkipCertVerify,
 			NextProtos:        []string{"h2"},
 			ClientFingerprint: v.option.ClientFingerprint,
-			Reality:           v.realityConfig,
 		}
 
 		if v.option.ServerName != "" {
@@ -193,7 +189,7 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 
 		c, err = clashVMess.StreamH2Conn(c, h2Opts)
 	case "grpc":
-		c, err = gun.StreamGunWithConn(c, v.gunTLSConfig, v.gunConfig, v.realityConfig)
+		c, err = gun.StreamGunWithConn(c, v.gunTLSConfig, v.gunConfig)
 	default:
 		// handle TLS
 		if v.option.TLS {
@@ -202,7 +198,6 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 				Host:              host,
 				SkipCertVerify:    v.option.SkipCertVerify,
 				ClientFingerprint: v.option.ClientFingerprint,
-				Reality:           v.realityConfig,
 			}
 
 			if v.option.ServerName != "" {
@@ -218,24 +213,12 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	}
 	if metadata.NetWork == C.UDP {
 		if v.option.XUDP {
-			if N.NeedHandshake(c) {
-				return v.client.DialEarlyXUDPPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress())), nil
-			} else {
-				return v.client.DialXUDPPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
-			}
+			return v.client.DialEarlyXUDPPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress())), nil
 		} else {
-			if N.NeedHandshake(c) {
-				return v.client.DialEarlyPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress())), nil
-			} else {
-				return v.client.DialPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
-			}
+			return v.client.DialEarlyPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress())), nil
 		}
 	} else {
-		if N.NeedHandshake(c) {
-			return v.client.DialEarlyConn(c, M.ParseSocksaddr(metadata.RemoteAddress())), nil
-		} else {
-			return v.client.DialConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
-		}
+		return v.client.DialEarlyConn(c, M.ParseSocksaddr(metadata.RemoteAddress())), nil
 	}
 }
 
@@ -306,17 +289,9 @@ func (v *Vmess) ListenPacketContext(ctx context.Context, metadata *C.Metadata, o
 		}(c)
 
 		if v.option.XUDP {
-			if N.NeedHandshake(c) {
-				c = v.client.DialEarlyXUDPPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
-			} else {
-				c, err = v.client.DialXUDPPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
-			}
+			c = v.client.DialEarlyXUDPPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
 		} else {
-			if N.NeedHandshake(c) {
-				c = v.client.DialEarlyPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
-			} else {
-				c, err = v.client.DialPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
-			}
+			c = v.client.DialEarlyPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
 		}
 
 		if err != nil {
@@ -455,14 +430,9 @@ func NewVmess(option VmessOption) (*Vmess, error) {
 		v.gunTLSConfig = tlsConfig
 		v.gunConfig = gunConfig
 
-		v.transport = gun.NewHTTP2Client(dialFn, tlsConfig, v.option.ClientFingerprint, v.realityConfig)
-	}
+		v.transport = gun.NewHTTP2Client(dialFn, tlsConfig, v.option.ClientFingerprint)
 
-	v.realityConfig, err = v.option.RealityOpts.Parse()
-	if err != nil {
-		return nil, err
 	}
-
 	return v, nil
 }
 

adapter/outbound/wireguard.go

@@ -34,7 +34,7 @@ type WireGuard struct {
 	bind      *wireguard.ClientBind
 	device    *device.Device
 	tunDevice wireguard.Device
-	dialer    *wgSingDialer
+	dialer    *wgDialer
 	startOnce sync.Once
 	startErr  error
 }
@@ -56,28 +56,16 @@ type WireGuardOption struct {
 	PersistentKeepalive int     `proxy:"persistent-keepalive,omitempty"`
 }
 
-type wgSingDialer struct {
-	dialer dialer.Dialer
+type wgDialer struct {
+	options []dialer.Option
 }
 
-var _ N.Dialer = &wgSingDialer{}
-
-func (d *wgSingDialer) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
-	return d.dialer.DialContext(ctx, network, destination.String())
+func (d *wgDialer) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
+	return dialer.DialContext(ctx, network, destination.String(), d.options...)
 }
 
-func (d *wgSingDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
-	return d.dialer.ListenPacket(ctx, "udp", "", destination.AddrPort())
-}
-
-type wgNetDialer struct {
-	tunDevice wireguard.Device
-}
-
-var _ dialer.NetDialer = &wgNetDialer{}
-
-func (d wgNetDialer) DialContext(ctx context.Context, network, address string) (net.Conn, error) {
-	return d.tunDevice.DialContext(ctx, network, M.ParseSocksaddr(address).Unwrap())
+func (d *wgDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
+	return dialer.ListenPacket(ctx, dialer.ParseNetwork("udp", destination.Addr), "", d.options...)
 }
 
 func NewWireGuard(option WireGuardOption) (*WireGuard, error) {
@@ -91,7 +79,7 @@ func NewWireGuard(option WireGuardOption) (*WireGuard, error) {
 			rmark:  option.RoutingMark,
 			prefer: C.NewDNSPrefer(option.IPVersion),
 		},
-		dialer: &wgSingDialer{dialer: dialer.NewDialer()},
+		dialer: &wgDialer{},
 	}
 	runtime.SetFinalizer(outbound, closeWireGuard)
 
@@ -211,8 +199,7 @@ func closeWireGuard(w *WireGuard) {
 }
 
 func (w *WireGuard) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.Conn, err error) {
-	options := w.Base.DialOptions(opts...)
-	w.dialer.dialer = dialer.NewDialer(options...)
+	w.dialer.options = opts
 	var conn net.Conn
 	w.startOnce.Do(func() {
 		w.startErr = w.tunDevice.Start()
@@ -221,12 +208,15 @@ func (w *WireGuard) DialContext(ctx context.Context, metadata *C.Metadata, opts
 		return nil, w.startErr
 	}
 	if !metadata.Resolved() {
-		options = append(options, dialer.WithResolver(resolver.DefaultResolver))
-		options = append(options, dialer.WithNetDialer(wgNetDialer{tunDevice: w.tunDevice}))
-		conn, err = dialer.NewDialer(options...).DialContext(ctx, "tcp", metadata.RemoteAddress())
+		var addrs []netip.Addr
+		addrs, err = resolver.LookupIP(ctx, metadata.Host)
+		if err != nil {
+			return nil, err
+		}
+		conn, err = N.DialSerial(ctx, w.tunDevice, "tcp", M.ParseSocksaddr(metadata.RemoteAddress()), addrs)
 	} else {
 		port, _ := strconv.Atoi(metadata.DstPort)
-		conn, err = w.tunDevice.DialContext(ctx, "tcp", M.SocksaddrFrom(metadata.DstIP, uint16(port)).Unwrap())
+		conn, err = w.tunDevice.DialContext(ctx, "tcp", M.SocksaddrFrom(metadata.DstIP, uint16(port)))
 	}
 	if err != nil {
 		return nil, err
@@ -238,8 +228,7 @@ func (w *WireGuard) DialContext(ctx context.Context, metadata *C.Metadata, opts
 }
 
 func (w *WireGuard) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.PacketConn, err error) {
-	options := w.Base.DialOptions(opts...)
-	w.dialer.dialer = dialer.NewDialer(options...)
+	w.dialer.options = opts
 	var pc net.PacketConn
 	w.startOnce.Do(func() {
 		w.startErr = w.tunDevice.Start()
@@ -258,7 +247,7 @@ func (w *WireGuard) ListenPacketContext(ctx context.Context, metadata *C.Metadat
 		metadata.DstIP = ip
 	}
 	port, _ := strconv.Atoi(metadata.DstPort)
-	pc, err = w.tunDevice.ListenPacket(ctx, M.SocksaddrFrom(metadata.DstIP, uint16(port)).Unwrap())
+	pc, err = w.tunDevice.ListenPacket(ctx, M.SocksaddrFrom(metadata.DstIP, uint16(port)))
 	if err != nil {
 		return nil, err
 	}

adapter/outboundgroup/fallback.go

@@ -8,7 +8,6 @@ import (
 
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/common/callback"
-	N "github.com/Dreamacro/clash/common/net"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
@@ -36,17 +35,15 @@ func (f *Fallback) DialContext(ctx context.Context, metadata *C.Metadata, opts .
 		f.onDialFailed(proxy.Type(), err)
 	}
 
-	if N.NeedHandshake(c) {
-		c = &callback.FirstWriteCallBackConn{
-			Conn: c,
-			Callback: func(err error) {
-				if err == nil {
-					f.onDialSuccess()
-				} else {
-					f.onDialFailed(proxy.Type(), err)
-				}
-			},
-		}
+	c = &callback.FirstWriteCallBackConn{
+		Conn: c,
+		Callback: func(err error) {
+			if err == nil {
+				f.onDialSuccess()
+			} else {
+				f.onDialFailed(proxy.Type(), err)
+			}
+		},
 	}
 
 	return c, err

adapter/outboundgroup/loadbalance.go

@@ -6,14 +6,12 @@ import (
 	"errors"
 	"fmt"
 	"net"
-	"sync"
 	"time"
 
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/common/cache"
 	"github.com/Dreamacro/clash/common/callback"
 	"github.com/Dreamacro/clash/common/murmur3"
-	N "github.com/Dreamacro/clash/common/net"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
@@ -21,7 +19,7 @@ import (
 	"golang.org/x/net/publicsuffix"
 )
 
-type strategyFn = func(proxies []C.Proxy, metadata *C.Metadata, touch bool) C.Proxy
+type strategyFn = func(proxies []C.Proxy, metadata *C.Metadata) C.Proxy
 
 type LoadBalance struct {
 	*GroupBase
@@ -94,19 +92,16 @@ func (lb *LoadBalance) DialContext(ctx context.Context, metadata *C.Metadata, op
 		lb.onDialFailed(proxy.Type(), err)
 	}
 
-	if N.NeedHandshake(c) {
-		c = &callback.FirstWriteCallBackConn{
-			Conn: c,
-			Callback: func(err error) {
-				if err == nil {
-					lb.onDialSuccess()
-				} else {
-					lb.onDialFailed(proxy.Type(), err)
-				}
-			},
-		}
+	c = &callback.FirstWriteCallBackConn{
+		Conn: c,
+		Callback: func(err error) {
+			if err == nil {
+				lb.onDialSuccess()
+			} else {
+				lb.onDialFailed(proxy.Type(), err)
+			}
+		},
 	}
-
 	return
 }
 
@@ -128,26 +123,22 @@ func (lb *LoadBalance) SupportUDP() bool {
 }
 
 func strategyRoundRobin() strategyFn {
+	flag := true
 	idx := 0
-	idxMutex := sync.Mutex{}
-	return func(proxies []C.Proxy, metadata *C.Metadata, touch bool) C.Proxy {
-		idxMutex.Lock()
-		defer idxMutex.Unlock()
-
-		i := 0
+	return func(proxies []C.Proxy, metadata *C.Metadata) C.Proxy {
 		length := len(proxies)
-
-		if touch {
-			defer func() {
-				idx = (idx + i) % length
-			}()
-		}
-
-		for ; i < length; i++ {
-			id := (idx + i) % length
-			proxy := proxies[id]
+		for i := 0; i < length; i++ {
+			flag = !flag
+			if flag {
+				idx = (idx - 1) % length
+			} else {
+				idx = (idx + 2) % length
+			}
+			if idx < 0 {
+				idx = idx + length
+			}
+			proxy := proxies[idx]
 			if proxy.Alive() {
-				i++
 				return proxy
 			}
 		}
@@ -158,7 +149,7 @@ func strategyRoundRobin() strategyFn {
 
 func strategyConsistentHashing() strategyFn {
 	maxRetry := 5
-	return func(proxies []C.Proxy, metadata *C.Metadata, touch bool) C.Proxy {
+	return func(proxies []C.Proxy, metadata *C.Metadata) C.Proxy {
 		key := uint64(murmur3.Sum32([]byte(getKey(metadata))))
 		buckets := int32(len(proxies))
 		for i := 0; i < maxRetry; i, key = i+1, key+1 {
@@ -186,7 +177,7 @@ func strategyStickySessions() strategyFn {
 	lruCache := cache.New[uint64, int](
 		cache.WithAge[uint64, int](int64(ttl.Seconds())),
 		cache.WithSize[uint64, int](1000))
-	return func(proxies []C.Proxy, metadata *C.Metadata, touch bool) C.Proxy {
+	return func(proxies []C.Proxy, metadata *C.Metadata) C.Proxy {
 		key := uint64(murmur3.Sum32([]byte(getKeyWithSrcAndDst(metadata))))
 		length := len(proxies)
 		idx, has := lruCache.Get(key)
@@ -218,7 +209,7 @@ func strategyStickySessions() strategyFn {
 // Unwrap implements C.ProxyAdapter
 func (lb *LoadBalance) Unwrap(metadata *C.Metadata, touch bool) C.Proxy {
 	proxies := lb.GetProxies(touch)
-	return lb.strategyFn(proxies, metadata, touch)
+	return lb.strategyFn(proxies, metadata)
 }
 
 // MarshalJSON implements C.ProxyAdapter

adapter/outboundgroup/relay.go

@@ -176,7 +176,7 @@ func (r *Relay) proxies(metadata *C.Metadata, touch bool) ([]C.Proxy, []C.Proxy)
 }
 
 func (r *Relay) Addr() string {
-	proxies, _ := r.proxies(nil, false)
+	proxies, _ := r.proxies(nil, true)
 	return proxies[len(proxies)-1].Addr()
 }
 

adapter/outboundgroup/urltest.go

@@ -7,7 +7,6 @@ import (
 
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/common/callback"
-	N "github.com/Dreamacro/clash/common/net"
 	"github.com/Dreamacro/clash/common/singledo"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
@@ -44,19 +43,16 @@ func (u *URLTest) DialContext(ctx context.Context, metadata *C.Metadata, opts ..
 		u.onDialFailed(proxy.Type(), err)
 	}
 
-	if N.NeedHandshake(c) {
-		c = &callback.FirstWriteCallBackConn{
-			Conn: c,
-			Callback: func(err error) {
-				if err == nil {
-					u.onDialSuccess()
-				} else {
-					u.onDialFailed(proxy.Type(), err)
-				}
-			},
-		}
+	c = &callback.FirstWriteCallBackConn{
+		Conn: c,
+		Callback: func(err error) {
+			if err == nil {
+				u.onDialSuccess()
+			} else {
+				u.onDialFailed(proxy.Type(), err)
+			}
+		},
 	}
-
 	return c, err
 }
 

adapter/parser.go

@@ -23,7 +23,7 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 	)
 	switch proxyType {
 	case "ss":
-		ssOption := &outbound.ShadowSocksOption{ClientFingerprint: tlsC.GetGlobalFingerprint()}
+		ssOption := &outbound.ShadowSocksOption{}
 		err = decoder.Decode(mapping, ssOption)
 		if err != nil {
 			break
@@ -56,7 +56,10 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 				Method: "GET",
 				Path:   []string{"/"},
 			},
-			ClientFingerprint: tlsC.GetGlobalFingerprint(),
+		}
+
+		if GlobalUtlsClient := tlsC.GetGlobalFingerprint(); len(GlobalUtlsClient) != 0 {
+			vmessOption.ClientFingerprint = GlobalUtlsClient
 		}
 
 		err = decoder.Decode(mapping, vmessOption)
@@ -65,7 +68,12 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 		}
 		proxy, err = outbound.NewVmess(*vmessOption)
 	case "vless":
-		vlessOption := &outbound.VlessOption{ClientFingerprint: tlsC.GetGlobalFingerprint()}
+		vlessOption := &outbound.VlessOption{}
+
+		if GlobalUtlsClient := tlsC.GetGlobalFingerprint(); len(GlobalUtlsClient) != 0 {
+			vlessOption.ClientFingerprint = GlobalUtlsClient
+		}
+
 		err = decoder.Decode(mapping, vlessOption)
 		if err != nil {
 			break
@@ -79,7 +87,12 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 		}
 		proxy, err = outbound.NewSnell(*snellOption)
 	case "trojan":
-		trojanOption := &outbound.TrojanOption{ClientFingerprint: tlsC.GetGlobalFingerprint()}
+		trojanOption := &outbound.TrojanOption{}
+
+		if GlobalUtlsClient := tlsC.GetGlobalFingerprint(); len(GlobalUtlsClient) != 0 {
+			trojanOption.ClientFingerprint = GlobalUtlsClient
+		}
+
 		err = decoder.Decode(mapping, trojanOption)
 		if err != nil {
 			break

adapter/provider/healthcheck.go

@@ -6,10 +6,10 @@ import (
 
 	"github.com/Dreamacro/clash/common/batch"
 	"github.com/Dreamacro/clash/common/singledo"
-	"github.com/Dreamacro/clash/common/utils"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/log"
 
+	"github.com/gofrs/uuid"
 	"go.uber.org/atomic"
 )
 
@@ -34,15 +34,16 @@ type HealthCheck struct {
 
 func (hc *HealthCheck) process() {
 	ticker := time.NewTicker(time.Duration(hc.interval) * time.Second)
+
+	go func() {
+		time.Sleep(30 * time.Second)
+		hc.lazyCheck()
+	}()
+
 	for {
 		select {
 		case <-ticker.C:
-			now := time.Now().Unix()
-			if !hc.lazy || now-hc.lastTouch.Load() < int64(hc.interval) {
-				hc.check()
-			} else {
-				log.Debugln("Skip once health check because we are lazy")
-			}
+			hc.lazyCheck()
 		case <-hc.done:
 			ticker.Stop()
 			return
@@ -50,6 +51,17 @@ func (hc *HealthCheck) process() {
 	}
 }
 
+func (hc *HealthCheck) lazyCheck() bool {
+	now := time.Now().Unix()
+	if !hc.lazy || now-hc.lastTouch.Load() < int64(hc.interval) {
+		hc.check()
+		return true
+	} else {
+		log.Debugln("Skip once health check because we are lazy")
+		return false
+	}
+}
+
 func (hc *HealthCheck) setProxy(proxies []C.Proxy) {
 	hc.proxies = proxies
 }
@@ -64,7 +76,10 @@ func (hc *HealthCheck) touch() {
 
 func (hc *HealthCheck) check() {
 	_, _, _ = hc.singleDo.Do(func() (struct{}, error) {
-		id := utils.NewUUIDV4().String()
+		id := ""
+		if uid, err := uuid.NewV4(); err == nil {
+			id = uid.String()
+		}
 		log.Debugln("Start New Health Checking {%s}", id)
 		b, _ := batch.New[bool](context.Background(), batch.WithConcurrencyNum[bool](10))
 		for _, proxy := range hc.proxies {

adapter/provider/provider.go

@@ -80,7 +80,6 @@ func (pp *proxySetProvider) Initial() error {
 		return err
 	}
 	pp.OnUpdate(elm)
-	pp.getSubscriptionInfo()
 	return nil
 }
 
@@ -100,7 +99,7 @@ func (pp *proxySetProvider) setProxies(proxies []C.Proxy) {
 	pp.proxies = proxies
 	pp.healthCheck.setProxy(proxies)
 	if pp.healthCheck.auto() {
-		go pp.healthCheck.check()
+		defer func() { go pp.healthCheck.lazyCheck() }()
 	}
 }
 
@@ -173,6 +172,8 @@ func NewProxySetProvider(name string, interval time.Duration, filter string, exc
 
 	fetcher := resource.NewFetcher[[]C.Proxy](name, interval, vehicle, proxiesParseAndFilter(filter, excludeFilter, excludeTypeArray, filterRegs, excludeFilterReg), proxiesOnUpdate(pd))
 	pd.Fetcher = fetcher
+
+	pd.getSubscriptionInfo()
 	wrapper := &ProxySetProvider{pd}
 	runtime.SetFinalizer(wrapper, stopProxyProvider)
 	return wrapper, nil

common/convert/converter.go

@@ -83,7 +83,7 @@ func ConvertsV2Ray(buf []byte) ([]map[string]any, error) {
 			trojan["port"] = urlTrojan.Port()
 			trojan["password"] = urlTrojan.User.Username()
 			trojan["udp"] = true
-			trojan["skip-cert-verify"], _ = strconv.ParseBool(query.Get("allowInsecure"))
+			trojan["skip-cert-verify"] = false
 
 			sni := query.Get("sni")
 			if sni != "" {

common/convert/util.go

@@ -2,14 +2,12 @@ package convert
 
 import (
 	"encoding/base64"
+	"github.com/metacubex/sing-shadowsocks/shadowimpl"
+	"math/rand"
 	"net/http"
 	"strings"
-	"time"
 
-	"github.com/Dreamacro/clash/common/utils"
-
-	"github.com/metacubex/sing-shadowsocks/shadowimpl"
-	"github.com/zhangyunhao116/fastrand"
+	"github.com/gofrs/uuid"
 )
 
 var hostsSuffix = []string{
@@ -294,7 +292,8 @@ var (
 )
 
 func RandHost() string {
-	base := strings.ToLower(base64.RawURLEncoding.EncodeToString(utils.NewUUIDV4().Bytes()))
+	id, _ := uuid.NewV4()
+	base := strings.ToLower(base64.RawURLEncoding.EncodeToString(id.Bytes()))
 	base = strings.ReplaceAll(base, "-", "")
 	base = strings.ReplaceAll(base, "_", "")
 	buf := []byte(base)
@@ -302,11 +301,11 @@ func RandHost() string {
 	prefix += string(buf[6:8]) + "-"
 	prefix += string(buf[len(buf)-8:])
 
-	return prefix + hostsSuffix[fastrand.Intn(hostsLen)]
+	return prefix + hostsSuffix[rand.Intn(hostsLen)]
 }
 
 func RandUserAgent() string {
-	return userAgents[fastrand.Intn(uaLen)]
+	return userAgents[rand.Intn(uaLen)]
 }
 
 func SetUserAgent(header http.Header) {
@@ -318,6 +317,6 @@ func SetUserAgent(header http.Header) {
 }
 
 func VerifyMethod(cipher, password string) (err error) {
-	_, err = shadowimpl.FetchMethod(cipher, password, time.Now)
+	_, err = shadowimpl.FetchMethod(cipher, password)
 	return
 }

common/convert/v.go

@@ -27,7 +27,7 @@ func handleVShareLink(names map[string]int, url *url.URL, scheme string, proxy m
 	proxy["skip-cert-verify"] = false
 	proxy["tls"] = false
 	tls := strings.ToLower(query.Get("security"))
-	if strings.HasSuffix(tls, "tls") || tls == "reality" {
+	if strings.HasSuffix(tls, "tls") {
 		proxy["tls"] = true
 		if fingerprint := query.Get("fp"); fingerprint == "" {
 			proxy["client-fingerprint"] = "chrome"
@@ -38,12 +38,6 @@ func handleVShareLink(names map[string]int, url *url.URL, scheme string, proxy m
 	if sni := query.Get("sni"); sni != "" {
 		proxy["servername"] = sni
 	}
-	if realityPublicKey := query.Get("pbk"); realityPublicKey != "" {
-		proxy["reality-opts"] = map[string]any{
-			"public-key": realityPublicKey,
-			"short-id":   query.Get("sid"),
-		}
-	}
 
 	switch query.Get("packetEncoding") {
 	case "none":

common/net/addr.go

@@ -1,36 +0,0 @@
-package net
-
-import (
-	"net"
-)
-
-type CustomAddr interface {
-	net.Addr
-	RawAddr() net.Addr
-}
-
-type customAddr struct {
-	networkStr string
-	addrStr    string
-	rawAddr    net.Addr
-}
-
-func (a customAddr) Network() string {
-	return a.networkStr
-}
-
-func (a customAddr) String() string {
-	return a.addrStr
-}
-
-func (a customAddr) RawAddr() net.Addr {
-	return a.rawAddr
-}
-
-func NewCustomAddr(networkStr string, addrStr string, rawAddr net.Addr) CustomAddr {
-	return customAddr{
-		networkStr: networkStr,
-		addrStr:    addrStr,
-		rawAddr:    rawAddr,
-	}
-}

common/net/sing.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"net"
 
-	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/bufio"
 	"github.com/sagernet/sing/common/network"
 )
@@ -17,13 +16,6 @@ type ExtendedConn = network.ExtendedConn
 type ExtendedWriter = network.ExtendedWriter
 type ExtendedReader = network.ExtendedReader
 
-func NeedHandshake(conn any) bool {
-	if earlyConn, isEarlyConn := common.Cast[network.EarlyConn](conn); isEarlyConn && earlyConn.NeedHandshake() {
-		return true
-	}
-	return false
-}
-
 // Relay copies between left and right bidirectionally.
 func Relay(leftConn, rightConn net.Conn) {
 	_ = bufio.CopyConn(context.TODO(), leftConn, rightConn)

common/pool/alloc_test.go

@@ -1,10 +1,10 @@
 package pool
 
 import (
+	"math/rand"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
-	"github.com/zhangyunhao116/fastrand"
 )
 
 func TestAllocGet(t *testing.T) {
@@ -43,6 +43,6 @@ func TestAllocPutThenGet(t *testing.T) {
 
 func BenchmarkMSB(b *testing.B) {
 	for i := 0; i < b.N; i++ {
-		msb(fastrand.Int())
+		msb(rand.Int())
 	}
 }

common/pool/buffer_low_memory.go

@@ -1,15 +0,0 @@
-//go:build with_low_memory
-
-package pool
-
-const (
-	// io.Copy default buffer size is 32 KiB
-	// but the maximum packet size of vmess/shadowsocks is about 16 KiB
-	// so define a buffer of 20 KiB to reduce the memory of each TCP relay
-	RelayBufferSize = 16 * 1024
-
-	// RelayBufferSize uses 20KiB, but due to the allocator it will actually
-	// request 32Kib. Most UDPs are smaller than the MTU, and the TUN's MTU
-	// set to 9000, so the UDP Buffer size set to 16Kib
-	UDPBufferSize = 8 * 1024
-)

common/pool/buffer_standard.go

@@ -1,15 +0,0 @@
-//go:build !with_low_memory
-
-package pool
-
-const (
-	// io.Copy default buffer size is 32 KiB
-	// but the maximum packet size of vmess/shadowsocks is about 16 KiB
-	// so define a buffer of 20 KiB to reduce the memory of each TCP relay
-	RelayBufferSize = 20 * 1024
-
-	// RelayBufferSize uses 20KiB, but due to the allocator it will actually
-	// request 32Kib. Most UDPs are smaller than the MTU, and the TUN's MTU
-	// set to 9000, so the UDP Buffer size set to 16Kib
-	UDPBufferSize = 16 * 1024
-)

common/pool/pool.go

@@ -1,5 +1,17 @@
 package pool
 
+const (
+	// io.Copy default buffer size is 32 KiB
+	// but the maximum packet size of vmess/shadowsocks is about 16 KiB
+	// so define a buffer of 20 KiB to reduce the memory of each TCP relay
+	RelayBufferSize = 20 * 1024
+
+	// RelayBufferSize uses 20KiB, but due to the allocator it will actually
+	// request 32Kib. Most UDPs are smaller than the MTU, and the TUN's MTU
+	// set to 9000, so the UDP Buffer size set to 16Kib
+	UDPBufferSize = 16 * 1024
+)
+
 func Get(size int) []byte {
 	return defaultAllocator.Get(size)
 }

common/utils/must.go

@@ -1,8 +0,0 @@
-package utils
-
-func MustOK[T any](result T, ok bool) T {
-	if ok {
-		return result
-	}
-	panic("operation failed")
-}

common/utils/slice.go

@@ -1,34 +0,0 @@
-package utils
-
-import (
-	"errors"
-	"fmt"
-	"reflect"
-)
-
-func Filter[T comparable](tSlice []T, filter func(t T) bool) []T {
-	result := make([]T, 0)
-	for _, t := range tSlice {
-		if filter(t) {
-			result = append(result, t)
-		}
-	}
-	return result
-}
-
-func ToStringSlice(value any) ([]string, error) {
-	strArr := make([]string, 0)
-	switch reflect.TypeOf(value).Kind() {
-	case reflect.Slice, reflect.Array:
-		origin := reflect.ValueOf(value)
-		for i := 0; i < origin.Len(); i++ {
-			item := fmt.Sprintf("%v", origin.Index(i))
-			strArr = append(strArr, item)
-		}
-	case reflect.String:
-		strArr = append(strArr, fmt.Sprintf("%v", value))
-	default:
-		return nil, errors.New("value format error, must be string or array")
-	}
-	return strArr, nil
-}

common/utils/strings.go

@@ -1,9 +0,0 @@
-package utils
-
-func Reverse(s string) string {
-	a := []rune(s)
-	for i, j := 0, len(a)-1; i < j; i, j = i+1, j-1 {
-		a[i], a[j] = a[j], a[i]
-	}
-	return string(a)
-}

common/utils/uuid.go

@@ -2,50 +2,15 @@ package utils
 
 import (
 	"github.com/gofrs/uuid"
-	"github.com/zhangyunhao116/fastrand"
 )
 
-type fastRandReader struct{}
-
-func (r fastRandReader) Read(p []byte) (int, error) {
-	return fastrand.Read(p)
-}
-
-var UnsafeUUIDGenerator = uuid.NewGenWithOptions(uuid.WithRandomReader(fastRandReader{}))
-
-func NewUUIDV1() uuid.UUID {
-	u, _ := UnsafeUUIDGenerator.NewV1() // fastrand.Read wouldn't cause error, so ignore err is safe
-	return u
-}
-
-func NewUUIDV3(ns uuid.UUID, name string) uuid.UUID {
-	return UnsafeUUIDGenerator.NewV3(ns, name)
-}
-
-func NewUUIDV4() uuid.UUID {
-	u, _ := UnsafeUUIDGenerator.NewV4() // fastrand.Read wouldn't cause error, so ignore err is safe
-	return u
-}
-
-func NewUUIDV5(ns uuid.UUID, name string) uuid.UUID {
-	return UnsafeUUIDGenerator.NewV5(ns, name)
-}
-
-func NewUUIDV6() uuid.UUID {
-	u, _ := UnsafeUUIDGenerator.NewV6() // fastrand.Read wouldn't cause error, so ignore err is safe
-	return u
-}
-
-func NewUUIDV7() uuid.UUID {
-	u, _ := UnsafeUUIDGenerator.NewV7() // fastrand.Read wouldn't cause error, so ignore err is safe
-	return u
-}
+var uuidNamespace, _ = uuid.FromString("00000000-0000-0000-0000-000000000000")
 
 // UUIDMap https://github.com/XTLS/Xray-core/issues/158#issue-783294090
 func UUIDMap(str string) (uuid.UUID, error) {
 	u, err := uuid.FromString(str)
 	if err != nil {
-		return NewUUIDV5(uuid.Nil, str), nil
+		return uuid.NewV5(uuidNamespace, str), nil
 	}
 	return u, nil
 }

component/dialer/dialer.go

@@ -2,10 +2,10 @@ package dialer
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"net"
 	"net/netip"
-	"os"
 	"strings"
 	"sync"
 	"time"
@@ -13,13 +13,13 @@ import (
 	"github.com/Dreamacro/clash/component/resolver"
 )
 
-type dialFunc func(ctx context.Context, network string, ips []netip.Addr, port string, opt *option) (net.Conn, error)
-
 var (
 	dialMux                      sync.Mutex
 	actualSingleStackDialContext = serialSingleStackDialContext
 	actualDualStackDialContext   = serialDualStackDialContext
 	tcpConcurrent                = false
+	ErrorInvalidedNetworkStack   = errors.New("invalided network stack")
+	ErrorConnTimeout             = errors.New("connect timeout")
 	fallbackTimeout              = 300 * time.Millisecond
 )
 
@@ -53,16 +53,11 @@ func DialContext(ctx context.Context, network, address string, options ...Option
 		network = fmt.Sprintf("%s%d", network, opt.network)
 	}
 
-	ips, port, err := parseAddr(ctx, network, address, opt.resolver)
-	if err != nil {
-		return nil, err
-	}
-
 	switch network {
 	case "tcp4", "tcp6", "udp4", "udp6":
-		return actualSingleStackDialContext(ctx, network, ips, port, opt)
+		return actualSingleStackDialContext(ctx, network, address, opt)
 	case "tcp", "udp":
-		return actualDualStackDialContext(ctx, network, ips, port, opt)
+		return actualDualStackDialContext(ctx, network, address, opt)
 	default:
 		return nil, ErrorInvalidedNetworkStack
 	}
@@ -89,9 +84,8 @@ func ListenPacket(ctx context.Context, network, address string, options ...Optio
 	return lc.ListenPacket(ctx, network, address)
 }
 
-func SetTcpConcurrent(concurrent bool) {
+func SetDial(concurrent bool) {
 	dialMux.Lock()
-	defer dialMux.Unlock()
 	tcpConcurrent = concurrent
 	if concurrent {
 		actualSingleStackDialContext = concurrentSingleStackDialContext
@@ -100,29 +94,16 @@ func SetTcpConcurrent(concurrent bool) {
 		actualSingleStackDialContext = serialSingleStackDialContext
 		actualDualStackDialContext = serialDualStackDialContext
 	}
+
+	dialMux.Unlock()
 }
 
-func GetTcpConcurrent() bool {
-	dialMux.Lock()
-	defer dialMux.Unlock()
+func GetDial() bool {
 	return tcpConcurrent
 }
 
 func dialContext(ctx context.Context, network string, destination netip.Addr, port string, opt *option) (net.Conn, error) {
-	address := net.JoinHostPort(destination.String(), port)
-
-	netDialer := opt.netDialer
-	switch netDialer.(type) {
-	case nil:
-		netDialer = &net.Dialer{}
-	case *net.Dialer:
-		_netDialer := *netDialer.(*net.Dialer)
-		netDialer = &_netDialer // make a copy
-	default:
-		return netDialer.DialContext(ctx, network, address)
-	}
-
-	dialer := netDialer.(*net.Dialer)
+	dialer := &net.Dialer{}
 	if opt.interfaceName != "" {
 		if err := bindIfaceToDialer(opt.interfaceName, dialer, network, destination); err != nil {
 			return nil, err
@@ -131,137 +112,190 @@ func dialContext(ctx context.Context, network string, destination netip.Addr, po
 	if opt.routingMark != 0 {
 		bindMarkToDialer(opt.routingMark, dialer, network, destination)
 	}
+
+	address := net.JoinHostPort(destination.String(), port)
 	if opt.tfo {
 		return dialTFO(ctx, *dialer, network, address)
 	}
 	return dialer.DialContext(ctx, network, address)
 }
 
-func serialSingleStackDialContext(ctx context.Context, network string, ips []netip.Addr, port string, opt *option) (net.Conn, error) {
+func serialSingleStackDialContext(ctx context.Context, network string, address string, opt *option) (net.Conn, error) {
+	ips, port, err := parseAddr(ctx, network, address, opt.resolver)
+	if err != nil {
+		return nil, err
+	}
 	return serialDialContext(ctx, network, ips, port, opt)
 }
 
-func serialDualStackDialContext(ctx context.Context, network string, ips []netip.Addr, port string, opt *option) (net.Conn, error) {
-	return dualStackDialContext(ctx, serialDialContext, network, ips, port, opt)
+func serialDualStackDialContext(ctx context.Context, network, address string, opt *option) (net.Conn, error) {
+	ips, port, err := parseAddr(ctx, network, address, opt.resolver)
+	if err != nil {
+		return nil, err
+	}
+	return dualStackDialContext(
+		ctx,
+		func(ctx context.Context) (net.Conn, error) { return serialDialContext(ctx, network, ips, port, opt) },
+		func(ctx context.Context) (net.Conn, error) { return serialDialContext(ctx, network, ips, port, opt) },
+		opt.prefer == 4)
 }
 
-func concurrentSingleStackDialContext(ctx context.Context, network string, ips []netip.Addr, port string, opt *option) (net.Conn, error) {
-	return parallelDialContext(ctx, network, ips, port, opt)
+func concurrentSingleStackDialContext(ctx context.Context, network string, address string, opt *option) (net.Conn, error) {
+	ips, port, err := parseAddr(ctx, network, address, opt.resolver)
+	if err != nil {
+		return nil, err
+	}
+
+	if conn, err := parallelDialContext(ctx, network, ips, port, opt); err != nil {
+		return nil, err
+	} else {
+		return conn, nil
+	}
 }
 
-func concurrentDualStackDialContext(ctx context.Context, network string, ips []netip.Addr, port string, opt *option) (net.Conn, error) {
+func concurrentDualStackDialContext(ctx context.Context, network, address string, opt *option) (net.Conn, error) {
+	ips, port, err := parseAddr(ctx, network, address, opt.resolver)
+	if err != nil {
+		return nil, err
+	}
 	if opt.prefer != 4 && opt.prefer != 6 {
 		return parallelDialContext(ctx, network, ips, port, opt)
 	}
-	return dualStackDialContext(ctx, parallelDialContext, network, ips, port, opt)
+	ipv4s, ipv6s := sortationAddr(ips)
+	return dualStackDialContext(
+		ctx,
+		func(ctx context.Context) (net.Conn, error) {
+			return parallelDialContext(ctx, network, ipv4s, port, opt)
+		},
+		func(ctx context.Context) (net.Conn, error) {
+			return parallelDialContext(ctx, network, ipv6s, port, opt)
+		},
+		opt.prefer == 4)
 }
 
-func dualStackDialContext(ctx context.Context, dialFn dialFunc, network string, ips []netip.Addr, port string, opt *option) (net.Conn, error) {
-	ipv4s, ipv6s := sortationAddr(ips)
-	preferIPVersion := opt.prefer
+type Dialer struct {
+	Opt option
+}
 
+func (d Dialer) DialContext(ctx context.Context, network, address string) (net.Conn, error) {
+	return DialContext(ctx, network, address, WithOption(d.Opt))
+}
+
+func (d Dialer) ListenPacket(ctx context.Context, network, address string, rAddrPort netip.AddrPort) (net.PacketConn, error) {
+	return ListenPacket(ctx, ParseNetwork(network, rAddrPort.Addr()), address, WithOption(d.Opt))
+}
+
+func NewDialer(options ...Option) Dialer {
+	opt := applyOptions(options...)
+	return Dialer{Opt: *opt}
+}
+
+func dualStackDialContext(
+	ctx context.Context,
+	ipv4DialFn func(ctx context.Context) (net.Conn, error),
+	ipv6DialFn func(ctx context.Context) (net.Conn, error),
+	preferIPv4 bool) (net.Conn, error) {
 	fallbackTicker := time.NewTicker(fallbackTimeout)
 	defer fallbackTicker.Stop()
 	results := make(chan dialResult)
 	returned := make(chan struct{})
 	defer close(returned)
-	racer := func(ips []netip.Addr, isPrimary bool) {
+	racer := func(dial func(ctx context.Context) (net.Conn, error), isPrimary bool) {
 		result := dialResult{isPrimary: isPrimary}
 		defer func() {
 			select {
 			case results <- result:
 			case <-returned:
-				if result.Conn != nil && result.error == nil {
+				if result.Conn != nil {
 					_ = result.Conn.Close()
 				}
 			}
 		}()
-		result.Conn, result.error = dialFn(ctx, network, ips, port, opt)
+		result.Conn, result.error = dial(ctx)
 	}
-	go racer(ipv4s, preferIPVersion != 6)
-	go racer(ipv6s, preferIPVersion != 4)
+	go racer(ipv4DialFn, preferIPv4)
+	go racer(ipv6DialFn, !preferIPv4)
 	var fallback dialResult
-	var errs []error
-	for i := 0; i < 2; {
+	var err error
+	for {
 		select {
+		case <-ctx.Done():
+			if fallback.error == nil && fallback.Conn != nil {
+				return fallback.Conn, nil
+			}
+			return nil, fmt.Errorf("dual stack connect failed: %w", err)
 		case <-fallbackTicker.C:
 			if fallback.error == nil && fallback.Conn != nil {
 				return fallback.Conn, nil
 			}
 		case res := <-results:
-			i++
 			if res.error == nil {
 				if res.isPrimary {
 					return res.Conn, nil
 				}
 				fallback = res
-			} else {
-				if res.isPrimary {
-					errs = append([]error{fmt.Errorf("connect failed: %w", res.error)}, errs...)
-				} else {
-					errs = append(errs, fmt.Errorf("connect failed: %w", res.error))
-				}
 			}
+			err = res.error
 		}
 	}
-	if fallback.error == nil && fallback.Conn != nil {
-		return fallback.Conn, nil
-	}
-	return nil, errorsJoin(errs...)
 }
 
 func parallelDialContext(ctx context.Context, network string, ips []netip.Addr, port string, opt *option) (net.Conn, error) {
-	if len(ips) == 0 {
-		return nil, ErrorNoIpAddress
-	}
 	results := make(chan dialResult)
 	returned := make(chan struct{})
 	defer close(returned)
-	racer := func(ctx context.Context, ip netip.Addr) {
-		result := dialResult{isPrimary: true, ip: ip}
+	tcpRacer := func(ctx context.Context, ip netip.Addr, port string) {
+		result := dialResult{isPrimary: true}
 		defer func() {
 			select {
 			case results <- result:
 			case <-returned:
-				if result.Conn != nil && result.error == nil {
+				if result.Conn != nil {
 					_ = result.Conn.Close()
 				}
 			}
 		}()
+		result.ip = ip
 		result.Conn, result.error = dialContext(ctx, network, ip, port, opt)
 	}
 
 	for _, ip := range ips {
-		go racer(ctx, ip)
+		go tcpRacer(ctx, ip, port)
 	}
-	var errs []error
-	for i := 0; i < len(ips); i++ {
-		res := <-results
-		if res.error == nil {
-			return res.Conn, nil
+	var err error
+	for {
+		select {
+		case <-ctx.Done():
+			if err != nil {
+				return nil, err
+			}
+			if ctx.Err() == context.DeadlineExceeded {
+				return nil, ErrorConnTimeout
+			}
+			return nil, ctx.Err()
+		case res := <-results:
+			if res.error == nil {
+				return res.Conn, nil
+			}
+			err = res.error
 		}
-		errs = append(errs, res.error)
 	}
-
-	if len(errs) > 0 {
-		return nil, errorsJoin(errs...)
-	}
-	return nil, os.ErrDeadlineExceeded
 }
 
 func serialDialContext(ctx context.Context, network string, ips []netip.Addr, port string, opt *option) (net.Conn, error) {
-	if len(ips) == 0 {
-		return nil, ErrorNoIpAddress
-	}
-	var errs []error
+	var (
+		conn net.Conn
+		err  error
+		errs []error
+	)
 	for _, ip := range ips {
-		if conn, err := dialContext(ctx, network, ip, port, opt); err == nil {
+		if conn, err = dialContext(ctx, network, ip, port, opt); err == nil {
 			return conn, nil
 		} else {
 			errs = append(errs, err)
 		}
 	}
-	return nil, errorsJoin(errs...)
+	return nil, errors.Join(errs...)
 }
 
 type dialResult struct {
@@ -293,7 +327,7 @@ func parseAddr(ctx context.Context, network, address string, preferResolver reso
 		}
 	default:
 		if preferResolver == nil {
-			ips, err = resolver.LookupIPProxyServerHost(ctx, host)
+			ips, err = resolver.LookupIP(ctx, host)
 		} else {
 			ips, err = resolver.LookupIPWithResolver(ctx, host, preferResolver)
 		}
@@ -301,17 +335,12 @@ func parseAddr(ctx context.Context, network, address string, preferResolver reso
 	if err != nil {
 		return nil, "-1", fmt.Errorf("dns resolve failed: %w", err)
 	}
-	for i, ip := range ips {
-		if ip.Is4In6() {
-			ips[i] = ip.Unmap()
-		}
-	}
 	return ips, port, nil
 }
 
 func sortationAddr(ips []netip.Addr) (ipv4s, ipv6s []netip.Addr) {
 	for _, v := range ips {
-		if v.Is4() { // 4in6 parse was in parseAddr
+		if v.Is4() || v.Is4In6() {
 			ipv4s = append(ipv4s, v)
 		} else {
 			ipv6s = append(ipv6s, v)
@@ -319,25 +348,3 @@ func sortationAddr(ips []netip.Addr) (ipv4s, ipv6s []netip.Addr) {
 	}
 	return
 }
-
-type Dialer struct {
-	opt option
-}
-
-func (d Dialer) DialContext(ctx context.Context, network, address string) (net.Conn, error) {
-	return DialContext(ctx, network, address, WithOption(d.opt))
-}
-
-func (d Dialer) ListenPacket(ctx context.Context, network, address string, rAddrPort netip.AddrPort) (net.PacketConn, error) {
-	opt := WithOption(d.opt)
-	if rAddrPort.Addr().Unmap().IsLoopback() {
-		// avoid "The requested address is not valid in its context."
-		opt = WithInterface("")
-	}
-	return ListenPacket(ctx, ParseNetwork(network, rAddrPort.Addr()), address, opt)
-}
-
-func NewDialer(options ...Option) Dialer {
-	opt := applyOptions(options...)
-	return Dialer{opt: *opt}
-}

component/dialer/error.go

@@ -1,18 +0,0 @@
-package dialer
-
-import (
-	"errors"
-
-	E "github.com/sagernet/sing/common/exceptions"
-)
-
-var (
-	ErrorNoIpAddress           = errors.New("no ip address")
-	ErrorInvalidedNetworkStack = errors.New("invalided network stack")
-)
-
-func errorsJoin(errs ...error) error {
-	// compatibility with golang<1.20
-	// maybe use errors.Join(errs...) is better after we drop the old version's support
-	return E.Errors(errs...)
-}

component/dialer/options.go

@@ -1,9 +1,6 @@
 package dialer
 
 import (
-	"context"
-	"net"
-
 	"github.com/Dreamacro/clash/component/resolver"
 
 	"go.uber.org/atomic"
@@ -15,10 +12,6 @@ var (
 	DefaultRoutingMark = atomic.NewInt32(0)
 )
 
-type NetDialer interface {
-	DialContext(ctx context.Context, network, address string) (net.Conn, error)
-}
-
 type option struct {
 	interfaceName string
 	addrReuse     bool
@@ -27,7 +20,6 @@ type option struct {
 	prefer        int
 	tfo           bool
 	resolver      resolver.Resolver
-	netDialer     NetDialer
 }
 
 type Option func(opt *option)
@@ -84,12 +76,6 @@ func WithTFO(tfo bool) Option {
 	}
 }
 
-func WithNetDialer(netDialer NetDialer) Option {
-	return func(opt *option) {
-		opt.netDialer = netDialer
-	}
-}
-
 func WithOption(o option) Option {
 	return func(opt *option) {
 		*opt = o

component/dialer/tfo.go

@@ -105,10 +105,6 @@ func (c *tfoConn) Upstream() any {
 	return c.Conn
 }
 
-func (c *tfoConn) NeedHandshake() bool {
-	return c.Conn == nil
-}
-
 func dialTFO(ctx context.Context, netDialer net.Dialer, network, address string) (net.Conn, error) {
 	ctx, cancel := context.WithCancel(ctx)
 	dialer := tfo.Dialer{Dialer: netDialer, DisableTFO: false}

component/geodata/geodata.go

@@ -1,10 +1,13 @@
 package geodata
 
 import (
+	"errors"
 	"fmt"
+	C "github.com/Dreamacro/clash/constant"
+	"strings"
 
 	"github.com/Dreamacro/clash/component/geodata/router"
-	C "github.com/Dreamacro/clash/constant"
+	"github.com/Dreamacro/clash/log"
 )
 
 type loader struct {
@@ -12,7 +15,47 @@ type loader struct {
 }
 
 func (l *loader) LoadGeoSite(list string) ([]*router.Domain, error) {
-	return l.LoadSiteByPath(C.GeositeName, list)
+	return l.LoadGeoSiteWithAttr(C.GeositeName, list)
+}
+
+func (l *loader) LoadGeoSiteWithAttr(file string, siteWithAttr string) ([]*router.Domain, error) {
+	parts := strings.Split(siteWithAttr, "@")
+	if len(parts) == 0 {
+		return nil, errors.New("empty rule")
+	}
+	list := strings.TrimSpace(parts[0])
+	attrVal := parts[1:]
+
+	if len(list) == 0 {
+		return nil, fmt.Errorf("empty listname in rule: %s", siteWithAttr)
+	}
+
+	domains, err := l.LoadSiteByPath(file, list)
+	if err != nil {
+		return nil, err
+	}
+
+	attrs := parseAttrs(attrVal)
+	if attrs.IsEmpty() {
+		if strings.Contains(siteWithAttr, "@") {
+			log.Warnln("empty attribute list: %s", siteWithAttr)
+		}
+		return domains, nil
+	}
+
+	filteredDomains := make([]*router.Domain, 0, len(domains))
+	hasAttrMatched := false
+	for _, domain := range domains {
+		if attrs.Match(domain) {
+			hasAttrMatched = true
+			filteredDomains = append(filteredDomains, domain)
+		}
+	}
+	if !hasAttrMatched {
+		log.Warnln("attribute match no rule: geosite: %s", siteWithAttr)
+	}
+
+	return filteredDomains, nil
 }
 
 func (l *loader) LoadGeoIP(country string) ([]*router.CIDR, error) {

component/geodata/geodataproto.go

@@ -14,5 +14,6 @@ type LoaderImplementation interface {
 type Loader interface {
 	LoaderImplementation
 	LoadGeoSite(list string) ([]*router.Domain, error)
+	LoadGeoSiteWithAttr(file string, siteWithAttr string) ([]*router.Domain, error)
 	LoadGeoIP(country string) ([]*router.CIDR, error)
 }

component/geodata/memconservative/cache.go

@@ -118,7 +118,7 @@ func (g GeoSiteCache) Unmarshal(filename, code string) (*router.GeoSite, error)
 
 	case errFailedToReadBytes, errFailedToReadExpectedLenBytes,
 		errInvalidGeodataFile, errInvalidGeodataVarintLength:
-		log.Warnln("failed to decode geosite file: %s%s", filename, ", fallback to the original ReadFile method")
+		log.Warnln("failed to decode geoip file: %s%s", filename, ", fallback to the original ReadFile method")
 		geositeBytes, err = os.ReadFile(asset)
 		if err != nil {
 			return nil, err

component/geodata/utils.go

@@ -1,14 +1,9 @@
 package geodata
 
 import (
-	"errors"
 	"fmt"
-	"golang.org/x/sync/singleflight"
-	"strings"
-
 	"github.com/Dreamacro/clash/component/geodata/router"
 	C "github.com/Dreamacro/clash/constant"
-	"github.com/Dreamacro/clash/log"
 )
 
 var geoLoaderName = "memconservative"
@@ -39,8 +34,6 @@ func Verify(name string) error {
 	}
 }
 
-var loadGeoSiteMatcherSF = singleflight.Group{}
-
 func LoadGeoSiteMatcher(countryCode string) (*router.DomainMatcher, int, error) {
 	if len(countryCode) == 0 {
 		return nil, 0, fmt.Errorf("country code could not be empty")
@@ -51,52 +44,15 @@ func LoadGeoSiteMatcher(countryCode string) (*router.DomainMatcher, int, error)
 		not = true
 		countryCode = countryCode[1:]
 	}
-	countryCode = strings.ToLower(countryCode)
 
-	parts := strings.Split(countryCode, "@")
-	if len(parts) == 0 {
-		return nil, 0, errors.New("empty rule")
-	}
-	listName := strings.TrimSpace(parts[0])
-	attrVal := parts[1:]
-
-	if len(listName) == 0 {
-		return nil, 0, fmt.Errorf("empty listname in rule: %s", countryCode)
-	}
-
-	v, err, shared := loadGeoSiteMatcherSF.Do(listName, func() (interface{}, error) {
-		geoLoader, err := GetGeoDataLoader(geoLoaderName)
-		if err != nil {
-			return nil, err
-		}
-		return geoLoader.LoadGeoSite(listName)
-	})
+	geoLoader, err := GetGeoDataLoader(geoLoaderName)
 	if err != nil {
-		if !shared {
-			loadGeoSiteMatcherSF.Forget(listName) // don't store the error result
-		}
 		return nil, 0, err
 	}
-	domains := v.([]*router.Domain)
 
-	attrs := parseAttrs(attrVal)
-	if attrs.IsEmpty() {
-		if strings.Contains(countryCode, "@") {
-			log.Warnln("empty attribute list: %s", countryCode)
-		}
-	} else {
-		filteredDomains := make([]*router.Domain, 0, len(domains))
-		hasAttrMatched := false
-		for _, domain := range domains {
-			if attrs.Match(domain) {
-				hasAttrMatched = true
-				filteredDomains = append(filteredDomains, domain)
-			}
-		}
-		if !hasAttrMatched {
-			log.Warnln("attribute match no rule: geosite: %s", countryCode)
-		}
-		domains = filteredDomains
+	domains, err := geoLoader.LoadGeoSite(countryCode)
+	if err != nil {
+		return nil, 0, err
 	}
 
 	/**
@@ -112,34 +68,25 @@ func LoadGeoSiteMatcher(countryCode string) (*router.DomainMatcher, int, error)
 	return matcher, len(domains), nil
 }
 
-var loadGeoIPMatcherSF = singleflight.Group{}
-
 func LoadGeoIPMatcher(country string) (*router.GeoIPMatcher, int, error) {
 	if len(country) == 0 {
 		return nil, 0, fmt.Errorf("country code could not be empty")
 	}
+	geoLoader, err := GetGeoDataLoader(geoLoaderName)
+	if err != nil {
+		return nil, 0, err
+	}
 
 	not := false
 	if country[0] == '!' {
 		not = true
 		country = country[1:]
 	}
-	country = strings.ToLower(country)
 
-	v, err, shared := loadGeoIPMatcherSF.Do(country, func() (interface{}, error) {
-		geoLoader, err := GetGeoDataLoader(geoLoaderName)
-		if err != nil {
-			return nil, err
-		}
-		return geoLoader.LoadGeoIP(country)
-	})
+	records, err := geoLoader.LoadGeoIP(country)
 	if err != nil {
-		if !shared {
-			loadGeoIPMatcherSF.Forget(country) // don't store the error result
-		}
 		return nil, 0, err
 	}
-	records := v.([]*router.CIDR)
 
 	geoIP := &router.GeoIP{
 		CountryCode:  country,
@@ -151,10 +98,6 @@ func LoadGeoIPMatcher(country string) (*router.GeoIPMatcher, int, error) {
 	if err != nil {
 		return nil, 0, err
 	}
+
 	return matcher, len(records), nil
 }
-
-func ClearCache() {
-	loadGeoSiteMatcherSF = singleflight.Group{}
-	loadGeoIPMatcherSF = singleflight.Group{}
-}

component/http/http.go

@@ -2,15 +2,14 @@ package http
 
 import (
 	"context"
+	"github.com/Dreamacro/clash/component/tls"
+	"github.com/Dreamacro/clash/listener/inner"
 	"io"
 	"net"
 	"net/http"
 	URL "net/url"
 	"strings"
 	"time"
-
-	"github.com/Dreamacro/clash/component/tls"
-	"github.com/Dreamacro/clash/listener/inner"
 )
 
 const (

component/resolver/host.go

@@ -1,113 +0,0 @@
-package resolver
-
-import (
-	"errors"
-	"net/netip"
-	"strings"
-
-	"github.com/Dreamacro/clash/common/utils"
-	"github.com/Dreamacro/clash/component/trie"
-	"github.com/zhangyunhao116/fastrand"
-)
-
-type Hosts struct {
-	*trie.DomainTrie[HostValue]
-}
-
-func NewHosts(hosts *trie.DomainTrie[HostValue]) Hosts {
-	return Hosts{
-		hosts,
-	}
-}
-
-// Return the search result and whether to match the parameter `isDomain`
-func (h *Hosts) Search(domain string, isDomain bool) (*HostValue, bool) {
-	value := h.DomainTrie.Search(domain)
-	if value == nil {
-		return nil, false
-	}
-	hostValue := value.Data()
-	for {
-		if isDomain && hostValue.IsDomain {
-			return &hostValue, true
-		} else {
-			if node := h.DomainTrie.Search(hostValue.Domain); node != nil {
-				hostValue = node.Data()
-			} else {
-				break
-			}
-		}
-	}
-	if isDomain == hostValue.IsDomain {
-		return &hostValue, true
-	}
-	return &hostValue, false
-}
-
-type HostValue struct {
-	IsDomain bool
-	IPs      []netip.Addr
-	Domain   string
-}
-
-func NewHostValue(value any) (HostValue, error) {
-	isDomain := true
-	ips := make([]netip.Addr, 0)
-	domain := ""
-	if valueArr, err := utils.ToStringSlice(value); err != nil {
-		return HostValue{}, err
-	} else {
-		if len(valueArr) > 1 {
-			isDomain = false
-			for _, str := range valueArr {
-				if ip, err := netip.ParseAddr(str); err == nil {
-					ips = append(ips, ip)
-				} else {
-					return HostValue{}, err
-				}
-			}
-		} else if len(valueArr) == 1 {
-			host := valueArr[0]
-			if ip, err := netip.ParseAddr(host); err == nil {
-				ips = append(ips, ip)
-				isDomain = false
-			} else {
-				domain = host
-			}
-		}
-	}
-	if isDomain {
-		return NewHostValueByDomain(domain)
-	} else {
-		return NewHostValueByIPs(ips)
-	}
-}
-
-func NewHostValueByIPs(ips []netip.Addr) (HostValue, error) {
-	if len(ips) == 0 {
-		return HostValue{}, errors.New("ip list is empty")
-	}
-	return HostValue{
-		IsDomain: false,
-		IPs:      ips,
-	}, nil
-}
-
-func NewHostValueByDomain(domain string) (HostValue, error) {
-	domain = strings.Trim(domain, ".")
-	item := strings.Split(domain, ".")
-	if len(item) < 2 {
-		return HostValue{}, errors.New("invaild domain")
-	}
-	return HostValue{
-		IsDomain: true,
-		Domain:   domain,
-	}, nil
-}
-
-func (hv HostValue) RandIP() (netip.Addr, error) {
-	if hv.IsDomain {
-		return netip.Addr{}, errors.New("value type is error")
-	}
-	return hv.IPs[fastrand.Intn(len(hv.IPs))], nil
-}

component/resolver/resolver.go

@@ -4,16 +4,15 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"math/rand"
 	"net"
 	"net/netip"
 	"strings"
 	"time"
 
-	"github.com/Dreamacro/clash/common/utils"
 	"github.com/Dreamacro/clash/component/trie"
 
 	"github.com/miekg/dns"
-	"github.com/zhangyunhao116/fastrand"
 )
 
 var (
@@ -28,7 +27,7 @@ var (
 	DisableIPv6 = true
 
 	// DefaultHosts aim to resolve hosts
-	DefaultHosts = NewHosts(trie.New[HostValue]())
+	DefaultHosts = trie.New[netip.Addr]()
 
 	// DefaultDNSTimeout defined the default dns request timeout
 	DefaultDNSTimeout = time.Second * 5
@@ -52,11 +51,9 @@ type Resolver interface {
 
 // LookupIPv4WithResolver same as LookupIPv4, but with a resolver
 func LookupIPv4WithResolver(ctx context.Context, host string, r Resolver) ([]netip.Addr, error) {
-	if node, ok := DefaultHosts.Search(host, false); ok {
-		if addrs := utils.Filter(node.IPs, func(ip netip.Addr) bool {
-			return ip.Is4()
-		}); len(addrs) > 0 {
-			return addrs, nil
+	if node := DefaultHosts.Search(host); node != nil {
+		if ip := node.Data(); ip.Is4() {
+			return []netip.Addr{node.Data()}, nil
 		}
 	}
 
@@ -72,6 +69,10 @@ func LookupIPv4WithResolver(ctx context.Context, host string, r Resolver) ([]net
 		return r.LookupIPv4(ctx, host)
 	}
 
+	if DefaultResolver != nil {
+		return DefaultResolver.LookupIPv4(ctx, host)
+	}
+
 	ipAddrs, err := net.DefaultResolver.LookupNetIP(ctx, "ip4", host)
 	if err != nil {
 		return nil, err
@@ -95,7 +96,7 @@ func ResolveIPv4WithResolver(ctx context.Context, host string, r Resolver) (neti
 	} else if len(ips) == 0 {
 		return netip.Addr{}, fmt.Errorf("%w: %s", ErrIPNotFound, host)
 	}
-	return ips[fastrand.Intn(len(ips))], nil
+	return ips[rand.Intn(len(ips))], nil
 }
 
 // ResolveIPv4 with a host, return ipv4
@@ -109,11 +110,9 @@ func LookupIPv6WithResolver(ctx context.Context, host string, r Resolver) ([]net
 		return nil, ErrIPv6Disabled
 	}
 
-	if node, ok := DefaultHosts.Search(host, false); ok {
-		if addrs := utils.Filter(node.IPs, func(ip netip.Addr) bool {
-			return ip.Is6()
-		}); len(addrs) > 0 {
-			return addrs, nil
+	if node := DefaultHosts.Search(host); node != nil {
+		if ip := node.Data(); ip.Is6() {
+			return []netip.Addr{ip}, nil
 		}
 	}
 
@@ -127,6 +126,9 @@ func LookupIPv6WithResolver(ctx context.Context, host string, r Resolver) ([]net
 	if r != nil {
 		return r.LookupIPv6(ctx, host)
 	}
+	if DefaultResolver != nil {
+		return DefaultResolver.LookupIPv6(ctx, host)
+	}
 
 	ipAddrs, err := net.DefaultResolver.LookupNetIP(ctx, "ip6", host)
 	if err != nil {
@@ -151,7 +153,7 @@ func ResolveIPv6WithResolver(ctx context.Context, host string, r Resolver) (neti
 	} else if len(ips) == 0 {
 		return netip.Addr{}, fmt.Errorf("%w: %s", ErrIPNotFound, host)
 	}
-	return ips[fastrand.Intn(len(ips))], nil
+	return ips[rand.Intn(len(ips))], nil
 }
 
 func ResolveIPv6(ctx context.Context, host string) (netip.Addr, error) {
@@ -160,8 +162,8 @@ func ResolveIPv6(ctx context.Context, host string) (netip.Addr, error) {
 
 // LookupIPWithResolver same as LookupIP, but with a resolver
 func LookupIPWithResolver(ctx context.Context, host string, r Resolver) ([]netip.Addr, error) {
-	if node, ok := DefaultHosts.Search(host, false); ok {
-		return node.IPs, nil
+	if node := DefaultHosts.Search(host); node != nil {
+		return []netip.Addr{node.Data()}, nil
 	}
 
 	if r != nil {
@@ -170,7 +172,7 @@ func LookupIPWithResolver(ctx context.Context, host string, r Resolver) ([]netip
 		}
 		return r.LookupIP(ctx, host)
 	} else if DisableIPv6 {
-		return LookupIPv4WithResolver(ctx, host, r)
+		return LookupIPv4(ctx, host)
 	}
 
 	if ip, err := netip.ParseAddr(host); err == nil {
@@ -200,7 +202,7 @@ func ResolveIPWithResolver(ctx context.Context, host string, r Resolver) (netip.
 	} else if len(ips) == 0 {
 		return netip.Addr{}, fmt.Errorf("%w: %s", ErrIPNotFound, host)
 	}
-	return ips[fastrand.Intn(len(ips))], nil
+	return ips[rand.Intn(len(ips))], nil
 }
 
 // ResolveIP with a host, return ip

component/sniffer/dispatcher.go

@@ -28,8 +28,8 @@ var Dispatcher *SnifferDispatcher
 type SnifferDispatcher struct {
 	enable          bool
 	sniffers        map[sniffer.Sniffer]SnifferConfig
-	forceDomain     *trie.DomainSet
-	skipSNI         *trie.DomainSet
+	forceDomain     *trie.DomainTrie[struct{}]
+	skipSNI         *trie.DomainTrie[struct{}]
 	skipList        *cache.LruCache[string, uint8]
 	rwMux           sync.RWMutex
 	forceDnsMapping bool
@@ -37,7 +37,7 @@ type SnifferDispatcher struct {
 }
 
 func (sd *SnifferDispatcher) TCPSniff(conn *N.BufferedConn, metadata *C.Metadata) {
-	if (metadata.Host == "" && sd.parsePureIp) || sd.forceDomain.Has(metadata.Host) || (metadata.DNSMode == C.DNSMapping && sd.forceDnsMapping) {
+	if (metadata.Host == "" && sd.parsePureIp) || sd.forceDomain.Search(metadata.Host) != nil || (metadata.DNSMode == C.DNSMapping && sd.forceDnsMapping) {
 		port, err := strconv.ParseUint(metadata.DstPort, 10, 16)
 		if err != nil {
 			log.Debugln("[Sniffer] Dst port is error")
@@ -74,7 +74,7 @@ func (sd *SnifferDispatcher) TCPSniff(conn *N.BufferedConn, metadata *C.Metadata
 			log.Debugln("[Sniffer] All sniffing sniff failed with from [%s:%s] to [%s:%s]", metadata.SrcIP, metadata.SrcPort, metadata.String(), metadata.DstPort)
 			return
 		} else {
-			if sd.skipSNI.Has(host) {
+			if sd.skipSNI.Search(host) != nil {
 				log.Debugln("[Sniffer] Skip sni[%s]", host)
 				return
 			}
@@ -166,8 +166,8 @@ func NewCloseSnifferDispatcher() (*SnifferDispatcher, error) {
 	return &dispatcher, nil
 }
 
-func NewSnifferDispatcher(snifferConfig map[sniffer.Type]SnifferConfig,
-	forceDomain *trie.DomainSet, skipSNI *trie.DomainSet,
+func NewSnifferDispatcher(snifferConfig map[sniffer.Type]SnifferConfig, forceDomain *trie.DomainTrie[struct{}],
+	skipSNI *trie.DomainTrie[struct{}],
 	forceDnsMapping bool, parsePureIp bool) (*SnifferDispatcher, error) {
 	dispatcher := SnifferDispatcher{
 		enable:          true,

component/tls/config.go

@@ -14,8 +14,8 @@ import (
 	xtls "github.com/xtls/go"
 )
 
-var trustCerts []*x509.Certificate
-var certPool *x509.CertPool
+var trustCert,_ = x509.SystemCertPool()
+
 var mutex sync.RWMutex
 var errNotMacth error = errors.New("certificate fingerprints do not match")
 
@@ -25,38 +25,16 @@ func AddCertificate(certificate string) error {
 	if certificate == "" {
 		return fmt.Errorf("certificate is empty")
 	}
-	if cert, err := x509.ParseCertificate([]byte(certificate)); err == nil {
-		trustCerts = append(trustCerts, cert)
-		return nil
-	} else {
+	if ok := trustCert.AppendCertsFromPEM([]byte(certificate)); !ok {
 		return fmt.Errorf("add certificate failed")
 	}
+	return nil
 }
 
-func ResetCertificate() {
+func ResetCertificate(){
 	mutex.Lock()
 	defer mutex.Unlock()
-	trustCerts = nil
-}
-
-func getCertPool() *x509.CertPool {
-	if len(trustCerts) == 0 {
-		return nil
-	}
-	if certPool == nil {
-		mutex.Lock()
-		defer mutex.Unlock()
-		if certPool != nil {
-			return certPool
-		}
-		certPool, err := x509.SystemCertPool()
-		if err == nil {
-			for _, cert := range trustCerts {
-				certPool.AddCert(cert)
-			}
-		}
-	}
-	return certPool
+	trustCert,_=x509.SystemCertPool()
 }
 
 func verifyFingerprint(fingerprint *[32]byte) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
@@ -106,13 +84,12 @@ func GetSpecifiedFingerprintTLSConfig(tlsConfig *tls.Config, fingerprint string)
 }
 
 func GetGlobalTLSConfig(tlsConfig *tls.Config) *tls.Config {
-	certPool := getCertPool()
 	if tlsConfig == nil {
 		return &tls.Config{
-			RootCAs: certPool,
+			RootCAs: trustCert,
 		}
 	}
-	tlsConfig.RootCAs = certPool
+	tlsConfig.RootCAs = trustCert
 	return tlsConfig
 }
 
@@ -129,13 +106,12 @@ func GetSpecifiedFingerprintXTLSConfig(tlsConfig *xtls.Config, fingerprint strin
 }
 
 func GetGlobalXTLSConfig(tlsConfig *xtls.Config) *xtls.Config {
-	certPool := getCertPool()
 	if tlsConfig == nil {
 		return &xtls.Config{
-			RootCAs: certPool,
+			RootCAs: trustCert,
 		}
 	}
 
-	tlsConfig.RootCAs = certPool
+	tlsConfig.RootCAs = trustCert
 	return tlsConfig
 }

component/tls/reality.go

@@ -1,164 +0,0 @@
-package tls
-
-import (
-	"bytes"
-	"context"
-	"crypto/aes"
-	"crypto/cipher"
-	"crypto/ed25519"
-	"crypto/hmac"
-	"crypto/sha256"
-	"crypto/sha512"
-	"crypto/tls"
-	"crypto/x509"
-	"encoding/binary"
-	"errors"
-	"net"
-	"net/http"
-	"reflect"
-	"strings"
-	"time"
-	"unsafe"
-
-	"github.com/Dreamacro/clash/common/utils"
-	"github.com/Dreamacro/clash/log"
-
-	utls "github.com/sagernet/utls"
-	"github.com/zhangyunhao116/fastrand"
-	"golang.org/x/crypto/curve25519"
-	"golang.org/x/crypto/hkdf"
-	"golang.org/x/net/http2"
-)
-
-const RealityMaxShortIDLen = 8
-
-type RealityConfig struct {
-	PublicKey [curve25519.ScalarSize]byte
-	ShortID   [RealityMaxShortIDLen]byte
-}
-
-func GetRealityConn(ctx context.Context, conn net.Conn, ClientFingerprint string, tlsConfig *tls.Config, realityConfig *RealityConfig) (net.Conn, error) {
-	if fingerprint, exists := GetFingerprint(ClientFingerprint); exists {
-		verifier := &realityVerifier{
-			serverName: tlsConfig.ServerName,
-		}
-		uConfig := &utls.Config{
-			ServerName:             tlsConfig.ServerName,
-			InsecureSkipVerify:     true,
-			SessionTicketsDisabled: true,
-			VerifyPeerCertificate:  verifier.VerifyPeerCertificate,
-		}
-		clientID := utls.ClientHelloID{
-			Client:  fingerprint.Client,
-			Version: fingerprint.Version,
-			Seed:    fingerprint.Seed,
-		}
-		uConn := utls.UClient(conn, uConfig, clientID)
-		verifier.UConn = uConn
-		err := uConn.BuildHandshakeState()
-		if err != nil {
-			return nil, err
-		}
-
-		hello := uConn.HandshakeState.Hello
-		for i := range hello.SessionId { // https://github.com/golang/go/issues/5373
-			hello.SessionId[i] = 0
-		}
-		copy(hello.Raw[39:], hello.SessionId)
-
-		binary.BigEndian.PutUint64(hello.SessionId, uint64(time.Now().Unix()))
-
-		hello.SessionId[0] = 1
-		hello.SessionId[1] = 8
-		hello.SessionId[2] = 0
-		copy(hello.SessionId[8:], realityConfig.ShortID[:])
-
-		//log.Debugln("REALITY hello.sessionId[:16]: %v", hello.SessionId[:16])
-
-		authKey := uConn.HandshakeState.State13.EcdheParams.SharedKey(realityConfig.PublicKey[:])
-		if authKey == nil {
-			return nil, errors.New("nil auth_key")
-		}
-		verifier.authKey = authKey
-		_, err = hkdf.New(sha256.New, authKey, hello.Random[:20], []byte("REALITY")).Read(authKey)
-		if err != nil {
-			return nil, err
-		}
-		aesBlock, _ := aes.NewCipher(authKey)
-		aesGcmCipher, _ := cipher.NewGCM(aesBlock)
-		aesGcmCipher.Seal(hello.SessionId[:0], hello.Random[20:], hello.SessionId[:16], hello.Raw)
-		copy(hello.Raw[39:], hello.SessionId)
-		//log.Debugln("REALITY hello.sessionId: %v", hello.SessionId)
-		//log.Debugln("REALITY uConn.AuthKey: %v", authKey)
-
-		err = uConn.HandshakeContext(ctx)
-		if err != nil {
-			return nil, err
-		}
-
-		log.Debugln("REALITY Authentication: %v", verifier.verified)
-
-		if !verifier.verified {
-			go realityClientFallback(uConn, uConfig.ServerName, clientID)
-			return nil, errors.New("REALITY authentication failed")
-		}
-
-		return uConn, nil
-	}
-	return nil, errors.New("unknown uTLS fingerprint")
-}
-
-func realityClientFallback(uConn net.Conn, serverName string, fingerprint utls.ClientHelloID) {
-	defer uConn.Close()
-	client := http.Client{
-		Transport: &http2.Transport{
-			DialTLSContext: func(ctx context.Context, network, addr string, config *tls.Config) (net.Conn, error) {
-				return uConn, nil
-			},
-		},
-	}
-	request, _ := http.NewRequest("GET", "https://"+serverName, nil)
-	request.Header.Set("User-Agent", fingerprint.Client)
-	request.AddCookie(&http.Cookie{Name: "padding", Value: strings.Repeat("0", fastrand.Intn(32)+30)})
-	response, err := client.Do(request)
-	if err != nil {
-		return
-	}
-	//_, _ = io.Copy(io.Discard, response.Body)
-	time.Sleep(time.Duration(5+fastrand.Int63n(10)) * time.Second)
-	response.Body.Close()
-	client.CloseIdleConnections()
-}
-
-type realityVerifier struct {
-	*utls.UConn
-	serverName string
-	authKey    []byte
-	verified   bool
-}
-
-var pOffset = utils.MustOK(reflect.TypeOf((*utls.UConn)(nil)).Elem().FieldByName("peerCertificates")).Offset
-
-func (c *realityVerifier) VerifyPeerCertificate(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
-	//p, _ := reflect.TypeOf(c.Conn).Elem().FieldByName("peerCertificates")
-	certs := *(*[]*x509.Certificate)(unsafe.Pointer(uintptr(unsafe.Pointer(c.Conn)) + pOffset))
-	if pub, ok := certs[0].PublicKey.(ed25519.PublicKey); ok {
-		h := hmac.New(sha512.New, c.authKey)
-		h.Write(pub)
-		if bytes.Equal(h.Sum(nil), certs[0].Signature) {
-			c.verified = true
-			return nil
-		}
-	}
-	opts := x509.VerifyOptions{
-		DNSName:       c.serverName,
-		Intermediates: x509.NewCertPool(),
-	}
-	for _, cert := range certs[1:] {
-		opts.Intermediates.AddCert(cert)
-	}
-	if _, err := certs[0].Verify(opts); err != nil {
-		return err
-	}
-	return nil
-}

component/tls/utls.go

@@ -45,13 +45,8 @@ func GetFingerprint(ClientFingerprint string) (UClientHelloID, bool) {
 	}
 
 	fingerprint, ok := Fingerprints[ClientFingerprint]
-	if ok {
-		log.Debugln("use specified fingerprint:%s", fingerprint.Client)
-		return fingerprint, ok
-	} else {
-		log.Warnln("wrong ClientFingerprint:%s", ClientFingerprint)
-		return UClientHelloID{}, false
-	}
+	log.Debugln("use specified fingerprint:%s", fingerprint.Client)
+	return fingerprint, ok
 }
 
 func RollFingerprint() (UClientHelloID, bool) {
@@ -72,22 +67,7 @@ var Fingerprints = map[string]UClientHelloID{
 	"firefox":    {&utls.HelloFirefox_Auto},
 	"safari":     {&utls.HelloSafari_Auto},
 	"ios":        {&utls.HelloIOS_Auto},
-	"android":    {&utls.HelloAndroid_11_OkHttp},
-	"edge":       {&utls.HelloEdge_Auto},
-	"360":        {&utls.Hello360_Auto},
-	"qq":         {&utls.HelloQQ_Auto},
-	"random":     {nil},
-	"randomized": {nil},
-}
-
-func init() {
-	weights := utls.DefaultWeights
-	weights.TLSVersMax_Set_VersionTLS13 = 1
-	weights.FirstKeyShare_Set_CurveP256 = 0
-	randomized := utls.HelloRandomized
-	randomized.Seed, _ = utls.NewPRNGSeed()
-	randomized.Weights = &weights
-	Fingerprints["randomized"] = UClientHelloID{&randomized}
+	"randomized": {&utls.HelloRandomized},
 }
 
 func copyConfig(c *tls.Config) *utls.Config {
@@ -132,7 +112,10 @@ func SetGlobalUtlsClient(Client string) {
 }
 
 func HaveGlobalFingerprint() bool {
-	return len(initUtlsClient) != 0 && initUtlsClient != "none"
+	if len(initUtlsClient) != 0 && initUtlsClient != "none" {
+		return true
+	}
+	return false
 }
 
 func GetGlobalFingerprint() string {

component/trie/domain.go

@@ -25,7 +25,7 @@ func ValidAndSplitDomain(domain string) ([]string, bool) {
 	if domain != "" && domain[len(domain)-1] == '.' {
 		return nil, false
 	}
-	domain=strings.ToLower(domain)
+
 	parts := strings.Split(domain, domainStep)
 	if len(parts) == 1 {
 		if parts[0] == "" {
@@ -123,30 +123,6 @@ func (t *DomainTrie[T]) Optimize() {
 	t.root.optimize()
 }
 
-func (t *DomainTrie[T]) Foreach(print func(domain string, data T)) {
-	for key, data := range t.root.getChildren() {
-		recursion([]string{key}, data, print)
-	}
-}
-
-func recursion[T any](items []string, node *Node[T], fn func(domain string, data T)) {
-	for key, data := range node.getChildren() {
-		newItems := append([]string{key}, items...)
-		if data != nil && data.inited {
-			domain := joinDomain(newItems)
-			if domain[0] == domainStepByte {
-				domain = complexWildcard + domain
-			}
-			fn(domain, data.Data())
-		}
-		recursion(newItems, data, fn)
-	}
-}
-
-func joinDomain(items []string) string {
-	return strings.Join(items, domainStep)
-}
-
 // New returns a new, empty Trie.
 func New[T any]() *DomainTrie[T] {
 	return &DomainTrie[T]{root: newNode[T]()}

component/trie/domain_test.go

@@ -105,23 +105,3 @@ func TestTrie_WildcardBoundary(t *testing.T) {
 
 	assert.NotNil(t, tree.Search("example.com"))
 }
-
-func TestTrie_Foreach(t *testing.T) {
-	tree := New[netip.Addr]()
-	domainList := []string{
-		"google.com",
-		"stun.*.*.*",
-		"test.*.google.com",
-		"+.baidu.com",
-		"*.baidu.com",
-		"*.*.baidu.com",
-	}
-	for _, domain := range domainList {
-		tree.Insert(domain, localIP)
-	}
-	count := 0
-	tree.Foreach(func(domain string, data netip.Addr) {
-		count++
-	})
-	assert.Equal(t, 7, count)
-}

component/trie/node.go

@@ -116,18 +116,6 @@ func (n *Node[T]) setData(data T) {
 	n.inited = true
 }
 
-func (n *Node[T]) getChildren() map[string]*Node[T] {
-	if n.childMap == nil {
-		if n.childNode != nil {
-			m := make(map[string]*Node[T])
-			m[n.childStr] = n.childNode
-			return m
-		}
-	} else {
-		return n.childMap
-	}
-	return nil
-}
 func (n *Node[T]) Data() T {
 	return n.data
 }

component/trie/set_test.go

@@ -1,60 +0,0 @@
-package trie_test
-
-import (
-	"testing"
-
-	"github.com/Dreamacro/clash/component/trie"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestDomain(t *testing.T) {
-	domainSet := []string{
-		"baidu.com",
-		"google.com",
-		"www.google.com",
-		"test.a.net",
-		"test.a.oc",
-	}
-	set := trie.NewDomainSet(domainSet)
-	assert.NotNil(t, set)
-	assert.True(t, set.Has("test.a.net"))
-	assert.True(t, set.Has("google.com"))
-	assert.False(t, set.Has("www.baidu.com"))
-}
-
-func TestDomainComplexWildcard(t *testing.T) {
-	domainSet := []string{
-		"+.baidu.com",
-		"+.a.baidu.com",
-		"www.baidu.com",
-		"+.bb.baidu.com",
-		"test.a.net",
-		"test.a.oc",
-		"www.qq.com",
-	}
-	set := trie.NewDomainSet(domainSet)
-	assert.NotNil(t, set)
-	assert.False(t, set.Has("google.com"))
-	assert.True(t, set.Has("www.baidu.com"))
-	assert.True(t, set.Has("test.test.baidu.com"))
-}
-
-func TestDomainWildcard(t *testing.T) {
-	domainSet := []string{
-		"*.*.*.baidu.com",
-		"www.baidu.*",
-		"stun.*.*",
-		"*.*.qq.com",
-		"test.*.baidu.com",
-	}
-	set := trie.NewDomainSet(domainSet)
-	assert.NotNil(t, set)
-	assert.True(t, set.Has("www.baidu.com"))
-	assert.True(t, set.Has("test.test.baidu.com"))
-	assert.True(t, set.Has("test.test.qq.com"))
-	assert.True(t,set.Has("stun.ab.cd"))
-	assert.False(t, set.Has("test.baidu.com"))
-	assert.False(t,set.Has("www.google.com"))
-	assert.False(t, set.Has("test.qq.com"))
-	assert.False(t, set.Has("test.test.test.qq.com"))
-}

component/trie/sskv.go

@@ -1,178 +0,0 @@
-package trie
-
-// Package succinct provides several succinct data types.
-// Modify from https://github.com/openacid/succinct/blob/d4684c35d123f7528b14e03c24327231723db704/sskv.go
-
-import (
-	"sort"
-	"strings"
-
-	"github.com/Dreamacro/clash/common/utils"
-	"github.com/openacid/low/bitmap"
-)
-
-const (
-	complexWildcardByte = byte('+')
-	wildcardByte        = byte('*')
-	domainStepByte      = byte('.')
-)
-
-type DomainSet struct {
-	leaves, labelBitmap []uint64
-	labels              []byte
-	ranks, selects      []int32
-}
-
-// NewDomainSet creates a new *DomainSet struct, from a slice of sorted strings.
-func NewDomainSet(keys []string) *DomainSet {
-	domainTrie := New[struct{}]()
-	for _, domain := range keys {
-		domainTrie.Insert(domain, struct{}{})
-	}
-	reserveDomains := make([]string, 0, len(keys))
-	domainTrie.Foreach(func(domain string, data struct{}) {
-		reserveDomains = append(reserveDomains, utils.Reverse(domain))
-	})
-	// ensure that the same prefix is continuous
-	// and according to the ascending sequence of length
-	sort.Strings(reserveDomains)
-	keys = reserveDomains
-	if len(keys) == 0 {
-		return nil
-	}
-	ss := &DomainSet{}
-	lIdx := 0
-
-	type qElt struct{ s, e, col int }
-	queue := []qElt{{0, len(keys), 0}}
-	for i := 0; i < len(queue); i++ {
-		elt := queue[i]
-		if elt.col == len(keys[elt.s]) {
-			elt.s++
-			// a leaf node
-			setBit(&ss.leaves, i, 1)
-		}
-
-		for j := elt.s; j < elt.e; {
-
-			frm := j
-
-			for ; j < elt.e && keys[j][elt.col] == keys[frm][elt.col]; j++ {
-			}
-			queue = append(queue, qElt{frm, j, elt.col + 1})
-			ss.labels = append(ss.labels, keys[frm][elt.col])
-			setBit(&ss.labelBitmap, lIdx, 0)
-			lIdx++
-		}
-		setBit(&ss.labelBitmap, lIdx, 1)
-		lIdx++
-	}
-
-	ss.init()
-	return ss
-}
-
-// Has query for a key and return whether it presents in the DomainSet.
-func (ss *DomainSet) Has(key string) bool {
-	if ss == nil {
-		return false
-	}
-	key = utils.Reverse(key)
-	key = strings.ToLower(key)
-	// no more labels in this node
-	// skip character matching
-	// go to next level
-	nodeId, bmIdx := 0, 0
-	type wildcardCursor struct {
-		bmIdx, index int
-	}
-	stack := make([]wildcardCursor, 0)
-	for i := 0; i < len(key); i++ {
-	RESTART:
-		c := key[i]
-		for ; ; bmIdx++ {
-			if getBit(ss.labelBitmap, bmIdx) != 0 {
-				if len(stack) > 0 {
-					cursor := stack[len(stack)-1]
-					stack = stack[0 : len(stack)-1]
-					// back wildcard and find next node
-					nextNodeId := countZeros(ss.labelBitmap, ss.ranks, cursor.bmIdx+1)
-					nextBmIdx := selectIthOne(ss.labelBitmap, ss.ranks, ss.selects, nextNodeId-1) + 1
-					j := cursor.index
-					for ; j < len(key) && key[j] != domainStepByte; j++ {
-					}
-					if j == len(key) {
-						if getBit(ss.leaves, nextNodeId) != 0 {
-							return true
-						}else {
-							goto RESTART
-						}
-					}
-					for ; ; nextBmIdx++ {
-						if ss.labels[nextBmIdx-nextNodeId] == domainStepByte {
-							bmIdx = nextBmIdx
-							nodeId = nextNodeId
-							i = j
-							goto RESTART
-						}
-					}
-				}
-				return false
-			}
-			// handle wildcard for domain
-			if ss.labels[bmIdx-nodeId] == complexWildcardByte {
-				return true
-			} else if ss.labels[bmIdx-nodeId] == wildcardByte {
-				cursor := wildcardCursor{}
-				cursor.bmIdx = bmIdx
-				cursor.index = i
-				stack = append(stack, cursor)
-			} else if ss.labels[bmIdx-nodeId] == c {
-				break
-			}
-		}
-		nodeId = countZeros(ss.labelBitmap, ss.ranks, bmIdx+1)
-		bmIdx = selectIthOne(ss.labelBitmap, ss.ranks, ss.selects, nodeId-1) + 1
-	}
-
-	return getBit(ss.leaves, nodeId) != 0
-
-}
-
-func setBit(bm *[]uint64, i int, v int) {
-	for i>>6 >= len(*bm) {
-		*bm = append(*bm, 0)
-	}
-	(*bm)[i>>6] |= uint64(v) << uint(i&63)
-}
-
-func getBit(bm []uint64, i int) uint64 {
-	return bm[i>>6] & (1 << uint(i&63))
-}
-
-// init builds pre-calculated cache to speed up rank() and select()
-func (ss *DomainSet) init() {
-	ss.selects, ss.ranks = bitmap.IndexSelect32R64(ss.labelBitmap)
-}
-
-// countZeros counts the number of "0" in a bitmap before the i-th bit(excluding
-// the i-th bit) on behalf of rank index.
-// E.g.:
-//
-//	countZeros("010010", 4) == 3
-//	//          012345
-func countZeros(bm []uint64, ranks []int32, i int) int {
-	a, _ := bitmap.Rank64(bm, ranks, int32(i))
-	return i - int(a)
-}
-
-// selectIthOne returns the index of the i-th "1" in a bitmap, on behalf of rank
-// and select indexes.
-// E.g.:
-//
-//	selectIthOne("010010", 1) == 4
-//	//            012345
-func selectIthOne(bm []uint64, ranks, selects []int32, i int) int {
-	a, _ := bitmap.Select32R64(bm, selects, ranks, int32(i))
-	return int(a)
-}

config/config.go

@@ -4,11 +4,13 @@ import (
 	"container/list"
 	"errors"
 	"fmt"
+
 	"net"
 	"net/netip"
 	"net/url"
 	"os"
-	"regexp"
+	"reflect"
+	"runtime"
 	"strconv"
 	"strings"
 	"time"
@@ -24,7 +26,6 @@ import (
 	"github.com/Dreamacro/clash/component/geodata"
 	"github.com/Dreamacro/clash/component/geodata/router"
 	P "github.com/Dreamacro/clash/component/process"
-	"github.com/Dreamacro/clash/component/resolver"
 	SNIFF "github.com/Dreamacro/clash/component/sniffer"
 	tlsC "github.com/Dreamacro/clash/component/tls"
 	"github.com/Dreamacro/clash/component/trie"
@@ -91,7 +92,6 @@ type DNS struct {
 	Enable                bool             `yaml:"enable"`
 	PreferH3              bool             `yaml:"prefer-h3"`
 	IPv6                  bool             `yaml:"ipv6"`
-	IPv6Timeout           uint             `yaml:"ipv6-timeout"`
 	NameServer            []dns.NameServer `yaml:"nameserver"`
 	Fallback              []dns.NameServer `yaml:"fallback"`
 	FallbackFilter        FallbackFilter   `yaml:"fallback-filter"`
@@ -99,7 +99,7 @@ type DNS struct {
 	EnhancedMode          C.DNSMode        `yaml:"enhanced-mode"`
 	DefaultNameserver     []dns.NameServer `yaml:"default-nameserver"`
 	FakeIPRange           *fakeip.Pool
-	Hosts                 *trie.DomainTrie[resolver.HostValue]
+	Hosts                 *trie.DomainTrie[netip.Addr]
 	NameServerPolicy      map[string][]dns.NameServer
 	ProxyServerNameserver []dns.NameServer
 }
@@ -135,8 +135,9 @@ type IPTables struct {
 type Sniffer struct {
 	Enable          bool
 	Sniffers        map[snifferTypes.Type]SNIFF.SnifferConfig
-	ForceDomain     *trie.DomainSet
-	SkipDomain      *trie.DomainSet
+	Reverses        *trie.DomainTrie[struct{}]
+	ForceDomain     *trie.DomainTrie[struct{}]
+	SkipDomain      *trie.DomainTrie[struct{}]
 	ForceDnsMapping bool
 	ParsePureIp     bool
 }
@@ -152,7 +153,7 @@ type Config struct {
 	IPTables      *IPTables
 	DNS           *DNS
 	Experimental  *Experimental
-	Hosts         *trie.DomainTrie[resolver.HostValue]
+	Hosts         *trie.DomainTrie[netip.Addr]
 	Profile       *Profile
 	Rules         []C.Rule
 	SubRules      map[string][]C.Rule
@@ -170,7 +171,6 @@ type RawDNS struct {
 	Enable                bool              `yaml:"enable"`
 	PreferH3              bool              `yaml:"prefer-h3"`
 	IPv6                  bool              `yaml:"ipv6"`
-	IPv6Timeout           uint              `yaml:"ipv6-timeout"`
 	UseHosts              bool              `yaml:"use-hosts"`
 	NameServer            []string          `yaml:"nameserver"`
 	Fallback              []string          `yaml:"fallback"`
@@ -216,7 +216,6 @@ type RawTun struct {
 	ExcludePackage         []string          `yaml:"exclude-package" json:"exclude_package,omitempty"`
 	EndpointIndependentNat bool              `yaml:"endpoint-independent-nat" json:"endpoint_independent_nat,omitempty"`
 	UDPTimeout             int64             `yaml:"udp-timeout" json:"udp_timeout,omitempty"`
-	FileDescriptor         int               `yaml:"file-descriptor" json:"file-descriptor"`
 }
 
 type RawTuicServer struct {
@@ -264,7 +263,7 @@ type RawConfig struct {
 	Sniffer       RawSniffer                `yaml:"sniffer"`
 	ProxyProvider map[string]map[string]any `yaml:"proxy-providers"`
 	RuleProvider  map[string]map[string]any `yaml:"rule-providers"`
-	Hosts         map[string]any            `yaml:"hosts"`
+	Hosts         map[string]string         `yaml:"hosts"`
 	DNS           RawDNS                    `yaml:"dns"`
 	Tun           RawTun                    `yaml:"tun"`
 	TuicServer    RawTuicServer             `yaml:"tuic-server"`
@@ -338,7 +337,7 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) {
 		UnifiedDelay:    false,
 		Authentication:  []string{},
 		LogLevel:        log.INFO,
-		Hosts:           map[string]any{},
+		Hosts:           map[string]string{},
 		Rule:            []string{},
 		Proxy:           []map[string]any{},
 		ProxyGroup:      []map[string]any{},
@@ -378,7 +377,6 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) {
 			Enable:       false,
 			IPv6:         false,
 			UseHosts:     true,
-			IPv6Timeout:  100,
 			EnhancedMode: C.DNSMapping,
 			FakeIPRange:  "198.18.0.1/16",
 			FallbackFilter: RawFallbackFilter{
@@ -417,9 +415,9 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) {
 			StoreSelected: true,
 		},
 		GeoXUrl: RawGeoXUrl{
-			Mmdb:    "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/country.mmdb",
-			GeoIp:   "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.dat",
-			GeoSite: "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geosite.dat",
+			GeoIp:   "https://ghproxy.com/https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/geoip.dat",
+			Mmdb:    "https://ghproxy.com/https://raw.githubusercontent.com/Loyalsoldier/geoip/release/Country.mmdb",
+			GeoSite: "https://ghproxy.com/https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/geosite.dat",
 		},
 	}
 
@@ -445,11 +443,7 @@ func ParseRawConfig(rawCfg *RawConfig) (*Config, error) {
 	}
 	config.General = general
 
-	if len(config.General.GlobalClientFingerprint) != 0 {
-		log.Debugln("GlobalClientFingerprint:%s", config.General.GlobalClientFingerprint)
-		tlsC.SetGlobalUtlsClient(config.General.GlobalClientFingerprint)
-	}
-
+	dialer.DefaultInterface.Store(config.General.Interface)
 	proxies, providers, err := parseProxies(rawCfg)
 	if err != nil {
 		return nil, err
@@ -488,7 +482,7 @@ func ParseRawConfig(rawCfg *RawConfig) (*Config, error) {
 	}
 	config.Hosts = hosts
 
-	dnsCfg, err := parseDNS(rawCfg, hosts, rules, ruleProviders)
+	dnsCfg, err := parseDNS(rawCfg, hosts, rules)
 	if err != nil {
 		return nil, err
 	}
@@ -524,6 +518,11 @@ func ParseRawConfig(rawCfg *RawConfig) (*Config, error) {
 	elapsedTime := time.Since(startTime) / time.Millisecond                     // duration in ms
 	log.Infoln("Initial configuration complete, total time: %dms", elapsedTime) //Segment finished in xxm
 
+	if len(config.General.GlobalClientFingerprint) != 0 {
+		log.Debugln("GlobalClientFingerprint:%s", config.General.GlobalClientFingerprint)
+		tlsC.SetGlobalUtlsClient(config.General.GlobalClientFingerprint)
+	}
+
 	return config, nil
 }
 
@@ -820,50 +819,26 @@ func parseRules(rulesConfig []string, proxies map[string]C.Proxy, subRules map[s
 		rules = append(rules, parsed)
 	}
 
+	runtime.GC()
+
 	return rules, nil
 }
 
-func parseHosts(cfg *RawConfig) (*trie.DomainTrie[resolver.HostValue], error) {
-	tree := trie.New[resolver.HostValue]()
+func parseHosts(cfg *RawConfig) (*trie.DomainTrie[netip.Addr], error) {
+	tree := trie.New[netip.Addr]()
 
 	// add default hosts
-	hostValue, _ := resolver.NewHostValueByIPs(
-		[]netip.Addr{netip.AddrFrom4([4]byte{127, 0, 0, 1})})
-	if err := tree.Insert("localhost", hostValue); err != nil {
+	if err := tree.Insert("localhost", netip.AddrFrom4([4]byte{127, 0, 0, 1})); err != nil {
 		log.Errorln("insert localhost to host error: %s", err.Error())
 	}
 
 	if len(cfg.Hosts) != 0 {
-		for domain, anyValue := range cfg.Hosts {
-			if str, ok := anyValue.(string); ok && str == "clash" {
-				if addrs, err := net.InterfaceAddrs(); err != nil {
-					log.Errorln("insert clash to host error: %s", err)
-				} else {
-					ips := make([]netip.Addr, 0)
-					for _, addr := range addrs {
-						if ipnet, ok := addr.(*net.IPNet); ok && !ipnet.IP.IsLoopback() {
-							if ip, err := netip.ParseAddr(ipnet.IP.String()); err == nil {
-								ips = append(ips, ip)
-							}
-						}
-					}
-					anyValue = ips
-				}
-			}
-			value, err := resolver.NewHostValue(anyValue)
+		for domain, ipStr := range cfg.Hosts {
+			ip, err := netip.ParseAddr(ipStr)
 			if err != nil {
-				return nil, fmt.Errorf("%s is not a valid value", anyValue)
+				return nil, fmt.Errorf("%s is not a valid IP", ipStr)
 			}
-			if value.IsDomain {
-				node := tree.Search(value.Domain)
-				for node != nil && node.Data().IsDomain {
-					if node.Data().Domain == domain {
-						return nil, fmt.Errorf("%s, there is a cycle in domain name mapping", domain)
-					}
-					node = tree.Search(node.Data().Domain)
-				}
-			}
-			_ = tree.Insert(domain, value)
+			_ = tree.Insert(domain, ip)
 		}
 	}
 	tree.Optimize()
@@ -979,65 +954,34 @@ func parsePureDNSServer(server string) string {
 		}
 	}
 }
-func parseNameServerPolicy(nsPolicy map[string]any, ruleProviders map[string]providerTypes.RuleProvider, preferH3 bool) (map[string][]dns.NameServer, error) {
+func parseNameServerPolicy(nsPolicy map[string]any, preferH3 bool) (map[string][]dns.NameServer, error) {
 	policy := map[string][]dns.NameServer{}
-	updatedPolicy := make(map[string]interface{})
-	re := regexp.MustCompile(`[a-zA-Z0-9\-]+\.[a-zA-Z]{2,}(\.[a-zA-Z]{2,})?`)
 
-	for k, v := range nsPolicy {
-		if strings.Contains(k, ",") {
-			if strings.Contains(k, "geosite:") {
-				subkeys := strings.Split(k, ":")
-				subkeys = subkeys[1:]
-				subkeys = strings.Split(subkeys[0], ",")
-				for _, subkey := range subkeys {
-					newKey := "geosite:" + subkey
-					updatedPolicy[newKey] = v
-				}
-			} else if strings.Contains(k, "rule-set:") {
-				subkeys := strings.Split(k, ":")
-				subkeys = subkeys[1:]
-				subkeys = strings.Split(subkeys[0], ",")
-				for _, subkey := range subkeys {
-					newKey := "rule-set:" + subkey
-					updatedPolicy[newKey] = v
-				}
-			} else if re.MatchString(k) {
-				subkeys := strings.Split(k, ",")
-				for _, subkey := range subkeys {
-					updatedPolicy[subkey] = v
-				}
+	for domain, server := range nsPolicy {
+		var (
+			nameservers []dns.NameServer
+			err         error
+		)
+
+		switch reflect.TypeOf(server).Kind() {
+		case reflect.Slice, reflect.Array:
+			origin := reflect.ValueOf(server)
+			servers := make([]string, 0)
+			for i := 0; i < origin.Len(); i++ {
+				servers = append(servers, fmt.Sprintf("%v", origin.Index(i)))
 			}
-		} else {
-			updatedPolicy[k] = v
+			nameservers, err = parseNameServer(servers, preferH3)
+		case reflect.String:
+			nameservers, err = parseNameServer([]string{fmt.Sprintf("%v", server)}, preferH3)
+		default:
+			return nil, errors.New("server format error, must be string or array")
 		}
-	}
-
-	for domain, server := range updatedPolicy {
-		servers, err := utils.ToStringSlice(server)
-		if err != nil {
-			return nil, err
-		}
-		nameservers, err := parseNameServer(servers, preferH3)
 		if err != nil {
 			return nil, err
 		}
 		if _, valid := trie.ValidAndSplitDomain(domain); !valid {
 			return nil, fmt.Errorf("DNS ResoverRule invalid domain: %s", domain)
 		}
-		if strings.HasPrefix(domain, "rule-set:") {
-			domainSetName := domain[9:]
-			if provider, ok := ruleProviders[domainSetName]; !ok {
-				return nil, fmt.Errorf("not found rule-set: %s", domainSetName)
-			} else {
-				switch provider.Behavior() {
-				case providerTypes.IPCIDR:
-					return nil, fmt.Errorf("rule provider type error, except domain,actual %s", provider.Behavior())
-				case providerTypes.Classical:
-					log.Warnln("%s provider is %s, only matching it contain domain rule", provider.Name(), provider.Behavior())
-				}
-			}
-		}
 		policy[domain] = nameservers
 	}
 
@@ -1090,10 +1034,11 @@ func parseFallbackGeoSite(countries []string, rules []C.Rule) ([]*router.DomainM
 			log.Infoln("Start initial GeoSite dns fallback filter `%s`, records: %d", country, recordsCount)
 		}
 	}
+	runtime.GC()
 	return sites, nil
 }
 
-func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie[resolver.HostValue], rules []C.Rule, ruleProviders map[string]providerTypes.RuleProvider) (*DNS, error) {
+func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie[netip.Addr], rules []C.Rule) (*DNS, error) {
 	cfg := rawCfg.DNS
 	if cfg.Enable && len(cfg.NameServer) == 0 {
 		return nil, fmt.Errorf("if DNS configuration is turned on, NameServer cannot be empty")
@@ -1103,7 +1048,6 @@ func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie[resolver.HostValue], rul
 		Enable:       cfg.Enable,
 		Listen:       cfg.Listen,
 		PreferH3:     cfg.PreferH3,
-		IPv6Timeout:  cfg.IPv6Timeout,
 		IPv6:         cfg.IPv6,
 		EnhancedMode: cfg.EnhancedMode,
 		FallbackFilter: FallbackFilter{
@@ -1120,7 +1064,7 @@ func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie[resolver.HostValue], rul
 		return nil, err
 	}
 
-	if dnsCfg.NameServerPolicy, err = parseNameServerPolicy(cfg.NameServerPolicy, ruleProviders, cfg.PreferH3); err != nil {
+	if dnsCfg.NameServerPolicy, err = parseNameServerPolicy(cfg.NameServerPolicy, cfg.PreferH3); err != nil {
 		return nil, err
 	}
 
@@ -1256,7 +1200,6 @@ func parseTun(rawTun RawTun, general *General) error {
 		ExcludePackage:         rawTun.ExcludePackage,
 		EndpointIndependentNat: rawTun.EndpointIndependentNat,
 		UDPTimeout:             rawTun.UDPTimeout,
-		FileDescriptor:         rawTun.FileDescriptor,
 	}
 
 	return nil
@@ -1312,10 +1255,8 @@ func parseSniffer(snifferRaw RawSniffer) (*Sniffer, error) {
 			}
 		}
 	} else {
-		if sniffer.Enable {
-			// Deprecated: Use Sniff instead
-			log.Warnln("Deprecated: Use Sniff instead")
-		}
+		// Deprecated: Use Sniff instead
+		log.Warnln("Deprecated: Use Sniff instead")
 		globalPorts, err := parsePortRange(snifferRaw.Ports)
 		if err != nil {
 			return nil, err
@@ -1340,8 +1281,24 @@ func parseSniffer(snifferRaw RawSniffer) (*Sniffer, error) {
 	}
 
 	sniffer.Sniffers = loadSniffer
-	sniffer.ForceDomain = trie.NewDomainSet(snifferRaw.ForceDomain)
-	sniffer.SkipDomain = trie.NewDomainSet(snifferRaw.SkipDomain)
+	sniffer.ForceDomain = trie.New[struct{}]()
+	for _, domain := range snifferRaw.ForceDomain {
+		err := sniffer.ForceDomain.Insert(domain, struct{}{})
+		if err != nil {
+			return nil, fmt.Errorf("error domian[%s] in force-domain, error:%v", domain, err)
+		}
+	}
+	sniffer.ForceDomain.Optimize()
+
+	sniffer.SkipDomain = trie.New[struct{}]()
+	for _, domain := range snifferRaw.SkipDomain {
+		err := sniffer.SkipDomain.Insert(domain, struct{}{})
+		if err != nil {
+			return nil, fmt.Errorf("error domian[%s] in force-domain, error:%v", domain, err)
+		}
+	}
+	sniffer.SkipDomain.Optimize()
+
 	return sniffer, nil
 }
 

config/updateGeo.go

@@ -63,8 +63,6 @@ func UpdateGeoDatabases() error {
 		return fmt.Errorf("can't save GeoSite database file: %w", err)
 	}
 
-	geodata.ClearCache()
-
 	return nil
 }
 

constant/features/low_memory.go

@@ -1,5 +0,0 @@
-package features
-
-func init() {
-	TAGS = append(TAGS, "with_low_memory")
-}

constant/features/no_doq.go

@@ -0,0 +1,7 @@
+//go:build no_doq
+
+package features
+
+func init() {
+	TAGS = append(TAGS, "no_doq")
+}

constant/features/no_fake_tcp.go

@@ -1,7 +0,0 @@
-//go:build no_fake_tcp
-
-package features
-
-func init() {
-	TAGS = append(TAGS, "no_fake_tcp")
-}

constant/features/no_gvisor.go

@@ -0,0 +1,7 @@
+//go:build no_gvisor
+
+package features
+
+func init() {
+	TAGS = append(TAGS, "no_gvisor")
+}

constant/features/with_gvisor.go

@@ -1,7 +0,0 @@
-//go:build with_gvisor
-
-package features
-
-func init() {
-	TAGS = append(TAGS, "with_gvisor")
-}

constant/path.go

@@ -66,7 +66,7 @@ func (p *path) MMDB() string {
 			// 目录则直接跳过
 			continue
 		} else {
-			if strings.EqualFold(strings.ToLower(fi.Name()), "country.mmdb") {
+			if strings.EqualFold(fi.Name(), "Country.mmdb") {
 				GeoipName = fi.Name()
 				return P.Join(p.homeDir, fi.Name())
 			}
@@ -93,7 +93,7 @@ func (p *path) GeoIP() string {
 			// 目录则直接跳过
 			continue
 		} else {
-			if strings.EqualFold(strings.ToLower(fi.Name()), "geoip.dat") {
+			if strings.EqualFold(fi.Name(), "GeoIP.dat") {
 				GeoipName = fi.Name()
 				return P.Join(p.homeDir, fi.Name())
 			}
@@ -112,7 +112,7 @@ func (p *path) GeoSite() string {
 			// 目录则直接跳过
 			continue
 		} else {
-			if strings.EqualFold(strings.ToLower(fi.Name()), "geosite.dat") {
+			if strings.EqualFold(fi.Name(), "GeoSite.dat") {
 				GeositeName = fi.Name()
 				return P.Join(p.homeDir, fi.Name())
 			}

context/conn.go

@@ -1,7 +1,6 @@
 package context
 
 import (
-	"github.com/Dreamacro/clash/common/utils"
 	"net"
 
 	N "github.com/Dreamacro/clash/common/net"
@@ -17,8 +16,10 @@ type ConnContext struct {
 }
 
 func NewConnContext(conn net.Conn, metadata *C.Metadata) *ConnContext {
+	id, _ := uuid.NewV4()
+
 	return &ConnContext{
-		id:       utils.NewUUIDV4(),
+		id:       id,
 		metadata: metadata,
 		conn:     N.NewBufferedConn(conn),
 	}

context/dns.go

@@ -2,7 +2,6 @@ package context
 
 import (
 	"context"
-	"github.com/Dreamacro/clash/common/utils"
 
 	"github.com/gofrs/uuid"
 	"github.com/miekg/dns"
@@ -23,10 +22,11 @@ type DNSContext struct {
 }
 
 func NewDNSContext(ctx context.Context, msg *dns.Msg) *DNSContext {
+	id, _ := uuid.NewV4()
 	return &DNSContext{
 		Context: ctx,
 
-		id:  utils.NewUUIDV4(),
+		id:  id,
 		msg: msg,
 	}
 }

context/packetconn.go

@@ -3,7 +3,6 @@ package context
 import (
 	"net"
 
-	"github.com/Dreamacro/clash/common/utils"
 	C "github.com/Dreamacro/clash/constant"
 
 	"github.com/gofrs/uuid"
@@ -16,8 +15,9 @@ type PacketConnContext struct {
 }
 
 func NewPacketConnContext(metadata *C.Metadata) *PacketConnContext {
+	id, _ := uuid.NewV4()
 	return &PacketConnContext{
-		id:       utils.NewUUIDV4(),
+		id:       id,
 		metadata: metadata,
 	}
 }

dns/client.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
+	"math/rand"
 	"net"
 	"net/netip"
 	"strings"
@@ -15,7 +16,6 @@ import (
 	"github.com/Dreamacro/clash/component/resolver"
 
 	D "github.com/miekg/dns"
-	"github.com/zhangyunhao116/fastrand"
 )
 
 type client struct {
@@ -68,7 +68,7 @@ func (c *client) ExchangeContext(ctx context.Context, m *D.Msg) (*D.Msg, error)
 		} else if len(ips) == 0 {
 			return nil, fmt.Errorf("%w: %s", resolver.ErrIPNotFound, c.host)
 		}
-		ip = ips[fastrand.Intn(len(ips))]
+		ip = ips[rand.Intn(len(ips))]
 	}
 
 	network := "udp"

dns/filters.go

@@ -29,10 +29,29 @@ func (gf *geoipFilter) Match(ip netip.Addr) bool {
 	}
 
 	if geoIPMatcher == nil {
-		var err error
-		geoIPMatcher, _, err = geodata.LoadGeoIPMatcher("CN")
+		countryCode := "cn"
+		geoLoader, err := geodata.GetGeoDataLoader(geodata.LoaderName())
 		if err != nil {
-			log.Errorln("[GeoIPFilter] LoadGeoIPMatcher error: %s", err.Error())
+			log.Errorln("[GeoIPFilter] GetGeoDataLoader error: %s", err.Error())
+			return false
+		}
+
+		records, err := geoLoader.LoadGeoIP(countryCode)
+		if err != nil {
+			log.Errorln("[GeoIPFilter] LoadGeoIP error: %s", err.Error())
+			return false
+		}
+
+		geoIP := &router.GeoIP{
+			CountryCode:  countryCode,
+			Cidr:         records,
+			ReverseMatch: false,
+		}
+
+		geoIPMatcher, err = router.NewGeoIPMatcher(geoIP)
+
+		if err != nil {
+			log.Errorln("[GeoIPFilter] NewGeoIPMatcher error: %s", err.Error())
 			return false
 		}
 	}
@@ -73,10 +92,6 @@ type geoSiteFilter struct {
 }
 
 func NewGeoSite(group string) (fallbackDomainFilter, error) {
-	if err := geodata.InitGeoSite(); err != nil {
-		log.Errorln("can't initial GeoSite: %s", err)
-		return nil, err
-	}
 	matcher, _, err := geodata.LoadGeoSiteMatcher(group)
 	if err != nil {
 		return nil, err

dns/middleware.go

@@ -8,7 +8,7 @@ import (
 	"github.com/Dreamacro/clash/common/cache"
 	"github.com/Dreamacro/clash/common/nnip"
 	"github.com/Dreamacro/clash/component/fakeip"
-	R "github.com/Dreamacro/clash/component/resolver"
+	"github.com/Dreamacro/clash/component/trie"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/context"
 	"github.com/Dreamacro/clash/log"
@@ -21,7 +21,7 @@ type (
 	middleware func(next handler) handler
 )
 
-func withHosts(hosts R.Hosts, mapping *cache.LruCache[netip.Addr, string]) middleware {
+func withHosts(hosts *trie.DomainTrie[netip.Addr], mapping *cache.LruCache[netip.Addr, string]) middleware {
 	return func(next handler) handler {
 		return func(ctx *context.DNSContext, r *D.Msg) (*D.Msg, error) {
 			q := r.Question[0]
@@ -31,68 +31,40 @@ func withHosts(hosts R.Hosts, mapping *cache.LruCache[netip.Addr, string]) middl
 			}
 
 			host := strings.TrimRight(q.Name, ".")
-			handleCName := func(resp *D.Msg, domain string) {
-				rr := &D.CNAME{}
-				rr.Hdr = D.RR_Header{Name: q.Name, Rrtype: D.TypeCNAME, Class: D.ClassINET, Ttl: 10}
-				rr.Target = domain + "."
-				resp.Answer = append([]D.RR{rr}, resp.Answer...)
-			}
-			record, ok := hosts.Search(host, q.Qtype != D.TypeA && q.Qtype != D.TypeAAAA)
-			if !ok {
-				if record != nil && record.IsDomain {
-					// replace request domain
-					newR := r.Copy()
-					newR.Question[0].Name = record.Domain + "."
-					resp, err := next(ctx, newR)
-					if err == nil {
-						resp.Id = r.Id
-						resp.Question = r.Question
-						handleCName(resp, record.Domain)
-					}
-					return resp, err
-				}
+
+			record := hosts.Search(host)
+			if record == nil {
 				return next(ctx, r)
 			}
 
+			ip := record.Data()
 			msg := r.Copy()
-			handleIPs := func() {
-				for _, ipAddr := range record.IPs {
-					if ipAddr.Is4() && q.Qtype == D.TypeA {
-						rr := &D.A{}
-						rr.Hdr = D.RR_Header{Name: q.Name, Rrtype: D.TypeA, Class: D.ClassINET, Ttl: 10}
-						rr.A = ipAddr.AsSlice()
-						msg.Answer = append(msg.Answer, rr)
-						if mapping != nil {
-							mapping.SetWithExpire(ipAddr, host, time.Now().Add(time.Second*10))
-						}
-					} else if q.Qtype == D.TypeAAAA {
-						rr := &D.AAAA{}
-						rr.Hdr = D.RR_Header{Name: q.Name, Rrtype: D.TypeAAAA, Class: D.ClassINET, Ttl: 10}
-						ip := ipAddr.As16()
-						rr.AAAA = ip[:]
-						msg.Answer = append(msg.Answer, rr)
-						if mapping != nil {
-							mapping.SetWithExpire(ipAddr, host, time.Now().Add(time.Second*10))
-						}
-					}
-				}
+
+			if ip.Is4() && q.Qtype == D.TypeA {
+				rr := &D.A{}
+				rr.Hdr = D.RR_Header{Name: q.Name, Rrtype: D.TypeA, Class: D.ClassINET, Ttl: 10}
+				rr.A = ip.AsSlice()
+
+				msg.Answer = []D.RR{rr}
+			} else if q.Qtype == D.TypeAAAA {
+				rr := &D.AAAA{}
+				rr.Hdr = D.RR_Header{Name: q.Name, Rrtype: D.TypeAAAA, Class: D.ClassINET, Ttl: 10}
+				ip := ip.As16()
+				rr.AAAA = ip[:]
+				msg.Answer = []D.RR{rr}
+			} else {
+				return next(ctx, r)
 			}
 
-			switch q.Qtype {
-			case D.TypeA:
-				handleIPs()
-			case D.TypeAAAA:
-				handleIPs()
-			case D.TypeCNAME:
-				handleCName(r, record.Domain)
-			default:
-				return next(ctx, r)
+			if mapping != nil {
+				mapping.SetWithExpire(ip, host, time.Now().Add(time.Second*10))
 			}
 
 			ctx.SetType(context.DNSTypeHost)
 			msg.SetRcode(r, D.RcodeSuccess)
 			msg.Authoritative = true
 			msg.RecursionAvailable = true
+
 			return msg, nil
 		}
 	}
@@ -177,7 +149,6 @@ func withFakeIP(fakePool *fakeip.Pool) middleware {
 func withResolver(resolver *Resolver) handler {
 	return func(ctx *context.DNSContext, r *D.Msg) (*D.Msg, error) {
 		ctx.SetType(context.DNSTypeRaw)
-
 		q := r.Question[0]
 
 		// return a empty AAAA msg when ipv6 disabled
@@ -212,7 +183,7 @@ func NewHandler(resolver *Resolver, mapper *ResolverEnhancer) handler {
 	middlewares := []middleware{}
 
 	if resolver.hosts != nil {
-		middlewares = append(middlewares, withHosts(R.NewHosts(resolver.hosts), mapper.mapping))
+		middlewares = append(middlewares, withHosts(resolver.hosts, mapper.mapping))
 	}
 
 	if mapper.mode == C.DNSFakeIP {

dns/resolver.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"math/rand"
 	"net/netip"
 	"strings"
 	"time"
@@ -16,11 +17,9 @@ import (
 	"github.com/Dreamacro/clash/component/resolver"
 	"github.com/Dreamacro/clash/component/trie"
 	C "github.com/Dreamacro/clash/constant"
-	"github.com/Dreamacro/clash/constant/provider"
 	"github.com/Dreamacro/clash/log"
 
 	D "github.com/miekg/dns"
-	"github.com/zhangyunhao116/fastrand"
 	"golang.org/x/sync/singleflight"
 )
 
@@ -41,15 +40,9 @@ type geositePolicyRecord struct {
 	inversedMatching bool
 }
 
-type domainSetPolicyRecord struct {
-	domainSetProvider provider.RuleProvider
-	policy            *Policy
-}
-
 type Resolver struct {
 	ipv6                  bool
-	ipv6Timeout           time.Duration
-	hosts                 *trie.DomainTrie[resolver.HostValue]
+	hosts                 *trie.DomainTrie[netip.Addr]
 	main                  []dnsClient
 	fallback              []dnsClient
 	fallbackDomainFilters []fallbackDomainFilter
@@ -57,7 +50,6 @@ type Resolver struct {
 	group                 singleflight.Group
 	lruCache              *cache.LruCache[string, *D.Msg]
 	policy                *trie.DomainTrie[*Policy]
-	domainSetPolicy       []domainSetPolicyRecord
 	geositePolicy         []geositePolicyRecord
 	proxyServer           []dnsClient
 }
@@ -99,20 +91,14 @@ func (r *Resolver) LookupIP(ctx context.Context, host string) (ips []netip.Addr,
 	}()
 
 	ips, err = r.lookupIP(ctx, host, D.TypeA)
-	var waitIPv6 *time.Timer
-	if r != nil {
-		waitIPv6 = time.NewTimer(r.ipv6Timeout)
-	} else {
-		waitIPv6 = time.NewTimer(100 * time.Millisecond)
-	}
-	defer waitIPv6.Stop()
+
 	select {
 	case ipv6s, open := <-ch:
 		if !open && err != nil {
 			return nil, resolver.ErrIPNotFound
 		}
 		ips = append(ips, ipv6s...)
-	case <-waitIPv6.C:
+	case <-time.After(30 * time.Millisecond):
 		// wait ipv6 result
 	}
 
@@ -127,7 +113,7 @@ func (r *Resolver) ResolveIP(ctx context.Context, host string) (ip netip.Addr, e
 	} else if len(ips) == 0 {
 		return netip.Addr{}, fmt.Errorf("%w: %s", resolver.ErrIPNotFound, host)
 	}
-	return ips[fastrand.Intn(len(ips))], nil
+	return ips[rand.Intn(len(ips))], nil
 }
 
 // LookupIPv4 request with TypeA
@@ -143,7 +129,7 @@ func (r *Resolver) ResolveIPv4(ctx context.Context, host string) (ip netip.Addr,
 	} else if len(ips) == 0 {
 		return netip.Addr{}, fmt.Errorf("%w: %s", resolver.ErrIPNotFound, host)
 	}
-	return ips[fastrand.Intn(len(ips))], nil
+	return ips[rand.Intn(len(ips))], nil
 }
 
 // LookupIPv6 request with TypeAAAA
@@ -159,7 +145,7 @@ func (r *Resolver) ResolveIPv6(ctx context.Context, host string) (ip netip.Addr,
 	} else if len(ips) == 0 {
 		return netip.Addr{}, fmt.Errorf("%w: %s", resolver.ErrIPNotFound, host)
 	}
-	return ips[fastrand.Intn(len(ips))], nil
+	return ips[rand.Intn(len(ips))], nil
 }
 
 func (r *Resolver) shouldIPFallback(ip netip.Addr) bool {
@@ -308,12 +294,6 @@ func (r *Resolver) matchPolicy(m *D.Msg) []dnsClient {
 			return geositeRecord.policy.GetData()
 		}
 	}
-	metadata := &C.Metadata{Host: domain}
-	for _, domainSetRecord := range r.domainSetPolicy {
-		if ok := domainSetRecord.domainSetProvider.Match(metadata); ok {
-			return domainSetRecord.policy.GetData()
-		}
-	}
 	return nil
 }
 
@@ -435,33 +415,28 @@ type FallbackFilter struct {
 }
 
 type Config struct {
-	Main, Fallback  []NameServer
-	Default         []NameServer
-	ProxyServer     []NameServer
-	IPv6            bool
-	IPv6Timeout     uint
-	EnhancedMode    C.DNSMode
-	FallbackFilter  FallbackFilter
-	Pool            *fakeip.Pool
-	Hosts           *trie.DomainTrie[resolver.HostValue]
-	Policy          map[string][]NameServer
-	DomainSetPolicy map[provider.RuleProvider][]NameServer
-	GeositePolicy   map[router.DomainMatcher][]NameServer
+	Main, Fallback []NameServer
+	Default        []NameServer
+	ProxyServer    []NameServer
+	IPv6           bool
+	EnhancedMode   C.DNSMode
+	FallbackFilter FallbackFilter
+	Pool           *fakeip.Pool
+	Hosts          *trie.DomainTrie[netip.Addr]
+	Policy         map[string][]NameServer
 }
 
 func NewResolver(config Config) *Resolver {
 	defaultResolver := &Resolver{
-		main:        transform(config.Default, nil),
-		lruCache:    cache.New(cache.WithSize[string, *D.Msg](4096), cache.WithStale[string, *D.Msg](true)),
-		ipv6Timeout: time.Duration(config.IPv6Timeout) * time.Millisecond,
+		main:     transform(config.Default, nil),
+		lruCache: cache.New(cache.WithSize[string, *D.Msg](4096), cache.WithStale[string, *D.Msg](true)),
 	}
 
 	r := &Resolver{
-		ipv6:        config.IPv6,
-		main:        transform(config.Main, defaultResolver),
-		lruCache:    cache.New(cache.WithSize[string, *D.Msg](4096), cache.WithStale[string, *D.Msg](true)),
-		hosts:       config.Hosts,
-		ipv6Timeout: time.Duration(config.IPv6Timeout) * time.Millisecond,
+		ipv6:     config.IPv6,
+		main:     transform(config.Main, defaultResolver),
+		lruCache: cache.New(cache.WithSize[string, *D.Msg](4096), cache.WithStale[string, *D.Msg](true)),
+		hosts:    config.Hosts,
 	}
 
 	if len(config.Fallback) != 0 {
@@ -498,14 +473,6 @@ func NewResolver(config Config) *Resolver {
 		}
 		r.policy.Optimize()
 	}
-	if len(config.DomainSetPolicy) > 0 {
-		for p, n := range config.DomainSetPolicy {
-			r.domainSetPolicy = append(r.domainSetPolicy, domainSetPolicyRecord{
-				domainSetProvider: p,
-				policy:            NewPolicy(transform(n, defaultResolver)),
-			})
-		}
-	}
 
 	fallbackIPFilters := []fallbackIPFilter{}
 	if config.FallbackFilter.GeoIP {
@@ -535,12 +502,11 @@ func NewResolver(config Config) *Resolver {
 
 func NewProxyServerHostResolver(old *Resolver) *Resolver {
 	r := &Resolver{
-		ipv6:        old.ipv6,
-		main:        old.proxyServer,
-		lruCache:    old.lruCache,
-		hosts:       old.hosts,
-		policy:      trie.New[*Policy](),
-		ipv6Timeout: old.ipv6Timeout,
+		ipv6:     old.ipv6,
+		main:     old.proxyServer,
+		lruCache: old.lruCache,
+		hosts:    old.hosts,
+		policy:   old.policy,
 	}
 	return r
 }

dns/util.go

@@ -66,7 +66,7 @@ func setMsgTTL(msg *D.Msg, ttl uint32) {
 }
 
 func isIPRequest(q D.Question) bool {
-	return q.Qclass == D.ClassINET && (q.Qtype == D.TypeA || q.Qtype == D.TypeAAAA || q.Qtype == D.TypeCNAME)
+	return q.Qclass == D.ClassINET && (q.Qtype == D.TypeA || q.Qtype == D.TypeAAAA)
 }
 
 func transform(servers []NameServer, resolver *Resolver) []dnsClient {

docker/file-name.sh

@@ -1,25 +1,26 @@
 #!/bin/sh
 os="clash.meta-linux-"
-case $TARGETPLATFORM in
-    "linux/amd64")
+arch=`uname -m`
+case $arch in 
+    "x86_64")
         arch="amd64-compatible"
         ;;
-    "linux/386")
-        arch="386"
+    "x86")
+        arch="386-cgo"
         ;;
-    "linux/arm64")
+    "aarch64")
         arch="arm64"
         ;;
-    "linux/arm/v7")
+    "armv7l")
         arch="armv7"
         ;;
     "riscv64")
-        arch="riscv64"
+        arch="riscv64-cgo"
         ;;
     *)
         echo "Unknown architecture"
         exit 1
         ;;        
 esac
-file_name="$os$arch-$(cat bin/version.txt)"
+file_name="$os$arch"
 echo $file_name

docs/config.yaml

@@ -58,13 +58,11 @@ hosts:
 # '*.clash.dev': 127.0.0.1
 # '.dev': 127.0.0.1
 # 'alpha.clash.dev': '::1'
-# test.com: [1.1.1.1, 2.2.2.2]
-# clash.lan: clash # clash 为特别字段，将加入本地所有网卡的地址
-# baidu.com: google.com # 只允许配置一个别名
 
-profile: # 存储 select 选择记录
+profile:
+  # 存储 select 选择记录
   store-selected: false
-  
+
   # 持久化 fake-ip
   store-fake-ip: true
 
@@ -169,7 +167,7 @@ dns:
   prefer-h3: true # 开启 DoH 支持 HTTP/3，将并发尝试
   listen: 0.0.0.0:53 # 开启 DNS 服务器监听
   # ipv6: false # false 将返回 AAAA 的空结果
-  # ipv6-timeout: 300 # 单位：ms，内部双栈并发时，向上游查询 AAAA 时，等待 AAAA 的时间，默认 100ms
+  
   # 用于解析 nameserver，fallback 以及其他DNS服务器配置的，DNS 服务域名
   # 只能使用纯 IP 地址，可使用加密 DNS
   default-nameserver:
@@ -231,14 +229,12 @@ dns:
   #     - '+.youtube.com'
   
   # 配置查询域名使用的 DNS 服务器
-  nameserver-policy:
-    #   'www.baidu.com': '114.114.114.114'
+  nameserver-policy: #   'www.baidu.com': '114.114.114.114'
     #   '+.internal.crop.com': '10.0.0.1'
-    "geosite:cn,private,apple":
+    "geosite:cn":
       - https://doh.pub/dns-query
       - https://dns.alidns.com/dns-query
-    "www.baidu.com,+.google.cn": [223.5.5.5, https://dns.alidns.com/dns-query]
-    # "rule-set:global,dns": 8.8.8.8 # global，dns 为 rule-providers 中的名为 global 和 dns 的规则提供器名字，且 behavior 必须为 domain 
+    "www.baidu.com": [https://doh.pub/dns-query, https://dns.alidns.com/dns-query]
 
 proxies: # socks5
   - name: "socks"
@@ -277,7 +273,7 @@ proxies: # socks5
     # obfs-opts:
     # mode: http # or tls
     # host: bing.com
-  
+    
   # Shadowsocks
   # cipher支持:
   #   aes-128-gcm aes-192-gcm aes-256-gcm
@@ -300,7 +296,7 @@ proxies: # socks5
     # UDP 则为双栈解析，获取结果中的第一个 IPv4
     # ipv6-prefer 同 ipv4-prefer
     # 现有协议都支持此参数，TCP 效果仅在开启 tcp-concurrent 生效
-  
+
   - name: "ss2"
     type: ss
     server: server
@@ -332,55 +328,17 @@ proxies: # socks5
     # headers:
     #   custom: value
   
-  - name: "ss4-shadow-tls"
+  - name: "ss4"
     type: ss
     server: server
     port: 443
     cipher: chacha20-ietf-poly1305
     password: "password"
     plugin: shadow-tls
-    client-fingerprint: chrome
     plugin-opts:
       host: "cloud.tencent.com"
       password: "shadow_tls_password"
       version: 2 # support 1/2/3
-
-  - name: "ss-restls-tls13"
-    type: ss
-    server: [YOUR_SERVER_IP]
-    port: 443
-    cipher: chacha20-ietf-poly1305
-    password: [YOUR_SS_PASSWORD]
-    client-fingerprint: chrome # One of: chrome, ios, firefox or safari
-                               # 可以是chrome, ios, firefox, safari中的一个
-    plugin: restls
-    plugin-opts:
-        host: "www.microsoft.com" # Must be a TLS 1.3 server
-                                  # 应当是一个TLS 1.3 服务器
-        password: [YOUR_RESTLS_PASSWORD]
-        version-hint: "tls13"
-        # Control your post-handshake traffic through restls-script
-        # Hide proxy behaviors like "tls in tls". 
-        # see https://github.com/3andne/restls/blob/main/Restls-Script:%20Hide%20Your%20Proxy%20Traffic%20Behavior.md
-        # 用restls剧本来控制握手后的行为，隐藏"tls in tls"等特征
-        # 详情：https://github.com/3andne/restls/blob/main/Restls-Script:%20%E9%9A%90%E8%97%8F%E4%BD%A0%E7%9A%84%E4%BB%A3%E7%90%86%E8%A1%8C%E4%B8%BA.md
-        restls-script: "300?100<1,400~100,350~100,600~100,300~200,300~100"
-
-  - name: "ss-restls-tls12"
-    type: ss
-    server: [YOUR_SERVER_IP]
-    port: 443
-    cipher: chacha20-ietf-poly1305
-    password: [YOUR_SS_PASSWORD]
-    client-fingerprint: chrome # One of: chrome, ios, firefox or safari
-                               # 可以是chrome, ios, firefox, safari中的一个
-    plugin: restls
-    plugin-opts:
-        host: "vscode.dev" # Must be a TLS 1.2 server
-                           # 应当是一个TLS 1.2 服务器
-        password: [YOUR_RESTLS_PASSWORD]
-        version-hint: "tls12"
-        restls-script: "1000?100<1,500~100,350~100,600~100,400~200"
   
   # vmess
   # cipher支持 auto/aes-128-gcm/chacha20-poly1305/none
@@ -477,44 +435,12 @@ proxies: # socks5
     network: tcp
     tls: true
     udp: true
-    flow: xtls-rprx-vision
+    xudp: true
+    flow: xtls-rprx-vision # xtls-rprx-origin  # enable XTLS
     client-fingerprint: chrome
     # fingerprint: xxxx
     # skip-cert-verify: true
   
-  - name: "vless-reality-vision"
-    type: vless
-    server: server
-    port: 443
-    uuid: uuid
-    network: tcp
-    tls: true
-    udp: true
-    flow: xtls-rprx-vision
-    servername: www.microsoft.com # REALITY servername
-    reality-opts:
-      public-key: xxx
-      short-id: xxx # optional
-    client-fingerprint: chrome # cannot be empty
-  
-  - name: "vless-reality-grpc"
-    type: vless
-    server: server
-    port: 443
-    uuid: uuid
-    network: grpc
-    tls: true
-    udp: true
-    flow:
-    # skip-cert-verify: true
-    client-fingerprint: chrome
-    servername: testingcf.jsdelivr.net
-    grpc-opts:
-      grpc-service-name: "grpc"
-    reality-opts:
-      public-key: CrrQSjAG_YkHLwvM2M-7XkKJilgL5upBKCp0od0tLhE
-      short-id: 10f897e26c4b9478
-  
   - name: "vless-ws"
     type: vless
     server: server
@@ -586,7 +512,7 @@ proxies: # socks5
     # sni: example.com # aka server name
     # skip-cert-verify: true
     # fingerprint: xxxx
-  
+
   #hysteria
   - name: "hysteria"
     type: hysteria
@@ -624,8 +550,6 @@ proxies: # socks5
     public-key: Cr8hWlKvtDt7nrvf+f0brNQQzabAqrjfBvas9pmowjo=
     udp: true
     reserved: "U4An"
-    # 数组格式也是合法的
-    # reserved: [209,98,59]
   
   # tuic
   - name: tuic
@@ -645,8 +569,7 @@ proxies: # socks5
     # fast-open: true
     # skip-cert-verify: true
     # max-open-streams: 20 # default 100, too many open streams may hurt performance
-    # sni: example.com
-  
+    
   # ShadowsocksR
   # The supported ciphers (encryption methods): all stream ciphers in ss
   # The supported obfses:
@@ -775,7 +698,7 @@ rules:
   - IP-CIDR,1.1.1.1/32,ss1
   - IP-CIDR6,2409::/64,DIRECT
   # 当满足条件是 TCP 或 UDP 流量时，使用名为 sub-rule-name1 的规则集
-  - SUB-RULE,(OR,((NETWORK,TCP),(NETWORK,UDP))),sub-rule-name1
+  - SUB-RULE,(OR,((NETWORK,TCP),(NETWORK,UDP))),sub-rule-name1 
   - SUB-RULE,(AND,((NETWORK,UDP))),sub-rule-name2
 # 定义多个子规则集，规则将以分叉匹配，使用 SUB-RULE 使用
 #                                               google.com(not match)--> baidu.com(match)
@@ -948,4 +871,4 @@ listeners:
 #  authentication-timeout: 1000
 #  alpn:
 #    - h3
-#  max-udp-relay-packet-size: 1500
+#  max-udp-relay-packet-size: 1500

flake.nix

@@ -28,7 +28,7 @@
             inherit version;
             src = ./.;
 
-            vendorSha256 = "sha256-W5oiPtTRin0731QQWr98xZ2Vpk97HYcBtKoi1OKZz+w=";
+            vendorSha256 = "sha256-8cbcE9gKJjU14DNTLPc6nneEPZg7Akt+FlSDlPRvG5k=";
 
             # Do not build testing suit
             excludedPackages = [ "./test" ];

go.mod

@@ -3,7 +3,6 @@ module github.com/Dreamacro/clash
 go 1.19
 
 require (
-	github.com/3andne/restls-client-go v0.1.4
 	github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da
 	github.com/cilium/ebpf v0.9.3
 	github.com/coreos/go-iptables v0.6.0
@@ -19,43 +18,37 @@ require (
 	github.com/jpillora/backoff v1.0.0
 	github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40
 	github.com/mdlayher/netlink v1.7.2-0.20221213171556-9881fafed8c7
-	github.com/metacubex/quic-go v0.33.3-0.20230322045857-901b636b4594
-	github.com/metacubex/sing-shadowsocks v0.1.1-0.20230226153717-4e80da7e6947
-	github.com/metacubex/sing-tun v0.1.3-0.20230323115055-7935ba0ac8b3
-	github.com/metacubex/sing-wireguard v0.0.0-20230310035749-f7595fcae5cb
-	github.com/miekg/dns v1.1.52
+	github.com/metacubex/quic-go v0.32.0
+	github.com/metacubex/sing-shadowsocks v0.1.1-0.20230202072246-e2bef5f088c7
+	github.com/metacubex/sing-tun v0.1.1-0.20230222113101-fbfa2dab826d
+	github.com/metacubex/sing-wireguard v0.0.0-20230213124601-d04406a109b4
+	github.com/miekg/dns v1.1.50
 	github.com/mroth/weightedrand/v2 v2.0.0
 	github.com/oschwald/geoip2-golang v1.8.0
 	github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97
-	github.com/sagernet/sing v0.2.1-0.20230323071235-f8038854d286
-	github.com/sagernet/sing-shadowtls v0.1.0
-	github.com/sagernet/sing-vmess v0.1.3
-	github.com/sagernet/tfo-go v0.0.0-20230303015439-ffcfd8c41cf9
-	github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2
+	github.com/sagernet/sing v0.1.8-0.20230221060643-3401d210384b
+	github.com/sagernet/sing-shadowtls v0.0.0-20230221130515-dac782ca098e
+	github.com/sagernet/sing-vmess v0.1.2
+	github.com/sagernet/tfo-go v0.0.0-20230207095944-549363a7327d
+	github.com/sagernet/utls v0.0.0-20230220130002-c08891932056
 	github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c
 	github.com/samber/lo v1.37.0
 	github.com/sirupsen/logrus v1.9.0
-	github.com/stretchr/testify v1.8.2
+	github.com/stretchr/testify v1.8.1
 	github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837
-	github.com/zhangyunhao116/fastrand v0.3.0
 	go.etcd.io/bbolt v1.3.6
 	go.uber.org/atomic v1.10.0
 	go.uber.org/automaxprocs v1.5.1
-	golang.org/x/crypto v0.7.0
-	golang.org/x/exp v0.0.0-20230321023759-10a507213a29
-	golang.org/x/net v0.8.0
+	golang.org/x/crypto v0.6.0
+	golang.org/x/exp v0.0.0-20221205204356-47842c84f3db
+	golang.org/x/net v0.6.0
 	golang.org/x/sync v0.1.0
-	golang.org/x/sys v0.6.0
+	golang.org/x/sys v0.5.0
 	google.golang.org/protobuf v1.28.2-0.20230118093459-a9481185b34d
 	gopkg.in/yaml.v3 v3.0.1
 	lukechampine.com/blake3 v1.1.7
 )
 
-require (
-	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
-	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
-)
-
 require (
 	github.com/ajg/form v1.5.1 // indirect
 	github.com/andybalholm/brotli v1.0.5 // indirect
@@ -70,21 +63,21 @@ require (
 	github.com/klauspost/compress v1.15.15 // indirect
 	github.com/klauspost/cpuid/v2 v2.0.12 // indirect
 	github.com/mdlayher/socket v0.4.0 // indirect
-	github.com/metacubex/gvisor v0.0.0-20230323114922-412956fb6a03 // indirect
+	github.com/metacubex/gvisor v0.0.0-20230222112937-bdbcd206ec65 // indirect
 	github.com/onsi/ginkgo/v2 v2.2.0 // indirect
-	github.com/openacid/low v0.1.21
 	github.com/oschwald/maxminddb-golang v1.10.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/quic-go/qpack v0.4.0 // indirect
-	github.com/quic-go/qtls-go1-19 v0.2.1 // indirect
-	github.com/quic-go/qtls-go1-20 v0.1.1 // indirect
+	github.com/quic-go/qtls-go1-18 v0.2.0 // indirect
+	github.com/quic-go/qtls-go1-19 v0.2.0 // indirect
+	github.com/quic-go/qtls-go1-20 v0.1.0 // indirect
 	github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61 // indirect
 	github.com/u-root/uio v0.0.0-20221213070652-c3537552635f // indirect
 	github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 // indirect
-	golang.org/x/mod v0.8.0 // indirect
-	golang.org/x/text v0.8.0 // indirect
+	golang.org/x/mod v0.7.0 // indirect
+	golang.org/x/text v0.7.0 // indirect
 	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
-	golang.org/x/tools v0.6.0 // indirect
+	golang.org/x/tools v0.5.0 // indirect
 )
 
 replace go.uber.org/atomic v1.10.0 => github.com/metacubex/uber-atomic v0.0.0-20230202125923-feb10b770370

go.sum

@@ -1,12 +1,9 @@
-github.com/3andne/restls-client-go v0.1.4 h1:kLNC2aSRHPlEVYmTj6EOqJoorCpobEe2toMRSfBF7FU=
-github.com/3andne/restls-client-go v0.1.4/go.mod h1:04CGbRk1BwBiEDles8b5mlKgTqIwE5MqF7JDloJV47I=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
 github.com/ajg/form v1.5.1 h1:t9c7v8JUKu/XxOGBU0yjNpaMloxGEJhUkqFRq0ibGeU=
 github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY=
 github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs=
 github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
-github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@@ -35,7 +32,6 @@ github.com/gofrs/uuid v4.4.0+incompatible h1:3qXRTX8/NbyulANqlc0lchS1gqAVxRgsuW1
 github.com/gofrs/uuid v4.4.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
 github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
@@ -77,8 +73,6 @@ github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa02
 github.com/klauspost/cpuid/v2 v2.0.12 h1:p9dKCg8i4gmOxtv35DvrYoWqYzQrvEVdjQ762Y0OqZE=
 github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40 h1:EnfXoSqDfSNJv0VBNqY/88RNnhSGYkrHaO0mmFGbVsc=
 github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40/go.mod h1:vy1vK6wD6j7xX6O6hXe621WabdtNkou2h7uRtTfRMyg=
@@ -93,62 +87,56 @@ github.com/mdlayher/raw v0.0.0-20190606142536-fef19f00fc18/go.mod h1:7EpbotpCmVZ
 github.com/mdlayher/raw v0.0.0-20191009151244-50f2db8cc065/go.mod h1:7EpbotpCmVZcu+KCX4g9WaRNuu11uyhiW7+Le1dKawg=
 github.com/mdlayher/socket v0.4.0 h1:280wsy40IC9M9q1uPGcLBwXpcTQDtoGwVt+BNoITxIw=
 github.com/mdlayher/socket v0.4.0/go.mod h1:xxFqz5GRCUN3UEOm9CZqEJsAbe1C8OwSK46NlmWuVoc=
-github.com/metacubex/gvisor v0.0.0-20230323114922-412956fb6a03 h1:gREIdurac9fpyBMBRPPMF/Sk3gKfPfdNCa4GQyR9FoA=
-github.com/metacubex/gvisor v0.0.0-20230323114922-412956fb6a03/go.mod h1:wqEuzdImyqD2MCGE8CYRJXbB77oSEJeoSSXXdwKjnsE=
-github.com/metacubex/quic-go v0.33.3-0.20230322045857-901b636b4594 h1:KD96JPdTIayTGGgRl6PuVqo2Bpo6+x3LqDDyqrYDDXw=
-github.com/metacubex/quic-go v0.33.3-0.20230322045857-901b636b4594/go.mod h1:9nOiGX6kqV3+ZbkDKdTNzdFD726QQHPH6WDb36jUSpA=
-github.com/metacubex/sing-shadowsocks v0.1.1-0.20230226153717-4e80da7e6947 h1:NnjC2+aIiyzzvFlo+C2WzBOJdsp+HAtu18FZomqYhUE=
-github.com/metacubex/sing-shadowsocks v0.1.1-0.20230226153717-4e80da7e6947/go.mod h1:U2gwhxzqgbhKCgn2B4z3t0Cj0LpMWFl/02BGCoG421w=
-github.com/metacubex/sing-tun v0.1.3-0.20230323115055-7935ba0ac8b3 h1:LnKcLs0HI0HX4xH/2XerX+1BLXS1Uj6Xvzn20xFuCOk=
-github.com/metacubex/sing-tun v0.1.3-0.20230323115055-7935ba0ac8b3/go.mod h1:0i22nk0tgkQz/N96hrhPib1O/C5AjxSnco7Mwi2YSF0=
-github.com/metacubex/sing-wireguard v0.0.0-20230310035749-f7595fcae5cb h1:uhvzbtOvyg2c1k1H2EeVPuPvTEjDHCq4+U0AljG40P8=
-github.com/metacubex/sing-wireguard v0.0.0-20230310035749-f7595fcae5cb/go.mod h1:7mPG9qYln+CLKBcDt7Dk4c7b3S53VzEfexMVPe6T6FM=
+github.com/metacubex/gvisor v0.0.0-20230222112937-bdbcd206ec65 h1:WUINdCB/UvSX9I+wN+y5xVEisPrXA73rxkoHK5DMyZs=
+github.com/metacubex/gvisor v0.0.0-20230222112937-bdbcd206ec65/go.mod h1:e3lCxh3TozKMWAsYTC7nBVnepAxPL/sNyScUFvmEoec=
+github.com/metacubex/quic-go v0.32.0 h1:dSD8LB4MSeBuD4otd8y1DUZcRdDcEB0Ax5esPOqn2Hw=
+github.com/metacubex/quic-go v0.32.0/go.mod h1:yParIzDYUd/t/pzFlDtZKhnvSqbUu0bPChlKEGmJStA=
+github.com/metacubex/sing-shadowsocks v0.1.1-0.20230202072246-e2bef5f088c7 h1:MNCGIpXhxXn9ck5bxfm/cW9Nr2FGQ5cakcGK0yKZcak=
+github.com/metacubex/sing-shadowsocks v0.1.1-0.20230202072246-e2bef5f088c7/go.mod h1:8pBSYDKVxTtqUtGZyEh4ZpFJXwP6wBVVKrs6oQiOwmQ=
+github.com/metacubex/sing-tun v0.1.1-0.20230222113101-fbfa2dab826d h1:oMzkrEoBdwn2/Vyu0n6/LAmvjxqsyFs+f2kqeg7kI8U=
+github.com/metacubex/sing-tun v0.1.1-0.20230222113101-fbfa2dab826d/go.mod h1:WmbtxVPpJulKoQGwfnBMk4KSWzZ68sE/myTrQeN/5GE=
+github.com/metacubex/sing-wireguard v0.0.0-20230213124601-d04406a109b4 h1:d96mCF/LYyC9kULd2xwcXfP0Jd8klrOngmRxuUIZg/8=
+github.com/metacubex/sing-wireguard v0.0.0-20230213124601-d04406a109b4/go.mod h1:p2VpJuxRefgVMxc8cmatMGSFNvYbjMYMsXJOe7qFstw=
 github.com/metacubex/uber-atomic v0.0.0-20230202125923-feb10b770370 h1:UkViS4DCESAUEYgbIEQdD02hyMacFt6Dny+1MOJtNIo=
 github.com/metacubex/uber-atomic v0.0.0-20230202125923-feb10b770370/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
-github.com/miekg/dns v1.1.52 h1:Bmlc/qsNNULOe6bpXcUTsuOajd0DzRHwup6D9k1An0c=
-github.com/miekg/dns v1.1.52/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
+github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
+github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/mroth/weightedrand/v2 v2.0.0 h1:ADehnByWbliEDIazDAKFdBHoqgHSXAkgyKqM/9YsPoo=
 github.com/mroth/weightedrand/v2 v2.0.0/go.mod h1:f2faGsfOGOwc1p94wzHKKZyTpcJUW7OJ/9U4yfiNAOU=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/onsi/ginkgo/v2 v2.2.0 h1:3ZNA3L1c5FYDFTTxbFeVGGD8jYvjYauHD30YgLxVsNI=
 github.com/onsi/ginkgo/v2 v2.2.0/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk=
 github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q=
-github.com/openacid/errors v0.8.1/go.mod h1:GUQEJJOJE3W9skHm8E8Y4phdl2LLEN8iD7c5gcGgdx0=
-github.com/openacid/low v0.1.21 h1:Tr2GNu4N/+rGRYdOsEHOE89cxUIaDViZbVmKz29uKGo=
-github.com/openacid/low v0.1.21/go.mod h1:q+MsKI6Pz2xsCkzV4BLj7NR5M4EX0sGz5AqotpZDVh0=
-github.com/openacid/must v0.1.3/go.mod h1:luPiXCuJlEo3UUFQngVQokV0MPGryeYvtCbQPs3U1+I=
-github.com/openacid/testkeys v0.1.6/go.mod h1:MfA7cACzBpbiwekivj8StqX0WIRmqlMsci1c37CA3Do=
 github.com/oschwald/geoip2-golang v1.8.0 h1:KfjYB8ojCEn/QLqsDU0AzrJ3R5Qa9vFlx3z6SLNcKTs=
 github.com/oschwald/geoip2-golang v1.8.0/go.mod h1:R7bRvYjOeaoenAp9sKRS8GX5bJWcZ0laWO5+DauEktw=
 github.com/oschwald/maxminddb-golang v1.10.0 h1:Xp1u0ZhqkSuopaKmk1WwHtjF0H9Hd9181uj2MQ5Vndg=
 github.com/oschwald/maxminddb-golang v1.10.0/go.mod h1:Y2ELenReaLAZ0b400URyGwvYxHV1dLIxBuyOsyYjHK0=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
 github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
 github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
-github.com/quic-go/qtls-go1-19 v0.2.1 h1:aJcKNMkH5ASEJB9FXNeZCyTEIHU1J7MmHyz1Q1TSG1A=
-github.com/quic-go/qtls-go1-19 v0.2.1/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI=
-github.com/quic-go/qtls-go1-20 v0.1.1 h1:KbChDlg82d3IHqaj2bn6GfKRj84Per2VGf5XV3wSwQk=
-github.com/quic-go/qtls-go1-20 v0.1.1/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM=
+github.com/quic-go/qtls-go1-18 v0.2.0 h1:5ViXqBZ90wpUcZS0ge79rf029yx0dYB0McyPJwqqj7U=
+github.com/quic-go/qtls-go1-18 v0.2.0/go.mod h1:moGulGHK7o6O8lSPSZNoOwcLvJKJ85vVNc7oJFD65bc=
+github.com/quic-go/qtls-go1-19 v0.2.0 h1:Cvn2WdhyViFUHoOqK52i51k4nDX8EwIh5VJiVM4nttk=
+github.com/quic-go/qtls-go1-19 v0.2.0/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI=
+github.com/quic-go/qtls-go1-20 v0.1.0 h1:d1PK3ErFy9t7zxKsG3NXBJXZjp/kMLoIb3y/kV54oAI=
+github.com/quic-go/qtls-go1-20 v0.1.0/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM=
 github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
 github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61 h1:5+m7c6AkmAylhauulqN/c5dnh8/KssrE9c93TQrXldA=
 github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61/go.mod h1:QUQ4RRHD6hGGHdFMEtR8T2P6GS6R3D/CXKdaYHKKXms=
 github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 h1:iL5gZI3uFp0X6EslacyapiRz7LLSJyr4RajF/BhMVyE=
 github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM=
 github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY=
-github.com/sagernet/sing v0.2.1-0.20230323071235-f8038854d286 h1:0Td2b5l1KgrdlOnbRWgFFWsyb0TLoq/tP6j9Lut4JN0=
-github.com/sagernet/sing v0.2.1-0.20230323071235-f8038854d286/go.mod h1:9uHswk2hITw8leDbiLS/xn0t9nzBcbePxzm9PJhwdlw=
-github.com/sagernet/sing-shadowtls v0.1.0 h1:05MYce8aR5xfKIn+y7xRFsdKhKt44QZTSEQW+lG5IWQ=
-github.com/sagernet/sing-shadowtls v0.1.0/go.mod h1:Kn1VUIprdkwCgkS6SXYaLmIpKzQbqBIKJBMY+RvBhYc=
-github.com/sagernet/sing-vmess v0.1.3 h1:q/+tsF46dvvapL6CpQBgPHJ6nQrDUZqEtLHCbsjO7iM=
-github.com/sagernet/sing-vmess v0.1.3/go.mod h1:GVXqAHwe9U21uS+Voh4YBIrADQyE4F9v0ayGSixSQAE=
-github.com/sagernet/tfo-go v0.0.0-20230303015439-ffcfd8c41cf9 h1:2ItpW1nMNkPzmBTxV0/eClCklHrFSQMnUGcpUmJxVeE=
-github.com/sagernet/tfo-go v0.0.0-20230303015439-ffcfd8c41cf9/go.mod h1:FUyTEc5ye5NjKnDTDMuiLF2M6T4BE6y6KZuax//UCEg=
-github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2 h1:kDUqhc9Vsk5HJuhfIATJ8oQwBmpOZJuozQG7Vk88lL4=
-github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2/go.mod h1:JKQMZq/O2qnZjdrt+B57olmfgEmLtY9iiSIEYtWvoSM=
+github.com/sagernet/sing v0.1.8-0.20230221060643-3401d210384b h1:Ji2AfGlc4j9AitobOx4k3BCj7eS5nSxL1cgaL81zvlo=
+github.com/sagernet/sing v0.1.8-0.20230221060643-3401d210384b/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk=
+github.com/sagernet/sing-shadowtls v0.0.0-20230221130515-dac782ca098e h1:S1fd0kB9aEU68dd269AQy783sUlFu/2fSh/4YYVJ/Oc=
+github.com/sagernet/sing-shadowtls v0.0.0-20230221130515-dac782ca098e/go.mod h1:Kn1VUIprdkwCgkS6SXYaLmIpKzQbqBIKJBMY+RvBhYc=
+github.com/sagernet/sing-vmess v0.1.2 h1:RbOZNAId2LrCai8epMoQXlf0XTrou0bfcw08hNBg6lM=
+github.com/sagernet/sing-vmess v0.1.2/go.mod h1:9NSj8mZTx1JIY/HF9LaYRppUsVkysIN5tEFpNZujXxY=
+github.com/sagernet/tfo-go v0.0.0-20230207095944-549363a7327d h1:trP/l6ZPWvQ/5Gv99Z7/t/v8iYy06akDMejxW1sznUk=
+github.com/sagernet/tfo-go v0.0.0-20230207095944-549363a7327d/go.mod h1:jk6Ii8Y3En+j2KQDLgdgQGwb3M6y7EL567jFnGYhN9g=
+github.com/sagernet/utls v0.0.0-20230220130002-c08891932056 h1:gDXi/0uYe8dA48UyUI1LM2la5QYN0IvsDvR2H2+kFnA=
+github.com/sagernet/utls v0.0.0-20230220130002-c08891932056/go.mod h1:JKQMZq/O2qnZjdrt+B57olmfgEmLtY9iiSIEYtWvoSM=
 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo=
 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c/go.mod h1:euOmN6O5kk9dQmgSS8Df4psAl3TCjxOz0NW60EWkSaI=
 github.com/samber/lo v1.37.0 h1:XjVcB8g6tgUp8rsPsJ2CvhClfImrpL04YpQHXeHPhRw=
@@ -160,14 +148,13 @@ github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
-github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/u-root/uio v0.0.0-20221213070652-c3537552635f h1:dpx1PHxYqAnXzbryJrWP1NQLzEjwcVgFLhkknuFQ7ww=
 github.com/u-root/uio v0.0.0-20221213070652-c3537552635f/go.mod h1:IogEAUBXDEwX7oR/BMmCctShYs80ql4hF0ySdzGxf7E=
 github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695APm9hlsSMoOoE65U4/TcqNj90mc69Rlg=
@@ -175,8 +162,6 @@ github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1
 github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837 h1:AHhUwwFJGl27E46OpdJHplZkK09m7aETNBNzhT6t15M=
 github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/zhangyunhao116/fastrand v0.3.0 h1:7bwe124xcckPulX6fxtr2lFdO2KQqaefdtbk+mqO/Ig=
-github.com/zhangyunhao116/fastrand v0.3.0/go.mod h1:0v5KgHho0VE6HU192HnY15de/oDS8UrbBChIFjIhBtc=
 go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=
 go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
 go.uber.org/automaxprocs v1.5.1 h1:e1YG66Lrk73dn4qhg8WFSvhF0JuFQF0ERIp4rpuV8Qk=
@@ -184,15 +169,15 @@ go.uber.org/automaxprocs v1.5.1/go.mod h1:BF4eumQw0P9GtnuxxovUd06vwm1o18oMzFtK66
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
-golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
+golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
+golang.org/x/exp v0.0.0-20221205204356-47842c84f3db h1:D/cFflL63o2KSLJIwjlcIt8PR064j/xsmdEJL/YvY/o=
+golang.org/x/exp v0.0.0-20221205204356-47842c84f3db/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA=
+golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190419010253-1f3472d942ba/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -204,8 +189,9 @@ golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.6.0 h1:L4ZwwTvKW9gr0ZMS1yrHD9GZhIuVjOBBnaKH+SPQK0Q=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
@@ -227,18 +213,21 @@ golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
-golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44=
 golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -246,8 +235,9 @@ golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.5.0 h1:+bSpV5HIeWkuvgaMfI3UmKRThoTA5ODJTUd8T17NO+4=
+golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -256,8 +246,7 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0
 google.golang.org/protobuf v1.28.2-0.20230118093459-a9481185b34d h1:qp0AnQCvRCMlu9jBjtdbTaaEmThIgZOrbVyDEOcmKhQ=
 google.golang.org/protobuf v1.28.2-0.20230118093459-a9481185b34d/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

hub/executor/executor.go

@@ -5,7 +5,6 @@ import (
 	"net/netip"
 	"os"
 	"runtime"
-	"strings"
 	"sync"
 
 	"github.com/Dreamacro/clash/adapter"
@@ -76,38 +75,24 @@ func ParseWithBytes(buf []byte) (*config.Config, error) {
 func ApplyConfig(cfg *config.Config, force bool) {
 	mux.Lock()
 	defer mux.Unlock()
-
-	tunnel.OnSuspend()
-
-	CTLS.ResetCertificate()
-	for _, c := range cfg.TLS.CustomTrustCert {
-		if err := CTLS.AddCertificate(c); err != nil {
-			log.Warnln("%s\nadd error: %s", c, err.Error())
-		}
-	}
-
+	preUpdateExperimental(cfg)
 	updateUsers(cfg.Users)
 	updateProxies(cfg.Proxies, cfg.Providers)
 	updateRules(cfg.Rules, cfg.SubRules, cfg.RuleProviders)
 	updateSniffer(cfg.Sniffer)
 	updateHosts(cfg.Hosts)
 	updateGeneral(cfg.General)
-	updateDNS(cfg.DNS, cfg.RuleProviders, cfg.General.IPv6)
+	initInnerTcp()
+	updateDNS(cfg.DNS, cfg.General.IPv6)
+	loadProxyProvider(cfg.Providers)
+	updateProfile(cfg)
+	loadRuleProvider(cfg.RuleProviders)
 	updateListeners(cfg.General, cfg.Listeners, force)
 	updateIPTables(cfg)
 	updateTun(cfg.General)
 	updateExperimental(cfg)
 	updateTunnels(cfg.Tunnels)
 
-	tunnel.OnInnerLoading()
-
-	initInnerTcp()
-	loadProxyProvider(cfg.Providers)
-	updateProfile(cfg)
-	loadRuleProvider(cfg.RuleProviders)
-	runtime.GC()
-	tunnel.OnRunning()
-
 	log.SetLevel(cfg.General.LogLevel)
 }
 
@@ -143,7 +128,7 @@ func GetGeneral() *config.General {
 		GeodataLoader: G.LoaderName(),
 		Interface:     dialer.DefaultInterface.Load(),
 		Sniffing:      tunnel.IsSniffing(),
-		TCPConcurrent: dialer.GetTcpConcurrent(),
+		TCPConcurrent: dialer.GetDial(),
 	}
 
 	return general
@@ -159,6 +144,10 @@ func updateListeners(general *config.General, listeners map[string]C.InboundList
 		return
 	}
 
+	if general.Interface == "" && (!general.Tun.Enable || !general.Tun.AutoDetectInterface) {
+		dialer.DefaultInterface.Store(general.Interface)
+	}
+
 	allowLan := general.AllowLan
 	listener.SetAllowLan(allowLan)
 
@@ -176,9 +165,19 @@ func updateListeners(general *config.General, listeners map[string]C.InboundList
 }
 
 func updateExperimental(c *config.Config) {
+	runtime.GC()
 }
 
-func updateDNS(c *config.DNS, ruleProvider map[string]provider.RuleProvider, generalIPv6 bool) {
+func preUpdateExperimental(c *config.Config) {
+	CTLS.ResetCertificate()
+	for _, c := range c.TLS.CustomTrustCert {
+		if err := CTLS.AddCertificate(c); err != nil {
+			log.Warnln("%s\nadd error: %s", c, err.Error())
+		}
+	}
+}
+
+func updateDNS(c *config.DNS, generalIPv6 bool) {
 	if !c.Enable {
 		resolver.DefaultResolver = nil
 		resolver.DefaultHostMapper = nil
@@ -186,30 +185,11 @@ func updateDNS(c *config.DNS, ruleProvider map[string]provider.RuleProvider, gen
 		dns.ReCreateServer("", nil, nil)
 		return
 	}
-	policy := make(map[string][]dns.NameServer)
-	domainSetPolicies := make(map[provider.RuleProvider][]dns.NameServer)
-	for key, nameservers := range c.NameServerPolicy {
-		temp := strings.Split(key, ":")
-		if len(temp) == 2 {
-			prefix := temp[0]
-			key := temp[1]
-			switch strings.ToLower(prefix) {
-			case "rule-set":
-				if p, ok := ruleProvider[key]; ok {
-					domainSetPolicies[p] = nameservers
-				}
-			case "geosite":
-				// TODO:
-			}
-		} else {
-			policy[key] = nameservers
-		}
-	}
+
 	cfg := dns.Config{
 		Main:         c.NameServer,
 		Fallback:     c.Fallback,
 		IPv6:         c.IPv6 && generalIPv6,
-		IPv6Timeout:  c.IPv6Timeout,
 		EnhancedMode: c.EnhancedMode,
 		Pool:         c.FakeIPRange,
 		Hosts:        c.Hosts,
@@ -220,10 +200,9 @@ func updateDNS(c *config.DNS, ruleProvider map[string]provider.RuleProvider, gen
 			Domain:    c.FallbackFilter.Domain,
 			GeoSite:   c.FallbackFilter.GeoSite,
 		},
-		Default:         c.DefaultNameserver,
-		Policy:          c.NameServerPolicy,
-		ProxyServer:     c.ProxyServerNameserver,
-		DomainSetPolicy: domainSetPolicies,
+		Default:     c.DefaultNameserver,
+		Policy:      c.NameServerPolicy,
+		ProxyServer: c.ProxyServerNameserver,
 	}
 
 	r := dns.NewResolver(cfg)
@@ -246,8 +225,8 @@ func updateDNS(c *config.DNS, ruleProvider map[string]provider.RuleProvider, gen
 	dns.ReCreateServer(c.Listen, r, m)
 }
 
-func updateHosts(tree *trie.DomainTrie[resolver.HostValue]) {
-	resolver.DefaultHosts = resolver.NewHosts(tree)
+func updateHosts(tree *trie.DomainTrie[netip.Addr]) {
+	resolver.DefaultHosts = tree
 }
 
 func updateProxies(proxies map[string]C.Proxy, providers map[string]provider.ProxyProvider) {
@@ -352,18 +331,27 @@ func updateTunnels(tunnels []LC.Tunnel) {
 func updateGeneral(general *config.General) {
 	tunnel.SetMode(general.Mode)
 	tunnel.SetFindProcessMode(general.FindProcessMode)
-	resolver.DisableIPv6 = !general.IPv6
+	resolver.DisableIPv6 =!general.IPv6
 
 	if general.TCPConcurrent {
-		dialer.SetTcpConcurrent(general.TCPConcurrent)
+		dialer.SetDial(general.TCPConcurrent)
 		log.Infoln("Use tcp concurrent")
 	}
 
 	inbound.SetTfo(general.InboundTfo)
 
 	adapter.UnifiedDelay.Store(general.UnifiedDelay)
+	// Avoid reload configuration clean the value, causing traffic loops
+	if listener.GetTunConf().Enable && listener.GetTunConf().AutoDetectInterface {
+		// changed only when the name is specified
+		// if name is empty, setting delay until after tun loaded
+		if general.Interface != "" && (!general.Tun.Enable || !general.Tun.AutoDetectInterface) {
+			dialer.DefaultInterface.Store(general.Interface)
+		}
+	} else {
+		dialer.DefaultInterface.Store(general.Interface)
+	}
 
-	dialer.DefaultInterface.Store(general.Interface)
 	dialer.DefaultRoutingMark.Store(int32(general.RoutingMark))
 	if general.RoutingMark > 0 {
 		log.Infoln("Use routing mark: %#x", general.RoutingMark)

hub/hub.go

@@ -44,7 +44,7 @@ func Parse(options ...Option) error {
 
 	if cfg.General.ExternalController != "" {
 		go route.Start(cfg.General.ExternalController, cfg.General.ExternalControllerTLS,
-			cfg.General.Secret, cfg.TLS.Certificate, cfg.TLS.PrivateKey, cfg.General.LogLevel == log.DEBUG)
+			cfg.General.Secret, cfg.TLS.Certificate, cfg.TLS.PrivateKey,cfg.General.LogLevel==log.DEBUG)
 	}
 
 	executor.ApplyConfig(cfg, true)

hub/route/configs.go

@@ -80,7 +80,6 @@ type tunSchema struct {
 	ExcludePackage         *[]string          `yaml:"exclude-package" json:"exclude-package,omitempty"`
 	EndpointIndependentNat *bool              `yaml:"endpoint-independent-nat" json:"endpoint-independent-nat,omitempty"`
 	UDPTimeout             *int64             `yaml:"udp-timeout" json:"udp-timeout,omitempty"`
-	FileDescriptor         *int               `yaml:"file-descriptor" json:"file-descriptor"`
 }
 
 type tuicServerSchema struct {
@@ -170,9 +169,6 @@ func pointerOrDefaultTun(p *tunSchema, def LC.Tun) LC.Tun {
 		if p.UDPTimeout != nil {
 			def.UDPTimeout = *p.UDPTimeout
 		}
-		if p.FileDescriptor != nil {
-			def.FileDescriptor = *p.FileDescriptor
-		}
 	}
 	return def
 }
@@ -232,7 +228,7 @@ func patchConfigs(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if general.TcpConcurrent != nil {
-		dialer.SetTcpConcurrent(*general.TcpConcurrent)
+		dialer.SetDial(*general.TcpConcurrent)
 	}
 
 	if general.InterfaceName != nil {

hub/route/restart.go

@@ -1,62 +0,0 @@
-package route
-
-import (
-	"fmt"
-	"net/http"
-	"os"
-	"os/exec"
-	"runtime"
-	"syscall"
-
-	"github.com/Dreamacro/clash/log"
-
-	"github.com/go-chi/chi/v5"
-	"github.com/go-chi/render"
-)
-
-func restartRouter() http.Handler {
-	r := chi.NewRouter()
-	r.Post("/", restart)
-	return r
-}
-
-func restart(w http.ResponseWriter, r *http.Request) {
-	// modify from https://github.com/AdguardTeam/AdGuardHome/blob/595484e0b3fb4c457f9bb727a6b94faa78a66c5f/internal/home/controlupdate.go#L108
-	execPath, err := os.Executable()
-	if err != nil {
-		render.Status(r, http.StatusInternalServerError)
-		render.JSON(w, r, newError(fmt.Sprintf("getting path: %s", err)))
-		return
-	}
-
-	render.JSON(w, r, render.M{"status": "ok"})
-	if f, ok := w.(http.Flusher); ok {
-		f.Flush()
-	}
-
-	// modify from https://github.com/AdguardTeam/AdGuardHome/blob/595484e0b3fb4c457f9bb727a6b94faa78a66c5f/internal/home/controlupdate.go#L180
-	// The background context is used because the underlying functions wrap it
-	// with timeout and shut down the server, which handles current request.  It
-	// also should be done in a separate goroutine for the same reason.
-	go func() {
-		if runtime.GOOS == "windows" {
-			cmd := exec.Command(execPath, os.Args[1:]...)
-			log.Infoln("restarting: %q %q", execPath, os.Args[1:])
-			cmd.Stdin = os.Stdin
-			cmd.Stdout = os.Stdout
-			cmd.Stderr = os.Stderr
-			err = cmd.Start()
-			if err != nil {
-				log.Fatalln("restarting:: %s", err)
-			}
-
-			os.Exit(0)
-		}
-
-		log.Infoln("restarting: %q %q", execPath, os.Args[1:])
-		err = syscall.Exec(execPath, os.Args, os.Environ())
-		if err != nil {
-			log.Fatalln("restarting: %s", err)
-		}
-	}()
-}

hub/route/server.go

@@ -86,9 +86,6 @@ func Start(addr string, tlsAddr string, secret string,
 		r.Mount("/providers/rules", ruleProviderRouter())
 		r.Mount("/cache", cacheRouter())
 		r.Mount("/dns", dnsRouter())
-		r.Mount("/restart", restartRouter())
-		r.Mount("/upgrade", upgradeRouter())
-
 	})
 
 	if uiPath != "" {

hub/route/upgrade.go

@@ -1,70 +0,0 @@
-package route
-
-import (
-	"fmt"
-	"net/http"
-	"os"
-	"os/exec"
-	"runtime"
-	"syscall"
-
-	"github.com/Dreamacro/clash/hub/updater"
-	"github.com/Dreamacro/clash/log"
-
-	"github.com/go-chi/chi/v5"
-	"github.com/go-chi/render"
-)
-
-func upgradeRouter() http.Handler {
-	r := chi.NewRouter()
-	r.Post("/", upgrade)
-	return r
-}
-
-func upgrade(w http.ResponseWriter, r *http.Request) {
-	// modify from https://github.com/AdguardTeam/AdGuardHome/blob/595484e0b3fb4c457f9bb727a6b94faa78a66c5f/internal/home/controlupdate.go#L108
-	log.Infoln("start update")
-	err := updater.Update()
-	if err != nil {
-		log.Errorln("err:%s", err)
-		return
-	}
-
-	execPath, err := os.Executable()
-	if err != nil {
-		render.Status(r, http.StatusInternalServerError)
-		render.JSON(w, r, newError(fmt.Sprintf("getting path: %s", err)))
-		return
-	}
-
-	render.JSON(w, r, render.M{"status": "ok"})
-	if f, ok := w.(http.Flusher); ok {
-		f.Flush()
-	}
-
-	// modify from https://github.com/AdguardTeam/AdGuardHome/blob/595484e0b3fb4c457f9bb727a6b94faa78a66c5f/internal/home/controlupdate.go#L180
-	// The background context is used because the underlying functions wrap it
-	// with timeout and shut down the server, which handles current request.  It
-	// also should be done in a separate goroutine for the same reason.
-	go func() {
-		if runtime.GOOS == "windows" {
-			cmd := exec.Command(execPath, os.Args[1:]...)
-			log.Infoln("restarting: %q %q", execPath, os.Args[1:])
-			cmd.Stdin = os.Stdin
-			cmd.Stdout = os.Stdout
-			cmd.Stderr = os.Stderr
-			err = cmd.Start()
-			if err != nil {
-				log.Fatalln("restarting: %s", err)
-			}
-
-			os.Exit(0)
-		}
-
-		log.Infoln("restarting: %q %q", execPath, os.Args[1:])
-		err = syscall.Exec(execPath, os.Args, os.Environ())
-		if err != nil {
-			log.Fatalln("restarting: %s", err)
-		}
-	}()
-}

hub/updater/limitedreader.go

@@ -1,67 +0,0 @@
-package updater
-
-import (
-	"fmt"
-	"io"
-
-	"golang.org/x/exp/constraints"
-)
-
-// LimitReachedError records the limit and the operation that caused it.
-type LimitReachedError struct {
-	Limit int64
-}
-
-// Error implements the [error] interface for *LimitReachedError.
-//
-// TODO(a.garipov): Think about error string format.
-func (lre *LimitReachedError) Error() string {
-	return fmt.Sprintf("attempted to read more than %d bytes", lre.Limit)
-}
-
-// limitedReader is a wrapper for [io.Reader] limiting the input and dealing
-// with errors package.
-type limitedReader struct {
-	r     io.Reader
-	limit int64
-	n     int64
-}
-
-// Read implements the [io.Reader] interface.
-func (lr *limitedReader) Read(p []byte) (n int, err error) {
-	if lr.n == 0 {
-		return 0, &LimitReachedError{
-			Limit: lr.limit,
-		}
-	}
-
-	p = p[:Min(lr.n, int64(len(p)))]
-
-	n, err = lr.r.Read(p)
-	lr.n -= int64(n)
-
-	return n, err
-}
-
-// LimitReader wraps Reader to make it's Reader stop with ErrLimitReached after
-// n bytes read.
-func LimitReader(r io.Reader, n int64) (limited io.Reader, err error) {
-	if n < 0 {
-		return nil, &updateError{Message: "limit must be non-negative"}
-	}
-
-	return &limitedReader{
-		r:     r,
-		limit: n,
-		n:     n,
-	}, nil
-}
-
-// Min returns the smaller of x or y.
-func Min[T constraints.Integer | ~string](x, y T) (res T) {
-	if x < y {
-		return x
-	}
-
-	return y
-}

hub/updater/updater.go

@@ -1,464 +0,0 @@
-package updater
-
-import (
-	"archive/zip"
-	"compress/gzip"
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"os"
-	"path/filepath"
-	"runtime"
-	"strings"
-	"sync"
-	"time"
-
-	clashHttp "github.com/Dreamacro/clash/component/http"
-	"github.com/Dreamacro/clash/constant"
-	"github.com/Dreamacro/clash/log"
-)
-
-// modify from https://github.com/AdguardTeam/AdGuardHome/blob/595484e0b3fb4c457f9bb727a6b94faa78a66c5f/internal/updater/updater.go
-// Updater is the Clash.Meta updater.
-var (
-	client http.Client
-
-	goarch string
-	goos   string
-	goarm  string
-	gomips string
-
-	workDir string
-
-	// mu protects all fields below.
-	mu sync.RWMutex
-
-	// TODO(a.garipov): See if all of these fields actually have to be in
-	// this struct.
-	currentExeName string // 当前可执行文件
-	updateDir      string // 更新目录
-	packageName    string // 更新压缩文件
-	backupDir      string // 备份目录
-	backupExeName  string // 备份文件名
-	updateExeName  string // 更新后的可执行文件
-	unpackedFile   string
-
-	baseURL       string = "https://testingcf.jsdelivr.net/gh/MetaCubeX/Clash.Meta@release/clash.meta"
-	versionURL    string = "https://raw.githubusercontent.com/MetaCubeX/Clash.Meta/release/version.txt"
-	packageURL    string
-	latestVersion string
-)
-
-type updateError struct {
-	Message string
-}
-
-func (e *updateError) Error() string {
-	return fmt.Sprintf("error: %s", e.Message)
-}
-
-// Update performs the auto-updater.  It returns an error if the updater failed.
-// If firstRun is true, it assumes the configuration file doesn't exist.
-func Update() (err error) {
-	goos = runtime.GOOS
-	goarch = runtime.GOARCH
-	latestVersion, err = getLatestVersion()
-	if err != nil {
-		err := &updateError{Message: err.Error()}
-		return err
-	}
-
-	if latestVersion == constant.Version {
-		err := &updateError{Message: "Already using latest version"}
-		return err
-	}
-
-	updateDownloadURL()
-	mu.Lock()
-	defer mu.Unlock()
-
-	log.Infoln("current version alpha-%s", constant.Version)
-
-	defer func() {
-		if err != nil {
-			log.Errorln("updater: failed: %v", err)
-		} else {
-			log.Infoln("updater: finished")
-		}
-	}()
-
-	execPath, err := os.Executable()
-	if err != nil {
-		return fmt.Errorf("getting executable path: %w", err)
-	}
-
-	workDir = filepath.Dir(execPath)
-	//log.Infoln("workDir %s", execPath)
-
-	err = prepare(execPath)
-	if err != nil {
-		return fmt.Errorf("preparing: %w", err)
-	}
-
-	defer clean()
-
-	err = downloadPackageFile()
-	if err != nil {
-		return fmt.Errorf("downloading package file: %w", err)
-	}
-
-	err = unpack()
-	if err != nil {
-		return fmt.Errorf("unpacking: %w", err)
-	}
-
-	err = replace()
-	if err != nil {
-		return fmt.Errorf("replacing: %w", err)
-	}
-
-	return nil
-}
-
-// prepare fills all necessary fields in Updater object.
-func prepare(exePath string) (err error) {
-	updateDir = filepath.Join(workDir, "meta-update")
-	currentExeName = exePath
-	_, pkgNameOnly := filepath.Split(packageURL)
-	if pkgNameOnly == "" {
-		return fmt.Errorf("invalid PackageURL: %q", packageURL)
-	}
-
-	packageName = filepath.Join(updateDir, pkgNameOnly)
-	//log.Infoln(packageName)
-	backupDir = filepath.Join(workDir, "meta-backup")
-
-	if goos == "windows" {
-		updateExeName = "clash.meta" + "-" + goos + "-" + goarch + ".exe"
-	} else {
-		updateExeName = "clash.meta" + "-" + goos + "-" + goarch
-	}
-
-	log.Infoln("updateExeName: %s ,currentExeName: %s", updateExeName, currentExeName)
-
-	backupExeName = filepath.Join(backupDir, filepath.Base(exePath))
-	updateExeName = filepath.Join(updateDir, updateExeName)
-
-	log.Infoln(
-		"updater: updating using url: %s",
-		packageURL,
-	)
-
-	currentExeName = exePath
-	_, err = os.Stat(currentExeName)
-	if err != nil {
-		return fmt.Errorf("checking %q: %w", currentExeName, err)
-	}
-
-	return nil
-}
-
-// unpack extracts the files from the downloaded archive.
-func unpack() error {
-	var err error
-	_, pkgNameOnly := filepath.Split(packageURL)
-
-	log.Debugln("updater: unpacking package")
-	if strings.HasSuffix(pkgNameOnly, ".zip") {
-		unpackedFile, err = zipFileUnpack(packageName, updateDir)
-		if err != nil {
-			return fmt.Errorf(".zip unpack failed: %w", err)
-		}
-
-	} else if strings.HasSuffix(pkgNameOnly, ".gz") {
-		unpackedFile, err = gzFileUnpack(packageName, updateDir)
-		if err != nil {
-			return fmt.Errorf(".gz unpack failed: %w", err)
-		}
-
-	} else {
-		return fmt.Errorf("unknown package extension")
-	}
-
-	return nil
-}
-
-// replace moves the current executable with the updated one and also copies the
-// supporting files.
-func replace() error {
-	//err := copySupportingFiles(unpackedFiles, updateDir, workDir)
-	//if err != nil {
-	//	return fmt.Errorf("copySupportingFiles(%s, %s) failed: %w", updateDir, workDir, err)
-	//}
-
-	log.Infoln("updater: renaming: %s to %s", currentExeName, backupExeName)
-	err := os.Rename(currentExeName, backupExeName)
-	if err != nil {
-		return err
-	}
-
-	if goos == "windows" {
-		// rename fails with "File in use" error
-		log.Infoln("copying:%s to %s", updateExeName, currentExeName)
-		err = copyFile(updateExeName, currentExeName)
-	} else {
-		err = os.Rename(updateExeName, currentExeName)
-	}
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// clean removes the temporary directory itself and all it's contents.
-func clean() {
-	_ = os.RemoveAll(updateDir)
-}
-
-// MaxPackageFileSize is a maximum package file length in bytes. The largest
-// package whose size is limited by this constant currently has the size of
-// approximately 9 MiB.
-const MaxPackageFileSize = 32 * 1024 * 1024
-
-// Download package file and save it to disk
-func downloadPackageFile() (err error) {
-	// var resp *http.Response
-	// resp, err = client.Get(packageURL)
-	ctx, cancel := context.WithTimeout(context.Background(), time.Second*90)
-	defer cancel()
-	resp, err := clashHttp.HttpRequest(ctx, packageURL, http.MethodGet, http.Header{"User-Agent": {"clash"}}, nil)
-	if err != nil {
-		return fmt.Errorf("http request failed: %w", err)
-	}
-
-	defer func() {
-		closeErr := resp.Body.Close()
-		if closeErr != nil && err == nil {
-			err = closeErr
-		}
-	}()
-
-	var r io.Reader
-	r, err = LimitReader(resp.Body, MaxPackageFileSize)
-	if err != nil {
-		return fmt.Errorf("http request failed: %w", err)
-	}
-
-	log.Debugln("updater: reading http body")
-	// This use of ReadAll is now safe, because we limited body's Reader.
-	body, err := io.ReadAll(r)
-	if err != nil {
-		return fmt.Errorf("io.ReadAll() failed: %w", err)
-	}
-
-	log.Debugln("updateDir %s", updateDir)
-	err = os.Mkdir(updateDir, 0o755)
-	if err != nil {
-		fmt.Errorf("mkdir error: %w", err)
-	}
-
-	log.Debugln("updater: saving package to file %s", packageName)
-	err = os.WriteFile(packageName, body, 0o755)
-	if err != nil {
-		return fmt.Errorf("os.WriteFile() failed: %w", err)
-	}
-	return nil
-}
-
-// Unpack a single .gz file to the specified directory
-// Existing files are overwritten
-// All files are created inside outDir, subdirectories are not created
-// Return the output file name
-func gzFileUnpack(gzfile, outDir string) (string, error) {
-	f, err := os.Open(gzfile)
-	if err != nil {
-		return "", fmt.Errorf("os.Open(): %w", err)
-	}
-
-	defer func() {
-		closeErr := f.Close()
-		if closeErr != nil && err == nil {
-			err = closeErr
-		}
-	}()
-
-	gzReader, err := gzip.NewReader(f)
-	if err != nil {
-		return "", fmt.Errorf("gzip.NewReader(): %w", err)
-	}
-
-	defer func() {
-		closeErr := gzReader.Close()
-		if closeErr != nil && err == nil {
-			err = closeErr
-		}
-	}()
-	// Get the original file name from the .gz file header
-	originalName := gzReader.Header.Name
-	if originalName == "" {
-		// Fallback: remove the .gz extension from the input file name if the header doesn't provide the original name
-		originalName = filepath.Base(gzfile)
-		originalName = strings.TrimSuffix(originalName, ".gz")
-	}
-
-	outputName := filepath.Join(outDir, originalName)
-
-	// Create the output file
-	wc, err := os.OpenFile(
-		outputName,
-		os.O_WRONLY|os.O_CREATE|os.O_TRUNC,
-		0o755,
-	)
-	if err != nil {
-		return "", fmt.Errorf("os.OpenFile(%s): %w", outputName, err)
-	}
-
-	defer func() {
-		closeErr := wc.Close()
-		if closeErr != nil && err == nil {
-			err = closeErr
-		}
-	}()
-
-	// Copy the contents of the gzReader to the output file
-	_, err = io.Copy(wc, gzReader)
-	if err != nil {
-		return "", fmt.Errorf("io.Copy(): %w", err)
-	}
-
-	return outputName, nil
-}
-
-// Unpack a single file from .zip file to the specified directory
-// Existing files are overwritten
-// All files are created inside 'outDir', subdirectories are not created
-// Return the output file name
-func zipFileUnpack(zipfile, outDir string) (string, error) {
-	zrc, err := zip.OpenReader(zipfile)
-	if err != nil {
-		return "", fmt.Errorf("zip.OpenReader(): %w", err)
-	}
-
-	defer func() {
-		closeErr := zrc.Close()
-		if closeErr != nil && err == nil {
-			err = closeErr
-		}
-	}()
-	if len(zrc.File) == 0 {
-		return "", fmt.Errorf("no files in the zip archive")
-	}
-
-	// Assuming the first file in the zip archive is the target file
-	zf := zrc.File[0]
-	var rc io.ReadCloser
-	rc, err = zf.Open()
-	if err != nil {
-		return "", fmt.Errorf("zip file Open(): %w", err)
-	}
-
-	defer func() {
-		closeErr := rc.Close()
-		if closeErr != nil && err == nil {
-			err = closeErr
-		}
-	}()
-	fi := zf.FileInfo()
-	name := fi.Name()
-	outputName := filepath.Join(outDir, name)
-
-	if fi.IsDir() {
-		return "", fmt.Errorf("the target file is a directory")
-	}
-
-	var wc io.WriteCloser
-	wc, err = os.OpenFile(outputName, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, fi.Mode())
-	if err != nil {
-		return "", fmt.Errorf("os.OpenFile(): %w", err)
-	}
-
-	defer func() {
-		closeErr := wc.Close()
-		if closeErr != nil && err == nil {
-			err = closeErr
-		}
-	}()
-	_, err = io.Copy(wc, rc)
-	if err != nil {
-		return "", fmt.Errorf("io.Copy(): %w", err)
-	}
-
-	return outputName, nil
-}
-
-// Copy file on disk
-func copyFile(src, dst string) error {
-	d, e := os.ReadFile(src)
-	if e != nil {
-		return e
-	}
-	e = os.WriteFile(dst, d, 0o644)
-	if e != nil {
-		return e
-	}
-	return nil
-}
-
-func getLatestVersion() (version string, err error) {
-	ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
-	defer cancel()
-	resp, err := clashHttp.HttpRequest(ctx, versionURL, http.MethodGet, http.Header{"User-Agent": {"clash"}}, nil)
-	if err != nil {
-		return "", fmt.Errorf("get Latest Version fail: %w", err)
-	}
-	defer func() {
-		closeErr := resp.Body.Close()
-		if closeErr != nil && err == nil {
-			err = closeErr
-		}
-	}()
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return "", fmt.Errorf("get Latest Version fail: %w", err)
-	}
-	content := strings.TrimRight(string(body), "\n")
-	log.Infoln("latest:%s", content)
-	return content, nil
-}
-
-func updateDownloadURL() {
-	var middle string
-
-	if goarch == "arm" && goarm != "" {
-		middle = fmt.Sprintf("-%s-%sv%s-%s", goos, goarch, goarm, latestVersion)
-	} else if isMIPS(goarch) && gomips != "" {
-		middle = fmt.Sprintf("-%s-%s-%s-%s", goos, goarch, gomips, latestVersion)
-	} else {
-		middle = fmt.Sprintf("-%s-%s-%s", goos, goarch, latestVersion)
-	}
-
-	if goos == "windows" {
-		middle += ".zip"
-	} else {
-		middle += ".gz"
-	}
-	packageURL = baseURL + middle
-	//log.Infoln(packageURL)
-}
-
-// isMIPS returns true if arch is any MIPS architecture.
-func isMIPS(arch string) (ok bool) {
-	switch arch {
-	case
-		"mips",
-		"mips64",
-		"mips64le",
-		"mipsle":
-		return true
-	default:
-		return false
-	}
-}

listener/config/shadowsocks.go

@@ -9,7 +9,6 @@ type ShadowsocksServer struct {
 	Listen   string
 	Password string
 	Cipher   string
-	Udp      bool
 }
 
 func (t ShadowsocksServer) String() string {

listener/config/tuic.go

@@ -15,7 +15,6 @@ type TuicServer struct {
 	AuthenticationTimeout int      `yaml:"authentication-timeout" json:"authentication-timeout,omitempty"`
 	ALPN                  []string `yaml:"alpn" json:"alpn,omitempty"`
 	MaxUdpRelayPacketSize int      `yaml:"max-udp-relay-packet-size" json:"max-udp-relay-packet-size,omitempty"`
-	MaxDatagramFrameSize  int      `yaml:"max-datagram-frame-size" json:"max-datagram-frame-size,omitempty"`
 }
 
 func (t TuicServer) String() string {

listener/config/tun.go

@@ -95,5 +95,4 @@ type Tun struct {
 	ExcludePackage         []string       `yaml:"exclude-package" json:"exclude-package,omitempty"`
 	EndpointIndependentNat bool           `yaml:"endpoint-independent-nat" json:"endpoint-independent-nat,omitempty"`
 	UDPTimeout             int64          `yaml:"udp-timeout" json:"udp-timeout,omitempty"`
-	FileDescriptor         int            `yaml:"file-descriptor" json:"file-descriptor"`
 }

listener/inbound/shadowsocks.go

@@ -11,7 +11,6 @@ type ShadowSocksOption struct {
 	BaseOption
 	Password string `inbound:"password"`
 	Cipher   string `inbound:"cipher"`
-	UDP      bool   `inbound:"udp,omitempty"`
 }
 
 func (o ShadowSocksOption) Equal(config C.InboundConfig) bool {
@@ -38,7 +37,6 @@ func NewShadowSocks(options *ShadowSocksOption) (*ShadowSocks, error) {
 			Listen:   base.RawAddress(),
 			Password: options.Password,
 			Cipher:   options.Cipher,
-			Udp:      options.UDP,
 		},
 	}, nil
 }

listener/inbound/tproxy.go

@@ -56,10 +56,13 @@ func (t *TProxy) Listen(tcpIn chan<- C.ConnContext, udpIn chan<- C.PacketAdapter
 		return err
 	}
 	if t.udp {
-		t.lUDP, err = tproxy.NewUDP(t.RawAddress(), udpIn, natTable, t.Additions()...)
-		if err != nil {
-			return err
+		if t.lUDP != nil {
+			t.lUDP, err = tproxy.NewUDP(t.RawAddress(), udpIn, natTable, t.Additions()...)
+			if err != nil {
+				return err
+			}
 		}
+
 	}
 	log.Infoln("TProxy[%s] proxy listening at: %s", t.Name(), t.Address())
 	return nil

listener/inbound/tun.go

@@ -33,7 +33,6 @@ type TunOption struct {
 	ExcludePackage         []string `inbound:"exclude_package,omitempty"`
 	EndpointIndependentNat bool     `inbound:"endpoint_independent_nat,omitempty"`
 	UDPTimeout             int64    `inbound:"udp_timeout,omitempty"`
-	FileDescriptor         int      `inbound:"file-descriptor,omitempty"`
 }
 
 func (o TunOption) Equal(config C.InboundConfig) bool {
@@ -97,7 +96,6 @@ func NewTun(options *TunOption) (*Tun, error) {
 			ExcludePackage:         options.ExcludePackage,
 			EndpointIndependentNat: options.EndpointIndependentNat,
 			UDPTimeout:             options.UDPTimeout,
-			FileDescriptor:         options.FileDescriptor,
 		},
 	}, nil
 }

listener/listener.go

@@ -271,7 +271,6 @@ func ReCreateShadowSocks(shadowSocksConfig string, tcpIn chan<- C.ConnContext, u
 			Listen:   addr,
 			Password: password,
 			Cipher:   cipher,
-			Udp:      true,
 		}
 	}
 
@@ -822,8 +821,7 @@ func hasTunConfigChange(tunConf *LC.Tun) bool {
 		LastTunConf.MTU != tunConf.MTU ||
 		LastTunConf.StrictRoute != tunConf.StrictRoute ||
 		LastTunConf.EndpointIndependentNat != tunConf.EndpointIndependentNat ||
-		LastTunConf.UDPTimeout != tunConf.UDPTimeout ||
-		LastTunConf.FileDescriptor != tunConf.FileDescriptor {
+		LastTunConf.UDPTimeout != tunConf.UDPTimeout {
 		return true
 	}
 

listener/parse.go

@@ -73,7 +73,7 @@ func ParseListener(mapping map[string]any) (C.InboundListener, error) {
 		}
 		listener, err = IN.NewTun(tunOption)
 	case "shadowsocks":
-		shadowsocksOption := &IN.ShadowSocksOption{UDP: true}
+		shadowsocksOption := &IN.ShadowSocksOption{}
 		err = decoder.Decode(mapping, shadowsocksOption)
 		if err != nil {
 			return nil, err

listener/shadowsocks/tcp.go

@@ -33,14 +33,12 @@ func New(config LC.ShadowsocksServer, tcpIn chan<- C.ConnContext, udpIn chan<- C
 	for _, addr := range strings.Split(config.Listen, ",") {
 		addr := addr
 
-		if config.Udp {
-			//UDP
-			ul, err := NewUDP(addr, pickCipher, udpIn)
-			if err != nil {
-				return nil, err
-			}
-			sl.udpListeners = append(sl.udpListeners, ul)
+		//UDP
+		ul, err := NewUDP(addr, pickCipher, udpIn)
+		if err != nil {
+			return nil, err
 		}
+		sl.udpListeners = append(sl.udpListeners, ul)
 
 		//TCP
 		l, err := inbound.Listen("tcp", addr)

listener/sing/sing.go

@@ -5,7 +5,6 @@ import (
 	"errors"
 	"golang.org/x/exp/slices"
 	"net"
-	"net/netip"
 	"sync"
 	"time"
 
@@ -25,11 +24,10 @@ import (
 const UDPTimeout = 5 * time.Minute
 
 type ListenerHandler struct {
-	TcpIn      chan<- C.ConnContext
-	UdpIn      chan<- C.PacketAdapter
-	Type       C.Type
-	Additions  []inbound.Addition
-	UDPTimeout time.Duration
+	TcpIn     chan<- C.ConnContext
+	UdpIn     chan<- C.PacketAdapter
+	Type      C.Type
+	Additions []inbound.Addition
 }
 
 type waitCloseConn struct {
@@ -63,16 +61,9 @@ func (h *ListenerHandler) NewConnection(ctx context.Context, conn net.Conn, meta
 	switch metadata.Destination.Fqdn {
 	case vmess.MuxDestination.Fqdn:
 		return vmess.HandleMuxConnection(ctx, conn, h)
-	case uot.MagicAddress:
-		request, err := uot.ReadRequest(conn)
-		if err != nil {
-			return E.Cause(err, "read UoT request")
-		}
-		metadata.Destination = request.Destination
-		return h.NewPacketConnection(ctx, uot.NewConn(conn, *request), metadata)
-	case uot.LegacyMagicAddress:
-		metadata.Destination = M.Socksaddr{Addr: netip.IPv4Unspecified()}
-		return h.NewPacketConnection(ctx, uot.NewConn(conn, uot.Request{}), metadata)
+	case uot.UOTMagicAddress:
+		metadata.Destination = M.Socksaddr{}
+		return h.NewPacketConnection(ctx, uot.NewClientConn(conn), metadata)
 	}
 	target := socks5.ParseAddr(metadata.Destination.String())
 	wg := &sync.WaitGroup{}
@@ -160,9 +151,6 @@ func (c *packet) WriteBack(b []byte, addr net.Addr) (n int, err error) {
 		return
 	}
 	err = conn.WritePacket(buff, M.SocksaddrFromNet(addr))
-	if err != nil {
-		return
-	}
 	return
 }
 

listener/sing_shadowsocks/server.go

@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"net"
 	"strings"
-	"time"
 
 	"github.com/Dreamacro/clash/adapter/inbound"
 	"github.com/Dreamacro/clash/common/sockopt"
@@ -64,7 +63,7 @@ func New(config LC.ShadowsocksServer, tcpIn chan<- C.ConnContext, udpIn chan<- C
 	case common.Contains(shadowaead.List, config.Cipher):
 		sl.service, err = shadowaead.NewService(config.Cipher, nil, config.Password, udpTimeout, h)
 	case common.Contains(shadowaead_2022.List, config.Cipher):
-		sl.service, err = shadowaead_2022.NewServiceWithPassword(config.Cipher, config.Password, udpTimeout, h, time.Now)
+		sl.service, err = shadowaead_2022.NewServiceWithPassword(config.Cipher, config.Password, udpTimeout, h)
 	default:
 		err = fmt.Errorf("shadowsocks: unsupported method: %s", config.Cipher)
 		return embedSS.New(config, tcpIn, udpIn)
@@ -76,40 +75,38 @@ func New(config LC.ShadowsocksServer, tcpIn chan<- C.ConnContext, udpIn chan<- C
 	for _, addr := range strings.Split(config.Listen, ",") {
 		addr := addr
 
-		if config.Udp {
-			//UDP
-			ul, err := net.ListenPacket("udp", addr)
-			if err != nil {
-				return nil, err
-			}
-
-			err = sockopt.UDPReuseaddr(ul.(*net.UDPConn))
-			if err != nil {
-				log.Warnln("Failed to Reuse UDP Address: %s", err)
-			}
-
-			sl.udpListeners = append(sl.udpListeners, ul)
-
-			go func() {
-				conn := bufio.NewPacketConn(ul)
-				for {
-					buff := buf.NewPacket()
-					remoteAddr, err := conn.ReadPacket(buff)
-					if err != nil {
-						buff.Release()
-						if sl.closed {
-							break
-						}
-						continue
-					}
-					_ = sl.service.NewPacket(context.TODO(), conn, buff, metadata.Metadata{
-						Protocol: "shadowsocks",
-						Source:   remoteAddr,
-					})
-				}
-			}()
+		//UDP
+		ul, err := net.ListenPacket("udp", addr)
+		if err != nil {
+			return nil, err
 		}
 
+		err = sockopt.UDPReuseaddr(ul.(*net.UDPConn))
+		if err != nil {
+			log.Warnln("Failed to Reuse UDP Address: %s", err)
+		}
+
+		sl.udpListeners = append(sl.udpListeners, ul)
+
+		go func() {
+			conn := bufio.NewPacketConn(ul)
+			for {
+				buff := buf.NewPacket()
+				remoteAddr, err := conn.ReadPacket(buff)
+				if err != nil {
+					buff.Release()
+					if sl.closed {
+						break
+					}
+					continue
+				}
+				_ = sl.service.NewPacket(context.TODO(), conn, buff, metadata.Metadata{
+					Protocol: "shadowsocks",
+					Source:   remoteAddr,
+				})
+			}
+		}()
+
 		//TCP
 		l, err := inbound.Listen("tcp", addr)
 		if err != nil {

listener/sing_tun/dns.go

@@ -110,10 +110,7 @@ func (h *ListenerHandler) NewPacketConnection(ctx context.Context, conn network.
 			conn2 = nil
 		}()
 		for {
-			// safe size which is 1232 from https://dnsflagday.net/2020/.
-			// so 2048 is enough
-			buff := buf.NewSize(2 * 1024)
-			_ = conn.SetReadDeadline(time.Now().Add(DefaultDnsReadTimeout))
+			buff := buf.NewPacket()
 			dest, err := conn.ReadPacket(buff)
 			if err != nil {
 				buff.Release()

listener/sing_tun/server.go

@@ -8,7 +8,6 @@ import (
 	"runtime"
 	"strconv"
 	"strings"
-	"time"
 
 	"github.com/Dreamacro/clash/adapter/inbound"
 	"github.com/Dreamacro/clash/component/dialer"
@@ -152,11 +151,10 @@ func New(options LC.Tun, tcpIn chan<- C.ConnContext, udpIn chan<- C.PacketAdapte
 
 	handler := &ListenerHandler{
 		ListenerHandler: sing.ListenerHandler{
-			TcpIn:      tcpIn,
-			UdpIn:      udpIn,
-			Type:       C.TUN,
-			Additions:  additions,
-			UDPTimeout: time.Second * time.Duration(udpTimeout),
+			TcpIn:     tcpIn,
+			UdpIn:     udpIn,
+			Type:      C.TUN,
+			Additions: additions,
 		},
 		DnsAdds: dnsAdds,
 	}
@@ -214,7 +212,6 @@ func New(options LC.Tun, tcpIn chan<- C.ConnContext, udpIn chan<- C.PacketAdapte
 		IncludeAndroidUser: options.IncludeAndroidUser,
 		IncludePackage:     options.IncludePackage,
 		ExcludePackage:     options.ExcludePackage,
-		FileDescriptor:     options.FileDescriptor,
 		InterfaceMonitor:   defaultInterfaceMonitor,
 		TableIndex:         2022,
 	}
@@ -224,7 +221,7 @@ func New(options LC.Tun, tcpIn chan<- C.ConnContext, udpIn chan<- C.PacketAdapte
 		err = E.Cause(err, "build android rules")
 		return
 	}
-	tunIf, err := tunNew(tunOptions)
+	tunIf, err := tunOpen(tunOptions)
 	if err != nil {
 		err = E.Cause(err, "configure tun interface")
 		return

listener/sing_tun/server_notwindows.go

@@ -6,6 +6,6 @@ import (
 	tun "github.com/metacubex/sing-tun"
 )
 
-func tunNew(options tun.Options) (tun.Tun, error) {
-	return tun.New(options)
+func tunOpen(options tun.Options) (tun.Tun, error) {
+	return tun.Open(options)
 }

listener/sing_tun/server_windows.go

@@ -8,11 +8,11 @@ import (
 	tun "github.com/metacubex/sing-tun"
 )
 
-func tunNew(options tun.Options) (tunIf tun.Tun, err error) {
+func tunOpen(options tun.Options) (tunIf tun.Tun, err error) {
 	maxRetry := 3
 	for i := 0; i < maxRetry; i++ {
 		timeBegin := time.Now()
-		tunIf, err = tun.New(options)
+		tunIf, err = tun.Open(options)
 		if err == nil {
 			return
 		}

listener/tuic/server.go

@@ -61,16 +61,6 @@ func New(config LC.TuicServer, tcpIn chan<- C.ConnContext, udpIn chan<- C.Packet
 	quicConfig.InitialConnectionReceiveWindow = tuic.DefaultConnectionReceiveWindow / 10
 	quicConfig.MaxConnectionReceiveWindow = tuic.DefaultConnectionReceiveWindow
 
-	if config.MaxUdpRelayPacketSize == 0 {
-		config.MaxUdpRelayPacketSize = 1500
-	}
-	maxDatagramFrameSize := config.MaxUdpRelayPacketSize + tuic.PacketOverHead
-	if maxDatagramFrameSize > 1400 {
-		maxDatagramFrameSize = 1400
-	}
-	config.MaxUdpRelayPacketSize = maxDatagramFrameSize - tuic.PacketOverHead
-	quicConfig.MaxDatagramFrameSize = int64(maxDatagramFrameSize)
-
 	tokens := make([][32]byte, len(config.Token))
 	for i, token := range config.Token {
 		tokens[i] = tuic.GenTKN(token)

rules/common/domain.go

@@ -1,6 +1,7 @@
 package common
 
 import (
+	"golang.org/x/net/idna"
 	"strings"
 
 	C "github.com/Dreamacro/clash/constant"
@@ -10,6 +11,7 @@ type Domain struct {
 	*Base
 	domain  string
 	adapter string
+	isIDNA  bool
 }
 
 func (d *Domain) RuleType() C.RuleType {
@@ -25,14 +27,20 @@ func (d *Domain) Adapter() string {
 }
 
 func (d *Domain) Payload() string {
-	return d.domain
+	domain := d.domain
+	if d.isIDNA {
+		domain, _ = idna.ToUnicode(domain)
+	}
+	return domain
 }
 
 func NewDomain(domain string, adapter string) *Domain {
+	actualDomain, _ := idna.ToASCII(domain)
 	return &Domain{
 		Base:    &Base{},
-		domain:  strings.ToLower(domain),
+		domain:  strings.ToLower(actualDomain),
 		adapter: adapter,
+		isIDNA:  actualDomain != domain,
 	}
 }