[Chore] workflows

[Chore] Upgrade Dependencies

.github/workflows/Dev.yml

@@ -1,44 +0,0 @@
-name: Dev
-on: [push]
-jobs:
-  dev-build:
-    if: ${{ !contains(github.event.head_commit.message, '[Skip CI]') }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get latest go version
-        id: version
-        run: |
-          echo ::set-output name=go_version::$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g')
-      - name: Setup Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ steps.version.outputs.go_version }}
-
-      - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
-
-      - name: Cache go module
-        uses: actions/cache@v2
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
-#      - name: Get dependencies, run test
-#        run: |
-#          go test ./...
-      - name: Build
-        if: success()
-        env:
-          NAME: Clash.Meta
-          BINDIR: bin
-        run: make -j releases
-
-      - name: Upload Release
-        uses: softprops/action-gh-release@v1
-        if: ${{ env.GIT_BRANCH != 'Meta' && success() }}
-        with:
-          tag_name: Dev
-          files: bin/*
-          prerelease: true
-

.github/workflows/build.yaml

@@ -0,0 +1,20 @@
+name: Build All
+on:
+  workflow_dispatch:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v1
+        with:
+          go-version: 1.18
+      - name: Check out code
+        uses: actions/checkout@v1
+      - name: Build
+        run: make all
+      - name: Release
+        uses: softprops/action-gh-release@v1
+        with:
+          files: bin/*
+          draft: true

.github/workflows/docker.yml

@@ -1,76 +0,0 @@
-name: Publish Docker Image
-on:
-  push:
-    branches:
-      - dev
-    tags:
-      - '*'
-jobs:
-
-  build:
-    name: Build
-    runs-on: ubuntu-latest
-    steps:
-
-      - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-        with:
-          platforms: all
-
-      - name: Set up docker buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v1
-        with:
-          version: latest
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-      
-      - name: Login to Github Package
-        uses: docker/login-action@v1
-        with:
-          registry: ghcr.io
-          username: Dreamacro
-          password: ${{ secrets.PACKAGE_TOKEN }}
-
-      - name: Build dev branch and push
-        if: github.ref == 'refs/heads/dev'
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64
-          push: true
-          tags: 'dreamacro/clash:dev,ghcr.io/dreamacro/clash:dev'
-
-      - name: Get all docker tags
-        if: startsWith(github.ref, 'refs/tags/')
-        uses: actions/github-script@v4
-        id: tags
-        with:
-          script: |
-            const ref = `${context.payload.ref.replace(/\/?refs\/tags\//, '')}`
-            const tags = [
-              'dreamacro/clash:latest',
-              `dreamacro/clash:${ref}`,
-              'ghcr.io/dreamacro/clash:latest',
-              `ghcr.io/dreamacro/clash:${ref}`
-            ]
-            return tags.join(',')
-          result-encoding: string
-
-      - name: Build release and push
-        if: startsWith(github.ref, 'refs/tags/')
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64
-          push: true
-          tags: ${{steps.tags.outputs.result}}

.github/workflows/release.yml

@@ -0,0 +1,71 @@
+name: Release
+on: [push]
+jobs:
+  Feature-build:
+    if: ${{ !contains(github.event.head_commit.message, '[Skip CI]') }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get latest go version
+        id: version
+        run: |
+          echo ::set-output name=go_version::$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g')
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ steps.version.outputs.go_version }}
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v3
+
+      - name: Cache go module
+        uses: actions/cache@v2
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+      #      - name: Get dependencies, run test
+      #        run: |
+      #          go test ./...
+      - name: Build
+        if: success()
+        env:
+          NAME: Clash.Meta
+          BINDIR: bin
+        run: make -j releases
+
+      - name: Delete current release assets
+        uses: andreaswilli/delete-release-assets-action@v2.0.0
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          tag: alpha
+          deleteOnlyFromDrafts: false
+
+      - name: Tag Repo
+        uses: richardsimko/update-tag@v1
+        with:
+          tag_name: v1.10.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Upload Release
+        uses: softprops/action-gh-release@v1
+        if: ${{ env.GIT_BRANCH == 'Meta' && success() }}
+        with:
+          tag: ${{ github.ref }}
+          tag_name: v1.10.0
+          files: bin/*
+          prerelease: false
+
+      - name: send telegram message on push
+        uses: appleboy/telegram-action@master
+        with:
+          to: ${{ secrets.TTELEGRAM_CHAT_ID }}
+          token: ${{ secrets.TELEGRAM_TOKEN }}
+          message: |
+            ${{ github.actor }} created commit:
+            Commit message: ${{ github.event.commits[0].message }}
+
+            Repository: ${{ github.repository }}
+
+            See changes: https://github.com/${{ github.repository }}/commit/${{github.sha}}

.golangci.yaml

@@ -0,0 +1,16 @@
+linters:
+  disable-all: true
+  enable:
+    - gofumpt
+    - staticcheck
+    - govet
+    - gci
+
+linters-settings:
+  gci:
+    sections:
+      - standard
+      - prefix(github.com/Dreamacro/clash)
+      - default
+  staticcheck:
+    go: '1.18'

Dockerfile

@@ -12,7 +12,7 @@ RUN go mod download && \
 FROM alpine:latest
 LABEL org.opencontainers.image.source="https://github.com/Dreamacro/clash"
 
-RUN apk add --no-cache ca-certificates
+RUN apk add --no-cache ca-certificates tzdata
 COPY --from=builder /Country.mmdb /root/.config/clash/
 COPY --from=builder /clash /
 ENTRYPOINT ["/clash"]

Makefile

@@ -1,58 +1,58 @@
 NAME=Clash.Meta
 BINDIR=bin
 BRANCH=$(shell git rev-parse --abbrev-ref HEAD)
-VERSION=$(shell git describe --tags || echo "unknown version" )
-ifeq ($(BRANCH),Dev)
-VERSION=develop-$(shell git rev-parse --short HEAD)
-endif
+VERSION=$(shell git describe --tags || echo "unknown version")
 BUILDTIME=$(shell date -u)
-AUTOIPTABLES=Enable
 GOBUILD=CGO_ENABLED=0 go build -trimpath -ldflags '-X "github.com/Dreamacro/clash/constant.Version=$(VERSION)" \
 		-X "github.com/Dreamacro/clash/constant.BuildTime=$(BUILDTIME)" \
 		-w -s -buildid='
 
-GOBUILDOP=CGO_ENABLED=0 go build -trimpath -ldflags '-X "github.com/Dreamacro/clash/constant.Version=$(VERSION)" \
-		-X "github.com/Dreamacro/clash/constant.BuildTime=$(BUILDTIME)" \
-		-X "github.com/Dreamacro/clash/constant.AutoIptables=$(AUTOIPTABLES)"  \
-		-w -s -buildid='
-
 PLATFORM_LIST = \
-	darwin-amd64 \
+	darwin-amd64v1 \
+	darwin-amd64v2 \
+	darwin-amd64v3 \
 	darwin-arm64 \
-	linux-amd64 \
+	linux-amd64v1 \
+	linux-amd64v2 \
+	linux-amd64v3 \
 	linux-armv5 \
 	linux-armv6 \
 	linux-armv7 \
-	linux-armv8 \
+	linux-arm64 \
 	linux-mips64 \
 	linux-mips64le \
 	linux-mips-softfloat \
 	linux-mips-hardfloat \
 	linux-mipsle-softfloat \
 	linux-mipsle-hardfloat \
+	android-arm64 \
 	freebsd-386 \
 	freebsd-amd64 \
 	freebsd-arm64
 
-
 WINDOWS_ARCH_LIST = \
 	windows-386 \
-	windows-amd64 \
+	windows-amd64v1 \
+	windows-amd64v2 \
+	windows-amd64v3 \
 	windows-arm64 \
     windows-arm32v7
 
-
-all:linux-amd64-AutoIptables  linux-amd64\
-	linux-arm64 linux-arm64-AutoIptables linux-armv7\
+all:linux-amd64 linux-arm64\
 	darwin-amd64 darwin-arm64\
- 	windows-amd64 windows-386 \
- 	linux-mips-hardfloat linux-mips-softfloat linux-mips64 linux-mips64le linux-mipsle-hardfloat linux-mipsle-softfloat# Most used
+ 	windows-amd64 windows-arm64\
 
 docker:
 	$(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
-darwin-amd64:
-	GOARCH=amd64 GOOS=darwin $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+darwin-amd64v3:
+	GOARCH=amd64 GOOS=darwin GOAMD64=v3 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+darwin-amd64v2:
+	GOARCH=amd64 GOOS=darwin GOAMD64=v2 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+darwin-amd64v1:
+	GOARCH=amd64 GOOS=darwin GOAMD64=v1 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
 darwin-arm64:
 	GOARCH=arm64 GOOS=darwin $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
@@ -60,42 +60,27 @@ darwin-arm64:
 linux-386:
 	GOARCH=386 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
-linux-amd64:
-	GOARCH=amd64 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+linux-amd64v3:
+	GOARCH=amd64 GOOS=linux GOAMD64=v3 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
-linux-amd64-AutoIptables:
-	GOARCH=amd64 GOOS=linux $(GOBUILDOP) -o $(BINDIR)/$(NAME)-$@
+linux-amd64v2:
+	GOARCH=amd64 GOOS=linux GOAMD64=v2 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+linux-amd64v1:
+	GOARCH=amd64 GOOS=linux GOAMD64=v1 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
 linux-arm64:
 	GOARCH=arm64 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
-linux-arm64-AutoIptables:
-	GOARCH=arm64 GOOS=linux $(GOBUILDOP) -o $(BINDIR)/$(NAME)-$@
-
 linux-armv5:
 	GOARCH=arm GOOS=linux GOARM=5 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
-linux-armv5-AutoIptables:
-	GOARCH=arm GOOS=linux GOARM=5 $(GOBUILDOP) -o $(BINDIR)/$(NAME)-$@
-
 linux-armv6:
 	GOARCH=arm GOOS=linux GOARM=6 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
-linux-armv6-AutoIptables:
-	GOARCH=arm GOOS=linux GOARM=6 $(GOBUILDOP) -o $(BINDIR)/$(NAME)-$@
-
 linux-armv7:
 	GOARCH=arm GOOS=linux GOARM=7 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
-linux-armv7-AutoIptables:
-	GOARCH=arm GOOS=linux GOARM=7 $(GOBUILDOP) -o $(BINDIR)/$(NAME)-$@
-
-linux-armv8:
-	GOARCH=arm64 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
-
-linux-armv8-AutoIptables:
-	GOARCH=arm64 GOOS=linux $(GOBUILDOP) -o $(BINDIR)/$(NAME)-$@
-
 linux-mips-softfloat:
 	GOARCH=mips GOMIPS=softfloat GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
@@ -114,11 +99,14 @@ linux-mips64:
 linux-mips64le:
 	GOARCH=mips64le GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
+android-arm64:
+	GOARCH=arm64 GOOS=android $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
 freebsd-386:
 	GOARCH=386 GOOS=freebsd $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
 freebsd-amd64:
-	GOARCH=amd64 GOOS=freebsd $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+	GOARCH=amd64 GOOS=freebsd GOAMD64=v3 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
 freebsd-arm64:
 	GOARCH=arm64 GOOS=freebsd $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
@@ -126,8 +114,14 @@ freebsd-arm64:
 windows-386:
 	GOARCH=386 GOOS=windows $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
 
-windows-amd64:
-	GOARCH=amd64 GOOS=windows $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
+windows-amd64v3:
+	GOARCH=amd64 GOOS=windows GOAMD64=v3 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
+
+windows-amd64v2:
+	GOARCH=amd64 GOOS=windows GOAMD64=v2 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
+
+windows-amd64v1:
+	GOARCH=amd64 GOOS=windows GOAMD64=v1 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
 
 windows-arm64:
 	GOARCH=arm64 GOOS=windows $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
@@ -148,5 +142,12 @@ $(zip_releases): %.zip : %
 all-arch: $(PLATFORM_LIST) $(WINDOWS_ARCH_LIST)
 
 releases: $(gz_releases) $(zip_releases)
+
+vet:
+	go test ./...
+
+lint:
+	golangci-lint run ./...
+
 clean:
-	rm $(BINDIR)/*
+	rm $(BINDIR)/*

README.md

@@ -172,88 +172,102 @@ proxy-providers:
 
 Support outbound transport protocol `VLESS`.
 
-The XTLS support TCP/UDP by the XRAY-CORE.
+The XTLS support (TCP/UDP) transport by the XRAY-CORE.
 ```yaml
 proxies:
-  # Vless + TCP Sample
-  - name: "vless-tcp"
+  - name: "vless"
     type: vless
     server: server
     port: 443
     uuid: uuid
-    network: tcp
     servername: example.com # AKA SNI
     # flow: xtls-rprx-direct # xtls-rprx-origin  # enable XTLS
     # skip-cert-verify: true
-  
-  # Vless + WS Sample
+    
   - name: "vless-ws"
     type: vless
     server: server
     port: 443
     uuid: uuid
+    tls: true
     udp: true
     network: ws
     servername: example.com # priority over wss host
     # skip-cert-verify: true
-    ws-path: /path
-    ws-headers:
-      Host: example.com
+    ws-opts:
+      path: /path
+      headers: { Host: example.com, Edge: "12a00c4.fm.huawei.com:82897" }
 
-  # Trojan + XTLS Sample
-  - name: "proxy name"
-    type: trojan
-    server: server name
+  - name: "vless-grpc"
+    type: vless
+    server: server
     port: 443
-    password: password
+    uuid: uuid
+    tls: true
     udp: true
-    servername: server name # AKA SNI
-    flow: xtls-rprx-direct #  Enable XTLS: xtls-rprx-direct | xtls-rprx-origin 
-    skip-cert-verify: false
+    network: grpc
+    servername: example.com # priority over wss host
+    # skip-cert-verify: true
+    grpc-opts: 
+      grpc-service-name: grpcname
 ```
 
-### IPTABLES auto-configuration
-Only work on Linux OS who support `iptables`, Clash will auto-configuration iptables for tproxy listener when `tproxy-port` value isn't zero.
+### IPTABLES configuration
+Work on Linux OS who's supported `iptables`
 
-If `TPROXY` is enabled, the `TUN` must be disabled.
 ```yaml
 # Enable the TPROXY listener
 tproxy-port: 9898
-# Disable the TUN listener
-tun:
-  enable: false
+
+iptables:
+  enable: true # default is false
+  inbound-interface: eth0 # detect the inbound interface, default is 'lo'
 ```
-Create user given name `Clash.Meta`.
 
-Run Meta Kernel by user `Clash.Meta` as a daemon.
 
-Create the systemd configuration file at /etc/systemd/system/clash.service:
+### General installation guide for Linux  
++ Create user given name `clash-meta`
+
++ Download and decompress pre-built binaries from [releases](https://github.com/MetaCubeX/Clash.Meta/releases)  
+
++ Rename executable file to `Clash-Meta` and move to `/usr/local/bin/` 
+
++ Create folder `/etc/Clash-Meta/` as working directory 
+
+
+
+Run Meta Kernel by user `clash-meta` as a daemon.
+
+Create the systemd configuration file at `/etc/systemd/system/Clash-Meta.service`:
 
 ```
 [Unit]
-Description=Clash.Meta Daemon, Another Clash Kernel.
-After=network.target
+Description=Clash-Meta Daemon, Another Clash Kernel.
+After=network.target NetworkManager.service systemd-networkd.service iwd.service
 
 [Service]
 Type=simple
-User=Clash.Meta
-Group=Clash.Meta
+User=clash-meta
+Group=clash-meta
+LimitNPROC=500
+LimitNOFILE=1000000
 CapabilityBoundingSet=cap_net_admin
 AmbientCapabilities=cap_net_admin
 Restart=always
-ExecStart=/usr/local/bin/Clash.Meta -d /etc/Clash.Meta
+ExecStartPre=/usr/bin/sleep 1s
+ExecStart=/usr/local/bin/Clash-Meta -d /etc/Clash-Meta
 
 [Install]
 WantedBy=multi-user.target
 ```
 Launch clashd on system startup with:
 ```shell
-$ systemctl enable Clash.Meta
+$ systemctl enable Clash-Meta
 ```
 Launch clashd immediately with:
 
 ```shell
-$ systemctl start Clash.Meta
+$ systemctl start Clash-Meta
 ```
 
 ### Display Process name
@@ -266,13 +280,6 @@ To display process name in GUI please use [Dashboard For Meta](https://github.co
 
 ## Development
 
-Build the Clash.Meta locally  
-```shell
-$ git clone https://github.com/MetaCubeX/Clash.Meta.git
-$ cd Clash.Meta
-$ make # build for all platform or 'make darwin-amd64' for specific platform, darwin-amd64
-```
-
 If you want to build an application that uses clash as a library, check out the
 the [GitHub Wiki](https://github.com/Dreamacro/clash/wiki/use-clash-as-a-library)
 

adapter/adapter.go

@@ -7,6 +7,7 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"strings"
 	"time"
 
 	"github.com/Dreamacro/clash/common/queue"
@@ -39,7 +40,11 @@ func (p *Proxy) Dial(metadata *C.Metadata) (C.Conn, error) {
 // DialContext implements C.ProxyAdapter
 func (p *Proxy) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
 	conn, err := p.ProxyAdapter.DialContext(ctx, metadata, opts...)
-	p.alive.Store(err == nil)
+	wasCancel := false
+	if err != nil {
+		wasCancel = strings.Contains(err.Error(), "operation was canceled")
+	}
+	p.alive.Store(err == nil || wasCancel)
 	return conn, err
 }
 
@@ -93,7 +98,7 @@ func (p *Proxy) MarshalJSON() ([]byte, error) {
 		return inner, err
 	}
 
-	mapping := map[string]interface{}{}
+	mapping := map[string]any{}
 	json.Unmarshal(inner, &mapping)
 	mapping["history"] = p.DelayHistory()
 	mapping["name"] = p.Name()

adapter/outbound/direct.go

@@ -14,6 +14,7 @@ type Direct struct {
 
 // DialContext implements C.ProxyAdapter
 func (d *Direct) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
+	opts = append(opts, dialer.WithDirect())
 	c, err := dialer.DialContext(ctx, "tcp", metadata.RemoteAddress(), d.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, err
@@ -24,6 +25,7 @@ func (d *Direct) DialContext(ctx context.Context, metadata *C.Metadata, opts ...
 
 // ListenPacketContext implements C.ProxyAdapter
 func (d *Direct) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
+	opts = append(opts, dialer.WithDirect())
 	pc, err := dialer.ListenPacket(ctx, "udp", "", d.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, err
@@ -54,3 +56,13 @@ func NewCompatible() *Direct {
 		},
 	}
 }
+
+func NewPass() *Direct {
+	return &Direct{
+		Base: &Base{
+			name: "Pass",
+			tp:   C.Pass,
+			udp:  true,
+		},
+	}
+}

adapter/outbound/http.go

@@ -136,6 +136,7 @@ func NewHttp(option HttpOption) *Http {
 			addr:  net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),
 			tp:    C.Http,
 			iface: option.Interface,
+			rmark: option.RoutingMark,
 		},
 		user:      option.UserName,
 		pass:      option.Password,

adapter/outbound/shadowsocks.go

@@ -29,14 +29,14 @@ type ShadowSocks struct {
 
 type ShadowSocksOption struct {
 	BasicOption
-	Name       string                 `proxy:"name"`
-	Server     string                 `proxy:"server"`
-	Port       int                    `proxy:"port"`
-	Password   string                 `proxy:"password"`
-	Cipher     string                 `proxy:"cipher"`
-	UDP        bool                   `proxy:"udp,omitempty"`
-	Plugin     string                 `proxy:"plugin,omitempty"`
-	PluginOpts map[string]interface{} `proxy:"plugin-opts,omitempty"`
+	Name       string         `proxy:"name"`
+	Server     string         `proxy:"server"`
+	Port       int            `proxy:"port"`
+	Password   string         `proxy:"password"`
+	Cipher     string         `proxy:"cipher"`
+	UDP        bool           `proxy:"udp,omitempty"`
+	Plugin     string         `proxy:"plugin,omitempty"`
+	PluginOpts map[string]any `proxy:"plugin-opts,omitempty"`
 }
 
 type simpleObfsOption struct {
@@ -160,6 +160,7 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
 			tp:    C.Shadowsocks,
 			udp:   option.UDP,
 			iface: option.Interface,
+			rmark: option.RoutingMark,
 		},
 		cipher: ciph,
 

adapter/outbound/shadowsocksr.go

@@ -142,6 +142,7 @@ func NewShadowSocksR(option ShadowSocksROption) (*ShadowSocksR, error) {
 			tp:    C.ShadowsocksR,
 			udp:   option.UDP,
 			iface: option.Interface,
+			rmark: option.RoutingMark,
 		},
 		cipher:   coreCiph,
 		obfs:     obfs,

adapter/outbound/snell.go

@@ -23,13 +23,13 @@ type Snell struct {
 
 type SnellOption struct {
 	BasicOption
-	Name     string                 `proxy:"name"`
-	Server   string                 `proxy:"server"`
-	Port     int                    `proxy:"port"`
-	Psk      string                 `proxy:"psk"`
-	UDP      bool                   `proxy:"udp,omitempty"`
-	Version  int                    `proxy:"version,omitempty"`
-	ObfsOpts map[string]interface{} `proxy:"obfs-opts,omitempty"`
+	Name     string         `proxy:"name"`
+	Server   string         `proxy:"server"`
+	Port     int            `proxy:"port"`
+	Psk      string         `proxy:"psk"`
+	UDP      bool           `proxy:"udp,omitempty"`
+	Version  int            `proxy:"version,omitempty"`
+	ObfsOpts map[string]any `proxy:"obfs-opts,omitempty"`
 }
 
 type streamOption struct {
@@ -142,6 +142,7 @@ func NewSnell(option SnellOption) (*Snell, error) {
 			tp:    C.Snell,
 			udp:   option.UDP,
 			iface: option.Interface,
+			rmark: option.RoutingMark,
 		},
 		psk:        psk,
 		obfsOption: obfsOption,

adapter/outbound/socks5.go

@@ -154,6 +154,7 @@ func NewSocks5(option Socks5Option) *Socks5 {
 			tp:    C.Socks5,
 			udp:   option.UDP,
 			iface: option.Interface,
+			rmark: option.RoutingMark,
 		},
 		user:           option.UserName,
 		pass:           option.Password,

adapter/outbound/trojan.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
-	xtls "github.com/xtls/go"
 	"net"
 	"net/http"
 	"strconv"
@@ -13,6 +12,7 @@ import (
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/gun"
 	"github.com/Dreamacro/clash/transport/trojan"
+	"github.com/Dreamacro/clash/transport/vless"
 
 	"golang.org/x/net/http2"
 )
@@ -34,7 +34,6 @@ type TrojanOption struct {
 	Server         string      `proxy:"server"`
 	Port           int         `proxy:"port"`
 	Password       string      `proxy:"password"`
-	Flow           string      `proxy:"flow,omitempty"`
 	ALPN           []string    `proxy:"alpn,omitempty"`
 	SNI            string      `proxy:"sni,omitempty"`
 	SkipCertVerify bool        `proxy:"skip-cert-verify,omitempty"`
@@ -42,6 +41,8 @@ type TrojanOption struct {
 	Network        string      `proxy:"network,omitempty"`
 	GrpcOpts       GrpcOptions `proxy:"grpc-opts,omitempty"`
 	WSOpts         WSOptions   `proxy:"ws-opts,omitempty"`
+	Flow           string      `proxy:"flow,omitempty"`
+	FlowShow       bool        `proxy:"flow-show,omitempty"`
 }
 
 func (t *Trojan) plainStream(c net.Conn) (net.Conn, error) {
@@ -84,19 +85,12 @@ func (t *Trojan) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error)
 		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 	}
 
-	var tc trojan.Command
-	if xtlsConn, ok := c.(*xtls.Conn); ok {
-		xtlsConn.RPRX = true
-		if t.instance.GetFlow() == trojan.XRD {
-			xtlsConn.DirectMode = true
-			tc = trojan.CommandXRD
-		} else {
-			tc = trojan.CommandXRO
-		}
-	} else {
-		tc = trojan.CommandTCP
+	c, err = t.instance.PresetXTLSConn(c)
+	if err != nil {
+		return nil, err
 	}
-	err = t.instance.WriteHeader(c, tc, serializesSocksAddr(metadata))
+
+	err = t.instance.WriteHeader(c, trojan.CommandTCP, serializesSocksAddr(metadata))
 	return c, err
 }
 
@@ -109,6 +103,12 @@ func (t *Trojan) DialContext(ctx context.Context, metadata *C.Metadata, opts ...
 			return nil, err
 		}
 
+		c, err = t.instance.PresetXTLSConn(c)
+		if err != nil {
+			c.Close()
+			return nil, err
+		}
+
 		if err = t.instance.WriteHeader(c, trojan.CommandTCP, serializesSocksAddr(metadata)); err != nil {
 			c.Close()
 			return nil, err
@@ -170,13 +170,21 @@ func NewTrojan(option TrojanOption) (*Trojan, error) {
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
 
 	tOption := &trojan.Option{
-		Password:            option.Password,
-		Flow:                option.Flow,
-		ALPN:                option.ALPN,
-		ServerName:          option.Server,
-		SkipCertVerify:      option.SkipCertVerify,
-		ClientSessionCache:  getClientSessionCache(),
-		ClientXSessionCache: getClientXSessionCache(),
+		Password:       option.Password,
+		ALPN:           option.ALPN,
+		ServerName:     option.Server,
+		SkipCertVerify: option.SkipCertVerify,
+		FlowShow:       option.FlowShow,
+	}
+
+	if option.Network != "ws" && len(option.Flow) >= 16 {
+		option.Flow = option.Flow[:16]
+		switch option.Flow {
+		case vless.XRO, vless.XRD, vless.XRS:
+			tOption.Flow = option.Flow
+		default:
+			return nil, fmt.Errorf("unsupported xtls flow type: %s", option.Flow)
+		}
 	}
 
 	if option.SNI != "" {
@@ -190,6 +198,7 @@ func NewTrojan(option TrojanOption) (*Trojan, error) {
 			tp:    C.Trojan,
 			udp:   option.UDP,
 			iface: option.Interface,
+			rmark: option.RoutingMark,
 		},
 		instance: trojan.New(tOption),
 		option:   &option,
@@ -212,7 +221,12 @@ func NewTrojan(option TrojanOption) (*Trojan, error) {
 			ServerName:         tOption.ServerName,
 		}
 
-		t.transport = gun.NewHTTP2Client(dialFn, tlsConfig)
+		if t.option.Flow != "" {
+			t.transport = gun.NewHTTP2XTLSClient(dialFn, tlsConfig)
+		} else {
+			t.transport = gun.NewHTTP2Client(dialFn, tlsConfig)
+		}
+
 		t.gunTLSConfig = tlsConfig
 		t.gunConfig = &gun.Config{
 			ServiceName: option.GrpcOpts.GrpcServiceName,

adapter/outbound/util.go

@@ -20,6 +20,13 @@ var (
 	once                      sync.Once
 )
 
+func tcpKeepAlive(c net.Conn) {
+	if tcp, ok := c.(*net.TCPConn); ok {
+		tcp.SetKeepAlive(true)
+		tcp.SetKeepAlivePeriod(30 * time.Second)
+	}
+}
+
 func getClientSessionCache() tls.ClientSessionCache {
 	once.Do(func() {
 		globalClientSessionCache = tls.NewLRUClientSessionCache(128)
@@ -34,13 +41,6 @@ func getClientXSessionCache() xtls.ClientSessionCache {
 	return globalClientXSessionCache
 }
 
-func tcpKeepAlive(c net.Conn) {
-	if tcp, ok := c.(*net.TCPConn); ok {
-		tcp.SetKeepAlive(true)
-		tcp.SetKeepAlivePeriod(30 * time.Second)
-	}
-}
-
 func serializesSocksAddr(metadata *C.Metadata) []byte {
 	var buf [][]byte
 	aType := uint8(metadata.AddrType)
@@ -67,7 +67,7 @@ func resolveUDPAddr(network, address string) (*net.UDPAddr, error) {
 		return nil, err
 	}
 
-	ip, err := resolver.ResolveIP(host)
+	ip, err := resolver.ResolveProxyServerHost(host)
 	if err != nil {
 		return nil, err
 	}

adapter/outbound/vless.go

@@ -6,6 +6,7 @@ import (
 	"encoding/binary"
 	"errors"
 	"fmt"
+	"io"
 	"net"
 	"net/http"
 	"strconv"
@@ -17,12 +18,13 @@ import (
 	"github.com/Dreamacro/clash/transport/gun"
 	"github.com/Dreamacro/clash/transport/vless"
 	"github.com/Dreamacro/clash/transport/vmess"
+
 	"golang.org/x/net/http2"
 )
 
 const (
 	// max packet length
-	maxLength = 8192
+	maxLength = 1024 << 3
 )
 
 type Vless struct {
@@ -61,12 +63,6 @@ func (v *Vless) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	var err error
 	switch v.option.Network {
 	case "ws":
-		if v.option.WSOpts.Path == "" {
-			v.option.WSOpts.Path = v.option.WSPath
-		}
-		if len(v.option.WSOpts.Headers) == 0 {
-			v.option.WSOpts.Headers = v.option.WSHeaders
-		}
 
 		host, port, _ := net.SplitHostPort(v.addr)
 		wsOpts := &vmess.WebsocketConfig{
@@ -85,18 +81,17 @@ func (v *Vless) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 			wsOpts.Headers = header
 		}
 
-		if v.option.TLS {
-			wsOpts.TLS = true
-			wsOpts.TLSConfig = &tls.Config{
-				ServerName:         host,
-				InsecureSkipVerify: v.option.SkipCertVerify,
-				NextProtos:         []string{"http/1.1"},
-			}
-			if v.option.ServerName != "" {
-				wsOpts.TLSConfig.ServerName = v.option.ServerName
-			} else if host := wsOpts.Headers.Get("Host"); host != "" {
-				wsOpts.TLSConfig.ServerName = host
-			}
+		wsOpts.TLS = true
+		wsOpts.TLSConfig = &tls.Config{
+			MinVersion:         tls.VersionTLS12,
+			ServerName:         host,
+			InsecureSkipVerify: v.option.SkipCertVerify,
+			NextProtos:         []string{"http/1.1"},
+		}
+		if v.option.ServerName != "" {
+			wsOpts.TLSConfig.ServerName = v.option.ServerName
+		} else if host := wsOpts.Headers.Get("Host"); host != "" {
+			wsOpts.TLSConfig.ServerName = host
 		}
 		c, err = vmess.StreamWebsocketConn(c, wsOpts)
 	case "http":
@@ -134,6 +129,7 @@ func (v *Vless) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 			c, err = gun.StreamGunWithConn(c, v.gunTLSConfig, v.gunConfig)
 		}
 	default:
+		// default tcp network
 		// handle TLS And XTLS
 		c, err = v.streamTLSOrXTLSConn(c, false)
 	}
@@ -219,7 +215,7 @@ func (v *Vless) DialContext(ctx context.Context, metadata *C.Metadata, opts ...d
 
 // ListenPacketContext implements C.ProxyAdapter
 func (v *Vless) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.PacketConn, err error) {
-	// vmess use stream-oriented udp with a special address, so we needs a net.UDPAddr
+	// vless use stream-oriented udp with a special address, so we needs a net.UDPAddr
 	if !metadata.Resolved() {
 		ip, err := resolver.ResolveIP(metadata.Host)
 		if err != nil {
@@ -275,7 +271,7 @@ func parseVlessAddr(metadata *C.Metadata) *vless.DstAddr {
 		copy(addr[1:], []byte(metadata.Host))
 	}
 
-	port, _ := strconv.Atoi(metadata.DstPort)
+	port, _ := strconv.ParseUint(metadata.DstPort, 10, 16)
 	return &vless.DstAddr{
 		UDP:      metadata.NetWork == C.UDP,
 		AddrType: addrType,
@@ -286,91 +282,97 @@ func parseVlessAddr(metadata *C.Metadata) *vless.DstAddr {
 
 type vlessPacketConn struct {
 	net.Conn
-	rAddr net.Addr
+	rAddr  net.Addr
 	remain int
 	mux    sync.Mutex
-	cache  []byte
+	cache  [2]byte
 }
 
-func (c *vlessPacketConn) writePacket(b []byte, addr net.Addr) (int, error) {
-	length := len(b)
-	defer func() {
-		c.cache = c.cache[:0]
-	}()
-	c.cache = append(c.cache, byte(length>>8), byte(length))
-	c.cache = append(c.cache, b...)
-	n, err := c.Conn.Write(c.cache)
-	if n > 2 {
-		return n - 2, err
+func (c *vlessPacketConn) writePacket(payload []byte) (int, error) {
+	binary.BigEndian.PutUint16(c.cache[:], uint16(len(payload)))
+
+	if _, err := c.Conn.Write(c.cache[:]); err != nil {
+		return 0, err
 	}
 
-	return 0, err
+	return c.Conn.Write(payload)
 }
 
 func (c *vlessPacketConn) WriteTo(b []byte, addr net.Addr) (int, error) {
-	if len(b) <= maxLength {
-		return c.writePacket(b, addr)
+	total := len(b)
+	if total == 0 {
+		return 0, nil
+	}
+
+	if total <= maxLength {
+		return c.writePacket(b)
 	}
 
 	offset := 0
-	total := len(b)
+
 	for offset < total {
 		cursor := offset + maxLength
 		if cursor > total {
 			cursor = total
 		}
 
-		n, err := c.writePacket(b[offset:cursor], addr)
+		n, err := c.writePacket(b[offset:cursor])
 		if err != nil {
 			return offset + n, err
 		}
 
 		offset = cursor
+		if offset == total {
+			break
+		}
 	}
 
 	return total, nil
 }
 
-
 func (c *vlessPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
 	c.mux.Lock()
 	defer c.mux.Unlock()
 
-	length := len(b)
 	if c.remain > 0 {
+		length := len(b)
 		if c.remain < length {
 			length = c.remain
 		}
 
 		n, err := c.Conn.Read(b[:length])
 		if err != nil {
-			return 0, nil, err
+			return 0, c.rAddr, err
 		}
 
 		c.remain -= n
 		return n, c.rAddr, nil
 	}
 
-	var packetLength uint16
-	if err := binary.Read(c.Conn, binary.BigEndian, &packetLength); err != nil {
-		return 0, nil, err
+	if _, err := c.Conn.Read(b[:2]); err != nil {
+		return 0, c.rAddr, err
 	}
 
-	remain := int(packetLength)
-	n, err := c.Conn.Read(b[:length])
-	remain -= n
-	if remain > 0 {
-		c.remain = remain
+	total := int(binary.BigEndian.Uint16(b[:2]))
+	if total == 0 {
+		return 0, c.rAddr, nil
 	}
-	return n, c.rAddr, err
+
+	length := len(b)
+	if length > total {
+		length = total
+	}
+
+	if _, err := io.ReadFull(c.Conn, b[:length]); err != nil {
+		return 0, c.rAddr, errors.New("read packet error")
+	}
+
+	c.remain = total - length
+
+	return length, c.rAddr, nil
 }
 
-
 func NewVless(option VlessOption) (*Vless, error) {
-	if !option.TLS && option.Network == "grpc" {
-		return nil, fmt.Errorf("TLS must be true with vless-grpc")
-	}
-
 	var addons *vless.Addons
 	if option.Network != "ws" && len(option.Flow) >= 16 {
 		option.Flow = option.Flow[:16]
@@ -380,7 +382,7 @@ func NewVless(option VlessOption) (*Vless, error) {
 				Flow: option.Flow,
 			}
 		default:
-			return nil, fmt.Errorf("unsupported vless flow type: %s", option.Flow)
+			return nil, fmt.Errorf("unsupported xtls flow type: %s", option.Flow)
 		}
 	}
 

adapter/outbound/vmess.go

@@ -47,6 +47,10 @@ type VmessOption struct {
 	HTTP2Opts      HTTP2Options `proxy:"h2-opts,omitempty"`
 	GrpcOpts       GrpcOptions  `proxy:"grpc-opts,omitempty"`
 	WSOpts         WSOptions    `proxy:"ws-opts,omitempty"`
+
+	// TODO: compatible with VMESS WS older version configurations
+	WSHeaders map[string]string `proxy:"ws-headers,omitempty"`
+	WSPath    string            `proxy:"ws-path,omitempty"`
 }
 
 type HTTPOptions struct {
@@ -76,6 +80,13 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	var err error
 	switch v.option.Network {
 	case "ws":
+		if v.option.WSOpts.Path == "" {
+			v.option.WSOpts.Path = v.option.WSPath
+		}
+		if len(v.option.WSOpts.Headers) == 0 {
+			v.option.WSOpts.Headers = v.option.WSHeaders
+		}
+
 		host, port, _ := net.SplitHostPort(v.addr)
 		wsOpts := &vmess.WebsocketConfig{
 			Host:                host,
@@ -280,6 +291,7 @@ func NewVmess(option VmessOption) (*Vmess, error) {
 			tp:    C.Vmess,
 			udp:   option.UDP,
 			iface: option.Interface,
+			rmark: option.RoutingMark,
 		},
 		client: client,
 		option: &option,

adapter/outboundgroup/common.go

@@ -2,7 +2,7 @@ package outboundgroup
 
 import (
 	"github.com/Dreamacro/clash/tunnel"
-	"regexp"
+	"github.com/dlclark/regexp2"
 	"time"
 
 	C "github.com/Dreamacro/clash/constant"
@@ -23,12 +23,18 @@ func getProvidersProxies(providers []provider.ProxyProvider, touch bool, filter
 		}
 	}
 
-	var filterReg *regexp.Regexp = nil
-	matchedProxies := []C.Proxy{}
+	var filterReg *regexp2.Regexp = nil
+	var matchedProxies []C.Proxy
 	if len(filter) > 0 {
-		filterReg = regexp.MustCompile(filter)
+		//filterReg = regexp.MustCompile(filter)
+		filterReg = regexp2.MustCompile(filter, 0)
 		for _, p := range proxies {
-			if filterReg.MatchString(p.Name()) {
+			if p.Type() < 8 {
+				matchedProxies = append(matchedProxies, p)
+			}
+
+			//if filterReg.MatchString(p.Name()) {
+			if mat, _ := filterReg.FindStringMatch(p.Name()); mat != nil {
 				matchedProxies = append(matchedProxies, p)
 			}
 		}

adapter/outboundgroup/fallback.go

@@ -97,12 +97,11 @@ func (f *Fallback) SupportUDP() bool {
 
 // MarshalJSON implements C.ProxyAdapter
 func (f *Fallback) MarshalJSON() ([]byte, error) {
-	all := make([]string, 0)
+	all := []string{}
 	for _, proxy := range f.proxies(false) {
 		all = append(all, proxy.Name())
 	}
-
-	return json.Marshal(map[string]interface{}{
+	return json.Marshal(map[string]any{
 		"type": f.Type().String(),
 		"now":  f.Now(),
 		"all":  all,
@@ -116,7 +115,7 @@ func (f *Fallback) Unwrap(metadata *C.Metadata) C.Proxy {
 }
 
 func (f *Fallback) proxies(touch bool) []C.Proxy {
-	elm, _, _ := f.single.Do(func() (interface{}, error) {
+	elm, _, _ := f.single.Do(func() (any, error) {
 		return getProvidersProxies(f.providers, touch, f.filter), nil
 	})
 

adapter/outboundgroup/loadbalance.go

@@ -30,7 +30,7 @@ type LoadBalance struct {
 
 var errStrategy = errors.New("unsupported strategy")
 
-func parseStrategy(config map[string]interface{}) string {
+func parseStrategy(config map[string]any) string {
 	if elm, ok := config["strategy"]; ok {
 		if strategy, ok := elm.(string); ok {
 			return strategy
@@ -141,7 +141,7 @@ func (lb *LoadBalance) Unwrap(metadata *C.Metadata) C.Proxy {
 }
 
 func (lb *LoadBalance) proxies(touch bool) []C.Proxy {
-	elm, _, _ := lb.single.Do(func() (interface{}, error) {
+	elm, _, _ := lb.single.Do(func() (any, error) {
 		return getProvidersProxies(lb.providers, touch, lb.filter), nil
 	})
 
@@ -150,13 +150,11 @@ func (lb *LoadBalance) proxies(touch bool) []C.Proxy {
 
 // MarshalJSON implements C.ProxyAdapter
 func (lb *LoadBalance) MarshalJSON() ([]byte, error) {
-	all := make([]string, 0)
-
+	all := []string{}
 	for _, proxy := range lb.proxies(false) {
 		all = append(all, proxy.Name())
 	}
-
-	return json.Marshal(map[string]interface{}{
+	return json.Marshal(map[string]any{
 		"type": lb.Type().String(),
 		"all":  all,
 	})

adapter/outboundgroup/parser.go

@@ -32,7 +32,7 @@ type GroupCommonOption struct {
 	Filter     string   `group:"filter,omitempty"`
 }
 
-func ParseProxyGroup(config map[string]interface{}, proxyMap map[string]C.Proxy, providersMap map[string]types.ProxyProvider) (C.ProxyAdapter, error) {
+func ParseProxyGroup(config map[string]any, proxyMap map[string]C.Proxy, providersMap map[string]types.ProxyProvider) (C.ProxyAdapter, error) {
 	decoder := structure.NewDecoder(structure.Option{TagName: "group", WeaklyTypedInput: true})
 
 	groupOption := &GroupCommonOption{

adapter/outboundgroup/relay.go

@@ -69,20 +69,18 @@ func (r *Relay) DialContext(ctx context.Context, metadata *C.Metadata, opts ...d
 
 // MarshalJSON implements C.ProxyAdapter
 func (r *Relay) MarshalJSON() ([]byte, error) {
-	all := make([]string, 0)
-
+	all := []string{}
 	for _, proxy := range r.rawProxies(false) {
 		all = append(all, proxy.Name())
 	}
-
-	return json.Marshal(map[string]interface{}{
+	return json.Marshal(map[string]any{
 		"type": r.Type().String(),
 		"all":  all,
 	})
 }
 
 func (r *Relay) rawProxies(touch bool) []C.Proxy {
-	elm, _, _ := r.single.Do(func() (interface{}, error) {
+	elm, _, _ := r.single.Do(func() (any, error) {
 		return getProvidersProxies(r.providers, touch, r.filter), nil
 	})
 

adapter/outboundgroup/selector.go

@@ -50,13 +50,12 @@ func (s *Selector) SupportUDP() bool {
 
 // MarshalJSON implements C.ProxyAdapter
 func (s *Selector) MarshalJSON() ([]byte, error) {
-	all := make([]string, 0)
-
+	all := []string{}
 	for _, proxy := range getProvidersProxies(s.providers, false, s.filter) {
 		all = append(all, proxy.Name())
 	}
 
-	return json.Marshal(map[string]interface{}{
+	return json.Marshal(map[string]any{
 		"type": s.Type().String(),
 		"now":  s.Now(),
 		"all":  all,
@@ -80,12 +79,12 @@ func (s *Selector) Set(name string) error {
 }
 
 // Unwrap implements C.ProxyAdapter
-func (s *Selector) Unwrap(metadata *C.Metadata) C.Proxy {
+func (s *Selector) Unwrap(*C.Metadata) C.Proxy {
 	return s.selectedProxy(true)
 }
 
 func (s *Selector) selectedProxy(touch bool) C.Proxy {
-	elm, _, _ := s.single.Do(func() (interface{}, error) {
+	elm, _, _ := s.single.Do(func() (any, error) {
 		proxies := getProvidersProxies(s.providers, touch, s.filter)
 		for _, proxy := range proxies {
 			if proxy.Name() == s.selected {

adapter/outboundgroup/urltest.go

@@ -49,7 +49,6 @@ func (u *URLTest) DialContext(ctx context.Context, metadata *C.Metadata, opts ..
 	} else {
 		u.onDialFailed()
 	}
-
 	return c, err
 }
 
@@ -63,17 +62,16 @@ func (u *URLTest) ListenPacketContext(ctx context.Context, metadata *C.Metadata,
 	} else {
 		u.onDialFailed()
 	}
-
 	return pc, err
 }
 
 // Unwrap implements C.ProxyAdapter
-func (u *URLTest) Unwrap(metadata *C.Metadata) C.Proxy {
+func (u *URLTest) Unwrap(*C.Metadata) C.Proxy {
 	return u.fast(true)
 }
 
 func (u *URLTest) proxies(touch bool) []C.Proxy {
-	elm, _, _ := u.single.Do(func() (interface{}, error) {
+	elm, _, _ := u.single.Do(func() (any, error) {
 		return getProvidersProxies(u.providers, touch, u.filter), nil
 	})
 
@@ -81,7 +79,7 @@ func (u *URLTest) proxies(touch bool) []C.Proxy {
 }
 
 func (u *URLTest) fast(touch bool) C.Proxy {
-	elm, _, _ := u.fastSingle.Do(func() (interface{}, error) {
+	elm, _, _ := u.fastSingle.Do(func() (any, error) {
 		proxies := u.proxies(touch)
 		fast := proxies[0]
 		min := fast.LastDelay()
@@ -125,13 +123,11 @@ func (u *URLTest) SupportUDP() bool {
 
 // MarshalJSON implements C.ProxyAdapter
 func (u *URLTest) MarshalJSON() ([]byte, error) {
-	all := make([]string, 0)
-
+	all := []string{}
 	for _, proxy := range u.proxies(false) {
 		all = append(all, proxy.Name())
 	}
-
-	return json.Marshal(map[string]interface{}{
+	return json.Marshal(map[string]any{
 		"type": u.Type().String(),
 		"now":  u.Now(),
 		"all":  all,
@@ -164,7 +160,7 @@ func (u *URLTest) onDialFailed() {
 	}
 }
 
-func parseURLTestOption(config map[string]interface{}) []urlTestOption {
+func parseURLTestOption(config map[string]any) []urlTestOption {
 	opts := []urlTestOption{}
 
 	// tolerance

adapter/parser.go

@@ -8,7 +8,7 @@ import (
 	C "github.com/Dreamacro/clash/constant"
 )
 
-func ParseProxy(mapping map[string]interface{}) (C.Proxy, error) {
+func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 	decoder := structure.NewDecoder(structure.Option{TagName: "proxy", WeaklyTypedInput: true})
 	proxyType, existType := mapping["type"].(string)
 	if !existType {

adapter/provider/fetcher.go

@@ -16,7 +16,7 @@ var (
 	dirMode  os.FileMode = 0o755
 )
 
-type parser = func([]byte) (interface{}, error)
+type parser = func([]byte) (any, error)
 
 type fetcher struct {
 	name      string
@@ -26,7 +26,7 @@ type fetcher struct {
 	done      chan struct{}
 	hash      [16]byte
 	parser    parser
-	onUpdate  func(interface{})
+	onUpdate  func(any)
 }
 
 func (f *fetcher) Name() string {
@@ -37,7 +37,7 @@ func (f *fetcher) VehicleType() types.VehicleType {
 	return f.vehicle.Type()
 }
 
-func (f *fetcher) Initial() (interface{}, error) {
+func (f *fetcher) Initial() (any, error) {
 	var (
 		buf     []byte
 		err     error
@@ -92,7 +92,7 @@ func (f *fetcher) Initial() (interface{}, error) {
 	return proxies, nil
 }
 
-func (f *fetcher) Update() (interface{}, bool, error) {
+func (f *fetcher) Update() (any, bool, error) {
 	buf, err := f.vehicle.Read()
 	if err != nil {
 		return nil, false, err
@@ -168,7 +168,7 @@ func safeWrite(path string, buf []byte) error {
 	return os.WriteFile(path, buf, fileMode)
 }
 
-func newFetcher(name string, interval time.Duration, vehicle types.Vehicle, parser parser, onUpdate func(interface{})) *fetcher {
+func newFetcher(name string, interval time.Duration, vehicle types.Vehicle, parser parser, onUpdate func(any)) *fetcher {
 	var ticker *time.Ticker
 	if interval != 0 {
 		ticker = time.NewTicker(interval)

adapter/provider/healthcheck.go

@@ -31,7 +31,13 @@ type HealthCheck struct {
 func (hc *HealthCheck) process() {
 	ticker := time.NewTicker(time.Duration(hc.interval) * time.Second)
 
-	go hc.check()
+	go func() {
+		t := time.NewTicker(30 * time.Second)
+		<-t.C
+		t.Stop()
+		hc.check()
+	}()
+
 	for {
 		select {
 		case <-ticker.C:
@@ -62,7 +68,7 @@ func (hc *HealthCheck) check() {
 	b, _ := batch.New(context.Background(), batch.WithConcurrencyNum(10))
 	for _, proxy := range hc.proxies {
 		p := proxy
-		b.Go(p.Name(), func() (interface{}, error) {
+		b.Go(p.Name(), func() (any, error) {
 			ctx, cancel := context.WithTimeout(context.Background(), defaultURLTestTimeout)
 			defer cancel()
 			p.URLTest(ctx, hc.url)

adapter/provider/parser.go

@@ -28,7 +28,7 @@ type proxyProviderSchema struct {
 	HealthCheck healthCheckSchema `provider:"health-check,omitempty"`
 }
 
-func ParseProxyProvider(name string, mapping map[string]interface{}) (types.ProxyProvider, error) {
+func ParseProxyProvider(name string, mapping map[string]any) (types.ProxyProvider, error) {
 	decoder := structure.NewDecoder(structure.Option{TagName: "provider", WeaklyTypedInput: true})
 
 	schema := &proxyProviderSchema{

adapter/provider/provider.go

@@ -4,7 +4,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"regexp"
+	"github.com/dlclark/regexp2"
 	"runtime"
 	"time"
 
@@ -20,7 +20,7 @@ const (
 )
 
 type ProxySchema struct {
-	Proxies []map[string]interface{} `yaml:"proxies"`
+	Proxies []map[string]any `yaml:"proxies"`
 }
 
 // for auto gc
@@ -35,12 +35,13 @@ type proxySetProvider struct {
 }
 
 func (pp *proxySetProvider) MarshalJSON() ([]byte, error) {
-	return json.Marshal(map[string]interface{}{
+	return json.Marshal(map[string]any{
 		"name":        pp.Name(),
 		"type":        pp.Type().String(),
 		"vehicleType": pp.VehicleType().String(),
 		"proxies":     pp.Proxies(),
-		"updatedAt":   pp.updatedAt,
+		//TODO maybe error because year value overflow
+		"updatedAt": pp.updatedAt,
 	})
 }
 
@@ -101,7 +102,8 @@ func stopProxyProvider(pd *ProxySetProvider) {
 }
 
 func NewProxySetProvider(name string, interval time.Duration, filter string, vehicle types.Vehicle, hc *HealthCheck) (*ProxySetProvider, error) {
-	filterReg, err := regexp.Compile(filter)
+	//filterReg, err := regexp.Compile(filter)
+	filterReg, err := regexp2.Compile(filter, 0)
 	if err != nil {
 		return nil, fmt.Errorf("invalid filter regex: %w", err)
 	}
@@ -111,12 +113,12 @@ func NewProxySetProvider(name string, interval time.Duration, filter string, veh
 		healthCheck: hc,
 	}
 
-	onUpdate := func(elm interface{}) {
+	onUpdate := func(elm any) {
 		ret := elm.([]C.Proxy)
 		pd.setProxies(ret)
 	}
 
-	proxiesParseAndFilter := func(buf []byte) (interface{}, error) {
+	proxiesParseAndFilter := func(buf []byte) (any, error) {
 		schema := &ProxySchema{}
 
 		if err := yaml.Unmarshal(buf, schema); err != nil {
@@ -129,7 +131,9 @@ func NewProxySetProvider(name string, interval time.Duration, filter string, veh
 
 		proxies := []C.Proxy{}
 		for idx, mapping := range schema.Proxies {
-			if name, ok := mapping["name"]; ok && len(filter) > 0 && !filterReg.MatchString(name.(string)) {
+			name, ok := mapping["name"]
+			mat, _ := filterReg.FindStringMatch(name.(string))
+			if ok && len(filter) > 0 && mat == nil {
 				continue
 			}
 			proxy, err := adapter.ParseProxy(mapping)
@@ -169,7 +173,7 @@ type compatibleProvider struct {
 }
 
 func (cp *compatibleProvider) MarshalJSON() ([]byte, error) {
-	return json.Marshal(map[string]interface{}{
+	return json.Marshal(map[string]any{
 		"name":        cp.Name(),
 		"type":        cp.Type().String(),
 		"vehicleType": cp.VehicleType().String(),

adapter/provider/vehicle.go

@@ -2,6 +2,7 @@ package provider
 
 import (
 	"context"
+	"github.com/Dreamacro/clash/component/dialer"
 	"github.com/Dreamacro/clash/listener/inner"
 	"io"
 	"net"
@@ -85,7 +86,13 @@ func (h *HTTPVehicle) Read() ([]byte, error) {
 	client := http.Client{Transport: transport}
 	resp, err := client.Do(req)
 	if err != nil {
-		return nil, err
+		transport.DialContext = func(ctx context.Context, network, address string) (net.Conn, error) {
+			return dialer.DialContext(ctx, network, address)
+		}
+		resp, err = client.Do(req)
+		if err != nil {
+			return nil, err
+		}
 	}
 	defer resp.Body.Close()
 

common/batch/batch.go

@@ -8,7 +8,7 @@ import (
 type Option = func(b *Batch)
 
 type Result struct {
-	Value interface{}
+	Value any
 	Err   error
 }
 
@@ -38,7 +38,7 @@ type Batch struct {
 	cancel func()
 }
 
-func (b *Batch) Go(key string, fn func() (interface{}, error)) {
+func (b *Batch) Go(key string, fn func() (any, error)) {
 	b.wg.Add(1)
 	go func() {
 		defer b.wg.Done()

common/batch/batch_test.go

@@ -14,11 +14,11 @@ func TestBatch(t *testing.T) {
 	b, _ := New(context.Background())
 
 	now := time.Now()
-	b.Go("foo", func() (interface{}, error) {
+	b.Go("foo", func() (any, error) {
 		time.Sleep(time.Millisecond * 100)
 		return "foo", nil
 	})
-	b.Go("bar", func() (interface{}, error) {
+	b.Go("bar", func() (any, error) {
 		time.Sleep(time.Millisecond * 150)
 		return "bar", nil
 	})
@@ -45,7 +45,7 @@ func TestBatchWithConcurrencyNum(t *testing.T) {
 	now := time.Now()
 	for i := 0; i < 7; i++ {
 		idx := i
-		b.Go(strconv.Itoa(idx), func() (interface{}, error) {
+		b.Go(strconv.Itoa(idx), func() (any, error) {
 			time.Sleep(time.Millisecond * 100)
 			return strconv.Itoa(idx), nil
 		})
@@ -64,12 +64,12 @@ func TestBatchWithConcurrencyNum(t *testing.T) {
 func TestBatchContext(t *testing.T) {
 	b, ctx := New(context.Background())
 
-	b.Go("error", func() (interface{}, error) {
+	b.Go("error", func() (any, error) {
 		time.Sleep(time.Millisecond * 100)
 		return nil, errors.New("test error")
 	})
 
-	b.Go("ctx", func() (interface{}, error) {
+	b.Go("ctx", func() (any, error) {
 		<-ctx.Done()
 		return nil, ctx.Err()
 	})

common/cache/cache.go

@@ -18,11 +18,11 @@ type cache struct {
 
 type element struct {
 	Expired time.Time
-	Payload interface{}
+	Payload any
 }
 
 // Put element in Cache with its ttl
-func (c *cache) Put(key interface{}, payload interface{}, ttl time.Duration) {
+func (c *cache) Put(key any, payload any, ttl time.Duration) {
 	c.mapping.Store(key, &element{
 		Payload: payload,
 		Expired: time.Now().Add(ttl),
@@ -30,7 +30,7 @@ func (c *cache) Put(key interface{}, payload interface{}, ttl time.Duration) {
 }
 
 // Get element in Cache, and drop when it expired
-func (c *cache) Get(key interface{}) interface{} {
+func (c *cache) Get(key any) any {
 	item, exist := c.mapping.Load(key)
 	if !exist {
 		return nil
@@ -45,7 +45,7 @@ func (c *cache) Get(key interface{}) interface{} {
 }
 
 // GetWithExpire element in Cache with Expire Time
-func (c *cache) GetWithExpire(key interface{}) (payload interface{}, expired time.Time) {
+func (c *cache) GetWithExpire(key any) (payload any, expired time.Time) {
 	item, exist := c.mapping.Load(key)
 	if !exist {
 		return
@@ -60,7 +60,7 @@ func (c *cache) GetWithExpire(key interface{}) (payload interface{}, expired tim
 }
 
 func (c *cache) cleanup() {
-	c.mapping.Range(func(k, v interface{}) bool {
+	c.mapping.Range(func(k, v any) bool {
 		key := k.(string)
 		elm := v.(*element)
 		if time.Since(elm.Expired) > 0 {

common/cache/lrucache.go

@@ -12,7 +12,7 @@ import (
 type Option func(*LruCache)
 
 // EvictCallback is used to get a callback when a cache entry is evicted
-type EvictCallback = func(key interface{}, value interface{})
+type EvictCallback = func(key any, value any)
 
 // WithEvict set the evict callback
 func WithEvict(cb EvictCallback) Option {
@@ -57,7 +57,7 @@ type LruCache struct {
 	maxAge         int64
 	maxSize        int
 	mu             sync.Mutex
-	cache          map[interface{}]*list.Element
+	cache          map[any]*list.Element
 	lru            *list.List // Front is least-recent
 	updateAgeOnGet bool
 	staleReturn    bool
@@ -68,7 +68,7 @@ type LruCache struct {
 func NewLRUCache(options ...Option) *LruCache {
 	lc := &LruCache{
 		lru:   list.New(),
-		cache: make(map[interface{}]*list.Element),
+		cache: make(map[any]*list.Element),
 	}
 
 	for _, option := range options {
@@ -78,9 +78,9 @@ func NewLRUCache(options ...Option) *LruCache {
 	return lc
 }
 
-// Get returns the interface{} representation of a cached response and a bool
+// Get returns the any representation of a cached response and a bool
 // set to true if the key was found.
-func (c *LruCache) Get(key interface{}) (interface{}, bool) {
+func (c *LruCache) Get(key any) (any, bool) {
 	entry := c.get(key)
 	if entry == nil {
 		return nil, false
@@ -90,11 +90,11 @@ func (c *LruCache) Get(key interface{}) (interface{}, bool) {
 	return value, true
 }
 
-// GetWithExpire returns the interface{} representation of a cached response,
+// GetWithExpire returns the any representation of a cached response,
 // a time.Time Give expected expires,
 // and a bool set to true if the key was found.
 // This method will NOT check the maxAge of element and will NOT update the expires.
-func (c *LruCache) GetWithExpire(key interface{}) (interface{}, time.Time, bool) {
+func (c *LruCache) GetWithExpire(key any) (any, time.Time, bool) {
 	entry := c.get(key)
 	if entry == nil {
 		return nil, time.Time{}, false
@@ -104,7 +104,7 @@ func (c *LruCache) GetWithExpire(key interface{}) (interface{}, time.Time, bool)
 }
 
 // Exist returns if key exist in cache but not put item to the head of linked list
-func (c *LruCache) Exist(key interface{}) bool {
+func (c *LruCache) Exist(key any) bool {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 
@@ -112,8 +112,8 @@ func (c *LruCache) Exist(key interface{}) bool {
 	return ok
 }
 
-// Set stores the interface{} representation of a response for a given key.
-func (c *LruCache) Set(key interface{}, value interface{}) {
+// Set stores the any representation of a response for a given key.
+func (c *LruCache) Set(key any, value any) {
 	expires := int64(0)
 	if c.maxAge > 0 {
 		expires = time.Now().Unix() + c.maxAge
@@ -121,9 +121,9 @@ func (c *LruCache) Set(key interface{}, value interface{}) {
 	c.SetWithExpire(key, value, time.Unix(expires, 0))
 }
 
-// SetWithExpire stores the interface{} representation of a response for a given key and given expires.
+// SetWithExpire stores the any representation of a response for a given key and given expires.
 // The expires time will round to second.
-func (c *LruCache) SetWithExpire(key interface{}, value interface{}, expires time.Time) {
+func (c *LruCache) SetWithExpire(key any, value any, expires time.Time) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 
@@ -155,7 +155,7 @@ func (c *LruCache) CloneTo(n *LruCache) {
 	defer n.mu.Unlock()
 
 	n.lru = list.New()
-	n.cache = make(map[interface{}]*list.Element)
+	n.cache = make(map[any]*list.Element)
 
 	for e := c.lru.Front(); e != nil; e = e.Next() {
 		elm := e.Value.(*entry)
@@ -163,7 +163,7 @@ func (c *LruCache) CloneTo(n *LruCache) {
 	}
 }
 
-func (c *LruCache) get(key interface{}) *entry {
+func (c *LruCache) get(key any) *entry {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 
@@ -188,7 +188,7 @@ func (c *LruCache) get(key interface{}) *entry {
 }
 
 // Delete removes the value associated with a key.
-func (c *LruCache) Delete(key interface{}) {
+func (c *LruCache) Delete(key any) {
 	c.mu.Lock()
 
 	if le, ok := c.cache[key]; ok {
@@ -216,8 +216,17 @@ func (c *LruCache) deleteElement(le *list.Element) {
 	}
 }
 
+func (c *LruCache) Clear() error {
+	c.mu.Lock()
+
+	c.cache = make(map[any]*list.Element)
+
+	c.mu.Unlock()
+	return nil
+}
+
 type entry struct {
-	key     interface{}
-	value   interface{}
+	key     any
+	value   any
 	expires int64
 }

common/cache/lrucache_test.go

@@ -126,7 +126,7 @@ func TestExist(t *testing.T) {
 
 func TestEvict(t *testing.T) {
 	temp := 0
-	evict := func(key interface{}, value interface{}) {
+	evict := func(key any, value any) {
 		temp = key.(int) + value.(int)
 	}
 

common/cmd/cmd.go

@@ -0,0 +1,36 @@
+package cmd
+
+import (
+	"fmt"
+	"os/exec"
+	"strings"
+)
+
+func ExecCmd(cmdStr string) (string, error) {
+	args := splitArgs(cmdStr)
+
+	var cmd *exec.Cmd
+	if len(args) == 1 {
+		cmd = exec.Command(args[0])
+	} else {
+		cmd = exec.Command(args[0], args[1:]...)
+
+	}
+	prepareBackgroundCommand(cmd)
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		return "", fmt.Errorf("%v, %s", err, string(out))
+	}
+	return string(out), nil
+}
+
+func splitArgs(cmd string) []string {
+	args := strings.Split(cmd, " ")
+
+	// use in pipeline
+	if len(args) > 2 && strings.ContainsAny(cmd, "|") {
+		suffix := strings.Join(args[2:], " ")
+		args = append(args[:2], suffix)
+	}
+	return args
+}

common/cmd/cmd_other.go

@@ -0,0 +1,11 @@
+//go:build !windows
+
+package cmd
+
+import (
+	"os/exec"
+)
+
+func prepareBackgroundCommand(cmd *exec.Cmd) {
+
+}

common/cmd/cmd_test.go

@@ -0,0 +1,40 @@
+package cmd
+
+import (
+	"runtime"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSplitArgs(t *testing.T) {
+	args := splitArgs("ls")
+	args1 := splitArgs("ls -la")
+	args2 := splitArgs("bash -c ls")
+	args3 := splitArgs("bash -c ls -lahF | grep 'cmd'")
+
+	assert.Equal(t, 1, len(args))
+	assert.Equal(t, 2, len(args1))
+	assert.Equal(t, 3, len(args2))
+	assert.Equal(t, 3, len(args3))
+}
+
+func TestExecCmd(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		_, err := ExecCmd("dir")
+		assert.Nil(t, err)
+		return
+	}
+
+	_, err := ExecCmd("ls")
+	_, err1 := ExecCmd("ls -la")
+	_, err2 := ExecCmd("bash -c ls")
+	_, err3 := ExecCmd("bash -c ls -la")
+	_, err4 := ExecCmd("bash -c ls -la | grep 'cmd'")
+
+	assert.Nil(t, err)
+	assert.Nil(t, err1)
+	assert.Nil(t, err2)
+	assert.Nil(t, err3)
+	assert.Nil(t, err4)
+}

common/cmd/cmd_windows.go

@@ -0,0 +1,12 @@
+//go:build windows
+
+package cmd
+
+import (
+	"os/exec"
+	"syscall"
+)
+
+func prepareBackgroundCommand(cmd *exec.Cmd) {
+	cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}
+}

common/observable/iterable.go

@@ -1,3 +1,3 @@
 package observable
 
-type Iterable <-chan interface{}
+type Iterable <-chan any

common/observable/observable_test.go

@@ -9,8 +9,8 @@ import (
 	"go.uber.org/atomic"
 )
 
-func iterator(item []interface{}) chan interface{} {
-	ch := make(chan interface{})
+func iterator(item []any) chan any {
+	ch := make(chan any)
 	go func() {
 		time.Sleep(100 * time.Millisecond)
 		for _, elm := range item {
@@ -22,7 +22,7 @@ func iterator(item []interface{}) chan interface{} {
 }
 
 func TestObservable(t *testing.T) {
-	iter := iterator([]interface{}{1, 2, 3, 4, 5})
+	iter := iterator([]any{1, 2, 3, 4, 5})
 	src := NewObservable(iter)
 	data, err := src.Subscribe()
 	assert.Nil(t, err)
@@ -34,7 +34,7 @@ func TestObservable(t *testing.T) {
 }
 
 func TestObservable_MultiSubscribe(t *testing.T) {
-	iter := iterator([]interface{}{1, 2, 3, 4, 5})
+	iter := iterator([]any{1, 2, 3, 4, 5})
 	src := NewObservable(iter)
 	ch1, _ := src.Subscribe()
 	ch2, _ := src.Subscribe()
@@ -42,7 +42,7 @@ func TestObservable_MultiSubscribe(t *testing.T) {
 
 	var wg sync.WaitGroup
 	wg.Add(2)
-	waitCh := func(ch <-chan interface{}) {
+	waitCh := func(ch <-chan any) {
 		for range ch {
 			count.Inc()
 		}
@@ -55,7 +55,7 @@ func TestObservable_MultiSubscribe(t *testing.T) {
 }
 
 func TestObservable_UnSubscribe(t *testing.T) {
-	iter := iterator([]interface{}{1, 2, 3, 4, 5})
+	iter := iterator([]any{1, 2, 3, 4, 5})
 	src := NewObservable(iter)
 	data, err := src.Subscribe()
 	assert.Nil(t, err)
@@ -65,7 +65,7 @@ func TestObservable_UnSubscribe(t *testing.T) {
 }
 
 func TestObservable_SubscribeClosedSource(t *testing.T) {
-	iter := iterator([]interface{}{1})
+	iter := iterator([]any{1})
 	src := NewObservable(iter)
 	data, _ := src.Subscribe()
 	<-data
@@ -75,14 +75,14 @@ func TestObservable_SubscribeClosedSource(t *testing.T) {
 }
 
 func TestObservable_UnSubscribeWithNotExistSubscription(t *testing.T) {
-	sub := Subscription(make(chan interface{}))
-	iter := iterator([]interface{}{1})
+	sub := Subscription(make(chan any))
+	iter := iterator([]any{1})
 	src := NewObservable(iter)
 	src.UnSubscribe(sub)
 }
 
 func TestObservable_SubscribeGoroutineLeak(t *testing.T) {
-	iter := iterator([]interface{}{1, 2, 3, 4, 5})
+	iter := iterator([]any{1, 2, 3, 4, 5})
 	src := NewObservable(iter)
 	max := 100
 
@@ -94,7 +94,7 @@ func TestObservable_SubscribeGoroutineLeak(t *testing.T) {
 
 	var wg sync.WaitGroup
 	wg.Add(max)
-	waitCh := func(ch <-chan interface{}) {
+	waitCh := func(ch <-chan any) {
 		for range ch {
 		}
 		wg.Done()
@@ -115,7 +115,7 @@ func TestObservable_SubscribeGoroutineLeak(t *testing.T) {
 }
 
 func Benchmark_Observable_1000(b *testing.B) {
-	ch := make(chan interface{})
+	ch := make(chan any)
 	o := NewObservable(ch)
 	num := 1000
 

common/observable/subscriber.go

@@ -4,14 +4,14 @@ import (
 	"sync"
 )
 
-type Subscription <-chan interface{}
+type Subscription <-chan any
 
 type Subscriber struct {
-	buffer chan interface{}
+	buffer chan any
 	once   sync.Once
 }
 
-func (s *Subscriber) Emit(item interface{}) {
+func (s *Subscriber) Emit(item any) {
 	s.buffer <- item
 }
 
@@ -27,7 +27,7 @@ func (s *Subscriber) Close() {
 
 func newSubscriber() *Subscriber {
 	sub := &Subscriber{
-		buffer: make(chan interface{}, 200),
+		buffer: make(chan any, 200),
 	}
 	return sub
 }

common/picker/picker.go

@@ -17,7 +17,7 @@ type Picker struct {
 
 	once    sync.Once
 	errOnce sync.Once
-	result  interface{}
+	result  any
 	err     error
 }
 
@@ -43,7 +43,7 @@ func WithTimeout(ctx context.Context, timeout time.Duration) (*Picker, context.C
 
 // Wait blocks until all function calls from the Go method have returned,
 // then returns the first nil error result (if any) from them.
-func (p *Picker) Wait() interface{} {
+func (p *Picker) Wait() any {
 	p.wg.Wait()
 	if p.cancel != nil {
 		p.cancel()
@@ -58,7 +58,7 @@ func (p *Picker) Error() error {
 
 // Go calls the given function in a new goroutine.
 // The first call to return a nil error cancels the group; its result will be returned by Wait.
-func (p *Picker) Go(f func() (interface{}, error)) {
+func (p *Picker) Go(f func() (any, error)) {
 	p.wg.Add(1)
 
 	go func() {

common/picker/picker_test.go

@@ -8,8 +8,8 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-func sleepAndSend(ctx context.Context, delay int, input interface{}) func() (interface{}, error) {
-	return func() (interface{}, error) {
+func sleepAndSend(ctx context.Context, delay int, input any) func() (any, error) {
+	return func() (any, error) {
 		timer := time.NewTimer(time.Millisecond * time.Duration(delay))
 		select {
 		case <-timer.C:

common/pool/alloc.go

@@ -23,7 +23,7 @@ func NewAllocator() *Allocator {
 	alloc.buffers = make([]sync.Pool, 17) // 1B -> 64K
 	for k := range alloc.buffers {
 		i := k
-		alloc.buffers[k].New = func() interface{} {
+		alloc.buffers[k].New = func() any {
 			return make([]byte, 1<<uint32(i))
 		}
 	}

common/pool/buffer.go

@@ -5,7 +5,7 @@ import (
 	"sync"
 )
 
-var bufferPool = sync.Pool{New: func() interface{} { return &bytes.Buffer{} }}
+var bufferPool = sync.Pool{New: func() any { return &bytes.Buffer{} }}
 
 func GetBuffer() *bytes.Buffer {
 	return bufferPool.Get().(*bytes.Buffer)

common/queue/queue.go

@@ -6,12 +6,12 @@ import (
 
 // Queue is a simple concurrent safe queue
 type Queue struct {
-	items []interface{}
+	items []any
 	lock  sync.RWMutex
 }
 
 // Put add the item to the queue.
-func (q *Queue) Put(items ...interface{}) {
+func (q *Queue) Put(items ...any) {
 	if len(items) == 0 {
 		return
 	}
@@ -22,7 +22,7 @@ func (q *Queue) Put(items ...interface{}) {
 }
 
 // Pop returns the head of items.
-func (q *Queue) Pop() interface{} {
+func (q *Queue) Pop() any {
 	if len(q.items) == 0 {
 		return nil
 	}
@@ -35,7 +35,7 @@ func (q *Queue) Pop() interface{} {
 }
 
 // Last returns the last of item.
-func (q *Queue) Last() interface{} {
+func (q *Queue) Last() any {
 	if len(q.items) == 0 {
 		return nil
 	}
@@ -47,8 +47,8 @@ func (q *Queue) Last() interface{} {
 }
 
 // Copy get the copy of queue.
-func (q *Queue) Copy() []interface{} {
-	items := []interface{}{}
+func (q *Queue) Copy() []any {
+	items := []any{}
 	q.lock.RLock()
 	items = append(items, q.items...)
 	q.lock.RUnlock()
@@ -66,6 +66,6 @@ func (q *Queue) Len() int64 {
 // New is a constructor for a new concurrent safe queue.
 func New(hint int64) *Queue {
 	return &Queue{
-		items: make([]interface{}, 0, hint),
+		items: make([]any, 0, hint),
 	}
 }

common/singledo/singledo.go

@@ -7,7 +7,7 @@ import (
 
 type call struct {
 	wg  sync.WaitGroup
-	val interface{}
+	val any
 	err error
 }
 
@@ -20,13 +20,13 @@ type Single struct {
 }
 
 type Result struct {
-	Val interface{}
+	Val any
 	Err error
 }
 
 // Do single.Do likes sync.singleFlight
 //lint:ignore ST1008 it likes sync.singleFlight
-func (s *Single) Do(fn func() (interface{}, error)) (v interface{}, err error, shared bool) {
+func (s *Single) Do(fn func() (any, error)) (v any, err error, shared bool) {
 	s.mux.Lock()
 	now := time.Now()
 	if now.Before(s.last.Add(s.wait)) {

common/singledo/singledo_test.go

@@ -13,7 +13,7 @@ func TestBasic(t *testing.T) {
 	single := NewSingle(time.Millisecond * 30)
 	foo := 0
 	shardCount := atomic.NewInt32(0)
-	call := func() (interface{}, error) {
+	call := func() (any, error) {
 		foo++
 		time.Sleep(time.Millisecond * 5)
 		return nil, nil
@@ -40,7 +40,7 @@ func TestBasic(t *testing.T) {
 func TestTimer(t *testing.T) {
 	single := NewSingle(time.Millisecond * 30)
 	foo := 0
-	call := func() (interface{}, error) {
+	call := func() (any, error) {
 		foo++
 		return nil, nil
 	}
@@ -56,7 +56,7 @@ func TestTimer(t *testing.T) {
 func TestReset(t *testing.T) {
 	single := NewSingle(time.Millisecond * 30)
 	foo := 0
-	call := func() (interface{}, error) {
+	call := func() (any, error) {
 		foo++
 		return nil, nil
 	}

common/sockopt/reuseaddr_other.go

@@ -1,5 +1,4 @@
 //go:build !linux
-// +build !linux
 
 package sockopt
 

common/structure/structure.go

@@ -28,8 +28,8 @@ func NewDecoder(option Option) *Decoder {
 	return &Decoder{option: &option}
 }
 
-// Decode transform a map[string]interface{} to a struct
-func (d *Decoder) Decode(src map[string]interface{}, dst interface{}) error {
+// Decode transform a map[string]any to a struct
+func (d *Decoder) Decode(src map[string]any, dst any) error {
 	if reflect.TypeOf(dst).Kind() != reflect.Ptr {
 		return fmt.Errorf("Decode must recive a ptr struct")
 	}
@@ -45,12 +45,8 @@ func (d *Decoder) Decode(src map[string]interface{}, dst interface{}) error {
 		}
 
 		tag := field.Tag.Get(d.option.TagName)
-		str := strings.SplitN(tag, ",", 2)
-		key := str[0]
-		omitempty := false
-		if len(str) > 1 {
-			omitempty = str[1] == "omitempty"
-		}
+		key, omitKey, found := strings.Cut(tag, ",")
+		omitempty := found && omitKey == "omitempty"
 
 		value, ok := src[key]
 		if !ok || value == nil {
@@ -68,7 +64,7 @@ func (d *Decoder) Decode(src map[string]interface{}, dst interface{}) error {
 	return nil
 }
 
-func (d *Decoder) decode(name string, data interface{}, val reflect.Value) error {
+func (d *Decoder) decode(name string, data any, val reflect.Value) error {
 	switch val.Kind() {
 	case reflect.Int:
 		return d.decodeInt(name, data, val)
@@ -89,12 +85,14 @@ func (d *Decoder) decode(name string, data interface{}, val reflect.Value) error
 	}
 }
 
-func (d *Decoder) decodeInt(name string, data interface{}, val reflect.Value) (err error) {
+func (d *Decoder) decodeInt(name string, data any, val reflect.Value) (err error) {
 	dataVal := reflect.ValueOf(data)
 	kind := dataVal.Kind()
 	switch {
 	case kind == reflect.Int:
 		val.SetInt(dataVal.Int())
+	case kind == reflect.Float64 && d.option.WeaklyTypedInput:
+		val.SetInt(int64(dataVal.Float()))
 	case kind == reflect.String && d.option.WeaklyTypedInput:
 		var i int64
 		i, err = strconv.ParseInt(dataVal.String(), 0, val.Type().Bits())
@@ -112,7 +110,7 @@ func (d *Decoder) decodeInt(name string, data interface{}, val reflect.Value) (e
 	return err
 }
 
-func (d *Decoder) decodeString(name string, data interface{}, val reflect.Value) (err error) {
+func (d *Decoder) decodeString(name string, data any, val reflect.Value) (err error) {
 	dataVal := reflect.ValueOf(data)
 	kind := dataVal.Kind()
 	switch {
@@ -129,7 +127,7 @@ func (d *Decoder) decodeString(name string, data interface{}, val reflect.Value)
 	return err
 }
 
-func (d *Decoder) decodeBool(name string, data interface{}, val reflect.Value) (err error) {
+func (d *Decoder) decodeBool(name string, data any, val reflect.Value) (err error) {
 	dataVal := reflect.ValueOf(data)
 	kind := dataVal.Kind()
 	switch {
@@ -146,7 +144,7 @@ func (d *Decoder) decodeBool(name string, data interface{}, val reflect.Value) (
 	return err
 }
 
-func (d *Decoder) decodeSlice(name string, data interface{}, val reflect.Value) error {
+func (d *Decoder) decodeSlice(name string, data any, val reflect.Value) error {
 	dataVal := reflect.Indirect(reflect.ValueOf(data))
 	valType := val.Type()
 	valElemType := valType.Elem()
@@ -173,7 +171,7 @@ func (d *Decoder) decodeSlice(name string, data interface{}, val reflect.Value)
 	return nil
 }
 
-func (d *Decoder) decodeMap(name string, data interface{}, val reflect.Value) error {
+func (d *Decoder) decodeMap(name string, data any, val reflect.Value) error {
 	valType := val.Type()
 	valKeyType := valType.Key()
 	valElemType := valType.Elem()
@@ -245,7 +243,7 @@ func (d *Decoder) decodeMapFromMap(name string, dataVal reflect.Value, val refle
 	return nil
 }
 
-func (d *Decoder) decodeStruct(name string, data interface{}, val reflect.Value) error {
+func (d *Decoder) decodeStruct(name string, data any, val reflect.Value) error {
 	dataVal := reflect.Indirect(reflect.ValueOf(data))
 
 	// If the type of the value to write to and the data match directly,
@@ -273,7 +271,7 @@ func (d *Decoder) decodeStructFromMap(name string, dataVal, val reflect.Value) e
 	}
 
 	dataValKeys := make(map[reflect.Value]struct{})
-	dataValKeysUnused := make(map[interface{}]struct{})
+	dataValKeysUnused := make(map[any]struct{})
 	for _, dataValKey := range dataVal.MapKeys() {
 		dataValKeys[dataValKey] = struct{}{}
 		dataValKeysUnused[dataValKey.Interface()] = struct{}{}
@@ -398,7 +396,7 @@ func (d *Decoder) decodeStructFromMap(name string, dataVal, val reflect.Value) e
 	return nil
 }
 
-func (d *Decoder) setInterface(name string, data interface{}, val reflect.Value) (err error) {
+func (d *Decoder) setInterface(name string, data any, val reflect.Value) (err error) {
 	dataVal := reflect.ValueOf(data)
 	val.Set(dataVal)
 	return nil

common/structure/structure_test.go

@@ -27,7 +27,7 @@ type BazOptional struct {
 }
 
 func TestStructure_Basic(t *testing.T) {
-	rawMap := map[string]interface{}{
+	rawMap := map[string]any{
 		"foo":   1,
 		"bar":   "test",
 		"extra": false,
@@ -45,7 +45,7 @@ func TestStructure_Basic(t *testing.T) {
 }
 
 func TestStructure_Slice(t *testing.T) {
-	rawMap := map[string]interface{}{
+	rawMap := map[string]any{
 		"foo": 1,
 		"bar": []string{"one", "two"},
 	}
@@ -62,7 +62,7 @@ func TestStructure_Slice(t *testing.T) {
 }
 
 func TestStructure_Optional(t *testing.T) {
-	rawMap := map[string]interface{}{
+	rawMap := map[string]any{
 		"foo": 1,
 	}
 
@@ -77,7 +77,7 @@ func TestStructure_Optional(t *testing.T) {
 }
 
 func TestStructure_MissingKey(t *testing.T) {
-	rawMap := map[string]interface{}{
+	rawMap := map[string]any{
 		"foo": 1,
 	}
 
@@ -87,14 +87,14 @@ func TestStructure_MissingKey(t *testing.T) {
 }
 
 func TestStructure_ParamError(t *testing.T) {
-	rawMap := map[string]interface{}{}
+	rawMap := map[string]any{}
 	s := Baz{}
 	err := decoder.Decode(rawMap, s)
 	assert.NotNilf(t, err, "should throw error: %#v", s)
 }
 
 func TestStructure_SliceTypeError(t *testing.T) {
-	rawMap := map[string]interface{}{
+	rawMap := map[string]any{
 		"foo": 1,
 		"bar": []int{1, 2},
 	}
@@ -105,7 +105,7 @@ func TestStructure_SliceTypeError(t *testing.T) {
 }
 
 func TestStructure_WeakType(t *testing.T) {
-	rawMap := map[string]interface{}{
+	rawMap := map[string]any{
 		"foo": "1",
 		"bar": []int{1},
 	}
@@ -122,7 +122,7 @@ func TestStructure_WeakType(t *testing.T) {
 }
 
 func TestStructure_Nest(t *testing.T) {
-	rawMap := map[string]interface{}{
+	rawMap := map[string]any{
 		"foo": 1,
 	}
 

component/auth/auth.go

@@ -36,7 +36,7 @@ func NewAuthenticator(users []AuthUser) Authenticator {
 		au.storage.Store(user.User, user.Pass)
 	}
 	usernames := make([]string, 0, len(users))
-	au.storage.Range(func(key, value interface{}) bool {
+	au.storage.Range(func(key, value any) bool {
 		usernames = append(usernames, key.(string))
 		return true
 	})

component/dialer/bind_darwin.go

@@ -4,9 +4,9 @@ import (
 	"net"
 	"syscall"
 
-	"golang.org/x/sys/unix"
-
 	"github.com/Dreamacro/clash/component/iface"
+
+	"golang.org/x/sys/unix"
 )
 
 type controlFn = func(network, address string, c syscall.RawConn) error

component/dialer/bind_others.go

@@ -1,5 +1,4 @@
 //go:build !linux && !darwin
-// +build !linux,!darwin
 
 package dialer
 

component/dialer/dialer.go

@@ -32,14 +32,14 @@ func DialContext(ctx context.Context, network, address string, options ...Option
 		var ip net.IP
 		switch network {
 		case "tcp4", "udp4":
-			if opt.interfaceName != "" {
-				ip, err = resolver.ResolveIPv4WithMain(host)
+			if !opt.direct {
+				ip, err = resolver.ResolveIPv4ProxyServerHost(host)
 			} else {
 				ip, err = resolver.ResolveIPv4(host)
 			}
 		default:
-			if opt.interfaceName != "" {
-				ip, err = resolver.ResolveIPv6WithMain(host)
+			if !opt.direct {
+				ip, err = resolver.ResolveIPv6ProxyServerHost(host)
 			} else {
 				ip, err = resolver.ResolveIPv6(host)
 			}
@@ -121,7 +121,7 @@ func dualStackDialContext(ctx context.Context, network, address string, opt *opt
 	results := make(chan dialResult)
 	var primary, fallback dialResult
 
-	startRacer := func(ctx context.Context, network, host string, ipv6 bool) {
+	startRacer := func(ctx context.Context, network, host string, direct bool, ipv6 bool) {
 		result := dialResult{ipv6: ipv6, done: true}
 		defer func() {
 			select {
@@ -135,14 +135,14 @@ func dualStackDialContext(ctx context.Context, network, address string, opt *opt
 
 		var ip net.IP
 		if ipv6 {
-			if opt.interfaceName != "" {
-				ip, result.error = resolver.ResolveIPv6WithMain(host)
+			if !direct {
+				ip, result.error = resolver.ResolveIPv6ProxyServerHost(host)
 			} else {
 				ip, result.error = resolver.ResolveIPv6(host)
 			}
 		} else {
-			if opt.interfaceName != "" {
-				ip, result.error = resolver.ResolveIPv4WithMain(host)
+			if !direct {
+				ip, result.error = resolver.ResolveIPv4ProxyServerHost(host)
 			} else {
 				ip, result.error = resolver.ResolveIPv4(host)
 			}
@@ -155,8 +155,8 @@ func dualStackDialContext(ctx context.Context, network, address string, opt *opt
 		result.Conn, result.error = dialContext(ctx, network, ip, port, opt)
 	}
 
-	go startRacer(ctx, network+"4", host, false)
-	go startRacer(ctx, network+"6", host, true)
+	go startRacer(ctx, network+"4", host, opt.direct, false)
+	go startRacer(ctx, network+"6", host, opt.direct, true)
 
 	for res := range results {
 		if res.error == nil {

component/dialer/mark_linux.go

@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux
 
 package dialer
 

component/dialer/mark_nonlinux.go

@@ -1,5 +1,4 @@
 //go:build !linux
-// +build !linux
 
 package dialer
 

component/dialer/options.go

@@ -12,6 +12,7 @@ type option struct {
 	interfaceName string
 	addrReuse     bool
 	routingMark   int
+	direct        bool
 }
 
 type Option func(opt *option)
@@ -33,3 +34,9 @@ func WithRoutingMark(mark int) Option {
 		opt.routingMark = mark
 	}
 }
+
+func WithDirect() Option {
+	return func(opt *option) {
+		opt.direct = true
+	}
+}

component/dialer/resolver.go

@@ -0,0 +1,28 @@
+package dialer
+
+import (
+	"context"
+	"net"
+)
+
+func init() {
+	// We must use this DialContext to query DNS
+	// when using net default resolver.
+	net.DefaultResolver.PreferGo = true
+	net.DefaultResolver.Dial = resolverDialContext
+}
+
+func resolverDialContext(ctx context.Context, network, address string) (net.Conn, error) {
+	d := &net.Dialer{}
+
+	interfaceName := DefaultInterface.Load()
+
+	if interfaceName != "" {
+		dstIP := net.ParseIP(address)
+		if dstIP != nil {
+			bindIfaceToDialer(interfaceName, d, network, dstIP)
+		}
+	}
+
+	return d.DialContext(ctx, network, address)
+}

component/dialer/reuse_others.go

@@ -1,5 +1,4 @@
 //go:build !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris && !windows
-// +build !darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows
 
 package dialer
 

component/dialer/reuse_unix.go

@@ -1,5 +1,4 @@
 //go:build darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-// +build darwin dragonfly freebsd linux netbsd openbsd solaris
 
 package dialer
 

component/fakeip/cachefile.go

@@ -53,3 +53,8 @@ func (c *cachefileStore) Exist(ip net.IP) bool {
 // CloneTo implements store.CloneTo
 // already persistence
 func (c *cachefileStore) CloneTo(store store) {}
+
+// FlushFakeIP implements store.FlushFakeIP
+func (c *cachefileStore) FlushFakeIP() error {
+	return c.cache.FlushFakeIP()
+}

component/fakeip/memory.go

@@ -67,3 +67,8 @@ func (m *memoryStore) CloneTo(store store) {
 		m.cache.CloneTo(ms.cache)
 	}
 }
+
+// FlushFakeIP implements store.FlushFakeIP
+func (m *memoryStore) FlushFakeIP() error {
+	return m.cache.Clear()
+}

component/fakeip/pool.go

@@ -18,18 +18,20 @@ type store interface {
 	DelByIP(ip net.IP)
 	Exist(ip net.IP) bool
 	CloneTo(store)
+	FlushFakeIP() error
 }
 
 // Pool is a implementation about fake ip generator without storage
 type Pool struct {
-	max     uint32
-	min     uint32
-	gateway uint32
-	offset  uint32
-	mux     sync.Mutex
-	host    *trie.DomainTrie
-	ipnet   *net.IPNet
-	store   store
+	max       uint32
+	min       uint32
+	gateway   uint32
+	broadcast uint32
+	offset    uint32
+	mux       sync.Mutex
+	host      *trie.DomainTrie
+	ipnet     *net.IPNet
+	store     store
 }
 
 // Lookup return a fake ip with host
@@ -82,6 +84,11 @@ func (p *Pool) Gateway() net.IP {
 	return uintToIP(p.gateway)
 }
 
+// Broadcast return broadcast ip
+func (p *Pool) Broadcast() net.IP {
+	return uintToIP(p.broadcast)
+}
+
 // IPNet return raw ipnet
 func (p *Pool) IPNet() *net.IPNet {
 	return p.ipnet
@@ -114,6 +121,10 @@ func (p *Pool) get(host string) net.IP {
 	return ip
 }
 
+func (p *Pool) FlushFakeIP() error {
+	return p.store.FlushFakeIP()
+}
+
 func ipToUint(ip net.IP) uint32 {
 	v := uint32(ip[0]) << 24
 	v += uint32(ip[1]) << 16
@@ -141,10 +152,10 @@ type Options struct {
 
 // New return Pool instance
 func New(options Options) (*Pool, error) {
-	min := ipToUint(options.IPNet.IP) + 2
+	min := ipToUint(options.IPNet.IP) + 3
 
 	ones, bits := options.IPNet.Mask.Size()
-	total := 1<<uint(bits-ones) - 2
+	total := 1<<uint(bits-ones) - 4
 
 	if total <= 0 {
 		return nil, errors.New("ipnet don't have valid ip")
@@ -152,11 +163,12 @@ func New(options Options) (*Pool, error) {
 
 	max := min + uint32(total) - 1
 	pool := &Pool{
-		min:     min,
-		max:     max,
-		gateway: min - 1,
-		host:    options.Host,
-		ipnet:   options.IPNet,
+		min:       min,
+		max:       max,
+		gateway:   min - 2,
+		broadcast: max + 1,
+		host:      options.Host,
+		ipnet:     options.IPNet,
 	}
 	if options.Persistence {
 		pool.store = &cachefileStore{

component/fakeip/pool_test.go

@@ -49,7 +49,7 @@ func createCachefileStore(options Options) (*Pool, string, error) {
 }
 
 func TestPool_Basic(t *testing.T) {
-	_, ipnet, _ := net.ParseCIDR("192.168.0.1/29")
+	_, ipnet, _ := net.ParseCIDR("192.168.0.0/28")
 	pools, tempfile, err := createPools(Options{
 		IPNet: ipnet,
 		Size:  10,
@@ -62,21 +62,22 @@ func TestPool_Basic(t *testing.T) {
 		last := pool.Lookup("bar.com")
 		bar, exist := pool.LookBack(last)
 
-		assert.True(t, first.Equal(net.IP{192, 168, 0, 2}))
-		assert.Equal(t, pool.Lookup("foo.com"), net.IP{192, 168, 0, 2})
-		assert.True(t, last.Equal(net.IP{192, 168, 0, 3}))
+		assert.True(t, first.Equal(net.IP{192, 168, 0, 3}))
+		assert.Equal(t, pool.Lookup("foo.com"), net.IP{192, 168, 0, 3})
+		assert.True(t, last.Equal(net.IP{192, 168, 0, 4}))
 		assert.True(t, exist)
 		assert.Equal(t, bar, "bar.com")
 		assert.Equal(t, pool.Gateway(), net.IP{192, 168, 0, 1})
+		assert.Equal(t, pool.Broadcast(), net.IP{192, 168, 0, 15})
 		assert.Equal(t, pool.IPNet().String(), ipnet.String())
-		assert.True(t, pool.Exist(net.IP{192, 168, 0, 3}))
-		assert.False(t, pool.Exist(net.IP{192, 168, 0, 4}))
+		assert.True(t, pool.Exist(net.IP{192, 168, 0, 4}))
+		assert.False(t, pool.Exist(net.IP{192, 168, 0, 5}))
 		assert.False(t, pool.Exist(net.ParseIP("::1")))
 	}
 }
 
 func TestPool_CycleUsed(t *testing.T) {
-	_, ipnet, _ := net.ParseCIDR("192.168.0.1/29")
+	_, ipnet, _ := net.ParseCIDR("192.168.0.16/28")
 	pools, tempfile, err := createPools(Options{
 		IPNet: ipnet,
 		Size:  10,
@@ -87,7 +88,7 @@ func TestPool_CycleUsed(t *testing.T) {
 	for _, pool := range pools {
 		foo := pool.Lookup("foo.com")
 		bar := pool.Lookup("bar.com")
-		for i := 0; i < 3; i++ {
+		for i := 0; i < 9; i++ {
 			pool.Lookup(fmt.Sprintf("%d.com", i))
 		}
 		baz := pool.Lookup("baz.com")
@@ -98,7 +99,7 @@ func TestPool_CycleUsed(t *testing.T) {
 }
 
 func TestPool_Skip(t *testing.T) {
-	_, ipnet, _ := net.ParseCIDR("192.168.0.1/30")
+	_, ipnet, _ := net.ParseCIDR("192.168.0.1/29")
 	tree := trie.New()
 	tree.Insert("example.com", tree)
 	pools, tempfile, err := createPools(Options{
@@ -169,8 +170,8 @@ func TestPool_Clone(t *testing.T) {
 
 	first := pool.Lookup("foo.com")
 	last := pool.Lookup("bar.com")
-	assert.True(t, first.Equal(net.IP{192, 168, 0, 2}))
-	assert.True(t, last.Equal(net.IP{192, 168, 0, 3}))
+	assert.True(t, first.Equal(net.IP{192, 168, 0, 3}))
+	assert.True(t, last.Equal(net.IP{192, 168, 0, 4}))
 
 	newPool, _ := New(Options{
 		IPNet: ipnet,
@@ -192,3 +193,59 @@ func TestPool_Error(t *testing.T) {
 
 	assert.Error(t, err)
 }
+
+func TestPool_FlushFileCache(t *testing.T) {
+	_, ipnet, _ := net.ParseCIDR("192.168.0.1/28")
+	pools, tempfile, err := createPools(Options{
+		IPNet: ipnet,
+		Size:  10,
+	})
+	assert.Nil(t, err)
+	defer os.Remove(tempfile)
+
+	for _, pool := range pools {
+		foo := pool.Lookup("foo.com")
+		bar := pool.Lookup("baz.com")
+		bax := pool.Lookup("baz.com")
+		fox := pool.Lookup("foo.com")
+
+		err = pool.FlushFakeIP()
+		assert.Nil(t, err)
+
+		baz := pool.Lookup("foo.com")
+		next := pool.Lookup("baz.com")
+		nero := pool.Lookup("foo.com")
+
+		assert.Equal(t, foo, fox)
+		assert.NotEqual(t, foo, baz)
+		assert.Equal(t, bar, bax)
+		assert.NotEqual(t, bar, next)
+		assert.Equal(t, baz, nero)
+	}
+}
+
+func TestPool_FlushMemoryCache(t *testing.T) {
+	_, ipnet, _ := net.ParseCIDR("192.168.0.1/28")
+	pool, _ := New(Options{
+		IPNet: ipnet,
+		Size:  10,
+	})
+
+	foo := pool.Lookup("foo.com")
+	bar := pool.Lookup("baz.com")
+	bax := pool.Lookup("baz.com")
+	fox := pool.Lookup("foo.com")
+
+	err := pool.FlushFakeIP()
+	assert.Nil(t, err)
+
+	baz := pool.Lookup("foo.com")
+	next := pool.Lookup("baz.com")
+	nero := pool.Lookup("foo.com")
+
+	assert.Equal(t, foo, fox)
+	assert.NotEqual(t, foo, baz)
+	assert.Equal(t, bar, bax)
+	assert.NotEqual(t, bar, next)
+	assert.Equal(t, baz, nero)
+}

component/geodata/router/condition.go

@@ -1,7 +1,10 @@
 package router
 
 import (
+	"encoding/binary"
 	"fmt"
+	"net"
+	"sort"
 	"strings"
 
 	"github.com/Dreamacro/clash/component/geodata/strmatcher"
@@ -69,3 +72,279 @@ func NewDomainMatcher(domains []*Domain) (*DomainMatcher, error) {
 func (m *DomainMatcher) ApplyDomain(domain string) bool {
 	return len(m.matchers.Match(strings.ToLower(domain))) > 0
 }
+
+// CIDRList is an alias of []*CIDR to provide sort.Interface.
+type CIDRList []*CIDR
+
+// Len implements sort.Interface.
+func (l *CIDRList) Len() int {
+	return len(*l)
+}
+
+// Less implements sort.Interface.
+func (l *CIDRList) Less(i int, j int) bool {
+	ci := (*l)[i]
+	cj := (*l)[j]
+
+	if len(ci.Ip) < len(cj.Ip) {
+		return true
+	}
+
+	if len(ci.Ip) > len(cj.Ip) {
+		return false
+	}
+
+	for k := 0; k < len(ci.Ip); k++ {
+		if ci.Ip[k] < cj.Ip[k] {
+			return true
+		}
+
+		if ci.Ip[k] > cj.Ip[k] {
+			return false
+		}
+	}
+
+	return ci.Prefix < cj.Prefix
+}
+
+// Swap implements sort.Interface.
+func (l *CIDRList) Swap(i int, j int) {
+	(*l)[i], (*l)[j] = (*l)[j], (*l)[i]
+}
+
+type ipv6 struct {
+	a uint64
+	b uint64
+}
+
+type GeoIPMatcher struct {
+	countryCode  string
+	reverseMatch bool
+	ip4          []uint32
+	prefix4      []uint8
+	ip6          []ipv6
+	prefix6      []uint8
+}
+
+func normalize4(ip uint32, prefix uint8) uint32 {
+	return (ip >> (32 - prefix)) << (32 - prefix)
+}
+
+func normalize6(ip ipv6, prefix uint8) ipv6 {
+	if prefix <= 64 {
+		ip.a = (ip.a >> (64 - prefix)) << (64 - prefix)
+		ip.b = 0
+	} else {
+		ip.b = (ip.b >> (128 - prefix)) << (128 - prefix)
+	}
+	return ip
+}
+
+func (m *GeoIPMatcher) Init(cidrs []*CIDR) error {
+	ip4Count := 0
+	ip6Count := 0
+
+	for _, cidr := range cidrs {
+		ip := cidr.Ip
+		switch len(ip) {
+		case 4:
+			ip4Count++
+		case 16:
+			ip6Count++
+		default:
+			return fmt.Errorf("unexpect ip length: %d", len(ip))
+		}
+	}
+
+	cidrList := CIDRList(cidrs)
+	sort.Sort(&cidrList)
+
+	m.ip4 = make([]uint32, 0, ip4Count)
+	m.prefix4 = make([]uint8, 0, ip4Count)
+	m.ip6 = make([]ipv6, 0, ip6Count)
+	m.prefix6 = make([]uint8, 0, ip6Count)
+
+	for _, cidr := range cidrs {
+		ip := cidr.Ip
+		prefix := uint8(cidr.Prefix)
+		switch len(ip) {
+		case 4:
+			m.ip4 = append(m.ip4, normalize4(binary.BigEndian.Uint32(ip), prefix))
+			m.prefix4 = append(m.prefix4, prefix)
+		case 16:
+			ip6 := ipv6{
+				a: binary.BigEndian.Uint64(ip[0:8]),
+				b: binary.BigEndian.Uint64(ip[8:16]),
+			}
+			ip6 = normalize6(ip6, prefix)
+
+			m.ip6 = append(m.ip6, ip6)
+			m.prefix6 = append(m.prefix6, prefix)
+		}
+	}
+
+	return nil
+}
+
+func (m *GeoIPMatcher) SetReverseMatch(isReverseMatch bool) {
+	m.reverseMatch = isReverseMatch
+}
+
+func (m *GeoIPMatcher) match4(ip uint32) bool {
+	if len(m.ip4) == 0 {
+		return false
+	}
+
+	if ip < m.ip4[0] {
+		return false
+	}
+
+	size := uint32(len(m.ip4))
+	l := uint32(0)
+	r := size
+	for l < r {
+		x := ((l + r) >> 1)
+		if ip < m.ip4[x] {
+			r = x
+			continue
+		}
+
+		nip := normalize4(ip, m.prefix4[x])
+		if nip == m.ip4[x] {
+			return true
+		}
+
+		l = x + 1
+	}
+
+	return l > 0 && normalize4(ip, m.prefix4[l-1]) == m.ip4[l-1]
+}
+
+func less6(a ipv6, b ipv6) bool {
+	return a.a < b.a || (a.a == b.a && a.b < b.b)
+}
+
+func (m *GeoIPMatcher) match6(ip ipv6) bool {
+	if len(m.ip6) == 0 {
+		return false
+	}
+
+	if less6(ip, m.ip6[0]) {
+		return false
+	}
+
+	size := uint32(len(m.ip6))
+	l := uint32(0)
+	r := size
+	for l < r {
+		x := (l + r) / 2
+		if less6(ip, m.ip6[x]) {
+			r = x
+			continue
+		}
+
+		if normalize6(ip, m.prefix6[x]) == m.ip6[x] {
+			return true
+		}
+
+		l = x + 1
+	}
+
+	return l > 0 && normalize6(ip, m.prefix6[l-1]) == m.ip6[l-1]
+}
+
+// Match returns true if the given ip is included by the GeoIP.
+func (m *GeoIPMatcher) Match(ip net.IP) bool {
+	switch len(ip) {
+	case 4:
+		if m.reverseMatch {
+			return !m.match4(binary.BigEndian.Uint32(ip))
+		}
+		return m.match4(binary.BigEndian.Uint32(ip))
+	case 16:
+		if m.reverseMatch {
+			return !m.match6(ipv6{
+				a: binary.BigEndian.Uint64(ip[0:8]),
+				b: binary.BigEndian.Uint64(ip[8:16]),
+			})
+		}
+		return m.match6(ipv6{
+			a: binary.BigEndian.Uint64(ip[0:8]),
+			b: binary.BigEndian.Uint64(ip[8:16]),
+		})
+	default:
+		return false
+	}
+}
+
+// GeoIPMatcherContainer is a container for GeoIPMatchers. It keeps unique copies of GeoIPMatcher by country code.
+type GeoIPMatcherContainer struct {
+	matchers []*GeoIPMatcher
+}
+
+// Add adds a new GeoIP set into the container.
+// If the country code of GeoIP is not empty, GeoIPMatcherContainer will try to find an existing one, instead of adding a new one.
+func (c *GeoIPMatcherContainer) Add(geoip *GeoIP) (*GeoIPMatcher, error) {
+	if len(geoip.CountryCode) > 0 {
+		for _, m := range c.matchers {
+			if m.countryCode == geoip.CountryCode && m.reverseMatch == geoip.ReverseMatch {
+				return m, nil
+			}
+		}
+	}
+
+	m := &GeoIPMatcher{
+		countryCode:  geoip.CountryCode,
+		reverseMatch: geoip.ReverseMatch,
+	}
+	if err := m.Init(geoip.Cidr); err != nil {
+		return nil, err
+	}
+	if len(geoip.CountryCode) > 0 {
+		c.matchers = append(c.matchers, m)
+	}
+	return m, nil
+}
+
+var globalGeoIPContainer GeoIPMatcherContainer
+
+type MultiGeoIPMatcher struct {
+	matchers []*GeoIPMatcher
+}
+
+func NewGeoIPMatcher(geoip *GeoIP) (*GeoIPMatcher, error) {
+	matcher, err := globalGeoIPContainer.Add(geoip)
+	if err != nil {
+		return nil, err
+	}
+
+	return matcher, nil
+}
+
+func (m *MultiGeoIPMatcher) ApplyIp(ip net.IP) bool {
+
+	for _, matcher := range m.matchers {
+		if matcher.Match(ip) {
+			return true
+		}
+	}
+
+	return false
+}
+
+func NewMultiGeoIPMatcher(geoips []*GeoIP) (*MultiGeoIPMatcher, error) {
+	var matchers []*GeoIPMatcher
+	for _, geoip := range geoips {
+		matcher, err := globalGeoIPContainer.Add(geoip)
+		if err != nil {
+			return nil, err
+		}
+		matchers = append(matchers, matcher)
+	}
+
+	matcher := &MultiGeoIPMatcher{
+		matchers: matchers,
+	}
+
+	return matcher, nil
+}

component/geodata/router/config.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.17.3
+// 	protoc-gen-go v1.28.0
+// 	protoc        v3.19.1
 // source: component/geodata/router/config.proto
 
 package router

component/geodata/standard/standard.go

@@ -9,6 +9,7 @@ import (
 	"github.com/Dreamacro/clash/component/geodata"
 	"github.com/Dreamacro/clash/component/geodata/router"
 	C "github.com/Dreamacro/clash/constant"
+
 	"google.golang.org/protobuf/proto"
 )
 

component/geodata/utils.go

@@ -2,6 +2,8 @@ package geodata
 
 import (
 	"github.com/Dreamacro/clash/component/geodata/router"
+	C "github.com/Dreamacro/clash/constant"
+	"strings"
 )
 
 var geoLoaderName = "memconservative"
@@ -16,6 +18,19 @@ func SetLoader(newLoader string) {
 	geoLoaderName = newLoader
 }
 
+func Verify(name string) bool {
+	switch name {
+	case C.GeositeName:
+		_, _, err := LoadGeoSiteMatcher("CN")
+		return err == nil
+	case C.GeoipName:
+		_, _, err := LoadGeoIPMatcher("CN")
+		return err == nil
+	default:
+		return false
+	}
+}
+
 func LoadGeoSiteMatcher(countryCode string) (*router.DomainMatcher, int, error) {
 	geoLoader, err := GetGeoDataLoader(geoLoaderName)
 	if err != nil {
@@ -39,3 +54,28 @@ func LoadGeoSiteMatcher(countryCode string) (*router.DomainMatcher, int, error)
 
 	return matcher, len(domains), nil
 }
+
+func LoadGeoIPMatcher(country string) (*router.GeoIPMatcher, int, error) {
+	geoLoader, err := GetGeoDataLoader(geoLoaderName)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	records, err := geoLoader.LoadGeoIP(strings.ReplaceAll(country, "!", ""))
+	if err != nil {
+		return nil, 0, err
+	}
+
+	geoIP := &router.GeoIP{
+		CountryCode:  country,
+		Cidr:         records,
+		ReverseMatch: strings.Contains(country, "!"),
+	}
+
+	matcher, err := router.NewGeoIPMatcher(geoIP)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	return matcher, len(records), nil
+}

component/iface/iface.go

@@ -23,7 +23,7 @@ var (
 var interfaces = singledo.NewSingle(time.Second * 20)
 
 func ResolveInterface(name string) (*Interface, error) {
-	value, err, _ := interfaces.Do(func() (interface{}, error) {
+	value, err, _ := interfaces.Do(func() (any, error) {
 		ifaces, err := net.Interfaces()
 		if err != nil {
 			return nil, err

component/mmdb/mmdb.go

@@ -1,12 +1,11 @@
 package mmdb
 
 import (
+	"github.com/oschwald/geoip2-golang"
 	"sync"
 
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/log"
-
-	"github.com/oschwald/geoip2-golang"
 )
 
 var (

component/pool/pool.go

@@ -6,17 +6,17 @@ import (
 	"time"
 )
 
-type Factory = func(context.Context) (interface{}, error)
+type Factory = func(context.Context) (any, error)
 
 type entry struct {
-	elm  interface{}
+	elm  any
 	time time.Time
 }
 
 type Option func(*pool)
 
 // WithEvict set the evict callback
-func WithEvict(cb func(interface{})) Option {
+func WithEvict(cb func(any)) Option {
 	return func(p *pool) {
 		p.evict = cb
 	}
@@ -32,7 +32,7 @@ func WithAge(maxAge int64) Option {
 // WithSize defined max size of Pool
 func WithSize(maxSize int) Option {
 	return func(p *pool) {
-		p.ch = make(chan interface{}, maxSize)
+		p.ch = make(chan any, maxSize)
 	}
 }
 
@@ -42,13 +42,13 @@ type Pool struct {
 }
 
 type pool struct {
-	ch      chan interface{}
+	ch      chan any
 	factory Factory
-	evict   func(interface{})
+	evict   func(any)
 	maxAge  int64
 }
 
-func (p *pool) GetContext(ctx context.Context) (interface{}, error) {
+func (p *pool) GetContext(ctx context.Context) (any, error) {
 	now := time.Now()
 	for {
 		select {
@@ -68,11 +68,11 @@ func (p *pool) GetContext(ctx context.Context) (interface{}, error) {
 	}
 }
 
-func (p *pool) Get() (interface{}, error) {
+func (p *pool) Get() (any, error) {
 	return p.GetContext(context.Background())
 }
 
-func (p *pool) Put(item interface{}) {
+func (p *pool) Put(item any) {
 	e := &entry{
 		elm:  item,
 		time: time.Now(),
@@ -100,7 +100,7 @@ func recycle(p *Pool) {
 
 func New(factory Factory, options ...Option) *Pool {
 	p := &pool{
-		ch:      make(chan interface{}, 10),
+		ch:      make(chan any, 10),
 		factory: factory,
 	}
 

component/pool/pool_test.go

@@ -10,7 +10,7 @@ import (
 
 func lg() Factory {
 	initial := -1
-	return func(context.Context) (interface{}, error) {
+	return func(context.Context) (any, error) {
 		initial++
 		return initial, nil
 	}
@@ -34,7 +34,7 @@ func TestPool_MaxSize(t *testing.T) {
 	size := 5
 	pool := New(g, WithSize(size))
 
-	items := []interface{}{}
+	var items []any
 
 	for i := 0; i < size; i++ {
 		item, _ := pool.Get()

component/process/process.go

@@ -3,6 +3,8 @@ package process
 import (
 	"errors"
 	"net"
+
+	C "github.com/Dreamacro/clash/constant"
 )
 
 var (
@@ -19,3 +21,49 @@ const (
 func FindProcessName(network string, srcIP net.IP, srcPort int) (string, error) {
 	return findProcessName(network, srcIP, srcPort)
 }
+
+func ShouldFindProcess(metadata *C.Metadata) bool {
+	if metadata.Process != "" {
+		return false
+	}
+	for _, ip := range localIPs {
+		if ip.Equal(metadata.SrcIP) {
+			return true
+		}
+	}
+	return false
+}
+
+func AppendLocalIPs(ip ...net.IP) {
+	localIPs = append(ip, localIPs...)
+}
+
+func getLocalIPs() []net.IP {
+	ips := []net.IP{net.IPv4zero, net.IPv6zero}
+
+	netInterfaces, err := net.Interfaces()
+	if err != nil {
+		ips = append(ips, net.IPv4(127, 0, 0, 1), net.IPv6loopback)
+		return ips
+	}
+
+	for i := 0; i < len(netInterfaces); i++ {
+		if (netInterfaces[i].Flags & net.FlagUp) != 0 {
+			adds, _ := netInterfaces[i].Addrs()
+
+			for _, address := range adds {
+				if ipNet, ok := address.(*net.IPNet); ok {
+					ips = append(ips, ipNet.IP)
+				}
+			}
+		}
+	}
+
+	return ips
+}
+
+var localIPs []net.IP
+
+func init() {
+	localIPs = getLocalIPs()
+}

component/process/process_android.go

@@ -0,0 +1,230 @@
+package process
+
+import (
+	"bytes"
+	"encoding/binary"
+	"fmt"
+	"net"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+	"syscall"
+	"unicode"
+	"unsafe"
+
+	"github.com/Dreamacro/clash/common/pool"
+)
+
+// from https://github.com/vishvananda/netlink/blob/bca67dfc8220b44ef582c9da4e9172bf1c9ec973/nl/nl_linux.go#L52-L62
+var nativeEndian = func() binary.ByteOrder {
+	var x uint32 = 0x01020304
+	if *(*byte)(unsafe.Pointer(&x)) == 0x01 {
+		return binary.BigEndian
+	}
+
+	return binary.LittleEndian
+}()
+
+const (
+	sizeOfSocketDiagRequest = syscall.SizeofNlMsghdr + 8 + 48
+	socketDiagByFamily      = 20
+	pathProc                = "/proc"
+)
+
+func findProcessName(network string, ip net.IP, srcPort int) (string, error) {
+	inode, uid, err := resolveSocketByNetlink(network, ip, srcPort)
+	if err != nil {
+		return "", err
+	}
+
+	return resolveProcessNameByProcSearch(inode, uid)
+}
+
+func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int32, int32, error) {
+	var family byte
+	var protocol byte
+
+	switch network {
+	case TCP:
+		protocol = syscall.IPPROTO_TCP
+	case UDP:
+		protocol = syscall.IPPROTO_UDP
+	default:
+		return 0, 0, ErrInvalidNetwork
+	}
+
+	if ip.To4() != nil {
+		family = syscall.AF_INET
+	} else {
+		family = syscall.AF_INET6
+	}
+
+	req := packSocketDiagRequest(family, protocol, ip, uint16(srcPort))
+
+	socket, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_DGRAM, syscall.NETLINK_INET_DIAG)
+	if err != nil {
+		return 0, 0, fmt.Errorf("dial netlink: %w", err)
+	}
+	defer syscall.Close(socket)
+
+	syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_SNDTIMEO, &syscall.Timeval{Usec: 100})
+	syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_RCVTIMEO, &syscall.Timeval{Usec: 100})
+
+	if err := syscall.Connect(socket, &syscall.SockaddrNetlink{
+		Family: syscall.AF_NETLINK,
+		Pad:    0,
+		Pid:    0,
+		Groups: 0,
+	}); err != nil {
+		return 0, 0, err
+	}
+
+	if _, err := syscall.Write(socket, req); err != nil {
+		return 0, 0, fmt.Errorf("write request: %w", err)
+	}
+
+	rb := pool.Get(pool.RelayBufferSize)
+	defer pool.Put(rb)
+
+	n, err := syscall.Read(socket, rb)
+	if err != nil {
+		return 0, 0, fmt.Errorf("read response: %w", err)
+	}
+
+	messages, err := syscall.ParseNetlinkMessage(rb[:n])
+	if err != nil {
+		return 0, 0, fmt.Errorf("parse netlink message: %w", err)
+	} else if len(messages) == 0 {
+		return 0, 0, fmt.Errorf("unexcepted netlink response")
+	}
+
+	message := messages[0]
+	if message.Header.Type&syscall.NLMSG_ERROR != 0 {
+		return 0, 0, fmt.Errorf("netlink message: NLMSG_ERROR")
+	}
+
+	uid, inode := unpackSocketDiagResponse(&messages[0])
+	if uid < 0 || inode < 0 {
+		return 0, 0, fmt.Errorf("invalid uid(%d) or inode(%d)", uid, inode)
+	}
+
+	return uid, inode, nil
+}
+
+func packSocketDiagRequest(family, protocol byte, source net.IP, sourcePort uint16) []byte {
+	s := make([]byte, 16)
+
+	if v4 := source.To4(); v4 != nil {
+		copy(s, v4)
+	} else {
+		copy(s, source)
+	}
+
+	buf := make([]byte, sizeOfSocketDiagRequest)
+
+	nativeEndian.PutUint32(buf[0:4], sizeOfSocketDiagRequest)
+	nativeEndian.PutUint16(buf[4:6], socketDiagByFamily)
+	nativeEndian.PutUint16(buf[6:8], syscall.NLM_F_REQUEST|syscall.NLM_F_DUMP)
+	nativeEndian.PutUint32(buf[8:12], 0)
+	nativeEndian.PutUint32(buf[12:16], 0)
+
+	buf[16] = family
+	buf[17] = protocol
+	buf[18] = 0
+	buf[19] = 0
+	nativeEndian.PutUint32(buf[20:24], 0xFFFFFFFF)
+
+	binary.BigEndian.PutUint16(buf[24:26], sourcePort)
+	binary.BigEndian.PutUint16(buf[26:28], 0)
+
+	copy(buf[28:44], s)
+	copy(buf[44:60], net.IPv6zero)
+
+	nativeEndian.PutUint32(buf[60:64], 0)
+	nativeEndian.PutUint64(buf[64:72], 0xFFFFFFFFFFFFFFFF)
+
+	return buf
+}
+
+func unpackSocketDiagResponse(msg *syscall.NetlinkMessage) (inode, uid int32) {
+	if len(msg.Data) < 72 {
+		return 0, 0
+	}
+
+	data := msg.Data
+
+	uid = int32(nativeEndian.Uint32(data[64:68]))
+	inode = int32(nativeEndian.Uint32(data[68:72]))
+
+	return
+}
+
+func resolveProcessNameByProcSearch(inode, uid int32) (string, error) {
+	files, err := os.ReadDir(pathProc)
+	if err != nil {
+		return "", err
+	}
+
+	buffer := make([]byte, syscall.PathMax)
+	socket := []byte(fmt.Sprintf("socket:[%d]", inode))
+
+	for _, f := range files {
+		if !f.IsDir() || !isPid(f.Name()) {
+			continue
+		}
+
+		info, err := f.Info()
+		if err != nil {
+			return "", err
+		}
+		if info.Sys().(*syscall.Stat_t).Uid != uint32(uid) {
+			continue
+		}
+
+		processPath := path.Join(pathProc, f.Name())
+		fdPath := path.Join(processPath, "fd")
+
+		fds, err := os.ReadDir(fdPath)
+		if err != nil {
+			continue
+		}
+
+		for _, fd := range fds {
+			n, err := syscall.Readlink(path.Join(fdPath, fd.Name()), buffer)
+			if err != nil {
+				continue
+			}
+
+			if bytes.Equal(buffer[:n], socket) {
+				cmdline, err := os.ReadFile(path.Join(processPath, "cmdline"))
+				if err != nil {
+					return "", err
+				}
+
+				return splitCmdline(cmdline), nil
+			}
+		}
+	}
+
+	return "", fmt.Errorf("process of uid(%d),inode(%d) not found", uid, inode)
+}
+
+func splitCmdline(cmdline []byte) string {
+	cmdline = bytes.Trim(cmdline, " ")
+
+	idx := bytes.IndexFunc(cmdline, func(r rune) bool {
+		return unicode.IsControl(r) || unicode.IsSpace(r)
+	})
+
+	if idx == -1 {
+		return filepath.Base(string(cmdline))
+	}
+	return filepath.Base(string(cmdline[:idx]))
+}
+
+func isPid(s string) bool {
+	return strings.IndexFunc(s, func(r rune) bool {
+		return !unicode.IsDigit(r)
+	}) == -1
+}

component/process/process_darwin.go

@@ -3,7 +3,6 @@ package process
 import (
 	"encoding/binary"
 	"net"
-	"path/filepath"
 	"syscall"
 	"unsafe"
 
@@ -70,7 +69,7 @@ func findProcessName(network string, ip net.IP, port int) (string, error) {
 			continue
 		}
 
-		if !ip.Equal(srcIP) {
+		if !ip.Equal(srcIP) && (network == TCP || !srcIP.IsUnspecified()) {
 			continue
 		}
 
@@ -96,7 +95,7 @@ func getExecPathFromPID(pid uint32) (string, error) {
 		return "", errno
 	}
 
-	return filepath.Base(unix.ByteSliceToString(buf)), nil
+	return unix.ByteSliceToString(buf), nil
 }
 
 func readNativeUint32(b []byte) uint32 {

component/process/process_freebsd_amd64.go

@@ -4,7 +4,6 @@ import (
 	"encoding/binary"
 	"fmt"
 	"net"
-	"path/filepath"
 	"strconv"
 	"strings"
 	"sync"
@@ -77,7 +76,7 @@ func getExecPathFromPID(pid uint32) (string, error) {
 		return "", errno
 	}
 
-	return filepath.Base(string(buf[:size-1])), nil
+	return string(buf[:size-1]), nil
 }
 
 func readNativeUint32(b []byte) uint32 {

component/process/process_linux.go

@@ -1,15 +1,17 @@
+//go:build !android
+
 package process
 
 import (
 	"bytes"
 	"encoding/binary"
 	"fmt"
-	"io"
 	"net"
 	"os"
 	"path"
-	"path/filepath"
+	"strings"
 	"syscall"
+	"unicode"
 	"unsafe"
 
 	"github.com/Dreamacro/clash/common/pool"
@@ -25,17 +27,6 @@ var nativeEndian = func() binary.ByteOrder {
 	return binary.LittleEndian
 }()
 
-type (
-	SocketResolver      func(network string, ip net.IP, srcPort int) (inode, uid int, err error)
-	ProcessNameResolver func(inode, uid int) (name string, err error)
-)
-
-// export for android
-var (
-	DefaultSocketResolver      SocketResolver      = resolveSocketByNetlink
-	DefaultProcessNameResolver ProcessNameResolver = resolveProcessNameByProcSearch
-)
-
 const (
 	sizeOfSocketDiagRequest = syscall.SizeofNlMsghdr + 8 + 48
 	socketDiagByFamily      = 20
@@ -43,15 +34,15 @@ const (
 )
 
 func findProcessName(network string, ip net.IP, srcPort int) (string, error) {
-	inode, uid, err := DefaultSocketResolver(network, ip, srcPort)
+	inode, uid, err := resolveSocketByNetlink(network, ip, srcPort)
 	if err != nil {
 		return "", err
 	}
 
-	return DefaultProcessNameResolver(inode, uid)
+	return resolveProcessNameByProcSearch(inode, uid)
 }
 
-func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int, int, error) {
+func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int32, int32, error) {
 	var family byte
 	var protocol byte
 
@@ -74,13 +65,12 @@ func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int, int, e
 
 	socket, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_DGRAM, syscall.NETLINK_INET_DIAG)
 	if err != nil {
-		return 0, 0, err
+		return 0, 0, fmt.Errorf("dial netlink: %w", err)
 	}
 	defer syscall.Close(socket)
 
-	syscall.SetNonblock(socket, true)
-	syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_SNDTIMEO, &syscall.Timeval{Usec: 50})
-	syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_RCVTIMEO, &syscall.Timeval{Usec: 50})
+	syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_SNDTIMEO, &syscall.Timeval{Usec: 100})
+	syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_RCVTIMEO, &syscall.Timeval{Usec: 100})
 
 	if err := syscall.Connect(socket, &syscall.SockaddrNetlink{
 		Family: syscall.AF_NETLINK,
@@ -92,7 +82,7 @@ func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int, int, e
 	}
 
 	if _, err := syscall.Write(socket, req); err != nil {
-		return 0, 0, err
+		return 0, 0, fmt.Errorf("write request: %w", err)
 	}
 
 	rb := pool.Get(pool.RelayBufferSize)
@@ -100,24 +90,27 @@ func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int, int, e
 
 	n, err := syscall.Read(socket, rb)
 	if err != nil {
-		return 0, 0, err
+		return 0, 0, fmt.Errorf("read response: %w", err)
 	}
 
 	messages, err := syscall.ParseNetlinkMessage(rb[:n])
 	if err != nil {
-		return 0, 0, err
+		return 0, 0, fmt.Errorf("parse netlink message: %w", err)
 	} else if len(messages) == 0 {
-		return 0, 0, io.ErrUnexpectedEOF
+		return 0, 0, fmt.Errorf("unexcepted netlink response")
 	}
 
 	message := messages[0]
 	if message.Header.Type&syscall.NLMSG_ERROR != 0 {
-		return 0, 0, syscall.ESRCH
+		return 0, 0, fmt.Errorf("netlink message: NLMSG_ERROR")
 	}
 
-	uid, inode := unpackSocketDiagResponse(&messages[0])
+	inode, uid := unpackSocketDiagResponse(&messages[0])
+	if inode < 0 || uid < 0 {
+		return 0, 0, fmt.Errorf("invalid inode(%d) or uid(%d)", inode, uid)
+	}
 
-	return int(uid), int(inode), nil
+	return inode, uid, nil
 }
 
 func packSocketDiagRequest(family, protocol byte, source net.IP, sourcePort uint16) []byte {
@@ -155,20 +148,20 @@ func packSocketDiagRequest(family, protocol byte, source net.IP, sourcePort uint
 	return buf
 }
 
-func unpackSocketDiagResponse(msg *syscall.NetlinkMessage) (inode, uid uint32) {
+func unpackSocketDiagResponse(msg *syscall.NetlinkMessage) (inode, uid int32) {
 	if len(msg.Data) < 72 {
 		return 0, 0
 	}
 
 	data := msg.Data
 
-	uid = nativeEndian.Uint32(data[64:68])
-	inode = nativeEndian.Uint32(data[68:72])
+	uid = int32(nativeEndian.Uint32(data[64:68]))
+	inode = int32(nativeEndian.Uint32(data[68:72]))
 
 	return
 }
 
-func resolveProcessNameByProcSearch(inode, uid int) (string, error) {
+func resolveProcessNameByProcSearch(inode, uid int32) (string, error) {
 	files, err := os.ReadDir(pathProc)
 	if err != nil {
 		return "", err
@@ -205,38 +198,16 @@ func resolveProcessNameByProcSearch(inode, uid int) (string, error) {
 			}
 
 			if bytes.Equal(buffer[:n], socket) {
-				cmdline, err := os.ReadFile(path.Join(processPath, "cmdline"))
-				if err != nil {
-					return "", err
-				}
-
-				return splitCmdline(cmdline), nil
+				return os.Readlink(path.Join(processPath, "exe"))
 			}
 		}
 	}
 
-	return "", syscall.ESRCH
-}
-
-func splitCmdline(cmdline []byte) string {
-	indexOfEndOfString := len(cmdline)
-
-	for i, c := range cmdline {
-		if c == 0 {
-			indexOfEndOfString = i
-			break
-		}
-	}
-
-	return filepath.Base(string(cmdline[:indexOfEndOfString]))
+	return "", fmt.Errorf("process of uid(%d),inode(%d) not found", uid, inode)
 }
 
 func isPid(s string) bool {
-	for _, s := range s {
-		if s < '0' || s > '9' {
-			return false
-		}
-	}
-
-	return true
+	return strings.IndexFunc(s, func(r rune) bool {
+		return !unicode.IsDigit(r)
+	}) == -1
 }

component/process/process_other.go

@@ -1,8 +1,4 @@
 //go:build !darwin && !linux && !windows && (!freebsd || !amd64)
-// +build !darwin
-// +build !linux
-// +build !windows
-// +build !freebsd !amd64
 
 package process
 

component/process/process_windows.go

@@ -3,7 +3,6 @@ package process
 import (
 	"fmt"
 	"net"
-	"path/filepath"
 	"sync"
 	"syscall"
 	"unsafe"
@@ -175,7 +174,7 @@ func newSearcher(isV4, isTCP bool) *searcher {
 func getTransportTable(fn uintptr, family int, class int) ([]byte, error) {
 	for size, buf := uint32(8), make([]byte, 8); ; {
 		ptr := unsafe.Pointer(&buf[0])
-		err, _, _ := syscall.Syscall6(fn, 6, uintptr(ptr), uintptr(unsafe.Pointer(&size)), 0, uintptr(family), uintptr(class), 0)
+		err, _, _ := syscall.SyscallN(fn, uintptr(ptr), uintptr(unsafe.Pointer(&size)), 0, uintptr(family), uintptr(class), 0)
 
 		switch err {
 		case 0:
@@ -210,8 +209,8 @@ func getExecPathFromPID(pid uint32) (string, error) {
 
 	buf := make([]uint16, syscall.MAX_LONG_PATH)
 	size := uint32(len(buf))
-	r1, _, err := syscall.Syscall6(
-		queryProcName, 4,
+	r1, _, err := syscall.SyscallN(
+		queryProcName,
 		uintptr(h),
 		uintptr(1),
 		uintptr(unsafe.Pointer(&buf[0])),
@@ -220,5 +219,5 @@ func getExecPathFromPID(pid uint32) (string, error) {
 	if r1 == 0 {
 		return "", err
 	}
-	return filepath.Base(syscall.UTF16ToString(buf[:size])), nil
+	return syscall.UTF16ToString(buf[:size]), nil
 }

component/profile/cachefile/cache.go

@@ -132,6 +132,17 @@ func (c *CacheFile) GetFakeip(key []byte) []byte {
 	return bucket.Get(key)
 }
 
+func (c *CacheFile) FlushFakeIP() error {
+	err := c.DB.Batch(func(t *bbolt.Tx) error {
+		bucket := t.Bucket(bucketFakeip)
+		if bucket == nil {
+			return nil
+		}
+		return t.DeleteBucket(bucketFakeip)
+	})
+	return err
+}
+
 func (c *CacheFile) Close() error {
 	return c.DB.Close()
 }

component/resolver/enhancer.go

@@ -10,8 +10,10 @@ type Enhancer interface {
 	FakeIPEnabled() bool
 	MappingEnabled() bool
 	IsFakeIP(net.IP) bool
+	IsFakeBroadcastIP(net.IP) bool
 	IsExistFakeIP(net.IP) bool
 	FindHostByIP(net.IP) (string, bool)
+	FlushFakeIP() error
 }
 
 func FakeIPEnabled() bool {
@@ -38,6 +40,14 @@ func IsFakeIP(ip net.IP) bool {
 	return false
 }
 
+func IsFakeBroadcastIP(ip net.IP) bool {
+	if mapper := DefaultHostMapper; mapper != nil {
+		return mapper.IsFakeBroadcastIP(ip)
+	}
+
+	return false
+}
+
 func IsExistFakeIP(ip net.IP) bool {
 	if mapper := DefaultHostMapper; mapper != nil {
 		return mapper.IsExistFakeIP(ip)
@@ -53,3 +63,10 @@ func FindHostByIP(ip net.IP) (string, bool) {
 
 	return "", false
 }
+
+func FlushFakeIP() error {
+	if mapper := DefaultHostMapper; mapper != nil {
+		return mapper.FlushFakeIP()
+	}
+	return nil
+}

component/resolver/resolver.go

@@ -15,8 +15,8 @@ var (
 	// DefaultResolver aim to resolve ip
 	DefaultResolver Resolver
 
-	// MainResolver resolve ip with main domain server
-	MainResolver Resolver
+	// ProxyServerHostResolver resolve ip to proxies server host
+	ProxyServerHostResolver Resolver
 
 	// DisableIPv6 means don't resolve ipv6 host
 	// default value is true
@@ -46,10 +46,6 @@ func ResolveIPv4(host string) (net.IP, error) {
 	return ResolveIPv4WithResolver(host, DefaultResolver)
 }
 
-func ResolveIPv4WithMain(host string) (net.IP, error) {
-	return ResolveIPv4WithResolver(host, MainResolver)
-}
-
 func ResolveIPv4WithResolver(host string, r Resolver) (net.IP, error) {
 	if node := DefaultHosts.Search(host); node != nil {
 		if ip := node.Data.(net.IP).To4(); ip != nil {
@@ -69,16 +65,20 @@ func ResolveIPv4WithResolver(host string, r Resolver) (net.IP, error) {
 		return r.ResolveIPv4(host)
 	}
 
-	ctx, cancel := context.WithTimeout(context.Background(), DefaultDNSTimeout)
-	defer cancel()
-	ipAddrs, err := net.DefaultResolver.LookupIP(ctx, "ip4", host)
-	if err != nil {
-		return nil, err
-	} else if len(ipAddrs) == 0 {
-		return nil, ErrIPNotFound
+	if DefaultResolver == nil {
+		ctx, cancel := context.WithTimeout(context.Background(), DefaultDNSTimeout)
+		defer cancel()
+		ipAddrs, err := net.DefaultResolver.LookupIP(ctx, "ip4", host)
+		if err != nil {
+			return nil, err
+		} else if len(ipAddrs) == 0 {
+			return nil, ErrIPNotFound
+		}
+
+		return ipAddrs[rand.Intn(len(ipAddrs))], nil
 	}
 
-	return ipAddrs[rand.Intn(len(ipAddrs))], nil
+	return nil, ErrIPNotFound
 }
 
 // ResolveIPv6 with a host, return ipv6
@@ -86,10 +86,6 @@ func ResolveIPv6(host string) (net.IP, error) {
 	return ResolveIPv6WithResolver(host, DefaultResolver)
 }
 
-func ResolveIPv6WithMain(host string) (net.IP, error) {
-	return ResolveIPv6WithResolver(host, MainResolver)
-}
-
 func ResolveIPv6WithResolver(host string, r Resolver) (net.IP, error) {
 	if DisableIPv6 {
 		return nil, ErrIPv6Disabled
@@ -113,16 +109,20 @@ func ResolveIPv6WithResolver(host string, r Resolver) (net.IP, error) {
 		return r.ResolveIPv6(host)
 	}
 
-	ctx, cancel := context.WithTimeout(context.Background(), DefaultDNSTimeout)
-	defer cancel()
-	ipAddrs, err := net.DefaultResolver.LookupIP(ctx, "ip6", host)
-	if err != nil {
-		return nil, err
-	} else if len(ipAddrs) == 0 {
-		return nil, ErrIPNotFound
+	if DefaultResolver == nil {
+		ctx, cancel := context.WithTimeout(context.Background(), DefaultDNSTimeout)
+		defer cancel()
+		ipAddrs, err := net.DefaultResolver.LookupIP(ctx, "ip6", host)
+		if err != nil {
+			return nil, err
+		} else if len(ipAddrs) == 0 {
+			return nil, ErrIPNotFound
+		}
+
+		return ipAddrs[rand.Intn(len(ipAddrs))], nil
 	}
 
-	return ipAddrs[rand.Intn(len(ipAddrs))], nil
+	return nil, ErrIPNotFound
 }
 
 // ResolveIPWithResolver same as ResolveIP, but with a resolver
@@ -145,12 +145,16 @@ func ResolveIPWithResolver(host string, r Resolver) (net.IP, error) {
 		return ip, nil
 	}
 
-	ipAddr, err := net.ResolveIPAddr("ip", host)
-	if err != nil {
-		return nil, err
+	if DefaultResolver == nil {
+		ipAddr, err := net.ResolveIPAddr("ip", host)
+		if err != nil {
+			return nil, err
+		}
+
+		return ipAddr.IP, nil
 	}
 
-	return ipAddr.IP, nil
+	return nil, ErrIPNotFound
 }
 
 // ResolveIP with a host, return ip
@@ -158,7 +162,26 @@ func ResolveIP(host string) (net.IP, error) {
 	return ResolveIPWithResolver(host, DefaultResolver)
 }
 
-// ResolveIPWithMainResolver with a host, use main resolver, return ip
-func ResolveIPWithMainResolver(host string) (net.IP, error) {
-	return ResolveIPWithResolver(host, MainResolver)
+// ResolveIPv4ProxyServerHost proxies server host only
+func ResolveIPv4ProxyServerHost(host string) (net.IP, error) {
+	if ProxyServerHostResolver != nil {
+		return ResolveIPv4WithResolver(host, ProxyServerHostResolver)
+	}
+	return ResolveIPv4(host)
+}
+
+// ResolveIPv6ProxyServerHost proxies server host only
+func ResolveIPv6ProxyServerHost(host string) (net.IP, error) {
+	if ProxyServerHostResolver != nil {
+		return ResolveIPv6WithResolver(host, ProxyServerHostResolver)
+	}
+	return ResolveIPv6(host)
+}
+
+// ResolveProxyServerHost proxies server host only
+func ResolveProxyServerHost(host string) (net.IP, error) {
+	if ProxyServerHostResolver != nil {
+		return ResolveIPWithResolver(host, ProxyServerHostResolver)
+	}
+	return ResolveIP(host)
 }

component/trie/domain.go

@@ -51,7 +51,7 @@ func ValidAndSplitDomain(domain string) ([]string, bool) {
 // 3. subdomain.*.example.com
 // 4. .example.com
 // 5. +.example.com
-func (t *DomainTrie) Insert(domain string, data interface{}) error {
+func (t *DomainTrie) Insert(domain string, data any) error {
 	parts, valid := ValidAndSplitDomain(domain)
 	if !valid {
 		return ErrInvalidDomain
@@ -68,7 +68,7 @@ func (t *DomainTrie) Insert(domain string, data interface{}) error {
 	return nil
 }
 
-func (t *DomainTrie) insert(parts []string, data interface{}) {
+func (t *DomainTrie) insert(parts []string, data any) {
 	node := t.root
 	// reverse storage domain part to save space
 	for i := len(parts) - 1; i >= 0; i-- {

component/trie/node.go

@@ -3,7 +3,7 @@ package trie
 // Node is the trie's node
 type Node struct {
 	children map[string]*Node
-	Data     interface{}
+	Data     any
 }
 
 func (n *Node) getChild(s string) *Node {
@@ -18,7 +18,7 @@ func (n *Node) addChild(s string, child *Node) {
 	n.children[s] = child
 }
 
-func newNode(data interface{}) *Node {
+func newNode(data any) *Node {
 	return &Node{
 		Data:     data,
 		children: map[string]*Node{},

config/config.go

@@ -7,9 +7,9 @@ import (
 	R "github.com/Dreamacro/clash/rule"
 	RP "github.com/Dreamacro/clash/rule/provider"
 	"net"
+	"net/netip"
 	"net/url"
 	"os"
-	"regexp"
 	"runtime"
 	"strings"
 	"time"
@@ -19,6 +19,7 @@ import (
 	"github.com/Dreamacro/clash/adapter/outboundgroup"
 	"github.com/Dreamacro/clash/adapter/provider"
 	"github.com/Dreamacro/clash/component/auth"
+	"github.com/Dreamacro/clash/component/dialer"
 	"github.com/Dreamacro/clash/component/fakeip"
 	"github.com/Dreamacro/clash/component/geodata"
 	"github.com/Dreamacro/clash/component/geodata/router"
@@ -26,6 +27,7 @@ import (
 	C "github.com/Dreamacro/clash/constant"
 	providerTypes "github.com/Dreamacro/clash/constant/provider"
 	"github.com/Dreamacro/clash/dns"
+	"github.com/Dreamacro/clash/listener/tun/ipstack/commons"
 	"github.com/Dreamacro/clash/log"
 	T "github.com/Dreamacro/clash/tunnel"
 
@@ -41,11 +43,12 @@ type General struct {
 	LogLevel      log.LogLevel `json:"log-level"`
 	IPv6          bool         `json:"ipv6"`
 	Interface     string       `json:"-"`
+	RoutingMark   int          `json:"-"`
+	GeodataMode   bool         `json:"geodata-mode"`
 	GeodataLoader string       `json:"geodata-loader"`
-	AutoIptables  bool         `json:"auto-iptables"`
 }
 
-// Inbound
+// Inbound config
 type Inbound struct {
 	Port           int      `json:"port"`
 	SocksPort      int      `json:"socks-port"`
@@ -57,7 +60,7 @@ type Inbound struct {
 	BindAddress    string   `json:"bind-address"`
 }
 
-// Controller
+// Controller config
 type Controller struct {
 	ExternalController string `json:"-"`
 	ExternalUI         string `json:"-"`
@@ -66,17 +69,18 @@ type Controller struct {
 
 // DNS config
 type DNS struct {
-	Enable            bool             `yaml:"enable"`
-	IPv6              bool             `yaml:"ipv6"`
-	NameServer        []dns.NameServer `yaml:"nameserver"`
-	Fallback          []dns.NameServer `yaml:"fallback"`
-	FallbackFilter    FallbackFilter   `yaml:"fallback-filter"`
-	Listen            string           `yaml:"listen"`
-	EnhancedMode      C.DNSMode        `yaml:"enhanced-mode"`
-	DefaultNameserver []dns.NameServer `yaml:"default-nameserver"`
-	FakeIPRange       *fakeip.Pool
-	Hosts             *trie.DomainTrie
-	NameServerPolicy  map[string]dns.NameServer
+	Enable                bool             `yaml:"enable"`
+	IPv6                  bool             `yaml:"ipv6"`
+	NameServer            []dns.NameServer `yaml:"nameserver"`
+	Fallback              []dns.NameServer `yaml:"fallback"`
+	FallbackFilter        FallbackFilter   `yaml:"fallback-filter"`
+	Listen                string           `yaml:"listen"`
+	EnhancedMode          C.DNSMode        `yaml:"enhanced-mode"`
+	DefaultNameserver     []dns.NameServer `yaml:"default-nameserver"`
+	FakeIPRange           *fakeip.Pool
+	Hosts                 *trie.DomainTrie
+	NameServerPolicy      map[string]dns.NameServer
+	ProxyServerNameserver []dns.NameServer
 }
 
 // FallbackFilter config
@@ -102,10 +106,11 @@ type Profile struct {
 
 // Tun config
 type Tun struct {
-	Enable    bool     `yaml:"enable" json:"enable"`
-	Stack     string   `yaml:"stack" json:"stack"`
-	DnsHijack []string `yaml:"dns-hijack" json:"dns-hijack"`
-	AutoRoute bool     `yaml:"auto-route" json:"auto-route"`
+	Enable    bool             `yaml:"enable" json:"enable"`
+	Device    string           `yaml:"device" json:"device"`
+	Stack     C.TUNStack       `yaml:"stack" json:"stack"`
+	DNSHijack []netip.AddrPort `yaml:"dns-hijack" json:"dns-hijack"`
+	AutoRoute bool             `yaml:"auto-route" json:"auto-route"`
 }
 
 // Script config
@@ -114,6 +119,13 @@ type Script struct {
 	ShortcutsCode map[string]string `yaml:"shortcuts" json:"shortcuts"`
 }
 
+// IPTables config
+type IPTables struct {
+	Enable           bool     `yaml:"enable" json:"enable"`
+	InboundInterface string   `yaml:"inbound-interface" json:"inbound-interface"`
+	Bypass           []string `yaml:"bypass" json:"bypass"`
+}
+
 // Experimental config
 type Experimental struct{}
 
@@ -121,6 +133,7 @@ type Experimental struct{}
 type Config struct {
 	General       *General
 	Tun           *Tun
+	IPTables      *IPTables
 	DNS           *DNS
 	Experimental  *Experimental
 	Hosts         *trie.DomainTrie
@@ -133,18 +146,19 @@ type Config struct {
 }
 
 type RawDNS struct {
-	Enable            bool              `yaml:"enable"`
-	IPv6              bool              `yaml:"ipv6"`
-	UseHosts          bool              `yaml:"use-hosts"`
-	NameServer        []string          `yaml:"nameserver"`
-	Fallback          []string          `yaml:"fallback"`
-	FallbackFilter    RawFallbackFilter `yaml:"fallback-filter"`
-	Listen            string            `yaml:"listen"`
-	EnhancedMode      C.DNSMode         `yaml:"enhanced-mode"`
-	FakeIPRange       string            `yaml:"fake-ip-range"`
-	FakeIPFilter      []string          `yaml:"fake-ip-filter"`
-	DefaultNameserver []string          `yaml:"default-nameserver"`
-	NameServerPolicy  map[string]string `yaml:"nameserver-policy"`
+	Enable                bool              `yaml:"enable"`
+	IPv6                  bool              `yaml:"ipv6"`
+	UseHosts              bool              `yaml:"use-hosts"`
+	NameServer            []string          `yaml:"nameserver"`
+	Fallback              []string          `yaml:"fallback"`
+	FallbackFilter        RawFallbackFilter `yaml:"fallback-filter"`
+	Listen                string            `yaml:"listen"`
+	EnhancedMode          C.DNSMode         `yaml:"enhanced-mode"`
+	FakeIPRange           string            `yaml:"fake-ip-range"`
+	FakeIPFilter          []string          `yaml:"fake-ip-filter"`
+	DefaultNameserver     []string          `yaml:"default-nameserver"`
+	NameServerPolicy      map[string]string `yaml:"nameserver-policy"`
+	ProxyServerNameserver []string          `yaml:"proxy-server-nameserver"`
 }
 
 type RawFallbackFilter struct {
@@ -155,6 +169,14 @@ type RawFallbackFilter struct {
 	GeoSite   []string `yaml:"geosite"`
 }
 
+type RawTun struct {
+	Enable    bool       `yaml:"enable" json:"enable"`
+	Device    string     `yaml:"device" json:"device"`
+	Stack     C.TUNStack `yaml:"stack" json:"stack"`
+	DNSHijack []string   `yaml:"dns-hijack" json:"dns-hijack"`
+	AutoRoute bool       `yaml:"auto-route" json:"auto-route"`
+}
+
 type RawConfig struct {
 	Port               int          `yaml:"port"`
 	SocksPort          int          `yaml:"socks-port"`
@@ -172,20 +194,21 @@ type RawConfig struct {
 	ExternalUI         string       `yaml:"external-ui"`
 	Secret             string       `yaml:"secret"`
 	Interface          string       `yaml:"interface-name"`
+	RoutingMark        int          `yaml:"routing-mark"`
+	GeodataMode        bool         `yaml:"geodata-mode"`
 	GeodataLoader      string       `yaml:"geodata-loader"`
-	AutoIptables       bool         `yaml:"auto-iptables"`
 
-	ProxyProvider map[string]map[string]interface{} `yaml:"proxy-providers"`
-	RuleProvider  map[string]map[string]interface{} `yaml:"rule-providers"`
-	Hosts         map[string]string                 `yaml:"hosts"`
-	DNS           RawDNS                            `yaml:"dns"`
-	Tun           Tun                               `yaml:"tun"`
-	Experimental  Experimental                      `yaml:"experimental"`
-	Profile       Profile                           `yaml:"profile"`
-	Proxy         []map[string]interface{}          `yaml:"proxies"`
-	ProxyGroup    []map[string]interface{}          `yaml:"proxy-groups"`
-	Rule          []string                          `yaml:"rules"`
-	Script        Script                            `yaml:"script"`
+	ProxyProvider map[string]map[string]any `yaml:"proxy-providers"`
+	RuleProvider  map[string]map[string]any `yaml:"rule-providers"`
+	Hosts         map[string]string         `yaml:"hosts"`
+	DNS           RawDNS                    `yaml:"dns"`
+	Tun           RawTun                    `yaml:"tun"`
+	IPTables      IPTables                  `yaml:"iptables"`
+	Experimental  Experimental              `yaml:"experimental"`
+	Profile       Profile                   `yaml:"profile"`
+	Proxy         []map[string]any          `yaml:"proxies"`
+	ProxyGroup    []map[string]any          `yaml:"proxy-groups"`
+	Rule          []string                  `yaml:"rules"`
 }
 
 // Parse config
@@ -204,25 +227,32 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) {
 		AllowLan:       false,
 		BindAddress:    "*",
 		Mode:           T.Rule,
+		GeodataMode:    C.GeodataMode,
 		GeodataLoader:  "memconservative",
-		AutoIptables:   false,
 		UnifiedDelay:   false,
 		Authentication: []string{},
 		LogLevel:       log.INFO,
 		Hosts:          map[string]string{},
 		Rule:           []string{},
-		Proxy:          []map[string]interface{}{},
-		ProxyGroup:     []map[string]interface{}{},
-		Tun: Tun{
+		Proxy:          []map[string]any{},
+		ProxyGroup:     []map[string]any{},
+		Tun: RawTun{
 			Enable:    false,
-			Stack:     "gvisor",
-			DnsHijack: []string{"198.18.0.2:53"},
-			AutoRoute: false,
+			Device:    "",
+			Stack:     C.TunGvisor,
+			DNSHijack: []string{"0.0.0.0:53"}, // default hijack all dns query
+			AutoRoute: true,
+		},
+		IPTables: IPTables{
+			Enable:           false,
+			InboundInterface: "lo",
+			Bypass:           []string{},
 		},
 		DNS: RawDNS{
-			Enable:      false,
-			UseHosts:    true,
-			FakeIPRange: "198.18.0.1/16",
+			Enable:       false,
+			UseHosts:     true,
+			EnhancedMode: C.DNSMapping,
+			FakeIPRange:  "198.18.0.1/16",
 			FallbackFilter: RawFallbackFilter{
 				GeoIP:     true,
 				GeoIPCode: "CN",
@@ -236,8 +266,8 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) {
 				"1.0.0.1",
 			},
 			NameServer: []string{
-				"223.5.5.5",
-				"119.29.29",
+				"https://doh.pub/dns-query",
+				"tls://223.5.5.5:853",
 			},
 			FakeIPFilter: []string{
 				"dns.msftnsci.com",
@@ -248,10 +278,6 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) {
 		Profile: Profile{
 			StoreSelected: true,
 		},
-		Script: Script{
-			MainCode:      "",
-			ShortcutsCode: map[string]string{},
-		},
 	}
 
 	if err := yaml.Unmarshal(buf, rawCfg); err != nil {
@@ -263,9 +289,11 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) {
 
 func ParseRawConfig(rawCfg *RawConfig) (*Config, error) {
 	config := &Config{}
-
+	log.Infoln("Start initial configuration in progress") //Segment finished in xxm
+	startTime := time.Now()
 	config.Experimental = &rawCfg.Experimental
 	config.Profile = &rawCfg.Profile
+	config.IPTables = &rawCfg.IPTables
 
 	general, err := parseGeneral(rawCfg)
 	if err != nil {
@@ -273,7 +301,13 @@ func ParseRawConfig(rawCfg *RawConfig) (*Config, error) {
 	}
 	config.General = general
 
-	config.Tun = &rawCfg.Tun
+	tunCfg, err := parseTun(rawCfg.Tun, config.General)
+	if err != nil {
+		return nil, err
+	}
+	config.Tun = tunCfg
+
+	dialer.DefaultInterface.Store(config.General.Interface)
 
 	proxies, providers, err := parseProxies(rawCfg)
 	if err != nil {
@@ -282,11 +316,6 @@ func ParseRawConfig(rawCfg *RawConfig) (*Config, error) {
 	config.Proxies = proxies
 	config.Providers = providers
 
-	err = parseScript(rawCfg)
-	if err != nil {
-		return nil, err
-	}
-
 	rules, ruleProviders, err := parseRules(rawCfg, proxies)
 	if err != nil {
 		return nil, err
@@ -308,6 +337,8 @@ func ParseRawConfig(rawCfg *RawConfig) (*Config, error) {
 
 	config.Users = parseAuthentication(rawCfg.Authentication)
 
+	elapsedTime := time.Since(startTime) / time.Millisecond                     // duration in ms
+	log.Infoln("Initial configuration complete, total time: %dms", elapsedTime) //Segment finished in xxm
 	return config, nil
 }
 
@@ -343,24 +374,27 @@ func parseGeneral(cfg *RawConfig) (*General, error) {
 		LogLevel:      cfg.LogLevel,
 		IPv6:          cfg.IPv6,
 		Interface:     cfg.Interface,
+		RoutingMark:   cfg.RoutingMark,
+		GeodataMode:   cfg.GeodataMode,
 		GeodataLoader: cfg.GeodataLoader,
-		AutoIptables:  cfg.AutoIptables,
 	}, nil
 }
 
 func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[string]providerTypes.ProxyProvider, err error) {
 	proxies = make(map[string]C.Proxy)
 	providersMap = make(map[string]providerTypes.ProxyProvider)
-	var proxyList []string
-	_proxiesList := list.New()
-	_groupsList := list.New()
 	proxiesConfig := cfg.Proxy
 	groupsConfig := cfg.ProxyGroup
 	providersConfig := cfg.ProxyProvider
 
+	var proxyList []string
+	_proxiesList := list.New()
+	_groupsList := list.New()
+
 	proxies["DIRECT"] = adapter.NewProxy(outbound.NewDirect())
 	proxies["REJECT"] = adapter.NewProxy(outbound.NewReject())
 	proxies["COMPATIBLE"] = adapter.NewProxy(outbound.NewCompatible())
+	proxies["PASS"] = adapter.NewProxy(outbound.NewPass())
 	proxyList = append(proxyList, "DIRECT", "REJECT")
 
 	// parse proxy
@@ -424,6 +458,9 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
 
 	var ps []C.Proxy
 	for _, v := range proxyList {
+		if proxies[v].Type() == C.Pass {
+			continue
+		}
 		ps = append(ps, proxies[v])
 	}
 	hc := provider.NewHealthCheck(ps, "", 0, true)
@@ -446,53 +483,9 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
 	return proxies, providersMap, nil
 }
 
-func parseScript(cfg *RawConfig) error {
-	mode := cfg.Mode
-	script := cfg.Script
-	mainCode := cleanPyKeywords(script.MainCode)
-	shortcutsCode := script.ShortcutsCode
-
-	if mode != T.Script && len(shortcutsCode) == 0 {
-		return nil
-	} else if mode == T.Script && len(mainCode) == 0 {
-		return fmt.Errorf("initialized script module failure, can't find script code in the config file")
-	}
-
-	content :=
-		`# -*- coding: UTF-8 -*-
-
-from datetime import datetime as whatever
-
-class ClashTime:
-  def now(self):
-    return whatever.now()
-  
-  def unix(self):
-    return int(whatever.now().timestamp())
-
-  def unix_nano(self):
-    return int(round(whatever.now().timestamp() * 1000))
-
-time = ClashTime()
-
-`
-	for k, v := range shortcutsCode {
-		v = cleanPyKeywords(v)
-		v = strings.TrimSpace(v)
-		if len(v) == 0 {
-			return fmt.Errorf("initialized rule SCRIPT failure, shortcut [%s] code invalid syntax", k)
-		}
-
-		content += "def " + strings.ToLower(k) + "(ctx, network, process_name, host, src_ip, src_port, dst_ip, dst_port):\n  return " + v + "\n\n"
-	}
-
-	return nil
-}
-
 func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, map[string]*providerTypes.RuleProvider, error) {
 	ruleProviders := map[string]*providerTypes.RuleProvider{}
-
-	startTime := time.Now()
+	log.Infoln("Geodata Loader mode: %s", geodata.LoaderName())
 	// parse rule provider
 	for name, mapping := range cfg.RuleProvider {
 		rp, err := RP.ParseRuleProvider(name, mapping)
@@ -522,29 +515,27 @@ func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, map[strin
 			continue
 		}
 
+		l := len(rule)
+
 		if ruleName == "NOT" || ruleName == "OR" || ruleName == "AND" {
-			payload = strings.Join(rule[1:len(rule)-1], ",")
-			target = rule[len(rule)-1]
+			target = rule[l-1]
+			payload = strings.Join(rule[1:l-1], ",")
 		} else {
-			switch l := len(rule); {
-			case l == 2:
-				target = rule[1]
-			case l == 3:
-				if ruleName == "MATCH" {
-					payload = ""
-					target = rule[1]
-					params = rule[2:]
-					break
-				}
-				payload = rule[1]
-				target = rule[2]
-			case l >= 4:
-				payload = rule[1]
-				target = rule[2]
-				params = rule[3:]
-			default:
+			if l < 2 {
 				return nil, nil, fmt.Errorf("rules[%d] [%s] error: format invalid", idx, line)
 			}
+			if l < 4 {
+				rule = append(rule, make([]string, 4-l)...)
+			}
+			if ruleName == "MATCH" {
+				l = 2
+			}
+			if l >= 3 {
+				l = 3
+				payload = rule[1]
+			}
+			target = rule[l-1]
+			params = rule[l:]
 		}
 
 		if _, ok := proxies[target]; mode != T.Script && !ok {
@@ -555,8 +546,9 @@ func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, map[strin
 
 		if ruleName == "GEOSITE" {
 			if err := initGeoSite(); err != nil {
-				return nil, nil, fmt.Errorf("can't initial GeoSite: %w", err)
+				return nil, nil, fmt.Errorf("can't initial GeoSite: %s", err)
 			}
+			initMode = false
 		}
 		parsed, parseErr := R.ParseRule(ruleName, payload, target, params)
 		if parseErr != nil {
@@ -567,9 +559,7 @@ func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, map[strin
 			rules = append(rules, parsed)
 		}
 	}
-	elapsedTime := time.Since(startTime) / time.Millisecond       // duration in ms
-	log.Infoln("Initialization time consuming %dms", elapsedTime) //Segment finished in xxm
-	log.Infoln("Geodata Loader mode: %s", geodata.LoaderName())
+
 	runtime.GC()
 
 	return rules, ruleProviders, nil
@@ -644,6 +634,9 @@ func parseNameServer(servers []string) ([]dns.NameServer, error) {
 		case "dhcp":
 			addr = u.Host
 			dnsNetType = "dhcp" // UDP from DHCP
+		case "quic":
+			addr, err = hostWithDefaultPort(u.Host, "784")
+			dnsNetType = "quic" // DNS over QUIC
 		default:
 			return nil, fmt.Errorf("DNS NameServer[%d] unsupport scheme: %s", idx, u.Scheme)
 		}
@@ -658,6 +651,7 @@ func parseNameServer(servers []string) ([]dns.NameServer, error) {
 				Net:          dnsNetType,
 				Addr:         addr,
 				ProxyAdapter: u.Fragment,
+				Interface:    dialer.DefaultInterface.Load(),
 			},
 		)
 	}
@@ -699,7 +693,7 @@ func parseFallbackGeoSite(countries []string, rules []C.Rule) ([]*router.DomainM
 	var sites []*router.DomainMatcher
 	if len(countries) > 0 {
 		if err := initGeoSite(); err != nil {
-			return nil, fmt.Errorf("can't initial GeoSite: %w", err)
+			return nil, fmt.Errorf("can't initial GeoSite: %s", err)
 		}
 	}
 
@@ -759,6 +753,10 @@ func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie, rules []C.Rule) (*DNS,
 		return nil, err
 	}
 
+	if dnsCfg.ProxyServerNameserver, err = parseNameServer(cfg.ProxyServerNameserver); err != nil {
+		return nil, err
+	}
+
 	if len(cfg.DefaultNameserver) == 0 {
 		return nil, errors.New("default nameserver should have at least one nameserver")
 	}
@@ -835,25 +833,47 @@ func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie, rules []C.Rule) (*DNS,
 }
 
 func parseAuthentication(rawRecords []string) []auth.AuthUser {
-	users := make([]auth.AuthUser, 0)
+	var users []auth.AuthUser
 	for _, line := range rawRecords {
-		userData := strings.SplitN(line, ":", 2)
-		if len(userData) == 2 {
-			users = append(users, auth.AuthUser{User: userData[0], Pass: userData[1]})
+		if user, pass, found := strings.Cut(line, ":"); found {
+			users = append(users, auth.AuthUser{User: user, Pass: pass})
 		}
 	}
 	return users
 }
 
-func cleanPyKeywords(code string) string {
-	if len(code) == 0 {
-		return code
-	}
-	keywords := []string{"import", "print"}
+func parseTun(rawTun RawTun, general *General) (*Tun, error) {
+	if (rawTun.Enable || general.TProxyPort != 0) && general.Interface == "" {
+		autoDetectInterfaceName, err := commons.GetAutoDetectInterface()
+		if err != nil || autoDetectInterfaceName == "" {
+			log.Warnln("Can not find auto detect interface.[%s]", err)
+		} else {
+			log.Warnln("Auto detect interface: %s", autoDetectInterfaceName)
+		}
 
-	for _, kw := range keywords {
-		reg := regexp.MustCompile("(?m)[\r\n]+^.*" + kw + ".*$")
-		code = reg.ReplaceAllString(code, "")
+		general.Interface = autoDetectInterfaceName
 	}
-	return code
+
+	var dnsHijack []netip.AddrPort
+
+	for _, d := range rawTun.DNSHijack {
+		if _, after, ok := strings.Cut(d, "://"); ok {
+			d = after
+		}
+
+		addrPort, err := netip.ParseAddrPort(d)
+		if err != nil {
+			return nil, fmt.Errorf("parse dns-hijack url error: %w", err)
+		}
+
+		dnsHijack = append(dnsHijack, addrPort)
+	}
+
+	return &Tun{
+		Enable:    rawTun.Enable,
+		Device:    rawTun.Device,
+		Stack:     rawTun.Stack,
+		DNSHijack: dnsHijack,
+		AutoRoute: rawTun.AutoRoute,
+	}, nil
 }

config/initial.go

@@ -2,17 +2,20 @@ package config
 
 import (
 	"fmt"
+	"github.com/Dreamacro/clash/component/geodata"
+	"github.com/Dreamacro/clash/component/mmdb"
 	"io"
 	"net/http"
 	"os"
 
-	"github.com/Dreamacro/clash/component/mmdb"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/log"
 )
 
+var initMode = true
+
 func downloadMMDB(path string) (err error) {
-	resp, err := http.Get("https://cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/Country.mmdb")
+	resp, err := http.Get("https://raw.githubusercontents.com/Loyalsoldier/geoip/release/Country.mmdb")
 	if err != nil {
 		return
 	}
@@ -28,30 +31,25 @@ func downloadMMDB(path string) (err error) {
 	return err
 }
 
-func initMMDB() error {
-	if _, err := os.Stat(C.Path.MMDB()); os.IsNotExist(err) {
-		log.Infoln("Can't find MMDB, start download")
-		if err := downloadMMDB(C.Path.MMDB()); err != nil {
-			return fmt.Errorf("can't download MMDB: %s", err.Error())
-		}
+func downloadGeoIP(path string) (err error) {
+	resp, err := http.Get("https://raw.githubusercontents.com/Loyalsoldier/v2ray-rules-dat/release/geoip.dat")
+	if err != nil {
+		return
 	}
+	defer resp.Body.Close()
 
-	if !mmdb.Verify() {
-		log.Warnln("MMDB invalid, remove and download")
-		if err := os.Remove(C.Path.MMDB()); err != nil {
-			return fmt.Errorf("can't remove invalid MMDB: %s", err.Error())
-		}
-
-		if err := downloadMMDB(C.Path.MMDB()); err != nil {
-			return fmt.Errorf("can't download MMDB: %s", err.Error())
-		}
+	f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, 0o644)
+	if err != nil {
+		return err
 	}
+	defer f.Close()
+	_, err = io.Copy(f, resp.Body)
 
-	return nil
+	return err
 }
 
 func downloadGeoSite(path string) (err error) {
-	resp, err := http.Get("https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat")
+	resp, err := http.Get("https://raw.githubusercontents.com/Loyalsoldier/v2ray-rules-dat/release/geosite.dat")
 	if err != nil {
 		return
 	}
@@ -69,12 +67,65 @@ func downloadGeoSite(path string) (err error) {
 
 func initGeoSite() error {
 	if _, err := os.Stat(C.Path.GeoSite()); os.IsNotExist(err) {
-		log.Infoln("Need GeoSite but can't find GeoSite.dat, start download")
+		log.Infoln("Can't find GeoSite.dat, start download")
 		if err := downloadGeoSite(C.Path.GeoSite()); err != nil {
 			return fmt.Errorf("can't download GeoSite.dat: %s", err.Error())
 		}
 		log.Infoln("Download GeoSite.dat finish")
 	}
+	if initMode {
+		if !geodata.Verify(C.GeositeName) {
+			log.Warnln("GeoSite.dat invalid, remove and download")
+			if err := os.Remove(C.Path.GeoSite()); err != nil {
+				return fmt.Errorf("can't remove invalid GeoSite.dat: %s", err.Error())
+			}
+			if err := downloadGeoSite(C.Path.GeoSite()); err != nil {
+				return fmt.Errorf("can't download GeoSite.dat: %s", err.Error())
+			}
+		}
+	}
+	return nil
+}
+
+func initGeoIP() error {
+	if C.GeodataMode {
+		if _, err := os.Stat(C.Path.GeoIP()); os.IsNotExist(err) {
+			log.Infoln("Can't find GeoIP.dat, start download")
+			if err := downloadGeoIP(C.Path.GeoIP()); err != nil {
+				return fmt.Errorf("can't download GeoIP.dat: %s", err.Error())
+			}
+			log.Infoln("Download GeoIP.dat finish")
+		}
+
+		if !geodata.Verify(C.GeoipName) {
+			log.Warnln("GeoIP.dat invalid, remove and download")
+			if err := os.Remove(C.Path.GeoIP()); err != nil {
+				return fmt.Errorf("can't remove invalid GeoIP.dat: %s", err.Error())
+			}
+			if err := downloadGeoIP(C.Path.GeoIP()); err != nil {
+				return fmt.Errorf("can't download GeoIP.dat: %s", err.Error())
+			}
+		}
+		return nil
+	}
+
+	if _, err := os.Stat(C.Path.MMDB()); os.IsNotExist(err) {
+		log.Infoln("Can't find MMDB, start download")
+		if err := downloadMMDB(C.Path.MMDB()); err != nil {
+			return fmt.Errorf("can't download MMDB: %s", err.Error())
+		}
+	}
+
+	if !mmdb.Verify() {
+		log.Warnln("MMDB invalid, remove and download")
+		if err := os.Remove(C.Path.MMDB()); err != nil {
+			return fmt.Errorf("can't remove invalid MMDB: %s", err.Error())
+		}
+
+		if err := downloadMMDB(C.Path.MMDB()); err != nil {
+			return fmt.Errorf("can't download MMDB: %s", err.Error())
+		}
+	}
 
 	return nil
 }
@@ -98,15 +149,19 @@ func Init(dir string) error {
 		f.Write([]byte(`mixed-port: 7890`))
 		f.Close()
 	}
-
-	//// initial GeoIP
-	//if err := initGeoIP(); err != nil {
-	//	return fmt.Errorf("can't initial GeoIP: %w", err)
-	//}
-
-	// initial mmdb
-	if err := initMMDB(); err != nil {
-		return fmt.Errorf("can't initial MMDB: %w", err)
+	buf, _ := os.ReadFile(C.Path.Config())
+	rawCfg, err := UnmarshalRawConfig(buf)
+	if err != nil {
+		log.Errorln(err.Error())
+		fmt.Printf("configuration file %s test failed\n", C.Path.Config())
+		os.Exit(1)
+	}
+	if !C.GeodataMode {
+		C.GeodataMode = rawCfg.GeodataMode
+	}
+	// initial GeoIP
+	if err := initGeoIP(); err != nil {
+		return fmt.Errorf("can't initial GeoIP: %w", err)
 	}
 
 	return nil

config/utils.go

@@ -18,13 +18,13 @@ func trimArr(arr []string) (r []string) {
 // Check if ProxyGroups form DAG(Directed Acyclic Graph), and sort all ProxyGroups by dependency order.
 // Meanwhile, record the original index in the config file.
 // If loop is detected, return an error with location of loop.
-func proxyGroupsDagSort(groupsConfig []map[string]interface{}) error {
+func proxyGroupsDagSort(groupsConfig []map[string]any) error {
 	type graphNode struct {
 		indegree int
 		// topological order
 		topo int
 		// the original data in `groupsConfig`
-		data map[string]interface{}
+		data map[string]any
 		// `outdegree` and `from` are used in loop locating
 		outdegree int
 		option    *outboundgroup.GroupCommonOption

constant/adapters.go

@@ -14,6 +14,14 @@ const (
 	Direct AdapterType = iota
 	Reject
 	Compatible
+	Pass
+
+	Relay
+	Selector
+	Fallback
+	URLTest
+	LoadBalance
+
 	Shadowsocks
 	ShadowsocksR
 	Snell
@@ -22,12 +30,6 @@ const (
 	Vmess
 	Vless
 	Trojan
-
-	Relay
-	Selector
-	Fallback
-	URLTest
-	LoadBalance
 )
 
 const (
@@ -131,6 +133,8 @@ func (at AdapterType) String() string {
 		return "Reject"
 	case Compatible:
 		return "Compatible"
+	case Pass:
+		return "Pass"
 	case Shadowsocks:
 		return "Shadowsocks"
 	case ShadowsocksR:

constant/dns.go

@@ -21,7 +21,7 @@ const (
 type DNSMode int
 
 // UnmarshalYAML unserialize EnhancedMode with yaml
-func (e *DNSMode) UnmarshalYAML(unmarshal func(interface{}) error) error {
+func (e *DNSMode) UnmarshalYAML(unmarshal func(any) error) error {
 	var tp string
 	if err := unmarshal(&tp); err != nil {
 		return err
@@ -35,7 +35,7 @@ func (e *DNSMode) UnmarshalYAML(unmarshal func(interface{}) error) error {
 }
 
 // MarshalYAML serialize EnhancedMode with yaml
-func (e DNSMode) MarshalYAML() (interface{}, error) {
+func (e DNSMode) MarshalYAML() (any, error) {
 	return e.String(), nil
 }
 

constant/geodata.go

@@ -0,0 +1,3 @@
+package constant
+
+var GeodataMode bool

constant/metadata.go

@@ -73,16 +73,17 @@ func (t Type) MarshalJSON() ([]byte, error) {
 
 // Metadata is used to store connection address
 type Metadata struct {
-	NetWork  NetWork `json:"network"`
-	Type     Type    `json:"type"`
-	SrcIP    net.IP  `json:"sourceIP"`
-	DstIP    net.IP  `json:"destinationIP"`
-	SrcPort  string  `json:"sourcePort"`
-	DstPort  string  `json:"destinationPort"`
-	AddrType int     `json:"-"`
-	Host     string  `json:"host"`
-	Process  string  `json:"process"`
-	DNSMode  DNSMode `json:"dnsMode"`
+	NetWork     NetWork `json:"network"`
+	Type        Type    `json:"type"`
+	SrcIP       net.IP  `json:"sourceIP"`
+	DstIP       net.IP  `json:"destinationIP"`
+	SrcPort     string  `json:"sourcePort"`
+	DstPort     string  `json:"destinationPort"`
+	AddrType    int     `json:"-"`
+	Host        string  `json:"host"`
+	DNSMode     DNSMode `json:"dnsMode"`
+	Process     string  `json:"process"`
+	ProcessPath string  `json:"processPath"`
 }
 
 func (m *Metadata) RemoteAddress() string {

constant/path.go

@@ -59,6 +59,21 @@ func (p *path) Resolve(path string) string {
 }
 
 func (p *path) MMDB() string {
+	files, err := ioutil.ReadDir(p.homeDir)
+	if err != nil {
+		return ""
+	}
+	for _, fi := range files {
+		if fi.IsDir() {
+			// 目录则直接跳过
+			continue
+		} else {
+			if strings.EqualFold(fi.Name(), "Country.mmdb") {
+				GeoipName = fi.Name()
+				return P.Join(p.homeDir, fi.Name())
+			}
+		}
+	}
 	return P.Join(p.homeDir, "Country.mmdb")
 }
 

constant/rule.go

@@ -12,10 +12,10 @@ const (
 	SrcPort
 	DstPort
 	Process
+	ProcessPath
 	Script
 	RuleSet
 	Network
-	Combination
 	MATCH
 	AND
 	OR
@@ -46,6 +46,8 @@ func (rt RuleType) String() string {
 		return "DstPort"
 	case Process:
 		return "Process"
+	case ProcessPath:
+		return "ProcessPath"
 	case Script:
 		return "Script"
 	case MATCH:
@@ -71,5 +73,7 @@ type Rule interface {
 	Adapter() string
 	Payload() string
 	ShouldResolveIP() bool
+	ShouldFindProcess() bool
 	RuleExtra() *RuleExtra
+	SetRuleExtra(re *RuleExtra)
 }

constant/rule_extra.go

@@ -2,15 +2,15 @@ package constant
 
 import (
 	"net"
+	"strings"
 
 	"github.com/Dreamacro/clash/component/geodata/router"
 )
 
-var TunBroadcastAddr = net.IPv4(198, 18, 255, 255)
-
 type RuleExtra struct {
-	Network   NetWork
-	SourceIPs []*net.IPNet
+	Network      NetWork
+	SourceIPs    []*net.IPNet
+	ProcessNames []string
 }
 
 func (re *RuleExtra) NotMatchNetwork(network NetWork) bool {
@@ -30,6 +30,19 @@ func (re *RuleExtra) NotMatchSourceIP(srcIP net.IP) bool {
 	return true
 }
 
+func (re *RuleExtra) NotMatchProcessName(processName string) bool {
+	if re.ProcessNames == nil {
+		return false
+	}
+
+	for _, pn := range re.ProcessNames {
+		if strings.EqualFold(pn, processName) {
+			return false
+		}
+	}
+	return true
+}
+
 type RuleGeoSite interface {
 	GetDomainMatcher() *router.DomainMatcher
 }

constant/tun.go

@@ -0,0 +1,66 @@
+package constant
+
+import (
+	"encoding/json"
+	"errors"
+	"strings"
+)
+
+var StackTypeMapping = map[string]TUNStack{
+	strings.ToUpper(TunGvisor.String()): TunGvisor,
+	strings.ToUpper(TunSystem.String()): TunSystem,
+}
+
+const (
+	TunGvisor TUNStack = iota
+	TunSystem
+)
+
+type TUNStack int
+
+// UnmarshalYAML unserialize TUNStack with yaml
+func (e *TUNStack) UnmarshalYAML(unmarshal func(any) error) error {
+	var tp string
+	if err := unmarshal(&tp); err != nil {
+		return err
+	}
+	mode, exist := StackTypeMapping[strings.ToUpper(tp)]
+	if !exist {
+		return errors.New("invalid tun stack")
+	}
+	*e = mode
+	return nil
+}
+
+// MarshalYAML serialize TUNStack with yaml
+func (e TUNStack) MarshalYAML() (any, error) {
+	return e.String(), nil
+}
+
+// UnmarshalJSON unserialize TUNStack with json
+func (e *TUNStack) UnmarshalJSON(data []byte) error {
+	var tp string
+	json.Unmarshal(data, &tp)
+	mode, exist := StackTypeMapping[strings.ToUpper(tp)]
+	if !exist {
+		return errors.New("invalid tun stack")
+	}
+	*e = mode
+	return nil
+}
+
+// MarshalJSON serialize TUNStack with json
+func (e TUNStack) MarshalJSON() ([]byte, error) {
+	return json.Marshal(e.String())
+}
+
+func (e TUNStack) String() string {
+	switch e {
+	case TunGvisor:
+		return "gVisor"
+	case TunSystem:
+		return "System"
+	default:
+		return "unknown"
+	}
+}

constant/version.go

@@ -1,9 +1,8 @@
 package constant
 
 var (
-	Meta         = true
-	Version      = "1.9.0"
-	BuildTime    = "unknown time"
-	AutoIptables string
-	ClashName    = "Clash.Meta"
+	Meta      = true
+	Version   = "1.10.0"
+	BuildTime = "unknown time"
+	ClashName = "Clash.Meta"
 )