Feature: add process_path to script metadata

Chore: code style
Chore: merge branch 'with-tun' into plus-pro
2022-05-09 06:13:26 +08:00 · 2022-05-09 03:17:09 +08:00 · 2022-05-09 01:56:32 +08:00 · 2022-05-09 01:22:43 +08:00 · 2022-05-08 06:17:09 +08:00 · 2022-05-08 04:12:20 +08:00
426 changed files with 32142 additions and 5946 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -1,96 +0,0 @@
 ---
 name: Bug report
 about: Create a report to help us improve
 title: "[Bug]"
 labels: ''
 assignees: ''
 ---
 <!-- The English version is available. -->
 感谢你向 Clash Core 提交 issue！
 在提交之前，请确认：
 - [ ] 我已经在 [Issue Tracker](……/) 中找过我要提出的问题
 - [ ] 这是 Clash 核心的问题，并非我所使用的 Clash 衍生版本（如 Openclash、Koolclash 等）的特定问题
 - [ ] 我已经使用 Clash core 的 dev 分支版本测试过，问题依旧存在
 - [ ] 如果你可以自己 debug 并解决的话，提交 PR 吧！
 请注意，如果你并没有遵照这个 issue template 填写内容，我们将直接关闭这个 issue。
 <!--
 Thanks for submitting an issue towards the Clash core!
 But before so, please do the following checklist:
 - [ ] Is this something you can **debug and fix**? Send a pull request! Bug fixes and documentation fixes are welcome.
 - [ ] Your issue may already be reported! Please search on the [issue tracker](……/) before creating one.
 - [ ] I have tested using the dev branch, and the issue still exists.
 - [ ] This is an issue related to the Clash core, not to the derivatives of Clash, like Openclash or Koolclash
 Please understand that we close issues that fail to follow the issue template.
 -->
 我都确认过了，我要继续提交。
 <!-- None of the above, create a bug report -->
 ------------------------------------------------------------------
 请附上任何可以帮助我们解决这个问题的信息，如果我们收到的信息不足，我们将对这个 issue 加上 *Needs more information* 标记并在收到更多资讯之前关闭 issue。
 <!-- Make sure to add **all the information needed to understand the bug** so that someone can help. If the info is missing we'll add the 'Needs more information' label and close the issue until there is enough information. -->
 ### clash core config
 <!--
 在下方附上 Clash core 脱敏后配置文件的内容
 Paste the Clash core configuration below.
 -->
 ```
 ……
 ```
 ### Clash log
 <!--
 在下方附上 Clash Core 的日志，log level 最好使用 DEBUG
 Paste the Clash core log below with the log level set to `DEBUG`.
 -->
 ```
 ……
 ```
 ### 环境 Environment
 * Clash Core 的操作系统 (the OS that the Clash core is running on)
 ……
 * 使用者的操作系统 (the OS running on the client)
 ……
 * 网路环境或拓扑 (network conditions/topology)
 ……
 * iptables，如果适用 (if applicable)
 ……
 * ISP 有没有进行 DNS 污染 (is your ISP performing DNS pollution?)
 ……
 * 其他
 ……
 ### 说明 Description
 <!--
 请详细、清晰地表达你要提出的论述，例如这个问题如何影响到你？你想实现什么功能？
 -->
 ### 重现问题的具体布骤 Steps to Reproduce
 1. [First Step]
 2. [Second Step]
 3. ……
 **我预期会发生……？**
 <!-- **Expected behavior:** [What you expected to happen] -->
 **实际上发生了什麽？**
 <!-- **Actual behavior:** [What actually happened] -->
 ### 可能的解决方案 Possible Solution
 <!-- 此项非必须，但是如果你有想法的话欢迎提出。 -->
 <!-- Not obligatory, but suggest a fix/reason for the bug, -->
 <!-- or ideas how to implement the addition or change -->
 ### 更多信息 More Information
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@ -0,0 +1,76 @@
 name: Bug report
 description: Create a report to help us improve
 title: "[Bug] "
 body:
  - type: checkboxes
    id: ensure
    attributes:
      label: Verify steps
      description: "
 在提交之前，请确认
 Please verify that you've followed these steps
 "
      options:
        - label: "
 如果你可以自己 debug 并解决的话，提交 PR 吧
 Is this something you can **debug and fix**? Send a pull request! Bug fixes and documentation fixes are welcome.
 "
          required: true
        - label: "
 我已经在 [Issue Tracker](……/) 中找过我要提出的问题
 I have searched on the [issue tracker](……/) for a related issue.
 "
          required: true
        - label: "
 我已经使用 dev 分支版本测试过，问题依旧存在
 I have tested using the dev branch, and the issue still exists.
 "
          required: true
        - label: "
 我已经仔细看过 [Documentation](https://github.com/Dreamacro/clash/wiki/) 并无法自行解决问题
 I have read the [documentation](https://github.com/Dreamacro/clash/wiki/) and was unable to solve the issue.
 "
          required: true
        - label: "
 这是 Clash 核心的问题，并非我所使用的 Clash 衍生版本（如 OpenClash、KoolClash 等）的特定问题
 This is an issue of the Clash core *per se*, not to the derivatives of Clash, like OpenClash or KoolClash.
 "
          required: true
  - type: input
    attributes:
      label: Clash version
    validations:
      required: true
  - type: dropdown
    id: os
    attributes:
      label: What OS are you seeing the problem on?
      multiple: true
      options:
        - macOS
        - Windows
        - Linux
        - OpenBSD/FreeBSD
  - type: textarea
    attributes:
      render: yaml
      label: "Clash config"
      description: "
 在下方附上 Clash core 脱敏后配置文件的内容
 Paste the Clash core configuration below.
 "
    validations:
      required: true
  - type: textarea
    attributes:
      render: shell
      label: Clash log
      description: "
 在下方附上 Clash Core 的日志，log level 使用 DEBUG
 Paste the Clash core log below with the log level set to `DEBUG`.
 "
  - type: textarea
    attributes:
      label: Description
    validations:
      required: true
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -0,0 +1,6 @@
 blank_issues_enabled: false
 contact_links:
  - name: Get help in GitHub Discussions
    url: https://github.com/Dreamacro/clash/discussions
    about: Have a question? Not sure if your issue affects everyone reproducibly? The quickest way to get help is on Clash's GitHub Discussions!
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@ -1,78 +0,0 @@
 ---
 name: Feature request
 about: Suggest an idea for this project
 title: "[Feature]"
 labels: ''
 assignees: ''
 ---
 <!-- The English version is available. -->
 感谢你向 Clash Core 提交 Feature Request！
 在提交之前，请确认：
 - [ ] 我已经在 [Issue Tracker](……/) 中找过我要提出的请求
 请注意，如果你并没有遵照这个 issue template 填写内容，我们将直接关闭这个 issue。
 <!--
 Thanks for submitting a feature request towards the Clash core!
 But before so, please do the following checklist:
 - [ ] I have searched on the [issue tracker](……/) before creating the issue.
 Please understand that we close issues that fail to follow the issue template.
 -->
 我都确认过了，我要继续提交。
 <!-- None of the above, create a feature request -->
 ------------------------------------------------------------------
 请附上任何可以帮助我们解决这个问题的信息，如果我们收到的信息不足，我们将对这个 issue 加上 *Needs more information* 标记并在收到更多资讯之前关闭 issue。
 <!-- Make sure to add **all the information needed to understand the bug** so that someone can help. If the info is missing we'll add the 'Needs more information' label and close the issue until there is enough information. -->
 ### Clash core config
 <!--
 在下方附上 Clash Core 脱敏后的配置内容
 Paste the Clash core configuration below.
 -->
 ```
 ……
 ```
 ### Clash log
 <!--
 在下方附上 Clash Core 的日志，log level 请使用 DEBUG
 Paste the Clash core log below with the log level set to `DEBUG`.
 -->
 ```
 ……
 ```
 ### 环境 Environment
 * Clash Core 的操作系统 (the OS that the Clash core is running on)
 ……
 * 使用者的操作系统 (the OS running on the client)
 ……
 * 网路环境或拓扑 (network conditions/topology)
 ……
 * iptables，如果适用 (if applicable)
 ……
 * ISP 有没有进行 DNS 污染 (is your ISP performing DNS pollution?)
 ……
 * 其他
 ……
 ### 说明 Description
 <!--
 请详细、清晰地表达你要提出的论述，例如这个问题如何影响到你？你想实现什么功能？目前 Clash Core 的行为是什麽？
 -->
 ### 可能的解决方案 Possible Solution
 <!-- 此项非必须，但是如果你有想法的话欢迎提出。 -->
 <!-- Not obligatory, but suggest a fix/reason for the bug, -->
 <!-- or ideas how to implement the addition or change -->
 ### 更多信息 More Information
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@ -0,0 +1,36 @@
 name: Feature request
 description: Suggest an idea for this project
 title: "[Feature] "
 body:
  - type: checkboxes
    id: ensure
    attributes:
      label: Verify steps
      description: "
 在提交之前，请确认
 Please verify that you've followed these steps
 "
      options:
        - label: "
 我已经在 [Issue Tracker](……/) 中找过我要提出的请求
 I have searched on the [issue tracker](……/) for a related feature request.
 "
          required: true
        - label: "
 我已经仔细看过 [Documentation](https://github.com/Dreamacro/clash/wiki/) 并无法自行解决问题
 I have read the [documentation](https://github.com/Dreamacro/clash/wiki/) and was unable to solve the issue.
 "
          required: true
  - type: textarea
    attributes:
      label: Description
      description: 请详细、清晰地表达你要提出的论述，例如这个问题如何影响到你？你想实现什么功能？目前 Clash Core 的行为是什麽？
    validations:
      required: true
  - type: textarea
    attributes:
      label: Possible Solution
      description: "
 此项非必须，但是如果你有想法的话欢迎提出。
 Not obligatory, but suggest a fix/reason for the bug, or ideas how to implement the addition or change
 "
--- a/.github/workflows/build-windows-amd.yml
+++ b/.github/workflows/build-windows-amd.yml
@ -0,0 +1,75 @@
 name: Build-Windows
 on: [push]
 jobs:
  build:
    runs-on: windows-latest
    steps:
      - name: Setup Go
        uses: actions/setup-go@v2
        with:
          go-version: 1.18.x
      - name: Check out code into the Go module directory
        uses: actions/checkout@v3
      - name: Go cache paths
        id: go-cache-paths
        run: |
          echo "::set-output name=go-build::$(go env GOCACHE)"
          echo "::set-output name=go-mod::$(go env GOMODCACHE)"
      - name: Cache go module
        uses: actions/cache@v2
        with:
          path: |
            ${{ steps.go-cache-paths.outputs.go-mod }}
            ${{ steps.go-cache-paths.outputs.go-build }}
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-
      - name: Setup Python
        uses: actions/setup-python@v3
        with:
          python-version: '3.9'
          architecture: 'x64'
      - name: Get dependencies, run test
        id: test
        run: |
          cmd /c mklink /J D:\python-amd64 $env:pythonLocation
          echo "::set-output name=file_sha::$(git describe --tags --always)"
          echo "::set-output name=file_date::$(Get-Date -Format 'yyyyMMdd')"
          ((Get-Content -path constant/version.go -Raw) -replace 'unknown version',$(git describe --tags --always)) | Set-Content -Path constant/version.go
          ((Get-Content -path constant/version.go -Raw) -replace 'unknown time',$(Get-Date)) | Set-Content -Path constant/version.go
          # go test
          go test -tags build_actions ./...
      - name: Build
        #if: startsWith(github.ref, 'refs/tags/')
        run: |
          $env:CGO_ENABLED=1; go build -tags build_actions -trimpath -ldflags '-w -s -buildid=' -o bin/clash-windows-amd64.exe
          $env:GOAMD64="v3"; $env:CGO_ENABLED=1; go build -tags build_actions -trimpath -ldflags '-w -s -buildid=' -o bin/clash-windows-amd64-v3.exe
          cd bin/
          Compress-Archive -Path clash-windows-amd64.exe -DestinationPath clash-plus-windows-amd64-$(git describe --tags --always)-$(Get-Date -Format 'yyyy.MM.dd').zip
          Compress-Archive -Path clash-windows-amd64-v3.exe -DestinationPath clash-plus-windows-amd64-v3-$(git describe --tags --always)-$(Get-Date -Format 'yyyy.MM.dd').zip
          Remove-Item -Force clash-windows-amd64.exe
          Remove-Item -Force clash-windows-amd64-v3.exe
      - name: Upload files to Artifacts
        uses: actions/upload-artifact@v2
        if: startsWith(github.ref, 'refs/tags/') == false
        with:
          name: clash-windows-amd64-${{ steps.test.outputs.file_sha }}-${{ steps.test.outputs.file_date }}
          path: |
            bin/*
      - name: Delete workflow runs
        uses: GitRML/delete-workflow-runs@main
        with:
          retain_days: 1
          keep_minimum_runs: 2
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -0,0 +1,29 @@
 name: CodeQL
 on:
  push:
    branches: [ rm ]
 jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        language: ['go']
    steps:
    - name: Checkout repository
      uses: actions/checkout@v3
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v1
      with:
        languages: ${{ matrix.language }}
    - name: Autobuild
      uses: github/codeql-action/autobuild@v1
    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v1
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -0,0 +1,80 @@
 name: Publish Docker Image
 on:
  push:
    branches:
      - rm
    tags:
      - '*'
 jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - name: Check out code into the Go module directory
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v1
        with:
          platforms: all
      - name: Set up docker buildx
        id: buildx
        uses: docker/setup-buildx-action@v1
        with:
          version: latest
      - name: Login to DockerHub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Login to Github Package
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: Dreamacro
          password: ${{ secrets.PACKAGE_TOKEN }}
      - name: Build dev branch and push
        if: github.ref == 'refs/heads/dev'
        uses: docker/build-push-action@v2
        with:
          context: .
          platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64
          push: true
          tags: 'dreamacro/clash:dev,ghcr.io/dreamacro/clash:dev'
          cache-from: type=gha
          cache-to: type=gha,mode=max
      - name: Get all docker tags
        if: startsWith(github.ref, 'refs/tags/')
        uses: actions/github-script@v6
        id: tags
        with:
          script: |
            const ref = context.payload.ref.replace(/\/?refs\/tags\//, '')
            const tags = [
              'dreamacro/clash:latest',
              `dreamacro/clash:${ref}`,
              'ghcr.io/dreamacro/clash:latest',
              `ghcr.io/dreamacro/clash:${ref}`
            ]
            return tags.join(',')
          result-encoding: string
      - name: Build release and push
        if: startsWith(github.ref, 'refs/tags/')
        uses: docker/build-push-action@v2
        with:
          context: .
          platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64
          push: true
          tags: ${{steps.tags.outputs.result}}
          cache-from: type=gha
          cache-to: type=gha,mode=max
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@ -1,44 +0,0 @@
 name: Go
 on: [push, pull_request]
 jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - name: Setup Go
        uses: actions/setup-go@v1
        with:
          go-version: 1.14.x
      - name: Check out code into the Go module directory
        uses: actions/checkout@v1
      - name: Cache go module
        uses: actions/cache@v1
        with:
          path: ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-
      - name: Get dependencies and run test
        run: |
          go test ./...
      - name: Build
        if: startsWith(github.ref, 'refs/tags/')
        env:
          NAME: clash
          BINDIR: bin
        run: make -j releases
      - name: Upload Release
        uses: softprops/action-gh-release@v1
        if: startsWith(github.ref, 'refs/tags/')
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          files: bin/*
          draft: true
          prerelease: true
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@ -0,0 +1,23 @@
 name: Linter
 on: [push, pull_request]
 jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Get latest go version
        id: version
        run: |
          echo ::set-output name=go_version::$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g')
      - name: Setup Go
        uses: actions/setup-go@v2
        with:
          go-version: ${{ steps.version.outputs.go_version }}
      - name: golangci-lint
        uses: golangci/golangci-lint-action@v3
        with:
          version: latest
          args: --build-tags=build_local
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -0,0 +1,120 @@
 name: Release
 on:
  push:
    branches:
      - rm
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Get latest go version
        id: version
        run: |
          echo ::set-output name=go_version::$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g')
      - name: Setup Go
        uses: actions/setup-go@v2
        with:
          go-version: ${{ steps.version.outputs.go_version }}
      - name: Check out code into the Go module directory
        uses: actions/checkout@v3
      - name: Go cache paths
        id: go-cache-paths
        run: |
          echo "::set-output name=go-build::$(go env GOCACHE)"
          echo "::set-output name=go-mod::$(go env GOMODCACHE)"
      - name: Cache go module
        uses: actions/cache@v2
        with:
          path: |
            ${{ steps.go-cache-paths.outputs.go-mod }}
            ${{ steps.go-cache-paths.outputs.go-build }}
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-
      - name: Setup Python
        uses: actions/setup-python@v2
        with:
          python-version: '3.9'
      - name: Get dependencies, run test
        run: |
          # fetch python cross compile source files
          mkdir -p bin/python/
          cd bin/python/
          curl -LO https://raw.githubusercontent.com/yaling888/snack/main/python-3.9.7-darwin-amd64.tar.xz
          curl -LO https://raw.githubusercontent.com/yaling888/snack/main/python-3.9.7-darwin-arm64.tar.xz
          curl -LO https://raw.githubusercontent.com/yaling888/snack/main/python-3.9.7-windows-amd64.tar.xz
          curl -LO https://raw.githubusercontent.com/yaling888/snack/main/python-3.9.7-windows-386.tar.xz
          #curl -LO https://raw.githubusercontent.com/yaling888/snack/main/python-3.9.7-linux-amd64.tar.xz
          #curl -LO https://raw.githubusercontent.com/yaling888/snack/main/python-3.9.7-linux-arm64.tar.xz
          #curl -LO https://raw.githubusercontent.com/yaling888/snack/main/python-3.9.7-linux-386.tar.xz
          tar -Jxf python-3.9.7-darwin-amd64.tar.xz
          tar -Jxf python-3.9.7-darwin-arm64.tar.xz
          tar -Jxf python-3.9.7-windows-amd64.tar.xz
          tar -Jxf python-3.9.7-windows-386.tar.xz
          #tar -Jxf python-3.9.7-linux-amd64.tar.xz
          #tar -Jxf python-3.9.7-linux-arm64.tar.xz
          #tar -Jxf python-3.9.7-linux-386.tar.xz
          rm python-3.9.7-*.tar.xz
          cd ../../
          # go test
          go test -tags build_local ./...
          # init xgo
          docker pull techknowlogick/xgo:latest
          go install src.techknowlogick.com/xgo@latest
      - name: Build
        #if: startsWith(github.ref, 'refs/tags/')
        env:
          NAME: clash
          BINDIR: bin
        run: |
          make -j releases
          #ls -lahF bin/python/
      - name: Prepare upload
        if: startsWith(github.ref, 'refs/tags/') == false
        run: |
          rm -rf bin/python/
          echo "FILE_DATE=_$(date +"%Y%m%d%H%M")" >> $GITHUB_ENV
          echo "FILE_SHA=$(git describe --tags --always 2>/dev/null)" >> $GITHUB_ENV
      - name: Upload files to Artifacts
        uses: actions/upload-artifact@v2
        if: startsWith(github.ref, 'refs/tags/') == false
        with:
          name: clash_${{ env.FILE_SHA }}${{ env.FILE_DATE }}
          path: |
            bin/*
      - name: Upload Release
        uses: softprops/action-gh-release@v1
        if: startsWith(github.ref, 'refs/tags/')
        with:
          files: bin/*
          draft: true
          prerelease: true
          generate_release_notes: true
      - name: Delete workflow runs
        uses: GitRML/delete-workflow-runs@main
        with:
          retain_days: 1
          keep_minimum_runs: 2
      - name: Remove old Releases
        uses: dev-drprasad/delete-older-releases@v0.2.0
        if: startsWith(github.ref, 'refs/tags/') && !cancelled()
        with:
          keep_latest: 1
          delete_tags: true
          delete_tag_pattern: plus-pro
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -0,0 +1,19 @@
 name: Mark stale issues and pull requests
 on:
  push:
    branches:
      - rm
 jobs:
  stale:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/stale@v5
        with:
          stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days'
          days-before-stale: 60
          days-before-close: 5
--- a/.gitignore
+++ b/.gitignore
@ -12,7 +12,7 @@ bin/*
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
-# dep
+# go mod vendor
 vendor
 # GoLand
@ -20,3 +20,6 @@ vendor
 # macOS file
 .DS_Store
 # test suite
 test/config/cache*
--- a/.golangci.yaml
+++ b/.golangci.yaml
@ -0,0 +1,16 @@
 linters:
  disable-all: true
  enable:
    - gofumpt
    - staticcheck
    - govet
    - gci
 linters-settings:
  gci:
    sections:
      - standard
      - prefix(github.com/Dreamacro/clash)
      - default
  staticcheck:
    go: '1.18'
--- a/8
+++ b/8
@ -3,14 +3,16 @@ FROM golang:alpine as builder
 RUN apk add --no-cache make git && \
    wget -O /Country.mmdb https://github.com/Dreamacro/maxmind-geoip/releases/latest/download/Country.mmdb
 WORKDIR /clash-src
 COPY --from=tonistiigi/xx:golang / /
 COPY . /clash-src
 RUN go mod download && \
-    make linux-amd64 && \
+    make docker && \
-    mv ./bin/clash-linux-amd64 /clash
+    mv ./bin/clash-docker /clash
 FROM alpine:latest
 LABEL org.opencontainers.image.source="https://github.com/Dreamacro/clash"
-RUN apk add --no-cache ca-certificates
+RUN apk add --no-cache ca-certificates tzdata
 COPY --from=builder /Country.mmdb /root/.config/clash/
 COPY --from=builder /clash /
 ENTRYPOINT ["/clash"]
--- a/Dockerfile.arm32v7
+++ b/Dockerfile.arm32v7
@ -1,20 +0,0 @@
 FROM golang:alpine as builder
 RUN apk add --no-cache make git && \
    wget -O /Country.mmdb https://github.com/Dreamacro/maxmind-geoip/releases/latest/download/Country.mmdb && \
    wget -O /qemu-arm-static https://github.com/multiarch/qemu-user-static/releases/latest/download/qemu-arm-static && \
    chmod +x /qemu-arm-static
 WORKDIR /clash-src
 COPY . /clash-src
 RUN go mod download && \
    make linux-armv7 && \
    mv ./bin/clash-linux-armv7 /clash
 FROM arm32v7/alpine:latest
 COPY --from=builder /qemu-arm-static /usr/bin/
 COPY --from=builder /Country.mmdb /root/.config/clash/
 COPY --from=builder /clash /
 RUN apk add --no-cache ca-certificates
 ENTRYPOINT ["/clash"]
--- a/Dockerfile.arm64v8
+++ b/Dockerfile.arm64v8
@ -1,20 +0,0 @@
 FROM golang:alpine as builder
 RUN apk add --no-cache make git && \
    wget -O /Country.mmdb https://github.com/Dreamacro/maxmind-geoip/releases/latest/download/Country.mmdb && \
    wget -O /qemu-aarch64-static https://github.com/multiarch/qemu-user-static/releases/latest/download/qemu-aarch64-static && \
    chmod +x /qemu-aarch64-static
 WORKDIR /clash-src
 COPY . /clash-src
 RUN go mod download && \
    make linux-armv8 && \
    mv ./bin/clash-linux-armv8 /clash
 FROM arm64v8/alpine:latest
 COPY --from=builder /qemu-aarch64-static /usr/bin/
 COPY --from=builder /Country.mmdb /root/.config/clash/
 COPY --from=builder /clash /
 RUN apk add --no-cache ca-certificates
 ENTRYPOINT ["/clash"]
--- a/124
+++ b/124
@ -1,84 +1,70 @@
 GOCMD=go
 XGOCMD=xgo -go=go-1.18.x
 GOBUILD=CGO_ENABLED=1 $(GOCMD) build -trimpath
 GOCLEAN=$(GOCMD) clean
 NAME=clash
-BINDIR=bin
+BINDIR=$(shell pwd)/bin
-VERSION=$(shell git describe --tags || echo "unknown version")
+VERSION=$(shell git describe --tags --always 2>/dev/null ||  date +%F)
 BUILDTIME=$(shell date -u)
-GOBUILD=CGO_ENABLED=0 go build -ldflags '-X "github.com/Dreamacro/clash/constant.Version=$(VERSION)" \
+BUILD_PACKAGE=.
-		-X "github.com/Dreamacro/clash/constant.BuildTime=$(BUILDTIME)" \
+RELEASE_LDFLAGS='-X "github.com/Dreamacro/clash/constant.Version=$(VERSION)" \
-		-w -s'
+                		-X "github.com/Dreamacro/clash/constant.BuildTime=$(BUILDTIME)" \
                		-w -s -buildid='
 STATIC_LDFLAGS='-X "github.com/Dreamacro/clash/constant.Version=$(VERSION)" \
               		-X "github.com/Dreamacro/clash/constant.BuildTime=$(BUILDTIME)" \
               		-extldflags "-static" \
               		-w -s -buildid='
 PLATFORM_LIST = \
 	darwin-amd64 \
-	linux-386 \
+	darwin-arm64 \
-	linux-amd64 \
+	linux-amd64
-	linux-armv5 \
+#	linux-arm64
-	linux-armv6 \
+#	linux-386
 	linux-armv7 \
 	linux-armv8 \
 	linux-mips-softfloat \
 	linux-mips-hardfloat \
 	linux-mipsle-softfloat \
 	linux-mipsle-hardfloat \
 	linux-mips64 \
 	linux-mips64le \
 	freebsd-386 \
 	freebsd-amd64
 WINDOWS_ARCH_LIST = \
-	windows-386 \
+	windows-amd64 \
-	windows-amd64
+	windows-386
 #	windows-arm64
 all: linux-amd64 darwin-amd64 windows-amd64 # Most used
 local:
 	$(GOBUILD) -ldflags $(RELEASE_LDFLAGS) -tags build_local -o $(BINDIR)/$(NAME)-$@
 local-v3:
 	 GOAMD64=v3 $(GOBUILD) -ldflags $(RELEASE_LDFLAGS) -tags build_local -o $(BINDIR)/$(NAME)-$@
 darwin-amd64:
-	GOARCH=amd64 GOOS=darwin $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+	$(XGOCMD) -dest=$(BINDIR) -out=$(NAME) -trimpath=true -ldflags=$(RELEASE_LDFLAGS) -targets=darwin-10.12/amd64 $(BUILD_PACKAGE) && \
 	mv $(BINDIR)/$(NAME)-darwin-10.12-amd64 $(BINDIR)/$(NAME)-darwin-amd64
 darwin-arm64:
 	$(XGOCMD) -dest=$(BINDIR) -out=$(NAME) -trimpath=true -ldflags=$(RELEASE_LDFLAGS) -targets=darwin-11.1/arm64 $(BUILD_PACKAGE) && \
 	mv $(BINDIR)/$(NAME)-darwin-11.1-arm64 $(BINDIR)/$(NAME)-darwin-arm64
 linux-386:
-	GOARCH=386 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+	$(XGOCMD) -dest=$(BINDIR) -out=$(NAME) -trimpath=true -ldflags=$(STATIC_LDFLAGS) -targets=linux/386 $(BUILD_PACKAGE)
 linux-amd64:
-	GOARCH=amd64 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+	$(GOBUILD) -ldflags $(RELEASE_LDFLAGS) -o $(BINDIR)/$(NAME)-$@
 	#GOARCH=amd64 GOOS=linux $(GOBUILD) -ldflags $(RELEASE_LDFLAGS) -o $(BINDIR)/$(NAME)-$@
 	#$(XGOCMD) -dest=$(BINDIR) -out=$(NAME) -trimpath=true -ldflags=$(STATIC_LDFLAGS) -targets=linux/amd64 $(BUILD_PACKAGE)
-linux-armv5:
+linux-arm64:
-	GOARCH=arm GOOS=linux GOARM=5 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+	$(XGOCMD) -dest=$(BINDIR) -out=$(NAME) -trimpath=true -ldflags=$(STATIC_LDFLAGS) -targets=linux/arm64 $(BUILD_PACKAGE)
 linux-armv6:
 	GOARCH=arm GOOS=linux GOARM=6 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 linux-armv7:
 	GOARCH=arm GOOS=linux GOARM=7 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 linux-armv8:
 	GOARCH=arm64 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 linux-mips-softfloat:
 	GOARCH=mips GOMIPS=softfloat GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 linux-mips-hardfloat:
 	GOARCH=mips GOMIPS=hardfloat GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 linux-mipsle-softfloat:
 	GOARCH=mipsle GOMIPS=softfloat GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 linux-mipsle-hardfloat:
 	GOARCH=mipsle GOMIPS=hardfloat GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 linux-mips64:
 	GOARCH=mips64 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 linux-mips64le:
 	GOARCH=mips64le GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 freebsd-386:
 	GOARCH=386 GOOS=freebsd $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 freebsd-amd64:
 	GOARCH=amd64 GOOS=freebsd $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 windows-386:
-	GOARCH=386 GOOS=windows $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
+	$(XGOCMD) -dest=$(BINDIR) -out=$(NAME) -trimpath=true -ldflags=$(RELEASE_LDFLAGS) -targets=windows-6.0/386 $(BUILD_PACKAGE) && \
 	mv $(BINDIR)/$(NAME)-windows-6.0-386.exe $(BINDIR)/$(NAME)-windows-386.exe
 windows-amd64:
-	GOARCH=amd64 GOOS=windows $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
+	$(XGOCMD) -dest=$(BINDIR) -out=$(NAME) -trimpath=true -ldflags=$(RELEASE_LDFLAGS) -targets=windows-6.0/amd64 $(BUILD_PACKAGE) && \
 	mv $(BINDIR)/$(NAME)-windows-6.0-amd64.exe $(BINDIR)/$(NAME)-windows-amd64.exe
 #windows-arm64:
 #	$(XGOCMD) -dest=$(BINDIR) -out=$(NAME) -trimpath=true -ldflags=$(RELEASE_LDFLAGS) -targets=windows/arm64 $(BUILD_PACKAGE)
 #	mv $(NAME)-windows-4.0-arm64.exe $(NAME)-windows-arm64.exe
 gz_releases=$(addsuffix .gz, $(PLATFORM_LIST))
 zip_releases=$(addsuffix .zip, $(WINDOWS_ARCH_LIST))
@ -93,5 +79,19 @@ $(zip_releases): %.zip : %
 all-arch: $(PLATFORM_LIST) $(WINDOWS_ARCH_LIST)
 releases: $(gz_releases) $(zip_releases)
 vet:
 	$(GOCMD) test -tags build_local ./...
 lint:
 	golangci-lint run --build-tags=build_local ./...
 clean:
-	rm $(BINDIR)/*
+	rm -rf $(BINDIR)/
 	mkdir -p $(BINDIR)
 cleancache:
 	# go build cache may need to cleanup if changing C source code
 	$(GOCLEAN) -cache
 	rm -rf $(BINDIR)/
 	mkdir -p $(BINDIR)
--- a/README.md
+++ b/README.md
@ -12,382 +12,377 @@
  <a href="https://goreportcard.com/report/github.com/Dreamacro/clash">
    <img src="https://goreportcard.com/badge/github.com/Dreamacro/clash?style=flat-square">
  </a>
  <img src="https://img.shields.io/github/go-mod/go-version/Dreamacro/clash?style=flat-square">
  <a href="https://github.com/Dreamacro/clash/releases">
    <img src="https://img.shields.io/github/release/Dreamacro/clash/all.svg?style=flat-square">
  </a>
  <a href="https://github.com/Dreamacro/clash/releases/tag/premium">
    <img src="https://img.shields.io/badge/release-Premium-00b4f0?style=flat-square">
  </a>
 </p>
 ## Features
- Local HTTP/HTTPS/SOCKS server with/without authentication
+- Local HTTP/HTTPS/SOCKS server with authentication support
- VMess, Shadowsocks, Trojan (experimental), Snell protocol support for remote connections. UDP is supported.
+- VMess, Shadowsocks, Trojan, Snell protocol support for remote connections
- Built-in DNS server that aims to minimize DNS pollution attacks, supports DoH/DoT upstream. Fake IP is also supported.
+- Built-in DNS server that aims to minimize DNS pollution attack impact, supports DoH/DoT upstream and fake IP.
- Rules based off domains, GEOIP, IP CIDR or ports to forward packets to different nodes
+- Rules based off domains, GEOIP, IPCIDR or Process to forward packets to different nodes
 - Remote groups allow users to implement powerful rules. Supports automatic fallback, load balancing or auto select node based off latency
 - Remote providers, allowing users to get node lists remotely instead of hardcoding in config
- Netfilter TCP redirecting. You can deploy Clash on your Internet gateway with `iptables`.
+- Netfilter TCP redirecting. Deploy Clash on your Internet gateway with `iptables`.
- Comprehensive HTTP API controller
+- Comprehensive HTTP RESTful API controller
-## Install
+## Getting Started
 Documentations are now moved to [GitHub Wiki](https://github.com/Dreamacro/clash/wiki).
-Clash requires Go >= 1.13. You can build it from source:
+## Advanced usage for this branch
 ### Build
 This branch requires cgo and Python3.9, so make sure you set up Python3.9 before building.
-```sh
+For example, build on macOS:
-$ go get -u -v github.com/Dreamacro/clash
+```shell
 brew update
 brew install python@3.9
 export PKG_CONFIG_PATH=$(find /usr/local/Cellar -name 'pkgconfig' -type d | grep lib/pkgconfig | tr '\n' ':' | sed s/.$//)
 git clone -b plus-pro https://github.com/yaling888/clash.git
 cd clash
 # build
 make cleancache && make local 
 # or make local-v3
 ls bin/
 # run
 sudo bin/clash-local
 ```
-Pre-built binaries are available here: [release](https://github.com/Dreamacro/clash/releases)  
+### MITM configuration
-Pre-built TUN mode binaries are available here: [TUN release](https://github.com/Dreamacro/clash/releases/tag/TUN). Source is not currently available.
+A root CA certificate is required, the 
 MITM proxy server will generate a CA certificate file and a CA private key file in your Clash home directory, you can use your own certificate replace it. 
-Check Clash version with:
+Need to install and trust the CA certificate on the client device, open this URL [http://mitm.clash/cert.crt](http://mitm.clash/cert.crt) by the web browser to install the CA certificate, the host name 'mitm.clash' was always been hijacked.
-```sh
+NOTE: this feature cannot work on tls pinning
-$ clash -v
+
 WARNING: DO NOT USE THIS FEATURE TO BREAK LOCAL LAWS
 ```yaml
 # Port of MITM proxy server on the local end
 mitm-port: 7894
 # Man-In-The-Middle attack
 mitm:
  hosts: # use for others proxy type. E.g: TUN, socks
    - +.example.com
  rules: # rewrite rules
    - '^https?://www\.example\.com/1 url reject' # The "reject" returns HTTP status code 404 with no content.
    - '^https?://www\.example\.com/2 url reject-200' # The "reject-200" returns HTTP status code 200 with no content.
    - '^https?://www\.example\.com/3 url reject-img' # The "reject-img" returns HTTP status code 200 with content of 1px png.
    - '^https?://www\.example\.com/4 url reject-dict' # The "reject-dict" returns HTTP status code 200 with content of empty json object.
    - '^https?://www\.example\.com/5 url reject-array' # The "reject-array" returns HTTP status code 200 with content of empty json array.
    - '^https?://www\.example\.com/(6) url 302 https://www.example.com/new-$1'
    - '^https?://www\.(example)\.com/7 url 307 https://www.$1.com/new-7'
    - '^https?://www\.example\.com/8 url request-header (\r\n)User-Agent:.+(\r\n) request-header $1User-Agent: haha-wriohoh$2' # The "request-header" works for all the http headers not just one single header, so you can match two or more headers including CRLF in one regular expression.
    - '^https?://www\.example\.com/9 url request-body "pos_2":\[.*\],"pos_3" request-body "pos_2":[{"xx": "xx"}],"pos_3"'
    - '^https?://www\.example\.com/10 url response-header (\r\n)Tracecode:.+(\r\n) response-header $1Tracecode: 88888888888$2'
    - '^https?://www\.example\.com/11 url response-body "errmsg":"ok" response-body "errmsg":"not-ok"'
 ```
-## Daemonize Clash
+### DNS configuration
 Support resolve ip with a proxy tunnel.
-Unfortunately, there is no native or elegant way to implement daemons on Golang. We recommend using third-party daemon management tools like PM2, Supervisor or the like to keep Clash running as a service.
+Support `geosite` with `fallback-filter`.
-In the case of [pm2](https://github.com/Unitech/pm2), start the daemon this way:
+Use `curl -X POST controllerip:port/cache/fakeip/flush` to flush persistence fakeip
 ```yaml
 dns:
   enable: true
   use-hosts: true
   ipv6: false
   enhanced-mode: fake-ip
   fake-ip-range: 198.18.0.1/16
   listen: 127.0.0.1:6868
   default-nameserver:
     - 119.29.29.29
     - 114.114.114.114
   nameserver:
     - https://doh.pub/dns-query
     - tls://223.5.5.5:853
   fallback:
     - 'https://1.0.0.1/dns-query#Proxy'  # append the proxy adapter name to the end of DNS URL with '#' prefix.
     - 'tls://8.8.4.4:853#Proxy'
   fallback-filter:
     geoip: false
     geosite:
       - gfw  # `geosite` filter only use fallback server to resolve ip, prevent DNS leaks to untrusted DNS providers.
     domain:
       - +.example.com
     ipcidr:
       - 0.0.0.0/32
 ```
-```sh
+### TUN configuration
-$ pm2 start clash
+Supports macOS, Linux and Windows.
 On Windows, you should download the [Wintun](https://www.wintun.net) driver and copy `wintun.dll` into the system32 directory.
 ```yaml
 # Enable the TUN listener
 tun:
  enable: true
  stack: gvisor # System or gVisor
  # device: tun://utun8 # or fd://xxx, it's optional
  dns-hijack: 
    - 0.0.0.0:53 # hijack all public
  auto-route: true # auto set global route
 ```
 ### Rules configuration
 - Support rule `GEOSITE`.
 - Support rule `USER-AGENT`.
 - Support `multiport` condition for rule `SRC-PORT` and `DST-PORT`.
 - Support `network` condition for all rules.
 - Support `process` condition for all rules.
 - Support source IPCIDR condition for all rules, just append to the end.
-If you have Docker installed, it's recommended to deploy Clash directly using `docker-compose`: [run Clash in Docker](https://github.com/Dreamacro/clash/wiki/Run-clash-in-docker)
+The `GEOIP` databases via [https://github.com/Loyalsoldier/geoip](https://raw.githubusercontent.com/Loyalsoldier/geoip/release/Country.mmdb).
-## Config
+The `GEOSITE` databases via [https://github.com/Loyalsoldier/v2ray-rules-dat](https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat).
 ```yaml
 mode: rule
-The default configuration directory is `$HOME/.config/clash`.
+script:
  shortcuts:
    quic: 'network == "udp" and dst_port == 443'
    privacy: '"analytics" in host or "adservice" in host or "firebase" in host or "safebrowsing" in host or "doubleclick" in host'
-The name of the configuration file is `config.yaml`.
+rules:
  # rule SCRIPT
  - SCRIPT,quic,REJECT # Disable QUIC, same as rule "DST-PORT,443,REJECT,udp"
  - SCRIPT,privacy,REJECT
  # network condition for all rules
  - DOMAIN-SUFFIX,example.com,DIRECT,tcp
  - DOMAIN-SUFFIX,example.com,REJECT,udp
-If you want to use another directory, use `-d` to control the configuration directory.
+  # process condition for all rules (add 'P:' prefix)
  - DOMAIN-SUFFIX,example.com,REJECT,P:Google Chrome Helper
-For example, you can use the current directory as the configuration directory:
+  # multiport condition for rules SRC-PORT and DST-PORT
  - DST-PORT,123/136/137-139,DIRECT,udp
-```sh
+  # USER-AGENT payload cannot include the comma character, '*' meaning any character.
-$ clash -d .
+  - USER-AGENT,*example*,PROXY
 ```
-<details>
+  # rule GEOSITE
-  <summary>This is an example configuration file (click to expand)</summary>
+  - GEOSITE,category-ads-all,REJECT
  - GEOSITE,icloud@cn,DIRECT
  - GEOSITE,apple@cn,DIRECT
  - GEOSITE,apple-cn,DIRECT
  - GEOSITE,microsoft@cn,DIRECT
  - GEOSITE,facebook,PROXY
  - GEOSITE,youtube,PROXY
  - GEOSITE,geolocation-cn,DIRECT
  - GEOSITE,geolocation-!cn,PROXY
-```yml
+  # source IPCIDR condition for all rules in gateway proxy
-# port of HTTP
+  #- GEOSITE,geolocation-!cn,REJECT,192.168.1.88/32,192.168.1.99/32
 port: 7890
 # port of SOCKS5
 socks-port: 7891
 # redir port for Linux and macOS
 # redir-port: 7892
 allow-lan: false
 # Only applicable when setting allow-lan to true
 # "*": bind all IP addresses
 # 192.168.122.11: bind a single IPv4 address
 # "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address
 # bind-address: "*"
 # Rule / Global / Direct (default is Rule)
 mode: Rule
 # set log level to stdout (default is info)
 # info / warning / error / debug / silent
 log-level: info
 # RESTful API for clash
 external-controller: 127.0.0.1:9090
 # you can put the static web resource (such as clash-dashboard) to a directory, and clash would serve in `${API}/ui`
 # input is a relative path to the configuration directory or an absolute path
 # external-ui: folder
 # Secret for RESTful API (Optional)
 # secret: ""
 # experimental feature
 experimental:
  ignore-resolve-fail: true # ignore dns resolve fail, default value is true
  # interface-name: en0 # outbound interface name
 # authentication of local SOCKS5/HTTP(S) server
 # authentication:
 #  - "user1:pass1"
 #  - "user2:pass2"
 # # experimental hosts, support wildcard (e.g. *.clash.dev Even *.foo.*.example.com)
 # # static domain has a higher priority than wildcard domain (foo.example.com > *.example.com > .example.com)
 # hosts:
 #   '*.clash.dev': 127.0.0.1
 #   '.dev': 127.0.0.1
 #   'alpha.clash.dev': '::1'
 # dns:
  # enable: true # set true to enable dns (default is false)
  # ipv6: false # default is false
  # listen: 0.0.0.0:53
  # # default-nameserver: # resolve dns nameserver host, should fill pure IP
  # #   - 114.114.114.114
  # #   - 8.8.8.8
  # enhanced-mode: redir-host # or fake-ip
  # # fake-ip-range: 198.18.0.1/16 # if you don't know what it is, don't change it
  # fake-ip-filter: # fake ip white domain list
  #   - '*.lan'
  #   - localhost.ptlogin2.qq.com
  # nameserver:
  #   - 114.114.114.114
  #   - tls://dns.rubyfish.cn:853 # dns over tls
  #   - https://1.1.1.1/dns-query # dns over https
  # fallback: # concurrent request with nameserver, fallback used when GEOIP country isn't CN
  #   - tcp://1.1.1.1
  # fallback-filter:
  #   geoip: true # default
  #   ipcidr: # ips in these subnets will be considered polluted
  #     - 240.0.0.0/4
 proxies:
  # shadowsocks
  # The supported ciphers(encrypt methods):
  #   aes-128-gcm aes-192-gcm aes-256-gcm
  #   aes-128-cfb aes-192-cfb aes-256-cfb
  #   aes-128-ctr aes-192-ctr aes-256-ctr
  #   rc4-md5 chacha20-ietf xchacha20
  #   chacha20-ietf-poly1305 xchacha20-ietf-poly1305
  - name: "ss1"
    type: ss
    server: server
    port: 443
    cipher: chacha20-ietf-poly1305
    password: "password"
    # udp: true
  # old obfs configuration format remove after prerelease
  - name: "ss2"
    type: ss
    server: server
    port: 443
    cipher: chacha20-ietf-poly1305
    password: "password"
    plugin: obfs
    plugin-opts:
      mode: tls # or http
      # host: bing.com
  - name: "ss3"
    type: ss
    server: server
    port: 443
    cipher: chacha20-ietf-poly1305
    password: "password"
    plugin: v2ray-plugin
    plugin-opts:
      mode: websocket # no QUIC now
      # tls: true # wss
      # skip-cert-verify: true
      # host: bing.com
      # path: "/"
      # mux: true
      # headers:
      #   custom: value
  # vmess
  # cipher support auto/aes-128-gcm/chacha20-poly1305/none
  - name: "vmess"
    type: vmess
    server: server
    port: 443
    uuid: uuid
    alterId: 32
    cipher: auto
    # udp: true
    # tls: true
    # skip-cert-verify: true
    # network: ws
    # ws-path: /path
    # ws-headers:
    #   Host: v2ray.com
-  - name: "vmess-http"
+  - GEOIP,telegram,PROXY,no-resolve
-    type: vmess
+  - GEOIP,lan,DIRECT,no-resolve
  - GEOIP,cn,DIRECT
  - MATCH,PROXY
 ```
 ### Script configuration
 Script enables users to programmatically select a policy for the packets with more flexibility.
 ```yaml
 mode: script
 rules:
  # the rule GEOSITE just as a rule provider in mode script
  - GEOSITE,category-ads-all,Whatever
  - GEOSITE,youtube,Whatever
  - GEOSITE,geolocation-cn,Whatever
 script:
  code: |
    def main(ctx, metadata):
      if metadata["process_name"] == 'apsd':
        return "DIRECT"
      if metadata["network"] == 'udp' and metadata["dst_port"] == 443:
        return "REJECT"
      host = metadata["host"]
      for kw in ['analytics', 'adservice', 'firebase', 'bugly', 'safebrowsing', 'doubleclick']:
        if kw in host:
          return "REJECT"
      now = time.now()
      if (now.hour < 8 or now.hour > 17) and metadata["src_ip"] == '192.168.1.99':
        return "REJECT"
      if ctx.rule_providers["geosite:category-ads-all"].match(metadata):
        return "REJECT"
      if ctx.rule_providers["geosite:youtube"].match(metadata):
        ctx.log('[Script] domain %s matched youtube' % host)
        return "Proxy"
      if ctx.rule_providers["geosite:geolocation-cn"].match(metadata):
        ctx.log('[Script] domain %s matched geolocation-cn' % host)
        return "DIRECT"
      ip = metadata["dst_ip"] 
      if host != "":
        ip = ctx.resolve_ip(host)
        if ip == "":
          return "Proxy"
      code = ctx.geoip(ip)
      if code == "LAN" or code == "CN":
        return "DIRECT"
      return "Proxy" # default policy for requests which are not matched by any other script
 ```
 the context and metadata
 ```ts
 interface Metadata {
  type: string // socks5、http
  network: string // tcp
  host: string
  process_name: string
  process_path: string
  src_ip: string
  src_port: int
  dst_ip: string
  dst_port: int
 }
 interface Context {
  resolve_ip: (host: string) => string // ip string
  geoip: (ip: string) => string // country code
  log: (log: string) => void
  rule_providers: Record<string, { match: (metadata: Metadata) => boolean }>
 }
 ```
 ### Proxies configuration
 Support outbound protocol `VLESS`.
 Support `Trojan` with XTLS.
 Currently XTLS only supports TCP transport.
 ```yaml
 proxies:
  # VLESS
  - name: "vless-tls"
    type: vless
    server: server
    port: 443
    uuid: uuid
-    alterId: 32
+    network: tcp
-    cipher: auto
+    servername: example.com
-    # udp: true
+    udp: true
-    # network: http
+    # skip-cert-verify: true
-    # http-opts:
+  - name: "vless-xtls"
-    #   # method: "GET"
+    type: vless
    #   # path:
    #   #   - '/'
    #   #   - '/video'
    #   # headers:
    #   #   Connection:
    #   #     - keep-alive
  # socks5
  - name: "socks"
    type: socks5
    server: server
    port: 443
-    # username: username
+    uuid: uuid
-    # password: password
+    network: tcp
-    # tls: true
+    servername: example.com
-    # skip-cert-verify: true
+    flow: xtls-rprx-direct # or xtls-rprx-origin
    # flow-show: true # print the XTLS direction log
    # udp: true
  # http
  - name: "http"
    type: http
    server: server
    port: 443
    # username: username
    # password: password
    # tls: true # https
    # skip-cert-verify: true
-  # snell
+  # Trojan
-  - name: "snell"
+  - name: "trojan-xtls"
    type: snell
    server: server
    port: 44046
    psk: yourpsk
    # obfs-opts:
      # mode: http # or tls
      # host: bing.com
  # trojan
  - name: "trojan"
    type: trojan
    server: server
    port: 443
    password: yourpsk
    network: tcp
    flow: xtls-rprx-direct # or xtls-rprx-origin
    # flow-show: true # print the XTLS direction log
    # udp: true
    # sni: example.com # aka server name
    # alpn:
    #   - h2
    #   - http/1.1
    # skip-cert-verify: true
 proxy-groups:
  # relay chains the proxies. proxies shall not contain a relay. No UDP support.
  # Traffic: clash <-> http <-> vmess <-> ss1 <-> ss2 <-> Internet
  - name: "relay"
    type: relay
    proxies:
      - http
      - vmess
      - ss1
      - ss2
  # url-test select which proxy will be used by benchmarking speed to a URL.
  - name: "auto"
    type: url-test
    proxies:
      - ss1
      - ss2
      - vmess1
    url: 'http://www.gstatic.com/generate_204'
    interval: 300
  # fallback select an available policy by priority. The availability is tested by accessing an URL, just like an auto url-test group.
  - name: "fallback-auto"
    type: fallback
    proxies:
      - ss1
      - ss2
      - vmess1
    url: 'http://www.gstatic.com/generate_204'
    interval: 300
  # load-balance: The request of the same eTLD will be dial on the same proxy.
  - name: "load-balance"
    type: load-balance
    proxies:
      - ss1
      - ss2
      - vmess1
    url: 'http://www.gstatic.com/generate_204'
    interval: 300
  # select is used for selecting proxy or proxy group
  # you can use RESTful API to switch proxy, is recommended for use in GUI.
  - name: Proxy
    type: select
    proxies:
      - ss1
      - ss2
      - vmess1
      - auto
  - name: UseProvider
    type: select
    use:
      - provider1
    proxies:
      - Proxy
      - DIRECT
 proxy-providers:
  provider1:
    type: http
    url: "url"
    interval: 3600
    path: ./hk.yaml
    health-check:
      enable: true
      interval: 600
      url: http://www.gstatic.com/generate_204
  test:
    type: file
    path: /test.yaml
    health-check:
      enable: true
      interval: 36000
      url: http://www.gstatic.com/generate_204
 rules:
  - DOMAIN-SUFFIX,google.com,auto
  - DOMAIN-KEYWORD,google,auto
  - DOMAIN,google.com,auto
  - DOMAIN-SUFFIX,ad.com,REJECT
  # rename SOURCE-IP-CIDR and would remove after prerelease
  - SRC-IP-CIDR,192.168.1.201/32,DIRECT
  # optional param "no-resolve" for IP rules (GEOIP IP-CIDR)
  - IP-CIDR,127.0.0.0/8,DIRECT
  - GEOIP,CN,DIRECT
  - DST-PORT,80,DIRECT
  - SRC-PORT,7777,DIRECT
  # FINAL would remove after prerelease
  # you also can use `FINAL,Proxy` or `FINAL,,Proxy` now
  - MATCH,auto
 ```
 </details>
-## Advanced
+### IPTABLES configuration
-[Provider](https://github.com/Dreamacro/clash/wiki/Provider)
+Work on Linux OS who's supported `iptables`
-## Documentations
+```yaml
-https://clash.gitbook.io/
+# Enable the TPROXY listener
 tproxy-port: 9898
 iptables:
  enable: true # default is false
  inbound-interface: eth0 # detect the inbound interface, default is 'lo'
 ```
 Run Clash as a daemon.
 Create the systemd configuration file at /etc/systemd/system/clash.service:
 ```shell
 [Unit]
 Description=Clash daemon, A rule-based proxy in Go.
 After=network.target
 [Service]
 Type=simple
 CapabilityBoundingSet=cap_net_admin
 Restart=always
 ExecStart=/usr/local/bin/clash -d /etc/clash
 [Install]
 WantedBy=multi-user.target
 ```
 Launch clashd on system startup with:
 ```shell
 $ systemctl enable clash
 ```
 Launch clashd immediately with:
 ```shell
 $ systemctl start clash
 ```
 ### Display Process name
 To display process name online by click [https://yaling888.github.io/yacd/](https://yaling888.github.io/yacd/).
 You can download the [Dashboard](https://github.com/yaling888/yacd/archive/gh-pages.zip) into Clash home directory:
 ```shell
 cd ~/.config/clash
 curl -LJ https://github.com/yaling888/yacd/archive/gh-pages.zip -o dashboard.zip
 unzip dashboard.zip
 ```
 Add to config file:
 ```yaml
 external-controller: 127.0.0.1:9090
 external-ui: dashboard
 ```
 Open [http://127.0.0.1:9090/ui/](http://127.0.0.1:9090/ui/) by web browser.
 ## Plus Pro Release
 [Release](https://github.com/yaling888/clash/releases/tag/plus)
 ## Development
 If you want to build an application that uses clash as a library, check out the the [GitHub Wiki](https://github.com/Dreamacro/clash/wiki/use-clash-as-a-library)
 ## Credits
-[riobard/go-shadowsocks2](https://github.com/riobard/go-shadowsocks2)
+* [riobard/go-shadowsocks2](https://github.com/riobard/go-shadowsocks2)
-
+* [v2ray/v2ray-core](https://github.com/v2ray/v2ray-core)
-[v2ray/v2ray-core](https://github.com/v2ray/v2ray-core)
+* [WireGuard/wireguard-go](https://github.com/WireGuard/wireguard-go)
 ## License
 This software is released under the GPL-3.0 license.
 [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2FDreamacro%2Fclash.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2FDreamacro%2Fclash?ref=badge_large)
 ## TODO
 - [x] Complementing the necessary rule operators
 - [x] Redir proxy
 - [x] UDP support
 - [x] Connection manager
 - [ ] Event API
--- a/adapter/adapter.go
+++ b/adapter/adapter.go
@ -0,0 +1,197 @@
 package adapter
 import (
 	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"net"
 	"net/http"
 	"net/netip"
 	"net/url"
 	"time"
 	_ "unsafe"
 	"github.com/Dreamacro/clash/common/queue"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"go.uber.org/atomic"
 )
 //go:linkname errCanceled net.errCanceled
 var errCanceled error
 type Proxy struct {
 	C.ProxyAdapter
 	history *queue.Queue[C.DelayHistory]
 	alive   *atomic.Bool
 }
 // Alive implements C.Proxy
 func (p *Proxy) Alive() bool {
 	return p.alive.Load()
 }
 // Dial implements C.Proxy
 func (p *Proxy) Dial(metadata *C.Metadata) (C.Conn, error) {
 	ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTCPTimeout)
 	defer cancel()
 	return p.DialContext(ctx, metadata)
 }
 // DialContext implements C.ProxyAdapter
 func (p *Proxy) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
 	conn, err := p.ProxyAdapter.DialContext(ctx, metadata, opts...)
 	p.alive.Store(err == nil || errors.Is(err, errCanceled))
 	return conn, err
 }
 // DialUDP implements C.ProxyAdapter
 func (p *Proxy) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	ctx, cancel := context.WithTimeout(context.Background(), C.DefaultUDPTimeout)
 	defer cancel()
 	return p.ListenPacketContext(ctx, metadata)
 }
 // ListenPacketContext implements C.ProxyAdapter
 func (p *Proxy) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
 	pc, err := p.ProxyAdapter.ListenPacketContext(ctx, metadata, opts...)
 	p.alive.Store(err == nil)
 	return pc, err
 }
 // DelayHistory implements C.Proxy
 func (p *Proxy) DelayHistory() []C.DelayHistory {
 	queueM := p.history.Copy()
 	histories := []C.DelayHistory{}
 	for _, item := range queueM {
 		histories = append(histories, item)
 	}
 	return histories
 }
 // LastDelay return last history record. if proxy is not alive, return the max value of uint16.
 // implements C.Proxy
 func (p *Proxy) LastDelay() (delay uint16) {
 	var max uint16 = 0xffff
 	if !p.alive.Load() {
 		return max
 	}
 	history := p.history.Last()
 	if history.Delay == 0 {
 		return max
 	}
 	return history.Delay
 }
 // MarshalJSON implements C.ProxyAdapter
 func (p *Proxy) MarshalJSON() ([]byte, error) {
 	inner, err := p.ProxyAdapter.MarshalJSON()
 	if err != nil {
 		return inner, err
 	}
 	mapping := map[string]any{}
 	_ = json.Unmarshal(inner, &mapping)
 	mapping["history"] = p.DelayHistory()
 	mapping["name"] = p.Name()
 	mapping["udp"] = p.SupportUDP()
 	return json.Marshal(mapping)
 }
 // URLTest get the delay for the specified URL
 // implements C.Proxy
 func (p *Proxy) URLTest(ctx context.Context, url string) (t uint16, err error) {
 	defer func() {
 		p.alive.Store(err == nil)
 		record := C.DelayHistory{Time: time.Now()}
 		if err == nil {
 			record.Delay = t
 		}
 		p.history.Put(record)
 		if p.history.Len() > 10 {
 			p.history.Pop()
 		}
 	}()
 	addr, err := urlToMetadata(url)
 	if err != nil {
 		return
 	}
 	start := time.Now()
 	instance, err := p.DialContext(ctx, &addr)
 	if err != nil {
 		return
 	}
 	defer func() {
 		_ = instance.Close()
 	}()
 	req, err := http.NewRequest(http.MethodHead, url, nil)
 	if err != nil {
 		return
 	}
 	req = req.WithContext(ctx)
 	transport := &http.Transport{
 		DialContext: func(context.Context, string, string) (net.Conn, error) {
 			return instance, nil
 		},
 		// from http.DefaultTransport
 		MaxIdleConns:          100,
 		IdleConnTimeout:       90 * time.Second,
 		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
 	}
 	client := http.Client{
 		Transport: transport,
 		CheckRedirect: func(req *http.Request, via []*http.Request) error {
 			return http.ErrUseLastResponse
 		},
 	}
 	defer client.CloseIdleConnections()
 	resp, err := client.Do(req)
 	if err != nil {
 		return
 	}
 	_ = resp.Body.Close()
 	t = uint16(time.Since(start) / time.Millisecond)
 	return
 }
 func NewProxy(adapter C.ProxyAdapter) *Proxy {
 	return &Proxy{adapter, queue.New[C.DelayHistory](10), atomic.NewBool(true)}
 }
 func urlToMetadata(rawURL string) (addr C.Metadata, err error) {
 	u, err := url.Parse(rawURL)
 	if err != nil {
 		return
 	}
 	port := u.Port()
 	if port == "" {
 		switch u.Scheme {
 		case "https":
 			port = "443"
 		case "http":
 			port = "80"
 		default:
 			err = fmt.Errorf("%s scheme not Support", rawURL)
 			return
 		}
 	}
 	addr = C.Metadata{
 		AddrType: C.AtypDomainName,
 		Host:     u.Hostname(),
 		DstIP:    netip.Addr{},
 		DstPort:  port,
 	}
 	return
 }
--- a/adapter/inbound/http.go
+++ b/adapter/inbound/http.go
@ -0,0 +1,21 @@
 package inbound
 import (
 	"net"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/context"
 	"github.com/Dreamacro/clash/transport/socks5"
 )
 // NewHTTP receive normal http request and return HTTPContext
 func NewHTTP(target socks5.Addr, source net.Addr, conn net.Conn) *context.ConnContext {
 	metadata := parseSocksAddr(target)
 	metadata.NetWork = C.TCP
 	metadata.Type = C.HTTP
 	if ip, port, err := parseAddr(source.String()); err == nil {
 		metadata.SrcIP = ip
 		metadata.SrcPort = port
 	}
 	return context.NewConnContext(conn, metadata)
 }
--- a/adapters/inbound/https.go
+++ b/adapters/inbound/https.go
@ -5,18 +5,16 @@ import (
 	"net/http"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/context"
 )
-// NewHTTPS is HTTPAdapter generator
+// NewHTTPS receive CONNECT request and return ConnContext
-func NewHTTPS(request *http.Request, conn net.Conn) *SocketAdapter {
+func NewHTTPS(request *http.Request, conn net.Conn) *context.ConnContext {
 	metadata := parseHTTPAddr(request)
 	metadata.Type = C.HTTPCONNECT
 	if ip, port, err := parseAddr(conn.RemoteAddr().String()); err == nil {
 		metadata.SrcIP = ip
 		metadata.SrcPort = port
 	}
-	return &SocketAdapter{
+	return context.NewConnContext(conn, metadata)
 		metadata: metadata,
 		Conn:     conn,
 	}
 }
--- a/adapter/inbound/mitm.go
+++ b/adapter/inbound/mitm.go
@ -0,0 +1,22 @@
 package inbound
 import (
 	"net"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/context"
 	"github.com/Dreamacro/clash/transport/socks5"
 )
 // NewMitm receive mitm request and return MitmContext
 func NewMitm(target socks5.Addr, source net.Addr, userAgent string, conn net.Conn) *context.ConnContext {
 	metadata := parseSocksAddr(target)
 	metadata.NetWork = C.TCP
 	metadata.Type = C.MITM
 	metadata.UserAgent = userAgent
 	if ip, port, err := parseAddr(source.String()); err == nil {
 		metadata.SrcIP = ip
 		metadata.SrcPort = port
 	}
 	return context.NewConnContext(conn, metadata)
 }
--- a/adapters/inbound/packet.go
+++ b/adapters/inbound/packet.go
@ -1,8 +1,8 @@
 package inbound
 import (
 	"github.com/Dreamacro/clash/component/socks5"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/socks5"
 )
 // PacketAdapter is a UDP Packet adapter for socks/redir/tun
--- a/adapter/inbound/socket.go
+++ b/adapter/inbound/socket.go
@ -0,0 +1,22 @@
 package inbound
 import (
 	"net"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/context"
 	"github.com/Dreamacro/clash/transport/socks5"
 )
 // NewSocket receive TCP inbound and return ConnContext
 func NewSocket(target socks5.Addr, conn net.Conn, source C.Type) *context.ConnContext {
 	metadata := parseSocksAddr(target)
 	metadata.NetWork = C.TCP
 	metadata.Type = source
 	if ip, port, err := parseAddr(conn.RemoteAddr().String()); err == nil {
 		metadata.SrcIP = ip
 		metadata.SrcPort = port
 	}
 	return context.NewConnContext(conn, metadata)
 }
--- a/adapters/inbound/util.go
+++ b/adapters/inbound/util.go
@ -3,10 +3,13 @@ package inbound
 import (
 	"net"
 	"net/http"
 	"net/netip"
 	"strconv"
 	"strings"
-	"github.com/Dreamacro/clash/component/socks5"
+	"github.com/Dreamacro/clash/common/nnip"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/socks5"
 )
 func parseSocksAddr(target socks5.Addr) *C.Metadata {
@ -16,15 +19,14 @@ func parseSocksAddr(target socks5.Addr) *C.Metadata {
 	switch target[0] {
 	case socks5.AtypDomainName:
-		metadata.Host = string(target[2 : 2+target[1]])
+		// trim for FQDN
 		metadata.Host = strings.TrimRight(string(target[2:2+target[1]]), ".")
 		metadata.DstPort = strconv.Itoa((int(target[2+target[1]]) << 8) | int(target[2+target[1]+1]))
 	case socks5.AtypIPv4:
-		ip := net.IP(target[1 : 1+net.IPv4len])
+		metadata.DstIP = nnip.IpToAddr(net.IP(target[1 : 1+net.IPv4len]))
 		metadata.DstIP = ip
 		metadata.DstPort = strconv.Itoa((int(target[1+net.IPv4len]) << 8) | int(target[1+net.IPv4len+1]))
 	case socks5.AtypIPv6:
-		ip := net.IP(target[1 : 1+net.IPv6len])
+		metadata.DstIP = nnip.IpToAddr(net.IP(target[1 : 1+net.IPv6len]))
 		metadata.DstIP = ip
 		metadata.DstPort = strconv.Itoa((int(target[1+net.IPv6len]) << 8) | int(target[1+net.IPv6len+1]))
 	}
@ -38,18 +40,21 @@ func parseHTTPAddr(request *http.Request) *C.Metadata {
 		port = "80"
 	}
 	// trim FQDN (#737)
 	host = strings.TrimRight(host, ".")
 	metadata := &C.Metadata{
 		NetWork:  C.TCP,
 		AddrType: C.AtypDomainName,
 		Host:     host,
-		DstIP:    nil,
+		DstIP:    netip.Addr{},
 		DstPort:  port,
 	}
-	ip := net.ParseIP(host)
+	ip, err := netip.ParseAddr(host)
-	if ip != nil {
+	if err == nil {
 		switch {
-		case ip.To4() == nil:
+		case ip.Is6():
 			metadata.AddrType = C.AtypIPv6
 		default:
 			metadata.AddrType = C.AtypIPv4
@ -60,12 +65,12 @@ func parseHTTPAddr(request *http.Request) *C.Metadata {
 	return metadata
 }
-func parseAddr(addr string) (net.IP, string, error) {
+func parseAddr(addr string) (netip.Addr, string, error) {
 	host, port, err := net.SplitHostPort(addr)
 	if err != nil {
-		return nil, "", err
+		return netip.Addr{}, "", err
 	}
-	ip := net.ParseIP(host)
+	ip, err := netip.ParseAddr(host)
-	return ip, port, nil
+	return ip, port, err
 }
--- a/adapter/outbound/base.go
+++ b/adapter/outbound/base.go
@ -0,0 +1,138 @@
 package outbound
 import (
 	"context"
 	"encoding/json"
 	"errors"
 	"net"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 )
 type Base struct {
 	name  string
 	addr  string
 	iface string
 	tp    C.AdapterType
 	udp   bool
 	rmark int
 }
 // Name implements C.ProxyAdapter
 func (b *Base) Name() string {
 	return b.name
 }
 // Type implements C.ProxyAdapter
 func (b *Base) Type() C.AdapterType {
 	return b.tp
 }
 // StreamConn implements C.ProxyAdapter
 func (b *Base) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	return c, errors.New("no support")
 }
 // ListenPacketContext implements C.ProxyAdapter
 func (b *Base) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
 	return nil, errors.New("no support")
 }
 // SupportUDP implements C.ProxyAdapter
 func (b *Base) SupportUDP() bool {
 	return b.udp
 }
 // MarshalJSON implements C.ProxyAdapter
 func (b *Base) MarshalJSON() ([]byte, error) {
 	return json.Marshal(map[string]string{
 		"type": b.Type().String(),
 	})
 }
 // Addr implements C.ProxyAdapter
 func (b *Base) Addr() string {
 	return b.addr
 }
 // Unwrap implements C.ProxyAdapter
 func (b *Base) Unwrap(metadata *C.Metadata) C.Proxy {
 	return nil
 }
 // DialOptions return []dialer.Option from struct
 func (b *Base) DialOptions(opts ...dialer.Option) []dialer.Option {
 	if b.iface != "" {
 		opts = append(opts, dialer.WithInterface(b.iface))
 	}
 	if b.rmark != 0 {
 		opts = append(opts, dialer.WithRoutingMark(b.rmark))
 	}
 	return opts
 }
 type BasicOption struct {
 	Interface   string `proxy:"interface-name,omitempty" group:"interface-name,omitempty"`
 	RoutingMark int    `proxy:"routing-mark,omitempty" group:"routing-mark,omitempty"`
 }
 type BaseOption struct {
 	Name        string
 	Addr        string
 	Type        C.AdapterType
 	UDP         bool
 	Interface   string
 	RoutingMark int
 }
 func NewBase(opt BaseOption) *Base {
 	return &Base{
 		name:  opt.Name,
 		addr:  opt.Addr,
 		tp:    opt.Type,
 		udp:   opt.UDP,
 		iface: opt.Interface,
 		rmark: opt.RoutingMark,
 	}
 }
 type conn struct {
 	net.Conn
 	chain C.Chain
 }
 // Chains implements C.Connection
 func (c *conn) Chains() C.Chain {
 	return c.chain
 }
 // AppendToChains implements C.Connection
 func (c *conn) AppendToChains(a C.ProxyAdapter) {
 	c.chain = append(c.chain, a.Name())
 }
 func NewConn(c net.Conn, a C.ProxyAdapter) C.Conn {
 	return &conn{c, []string{a.Name()}}
 }
 type packetConn struct {
 	net.PacketConn
 	chain C.Chain
 }
 // Chains implements C.Connection
 func (c *packetConn) Chains() C.Chain {
 	return c.chain
 }
 // AppendToChains implements C.Connection
 func (c *packetConn) AppendToChains(a C.ProxyAdapter) {
 	c.chain = append(c.chain, a.Name())
 }
 func newPacketConn(pc net.PacketConn, a C.ProxyAdapter) C.PacketConn {
 	return &packetConn{pc, []string{a.Name()}}
 }
--- a/adapter/outbound/direct.go
+++ b/adapter/outbound/direct.go
@ -0,0 +1,48 @@
 package outbound
 import (
 	"context"
 	"net"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 )
 type Direct struct {
 	*Base
 }
 // DialContext implements C.ProxyAdapter
 func (d *Direct) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
 	opts = append(opts, dialer.WithDirect())
 	c, err := dialer.DialContext(ctx, "tcp", metadata.RemoteAddress(), d.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, err
 	}
 	tcpKeepAlive(c)
 	return NewConn(c, d), nil
 }
 // ListenPacketContext implements C.ProxyAdapter
 func (d *Direct) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
 	opts = append(opts, dialer.WithDirect())
 	pc, err := dialer.ListenPacket(ctx, "udp", "", d.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, err
 	}
 	return newPacketConn(&directPacketConn{pc}, d), nil
 }
 type directPacketConn struct {
 	net.PacketConn
 }
 func NewDirect() *Direct {
 	return &Direct{
 		Base: &Base{
 			name: "DIRECT",
 			tp:   C.Direct,
 			udp:  true,
 		},
 	}
 }
--- a/adapters/outbound/http.go
+++ b/adapters/outbound/http.go
@ -25,15 +25,18 @@ type Http struct {
 }
 type HttpOption struct {
 	BasicOption
 	Name           string `proxy:"name"`
 	Server         string `proxy:"server"`
 	Port           int    `proxy:"port"`
 	UserName       string `proxy:"username,omitempty"`
 	Password       string `proxy:"password,omitempty"`
 	TLS            bool   `proxy:"tls,omitempty"`
 	SNI            string `proxy:"sni,omitempty"`
 	SkipCertVerify bool   `proxy:"skip-cert-verify,omitempty"`
 }
 // StreamConn implements C.ProxyAdapter
 func (h *Http) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	if h.tlsConfig != nil {
 		cc := tls.Client(c, h.tlsConfig)
@ -50,13 +53,16 @@ func (h *Http) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	return c, nil
 }
-func (h *Http) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
+// DialContext implements C.ProxyAdapter
-	c, err := dialer.DialContext(ctx, "tcp", h.addr)
+func (h *Http) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.Conn, err error) {
 	c, err := dialer.DialContext(ctx, "tcp", h.addr, h.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", h.addr, err)
 	}
 	tcpKeepAlive(c)
 	defer safeConnClose(c, err)
 	c, err = h.StreamConn(c, metadata)
 	if err != nil {
 		return nil, err
@ -83,6 +89,10 @@ func (h *Http) shakeHand(metadata *C.Metadata, rw io.ReadWriter) error {
 		req.Header.Add("Proxy-Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(auth)))
 	}
 	if metadata.Type == C.MITM {
 		req.Header.Set("Origin-Request-Source-Address", metadata.SourceAddress())
 	}
 	if err := req.Write(rw); err != nil {
 		return err
 	}
@ -114,18 +124,23 @@ func (h *Http) shakeHand(metadata *C.Metadata, rw io.ReadWriter) error {
 func NewHttp(option HttpOption) *Http {
 	var tlsConfig *tls.Config
 	if option.TLS {
 		sni := option.Server
 		if option.SNI != "" {
 			sni = option.SNI
 		}
 		tlsConfig = &tls.Config{
 			InsecureSkipVerify: option.SkipCertVerify,
-			ClientSessionCache: getClientSessionCache(),
+			ServerName:         sni,
 			ServerName:         option.Server,
 		}
 	}
 	return &Http{
 		Base: &Base{
-			name: option.Name,
+			name:  option.Name,
-			addr: net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),
+			addr:  net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),
-			tp:   C.Http,
+			tp:    C.Http,
 			iface: option.Interface,
 			rmark: option.RoutingMark,
 		},
 		user:      option.UserName,
 		pass:      option.Password,
--- a/adapter/outbound/mitm.go
+++ b/adapter/outbound/mitm.go
@ -0,0 +1,49 @@
 package outbound
 import (
 	"context"
 	"net"
 	"time"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 )
 type Mitm struct {
 	*Base
 	serverAddr      *net.TCPAddr
 	httpProxyClient *Http
 }
 // DialContext implements C.ProxyAdapter
 func (m *Mitm) DialContext(_ context.Context, metadata *C.Metadata, _ ...dialer.Option) (C.Conn, error) {
 	c, err := net.DialTCP("tcp", nil, m.serverAddr)
 	if err != nil {
 		return nil, err
 	}
 	_ = c.SetKeepAlive(true)
 	_ = c.SetKeepAlivePeriod(60 * time.Second)
 	metadata.Type = C.MITM
 	hc, err := m.httpProxyClient.StreamConn(c, metadata)
 	if err != nil {
 		_ = c.Close()
 		return nil, err
 	}
 	return NewConn(hc, m), nil
 }
 func NewMitm(serverAddr string) *Mitm {
 	tcpAddr, _ := net.ResolveTCPAddr("tcp", serverAddr)
 	return &Mitm{
 		Base: &Base{
 			name: "Mitm",
 			tp:   C.Mitm,
 		},
 		serverAddr:      tcpAddr,
 		httpProxyClient: NewHttp(HttpOption{}),
 	}
 }
--- a/adapter/outbound/reject.go
+++ b/adapter/outbound/reject.go
@ -0,0 +1,89 @@
 package outbound
 import (
 	"context"
 	"io"
 	"net"
 	"time"
 	"github.com/Dreamacro/clash/common/cache"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 )
 const (
 	rejectCountLimit = 50
 	rejectDelay      = time.Second * 35
 )
 var rejectCounter = cache.NewLRUCache[string, int](cache.WithAge[string, int](15), cache.WithStale[string, int](false), cache.WithSize[string, int](512))
 type Reject struct {
 	*Base
 }
 // DialContext implements C.ProxyAdapter
 func (r *Reject) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
 	key := metadata.RemoteAddress()
 	count, existed := rejectCounter.Get(key)
 	if !existed {
 		count = 0
 	}
 	count = count + 1
 	rejectCounter.Set(key, count)
 	if count > rejectCountLimit {
 		c, _ := net.Pipe()
 		_ = c.SetDeadline(time.Now().Add(rejectDelay))
 		return NewConn(c, r), nil
 	}
 	return NewConn(&nopConn{}, r), nil
 }
 // ListenPacketContext implements C.ProxyAdapter
 func (r *Reject) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
 	return newPacketConn(&nopPacketConn{}, r), nil
 }
 func NewReject() *Reject {
 	return &Reject{
 		Base: &Base{
 			name: "REJECT",
 			tp:   C.Reject,
 			udp:  true,
 		},
 	}
 }
 type nopConn struct{}
 func (rw *nopConn) Read(b []byte) (int, error) {
 	return 0, io.EOF
 }
 func (rw *nopConn) Write(b []byte) (int, error) {
 	return 0, io.EOF
 }
 func (rw *nopConn) Close() error                     { return nil }
 func (rw *nopConn) LocalAddr() net.Addr              { return nil }
 func (rw *nopConn) RemoteAddr() net.Addr             { return nil }
 func (rw *nopConn) SetDeadline(time.Time) error      { return nil }
 func (rw *nopConn) SetReadDeadline(time.Time) error  { return nil }
 func (rw *nopConn) SetWriteDeadline(time.Time) error { return nil }
 type nopPacketConn struct{}
 func (npc *nopPacketConn) WriteTo(b []byte, addr net.Addr) (n int, err error) { return len(b), nil }
 func (npc *nopPacketConn) ReadFrom(b []byte) (int, net.Addr, error)           { return 0, nil, io.EOF }
 func (npc *nopPacketConn) Close() error                                       { return nil }
 func (npc *nopPacketConn) LocalAddr() net.Addr                                { return &net.UDPAddr{IP: net.IPv4zero, Port: 0} }
 func (npc *nopPacketConn) SetDeadline(time.Time) error                        { return nil }
 func (npc *nopPacketConn) SetReadDeadline(time.Time) error                    { return nil }
 func (npc *nopPacketConn) SetWriteDeadline(time.Time) error                   { return nil }
--- a/adapters/outbound/shadowsocks.go
+++ b/adapters/outbound/shadowsocks.go
@ -2,7 +2,6 @@ package outbound
 import (
 	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"net"
@ -10,10 +9,10 @@ import (
 	"github.com/Dreamacro/clash/common/structure"
 	"github.com/Dreamacro/clash/component/dialer"
 	obfs "github.com/Dreamacro/clash/component/simple-obfs"
 	"github.com/Dreamacro/clash/component/socks5"
 	v2rayObfs "github.com/Dreamacro/clash/component/v2ray-plugin"
 	C "github.com/Dreamacro/clash/constant"
 	obfs "github.com/Dreamacro/clash/transport/simple-obfs"
 	"github.com/Dreamacro/clash/transport/socks5"
 	v2rayObfs "github.com/Dreamacro/clash/transport/v2ray-plugin"
 	"github.com/Dreamacro/go-shadowsocks2/core"
 )
@ -29,22 +28,19 @@ type ShadowSocks struct {
 }
 type ShadowSocksOption struct {
-	Name       string                 `proxy:"name"`
+	BasicOption
-	Server     string                 `proxy:"server"`
+	Name       string         `proxy:"name"`
-	Port       int                    `proxy:"port"`
+	Server     string         `proxy:"server"`
-	Password   string                 `proxy:"password"`
+	Port       int            `proxy:"port"`
-	Cipher     string                 `proxy:"cipher"`
+	Password   string         `proxy:"password"`
-	UDP        bool                   `proxy:"udp,omitempty"`
+	Cipher     string         `proxy:"cipher"`
-	Plugin     string                 `proxy:"plugin,omitempty"`
+	UDP        bool           `proxy:"udp,omitempty"`
-	PluginOpts map[string]interface{} `proxy:"plugin-opts,omitempty"`
+	Plugin     string         `proxy:"plugin,omitempty"`
-
+	PluginOpts map[string]any `proxy:"plugin-opts,omitempty"`
 	// deprecated when bump to 1.0
 	Obfs     string `proxy:"obfs,omitempty"`
 	ObfsHost string `proxy:"obfs-host,omitempty"`
 }
 type simpleObfsOption struct {
-	Mode string `obfs:"mode"`
+	Mode string `obfs:"mode,omitempty"`
 	Host string `obfs:"host,omitempty"`
 }
@ -58,6 +54,7 @@ type v2rayObfsOption struct {
 	Mux            bool              `obfs:"mux,omitempty"`
 }
 // StreamConn implements C.ProxyAdapter
 func (ss *ShadowSocks) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	switch ss.obfsMode {
 	case "tls":
@ -77,25 +74,30 @@ func (ss *ShadowSocks) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, e
 	return c, err
 }
-func (ss *ShadowSocks) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
+// DialContext implements C.ProxyAdapter
-	c, err := dialer.DialContext(ctx, "tcp", ss.addr)
+func (ss *ShadowSocks) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.Conn, err error) {
 	c, err := dialer.DialContext(ctx, "tcp", ss.addr, ss.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
 	}
 	tcpKeepAlive(c)
 	defer safeConnClose(c, err)
 	c, err = ss.StreamConn(c, metadata)
 	return NewConn(c, ss), err
 }
-func (ss *ShadowSocks) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
+// ListenPacketContext implements C.ProxyAdapter
-	pc, err := dialer.ListenPacket("udp", "")
+func (ss *ShadowSocks) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
 	pc, err := dialer.ListenPacket(ctx, "udp", "", ss.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, err
 	}
 	addr, err := resolveUDPAddr("udp", ss.addr)
 	if err != nil {
 		pc.Close()
 		return nil, err
 	}
@ -103,12 +105,6 @@ func (ss *ShadowSocks) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	return newPacketConn(&ssPacketConn{PacketConn: pc, rAddr: addr}, ss), nil
 }
 func (ss *ShadowSocks) MarshalJSON() ([]byte, error) {
 	return json.Marshal(map[string]string{
 		"type": ss.Type().String(),
 	})
 }
 func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
 	cipher := option.Cipher
@ -122,17 +118,6 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
 	var obfsOption *simpleObfsOption
 	obfsMode := ""
 	// forward compatibility before 1.0
 	if option.Obfs != "" {
 		obfsMode = option.Obfs
 		obfsOption = &simpleObfsOption{
 			Host: "bing.com",
 		}
 		if option.ObfsHost != "" {
 			obfsOption.Host = option.ObfsHost
 		}
 	}
 	decoder := structure.NewDecoder(structure.Option{TagName: "obfs", WeaklyTypedInput: true})
 	if option.Plugin == "obfs" {
 		opts := simpleObfsOption{Host: "bing.com"}
@ -165,16 +150,17 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
 		if opts.TLS {
 			v2rayOption.TLS = true
 			v2rayOption.SkipCertVerify = opts.SkipCertVerify
 			v2rayOption.SessionCache = getClientSessionCache()
 		}
 	}
 	return &ShadowSocks{
 		Base: &Base{
-			name: option.Name,
+			name:  option.Name,
-			addr: addr,
+			addr:  addr,
-			tp:   C.Shadowsocks,
+			tp:    C.Shadowsocks,
-			udp:  option.UDP,
+			udp:   option.UDP,
 			iface: option.Interface,
 			rmark: option.RoutingMark,
 		},
 		cipher: ciph,
@ -197,14 +183,6 @@ func (spc *ssPacketConn) WriteTo(b []byte, addr net.Addr) (n int, err error) {
 	return spc.PacketConn.WriteTo(packet[3:], spc.rAddr)
 }
 func (spc *ssPacketConn) WriteWithMetadata(p []byte, metadata *C.Metadata) (n int, err error) {
 	packet, err := socks5.EncodeUDPPacket(socks5.ParseAddr(metadata.RemoteAddress()), p)
 	if err != nil {
 		return
 	}
 	return spc.PacketConn.WriteTo(packet[3:], spc.rAddr)
 }
 func (spc *ssPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
 	n, _, e := spc.PacketConn.ReadFrom(b)
 	if e != nil {
--- a/adapter/outbound/shadowsocksr.go
+++ b/adapter/outbound/shadowsocksr.go
@ -0,0 +1,158 @@
 package outbound
 import (
 	"context"
 	"fmt"
 	"net"
 	"strconv"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/ssr/obfs"
 	"github.com/Dreamacro/clash/transport/ssr/protocol"
 	"github.com/Dreamacro/go-shadowsocks2/core"
 	"github.com/Dreamacro/go-shadowsocks2/shadowaead"
 	"github.com/Dreamacro/go-shadowsocks2/shadowstream"
 )
 type ShadowSocksR struct {
 	*Base
 	cipher   core.Cipher
 	obfs     obfs.Obfs
 	protocol protocol.Protocol
 }
 type ShadowSocksROption struct {
 	BasicOption
 	Name          string `proxy:"name"`
 	Server        string `proxy:"server"`
 	Port          int    `proxy:"port"`
 	Password      string `proxy:"password"`
 	Cipher        string `proxy:"cipher"`
 	Obfs          string `proxy:"obfs"`
 	ObfsParam     string `proxy:"obfs-param,omitempty"`
 	Protocol      string `proxy:"protocol"`
 	ProtocolParam string `proxy:"protocol-param,omitempty"`
 	UDP           bool   `proxy:"udp,omitempty"`
 }
 // StreamConn implements C.ProxyAdapter
 func (ssr *ShadowSocksR) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	c = ssr.obfs.StreamConn(c)
 	c = ssr.cipher.StreamConn(c)
 	var (
 		iv  []byte
 		err error
 	)
 	switch conn := c.(type) {
 	case *shadowstream.Conn:
 		iv, err = conn.ObtainWriteIV()
 		if err != nil {
 			return nil, err
 		}
 	case *shadowaead.Conn:
 		return nil, fmt.Errorf("invalid connection type")
 	}
 	c = ssr.protocol.StreamConn(c, iv)
 	_, err = c.Write(serializesSocksAddr(metadata))
 	return c, err
 }
 // DialContext implements C.ProxyAdapter
 func (ssr *ShadowSocksR) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.Conn, err error) {
 	c, err := dialer.DialContext(ctx, "tcp", ssr.addr, ssr.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", ssr.addr, err)
 	}
 	tcpKeepAlive(c)
 	defer safeConnClose(c, err)
 	c, err = ssr.StreamConn(c, metadata)
 	return NewConn(c, ssr), err
 }
 // ListenPacketContext implements C.ProxyAdapter
 func (ssr *ShadowSocksR) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
 	pc, err := dialer.ListenPacket(ctx, "udp", "", ssr.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, err
 	}
 	addr, err := resolveUDPAddr("udp", ssr.addr)
 	if err != nil {
 		pc.Close()
 		return nil, err
 	}
 	pc = ssr.cipher.PacketConn(pc)
 	pc = ssr.protocol.PacketConn(pc)
 	return newPacketConn(&ssPacketConn{PacketConn: pc, rAddr: addr}, ssr), nil
 }
 func NewShadowSocksR(option ShadowSocksROption) (*ShadowSocksR, error) {
 	// SSR protocol compatibility
 	// https://github.com/Dreamacro/clash/pull/2056
 	if option.Cipher == "none" {
 		option.Cipher = "dummy"
 	}
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
 	cipher := option.Cipher
 	password := option.Password
 	coreCiph, err := core.PickCipher(cipher, nil, password)
 	if err != nil {
 		return nil, fmt.Errorf("ssr %s initialize error: %w", addr, err)
 	}
 	var (
 		ivSize int
 		key    []byte
 	)
 	if option.Cipher == "dummy" {
 		ivSize = 0
 		key = core.Kdf(option.Password, 16)
 	} else {
 		ciph, ok := coreCiph.(*core.StreamCipher)
 		if !ok {
 			return nil, fmt.Errorf("%s is not none or a supported stream cipher in ssr", cipher)
 		}
 		ivSize = ciph.IVSize()
 		key = ciph.Key
 	}
 	obfs, obfsOverhead, err := obfs.PickObfs(option.Obfs, &obfs.Base{
 		Host:   option.Server,
 		Port:   option.Port,
 		Key:    key,
 		IVSize: ivSize,
 		Param:  option.ObfsParam,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("ssr %s initialize obfs error: %w", addr, err)
 	}
 	protocol, err := protocol.PickProtocol(option.Protocol, &protocol.Base{
 		Key:      key,
 		Overhead: obfsOverhead,
 		Param:    option.ProtocolParam,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("ssr %s initialize protocol error: %w", addr, err)
 	}
 	return &ShadowSocksR{
 		Base: &Base{
 			name:  option.Name,
 			addr:  addr,
 			tp:    C.ShadowsocksR,
 			udp:   option.UDP,
 			iface: option.Interface,
 			rmark: option.RoutingMark,
 		},
 		cipher:   coreCiph,
 		obfs:     obfs,
 		protocol: protocol,
 	}, nil
 }
--- a/adapter/outbound/snell.go
+++ b/adapter/outbound/snell.go
@ -0,0 +1,164 @@
 package outbound
 import (
 	"context"
 	"fmt"
 	"net"
 	"strconv"
 	"github.com/Dreamacro/clash/common/structure"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	obfs "github.com/Dreamacro/clash/transport/simple-obfs"
 	"github.com/Dreamacro/clash/transport/snell"
 )
 type Snell struct {
 	*Base
 	psk        []byte
 	pool       *snell.Pool
 	obfsOption *simpleObfsOption
 	version    int
 }
 type SnellOption struct {
 	BasicOption
 	Name     string         `proxy:"name"`
 	Server   string         `proxy:"server"`
 	Port     int            `proxy:"port"`
 	Psk      string         `proxy:"psk"`
 	UDP      bool           `proxy:"udp,omitempty"`
 	Version  int            `proxy:"version,omitempty"`
 	ObfsOpts map[string]any `proxy:"obfs-opts,omitempty"`
 }
 type streamOption struct {
 	psk        []byte
 	version    int
 	addr       string
 	obfsOption *simpleObfsOption
 }
 func streamConn(c net.Conn, option streamOption) *snell.Snell {
 	switch option.obfsOption.Mode {
 	case "tls":
 		c = obfs.NewTLSObfs(c, option.obfsOption.Host)
 	case "http":
 		_, port, _ := net.SplitHostPort(option.addr)
 		c = obfs.NewHTTPObfs(c, option.obfsOption.Host, port)
 	}
 	return snell.StreamConn(c, option.psk, option.version)
 }
 // StreamConn implements C.ProxyAdapter
 func (s *Snell) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	c = streamConn(c, streamOption{s.psk, s.version, s.addr, s.obfsOption})
 	port, _ := strconv.ParseUint(metadata.DstPort, 10, 16)
 	err := snell.WriteHeader(c, metadata.String(), uint(port), s.version)
 	return c, err
 }
 // DialContext implements C.ProxyAdapter
 func (s *Snell) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.Conn, err error) {
 	if s.version == snell.Version2 && len(opts) == 0 {
 		c, err := s.pool.Get()
 		if err != nil {
 			return nil, err
 		}
 		port, _ := strconv.ParseUint(metadata.DstPort, 10, 16)
 		if err = snell.WriteHeader(c, metadata.String(), uint(port), s.version); err != nil {
 			c.Close()
 			return nil, err
 		}
 		return NewConn(c, s), err
 	}
 	c, err := dialer.DialContext(ctx, "tcp", s.addr, s.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", s.addr, err)
 	}
 	tcpKeepAlive(c)
 	defer safeConnClose(c, err)
 	c, err = s.StreamConn(c, metadata)
 	return NewConn(c, s), err
 }
 // ListenPacketContext implements C.ProxyAdapter
 func (s *Snell) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
 	c, err := dialer.DialContext(ctx, "tcp", s.addr, s.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, err
 	}
 	tcpKeepAlive(c)
 	c = streamConn(c, streamOption{s.psk, s.version, s.addr, s.obfsOption})
 	err = snell.WriteUDPHeader(c, s.version)
 	if err != nil {
 		return nil, err
 	}
 	pc := snell.PacketConn(c)
 	return newPacketConn(pc, s), nil
 }
 func NewSnell(option SnellOption) (*Snell, error) {
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
 	psk := []byte(option.Psk)
 	decoder := structure.NewDecoder(structure.Option{TagName: "obfs", WeaklyTypedInput: true})
 	obfsOption := &simpleObfsOption{Host: "bing.com"}
 	if err := decoder.Decode(option.ObfsOpts, obfsOption); err != nil {
 		return nil, fmt.Errorf("snell %s initialize obfs error: %w", addr, err)
 	}
 	switch obfsOption.Mode {
 	case "tls", "http", "":
 		break
 	default:
 		return nil, fmt.Errorf("snell %s obfs mode error: %s", addr, obfsOption.Mode)
 	}
 	// backward compatible
 	if option.Version == 0 {
 		option.Version = snell.DefaultSnellVersion
 	}
 	switch option.Version {
 	case snell.Version1, snell.Version2:
 		if option.UDP {
 			return nil, fmt.Errorf("snell version %d not support UDP", option.Version)
 		}
 	case snell.Version3:
 	default:
 		return nil, fmt.Errorf("snell version error: %d", option.Version)
 	}
 	s := &Snell{
 		Base: &Base{
 			name:  option.Name,
 			addr:  addr,
 			tp:    C.Snell,
 			udp:   option.UDP,
 			iface: option.Interface,
 			rmark: option.RoutingMark,
 		},
 		psk:        psk,
 		obfsOption: obfsOption,
 		version:    option.Version,
 	}
 	if option.Version == snell.Version2 {
 		s.pool = snell.NewPool(func(ctx context.Context) (*snell.Snell, error) {
 			c, err := dialer.DialContext(ctx, "tcp", addr, s.Base.DialOptions()...)
 			if err != nil {
 				return nil, err
 			}
 			tcpKeepAlive(c)
 			return streamConn(c, streamOption{psk, option.Version, addr, obfsOption}), nil
 		})
 	}
 	return s, nil
 }
--- a/adapters/outbound/socks5.go
+++ b/adapters/outbound/socks5.go
@ -6,13 +6,12 @@ import (
 	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net"
 	"strconv"
 	"github.com/Dreamacro/clash/component/dialer"
 	"github.com/Dreamacro/clash/component/socks5"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/socks5"
 )
 type Socks5 struct {
@ -25,6 +24,7 @@ type Socks5 struct {
 }
 type Socks5Option struct {
 	BasicOption
 	Name           string `proxy:"name"`
 	Server         string `proxy:"server"`
 	Port           int    `proxy:"port"`
@ -35,6 +35,7 @@ type Socks5Option struct {
 	SkipCertVerify bool   `proxy:"skip-cert-verify,omitempty"`
 }
 // StreamConn implements C.ProxyAdapter
 func (ss *Socks5) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	if ss.tls {
 		cc := tls.Client(c, ss.tlsConfig)
@ -58,13 +59,16 @@ func (ss *Socks5) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error)
 	return c, nil
 }
-func (ss *Socks5) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
+// DialContext implements C.ProxyAdapter
-	c, err := dialer.DialContext(ctx, "tcp", ss.addr)
+func (ss *Socks5) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.Conn, err error) {
 	c, err := dialer.DialContext(ctx, "tcp", ss.addr, ss.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
 	}
 	tcpKeepAlive(c)
 	defer safeConnClose(c, err)
 	c, err = ss.StreamConn(c, metadata)
 	if err != nil {
 		return nil, err
@ -73,10 +77,9 @@ func (ss *Socks5) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn
 	return NewConn(c, ss), nil
 }
-func (ss *Socks5) DialUDP(metadata *C.Metadata) (_ C.PacketConn, err error) {
+// ListenPacketContext implements C.ProxyAdapter
-	ctx, cancel := context.WithTimeout(context.Background(), tcpTimeout)
+func (ss *Socks5) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.PacketConn, err error) {
-	defer cancel()
+	c, err := dialer.DialContext(ctx, "tcp", ss.addr, ss.Base.DialOptions(opts...)...)
 	c, err := dialer.DialContext(ctx, "tcp", ss.addr)
 	if err != nil {
 		err = fmt.Errorf("%s connect error: %w", ss.addr, err)
 		return
@ -88,11 +91,7 @@ func (ss *Socks5) DialUDP(metadata *C.Metadata) (_ C.PacketConn, err error) {
 		c = cc
 	}
-	defer func() {
+	defer safeConnClose(c, err)
 		if err != nil {
 			c.Close()
 		}
 	}()
 	tcpKeepAlive(c)
 	var user *socks5.User
@ -109,20 +108,34 @@ func (ss *Socks5) DialUDP(metadata *C.Metadata) (_ C.PacketConn, err error) {
 		return
 	}
-	pc, err := dialer.ListenPacket("udp", "")
+	pc, err := dialer.ListenPacket(ctx, "udp", "", ss.Base.DialOptions(opts...)...)
 	if err != nil {
 		return
 	}
 	go func() {
-		io.Copy(ioutil.Discard, c)
+		io.Copy(io.Discard, c)
 		c.Close()
 		// A UDP association terminates when the TCP connection that the UDP
 		// ASSOCIATE request arrived on terminates. RFC1928
 		pc.Close()
 	}()
-	return newPacketConn(&socksPacketConn{PacketConn: pc, rAddr: bindAddr.UDPAddr(), tcpConn: c}, ss), nil
+	// Support unspecified UDP bind address.
 	bindUDPAddr := bindAddr.UDPAddr()
 	if bindUDPAddr == nil {
 		err = errors.New("invalid UDP bind address")
 		return
 	} else if bindUDPAddr.IP.IsUnspecified() {
 		serverAddr, err := resolveUDPAddr("udp", ss.Addr())
 		if err != nil {
 			return nil, err
 		}
 		bindUDPAddr.IP = serverAddr.IP
 	}
 	return newPacketConn(&socksPacketConn{PacketConn: pc, rAddr: bindUDPAddr, tcpConn: c}, ss), nil
 }
 func NewSocks5(option Socks5Option) *Socks5 {
@ -130,17 +143,18 @@ func NewSocks5(option Socks5Option) *Socks5 {
 	if option.TLS {
 		tlsConfig = &tls.Config{
 			InsecureSkipVerify: option.SkipCertVerify,
 			ClientSessionCache: getClientSessionCache(),
 			ServerName:         option.Server,
 		}
 	}
 	return &Socks5{
 		Base: &Base{
-			name: option.Name,
+			name:  option.Name,
-			addr: net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),
+			addr:  net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),
-			tp:   C.Socks5,
+			tp:    C.Socks5,
-			udp:  option.UDP,
+			udp:   option.UDP,
 			iface: option.Interface,
 			rmark: option.RoutingMark,
 		},
 		user:           option.UserName,
 		pass:           option.Password,
@ -164,14 +178,6 @@ func (uc *socksPacketConn) WriteTo(b []byte, addr net.Addr) (n int, err error) {
 	return uc.PacketConn.WriteTo(packet, uc.rAddr)
 }
 func (uc *socksPacketConn) WriteWithMetadata(p []byte, metadata *C.Metadata) (n int, err error) {
 	packet, err := socks5.EncodeUDPPacket(socks5.ParseAddr(metadata.RemoteAddress()), p)
 	if err != nil {
 		return
 	}
 	return uc.PacketConn.WriteTo(packet, uc.rAddr)
 }
 func (uc *socksPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
 	n, _, e := uc.PacketConn.ReadFrom(b)
 	if e != nil {
--- a/adapter/outbound/trojan.go
+++ b/adapter/outbound/trojan.go
@ -0,0 +1,238 @@
 package outbound
 import (
 	"context"
 	"crypto/tls"
 	"fmt"
 	"net"
 	"net/http"
 	"strconv"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/gun"
 	"github.com/Dreamacro/clash/transport/trojan"
 	"github.com/Dreamacro/clash/transport/vless"
 	"golang.org/x/net/http2"
 )
 type Trojan struct {
 	*Base
 	instance *trojan.Trojan
 	option   *TrojanOption
 	// for gun mux
 	gunTLSConfig *tls.Config
 	gunConfig    *gun.Config
 	transport    *http2.Transport
 }
 type TrojanOption struct {
 	BasicOption
 	Name           string      `proxy:"name"`
 	Server         string      `proxy:"server"`
 	Port           int         `proxy:"port"`
 	Password       string      `proxy:"password"`
 	ALPN           []string    `proxy:"alpn,omitempty"`
 	SNI            string      `proxy:"sni,omitempty"`
 	SkipCertVerify bool        `proxy:"skip-cert-verify,omitempty"`
 	UDP            bool        `proxy:"udp,omitempty"`
 	Network        string      `proxy:"network,omitempty"`
 	GrpcOpts       GrpcOptions `proxy:"grpc-opts,omitempty"`
 	WSOpts         WSOptions   `proxy:"ws-opts,omitempty"`
 	Flow           string      `proxy:"flow,omitempty"`
 	FlowShow       bool        `proxy:"flow-show,omitempty"`
 }
 func (t *Trojan) plainStream(c net.Conn) (net.Conn, error) {
 	if t.option.Network == "ws" {
 		host, port, _ := net.SplitHostPort(t.addr)
 		wsOpts := &trojan.WebsocketOption{
 			Host: host,
 			Port: port,
 			Path: t.option.WSOpts.Path,
 		}
 		if t.option.SNI != "" {
 			wsOpts.Host = t.option.SNI
 		}
 		if len(t.option.WSOpts.Headers) != 0 {
 			header := http.Header{}
 			for key, value := range t.option.WSOpts.Headers {
 				header.Add(key, value)
 			}
 			wsOpts.Headers = header
 		}
 		return t.instance.StreamWebsocketConn(c, wsOpts)
 	}
 	return t.instance.StreamConn(c)
 }
 // StreamConn implements C.ProxyAdapter
 func (t *Trojan) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	var err error
 	if t.transport != nil {
 		c, err = gun.StreamGunWithConn(c, t.gunTLSConfig, t.gunConfig)
 	} else {
 		c, err = t.plainStream(c)
 	}
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 	}
 	c, err = t.instance.PresetXTLSConn(c)
 	if err != nil {
 		return nil, err
 	}
 	err = t.instance.WriteHeader(c, trojan.CommandTCP, serializesSocksAddr(metadata))
 	return c, err
 }
 // DialContext implements C.ProxyAdapter
 func (t *Trojan) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.Conn, err error) {
 	// gun transport
 	if t.transport != nil && len(opts) == 0 {
 		c, err := gun.StreamGunWithTransport(t.transport, t.gunConfig)
 		if err != nil {
 			return nil, err
 		}
 		c, err = t.instance.PresetXTLSConn(c)
 		if err != nil {
 			c.Close()
 			return nil, err
 		}
 		if err = t.instance.WriteHeader(c, trojan.CommandTCP, serializesSocksAddr(metadata)); err != nil {
 			c.Close()
 			return nil, err
 		}
 		return NewConn(c, t), nil
 	}
 	c, err := dialer.DialContext(ctx, "tcp", t.addr, t.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 	}
 	tcpKeepAlive(c)
 	defer safeConnClose(c, err)
 	c, err = t.StreamConn(c, metadata)
 	if err != nil {
 		return nil, err
 	}
 	return NewConn(c, t), err
 }
 // ListenPacketContext implements C.ProxyAdapter
 func (t *Trojan) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.PacketConn, err error) {
 	var c net.Conn
 	// grpc transport
 	if t.transport != nil && len(opts) == 0 {
 		c, err = gun.StreamGunWithTransport(t.transport, t.gunConfig)
 		if err != nil {
 			return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 		}
 		defer safeConnClose(c, err)
 	} else {
 		c, err = dialer.DialContext(ctx, "tcp", t.addr, t.Base.DialOptions(opts...)...)
 		if err != nil {
 			return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 		}
 		defer safeConnClose(c, err)
 		tcpKeepAlive(c)
 		c, err = t.plainStream(c)
 		if err != nil {
 			return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 		}
 	}
 	err = t.instance.WriteHeader(c, trojan.CommandUDP, serializesSocksAddr(metadata))
 	if err != nil {
 		return nil, err
 	}
 	pc := t.instance.PacketConn(c)
 	return newPacketConn(pc, t), err
 }
 func NewTrojan(option TrojanOption) (*Trojan, error) {
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
 	tOption := &trojan.Option{
 		Password:       option.Password,
 		ALPN:           option.ALPN,
 		ServerName:     option.Server,
 		SkipCertVerify: option.SkipCertVerify,
 		FlowShow:       option.FlowShow,
 	}
 	if option.Network != "ws" && len(option.Flow) >= 16 {
 		option.Flow = option.Flow[:16]
 		switch option.Flow {
 		case vless.XRO, vless.XRD, vless.XRS:
 			tOption.Flow = option.Flow
 		default:
 			return nil, fmt.Errorf("unsupported xtls flow type: %s", option.Flow)
 		}
 	}
 	if option.SNI != "" {
 		tOption.ServerName = option.SNI
 	}
 	t := &Trojan{
 		Base: &Base{
 			name:  option.Name,
 			addr:  addr,
 			tp:    C.Trojan,
 			udp:   option.UDP,
 			iface: option.Interface,
 			rmark: option.RoutingMark,
 		},
 		instance: trojan.New(tOption),
 		option:   &option,
 	}
 	if option.Network == "grpc" {
 		dialFn := func(network, addr string) (net.Conn, error) {
 			c, err := dialer.DialContext(context.Background(), "tcp", t.addr, t.Base.DialOptions()...)
 			if err != nil {
 				return nil, fmt.Errorf("%s connect error: %s", t.addr, err.Error())
 			}
 			tcpKeepAlive(c)
 			return c, nil
 		}
 		tlsConfig := &tls.Config{
 			NextProtos:         option.ALPN,
 			MinVersion:         tls.VersionTLS12,
 			InsecureSkipVerify: tOption.SkipCertVerify,
 			ServerName:         tOption.ServerName,
 		}
 		if t.option.Flow != "" {
 			t.transport = gun.NewHTTP2XTLSClient(dialFn, tlsConfig)
 		} else {
 			t.transport = gun.NewHTTP2Client(dialFn, tlsConfig)
 		}
 		t.gunTLSConfig = tlsConfig
 		t.gunConfig = &gun.Config{
 			ServiceName: option.GrpcOpts.GrpcServiceName,
 			Host:        tOption.ServerName,
 		}
 	}
 	return t, nil
 }
--- a/adapter/outbound/util.go
+++ b/adapter/outbound/util.go
@ -0,0 +1,58 @@
 package outbound
 import (
 	"bytes"
 	"net"
 	"strconv"
 	"time"
 	"github.com/Dreamacro/clash/component/resolver"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/socks5"
 )
 func tcpKeepAlive(c net.Conn) {
 	if tcp, ok := c.(*net.TCPConn); ok {
 		_ = tcp.SetKeepAlive(true)
 		_ = tcp.SetKeepAlivePeriod(30 * time.Second)
 	}
 }
 func serializesSocksAddr(metadata *C.Metadata) []byte {
 	var buf [][]byte
 	aType := uint8(metadata.AddrType)
 	p, _ := strconv.ParseUint(metadata.DstPort, 10, 16)
 	port := []byte{uint8(p >> 8), uint8(p & 0xff)}
 	switch metadata.AddrType {
 	case socks5.AtypDomainName:
 		lenM := uint8(len(metadata.Host))
 		host := []byte(metadata.Host)
 		buf = [][]byte{{aType, lenM}, host, port}
 	case socks5.AtypIPv4:
 		host := metadata.DstIP.AsSlice()
 		buf = [][]byte{{aType}, host, port}
 	case socks5.AtypIPv6:
 		host := metadata.DstIP.AsSlice()
 		buf = [][]byte{{aType}, host, port}
 	}
 	return bytes.Join(buf, nil)
 }
 func resolveUDPAddr(network, address string) (*net.UDPAddr, error) {
 	host, port, err := net.SplitHostPort(address)
 	if err != nil {
 		return nil, err
 	}
 	ip, err := resolver.ResolveProxyServerHost(host)
 	if err != nil {
 		return nil, err
 	}
 	return net.ResolveUDPAddr(network, net.JoinHostPort(ip.String(), port))
 }
 func safeConnClose(c net.Conn, err error) {
 	if err != nil {
 		_ = c.Close()
 	}
 }
--- a/adapter/outbound/vless.go
+++ b/adapter/outbound/vless.go
@ -0,0 +1,450 @@
 package outbound
 import (
 	"context"
 	"crypto/tls"
 	"encoding/binary"
 	"errors"
 	"fmt"
 	"io"
 	"net"
 	"net/http"
 	"strconv"
 	"sync"
 	"github.com/Dreamacro/clash/component/dialer"
 	"github.com/Dreamacro/clash/component/resolver"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/gun"
 	"github.com/Dreamacro/clash/transport/vless"
 	"github.com/Dreamacro/clash/transport/vmess"
 	"golang.org/x/net/http2"
 )
 const (
 	// max packet length
 	maxLength = 1024 << 3
 )
 type Vless struct {
 	*Base
 	client *vless.Client
 	option *VlessOption
 	// for gun mux
 	gunTLSConfig *tls.Config
 	gunConfig    *gun.Config
 	transport    *http2.Transport
 }
 type VlessOption struct {
 	BasicOption
 	Name           string            `proxy:"name"`
 	Server         string            `proxy:"server"`
 	Port           int               `proxy:"port"`
 	UUID           string            `proxy:"uuid"`
 	Flow           string            `proxy:"flow,omitempty"`
 	FlowShow       bool              `proxy:"flow-show,omitempty"`
 	UDP            bool              `proxy:"udp,omitempty"`
 	Network        string            `proxy:"network,omitempty"`
 	HTTPOpts       HTTPOptions       `proxy:"http-opts,omitempty"`
 	HTTP2Opts      HTTP2Options      `proxy:"h2-opts,omitempty"`
 	GrpcOpts       GrpcOptions       `proxy:"grpc-opts,omitempty"`
 	WSOpts         WSOptions         `proxy:"ws-opts,omitempty"`
 	WSPath         string            `proxy:"ws-path,omitempty"`
 	WSHeaders      map[string]string `proxy:"ws-headers,omitempty"`
 	SkipCertVerify bool              `proxy:"skip-cert-verify,omitempty"`
 	ServerName     string            `proxy:"servername,omitempty"`
 }
 func (v *Vless) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	var err error
 	switch v.option.Network {
 	case "ws":
 		if v.option.WSOpts.Path == "" {
 			v.option.WSOpts.Path = v.option.WSPath
 		}
 		if len(v.option.WSOpts.Headers) == 0 {
 			v.option.WSOpts.Headers = v.option.WSHeaders
 		}
 		host, port, _ := net.SplitHostPort(v.addr)
 		wsOpts := &vmess.WebsocketConfig{
 			Host:                host,
 			Port:                port,
 			Path:                v.option.WSOpts.Path,
 			MaxEarlyData:        v.option.WSOpts.MaxEarlyData,
 			EarlyDataHeaderName: v.option.WSOpts.EarlyDataHeaderName,
 		}
 		if len(v.option.WSOpts.Headers) != 0 {
 			header := http.Header{}
 			for key, value := range v.option.WSOpts.Headers {
 				header.Add(key, value)
 			}
 			wsOpts.Headers = header
 		}
 		wsOpts.TLS = true
 		wsOpts.TLSConfig = &tls.Config{
 			MinVersion:         tls.VersionTLS12,
 			ServerName:         host,
 			InsecureSkipVerify: v.option.SkipCertVerify,
 			NextProtos:         []string{"http/1.1"},
 		}
 		if v.option.ServerName != "" {
 			wsOpts.TLSConfig.ServerName = v.option.ServerName
 		} else if host := wsOpts.Headers.Get("Host"); host != "" {
 			wsOpts.TLSConfig.ServerName = host
 		}
 		c, err = vmess.StreamWebsocketConn(c, wsOpts)
 	case "http":
 		// readability first, so just copy default TLS logic
 		c, err = v.streamTLSOrXTLSConn(c, false)
 		if err != nil {
 			return nil, err
 		}
 		host, _, _ := net.SplitHostPort(v.addr)
 		httpOpts := &vmess.HTTPConfig{
 			Host:    host,
 			Method:  v.option.HTTPOpts.Method,
 			Path:    v.option.HTTPOpts.Path,
 			Headers: v.option.HTTPOpts.Headers,
 		}
 		c = vmess.StreamHTTPConn(c, httpOpts)
 	case "h2":
 		c, err = v.streamTLSOrXTLSConn(c, true)
 		if err != nil {
 			return nil, err
 		}
 		h2Opts := &vmess.H2Config{
 			Hosts: v.option.HTTP2Opts.Host,
 			Path:  v.option.HTTP2Opts.Path,
 		}
 		c, err = vmess.StreamH2Conn(c, h2Opts)
 	case "grpc":
 		if v.isXTLSEnabled() {
 			c, err = gun.StreamGunWithXTLSConn(c, v.gunTLSConfig, v.gunConfig)
 		} else {
 			c, err = gun.StreamGunWithConn(c, v.gunTLSConfig, v.gunConfig)
 		}
 	default:
 		// default tcp network
 		// handle TLS And XTLS
 		c, err = v.streamTLSOrXTLSConn(c, false)
 	}
 	if err != nil {
 		return nil, err
 	}
 	return v.client.StreamConn(c, parseVlessAddr(metadata))
 }
 func (v *Vless) streamTLSOrXTLSConn(conn net.Conn, isH2 bool) (net.Conn, error) {
 	host, _, _ := net.SplitHostPort(v.addr)
 	if v.isXTLSEnabled() {
 		xtlsOpts := vless.XTLSConfig{
 			Host:           host,
 			SkipCertVerify: v.option.SkipCertVerify,
 		}
 		if isH2 {
 			xtlsOpts.NextProtos = []string{"h2"}
 		}
 		if v.option.ServerName != "" {
 			xtlsOpts.Host = v.option.ServerName
 		}
 		return vless.StreamXTLSConn(conn, &xtlsOpts)
 	} else {
 		tlsOpts := vmess.TLSConfig{
 			Host:           host,
 			SkipCertVerify: v.option.SkipCertVerify,
 		}
 		if isH2 {
 			tlsOpts.NextProtos = []string{"h2"}
 		}
 		if v.option.ServerName != "" {
 			tlsOpts.Host = v.option.ServerName
 		}
 		return vmess.StreamTLSConn(conn, &tlsOpts)
 	}
 }
 func (v *Vless) isXTLSEnabled() bool {
 	return v.client.Addons != nil
 }
 // DialContext implements C.ProxyAdapter
 func (v *Vless) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.Conn, err error) {
 	// gun transport
 	if v.transport != nil && len(opts) == 0 {
 		c, err := gun.StreamGunWithTransport(v.transport, v.gunConfig)
 		if err != nil {
 			return nil, err
 		}
 		defer safeConnClose(c, err)
 		c, err = v.client.StreamConn(c, parseVlessAddr(metadata))
 		if err != nil {
 			return nil, err
 		}
 		return NewConn(c, v), nil
 	}
 	c, err := dialer.DialContext(ctx, "tcp", v.addr, v.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 	}
 	tcpKeepAlive(c)
 	defer safeConnClose(c, err)
 	c, err = v.StreamConn(c, metadata)
 	return NewConn(c, v), err
 }
 // ListenPacketContext implements C.ProxyAdapter
 func (v *Vless) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.PacketConn, err error) {
 	// vless use stream-oriented udp with a special address, so we needs a net.UDPAddr
 	if !metadata.Resolved() {
 		ip, err := resolver.ResolveIP(metadata.Host)
 		if err != nil {
 			return nil, errors.New("can't resolve ip")
 		}
 		metadata.DstIP = ip
 	}
 	var c net.Conn
 	// gun transport
 	if v.transport != nil && len(opts) == 0 {
 		c, err = gun.StreamGunWithTransport(v.transport, v.gunConfig)
 		if err != nil {
 			return nil, err
 		}
 		defer safeConnClose(c, err)
 		c, err = v.client.StreamConn(c, parseVlessAddr(metadata))
 	} else {
 		c, err = dialer.DialContext(ctx, "tcp", v.addr, v.Base.DialOptions(opts...)...)
 		if err != nil {
 			return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 		}
 		tcpKeepAlive(c)
 		defer safeConnClose(c, err)
 		c, err = v.StreamConn(c, metadata)
 	}
 	if err != nil {
 		return nil, fmt.Errorf("new vless client error: %v", err)
 	}
 	return newPacketConn(&vlessPacketConn{Conn: c, rAddr: metadata.UDPAddr()}, v), nil
 }
 func parseVlessAddr(metadata *C.Metadata) *vless.DstAddr {
 	var addrType byte
 	var addr []byte
 	switch metadata.AddrType {
 	case C.AtypIPv4:
 		addrType = byte(vless.AtypIPv4)
 		addr = make([]byte, net.IPv4len)
 		copy(addr[:], metadata.DstIP.AsSlice())
 	case C.AtypIPv6:
 		addrType = byte(vless.AtypIPv6)
 		addr = make([]byte, net.IPv6len)
 		copy(addr[:], metadata.DstIP.AsSlice())
 	case C.AtypDomainName:
 		addrType = byte(vless.AtypDomainName)
 		addr = make([]byte, len(metadata.Host)+1)
 		addr[0] = byte(len(metadata.Host))
 		copy(addr[1:], []byte(metadata.Host))
 	}
 	port, _ := strconv.ParseUint(metadata.DstPort, 10, 16)
 	return &vless.DstAddr{
 		UDP:      metadata.NetWork == C.UDP,
 		AddrType: addrType,
 		Addr:     addr,
 		Port:     uint(port),
 	}
 }
 type vlessPacketConn struct {
 	net.Conn
 	rAddr  net.Addr
 	cache  [2]byte
 	remain int
 	mux    sync.Mutex
 }
 func (vc *vlessPacketConn) WriteTo(b []byte, addr net.Addr) (int, error) {
 	total := len(b)
 	if total == 0 {
 		return 0, nil
 	}
 	if total < maxLength {
 		return vc.writePacket(b)
 	}
 	offset := 0
 	for {
 		cursor := offset + maxLength
 		if cursor > total {
 			cursor = total
 		}
 		n, err := vc.writePacket(b[offset:cursor])
 		if err != nil {
 			return offset + n, err
 		}
 		offset = cursor
 		if offset == total {
 			break
 		}
 	}
 	return total, nil
 }
 func (vc *vlessPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
 	vc.mux.Lock()
 	defer vc.mux.Unlock()
 	if vc.remain != 0 {
 		length := len(b)
 		if length > vc.remain {
 			length = vc.remain
 		}
 		n, err := vc.Conn.Read(b[:length])
 		if err != nil {
 			return 0, vc.rAddr, err
 		}
 		vc.remain -= n
 		return n, vc.rAddr, nil
 	}
 	if _, err := vc.Conn.Read(b[:2]); err != nil {
 		return 0, vc.rAddr, err
 	}
 	total := int(binary.BigEndian.Uint16(b[:2]))
 	if total == 0 {
 		return 0, vc.rAddr, nil
 	}
 	length := len(b)
 	if length > total {
 		length = total
 	}
 	if _, err := io.ReadFull(vc.Conn, b[:length]); err != nil {
 		return 0, vc.rAddr, errors.New("read packet error")
 	}
 	vc.remain = total - length
 	return length, vc.rAddr, nil
 }
 func (vc *vlessPacketConn) writePacket(payload []byte) (int, error) {
 	binary.BigEndian.PutUint16(vc.cache[:], uint16(len(payload)))
 	if _, err := vc.Conn.Write(vc.cache[:]); err != nil {
 		return 0, err
 	}
 	return vc.Conn.Write(payload)
 }
 func NewVless(option VlessOption) (*Vless, error) {
 	var addons *vless.Addons
 	if option.Network != "ws" && len(option.Flow) >= 16 {
 		option.Flow = option.Flow[:16]
 		switch option.Flow {
 		case vless.XRO, vless.XRD, vless.XRS:
 			addons = &vless.Addons{
 				Flow: option.Flow,
 			}
 		default:
 			return nil, fmt.Errorf("unsupported xtls flow type: %s", option.Flow)
 		}
 	}
 	client, err := vless.NewClient(option.UUID, addons, option.FlowShow)
 	if err != nil {
 		return nil, err
 	}
 	v := &Vless{
 		Base: &Base{
 			name:  option.Name,
 			addr:  net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),
 			tp:    C.Vless,
 			udp:   option.UDP,
 			iface: option.Interface,
 		},
 		client: client,
 		option: &option,
 	}
 	switch option.Network {
 	case "h2":
 		if len(option.HTTP2Opts.Host) == 0 {
 			option.HTTP2Opts.Host = append(option.HTTP2Opts.Host, "www.example.com")
 		}
 	case "grpc":
 		dialFn := func(network, addr string) (net.Conn, error) {
 			c, err := dialer.DialContext(context.Background(), "tcp", v.addr, v.Base.DialOptions()...)
 			if err != nil {
 				return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 			}
 			tcpKeepAlive(c)
 			return c, nil
 		}
 		gunConfig := &gun.Config{
 			ServiceName: v.option.GrpcOpts.GrpcServiceName,
 			Host:        v.option.ServerName,
 		}
 		tlsConfig := &tls.Config{
 			InsecureSkipVerify: v.option.SkipCertVerify,
 			ServerName:         v.option.ServerName,
 		}
 		if v.option.ServerName == "" {
 			host, _, _ := net.SplitHostPort(v.addr)
 			tlsConfig.ServerName = host
 			gunConfig.Host = host
 		}
 		v.gunTLSConfig = tlsConfig
 		v.gunConfig = gunConfig
 		if v.isXTLSEnabled() {
 			v.transport = gun.NewHTTP2XTLSClient(dialFn, tlsConfig)
 		} else {
 			v.transport = gun.NewHTTP2Client(dialFn, tlsConfig)
 		}
 	}
 	return v, nil
 }
--- a/adapter/outbound/vmess.go
+++ b/adapter/outbound/vmess.go
@ -0,0 +1,378 @@
 package outbound
 import (
 	"context"
 	"crypto/tls"
 	"errors"
 	"fmt"
 	"net"
 	"net/http"
 	"strconv"
 	"strings"
 	"github.com/Dreamacro/clash/component/dialer"
 	"github.com/Dreamacro/clash/component/resolver"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/gun"
 	"github.com/Dreamacro/clash/transport/vmess"
 	"golang.org/x/net/http2"
 )
 type Vmess struct {
 	*Base
 	client *vmess.Client
 	option *VmessOption
 	// for gun mux
 	gunTLSConfig *tls.Config
 	gunConfig    *gun.Config
 	transport    *http2.Transport
 }
 type VmessOption struct {
 	BasicOption
 	Name           string       `proxy:"name"`
 	Server         string       `proxy:"server"`
 	Port           int          `proxy:"port"`
 	UUID           string       `proxy:"uuid"`
 	AlterID        int          `proxy:"alterId"`
 	Cipher         string       `proxy:"cipher"`
 	UDP            bool         `proxy:"udp,omitempty"`
 	Network        string       `proxy:"network,omitempty"`
 	TLS            bool         `proxy:"tls,omitempty"`
 	SkipCertVerify bool         `proxy:"skip-cert-verify,omitempty"`
 	ServerName     string       `proxy:"servername,omitempty"`
 	HTTPOpts       HTTPOptions  `proxy:"http-opts,omitempty"`
 	HTTP2Opts      HTTP2Options `proxy:"h2-opts,omitempty"`
 	GrpcOpts       GrpcOptions  `proxy:"grpc-opts,omitempty"`
 	WSOpts         WSOptions    `proxy:"ws-opts,omitempty"`
 	// TODO: compatible with VMESS WS older version configurations
 	WSHeaders map[string]string `proxy:"ws-headers,omitempty"`
 	WSPath    string            `proxy:"ws-path,omitempty"`
 }
 type HTTPOptions struct {
 	Method  string              `proxy:"method,omitempty"`
 	Path    []string            `proxy:"path,omitempty"`
 	Headers map[string][]string `proxy:"headers,omitempty"`
 }
 type HTTP2Options struct {
 	Host []string `proxy:"host,omitempty"`
 	Path string   `proxy:"path,omitempty"`
 }
 type GrpcOptions struct {
 	GrpcServiceName string `proxy:"grpc-service-name,omitempty"`
 }
 type WSOptions struct {
 	Path                string            `proxy:"path,omitempty"`
 	Headers             map[string]string `proxy:"headers,omitempty"`
 	MaxEarlyData        int               `proxy:"max-early-data,omitempty"`
 	EarlyDataHeaderName string            `proxy:"early-data-header-name,omitempty"`
 }
 // StreamConn implements C.ProxyAdapter
 func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	var err error
 	switch v.option.Network {
 	case "ws":
 		if v.option.WSOpts.Path == "" {
 			v.option.WSOpts.Path = v.option.WSPath
 		}
 		if len(v.option.WSOpts.Headers) == 0 {
 			v.option.WSOpts.Headers = v.option.WSHeaders
 		}
 		host, port, _ := net.SplitHostPort(v.addr)
 		wsOpts := &vmess.WebsocketConfig{
 			Host:                host,
 			Port:                port,
 			Path:                v.option.WSOpts.Path,
 			MaxEarlyData:        v.option.WSOpts.MaxEarlyData,
 			EarlyDataHeaderName: v.option.WSOpts.EarlyDataHeaderName,
 		}
 		if len(v.option.WSOpts.Headers) != 0 {
 			header := http.Header{}
 			for key, value := range v.option.WSOpts.Headers {
 				header.Add(key, value)
 			}
 			wsOpts.Headers = header
 		}
 		if v.option.TLS {
 			wsOpts.TLS = true
 			wsOpts.TLSConfig = &tls.Config{
 				ServerName:         host,
 				InsecureSkipVerify: v.option.SkipCertVerify,
 				NextProtos:         []string{"http/1.1"},
 			}
 			if v.option.ServerName != "" {
 				wsOpts.TLSConfig.ServerName = v.option.ServerName
 			} else if host := wsOpts.Headers.Get("Host"); host != "" {
 				wsOpts.TLSConfig.ServerName = host
 			}
 		}
 		c, err = vmess.StreamWebsocketConn(c, wsOpts)
 	case "http":
 		// readability first, so just copy default TLS logic
 		if v.option.TLS {
 			host, _, _ := net.SplitHostPort(v.addr)
 			tlsOpts := &vmess.TLSConfig{
 				Host:           host,
 				SkipCertVerify: v.option.SkipCertVerify,
 			}
 			if v.option.ServerName != "" {
 				tlsOpts.Host = v.option.ServerName
 			}
 			c, err = vmess.StreamTLSConn(c, tlsOpts)
 			if err != nil {
 				return nil, err
 			}
 		}
 		host, _, _ := net.SplitHostPort(v.addr)
 		httpOpts := &vmess.HTTPConfig{
 			Host:    host,
 			Method:  v.option.HTTPOpts.Method,
 			Path:    v.option.HTTPOpts.Path,
 			Headers: v.option.HTTPOpts.Headers,
 		}
 		c = vmess.StreamHTTPConn(c, httpOpts)
 	case "h2":
 		host, _, _ := net.SplitHostPort(v.addr)
 		tlsOpts := vmess.TLSConfig{
 			Host:           host,
 			SkipCertVerify: v.option.SkipCertVerify,
 			NextProtos:     []string{"h2"},
 		}
 		if v.option.ServerName != "" {
 			tlsOpts.Host = v.option.ServerName
 		}
 		c, err = vmess.StreamTLSConn(c, &tlsOpts)
 		if err != nil {
 			return nil, err
 		}
 		h2Opts := &vmess.H2Config{
 			Hosts: v.option.HTTP2Opts.Host,
 			Path:  v.option.HTTP2Opts.Path,
 		}
 		c, err = vmess.StreamH2Conn(c, h2Opts)
 	case "grpc":
 		c, err = gun.StreamGunWithConn(c, v.gunTLSConfig, v.gunConfig)
 	default:
 		// handle TLS
 		if v.option.TLS {
 			host, _, _ := net.SplitHostPort(v.addr)
 			tlsOpts := &vmess.TLSConfig{
 				Host:           host,
 				SkipCertVerify: v.option.SkipCertVerify,
 			}
 			if v.option.ServerName != "" {
 				tlsOpts.Host = v.option.ServerName
 			}
 			c, err = vmess.StreamTLSConn(c, tlsOpts)
 		}
 	}
 	if err != nil {
 		return nil, err
 	}
 	return v.client.StreamConn(c, parseVmessAddr(metadata))
 }
 // DialContext implements C.ProxyAdapter
 func (v *Vmess) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.Conn, err error) {
 	// gun transport
 	if v.transport != nil && len(opts) == 0 {
 		c, err := gun.StreamGunWithTransport(v.transport, v.gunConfig)
 		if err != nil {
 			return nil, err
 		}
 		defer safeConnClose(c, err)
 		c, err = v.client.StreamConn(c, parseVmessAddr(metadata))
 		if err != nil {
 			return nil, err
 		}
 		return NewConn(c, v), nil
 	}
 	c, err := dialer.DialContext(ctx, "tcp", v.addr, v.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 	}
 	tcpKeepAlive(c)
 	defer safeConnClose(c, err)
 	c, err = v.StreamConn(c, metadata)
 	return NewConn(c, v), err
 }
 // ListenPacketContext implements C.ProxyAdapter
 func (v *Vmess) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.PacketConn, err error) {
 	// vmess use stream-oriented udp with a special address, so we needs a net.UDPAddr
 	if !metadata.Resolved() {
 		ip, err := resolver.ResolveIP(metadata.Host)
 		if err != nil {
 			return nil, errors.New("can't resolve ip")
 		}
 		metadata.DstIP = ip
 	}
 	var c net.Conn
 	// gun transport
 	if v.transport != nil && len(opts) == 0 {
 		c, err = gun.StreamGunWithTransport(v.transport, v.gunConfig)
 		if err != nil {
 			return nil, err
 		}
 		defer safeConnClose(c, err)
 		c, err = v.client.StreamConn(c, parseVmessAddr(metadata))
 	} else {
 		c, err = dialer.DialContext(ctx, "tcp", v.addr, v.Base.DialOptions(opts...)...)
 		if err != nil {
 			return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 		}
 		tcpKeepAlive(c)
 		defer safeConnClose(c, err)
 		c, err = v.StreamConn(c, metadata)
 	}
 	if err != nil {
 		return nil, fmt.Errorf("new vmess client error: %v", err)
 	}
 	return newPacketConn(&vmessPacketConn{Conn: c, rAddr: metadata.UDPAddr()}, v), nil
 }
 func NewVmess(option VmessOption) (*Vmess, error) {
 	security := strings.ToLower(option.Cipher)
 	client, err := vmess.NewClient(vmess.Config{
 		UUID:     option.UUID,
 		AlterID:  uint16(option.AlterID),
 		Security: security,
 		HostName: option.Server,
 		Port:     strconv.Itoa(option.Port),
 		IsAead:   option.AlterID == 0,
 	})
 	if err != nil {
 		return nil, err
 	}
 	switch option.Network {
 	case "h2", "grpc":
 		if !option.TLS {
 			return nil, fmt.Errorf("TLS must be true with h2/grpc network")
 		}
 	}
 	v := &Vmess{
 		Base: &Base{
 			name:  option.Name,
 			addr:  net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),
 			tp:    C.Vmess,
 			udp:   option.UDP,
 			iface: option.Interface,
 			rmark: option.RoutingMark,
 		},
 		client: client,
 		option: &option,
 	}
 	switch option.Network {
 	case "h2":
 		if len(option.HTTP2Opts.Host) == 0 {
 			option.HTTP2Opts.Host = append(option.HTTP2Opts.Host, "www.example.com")
 		}
 	case "grpc":
 		dialFn := func(network, addr string) (net.Conn, error) {
 			c, err := dialer.DialContext(context.Background(), "tcp", v.addr, v.Base.DialOptions()...)
 			if err != nil {
 				return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 			}
 			tcpKeepAlive(c)
 			return c, nil
 		}
 		gunConfig := &gun.Config{
 			ServiceName: v.option.GrpcOpts.GrpcServiceName,
 			Host:        v.option.ServerName,
 		}
 		tlsConfig := &tls.Config{
 			InsecureSkipVerify: v.option.SkipCertVerify,
 			ServerName:         v.option.ServerName,
 		}
 		if v.option.ServerName == "" {
 			host, _, _ := net.SplitHostPort(v.addr)
 			tlsConfig.ServerName = host
 			gunConfig.Host = host
 		}
 		v.gunTLSConfig = tlsConfig
 		v.gunConfig = gunConfig
 		v.transport = gun.NewHTTP2Client(dialFn, tlsConfig)
 	}
 	return v, nil
 }
 func parseVmessAddr(metadata *C.Metadata) *vmess.DstAddr {
 	var addrType byte
 	var addr []byte
 	switch metadata.AddrType {
 	case C.AtypIPv4:
 		addrType = byte(vmess.AtypIPv4)
 		addr = make([]byte, net.IPv4len)
 		copy(addr[:], metadata.DstIP.AsSlice())
 	case C.AtypIPv6:
 		addrType = byte(vmess.AtypIPv6)
 		addr = make([]byte, net.IPv6len)
 		copy(addr[:], metadata.DstIP.AsSlice())
 	case C.AtypDomainName:
 		addrType = byte(vmess.AtypDomainName)
 		addr = make([]byte, len(metadata.Host)+1)
 		addr[0] = byte(len(metadata.Host))
 		copy(addr[1:], []byte(metadata.Host))
 	}
 	port, _ := strconv.ParseUint(metadata.DstPort, 10, 16)
 	return &vmess.DstAddr{
 		UDP:      metadata.NetWork == C.UDP,
 		AddrType: addrType,
 		Addr:     addr,
 		Port:     uint(port),
 	}
 }
 type vmessPacketConn struct {
 	net.Conn
 	rAddr net.Addr
 }
 func (uc *vmessPacketConn) WriteTo(b []byte, addr net.Addr) (int, error) {
 	return uc.Conn.Write(b)
 }
 func (uc *vmessPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
 	n, err := uc.Conn.Read(b)
 	return n, uc.rAddr, err
 }
--- a/adapter/outboundgroup/common.go
+++ b/adapter/outboundgroup/common.go
@ -0,0 +1,24 @@
 package outboundgroup
 import (
 	"time"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
 )
 const (
 	defaultGetProxiesDuration = time.Second * 5
 )
 func getProvidersProxies(providers []provider.ProxyProvider, touch bool) []C.Proxy {
 	proxies := []C.Proxy{}
 	for _, provider := range providers {
 		if touch {
 			proxies = append(proxies, provider.ProxiesWithTouch()...)
 		} else {
 			proxies = append(proxies, provider.Proxies()...)
 		}
 	}
 	return proxies
 }
--- a/adapter/outboundgroup/fallback.go
+++ b/adapter/outboundgroup/fallback.go
@ -0,0 +1,106 @@
 package outboundgroup
 import (
 	"context"
 	"encoding/json"
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/common/singledo"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
 )
 type Fallback struct {
 	*outbound.Base
 	disableUDP bool
 	single     *singledo.Single[[]C.Proxy]
 	providers  []provider.ProxyProvider
 }
 func (f *Fallback) Now() string {
 	proxy := f.findAliveProxy(false)
 	return proxy.Name()
 }
 // DialContext implements C.ProxyAdapter
 func (f *Fallback) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
 	proxy := f.findAliveProxy(true)
 	c, err := proxy.DialContext(ctx, metadata, f.Base.DialOptions(opts...)...)
 	if err == nil {
 		c.AppendToChains(f)
 	}
 	return c, err
 }
 // ListenPacketContext implements C.ProxyAdapter
 func (f *Fallback) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
 	proxy := f.findAliveProxy(true)
 	pc, err := proxy.ListenPacketContext(ctx, metadata, f.Base.DialOptions(opts...)...)
 	if err == nil {
 		pc.AppendToChains(f)
 	}
 	return pc, err
 }
 // SupportUDP implements C.ProxyAdapter
 func (f *Fallback) SupportUDP() bool {
 	if f.disableUDP {
 		return false
 	}
 	proxy := f.findAliveProxy(false)
 	return proxy.SupportUDP()
 }
 // MarshalJSON implements C.ProxyAdapter
 func (f *Fallback) MarshalJSON() ([]byte, error) {
 	var all []string
 	for _, proxy := range f.proxies(false) {
 		all = append(all, proxy.Name())
 	}
 	return json.Marshal(map[string]any{
 		"type": f.Type().String(),
 		"now":  f.Now(),
 		"all":  all,
 	})
 }
 // Unwrap implements C.ProxyAdapter
 func (f *Fallback) Unwrap(metadata *C.Metadata) C.Proxy {
 	proxy := f.findAliveProxy(true)
 	return proxy
 }
 func (f *Fallback) proxies(touch bool) []C.Proxy {
 	elm, _, _ := f.single.Do(func() ([]C.Proxy, error) {
 		return getProvidersProxies(f.providers, touch), nil
 	})
 	return elm
 }
 func (f *Fallback) findAliveProxy(touch bool) C.Proxy {
 	proxies := f.proxies(touch)
 	for _, proxy := range proxies {
 		if proxy.Alive() {
 			return proxy
 		}
 	}
 	return proxies[0]
 }
 func NewFallback(option *GroupCommonOption, providers []provider.ProxyProvider) *Fallback {
 	return &Fallback{
 		Base: outbound.NewBase(outbound.BaseOption{
 			Name:        option.Name,
 			Type:        C.Fallback,
 			Interface:   option.Interface,
 			RoutingMark: option.RoutingMark,
 		}),
 		single:     singledo.NewSingle[[]C.Proxy](defaultGetProxiesDuration),
 		providers:  providers,
 		disableUDP: option.DisableUDP,
 	}
 }
--- a/adapter/outboundgroup/loadbalance.go
+++ b/adapter/outboundgroup/loadbalance.go
@ -0,0 +1,184 @@
 package outboundgroup
 import (
 	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"net"
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/common/murmur3"
 	"github.com/Dreamacro/clash/common/singledo"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
 	"golang.org/x/net/publicsuffix"
 )
 type strategyFn = func(proxies []C.Proxy, metadata *C.Metadata) C.Proxy
 type LoadBalance struct {
 	*outbound.Base
 	disableUDP bool
 	single     *singledo.Single[[]C.Proxy]
 	providers  []provider.ProxyProvider
 	strategyFn strategyFn
 }
 var errStrategy = errors.New("unsupported strategy")
 func parseStrategy(config map[string]any) string {
 	if elm, ok := config["strategy"]; ok {
 		if strategy, ok := elm.(string); ok {
 			return strategy
 		}
 	}
 	return "consistent-hashing"
 }
 func getKey(metadata *C.Metadata) string {
 	if metadata.Host != "" {
 		// ip host
 		if ip := net.ParseIP(metadata.Host); ip != nil {
 			return metadata.Host
 		}
 		if etld, err := publicsuffix.EffectiveTLDPlusOne(metadata.Host); err == nil {
 			return etld
 		}
 	}
 	if !metadata.DstIP.IsValid() {
 		return ""
 	}
 	return metadata.DstIP.String()
 }
 func jumpHash(key uint64, buckets int32) int32 {
 	var b, j int64
 	for j < int64(buckets) {
 		b = j
 		key = key*2862933555777941757 + 1
 		j = int64(float64(b+1) * (float64(int64(1)<<31) / float64((key>>33)+1)))
 	}
 	return int32(b)
 }
 // DialContext implements C.ProxyAdapter
 func (lb *LoadBalance) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (c C.Conn, err error) {
 	defer func() {
 		if err == nil {
 			c.AppendToChains(lb)
 		}
 	}()
 	proxy := lb.Unwrap(metadata)
 	c, err = proxy.DialContext(ctx, metadata, lb.Base.DialOptions(opts...)...)
 	return
 }
 // ListenPacketContext implements C.ProxyAdapter
 func (lb *LoadBalance) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (pc C.PacketConn, err error) {
 	defer func() {
 		if err == nil {
 			pc.AppendToChains(lb)
 		}
 	}()
 	proxy := lb.Unwrap(metadata)
 	return proxy.ListenPacketContext(ctx, metadata, lb.Base.DialOptions(opts...)...)
 }
 // SupportUDP implements C.ProxyAdapter
 func (lb *LoadBalance) SupportUDP() bool {
 	return !lb.disableUDP
 }
 func strategyRoundRobin() strategyFn {
 	idx := 0
 	return func(proxies []C.Proxy, metadata *C.Metadata) C.Proxy {
 		length := len(proxies)
 		for i := 0; i < length; i++ {
 			idx = (idx + 1) % length
 			proxy := proxies[idx]
 			if proxy.Alive() {
 				return proxy
 			}
 		}
 		return proxies[0]
 	}
 }
 func strategyConsistentHashing() strategyFn {
 	maxRetry := 5
 	return func(proxies []C.Proxy, metadata *C.Metadata) C.Proxy {
 		key := uint64(murmur3.Sum32([]byte(getKey(metadata))))
 		buckets := int32(len(proxies))
 		for i := 0; i < maxRetry; i, key = i+1, key+1 {
 			idx := jumpHash(key, buckets)
 			proxy := proxies[idx]
 			if proxy.Alive() {
 				return proxy
 			}
 		}
 		return proxies[0]
 	}
 }
 // Unwrap implements C.ProxyAdapter
 func (lb *LoadBalance) Unwrap(metadata *C.Metadata) C.Proxy {
 	proxies := lb.proxies(true)
 	return lb.strategyFn(proxies, metadata)
 }
 func (lb *LoadBalance) proxies(touch bool) []C.Proxy {
 	elm, _, _ := lb.single.Do(func() ([]C.Proxy, error) {
 		return getProvidersProxies(lb.providers, touch), nil
 	})
 	return elm
 }
 // MarshalJSON implements C.ProxyAdapter
 func (lb *LoadBalance) MarshalJSON() ([]byte, error) {
 	var all []string
 	for _, proxy := range lb.proxies(false) {
 		all = append(all, proxy.Name())
 	}
 	return json.Marshal(map[string]any{
 		"type": lb.Type().String(),
 		"all":  all,
 	})
 }
 func NewLoadBalance(option *GroupCommonOption, providers []provider.ProxyProvider, strategy string) (lb *LoadBalance, err error) {
 	var strategyFn strategyFn
 	switch strategy {
 	case "consistent-hashing":
 		strategyFn = strategyConsistentHashing()
 	case "round-robin":
 		strategyFn = strategyRoundRobin()
 	default:
 		return nil, fmt.Errorf("%w: %s", errStrategy, strategy)
 	}
 	return &LoadBalance{
 		Base: outbound.NewBase(outbound.BaseOption{
 			Name:        option.Name,
 			Type:        C.LoadBalance,
 			Interface:   option.Interface,
 			RoutingMark: option.RoutingMark,
 		}),
 		single:     singledo.NewSingle[[]C.Proxy](defaultGetProxiesDuration),
 		providers:  providers,
 		strategyFn: strategyFn,
 		disableUDP: option.DisableUDP,
 	}, nil
 }
--- a/adapters/outboundgroup/parser.go
+++ b/adapters/outboundgroup/parser.go
@ -4,33 +4,39 @@ import (
 	"errors"
 	"fmt"
-	"github.com/Dreamacro/clash/adapters/provider"
+	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/adapter/provider"
 	"github.com/Dreamacro/clash/common/structure"
 	C "github.com/Dreamacro/clash/constant"
 	types "github.com/Dreamacro/clash/constant/provider"
 )
 var (
 	errFormat            = errors.New("format error")
 	errType              = errors.New("unsupport type")
 	errMissUse           = errors.New("`use` field should not be empty")
 	errMissProxy         = errors.New("`use` or `proxies` missing")
 	errMissHealthCheck   = errors.New("`url` or `interval` missing")
-	errDuplicateProvider = errors.New("`duplicate provider name")
+	errDuplicateProvider = errors.New("duplicate provider name")
 )
 type GroupCommonOption struct {
-	Name     string   `group:"name"`
+	outbound.BasicOption
-	Type     string   `group:"type"`
+	Name       string   `group:"name"`
-	Proxies  []string `group:"proxies,omitempty"`
+	Type       string   `group:"type"`
-	Use      []string `group:"use,omitempty"`
+	Proxies    []string `group:"proxies,omitempty"`
-	URL      string   `group:"url,omitempty"`
+	Use        []string `group:"use,omitempty"`
-	Interval int      `group:"interval,omitempty"`
+	URL        string   `group:"url,omitempty"`
 	Interval   int      `group:"interval,omitempty"`
 	Lazy       bool     `group:"lazy,omitempty"`
 	DisableUDP bool     `group:"disable-udp,omitempty"`
 }
-func ParseProxyGroup(config map[string]interface{}, proxyMap map[string]C.Proxy, providersMap map[string]provider.ProxyProvider) (C.ProxyAdapter, error) {
+func ParseProxyGroup(config map[string]any, proxyMap map[string]C.Proxy, providersMap map[string]types.ProxyProvider) (C.ProxyAdapter, error) {
 	decoder := structure.NewDecoder(structure.Option{TagName: "group", WeaklyTypedInput: true})
-	groupOption := &GroupCommonOption{}
+	groupOption := &GroupCommonOption{
 		Lazy: true,
 	}
 	if err := decoder.Decode(config, groupOption); err != nil {
 		return nil, errFormat
 	}
@ -41,7 +47,7 @@ func ParseProxyGroup(config map[string]interface{}, proxyMap map[string]C.Proxy,
 	groupName := groupOption.Name
-	providers := []provider.ProxyProvider{}
+	providers := []types.ProxyProvider{}
 	if len(groupOption.Proxies) == 0 && len(groupOption.Use) == 0 {
 		return nil, errMissProxy
@ -53,40 +59,33 @@ func ParseProxyGroup(config map[string]interface{}, proxyMap map[string]C.Proxy,
 			return nil, err
 		}
-		// if Use not empty, drop health check options
+		if _, ok := providersMap[groupName]; ok {
-		if len(groupOption.Use) != 0 {
+			return nil, errDuplicateProvider
-			hc := provider.NewHealthCheck(ps, "", 0)
+		}
 		// select don't need health check
 		if groupOption.Type == "select" || groupOption.Type == "relay" {
 			hc := provider.NewHealthCheck(ps, "", 0, true)
 			pd, err := provider.NewCompatibleProvider(groupName, ps, hc)
 			if err != nil {
 				return nil, err
 			}
 			providers = append(providers, pd)
 			providersMap[groupName] = pd
 		} else {
-			// select don't need health check
+			if groupOption.URL == "" || groupOption.Interval == 0 {
-			if groupOption.Type == "select" || groupOption.Type == "relay" {
+				return nil, errMissHealthCheck
 				hc := provider.NewHealthCheck(ps, "", 0)
 				pd, err := provider.NewCompatibleProvider(groupName, ps, hc)
 				if err != nil {
 					return nil, err
 				}
 				providers = append(providers, pd)
 				providersMap[groupName] = pd
 			} else {
 				if groupOption.URL == "" || groupOption.Interval == 0 {
 					return nil, errMissHealthCheck
 				}
 				hc := provider.NewHealthCheck(ps, groupOption.URL, uint(groupOption.Interval))
 				pd, err := provider.NewCompatibleProvider(groupName, ps, hc)
 				if err != nil {
 					return nil, err
 				}
 				providers = append(providers, pd)
 				providersMap[groupName] = pd
 			}
 			hc := provider.NewHealthCheck(ps, groupOption.URL, uint(groupOption.Interval), groupOption.Lazy)
 			pd, err := provider.NewCompatibleProvider(groupName, ps, hc)
 			if err != nil {
 				return nil, err
 			}
 			providers = append(providers, pd)
 			providersMap[groupName] = pd
 		}
 	}
@ -101,15 +100,17 @@ func ParseProxyGroup(config map[string]interface{}, proxyMap map[string]C.Proxy,
 	var group C.ProxyAdapter
 	switch groupOption.Type {
 	case "url-test":
-		group = NewURLTest(groupName, providers)
+		opts := parseURLTestOption(config)
 		group = NewURLTest(groupOption, providers, opts...)
 	case "select":
-		group = NewSelector(groupName, providers)
+		group = NewSelector(groupOption, providers)
 	case "fallback":
-		group = NewFallback(groupName, providers)
+		group = NewFallback(groupOption, providers)
 	case "load-balance":
-		group = NewLoadBalance(groupName, providers)
+		strategy := parseStrategy(config)
 		return NewLoadBalance(groupOption, providers, strategy)
 	case "relay":
-		group = NewRelay(groupName, providers)
+		group = NewRelay(groupOption, providers)
 	default:
 		return nil, fmt.Errorf("%w: %s", errType, groupOption.Type)
 	}
@ -129,15 +130,15 @@ func getProxies(mapping map[string]C.Proxy, list []string) ([]C.Proxy, error) {
 	return ps, nil
 }
-func getProviders(mapping map[string]provider.ProxyProvider, list []string) ([]provider.ProxyProvider, error) {
+func getProviders(mapping map[string]types.ProxyProvider, list []string) ([]types.ProxyProvider, error) {
-	var ps []provider.ProxyProvider
+	var ps []types.ProxyProvider
 	for _, name := range list {
 		p, ok := mapping[name]
 		if !ok {
 			return nil, fmt.Errorf("'%s' not found", name)
 		}
-		if p.VehicleType() == provider.Compatible {
+		if p.VehicleType() == types.Compatible {
 			return nil, fmt.Errorf("proxy group %s can't contains in `use`", name)
 		}
 		ps = append(ps, p)
--- a/adapter/outboundgroup/relay.go
+++ b/adapter/outboundgroup/relay.go
@ -0,0 +1,114 @@
 package outboundgroup
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/common/singledo"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
 )
 type Relay struct {
 	*outbound.Base
 	single    *singledo.Single[[]C.Proxy]
 	providers []provider.ProxyProvider
 }
 // DialContext implements C.ProxyAdapter
 func (r *Relay) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
 	var proxies []C.Proxy
 	for _, proxy := range r.proxies(metadata, true) {
 		if proxy.Type() != C.Direct {
 			proxies = append(proxies, proxy)
 		}
 	}
 	switch len(proxies) {
 	case 0:
 		return outbound.NewDirect().DialContext(ctx, metadata, r.Base.DialOptions(opts...)...)
 	case 1:
 		return proxies[0].DialContext(ctx, metadata, r.Base.DialOptions(opts...)...)
 	}
 	first := proxies[0]
 	last := proxies[len(proxies)-1]
 	c, err := dialer.DialContext(ctx, "tcp", first.Addr(), r.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", first.Addr(), err)
 	}
 	tcpKeepAlive(c)
 	var currentMeta *C.Metadata
 	for _, proxy := range proxies[1:] {
 		currentMeta, err = addrToMetadata(proxy.Addr())
 		if err != nil {
 			return nil, err
 		}
 		c, err = first.StreamConn(c, currentMeta)
 		if err != nil {
 			return nil, fmt.Errorf("%s connect error: %w", first.Addr(), err)
 		}
 		first = proxy
 	}
 	c, err = last.StreamConn(c, metadata)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", last.Addr(), err)
 	}
 	return outbound.NewConn(c, r), nil
 }
 // MarshalJSON implements C.ProxyAdapter
 func (r *Relay) MarshalJSON() ([]byte, error) {
 	var all []string
 	for _, proxy := range r.rawProxies(false) {
 		all = append(all, proxy.Name())
 	}
 	return json.Marshal(map[string]any{
 		"type": r.Type().String(),
 		"all":  all,
 	})
 }
 func (r *Relay) rawProxies(touch bool) []C.Proxy {
 	elm, _, _ := r.single.Do(func() ([]C.Proxy, error) {
 		return getProvidersProxies(r.providers, touch), nil
 	})
 	return elm
 }
 func (r *Relay) proxies(metadata *C.Metadata, touch bool) []C.Proxy {
 	proxies := r.rawProxies(touch)
 	for n, proxy := range proxies {
 		subproxy := proxy.Unwrap(metadata)
 		for subproxy != nil {
 			proxies[n] = subproxy
 			subproxy = subproxy.Unwrap(metadata)
 		}
 	}
 	return proxies
 }
 func NewRelay(option *GroupCommonOption, providers []provider.ProxyProvider) *Relay {
 	return &Relay{
 		Base: outbound.NewBase(outbound.BaseOption{
 			Name:        option.Name,
 			Type:        C.Relay,
 			Interface:   option.Interface,
 			RoutingMark: option.RoutingMark,
 		}),
 		single:    singledo.NewSingle[[]C.Proxy](defaultGetProxiesDuration),
 		providers: providers,
 	}
 }
--- a/adapter/outboundgroup/selector.go
+++ b/adapter/outboundgroup/selector.go
@ -0,0 +1,114 @@
 package outboundgroup
 import (
 	"context"
 	"encoding/json"
 	"errors"
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/common/singledo"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
 )
 type Selector struct {
 	*outbound.Base
 	disableUDP bool
 	single     *singledo.Single[C.Proxy]
 	selected   string
 	providers  []provider.ProxyProvider
 }
 // DialContext implements C.ProxyAdapter
 func (s *Selector) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
 	c, err := s.selectedProxy(true).DialContext(ctx, metadata, s.Base.DialOptions(opts...)...)
 	if err == nil {
 		c.AppendToChains(s)
 	}
 	return c, err
 }
 // ListenPacketContext implements C.ProxyAdapter
 func (s *Selector) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
 	pc, err := s.selectedProxy(true).ListenPacketContext(ctx, metadata, s.Base.DialOptions(opts...)...)
 	if err == nil {
 		pc.AppendToChains(s)
 	}
 	return pc, err
 }
 // SupportUDP implements C.ProxyAdapter
 func (s *Selector) SupportUDP() bool {
 	if s.disableUDP {
 		return false
 	}
 	return s.selectedProxy(false).SupportUDP()
 }
 // MarshalJSON implements C.ProxyAdapter
 func (s *Selector) MarshalJSON() ([]byte, error) {
 	var all []string
 	for _, proxy := range getProvidersProxies(s.providers, false) {
 		all = append(all, proxy.Name())
 	}
 	return json.Marshal(map[string]any{
 		"type": s.Type().String(),
 		"now":  s.Now(),
 		"all":  all,
 	})
 }
 func (s *Selector) Now() string {
 	return s.selectedProxy(false).Name()
 }
 func (s *Selector) Set(name string) error {
 	for _, proxy := range getProvidersProxies(s.providers, false) {
 		if proxy.Name() == name {
 			s.selected = name
 			s.single.Reset()
 			return nil
 		}
 	}
 	return errors.New("proxy not exist")
 }
 // Unwrap implements C.ProxyAdapter
 func (s *Selector) Unwrap(metadata *C.Metadata) C.Proxy {
 	return s.selectedProxy(true)
 }
 func (s *Selector) selectedProxy(touch bool) C.Proxy {
 	elm, _, _ := s.single.Do(func() (C.Proxy, error) {
 		proxies := getProvidersProxies(s.providers, touch)
 		for _, proxy := range proxies {
 			if proxy.Name() == s.selected {
 				return proxy, nil
 			}
 		}
 		return proxies[0], nil
 	})
 	return elm
 }
 func NewSelector(option *GroupCommonOption, providers []provider.ProxyProvider) *Selector {
 	selected := providers[0].Proxies()[0].Name()
 	return &Selector{
 		Base: outbound.NewBase(outbound.BaseOption{
 			Name:        option.Name,
 			Type:        C.Selector,
 			Interface:   option.Interface,
 			RoutingMark: option.RoutingMark,
 		}),
 		single:     singledo.NewSingle[C.Proxy](defaultGetProxiesDuration),
 		providers:  providers,
 		selected:   selected,
 		disableUDP: option.DisableUDP,
 	}
 }
--- a/adapter/outboundgroup/urltest.go
+++ b/adapter/outboundgroup/urltest.go
@ -0,0 +1,156 @@
 package outboundgroup
 import (
 	"context"
 	"encoding/json"
 	"time"
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/common/singledo"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
 )
 type urlTestOption func(*URLTest)
 func urlTestWithTolerance(tolerance uint16) urlTestOption {
 	return func(u *URLTest) {
 		u.tolerance = tolerance
 	}
 }
 type URLTest struct {
 	*outbound.Base
 	tolerance  uint16
 	disableUDP bool
 	fastNode   C.Proxy
 	single     *singledo.Single[[]C.Proxy]
 	fastSingle *singledo.Single[C.Proxy]
 	providers  []provider.ProxyProvider
 }
 func (u *URLTest) Now() string {
 	return u.fast(false).Name()
 }
 // DialContext implements C.ProxyAdapter
 func (u *URLTest) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (c C.Conn, err error) {
 	c, err = u.fast(true).DialContext(ctx, metadata, u.Base.DialOptions(opts...)...)
 	if err == nil {
 		c.AppendToChains(u)
 	}
 	return c, err
 }
 // ListenPacketContext implements C.ProxyAdapter
 func (u *URLTest) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
 	pc, err := u.fast(true).ListenPacketContext(ctx, metadata, u.Base.DialOptions(opts...)...)
 	if err == nil {
 		pc.AppendToChains(u)
 	}
 	return pc, err
 }
 // Unwrap implements C.ProxyAdapter
 func (u *URLTest) Unwrap(metadata *C.Metadata) C.Proxy {
 	return u.fast(true)
 }
 func (u *URLTest) proxies(touch bool) []C.Proxy {
 	elm, _, _ := u.single.Do(func() ([]C.Proxy, error) {
 		return getProvidersProxies(u.providers, touch), nil
 	})
 	return elm
 }
 func (u *URLTest) fast(touch bool) C.Proxy {
 	elm, _, _ := u.fastSingle.Do(func() (C.Proxy, error) {
 		proxies := u.proxies(touch)
 		fast := proxies[0]
 		min := fast.LastDelay()
 		fastNotExist := true
 		for _, proxy := range proxies[1:] {
 			if u.fastNode != nil && proxy.Name() == u.fastNode.Name() {
 				fastNotExist = false
 			}
 			if !proxy.Alive() {
 				continue
 			}
 			delay := proxy.LastDelay()
 			if delay < min {
 				fast = proxy
 				min = delay
 			}
 		}
 		// tolerance
 		if u.fastNode == nil || fastNotExist || !u.fastNode.Alive() || u.fastNode.LastDelay() > fast.LastDelay()+u.tolerance {
 			u.fastNode = fast
 		}
 		return u.fastNode, nil
 	})
 	return elm
 }
 // SupportUDP implements C.ProxyAdapter
 func (u *URLTest) SupportUDP() bool {
 	if u.disableUDP {
 		return false
 	}
 	return u.fast(false).SupportUDP()
 }
 // MarshalJSON implements C.ProxyAdapter
 func (u *URLTest) MarshalJSON() ([]byte, error) {
 	var all []string
 	for _, proxy := range u.proxies(false) {
 		all = append(all, proxy.Name())
 	}
 	return json.Marshal(map[string]any{
 		"type": u.Type().String(),
 		"now":  u.Now(),
 		"all":  all,
 	})
 }
 func parseURLTestOption(config map[string]any) []urlTestOption {
 	opts := []urlTestOption{}
 	// tolerance
 	if elm, ok := config["tolerance"]; ok {
 		if tolerance, ok := elm.(int); ok {
 			opts = append(opts, urlTestWithTolerance(uint16(tolerance)))
 		}
 	}
 	return opts
 }
 func NewURLTest(option *GroupCommonOption, providers []provider.ProxyProvider, options ...urlTestOption) *URLTest {
 	urlTest := &URLTest{
 		Base: outbound.NewBase(outbound.BaseOption{
 			Name:        option.Name,
 			Type:        C.URLTest,
 			Interface:   option.Interface,
 			RoutingMark: option.RoutingMark,
 		}),
 		single:     singledo.NewSingle[[]C.Proxy](defaultGetProxiesDuration),
 		fastSingle: singledo.NewSingle[C.Proxy](time.Second * 10),
 		providers:  providers,
 		disableUDP: option.DisableUDP,
 	}
 	for _, option := range options {
 		option(urlTest)
 	}
 	return urlTest
 }
--- a/adapters/outboundgroup/util.go
+++ b/adapters/outboundgroup/util.go
@ -3,6 +3,7 @@ package outboundgroup
 import (
 	"fmt"
 	"net"
 	"net/netip"
 	"time"
 	C "github.com/Dreamacro/clash/constant"
@ -15,39 +16,37 @@ func addrToMetadata(rawAddress string) (addr *C.Metadata, err error) {
 		return
 	}
-	ip := net.ParseIP(host)
+	ip, err := netip.ParseAddr(host)
-	if ip != nil {
+	if err != nil {
 		if ip.To4() != nil {
 			addr = &C.Metadata{
 				AddrType: C.AtypIPv4,
 				Host:     "",
 				DstIP:    ip,
 				DstPort:  port,
 			}
 			return
 		} else {
 			addr = &C.Metadata{
 				AddrType: C.AtypIPv6,
 				Host:     "",
 				DstIP:    ip,
 				DstPort:  port,
 			}
 			return
 		}
 	} else {
 		addr = &C.Metadata{
 			AddrType: C.AtypDomainName,
 			Host:     host,
-			DstIP:    nil,
+			DstIP:    netip.Addr{},
 			DstPort:  port,
 		}
 		return
 	} else if ip.Is4() {
 		addr = &C.Metadata{
 			AddrType: C.AtypIPv4,
 			Host:     "",
 			DstIP:    ip,
 			DstPort:  port,
 		}
 		return
 	}
 	addr = &C.Metadata{
 		AddrType: C.AtypIPv6,
 		Host:     "",
 		DstIP:    ip,
 		DstPort:  port,
 	}
 	return
 }
 func tcpKeepAlive(c net.Conn) {
 	if tcp, ok := c.(*net.TCPConn); ok {
-		tcp.SetKeepAlive(true)
+		_ = tcp.SetKeepAlive(true)
-		tcp.SetKeepAlivePeriod(30 * time.Second)
+		_ = tcp.SetKeepAlivePeriod(30 * time.Second)
 	}
 }
--- a/adapter/parser.go
+++ b/adapter/parser.go
@ -0,0 +1,93 @@
 package adapter
 import (
 	"fmt"
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/common/structure"
 	C "github.com/Dreamacro/clash/constant"
 )
 func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 	decoder := structure.NewDecoder(structure.Option{TagName: "proxy", WeaklyTypedInput: true})
 	proxyType, existType := mapping["type"].(string)
 	if !existType {
 		return nil, fmt.Errorf("missing type")
 	}
 	var (
 		proxy C.ProxyAdapter
 		err   error
 	)
 	switch proxyType {
 	case "ss":
 		ssOption := &outbound.ShadowSocksOption{}
 		err = decoder.Decode(mapping, ssOption)
 		if err != nil {
 			break
 		}
 		proxy, err = outbound.NewShadowSocks(*ssOption)
 	case "ssr":
 		ssrOption := &outbound.ShadowSocksROption{}
 		err = decoder.Decode(mapping, ssrOption)
 		if err != nil {
 			break
 		}
 		proxy, err = outbound.NewShadowSocksR(*ssrOption)
 	case "socks5":
 		socksOption := &outbound.Socks5Option{}
 		err = decoder.Decode(mapping, socksOption)
 		if err != nil {
 			break
 		}
 		proxy = outbound.NewSocks5(*socksOption)
 	case "http":
 		httpOption := &outbound.HttpOption{}
 		err = decoder.Decode(mapping, httpOption)
 		if err != nil {
 			break
 		}
 		proxy = outbound.NewHttp(*httpOption)
 	case "vmess":
 		vmessOption := &outbound.VmessOption{
 			HTTPOpts: outbound.HTTPOptions{
 				Method: "GET",
 				Path:   []string{"/"},
 			},
 		}
 		err = decoder.Decode(mapping, vmessOption)
 		if err != nil {
 			break
 		}
 		proxy, err = outbound.NewVmess(*vmessOption)
 	case "vless":
 		vlessOption := &outbound.VlessOption{}
 		err = decoder.Decode(mapping, vlessOption)
 		if err != nil {
 			break
 		}
 		proxy, err = outbound.NewVless(*vlessOption)
 	case "snell":
 		snellOption := &outbound.SnellOption{}
 		err = decoder.Decode(mapping, snellOption)
 		if err != nil {
 			break
 		}
 		proxy, err = outbound.NewSnell(*snellOption)
 	case "trojan":
 		trojanOption := &outbound.TrojanOption{}
 		err = decoder.Decode(mapping, trojanOption)
 		if err != nil {
 			break
 		}
 		proxy, err = outbound.NewTrojan(*trojanOption)
 	default:
 		return nil, fmt.Errorf("unsupport proxy type: %s", proxyType)
 	}
 	if err != nil {
 		return nil, err
 	}
 	return NewProxy(proxy), nil
 }
--- a/adapter/provider/fetcher.go
+++ b/adapter/provider/fetcher.go
@ -0,0 +1,185 @@
 package provider
 import (
 	"bytes"
 	"crypto/md5"
 	"os"
 	"path/filepath"
 	"time"
 	types "github.com/Dreamacro/clash/constant/provider"
 	"github.com/Dreamacro/clash/log"
 )
 var (
 	fileMode os.FileMode = 0o666
 	dirMode  os.FileMode = 0o755
 )
 type parser = func([]byte) (any, error)
 type fetcher struct {
 	name      string
 	vehicle   types.Vehicle
 	updatedAt *time.Time
 	ticker    *time.Ticker
 	done      chan struct{}
 	hash      [16]byte
 	parser    parser
 	onUpdate  func(any)
 }
 func (f *fetcher) Name() string {
 	return f.name
 }
 func (f *fetcher) VehicleType() types.VehicleType {
 	return f.vehicle.Type()
 }
 func (f *fetcher) Initial() (any, error) {
 	var (
 		buf     []byte
 		err     error
 		isLocal bool
 	)
 	if stat, fErr := os.Stat(f.vehicle.Path()); fErr == nil {
 		buf, err = os.ReadFile(f.vehicle.Path())
 		modTime := stat.ModTime()
 		f.updatedAt = &modTime
 		isLocal = true
 	} else {
 		buf, err = f.vehicle.Read()
 	}
 	if err != nil {
 		return nil, err
 	}
 	proxies, err := f.parser(buf)
 	if err != nil {
 		if !isLocal {
 			return nil, err
 		}
 		// parse local file error, fallback to remote
 		buf, err = f.vehicle.Read()
 		if err != nil {
 			return nil, err
 		}
 		proxies, err = f.parser(buf)
 		if err != nil {
 			return nil, err
 		}
 		isLocal = false
 	}
 	if f.vehicle.Type() != types.File && !isLocal {
 		if err := safeWrite(f.vehicle.Path(), buf); err != nil {
 			return nil, err
 		}
 	}
 	f.hash = md5.Sum(buf)
 	// pull proxies automatically
 	if f.ticker != nil {
 		go f.pullLoop()
 	}
 	return proxies, nil
 }
 func (f *fetcher) Update() (any, bool, error) {
 	buf, err := f.vehicle.Read()
 	if err != nil {
 		return nil, false, err
 	}
 	now := time.Now()
 	hash := md5.Sum(buf)
 	if bytes.Equal(f.hash[:], hash[:]) {
 		f.updatedAt = &now
 		os.Chtimes(f.vehicle.Path(), now, now)
 		return nil, true, nil
 	}
 	proxies, err := f.parser(buf)
 	if err != nil {
 		return nil, false, err
 	}
 	if f.vehicle.Type() != types.File {
 		if err := safeWrite(f.vehicle.Path(), buf); err != nil {
 			return nil, false, err
 		}
 	}
 	f.updatedAt = &now
 	f.hash = hash
 	return proxies, false, nil
 }
 func (f *fetcher) Destroy() error {
 	if f.ticker != nil {
 		f.done <- struct{}{}
 	}
 	return nil
 }
 func (f *fetcher) pullLoop() {
 	for {
 		select {
 		case <-f.ticker.C:
 			elm, same, err := f.Update()
 			if err != nil {
 				log.Warnln("[Provider] %s pull error: %s", f.Name(), err.Error())
 				continue
 			}
 			if same {
 				log.Debugln("[Provider] %s's proxies doesn't change", f.Name())
 				continue
 			}
 			log.Infoln("[Provider] %s's proxies update", f.Name())
 			if f.onUpdate != nil {
 				f.onUpdate(elm)
 			}
 		case <-f.done:
 			f.ticker.Stop()
 			return
 		}
 	}
 }
 func safeWrite(path string, buf []byte) error {
 	dir := filepath.Dir(path)
 	if _, err := os.Stat(dir); os.IsNotExist(err) {
 		if err := os.MkdirAll(dir, dirMode); err != nil {
 			return err
 		}
 	}
 	return os.WriteFile(path, buf, fileMode)
 }
 func newFetcher(name string, interval time.Duration, vehicle types.Vehicle, parser parser, onUpdate func(any)) *fetcher {
 	var ticker *time.Ticker
 	if interval != 0 {
 		ticker = time.NewTicker(interval)
 	}
 	return &fetcher{
 		name:     name,
 		ticker:   ticker,
 		vehicle:  vehicle,
 		parser:   parser,
 		done:     make(chan struct{}, 1),
 		onUpdate: onUpdate,
 	}
 }
--- a/adapter/provider/healthcheck.go
+++ b/adapter/provider/healthcheck.go
@ -0,0 +1,94 @@
 package provider
 import (
 	"context"
 	"time"
 	"github.com/Dreamacro/clash/common/batch"
 	C "github.com/Dreamacro/clash/constant"
 	"go.uber.org/atomic"
 )
 const (
 	defaultURLTestTimeout = time.Second * 5
 )
 type HealthCheckOption struct {
 	URL      string
 	Interval uint
 }
 type HealthCheck struct {
 	url       string
 	proxies   []C.Proxy
 	interval  uint
 	lazy      bool
 	lastTouch *atomic.Int64
 	done      chan struct{}
 }
 func (hc *HealthCheck) process() {
 	ticker := time.NewTicker(time.Duration(hc.interval) * time.Second)
 	go func() {
 		t := time.NewTicker(30 * time.Second)
 		<-t.C
 		t.Stop()
 		hc.check()
 	}()
 	for {
 		select {
 		case <-ticker.C:
 			now := time.Now().Unix()
 			if !hc.lazy || now-hc.lastTouch.Load() < int64(hc.interval) {
 				hc.check()
 			}
 		case <-hc.done:
 			ticker.Stop()
 			return
 		}
 	}
 }
 func (hc *HealthCheck) setProxy(proxies []C.Proxy) {
 	hc.proxies = proxies
 }
 func (hc *HealthCheck) auto() bool {
 	return hc.interval != 0
 }
 func (hc *HealthCheck) touch() {
 	hc.lastTouch.Store(time.Now().Unix())
 }
 func (hc *HealthCheck) check() {
 	b, _ := batch.New[bool](context.Background(), batch.WithConcurrencyNum[bool](10))
 	for _, proxy := range hc.proxies {
 		p := proxy
 		b.Go(p.Name(), func() (bool, error) {
 			ctx, cancel := context.WithTimeout(context.Background(), defaultURLTestTimeout)
 			defer cancel()
 			_, _ = p.URLTest(ctx, hc.url)
 			return false, nil
 		})
 	}
 	b.Wait()
 }
 func (hc *HealthCheck) close() {
 	hc.done <- struct{}{}
 }
 func NewHealthCheck(proxies []C.Proxy, url string, interval uint, lazy bool) *HealthCheck {
 	return &HealthCheck{
 		proxies:   proxies,
 		url:       url,
 		interval:  interval,
 		lazy:      lazy,
 		lastTouch: atomic.NewInt64(0),
 		done:      make(chan struct{}, 1),
 	}
 }
--- a/adapters/provider/parser.go
+++ b/adapters/provider/parser.go
@ -7,16 +7,16 @@ import (
 	"github.com/Dreamacro/clash/common/structure"
 	C "github.com/Dreamacro/clash/constant"
 	types "github.com/Dreamacro/clash/constant/provider"
 )
-var (
+var errVehicleType = errors.New("unsupport vehicle type")
 	errVehicleType = errors.New("unsupport vehicle type")
 )
 type healthCheckSchema struct {
 	Enable   bool   `provider:"enable"`
 	URL      string `provider:"url"`
 	Interval int    `provider:"interval"`
 	Lazy     bool   `provider:"lazy,omitempty"`
 }
 type proxyProviderSchema struct {
@ -24,26 +24,31 @@ type proxyProviderSchema struct {
 	Path        string            `provider:"path"`
 	URL         string            `provider:"url,omitempty"`
 	Interval    int               `provider:"interval,omitempty"`
 	Filter      string            `provider:"filter,omitempty"`
 	HealthCheck healthCheckSchema `provider:"health-check,omitempty"`
 }
-func ParseProxyProvider(name string, mapping map[string]interface{}) (ProxyProvider, error) {
+func ParseProxyProvider(name string, mapping map[string]any) (types.ProxyProvider, error) {
 	decoder := structure.NewDecoder(structure.Option{TagName: "provider", WeaklyTypedInput: true})
-	schema := &proxyProviderSchema{}
+	schema := &proxyProviderSchema{
 		HealthCheck: healthCheckSchema{
 			Lazy: true,
 		},
 	}
 	if err := decoder.Decode(mapping, schema); err != nil {
 		return nil, err
 	}
-	var hcInterval uint = 0
+	var hcInterval uint
 	if schema.HealthCheck.Enable {
 		hcInterval = uint(schema.HealthCheck.Interval)
 	}
-	hc := NewHealthCheck([]C.Proxy{}, schema.HealthCheck.URL, hcInterval)
+	hc := NewHealthCheck([]C.Proxy{}, schema.HealthCheck.URL, hcInterval, schema.HealthCheck.Lazy)
 	path := C.Path.Resolve(schema.Path)
-	var vehicle Vehicle
+	var vehicle types.Vehicle
 	switch schema.Type {
 	case "file":
 		vehicle = NewFileVehicle(path)
@ -54,5 +59,6 @@ func ParseProxyProvider(name string, mapping map[string]interface{}) (ProxyProvi
 	}
 	interval := time.Duration(uint(schema.Interval)) * time.Second
-	return NewProxySetProvider(name, interval, vehicle, hc), nil
+	filter := schema.Filter
 	return NewProxySetProvider(name, interval, filter, vehicle, hc)
 }
--- a/adapters/provider/provider.go
+++ b/adapters/provider/provider.go
@ -4,11 +4,13 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"regexp"
 	"runtime"
 	"time"
-	"github.com/Dreamacro/clash/adapters/outbound"
+	"github.com/Dreamacro/clash/adapter"
 	C "github.com/Dreamacro/clash/constant"
 	types "github.com/Dreamacro/clash/constant/provider"
 	"gopkg.in/yaml.v2"
 )
@ -17,44 +19,8 @@ const (
 	ReservedName = "default"
 )
 // Provider Type
 const (
 	Proxy ProviderType = iota
 	Rule
 )
 // ProviderType defined
 type ProviderType int
 func (pt ProviderType) String() string {
 	switch pt {
 	case Proxy:
 		return "Proxy"
 	case Rule:
 		return "Rule"
 	default:
 		return "Unknown"
 	}
 }
 // Provider interface
 type Provider interface {
 	Name() string
 	VehicleType() VehicleType
 	Type() ProviderType
 	Initial() error
 	Update() error
 }
 // ProxyProvider interface
 type ProxyProvider interface {
 	Provider
 	Proxies() []C.Proxy
 	HealthCheck()
 }
 type ProxySchema struct {
-	Proxies []map[string]interface{} `yaml:"proxies"`
+	Proxies []map[string]any `yaml:"proxies"`
 }
 // for auto gc
@ -69,7 +35,7 @@ type proxySetProvider struct {
 }
 func (pp *proxySetProvider) MarshalJSON() ([]byte, error) {
-	return json.Marshal(map[string]interface{}{
+	return json.Marshal(map[string]any{
 		"name":        pp.Name(),
 		"type":        pp.Type().String(),
 		"vehicleType": pp.VehicleType().String(),
@ -104,45 +70,25 @@ func (pp *proxySetProvider) Initial() error {
 	return nil
 }
-func (pp *proxySetProvider) Type() ProviderType {
+func (pp *proxySetProvider) Type() types.ProviderType {
-	return Proxy
+	return types.Proxy
 }
 func (pp *proxySetProvider) Proxies() []C.Proxy {
 	return pp.proxies
 }
-func proxiesParse(buf []byte) (interface{}, error) {
+func (pp *proxySetProvider) ProxiesWithTouch() []C.Proxy {
-	schema := &ProxySchema{}
+	pp.healthCheck.touch()
-
+	return pp.Proxies()
 	if err := yaml.Unmarshal(buf, schema); err != nil {
 		return nil, err
 	}
 	if schema.Proxies == nil {
 		return nil, errors.New("File must have a `proxies` field")
 	}
 	proxies := []C.Proxy{}
 	for idx, mapping := range schema.Proxies {
 		proxy, err := outbound.ParseProxy(mapping)
 		if err != nil {
 			return nil, fmt.Errorf("Proxy %d error: %w", idx, err)
 		}
 		proxies = append(proxies, proxy)
 	}
 	if len(proxies) == 0 {
 		return nil, errors.New("File doesn't have any valid proxy")
 	}
 	return proxies, nil
 }
 func (pp *proxySetProvider) setProxies(proxies []C.Proxy) {
 	pp.proxies = proxies
 	pp.healthCheck.setProxy(proxies)
-	go pp.healthCheck.check()
+	if pp.healthCheck.auto() {
 		go pp.healthCheck.check()
 	}
 }
 func stopProxyProvider(pd *ProxySetProvider) {
@ -150,7 +96,12 @@ func stopProxyProvider(pd *ProxySetProvider) {
 	pd.fetcher.Destroy()
 }
-func NewProxySetProvider(name string, interval time.Duration, vehicle Vehicle, hc *HealthCheck) *ProxySetProvider {
+func NewProxySetProvider(name string, interval time.Duration, filter string, vehicle types.Vehicle, hc *HealthCheck) (*ProxySetProvider, error) {
 	filterReg, err := regexp.Compile(filter)
 	if err != nil {
 		return nil, fmt.Errorf("invalid filter regex: %w", err)
 	}
 	if hc.auto() {
 		go hc.process()
 	}
@ -160,17 +111,50 @@ func NewProxySetProvider(name string, interval time.Duration, vehicle Vehicle, h
 		healthCheck: hc,
 	}
-	onUpdate := func(elm interface{}) {
+	onUpdate := func(elm any) {
 		ret := elm.([]C.Proxy)
 		pd.setProxies(ret)
 	}
-	fetcher := newFetcher(name, interval, vehicle, proxiesParse, onUpdate)
+	proxiesParseAndFilter := func(buf []byte) (any, error) {
 		schema := &ProxySchema{}
 		if err := yaml.Unmarshal(buf, schema); err != nil {
 			return nil, err
 		}
 		if schema.Proxies == nil {
 			return nil, errors.New("file must have a `proxies` field")
 		}
 		proxies := []C.Proxy{}
 		for idx, mapping := range schema.Proxies {
 			if name, ok := mapping["name"]; ok && len(filter) > 0 && !filterReg.MatchString(name.(string)) {
 				continue
 			}
 			proxy, err := adapter.ParseProxy(mapping)
 			if err != nil {
 				return nil, fmt.Errorf("proxy %d error: %w", idx, err)
 			}
 			proxies = append(proxies, proxy)
 		}
 		if len(proxies) == 0 {
 			if len(filter) > 0 {
 				return nil, errors.New("doesn't match any proxy, please check your filter")
 			}
 			return nil, errors.New("file doesn't have any proxy")
 		}
 		return proxies, nil
 	}
 	fetcher := newFetcher(name, interval, vehicle, proxiesParseAndFilter, onUpdate)
 	pd.fetcher = fetcher
 	wrapper := &ProxySetProvider{pd}
 	runtime.SetFinalizer(wrapper, stopProxyProvider)
-	return wrapper
+	return wrapper, nil
 }
 // for auto gc
@ -185,7 +169,7 @@ type compatibleProvider struct {
 }
 func (cp *compatibleProvider) MarshalJSON() ([]byte, error) {
-	return json.Marshal(map[string]interface{}{
+	return json.Marshal(map[string]any{
 		"name":        cp.Name(),
 		"type":        cp.Type().String(),
 		"vehicleType": cp.VehicleType().String(),
@ -209,25 +193,30 @@ func (cp *compatibleProvider) Initial() error {
 	return nil
 }
-func (cp *compatibleProvider) VehicleType() VehicleType {
+func (cp *compatibleProvider) VehicleType() types.VehicleType {
-	return Compatible
+	return types.Compatible
 }
-func (cp *compatibleProvider) Type() ProviderType {
+func (cp *compatibleProvider) Type() types.ProviderType {
-	return Proxy
+	return types.Proxy
 }
 func (cp *compatibleProvider) Proxies() []C.Proxy {
 	return cp.proxies
 }
 func (cp *compatibleProvider) ProxiesWithTouch() []C.Proxy {
 	cp.healthCheck.touch()
 	return cp.Proxies()
 }
 func stopCompatibleProvider(pd *CompatibleProvider) {
 	pd.healthCheck.close()
 }
 func NewCompatibleProvider(name string, proxies []C.Proxy, hc *HealthCheck) (*CompatibleProvider, error) {
 	if len(proxies) == 0 {
-		return nil, errors.New("Provider need one proxy at least")
+		return nil, errors.New("provider need one proxy at least")
 	}
 	if hc.auto() {
--- a/adapters/provider/vehicle.go
+++ b/adapters/provider/vehicle.go
@ -2,49 +2,23 @@ package provider
 import (
 	"context"
-	"io/ioutil"
+	"io"
 	"net"
 	"net/http"
 	"net/url"
 	"os"
 	"time"
 	"github.com/Dreamacro/clash/component/dialer"
 	types "github.com/Dreamacro/clash/constant/provider"
 )
 // Vehicle Type
 const (
 	File VehicleType = iota
 	HTTP
 	Compatible
 )
 // VehicleType defined
 type VehicleType int
 func (v VehicleType) String() string {
 	switch v {
 	case File:
 		return "File"
 	case HTTP:
 		return "HTTP"
 	case Compatible:
 		return "Compatible"
 	default:
 		return "Unknown"
 	}
 }
 type Vehicle interface {
 	Read() ([]byte, error)
 	Path() string
 	Type() VehicleType
 }
 type FileVehicle struct {
 	path string
 }
-func (f *FileVehicle) Type() VehicleType {
+func (f *FileVehicle) Type() types.VehicleType {
-	return File
+	return types.File
 }
 func (f *FileVehicle) Path() string {
@ -52,7 +26,7 @@ func (f *FileVehicle) Path() string {
 }
 func (f *FileVehicle) Read() ([]byte, error) {
-	return ioutil.ReadFile(f.path)
+	return os.ReadFile(f.path)
 }
 func NewFileVehicle(path string) *FileVehicle {
@ -64,8 +38,8 @@ type HTTPVehicle struct {
 	path string
 }
-func (h *HTTPVehicle) Type() VehicleType {
+func (h *HTTPVehicle) Type() types.VehicleType {
-	return HTTP
+	return types.HTTP
 }
 func (h *HTTPVehicle) Path() string {
@ -99,7 +73,9 @@ func (h *HTTPVehicle) Read() ([]byte, error) {
 		IdleConnTimeout:       90 * time.Second,
 		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
-		DialContext:           dialer.DialContext,
+		DialContext: func(ctx context.Context, network, address string) (net.Conn, error) {
 			return dialer.DialContext(ctx, network, address)
 		},
 	}
 	client := http.Client{Transport: transport}
@ -107,8 +83,9 @@ func (h *HTTPVehicle) Read() ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
 	defer resp.Body.Close()
-	buf, err := ioutil.ReadAll(resp.Body)
+	buf, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/adapters/inbound/http.go
+++ b/adapters/inbound/http.go
@ -1,60 +0,0 @@
 package inbound
 import (
 	"net"
 	"net/http"
 	"strings"
 	C "github.com/Dreamacro/clash/constant"
 )
 // HTTPAdapter is a adapter for HTTP connection
 type HTTPAdapter struct {
 	net.Conn
 	metadata *C.Metadata
 	R        *http.Request
 }
 // Metadata return destination metadata
 func (h *HTTPAdapter) Metadata() *C.Metadata {
 	return h.metadata
 }
 // NewHTTP is HTTPAdapter generator
 func NewHTTP(request *http.Request, conn net.Conn) *HTTPAdapter {
 	metadata := parseHTTPAddr(request)
 	metadata.Type = C.HTTP
 	if ip, port, err := parseAddr(conn.RemoteAddr().String()); err == nil {
 		metadata.SrcIP = ip
 		metadata.SrcPort = port
 	}
 	return &HTTPAdapter{
 		metadata: metadata,
 		R:        request,
 		Conn:     conn,
 	}
 }
 // RemoveHopByHopHeaders remove hop-by-hop header
 func RemoveHopByHopHeaders(header http.Header) {
 	// Strip hop-by-hop header based on RFC:
 	// http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.5.1
 	// https://www.mnot.net/blog/2011/07/11/what_proxies_must_do
 	header.Del("Proxy-Connection")
 	header.Del("Proxy-Authenticate")
 	header.Del("Proxy-Authorization")
 	header.Del("TE")
 	header.Del("Trailers")
 	header.Del("Transfer-Encoding")
 	header.Del("Upgrade")
 	connections := header.Get("Connection")
 	header.Del("Connection")
 	if len(connections) == 0 {
 		return
 	}
 	for _, h := range strings.Split(connections, ",") {
 		header.Del(strings.TrimSpace(h))
 	}
 }
--- a/adapters/inbound/socket.go
+++ b/adapters/inbound/socket.go
@ -1,35 +0,0 @@
 package inbound
 import (
 	"net"
 	"github.com/Dreamacro/clash/component/socks5"
 	C "github.com/Dreamacro/clash/constant"
 )
 // SocketAdapter is a adapter for socks and redir connection
 type SocketAdapter struct {
 	net.Conn
 	metadata *C.Metadata
 }
 // Metadata return destination metadata
 func (s *SocketAdapter) Metadata() *C.Metadata {
 	return s.metadata
 }
 // NewSocket is SocketAdapter generator
 func NewSocket(target socks5.Addr, conn net.Conn, source C.Type) *SocketAdapter {
 	metadata := parseSocksAddr(target)
 	metadata.NetWork = C.TCP
 	metadata.Type = source
 	if ip, port, err := parseAddr(conn.RemoteAddr().String()); err == nil {
 		metadata.SrcIP = ip
 		metadata.SrcPort = port
 	}
 	return &SocketAdapter{
 		Conn:     conn,
 		metadata: metadata,
 	}
 }
--- a/adapters/outbound/base.go
+++ b/adapters/outbound/base.go
@ -1,227 +0,0 @@
 package outbound
 import (
 	"context"
 	"encoding/json"
 	"errors"
 	"net"
 	"net/http"
 	"time"
 	"github.com/Dreamacro/clash/common/queue"
 	C "github.com/Dreamacro/clash/constant"
 )
 var (
 	defaultURLTestTimeout = time.Second * 5
 )
 type Base struct {
 	name string
 	addr string
 	tp   C.AdapterType
 	udp  bool
 }
 func (b *Base) Name() string {
 	return b.name
 }
 func (b *Base) Type() C.AdapterType {
 	return b.tp
 }
 func (b *Base) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	return c, errors.New("no support")
 }
 func (b *Base) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	return nil, errors.New("no support")
 }
 func (b *Base) SupportUDP() bool {
 	return b.udp
 }
 func (b *Base) MarshalJSON() ([]byte, error) {
 	return json.Marshal(map[string]string{
 		"type": b.Type().String(),
 	})
 }
 func (b *Base) Addr() string {
 	return b.addr
 }
 func (b *Base) Unwrap(metadata *C.Metadata) C.Proxy {
 	return nil
 }
 func NewBase(name string, addr string, tp C.AdapterType, udp bool) *Base {
 	return &Base{name, addr, tp, udp}
 }
 type conn struct {
 	net.Conn
 	chain C.Chain
 }
 func (c *conn) Chains() C.Chain {
 	return c.chain
 }
 func (c *conn) AppendToChains(a C.ProxyAdapter) {
 	c.chain = append(c.chain, a.Name())
 }
 func NewConn(c net.Conn, a C.ProxyAdapter) C.Conn {
 	return &conn{c, []string{a.Name()}}
 }
 type PacketConn interface {
 	net.PacketConn
 	WriteWithMetadata(p []byte, metadata *C.Metadata) (n int, err error)
 }
 type packetConn struct {
 	PacketConn
 	chain C.Chain
 }
 func (c *packetConn) Chains() C.Chain {
 	return c.chain
 }
 func (c *packetConn) AppendToChains(a C.ProxyAdapter) {
 	c.chain = append(c.chain, a.Name())
 }
 func newPacketConn(pc PacketConn, a C.ProxyAdapter) C.PacketConn {
 	return &packetConn{pc, []string{a.Name()}}
 }
 type Proxy struct {
 	C.ProxyAdapter
 	history *queue.Queue
 	alive   bool
 }
 func (p *Proxy) Alive() bool {
 	return p.alive
 }
 func (p *Proxy) Dial(metadata *C.Metadata) (C.Conn, error) {
 	ctx, cancel := context.WithTimeout(context.Background(), tcpTimeout)
 	defer cancel()
 	return p.DialContext(ctx, metadata)
 }
 func (p *Proxy) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
 	conn, err := p.ProxyAdapter.DialContext(ctx, metadata)
 	if err != nil {
 		p.alive = false
 	}
 	return conn, err
 }
 func (p *Proxy) DelayHistory() []C.DelayHistory {
 	queue := p.history.Copy()
 	histories := []C.DelayHistory{}
 	for _, item := range queue {
 		histories = append(histories, item.(C.DelayHistory))
 	}
 	return histories
 }
 // LastDelay return last history record. if proxy is not alive, return the max value of uint16.
 func (p *Proxy) LastDelay() (delay uint16) {
 	var max uint16 = 0xffff
 	if !p.alive {
 		return max
 	}
 	last := p.history.Last()
 	if last == nil {
 		return max
 	}
 	history := last.(C.DelayHistory)
 	if history.Delay == 0 {
 		return max
 	}
 	return history.Delay
 }
 func (p *Proxy) MarshalJSON() ([]byte, error) {
 	inner, err := p.ProxyAdapter.MarshalJSON()
 	if err != nil {
 		return inner, err
 	}
 	mapping := map[string]interface{}{}
 	json.Unmarshal(inner, &mapping)
 	mapping["history"] = p.DelayHistory()
 	mapping["name"] = p.Name()
 	return json.Marshal(mapping)
 }
 // URLTest get the delay for the specified URL
 func (p *Proxy) URLTest(ctx context.Context, url string) (t uint16, err error) {
 	defer func() {
 		p.alive = err == nil
 		record := C.DelayHistory{Time: time.Now()}
 		if err == nil {
 			record.Delay = t
 		}
 		p.history.Put(record)
 		if p.history.Len() > 10 {
 			p.history.Pop()
 		}
 	}()
 	addr, err := urlToMetadata(url)
 	if err != nil {
 		return
 	}
 	start := time.Now()
 	instance, err := p.DialContext(ctx, &addr)
 	if err != nil {
 		return
 	}
 	defer instance.Close()
 	req, err := http.NewRequest(http.MethodHead, url, nil)
 	if err != nil {
 		return
 	}
 	req = req.WithContext(ctx)
 	transport := &http.Transport{
 		Dial: func(string, string) (net.Conn, error) {
 			return instance, nil
 		},
 		// from http.DefaultTransport
 		MaxIdleConns:          100,
 		IdleConnTimeout:       90 * time.Second,
 		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
 	}
 	client := http.Client{
 		Transport: transport,
 		CheckRedirect: func(req *http.Request, via []*http.Request) error {
 			return http.ErrUseLastResponse
 		},
 	}
 	resp, err := client.Do(req)
 	if err != nil {
 		return
 	}
 	resp.Body.Close()
 	t = uint16(time.Since(start) / time.Millisecond)
 	return
 }
 func NewProxy(adapter C.ProxyAdapter) *Proxy {
 	return &Proxy{adapter, queue.New(10), true}
 }
--- a/adapters/outbound/direct.go
+++ b/adapters/outbound/direct.go
@ -1,58 +0,0 @@
 package outbound
 import (
 	"context"
 	"net"
 	"github.com/Dreamacro/clash/component/dialer"
 	"github.com/Dreamacro/clash/component/resolver"
 	C "github.com/Dreamacro/clash/constant"
 )
 type Direct struct {
 	*Base
 }
 func (d *Direct) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
 	address := net.JoinHostPort(metadata.String(), metadata.DstPort)
 	c, err := dialer.DialContext(ctx, "tcp", address)
 	if err != nil {
 		return nil, err
 	}
 	tcpKeepAlive(c)
 	return NewConn(c, d), nil
 }
 func (d *Direct) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	pc, err := dialer.ListenPacket("udp", "")
 	if err != nil {
 		return nil, err
 	}
 	return newPacketConn(&directPacketConn{pc}, d), nil
 }
 type directPacketConn struct {
 	net.PacketConn
 }
 func (dp *directPacketConn) WriteWithMetadata(p []byte, metadata *C.Metadata) (n int, err error) {
 	if !metadata.Resolved() {
 		ip, err := resolver.ResolveIP(metadata.Host)
 		if err != nil {
 			return 0, err
 		}
 		metadata.DstIP = ip
 	}
 	return dp.WriteTo(p, metadata.UDPAddr())
 }
 func NewDirect() *Direct {
 	return &Direct{
 		Base: &Base{
 			name: "DIRECT",
 			tp:   C.Direct,
 			udp:  true,
 		},
 	}
 }
--- a/adapters/outbound/parser.go
+++ b/adapters/outbound/parser.go
@ -1,76 +0,0 @@
 package outbound
 import (
 	"fmt"
 	"github.com/Dreamacro/clash/common/structure"
 	C "github.com/Dreamacro/clash/constant"
 )
 func ParseProxy(mapping map[string]interface{}) (C.Proxy, error) {
 	decoder := structure.NewDecoder(structure.Option{TagName: "proxy", WeaklyTypedInput: true})
 	proxyType, existType := mapping["type"].(string)
 	if !existType {
 		return nil, fmt.Errorf("Missing type")
 	}
 	var proxy C.ProxyAdapter
 	err := fmt.Errorf("Cannot parse")
 	switch proxyType {
 	case "ss":
 		ssOption := &ShadowSocksOption{}
 		err = decoder.Decode(mapping, ssOption)
 		if err != nil {
 			break
 		}
 		proxy, err = NewShadowSocks(*ssOption)
 	case "socks5":
 		socksOption := &Socks5Option{}
 		err = decoder.Decode(mapping, socksOption)
 		if err != nil {
 			break
 		}
 		proxy = NewSocks5(*socksOption)
 	case "http":
 		httpOption := &HttpOption{}
 		err = decoder.Decode(mapping, httpOption)
 		if err != nil {
 			break
 		}
 		proxy = NewHttp(*httpOption)
 	case "vmess":
 		vmessOption := &VmessOption{
 			HTTPOpts: HTTPOptions{
 				Method: "GET",
 				Path:   []string{"/"},
 			},
 		}
 		err = decoder.Decode(mapping, vmessOption)
 		if err != nil {
 			break
 		}
 		proxy, err = NewVmess(*vmessOption)
 	case "snell":
 		snellOption := &SnellOption{}
 		err = decoder.Decode(mapping, snellOption)
 		if err != nil {
 			break
 		}
 		proxy, err = NewSnell(*snellOption)
 	case "trojan":
 		trojanOption := &TrojanOption{}
 		err = decoder.Decode(mapping, trojanOption)
 		if err != nil {
 			break
 		}
 		proxy, err = NewTrojan(*trojanOption)
 	default:
 		return nil, fmt.Errorf("Unsupport proxy type: %s", proxyType)
 	}
 	if err != nil {
 		return nil, err
 	}
 	return NewProxy(proxy), nil
 }
--- a/adapters/outbound/reject.go
+++ b/adapters/outbound/reject.go
@ -1,61 +0,0 @@
 package outbound
 import (
 	"context"
 	"errors"
 	"io"
 	"net"
 	"time"
 	C "github.com/Dreamacro/clash/constant"
 )
 type Reject struct {
 	*Base
 }
 func (r *Reject) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
 	return NewConn(&NopConn{}, r), nil
 }
 func (r *Reject) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	return nil, errors.New("match reject rule")
 }
 func NewReject() *Reject {
 	return &Reject{
 		Base: &Base{
 			name: "REJECT",
 			tp:   C.Reject,
 			udp:  true,
 		},
 	}
 }
 type NopConn struct{}
 func (rw *NopConn) Read(b []byte) (int, error) {
 	return 0, io.EOF
 }
 func (rw *NopConn) Write(b []byte) (int, error) {
 	return 0, io.EOF
 }
 // Close is fake function for net.Conn
 func (rw *NopConn) Close() error { return nil }
 // LocalAddr is fake function for net.Conn
 func (rw *NopConn) LocalAddr() net.Addr { return nil }
 // RemoteAddr is fake function for net.Conn
 func (rw *NopConn) RemoteAddr() net.Addr { return nil }
 // SetDeadline is fake function for net.Conn
 func (rw *NopConn) SetDeadline(time.Time) error { return nil }
 // SetReadDeadline is fake function for net.Conn
 func (rw *NopConn) SetReadDeadline(time.Time) error { return nil }
 // SetWriteDeadline is fake function for net.Conn
 func (rw *NopConn) SetWriteDeadline(time.Time) error { return nil }
--- a/adapters/outbound/snell.go
+++ b/adapters/outbound/snell.go
@ -1,78 +0,0 @@
 package outbound
 import (
 	"context"
 	"fmt"
 	"net"
 	"strconv"
 	"github.com/Dreamacro/clash/common/structure"
 	"github.com/Dreamacro/clash/component/dialer"
 	obfs "github.com/Dreamacro/clash/component/simple-obfs"
 	"github.com/Dreamacro/clash/component/snell"
 	C "github.com/Dreamacro/clash/constant"
 )
 type Snell struct {
 	*Base
 	psk        []byte
 	obfsOption *simpleObfsOption
 }
 type SnellOption struct {
 	Name     string                 `proxy:"name"`
 	Server   string                 `proxy:"server"`
 	Port     int                    `proxy:"port"`
 	Psk      string                 `proxy:"psk"`
 	ObfsOpts map[string]interface{} `proxy:"obfs-opts,omitempty"`
 }
 func (s *Snell) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	switch s.obfsOption.Mode {
 	case "tls":
 		c = obfs.NewTLSObfs(c, s.obfsOption.Host)
 	case "http":
 		_, port, _ := net.SplitHostPort(s.addr)
 		c = obfs.NewHTTPObfs(c, s.obfsOption.Host, port)
 	}
 	c = snell.StreamConn(c, s.psk)
 	port, _ := strconv.Atoi(metadata.DstPort)
 	err := snell.WriteHeader(c, metadata.String(), uint(port))
 	return c, err
 }
 func (s *Snell) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
 	c, err := dialer.DialContext(ctx, "tcp", s.addr)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", s.addr, err)
 	}
 	tcpKeepAlive(c)
 	c, err = s.StreamConn(c, metadata)
 	return NewConn(c, s), err
 }
 func NewSnell(option SnellOption) (*Snell, error) {
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
 	psk := []byte(option.Psk)
 	decoder := structure.NewDecoder(structure.Option{TagName: "obfs", WeaklyTypedInput: true})
 	obfsOption := &simpleObfsOption{Host: "bing.com"}
 	if err := decoder.Decode(option.ObfsOpts, obfsOption); err != nil {
 		return nil, fmt.Errorf("snell %s initialize obfs error: %w", addr, err)
 	}
 	if obfsOption.Mode != "tls" && obfsOption.Mode != "http" {
 		return nil, fmt.Errorf("snell %s obfs mode error: %s", addr, obfsOption.Mode)
 	}
 	return &Snell{
 		Base: &Base{
 			name: option.Name,
 			addr: addr,
 			tp:   C.Snell,
 		},
 		psk:        psk,
 		obfsOption: obfsOption,
 	}, nil
 }
--- a/adapters/outbound/trojan.go
+++ b/adapters/outbound/trojan.go
@ -1,116 +0,0 @@
 package outbound
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"net"
 	"strconv"
 	"github.com/Dreamacro/clash/component/dialer"
 	"github.com/Dreamacro/clash/component/trojan"
 	C "github.com/Dreamacro/clash/constant"
 )
 type Trojan struct {
 	*Base
 	instance *trojan.Trojan
 }
 type TrojanOption struct {
 	Name           string   `proxy:"name"`
 	Server         string   `proxy:"server"`
 	Port           int      `proxy:"port"`
 	Password       string   `proxy:"password"`
 	ALPN           []string `proxy:"alpn,omitempty"`
 	SNI            string   `proxy:"sni,omitempty"`
 	SkipCertVerify bool     `proxy:"skip-cert-verify,omitempty"`
 	UDP            bool     `proxy:"udp,omitempty"`
 }
 func (t *Trojan) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	c, err := t.instance.StreamConn(c)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 	}
 	err = t.instance.WriteHeader(c, trojan.CommandTCP, serializesSocksAddr(metadata))
 	return c, err
 }
 func (t *Trojan) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
 	c, err := dialer.DialContext(ctx, "tcp", t.addr)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 	}
 	tcpKeepAlive(c)
 	c, err = t.StreamConn(c, metadata)
 	if err != nil {
 		return nil, err
 	}
 	return NewConn(c, t), err
 }
 func (t *Trojan) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	ctx, cancel := context.WithTimeout(context.Background(), tcpTimeout)
 	defer cancel()
 	c, err := dialer.DialContext(ctx, "tcp", t.addr)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 	}
 	tcpKeepAlive(c)
 	c, err = t.instance.StreamConn(c)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 	}
 	err = t.instance.WriteHeader(c, trojan.CommandUDP, serializesSocksAddr(metadata))
 	if err != nil {
 		return nil, err
 	}
 	pc := t.instance.PacketConn(c)
 	return newPacketConn(&trojanPacketConn{pc, c}, t), err
 }
 func (t *Trojan) MarshalJSON() ([]byte, error) {
 	return json.Marshal(map[string]string{
 		"type": t.Type().String(),
 	})
 }
 func NewTrojan(option TrojanOption) (*Trojan, error) {
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
 	tOption := &trojan.Option{
 		Password:           option.Password,
 		ALPN:               option.ALPN,
 		ServerName:         option.Server,
 		SkipCertVerify:     option.SkipCertVerify,
 		ClientSessionCache: getClientSessionCache(),
 	}
 	if option.SNI != "" {
 		tOption.ServerName = option.SNI
 	}
 	return &Trojan{
 		Base: &Base{
 			name: option.Name,
 			addr: addr,
 			tp:   C.Trojan,
 			udp:  option.UDP,
 		},
 		instance: trojan.New(tOption),
 	}, nil
 }
 type trojanPacketConn struct {
 	net.PacketConn
 	conn net.Conn
 }
 func (tpc *trojanPacketConn) WriteWithMetadata(p []byte, metadata *C.Metadata) (n int, err error) {
 	return trojan.WritePacket(tpc.conn, serializesSocksAddr(metadata), p)
 }
--- a/adapters/outbound/util.go
+++ b/adapters/outbound/util.go
@ -1,100 +0,0 @@
 package outbound
 import (
 	"bytes"
 	"crypto/tls"
 	"fmt"
 	"net"
 	"net/url"
 	"strconv"
 	"sync"
 	"time"
 	"github.com/Dreamacro/clash/component/resolver"
 	"github.com/Dreamacro/clash/component/socks5"
 	C "github.com/Dreamacro/clash/constant"
 )
 const (
 	tcpTimeout = 5 * time.Second
 )
 var (
 	globalClientSessionCache tls.ClientSessionCache
 	once                     sync.Once
 )
 func urlToMetadata(rawURL string) (addr C.Metadata, err error) {
 	u, err := url.Parse(rawURL)
 	if err != nil {
 		return
 	}
 	port := u.Port()
 	if port == "" {
 		switch u.Scheme {
 		case "https":
 			port = "443"
 		case "http":
 			port = "80"
 		default:
 			err = fmt.Errorf("%s scheme not Support", rawURL)
 			return
 		}
 	}
 	addr = C.Metadata{
 		AddrType: C.AtypDomainName,
 		Host:     u.Hostname(),
 		DstIP:    nil,
 		DstPort:  port,
 	}
 	return
 }
 func tcpKeepAlive(c net.Conn) {
 	if tcp, ok := c.(*net.TCPConn); ok {
 		tcp.SetKeepAlive(true)
 		tcp.SetKeepAlivePeriod(30 * time.Second)
 	}
 }
 func getClientSessionCache() tls.ClientSessionCache {
 	once.Do(func() {
 		globalClientSessionCache = tls.NewLRUClientSessionCache(128)
 	})
 	return globalClientSessionCache
 }
 func serializesSocksAddr(metadata *C.Metadata) []byte {
 	var buf [][]byte
 	aType := uint8(metadata.AddrType)
 	p, _ := strconv.Atoi(metadata.DstPort)
 	port := []byte{uint8(p >> 8), uint8(p & 0xff)}
 	switch metadata.AddrType {
 	case socks5.AtypDomainName:
 		len := uint8(len(metadata.Host))
 		host := []byte(metadata.Host)
 		buf = [][]byte{{aType, len}, host, port}
 	case socks5.AtypIPv4:
 		host := metadata.DstIP.To4()
 		buf = [][]byte{{aType}, host, port}
 	case socks5.AtypIPv6:
 		host := metadata.DstIP.To16()
 		buf = [][]byte{{aType}, host, port}
 	}
 	return bytes.Join(buf, nil)
 }
 func resolveUDPAddr(network, address string) (*net.UDPAddr, error) {
 	host, port, err := net.SplitHostPort(address)
 	if err != nil {
 		return nil, err
 	}
 	ip, err := resolver.ResolveIP(host)
 	if err != nil {
 		return nil, err
 	}
 	return net.ResolveUDPAddr(network, net.JoinHostPort(ip.String(), port))
 }
--- a/adapters/outbound/vmess.go
+++ b/adapters/outbound/vmess.go
@ -1,205 +0,0 @@
 package outbound
 import (
 	"context"
 	"errors"
 	"fmt"
 	"net"
 	"net/http"
 	"strconv"
 	"strings"
 	"github.com/Dreamacro/clash/component/dialer"
 	"github.com/Dreamacro/clash/component/resolver"
 	"github.com/Dreamacro/clash/component/vmess"
 	C "github.com/Dreamacro/clash/constant"
 )
 type Vmess struct {
 	*Base
 	client *vmess.Client
 	option *VmessOption
 }
 type VmessOption struct {
 	Name           string            `proxy:"name"`
 	Server         string            `proxy:"server"`
 	Port           int               `proxy:"port"`
 	UUID           string            `proxy:"uuid"`
 	AlterID        int               `proxy:"alterId"`
 	Cipher         string            `proxy:"cipher"`
 	TLS            bool              `proxy:"tls,omitempty"`
 	UDP            bool              `proxy:"udp,omitempty"`
 	Network        string            `proxy:"network,omitempty"`
 	HTTPOpts       HTTPOptions       `proxy:"http-opts,omitempty"`
 	WSPath         string            `proxy:"ws-path,omitempty"`
 	WSHeaders      map[string]string `proxy:"ws-headers,omitempty"`
 	SkipCertVerify bool              `proxy:"skip-cert-verify,omitempty"`
 }
 type HTTPOptions struct {
 	Method  string              `proxy:"method,omitempty"`
 	Path    []string            `proxy:"path,omitempty"`
 	Headers map[string][]string `proxy:"headers,omitempty"`
 }
 func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	var err error
 	switch v.option.Network {
 	case "ws":
 		host, port, _ := net.SplitHostPort(v.addr)
 		wsOpts := &vmess.WebsocketConfig{
 			Host: host,
 			Port: port,
 			Path: v.option.WSPath,
 		}
 		if len(v.option.WSHeaders) != 0 {
 			header := http.Header{}
 			for key, value := range v.option.WSHeaders {
 				header.Add(key, value)
 			}
 			wsOpts.Headers = header
 		}
 		if v.option.TLS {
 			wsOpts.TLS = true
 			wsOpts.SessionCache = getClientSessionCache()
 			wsOpts.SkipCertVerify = v.option.SkipCertVerify
 		}
 		c, err = vmess.StreamWebsocketConn(c, wsOpts)
 	case "http":
 		host, _, _ := net.SplitHostPort(v.addr)
 		httpOpts := &vmess.HTTPConfig{
 			Host:    host,
 			Method:  v.option.HTTPOpts.Method,
 			Path:    v.option.HTTPOpts.Path,
 			Headers: v.option.HTTPOpts.Headers,
 		}
 		c = vmess.StreamHTTPConn(c, httpOpts)
 	default:
 		// handle TLS
 		if v.option.TLS {
 			host, _, _ := net.SplitHostPort(v.addr)
 			tlsOpts := &vmess.TLSConfig{
 				Host:           host,
 				SkipCertVerify: v.option.SkipCertVerify,
 				SessionCache:   getClientSessionCache(),
 			}
 			c, err = vmess.StreamTLSConn(c, tlsOpts)
 		}
 	}
 	if err != nil {
 		return nil, err
 	}
 	return v.client.StreamConn(c, parseVmessAddr(metadata))
 }
 func (v *Vmess) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
 	c, err := dialer.DialContext(ctx, "tcp", v.addr)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error", v.addr)
 	}
 	tcpKeepAlive(c)
 	c, err = v.StreamConn(c, metadata)
 	return NewConn(c, v), err
 }
 func (v *Vmess) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	// vmess use stream-oriented udp, so clash needs a net.UDPAddr
 	if !metadata.Resolved() {
 		ip, err := resolver.ResolveIP(metadata.Host)
 		if err != nil {
 			return nil, errors.New("can't resolve ip")
 		}
 		metadata.DstIP = ip
 	}
 	ctx, cancel := context.WithTimeout(context.Background(), tcpTimeout)
 	defer cancel()
 	c, err := dialer.DialContext(ctx, "tcp", v.addr)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error", v.addr)
 	}
 	tcpKeepAlive(c)
 	c, err = v.StreamConn(c, metadata)
 	if err != nil {
 		return nil, fmt.Errorf("new vmess client error: %v", err)
 	}
 	return newPacketConn(&vmessPacketConn{Conn: c, rAddr: metadata.UDPAddr()}, v), nil
 }
 func NewVmess(option VmessOption) (*Vmess, error) {
 	security := strings.ToLower(option.Cipher)
 	client, err := vmess.NewClient(vmess.Config{
 		UUID:     option.UUID,
 		AlterID:  uint16(option.AlterID),
 		Security: security,
 		HostName: option.Server,
 		Port:     strconv.Itoa(option.Port),
 	})
 	if err != nil {
 		return nil, err
 	}
 	return &Vmess{
 		Base: &Base{
 			name: option.Name,
 			addr: net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),
 			tp:   C.Vmess,
 			udp:  true,
 		},
 		client: client,
 		option: &option,
 	}, nil
 }
 func parseVmessAddr(metadata *C.Metadata) *vmess.DstAddr {
 	var addrType byte
 	var addr []byte
 	switch metadata.AddrType {
 	case C.AtypIPv4:
 		addrType = byte(vmess.AtypIPv4)
 		addr = make([]byte, net.IPv4len)
 		copy(addr[:], metadata.DstIP.To4())
 	case C.AtypIPv6:
 		addrType = byte(vmess.AtypIPv6)
 		addr = make([]byte, net.IPv6len)
 		copy(addr[:], metadata.DstIP.To16())
 	case C.AtypDomainName:
 		addrType = byte(vmess.AtypDomainName)
 		addr = make([]byte, len(metadata.Host)+1)
 		addr[0] = byte(len(metadata.Host))
 		copy(addr[1:], []byte(metadata.Host))
 	}
 	port, _ := strconv.Atoi(metadata.DstPort)
 	return &vmess.DstAddr{
 		UDP:      metadata.NetWork == C.UDP,
 		AddrType: addrType,
 		Addr:     addr,
 		Port:     uint(port),
 	}
 }
 type vmessPacketConn struct {
 	net.Conn
 	rAddr net.Addr
 }
 func (uc *vmessPacketConn) WriteTo(b []byte, addr net.Addr) (int, error) {
 	return uc.Conn.Write(b)
 }
 func (uc *vmessPacketConn) WriteWithMetadata(p []byte, metadata *C.Metadata) (n int, err error) {
 	return uc.Conn.Write(p)
 }
 func (uc *vmessPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
 	n, err := uc.Conn.Read(b)
 	return n, uc.rAddr, err
 }
--- a/adapters/outboundgroup/common.go
+++ b/adapters/outboundgroup/common.go
@ -1,20 +0,0 @@
 package outboundgroup
 import (
 	"time"
 	"github.com/Dreamacro/clash/adapters/provider"
 	C "github.com/Dreamacro/clash/constant"
 )
 const (
 	defaultGetProxiesDuration = time.Second * 5
 )
 func getProvidersProxies(providers []provider.ProxyProvider) []C.Proxy {
 	proxies := []C.Proxy{}
 	for _, provider := range providers {
 		proxies = append(proxies, provider.Proxies()...)
 	}
 	return proxies
 }
--- a/adapters/outboundgroup/fallback.go
+++ b/adapters/outboundgroup/fallback.go
@ -1,89 +0,0 @@
 package outboundgroup
 import (
 	"context"
 	"encoding/json"
 	"github.com/Dreamacro/clash/adapters/outbound"
 	"github.com/Dreamacro/clash/adapters/provider"
 	"github.com/Dreamacro/clash/common/singledo"
 	C "github.com/Dreamacro/clash/constant"
 )
 type Fallback struct {
 	*outbound.Base
 	single    *singledo.Single
 	providers []provider.ProxyProvider
 }
 func (f *Fallback) Now() string {
 	proxy := f.findAliveProxy()
 	return proxy.Name()
 }
 func (f *Fallback) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
 	proxy := f.findAliveProxy()
 	c, err := proxy.DialContext(ctx, metadata)
 	if err == nil {
 		c.AppendToChains(f)
 	}
 	return c, err
 }
 func (f *Fallback) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	proxy := f.findAliveProxy()
 	pc, err := proxy.DialUDP(metadata)
 	if err == nil {
 		pc.AppendToChains(f)
 	}
 	return pc, err
 }
 func (f *Fallback) SupportUDP() bool {
 	proxy := f.findAliveProxy()
 	return proxy.SupportUDP()
 }
 func (f *Fallback) MarshalJSON() ([]byte, error) {
 	var all []string
 	for _, proxy := range f.proxies() {
 		all = append(all, proxy.Name())
 	}
 	return json.Marshal(map[string]interface{}{
 		"type": f.Type().String(),
 		"now":  f.Now(),
 		"all":  all,
 	})
 }
 func (f *Fallback) Unwrap(metadata *C.Metadata) C.Proxy {
 	proxy := f.findAliveProxy()
 	return proxy
 }
 func (f *Fallback) proxies() []C.Proxy {
 	elm, _, _ := f.single.Do(func() (interface{}, error) {
 		return getProvidersProxies(f.providers), nil
 	})
 	return elm.([]C.Proxy)
 }
 func (f *Fallback) findAliveProxy() C.Proxy {
 	proxies := f.proxies()
 	for _, proxy := range proxies {
 		if proxy.Alive() {
 			return proxy
 		}
 	}
 	return f.proxies()[0]
 }
 func NewFallback(name string, providers []provider.ProxyProvider) *Fallback {
 	return &Fallback{
 		Base:      outbound.NewBase(name, "", C.Fallback, false),
 		single:    singledo.NewSingle(defaultGetProxiesDuration),
 		providers: providers,
 	}
 }
--- a/adapters/outboundgroup/loadbalance.go
+++ b/adapters/outboundgroup/loadbalance.go
@ -1,125 +0,0 @@
 package outboundgroup
 import (
 	"context"
 	"encoding/json"
 	"net"
 	"github.com/Dreamacro/clash/adapters/outbound"
 	"github.com/Dreamacro/clash/adapters/provider"
 	"github.com/Dreamacro/clash/common/murmur3"
 	"github.com/Dreamacro/clash/common/singledo"
 	C "github.com/Dreamacro/clash/constant"
 	"golang.org/x/net/publicsuffix"
 )
 type LoadBalance struct {
 	*outbound.Base
 	single    *singledo.Single
 	maxRetry  int
 	providers []provider.ProxyProvider
 }
 func getKey(metadata *C.Metadata) string {
 	if metadata.Host != "" {
 		// ip host
 		if ip := net.ParseIP(metadata.Host); ip != nil {
 			return metadata.Host
 		}
 		if etld, err := publicsuffix.EffectiveTLDPlusOne(metadata.Host); err == nil {
 			return etld
 		}
 	}
 	if metadata.DstIP == nil {
 		return ""
 	}
 	return metadata.DstIP.String()
 }
 func jumpHash(key uint64, buckets int32) int32 {
 	var b, j int64
 	for j < int64(buckets) {
 		b = j
 		key = key*2862933555777941757 + 1
 		j = int64(float64(b+1) * (float64(int64(1)<<31) / float64((key>>33)+1)))
 	}
 	return int32(b)
 }
 func (lb *LoadBalance) DialContext(ctx context.Context, metadata *C.Metadata) (c C.Conn, err error) {
 	defer func() {
 		if err == nil {
 			c.AppendToChains(lb)
 		}
 	}()
 	proxy := lb.Unwrap(metadata)
 	c, err = proxy.DialContext(ctx, metadata)
 	return
 }
 func (lb *LoadBalance) DialUDP(metadata *C.Metadata) (pc C.PacketConn, err error) {
 	defer func() {
 		if err == nil {
 			pc.AppendToChains(lb)
 		}
 	}()
 	proxy := lb.Unwrap(metadata)
 	return proxy.DialUDP(metadata)
 }
 func (lb *LoadBalance) SupportUDP() bool {
 	return true
 }
 func (lb *LoadBalance) Unwrap(metadata *C.Metadata) C.Proxy {
 	key := uint64(murmur3.Sum32([]byte(getKey(metadata))))
 	proxies := lb.proxies()
 	buckets := int32(len(proxies))
 	for i := 0; i < lb.maxRetry; i, key = i+1, key+1 {
 		idx := jumpHash(key, buckets)
 		proxy := proxies[idx]
 		if proxy.Alive() {
 			return proxy
 		}
 	}
 	return proxies[0]
 }
 func (lb *LoadBalance) proxies() []C.Proxy {
 	elm, _, _ := lb.single.Do(func() (interface{}, error) {
 		return getProvidersProxies(lb.providers), nil
 	})
 	return elm.([]C.Proxy)
 }
 func (lb *LoadBalance) MarshalJSON() ([]byte, error) {
 	var all []string
 	for _, proxy := range lb.proxies() {
 		all = append(all, proxy.Name())
 	}
 	return json.Marshal(map[string]interface{}{
 		"type": lb.Type().String(),
 		"all":  all,
 	})
 }
 func NewLoadBalance(name string, providers []provider.ProxyProvider) *LoadBalance {
 	return &LoadBalance{
 		Base:      outbound.NewBase(name, "", C.LoadBalance, false),
 		single:    singledo.NewSingle(defaultGetProxiesDuration),
 		maxRetry:  3,
 		providers: providers,
 	}
 }
--- a/adapters/outboundgroup/relay.go
+++ b/adapters/outboundgroup/relay.go
@ -1,98 +0,0 @@
 package outboundgroup
 import (
 	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"github.com/Dreamacro/clash/adapters/outbound"
 	"github.com/Dreamacro/clash/adapters/provider"
 	"github.com/Dreamacro/clash/common/singledo"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 )
 type Relay struct {
 	*outbound.Base
 	single    *singledo.Single
 	providers []provider.ProxyProvider
 }
 func (r *Relay) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
 	proxies := r.proxies(metadata)
 	if len(proxies) == 0 {
 		return nil, errors.New("Proxy does not exist")
 	}
 	first := proxies[0]
 	last := proxies[len(proxies)-1]
 	c, err := dialer.DialContext(ctx, "tcp", first.Addr())
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", first.Addr(), err)
 	}
 	tcpKeepAlive(c)
 	var currentMeta *C.Metadata
 	for _, proxy := range proxies[1:] {
 		currentMeta, err = addrToMetadata(proxy.Addr())
 		if err != nil {
 			return nil, err
 		}
 		c, err = first.StreamConn(c, currentMeta)
 		if err != nil {
 			return nil, fmt.Errorf("%s connect error: %w", first.Addr(), err)
 		}
 		first = proxy
 	}
 	c, err = last.StreamConn(c, metadata)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", last.Addr(), err)
 	}
 	return outbound.NewConn(c, r), nil
 }
 func (r *Relay) MarshalJSON() ([]byte, error) {
 	var all []string
 	for _, proxy := range r.rawProxies() {
 		all = append(all, proxy.Name())
 	}
 	return json.Marshal(map[string]interface{}{
 		"type": r.Type().String(),
 		"all":  all,
 	})
 }
 func (r *Relay) rawProxies() []C.Proxy {
 	elm, _, _ := r.single.Do(func() (interface{}, error) {
 		return getProvidersProxies(r.providers), nil
 	})
 	return elm.([]C.Proxy)
 }
 func (r *Relay) proxies(metadata *C.Metadata) []C.Proxy {
 	proxies := r.rawProxies()
 	for n, proxy := range proxies {
 		subproxy := proxy.Unwrap(metadata)
 		for subproxy != nil {
 			proxies[n] = subproxy
 			subproxy = subproxy.Unwrap(metadata)
 		}
 	}
 	return proxies
 }
 func NewRelay(name string, providers []provider.ProxyProvider) *Relay {
 	return &Relay{
 		Base:      outbound.NewBase(name, "", C.Relay, false),
 		single:    singledo.NewSingle(defaultGetProxiesDuration),
 		providers: providers,
 	}
 }
--- a/adapters/outboundgroup/selector.go
+++ b/adapters/outboundgroup/selector.go
@ -1,97 +0,0 @@
 package outboundgroup
 import (
 	"context"
 	"encoding/json"
 	"errors"
 	"github.com/Dreamacro/clash/adapters/outbound"
 	"github.com/Dreamacro/clash/adapters/provider"
 	"github.com/Dreamacro/clash/common/singledo"
 	C "github.com/Dreamacro/clash/constant"
 )
 type Selector struct {
 	*outbound.Base
 	single    *singledo.Single
 	selected  string
 	providers []provider.ProxyProvider
 }
 func (s *Selector) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
 	c, err := s.selectedProxy().DialContext(ctx, metadata)
 	if err == nil {
 		c.AppendToChains(s)
 	}
 	return c, err
 }
 func (s *Selector) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	pc, err := s.selectedProxy().DialUDP(metadata)
 	if err == nil {
 		pc.AppendToChains(s)
 	}
 	return pc, err
 }
 func (s *Selector) SupportUDP() bool {
 	return s.selectedProxy().SupportUDP()
 }
 func (s *Selector) MarshalJSON() ([]byte, error) {
 	var all []string
 	for _, proxy := range getProvidersProxies(s.providers) {
 		all = append(all, proxy.Name())
 	}
 	return json.Marshal(map[string]interface{}{
 		"type": s.Type().String(),
 		"now":  s.Now(),
 		"all":  all,
 	})
 }
 func (s *Selector) Now() string {
 	return s.selectedProxy().Name()
 }
 func (s *Selector) Set(name string) error {
 	for _, proxy := range getProvidersProxies(s.providers) {
 		if proxy.Name() == name {
 			s.selected = name
 			s.single.Reset()
 			return nil
 		}
 	}
 	return errors.New("Proxy does not exist")
 }
 func (s *Selector) Unwrap(metadata *C.Metadata) C.Proxy {
 	return s.selectedProxy()
 }
 func (s *Selector) selectedProxy() C.Proxy {
 	elm, _, _ := s.single.Do(func() (interface{}, error) {
 		proxies := getProvidersProxies(s.providers)
 		for _, proxy := range proxies {
 			if proxy.Name() == s.selected {
 				return proxy, nil
 			}
 		}
 		return proxies[0], nil
 	})
 	return elm.(C.Proxy)
 }
 func NewSelector(name string, providers []provider.ProxyProvider) *Selector {
 	selected := providers[0].Proxies()[0].Name()
 	return &Selector{
 		Base:      outbound.NewBase(name, "", C.Selector, false),
 		single:    singledo.NewSingle(defaultGetProxiesDuration),
 		providers: providers,
 		selected:  selected,
 	}
 }
--- a/adapters/outboundgroup/urltest.go
+++ b/adapters/outboundgroup/urltest.go
@ -1,98 +0,0 @@
 package outboundgroup
 import (
 	"context"
 	"encoding/json"
 	"time"
 	"github.com/Dreamacro/clash/adapters/outbound"
 	"github.com/Dreamacro/clash/adapters/provider"
 	"github.com/Dreamacro/clash/common/singledo"
 	C "github.com/Dreamacro/clash/constant"
 )
 type URLTest struct {
 	*outbound.Base
 	single     *singledo.Single
 	fastSingle *singledo.Single
 	providers  []provider.ProxyProvider
 }
 func (u *URLTest) Now() string {
 	return u.fast().Name()
 }
 func (u *URLTest) DialContext(ctx context.Context, metadata *C.Metadata) (c C.Conn, err error) {
 	c, err = u.fast().DialContext(ctx, metadata)
 	if err == nil {
 		c.AppendToChains(u)
 	}
 	return c, err
 }
 func (u *URLTest) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	pc, err := u.fast().DialUDP(metadata)
 	if err == nil {
 		pc.AppendToChains(u)
 	}
 	return pc, err
 }
 func (u *URLTest) Unwrap(metadata *C.Metadata) C.Proxy {
 	return u.fast()
 }
 func (u *URLTest) proxies() []C.Proxy {
 	elm, _, _ := u.single.Do(func() (interface{}, error) {
 		return getProvidersProxies(u.providers), nil
 	})
 	return elm.([]C.Proxy)
 }
 func (u *URLTest) fast() C.Proxy {
 	elm, _, _ := u.fastSingle.Do(func() (interface{}, error) {
 		proxies := u.proxies()
 		fast := proxies[0]
 		min := fast.LastDelay()
 		for _, proxy := range proxies[1:] {
 			if !proxy.Alive() {
 				continue
 			}
 			delay := proxy.LastDelay()
 			if delay < min {
 				fast = proxy
 				min = delay
 			}
 		}
 		return fast, nil
 	})
 	return elm.(C.Proxy)
 }
 func (u *URLTest) SupportUDP() bool {
 	return u.fast().SupportUDP()
 }
 func (u *URLTest) MarshalJSON() ([]byte, error) {
 	var all []string
 	for _, proxy := range u.proxies() {
 		all = append(all, proxy.Name())
 	}
 	return json.Marshal(map[string]interface{}{
 		"type": u.Type().String(),
 		"now":  u.Now(),
 		"all":  all,
 	})
 }
 func NewURLTest(name string, providers []provider.ProxyProvider) *URLTest {
 	return &URLTest{
 		Base:       outbound.NewBase(name, "", C.URLTest, false),
 		single:     singledo.NewSingle(defaultGetProxiesDuration),
 		fastSingle: singledo.NewSingle(time.Second * 10),
 		providers:  providers,
 	}
 }
--- a/adapters/provider/fetcher.go
+++ b/adapters/provider/fetcher.go
@ -1,154 +0,0 @@
 package provider
 import (
 	"bytes"
 	"crypto/md5"
 	"io/ioutil"
 	"os"
 	"time"
 	"github.com/Dreamacro/clash/log"
 )
 var (
 	fileMode os.FileMode = 0666
 )
 type parser = func([]byte) (interface{}, error)
 type fetcher struct {
 	name      string
 	vehicle   Vehicle
 	updatedAt *time.Time
 	ticker    *time.Ticker
 	hash      [16]byte
 	parser    parser
 	onUpdate  func(interface{})
 }
 func (f *fetcher) Name() string {
 	return f.name
 }
 func (f *fetcher) VehicleType() VehicleType {
 	return f.vehicle.Type()
 }
 func (f *fetcher) Initial() (interface{}, error) {
 	var buf []byte
 	var err error
 	var isLocal bool
 	if stat, err := os.Stat(f.vehicle.Path()); err == nil {
 		buf, err = ioutil.ReadFile(f.vehicle.Path())
 		modTime := stat.ModTime()
 		f.updatedAt = &modTime
 		isLocal = true
 	} else {
 		buf, err = f.vehicle.Read()
 	}
 	if err != nil {
 		return nil, err
 	}
 	proxies, err := f.parser(buf)
 	if err != nil {
 		if !isLocal {
 			return nil, err
 		}
 		// parse local file error, fallback to remote
 		buf, err = f.vehicle.Read()
 		if err != nil {
 			return nil, err
 		}
 		proxies, err = f.parser(buf)
 		if err != nil {
 			return nil, err
 		}
 	}
 	if err := ioutil.WriteFile(f.vehicle.Path(), buf, fileMode); err != nil {
 		return nil, err
 	}
 	f.hash = md5.Sum(buf)
 	// pull proxies automatically
 	if f.ticker != nil {
 		go f.pullLoop()
 	}
 	return proxies, nil
 }
 func (f *fetcher) Update() (interface{}, bool, error) {
 	buf, err := f.vehicle.Read()
 	if err != nil {
 		return nil, false, err
 	}
 	now := time.Now()
 	hash := md5.Sum(buf)
 	if bytes.Equal(f.hash[:], hash[:]) {
 		f.updatedAt = &now
 		return nil, true, nil
 	}
 	proxies, err := f.parser(buf)
 	if err != nil {
 		return nil, false, err
 	}
 	if err := ioutil.WriteFile(f.vehicle.Path(), buf, fileMode); err != nil {
 		return nil, false, err
 	}
 	f.updatedAt = &now
 	f.hash = hash
 	return proxies, false, nil
 }
 func (f *fetcher) Destroy() error {
 	if f.ticker != nil {
 		f.ticker.Stop()
 	}
 	return nil
 }
 func (f *fetcher) pullLoop() {
 	for range f.ticker.C {
 		elm, same, err := f.Update()
 		if err != nil {
 			log.Warnln("[Provider] %s pull error: %s", f.Name(), err.Error())
 			continue
 		}
 		if same {
 			log.Debugln("[Provider] %s's proxies doesn't change", f.Name())
 			continue
 		}
 		log.Infoln("[Provider] %s's proxies update", f.Name())
 		if f.onUpdate != nil {
 			f.onUpdate(elm)
 		}
 	}
 }
 func newFetcher(name string, interval time.Duration, vehicle Vehicle, parser parser, onUpdate func(interface{})) *fetcher {
 	var ticker *time.Ticker
 	if interval != 0 {
 		ticker = time.NewTicker(interval)
 	}
 	return &fetcher{
 		name:     name,
 		ticker:   ticker,
 		vehicle:  vehicle,
 		parser:   parser,
 		onUpdate: onUpdate,
 	}
 }
--- a/adapters/provider/healthcheck.go
+++ b/adapters/provider/healthcheck.go
@ -1,70 +0,0 @@
 package provider
 import (
 	"context"
 	"time"
 	C "github.com/Dreamacro/clash/constant"
 )
 const (
 	defaultURLTestTimeout = time.Second * 5
 )
 type HealthCheckOption struct {
 	URL      string
 	Interval uint
 }
 type HealthCheck struct {
 	url      string
 	proxies  []C.Proxy
 	interval uint
 	done     chan struct{}
 }
 func (hc *HealthCheck) process() {
 	ticker := time.NewTicker(time.Duration(hc.interval) * time.Second)
 	go hc.check()
 	for {
 		select {
 		case <-ticker.C:
 			hc.check()
 		case <-hc.done:
 			ticker.Stop()
 			return
 		}
 	}
 }
 func (hc *HealthCheck) setProxy(proxies []C.Proxy) {
 	hc.proxies = proxies
 }
 func (hc *HealthCheck) auto() bool {
 	return hc.interval != 0
 }
 func (hc *HealthCheck) check() {
 	ctx, cancel := context.WithTimeout(context.Background(), defaultURLTestTimeout)
 	for _, proxy := range hc.proxies {
 		go proxy.URLTest(ctx, hc.url)
 	}
 	<-ctx.Done()
 	cancel()
 }
 func (hc *HealthCheck) close() {
 	hc.done <- struct{}{}
 }
 func NewHealthCheck(proxies []C.Proxy, url string, interval uint) *HealthCheck {
 	return &HealthCheck{
 		proxies:  proxies,
 		url:      url,
 		interval: interval,
 		done:     make(chan struct{}, 1),
 	}
 }
--- a/common/batch/batch.go
+++ b/common/batch/batch.go
@ -0,0 +1,105 @@
 package batch
 import (
 	"context"
 	"sync"
 )
 type Option[T any] func(b *Batch[T])
 type Result[T any] struct {
 	Value T
 	Err   error
 }
 type Error struct {
 	Key string
 	Err error
 }
 func WithConcurrencyNum[T any](n int) Option[T] {
 	return func(b *Batch[T]) {
 		q := make(chan struct{}, n)
 		for i := 0; i < n; i++ {
 			q <- struct{}{}
 		}
 		b.queue = q
 	}
 }
 // Batch similar to errgroup, but can control the maximum number of concurrent
 type Batch[T any] struct {
 	result map[string]Result[T]
 	queue  chan struct{}
 	wg     sync.WaitGroup
 	mux    sync.Mutex
 	err    *Error
 	once   sync.Once
 	cancel func()
 }
 func (b *Batch[T]) Go(key string, fn func() (T, error)) {
 	b.wg.Add(1)
 	go func() {
 		defer b.wg.Done()
 		if b.queue != nil {
 			<-b.queue
 			defer func() {
 				b.queue <- struct{}{}
 			}()
 		}
 		value, err := fn()
 		if err != nil {
 			b.once.Do(func() {
 				b.err = &Error{key, err}
 				if b.cancel != nil {
 					b.cancel()
 				}
 			})
 		}
 		ret := Result[T]{value, err}
 		b.mux.Lock()
 		defer b.mux.Unlock()
 		b.result[key] = ret
 	}()
 }
 func (b *Batch[T]) Wait() *Error {
 	b.wg.Wait()
 	if b.cancel != nil {
 		b.cancel()
 	}
 	return b.err
 }
 func (b *Batch[T]) WaitAndGetResult() (map[string]Result[T], *Error) {
 	err := b.Wait()
 	return b.Result(), err
 }
 func (b *Batch[T]) Result() map[string]Result[T] {
 	b.mux.Lock()
 	defer b.mux.Unlock()
 	copyM := map[string]Result[T]{}
 	for k, v := range b.result {
 		copyM[k] = v
 	}
 	return copyM
 }
 func New[T any](ctx context.Context, opts ...Option[T]) (*Batch[T], context.Context) {
 	ctx, cancel := context.WithCancel(ctx)
 	b := &Batch[T]{
 		result: map[string]Result[T]{},
 	}
 	for _, o := range opts {
 		o(b)
 	}
 	b.cancel = cancel
 	return b, ctx
 }
--- a/common/batch/batch_test.go
+++ b/common/batch/batch_test.go
@ -0,0 +1,83 @@
 package batch
 import (
 	"context"
 	"errors"
 	"strconv"
 	"testing"
 	"time"
 	"github.com/stretchr/testify/assert"
 )
 func TestBatch(t *testing.T) {
 	b, _ := New[string](context.Background())
 	now := time.Now()
 	b.Go("foo", func() (string, error) {
 		time.Sleep(time.Millisecond * 100)
 		return "foo", nil
 	})
 	b.Go("bar", func() (string, error) {
 		time.Sleep(time.Millisecond * 150)
 		return "bar", nil
 	})
 	result, err := b.WaitAndGetResult()
 	assert.Nil(t, err)
 	duration := time.Since(now)
 	assert.Less(t, duration, time.Millisecond*200)
 	assert.Equal(t, 2, len(result))
 	for k, v := range result {
 		assert.NoError(t, v.Err)
 		assert.Equal(t, k, v.Value)
 	}
 }
 func TestBatchWithConcurrencyNum(t *testing.T) {
 	b, _ := New[string](
 		context.Background(),
 		WithConcurrencyNum[string](3),
 	)
 	now := time.Now()
 	for i := 0; i < 7; i++ {
 		idx := i
 		b.Go(strconv.Itoa(idx), func() (string, error) {
 			time.Sleep(time.Millisecond * 100)
 			return strconv.Itoa(idx), nil
 		})
 	}
 	result, _ := b.WaitAndGetResult()
 	duration := time.Since(now)
 	assert.Greater(t, duration, time.Millisecond*260)
 	assert.Equal(t, 7, len(result))
 	for k, v := range result {
 		assert.NoError(t, v.Err)
 		assert.Equal(t, k, v.Value)
 	}
 }
 func TestBatchContext(t *testing.T) {
 	b, ctx := New[string](context.Background())
 	b.Go("error", func() (string, error) {
 		time.Sleep(time.Millisecond * 100)
 		return "", errors.New("test error")
 	})
 	b.Go("ctx", func() (string, error) {
 		<-ctx.Done()
 		return "", ctx.Err()
 	})
 	result, err := b.WaitAndGetResult()
 	assert.NotNil(t, err)
 	assert.Equal(t, "error", err.Key)
 	assert.Equal(t, ctx.Err(), result["ctx"].Err)
 }
--- a/common/cache/cache.go
+++ b/common/cache/cache.go
@ -7,50 +7,50 @@ import (
 )
 // Cache store element with a expired time
-type Cache struct {
+type Cache[K comparable, V any] struct {
-	*cache
+	*cache[K, V]
 }
-type cache struct {
+type cache[K comparable, V any] struct {
 	mapping sync.Map
-	janitor *janitor
+	janitor *janitor[K, V]
 }
-type element struct {
+type element[V any] struct {
 	Expired time.Time
-	Payload interface{}
+	Payload V
 }
 // Put element in Cache with its ttl
-func (c *cache) Put(key interface{}, payload interface{}, ttl time.Duration) {
+func (c *cache[K, V]) Put(key K, payload V, ttl time.Duration) {
-	c.mapping.Store(key, &element{
+	c.mapping.Store(key, &element[V]{
 		Payload: payload,
 		Expired: time.Now().Add(ttl),
 	})
 }
 // Get element in Cache, and drop when it expired
-func (c *cache) Get(key interface{}) interface{} {
+func (c *cache[K, V]) Get(key K) V {
 	item, exist := c.mapping.Load(key)
 	if !exist {
-		return nil
+		return getZero[V]()
 	}
-	elm := item.(*element)
+	elm := item.(*element[V])
 	// expired
 	if time.Since(elm.Expired) > 0 {
 		c.mapping.Delete(key)
-		return nil
+		return getZero[V]()
 	}
 	return elm.Payload
 }
 // GetWithExpire element in Cache with Expire Time
-func (c *cache) GetWithExpire(key interface{}) (payload interface{}, expired time.Time) {
+func (c *cache[K, V]) GetWithExpire(key K) (payload V, expired time.Time) {
 	item, exist := c.mapping.Load(key)
 	if !exist {
 		return
 	}
-	elm := item.(*element)
+	elm := item.(*element[V])
 	// expired
 	if time.Since(elm.Expired) > 0 {
 		c.mapping.Delete(key)
@ -59,10 +59,10 @@ func (c *cache) GetWithExpire(key interface{}) (payload interface{}, expired tim
 	return elm.Payload, elm.Expired
 }
-func (c *cache) cleanup() {
+func (c *cache[K, V]) cleanup() {
-	c.mapping.Range(func(k, v interface{}) bool {
+	c.mapping.Range(func(k, v any) bool {
 		key := k.(string)
-		elm := v.(*element)
+		elm := v.(*element[V])
 		if time.Since(elm.Expired) > 0 {
 			c.mapping.Delete(key)
 		}
@ -70,12 +70,12 @@ func (c *cache) cleanup() {
 	})
 }
-type janitor struct {
+type janitor[K comparable, V any] struct {
 	interval time.Duration
 	stop     chan struct{}
 }
-func (j *janitor) process(c *cache) {
+func (j *janitor[K, V]) process(c *cache[K, V]) {
 	ticker := time.NewTicker(j.interval)
 	for {
 		select {
@ -88,19 +88,19 @@ func (j *janitor) process(c *cache) {
 	}
 }
-func stopJanitor(c *Cache) {
+func stopJanitor[K comparable, V any](c *Cache[K, V]) {
 	c.janitor.stop <- struct{}{}
 }
 // New return *Cache
-func New(interval time.Duration) *Cache {
+func New[K comparable, V any](interval time.Duration) *Cache[K, V] {
-	j := &janitor{
+	j := &janitor[K, V]{
 		interval: interval,
 		stop:     make(chan struct{}),
 	}
-	c := &cache{janitor: j}
+	c := &cache[K, V]{janitor: j}
 	go j.process(c)
-	C := &Cache{c}
+	C := &Cache[K, V]{c}
-	runtime.SetFinalizer(C, stopJanitor)
+	runtime.SetFinalizer(C, stopJanitor[K, V])
 	return C
 }
--- a/common/cache/cache_test.go
+++ b/common/cache/cache_test.go
@ -11,48 +11,50 @@ import (
 func TestCache_Basic(t *testing.T) {
 	interval := 200 * time.Millisecond
 	ttl := 20 * time.Millisecond
-	c := New(interval)
+	c := New[string, int](interval)
 	c.Put("int", 1, ttl)
-	c.Put("string", "a", ttl)
+
 	d := New[string, string](interval)
 	d.Put("string", "a", ttl)
 	i := c.Get("int")
-	assert.Equal(t, i.(int), 1, "should recv 1")
+	assert.Equal(t, i, 1, "should recv 1")
-	s := c.Get("string")
+	s := d.Get("string")
-	assert.Equal(t, s.(string), "a", "should recv 'a'")
+	assert.Equal(t, s, "a", "should recv 'a'")
 }
 func TestCache_TTL(t *testing.T) {
 	interval := 200 * time.Millisecond
 	ttl := 20 * time.Millisecond
 	now := time.Now()
-	c := New(interval)
+	c := New[string, int](interval)
 	c.Put("int", 1, ttl)
 	c.Put("int2", 2, ttl)
 	i := c.Get("int")
 	_, expired := c.GetWithExpire("int2")
-	assert.Equal(t, i.(int), 1, "should recv 1")
+	assert.Equal(t, i, 1, "should recv 1")
 	assert.True(t, now.Before(expired))
 	time.Sleep(ttl * 2)
 	i = c.Get("int")
 	j, _ := c.GetWithExpire("int2")
-	assert.Nil(t, i, "should recv nil")
+	assert.True(t, i == 0, "should recv 0")
-	assert.Nil(t, j, "should recv nil")
+	assert.True(t, j == 0, "should recv 0")
 }
 func TestCache_AutoCleanup(t *testing.T) {
 	interval := 10 * time.Millisecond
 	ttl := 15 * time.Millisecond
-	c := New(interval)
+	c := New[string, int](interval)
 	c.Put("int", 1, ttl)
 	time.Sleep(ttl * 2)
 	i := c.Get("int")
 	j, _ := c.GetWithExpire("int")
-	assert.Nil(t, i, "should recv nil")
+	assert.True(t, i == 0, "should recv 0")
-	assert.Nil(t, j, "should recv nil")
+	assert.True(t, j == 0, "should recv 0")
 }
 func TestCache_AutoGC(t *testing.T) {
@ -60,7 +62,7 @@ func TestCache_AutoGC(t *testing.T) {
 	go func() {
 		interval := 10 * time.Millisecond
 		ttl := 15 * time.Millisecond
-		c := New(interval)
+		c := New[string, int](interval)
 		c.Put("int", 1, ttl)
 		sign <- struct{}{}
 	}()
--- a/common/cache/lrucache.go
+++ b/common/cache/lrucache.go
@ -3,49 +3,50 @@ package cache
 // Modified by https://github.com/die-net/lrucache
 import (
 	"container/list"
 	"sync"
 	"time"
 	"github.com/Dreamacro/clash/common/generics/list"
 )
 // Option is part of Functional Options Pattern
-type Option func(*LruCache)
+type Option[K comparable, V any] func(*LruCache[K, V])
 // EvictCallback is used to get a callback when a cache entry is evicted
-type EvictCallback = func(key interface{}, value interface{})
+type EvictCallback[K comparable, V any] func(key K, value V)
 // WithEvict set the evict callback
-func WithEvict(cb EvictCallback) Option {
+func WithEvict[K comparable, V any](cb EvictCallback[K, V]) Option[K, V] {
-	return func(l *LruCache) {
+	return func(l *LruCache[K, V]) {
 		l.onEvict = cb
 	}
 }
 // WithUpdateAgeOnGet update expires when Get element
-func WithUpdateAgeOnGet() Option {
+func WithUpdateAgeOnGet[K comparable, V any]() Option[K, V] {
-	return func(l *LruCache) {
+	return func(l *LruCache[K, V]) {
 		l.updateAgeOnGet = true
 	}
 }
 // WithAge defined element max age (second)
-func WithAge(maxAge int64) Option {
+func WithAge[K comparable, V any](maxAge int64) Option[K, V] {
-	return func(l *LruCache) {
+	return func(l *LruCache[K, V]) {
 		l.maxAge = maxAge
 	}
 }
 // WithSize defined max length of LruCache
-func WithSize(maxSize int) Option {
+func WithSize[K comparable, V any](maxSize int) Option[K, V] {
-	return func(l *LruCache) {
+	return func(l *LruCache[K, V]) {
 		l.maxSize = maxSize
 	}
 }
 // WithStale decide whether Stale return is enabled.
 // If this feature is enabled, element will not get Evicted according to `WithAge`.
-func WithStale(stale bool) Option {
+func WithStale[K comparable, V any](stale bool) Option[K, V] {
-	return func(l *LruCache) {
+	return func(l *LruCache[K, V]) {
 		l.staleReturn = stale
 	}
 }
@ -53,22 +54,22 @@ func WithStale(stale bool) Option {
 // LruCache is a thread-safe, in-memory lru-cache that evicts the
 // least recently used entries from memory when (if set) the entries are
 // older than maxAge (in seconds).  Use the New constructor to create one.
-type LruCache struct {
+type LruCache[K comparable, V any] struct {
 	maxAge         int64
 	maxSize        int
 	mu             sync.Mutex
-	cache          map[interface{}]*list.Element
+	cache          map[K]*list.Element[*entry[K, V]]
-	lru            *list.List // Front is least-recent
+	lru            *list.List[*entry[K, V]] // Front is least-recent
 	updateAgeOnGet bool
 	staleReturn    bool
-	onEvict        EvictCallback
+	onEvict        EvictCallback[K, V]
 }
 // NewLRUCache creates an LruCache
-func NewLRUCache(options ...Option) *LruCache {
+func NewLRUCache[K comparable, V any](options ...Option[K, V]) *LruCache[K, V] {
-	lc := &LruCache{
+	lc := &LruCache[K, V]{
-		lru:   list.New(),
+		lru:   list.New[*entry[K, V]](),
-		cache: make(map[interface{}]*list.Element),
+		cache: make(map[K]*list.Element[*entry[K, V]]),
 	}
 	for _, option := range options {
@ -78,33 +79,33 @@ func NewLRUCache(options ...Option) *LruCache {
 	return lc
 }
-// Get returns the interface{} representation of a cached response and a bool
+// Get returns the any representation of a cached response and a bool
 // set to true if the key was found.
-func (c *LruCache) Get(key interface{}) (interface{}, bool) {
+func (c *LruCache[K, V]) Get(key K) (V, bool) {
-	entry := c.get(key)
+	el := c.get(key)
-	if entry == nil {
+	if el == nil {
-		return nil, false
+		return getZero[V](), false
 	}
-	value := entry.value
+	value := el.value
 	return value, true
 }
-// GetWithExpire returns the interface{} representation of a cached response,
+// GetWithExpire returns the any representation of a cached response,
 // a time.Time Give expected expires,
 // and a bool set to true if the key was found.
 // This method will NOT check the maxAge of element and will NOT update the expires.
-func (c *LruCache) GetWithExpire(key interface{}) (interface{}, time.Time, bool) {
+func (c *LruCache[K, V]) GetWithExpire(key K) (V, time.Time, bool) {
-	entry := c.get(key)
+	el := c.get(key)
-	if entry == nil {
+	if el == nil {
-		return nil, time.Time{}, false
+		return getZero[V](), time.Time{}, false
 	}
-	return entry.value, time.Unix(entry.expires, 0), true
+	return el.value, time.Unix(el.expires, 0), true
 }
 // Exist returns if key exist in cache but not put item to the head of linked list
-func (c *LruCache) Exist(key interface{}) bool {
+func (c *LruCache[K, V]) Exist(key K) bool {
 	c.mu.Lock()
 	defer c.mu.Unlock()
@ -112,8 +113,8 @@ func (c *LruCache) Exist(key interface{}) bool {
 	return ok
 }
-// Set stores the interface{} representation of a response for a given key.
+// Set stores the any representation of a response for a given key.
-func (c *LruCache) Set(key interface{}, value interface{}) {
+func (c *LruCache[K, V]) Set(key K, value V) {
 	expires := int64(0)
 	if c.maxAge > 0 {
 		expires = time.Now().Unix() + c.maxAge
@ -121,23 +122,23 @@ func (c *LruCache) Set(key interface{}, value interface{}) {
 	c.SetWithExpire(key, value, time.Unix(expires, 0))
 }
-// SetWithExpire stores the interface{} representation of a response for a given key and given exires.
+// SetWithExpire stores the any representation of a response for a given key and given expires.
 // The expires time will round to second.
-func (c *LruCache) SetWithExpire(key interface{}, value interface{}, expires time.Time) {
+func (c *LruCache[K, V]) SetWithExpire(key K, value V, expires time.Time) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 	if le, ok := c.cache[key]; ok {
 		c.lru.MoveToBack(le)
-		e := le.Value.(*entry)
+		e := le.Value
 		e.value = value
 		e.expires = expires.Unix()
 	} else {
-		e := &entry{key: key, value: value, expires: expires.Unix()}
+		e := &entry[K, V]{key: key, value: value, expires: expires.Unix()}
 		c.cache[key] = c.lru.PushBack(e)
 		if c.maxSize > 0 {
-			if len := c.lru.Len(); len > c.maxSize {
+			if elLen := c.lru.Len(); elLen > c.maxSize {
 				c.deleteElement(c.lru.Front())
 			}
 		}
@ -146,7 +147,24 @@ func (c *LruCache) SetWithExpire(key interface{}, value interface{}, expires tim
 	c.maybeDeleteOldest()
 }
-func (c *LruCache) get(key interface{}) *entry {
+// CloneTo clone and overwrite elements to another LruCache
 func (c *LruCache[K, V]) CloneTo(n *LruCache[K, V]) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 	n.mu.Lock()
 	defer n.mu.Unlock()
 	n.lru = list.New[*entry[K, V]]()
 	n.cache = make(map[K]*list.Element[*entry[K, V]])
 	for e := c.lru.Front(); e != nil; e = e.Next() {
 		elm := e.Value
 		n.cache[elm.key] = n.lru.PushBack(elm)
 	}
 }
 func (c *LruCache[K, V]) get(key K) *entry[K, V] {
 	c.mu.Lock()
 	defer c.mu.Unlock()
@ -155,7 +173,7 @@ func (c *LruCache) get(key interface{}) *entry {
 		return nil
 	}
-	if !c.staleReturn && c.maxAge > 0 && le.Value.(*entry).expires <= time.Now().Unix() {
+	if !c.staleReturn && c.maxAge > 0 && le.Value.expires <= time.Now().Unix() {
 		c.deleteElement(le)
 		c.maybeDeleteOldest()
@ -163,15 +181,15 @@ func (c *LruCache) get(key interface{}) *entry {
 	}
 	c.lru.MoveToBack(le)
-	entry := le.Value.(*entry)
+	el := le.Value
 	if c.maxAge > 0 && c.updateAgeOnGet {
-		entry.expires = time.Now().Unix() + c.maxAge
+		el.expires = time.Now().Unix() + c.maxAge
 	}
-	return entry
+	return el
 }
 // Delete removes the value associated with a key.
-func (c *LruCache) Delete(key string) {
+func (c *LruCache[K, V]) Delete(key K) {
 	c.mu.Lock()
 	if le, ok := c.cache[key]; ok {
@ -181,26 +199,40 @@ func (c *LruCache) Delete(key string) {
 	c.mu.Unlock()
 }
-func (c *LruCache) maybeDeleteOldest() {
+func (c *LruCache[K, V]) maybeDeleteOldest() {
 	if !c.staleReturn && c.maxAge > 0 {
 		now := time.Now().Unix()
-		for le := c.lru.Front(); le != nil && le.Value.(*entry).expires <= now; le = c.lru.Front() {
+		for le := c.lru.Front(); le != nil && le.Value.expires <= now; le = c.lru.Front() {
 			c.deleteElement(le)
 		}
 	}
 }
-func (c *LruCache) deleteElement(le *list.Element) {
+func (c *LruCache[K, V]) deleteElement(le *list.Element[*entry[K, V]]) {
 	c.lru.Remove(le)
-	e := le.Value.(*entry)
+	e := le.Value
 	delete(c.cache, e.key)
 	if c.onEvict != nil {
 		c.onEvict(e.key, e.value)
 	}
 }
-type entry struct {
+func (c *LruCache[K, V]) Clear() error {
-	key     interface{}
+	c.mu.Lock()
-	value   interface{}
+
 	c.cache = make(map[K]*list.Element[*entry[K, V]])
 	c.mu.Unlock()
 	return nil
 }
 type entry[K comparable, V any] struct {
 	key     K
 	value   V
 	expires int64
 }
 func getZero[T any]() T {
 	var result T
 	return result
 }
--- a/common/cache/lrucache_test.go
+++ b/common/cache/lrucache_test.go
@ -19,7 +19,7 @@ var entries = []struct {
 }
 func TestLRUCache(t *testing.T) {
-	c := NewLRUCache()
+	c := NewLRUCache[string, string]()
 	for _, e := range entries {
 		c.Set(e.key, e.value)
@ -32,7 +32,7 @@ func TestLRUCache(t *testing.T) {
 	for _, e := range entries {
 		value, ok := c.Get(e.key)
 		if assert.True(t, ok) {
-			assert.Equal(t, e.value, value.(string))
+			assert.Equal(t, e.value, value)
 		}
 	}
@ -45,25 +45,25 @@ func TestLRUCache(t *testing.T) {
 }
 func TestLRUMaxAge(t *testing.T) {
-	c := NewLRUCache(WithAge(86400))
+	c := NewLRUCache[string, string](WithAge[string, string](86400))
 	now := time.Now().Unix()
 	expected := now + 86400
 	// Add one expired entry
 	c.Set("foo", "bar")
-	c.lru.Back().Value.(*entry).expires = now
+	c.lru.Back().Value.expires = now
 	// Reset
 	c.Set("foo", "bar")
-	e := c.lru.Back().Value.(*entry)
+	e := c.lru.Back().Value
 	assert.True(t, e.expires >= now)
-	c.lru.Back().Value.(*entry).expires = now
+	c.lru.Back().Value.expires = now
 	// Set a few and verify expiration times
 	for _, s := range entries {
 		c.Set(s.key, s.value)
-		e := c.lru.Back().Value.(*entry)
+		e := c.lru.Back().Value
 		assert.True(t, e.expires >= expected && e.expires <= expected+10)
 	}
@ -77,7 +77,7 @@ func TestLRUMaxAge(t *testing.T) {
 	for _, s := range entries {
 		le, ok := c.cache[s.key]
 		if assert.True(t, ok) {
-			le.Value.(*entry).expires = now
+			le.Value.expires = now
 		}
 	}
@ -88,22 +88,22 @@ func TestLRUMaxAge(t *testing.T) {
 }
 func TestLRUpdateOnGet(t *testing.T) {
-	c := NewLRUCache(WithAge(86400), WithUpdateAgeOnGet())
+	c := NewLRUCache[string, string](WithAge[string, string](86400), WithUpdateAgeOnGet[string, string]())
 	now := time.Now().Unix()
 	expires := now + 86400/2
 	// Add one expired entry
 	c.Set("foo", "bar")
-	c.lru.Back().Value.(*entry).expires = expires
+	c.lru.Back().Value.expires = expires
 	_, ok := c.Get("foo")
 	assert.True(t, ok)
-	assert.True(t, c.lru.Back().Value.(*entry).expires > expires)
+	assert.True(t, c.lru.Back().Value.expires > expires)
 }
 func TestMaxSize(t *testing.T) {
-	c := NewLRUCache(WithSize(2))
+	c := NewLRUCache[string, string](WithSize[string, string](2))
 	// Add one expired entry
 	c.Set("foo", "bar")
 	_, ok := c.Get("foo")
@ -117,7 +117,7 @@ func TestMaxSize(t *testing.T) {
 }
 func TestExist(t *testing.T) {
-	c := NewLRUCache(WithSize(1))
+	c := NewLRUCache[int, int](WithSize[int, int](1))
 	c.Set(1, 2)
 	assert.True(t, c.Exist(1))
 	c.Set(2, 3)
@ -126,11 +126,11 @@ func TestExist(t *testing.T) {
 func TestEvict(t *testing.T) {
 	temp := 0
-	evict := func(key interface{}, value interface{}) {
+	evict := func(key int, value int) {
-		temp = key.(int) + value.(int)
+		temp = key + value
 	}
-	c := NewLRUCache(WithEvict(evict), WithSize(1))
+	c := NewLRUCache[int, int](WithEvict[int, int](evict), WithSize[int, int](1))
 	c.Set(1, 2)
 	c.Set(2, 3)
@ -138,22 +138,22 @@ func TestEvict(t *testing.T) {
 }
 func TestSetWithExpire(t *testing.T) {
-	c := NewLRUCache(WithAge(1))
+	c := NewLRUCache[int, *struct{}](WithAge[int, *struct{}](1))
 	now := time.Now().Unix()
 	tenSecBefore := time.Unix(now-10, 0)
-	c.SetWithExpire(1, 2, tenSecBefore)
+	c.SetWithExpire(1, &struct{}{}, tenSecBefore)
 	// res is expected not to exist, and expires should be empty time.Time
 	res, expires, exist := c.GetWithExpire(1)
-	assert.Equal(t, nil, res)
+
 	assert.True(t, nil == res)
 	assert.Equal(t, time.Time{}, expires)
 	assert.Equal(t, false, exist)
 }
 func TestStale(t *testing.T) {
-	c := NewLRUCache(WithAge(1), WithStale(true))
+	c := NewLRUCache[int, int](WithAge[int, int](1), WithStale[int, int](true))
 	now := time.Now().Unix()
 	tenSecBefore := time.Unix(now-10, 0)
@ -164,3 +164,21 @@ func TestStale(t *testing.T) {
 	assert.Equal(t, tenSecBefore, expires)
 	assert.Equal(t, true, exist)
 }
 func TestCloneTo(t *testing.T) {
 	o := NewLRUCache[string, int](WithSize[string, int](10))
 	o.Set("1", 1)
 	o.Set("2", 2)
 	n := NewLRUCache[string, int](WithSize[string, int](2))
 	n.Set("3", 3)
 	n.Set("4", 4)
 	o.CloneTo(n)
 	assert.False(t, n.Exist("3"))
 	assert.True(t, n.Exist("1"))
 	n.Set("5", 5)
 	assert.False(t, n.Exist("1"))
 }
--- a/common/cert/cert.go
+++ b/common/cert/cert.go
@ -0,0 +1,303 @@
 package cert
 import (
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha1"
 	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"math/big"
 	"net"
 	"os"
 	"strings"
 	"sync/atomic"
 	"time"
 )
 var currentSerialNumber = time.Now().Unix()
 type Config struct {
 	ca           *x509.Certificate
 	caPrivateKey *rsa.PrivateKey
 	roots *x509.CertPool
 	privateKey *rsa.PrivateKey
 	validity     time.Duration
 	keyID        []byte
 	organization string
 	certsStorage CertsStorage
 }
 type CertsStorage interface {
 	Get(key string) (*tls.Certificate, bool)
 	Set(key string, cert *tls.Certificate)
 }
 func NewAuthority(name, organization string, validity time.Duration) (*x509.Certificate, *rsa.PrivateKey, error) {
 	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {
 		return nil, nil, err
 	}
 	pub := privateKey.Public()
 	pkixPub, err := x509.MarshalPKIXPublicKey(pub)
 	if err != nil {
 		return nil, nil, err
 	}
 	h := sha1.New()
 	_, err = h.Write(pkixPub)
 	if err != nil {
 		return nil, nil, err
 	}
 	keyID := h.Sum(nil)
 	serial := atomic.AddInt64(&currentSerialNumber, 1)
 	tmpl := &x509.Certificate{
 		SerialNumber: big.NewInt(serial),
 		Subject: pkix.Name{
 			CommonName:   name,
 			Organization: []string{organization},
 		},
 		SubjectKeyId:          keyID,
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
 		BasicConstraintsValid: true,
 		NotBefore:             time.Now().Add(-validity),
 		NotAfter:              time.Now().Add(validity),
 		DNSNames:              []string{name},
 		IsCA:                  true,
 	}
 	raw, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, pub, privateKey)
 	if err != nil {
 		return nil, nil, err
 	}
 	x509c, err := x509.ParseCertificate(raw)
 	if err != nil {
 		return nil, nil, err
 	}
 	return x509c, privateKey, nil
 }
 func NewConfig(ca *x509.Certificate, caPrivateKey *rsa.PrivateKey) (*Config, error) {
 	roots := x509.NewCertPool()
 	roots.AddCert(ca)
 	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {
 		return nil, err
 	}
 	pub := privateKey.Public()
 	pkixPub, err := x509.MarshalPKIXPublicKey(pub)
 	if err != nil {
 		return nil, err
 	}
 	h := sha1.New()
 	_, err = h.Write(pkixPub)
 	if err != nil {
 		return nil, err
 	}
 	keyID := h.Sum(nil)
 	return &Config{
 		ca:           ca,
 		caPrivateKey: caPrivateKey,
 		privateKey:   privateKey,
 		keyID:        keyID,
 		validity:     time.Hour,
 		organization: "Clash",
 		certsStorage: NewDomainTrieCertsStorage(),
 		roots:        roots,
 	}, nil
 }
 func (c *Config) GetCA() *x509.Certificate {
 	return c.ca
 }
 func (c *Config) SetOrganization(organization string) {
 	c.organization = organization
 }
 func (c *Config) SetValidity(validity time.Duration) {
 	c.validity = validity
 }
 func (c *Config) NewTLSConfigForHost(hostname string) *tls.Config {
 	tlsConfig := &tls.Config{
 		GetCertificate: func(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
 			host := clientHello.ServerName
 			if host == "" {
 				host = hostname
 			}
 			return c.GetOrCreateCert(host)
 		},
 		NextProtos: []string{"http/1.1"},
 	}
 	tlsConfig.InsecureSkipVerify = true
 	return tlsConfig
 }
 func (c *Config) GetOrCreateCert(hostname string, ips ...net.IP) (*tls.Certificate, error) {
 	var leaf *x509.Certificate
 	tlsCertificate, ok := c.certsStorage.Get(hostname)
 	if ok {
 		leaf = tlsCertificate.Leaf
 		if _, err := leaf.Verify(x509.VerifyOptions{
 			DNSName: hostname,
 			Roots:   c.roots,
 		}); err == nil {
 			return tlsCertificate, nil
 		}
 	}
 	var (
 		key          = hostname
 		topHost      = hostname
 		wildcardHost = "*." + hostname
 		dnsNames     []string
 	)
 	if ip := net.ParseIP(hostname); ip != nil {
 		ips = append(ips, ip)
 	} else {
 		parts := strings.Split(hostname, ".")
 		l := len(parts)
 		if leaf != nil {
 			dnsNames = append(dnsNames, leaf.DNSNames...)
 		}
 		if l > 2 {
 			topIndex := l - 2
 			topHost = strings.Join(parts[topIndex:], ".")
 			for i := topIndex; i > 0; i-- {
 				wildcardHost = "*." + strings.Join(parts[i:], ".")
 				if i == topIndex && (len(dnsNames) == 0 || dnsNames[0] != topHost) {
 					dnsNames = append(dnsNames, topHost, wildcardHost)
 				} else if !hasDnsNames(dnsNames, wildcardHost) {
 					dnsNames = append(dnsNames, wildcardHost)
 				}
 			}
 		} else {
 			dnsNames = append(dnsNames, topHost, wildcardHost)
 		}
 		key = "+." + topHost
 	}
 	serial := atomic.AddInt64(&currentSerialNumber, 1)
 	tmpl := &x509.Certificate{
 		SerialNumber: big.NewInt(serial),
 		Subject: pkix.Name{
 			CommonName:   topHost,
 			Organization: []string{c.organization},
 		},
 		SubjectKeyId:          c.keyID,
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
 		BasicConstraintsValid: true,
 		NotBefore:             time.Now().Add(-c.validity),
 		NotAfter:              time.Now().Add(c.validity),
 		DNSNames:              dnsNames,
 		IPAddresses:           ips,
 	}
 	raw, err := x509.CreateCertificate(rand.Reader, tmpl, c.ca, c.privateKey.Public(), c.caPrivateKey)
 	if err != nil {
 		return nil, err
 	}
 	x509c, err := x509.ParseCertificate(raw)
 	if err != nil {
 		return nil, err
 	}
 	tlsCertificate = &tls.Certificate{
 		Certificate: [][]byte{raw, c.ca.Raw},
 		PrivateKey:  c.privateKey,
 		Leaf:        x509c,
 	}
 	c.certsStorage.Set(key, tlsCertificate)
 	return tlsCertificate, nil
 }
 // GenerateAndSave generate CA private key and CA certificate and dump them to file
 func GenerateAndSave(caPath string, caKeyPath string) error {
 	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {
 		return err
 	}
 	tmpl := &x509.Certificate{
 		SerialNumber: big.NewInt(time.Now().Unix()),
 		Subject: pkix.Name{
 			Country:      []string{"US"},
 			CommonName:   "Clash Root CA",
 			Organization: []string{"Clash Trust Services"},
 		},
 		KeyUsage:              x509.KeyUsageCertSign | x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
 		NotBefore:             time.Now().Add(-(time.Hour * 24 * 60)),
 		NotAfter:              time.Now().Add(time.Hour * 24 * 365 * 25),
 		BasicConstraintsValid: true,
 		IsCA:                  true,
 	}
 	caRaw, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, privateKey.Public(), privateKey)
 	if err != nil {
 		return err
 	}
 	caOut, err := os.OpenFile(caPath, os.O_CREATE|os.O_WRONLY, 0o600)
 	if err != nil {
 		return err
 	}
 	defer func(caOut *os.File) {
 		_ = caOut.Close()
 	}(caOut)
 	if err = pem.Encode(caOut, &pem.Block{Type: "CERTIFICATE", Bytes: caRaw}); err != nil {
 		return err
 	}
 	caKeyOut, err := os.OpenFile(caKeyPath, os.O_CREATE|os.O_WRONLY, 0o600)
 	if err != nil {
 		return err
 	}
 	defer func(caKeyOut *os.File) {
 		_ = caKeyOut.Close()
 	}(caKeyOut)
 	if err = pem.Encode(caKeyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)}); err != nil {
 		return err
 	}
 	return nil
 }
 func hasDnsNames(dnsNames []string, hostname string) bool {
 	for _, name := range dnsNames {
 		if name == hostname {
 			return true
 		}
 	}
 	return false
 }
--- a/common/cert/cert_test.go
+++ b/common/cert/cert_test.go
@ -0,0 +1,104 @@
 package cert
 import (
 	"crypto/tls"
 	"crypto/x509"
 	"net"
 	"os"
 	"testing"
 	"time"
 	"github.com/stretchr/testify/assert"
 )
 func TestCert(t *testing.T) {
 	ca, privateKey, err := NewAuthority("Clash ca", "Clash", 24*time.Hour)
 	assert.Nil(t, err)
 	assert.NotNil(t, ca)
 	assert.NotNil(t, privateKey)
 	c, err := NewConfig(ca, privateKey)
 	assert.Nil(t, err)
 	c.SetValidity(20 * time.Hour)
 	c.SetOrganization("Test Organization")
 	conf := c.NewTLSConfigForHost("example.org")
 	assert.Equal(t, []string{"http/1.1"}, conf.NextProtos)
 	assert.True(t, conf.InsecureSkipVerify)
 	// Test generating a certificate
 	clientHello := &tls.ClientHelloInfo{
 		ServerName: "example.org",
 	}
 	tlsCert, err := conf.GetCertificate(clientHello)
 	assert.Nil(t, err)
 	assert.NotNil(t, tlsCert)
 	// Assert certificate details
 	x509c := tlsCert.Leaf
 	assert.Equal(t, "example.org", x509c.Subject.CommonName)
 	assert.Nil(t, x509c.VerifyHostname("example.org"))
 	assert.Nil(t, x509c.VerifyHostname("abc.example.org"))
 	assert.Equal(t, []string{"Test Organization"}, x509c.Subject.Organization)
 	assert.NotNil(t, x509c.SubjectKeyId)
 	assert.True(t, x509c.BasicConstraintsValid)
 	assert.True(t, x509c.KeyUsage&x509.KeyUsageKeyEncipherment == x509.KeyUsageKeyEncipherment)
 	assert.True(t, x509c.KeyUsage&x509.KeyUsageDigitalSignature == x509.KeyUsageDigitalSignature)
 	assert.Equal(t, []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, x509c.ExtKeyUsage)
 	assert.Equal(t, []string{"example.org", "*.example.org"}, x509c.DNSNames)
 	assert.True(t, x509c.NotBefore.Before(time.Now().Add(-2*time.Hour)))
 	assert.True(t, x509c.NotAfter.After(time.Now().Add(2*time.Hour)))
 	// Check that certificate is cached
 	tlsCert2, err := c.GetOrCreateCert("abc.example.org")
 	assert.Nil(t, err)
 	assert.True(t, tlsCert == tlsCert2)
 	// Check that certificate is new
 	_, _ = c.GetOrCreateCert("a.b.c.d.e.f.g.h.i.j.example.org")
 	tlsCert3, err := c.GetOrCreateCert("m.k.l.example.org")
 	x509c = tlsCert3.Leaf
 	assert.Nil(t, err)
 	assert.False(t, tlsCert == tlsCert3)
 	assert.Equal(t, []string{"example.org", "*.example.org", "*.j.example.org", "*.i.j.example.org", "*.h.i.j.example.org", "*.g.h.i.j.example.org", "*.f.g.h.i.j.example.org", "*.e.f.g.h.i.j.example.org", "*.d.e.f.g.h.i.j.example.org", "*.c.d.e.f.g.h.i.j.example.org", "*.b.c.d.e.f.g.h.i.j.example.org", "*.l.example.org", "*.k.l.example.org"}, x509c.DNSNames)
 	// Check that certificate is cached
 	tlsCert4, err := c.GetOrCreateCert("xyz.example.org")
 	x509c = tlsCert4.Leaf
 	assert.Nil(t, err)
 	assert.True(t, tlsCert3 == tlsCert4)
 	assert.Nil(t, x509c.VerifyHostname("example.org"))
 	assert.Nil(t, x509c.VerifyHostname("jkf.example.org"))
 	assert.Nil(t, x509c.VerifyHostname("n.j.example.org"))
 	assert.Nil(t, x509c.VerifyHostname("c.i.j.example.org"))
 	assert.Nil(t, x509c.VerifyHostname("m.l.example.org"))
 	assert.Error(t, x509c.VerifyHostname("m.l.jkf.example.org"))
 	// Check the certificate for an IP
 	tlsCertForIP, err := c.GetOrCreateCert("192.168.0.1")
 	x509c = tlsCertForIP.Leaf
 	assert.Nil(t, err)
 	assert.Equal(t, 1, len(x509c.IPAddresses))
 	assert.True(t, net.ParseIP("192.168.0.1").Equal(x509c.IPAddresses[0]))
 	// Check that certificate is cached
 	tlsCertForIP2, err := c.GetOrCreateCert("192.168.0.1")
 	x509c = tlsCertForIP2.Leaf
 	assert.Nil(t, err)
 	assert.True(t, tlsCertForIP == tlsCertForIP2)
 	assert.Nil(t, x509c.VerifyHostname("192.168.0.1"))
 }
 func TestGenerateAndSave(t *testing.T) {
 	caPath := "ca.crt"
 	caKeyPath := "ca.key"
 	err := GenerateAndSave(caPath, caKeyPath)
 	assert.Nil(t, err)
 	_ = os.Remove(caPath)
 	_ = os.Remove(caKeyPath)
 }
--- a/common/cert/storage.go
+++ b/common/cert/storage.go
@ -0,0 +1,32 @@
 package cert
 import (
 	"crypto/tls"
 	"github.com/Dreamacro/clash/component/trie"
 )
 // DomainTrieCertsStorage cache wildcard certificates
 type DomainTrieCertsStorage struct {
 	certsCache *trie.DomainTrie[*tls.Certificate]
 }
 // Get gets the certificate from the storage
 func (c *DomainTrieCertsStorage) Get(key string) (*tls.Certificate, bool) {
 	ca := c.certsCache.Search(key)
 	if ca == nil {
 		return nil, false
 	}
 	return ca.Data, true
 }
 // Set saves the certificate to the storage
 func (c *DomainTrieCertsStorage) Set(key string, cert *tls.Certificate) {
 	_ = c.certsCache.Insert(key, cert)
 }
 func NewDomainTrieCertsStorage() *DomainTrieCertsStorage {
 	return &DomainTrieCertsStorage{
 		certsCache: trie.New[*tls.Certificate](),
 	}
 }
--- a/common/cmd/cmd.go
+++ b/common/cmd/cmd.go
@ -0,0 +1,35 @@
 package cmd
 import (
 	"fmt"
 	"os/exec"
 	"strings"
 )
 func ExecCmd(cmdStr string) (string, error) {
 	args := splitArgs(cmdStr)
 	var cmd *exec.Cmd
 	if len(args) == 1 {
 		cmd = exec.Command(args[0])
 	} else {
 		cmd = exec.Command(args[0], args[1:]...)
 	}
 	out, err := cmd.CombinedOutput()
 	if err != nil {
 		return "", fmt.Errorf("%v, %s", err, string(out))
 	}
 	return string(out), nil
 }
 func splitArgs(cmd string) []string {
 	args := strings.Split(cmd, " ")
 	// use in pipeline
 	if len(args) > 2 && strings.ContainsAny(cmd, "|") {
 		suffix := strings.Join(args[2:], " ")
 		args = append(args[:2], suffix)
 	}
 	return args
 }
--- a/common/cmd/cmd_test.go
+++ b/common/cmd/cmd_test.go
@ -0,0 +1,40 @@
 package cmd
 import (
 	"runtime"
 	"testing"
 	"github.com/stretchr/testify/assert"
 )
 func TestSplitArgs(t *testing.T) {
 	args := splitArgs("ls")
 	args1 := splitArgs("ls -la")
 	args2 := splitArgs("bash -c ls")
 	args3 := splitArgs("bash -c ls -lahF | grep 'cmd'")
 	assert.Equal(t, 1, len(args))
 	assert.Equal(t, 2, len(args1))
 	assert.Equal(t, 3, len(args2))
 	assert.Equal(t, 3, len(args3))
 }
 func TestExecCmd(t *testing.T) {
 	if runtime.GOOS == "windows" {
 		_, err := ExecCmd("dir")
 		assert.Nil(t, err)
 		return
 	}
 	_, err := ExecCmd("ls")
 	_, err1 := ExecCmd("ls -la")
 	_, err2 := ExecCmd("bash -c ls")
 	_, err3 := ExecCmd("bash -c ls -la")
 	_, err4 := ExecCmd("bash -c ls -la | grep 'cmd'")
 	assert.Nil(t, err)
 	assert.Nil(t, err1)
 	assert.Nil(t, err2)
 	assert.Nil(t, err3)
 	assert.Nil(t, err4)
 }
--- a/common/generics/list/list.go
+++ b/common/generics/list/list.go
@ -0,0 +1,235 @@
 // Copyright 2009 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // Package list implements a doubly linked list.
 //
 // To iterate over a list (where l is a *List):
 //	for e := l.Front(); e != nil; e = e.Next() {
 //		// do something with e.Value
 //	}
 //
 package list
 // Element is an element of a linked list.
 type Element[T any] struct {
 	// Next and previous pointers in the doubly-linked list of elements.
 	// To simplify the implementation, internally a list l is implemented
 	// as a ring, such that &l.root is both the next element of the last
 	// list element (l.Back()) and the previous element of the first list
 	// element (l.Front()).
 	next, prev *Element[T]
 	// The list to which this element belongs.
 	list *List[T]
 	// The value stored with this element.
 	Value T
 }
 // Next returns the next list element or nil.
 func (e *Element[T]) Next() *Element[T] {
 	if p := e.next; e.list != nil && p != &e.list.root {
 		return p
 	}
 	return nil
 }
 // Prev returns the previous list element or nil.
 func (e *Element[T]) Prev() *Element[T] {
 	if p := e.prev; e.list != nil && p != &e.list.root {
 		return p
 	}
 	return nil
 }
 // List represents a doubly linked list.
 // The zero value for List is an empty list ready to use.
 type List[T any] struct {
 	root Element[T] // sentinel list element, only &root, root.prev, and root.next are used
 	len  int        // current list length excluding (this) sentinel element
 }
 // Init initializes or clears list l.
 func (l *List[T]) Init() *List[T] {
 	l.root.next = &l.root
 	l.root.prev = &l.root
 	l.len = 0
 	return l
 }
 // New returns an initialized list.
 func New[T any]() *List[T] { return new(List[T]).Init() }
 // Len returns the number of elements of list l.
 // The complexity is O(1).
 func (l *List[T]) Len() int { return l.len }
 // Front returns the first element of list l or nil if the list is empty.
 func (l *List[T]) Front() *Element[T] {
 	if l.len == 0 {
 		return nil
 	}
 	return l.root.next
 }
 // Back returns the last element of list l or nil if the list is empty.
 func (l *List[T]) Back() *Element[T] {
 	if l.len == 0 {
 		return nil
 	}
 	return l.root.prev
 }
 // lazyInit lazily initializes a zero List value.
 func (l *List[T]) lazyInit() {
 	if l.root.next == nil {
 		l.Init()
 	}
 }
 // insert inserts e after at, increments l.len, and returns e.
 func (l *List[T]) insert(e, at *Element[T]) *Element[T] {
 	e.prev = at
 	e.next = at.next
 	e.prev.next = e
 	e.next.prev = e
 	e.list = l
 	l.len++
 	return e
 }
 // insertValue is a convenience wrapper for insert(&Element{Value: v}, at).
 func (l *List[T]) insertValue(v T, at *Element[T]) *Element[T] {
 	return l.insert(&Element[T]{Value: v}, at)
 }
 // remove removes e from its list, decrements l.len
 func (l *List[T]) remove(e *Element[T]) {
 	e.prev.next = e.next
 	e.next.prev = e.prev
 	e.next = nil // avoid memory leaks
 	e.prev = nil // avoid memory leaks
 	e.list = nil
 	l.len--
 }
 // move moves e to next to at.
 func (l *List[T]) move(e, at *Element[T]) {
 	if e == at {
 		return
 	}
 	e.prev.next = e.next
 	e.next.prev = e.prev
 	e.prev = at
 	e.next = at.next
 	e.prev.next = e
 	e.next.prev = e
 }
 // Remove removes e from l if e is an element of list l.
 // It returns the element value e.Value.
 // The element must not be nil.
 func (l *List[T]) Remove(e *Element[T]) T {
 	if e.list == l {
 		// if e.list == l, l must have been initialized when e was inserted
 		// in l or l == nil (e is a zero Element) and l.remove will crash
 		l.remove(e)
 	}
 	return e.Value
 }
 // PushFront inserts a new element e with value v at the front of list l and returns e.
 func (l *List[T]) PushFront(v T) *Element[T] {
 	l.lazyInit()
 	return l.insertValue(v, &l.root)
 }
 // PushBack inserts a new element e with value v at the back of list l and returns e.
 func (l *List[T]) PushBack(v T) *Element[T] {
 	l.lazyInit()
 	return l.insertValue(v, l.root.prev)
 }
 // InsertBefore inserts a new element e with value v immediately before mark and returns e.
 // If mark is not an element of l, the list is not modified.
 // The mark must not be nil.
 func (l *List[T]) InsertBefore(v T, mark *Element[T]) *Element[T] {
 	if mark.list != l {
 		return nil
 	}
 	// see comment in List.Remove about initialization of l
 	return l.insertValue(v, mark.prev)
 }
 // InsertAfter inserts a new element e with value v immediately after mark and returns e.
 // If mark is not an element of l, the list is not modified.
 // The mark must not be nil.
 func (l *List[T]) InsertAfter(v T, mark *Element[T]) *Element[T] {
 	if mark.list != l {
 		return nil
 	}
 	// see comment in List.Remove about initialization of l
 	return l.insertValue(v, mark)
 }
 // MoveToFront moves element e to the front of list l.
 // If e is not an element of l, the list is not modified.
 // The element must not be nil.
 func (l *List[T]) MoveToFront(e *Element[T]) {
 	if e.list != l || l.root.next == e {
 		return
 	}
 	// see comment in List.Remove about initialization of l
 	l.move(e, &l.root)
 }
 // MoveToBack moves element e to the back of list l.
 // If e is not an element of l, the list is not modified.
 // The element must not be nil.
 func (l *List[T]) MoveToBack(e *Element[T]) {
 	if e.list != l || l.root.prev == e {
 		return
 	}
 	// see comment in List.Remove about initialization of l
 	l.move(e, l.root.prev)
 }
 // MoveBefore moves element e to its new position before mark.
 // If e or mark is not an element of l, or e == mark, the list is not modified.
 // The element and mark must not be nil.
 func (l *List[T]) MoveBefore(e, mark *Element[T]) {
 	if e.list != l || e == mark || mark.list != l {
 		return
 	}
 	l.move(e, mark.prev)
 }
 // MoveAfter moves element e to its new position after mark.
 // If e or mark is not an element of l, or e == mark, the list is not modified.
 // The element and mark must not be nil.
 func (l *List[T]) MoveAfter(e, mark *Element[T]) {
 	if e.list != l || e == mark || mark.list != l {
 		return
 	}
 	l.move(e, mark)
 }
 // PushBackList inserts a copy of another list at the back of list l.
 // The lists l and other may be the same. They must not be nil.
 func (l *List[T]) PushBackList(other *List[T]) {
 	l.lazyInit()
 	for i, e := other.Len(), other.Front(); i > 0; i, e = i-1, e.Next() {
 		l.insertValue(e.Value, l.root.prev)
 	}
 }
 // PushFrontList inserts a copy of another list at the front of list l.
 // The lists l and other may be the same. They must not be nil.
 func (l *List[T]) PushFrontList(other *List[T]) {
 	l.lazyInit()
 	for i, e := other.Len(), other.Back(); i > 0; i, e = i-1, e.Prev() {
 		l.insertValue(e.Value, &l.root)
 	}
 }
--- a/common/murmur3/murmur32.go
+++ b/common/murmur3/murmur32.go
@ -67,7 +67,6 @@ func (d *digest32) bmix(p []byte) (tail []byte) {
 }
 func (d *digest32) Sum32() (h1 uint32) {
 	h1 = d.h1
 	var k1 uint32
--- a/common/net/bufconn.go
+++ b/common/net/bufconn.go
@ -0,0 +1,44 @@
 package net
 import (
 	"bufio"
 	"net"
 )
 type BufferedConn struct {
 	r *bufio.Reader
 	net.Conn
 }
 func NewBufferedConn(c net.Conn) *BufferedConn {
 	if bc, ok := c.(*BufferedConn); ok {
 		return bc
 	}
 	return &BufferedConn{bufio.NewReader(c), c}
 }
 // Reader returns the internal bufio.Reader.
 func (c *BufferedConn) Reader() *bufio.Reader {
 	return c.r
 }
 // Peek returns the next n bytes without advancing the reader.
 func (c *BufferedConn) Peek(n int) ([]byte, error) {
 	return c.r.Peek(n)
 }
 func (c *BufferedConn) Read(p []byte) (int, error) {
 	return c.r.Read(p)
 }
 func (c *BufferedConn) ReadByte() (byte, error) {
 	return c.r.ReadByte()
 }
 func (c *BufferedConn) UnreadByte() error {
 	return c.r.UnreadByte()
 }
 func (c *BufferedConn) Buffered() int {
 	return c.r.Buffered()
 }
--- a/common/net/io.go
+++ b/common/net/io.go
@ -0,0 +1,11 @@
 package net
 import "io"
 type ReadOnlyReader struct {
 	io.Reader
 }
 type WriteOnlyWriter struct {
 	io.Writer
 }
--- a/common/net/relay.go
+++ b/common/net/relay.go
@ -0,0 +1,39 @@
 package net
 import (
 	"io"
 	"net"
 	"time"
 	"github.com/Dreamacro/clash/common/pool"
 )
 // Relay copies between left and right bidirectionally.
 func Relay(leftConn, rightConn net.Conn) {
 	ch := make(chan error)
 	tcpKeepAlive(leftConn)
 	tcpKeepAlive(rightConn)
 	go func() {
 		buf := pool.Get(pool.RelayBufferSize)
 		// Wrapping to avoid using *net.TCPConn.(ReadFrom)
 		// See also https://github.com/Dreamacro/clash/pull/1209
 		_, err := io.CopyBuffer(WriteOnlyWriter{Writer: leftConn}, ReadOnlyReader{Reader: rightConn}, buf)
 		_ = pool.Put(buf)
 		_ = leftConn.SetReadDeadline(time.Now())
 		ch <- err
 	}()
 	buf := pool.Get(pool.RelayBufferSize)
 	_, _ = io.CopyBuffer(WriteOnlyWriter{Writer: rightConn}, ReadOnlyReader{Reader: leftConn}, buf)
 	_ = pool.Put(buf)
 	_ = rightConn.SetReadDeadline(time.Now())
 	<-ch
 }
 func tcpKeepAlive(c net.Conn) {
 	if tcp, ok := c.(*net.TCPConn); ok {
 		_ = tcp.SetKeepAlive(true)
 	}
 }
--- a/common/nnip/netip.go
+++ b/common/nnip/netip.go
@ -0,0 +1,53 @@
 package nnip
 import (
 	"encoding/binary"
 	"net"
 	"net/netip"
 )
 // IpToAddr converts the net.IP to netip.Addr.
 // If slice's length is not 4 or 16, IpToAddr returns netip.Addr{}
 func IpToAddr(slice net.IP) netip.Addr {
 	ip := slice
 	if len(ip) != 4 {
 		if ip = slice.To4(); ip == nil {
 			ip = slice
 		}
 	}
 	if addr, ok := netip.AddrFromSlice(ip); ok {
 		return addr
 	}
 	return netip.Addr{}
 }
 // UnMasked returns p's last IP address.
 // If p is invalid, UnMasked returns netip.Addr{}
 func UnMasked(p netip.Prefix) netip.Addr {
 	if !p.IsValid() {
 		return netip.Addr{}
 	}
 	buf := p.Addr().As16()
 	hi := binary.BigEndian.Uint64(buf[:8])
 	lo := binary.BigEndian.Uint64(buf[8:])
 	bits := p.Bits()
 	if bits <= 32 {
 		bits += 96
 	}
 	hi = hi | ^uint64(0)>>bits
 	lo = lo | ^(^uint64(0) << (128 - bits))
 	binary.BigEndian.PutUint64(buf[:8], hi)
 	binary.BigEndian.PutUint64(buf[8:], lo)
 	addr := netip.AddrFrom16(buf)
 	if p.Addr().Is4() {
 		return addr.Unmap()
 	}
 	return addr
 }
--- a/common/observable/iterable.go
+++ b/common/observable/iterable.go
@ -1,3 +1,3 @@
 package observable
-type Iterable <-chan interface{}
+type Iterable[T any] <-chan T
--- a/common/observable/observable.go
+++ b/common/observable/observable.go
@ -5,14 +5,14 @@ import (
 	"sync"
 )
-type Observable struct {
+type Observable[T any] struct {
-	iterable Iterable
+	iterable Iterable[T]
-	listener map[Subscription]*Subscriber
+	listener map[Subscription[T]]*Subscriber[T]
 	mux      sync.Mutex
 	done     bool
 }
-func (o *Observable) process() {
+func (o *Observable[T]) process() {
 	for item := range o.iterable {
 		o.mux.Lock()
 		for _, sub := range o.listener {
@ -23,7 +23,7 @@ func (o *Observable) process() {
 	o.close()
 }
-func (o *Observable) close() {
+func (o *Observable[T]) close() {
 	o.mux.Lock()
 	defer o.mux.Unlock()
@ -33,18 +33,18 @@ func (o *Observable) close() {
 	}
 }
-func (o *Observable) Subscribe() (Subscription, error) {
+func (o *Observable[T]) Subscribe() (Subscription[T], error) {
 	o.mux.Lock()
 	defer o.mux.Unlock()
 	if o.done {
-		return nil, errors.New("Observable is closed")
+		return nil, errors.New("observable is closed")
 	}
-	subscriber := newSubscriber()
+	subscriber := newSubscriber[T]()
 	o.listener[subscriber.Out()] = subscriber
 	return subscriber.Out(), nil
 }
-func (o *Observable) UnSubscribe(sub Subscription) {
+func (o *Observable[T]) UnSubscribe(sub Subscription[T]) {
 	o.mux.Lock()
 	defer o.mux.Unlock()
 	subscriber, exist := o.listener[sub]
@ -55,10 +55,10 @@ func (o *Observable) UnSubscribe(sub Subscription) {
 	subscriber.Close()
 }
-func NewObservable(any Iterable) *Observable {
+func NewObservable[T any](iter Iterable[T]) *Observable[T] {
-	observable := &Observable{
+	observable := &Observable[T]{
-		iterable: any,
+		iterable: iter,
-		listener: map[Subscription]*Subscriber{},
+		listener: map[Subscription[T]]*Subscriber[T]{},
 	}
 	go observable.process()
 	return observable
--- a/common/observable/observable_test.go
+++ b/common/observable/observable_test.go
@ -1,16 +1,16 @@
 package observable
 import (
 	"runtime"
 	"sync"
 	"testing"
 	"time"
 	"github.com/stretchr/testify/assert"
 	"go.uber.org/atomic"
 )
-func iterator(item []interface{}) chan interface{} {
+func iterator[T any](item []T) chan T {
-	ch := make(chan interface{})
+	ch := make(chan T)
 	go func() {
 		time.Sleep(100 * time.Millisecond)
 		for _, elm := range item {
@ -22,8 +22,8 @@ func iterator(item []interface{}) chan interface{} {
 }
 func TestObservable(t *testing.T) {
-	iter := iterator([]interface{}{1, 2, 3, 4, 5})
+	iter := iterator[int]([]int{1, 2, 3, 4, 5})
-	src := NewObservable(iter)
+	src := NewObservable[int](iter)
 	data, err := src.Subscribe()
 	assert.Nil(t, err)
 	count := 0
@ -33,30 +33,30 @@ func TestObservable(t *testing.T) {
 	assert.Equal(t, count, 5)
 }
-func TestObservable_MutilSubscribe(t *testing.T) {
+func TestObservable_MultiSubscribe(t *testing.T) {
-	iter := iterator([]interface{}{1, 2, 3, 4, 5})
+	iter := iterator[int]([]int{1, 2, 3, 4, 5})
-	src := NewObservable(iter)
+	src := NewObservable[int](iter)
 	ch1, _ := src.Subscribe()
 	ch2, _ := src.Subscribe()
-	count := 0
+	count := atomic.NewInt32(0)
 	var wg sync.WaitGroup
 	wg.Add(2)
-	waitCh := func(ch <-chan interface{}) {
+	waitCh := func(ch <-chan int) {
 		for range ch {
-			count++
+			count.Inc()
 		}
 		wg.Done()
 	}
 	go waitCh(ch1)
 	go waitCh(ch2)
 	wg.Wait()
-	assert.Equal(t, count, 10)
+	assert.Equal(t, int32(10), count.Load())
 }
 func TestObservable_UnSubscribe(t *testing.T) {
-	iter := iterator([]interface{}{1, 2, 3, 4, 5})
+	iter := iterator[int]([]int{1, 2, 3, 4, 5})
-	src := NewObservable(iter)
+	src := NewObservable[int](iter)
 	data, err := src.Subscribe()
 	assert.Nil(t, err)
 	src.UnSubscribe(data)
@ -65,8 +65,8 @@ func TestObservable_UnSubscribe(t *testing.T) {
 }
 func TestObservable_SubscribeClosedSource(t *testing.T) {
-	iter := iterator([]interface{}{1})
+	iter := iterator[int]([]int{1})
-	src := NewObservable(iter)
+	src := NewObservable[int](iter)
 	data, _ := src.Subscribe()
 	<-data
@ -75,21 +75,18 @@ func TestObservable_SubscribeClosedSource(t *testing.T) {
 }
 func TestObservable_UnSubscribeWithNotExistSubscription(t *testing.T) {
-	sub := Subscription(make(chan interface{}))
+	sub := Subscription[int](make(chan int))
-	iter := iterator([]interface{}{1})
+	iter := iterator[int]([]int{1})
-	src := NewObservable(iter)
+	src := NewObservable[int](iter)
 	src.UnSubscribe(sub)
 }
 func TestObservable_SubscribeGoroutineLeak(t *testing.T) {
-	// waiting for other goroutine recycle
+	iter := iterator[int]([]int{1, 2, 3, 4, 5})
-	time.Sleep(120 * time.Millisecond)
+	src := NewObservable[int](iter)
 	init := runtime.NumGoroutine()
 	iter := iterator([]interface{}{1, 2, 3, 4, 5})
 	src := NewObservable(iter)
 	max := 100
-	var list []Subscription
+	var list []Subscription[int]
 	for i := 0; i < max; i++ {
 		ch, _ := src.Subscribe()
 		list = append(list, ch)
@ -97,7 +94,7 @@ func TestObservable_SubscribeGoroutineLeak(t *testing.T) {
 	var wg sync.WaitGroup
 	wg.Add(max)
-	waitCh := func(ch <-chan interface{}) {
+	waitCh := func(ch <-chan int) {
 		for range ch {
 		}
 		wg.Done()
@ -107,6 +104,43 @@ func TestObservable_SubscribeGoroutineLeak(t *testing.T) {
 		go waitCh(ch)
 	}
 	wg.Wait()
-	now := runtime.NumGoroutine()
+
-	assert.Equal(t, init, now)
+	for _, sub := range list {
 		_, more := <-sub
 		assert.False(t, more)
 	}
 	_, more := <-list[0]
 	assert.False(t, more)
 }
 func Benchmark_Observable_1000(b *testing.B) {
 	ch := make(chan int)
 	o := NewObservable[int](ch)
 	num := 1000
 	subs := []Subscription[int]{}
 	for i := 0; i < num; i++ {
 		sub, _ := o.Subscribe()
 		subs = append(subs, sub)
 	}
 	wg := sync.WaitGroup{}
 	wg.Add(num)
 	b.ResetTimer()
 	for _, sub := range subs {
 		go func(s Subscription[int]) {
 			for range s {
 			}
 			wg.Done()
 		}(sub)
 	}
 	for i := 0; i < b.N; i++ {
 		ch <- i
 	}
 	close(ch)
 	wg.Wait()
 }
--- a/common/observable/subscriber.go
+++ b/common/observable/subscriber.go
@ -2,34 +2,32 @@ package observable
 import (
 	"sync"
 	"gopkg.in/eapache/channels.v1"
 )
-type Subscription <-chan interface{}
+type Subscription[T any] <-chan T
-type Subscriber struct {
+type Subscriber[T any] struct {
-	buffer *channels.InfiniteChannel
+	buffer chan T
 	once   sync.Once
 }
-func (s *Subscriber) Emit(item interface{}) {
+func (s *Subscriber[T]) Emit(item T) {
-	s.buffer.In() <- item
+	s.buffer <- item
 }
-func (s *Subscriber) Out() Subscription {
+func (s *Subscriber[T]) Out() Subscription[T] {
-	return s.buffer.Out()
+	return s.buffer
 }
-func (s *Subscriber) Close() {
+func (s *Subscriber[T]) Close() {
 	s.once.Do(func() {
-		s.buffer.Close()
+		close(s.buffer)
 	})
 }
-func newSubscriber() *Subscriber {
+func newSubscriber[T any]() *Subscriber[T] {
-	sub := &Subscriber{
+	sub := &Subscriber[T]{
-		buffer: channels.NewInfiniteChannel(),
+		buffer: make(chan T, 200),
 	}
 	return sub
 }
--- a/common/picker/picker.go
+++ b/common/picker/picker.go
@ -9,7 +9,7 @@ import (
 // Picker provides synchronization, and Context cancelation
 // for groups of goroutines working on subtasks of a common task.
 // Inspired by errGroup
-type Picker struct {
+type Picker[T any] struct {
 	ctx    context.Context
 	cancel func()
@ -17,12 +17,12 @@ type Picker struct {
 	once    sync.Once
 	errOnce sync.Once
-	result  interface{}
+	result  T
 	err     error
 }
-func newPicker(ctx context.Context, cancel func()) *Picker {
+func newPicker[T any](ctx context.Context, cancel func()) *Picker[T] {
-	return &Picker{
+	return &Picker[T]{
 		ctx:    ctx,
 		cancel: cancel,
 	}
@ -30,20 +30,20 @@ func newPicker(ctx context.Context, cancel func()) *Picker {
 // WithContext returns a new Picker and an associated Context derived from ctx.
 // and cancel when first element return.
-func WithContext(ctx context.Context) (*Picker, context.Context) {
+func WithContext[T any](ctx context.Context) (*Picker[T], context.Context) {
 	ctx, cancel := context.WithCancel(ctx)
-	return newPicker(ctx, cancel), ctx
+	return newPicker[T](ctx, cancel), ctx
 }
 // WithTimeout returns a new Picker and an associated Context derived from ctx with timeout.
-func WithTimeout(ctx context.Context, timeout time.Duration) (*Picker, context.Context) {
+func WithTimeout[T any](ctx context.Context, timeout time.Duration) (*Picker[T], context.Context) {
 	ctx, cancel := context.WithTimeout(ctx, timeout)
-	return newPicker(ctx, cancel), ctx
+	return newPicker[T](ctx, cancel), ctx
 }
 // Wait blocks until all function calls from the Go method have returned,
 // then returns the first nil error result (if any) from them.
-func (p *Picker) Wait() interface{} {
+func (p *Picker[T]) Wait() T {
 	p.wg.Wait()
 	if p.cancel != nil {
 		p.cancel()
@ -52,13 +52,13 @@ func (p *Picker) Wait() interface{} {
 }
 // Error return the first error (if all success return nil)
-func (p *Picker) Error() error {
+func (p *Picker[T]) Error() error {
 	return p.err
 }
 // Go calls the given function in a new goroutine.
 // The first call to return a nil error cancels the group; its result will be returned by Wait.
-func (p *Picker) Go(f func() (interface{}, error)) {
+func (p *Picker[T]) Go(f func() (T, error)) {
 	p.wg.Add(1)
 	go func() {
--- a/common/picker/picker_test.go
+++ b/common/picker/picker_test.go
@ -8,33 +8,38 @@ import (
 	"github.com/stretchr/testify/assert"
 )
-func sleepAndSend(ctx context.Context, delay int, input interface{}) func() (interface{}, error) {
+func sleepAndSend[T any](ctx context.Context, delay int, input T) func() (T, error) {
-	return func() (interface{}, error) {
+	return func() (T, error) {
 		timer := time.NewTimer(time.Millisecond * time.Duration(delay))
 		select {
 		case <-timer.C:
 			return input, nil
 		case <-ctx.Done():
-			return nil, ctx.Err()
+			return getZero[T](), ctx.Err()
 		}
 	}
 }
 func TestPicker_Basic(t *testing.T) {
-	picker, ctx := WithContext(context.Background())
+	picker, ctx := WithContext[int](context.Background())
 	picker.Go(sleepAndSend(ctx, 30, 2))
 	picker.Go(sleepAndSend(ctx, 20, 1))
 	number := picker.Wait()
 	assert.NotNil(t, number)
-	assert.Equal(t, number.(int), 1)
+	assert.Equal(t, number, 1)
 }
 func TestPicker_Timeout(t *testing.T) {
-	picker, ctx := WithTimeout(context.Background(), time.Millisecond*5)
+	picker, ctx := WithTimeout[int](context.Background(), time.Millisecond*5)
 	picker.Go(sleepAndSend(ctx, 20, 1))
 	number := picker.Wait()
-	assert.Nil(t, number)
+	assert.Equal(t, number, getZero[int]())
 	assert.NotNil(t, picker.Error())
 }
 func getZero[T any]() T {
 	var result T
 	return result
 }
--- a/common/pool/alloc.go
+++ b/common/pool/alloc.go
@ -8,11 +8,7 @@ import (
 	"sync"
 )
-var defaultAllocator *Allocator
+var defaultAllocator = NewAllocator()
 func init() {
 	defaultAllocator = NewAllocator()
 }
 // Allocator for incoming frames, optimized to prevent overwriting after zeroing
 type Allocator struct {
@ -27,7 +23,7 @@ func NewAllocator() *Allocator {
 	alloc.buffers = make([]sync.Pool, 17) // 1B -> 64K
 	for k := range alloc.buffers {
 		i := k
-		alloc.buffers[k].New = func() interface{} {
+		alloc.buffers[k].New = func() any {
 			return make([]byte, 1<<uint32(i))
 		}
 	}
@ -55,11 +51,14 @@ func (alloc *Allocator) Put(buf []byte) error {
 	if cap(buf) == 0 || cap(buf) > 65536 || cap(buf) != 1<<bits {
 		return errors.New("allocator Put() incorrect buffer size")
 	}
 	//lint:ignore SA6002 ignore temporarily
 	//nolint
 	alloc.buffers[bits].Put(buf)
 	return nil
 }
-// msb return the pos of most significiant bit
+// msb return the pos of most significant bit
 func msb(size int) uint16 {
 	return uint16(bits.Len32(uint32(size)) - 1)
 }
--- a/common/pool/alloc_test.go
+++ b/common/pool/alloc_test.go
@ -25,11 +25,11 @@ func TestAllocGet(t *testing.T) {
 func TestAllocPut(t *testing.T) {
 	alloc := NewAllocator()
 	assert.NotNil(t, alloc.Put(nil), "put nil misbehavior")
-	assert.NotNil(t, alloc.Put(make([]byte, 3, 3)), "put elem:3 []bytes misbehavior")
+	assert.NotNil(t, alloc.Put(make([]byte, 3)), "put elem:3 []bytes misbehavior")
-	assert.Nil(t, alloc.Put(make([]byte, 4, 4)), "put elem:4 []bytes misbehavior")
+	assert.Nil(t, alloc.Put(make([]byte, 4)), "put elem:4 []bytes misbehavior")
 	assert.Nil(t, alloc.Put(make([]byte, 1023, 1024)), "put elem:1024 []bytes misbehavior")
-	assert.Nil(t, alloc.Put(make([]byte, 65536, 65536)), "put elem:65536 []bytes misbehavior")
+	assert.Nil(t, alloc.Put(make([]byte, 65536)), "put elem:65536 []bytes misbehavior")
-	assert.NotNil(t, alloc.Put(make([]byte, 65537, 65537)), "put elem:65537 []bytes misbehavior")
+	assert.NotNil(t, alloc.Put(make([]byte, 65537)), "put elem:65537 []bytes misbehavior")
 }
 func TestAllocPutThenGet(t *testing.T) {
--- a/common/pool/buffer.go
+++ b/common/pool/buffer.go
@ -0,0 +1,17 @@
 package pool
 import (
 	"bytes"
 	"sync"
 )
 var bufferPool = sync.Pool{New: func() any { return &bytes.Buffer{} }}
 func GetBuffer() *bytes.Buffer {
 	return bufferPool.Get().(*bytes.Buffer)
 }
 func PutBuffer(buf *bytes.Buffer) {
 	buf.Reset()
 	bufferPool.Put(buf)
 }
--- a/common/pool/pool.go
+++ b/common/pool/pool.go
@ -5,6 +5,11 @@ const (
 	// but the maximum packet size of vmess/shadowsocks is about 16 KiB
 	// so define a buffer of 20 KiB to reduce the memory of each TCP relay
 	RelayBufferSize = 20 * 1024
 	// RelayBufferSize uses 20KiB, but due to the allocator it will actually
 	// request 32Kib. Most UDPs are smaller than the MTU, and the TUN's MTU
 	// set to 9000, so the UDP Buffer size set to 16Kib
 	UDPBufferSize = 16 * 1024
 )
 func Get(size int) []byte {
--- a/common/queue/queue.go
+++ b/common/queue/queue.go
@ -5,13 +5,13 @@ import (
 )
 // Queue is a simple concurrent safe queue
-type Queue struct {
+type Queue[T any] struct {
-	items []interface{}
+	items []T
 	lock  sync.RWMutex
 }
 // Put add the item to the queue.
-func (q *Queue) Put(items ...interface{}) {
+func (q *Queue[T]) Put(items ...T) {
 	if len(items) == 0 {
 		return
 	}
@ -22,9 +22,9 @@ func (q *Queue) Put(items ...interface{}) {
 }
 // Pop returns the head of items.
-func (q *Queue) Pop() interface{} {
+func (q *Queue[T]) Pop() T {
 	if len(q.items) == 0 {
-		return nil
+		return GetZero[T]()
 	}
 	q.lock.Lock()
@ -35,9 +35,9 @@ func (q *Queue) Pop() interface{} {
 }
 // Last returns the last of item.
-func (q *Queue) Last() interface{} {
+func (q *Queue[T]) Last() T {
 	if len(q.items) == 0 {
-		return nil
+		return GetZero[T]()
 	}
 	q.lock.RLock()
@ -47,8 +47,8 @@ func (q *Queue) Last() interface{} {
 }
 // Copy get the copy of queue.
-func (q *Queue) Copy() []interface{} {
+func (q *Queue[T]) Copy() []T {
-	items := []interface{}{}
+	items := []T{}
 	q.lock.RLock()
 	items = append(items, q.items...)
 	q.lock.RUnlock()
@ -56,7 +56,7 @@ func (q *Queue) Copy() []interface{} {
 }
 // Len returns the number of items in this queue.
-func (q *Queue) Len() int64 {
+func (q *Queue[T]) Len() int64 {
 	q.lock.Lock()
 	defer q.lock.Unlock()
@ -64,8 +64,13 @@ func (q *Queue) Len() int64 {
 }
 // New is a constructor for a new concurrent safe queue.
-func New(hint int64) *Queue {
+func New[T any](hint int64) *Queue[T] {
-	return &Queue{
+	return &Queue[T]{
-		items: make([]interface{}, 0, hint),
+		items: make([]T, 0, hint),
 	}
 }
 func GetZero[T any]() T {
 	var result T
 	return result
 }
--- a/common/singledo/singledo.go
+++ b/common/singledo/singledo.go
@ -5,26 +5,28 @@ import (
 	"time"
 )
-type call struct {
+type call[T any] struct {
 	wg  sync.WaitGroup
-	val interface{}
+	val T
 	err error
 }
-type Single struct {
+type Single[T any] struct {
 	mux    sync.Mutex
 	last   time.Time
 	wait   time.Duration
-	call   *call
+	call   *call[T]
-	result *Result
+	result *Result[T]
 }
-type Result struct {
+type Result[T any] struct {
-	Val interface{}
+	Val T
 	Err error
 }
-func (s *Single) Do(fn func() (interface{}, error)) (v interface{}, err error, shared bool) {
+// Do single.Do likes sync.singleFlight
 //lint:ignore ST1008 it likes sync.singleFlight
 func (s *Single[T]) Do(fn func() (T, error)) (v T, err error, shared bool) {
 	s.mux.Lock()
 	now := time.Now()
 	if now.Before(s.last.Add(s.wait)) {
@ -32,28 +34,31 @@ func (s *Single) Do(fn func() (interface{}, error)) (v interface{}, err error, s
 		return s.result.Val, s.result.Err, true
 	}
-	if call := s.call; call != nil {
+	if callM := s.call; callM != nil {
 		s.mux.Unlock()
-		call.wg.Wait()
+		callM.wg.Wait()
-		return call.val, call.err, true
+		return callM.val, callM.err, true
 	}
-	call := &call{}
+	callM := &call[T]{}
-	call.wg.Add(1)
+	callM.wg.Add(1)
-	s.call = call
+	s.call = callM
 	s.mux.Unlock()
-	call.val, call.err = fn()
+	callM.val, callM.err = fn()
-	call.wg.Done()
+	callM.wg.Done()
 	s.mux.Lock()
 	s.call = nil
-	s.result = &Result{call.val, call.err}
+	s.result = &Result[T]{callM.val, callM.err}
 	s.last = now
-	return call.val, call.err, false
+	s.mux.Unlock()
 	return callM.val, callM.err, false
 }
-func (s *Single) Reset() {
+func (s *Single[T]) Reset() {
 	s.last = time.Time{}
 }
-func NewSingle(wait time.Duration) *Single {
+func NewSingle[T any](wait time.Duration) *Single[T] {
-	return &Single{wait: wait}
+	return &Single[T]{wait: wait}
 }
--- a/Show More
+++ b/Show More
`@ -1,3 +1,3 @@`
	`package observable`	`package observable`

	`type Iterable <-chan interface{}`	`type Iterable[T any] <-chan T`