Fix: the priority of fake-ip-filter

Chore: make builds reproducible (#1006 )
Feature: http support custom sni
2020-10-09 00:04:24 +08:00 · 2020-10-08 17:54:38 +08:00 · 2020-10-02 11:34:40 +08:00 · 2020-09-28 22:17:10 +08:00 · 2020-09-26 20:36:52 +08:00 · 2020-09-26 20:33:57 +08:00
123 changed files with 5402 additions and 1140 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -7,48 +7,54 @@ assignees: ''
 ---
-<!-- The English version is available. -->
+<!--
 感谢你向 Clash Core 提交 issue！
 在提交之前，请确认：
 - [ ] 我已经在 [Issue Tracker](……/) 中找过我要提出的问题
 - [ ] 这是 Clash 核心的问题，并非我所使用的 Clash 衍生版本（如 Openclash、Koolclash 等）的特定问题
 - [ ] 我已经使用 Clash core 的 dev 分支版本测试过，问题依旧存在
 - [ ] 如果你可以自己 debug 并解决的话，提交 PR 吧！
 - [ ] 我已经在 [Issue Tracker](……/) 中找过我要提出的问题
 - [ ] 我已经使用 dev 分支版本测试过，问题依旧存在
 - [ ] 我已经仔细看过 [Documentation](https://github.com/Dreamacro/clash/wiki/) 并无法自行解决问题
 - [ ] 这是 Clash 核心的问题，并非我所使用的 Clash 衍生版本（如 OpenClash、KoolClash 等）的特定问题
 请注意，如果你并没有遵照这个 issue template 填写内容，我们将直接关闭这个 issue。
-<!--
+Thanks for opening an issue towards the Clash core!
 Thanks for submitting an issue towards the Clash core!
 But before so, please do the following checklist:
 - [ ] Is this something you can **debug and fix**? Send a pull request! Bug fixes and documentation fixes are welcome.
- [ ] Your issue may already be reported! Please search on the [issue tracker](……/) before creating one.
+- [ ] I have searched on the [issue tracker](……/) for a related issue.
 - [ ] I have tested using the dev branch, and the issue still exists.
- [ ] This is an issue related to the Clash core, not to the derivatives of Clash, like Openclash or Koolclash
+- [ ] I have read the [documentation](https://github.com/Dreamacro/clash/wiki/) and was unable to solve the issue
 - [ ] This is an issue of the Clash core *per se*, not to the derivatives of Clash, like OpenClash or KoolClash
-Please understand that we close issues that fail to follow the issue template.
+Please understand that we close issues that fail to follow this issue template.
 -->
 我都确认过了，我要继续提交。
 <!-- None of the above, create a bug report -->
 ------------------------------------------------------------------
 <!-- 
 请附上任何可以帮助我们解决这个问题的信息，如果我们收到的信息不足，我们将对这个 issue 加上 *Needs more information* 标记并在收到更多资讯之前关闭 issue。
-<!-- Make sure to add **all the information needed to understand the bug** so that someone can help. If the info is missing we'll add the 'Needs more information' label and close the issue until there is enough information. -->
+Make sure to add **all the information needed to understand the bug** so that someone can help. If the info is missing we'll add the 'Needs more information' label and close the issue until there is enough information.
 -->
-### clash core config
+### Clash config
 <!--
 在下方附上 Clash core 脱敏后配置文件的内容
 Paste the Clash core configuration below.
 -->
-```
+<details>
  <summary>config.yaml</summary>
 ```yaml
 ……
 ```
 </details>
 ### Clash log
 <!--
-在下方附上 Clash Core 的日志，log level 最好使用 DEBUG
+在下方附上 Clash Core 的日志，log level 使用 DEBUG
 Paste the Clash core log below with the log level set to `DEBUG`.
 -->
 ```
@ -57,9 +63,7 @@ Paste the Clash core log below with the log level set to `DEBUG`.
 ### 环境 Environment
-* Clash Core 的操作系统 (the OS that the Clash core is running on)
+* 操作系统 (the OS that the Clash core is running on)
 ……
 * 使用者的操作系统 (the OS running on the client)
 ……
 * 网路环境或拓扑 (network conditions/topology)
 ……
@ -67,7 +71,7 @@ Paste the Clash core log below with the log level set to `DEBUG`.
 ……
 * ISP 有没有进行 DNS 污染 (is your ISP performing DNS pollution?)
 ……
-* 其他
+* 其他 (any other information that would be useful)
 ……
 ### 说明 Description
@ -85,7 +89,7 @@ Paste the Clash core log below with the log level set to `DEBUG`.
 **我预期会发生……？**
 <!-- **Expected behavior:** [What you expected to happen] -->
-**实际上发生了什麽？**
+**实际上发生了什么？**
 <!-- **Actual behavior:** [What actually happened] -->
 ### 可能的解决方案 Possible Solution
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -0,0 +1,52 @@
 name: Publish Docker Image
 on:
  push:
    branches:
      - dev
    tags:
      - '*'
 jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - name: Check out code into the Go module directory
        uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - name: Set up docker buildx
        id: buildx
        uses: crazy-max/ghaction-docker-buildx@v3
        with:
          buildx-version: latest
          qemu-version: latest
      - name: Docker login
        env:
          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
        run: |
          echo "${DOCKER_PASSWORD}" | docker login --username "${DOCKER_USERNAME}" --password-stdin
      - name: Docker buildx image and push on dev branch
        if: github.ref == 'refs/heads/dev'
        run: |
          docker buildx build --output "type=image,push=true" --platform=linux/amd64,linux/arm/v7,linux/arm64 --tag dreamacro/clash:dev .
      - name: Replace tag without `v`
        if: startsWith(github.ref, 'refs/tags/')
        uses: actions/github-script@v3
        id: version
        with:
          script: |
            return context.payload.ref.replace(/\/?refs\/tags\/v/, '')
          result-encoding: string
      - name: Docker buildx image and push on release
        if: startsWith(github.ref, 'refs/tags/')
        run: |
          docker buildx build --output "type=image,push=true" --platform=linux/amd64,linux/arm/v7,linux/arm64 --tag dreamacro/clash:${{steps.version.outputs.result}} .
          docker buildx build --output "type=image,push=true" --platform=linux/amd64,linux/arm/v7,linux/arm64 --tag dreamacro/clash:latest .
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@ -7,24 +7,27 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Setup Go
-        uses: actions/setup-go@v1
+        uses: actions/setup-go@v2
        with:
-          go-version: 1.14.x
+          go-version: 1.15.x
      - name: Check out code into the Go module directory
-        uses: actions/checkout@v1
+        uses: actions/checkout@v2
-      
+
      - name: Cache go module
-        uses: actions/cache@v1
+        uses: actions/cache@v2
        with:
          path: ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-
-      - name: Get dependencies and run test
+      - name: Get dependencies, run test and static check
        run: |
          go test ./...
          go vet ./...
          go get -u honnef.co/go/tools/cmd/staticcheck
          staticcheck -- $(go list ./...)
      - name: Build
        if: startsWith(github.ref, 'refs/tags/')
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -0,0 +1,19 @@
 name: Mark stale issues and pull requests
 on:
  schedule:
    - cron: "30 1 * * *"
 jobs:
  stale:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/stale@v3
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          stale-issue-message: 'This issue is stale because it has been open 120 days with no activity. Remove stale label or comment or this will be closed in 5 days'
          days-before-stale: 120
          days-before-close: 5
--- a/5
+++ b/5
@ -3,10 +3,11 @@ FROM golang:alpine as builder
 RUN apk add --no-cache make git && \
    wget -O /Country.mmdb https://github.com/Dreamacro/maxmind-geoip/releases/latest/download/Country.mmdb
 WORKDIR /clash-src
 COPY --from=tonistiigi/xx:golang / /
 COPY . /clash-src
 RUN go mod download && \
-    make linux-amd64 && \
+    make docker && \
-    mv ./bin/clash-linux-amd64 /clash
+    mv ./bin/clash-docker /clash
 FROM alpine:latest
--- a/Dockerfile.arm32v7
+++ b/Dockerfile.arm32v7
@ -1,20 +0,0 @@
 FROM golang:alpine as builder
 RUN apk add --no-cache make git && \
    wget -O /Country.mmdb https://github.com/Dreamacro/maxmind-geoip/releases/latest/download/Country.mmdb && \
    wget -O /qemu-arm-static https://github.com/multiarch/qemu-user-static/releases/latest/download/qemu-arm-static && \
    chmod +x /qemu-arm-static
 WORKDIR /clash-src
 COPY . /clash-src
 RUN go mod download && \
    make linux-armv7 && \
    mv ./bin/clash-linux-armv7 /clash
 FROM arm32v7/alpine:latest
 COPY --from=builder /qemu-arm-static /usr/bin/
 COPY --from=builder /Country.mmdb /root/.config/clash/
 COPY --from=builder /clash /
 RUN apk add --no-cache ca-certificates
 ENTRYPOINT ["/clash"]
--- a/Dockerfile.arm64v8
+++ b/Dockerfile.arm64v8
@ -1,20 +0,0 @@
 FROM golang:alpine as builder
 RUN apk add --no-cache make git && \
    wget -O /Country.mmdb https://github.com/Dreamacro/maxmind-geoip/releases/latest/download/Country.mmdb && \
    wget -O /qemu-aarch64-static https://github.com/multiarch/qemu-user-static/releases/latest/download/qemu-aarch64-static && \
    chmod +x /qemu-aarch64-static
 WORKDIR /clash-src
 COPY . /clash-src
 RUN go mod download && \
    make linux-armv8 && \
    mv ./bin/clash-linux-armv8 /clash
 FROM arm64v8/alpine:latest
 COPY --from=builder /qemu-aarch64-static /usr/bin/
 COPY --from=builder /Country.mmdb /root/.config/clash/
 COPY --from=builder /clash /
 RUN apk add --no-cache ca-certificates
 ENTRYPOINT ["/clash"]
--- a/13
+++ b/13
@ -2,9 +2,9 @@ NAME=clash
 BINDIR=bin
 VERSION=$(shell git describe --tags || echo "unknown version")
 BUILDTIME=$(shell date -u)
-GOBUILD=CGO_ENABLED=0 go build -ldflags '-X "github.com/Dreamacro/clash/constant.Version=$(VERSION)" \
+GOBUILD=CGO_ENABLED=0 go build -trimpath -ldflags '-X "github.com/Dreamacro/clash/constant.Version=$(VERSION)" \
 		-X "github.com/Dreamacro/clash/constant.BuildTime=$(BUILDTIME)" \
-		-w -s'
+		-w -s -buildid='
 PLATFORM_LIST = \
 	darwin-amd64 \
@ -25,10 +25,14 @@ PLATFORM_LIST = \
 WINDOWS_ARCH_LIST = \
 	windows-386 \
-	windows-amd64
+	windows-amd64 \
 	windows-arm32v7
 all: linux-amd64 darwin-amd64 windows-amd64 # Most used
 docker:
 	$(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 darwin-amd64:
 	GOARCH=amd64 GOOS=darwin $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
@ -79,6 +83,9 @@ windows-386:
 windows-amd64:
 	GOARCH=amd64 GOOS=windows $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
 windows-arm32v7:
 	GOARCH=arm GOOS=windows GOARM=7 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
 gz_releases=$(addsuffix .gz, $(PLATFORM_LIST))
 zip_releases=$(addsuffix .zip, $(WINDOWS_ARCH_LIST))
--- a/README.md
+++ b/README.md
@ -19,369 +19,27 @@
 ## Features
- Local HTTP/HTTPS/SOCKS server with/without authentication
+- Local HTTP/HTTPS/SOCKS server with authentication support
- VMess, Shadowsocks, Trojan (experimental), Snell protocol support for remote connections. UDP is supported.
+- VMess, Shadowsocks, Trojan, Snell protocol support for remote connections
- Built-in DNS server that aims to minimize DNS pollution attacks, supports DoH/DoT upstream. Fake IP is also supported.
+- Built-in DNS server that aims to minimize DNS pollution attack impact, supports DoH/DoT upstream and fake IP.
 - Rules based off domains, GEOIP, IP CIDR or ports to forward packets to different nodes
 - Remote groups allow users to implement powerful rules. Supports automatic fallback, load balancing or auto select node based off latency
 - Remote providers, allowing users to get node lists remotely instead of hardcoding in config
- Netfilter TCP redirecting. You can deploy Clash on your Internet gateway with `iptables`.
+- Netfilter TCP redirecting. Deploy Clash on your Internet gateway with `iptables`.
- Comprehensive HTTP API controller
+- Comprehensive HTTP RESTful API controller
-## Install
+## Getting Started
-
+Documentations are now moved to [GitHub Wiki](https://github.com/Dreamacro/clash/wiki).
 Clash requires Go >= 1.13. You can build it from source:
 ```sh
 $ go get -u -v github.com/Dreamacro/clash
 ```
 Pre-built binaries are available here: [release](https://github.com/Dreamacro/clash/releases)  
 Pre-built TUN mode binaries are available here: [TUN release](https://github.com/Dreamacro/clash/releases/tag/TUN). Source is not currently available.
 Check Clash version with:
 ```sh
 $ clash -v
 ```
 ## Daemonize Clash
 Unfortunately, there is no native or elegant way to implement daemons on Golang. We recommend using third-party daemon management tools like PM2, Supervisor or the like to keep Clash running as a service.
 In the case of [pm2](https://github.com/Unitech/pm2), start the daemon this way:
 ```sh
 $ pm2 start clash
 ```
 If you have Docker installed, it's recommended to deploy Clash directly using `docker-compose`: [run Clash in Docker](https://github.com/Dreamacro/clash/wiki/Run-clash-in-docker)
 ## Config
 The default configuration directory is `$HOME/.config/clash`.
 The name of the configuration file is `config.yaml`.
 If you want to use another directory, use `-d` to control the configuration directory.
 For example, you can use the current directory as the configuration directory:
 ```sh
 $ clash -d .
 ```
 <details>
  <summary>This is an example configuration file (click to expand)</summary>
 ```yml
 # port of HTTP
 port: 7890
 # port of SOCKS5
 socks-port: 7891
 # redir port for Linux and macOS
 # redir-port: 7892
 allow-lan: false
 # Only applicable when setting allow-lan to true
 # "*": bind all IP addresses
 # 192.168.122.11: bind a single IPv4 address
 # "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address
 # bind-address: "*"
 # Rule / Global / Direct (default is Rule)
 mode: Rule
 # set log level to stdout (default is info)
 # info / warning / error / debug / silent
 log-level: info
 # RESTful API for clash
 external-controller: 127.0.0.1:9090
 # you can put the static web resource (such as clash-dashboard) to a directory, and clash would serve in `${API}/ui`
 # input is a relative path to the configuration directory or an absolute path
 # external-ui: folder
 # Secret for RESTful API (Optional)
 # secret: ""
 # experimental feature
 experimental:
  ignore-resolve-fail: true # ignore dns resolve fail, default value is true
  # interface-name: en0 # outbound interface name
 # authentication of local SOCKS5/HTTP(S) server
 # authentication:
 #  - "user1:pass1"
 #  - "user2:pass2"
 # # experimental hosts, support wildcard (e.g. *.clash.dev Even *.foo.*.example.com)
 # # static domain has a higher priority than wildcard domain (foo.example.com > *.example.com > .example.com)
 # hosts:
 #   '*.clash.dev': 127.0.0.1
 #   '.dev': 127.0.0.1
 #   'alpha.clash.dev': '::1'
 # dns:
  # enable: true # set true to enable dns (default is false)
  # ipv6: false # default is false
  # listen: 0.0.0.0:53
  # # default-nameserver: # resolve dns nameserver host, should fill pure IP
  # #   - 114.114.114.114
  # #   - 8.8.8.8
  # enhanced-mode: redir-host # or fake-ip
  # # fake-ip-range: 198.18.0.1/16 # if you don't know what it is, don't change it
  # fake-ip-filter: # fake ip white domain list
  #   - '*.lan'
  #   - localhost.ptlogin2.qq.com
  # nameserver:
  #   - 114.114.114.114
  #   - tls://dns.rubyfish.cn:853 # dns over tls
  #   - https://1.1.1.1/dns-query # dns over https
  # fallback: # concurrent request with nameserver, fallback used when GEOIP country isn't CN
  #   - tcp://1.1.1.1
  # fallback-filter:
  #   geoip: true # default
  #   ipcidr: # ips in these subnets will be considered polluted
  #     - 240.0.0.0/4
 proxies:
  # shadowsocks
  # The supported ciphers(encrypt methods):
  #   aes-128-gcm aes-192-gcm aes-256-gcm
  #   aes-128-cfb aes-192-cfb aes-256-cfb
  #   aes-128-ctr aes-192-ctr aes-256-ctr
  #   rc4-md5 chacha20-ietf xchacha20
  #   chacha20-ietf-poly1305 xchacha20-ietf-poly1305
  - name: "ss1"
    type: ss
    server: server
    port: 443
    cipher: chacha20-ietf-poly1305
    password: "password"
    # udp: true
  # old obfs configuration format remove after prerelease
  - name: "ss2"
    type: ss
    server: server
    port: 443
    cipher: chacha20-ietf-poly1305
    password: "password"
    plugin: obfs
    plugin-opts:
      mode: tls # or http
      # host: bing.com
  - name: "ss3"
    type: ss
    server: server
    port: 443
    cipher: chacha20-ietf-poly1305
    password: "password"
    plugin: v2ray-plugin
    plugin-opts:
      mode: websocket # no QUIC now
      # tls: true # wss
      # skip-cert-verify: true
      # host: bing.com
      # path: "/"
      # mux: true
      # headers:
      #   custom: value
  # vmess
  # cipher support auto/aes-128-gcm/chacha20-poly1305/none
  - name: "vmess"
    type: vmess
    server: server
    port: 443
    uuid: uuid
    alterId: 32
    cipher: auto
    # udp: true
    # tls: true
    # skip-cert-verify: true
    # network: ws
    # ws-path: /path
    # ws-headers:
    #   Host: v2ray.com
  - name: "vmess-http"
    type: vmess
    server: server
    port: 443
    uuid: uuid
    alterId: 32
    cipher: auto
    # udp: true
    # network: http
    # http-opts:
    #   # method: "GET"
    #   # path:
    #   #   - '/'
    #   #   - '/video'
    #   # headers:
    #   #   Connection:
    #   #     - keep-alive
  # socks5
  - name: "socks"
    type: socks5
    server: server
    port: 443
    # username: username
    # password: password
    # tls: true
    # skip-cert-verify: true
    # udp: true
  # http
  - name: "http"
    type: http
    server: server
    port: 443
    # username: username
    # password: password
    # tls: true # https
    # skip-cert-verify: true
  # snell
  - name: "snell"
    type: snell
    server: server
    port: 44046
    psk: yourpsk
    # obfs-opts:
      # mode: http # or tls
      # host: bing.com
  # trojan
  - name: "trojan"
    type: trojan
    server: server
    port: 443
    password: yourpsk
    # udp: true
    # sni: example.com # aka server name
    # alpn:
    #   - h2
    #   - http/1.1
    # skip-cert-verify: true
 proxy-groups:
  # relay chains the proxies. proxies shall not contain a relay. No UDP support.
  # Traffic: clash <-> http <-> vmess <-> ss1 <-> ss2 <-> Internet
  - name: "relay"
    type: relay
    proxies:
      - http
      - vmess
      - ss1
      - ss2
  # url-test select which proxy will be used by benchmarking speed to a URL.
  - name: "auto"
    type: url-test
    proxies:
      - ss1
      - ss2
      - vmess1
    url: 'http://www.gstatic.com/generate_204'
    interval: 300
  # fallback select an available policy by priority. The availability is tested by accessing an URL, just like an auto url-test group.
  - name: "fallback-auto"
    type: fallback
    proxies:
      - ss1
      - ss2
      - vmess1
    url: 'http://www.gstatic.com/generate_204'
    interval: 300
  # load-balance: The request of the same eTLD will be dial on the same proxy.
  - name: "load-balance"
    type: load-balance
    proxies:
      - ss1
      - ss2
      - vmess1
    url: 'http://www.gstatic.com/generate_204'
    interval: 300
  # select is used for selecting proxy or proxy group
  # you can use RESTful API to switch proxy, is recommended for use in GUI.
  - name: Proxy
    type: select
    proxies:
      - ss1
      - ss2
      - vmess1
      - auto
  - name: UseProvider
    type: select
    use:
      - provider1
    proxies:
      - Proxy
      - DIRECT
 proxy-providers:
  provider1:
    type: http
    url: "url"
    interval: 3600
    path: ./hk.yaml
    health-check:
      enable: true
      interval: 600
      url: http://www.gstatic.com/generate_204
  test:
    type: file
    path: /test.yaml
    health-check:
      enable: true
      interval: 36000
      url: http://www.gstatic.com/generate_204
 rules:
  - DOMAIN-SUFFIX,google.com,auto
  - DOMAIN-KEYWORD,google,auto
  - DOMAIN,google.com,auto
  - DOMAIN-SUFFIX,ad.com,REJECT
  # rename SOURCE-IP-CIDR and would remove after prerelease
  - SRC-IP-CIDR,192.168.1.201/32,DIRECT
  # optional param "no-resolve" for IP rules (GEOIP IP-CIDR)
  - IP-CIDR,127.0.0.0/8,DIRECT
  - GEOIP,CN,DIRECT
  - DST-PORT,80,DIRECT
  - SRC-PORT,7777,DIRECT
  # FINAL would remove after prerelease
  # you also can use `FINAL,Proxy` or `FINAL,,Proxy` now
  - MATCH,auto
 ```
 </details>
 ## Advanced
 [Provider](https://github.com/Dreamacro/clash/wiki/Provider)
 ## Documentations
 https://clash.gitbook.io/
 ## Credits
-[riobard/go-shadowsocks2](https://github.com/riobard/go-shadowsocks2)
+* [riobard/go-shadowsocks2](https://github.com/riobard/go-shadowsocks2)
-
+* [v2ray/v2ray-core](https://github.com/v2ray/v2ray-core)
 [v2ray/v2ray-core](https://github.com/v2ray/v2ray-core)
 ## License
 This software is released under the GPL-3.0 license.
 [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2FDreamacro%2Fclash.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2FDreamacro%2Fclash?ref=badge_large)
 ## TODO
@ -390,4 +48,4 @@ https://clash.gitbook.io/
 - [x] Redir proxy
 - [x] UDP support
 - [x] Connection manager
- [ ] Event API
+- [ ] ~~Event API~~
--- a/adapters/inbound/util.go
+++ b/adapters/inbound/util.go
@ -4,6 +4,7 @@ import (
 	"net"
 	"net/http"
 	"strconv"
 	"strings"
 	"github.com/Dreamacro/clash/component/socks5"
 	C "github.com/Dreamacro/clash/constant"
@ -16,7 +17,8 @@ func parseSocksAddr(target socks5.Addr) *C.Metadata {
 	switch target[0] {
 	case socks5.AtypDomainName:
-		metadata.Host = string(target[2 : 2+target[1]])
+		// trim for FQDN
 		metadata.Host = strings.TrimRight(string(target[2:2+target[1]]), ".")
 		metadata.DstPort = strconv.Itoa((int(target[2+target[1]]) << 8) | int(target[2+target[1]+1]))
 	case socks5.AtypIPv4:
 		ip := net.IP(target[1 : 1+net.IPv4len])
@ -38,6 +40,9 @@ func parseHTTPAddr(request *http.Request) *C.Metadata {
 		port = "80"
 	}
 	// trim FQDN (#737)
 	host = strings.TrimRight(host, ".")
 	metadata := &C.Metadata{
 		NetWork:  C.TCP,
 		AddrType: C.AtypDomainName,
--- a/adapters/outbound/base.go
+++ b/adapters/outbound/base.go
@ -6,16 +6,13 @@ import (
 	"errors"
 	"net"
 	"net/http"
 	"sync/atomic"
 	"time"
 	"github.com/Dreamacro/clash/common/queue"
 	C "github.com/Dreamacro/clash/constant"
 )
 var (
 	defaultURLTestTimeout = time.Second * 5
 )
 type Base struct {
 	name string
 	addr string
@ -78,13 +75,8 @@ func NewConn(c net.Conn, a C.ProxyAdapter) C.Conn {
 	return &conn{c, []string{a.Name()}}
 }
 type PacketConn interface {
 	net.PacketConn
 	WriteWithMetadata(p []byte, metadata *C.Metadata) (n int, err error)
 }
 type packetConn struct {
-	PacketConn
+	net.PacketConn
 	chain C.Chain
 }
@ -96,18 +88,18 @@ func (c *packetConn) AppendToChains(a C.ProxyAdapter) {
 	c.chain = append(c.chain, a.Name())
 }
-func newPacketConn(pc PacketConn, a C.ProxyAdapter) C.PacketConn {
+func newPacketConn(pc net.PacketConn, a C.ProxyAdapter) C.PacketConn {
 	return &packetConn{pc, []string{a.Name()}}
 }
 type Proxy struct {
 	C.ProxyAdapter
 	history *queue.Queue
-	alive   bool
+	alive   uint32
 }
 func (p *Proxy) Alive() bool {
-	return p.alive
+	return atomic.LoadUint32(&p.alive) > 0
 }
 func (p *Proxy) Dial(metadata *C.Metadata) (C.Conn, error) {
@ -119,7 +111,7 @@ func (p *Proxy) Dial(metadata *C.Metadata) (C.Conn, error) {
 func (p *Proxy) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
 	conn, err := p.ProxyAdapter.DialContext(ctx, metadata)
 	if err != nil {
-		p.alive = false
+		atomic.StoreUint32(&p.alive, 0)
 	}
 	return conn, err
 }
@ -136,7 +128,7 @@ func (p *Proxy) DelayHistory() []C.DelayHistory {
 // LastDelay return last history record. if proxy is not alive, return the max value of uint16.
 func (p *Proxy) LastDelay() (delay uint16) {
 	var max uint16 = 0xffff
-	if !p.alive {
+	if atomic.LoadUint32(&p.alive) == 0 {
 		return max
 	}
@ -167,7 +159,11 @@ func (p *Proxy) MarshalJSON() ([]byte, error) {
 // URLTest get the delay for the specified URL
 func (p *Proxy) URLTest(ctx context.Context, url string) (t uint16, err error) {
 	defer func() {
-		p.alive = err == nil
+		if err == nil {
 			atomic.StoreUint32(&p.alive, 1)
 		} else {
 			atomic.StoreUint32(&p.alive, 0)
 		}
 		record := C.DelayHistory{Time: time.Now()}
 		if err == nil {
 			record.Delay = t
@ -223,5 +219,5 @@ func (p *Proxy) URLTest(ctx context.Context, url string) (t uint16, err error) {
 }
 func NewProxy(adapter C.ProxyAdapter) *Proxy {
-	return &Proxy{adapter, queue.New(10), true}
+	return &Proxy{adapter, queue.New(10), 1}
 }
--- a/adapters/outbound/direct.go
+++ b/adapters/outbound/direct.go
@ -5,7 +5,6 @@ import (
 	"net"
 	"github.com/Dreamacro/clash/component/dialer"
 	"github.com/Dreamacro/clash/component/resolver"
 	C "github.com/Dreamacro/clash/constant"
 )
@ -36,17 +35,6 @@ type directPacketConn struct {
 	net.PacketConn
 }
 func (dp *directPacketConn) WriteWithMetadata(p []byte, metadata *C.Metadata) (n int, err error) {
 	if !metadata.Resolved() {
 		ip, err := resolver.ResolveIP(metadata.Host)
 		if err != nil {
 			return 0, err
 		}
 		metadata.DstIP = ip
 	}
 	return dp.WriteTo(p, metadata.UDPAddr())
 }
 func NewDirect() *Direct {
 	return &Direct{
 		Base: &Base{
--- a/adapters/outbound/http.go
+++ b/adapters/outbound/http.go
@ -31,6 +31,7 @@ type HttpOption struct {
 	UserName       string `proxy:"username,omitempty"`
 	Password       string `proxy:"password,omitempty"`
 	TLS            bool   `proxy:"tls,omitempty"`
 	SNI            string `proxy:"sni,omitempty"`
 	SkipCertVerify bool   `proxy:"skip-cert-verify,omitempty"`
 }
@ -114,10 +115,14 @@ func (h *Http) shakeHand(metadata *C.Metadata, rw io.ReadWriter) error {
 func NewHttp(option HttpOption) *Http {
 	var tlsConfig *tls.Config
 	if option.TLS {
 		sni := option.Server
 		if option.SNI != "" {
 			sni = option.SNI
 		}
 		tlsConfig = &tls.Config{
 			InsecureSkipVerify: option.SkipCertVerify,
 			ClientSessionCache: getClientSessionCache(),
-			ServerName:         option.Server,
+			ServerName:         sni,
 		}
 	}
--- a/adapters/outbound/parser.go
+++ b/adapters/outbound/parser.go
@ -11,11 +11,13 @@ func ParseProxy(mapping map[string]interface{}) (C.Proxy, error) {
 	decoder := structure.NewDecoder(structure.Option{TagName: "proxy", WeaklyTypedInput: true})
 	proxyType, existType := mapping["type"].(string)
 	if !existType {
-		return nil, fmt.Errorf("Missing type")
+		return nil, fmt.Errorf("missing type")
 	}
-	var proxy C.ProxyAdapter
+	var (
-	err := fmt.Errorf("Cannot parse")
+		proxy C.ProxyAdapter
 		err   error
 	)
 	switch proxyType {
 	case "ss":
 		ssOption := &ShadowSocksOption{}
@ -24,6 +26,13 @@ func ParseProxy(mapping map[string]interface{}) (C.Proxy, error) {
 			break
 		}
 		proxy, err = NewShadowSocks(*ssOption)
 	case "ssr":
 		ssrOption := &ShadowSocksROption{}
 		err = decoder.Decode(mapping, ssrOption)
 		if err != nil {
 			break
 		}
 		proxy, err = NewShadowSocksR(*ssrOption)
 	case "socks5":
 		socksOption := &Socks5Option{}
 		err = decoder.Decode(mapping, socksOption)
@ -65,7 +74,7 @@ func ParseProxy(mapping map[string]interface{}) (C.Proxy, error) {
 		}
 		proxy, err = NewTrojan(*trojanOption)
 	default:
-		return nil, fmt.Errorf("Unsupport proxy type: %s", proxyType)
+		return nil, fmt.Errorf("unsupport proxy type: %s", proxyType)
 	}
 	if err != nil {
--- a/adapters/outbound/shadowsocks.go
+++ b/adapters/outbound/shadowsocks.go
@ -37,10 +37,6 @@ type ShadowSocksOption struct {
 	UDP        bool                   `proxy:"udp,omitempty"`
 	Plugin     string                 `proxy:"plugin,omitempty"`
 	PluginOpts map[string]interface{} `proxy:"plugin-opts,omitempty"`
 	// deprecated when bump to 1.0
 	Obfs     string `proxy:"obfs,omitempty"`
 	ObfsHost string `proxy:"obfs-host,omitempty"`
 }
 type simpleObfsOption struct {
@ -122,17 +118,6 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
 	var obfsOption *simpleObfsOption
 	obfsMode := ""
 	// forward compatibility before 1.0
 	if option.Obfs != "" {
 		obfsMode = option.Obfs
 		obfsOption = &simpleObfsOption{
 			Host: "bing.com",
 		}
 		if option.ObfsHost != "" {
 			obfsOption.Host = option.ObfsHost
 		}
 	}
 	decoder := structure.NewDecoder(structure.Option{TagName: "obfs", WeaklyTypedInput: true})
 	if option.Plugin == "obfs" {
 		opts := simpleObfsOption{Host: "bing.com"}
@ -197,14 +182,6 @@ func (spc *ssPacketConn) WriteTo(b []byte, addr net.Addr) (n int, err error) {
 	return spc.PacketConn.WriteTo(packet[3:], spc.rAddr)
 }
 func (spc *ssPacketConn) WriteWithMetadata(p []byte, metadata *C.Metadata) (n int, err error) {
 	packet, err := socks5.EncodeUDPPacket(socks5.ParseAddr(metadata.RemoteAddress()), p)
 	if err != nil {
 		return
 	}
 	return spc.PacketConn.WriteTo(packet[3:], spc.rAddr)
 }
 func (spc *ssPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
 	n, _, e := spc.PacketConn.ReadFrom(b)
 	if e != nil {
--- a/adapters/outbound/shadowsocksr.go
+++ b/adapters/outbound/shadowsocksr.go
@ -0,0 +1,134 @@
 package outbound
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"net"
 	"strconv"
 	"github.com/Dreamacro/clash/component/dialer"
 	"github.com/Dreamacro/clash/component/ssr/obfs"
 	"github.com/Dreamacro/clash/component/ssr/protocol"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/go-shadowsocks2/core"
 	"github.com/Dreamacro/go-shadowsocks2/shadowstream"
 )
 type ShadowSocksR struct {
 	*Base
 	cipher   *core.StreamCipher
 	obfs     obfs.Obfs
 	protocol protocol.Protocol
 }
 type ShadowSocksROption struct {
 	Name          string `proxy:"name"`
 	Server        string `proxy:"server"`
 	Port          int    `proxy:"port"`
 	Password      string `proxy:"password"`
 	Cipher        string `proxy:"cipher"`
 	Obfs          string `proxy:"obfs"`
 	ObfsParam     string `proxy:"obfs-param,omitempty"`
 	Protocol      string `proxy:"protocol"`
 	ProtocolParam string `proxy:"protocol-param,omitempty"`
 	UDP           bool   `proxy:"udp,omitempty"`
 }
 func (ssr *ShadowSocksR) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	c = obfs.NewConn(c, ssr.obfs)
 	c = ssr.cipher.StreamConn(c)
 	conn, ok := c.(*shadowstream.Conn)
 	if !ok {
 		return nil, fmt.Errorf("invalid connection type")
 	}
 	iv, err := conn.ObtainWriteIV()
 	if err != nil {
 		return nil, err
 	}
 	c = protocol.NewConn(c, ssr.protocol, iv)
 	_, err = c.Write(serializesSocksAddr(metadata))
 	return c, err
 }
 func (ssr *ShadowSocksR) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
 	c, err := dialer.DialContext(ctx, "tcp", ssr.addr)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", ssr.addr, err)
 	}
 	tcpKeepAlive(c)
 	c, err = ssr.StreamConn(c, metadata)
 	return NewConn(c, ssr), err
 }
 func (ssr *ShadowSocksR) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	pc, err := dialer.ListenPacket("udp", "")
 	if err != nil {
 		return nil, err
 	}
 	addr, err := resolveUDPAddr("udp", ssr.addr)
 	if err != nil {
 		return nil, err
 	}
 	pc = ssr.cipher.PacketConn(pc)
 	pc = protocol.NewPacketConn(pc, ssr.protocol)
 	return newPacketConn(&ssPacketConn{PacketConn: pc, rAddr: addr}, ssr), nil
 }
 func (ssr *ShadowSocksR) MarshalJSON() ([]byte, error) {
 	return json.Marshal(map[string]string{
 		"type": ssr.Type().String(),
 	})
 }
 func NewShadowSocksR(option ShadowSocksROption) (*ShadowSocksR, error) {
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
 	cipher := option.Cipher
 	password := option.Password
 	coreCiph, err := core.PickCipher(cipher, nil, password)
 	if err != nil {
 		return nil, fmt.Errorf("ssr %s initialize cipher error: %w", addr, err)
 	}
 	ciph, ok := coreCiph.(*core.StreamCipher)
 	if !ok {
 		return nil, fmt.Errorf("%s is not a supported stream cipher in ssr", cipher)
 	}
 	obfs, err := obfs.PickObfs(option.Obfs, &obfs.Base{
 		IVSize:  ciph.IVSize(),
 		Key:     ciph.Key,
 		HeadLen: 30,
 		Host:    option.Server,
 		Port:    option.Port,
 		Param:   option.ObfsParam,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("ssr %s initialize obfs error: %w", addr, err)
 	}
 	protocol, err := protocol.PickProtocol(option.Protocol, &protocol.Base{
 		IV:     nil,
 		Key:    ciph.Key,
 		TCPMss: 1460,
 		Param:  option.ProtocolParam,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("ssr %s initialize protocol error: %w", addr, err)
 	}
 	protocol.SetOverhead(obfs.GetObfsOverhead() + protocol.GetProtocolOverhead())
 	return &ShadowSocksR{
 		Base: &Base{
 			name: option.Name,
 			addr: addr,
 			tp:   C.ShadowsocksR,
 			udp:  option.UDP,
 		},
 		cipher:   ciph,
 		obfs:     obfs,
 		protocol: protocol,
 	}, nil
 }
--- a/adapters/outbound/snell.go
+++ b/adapters/outbound/snell.go
@ -16,7 +16,9 @@ import (
 type Snell struct {
 	*Base
 	psk        []byte
 	pool       *snell.Pool
 	obfsOption *simpleObfsOption
 	version    int
 }
 type SnellOption struct {
@ -24,24 +26,47 @@ type SnellOption struct {
 	Server   string                 `proxy:"server"`
 	Port     int                    `proxy:"port"`
 	Psk      string                 `proxy:"psk"`
 	Version  int                    `proxy:"version,omitempty"`
 	ObfsOpts map[string]interface{} `proxy:"obfs-opts,omitempty"`
 }
-func (s *Snell) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+type streamOption struct {
-	switch s.obfsOption.Mode {
+	psk        []byte
 	version    int
 	addr       string
 	obfsOption *simpleObfsOption
 }
 func streamConn(c net.Conn, option streamOption) *snell.Snell {
 	switch option.obfsOption.Mode {
 	case "tls":
-		c = obfs.NewTLSObfs(c, s.obfsOption.Host)
+		c = obfs.NewTLSObfs(c, option.obfsOption.Host)
 	case "http":
-		_, port, _ := net.SplitHostPort(s.addr)
+		_, port, _ := net.SplitHostPort(option.addr)
-		c = obfs.NewHTTPObfs(c, s.obfsOption.Host, port)
+		c = obfs.NewHTTPObfs(c, option.obfsOption.Host, port)
 	}
-	c = snell.StreamConn(c, s.psk)
+	return snell.StreamConn(c, option.psk, option.version)
 }
 func (s *Snell) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	c = streamConn(c, streamOption{s.psk, s.version, s.addr, s.obfsOption})
 	port, _ := strconv.Atoi(metadata.DstPort)
-	err := snell.WriteHeader(c, metadata.String(), uint(port))
+	err := snell.WriteHeader(c, metadata.String(), uint(port), s.version)
 	return c, err
 }
 func (s *Snell) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
 	if s.version == snell.Version2 {
 		c, err := s.pool.Get()
 		if err != nil {
 			return nil, err
 		}
 		port, _ := strconv.Atoi(metadata.DstPort)
 		err = snell.WriteHeader(c, metadata.String(), uint(port), s.version)
 		return NewConn(c, s), err
 	}
 	c, err := dialer.DialContext(ctx, "tcp", s.addr)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", s.addr, err)
@ -66,7 +91,15 @@ func NewSnell(option SnellOption) (*Snell, error) {
 		return nil, fmt.Errorf("snell %s obfs mode error: %s", addr, obfsOption.Mode)
 	}
-	return &Snell{
+	// backward compatible
 	if option.Version == 0 {
 		option.Version = snell.DefaultSnellVersion
 	}
 	if option.Version != snell.Version1 && option.Version != snell.Version2 {
 		return nil, fmt.Errorf("snell version error: %d", option.Version)
 	}
 	s := &Snell{
 		Base: &Base{
 			name: option.Name,
 			addr: addr,
@ -74,5 +107,19 @@ func NewSnell(option SnellOption) (*Snell, error) {
 		},
 		psk:        psk,
 		obfsOption: obfsOption,
-	}, nil
+		version:    option.Version,
 	}
 	if option.Version == snell.Version2 {
 		s.pool = snell.NewPool(func(ctx context.Context) (*snell.Snell, error) {
 			c, err := dialer.DialContext(ctx, "tcp", addr)
 			if err != nil {
 				return nil, err
 			}
 			tcpKeepAlive(c)
 			return streamConn(c, streamOption{psk, option.Version, addr, obfsOption}), nil
 		})
 	}
 	return s, nil
 }
--- a/adapters/outbound/socks5.go
+++ b/adapters/outbound/socks5.go
@ -164,14 +164,6 @@ func (uc *socksPacketConn) WriteTo(b []byte, addr net.Addr) (n int, err error) {
 	return uc.PacketConn.WriteTo(packet, uc.rAddr)
 }
 func (uc *socksPacketConn) WriteWithMetadata(p []byte, metadata *C.Metadata) (n int, err error) {
 	packet, err := socks5.EncodeUDPPacket(socks5.ParseAddr(metadata.RemoteAddress()), p)
 	if err != nil {
 		return
 	}
 	return uc.PacketConn.WriteTo(packet, uc.rAddr)
 }
 func (uc *socksPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
 	n, _, e := uc.PacketConn.ReadFrom(b)
 	if e != nil {
--- a/adapters/outbound/trojan.go
+++ b/adapters/outbound/trojan.go
@ -71,7 +71,7 @@ func (t *Trojan) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	}
 	pc := t.instance.PacketConn(c)
-	return newPacketConn(&trojanPacketConn{pc, c}, t), err
+	return newPacketConn(pc, t), err
 }
 func (t *Trojan) MarshalJSON() ([]byte, error) {
@ -105,12 +105,3 @@ func NewTrojan(option TrojanOption) (*Trojan, error) {
 		instance: trojan.New(tOption),
 	}, nil
 }
 type trojanPacketConn struct {
 	net.PacketConn
 	conn net.Conn
 }
 func (tpc *trojanPacketConn) WriteWithMetadata(p []byte, metadata *C.Metadata) (n int, err error) {
 	return trojan.WritePacket(tpc.conn, serializesSocksAddr(metadata), p)
 }
--- a/adapters/outbound/vmess.go
+++ b/adapters/outbound/vmess.go
@ -32,9 +32,11 @@ type VmessOption struct {
 	UDP            bool              `proxy:"udp,omitempty"`
 	Network        string            `proxy:"network,omitempty"`
 	HTTPOpts       HTTPOptions       `proxy:"http-opts,omitempty"`
 	HTTP2Opts      HTTP2Options      `proxy:"h2-opts,omitempty"`
 	WSPath         string            `proxy:"ws-path,omitempty"`
 	WSHeaders      map[string]string `proxy:"ws-headers,omitempty"`
 	SkipCertVerify bool              `proxy:"skip-cert-verify,omitempty"`
 	ServerName     string            `proxy:"servername,omitempty"`
 }
 type HTTPOptions struct {
@ -43,6 +45,11 @@ type HTTPOptions struct {
 	Headers map[string][]string `proxy:"headers,omitempty"`
 }
 type HTTP2Options struct {
 	Host []string `proxy:"host,omitempty"`
 	Path string   `proxy:"path,omitempty"`
 }
 func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	var err error
 	switch v.option.Network {
@ -66,9 +73,29 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 			wsOpts.TLS = true
 			wsOpts.SessionCache = getClientSessionCache()
 			wsOpts.SkipCertVerify = v.option.SkipCertVerify
 			wsOpts.ServerName = v.option.ServerName
 		}
 		c, err = vmess.StreamWebsocketConn(c, wsOpts)
 	case "http":
 		// readability first, so just copy default TLS logic
 		if v.option.TLS {
 			host, _, _ := net.SplitHostPort(v.addr)
 			tlsOpts := &vmess.TLSConfig{
 				Host:           host,
 				SkipCertVerify: v.option.SkipCertVerify,
 				SessionCache:   getClientSessionCache(),
 			}
 			if v.option.ServerName != "" {
 				tlsOpts.Host = v.option.ServerName
 			}
 			c, err = vmess.StreamTLSConn(c, tlsOpts)
 			if err != nil {
 				return nil, err
 			}
 		}
 		host, _, _ := net.SplitHostPort(v.addr)
 		httpOpts := &vmess.HTTPConfig{
 			Host:    host,
@ -78,6 +105,30 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 		}
 		c = vmess.StreamHTTPConn(c, httpOpts)
 	case "h2":
 		host, _, _ := net.SplitHostPort(v.addr)
 		tlsOpts := vmess.TLSConfig{
 			Host:           host,
 			SkipCertVerify: v.option.SkipCertVerify,
 			SessionCache:   getClientSessionCache(),
 			NextProtos:     []string{"h2"},
 		}
 		if v.option.ServerName != "" {
 			tlsOpts.Host = v.option.ServerName
 		}
 		c, err = vmess.StreamTLSConn(c, &tlsOpts)
 		if err != nil {
 			return nil, err
 		}
 		h2Opts := &vmess.H2Config{
 			Hosts: v.option.HTTP2Opts.Host,
 			Path:  v.option.HTTP2Opts.Path,
 		}
 		c, err = vmess.StreamH2Conn(c, h2Opts)
 	default:
 		// handle TLS
 		if v.option.TLS {
@ -87,6 +138,11 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 				SkipCertVerify: v.option.SkipCertVerify,
 				SessionCache:   getClientSessionCache(),
 			}
 			if v.option.ServerName != "" {
 				tlsOpts.Host = v.option.ServerName
 			}
 			c, err = vmess.StreamTLSConn(c, tlsOpts)
 		}
 	}
@ -101,7 +157,7 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 func (v *Vmess) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
 	c, err := dialer.DialContext(ctx, "tcp", v.addr)
 	if err != nil {
-		return nil, fmt.Errorf("%s connect error", v.addr)
+		return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 	}
 	tcpKeepAlive(c)
@ -123,7 +179,7 @@ func (v *Vmess) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	defer cancel()
 	c, err := dialer.DialContext(ctx, "tcp", v.addr)
 	if err != nil {
-		return nil, fmt.Errorf("%s connect error", v.addr)
+		return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 	}
 	tcpKeepAlive(c)
 	c, err = v.StreamConn(c, metadata)
@ -145,13 +201,16 @@ func NewVmess(option VmessOption) (*Vmess, error) {
 	if err != nil {
 		return nil, err
 	}
 	if option.Network == "h2" && !option.TLS {
 		return nil, fmt.Errorf("TLS must be true with h2 network")
 	}
 	return &Vmess{
 		Base: &Base{
 			name: option.Name,
 			addr: net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),
 			tp:   C.Vmess,
-			udp:  true,
+			udp:  option.UDP,
 		},
 		client: client,
 		option: &option,
@ -195,10 +254,6 @@ func (uc *vmessPacketConn) WriteTo(b []byte, addr net.Addr) (int, error) {
 	return uc.Conn.Write(b)
 }
 func (uc *vmessPacketConn) WriteWithMetadata(p []byte, metadata *C.Metadata) (n int, err error) {
 	return uc.Conn.Write(p)
 }
 func (uc *vmessPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
 	n, err := uc.Conn.Read(b)
 	return n, uc.rAddr, err
--- a/adapters/outboundgroup/parser.go
+++ b/adapters/outboundgroup/parser.go
@ -12,7 +12,6 @@ import (
 var (
 	errFormat            = errors.New("format error")
 	errType              = errors.New("unsupport type")
 	errMissUse           = errors.New("`use` field should not be empty")
 	errMissProxy         = errors.New("`use` or `proxies` missing")
 	errMissHealthCheck   = errors.New("`url` or `interval` missing")
 	errDuplicateProvider = errors.New("`duplicate provider name")
@ -63,6 +62,10 @@ func ParseProxyGroup(config map[string]interface{}, proxyMap map[string]C.Proxy,
 			providers = append(providers, pd)
 		} else {
 			if _, ok := providersMap[groupName]; ok {
 				return nil, errDuplicateProvider
 			}
 			// select don't need health check
 			if groupOption.Type == "select" || groupOption.Type == "relay" {
 				hc := provider.NewHealthCheck(ps, "", 0)
@ -101,7 +104,8 @@ func ParseProxyGroup(config map[string]interface{}, proxyMap map[string]C.Proxy,
 	var group C.ProxyAdapter
 	switch groupOption.Type {
 	case "url-test":
-		group = NewURLTest(groupName, providers)
+		opts := parseURLTestOption(config)
 		group = NewURLTest(groupName, providers, opts...)
 	case "select":
 		group = NewSelector(groupName, providers)
 	case "fallback":
--- a/adapters/outboundgroup/relay.go
+++ b/adapters/outboundgroup/relay.go
@ -22,7 +22,7 @@ type Relay struct {
 func (r *Relay) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
 	proxies := r.proxies(metadata)
 	if len(proxies) == 0 {
-		return nil, errors.New("Proxy does not exist")
+		return nil, errors.New("proxy does not exist")
 	}
 	first := proxies[0]
 	last := proxies[len(proxies)-1]
--- a/adapters/outboundgroup/selector.go
+++ b/adapters/outboundgroup/selector.go
@ -64,7 +64,7 @@ func (s *Selector) Set(name string) error {
 		}
 	}
-	return errors.New("Proxy does not exist")
+	return errors.New("proxy not exist")
 }
 func (s *Selector) Unwrap(metadata *C.Metadata) C.Proxy {
--- a/adapters/outboundgroup/urltest.go
+++ b/adapters/outboundgroup/urltest.go
@ -11,8 +11,18 @@ import (
 	C "github.com/Dreamacro/clash/constant"
 )
 type urlTestOption func(*URLTest)
 func urlTestWithTolerance(tolerance uint16) urlTestOption {
 	return func(u *URLTest) {
 		u.tolerance = tolerance
 	}
 }
 type URLTest struct {
 	*outbound.Base
 	tolerance  uint16
 	fastNode   C.Proxy
 	single     *singledo.Single
 	fastSingle *singledo.Single
 	providers  []provider.ProxyProvider
@ -66,7 +76,13 @@ func (u *URLTest) fast() C.Proxy {
 				min = delay
 			}
 		}
-		return fast, nil
+
 		// tolerance
 		if u.fastNode == nil || u.fastNode.LastDelay() > fast.LastDelay()+u.tolerance {
 			u.fastNode = fast
 		}
 		return u.fastNode, nil
 	})
 	return elm.(C.Proxy)
@ -88,11 +104,30 @@ func (u *URLTest) MarshalJSON() ([]byte, error) {
 	})
 }
-func NewURLTest(name string, providers []provider.ProxyProvider) *URLTest {
+func parseURLTestOption(config map[string]interface{}) []urlTestOption {
-	return &URLTest{
+	opts := []urlTestOption{}
 	// tolerance
 	if elm, ok := config["tolerance"]; ok {
 		if tolerance, ok := elm.(int); ok {
 			opts = append(opts, urlTestWithTolerance(uint16(tolerance)))
 		}
 	}
 	return opts
 }
 func NewURLTest(name string, providers []provider.ProxyProvider, options ...urlTestOption) *URLTest {
 	urlTest := &URLTest{
 		Base:       outbound.NewBase(name, "", C.URLTest, false),
 		single:     singledo.NewSingle(defaultGetProxiesDuration),
 		fastSingle: singledo.NewSingle(time.Second * 10),
 		providers:  providers,
 	}
 	for _, option := range options {
 		option(urlTest)
 	}
 	return urlTest
 }
--- a/adapters/provider/fetcher.go
+++ b/adapters/provider/fetcher.go
@ -5,6 +5,7 @@ import (
 	"crypto/md5"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"time"
 	"github.com/Dreamacro/clash/log"
@ -12,6 +13,7 @@ import (
 var (
 	fileMode os.FileMode = 0666
 	dirMode  os.FileMode = 0755
 )
 type parser = func([]byte) (interface{}, error)
@ -21,6 +23,7 @@ type fetcher struct {
 	vehicle   Vehicle
 	updatedAt *time.Time
 	ticker    *time.Ticker
 	done      chan struct{}
 	hash      [16]byte
 	parser    parser
 	onUpdate  func(interface{})
@ -35,10 +38,12 @@ func (f *fetcher) VehicleType() VehicleType {
 }
 func (f *fetcher) Initial() (interface{}, error) {
-	var buf []byte
+	var (
-	var err error
+		buf     []byte
-	var isLocal bool
+		err     error
-	if stat, err := os.Stat(f.vehicle.Path()); err == nil {
+		isLocal bool
 	)
 	if stat, fErr := os.Stat(f.vehicle.Path()); fErr == nil {
 		buf, err = ioutil.ReadFile(f.vehicle.Path())
 		modTime := stat.ModTime()
 		f.updatedAt = &modTime
@ -69,8 +74,10 @@ func (f *fetcher) Initial() (interface{}, error) {
 		}
 	}
-	if err := ioutil.WriteFile(f.vehicle.Path(), buf, fileMode); err != nil {
+	if f.vehicle.Type() != File {
-		return nil, err
+		if err := safeWrite(f.vehicle.Path(), buf); err != nil {
 			return nil, err
 		}
 	}
 	f.hash = md5.Sum(buf)
@ -101,7 +108,7 @@ func (f *fetcher) Update() (interface{}, bool, error) {
 		return nil, false, err
 	}
-	if err := ioutil.WriteFile(f.vehicle.Path(), buf, fileMode); err != nil {
+	if err := safeWrite(f.vehicle.Path(), buf); err != nil {
 		return nil, false, err
 	}
@ -113,31 +120,49 @@ func (f *fetcher) Update() (interface{}, bool, error) {
 func (f *fetcher) Destroy() error {
 	if f.ticker != nil {
-		f.ticker.Stop()
+		f.done <- struct{}{}
 	}
 	return nil
 }
 func (f *fetcher) pullLoop() {
-	for range f.ticker.C {
+	for {
-		elm, same, err := f.Update()
+		select {
-		if err != nil {
+		case <-f.ticker.C:
-			log.Warnln("[Provider] %s pull error: %s", f.Name(), err.Error())
+			elm, same, err := f.Update()
-			continue
+			if err != nil {
-		}
+				log.Warnln("[Provider] %s pull error: %s", f.Name(), err.Error())
 				continue
 			}
-		if same {
+			if same {
-			log.Debugln("[Provider] %s's proxies doesn't change", f.Name())
+				log.Debugln("[Provider] %s's proxies doesn't change", f.Name())
-			continue
+				continue
-		}
+			}
-		log.Infoln("[Provider] %s's proxies update", f.Name())
+			log.Infoln("[Provider] %s's proxies update", f.Name())
-		if f.onUpdate != nil {
+			if f.onUpdate != nil {
-			f.onUpdate(elm)
+				f.onUpdate(elm)
 			}
 		case <-f.done:
 			f.ticker.Stop()
 			return
 		}
 	}
 }
 func safeWrite(path string, buf []byte) error {
 	dir := filepath.Dir(path)
 	if _, err := os.Stat(dir); os.IsNotExist(err) {
 		if err := os.MkdirAll(dir, dirMode); err != nil {
 			return err
 		}
 	}
 	return ioutil.WriteFile(path, buf, fileMode)
 }
 func newFetcher(name string, interval time.Duration, vehicle Vehicle, parser parser, onUpdate func(interface{})) *fetcher {
 	var ticker *time.Ticker
 	if interval != 0 {
@ -149,6 +174,7 @@ func newFetcher(name string, interval time.Duration, vehicle Vehicle, parser par
 		ticker:   ticker,
 		vehicle:  vehicle,
 		parser:   parser,
 		done:     make(chan struct{}, 1),
 		onUpdate: onUpdate,
 	}
 }
--- a/adapters/provider/provider.go
+++ b/adapters/provider/provider.go
@ -120,20 +120,20 @@ func proxiesParse(buf []byte) (interface{}, error) {
 	}
 	if schema.Proxies == nil {
-		return nil, errors.New("File must have a `proxies` field")
+		return nil, errors.New("file must have a `proxies` field")
 	}
 	proxies := []C.Proxy{}
 	for idx, mapping := range schema.Proxies {
 		proxy, err := outbound.ParseProxy(mapping)
 		if err != nil {
-			return nil, fmt.Errorf("Proxy %d error: %w", idx, err)
+			return nil, fmt.Errorf("proxy %d error: %w", idx, err)
 		}
 		proxies = append(proxies, proxy)
 	}
 	if len(proxies) == 0 {
-		return nil, errors.New("File doesn't have any valid proxy")
+		return nil, errors.New("file doesn't have any valid proxy")
 	}
 	return proxies, nil
@ -142,7 +142,9 @@ func proxiesParse(buf []byte) (interface{}, error) {
 func (pp *proxySetProvider) setProxies(proxies []C.Proxy) {
 	pp.proxies = proxies
 	pp.healthCheck.setProxy(proxies)
-	go pp.healthCheck.check()
+	if pp.healthCheck.auto() {
 		go pp.healthCheck.check()
 	}
 }
 func stopProxyProvider(pd *ProxySetProvider) {
--- a/common/cache/lrucache.go
+++ b/common/cache/lrucache.go
@ -146,6 +146,23 @@ func (c *LruCache) SetWithExpire(key interface{}, value interface{}, expires tim
 	c.maybeDeleteOldest()
 }
 // CloneTo clone and overwrite elements to another LruCache
 func (c *LruCache) CloneTo(n *LruCache) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 	n.mu.Lock()
 	defer n.mu.Unlock()
 	n.lru = list.New()
 	n.cache = make(map[interface{}]*list.Element)
 	for e := c.lru.Front(); e != nil; e = e.Next() {
 		elm := e.Value.(*entry)
 		n.cache[elm.key] = n.lru.PushBack(elm)
 	}
 }
 func (c *LruCache) get(key interface{}) *entry {
 	c.mu.Lock()
 	defer c.mu.Unlock()
@ -171,7 +188,7 @@ func (c *LruCache) get(key interface{}) *entry {
 }
 // Delete removes the value associated with a key.
-func (c *LruCache) Delete(key string) {
+func (c *LruCache) Delete(key interface{}) {
 	c.mu.Lock()
 	if le, ok := c.cache[key]; ok {
--- a/common/cache/lrucache_test.go
+++ b/common/cache/lrucache_test.go
@ -164,3 +164,21 @@ func TestStale(t *testing.T) {
 	assert.Equal(t, tenSecBefore, expires)
 	assert.Equal(t, true, exist)
 }
 func TestCloneTo(t *testing.T) {
 	o := NewLRUCache(WithSize(10))
 	o.Set("1", 1)
 	o.Set("2", 2)
 	n := NewLRUCache(WithSize(2))
 	n.Set("3", 3)
 	n.Set("4", 4)
 	o.CloneTo(n)
 	assert.False(t, n.Exist("3"))
 	assert.True(t, n.Exist("1"))
 	n.Set("5", 5)
 	assert.False(t, n.Exist("1"))
 }
--- a/common/observable/observable_test.go
+++ b/common/observable/observable_test.go
@ -1,8 +1,8 @@
 package observable
 import (
 	"runtime"
 	"sync"
 	"sync/atomic"
 	"testing"
 	"time"
@ -38,20 +38,20 @@ func TestObservable_MutilSubscribe(t *testing.T) {
 	src := NewObservable(iter)
 	ch1, _ := src.Subscribe()
 	ch2, _ := src.Subscribe()
-	count := 0
+	var count int32
 	var wg sync.WaitGroup
 	wg.Add(2)
 	waitCh := func(ch <-chan interface{}) {
 		for range ch {
-			count++
+			atomic.AddInt32(&count, 1)
 		}
 		wg.Done()
 	}
 	go waitCh(ch1)
 	go waitCh(ch2)
 	wg.Wait()
-	assert.Equal(t, count, 10)
+	assert.Equal(t, int32(10), count)
 }
 func TestObservable_UnSubscribe(t *testing.T) {
@ -82,9 +82,6 @@ func TestObservable_UnSubscribeWithNotExistSubscription(t *testing.T) {
 }
 func TestObservable_SubscribeGoroutineLeak(t *testing.T) {
 	// waiting for other goroutine recycle
 	time.Sleep(120 * time.Millisecond)
 	init := runtime.NumGoroutine()
 	iter := iterator([]interface{}{1, 2, 3, 4, 5})
 	src := NewObservable(iter)
 	max := 100
@ -107,6 +104,12 @@ func TestObservable_SubscribeGoroutineLeak(t *testing.T) {
 		go waitCh(ch)
 	}
 	wg.Wait()
-	now := runtime.NumGoroutine()
+
-	assert.Equal(t, init, now)
+	for _, sub := range list {
 		_, more := <-sub
 		assert.False(t, more)
 	}
 	_, more := <-list[0]
 	assert.False(t, more)
 }
--- a/common/pool/alloc.go
+++ b/common/pool/alloc.go
@ -55,6 +55,8 @@ func (alloc *Allocator) Put(buf []byte) error {
 	if cap(buf) == 0 || cap(buf) > 65536 || cap(buf) != 1<<bits {
 		return errors.New("allocator Put() incorrect buffer size")
 	}
 	//lint:ignore SA6002 ignore temporarily
 	alloc.buffers[bits].Put(buf)
 	return nil
 }
--- a/common/pool/alloc_test.go
+++ b/common/pool/alloc_test.go
@ -25,11 +25,11 @@ func TestAllocGet(t *testing.T) {
 func TestAllocPut(t *testing.T) {
 	alloc := NewAllocator()
 	assert.NotNil(t, alloc.Put(nil), "put nil misbehavior")
-	assert.NotNil(t, alloc.Put(make([]byte, 3, 3)), "put elem:3 []bytes misbehavior")
+	assert.NotNil(t, alloc.Put(make([]byte, 3)), "put elem:3 []bytes misbehavior")
-	assert.Nil(t, alloc.Put(make([]byte, 4, 4)), "put elem:4 []bytes misbehavior")
+	assert.Nil(t, alloc.Put(make([]byte, 4)), "put elem:4 []bytes misbehavior")
 	assert.Nil(t, alloc.Put(make([]byte, 1023, 1024)), "put elem:1024 []bytes misbehavior")
-	assert.Nil(t, alloc.Put(make([]byte, 65536, 65536)), "put elem:65536 []bytes misbehavior")
+	assert.Nil(t, alloc.Put(make([]byte, 65536)), "put elem:65536 []bytes misbehavior")
-	assert.NotNil(t, alloc.Put(make([]byte, 65537, 65537)), "put elem:65537 []bytes misbehavior")
+	assert.NotNil(t, alloc.Put(make([]byte, 65537)), "put elem:65537 []bytes misbehavior")
 }
 func TestAllocPutThenGet(t *testing.T) {
--- a/common/singledo/singledo.go
+++ b/common/singledo/singledo.go
@ -24,6 +24,8 @@ type Result struct {
 	Err error
 }
 // Do single.Do likes sync.singleFilght
 //lint:ignore ST1008 it likes sync.singleFilght
 func (s *Single) Do(fn func() (interface{}, error)) (v interface{}, err error, shared bool) {
 	s.mux.Lock()
 	now := time.Now()
@ -44,9 +46,12 @@ func (s *Single) Do(fn func() (interface{}, error)) (v interface{}, err error, s
 	s.mux.Unlock()
 	call.val, call.err = fn()
 	call.wg.Done()
 	s.mux.Lock()
 	s.call = nil
 	s.result = &Result{call.val, call.err}
 	s.last = now
 	s.mux.Unlock()
 	return call.val, call.err, false
 }
--- a/common/singledo/singledo_test.go
+++ b/common/singledo/singledo_test.go
@ -2,6 +2,7 @@ package singledo
 import (
 	"sync"
 	"sync/atomic"
 	"testing"
 	"time"
@ -11,7 +12,7 @@ import (
 func TestBasic(t *testing.T) {
 	single := NewSingle(time.Millisecond * 30)
 	foo := 0
-	shardCount := 0
+	var shardCount int32 = 0
 	call := func() (interface{}, error) {
 		foo++
 		time.Sleep(time.Millisecond * 5)
@ -25,7 +26,7 @@ func TestBasic(t *testing.T) {
 		go func() {
 			_, _, shard := single.Do(call)
 			if shard {
-				shardCount++
+				atomic.AddInt32(&shardCount, 1)
 			}
 			wg.Done()
 		}()
@ -33,7 +34,7 @@ func TestBasic(t *testing.T) {
 	wg.Wait()
 	assert.Equal(t, 1, foo)
-	assert.Equal(t, 4, shardCount)
+	assert.Equal(t, int32(4), shardCount)
 }
 func TestTimer(t *testing.T) {
--- a/component/dialer/dialer.go
+++ b/component/dialer/dialer.go
@ -66,7 +66,7 @@ func DialContext(ctx context.Context, network, address string) (net.Conn, error)
 		}
 		return dialer.DialContext(ctx, network, net.JoinHostPort(ip.String(), port))
 	case "tcp", "udp":
-		return dualStackDailContext(ctx, network, address)
+		return dualStackDialContext(ctx, network, address)
 	default:
 		return nil, errors.New("network invalid")
 	}
@ -88,7 +88,7 @@ func ListenPacket(network, address string) (net.PacketConn, error) {
 	return lc.ListenPacket(context.Background(), network, address)
 }
-func dualStackDailContext(ctx context.Context, network, address string) (net.Conn, error) {
+func dualStackDialContext(ctx context.Context, network, address string) (net.Conn, error) {
 	host, port, err := net.SplitHostPort(address)
 	if err != nil {
 		return nil, err
@ -147,28 +147,27 @@ func dualStackDailContext(ctx context.Context, network, address string) (net.Con
 	go startRacer(ctx, network+"4", host, false)
 	go startRacer(ctx, network+"6", host, true)
-	for {
+	for res := range results {
-		select {
+		if res.error == nil {
-		case res := <-results:
+			return res.Conn, nil
-			if res.error == nil {
+		}
 				return res.Conn, nil
 			}
-			if !res.ipv6 {
+		if !res.ipv6 {
-				primary = res
+			primary = res
 		} else {
 			fallback = res
 		}
 		if primary.done && fallback.done {
 			if primary.resolved {
 				return nil, primary.error
 			} else if fallback.resolved {
 				return nil, fallback.error
 			} else {
-				fallback = res
+				return nil, primary.error
 			}
 			if primary.done && fallback.done {
 				if primary.resolved {
 					return nil, primary.error
 				} else if fallback.resolved {
 					return nil, fallback.error
 				} else {
 					return nil, primary.error
 				}
 			}
 		}
 	}
 	return nil, errors.New("never touched")
 }
--- a/component/fakeip/pool.go
+++ b/component/fakeip/pool.go
@ -6,7 +6,7 @@ import (
 	"sync"
 	"github.com/Dreamacro/clash/common/cache"
-	trie "github.com/Dreamacro/clash/component/domain-trie"
+	"github.com/Dreamacro/clash/component/trie"
 )
 // Pool is a implementation about fake ip generator without storage
@ -16,7 +16,7 @@ type Pool struct {
 	gateway uint32
 	offset  uint32
 	mux     sync.Mutex
-	host    *trie.Trie
+	host    *trie.DomainTrie
 	cache   *cache.LruCache
 }
@ -89,6 +89,11 @@ func (p *Pool) Gateway() net.IP {
 	return uintToIP(p.gateway)
 }
 // PatchFrom clone cache from old pool
 func (p *Pool) PatchFrom(o *Pool) {
 	o.cache.CloneTo(p.cache)
 }
 func (p *Pool) get(host string) net.IP {
 	current := p.offset
 	for {
@ -116,11 +121,11 @@ func ipToUint(ip net.IP) uint32 {
 }
 func uintToIP(v uint32) net.IP {
-	return net.IPv4(byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
+	return net.IP{byte(v >> 24), byte(v >> 16), byte(v >> 8), byte(v)}
 }
 // New return Pool instance
-func New(ipnet *net.IPNet, size int, host *trie.Trie) (*Pool, error) {
+func New(ipnet *net.IPNet, size int, host *trie.DomainTrie) (*Pool, error) {
 	min := ipToUint(ipnet.IP) + 2
 	ones, bits := ipnet.Mask.Size()
--- a/component/pool/pool.go
+++ b/component/pool/pool.go
@ -0,0 +1,114 @@
 package pool
 import (
 	"context"
 	"runtime"
 	"time"
 )
 type Factory = func(context.Context) (interface{}, error)
 type entry struct {
 	elm  interface{}
 	time time.Time
 }
 type Option func(*pool)
 // WithEvict set the evict callback
 func WithEvict(cb func(interface{})) Option {
 	return func(p *pool) {
 		p.evict = cb
 	}
 }
 // WithAge defined element max age (millisecond)
 func WithAge(maxAge int64) Option {
 	return func(p *pool) {
 		p.maxAge = maxAge
 	}
 }
 // WithSize defined max size of Pool
 func WithSize(maxSize int) Option {
 	return func(p *pool) {
 		p.ch = make(chan interface{}, maxSize)
 	}
 }
 // Pool is for GC, see New for detail
 type Pool struct {
 	*pool
 }
 type pool struct {
 	ch      chan interface{}
 	factory Factory
 	evict   func(interface{})
 	maxAge  int64
 }
 func (p *pool) GetContext(ctx context.Context) (interface{}, error) {
 	now := time.Now()
 	for {
 		select {
 		case item := <-p.ch:
 			elm := item.(*entry)
 			if p.maxAge != 0 && now.Sub(item.(*entry).time).Milliseconds() > p.maxAge {
 				if p.evict != nil {
 					p.evict(elm.elm)
 				}
 				continue
 			}
 			return elm.elm, nil
 		default:
 			return p.factory(ctx)
 		}
 	}
 }
 func (p *pool) Get() (interface{}, error) {
 	return p.GetContext(context.Background())
 }
 func (p *pool) Put(item interface{}) {
 	e := &entry{
 		elm:  item,
 		time: time.Now(),
 	}
 	select {
 	case p.ch <- e:
 		return
 	default:
 		// pool is full
 		if p.evict != nil {
 			p.evict(item)
 		}
 		return
 	}
 }
 func recycle(p *Pool) {
 	for item := range p.pool.ch {
 		if p.pool.evict != nil {
 			p.pool.evict(item.(*entry).elm)
 		}
 	}
 }
 func New(factory Factory, options ...Option) *Pool {
 	p := &pool{
 		ch:      make(chan interface{}, 10),
 		factory: factory,
 	}
 	for _, option := range options {
 		option(p)
 	}
 	P := &Pool{p}
 	runtime.SetFinalizer(P, recycle)
 	return P
 }
--- a/component/pool/pool_test.go
+++ b/component/pool/pool_test.go
@ -0,0 +1,73 @@
 package pool
 import (
 	"context"
 	"testing"
 	"time"
 	"github.com/stretchr/testify/assert"
 )
 func lg() Factory {
 	initial := -1
 	return func(context.Context) (interface{}, error) {
 		initial++
 		return initial, nil
 	}
 }
 func TestPool_Basic(t *testing.T) {
 	g := lg()
 	pool := New(g)
 	elm, _ := pool.Get()
 	assert.Equal(t, 0, elm.(int))
 	pool.Put(elm)
 	elm, _ = pool.Get()
 	assert.Equal(t, 0, elm.(int))
 	elm, _ = pool.Get()
 	assert.Equal(t, 1, elm.(int))
 }
 func TestPool_MaxSize(t *testing.T) {
 	g := lg()
 	size := 5
 	pool := New(g, WithSize(size))
 	items := []interface{}{}
 	for i := 0; i < size; i++ {
 		item, _ := pool.Get()
 		items = append(items, item)
 	}
 	extra, _ := pool.Get()
 	assert.Equal(t, size, extra.(int))
 	for _, item := range items {
 		pool.Put(item)
 	}
 	pool.Put(extra)
 	for _, item := range items {
 		elm, _ := pool.Get()
 		assert.Equal(t, item.(int), elm.(int))
 	}
 }
 func TestPool_MaxAge(t *testing.T) {
 	g := lg()
 	pool := New(g, WithAge(20))
 	elm, _ := pool.Get()
 	pool.Put(elm)
 	elm, _ = pool.Get()
 	assert.Equal(t, 0, elm.(int))
 	pool.Put(elm)
 	time.Sleep(time.Millisecond * 22)
 	elm, _ = pool.Get()
 	assert.Equal(t, 1, elm.(int))
 }
--- a/component/resolver/enhancer.go
+++ b/component/resolver/enhancer.go
@ -0,0 +1,46 @@
 package resolver
 import (
 	"net"
 )
 var DefaultHostMapper Enhancer
 type Enhancer interface {
 	FakeIPEnabled() bool
 	MappingEnabled() bool
 	IsFakeIP(net.IP) bool
 	FindHostByIP(net.IP) (string, bool)
 }
 func FakeIPEnabled() bool {
 	if mapper := DefaultHostMapper; mapper != nil {
 		return mapper.FakeIPEnabled()
 	}
 	return false
 }
 func MappingEnabled() bool {
 	if mapper := DefaultHostMapper; mapper != nil {
 		return mapper.MappingEnabled()
 	}
 	return false
 }
 func IsFakeIP(ip net.IP) bool {
 	if mapper := DefaultHostMapper; mapper != nil {
 		return mapper.IsFakeIP(ip)
 	}
 	return false
 }
 func FindHostByIP(ip net.IP) (string, bool) {
 	if mapper := DefaultHostMapper; mapper != nil {
 		return mapper.FindHostByIP(ip)
 	}
 	return "", false
 }
--- a/component/resolver/resolver.go
+++ b/component/resolver/resolver.go
@ -5,20 +5,25 @@ import (
 	"net"
 	"strings"
-	trie "github.com/Dreamacro/clash/component/domain-trie"
+	"github.com/Dreamacro/clash/component/trie"
 )
 var (
 	// DefaultResolver aim to resolve ip
 	DefaultResolver Resolver
 	// DisableIPv6 means don't resolve ipv6 host
 	// default value is true
 	DisableIPv6 = true
 	// DefaultHosts aim to resolve hosts
 	DefaultHosts = trie.New()
 )
 var (
-	ErrIPNotFound = errors.New("couldn't find ip")
+	ErrIPNotFound   = errors.New("couldn't find ip")
-	ErrIPVersion  = errors.New("ip version error")
+	ErrIPVersion    = errors.New("ip version error")
 	ErrIPv6Disabled = errors.New("ipv6 disabled")
 )
 type Resolver interface {
@ -63,6 +68,10 @@ func ResolveIPv4(host string) (net.IP, error) {
 // ResolveIPv6 with a host, return ipv6
 func ResolveIPv6(host string) (net.IP, error) {
 	if DisableIPv6 {
 		return nil, ErrIPv6Disabled
 	}
 	if node := DefaultHosts.Search(host); node != nil {
 		if ip := node.Data.(net.IP).To16(); ip != nil {
 			return ip, nil
@ -102,7 +111,12 @@ func ResolveIP(host string) (net.IP, error) {
 	}
 	if DefaultResolver != nil {
 		if DisableIPv6 {
 			return DefaultResolver.ResolveIPv4(host)
 		}
 		return DefaultResolver.ResolveIP(host)
 	} else if DisableIPv6 {
 		return ResolveIPv4(host)
 	}
 	ip := net.ParseIP(host)
--- a/component/simple-obfs/http.go
+++ b/component/simple-obfs/http.go
@ -28,6 +28,7 @@ func (ho *HTTPObfs) Read(b []byte) (int, error) {
 		n := copy(b, ho.buf[ho.offset:])
 		ho.offset += n
 		if ho.offset == len(ho.buf) {
 			pool.Put(ho.buf)
 			ho.buf = nil
 		}
 		return n, nil
@ -67,7 +68,10 @@ func (ho *HTTPObfs) Write(b []byte) (int, error) {
 		req.Header.Set("User-Agent", fmt.Sprintf("curl/7.%d.%d", rand.Int()%54, rand.Int()%2))
 		req.Header.Set("Upgrade", "websocket")
 		req.Header.Set("Connection", "Upgrade")
-		req.Host = fmt.Sprintf("%s:%s", ho.host, ho.port)
+		req.Host = ho.host
 		if ho.port != "80" {
 			req.Host = fmt.Sprintf("%s:%s", ho.host, ho.port)
 		}
 		req.Header.Set("Sec-WebSocket-Key", base64.URLEncoding.EncodeToString(randBytes))
 		req.ContentLength = int64(len(b))
 		err := req.Write(ho.Conn)
--- a/component/snell/cipher.go
+++ b/component/snell/cipher.go
@ -1,21 +1,54 @@
 package snell
 import (
 	"crypto/aes"
 	"crypto/cipher"
 	"github.com/Dreamacro/go-shadowsocks2/shadowaead"
 	"golang.org/x/crypto/argon2"
 	"golang.org/x/crypto/chacha20poly1305"
 )
 type snellCipher struct {
 	psk      []byte
 	keySize  int
 	makeAEAD func(key []byte) (cipher.AEAD, error)
 }
-func (sc *snellCipher) KeySize() int  { return 32 }
+func (sc *snellCipher) KeySize() int  { return sc.keySize }
 func (sc *snellCipher) SaltSize() int { return 16 }
 func (sc *snellCipher) Encrypter(salt []byte) (cipher.AEAD, error) {
-	return sc.makeAEAD(argon2.IDKey(sc.psk, salt, 3, 8, 1, uint32(sc.KeySize())))
+	return sc.makeAEAD(snellKDF(sc.psk, salt, sc.KeySize()))
 }
 func (sc *snellCipher) Decrypter(salt []byte) (cipher.AEAD, error) {
-	return sc.makeAEAD(argon2.IDKey(sc.psk, salt, 3, 8, 1, uint32(sc.KeySize())))
+	return sc.makeAEAD(snellKDF(sc.psk, salt, sc.KeySize()))
 }
 func snellKDF(psk, salt []byte, keySize int) []byte {
 	// snell use a special kdf function
 	return argon2.IDKey(psk, salt, 3, 8, 1, 32)[:keySize]
 }
 func aesGCM(key []byte) (cipher.AEAD, error) {
 	blk, err := aes.NewCipher(key)
 	if err != nil {
 		return nil, err
 	}
 	return cipher.NewGCM(blk)
 }
 func NewAES128GCM(psk []byte) shadowaead.Cipher {
 	return &snellCipher{
 		psk:      psk,
 		keySize:  16,
 		makeAEAD: aesGCM,
 	}
 }
 func NewChacha20Poly1305(psk []byte) shadowaead.Cipher {
 	return &snellCipher{
 		psk:      psk,
 		keySize:  32,
 		makeAEAD: chacha20poly1305.New,
 	}
 }
--- a/component/snell/pool.go
+++ b/component/snell/pool.go
@ -0,0 +1,80 @@
 package snell
 import (
 	"context"
 	"net"
 	"github.com/Dreamacro/clash/component/pool"
 	"github.com/Dreamacro/go-shadowsocks2/shadowaead"
 )
 type Pool struct {
 	pool *pool.Pool
 }
 func (p *Pool) Get() (net.Conn, error) {
 	return p.GetContext(context.Background())
 }
 func (p *Pool) GetContext(ctx context.Context) (net.Conn, error) {
 	elm, err := p.pool.GetContext(ctx)
 	if err != nil {
 		return nil, err
 	}
 	return &PoolConn{elm.(*Snell), p}, nil
 }
 func (p *Pool) Put(conn net.Conn) {
 	if err := HalfClose(conn); err != nil {
 		conn.Close()
 		return
 	}
 	p.pool.Put(conn)
 }
 type PoolConn struct {
 	*Snell
 	pool *Pool
 }
 func (pc *PoolConn) Read(b []byte) (int, error) {
 	// save old status of reply (it mutable by Read)
 	reply := pc.Snell.reply
 	n, err := pc.Snell.Read(b)
 	if err == shadowaead.ErrZeroChunk {
 		// if reply is false, it should be client halfclose.
 		// ignore error and read data again.
 		if !reply {
 			pc.Snell.reply = false
 			return pc.Snell.Read(b)
 		}
 	}
 	return n, err
 }
 func (pc *PoolConn) Write(b []byte) (int, error) {
 	return pc.Snell.Write(b)
 }
 func (pc *PoolConn) Close() error {
 	pc.pool.Put(pc.Snell)
 	return nil
 }
 func NewPool(factory func(context.Context) (*Snell, error)) *Pool {
 	p := pool.New(
 		func(ctx context.Context) (interface{}, error) {
 			return factory(ctx)
 		},
 		pool.WithAge(15000),
 		pool.WithSize(10),
 		pool.WithEvict(func(item interface{}) {
 			item.(*Snell).Close()
 		}),
 	)
 	return &Pool{p}
 }
--- a/component/snell/snell.go
+++ b/component/snell/snell.go
@ -4,19 +4,27 @@ import (
 	"bytes"
 	"encoding/binary"
 	"errors"
 	"fmt"
 	"io"
 	"net"
 	"sync"
 	"github.com/Dreamacro/go-shadowsocks2/shadowaead"
 	"golang.org/x/crypto/chacha20poly1305"
 )
 const (
-	CommandPing    byte = 0
+	Version1            = 1
-	CommandConnect byte = 1
+	Version2            = 2
 	DefaultSnellVersion = Version1
 )
 const (
 	CommandPing      byte = 0
 	CommandConnect   byte = 1
 	CommandConnectV2 byte = 5
 	CommandTunnel byte = 0
 	CommandPong   byte = 1
 	CommandError  byte = 2
 	Version byte = 1
@ -24,6 +32,7 @@ const (
 var (
 	bufferPool = sync.Pool{New: func() interface{} { return &bytes.Buffer{} }}
 	endSignal  = []byte{}
 )
 type Snell struct {
@ -45,14 +54,20 @@ func (s *Snell) Read(b []byte) (int, error) {
 	if s.buffer[0] == CommandTunnel {
 		return s.Conn.Read(b)
 	} else if s.buffer[0] != CommandError {
-		return 0, errors.New("Command not support")
+		return 0, errors.New("command not support")
 	}
 	// CommandError
 	// 1 byte error code
 	if _, err := io.ReadFull(s.Conn, s.buffer[:]); err != nil {
 		return 0, err
 	}
 	errcode := int(s.buffer[0])
 	// 1 byte error message length
 	if _, err := io.ReadFull(s.Conn, s.buffer[:]); err != nil {
 		return 0, err
 	}
 	length := int(s.buffer[0])
 	msg := make([]byte, length)
@ -60,15 +75,19 @@ func (s *Snell) Read(b []byte) (int, error) {
 		return 0, err
 	}
-	return 0, errors.New(string(msg))
+	return 0, fmt.Errorf("server reported code: %d, message: %s", errcode, string(msg))
 }
-func WriteHeader(conn net.Conn, host string, port uint) error {
+func WriteHeader(conn net.Conn, host string, port uint, version int) error {
 	buf := bufferPool.Get().(*bytes.Buffer)
 	buf.Reset()
 	defer bufferPool.Put(buf)
 	buf.WriteByte(Version)
-	buf.WriteByte(CommandConnect)
+	if version == Version2 {
 		buf.WriteByte(CommandConnectV2)
 	} else {
 		buf.WriteByte(CommandConnect)
 	}
 	// clientID length & id
 	buf.WriteByte(0)
@ -85,7 +104,24 @@ func WriteHeader(conn net.Conn, host string, port uint) error {
 	return nil
 }
-func StreamConn(conn net.Conn, psk []byte) net.Conn {
+// HalfClose works only on version2
-	cipher := &snellCipher{psk, chacha20poly1305.New}
+func HalfClose(conn net.Conn) error {
 	if _, err := conn.Write(endSignal); err != nil {
 		return err
 	}
 	if s, ok := conn.(*Snell); ok {
 		s.reply = false
 	}
 	return nil
 }
 func StreamConn(conn net.Conn, psk []byte, version int) *Snell {
 	var cipher shadowaead.Cipher
 	if version == Version2 {
 		cipher = NewAES128GCM(psk)
 	} else {
 		cipher = NewChacha20Poly1305(psk)
 	}
 	return &Snell{Conn: shadowaead.NewConn(conn, cipher)}
 }
--- a/component/socks5/socks5.go
+++ b/component/socks5/socks5.go
@ -21,6 +21,8 @@ func (err Error) Error() string {
 // Command is request commands as defined in RFC 1928 section 4.
 type Command = uint8
 const Version = 5
 // SOCKS request commands as defined in RFC 1928 section 4.
 const (
 	CmdConnect      Command = 1
@ -227,6 +229,10 @@ func ClientHandshake(rw io.ReadWriter, addr Addr, command Command, user *User) (
 	}
 	if buf[1] == 2 {
 		if user == nil {
 			return nil, ErrAuth
 		}
 		// password protocol version
 		authMsg := &bytes.Buffer{}
 		authMsg.WriteByte(1)
--- a/component/ssr/obfs/base.go
+++ b/component/ssr/obfs/base.go
@ -0,0 +1,11 @@
 package obfs
 // Base information for obfs
 type Base struct {
 	IVSize  int
 	Key     []byte
 	HeadLen int
 	Host    string
 	Port    int
 	Param   string
 }
--- a/component/ssr/obfs/http_post.go
+++ b/component/ssr/obfs/http_post.go
@ -0,0 +1,9 @@
 package obfs
 func init() {
 	register("http_post", newHTTPPost)
 }
 func newHTTPPost(b *Base) Obfs {
 	return &httpObfs{Base: b, post: true}
 }
--- a/component/ssr/obfs/http_simple.go
+++ b/component/ssr/obfs/http_simple.go
@ -0,0 +1,402 @@
 package obfs
 import (
 	"bytes"
 	"encoding/hex"
 	"fmt"
 	"io"
 	"math/rand"
 	"strings"
 )
 type httpObfs struct {
 	*Base
 	firstRequest  bool
 	firstResponse bool
 	post          bool
 }
 func init() {
 	register("http_simple", newHTTPSimple)
 }
 func newHTTPSimple(b *Base) Obfs {
 	return &httpObfs{Base: b}
 }
 func (h *httpObfs) initForConn() Obfs {
 	return &httpObfs{
 		Base:          h.Base,
 		firstRequest:  true,
 		firstResponse: true,
 		post:          h.post,
 	}
 }
 func (h *httpObfs) GetObfsOverhead() int {
 	return 0
 }
 func (h *httpObfs) Decode(b []byte) ([]byte, bool, error) {
 	if h.firstResponse {
 		idx := bytes.Index(b, []byte("\r\n\r\n"))
 		if idx == -1 {
 			return nil, false, io.EOF
 		}
 		h.firstResponse = false
 		return b[idx+4:], false, nil
 	}
 	return b, false, nil
 }
 func (h *httpObfs) Encode(b []byte) ([]byte, error) {
 	if h.firstRequest {
 		bSize := len(b)
 		var headData []byte
 		if headSize := h.IVSize + h.HeadLen; bSize-headSize > 64 {
 			headData = make([]byte, headSize+rand.Intn(64))
 		} else {
 			headData = make([]byte, bSize)
 		}
 		copy(headData, b[:len(headData)])
 		host := h.Host
 		var customHead string
 		if len(h.Param) > 0 {
 			customHeads := strings.Split(h.Param, "#")
 			if len(customHeads) > 2 {
 				customHeads = customHeads[:2]
 			}
 			customHosts := h.Param
 			if len(customHeads) > 1 {
 				customHosts = customHeads[0]
 				customHead = customHeads[1]
 			}
 			hosts := strings.Split(customHosts, ",")
 			if len(hosts) > 0 {
 				host = strings.TrimSpace(hosts[rand.Intn(len(hosts))])
 			}
 		}
 		method := "GET /"
 		if h.post {
 			method = "POST /"
 		}
 		requestPathIndex := rand.Intn(len(requestPath)/2) * 2
 		httpBuf := fmt.Sprintf("%s%s%s%s HTTP/1.1\r\nHost: %s:%d\r\n",
 			method,
 			requestPath[requestPathIndex],
 			data2URLEncode(headData),
 			requestPath[requestPathIndex+1],
 			host, h.Port)
 		if len(customHead) > 0 {
 			httpBuf = httpBuf + strings.Replace(customHead, "\\n", "\r\n", -1) + "\r\n\r\n"
 		} else {
 			var contentType string
 			if h.post {
 				contentType = "Content-Type: multipart/form-data; boundary=" + boundary() + "\r\n"
 			}
 			httpBuf = httpBuf + "User-agent: " + requestUserAgent[rand.Intn(len(requestUserAgent))] + "\r\n" +
 				"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n" +
 				"Accept-Language: en-US,en;q=0.8\r\n" +
 				"Accept-Encoding: gzip, deflate\r\n" +
 				contentType +
 				"DNT: 1\r\n" +
 				"Connection: keep-alive\r\n" +
 				"\r\n"
 		}
 		var encoded []byte
 		if len(headData) < bSize {
 			encoded = make([]byte, len(httpBuf)+(bSize-len(headData)))
 			copy(encoded, []byte(httpBuf))
 			copy(encoded[len(httpBuf):], b[len(headData):])
 		} else {
 			encoded = []byte(httpBuf)
 		}
 		h.firstRequest = false
 		return encoded, nil
 	}
 	return b, nil
 }
 func data2URLEncode(data []byte) (ret string) {
 	for i := 0; i < len(data); i++ {
 		ret = fmt.Sprintf("%s%%%s", ret, hex.EncodeToString([]byte{data[i]}))
 	}
 	return
 }
 func boundary() (ret string) {
 	set := "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
 	for i := 0; i < 32; i++ {
 		ret = fmt.Sprintf("%s%c", ret, set[rand.Intn(len(set))])
 	}
 	return
 }
 var (
 	requestPath = []string{
 		"", "",
 		"login.php?redir=", "",
 		"register.php?code=", "",
 		"?keyword=", "",
 		"search?src=typd&q=", "&lang=en",
 		"s?ie=utf-8&f=8&rsv_bp=1&rsv_idx=1&ch=&bar=&wd=", "&rn=",
 		"post.php?id=", "&goto=view.php",
 	}
 	requestUserAgent = []string{
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 7.0; Moto C Build/NRD90M.059) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 6.0.1; SM-G532M Build/MMB29T; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/55.0.2883.91 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 5.1.1; SM-J120M Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 7.0; Moto G (5) Build/NPPS25.137-93-14) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 7.0; SM-G570M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.80 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 5.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 6.0; CAM-L03 Build/HUAWEICAM-L03) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.76 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36",
 		"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3",
 		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36",
 		"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7",
 		"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
 		"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3",
 		"Mozilla/5.0 (Linux; Android 8.0.0; FIG-LX3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.80 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36",
 		"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10",
 		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36",
 		"Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.1 Safari/533.2",
 		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.89 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36",
 		"Mozilla/5.0 (X11; Datanyze; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 5.1.1; SM-J111M Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36",
 		"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 6.0.1; SM-J700M Build/MMB29K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.63 Safari/537.36",
 		"Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Slackware/Chrome/12.0.742.100 Safari/534.30",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
 		"Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30",
 		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 8.0.0; WAS-LX3 Build/HUAWEIWAS-LX3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.1805 Safari/537.36 MVisionPlayer/1.0.0.0",
 		"Mozilla/5.0 (Linux; Android 7.0; TRT-LX3 Build/HUAWEITRT-LX3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
 		"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 6.0; vivo 1610 Build/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.124 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG GT-I9195 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36",
 		"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 8.0.0; ANE-LX3 Build/HUAWEIANE-LX3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36",
 		"Mozilla/5.0 (X11; U; Linux i586; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.1 Safari/533.2",
 		"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 7.0; SM-G610M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.80 Mobile Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 6.0.1; SM-J500M Build/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7",
 		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 6.0; vivo 1606 Build/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.124 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
 		"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 7.0; SM-G610M Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 7.1; vivo 1716 Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.98 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 7.0; SM-G570M Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 6.0; MYA-L22 Build/HUAWEIMYA-L22) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 5.1; A1601 Build/LMY47I) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.98 Mobile Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 7.0; TRT-LX2 Build/HUAWEITRT-LX2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/59.0.3071.125 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36",
 		"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.17 (KHTML, like Gecko) Chrome/10.0.649.0 Safari/534.17",
 		"Mozilla/5.0 (Linux; Android 6.0; CAM-L21 Build/HUAWEICAM-L21; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/62.0.3202.84 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36",
 		"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.3 Safari/534.24",
 		"Mozilla/5.0 (Linux; Android 7.1.2; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 4.4.2; SM-G7102 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.109 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 5.1; HUAWEI CUN-L22 Build/HUAWEICUN-L22; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/62.0.3202.84 Mobile Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 5.1.1; A37fw Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 7.0; SM-J730GM Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 7.0; SM-G610F Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 7.1.2; Redmi Note 5A Build/N2G47H; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/63.0.3239.111 Mobile Safari/537.36",
 		"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36",
 		"Mozilla/5.0 (Unknown; Linux) AppleWebKit/538.1 (KHTML, like Gecko) Chrome/v1.0.0 Safari/538.1",
 		"Mozilla/5.0 (Linux; Android 7.0; BLL-L22 Build/HUAWEIBLL-L22) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.91 Mobile Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 7.0; SM-J710F Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 6.0.1; SM-G532M Build/MMB29T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.91 Mobile Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 7.1.1; CPH1723 Build/N6F26Q) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.98 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 8.0.0; FIG-LX3 Build/HUAWEIFIG-LX3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows; U; Windows NT 6.1; de-DE) AppleWebKit/534.17 (KHTML, like Gecko) Chrome/10.0.649.0 Safari/534.17",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.63 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 7.1; Mi A1 Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
 		"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.89 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36 MVisionPlayer/1.0.0.0",
 		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 5.1; A37f Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.76 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 6.0.1; CPH1607 Build/MMB29M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/63.0.3239.111 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36",
 		"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 6.0.1; vivo 1603 Build/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 6.0.1; SM-G532M Build/MMB29T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 6.0.1; Redmi 4A Build/MMB29M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.116 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36",
 		"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 6.0.1; SM-G532G Build/MMB29T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.83 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.109 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36",
 		"Mozilla/5.0 (Linux; Android 6.0; vivo 1713 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.124 Mobile Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.89 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36",
 		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36",
 	}
 )
--- a/component/ssr/obfs/obfs.go
+++ b/component/ssr/obfs/obfs.go
@ -0,0 +1,37 @@
 package obfs
 import (
 	"errors"
 	"fmt"
 	"strings"
 )
 var (
 	errTLS12TicketAuthIncorrectMagicNumber = errors.New("tls1.2_ticket_auth incorrect magic number")
 	errTLS12TicketAuthTooShortData         = errors.New("tls1.2_ticket_auth too short data")
 	errTLS12TicketAuthHMACError            = errors.New("tls1.2_ticket_auth hmac verifying failed")
 )
 // Obfs provides methods for decoding and encoding
 type Obfs interface {
 	initForConn() Obfs
 	GetObfsOverhead() int
 	Decode(b []byte) ([]byte, bool, error)
 	Encode(b []byte) ([]byte, error)
 }
 type obfsCreator func(b *Base) Obfs
 var obfsList = make(map[string]obfsCreator)
 func register(name string, c obfsCreator) {
 	obfsList[name] = c
 }
 // PickObfs returns an obfs of the given name
 func PickObfs(name string, b *Base) (Obfs, error) {
 	if obfsCreator, ok := obfsList[strings.ToLower(name)]; ok {
 		return obfsCreator(b), nil
 	}
 	return nil, fmt.Errorf("Obfs %s not supported", name)
 }
--- a/component/ssr/obfs/plain.go
+++ b/component/ssr/obfs/plain.go
@ -0,0 +1,25 @@
 package obfs
 type plain struct{}
 func init() {
 	register("plain", newPlain)
 }
 func newPlain(b *Base) Obfs {
 	return &plain{}
 }
 func (p *plain) initForConn() Obfs { return &plain{} }
 func (p *plain) GetObfsOverhead() int {
 	return 0
 }
 func (p *plain) Encode(b []byte) ([]byte, error) {
 	return b, nil
 }
 func (p *plain) Decode(b []byte) ([]byte, bool, error) {
 	return b, false, nil
 }
--- a/component/ssr/obfs/random_head.go
+++ b/component/ssr/obfs/random_head.go
@ -0,0 +1,75 @@
 package obfs
 import (
 	"encoding/binary"
 	"hash/crc32"
 	"math/rand"
 )
 type randomHead struct {
 	*Base
 	firstRequest  bool
 	firstResponse bool
 	headerSent    bool
 	buffer        []byte
 }
 func init() {
 	register("random_head", newRandomHead)
 }
 func newRandomHead(b *Base) Obfs {
 	return &randomHead{Base: b}
 }
 func (r *randomHead) initForConn() Obfs {
 	return &randomHead{
 		Base:          r.Base,
 		firstRequest:  true,
 		firstResponse: true,
 	}
 }
 func (r *randomHead) GetObfsOverhead() int {
 	return 0
 }
 func (r *randomHead) Encode(b []byte) (encoded []byte, err error) {
 	if !r.firstRequest {
 		return b, nil
 	}
 	bSize := len(b)
 	if r.headerSent {
 		if bSize > 0 {
 			d := make([]byte, len(r.buffer)+bSize)
 			copy(d, r.buffer)
 			copy(d[len(r.buffer):], b)
 			r.buffer = d
 		} else {
 			encoded = r.buffer
 			r.buffer = nil
 			r.firstRequest = false
 		}
 	} else {
 		size := rand.Intn(96) + 8
 		encoded = make([]byte, size)
 		rand.Read(encoded)
 		crc := (0xFFFFFFFF - crc32.ChecksumIEEE(encoded[:size-4])) & 0xFFFFFFFF
 		binary.LittleEndian.PutUint32(encoded[size-4:], crc)
 		d := make([]byte, bSize)
 		copy(d, b)
 		r.buffer = d
 	}
 	r.headerSent = true
 	return encoded, nil
 }
 func (r *randomHead) Decode(b []byte) ([]byte, bool, error) {
 	if r.firstResponse {
 		r.firstResponse = false
 		return b, true, nil
 	}
 	return b, false, nil
 }
--- a/component/ssr/obfs/stream.go
+++ b/component/ssr/obfs/stream.go
@ -0,0 +1,72 @@
 package obfs
 import (
 	"net"
 	"github.com/Dreamacro/clash/common/pool"
 )
 // NewConn wraps a stream-oriented net.Conn with obfs decoding/encoding
 func NewConn(c net.Conn, o Obfs) net.Conn {
 	return &Conn{Conn: c, Obfs: o.initForConn()}
 }
 // Conn represents an obfs connection
 type Conn struct {
 	net.Conn
 	Obfs
 	buf    []byte
 	offset int
 }
 func (c *Conn) Read(b []byte) (int, error) {
 	if c.buf != nil {
 		n := copy(b, c.buf[c.offset:])
 		c.offset += n
 		if c.offset == len(c.buf) {
 			pool.Put(c.buf)
 			c.buf = nil
 		}
 		return n, nil
 	}
 	buf := pool.Get(pool.RelayBufferSize)
 	defer pool.Put(buf)
 	n, err := c.Conn.Read(buf)
 	if err != nil {
 		return 0, err
 	}
 	decoded, sendback, err := c.Decode(buf[:n])
 	// decoded may be part of buf
 	decodedData := pool.Get(len(decoded))
 	copy(decodedData, decoded)
 	if err != nil {
 		pool.Put(decodedData)
 		return 0, err
 	}
 	if sendback {
 		c.Write(nil)
 		pool.Put(decodedData)
 		return 0, nil
 	}
 	n = copy(b, decodedData)
 	if len(decodedData) > len(b) {
 		c.buf = decodedData
 		c.offset = n
 	} else {
 		pool.Put(decodedData)
 	}
 	return n, err
 }
 func (c *Conn) Write(b []byte) (int, error) {
 	encoded, err := c.Encode(b)
 	if err != nil {
 		return 0, err
 	}
 	_, err = c.Conn.Write(encoded)
 	if err != nil {
 		return 0, err
 	}
 	return len(b), nil
 }
--- a/component/ssr/obfs/tls12_ticket_auth.go
+++ b/component/ssr/obfs/tls12_ticket_auth.go
@ -0,0 +1,290 @@
 package obfs
 import (
 	"bytes"
 	"crypto/hmac"
 	"encoding/binary"
 	"fmt"
 	"io"
 	"math/rand"
 	"strings"
 	"time"
 	"github.com/Dreamacro/clash/common/pool"
 	"github.com/Dreamacro/clash/component/ssr/tools"
 	"github.com/Dreamacro/clash/log"
 )
 type tlsAuthData struct {
 	localClientID [32]byte
 }
 type tls12Ticket struct {
 	*Base
 	*tlsAuthData
 	handshakeStatus int
 	sendSaver       bytes.Buffer
 	recvBuffer      bytes.Buffer
 	buffer          bytes.Buffer
 }
 func init() {
 	register("tls1.2_ticket_auth", newTLS12Ticket)
 	register("tls1.2_ticket_fastauth", newTLS12Ticket)
 }
 func newTLS12Ticket(b *Base) Obfs {
 	return &tls12Ticket{
 		Base: b,
 	}
 }
 func (t *tls12Ticket) initForConn() Obfs {
 	r := &tls12Ticket{
 		Base:        t.Base,
 		tlsAuthData: &tlsAuthData{},
 	}
 	rand.Read(r.localClientID[:])
 	return r
 }
 func (t *tls12Ticket) GetObfsOverhead() int {
 	return 5
 }
 func (t *tls12Ticket) Decode(b []byte) ([]byte, bool, error) {
 	if t.handshakeStatus == -1 {
 		return b, false, nil
 	}
 	t.buffer.Reset()
 	if t.handshakeStatus == 8 {
 		t.recvBuffer.Write(b)
 		for t.recvBuffer.Len() > 5 {
 			var h [5]byte
 			t.recvBuffer.Read(h[:])
 			if !bytes.Equal(h[:3], []byte{0x17, 0x3, 0x3}) {
 				log.Warnln("incorrect magic number %x, 0x170303 is expected", h[:3])
 				return nil, false, errTLS12TicketAuthIncorrectMagicNumber
 			}
 			size := int(binary.BigEndian.Uint16(h[3:5]))
 			if t.recvBuffer.Len() < size {
 				// 不够读，下回再读吧
 				unread := t.recvBuffer.Bytes()
 				t.recvBuffer.Reset()
 				t.recvBuffer.Write(h[:])
 				t.recvBuffer.Write(unread)
 				break
 			}
 			d := pool.Get(size)
 			t.recvBuffer.Read(d)
 			t.buffer.Write(d)
 			pool.Put(d)
 		}
 		return t.buffer.Bytes(), false, nil
 	}
 	if len(b) < 11+32+1+32 {
 		return nil, false, errTLS12TicketAuthTooShortData
 	}
 	hash := t.hmacSHA1(b[11 : 11+22])
 	if !hmac.Equal(b[33:33+tools.HmacSHA1Len], hash) {
 		return nil, false, errTLS12TicketAuthHMACError
 	}
 	return nil, true, nil
 }
 func (t *tls12Ticket) Encode(b []byte) ([]byte, error) {
 	t.buffer.Reset()
 	switch t.handshakeStatus {
 	case 8:
 		if len(b) < 1024 {
 			d := []byte{0x17, 0x3, 0x3, 0, 0}
 			binary.BigEndian.PutUint16(d[3:5], uint16(len(b)&0xFFFF))
 			t.buffer.Write(d)
 			t.buffer.Write(b)
 			return t.buffer.Bytes(), nil
 		}
 		start := 0
 		var l int
 		for len(b)-start > 2048 {
 			l = rand.Intn(4096) + 100
 			if l > len(b)-start {
 				l = len(b) - start
 			}
 			packData(&t.buffer, b[start:start+l])
 			start += l
 		}
 		if len(b)-start > 0 {
 			l = len(b) - start
 			packData(&t.buffer, b[start:start+l])
 		}
 		return t.buffer.Bytes(), nil
 	case 1:
 		if len(b) > 0 {
 			if len(b) < 1024 {
 				packData(&t.sendSaver, b)
 			} else {
 				start := 0
 				var l int
 				for len(b)-start > 2048 {
 					l = rand.Intn(4096) + 100
 					if l > len(b)-start {
 						l = len(b) - start
 					}
 					packData(&t.buffer, b[start:start+l])
 					start += l
 				}
 				if len(b)-start > 0 {
 					l = len(b) - start
 					packData(&t.buffer, b[start:start+l])
 				}
 				io.Copy(&t.sendSaver, &t.buffer)
 			}
 			return []byte{}, nil
 		}
 		hmacData := make([]byte, 43)
 		handshakeFinish := []byte("\x14\x03\x03\x00\x01\x01\x16\x03\x03\x00\x20")
 		copy(hmacData, handshakeFinish)
 		rand.Read(hmacData[11:33])
 		h := t.hmacSHA1(hmacData[:33])
 		copy(hmacData[33:], h)
 		t.buffer.Write(hmacData)
 		io.Copy(&t.buffer, &t.sendSaver)
 		t.handshakeStatus = 8
 		return t.buffer.Bytes(), nil
 	case 0:
 		tlsData0 := []byte("\x00\x1c\xc0\x2b\xc0\x2f\xcc\xa9\xcc\xa8\xcc\x14\xcc\x13\xc0\x0a\xc0\x14\xc0\x09\xc0\x13\x00\x9c\x00\x35\x00\x2f\x00\x0a\x01\x00")
 		tlsData1 := []byte("\xff\x01\x00\x01\x00")
 		tlsData2 := []byte("\x00\x17\x00\x00\x00\x23\x00\xd0")
 		// tlsData3 := []byte("\x00\x0d\x00\x16\x00\x14\x06\x01\x06\x03\x05\x01\x05\x03\x04\x01\x04\x03\x03\x01\x03\x03\x02\x01\x02\x03\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\x12\x00\x00\x75\x50\x00\x00\x00\x0b\x00\x02\x01\x00\x00\x0a\x00\x06\x00\x04\x00\x17\x00\x18\x00\x15\x00\x66\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
 		tlsData3 := []byte("\x00\x0d\x00\x16\x00\x14\x06\x01\x06\x03\x05\x01\x05\x03\x04\x01\x04\x03\x03\x01\x03\x03\x02\x01\x02\x03\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\x12\x00\x00\x75\x50\x00\x00\x00\x0b\x00\x02\x01\x00\x00\x0a\x00\x06\x00\x04\x00\x17\x00\x18")
 		var tlsData [2048]byte
 		tlsDataLen := 0
 		copy(tlsData[0:], tlsData1)
 		tlsDataLen += len(tlsData1)
 		sni := t.sni(t.getHost())
 		copy(tlsData[tlsDataLen:], sni)
 		tlsDataLen += len(sni)
 		copy(tlsData[tlsDataLen:], tlsData2)
 		tlsDataLen += len(tlsData2)
 		ticketLen := rand.Intn(164)*2 + 64
 		tlsData[tlsDataLen-1] = uint8(ticketLen & 0xff)
 		tlsData[tlsDataLen-2] = uint8(ticketLen >> 8)
 		//ticketLen := 208
 		rand.Read(tlsData[tlsDataLen : tlsDataLen+ticketLen])
 		tlsDataLen += ticketLen
 		copy(tlsData[tlsDataLen:], tlsData3)
 		tlsDataLen += len(tlsData3)
 		length := 11 + 32 + 1 + 32 + len(tlsData0) + 2 + tlsDataLen
 		encodedData := make([]byte, length)
 		pdata := length - tlsDataLen
 		l := tlsDataLen
 		copy(encodedData[pdata:], tlsData[:tlsDataLen])
 		encodedData[pdata-1] = uint8(tlsDataLen)
 		encodedData[pdata-2] = uint8(tlsDataLen >> 8)
 		pdata -= 2
 		l += 2
 		copy(encodedData[pdata-len(tlsData0):], tlsData0)
 		pdata -= len(tlsData0)
 		l += len(tlsData0)
 		copy(encodedData[pdata-32:], t.localClientID[:])
 		pdata -= 32
 		l += 32
 		encodedData[pdata-1] = 0x20
 		pdata--
 		l++
 		copy(encodedData[pdata-32:], t.packAuthData())
 		pdata -= 32
 		l += 32
 		encodedData[pdata-1] = 0x3
 		encodedData[pdata-2] = 0x3 // tls version
 		pdata -= 2
 		l += 2
 		encodedData[pdata-1] = uint8(l)
 		encodedData[pdata-2] = uint8(l >> 8)
 		encodedData[pdata-3] = 0
 		encodedData[pdata-4] = 1
 		pdata -= 4
 		l += 4
 		encodedData[pdata-1] = uint8(l)
 		encodedData[pdata-2] = uint8(l >> 8)
 		pdata -= 2
 		l += 2
 		encodedData[pdata-1] = 0x1
 		encodedData[pdata-2] = 0x3 // tls version
 		pdata -= 2
 		l += 2
 		encodedData[pdata-1] = 0x16 // tls handshake
 		pdata--
 		l++
 		packData(&t.sendSaver, b)
 		t.handshakeStatus = 1
 		return encodedData, nil
 	default:
 		return nil, fmt.Errorf("unexpected handshake status: %d", t.handshakeStatus)
 	}
 }
 func (t *tls12Ticket) hmacSHA1(data []byte) []byte {
 	key := make([]byte, len(t.Key)+32)
 	copy(key, t.Key)
 	copy(key[len(t.Key):], t.localClientID[:])
 	sha1Data := tools.HmacSHA1(key, data)
 	return sha1Data[:tools.HmacSHA1Len]
 }
 func (t *tls12Ticket) sni(u string) []byte {
 	bURL := []byte(u)
 	length := len(bURL)
 	ret := make([]byte, length+9)
 	copy(ret[9:9+length], bURL)
 	binary.BigEndian.PutUint16(ret[7:], uint16(length&0xFFFF))
 	length += 3
 	binary.BigEndian.PutUint16(ret[4:], uint16(length&0xFFFF))
 	length += 2
 	binary.BigEndian.PutUint16(ret[2:], uint16(length&0xFFFF))
 	return ret
 }
 func (t *tls12Ticket) getHost() string {
 	host := t.Host
 	if len(t.Param) > 0 {
 		hosts := strings.Split(t.Param, ",")
 		if len(hosts) > 0 {
 			host = hosts[rand.Intn(len(hosts))]
 			host = strings.TrimSpace(host)
 		}
 	}
 	if len(host) > 0 && host[len(host)-1] >= byte('0') && host[len(host)-1] <= byte('9') && len(t.Param) == 0 {
 		host = ""
 	}
 	return host
 }
 func (t *tls12Ticket) packAuthData() (ret []byte) {
 	retSize := 32
 	ret = make([]byte, retSize)
 	now := time.Now().Unix()
 	binary.BigEndian.PutUint32(ret[:4], uint32(now))
 	rand.Read(ret[4 : 4+18])
 	hash := t.hmacSHA1(ret[:retSize-tools.HmacSHA1Len])
 	copy(ret[retSize-tools.HmacSHA1Len:], hash)
 	return
 }
 func packData(buffer *bytes.Buffer, suffix []byte) {
 	d := []byte{0x17, 0x3, 0x3, 0, 0}
 	binary.BigEndian.PutUint16(d[3:5], uint16(len(suffix)&0xFFFF))
 	buffer.Write(d)
 	buffer.Write(suffix)
 }
--- a/component/ssr/protocol/auth_aes128_md5.go
+++ b/component/ssr/protocol/auth_aes128_md5.go
@ -0,0 +1,310 @@
 package protocol
 import (
 	"bytes"
 	"crypto/aes"
 	"crypto/cipher"
 	"encoding/base64"
 	"encoding/binary"
 	"math/rand"
 	"strconv"
 	"strings"
 	"time"
 	"github.com/Dreamacro/clash/common/pool"
 	"github.com/Dreamacro/clash/component/ssr/tools"
 	"github.com/Dreamacro/go-shadowsocks2/core"
 )
 type authAES128 struct {
 	*Base
 	*recvInfo
 	*authData
 	hasSentHeader bool
 	packID        uint32
 	userKey       []byte
 	uid           [4]byte
 	salt          string
 	hmac          hmacMethod
 	hashDigest    hashDigestMethod
 }
 func init() {
 	register("auth_aes128_md5", newAuthAES128MD5)
 }
 func newAuthAES128MD5(b *Base) Protocol {
 	return &authAES128{
 		Base:       b,
 		authData:   &authData{},
 		salt:       "auth_aes128_md5",
 		hmac:       tools.HmacMD5,
 		hashDigest: tools.MD5Sum,
 	}
 }
 func (a *authAES128) initForConn(iv []byte) Protocol {
 	return &authAES128{
 		Base: &Base{
 			IV:       iv,
 			Key:      a.Key,
 			TCPMss:   a.TCPMss,
 			Overhead: a.Overhead,
 			Param:    a.Param,
 		},
 		recvInfo:   &recvInfo{recvID: 1, buffer: new(bytes.Buffer)},
 		authData:   a.authData,
 		packID:     1,
 		salt:       a.salt,
 		hmac:       a.hmac,
 		hashDigest: a.hashDigest,
 	}
 }
 func (a *authAES128) GetProtocolOverhead() int {
 	return 9
 }
 func (a *authAES128) SetOverhead(overhead int) {
 	a.Overhead = overhead
 }
 func (a *authAES128) Decode(b []byte) ([]byte, int, error) {
 	a.buffer.Reset()
 	bSize := len(b)
 	readSize := 0
 	key := pool.Get(len(a.userKey) + 4)
 	defer pool.Put(key)
 	copy(key, a.userKey)
 	for bSize > 4 {
 		binary.LittleEndian.PutUint32(key[len(key)-4:], a.recvID)
 		h := a.hmac(key, b[:2])
 		if !bytes.Equal(h[:2], b[2:4]) {
 			return nil, 0, errAuthAES128IncorrectMAC
 		}
 		length := int(binary.LittleEndian.Uint16(b[:2]))
 		if length >= 8192 || length < 8 {
 			return nil, 0, errAuthAES128DataLengthError
 		}
 		if length > bSize {
 			break
 		}
 		h = a.hmac(key, b[:length-4])
 		if !bytes.Equal(h[:4], b[length-4:length]) {
 			return nil, 0, errAuthAES128IncorrectChecksum
 		}
 		a.recvID++
 		pos := int(b[4])
 		if pos < 255 {
 			pos += 4
 		} else {
 			pos = int(binary.LittleEndian.Uint16(b[5:7])) + 4
 		}
 		if pos > length-4 {
 			return nil, 0, errAuthAES128PositionTooLarge
 		}
 		a.buffer.Write(b[pos : length-4])
 		b = b[length:]
 		bSize -= length
 		readSize += length
 	}
 	return a.buffer.Bytes(), readSize, nil
 }
 func (a *authAES128) Encode(b []byte) ([]byte, error) {
 	a.buffer.Reset()
 	bSize := len(b)
 	offset := 0
 	if bSize > 0 && !a.hasSentHeader {
 		authSize := bSize
 		if authSize > 1200 {
 			authSize = 1200
 		}
 		a.hasSentHeader = true
 		a.buffer.Write(a.packAuthData(b[:authSize]))
 		bSize -= authSize
 		offset += authSize
 	}
 	const blockSize = 4096
 	for bSize > blockSize {
 		packSize, randSize := a.packedDataSize(b[offset : offset+blockSize])
 		pack := pool.Get(packSize)
 		a.packData(b[offset:offset+blockSize], pack, randSize)
 		a.buffer.Write(pack)
 		pool.Put(pack)
 		bSize -= blockSize
 		offset += blockSize
 	}
 	if bSize > 0 {
 		packSize, randSize := a.packedDataSize(b[offset:])
 		pack := pool.Get(packSize)
 		a.packData(b[offset:], pack, randSize)
 		a.buffer.Write(pack)
 		pool.Put(pack)
 	}
 	return a.buffer.Bytes(), nil
 }
 func (a *authAES128) DecodePacket(b []byte) ([]byte, int, error) {
 	bSize := len(b)
 	h := a.hmac(a.Key, b[:bSize-4])
 	if !bytes.Equal(h[:4], b[bSize-4:]) {
 		return nil, 0, errAuthAES128IncorrectMAC
 	}
 	return b[:bSize-4], bSize - 4, nil
 }
 func (a *authAES128) EncodePacket(b []byte) ([]byte, error) {
 	a.initUserKeyAndID()
 	var buf bytes.Buffer
 	buf.Write(b)
 	buf.Write(a.uid[:])
 	h := a.hmac(a.userKey, buf.Bytes())
 	buf.Write(h[:4])
 	return buf.Bytes(), nil
 }
 func (a *authAES128) initUserKeyAndID() {
 	if a.userKey == nil {
 		params := strings.Split(a.Param, ":")
 		if len(params) >= 2 {
 			if userID, err := strconv.ParseUint(params[0], 10, 32); err == nil {
 				binary.LittleEndian.PutUint32(a.uid[:], uint32(userID))
 				a.userKey = a.hashDigest([]byte(params[1]))
 			}
 		}
 		if a.userKey == nil {
 			rand.Read(a.uid[:])
 			a.userKey = make([]byte, len(a.Key))
 			copy(a.userKey, a.Key)
 		}
 	}
 }
 func (a *authAES128) packedDataSize(data []byte) (packSize, randSize int) {
 	dataSize := len(data)
 	randSize = 1
 	if dataSize <= 1200 {
 		if a.packID > 4 {
 			randSize += rand.Intn(32)
 		} else {
 			if dataSize > 900 {
 				randSize += rand.Intn(128)
 			} else {
 				randSize += rand.Intn(512)
 			}
 		}
 	}
 	packSize = randSize + dataSize + 8
 	return
 }
 func (a *authAES128) packData(data, ret []byte, randSize int) {
 	dataSize := len(data)
 	retSize := len(ret)
 	// 0~1, ret_size
 	binary.LittleEndian.PutUint16(ret[0:], uint16(retSize&0xFFFF))
 	// 2~3, hmac
 	key := pool.Get(len(a.userKey) + 4)
 	defer pool.Put(key)
 	copy(key, a.userKey)
 	binary.LittleEndian.PutUint32(key[len(key)-4:], a.packID)
 	h := a.hmac(key, ret[:2])
 	copy(ret[2:4], h[:2])
 	// 4~rand_size+4, rand number
 	rand.Read(ret[4 : 4+randSize])
 	// 4, rand_size
 	if randSize < 128 {
 		ret[4] = byte(randSize & 0xFF)
 	} else {
 		// 4, magic number 0xFF
 		ret[4] = 0xFF
 		// 5~6, rand_size
 		binary.LittleEndian.PutUint16(ret[5:], uint16(randSize&0xFFFF))
 	}
 	// rand_size+4~ret_size-4, data
 	if dataSize > 0 {
 		copy(ret[randSize+4:], data)
 	}
 	a.packID++
 	h = a.hmac(key, ret[:retSize-4])
 	copy(ret[retSize-4:], h[:4])
 }
 func (a *authAES128) packAuthData(data []byte) (ret []byte) {
 	dataSize := len(data)
 	var randSize int
 	if dataSize > 400 {
 		randSize = rand.Intn(512)
 	} else {
 		randSize = rand.Intn(1024)
 	}
 	dataOffset := randSize + 16 + 4 + 4 + 7
 	retSize := dataOffset + dataSize + 4
 	ret = make([]byte, retSize)
 	encrypt := make([]byte, 24)
 	key := make([]byte, len(a.IV)+len(a.Key))
 	copy(key, a.IV)
 	copy(key[len(a.IV):], a.Key)
 	rand.Read(ret[dataOffset-randSize:])
 	a.mutex.Lock()
 	defer a.mutex.Unlock()
 	a.connectionID++
 	if a.connectionID > 0xFF000000 {
 		a.clientID = nil
 	}
 	if len(a.clientID) == 0 {
 		a.clientID = make([]byte, 8)
 		rand.Read(a.clientID)
 		b := make([]byte, 4)
 		rand.Read(b)
 		a.connectionID = binary.LittleEndian.Uint32(b) & 0xFFFFFF
 	}
 	copy(encrypt[4:], a.clientID)
 	binary.LittleEndian.PutUint32(encrypt[8:], a.connectionID)
 	now := time.Now().Unix()
 	binary.LittleEndian.PutUint32(encrypt[:4], uint32(now))
 	binary.LittleEndian.PutUint16(encrypt[12:], uint16(retSize&0xFFFF))
 	binary.LittleEndian.PutUint16(encrypt[14:], uint16(randSize&0xFFFF))
 	a.initUserKeyAndID()
 	aesCipherKey := core.Kdf(base64.StdEncoding.EncodeToString(a.userKey)+a.salt, 16)
 	block, err := aes.NewCipher(aesCipherKey)
 	if err != nil {
 		return nil
 	}
 	encryptData := make([]byte, 16)
 	iv := make([]byte, aes.BlockSize)
 	cbc := cipher.NewCBCEncrypter(block, iv)
 	cbc.CryptBlocks(encryptData, encrypt[:16])
 	copy(encrypt[:4], a.uid[:])
 	copy(encrypt[4:4+16], encryptData)
 	h := a.hmac(key, encrypt[:20])
 	copy(encrypt[20:], h[:4])
 	rand.Read(ret[:1])
 	h = a.hmac(key, ret[:1])
 	copy(ret[1:], h[:7-1])
 	copy(ret[7:], encrypt)
 	copy(ret[dataOffset:], data)
 	h = a.hmac(a.userKey, ret[:retSize-4])
 	copy(ret[retSize-4:], h[:4])
 	return
 }
--- a/component/ssr/protocol/auth_aes128_sha1.go
+++ b/component/ssr/protocol/auth_aes128_sha1.go
@ -0,0 +1,22 @@
 package protocol
 import (
 	"bytes"
 	"github.com/Dreamacro/clash/component/ssr/tools"
 )
 func init() {
 	register("auth_aes128_sha1", newAuthAES128SHA1)
 }
 func newAuthAES128SHA1(b *Base) Protocol {
 	return &authAES128{
 		Base:       b,
 		recvInfo:   &recvInfo{buffer: new(bytes.Buffer)},
 		authData:   &authData{},
 		salt:       "auth_aes128_sha1",
 		hmac:       tools.HmacSHA1,
 		hashDigest: tools.SHA1Sum,
 	}
 }
--- a/component/ssr/protocol/auth_chain_a.go
+++ b/component/ssr/protocol/auth_chain_a.go
@ -0,0 +1,427 @@
 package protocol
 import (
 	"bytes"
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rc4"
 	"encoding/base64"
 	"encoding/binary"
 	"math/rand"
 	"strconv"
 	"strings"
 	"time"
 	"github.com/Dreamacro/clash/common/pool"
 	"github.com/Dreamacro/clash/component/ssr/tools"
 	"github.com/Dreamacro/go-shadowsocks2/core"
 )
 type authChain struct {
 	*Base
 	*recvInfo
 	*authData
 	randomClient   shift128PlusContext
 	randomServer   shift128PlusContext
 	enc            cipher.Stream
 	dec            cipher.Stream
 	headerSent     bool
 	lastClientHash []byte
 	lastServerHash []byte
 	userKey        []byte
 	uid            [4]byte
 	salt           string
 	hmac           hmacMethod
 	hashDigest     hashDigestMethod
 	rnd            rndMethod
 	dataSizeList   []int
 	dataSizeList2  []int
 	chunkID        uint32
 }
 func init() {
 	register("auth_chain_a", newAuthChainA)
 }
 func newAuthChainA(b *Base) Protocol {
 	return &authChain{
 		Base:       b,
 		authData:   &authData{},
 		salt:       "auth_chain_a",
 		hmac:       tools.HmacMD5,
 		hashDigest: tools.SHA1Sum,
 		rnd:        authChainAGetRandLen,
 	}
 }
 func (a *authChain) initForConn(iv []byte) Protocol {
 	r := &authChain{
 		Base: &Base{
 			IV:       iv,
 			Key:      a.Key,
 			TCPMss:   a.TCPMss,
 			Overhead: a.Overhead,
 			Param:    a.Param,
 		},
 		recvInfo:   &recvInfo{recvID: 1, buffer: new(bytes.Buffer)},
 		authData:   a.authData,
 		salt:       a.salt,
 		hmac:       a.hmac,
 		hashDigest: a.hashDigest,
 		rnd:        a.rnd,
 	}
 	if r.salt == "auth_chain_b" {
 		initDataSize(r)
 	}
 	return r
 }
 func (a *authChain) GetProtocolOverhead() int {
 	return 4
 }
 func (a *authChain) SetOverhead(overhead int) {
 	a.Overhead = overhead
 }
 func (a *authChain) Decode(b []byte) ([]byte, int, error) {
 	a.buffer.Reset()
 	key := pool.Get(len(a.userKey) + 4)
 	defer pool.Put(key)
 	readSize := 0
 	copy(key, a.userKey)
 	for len(b) > 4 {
 		binary.LittleEndian.PutUint32(key[len(a.userKey):], a.recvID)
 		dataLen := (int)((uint(b[1]^a.lastServerHash[15]) << 8) + uint(b[0]^a.lastServerHash[14]))
 		randLen := a.getServerRandLen(dataLen, a.Overhead)
 		length := randLen + dataLen
 		if length >= 4096 {
 			return nil, 0, errAuthChainDataLengthError
 		}
 		length += 4
 		if length > len(b) {
 			break
 		}
 		hash := a.hmac(key, b[:length-2])
 		if !bytes.Equal(hash[:2], b[length-2:length]) {
 			return nil, 0, errAuthChainHMACError
 		}
 		var dataPos int
 		if dataLen > 0 && randLen > 0 {
 			dataPos = 2 + getRandStartPos(&a.randomServer, randLen)
 		} else {
 			dataPos = 2
 		}
 		d := pool.Get(dataLen)
 		a.dec.XORKeyStream(d, b[dataPos:dataPos+dataLen])
 		a.buffer.Write(d)
 		pool.Put(d)
 		if a.recvID == 1 {
 			a.TCPMss = int(binary.LittleEndian.Uint16(a.buffer.Next(2)))
 		}
 		a.lastServerHash = hash
 		a.recvID++
 		b = b[length:]
 		readSize += length
 	}
 	return a.buffer.Bytes(), readSize, nil
 }
 func (a *authChain) Encode(b []byte) ([]byte, error) {
 	a.buffer.Reset()
 	bSize := len(b)
 	offset := 0
 	if bSize > 0 && !a.headerSent {
 		headSize := 1200
 		if headSize > bSize {
 			headSize = bSize
 		}
 		a.buffer.Write(a.packAuthData(b[:headSize]))
 		offset += headSize
 		bSize -= headSize
 		a.headerSent = true
 	}
 	var unitSize = a.TCPMss - a.Overhead
 	for bSize > unitSize {
 		dataLen, randLength := a.packedDataLen(b[offset : offset+unitSize])
 		d := pool.Get(dataLen)
 		a.packData(d, b[offset:offset+unitSize], randLength)
 		a.buffer.Write(d)
 		pool.Put(d)
 		bSize -= unitSize
 		offset += unitSize
 	}
 	if bSize > 0 {
 		dataLen, randLength := a.packedDataLen(b[offset:])
 		d := pool.Get(dataLen)
 		a.packData(d, b[offset:], randLength)
 		a.buffer.Write(d)
 		pool.Put(d)
 	}
 	return a.buffer.Bytes(), nil
 }
 func (a *authChain) DecodePacket(b []byte) ([]byte, int, error) {
 	bSize := len(b)
 	if bSize < 9 {
 		return nil, 0, errAuthChainDataLengthError
 	}
 	h := a.hmac(a.userKey, b[:bSize-1])
 	if h[0] != b[bSize-1] {
 		return nil, 0, errAuthChainHMACError
 	}
 	hash := a.hmac(a.Key, b[bSize-8:bSize-1])
 	cipherKey := a.getRC4CipherKey(hash)
 	dec, _ := rc4.NewCipher(cipherKey)
 	randLength := udpGetRandLen(&a.randomServer, hash)
 	bSize -= 8 + randLength
 	dec.XORKeyStream(b, b[:bSize])
 	return b, bSize, nil
 }
 func (a *authChain) EncodePacket(b []byte) ([]byte, error) {
 	a.initUserKeyAndID()
 	authData := pool.Get(3)
 	defer pool.Put(authData)
 	rand.Read(authData)
 	hash := a.hmac(a.Key, authData)
 	uid := pool.Get(4)
 	defer pool.Put(uid)
 	for i := 0; i < 4; i++ {
 		uid[i] = a.uid[i] ^ hash[i]
 	}
 	cipherKey := a.getRC4CipherKey(hash)
 	enc, _ := rc4.NewCipher(cipherKey)
 	var buf bytes.Buffer
 	enc.XORKeyStream(b, b)
 	buf.Write(b)
 	randLength := udpGetRandLen(&a.randomClient, hash)
 	randBytes := pool.Get(randLength)
 	defer pool.Put(randBytes)
 	buf.Write(randBytes)
 	buf.Write(authData)
 	buf.Write(uid)
 	h := a.hmac(a.userKey, buf.Bytes())
 	buf.Write(h[:1])
 	return buf.Bytes(), nil
 }
 func (a *authChain) getRC4CipherKey(hash []byte) []byte {
 	base64UserKey := base64.StdEncoding.EncodeToString(a.userKey)
 	return a.calcRC4CipherKey(hash, base64UserKey)
 }
 func (a *authChain) calcRC4CipherKey(hash []byte, base64UserKey string) []byte {
 	password := pool.Get(len(base64UserKey) + base64.StdEncoding.EncodedLen(16))
 	defer pool.Put(password)
 	copy(password, base64UserKey)
 	base64.StdEncoding.Encode(password[len(base64UserKey):], hash[:16])
 	return core.Kdf(string(password), 16)
 }
 func (a *authChain) initUserKeyAndID() {
 	if a.userKey == nil {
 		params := strings.Split(a.Param, ":")
 		if len(params) >= 2 {
 			if userID, err := strconv.ParseUint(params[0], 10, 32); err == nil {
 				binary.LittleEndian.PutUint32(a.uid[:], uint32(userID))
 				a.userKey = []byte(params[1])[:len(a.userKey)]
 			}
 		}
 		if a.userKey == nil {
 			rand.Read(a.uid[:])
 			a.userKey = make([]byte, len(a.Key))
 			copy(a.userKey, a.Key)
 		}
 	}
 }
 func (a *authChain) getClientRandLen(dataLength int, overhead int) int {
 	return a.rnd(dataLength, &a.randomClient, a.lastClientHash, a.dataSizeList, a.dataSizeList2, overhead)
 }
 func (a *authChain) getServerRandLen(dataLength int, overhead int) int {
 	return a.rnd(dataLength, &a.randomServer, a.lastServerHash, a.dataSizeList, a.dataSizeList2, overhead)
 }
 func (a *authChain) packedDataLen(data []byte) (chunkLength, randLength int) {
 	dataLength := len(data)
 	randLength = a.getClientRandLen(dataLength, a.Overhead)
 	chunkLength = randLength + dataLength + 2 + 2
 	return
 }
 func (a *authChain) packData(outData []byte, data []byte, randLength int) {
 	dataLength := len(data)
 	outLength := randLength + dataLength + 2
 	outData[0] = byte(dataLength) ^ a.lastClientHash[14]
 	outData[1] = byte(dataLength>>8) ^ a.lastClientHash[15]
 	{
 		if dataLength > 0 {
 			randPart1Length := getRandStartPos(&a.randomClient, randLength)
 			rand.Read(outData[2 : 2+randPart1Length])
 			a.enc.XORKeyStream(outData[2+randPart1Length:], data)
 			rand.Read(outData[2+randPart1Length+dataLength : outLength])
 		} else {
 			rand.Read(outData[2 : 2+randLength])
 		}
 	}
 	userKeyLen := uint8(len(a.userKey))
 	key := pool.Get(int(userKeyLen + 4))
 	defer pool.Put(key)
 	copy(key, a.userKey)
 	a.chunkID++
 	binary.LittleEndian.PutUint32(key[userKeyLen:], a.chunkID)
 	a.lastClientHash = a.hmac(key, outData[:outLength])
 	copy(outData[outLength:], a.lastClientHash[:2])
 }
 const authHeadLength = 4 + 8 + 4 + 16 + 4
 func (a *authChain) packAuthData(data []byte) (outData []byte) {
 	outData = make([]byte, authHeadLength, authHeadLength+1500)
 	a.mutex.Lock()
 	defer a.mutex.Unlock()
 	a.connectionID++
 	if a.connectionID > 0xFF000000 {
 		rand.Read(a.clientID)
 		b := make([]byte, 4)
 		rand.Read(b)
 		a.connectionID = binary.LittleEndian.Uint32(b) & 0xFFFFFF
 	}
 	var key = make([]byte, len(a.IV)+len(a.Key))
 	copy(key, a.IV)
 	copy(key[len(a.IV):], a.Key)
 	encrypt := make([]byte, 20)
 	t := time.Now().Unix()
 	binary.LittleEndian.PutUint32(encrypt[:4], uint32(t))
 	copy(encrypt[4:8], a.clientID)
 	binary.LittleEndian.PutUint32(encrypt[8:], a.connectionID)
 	binary.LittleEndian.PutUint16(encrypt[12:], uint16(a.Overhead))
 	binary.LittleEndian.PutUint16(encrypt[14:], 0)
 	// first 12 bytes
 	{
 		rand.Read(outData[:4])
 		a.lastClientHash = a.hmac(key, outData[:4])
 		copy(outData[4:], a.lastClientHash[:8])
 	}
 	var base64UserKey string
 	// uid & 16 bytes auth data
 	{
 		a.initUserKeyAndID()
 		uid := make([]byte, 4)
 		for i := 0; i < 4; i++ {
 			uid[i] = a.uid[i] ^ a.lastClientHash[8+i]
 		}
 		base64UserKey = base64.StdEncoding.EncodeToString(a.userKey)
 		aesCipherKey := core.Kdf(base64UserKey+a.salt, 16)
 		block, err := aes.NewCipher(aesCipherKey)
 		if err != nil {
 			return
 		}
 		encryptData := make([]byte, 16)
 		iv := make([]byte, aes.BlockSize)
 		cbc := cipher.NewCBCEncrypter(block, iv)
 		cbc.CryptBlocks(encryptData, encrypt[:16])
 		copy(encrypt[:4], uid[:])
 		copy(encrypt[4:4+16], encryptData)
 	}
 	// final HMAC
 	{
 		a.lastServerHash = a.hmac(a.userKey, encrypt[:20])
 		copy(outData[12:], encrypt)
 		copy(outData[12+20:], a.lastServerHash[:4])
 	}
 	// init cipher
 	cipherKey := a.calcRC4CipherKey(a.lastClientHash, base64UserKey)
 	a.enc, _ = rc4.NewCipher(cipherKey)
 	a.dec, _ = rc4.NewCipher(cipherKey)
 	// data
 	chunkLength, randLength := a.packedDataLen(data)
 	if chunkLength <= 1500 {
 		outData = outData[:authHeadLength+chunkLength]
 	} else {
 		newOutData := make([]byte, authHeadLength+chunkLength)
 		copy(newOutData, outData[:authHeadLength])
 		outData = newOutData
 	}
 	a.packData(outData[authHeadLength:], data, randLength)
 	return
 }
 func getRandStartPos(random *shift128PlusContext, randLength int) int {
 	if randLength > 0 {
 		return int(random.Next() % 8589934609 % uint64(randLength))
 	}
 	return 0
 }
 func authChainAGetRandLen(dataLength int, random *shift128PlusContext, lastHash []byte, dataSizeList, dataSizeList2 []int, overhead int) int {
 	if dataLength > 1440 {
 		return 0
 	}
 	random.InitFromBinDatalen(lastHash[:16], dataLength)
 	if dataLength > 1300 {
 		return int(random.Next() % 31)
 	}
 	if dataLength > 900 {
 		return int(random.Next() % 127)
 	}
 	if dataLength > 400 {
 		return int(random.Next() % 521)
 	}
 	return int(random.Next() % 1021)
 }
 func udpGetRandLen(random *shift128PlusContext, lastHash []byte) int {
 	random.InitFromBin(lastHash[:16])
 	return int(random.Next() % 127)
 }
 type shift128PlusContext struct {
 	v [2]uint64
 }
 func (ctx *shift128PlusContext) InitFromBin(bin []byte) {
 	var fillBin [16]byte
 	copy(fillBin[:], bin)
 	ctx.v[0] = binary.LittleEndian.Uint64(fillBin[:8])
 	ctx.v[1] = binary.LittleEndian.Uint64(fillBin[8:])
 }
 func (ctx *shift128PlusContext) InitFromBinDatalen(bin []byte, datalen int) {
 	var fillBin [16]byte
 	copy(fillBin[:], bin)
 	binary.LittleEndian.PutUint16(fillBin[:2], uint16(datalen))
 	ctx.v[0] = binary.LittleEndian.Uint64(fillBin[:8])
 	ctx.v[1] = binary.LittleEndian.Uint64(fillBin[8:])
 	for i := 0; i < 4; i++ {
 		ctx.Next()
 	}
 }
 func (ctx *shift128PlusContext) Next() uint64 {
 	x := ctx.v[0]
 	y := ctx.v[1]
 	ctx.v[0] = y
 	x ^= x << 23
 	x ^= y ^ (x >> 17) ^ (y >> 26)
 	ctx.v[1] = x
 	return x + y
 }
--- a/component/ssr/protocol/auth_chain_b.go
+++ b/component/ssr/protocol/auth_chain_b.go
@ -0,0 +1,72 @@
 package protocol
 import (
 	"sort"
 	"github.com/Dreamacro/clash/component/ssr/tools"
 )
 func init() {
 	register("auth_chain_b", newAuthChainB)
 }
 func newAuthChainB(b *Base) Protocol {
 	return &authChain{
 		Base:       b,
 		authData:   &authData{},
 		salt:       "auth_chain_b",
 		hmac:       tools.HmacMD5,
 		hashDigest: tools.SHA1Sum,
 		rnd:        authChainBGetRandLen,
 	}
 }
 func initDataSize(r *authChain) {
 	random := &r.randomServer
 	random.InitFromBin(r.Key)
 	len := random.Next()%8 + 4
 	r.dataSizeList = make([]int, len)
 	for i := 0; i < int(len); i++ {
 		r.dataSizeList[i] = int(random.Next() % 2340 % 2040 % 1440)
 	}
 	sort.Ints(r.dataSizeList)
 	len = random.Next()%16 + 8
 	r.dataSizeList2 = make([]int, len)
 	for i := 0; i < int(len); i++ {
 		r.dataSizeList2[i] = int(random.Next() % 2340 % 2040 % 1440)
 	}
 	sort.Ints(r.dataSizeList2)
 }
 func authChainBGetRandLen(dataLength int, random *shift128PlusContext, lastHash []byte, dataSizeList, dataSizeList2 []int, overhead int) int {
 	if dataLength > 1440 {
 		return 0
 	}
 	random.InitFromBinDatalen(lastHash[:16], dataLength)
 	pos := sort.Search(len(dataSizeList), func(i int) bool { return dataSizeList[i] > dataLength+overhead })
 	finalPos := uint64(pos) + random.Next()%uint64(len(dataSizeList))
 	if finalPos < uint64(len(dataSizeList)) {
 		return dataSizeList[finalPos] - dataLength - overhead
 	}
 	pos = sort.Search(len(dataSizeList2), func(i int) bool { return dataSizeList2[i] > dataLength+overhead })
 	finalPos = uint64(pos) + random.Next()%uint64(len(dataSizeList2))
 	if finalPos < uint64(len(dataSizeList2)) {
 		return dataSizeList2[finalPos] - dataLength - overhead
 	}
 	if finalPos < uint64(pos+len(dataSizeList2)-1) {
 		return 0
 	}
 	if dataLength > 1300 {
 		return int(random.Next() % 31)
 	}
 	if dataLength > 900 {
 		return int(random.Next() % 127)
 	}
 	if dataLength > 400 {
 		return int(random.Next() % 521)
 	}
 	return int(random.Next() % 1021)
 }
--- a/component/ssr/protocol/auth_sha1_v4.go
+++ b/component/ssr/protocol/auth_sha1_v4.go
@ -0,0 +1,253 @@
 package protocol
 import (
 	"bytes"
 	"encoding/binary"
 	"hash/adler32"
 	"hash/crc32"
 	"math/rand"
 	"time"
 	"github.com/Dreamacro/clash/common/pool"
 	"github.com/Dreamacro/clash/component/ssr/tools"
 )
 type authSHA1V4 struct {
 	*Base
 	*authData
 	headerSent bool
 	buffer     bytes.Buffer
 }
 func init() {
 	register("auth_sha1_v4", newAuthSHA1V4)
 }
 func newAuthSHA1V4(b *Base) Protocol {
 	return &authSHA1V4{Base: b, authData: &authData{}}
 }
 func (a *authSHA1V4) initForConn(iv []byte) Protocol {
 	return &authSHA1V4{
 		Base: &Base{
 			IV:       iv,
 			Key:      a.Key,
 			TCPMss:   a.TCPMss,
 			Overhead: a.Overhead,
 			Param:    a.Param,
 		},
 		authData: a.authData,
 	}
 }
 func (a *authSHA1V4) GetProtocolOverhead() int {
 	return 7
 }
 func (a *authSHA1V4) SetOverhead(overhead int) {
 	a.Overhead = overhead
 }
 func (a *authSHA1V4) Decode(b []byte) ([]byte, int, error) {
 	a.buffer.Reset()
 	bSize := len(b)
 	originalSize := bSize
 	for bSize > 4 {
 		crc := crc32.ChecksumIEEE(b[:2]) & 0xFFFF
 		if binary.LittleEndian.Uint16(b[2:4]) != uint16(crc) {
 			return nil, 0, errAuthSHA1v4CRC32Error
 		}
 		length := int(binary.BigEndian.Uint16(b[:2]))
 		if length >= 8192 || length < 8 {
 			return nil, 0, errAuthSHA1v4DataLengthError
 		}
 		if length > bSize {
 			break
 		}
 		if adler32.Checksum(b[:length-4]) == binary.LittleEndian.Uint32(b[length-4:]) {
 			pos := int(b[4])
 			if pos != 0xFF {
 				pos += 4
 			} else {
 				pos = int(binary.BigEndian.Uint16(b[5:5+2])) + 4
 			}
 			retSize := length - pos - 4
 			a.buffer.Write(b[pos : pos+retSize])
 			bSize -= length
 			b = b[length:]
 		} else {
 			return nil, 0, errAuthSHA1v4IncorrectChecksum
 		}
 	}
 	return a.buffer.Bytes(), originalSize - bSize, nil
 }
 func (a *authSHA1V4) Encode(b []byte) ([]byte, error) {
 	a.buffer.Reset()
 	bSize := len(b)
 	offset := 0
 	if !a.headerSent && bSize > 0 {
 		headSize := getHeadSize(b, 30)
 		if headSize > bSize {
 			headSize = bSize
 		}
 		a.buffer.Write(a.packAuthData(b[:headSize]))
 		offset += headSize
 		bSize -= headSize
 		a.headerSent = true
 	}
 	const blockSize = 4096
 	for bSize > blockSize {
 		packSize, randSize := a.packedDataSize(b[offset : offset+blockSize])
 		pack := pool.Get(packSize)
 		a.packData(b[offset:offset+blockSize], pack, randSize)
 		a.buffer.Write(pack)
 		pool.Put(pack)
 		offset += blockSize
 		bSize -= blockSize
 	}
 	if bSize > 0 {
 		packSize, randSize := a.packedDataSize(b[offset:])
 		pack := pool.Get(packSize)
 		a.packData(b[offset:], pack, randSize)
 		a.buffer.Write(pack)
 		pool.Put(pack)
 	}
 	return a.buffer.Bytes(), nil
 }
 func (a *authSHA1V4) DecodePacket(b []byte) ([]byte, int, error) {
 	return b, len(b), nil
 }
 func (a *authSHA1V4) EncodePacket(b []byte) ([]byte, error) {
 	return b, nil
 }
 func (a *authSHA1V4) packedDataSize(data []byte) (packSize, randSize int) {
 	dataSize := len(data)
 	randSize = 1
 	if dataSize <= 1300 {
 		if dataSize > 400 {
 			randSize += rand.Intn(128)
 		} else {
 			randSize += rand.Intn(1024)
 		}
 	}
 	packSize = randSize + dataSize + 8
 	return
 }
 func (a *authSHA1V4) packData(data, ret []byte, randSize int) {
 	dataSize := len(data)
 	retSize := len(ret)
 	// 0~1, ret size
 	binary.BigEndian.PutUint16(ret[:2], uint16(retSize&0xFFFF))
 	// 2~3, crc of ret size
 	crc := crc32.ChecksumIEEE(ret[:2]) & 0xFFFF
 	binary.LittleEndian.PutUint16(ret[2:4], uint16(crc))
 	// 4, rand size
 	if randSize < 128 {
 		ret[4] = uint8(randSize & 0xFF)
 	} else {
 		ret[4] = uint8(0xFF)
 		binary.BigEndian.PutUint16(ret[5:7], uint16(randSize&0xFFFF))
 	}
 	// (rand size+4)~(ret size-4), data
 	if dataSize > 0 {
 		copy(ret[randSize+4:], data)
 	}
 	// (ret size-4)~end, adler32 of full data
 	adler := adler32.Checksum(ret[:retSize-4])
 	binary.LittleEndian.PutUint32(ret[retSize-4:], adler)
 }
 func (a *authSHA1V4) packAuthData(data []byte) (ret []byte) {
 	dataSize := len(data)
 	randSize := 1
 	if dataSize <= 1300 {
 		if dataSize > 400 {
 			randSize += rand.Intn(128)
 		} else {
 			randSize += rand.Intn(1024)
 		}
 	}
 	dataOffset := randSize + 4 + 2
 	retSize := dataOffset + dataSize + 12 + tools.HmacSHA1Len
 	ret = make([]byte, retSize)
 	a.mutex.Lock()
 	defer a.mutex.Unlock()
 	a.connectionID++
 	if a.connectionID > 0xFF000000 {
 		a.clientID = nil
 	}
 	if len(a.clientID) == 0 {
 		a.clientID = make([]byte, 8)
 		rand.Read(a.clientID)
 		b := make([]byte, 4)
 		rand.Read(b)
 		a.connectionID = binary.LittleEndian.Uint32(b) & 0xFFFFFF
 	}
 	// 0~1, ret size
 	binary.BigEndian.PutUint16(ret[:2], uint16(retSize&0xFFFF))
 	// 2~6, crc of (ret size+salt+key)
 	salt := []byte("auth_sha1_v4")
 	crcData := make([]byte, len(salt)+len(a.Key)+2)
 	copy(crcData[:2], ret[:2])
 	copy(crcData[2:], salt)
 	copy(crcData[2+len(salt):], a.Key)
 	crc := crc32.ChecksumIEEE(crcData) & 0xFFFFFFFF
 	// 2~6, crc of (ret size+salt+key)
 	binary.LittleEndian.PutUint32(ret[2:], crc)
 	// 6~(rand size+6), rand numbers
 	rand.Read(ret[dataOffset-randSize : dataOffset])
 	// 6, rand size
 	if randSize < 128 {
 		ret[6] = byte(randSize & 0xFF)
 	} else {
 		// 6, magic number 0xFF
 		ret[6] = 0xFF
 		// 7~8, rand size
 		binary.BigEndian.PutUint16(ret[7:9], uint16(randSize&0xFFFF))
 	}
 	// rand size+6~(rand size+10), time stamp
 	now := time.Now().Unix()
 	binary.LittleEndian.PutUint32(ret[dataOffset:dataOffset+4], uint32(now))
 	// rand size+10~(rand size+14), client ID
 	copy(ret[dataOffset+4:dataOffset+4+4], a.clientID[:4])
 	// rand size+14~(rand size+18), connection ID
 	binary.LittleEndian.PutUint32(ret[dataOffset+8:dataOffset+8+4], a.connectionID)
 	// rand size+18~(rand size+18)+data length, data
 	copy(ret[dataOffset+12:], data)
 	key := make([]byte, len(a.IV)+len(a.Key))
 	copy(key, a.IV)
 	copy(key[len(a.IV):], a.Key)
 	h := tools.HmacSHA1(key, ret[:retSize-tools.HmacSHA1Len])
 	// (ret size-10)~(ret size)/(rand size)+18+data length~end, hmac
 	copy(ret[retSize-tools.HmacSHA1Len:], h[:tools.HmacSHA1Len])
 	return ret
 }
 func getHeadSize(data []byte, defaultValue int) int {
 	if data == nil || len(data) < 2 {
 		return defaultValue
 	}
 	headType := data[0] & 0x07
 	switch headType {
 	case 1:
 		// IPv4 1+4+2
 		return 7
 	case 4:
 		// IPv6 1+16+2
 		return 19
 	case 3:
 		// domain name, variant length
 		return 4 + int(data[1])
 	}
 	return defaultValue
 }
--- a/component/ssr/protocol/base.go
+++ b/component/ssr/protocol/base.go
@ -0,0 +1,10 @@
 package protocol
 // Base information for protocol
 type Base struct {
 	IV       []byte
 	Key      []byte
 	TCPMss   int
 	Overhead int
 	Param    string
 }
--- a/component/ssr/protocol/origin.go
+++ b/component/ssr/protocol/origin.go
@ -0,0 +1,36 @@
 package protocol
 type origin struct{ *Base }
 func init() {
 	register("origin", newOrigin)
 }
 func newOrigin(b *Base) Protocol {
 	return &origin{}
 }
 func (o *origin) initForConn(iv []byte) Protocol { return &origin{} }
 func (o *origin) GetProtocolOverhead() int {
 	return 0
 }
 func (o *origin) SetOverhead(overhead int) {
 }
 func (o *origin) Decode(b []byte) ([]byte, int, error) {
 	return b, len(b), nil
 }
 func (o *origin) Encode(b []byte) ([]byte, error) {
 	return b, nil
 }
 func (o *origin) DecodePacket(b []byte) ([]byte, int, error) {
 	return b, len(b), nil
 }
 func (o *origin) EncodePacket(b []byte) ([]byte, error) {
 	return b, nil
 }
--- a/component/ssr/protocol/packet.go
+++ b/component/ssr/protocol/packet.go
@ -0,0 +1,42 @@
 package protocol
 import (
 	"net"
 	"github.com/Dreamacro/clash/common/pool"
 )
 // NewPacketConn returns a net.NewPacketConn with protocol decoding/encoding
 func NewPacketConn(pc net.PacketConn, p Protocol) net.PacketConn {
 	return &PacketConn{PacketConn: pc, Protocol: p.initForConn(nil)}
 }
 // PacketConn represents a protocol packet connection
 type PacketConn struct {
 	net.PacketConn
 	Protocol
 }
 func (c *PacketConn) WriteTo(b []byte, addr net.Addr) (int, error) {
 	buf := pool.Get(pool.RelayBufferSize)
 	defer pool.Put(buf)
 	buf, err := c.EncodePacket(b)
 	if err != nil {
 		return 0, err
 	}
 	_, err = c.PacketConn.WriteTo(buf, addr)
 	return len(b), err
 }
 func (c *PacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
 	n, addr, err := c.PacketConn.ReadFrom(b)
 	if err != nil {
 		return n, addr, err
 	}
 	bb, length, err := c.DecodePacket(b[:n])
 	if err != nil {
 		return n, addr, err
 	}
 	copy(b, bb)
 	return length, addr, err
 }
--- a/component/ssr/protocol/protocol.go
+++ b/component/ssr/protocol/protocol.go
@ -0,0 +1,63 @@
 package protocol
 import (
 	"bytes"
 	"errors"
 	"fmt"
 	"strings"
 	"sync"
 )
 var (
 	errAuthAES128IncorrectMAC      = errors.New("auth_aes128_* post decrypt incorrect mac")
 	errAuthAES128DataLengthError   = errors.New("auth_aes128_* post decrypt length mismatch")
 	errAuthAES128IncorrectChecksum = errors.New("auth_aes128_* post decrypt incorrect checksum")
 	errAuthAES128PositionTooLarge  = errors.New("auth_aes128_* post decrypt position is too large")
 	errAuthSHA1v4CRC32Error        = errors.New("auth_sha1_v4 post decrypt data crc32 error")
 	errAuthSHA1v4DataLengthError   = errors.New("auth_sha1_v4 post decrypt data length error")
 	errAuthSHA1v4IncorrectChecksum = errors.New("auth_sha1_v4 post decrypt incorrect checksum")
 	errAuthChainDataLengthError    = errors.New("auth_chain_* post decrypt length mismatch")
 	errAuthChainHMACError          = errors.New("auth_chain_* post decrypt hmac error")
 )
 type authData struct {
 	clientID     []byte
 	connectionID uint32
 	mutex        sync.Mutex
 }
 type recvInfo struct {
 	recvID uint32
 	buffer *bytes.Buffer
 }
 type hmacMethod func(key []byte, data []byte) []byte
 type hashDigestMethod func(data []byte) []byte
 type rndMethod func(dataSize int, random *shift128PlusContext, lastHash []byte, dataSizeList, dataSizeList2 []int, overhead int) int
 // Protocol provides methods for decoding, encoding and iv setting
 type Protocol interface {
 	initForConn(iv []byte) Protocol
 	GetProtocolOverhead() int
 	SetOverhead(int)
 	Decode([]byte) ([]byte, int, error)
 	Encode([]byte) ([]byte, error)
 	DecodePacket([]byte) ([]byte, int, error)
 	EncodePacket([]byte) ([]byte, error)
 }
 type protocolCreator func(b *Base) Protocol
 var protocolList = make(map[string]protocolCreator)
 func register(name string, c protocolCreator) {
 	protocolList[name] = c
 }
 // PickProtocol returns a protocol of the given name
 func PickProtocol(name string, b *Base) (Protocol, error) {
 	if protocolCreator, ok := protocolList[strings.ToLower(name)]; ok {
 		return protocolCreator(b), nil
 	}
 	return nil, fmt.Errorf("Protocol %s not supported", name)
 }
--- a/component/ssr/protocol/stream.go
+++ b/component/ssr/protocol/stream.go
@ -0,0 +1,68 @@
 package protocol
 import (
 	"bytes"
 	"net"
 	"github.com/Dreamacro/clash/common/pool"
 )
 // NewConn wraps a stream-oriented net.Conn with protocol decoding/encoding
 func NewConn(c net.Conn, p Protocol, iv []byte) net.Conn {
 	return &Conn{Conn: c, Protocol: p.initForConn(iv)}
 }
 // Conn represents a protocol connection
 type Conn struct {
 	net.Conn
 	Protocol
 	buf          []byte
 	offset       int
 	underDecoded bytes.Buffer
 }
 func (c *Conn) Read(b []byte) (int, error) {
 	if c.buf != nil {
 		n := copy(b, c.buf[c.offset:])
 		c.offset += n
 		if c.offset == len(c.buf) {
 			c.buf = nil
 		}
 		return n, nil
 	}
 	buf := pool.Get(pool.RelayBufferSize)
 	defer pool.Put(buf)
 	n, err := c.Conn.Read(buf)
 	if err != nil {
 		return 0, err
 	}
 	c.underDecoded.Write(buf[:n])
 	underDecoded := c.underDecoded.Bytes()
 	decoded, length, err := c.Decode(underDecoded)
 	if err != nil {
 		c.underDecoded.Reset()
 		return 0, nil
 	}
 	if length == 0 {
 		return 0, nil
 	}
 	c.underDecoded.Next(length)
 	n = copy(b, decoded)
 	if len(decoded) > len(b) {
 		c.buf = decoded
 		c.offset = n
 	}
 	return n, nil
 }
 func (c *Conn) Write(b []byte) (int, error) {
 	encoded, err := c.Encode(b)
 	if err != nil {
 		return 0, err
 	}
 	_, err = c.Conn.Write(encoded)
 	if err != nil {
 		return 0, err
 	}
 	return len(b), nil
 }
--- a/component/ssr/tools/encrypt.go
+++ b/component/ssr/tools/encrypt.go
@ -0,0 +1,33 @@
 package tools
 import (
 	"crypto/hmac"
 	"crypto/md5"
 	"crypto/sha1"
 )
 const HmacSHA1Len = 10
 func HmacMD5(key, data []byte) []byte {
 	hmacMD5 := hmac.New(md5.New, key)
 	hmacMD5.Write(data)
 	return hmacMD5.Sum(nil)[:16]
 }
 func HmacSHA1(key, data []byte) []byte {
 	hmacSHA1 := hmac.New(sha1.New, key)
 	hmacSHA1.Write(data)
 	return hmacSHA1.Sum(nil)[:20]
 }
 func MD5Sum(b []byte) []byte {
 	h := md5.New()
 	h.Write(b)
 	return h.Sum(nil)
 }
 func SHA1Sum(b []byte) []byte {
 	h := sha1.New()
 	h.Write(b)
 	return h.Sum(nil)
 }
--- a/component/domain-trie/tire.go
+++ b/component/domain-trie/tire.go
@ -6,9 +6,10 @@ import (
 )
 const (
-	wildcard    = "*"
+	wildcard        = "*"
-	dotWildcard = ""
+	dotWildcard     = ""
-	domainStep  = "."
+	complexWildcard = "+"
 	domainStep      = "."
 )
 var (
@ -16,9 +17,9 @@ var (
 	ErrInvalidDomain = errors.New("invalid domain")
 )
-// Trie contains the main logic for adding and searching nodes for domain segments.
+// DomainTrie contains the main logic for adding and searching nodes for domain segments.
 // support wildcard domain (e.g *.google.com)
-type Trie struct {
+type DomainTrie struct {
 	root *Node
 }
@ -29,7 +30,11 @@ func validAndSplitDomain(domain string) ([]string, bool) {
 	parts := strings.Split(domain, domainStep)
 	if len(parts) == 1 {
-		return nil, false
+		if parts[0] == "" {
 			return nil, false
 		}
 		return parts, true
 	}
 	for _, part := range parts[1:] {
@ -47,12 +52,25 @@ func validAndSplitDomain(domain string) ([]string, bool) {
 // 2. *.example.com
 // 3. subdomain.*.example.com
 // 4. .example.com
-func (t *Trie) Insert(domain string, data interface{}) error {
+// 5. +.example.com
 func (t *DomainTrie) Insert(domain string, data interface{}) error {
 	parts, valid := validAndSplitDomain(domain)
 	if !valid {
 		return ErrInvalidDomain
 	}
 	if parts[0] == complexWildcard {
 		t.insert(parts[1:], data)
 		parts[0] = dotWildcard
 		t.insert(parts, data)
 	} else {
 		t.insert(parts, data)
 	}
 	return nil
 }
 func (t *DomainTrie) insert(parts []string, data interface{}) {
 	node := t.root
 	// reverse storage domain part to save space
 	for i := len(parts) - 1; i >= 0; i-- {
@ -65,7 +83,6 @@ func (t *Trie) Insert(domain string, data interface{}) error {
 	}
 	node.Data = data
 	return nil
 }
 // Search is the most important part of the Trie.
@ -73,54 +90,46 @@ func (t *Trie) Insert(domain string, data interface{}) error {
 // 1. static part
 // 2. wildcard domain
 // 2. dot wildcard domain
-func (t *Trie) Search(domain string) *Node {
+func (t *DomainTrie) Search(domain string) *Node {
 	parts, valid := validAndSplitDomain(domain)
 	if !valid || parts[0] == "" {
 		return nil
 	}
-	n := t.root
+	n := t.search(t.root, parts)
 	var dotWildcardNode *Node
 	var wildcardNode *Node
 	for i := len(parts) - 1; i >= 0; i-- {
 		part := parts[i]
-		if node := n.getChild(dotWildcard); node != nil {
+	if n == nil || n.Data == nil {
 			dotWildcardNode = node
 		}
 		child := n.getChild(part)
 		if child == nil && wildcardNode != nil {
 			child = wildcardNode.getChild(part)
 		}
 		wildcardNode = n.getChild(wildcard)
 		n = child
 		if n == nil {
 			n = wildcardNode
 			wildcardNode = nil
 		}
 		if n == nil {
 			break
 		}
 	}
 	if n == nil {
 		if dotWildcardNode != nil {
 			return dotWildcardNode
 		}
 		return nil
 	}
 	if n.Data == nil {
 		return nil
 	}
 	return n
 }
-// New returns a new, empty Trie.
+func (t *DomainTrie) search(node *Node, parts []string) *Node {
-func New() *Trie {
+	if len(parts) == 0 {
-	return &Trie{root: newNode(nil)}
+		return node
 	}
 	if c := node.getChild(parts[len(parts)-1]); c != nil {
 		if n := t.search(c, parts[:len(parts)-1]); n != nil {
 			return n
 		}
 	}
 	if c := node.getChild(wildcard); c != nil {
 		if n := t.search(c, parts[:len(parts)-1]); n != nil {
 			return n
 		}
 	}
 	if c := node.getChild(dotWildcard); c != nil {
 		return c
 	}
 	return nil
 }
 // New returns a new, empty Trie.
 func New() *DomainTrie {
 	return &DomainTrie{root: newNode(nil)}
 }
--- a/component/domain-trie/trie_test.go
+++ b/component/domain-trie/trie_test.go
@ -14,6 +14,7 @@ func TestTrie_Basic(t *testing.T) {
 	domains := []string{
 		"example.com",
 		"google.com",
 		"localhost",
 	}
 	for _, domain := range domains {
@ -24,6 +25,9 @@ func TestTrie_Basic(t *testing.T) {
 	assert.NotNil(t, node)
 	assert.True(t, node.Data.(net.IP).Equal(localIP))
 	assert.NotNil(t, tree.Insert("", localIP))
 	assert.Nil(t, tree.Search(""))
 	assert.NotNil(t, tree.Search("localhost"))
 	assert.Nil(t, tree.Search("www.google.com"))
 }
 func TestTrie_Wildcard(t *testing.T) {
@ -35,6 +39,11 @@ func TestTrie_Wildcard(t *testing.T) {
 		".org",
 		".example.net",
 		".apple.*",
 		"+.foo.com",
 		"+.stun.*.*",
 		"+.stun.*.*.*",
 		"+.stun.*.*.*.*",
 		"stun.l.google.com",
 	}
 	for _, domain := range domains {
@ -46,6 +55,9 @@ func TestTrie_Wildcard(t *testing.T) {
 	assert.NotNil(t, tree.Search("test.org"))
 	assert.NotNil(t, tree.Search("test.example.net"))
 	assert.NotNil(t, tree.Search("test.apple.com"))
 	assert.NotNil(t, tree.Search("test.foo.com"))
 	assert.NotNil(t, tree.Search("foo.com"))
 	assert.NotNil(t, tree.Search("global.stun.website.com"))
 	assert.Nil(t, tree.Search("foo.sub.example.com"))
 	assert.Nil(t, tree.Search("foo.example.dev"))
 	assert.Nil(t, tree.Search("example.com"))
--- a/component/domain-trie/node.go
+++ b/component/domain-trie/node.go
--- a/component/trojan/trojan.go
+++ b/component/trojan/trojan.go
@ -70,8 +70,8 @@ func (t *Trojan) StreamConn(conn net.Conn) (net.Conn, error) {
 func (t *Trojan) WriteHeader(w io.Writer, command Command, socks5Addr []byte) error {
 	buf := bufPool.Get().(*bytes.Buffer)
 	defer buf.Reset()
 	defer bufPool.Put(buf)
 	defer buf.Reset()
 	buf.Write(t.hexPassword)
 	buf.Write(crlf)
@ -92,8 +92,8 @@ func (t *Trojan) PacketConn(conn net.Conn) net.PacketConn {
 func writePacket(w io.Writer, socks5Addr, payload []byte) (int, error) {
 	buf := bufPool.Get().(*bytes.Buffer)
 	defer buf.Reset()
 	defer bufPool.Put(buf)
 	defer buf.Reset()
 	buf.Write(socks5Addr)
 	binary.Write(buf, binary.BigEndian, uint16(len(payload)))
--- a/component/vmess/aead.go
+++ b/component/vmess/aead.go
@ -86,7 +86,7 @@ func (r *aeadReader) Read(b []byte) (int, error) {
 	size := int(binary.BigEndian.Uint16(r.sizeBuf))
 	if size > maxSize {
-		return 0, errors.New("Buffer is larger than standard")
+		return 0, errors.New("buffer is larger than standard")
 	}
 	buf := pool.Get(size)
--- a/component/vmess/chunk.go
+++ b/component/vmess/chunk.go
@ -47,7 +47,7 @@ func (cr *chunkReader) Read(b []byte) (int, error) {
 	size := int(binary.BigEndian.Uint16(cr.sizeBuf))
 	if size > maxSize {
-		return 0, errors.New("Buffer is larger than standard")
+		return 0, errors.New("buffer is larger than standard")
 	}
 	if len(b) >= size {
--- a/component/vmess/h2.go
+++ b/component/vmess/h2.go
@ -0,0 +1,111 @@
 package vmess
 import (
 	"io"
 	"math/rand"
 	"net"
 	"net/http"
 	"net/url"
 	"golang.org/x/net/http2"
 )
 type h2Conn struct {
 	net.Conn
 	*http2.ClientConn
 	pwriter *io.PipeWriter
 	res     *http.Response
 	cfg     *H2Config
 }
 type H2Config struct {
 	Hosts []string
 	Path  string
 }
 func (hc *h2Conn) establishConn() error {
 	preader, pwriter := io.Pipe()
 	host := hc.cfg.Hosts[rand.Intn(len(hc.cfg.Hosts))]
 	path := hc.cfg.Path
 	// TODO: connect use VMess Host instead of H2 Host
 	req := http.Request{
 		Method: "PUT",
 		Host:   host,
 		URL: &url.URL{
 			Scheme: "https",
 			Host:   host,
 			Path:   path,
 		},
 		Proto:      "HTTP/2",
 		ProtoMajor: 2,
 		ProtoMinor: 0,
 		Body:       preader,
 		Header: map[string][]string{
 			"Accept-Encoding": {"identity"},
 		},
 	}
 	res, err := hc.ClientConn.RoundTrip(&req)
 	if err != nil {
 		return err
 	}
 	hc.pwriter = pwriter
 	hc.res = res
 	return nil
 }
 // Read implements net.Conn.Read()
 func (hc *h2Conn) Read(b []byte) (int, error) {
 	if hc.res != nil && !hc.res.Close {
 		n, err := hc.res.Body.Read(b)
 		return n, err
 	}
 	if err := hc.establishConn(); err != nil {
 		return 0, err
 	}
 	return hc.res.Body.Read(b)
 }
 // Write implements io.Writer.
 func (hc *h2Conn) Write(b []byte) (int, error) {
 	if hc.pwriter != nil {
 		return hc.pwriter.Write(b)
 	}
 	if err := hc.establishConn(); err != nil {
 		return 0, err
 	}
 	return hc.pwriter.Write(b)
 }
 func (hc *h2Conn) Close() error {
 	if err := hc.pwriter.Close(); err != nil {
 		return err
 	}
 	if err := hc.ClientConn.Shutdown(hc.res.Request.Context()); err != nil {
 		return err
 	}
 	if err := hc.Conn.Close(); err != nil {
 		return err
 	}
 	return nil
 }
 func StreamH2Conn(conn net.Conn, cfg *H2Config) (net.Conn, error) {
 	transport := &http2.Transport{}
 	cconn, err := transport.NewClientConn(conn)
 	if err != nil {
 		return nil, err
 	}
 	return &h2Conn{
 		Conn:       conn,
 		ClientConn: cconn,
 		cfg:        cfg,
 	}, nil
 }
--- a/component/vmess/tls.go
+++ b/component/vmess/tls.go
@ -9,6 +9,7 @@ type TLSConfig struct {
 	Host           string
 	SkipCertVerify bool
 	SessionCache   tls.ClientSessionCache
 	NextProtos     []string
 }
 func StreamTLSConn(conn net.Conn, cfg *TLSConfig) (net.Conn, error) {
@ -16,6 +17,7 @@ func StreamTLSConn(conn net.Conn, cfg *TLSConfig) (net.Conn, error) {
 		ServerName:         cfg.Host,
 		InsecureSkipVerify: cfg.SkipCertVerify,
 		ClientSessionCache: cfg.SessionCache,
 		NextProtos:         cfg.NextProtos,
 	}
 	tlsConn := tls.Client(conn, tlsConfig)
--- a/component/vmess/vmess.go
+++ b/component/vmess/vmess.go
@ -1,12 +1,10 @@
 package vmess
 import (
 	"crypto/tls"
 	"fmt"
 	"math/rand"
 	"net"
 	"runtime"
 	"sync"
 	"github.com/gofrs/uuid"
 )
@ -37,11 +35,6 @@ var CipherMapping = map[string]byte{
 	"chacha20-poly1305": SecurityCHACHA20POLY1305,
 }
 var (
 	clientSessionCache tls.ClientSessionCache
 	once               sync.Once
 )
 // Command types
 const (
 	CommandTCP byte = 1
@ -106,7 +99,7 @@ func NewClient(config Config) (*Client, error) {
 			security = SecurityAES128GCM
 		}
 	default:
-		return nil, fmt.Errorf("Unknown security type: %s", config.Security)
+		return nil, fmt.Errorf("unknown security type: %s", config.Security)
 	}
 	return &Client{
--- a/component/vmess/websocket.go
+++ b/component/vmess/websocket.go
@ -31,6 +31,7 @@ type WebsocketConfig struct {
 	Headers        http.Header
 	TLS            bool
 	SkipCertVerify bool
 	ServerName     string
 	SessionCache   tls.ClientSessionCache
 }
@ -72,7 +73,7 @@ func (wsc *websocketConn) Close() error {
 		errors = append(errors, err.Error())
 	}
 	if len(errors) > 0 {
-		return fmt.Errorf("Failed to close connection: %s", strings.Join(errors, ","))
+		return fmt.Errorf("failed to close connection: %s", strings.Join(errors, ","))
 	}
 	return nil
 }
@ -132,7 +133,9 @@ func StreamWebsocketConn(conn net.Conn, c *WebsocketConfig) (net.Conn, error) {
 			ClientSessionCache: c.SessionCache,
 		}
-		if host := c.Headers.Get("Host"); host != "" {
+		if c.ServerName != "" {
 			dialer.TLSClientConfig.ServerName = c.ServerName
 		} else if host := c.Headers.Get("Host"); host != "" {
 			dialer.TLSClientConfig.ServerName = host
 		}
 	}
@ -156,7 +159,7 @@ func StreamWebsocketConn(conn net.Conn, c *WebsocketConfig) (net.Conn, error) {
 		if resp != nil {
 			reason = resp.Status
 		}
-		return nil, fmt.Errorf("Dial %s error: %s", uri.Host, reason)
+		return nil, fmt.Errorf("dial %s error: %s", uri.Host, reason)
 	}
 	return &websocketConn{
--- a/config/config.go
+++ b/config/config.go
@ -12,8 +12,8 @@ import (
 	"github.com/Dreamacro/clash/adapters/outboundgroup"
 	"github.com/Dreamacro/clash/adapters/provider"
 	"github.com/Dreamacro/clash/component/auth"
 	trie "github.com/Dreamacro/clash/component/domain-trie"
 	"github.com/Dreamacro/clash/component/fakeip"
 	"github.com/Dreamacro/clash/component/trie"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/dns"
 	"github.com/Dreamacro/clash/log"
@ -25,17 +25,30 @@ import (
 // General config
 type General struct {
-	Port               int          `json:"port"`
+	Inbound
-	SocksPort          int          `json:"socks-port"`
+	Controller
-	RedirPort          int          `json:"redir-port"`
+	Mode      T.TunnelMode `json:"mode"`
-	Authentication     []string     `json:"authentication"`
+	LogLevel  log.LogLevel `json:"log-level"`
-	AllowLan           bool         `json:"allow-lan"`
+	IPv6      bool         `json:"ipv6"`
-	BindAddress        string       `json:"bind-address"`
+	Interface string       `json:"interface-name"`
-	Mode               T.TunnelMode `json:"mode"`
+}
-	LogLevel           log.LogLevel `json:"log-level"`
+
-	ExternalController string       `json:"-"`
+// Inbound
-	ExternalUI         string       `json:"-"`
+type Inbound struct {
-	Secret             string       `json:"-"`
+	Port           int      `json:"port"`
 	SocksPort      int      `json:"socks-port"`
 	RedirPort      int      `json:"redir-port"`
 	MixedPort      int      `json:"mixed-port"`
 	Authentication []string `json:"authentication"`
 	AllowLan       bool     `json:"allow-lan"`
 	BindAddress    string   `json:"bind-address"`
 }
 // Controller
 type Controller struct {
 	ExternalController string `json:"-"`
 	ExternalUI         string `json:"-"`
 	Secret             string `json:"-"`
 }
 // DNS config
@ -49,26 +62,25 @@ type DNS struct {
 	EnhancedMode      dns.EnhancedMode `yaml:"enhanced-mode"`
 	DefaultNameserver []dns.NameServer `yaml:"default-nameserver"`
 	FakeIPRange       *fakeip.Pool
 	Hosts             *trie.DomainTrie
 }
 // FallbackFilter config
 type FallbackFilter struct {
 	GeoIP  bool         `yaml:"geoip"`
 	IPCIDR []*net.IPNet `yaml:"ipcidr"`
 	Domain []string     `yaml:"domain"`
 }
 // Experimental config
-type Experimental struct {
+type Experimental struct{}
 	IgnoreResolveFail bool   `yaml:"ignore-resolve-fail"`
 	Interface         string `yaml:"interface-name"`
 }
 // Config is clash config manager
 type Config struct {
 	General      *General
 	DNS          *DNS
 	Experimental *Experimental
-	Hosts        *trie.Trie
+	Hosts        *trie.DomainTrie
 	Rules        []C.Rule
 	Users        []auth.AuthUser
 	Proxies      map[string]C.Proxy
@ -78,6 +90,7 @@ type Config struct {
 type RawDNS struct {
 	Enable            bool              `yaml:"enable"`
 	IPv6              bool              `yaml:"ipv6"`
 	UseHosts          bool              `yaml:"use-hosts"`
 	NameServer        []string          `yaml:"nameserver"`
 	Fallback          []string          `yaml:"fallback"`
 	FallbackFilter    RawFallbackFilter `yaml:"fallback-filter"`
@ -91,20 +104,24 @@ type RawDNS struct {
 type RawFallbackFilter struct {
 	GeoIP  bool     `yaml:"geoip"`
 	IPCIDR []string `yaml:"ipcidr"`
 	Domain []string `yaml:"domain"`
 }
 type RawConfig struct {
 	Port               int          `yaml:"port"`
 	SocksPort          int          `yaml:"socks-port"`
 	RedirPort          int          `yaml:"redir-port"`
 	MixedPort          int          `yaml:"mixed-port"`
 	Authentication     []string     `yaml:"authentication"`
 	AllowLan           bool         `yaml:"allow-lan"`
 	BindAddress        string       `yaml:"bind-address"`
 	Mode               T.TunnelMode `yaml:"mode"`
 	LogLevel           log.LogLevel `yaml:"log-level"`
 	IPv6               bool         `yaml:"ipv6"`
 	ExternalController string       `yaml:"external-controller"`
 	ExternalUI         string       `yaml:"external-ui"`
 	Secret             string       `yaml:"secret"`
 	Interface          string       `yaml:"interface-name"`
 	ProxyProvider map[string]map[string]interface{} `yaml:"proxy-providers"`
 	Hosts         map[string]string                 `yaml:"hosts"`
@ -113,12 +130,6 @@ type RawConfig struct {
 	Proxy         []map[string]interface{}          `yaml:"proxies"`
 	ProxyGroup    []map[string]interface{}          `yaml:"proxy-groups"`
 	Rule          []string                          `yaml:"rules"`
 	// remove after 1.0
 	ProxyProviderOld map[string]map[string]interface{} `yaml:"proxy-provider"`
 	ProxyOld         []map[string]interface{}          `yaml:"Proxy"`
 	ProxyGroupOld    []map[string]interface{}          `yaml:"Proxy Group"`
 	RuleOld          []string                          `yaml:"Rule"`
 }
 // Parse config
@ -143,11 +154,9 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) {
 		Rule:           []string{},
 		Proxy:          []map[string]interface{}{},
 		ProxyGroup:     []map[string]interface{}{},
 		Experimental: Experimental{
 			IgnoreResolveFail: true,
 		},
 		DNS: RawDNS{
 			Enable:      false,
 			UseHosts:    true,
 			FakeIPRange: "198.18.0.1/16",
 			FallbackFilter: RawFallbackFilter{
 				GeoIP:  true,
@ -158,11 +167,6 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) {
 				"8.8.8.8",
 			},
 		},
 		// remove after 1.0
 		RuleOld:       []string{},
 		ProxyOld:      []map[string]interface{}{},
 		ProxyGroupOld: []map[string]interface{}{},
 	}
 	if err := yaml.Unmarshal(buf, &rawCfg); err != nil {
@ -196,35 +200,27 @@ func ParseRawConfig(rawCfg *RawConfig) (*Config, error) {
 	}
 	config.Rules = rules
 	dnsCfg, err := parseDNS(rawCfg.DNS)
 	if err != nil {
 		return nil, err
 	}
 	config.DNS = dnsCfg
 	hosts, err := parseHosts(rawCfg)
 	if err != nil {
 		return nil, err
 	}
 	config.Hosts = hosts
 	dnsCfg, err := parseDNS(rawCfg.DNS, hosts)
 	if err != nil {
 		return nil, err
 	}
 	config.DNS = dnsCfg
 	config.Users = parseAuthentication(rawCfg.Authentication)
 	return config, nil
 }
 func parseGeneral(cfg *RawConfig) (*General, error) {
 	port := cfg.Port
 	socksPort := cfg.SocksPort
 	redirPort := cfg.RedirPort
 	allowLan := cfg.AllowLan
 	bindAddress := cfg.BindAddress
 	externalController := cfg.ExternalController
 	externalUI := cfg.ExternalUI
 	secret := cfg.Secret
 	mode := cfg.Mode
 	logLevel := cfg.LogLevel
 	// checkout externalUI exist
 	if externalUI != "" {
 		externalUI = C.Path.Resolve(externalUI)
@ -233,19 +229,25 @@ func parseGeneral(cfg *RawConfig) (*General, error) {
 		}
 	}
-	general := &General{
+	return &General{
-		Port:               port,
+		Inbound: Inbound{
-		SocksPort:          socksPort,
+			Port:        cfg.Port,
-		RedirPort:          redirPort,
+			SocksPort:   cfg.SocksPort,
-		AllowLan:           allowLan,
+			RedirPort:   cfg.RedirPort,
-		BindAddress:        bindAddress,
+			MixedPort:   cfg.MixedPort,
-		Mode:               mode,
+			AllowLan:    cfg.AllowLan,
-		LogLevel:           logLevel,
+			BindAddress: cfg.BindAddress,
-		ExternalController: externalController,
+		},
-		ExternalUI:         externalUI,
+		Controller: Controller{
-		Secret:             secret,
+			ExternalController: cfg.ExternalController,
-	}
+			ExternalUI:         cfg.ExternalUI,
-	return general, nil
+			Secret:             cfg.Secret,
 		},
 		Mode:      cfg.Mode,
 		LogLevel:  cfg.LogLevel,
 		IPv6:      cfg.IPv6,
 		Interface: cfg.Interface,
 	}, nil
 }
 func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[string]provider.ProxyProvider, err error) {
@ -256,18 +258,6 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
 	groupsConfig := cfg.ProxyGroup
 	providersConfig := cfg.ProxyProvider
 	if len(proxiesConfig) == 0 {
 		proxiesConfig = cfg.ProxyOld
 	}
 	if len(groupsConfig) == 0 {
 		groupsConfig = cfg.ProxyGroupOld
 	}
 	if len(providersConfig) == 0 {
 		providersConfig = cfg.ProxyProviderOld
 	}
 	proxies["DIRECT"] = outbound.NewProxy(outbound.NewDirect())
 	proxies["REJECT"] = outbound.NewProxy(outbound.NewReject())
 	proxyList = append(proxyList, "DIRECT", "REJECT")
@ -276,11 +266,11 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
 	for idx, mapping := range proxiesConfig {
 		proxy, err := outbound.ParseProxy(mapping)
 		if err != nil {
-			return nil, nil, fmt.Errorf("Proxy %d: %w", idx, err)
+			return nil, nil, fmt.Errorf("proxy %d: %w", idx, err)
 		}
 		if _, exist := proxies[proxy.Name()]; exist {
-			return nil, nil, fmt.Errorf("Proxy %s is the duplicate name", proxy.Name())
+			return nil, nil, fmt.Errorf("proxy %s is the duplicate name", proxy.Name())
 		}
 		proxies[proxy.Name()] = proxy
 		proxyList = append(proxyList, proxy.Name())
@ -290,7 +280,7 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
 	for idx, mapping := range groupsConfig {
 		groupName, existName := mapping["name"].(string)
 		if !existName {
-			return nil, nil, fmt.Errorf("ProxyGroup %d: missing name", idx)
+			return nil, nil, fmt.Errorf("proxy group %d: missing name", idx)
 		}
 		proxyList = append(proxyList, groupName)
 	}
@ -308,7 +298,7 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
 		pd, err := provider.ParseProxyProvider(name, mapping)
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, fmt.Errorf("parse proxy provider %s error: %w", name, err)
 		}
 		providersMap[name] = pd
@ -317,7 +307,7 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
 	for _, provider := range providersMap {
 		log.Infoln("Start initial provider %s", provider.Name())
 		if err := provider.Initial(); err != nil {
-			return nil, nil, err
+			return nil, nil, fmt.Errorf("initial proxy provider %s error: %w", provider.Name(), err)
 		}
 	}
@ -325,12 +315,12 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
 	for idx, mapping := range groupsConfig {
 		group, err := outboundgroup.ParseProxyGroup(mapping, proxies, providersMap)
 		if err != nil {
-			return nil, nil, fmt.Errorf("ProxyGroup[%d]: %w", idx, err)
+			return nil, nil, fmt.Errorf("proxy group[%d]: %w", idx, err)
 		}
 		groupName := group.Name()
 		if _, exist := proxies[groupName]; exist {
-			return nil, nil, fmt.Errorf("ProxyGroup %s: the duplicate name", groupName)
+			return nil, nil, fmt.Errorf("proxy group %s: the duplicate name", groupName)
 		}
 		proxies[groupName] = outbound.NewProxy(group)
@ -363,14 +353,8 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
 func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, error) {
 	rules := []C.Rule{}
 	rulesConfig := cfg.Rule
 	// remove after 1.0
 	if len(rulesConfig) == 0 {
 		rulesConfig = cfg.RuleOld
 	}
 	// parse rules
 	for idx, line := range rulesConfig {
 		rule := trimArr(strings.Split(line, ","))
@ -391,53 +375,23 @@ func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, error) {
 			target = rule[2]
 			params = rule[3:]
 		default:
-			return nil, fmt.Errorf("Rules[%d] [%s] error: format invalid", idx, line)
+			return nil, fmt.Errorf("rules[%d] [%s] error: format invalid", idx, line)
 		}
 		if _, ok := proxies[target]; !ok {
-			return nil, fmt.Errorf("Rules[%d] [%s] error: proxy [%s] not found", idx, line, target)
+			return nil, fmt.Errorf("rules[%d] [%s] error: proxy [%s] not found", idx, line, target)
 		}
 		rule = trimArr(rule)
 		params = trimArr(params)
 		var (
 			parseErr error
 			parsed   C.Rule
 		)
 		switch rule[0] {
 		case "DOMAIN":
 			parsed = R.NewDomain(payload, target)
 		case "DOMAIN-SUFFIX":
 			parsed = R.NewDomainSuffix(payload, target)
 		case "DOMAIN-KEYWORD":
 			parsed = R.NewDomainKeyword(payload, target)
 		case "GEOIP":
 			noResolve := R.HasNoResolve(params)
 			parsed = R.NewGEOIP(payload, target, noResolve)
 		case "IP-CIDR", "IP-CIDR6":
 			noResolve := R.HasNoResolve(params)
 			parsed, parseErr = R.NewIPCIDR(payload, target, R.WithIPCIDRNoResolve(noResolve))
 		// deprecated when bump to 1.0
 		case "SOURCE-IP-CIDR":
 			fallthrough
 		case "SRC-IP-CIDR":
 			parsed, parseErr = R.NewIPCIDR(payload, target, R.WithIPCIDRSourceIP(true), R.WithIPCIDRNoResolve(true))
 		case "SRC-PORT":
 			parsed, parseErr = R.NewPort(payload, target, true)
 		case "DST-PORT":
 			parsed, parseErr = R.NewPort(payload, target, false)
 		case "MATCH":
 			fallthrough
 		// deprecated when bump to 1.0
 		case "FINAL":
 			parsed = R.NewMatch(target)
 		default:
 			parseErr = fmt.Errorf("unsupported rule type %s", rule[0])
 		}
 		parsed, parseErr := R.ParseRule(rule[0], payload, target, params)
 		if parseErr != nil {
-			return nil, fmt.Errorf("Rules[%d] [%s] error: %s", idx, line, parseErr.Error())
+			if parseErr == R.ErrPlatformNotSupport {
 				log.Warnln("Rules[%d] [%s] don't support current OS, skip", idx, line)
 				continue
 			}
 			return nil, fmt.Errorf("rules[%d] [%s] error: %s", idx, line, parseErr.Error())
 		}
 		rules = append(rules, parsed)
@ -446,8 +400,14 @@ func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, error) {
 	return rules, nil
 }
-func parseHosts(cfg *RawConfig) (*trie.Trie, error) {
+func parseHosts(cfg *RawConfig) (*trie.DomainTrie, error) {
 	tree := trie.New()
 	// add default hosts
 	if err := tree.Insert("localhost", net.IP{127, 0, 0, 1}); err != nil {
 		log.Errorln("insert localhost to host error: %s", err.Error())
 	}
 	if len(cfg.Hosts) != 0 {
 		for domain, ipStr := range cfg.Hosts {
 			ip := net.ParseIP(ipStr)
@ -539,9 +499,9 @@ func parseFallbackIPCIDR(ips []string) ([]*net.IPNet, error) {
 	return ipNets, nil
 }
-func parseDNS(cfg RawDNS) (*DNS, error) {
+func parseDNS(cfg RawDNS, hosts *trie.DomainTrie) (*DNS, error) {
 	if cfg.Enable && len(cfg.NameServer) == 0 {
-		return nil, fmt.Errorf("If DNS configuration is turned on, NameServer cannot be empty")
+		return nil, fmt.Errorf("if DNS configuration is turned on, NameServer cannot be empty")
 	}
 	dnsCfg := &DNS{
@ -582,7 +542,7 @@ func parseDNS(cfg RawDNS) (*DNS, error) {
 			return nil, err
 		}
-		var host *trie.Trie
+		var host *trie.DomainTrie
 		// fake ip skip host filter
 		if len(cfg.FakeIPFilter) != 0 {
 			host = trie.New()
@ -603,6 +563,11 @@ func parseDNS(cfg RawDNS) (*DNS, error) {
 	if fallbackip, err := parseFallbackIPCIDR(cfg.FallbackFilter.IPCIDR); err == nil {
 		dnsCfg.FallbackFilter.IPCIDR = fallbackip
 	}
 	dnsCfg.FallbackFilter.Domain = cfg.FallbackFilter.Domain
 	if cfg.UseHosts {
 		dnsCfg.Hosts = hosts
 	}
 	return dnsCfg, nil
 }
--- a/config/initial.go
+++ b/config/initial.go
@ -32,18 +32,18 @@ func initMMDB() error {
 	if _, err := os.Stat(C.Path.MMDB()); os.IsNotExist(err) {
 		log.Infoln("Can't find MMDB, start download")
 		if err := downloadMMDB(C.Path.MMDB()); err != nil {
-			return fmt.Errorf("Can't download MMDB: %s", err.Error())
+			return fmt.Errorf("can't download MMDB: %s", err.Error())
 		}
 	}
 	if !mmdb.Verify() {
 		log.Warnln("MMDB invalid, remove and download")
 		if err := os.Remove(C.Path.MMDB()); err != nil {
-			return fmt.Errorf("Can't remove invalid MMDB: %s", err.Error())
+			return fmt.Errorf("can't remove invalid MMDB: %s", err.Error())
 		}
 		if err := downloadMMDB(C.Path.MMDB()); err != nil {
-			return fmt.Errorf("Can't download MMDB: %s", err.Error())
+			return fmt.Errorf("can't download MMDB: %s", err.Error())
 		}
 	}
@ -55,7 +55,7 @@ func Init(dir string) error {
 	// initial homedir
 	if _, err := os.Stat(dir); os.IsNotExist(err) {
 		if err := os.MkdirAll(dir, 0777); err != nil {
-			return fmt.Errorf("Can't create config directory %s: %s", dir, err.Error())
+			return fmt.Errorf("can't create config directory %s: %s", dir, err.Error())
 		}
 	}
@ -64,7 +64,7 @@ func Init(dir string) error {
 		log.Infoln("Can't find config, create a initial config file")
 		f, err := os.OpenFile(C.Path.Config(), os.O_CREATE|os.O_WRONLY, 0644)
 		if err != nil {
-			return fmt.Errorf("Can't create file %s: %s", C.Path.Config(), err.Error())
+			return fmt.Errorf("can't create file %s: %s", C.Path.Config(), err.Error())
 		}
 		f.Write([]byte(`port: 7890`))
 		f.Close()
@ -72,7 +72,7 @@ func Init(dir string) error {
 	// initial mmdb
 	if err := initMMDB(); err != nil {
-		return fmt.Errorf("Can't initial MMDB: %w", err)
+		return fmt.Errorf("can't initial MMDB: %w", err)
 	}
 	return nil
 }
--- a/config/utils.go
+++ b/config/utils.go
@ -15,15 +15,6 @@ func trimArr(arr []string) (r []string) {
 	return
 }
 func or(pointers ...*int) *int {
 	for _, p := range pointers {
 		if p != nil {
 			return p
 		}
 	}
 	return pointers[len(pointers)-1]
 }
 // Check if ProxyGroups form DAG(Directed Acyclic Graph), and sort all ProxyGroups by dependency order.
 // Meanwhile, record the original index in the config file.
 // If loop is detected, return an error with location of loop.
@ -153,5 +144,5 @@ func proxyGroupsDagSort(groupsConfig []map[string]interface{}) error {
 		loopElements = append(loopElements, name)
 		delete(graph, name)
 	}
-	return fmt.Errorf("Loop is detected in ProxyGroup, please check following ProxyGroups: %v", loopElements)
+	return fmt.Errorf("loop is detected in ProxyGroup, please check following ProxyGroups: %v", loopElements)
 }
--- a/constant/adapters.go
+++ b/constant/adapters.go
@ -13,6 +13,7 @@ const (
 	Reject
 	Shadowsocks
 	ShadowsocksR
 	Snell
 	Socks5
 	Http
@ -57,7 +58,8 @@ type Conn interface {
 type PacketConn interface {
 	net.PacketConn
 	Connection
-	WriteWithMetadata(p []byte, metadata *Metadata) (n int, err error)
+	// Deprecate WriteWithMetadata because of remote resolve DNS cause TURN failed
 	// WriteWithMetadata(p []byte, metadata *Metadata) (n int, err error)
 }
 type ProxyAdapter interface {
@ -99,6 +101,8 @@ func (at AdapterType) String() string {
 	case Shadowsocks:
 		return "Shadowsocks"
 	case ShadowsocksR:
 		return "ShadowsocksR"
 	case Snell:
 		return "Snell"
 	case Socks5:
--- a/constant/metadata.go
+++ b/constant/metadata.go
@ -23,8 +23,8 @@ const (
 type NetWork int
-func (n *NetWork) String() string {
+func (n NetWork) String() string {
-	if *n == TCP {
+	if n == TCP {
 		return "tcp"
 	}
 	return "udp"
--- a/constant/rule.go
+++ b/constant/rule.go
@ -10,6 +10,7 @@ const (
 	SrcIPCIDR
 	SrcPort
 	DstPort
 	Process
 	MATCH
 )
@ -33,6 +34,8 @@ func (rt RuleType) String() string {
 		return "SrcPort"
 	case DstPort:
 		return "DstPort"
 	case Process:
 		return "Process"
 	case MATCH:
 		return "Match"
 	default:
@ -45,5 +48,5 @@ type Rule interface {
 	Match(metadata *Metadata) bool
 	Adapter() string
 	Payload() string
-	NoResolveIP() bool
+	ShouldResolveIP() bool
 }
--- a/dns/doh.go
+++ b/dns/doh.go
@ -44,7 +44,7 @@ func (dc *dohClient) newRequest(m *D.Msg) (*http.Request, error) {
 		return nil, err
 	}
-	req, err := http.NewRequest(http.MethodPost, dc.url+"?bla=foo:443", bytes.NewReader(buf))
+	req, err := http.NewRequest(http.MethodPost, dc.url, bytes.NewReader(buf))
 	if err != nil {
 		return req, err
 	}
@ -75,7 +75,8 @@ func newDoHClient(url string, r *Resolver) *dohClient {
 	return &dohClient{
 		url: url,
 		transport: &http.Transport{
-			TLSClientConfig: &tls.Config{ClientSessionCache: globalSessionCache},
+			TLSClientConfig:   &tls.Config{ClientSessionCache: globalSessionCache},
 			ForceAttemptHTTP2: true,
 			DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
 				host, port, err := net.SplitHostPort(addr)
 				if err != nil {
--- a/dns/enhancer.go
+++ b/dns/enhancer.go
@ -0,0 +1,76 @@
 package dns
 import (
 	"net"
 	"github.com/Dreamacro/clash/common/cache"
 	"github.com/Dreamacro/clash/component/fakeip"
 )
 type ResolverEnhancer struct {
 	mode     EnhancedMode
 	fakePool *fakeip.Pool
 	mapping  *cache.LruCache
 }
 func (h *ResolverEnhancer) FakeIPEnabled() bool {
 	return h.mode == FAKEIP
 }
 func (h *ResolverEnhancer) MappingEnabled() bool {
 	return h.mode == FAKEIP || h.mode == MAPPING
 }
 func (h *ResolverEnhancer) IsFakeIP(ip net.IP) bool {
 	if !h.FakeIPEnabled() {
 		return false
 	}
 	if pool := h.fakePool; pool != nil {
 		return pool.Exist(ip)
 	}
 	return false
 }
 func (h *ResolverEnhancer) FindHostByIP(ip net.IP) (string, bool) {
 	if pool := h.fakePool; pool != nil {
 		if host, existed := pool.LookBack(ip); existed {
 			return host, true
 		}
 	}
 	if mapping := h.mapping; mapping != nil {
 		if host, existed := h.mapping.Get(ip.String()); existed {
 			return host.(string), true
 		}
 	}
 	return "", false
 }
 func (h *ResolverEnhancer) PatchFrom(o *ResolverEnhancer) {
 	if h.mapping != nil && o.mapping != nil {
 		o.mapping.CloneTo(h.mapping)
 	}
 	if h.fakePool != nil && o.fakePool != nil {
 		h.fakePool.PatchFrom(o.fakePool)
 	}
 }
 func NewEnhancer(cfg Config) *ResolverEnhancer {
 	var fakePool *fakeip.Pool
 	var mapping *cache.LruCache
 	if cfg.EnhancedMode != NORMAL {
 		fakePool = cfg.Pool
 		mapping = cache.NewLRUCache(cache.WithSize(4096), cache.WithStale(true))
 	}
 	return &ResolverEnhancer{
 		mode:     cfg.EnhancedMode,
 		fakePool: fakePool,
 		mapping:  mapping,
 	}
 }
--- a/dns/filters.go
+++ b/dns/filters.go
@ -4,9 +4,10 @@ import (
 	"net"
 	"github.com/Dreamacro/clash/component/mmdb"
 	"github.com/Dreamacro/clash/component/trie"
 )
-type fallbackFilter interface {
+type fallbackIPFilter interface {
 	Match(net.IP) bool
 }
@ -24,3 +25,22 @@ type ipnetFilter struct {
 func (inf *ipnetFilter) Match(ip net.IP) bool {
 	return inf.ipnet.Contains(ip)
 }
 type fallbackDomainFilter interface {
 	Match(domain string) bool
 }
 type domainFilter struct {
 	tree *trie.DomainTrie
 }
 func NewDomainFilter(domains []string) *domainFilter {
 	df := domainFilter{tree: trie.New()}
 	for _, domain := range domains {
 		df.tree.Insert(domain, "")
 	}
 	return &df
 }
 func (df *domainFilter) Match(domain string) bool {
 	return df.tree.Search(domain) != nil
 }
--- a/dns/middleware.go
+++ b/dns/middleware.go
@ -1,22 +1,112 @@
 package dns
 import (
 	"net"
 	"strings"
 	"time"
 	"github.com/Dreamacro/clash/common/cache"
 	"github.com/Dreamacro/clash/component/fakeip"
 	"github.com/Dreamacro/clash/component/trie"
 	"github.com/Dreamacro/clash/log"
 	D "github.com/miekg/dns"
 )
-type handler func(w D.ResponseWriter, r *D.Msg)
+type handler func(r *D.Msg) (*D.Msg, error)
 type middleware func(next handler) handler
 func withHosts(hosts *trie.DomainTrie) middleware {
 	return func(next handler) handler {
 		return func(r *D.Msg) (*D.Msg, error) {
 			q := r.Question[0]
 			if !isIPRequest(q) {
 				return next(r)
 			}
 			record := hosts.Search(strings.TrimRight(q.Name, "."))
 			if record == nil {
 				return next(r)
 			}
 			ip := record.Data.(net.IP)
 			msg := r.Copy()
 			if v4 := ip.To4(); v4 != nil && q.Qtype == D.TypeA {
 				rr := &D.A{}
 				rr.Hdr = D.RR_Header{Name: q.Name, Rrtype: D.TypeA, Class: D.ClassINET, Ttl: dnsDefaultTTL}
 				rr.A = v4
 				msg.Answer = []D.RR{rr}
 			} else if v6 := ip.To16(); v6 != nil && q.Qtype == D.TypeAAAA {
 				rr := &D.AAAA{}
 				rr.Hdr = D.RR_Header{Name: q.Name, Rrtype: D.TypeAAAA, Class: D.ClassINET, Ttl: dnsDefaultTTL}
 				rr.AAAA = v6
 				msg.Answer = []D.RR{rr}
 			} else {
 				return next(r)
 			}
 			msg.SetRcode(r, D.RcodeSuccess)
 			msg.Authoritative = true
 			msg.RecursionAvailable = true
 			return msg, nil
 		}
 	}
 }
 func withMapping(mapping *cache.LruCache) middleware {
 	return func(next handler) handler {
 		return func(r *D.Msg) (*D.Msg, error) {
 			q := r.Question[0]
 			if !isIPRequest(q) {
 				return next(r)
 			}
 			msg, err := next(r)
 			if err != nil {
 				return nil, err
 			}
 			host := strings.TrimRight(q.Name, ".")
 			for _, ans := range msg.Answer {
 				var ip net.IP
 				var ttl uint32
 				switch a := ans.(type) {
 				case *D.A:
 					ip = a.A
 					ttl = a.Hdr.Ttl
 				case *D.AAAA:
 					ip = a.AAAA
 					ttl = a.Hdr.Ttl
 				default:
 					continue
 				}
 				mapping.SetWithExpire(ip.String(), host, time.Now().Add(time.Second*time.Duration(ttl)))
 			}
 			return msg, nil
 		}
 	}
 }
 func withFakeIP(fakePool *fakeip.Pool) middleware {
 	return func(next handler) handler {
-		return func(w D.ResponseWriter, r *D.Msg) {
+		return func(r *D.Msg) (*D.Msg, error) {
 			q := r.Question[0]
 			host := strings.TrimRight(q.Name, ".")
 			if fakePool.LookupHost(host) {
 				return next(r)
 			}
 			if q.Qtype == D.TypeAAAA {
 				msg := &D.Msg{}
 				msg.Answer = []D.RR{}
@ -25,17 +115,9 @@ func withFakeIP(fakePool *fakeip.Pool) middleware {
 				msg.Authoritative = true
 				msg.RecursionAvailable = true
-				w.WriteMsg(msg)
+				return msg, nil
 				return
 			} else if q.Qtype != D.TypeA {
-				next(w, r)
+				return next(r)
 				return
 			}
 			host := strings.TrimRight(q.Name, ".")
 			if fakePool.LookupHost(host) {
 				next(w, r)
 				return
 			}
 			rr := &D.A{}
@ -50,25 +132,36 @@ func withFakeIP(fakePool *fakeip.Pool) middleware {
 			msg.Authoritative = true
 			msg.RecursionAvailable = true
-			w.WriteMsg(msg)
+			return msg, nil
 			return
 		}
 	}
 }
 func withResolver(resolver *Resolver) handler {
-	return func(w D.ResponseWriter, r *D.Msg) {
+	return func(r *D.Msg) (*D.Msg, error) {
 		q := r.Question[0]
 		// return a empty AAAA msg when ipv6 disabled
 		if !resolver.ipv6 && q.Qtype == D.TypeAAAA {
 			msg := &D.Msg{}
 			msg.Answer = []D.RR{}
 			msg.SetRcode(r, D.RcodeSuccess)
 			msg.Authoritative = true
 			msg.RecursionAvailable = true
 			return msg, nil
 		}
 		msg, err := resolver.Exchange(r)
 		if err != nil {
 			q := r.Question[0]
 			log.Debugln("[DNS Server] Exchange %s failed: %v", q.String(), err)
-			D.HandleFailed(w, r)
+			return msg, err
 			return
 		}
 		msg.SetRcode(r, msg.Rcode)
 		msg.Authoritative = true
-		w.WriteMsg(msg)
+
-		return
+		return msg, nil
 	}
 }
@ -83,11 +176,19 @@ func compose(middlewares []middleware, endpoint handler) handler {
 	return h
 }
-func newHandler(resolver *Resolver) handler {
+func newHandler(resolver *Resolver, mapper *ResolverEnhancer) handler {
 	middlewares := []middleware{}
-	if resolver.FakeIPEnabled() {
+	if resolver.hosts != nil {
-		middlewares = append(middlewares, withFakeIP(resolver.pool))
+		middlewares = append(middlewares, withHosts(resolver.hosts))
 	}
 	if mapper.mode == FAKEIP {
 		middlewares = append(middlewares, withFakeIP(mapper.fakePool))
 	}
 	if mapper.mode != NORMAL {
 		middlewares = append(middlewares, withMapping(mapper.mapping))
 	}
 	return compose(middlewares, withResolver(resolver))
--- a/dns/resolver.go
+++ b/dns/resolver.go
@ -14,6 +14,7 @@ import (
 	"github.com/Dreamacro/clash/common/picker"
 	"github.com/Dreamacro/clash/component/fakeip"
 	"github.com/Dreamacro/clash/component/resolver"
 	"github.com/Dreamacro/clash/component/trie"
 	D "github.com/miekg/dns"
 	"golang.org/x/sync/singleflight"
@ -34,15 +35,14 @@ type result struct {
 }
 type Resolver struct {
-	ipv6            bool
+	ipv6                  bool
-	mapping         bool
+	hosts                 *trie.DomainTrie
-	fakeip          bool
+	main                  []dnsClient
-	pool            *fakeip.Pool
+	fallback              []dnsClient
-	main            []dnsClient
+	fallbackDomainFilters []fallbackDomainFilter
-	fallback        []dnsClient
+	fallbackIPFilters     []fallbackIPFilter
-	fallbackFilters []fallbackFilter
+	group                 singleflight.Group
-	group           singleflight.Group
+	lruCache              *cache.LruCache
 	lruCache        *cache.LruCache
 }
 // ResolveIP request with TypeA and TypeAAAA, priority return TypeA
@ -80,8 +80,8 @@ func (r *Resolver) ResolveIPv6(host string) (ip net.IP, err error) {
 	return r.resolveIP(host, D.TypeAAAA)
 }
-func (r *Resolver) shouldFallback(ip net.IP) bool {
+func (r *Resolver) shouldIPFallback(ip net.IP) bool {
-	for _, filter := range r.fallbackFilters {
+	for _, filter := range r.fallbackIPFilters {
 		if filter.Match(ip) {
 			return true
 		}
@ -104,7 +104,7 @@ func (r *Resolver) Exchange(m *D.Msg) (msg *D.Msg, err error) {
 			setMsgTTL(msg, uint32(1)) // Continue fetch
 			go r.exchangeWithoutCache(m)
 		} else {
-			setMsgTTL(msg, uint32(expireTime.Sub(time.Now()).Seconds()))
+			setMsgTTL(msg, uint32(time.Until(expireTime).Seconds()))
 		}
 		return
 	}
@ -115,24 +115,20 @@ func (r *Resolver) Exchange(m *D.Msg) (msg *D.Msg, err error) {
 func (r *Resolver) exchangeWithoutCache(m *D.Msg) (msg *D.Msg, err error) {
 	q := m.Question[0]
-	defer func() {
+	ret, err, shared := r.group.Do(q.String(), func() (result interface{}, err error) {
-		if msg == nil {
+		defer func() {
-			return
+			if err != nil {
-		}
+				return
 		putMsgToCache(r.lruCache, q.String(), msg)
 		if r.mapping {
 			ips := r.msgToIP(msg)
 			for _, ip := range ips {
 				putMsgToCache(r.lruCache, ip.String(), msg)
 			}
 		}
 	}()
-	ret, err, shared := r.group.Do(q.String(), func() (interface{}, error) {
+			msg := result.(*D.Msg)
 			putMsgToCache(r.lruCache, q.String(), msg)
 		}()
 		isIPReq := isIPRequest(q)
 		if isIPReq {
-			return r.fallbackExchange(m)
+			return r.ipExchange(m)
 		}
 		return r.batchExchange(r.main, m)
@ -148,37 +144,6 @@ func (r *Resolver) exchangeWithoutCache(m *D.Msg) (msg *D.Msg, err error) {
 	return
 }
 // IPToHost return fake-ip or redir-host mapping host
 func (r *Resolver) IPToHost(ip net.IP) (string, bool) {
 	if r.fakeip {
 		return r.pool.LookBack(ip)
 	}
 	cache, _ := r.lruCache.Get(ip.String())
 	if cache == nil {
 		return "", false
 	}
 	fqdn := cache.(*D.Msg).Question[0].Name
 	return strings.TrimRight(fqdn, "."), true
 }
 func (r *Resolver) IsMapping() bool {
 	return r.mapping
 }
 // FakeIPEnabled returns if fake-ip is enabled
 func (r *Resolver) FakeIPEnabled() bool {
 	return r.fakeip
 }
 // IsFakeIP determine if given ip is a fake-ip
 func (r *Resolver) IsFakeIP(ip net.IP) bool {
 	if r.FakeIPEnabled() {
 		return r.pool.Exist(ip)
 	}
 	return false
 }
 func (r *Resolver) batchExchange(clients []dnsClient, m *D.Msg) (msg *D.Msg, err error) {
 	fast, ctx := picker.WithTimeout(context.Background(), time.Second*5)
 	for _, client := range clients {
@ -196,7 +161,7 @@ func (r *Resolver) batchExchange(clients []dnsClient, m *D.Msg) (msg *D.Msg, err
 	elm := fast.Wait()
 	if elm == nil {
-		err := errors.New("All DNS requests failed")
+		err := errors.New("all DNS requests failed")
 		if fErr := fast.Error(); fErr != nil {
 			err = fmt.Errorf("%w, first error: %s", err, fErr.Error())
 		}
@ -207,19 +172,49 @@ func (r *Resolver) batchExchange(clients []dnsClient, m *D.Msg) (msg *D.Msg, err
 	return
 }
-func (r *Resolver) fallbackExchange(m *D.Msg) (msg *D.Msg, err error) {
+func (r *Resolver) shouldOnlyQueryFallback(m *D.Msg) bool {
 	if r.fallback == nil || len(r.fallbackDomainFilters) == 0 {
 		return false
 	}
 	domain := r.msgToDomain(m)
 	if domain == "" {
 		return false
 	}
 	for _, df := range r.fallbackDomainFilters {
 		if df.Match(domain) {
 			return true
 		}
 	}
 	return false
 }
 func (r *Resolver) ipExchange(m *D.Msg) (msg *D.Msg, err error) {
 	onlyFallback := r.shouldOnlyQueryFallback(m)
 	if onlyFallback {
 		res := <-r.asyncExchange(r.fallback, m)
 		return res.Msg, res.Error
 	}
 	msgCh := r.asyncExchange(r.main, m)
-	if r.fallback == nil {
+
 	if r.fallback == nil { // directly return if no fallback servers are available
 		res := <-msgCh
 		msg, err = res.Msg, res.Error
 		return
 	}
 	fallbackMsg := r.asyncExchange(r.fallback, m)
 	res := <-msgCh
 	if res.Error == nil {
 		if ips := r.msgToIP(res.Msg); len(ips) != 0 {
-			if !r.shouldFallback(ips[0]) {
+			if !r.shouldIPFallback(ips[0]) {
-				msg = res.Msg
+				msg = res.Msg // no need to wait for fallback result
 				err = res.Error
 				return msg, err
 			}
@ -277,6 +272,14 @@ func (r *Resolver) msgToIP(msg *D.Msg) []net.IP {
 	return ips
 }
 func (r *Resolver) msgToDomain(msg *D.Msg) string {
 	if len(msg.Question) > 0 {
 		return strings.TrimRight(msg.Question[0].Name, ".")
 	}
 	return ""
 }
 func (r *Resolver) asyncExchange(client []dnsClient, msg *D.Msg) <-chan *result {
 	ch := make(chan *result, 1)
 	go func() {
@ -294,6 +297,7 @@ type NameServer struct {
 type FallbackFilter struct {
 	GeoIP  bool
 	IPCIDR []*net.IPNet
 	Domain []string
 }
 type Config struct {
@ -303,9 +307,10 @@ type Config struct {
 	EnhancedMode   EnhancedMode
 	FallbackFilter FallbackFilter
 	Pool           *fakeip.Pool
 	Hosts          *trie.DomainTrie
 }
-func New(config Config) *Resolver {
+func NewResolver(config Config) *Resolver {
 	defaultResolver := &Resolver{
 		main:     transform(config.Default, nil),
 		lruCache: cache.NewLRUCache(cache.WithSize(4096), cache.WithStale(true)),
@ -315,23 +320,26 @@ func New(config Config) *Resolver {
 		ipv6:     config.IPv6,
 		main:     transform(config.Main, defaultResolver),
 		lruCache: cache.NewLRUCache(cache.WithSize(4096), cache.WithStale(true)),
-		mapping:  config.EnhancedMode == MAPPING,
+		hosts:    config.Hosts,
 		fakeip:   config.EnhancedMode == FAKEIP,
 		pool:     config.Pool,
 	}
 	if len(config.Fallback) != 0 {
 		r.fallback = transform(config.Fallback, defaultResolver)
 	}
-	fallbackFilters := []fallbackFilter{}
+	fallbackIPFilters := []fallbackIPFilter{}
 	if config.FallbackFilter.GeoIP {
-		fallbackFilters = append(fallbackFilters, &geoipFilter{})
+		fallbackIPFilters = append(fallbackIPFilters, &geoipFilter{})
 	}
 	for _, ipnet := range config.FallbackFilter.IPCIDR {
-		fallbackFilters = append(fallbackFilters, &ipnetFilter{ipnet: ipnet})
+		fallbackIPFilters = append(fallbackIPFilters, &ipnetFilter{ipnet: ipnet})
 	}
 	r.fallbackIPFilters = fallbackIPFilters
 	if len(config.FallbackFilter.Domain) != 0 {
 		fallbackDomainFilters := []fallbackDomainFilter{NewDomainFilter(config.FallbackFilter.Domain)}
 		r.fallbackDomainFilters = fallbackDomainFilters
 	}
 	r.fallbackFilters = fallbackFilters
 	return r
 }
--- a/dns/server.go
+++ b/dns/server.go
@ -4,6 +4,7 @@ import (
 	"net"
 	"github.com/Dreamacro/clash/common/sockopt"
 	"github.com/Dreamacro/clash/log"
 	D "github.com/miekg/dns"
 )
@ -26,22 +27,29 @@ func (s *Server) ServeDNS(w D.ResponseWriter, r *D.Msg) {
 		return
 	}
-	s.handler(w, r)
+	msg, err := s.handler(r)
 	if err != nil {
 		D.HandleFailed(w, r)
 		return
 	}
 	w.WriteMsg(msg)
 }
 func (s *Server) setHandler(handler handler) {
 	s.handler = handler
 }
-func ReCreateServer(addr string, resolver *Resolver) error {
+func ReCreateServer(addr string, resolver *Resolver, mapper *ResolverEnhancer) error {
 	if addr == address && resolver != nil {
-		handler := newHandler(resolver)
+		handler := newHandler(resolver, mapper)
 		server.setHandler(handler)
 		return nil
 	}
 	if server.Server != nil {
 		server.Shutdown()
 		server = &Server{}
 		address = ""
 	}
@ -62,11 +70,11 @@ func ReCreateServer(addr string, resolver *Resolver) error {
 	err = sockopt.UDPReuseaddr(p)
 	if err != nil {
-		return err
+		log.Warnln("Failed to Reuse UDP Address: %s", err)
 	}
 	address = addr
-	handler := newHandler(resolver)
+	handler := newHandler(resolver, mapper)
 	server = &Server{handler: handler}
 	server.Server = &D.Server{Addr: addr, PacketConn: p, Handler: server}
--- a/dns/util.go
+++ b/dns/util.go
@ -89,7 +89,7 @@ func putMsgToCache(c *cache.LruCache, key string, msg *D.Msg) {
 	case len(msg.Extra) != 0:
 		ttl = msg.Extra[0].Header().Ttl
 	default:
-		log.Debugln("[DNS] response msg error: %#v", msg)
+		log.Debugln("[DNS] response msg empty: %#v", msg)
 		return
 	}
@ -111,10 +111,7 @@ func setMsgTTL(msg *D.Msg, ttl uint32) {
 }
 func isIPRequest(q D.Question) bool {
-	if q.Qclass == D.ClassINET && (q.Qtype == D.TypeA || q.Qtype == D.TypeAAAA) {
+	return q.Qclass == D.ClassINET && (q.Qtype == D.TypeA || q.Qtype == D.TypeAAAA)
 		return true
 	}
 	return false
 }
 func transform(servers []NameServer, resolver *Resolver) []dnsClient {
--- a/go.mod
+++ b/go.mod
@ -3,20 +3,21 @@ module github.com/Dreamacro/clash
 go 1.14
 require (
-	github.com/Dreamacro/go-shadowsocks2 v0.1.5
+	github.com/Dreamacro/go-shadowsocks2 v0.1.6
 	github.com/eapache/queue v1.1.0 // indirect
-	github.com/go-chi/chi v4.1.1+incompatible
+	github.com/go-chi/chi v4.1.2+incompatible
 	github.com/go-chi/cors v1.1.1
 	github.com/go-chi/render v1.0.1
 	github.com/gofrs/uuid v3.3.0+incompatible
 	github.com/gorilla/websocket v1.4.2
-	github.com/miekg/dns v1.1.29
+	github.com/miekg/dns v1.1.31
 	github.com/oschwald/geoip2-golang v1.4.0
 	github.com/sirupsen/logrus v1.6.0
-	github.com/stretchr/testify v1.5.1
+	github.com/stretchr/testify v1.6.1
-	golang.org/x/crypto v0.0.0-20200429183012-4b2356b1ed79
+	golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
-	golang.org/x/net v0.0.0-20200506145744-7e3656a0809f
+	golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc
-	golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a
+	golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208
 	golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed
 	gopkg.in/eapache/channels.v1 v1.1.0
-	gopkg.in/yaml.v2 v2.2.8
+	gopkg.in/yaml.v2 v2.3.0
 )
--- a/go.sum
+++ b/go.sum
@ -1,12 +1,12 @@
-github.com/Dreamacro/go-shadowsocks2 v0.1.5 h1:BizWSjmwzAyQoslz6YhJYMiAGT99j9cnm9zlxVr+kyI=
+github.com/Dreamacro/go-shadowsocks2 v0.1.6 h1:PysSf9sLT3Qn8jhlin5v7Rk68gOQG4K5BZFY1nxLGxI=
-github.com/Dreamacro/go-shadowsocks2 v0.1.5/go.mod h1:LSXCjyHesPY3pLjhwff1mQX72ItcBT/N2xNC685cYeU=
+github.com/Dreamacro/go-shadowsocks2 v0.1.6/go.mod h1:LSXCjyHesPY3pLjhwff1mQX72ItcBT/N2xNC685cYeU=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/eapache/queue v1.1.0 h1:YOEu7KNc61ntiQlcEeUIoDTJ2o8mQznoNvUhiigpIqc=
 github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
-github.com/go-chi/chi v4.1.1+incompatible h1:MmTgB0R8Bt/jccxp+t6S/1VGIKdJw5J74CK/c9tTfA4=
+github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec=
-github.com/go-chi/chi v4.1.1+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
+github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
 github.com/go-chi/cors v1.1.1 h1:eHuqxsIw89iXcWnWUN8R72JMibABJTN/4IOYI5WERvw=
 github.com/go-chi/cors v1.1.1/go.mod h1:K2Yje0VW/SJzxiyMYu6iPQYa7hMjQX2i/F491VChg1I=
 github.com/go-chi/render v1.0.1 h1:4/5tis2cKaNdnv9zFLfXzcquC9HbeZgCnxGnKrltBS8=
@ -17,8 +17,8 @@ github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0U
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/miekg/dns v1.1.29 h1:xHBEhR+t5RzcFJjBLJlax2daXOrTYtr9z4WdKEfWFzg=
+github.com/miekg/dns v1.1.31 h1:sJFOl9BgwbYAWOGEwr61FU28pqsBNdpRBnhGXtO06Oo=
-github.com/miekg/dns v1.1.29/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
+github.com/miekg/dns v1.1.31/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
 github.com/oschwald/geoip2-golang v1.4.0 h1:5RlrjCgRyIGDz/mBmPfnAF4h8k0IAcRv9PvrpOfz+Ug=
 github.com/oschwald/geoip2-golang v1.4.0/go.mod h1:8QwxJvRImBH+Zl6Aa6MaIcs5YdlZSTKtzmPGzQqi9ng=
 github.com/oschwald/maxminddb-golang v1.6.0 h1:KAJSjdHQ8Kv45nFIbtoLGrGWqHFajOIm7skTyz/+Dls=
@ -30,29 +30,32 @@ github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrf
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
+github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200429183012-4b2356b1ed79 h1:IaQbIIB2X/Mp/DKctl6ROxz1KyMlKp4uyvL6+kQ7C88=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200429183012-4b2356b1ed79/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig=
 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200506145744-7e3656a0809f h1:QBjCr1Fz5kw158VqdE9JfI9cJnl/ymnJWAdMuinqL7Y=
+golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc h1:zK/HqS5bZxDptfPJNq8v7vJfXtkU7r9TLIoSr1bXaP4=
-golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a h1:WXEvlFVvvGxCJLG6REjsT03iWnKLEWinaScsxF2Vm2o=
+golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208 h1:qwRHBd0NqMbJxfbotnDhm2ByMI1Shq4Y6oRJo21SGJA=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191224085550-c709ea063b76/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed h1:J22ig1FUekjjkmZUM7pTKixYm8DvrYsvrBZdunYeIuQ=
 golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@ -61,5 +64,7 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/eapache/channels.v1 v1.1.0 h1:5bGAyKKvyCTWjSj7mhefG6Lc68VyN4MH1v8/7OoeeB4=
 gopkg.in/eapache/channels.v1 v1.1.0/go.mod h1:BHIBujSvu9yMTrTYbTCjDD43gUhtmaOtTWDe7sTv1js=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
+gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
--- a/hooks/pre_build
+++ b/hooks/pre_build
@ -1,4 +0,0 @@
 #!/bin/bash
 # Register qemu-*-static for all supported processors except the
 # current one, but also remove all registered binfmt_misc before
 docker run --rm --privileged multiarch/qemu-user-static:register --reset --credential yes
--- a/hub/executor/executor.go
+++ b/hub/executor/executor.go
@ -4,13 +4,13 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
-	"path/filepath"
+	"sync"
 	"github.com/Dreamacro/clash/adapters/provider"
 	"github.com/Dreamacro/clash/component/auth"
 	"github.com/Dreamacro/clash/component/dialer"
 	trie "github.com/Dreamacro/clash/component/domain-trie"
 	"github.com/Dreamacro/clash/component/resolver"
 	"github.com/Dreamacro/clash/component/trie"
 	"github.com/Dreamacro/clash/config"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/dns"
@ -20,36 +20,21 @@ import (
 	"github.com/Dreamacro/clash/tunnel"
 )
-// forward compatibility before 1.0
+var (
-func readRawConfig(path string) ([]byte, error) {
+	mux sync.Mutex
-	data, err := ioutil.ReadFile(path)
+)
 	if err == nil && len(data) != 0 {
 		return data, nil
 	}
 	if filepath.Ext(path) != ".yaml" {
 		return nil, err
 	}
 	path = path[:len(path)-5] + ".yml"
 	if _, fallbackErr := os.Stat(path); fallbackErr == nil {
 		return ioutil.ReadFile(path)
 	}
 	return data, err
 }
 func readConfig(path string) ([]byte, error) {
 	if _, err := os.Stat(path); os.IsNotExist(err) {
 		return nil, err
 	}
-	data, err := readRawConfig(path)
+	data, err := ioutil.ReadFile(path)
 	if err != nil {
 		return nil, err
 	}
 	if len(data) == 0 {
-		return nil, fmt.Errorf("Configuration file %s is empty", path)
+		return nil, fmt.Errorf("configuration file %s is empty", path)
 	}
 	return data, err
@ -77,10 +62,11 @@ func ParseWithBytes(buf []byte) (*config.Config, error) {
 // ApplyConfig dispatch configure to all parts
 func ApplyConfig(cfg *config.Config, force bool) {
 	mux.Lock()
 	defer mux.Unlock()
 	updateUsers(cfg.Users)
-	if force {
+	updateGeneral(cfg.General, force)
 		updateGeneral(cfg.General)
 	}
 	updateProxies(cfg.Proxies, cfg.Providers)
 	updateRules(cfg.Rules)
 	updateDNS(cfg.DNS)
@ -96,54 +82,59 @@ func GetGeneral() *config.General {
 	}
 	general := &config.General{
-		Port:           ports.Port,
+		Inbound: config.Inbound{
-		SocksPort:      ports.SocksPort,
+			Port:           ports.Port,
-		RedirPort:      ports.RedirPort,
+			SocksPort:      ports.SocksPort,
-		Authentication: authenticator,
+			RedirPort:      ports.RedirPort,
-		AllowLan:       P.AllowLan(),
+			MixedPort:      ports.MixedPort,
-		BindAddress:    P.BindAddress(),
+			Authentication: authenticator,
-		Mode:           tunnel.Mode(),
+			AllowLan:       P.AllowLan(),
-		LogLevel:       log.Level(),
+			BindAddress:    P.BindAddress(),
 		},
 		Mode:     tunnel.Mode(),
 		LogLevel: log.Level(),
 	}
 	return general
 }
-func updateExperimental(c *config.Config) {
+func updateExperimental(c *config.Config) {}
 	cfg := c.Experimental
 	tunnel.UpdateExperimental(cfg.IgnoreResolveFail)
 	if cfg.Interface != "" && c.DNS.Enable {
 		dialer.DialHook = dialer.DialerWithInterface(cfg.Interface)
 		dialer.ListenPacketHook = dialer.ListenPacketWithInterface(cfg.Interface)
 	} else {
 		dialer.DialHook = nil
 		dialer.ListenPacketHook = nil
 	}
 }
 func updateDNS(c *config.DNS) {
-	if c.Enable == false {
+	if !c.Enable {
 		resolver.DefaultResolver = nil
-		tunnel.SetResolver(nil)
+		resolver.DefaultHostMapper = nil
-		dns.ReCreateServer("", nil)
+		dns.ReCreateServer("", nil, nil)
 		return
 	}
-	r := dns.New(dns.Config{
+
 	cfg := dns.Config{
 		Main:         c.NameServer,
 		Fallback:     c.Fallback,
 		IPv6:         c.IPv6,
 		EnhancedMode: c.EnhancedMode,
 		Pool:         c.FakeIPRange,
 		Hosts:        c.Hosts,
 		FallbackFilter: dns.FallbackFilter{
 			GeoIP:  c.FallbackFilter.GeoIP,
 			IPCIDR: c.FallbackFilter.IPCIDR,
 			Domain: c.FallbackFilter.Domain,
 		},
 		Default: c.DefaultNameserver,
-	})
+	}
 	r := dns.NewResolver(cfg)
 	m := dns.NewEnhancer(cfg)
 	// reuse cache of old host mapper
 	if old := resolver.DefaultHostMapper; old != nil {
 		m.PatchFrom(old.(*dns.ResolverEnhancer))
 	}
 	resolver.DefaultResolver = r
-	tunnel.SetResolver(r)
+	resolver.DefaultHostMapper = m
-	if err := dns.ReCreateServer(c.Listen, r); err != nil {
+
 	if err := dns.ReCreateServer(c.Listen, r, m); err != nil {
 		log.Errorln("Start DNS server error: %s", err.Error())
 		return
 	}
@ -153,7 +144,7 @@ func updateDNS(c *config.DNS) {
 	}
 }
-func updateHosts(tree *trie.Trie) {
+func updateHosts(tree *trie.DomainTrie) {
 	resolver.DefaultHosts = tree
 }
@ -165,9 +156,22 @@ func updateRules(rules []C.Rule) {
 	tunnel.UpdateRules(rules)
 }
-func updateGeneral(general *config.General) {
+func updateGeneral(general *config.General, force bool) {
 	log.SetLevel(general.LogLevel)
 	tunnel.SetMode(general.Mode)
 	resolver.DisableIPv6 = !general.IPv6
 	if general.Interface != "" {
 		dialer.DialHook = dialer.DialerWithInterface(general.Interface)
 		dialer.ListenPacketHook = dialer.ListenPacketWithInterface(general.Interface)
 	} else {
 		dialer.DialHook = nil
 		dialer.ListenPacketHook = nil
 	}
 	if !force {
 		return
 	}
 	allowLan := general.AllowLan
 	P.SetAllowLan(allowLan)
@ -186,6 +190,10 @@ func updateGeneral(general *config.General) {
 	if err := P.ReCreateRedir(general.RedirPort); err != nil {
 		log.Errorln("Start Redir server error: %s", err.Error())
 	}
 	if err := P.ReCreateMixed(general.MixedPort); err != nil {
 		log.Errorln("Start Mixed(http and socks5) server error: %s", err.Error())
 	}
 }
 func updateUsers(users []auth.AuthUser) {
--- a/hub/hub.go
+++ b/hub/hub.go
@ -1,9 +1,9 @@
 package hub
 import (
 	"github.com/Dreamacro/clash/config"
 	"github.com/Dreamacro/clash/hub/executor"
 	"github.com/Dreamacro/clash/hub/route"
 	"github.com/Dreamacro/clash/config"
 )
 type Option func(*config.Config)
--- a/hub/route/configs.go
+++ b/hub/route/configs.go
@ -26,6 +26,7 @@ type configSchema struct {
 	Port        *int               `json:"port"`
 	SocksPort   *int               `json:"socks-port"`
 	RedirPort   *int               `json:"redir-port"`
 	MixedPort   *int               `json:"mixed-port"`
 	AllowLan    *bool              `json:"allow-lan"`
 	BindAddress *string            `json:"bind-address"`
 	Mode        *tunnel.TunnelMode `json:"mode"`
@ -65,6 +66,7 @@ func patchConfigs(w http.ResponseWriter, r *http.Request) {
 	P.ReCreateHTTP(pointerOrDefault(general.Port, ports.Port))
 	P.ReCreateSocks(pointerOrDefault(general.SocksPort, ports.SocksPort))
 	P.ReCreateRedir(pointerOrDefault(general.RedirPort, ports.RedirPort))
 	P.ReCreateMixed(pointerOrDefault(general.MixedPort, ports.MixedPort))
 	if general.Mode != nil {
 		tunnel.SetMode(*general.Mode)
--- a/hub/route/connections.go
+++ b/hub/route/connections.go
@ -63,6 +63,7 @@ func getConnections(w http.ResponseWriter, r *http.Request) {
 	}
 	tick := time.NewTicker(time.Millisecond * time.Duration(interval))
 	defer tick.Stop()
 	for range tick.C {
 		if err := sendSnapshot(); err != nil {
 			break
--- a/hub/route/server.go
+++ b/hub/route/server.go
@ -36,7 +36,7 @@ type Traffic struct {
 }
 func SetUIPath(path string) {
-	uiPath = path
+	uiPath = C.Path.Resolve(path)
 }
 func Start(addr string, secret string) {
@ -142,6 +142,7 @@ func traffic(w http.ResponseWriter, r *http.Request) {
 	}
 	tick := time.NewTicker(time.Second)
 	defer tick.Stop()
 	t := T.DefaultManager
 	buf := &bytes.Buffer{}
 	var err error
--- a/log/log.go
+++ b/log/log.go
@ -64,7 +64,6 @@ func Subscribe() observable.Subscription {
 func UnSubscribe(sub observable.Subscription) {
 	source.UnSubscribe(sub)
 	return
 }
 func Level() LogLevel {
--- a/main.go
+++ b/main.go
@ -10,7 +10,6 @@ import (
 	"syscall"
 	"github.com/Dreamacro/clash/config"
 	"github.com/Dreamacro/clash/constant"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/hub"
 	"github.com/Dreamacro/clash/hub/executor"
@ -76,10 +75,10 @@ func main() {
 	if testConfig {
 		if _, err := executor.Parse(); err != nil {
 			log.Errorln(err.Error())
-			fmt.Printf("configuration file %s test failed\n", constant.Path.Config())
+			fmt.Printf("configuration file %s test failed\n", C.Path.Config())
 			os.Exit(1)
 		}
-		fmt.Printf("configuration file %s test is successful\n", constant.Path.Config())
+		fmt.Printf("configuration file %s test is successful\n", C.Path.Config())
 		return
 	}
--- a/proxy/http/server.go
+++ b/proxy/http/server.go
@ -41,7 +41,7 @@ func NewHttpProxy(addr string) (*HttpListener, error) {
 				}
 				continue
 			}
-			go handleConn(c, hl.cache)
+			go HandleConn(c, hl.cache)
 		}
 	}()
@ -60,6 +60,7 @@ func (l *HttpListener) Address() string {
 func canActivate(loginStr string, authenticator auth.Authenticator, cache *cache.Cache) (ret bool) {
 	if result := cache.Get(loginStr); result != nil {
 		ret = result.(bool)
 		return
 	}
 	loginData, err := base64.StdEncoding.DecodeString(loginStr)
 	login := strings.Split(string(loginData), ":")
@ -69,7 +70,7 @@ func canActivate(loginStr string, authenticator auth.Authenticator, cache *cache
 	return
 }
-func handleConn(conn net.Conn, cache *cache.Cache) {
+func HandleConn(conn net.Conn, cache *cache.Cache) {
 	br := bufio.NewReader(conn)
 	request, err := http.ReadRequest(br)
 	if err != nil || request.URL.Host == "" {
@ -80,7 +81,7 @@ func handleConn(conn net.Conn, cache *cache.Cache) {
 	authenticator := authStore.Authenticator()
 	if authenticator != nil {
 		if authStrings := strings.Split(request.Header.Get("Proxy-Authorization"), " "); len(authStrings) != 2 {
-			_, err = conn.Write([]byte("HTTP/1.1 407 Proxy Authentication Required\r\nProxy-Authenticate: Basic\r\n\r\n"))
+			conn.Write([]byte("HTTP/1.1 407 Proxy Authentication Required\r\nProxy-Authenticate: Basic\r\n\r\n"))
 			conn.Close()
 			return
 		} else if !canActivate(authStrings[1], authenticator, cache) {
--- a/proxy/listener.go
+++ b/proxy/listener.go
@ -4,9 +4,11 @@ import (
 	"fmt"
 	"net"
 	"strconv"
 	"sync"
 	"github.com/Dreamacro/clash/log"
 	"github.com/Dreamacro/clash/proxy/http"
 	"github.com/Dreamacro/clash/proxy/mixed"
 	"github.com/Dreamacro/clash/proxy/redir"
 	"github.com/Dreamacro/clash/proxy/socks"
 )
@ -20,17 +22,21 @@ var (
 	httpListener     *http.HttpListener
 	redirListener    *redir.RedirListener
 	redirUDPListener *redir.RedirUDPListener
-)
+	mixedListener    *mixed.MixedListener
 	mixedUDPLister   *socks.SockUDPListener
-type listener interface {
+	// lock for recreate function
-	Close()
+	socksMux sync.Mutex
-	Address() string
+	httpMux  sync.Mutex
-}
+	redirMux sync.Mutex
 	mixedMux sync.Mutex
 )
 type Ports struct {
 	Port      int `json:"port"`
 	SocksPort int `json:"socks-port"`
 	RedirPort int `json:"redir-port"`
 	MixedPort int `json:"mixed-port"`
 }
 func AllowLan() bool {
@ -50,6 +56,9 @@ func SetBindAddress(host string) {
 }
 func ReCreateHTTP(port int) error {
 	httpMux.Lock()
 	defer httpMux.Unlock()
 	addr := genAddr(bindAddress, port, allowLan)
 	if httpListener != nil {
@ -74,6 +83,9 @@ func ReCreateHTTP(port int) error {
 }
 func ReCreateSocks(port int) error {
 	socksMux.Lock()
 	defer socksMux.Unlock()
 	addr := genAddr(bindAddress, port, allowLan)
 	shouldTCPIgnore := false
@ -123,6 +135,9 @@ func ReCreateSocks(port int) error {
 }
 func ReCreateRedir(port int) error {
 	redirMux.Lock()
 	defer redirMux.Unlock()
 	addr := genAddr(bindAddress, port, allowLan)
 	if redirListener != nil {
@ -159,6 +174,55 @@ func ReCreateRedir(port int) error {
 	return nil
 }
 func ReCreateMixed(port int) error {
 	mixedMux.Lock()
 	defer mixedMux.Unlock()
 	addr := genAddr(bindAddress, port, allowLan)
 	shouldTCPIgnore := false
 	shouldUDPIgnore := false
 	if mixedListener != nil {
 		if mixedListener.Address() != addr {
 			mixedListener.Close()
 			mixedListener = nil
 		} else {
 			shouldTCPIgnore = true
 		}
 	}
 	if mixedUDPLister != nil {
 		if mixedUDPLister.Address() != addr {
 			mixedUDPLister.Close()
 			mixedUDPLister = nil
 		} else {
 			shouldUDPIgnore = true
 		}
 	}
 	if shouldTCPIgnore && shouldUDPIgnore {
 		return nil
 	}
 	if portIsZero(addr) {
 		return nil
 	}
 	var err error
 	mixedListener, err = mixed.NewMixedProxy(addr)
 	if err != nil {
 		return err
 	}
 	mixedUDPLister, err = socks.NewSocksUDPProxy(addr)
 	if err != nil {
 		mixedListener.Close()
 		return err
 	}
 	return nil
 }
 // GetPorts return the ports of proxy servers
 func GetPorts() *Ports {
 	ports := &Ports{}
@ -181,6 +245,12 @@ func GetPorts() *Ports {
 		ports.RedirPort = port
 	}
 	if mixedListener != nil {
 		_, portStr, _ := net.SplitHostPort(mixedListener.Address())
 		port, _ := strconv.Atoi(portStr)
 		ports.MixedPort = port
 	}
 	return ports
 }
--- a/proxy/mixed/conn.go
+++ b/proxy/mixed/conn.go
@ -0,0 +1,41 @@
 package mixed
 import (
 	"bufio"
 	"net"
 )
 type BufferedConn struct {
 	r *bufio.Reader
 	net.Conn
 }
 func NewBufferedConn(c net.Conn) *BufferedConn {
 	return &BufferedConn{bufio.NewReader(c), c}
 }
 // Reader returns the internal bufio.Reader.
 func (c *BufferedConn) Reader() *bufio.Reader {
 	return c.r
 }
 // Peek returns the next n bytes without advancing the reader.
 func (c *BufferedConn) Peek(n int) ([]byte, error) {
 	return c.r.Peek(n)
 }
 func (c *BufferedConn) Read(p []byte) (int, error) {
 	return c.r.Read(p)
 }
 func (c *BufferedConn) ReadByte() (byte, error) {
 	return c.r.ReadByte()
 }
 func (c *BufferedConn) UnreadByte() error {
 	return c.r.UnreadByte()
 }
 func (c *BufferedConn) Buffered() int {
 	return c.r.Buffered()
 }
--- a/proxy/mixed/mixed.go
+++ b/proxy/mixed/mixed.go
@ -0,0 +1,69 @@
 package mixed
 import (
 	"net"
 	"time"
 	"github.com/Dreamacro/clash/common/cache"
 	"github.com/Dreamacro/clash/component/socks5"
 	"github.com/Dreamacro/clash/log"
 	"github.com/Dreamacro/clash/proxy/http"
 	"github.com/Dreamacro/clash/proxy/socks"
 )
 type MixedListener struct {
 	net.Listener
 	address string
 	closed  bool
 	cache   *cache.Cache
 }
 func NewMixedProxy(addr string) (*MixedListener, error) {
 	l, err := net.Listen("tcp", addr)
 	if err != nil {
 		return nil, err
 	}
 	ml := &MixedListener{l, addr, false, cache.New(30 * time.Second)}
 	go func() {
 		log.Infoln("Mixed(http+socks5) proxy listening at: %s", addr)
 		for {
 			c, err := ml.Accept()
 			if err != nil {
 				if ml.closed {
 					break
 				}
 				continue
 			}
 			go handleConn(c, ml.cache)
 		}
 	}()
 	return ml, nil
 }
 func (l *MixedListener) Close() {
 	l.closed = true
 	l.Listener.Close()
 }
 func (l *MixedListener) Address() string {
 	return l.address
 }
 func handleConn(conn net.Conn, cache *cache.Cache) {
 	bufConn := NewBufferedConn(conn)
 	head, err := bufConn.Peek(1)
 	if err != nil {
 		return
 	}
 	if head[0] == socks5.Version {
 		socks.HandleSocks(bufConn)
 		return
 	}
 	http.HandleConn(bufConn, cache)
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Dreamacro	d3b14c325f	Fix: the priority of fake-ip-filter	2020-10-09 00:04:24 +08:00
Loyalsoldier	4859b158b4	Chore: make builds reproducible (#1006 )	2020-10-08 17:54:38 +08:00
Dreamacro	d65b51c62b	Feature: http support custom sni	2020-10-02 11:34:40 +08:00
Melvin	a6444bb449	Feature: support domain in fallback filter (#964 )	2020-09-28 22:17:10 +08:00
Dreamacro	e09931dcf7	Chore: remove broken test temporarily	2020-09-26 20:36:52 +08:00
小傅Fox	5bd189f2d0	Feature: support VMess HTTP/2 transport (#903 )	2020-09-26 20:33:57 +08:00
Dreamacro	8766287e72	Chore: sync necessary changes from premium	2020-09-21 22:22:07 +08:00
Dreamacro	10f9571c9e	Fix: pool gc test	2020-09-21 00:44:47 +08:00
Kaming Chan	96a8259c42	Feature: support snell v2 (#952 ) Co-authored-by: Dreamacro <8615343+Dreamacro@users.noreply.github.com>	2020-09-21 00:33:13 +08:00
Dreamacro	68dd0622b8	Chore: code style	2020-09-20 15:53:27 +08:00
Kr328	558ac6b965	Chore: split enhanced mode instance (#936 ) Co-authored-by: Dreamacro <305009791@qq.com>	2020-09-17 10:48:42 +08:00
icpz	e773f95f21	Fix: PROCESS-NAME on FreeBSD 11.x (#947 )	2020-09-07 17:43:34 +08:00
Dreamacro	314ce1c249	Feature: vmess network http support TLS (https)	2020-09-04 21:27:19 +08:00
Kr328	13275b1aa6	Chore: use only one goroutine to handle statistic (#940 )	2020-09-03 10:30:18 +08:00
icpz	02d9169b5d	Fix: potential PCB buffer overflow on bsd systems (#941 )	2020-09-03 10:27:20 +08:00
Kr328	7631bcc99e	Improve: use atomic for connection statistic (#938 )	2020-09-02 16:34:12 +08:00
Dreamacro	a32ee13fc9	Feature: reuse dns resolver cache when hot reload	2020-08-31 00:32:18 +08:00
Dreamacro	b8ed738238	Chore: update actions version	2020-08-30 23:06:21 +08:00
Dreamacro	687c2a21cf	Fix: vmess UDP option should be effect	2020-08-30 22:49:55 +08:00
Loyalsoldier	ad18064e6b	Chore: code style (#933 )	2020-08-30 19:53:00 +08:00
Dreamacro	c9735ef75b	Fix: static check	2020-08-25 22:36:38 +08:00
Dreamacro	b70882f01a	Chore: add static check	2020-08-25 22:32:23 +08:00
Dreamacro	5805334ccd	Chore: pass staticcheck	2020-08-25 22:19:59 +08:00
R3pl4c3r	c1b4382fe8	Feature: add Windows ARM32 build (#902 ) Co-authored-by: MarksonHon <50002150+MarksonHon@users.noreply.github.com>	2020-08-16 13:50:56 +08:00
Dreamacro	008743f20b	Chore: update dependencies	2020-08-16 11:32:51 +08:00
Kr328	50d778da3c	Chore: cache process name when resolve failed (#900 )	2020-08-15 16:55:55 +08:00
goomadao	8b7c731fd6	Fix: ssr broken (#895 )	2020-08-12 20:50:56 +08:00
Dreamacro	0b7918de9c	Migration: go 1.15	2020-08-12 13:47:50 +08:00
maddie	4f61c04519	Fix: ssr typo (#887 )	2020-08-11 10:35:30 +08:00
Kr328	89cf06036d	Feature: dns server could lookup hosts (#872 )	2020-08-11 10:28:17 +08:00
goomadao	4ba6f248bc	Fix: ssr bounds out of range panic (#882 )	2020-08-11 10:17:40 +08:00
Fndroid	83a684c551	Change: adjust tolerance logic (#864 )	2020-08-06 20:12:03 +08:00
icpz	92a23f1eab	Feature: PROCESS-NAME for windows (#840 )	2020-08-06 19:59:20 +08:00
Dreamacro	622ac45258	Feature: PROCESS-NAME for freebsd (#855 )	2020-07-31 20:01:19 +08:00
icpz	791d203b5f	Fix: update cache if a process was found (#850 )	2020-07-30 17:15:06 +08:00
icpz	77d6f9ae6f	Fix: handle snell server reported error message properly (#848 )	2020-07-30 15:54:26 +08:00
icpz	b1d9dfd6bf	Improve: simplify macOS process searching	2020-07-29 11:27:18 +08:00
Kr328	6532947e71	Fix: invert should resolve ip (#836 )	2020-07-27 13:47:00 +08:00
Dreamacro	6c5f23f552	Merge branch 'dev' of github.com:Dreamacro/clash into dev	2020-07-27 11:58:02 +08:00
Dreamacro	78c3034158	Chore: rename NoResolveIP to ShouldResolveIP	2020-07-27 11:57:55 +08:00
ayanamist	8f0098092d	Fix: protect alive with atomic value (#834 )	2020-07-25 17:47:11 +08:00
goomadao	33a6579a3a	Feature: add ssr support (#805 ) * Refactor ssr stream cipher to expose iv and key References: https://github.com/Dreamacro/go-shadowsocks2 https://github.com/sh4d0wfiend/go-shadowsocksr2 * Implement ssr obfs Reference: https://github.com/mzz2017/shadowsocksR * Implement ssr protocol References: https://github.com/mzz2017/shadowsocksR https://github.com/shadowsocksRb/shadowsocksr-libev https://github.com/shadowsocksr-backup/shadowsocksr	2020-07-22 23:02:15 +08:00
Sandothers	b4221d4b74	Chore: README.md style fixed (#825 ) make every item in TODO list has the same style	2020-07-22 21:34:37 +08:00
Dreamacro	0e4b9daaad	Improve: add cache for macOS PROCESS-NAME	2020-07-22 20:35:27 +08:00
Dreamacro	ee72865f48	Fix: recycle buf on http obfs	2020-07-22 20:29:39 +08:00
Kr328	6521acf8f1	Improve: check uid on process search & fix typo (#824 )	2020-07-22 20:22:34 +08:00
Kr328	4f73410618	Feature: add PROCESS-NAME rule for linux (#822 )	2020-07-22 19:05:10 +08:00
Kr328	20eff200b1	Fix: dns should put msg to cache while exchangeWithoutCache (#820 )	2020-07-20 21:16:36 +08:00
Dreamacro	ae1e1dc9f6	Feature: support PROCESS-NAME on macOS	2020-07-19 13:18:23 +08:00
Dreamacro	cf9e1545a4	Improve: fix go test race detect	2020-07-18 20:56:13 +08:00
Dreamacro	6c7a8fffe0	Chore: should not write file on file provider	2020-07-18 19:32:40 +08:00
Dreamacro	3a3e2c05af	Chore: add rule payload in log	2020-07-18 19:22:09 +08:00
John Smith	02c7fd8d70	Fix: write msg cache multiple times (#812 ) Co-authored-by: john.xu <john.xu@bytedance.com>	2020-07-17 17:34:40 +08:00
Dreamacro	e6aa452b51	Fix: ticker leak	2020-07-13 00:25:54 +08:00
Dreamacro	35449bfa17	Feature: add github stale action	2020-07-09 10:27:05 +08:00
Dreamacro	acd51bbc90	Fix: obfs host should not have 80 port	2020-07-01 00:01:36 +08:00
Birkhoff Lee	f44cd9180c	Chore: update GitHub issue template	2020-06-30 13:55:26 +08:00
Birkhoff Lee	93c987a6cb	Fix: typo in dialer.go (#767 )	2020-06-28 10:59:04 +08:00
Birkhoff Lee	3f0584ac09	Chore: move documentations to wiki (#766 )	2020-06-28 10:39:30 +08:00
Dreamacro	59968fff1c	Fix: github actions tag build	2020-06-27 21:09:04 +08:00
Dreamacro	7c62fe41b4	Chore: remove forward compatibility code	2020-06-27 14:28:10 +08:00
Dreamacro	2781090405	Chore: move experimental features to stable	2020-06-27 14:19:31 +08:00
Kr328	14c9cf1b97	Fix: domain trie crash if not match in #758 (#762 )	2020-06-24 19:46:37 +08:00
Kr328	3dfff84cc3	Fix: domain trie should backtrack to parent if match fail (#758 )	2020-06-24 18:41:23 +08:00
Dreamacro	5f3db72422	Fix: docker multiplatform build	2020-06-21 12:38:14 +08:00
Dreamacro	18bb285a90	Fix: `external-ui` should relative with clash HomeDir	2020-06-18 21:33:57 +08:00
Dreamacro	60bad66bc3	Change: ipv6 logic	2020-06-18 18:11:02 +08:00
limgmk	99b34e8d8b	Fix: cannot listen socks5 port on wsl (#748 )	2020-06-15 10:34:15 +08:00
Kr328	9f1d85ab6e	Fix: fake-ip-filter on fakeip mode should lookup ip-host mapping (#743 )	2020-06-14 00:41:53 +08:00
Dreamacro	4323dd24d0	Fix: don't auto health check on provider health check disabled	2020-06-14 00:32:04 +08:00
Dreamacro	59bda1d547	Change: local resolve DNS in UDP request due to TURN failed	2020-06-12 23:39:03 +08:00
Dreamacro	1c760935f4	Chore: add error msg when dial vmess	2020-06-11 22:19:47 +08:00
Dreamacro	4f674755ce	Fix: trim . for socks5 host	2020-06-11 12:11:44 +08:00
Dreamacro	f1b792bd26	Fix: trim FQDN on http proxy request	2020-06-11 11:10:08 +08:00
Dreamacro	58c077b45e	Fix: actions tag replace	2020-06-08 13:53:04 +08:00
Dreamacro	1854199c47	Chore: update dependencies	2020-06-07 18:14:04 +08:00
Dreamacro	ecac8eb8e5	Fix: add lock for inbound proxy recreate	2020-06-07 17:57:41 +08:00
Dreamacro	48cff50a4c	Feature: connections add rule payload	2020-06-07 17:28:56 +08:00
Dreamacro	fb628e9c62	Feature: add default hosts `localhost`	2020-06-07 17:25:51 +08:00
Dreamacro	2dece02df6	Chore: code adjustments	2020-06-07 16:54:41 +08:00
Dreamacro	8f32e6a60f	Improve: safe write provider file	2020-06-07 00:36:54 +08:00
Dreamacro	98614a1f3f	Chore: move rule parser to `rules`	2020-06-05 17:43:50 +08:00
Dreamacro	c1b4c94b9c	Chore: remove unused hooks directory	2020-06-05 12:49:24 +08:00
Dreamacro	7ddbc12cdb	Chore: rm unused Dockerfile	2020-06-04 10:57:43 +08:00
Dreamacro	1a217e21e9	Chore: use actions build docker image	2020-06-04 10:38:30 +08:00
Dreamacro	147a7ce779	Fix: panic of socks5 client missing authentication	2020-06-03 18:49:57 +08:00
Dreamacro	fb0289bb4c	Chore: open ForceAttemptHTTP2 on DoH	2020-06-01 13:43:26 +08:00
Dreamacro	3e7970612a	Chore: provider error adjust	2020-06-01 00:39:41 +08:00
Dreamacro	46244a6496	Chore: `mode` use lower case (backward compatible)	2020-06-01 00:32:37 +08:00
Dreamacro	71d30e6654	Feature: support vmess tls custom servername	2020-06-01 00:27:04 +08:00
Dreamacro	008731c249	Fix: make os.Stat return correct err on provider	2020-05-29 21:56:29 +08:00
Dreamacro	5628f97da1	Feature: add tolerance for url-test	2020-05-29 17:47:50 +08:00
Dreamacro	8d0c6c6e66	Feature: domain trie support wildcard alias	2020-05-28 12:13:05 +08:00
Dreamacro	5073c3cde8	Chore: add trimpath for go build	2020-05-20 15:13:33 +08:00
bytew021	3a27cfc4a1	Feature: add Mixed(http+socks5) proxy listening (#685 )	2020-05-12 11:29:53 +08:00
Dreamacro	3638b077cd	Chore: update premium link	2020-05-08 21:52:17 +08:00