Chore: cache process name when resolve failed (#900 )

Fix: ssr broken (#895 )
Migration: go 1.15
2020-08-15 16:55:55 +08:00 · 2020-08-12 20:50:56 +08:00 · 2020-08-12 13:47:50 +08:00 · 2020-08-11 10:35:30 +08:00 · 2020-08-11 10:28:17 +08:00 · 2020-08-11 10:17:40 +08:00
190 changed files with 16112 additions and 2664 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -0,0 +1,100 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: "[Bug]"
+labels: ''
+assignees: ''
+
+---
+
+<!--
+感谢你向 Clash Core 提交 issue！
+在提交之前，请确认：
+
+- [ ] 如果你可以自己 debug 并解决的话，提交 PR 吧！
+- [ ] 我已经在 [Issue Tracker](……/) 中找过我要提出的问题
+- [ ] 我已经使用 dev 分支版本测试过，问题依旧存在
+- [ ] 我已经仔细看过 [Documentation](https://github.com/Dreamacro/clash/wiki/) 并无法自行解决问题
+- [ ] 这是 Clash 核心的问题，并非我所使用的 Clash 衍生版本（如 OpenClash、KoolClash 等）的特定问题
+
+请注意，如果你并没有遵照这个 issue template 填写内容，我们将直接关闭这个 issue。
+
+Thanks for opening an issue towards the Clash core!
+But before so, please do the following checklist:
+
+- [ ] Is this something you can **debug and fix**? Send a pull request! Bug fixes and documentation fixes are welcome.
+- [ ] I have searched on the [issue tracker](……/) for a related issue.
+- [ ] I have tested using the dev branch, and the issue still exists.
+- [ ] I have read the [documentation](https://github.com/Dreamacro/clash/wiki/) and was unable to solve the issue
+- [ ] This is an issue of the Clash core *per se*, not to the derivatives of Clash, like OpenClash or KoolClash
+
+Please understand that we close issues that fail to follow this issue template.
+-->
+
+------------------------------------------------------------------
+
+<!-- 
+请附上任何可以帮助我们解决这个问题的信息，如果我们收到的信息不足，我们将对这个 issue 加上 *Needs more information* 标记并在收到更多资讯之前关闭 issue。
+Make sure to add **all the information needed to understand the bug** so that someone can help. If the info is missing we'll add the 'Needs more information' label and close the issue until there is enough information.
+-->
+
+### Clash config
+<!--
+在下方附上 Clash core 脱敏后配置文件的内容
+Paste the Clash core configuration below.
+-->
+<details>
+  <summary>config.yaml</summary>
+
+```yaml
+……
+```
+
+</details>
+
+### Clash log
+<!--
+在下方附上 Clash Core 的日志，log level 使用 DEBUG
+Paste the Clash core log below with the log level set to `DEBUG`.
+-->
+```
+……
+```
+
+### 环境 Environment
+
+* 操作系统 (the OS that the Clash core is running on)
+……
+* 网路环境或拓扑 (network conditions/topology)
+……
+* iptables，如果适用 (if applicable)
+……
+* ISP 有没有进行 DNS 污染 (is your ISP performing DNS pollution?)
+……
+* 其他 (any other information that would be useful)
+……
+
+### 说明 Description
+
+<!--
+请详细、清晰地表达你要提出的论述，例如这个问题如何影响到你？你想实现什么功能？
+-->
+
+### 重现问题的具体布骤 Steps to Reproduce
+
+1. [First Step]
+2. [Second Step]
+3. ……
+
+**我预期会发生……？**
+<!-- **Expected behavior:** [What you expected to happen] -->
+
+**实际上发生了什么？**
+<!-- **Actual behavior:** [What actually happened] -->
+
+### 可能的解决方案 Possible Solution
+<!-- 此项非必须，但是如果你有想法的话欢迎提出。 -->
+<!-- Not obligatory, but suggest a fix/reason for the bug, -->
+<!-- or ideas how to implement the addition or change -->
+
+### 更多信息 More Information
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@ -0,0 +1,78 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: "[Feature]"
+labels: ''
+assignees: ''
+
+---
+
+<!-- The English version is available. -->
+感谢你向 Clash Core 提交 Feature Request！
+在提交之前，请确认：
+
+- [ ] 我已经在 [Issue Tracker](……/) 中找过我要提出的请求
+
+请注意，如果你并没有遵照这个 issue template 填写内容，我们将直接关闭这个 issue。
+
+<!--
+Thanks for submitting a feature request towards the Clash core!
+But before so, please do the following checklist:
+
+- [ ] I have searched on the [issue tracker](……/) before creating the issue.
+
+Please understand that we close issues that fail to follow the issue template.
+-->
+
+我都确认过了，我要继续提交。
+<!-- None of the above, create a feature request -->
+------------------------------------------------------------------
+
+请附上任何可以帮助我们解决这个问题的信息，如果我们收到的信息不足，我们将对这个 issue 加上 *Needs more information* 标记并在收到更多资讯之前关闭 issue。
+<!-- Make sure to add **all the information needed to understand the bug** so that someone can help. If the info is missing we'll add the 'Needs more information' label and close the issue until there is enough information. -->
+
+### Clash core config
+<!--
+在下方附上 Clash Core 脱敏后的配置内容
+Paste the Clash core configuration below.
+-->
+```
+……
+```
+
+### Clash log
+<!--
+在下方附上 Clash Core 的日志，log level 请使用 DEBUG
+Paste the Clash core log below with the log level set to `DEBUG`.
+-->
+```
+……
+```
+
+### 环境 Environment
+
+* Clash Core 的操作系统 (the OS that the Clash core is running on)
+……
+* 使用者的操作系统 (the OS running on the client)
+……
+* 网路环境或拓扑 (network conditions/topology)
+……
+* iptables，如果适用 (if applicable)
+……
+* ISP 有没有进行 DNS 污染 (is your ISP performing DNS pollution?)
+……
+* 其他
+……
+
+### 说明 Description
+
+<!--
+请详细、清晰地表达你要提出的论述，例如这个问题如何影响到你？你想实现什么功能？目前 Clash Core 的行为是什麽？
+-->
+
+### 可能的解决方案 Possible Solution
+<!-- 此项非必须，但是如果你有想法的话欢迎提出。 -->
+<!-- Not obligatory, but suggest a fix/reason for the bug, -->
+<!-- or ideas how to implement the addition or change -->
+
+### 更多信息 More Information
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -0,0 +1,53 @@
+name: Publish Docker Image
+on:
+  push:
+    branches:
+      - dev
+    tags:
+      - '*'
+jobs:
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Set up docker buildx
+        id: buildx
+        uses: crazy-max/ghaction-docker-buildx@v2
+        with:
+          buildx-version: latest
+          skip-cache: false
+          qemu-version: latest
+
+      - name: Docker login
+        env:
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+        run: |
+          echo "${DOCKER_PASSWORD}" | docker login --username "${DOCKER_USERNAME}" --password-stdin
+      
+      - name: Docker buildx image and push on dev branch
+        if: github.ref == 'refs/heads/dev'
+        run: |
+          docker buildx build --output "type=image,push=true" --platform=linux/amd64,linux/arm/v7,linux/arm64 --tag dreamacro/clash:dev .
+
+      - name: Replace tag without `v`
+        if: startsWith(github.ref, 'refs/tags/')
+        uses: actions/github-script@v1
+        id: version
+        with:
+          script: |
+            return context.payload.ref.replace(/\/?refs\/tags\/v/, '')
+          result-encoding: string
+
+      - name: Docker buildx image and push on release
+        if: startsWith(github.ref, 'refs/tags/')
+        run: |
+          docker buildx build --output "type=image,push=true" --platform=linux/amd64,linux/arm/v7,linux/arm64 --tag dreamacro/clash:${{steps.version.outputs.result}} .
+          docker buildx build --output "type=image,push=true" --platform=linux/amd64,linux/arm/v7,linux/arm64 --tag dreamacro/clash:latest .
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@ -0,0 +1,44 @@
+name: Go
+on: [push, pull_request]
+jobs:
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.15.x
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Cache go module
+        uses: actions/cache@v2
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+
+      - name: Get dependencies and run test
+        run: |
+          go test ./...
+
+      - name: Build
+        if: startsWith(github.ref, 'refs/tags/')
+        env:
+          NAME: clash
+          BINDIR: bin
+        run: make -j releases
+
+      - name: Upload Release
+        uses: softprops/action-gh-release@v1
+        if: startsWith(github.ref, 'refs/tags/')
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          files: bin/*
+          draft: true
+          prerelease: true
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -0,0 +1,19 @@
+  
+name: Mark stale issues and pull requests
+
+on:
+  schedule:
+    - cron: "30 1 * * *"
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/stale@v1
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          stale-issue-message: 'This issue is stale because it has been open 120 days with no activity. Remove stale label or comment or this will be closed in 5 days'
+          days-before-stale: 120
+          days-before-close: 5
--- a/.gitignore
+++ b/.gitignore
@ -4,6 +4,7 @@
 *.dll
 *.so
 *.dylib
+bin/*

 # Test binary, build with `go test -c`
 *.test
@ -13,3 +14,9 @@

 # dep
 vendor
+
+# GoLand
+.idea/*
+
+# macOS file
+.DS_Store
--- a/.travis.yml
+++ b/.travis.yml
@ -1,26 +0,0 @@
-language: go
-sudo: false
-go:
-  - "1.11"
-install:
-  - "go mod download"
-env:
-  global:
-    - NAME=clash
-    - BINDIR=bin
-    - GO111MODULE=on
-script:
-  - go test ./...
-before_deploy: make -j releases
-deploy:
-  provider: releases
-  prerelease: true
-  skip_cleanup: true
-  api_key:
-    secure: dp1tc1h0er7aaAZ1hY0Xk/cUKwB0ifsAjg6e0M/Ad5NC87oucP6ESNFkDu0e9rUS1yB826/VnVGzNE/Z5zdjXVzPft+g5v5oRxzI4BKLhf07t9s+x8Z+3sApTxdsC5BvcN9x+5yRbpDLQ3biDPxSFu86j7m2pkEWw6XYNZO3/5y+RZXX7zu+d4MzTLUaA2kWl7KQAP0tEJNuw9ACDhpkw7LYbU/8q3E76prOTeme5/AT6Gxj7XhKUNP27lazhhqBSWM14ybPANqojNLEfMFHN/Eu2phYO07MuLTd4zuOIuw9y65kgvTFcHRlORjwUhnviXyA69obQejjgDI1WDOtU4PqpFaSLrxWtKI6k5VNWHARYggDm/wKl0WG7F0Kgio1KiGGhDg2yrbseXr/zBNaDhBtTFh6XJffqqwmgby1PXB6PWwfvWXooJMaQiFZczLWeMBl8v6XbSN6jtMTh/PQlKai6BcDd4LM8GQ7VHpSeff4qXEU4Vpnadjgs8VDPOHng6/HV+wDs8q2LrlMbnxLWxbCjOMUB6w7YnSrwH9owzKSoUs/531I4tTCRQIgipJtTK2b881/8osVjdMGS1mDXhBWO+OM0LCAdORJz+kN4PIkXXvKLt6jX74k6z4M3swFaqqtlTduN2Yy/ErsjguQO1VZfHmcpNssmJXI5QB9sxA=
-  file: bin/*
-  file_glob: true
-  on:
-    repo: Dreamacro/clash
-    branch: master
-    tags: true
--- a/20
+++ b/20
@ -1,17 +1,17 @@
-FROM golang:latest as builder
-RUN wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz -O /tmp/GeoLite2-Country.tar.gz && \
-    tar zxvf /tmp/GeoLite2-Country.tar.gz -C /tmp && \
-    cp /tmp/GeoLite2-Country_*/GeoLite2-Country.mmdb /Country.mmdb
+FROM golang:alpine as builder
+
+RUN apk add --no-cache make git && \
+    wget -O /Country.mmdb https://github.com/Dreamacro/maxmind-geoip/releases/latest/download/Country.mmdb
 WORKDIR /clash-src
+COPY --from=tonistiigi/xx:golang / /
 COPY . /clash-src
 RUN go mod download && \
-    GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags '-w -s' -o /clash && \
-    chmod +x /clash
+    make docker && \
+    mv ./bin/clash-docker /clash

 FROM alpine:latest
-RUN apk --no-cache add ca-certificates && \
-    mkdir -p /root/.config/clash
+
+RUN apk add --no-cache ca-certificates
 COPY --from=builder /Country.mmdb /root/.config/clash/
-COPY --from=builder /clash .
-EXPOSE 7890 7891
+COPY --from=builder /clash /
 ENTRYPOINT ["/clash"]
--- a/687
+++ b/687
@ -1,21 +1,674 @@
-MIT License
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007

-Copyright (c) 2018 Dreamacro
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.

-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+                            Preamble

-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.

-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<https://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<https://www.gnu.org/licenses/why-not-lgpl.html>.
--- a/99
+++ b/99
@ -1,23 +1,100 @@
 NAME=clash
 BINDIR=bin
-GOBUILD=CGO_ENABLED=0 go build -ldflags '-w -s'
+VERSION=$(shell git describe --tags || echo "unknown version")
+BUILDTIME=$(shell date -u)
+GOBUILD=CGO_ENABLED=0 go build -trimpath -ldflags '-X "github.com/Dreamacro/clash/constant.Version=$(VERSION)" \
+		-X "github.com/Dreamacro/clash/constant.BuildTime=$(BUILDTIME)" \
+		-w -s'

-all: linux macos win64
+PLATFORM_LIST = \
+	darwin-amd64 \
+	linux-386 \
+	linux-amd64 \
+	linux-armv5 \
+	linux-armv6 \
+	linux-armv7 \
+	linux-armv8 \
+	linux-mips-softfloat \
+	linux-mips-hardfloat \
+	linux-mipsle-softfloat \
+	linux-mipsle-hardfloat \
+	linux-mips64 \
+	linux-mips64le \
+	freebsd-386 \
+	freebsd-amd64

-linux:
-	GOARCH=amd64 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+WINDOWS_ARCH_LIST = \
+	windows-386 \
+	windows-amd64

-macos:
+all: linux-amd64 darwin-amd64 windows-amd64 # Most used
+
+docker:
+	$(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+darwin-amd64:
 	GOARCH=amd64 GOOS=darwin $(GOBUILD) -o $(BINDIR)/$(NAME)-$@

-win64:
+linux-386:
+	GOARCH=386 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+linux-amd64:
+	GOARCH=amd64 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+linux-armv5:
+	GOARCH=arm GOOS=linux GOARM=5 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+linux-armv6:
+	GOARCH=arm GOOS=linux GOARM=6 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+linux-armv7:
+	GOARCH=arm GOOS=linux GOARM=7 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+linux-armv8:
+	GOARCH=arm64 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+linux-mips-softfloat:
+	GOARCH=mips GOMIPS=softfloat GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+linux-mips-hardfloat:
+	GOARCH=mips GOMIPS=hardfloat GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+linux-mipsle-softfloat:
+	GOARCH=mipsle GOMIPS=softfloat GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+linux-mipsle-hardfloat:
+	GOARCH=mipsle GOMIPS=hardfloat GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+linux-mips64:
+	GOARCH=mips64 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+linux-mips64le:
+	GOARCH=mips64le GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+freebsd-386:
+	GOARCH=386 GOOS=freebsd $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+freebsd-amd64:
+	GOARCH=amd64 GOOS=freebsd $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+windows-386:
+	GOARCH=386 GOOS=windows $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
+
+windows-amd64:
 	GOARCH=amd64 GOOS=windows $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe

-releases: linux macos win64
-	chmod +x $(BINDIR)/$(NAME)-*
-	gzip $(BINDIR)/$(NAME)-linux
-	gzip $(BINDIR)/$(NAME)-macos
-	zip -m -j $(BINDIR)/$(NAME)-win64.zip $(BINDIR)/$(NAME)-win64.exe
+gz_releases=$(addsuffix .gz, $(PLATFORM_LIST))
+zip_releases=$(addsuffix .zip, $(WINDOWS_ARCH_LIST))

+$(gz_releases): %.gz : %
+	chmod +x $(BINDIR)/$(NAME)-$(basename $@)
+	gzip -f -S -$(VERSION).gz $(BINDIR)/$(NAME)-$(basename $@)
+
+$(zip_releases): %.zip : %
+	zip -m -j $(BINDIR)/$(NAME)-$(basename $@)-$(VERSION).zip $(BINDIR)/$(NAME)-$(basename $@).exe
+
+all-arch: $(PLATFORM_LIST) $(WINDOWS_ARCH_LIST)
+
+releases: $(gz_releases) $(zip_releases)
 clean:
 	rm $(BINDIR)/*
--- a/README.md
+++ b/README.md
@ -1,19 +1,16 @@
 <h1 align="center">
  <img src="https://github.com/Dreamacro/clash/raw/master/docs/logo.png" alt="Clash" width="200">
-  <br>
-  Clash
-  <br>
+  <br>Clash<br>
 </h1>

-<h4 align="center">A rule based proxy in Go.</h4>
+<h4 align="center">A rule-based tunnel in Go.</h4>

 <p align="center">
-  <a href="https://travis-ci.org/Dreamacro/clash">
-    <img src="https://img.shields.io/travis/Dreamacro/clash.svg?style=flat-square"
-         alt="Travis-CI">
+  <a href="https://github.com/Dreamacro/clash/actions">
+    <img src="https://img.shields.io/github/workflow/status/Dreamacro/clash/Go?style=flat-square" alt="Github Actions">
  </a>
  <a href="https://goreportcard.com/report/github.com/Dreamacro/clash">
-      <img src="https://goreportcard.com/badge/github.com/Dreamacro/clash?style=flat-square">
+    <img src="https://goreportcard.com/badge/github.com/Dreamacro/clash?style=flat-square">
  </a>
  <a href="https://github.com/Dreamacro/clash/releases">
    <img src="https://img.shields.io/github/release/Dreamacro/clash/all.svg?style=flat-square">
@ -22,137 +19,33 @@

 ## Features

- HTTP/HTTPS and SOCKS proxy
- Surge like configuration
- GeoIP rule support
- Support Vmess/Shadowsocks/Socks5
- Support for Netfilter TCP redirect
+- Local HTTP/HTTPS/SOCKS server with authentication support
+- VMess, Shadowsocks, Trojan, Snell protocol support for remote connections
+- Built-in DNS server that aims to minimize DNS pollution attack impact, supports DoH/DoT upstream and fake IP.
+- Rules based off domains, GEOIP, IP CIDR or ports to forward packets to different nodes
+- Remote groups allow users to implement powerful rules. Supports automatic fallback, load balancing or auto select node based off latency
+- Remote providers, allowing users to get node lists remotely instead of hardcoding in config
+- Netfilter TCP redirecting. Deploy Clash on your Internet gateway with `iptables`.
+- Comprehensive HTTP RESTful API controller

-## Discussion
+## Getting Started
+Documentations are now moved to [GitHub Wiki](https://github.com/Dreamacro/clash/wiki).

-[Telegram Group](https://t.me/clash_discuss)
+## Credits

-## Install
-
-You can build from source:
-
-```sh
-go get -u -v github.com/Dreamacro/clash
-```
-
-Pre-built binaries are available: [release](https://github.com/Dreamacro/clash/releases)
-
-Requires Go >= 1.10.
-
-## Daemon
-
-Unfortunately, there is no native elegant way to implement golang's daemon.
-
-So we can use third-party daemon tools like pm2, supervisor, and so on.
-
-In the case of [pm2](https://github.com/Unitech/pm2), we can start the daemon this way:
-
-```sh
-pm2 start clash
-```
-
-If you have Docker installed, you can run clash directly using `docker-compose`.
-
-[Run clash in docker](https://github.com/Dreamacro/clash/wiki/Run-clash-in-docker)
-
-## Config
-
-**NOTE: after v0.8.0, clash using yaml as configuration file**
-
-The default configuration directory is `$HOME/.config/clash`
-
-The name of the configuration file is `config.yml`
-
-If you want to use another directory, you can use `-d` to control the configuration directory
-
-For example, you can use the current directory as the configuration directory
-
-```sh
-clash -d .
-```
-
-Below is a simple demo configuration file:
-
-```yml
-# port of HTTP
-port: 7890
-
-# port of SOCKS5
-socks-port: 7891
-
-# redir proxy for Linux and macOS
-# redir-port: 7892
-
-allow-lan: false
-
-# Rule / Global/ Direct (default is Rule)
-mode: Rule
-
-# set log level to stdout (default is info)
-# info / warning / error / debug
-log-level: info
-
-# A RESTful API for clash
-external-controller: 127.0.0.1:9090
-
-# Secret for RESTful API (Optional)
-secret: ""
-
-Proxy:
-
-# shadowsocks
-# The types of cipher are consistent with go-shadowsocks2
-# support AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AES-128-CTR AES-192-CTR AES-256-CTR AES-128-CFB AES-192-CFB AES-256-CFB CHACHA20-IETF XCHACHA20
-# In addition to what go-shadowsocks2 supports, it also supports chacha20 rc4-md5 xchacha20-ietf-poly1305
- { name: "ss1", type: ss, server: server, port: 443, cipher: AEAD_CHACHA20_POLY1305, password: "password" }
- { name: "ss2", type: ss, server: server, port: 443, cipher: AEAD_CHACHA20_POLY1305, password: "password", obfs: tls, obfs-host: bing.com }
-
-# vmess
-# cipher support auto/aes-128-gcm/chacha20-poly1305/none
- { name: "vmess1", type: vmess, server: server, port: 443, uuid: uuid, alterId: 32, cipher: auto }
- { name: "vmess2", type: vmess, server: server, port: 443, uuid: uuid, alterId: 32, cipher: auto, tls: true }
-
-# socks5
- { name: "socks", type: socks5, server: server, port: 443 }
-
-Proxy Group:
-# url-test select which proxy will be used by benchmarking speed to a URL.
- { name: "auto", type: url-test, proxies: ["ss1", "ss2", "vmess1"], url: http://www.gstatic.com/generate_204, interval: 300 }
-
-# fallback select an available policy by priority. The availability is tested by accessing an URL, just like an auto url-test group.
- { name: "fallback-auto", type: fallback, proxies: ["ss1", "ss2", "vmess1"], url: http://www.gstatic.com/generate_204, interval: 300 }
-
-# select is used for selecting proxy or proxy group
-# you can use RESTful API to switch proxy, is recommended for use in GUI.
- { name: "Proxy", type: select, proxies: ["ss1", "ss2", "vmess1", "auto"] }
-
-Rule:
- DOMAIN-SUFFIX,google.com,Proxy
- DOMAIN-KEYWORD,google,Proxy
- DOMAIN-SUFFIX,ad.com,REJECT
- GEOIP,CN,DIRECT
-# note: there is two ","
- FINAL,,Proxy
-```
-
-## Thanks
-
-[riobard/go-shadowsocks2](https://github.com/riobard/go-shadowsocks2)
-
-[v2ray/v2ray-core](https://github.com/v2ray/v2ray-core)
+* [riobard/go-shadowsocks2](https://github.com/riobard/go-shadowsocks2)
+* [v2ray/v2ray-core](https://github.com/v2ray/v2ray-core)

 ## License

+This software is released under the GPL-3.0 license.
+
 [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2FDreamacro%2Fclash.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2FDreamacro%2Fclash?ref=badge_large)

 ## TODO

 - [x] Complementing the necessary rule operators
 - [x] Redir proxy
- [ ] UDP support
- [ ] Connection manager
+- [x] UDP support
+- [x] Connection manager
+- [ ] ~~Event API~~
--- a/adapters/inbound/http.go
+++ b/adapters/inbound/http.go
@ -1,4 +1,4 @@
-package adapters
+package inbound

 import (
 	"net"
@ -10,32 +10,28 @@ import (

 // HTTPAdapter is a adapter for HTTP connection
 type HTTPAdapter struct {
+	net.Conn
 	metadata *C.Metadata
-	conn     net.Conn
 	R        *http.Request
 }

-// Close HTTP connection
-func (h *HTTPAdapter) Close() {
-	h.conn.Close()
-}
-
 // Metadata return destination metadata
 func (h *HTTPAdapter) Metadata() *C.Metadata {
 	return h.metadata
 }

-// Conn return raw net.Conn of HTTP
-func (h *HTTPAdapter) Conn() net.Conn {
-	return h.conn
-}
-
 // NewHTTP is HTTPAdapter generator
 func NewHTTP(request *http.Request, conn net.Conn) *HTTPAdapter {
+	metadata := parseHTTPAddr(request)
+	metadata.Type = C.HTTP
+	if ip, port, err := parseAddr(conn.RemoteAddr().String()); err == nil {
+		metadata.SrcIP = ip
+		metadata.SrcPort = port
+	}
 	return &HTTPAdapter{
-		metadata: parseHTTPAddr(request),
+		metadata: metadata,
 		R:        request,
-		conn:     conn,
+		Conn:     conn,
 	}
 }

--- a/adapters/inbound/https.go
+++ b/adapters/inbound/https.go
@ -1,14 +1,22 @@
-package adapters
+package inbound

 import (
 	"net"
 	"net/http"
+
+	C "github.com/Dreamacro/clash/constant"
 )

 // NewHTTPS is HTTPAdapter generator
 func NewHTTPS(request *http.Request, conn net.Conn) *SocketAdapter {
+	metadata := parseHTTPAddr(request)
+	metadata.Type = C.HTTPCONNECT
+	if ip, port, err := parseAddr(conn.RemoteAddr().String()); err == nil {
+		metadata.SrcIP = ip
+		metadata.SrcPort = port
+	}
 	return &SocketAdapter{
-		metadata: parseHTTPAddr(request),
-		conn:     conn,
+		metadata: metadata,
+		Conn:     conn,
 	}
 }
--- a/adapters/inbound/packet.go
+++ b/adapters/inbound/packet.go
@ -0,0 +1,33 @@
+package inbound
+
+import (
+	"github.com/Dreamacro/clash/component/socks5"
+	C "github.com/Dreamacro/clash/constant"
+)
+
+// PacketAdapter is a UDP Packet adapter for socks/redir/tun
+type PacketAdapter struct {
+	C.UDPPacket
+	metadata *C.Metadata
+}
+
+// Metadata returns destination metadata
+func (s *PacketAdapter) Metadata() *C.Metadata {
+	return s.metadata
+}
+
+// NewPacket is PacketAdapter generator
+func NewPacket(target socks5.Addr, packet C.UDPPacket, source C.Type) *PacketAdapter {
+	metadata := parseSocksAddr(target)
+	metadata.NetWork = C.UDP
+	metadata.Type = source
+	if ip, port, err := parseAddr(packet.LocalAddr().String()); err == nil {
+		metadata.SrcIP = ip
+		metadata.SrcPort = port
+	}
+
+	return &PacketAdapter{
+		UDPPacket: packet,
+		metadata:  metadata,
+	}
+}
--- a/adapters/inbound/socket.go
+++ b/adapters/inbound/socket.go
@ -1,37 +1,35 @@
-package adapters
+package inbound

 import (
 	"net"

+	"github.com/Dreamacro/clash/component/socks5"
 	C "github.com/Dreamacro/clash/constant"
-	"github.com/Dreamacro/go-shadowsocks2/socks"
 )

 // SocketAdapter is a adapter for socks and redir connection
 type SocketAdapter struct {
-	conn     net.Conn
+	net.Conn
 	metadata *C.Metadata
 }

-// Close socks and redir connection
-func (s *SocketAdapter) Close() {
-	s.conn.Close()
-}
-
 // Metadata return destination metadata
 func (s *SocketAdapter) Metadata() *C.Metadata {
 	return s.metadata
 }

-// Conn return raw net.Conn
-func (s *SocketAdapter) Conn() net.Conn {
-	return s.conn
-}
-
 // NewSocket is SocketAdapter generator
-func NewSocket(target socks.Addr, conn net.Conn) *SocketAdapter {
+func NewSocket(target socks5.Addr, conn net.Conn, source C.Type) *SocketAdapter {
+	metadata := parseSocksAddr(target)
+	metadata.NetWork = C.TCP
+	metadata.Type = source
+	if ip, port, err := parseAddr(conn.RemoteAddr().String()); err == nil {
+		metadata.SrcIP = ip
+		metadata.SrcPort = port
+	}
+
 	return &SocketAdapter{
-		conn:     conn,
-		metadata: parseSocksAddr(target),
+		Conn:     conn,
+		metadata: metadata,
 	}
 }
--- a/adapters/inbound/util.go
+++ b/adapters/inbound/util.go
@ -1,41 +1,36 @@
-package adapters
+package inbound

 import (
 	"net"
 	"net/http"
 	"strconv"
+	"strings"

+	"github.com/Dreamacro/clash/component/socks5"
 	C "github.com/Dreamacro/clash/constant"
-	"github.com/Dreamacro/go-shadowsocks2/socks"
 )

-func parseSocksAddr(target socks.Addr) *C.Metadata {
-	var host, port string
-	var ip net.IP
+func parseSocksAddr(target socks5.Addr) *C.Metadata {
+	metadata := &C.Metadata{
+		AddrType: int(target[0]),
+	}

 	switch target[0] {
-	case socks.AtypDomainName:
-		host = string(target[2 : 2+target[1]])
-		port = strconv.Itoa((int(target[2+target[1]]) << 8) | int(target[2+target[1]+1]))
-		ipAddr, err := net.ResolveIPAddr("ip", host)
-		if err == nil {
-			ip = ipAddr.IP
-		}
-	case socks.AtypIPv4:
-		ip = net.IP(target[1 : 1+net.IPv4len])
-		port = strconv.Itoa((int(target[1+net.IPv4len]) << 8) | int(target[1+net.IPv4len+1]))
-	case socks.AtypIPv6:
-		ip = net.IP(target[1 : 1+net.IPv6len])
-		port = strconv.Itoa((int(target[1+net.IPv6len]) << 8) | int(target[1+net.IPv6len+1]))
+	case socks5.AtypDomainName:
+		// trim for FQDN
+		metadata.Host = strings.TrimRight(string(target[2:2+target[1]]), ".")
+		metadata.DstPort = strconv.Itoa((int(target[2+target[1]]) << 8) | int(target[2+target[1]+1]))
+	case socks5.AtypIPv4:
+		ip := net.IP(target[1 : 1+net.IPv4len])
+		metadata.DstIP = ip
+		metadata.DstPort = strconv.Itoa((int(target[1+net.IPv4len]) << 8) | int(target[1+net.IPv4len+1]))
+	case socks5.AtypIPv6:
+		ip := net.IP(target[1 : 1+net.IPv6len])
+		metadata.DstIP = ip
+		metadata.DstPort = strconv.Itoa((int(target[1+net.IPv6len]) << 8) | int(target[1+net.IPv6len+1]))
 	}

-	return &C.Metadata{
-		NetWork:  C.TCP,
-		AddrType: int(target[0]),
-		Host:     host,
-		IP:       &ip,
-		Port:     port,
-	}
+	return metadata
 }

 func parseHTTPAddr(request *http.Request) *C.Metadata {
@ -44,28 +39,38 @@ func parseHTTPAddr(request *http.Request) *C.Metadata {
 	if port == "" {
 		port = "80"
 	}
-	ipAddr, err := net.ResolveIPAddr("ip", host)
-	var resolveIP *net.IP
-	if err == nil {
-		resolveIP = &ipAddr.IP
-	}

-	var addType int
-	ip := net.ParseIP(host)
-	switch {
-	case ip == nil:
-		addType = socks.AtypDomainName
-	case ip.To4() == nil:
-		addType = socks.AtypIPv6
-	default:
-		addType = socks.AtypIPv4
-	}
+	// trim FQDN (#737)
+	host = strings.TrimRight(host, ".")

-	return &C.Metadata{
+	metadata := &C.Metadata{
 		NetWork:  C.TCP,
-		AddrType: addType,
+		AddrType: C.AtypDomainName,
 		Host:     host,
-		IP:       resolveIP,
-		Port:     port,
+		DstIP:    nil,
+		DstPort:  port,
 	}
+
+	ip := net.ParseIP(host)
+	if ip != nil {
+		switch {
+		case ip.To4() == nil:
+			metadata.AddrType = C.AtypIPv6
+		default:
+			metadata.AddrType = C.AtypIPv4
+		}
+		metadata.DstIP = ip
+	}
+
+	return metadata
+}
+
+func parseAddr(addr string) (net.IP, string, error) {
+	host, port, err := net.SplitHostPort(addr)
+	if err != nil {
+		return nil, "", err
+	}
+
+	ip := net.ParseIP(host)
+	return ip, port, nil
 }
--- a/adapters/outbound/base.go
+++ b/adapters/outbound/base.go
@ -0,0 +1,227 @@
+package outbound
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"net"
+	"net/http"
+	"sync/atomic"
+	"time"
+
+	"github.com/Dreamacro/clash/common/queue"
+	C "github.com/Dreamacro/clash/constant"
+)
+
+var (
+	defaultURLTestTimeout = time.Second * 5
+)
+
+type Base struct {
+	name string
+	addr string
+	tp   C.AdapterType
+	udp  bool
+}
+
+func (b *Base) Name() string {
+	return b.name
+}
+
+func (b *Base) Type() C.AdapterType {
+	return b.tp
+}
+
+func (b *Base) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+	return c, errors.New("no support")
+}
+
+func (b *Base) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
+	return nil, errors.New("no support")
+}
+
+func (b *Base) SupportUDP() bool {
+	return b.udp
+}
+
+func (b *Base) MarshalJSON() ([]byte, error) {
+	return json.Marshal(map[string]string{
+		"type": b.Type().String(),
+	})
+}
+
+func (b *Base) Addr() string {
+	return b.addr
+}
+
+func (b *Base) Unwrap(metadata *C.Metadata) C.Proxy {
+	return nil
+}
+
+func NewBase(name string, addr string, tp C.AdapterType, udp bool) *Base {
+	return &Base{name, addr, tp, udp}
+}
+
+type conn struct {
+	net.Conn
+	chain C.Chain
+}
+
+func (c *conn) Chains() C.Chain {
+	return c.chain
+}
+
+func (c *conn) AppendToChains(a C.ProxyAdapter) {
+	c.chain = append(c.chain, a.Name())
+}
+
+func NewConn(c net.Conn, a C.ProxyAdapter) C.Conn {
+	return &conn{c, []string{a.Name()}}
+}
+
+type packetConn struct {
+	net.PacketConn
+	chain C.Chain
+}
+
+func (c *packetConn) Chains() C.Chain {
+	return c.chain
+}
+
+func (c *packetConn) AppendToChains(a C.ProxyAdapter) {
+	c.chain = append(c.chain, a.Name())
+}
+
+func newPacketConn(pc net.PacketConn, a C.ProxyAdapter) C.PacketConn {
+	return &packetConn{pc, []string{a.Name()}}
+}
+
+type Proxy struct {
+	C.ProxyAdapter
+	history *queue.Queue
+	alive   uint32
+}
+
+func (p *Proxy) Alive() bool {
+	return atomic.LoadUint32(&p.alive) > 0
+}
+
+func (p *Proxy) Dial(metadata *C.Metadata) (C.Conn, error) {
+	ctx, cancel := context.WithTimeout(context.Background(), tcpTimeout)
+	defer cancel()
+	return p.DialContext(ctx, metadata)
+}
+
+func (p *Proxy) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
+	conn, err := p.ProxyAdapter.DialContext(ctx, metadata)
+	if err != nil {
+		atomic.StoreUint32(&p.alive, 0)
+	}
+	return conn, err
+}
+
+func (p *Proxy) DelayHistory() []C.DelayHistory {
+	queue := p.history.Copy()
+	histories := []C.DelayHistory{}
+	for _, item := range queue {
+		histories = append(histories, item.(C.DelayHistory))
+	}
+	return histories
+}
+
+// LastDelay return last history record. if proxy is not alive, return the max value of uint16.
+func (p *Proxy) LastDelay() (delay uint16) {
+	var max uint16 = 0xffff
+	if atomic.LoadUint32(&p.alive) == 0 {
+		return max
+	}
+
+	last := p.history.Last()
+	if last == nil {
+		return max
+	}
+	history := last.(C.DelayHistory)
+	if history.Delay == 0 {
+		return max
+	}
+	return history.Delay
+}
+
+func (p *Proxy) MarshalJSON() ([]byte, error) {
+	inner, err := p.ProxyAdapter.MarshalJSON()
+	if err != nil {
+		return inner, err
+	}
+
+	mapping := map[string]interface{}{}
+	json.Unmarshal(inner, &mapping)
+	mapping["history"] = p.DelayHistory()
+	mapping["name"] = p.Name()
+	return json.Marshal(mapping)
+}
+
+// URLTest get the delay for the specified URL
+func (p *Proxy) URLTest(ctx context.Context, url string) (t uint16, err error) {
+	defer func() {
+		if err == nil {
+			atomic.StoreUint32(&p.alive, 1)
+		} else {
+			atomic.StoreUint32(&p.alive, 0)
+		}
+		record := C.DelayHistory{Time: time.Now()}
+		if err == nil {
+			record.Delay = t
+		}
+		p.history.Put(record)
+		if p.history.Len() > 10 {
+			p.history.Pop()
+		}
+	}()
+
+	addr, err := urlToMetadata(url)
+	if err != nil {
+		return
+	}
+
+	start := time.Now()
+	instance, err := p.DialContext(ctx, &addr)
+	if err != nil {
+		return
+	}
+	defer instance.Close()
+
+	req, err := http.NewRequest(http.MethodHead, url, nil)
+	if err != nil {
+		return
+	}
+	req = req.WithContext(ctx)
+
+	transport := &http.Transport{
+		Dial: func(string, string) (net.Conn, error) {
+			return instance, nil
+		},
+		// from http.DefaultTransport
+		MaxIdleConns:          100,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+	}
+
+	client := http.Client{
+		Transport: transport,
+		CheckRedirect: func(req *http.Request, via []*http.Request) error {
+			return http.ErrUseLastResponse
+		},
+	}
+	resp, err := client.Do(req)
+	if err != nil {
+		return
+	}
+	resp.Body.Close()
+	t = uint16(time.Since(start) / time.Millisecond)
+	return
+}
+
+func NewProxy(adapter C.ProxyAdapter) *Proxy {
+	return &Proxy{adapter, queue.New(10), 1}
+}
--- a/adapters/outbound/direct.go
+++ b/adapters/outbound/direct.go
@ -1,45 +1,46 @@
-package adapters
+package outbound

 import (
+	"context"
 	"net"

+	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 )

-// DirectAdapter is a directly connected adapter
-type DirectAdapter struct {
-	conn net.Conn
+type Direct struct {
+	*Base
 }

-// Close is used to close connection
-func (d *DirectAdapter) Close() {
-	d.conn.Close()
-}
+func (d *Direct) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
+	address := net.JoinHostPort(metadata.String(), metadata.DstPort)

-// Conn is used to http request
-func (d *DirectAdapter) Conn() net.Conn {
-	return d.conn
-}
-
-type Direct struct{}
-
-func (d *Direct) Name() string {
-	return "Direct"
-}
-
-func (d *Direct) Type() C.AdapterType {
-	return C.Direct
-}
-
-func (d *Direct) Generator(metadata *C.Metadata) (adapter C.ProxyAdapter, err error) {
-	c, err := net.Dial("tcp", net.JoinHostPort(metadata.String(), metadata.Port))
+	c, err := dialer.DialContext(ctx, "tcp", address)
 	if err != nil {
-		return
+		return nil, err
 	}
 	tcpKeepAlive(c)
-	return &DirectAdapter{conn: c}, nil
+	return NewConn(c, d), nil
+}
+
+func (d *Direct) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
+	pc, err := dialer.ListenPacket("udp", "")
+	if err != nil {
+		return nil, err
+	}
+	return newPacketConn(&directPacketConn{pc}, d), nil
+}
+
+type directPacketConn struct {
+	net.PacketConn
 }

 func NewDirect() *Direct {
-	return &Direct{}
+	return &Direct{
+		Base: &Base{
+			name: "DIRECT",
+			tp:   C.Direct,
+			udp:  true,
+		},
+	}
 }
--- a/adapters/outbound/fallback.go
+++ b/adapters/outbound/fallback.go
@ -1,136 +0,0 @@
-package adapters
-
-import (
-	"errors"
-	"sync"
-	"time"
-
-	C "github.com/Dreamacro/clash/constant"
-)
-
-type proxy struct {
-	RawProxy C.Proxy
-	Valid    bool
-}
-
-type Fallback struct {
-	name     string
-	proxies  []*proxy
-	rawURL   string
-	interval time.Duration
-	done     chan struct{}
-}
-
-type FallbackOption struct {
-	Name     string   `proxy:"name"`
-	Proxies  []string `proxy:"proxies"`
-	URL      string   `proxy:"url"`
-	Interval int      `proxy:"interval"`
-}
-
-func (f *Fallback) Name() string {
-	return f.name
-}
-
-func (f *Fallback) Type() C.AdapterType {
-	return C.Fallback
-}
-
-func (f *Fallback) Now() string {
-	_, proxy := f.findNextValidProxy(0)
-	if proxy != nil {
-		return proxy.RawProxy.Name()
-	}
-	return f.proxies[0].RawProxy.Name()
-}
-
-func (f *Fallback) Generator(metadata *C.Metadata) (adapter C.ProxyAdapter, err error) {
-	idx := 0
-	var proxy *proxy
-	for {
-		idx, proxy = f.findNextValidProxy(idx)
-		if proxy == nil {
-			break
-		}
-		adapter, err = proxy.RawProxy.Generator(metadata)
-		if err != nil {
-			proxy.Valid = false
-			idx++
-			continue
-		}
-		return
-	}
-	return f.proxies[0].RawProxy.Generator(metadata)
-}
-
-func (f *Fallback) Close() {
-	f.done <- struct{}{}
-}
-
-func (f *Fallback) loop() {
-	tick := time.NewTicker(f.interval)
-	go f.validTest()
-Loop:
-	for {
-		select {
-		case <-tick.C:
-			go f.validTest()
-		case <-f.done:
-			break Loop
-		}
-	}
-}
-
-func (f *Fallback) findNextValidProxy(start int) (int, *proxy) {
-	for i := start; i < len(f.proxies); i++ {
-		if f.proxies[i].Valid {
-			return i, f.proxies[i]
-		}
-	}
-	return -1, nil
-}
-
-func (f *Fallback) validTest() {
-	wg := sync.WaitGroup{}
-	wg.Add(len(f.proxies))
-
-	for _, p := range f.proxies {
-		go func(p *proxy) {
-			_, err := DelayTest(p.RawProxy, f.rawURL)
-			p.Valid = err == nil
-			wg.Done()
-		}(p)
-	}
-
-	wg.Wait()
-}
-
-func NewFallback(option FallbackOption, proxies []C.Proxy) (*Fallback, error) {
-	_, err := urlToMetadata(option.URL)
-	if err != nil {
-		return nil, err
-	}
-
-	if len(proxies) < 1 {
-		return nil, errors.New("The number of proxies cannot be 0")
-	}
-
-	interval := time.Duration(option.Interval) * time.Second
-	warpperProxies := make([]*proxy, len(proxies))
-	for idx := range proxies {
-		warpperProxies[idx] = &proxy{
-			RawProxy: proxies[idx],
-			Valid:    true,
-		}
-	}
-
-	Fallback := &Fallback{
-		name:     option.Name,
-		proxies:  warpperProxies,
-		rawURL:   option.URL,
-		interval: interval,
-		done:     make(chan struct{}),
-	}
-	go Fallback.loop()
-	return Fallback, nil
-}
--- a/adapters/outbound/http.go
+++ b/adapters/outbound/http.go
@ -0,0 +1,134 @@
+package outbound
+
+import (
+	"bufio"
+	"context"
+	"crypto/tls"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"net/url"
+	"strconv"
+
+	"github.com/Dreamacro/clash/component/dialer"
+	C "github.com/Dreamacro/clash/constant"
+)
+
+type Http struct {
+	*Base
+	user      string
+	pass      string
+	tlsConfig *tls.Config
+}
+
+type HttpOption struct {
+	Name           string `proxy:"name"`
+	Server         string `proxy:"server"`
+	Port           int    `proxy:"port"`
+	UserName       string `proxy:"username,omitempty"`
+	Password       string `proxy:"password,omitempty"`
+	TLS            bool   `proxy:"tls,omitempty"`
+	SkipCertVerify bool   `proxy:"skip-cert-verify,omitempty"`
+}
+
+func (h *Http) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+	if h.tlsConfig != nil {
+		cc := tls.Client(c, h.tlsConfig)
+		err := cc.Handshake()
+		c = cc
+		if err != nil {
+			return nil, fmt.Errorf("%s connect error: %w", h.addr, err)
+		}
+	}
+
+	if err := h.shakeHand(metadata, c); err != nil {
+		return nil, err
+	}
+	return c, nil
+}
+
+func (h *Http) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
+	c, err := dialer.DialContext(ctx, "tcp", h.addr)
+	if err != nil {
+		return nil, fmt.Errorf("%s connect error: %w", h.addr, err)
+	}
+	tcpKeepAlive(c)
+
+	c, err = h.StreamConn(c, metadata)
+	if err != nil {
+		return nil, err
+	}
+
+	return NewConn(c, h), nil
+}
+
+func (h *Http) shakeHand(metadata *C.Metadata, rw io.ReadWriter) error {
+	addr := metadata.RemoteAddress()
+	req := &http.Request{
+		Method: http.MethodConnect,
+		URL: &url.URL{
+			Host: addr,
+		},
+		Host: addr,
+		Header: http.Header{
+			"Proxy-Connection": []string{"Keep-Alive"},
+		},
+	}
+
+	if h.user != "" && h.pass != "" {
+		auth := h.user + ":" + h.pass
+		req.Header.Add("Proxy-Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(auth)))
+	}
+
+	if err := req.Write(rw); err != nil {
+		return err
+	}
+
+	resp, err := http.ReadResponse(bufio.NewReader(rw), req)
+	if err != nil {
+		return err
+	}
+
+	if resp.StatusCode == http.StatusOK {
+		return nil
+	}
+
+	if resp.StatusCode == http.StatusProxyAuthRequired {
+		return errors.New("HTTP need auth")
+	}
+
+	if resp.StatusCode == http.StatusMethodNotAllowed {
+		return errors.New("CONNECT method not allowed by proxy")
+	}
+
+	if resp.StatusCode >= http.StatusInternalServerError {
+		return errors.New(resp.Status)
+	}
+
+	return fmt.Errorf("can not connect remote err code: %d", resp.StatusCode)
+}
+
+func NewHttp(option HttpOption) *Http {
+	var tlsConfig *tls.Config
+	if option.TLS {
+		tlsConfig = &tls.Config{
+			InsecureSkipVerify: option.SkipCertVerify,
+			ClientSessionCache: getClientSessionCache(),
+			ServerName:         option.Server,
+		}
+	}
+
+	return &Http{
+		Base: &Base{
+			name: option.Name,
+			addr: net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),
+			tp:   C.Http,
+		},
+		user:      option.UserName,
+		pass:      option.Password,
+		tlsConfig: tlsConfig,
+	}
+}
--- a/adapters/outbound/parser.go
+++ b/adapters/outbound/parser.go
@ -0,0 +1,83 @@
+package outbound
+
+import (
+	"fmt"
+
+	"github.com/Dreamacro/clash/common/structure"
+	C "github.com/Dreamacro/clash/constant"
+)
+
+func ParseProxy(mapping map[string]interface{}) (C.Proxy, error) {
+	decoder := structure.NewDecoder(structure.Option{TagName: "proxy", WeaklyTypedInput: true})
+	proxyType, existType := mapping["type"].(string)
+	if !existType {
+		return nil, fmt.Errorf("Missing type")
+	}
+
+	var proxy C.ProxyAdapter
+	err := fmt.Errorf("Cannot parse")
+	switch proxyType {
+	case "ss":
+		ssOption := &ShadowSocksOption{}
+		err = decoder.Decode(mapping, ssOption)
+		if err != nil {
+			break
+		}
+		proxy, err = NewShadowSocks(*ssOption)
+	case "ssr":
+		ssrOption := &ShadowSocksROption{}
+		err = decoder.Decode(mapping, ssrOption)
+		if err != nil {
+			break
+		}
+		proxy, err = NewShadowSocksR(*ssrOption)
+	case "socks5":
+		socksOption := &Socks5Option{}
+		err = decoder.Decode(mapping, socksOption)
+		if err != nil {
+			break
+		}
+		proxy = NewSocks5(*socksOption)
+	case "http":
+		httpOption := &HttpOption{}
+		err = decoder.Decode(mapping, httpOption)
+		if err != nil {
+			break
+		}
+		proxy = NewHttp(*httpOption)
+	case "vmess":
+		vmessOption := &VmessOption{
+			HTTPOpts: HTTPOptions{
+				Method: "GET",
+				Path:   []string{"/"},
+			},
+		}
+		err = decoder.Decode(mapping, vmessOption)
+		if err != nil {
+			break
+		}
+		proxy, err = NewVmess(*vmessOption)
+	case "snell":
+		snellOption := &SnellOption{}
+		err = decoder.Decode(mapping, snellOption)
+		if err != nil {
+			break
+		}
+		proxy, err = NewSnell(*snellOption)
+	case "trojan":
+		trojanOption := &TrojanOption{}
+		err = decoder.Decode(mapping, trojanOption)
+		if err != nil {
+			break
+		}
+		proxy, err = NewTrojan(*trojanOption)
+	default:
+		return nil, fmt.Errorf("Unsupport proxy type: %s", proxyType)
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	return NewProxy(proxy), nil
+}
--- a/adapters/outbound/reject.go
+++ b/adapters/outbound/reject.go
@ -1,6 +1,8 @@
-package adapters
+package outbound

 import (
+	"context"
+	"errors"
 	"io"
 	"net"
 	"time"
@ -8,42 +10,32 @@ import (
 	C "github.com/Dreamacro/clash/constant"
 )

-// RejectAdapter is a reject connected adapter
-type RejectAdapter struct {
-	conn net.Conn
-}
-
-// Close is used to close connection
-func (r *RejectAdapter) Close() {}
-
-// Conn is used to http request
-func (r *RejectAdapter) Conn() net.Conn {
-	return r.conn
-}
-
 type Reject struct {
+	*Base
 }

-func (r *Reject) Name() string {
-	return "Reject"
+func (r *Reject) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
+	return NewConn(&NopConn{}, r), nil
 }

-func (r *Reject) Type() C.AdapterType {
-	return C.Reject
-}
-
-func (r *Reject) Generator(metadata *C.Metadata) (adapter C.ProxyAdapter, err error) {
-	return &RejectAdapter{conn: &NopConn{}}, nil
+func (r *Reject) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
+	return nil, errors.New("match reject rule")
 }

 func NewReject() *Reject {
-	return &Reject{}
+	return &Reject{
+		Base: &Base{
+			name: "REJECT",
+			tp:   C.Reject,
+			udp:  true,
+		},
+	}
 }

 type NopConn struct{}

 func (rw *NopConn) Read(b []byte) (int, error) {
-	return len(b), nil
+	return 0, io.EOF
 }

 func (rw *NopConn) Write(b []byte) (int, error) {
--- a/adapters/outbound/selector.go
+++ b/adapters/outbound/selector.go
@ -1,72 +0,0 @@
-package adapters
-
-import (
-	"errors"
-	"sort"
-
-	C "github.com/Dreamacro/clash/constant"
-)
-
-type Selector struct {
-	name     string
-	selected C.Proxy
-	proxies  map[string]C.Proxy
-}
-
-type SelectorOption struct {
-	Name    string   `proxy:"name"`
-	Proxies []string `proxy:"proxies"`
-}
-
-func (s *Selector) Name() string {
-	return s.name
-}
-
-func (s *Selector) Type() C.AdapterType {
-	return C.Selector
-}
-
-func (s *Selector) Generator(metadata *C.Metadata) (adapter C.ProxyAdapter, err error) {
-	return s.selected.Generator(metadata)
-}
-
-func (s *Selector) Now() string {
-	return s.selected.Name()
-}
-
-func (s *Selector) All() []string {
-	var all []string
-	for k := range s.proxies {
-		all = append(all, k)
-	}
-	sort.Strings(all)
-	return all
-}
-
-func (s *Selector) Set(name string) error {
-	proxy, exist := s.proxies[name]
-	if !exist {
-		return errors.New("Proxy does not exist")
-	}
-	s.selected = proxy
-	return nil
-}
-
-func NewSelector(name string, proxies map[string]C.Proxy) (*Selector, error) {
-	if len(proxies) == 0 {
-		return nil, errors.New("Provide at least one proxy")
-	}
-
-	mapping := make(map[string]C.Proxy)
-	var init string
-	for k, v := range proxies {
-		mapping[k] = v
-		init = k
-	}
-	s := &Selector{
-		name:     name,
-		proxies:  mapping,
-		selected: proxies[init],
-	}
-	return s, nil
-}
--- a/adapters/outbound/shadowsocks.go
+++ b/adapters/outbound/shadowsocks.go
@ -1,116 +1,203 @@
-package adapters
+package outbound

 import (
-	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
 	"fmt"
 	"net"
 	"strconv"

-	"github.com/Dreamacro/clash/component/simple-obfs"
+	"github.com/Dreamacro/clash/common/structure"
+	"github.com/Dreamacro/clash/component/dialer"
+	obfs "github.com/Dreamacro/clash/component/simple-obfs"
+	"github.com/Dreamacro/clash/component/socks5"
+	v2rayObfs "github.com/Dreamacro/clash/component/v2ray-plugin"
 	C "github.com/Dreamacro/clash/constant"

 	"github.com/Dreamacro/go-shadowsocks2/core"
-	"github.com/Dreamacro/go-shadowsocks2/socks"
 )

-// ShadowsocksAdapter is a shadowsocks adapter
-type ShadowsocksAdapter struct {
-	conn net.Conn
-}
-
-// Close is used to close connection
-func (ss *ShadowsocksAdapter) Close() {
-	ss.conn.Close()
-}
-
-func (ss *ShadowsocksAdapter) Conn() net.Conn {
-	return ss.conn
-}
-
 type ShadowSocks struct {
-	server   string
-	name     string
-	obfs     string
-	obfsHost string
-	cipher   core.Cipher
+	*Base
+	cipher core.Cipher
+
+	// obfs
+	obfsMode    string
+	obfsOption  *simpleObfsOption
+	v2rayOption *v2rayObfs.Option
 }

 type ShadowSocksOption struct {
-	Name     string `proxy:"name"`
-	Server   string `proxy:"server"`
-	Port     int    `proxy:"port"`
-	Password string `proxy:"password"`
-	Cipher   string `proxy:"cipher"`
-	Obfs     string `proxy:"obfs,omitempty"`
-	ObfsHost string `proxy:"obfs-host,omitempty"`
+	Name       string                 `proxy:"name"`
+	Server     string                 `proxy:"server"`
+	Port       int                    `proxy:"port"`
+	Password   string                 `proxy:"password"`
+	Cipher     string                 `proxy:"cipher"`
+	UDP        bool                   `proxy:"udp,omitempty"`
+	Plugin     string                 `proxy:"plugin,omitempty"`
+	PluginOpts map[string]interface{} `proxy:"plugin-opts,omitempty"`
 }

-func (ss *ShadowSocks) Name() string {
-	return ss.name
+type simpleObfsOption struct {
+	Mode string `obfs:"mode"`
+	Host string `obfs:"host,omitempty"`
 }

-func (ss *ShadowSocks) Type() C.AdapterType {
-	return C.Shadowsocks
+type v2rayObfsOption struct {
+	Mode           string            `obfs:"mode"`
+	Host           string            `obfs:"host,omitempty"`
+	Path           string            `obfs:"path,omitempty"`
+	TLS            bool              `obfs:"tls,omitempty"`
+	Headers        map[string]string `obfs:"headers,omitempty"`
+	SkipCertVerify bool              `obfs:"skip-cert-verify,omitempty"`
+	Mux            bool              `obfs:"mux,omitempty"`
 }

-func (ss *ShadowSocks) Generator(metadata *C.Metadata) (adapter C.ProxyAdapter, err error) {
-	c, err := net.Dial("tcp", ss.server)
-	if err != nil {
-		return nil, fmt.Errorf("%s connect error", ss.server)
-	}
-	tcpKeepAlive(c)
-	switch ss.obfs {
+func (ss *ShadowSocks) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+	switch ss.obfsMode {
 	case "tls":
-		c = obfs.NewTLSObfs(c, ss.obfsHost)
+		c = obfs.NewTLSObfs(c, ss.obfsOption.Host)
 	case "http":
-		_, port, _ := net.SplitHostPort(ss.server)
-		c = obfs.NewHTTPObfs(c, ss.obfsHost, port)
+		_, port, _ := net.SplitHostPort(ss.addr)
+		c = obfs.NewHTTPObfs(c, ss.obfsOption.Host, port)
+	case "websocket":
+		var err error
+		c, err = v2rayObfs.NewV2rayObfs(c, ss.v2rayOption)
+		if err != nil {
+			return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
+		}
 	}
 	c = ss.cipher.StreamConn(c)
-	_, err = c.Write(serializesSocksAddr(metadata))
-	return &ShadowsocksAdapter{conn: c}, err
+	_, err := c.Write(serializesSocksAddr(metadata))
+	return c, err
+}
+
+func (ss *ShadowSocks) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
+	c, err := dialer.DialContext(ctx, "tcp", ss.addr)
+	if err != nil {
+		return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
+	}
+	tcpKeepAlive(c)
+
+	c, err = ss.StreamConn(c, metadata)
+	return NewConn(c, ss), err
+}
+
+func (ss *ShadowSocks) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
+	pc, err := dialer.ListenPacket("udp", "")
+	if err != nil {
+		return nil, err
+	}
+
+	addr, err := resolveUDPAddr("udp", ss.addr)
+	if err != nil {
+		return nil, err
+	}
+
+	pc = ss.cipher.PacketConn(pc)
+	return newPacketConn(&ssPacketConn{PacketConn: pc, rAddr: addr}, ss), nil
+}
+
+func (ss *ShadowSocks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(map[string]string{
+		"type": ss.Type().String(),
+	})
 }

 func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
-	server := fmt.Sprintf("%s:%d", option.Server, option.Port)
+	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
 	cipher := option.Cipher
 	password := option.Password
 	ciph, err := core.PickCipher(cipher, nil, password)
 	if err != nil {
-		return nil, fmt.Errorf("ss %s initialize error: %s", server, err.Error())
+		return nil, fmt.Errorf("ss %s initialize error: %w", addr, err)
 	}

-	obfs := option.Obfs
-	obfsHost := "bing.com"
-	if option.ObfsHost != "" {
-		obfsHost = option.ObfsHost
+	var v2rayOption *v2rayObfs.Option
+	var obfsOption *simpleObfsOption
+	obfsMode := ""
+
+	decoder := structure.NewDecoder(structure.Option{TagName: "obfs", WeaklyTypedInput: true})
+	if option.Plugin == "obfs" {
+		opts := simpleObfsOption{Host: "bing.com"}
+		if err := decoder.Decode(option.PluginOpts, &opts); err != nil {
+			return nil, fmt.Errorf("ss %s initialize obfs error: %w", addr, err)
+		}
+
+		if opts.Mode != "tls" && opts.Mode != "http" {
+			return nil, fmt.Errorf("ss %s obfs mode error: %s", addr, opts.Mode)
+		}
+		obfsMode = opts.Mode
+		obfsOption = &opts
+	} else if option.Plugin == "v2ray-plugin" {
+		opts := v2rayObfsOption{Host: "bing.com", Mux: true}
+		if err := decoder.Decode(option.PluginOpts, &opts); err != nil {
+			return nil, fmt.Errorf("ss %s initialize v2ray-plugin error: %w", addr, err)
+		}
+
+		if opts.Mode != "websocket" {
+			return nil, fmt.Errorf("ss %s obfs mode error: %s", addr, opts.Mode)
+		}
+		obfsMode = opts.Mode
+		v2rayOption = &v2rayObfs.Option{
+			Host:    opts.Host,
+			Path:    opts.Path,
+			Headers: opts.Headers,
+			Mux:     opts.Mux,
+		}
+
+		if opts.TLS {
+			v2rayOption.TLS = true
+			v2rayOption.SkipCertVerify = opts.SkipCertVerify
+			v2rayOption.SessionCache = getClientSessionCache()
+		}
 	}

 	return &ShadowSocks{
-		server:   server,
-		name:     option.Name,
-		cipher:   ciph,
-		obfs:     obfs,
-		obfsHost: obfsHost,
+		Base: &Base{
+			name: option.Name,
+			addr: addr,
+			tp:   C.Shadowsocks,
+			udp:  option.UDP,
+		},
+		cipher: ciph,
+
+		obfsMode:    obfsMode,
+		v2rayOption: v2rayOption,
+		obfsOption:  obfsOption,
 	}, nil
 }

-func serializesSocksAddr(metadata *C.Metadata) []byte {
-	var buf [][]byte
-	aType := uint8(metadata.AddrType)
-	p, _ := strconv.Atoi(metadata.Port)
-	port := []byte{uint8(p >> 8), uint8(p & 0xff)}
-	switch metadata.AddrType {
-	case socks.AtypDomainName:
-		len := uint8(len(metadata.Host))
-		host := []byte(metadata.Host)
-		buf = [][]byte{{aType, len}, host, port}
-	case socks.AtypIPv4:
-		host := metadata.IP.To4()
-		buf = [][]byte{{aType}, host, port}
-	case socks.AtypIPv6:
-		host := metadata.IP.To16()
-		buf = [][]byte{{aType}, host, port}
-	}
-	return bytes.Join(buf, nil)
+type ssPacketConn struct {
+	net.PacketConn
+	rAddr net.Addr
+}
+
+func (spc *ssPacketConn) WriteTo(b []byte, addr net.Addr) (n int, err error) {
+	packet, err := socks5.EncodeUDPPacket(socks5.ParseAddrToSocksAddr(addr), b)
+	if err != nil {
+		return
+	}
+	return spc.PacketConn.WriteTo(packet[3:], spc.rAddr)
+}
+
+func (spc *ssPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
+	n, _, e := spc.PacketConn.ReadFrom(b)
+	if e != nil {
+		return 0, nil, e
+	}
+
+	addr := socks5.SplitAddr(b[:n])
+	if addr == nil {
+		return 0, nil, errors.New("parse addr error")
+	}
+
+	udpAddr := addr.UDPAddr()
+	if udpAddr == nil {
+		return 0, nil, errors.New("parse addr error")
+	}
+
+	copy(b, b[len(addr):])
+	return n - len(addr), udpAddr, e
 }
--- a/adapters/outbound/shadowsocksr.go
+++ b/adapters/outbound/shadowsocksr.go
@ -0,0 +1,134 @@
+package outbound
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net"
+	"strconv"
+
+	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/component/ssr/obfs"
+	"github.com/Dreamacro/clash/component/ssr/protocol"
+	C "github.com/Dreamacro/clash/constant"
+	"github.com/Dreamacro/go-shadowsocks2/core"
+	"github.com/Dreamacro/go-shadowsocks2/shadowstream"
+)
+
+type ShadowSocksR struct {
+	*Base
+	cipher   *core.StreamCipher
+	obfs     obfs.Obfs
+	protocol protocol.Protocol
+}
+
+type ShadowSocksROption struct {
+	Name          string `proxy:"name"`
+	Server        string `proxy:"server"`
+	Port          int    `proxy:"port"`
+	Password      string `proxy:"password"`
+	Cipher        string `proxy:"cipher"`
+	Obfs          string `proxy:"obfs"`
+	ObfsParam     string `proxy:"obfs-param,omitempty"`
+	Protocol      string `proxy:"protocol"`
+	ProtocolParam string `proxy:"protocol-param,omitempty"`
+	UDP           bool   `proxy:"udp,omitempty"`
+}
+
+func (ssr *ShadowSocksR) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+	c = obfs.NewConn(c, ssr.obfs)
+	c = ssr.cipher.StreamConn(c)
+	conn, ok := c.(*shadowstream.Conn)
+	if !ok {
+		return nil, fmt.Errorf("invalid connection type")
+	}
+	iv, err := conn.ObtainWriteIV()
+	if err != nil {
+		return nil, err
+	}
+	c = protocol.NewConn(c, ssr.protocol, iv)
+	_, err = c.Write(serializesSocksAddr(metadata))
+	return c, err
+}
+
+func (ssr *ShadowSocksR) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
+	c, err := dialer.DialContext(ctx, "tcp", ssr.addr)
+	if err != nil {
+		return nil, fmt.Errorf("%s connect error: %w", ssr.addr, err)
+	}
+	tcpKeepAlive(c)
+
+	c, err = ssr.StreamConn(c, metadata)
+	return NewConn(c, ssr), err
+}
+
+func (ssr *ShadowSocksR) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
+	pc, err := dialer.ListenPacket("udp", "")
+	if err != nil {
+		return nil, err
+	}
+
+	addr, err := resolveUDPAddr("udp", ssr.addr)
+	if err != nil {
+		return nil, err
+	}
+
+	pc = ssr.cipher.PacketConn(pc)
+	pc = protocol.NewPacketConn(pc, ssr.protocol)
+	return newPacketConn(&ssPacketConn{PacketConn: pc, rAddr: addr}, ssr), nil
+}
+
+func (ssr *ShadowSocksR) MarshalJSON() ([]byte, error) {
+	return json.Marshal(map[string]string{
+		"type": ssr.Type().String(),
+	})
+}
+
+func NewShadowSocksR(option ShadowSocksROption) (*ShadowSocksR, error) {
+	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
+	cipher := option.Cipher
+	password := option.Password
+	coreCiph, err := core.PickCipher(cipher, nil, password)
+	if err != nil {
+		return nil, fmt.Errorf("ssr %s initialize cipher error: %w", addr, err)
+	}
+	ciph, ok := coreCiph.(*core.StreamCipher)
+	if !ok {
+		return nil, fmt.Errorf("%s is not a supported stream cipher in ssr", cipher)
+	}
+
+	obfs, err := obfs.PickObfs(option.Obfs, &obfs.Base{
+		IVSize:  ciph.IVSize(),
+		Key:     ciph.Key,
+		HeadLen: 30,
+		Host:    option.Server,
+		Port:    option.Port,
+		Param:   option.ObfsParam,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("ssr %s initialize obfs error: %w", addr, err)
+	}
+
+	protocol, err := protocol.PickProtocol(option.Protocol, &protocol.Base{
+		IV:     nil,
+		Key:    ciph.Key,
+		TCPMss: 1460,
+		Param:  option.ProtocolParam,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("ssr %s initialize protocol error: %w", addr, err)
+	}
+	protocol.SetOverhead(obfs.GetObfsOverhead() + protocol.GetProtocolOverhead())
+
+	return &ShadowSocksR{
+		Base: &Base{
+			name: option.Name,
+			addr: addr,
+			tp:   C.ShadowsocksR,
+			udp:  option.UDP,
+		},
+		cipher:   ciph,
+		obfs:     obfs,
+		protocol: protocol,
+	}, nil
+}
--- a/adapters/outbound/snell.go
+++ b/adapters/outbound/snell.go
@ -0,0 +1,78 @@
+package outbound
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"strconv"
+
+	"github.com/Dreamacro/clash/common/structure"
+	"github.com/Dreamacro/clash/component/dialer"
+	obfs "github.com/Dreamacro/clash/component/simple-obfs"
+	"github.com/Dreamacro/clash/component/snell"
+	C "github.com/Dreamacro/clash/constant"
+)
+
+type Snell struct {
+	*Base
+	psk        []byte
+	obfsOption *simpleObfsOption
+}
+
+type SnellOption struct {
+	Name     string                 `proxy:"name"`
+	Server   string                 `proxy:"server"`
+	Port     int                    `proxy:"port"`
+	Psk      string                 `proxy:"psk"`
+	ObfsOpts map[string]interface{} `proxy:"obfs-opts,omitempty"`
+}
+
+func (s *Snell) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+	switch s.obfsOption.Mode {
+	case "tls":
+		c = obfs.NewTLSObfs(c, s.obfsOption.Host)
+	case "http":
+		_, port, _ := net.SplitHostPort(s.addr)
+		c = obfs.NewHTTPObfs(c, s.obfsOption.Host, port)
+	}
+	c = snell.StreamConn(c, s.psk)
+	port, _ := strconv.Atoi(metadata.DstPort)
+	err := snell.WriteHeader(c, metadata.String(), uint(port))
+	return c, err
+}
+
+func (s *Snell) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
+	c, err := dialer.DialContext(ctx, "tcp", s.addr)
+	if err != nil {
+		return nil, fmt.Errorf("%s connect error: %w", s.addr, err)
+	}
+	tcpKeepAlive(c)
+
+	c, err = s.StreamConn(c, metadata)
+	return NewConn(c, s), err
+}
+
+func NewSnell(option SnellOption) (*Snell, error) {
+	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
+	psk := []byte(option.Psk)
+
+	decoder := structure.NewDecoder(structure.Option{TagName: "obfs", WeaklyTypedInput: true})
+	obfsOption := &simpleObfsOption{Host: "bing.com"}
+	if err := decoder.Decode(option.ObfsOpts, obfsOption); err != nil {
+		return nil, fmt.Errorf("snell %s initialize obfs error: %w", addr, err)
+	}
+
+	if obfsOption.Mode != "tls" && obfsOption.Mode != "http" {
+		return nil, fmt.Errorf("snell %s obfs mode error: %s", addr, obfsOption.Mode)
+	}
+
+	return &Snell{
+		Base: &Base{
+			name: option.Name,
+			addr: addr,
+			tp:   C.Snell,
+		},
+		psk:        psk,
+		obfsOption: obfsOption,
+	}, nil
+}
--- a/adapters/outbound/socks5.go
+++ b/adapters/outbound/socks5.go
@ -1,96 +1,190 @@
-package adapters
+package outbound

 import (
-	"bytes"
+	"context"
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"net"
+	"strconv"

+	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/component/socks5"
 	C "github.com/Dreamacro/clash/constant"
-
-	"github.com/Dreamacro/go-shadowsocks2/socks"
 )

-// Socks5Adapter is a shadowsocks adapter
-type Socks5Adapter struct {
-	conn net.Conn
-}
-
-// Close is used to close connection
-func (ss *Socks5Adapter) Close() {
-	ss.conn.Close()
-}
-
-func (ss *Socks5Adapter) Conn() net.Conn {
-	return ss.conn
-}
-
 type Socks5 struct {
-	addr string
-	name string
+	*Base
+	user           string
+	pass           string
+	tls            bool
+	skipCertVerify bool
+	tlsConfig      *tls.Config
 }

 type Socks5Option struct {
-	Name   string `proxy:"name"`
-	Server string `proxy:"server"`
-	Port   int    `proxy:"port"`
+	Name           string `proxy:"name"`
+	Server         string `proxy:"server"`
+	Port           int    `proxy:"port"`
+	UserName       string `proxy:"username,omitempty"`
+	Password       string `proxy:"password,omitempty"`
+	TLS            bool   `proxy:"tls,omitempty"`
+	UDP            bool   `proxy:"udp,omitempty"`
+	SkipCertVerify bool   `proxy:"skip-cert-verify,omitempty"`
 }

-func (ss *Socks5) Name() string {
-	return ss.name
-}
-
-func (ss *Socks5) Type() C.AdapterType {
-	return C.Socks5
-}
-
-func (ss *Socks5) Generator(metadata *C.Metadata) (adapter C.ProxyAdapter, err error) {
-	c, err := net.Dial("tcp", ss.addr)
-	if err != nil {
-		return nil, fmt.Errorf("%s connect error", ss.addr)
+func (ss *Socks5) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+	if ss.tls {
+		cc := tls.Client(c, ss.tlsConfig)
+		err := cc.Handshake()
+		c = cc
+		if err != nil {
+			return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
+		}
 	}
-	tcpKeepAlive(c)
-	if err := ss.shakeHand(metadata, c); err != nil {
+
+	var user *socks5.User
+	if ss.user != "" {
+		user = &socks5.User{
+			Username: ss.user,
+			Password: ss.pass,
+		}
+	}
+	if _, err := socks5.ClientHandshake(c, serializesSocksAddr(metadata), socks5.CmdConnect, user); err != nil {
 		return nil, err
 	}
-	return &Socks5Adapter{conn: c}, nil
+	return c, nil
 }

-func (ss *Socks5) shakeHand(metadata *C.Metadata, rw io.ReadWriter) error {
-	buf := make([]byte, socks.MaxAddrLen)
-
-	// VER, CMD, RSV
-	_, err := rw.Write([]byte{5, 1, 0})
+func (ss *Socks5) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
+	c, err := dialer.DialContext(ctx, "tcp", ss.addr)
 	if err != nil {
-		return err
+		return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
+	}
+	tcpKeepAlive(c)
+
+	c, err = ss.StreamConn(c, metadata)
+	if err != nil {
+		return nil, err
 	}

-	if _, err := io.ReadFull(rw, buf[:2]); err != nil {
-		return err
+	return NewConn(c, ss), nil
+}
+
+func (ss *Socks5) DialUDP(metadata *C.Metadata) (_ C.PacketConn, err error) {
+	ctx, cancel := context.WithTimeout(context.Background(), tcpTimeout)
+	defer cancel()
+	c, err := dialer.DialContext(ctx, "tcp", ss.addr)
+	if err != nil {
+		err = fmt.Errorf("%s connect error: %w", ss.addr, err)
+		return
 	}

-	if buf[0] != 5 {
-		return errors.New("SOCKS version error")
-	} else if buf[1] != 0 {
-		return errors.New("SOCKS need auth")
+	if ss.tls {
+		cc := tls.Client(c, ss.tlsConfig)
+		err = cc.Handshake()
+		c = cc
 	}

-	// VER, CMD, RSV, ADDR
-	if _, err := rw.Write(bytes.Join([][]byte{{5, 1, 0}, serializesSocksAddr(metadata)}, []byte(""))); err != nil {
-		return err
+	defer func() {
+		if err != nil {
+			c.Close()
+		}
+	}()
+
+	tcpKeepAlive(c)
+	var user *socks5.User
+	if ss.user != "" {
+		user = &socks5.User{
+			Username: ss.user,
+			Password: ss.pass,
+		}
 	}

-	if _, err := io.ReadFull(rw, buf[:10]); err != nil {
-		return err
+	bindAddr, err := socks5.ClientHandshake(c, serializesSocksAddr(metadata), socks5.CmdUDPAssociate, user)
+	if err != nil {
+		err = fmt.Errorf("client hanshake error: %w", err)
+		return
 	}

-	return nil
+	pc, err := dialer.ListenPacket("udp", "")
+	if err != nil {
+		return
+	}
+
+	go func() {
+		io.Copy(ioutil.Discard, c)
+		c.Close()
+		// A UDP association terminates when the TCP connection that the UDP
+		// ASSOCIATE request arrived on terminates. RFC1928
+		pc.Close()
+	}()
+
+	return newPacketConn(&socksPacketConn{PacketConn: pc, rAddr: bindAddr.UDPAddr(), tcpConn: c}, ss), nil
 }

 func NewSocks5(option Socks5Option) *Socks5 {
+	var tlsConfig *tls.Config
+	if option.TLS {
+		tlsConfig = &tls.Config{
+			InsecureSkipVerify: option.SkipCertVerify,
+			ClientSessionCache: getClientSessionCache(),
+			ServerName:         option.Server,
+		}
+	}
+
 	return &Socks5{
-		addr: fmt.Sprintf("%s:%d", option.Server, option.Port),
-		name: option.Name,
+		Base: &Base{
+			name: option.Name,
+			addr: net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),
+			tp:   C.Socks5,
+			udp:  option.UDP,
+		},
+		user:           option.UserName,
+		pass:           option.Password,
+		tls:            option.TLS,
+		skipCertVerify: option.SkipCertVerify,
+		tlsConfig:      tlsConfig,
 	}
 }
+
+type socksPacketConn struct {
+	net.PacketConn
+	rAddr   net.Addr
+	tcpConn net.Conn
+}
+
+func (uc *socksPacketConn) WriteTo(b []byte, addr net.Addr) (n int, err error) {
+	packet, err := socks5.EncodeUDPPacket(socks5.ParseAddrToSocksAddr(addr), b)
+	if err != nil {
+		return
+	}
+	return uc.PacketConn.WriteTo(packet, uc.rAddr)
+}
+
+func (uc *socksPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
+	n, _, e := uc.PacketConn.ReadFrom(b)
+	if e != nil {
+		return 0, nil, e
+	}
+	addr, payload, err := socks5.DecodeUDPPacket(b)
+	if err != nil {
+		return 0, nil, err
+	}
+
+	udpAddr := addr.UDPAddr()
+	if udpAddr == nil {
+		return 0, nil, errors.New("parse udp addr error")
+	}
+
+	// due to DecodeUDPPacket is mutable, record addr length
+	copy(b, payload)
+	return n - len(addr) - 3, udpAddr, nil
+}
+
+func (uc *socksPacketConn) Close() error {
+	uc.tcpConn.Close()
+	return uc.PacketConn.Close()
+}
--- a/adapters/outbound/trojan.go
+++ b/adapters/outbound/trojan.go
@ -0,0 +1,107 @@
+package outbound
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net"
+	"strconv"
+
+	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/component/trojan"
+	C "github.com/Dreamacro/clash/constant"
+)
+
+type Trojan struct {
+	*Base
+	instance *trojan.Trojan
+}
+
+type TrojanOption struct {
+	Name           string   `proxy:"name"`
+	Server         string   `proxy:"server"`
+	Port           int      `proxy:"port"`
+	Password       string   `proxy:"password"`
+	ALPN           []string `proxy:"alpn,omitempty"`
+	SNI            string   `proxy:"sni,omitempty"`
+	SkipCertVerify bool     `proxy:"skip-cert-verify,omitempty"`
+	UDP            bool     `proxy:"udp,omitempty"`
+}
+
+func (t *Trojan) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+	c, err := t.instance.StreamConn(c)
+	if err != nil {
+		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
+	}
+
+	err = t.instance.WriteHeader(c, trojan.CommandTCP, serializesSocksAddr(metadata))
+	return c, err
+}
+
+func (t *Trojan) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
+	c, err := dialer.DialContext(ctx, "tcp", t.addr)
+	if err != nil {
+		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
+	}
+	tcpKeepAlive(c)
+	c, err = t.StreamConn(c, metadata)
+	if err != nil {
+		return nil, err
+	}
+
+	return NewConn(c, t), err
+}
+
+func (t *Trojan) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
+	ctx, cancel := context.WithTimeout(context.Background(), tcpTimeout)
+	defer cancel()
+	c, err := dialer.DialContext(ctx, "tcp", t.addr)
+	if err != nil {
+		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
+	}
+	tcpKeepAlive(c)
+	c, err = t.instance.StreamConn(c)
+	if err != nil {
+		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
+	}
+
+	err = t.instance.WriteHeader(c, trojan.CommandUDP, serializesSocksAddr(metadata))
+	if err != nil {
+		return nil, err
+	}
+
+	pc := t.instance.PacketConn(c)
+	return newPacketConn(pc, t), err
+}
+
+func (t *Trojan) MarshalJSON() ([]byte, error) {
+	return json.Marshal(map[string]string{
+		"type": t.Type().String(),
+	})
+}
+
+func NewTrojan(option TrojanOption) (*Trojan, error) {
+	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
+
+	tOption := &trojan.Option{
+		Password:           option.Password,
+		ALPN:               option.ALPN,
+		ServerName:         option.Server,
+		SkipCertVerify:     option.SkipCertVerify,
+		ClientSessionCache: getClientSessionCache(),
+	}
+
+	if option.SNI != "" {
+		tOption.ServerName = option.SNI
+	}
+
+	return &Trojan{
+		Base: &Base{
+			name: option.Name,
+			addr: addr,
+			tp:   C.Trojan,
+			udp:  option.UDP,
+		},
+		instance: trojan.New(tOption),
+	}, nil
+}
--- a/adapters/outbound/urltest.go
+++ b/adapters/outbound/urltest.go
@ -1,114 +0,0 @@
-package adapters
-
-import (
-	"errors"
-	"sync"
-	"time"
-
-	C "github.com/Dreamacro/clash/constant"
-)
-
-type URLTest struct {
-	name     string
-	proxies  []C.Proxy
-	rawURL   string
-	fast     C.Proxy
-	interval time.Duration
-	done     chan struct{}
-}
-
-type URLTestOption struct {
-	Name     string   `proxy:"name"`
-	Proxies  []string `proxy:"proxies"`
-	URL      string   `proxy:"url"`
-	Interval int      `proxy:"interval"`
-}
-
-func (u *URLTest) Name() string {
-	return u.name
-}
-
-func (u *URLTest) Type() C.AdapterType {
-	return C.URLTest
-}
-
-func (u *URLTest) Now() string {
-	return u.fast.Name()
-}
-
-func (u *URLTest) Generator(metadata *C.Metadata) (adapter C.ProxyAdapter, err error) {
-	return u.fast.Generator(metadata)
-}
-
-func (u *URLTest) Close() {
-	u.done <- struct{}{}
-}
-
-func (u *URLTest) loop() {
-	tick := time.NewTicker(u.interval)
-	go u.speedTest()
-Loop:
-	for {
-		select {
-		case <-tick.C:
-			go u.speedTest()
-		case <-u.done:
-			break Loop
-		}
-	}
-}
-
-func (u *URLTest) speedTest() {
-	wg := sync.WaitGroup{}
-	wg.Add(len(u.proxies))
-	c := make(chan interface{})
-	fast := selectFast(c)
-	timer := time.NewTimer(u.interval)
-
-	for _, p := range u.proxies {
-		go func(p C.Proxy) {
-			_, err := DelayTest(p, u.rawURL)
-			if err == nil {
-				c <- p
-			}
-			wg.Done()
-		}(p)
-	}
-
-	go func() {
-		wg.Wait()
-		close(c)
-	}()
-
-	select {
-	case <-timer.C:
-		// Wait for fast to return or close.
-		<-fast
-	case p, open := <-fast:
-		if open {
-			u.fast = p.(C.Proxy)
-		}
-	}
-}
-
-func NewURLTest(option URLTestOption, proxies []C.Proxy) (*URLTest, error) {
-	_, err := urlToMetadata(option.URL)
-	if err != nil {
-		return nil, err
-	}
-	if len(proxies) < 1 {
-		return nil, errors.New("The number of proxies cannot be 0")
-	}
-
-	interval := time.Duration(option.Interval) * time.Second
-	urlTest := &URLTest{
-		name:     option.Name,
-		proxies:  proxies[:],
-		rawURL:   option.URL,
-		fast:     proxies[0],
-		interval: interval,
-		done:     make(chan struct{}),
-	}
-	go urlTest.loop()
-	return urlTest, nil
-}
--- a/adapters/outbound/util.go
+++ b/adapters/outbound/util.go
@ -1,47 +1,28 @@
-package adapters
+package outbound

 import (
+	"bytes"
+	"crypto/tls"
 	"fmt"
 	"net"
-	"net/http"
 	"net/url"
+	"strconv"
+	"sync"
 	"time"

+	"github.com/Dreamacro/clash/component/resolver"
+	"github.com/Dreamacro/clash/component/socks5"
 	C "github.com/Dreamacro/clash/constant"
 )

-// DelayTest get the delay for the specified URL
-func DelayTest(proxy C.Proxy, url string) (t int16, err error) {
-	addr, err := urlToMetadata(url)
-	if err != nil {
-		return
-	}
+const (
+	tcpTimeout = 5 * time.Second
+)

-	start := time.Now()
-	instance, err := proxy.Generator(&addr)
-	if err != nil {
-		return
-	}
-	defer instance.Close()
-	transport := &http.Transport{
-		Dial: func(string, string) (net.Conn, error) {
-			return instance.Conn(), nil
-		},
-		// from http.DefaultTransport
-		MaxIdleConns:          100,
-		IdleConnTimeout:       90 * time.Second,
-		TLSHandshakeTimeout:   10 * time.Second,
-		ExpectContinueTimeout: 1 * time.Second,
-	}
-	client := http.Client{Transport: transport}
-	resp, err := client.Get(url)
-	if err != nil {
-		return
-	}
-	resp.Body.Close()
-	t = int16(time.Since(start) / time.Millisecond)
-	return
-}
+var (
+	globalClientSessionCache tls.ClientSessionCache
+	once                     sync.Once
+)

 func urlToMetadata(rawURL string) (addr C.Metadata, err error) {
 	u, err := url.Parse(rawURL)
@ -51,11 +32,12 @@ func urlToMetadata(rawURL string) (addr C.Metadata, err error) {

 	port := u.Port()
 	if port == "" {
-		if u.Scheme == "https" {
+		switch u.Scheme {
+		case "https":
 			port = "443"
-		} else if u.Scheme == "http" {
+		case "http":
 			port = "80"
-		} else {
+		default:
 			err = fmt.Errorf("%s scheme not Support", rawURL)
 			return
 		}
@ -64,30 +46,55 @@ func urlToMetadata(rawURL string) (addr C.Metadata, err error) {
 	addr = C.Metadata{
 		AddrType: C.AtypDomainName,
 		Host:     u.Hostname(),
-		IP:       nil,
-		Port:     port,
+		DstIP:    nil,
+		DstPort:  port,
 	}
 	return
 }

-func selectFast(in chan interface{}) chan interface{} {
-	out := make(chan interface{})
-	go func() {
-		p, open := <-in
-		if open {
-			out <- p
-		}
-		close(out)
-		for range in {
-		}
-	}()
-
-	return out
-}
-
 func tcpKeepAlive(c net.Conn) {
 	if tcp, ok := c.(*net.TCPConn); ok {
 		tcp.SetKeepAlive(true)
 		tcp.SetKeepAlivePeriod(30 * time.Second)
 	}
 }
+
+func getClientSessionCache() tls.ClientSessionCache {
+	once.Do(func() {
+		globalClientSessionCache = tls.NewLRUClientSessionCache(128)
+	})
+	return globalClientSessionCache
+}
+
+func serializesSocksAddr(metadata *C.Metadata) []byte {
+	var buf [][]byte
+	aType := uint8(metadata.AddrType)
+	p, _ := strconv.Atoi(metadata.DstPort)
+	port := []byte{uint8(p >> 8), uint8(p & 0xff)}
+	switch metadata.AddrType {
+	case socks5.AtypDomainName:
+		len := uint8(len(metadata.Host))
+		host := []byte(metadata.Host)
+		buf = [][]byte{{aType, len}, host, port}
+	case socks5.AtypIPv4:
+		host := metadata.DstIP.To4()
+		buf = [][]byte{{aType}, host, port}
+	case socks5.AtypIPv6:
+		host := metadata.DstIP.To16()
+		buf = [][]byte{{aType}, host, port}
+	}
+	return bytes.Join(buf, nil)
+}
+
+func resolveUDPAddr(network, address string) (*net.UDPAddr, error) {
+	host, port, err := net.SplitHostPort(address)
+	if err != nil {
+		return nil, err
+	}
+
+	ip, err := resolver.ResolveIP(host)
+	if err != nil {
+		return nil, err
+	}
+	return net.ResolveUDPAddr(network, net.JoinHostPort(ip.String(), port))
+}
--- a/adapters/outbound/vmess.go
+++ b/adapters/outbound/vmess.go
@ -1,61 +1,143 @@
-package adapters
+package outbound

 import (
+	"context"
+	"errors"
 	"fmt"
 	"net"
+	"net/http"
 	"strconv"
 	"strings"

+	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/component/resolver"
 	"github.com/Dreamacro/clash/component/vmess"
 	C "github.com/Dreamacro/clash/constant"
 )

-// VmessAdapter is a vmess adapter
-type VmessAdapter struct {
-	conn net.Conn
-}
-
-// Close is used to close connection
-func (v *VmessAdapter) Close() {
-	v.conn.Close()
-}
-
-func (v *VmessAdapter) Conn() net.Conn {
-	return v.conn
-}
-
 type Vmess struct {
-	name   string
-	server string
+	*Base
 	client *vmess.Client
+	option *VmessOption
 }

 type VmessOption struct {
-	Name    string `proxy:"name"`
-	Server  string `proxy:"server"`
-	Port    int    `proxy:"port"`
-	UUID    string `proxy:"uuid"`
-	AlterID int    `proxy:"alterId"`
-	Cipher  string `proxy:"cipher"`
-	TLS     bool   `proxy:"tls,omitempty"`
+	Name           string            `proxy:"name"`
+	Server         string            `proxy:"server"`
+	Port           int               `proxy:"port"`
+	UUID           string            `proxy:"uuid"`
+	AlterID        int               `proxy:"alterId"`
+	Cipher         string            `proxy:"cipher"`
+	TLS            bool              `proxy:"tls,omitempty"`
+	UDP            bool              `proxy:"udp,omitempty"`
+	Network        string            `proxy:"network,omitempty"`
+	HTTPOpts       HTTPOptions       `proxy:"http-opts,omitempty"`
+	WSPath         string            `proxy:"ws-path,omitempty"`
+	WSHeaders      map[string]string `proxy:"ws-headers,omitempty"`
+	SkipCertVerify bool              `proxy:"skip-cert-verify,omitempty"`
+	ServerName     string            `proxy:"servername,omitempty"`
 }

-func (ss *Vmess) Name() string {
-	return ss.name
+type HTTPOptions struct {
+	Method  string              `proxy:"method,omitempty"`
+	Path    []string            `proxy:"path,omitempty"`
+	Headers map[string][]string `proxy:"headers,omitempty"`
 }

-func (ss *Vmess) Type() C.AdapterType {
-	return C.Vmess
-}
+func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+	var err error
+	switch v.option.Network {
+	case "ws":
+		host, port, _ := net.SplitHostPort(v.addr)
+		wsOpts := &vmess.WebsocketConfig{
+			Host: host,
+			Port: port,
+			Path: v.option.WSPath,
+		}
+
+		if len(v.option.WSHeaders) != 0 {
+			header := http.Header{}
+			for key, value := range v.option.WSHeaders {
+				header.Add(key, value)
+			}
+			wsOpts.Headers = header
+		}
+
+		if v.option.TLS {
+			wsOpts.TLS = true
+			wsOpts.SessionCache = getClientSessionCache()
+			wsOpts.SkipCertVerify = v.option.SkipCertVerify
+			wsOpts.ServerName = v.option.ServerName
+		}
+		c, err = vmess.StreamWebsocketConn(c, wsOpts)
+	case "http":
+		host, _, _ := net.SplitHostPort(v.addr)
+		httpOpts := &vmess.HTTPConfig{
+			Host:    host,
+			Method:  v.option.HTTPOpts.Method,
+			Path:    v.option.HTTPOpts.Path,
+			Headers: v.option.HTTPOpts.Headers,
+		}
+
+		c = vmess.StreamHTTPConn(c, httpOpts)
+	default:
+		// handle TLS
+		if v.option.TLS {
+			host, _, _ := net.SplitHostPort(v.addr)
+			tlsOpts := &vmess.TLSConfig{
+				Host:           host,
+				SkipCertVerify: v.option.SkipCertVerify,
+				SessionCache:   getClientSessionCache(),
+			}
+
+			if v.option.ServerName != "" {
+				tlsOpts.Host = v.option.ServerName
+			}
+
+			c, err = vmess.StreamTLSConn(c, tlsOpts)
+		}
+	}

-func (ss *Vmess) Generator(metadata *C.Metadata) (adapter C.ProxyAdapter, err error) {
-	c, err := net.Dial("tcp", ss.server)
 	if err != nil {
-		return nil, fmt.Errorf("%s connect error", ss.server)
+		return nil, err
+	}
+
+	return v.client.StreamConn(c, parseVmessAddr(metadata))
+}
+
+func (v *Vmess) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
+	c, err := dialer.DialContext(ctx, "tcp", v.addr)
+	if err != nil {
+		return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 	}
 	tcpKeepAlive(c)
-	c = ss.client.New(c, parseVmessAddr(metadata))
-	return &VmessAdapter{conn: c}, err
+
+	c, err = v.StreamConn(c, metadata)
+	return NewConn(c, v), err
+}
+
+func (v *Vmess) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
+	// vmess use stream-oriented udp, so clash needs a net.UDPAddr
+	if !metadata.Resolved() {
+		ip, err := resolver.ResolveIP(metadata.Host)
+		if err != nil {
+			return nil, errors.New("can't resolve ip")
+		}
+		metadata.DstIP = ip
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), tcpTimeout)
+	defer cancel()
+	c, err := dialer.DialContext(ctx, "tcp", v.addr)
+	if err != nil {
+		return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
+	}
+	tcpKeepAlive(c)
+	c, err = v.StreamConn(c, metadata)
+	if err != nil {
+		return nil, fmt.Errorf("new vmess client error: %v", err)
+	}
+	return newPacketConn(&vmessPacketConn{Conn: c, rAddr: metadata.UDPAddr()}, v), nil
 }

 func NewVmess(option VmessOption) (*Vmess, error) {
@ -64,16 +146,22 @@ func NewVmess(option VmessOption) (*Vmess, error) {
 		UUID:     option.UUID,
 		AlterID:  uint16(option.AlterID),
 		Security: security,
-		TLS:      option.TLS,
+		HostName: option.Server,
+		Port:     strconv.Itoa(option.Port),
 	})
 	if err != nil {
 		return nil, err
 	}

 	return &Vmess{
-		name:   option.Name,
-		server: fmt.Sprintf("%s:%d", option.Server, option.Port),
+		Base: &Base{
+			name: option.Name,
+			addr: net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),
+			tp:   C.Vmess,
+			udp:  true,
+		},
 		client: client,
+		option: &option,
 	}, nil
 }

@ -84,11 +172,11 @@ func parseVmessAddr(metadata *C.Metadata) *vmess.DstAddr {
 	case C.AtypIPv4:
 		addrType = byte(vmess.AtypIPv4)
 		addr = make([]byte, net.IPv4len)
-		copy(addr[:], metadata.IP.To4())
+		copy(addr[:], metadata.DstIP.To4())
 	case C.AtypIPv6:
 		addrType = byte(vmess.AtypIPv6)
 		addr = make([]byte, net.IPv6len)
-		copy(addr[:], metadata.IP.To16())
+		copy(addr[:], metadata.DstIP.To16())
 	case C.AtypDomainName:
 		addrType = byte(vmess.AtypDomainName)
 		addr = make([]byte, len(metadata.Host)+1)
@ -96,10 +184,25 @@ func parseVmessAddr(metadata *C.Metadata) *vmess.DstAddr {
 		copy(addr[1:], []byte(metadata.Host))
 	}

-	port, _ := strconv.Atoi(metadata.Port)
+	port, _ := strconv.Atoi(metadata.DstPort)
 	return &vmess.DstAddr{
+		UDP:      metadata.NetWork == C.UDP,
 		AddrType: addrType,
 		Addr:     addr,
 		Port:     uint(port),
 	}
 }
+
+type vmessPacketConn struct {
+	net.Conn
+	rAddr net.Addr
+}
+
+func (uc *vmessPacketConn) WriteTo(b []byte, addr net.Addr) (int, error) {
+	return uc.Conn.Write(b)
+}
+
+func (uc *vmessPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
+	n, err := uc.Conn.Read(b)
+	return n, uc.rAddr, err
+}
--- a/adapters/outboundgroup/common.go
+++ b/adapters/outboundgroup/common.go
@ -0,0 +1,20 @@
+package outboundgroup
+
+import (
+	"time"
+
+	"github.com/Dreamacro/clash/adapters/provider"
+	C "github.com/Dreamacro/clash/constant"
+)
+
+const (
+	defaultGetProxiesDuration = time.Second * 5
+)
+
+func getProvidersProxies(providers []provider.ProxyProvider) []C.Proxy {
+	proxies := []C.Proxy{}
+	for _, provider := range providers {
+		proxies = append(proxies, provider.Proxies()...)
+	}
+	return proxies
+}
--- a/adapters/outboundgroup/fallback.go
+++ b/adapters/outboundgroup/fallback.go
@ -0,0 +1,89 @@
+package outboundgroup
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/Dreamacro/clash/adapters/outbound"
+	"github.com/Dreamacro/clash/adapters/provider"
+	"github.com/Dreamacro/clash/common/singledo"
+	C "github.com/Dreamacro/clash/constant"
+)
+
+type Fallback struct {
+	*outbound.Base
+	single    *singledo.Single
+	providers []provider.ProxyProvider
+}
+
+func (f *Fallback) Now() string {
+	proxy := f.findAliveProxy()
+	return proxy.Name()
+}
+
+func (f *Fallback) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
+	proxy := f.findAliveProxy()
+	c, err := proxy.DialContext(ctx, metadata)
+	if err == nil {
+		c.AppendToChains(f)
+	}
+	return c, err
+}
+
+func (f *Fallback) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
+	proxy := f.findAliveProxy()
+	pc, err := proxy.DialUDP(metadata)
+	if err == nil {
+		pc.AppendToChains(f)
+	}
+	return pc, err
+}
+
+func (f *Fallback) SupportUDP() bool {
+	proxy := f.findAliveProxy()
+	return proxy.SupportUDP()
+}
+
+func (f *Fallback) MarshalJSON() ([]byte, error) {
+	var all []string
+	for _, proxy := range f.proxies() {
+		all = append(all, proxy.Name())
+	}
+	return json.Marshal(map[string]interface{}{
+		"type": f.Type().String(),
+		"now":  f.Now(),
+		"all":  all,
+	})
+}
+
+func (f *Fallback) Unwrap(metadata *C.Metadata) C.Proxy {
+	proxy := f.findAliveProxy()
+	return proxy
+}
+
+func (f *Fallback) proxies() []C.Proxy {
+	elm, _, _ := f.single.Do(func() (interface{}, error) {
+		return getProvidersProxies(f.providers), nil
+	})
+
+	return elm.([]C.Proxy)
+}
+
+func (f *Fallback) findAliveProxy() C.Proxy {
+	proxies := f.proxies()
+	for _, proxy := range proxies {
+		if proxy.Alive() {
+			return proxy
+		}
+	}
+
+	return f.proxies()[0]
+}
+
+func NewFallback(name string, providers []provider.ProxyProvider) *Fallback {
+	return &Fallback{
+		Base:      outbound.NewBase(name, "", C.Fallback, false),
+		single:    singledo.NewSingle(defaultGetProxiesDuration),
+		providers: providers,
+	}
+}
--- a/adapters/outboundgroup/loadbalance.go
+++ b/adapters/outboundgroup/loadbalance.go
@ -0,0 +1,125 @@
+package outboundgroup
+
+import (
+	"context"
+	"encoding/json"
+	"net"
+
+	"github.com/Dreamacro/clash/adapters/outbound"
+	"github.com/Dreamacro/clash/adapters/provider"
+	"github.com/Dreamacro/clash/common/murmur3"
+	"github.com/Dreamacro/clash/common/singledo"
+	C "github.com/Dreamacro/clash/constant"
+
+	"golang.org/x/net/publicsuffix"
+)
+
+type LoadBalance struct {
+	*outbound.Base
+	single    *singledo.Single
+	maxRetry  int
+	providers []provider.ProxyProvider
+}
+
+func getKey(metadata *C.Metadata) string {
+	if metadata.Host != "" {
+		// ip host
+		if ip := net.ParseIP(metadata.Host); ip != nil {
+			return metadata.Host
+		}
+
+		if etld, err := publicsuffix.EffectiveTLDPlusOne(metadata.Host); err == nil {
+			return etld
+		}
+	}
+
+	if metadata.DstIP == nil {
+		return ""
+	}
+
+	return metadata.DstIP.String()
+}
+
+func jumpHash(key uint64, buckets int32) int32 {
+	var b, j int64
+
+	for j < int64(buckets) {
+		b = j
+		key = key*2862933555777941757 + 1
+		j = int64(float64(b+1) * (float64(int64(1)<<31) / float64((key>>33)+1)))
+	}
+
+	return int32(b)
+}
+
+func (lb *LoadBalance) DialContext(ctx context.Context, metadata *C.Metadata) (c C.Conn, err error) {
+	defer func() {
+		if err == nil {
+			c.AppendToChains(lb)
+		}
+	}()
+
+	proxy := lb.Unwrap(metadata)
+
+	c, err = proxy.DialContext(ctx, metadata)
+	return
+}
+
+func (lb *LoadBalance) DialUDP(metadata *C.Metadata) (pc C.PacketConn, err error) {
+	defer func() {
+		if err == nil {
+			pc.AppendToChains(lb)
+		}
+	}()
+
+	proxy := lb.Unwrap(metadata)
+
+	return proxy.DialUDP(metadata)
+}
+
+func (lb *LoadBalance) SupportUDP() bool {
+	return true
+}
+
+func (lb *LoadBalance) Unwrap(metadata *C.Metadata) C.Proxy {
+	key := uint64(murmur3.Sum32([]byte(getKey(metadata))))
+	proxies := lb.proxies()
+	buckets := int32(len(proxies))
+	for i := 0; i < lb.maxRetry; i, key = i+1, key+1 {
+		idx := jumpHash(key, buckets)
+		proxy := proxies[idx]
+		if proxy.Alive() {
+			return proxy
+		}
+	}
+
+	return proxies[0]
+}
+
+func (lb *LoadBalance) proxies() []C.Proxy {
+	elm, _, _ := lb.single.Do(func() (interface{}, error) {
+		return getProvidersProxies(lb.providers), nil
+	})
+
+	return elm.([]C.Proxy)
+}
+
+func (lb *LoadBalance) MarshalJSON() ([]byte, error) {
+	var all []string
+	for _, proxy := range lb.proxies() {
+		all = append(all, proxy.Name())
+	}
+	return json.Marshal(map[string]interface{}{
+		"type": lb.Type().String(),
+		"all":  all,
+	})
+}
+
+func NewLoadBalance(name string, providers []provider.ProxyProvider) *LoadBalance {
+	return &LoadBalance{
+		Base:      outbound.NewBase(name, "", C.LoadBalance, false),
+		single:    singledo.NewSingle(defaultGetProxiesDuration),
+		maxRetry:  3,
+		providers: providers,
+	}
+}
--- a/adapters/outboundgroup/parser.go
+++ b/adapters/outboundgroup/parser.go
@ -0,0 +1,147 @@
+package outboundgroup
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/Dreamacro/clash/adapters/provider"
+	"github.com/Dreamacro/clash/common/structure"
+	C "github.com/Dreamacro/clash/constant"
+)
+
+var (
+	errFormat            = errors.New("format error")
+	errType              = errors.New("unsupport type")
+	errMissUse           = errors.New("`use` field should not be empty")
+	errMissProxy         = errors.New("`use` or `proxies` missing")
+	errMissHealthCheck   = errors.New("`url` or `interval` missing")
+	errDuplicateProvider = errors.New("`duplicate provider name")
+)
+
+type GroupCommonOption struct {
+	Name     string   `group:"name"`
+	Type     string   `group:"type"`
+	Proxies  []string `group:"proxies,omitempty"`
+	Use      []string `group:"use,omitempty"`
+	URL      string   `group:"url,omitempty"`
+	Interval int      `group:"interval,omitempty"`
+}
+
+func ParseProxyGroup(config map[string]interface{}, proxyMap map[string]C.Proxy, providersMap map[string]provider.ProxyProvider) (C.ProxyAdapter, error) {
+	decoder := structure.NewDecoder(structure.Option{TagName: "group", WeaklyTypedInput: true})
+
+	groupOption := &GroupCommonOption{}
+	if err := decoder.Decode(config, groupOption); err != nil {
+		return nil, errFormat
+	}
+
+	if groupOption.Type == "" || groupOption.Name == "" {
+		return nil, errFormat
+	}
+
+	groupName := groupOption.Name
+
+	providers := []provider.ProxyProvider{}
+
+	if len(groupOption.Proxies) == 0 && len(groupOption.Use) == 0 {
+		return nil, errMissProxy
+	}
+
+	if len(groupOption.Proxies) != 0 {
+		ps, err := getProxies(proxyMap, groupOption.Proxies)
+		if err != nil {
+			return nil, err
+		}
+
+		// if Use not empty, drop health check options
+		if len(groupOption.Use) != 0 {
+			hc := provider.NewHealthCheck(ps, "", 0)
+			pd, err := provider.NewCompatibleProvider(groupName, ps, hc)
+			if err != nil {
+				return nil, err
+			}
+
+			providers = append(providers, pd)
+		} else {
+			// select don't need health check
+			if groupOption.Type == "select" || groupOption.Type == "relay" {
+				hc := provider.NewHealthCheck(ps, "", 0)
+				pd, err := provider.NewCompatibleProvider(groupName, ps, hc)
+				if err != nil {
+					return nil, err
+				}
+
+				providers = append(providers, pd)
+				providersMap[groupName] = pd
+			} else {
+				if groupOption.URL == "" || groupOption.Interval == 0 {
+					return nil, errMissHealthCheck
+				}
+
+				hc := provider.NewHealthCheck(ps, groupOption.URL, uint(groupOption.Interval))
+				pd, err := provider.NewCompatibleProvider(groupName, ps, hc)
+				if err != nil {
+					return nil, err
+				}
+
+				providers = append(providers, pd)
+				providersMap[groupName] = pd
+			}
+		}
+	}
+
+	if len(groupOption.Use) != 0 {
+		list, err := getProviders(providersMap, groupOption.Use)
+		if err != nil {
+			return nil, err
+		}
+		providers = append(providers, list...)
+	}
+
+	var group C.ProxyAdapter
+	switch groupOption.Type {
+	case "url-test":
+		opts := parseURLTestOption(config)
+		group = NewURLTest(groupName, providers, opts...)
+	case "select":
+		group = NewSelector(groupName, providers)
+	case "fallback":
+		group = NewFallback(groupName, providers)
+	case "load-balance":
+		group = NewLoadBalance(groupName, providers)
+	case "relay":
+		group = NewRelay(groupName, providers)
+	default:
+		return nil, fmt.Errorf("%w: %s", errType, groupOption.Type)
+	}
+
+	return group, nil
+}
+
+func getProxies(mapping map[string]C.Proxy, list []string) ([]C.Proxy, error) {
+	var ps []C.Proxy
+	for _, name := range list {
+		p, ok := mapping[name]
+		if !ok {
+			return nil, fmt.Errorf("'%s' not found", name)
+		}
+		ps = append(ps, p)
+	}
+	return ps, nil
+}
+
+func getProviders(mapping map[string]provider.ProxyProvider, list []string) ([]provider.ProxyProvider, error) {
+	var ps []provider.ProxyProvider
+	for _, name := range list {
+		p, ok := mapping[name]
+		if !ok {
+			return nil, fmt.Errorf("'%s' not found", name)
+		}
+
+		if p.VehicleType() == provider.Compatible {
+			return nil, fmt.Errorf("proxy group %s can't contains in `use`", name)
+		}
+		ps = append(ps, p)
+	}
+	return ps, nil
+}
--- a/adapters/outboundgroup/relay.go
+++ b/adapters/outboundgroup/relay.go
@ -0,0 +1,98 @@
+package outboundgroup
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+
+	"github.com/Dreamacro/clash/adapters/outbound"
+	"github.com/Dreamacro/clash/adapters/provider"
+	"github.com/Dreamacro/clash/common/singledo"
+	"github.com/Dreamacro/clash/component/dialer"
+	C "github.com/Dreamacro/clash/constant"
+)
+
+type Relay struct {
+	*outbound.Base
+	single    *singledo.Single
+	providers []provider.ProxyProvider
+}
+
+func (r *Relay) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
+	proxies := r.proxies(metadata)
+	if len(proxies) == 0 {
+		return nil, errors.New("Proxy does not exist")
+	}
+	first := proxies[0]
+	last := proxies[len(proxies)-1]
+
+	c, err := dialer.DialContext(ctx, "tcp", first.Addr())
+	if err != nil {
+		return nil, fmt.Errorf("%s connect error: %w", first.Addr(), err)
+	}
+	tcpKeepAlive(c)
+
+	var currentMeta *C.Metadata
+	for _, proxy := range proxies[1:] {
+		currentMeta, err = addrToMetadata(proxy.Addr())
+		if err != nil {
+			return nil, err
+		}
+
+		c, err = first.StreamConn(c, currentMeta)
+		if err != nil {
+			return nil, fmt.Errorf("%s connect error: %w", first.Addr(), err)
+		}
+
+		first = proxy
+	}
+
+	c, err = last.StreamConn(c, metadata)
+	if err != nil {
+		return nil, fmt.Errorf("%s connect error: %w", last.Addr(), err)
+	}
+
+	return outbound.NewConn(c, r), nil
+}
+
+func (r *Relay) MarshalJSON() ([]byte, error) {
+	var all []string
+	for _, proxy := range r.rawProxies() {
+		all = append(all, proxy.Name())
+	}
+	return json.Marshal(map[string]interface{}{
+		"type": r.Type().String(),
+		"all":  all,
+	})
+}
+
+func (r *Relay) rawProxies() []C.Proxy {
+	elm, _, _ := r.single.Do(func() (interface{}, error) {
+		return getProvidersProxies(r.providers), nil
+	})
+
+	return elm.([]C.Proxy)
+}
+
+func (r *Relay) proxies(metadata *C.Metadata) []C.Proxy {
+	proxies := r.rawProxies()
+
+	for n, proxy := range proxies {
+		subproxy := proxy.Unwrap(metadata)
+		for subproxy != nil {
+			proxies[n] = subproxy
+			subproxy = subproxy.Unwrap(metadata)
+		}
+	}
+
+	return proxies
+}
+
+func NewRelay(name string, providers []provider.ProxyProvider) *Relay {
+	return &Relay{
+		Base:      outbound.NewBase(name, "", C.Relay, false),
+		single:    singledo.NewSingle(defaultGetProxiesDuration),
+		providers: providers,
+	}
+}
--- a/adapters/outboundgroup/selector.go
+++ b/adapters/outboundgroup/selector.go
@ -0,0 +1,97 @@
+package outboundgroup
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+
+	"github.com/Dreamacro/clash/adapters/outbound"
+	"github.com/Dreamacro/clash/adapters/provider"
+	"github.com/Dreamacro/clash/common/singledo"
+	C "github.com/Dreamacro/clash/constant"
+)
+
+type Selector struct {
+	*outbound.Base
+	single    *singledo.Single
+	selected  string
+	providers []provider.ProxyProvider
+}
+
+func (s *Selector) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
+	c, err := s.selectedProxy().DialContext(ctx, metadata)
+	if err == nil {
+		c.AppendToChains(s)
+	}
+	return c, err
+}
+
+func (s *Selector) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
+	pc, err := s.selectedProxy().DialUDP(metadata)
+	if err == nil {
+		pc.AppendToChains(s)
+	}
+	return pc, err
+}
+
+func (s *Selector) SupportUDP() bool {
+	return s.selectedProxy().SupportUDP()
+}
+
+func (s *Selector) MarshalJSON() ([]byte, error) {
+	var all []string
+	for _, proxy := range getProvidersProxies(s.providers) {
+		all = append(all, proxy.Name())
+	}
+
+	return json.Marshal(map[string]interface{}{
+		"type": s.Type().String(),
+		"now":  s.Now(),
+		"all":  all,
+	})
+}
+
+func (s *Selector) Now() string {
+	return s.selectedProxy().Name()
+}
+
+func (s *Selector) Set(name string) error {
+	for _, proxy := range getProvidersProxies(s.providers) {
+		if proxy.Name() == name {
+			s.selected = name
+			s.single.Reset()
+			return nil
+		}
+	}
+
+	return errors.New("Proxy does not exist")
+}
+
+func (s *Selector) Unwrap(metadata *C.Metadata) C.Proxy {
+	return s.selectedProxy()
+}
+
+func (s *Selector) selectedProxy() C.Proxy {
+	elm, _, _ := s.single.Do(func() (interface{}, error) {
+		proxies := getProvidersProxies(s.providers)
+		for _, proxy := range proxies {
+			if proxy.Name() == s.selected {
+				return proxy, nil
+			}
+		}
+
+		return proxies[0], nil
+	})
+
+	return elm.(C.Proxy)
+}
+
+func NewSelector(name string, providers []provider.ProxyProvider) *Selector {
+	selected := providers[0].Proxies()[0].Name()
+	return &Selector{
+		Base:      outbound.NewBase(name, "", C.Selector, false),
+		single:    singledo.NewSingle(defaultGetProxiesDuration),
+		providers: providers,
+		selected:  selected,
+	}
+}
--- a/adapters/outboundgroup/urltest.go
+++ b/adapters/outboundgroup/urltest.go
@ -0,0 +1,133 @@
+package outboundgroup
+
+import (
+	"context"
+	"encoding/json"
+	"time"
+
+	"github.com/Dreamacro/clash/adapters/outbound"
+	"github.com/Dreamacro/clash/adapters/provider"
+	"github.com/Dreamacro/clash/common/singledo"
+	C "github.com/Dreamacro/clash/constant"
+)
+
+type urlTestOption func(*URLTest)
+
+func urlTestWithTolerance(tolerance uint16) urlTestOption {
+	return func(u *URLTest) {
+		u.tolerance = tolerance
+	}
+}
+
+type URLTest struct {
+	*outbound.Base
+	tolerance  uint16
+	fastNode   C.Proxy
+	single     *singledo.Single
+	fastSingle *singledo.Single
+	providers  []provider.ProxyProvider
+}
+
+func (u *URLTest) Now() string {
+	return u.fast().Name()
+}
+
+func (u *URLTest) DialContext(ctx context.Context, metadata *C.Metadata) (c C.Conn, err error) {
+	c, err = u.fast().DialContext(ctx, metadata)
+	if err == nil {
+		c.AppendToChains(u)
+	}
+	return c, err
+}
+
+func (u *URLTest) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
+	pc, err := u.fast().DialUDP(metadata)
+	if err == nil {
+		pc.AppendToChains(u)
+	}
+	return pc, err
+}
+
+func (u *URLTest) Unwrap(metadata *C.Metadata) C.Proxy {
+	return u.fast()
+}
+
+func (u *URLTest) proxies() []C.Proxy {
+	elm, _, _ := u.single.Do(func() (interface{}, error) {
+		return getProvidersProxies(u.providers), nil
+	})
+
+	return elm.([]C.Proxy)
+}
+
+func (u *URLTest) fast() C.Proxy {
+	elm, _, _ := u.fastSingle.Do(func() (interface{}, error) {
+		proxies := u.proxies()
+		fast := proxies[0]
+		min := fast.LastDelay()
+		for _, proxy := range proxies[1:] {
+			if !proxy.Alive() {
+				continue
+			}
+
+			delay := proxy.LastDelay()
+			if delay < min {
+				fast = proxy
+				min = delay
+			}
+		}
+
+		// tolerance
+		if u.fastNode == nil || u.fastNode.LastDelay() > fast.LastDelay() + u.tolerance {
+			u.fastNode = fast
+		}
+
+		return u.fastNode, nil
+	})
+
+	return elm.(C.Proxy)
+}
+
+func (u *URLTest) SupportUDP() bool {
+	return u.fast().SupportUDP()
+}
+
+func (u *URLTest) MarshalJSON() ([]byte, error) {
+	var all []string
+	for _, proxy := range u.proxies() {
+		all = append(all, proxy.Name())
+	}
+	return json.Marshal(map[string]interface{}{
+		"type": u.Type().String(),
+		"now":  u.Now(),
+		"all":  all,
+	})
+}
+
+func parseURLTestOption(config map[string]interface{}) []urlTestOption {
+	opts := []urlTestOption{}
+
+	// tolerance
+	if elm, ok := config["tolerance"]; ok {
+		if tolerance, ok := elm.(int); ok {
+			opts = append(opts, urlTestWithTolerance(uint16(tolerance)))
+		}
+	}
+
+	return opts
+}
+
+func NewURLTest(name string, providers []provider.ProxyProvider, options ...urlTestOption) *URLTest {
+	urlTest := &URLTest{
+		Base:       outbound.NewBase(name, "", C.URLTest, false),
+		single:     singledo.NewSingle(defaultGetProxiesDuration),
+		fastSingle: singledo.NewSingle(time.Second * 10),
+		providers:  providers,
+	}
+
+	for _, option := range options {
+		option(urlTest)
+	}
+
+	return urlTest
+}
--- a/adapters/outboundgroup/util.go
+++ b/adapters/outboundgroup/util.go
@ -0,0 +1,53 @@
+package outboundgroup
+
+import (
+	"fmt"
+	"net"
+	"time"
+
+	C "github.com/Dreamacro/clash/constant"
+)
+
+func addrToMetadata(rawAddress string) (addr *C.Metadata, err error) {
+	host, port, err := net.SplitHostPort(rawAddress)
+	if err != nil {
+		err = fmt.Errorf("addrToMetadata failed: %w", err)
+		return
+	}
+
+	ip := net.ParseIP(host)
+	if ip != nil {
+		if ip.To4() != nil {
+			addr = &C.Metadata{
+				AddrType: C.AtypIPv4,
+				Host:     "",
+				DstIP:    ip,
+				DstPort:  port,
+			}
+			return
+		} else {
+			addr = &C.Metadata{
+				AddrType: C.AtypIPv6,
+				Host:     "",
+				DstIP:    ip,
+				DstPort:  port,
+			}
+			return
+		}
+	} else {
+		addr = &C.Metadata{
+			AddrType: C.AtypDomainName,
+			Host:     host,
+			DstIP:    nil,
+			DstPort:  port,
+		}
+		return
+	}
+}
+
+func tcpKeepAlive(c net.Conn) {
+	if tcp, ok := c.(*net.TCPConn); ok {
+		tcp.SetKeepAlive(true)
+		tcp.SetKeepAlivePeriod(30 * time.Second)
+	}
+}
--- a/adapters/provider/fetcher.go
+++ b/adapters/provider/fetcher.go
@ -0,0 +1,180 @@
+package provider
+
+import (
+	"bytes"
+	"crypto/md5"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/Dreamacro/clash/log"
+)
+
+var (
+	fileMode os.FileMode = 0666
+	dirMode  os.FileMode = 0755
+)
+
+type parser = func([]byte) (interface{}, error)
+
+type fetcher struct {
+	name      string
+	vehicle   Vehicle
+	updatedAt *time.Time
+	ticker    *time.Ticker
+	done      chan struct{}
+	hash      [16]byte
+	parser    parser
+	onUpdate  func(interface{})
+}
+
+func (f *fetcher) Name() string {
+	return f.name
+}
+
+func (f *fetcher) VehicleType() VehicleType {
+	return f.vehicle.Type()
+}
+
+func (f *fetcher) Initial() (interface{}, error) {
+	var (
+		buf     []byte
+		err     error
+		isLocal bool
+	)
+	if stat, fErr := os.Stat(f.vehicle.Path()); fErr == nil {
+		buf, err = ioutil.ReadFile(f.vehicle.Path())
+		modTime := stat.ModTime()
+		f.updatedAt = &modTime
+		isLocal = true
+	} else {
+		buf, err = f.vehicle.Read()
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	proxies, err := f.parser(buf)
+	if err != nil {
+		if !isLocal {
+			return nil, err
+		}
+
+		// parse local file error, fallback to remote
+		buf, err = f.vehicle.Read()
+		if err != nil {
+			return nil, err
+		}
+
+		proxies, err = f.parser(buf)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if f.vehicle.Type() != File {
+		if err := safeWrite(f.vehicle.Path(), buf); err != nil {
+			return nil, err
+		}
+	}
+
+	f.hash = md5.Sum(buf)
+
+	// pull proxies automatically
+	if f.ticker != nil {
+		go f.pullLoop()
+	}
+
+	return proxies, nil
+}
+
+func (f *fetcher) Update() (interface{}, bool, error) {
+	buf, err := f.vehicle.Read()
+	if err != nil {
+		return nil, false, err
+	}
+
+	now := time.Now()
+	hash := md5.Sum(buf)
+	if bytes.Equal(f.hash[:], hash[:]) {
+		f.updatedAt = &now
+		return nil, true, nil
+	}
+
+	proxies, err := f.parser(buf)
+	if err != nil {
+		return nil, false, err
+	}
+
+	if err := safeWrite(f.vehicle.Path(), buf); err != nil {
+		return nil, false, err
+	}
+
+	f.updatedAt = &now
+	f.hash = hash
+
+	return proxies, false, nil
+}
+
+func (f *fetcher) Destroy() error {
+	if f.ticker != nil {
+		f.done <- struct{}{}
+	}
+	return nil
+}
+
+func (f *fetcher) pullLoop() {
+	for {
+		select {
+		case <-f.ticker.C:
+			elm, same, err := f.Update()
+			if err != nil {
+				log.Warnln("[Provider] %s pull error: %s", f.Name(), err.Error())
+				continue
+			}
+
+			if same {
+				log.Debugln("[Provider] %s's proxies doesn't change", f.Name())
+				continue
+			}
+
+			log.Infoln("[Provider] %s's proxies update", f.Name())
+			if f.onUpdate != nil {
+				f.onUpdate(elm)
+			}
+		case <-f.done:
+			f.ticker.Stop()
+			return
+		}
+	}
+}
+
+func safeWrite(path string, buf []byte) error {
+	dir := filepath.Dir(path)
+
+	if _, err := os.Stat(dir); os.IsNotExist(err) {
+		if err := os.MkdirAll(dir, dirMode); err != nil {
+			return err
+		}
+	}
+
+	return ioutil.WriteFile(path, buf, fileMode)
+}
+
+func newFetcher(name string, interval time.Duration, vehicle Vehicle, parser parser, onUpdate func(interface{})) *fetcher {
+	var ticker *time.Ticker
+	if interval != 0 {
+		ticker = time.NewTicker(interval)
+	}
+
+	return &fetcher{
+		name:     name,
+		ticker:   ticker,
+		vehicle:  vehicle,
+		parser:   parser,
+		done:     make(chan struct{}, 1),
+		onUpdate: onUpdate,
+	}
+}
--- a/adapters/provider/healthcheck.go
+++ b/adapters/provider/healthcheck.go
@ -0,0 +1,70 @@
+package provider
+
+import (
+	"context"
+	"time"
+
+	C "github.com/Dreamacro/clash/constant"
+)
+
+const (
+	defaultURLTestTimeout = time.Second * 5
+)
+
+type HealthCheckOption struct {
+	URL      string
+	Interval uint
+}
+
+type HealthCheck struct {
+	url      string
+	proxies  []C.Proxy
+	interval uint
+	done     chan struct{}
+}
+
+func (hc *HealthCheck) process() {
+	ticker := time.NewTicker(time.Duration(hc.interval) * time.Second)
+
+	go hc.check()
+	for {
+		select {
+		case <-ticker.C:
+			hc.check()
+		case <-hc.done:
+			ticker.Stop()
+			return
+		}
+	}
+}
+
+func (hc *HealthCheck) setProxy(proxies []C.Proxy) {
+	hc.proxies = proxies
+}
+
+func (hc *HealthCheck) auto() bool {
+	return hc.interval != 0
+}
+
+func (hc *HealthCheck) check() {
+	ctx, cancel := context.WithTimeout(context.Background(), defaultURLTestTimeout)
+	for _, proxy := range hc.proxies {
+		go proxy.URLTest(ctx, hc.url)
+	}
+
+	<-ctx.Done()
+	cancel()
+}
+
+func (hc *HealthCheck) close() {
+	hc.done <- struct{}{}
+}
+
+func NewHealthCheck(proxies []C.Proxy, url string, interval uint) *HealthCheck {
+	return &HealthCheck{
+		proxies:  proxies,
+		url:      url,
+		interval: interval,
+		done:     make(chan struct{}, 1),
+	}
+}
--- a/adapters/provider/parser.go
+++ b/adapters/provider/parser.go
@ -0,0 +1,58 @@
+package provider
+
+import (
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/Dreamacro/clash/common/structure"
+	C "github.com/Dreamacro/clash/constant"
+)
+
+var (
+	errVehicleType = errors.New("unsupport vehicle type")
+)
+
+type healthCheckSchema struct {
+	Enable   bool   `provider:"enable"`
+	URL      string `provider:"url"`
+	Interval int    `provider:"interval"`
+}
+
+type proxyProviderSchema struct {
+	Type        string            `provider:"type"`
+	Path        string            `provider:"path"`
+	URL         string            `provider:"url,omitempty"`
+	Interval    int               `provider:"interval,omitempty"`
+	HealthCheck healthCheckSchema `provider:"health-check,omitempty"`
+}
+
+func ParseProxyProvider(name string, mapping map[string]interface{}) (ProxyProvider, error) {
+	decoder := structure.NewDecoder(structure.Option{TagName: "provider", WeaklyTypedInput: true})
+
+	schema := &proxyProviderSchema{}
+	if err := decoder.Decode(mapping, schema); err != nil {
+		return nil, err
+	}
+
+	var hcInterval uint = 0
+	if schema.HealthCheck.Enable {
+		hcInterval = uint(schema.HealthCheck.Interval)
+	}
+	hc := NewHealthCheck([]C.Proxy{}, schema.HealthCheck.URL, hcInterval)
+
+	path := C.Path.Resolve(schema.Path)
+
+	var vehicle Vehicle
+	switch schema.Type {
+	case "file":
+		vehicle = NewFileVehicle(path)
+	case "http":
+		vehicle = NewHTTPVehicle(schema.URL, path)
+	default:
+		return nil, fmt.Errorf("%w: %s", errVehicleType, schema.Type)
+	}
+
+	interval := time.Duration(uint(schema.Interval)) * time.Second
+	return NewProxySetProvider(name, interval, vehicle, hc), nil
+}
--- a/adapters/provider/provider.go
+++ b/adapters/provider/provider.go
@ -0,0 +1,248 @@
+package provider
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"runtime"
+	"time"
+
+	"github.com/Dreamacro/clash/adapters/outbound"
+	C "github.com/Dreamacro/clash/constant"
+
+	"gopkg.in/yaml.v2"
+)
+
+const (
+	ReservedName = "default"
+)
+
+// Provider Type
+const (
+	Proxy ProviderType = iota
+	Rule
+)
+
+// ProviderType defined
+type ProviderType int
+
+func (pt ProviderType) String() string {
+	switch pt {
+	case Proxy:
+		return "Proxy"
+	case Rule:
+		return "Rule"
+	default:
+		return "Unknown"
+	}
+}
+
+// Provider interface
+type Provider interface {
+	Name() string
+	VehicleType() VehicleType
+	Type() ProviderType
+	Initial() error
+	Update() error
+}
+
+// ProxyProvider interface
+type ProxyProvider interface {
+	Provider
+	Proxies() []C.Proxy
+	HealthCheck()
+}
+
+type ProxySchema struct {
+	Proxies []map[string]interface{} `yaml:"proxies"`
+}
+
+// for auto gc
+type ProxySetProvider struct {
+	*proxySetProvider
+}
+
+type proxySetProvider struct {
+	*fetcher
+	proxies     []C.Proxy
+	healthCheck *HealthCheck
+}
+
+func (pp *proxySetProvider) MarshalJSON() ([]byte, error) {
+	return json.Marshal(map[string]interface{}{
+		"name":        pp.Name(),
+		"type":        pp.Type().String(),
+		"vehicleType": pp.VehicleType().String(),
+		"proxies":     pp.Proxies(),
+		"updatedAt":   pp.updatedAt,
+	})
+}
+
+func (pp *proxySetProvider) Name() string {
+	return pp.name
+}
+
+func (pp *proxySetProvider) HealthCheck() {
+	pp.healthCheck.check()
+}
+
+func (pp *proxySetProvider) Update() error {
+	elm, same, err := pp.fetcher.Update()
+	if err == nil && !same {
+		pp.onUpdate(elm)
+	}
+	return err
+}
+
+func (pp *proxySetProvider) Initial() error {
+	elm, err := pp.fetcher.Initial()
+	if err != nil {
+		return err
+	}
+
+	pp.onUpdate(elm)
+	return nil
+}
+
+func (pp *proxySetProvider) Type() ProviderType {
+	return Proxy
+}
+
+func (pp *proxySetProvider) Proxies() []C.Proxy {
+	return pp.proxies
+}
+
+func proxiesParse(buf []byte) (interface{}, error) {
+	schema := &ProxySchema{}
+
+	if err := yaml.Unmarshal(buf, schema); err != nil {
+		return nil, err
+	}
+
+	if schema.Proxies == nil {
+		return nil, errors.New("File must have a `proxies` field")
+	}
+
+	proxies := []C.Proxy{}
+	for idx, mapping := range schema.Proxies {
+		proxy, err := outbound.ParseProxy(mapping)
+		if err != nil {
+			return nil, fmt.Errorf("Proxy %d error: %w", idx, err)
+		}
+		proxies = append(proxies, proxy)
+	}
+
+	if len(proxies) == 0 {
+		return nil, errors.New("File doesn't have any valid proxy")
+	}
+
+	return proxies, nil
+}
+
+func (pp *proxySetProvider) setProxies(proxies []C.Proxy) {
+	pp.proxies = proxies
+	pp.healthCheck.setProxy(proxies)
+	if pp.healthCheck.auto() {
+		go pp.healthCheck.check()
+	}
+}
+
+func stopProxyProvider(pd *ProxySetProvider) {
+	pd.healthCheck.close()
+	pd.fetcher.Destroy()
+}
+
+func NewProxySetProvider(name string, interval time.Duration, vehicle Vehicle, hc *HealthCheck) *ProxySetProvider {
+	if hc.auto() {
+		go hc.process()
+	}
+
+	pd := &proxySetProvider{
+		proxies:     []C.Proxy{},
+		healthCheck: hc,
+	}
+
+	onUpdate := func(elm interface{}) {
+		ret := elm.([]C.Proxy)
+		pd.setProxies(ret)
+	}
+
+	fetcher := newFetcher(name, interval, vehicle, proxiesParse, onUpdate)
+	pd.fetcher = fetcher
+
+	wrapper := &ProxySetProvider{pd}
+	runtime.SetFinalizer(wrapper, stopProxyProvider)
+	return wrapper
+}
+
+// for auto gc
+type CompatibleProvider struct {
+	*compatibleProvider
+}
+
+type compatibleProvider struct {
+	name        string
+	healthCheck *HealthCheck
+	proxies     []C.Proxy
+}
+
+func (cp *compatibleProvider) MarshalJSON() ([]byte, error) {
+	return json.Marshal(map[string]interface{}{
+		"name":        cp.Name(),
+		"type":        cp.Type().String(),
+		"vehicleType": cp.VehicleType().String(),
+		"proxies":     cp.Proxies(),
+	})
+}
+
+func (cp *compatibleProvider) Name() string {
+	return cp.name
+}
+
+func (cp *compatibleProvider) HealthCheck() {
+	cp.healthCheck.check()
+}
+
+func (cp *compatibleProvider) Update() error {
+	return nil
+}
+
+func (cp *compatibleProvider) Initial() error {
+	return nil
+}
+
+func (cp *compatibleProvider) VehicleType() VehicleType {
+	return Compatible
+}
+
+func (cp *compatibleProvider) Type() ProviderType {
+	return Proxy
+}
+
+func (cp *compatibleProvider) Proxies() []C.Proxy {
+	return cp.proxies
+}
+
+func stopCompatibleProvider(pd *CompatibleProvider) {
+	pd.healthCheck.close()
+}
+
+func NewCompatibleProvider(name string, proxies []C.Proxy, hc *HealthCheck) (*CompatibleProvider, error) {
+	if len(proxies) == 0 {
+		return nil, errors.New("Provider need one proxy at least")
+	}
+
+	if hc.auto() {
+		go hc.process()
+	}
+
+	pd := &compatibleProvider{
+		name:        name,
+		proxies:     proxies,
+		healthCheck: hc,
+	}
+
+	wrapper := &CompatibleProvider{pd}
+	runtime.SetFinalizer(wrapper, stopCompatibleProvider)
+	return wrapper, nil
+}
--- a/adapters/provider/vehicle.go
+++ b/adapters/provider/vehicle.go
@ -0,0 +1,121 @@
+package provider
+
+import (
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"time"
+
+	"github.com/Dreamacro/clash/component/dialer"
+)
+
+// Vehicle Type
+const (
+	File VehicleType = iota
+	HTTP
+	Compatible
+)
+
+// VehicleType defined
+type VehicleType int
+
+func (v VehicleType) String() string {
+	switch v {
+	case File:
+		return "File"
+	case HTTP:
+		return "HTTP"
+	case Compatible:
+		return "Compatible"
+	default:
+		return "Unknown"
+	}
+}
+
+type Vehicle interface {
+	Read() ([]byte, error)
+	Path() string
+	Type() VehicleType
+}
+
+type FileVehicle struct {
+	path string
+}
+
+func (f *FileVehicle) Type() VehicleType {
+	return File
+}
+
+func (f *FileVehicle) Path() string {
+	return f.path
+}
+
+func (f *FileVehicle) Read() ([]byte, error) {
+	return ioutil.ReadFile(f.path)
+}
+
+func NewFileVehicle(path string) *FileVehicle {
+	return &FileVehicle{path: path}
+}
+
+type HTTPVehicle struct {
+	url  string
+	path string
+}
+
+func (h *HTTPVehicle) Type() VehicleType {
+	return HTTP
+}
+
+func (h *HTTPVehicle) Path() string {
+	return h.path
+}
+
+func (h *HTTPVehicle) Read() ([]byte, error) {
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second*20)
+	defer cancel()
+
+	uri, err := url.Parse(h.url)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequest(http.MethodGet, uri.String(), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	if user := uri.User; user != nil {
+		password, _ := user.Password()
+		req.SetBasicAuth(user.Username(), password)
+	}
+
+	req = req.WithContext(ctx)
+
+	transport := &http.Transport{
+		// from http.DefaultTransport
+		MaxIdleConns:          100,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+		DialContext:           dialer.DialContext,
+	}
+
+	client := http.Client{Transport: transport}
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, err
+	}
+
+	buf, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	return buf, nil
+}
+
+func NewHTTPVehicle(url string, path string) *HTTPVehicle {
+	return &HTTPVehicle{url, path}
+}
--- a/common/cache/cache.go
+++ b/common/cache/cache.go
@ -0,0 +1,106 @@
+package cache
+
+import (
+	"runtime"
+	"sync"
+	"time"
+)
+
+// Cache store element with a expired time
+type Cache struct {
+	*cache
+}
+
+type cache struct {
+	mapping sync.Map
+	janitor *janitor
+}
+
+type element struct {
+	Expired time.Time
+	Payload interface{}
+}
+
+// Put element in Cache with its ttl
+func (c *cache) Put(key interface{}, payload interface{}, ttl time.Duration) {
+	c.mapping.Store(key, &element{
+		Payload: payload,
+		Expired: time.Now().Add(ttl),
+	})
+}
+
+// Get element in Cache, and drop when it expired
+func (c *cache) Get(key interface{}) interface{} {
+	item, exist := c.mapping.Load(key)
+	if !exist {
+		return nil
+	}
+	elm := item.(*element)
+	// expired
+	if time.Since(elm.Expired) > 0 {
+		c.mapping.Delete(key)
+		return nil
+	}
+	return elm.Payload
+}
+
+// GetWithExpire element in Cache with Expire Time
+func (c *cache) GetWithExpire(key interface{}) (payload interface{}, expired time.Time) {
+	item, exist := c.mapping.Load(key)
+	if !exist {
+		return
+	}
+	elm := item.(*element)
+	// expired
+	if time.Since(elm.Expired) > 0 {
+		c.mapping.Delete(key)
+		return
+	}
+	return elm.Payload, elm.Expired
+}
+
+func (c *cache) cleanup() {
+	c.mapping.Range(func(k, v interface{}) bool {
+		key := k.(string)
+		elm := v.(*element)
+		if time.Since(elm.Expired) > 0 {
+			c.mapping.Delete(key)
+		}
+		return true
+	})
+}
+
+type janitor struct {
+	interval time.Duration
+	stop     chan struct{}
+}
+
+func (j *janitor) process(c *cache) {
+	ticker := time.NewTicker(j.interval)
+	for {
+		select {
+		case <-ticker.C:
+			c.cleanup()
+		case <-j.stop:
+			ticker.Stop()
+			return
+		}
+	}
+}
+
+func stopJanitor(c *Cache) {
+	c.janitor.stop <- struct{}{}
+}
+
+// New return *Cache
+func New(interval time.Duration) *Cache {
+	j := &janitor{
+		interval: interval,
+		stop:     make(chan struct{}),
+	}
+	c := &cache{janitor: j}
+	go j.process(c)
+	C := &Cache{c}
+	runtime.SetFinalizer(C, stopJanitor)
+	return C
+}
--- a/common/cache/cache_test.go
+++ b/common/cache/cache_test.go
@ -0,0 +1,70 @@
+package cache
+
+import (
+	"runtime"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCache_Basic(t *testing.T) {
+	interval := 200 * time.Millisecond
+	ttl := 20 * time.Millisecond
+	c := New(interval)
+	c.Put("int", 1, ttl)
+	c.Put("string", "a", ttl)
+
+	i := c.Get("int")
+	assert.Equal(t, i.(int), 1, "should recv 1")
+
+	s := c.Get("string")
+	assert.Equal(t, s.(string), "a", "should recv 'a'")
+}
+
+func TestCache_TTL(t *testing.T) {
+	interval := 200 * time.Millisecond
+	ttl := 20 * time.Millisecond
+	now := time.Now()
+	c := New(interval)
+	c.Put("int", 1, ttl)
+	c.Put("int2", 2, ttl)
+
+	i := c.Get("int")
+	_, expired := c.GetWithExpire("int2")
+	assert.Equal(t, i.(int), 1, "should recv 1")
+	assert.True(t, now.Before(expired))
+
+	time.Sleep(ttl * 2)
+	i = c.Get("int")
+	j, _ := c.GetWithExpire("int2")
+	assert.Nil(t, i, "should recv nil")
+	assert.Nil(t, j, "should recv nil")
+}
+
+func TestCache_AutoCleanup(t *testing.T) {
+	interval := 10 * time.Millisecond
+	ttl := 15 * time.Millisecond
+	c := New(interval)
+	c.Put("int", 1, ttl)
+
+	time.Sleep(ttl * 2)
+	i := c.Get("int")
+	j, _ := c.GetWithExpire("int")
+	assert.Nil(t, i, "should recv nil")
+	assert.Nil(t, j, "should recv nil")
+}
+
+func TestCache_AutoGC(t *testing.T) {
+	sign := make(chan struct{})
+	go func() {
+		interval := 10 * time.Millisecond
+		ttl := 15 * time.Millisecond
+		c := New(interval)
+		c.Put("int", 1, ttl)
+		sign <- struct{}{}
+	}()
+
+	<-sign
+	runtime.GC()
+}
--- a/common/cache/lrucache.go
+++ b/common/cache/lrucache.go
@ -0,0 +1,206 @@
+package cache
+
+// Modified by https://github.com/die-net/lrucache
+
+import (
+	"container/list"
+	"sync"
+	"time"
+)
+
+// Option is part of Functional Options Pattern
+type Option func(*LruCache)
+
+// EvictCallback is used to get a callback when a cache entry is evicted
+type EvictCallback = func(key interface{}, value interface{})
+
+// WithEvict set the evict callback
+func WithEvict(cb EvictCallback) Option {
+	return func(l *LruCache) {
+		l.onEvict = cb
+	}
+}
+
+// WithUpdateAgeOnGet update expires when Get element
+func WithUpdateAgeOnGet() Option {
+	return func(l *LruCache) {
+		l.updateAgeOnGet = true
+	}
+}
+
+// WithAge defined element max age (second)
+func WithAge(maxAge int64) Option {
+	return func(l *LruCache) {
+		l.maxAge = maxAge
+	}
+}
+
+// WithSize defined max length of LruCache
+func WithSize(maxSize int) Option {
+	return func(l *LruCache) {
+		l.maxSize = maxSize
+	}
+}
+
+// WithStale decide whether Stale return is enabled.
+// If this feature is enabled, element will not get Evicted according to `WithAge`.
+func WithStale(stale bool) Option {
+	return func(l *LruCache) {
+		l.staleReturn = stale
+	}
+}
+
+// LruCache is a thread-safe, in-memory lru-cache that evicts the
+// least recently used entries from memory when (if set) the entries are
+// older than maxAge (in seconds).  Use the New constructor to create one.
+type LruCache struct {
+	maxAge         int64
+	maxSize        int
+	mu             sync.Mutex
+	cache          map[interface{}]*list.Element
+	lru            *list.List // Front is least-recent
+	updateAgeOnGet bool
+	staleReturn    bool
+	onEvict        EvictCallback
+}
+
+// NewLRUCache creates an LruCache
+func NewLRUCache(options ...Option) *LruCache {
+	lc := &LruCache{
+		lru:   list.New(),
+		cache: make(map[interface{}]*list.Element),
+	}
+
+	for _, option := range options {
+		option(lc)
+	}
+
+	return lc
+}
+
+// Get returns the interface{} representation of a cached response and a bool
+// set to true if the key was found.
+func (c *LruCache) Get(key interface{}) (interface{}, bool) {
+	entry := c.get(key)
+	if entry == nil {
+		return nil, false
+	}
+	value := entry.value
+
+	return value, true
+}
+
+// GetWithExpire returns the interface{} representation of a cached response,
+// a time.Time Give expected expires,
+// and a bool set to true if the key was found.
+// This method will NOT check the maxAge of element and will NOT update the expires.
+func (c *LruCache) GetWithExpire(key interface{}) (interface{}, time.Time, bool) {
+	entry := c.get(key)
+	if entry == nil {
+		return nil, time.Time{}, false
+	}
+
+	return entry.value, time.Unix(entry.expires, 0), true
+}
+
+// Exist returns if key exist in cache but not put item to the head of linked list
+func (c *LruCache) Exist(key interface{}) bool {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	_, ok := c.cache[key]
+	return ok
+}
+
+// Set stores the interface{} representation of a response for a given key.
+func (c *LruCache) Set(key interface{}, value interface{}) {
+	expires := int64(0)
+	if c.maxAge > 0 {
+		expires = time.Now().Unix() + c.maxAge
+	}
+	c.SetWithExpire(key, value, time.Unix(expires, 0))
+}
+
+// SetWithExpire stores the interface{} representation of a response for a given key and given exires.
+// The expires time will round to second.
+func (c *LruCache) SetWithExpire(key interface{}, value interface{}, expires time.Time) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	if le, ok := c.cache[key]; ok {
+		c.lru.MoveToBack(le)
+		e := le.Value.(*entry)
+		e.value = value
+		e.expires = expires.Unix()
+	} else {
+		e := &entry{key: key, value: value, expires: expires.Unix()}
+		c.cache[key] = c.lru.PushBack(e)
+
+		if c.maxSize > 0 {
+			if len := c.lru.Len(); len > c.maxSize {
+				c.deleteElement(c.lru.Front())
+			}
+		}
+	}
+
+	c.maybeDeleteOldest()
+}
+
+func (c *LruCache) get(key interface{}) *entry {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	le, ok := c.cache[key]
+	if !ok {
+		return nil
+	}
+
+	if !c.staleReturn && c.maxAge > 0 && le.Value.(*entry).expires <= time.Now().Unix() {
+		c.deleteElement(le)
+		c.maybeDeleteOldest()
+
+		return nil
+	}
+
+	c.lru.MoveToBack(le)
+	entry := le.Value.(*entry)
+	if c.maxAge > 0 && c.updateAgeOnGet {
+		entry.expires = time.Now().Unix() + c.maxAge
+	}
+	return entry
+}
+
+// Delete removes the value associated with a key.
+func (c *LruCache) Delete(key string) {
+	c.mu.Lock()
+
+	if le, ok := c.cache[key]; ok {
+		c.deleteElement(le)
+	}
+
+	c.mu.Unlock()
+}
+
+func (c *LruCache) maybeDeleteOldest() {
+	if !c.staleReturn && c.maxAge > 0 {
+		now := time.Now().Unix()
+		for le := c.lru.Front(); le != nil && le.Value.(*entry).expires <= now; le = c.lru.Front() {
+			c.deleteElement(le)
+		}
+	}
+}
+
+func (c *LruCache) deleteElement(le *list.Element) {
+	c.lru.Remove(le)
+	e := le.Value.(*entry)
+	delete(c.cache, e.key)
+	if c.onEvict != nil {
+		c.onEvict(e.key, e.value)
+	}
+}
+
+type entry struct {
+	key     interface{}
+	value   interface{}
+	expires int64
+}
--- a/common/cache/lrucache_test.go
+++ b/common/cache/lrucache_test.go
@ -0,0 +1,166 @@
+package cache
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var entries = []struct {
+	key   string
+	value string
+}{
+	{"1", "one"},
+	{"2", "two"},
+	{"3", "three"},
+	{"4", "four"},
+	{"5", "five"},
+}
+
+func TestLRUCache(t *testing.T) {
+	c := NewLRUCache()
+
+	for _, e := range entries {
+		c.Set(e.key, e.value)
+	}
+
+	c.Delete("missing")
+	_, ok := c.Get("missing")
+	assert.False(t, ok)
+
+	for _, e := range entries {
+		value, ok := c.Get(e.key)
+		if assert.True(t, ok) {
+			assert.Equal(t, e.value, value.(string))
+		}
+	}
+
+	for _, e := range entries {
+		c.Delete(e.key)
+
+		_, ok := c.Get(e.key)
+		assert.False(t, ok)
+	}
+}
+
+func TestLRUMaxAge(t *testing.T) {
+	c := NewLRUCache(WithAge(86400))
+
+	now := time.Now().Unix()
+	expected := now + 86400
+
+	// Add one expired entry
+	c.Set("foo", "bar")
+	c.lru.Back().Value.(*entry).expires = now
+
+	// Reset
+	c.Set("foo", "bar")
+	e := c.lru.Back().Value.(*entry)
+	assert.True(t, e.expires >= now)
+	c.lru.Back().Value.(*entry).expires = now
+
+	// Set a few and verify expiration times
+	for _, s := range entries {
+		c.Set(s.key, s.value)
+		e := c.lru.Back().Value.(*entry)
+		assert.True(t, e.expires >= expected && e.expires <= expected+10)
+	}
+
+	// Make sure we can get them all
+	for _, s := range entries {
+		_, ok := c.Get(s.key)
+		assert.True(t, ok)
+	}
+
+	// Expire all entries
+	for _, s := range entries {
+		le, ok := c.cache[s.key]
+		if assert.True(t, ok) {
+			le.Value.(*entry).expires = now
+		}
+	}
+
+	// Get one expired entry, which should clear all expired entries
+	_, ok := c.Get("3")
+	assert.False(t, ok)
+	assert.Equal(t, c.lru.Len(), 0)
+}
+
+func TestLRUpdateOnGet(t *testing.T) {
+	c := NewLRUCache(WithAge(86400), WithUpdateAgeOnGet())
+
+	now := time.Now().Unix()
+	expires := now + 86400/2
+
+	// Add one expired entry
+	c.Set("foo", "bar")
+	c.lru.Back().Value.(*entry).expires = expires
+
+	_, ok := c.Get("foo")
+	assert.True(t, ok)
+	assert.True(t, c.lru.Back().Value.(*entry).expires > expires)
+}
+
+func TestMaxSize(t *testing.T) {
+	c := NewLRUCache(WithSize(2))
+	// Add one expired entry
+	c.Set("foo", "bar")
+	_, ok := c.Get("foo")
+	assert.True(t, ok)
+
+	c.Set("bar", "foo")
+	c.Set("baz", "foo")
+
+	_, ok = c.Get("foo")
+	assert.False(t, ok)
+}
+
+func TestExist(t *testing.T) {
+	c := NewLRUCache(WithSize(1))
+	c.Set(1, 2)
+	assert.True(t, c.Exist(1))
+	c.Set(2, 3)
+	assert.False(t, c.Exist(1))
+}
+
+func TestEvict(t *testing.T) {
+	temp := 0
+	evict := func(key interface{}, value interface{}) {
+		temp = key.(int) + value.(int)
+	}
+
+	c := NewLRUCache(WithEvict(evict), WithSize(1))
+	c.Set(1, 2)
+	c.Set(2, 3)
+
+	assert.Equal(t, temp, 3)
+}
+
+func TestSetWithExpire(t *testing.T) {
+	c := NewLRUCache(WithAge(1))
+	now := time.Now().Unix()
+
+	tenSecBefore := time.Unix(now-10, 0)
+	c.SetWithExpire(1, 2, tenSecBefore)
+
+	// res is expected not to exist, and expires should be empty time.Time
+	res, expires, exist := c.GetWithExpire(1)
+	assert.Equal(t, nil, res)
+	assert.Equal(t, time.Time{}, expires)
+	assert.Equal(t, false, exist)
+
+}
+
+func TestStale(t *testing.T) {
+	c := NewLRUCache(WithAge(1), WithStale(true))
+	now := time.Now().Unix()
+
+	tenSecBefore := time.Unix(now-10, 0)
+	c.SetWithExpire(1, 2, tenSecBefore)
+
+	res, expires, exist := c.GetWithExpire(1)
+	assert.Equal(t, 2, res)
+	assert.Equal(t, tenSecBefore, expires)
+	assert.Equal(t, true, exist)
+}
--- a/common/murmur3/murmur.go
+++ b/common/murmur3/murmur.go
@ -0,0 +1,50 @@
+package murmur3
+
+type bmixer interface {
+	bmix(p []byte) (tail []byte)
+	Size() (n int)
+	reset()
+}
+
+type digest struct {
+	clen int      // Digested input cumulative length.
+	tail []byte   // 0 to Size()-1 bytes view of `buf'.
+	buf  [16]byte // Expected (but not required) to be Size() large.
+	seed uint32   // Seed for initializing the hash.
+	bmixer
+}
+
+func (d *digest) BlockSize() int { return 1 }
+
+func (d *digest) Write(p []byte) (n int, err error) {
+	n = len(p)
+	d.clen += n
+
+	if len(d.tail) > 0 {
+		// Stick back pending bytes.
+		nfree := d.Size() - len(d.tail) // nfree ∈ [1, d.Size()-1].
+		if nfree < len(p) {
+			// One full block can be formed.
+			block := append(d.tail, p[:nfree]...)
+			p = p[nfree:]
+			_ = d.bmix(block) // No tail.
+		} else {
+			// Tail's buf is large enough to prevent reallocs.
+			p = append(d.tail, p...)
+		}
+	}
+
+	d.tail = d.bmix(p)
+
+	// Keep own copy of the 0 to Size()-1 pending bytes.
+	nn := copy(d.buf[:], d.tail)
+	d.tail = d.buf[:nn]
+
+	return n, nil
+}
+
+func (d *digest) Reset() {
+	d.clen = 0
+	d.tail = nil
+	d.bmixer.reset()
+}
--- a/common/murmur3/murmur32.go
+++ b/common/murmur3/murmur32.go
@ -0,0 +1,145 @@
+package murmur3
+
+// https://github.com/spaolacci/murmur3/blob/master/murmur32.go
+
+import (
+	"hash"
+	"math/bits"
+	"unsafe"
+)
+
+// Make sure interfaces are correctly implemented.
+var (
+	_ hash.Hash32 = new(digest32)
+	_ bmixer      = new(digest32)
+)
+
+const (
+	c1_32 uint32 = 0xcc9e2d51
+	c2_32 uint32 = 0x1b873593
+)
+
+// digest32 represents a partial evaluation of a 32 bites hash.
+type digest32 struct {
+	digest
+	h1 uint32 // Unfinalized running hash.
+}
+
+// New32 returns new 32-bit hasher
+func New32() hash.Hash32 { return New32WithSeed(0) }
+
+// New32WithSeed returns new 32-bit hasher set with explicit seed value
+func New32WithSeed(seed uint32) hash.Hash32 {
+	d := new(digest32)
+	d.seed = seed
+	d.bmixer = d
+	d.Reset()
+	return d
+}
+
+func (d *digest32) Size() int { return 4 }
+
+func (d *digest32) reset() { d.h1 = d.seed }
+
+func (d *digest32) Sum(b []byte) []byte {
+	h := d.Sum32()
+	return append(b, byte(h>>24), byte(h>>16), byte(h>>8), byte(h))
+}
+
+// Digest as many blocks as possible.
+func (d *digest32) bmix(p []byte) (tail []byte) {
+	h1 := d.h1
+
+	nblocks := len(p) / 4
+	for i := 0; i < nblocks; i++ {
+		k1 := *(*uint32)(unsafe.Pointer(&p[i*4]))
+
+		k1 *= c1_32
+		k1 = bits.RotateLeft32(k1, 15)
+		k1 *= c2_32
+
+		h1 ^= k1
+		h1 = bits.RotateLeft32(h1, 13)
+		h1 = h1*4 + h1 + 0xe6546b64
+	}
+	d.h1 = h1
+	return p[nblocks*d.Size():]
+}
+
+func (d *digest32) Sum32() (h1 uint32) {
+
+	h1 = d.h1
+
+	var k1 uint32
+	switch len(d.tail) & 3 {
+	case 3:
+		k1 ^= uint32(d.tail[2]) << 16
+		fallthrough
+	case 2:
+		k1 ^= uint32(d.tail[1]) << 8
+		fallthrough
+	case 1:
+		k1 ^= uint32(d.tail[0])
+		k1 *= c1_32
+		k1 = bits.RotateLeft32(k1, 15)
+		k1 *= c2_32
+		h1 ^= k1
+	}
+
+	h1 ^= uint32(d.clen)
+
+	h1 ^= h1 >> 16
+	h1 *= 0x85ebca6b
+	h1 ^= h1 >> 13
+	h1 *= 0xc2b2ae35
+	h1 ^= h1 >> 16
+
+	return h1
+}
+
+func Sum32(data []byte) uint32 { return Sum32WithSeed(data, 0) }
+
+func Sum32WithSeed(data []byte, seed uint32) uint32 {
+	h1 := seed
+
+	nblocks := len(data) / 4
+	for i := 0; i < nblocks; i++ {
+		k1 := *(*uint32)(unsafe.Pointer(&data[i*4]))
+
+		k1 *= c1_32
+		k1 = bits.RotateLeft32(k1, 15)
+		k1 *= c2_32
+
+		h1 ^= k1
+		h1 = bits.RotateLeft32(h1, 13)
+		h1 = h1*4 + h1 + 0xe6546b64
+	}
+
+	tail := data[nblocks*4:]
+
+	var k1 uint32
+	switch len(tail) & 3 {
+	case 3:
+		k1 ^= uint32(tail[2]) << 16
+		fallthrough
+	case 2:
+		k1 ^= uint32(tail[1]) << 8
+		fallthrough
+	case 1:
+		k1 ^= uint32(tail[0])
+		k1 *= c1_32
+		k1 = bits.RotateLeft32(k1, 15)
+		k1 *= c2_32
+		h1 ^= k1
+	}
+
+	h1 ^= uint32(len(data))
+
+	h1 ^= h1 >> 16
+	h1 *= 0x85ebca6b
+	h1 ^= h1 >> 13
+	h1 *= 0xc2b2ae35
+	h1 ^= h1 >> 16
+
+	return h1
+}
--- a/common/observable/observable.go
+++ b/common/observable/observable.go
@ -7,60 +7,58 @@ import (

 type Observable struct {
 	iterable Iterable
-	listener *sync.Map
+	listener map[Subscription]*Subscriber
+	mux      sync.Mutex
 	done     bool
-	doneLock sync.RWMutex
 }

 func (o *Observable) process() {
 	for item := range o.iterable {
-		o.listener.Range(func(key, value interface{}) bool {
-			elm := value.(*Subscriber)
-			elm.Emit(item)
-			return true
-		})
+		o.mux.Lock()
+		for _, sub := range o.listener {
+			sub.Emit(item)
+		}
+		o.mux.Unlock()
 	}
 	o.close()
 }

 func (o *Observable) close() {
-	o.doneLock.Lock()
-	o.done = true
-	o.doneLock.Unlock()
+	o.mux.Lock()
+	defer o.mux.Unlock()

-	o.listener.Range(func(key, value interface{}) bool {
-		elm := value.(*Subscriber)
-		elm.Close()
-		return true
-	})
+	o.done = true
+	for _, sub := range o.listener {
+		sub.Close()
+	}
 }

 func (o *Observable) Subscribe() (Subscription, error) {
-	o.doneLock.RLock()
-	done := o.done
-	o.doneLock.RUnlock()
-	if done == true {
+	o.mux.Lock()
+	defer o.mux.Unlock()
+	if o.done {
 		return nil, errors.New("Observable is closed")
 	}
 	subscriber := newSubscriber()
-	o.listener.Store(subscriber.Out(), subscriber)
+	o.listener[subscriber.Out()] = subscriber
 	return subscriber.Out(), nil
 }

 func (o *Observable) UnSubscribe(sub Subscription) {
-	elm, exist := o.listener.Load(sub)
+	o.mux.Lock()
+	defer o.mux.Unlock()
+	subscriber, exist := o.listener[sub]
 	if !exist {
 		return
 	}
-	subscriber := elm.(*Subscriber)
-	o.listener.Delete(subscriber.Out())
+	delete(o.listener, sub)
 	subscriber.Close()
 }

 func NewObservable(any Iterable) *Observable {
 	observable := &Observable{
 		iterable: any,
-		listener: &sync.Map{},
+		listener: map[Subscription]*Subscriber{},
 	}
 	go observable.process()
 	return observable
--- a/common/observable/observable_test.go
+++ b/common/observable/observable_test.go
@ -1,10 +1,12 @@
 package observable

 import (
-	"runtime"
 	"sync"
+	"sync/atomic"
 	"testing"
 	"time"
+
+	"github.com/stretchr/testify/assert"
 )

 func iterator(item []interface{}) chan interface{} {
@ -23,16 +25,12 @@ func TestObservable(t *testing.T) {
 	iter := iterator([]interface{}{1, 2, 3, 4, 5})
 	src := NewObservable(iter)
 	data, err := src.Subscribe()
-	if err != nil {
-		t.Error(err)
-	}
+	assert.Nil(t, err)
 	count := 0
 	for range data {
-		count = count + 1
-	}
-	if count != 5 {
-		t.Error("Revc number error")
+		count++
 	}
+	assert.Equal(t, count, 5)
 }

 func TestObservable_MutilSubscribe(t *testing.T) {
@ -40,36 +38,30 @@ func TestObservable_MutilSubscribe(t *testing.T) {
 	src := NewObservable(iter)
 	ch1, _ := src.Subscribe()
 	ch2, _ := src.Subscribe()
-	count := 0
+	var count int32

 	var wg sync.WaitGroup
 	wg.Add(2)
 	waitCh := func(ch <-chan interface{}) {
 		for range ch {
-			count = count + 1
+			atomic.AddInt32(&count, 1)
 		}
 		wg.Done()
 	}
 	go waitCh(ch1)
 	go waitCh(ch2)
 	wg.Wait()
-	if count != 10 {
-		t.Error("Revc number error")
-	}
+	assert.Equal(t, int32(10), count)
 }

 func TestObservable_UnSubscribe(t *testing.T) {
 	iter := iterator([]interface{}{1, 2, 3, 4, 5})
 	src := NewObservable(iter)
 	data, err := src.Subscribe()
-	if err != nil {
-		t.Error(err)
-	}
+	assert.Nil(t, err)
 	src.UnSubscribe(data)
 	_, open := <-data
-	if open {
-		t.Error("Revc number error")
-	}
+	assert.False(t, open)
 }

 func TestObservable_SubscribeClosedSource(t *testing.T) {
@ -79,9 +71,7 @@ func TestObservable_SubscribeClosedSource(t *testing.T) {
 	<-data

 	_, closed := src.Subscribe()
-	if closed == nil {
-		t.Error("Observable should be closed")
-	}
+	assert.NotNil(t, closed)
 }

 func TestObservable_UnSubscribeWithNotExistSubscription(t *testing.T) {
@ -92,9 +82,6 @@ func TestObservable_UnSubscribeWithNotExistSubscription(t *testing.T) {
 }

 func TestObservable_SubscribeGoroutineLeak(t *testing.T) {
-	// waiting for other goroutine recycle
-	time.Sleep(120 * time.Millisecond)
-	init := runtime.NumGoroutine()
 	iter := iterator([]interface{}{1, 2, 3, 4, 5})
 	src := NewObservable(iter)
 	max := 100
@ -117,8 +104,12 @@ func TestObservable_SubscribeGoroutineLeak(t *testing.T) {
 		go waitCh(ch)
 	}
 	wg.Wait()
-	now := runtime.NumGoroutine()
-	if init != now {
-		t.Errorf("Goroutine Leak: init %d now %d", init, now)
+
+	for _, sub := range list {
+		_, more := <-sub
+		assert.False(t, more)
 	}
+
+	_, more := <-list[0]
+	assert.False(t, more)
 }
--- a/common/picker/picker.go
+++ b/common/picker/picker.go
@ -0,0 +1,80 @@
+package picker
+
+import (
+	"context"
+	"sync"
+	"time"
+)
+
+// Picker provides synchronization, and Context cancelation
+// for groups of goroutines working on subtasks of a common task.
+// Inspired by errGroup
+type Picker struct {
+	ctx    context.Context
+	cancel func()
+
+	wg sync.WaitGroup
+
+	once    sync.Once
+	errOnce sync.Once
+	result  interface{}
+	err     error
+}
+
+func newPicker(ctx context.Context, cancel func()) *Picker {
+	return &Picker{
+		ctx:    ctx,
+		cancel: cancel,
+	}
+}
+
+// WithContext returns a new Picker and an associated Context derived from ctx.
+// and cancel when first element return.
+func WithContext(ctx context.Context) (*Picker, context.Context) {
+	ctx, cancel := context.WithCancel(ctx)
+	return newPicker(ctx, cancel), ctx
+}
+
+// WithTimeout returns a new Picker and an associated Context derived from ctx with timeout.
+func WithTimeout(ctx context.Context, timeout time.Duration) (*Picker, context.Context) {
+	ctx, cancel := context.WithTimeout(ctx, timeout)
+	return newPicker(ctx, cancel), ctx
+}
+
+// Wait blocks until all function calls from the Go method have returned,
+// then returns the first nil error result (if any) from them.
+func (p *Picker) Wait() interface{} {
+	p.wg.Wait()
+	if p.cancel != nil {
+		p.cancel()
+	}
+	return p.result
+}
+
+// Error return the first error (if all success return nil)
+func (p *Picker) Error() error {
+	return p.err
+}
+
+// Go calls the given function in a new goroutine.
+// The first call to return a nil error cancels the group; its result will be returned by Wait.
+func (p *Picker) Go(f func() (interface{}, error)) {
+	p.wg.Add(1)
+
+	go func() {
+		defer p.wg.Done()
+
+		if ret, err := f(); err == nil {
+			p.once.Do(func() {
+				p.result = ret
+				if p.cancel != nil {
+					p.cancel()
+				}
+			})
+		} else {
+			p.errOnce.Do(func() {
+				p.err = err
+			})
+		}
+	}()
+}
--- a/common/picker/picker_test.go
+++ b/common/picker/picker_test.go
@ -0,0 +1,40 @@
+package picker
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func sleepAndSend(ctx context.Context, delay int, input interface{}) func() (interface{}, error) {
+	return func() (interface{}, error) {
+		timer := time.NewTimer(time.Millisecond * time.Duration(delay))
+		select {
+		case <-timer.C:
+			return input, nil
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		}
+	}
+}
+
+func TestPicker_Basic(t *testing.T) {
+	picker, ctx := WithContext(context.Background())
+	picker.Go(sleepAndSend(ctx, 30, 2))
+	picker.Go(sleepAndSend(ctx, 20, 1))
+
+	number := picker.Wait()
+	assert.NotNil(t, number)
+	assert.Equal(t, number.(int), 1)
+}
+
+func TestPicker_Timeout(t *testing.T) {
+	picker, ctx := WithTimeout(context.Background(), time.Millisecond*5)
+	picker.Go(sleepAndSend(ctx, 20, 1))
+
+	number := picker.Wait()
+	assert.Nil(t, number)
+	assert.NotNil(t, picker.Error())
+}
--- a/common/pool/alloc.go
+++ b/common/pool/alloc.go
@ -0,0 +1,65 @@
+package pool
+
+// Inspired by https://github.com/xtaci/smux/blob/master/alloc.go
+
+import (
+	"errors"
+	"math/bits"
+	"sync"
+)
+
+var defaultAllocator *Allocator
+
+func init() {
+	defaultAllocator = NewAllocator()
+}
+
+// Allocator for incoming frames, optimized to prevent overwriting after zeroing
+type Allocator struct {
+	buffers []sync.Pool
+}
+
+// NewAllocator initiates a []byte allocator for frames less than 65536 bytes,
+// the waste(memory fragmentation) of space allocation is guaranteed to be
+// no more than 50%.
+func NewAllocator() *Allocator {
+	alloc := new(Allocator)
+	alloc.buffers = make([]sync.Pool, 17) // 1B -> 64K
+	for k := range alloc.buffers {
+		i := k
+		alloc.buffers[k].New = func() interface{} {
+			return make([]byte, 1<<uint32(i))
+		}
+	}
+	return alloc
+}
+
+// Get a []byte from pool with most appropriate cap
+func (alloc *Allocator) Get(size int) []byte {
+	if size <= 0 || size > 65536 {
+		return nil
+	}
+
+	bits := msb(size)
+	if size == 1<<bits {
+		return alloc.buffers[bits].Get().([]byte)[:size]
+	}
+
+	return alloc.buffers[bits+1].Get().([]byte)[:size]
+}
+
+// Put returns a []byte to pool for future use,
+// which the cap must be exactly 2^n
+func (alloc *Allocator) Put(buf []byte) error {
+	bits := msb(cap(buf))
+	if cap(buf) == 0 || cap(buf) > 65536 || cap(buf) != 1<<bits {
+		return errors.New("allocator Put() incorrect buffer size")
+	}
+	alloc.buffers[bits].Put(buf)
+	return nil
+}
+
+// msb return the pos of most significiant bit
+func msb(size int) uint16 {
+	return uint16(bits.Len32(uint32(size)) - 1)
+}
--- a/common/pool/alloc_test.go
+++ b/common/pool/alloc_test.go
@ -0,0 +1,48 @@
+package pool
+
+import (
+	"math/rand"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAllocGet(t *testing.T) {
+	alloc := NewAllocator()
+	assert.Nil(t, alloc.Get(0))
+	assert.Equal(t, 1, len(alloc.Get(1)))
+	assert.Equal(t, 2, len(alloc.Get(2)))
+	assert.Equal(t, 3, len(alloc.Get(3)))
+	assert.Equal(t, 4, cap(alloc.Get(3)))
+	assert.Equal(t, 4, cap(alloc.Get(4)))
+	assert.Equal(t, 1023, len(alloc.Get(1023)))
+	assert.Equal(t, 1024, cap(alloc.Get(1023)))
+	assert.Equal(t, 1024, len(alloc.Get(1024)))
+	assert.Equal(t, 65536, len(alloc.Get(65536)))
+	assert.Nil(t, alloc.Get(65537))
+}
+
+func TestAllocPut(t *testing.T) {
+	alloc := NewAllocator()
+	assert.NotNil(t, alloc.Put(nil), "put nil misbehavior")
+	assert.NotNil(t, alloc.Put(make([]byte, 3, 3)), "put elem:3 []bytes misbehavior")
+	assert.Nil(t, alloc.Put(make([]byte, 4, 4)), "put elem:4 []bytes misbehavior")
+	assert.Nil(t, alloc.Put(make([]byte, 1023, 1024)), "put elem:1024 []bytes misbehavior")
+	assert.Nil(t, alloc.Put(make([]byte, 65536, 65536)), "put elem:65536 []bytes misbehavior")
+	assert.NotNil(t, alloc.Put(make([]byte, 65537, 65537)), "put elem:65537 []bytes misbehavior")
+}
+
+func TestAllocPutThenGet(t *testing.T) {
+	alloc := NewAllocator()
+	data := alloc.Get(4)
+	alloc.Put(data)
+	newData := alloc.Get(4)
+
+	assert.Equal(t, cap(data), cap(newData), "different cap while alloc.Get()")
+}
+
+func BenchmarkMSB(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		msb(rand.Int())
+	}
+}
--- a/common/pool/pool.go
+++ b/common/pool/pool.go
@ -0,0 +1,16 @@
+package pool
+
+const (
+	// io.Copy default buffer size is 32 KiB
+	// but the maximum packet size of vmess/shadowsocks is about 16 KiB
+	// so define a buffer of 20 KiB to reduce the memory of each TCP relay
+	RelayBufferSize = 20 * 1024
+)
+
+func Get(size int) []byte {
+	return defaultAllocator.Get(size)
+}
+
+func Put(buf []byte) error {
+	return defaultAllocator.Put(buf)
+}
--- a/common/queue/queue.go
+++ b/common/queue/queue.go
@ -0,0 +1,71 @@
+package queue
+
+import (
+	"sync"
+)
+
+// Queue is a simple concurrent safe queue
+type Queue struct {
+	items []interface{}
+	lock  sync.RWMutex
+}
+
+// Put add the item to the queue.
+func (q *Queue) Put(items ...interface{}) {
+	if len(items) == 0 {
+		return
+	}
+
+	q.lock.Lock()
+	q.items = append(q.items, items...)
+	q.lock.Unlock()
+}
+
+// Pop returns the head of items.
+func (q *Queue) Pop() interface{} {
+	if len(q.items) == 0 {
+		return nil
+	}
+
+	q.lock.Lock()
+	head := q.items[0]
+	q.items = q.items[1:]
+	q.lock.Unlock()
+	return head
+}
+
+// Last returns the last of item.
+func (q *Queue) Last() interface{} {
+	if len(q.items) == 0 {
+		return nil
+	}
+
+	q.lock.RLock()
+	last := q.items[len(q.items)-1]
+	q.lock.RUnlock()
+	return last
+}
+
+// Copy get the copy of queue.
+func (q *Queue) Copy() []interface{} {
+	items := []interface{}{}
+	q.lock.RLock()
+	items = append(items, q.items...)
+	q.lock.RUnlock()
+	return items
+}
+
+// Len returns the number of items in this queue.
+func (q *Queue) Len() int64 {
+	q.lock.Lock()
+	defer q.lock.Unlock()
+
+	return int64(len(q.items))
+}
+
+// New is a constructor for a new concurrent safe queue.
+func New(hint int64) *Queue {
+	return &Queue{
+		items: make([]interface{}, 0, hint),
+	}
+}
--- a/common/singledo/singledo.go
+++ b/common/singledo/singledo.go
@ -0,0 +1,62 @@
+package singledo
+
+import (
+	"sync"
+	"time"
+)
+
+type call struct {
+	wg  sync.WaitGroup
+	val interface{}
+	err error
+}
+
+type Single struct {
+	mux    sync.Mutex
+	last   time.Time
+	wait   time.Duration
+	call   *call
+	result *Result
+}
+
+type Result struct {
+	Val interface{}
+	Err error
+}
+
+func (s *Single) Do(fn func() (interface{}, error)) (v interface{}, err error, shared bool) {
+	s.mux.Lock()
+	now := time.Now()
+	if now.Before(s.last.Add(s.wait)) {
+		s.mux.Unlock()
+		return s.result.Val, s.result.Err, true
+	}
+
+	if call := s.call; call != nil {
+		s.mux.Unlock()
+		call.wg.Wait()
+		return call.val, call.err, true
+	}
+
+	call := &call{}
+	call.wg.Add(1)
+	s.call = call
+	s.mux.Unlock()
+	call.val, call.err = fn()
+	call.wg.Done()
+
+	s.mux.Lock()
+	s.call = nil
+	s.result = &Result{call.val, call.err}
+	s.last = now
+	s.mux.Unlock()
+	return call.val, call.err, false
+}
+
+func (s *Single) Reset() {
+	s.last = time.Time{}
+}
+
+func NewSingle(wait time.Duration) *Single {
+	return &Single{wait: wait}
+}
--- a/common/singledo/singledo_test.go
+++ b/common/singledo/singledo_test.go
@ -0,0 +1,69 @@
+package singledo
+
+import (
+	"sync"
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestBasic(t *testing.T) {
+	single := NewSingle(time.Millisecond * 30)
+	foo := 0
+	var shardCount int32 = 0
+	call := func() (interface{}, error) {
+		foo++
+		time.Sleep(time.Millisecond * 5)
+		return nil, nil
+	}
+
+	var wg sync.WaitGroup
+	const n = 5
+	wg.Add(n)
+	for i := 0; i < n; i++ {
+		go func() {
+			_, _, shard := single.Do(call)
+			if shard {
+				atomic.AddInt32(&shardCount, 1)
+			}
+			wg.Done()
+		}()
+	}
+
+	wg.Wait()
+	assert.Equal(t, 1, foo)
+	assert.Equal(t, int32(4), shardCount)
+}
+
+func TestTimer(t *testing.T) {
+	single := NewSingle(time.Millisecond * 30)
+	foo := 0
+	call := func() (interface{}, error) {
+		foo++
+		return nil, nil
+	}
+
+	single.Do(call)
+	time.Sleep(10 * time.Millisecond)
+	_, _, shard := single.Do(call)
+
+	assert.Equal(t, 1, foo)
+	assert.True(t, shard)
+}
+
+func TestReset(t *testing.T) {
+	single := NewSingle(time.Millisecond * 30)
+	foo := 0
+	call := func() (interface{}, error) {
+		foo++
+		return nil, nil
+	}
+
+	single.Do(call)
+	single.Reset()
+	single.Do(call)
+
+	assert.Equal(t, 2, foo)
+}
--- a/common/sockopt/reuseaddr_linux.go
+++ b/common/sockopt/reuseaddr_linux.go
@ -0,0 +1,19 @@
+package sockopt
+
+import (
+	"net"
+	"syscall"
+)
+
+func UDPReuseaddr(c *net.UDPConn) (err error) {
+	rc, err := c.SyscallConn()
+	if err != nil {
+		return
+	}
+
+	rc.Control(func(fd uintptr) {
+		err = syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_REUSEADDR, 1)
+	})
+
+	return
+}
--- a/common/sockopt/reuseaddr_other.go
+++ b/common/sockopt/reuseaddr_other.go
@ -0,0 +1,11 @@
+// +build !linux
+
+package sockopt
+
+import (
+	"net"
+)
+
+func UDPReuseaddr(c *net.UDPConn) (err error) {
+	return
+}
--- a/common/structure/structure.go
+++ b/common/structure/structure.go
@ -1,5 +1,7 @@
 package structure

+// references: https://github.com/mitchellh/mapstructure
+
 import (
 	"fmt"
 	"reflect"
@ -45,11 +47,11 @@ func (d *Decoder) Decode(src map[string]interface{}, dst interface{}) error {
 		}

 		value, ok := src[key]
-		if !ok {
+		if !ok || value == nil {
 			if omitempty {
 				continue
 			}
-			return fmt.Errorf("key %s missing", key)
+			return fmt.Errorf("key '%s' missing", key)
 		}

 		err := d.decode(key, value, v.Field(idx))
@ -70,6 +72,12 @@ func (d *Decoder) decode(name string, data interface{}, val reflect.Value) error
 		return d.decodeBool(name, data, val)
 	case reflect.Slice:
 		return d.decodeSlice(name, data, val)
+	case reflect.Map:
+		return d.decodeMap(name, data, val)
+	case reflect.Interface:
+		return d.setInterface(name, data, val)
+	case reflect.Struct:
+		return d.decodeStruct(name, data, val)
 	default:
 		return fmt.Errorf("type %s not support", val.Kind().String())
 	}
@ -108,7 +116,7 @@ func (d *Decoder) decodeString(name string, data interface{}, val reflect.Value)
 		val.SetString(strconv.FormatInt(dataVal.Int(), 10))
 	default:
 		err = fmt.Errorf(
-			"'%s' expected type'%s', got unconvertible type '%s'",
+			"'%s' expected type '%s', got unconvertible type '%s'",
 			name, val.Type(), dataVal.Type(),
 		)
 	}
@ -125,7 +133,7 @@ func (d *Decoder) decodeBool(name string, data interface{}, val reflect.Value) (
 		val.SetBool(dataVal.Int() != 0)
 	default:
 		err = fmt.Errorf(
-			"'%s' expected type'%s', got unconvertible type '%s'",
+			"'%s' expected type '%s', got unconvertible type '%s'",
 			name, val.Type(), dataVal.Type(),
 		)
 	}
@ -158,3 +166,234 @@ func (d *Decoder) decodeSlice(name string, data interface{}, val reflect.Value)
 	val.Set(valSlice)
 	return nil
 }
+
+func (d *Decoder) decodeMap(name string, data interface{}, val reflect.Value) error {
+	valType := val.Type()
+	valKeyType := valType.Key()
+	valElemType := valType.Elem()
+
+	valMap := val
+
+	if valMap.IsNil() {
+		mapType := reflect.MapOf(valKeyType, valElemType)
+		valMap = reflect.MakeMap(mapType)
+	}
+
+	dataVal := reflect.Indirect(reflect.ValueOf(data))
+	if dataVal.Kind() != reflect.Map {
+		return fmt.Errorf("'%s' expected a map, got '%s'", name, dataVal.Kind())
+	}
+
+	return d.decodeMapFromMap(name, dataVal, val, valMap)
+}
+
+func (d *Decoder) decodeMapFromMap(name string, dataVal reflect.Value, val reflect.Value, valMap reflect.Value) error {
+	valType := val.Type()
+	valKeyType := valType.Key()
+	valElemType := valType.Elem()
+
+	errors := make([]string, 0)
+
+	if dataVal.Len() == 0 {
+		if dataVal.IsNil() {
+			if !val.IsNil() {
+				val.Set(dataVal)
+			}
+		} else {
+			val.Set(valMap)
+		}
+
+		return nil
+	}
+
+	for _, k := range dataVal.MapKeys() {
+		fieldName := fmt.Sprintf("%s[%s]", name, k)
+
+		currentKey := reflect.Indirect(reflect.New(valKeyType))
+		if err := d.decode(fieldName, k.Interface(), currentKey); err != nil {
+			errors = append(errors, err.Error())
+			continue
+		}
+
+		v := dataVal.MapIndex(k).Interface()
+		if v == nil {
+			errors = append(errors, fmt.Sprintf("filed %s invalid", fieldName))
+			continue
+		}
+
+		currentVal := reflect.Indirect(reflect.New(valElemType))
+		if err := d.decode(fieldName, v, currentVal); err != nil {
+			errors = append(errors, err.Error())
+			continue
+		}
+
+		valMap.SetMapIndex(currentKey, currentVal)
+	}
+
+	val.Set(valMap)
+
+	if len(errors) > 0 {
+		return fmt.Errorf(strings.Join(errors, ","))
+	}
+
+	return nil
+}
+
+func (d *Decoder) decodeStruct(name string, data interface{}, val reflect.Value) error {
+	dataVal := reflect.Indirect(reflect.ValueOf(data))
+
+	// If the type of the value to write to and the data match directly,
+	// then we just set it directly instead of recursing into the structure.
+	if dataVal.Type() == val.Type() {
+		val.Set(dataVal)
+		return nil
+	}
+
+	dataValKind := dataVal.Kind()
+	switch dataValKind {
+	case reflect.Map:
+		return d.decodeStructFromMap(name, dataVal, val)
+	default:
+		return fmt.Errorf("'%s' expected a map, got '%s'", name, dataVal.Kind())
+	}
+}
+
+func (d *Decoder) decodeStructFromMap(name string, dataVal, val reflect.Value) error {
+	dataValType := dataVal.Type()
+	if kind := dataValType.Key().Kind(); kind != reflect.String && kind != reflect.Interface {
+		return fmt.Errorf(
+			"'%s' needs a map with string keys, has '%s' keys",
+			name, dataValType.Key().Kind())
+	}
+
+	dataValKeys := make(map[reflect.Value]struct{})
+	dataValKeysUnused := make(map[interface{}]struct{})
+	for _, dataValKey := range dataVal.MapKeys() {
+		dataValKeys[dataValKey] = struct{}{}
+		dataValKeysUnused[dataValKey.Interface()] = struct{}{}
+	}
+
+	errors := make([]string, 0)
+
+	// This slice will keep track of all the structs we'll be decoding.
+	// There can be more than one struct if there are embedded structs
+	// that are squashed.
+	structs := make([]reflect.Value, 1, 5)
+	structs[0] = val
+
+	// Compile the list of all the fields that we're going to be decoding
+	// from all the structs.
+	type field struct {
+		field reflect.StructField
+		val   reflect.Value
+	}
+	fields := []field{}
+	for len(structs) > 0 {
+		structVal := structs[0]
+		structs = structs[1:]
+
+		structType := structVal.Type()
+
+		for i := 0; i < structType.NumField(); i++ {
+			fieldType := structType.Field(i)
+			fieldKind := fieldType.Type.Kind()
+
+			// If "squash" is specified in the tag, we squash the field down.
+			squash := false
+			tagParts := strings.Split(fieldType.Tag.Get(d.option.TagName), ",")
+			for _, tag := range tagParts[1:] {
+				if tag == "squash" {
+					squash = true
+					break
+				}
+			}
+
+			if squash {
+				if fieldKind != reflect.Struct {
+					errors = append(errors,
+						fmt.Errorf("%s: unsupported type for squash: %s", fieldType.Name, fieldKind).Error())
+				} else {
+					structs = append(structs, structVal.FieldByName(fieldType.Name))
+				}
+				continue
+			}
+
+			// Normal struct field, store it away
+			fields = append(fields, field{fieldType, structVal.Field(i)})
+		}
+	}
+
+	// for fieldType, field := range fields {
+	for _, f := range fields {
+		field, fieldValue := f.field, f.val
+		fieldName := field.Name
+
+		tagValue := field.Tag.Get(d.option.TagName)
+		tagValue = strings.SplitN(tagValue, ",", 2)[0]
+		if tagValue != "" {
+			fieldName = tagValue
+		}
+
+		rawMapKey := reflect.ValueOf(fieldName)
+		rawMapVal := dataVal.MapIndex(rawMapKey)
+		if !rawMapVal.IsValid() {
+			// Do a slower search by iterating over each key and
+			// doing case-insensitive search.
+			for dataValKey := range dataValKeys {
+				mK, ok := dataValKey.Interface().(string)
+				if !ok {
+					// Not a string key
+					continue
+				}
+
+				if strings.EqualFold(mK, fieldName) {
+					rawMapKey = dataValKey
+					rawMapVal = dataVal.MapIndex(dataValKey)
+					break
+				}
+			}
+
+			if !rawMapVal.IsValid() {
+				// There was no matching key in the map for the value in
+				// the struct. Just ignore.
+				continue
+			}
+		}
+
+		// Delete the key we're using from the unused map so we stop tracking
+		delete(dataValKeysUnused, rawMapKey.Interface())
+
+		if !fieldValue.IsValid() {
+			// This should never happen
+			panic("field is not valid")
+		}
+
+		// If we can't set the field, then it is unexported or something,
+		// and we just continue onwards.
+		if !fieldValue.CanSet() {
+			continue
+		}
+
+		// If the name is empty string, then we're at the root, and we
+		// don't dot-join the fields.
+		if name != "" {
+			fieldName = fmt.Sprintf("%s.%s", name, fieldName)
+		}
+
+		if err := d.decode(fieldName, rawMapVal.Interface(), fieldValue); err != nil {
+			errors = append(errors, err.Error())
+		}
+	}
+
+	if len(errors) > 0 {
+		return fmt.Errorf(strings.Join(errors, ","))
+	}
+
+	return nil
+}
+
+func (d *Decoder) setInterface(name string, data interface{}, val reflect.Value) (err error) {
+	dataVal := reflect.ValueOf(data)
+	val.Set(dataVal)
+	return nil
+}
--- a/component/auth/auth.go
+++ b/component/auth/auth.go
@ -0,0 +1,46 @@
+package auth
+
+import (
+	"sync"
+)
+
+type Authenticator interface {
+	Verify(user string, pass string) bool
+	Users() []string
+}
+
+type AuthUser struct {
+	User string
+	Pass string
+}
+
+type inMemoryAuthenticator struct {
+	storage   *sync.Map
+	usernames []string
+}
+
+func (au *inMemoryAuthenticator) Verify(user string, pass string) bool {
+	realPass, ok := au.storage.Load(user)
+	return ok && realPass == pass
+}
+
+func (au *inMemoryAuthenticator) Users() []string { return au.usernames }
+
+func NewAuthenticator(users []AuthUser) Authenticator {
+	if len(users) == 0 {
+		return nil
+	}
+
+	au := &inMemoryAuthenticator{storage: &sync.Map{}}
+	for _, user := range users {
+		au.storage.Store(user.User, user.Pass)
+	}
+	usernames := make([]string, 0, len(users))
+	au.storage.Range(func(key, value interface{}) bool {
+		usernames = append(usernames, key.(string))
+		return true
+	})
+	au.usernames = usernames
+
+	return au
+}
--- a/component/dialer/dialer.go
+++ b/component/dialer/dialer.go
@ -0,0 +1,174 @@
+package dialer
+
+import (
+	"context"
+	"errors"
+	"net"
+
+	"github.com/Dreamacro/clash/component/resolver"
+)
+
+func Dialer() (*net.Dialer, error) {
+	dialer := &net.Dialer{}
+	if DialerHook != nil {
+		if err := DialerHook(dialer); err != nil {
+			return nil, err
+		}
+	}
+
+	return dialer, nil
+}
+
+func ListenConfig() (*net.ListenConfig, error) {
+	cfg := &net.ListenConfig{}
+	if ListenConfigHook != nil {
+		if err := ListenConfigHook(cfg); err != nil {
+			return nil, err
+		}
+	}
+
+	return cfg, nil
+}
+
+func Dial(network, address string) (net.Conn, error) {
+	return DialContext(context.Background(), network, address)
+}
+
+func DialContext(ctx context.Context, network, address string) (net.Conn, error) {
+	switch network {
+	case "tcp4", "tcp6", "udp4", "udp6":
+		host, port, err := net.SplitHostPort(address)
+		if err != nil {
+			return nil, err
+		}
+
+		dialer, err := Dialer()
+		if err != nil {
+			return nil, err
+		}
+
+		var ip net.IP
+		switch network {
+		case "tcp4", "udp4":
+			ip, err = resolver.ResolveIPv4(host)
+		default:
+			ip, err = resolver.ResolveIPv6(host)
+		}
+
+		if err != nil {
+			return nil, err
+		}
+
+		if DialHook != nil {
+			if err := DialHook(dialer, network, ip); err != nil {
+				return nil, err
+			}
+		}
+		return dialer.DialContext(ctx, network, net.JoinHostPort(ip.String(), port))
+	case "tcp", "udp":
+		return dualStackDialContext(ctx, network, address)
+	default:
+		return nil, errors.New("network invalid")
+	}
+}
+
+func ListenPacket(network, address string) (net.PacketConn, error) {
+	lc, err := ListenConfig()
+	if err != nil {
+		return nil, err
+	}
+
+	if ListenPacketHook != nil && address == "" {
+		ip, err := ListenPacketHook()
+		if err != nil {
+			return nil, err
+		}
+		address = net.JoinHostPort(ip.String(), "0")
+	}
+	return lc.ListenPacket(context.Background(), network, address)
+}
+
+func dualStackDialContext(ctx context.Context, network, address string) (net.Conn, error) {
+	host, port, err := net.SplitHostPort(address)
+	if err != nil {
+		return nil, err
+	}
+
+	returned := make(chan struct{})
+	defer close(returned)
+
+	type dialResult struct {
+		net.Conn
+		error
+		resolved bool
+		ipv6     bool
+		done     bool
+	}
+	results := make(chan dialResult)
+	var primary, fallback dialResult
+
+	startRacer := func(ctx context.Context, network, host string, ipv6 bool) {
+		result := dialResult{ipv6: ipv6, done: true}
+		defer func() {
+			select {
+			case results <- result:
+			case <-returned:
+				if result.Conn != nil {
+					result.Conn.Close()
+				}
+			}
+		}()
+
+		dialer, err := Dialer()
+		if err != nil {
+			result.error = err
+			return
+		}
+
+		var ip net.IP
+		if ipv6 {
+			ip, result.error = resolver.ResolveIPv6(host)
+		} else {
+			ip, result.error = resolver.ResolveIPv4(host)
+		}
+		if result.error != nil {
+			return
+		}
+		result.resolved = true
+
+		if DialHook != nil {
+			if result.error = DialHook(dialer, network, ip); result.error != nil {
+				return
+			}
+		}
+		result.Conn, result.error = dialer.DialContext(ctx, network, net.JoinHostPort(ip.String(), port))
+	}
+
+	go startRacer(ctx, network+"4", host, false)
+	go startRacer(ctx, network+"6", host, true)
+
+	for {
+		select {
+		case res := <-results:
+			if res.error == nil {
+				return res.Conn, nil
+			}
+
+			if !res.ipv6 {
+				primary = res
+			} else {
+				fallback = res
+			}
+
+			if primary.done && fallback.done {
+				if primary.resolved {
+					return nil, primary.error
+				} else if fallback.resolved {
+					return nil, fallback.error
+				} else {
+					return nil, primary.error
+				}
+			}
+		}
+	}
+}
--- a/component/dialer/hook.go
+++ b/component/dialer/hook.go
@ -0,0 +1,148 @@
+package dialer
+
+import (
+	"errors"
+	"net"
+	"time"
+
+	"github.com/Dreamacro/clash/common/singledo"
+)
+
+type DialerHookFunc = func(dialer *net.Dialer) error
+type DialHookFunc = func(dialer *net.Dialer, network string, ip net.IP) error
+type ListenConfigHookFunc = func(*net.ListenConfig) error
+type ListenPacketHookFunc = func() (net.IP, error)
+
+var (
+	DialerHook       DialerHookFunc
+	DialHook         DialHookFunc
+	ListenConfigHook ListenConfigHookFunc
+	ListenPacketHook ListenPacketHookFunc
+)
+
+var (
+	ErrAddrNotFound      = errors.New("addr not found")
+	ErrNetworkNotSupport = errors.New("network not support")
+)
+
+func lookupTCPAddr(ip net.IP, addrs []net.Addr) (*net.TCPAddr, error) {
+	ipv4 := ip.To4() != nil
+
+	for _, elm := range addrs {
+		addr, ok := elm.(*net.IPNet)
+		if !ok {
+			continue
+		}
+
+		addrV4 := addr.IP.To4() != nil
+
+		if addrV4 && ipv4 {
+			return &net.TCPAddr{IP: addr.IP, Port: 0}, nil
+		} else if !addrV4 && !ipv4 {
+			return &net.TCPAddr{IP: addr.IP, Port: 0}, nil
+		}
+	}
+
+	return nil, ErrAddrNotFound
+}
+
+func lookupUDPAddr(ip net.IP, addrs []net.Addr) (*net.UDPAddr, error) {
+	ipv4 := ip.To4() != nil
+
+	for _, elm := range addrs {
+		addr, ok := elm.(*net.IPNet)
+		if !ok {
+			continue
+		}
+
+		addrV4 := addr.IP.To4() != nil
+
+		if addrV4 && ipv4 {
+			return &net.UDPAddr{IP: addr.IP, Port: 0}, nil
+		} else if !addrV4 && !ipv4 {
+			return &net.UDPAddr{IP: addr.IP, Port: 0}, nil
+		}
+	}
+
+	return nil, ErrAddrNotFound
+}
+
+func ListenPacketWithInterface(name string) ListenPacketHookFunc {
+	single := singledo.NewSingle(5 * time.Second)
+
+	return func() (net.IP, error) {
+		elm, err, _ := single.Do(func() (interface{}, error) {
+			iface, err := net.InterfaceByName(name)
+			if err != nil {
+				return nil, err
+			}
+
+			addrs, err := iface.Addrs()
+			if err != nil {
+				return nil, err
+			}
+
+			return addrs, nil
+		})
+
+		if err != nil {
+			return nil, err
+		}
+
+		addrs := elm.([]net.Addr)
+
+		for _, elm := range addrs {
+			addr, ok := elm.(*net.IPNet)
+			if !ok || addr.IP.To4() == nil {
+				continue
+			}
+
+			return addr.IP, nil
+		}
+
+		return nil, ErrAddrNotFound
+	}
+}
+
+func DialerWithInterface(name string) DialHookFunc {
+	single := singledo.NewSingle(5 * time.Second)
+
+	return func(dialer *net.Dialer, network string, ip net.IP) error {
+		elm, err, _ := single.Do(func() (interface{}, error) {
+			iface, err := net.InterfaceByName(name)
+			if err != nil {
+				return nil, err
+			}
+
+			addrs, err := iface.Addrs()
+			if err != nil {
+				return nil, err
+			}
+
+			return addrs, nil
+		})
+
+		if err != nil {
+			return err
+		}
+
+		addrs := elm.([]net.Addr)
+
+		switch network {
+		case "tcp", "tcp4", "tcp6":
+			if addr, err := lookupTCPAddr(ip, addrs); err == nil {
+				dialer.LocalAddr = addr
+			} else {
+				return err
+			}
+		case "udp", "udp4", "udp6":
+			if addr, err := lookupUDPAddr(ip, addrs); err == nil {
+				dialer.LocalAddr = addr
+			} else {
+				return err
+			}
+		}
+
+		return nil
+	}
+}
--- a/component/fakeip/pool.go
+++ b/component/fakeip/pool.go
@ -0,0 +1,141 @@
+package fakeip
+
+import (
+	"errors"
+	"net"
+	"sync"
+
+	"github.com/Dreamacro/clash/common/cache"
+	"github.com/Dreamacro/clash/component/trie"
+)
+
+// Pool is a implementation about fake ip generator without storage
+type Pool struct {
+	max     uint32
+	min     uint32
+	gateway uint32
+	offset  uint32
+	mux     sync.Mutex
+	host    *trie.DomainTrie
+	cache   *cache.LruCache
+}
+
+// Lookup return a fake ip with host
+func (p *Pool) Lookup(host string) net.IP {
+	p.mux.Lock()
+	defer p.mux.Unlock()
+	if elm, exist := p.cache.Get(host); exist {
+		ip := elm.(net.IP)
+
+		// ensure ip --> host on head of linked list
+		n := ipToUint(ip.To4())
+		offset := n - p.min + 1
+		p.cache.Get(offset)
+		return ip
+	}
+
+	ip := p.get(host)
+	p.cache.Set(host, ip)
+	return ip
+}
+
+// LookBack return host with the fake ip
+func (p *Pool) LookBack(ip net.IP) (string, bool) {
+	p.mux.Lock()
+	defer p.mux.Unlock()
+
+	if ip = ip.To4(); ip == nil {
+		return "", false
+	}
+
+	n := ipToUint(ip.To4())
+	offset := n - p.min + 1
+
+	if elm, exist := p.cache.Get(offset); exist {
+		host := elm.(string)
+
+		// ensure host --> ip on head of linked list
+		p.cache.Get(host)
+		return host, true
+	}
+
+	return "", false
+}
+
+// LookupHost return if domain in host
+func (p *Pool) LookupHost(domain string) bool {
+	if p.host == nil {
+		return false
+	}
+	return p.host.Search(domain) != nil
+}
+
+// Exist returns if given ip exists in fake-ip pool
+func (p *Pool) Exist(ip net.IP) bool {
+	p.mux.Lock()
+	defer p.mux.Unlock()
+
+	if ip = ip.To4(); ip == nil {
+		return false
+	}
+
+	n := ipToUint(ip.To4())
+	offset := n - p.min + 1
+	return p.cache.Exist(offset)
+}
+
+// Gateway return gateway ip
+func (p *Pool) Gateway() net.IP {
+	return uintToIP(p.gateway)
+}
+
+func (p *Pool) get(host string) net.IP {
+	current := p.offset
+	for {
+		p.offset = (p.offset + 1) % (p.max - p.min)
+		// Avoid infinite loops
+		if p.offset == current {
+			break
+		}
+
+		if !p.cache.Exist(p.offset) {
+			break
+		}
+	}
+	ip := uintToIP(p.min + p.offset - 1)
+	p.cache.Set(p.offset, host)
+	return ip
+}
+
+func ipToUint(ip net.IP) uint32 {
+	v := uint32(ip[0]) << 24
+	v += uint32(ip[1]) << 16
+	v += uint32(ip[2]) << 8
+	v += uint32(ip[3])
+	return v
+}
+
+func uintToIP(v uint32) net.IP {
+	return net.IPv4(byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
+}
+
+// New return Pool instance
+func New(ipnet *net.IPNet, size int, host *trie.DomainTrie) (*Pool, error) {
+	min := ipToUint(ipnet.IP) + 2
+
+	ones, bits := ipnet.Mask.Size()
+	total := 1<<uint(bits-ones) - 2
+
+	if total <= 0 {
+		return nil, errors.New("ipnet don't have valid ip")
+	}
+
+	max := min + uint32(total) - 1
+	return &Pool{
+		min:     min,
+		max:     max,
+		gateway: min - 1,
+		host:    host,
+		cache:   cache.NewLRUCache(cache.WithSize(size * 2)),
+	}, nil
+}
--- a/component/fakeip/pool_test.go
+++ b/component/fakeip/pool_test.go
@ -0,0 +1,78 @@
+package fakeip
+
+import (
+	"net"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestPool_Basic(t *testing.T) {
+	_, ipnet, _ := net.ParseCIDR("192.168.0.1/29")
+	pool, _ := New(ipnet, 10, nil)
+
+	first := pool.Lookup("foo.com")
+	last := pool.Lookup("bar.com")
+	bar, exist := pool.LookBack(last)
+
+	assert.True(t, first.Equal(net.IP{192, 168, 0, 2}))
+	assert.True(t, last.Equal(net.IP{192, 168, 0, 3}))
+	assert.True(t, exist)
+	assert.Equal(t, bar, "bar.com")
+}
+
+func TestPool_Cycle(t *testing.T) {
+	_, ipnet, _ := net.ParseCIDR("192.168.0.1/30")
+	pool, _ := New(ipnet, 10, nil)
+
+	first := pool.Lookup("foo.com")
+	same := pool.Lookup("baz.com")
+
+	assert.True(t, first.Equal(same))
+}
+
+func TestPool_MaxCacheSize(t *testing.T) {
+	_, ipnet, _ := net.ParseCIDR("192.168.0.1/24")
+	pool, _ := New(ipnet, 2, nil)
+
+	first := pool.Lookup("foo.com")
+	pool.Lookup("bar.com")
+	pool.Lookup("baz.com")
+	next := pool.Lookup("foo.com")
+
+	assert.False(t, first.Equal(next))
+}
+
+func TestPool_DoubleMapping(t *testing.T) {
+	_, ipnet, _ := net.ParseCIDR("192.168.0.1/24")
+	pool, _ := New(ipnet, 2, nil)
+
+	// fill cache
+	fooIP := pool.Lookup("foo.com")
+	bazIP := pool.Lookup("baz.com")
+
+	// make foo.com hot
+	pool.Lookup("foo.com")
+
+	// should drop baz.com
+	barIP := pool.Lookup("bar.com")
+
+	_, fooExist := pool.LookBack(fooIP)
+	_, bazExist := pool.LookBack(bazIP)
+	_, barExist := pool.LookBack(barIP)
+
+	newBazIP := pool.Lookup("baz.com")
+
+	assert.True(t, fooExist)
+	assert.False(t, bazExist)
+	assert.True(t, barExist)
+
+	assert.False(t, bazIP.Equal(newBazIP))
+}
+
+func TestPool_Error(t *testing.T) {
+	_, ipnet, _ := net.ParseCIDR("192.168.0.1/31")
+	_, err := New(ipnet, 10, nil)
+
+	assert.Error(t, err)
+}
--- a/component/mmdb/mmdb.go
+++ b/component/mmdb/mmdb.go
@ -0,0 +1,43 @@
+package mmdb
+
+import (
+	"sync"
+
+	C "github.com/Dreamacro/clash/constant"
+	"github.com/Dreamacro/clash/log"
+
+	"github.com/oschwald/geoip2-golang"
+)
+
+var mmdb *geoip2.Reader
+var once sync.Once
+
+func LoadFromBytes(buffer []byte) {
+	once.Do(func() {
+		var err error
+		mmdb, err = geoip2.FromBytes(buffer)
+		if err != nil {
+			log.Fatalln("Can't load mmdb: %s", err.Error())
+		}
+	})
+}
+
+func Verify() bool {
+	instance, err := geoip2.Open(C.Path.MMDB())
+	if err == nil {
+		instance.Close()
+	}
+	return err == nil
+}
+
+func Instance() *geoip2.Reader {
+	once.Do(func() {
+		var err error
+		mmdb, err = geoip2.Open(C.Path.MMDB())
+		if err != nil {
+			log.Fatalln("Can't load mmdb: %s", err.Error())
+		}
+	})
+
+	return mmdb
+}
--- a/component/nat/table.go
+++ b/component/nat/table.go
@ -0,0 +1,37 @@
+package nat
+
+import (
+	"sync"
+
+	C "github.com/Dreamacro/clash/constant"
+)
+
+type Table struct {
+	mapping sync.Map
+}
+
+func (t *Table) Set(key string, pc C.PacketConn) {
+	t.mapping.Store(key, pc)
+}
+
+func (t *Table) Get(key string) C.PacketConn {
+	item, exist := t.mapping.Load(key)
+	if !exist {
+		return nil
+	}
+	return item.(C.PacketConn)
+}
+
+func (t *Table) GetOrCreateLock(key string) (*sync.WaitGroup, bool) {
+	item, loaded := t.mapping.LoadOrStore(key, &sync.WaitGroup{})
+	return item.(*sync.WaitGroup), loaded
+}
+
+func (t *Table) Delete(key string) {
+	t.mapping.Delete(key)
+}
+
+// New return *Cache
+func New() *Table {
+	return &Table{}
+}
--- a/component/resolver/resolver.go
+++ b/component/resolver/resolver.go
@ -0,0 +1,133 @@
+package resolver
+
+import (
+	"errors"
+	"net"
+	"strings"
+
+	"github.com/Dreamacro/clash/component/trie"
+)
+
+var (
+	// DefaultResolver aim to resolve ip
+	DefaultResolver Resolver
+
+	// DisableIPv6 means don't resolve ipv6 host
+	// default value is true
+	DisableIPv6 = true
+
+	// DefaultHosts aim to resolve hosts
+	DefaultHosts = trie.New()
+)
+
+var (
+	ErrIPNotFound   = errors.New("couldn't find ip")
+	ErrIPVersion    = errors.New("ip version error")
+	ErrIPv6Disabled = errors.New("ipv6 disabled")
+)
+
+type Resolver interface {
+	ResolveIP(host string) (ip net.IP, err error)
+	ResolveIPv4(host string) (ip net.IP, err error)
+	ResolveIPv6(host string) (ip net.IP, err error)
+}
+
+// ResolveIPv4 with a host, return ipv4
+func ResolveIPv4(host string) (net.IP, error) {
+	if node := DefaultHosts.Search(host); node != nil {
+		if ip := node.Data.(net.IP).To4(); ip != nil {
+			return ip, nil
+		}
+	}
+
+	ip := net.ParseIP(host)
+	if ip != nil {
+		if !strings.Contains(host, ":") {
+			return ip, nil
+		}
+		return nil, ErrIPVersion
+	}
+
+	if DefaultResolver != nil {
+		return DefaultResolver.ResolveIPv4(host)
+	}
+
+	ipAddrs, err := net.LookupIP(host)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, ip := range ipAddrs {
+		if ip4 := ip.To4(); ip4 != nil {
+			return ip4, nil
+		}
+	}
+
+	return nil, ErrIPNotFound
+}
+
+// ResolveIPv6 with a host, return ipv6
+func ResolveIPv6(host string) (net.IP, error) {
+	if DisableIPv6 {
+		return nil, ErrIPv6Disabled
+	}
+
+	if node := DefaultHosts.Search(host); node != nil {
+		if ip := node.Data.(net.IP).To16(); ip != nil {
+			return ip, nil
+		}
+	}
+
+	ip := net.ParseIP(host)
+	if ip != nil {
+		if strings.Contains(host, ":") {
+			return ip, nil
+		}
+		return nil, ErrIPVersion
+	}
+
+	if DefaultResolver != nil {
+		return DefaultResolver.ResolveIPv6(host)
+	}
+
+	ipAddrs, err := net.LookupIP(host)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, ip := range ipAddrs {
+		if ip.To4() == nil {
+			return ip, nil
+		}
+	}
+
+	return nil, ErrIPNotFound
+}
+
+// ResolveIP with a host, return ip
+func ResolveIP(host string) (net.IP, error) {
+	if node := DefaultHosts.Search(host); node != nil {
+		return node.Data.(net.IP), nil
+	}
+
+	if DefaultResolver != nil {
+		if DisableIPv6 {
+			return DefaultResolver.ResolveIPv4(host)
+		}
+		return DefaultResolver.ResolveIP(host)
+	} else if DisableIPv6 {
+		return ResolveIPv4(host)
+	}
+
+	ip := net.ParseIP(host)
+	if ip != nil {
+		return ip, nil
+	}
+
+	ipAddr, err := net.ResolveIPAddr("ip", host)
+	if err != nil {
+		return nil, err
+	}
+
+	return ipAddr.IP, nil
+}
--- a/component/simple-obfs/http.go
+++ b/component/simple-obfs/http.go
@ -8,6 +8,8 @@ import (
 	"math/rand"
 	"net"
 	"net/http"
+
+	"github.com/Dreamacro/clash/common/pool"
 )

 // HTTPObfs is shadowsocks http simple-obfs implementation
@ -26,21 +28,22 @@ func (ho *HTTPObfs) Read(b []byte) (int, error) {
 		n := copy(b, ho.buf[ho.offset:])
 		ho.offset += n
 		if ho.offset == len(ho.buf) {
+			pool.Put(ho.buf)
 			ho.buf = nil
 		}
 		return n, nil
 	}

 	if ho.firstResponse {
-		buf := bufPool.Get().([]byte)
+		buf := pool.Get(pool.RelayBufferSize)
 		n, err := ho.Conn.Read(buf)
 		if err != nil {
-			bufPool.Put(buf[:cap(buf)])
+			pool.Put(buf)
 			return 0, err
 		}
 		idx := bytes.Index(buf[:n], []byte("\r\n\r\n"))
 		if idx == -1 {
-			bufPool.Put(buf[:cap(buf)])
+			pool.Put(buf)
 			return 0, io.EOF
 		}
 		ho.firstResponse = false
@ -50,7 +53,7 @@ func (ho *HTTPObfs) Read(b []byte) (int, error) {
 			ho.buf = buf[:idx+4+length]
 			ho.offset = idx + 4 + n
 		} else {
-			bufPool.Put(buf[:cap(buf)])
+			pool.Put(buf)
 		}
 		return n, nil
 	}
@ -65,7 +68,10 @@ func (ho *HTTPObfs) Write(b []byte) (int, error) {
 		req.Header.Set("User-Agent", fmt.Sprintf("curl/7.%d.%d", rand.Int()%54, rand.Int()%2))
 		req.Header.Set("Upgrade", "websocket")
 		req.Header.Set("Connection", "Upgrade")
-		req.Host = fmt.Sprintf("%s:%s", ho.host, ho.port)
+		req.Host = ho.host
+		if ho.port != "80" {
+			req.Host = fmt.Sprintf("%s:%s", ho.host, ho.port)
+		}
 		req.Header.Set("Sec-WebSocket-Key", base64.URLEncoding.EncodeToString(randBytes))
 		req.ContentLength = int64(len(b))
 		err := req.Write(ho.Conn)
--- a/component/simple-obfs/tls.go
+++ b/component/simple-obfs/tls.go
@ -6,15 +6,18 @@ import (
 	"io"
 	"math/rand"
 	"net"
-	"sync"
 	"time"
+
+	"github.com/Dreamacro/clash/common/pool"
 )

 func init() {
 	rand.Seed(time.Now().Unix())
 }

-var bufPool = sync.Pool{New: func() interface{} { return make([]byte, 2048) }}
+const (
+	chunkSize = 1 << 14 // 2 ** 14 == 16 * 1024
+)

 // TLSObfs is shadowsocks tls simple-obfs implementation
 type TLSObfs struct {
@ -26,12 +29,12 @@ type TLSObfs struct {
 }

 func (to *TLSObfs) read(b []byte, discardN int) (int, error) {
-	buf := bufPool.Get().([]byte)
-	_, err := io.ReadFull(to.Conn, buf[:discardN])
+	buf := pool.Get(discardN)
+	_, err := io.ReadFull(to.Conn, buf)
 	if err != nil {
 		return 0, err
 	}
-	bufPool.Put(buf[:cap(buf)])
+	pool.Put(buf)

 	sizeBuf := make([]byte, 2)
 	_, err = io.ReadFull(to.Conn, sizeBuf)
@ -75,8 +78,23 @@ func (to *TLSObfs) Read(b []byte) (int, error) {
 	// type + ver = 3
 	return to.read(b, 3)
 }
-
 func (to *TLSObfs) Write(b []byte) (int, error) {
+	length := len(b)
+	for i := 0; i < length; i += chunkSize {
+		end := i + chunkSize
+		if end > length {
+			end = length
+		}
+
+		n, err := to.write(b[i:end])
+		if err != nil {
+			return n, err
+		}
+	}
+	return length, nil
+}
+
+func (to *TLSObfs) write(b []byte) (int, error) {
 	if to.firstRequest {
 		helloMsg := makeClientHelloMsg(b, to.server)
 		_, err := to.Conn.Write(helloMsg)
@ -84,15 +102,11 @@ func (to *TLSObfs) Write(b []byte) (int, error) {
 		return len(b), err
 	}

-	size := bufPool.Get().([]byte)
-	binary.BigEndian.PutUint16(size[:2], uint16(len(b)))
-
 	buf := &bytes.Buffer{}
 	buf.Write([]byte{0x17, 0x03, 0x03})
-	buf.Write(size[:2])
+	binary.Write(buf, binary.BigEndian, uint16(len(b)))
 	buf.Write(b)
 	_, err := to.Conn.Write(buf.Bytes())
-	bufPool.Put(size[:cap(size)])
 	return len(b), err
 }

@ -107,9 +121,8 @@ func NewTLSObfs(conn net.Conn, server string) net.Conn {
 }

 func makeClientHelloMsg(data []byte, server string) []byte {
-	random := make([]byte, 32)
+	random := make([]byte, 28)
 	sessionID := make([]byte, 32)
-	size := make([]byte, 2)
 	rand.Read(random)
 	rand.Read(sessionID)

@ -124,12 +137,12 @@ func makeClientHelloMsg(data []byte, server string) []byte {

 	// clientHello, length, TLS 1.2 version
 	buf.WriteByte(1)
-	binary.BigEndian.PutUint16(size, uint16(208+len(data)+len(server)))
 	buf.WriteByte(0)
-	buf.Write(size)
+	binary.Write(buf, binary.BigEndian, uint16(208+len(data)+len(server)))
 	buf.Write([]byte{0x03, 0x03})

-	// random, sid len, sid
+	// random with timestamp, sid len, sid
+	binary.Write(buf, binary.BigEndian, uint32(time.Now().Unix()))
 	buf.Write(random)
 	buf.WriteByte(32)
 	buf.Write(sessionID)
@ -147,24 +160,19 @@ func makeClientHelloMsg(data []byte, server string) []byte {
 	buf.Write([]byte{0x01, 0x00})

 	// extension length
-	binary.BigEndian.PutUint16(size, uint16(79+len(data)+len(server)))
-	buf.Write(size)
+	binary.Write(buf, binary.BigEndian, uint16(79+len(data)+len(server)))

 	// session ticket
 	buf.Write([]byte{0x00, 0x23})
-	binary.BigEndian.PutUint16(size, uint16(len(data)))
-	buf.Write(size)
+	binary.Write(buf, binary.BigEndian, uint16(len(data)))
 	buf.Write(data)

 	// server name
 	buf.Write([]byte{0x00, 0x00})
-	binary.BigEndian.PutUint16(size, uint16(len(server)+5))
-	buf.Write(size)
-	binary.BigEndian.PutUint16(size, uint16(len(server)+3))
-	buf.Write(size)
+	binary.Write(buf, binary.BigEndian, uint16(len(server)+5))
+	binary.Write(buf, binary.BigEndian, uint16(len(server)+3))
 	buf.WriteByte(0)
-	binary.BigEndian.PutUint16(size, uint16(len(server)))
-	buf.Write(size)
+	binary.Write(buf, binary.BigEndian, uint16(len(server)))
 	buf.Write([]byte(server))

 	// ec_point
--- a/component/snell/cipher.go
+++ b/component/snell/cipher.go
@ -0,0 +1,21 @@
+package snell
+
+import (
+	"crypto/cipher"
+
+	"golang.org/x/crypto/argon2"
+)
+
+type snellCipher struct {
+	psk      []byte
+	makeAEAD func(key []byte) (cipher.AEAD, error)
+}
+
+func (sc *snellCipher) KeySize() int  { return 32 }
+func (sc *snellCipher) SaltSize() int { return 16 }
+func (sc *snellCipher) Encrypter(salt []byte) (cipher.AEAD, error) {
+	return sc.makeAEAD(argon2.IDKey(sc.psk, salt, 3, 8, 1, uint32(sc.KeySize())))
+}
+func (sc *snellCipher) Decrypter(salt []byte) (cipher.AEAD, error) {
+	return sc.makeAEAD(argon2.IDKey(sc.psk, salt, 3, 8, 1, uint32(sc.KeySize())))
+}
--- a/component/snell/snell.go
+++ b/component/snell/snell.go
@ -0,0 +1,98 @@
+package snell
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"sync"
+
+	"github.com/Dreamacro/go-shadowsocks2/shadowaead"
+	"golang.org/x/crypto/chacha20poly1305"
+)
+
+const (
+	CommandPing    byte = 0
+	CommandConnect byte = 1
+
+	CommandTunnel byte = 0
+	CommandError  byte = 2
+
+	Version byte = 1
+)
+
+var (
+	bufferPool = sync.Pool{New: func() interface{} { return &bytes.Buffer{} }}
+)
+
+type Snell struct {
+	net.Conn
+	buffer [1]byte
+	reply  bool
+}
+
+func (s *Snell) Read(b []byte) (int, error) {
+	if s.reply {
+		return s.Conn.Read(b)
+	}
+
+	s.reply = true
+	if _, err := io.ReadFull(s.Conn, s.buffer[:]); err != nil {
+		return 0, err
+	}
+
+	if s.buffer[0] == CommandTunnel {
+		return s.Conn.Read(b)
+	} else if s.buffer[0] != CommandError {
+		return 0, errors.New("Command not support")
+	}
+
+	// CommandError
+	// 1 byte error code
+	if _, err := io.ReadFull(s.Conn, s.buffer[:]); err != nil {
+		return 0, err
+	}
+	errcode := int(s.buffer[0])
+
+	// 1 byte error message length
+	if _, err := io.ReadFull(s.Conn, s.buffer[:]); err != nil {
+		return 0, err
+	}
+	length := int(s.buffer[0])
+	msg := make([]byte, length)
+
+	if _, err := io.ReadFull(s.Conn, msg); err != nil {
+		return 0, err
+	}
+
+	return 0, fmt.Errorf("server reported code: %d, message: %s", errcode, string(msg))
+}
+
+func WriteHeader(conn net.Conn, host string, port uint) error {
+	buf := bufferPool.Get().(*bytes.Buffer)
+	buf.Reset()
+	defer bufferPool.Put(buf)
+	buf.WriteByte(Version)
+	buf.WriteByte(CommandConnect)
+
+	// clientID length & id
+	buf.WriteByte(0)
+
+	// host & port
+	buf.WriteByte(uint8(len(host)))
+	buf.WriteString(host)
+	binary.Write(buf, binary.BigEndian, uint16(port))
+
+	if _, err := conn.Write(buf.Bytes()); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func StreamConn(conn net.Conn, psk []byte) net.Conn {
+	cipher := &snellCipher{psk, chacha20poly1305.New}
+	return &Snell{Conn: shadowaead.NewConn(conn, cipher)}
+}
--- a/component/socks5/socks5.go
+++ b/component/socks5/socks5.go
@ -0,0 +1,435 @@
+package socks5
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"io"
+	"net"
+	"strconv"
+
+	"github.com/Dreamacro/clash/component/auth"
+)
+
+// Error represents a SOCKS error
+type Error byte
+
+func (err Error) Error() string {
+	return "SOCKS error: " + strconv.Itoa(int(err))
+}
+
+// Command is request commands as defined in RFC 1928 section 4.
+type Command = uint8
+
+const Version = 5
+
+// SOCKS request commands as defined in RFC 1928 section 4.
+const (
+	CmdConnect      Command = 1
+	CmdBind         Command = 2
+	CmdUDPAssociate Command = 3
+)
+
+// SOCKS address types as defined in RFC 1928 section 5.
+const (
+	AtypIPv4       = 1
+	AtypDomainName = 3
+	AtypIPv6       = 4
+)
+
+// MaxAddrLen is the maximum size of SOCKS address in bytes.
+const MaxAddrLen = 1 + 1 + 255 + 2
+
+// MaxAuthLen is the maximum size of user/password field in SOCKS5 Auth
+const MaxAuthLen = 255
+
+// Addr represents a SOCKS address as defined in RFC 1928 section 5.
+type Addr []byte
+
+func (a Addr) String() string {
+	var host, port string
+
+	switch a[0] {
+	case AtypDomainName:
+		hostLen := uint16(a[1])
+		host = string(a[2 : 2+hostLen])
+		port = strconv.Itoa((int(a[2+hostLen]) << 8) | int(a[2+hostLen+1]))
+	case AtypIPv4:
+		host = net.IP(a[1 : 1+net.IPv4len]).String()
+		port = strconv.Itoa((int(a[1+net.IPv4len]) << 8) | int(a[1+net.IPv4len+1]))
+	case AtypIPv6:
+		host = net.IP(a[1 : 1+net.IPv6len]).String()
+		port = strconv.Itoa((int(a[1+net.IPv6len]) << 8) | int(a[1+net.IPv6len+1]))
+	}
+
+	return net.JoinHostPort(host, port)
+}
+
+// UDPAddr converts a socks5.Addr to *net.UDPAddr
+func (a Addr) UDPAddr() *net.UDPAddr {
+	if len(a) == 0 {
+		return nil
+	}
+	switch a[0] {
+	case AtypIPv4:
+		var ip [net.IPv4len]byte
+		copy(ip[0:], a[1:1+net.IPv4len])
+		return &net.UDPAddr{IP: net.IP(ip[:]), Port: int(binary.BigEndian.Uint16(a[1+net.IPv4len : 1+net.IPv4len+2]))}
+	case AtypIPv6:
+		var ip [net.IPv6len]byte
+		copy(ip[0:], a[1:1+net.IPv6len])
+		return &net.UDPAddr{IP: net.IP(ip[:]), Port: int(binary.BigEndian.Uint16(a[1+net.IPv6len : 1+net.IPv6len+2]))}
+	}
+	// Other Atyp
+	return nil
+}
+
+// SOCKS errors as defined in RFC 1928 section 6.
+const (
+	ErrGeneralFailure       = Error(1)
+	ErrConnectionNotAllowed = Error(2)
+	ErrNetworkUnreachable   = Error(3)
+	ErrHostUnreachable      = Error(4)
+	ErrConnectionRefused    = Error(5)
+	ErrTTLExpired           = Error(6)
+	ErrCommandNotSupported  = Error(7)
+	ErrAddressNotSupported  = Error(8)
+)
+
+// Auth errors used to return a specific "Auth failed" error
+var ErrAuth = errors.New("auth failed")
+
+type User struct {
+	Username string
+	Password string
+}
+
+// ServerHandshake fast-tracks SOCKS initialization to get target address to connect on server side.
+func ServerHandshake(rw net.Conn, authenticator auth.Authenticator) (addr Addr, command Command, err error) {
+	// Read RFC 1928 for request and reply structure and sizes.
+	buf := make([]byte, MaxAddrLen)
+	// read VER, NMETHODS, METHODS
+	if _, err = io.ReadFull(rw, buf[:2]); err != nil {
+		return
+	}
+	nmethods := buf[1]
+	if _, err = io.ReadFull(rw, buf[:nmethods]); err != nil {
+		return
+	}
+
+	// write VER METHOD
+	if authenticator != nil {
+		if _, err = rw.Write([]byte{5, 2}); err != nil {
+			return
+		}
+
+		// Get header
+		header := make([]byte, 2)
+		if _, err = io.ReadFull(rw, header); err != nil {
+			return
+		}
+
+		authBuf := make([]byte, MaxAuthLen)
+		// Get username
+		userLen := int(header[1])
+		if userLen <= 0 {
+			rw.Write([]byte{1, 1})
+			err = ErrAuth
+			return
+		}
+		if _, err = io.ReadFull(rw, authBuf[:userLen]); err != nil {
+			return
+		}
+		user := string(authBuf[:userLen])
+
+		// Get password
+		if _, err = rw.Read(header[:1]); err != nil {
+			return
+		}
+		passLen := int(header[0])
+		if passLen <= 0 {
+			rw.Write([]byte{1, 1})
+			err = ErrAuth
+			return
+		}
+		if _, err = io.ReadFull(rw, authBuf[:passLen]); err != nil {
+			return
+		}
+		pass := string(authBuf[:passLen])
+
+		// Verify
+		if ok := authenticator.Verify(string(user), string(pass)); !ok {
+			rw.Write([]byte{1, 1})
+			err = ErrAuth
+			return
+		}
+
+		// Response auth state
+		if _, err = rw.Write([]byte{1, 0}); err != nil {
+			return
+		}
+	} else {
+		if _, err = rw.Write([]byte{5, 0}); err != nil {
+			return
+		}
+	}
+
+	// read VER CMD RSV ATYP DST.ADDR DST.PORT
+	if _, err = io.ReadFull(rw, buf[:3]); err != nil {
+		return
+	}
+
+	command = buf[1]
+	addr, err = ReadAddr(rw, buf)
+	if err != nil {
+		return
+	}
+
+	switch command {
+	case CmdConnect, CmdUDPAssociate:
+		// Acquire server listened address info
+		localAddr := ParseAddr(rw.LocalAddr().String())
+		if localAddr == nil {
+			err = ErrAddressNotSupported
+		} else {
+			// write VER REP RSV ATYP BND.ADDR BND.PORT
+			_, err = rw.Write(bytes.Join([][]byte{{5, 0, 0}, localAddr}, []byte{}))
+		}
+	case CmdBind:
+		fallthrough
+	default:
+		err = ErrCommandNotSupported
+	}
+
+	return
+}
+
+// ClientHandshake fast-tracks SOCKS initialization to get target address to connect on client side.
+func ClientHandshake(rw io.ReadWriter, addr Addr, command Command, user *User) (Addr, error) {
+	buf := make([]byte, MaxAddrLen)
+	var err error
+
+	// VER, NMETHODS, METHODS
+	if user != nil {
+		_, err = rw.Write([]byte{5, 1, 2})
+	} else {
+		_, err = rw.Write([]byte{5, 1, 0})
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	// VER, METHOD
+	if _, err := io.ReadFull(rw, buf[:2]); err != nil {
+		return nil, err
+	}
+
+	if buf[0] != 5 {
+		return nil, errors.New("SOCKS version error")
+	}
+
+	if buf[1] == 2 {
+		if user == nil {
+			return nil, ErrAuth
+		}
+
+		// password protocol version
+		authMsg := &bytes.Buffer{}
+		authMsg.WriteByte(1)
+		authMsg.WriteByte(uint8(len(user.Username)))
+		authMsg.WriteString(user.Username)
+		authMsg.WriteByte(uint8(len(user.Password)))
+		authMsg.WriteString(user.Password)
+
+		if _, err := rw.Write(authMsg.Bytes()); err != nil {
+			return nil, err
+		}
+
+		if _, err := io.ReadFull(rw, buf[:2]); err != nil {
+			return nil, err
+		}
+
+		if buf[1] != 0 {
+			return nil, errors.New("rejected username/password")
+		}
+	} else if buf[1] != 0 {
+		return nil, errors.New("SOCKS need auth")
+	}
+
+	// VER, CMD, RSV, ADDR
+	if _, err := rw.Write(bytes.Join([][]byte{{5, command, 0}, addr}, []byte{})); err != nil {
+		return nil, err
+	}
+
+	// VER, REP, RSV
+	if _, err := io.ReadFull(rw, buf[:3]); err != nil {
+		return nil, err
+	}
+
+	return ReadAddr(rw, buf)
+}
+
+func ReadAddr(r io.Reader, b []byte) (Addr, error) {
+	if len(b) < MaxAddrLen {
+		return nil, io.ErrShortBuffer
+	}
+	_, err := io.ReadFull(r, b[:1]) // read 1st byte for address type
+	if err != nil {
+		return nil, err
+	}
+
+	switch b[0] {
+	case AtypDomainName:
+		_, err = io.ReadFull(r, b[1:2]) // read 2nd byte for domain length
+		if err != nil {
+			return nil, err
+		}
+		domainLength := uint16(b[1])
+		_, err = io.ReadFull(r, b[2:2+domainLength+2])
+		return b[:1+1+domainLength+2], err
+	case AtypIPv4:
+		_, err = io.ReadFull(r, b[1:1+net.IPv4len+2])
+		return b[:1+net.IPv4len+2], err
+	case AtypIPv6:
+		_, err = io.ReadFull(r, b[1:1+net.IPv6len+2])
+		return b[:1+net.IPv6len+2], err
+	}
+
+	return nil, ErrAddressNotSupported
+}
+
+// SplitAddr slices a SOCKS address from beginning of b. Returns nil if failed.
+func SplitAddr(b []byte) Addr {
+	addrLen := 1
+	if len(b) < addrLen {
+		return nil
+	}
+
+	switch b[0] {
+	case AtypDomainName:
+		if len(b) < 2 {
+			return nil
+		}
+		addrLen = 1 + 1 + int(b[1]) + 2
+	case AtypIPv4:
+		addrLen = 1 + net.IPv4len + 2
+	case AtypIPv6:
+		addrLen = 1 + net.IPv6len + 2
+	default:
+		return nil
+
+	}
+
+	if len(b) < addrLen {
+		return nil
+	}
+
+	return b[:addrLen]
+}
+
+// ParseAddr parses the address in string s. Returns nil if failed.
+func ParseAddr(s string) Addr {
+	var addr Addr
+	host, port, err := net.SplitHostPort(s)
+	if err != nil {
+		return nil
+	}
+	if ip := net.ParseIP(host); ip != nil {
+		if ip4 := ip.To4(); ip4 != nil {
+			addr = make([]byte, 1+net.IPv4len+2)
+			addr[0] = AtypIPv4
+			copy(addr[1:], ip4)
+		} else {
+			addr = make([]byte, 1+net.IPv6len+2)
+			addr[0] = AtypIPv6
+			copy(addr[1:], ip)
+		}
+	} else {
+		if len(host) > 255 {
+			return nil
+		}
+		addr = make([]byte, 1+1+len(host)+2)
+		addr[0] = AtypDomainName
+		addr[1] = byte(len(host))
+		copy(addr[2:], host)
+	}
+
+	portnum, err := strconv.ParseUint(port, 10, 16)
+	if err != nil {
+		return nil
+	}
+
+	addr[len(addr)-2], addr[len(addr)-1] = byte(portnum>>8), byte(portnum)
+
+	return addr
+}
+
+// ParseAddrToSocksAddr parse a socks addr from net.addr
+// This is a fast path of ParseAddr(addr.String())
+func ParseAddrToSocksAddr(addr net.Addr) Addr {
+	var hostip net.IP
+	var port int
+	if udpaddr, ok := addr.(*net.UDPAddr); ok {
+		hostip = udpaddr.IP
+		port = udpaddr.Port
+	} else if tcpaddr, ok := addr.(*net.TCPAddr); ok {
+		hostip = tcpaddr.IP
+		port = tcpaddr.Port
+	}
+
+	// fallback parse
+	if hostip == nil {
+		return ParseAddr(addr.String())
+	}
+
+	var parsed Addr
+	if ip4 := hostip.To4(); ip4.DefaultMask() != nil {
+		parsed = make([]byte, 1+net.IPv4len+2)
+		parsed[0] = AtypIPv4
+		copy(parsed[1:], ip4)
+		binary.BigEndian.PutUint16(parsed[1+net.IPv4len:], uint16(port))
+
+	} else {
+		parsed = make([]byte, 1+net.IPv6len+2)
+		parsed[0] = AtypIPv6
+		copy(parsed[1:], hostip)
+		binary.BigEndian.PutUint16(parsed[1+net.IPv6len:], uint16(port))
+	}
+	return parsed
+}
+
+// DecodeUDPPacket split `packet` to addr payload, and this function is mutable with `packet`
+func DecodeUDPPacket(packet []byte) (addr Addr, payload []byte, err error) {
+	if len(packet) < 5 {
+		err = errors.New("insufficient length of packet")
+		return
+	}
+
+	// packet[0] and packet[1] are reserved
+	if !bytes.Equal(packet[:2], []byte{0, 0}) {
+		err = errors.New("reserved fields should be zero")
+		return
+	}
+
+	if packet[2] != 0 /* fragments */ {
+		err = errors.New("discarding fragmented payload")
+		return
+	}
+
+	addr = SplitAddr(packet[3:])
+	if addr == nil {
+		err = errors.New("failed to read UDP header")
+	}
+
+	payload = packet[3+len(addr):]
+	return
+}
+
+func EncodeUDPPacket(addr Addr, payload []byte) (packet []byte, err error) {
+	if addr == nil {
+		err = errors.New("address is invalid")
+		return
+	}
+	packet = bytes.Join([][]byte{{0, 0, 0}, addr, payload}, []byte{})
+	return
+}
--- a/component/ssr/obfs/base.go
+++ b/component/ssr/obfs/base.go
@ -0,0 +1,11 @@
+package obfs
+
+// Base information for obfs
+type Base struct {
+	IVSize  int
+	Key     []byte
+	HeadLen int
+	Host    string
+	Port    int
+	Param   string
+}
--- a/component/ssr/obfs/http_post.go
+++ b/component/ssr/obfs/http_post.go
@ -0,0 +1,9 @@
+package obfs
+
+func init() {
+	register("http_post", newHTTPPost)
+}
+
+func newHTTPPost(b *Base) Obfs {
+	return &httpObfs{Base: b, post: true}
+}
--- a/component/ssr/obfs/http_simple.go
+++ b/component/ssr/obfs/http_simple.go
@ -0,0 +1,402 @@
+package obfs
+
+import (
+	"bytes"
+	"encoding/hex"
+	"fmt"
+	"io"
+	"math/rand"
+	"strings"
+)
+
+type httpObfs struct {
+	*Base
+	firstRequest  bool
+	firstResponse bool
+	post          bool
+}
+
+func init() {
+	register("http_simple", newHTTPSimple)
+}
+
+func newHTTPSimple(b *Base) Obfs {
+	return &httpObfs{Base: b}
+}
+
+func (h *httpObfs) initForConn() Obfs {
+	return &httpObfs{
+		Base:          h.Base,
+		firstRequest:  true,
+		firstResponse: true,
+		post:          h.post,
+	}
+}
+
+func (h *httpObfs) GetObfsOverhead() int {
+	return 0
+}
+
+func (h *httpObfs) Decode(b []byte) ([]byte, bool, error) {
+	if h.firstResponse {
+		idx := bytes.Index(b, []byte("\r\n\r\n"))
+		if idx == -1 {
+			return nil, false, io.EOF
+		}
+		h.firstResponse = false
+		return b[idx+4:], false, nil
+	}
+	return b, false, nil
+}
+
+func (h *httpObfs) Encode(b []byte) ([]byte, error) {
+	if h.firstRequest {
+		bSize := len(b)
+		var headData []byte
+
+		if headSize := h.IVSize + h.HeadLen; bSize-headSize > 64 {
+			headData = make([]byte, headSize+rand.Intn(64))
+		} else {
+			headData = make([]byte, bSize)
+		}
+		copy(headData, b[:len(headData)])
+		host := h.Host
+		var customHead string
+
+		if len(h.Param) > 0 {
+			customHeads := strings.Split(h.Param, "#")
+			if len(customHeads) > 2 {
+				customHeads = customHeads[:2]
+			}
+			customHosts := h.Param
+			if len(customHeads) > 1 {
+				customHosts = customHeads[0]
+				customHead = customHeads[1]
+			}
+			hosts := strings.Split(customHosts, ",")
+			if len(hosts) > 0 {
+				host = strings.TrimSpace(hosts[rand.Intn(len(hosts))])
+			}
+		}
+
+		method := "GET /"
+		if h.post {
+			method = "POST /"
+		}
+		requestPathIndex := rand.Intn(len(requestPath)/2) * 2
+		httpBuf := fmt.Sprintf("%s%s%s%s HTTP/1.1\r\nHost: %s:%d\r\n",
+			method,
+			requestPath[requestPathIndex],
+			data2URLEncode(headData),
+			requestPath[requestPathIndex+1],
+			host, h.Port)
+		if len(customHead) > 0 {
+			httpBuf = httpBuf + strings.Replace(customHead, "\\n", "\r\n", -1) + "\r\n\r\n"
+		} else {
+			var contentType string
+			if h.post {
+				contentType = "Content-Type: multipart/form-data; boundary=" + boundary() + "\r\n"
+			}
+			httpBuf = httpBuf + "User-agent: " + requestUserAgent[rand.Intn(len(requestUserAgent))] + "\r\n" +
+				"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n" +
+				"Accept-Language: en-US,en;q=0.8\r\n" +
+				"Accept-Encoding: gzip, deflate\r\n" +
+				contentType +
+				"DNT: 1\r\n" +
+				"Connection: keep-alive\r\n" +
+				"\r\n"
+		}
+
+		var encoded []byte
+		if len(headData) < bSize {
+			encoded = make([]byte, len(httpBuf)+(bSize-len(headData)))
+			copy(encoded, []byte(httpBuf))
+			copy(encoded[len(httpBuf):], b[len(headData):])
+		} else {
+			encoded = []byte(httpBuf)
+		}
+		h.firstRequest = false
+		return encoded, nil
+	}
+
+	return b, nil
+}
+
+func data2URLEncode(data []byte) (ret string) {
+	for i := 0; i < len(data); i++ {
+		ret = fmt.Sprintf("%s%%%s", ret, hex.EncodeToString([]byte{data[i]}))
+	}
+	return
+}
+
+func boundary() (ret string) {
+	set := "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+	for i := 0; i < 32; i++ {
+		ret = fmt.Sprintf("%s%c", ret, set[rand.Intn(len(set))])
+	}
+	return
+}
+
+var (
+	requestPath = []string{
+		"", "",
+		"login.php?redir=", "",
+		"register.php?code=", "",
+		"?keyword=", "",
+		"search?src=typd&q=", "&lang=en",
+		"s?ie=utf-8&f=8&rsv_bp=1&rsv_idx=1&ch=&bar=&wd=", "&rn=",
+		"post.php?id=", "&goto=view.php",
+	}
+	requestUserAgent = []string{
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 7.0; Moto C Build/NRD90M.059) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 6.0.1; SM-G532M Build/MMB29T; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/55.0.2883.91 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 5.1.1; SM-J120M Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 7.0; Moto G (5) Build/NPPS25.137-93-14) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 7.0; SM-G570M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.80 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 5.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 6.0; CAM-L03 Build/HUAWEICAM-L03) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.76 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36",
+		"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3",
+		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36",
+		"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7",
+		"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
+		"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3",
+		"Mozilla/5.0 (Linux; Android 8.0.0; FIG-LX3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.80 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36",
+		"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10",
+		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36",
+		"Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.1 Safari/533.2",
+		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.89 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36",
+		"Mozilla/5.0 (X11; Datanyze; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 5.1.1; SM-J111M Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36",
+		"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 6.0.1; SM-J700M Build/MMB29K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.63 Safari/537.36",
+		"Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Slackware/Chrome/12.0.742.100 Safari/534.30",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
+		"Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30",
+		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 8.0.0; WAS-LX3 Build/HUAWEIWAS-LX3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.1805 Safari/537.36 MVisionPlayer/1.0.0.0",
+		"Mozilla/5.0 (Linux; Android 7.0; TRT-LX3 Build/HUAWEITRT-LX3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
+		"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 6.0; vivo 1610 Build/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.124 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG GT-I9195 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36",
+		"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 8.0.0; ANE-LX3 Build/HUAWEIANE-LX3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36",
+		"Mozilla/5.0 (X11; U; Linux i586; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.1 Safari/533.2",
+		"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 7.0; SM-G610M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.80 Mobile Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 6.0.1; SM-J500M Build/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7",
+		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 6.0; vivo 1606 Build/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.124 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
+		"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 7.0; SM-G610M Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 7.1; vivo 1716 Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.98 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 7.0; SM-G570M Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 6.0; MYA-L22 Build/HUAWEIMYA-L22) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 5.1; A1601 Build/LMY47I) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.98 Mobile Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 7.0; TRT-LX2 Build/HUAWEITRT-LX2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/59.0.3071.125 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36",
+		"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.17 (KHTML, like Gecko) Chrome/10.0.649.0 Safari/534.17",
+		"Mozilla/5.0 (Linux; Android 6.0; CAM-L21 Build/HUAWEICAM-L21; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/62.0.3202.84 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36",
+		"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.3 Safari/534.24",
+		"Mozilla/5.0 (Linux; Android 7.1.2; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 4.4.2; SM-G7102 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.109 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 5.1; HUAWEI CUN-L22 Build/HUAWEICUN-L22; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/62.0.3202.84 Mobile Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 5.1.1; A37fw Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 7.0; SM-J730GM Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 7.0; SM-G610F Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 7.1.2; Redmi Note 5A Build/N2G47H; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/63.0.3239.111 Mobile Safari/537.36",
+		"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36",
+		"Mozilla/5.0 (Unknown; Linux) AppleWebKit/538.1 (KHTML, like Gecko) Chrome/v1.0.0 Safari/538.1",
+		"Mozilla/5.0 (Linux; Android 7.0; BLL-L22 Build/HUAWEIBLL-L22) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.91 Mobile Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 7.0; SM-J710F Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 6.0.1; SM-G532M Build/MMB29T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.91 Mobile Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 7.1.1; CPH1723 Build/N6F26Q) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.98 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 8.0.0; FIG-LX3 Build/HUAWEIFIG-LX3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows; U; Windows NT 6.1; de-DE) AppleWebKit/534.17 (KHTML, like Gecko) Chrome/10.0.649.0 Safari/534.17",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.63 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 7.1; Mi A1 Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
+		"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.89 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36 MVisionPlayer/1.0.0.0",
+		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 5.1; A37f Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.76 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 6.0.1; CPH1607 Build/MMB29M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/63.0.3239.111 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36",
+		"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 6.0.1; vivo 1603 Build/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 6.0.1; SM-G532M Build/MMB29T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 6.0.1; Redmi 4A Build/MMB29M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.116 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36",
+		"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 6.0.1; SM-G532G Build/MMB29T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.83 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.109 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36",
+		"Mozilla/5.0 (Linux; Android 6.0; vivo 1713 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.124 Mobile Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.89 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36",
+	}
+)
--- a/component/ssr/obfs/obfs.go
+++ b/component/ssr/obfs/obfs.go
@ -0,0 +1,37 @@
+package obfs
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+)
+
+var (
+	errTLS12TicketAuthIncorrectMagicNumber = errors.New("tls1.2_ticket_auth incorrect magic number")
+	errTLS12TicketAuthTooShortData         = errors.New("tls1.2_ticket_auth too short data")
+	errTLS12TicketAuthHMACError            = errors.New("tls1.2_ticket_auth hmac verifying failed")
+)
+
+// Obfs provides methods for decoding and encoding
+type Obfs interface {
+	initForConn() Obfs
+	GetObfsOverhead() int
+	Decode(b []byte) ([]byte, bool, error)
+	Encode(b []byte) ([]byte, error)
+}
+
+type obfsCreator func(b *Base) Obfs
+
+var obfsList = make(map[string]obfsCreator)
+
+func register(name string, c obfsCreator) {
+	obfsList[name] = c
+}
+
+// PickObfs returns an obfs of the given name
+func PickObfs(name string, b *Base) (Obfs, error) {
+	if obfsCreator, ok := obfsList[strings.ToLower(name)]; ok {
+		return obfsCreator(b), nil
+	}
+	return nil, fmt.Errorf("Obfs %s not supported", name)
+}
--- a/component/ssr/obfs/plain.go
+++ b/component/ssr/obfs/plain.go
@ -0,0 +1,25 @@
+package obfs
+
+type plain struct{}
+
+func init() {
+	register("plain", newPlain)
+}
+
+func newPlain(b *Base) Obfs {
+	return &plain{}
+}
+
+func (p *plain) initForConn() Obfs { return &plain{} }
+
+func (p *plain) GetObfsOverhead() int {
+	return 0
+}
+
+func (p *plain) Encode(b []byte) ([]byte, error) {
+	return b, nil
+}
+
+func (p *plain) Decode(b []byte) ([]byte, bool, error) {
+	return b, false, nil
+}
--- a/component/ssr/obfs/random_head.go
+++ b/component/ssr/obfs/random_head.go
@ -0,0 +1,75 @@
+package obfs
+
+import (
+	"encoding/binary"
+	"hash/crc32"
+	"math/rand"
+)
+
+type randomHead struct {
+	*Base
+	firstRequest  bool
+	firstResponse bool
+	headerSent    bool
+	buffer        []byte
+}
+
+func init() {
+	register("random_head", newRandomHead)
+}
+
+func newRandomHead(b *Base) Obfs {
+	return &randomHead{Base: b}
+}
+
+func (r *randomHead) initForConn() Obfs {
+	return &randomHead{
+		Base:          r.Base,
+		firstRequest:  true,
+		firstResponse: true,
+	}
+}
+
+func (r *randomHead) GetObfsOverhead() int {
+	return 0
+}
+
+func (r *randomHead) Encode(b []byte) (encoded []byte, err error) {
+	if !r.firstRequest {
+		return b, nil
+	}
+
+	bSize := len(b)
+	if r.headerSent {
+		if bSize > 0 {
+			d := make([]byte, len(r.buffer)+bSize)
+			copy(d, r.buffer)
+			copy(d[len(r.buffer):], b)
+			r.buffer = d
+		} else {
+			encoded = r.buffer
+			r.buffer = nil
+			r.firstRequest = false
+		}
+	} else {
+		size := rand.Intn(96) + 8
+		encoded = make([]byte, size)
+		rand.Read(encoded)
+		crc := (0xFFFFFFFF - crc32.ChecksumIEEE(encoded[:size-4])) & 0xFFFFFFFF
+		binary.LittleEndian.PutUint32(encoded[size-4:], crc)
+
+		d := make([]byte, bSize)
+		copy(d, b)
+		r.buffer = d
+	}
+	r.headerSent = true
+	return encoded, nil
+}
+
+func (r *randomHead) Decode(b []byte) ([]byte, bool, error) {
+	if r.firstResponse {
+		r.firstResponse = false
+		return b, true, nil
+	}
+	return b, false, nil
+}
--- a/component/ssr/obfs/stream.go
+++ b/component/ssr/obfs/stream.go
@ -0,0 +1,72 @@
+package obfs
+
+import (
+	"net"
+
+	"github.com/Dreamacro/clash/common/pool"
+)
+
+// NewConn wraps a stream-oriented net.Conn with obfs decoding/encoding
+func NewConn(c net.Conn, o Obfs) net.Conn {
+	return &Conn{Conn: c, Obfs: o.initForConn()}
+}
+
+// Conn represents an obfs connection
+type Conn struct {
+	net.Conn
+	Obfs
+	buf    []byte
+	offset int
+}
+
+func (c *Conn) Read(b []byte) (int, error) {
+	if c.buf != nil {
+		n := copy(b, c.buf[c.offset:])
+		c.offset += n
+		if c.offset == len(c.buf) {
+			pool.Put(c.buf)
+			c.buf = nil
+		}
+		return n, nil
+	}
+
+	buf := pool.Get(pool.RelayBufferSize)
+	defer pool.Put(buf)
+	n, err := c.Conn.Read(buf)
+	if err != nil {
+		return 0, err
+	}
+	decoded, sendback, err := c.Decode(buf[:n])
+	// decoded may be part of buf
+	decodedData := pool.Get(len(decoded))
+	copy(decodedData, decoded)
+	if err != nil {
+		pool.Put(decodedData)
+		return 0, err
+	}
+	if sendback {
+		c.Write(nil)
+		pool.Put(decodedData)
+		return 0, nil
+	}
+	n = copy(b, decodedData)
+	if len(decodedData) > len(b) {
+		c.buf = decodedData
+		c.offset = n
+	} else {
+		pool.Put(decodedData)
+	}
+	return n, err
+}
+
+func (c *Conn) Write(b []byte) (int, error) {
+	encoded, err := c.Encode(b)
+	if err != nil {
+		return 0, err
+	}
+	_, err = c.Conn.Write(encoded)
+	if err != nil {
+		return 0, err
+	}
+	return len(b), nil
+}
--- a/component/ssr/obfs/tls12_ticket_auth.go
+++ b/component/ssr/obfs/tls12_ticket_auth.go
@ -0,0 +1,291 @@
+package obfs
+
+import (
+	"bytes"
+	"crypto/hmac"
+	"encoding/binary"
+	"fmt"
+	"io"
+	"log"
+	"math/rand"
+	"strings"
+	"time"
+
+	"github.com/Dreamacro/clash/common/pool"
+	"github.com/Dreamacro/clash/component/ssr/tools"
+)
+
+type tlsAuthData struct {
+	localClientID [32]byte
+}
+
+type tls12Ticket struct {
+	*Base
+	*tlsAuthData
+	handshakeStatus int
+	sendSaver       bytes.Buffer
+	recvBuffer      bytes.Buffer
+	buffer          bytes.Buffer
+}
+
+func init() {
+	register("tls1.2_ticket_auth", newTLS12Ticket)
+	register("tls1.2_ticket_fastauth", newTLS12Ticket)
+}
+
+func newTLS12Ticket(b *Base) Obfs {
+	return &tls12Ticket{
+		Base: b,
+	}
+}
+
+func (t *tls12Ticket) initForConn() Obfs {
+	r := &tls12Ticket{
+		Base:        t.Base,
+		tlsAuthData: &tlsAuthData{},
+	}
+	rand.Read(r.localClientID[:])
+	return r
+}
+
+func (t *tls12Ticket) GetObfsOverhead() int {
+	return 5
+}
+
+func (t *tls12Ticket) Decode(b []byte) ([]byte, bool, error) {
+	if t.handshakeStatus == -1 {
+		return b, false, nil
+	}
+	t.buffer.Reset()
+	if t.handshakeStatus == 8 {
+		t.recvBuffer.Write(b)
+		for t.recvBuffer.Len() > 5 {
+			var h [5]byte
+			t.recvBuffer.Read(h[:])
+			if !bytes.Equal(h[:3], []byte{0x17, 0x3, 0x3}) {
+				log.Println("incorrect magic number", h[:3], ", 0x170303 is expected")
+				return nil, false, errTLS12TicketAuthIncorrectMagicNumber
+			}
+			size := int(binary.BigEndian.Uint16(h[3:5]))
+			if t.recvBuffer.Len() < size {
+				// 不够读，下回再读吧
+				unread := t.recvBuffer.Bytes()
+				t.recvBuffer.Reset()
+				t.recvBuffer.Write(h[:])
+				t.recvBuffer.Write(unread)
+				break
+			}
+			d := pool.Get(size)
+			t.recvBuffer.Read(d)
+			t.buffer.Write(d)
+			pool.Put(d)
+		}
+		return t.buffer.Bytes(), false, nil
+	}
+
+	if len(b) < 11+32+1+32 {
+		return nil, false, errTLS12TicketAuthTooShortData
+	}
+
+	hash := t.hmacSHA1(b[11 : 11+22])
+
+	if !hmac.Equal(b[33:33+tools.HmacSHA1Len], hash) {
+		return nil, false, errTLS12TicketAuthHMACError
+	}
+	return nil, true, nil
+}
+
+func (t *tls12Ticket) Encode(b []byte) ([]byte, error) {
+	t.buffer.Reset()
+	switch t.handshakeStatus {
+	case 8:
+		if len(b) < 1024 {
+			d := []byte{0x17, 0x3, 0x3, 0, 0}
+			binary.BigEndian.PutUint16(d[3:5], uint16(len(b)&0xFFFF))
+			t.buffer.Write(d)
+			t.buffer.Write(b)
+			return t.buffer.Bytes(), nil
+		}
+		start := 0
+		var l int
+		for len(b)-start > 2048 {
+			l = rand.Intn(4096) + 100
+			if l > len(b)-start {
+				l = len(b) - start
+			}
+			packData(&t.buffer, b[start:start+l])
+			start += l
+		}
+		if len(b)-start > 0 {
+			l = len(b) - start
+			packData(&t.buffer, b[start:start+l])
+		}
+		return t.buffer.Bytes(), nil
+	case 1:
+		if len(b) > 0 {
+			if len(b) < 1024 {
+				packData(&t.sendSaver, b)
+			} else {
+				start := 0
+				var l int
+				for len(b)-start > 2048 {
+					l = rand.Intn(4096) + 100
+					if l > len(b)-start {
+						l = len(b) - start
+					}
+					packData(&t.buffer, b[start:start+l])
+					start += l
+				}
+				if len(b)-start > 0 {
+					l = len(b) - start
+					packData(&t.buffer, b[start:start+l])
+				}
+				io.Copy(&t.sendSaver, &t.buffer)
+			}
+			return []byte{}, nil
+		}
+		hmacData := make([]byte, 43)
+		handshakeFinish := []byte("\x14\x03\x03\x00\x01\x01\x16\x03\x03\x00\x20")
+		copy(hmacData, handshakeFinish)
+		rand.Read(hmacData[11:33])
+		h := t.hmacSHA1(hmacData[:33])
+		copy(hmacData[33:], h)
+		t.buffer.Write(hmacData)
+		io.Copy(&t.buffer, &t.sendSaver)
+		t.handshakeStatus = 8
+		return t.buffer.Bytes(), nil
+	case 0:
+		tlsData0 := []byte("\x00\x1c\xc0\x2b\xc0\x2f\xcc\xa9\xcc\xa8\xcc\x14\xcc\x13\xc0\x0a\xc0\x14\xc0\x09\xc0\x13\x00\x9c\x00\x35\x00\x2f\x00\x0a\x01\x00")
+		tlsData1 := []byte("\xff\x01\x00\x01\x00")
+		tlsData2 := []byte("\x00\x17\x00\x00\x00\x23\x00\xd0")
+		// tlsData3 := []byte("\x00\x0d\x00\x16\x00\x14\x06\x01\x06\x03\x05\x01\x05\x03\x04\x01\x04\x03\x03\x01\x03\x03\x02\x01\x02\x03\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\x12\x00\x00\x75\x50\x00\x00\x00\x0b\x00\x02\x01\x00\x00\x0a\x00\x06\x00\x04\x00\x17\x00\x18\x00\x15\x00\x66\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
+		tlsData3 := []byte("\x00\x0d\x00\x16\x00\x14\x06\x01\x06\x03\x05\x01\x05\x03\x04\x01\x04\x03\x03\x01\x03\x03\x02\x01\x02\x03\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\x12\x00\x00\x75\x50\x00\x00\x00\x0b\x00\x02\x01\x00\x00\x0a\x00\x06\x00\x04\x00\x17\x00\x18")
+
+		var tlsData [2048]byte
+		tlsDataLen := 0
+		copy(tlsData[0:], tlsData1)
+		tlsDataLen += len(tlsData1)
+		sni := t.sni(t.getHost())
+		copy(tlsData[tlsDataLen:], sni)
+		tlsDataLen += len(sni)
+		copy(tlsData[tlsDataLen:], tlsData2)
+		tlsDataLen += len(tlsData2)
+		ticketLen := rand.Intn(164)*2 + 64
+		tlsData[tlsDataLen-1] = uint8(ticketLen & 0xff)
+		tlsData[tlsDataLen-2] = uint8(ticketLen >> 8)
+		//ticketLen := 208
+		rand.Read(tlsData[tlsDataLen : tlsDataLen+ticketLen])
+		tlsDataLen += ticketLen
+		copy(tlsData[tlsDataLen:], tlsData3)
+		tlsDataLen += len(tlsData3)
+
+		length := 11 + 32 + 1 + 32 + len(tlsData0) + 2 + tlsDataLen
+		encodedData := make([]byte, length)
+		pdata := length - tlsDataLen
+		l := tlsDataLen
+		copy(encodedData[pdata:], tlsData[:tlsDataLen])
+		encodedData[pdata-1] = uint8(tlsDataLen)
+		encodedData[pdata-2] = uint8(tlsDataLen >> 8)
+		pdata -= 2
+		l += 2
+		copy(encodedData[pdata-len(tlsData0):], tlsData0)
+		pdata -= len(tlsData0)
+		l += len(tlsData0)
+		copy(encodedData[pdata-32:], t.localClientID[:])
+		pdata -= 32
+		l += 32
+		encodedData[pdata-1] = 0x20
+		pdata--
+		l++
+		copy(encodedData[pdata-32:], t.packAuthData())
+		pdata -= 32
+		l += 32
+		encodedData[pdata-1] = 0x3
+		encodedData[pdata-2] = 0x3 // tls version
+		pdata -= 2
+		l += 2
+		encodedData[pdata-1] = uint8(l)
+		encodedData[pdata-2] = uint8(l >> 8)
+		encodedData[pdata-3] = 0
+		encodedData[pdata-4] = 1
+		pdata -= 4
+		l += 4
+		encodedData[pdata-1] = uint8(l)
+		encodedData[pdata-2] = uint8(l >> 8)
+		pdata -= 2
+		l += 2
+		encodedData[pdata-1] = 0x1
+		encodedData[pdata-2] = 0x3 // tls version
+		pdata -= 2
+		l += 2
+		encodedData[pdata-1] = 0x16 // tls handshake
+		pdata--
+		l++
+		packData(&t.sendSaver, b)
+		t.handshakeStatus = 1
+		return encodedData, nil
+	default:
+		return nil, fmt.Errorf("unexpected handshake status: %d", t.handshakeStatus)
+	}
+}
+
+func (t *tls12Ticket) hmacSHA1(data []byte) []byte {
+	key := make([]byte, len(t.Key)+32)
+	copy(key, t.Key)
+	copy(key[len(t.Key):], t.localClientID[:])
+
+	sha1Data := tools.HmacSHA1(key, data)
+	return sha1Data[:tools.HmacSHA1Len]
+}
+
+func (t *tls12Ticket) sni(u string) []byte {
+	bURL := []byte(u)
+	length := len(bURL)
+	ret := make([]byte, length+9)
+	copy(ret[9:9+length], bURL)
+	binary.BigEndian.PutUint16(ret[7:], uint16(length&0xFFFF))
+	length += 3
+	binary.BigEndian.PutUint16(ret[4:], uint16(length&0xFFFF))
+	length += 2
+	binary.BigEndian.PutUint16(ret[2:], uint16(length&0xFFFF))
+	return ret
+}
+
+func (t *tls12Ticket) getHost() string {
+	host := t.Host
+	if len(t.Param) > 0 {
+		hosts := strings.Split(t.Param, ",")
+		if len(hosts) > 0 {
+
+			host = hosts[rand.Intn(len(hosts))]
+			host = strings.TrimSpace(host)
+		}
+	}
+	if len(host) > 0 && host[len(host)-1] >= byte('0') && host[len(host)-1] <= byte('9') && len(t.Param) == 0 {
+		host = ""
+	}
+	return host
+}
+
+func (t *tls12Ticket) packAuthData() (ret []byte) {
+	retSize := 32
+	ret = make([]byte, retSize)
+
+	now := time.Now().Unix()
+	binary.BigEndian.PutUint32(ret[:4], uint32(now))
+
+	rand.Read(ret[4 : 4+18])
+
+	hash := t.hmacSHA1(ret[:retSize-tools.HmacSHA1Len])
+	copy(ret[retSize-tools.HmacSHA1Len:], hash)
+
+	return
+}
+
+func packData(buffer *bytes.Buffer, suffix []byte) {
+	d := []byte{0x17, 0x3, 0x3, 0, 0}
+	binary.BigEndian.PutUint16(d[3:5], uint16(len(suffix)&0xFFFF))
+	buffer.Write(d)
+	buffer.Write(suffix)
+	return
+}
--- a/component/ssr/protocol/auth_aes128_md5.go
+++ b/component/ssr/protocol/auth_aes128_md5.go
@ -0,0 +1,310 @@
+package protocol
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"encoding/base64"
+	"encoding/binary"
+	"math/rand"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/Dreamacro/clash/common/pool"
+	"github.com/Dreamacro/clash/component/ssr/tools"
+	"github.com/Dreamacro/go-shadowsocks2/core"
+)
+
+type authAES128 struct {
+	*Base
+	*recvInfo
+	*authData
+	hasSentHeader bool
+	packID        uint32
+	userKey       []byte
+	uid           [4]byte
+	salt          string
+	hmac          hmacMethod
+	hashDigest    hashDigestMethod
+}
+
+func init() {
+	register("auth_aes128_md5", newAuthAES128MD5)
+}
+
+func newAuthAES128MD5(b *Base) Protocol {
+	return &authAES128{
+		Base:       b,
+		authData:   &authData{},
+		salt:       "auth_aes128_md5",
+		hmac:       tools.HmacMD5,
+		hashDigest: tools.MD5Sum,
+	}
+}
+
+func (a *authAES128) initForConn(iv []byte) Protocol {
+	return &authAES128{
+		Base: &Base{
+			IV:       iv,
+			Key:      a.Key,
+			TCPMss:   a.TCPMss,
+			Overhead: a.Overhead,
+			Param:    a.Param,
+		},
+		recvInfo:   &recvInfo{recvID: 1, buffer: new(bytes.Buffer)},
+		authData:   a.authData,
+		packID:     1,
+		salt:       a.salt,
+		hmac:       a.hmac,
+		hashDigest: a.hashDigest,
+	}
+}
+
+func (a *authAES128) GetProtocolOverhead() int {
+	return 9
+}
+
+func (a *authAES128) SetOverhead(overhead int) {
+	a.Overhead = overhead
+}
+
+func (a *authAES128) Decode(b []byte) ([]byte, int, error) {
+	a.buffer.Reset()
+	bSize := len(b)
+	readSize := 0
+	key := pool.Get(len(a.userKey) + 4)
+	defer pool.Put(key)
+	copy(key, a.userKey)
+	for bSize > 4 {
+		binary.LittleEndian.PutUint32(key[len(key)-4:], a.recvID)
+
+		h := a.hmac(key, b[:2])
+		if !bytes.Equal(h[:2], b[2:4]) {
+			return nil, 0, errAuthAES128IncorrectMAC
+		}
+
+		length := int(binary.LittleEndian.Uint16(b[:2]))
+		if length >= 8192 || length < 8 {
+			return nil, 0, errAuthAES128DataLengthError
+		}
+		if length > bSize {
+			break
+		}
+
+		h = a.hmac(key, b[:length-4])
+		if !bytes.Equal(h[:4], b[length-4:length]) {
+			return nil, 0, errAuthAES128IncorrectChecksum
+		}
+
+		a.recvID++
+		pos := int(b[4])
+		if pos < 255 {
+			pos += 4
+		} else {
+			pos = int(binary.LittleEndian.Uint16(b[5:7])) + 4
+		}
+
+		if pos > length-4 {
+			return nil, 0, errAuthAES128PositionTooLarge
+		}
+		a.buffer.Write(b[pos : length-4])
+		b = b[length:]
+		bSize -= length
+		readSize += length
+	}
+	return a.buffer.Bytes(), readSize, nil
+}
+
+func (a *authAES128) Encode(b []byte) ([]byte, error) {
+	a.buffer.Reset()
+	bSize := len(b)
+	offset := 0
+	if bSize > 0 && !a.hasSentHeader {
+		authSize := bSize
+		if authSize > 1200 {
+			authSize = 1200
+		}
+		a.hasSentHeader = true
+		a.buffer.Write(a.packAuthData(b[:authSize]))
+		bSize -= authSize
+		offset += authSize
+	}
+	const blockSize = 4096
+	for bSize > blockSize {
+		packSize, randSize := a.packedDataSize(b[offset : offset+blockSize])
+		pack := pool.Get(packSize)
+		a.packData(b[offset:offset+blockSize], pack, randSize)
+		a.buffer.Write(pack)
+		pool.Put(pack)
+		bSize -= blockSize
+		offset += blockSize
+	}
+	if bSize > 0 {
+		packSize, randSize := a.packedDataSize(b[offset:])
+		pack := pool.Get(packSize)
+		a.packData(b[offset:], pack, randSize)
+		a.buffer.Write(pack)
+		pool.Put(pack)
+	}
+	return a.buffer.Bytes(), nil
+}
+
+func (a *authAES128) DecodePacket(b []byte) ([]byte, int, error) {
+	bSize := len(b)
+	h := a.hmac(a.Key, b[:bSize-4])
+	if !bytes.Equal(h[:4], b[bSize-4:]) {
+		return nil, 0, errAuthAES128IncorrectMAC
+	}
+	return b[:bSize-4], bSize - 4, nil
+}
+
+func (a *authAES128) EncodePacket(b []byte) ([]byte, error) {
+	a.initUserKeyAndID()
+
+	var buf bytes.Buffer
+	buf.Write(b)
+	buf.Write(a.uid[:])
+	h := a.hmac(a.userKey, buf.Bytes())
+	buf.Write(h[:4])
+	return buf.Bytes(), nil
+}
+
+func (a *authAES128) initUserKeyAndID() {
+	if a.userKey == nil {
+		params := strings.Split(a.Param, ":")
+		if len(params) >= 2 {
+			if userID, err := strconv.ParseUint(params[0], 10, 32); err == nil {
+				binary.LittleEndian.PutUint32(a.uid[:], uint32(userID))
+				a.userKey = a.hashDigest([]byte(params[1]))
+			}
+		}
+
+		if a.userKey == nil {
+			rand.Read(a.uid[:])
+			a.userKey = make([]byte, len(a.Key))
+			copy(a.userKey, a.Key)
+		}
+	}
+}
+
+func (a *authAES128) packedDataSize(data []byte) (packSize, randSize int) {
+	dataSize := len(data)
+	randSize = 1
+	if dataSize <= 1200 {
+		if a.packID > 4 {
+			randSize += rand.Intn(32)
+		} else {
+			if dataSize > 900 {
+				randSize += rand.Intn(128)
+			} else {
+				randSize += rand.Intn(512)
+			}
+		}
+	}
+	packSize = randSize + dataSize + 8
+	return
+}
+
+func (a *authAES128) packData(data, ret []byte, randSize int) {
+	dataSize := len(data)
+	retSize := len(ret)
+	// 0~1, ret_size
+	binary.LittleEndian.PutUint16(ret[0:], uint16(retSize&0xFFFF))
+	// 2~3, hmac
+	key := pool.Get(len(a.userKey) + 4)
+	defer pool.Put(key)
+	copy(key, a.userKey)
+	binary.LittleEndian.PutUint32(key[len(key)-4:], a.packID)
+	h := a.hmac(key, ret[:2])
+	copy(ret[2:4], h[:2])
+	// 4~rand_size+4, rand number
+	rand.Read(ret[4 : 4+randSize])
+	// 4, rand_size
+	if randSize < 128 {
+		ret[4] = byte(randSize & 0xFF)
+	} else {
+		// 4, magic number 0xFF
+		ret[4] = 0xFF
+		// 5~6, rand_size
+		binary.LittleEndian.PutUint16(ret[5:], uint16(randSize&0xFFFF))
+	}
+	// rand_size+4~ret_size-4, data
+	if dataSize > 0 {
+		copy(ret[randSize+4:], data)
+	}
+	a.packID++
+	h = a.hmac(key, ret[:retSize-4])
+	copy(ret[retSize-4:], h[:4])
+}
+
+func (a *authAES128) packAuthData(data []byte) (ret []byte) {
+	dataSize := len(data)
+	var randSize int
+
+	if dataSize > 400 {
+		randSize = rand.Intn(512)
+	} else {
+		randSize = rand.Intn(1024)
+	}
+
+	dataOffset := randSize + 16 + 4 + 4 + 7
+	retSize := dataOffset + dataSize + 4
+	ret = make([]byte, retSize)
+	encrypt := make([]byte, 24)
+	key := make([]byte, len(a.IV)+len(a.Key))
+	copy(key, a.IV)
+	copy(key[len(a.IV):], a.Key)
+
+	rand.Read(ret[dataOffset-randSize:])
+	a.mutex.Lock()
+	defer a.mutex.Unlock()
+	a.connectionID++
+	if a.connectionID > 0xFF000000 {
+		a.clientID = nil
+	}
+	if len(a.clientID) == 0 {
+		a.clientID = make([]byte, 8)
+		rand.Read(a.clientID)
+		b := make([]byte, 4)
+		rand.Read(b)
+		a.connectionID = binary.LittleEndian.Uint32(b) & 0xFFFFFF
+	}
+	copy(encrypt[4:], a.clientID)
+	binary.LittleEndian.PutUint32(encrypt[8:], a.connectionID)
+
+	now := time.Now().Unix()
+	binary.LittleEndian.PutUint32(encrypt[:4], uint32(now))
+
+	binary.LittleEndian.PutUint16(encrypt[12:], uint16(retSize&0xFFFF))
+	binary.LittleEndian.PutUint16(encrypt[14:], uint16(randSize&0xFFFF))
+
+	a.initUserKeyAndID()
+
+	aesCipherKey := core.Kdf(base64.StdEncoding.EncodeToString(a.userKey)+a.salt, 16)
+	block, err := aes.NewCipher(aesCipherKey)
+	if err != nil {
+		return nil
+	}
+	encryptData := make([]byte, 16)
+	iv := make([]byte, aes.BlockSize)
+	cbc := cipher.NewCBCEncrypter(block, iv)
+	cbc.CryptBlocks(encryptData, encrypt[:16])
+	copy(encrypt[:4], a.uid[:])
+	copy(encrypt[4:4+16], encryptData)
+
+	h := a.hmac(key, encrypt[:20])
+	copy(encrypt[20:], h[:4])
+
+	rand.Read(ret[:1])
+	h = a.hmac(key, ret[:1])
+	copy(ret[1:], h[:7-1])
+
+	copy(ret[7:], encrypt)
+	copy(ret[dataOffset:], data)
+
+	h = a.hmac(a.userKey, ret[:retSize-4])
+	copy(ret[retSize-4:], h[:4])
+
+	return
+}
--- a/component/ssr/protocol/auth_aes128_sha1.go
+++ b/component/ssr/protocol/auth_aes128_sha1.go
@ -0,0 +1,22 @@
+package protocol
+
+import (
+	"bytes"
+
+	"github.com/Dreamacro/clash/component/ssr/tools"
+)
+
+func init() {
+	register("auth_aes128_sha1", newAuthAES128SHA1)
+}
+
+func newAuthAES128SHA1(b *Base) Protocol {
+	return &authAES128{
+		Base:       b,
+		recvInfo:   &recvInfo{buffer: new(bytes.Buffer)},
+		authData:   &authData{},
+		salt:       "auth_aes128_sha1",
+		hmac:       tools.HmacSHA1,
+		hashDigest: tools.SHA1Sum,
+	}
+}
--- a/component/ssr/protocol/auth_chain_a.go
+++ b/component/ssr/protocol/auth_chain_a.go
@ -0,0 +1,428 @@
+package protocol
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rc4"
+	"encoding/base64"
+	"encoding/binary"
+	"math/rand"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/Dreamacro/clash/common/pool"
+	"github.com/Dreamacro/clash/component/ssr/tools"
+	"github.com/Dreamacro/go-shadowsocks2/core"
+)
+
+type authChain struct {
+	*Base
+	*recvInfo
+	*authData
+	randomClient   shift128PlusContext
+	randomServer   shift128PlusContext
+	enc            cipher.Stream
+	dec            cipher.Stream
+	headerSent     bool
+	lastClientHash []byte
+	lastServerHash []byte
+	userKey        []byte
+	uid            [4]byte
+	salt           string
+	hmac           hmacMethod
+	hashDigest     hashDigestMethod
+	rnd            rndMethod
+	dataSizeList   []int
+	dataSizeList2  []int
+	chunkID        uint32
+}
+
+func init() {
+	register("auth_chain_a", newAuthChainA)
+}
+
+func newAuthChainA(b *Base) Protocol {
+	return &authChain{
+		Base:       b,
+		authData:   &authData{},
+		salt:       "auth_chain_a",
+		hmac:       tools.HmacMD5,
+		hashDigest: tools.SHA1Sum,
+		rnd:        authChainAGetRandLen,
+	}
+}
+
+func (a *authChain) initForConn(iv []byte) Protocol {
+	r := &authChain{
+		Base: &Base{
+			IV:       iv,
+			Key:      a.Key,
+			TCPMss:   a.TCPMss,
+			Overhead: a.Overhead,
+			Param:    a.Param,
+		},
+		recvInfo:   &recvInfo{recvID: 1, buffer: new(bytes.Buffer)},
+		authData:   a.authData,
+		salt:       a.salt,
+		hmac:       a.hmac,
+		hashDigest: a.hashDigest,
+		rnd:        a.rnd,
+	}
+	if r.salt == "auth_chain_b" {
+		initDataSize(r)
+	}
+	return r
+}
+
+func (a *authChain) GetProtocolOverhead() int {
+	return 4
+}
+
+func (a *authChain) SetOverhead(overhead int) {
+	a.Overhead = overhead
+}
+
+func (a *authChain) Decode(b []byte) ([]byte, int, error) {
+	a.buffer.Reset()
+	key := pool.Get(len(a.userKey) + 4)
+	defer pool.Put(key)
+	readSize := 0
+	copy(key, a.userKey)
+	for len(b) > 4 {
+		binary.LittleEndian.PutUint32(key[len(a.userKey):], a.recvID)
+		dataLen := (int)((uint(b[1]^a.lastServerHash[15]) << 8) + uint(b[0]^a.lastServerHash[14]))
+		randLen := a.getServerRandLen(dataLen, a.Overhead)
+		length := randLen + dataLen
+		if length >= 4096 {
+			return nil, 0, errAuthChainDataLengthError
+		}
+		length += 4
+		if length > len(b) {
+			break
+		}
+
+		hash := a.hmac(key, b[:length-2])
+		if !bytes.Equal(hash[:2], b[length-2:length]) {
+			return nil, 0, errAuthChainHMACError
+		}
+		var dataPos int
+		if dataLen > 0 && randLen > 0 {
+			dataPos = 2 + getRandStartPos(&a.randomServer, randLen)
+		} else {
+			dataPos = 2
+		}
+		d := pool.Get(dataLen)
+		a.dec.XORKeyStream(d, b[dataPos:dataPos+dataLen])
+		a.buffer.Write(d)
+		pool.Put(d)
+		if a.recvID == 1 {
+			a.TCPMss = int(binary.LittleEndian.Uint16(a.buffer.Next(2)))
+		}
+		a.lastServerHash = hash
+		a.recvID++
+		b = b[length:]
+		readSize += length
+	}
+	return a.buffer.Bytes(), readSize, nil
+}
+
+func (a *authChain) Encode(b []byte) ([]byte, error) {
+	a.buffer.Reset()
+	bSize := len(b)
+	offset := 0
+	if bSize > 0 && !a.headerSent {
+		headSize := 1200
+		if headSize > bSize {
+			headSize = bSize
+		}
+		a.buffer.Write(a.packAuthData(b[:headSize]))
+		offset += headSize
+		bSize -= headSize
+		a.headerSent = true
+	}
+	var unitSize = a.TCPMss - a.Overhead
+	for bSize > unitSize {
+		dataLen, randLength := a.packedDataLen(b[offset : offset+unitSize])
+		d := pool.Get(dataLen)
+		a.packData(d, b[offset:offset+unitSize], randLength)
+		a.buffer.Write(d)
+		pool.Put(d)
+		bSize -= unitSize
+		offset += unitSize
+	}
+	if bSize > 0 {
+		dataLen, randLength := a.packedDataLen(b[offset:])
+		d := pool.Get(dataLen)
+		a.packData(d, b[offset:], randLength)
+		a.buffer.Write(d)
+		pool.Put(d)
+	}
+	return a.buffer.Bytes(), nil
+}
+
+func (a *authChain) DecodePacket(b []byte) ([]byte, int, error) {
+	bSize := len(b)
+	if bSize < 9 {
+		return nil, 0, errAuthChainDataLengthError
+	}
+	h := a.hmac(a.userKey, b[:bSize-1])
+	if h[0] != b[bSize-1] {
+		return nil, 0, errAuthChainHMACError
+	}
+	hash := a.hmac(a.Key, b[bSize-8:bSize-1])
+	cipherKey := a.getRC4CipherKey(hash)
+	dec, _ := rc4.NewCipher(cipherKey)
+	randLength := udpGetRandLen(&a.randomServer, hash)
+	bSize -= 8 + randLength
+	dec.XORKeyStream(b, b[:bSize])
+	return b, bSize, nil
+}
+
+func (a *authChain) EncodePacket(b []byte) ([]byte, error) {
+	a.initUserKeyAndID()
+	authData := pool.Get(3)
+	defer pool.Put(authData)
+	rand.Read(authData)
+	hash := a.hmac(a.Key, authData)
+	uid := pool.Get(4)
+	defer pool.Put(uid)
+	for i := 0; i < 4; i++ {
+		uid[i] = a.uid[i] ^ hash[i]
+	}
+
+	cipherKey := a.getRC4CipherKey(hash)
+	enc, _ := rc4.NewCipher(cipherKey)
+	var buf bytes.Buffer
+	enc.XORKeyStream(b, b)
+	buf.Write(b)
+
+	randLength := udpGetRandLen(&a.randomClient, hash)
+	randBytes := pool.Get(randLength)
+	defer pool.Put(randBytes)
+	buf.Write(randBytes)
+
+	buf.Write(authData)
+	buf.Write(uid)
+
+	h := a.hmac(a.userKey, buf.Bytes())
+	buf.Write(h[:1])
+	return buf.Bytes(), nil
+}
+
+func (a *authChain) getRC4CipherKey(hash []byte) []byte {
+	base64UserKey := base64.StdEncoding.EncodeToString(a.userKey)
+	return a.calcRC4CipherKey(hash, base64UserKey)
+}
+
+func (a *authChain) calcRC4CipherKey(hash []byte, base64UserKey string) []byte {
+	password := pool.Get(len(base64UserKey) + base64.StdEncoding.EncodedLen(16))
+	defer pool.Put(password)
+	copy(password, base64UserKey)
+	base64.StdEncoding.Encode(password[len(base64UserKey):], hash[:16])
+	return core.Kdf(string(password), 16)
+}
+
+func (a *authChain) initUserKeyAndID() {
+	if a.userKey == nil {
+		params := strings.Split(a.Param, ":")
+		if len(params) >= 2 {
+			if userID, err := strconv.ParseUint(params[0], 10, 32); err == nil {
+				binary.LittleEndian.PutUint32(a.uid[:], uint32(userID))
+				a.userKey = []byte(params[1])[:len(a.userKey)]
+			}
+		}
+
+		if a.userKey == nil {
+			rand.Read(a.uid[:])
+			a.userKey = make([]byte, len(a.Key))
+			copy(a.userKey, a.Key)
+		}
+	}
+}
+
+func (a *authChain) getClientRandLen(dataLength int, overhead int) int {
+	return a.rnd(dataLength, &a.randomClient, a.lastClientHash, a.dataSizeList, a.dataSizeList2, overhead)
+}
+
+func (a *authChain) getServerRandLen(dataLength int, overhead int) int {
+	return a.rnd(dataLength, &a.randomServer, a.lastServerHash, a.dataSizeList, a.dataSizeList2, overhead)
+}
+
+func (a *authChain) packedDataLen(data []byte) (chunkLength, randLength int) {
+	dataLength := len(data)
+	randLength = a.getClientRandLen(dataLength, a.Overhead)
+	chunkLength = randLength + dataLength + 2 + 2
+	return
+}
+
+func (a *authChain) packData(outData []byte, data []byte, randLength int) {
+	dataLength := len(data)
+	outLength := randLength + dataLength + 2
+	outData[0] = byte(dataLength) ^ a.lastClientHash[14]
+	outData[1] = byte(dataLength>>8) ^ a.lastClientHash[15]
+
+	{
+		if dataLength > 0 {
+			randPart1Length := getRandStartPos(&a.randomClient, randLength)
+			rand.Read(outData[2 : 2+randPart1Length])
+			a.enc.XORKeyStream(outData[2+randPart1Length:], data)
+			rand.Read(outData[2+randPart1Length+dataLength : outLength])
+		} else {
+			rand.Read(outData[2 : 2+randLength])
+		}
+	}
+
+	userKeyLen := uint8(len(a.userKey))
+	key := pool.Get(int(userKeyLen + 4))
+	defer pool.Put(key)
+	copy(key, a.userKey)
+	a.chunkID++
+	binary.LittleEndian.PutUint32(key[userKeyLen:], a.chunkID)
+	a.lastClientHash = a.hmac(key, outData[:outLength])
+	copy(outData[outLength:], a.lastClientHash[:2])
+	return
+}
+
+const authHeadLength = 4 + 8 + 4 + 16 + 4
+
+func (a *authChain) packAuthData(data []byte) (outData []byte) {
+	outData = make([]byte, authHeadLength, authHeadLength+1500)
+	a.mutex.Lock()
+	defer a.mutex.Unlock()
+	a.connectionID++
+	if a.connectionID > 0xFF000000 {
+		rand.Read(a.clientID)
+		b := make([]byte, 4)
+		rand.Read(b)
+		a.connectionID = binary.LittleEndian.Uint32(b) & 0xFFFFFF
+	}
+	var key = make([]byte, len(a.IV)+len(a.Key))
+	copy(key, a.IV)
+	copy(key[len(a.IV):], a.Key)
+
+	encrypt := make([]byte, 20)
+	t := time.Now().Unix()
+	binary.LittleEndian.PutUint32(encrypt[:4], uint32(t))
+	copy(encrypt[4:8], a.clientID)
+	binary.LittleEndian.PutUint32(encrypt[8:], a.connectionID)
+	binary.LittleEndian.PutUint16(encrypt[12:], uint16(a.Overhead))
+	binary.LittleEndian.PutUint16(encrypt[14:], 0)
+
+	// first 12 bytes
+	{
+		rand.Read(outData[:4])
+		a.lastClientHash = a.hmac(key, outData[:4])
+		copy(outData[4:], a.lastClientHash[:8])
+	}
+	var base64UserKey string
+	// uid & 16 bytes auth data
+	{
+		a.initUserKeyAndID()
+		uid := make([]byte, 4)
+		for i := 0; i < 4; i++ {
+			uid[i] = a.uid[i] ^ a.lastClientHash[8+i]
+		}
+		base64UserKey = base64.StdEncoding.EncodeToString(a.userKey)
+		aesCipherKey := core.Kdf(base64UserKey+a.salt, 16)
+		block, err := aes.NewCipher(aesCipherKey)
+		if err != nil {
+			return
+		}
+		encryptData := make([]byte, 16)
+		iv := make([]byte, aes.BlockSize)
+		cbc := cipher.NewCBCEncrypter(block, iv)
+		cbc.CryptBlocks(encryptData, encrypt[:16])
+		copy(encrypt[:4], uid[:])
+		copy(encrypt[4:4+16], encryptData)
+	}
+	// final HMAC
+	{
+		a.lastServerHash = a.hmac(a.userKey, encrypt[:20])
+
+		copy(outData[12:], encrypt)
+		copy(outData[12+20:], a.lastServerHash[:4])
+	}
+
+	// init cipher
+	cipherKey := a.calcRC4CipherKey(a.lastClientHash, base64UserKey)
+	a.enc, _ = rc4.NewCipher(cipherKey)
+	a.dec, _ = rc4.NewCipher(cipherKey)
+
+	// data
+	chunkLength, randLength := a.packedDataLen(data)
+	if chunkLength <= 1500 {
+		outData = outData[:authHeadLength+chunkLength]
+	} else {
+		newOutData := make([]byte, authHeadLength+chunkLength)
+		copy(newOutData, outData[:authHeadLength])
+		outData = newOutData
+	}
+	a.packData(outData[authHeadLength:], data, randLength)
+	return
+}
+
+func getRandStartPos(random *shift128PlusContext, randLength int) int {
+	if randLength > 0 {
+		return int(random.Next() % 8589934609 % uint64(randLength))
+	}
+	return 0
+}
+
+func authChainAGetRandLen(dataLength int, random *shift128PlusContext, lastHash []byte, dataSizeList, dataSizeList2 []int, overhead int) int {
+	if dataLength > 1440 {
+		return 0
+	}
+	random.InitFromBinDatalen(lastHash[:16], dataLength)
+	if dataLength > 1300 {
+		return int(random.Next() % 31)
+	}
+	if dataLength > 900 {
+		return int(random.Next() % 127)
+	}
+	if dataLength > 400 {
+		return int(random.Next() % 521)
+	}
+	return int(random.Next() % 1021)
+}
+
+func udpGetRandLen(random *shift128PlusContext, lastHash []byte) int {
+	random.InitFromBin(lastHash[:16])
+	return int(random.Next() % 127)
+}
+
+type shift128PlusContext struct {
+	v [2]uint64
+}
+
+func (ctx *shift128PlusContext) InitFromBin(bin []byte) {
+	var fillBin [16]byte
+	copy(fillBin[:], bin)
+
+	ctx.v[0] = binary.LittleEndian.Uint64(fillBin[:8])
+	ctx.v[1] = binary.LittleEndian.Uint64(fillBin[8:])
+}
+
+func (ctx *shift128PlusContext) InitFromBinDatalen(bin []byte, datalen int) {
+	var fillBin [16]byte
+	copy(fillBin[:], bin)
+	binary.LittleEndian.PutUint16(fillBin[:2], uint16(datalen))
+
+	ctx.v[0] = binary.LittleEndian.Uint64(fillBin[:8])
+	ctx.v[1] = binary.LittleEndian.Uint64(fillBin[8:])
+
+	for i := 0; i < 4; i++ {
+		ctx.Next()
+	}
+}
+
+func (ctx *shift128PlusContext) Next() uint64 {
+	x := ctx.v[0]
+	y := ctx.v[1]
+	ctx.v[0] = y
+	x ^= x << 23
+	x ^= y ^ (x >> 17) ^ (y >> 26)
+	ctx.v[1] = x
+	return x + y
+}
--- a/component/ssr/protocol/auth_chain_b.go
+++ b/component/ssr/protocol/auth_chain_b.go
@ -0,0 +1,72 @@
+package protocol
+
+import (
+	"sort"
+
+	"github.com/Dreamacro/clash/component/ssr/tools"
+)
+
+func init() {
+	register("auth_chain_b", newAuthChainB)
+}
+
+func newAuthChainB(b *Base) Protocol {
+	return &authChain{
+		Base:       b,
+		authData:   &authData{},
+		salt:       "auth_chain_b",
+		hmac:       tools.HmacMD5,
+		hashDigest: tools.SHA1Sum,
+		rnd:        authChainBGetRandLen,
+	}
+}
+
+func initDataSize(r *authChain) {
+	random := &r.randomServer
+	random.InitFromBin(r.Key)
+	len := random.Next()%8 + 4
+	r.dataSizeList = make([]int, len)
+	for i := 0; i < int(len); i++ {
+		r.dataSizeList[i] = int(random.Next() % 2340 % 2040 % 1440)
+	}
+	sort.Ints(r.dataSizeList)
+
+	len = random.Next()%16 + 8
+	r.dataSizeList2 = make([]int, len)
+	for i := 0; i < int(len); i++ {
+		r.dataSizeList2[i] = int(random.Next() % 2340 % 2040 % 1440)
+	}
+	sort.Ints(r.dataSizeList2)
+}
+
+func authChainBGetRandLen(dataLength int, random *shift128PlusContext, lastHash []byte, dataSizeList, dataSizeList2 []int, overhead int) int {
+	if dataLength > 1440 {
+		return 0
+	}
+	random.InitFromBinDatalen(lastHash[:16], dataLength)
+	pos := sort.Search(len(dataSizeList), func(i int) bool { return dataSizeList[i] > dataLength+overhead })
+	finalPos := uint64(pos) + random.Next()%uint64(len(dataSizeList))
+	if finalPos < uint64(len(dataSizeList)) {
+		return dataSizeList[finalPos] - dataLength - overhead
+	}
+
+	pos = sort.Search(len(dataSizeList2), func(i int) bool { return dataSizeList2[i] > dataLength+overhead })
+	finalPos = uint64(pos) + random.Next()%uint64(len(dataSizeList2))
+	if finalPos < uint64(len(dataSizeList2)) {
+		return dataSizeList2[finalPos] - dataLength - overhead
+	}
+	if finalPos < uint64(pos+len(dataSizeList2)-1) {
+		return 0
+	}
+
+	if dataLength > 1300 {
+		return int(random.Next() % 31)
+	}
+	if dataLength > 900 {
+		return int(random.Next() % 127)
+	}
+	if dataLength > 400 {
+		return int(random.Next() % 521)
+	}
+	return int(random.Next() % 1021)
+}
--- a/component/ssr/protocol/auth_sha1_v4.go
+++ b/component/ssr/protocol/auth_sha1_v4.go
@ -0,0 +1,253 @@
+package protocol
+
+import (
+	"bytes"
+	"encoding/binary"
+	"hash/adler32"
+	"hash/crc32"
+	"math/rand"
+	"time"
+
+	"github.com/Dreamacro/clash/common/pool"
+	"github.com/Dreamacro/clash/component/ssr/tools"
+)
+
+type authSHA1V4 struct {
+	*Base
+	*authData
+	headerSent bool
+	buffer     bytes.Buffer
+}
+
+func init() {
+	register("auth_sha1_v4", newAuthSHA1V4)
+}
+
+func newAuthSHA1V4(b *Base) Protocol {
+	return &authSHA1V4{Base: b, authData: &authData{}}
+}
+
+func (a *authSHA1V4) initForConn(iv []byte) Protocol {
+	return &authSHA1V4{
+		Base: &Base{
+			IV:       iv,
+			Key:      a.Key,
+			TCPMss:   a.TCPMss,
+			Overhead: a.Overhead,
+			Param:    a.Param,
+		},
+		authData: a.authData,
+	}
+}
+
+func (a *authSHA1V4) GetProtocolOverhead() int {
+	return 7
+}
+
+func (a *authSHA1V4) SetOverhead(overhead int) {
+	a.Overhead = overhead
+}
+
+func (a *authSHA1V4) Decode(b []byte) ([]byte, int, error) {
+	a.buffer.Reset()
+	bSize := len(b)
+	originalSize := bSize
+	for bSize > 4 {
+		crc := crc32.ChecksumIEEE(b[:2]) & 0xFFFF
+		if binary.LittleEndian.Uint16(b[2:4]) != uint16(crc) {
+			return nil, 0, errAuthSHA1v4CRC32Error
+		}
+		length := int(binary.BigEndian.Uint16(b[:2]))
+		if length >= 8192 || length < 8 {
+			return nil, 0, errAuthSHA1v4DataLengthError
+		}
+		if length > bSize {
+			break
+		}
+
+		if adler32.Checksum(b[:length-4]) == binary.LittleEndian.Uint32(b[length-4:]) {
+			pos := int(b[4])
+			if pos != 0xFF {
+				pos += 4
+			} else {
+				pos = int(binary.BigEndian.Uint16(b[5:5+2])) + 4
+			}
+			retSize := length - pos - 4
+			a.buffer.Write(b[pos : pos+retSize])
+			bSize -= length
+			b = b[length:]
+		} else {
+			return nil, 0, errAuthSHA1v4IncorrectChecksum
+		}
+	}
+	return a.buffer.Bytes(), originalSize - bSize, nil
+}
+
+func (a *authSHA1V4) Encode(b []byte) ([]byte, error) {
+	a.buffer.Reset()
+	bSize := len(b)
+	offset := 0
+	if !a.headerSent && bSize > 0 {
+		headSize := getHeadSize(b, 30)
+		if headSize > bSize {
+			headSize = bSize
+		}
+		a.buffer.Write(a.packAuthData(b[:headSize]))
+		offset += headSize
+		bSize -= headSize
+		a.headerSent = true
+	}
+	const blockSize = 4096
+	for bSize > blockSize {
+		packSize, randSize := a.packedDataSize(b[offset : offset+blockSize])
+		pack := pool.Get(packSize)
+		a.packData(b[offset:offset+blockSize], pack, randSize)
+		a.buffer.Write(pack)
+		pool.Put(pack)
+		offset += blockSize
+		bSize -= blockSize
+	}
+	if bSize > 0 {
+		packSize, randSize := a.packedDataSize(b[offset:])
+		pack := pool.Get(packSize)
+		a.packData(b[offset:], pack, randSize)
+		a.buffer.Write(pack)
+		pool.Put(pack)
+	}
+	return a.buffer.Bytes(), nil
+}
+
+func (a *authSHA1V4) DecodePacket(b []byte) ([]byte, int, error) {
+	return b, len(b), nil
+}
+
+func (a *authSHA1V4) EncodePacket(b []byte) ([]byte, error) {
+	return b, nil
+}
+
+func (a *authSHA1V4) packedDataSize(data []byte) (packSize, randSize int) {
+	dataSize := len(data)
+	randSize = 1
+	if dataSize <= 1300 {
+		if dataSize > 400 {
+			randSize += rand.Intn(128)
+		} else {
+			randSize += rand.Intn(1024)
+		}
+	}
+	packSize = randSize + dataSize + 8
+	return
+}
+
+func (a *authSHA1V4) packData(data, ret []byte, randSize int) {
+	dataSize := len(data)
+	retSize := len(ret)
+	// 0~1, ret size
+	binary.BigEndian.PutUint16(ret[:2], uint16(retSize&0xFFFF))
+	// 2~3, crc of ret size
+	crc := crc32.ChecksumIEEE(ret[:2]) & 0xFFFF
+	binary.LittleEndian.PutUint16(ret[2:4], uint16(crc))
+	// 4, rand size
+	if randSize < 128 {
+		ret[4] = uint8(randSize & 0xFF)
+	} else {
+		ret[4] = uint8(0xFF)
+		binary.BigEndian.PutUint16(ret[5:7], uint16(randSize&0xFFFF))
+	}
+	// (rand size+4)~(ret size-4), data
+	if dataSize > 0 {
+		copy(ret[randSize+4:], data)
+	}
+	// (ret size-4)~end, adler32 of full data
+	adler := adler32.Checksum(ret[:retSize-4])
+	binary.LittleEndian.PutUint32(ret[retSize-4:], adler)
+}
+
+func (a *authSHA1V4) packAuthData(data []byte) (ret []byte) {
+	dataSize := len(data)
+	randSize := 1
+	if dataSize <= 1300 {
+		if dataSize > 400 {
+			randSize += rand.Intn(128)
+		} else {
+			randSize += rand.Intn(1024)
+		}
+	}
+	dataOffset := randSize + 4 + 2
+	retSize := dataOffset + dataSize + 12 + tools.HmacSHA1Len
+	ret = make([]byte, retSize)
+	a.mutex.Lock()
+	defer a.mutex.Unlock()
+	a.connectionID++
+	if a.connectionID > 0xFF000000 {
+		a.clientID = nil
+	}
+	if len(a.clientID) == 0 {
+		a.clientID = make([]byte, 8)
+		rand.Read(a.clientID)
+		b := make([]byte, 4)
+		rand.Read(b)
+		a.connectionID = binary.LittleEndian.Uint32(b) & 0xFFFFFF
+	}
+	// 0~1, ret size
+	binary.BigEndian.PutUint16(ret[:2], uint16(retSize&0xFFFF))
+
+	// 2~6, crc of (ret size+salt+key)
+	salt := []byte("auth_sha1_v4")
+	crcData := make([]byte, len(salt)+len(a.Key)+2)
+	copy(crcData[:2], ret[:2])
+	copy(crcData[2:], salt)
+	copy(crcData[2+len(salt):], a.Key)
+	crc := crc32.ChecksumIEEE(crcData) & 0xFFFFFFFF
+	// 2~6, crc of (ret size+salt+key)
+	binary.LittleEndian.PutUint32(ret[2:], crc)
+	// 6~(rand size+6), rand numbers
+	rand.Read(ret[dataOffset-randSize : dataOffset])
+	// 6, rand size
+	if randSize < 128 {
+		ret[6] = byte(randSize & 0xFF)
+	} else {
+		// 6, magic number 0xFF
+		ret[6] = 0xFF
+		// 7~8, rand size
+		binary.BigEndian.PutUint16(ret[7:9], uint16(randSize&0xFFFF))
+	}
+	// rand size+6~(rand size+10), time stamp
+	now := time.Now().Unix()
+	binary.LittleEndian.PutUint32(ret[dataOffset:dataOffset+4], uint32(now))
+	// rand size+10~(rand size+14), client ID
+	copy(ret[dataOffset+4:dataOffset+4+4], a.clientID[:4])
+	// rand size+14~(rand size+18), connection ID
+	binary.LittleEndian.PutUint32(ret[dataOffset+8:dataOffset+8+4], a.connectionID)
+	// rand size+18~(rand size+18)+data length, data
+	copy(ret[dataOffset+12:], data)
+
+	key := make([]byte, len(a.IV)+len(a.Key))
+	copy(key, a.IV)
+	copy(key[len(a.IV):], a.Key)
+
+	h := tools.HmacSHA1(key, ret[:retSize-tools.HmacSHA1Len])
+	// (ret size-10)~(ret size)/(rand size)+18+data length~end, hmac
+	copy(ret[retSize-tools.HmacSHA1Len:], h[:tools.HmacSHA1Len])
+	return ret
+}
+
+func getHeadSize(data []byte, defaultValue int) int {
+	if data == nil || len(data) < 2 {
+		return defaultValue
+	}
+	headType := data[0] & 0x07
+	switch headType {
+	case 1:
+		// IPv4 1+4+2
+		return 7
+	case 4:
+		// IPv6 1+16+2
+		return 19
+	case 3:
+		// domain name, variant length
+		return 4 + int(data[1])
+	}
+
+	return defaultValue
+}
--- a/component/ssr/protocol/base.go
+++ b/component/ssr/protocol/base.go
@ -0,0 +1,10 @@
+package protocol
+
+// Base information for protocol
+type Base struct {
+	IV       []byte
+	Key      []byte
+	TCPMss   int
+	Overhead int
+	Param    string
+}
--- a/component/ssr/protocol/origin.go
+++ b/component/ssr/protocol/origin.go
@ -0,0 +1,36 @@
+package protocol
+
+type origin struct{ *Base }
+
+func init() {
+	register("origin", newOrigin)
+}
+
+func newOrigin(b *Base) Protocol {
+	return &origin{}
+}
+
+func (o *origin) initForConn(iv []byte) Protocol { return &origin{} }
+
+func (o *origin) GetProtocolOverhead() int {
+	return 0
+}
+
+func (o *origin) SetOverhead(overhead int) {
+}
+
+func (o *origin) Decode(b []byte) ([]byte, int, error) {
+	return b, len(b), nil
+}
+
+func (o *origin) Encode(b []byte) ([]byte, error) {
+	return b, nil
+}
+
+func (o *origin) DecodePacket(b []byte) ([]byte, int, error) {
+	return b, len(b), nil
+}
+
+func (o *origin) EncodePacket(b []byte) ([]byte, error) {
+	return b, nil
+}
--- a/component/ssr/protocol/packet.go
+++ b/component/ssr/protocol/packet.go
@ -0,0 +1,42 @@
+package protocol
+
+import (
+	"net"
+
+	"github.com/Dreamacro/clash/common/pool"
+)
+
+// NewPacketConn returns a net.NewPacketConn with protocol decoding/encoding
+func NewPacketConn(pc net.PacketConn, p Protocol) net.PacketConn {
+	return &PacketConn{PacketConn: pc, Protocol: p.initForConn(nil)}
+}
+
+// PacketConn represents a protocol packet connection
+type PacketConn struct {
+	net.PacketConn
+	Protocol
+}
+
+func (c *PacketConn) WriteTo(b []byte, addr net.Addr) (int, error) {
+	buf := pool.Get(pool.RelayBufferSize)
+	defer pool.Put(buf)
+	buf, err := c.EncodePacket(b)
+	if err != nil {
+		return 0, err
+	}
+	_, err = c.PacketConn.WriteTo(buf, addr)
+	return len(b), err
+}
+
+func (c *PacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
+	n, addr, err := c.PacketConn.ReadFrom(b)
+	if err != nil {
+		return n, addr, err
+	}
+	bb, length, err := c.DecodePacket(b[:n])
+	if err != nil {
+		return n, addr, err
+	}
+	copy(b, bb)
+	return length, addr, err
+}
--- a/component/ssr/protocol/protocol.go
+++ b/component/ssr/protocol/protocol.go
@ -0,0 +1,63 @@
+package protocol
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"strings"
+	"sync"
+)
+
+var (
+	errAuthAES128IncorrectMAC      = errors.New("auth_aes128_* post decrypt incorrect mac")
+	errAuthAES128DataLengthError   = errors.New("auth_aes128_* post decrypt length mismatch")
+	errAuthAES128IncorrectChecksum = errors.New("auth_aes128_* post decrypt incorrect checksum")
+	errAuthAES128PositionTooLarge  = errors.New("auth_aes128_* post decrypt position is too large")
+	errAuthSHA1v4CRC32Error        = errors.New("auth_sha1_v4 post decrypt data crc32 error")
+	errAuthSHA1v4DataLengthError   = errors.New("auth_sha1_v4 post decrypt data length error")
+	errAuthSHA1v4IncorrectChecksum = errors.New("auth_sha1_v4 post decrypt incorrect checksum")
+	errAuthChainDataLengthError    = errors.New("auth_chain_* post decrypt length mismatch")
+	errAuthChainHMACError          = errors.New("auth_chain_* post decrypt hmac error")
+)
+
+type authData struct {
+	clientID     []byte
+	connectionID uint32
+	mutex        sync.Mutex
+}
+
+type recvInfo struct {
+	recvID uint32
+	buffer *bytes.Buffer
+}
+
+type hmacMethod func(key []byte, data []byte) []byte
+type hashDigestMethod func(data []byte) []byte
+type rndMethod func(dataSize int, random *shift128PlusContext, lastHash []byte, dataSizeList, dataSizeList2 []int, overhead int) int
+
+// Protocol provides methods for decoding, encoding and iv setting
+type Protocol interface {
+	initForConn(iv []byte) Protocol
+	GetProtocolOverhead() int
+	SetOverhead(int)
+	Decode([]byte) ([]byte, int, error)
+	Encode([]byte) ([]byte, error)
+	DecodePacket([]byte) ([]byte, int, error)
+	EncodePacket([]byte) ([]byte, error)
+}
+
+type protocolCreator func(b *Base) Protocol
+
+var protocolList = make(map[string]protocolCreator)
+
+func register(name string, c protocolCreator) {
+	protocolList[name] = c
+}
+
+// PickProtocol returns a protocol of the given name
+func PickProtocol(name string, b *Base) (Protocol, error) {
+	if protocolCreator, ok := protocolList[strings.ToLower(name)]; ok {
+		return protocolCreator(b), nil
+	}
+	return nil, fmt.Errorf("Protocol %s not supported", name)
+}
--- a/component/ssr/protocol/stream.go
+++ b/component/ssr/protocol/stream.go
@ -0,0 +1,68 @@
+package protocol
+
+import (
+	"bytes"
+	"net"
+
+	"github.com/Dreamacro/clash/common/pool"
+)
+
+// NewConn wraps a stream-oriented net.Conn with protocol decoding/encoding
+func NewConn(c net.Conn, p Protocol, iv []byte) net.Conn {
+	return &Conn{Conn: c, Protocol: p.initForConn(iv)}
+}
+
+// Conn represents a protocol connection
+type Conn struct {
+	net.Conn
+	Protocol
+	buf          []byte
+	offset       int
+	underDecoded bytes.Buffer
+}
+
+func (c *Conn) Read(b []byte) (int, error) {
+	if c.buf != nil {
+		n := copy(b, c.buf[c.offset:])
+		c.offset += n
+		if c.offset == len(c.buf) {
+			c.buf = nil
+		}
+		return n, nil
+	}
+	buf := pool.Get(pool.RelayBufferSize)
+	defer pool.Put(buf)
+	n, err := c.Conn.Read(buf)
+	if err != nil {
+		return 0, err
+	}
+	c.underDecoded.Write(buf[:n])
+	underDecoded := c.underDecoded.Bytes()
+	decoded, length, err := c.Decode(underDecoded)
+	if err != nil {
+		c.underDecoded.Reset()
+		return 0, nil
+	}
+	if length == 0 {
+		return 0, nil
+	}
+	c.underDecoded.Next(length)
+	n = copy(b, decoded)
+	if len(decoded) > len(b) {
+		c.buf = decoded
+		c.offset = n
+	}
+	return n, nil
+}
+
+func (c *Conn) Write(b []byte) (int, error) {
+	encoded, err := c.Encode(b)
+	if err != nil {
+		return 0, err
+	}
+	_, err = c.Conn.Write(encoded)
+	if err != nil {
+		return 0, err
+	}
+	return len(b), nil
+}
--- a/component/ssr/tools/encrypt.go
+++ b/component/ssr/tools/encrypt.go
@ -0,0 +1,33 @@
+package tools
+
+import (
+	"crypto/hmac"
+	"crypto/md5"
+	"crypto/sha1"
+)
+
+const HmacSHA1Len = 10
+
+func HmacMD5(key, data []byte) []byte {
+	hmacMD5 := hmac.New(md5.New, key)
+	hmacMD5.Write(data)
+	return hmacMD5.Sum(nil)[:16]
+}
+
+func HmacSHA1(key, data []byte) []byte {
+	hmacSHA1 := hmac.New(sha1.New, key)
+	hmacSHA1.Write(data)
+	return hmacSHA1.Sum(nil)[:20]
+}
+
+func MD5Sum(b []byte) []byte {
+	h := md5.New()
+	h.Write(b)
+	return h.Sum(nil)
+}
+
+func SHA1Sum(b []byte) []byte {
+	h := sha1.New()
+	h.Write(b)
+	return h.Sum(nil)
+}
--- a/component/trie/domain.go
+++ b/component/trie/domain.go
@ -0,0 +1,135 @@
+package trie
+
+import (
+	"errors"
+	"strings"
+)
+
+const (
+	wildcard        = "*"
+	dotWildcard     = ""
+	complexWildcard = "+"
+	domainStep      = "."
+)
+
+var (
+	// ErrInvalidDomain means insert domain is invalid
+	ErrInvalidDomain = errors.New("invalid domain")
+)
+
+// DomainTrie contains the main logic for adding and searching nodes for domain segments.
+// support wildcard domain (e.g *.google.com)
+type DomainTrie struct {
+	root *Node
+}
+
+func validAndSplitDomain(domain string) ([]string, bool) {
+	if domain != "" && domain[len(domain)-1] == '.' {
+		return nil, false
+	}
+
+	parts := strings.Split(domain, domainStep)
+	if len(parts) == 1 {
+		if parts[0] == "" {
+			return nil, false
+		}
+
+		return parts, true
+	}
+
+	for _, part := range parts[1:] {
+		if part == "" {
+			return nil, false
+		}
+	}
+
+	return parts, true
+}
+
+// Insert adds a node to the trie.
+// Support
+// 1. www.example.com
+// 2. *.example.com
+// 3. subdomain.*.example.com
+// 4. .example.com
+// 5. +.example.com
+func (t *DomainTrie) Insert(domain string, data interface{}) error {
+	parts, valid := validAndSplitDomain(domain)
+	if !valid {
+		return ErrInvalidDomain
+	}
+
+	if parts[0] == complexWildcard {
+		t.insert(parts[1:], data)
+		parts[0] = dotWildcard
+		t.insert(parts, data)
+	} else {
+		t.insert(parts, data)
+	}
+
+	return nil
+}
+
+func (t *DomainTrie) insert(parts []string, data interface{}) {
+	node := t.root
+	// reverse storage domain part to save space
+	for i := len(parts) - 1; i >= 0; i-- {
+		part := parts[i]
+		if !node.hasChild(part) {
+			node.addChild(part, newNode(nil))
+		}
+
+		node = node.getChild(part)
+	}
+
+	node.Data = data
+}
+
+// Search is the most important part of the Trie.
+// Priority as:
+// 1. static part
+// 2. wildcard domain
+// 2. dot wildcard domain
+func (t *DomainTrie) Search(domain string) *Node {
+	parts, valid := validAndSplitDomain(domain)
+	if !valid || parts[0] == "" {
+		return nil
+	}
+
+	n := t.search(t.root, parts)
+
+	if n == nil || n.Data == nil {
+		return nil
+	}
+
+	return n
+}
+
+func (t *DomainTrie) search(node *Node, parts []string) *Node {
+	if len(parts) == 0 {
+		return node
+	}
+
+	if c := node.getChild(parts[len(parts)-1]); c != nil {
+		if n := t.search(c, parts[:len(parts)-1]); n != nil {
+			return n
+		}
+	}
+
+	if c := node.getChild(wildcard); c != nil {
+		if n := t.search(c, parts[:len(parts)-1]); n != nil {
+			return n
+		}
+	}
+
+	if c := node.getChild(dotWildcard); c != nil {
+		return c
+	}
+
+	return nil
+}
+
+// New returns a new, empty Trie.
+func New() *DomainTrie {
+	return &DomainTrie{root: newNode(nil)}
+}
--- a/component/trie/domain_test.go
+++ b/component/trie/domain_test.go
@ -0,0 +1,99 @@
+package trie
+
+import (
+	"net"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var localIP = net.IP{127, 0, 0, 1}
+
+func TestTrie_Basic(t *testing.T) {
+	tree := New()
+	domains := []string{
+		"example.com",
+		"google.com",
+		"localhost",
+	}
+
+	for _, domain := range domains {
+		tree.Insert(domain, localIP)
+	}
+
+	node := tree.Search("example.com")
+	assert.NotNil(t, node)
+	assert.True(t, node.Data.(net.IP).Equal(localIP))
+	assert.NotNil(t, tree.Insert("", localIP))
+	assert.Nil(t, tree.Search(""))
+	assert.NotNil(t, tree.Search("localhost"))
+	assert.Nil(t, tree.Search("www.google.com"))
+}
+
+func TestTrie_Wildcard(t *testing.T) {
+	tree := New()
+	domains := []string{
+		"*.example.com",
+		"sub.*.example.com",
+		"*.dev",
+		".org",
+		".example.net",
+		".apple.*",
+		"+.foo.com",
+		"+.stun.*.*",
+		"+.stun.*.*.*",
+		"+.stun.*.*.*.*",
+		"stun.l.google.com",
+	}
+
+	for _, domain := range domains {
+		tree.Insert(domain, localIP)
+	}
+
+	assert.NotNil(t, tree.Search("sub.example.com"))
+	assert.NotNil(t, tree.Search("sub.foo.example.com"))
+	assert.NotNil(t, tree.Search("test.org"))
+	assert.NotNil(t, tree.Search("test.example.net"))
+	assert.NotNil(t, tree.Search("test.apple.com"))
+	assert.NotNil(t, tree.Search("test.foo.com"))
+	assert.NotNil(t, tree.Search("foo.com"))
+	assert.NotNil(t, tree.Search("global.stun.website.com"))
+	assert.Nil(t, tree.Search("foo.sub.example.com"))
+	assert.Nil(t, tree.Search("foo.example.dev"))
+	assert.Nil(t, tree.Search("example.com"))
+}
+
+func TestTrie_Priority(t *testing.T) {
+	tree := New()
+	domains := []string{
+		".dev",
+		"example.dev",
+		"*.example.dev",
+		"test.example.dev",
+	}
+
+	assertFn := func(domain string, data int) {
+		node := tree.Search(domain)
+		assert.NotNil(t, node)
+		assert.Equal(t, data, node.Data)
+	}
+
+	for idx, domain := range domains {
+		tree.Insert(domain, idx)
+	}
+
+	assertFn("test.dev", 0)
+	assertFn("foo.bar.dev", 0)
+	assertFn("example.dev", 1)
+	assertFn("foo.example.dev", 2)
+	assertFn("test.example.dev", 3)
+}
+
+func TestTrie_Boundary(t *testing.T) {
+	tree := New()
+	tree.Insert("*.dev", localIP)
+
+	assert.NotNil(t, tree.Insert(".", localIP))
+	assert.NotNil(t, tree.Insert("..dev", localIP))
+	assert.Nil(t, tree.Search("dev"))
+}
--- a/component/trie/node.go
+++ b/component/trie/node.go
@ -0,0 +1,26 @@
+package trie
+
+// Node is the trie's node
+type Node struct {
+	Data     interface{}
+	children map[string]*Node
+}
+
+func (n *Node) getChild(s string) *Node {
+	return n.children[s]
+}
+
+func (n *Node) hasChild(s string) bool {
+	return n.getChild(s) != nil
+}
+
+func (n *Node) addChild(s string, child *Node) {
+	n.children[s] = child
+}
+
+func newNode(data interface{}) *Node {
+	return &Node{
+		Data:     data,
+		children: map[string]*Node{},
+	}
+}
--- a/component/trojan/trojan.go
+++ b/component/trojan/trojan.go
@ -0,0 +1,223 @@
+package trojan
+
+import (
+	"bytes"
+	"crypto/sha256"
+	"crypto/tls"
+	"encoding/binary"
+	"encoding/hex"
+	"errors"
+	"io"
+	"net"
+	"sync"
+
+	"github.com/Dreamacro/clash/component/socks5"
+)
+
+const (
+	// max packet length
+	maxLength = 8192
+)
+
+var (
+	defaultALPN = []string{"h2", "http/1.1"}
+	crlf        = []byte{'\r', '\n'}
+
+	bufPool = sync.Pool{New: func() interface{} { return &bytes.Buffer{} }}
+)
+
+type Command = byte
+
+var (
+	CommandTCP byte = 1
+	CommandUDP byte = 3
+)
+
+type Option struct {
+	Password           string
+	ALPN               []string
+	ServerName         string
+	SkipCertVerify     bool
+	ClientSessionCache tls.ClientSessionCache
+}
+
+type Trojan struct {
+	option      *Option
+	hexPassword []byte
+}
+
+func (t *Trojan) StreamConn(conn net.Conn) (net.Conn, error) {
+	alpn := defaultALPN
+	if len(t.option.ALPN) != 0 {
+		alpn = t.option.ALPN
+	}
+
+	tlsConfig := &tls.Config{
+		NextProtos:         alpn,
+		MinVersion:         tls.VersionTLS12,
+		InsecureSkipVerify: t.option.SkipCertVerify,
+		ServerName:         t.option.ServerName,
+		ClientSessionCache: t.option.ClientSessionCache,
+	}
+
+	tlsConn := tls.Client(conn, tlsConfig)
+	if err := tlsConn.Handshake(); err != nil {
+		return nil, err
+	}
+
+	return tlsConn, nil
+}
+
+func (t *Trojan) WriteHeader(w io.Writer, command Command, socks5Addr []byte) error {
+	buf := bufPool.Get().(*bytes.Buffer)
+	defer bufPool.Put(buf)
+	defer buf.Reset()
+
+	buf.Write(t.hexPassword)
+	buf.Write(crlf)
+
+	buf.WriteByte(command)
+	buf.Write(socks5Addr)
+	buf.Write(crlf)
+
+	_, err := w.Write(buf.Bytes())
+	return err
+}
+
+func (t *Trojan) PacketConn(conn net.Conn) net.PacketConn {
+	return &PacketConn{
+		Conn: conn,
+	}
+}
+
+func writePacket(w io.Writer, socks5Addr, payload []byte) (int, error) {
+	buf := bufPool.Get().(*bytes.Buffer)
+	defer bufPool.Put(buf)
+	defer buf.Reset()
+
+	buf.Write(socks5Addr)
+	binary.Write(buf, binary.BigEndian, uint16(len(payload)))
+	buf.Write(crlf)
+	buf.Write(payload)
+
+	return w.Write(buf.Bytes())
+}
+
+func WritePacket(w io.Writer, socks5Addr, payload []byte) (int, error) {
+	if len(payload) <= maxLength {
+		return writePacket(w, socks5Addr, payload)
+	}
+
+	offset := 0
+	total := len(payload)
+	for {
+		cursor := offset + maxLength
+		if cursor > total {
+			cursor = total
+		}
+
+		n, err := writePacket(w, socks5Addr, payload[offset:cursor])
+		if err != nil {
+			return offset + n, err
+		}
+
+		offset = cursor
+		if offset == total {
+			break
+		}
+	}
+
+	return total, nil
+}
+
+func ReadPacket(r io.Reader, payload []byte) (net.Addr, int, int, error) {
+	addr, err := socks5.ReadAddr(r, payload)
+	if err != nil {
+		return nil, 0, 0, errors.New("read addr error")
+	}
+	uAddr := addr.UDPAddr()
+
+	if _, err = io.ReadFull(r, payload[:2]); err != nil {
+		return nil, 0, 0, errors.New("read length error")
+	}
+
+	total := int(binary.BigEndian.Uint16(payload[:2]))
+	if total > maxLength {
+		return nil, 0, 0, errors.New("packet invalid")
+	}
+
+	// read crlf
+	if _, err = io.ReadFull(r, payload[:2]); err != nil {
+		return nil, 0, 0, errors.New("read crlf error")
+	}
+
+	length := len(payload)
+	if total < length {
+		length = total
+	}
+
+	if _, err = io.ReadFull(r, payload[:length]); err != nil {
+		return nil, 0, 0, errors.New("read packet error")
+	}
+
+	return uAddr, length, total - length, nil
+}
+
+func New(option *Option) *Trojan {
+	return &Trojan{option, hexSha224([]byte(option.Password))}
+}
+
+type PacketConn struct {
+	net.Conn
+	remain int
+	rAddr  net.Addr
+	mux    sync.Mutex
+}
+
+func (pc *PacketConn) WriteTo(b []byte, addr net.Addr) (int, error) {
+	return WritePacket(pc, socks5.ParseAddr(addr.String()), b)
+}
+
+func (pc *PacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
+	pc.mux.Lock()
+	defer pc.mux.Unlock()
+	if pc.remain != 0 {
+		length := len(b)
+		if pc.remain < length {
+			length = pc.remain
+		}
+
+		n, err := pc.Conn.Read(b[:length])
+		if err != nil {
+			return 0, nil, err
+		}
+
+		pc.remain -= n
+		addr := pc.rAddr
+		if pc.remain == 0 {
+			pc.rAddr = nil
+		}
+
+		return n, addr, nil
+	}
+
+	addr, n, remain, err := ReadPacket(pc.Conn, b)
+	if err != nil {
+		return 0, nil, err
+	}
+
+	if remain != 0 {
+		pc.remain = remain
+		pc.rAddr = addr
+	}
+
+	return n, addr, nil
+}
+
+func hexSha224(data []byte) []byte {
+	buf := make([]byte, 56)
+	hash := sha256.New224()
+	hash.Write(data)
+	hex.Encode(buf, hash.Sum(nil))
+	return buf
+}
--- a/component/v2ray-plugin/mux.go
+++ b/component/v2ray-plugin/mux.go
@ -0,0 +1,173 @@
+package obfs
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"io"
+	"net"
+)
+
+type SessionStatus = byte
+
+const (
+	SessionStatusNew       SessionStatus = 0x01
+	SessionStatusKeep      SessionStatus = 0x02
+	SessionStatusEnd       SessionStatus = 0x03
+	SessionStatusKeepAlive SessionStatus = 0x04
+)
+
+const (
+	OptionNone  = byte(0x00)
+	OptionData  = byte(0x01)
+	OptionError = byte(0x02)
+)
+
+type MuxOption struct {
+	ID   [2]byte
+	Port uint16
+	Host string
+	Type string
+}
+
+// Mux is an mux-compatible client for v2ray-plugin, not a complete implementation
+type Mux struct {
+	net.Conn
+	buf    bytes.Buffer
+	id     [2]byte
+	length [2]byte
+	status [2]byte
+	otb    []byte
+	remain int
+}
+
+func (m *Mux) Read(b []byte) (int, error) {
+	if m.remain != 0 {
+		length := m.remain
+		if len(b) < m.remain {
+			length = len(b)
+		}
+
+		n, err := m.Conn.Read(b[:length])
+		if err != nil {
+			return 0, err
+		}
+		m.remain -= n
+		return n, nil
+	}
+
+	for {
+		_, err := io.ReadFull(m.Conn, m.length[:])
+		if err != nil {
+			return 0, err
+		}
+		length := binary.BigEndian.Uint16(m.length[:])
+		if length > 512 {
+			return 0, errors.New("invalid metalen")
+		}
+
+		_, err = io.ReadFull(m.Conn, m.id[:])
+		if err != nil {
+			return 0, err
+		}
+
+		_, err = m.Conn.Read(m.status[:])
+		if err != nil {
+			return 0, err
+		}
+
+		opcode := m.status[0]
+		if opcode == SessionStatusKeepAlive {
+			continue
+		}
+
+		opts := m.status[1]
+
+		if opts != OptionData {
+			continue
+		}
+
+		_, err = io.ReadFull(m.Conn, m.length[:])
+		if err != nil {
+			return 0, err
+		}
+		dataLen := int(binary.BigEndian.Uint16(m.length[:]))
+		m.remain = dataLen
+		if dataLen > len(b) {
+			dataLen = len(b)
+		}
+
+		n, err := m.Conn.Read(b[:dataLen])
+		m.remain -= n
+		return n, err
+	}
+}
+
+func (m *Mux) Write(b []byte) (int, error) {
+	if m.otb != nil {
+		// create a sub connection
+		if _, err := m.Conn.Write(m.otb); err != nil {
+			return 0, err
+		}
+		m.otb = nil
+	}
+	m.buf.Reset()
+	binary.Write(&m.buf, binary.BigEndian, uint16(4))
+	m.buf.Write(m.id[:])
+	m.buf.WriteByte(SessionStatusKeep)
+	m.buf.WriteByte(OptionData)
+	binary.Write(&m.buf, binary.BigEndian, uint16(len(b)))
+	m.buf.Write(b)
+
+	return m.Conn.Write(m.buf.Bytes())
+}
+
+func (m *Mux) Close() error {
+	_, err := m.Conn.Write([]byte{0x0, 0x4, m.id[0], m.id[1], SessionStatusEnd, OptionNone})
+	if err != nil {
+		return err
+	}
+	return m.Conn.Close()
+}
+
+func NewMux(conn net.Conn, option MuxOption) *Mux {
+	buf := &bytes.Buffer{}
+
+	// fill empty length
+	buf.Write([]byte{0x0, 0x0})
+	buf.Write(option.ID[:])
+	buf.WriteByte(SessionStatusNew)
+	buf.WriteByte(OptionNone)
+
+	// tcp
+	netType := byte(0x1)
+	if option.Type == "udp" {
+		netType = byte(0x2)
+	}
+	buf.WriteByte(netType)
+
+	// port
+	binary.Write(buf, binary.BigEndian, option.Port)
+
+	// address
+	ip := net.ParseIP(option.Host)
+	if ip == nil {
+		buf.WriteByte(0x2)
+		buf.WriteString(option.Host)
+	} else if ipv4 := ip.To4(); ipv4 != nil {
+		buf.WriteByte(0x1)
+		buf.Write(ipv4)
+	} else {
+		buf.WriteByte(0x3)
+		buf.Write(ip.To16())
+	}
+
+	metadata := buf.Bytes()
+	binary.BigEndian.PutUint16(metadata[:2], uint16(len(metadata)-2))
+
+	return &Mux{
+		Conn: conn,
+		id:   option.ID,
+		otb:  metadata,
+	}
+}
--- a/Show More
+++ b/Show More